Search in sources :

Example 6 with RangerTagResourceMap

use of org.apache.ranger.plugin.model.RangerTagResourceMap in project ranger by apache.

the class TagPredicateUtil method addPredicateForTagId.

private Predicate addPredicateForTagId(final String id, List<Predicate> predicates) {
    if (StringUtils.isEmpty(id)) {
        return null;
    }
    Predicate ret = new Predicate() {

        @Override
        public boolean evaluate(Object object) {
            boolean ret = false;
            if (object == null) {
                return ret;
            }
            if (object instanceof RangerTag) {
                RangerTag tag = (RangerTag) object;
                ret = StringUtils.equals(id, tag.getId().toString());
            } else if (object instanceof RangerTagResourceMap) {
                RangerTagResourceMap tagResourceMap = (RangerTagResourceMap) object;
                ret = StringUtils.equals(id, tagResourceMap.getTagId().toString());
            }
            return ret;
        }
    };
    if (predicates != null) {
        predicates.add(ret);
    }
    return ret;
}
Also used : RangerTag(org.apache.ranger.plugin.model.RangerTag) RangerTagResourceMap(org.apache.ranger.plugin.model.RangerTagResourceMap) Predicate(org.apache.commons.collections.Predicate)

Example 7 with RangerTagResourceMap

use of org.apache.ranger.plugin.model.RangerTagResourceMap in project ranger by apache.

the class ServiceTagsProcessor method addOrUpdate.

// Map tagdef, tag, serviceResource ids to created ids and use them in tag-resource-mapping
private void addOrUpdate(ServiceTags serviceTags) throws Exception {
    if (LOG.isDebugEnabled()) {
        LOG.debug("==> ServiceTagsProcessor.createOrUpdate()");
    }
    Map<Long, RangerTagDef> tagDefsInStore = new HashMap<Long, RangerTagDef>();
    Map<Long, RangerServiceResource> resourcesInStore = new HashMap<Long, RangerServiceResource>();
    if (MapUtils.isNotEmpty(serviceTags.getTagDefinitions())) {
        RangerTagDef tagDef = null;
        try {
            for (Map.Entry<Long, RangerTagDef> entry : serviceTags.getTagDefinitions().entrySet()) {
                tagDef = entry.getValue();
                RangerTagDef existing = null;
                if (StringUtils.isNotEmpty(tagDef.getGuid())) {
                    existing = tagStore.getTagDefByGuid(tagDef.getGuid());
                }
                if (existing == null && StringUtils.isNotEmpty(tagDef.getName())) {
                    existing = tagStore.getTagDefByName(tagDef.getName());
                }
                RangerTagDef tagDefInStore = null;
                if (existing == null) {
                    tagDefInStore = tagStore.createTagDef(tagDef);
                } else {
                    if (LOG.isDebugEnabled()) {
                        LOG.debug("tagDef for name:" + tagDef.getName() + " exists, will not update it");
                    }
                    tagDefInStore = existing;
                }
                tagDefsInStore.put(entry.getKey(), tagDefInStore);
            }
        } catch (Exception exception) {
            LOG.error("createTagDef failed, tagDef=" + tagDef, exception);
            throw exception;
        }
    }
    List<RangerServiceResource> resources = serviceTags.getServiceResources();
    if (CollectionUtils.isNotEmpty(resources)) {
        RangerServiceResource resource = null;
        try {
            for (int i = 0; i < resources.size(); i++) {
                resource = resources.get(i);
                RangerServiceResource existing = null;
                String resourceSignature = null;
                Long resourceId = resource.getId();
                if (StringUtils.isNotEmpty(resource.getGuid())) {
                    existing = tagStore.getServiceResourceByGuid(resource.getGuid());
                }
                if (existing == null) {
                    if (MapUtils.isNotEmpty(resource.getResourceElements())) {
                        RangerServiceResourceSignature serializer = new RangerServiceResourceSignature(resource);
                        resourceSignature = serializer.getSignature();
                        resource.setResourceSignature(resourceSignature);
                        existing = tagStore.getServiceResourceByServiceAndResourceSignature(resource.getServiceName(), resourceSignature);
                    }
                }
                RangerServiceResource resourceInStore = null;
                if (existing == null) {
                    resourceInStore = tagStore.createServiceResource(resource);
                } else if (StringUtils.isEmpty(resource.getServiceName()) || MapUtils.isEmpty(resource.getResourceElements())) {
                    resourceInStore = existing;
                } else {
                    resource.setId(existing.getId());
                    resource.setGuid(existing.getGuid());
                    resourceInStore = tagStore.updateServiceResource(resource);
                }
                resourcesInStore.put(resourceId, resourceInStore);
            }
        } catch (Exception exception) {
            LOG.error("createServiceResource failed, resource=" + resource, exception);
            throw exception;
        }
    }
    if (MapUtils.isNotEmpty(serviceTags.getResourceToTagIds())) {
        for (Map.Entry<Long, List<Long>> entry : serviceTags.getResourceToTagIds().entrySet()) {
            Long resourceId = entry.getKey();
            RangerServiceResource resourceInStore = resourcesInStore.get(resourceId);
            if (resourceInStore == null) {
                LOG.error("Resource (id=" + resourceId + ") not found. Skipping tags update");
                continue;
            }
            // Get all tags associated with this resourceId
            List<RangerTag> associatedTags = null;
            try {
                associatedTags = tagStore.getTagsForResourceId(resourceInStore.getId());
            } catch (Exception exception) {
                LOG.error("RangerTags cannot be retrieved for resource with guid=" + resourceInStore.getGuid());
                throw exception;
            }
            List<RangerTag> tagsToRetain = new ArrayList<RangerTag>();
            List<Long> tagIds = entry.getValue();
            try {
                for (Long tagId : tagIds) {
                    RangerTag incomingTag = MapUtils.isNotEmpty(serviceTags.getTags()) ? serviceTags.getTags().get(tagId) : null;
                    if (incomingTag == null) {
                        LOG.error("Tag (id=" + tagId + ") not found. Skipping addition of this tag for resource (id=" + resourceId + ")");
                        continue;
                    }
                    RangerTag matchingTag = findMatchingTag(incomingTag, associatedTags);
                    if (matchingTag == null) {
                        if (LOG.isDebugEnabled()) {
                            LOG.debug("Did not find matching tag for tagId=" + tagId);
                        }
                        // create new tag from incoming tag and associate it with service-resource
                        RangerTag newTag = tagStore.createTag(incomingTag);
                        RangerTagResourceMap tagResourceMap = new RangerTagResourceMap();
                        tagResourceMap.setTagId(newTag.getId());
                        tagResourceMap.setResourceId(resourceInStore.getId());
                        tagResourceMap = tagStore.createTagResourceMap(tagResourceMap);
                        associatedTags.add(newTag);
                        tagsToRetain.add(newTag);
                        continue;
                    }
                    if (LOG.isDebugEnabled()) {
                        LOG.debug("Found matching tag for tagId=" + tagId + ", matchingTag=" + matchingTag);
                    }
                    if (isResourcePrivateTag(incomingTag)) {
                        if (!isResourcePrivateTag(matchingTag)) {
                            // create new tag from incoming tag and associate it with service-resource
                            RangerTag newTag = tagStore.createTag(incomingTag);
                            RangerTagResourceMap tagResourceMap = new RangerTagResourceMap();
                            tagResourceMap.setTagId(newTag.getId());
                            tagResourceMap.setResourceId(resourceInStore.getId());
                            tagResourceMap = tagStore.createTagResourceMap(tagResourceMap);
                            associatedTags.add(newTag);
                            tagsToRetain.add(newTag);
                        } else {
                            // Keep this tag, but update it with attribute-values from incoming tag
                            tagsToRetain.add(matchingTag);
                            if (StringUtils.equals(incomingTag.getGuid(), matchingTag.getGuid())) {
                                // matching tag was found because of Guid match
                                if (LOG.isDebugEnabled()) {
                                    LOG.debug("Updating existing private tag with id=" + matchingTag.getId());
                                }
                                // update private tag with new values
                                incomingTag.setId(matchingTag.getId());
                                tagStore.updateTag(incomingTag);
                            }
                        }
                    } else {
                        // shared model
                        if (isResourcePrivateTag(matchingTag)) {
                            // create new tag from incoming tag and associate it with service-resource
                            RangerTag newTag = tagStore.createTag(incomingTag);
                            RangerTagResourceMap tagResourceMap = new RangerTagResourceMap();
                            tagResourceMap.setTagId(newTag.getId());
                            tagResourceMap.setResourceId(resourceInStore.getId());
                            tagResourceMap = tagStore.createTagResourceMap(tagResourceMap);
                            associatedTags.add(newTag);
                            tagsToRetain.add(newTag);
                        } else {
                            // Keep this tag, but update it with attribute-values from incoming tag
                            tagsToRetain.add(matchingTag);
                            // Update shared tag with new values
                            incomingTag.setId(matchingTag.getId());
                            tagStore.updateTag(incomingTag);
                            // associate with service-resource if not already associated
                            if (findTagInList(matchingTag, associatedTags) == null) {
                                RangerTagResourceMap tagResourceMap = new RangerTagResourceMap();
                                tagResourceMap.setTagId(matchingTag.getId());
                                tagResourceMap.setResourceId(resourceInStore.getId());
                                tagResourceMap = tagStore.createTagResourceMap(tagResourceMap);
                            }
                        }
                    }
                }
            } catch (Exception exception) {
                LOG.error("createRangerTagResourceMap failed", exception);
                throw exception;
            }
            if (CollectionUtils.isNotEmpty(associatedTags)) {
                Long tagId = null;
                try {
                    for (RangerTag associatedTag : associatedTags) {
                        if (findTagInList(associatedTag, tagsToRetain) == null) {
                            tagId = associatedTag.getId();
                            RangerTagResourceMap tagResourceMap = tagStore.getTagResourceMapForTagAndResourceId(tagId, resourceInStore.getId());
                            if (tagResourceMap != null) {
                                tagStore.deleteTagResourceMap(tagResourceMap.getId());
                            }
                            if (LOG.isDebugEnabled()) {
                                LOG.debug("Deleted tagResourceMap(tagId=" + tagId + ", resourceId=" + resourceInStore.getId());
                            }
                        }
                    }
                } catch (Exception exception) {
                    LOG.error("deleteTagResourceMap failed, tagId=" + tagId + ", resourceId=" + resourceInStore.getId());
                    throw exception;
                }
            }
        }
    }
    if (LOG.isDebugEnabled()) {
        LOG.debug("<== ServiceTagsProcessor.createOrUpdate()");
    }
}
Also used : RangerTagDef(org.apache.ranger.plugin.model.RangerTagDef) HashMap(java.util.HashMap) RangerServiceResource(org.apache.ranger.plugin.model.RangerServiceResource) ArrayList(java.util.ArrayList) RangerServiceResourceSignature(org.apache.ranger.plugin.store.RangerServiceResourceSignature) RangerTag(org.apache.ranger.plugin.model.RangerTag) ArrayList(java.util.ArrayList) List(java.util.List) RangerTagResourceMap(org.apache.ranger.plugin.model.RangerTagResourceMap) RangerTagResourceMap(org.apache.ranger.plugin.model.RangerTagResourceMap) HashMap(java.util.HashMap) Map(java.util.Map)

Example 8 with RangerTagResourceMap

use of org.apache.ranger.plugin.model.RangerTagResourceMap in project ranger by apache.

the class ServiceTagsProcessor method replace.

private void replace(ServiceTags serviceTags) throws Exception {
    if (LOG.isDebugEnabled()) {
        LOG.debug("==> ServiceTagsProcessor.replace()");
    }
    // Delete those service-resources which are in ranger database but not in provided service-tags
    Map<String, RangerServiceResource> serviceResourcesInServiceTagsMap = new HashMap<String, RangerServiceResource>();
    List<RangerServiceResource> serviceResourcesInServiceTags = serviceTags.getServiceResources();
    for (RangerServiceResource rangerServiceResource : serviceResourcesInServiceTags) {
        String guid = rangerServiceResource.getGuid();
        if (serviceResourcesInServiceTagsMap.containsKey(guid)) {
            LOG.warn("duplicate service-resource found: guid=" + guid);
        }
        serviceResourcesInServiceTagsMap.put(guid, rangerServiceResource);
    }
    List<String> serviceResourcesInDb = tagStore.getServiceResourceGuidsByService(serviceTags.getServiceName());
    if (CollectionUtils.isNotEmpty(serviceResourcesInDb)) {
        for (String dbServiceResourceGuid : serviceResourcesInDb) {
            if (!serviceResourcesInServiceTagsMap.containsKey(dbServiceResourceGuid)) {
                if (LOG.isDebugEnabled()) {
                    LOG.debug("Deleting serviceResource(guid=" + dbServiceResourceGuid + ") and its tag-associations...");
                }
                List<RangerTagResourceMap> tagResourceMaps = tagStore.getTagResourceMapsForResourceGuid(dbServiceResourceGuid);
                if (CollectionUtils.isNotEmpty(tagResourceMaps)) {
                    for (RangerTagResourceMap tagResourceMap : tagResourceMaps) {
                        tagStore.deleteTagResourceMap(tagResourceMap.getId());
                    }
                }
                tagStore.deleteServiceResourceByGuid(dbServiceResourceGuid);
            }
        }
    }
    // Add/update resources and other tag-model objects provided in service-tags
    addOrUpdate(serviceTags);
    if (LOG.isDebugEnabled()) {
        LOG.debug("<== ServiceTagsProcessor.replace()");
    }
}
Also used : RangerServiceResource(org.apache.ranger.plugin.model.RangerServiceResource) HashMap(java.util.HashMap) RangerTagResourceMap(org.apache.ranger.plugin.model.RangerTagResourceMap)

Example 9 with RangerTagResourceMap

use of org.apache.ranger.plugin.model.RangerTagResourceMap in project ranger by apache.

the class ServiceTagsProcessor method delete.

private void delete(ServiceTags serviceTags) throws Exception {
    if (LOG.isDebugEnabled()) {
        LOG.debug("==> ServiceTagsProcessor.delete()");
    }
    // We dont expect any resourceId->tagId mappings in delete operation, so ignoring them if specified
    List<RangerServiceResource> serviceResources = serviceTags.getServiceResources();
    if (CollectionUtils.isNotEmpty(serviceResources)) {
        for (RangerServiceResource serviceResource : serviceResources) {
            RangerServiceResource objToDelete = null;
            try {
                if (StringUtils.isNotBlank(serviceResource.getGuid())) {
                    objToDelete = tagStore.getServiceResourceByGuid(serviceResource.getGuid());
                }
                if (objToDelete == null) {
                    if (MapUtils.isNotEmpty(serviceResource.getResourceElements())) {
                        RangerServiceResourceSignature serializer = new RangerServiceResourceSignature(serviceResource);
                        String serviceResourceSignature = serializer.getSignature();
                        objToDelete = tagStore.getServiceResourceByServiceAndResourceSignature(serviceResource.getServiceName(), serviceResourceSignature);
                    }
                }
                if (objToDelete != null) {
                    List<RangerTagResourceMap> tagResourceMaps = tagStore.getTagResourceMapsForResourceGuid(objToDelete.getGuid());
                    if (CollectionUtils.isNotEmpty(tagResourceMaps)) {
                        for (RangerTagResourceMap tagResourceMap : tagResourceMaps) {
                            tagStore.deleteTagResourceMap(tagResourceMap.getId());
                        }
                    }
                    tagStore.deleteServiceResource(objToDelete.getId());
                }
            } catch (Exception exception) {
                LOG.error("deleteServiceResourceByGuid failed, guid=" + serviceResource.getGuid(), exception);
                throw exception;
            }
        }
    }
    Map<Long, RangerTag> tagsMap = serviceTags.getTags();
    if (MapUtils.isNotEmpty(tagsMap)) {
        for (Map.Entry<Long, RangerTag> entry : tagsMap.entrySet()) {
            RangerTag tag = entry.getValue();
            try {
                RangerTag objToDelete = tagStore.getTagByGuid(tag.getGuid());
                if (objToDelete != null) {
                    tagStore.deleteTag(objToDelete.getId());
                }
            } catch (Exception exception) {
                LOG.error("deleteTag failed, guid=" + tag.getGuid(), exception);
                throw exception;
            }
        }
    }
    Map<Long, RangerTagDef> tagDefsMap = serviceTags.getTagDefinitions();
    if (MapUtils.isNotEmpty(tagDefsMap)) {
        for (Map.Entry<Long, RangerTagDef> entry : tagDefsMap.entrySet()) {
            RangerTagDef tagDef = entry.getValue();
            try {
                RangerTagDef objToDelete = tagStore.getTagDefByGuid(tagDef.getGuid());
                if (objToDelete != null) {
                    tagStore.deleteTagDef(objToDelete.getId());
                }
            } catch (Exception exception) {
                LOG.error("deleteTagDef failed, guid=" + tagDef.getGuid(), exception);
                throw exception;
            }
        }
    }
    if (LOG.isDebugEnabled()) {
        LOG.debug("<== ServiceTagsProcessor.delete()");
    }
}
Also used : RangerTagDef(org.apache.ranger.plugin.model.RangerTagDef) RangerServiceResource(org.apache.ranger.plugin.model.RangerServiceResource) RangerServiceResourceSignature(org.apache.ranger.plugin.store.RangerServiceResourceSignature) RangerTag(org.apache.ranger.plugin.model.RangerTag) RangerTagResourceMap(org.apache.ranger.plugin.model.RangerTagResourceMap) RangerTagResourceMap(org.apache.ranger.plugin.model.RangerTagResourceMap) HashMap(java.util.HashMap) Map(java.util.Map)

Example 10 with RangerTagResourceMap

use of org.apache.ranger.plugin.model.RangerTagResourceMap in project ranger by apache.

the class TagREST method deleteServiceResourceByGuid.

@DELETE
@Path(TagRESTConstants.RESOURCE_RESOURCE + "guid/{guid}")
@Produces({ "application/json", "application/xml" })
@PreAuthorize("hasRole('ROLE_SYS_ADMIN')")
public void deleteServiceResourceByGuid(@PathParam("guid") String guid, @DefaultValue("false") @QueryParam("deleteReferences") boolean deleteReferences) {
    if (LOG.isDebugEnabled()) {
        LOG.debug("==> TagREST.deleteServiceResourceByGuid(" + guid + ", " + deleteReferences + ")");
    }
    try {
        RangerServiceResource exist = validator.preDeleteServiceResourceByGuid(guid, deleteReferences);
        if (deleteReferences) {
            List<RangerTagResourceMap> tagResourceMaps = tagStore.getTagResourceMapsForResourceGuid(exist.getGuid());
            if (CollectionUtils.isNotEmpty(tagResourceMaps)) {
                for (RangerTagResourceMap tagResourceMap : tagResourceMaps) {
                    deleteTagResourceMap(tagResourceMap.getId());
                }
            }
        }
        tagStore.deleteServiceResource(exist.getId());
    } catch (Exception excp) {
        LOG.error("deleteServiceResourceByGuid(" + guid + ", " + deleteReferences + ") failed", excp);
        throw restErrorUtil.createRESTException(HttpServletResponse.SC_BAD_REQUEST, excp.getMessage(), true);
    }
    if (LOG.isDebugEnabled()) {
        LOG.debug("<== TagREST.deleteServiceResourceByGuid(" + guid + ", " + deleteReferences + ")");
    }
}
Also used : RangerServiceResource(org.apache.ranger.plugin.model.RangerServiceResource) RangerTagResourceMap(org.apache.ranger.plugin.model.RangerTagResourceMap) WebApplicationException(javax.ws.rs.WebApplicationException) Path(javax.ws.rs.Path) DELETE(javax.ws.rs.DELETE) Produces(javax.ws.rs.Produces) PreAuthorize(org.springframework.security.access.prepost.PreAuthorize)

Aggregations

RangerTagResourceMap (org.apache.ranger.plugin.model.RangerTagResourceMap)32 WebApplicationException (javax.ws.rs.WebApplicationException)16 Test (org.junit.Test)12 ExpectedException (org.junit.rules.ExpectedException)12 ArrayList (java.util.ArrayList)9 XXTagResourceMap (org.apache.ranger.entity.XXTagResourceMap)8 RangerServiceResource (org.apache.ranger.plugin.model.RangerServiceResource)7 Path (javax.ws.rs.Path)4 Produces (javax.ws.rs.Produces)4 PreAuthorize (org.springframework.security.access.prepost.PreAuthorize)4 HashMap (java.util.HashMap)3 DELETE (javax.ws.rs.DELETE)3 Predicate (org.apache.commons.collections.Predicate)3 RangerTag (org.apache.ranger.plugin.model.RangerTag)3 Map (java.util.Map)2 RangerTagDef (org.apache.ranger.plugin.model.RangerTagDef)2 RangerServiceResourceSignature (org.apache.ranger.plugin.store.RangerServiceResourceSignature)2 List (java.util.List)1 POST (javax.ws.rs.POST)1