ranger-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From mad...@apache.org
Subject incubator-ranger git commit: RANGER-203: Updated AssetREST to support policy-download by earlier plugins - from the policy data in the new model.
Date Wed, 21 Jan 2015 07:50:25 GMT
Repository: incubator-ranger
Updated Branches:
  refs/heads/stack 3493c02f3 -> 84382d387


RANGER-203: Updated AssetREST to support policy-download by earlier
plugins - from the policy data in the new model.

Project: http://git-wip-us.apache.org/repos/asf/incubator-ranger/repo
Commit: http://git-wip-us.apache.org/repos/asf/incubator-ranger/commit/84382d38
Tree: http://git-wip-us.apache.org/repos/asf/incubator-ranger/tree/84382d38
Diff: http://git-wip-us.apache.org/repos/asf/incubator-ranger/diff/84382d38

Branch: refs/heads/stack
Commit: 84382d38779b40b1e30e0dde6fe0559d2e975c99
Parents: 3493c02
Author: Madhan Neethiraj <madhan@apache.org>
Authored: Tue Jan 20 23:48:16 2015 -0800
Committer: Madhan Neethiraj <madhan@apache.org>
Committed: Tue Jan 20 23:48:16 2015 -0800

----------------------------------------------------------------------
 .../java/org/apache/ranger/biz/AssetMgr.java    | 395 ++++++++-----------
 .../org/apache/ranger/common/ServiceUtil.java   |  36 +-
 .../java/org/apache/ranger/rest/AssetREST.java  |  96 ++---
 3 files changed, 228 insertions(+), 299 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/84382d38/security-admin/src/main/java/org/apache/ranger/biz/AssetMgr.java
----------------------------------------------------------------------
diff --git a/security-admin/src/main/java/org/apache/ranger/biz/AssetMgr.java b/security-admin/src/main/java/org/apache/ranger/biz/AssetMgr.java
index 2f42868..e13b632 100644
--- a/security-admin/src/main/java/org/apache/ranger/biz/AssetMgr.java
+++ b/security-admin/src/main/java/org/apache/ranger/biz/AssetMgr.java
@@ -22,7 +22,6 @@
 import java.io.File;
 import java.io.IOException;
 import java.security.cert.X509Certificate;
-import java.sql.Timestamp;
 import java.util.ArrayList;
 import java.util.Date;
 import java.util.HashMap;
@@ -55,7 +54,6 @@ import org.apache.ranger.common.TimedEventUtil;
 import org.apache.ranger.common.UserSessionBase;
 import org.apache.ranger.db.RangerDaoManager;
 import org.apache.ranger.entity.XXAsset;
-import org.apache.ranger.entity.XXAuditMap;
 import org.apache.ranger.entity.XXGroup;
 import org.apache.ranger.entity.XXPermMap;
 import org.apache.ranger.entity.XXPolicyExportAudit;
@@ -688,6 +686,11 @@ public class AssetMgr extends AssetMgrBase {
 					MessageEnums.DATA_NOT_FOUND, id, "dataSourceId",
 					"DataSource not found with " + "id " + id);
 		}
+		
+		return getXResourceFile(xResource, fileType);
+	}
+
+	public File getXResourceFile(VXResource xResource, String fileType) {
 		File file = null;
 		try {
 			if (fileType != null) {
@@ -778,11 +781,9 @@ public class AssetMgr extends AssetMgrBase {
 		}
 	}
 
-	public String getLatestRepoPolicy(String repository,
+	public String getLatestRepoPolicy(VXAsset xAsset, List<VXResource> xResourceList,
Long updatedTime,
 			X509Certificate[] certchain, boolean httpEnabled, String epoch,
 			String ipAddress, boolean isSecure, String count, String agentId) {
-
-		XXAsset xAsset = rangerDaoManager.getXXAsset().findByAssetName(repository);
 		if(xAsset==null){
 			logger.error("Requested repository not found");
 			throw restErrorUtil.createRESTException("No Data Found.",
@@ -793,9 +794,12 @@ public class AssetMgr extends AssetMgrBase {
 			throw restErrorUtil.createRESTException("Unauthorized access.",
 					MessageEnums.OPER_NO_EXPORT);
 		}
+
+		HashMap<String, Object> updatedRepo = new HashMap<String, Object>();
+		updatedRepo.put("repository_name", xAsset.getName());
 		
 		XXPolicyExportAudit policyExportAudit = new XXPolicyExportAudit();
-		policyExportAudit.setRepositoryName(repository);
+		policyExportAudit.setRepositoryName(xAsset.getName());
 
 		if (agentId != null && !agentId.isEmpty()) {
 			policyExportAudit.setAgentId(agentId);
@@ -872,29 +876,6 @@ public class AssetMgr extends AssetMgrBase {
 			}
 		}
 
-		if (repository == null || repository.isEmpty()) {
-
-			policyExportAudit
-					.setHttpRetCode(javax.servlet.http.HttpServletResponse.SC_BAD_REQUEST);
-			createPolicyAudit(policyExportAudit);
-
-			logger.error("Repository name not provided");
-			throw restErrorUtil.createRESTException("Unauthorized access.",
-					MessageEnums.OPER_NOT_ALLOWED_FOR_ENTITY);
-		}
-
-		
-
-		if (xAsset == null) {
-			policyExportAudit
-					.setHttpRetCode(javax.servlet.http.HttpServletResponse.SC_BAD_REQUEST);
-			createPolicyAudit(policyExportAudit);
-
-			logger.error("Requested repository doesn't exist");
-			throw restErrorUtil.createRESTException("Unauthorized access.",
-					MessageEnums.OPER_NOT_ALLOWED_FOR_ENTITY);
-		}
-
 		if (policyCount == null) {
 			policyCount = 0l;
 		}
@@ -917,197 +898,168 @@ public class AssetMgr extends AssetMgrBase {
 			}
 		}
 
-		// //////////////////////////////////////
-		// Get latest updated time of repository
-		// //////////////////////////////////////
-		Timestamp luTime = rangerDaoManager.getXXResource()
-				.getMaxUpdateTimeForAssetName(repository);
+		long epochTime = epoch != null ? Long.parseLong(epoch) : 0;
 
-		HashMap<String, Object> updatedRepo = new HashMap<String, Object>();
-		updatedRepo.put("repository_name", repository);
+		if(epochTime == updatedTime) {
+			int resourceListSz = (xResourceList == null) ? 0 : xResourceList.size() ;
+			
+			if (policyCount == resourceListSz) {
+				policyExportAudit
+						.setHttpRetCode(javax.servlet.http.HttpServletResponse.SC_NOT_MODIFIED);
+				createPolicyAudit(policyExportAudit);
 
-		Long updatedTime = 0l;
-		List<HashMap<String, Object>> resourceList = new ArrayList<HashMap<String,
Object>>();
-		
-		if (luTime != null) {
-			updatedTime = luTime.getTime();
+				throw restErrorUtil.createRESTException(
+						HttpServletResponse.SC_NOT_MODIFIED,
+						"No change since last update", false);
+			}
 		}
-		
-		{
-			List<XXResource> xResourceList = new ArrayList<XXResource>();
 
-			long epochTime = epoch != null ? Long.parseLong(epoch) : 0;
+		List<HashMap<String, Object>> resourceList = new ArrayList<HashMap<String,
Object>>();
 
-			if(epochTime == updatedTime) {
-				//TODO: instead of getting entire list, get just count(*) for the given repository
-				xResourceList = rangerDaoManager.getXXResource().findUpdatedResourcesByAssetName(repository,
new Date(0L));
-				
-				int resourceListSz = (xResourceList == null) ? 0 : xResourceList.size() ;
-				
-				if (policyCount == resourceListSz) {
-					policyExportAudit
-							.setHttpRetCode(javax.servlet.http.HttpServletResponse.SC_NOT_MODIFIED);
-					createPolicyAudit(policyExportAudit);
-	
-					throw restErrorUtil.createRESTException(
-							HttpServletResponse.SC_NOT_MODIFIED,
-							"No change since last update", false);
+		// HDFS Repository
+		if (xAsset.getAssetType() == AppConstants.ASSET_HDFS) {
+			for (VXResource xResource : xResourceList) {
+				HashMap<String, Object> resourceMap = new HashMap<String, Object>();
+				resourceMap.put("id", xResource.getId());
+				resourceMap.put("resource", xResource.getName());
+				resourceMap.put("isRecursive",
+						getBooleanValue(xResource.getIsRecursive()));
+				resourceMap.put("policyStatus", RangerCommonEnums
+						.getLabelFor_ActiveStatus(xResource
+								.getResourceStatus()));
+				// resourceMap.put("isEncrypt",
+				// AKAConstants.getLabelFor_BooleanValue(xResource.getIsEncrypt()));
+				populatePermMap(xResource, resourceMap, AppConstants.ASSET_HDFS);
+				List<VXAuditMap> xAuditMaps = xResource.getAuditList();
+				if (xAuditMaps.size() != 0) {
+					resourceMap.put("audit", 1);
+				} else {
+					resourceMap.put("audit", 0);
 				}
-				
-			} else {
-				xResourceList = rangerDaoManager.getXXResource().findUpdatedResourcesByAssetName(repository,
new Date(0L));
-			}
-
-
-			// HDFS Repository
-			if (xAsset.getAssetType() == AppConstants.ASSET_HDFS) {
-				for (XXResource xResource : xResourceList) {
-					HashMap<String, Object> resourceMap = new HashMap<String, Object>();
-					resourceMap.put("id", xResource.getId());
-					resourceMap.put("resource", xResource.getName());
-					resourceMap.put("isRecursive",
-							getBooleanValue(xResource.getIsRecursive()));
-					resourceMap.put("policyStatus", RangerCommonEnums
-							.getLabelFor_ActiveStatus(xResource
-									.getResourceStatus()));
-					// resourceMap.put("isEncrypt",
-					// AKAConstants.getLabelFor_BooleanValue(xResource.getIsEncrypt()));
-					populatePermMap(xResource, resourceMap, AppConstants.ASSET_HDFS);
-					List<XXAuditMap> xAuditMaps = rangerDaoManager.getXXAuditMap()
-							.findByResourceId(xResource.getId());
-					if (xAuditMaps.size() != 0) {
-						resourceMap.put("audit", 1);
-					} else {
-						resourceMap.put("audit", 0);
-					}
 
-					resourceList.add(resourceMap);
+				resourceList.add(resourceMap);
+			}
+		} else if (xAsset.getAssetType() == AppConstants.ASSET_HIVE) {
+			for (VXResource xResource : xResourceList) {
+				HashMap<String, Object> resourceMap = new HashMap<String, Object>();
+				resourceMap.put("id", xResource.getId());
+				resourceMap.put("database_name", xResource.getDatabases());
+				resourceMap.put("policyStatus", RangerCommonEnums
+						.getLabelFor_ActiveStatus(xResource
+								.getResourceStatus()));
+				resourceMap.put("tablePolicyType", AppConstants
+						.getLabelFor_PolicyType(xResource.getTableType()));
+				resourceMap.put("columnPolicyType", AppConstants
+						.getLabelFor_PolicyType(xResource.getColumnType()));
+				int resourceType = xResource.getResourceType();
+				if (resourceType == AppConstants.RESOURCE_UDF) {
+					resourceMap.put("udf_name", xResource.getUdfs());
+				} else if (resourceType == AppConstants.RESOURCE_COLUMN) {
+					resourceMap.put("table_name", xResource.getTables());
+					resourceMap.put("column_name", xResource.getColumns());
+				} else if (resourceType == AppConstants.RESOURCE_TABLE) {
+					resourceMap.put("table_name", xResource.getTables());
 				}
-			} else if (xAsset.getAssetType() == AppConstants.ASSET_HIVE) {
-				for (XXResource xResource : xResourceList) {
-					HashMap<String, Object> resourceMap = new HashMap<String, Object>();
-					resourceMap.put("id", xResource.getId());
-					resourceMap.put("database_name", xResource.getDatabases());
-					resourceMap.put("policyStatus", RangerCommonEnums
-							.getLabelFor_ActiveStatus(xResource
-									.getResourceStatus()));
-					resourceMap.put("tablePolicyType", AppConstants
-							.getLabelFor_PolicyType(xResource.getTableType()));
-					resourceMap.put("columnPolicyType", AppConstants
-							.getLabelFor_PolicyType(xResource.getColumnType()));
-					int resourceType = xResource.getResourceType();
-					if (resourceType == AppConstants.RESOURCE_UDF) {
-						resourceMap.put("udf_name", xResource.getUdfs());
-					} else if (resourceType == AppConstants.RESOURCE_COLUMN) {
-						resourceMap.put("table_name", xResource.getTables());
-						resourceMap.put("column_name", xResource.getColumns());
-					} else if (resourceType == AppConstants.RESOURCE_TABLE) {
-						resourceMap.put("table_name", xResource.getTables());
-					}
 
-					populatePermMap(xResource, resourceMap, AppConstants.ASSET_HIVE);
-					List<XXAuditMap> xAuditMaps = rangerDaoManager.getXXAuditMap()
-							.findByResourceId(xResource.getId());
-					if (xAuditMaps.size() != 0) {
-						resourceMap.put("audit", 1);
-					} else {
-						resourceMap.put("audit", 0);
-					}
-					resourceList.add(resourceMap);
+				populatePermMap(xResource, resourceMap, AppConstants.ASSET_HIVE);
+				
+				List<VXAuditMap> xAuditMaps = xResource.getAuditList();
+				if (xAuditMaps.size() != 0) {
+					resourceMap.put("audit", 1);
+				} else {
+					resourceMap.put("audit", 0);
 				}
+				resourceList.add(resourceMap);
 			}
+		}
 
-			else if (xAsset.getAssetType() == AppConstants.ASSET_HBASE) {
-				for (XXResource xResource : xResourceList) {
-					HashMap<String, Object> resourceMap = new HashMap<String, Object>();
+		else if (xAsset.getAssetType() == AppConstants.ASSET_HBASE) {
+			for (VXResource xResource : xResourceList) {
+				HashMap<String, Object> resourceMap = new HashMap<String, Object>();
 
-					resourceMap.put("id", xResource.getId());
-					resourceMap.put("table_name", xResource.getTables());
-					resourceMap.put("column_name", xResource.getColumns());
-					resourceMap.put("column_families",
-							xResource.getColumnFamilies());
-					resourceMap.put("policyStatus", RangerCommonEnums
-							.getLabelFor_ActiveStatus(xResource
-									.getResourceStatus()));
-					if (xResource.getIsEncrypt() == 1) {
-						resourceMap.put("encrypt", 1);
-					} else {
-						resourceMap.put("encrypt", 0);
-					}
-					// resourceMap.put("isEncrypt",
-					// AKAConstants.getLabelFor_BooleanValue(xResource.getIsEncrypt()));
-					populatePermMap(xResource, resourceMap, AppConstants.ASSET_HBASE);
-					List<XXAuditMap> xAuditMaps = rangerDaoManager.getXXAuditMap()
-							.findByResourceId(xResource.getId());
-					if (xAuditMaps.size() != 0) {
-						resourceMap.put("audit", 1);
-					} else {
-						resourceMap.put("audit", 0);
-					}
-					resourceList.add(resourceMap);
+				resourceMap.put("id", xResource.getId());
+				resourceMap.put("table_name", xResource.getTables());
+				resourceMap.put("column_name", xResource.getColumns());
+				resourceMap.put("column_families",
+						xResource.getColumnFamilies());
+				resourceMap.put("policyStatus", RangerCommonEnums
+						.getLabelFor_ActiveStatus(xResource
+								.getResourceStatus()));
+				if (xResource.getIsEncrypt() == 1) {
+					resourceMap.put("encrypt", 1);
+				} else {
+					resourceMap.put("encrypt", 0);
 				}
+				// resourceMap.put("isEncrypt",
+				// AKAConstants.getLabelFor_BooleanValue(xResource.getIsEncrypt()));
+				populatePermMap(xResource, resourceMap, AppConstants.ASSET_HBASE);
+				List<VXAuditMap> xAuditMaps = xResource.getAuditList();
+				if (xAuditMaps.size() != 0) {
+					resourceMap.put("audit", 1);
+				} else {
+					resourceMap.put("audit", 0);
+				}
+				resourceList.add(resourceMap);
 			}
-			else if (xAsset.getAssetType() == AppConstants.ASSET_KNOX) {
-				for (XXResource xResource : xResourceList) {
-					HashMap<String, Object> resourceMap = new HashMap<String, Object>();
-
-					resourceMap.put("id", xResource.getId());
-					resourceMap.put("topology_name", xResource.getTopologies()) ;
-					resourceMap.put("service_name", xResource.getServices()) ;
-					resourceMap.put("policyStatus", RangerCommonEnums
-							.getLabelFor_ActiveStatus(xResource
-									.getResourceStatus()));
-					if (xResource.getIsEncrypt() == 1) {
-						resourceMap.put("encrypt", 1);
-					} else {
-						resourceMap.put("encrypt", 0);
-					}
-					// resourceMap.put("isEncrypt",
-					// AKAConstants.getLabelFor_BooleanValue(xResource.getIsEncrypt()));
-					populatePermMap(xResource, resourceMap, AppConstants.ASSET_KNOX);
-					List<XXAuditMap> xAuditMaps = rangerDaoManager.getXXAuditMap()
-							.findByResourceId(xResource.getId());
-					if (xAuditMaps.size() != 0) {
-						resourceMap.put("audit", 1);
-					} else {
-						resourceMap.put("audit", 0);
-					}
-					resourceList.add(resourceMap);
+		}
+		else if (xAsset.getAssetType() == AppConstants.ASSET_KNOX) {
+			for (VXResource xResource : xResourceList) {
+				HashMap<String, Object> resourceMap = new HashMap<String, Object>();
+
+				resourceMap.put("id", xResource.getId());
+				resourceMap.put("topology_name", xResource.getTopologies()) ;
+				resourceMap.put("service_name", xResource.getServices()) ;
+				resourceMap.put("policyStatus", RangerCommonEnums
+						.getLabelFor_ActiveStatus(xResource
+								.getResourceStatus()));
+				if (xResource.getIsEncrypt() == 1) {
+					resourceMap.put("encrypt", 1);
+				} else {
+					resourceMap.put("encrypt", 0);
 				}
-				
-            }
-            else if (xAsset.getAssetType() == AppConstants.ASSET_STORM) {
-                    for (XXResource xResource : xResourceList) {
-                            HashMap<String, Object> resourceMap = new HashMap<String,
Object>();
-
-                            resourceMap.put("id", xResource.getId());
-                            resourceMap.put("topology_name", xResource.getTopologies()) ;
-                            resourceMap.put("policyStatus", RangerCommonEnums
-                                            .getLabelFor_ActiveStatus(xResource
-                                                            .getResourceStatus()));
-                            if (xResource.getIsEncrypt() == 1) {
-                                    resourceMap.put("encrypt", 1);
-                            } else {
-                                    resourceMap.put("encrypt", 0);
-                            }
-                            populatePermMap(xResource, resourceMap, AppConstants.ASSET_STORM);
-                            List<XXAuditMap> xAuditMaps = rangerDaoManager.getXXAuditMap()
-                                            .findByResourceId(xResource.getId());
-                            if (xAuditMaps.size() != 0) {
-                                    resourceMap.put("audit", 1);
-                            } else {
-                                    resourceMap.put("audit", 0);
-                            }
-                            resourceList.add(resourceMap);
-                    }
-			} else {
-				policyExportAudit
-						.setHttpRetCode(javax.servlet.http.HttpServletResponse.SC_BAD_REQUEST);
-				createPolicyAudit(policyExportAudit);
-				throw restErrorUtil.createRESTException(
-						"The operation isn't yet supported for the repository",
-						MessageEnums.OPER_NOT_ALLOWED_FOR_ENTITY);
+				// resourceMap.put("isEncrypt",
+				// AKAConstants.getLabelFor_BooleanValue(xResource.getIsEncrypt()));
+				populatePermMap(xResource, resourceMap, AppConstants.ASSET_KNOX);
+				List<VXAuditMap> xAuditMaps = xResource.getAuditList();
+				if (xAuditMaps.size() != 0) {
+					resourceMap.put("audit", 1);
+				} else {
+					resourceMap.put("audit", 0);
+				}
+				resourceList.add(resourceMap);
 			}
+			
+        }
+        else if (xAsset.getAssetType() == AppConstants.ASSET_STORM) {
+                for (VXResource xResource : xResourceList) {
+                        HashMap<String, Object> resourceMap = new HashMap<String,
Object>();
+
+                        resourceMap.put("id", xResource.getId());
+                        resourceMap.put("topology_name", xResource.getTopologies()) ;
+                        resourceMap.put("policyStatus", RangerCommonEnums
+                                        .getLabelFor_ActiveStatus(xResource
+                                                        .getResourceStatus()));
+                        if (xResource.getIsEncrypt() == 1) {
+                                resourceMap.put("encrypt", 1);
+                        } else {
+                                resourceMap.put("encrypt", 0);
+                        }
+                        populatePermMap(xResource, resourceMap, AppConstants.ASSET_STORM);
+                        List<VXAuditMap> xAuditMaps = xResource.getAuditList();
+                        if (xAuditMaps.size() != 0) {
+                                resourceMap.put("audit", 1);
+                        } else {
+                                resourceMap.put("audit", 0);
+                        }
+                        resourceList.add(resourceMap);
+                }
+		} else {
+			policyExportAudit
+					.setHttpRetCode(javax.servlet.http.HttpServletResponse.SC_BAD_REQUEST);
+			createPolicyAudit(policyExportAudit);
+			throw restErrorUtil.createRESTException(
+					"The operation isn't yet supported for the repository",
+					MessageEnums.OPER_NOT_ALLOWED_FOR_ENTITY);
 		}
 
 		policyCount = Long.valueOf(resourceList.size());
@@ -1963,20 +1915,19 @@ public class AssetMgr extends AssetMgrBase {
 		}
 	}
 	@SuppressWarnings("unchecked")
-	private HashMap<String, Object> populatePermMap(XXResource xResource,
+	private HashMap<String, Object> populatePermMap(VXResource xResource,
 			HashMap<String, Object> resourceMap, int assetType) {
-		List<XXPermMap> xPermMapList = rangerDaoManager.getXXPermMap()
-				.findByResourceId(xResource.getId());
+		List<VXPermMap> xPermMapList = xResource.getPermMapList();
 
 		Set<Long> groupList = new HashSet<Long>();
-		for (XXPermMap xPermMap : xPermMapList) {
+		for (VXPermMap xPermMap : xPermMapList) {
 			groupList.add(xPermMap.getId());
 		}
 
 		List<HashMap<String, Object>> sortedPermMapGroupList = new ArrayList<HashMap<String,
Object>>();
 
 		// Loop for adding group perms
-		for (XXPermMap xPermMap : xPermMapList) {
+		for (VXPermMap xPermMap : xPermMapList) {
 			String groupKey = xPermMap.getPermGroup();
 			if (groupKey != null) {
 				boolean found = false;
@@ -1988,21 +1939,17 @@ public class AssetMgr extends AssetMgrBase {
 						Long userId = xPermMap.getUserId();
 
 						if (groupId != null) {
-							Set<String> groups = (Set<String>) sortedPermMap
-									.get("groups");
-							XXGroup xGroup = rangerDaoManager.getXXGroup()
-									.getById(groupId);
-							if(xGroup!=null && groups != null){
-								groups.add(xGroup.getName());
+							Set<String> groups = (Set<String>) sortedPermMap.get("groups");
+
+							if(groups != null){
+								groups.add(xPermMap.getGroupName());
 								sortedPermMap.put("groups", groups);
 							}
 						} else if (userId != null) {
-							Set<String> users = (Set<String>) sortedPermMap
-									.get("users");
-							XXUser xUser = rangerDaoManager.getXXUser().getById(
-									userId);
-							if (users != null && xUser != null) {
-								users.add(xUser.getName());
+							Set<String> users = (Set<String>) sortedPermMap.get("users");
+
+							if (users != null) {
+								users.add(xPermMap.getUserName());
 								sortedPermMap.put("users", users);								
 							}
 						}
@@ -2040,16 +1987,12 @@ public class AssetMgr extends AssetMgrBase {
 
 					if (groupId != null) {
 						Set<String> groupSet = new HashSet<String>();
-						XXGroup xGroup = rangerDaoManager.getXXGroup().getById(
-								xPermMap.getGroupId());
-						String group = xGroup.getName();
+						String group = xPermMap.getGroupName();
 						groupSet.add(group);
 						sortedPermMap.put("groups", groupSet);
 					} else if (userId != null) {
 						Set<String> userSet = new HashSet<String>();
-						XXUser xUser = rangerDaoManager.getXXUser()
-								.getById(userId);
-						String user = xUser.getName();
+						String user = xPermMap.getUserName();
 						userSet.add(user);
 						sortedPermMap.put("users", userSet);
 					}

http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/84382d38/security-admin/src/main/java/org/apache/ranger/common/ServiceUtil.java
----------------------------------------------------------------------
diff --git a/security-admin/src/main/java/org/apache/ranger/common/ServiceUtil.java b/security-admin/src/main/java/org/apache/ranger/common/ServiceUtil.java
index 94d174f..fa74642 100644
--- a/security-admin/src/main/java/org/apache/ranger/common/ServiceUtil.java
+++ b/security-admin/src/main/java/org/apache/ranger/common/ServiceUtil.java
@@ -244,7 +244,7 @@ public class ServiceUtil {
 			VXAuditMap auditMap = new VXAuditMap();
 
 			auditMap.setResourceId(policy.getId());
-			auditMap.setAuditType(1);
+			auditMap.setAuditType(AppConstants.XA_AUDIT_TYPE_ALL);
 
 			auditList = new ArrayList<VXAuditMap>();
 			auditList.add(auditMap);
@@ -296,6 +296,10 @@ public class ServiceUtil {
 
 			for(String userName : policyItem.getUsers()) {
 				for(RangerPolicyItemAccess access : policyItem.getAccesses()) {
+					if(! access.getIsAllowed()) {
+						continue;
+					}
+
 					VXPermMap permMap = new VXPermMap();
 
 					permMap.setPermFor(AppConstants.XA_PERM_FOR_USER);
@@ -307,11 +311,28 @@ public class ServiceUtil {
 
 					permMapList.add(permMap);
 				}
+				
+				if(policyItem.getDelegateAdmin()) {
+					VXPermMap permMap = new VXPermMap();
+
+					permMap.setPermFor(AppConstants.XA_PERM_FOR_USER);
+					permMap.setPermGroup(new Integer(permGroup).toString());
+					permMap.setUserName(userName);
+					permMap.setUserId(getUserId(userName));
+					permMap.setPermType(toPermType("Admin"));
+					permMap.setIpAddress(ipAddress);
+
+					permMapList.add(permMap);
+				}
 			}
 			permGroup++;
 
 			for(String groupName : policyItem.getGroups()) {
 				for(RangerPolicyItemAccess access : policyItem.getAccesses()) {
+					if(! access.getIsAllowed()) {
+						continue;
+					}
+
 					VXPermMap permMap = new VXPermMap();
 
 					permMap.setPermFor(AppConstants.XA_PERM_FOR_GROUP);
@@ -323,6 +344,19 @@ public class ServiceUtil {
 
 					permMapList.add(permMap);
 				}
+				
+				if(policyItem.getDelegateAdmin()) {
+					VXPermMap permMap = new VXPermMap();
+
+					permMap.setPermFor(AppConstants.XA_PERM_FOR_GROUP);
+					permMap.setPermGroup(new Integer(permGroup).toString());
+					permMap.setGroupName(groupName);
+					permMap.setGroupId(getGroupId(groupName));
+					permMap.setPermType(toPermType("Admin"));
+					permMap.setIpAddress(ipAddress);
+
+					permMapList.add(permMap);
+				}
 			}
 			permGroup++;
 		}

http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/84382d38/security-admin/src/main/java/org/apache/ranger/rest/AssetREST.java
----------------------------------------------------------------------
diff --git a/security-admin/src/main/java/org/apache/ranger/rest/AssetREST.java b/security-admin/src/main/java/org/apache/ranger/rest/AssetREST.java
index f160382..4fd4cc8 100644
--- a/security-admin/src/main/java/org/apache/ranger/rest/AssetREST.java
+++ b/security-admin/src/main/java/org/apache/ranger/rest/AssetREST.java
@@ -70,7 +70,6 @@ import org.apache.ranger.view.VXPolicyExportAuditList;
 import org.apache.ranger.view.VXResource;
 import org.apache.ranger.view.VXResourceList;
 import org.apache.ranger.view.VXResponse;
-import org.apache.ranger.view.VXStringList;
 import org.apache.ranger.view.VXTrxLogList;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.context.annotation.Scope;
@@ -420,57 +419,6 @@ public class AssetREST {
 	}
 
 	@GET
-	@Path("/hdfs/resources")
-	@Produces({ "application/xml", "application/json" })
-	public VXStringList pullHdfsResources(@Context HttpServletRequest request) {
-		String dataSourceName = request.getParameter("dataSourceName");
-		String baseDir = request.getParameter("baseDirectory");
-		return assetMgr.getHdfsResources(dataSourceName, baseDir);
-	}
-
-	@GET
-	@Path("/hive/resources")
-	@Produces({ "application/xml", "application/json" })
-	public VXStringList pullHiveResources(@Context HttpServletRequest request) {
-		String dataSourceName = request.getParameter("dataSourceName");
-		String databaseName = request.getParameter("databaseName");
-		String tableName = request.getParameter("tableName");
-		String columnName = request.getParameter("columnName");
-		return assetMgr.getHiveResources(dataSourceName, databaseName,
-				tableName, columnName);
-	}
-
-	@GET
-	@Path("/hbase/resources")
-	@Produces({ "application/xml", "application/json" })
-	public VXStringList pullHBaseResources(@Context HttpServletRequest request) {
-		String dataSourceName = request.getParameter("dataSourceName");
-		String tableName = request.getParameter("tableName");
-		String columnFamiles = request.getParameter("columnFamilies");
-		return assetMgr.getHBaseResources(dataSourceName, tableName,
-				columnFamiles);
-	}
-
-	@GET
-	@Path("/knox/resources")
-	@Produces({ "application/xml", "application/json" })
-	public VXStringList pullKnoxResources(@Context HttpServletRequest request) {
-		String dataSourceName = request.getParameter("dataSourceName");
-		String topologyName = request.getParameter("topologyName");
-		String serviceName = request.getParameter("serviceName");		
-		return assetMgr.getKnoxResources(dataSourceName, topologyName, serviceName);
-	}
-	
-    @GET
-    @Path("/storm/resources")
-    @Produces({ "application/xml", "application/json" })
-    public VXStringList pullStormResources(@Context HttpServletRequest request) {
-        String dataSourceName = request.getParameter("dataSourceName");
-        String topologyName = request.getParameter("topologyName");
-        return assetMgr.getStormResources(dataSourceName, topologyName);
-    }
-
-	@GET
 	@Path("/credstores/{id}")
 	@Produces({ "application/xml", "application/json" })
 	public VXCredentialStore getXCredentialStore(@PathParam("id") Long id) {
@@ -530,7 +478,10 @@ public class AssetREST {
 				new SearchCriteria(), "fileType", "File type",
 				StringUtil.VALIDATION_TEXT);
 
-		File file = assetMgr.getXResourceFile(id, fileType);
+		VXResource resource = getXResource(id);
+
+		File file = assetMgr.getXResourceFile(resource, fileType);
+
 		return Response
 				.ok(file, MediaType.APPLICATION_OCTET_STREAM)
 				.header("Content-Disposition",
@@ -543,32 +494,33 @@ public class AssetREST {
 	public String getResourceJSON(@Context HttpServletRequest request,
 			@PathParam("repository") String repository) {
 		
-		boolean httpEnabled = PropertiesUtil.getBooleanProperty("http.enabled",true);
-		String epoch = request.getParameter("epoch");
+		String            epoch       = request.getParameter("epoch");
+		X509Certificate[] certchain   = (X509Certificate[]) request.getAttribute("javax.servlet.request.X509Certificate");
+		String            ipAddress   = request.getHeader("X-FORWARDED-FOR");  
+		boolean           isSecure    = request.isSecure();
+		String            policyCount = request.getParameter("policyCount");
+		String            agentId     = request.getParameter("agentId");
 
-		X509Certificate[] certchain = (X509Certificate[]) request.getAttribute(
-				"javax.servlet.request.X509Certificate");
-		
-		String ipAddress = request.getHeader("X-FORWARDED-FOR");  
 		if (ipAddress == null) {  
 			ipAddress = request.getRemoteAddr();
 		}
 
-		boolean isSecure = request.isSecure();
-		
-		String policyCount = request.getParameter("policyCount");
-		String agentId = request.getParameter("agentId");
-		
-//		File file = assetMgr.getLatestRepoPolicy(repository, 
-//				certchain, httpEnabled, epoch, ipAddress, isSecure, policyCount, agentId);
-		
+		boolean httpEnabled = PropertiesUtil.getBooleanProperty("http.enabled",true);
 
-//		return Response
-//				.ok(file, MediaType.APPLICATION_OCTET_STREAM)
-//				.header("Content-Disposition",
-//						"attachment;filename=" + file.getName()).build();
+		RangerService      service  = serviceREST.getServiceByName(repository);
+		List<RangerPolicy> policies = serviceREST.getServicePolicies(repository, request);
+
+		long             policyUpdTime = (service != null && service.getPolicyUpdateTime()
!= null) ? service.getPolicyUpdateTime().getTime() : 0l;
+		VXAsset          vAsset        = serviceUtil.toVXAsset(service);
+		List<VXResource> vResourceList = new ArrayList<VXResource>();
 		
-		String file = assetMgr.getLatestRepoPolicy(repository, 
+		if(policies != null) {
+			for(RangerPolicy policy : policies) {
+				vResourceList.add(serviceUtil.toVXResource(policy, service));
+			}
+		}
+
+		String file = assetMgr.getLatestRepoPolicy(vAsset, vResourceList, policyUpdTime,
 				certchain, httpEnabled, epoch, ipAddress, isSecure, policyCount, agentId);
 		
 		return file;


Mime
View raw message