ranger-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From prad...@apache.org
Subject [1/2] ranger git commit: RANGER-2260: Atlas servicedef version change patch should update atlas access type def for tag def also.
Date Mon, 22 Oct 2018 14:48:00 GMT
Repository: ranger
Updated Branches:
  refs/heads/master 2a46f3cb9 -> 851e2f1fb


RANGER-2260: Atlas servicedef version change patch should update atlas access type def for
tag def also.


Project: http://git-wip-us.apache.org/repos/asf/ranger/repo
Commit: http://git-wip-us.apache.org/repos/asf/ranger/commit/ac4ef50b
Tree: http://git-wip-us.apache.org/repos/asf/ranger/tree/ac4ef50b
Diff: http://git-wip-us.apache.org/repos/asf/ranger/diff/ac4ef50b

Branch: refs/heads/master
Commit: ac4ef50b01fe35b858fe8ef45a8b5f896e44662b
Parents: 2a46f3c
Author: Pradeep <pradeep@apache.org>
Authored: Mon Oct 22 19:28:47 2018 +0530
Committer: Pradeep <pradeep@apache.org>
Committed: Mon Oct 22 19:47:13 2018 +0530

----------------------------------------------------------------------
 .../optimized/current/ranger_core_db_mysql.sql  |   1 +
 .../patches/035-update-schema-for-x-policy.sql  |  32 ++++++
 .../optimized/current/ranger_core_db_oracle.sql |   1 +
 .../patches/035-update-schema-for-x-policy.sql  |  38 +++++++
 .../current/ranger_core_db_postgres.sql         |   1 +
 .../patches/035-update-schema-for-x-policy.sql  |  36 +++++++
 .../current/ranger_core_db_sqlanywhere.sql      |   2 +
 .../patches/035-update-schema-for-x-policy.sql  |  37 ++++---
 .../current/ranger_core_db_sqlserver.sql        |   1 +
 .../patches/035-update-schema-for-x-policy.sql  |  36 +++++--
 .../PatchForAtlasServiceDefUpdate_J10013.java   | 103 ++++++++++++++++++-
 11 files changed, 265 insertions(+), 23 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/ranger/blob/ac4ef50b/security-admin/db/mysql/optimized/current/ranger_core_db_mysql.sql
----------------------------------------------------------------------
diff --git a/security-admin/db/mysql/optimized/current/ranger_core_db_mysql.sql b/security-admin/db/mysql/optimized/current/ranger_core_db_mysql.sql
index 70447fa..a4fa130 100644
--- a/security-admin/db/mysql/optimized/current/ranger_core_db_mysql.sql
+++ b/security-admin/db/mysql/optimized/current/ranger_core_db_mysql.sql
@@ -1428,4 +1428,5 @@ INSERT INTO x_db_version_h (version,inst_at,inst_by,updated_at,updated_by,active
 INSERT INTO x_db_version_h (version,inst_at,inst_by,updated_at,updated_by,active) VALUES
('J10016',UTC_TIMESTAMP(),'Ranger 1.0.0',UTC_TIMESTAMP(),'localhost','Y');
 INSERT INTO x_db_version_h (version,inst_at,inst_by,updated_at,updated_by,active) VALUES
('J10019',UTC_TIMESTAMP(),'Ranger 1.0.0',UTC_TIMESTAMP(),'localhost','Y');
 INSERT INTO x_db_version_h (version,inst_at,inst_by,updated_at,updated_by,active) VALUES
('J10020',UTC_TIMESTAMP(),'Ranger 1.0.0',UTC_TIMESTAMP(),'localhost','Y');
+INSERT INTO x_db_version_h (version,inst_at,inst_by,updated_at,updated_by,active) VALUES
('J10025',UTC_TIMESTAMP(),'Ranger 1.0.0',UTC_TIMESTAMP(),'localhost','Y');
 INSERT INTO x_db_version_h (version,inst_at,inst_by,updated_at,updated_by,active) VALUES
('JAVA_PATCHES',UTC_TIMESTAMP(),'Ranger 1.0.0',UTC_TIMESTAMP(),'localhost','Y');

http://git-wip-us.apache.org/repos/asf/ranger/blob/ac4ef50b/security-admin/db/mysql/patches/035-update-schema-for-x-policy.sql
----------------------------------------------------------------------
diff --git a/security-admin/db/mysql/patches/035-update-schema-for-x-policy.sql b/security-admin/db/mysql/patches/035-update-schema-for-x-policy.sql
index ee82ae3..84db526 100644
--- a/security-admin/db/mysql/patches/035-update-schema-for-x-policy.sql
+++ b/security-admin/db/mysql/patches/035-update-schema-for-x-policy.sql
@@ -13,6 +13,38 @@
 -- See the License for the specific language governing permissions and
 -- limitations under the License.
 
+drop procedure if exists update_TagDefAccessTypes_for_atlas;
+
+delimiter ;;
+create procedure update_TagDefAccessTypes_for_atlas() begin
+DECLARE new_atlas_def_name varchar(100);
+if exists (select version from x_db_version_h where version = 'J10013') then
+	if exists (select name from x_service_def where name like 'atlas.%') then
+		set new_atlas_def_name=(select name from x_service_def where name like 'atlas.%');
+		if exists(select * from x_access_type_def where def_id in(select id from x_service_def
where name='tag') and name in('atlas:read','atlas:create','atlas:update','atlas:delete','atlas:all'))
then
+			update x_access_type_def set name=concat(new_atlas_def_name,':read') where def_id=100
and name='atlas:read';
+			update x_access_type_def set name=concat(new_atlas_def_name,':create') where def_id=100
and name='atlas:create';
+			update x_access_type_def set name=concat(new_atlas_def_name,':update') where def_id=100
and name='atlas:update';
+			update x_access_type_def set name=concat(new_atlas_def_name,':delete') where def_id=100
and name='atlas:delete';
+			update x_access_type_def set name=concat(new_atlas_def_name,':all') where def_id=100 and
name='atlas:all';
+		end if;
+		if exists(select * from x_access_type_def_grants where atd_id in (select id from x_access_type_def
where def_id in (select id from x_service_def where name='tag') and name like 'atlas%') and
implied_grant in ('atlas:read','atlas:create','atlas:update','atlas:delete','atlas:all'))
then
+			update x_access_type_def_grants set implied_grant=concat(new_atlas_def_name,':read') where
implied_grant='atlas:read';
+			update x_access_type_def_grants set implied_grant=concat(new_atlas_def_name,':create')
where implied_grant='atlas:create';
+			update x_access_type_def_grants set implied_grant=concat(new_atlas_def_name,':update')
where implied_grant='atlas:update';
+			update x_access_type_def_grants set implied_grant=concat(new_atlas_def_name,':delete')
where implied_grant='atlas:delete';
+			update x_access_type_def_grants set implied_grant=concat(new_atlas_def_name,':all') where
implied_grant='atlas:all';
+		end if;
+	end if;
+end if;
+end;;
+
+delimiter ;
+call update_TagDefAccessTypes_for_atlas();
+
+drop procedure if exists update_TagDefAccessTypes_for_atlas;
+
+
 drop procedure if exists alter_table_x_policy;
 
 delimiter ;;

http://git-wip-us.apache.org/repos/asf/ranger/blob/ac4ef50b/security-admin/db/oracle/optimized/current/ranger_core_db_oracle.sql
----------------------------------------------------------------------
diff --git a/security-admin/db/oracle/optimized/current/ranger_core_db_oracle.sql b/security-admin/db/oracle/optimized/current/ranger_core_db_oracle.sql
index 8b51307..0949cbd 100644
--- a/security-admin/db/oracle/optimized/current/ranger_core_db_oracle.sql
+++ b/security-admin/db/oracle/optimized/current/ranger_core_db_oracle.sql
@@ -1405,5 +1405,6 @@ INSERT INTO x_db_version_h (id,version,inst_at,inst_by,updated_at,updated_by,act
 INSERT INTO x_db_version_h (id,version,inst_at,inst_by,updated_at,updated_by,active) VALUES
(X_DB_VERSION_H_SEQ.nextval,'J10016',sys_extract_utc(systimestamp),'Ranger 1.0.0',sys_extract_utc(systimestamp),'localhost','Y');
 INSERT INTO x_db_version_h (id,version,inst_at,inst_by,updated_at,updated_by,active) VALUES
(X_DB_VERSION_H_SEQ.nextval,'J10019',sys_extract_utc(systimestamp),'Ranger 1.0.0',sys_extract_utc(systimestamp),'localhost','Y');
 INSERT INTO x_db_version_h (id,version,inst_at,inst_by,updated_at,updated_by,active) VALUES
(X_DB_VERSION_H_SEQ.nextval,'J10020',sys_extract_utc(systimestamp),'Ranger 1.0.0',sys_extract_utc(systimestamp),'localhost','Y');
+INSERT INTO x_db_version_h (id,version,inst_at,inst_by,updated_at,updated_by,active) VALUES
(X_DB_VERSION_H_SEQ.nextval,'J10025',sys_extract_utc(systimestamp),'Ranger 1.0.0',sys_extract_utc(systimestamp),'localhost','Y');
 INSERT INTO x_db_version_h (id,version,inst_at,inst_by,updated_at,updated_by,active) VALUES
(X_DB_VERSION_H_SEQ.nextval,'JAVA_PATCHES',sys_extract_utc(systimestamp),'Ranger 1.0.0',sys_extract_utc(systimestamp),'localhost','Y');
 commit;

http://git-wip-us.apache.org/repos/asf/ranger/blob/ac4ef50b/security-admin/db/oracle/patches/035-update-schema-for-x-policy.sql
----------------------------------------------------------------------
diff --git a/security-admin/db/oracle/patches/035-update-schema-for-x-policy.sql b/security-admin/db/oracle/patches/035-update-schema-for-x-policy.sql
index 11b4172..c75e620 100644
--- a/security-admin/db/oracle/patches/035-update-schema-for-x-policy.sql
+++ b/security-admin/db/oracle/patches/035-update-schema-for-x-policy.sql
@@ -161,3 +161,41 @@ CALL removeConstraints('X_POLICY_RESOURCE');
 CALL removeConstraints('X_POLICY_RESOURCE_MAP');
 CALL removeConstraints('X_POLICY_ITEM_USER_PERM');
 CALL removeConstraints('X_POLICY_ITEM_ROWFILTER');
+
+DECLARE
+	v_record_exists number := 0;
+	new_atlas_def_name VARCHAR(1024);
+	sql_stmt VARCHAR(1024);
+BEGIN
+select count(*) into v_record_exists from x_db_version_h where version = 'J10013';
+	if (v_record_exists = 1) then
+		select name into new_atlas_def_name from x_service_def where name like 'atlas.%';
+		select count(*) into v_record_exists from x_access_type_def where def_id in(select id from
x_service_def where name='tag') and name in('atlas:read','atlas:create','atlas:update','atlas:delete','atlas:all');
+		if (v_record_exists > 0) then
+			sql_stmt := 'UPDATE x_access_type_def set name=concat(:1,:2) where def_id=100 and name=:3';
+			EXECUTE IMMEDIATE sql_stmt USING new_atlas_def_name,':create','atlas:create';
+			sql_stmt := 'UPDATE x_access_type_def set name=concat(:1,:2) where def_id=100 and name=:3';
+			EXECUTE IMMEDIATE sql_stmt USING new_atlas_def_name,':update','atlas:update';
+			sql_stmt := 'UPDATE x_access_type_def set name=concat(:1,:2) where def_id=100 and name=:3';
+			EXECUTE IMMEDIATE sql_stmt USING new_atlas_def_name,':delete','atlas:delete';
+			sql_stmt := 'UPDATE x_access_type_def set name=concat(:1,:2) where def_id=100 and name=:3';
+			EXECUTE IMMEDIATE sql_stmt USING new_atlas_def_name,':read','atlas:read';
+			sql_stmt := 'UPDATE x_access_type_def set name=concat(:1,:2) where def_id=100 and name=:3';
+			EXECUTE IMMEDIATE sql_stmt USING new_atlas_def_name,':all','atlas:all';
+		end if;
+		select count(*) into v_record_exists from x_access_type_def_grants where atd_id in (select
id from x_access_type_def where def_id in (select id from x_service_def where name='tag')
and name like 'atlas%') and implied_grant in ('atlas:read','atlas:create','atlas:update','atlas:delete','atlas:all');
+		if (v_record_exists > 0) then
+			sql_stmt := 'UPDATE x_access_type_def_grants set implied_grant=concat(:1,:2) where implied_grant=:3';
+			EXECUTE IMMEDIATE sql_stmt USING new_atlas_def_name,':create','atlas:create';
+			sql_stmt := 'UPDATE x_access_type_def_grants set implied_grant=concat(:1,:2) where implied_grant=:3';
+			EXECUTE IMMEDIATE sql_stmt USING new_atlas_def_name,':update','atlas:update';
+			sql_stmt := 'UPDATE x_access_type_def_grants set implied_grant=concat(:1,:2) where implied_grant=:3';
+			EXECUTE IMMEDIATE sql_stmt USING new_atlas_def_name,':delete','atlas:delete';
+			sql_stmt := 'UPDATE x_access_type_def_grants set implied_grant=concat(:1,:2) where implied_grant=:3';
+			EXECUTE IMMEDIATE sql_stmt USING new_atlas_def_name,':read','atlas:read';
+			sql_stmt := 'UPDATE x_access_type_def_grants set implied_grant=concat(:1,:2) where implied_grant=:3';
+			EXECUTE IMMEDIATE sql_stmt USING new_atlas_def_name,':all','atlas:all';
+		end if;
+	end if;
+	commit;
+end;/

http://git-wip-us.apache.org/repos/asf/ranger/blob/ac4ef50b/security-admin/db/postgres/optimized/current/ranger_core_db_postgres.sql
----------------------------------------------------------------------
diff --git a/security-admin/db/postgres/optimized/current/ranger_core_db_postgres.sql b/security-admin/db/postgres/optimized/current/ranger_core_db_postgres.sql
index a123911..a0e02e0 100644
--- a/security-admin/db/postgres/optimized/current/ranger_core_db_postgres.sql
+++ b/security-admin/db/postgres/optimized/current/ranger_core_db_postgres.sql
@@ -1520,6 +1520,7 @@ INSERT INTO x_db_version_h (version,inst_at,inst_by,updated_at,updated_by,active
 INSERT INTO x_db_version_h (version,inst_at,inst_by,updated_at,updated_by,active) VALUES
('J10016',current_timestamp,'Ranger 1.0.0',current_timestamp,'localhost','Y');
 INSERT INTO x_db_version_h (version,inst_at,inst_by,updated_at,updated_by,active) VALUES
('J10019',current_timestamp,'Ranger 1.0.0',current_timestamp,'localhost','Y');
 INSERT INTO x_db_version_h (version,inst_at,inst_by,updated_at,updated_by,active) VALUES
('J10020',current_timestamp,'Ranger 1.0.0',current_timestamp,'localhost','Y');
+INSERT INTO x_db_version_h (version,inst_at,inst_by,updated_at,updated_by,active) VALUES
('J10025',current_timestamp,'Ranger 1.0.0',current_timestamp,'localhost','Y');
 INSERT INTO x_db_version_h (version,inst_at,inst_by,updated_at,updated_by,active) VALUES
('JAVA_PATCHES',current_timestamp,'Ranger 1.0.0',current_timestamp,'localhost','Y');
 
 DROP VIEW IF EXISTS vx_trx_log;

http://git-wip-us.apache.org/repos/asf/ranger/blob/ac4ef50b/security-admin/db/postgres/patches/035-update-schema-for-x-policy.sql
----------------------------------------------------------------------
diff --git a/security-admin/db/postgres/patches/035-update-schema-for-x-policy.sql b/security-admin/db/postgres/patches/035-update-schema-for-x-policy.sql
index cb87cd0..61c7986 100644
--- a/security-admin/db/postgres/patches/035-update-schema-for-x-policy.sql
+++ b/security-admin/db/postgres/patches/035-update-schema-for-x-policy.sql
@@ -195,3 +195,39 @@ select removekeys();
 
 select 'delimiter end';
 
+commit;
+select 'delimiter start';
+CREATE OR REPLACE FUNCTION update_TagDefAccessTypes_for_atlas()
+RETURNS void AS $$
+DECLARE
+ new_atlas_def_name VARCHAR(1024);
+ v_record_exists integer := 0;
+BEGIN
+select count(*) into v_record_exists from x_db_version_h where version = 'J10013';
+IF v_record_exists = 1 THEN
+	select name into new_atlas_def_name from x_service_def where name like 'atlas.%';
+	select count(*) into v_record_exists from x_access_type_def where def_id in(select id from
x_service_def where name='tag') and name in('atlas:read','atlas:create','atlas:update','atlas:delete','atlas:all');
+	IF v_record_exists > 0 THEN
+		update x_access_type_def set name=(new_atlas_def_name || ':read')where def_id=100 and name='atlas:read';
+		update x_access_type_def set name=(new_atlas_def_name || ':create') where def_id=100 and
name='atlas:create';
+		update x_access_type_def set name=(new_atlas_def_name || ':update') where def_id=100 and
name='atlas:update';
+		update x_access_type_def set name=(new_atlas_def_name || ':delete') where def_id=100 and
name='atlas:delete';
+		update x_access_type_def set name=(new_atlas_def_name || ':all') where def_id=100 and name='atlas:all';
+	 END IF;
+	 select count(*) into v_record_exists from x_access_type_def_grants where atd_id in (select
id from x_access_type_def where def_id in (select id from x_service_def where name='tag')
and name like 'atlas%') and implied_grant in ('atlas:read','atlas:create','atlas:update','atlas:delete','atlas:all');
+	 IF v_record_exists > 0 THEN
+		update x_access_type_def_grants set implied_grant=(new_atlas_def_name || ':read') where
implied_grant='atlas:read';
+		update x_access_type_def_grants set implied_grant=(new_atlas_def_name || ':create') where
implied_grant='atlas:create';
+		update x_access_type_def_grants set implied_grant=(new_atlas_def_name || ':update') where
implied_grant='atlas:update';
+		update x_access_type_def_grants set implied_grant=(new_atlas_def_name || ':delete') where
implied_grant='atlas:delete';
+		update x_access_type_def_grants set implied_grant=(new_atlas_def_name || ':all') where
implied_grant='atlas:all';
+	 END IF;
+ END IF;
+END;
+$$ LANGUAGE plpgsql;
+select 'delimiter end';
+
+select update_TagDefAccessTypes_for_atlas();
+commit;
+select 'delimiter end';
+

http://git-wip-us.apache.org/repos/asf/ranger/blob/ac4ef50b/security-admin/db/sqlanywhere/optimized/current/ranger_core_db_sqlanywhere.sql
----------------------------------------------------------------------
diff --git a/security-admin/db/sqlanywhere/optimized/current/ranger_core_db_sqlanywhere.sql
b/security-admin/db/sqlanywhere/optimized/current/ranger_core_db_sqlanywhere.sql
index 142302a..db8ebc3 100644
--- a/security-admin/db/sqlanywhere/optimized/current/ranger_core_db_sqlanywhere.sql
+++ b/security-admin/db/sqlanywhere/optimized/current/ranger_core_db_sqlanywhere.sql
@@ -1709,6 +1709,8 @@ INSERT INTO x_db_version_h (version,inst_at,inst_by,updated_at,updated_by,active
 GO
 INSERT INTO x_db_version_h (version,inst_at,inst_by,updated_at,updated_by,active) VALUES
('J10020',CURRENT_TIMESTAMP,'Ranger 1.0.0',CURRENT_TIMESTAMP,'localhost','Y');
 GO
+INSERT INTO x_db_version_h (version,inst_at,inst_by,updated_at,updated_by,active) VALUES
('J10025',CURRENT_TIMESTAMP,'Ranger 1.0.0',CURRENT_TIMESTAMP,'localhost','Y');
+GO
 INSERT INTO x_db_version_h (version,inst_at,inst_by,updated_at,updated_by,active) VALUES
('JAVA_PATCHES',CURRENT_TIMESTAMP,'Ranger 1.0.0',CURRENT_TIMESTAMP,'localhost','Y');
 GO
 exit

http://git-wip-us.apache.org/repos/asf/ranger/blob/ac4ef50b/security-admin/db/sqlanywhere/patches/035-update-schema-for-x-policy.sql
----------------------------------------------------------------------
diff --git a/security-admin/db/sqlanywhere/patches/035-update-schema-for-x-policy.sql b/security-admin/db/sqlanywhere/patches/035-update-schema-for-x-policy.sql
index 24d072f..c079014 100644
--- a/security-admin/db/sqlanywhere/patches/035-update-schema-for-x-policy.sql
+++ b/security-admin/db/sqlanywhere/patches/035-update-schema-for-x-policy.sql
@@ -145,36 +145,49 @@ BEGIN
                 END
         close cur
         DEALLOCATE CURSOR cur
-
 END
 GO
-
 call dbo.removeForeignKeyConstraint('x_policy_item')
 GO
-
 call dbo.removeForeignKeyConstraint('x_policy_item_access')
 GO
-
 call dbo.removeForeignKeyConstraint('x_policy_item_condition')
 GO
-
 call dbo.removeForeignKeyConstraint('x_policy_item_datamask')
 GO
-
 call dbo.removeForeignKeyConstraint('x_policy_item_group_perm')
 GO
-
 call dbo.removeForeignKeyConstraint('x_policy_item_user_perm')
 GO
-
 call dbo.removeForeignKeyConstraint('x_policy_item_rowfilter')
 GO
-
 call dbo.removeForeignKeyConstraint('x_policy_resource')
 GO
-
 call dbo.removeForeignKeyConstraint('x_policy_resource_map')
 GO
 
-
-exit
+BEGIN
+DECLARE new_atlas_def_name varchar(1024);
+DECLARE v_record_exists INT = 0;
+	IF EXISTS (select version from x_db_version_h where version = 'J10013') THEN
+		IF EXISTS(select name from x_service_def where name like 'atlas.%') THEN
+			select name into new_atlas_def_name from x_service_def where name like 'atlas.%';
+			IF EXISTS(select * from x_access_type_def where def_id in(select id from x_service_def
where name='tag') and name in('atlas:read','atlas:create','atlas:update','atlas:delete','atlas:all'))
THEN
+				update x_access_type_def set name=(new_atlas_def_name || ':read') where def_id=100 and
name='atlas:read';
+				update x_access_type_def set name=(new_atlas_def_name || ':create') where def_id=100
and name='atlas:create';
+				update x_access_type_def set name=(new_atlas_def_name || ':update') where def_id=100
and name='atlas:update';
+				update x_access_type_def set name=(new_atlas_def_name || ':delete') where def_id=100
and name='atlas:delete';
+				update x_access_type_def set name=(new_atlas_def_name || ':all') where def_id=100 and
name='atlas:all';
+			END IF;
+			IF EXISTS(select * from x_access_type_def_grants where atd_id in (select id from x_access_type_def
where def_id in (select id from x_service_def where name='tag') and name like 'atlas%') and
implied_grant in ('atlas:read','atlas:create','atlas:update','atlas:delete','atlas:all'))
THEN
+				update x_access_type_def_grants set implied_grant=(new_atlas_def_name || ':read') where
implied_grant='atlas:read';
+				update x_access_type_def_grants set implied_grant=(new_atlas_def_name || ':create') where
implied_grant='atlas:create';
+				update x_access_type_def_grants set implied_grant=(new_atlas_def_name || ':update') where
implied_grant='atlas:update';
+				update x_access_type_def_grants set implied_grant=(new_atlas_def_name || ':delete') where
implied_grant='atlas:delete';
+				update x_access_type_def_grants set implied_grant=(new_atlas_def_name || ':all') where
implied_grant='atlas:all';
+			END IF;
+		END IF;
+	END IF;
+END
+GO
+exit
\ No newline at end of file

http://git-wip-us.apache.org/repos/asf/ranger/blob/ac4ef50b/security-admin/db/sqlserver/optimized/current/ranger_core_db_sqlserver.sql
----------------------------------------------------------------------
diff --git a/security-admin/db/sqlserver/optimized/current/ranger_core_db_sqlserver.sql b/security-admin/db/sqlserver/optimized/current/ranger_core_db_sqlserver.sql
index 75c8faf..522b57b 100644
--- a/security-admin/db/sqlserver/optimized/current/ranger_core_db_sqlserver.sql
+++ b/security-admin/db/sqlserver/optimized/current/ranger_core_db_sqlserver.sql
@@ -3256,6 +3256,7 @@ INSERT INTO x_db_version_h (version,inst_at,inst_by,updated_at,updated_by,active
 INSERT INTO x_db_version_h (version,inst_at,inst_by,updated_at,updated_by,active) VALUES
('J10016',CURRENT_TIMESTAMP,'Ranger 1.0.0',CURRENT_TIMESTAMP,'localhost','Y');
 INSERT INTO x_db_version_h (version,inst_at,inst_by,updated_at,updated_by,active) VALUES
('J10019',CURRENT_TIMESTAMP,'Ranger 1.0.0',CURRENT_TIMESTAMP,'localhost','Y');
 INSERT INTO x_db_version_h (version,inst_at,inst_by,updated_at,updated_by,active) VALUES
('J10020',CURRENT_TIMESTAMP,'Ranger 1.0.0',CURRENT_TIMESTAMP,'localhost','Y');
+INSERT INTO x_db_version_h (version,inst_at,inst_by,updated_at,updated_by,active) VALUES
('J10025',CURRENT_TIMESTAMP,'Ranger 1.0.0',CURRENT_TIMESTAMP,'localhost','Y');
 INSERT INTO x_db_version_h (version,inst_at,inst_by,updated_at,updated_by,active) VALUES
('JAVA_PATCHES',CURRENT_TIMESTAMP,'Ranger 1.0.0',CURRENT_TIMESTAMP,'localhost','Y');
 GO
 CREATE VIEW [dbo].[vx_trx_log] AS

http://git-wip-us.apache.org/repos/asf/ranger/blob/ac4ef50b/security-admin/db/sqlserver/patches/035-update-schema-for-x-policy.sql
----------------------------------------------------------------------
diff --git a/security-admin/db/sqlserver/patches/035-update-schema-for-x-policy.sql b/security-admin/db/sqlserver/patches/035-update-schema-for-x-policy.sql
index ebf44ac..bd646d6 100644
--- a/security-admin/db/sqlserver/patches/035-update-schema-for-x-policy.sql
+++ b/security-admin/db/sqlserver/patches/035-update-schema-for-x-policy.sql
@@ -425,29 +425,47 @@ GO
 
 EXEC dbo.removeConstraints 'x_policy_item'
 GO
-
 EXEC dbo.removeConstraints 'x_policy_item_access'
 GO
-
 EXEC dbo.removeConstraints 'x_policy_item_condition'
 GO
-
 EXEC dbo.removeConstraints 'x_policy_item_datamask'
 GO
-
 EXEC dbo.removeConstraints 'x_policy_item_group_perm'
 GO
-
 EXEC dbo.removeConstraints 'x_policy_item_user_perm'
 GO
-
 EXEC dbo.removeConstraints 'x_policy_item_rowfilter'
 GO
-
 EXEC dbo.removeConstraints 'x_policy_resource'
 GO
-
 EXEC dbo.removeConstraints 'x_policy_resource_map'
 GO
 
-EXIT
+IF EXISTS (select version from x_db_version_h where version = 'J10013')
+BEGIN
+	IF EXISTS(select name from x_service_def where name like 'atlas.%')
+	BEGIN
+		DECLARE @new_atlas_def_name VARCHAR(100);
+		set @new_atlas_def_name=(select name into new_atlas_def_name from x_service_def where name
like 'atlas.%')
+		IF EXISTS(select * from x_access_type_def where def_id in(select id from x_service_def
where name='tag') and name in('atlas:read','atlas:create','atlas:update','atlas:delete','atlas:all'))
+		BEGIN
+			update x_access_type_def set name=concat(new_atlas_def_name , ':read') where def_id=100
and name='atlas:read';
+			update x_access_type_def set name=concat(new_atlas_def_name , ':create') where def_id=100
and name='atlas:create';
+			update x_access_type_def set name=concat(new_atlas_def_name , ':update') where def_id=100
and name='atlas:update';
+			update x_access_type_def set name=concat(new_atlas_def_name , ':delete') where def_id=100
and name='atlas:delete';
+			update x_access_type_def set name=concat(new_atlas_def_name , ':all') where def_id=100
and name='atlas:all';
+		END IF;
+		IF EXISTS(select * from x_access_type_def_grants where atd_id in (select id from x_access_type_def
where def_id in (select id from x_service_def where name='tag') and name like 'atlas%') and
implied_grant in ('atlas:read','atlas:create','atlas:update','atlas:delete','atlas:all'))
+		BEGIN
+			update x_access_type_def_grants set implied_grant=concat(new_atlas_def_name , ':read')
where implied_grant='atlas:read';
+			update x_access_type_def_grants set implied_grant=concat(new_atlas_def_name , ':create')
where implied_grant='atlas:create';
+			update x_access_type_def_grants set implied_grant=concat(new_atlas_def_name , ':update')
where implied_grant='atlas:update';
+			update x_access_type_def_grants set implied_grant=concat(new_atlas_def_name , ':delete')
where implied_grant='atlas:delete';
+			update x_access_type_def_grants set implied_grant=concat(new_atlas_def_name , ':all')
where implied_grant='atlas:all';
+		END IF;
+	END IF;
+END IF;
+END
+GO
+EXIT
\ No newline at end of file

http://git-wip-us.apache.org/repos/asf/ranger/blob/ac4ef50b/security-admin/src/main/java/org/apache/ranger/patch/PatchForAtlasServiceDefUpdate_J10013.java
----------------------------------------------------------------------
diff --git a/security-admin/src/main/java/org/apache/ranger/patch/PatchForAtlasServiceDefUpdate_J10013.java
b/security-admin/src/main/java/org/apache/ranger/patch/PatchForAtlasServiceDefUpdate_J10013.java
index 1b315cd..c7af90c 100644
--- a/security-admin/src/main/java/org/apache/ranger/patch/PatchForAtlasServiceDefUpdate_J10013.java
+++ b/security-admin/src/main/java/org/apache/ranger/patch/PatchForAtlasServiceDefUpdate_J10013.java
@@ -17,13 +17,17 @@
 
 package org.apache.ranger.patch;
 
+import java.util.ArrayList;
 import java.util.Arrays;
+import java.util.Collection;
 import java.util.HashSet;
 import java.util.List;
+import java.util.Objects;
 import java.util.Set;
 import org.apache.commons.collections.CollectionUtils;
 import org.apache.log4j.Logger;
 import org.apache.ranger.biz.ServiceDBStore;
+import org.apache.ranger.common.RangerValidatorFactory;
 import org.apache.ranger.db.RangerDaoManager;
 import org.apache.ranger.db.XXAccessTypeDefDao;
 import org.apache.ranger.db.XXResourceDefDao;
@@ -33,6 +37,8 @@ import org.apache.ranger.entity.XXAccessTypeDef;
 import org.apache.ranger.entity.XXResourceDef;
 import org.apache.ranger.entity.XXService;
 import org.apache.ranger.entity.XXServiceDef;
+import org.apache.ranger.plugin.model.RangerServiceDef;
+import org.apache.ranger.plugin.store.AbstractServiceStore;
 import org.apache.ranger.plugin.store.EmbeddedServiceDefsUtil;
 import org.apache.ranger.service.RangerServiceService;
 import org.apache.ranger.util.CLIUtil;
@@ -42,7 +48,7 @@ import org.springframework.stereotype.Component;
 @Component
 public class PatchForAtlasServiceDefUpdate_J10013 extends BaseLoader {
 	private static final Logger LOG = Logger.getLogger(PatchForAtlasServiceDefUpdate_J10013.class);
-
+	private static final int MAX_ACCESS_TYPES_IN_SERVICE_DEF = 1000;
 	@Autowired
 	RangerDaoManager daoMgr;
 
@@ -52,6 +58,9 @@ public class PatchForAtlasServiceDefUpdate_J10013 extends BaseLoader {
 	@Autowired
 	RangerServiceService svcService;
 
+	@Autowired
+	RangerValidatorFactory validatorFactory;
+
 	public static void main(String[] args) {
 		LOG.info("main()");
 		try {
@@ -79,6 +88,7 @@ public class PatchForAtlasServiceDefUpdate_J10013 extends BaseLoader {
 			updateAtlasServiceDef();
 		} catch (Exception e) {
 			LOG.error("Error whille updateAtlasServiceDef()data.", e);
+            System.exit(1);
 		}
 		LOG.info("<== PatchForAtlasServiceDefUpdate.execLoad()");
 	}
@@ -88,7 +98,7 @@ public class PatchForAtlasServiceDefUpdate_J10013 extends BaseLoader {
 		LOG.info("PatchForAtlasServiceDefUpdate data ");
 	}
 
-	private void updateAtlasServiceDef(){
+	private void updateAtlasServiceDef() throws Exception{
 		String serviceDefName=EmbeddedServiceDefsUtil.EMBEDDED_SERVICEDEF_ATLAS_NAME;
 		XXServiceDefDao serviceDefDao = daoMgr.getXXServiceDef();
 		XXServiceDef serviceDef = serviceDefDao.findByName(serviceDefName);
@@ -111,6 +121,28 @@ public class PatchForAtlasServiceDefUpdate_J10013 extends BaseLoader
{
 		}
 		String serviceDefNewName = serviceDefName + suffix;
 		LOG.info("Renaming service-def " + serviceDefName + " as " + serviceDefNewName);
+		RangerServiceDef dbAtlasServiceDef = svcDBStore.getServiceDefByName(EmbeddedServiceDefsUtil.EMBEDDED_SERVICEDEF_ATLAS_NAME);
+		if (EmbeddedServiceDefsUtil.instance().getTagServiceDefId() != -1) {
+			RangerServiceDef dbTagServiceDef;
+			try {
+				dbTagServiceDef = svcDBStore.getServiceDef(EmbeddedServiceDefsUtil.instance().getTagServiceDefId());
+				if(dbTagServiceDef!=null) {
+					String prefix = serviceDefName + AbstractServiceStore.COMPONENT_ACCESSTYPE_SEPARATOR;
+					String newPrefix = serviceDefNewName + AbstractServiceStore.COMPONENT_ACCESSTYPE_SEPARATOR;
+
+					List<RangerServiceDef.RangerAccessTypeDef> svcDefAccessTypes = dbAtlasServiceDef.getAccessTypes();
+					List<RangerServiceDef.RangerAccessTypeDef> tagDefAccessTypes = dbTagServiceDef.getAccessTypes();
+					long itemIdOffset = serviceDef.getId() * (MAX_ACCESS_TYPES_IN_SERVICE_DEF + 1);
+
+					boolean updateNeeded = updateTagAccessTypeDefs(svcDefAccessTypes, tagDefAccessTypes,
itemIdOffset, prefix,newPrefix);
+					if(updateNeeded) {
+						svcDBStore.updateServiceDef(dbTagServiceDef);
+					}
+				}
+			} catch (Exception e) {
+				LOG.error("updateAtlasServiceDef:" + serviceDef.getName() + "): could not find TAG ServiceDef..
", e);
+			}
+		}
 		serviceDef.setName(serviceDefNewName);
 		serviceDefDao.update(serviceDef);
 		LOG.info("Renamed service-def " + serviceDefName + " as " + serviceDefNewName);
@@ -162,4 +194,71 @@ public class PatchForAtlasServiceDefUpdate_J10013 extends BaseLoader
{
 		}
 		return result;
 	}
+
+	private boolean updateTagAccessTypeDefs(List<RangerServiceDef.RangerAccessTypeDef>
svcDefAccessTypes,
+			List<RangerServiceDef.RangerAccessTypeDef> tagDefAccessTypes, long itemIdOffset,
String prefix,String newPrefix) {
+		List<RangerServiceDef.RangerAccessTypeDef> toUpdate = new ArrayList<>();
+		for (RangerServiceDef.RangerAccessTypeDef tagAccessType : tagDefAccessTypes) {
+			if (tagAccessType.getName().startsWith(prefix)) {
+				long svcAccessTypeItemId = tagAccessType.getItemId() - itemIdOffset;
+				RangerServiceDef.RangerAccessTypeDef svcAccessType = findAccessTypeDef(svcAccessTypeItemId,svcDefAccessTypes);
+				if (svcAccessType != null) {
+					if (updateTagAccessTypeDef(tagAccessType, svcAccessType, newPrefix)) {
+						toUpdate.add(tagAccessType);
+					}
+				}
+			}
+		}
+		boolean updateNeeded = false;
+		if (CollectionUtils.isNotEmpty(toUpdate)) {
+			updateNeeded = true;
+		}
+		return updateNeeded;
+	}
+
+	private RangerServiceDef.RangerAccessTypeDef findAccessTypeDef(long itemId, List<RangerServiceDef.RangerAccessTypeDef>
accessTypeDefs) {
+		RangerServiceDef.RangerAccessTypeDef ret = null;
+		for (RangerServiceDef.RangerAccessTypeDef accessTypeDef : accessTypeDefs) {
+			if (itemId == accessTypeDef.getItemId()) {
+				ret = accessTypeDef;
+				break;
+			}
+		}
+		return ret;
+	}
+
+	private boolean updateTagAccessTypeDef(RangerServiceDef.RangerAccessTypeDef tagAccessType,
RangerServiceDef.RangerAccessTypeDef svcAccessType, String newPrefix) {
+		boolean isUpdated = false;
+		if (!Objects.equals(tagAccessType.getName().substring(newPrefix.length()), svcAccessType.getName()))
{
+			isUpdated = true;
+		} else {
+			Collection<String> tagImpliedGrants = tagAccessType.getImpliedGrants();
+			Collection<String> svcImpliedGrants = svcAccessType.getImpliedGrants();
+			int tagImpliedGrantsLen = tagImpliedGrants == null ? 0 : tagImpliedGrants.size();
+			int svcImpliedGrantsLen = svcImpliedGrants == null ? 0 : svcImpliedGrants.size();
+			if (tagImpliedGrantsLen != svcImpliedGrantsLen) {
+				isUpdated = true;
+			} else if (tagImpliedGrantsLen > 0) {
+				for (String svcImpliedGrant : svcImpliedGrants) {
+					if (!tagImpliedGrants.contains(newPrefix + svcImpliedGrant)) {
+						isUpdated = true;
+						break;
+					}
+				}
+			}
+		}
+		if (isUpdated) {
+			tagAccessType.setName(newPrefix + svcAccessType.getName());
+			tagAccessType.setLabel(svcAccessType.getLabel());
+			tagAccessType.setRbKeyLabel(svcAccessType.getRbKeyLabel());
+			tagAccessType.setImpliedGrants(new HashSet<String>());
+			if (CollectionUtils.isNotEmpty(svcAccessType.getImpliedGrants())) {
+				for (String svcImpliedGrant : svcAccessType.getImpliedGrants()) {
+					tagAccessType.getImpliedGrants().add(newPrefix + svcImpliedGrant);
+				}
+			}
+		}
+		return isUpdated;
+	}
+
 }
\ No newline at end of file


Mime
View raw message