RANGER-4749: added TagREST APIs to retrieve by resource and get paginated resources along with associated tags

Signed-off-by: Madhan Neethiraj <[email protected]>

Author: anandN872

agents-common/src/main/java/org/apache/ranger/authorization/utils/JsonUtils.java

@@ -26,6 +26,7 @@
 import org.apache.ranger.plugin.model.AuditFilter;
 import org.apache.ranger.plugin.model.RangerGds.RangerTagDataMaskInfo;
 import org.apache.ranger.plugin.model.RangerPrincipal;
+import org.apache.ranger.plugin.model.RangerTag;
 import org.apache.ranger.plugin.model.RangerValidityRecurrence;
 import org.apache.ranger.plugin.model.RangerValiditySchedule;
 import org.apache.ranger.plugin.model.RangerPolicy.RangerPolicyItemDataMaskInfo;
@@ -51,6 +52,7 @@ public class JsonUtils {
     private static final Type TYPE_LIST_RANGER_TAG_MASK_INFO       = new TypeToken<List<RangerTagDataMaskInfo>>() {}.getType();
     private static final Type TYPE_MAP_RANGER_MASK_INFO            = new TypeToken<Map<String, RangerPolicyItemDataMaskInfo>>() {}.getType();
     private static final Type TYPE_MAP_RANGER_POLICY_RESOURCE      = new TypeToken<Map<String, RangerPolicyResource>>() {}.getType();
+    private static final Type TYPE_LIST_RANGER_TAG                 = new TypeToken<List<RangerTag>>() {}.getType();
 
     private static final ThreadLocal<Gson> gson = new ThreadLocal<Gson>() {
         @Override
@@ -189,6 +191,15 @@ public static List<RangerPrincipal> jsonToRangerPrincipalList(String jsonStr) {
         }
     }
 
+    public static List<RangerTag> jsonToRangerTagList(String jsonStr) {
+        try {
+            return gson.get().fromJson(jsonStr, TYPE_LIST_RANGER_TAG);
+        } catch (Exception e) {
+            LOG.error("Cannot get List<RangerTag> from " + jsonStr, e);
+            return null;
+        }
+    }
+
     public static Map<String, RangerPolicyItemDataMaskInfo> jsonToMapMaskInfo(String jsonStr) {
         try {
             return gson.get().fromJson(jsonStr, TYPE_MAP_RANGER_MASK_INFO);

agents-common/src/main/java/org/apache/ranger/plugin/model/RangerServiceResourceWithTags.java

@@ -0,0 +1,68 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership.  The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License.  You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied.  See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.apache.ranger.plugin.model;
+
+import java.util.List;
+
+import org.codehaus.jackson.annotate.JsonAutoDetect;
+import org.codehaus.jackson.annotate.JsonIgnoreProperties;
+import org.codehaus.jackson.map.annotate.JsonSerialize;
+
+@JsonAutoDetect(fieldVisibility=JsonAutoDetect.Visibility.ANY)
+@JsonSerialize(include=JsonSerialize.Inclusion.NON_EMPTY)
+@JsonIgnoreProperties(ignoreUnknown=true)
+public class RangerServiceResourceWithTags extends RangerServiceResource implements java.io.Serializable {
+	private static final long serialVersionUID = 1L;
+
+	private List<RangerTag>	associatedTags;
+
+	public List<RangerTag> getAssociatedTags() {
+		return associatedTags;
+	}
+
+	public void setAssociatedTags(List<RangerTag> associatedTags) {
+		this.associatedTags = associatedTags;
+	}
+
+	@Override
+	public StringBuilder toString(StringBuilder sb) {
+		sb.append("RangerServiceResourceWithTags={ ");
+
+		super.toString(sb);
+
+		sb.append("associatedTags=[");
+		if (associatedTags != null) {
+			String prefix = "";
+
+			for (RangerTag associatedTag : associatedTags) {
+	            sb.append(prefix);
+
+				associatedTag.toString(sb);
+
+				prefix = ", ";
+	        }
+		}
+		sb.append("] ");
+
+		sb.append(" }");
+
+		return sb;
+	}
+}

agents-common/src/main/java/org/apache/ranger/plugin/util/SearchFilter.java

@@ -76,6 +76,7 @@ public class SearchFilter {
 
 	public static final String TAG_DEF_ID                = "tagDefId";            // search
 	public static final String TAG_DEF_GUID              = "tagDefGuid";          // search
+	public static final String TAG_NAMES                 = "tagNames";            // search
 	public static final String TAG_TYPE                  = "tagType";             // search
 	public static final String TAG_TYPE_PARTIAL          = "tagTypePartial";      // search
 	public static final String TAG_SOURCE                = "tagSource";           // search
@@ -88,6 +89,7 @@ public class SearchFilter {
 	public static final String TAG_RESOURCE_GUID         = "resourceGuid";        // search
 	public static final String TAG_RESOURCE_SERVICE_NAME = "resourceServiceName"; // search
 	public static final String TAG_RESOURCE_SIGNATURE    = "resourceSignature";   // search
+	public static final String TAG_RESOURCE_ELEMENTS     = "resourceElements";   // search
 	public static final String TAG_MAP_ID                = "tagResourceMapId";    // search
 	public static final String TAG_MAP_GUID              = "tagResourceMapGuid";  // search
 

security-admin/src/main/java/org/apache/ranger/biz/TagDBStore.java

@@ -21,6 +21,7 @@
 
 import java.util.ArrayList;
 import java.util.Arrays;
+import java.util.HashMap;
 import java.util.HashSet;
 import java.util.List;
 import java.util.Map;
@@ -45,6 +46,7 @@
 import org.apache.ranger.entity.XXTagDef;
 import org.apache.ranger.entity.XXTagResourceMap;
 import org.apache.ranger.plugin.model.*;
+import org.apache.ranger.plugin.model.RangerPolicy.RangerPolicyResource;
 import org.apache.ranger.plugin.model.validation.RangerValidityScheduleValidator;
 import org.apache.ranger.plugin.model.validation.ValidationFailureDetails;
 import org.apache.ranger.plugin.store.AbstractTagStore;
@@ -59,7 +61,9 @@
 import org.apache.ranger.service.RangerTagDefService;
 import org.apache.ranger.service.RangerTagResourceMapService;
 import org.apache.ranger.service.RangerTagService;
+import org.apache.ranger.view.RangerServiceResourceWithTagsList;
 import org.apache.ranger.service.RangerServiceResourceService;
+import org.apache.ranger.service.RangerServiceResourceWithTagsService;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 import org.springframework.beans.factory.annotation.Autowired;
@@ -89,6 +93,9 @@ public class TagDBStore extends AbstractTagStore {
 	@Autowired
 	RangerServiceResourceService rangerServiceResourceService;
 
+	@Autowired
+	RangerServiceResourceWithTagsService rangerServiceResourceWithTagsService;
+
 	@Autowired
 	RangerTagResourceMapService rangerTagResourceMapService;
 
@@ -714,6 +721,10 @@ public PList<RangerServiceResource> getPaginatedServiceResources(SearchFilter fi
 		return ret;
 	}
 
+	public RangerServiceResourceWithTagsList getPaginatedServiceResourcesWithTags(SearchFilter filter) throws Exception {
+		return rangerServiceResourceWithTagsService.searchServiceResourcesWithTags(filter);
+	}
+
 
 	@Override
 	public RangerTagResourceMap createTagResourceMap(RangerTagResourceMap tagResourceMap) throws Exception {
@@ -1386,4 +1397,56 @@ private void deleteTagDef(RangerTagDef tagDef) throws Exception {
 			}
 		}
 	}
+
+	public RangerServiceResource getRangerServiceResource(String serviceName, Map<String, String[]> resourceMap) {
+		if (LOG.isDebugEnabled()) {
+			LOG.debug("==> TagDBStore.getRangerServiceResource(): serviceName={" + serviceName + "}");
+		}
+
+		Map<String, RangerPolicyResource> resourceElements = new HashMap<>();
+
+		for (Map.Entry<String, String[]> entry : resourceMap.entrySet()) {
+			String[] parts      = entry.getKey().split("\\.");
+			String[] valueArray = entry.getValue();
+
+			if (parts.length < 1 || valueArray == null) {
+				continue;
+			}
+
+			String key = parts[0];
+
+			RangerPolicyResource policyResource = resourceElements.get(key);
+
+			if (policyResource == null) {
+				policyResource = new RangerPolicyResource();
+
+				resourceElements.put(key, policyResource);
+			}
+
+			if (parts.length == 1) {
+				List<String> valueList = new ArrayList<>();
+
+				for (String str : valueArray) {
+					valueList.add(str.trim());
+				}
+			} else if (parts.length == 2 && valueArray[0] != null) {
+				String subKey = parts[1];
+				String value  = valueArray[0];
+
+				if (subKey.equalsIgnoreCase("isExcludes")) {
+					policyResource.setIsExcludes(Boolean.parseBoolean(value.trim()));
+				} else if (subKey.equalsIgnoreCase("isRecursive")) {
+					policyResource.setIsRecursive(Boolean.parseBoolean(value.trim()));
+				}
+			}
+		}
+
+		RangerServiceResource ret = new RangerServiceResource(serviceName, resourceElements);
+
+		if (LOG.isDebugEnabled()) {
+			LOG.debug("<== TagDBStore.getRangerServiceResource(): (serviceName={" + serviceName + "} RangerServiceResource={" + ret + "})");
+		}
+
+		return ret;
+	}
 }

security-admin/src/main/java/org/apache/ranger/common/RangerSearchUtil.java

@@ -19,11 +19,7 @@
 
  package org.apache.ranger.common;
 
-import java.util.ArrayList;
-import java.util.Date;
-import java.util.HashMap;
-import java.util.List;
-import java.util.Map;
+import java.util.*;
 
 import javax.annotation.Nonnull;
 import javax.persistence.EntityManager;
@@ -106,6 +102,7 @@ public SearchFilter getSearchFilter(@Nonnull HttpServletRequest request, List<So
 		ret.setParam(SearchFilter.TAG_SERVICE_NAME_PARTIAL, request.getParameter(SearchFilter.TAG_SERVICE_NAME_PARTIAL));
 		ret.setParam(SearchFilter.TAG_RESOURCE_GUID, request.getParameter(SearchFilter.TAG_RESOURCE_GUID));
 		ret.setParam(SearchFilter.TAG_RESOURCE_SIGNATURE, request.getParameter(SearchFilter.TAG_RESOURCE_SIGNATURE));
+		ret.setParam(SearchFilter.TAG_RESOURCE_ELEMENTS, request.getParameter(SearchFilter.TAG_RESOURCE_ELEMENTS));
 		ret.setParam(SearchFilter.TAG_DEF_GUID, request.getParameter(SearchFilter.TAG_DEF_GUID));
 		ret.setParam(SearchFilter.TAG_DEF_ID, request.getParameter(SearchFilter.TAG_DEF_ID));
 		ret.setParam(SearchFilter.TAG_ID, request.getParameter(SearchFilter.TAG_ID));
@@ -358,6 +355,45 @@ private StringBuilder buildWhereClause(SearchFilter searchCriteria,
 								whereClause.append(" ) ");
 							}
 
+						} else {
+							whereClause.append(" and ")
+							           .append(searchField.getFieldName())
+							           .append(" in ")
+							           .append(" (:").append(searchField.getClientFieldName()).append(")");
+						}
+					} else {
+						whereClause.append(" and ").append(searchField.getCustomCondition());
+					}
+				}
+			} else if (isMultiValue && searchField.getDataType() == SearchField.DATA_TYPE.STR_LIST) {
+				List<String> strValueList = new ArrayList<>();
+
+				for (Object value : multiValue) {
+					strValueList.add(String.valueOf(value));
+				}
+
+				if (!strValueList.isEmpty()) {
+					if (searchField.getCustomCondition() == null) {
+						if (strValueList.size() <= minInListLength) {
+							whereClause.append(" and ");
+
+							if (strValueList.size() > 1) {
+								whereClause.append(" ( ");
+							}
+
+							for (int count = 0; count < strValueList.size(); count++) {
+								if (count > 0) {
+									whereClause.append(" or ");
+								}
+
+								whereClause.append(searchField.getFieldName()).append("= :")
+								           .append(searchField.getClientFieldName()).append("_").append(count);
+							}
+
+							if (strValueList.size() > 1) {
+								whereClause.append(" ) ");
+							}
+
 						} else {
 							whereClause.append(" and ")
 							           .append(searchField.getFieldName())
@@ -477,6 +513,22 @@ protected void resolveQueryParams(Query query, SearchFilter searchCriteria, List
 						query.setParameter(searchField.getClientFieldName(), intValueList);
 					}
 				}
+			} else if (isMultiValue && searchField.getDataType() == SearchField.DATA_TYPE.STR_LIST) {
+				List<String> strValueList = new ArrayList<>();
+
+				for (Object value : multiValue) {
+					strValueList.add(String.valueOf(value));
+				}
+
+				if (!strValueList.isEmpty()) {
+					if (strValueList.size() <= minInListLength) {
+						for (int idx = 0; idx < strValueList.size(); idx++) {
+							query.setParameter(searchField.getClientFieldName() + "_" + idx, strValueList.get(idx));
+						}
+					} else {
+						query.setParameter(searchField.getClientFieldName(), strValueList);
+					}
+				}
 			} else if (searchField.getDataType() == SearchField.DATA_TYPE.INTEGER) {
 				Integer paramVal = restErrorUtil.parseInt(searchCriteria.getParam(searchField.getClientFieldName()),
 						"Invalid value for " + searchField.getClientFieldName(),
@@ -599,6 +651,42 @@ public void extractIntList(HttpServletRequest request, SearchFilter searchFilter
 		}
 	}
 
+	public void extractStringList(HttpServletRequest request, SearchFilter searchFilter, String paramName,
+			                      String userFriendlyParamName, String listName, String[] validValues, String regEx) {
+		String[] values = getParamMultiValues(request, paramName);
+
+		if (values != null) {
+			List<String> stringList = new ArrayList<>(values.length);
+
+			for (String value : values) {
+				if (!stringUtil.isEmpty(regEx)) {
+					restErrorUtil.validateString(value, regEx, "Invalid value for " + userFriendlyParamName, MessageEnums.INVALID_INPUT_DATA, null, paramName);
+				}
+
+				stringList.add(value);
+			}
+
+			searchFilter.setMultiValueParam(paramName, stringList.toArray());
+		}
+	}
+
+	public Map<String, String[]> getMultiValueParamsWithPrefix(HttpServletRequest request, String prefix, boolean stripPrefix) {
+		Map<String, String[]> ret = new HashMap<String, String[]>();
+		for (Map.Entry<String, String[]> e : request.getParameterMap().entrySet()) {
+			String name = e.getKey();
+			String[] values = e.getValue();
+
+			if (!StringUtils.isEmpty(name) && !ArrayUtils.isEmpty(values)
+					&& name.startsWith(prefix)) {
+	            if(stripPrefix) {
+					name = name.substring(prefix.length());
+				}
+	            ret.put(name, values);
+			}
+		}
+        return ret;
+	}
+
 	/**
 	 * @param request
 	 * @param paramName