RANGER-3439: Add rest api to get or delete ranger policy based on guid - #2

Author: pradeepagrawal8184

security-admin/src/main/java/org/apache/ranger/biz/ServiceDBStore.java

@@ -2298,10 +2298,10 @@ public RangerPolicy getPolicy(Long id) throws Exception {
 		return policyService.read(id);
 	}
 
-	public RangerPolicy getPolicy(String guid, String serviceName) throws Exception {
+	public RangerPolicy getPolicy(String guid, String serviceName, String zoneName) throws Exception {
 		RangerPolicy ret = null;
 		if (StringUtils.isNotBlank(guid) && StringUtils.isNotBlank(serviceName)) {
-			XXPolicy xPolicy = daoMgr.getXXPolicy().findByPolicyGUIDAndServiceName(guid, serviceName);
+			XXPolicy xPolicy = daoMgr.getXXPolicy().findPolicyByGUIDAndServiceNameAndZoneName(guid, serviceName, zoneName);
 			if (xPolicy != null) {
 				ret = policyService.getPopulatedViewObject(xPolicy);
 			}

security-admin/src/main/java/org/apache/ranger/db/XXPolicyDao.java

@@ -285,13 +285,25 @@ public List<XXPolicy> getAllByPolicyItem() {
 		return ret;
 	}
 
-	public XXPolicy findByPolicyGUIDAndServiceName(String guid, String serviceName) {
+	public XXPolicy findPolicyByGUIDAndServiceNameAndZoneName(String guid, String serviceName, String zoneName) {
 		if (guid == null  || serviceName == null) {
 			return null;
 		}
 		try {
-			XXPolicy xPol = getEntityManager().createNamedQuery("XXPolicy.findByGUIDAndServiceName", tClass).setParameter("guid", guid).setParameter("serviceName", serviceName).getSingleResult();
-			return xPol;
+			if (zoneName == null || zoneName.trim().isEmpty()) {
+				return getEntityManager().createNamedQuery("XXPolicy.findPolicyByPolicyGUIDAndServiceName", tClass)
+						.setParameter("guid", guid)
+						.setParameter("serviceName", serviceName)
+						.setParameter("zoneId", RangerSecurityZone.RANGER_UNZONED_SECURITY_ZONE_ID)
+						.getSingleResult();
+			} else {
+				return getEntityManager()
+						.createNamedQuery("XXPolicy.findPolicyByPolicyGUIDAndServiceNameAndZoneName", tClass)
+						.setParameter("guid", guid)
+						.setParameter("serviceName", serviceName)
+						.setParameter("zoneName", zoneName)
+						.getSingleResult();
+			}
 		} catch (NoResultException e) {
 			return null;
 		}

security-admin/src/main/java/org/apache/ranger/rest/PublicAPIsv2.java

@@ -414,8 +414,10 @@ public List<RangerPolicy> getPoliciesForResource(@PathParam("serviceDefName") St
 	@GET
 	@Path("/api/policy/guid/{guid}")
 	@Produces({ "application/json", "application/xml" })
-	public RangerPolicy getPolicyByGUIDAndServiceName(@PathParam("guid") String guid, @DefaultValue("") @QueryParam("serviceName") String serviceName) {
-		return serviceREST.getPolicyByGUIDAndServiceName(guid, serviceName);
+	public RangerPolicy getPolicyByGUIDAndServiceNameAndZoneName(@PathParam("guid") String guid,
+																 @DefaultValue("") @QueryParam("serviceName") String serviceName,
+																 @DefaultValue("") @QueryParam("ZoneName") String zoneName) {
+		return serviceREST.getPolicyByGUIDAndServiceNameAndZoneName(guid, serviceName, zoneName);
 	}
 
 	@POST
@@ -517,8 +519,10 @@ public void deletePolicyByName(@QueryParam("servicename") String serviceName,
 	@DELETE
 	@Path("/api/policy/guid/{guid}")
 	@Produces({ "application/json", "application/xml" })
-	public void deletePolicyByGUIDAndServiceName(@PathParam("guid") String guid, @DefaultValue("") @QueryParam("serviceName") String serviceName) {
-		serviceREST.deletePolicyByGUIDAndServiceName(guid, serviceName);
+	public void deletePolicyByGUIDAndServiceNameAndZoneName(@PathParam("guid") String guid,
+												 @DefaultValue("") @QueryParam("serviceName") String serviceName,
+												 @DefaultValue("") @QueryParam("zoneName") String zoneName) {
+		serviceREST.deletePolicyByGUIDAndServiceNameAndZoneName(guid, serviceName, zoneName);
 	}
 
 	@GET

security-admin/src/main/java/org/apache/ranger/rest/ServiceREST.java

@@ -3761,24 +3761,26 @@ public ResponseEntity<List<ServiceDeleteResponse>> deleteClusterServices(@PathPa
 	@GET
 	@Path("/policies/guid/{guid}")
 	@Produces({ "application/json", "application/xml" })
-	public RangerPolicy getPolicyByGUIDAndServiceName(@PathParam("guid") String guid, @DefaultValue("") @QueryParam("serviceName") String serviceName) {
+	public RangerPolicy getPolicyByGUIDAndServiceNameAndZoneName(@PathParam("guid") String guid, 
+                                                                 @DefaultValue("") @QueryParam("serviceName") String serviceName,
+                                                                 @DefaultValue("") @QueryParam("zoneName") String zoneName) {
 		if (LOG.isDebugEnabled()) {
-			LOG.debug("==> ServiceREST.getPolicyByGUIDAndServiceName(" + guid + ", " + serviceName + ")");
+			LOG.debug("==> ServiceREST.getPolicyByGUIDAndServiceNameAndZoneName(" + guid + ", " + serviceName + ", " + zoneName + ")");
 		}
 		RangerPolicy ret = null;
 		RangerPerfTracer perf = null;
 		try {
 			if (RangerPerfTracer.isPerfTraceEnabled(PERF_LOG)) {
-				perf = RangerPerfTracer.getPerfTracer(PERF_LOG, "ServiceREST.getPolicyByGUIDAndServiceName(policyGUID=" + guid + ", serviceName="+ serviceName + ")");
+				perf = RangerPerfTracer.getPerfTracer(PERF_LOG, "ServiceREST.getPolicyByGUIDAndServiceNameAndZoneName(policyGUID=" + guid + ", serviceName="+ serviceName + ", zoneName="+ zoneName + ")");
 			}
-			ret = svcStore.getPolicy(guid, serviceName);
+			ret = svcStore.getPolicy(guid, serviceName, zoneName);
 			if (ret != null) {
 				ensureAdminAndAuditAccess(ret);
 			}
 		} catch (WebApplicationException excp) {
 			throw excp;
 		} catch (Throwable excp) {
-			LOG.error("getPolicyByGUIDAndServiceName(" + guid + "," + serviceName + ") failed", excp);
+			LOG.error("getPolicyByGUIDAndServiceNameAndZoneName(" + guid + "," + serviceName + ", " + zoneName + ") failed", excp);
 			throw restErrorUtil.createRESTException(excp.getMessage());
 		} finally {
 			RangerPerfTracer.log(perf);
@@ -3787,38 +3789,40 @@ public RangerPolicy getPolicyByGUIDAndServiceName(@PathParam("guid") String guid
 			throw restErrorUtil.createRESTException(HttpServletResponse.SC_NOT_FOUND, "Not found", true);
 		}
 		if (LOG.isDebugEnabled()) {
-			LOG.debug("<== ServiceREST.getPolicyByGUIDAndServiceName(" + guid + ", " + serviceName + "): " + ret);
+			LOG.debug("<== ServiceREST.getPolicyByGUIDAndServiceNameAndZoneName(" + guid + ", " + serviceName + ", " + zoneName +"): " + ret);
 		}
 		return ret;
 	}
 
 	@DELETE
 	@Path("/policies/guid/{guid}")
 	@Produces({ "application/json", "application/xml" })
-	public void deletePolicyByGUIDAndServiceName(@PathParam("guid") String guid, @DefaultValue("") @QueryParam("serviceName") String serviceName) {
+	public void deletePolicyByGUIDAndServiceNameAndZoneName(@PathParam("guid") String guid,
+                                                            @DefaultValue("") @QueryParam("serviceName") String serviceName,
+                                                            @DefaultValue("") @QueryParam("zoneName") String zoneName) {
 		if (LOG.isDebugEnabled()) {
-			LOG.debug("==> ServiceREST.deletePolicyByGUIDAndServiceName(" + guid + ", " + serviceName + ")");
+			LOG.debug("==> ServiceREST.deletePolicyByGUIDAndServiceNameAndZoneName(" + guid + ", " + serviceName + ", " + zoneName +")");
 		}
 		RangerPolicy ret = null;
 		RangerPerfTracer perf = null;
 		try {
 			if (RangerPerfTracer.isPerfTraceEnabled(PERF_LOG)) {
-				perf = RangerPerfTracer.getPerfTracer(PERF_LOG, "ServiceREST.deletePolicyByGUIDAndServiceName(policyGUID=" + guid + ", serviceName="+ serviceName + ")");
+				perf = RangerPerfTracer.getPerfTracer(PERF_LOG, "ServiceREST.deletePolicyByGUIDAndServiceNameAndZoneName(policyGUID=" + guid + ", serviceName="+ serviceName + ", zoneName="+ zoneName +")");
 			}
-			ret = getPolicyByGUIDAndServiceName(guid, serviceName);
+			ret = getPolicyByGUIDAndServiceNameAndZoneName(guid, serviceName, zoneName);
 			if (ret != null) {
 				deletePolicy(ret.getId());
 			}
 		} catch (WebApplicationException excp) {
 			throw excp;
 		} catch (Throwable excp) {
-			LOG.error("deletePolicyByGUIDAndServiceName(" + guid + "," + serviceName + ") failed", excp);
+			LOG.error("deletePolicyByGUIDAndServiceNameAndZoneName(" + guid + "," + serviceName + ", " + zoneName + ") failed", excp);
 			throw restErrorUtil.createRESTException(excp.getMessage());
 		} finally {
 			RangerPerfTracer.log(perf);
 		}
 		if (LOG.isDebugEnabled()) {
-			LOG.debug("<== ServiceREST.deletePolicyByGUIDAndServiceName(" + guid + ", " + serviceName + ")");
+			LOG.debug("<== ServiceREST.deletePolicyByGUIDAndServiceNameAndZoneName(" + guid + ", " + serviceName + ", " + zoneName +")");
 		}
 	}
 

security-admin/src/main/resources/META-INF/jpa_named_queries.xml

@@ -393,8 +393,12 @@
 		<query>select obj from XXPolicy obj where obj.id in (select item.policyId from XXPolicyItem item) </query>
 	</named-query>
 
-	<named-query name="XXPolicy.findByGUIDAndServiceName">
-		<query>select obj from XXPolicy obj, XXService svc where obj.guid = :guid and obj.service  = svc.id and svc.name = :serviceName</query>
+	<named-query name="XXPolicy.findPolicyByPolicyGUIDAndServiceName">
+		<query>select obj from XXPolicy obj, XXService svc where obj.guid = :guid and obj.service = svc.id and svc.name = :serviceName and obj.zoneId = :zoneId</query>
+	</named-query>
+
+	<named-query name="XXPolicy.findPolicyByPolicyGUIDAndServiceNameAndZoneName">
+		<query>select obj from XXPolicy obj, XXService svc, XXSecurityZone zone where obj.guid = :guid and obj.service = svc.id and svc.name = :serviceName and obj.zoneId = zone.id and zone.name = :zoneName</query>
 	</named-query>
 
 	<!-- XXServiceDef -->