RANGER-4934: Ranger API to add and delete resources to the DataShare …

…in bulk.

Signed-off-by: Madhan Neethiraj <[email protected]>

agents-common/src/main/java/org/apache/ranger/plugin/store/AbstractGdsStore.java

@@ -27,6 +27,7 @@
 import org.apache.ranger.plugin.model.RangerGds.RangerSharedResource;
 import org.apache.ranger.plugin.util.SearchFilter;
 
+import java.util.List;
 
 public abstract class AbstractGdsStore implements GdsStore {
     @Override
@@ -90,13 +91,13 @@ public void deleteDataShare(Long dataShareId, boolean forceDelete) throws Except
 
 
     @Override
-    public RangerSharedResource addSharedResource(RangerSharedResource resource) throws Exception { return null; }
+    public List<RangerSharedResource> addSharedResources(List<RangerSharedResource> resources) throws Exception { return null; }
 
     @Override
     public RangerSharedResource updateSharedResource(RangerSharedResource resource) throws Exception { return null; }
 
     @Override
-    public void removeSharedResource(Long sharedResourceId) throws Exception { }
+    public void removeSharedResources(List<Long> sharedResourceIds) throws Exception { }
 
     @Override
     public RangerSharedResource getSharedResource(Long sharedResourceId) throws Exception { return null; }

agents-common/src/main/java/org/apache/ranger/plugin/store/GdsStore.java

@@ -101,11 +101,11 @@ public interface GdsStore {
     PList<RangerDataShare> searchDataShares(SearchFilter filter) throws Exception;
 
 
-    RangerSharedResource addSharedResource(RangerSharedResource resource) throws Exception;
+    List<RangerSharedResource> addSharedResources(List<RangerSharedResource> resources) throws Exception;
 
     RangerSharedResource updateSharedResource(RangerSharedResource resource) throws Exception;
 
-    void removeSharedResource(Long sharedResourceId) throws Exception;
+    void removeSharedResources(List<Long> sharedResourceIds) throws Exception;
 
     RangerSharedResource getSharedResource(Long sharedResourceId) throws Exception;
 

security-admin/src/main/java/org/apache/ranger/biz/GdsDBStore.java

@@ -863,24 +863,30 @@ public PList<RangerDataShare> searchDataShares(SearchFilter filter) {
     }
 
     @Override
-    public RangerSharedResource addSharedResource(RangerSharedResource resource) {
-        LOG.debug("==> addSharedResource({})", resource);
+    public List<RangerSharedResource> addSharedResources(List<RangerSharedResource> resources) {
+        LOG.debug("==> addSharedResources({})", resources);
 
-        resource.setName(StringUtils.trim(resource.getName()));
+        List<RangerSharedResource> ret = new ArrayList<>();
 
-        validator.validateCreate(resource);
+        for (RangerSharedResource resource : resources) {
+            resource.setName(StringUtils.trim(resource.getName()));
 
-        if (StringUtils.isBlank(resource.getGuid())) {
-            resource.setGuid(guidUtil.genGUID());
-        }
+            validator.validateCreate(resource);
 
-        RangerSharedResource ret = sharedResourceService.create(resource);
+            if (StringUtils.isBlank(resource.getGuid())) {
+                resource.setGuid(guidUtil.genGUID());
+            }
 
-        sharedResourceService.onObjectChange(ret, null, RangerServiceService.OPERATION_CREATE_CONTEXT);
+            RangerSharedResource sharedResource = sharedResourceService.create(resource);
 
-        updateGdsVersionForDataShare(ret.getDataShareId());
+            ret.add(sharedResource);
 
-        LOG.debug("<== addSharedResource({}): ret={}", resource, ret);
+            sharedResourceService.onObjectChange(sharedResource, null, RangerServiceService.OPERATION_CREATE_CONTEXT);
+
+            updateGdsVersionForDataShare(sharedResource.getDataShareId());
+        }
+
+        LOG.debug("<== addSharedResources({}): ret={}", resources, ret);
 
         return ret;
     }
@@ -915,29 +921,30 @@ public RangerSharedResource updateSharedResource(RangerSharedResource resource)
     }
 
     @Override
-    public void removeSharedResource(Long sharedResourceId) {
-        LOG.debug("==> removeSharedResource({})", sharedResourceId);
-
+    public void removeSharedResources(List<Long> sharedResourceIds) {
+        LOG.debug("==> removeSharedResources({})", sharedResourceIds);
 
         RangerSharedResource existing = null;
 
-        try {
-            existing = sharedResourceService.read(sharedResourceId);
-        } catch (Exception excp) {
-            // ignore
-        }
+        for (Long sharedResourceId : sharedResourceIds) {
+            try {
+                existing = sharedResourceService.read(sharedResourceId);
+            } catch (Exception excp) {
+                // ignore
+            }
 
-        validator.validateDelete(sharedResourceId, existing);
+            validator.validateDelete(sharedResourceId, existing);
 
-        if (existing != null) {
-            sharedResourceService.delete(existing);
+            if (existing != null) {
+                sharedResourceService.delete(existing);
 
-            sharedResourceService.onObjectChange(null, existing, RangerServiceService.OPERATION_DELETE_CONTEXT);
+                sharedResourceService.onObjectChange(null, existing, RangerServiceService.OPERATION_DELETE_CONTEXT);
 
-            updateGdsVersionForDataShare(existing.getDataShareId());
+                updateGdsVersionForDataShare(existing.getDataShareId());
+            }
         }
 
-        LOG.debug("<== removeSharedResource({})", sharedResourceId);
+        LOG.debug("<== removeSharedResources({})", sharedResourceIds);
     }
 
     @Override

security-admin/src/main/java/org/apache/ranger/rest/GdsREST.java

@@ -21,6 +21,7 @@
 
 import org.apache.commons.collections4.CollectionUtils;
 import org.apache.commons.lang.StringUtils;
+import org.apache.ranger.authorization.hadoop.config.RangerAdminConfig;
 import org.apache.ranger.biz.AssetMgr;
 import org.apache.ranger.biz.GdsDBStore;
 import org.apache.ranger.biz.RangerBizUtil;
@@ -63,6 +64,7 @@
 import javax.servlet.http.HttpServletResponse;
 import javax.ws.rs.*;
 import javax.ws.rs.core.Context;
+import java.util.Arrays;
 import java.util.List;
 
 @Path("gds")
@@ -73,6 +75,12 @@ public class GdsREST {
     private static final Logger LOG      = LoggerFactory.getLogger(GdsREST.class);
     private static final Logger PERF_LOG = RangerPerfTracer.getPerfLogger("rest.GdsREST");
 
+    private final RangerAdminConfig config = RangerAdminConfig.getInstance();
+
+    private final int SHARED_RESOURCES_MAX_BATCH_SIZE = config.getInt("ranger.admin.rest.gds.shared.resources.max.batch.size", 100);
+
+    public static final String EMPTY_STRING = "";
+
     @Autowired
     GdsDBStore gdsStore;
 
@@ -1045,7 +1053,9 @@ public RangerSharedResource addSharedResource(RangerSharedResource resource) {
                 perf = RangerPerfTracer.getPerfTracer(PERF_LOG, "GdsREST.addSharedResource(" + resource + ")");
             }
 
-            ret = gdsStore.addSharedResource(resource);
+            List<RangerSharedResource> sharedResources = gdsStore.addSharedResources(Arrays.asList(resource));
+
+            ret = CollectionUtils.isNotEmpty(sharedResources) ? sharedResources.get(0) : null;
         } catch(WebApplicationException excp) {
             throw excp;
         } catch(Throwable excp) {
@@ -1061,6 +1071,42 @@ public RangerSharedResource addSharedResource(RangerSharedResource resource) {
         return ret;
     }
 
+    @POST
+    @Path("/resources")
+    @Consumes({ "application/json" })
+    @Produces({ "application/json" })
+    @PreAuthorize("@rangerPreAuthSecurityHandler.isAPIAccessible(\"" + RangerAPIList.ADD_SHARED_RESOURCES + "\")")
+    public List<RangerSharedResource> addSharedResources(List<RangerSharedResource> resources) {
+        LOG.debug("==> GdsREST.addSharedResources({})", resources);
+
+        List<RangerSharedResource> ret;
+        RangerPerfTracer           perf = null;
+
+        try {
+            if (resources.size() > SHARED_RESOURCES_MAX_BATCH_SIZE) {
+                throw new Exception("addSharedResources batch size exceeded the configured limit: Maximum allowed is " + SHARED_RESOURCES_MAX_BATCH_SIZE);
+            }
+
+            if (RangerPerfTracer.isPerfTraceEnabled(PERF_LOG)) {
+                perf = RangerPerfTracer.getPerfTracer(PERF_LOG, "GdsREST.addSharedResources(" + resources + ")");
+            }
+
+            ret = gdsStore.addSharedResources(resources);
+        } catch(WebApplicationException excp) {
+            throw excp;
+        } catch(Throwable excp) {
+            LOG.error("addSharedResources({}) failed", resources, excp);
+
+            throw restErrorUtil.createRESTException(excp.getMessage());
+        } finally {
+            RangerPerfTracer.log(perf);
+        }
+
+        LOG.debug("<== GdsREST.addSharedResources({}): {}", resources, ret);
+
+        return ret;
+    }
+
     @PUT
     @Path("/resource/{id}")
     @Consumes({ "application/json" })
@@ -1109,7 +1155,7 @@ public void removeSharedResource(@PathParam("id") Long resourceId) {
                 perf = RangerPerfTracer.getPerfTracer(PERF_LOG, "GdsREST.removeSharedResource(" + resourceId + ")");
             }
 
-            gdsStore.removeSharedResource(resourceId);
+            gdsStore.removeSharedResources(Arrays.asList(resourceId));
         } catch(WebApplicationException excp) {
             throw excp;
         } catch(Throwable excp) {
@@ -1123,6 +1169,37 @@ public void removeSharedResource(@PathParam("id") Long resourceId) {
         LOG.debug("<== GdsREST.removeSharedResource({})", resourceId);
     }
 
+    @DELETE
+    @Path("/resources")
+    @PreAuthorize("@rangerPreAuthSecurityHandler.isAPIAccessible(\"" + RangerAPIList.REMOVE_SHARED_RESOURCES + "\")")
+    public void removeSharedResources(List<Long> resourceIds) {
+        LOG.debug("==> GdsREST.removeSharedResources({})", resourceIds);
+
+        RangerPerfTracer perf = null;
+
+        try {
+            if (resourceIds.size() > SHARED_RESOURCES_MAX_BATCH_SIZE) {
+                throw new Exception("removeSharedResources batch size exceeded the configured limit: Maximum allowed is " + SHARED_RESOURCES_MAX_BATCH_SIZE);
+            }
+
+            if (RangerPerfTracer.isPerfTraceEnabled(PERF_LOG)) {
+                perf = RangerPerfTracer.getPerfTracer(PERF_LOG, "GdsREST.removeSharedResources(" + resourceIds + ")");
+            }
+
+            gdsStore.removeSharedResources(resourceIds);
+        } catch(WebApplicationException excp) {
+            throw excp;
+        } catch(Throwable excp) {
+            LOG.error("removeSharedResources({}) failed", resourceIds, excp);
+
+            throw restErrorUtil.createRESTException(excp.getMessage());
+        } finally {
+            RangerPerfTracer.log(perf);
+        }
+
+        LOG.debug("<== GdsREST.removeSharedResources({})", resourceIds);
+    }
+
     @GET
     @Path("/resource/{id}")
     @Produces({ "application/json" })

security-admin/src/main/java/org/apache/ranger/security/context/RangerAPIList.java

@@ -241,8 +241,10 @@ public class RangerAPIList {
 	public static final String GET_DATA_SHARE_SUMMARY = "GdsREST.getDataShareSummary";
 
 	public static final String ADD_SHARED_RESOURCE     = "GdsREST.addSharedResource";
+	public static final String ADD_SHARED_RESOURCES     = "GdsREST.addSharedResources";
 	public static final String UPDATE_SHARED_RESOURCE  = "GdsREST.updateSharedResource";
 	public static final String REMOVE_SHARED_RESOURCE  = "GdsREST.removeSharedResource";
+	public static final String REMOVE_SHARED_RESOURCES  = "GdsREST.removeSharedResources";
 	public static final String GET_SHARED_RESOURCE     = "GdsREST.getSharedResource";
 	public static final String SEARCH_SHARED_RESOURCES = "GdsREST.searchSharedResources";