diff --git a/.github/workflows/chart-release-dispatcher.yaml b/.github/workflows/chart-release-dispatcher.yaml index ecc4348768..36107e2b39 100644 --- a/.github/workflows/chart-release-dispatcher.yaml +++ b/.github/workflows/chart-release-dispatcher.yaml @@ -8,6 +8,7 @@ on: - master - staging - beta + - staging types: - completed @@ -25,7 +26,6 @@ jobs: id: extract_branch run: | echo "branch=${{ github.event.workflow_run.head_branch }}" >> $GITHUB_OUTPUT - # Checks-out your repository under $GITHUB_WORKSPACE, so your job can access it - uses: actions/checkout@v3 with: @@ -61,7 +61,6 @@ jobs: run: | echo "${{ steps.get_pr_url_user.outputs.pr_url }}" echo "${{ steps.get_pr_url_user.outputs.pr_user }}" - - name: Repository Dispatch uses: peter-evans/repository-dispatch@v2 with: @@ -76,4 +75,4 @@ jobs: "pr_url": "${{ steps.get_pr_url_user.outputs.pr_url }}", "pr_user": "${{ steps.get_pr_url_user.outputs.pr_user }}" } - } + } \ No newline at end of file diff --git a/.github/workflows/maven.yml b/.github/workflows/maven.yml index f8a09b5589..29253279cc 100644 --- a/.github/workflows/maven.yml +++ b/.github/workflows/maven.yml @@ -25,6 +25,7 @@ on: - beta - development - master + - staging - lineageondemand jobs: @@ -51,16 +52,6 @@ jobs: run: echo "##[set-output name=branch;]$(echo ${GITHUB_REF#refs/heads/})" id: get_branch - - name: Create Maven Settings - uses: s4u/maven-settings-action@v2.8.0 - with: - servers: | - [{ - "id": "github", - "username": "atlan-ci", - "password": "${{ secrets.ORG_PAT_GITHUB }}" - }] - - name: Build with Maven run: | branch_name=${{ steps.get_branch.outputs.branch }} @@ -77,7 +68,7 @@ jobs: shell: bash - name: Get version tag - run: echo "##[set-output name=version;]$(echo `git ls-remote https://${{ secrets.ORG_PAT_GITHUB }}@github.com/atlanhq/${REPOSITORY_NAME}.git ${{ steps.get_branch.outputs.branch }} | awk '{ print $1}' | cut -c1-7`)abcd" + run: echo "##[set-output name=version;]$(echo `git ls-remote https://${{ secrets.my_pat }}@github.com/atlanhq/${REPOSITORY_NAME}.git refs/heads/${{ steps.get_branch.outputs.branch }} | awk '{ print $1}' | cut -c1-7`)abcd" id: get_version - name: Set up Buildx @@ -89,7 +80,7 @@ jobs: with: registry: ghcr.io username: $GITHUB_ACTOR - password: ${{ secrets.ORG_PAT_GITHUB }} + password: ${{ secrets.my_pat }} - name: Build and push id: docker_build @@ -104,7 +95,6 @@ jobs: tags: | ghcr.io/atlanhq/${{ github.event.repository.name }}-${{ steps.get_branch.outputs.branch }}:latest ghcr.io/atlanhq/${{ github.event.repository.name }}-${{ steps.get_branch.outputs.branch }}:${{ steps.get_version.outputs.version }} - - name: Scan Image uses: aquasecurity/trivy-action@master with: diff --git a/README.txt b/README.txt index bbe742e465..eaff11d621 100755 --- a/README.txt +++ b/README.txt @@ -71,4 +71,4 @@ Build Process distro/target/apache-atlas--storm-hook.tar.gz distro/target/apache-atlas--falcon-hook.tar.gz -4. For more details on installing and running Apache Atlas, please refer to https://atlas.apache.org/#/Installation. +4. For more details on installing and running Apache Atlas, please refer to https://atlas.apache.org/#/Installation diff --git a/addons/models/0000-Area0/0010-base_model.json b/addons/models/0000-Area0/0010-base_model.json index 662db6179f..46cadae18a 100644 --- a/addons/models/0000-Area0/0010-base_model.json +++ b/addons/models/0000-Area0/0010-base_model.json @@ -616,7 +616,7 @@ ], "description": "Model to store auth service in Atlas", "serviceType": "atlan", - "typeVersion": "1.1", + "typeVersion": "1.2", "attributeDefs": [ { "name": "authServiceType", @@ -640,6 +640,17 @@ "skipScrubbing": true, "includeInNotification": true }, + { + "name": "abacService", + "typeName": "string", + "indexType": "STRING", + "cardinality": "SINGLE", + "isIndexable": false, + "isOptional": true, + "isUnique": false, + "skipScrubbing": true, + "includeInNotification": true + }, { "name": "authServiceIsEnabled", "typeName": "boolean", @@ -681,9 +692,19 @@ "Asset" ], "serviceType": "atlan", - "typeVersion": "1.1", + "typeVersion": "1.2", "attributeDefs": [ + { + "name": "policyFilterCriteria", + "typeName": "string", + "cardinality": "SINGLE", + "isIndexable": false, + "isOptional": true, + "isUnique": false, + "skipScrubbing": true, + "includeInNotification": true + }, { "name": "policyType", "typeName": "AuthPolicyType", diff --git a/addons/override-policies/glossary_policies.json b/addons/override-policies/glossary_policies.json new file mode 100644 index 0000000000..ed2eec66b6 --- /dev/null +++ b/addons/override-policies/glossary_policies.json @@ -0,0 +1,113 @@ +{ + "entities": + [ + { + "typeName": "AuthPolicy", + "customAttributes": { + "internalId": 28 + }, + "attributes": + { + "name": "READ_GLOSSARY", + "qualifiedName": "READ_GLOSSARY", + "policyCategory": "bootstrap", + "policySubCategory": "default", + "policyServiceName": "atlas", + "policyType": "allow", + "policyPriority": 1, + "policyUsers": + [], + "policyGroups": + [], + "policyRoles": + [ + "$admin", + "$api-token-default-access" + ], + "policyResourceCategory": "ENTITY", + "policyResources": + [ + "entity-type:AtlasGlossary", + "entity-classification:*", + "entity:*" + ], + "policyActions": + [ + "entity-read" + ] + } + }, + { + "typeName": "AuthPolicy", + "customAttributes": { + "internalId": 29 + }, + "attributes": + { + "name": "READ_TERM", + "qualifiedName": "READ_TERM", + "policyCategory": "bootstrap", + "policySubCategory": "default", + "policyServiceName": "atlas", + "policyType": "allow", + "policyPriority": 1, + "policyUsers": + [], + "policyGroups": + [], + "policyRoles": + [ + "$admin", + "$api-token-default-access" + ], + "policyResourceCategory": "ENTITY", + "policyResources": + [ + "entity-type:AtlasGlossaryTerm", + "entity-classification:*", + "entity:*" + ], + "policyActions": + [ + "entity-read" + ] + } + }, + { + "typeName": "AuthPolicy", + "customAttributes": { + "internalId": 30 + }, + "attributes": + { + "name": "READ_CATEGORY", + "qualifiedName": "READ_CATEGORY", + "policyCategory": "bootstrap", + "policySubCategory": "default", + "policyServiceName": "atlas", + "policyType": "allow", + "policyPriority": 1, + "policyUsers": + [], + "policyGroups": + [], + "policyRoles": + [ + "$admin", + "$api-token-default-access" + ], + "policyResourceCategory": "ENTITY", + "policyResources": + [ + "entity-type:AtlasGlossaryCategory", + "entity-classification:*", + "entity:*" + ], + "policyActions": + [ + "entity-read" + ] + } + } + ] +} \ No newline at end of file diff --git a/addons/policies/bootstrap_entity_policies.json b/addons/policies/bootstrap_entity_policies.json index 38a6b86e80..2f9d214288 100644 --- a/addons/policies/bootstrap_entity_policies.json +++ b/addons/policies/bootstrap_entity_policies.json @@ -2886,7 +2886,7 @@ [ "entity-type:DataDomain", "entity-classification:*", - "entity:*" + "entity:*/super" ], "policyActions": [ @@ -2897,6 +2897,42 @@ ] } }, + { + "typeName": "AuthPolicy", + "attributes": + { + "name": "RD_DATA_MESH_ENTITIES", + "qualifiedName": "RD_DATA_MESH_ENTITIES", + "description": "Allows admins to perform delete operation on data mesh assets", + "policyCategory": "bootstrap", + "policySubCategory": "default", + "policyServiceName": "atlas", + "policyType": "allow", + "policyPriority": 0, + "policyUsers": + [], + "policyGroups": + [], + "policyRoles": + [ + "$admin", + "$api-token-default-access" + ], + "policyResourceCategory": "ENTITY", + "policyResources": + [ + + "entity-type:DataDomain", + "entity-classification:*", + "entity:*" + ], + "policyActions": + [ + "entity-read", + "entity-delete" + ] + } + }, { "typeName": "AuthPolicy", "attributes": @@ -2959,6 +2995,7 @@ "policyResourceCategory": "ENTITY", "policyResources": [ + "entity-type:DataDomain", "entity-classification:*", "entity:*" diff --git a/addons/policies/bootstrap_relationship_policies.json b/addons/policies/bootstrap_relationship_policies.json index 2c123bec6b..86a9efa016 100644 --- a/addons/policies/bootstrap_relationship_policies.json +++ b/addons/policies/bootstrap_relationship_policies.json @@ -646,6 +646,7 @@ "typeName": "AuthPolicy", "attributes": { + "name": "LINK_MESH_DATA_DOMAIN_TO_DATA_PRODUCT", "qualifiedName": "LINK_MESH_DATA_DOMAIN_TO_DATA_PRODUCT", "policyCategory": "bootstrap", diff --git a/auth-agents-common/pom.xml b/auth-agents-common/pom.xml index aa37156d5f..c7900dd2d8 100644 --- a/auth-agents-common/pom.xml +++ b/auth-agents-common/pom.xml @@ -55,6 +55,19 @@ ${project.version} + + + org.apache.atlas + auth-common + ${project.version} + + + + org.apache.atlas + auth-common + ${project.version} + + org.apache.atlas auth-audits @@ -71,12 +84,14 @@ jersey-client + - org.codehaus.jackson - jackson-jaxrs - ${jackson-jaxrs.version} + com.fasterxml.jackson.jaxrs + jackson-jaxrs-json-provider + 2.15.0 + com.google.guava guava @@ -104,7 +119,7 @@ shade - false + true true @@ -114,12 +129,14 @@ **/*.txt **/*.yml **/*.properties + META-INF/maven/** org.slf4j:* + org.apache.logging.log4j:* com.google.api.grpc:* org.janusgraph:* com.google.protobuf:* @@ -129,6 +146,16 @@ com.datastax.oss:* org.apache.tinkerpop org.keycloak:* + org.apache.cassandra:* + org.elasticsearch:* + org.elasticsearch.client:* + org.apache.hadoop:hadoop-hdfs-client + org.apache.kerby:* + com.fasterxml.jackson.core:* + org.redisson:* + org.codehaus:* + io.netty:* + io.netty.netty-all:* diff --git a/auth-agents-common/src/main/java/org/apache/atlas/plugin/model/RangerBaseModelObject.java b/auth-agents-common/src/main/java/org/apache/atlas/plugin/model/RangerBaseModelObject.java deleted file mode 100644 index aba6661426..0000000000 --- a/auth-agents-common/src/main/java/org/apache/atlas/plugin/model/RangerBaseModelObject.java +++ /dev/null @@ -1,170 +0,0 @@ -/* - * Licensed to the Apache Software Foundation (ASF) under one - * or more contributor license agreements. See the NOTICE file - * distributed with this work for additional information - * regarding copyright ownership. The ASF licenses this file - * to you under the Apache License, Version 2.0 (the - * "License"); you may not use this file except in compliance - * with the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, - * software distributed under the License is distributed on an - * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY - * KIND, either express or implied. See the License for the - * specific language governing permissions and limitations - * under the License. - */ - -package org.apache.atlas.plugin.model; - -import org.apache.htrace.shaded.fasterxml.jackson.annotation.JsonInclude; - -import javax.xml.bind.annotation.XmlAccessType; -import javax.xml.bind.annotation.XmlAccessorType; -import javax.xml.bind.annotation.XmlRootElement; -import java.util.Date; - -@JsonInclude(JsonInclude.Include.NON_NULL) -@XmlRootElement -@XmlAccessorType(XmlAccessType.FIELD) -public class RangerBaseModelObject implements java.io.Serializable { - private static final long serialVersionUID = 1L; - - private Long id; - private String guid; - private Boolean isEnabled; - private String createdBy; - private String updatedBy; - private Date createTime; - private Date updateTime; - private Long version; - - public RangerBaseModelObject() { - setIsEnabled(null); - } - - public void updateFrom(RangerBaseModelObject other) { - setIsEnabled(other.getIsEnabled()); - } - - /** - * @return the id - */ - public Long getId() { - return id; - } - /** - * @param id the id to set - */ - public void setId(Long id) { - this.id = id; - } - /** - * @return the guid - */ - public String getGuid() { - return guid; - } - /** - * @param guid the guid to set - */ - public void setGuid(String guid) { - this.guid = guid; - } - /** - * @return the isEnabled - */ - public Boolean getIsEnabled() { - return isEnabled; - } - /** - * @param isEnabled the isEnabled to set - */ - public void setIsEnabled(Boolean isEnabled) { - this.isEnabled = isEnabled == null ? Boolean.TRUE : isEnabled; - } - /** - * @return the createdBy - */ - public String getCreatedBy() { - return createdBy; - } - /** - * @param createdBy the createdBy to set - */ - public void setCreatedBy(String createdBy) { - this.createdBy = createdBy; - } - /** - * @return the updatedBy - */ - public String getUpdatedBy() { - return updatedBy; - } - /** - * @param updatedBy the updatedBy to set - */ - public void setUpdatedBy(String updatedBy) { - this.updatedBy = updatedBy; - } - /** - * @return the createTime - */ - public Date getCreateTime() { - return createTime; - } - /** - * @param createTime the createTime to set - */ - public void setCreateTime(Date createTime) { - this.createTime = createTime; - } - /** - * @return the updateTime - */ - public Date getUpdateTime() { - return updateTime; - } - /** - * @param updateTime the updateTime to set - */ - public void setUpdateTime(Date updateTime) { - this.updateTime = updateTime; - } - /** - * @return the version - */ - public Long getVersion() { - return version; - } - /** - * @param version the version to set - */ - public void setVersion(Long version) { - this.version = version; - } - - @Override - public String toString( ) { - StringBuilder sb = new StringBuilder(); - - toString(sb); - - return sb.toString(); - } - - public StringBuilder toString(StringBuilder sb) { - sb.append("id={").append(id).append("} "); - sb.append("guid={").append(guid).append("} "); - sb.append("isEnabled={").append(isEnabled).append("} "); - sb.append("createdBy={").append(createdBy).append("} "); - sb.append("updatedBy={").append(updatedBy).append("} "); - sb.append("createTime={").append(createTime).append("} "); - sb.append("updateTime={").append(updateTime).append("} "); - sb.append("version={").append(version).append("} "); - - return sb; - } -} diff --git a/auth-agents-common/src/main/java/org/apache/atlas/plugin/model/RangerPolicy.java b/auth-agents-common/src/main/java/org/apache/atlas/plugin/model/RangerPolicy.java deleted file mode 100644 index f81f8e2854..0000000000 --- a/auth-agents-common/src/main/java/org/apache/atlas/plugin/model/RangerPolicy.java +++ /dev/null @@ -1,1703 +0,0 @@ -/* - * Licensed to the Apache Software Foundation (ASF) under one - * or more contributor license agreements. See the NOTICE file - * distributed with this work for additional information - * regarding copyright ownership. The ASF licenses this file - * to you under the Apache License, Version 2.0 (the - * "License"); you may not use this file except in compliance - * with the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, - * software distributed under the License is distributed on an - * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY - * KIND, either express or implied. See the License for the - * specific language governing permissions and limitations - * under the License. - */ - -package org.apache.atlas.plugin.model; - -import org.apache.commons.collections.CollectionUtils; -import org.apache.htrace.shaded.fasterxml.jackson.annotation.JsonInclude; - -import javax.xml.bind.annotation.XmlAccessType; -import javax.xml.bind.annotation.XmlAccessorType; -import javax.xml.bind.annotation.XmlRootElement; -import java.util.ArrayList; -import java.util.Comparator; -import java.util.HashMap; -import java.util.List; -import java.util.Map; - - -@JsonInclude(JsonInclude.Include.NON_NULL) -@XmlRootElement -@XmlAccessorType(XmlAccessType.FIELD) -public class RangerPolicy extends RangerBaseModelObject implements java.io.Serializable { - public static final String POLICY_TYPE_ACCESS = "ACCESS"; - public static final String POLICY_TYPE_DATAMASK = "DATA_MASK"; - public static final String POLICY_TYPE_ROWFILTER = "ROW_FILTER"; - public static final String POLICY_TYPE_AUDIT = "AUDIT"; - - public static final String[] POLICY_TYPES = new String[] { - POLICY_TYPE_ACCESS, - POLICY_TYPE_DATAMASK, - POLICY_TYPE_ROWFILTER - }; - - public static final String MASK_TYPE_NULL = "MASK_NULL"; - public static final String MASK_TYPE_NONE = "MASK_NONE"; - public static final String MASK_TYPE_CUSTOM = "CUSTOM"; - - public static final int POLICY_PRIORITY_NORMAL = 0; - public static final int POLICY_PRIORITY_OVERRIDE = 1; - - public static final String POLICY_PRIORITY_NAME_NORMAL = "NORMAL"; - public static final String POLICY_PRIORITY_NAME_OVERRIDE = "OVERRIDE"; - - public static final Comparator POLICY_ID_COMPARATOR = new PolicyIdComparator(); - - // For future use - private static final long serialVersionUID = 1L; - - private String service; - private String name; - private String policyType; - private Integer policyPriority; - private String description; - private String resourceSignature; - private Boolean isAuditEnabled; - private Map resources; - private List conditions; - private List policyItems; - private List denyPolicyItems; - private List allowExceptions; - private List denyExceptions; - private List dataMaskPolicyItems; - private List rowFilterPolicyItems; - private String serviceType; - private Map options; - private List validitySchedules; - private List policyLabels; - private String zoneName; - private Boolean isDenyAllElse; - private Map attributes; - - public RangerPolicy() { - this(null, null, null, null, null, null, null, null, null, null, null); - } - - public RangerPolicy(String service, String name, String policyType, Integer policyPriority, String description, Map resources, List policyItems, String resourceSignature, Map options, List validitySchedules, List policyLables) { - this(service, name, policyType, policyPriority, description, resources, policyItems, resourceSignature, options, validitySchedules, policyLables, null); - } - - public RangerPolicy(String service, String name, String policyType, Integer policyPriority, String description, Map resources, List policyItems, String resourceSignature, Map options, List validitySchedules, List policyLables, String zoneName) { - this(service, name, policyType, policyPriority, description, resources, policyItems, resourceSignature, options, validitySchedules, policyLables, zoneName, null); - } - - public RangerPolicy(String service, String name, String policyType, Integer policyPriority, String description, Map resources, List policyItems, String resourceSignature, Map options, List validitySchedules, List policyLables, String zoneName, List conditions) { - this(service, name, policyType, policyPriority, description, resources, policyItems, resourceSignature, options, validitySchedules, policyLables, zoneName, conditions, null); - } - - /** - * @param service - * @param name - * @param policyType - * @param description - * @param resources - * @param policyItems - * @param resourceSignature TODO - */ - public RangerPolicy(String service, String name, String policyType, Integer policyPriority, String description, Map resources, List policyItems, String resourceSignature, Map options, List validitySchedules, List policyLables, String zoneName, List conditions, Boolean isDenyAllElse) { - super(); - - setService(service); - setName(name); - setPolicyType(policyType); - setPolicyPriority(policyPriority); - setDescription(description); - setResourceSignature(resourceSignature); - setIsAuditEnabled(null); - setResources(resources); - setPolicyItems(policyItems); - setDenyPolicyItems(null); - setAllowExceptions(null); - setDenyExceptions(null); - setDataMaskPolicyItems(null); - setRowFilterPolicyItems(null); - setOptions(options); - setValiditySchedules(validitySchedules); - setPolicyLabels(policyLables); - setZoneName(zoneName); - setConditions(conditions); - setIsDenyAllElse(isDenyAllElse); - - } - - /** - * @param other - */ - public void updateFrom(RangerPolicy other) { - super.updateFrom(other); - - setService(other.getService()); - setName(other.getName()); - setPolicyType(other.getPolicyType()); - setPolicyPriority(other.getPolicyPriority()); - setDescription(other.getDescription()); - setResourceSignature(other.getResourceSignature()); - setIsAuditEnabled(other.getIsAuditEnabled()); - setResources(other.getResources()); - setConditions(other.getConditions()); - setPolicyItems(other.getPolicyItems()); - setDenyPolicyItems(other.getDenyPolicyItems()); - setAllowExceptions(other.getAllowExceptions()); - setDenyExceptions(other.getDenyExceptions()); - setDataMaskPolicyItems(other.getDataMaskPolicyItems()); - setRowFilterPolicyItems(other.getRowFilterPolicyItems()); - setServiceType(other.getServiceType()); - setOptions(other.getOptions()); - setValiditySchedules(other.getValiditySchedules()); - setPolicyLabels(other.getPolicyLabels()); - setZoneName(other.getZoneName()); - setIsDenyAllElse(other.getIsDenyAllElse()); - } - - public Map getAttributes() { - return attributes; - } - - public void setAttributes(Map attributes) { - this.attributes = attributes; - } - - /** - * @return the type - */ - public String getService() { - return service; - } - - /** - * @param service the type to set - */ - public void setService(String service) { - this.service = service; - } - - /** - * @return the name - */ - public String getName() { - return name; - } - - /** - * @param name the name to set - */ - public void setName(String name) { - this.name = name; - } - - /** - * @return the policyType - */ - public String getPolicyType() { - return policyType; - } - - /** - * @param policyType the policyType to set - */ - public void setPolicyType(String policyType) { - this.policyType = policyType; - } - - /** - * @return the policyPriority - */ - public Integer getPolicyPriority() { - return policyPriority; - } - - /** - * @param policyPriority the policyPriority to set - */ - public void setPolicyPriority(Integer policyPriority) { - this.policyPriority = policyPriority == null ? RangerPolicy.POLICY_PRIORITY_NORMAL : policyPriority; - } - - /** - * @return the description - */ - public String getDescription() { - return description; - } - - /** - * @param description the description to set - */ - public void setDescription(String description) { - this.description = description; - } - - /** - * @return the resourceSignature - */ - public String getResourceSignature() { - return resourceSignature; - } - - /** - * @param resourceSignature the resourceSignature to set - */ - public void setResourceSignature(String resourceSignature) { - this.resourceSignature = resourceSignature; - } - - /** - * @return the isAuditEnabled - */ - public Boolean getIsAuditEnabled() { - return isAuditEnabled; - } - - /** - * @param isAuditEnabled the isEnabled to set - */ - public void setIsAuditEnabled(Boolean isAuditEnabled) { - this.isAuditEnabled = isAuditEnabled == null ? Boolean.TRUE : isAuditEnabled; - } - - public String getServiceType() { - return serviceType; - } - - public void setServiceType(String serviceType) { - this.serviceType = serviceType; - } - - public List getPolicyLabels() { - return policyLabels; - } - - public void setPolicyLabels(List policyLabels) { - if (this.policyLabels == null) { - this.policyLabels = new ArrayList<>(); - } - - if (this.policyLabels == policyLabels) { - return; - } - - this.policyLabels.clear(); - - if (policyLabels != null) { - this.policyLabels.addAll(policyLabels); - } - } - - /** - * @return the resources - */ - public Map getResources() { - return resources; - } - - /** - * @param resources the resources to set - */ - public void setResources(Map resources) { - if(this.resources == null) { - this.resources = new HashMap<>(); - } - - if(this.resources == resources) { - return; - } - - this.resources.clear(); - - if(resources != null) { - for(Map.Entry e : resources.entrySet()) { - this.resources.put(e.getKey(), e.getValue()); - } - } - } - - /** - * @return the policyItems - */ - public List getPolicyItems() { - return policyItems; - } - - /** - * @param policyItems the policyItems to set - */ - public void setPolicyItems(List policyItems) { - if(this.policyItems == null) { - this.policyItems = new ArrayList<>(); - } - - if(this.policyItems == policyItems) { - return; - } - - this.policyItems.clear(); - - if(policyItems != null) { - this.policyItems.addAll(policyItems); - } - } - - /** - * @return the denyPolicyItems - */ - public List getDenyPolicyItems() { - return denyPolicyItems; - } - - /** - * @param denyPolicyItems the denyPolicyItems to set - */ - public void setDenyPolicyItems(List denyPolicyItems) { - if(this.denyPolicyItems == null) { - this.denyPolicyItems = new ArrayList<>(); - } - - if(this.denyPolicyItems == denyPolicyItems) { - return; - } - - this.denyPolicyItems.clear(); - - if(denyPolicyItems != null) { - this.denyPolicyItems.addAll(denyPolicyItems); - } - } - - /** - * @return the allowExceptions - */ - public List getAllowExceptions() { - return allowExceptions; - } - - /** - * @param allowExceptions the allowExceptions to set - */ - public void setAllowExceptions(List allowExceptions) { - if(this.allowExceptions == null) { - this.allowExceptions = new ArrayList<>(); - } - - if(this.allowExceptions == allowExceptions) { - return; - } - - this.allowExceptions.clear(); - - if(allowExceptions != null) { - this.allowExceptions.addAll(allowExceptions); - } - } - - /** - * @return the denyExceptions - */ - public List getDenyExceptions() { - return denyExceptions; - } - - /** - * @param denyExceptions the denyExceptions to set - */ - public void setDenyExceptions(List denyExceptions) { - if(this.denyExceptions == null) { - this.denyExceptions = new ArrayList<>(); - } - - if(this.denyExceptions == denyExceptions) { - return; - } - - this.denyExceptions.clear(); - - if(denyExceptions != null) { - this.denyExceptions.addAll(denyExceptions); - } - } - - public List getDataMaskPolicyItems() { - return dataMaskPolicyItems; - } - - public void setDataMaskPolicyItems(List dataMaskPolicyItems) { - if(this.dataMaskPolicyItems == null) { - this.dataMaskPolicyItems = new ArrayList<>(); - } - - if(this.dataMaskPolicyItems == dataMaskPolicyItems) { - return; - } - - this.dataMaskPolicyItems.clear(); - - if(dataMaskPolicyItems != null) { - this.dataMaskPolicyItems.addAll(dataMaskPolicyItems); - } - } - - public List getRowFilterPolicyItems() { - return rowFilterPolicyItems; - } - - public void setRowFilterPolicyItems(List rowFilterPolicyItems) { - if(this.rowFilterPolicyItems == null) { - this.rowFilterPolicyItems = new ArrayList<>(); - } - - if(this.rowFilterPolicyItems == rowFilterPolicyItems) { - return; - } - - this.rowFilterPolicyItems.clear(); - - if(rowFilterPolicyItems != null) { - this.rowFilterPolicyItems.addAll(rowFilterPolicyItems); - } - } - - public Map getOptions() { return options; } - - public void setOptions(Map options) { - if (this.options == null) { - this.options = new HashMap<>(); - } - if (this.options == options) { - return; - } - this.options.clear(); - - if(options != null) { - for(Map.Entry e : options.entrySet()) { - this.options.put(e.getKey(), e.getValue()); - } - } - } - - public List getValiditySchedules() { return validitySchedules; } - - public void setValiditySchedules(List validitySchedules) { - if (this.validitySchedules == null) { - this.validitySchedules = new ArrayList<>(); - } - if (this.validitySchedules == validitySchedules) { - return; - } - this.validitySchedules.clear(); - - if(validitySchedules != null) { - this.validitySchedules.addAll(validitySchedules); - } - } - public String getZoneName() { return zoneName; } - - public void setZoneName(String zoneName) { - this.zoneName = zoneName; - } - - /** - * @return the conditions - */ - public List getConditions() { return conditions; } - /** - * @param conditions the conditions to set - */ - public void setConditions(List conditions) { - this.conditions = conditions; - } - - public Boolean getIsDenyAllElse() { - return isDenyAllElse; - } - - public void setIsDenyAllElse(Boolean isDenyAllElse) { - this.isDenyAllElse = isDenyAllElse == null ? Boolean.FALSE : isDenyAllElse; - } - - @Override - public String toString( ) { - StringBuilder sb = new StringBuilder(); - - toString(sb); - - return sb.toString(); - } - - public StringBuilder toString(StringBuilder sb) { - sb.append("RangerPolicy={"); - - super.toString(sb); - - sb.append("service={").append(service).append("} "); - sb.append("name={").append(name).append("} "); - sb.append("policyType={").append(policyType).append("} "); - sb.append("policyPriority={").append(policyPriority).append("} "); - sb.append("description={").append(description).append("} "); - sb.append("resourceSignature={").append(resourceSignature).append("} "); - sb.append("isAuditEnabled={").append(isAuditEnabled).append("} "); - sb.append("serviceType={").append(serviceType).append("} "); - - sb.append("resources={"); - if(resources != null) { - for(Map.Entry e : resources.entrySet()) { - sb.append(e.getKey()).append("={"); - e.getValue().toString(sb); - sb.append("} "); - } - } - sb.append("} "); - sb.append("policyLabels={"); - if(policyLabels != null) { - for(String policyLabel : policyLabels) { - if(policyLabel != null) { - sb.append(policyLabel).append(" "); - } - } - } - sb.append("} "); - - sb.append("policyConditions={"); - if(conditions != null) { - for(RangerPolicyItemCondition condition : conditions) { - if(condition != null) { - condition.toString(sb); - } - } - } - sb.append("} "); - - sb.append("policyItems={"); - if(policyItems != null) { - for(RangerPolicyItem policyItem : policyItems) { - if(policyItem != null) { - policyItem.toString(sb); - } - } - } - sb.append("} "); - - sb.append("denyPolicyItems={"); - if(denyPolicyItems != null) { - for(RangerPolicyItem policyItem : denyPolicyItems) { - if(policyItem != null) { - policyItem.toString(sb); - } - } - } - sb.append("} "); - - sb.append("allowExceptions={"); - if(allowExceptions != null) { - for(RangerPolicyItem policyItem : allowExceptions) { - if(policyItem != null) { - policyItem.toString(sb); - } - } - } - sb.append("} "); - - sb.append("denyExceptions={"); - if(denyExceptions != null) { - for(RangerPolicyItem policyItem : denyExceptions) { - if(policyItem != null) { - policyItem.toString(sb); - } - } - } - sb.append("} "); - - sb.append("dataMaskPolicyItems={"); - if(dataMaskPolicyItems != null) { - for(RangerDataMaskPolicyItem dataMaskPolicyItem : dataMaskPolicyItems) { - if(dataMaskPolicyItem != null) { - dataMaskPolicyItem.toString(sb); - } - } - } - sb.append("} "); - - sb.append("rowFilterPolicyItems={"); - if(rowFilterPolicyItems != null) { - for(RangerRowFilterPolicyItem rowFilterPolicyItem : rowFilterPolicyItems) { - if(rowFilterPolicyItem != null) { - rowFilterPolicyItem.toString(sb); - } - } - } - sb.append("} "); - - sb.append("options={"); - if(options != null) { - for(Map.Entry e : options.entrySet()) { - sb.append(e.getKey()).append("={"); - sb.append(e.getValue().toString()); - sb.append("} "); - } - } - sb.append("} "); - - //sb.append("validitySchedules={").append(validitySchedules).append("} "); - sb.append("validitySchedules={"); - if (CollectionUtils.isNotEmpty(validitySchedules)) { - for (RangerValiditySchedule schedule : validitySchedules) { - if (schedule != null) { - sb.append("schedule={").append(schedule).append("}"); - } - } - } - sb.append(", zoneName=").append(zoneName); - - sb.append(", isDenyAllElse={").append(isDenyAllElse).append("} "); - - sb.append("}"); - - sb.append("}"); - - return sb; - } - - static class PolicyIdComparator implements Comparator, java.io.Serializable { - @Override - public int compare(RangerPolicy me, RangerPolicy other) { - return Long.compare(me.getId(), other.getId()); - } - } - - @JsonInclude(JsonInclude.Include.NON_NULL) - @XmlRootElement - @XmlAccessorType(XmlAccessType.FIELD) - public static class RangerPolicyResource implements java.io.Serializable { - private static final long serialVersionUID = 1L; - - private List values; - private Boolean isExcludes; - private Boolean isRecursive; - - public RangerPolicyResource() { - this((List)null, null, null); - } - - public RangerPolicyResource(String value) { - setValue(value); - setIsExcludes(null); - setIsRecursive(null); - } - - public RangerPolicyResource(String value, Boolean isExcludes, Boolean isRecursive) { - setValue(value); - setIsExcludes(isExcludes); - setIsRecursive(isRecursive); - } - - public RangerPolicyResource(List values, Boolean isExcludes, Boolean isRecursive) { - setValues(values); - setIsExcludes(isExcludes); - setIsRecursive(isRecursive); - } - - /** - * @return the values - */ - public List getValues() { - return values; - } - - /** - * @param values the values to set - */ - public void setValues(List values) { - if(this.values == null) { - this.values = new ArrayList<>(); - } - - if(this.values == values) { - return; - } - - this.values.clear(); - - if(values != null) { - this.values.addAll(values); - } - } - - /** - * @param value the value to set - */ - public void setValue(String value) { - if(this.values == null) { - this.values = new ArrayList<>(); - } - - this.values.clear(); - - this.values.add(value); - } - - /** - * @return the isExcludes - */ - public Boolean getIsExcludes() { - return isExcludes; - } - - /** - * @param isExcludes the isExcludes to set - */ - public void setIsExcludes(Boolean isExcludes) { - this.isExcludes = isExcludes == null ? Boolean.FALSE : isExcludes; - } - - /** - * @return the isRecursive - */ - public Boolean getIsRecursive() { - return isRecursive; - } - - /** - * @param isRecursive the isRecursive to set - */ - public void setIsRecursive(Boolean isRecursive) { - this.isRecursive = isRecursive == null ? Boolean.FALSE : isRecursive; - } - - @Override - public String toString( ) { - StringBuilder sb = new StringBuilder(); - - toString(sb); - - return sb.toString(); - } - - public StringBuilder toString(StringBuilder sb) { - sb.append("RangerPolicyResource={"); - sb.append("values={"); - if(values != null) { - for(String value : values) { - sb.append(value).append(" "); - } - } - sb.append("} "); - sb.append("isExcludes={").append(isExcludes).append("} "); - sb.append("isRecursive={").append(isRecursive).append("} "); - sb.append("}"); - - return sb; - } - - @Override - public int hashCode() { - final int prime = 31; - int result = 1; - result = prime * result - + ((isExcludes == null) ? 0 : isExcludes.hashCode()); - result = prime * result - + ((isRecursive == null) ? 0 : isRecursive.hashCode()); - result = prime * result - + ((values == null) ? 0 : values.hashCode()); - return result; - } - - @Override - public boolean equals(Object obj) { - if (this == obj) - return true; - if (obj == null) - return false; - if (getClass() != obj.getClass()) - return false; - RangerPolicyResource other = (RangerPolicyResource) obj; - if (isExcludes == null) { - if (other.isExcludes != null) - return false; - } else if (!isExcludes.equals(other.isExcludes)) - return false; - if (isRecursive == null) { - if (other.isRecursive != null) - return false; - } else if (!isRecursive.equals(other.isRecursive)) - return false; - if (values == null) { - if (other.values != null) - return false; - } else if (!values.equals(other.values)) - return false; - return true; - } - - } - - @JsonInclude(JsonInclude.Include.NON_NULL) - @XmlRootElement - @XmlAccessorType(XmlAccessType.FIELD) - public static class RangerPolicyItem implements java.io.Serializable { - private static final long serialVersionUID = 1L; - - private List accesses; - private List users; - private List groups; - private List roles; - private List conditions; - private Boolean delegateAdmin; - - public RangerPolicyItem() { - this(null, null, null, null, null, null); - } - - public RangerPolicyItem(List accessTypes, List users, List groups, List roles, List conditions, Boolean delegateAdmin) { - setAccesses(accessTypes); - setUsers(users); - setGroups(groups); - setRoles(roles); - setConditions(conditions); - setDelegateAdmin(delegateAdmin); - } - - /** - * @return the accesses - */ - public List getAccesses() { - return accesses; - } - /** - * @param accesses the accesses to set - */ - public void setAccesses(List accesses) { - if(this.accesses == null) { - this.accesses = new ArrayList<>(); - } - - if(this.accesses == accesses) { - return; - } - - this.accesses.clear(); - - if(accesses != null) { - this.accesses.addAll(accesses); - } - } - /** - * @return the users - */ - public List getUsers() { - return users; - } - /** - * @param users the users to set - */ - public void setUsers(List users) { - if(this.users == null) { - this.users = new ArrayList<>(); - } - - if(this.users == users) { - return; - } - - this.users.clear(); - - if(users != null) { - this.users.addAll(users); - } - } - /** - * @return the groups - */ - public List getGroups() { - return groups; - } - /** - * @param groups the groups to set - */ - public void setGroups(List groups) { - if(this.groups == null) { - this.groups = new ArrayList<>(); - } - - if(this.groups == groups) { - return; - } - - this.groups.clear(); - - if(groups != null) { - this.groups.addAll(groups); - } - } - /** - * @return the roles - */ - public List getRoles() { - return roles; - } - /** - * @param roles the roles to set - */ - public void setRoles(List roles) { - if(this.roles == null) { - this.roles = new ArrayList<>(); - } - - if(this.roles == roles) { - return; - } - - this.roles.clear(); - - if(roles != null) { - this.roles.addAll(roles); - } - } - /** - * @return the conditions - */ - public List getConditions() { - return conditions; - } - /** - * @param conditions the conditions to set - */ - public void setConditions(List conditions) { - if(this.conditions == null) { - this.conditions = new ArrayList<>(); - } - - if(this.conditions == conditions) { - return; - } - - this.conditions.clear(); - - if(conditions != null) { - this.conditions.addAll(conditions); - } - } - - /** - * @return the delegateAdmin - */ - public Boolean getDelegateAdmin() { - return delegateAdmin; - } - - /** - * @param delegateAdmin the delegateAdmin to set - */ - public void setDelegateAdmin(Boolean delegateAdmin) { - this.delegateAdmin = delegateAdmin == null ? Boolean.FALSE : delegateAdmin; - } - - @Override - public String toString( ) { - StringBuilder sb = new StringBuilder(); - - toString(sb); - - return sb.toString(); - } - - public StringBuilder toString(StringBuilder sb) { - sb.append("RangerPolicyItem={"); - - sb.append("accessTypes={"); - if(accesses != null) { - for(RangerPolicyItemAccess access : accesses) { - if(access != null) { - access.toString(sb); - } - } - } - sb.append("} "); - - sb.append("users={"); - if(users != null) { - for(String user : users) { - if(user != null) { - sb.append(user).append(" "); - } - } - } - sb.append("} "); - - sb.append("groups={"); - if(groups != null) { - for(String group : groups) { - if(group != null) { - sb.append(group).append(" "); - } - } - } - sb.append("} "); - - sb.append("roles={"); - if(roles != null) { - for(String role : roles) { - if(role != null) { - sb.append(role).append(" "); - } - } - } - sb.append("} "); - - sb.append("conditions={"); - if(conditions != null) { - for(RangerPolicyItemCondition condition : conditions) { - if(condition != null) { - condition.toString(sb); - } - } - } - sb.append("} "); - - sb.append("delegateAdmin={").append(delegateAdmin).append("} "); - sb.append("}"); - - return sb; - } - - @Override - public int hashCode() { - final int prime = 31; - int result = 1; - result = prime * result - + ((accesses == null) ? 0 : accesses.hashCode()); - result = prime * result - + ((conditions == null) ? 0 : conditions.hashCode()); - result = prime * result - + ((delegateAdmin == null) ? 0 : delegateAdmin.hashCode()); - result = prime * result - + ((roles == null) ? 0 : roles.hashCode()); - result = prime * result - + ((groups == null) ? 0 : groups.hashCode()); - result = prime * result + ((users == null) ? 0 : users.hashCode()); - return result; - } - - @Override - public boolean equals(Object obj) { - if (this == obj) - return true; - if (obj == null) - return false; - if (getClass() != obj.getClass()) - return false; - RangerPolicyItem other = (RangerPolicyItem) obj; - if (accesses == null) { - if (other.accesses != null) - return false; - } else if (!accesses.equals(other.accesses)) - return false; - if (conditions == null) { - if (other.conditions != null) - return false; - } else if (!conditions.equals(other.conditions)) - return false; - if (delegateAdmin == null) { - if (other.delegateAdmin != null) - return false; - } else if (!delegateAdmin.equals(other.delegateAdmin)) - return false; - if (roles == null) { - if (other.roles != null) - return false; - } else if (!roles.equals(other.roles)) - return false; - if (groups == null) { - if (other.groups != null) - return false; - } else if (!groups.equals(other.groups)) - return false; - if (users == null) { - if (other.users != null) - return false; - } else if (!users.equals(other.users)) - return false; - return true; - - } - } - - @JsonInclude(JsonInclude.Include.NON_NULL) - @XmlRootElement - @XmlAccessorType(XmlAccessType.FIELD) - public static class RangerDataMaskPolicyItem extends RangerPolicyItem implements java.io.Serializable { - private static final long serialVersionUID = 1L; - - private RangerPolicyItemDataMaskInfo dataMaskInfo; - - public RangerDataMaskPolicyItem() { - this(null, null, null, null, null, null, null); - } - - public RangerDataMaskPolicyItem(List accesses, RangerPolicyItemDataMaskInfo dataMaskDetail, List users, List groups, List roles, List conditions, Boolean delegateAdmin) { - super(accesses, users, groups, roles, conditions, delegateAdmin); - - setDataMaskInfo(dataMaskDetail); - } - - /** - * @return the dataMaskInfo - */ - public RangerPolicyItemDataMaskInfo getDataMaskInfo() { - return dataMaskInfo; - } - - /** - * @param dataMaskInfo the dataMaskInfo to set - */ - public void setDataMaskInfo(RangerPolicyItemDataMaskInfo dataMaskInfo) { - this.dataMaskInfo = dataMaskInfo == null ? new RangerPolicyItemDataMaskInfo() : dataMaskInfo; - } - - @Override - public int hashCode() { - final int prime = 31; - int result = super.hashCode(); - result = prime * result + ((dataMaskInfo == null) ? 0 : dataMaskInfo.hashCode()); - return result; - } - - @Override - public boolean equals(Object obj) { - if(! super.equals(obj)) - return false; - if (this == obj) - return true; - if (obj == null) - return false; - if (getClass() != obj.getClass()) - return false; - RangerDataMaskPolicyItem other = (RangerDataMaskPolicyItem) obj; - if (dataMaskInfo == null) { - if (other.dataMaskInfo != null) - return false; - } else if (!dataMaskInfo.equals(other.dataMaskInfo)) - return false; - return true; - } - - @Override - public String toString( ) { - StringBuilder sb = new StringBuilder(); - - toString(sb); - - return sb.toString(); - } - - public StringBuilder toString(StringBuilder sb) { - sb.append("RangerDataMaskPolicyItem={"); - - super.toString(sb); - - sb.append("dataMaskInfo={"); - if(dataMaskInfo != null) { - dataMaskInfo.toString(sb); - } - sb.append("} "); - - sb.append("}"); - - return sb; - } - } - - @JsonInclude(JsonInclude.Include.NON_NULL) - @XmlRootElement - @XmlAccessorType(XmlAccessType.FIELD) - public static class RangerRowFilterPolicyItem extends RangerPolicyItem implements java.io.Serializable { - private static final long serialVersionUID = 1L; - - private RangerPolicyItemRowFilterInfo rowFilterInfo; - - public RangerRowFilterPolicyItem() { - this(null, null, null, null, null, null, null); - } - - public RangerRowFilterPolicyItem(RangerPolicyItemRowFilterInfo rowFilterInfo, List accesses, List users, List groups, List roles, List conditions, Boolean delegateAdmin) { - super(accesses, users, groups, roles, conditions, delegateAdmin); - - setRowFilterInfo(rowFilterInfo); - } - - /** - * @return the rowFilterInfo - */ - public RangerPolicyItemRowFilterInfo getRowFilterInfo() { - return rowFilterInfo; - } - - /** - * @param rowFilterInfo the rowFilterInfo to set - */ - public void setRowFilterInfo(RangerPolicyItemRowFilterInfo rowFilterInfo) { - this.rowFilterInfo = rowFilterInfo == null ? new RangerPolicyItemRowFilterInfo() : rowFilterInfo; - } - - @Override - public int hashCode() { - final int prime = 31; - int result = super.hashCode(); - result = prime * result + ((rowFilterInfo == null) ? 0 : rowFilterInfo.hashCode()); - return result; - } - - @Override - public boolean equals(Object obj) { - if(! super.equals(obj)) - return false; - if (this == obj) - return true; - if (obj == null) - return false; - if (getClass() != obj.getClass()) - return false; - RangerRowFilterPolicyItem other = (RangerRowFilterPolicyItem) obj; - if (rowFilterInfo == null) { - if (other.rowFilterInfo != null) - return false; - } else if (!rowFilterInfo.equals(other.rowFilterInfo)) - return false; - return true; - } - - @Override - public String toString( ) { - StringBuilder sb = new StringBuilder(); - - toString(sb); - - return sb.toString(); - } - - public StringBuilder toString(StringBuilder sb) { - sb.append("RangerRowFilterPolicyItem={"); - - super.toString(sb); - - sb.append("rowFilterInfo={"); - if(rowFilterInfo != null) { - rowFilterInfo.toString(sb); - } - sb.append("} "); - - sb.append("}"); - - return sb; - } - } - - @JsonInclude(JsonInclude.Include.NON_NULL) - @XmlRootElement - @XmlAccessorType(XmlAccessType.FIELD) - public static class RangerPolicyItemAccess implements java.io.Serializable { - private static final long serialVersionUID = 1L; - - private String type; - private Boolean isAllowed; - - public RangerPolicyItemAccess() { - this(null, null); - } - - public RangerPolicyItemAccess(String type) { - this(type, null); - } - - public RangerPolicyItemAccess(String type, Boolean isAllowed) { - setType(type); - setIsAllowed(isAllowed); - } - - /** - * @return the type - */ - public String getType() { - return type; - } - - /** - * @param type the type to set - */ - public void setType(String type) { - this.type = type; - } - - /** - * @return the isAllowed - */ - public Boolean getIsAllowed() { - return isAllowed; - } - - /** - * @param isAllowed the isAllowed to set - */ - public void setIsAllowed(Boolean isAllowed) { - this.isAllowed = isAllowed == null ? Boolean.TRUE : isAllowed; - } - - @Override - public String toString( ) { - StringBuilder sb = new StringBuilder(); - - toString(sb); - - return sb.toString(); - } - - public StringBuilder toString(StringBuilder sb) { - sb.append("RangerPolicyItemAccess={"); - sb.append("type={").append(type).append("} "); - sb.append("isAllowed={").append(isAllowed).append("} "); - sb.append("}"); - - return sb; - } - - @Override - public int hashCode() { - final int prime = 31; - int result = 1; - result = prime * result - + ((isAllowed == null) ? 0 : isAllowed.hashCode()); - result = prime * result + ((type == null) ? 0 : type.hashCode()); - return result; - } - - @Override - public boolean equals(Object obj) { - if (this == obj) - return true; - if (obj == null) - return false; - if (getClass() != obj.getClass()) - return false; - RangerPolicyItemAccess other = (RangerPolicyItemAccess) obj; - if (isAllowed == null) { - if (other.isAllowed != null) - return false; - } else if (!isAllowed.equals(other.isAllowed)) - return false; - if (type == null) { - if (other.type != null) - return false; - } else if (!type.equals(other.type)) - return false; - return true; - } - - } - - @JsonInclude(JsonInclude.Include.NON_NULL) - @XmlRootElement - @XmlAccessorType(XmlAccessType.FIELD) - public static class RangerPolicyItemCondition implements java.io.Serializable { - private static final long serialVersionUID = 1L; - - private String type; - private List values; - - public RangerPolicyItemCondition() { - this(null, null); - } - - public RangerPolicyItemCondition(String type, List values) { - setType(type); - setValues(values); - } - - /** - * @return the type - */ - public String getType() { - return type; - } - - /** - * @param type the type to set - */ - public void setType(String type) { - this.type = type; - } - - /** - * @return the value - */ - public List getValues() { - return values; - } - - /** - * @param values the value to set - */ - public void setValues(List values) { - if (this.values == null) { - this.values = new ArrayList<>(); - } - - if(this.values == values) { - return; - } - - this.values.clear(); - - if(values != null) { - this.values.addAll(values); - } - } - - @Override - public String toString( ) { - StringBuilder sb = new StringBuilder(); - - toString(sb); - - return sb.toString(); - } - - public StringBuilder toString(StringBuilder sb) { - sb.append("RangerPolicyCondition={"); - sb.append("type={").append(type).append("} "); - sb.append("values={"); - if(values != null) { - for(String value : values) { - sb.append(value).append(" "); - } - } - sb.append("} "); - sb.append("}"); - - return sb; - } - - @Override - public int hashCode() { - final int prime = 31; - int result = 1; - result = prime * result + ((type == null) ? 0 : type.hashCode()); - result = prime * result - + ((values == null) ? 0 : values.hashCode()); - return result; - } - - @Override - public boolean equals(Object obj) { - if (this == obj) - return true; - if (obj == null) - return false; - if (getClass() != obj.getClass()) - return false; - RangerPolicyItemCondition other = (RangerPolicyItemCondition) obj; - if (type == null) { - if (other.type != null) - return false; - } else if (!type.equals(other.type)) - return false; - if (values == null) { - if (other.values != null) - return false; - } else if (!values.equals(other.values)) - return false; - return true; - } - - } - - @JsonInclude(JsonInclude.Include.NON_NULL) - @XmlRootElement - @XmlAccessorType(XmlAccessType.FIELD) - public static class RangerPolicyItemDataMaskInfo implements java.io.Serializable { - private static final long serialVersionUID = 1L; - - private String dataMaskType; - private String conditionExpr; - private String valueExpr; - - public RangerPolicyItemDataMaskInfo() { } - - public RangerPolicyItemDataMaskInfo(String dataMaskType, String conditionExpr, String valueExpr) { - setDataMaskType(dataMaskType); - setConditionExpr(conditionExpr); - setValueExpr(valueExpr); - } - - public RangerPolicyItemDataMaskInfo(RangerPolicyItemDataMaskInfo that) { - this.dataMaskType = that.dataMaskType; - this.conditionExpr = that.conditionExpr; - this.valueExpr = that.valueExpr; - } - - public String getDataMaskType() { - return dataMaskType; - } - - public void setDataMaskType(String dataMaskType) { - this.dataMaskType = dataMaskType; - } - - public String getConditionExpr() { - return conditionExpr; - } - - public void setConditionExpr(String conditionExpr) { - this.conditionExpr = conditionExpr; - } - - public String getValueExpr() { - return valueExpr; - } - - public void setValueExpr(String valueExpr) { - this.valueExpr = valueExpr; - } - - @Override - public int hashCode() { - final int prime = 31; - int result = super.hashCode(); - result = prime * result + ((dataMaskType == null) ? 0 : dataMaskType.hashCode()); - result = prime * result + ((conditionExpr == null) ? 0 : conditionExpr.hashCode()); - result = prime * result + ((valueExpr == null) ? 0 : valueExpr.hashCode()); - return result; - } - - @Override - public boolean equals(Object obj) { - if (this == obj) - return true; - if (obj == null) - return false; - if (getClass() != obj.getClass()) - return false; - RangerPolicyItemDataMaskInfo other = (RangerPolicyItemDataMaskInfo) obj; - if (dataMaskType == null) { - if (other.dataMaskType != null) - return false; - } else if (!dataMaskType.equals(other.dataMaskType)) - return false; - if (conditionExpr == null) { - if (other.conditionExpr != null) - return false; - } else if (!conditionExpr.equals(other.conditionExpr)) - return false; - if (valueExpr == null) { - if (other.valueExpr != null) - return false; - } else if (!valueExpr.equals(other.valueExpr)) - return false; - return true; - } - - @Override - public String toString( ) { - StringBuilder sb = new StringBuilder(); - - toString(sb); - - return sb.toString(); - } - - public StringBuilder toString(StringBuilder sb) { - sb.append("RangerPolicyItemDataMaskInfo={"); - - sb.append("dataMaskType={").append(dataMaskType).append("} "); - sb.append("conditionExpr={").append(conditionExpr).append("} "); - sb.append("valueExpr={").append(valueExpr).append("} "); - - sb.append("}"); - - return sb; - } - } - - @JsonInclude(JsonInclude.Include.NON_NULL) - @XmlRootElement - @XmlAccessorType(XmlAccessType.FIELD) - public static class RangerPolicyItemRowFilterInfo implements java.io.Serializable { - private static final long serialVersionUID = 1L; - - private String filterExpr; - - public RangerPolicyItemRowFilterInfo() { } - - public RangerPolicyItemRowFilterInfo(String filterExpr) { - setFilterExpr(filterExpr); - } - - public RangerPolicyItemRowFilterInfo(RangerPolicyItemRowFilterInfo that) { - this.filterExpr = that.filterExpr; - } - - public String getFilterExpr() { - return filterExpr; - } - - public void setFilterExpr(String filterExpr) { - this.filterExpr = filterExpr; - } - - @Override - public int hashCode() { - final int prime = 31; - int result = super.hashCode(); - result = prime * result + ((filterExpr == null) ? 0 : filterExpr.hashCode()); - return result; - } - - @Override - public boolean equals(Object obj) { - if (this == obj) - return true; - if (obj == null) - return false; - if (getClass() != obj.getClass()) - return false; - RangerPolicyItemRowFilterInfo other = (RangerPolicyItemRowFilterInfo) obj; - if (filterExpr == null) { - if (other.filterExpr != null) - return false; - } else if (!filterExpr.equals(other.filterExpr)) - return false; - return true; - } - - @Override - public String toString( ) { - StringBuilder sb = new StringBuilder(); - - toString(sb); - - return sb.toString(); - } - - public StringBuilder toString(StringBuilder sb) { - sb.append("RangerPolicyItemRowFilterInfo={"); - - sb.append("filterExpr={").append(filterExpr).append("} "); - - sb.append("}"); - - return sb; - } - } -} diff --git a/auth-agents-common/src/main/java/org/apache/atlas/plugin/policyengine/RangerPolicyEngine.java b/auth-agents-common/src/main/java/org/apache/atlas/plugin/policyengine/RangerPolicyEngine.java index 98852f910d..332f2fec29 100644 --- a/auth-agents-common/src/main/java/org/apache/atlas/plugin/policyengine/RangerPolicyEngine.java +++ b/auth-agents-common/src/main/java/org/apache/atlas/plugin/policyengine/RangerPolicyEngine.java @@ -62,7 +62,7 @@ public interface RangerPolicyEngine { void setRoles(RangerRoles roles); - RangerAccessResult evaluatePolicies(RangerAccessRequest request, String policyType, RangerAccessResultProcessor resultProcessor); + RangerAccessResult evaluatePolicies(RangerAccessRequest request, String policyType, RangerAccessResultProcessor resultProcessor, String uuid); Collection evaluatePolicies(Collection requests, String policyType, RangerAccessResultProcessor resultProcessor); diff --git a/auth-agents-common/src/main/java/org/apache/atlas/plugin/policyengine/RangerPolicyEngineImpl.java b/auth-agents-common/src/main/java/org/apache/atlas/plugin/policyengine/RangerPolicyEngineImpl.java index 90d18bf752..b7edea8b74 100644 --- a/auth-agents-common/src/main/java/org/apache/atlas/plugin/policyengine/RangerPolicyEngineImpl.java +++ b/auth-agents-common/src/main/java/org/apache/atlas/plugin/policyengine/RangerPolicyEngineImpl.java @@ -112,10 +112,11 @@ public String toString() { } @Override - public RangerAccessResult evaluatePolicies(RangerAccessRequest request, String policyType, RangerAccessResultProcessor resultProcessor) { + public RangerAccessResult evaluatePolicies(RangerAccessRequest request, String policyType, RangerAccessResultProcessor resultProcessor, String uuid) { if (LOG.isDebugEnabled()) { LOG.debug("==> RangerPolicyEngineImpl.evaluatePolicies(" + request + ", policyType=" + policyType + ")"); } + long t0 = System.currentTimeMillis(); RangerPerfTracer perf = null; @@ -124,6 +125,7 @@ public RangerAccessResult evaluatePolicies(RangerAccessRequest request, String p perf = RangerPerfTracer.getPerfTracer(PERF_POLICYENGINE_REQUEST_LOG, "RangerPolicyEngine.evaluatePolicies(requestHashCode=" + requestHashCode + ")"); } + LOG.info("evaluatePolicies : perf-trace " + (System.currentTimeMillis() - t0)); RangerAccessResult ret; @@ -135,8 +137,10 @@ public RangerAccessResult evaluatePolicies(RangerAccessRequest request, String p } requestProcessor.preProcess(request); + LOG.info("evaluatePolicies : pre-process " + (System.currentTimeMillis() - t0) + "uuid: " + uuid); ret = zoneAwareAccessEvaluationWithNoAudit(request, policyType); + LOG.info("evaluatePolicies: zoneAwareAccessEval " + (System.currentTimeMillis() - t0)+ "uuid: " + uuid); if (resultProcessor != null) { RangerPerfTracer perfAuditTracer = null; @@ -146,8 +150,10 @@ public RangerAccessResult evaluatePolicies(RangerAccessRequest request, String p perfAuditTracer = RangerPerfTracer.getPerfTracer(PERF_POLICYENGINE_AUDIT_LOG, "RangerPolicyEngine.processAudit(requestHashCode=" + requestHashCode + ")"); } + LOG.info("evaluatePolicies : perf-tracer " + (System.currentTimeMillis() - t0)+ "uuid: " + uuid); resultProcessor.processResult(ret); + LOG.info("evaluatePolicies : pre-process result " + (System.currentTimeMillis() - t0)+ "uuid: " + uuid); RangerPerfTracer.log(perfAuditTracer); } @@ -158,6 +164,7 @@ public RangerAccessResult evaluatePolicies(RangerAccessRequest request, String p if (LOG.isDebugEnabled()) { LOG.debug("<== RangerPolicyEngineImpl.evaluatePolicies(" + request + ", policyType=" + policyType + "): " + ret); } + LOG.info("evaluatePolicies _ final return" + (System.currentTimeMillis() - t0)+ "uuid: " + uuid); return ret; } diff --git a/auth-agents-common/src/main/java/org/apache/atlas/plugin/service/RangerBasePlugin.java b/auth-agents-common/src/main/java/org/apache/atlas/plugin/service/RangerBasePlugin.java index b224cccc7e..9cbbe74b7d 100644 --- a/auth-agents-common/src/main/java/org/apache/atlas/plugin/service/RangerBasePlugin.java +++ b/auth-agents-common/src/main/java/org/apache/atlas/plugin/service/RangerBasePlugin.java @@ -19,6 +19,8 @@ package org.apache.atlas.plugin.service; +import org.apache.atlas.authorizer.store.PoliciesStore; +import org.apache.atlas.authorizer.store.UsersStore; import org.apache.atlas.type.AtlasTypeRegistry; import org.apache.commons.collections.CollectionUtils; import org.apache.commons.collections.MapUtils; @@ -176,6 +178,7 @@ public RangerRoles getRoles() { public void setRoles(RangerRoles roles) { this.roles = roles; + UsersStore.setAllRoles(roles); RangerPolicyEngine policyEngine = this.policyEngine; @@ -192,6 +195,7 @@ public RangerUserStore getUserStore() { public void setUserStore(RangerUserStore userStore) { this.userStore = userStore; + UsersStore.setUserStore(userStore); // RangerPolicyEngine policyEngine = this.policyEngine; @@ -296,6 +300,14 @@ public void setPolicies(ServicePolicies policies) { LOG.debug("==> setPolicies(" + policies + ")"); } + if (policies != null) { + List resourcePolicies = policies.getPolicies(); + List tagPolicies = policies.getTagPolicies().getPolicies(); + + PoliciesStore.setResourcePolicies(resourcePolicies); + PoliciesStore.setTagPolicies(tagPolicies); + } + // guard against catastrophic failure during policy engine Initialization or try { RangerPolicyEngine oldPolicyEngine = this.policyEngine; @@ -461,38 +473,47 @@ public RangerAccessResultProcessor getResultProcessor() { } public RangerAccessResult isAccessAllowed(RangerAccessRequest request) { - return isAccessAllowed(request, resultProcessor); + return isAccessAllowed(request, resultProcessor, ""); } public Collection isAccessAllowed(Collection requests) { return isAccessAllowed(requests, resultProcessor); } - public RangerAccessResult isAccessAllowed(RangerAccessRequest request, RangerAccessResultProcessor resultProcessor) { + public RangerAccessResult isAccessAllowed(RangerAccessRequest request, RangerAccessResultProcessor resultProcessor, String uuid) { + RangerAccessResult ret = null; RangerPolicyEngine policyEngine = this.policyEngine; if (policyEngine != null) { - ret = policyEngine.evaluatePolicies(request, RangerPolicy.POLICY_TYPE_ACCESS, null); + long startTime = System.currentTimeMillis(); + ret = policyEngine.evaluatePolicies(request, RangerPolicy.POLICY_TYPE_ACCESS, null, uuid); + LOG.info("policyEngine.evaluatePolicies ended in "+(System.currentTimeMillis() - startTime)+ " uuid: " + uuid); } if (ret != null) { for (RangerChainedPlugin chainedPlugin : chainedPlugins) { + long startTime = System.currentTimeMillis(); RangerAccessResult chainedResult = chainedPlugin.isAccessAllowed(request); - + LOG.info("chainedPlugin.isAccessAllowed ended in " + (System.currentTimeMillis() - startTime) + "uuid: " + uuid); if (chainedResult != null) { updateResultFromChainedResult(ret, chainedResult); } + LOG.info("chainedPlugin.isAccessAllowed : " + chainedPlugin.getClass().getName() + " ended in " + (System.currentTimeMillis() - startTime) + " uuid: "+ uuid); } } if (policyEngine != null) { + long startTime = System.currentTimeMillis(); policyEngine.evaluateAuditPolicies(ret); + LOG.info("policyEngine.evaluateAuditPolicies ended in " + (System.currentTimeMillis()-startTime) + "uuid: " + uuid); } if (resultProcessor != null) { + long startTime = System.currentTimeMillis(); resultProcessor.processResult(ret); + LOG.info("resultProcessor.processResult ended in " + (System.currentTimeMillis()-startTime) + "uuid: " + uuid); } return ret; @@ -544,7 +565,7 @@ public RangerAccessResult getAssetAccessors(RangerAccessRequest request) { RangerPolicyEngine policyEngine = this.policyEngine; if (policyEngine != null) { - ret = policyEngine.evaluatePolicies(request, RangerPolicy.POLICY_TYPE_ACCESS, null); + ret = policyEngine.evaluatePolicies(request, RangerPolicy.POLICY_TYPE_ACCESS, null, ""); } return ret; @@ -555,7 +576,7 @@ public RangerAccessResult evalDataMaskPolicies(RangerAccessRequest request, Rang RangerAccessResult ret = null; if(policyEngine != null) { - ret = policyEngine.evaluatePolicies(request, RangerPolicy.POLICY_TYPE_DATAMASK, resultProcessor); + ret = policyEngine.evaluatePolicies(request, RangerPolicy.POLICY_TYPE_DATAMASK, resultProcessor, ""); policyEngine.evaluateAuditPolicies(ret); } @@ -568,7 +589,7 @@ public RangerAccessResult evalRowFilterPolicies(RangerAccessRequest request, Ran RangerAccessResult ret = null; if(policyEngine != null) { - ret = policyEngine.evaluatePolicies(request, RangerPolicy.POLICY_TYPE_ROWFILTER, resultProcessor); + ret = policyEngine.evaluatePolicies(request, RangerPolicy.POLICY_TYPE_ROWFILTER, resultProcessor, ""); policyEngine.evaluateAuditPolicies(ret); } @@ -948,7 +969,7 @@ private void auditGrantRevoke(GrantRevokeRequest request, String action, boolean accessRequest.setSessionId(request.getSessionId()); // call isAccessAllowed() to determine if audit is enabled or not - RangerAccessResult accessResult = isAccessAllowed(accessRequest, null); + RangerAccessResult accessResult = isAccessAllowed(accessRequest, null, ""); if(accessResult != null && accessResult.getIsAudited()) { accessRequest.setAccessType(action); diff --git a/auth-agents-common/src/main/java/org/apache/atlas/plugin/util/KeycloakUserStore.java b/auth-agents-common/src/main/java/org/apache/atlas/plugin/util/KeycloakUserStore.java index b322458543..108e4b6c58 100644 --- a/auth-agents-common/src/main/java/org/apache/atlas/plugin/util/KeycloakUserStore.java +++ b/auth-agents-common/src/main/java/org/apache/atlas/plugin/util/KeycloakUserStore.java @@ -119,7 +119,7 @@ public boolean isKeycloakSubjectsStoreUpdated(long cacheLastUpdatedTime) throws if (CollectionUtils.isEmpty(events) || cacheLastUpdatedTime > events.get(0).getTime()) { break; } - + Optional event = events.stream().filter(this::isUpdateProfileEvent).findFirst(); if (event.isPresent()) { diff --git a/auth-agents-common/src/main/java/org/apache/atlas/plugin/util/RangerRESTClient.java b/auth-agents-common/src/main/java/org/apache/atlas/plugin/util/RangerRESTClient.java index 94af3510e4..4a265a8430 100644 --- a/auth-agents-common/src/main/java/org/apache/atlas/plugin/util/RangerRESTClient.java +++ b/auth-agents-common/src/main/java/org/apache/atlas/plugin/util/RangerRESTClient.java @@ -19,6 +19,7 @@ package org.apache.atlas.plugin.util; +import com.fasterxml.jackson.jaxrs.json.JacksonJsonProvider; import com.google.gson.Gson; import com.google.gson.GsonBuilder; import com.sun.jersey.api.client.Client; @@ -36,7 +37,6 @@ import org.apache.hadoop.conf.Configuration; import org.apache.atlas.authorization.hadoop.utils.RangerCredentialProvider; import org.apache.atlas.authorization.utils.StringUtil; -import org.codehaus.jackson.jaxrs.JacksonJsonProvider; import javax.net.ssl.HostnameVerifier; import javax.net.ssl.KeyManager; diff --git a/auth-agents-common/src/main/java/org/apache/atlas/plugin/util/ServicePolicies.java b/auth-agents-common/src/main/java/org/apache/atlas/plugin/util/ServicePolicies.java index 547349c8f5..9713e85034 100644 --- a/auth-agents-common/src/main/java/org/apache/atlas/plugin/util/ServicePolicies.java +++ b/auth-agents-common/src/main/java/org/apache/atlas/plugin/util/ServicePolicies.java @@ -20,6 +20,7 @@ package org.apache.atlas.plugin.util; +import com.fasterxml.jackson.annotation.JsonIgnoreProperties; import org.apache.commons.collections.MapUtils; import org.apache.commons.logging.Log; import org.apache.commons.logging.LogFactory; @@ -40,6 +41,7 @@ import java.util.List; import java.util.Map; +@JsonIgnoreProperties(ignoreUnknown = true) @JsonInclude(JsonInclude.Include.NON_NULL) @XmlRootElement @XmlAccessorType(XmlAccessType.FIELD) diff --git a/auth-agents-common/src/main/java/org/apache/atlas/policytransformer/AbstractCachePolicyTransformer.java b/auth-agents-common/src/main/java/org/apache/atlas/policytransformer/AbstractCachePolicyTransformer.java index 5c0a16b0b6..cd5dec9e36 100644 --- a/auth-agents-common/src/main/java/org/apache/atlas/policytransformer/AbstractCachePolicyTransformer.java +++ b/auth-agents-common/src/main/java/org/apache/atlas/policytransformer/AbstractCachePolicyTransformer.java @@ -30,6 +30,7 @@ public abstract class AbstractCachePolicyTransformer implements CachePolicyTrans public static final String PLACEHOLDER_ENTITY = "{entity}"; public static final String PLACEHOLDER_ENTITY_TYPE = "{entity-type}"; + public static final String PLACEHOLDER_FILTER_CRITERIA = "{criteria}"; public static final String PLACEHOLDER_TAG = "{tag}"; private static Map TEMPLATES = new HashMap<>(); diff --git a/auth-agents-common/src/main/java/org/apache/atlas/policytransformer/CachePolicyTransformerImpl.java b/auth-agents-common/src/main/java/org/apache/atlas/policytransformer/CachePolicyTransformerImpl.java index 6f27c49983..a64dd1738d 100644 --- a/auth-agents-common/src/main/java/org/apache/atlas/policytransformer/CachePolicyTransformerImpl.java +++ b/auth-agents-common/src/main/java/org/apache/atlas/policytransformer/CachePolicyTransformerImpl.java @@ -480,6 +480,7 @@ private List getAtlasPolicies(String serviceName, int batchSi List> mustClauseList = new ArrayList<>(); mustClauseList.add(getMap("term", getMap(ATTR_POLICY_SERVICE_NAME, serviceName))); + mustClauseList.add(getMap("term", getMap(ATTR_POLICY_IS_ENABLED, true))); mustClauseList.add(getMap("match", getMap("__state", Id.EntityState.ACTIVE))); dsl.put("query", getMap("bool", getMap("must", mustClauseList))); diff --git a/auth-agents-common/src/main/java/org/apache/atlas/policytransformer/PersonaCachePolicyTransformer.java b/auth-agents-common/src/main/java/org/apache/atlas/policytransformer/PersonaCachePolicyTransformer.java index 6a6d2d3cd9..dc070e2e31 100644 --- a/auth-agents-common/src/main/java/org/apache/atlas/policytransformer/PersonaCachePolicyTransformer.java +++ b/auth-agents-common/src/main/java/org/apache/atlas/policytransformer/PersonaCachePolicyTransformer.java @@ -17,6 +17,9 @@ */ package org.apache.atlas.policytransformer; +import com.fasterxml.jackson.core.JsonProcessingException; +import com.fasterxml.jackson.databind.JsonNode; +import com.fasterxml.jackson.databind.ObjectMapper; import org.apache.atlas.RequestContext; import org.apache.atlas.exception.AtlasBaseException; import org.apache.atlas.model.instance.AtlasEntity; @@ -33,20 +36,7 @@ import static org.apache.atlas.policytransformer.CachePolicyTransformerImpl.ATTR_NAME; import static org.apache.atlas.policytransformer.CachePolicyTransformerImpl.ATTR_POLICY_RESOURCES; -import static org.apache.atlas.repository.util.AccessControlUtils.ATTR_POLICY_ACTIONS; -import static org.apache.atlas.repository.util.AccessControlUtils.ATTR_POLICY_IS_ENABLED; -import static org.apache.atlas.repository.util.AccessControlUtils.ATTR_POLICY_RESOURCES_CATEGORY; -import static org.apache.atlas.repository.util.AccessControlUtils.POLICY_SUB_CATEGORY_DATA; -import static org.apache.atlas.repository.util.AccessControlUtils.POLICY_SUB_CATEGORY_METADATA; -import static org.apache.atlas.repository.util.AccessControlUtils.RESOURCES_ENTITY; -import static org.apache.atlas.repository.util.AccessControlUtils.RESOURCES_ENTITY_TYPE; -import static org.apache.atlas.repository.util.AccessControlUtils.getEntityByQualifiedName; -import static org.apache.atlas.repository.util.AccessControlUtils.getFilteredPolicyResources; -import static org.apache.atlas.repository.util.AccessControlUtils.getIsPolicyEnabled; -import static org.apache.atlas.repository.util.AccessControlUtils.getPolicyActions; -import static org.apache.atlas.repository.util.AccessControlUtils.getPolicyConnectionQN; -import static org.apache.atlas.repository.util.AccessControlUtils.getPolicyResources; -import static org.apache.atlas.repository.util.AccessControlUtils.getPolicySubCategory; +import static org.apache.atlas.repository.util.AccessControlUtils.*; public class PersonaCachePolicyTransformer extends AbstractCachePolicyTransformer { private static final Logger LOG = LoggerFactory.getLogger(PersonaCachePolicyTransformer.class); @@ -64,12 +54,14 @@ public PersonaCachePolicyTransformer(EntityGraphRetriever entityRetriever) throw public List transform(AtlasEntityHeader atlasPolicy) { AtlasPerfMetrics.MetricRecorder recorder = RequestContext.get().startMetricRecord("PersonaCachePolicyTransformer.transform"); List ret = new ArrayList<>(); - List atlasActions = getPolicyActions(atlasPolicy); List atlasResources = getPolicyResources(atlasPolicy); List entityResources = getFilteredPolicyResources(atlasResources, RESOURCES_ENTITY); List typeResources = getFilteredPolicyResources(atlasResources, RESOURCES_ENTITY_TYPE); + String policyServiceName = getPolicyServiceName(atlasPolicy); + String policyFilterCriteria = getPolicyFilterCriteria(atlasPolicy); + int index = 0; for (String atlasAction : atlasActions) { List currentTemplates = personaTemplate.getTemplate(atlasAction); @@ -83,47 +75,61 @@ public List transform(AtlasEntityHeader atlasPolicy) { AtlasEntityHeader header = new AtlasEntityHeader(atlasPolicy); header.setGuid(atlasPolicy.getGuid() + "-" + index++); - header.setAttribute(ATTR_POLICY_ACTIONS, templatePolicy.getActions()); header.setAttribute(ATTR_POLICY_RESOURCES_CATEGORY, templatePolicy.getPolicyResourceCategory()); header.setAttribute(ATTR_POLICY_IS_ENABLED, getIsPolicyEnabled(atlasPolicy)); + header.setAttribute(ATTR_NAME, "transformed_policy_persona"); - String subCategory = getPolicySubCategory(atlasPolicy); - - List finalResources = new ArrayList<>(); - - for (String templateResource : templatePolicy.getResources()) { - if (templateResource.contains(PLACEHOLDER_ENTITY)) { - for (String entityResource : entityResources) { - finalResources.add(templateResource.replace(PLACEHOLDER_ENTITY, entityResource)); + if (policyServiceName.equals(POLICY_SERVICE_NAME_ABAC)) { + if (policyFilterCriteria != null && !policyFilterCriteria.isEmpty()) { + ObjectMapper mapper = new ObjectMapper(); + try { + JsonNode filterCriteriaNode = mapper.readTree(policyFilterCriteria); + if (filterCriteriaNode != null && filterCriteriaNode.get("entity") != null) { + JsonNode entityFilterCriteriaNode = filterCriteriaNode.get("entity"); + policyFilterCriteria = entityFilterCriteriaNode.toString(); + } + } catch (JsonProcessingException e) { + e.printStackTrace(); } + } + header.setAttribute(ATTR_POLICY_FILTER_CRITERIA, + templatePolicy.getPolicyFilterCriteria().replace(PLACEHOLDER_FILTER_CRITERIA, policyFilterCriteria)); + } else { + String subCategory = getPolicySubCategory(atlasPolicy); - } else if (templateResource.contains(PLACEHOLDER_ENTITY_TYPE)) { - - if (CollectionUtils.isNotEmpty(typeResources)) { - typeResources.forEach(x -> finalResources.add(templateResource.replace(PLACEHOLDER_ENTITY_TYPE, x))); - } else { - boolean isConnection = false; + List finalResources = new ArrayList<>(); - if (POLICY_SUB_CATEGORY_METADATA.equals(subCategory) || POLICY_SUB_CATEGORY_DATA.equals(subCategory)) { - isConnection = isConnectionPolicy(entityResources, atlasPolicy); + for (String templateResource : templatePolicy.getResources()) { + if (templateResource.contains(PLACEHOLDER_ENTITY)) { + for (String entityResource : entityResources) { + finalResources.add(templateResource.replace(PLACEHOLDER_ENTITY, entityResource)); } - if (isConnection) { - finalResources.add(templateResource.replace(PLACEHOLDER_ENTITY_TYPE, "*")); + } else if (templateResource.contains(PLACEHOLDER_ENTITY_TYPE)) { + + if (CollectionUtils.isNotEmpty(typeResources)) { + typeResources.forEach(x -> finalResources.add(templateResource.replace(PLACEHOLDER_ENTITY_TYPE, x))); } else { - finalResources.add(templateResource.replace(PLACEHOLDER_ENTITY_TYPE, "Process")); - finalResources.add(templateResource.replace(PLACEHOLDER_ENTITY_TYPE, "Catalog")); + boolean isConnection = false; + + if (POLICY_SUB_CATEGORY_METADATA.equals(subCategory) || POLICY_SUB_CATEGORY_DATA.equals(subCategory)) { + isConnection = isConnectionPolicy(entityResources, atlasPolicy); + } + + if (isConnection) { + finalResources.add(templateResource.replace(PLACEHOLDER_ENTITY_TYPE, "*")); + } else { + finalResources.add(templateResource.replace(PLACEHOLDER_ENTITY_TYPE, "Process")); + finalResources.add(templateResource.replace(PLACEHOLDER_ENTITY_TYPE, "Catalog")); + } } + } else { + finalResources.add(templateResource); } - } else { - finalResources.add(templateResource); } + header.setAttribute(ATTR_POLICY_RESOURCES, finalResources); } - header.setAttribute(ATTR_POLICY_RESOURCES, finalResources); - - header.setAttribute(ATTR_NAME, "transformed_policy_persona"); - ret.add(header); } } diff --git a/auth-agents-common/src/main/java/org/apache/atlas/policytransformer/PolicyTransformerTemplate.java b/auth-agents-common/src/main/java/org/apache/atlas/policytransformer/PolicyTransformerTemplate.java index 3bde95eef1..13ada447c5 100644 --- a/auth-agents-common/src/main/java/org/apache/atlas/policytransformer/PolicyTransformerTemplate.java +++ b/auth-agents-common/src/main/java/org/apache/atlas/policytransformer/PolicyTransformerTemplate.java @@ -63,6 +63,11 @@ public void fromJsonString(String json) { templatePolicy.setPolicyResourceCategory((String) policy.get("policyResourceCategory")); templatePolicy.setPolicyServiceName((String) policy.get("policyServiceName")); + Object filterCriteria = policy.get("policyFilterCriteria"); + if (filterCriteria != null) { + templatePolicy.setPolicyFilterCriteria((String) filterCriteria); + } + policies.add(templatePolicy); } @@ -76,6 +81,7 @@ class TemplatePolicy { private List resources; private List actions; private String policyResourceCategory; + private String policyFilterCriteria; public String getPolicyServiceName() { return policyServiceName; @@ -116,5 +122,13 @@ public List getActions() { public void setActions(List actions) { this.actions = actions; } + + public String getPolicyFilterCriteria() { + return policyFilterCriteria; + } + + public void setPolicyFilterCriteria(String policyFilterCriteria) { + this.policyFilterCriteria = policyFilterCriteria; + } } } diff --git a/auth-common/pom.xml b/auth-common/pom.xml new file mode 100644 index 0000000000..d816422e69 --- /dev/null +++ b/auth-common/pom.xml @@ -0,0 +1,31 @@ + + + + apache-atlas + org.apache.atlas + 3.0.0-SNAPSHOT + + 4.0.0 + + auth-common + + + + org.apache.htrace + htrace-core4 + 4.1.0-incubating + compile + + + commons-collections + commons-collections + + + commons-lang + commons-lang + + + + \ No newline at end of file diff --git a/auth-agents-common/src/main/java/org/apache/atlas/plugin/model/GroupInfo.java b/auth-common/src/main/java/org/apache/atlas/plugin/model/GroupInfo.java similarity index 100% rename from auth-agents-common/src/main/java/org/apache/atlas/plugin/model/GroupInfo.java rename to auth-common/src/main/java/org/apache/atlas/plugin/model/GroupInfo.java index ea5630744e..bab8db509d 100644 --- a/auth-agents-common/src/main/java/org/apache/atlas/plugin/model/GroupInfo.java +++ b/auth-common/src/main/java/org/apache/atlas/plugin/model/GroupInfo.java @@ -19,8 +19,8 @@ package org.apache.atlas.plugin.model; -import org.apache.htrace.shaded.fasterxml.jackson.annotation.JsonInclude; import org.apache.atlas.plugin.util.RangerUserStoreUtil; +import org.apache.htrace.shaded.fasterxml.jackson.annotation.JsonInclude; import javax.xml.bind.annotation.XmlAccessType; import javax.xml.bind.annotation.XmlAccessorType; diff --git a/auth-common/src/main/java/org/apache/atlas/plugin/model/NewAccessResourceImpl.java b/auth-common/src/main/java/org/apache/atlas/plugin/model/NewAccessResourceImpl.java new file mode 100644 index 0000000000..0841060387 --- /dev/null +++ b/auth-common/src/main/java/org/apache/atlas/plugin/model/NewAccessResourceImpl.java @@ -0,0 +1,253 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +package org.apache.atlas.plugin.model; + +import org.apache.atlas.plugin.model.RangerServiceDef.RangerResourceDef; +import org.apache.commons.lang.ObjectUtils; + +import java.util.Collections; +import java.util.HashMap; +import java.util.List; +import java.util.Map; +import java.util.Set; + +public class NewAccessResourceImpl { + + private String RESOURCE_SEP = "/"; + private String RESOURCE_NAME_VAL_SEP = "="; + + private String ownerUser; + private Map elements; + private String stringifiedValue; + private String stringifiedCacheKeyValue; + private String leafName; + private RangerServiceDef serviceDef; + + public NewAccessResourceImpl() { + this(null, null); + } + + public NewAccessResourceImpl(Map elements) { + this(elements, null); + } + + public NewAccessResourceImpl(Map elements, String ownerUser) { + this.elements = elements; + this.ownerUser = ownerUser; + } + + public String getOwnerUser() { + return ownerUser; + } + + public boolean exists(String name) { + return elements != null && elements.containsKey(name); + } + + public Object getValue(String name) { + Object ret = null; + + if(elements != null && elements.containsKey(name)) { + ret = elements.get(name); + } + + return ret; + } + + public Set getKeys() { + Set ret = null; + + if(elements != null) { + ret = elements.keySet(); + } + + return ret; + } + + public void setOwnerUser(String ownerUser) { + this.ownerUser = ownerUser; + } + + public void setValue(String name, Object value) { + if(value == null) { + if(elements != null) { + elements.remove(name); + + if(elements.isEmpty()) { + elements = null; + } + } + } else { + if(elements == null) { + elements = new HashMap<>(); + } + elements.put(name, value); + } + + // reset, so that these will be computed again with updated elements + stringifiedValue = stringifiedCacheKeyValue = leafName = null; + } + + public void setServiceDef(final RangerServiceDef serviceDef) { + this.serviceDef = serviceDef; + this.stringifiedValue = this.stringifiedCacheKeyValue = this.leafName = null; + } + + public RangerServiceDef getServiceDef() { + return this.serviceDef; + } + + public String getLeafName() { + String ret = leafName; + + if(ret == null) { + if(serviceDef != null && serviceDef.getResources() != null) { + List resourceDefs = serviceDef.getResources(); + + for(int idx = resourceDefs.size() - 1; idx >= 0; idx--) { + RangerResourceDef resourceDef = resourceDefs.get(idx); + + if(resourceDef != null && exists(resourceDef.getName())) { + ret = leafName = resourceDef.getName(); + break; + } + } + } + } + + return ret; + } + + public String getAsString() { + String ret = stringifiedValue; + + if(ret == null) { + if(serviceDef != null && serviceDef.getResources() != null) { + StringBuilder sb = new StringBuilder(); + + for(RangerResourceDef resourceDef : serviceDef.getResources()) { + if(resourceDef == null || !exists(resourceDef.getName())) { + continue; + } + + if(sb.length() > 0) { + sb.append(RESOURCE_SEP); + } + + sb.append(getValue(resourceDef.getName())); + } + + if(sb.length() > 0) { + ret = stringifiedValue = sb.toString(); + } + } + } + + return ret; + } + + public String getCacheKey() { + String ret = stringifiedCacheKeyValue; + + if(ret == null) { + if(serviceDef != null && serviceDef.getResources() != null) { + StringBuilder sb = new StringBuilder(); + + for(RangerResourceDef resourceDef : serviceDef.getResources()) { + if(resourceDef == null || !exists(resourceDef.getName())) { + continue; + } + + if(sb.length() > 0) { + sb.append(RESOURCE_SEP); + } + + sb.append(resourceDef.getName()).append(RESOURCE_NAME_VAL_SEP).append(getValue(resourceDef.getName())); + } + + if(sb.length() > 0) { + ret = stringifiedCacheKeyValue = sb.toString(); + } + } + } + + return ret; + } + + public Map getAsMap() { + return elements == null ? Collections.EMPTY_MAP : Collections.unmodifiableMap(elements); + } + + public boolean equals(Object obj) { + if(obj == null || !(obj instanceof NewAccessResourceImpl)) { + return false; + } + + if(this == obj) { + return true; + } + + NewAccessResourceImpl other = (NewAccessResourceImpl) obj; + + return ObjectUtils.equals(ownerUser, other.ownerUser) && + ObjectUtils.equals(elements, other.elements); + } + + @Override + public int hashCode() { + int ret = 7; + + ret = 31 * ret + ObjectUtils.hashCode(ownerUser); + ret = 31 * ret + ObjectUtils.hashCode(elements); + + return ret; + } + + @Override + public String toString( ) { + StringBuilder sb = new StringBuilder(); + + toString(sb); + + return sb.toString(); + } + + public StringBuilder toString(StringBuilder sb) { + sb.append("RangerResourceImpl={"); + + sb.append("ownerUser={").append(ownerUser).append("} "); + + sb.append("elements={"); + if(elements != null) { + for(Map.Entry e : elements.entrySet()) { + sb.append(e.getKey()).append("=").append(e.getValue()).append("; "); + } + } + sb.append("} "); + + sb.append("}"); + + return sb; + } + + protected String getStringifiedValue() { return stringifiedValue; } + + protected void setStringifiedValue(String val) { this.stringifiedValue = val; } +} diff --git a/auth-common/src/main/java/org/apache/atlas/plugin/model/RangerBaseModelObject.java b/auth-common/src/main/java/org/apache/atlas/plugin/model/RangerBaseModelObject.java new file mode 100644 index 0000000000..aa8532da15 --- /dev/null +++ b/auth-common/src/main/java/org/apache/atlas/plugin/model/RangerBaseModelObject.java @@ -0,0 +1,170 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +package org.apache.atlas.plugin.model; + +import org.apache.htrace.shaded.fasterxml.jackson.annotation.JsonInclude; + +import javax.xml.bind.annotation.XmlAccessType; +import javax.xml.bind.annotation.XmlAccessorType; +import javax.xml.bind.annotation.XmlRootElement; +import java.util.Date; + +@JsonInclude(JsonInclude.Include.NON_NULL) +@XmlRootElement +@XmlAccessorType(XmlAccessType.FIELD) +public class RangerBaseModelObject implements java.io.Serializable { + private static final long serialVersionUID = 1L; + + private Long id; + private String guid; + private Boolean isEnabled; + private String createdBy; + private String updatedBy; + private Date createTime; + private Date updateTime; + private Long version; + + public RangerBaseModelObject() { + setIsEnabled(null); + } + + public void updateFrom(RangerBaseModelObject other) { + setIsEnabled(other.getIsEnabled()); + } + + /** + * @return the id + */ + public Long getId() { + return id; + } + /** + * @param id the id to set + */ + public void setId(Long id) { + this.id = id; + } + /** + * @return the guid + */ + public String getGuid() { + return guid; + } + /** + * @param guid the guid to set + */ + public void setGuid(String guid) { + this.guid = guid; + } + /** + * @return the isEnabled + */ + public Boolean getIsEnabled() { + return isEnabled; + } + /** + * @param isEnabled the isEnabled to set + */ + public void setIsEnabled(Boolean isEnabled) { + this.isEnabled = isEnabled == null ? Boolean.TRUE : isEnabled; + } + /** + * @return the createdBy + */ + public String getCreatedBy() { + return createdBy; + } + /** + * @param createdBy the createdBy to set + */ + public void setCreatedBy(String createdBy) { + this.createdBy = createdBy; + } + /** + * @return the updatedBy + */ + public String getUpdatedBy() { + return updatedBy; + } + /** + * @param updatedBy the updatedBy to set + */ + public void setUpdatedBy(String updatedBy) { + this.updatedBy = updatedBy; + } + /** + * @return the createTime + */ + public Date getCreateTime() { + return createTime; + } + /** + * @param createTime the createTime to set + */ + public void setCreateTime(Date createTime) { + this.createTime = createTime; + } + /** + * @return the updateTime + */ + public Date getUpdateTime() { + return updateTime; + } + /** + * @param updateTime the updateTime to set + */ + public void setUpdateTime(Date updateTime) { + this.updateTime = updateTime; + } + /** + * @return the version + */ + public Long getVersion() { + return version; + } + /** + * @param version the version to set + */ + public void setVersion(Long version) { + this.version = version; + } + + @Override + public String toString( ) { + StringBuilder sb = new StringBuilder(); + + toString(sb); + + return sb.toString(); + } + + public StringBuilder toString(StringBuilder sb) { + sb.append("id={").append(id).append("} "); + sb.append("guid={").append(guid).append("} "); + sb.append("isEnabled={").append(isEnabled).append("} "); + sb.append("createdBy={").append(createdBy).append("} "); + sb.append("updatedBy={").append(updatedBy).append("} "); + sb.append("createTime={").append(createTime).append("} "); + sb.append("updateTime={").append(updateTime).append("} "); + sb.append("version={").append(version).append("} "); + + return sb; + } +} diff --git a/auth-common/src/main/java/org/apache/atlas/plugin/model/RangerPolicy.java b/auth-common/src/main/java/org/apache/atlas/plugin/model/RangerPolicy.java new file mode 100644 index 0000000000..be93b492e9 --- /dev/null +++ b/auth-common/src/main/java/org/apache/atlas/plugin/model/RangerPolicy.java @@ -0,0 +1,1708 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +package org.apache.atlas.plugin.model; + +import org.apache.commons.collections.CollectionUtils; +import org.apache.htrace.shaded.fasterxml.jackson.annotation.JsonIgnoreProperties; +import org.apache.htrace.shaded.fasterxml.jackson.annotation.JsonInclude; + +import javax.xml.bind.annotation.XmlAccessType; +import javax.xml.bind.annotation.XmlAccessorType; +import javax.xml.bind.annotation.XmlRootElement; +import java.util.ArrayList; +import java.util.Comparator; +import java.util.HashMap; +import java.util.List; +import java.util.Map; + +@JsonIgnoreProperties(ignoreUnknown = true) +@JsonInclude(JsonInclude.Include.NON_NULL) +@XmlRootElement +@XmlAccessorType(XmlAccessType.FIELD) +public class RangerPolicy extends RangerBaseModelObject implements java.io.Serializable { + public static final String POLICY_TYPE_ACCESS = "ACCESS"; + public static final String POLICY_TYPE_DATAMASK = "DATA_MASK"; + public static final String POLICY_TYPE_ROWFILTER = "ROW_FILTER"; + public static final String POLICY_TYPE_AUDIT = "AUDIT"; + + public static final String[] POLICY_TYPES = new String[] { + POLICY_TYPE_ACCESS, + POLICY_TYPE_DATAMASK, + POLICY_TYPE_ROWFILTER + }; + + public static final String MASK_TYPE_NULL = "MASK_NULL"; + public static final String MASK_TYPE_NONE = "MASK_NONE"; + public static final String MASK_TYPE_CUSTOM = "CUSTOM"; + + public static final int POLICY_PRIORITY_NORMAL = 0; + public static final int POLICY_PRIORITY_OVERRIDE = 1; + + public static final String POLICY_PRIORITY_NAME_NORMAL = "NORMAL"; + public static final String POLICY_PRIORITY_NAME_OVERRIDE = "OVERRIDE"; + + public static final Comparator POLICY_ID_COMPARATOR = new PolicyIdComparator(); + + // For future use + private static final long serialVersionUID = 1L; + + private String service; + private String name; + private String policyType; + private Integer policyPriority; + private String description; + private String resourceSignature; + private Boolean isAuditEnabled; + private Map resources; + private List conditions; + private List policyItems; + private List denyPolicyItems; + private List allowExceptions; + private List denyExceptions; + private List dataMaskPolicyItems; + private List rowFilterPolicyItems; + private String serviceType; + private Map options; + private List validitySchedules; + private List policyLabels; + private String zoneName; + private Boolean isDenyAllElse; + private Map attributes; + + public RangerPolicy() { + this(null, null, null, null, null, null, null, null, null, null, null); + } + + public RangerPolicy(String service, String name, String policyType, Integer policyPriority, String description, Map resources, List policyItems, String resourceSignature, Map options, List validitySchedules, List policyLables) { + this(service, name, policyType, policyPriority, description, resources, policyItems, resourceSignature, options, validitySchedules, policyLables, null); + } + + public RangerPolicy(String service, String name, String policyType, Integer policyPriority, String description, Map resources, List policyItems, String resourceSignature, Map options, List validitySchedules, List policyLables, String zoneName) { + this(service, name, policyType, policyPriority, description, resources, policyItems, resourceSignature, options, validitySchedules, policyLables, zoneName, null); + } + + public RangerPolicy(String service, String name, String policyType, Integer policyPriority, String description, Map resources, List policyItems, String resourceSignature, Map options, List validitySchedules, List policyLables, String zoneName, List conditions) { + this(service, name, policyType, policyPriority, description, resources, policyItems, resourceSignature, options, validitySchedules, policyLables, zoneName, conditions, null); + } + + public RangerPolicy(String service, String name, String policyType, Integer policyPriority, String description, Map resources, List policyItems, String resourceSignature, Map options, List validitySchedules, List policyLables, String zoneName, List conditions, Boolean isDenyAllElse) { + this(service, name, policyType, policyPriority, description, resources, policyItems, resourceSignature, options, validitySchedules, policyLables, zoneName, conditions, null, null, null); + } + + /** + * @param service + * @param name + * @param policyType + * @param description + * @param resources + * @param policyItems + * @param resourceSignature TODO + */ + public RangerPolicy(String service, String name, String policyType, Integer policyPriority, String description, Map resources, List policyItems, String resourceSignature, Map options, List validitySchedules, List policyLables, String zoneName, List conditions, Boolean isDenyAllElse, String policyFilterCriteria, String policyResourceCategory) { + super(); + + setService(service); + setName(name); + setPolicyType(policyType); + setPolicyPriority(policyPriority); + setDescription(description); + setResourceSignature(resourceSignature); + setIsAuditEnabled(null); + setResources(resources); + setPolicyItems(policyItems); + setDenyPolicyItems(null); + setAllowExceptions(null); + setDenyExceptions(null); + setDataMaskPolicyItems(null); + setRowFilterPolicyItems(null); + setOptions(options); + setValiditySchedules(validitySchedules); + setPolicyLabels(policyLables); + setZoneName(zoneName); + setConditions(conditions); + setIsDenyAllElse(isDenyAllElse); + + } + + /** + * @param other + */ + public void updateFrom(RangerPolicy other) { + super.updateFrom(other); + + setService(other.getService()); + setName(other.getName()); + setPolicyType(other.getPolicyType()); + setPolicyPriority(other.getPolicyPriority()); + setDescription(other.getDescription()); + setResourceSignature(other.getResourceSignature()); + setIsAuditEnabled(other.getIsAuditEnabled()); + setResources(other.getResources()); + setConditions(other.getConditions()); + setPolicyItems(other.getPolicyItems()); + setDenyPolicyItems(other.getDenyPolicyItems()); + setAllowExceptions(other.getAllowExceptions()); + setDenyExceptions(other.getDenyExceptions()); + setDataMaskPolicyItems(other.getDataMaskPolicyItems()); + setRowFilterPolicyItems(other.getRowFilterPolicyItems()); + setServiceType(other.getServiceType()); + setOptions(other.getOptions()); + setValiditySchedules(other.getValiditySchedules()); + setPolicyLabels(other.getPolicyLabels()); + setZoneName(other.getZoneName()); + setIsDenyAllElse(other.getIsDenyAllElse()); + } + + public Map getAttributes() { + return attributes; + } + + public void setAttributes(Map attributes) { + this.attributes = attributes; + } + + /** + * @return the type + */ + public String getService() { + return service; + } + + /** + * @param service the type to set + */ + public void setService(String service) { + this.service = service; + } + + /** + * @return the name + */ + public String getName() { + return name; + } + + /** + * @param name the name to set + */ + public void setName(String name) { + this.name = name; + } + + /** + * @return the policyType + */ + public String getPolicyType() { + return policyType; + } + + /** + * @param policyType the policyType to set + */ + public void setPolicyType(String policyType) { + this.policyType = policyType; + } + + /** + * @return the policyPriority + */ + public Integer getPolicyPriority() { + return policyPriority; + } + + /** + * @param policyPriority the policyPriority to set + */ + public void setPolicyPriority(Integer policyPriority) { + this.policyPriority = policyPriority == null ? RangerPolicy.POLICY_PRIORITY_NORMAL : policyPriority; + } + + /** + * @return the description + */ + public String getDescription() { + return description; + } + + /** + * @param description the description to set + */ + public void setDescription(String description) { + this.description = description; + } + + /** + * @return the resourceSignature + */ + public String getResourceSignature() { + return resourceSignature; + } + + /** + * @param resourceSignature the resourceSignature to set + */ + public void setResourceSignature(String resourceSignature) { + this.resourceSignature = resourceSignature; + } + + /** + * @return the isAuditEnabled + */ + public Boolean getIsAuditEnabled() { + return isAuditEnabled; + } + + /** + * @param isAuditEnabled the isEnabled to set + */ + public void setIsAuditEnabled(Boolean isAuditEnabled) { + this.isAuditEnabled = isAuditEnabled == null ? Boolean.TRUE : isAuditEnabled; + } + + public String getServiceType() { + return serviceType; + } + + public void setServiceType(String serviceType) { + this.serviceType = serviceType; + } + + public List getPolicyLabels() { + return policyLabels; + } + + public void setPolicyLabels(List policyLabels) { + if (this.policyLabels == null) { + this.policyLabels = new ArrayList<>(); + } + + if (this.policyLabels == policyLabels) { + return; + } + + this.policyLabels.clear(); + + if (policyLabels != null) { + this.policyLabels.addAll(policyLabels); + } + } + + /** + * @return the resources + */ + public Map getResources() { + return resources; + } + + /** + * @param resources the resources to set + */ + public void setResources(Map resources) { + if(this.resources == null) { + this.resources = new HashMap<>(); + } + + if(this.resources == resources) { + return; + } + + this.resources.clear(); + + if(resources != null) { + for(Map.Entry e : resources.entrySet()) { + this.resources.put(e.getKey(), e.getValue()); + } + } + } + + /** + * @return the policyItems + */ + public List getPolicyItems() { + return policyItems; + } + + /** + * @param policyItems the policyItems to set + */ + public void setPolicyItems(List policyItems) { + if(this.policyItems == null) { + this.policyItems = new ArrayList<>(); + } + + if(this.policyItems == policyItems) { + return; + } + + this.policyItems.clear(); + + if(policyItems != null) { + this.policyItems.addAll(policyItems); + } + } + + /** + * @return the denyPolicyItems + */ + public List getDenyPolicyItems() { + return denyPolicyItems; + } + + /** + * @param denyPolicyItems the denyPolicyItems to set + */ + public void setDenyPolicyItems(List denyPolicyItems) { + if(this.denyPolicyItems == null) { + this.denyPolicyItems = new ArrayList<>(); + } + + if(this.denyPolicyItems == denyPolicyItems) { + return; + } + + this.denyPolicyItems.clear(); + + if(denyPolicyItems != null) { + this.denyPolicyItems.addAll(denyPolicyItems); + } + } + + /** + * @return the allowExceptions + */ + public List getAllowExceptions() { + return allowExceptions; + } + + /** + * @param allowExceptions the allowExceptions to set + */ + public void setAllowExceptions(List allowExceptions) { + if(this.allowExceptions == null) { + this.allowExceptions = new ArrayList<>(); + } + + if(this.allowExceptions == allowExceptions) { + return; + } + + this.allowExceptions.clear(); + + if(allowExceptions != null) { + this.allowExceptions.addAll(allowExceptions); + } + } + + /** + * @return the denyExceptions + */ + public List getDenyExceptions() { + return denyExceptions; + } + + /** + * @param denyExceptions the denyExceptions to set + */ + public void setDenyExceptions(List denyExceptions) { + if(this.denyExceptions == null) { + this.denyExceptions = new ArrayList<>(); + } + + if(this.denyExceptions == denyExceptions) { + return; + } + + this.denyExceptions.clear(); + + if(denyExceptions != null) { + this.denyExceptions.addAll(denyExceptions); + } + } + + public List getDataMaskPolicyItems() { + return dataMaskPolicyItems; + } + + public void setDataMaskPolicyItems(List dataMaskPolicyItems) { + if(this.dataMaskPolicyItems == null) { + this.dataMaskPolicyItems = new ArrayList<>(); + } + + if(this.dataMaskPolicyItems == dataMaskPolicyItems) { + return; + } + + this.dataMaskPolicyItems.clear(); + + if(dataMaskPolicyItems != null) { + this.dataMaskPolicyItems.addAll(dataMaskPolicyItems); + } + } + + public List getRowFilterPolicyItems() { + return rowFilterPolicyItems; + } + + public void setRowFilterPolicyItems(List rowFilterPolicyItems) { + if(this.rowFilterPolicyItems == null) { + this.rowFilterPolicyItems = new ArrayList<>(); + } + + if(this.rowFilterPolicyItems == rowFilterPolicyItems) { + return; + } + + this.rowFilterPolicyItems.clear(); + + if(rowFilterPolicyItems != null) { + this.rowFilterPolicyItems.addAll(rowFilterPolicyItems); + } + } + + public Map getOptions() { return options; } + + public void setOptions(Map options) { + if (this.options == null) { + this.options = new HashMap<>(); + } + if (this.options == options) { + return; + } + this.options.clear(); + + if(options != null) { + for(Map.Entry e : options.entrySet()) { + this.options.put(e.getKey(), e.getValue()); + } + } + } + + public List getValiditySchedules() { return validitySchedules; } + + public void setValiditySchedules(List validitySchedules) { + if (this.validitySchedules == null) { + this.validitySchedules = new ArrayList<>(); + } + if (this.validitySchedules == validitySchedules) { + return; + } + this.validitySchedules.clear(); + + if(validitySchedules != null) { + this.validitySchedules.addAll(validitySchedules); + } + } + public String getZoneName() { return zoneName; } + + public void setZoneName(String zoneName) { + this.zoneName = zoneName; + } + + /** + * @return the conditions + */ + public List getConditions() { return conditions; } + /** + * @param conditions the conditions to set + */ + public void setConditions(List conditions) { + this.conditions = conditions; + } + + public Boolean getIsDenyAllElse() { + return isDenyAllElse; + } + + public void setIsDenyAllElse(Boolean isDenyAllElse) { + this.isDenyAllElse = isDenyAllElse == null ? Boolean.FALSE : isDenyAllElse; + } + + @Override + public String toString( ) { + StringBuilder sb = new StringBuilder(); + + toString(sb); + + return sb.toString(); + } + + public StringBuilder toString(StringBuilder sb) { + sb.append("RangerPolicy={"); + + super.toString(sb); + + sb.append("service={").append(service).append("} "); + sb.append("name={").append(name).append("} "); + sb.append("policyType={").append(policyType).append("} "); + sb.append("policyPriority={").append(policyPriority).append("} "); + sb.append("description={").append(description).append("} "); + sb.append("resourceSignature={").append(resourceSignature).append("} "); + sb.append("isAuditEnabled={").append(isAuditEnabled).append("} "); + sb.append("serviceType={").append(serviceType).append("} "); + + sb.append("resources={"); + if(resources != null) { + for(Map.Entry e : resources.entrySet()) { + sb.append(e.getKey()).append("={"); + e.getValue().toString(sb); + sb.append("} "); + } + } + sb.append("} "); + sb.append("policyLabels={"); + if(policyLabels != null) { + for(String policyLabel : policyLabels) { + if(policyLabel != null) { + sb.append(policyLabel).append(" "); + } + } + } + sb.append("} "); + + sb.append("policyConditions={"); + if(conditions != null) { + for(RangerPolicyItemCondition condition : conditions) { + if(condition != null) { + condition.toString(sb); + } + } + } + sb.append("} "); + + sb.append("policyItems={"); + if(policyItems != null) { + for(RangerPolicyItem policyItem : policyItems) { + if(policyItem != null) { + policyItem.toString(sb); + } + } + } + sb.append("} "); + + sb.append("denyPolicyItems={"); + if(denyPolicyItems != null) { + for(RangerPolicyItem policyItem : denyPolicyItems) { + if(policyItem != null) { + policyItem.toString(sb); + } + } + } + sb.append("} "); + + sb.append("allowExceptions={"); + if(allowExceptions != null) { + for(RangerPolicyItem policyItem : allowExceptions) { + if(policyItem != null) { + policyItem.toString(sb); + } + } + } + sb.append("} "); + + sb.append("denyExceptions={"); + if(denyExceptions != null) { + for(RangerPolicyItem policyItem : denyExceptions) { + if(policyItem != null) { + policyItem.toString(sb); + } + } + } + sb.append("} "); + + sb.append("dataMaskPolicyItems={"); + if(dataMaskPolicyItems != null) { + for(RangerDataMaskPolicyItem dataMaskPolicyItem : dataMaskPolicyItems) { + if(dataMaskPolicyItem != null) { + dataMaskPolicyItem.toString(sb); + } + } + } + sb.append("} "); + + sb.append("rowFilterPolicyItems={"); + if(rowFilterPolicyItems != null) { + for(RangerRowFilterPolicyItem rowFilterPolicyItem : rowFilterPolicyItems) { + if(rowFilterPolicyItem != null) { + rowFilterPolicyItem.toString(sb); + } + } + } + sb.append("} "); + + sb.append("options={"); + if(options != null) { + for(Map.Entry e : options.entrySet()) { + sb.append(e.getKey()).append("={"); + sb.append(e.getValue().toString()); + sb.append("} "); + } + } + sb.append("} "); + + //sb.append("validitySchedules={").append(validitySchedules).append("} "); + sb.append("validitySchedules={"); + if (CollectionUtils.isNotEmpty(validitySchedules)) { + for (RangerValiditySchedule schedule : validitySchedules) { + if (schedule != null) { + sb.append("schedule={").append(schedule).append("}"); + } + } + } + sb.append(", zoneName=").append(zoneName); + + sb.append(", isDenyAllElse={").append(isDenyAllElse).append("} "); + + sb.append("}"); + + sb.append("}"); + + return sb; + } + + static class PolicyIdComparator implements Comparator, java.io.Serializable { + @Override + public int compare(RangerPolicy me, RangerPolicy other) { + return Long.compare(me.getId(), other.getId()); + } + } + + @JsonInclude(JsonInclude.Include.NON_NULL) + @XmlRootElement + @XmlAccessorType(XmlAccessType.FIELD) + public static class RangerPolicyResource implements java.io.Serializable { + private static final long serialVersionUID = 1L; + + private List values; + private Boolean isExcludes; + private Boolean isRecursive; + + public RangerPolicyResource() { + this((List)null, null, null); + } + + public RangerPolicyResource(String value) { + setValue(value); + setIsExcludes(null); + setIsRecursive(null); + } + + public RangerPolicyResource(String value, Boolean isExcludes, Boolean isRecursive) { + setValue(value); + setIsExcludes(isExcludes); + setIsRecursive(isRecursive); + } + + public RangerPolicyResource(List values, Boolean isExcludes, Boolean isRecursive) { + setValues(values); + setIsExcludes(isExcludes); + setIsRecursive(isRecursive); + } + + /** + * @return the values + */ + public List getValues() { + return values; + } + + /** + * @param values the values to set + */ + public void setValues(List values) { + if(this.values == null) { + this.values = new ArrayList<>(); + } + + if(this.values == values) { + return; + } + + this.values.clear(); + + if(values != null) { + this.values.addAll(values); + } + } + + /** + * @param value the value to set + */ + public void setValue(String value) { + if(this.values == null) { + this.values = new ArrayList<>(); + } + + this.values.clear(); + + this.values.add(value); + } + + /** + * @return the isExcludes + */ + public Boolean getIsExcludes() { + return isExcludes; + } + + /** + * @param isExcludes the isExcludes to set + */ + public void setIsExcludes(Boolean isExcludes) { + this.isExcludes = isExcludes == null ? Boolean.FALSE : isExcludes; + } + + /** + * @return the isRecursive + */ + public Boolean getIsRecursive() { + return isRecursive; + } + + /** + * @param isRecursive the isRecursive to set + */ + public void setIsRecursive(Boolean isRecursive) { + this.isRecursive = isRecursive == null ? Boolean.FALSE : isRecursive; + } + + @Override + public String toString( ) { + StringBuilder sb = new StringBuilder(); + + toString(sb); + + return sb.toString(); + } + + public StringBuilder toString(StringBuilder sb) { + sb.append("RangerPolicyResource={"); + sb.append("values={"); + if(values != null) { + for(String value : values) { + sb.append(value).append(" "); + } + } + sb.append("} "); + sb.append("isExcludes={").append(isExcludes).append("} "); + sb.append("isRecursive={").append(isRecursive).append("} "); + sb.append("}"); + + return sb; + } + + @Override + public int hashCode() { + final int prime = 31; + int result = 1; + result = prime * result + + ((isExcludes == null) ? 0 : isExcludes.hashCode()); + result = prime * result + + ((isRecursive == null) ? 0 : isRecursive.hashCode()); + result = prime * result + + ((values == null) ? 0 : values.hashCode()); + return result; + } + + @Override + public boolean equals(Object obj) { + if (this == obj) + return true; + if (obj == null) + return false; + if (getClass() != obj.getClass()) + return false; + RangerPolicyResource other = (RangerPolicyResource) obj; + if (isExcludes == null) { + if (other.isExcludes != null) + return false; + } else if (!isExcludes.equals(other.isExcludes)) + return false; + if (isRecursive == null) { + if (other.isRecursive != null) + return false; + } else if (!isRecursive.equals(other.isRecursive)) + return false; + if (values == null) { + if (other.values != null) + return false; + } else if (!values.equals(other.values)) + return false; + return true; + } + + } + + @JsonInclude(JsonInclude.Include.NON_NULL) + @XmlRootElement + @XmlAccessorType(XmlAccessType.FIELD) + public static class RangerPolicyItem implements java.io.Serializable { + private static final long serialVersionUID = 1L; + + private List accesses; + private List users; + private List groups; + private List roles; + private List conditions; + private Boolean delegateAdmin; + + public RangerPolicyItem() { + this(null, null, null, null, null, null); + } + + public RangerPolicyItem(List accessTypes, List users, List groups, List roles, List conditions, Boolean delegateAdmin) { + setAccesses(accessTypes); + setUsers(users); + setGroups(groups); + setRoles(roles); + setConditions(conditions); + setDelegateAdmin(delegateAdmin); + } + + /** + * @return the accesses + */ + public List getAccesses() { + return accesses; + } + /** + * @param accesses the accesses to set + */ + public void setAccesses(List accesses) { + if(this.accesses == null) { + this.accesses = new ArrayList<>(); + } + + if(this.accesses == accesses) { + return; + } + + this.accesses.clear(); + + if(accesses != null) { + this.accesses.addAll(accesses); + } + } + /** + * @return the users + */ + public List getUsers() { + return users; + } + /** + * @param users the users to set + */ + public void setUsers(List users) { + if(this.users == null) { + this.users = new ArrayList<>(); + } + + if(this.users == users) { + return; + } + + this.users.clear(); + + if(users != null) { + this.users.addAll(users); + } + } + /** + * @return the groups + */ + public List getGroups() { + return groups; + } + /** + * @param groups the groups to set + */ + public void setGroups(List groups) { + if(this.groups == null) { + this.groups = new ArrayList<>(); + } + + if(this.groups == groups) { + return; + } + + this.groups.clear(); + + if(groups != null) { + this.groups.addAll(groups); + } + } + /** + * @return the roles + */ + public List getRoles() { + return roles; + } + /** + * @param roles the roles to set + */ + public void setRoles(List roles) { + if(this.roles == null) { + this.roles = new ArrayList<>(); + } + + if(this.roles == roles) { + return; + } + + this.roles.clear(); + + if(roles != null) { + this.roles.addAll(roles); + } + } + /** + * @return the conditions + */ + public List getConditions() { + return conditions; + } + /** + * @param conditions the conditions to set + */ + public void setConditions(List conditions) { + if(this.conditions == null) { + this.conditions = new ArrayList<>(); + } + + if(this.conditions == conditions) { + return; + } + + this.conditions.clear(); + + if(conditions != null) { + this.conditions.addAll(conditions); + } + } + + /** + * @return the delegateAdmin + */ + public Boolean getDelegateAdmin() { + return delegateAdmin; + } + + /** + * @param delegateAdmin the delegateAdmin to set + */ + public void setDelegateAdmin(Boolean delegateAdmin) { + this.delegateAdmin = delegateAdmin == null ? Boolean.FALSE : delegateAdmin; + } + + @Override + public String toString( ) { + StringBuilder sb = new StringBuilder(); + + toString(sb); + + return sb.toString(); + } + + public StringBuilder toString(StringBuilder sb) { + sb.append("RangerPolicyItem={"); + + sb.append("accessTypes={"); + if(accesses != null) { + for(RangerPolicyItemAccess access : accesses) { + if(access != null) { + access.toString(sb); + } + } + } + sb.append("} "); + + sb.append("users={"); + if(users != null) { + for(String user : users) { + if(user != null) { + sb.append(user).append(" "); + } + } + } + sb.append("} "); + + sb.append("groups={"); + if(groups != null) { + for(String group : groups) { + if(group != null) { + sb.append(group).append(" "); + } + } + } + sb.append("} "); + + sb.append("roles={"); + if(roles != null) { + for(String role : roles) { + if(role != null) { + sb.append(role).append(" "); + } + } + } + sb.append("} "); + + sb.append("conditions={"); + if(conditions != null) { + for(RangerPolicyItemCondition condition : conditions) { + if(condition != null) { + condition.toString(sb); + } + } + } + sb.append("} "); + + sb.append("delegateAdmin={").append(delegateAdmin).append("} "); + sb.append("}"); + + return sb; + } + + @Override + public int hashCode() { + final int prime = 31; + int result = 1; + result = prime * result + + ((accesses == null) ? 0 : accesses.hashCode()); + result = prime * result + + ((conditions == null) ? 0 : conditions.hashCode()); + result = prime * result + + ((delegateAdmin == null) ? 0 : delegateAdmin.hashCode()); + result = prime * result + + ((roles == null) ? 0 : roles.hashCode()); + result = prime * result + + ((groups == null) ? 0 : groups.hashCode()); + result = prime * result + ((users == null) ? 0 : users.hashCode()); + return result; + } + + @Override + public boolean equals(Object obj) { + if (this == obj) + return true; + if (obj == null) + return false; + if (getClass() != obj.getClass()) + return false; + RangerPolicyItem other = (RangerPolicyItem) obj; + if (accesses == null) { + if (other.accesses != null) + return false; + } else if (!accesses.equals(other.accesses)) + return false; + if (conditions == null) { + if (other.conditions != null) + return false; + } else if (!conditions.equals(other.conditions)) + return false; + if (delegateAdmin == null) { + if (other.delegateAdmin != null) + return false; + } else if (!delegateAdmin.equals(other.delegateAdmin)) + return false; + if (roles == null) { + if (other.roles != null) + return false; + } else if (!roles.equals(other.roles)) + return false; + if (groups == null) { + if (other.groups != null) + return false; + } else if (!groups.equals(other.groups)) + return false; + if (users == null) { + if (other.users != null) + return false; + } else if (!users.equals(other.users)) + return false; + return true; + + } + } + + @JsonInclude(JsonInclude.Include.NON_NULL) + @XmlRootElement + @XmlAccessorType(XmlAccessType.FIELD) + public static class RangerDataMaskPolicyItem extends RangerPolicyItem implements java.io.Serializable { + private static final long serialVersionUID = 1L; + + private RangerPolicyItemDataMaskInfo dataMaskInfo; + + public RangerDataMaskPolicyItem() { + this(null, null, null, null, null, null, null); + } + + public RangerDataMaskPolicyItem(List accesses, RangerPolicyItemDataMaskInfo dataMaskDetail, List users, List groups, List roles, List conditions, Boolean delegateAdmin) { + super(accesses, users, groups, roles, conditions, delegateAdmin); + + setDataMaskInfo(dataMaskDetail); + } + + /** + * @return the dataMaskInfo + */ + public RangerPolicyItemDataMaskInfo getDataMaskInfo() { + return dataMaskInfo; + } + + /** + * @param dataMaskInfo the dataMaskInfo to set + */ + public void setDataMaskInfo(RangerPolicyItemDataMaskInfo dataMaskInfo) { + this.dataMaskInfo = dataMaskInfo == null ? new RangerPolicyItemDataMaskInfo() : dataMaskInfo; + } + + @Override + public int hashCode() { + final int prime = 31; + int result = super.hashCode(); + result = prime * result + ((dataMaskInfo == null) ? 0 : dataMaskInfo.hashCode()); + return result; + } + + @Override + public boolean equals(Object obj) { + if(! super.equals(obj)) + return false; + if (this == obj) + return true; + if (obj == null) + return false; + if (getClass() != obj.getClass()) + return false; + RangerDataMaskPolicyItem other = (RangerDataMaskPolicyItem) obj; + if (dataMaskInfo == null) { + if (other.dataMaskInfo != null) + return false; + } else if (!dataMaskInfo.equals(other.dataMaskInfo)) + return false; + return true; + } + + @Override + public String toString( ) { + StringBuilder sb = new StringBuilder(); + + toString(sb); + + return sb.toString(); + } + + public StringBuilder toString(StringBuilder sb) { + sb.append("RangerDataMaskPolicyItem={"); + + super.toString(sb); + + sb.append("dataMaskInfo={"); + if(dataMaskInfo != null) { + dataMaskInfo.toString(sb); + } + sb.append("} "); + + sb.append("}"); + + return sb; + } + } + + @JsonInclude(JsonInclude.Include.NON_NULL) + @XmlRootElement + @XmlAccessorType(XmlAccessType.FIELD) + public static class RangerRowFilterPolicyItem extends RangerPolicyItem implements java.io.Serializable { + private static final long serialVersionUID = 1L; + + private RangerPolicyItemRowFilterInfo rowFilterInfo; + + public RangerRowFilterPolicyItem() { + this(null, null, null, null, null, null, null); + } + + public RangerRowFilterPolicyItem(RangerPolicyItemRowFilterInfo rowFilterInfo, List accesses, List users, List groups, List roles, List conditions, Boolean delegateAdmin) { + super(accesses, users, groups, roles, conditions, delegateAdmin); + + setRowFilterInfo(rowFilterInfo); + } + + /** + * @return the rowFilterInfo + */ + public RangerPolicyItemRowFilterInfo getRowFilterInfo() { + return rowFilterInfo; + } + + /** + * @param rowFilterInfo the rowFilterInfo to set + */ + public void setRowFilterInfo(RangerPolicyItemRowFilterInfo rowFilterInfo) { + this.rowFilterInfo = rowFilterInfo == null ? new RangerPolicyItemRowFilterInfo() : rowFilterInfo; + } + + @Override + public int hashCode() { + final int prime = 31; + int result = super.hashCode(); + result = prime * result + ((rowFilterInfo == null) ? 0 : rowFilterInfo.hashCode()); + return result; + } + + @Override + public boolean equals(Object obj) { + if(! super.equals(obj)) + return false; + if (this == obj) + return true; + if (obj == null) + return false; + if (getClass() != obj.getClass()) + return false; + RangerRowFilterPolicyItem other = (RangerRowFilterPolicyItem) obj; + if (rowFilterInfo == null) { + if (other.rowFilterInfo != null) + return false; + } else if (!rowFilterInfo.equals(other.rowFilterInfo)) + return false; + return true; + } + + @Override + public String toString( ) { + StringBuilder sb = new StringBuilder(); + + toString(sb); + + return sb.toString(); + } + + public StringBuilder toString(StringBuilder sb) { + sb.append("RangerRowFilterPolicyItem={"); + + super.toString(sb); + + sb.append("rowFilterInfo={"); + if(rowFilterInfo != null) { + rowFilterInfo.toString(sb); + } + sb.append("} "); + + sb.append("}"); + + return sb; + } + } + + @JsonInclude(JsonInclude.Include.NON_NULL) + @XmlRootElement + @XmlAccessorType(XmlAccessType.FIELD) + public static class RangerPolicyItemAccess implements java.io.Serializable { + private static final long serialVersionUID = 1L; + + private String type; + private Boolean isAllowed; + + public RangerPolicyItemAccess() { + this(null, null); + } + + public RangerPolicyItemAccess(String type) { + this(type, null); + } + + public RangerPolicyItemAccess(String type, Boolean isAllowed) { + setType(type); + setIsAllowed(isAllowed); + } + + /** + * @return the type + */ + public String getType() { + return type; + } + + /** + * @param type the type to set + */ + public void setType(String type) { + this.type = type; + } + + /** + * @return the isAllowed + */ + public Boolean getIsAllowed() { + return isAllowed; + } + + /** + * @param isAllowed the isAllowed to set + */ + public void setIsAllowed(Boolean isAllowed) { + this.isAllowed = isAllowed == null ? Boolean.TRUE : isAllowed; + } + + @Override + public String toString( ) { + StringBuilder sb = new StringBuilder(); + + toString(sb); + + return sb.toString(); + } + + public StringBuilder toString(StringBuilder sb) { + sb.append("RangerPolicyItemAccess={"); + sb.append("type={").append(type).append("} "); + sb.append("isAllowed={").append(isAllowed).append("} "); + sb.append("}"); + + return sb; + } + + @Override + public int hashCode() { + final int prime = 31; + int result = 1; + result = prime * result + + ((isAllowed == null) ? 0 : isAllowed.hashCode()); + result = prime * result + ((type == null) ? 0 : type.hashCode()); + return result; + } + + @Override + public boolean equals(Object obj) { + if (this == obj) + return true; + if (obj == null) + return false; + if (getClass() != obj.getClass()) + return false; + RangerPolicyItemAccess other = (RangerPolicyItemAccess) obj; + if (isAllowed == null) { + if (other.isAllowed != null) + return false; + } else if (!isAllowed.equals(other.isAllowed)) + return false; + if (type == null) { + if (other.type != null) + return false; + } else if (!type.equals(other.type)) + return false; + return true; + } + + } + + @JsonInclude(JsonInclude.Include.NON_NULL) + @XmlRootElement + @XmlAccessorType(XmlAccessType.FIELD) + public static class RangerPolicyItemCondition implements java.io.Serializable { + private static final long serialVersionUID = 1L; + + private String type; + private List values; + + public RangerPolicyItemCondition() { + this(null, null); + } + + public RangerPolicyItemCondition(String type, List values) { + setType(type); + setValues(values); + } + + /** + * @return the type + */ + public String getType() { + return type; + } + + /** + * @param type the type to set + */ + public void setType(String type) { + this.type = type; + } + + /** + * @return the value + */ + public List getValues() { + return values; + } + + /** + * @param values the value to set + */ + public void setValues(List values) { + if (this.values == null) { + this.values = new ArrayList<>(); + } + + if(this.values == values) { + return; + } + + this.values.clear(); + + if(values != null) { + this.values.addAll(values); + } + } + + @Override + public String toString( ) { + StringBuilder sb = new StringBuilder(); + + toString(sb); + + return sb.toString(); + } + + public StringBuilder toString(StringBuilder sb) { + sb.append("RangerPolicyCondition={"); + sb.append("type={").append(type).append("} "); + sb.append("values={"); + if(values != null) { + for(String value : values) { + sb.append(value).append(" "); + } + } + sb.append("} "); + sb.append("}"); + + return sb; + } + + @Override + public int hashCode() { + final int prime = 31; + int result = 1; + result = prime * result + ((type == null) ? 0 : type.hashCode()); + result = prime * result + + ((values == null) ? 0 : values.hashCode()); + return result; + } + + @Override + public boolean equals(Object obj) { + if (this == obj) + return true; + if (obj == null) + return false; + if (getClass() != obj.getClass()) + return false; + RangerPolicyItemCondition other = (RangerPolicyItemCondition) obj; + if (type == null) { + if (other.type != null) + return false; + } else if (!type.equals(other.type)) + return false; + if (values == null) { + if (other.values != null) + return false; + } else if (!values.equals(other.values)) + return false; + return true; + } + + } + + @JsonInclude(JsonInclude.Include.NON_NULL) + @XmlRootElement + @XmlAccessorType(XmlAccessType.FIELD) + public static class RangerPolicyItemDataMaskInfo implements java.io.Serializable { + private static final long serialVersionUID = 1L; + + private String dataMaskType; + private String conditionExpr; + private String valueExpr; + + public RangerPolicyItemDataMaskInfo() { } + + public RangerPolicyItemDataMaskInfo(String dataMaskType, String conditionExpr, String valueExpr) { + setDataMaskType(dataMaskType); + setConditionExpr(conditionExpr); + setValueExpr(valueExpr); + } + + public RangerPolicyItemDataMaskInfo(RangerPolicyItemDataMaskInfo that) { + this.dataMaskType = that.dataMaskType; + this.conditionExpr = that.conditionExpr; + this.valueExpr = that.valueExpr; + } + + public String getDataMaskType() { + return dataMaskType; + } + + public void setDataMaskType(String dataMaskType) { + this.dataMaskType = dataMaskType; + } + + public String getConditionExpr() { + return conditionExpr; + } + + public void setConditionExpr(String conditionExpr) { + this.conditionExpr = conditionExpr; + } + + public String getValueExpr() { + return valueExpr; + } + + public void setValueExpr(String valueExpr) { + this.valueExpr = valueExpr; + } + + @Override + public int hashCode() { + final int prime = 31; + int result = super.hashCode(); + result = prime * result + ((dataMaskType == null) ? 0 : dataMaskType.hashCode()); + result = prime * result + ((conditionExpr == null) ? 0 : conditionExpr.hashCode()); + result = prime * result + ((valueExpr == null) ? 0 : valueExpr.hashCode()); + return result; + } + + @Override + public boolean equals(Object obj) { + if (this == obj) + return true; + if (obj == null) + return false; + if (getClass() != obj.getClass()) + return false; + RangerPolicyItemDataMaskInfo other = (RangerPolicyItemDataMaskInfo) obj; + if (dataMaskType == null) { + if (other.dataMaskType != null) + return false; + } else if (!dataMaskType.equals(other.dataMaskType)) + return false; + if (conditionExpr == null) { + if (other.conditionExpr != null) + return false; + } else if (!conditionExpr.equals(other.conditionExpr)) + return false; + if (valueExpr == null) { + if (other.valueExpr != null) + return false; + } else if (!valueExpr.equals(other.valueExpr)) + return false; + return true; + } + + @Override + public String toString( ) { + StringBuilder sb = new StringBuilder(); + + toString(sb); + + return sb.toString(); + } + + public StringBuilder toString(StringBuilder sb) { + sb.append("RangerPolicyItemDataMaskInfo={"); + + sb.append("dataMaskType={").append(dataMaskType).append("} "); + sb.append("conditionExpr={").append(conditionExpr).append("} "); + sb.append("valueExpr={").append(valueExpr).append("} "); + + sb.append("}"); + + return sb; + } + } + + @JsonInclude(JsonInclude.Include.NON_NULL) + @XmlRootElement + @XmlAccessorType(XmlAccessType.FIELD) + public static class RangerPolicyItemRowFilterInfo implements java.io.Serializable { + private static final long serialVersionUID = 1L; + + private String filterExpr; + + public RangerPolicyItemRowFilterInfo() { } + + public RangerPolicyItemRowFilterInfo(String filterExpr) { + setFilterExpr(filterExpr); + } + + public RangerPolicyItemRowFilterInfo(RangerPolicyItemRowFilterInfo that) { + this.filterExpr = that.filterExpr; + } + + public String getFilterExpr() { + return filterExpr; + } + + public void setFilterExpr(String filterExpr) { + this.filterExpr = filterExpr; + } + + @Override + public int hashCode() { + final int prime = 31; + int result = super.hashCode(); + result = prime * result + ((filterExpr == null) ? 0 : filterExpr.hashCode()); + return result; + } + + @Override + public boolean equals(Object obj) { + if (this == obj) + return true; + if (obj == null) + return false; + if (getClass() != obj.getClass()) + return false; + RangerPolicyItemRowFilterInfo other = (RangerPolicyItemRowFilterInfo) obj; + if (filterExpr == null) { + if (other.filterExpr != null) + return false; + } else if (!filterExpr.equals(other.filterExpr)) + return false; + return true; + } + + @Override + public String toString( ) { + StringBuilder sb = new StringBuilder(); + + toString(sb); + + return sb.toString(); + } + + public StringBuilder toString(StringBuilder sb) { + sb.append("RangerPolicyItemRowFilterInfo={"); + + sb.append("filterExpr={").append(filterExpr).append("} "); + + sb.append("}"); + + return sb; + } + } +} diff --git a/auth-agents-common/src/main/java/org/apache/atlas/plugin/model/RangerRole.java b/auth-common/src/main/java/org/apache/atlas/plugin/model/RangerRole.java similarity index 100% rename from auth-agents-common/src/main/java/org/apache/atlas/plugin/model/RangerRole.java rename to auth-common/src/main/java/org/apache/atlas/plugin/model/RangerRole.java diff --git a/auth-agents-common/src/main/java/org/apache/atlas/plugin/model/RangerServiceDef.java b/auth-common/src/main/java/org/apache/atlas/plugin/model/RangerServiceDef.java similarity index 99% rename from auth-agents-common/src/main/java/org/apache/atlas/plugin/model/RangerServiceDef.java rename to auth-common/src/main/java/org/apache/atlas/plugin/model/RangerServiceDef.java index 4c5d8988d0..994e6a7117 100644 --- a/auth-agents-common/src/main/java/org/apache/atlas/plugin/model/RangerServiceDef.java +++ b/auth-common/src/main/java/org/apache/atlas/plugin/model/RangerServiceDef.java @@ -99,10 +99,10 @@ public RangerServiceDef(String name, String implClass, String label, String desc } public RangerServiceDef(String name, String displayName, String implClass, String label, String description, - Map options, List configs, - List modifiedResourceDefs, List accessTypes, - List policyConditions, List contextEnrichers, - List enums) { + Map options, List configs, + List modifiedResourceDefs, List accessTypes, + List policyConditions, List contextEnrichers, + List enums) { this(name, implClass, label, description, options, configs, modifiedResourceDefs, accessTypes, policyConditions, contextEnrichers, enums); this.setDisplayName(displayName); } diff --git a/auth-agents-common/src/main/java/org/apache/atlas/plugin/model/RangerValidityRecurrence.java b/auth-common/src/main/java/org/apache/atlas/plugin/model/RangerValidityRecurrence.java similarity index 100% rename from auth-agents-common/src/main/java/org/apache/atlas/plugin/model/RangerValidityRecurrence.java rename to auth-common/src/main/java/org/apache/atlas/plugin/model/RangerValidityRecurrence.java diff --git a/auth-agents-common/src/main/java/org/apache/atlas/plugin/model/RangerValiditySchedule.java b/auth-common/src/main/java/org/apache/atlas/plugin/model/RangerValiditySchedule.java similarity index 90% rename from auth-agents-common/src/main/java/org/apache/atlas/plugin/model/RangerValiditySchedule.java rename to auth-common/src/main/java/org/apache/atlas/plugin/model/RangerValiditySchedule.java index 3bb3f078b5..f166598e28 100644 --- a/auth-agents-common/src/main/java/org/apache/atlas/plugin/model/RangerValiditySchedule.java +++ b/auth-common/src/main/java/org/apache/atlas/plugin/model/RangerValiditySchedule.java @@ -19,11 +19,9 @@ package org.apache.atlas.plugin.model; - -import org.codehaus.jackson.annotate.JsonAutoDetect; -import org.codehaus.jackson.annotate.JsonAutoDetect.Visibility; -import org.codehaus.jackson.annotate.JsonIgnoreProperties; -import org.codehaus.jackson.map.annotate.JsonSerialize; +import org.apache.htrace.shaded.fasterxml.jackson.annotation.JsonAutoDetect; +import org.apache.htrace.shaded.fasterxml.jackson.annotation.JsonIgnoreProperties; +import org.apache.htrace.shaded.fasterxml.jackson.databind.annotation.JsonSerialize; import javax.xml.bind.annotation.XmlAccessType; import javax.xml.bind.annotation.XmlAccessorType; @@ -33,7 +31,7 @@ import java.util.Arrays; import java.util.List; -@JsonAutoDetect(fieldVisibility=Visibility.ANY) +@JsonAutoDetect(fieldVisibility= JsonAutoDetect.Visibility.ANY) @JsonSerialize(include=JsonSerialize.Inclusion.NON_NULL) @JsonIgnoreProperties(ignoreUnknown=true) @XmlRootElement diff --git a/auth-agents-common/src/main/java/org/apache/atlas/plugin/model/UserInfo.java b/auth-common/src/main/java/org/apache/atlas/plugin/model/UserInfo.java similarity index 100% rename from auth-agents-common/src/main/java/org/apache/atlas/plugin/model/UserInfo.java rename to auth-common/src/main/java/org/apache/atlas/plugin/model/UserInfo.java index 4a690a0a29..43b5fe1682 100644 --- a/auth-agents-common/src/main/java/org/apache/atlas/plugin/model/UserInfo.java +++ b/auth-common/src/main/java/org/apache/atlas/plugin/model/UserInfo.java @@ -19,8 +19,8 @@ package org.apache.atlas.plugin.model; -import org.apache.htrace.shaded.fasterxml.jackson.annotation.JsonInclude; import org.apache.atlas.plugin.util.RangerUserStoreUtil; +import org.apache.htrace.shaded.fasterxml.jackson.annotation.JsonInclude; import javax.xml.bind.annotation.XmlAccessType; import javax.xml.bind.annotation.XmlAccessorType; diff --git a/auth-agents-common/src/main/java/org/apache/atlas/plugin/util/RangerRoles.java b/auth-common/src/main/java/org/apache/atlas/plugin/util/RangerRoles.java similarity index 100% rename from auth-agents-common/src/main/java/org/apache/atlas/plugin/util/RangerRoles.java rename to auth-common/src/main/java/org/apache/atlas/plugin/util/RangerRoles.java index 083871f1e2..ddcb6dea58 100644 --- a/auth-agents-common/src/main/java/org/apache/atlas/plugin/util/RangerRoles.java +++ b/auth-common/src/main/java/org/apache/atlas/plugin/util/RangerRoles.java @@ -19,8 +19,8 @@ package org.apache.atlas.plugin.util; -import org.apache.htrace.shaded.fasterxml.jackson.annotation.JsonInclude; import org.apache.atlas.plugin.model.RangerRole; +import org.apache.htrace.shaded.fasterxml.jackson.annotation.JsonInclude; import javax.xml.bind.annotation.XmlAccessType; import javax.xml.bind.annotation.XmlAccessorType; diff --git a/auth-agents-common/src/main/java/org/apache/atlas/plugin/util/RangerUserStore.java b/auth-common/src/main/java/org/apache/atlas/plugin/util/RangerUserStore.java similarity index 99% rename from auth-agents-common/src/main/java/org/apache/atlas/plugin/util/RangerUserStore.java rename to auth-common/src/main/java/org/apache/atlas/plugin/util/RangerUserStore.java index 7318648cf8..dc1115fa4c 100644 --- a/auth-agents-common/src/main/java/org/apache/atlas/plugin/util/RangerUserStore.java +++ b/auth-common/src/main/java/org/apache/atlas/plugin/util/RangerUserStore.java @@ -59,7 +59,7 @@ public RangerUserStore(Long userStoreVersion, Set users, Set isAccessAllowed(" + request + ")"); } boolean ret = false; + long startTime = System.currentTimeMillis(); + final String uuid = UUID.randomUUID().toString(); try { final String action = request.getAction() != null ? request.getAction().getType() : null; @@ -702,19 +710,21 @@ private boolean isAccessAllowed(AtlasEntityAccessRequest request, RangerAtlasAud } // check authorization for each classification + LOG.info("classification level authorization started: " + (System.currentTimeMillis()-startTime) + "uuid: "+uuid); for (AtlasClassification classificationToAuthorize : request.getEntityClassifications()) { rangerResource.setValue(RESOURCE_ENTITY_CLASSIFICATION, request.getClassificationTypeAndAllSuperTypes(classificationToAuthorize.getTypeName())); - ret = checkAccess(rangerRequest, auditHandler); + ret = checkAccess(rangerRequest, auditHandler, uuid); if (!ret) { break; } } + LOG.info("classification level authorization ended: " + (System.currentTimeMillis()-startTime) + "uuid: "+uuid); } else { rangerResource.setValue(RESOURCE_ENTITY_CLASSIFICATION, ENTITY_NOT_CLASSIFIED ); - ret = checkAccess(rangerRequest, auditHandler); + ret = checkAccess(rangerRequest, auditHandler, uuid); } } finally { @@ -726,7 +736,7 @@ private boolean isAccessAllowed(AtlasEntityAccessRequest request, RangerAtlasAud if (LOG.isDebugEnabled()) { LOG.debug("<== isAccessAllowed(" + request + "): " + ret); } - + LOG.info("isAccessAllowed ended: " + (System.currentTimeMillis()-startTime) + "uuid: "+uuid); return ret; } @@ -793,9 +803,10 @@ private boolean checkAccess(RangerAccessRequestImpl request) { return ret; } - private boolean checkAccess(RangerAccessRequestImpl request, RangerAtlasAuditHandler auditHandler) { + private boolean checkAccess(RangerAccessRequestImpl request, RangerAtlasAuditHandler auditHandler, String uuid) { boolean ret = false; - + long startTime = System.currentTimeMillis(); + LOG.info("checkAccess started at: " + startTime + " uuid: " + uuid); RangerBasePlugin plugin = atlasPlugin; String userName = request.getUser(); @@ -809,7 +820,7 @@ private boolean checkAccess(RangerAccessRequestImpl request, RangerAtlasAuditHan LOG.debug("Setting UserGroup for user :" + userName + " Groups: " + groupUtil.getContainedGroups(userName)); } - RangerAccessResult result = plugin.isAccessAllowed(request, auditHandler); + RangerAccessResult result = plugin.isAccessAllowed(request, auditHandler, uuid); ret = result != null && result.getIsAllowed(); @@ -817,6 +828,7 @@ private boolean checkAccess(RangerAccessRequestImpl request, RangerAtlasAuditHan LOG.warn("RangerAtlasPlugin not initialized. Access blocked!!!"); } + LOG.info("checkAccess ended at: " + (System.currentTimeMillis()-startTime) + " uuid: " + uuid); return ret; } @@ -859,17 +871,20 @@ private void checkAccessAndScrub(AtlasEntityHeader entity, AtlasSearchResultScru } private void checkAccessAndScrub(AtlasEntityHeader entity, AtlasSearchResultScrubRequest request, boolean isScrubAuditEnabled) throws AtlasAuthorizationException { + long t0 = System.currentTimeMillis(); if (entity != null && request != null) { final AtlasEntityAccessRequest entityAccessRequest = new AtlasEntityAccessRequest(request.getTypeRegistry(), AtlasPrivilege.ENTITY_READ, entity, request.getUser(), request.getUserGroups()); entityAccessRequest.setClientIPAddress(request.getClientIPAddress()); entityAccessRequest.setForwardedAddresses(request.getForwardedAddresses()); entityAccessRequest.setRemoteIPAddress(request.getRemoteIPAddress()); - + LOG.info("isEntityAccessAllowed started in: " + (System.currentTimeMillis() - t0)); boolean isEntityAccessAllowed = isScrubAuditEnabled ? isAccessAllowed(entityAccessRequest) : isAccessAllowed(entityAccessRequest, null); + LOG.info("isEntityAccessAllowed ended in: " + (System.currentTimeMillis() - t0)); if (!isEntityAccessAllowed) { scrubEntityHeader(entity, request.getTypeRegistry()); } + LOG.info("scrubEntityHeader ended in: " + (System.currentTimeMillis() - t0)); } } diff --git a/authorization/src/main/java/org/apache/atlas/authorize/AtlasAuthorizer.java b/authorization/src/main/java/org/apache/atlas/authorize/AtlasAuthorizer.java index 22aea9ea6c..ade9ae79c7 100644 --- a/authorization/src/main/java/org/apache/atlas/authorize/AtlasAuthorizer.java +++ b/authorization/src/main/java/org/apache/atlas/authorize/AtlasAuthorizer.java @@ -19,6 +19,7 @@ package org.apache.atlas.authorize; +import com.esotericsoftware.minlog.Log; import org.apache.atlas.model.instance.AtlasEntityHeader; import org.apache.atlas.type.AtlasEntityType; import org.apache.atlas.type.AtlasStructType; @@ -127,6 +128,7 @@ void scrubEntityHeader(AtlasEntityHeader entity) { default void scrubEntityHeader(AtlasEntityHeader entity, AtlasTypeRegistry typeRegistry) { + long startTime = System.currentTimeMillis(); AtlasEntityType entityType = typeRegistry.getEntityTypeByName(entity.getTypeName()); boolean isScrubbed = false; @@ -142,7 +144,7 @@ default void scrubEntityHeader(AtlasEntityHeader entity, AtlasTypeRegistry typeR } entity.setScrubbed(isScrubbed); - + Log.info("Time taken by scrubEntityHeader: "+ (System.currentTimeMillis() - startTime)); } diff --git a/build.sh b/build.sh index d60c540769..d3f77f5647 100755 --- a/build.sh +++ b/build.sh @@ -24,9 +24,9 @@ unzip -o keycloak-15.0.2.1.zip -d ~/.m2/repository/org echo "Maven Building" if [ "$1" == "build_without_dashboard" ]; then - mvn -pl '!test-tools,!addons/hdfs-model,!addons/hive-bridge,!addons/hive-bridge-shim,!addons/falcon-bridge-shim,!addons/falcon-bridge,!addons/sqoop-bridge,!addons/sqoop-bridge-shim,!addons/hbase-bridge,!addons/hbase-bridge-shim,!addons/hbase-testing-util,!addons/kafka-bridge,!addons/impala-hook-api,!addons/impala-bridge-shim,!addons/impala-bridge,!dashboardv2,!dashboardv3' -Dmaven.test.skip -DskipTests -Drat.skip=true -DskipOverlay -DskipEnunciate=true package -Pdist + mvn -pl '!addons/hdfs-model,!addons/hive-bridge,!addons/hive-bridge-shim,!addons/falcon-bridge-shim,!addons/falcon-bridge,!addons/sqoop-bridge,!addons/sqoop-bridge-shim,!addons/hbase-bridge,!addons/hbase-bridge-shim,!addons/hbase-testing-util,!addons/kafka-bridge,!addons/impala-hook-api,!addons/impala-bridge-shim,!addons/impala-bridge,!dashboardv2,!dashboardv3' -Dmaven.test.skip -DskipTests -Drat.skip=true -DskipOverlay -DskipEnunciate=true package -Pdist else - mvn -pl '!test-tools,!addons/hdfs-model,!addons/hive-bridge,!addons/hive-bridge-shim,!addons/falcon-bridge-shim,!addons/falcon-bridge,!addons/sqoop-bridge,!addons/sqoop-bridge-shim,!addons/hbase-bridge,!addons/hbase-bridge-shim,!addons/hbase-testing-util,!addons/kafka-bridge,!addons/impala-hook-api,!addons/impala-bridge-shim,!addons/impala-bridge' -Dmaven.test.skip -DskipTests -Drat.skip=true -DskipEnunciate=true package -Pdist + mvn -pl '!addons/hdfs-model,!addons/hive-bridge,!addons/hive-bridge-shim,!addons/falcon-bridge-shim,!addons/falcon-bridge,!addons/sqoop-bridge,!addons/sqoop-bridge-shim,!addons/hbase-bridge,!addons/hbase-bridge-shim,!addons/hbase-testing-util,!addons/kafka-bridge,!addons/impala-hook-api,!addons/impala-bridge-shim,!addons/impala-bridge' -Dmaven.test.skip -DskipTests -Drat.skip=true -DskipEnunciate=true package -Pdist fi echo "[DEBUG listing distro/target" diff --git a/client-auth/src/main/java/org/apache/atlas/auth/client/auth/AbstractAuthClient.java b/client-auth/src/main/java/org/apache/atlas/auth/client/auth/AbstractAuthClient.java index cb13431384..988a120bfd 100644 --- a/client-auth/src/main/java/org/apache/atlas/auth/client/auth/AbstractAuthClient.java +++ b/client-auth/src/main/java/org/apache/atlas/auth/client/auth/AbstractAuthClient.java @@ -38,7 +38,7 @@ public class AbstractAuthClient { private static final String BEARER = "Bearer "; private static final int TIMEOUT_IN_SEC = 60; private static final String INTEGRATION = "integration"; - private static final String KEYCLOAK = "keycloak"; + private static final String AUTH = "auth"; protected final AuthConfig authConfig; protected final RetrofitKeycloakClient retrofitKeycloakClient; @@ -84,10 +84,10 @@ public AbstractAuthClient(AuthConfig authConfig) { Interceptor responseLoggingInterceptor = chain -> { Request request = chain.request(); String rawPath = request.url().uri().getRawPath(); - Timer.Sample timerSample = this.metricUtils.start(rawPath); + Timer.Sample timerSample = this.metricUtils.start(rawPath, false); okhttp3.Response response = chain.proceed(request); this.metricUtils.recordHttpTimer(timerSample, request.method(), rawPath, response.code(), - INTEGRATION, KEYCLOAK); + INTEGRATION, AUTH); return response; }; diff --git a/common/pom.xml b/common/pom.xml index ff4d502f12..47c274ca4d 100644 --- a/common/pom.xml +++ b/common/pom.xml @@ -145,51 +145,7 @@ - - io.netty - netty-all - ${netty4.version} - - - io.netty - netty-handler - ${netty4.version} - - - io.netty - netty-common - ${netty4.version} - - - io.netty - netty-resolver - ${netty4.version} - - - io.netty - netty-codec - ${netty4.version} - - - io.netty - netty-transport - ${netty4.version} - - - io.netty - netty-buffer - ${netty4.version} - - - io.netty - netty-transport-native-epoll - ${netty4.version} - - - io.netty - netty-transport-native-unix-common - ${netty4.version} - + diff --git a/common/src/main/java/org/apache/atlas/repository/Constants.java b/common/src/main/java/org/apache/atlas/repository/Constants.java index accea8ec88..f2f7fd1e3e 100644 --- a/common/src/main/java/org/apache/atlas/repository/Constants.java +++ b/common/src/main/java/org/apache/atlas/repository/Constants.java @@ -159,6 +159,8 @@ public final class Constants { /** * SQL property keys. */ + + public static final String SQL_ENTITY_TYPE = "SQL"; public static final String CONNECTION_ENTITY_TYPE = "Connection"; public static final String QUERY_ENTITY_TYPE = "Query"; public static final String QUERY_FOLDER_ENTITY_TYPE = "Folder"; @@ -174,6 +176,8 @@ public final class Constants { public static final String SERVICE_ENTITY_TYPE = "AuthService"; public static final String REL_POLICY_TO_ACCESS_CONTROL = "access_control_policies"; + public static final String POLICY_SERVICE_NAME_ABAC = "atlas_abac"; + /** * Resource */ diff --git a/common/src/main/java/org/apache/atlas/service/Services.java b/common/src/main/java/org/apache/atlas/service/Services.java index 5beab35421..2d548467fe 100644 --- a/common/src/main/java/org/apache/atlas/service/Services.java +++ b/common/src/main/java/org/apache/atlas/service/Services.java @@ -18,7 +18,6 @@ package org.apache.atlas.service; import org.apache.atlas.annotation.AtlasService; -import org.apache.atlas.type.AtlasType; import org.apache.commons.configuration.Configuration; import org.apache.commons.lang.StringUtils; import org.slf4j.Logger; @@ -28,7 +27,6 @@ import javax.annotation.PostConstruct; import javax.annotation.PreDestroy; import javax.inject.Inject; - import java.util.List; import static org.apache.atlas.AtlasConstants.ATLAS_MIGRATION_MODE_FILENAME; @@ -67,8 +65,8 @@ public void start() { continue; } - LOG.info("Starting service {}", svc.getClass().getName()); + svc.start(); } } catch (Exception e) { diff --git a/common/src/main/java/org/apache/atlas/service/metrics/MetricUtils.java b/common/src/main/java/org/apache/atlas/service/metrics/MetricUtils.java index c309190391..523225ce7f 100644 --- a/common/src/main/java/org/apache/atlas/service/metrics/MetricUtils.java +++ b/common/src/main/java/org/apache/atlas/service/metrics/MetricUtils.java @@ -52,6 +52,10 @@ public Timer.Sample start(String uri) { return matchCanonicalPattern(uri).isPresent() ? Timer.start(getMeterRegistry()) : null; } + public Timer.Sample start(String uri, boolean checkCanonicalPattern) { + return checkCanonicalPattern ? start(uri) : Timer.start(getMeterRegistry()); + } + public void recordHttpTimer(Timer.Sample sample, String method, String rawPath, int code, String... additionalTags) { if (Objects.isNull(sample)) { return; diff --git a/common/src/main/java/org/apache/atlas/service/redis/AbstractRedisService.java b/common/src/main/java/org/apache/atlas/service/redis/AbstractRedisService.java index 9ad5fd904f..51d505cc7a 100644 --- a/common/src/main/java/org/apache/atlas/service/redis/AbstractRedisService.java +++ b/common/src/main/java/org/apache/atlas/service/redis/AbstractRedisService.java @@ -29,7 +29,6 @@ public abstract class AbstractRedisService implements RedisService { private static final String ATLAS_REDIS_LOCK_WATCHDOG_TIMEOUT_MS = "atlas.redis.lock.watchdog_timeout.ms"; private static final int DEFAULT_REDIS_WAIT_TIME_MS = 15_000; private static final int DEFAULT_REDIS_LOCK_WATCHDOG_TIMEOUT_MS = 600_000; - private static final String ATLAS_METASTORE_SERVICE = "atlas-metastore-service"; RedissonClient redisClient; RedissonClient redisCacheClient; @@ -129,14 +128,8 @@ Config getLocalConfig() throws AtlasException { Config getProdConfig() throws AtlasException { Config config = initAtlasConfig(); config.useSentinelServers() - .setClientName(ATLAS_METASTORE_SERVICE) .setReadMode(ReadMode.MASTER_SLAVE) .setCheckSentinelsList(false) - .setKeepAlive(true) - .setMasterConnectionMinimumIdleSize(10) - .setMasterConnectionPoolSize(20) - .setSlaveConnectionMinimumIdleSize(10) - .setSlaveConnectionPoolSize(20) .setMasterName(atlasConfig.getString(ATLAS_REDIS_MASTER_NAME)) .addSentinelAddress(formatUrls(atlasConfig.getStringArray(ATLAS_REDIS_SENTINEL_URLS))) .setUsername(atlasConfig.getString(ATLAS_REDIS_USERNAME)) @@ -147,7 +140,6 @@ Config getProdConfig() throws AtlasException { Config getCacheImplConfig() { Config config = new Config(); config.useSentinelServers() - .setClientName(ATLAS_METASTORE_SERVICE+"-redisCache") .setReadMode(ReadMode.MASTER_SLAVE) .setCheckSentinelsList(false) .setKeepAlive(true) diff --git a/distro/src/main/assemblies/atlas-server-package.xml b/distro/src/main/assemblies/atlas-server-package.xml index 9eb71ef7cf..47e6bfc0f5 100755 --- a/distro/src/main/assemblies/atlas-server-package.xml +++ b/distro/src/main/assemblies/atlas-server-package.xml @@ -161,6 +161,12 @@ ../addons/policies policies + + + ../addons/override-policies + override-policies + + diff --git a/distro/src/main/assemblies/standalone-package.xml b/distro/src/main/assemblies/standalone-package.xml index 3ef91c047e..b3c81f9a60 100755 --- a/distro/src/main/assemblies/standalone-package.xml +++ b/distro/src/main/assemblies/standalone-package.xml @@ -141,6 +141,11 @@ policies + + ../addons/override-policies + override-policies + + ../addons/hive-bridge/src/bin diff --git a/graphdb/api/src/main/java/org/apache/atlas/repository/graphdb/AtlasGraph.java b/graphdb/api/src/main/java/org/apache/atlas/repository/graphdb/AtlasGraph.java index 666ab376a7..2b41b1c07d 100644 --- a/graphdb/api/src/main/java/org/apache/atlas/repository/graphdb/AtlasGraph.java +++ b/graphdb/api/src/main/java/org/apache/atlas/repository/graphdb/AtlasGraph.java @@ -383,9 +383,4 @@ public interface AtlasGraph { * @throws AtlasException when error encountered in creating the client. */ AtlasGraphIndexClient getGraphIndexClient()throws AtlasException; - - - void setEnableCache(boolean enableCache); - - Boolean isCacheEnabled(); } diff --git a/graphdb/janus/pom.xml b/graphdb/janus/pom.xml index 75c9079eee..3c91e4442a 100644 --- a/graphdb/janus/pom.xml +++ b/graphdb/janus/pom.xml @@ -119,10 +119,6 @@ ch.qos.logback * - - io.netty - * - com.codahale.metrics metrics-core @@ -139,6 +135,10 @@ ch.qos.logback * + + cassandra-hadoop-util + * + @@ -212,10 +212,6 @@ org.codehaus.woodstox woodstox-core-asl - - io.netty - * - diff --git a/graphdb/janus/src/main/java/org/apache/atlas/repository/graphdb/janus/AtlasElasticsearchQuery.java b/graphdb/janus/src/main/java/org/apache/atlas/repository/graphdb/janus/AtlasElasticsearchQuery.java index 9aa7cfe8ba..3d49deccee 100644 --- a/graphdb/janus/src/main/java/org/apache/atlas/repository/graphdb/janus/AtlasElasticsearchQuery.java +++ b/graphdb/janus/src/main/java/org/apache/atlas/repository/graphdb/janus/AtlasElasticsearchQuery.java @@ -147,7 +147,7 @@ private DirectIndexQueryResult runQueryWithLowLevelClient(SearchParams searchPar } } - private Map runQueryWithLowLevelClient(String query) throws AtlasBaseException { + public Map runQueryWithLowLevelClient(String query) throws AtlasBaseException { Map ret = new HashMap<>(); try { String responseString = performDirectIndexQuery(query, true); diff --git a/graphdb/janus/src/main/java/org/apache/atlas/repository/graphdb/janus/AtlasJanusGraph.java b/graphdb/janus/src/main/java/org/apache/atlas/repository/graphdb/janus/AtlasJanusGraph.java index 2886a01eb9..3a9c933797 100644 --- a/graphdb/janus/src/main/java/org/apache/atlas/repository/graphdb/janus/AtlasJanusGraph.java +++ b/graphdb/janus/src/main/java/org/apache/atlas/repository/graphdb/janus/AtlasJanusGraph.java @@ -126,6 +126,7 @@ public class AtlasJanusGraph implements AtlasGraph directIndexQuery(String query) throws AtlasBaseExcept @Override public Iterator> vertices() { - Iterator> results = query.vertices().iterator(); + Iterator> results = query.vertexStream().iterator(); Function, Result> function = new Function, Result>() { @@ -77,7 +77,7 @@ public Iterator> vertices(int offset, i Iterator> results = query .offset(offset) .limit(limit) - .vertices().iterator(); + .vertexStream().iterator(); Function, Result> function = new Function, Result>() { @@ -100,7 +100,7 @@ public Iterator> vertices(int offset, i .orderBy(sortBy, sortOrder) .offset(offset) .limit(limit) - .vertices().iterator(); + .vertexStream().iterator(); Function, Result> function = new Function, Result>() { diff --git a/graphdb/janus/src/main/java/org/janusgraph/diskstorage/solr/Solr6Index.java b/graphdb/janus/src/main/java/org/janusgraph/diskstorage/solr/Solr6Index.java index 23c11de301..e462344f99 100644 --- a/graphdb/janus/src/main/java/org/janusgraph/diskstorage/solr/Solr6Index.java +++ b/graphdb/janus/src/main/java/org/janusgraph/diskstorage/solr/Solr6Index.java @@ -121,6 +121,7 @@ import org.janusgraph.graphdb.query.condition.Not; import org.janusgraph.graphdb.query.condition.Or; import org.janusgraph.graphdb.query.condition.PredicateCondition; +import org.janusgraph.graphdb.tinkerpop.optimize.step.Aggregation; import org.janusgraph.graphdb.types.ParameterType; import org.slf4j.Logger; import org.slf4j.LoggerFactory; @@ -597,6 +598,11 @@ public void restore(Map>> documents, } } + @Override + public Number queryAggregation(IndexQuery indexQuery, KeyInformation.IndexRetriever indexRetriever, BaseTransaction baseTransaction, Aggregation aggregation) throws BackendException { + return null; + } + // This method will create a map of field ids to values. In the case of multiValued fields, // it will consolidate all the values into one List or Set so it can be updated with a single Solr operation private Map collectFieldValues(List content, String collectionName, @@ -672,7 +678,6 @@ public Stream query(IndexQuery query, KeyInformation.IndexRetriever info doc -> doc.getFieldValue(keyIdField).toString()); } - @Override public Long queryCount(IndexQuery query, KeyInformation.IndexRetriever information, BaseTransaction tx) throws BackendException { try { String collection = query.getStore(); @@ -1064,6 +1069,11 @@ public void clearStorage() throws BackendException { } } + @Override + public void clearStore(String s) throws BackendException { + + } + @Override public boolean supports(KeyInformation information, JanusGraphPredicate predicate) { final Class dataType = information.getDataType(); diff --git a/intg/src/main/java/org/apache/atlas/model/audit/EntityAuditEventV2.java b/intg/src/main/java/org/apache/atlas/model/audit/EntityAuditEventV2.java index 9a4b03df73..1947147e38 100644 --- a/intg/src/main/java/org/apache/atlas/model/audit/EntityAuditEventV2.java +++ b/intg/src/main/java/org/apache/atlas/model/audit/EntityAuditEventV2.java @@ -133,8 +133,12 @@ public static EntityAuditActionV2 fromString(String strValue) { private AtlasEntity entity; private EntityAuditType type; private Map detail; + private AtlasEntityHeader entityDetail; private Map headers; + private List> classificationDetails; + @JsonSerialize(include=JsonSerialize.Inclusion.NON_NULL) + private String classificationDetail; public EntityAuditEventV2() { } @@ -290,12 +294,13 @@ public boolean equals(Object o) { Objects.equals(created, that.created) && Objects.equals(typeName, that.typeName) && Objects.equals(entityQualifiedName, that.entityQualifiedName) && - Objects.equals(headers, that.headers); + Objects.equals(headers, that.headers) && + Objects.equals(classificationDetails, that.classificationDetails); } @Override public int hashCode() { - return Objects.hash(entityId, timestamp, user, action, details, eventKey, entity, type, detail, created, entityQualifiedName, typeName, headers); + return Objects.hash(entityId, timestamp, user, action, details, eventKey, entity, type, detail, created, entityQualifiedName, typeName, headers, classificationDetails); } @Override @@ -315,6 +320,7 @@ public String toString() { sb.append(", detail=").append(detail); sb.append(", created=").append(created); sb.append(", headers=").append(headers); + sb.append(", classificationDetails").append(classificationDetails); sb.append('}'); return sb.toString(); @@ -346,6 +352,7 @@ public void clear() { detail = null; created = 0L; headers = null; + classificationDetails = null; } private String getJsonPartFromDetails() { @@ -355,7 +362,7 @@ private String getJsonPartFromDetails() { if(bracketStartPosition != -1) { ret = details.substring(bracketStartPosition); } - } else if(MapUtils.isNotEmpty(detail)) { + } else if(!detail.isEmpty()) { ret = AtlasType.toJson(detail); } @@ -415,4 +422,20 @@ public static void sortEvents(List events, String sortByColu events.sort(sortOrderDesc ? comparator.reversed() : comparator); } + + public List> getClassificationDetails() { + return classificationDetails; + } + + public void setClassificationDetails(List> classificationDetails) { + this.classificationDetails = classificationDetails; + } + + public String getClassificationDetail() { + return classificationDetail; + } + + public void setClassificationDetail(String classificationDetail) { + this.classificationDetail = classificationDetail; + } } \ No newline at end of file diff --git a/intg/src/main/java/org/apache/atlas/model/discovery/IndexSearchParams.java b/intg/src/main/java/org/apache/atlas/model/discovery/IndexSearchParams.java index 8d8cc08247..c06ca21030 100644 --- a/intg/src/main/java/org/apache/atlas/model/discovery/IndexSearchParams.java +++ b/intg/src/main/java/org/apache/atlas/model/discovery/IndexSearchParams.java @@ -34,6 +34,11 @@ public String getQuery() { return queryString; } + @Override + public void setQuery(String query) { + this.queryString = query; + } + public Map getDsl() { return dsl; } @@ -89,6 +94,7 @@ public String toString() { ", allowDeletedRelations=" + allowDeletedRelations + ", accessControlExclusive=" + accessControlExclusive + ", utmTags="+ getUtmTags() + + ", enableFullRestriction="+ enableFullRestriction + '}'; } } diff --git a/intg/src/main/java/org/apache/atlas/model/discovery/SearchParams.java b/intg/src/main/java/org/apache/atlas/model/discovery/SearchParams.java index 6179f291a5..d01224bf80 100644 --- a/intg/src/main/java/org/apache/atlas/model/discovery/SearchParams.java +++ b/intg/src/main/java/org/apache/atlas/model/discovery/SearchParams.java @@ -18,6 +18,7 @@ public class SearchParams { boolean suppressLogs; boolean excludeMeanings; boolean excludeClassifications; + boolean enableFullRestriction; boolean includeClassificationNames = false; @@ -32,10 +33,18 @@ public String getQuery() { return getQuery(); } + public boolean getEnableFullRestriction() { + return enableFullRestriction; + } + public Set getAttributes() { return attributes; } + public void setQuery(String query) { + setQuery(query); + } + public void setAttributes(Set attributes) { this.attributes = attributes; } diff --git a/intg/src/main/java/org/apache/atlas/model/lineage/AtlasLineageOnDemandInfo.java b/intg/src/main/java/org/apache/atlas/model/lineage/AtlasLineageOnDemandInfo.java index 56042a8669..3a86a8a963 100644 --- a/intg/src/main/java/org/apache/atlas/model/lineage/AtlasLineageOnDemandInfo.java +++ b/intg/src/main/java/org/apache/atlas/model/lineage/AtlasLineageOnDemandInfo.java @@ -171,6 +171,8 @@ public static class LineageInfoOnDemand { boolean hasMoreOutputs; int inputRelationsCount; int outputRelationsCount; + int totalInputRelationsCount; + int totalOutputRelationsCount; boolean isInputRelationsReachedLimit; boolean isOutputRelationsReachedLimit; @JsonProperty @@ -188,13 +190,15 @@ public LineageInfoOnDemand(LineageOnDemandConstraints onDemandConstraints) { this.hasMoreOutputs = false; this.inputRelationsCount = 0; this.outputRelationsCount = 0; + this.totalInputRelationsCount = 0; + this.totalOutputRelationsCount = 0; this.isInputRelationsReachedLimit = false; this.isOutputRelationsReachedLimit = false; this.hasUpstream = false; this.hasDownstream = false; this.fromCounter = 0; } - + public boolean isInputRelationsReachedLimit() { return isInputRelationsReachedLimit; } @@ -243,10 +247,18 @@ public void setHasDownstream(boolean hasDownstream) { this.hasDownstream = hasDownstream; } - public int getFromCounter() { - return fromCounter; + public int getTotalInputRelationsCount() { + return totalInputRelationsCount; + } + + public void setTotalInputRelationsCount(int count) {this.totalInputRelationsCount = count;} + + public int getTotalOutputRelationsCount() { + return totalOutputRelationsCount; } + public void setTotalOutputRelationsCount(int count) {this.totalOutputRelationsCount = count;} + public void incrementFromCounter() { fromCounter++; } @@ -255,6 +267,10 @@ public int getInputRelationsCount() { return inputRelationsCount; } + public int getFromCounter() { + return fromCounter; + } + public void incrementInputRelationsCount() { this.inputRelationsCount++; if (inputRelationsCount == onDemandConstraints.getInputRelationsLimit()) { diff --git a/intg/src/main/java/org/apache/atlas/type/AtlasTypeRegistry.java b/intg/src/main/java/org/apache/atlas/type/AtlasTypeRegistry.java index 82628ce73e..070f24cbeb 100644 --- a/intg/src/main/java/org/apache/atlas/type/AtlasTypeRegistry.java +++ b/intg/src/main/java/org/apache/atlas/type/AtlasTypeRegistry.java @@ -88,6 +88,10 @@ public AtlasType getType(String typeName) throws AtlasBaseException { LOG.debug("==> AtlasTypeRegistry.getType({})", typeName); } + if (typeName == null) { + return null; + } + AtlasType ret = registryData.allTypes.getTypeByName(typeName); if (ret == null) { diff --git a/intg/src/main/java/org/apache/atlas/type/Constants.java b/intg/src/main/java/org/apache/atlas/type/Constants.java index 01550ae9c0..effc5208b1 100644 --- a/intg/src/main/java/org/apache/atlas/type/Constants.java +++ b/intg/src/main/java/org/apache/atlas/type/Constants.java @@ -54,10 +54,12 @@ public final class Constants { public static final String GLOSSARY_PROPERTY_KEY = encodePropertyKey(INTERNAL_PROPERTY_KEY_PREFIX + "glossary"); public static final String CATEGORIES_PROPERTY_KEY = encodePropertyKey(INTERNAL_PROPERTY_KEY_PREFIX + "categories"); public static final String CATEGORIES_PARENT_PROPERTY_KEY = encodePropertyKey(INTERNAL_PROPERTY_KEY_PREFIX + "parentCategory"); + public static final String MEANINGS_TEXT_PROPERTY_KEY = encodePropertyKey(INTERNAL_PROPERTY_KEY_PREFIX + "meaningsText"); public static final String MEANING_NAMES_PROPERTY_KEY = encodePropertyKey(INTERNAL_PROPERTY_KEY_PREFIX + "meaningNames"); public static final String HAS_LINEAGE = encodePropertyKey(INTERNAL_PROPERTY_KEY_PREFIX + "hasLineage"); public static final String HAS_LINEAGE_VALID = encodePropertyKey(INTERNAL_PROPERTY_KEY_PREFIX + "hasLineageValid"); + public static final String LEXICOGRAPHICAL_SORT_ORDER = "lexicographicalSortOrder"; //Classification-Only System Attributes public static final String CLASSIFICATION_ENTITY_STATUS_PROPERTY_KEY = encodePropertyKey(INTERNAL_PROPERTY_KEY_PREFIX + "entityStatus"); diff --git a/pom.xml b/pom.xml index 1cc9aa70dc..bc759155f9 100644 --- a/pom.xml +++ b/pom.xml @@ -697,7 +697,7 @@ 4.3.0 1.8 3.2.2 - 7.16.2 + 7.17.4 org.apache.atlas.repository.audit.InMemoryEntityAuditRepository 2.13.2 2.18.1 @@ -717,7 +717,7 @@ 4.4.13 2.12.4 2.12.4 - 0.6.03 + 1.0.0 0.5.3 1 3.1.0 @@ -773,12 +773,11 @@ 2C 3.0.0-M5 6.9.4 - 3.5.1 + 3.7.0 5.0.3 3.4.6 3.20.1 1.11.1 - 4.1.61.Final @@ -798,6 +797,7 @@ dashboardv2 dashboardv3 + auth-common auth-agents-cred auth-agents-common auth-audits @@ -836,16 +836,6 @@ false - - github - https://maven.pkg.github.com/atlanhq/atlan-janusgraph - - true - - - true - - hortonworks.repo https://repo.hortonworks.com/content/repositories/releases diff --git a/repository/pom.xml b/repository/pom.xml index bbe15338f8..2a0133883b 100755 --- a/repository/pom.xml +++ b/repository/pom.xml @@ -59,6 +59,18 @@ atlas-graphdb-api + + org.apache.tinkerpop + gremlin-util + ${tinkerpop.version} + + + + org.jctools + jctools-core + 4.0.1 + + org.antlr antlr4-runtime @@ -111,7 +123,7 @@ io.netty - * + netty-handler org.slf4j @@ -322,6 +334,11 @@ 3.0.0-SNAPSHOT + + org.apache.atlas + auth-common + 3.0.0-SNAPSHOT + org.hibernate hibernate-validator @@ -388,6 +405,21 @@ + + + com.networknt + json-schema-validator + 1.0.87 + + + + + org.apache.commons + commons-lang3 + + + + @@ -404,7 +436,6 @@ org.apache.atlas atlas-testtools ${project.version} - test com.fasterxml.jackson.core diff --git a/repository/src/main/java/org/apache/atlas/authorizer/JsonToElasticsearchQuery.java b/repository/src/main/java/org/apache/atlas/authorizer/JsonToElasticsearchQuery.java new file mode 100644 index 0000000000..f7715b1f58 --- /dev/null +++ b/repository/src/main/java/org/apache/atlas/authorizer/JsonToElasticsearchQuery.java @@ -0,0 +1,86 @@ +package org.apache.atlas.authorizer; + +import com.fasterxml.jackson.databind.JsonNode; +import com.fasterxml.jackson.databind.ObjectMapper; +import com.fasterxml.jackson.databind.node.ArrayNode; +import com.fasterxml.jackson.databind.node.ObjectNode; +import org.apache.atlas.RequestContext; +import org.apache.atlas.utils.AtlasPerfMetrics; +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; + +public class JsonToElasticsearchQuery { + private static final Logger LOG = LoggerFactory.getLogger(JsonToElasticsearchQuery.class); + + private static JsonNode convertConditionToQuery(String condition, JsonNode criterion, ObjectMapper mapper) { + if (condition.equals("AND")) { + return mapper.createObjectNode().set("bool", mapper.createObjectNode().set("filter", mapper.createArrayNode())); + } else if (condition.equals("OR")) { + //JsonNode node = mapper.createObjectNode().set("bool", mapper.createObjectNode()); + return mapper.createObjectNode() + .set("bool", mapper.createObjectNode() + .set("should", mapper.createArrayNode())); + } else { + throw new IllegalArgumentException("Unsupported condition: " + condition); + } + } + + public static JsonNode convertJsonToQuery(JsonNode data, ObjectMapper mapper) { + AtlasPerfMetrics.MetricRecorder convertJsonToQueryMetrics = RequestContext.get().startMetricRecord("convertJsonToQuery"); + String condition = data.get("condition").asText(); + JsonNode criterion = data.get("criterion"); + + JsonNode query = convertConditionToQuery(condition, criterion, mapper); + + for (JsonNode crit : criterion) { + if (crit.has("condition")) { + JsonNode nestedQuery = convertJsonToQuery(crit, mapper); + if (condition.equals("AND")) { + ((ArrayNode) query.get("bool").get("filter")).add(nestedQuery); + } else { + ((ArrayNode) query.get("bool").get("should")).add(nestedQuery); + } + } else { + String operator = crit.get("operator").asText(); + String attributeName = crit.get("attributeName").asText(); + String attributeValue = crit.get("attributeValue").asText(); + + switch (operator) { + case "EQUALS": + ObjectNode termNode = ((ArrayNode) query.get("bool").get(condition.equals("AND") ? "filter" : "should")).addObject(); + termNode.putObject("term").put(attributeName, attributeValue); + break; + + case "NOT_EQUALS": + termNode = ((ArrayNode) query.get("bool").get(condition.equals("AND") ? "filter" : "should")).addObject(); + termNode.putObject("bool").putObject("must_not").putObject("term").put(attributeName, attributeValue); + break; + + case "STARTS_WITH": + ObjectNode wildcardNode = ((ArrayNode) query.get("bool").get(condition.equals("AND") ? "filter" : "should")).addObject(); + wildcardNode.putObject("wildcard").put(attributeName, attributeValue + "*"); + break; + + case "ENDS_WITH": + wildcardNode = ((ArrayNode) query.get("bool").get(condition.equals("AND") ? "filter" : "should")).addObject(); + wildcardNode.putObject("wildcard").put(attributeName, "*" + attributeValue); + break; + + case "IN": + ObjectNode termsNode = ((ArrayNode) query.get("bool").get(condition.equals("AND") ? "filter" : "should")).addObject(); + termsNode.putObject("terms").set(attributeName, crit.get("attributeValue")); + break; + + case "NOT_IN": + termsNode = ((ArrayNode) query.get("bool").get(condition.equals("AND") ? "filter" : "should")).addObject(); + termsNode.putObject("bool").putObject("must_not").putObject("terms").put(attributeName, crit.get("attributeValue")); + break; + + default: LOG.warn("Found unknown operator {}", operator); + } + } + } + RequestContext.get().endMetricRecord(convertJsonToQueryMetrics); + return query; + } +} diff --git a/repository/src/main/java/org/apache/atlas/authorizer/NewAuthorizerUtils.java b/repository/src/main/java/org/apache/atlas/authorizer/NewAuthorizerUtils.java new file mode 100644 index 0000000000..dd40df8d36 --- /dev/null +++ b/repository/src/main/java/org/apache/atlas/authorizer/NewAuthorizerUtils.java @@ -0,0 +1,22 @@ +package org.apache.atlas.authorizer; + +import org.apache.atlas.authorizer.authorizers.ListAuthorizer; +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; + +import java.util.List; +import java.util.Map; + +public class NewAuthorizerUtils { + private static final Logger LOG = LoggerFactory.getLogger(NewAuthorizerUtils.class); + + public static final String POLICY_TYPE_ALLOW = "allow"; + public static final String POLICY_TYPE_DENY = "deny"; + public static final int MAX_CLAUSE_LIMIT = 1024; + + public static final String DENY_POLICY_NAME_SUFFIX = "_deny"; + + public static Map getPreFilterDsl(String persona, String purpose, List actions) { + return ListAuthorizer.getElasticsearchDSL(persona, purpose, actions); + } +} diff --git a/repository/src/main/java/org/apache/atlas/authorizer/authorizers/AuthorizerCommon.java b/repository/src/main/java/org/apache/atlas/authorizer/authorizers/AuthorizerCommon.java new file mode 100644 index 0000000000..2cfac9f6db --- /dev/null +++ b/repository/src/main/java/org/apache/atlas/authorizer/authorizers/AuthorizerCommon.java @@ -0,0 +1,50 @@ +package org.apache.atlas.authorizer.authorizers; + +import org.apache.atlas.repository.graphdb.AtlasGraph; +import org.apache.atlas.repository.store.graph.v2.EntityGraphRetriever; +import org.apache.atlas.type.AtlasTypeRegistry; +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; +import org.springframework.security.core.Authentication; +import org.springframework.security.core.context.SecurityContextHolder; +import org.springframework.stereotype.Component; + +import javax.inject.Inject; +import java.util.HashMap; +import java.util.List; +import java.util.Map; + +@Component +public class AuthorizerCommon { + private static final Logger LOG = LoggerFactory.getLogger(AuthorizerCommon.class); + + private static AtlasTypeRegistry typeRegistry; + private static EntityGraphRetriever entityRetriever; + + @Inject + public AuthorizerCommon(AtlasGraph graph, AtlasTypeRegistry typeRegistry) { + this.typeRegistry = typeRegistry; + this.entityRetriever = new EntityGraphRetriever(graph, typeRegistry, true); + } + + public static String getCurrentUserName() { + Authentication auth = SecurityContextHolder.getContext().getAuthentication(); + + return auth != null ? auth.getName() : ""; + } + + public static boolean arrayListContains(List listA, List listB) { + for (String listAItem : listA){ + if (listB.contains(listAItem)) { + return true; + } + } + return false; + } + + public static Map getMap(String key, Object value) { + Map map = new HashMap<>(); + map.put(key, value); + return map; + } +} diff --git a/repository/src/main/java/org/apache/atlas/authorizer/authorizers/ListAuthorizer.java b/repository/src/main/java/org/apache/atlas/authorizer/authorizers/ListAuthorizer.java new file mode 100644 index 0000000000..4e41bebfcd --- /dev/null +++ b/repository/src/main/java/org/apache/atlas/authorizer/authorizers/ListAuthorizer.java @@ -0,0 +1,314 @@ +package org.apache.atlas.authorizer.authorizers; + +import com.fasterxml.jackson.core.JsonProcessingException; +import com.fasterxml.jackson.databind.JsonNode; +import com.fasterxml.jackson.databind.ObjectMapper; +import com.google.common.collect.Lists; +import org.apache.atlas.RequestContext; +import org.apache.atlas.authorize.AtlasAuthorizationUtils; +import org.apache.atlas.authorizer.JsonToElasticsearchQuery; +import org.apache.atlas.authorizer.store.PoliciesStore; +import org.apache.atlas.plugin.model.RangerPolicy; +import org.apache.atlas.type.AtlasType; +import org.apache.atlas.utils.AtlasPerfMetrics; +import org.apache.commons.collections.CollectionUtils; +import org.apache.commons.collections.MapUtils; +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; + +import java.util.ArrayList; +import java.util.Base64; +import java.util.HashMap; +import java.util.HashSet; +import java.util.List; +import java.util.Map; +import java.util.Set; + +import static org.apache.atlas.authorizer.NewAuthorizerUtils.DENY_POLICY_NAME_SUFFIX; +import static org.apache.atlas.authorizer.NewAuthorizerUtils.MAX_CLAUSE_LIMIT; +import static org.apache.atlas.authorizer.NewAuthorizerUtils.POLICY_TYPE_ALLOW; +import static org.apache.atlas.authorizer.NewAuthorizerUtils.POLICY_TYPE_DENY; +import static org.apache.atlas.authorizer.authorizers.AuthorizerCommon.getMap; + +public class ListAuthorizer { + private static final Logger LOG = LoggerFactory.getLogger(AtlasAuthorizationUtils.class); + + public static Map getElasticsearchDSL(String persona, String purpose, List actions) { + AtlasPerfMetrics.MetricRecorder recorder = RequestContext.get().startMetricRecord("ListAuthorizer.getElasticsearchDSL"); + Map allowDsl = getElasticsearchDSLForPolicyType(persona, purpose, actions, false, POLICY_TYPE_ALLOW); + Map denyDsl = getElasticsearchDSLForPolicyType(persona, purpose, actions, false, POLICY_TYPE_DENY); + Map finaDsl = new HashMap<>(); + if (allowDsl != null) { + finaDsl.put("filter", allowDsl); + } + if (denyDsl != null) { + finaDsl.put("must_not", denyDsl); + } + + RequestContext.get().endMetricRecord(recorder); + return getMap("bool", finaDsl); + } + + public static Map getElasticsearchDSLForPolicyType(String persona, String purpose, + List actions, boolean requestMatchedPolicyId, + String policyType) { + AtlasPerfMetrics.MetricRecorder recorder = RequestContext.get().startMetricRecord("ListAuthorizer.getElasticsearchDSLForPolicyType."+ policyType); + + List resourcePolicies = PoliciesStore.getRelevantPolicies(persona, purpose, "atlas", actions, policyType); + List tagPolicies = PoliciesStore.getRelevantPolicies(persona, purpose, "atlas_tag", actions, policyType); + + List> shouldClauses = new ArrayList<>(); + if (requestMatchedPolicyId) { + shouldClauses.addAll(getDSLForResourcePoliciesPerPolicy(resourcePolicies)); + shouldClauses.addAll(getDSLForTagPoliciesPerPolicy(tagPolicies)); + } else { + shouldClauses.addAll(getDSLForResourcePolicies(resourcePolicies)); + Map tagDsl = getDSLForTagPolicies(tagPolicies); + if (MapUtils.isNotEmpty(tagDsl)) { + shouldClauses.add(tagDsl); + } + } + + //LOG.info("Applicable policies to user {}", resourcePolicies.size() + tagPolicies.size()); + + Map boolClause = new HashMap<>(); + if (shouldClauses.isEmpty()) { + if (POLICY_TYPE_ALLOW.equals(policyType)) { + boolClause.put("must_not", getMap("match_all", new HashMap<>())); + } else { + return null; + } + + } else { + if (shouldClauses.size() > MAX_CLAUSE_LIMIT) { + List> splittedShould = new ArrayList<>(); + List>> partitionedShouldClause = Lists.partition(shouldClauses, MAX_CLAUSE_LIMIT); + + for (List> chunk : partitionedShouldClause) { + splittedShould.add(getMap("bool", getMap("should", chunk))); + } + boolClause.put("should", splittedShould); + + } else { + boolClause.put("should", shouldClauses); + } + + boolClause.put("minimum_should_match", 1); + } + + RequestContext.get().endMetricRecord(recorder); + return getMap("bool", boolClause); + } + + private static List> getDSLForResourcePolicies(List policies) { + + // To reduce the number of clauses + List combinedEntities = new ArrayList<>(); + Set combinedEntityTypes = new HashSet<>(); + List> shouldClauses = new ArrayList<>(); + + for (RangerPolicy policy : policies) { + if (MapUtils.isNotEmpty(policy.getResources())) { + List entities = new ArrayList<>(0); + List entityTypesRaw = new ArrayList<>(0); + + if (policy.getResources().get("entity") != null) { + entities = policy.getResources().get("entity").getValues(); + } + + if (policy.getResources().get("entity-type") != null) { + entityTypesRaw = policy.getResources().get("entity-type").getValues(); + } + + if (entities.contains("*") && entityTypesRaw.contains("*")) { + Map emptyMap = new HashMap<>(); + shouldClauses.clear(); + shouldClauses.add(getMap("match_all",emptyMap)); + break; + } + + entities.remove("*"); + entityTypesRaw.remove("*"); + + //Set entityTypes = new HashSet<>(); + //entityTypesRaw.forEach(x -> entityTypes.addAll(AuthorizerCommon.getTypeAndSupertypesList(x))); + + if (!entities.isEmpty() && entityTypesRaw.isEmpty()) { + combinedEntities.addAll(entities); + } else if (entities.isEmpty() && !entityTypesRaw.isEmpty()) { + combinedEntityTypes.addAll(entityTypesRaw); + } else if (!entities.isEmpty() && !entityTypesRaw.isEmpty()) { + Map dslForPolicyResources = getDSLForResources(entities, new HashSet<>(entityTypesRaw), null, null); + shouldClauses.add(dslForPolicyResources); + } + } + } + if (!combinedEntities.isEmpty()) { + shouldClauses.add(getDSLForResources(combinedEntities, new HashSet<>(), null, null)); + } + if (!combinedEntityTypes.isEmpty()) { + shouldClauses.add(getDSLForResources(new ArrayList<>(), combinedEntityTypes, null, null)); + } + return shouldClauses; + } + + public static Map getDSLForResources(List entities, Set typeNames, List classifications, String clauseName){ + List> shouldClauses = new ArrayList<>(); + List termsQualifiedNames = new ArrayList<>(); + for (String entity: entities) { + if (!entity.equals("*")) { + if (entity.contains("*") || entity.contains("?")) { + shouldClauses.add(getMap("wildcard", getMap("qualifiedName", entity))); + } else { + termsQualifiedNames.add(entity); + } + } + } + if (!termsQualifiedNames.isEmpty()) { + shouldClauses.add(getMap("terms", getMap("qualifiedName", termsQualifiedNames))); + } + + Map boolClause = new HashMap<>(); + + if (!shouldClauses.isEmpty()) { + boolClause.put("should", shouldClauses); + boolClause.put("minimum_should_match", 1); + } + + List> filterClauses = new ArrayList<>(); + + if (!typeNames.isEmpty() && !typeNames.contains("*")) { + List> typeClauses = new ArrayList<>(); + typeClauses.add(getMap("terms", getMap("__typeName.keyword", typeNames))); + typeClauses.add(getMap("terms", getMap("__superTypeNames.keyword", typeNames))); + + filterClauses.add(getMap("bool", getMap("should", typeClauses))); + } + + if (classifications != null && !classifications.isEmpty() && !classifications.contains("*")) { + List> classificationClauses = new ArrayList<>(); + + classificationClauses.add(getMap("terms", getMap("__traitNames", classifications))); + classificationClauses.add(getMap("terms", getMap("__propagatedTraitNames", classifications))); + + filterClauses.add(getMap("bool", getMap("should", classificationClauses))); + } + + if (!filterClauses.isEmpty()) { + boolClause.put("filter", filterClauses); + } + + if (clauseName != null) { + boolClause.put("_name", clauseName); + } + + return getMap("bool", boolClause); + } + + public static Map getDSLForTagPolicies(List policies) { + // To reduce the number of clauses + Set allTags = new HashSet<>(); + //LOG.info("Found {} tag policies", policies.size()); + + for (RangerPolicy policy : policies) { + if (MapUtils.isNotEmpty(policy.getResources())) { + //LOG.info("policy {}", AtlasType.toJson(policy)); + List tags = new ArrayList<>(0); + + if (policy.getResources().get("tag") != null) { + tags = policy.getResources().get("tag").getValues(); + } + + if (!tags.isEmpty()) { + allTags.addAll(tags); + } + } + } + if (!allTags.isEmpty()) { + return getDSLForTags(allTags); + } + return null; + } + + public static List> getDSLForResourcePoliciesPerPolicy(List policies) { + + List> shouldClauses = new ArrayList<>(); + + for (RangerPolicy policy : policies) { + if (MapUtils.isNotEmpty(policy.getResources())) { + List entities = new ArrayList<>(0); + List entityTypesRaw = new ArrayList<>(0); + + if (policy.getResources().get("entity") != null) { + entities = policy.getResources().get("entity").getValues(); + } + + if (policy.getResources().get("entity-type") != null) { + entityTypesRaw = policy.getResources().get("entity-type").getValues(); + } + + if (entities.contains("*") && entityTypesRaw.contains("*")) { + shouldClauses.clear(); + shouldClauses.add(getMap("match_all", getMap("_name", policy.getGuid() + getPolicySuffix(policy)))); + break; + } + + Map dslForPolicyResources = getDSLForResources(entities, new HashSet<>(entityTypesRaw), null, + policy.getGuid() + getPolicySuffix(policy)); + shouldClauses.add(dslForPolicyResources); + } + } + return shouldClauses; + } + + public static String getPolicySuffix(RangerPolicy policy) { + if (CollectionUtils.isNotEmpty(policy.getDenyPolicyItems())) { + return DENY_POLICY_NAME_SUFFIX; + } + return ""; + } + + public static List> getDSLForTagPoliciesPerPolicy(List policies) { + List> shouldClauses = new ArrayList<>(); + + //LOG.info("Found {} tag policies", policies.size()); + + for (RangerPolicy policy : policies) { + if (MapUtils.isNotEmpty(policy.getResources())) { + //LOG.info("policy {}", AtlasType.toJson(policy)); + List tags = new ArrayList<>(0); + if (policy.getResources().get("tag") != null) { + tags = policy.getResources().get("tag").getValues(); + } + + if (!tags.isEmpty()) { + + List> tagsClauses = new ArrayList<>(); + tagsClauses.add(getMap("terms", getMap("__traitNames", tags))); + tagsClauses.add(getMap("terms", getMap("__propagatedTraitNames", tags))); + + Map shouldMap = getMap("should", tagsClauses); + shouldMap.put("minimum_should_match", 1); + shouldMap.put("_name", policy.getGuid() + getPolicySuffix(policy)); + + Map boolClause = getMap("bool", shouldMap); + shouldClauses.add(boolClause); + } + } + } + + return shouldClauses; + } + + private static Map getDSLForTags(Set tags){ + List> shouldClauses = new ArrayList<>(); + shouldClauses.add(getMap("terms", getMap("__traitNames", tags))); + shouldClauses.add(getMap("terms", getMap("__propagatedTraitNames", tags))); + + Map boolClause = new HashMap<>(); + boolClause.put("should", shouldClauses); + boolClause.put("minimum_should_match", 1); + + return getMap("bool", boolClause); + } +} diff --git a/repository/src/main/java/org/apache/atlas/authorizer/store/PoliciesStore.java b/repository/src/main/java/org/apache/atlas/authorizer/store/PoliciesStore.java new file mode 100644 index 0000000000..0c00f88a54 --- /dev/null +++ b/repository/src/main/java/org/apache/atlas/authorizer/store/PoliciesStore.java @@ -0,0 +1,181 @@ +package org.apache.atlas.authorizer.store; + +import org.apache.atlas.RequestContext; +import org.apache.atlas.authorizer.authorizers.AuthorizerCommon; +import org.apache.atlas.plugin.model.RangerPolicy; +import org.apache.atlas.plugin.util.RangerRoles; +import org.apache.atlas.plugin.util.RangerUserStore; +import org.apache.atlas.utils.AtlasPerfMetrics; +import org.apache.commons.collections.CollectionUtils; +import org.apache.commons.lang.StringUtils; +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; + +import java.util.ArrayList; +import java.util.List; +import java.util.stream.Collectors; + +import static org.apache.atlas.authorizer.NewAuthorizerUtils.POLICY_TYPE_ALLOW; +import static org.apache.atlas.authorizer.NewAuthorizerUtils.POLICY_TYPE_DENY; + +public class PoliciesStore { + + private static final Logger LOG = LoggerFactory.getLogger(PoliciesStore.class); + + private static List resourcePolicies; + private static List tagPolicies; + + public static void setResourcePolicies(List resourcePolicies) { + PoliciesStore.resourcePolicies = resourcePolicies; + } + + private static List getResourcePolicies() { + return resourcePolicies; + } + + public static void setTagPolicies(List tagPolicies) { + PoliciesStore.tagPolicies = tagPolicies; + } + + private static List getTagPolicies() { + return tagPolicies; + } + + public static List getRelevantPolicies(String persona, String purpose, String serviceName, List actions, String policyType) { + return getRelevantPolicies(null, null, serviceName, actions, policyType, false); + } + + public static List getRelevantPolicies(String persona, String purpose, String serviceName, List actions, String policyType, boolean ignoreUser) { + AtlasPerfMetrics.MetricRecorder recorder = RequestContext.get().startMetricRecord("getRelevantPolicies"); + String policyQualifiedNamePrefix = null; + if (persona != null && !persona.isEmpty()) { + policyQualifiedNamePrefix = persona; + } else if (purpose != null && !purpose.isEmpty()) { + policyQualifiedNamePrefix = purpose; + } + + List policies = new ArrayList<>(); + if ("atlas".equals(serviceName)) { + policies = getResourcePolicies(); + } else if ("atlas_tag".equals(serviceName)) { + policies = getTagPolicies(); + } + + List filteredPolicies = null; + if (CollectionUtils.isNotEmpty(policies)) { + filteredPolicies = new ArrayList<>(policies); + filteredPolicies = getFilteredPoliciesForQualifiedName(filteredPolicies, policyQualifiedNamePrefix); + filteredPolicies = getFilteredPoliciesForActions(filteredPolicies, actions, policyType); + + if (!ignoreUser) { + String user = AuthorizerCommon.getCurrentUserName(); + LOG.info("Getting relevant policies for user: {}", user); + + RangerUserStore userStore = UsersStore.getUserStore(); + List groups = UsersStore.getGroupsForUser(user, userStore); + + RangerRoles allRoles = UsersStore.getAllRoles(); + List roles = UsersStore.getRolesForUser(user, allRoles); + roles.addAll(UsersStore.getNestedRolesForUser(roles, allRoles)); + + filteredPolicies = getFilteredPoliciesForUser(filteredPolicies, user, groups, roles, policyType); + } + } else { + filteredPolicies = new ArrayList<>(0); + } + + RequestContext.get().endMetricRecord(recorder); + return filteredPolicies; + } + + static List getFilteredPoliciesForQualifiedName(List policies, String qualifiedNamePrefix) { + AtlasPerfMetrics.MetricRecorder recorder = RequestContext.get().startMetricRecord("getFilteredPoliciesForQualifiedName"); + if (qualifiedNamePrefix != null && !qualifiedNamePrefix.isEmpty()) { + List filteredPolicies = new ArrayList<>(); + for(RangerPolicy policy : policies) { + if (policy.getName().startsWith(qualifiedNamePrefix)) { + filteredPolicies.add(policy); + } + } + return filteredPolicies; + } + + RequestContext.get().endMetricRecord(recorder); + return policies; + } + + private static List getFilteredPoliciesForActions(List policies, List actions, String type) { + AtlasPerfMetrics.MetricRecorder recorder = RequestContext.get().startMetricRecord("getFilteredPoliciesForActions"); + List filteredPolicies = new ArrayList<>(); + + + for(RangerPolicy policy : policies) { + RangerPolicy.RangerPolicyItem policyItem = null; + + if (StringUtils.isNotEmpty(type)) { + if (POLICY_TYPE_ALLOW.equals(type) && !policy.getPolicyItems().isEmpty()) { + policyItem = policy.getPolicyItems().get(0); + } else if (POLICY_TYPE_DENY.equals(type) && !policy.getDenyPolicyItems().isEmpty()) { + policyItem = policy.getDenyPolicyItems().get(0); + } + } else { + if (!policy.getPolicyItems().isEmpty()) { + policyItem = policy.getPolicyItems().get(0); + } else if (!policy.getDenyPolicyItems().isEmpty()) { + policyItem = policy.getDenyPolicyItems().get(0); + } + } + + if (policyItem != null) { + List policyActions = new ArrayList<>(); + if (!policyItem.getAccesses().isEmpty()) { + policyActions = policyItem.getAccesses().stream().map(x -> x.getType()).collect(Collectors.toList()); + } + if (AuthorizerCommon.arrayListContains(policyActions, actions)) { + filteredPolicies.add(policy); + } + } + } + + RequestContext.get().endMetricRecord(recorder); + return filteredPolicies; + } + + private static List getFilteredPoliciesForUser(List policies, String user, List groups, List roles, String type) { + AtlasPerfMetrics.MetricRecorder recorder = RequestContext.get().startMetricRecord("getFilteredPoliciesForUser"); + + List filterPolicies = new ArrayList<>(); + for(RangerPolicy policy : policies) { + RangerPolicy.RangerPolicyItem policyItem = null; + + if (StringUtils.isNotEmpty(type)) { + if (POLICY_TYPE_ALLOW.equals(type) && !policy.getPolicyItems().isEmpty()) { + policyItem = policy.getPolicyItems().get(0); + } else if (POLICY_TYPE_DENY.equals(type) && !policy.getDenyPolicyItems().isEmpty()) { + policyItem = policy.getDenyPolicyItems().get(0); + } + } else { + if (!policy.getPolicyItems().isEmpty()) { + policyItem = policy.getPolicyItems().get(0); + } else if (!policy.getDenyPolicyItems().isEmpty()) { + policyItem = policy.getDenyPolicyItems().get(0); + } + } + + if (policyItem != null) { + List policyUsers = policyItem.getUsers(); + List policyGroups = policyItem.getGroups(); + List policyRoles = policyItem.getRoles(); + if (policyUsers.contains(user) + || policyGroups.contains("public") + || AuthorizerCommon.arrayListContains(policyGroups, groups) + || AuthorizerCommon.arrayListContains(policyRoles, roles)) { + filterPolicies.add(policy); + } + } + } + + RequestContext.get().endMetricRecord(recorder); + return filterPolicies; + } +} diff --git a/repository/src/main/java/org/apache/atlas/authorizer/store/UsersStore.java b/repository/src/main/java/org/apache/atlas/authorizer/store/UsersStore.java new file mode 100644 index 0000000000..83d5f16848 --- /dev/null +++ b/repository/src/main/java/org/apache/atlas/authorizer/store/UsersStore.java @@ -0,0 +1,74 @@ +package org.apache.atlas.authorizer.store; + +import org.apache.atlas.authorizer.authorizers.AuthorizerCommon; +import org.apache.atlas.plugin.model.RangerRole; +import org.apache.atlas.plugin.util.RangerRoles; +import org.apache.atlas.plugin.util.RangerUserStore; + +import java.util.ArrayList; +import java.util.List; +import java.util.Map; +import java.util.Set; + +public class UsersStore { + + private static RangerUserStore userStore; + private static RangerRoles allRoles; + + public static void setUserStore(RangerUserStore userStore) { + UsersStore.userStore = userStore; + } + + public static RangerUserStore getUserStore() { + return userStore; + } + + public static void setAllRoles(RangerRoles allRoles) { + UsersStore.allRoles = allRoles; + } + + public static RangerRoles getAllRoles() { + return allRoles; + } + + public static List getGroupsForUser(String user, RangerUserStore userStore) { + Map> userGroupMapping = userStore.getUserGroupMapping(); + List groups = new ArrayList<>(); + Set groupsSet = userGroupMapping.get(user); + if (groupsSet != null && !groupsSet.isEmpty()) { + groups.addAll(groupsSet); + } + return groups; + } + + public static List getRolesForUser(String user, RangerRoles allRoles) { + List roles = new ArrayList<>(); + Set rangerRoles = allRoles.getRangerRoles(); + for (RangerRole role : rangerRoles) { + List users = role.getUsers(); + for (RangerRole.RoleMember roleUser: users) { + if (roleUser.getName().equals(user)) { + roles.add(role.getName()); + } + } + } + return roles; + } + + public static List getNestedRolesForUser(List userRoles, RangerRoles allRoles) { + List ret = new ArrayList<>(); + Set rangerRoles = allRoles.getRangerRoles(); + for (RangerRole role : rangerRoles) { + List nestedRoles = role.getRoles(); + List nestedRolesName = new ArrayList<>(); + for (RangerRole.RoleMember nestedRole : nestedRoles) { + nestedRolesName.add(nestedRole.getName()); + } + if (AuthorizerCommon.arrayListContains(userRoles, nestedRolesName)) { + ret.add(role.getName()); + } + } + return ret; + } + +} diff --git a/repository/src/main/java/org/apache/atlas/discovery/EntityDiscoveryService.java b/repository/src/main/java/org/apache/atlas/discovery/EntityDiscoveryService.java index 2a3390cfc9..5014a4ed9e 100644 --- a/repository/src/main/java/org/apache/atlas/discovery/EntityDiscoveryService.java +++ b/repository/src/main/java/org/apache/atlas/discovery/EntityDiscoveryService.java @@ -17,11 +17,15 @@ */ package org.apache.atlas.discovery; +import com.fasterxml.jackson.databind.JsonNode; +import com.fasterxml.jackson.databind.ObjectMapper; +import com.fasterxml.jackson.databind.node.ObjectNode; import com.google.common.annotations.VisibleForTesting; import org.apache.atlas.*; import org.apache.atlas.annotation.GraphTransaction; import org.apache.atlas.authorize.AtlasAuthorizationUtils; import org.apache.atlas.authorize.AtlasSearchResultScrubRequest; +import org.apache.atlas.authorizer.NewAuthorizerUtils; import org.apache.atlas.exception.AtlasBaseException; import org.apache.atlas.model.discovery.*; import org.apache.atlas.model.discovery.AtlasSearchResult.AtlasFullTextResult; @@ -37,8 +41,10 @@ import org.apache.atlas.query.executors.ScriptEngineBasedExecutor; import org.apache.atlas.query.executors.TraversalBasedExecutor; import org.apache.atlas.repository.Constants; +import org.apache.atlas.repository.audit.ESBasedAuditRepository; import org.apache.atlas.repository.graph.GraphBackedSearchIndexer; import org.apache.atlas.repository.graph.GraphHelper; +import org.apache.atlas.repository.audit.ESBasedAuditRepository; import org.apache.atlas.repository.graphdb.*; import org.apache.atlas.repository.graphdb.AtlasIndexQuery.Result; import org.apache.atlas.repository.store.graph.v2.AtlasGraphUtilsV2; @@ -78,6 +84,8 @@ import static org.apache.atlas.model.instance.AtlasEntity.Status.ACTIVE; import static org.apache.atlas.model.instance.AtlasEntity.Status.DELETED; import static org.apache.atlas.repository.Constants.*; +import static org.apache.atlas.repository.util.AccessControlUtils.ACCESS_READ_DOMAIN; +import static org.apache.atlas.repository.util.AtlasEntityUtils.mapOf; import static org.apache.atlas.util.AtlasGremlinQueryProvider.AtlasGremlinQuery.BASIC_SEARCH_STATE_FILTER; import static org.apache.atlas.util.AtlasGremlinQueryProvider.AtlasGremlinQuery.TO_RANGE_LIST; @@ -103,11 +111,11 @@ public class EntityDiscoveryService implements AtlasDiscoveryService { @Inject public EntityDiscoveryService(AtlasTypeRegistry typeRegistry, - AtlasGraph graph, - GraphBackedSearchIndexer indexer, - SearchTracker searchTracker, - UserProfileService userProfileService, - StatsClient statsClient) throws AtlasException { + AtlasGraph graph, + GraphBackedSearchIndexer indexer, + SearchTracker searchTracker, + UserProfileService userProfileService, + StatsClient statsClient) throws AtlasException { this.graph = graph; this.entityRetriever = new EntityGraphRetriever(this.graph, typeRegistry); this.indexer = indexer; @@ -996,6 +1004,10 @@ public AtlasSearchResult directIndexSearch(SearchParams searchParams) throws Atl String indexName = getIndexName(params); indexQuery = graph.elasticsearchQuery(indexName); + if (searchParams.getEnableFullRestriction()) { + addPreFiltersToSearchQuery(searchParams); + } + //LOG.info(searchParams.getQuery()); AtlasPerfMetrics.MetricRecorder elasticSearchQueryMetric = RequestContext.get().startMetricRecord("elasticSearchQuery"); DirectIndexQueryResult indexQueryResult = indexQuery.vertices(searchParams); if (indexQueryResult == null) { @@ -1110,7 +1122,10 @@ private void prepareSearchResult(AtlasSearchResult ret, DirectIndexQueryResult i } catch (Exception e) { throw e; } - scrubSearchResults(ret, searchParams.getSuppressLogs()); + + if (!searchParams.getEnableFullRestriction()) { + scrubSearchResults(ret, searchParams.getSuppressLogs()); + } } private Map getMap(String key, Object value) { @@ -1163,7 +1178,6 @@ private String getIndexName(IndexSearchParams params) throws AtlasBaseException } private void accessControlExclusiveDsl(IndexSearchParams params, String aliasName) { - List> mustClauses = new ArrayList<>(); Map clientQuery = (Map) params.getDsl().get("query"); @@ -1205,4 +1219,44 @@ private Map getStaticBoolQuery() { return getMap("bool", boolQuery); } + + private void addPreFiltersToSearchQuery(SearchParams searchParams) { + try { + String persona = ((IndexSearchParams) searchParams).getPersona(); + String purpose = ((IndexSearchParams) searchParams).getPurpose(); + + AtlasPerfMetrics.MetricRecorder addPreFiltersToSearchQueryMetric = RequestContext.get().startMetricRecord("addPreFiltersToSearchQuery"); + ObjectMapper mapper = new ObjectMapper(); + List> mustClauseList = new ArrayList<>(); + + List actions = new ArrayList<>(); + actions.add("entity-read"); + + Map allPreFiltersBoolClause = NewAuthorizerUtils.getPreFilterDsl(persona, purpose, actions); + mustClauseList.add(allPreFiltersBoolClause); + + mustClauseList.add((Map) ((IndexSearchParams) searchParams).getDsl().get("query")); + + String dslString = searchParams.getQuery(); + JsonNode node = mapper.readTree(dslString); + /*JsonNode userQueryNode = node.get("query"); + if (userQueryNode != null) { + + String userQueryString = userQueryNode.toString(); + + String userQueryBase64 = Base64.getEncoder().encodeToString(userQueryString.getBytes()); + mustClauseList.add(getMap("wrapper", getMap("query", userQueryBase64))); + }*/ + + JsonNode updateQueryNode = mapper.valueToTree(getMap("bool", getMap("must", mustClauseList))); + + ((ObjectNode) node).set("query", updateQueryNode); + searchParams.setQuery(node.toString()); + + RequestContext.get().endMetricRecord(addPreFiltersToSearchQueryMetric); + + } catch (Exception e) { + LOG.error("Error -> addPreFiltersToSearchQuery!", e); + } + } } diff --git a/repository/src/main/java/org/apache/atlas/discovery/EntityLineageService.java b/repository/src/main/java/org/apache/atlas/discovery/EntityLineageService.java index 17200b9e44..f09d8ecc50 100644 --- a/repository/src/main/java/org/apache/atlas/discovery/EntityLineageService.java +++ b/repository/src/main/java/org/apache/atlas/discovery/EntityLineageService.java @@ -370,7 +370,7 @@ private void traverseEdgesOnDemand(Iterator processEdges, boolean isI } boolean isInputEdge = processEdge.getLabel().equalsIgnoreCase(PROCESS_INPUTS_EDGE); - if (incrementAndCheckIfRelationsLimitReached(processEdge, isInputEdge, atlasLineageOnDemandContext, ret, depth, entitiesTraversed, direction)) { + if (incrementAndCheckIfRelationsLimitReached(processEdge, isInputEdge, atlasLineageOnDemandContext, ret, depth, entitiesTraversed, direction, new HashSet<>())) { break; } else { addEdgeToResult(processEdge, ret, atlasLineageOnDemandContext, nextLevel, traversalOrder); @@ -415,7 +415,7 @@ private void traverseEdgesOnDemand(AtlasVertex datasetVertex, boolean isInput, i continue; } - if (incrementAndCheckIfRelationsLimitReached(incomingEdge, !isInput, atlasLineageOnDemandContext, ret, depth, entitiesTraversed, direction)) { + if (incrementAndCheckIfRelationsLimitReached(incomingEdge, !isInput, atlasLineageOnDemandContext, ret, depth, entitiesTraversed, direction, visitedVertices)) { LineageInfoOnDemand entityOnDemandInfo = ret.getRelationsOnDemand().get(baseGuid); if (entityOnDemandInfo == null) continue; @@ -442,7 +442,7 @@ private void traverseEdgesOnDemand(AtlasVertex datasetVertex, boolean isInput, i if (checkForOffset(outgoingEdge, connecterVertex, atlasLineageOnDemandContext, ret)) { continue; } - if (incrementAndCheckIfRelationsLimitReached(outgoingEdge, isInput, atlasLineageOnDemandContext, ret, depth, entitiesTraversed, direction)) { + if (incrementAndCheckIfRelationsLimitReached(outgoingEdge, isInput, atlasLineageOnDemandContext, ret, depth, entitiesTraversed, direction, visitedVertices)) { String processGuid = AtlasGraphUtilsV2.getIdFromVertex(connecterVertex); LineageInfoOnDemand entityOnDemandInfo = ret.getRelationsOnDemand().get(processGuid); if (entityOnDemandInfo == null) @@ -625,10 +625,8 @@ private static String getId(AtlasVertex vertex) { return vertex.getIdForDisplay(); } - private boolean incrementAndCheckIfRelationsLimitReached(AtlasEdge atlasEdge, boolean isInput, AtlasLineageOnDemandContext atlasLineageOnDemandContext, AtlasLineageOnDemandInfo ret, int depth, AtomicInteger entitiesTraversed, AtlasLineageOnDemandInfo.LineageDirection direction) { + private boolean incrementAndCheckIfRelationsLimitReached(AtlasEdge atlasEdge, boolean isInput, AtlasLineageOnDemandContext atlasLineageOnDemandContext, AtlasLineageOnDemandInfo ret, int depth, AtomicInteger entitiesTraversed, AtlasLineageOnDemandInfo.LineageDirection direction, Set visitedVertices) { AtlasPerfMetrics.MetricRecorder metricRecorder = RequestContext.get().startMetricRecord("incrementAndCheckIfRelationsLimitReached"); - if (lineageContainsVisitedEdgeV2(ret, atlasEdge)) - return false; AtlasVertex inVertex = isInput ? atlasEdge.getOutVertex() : atlasEdge.getInVertex(); String inGuid = AtlasGraphUtilsV2.getIdFromVertex(inVertex); @@ -641,7 +639,7 @@ private boolean incrementAndCheckIfRelationsLimitReached(AtlasEdge atlasEdge, bo LineageInfoOnDemand inLineageInfo = ret.getRelationsOnDemand().containsKey(inGuid) ? ret.getRelationsOnDemand().get(inGuid) : new LineageInfoOnDemand(inGuidLineageConstraints); LineageInfoOnDemand outLineageInfo = ret.getRelationsOnDemand().containsKey(outGuid) ? ret.getRelationsOnDemand().get(outGuid) : new LineageInfoOnDemand(outGuidLineageConstraints); - setHorizontalPaginationFlags(isInput, atlasLineageOnDemandContext, ret, depth, entitiesTraversed, inVertex, inGuid, outVertex, outGuid, inLineageInfo, outLineageInfo); + setHorizontalPaginationFlags(isInput, atlasLineageOnDemandContext, ret, depth, entitiesTraversed, inVertex, inGuid, outVertex, outGuid, inLineageInfo, outLineageInfo, visitedVertices); boolean hasRelationsLimitReached = setVerticalPaginationFlags(entitiesTraversed, inLineageInfo, outLineageInfo); if (!hasRelationsLimitReached) { @@ -668,9 +666,9 @@ private boolean setVerticalPaginationFlags(AtomicInteger entitiesTraversed, Line return hasRelationsLimitReached; } - private void setHorizontalPaginationFlags(boolean isInput, AtlasLineageOnDemandContext atlasLineageOnDemandContext, AtlasLineageOnDemandInfo ret, int depth, AtomicInteger entitiesTraversed, AtlasVertex inVertex, String inGuid, AtlasVertex outVertex, String outGuid, LineageInfoOnDemand inLineageInfo, LineageInfoOnDemand outLineageInfo) { - boolean isOutVertexVisited = ret.getRelationsOnDemand().containsKey(outGuid); - boolean isInVertexVisited = ret.getRelationsOnDemand().containsKey(inGuid); + private void setHorizontalPaginationFlags(boolean isInput, AtlasLineageOnDemandContext atlasLineageOnDemandContext, AtlasLineageOnDemandInfo ret, int depth, AtomicInteger entitiesTraversed, AtlasVertex inVertex, String inGuid, AtlasVertex outVertex, String outGuid, LineageInfoOnDemand inLineageInfo, LineageInfoOnDemand outLineageInfo, Set visitedVertices) { + boolean isOutVertexVisited = visitedVertices.contains(getId(outVertex)); + boolean isInVertexVisited = visitedVertices.contains(getId(inVertex)); if (depth == 1 || entitiesTraversed.get() == getLineageMaxNodeAllowedCount()-1) { // is the vertex a leaf? if (isInput && ! isOutVertexVisited) setHasUpstream(atlasLineageOnDemandContext, outVertex, outLineageInfo); @@ -680,24 +678,28 @@ else if (!isInput && ! isInVertexVisited) } private void setHasDownstream(AtlasLineageOnDemandContext atlasLineageOnDemandContext, AtlasVertex inVertex, LineageInfoOnDemand inLineageInfo) { - List filteredEdges = getFilteredAtlasEdges(inVertex, PROCESS_INPUTS_EDGE, atlasLineageOnDemandContext); - if (!filteredEdges.isEmpty()) + List filteredEdges = getFilteredAtlasEdges(inVertex, IN, PROCESS_INPUTS_EDGE, atlasLineageOnDemandContext, false); + if (!filteredEdges.isEmpty()) { inLineageInfo.setHasDownstream(true); + inLineageInfo.setTotalOutputRelationsCount(filteredEdges.size()); + } } private void setHasUpstream(AtlasLineageOnDemandContext atlasLineageOnDemandContext, AtlasVertex outVertex, LineageInfoOnDemand outLineageInfo) { - List filteredEdges = getFilteredAtlasEdges(outVertex, PROCESS_OUTPUTS_EDGE, atlasLineageOnDemandContext); - if (!filteredEdges.isEmpty()) + List filteredEdges = getFilteredAtlasEdges(outVertex, IN, PROCESS_OUTPUTS_EDGE, atlasLineageOnDemandContext, false); + if (!filteredEdges.isEmpty()) { outLineageInfo.setHasUpstream(true); + outLineageInfo.setTotalInputRelationsCount(filteredEdges.size()); + } } - private List getFilteredAtlasEdges(AtlasVertex outVertex, String processEdgeLabel, AtlasLineageOnDemandContext atlasLineageOnDemandContext) { + private List getFilteredAtlasEdges(AtlasVertex outVertex, AtlasEdgeDirection direction, String processEdgeLabel, AtlasLineageOnDemandContext atlasLineageOnDemandContext, boolean hasAnyCheck) { List filteredEdges = new ArrayList<>(); - Iterable edges = outVertex.getEdges(IN, processEdgeLabel); + Iterable edges = outVertex.getEdges(direction, processEdgeLabel); for (AtlasEdge edge : edges) { if (edgeMatchesEvaluation(edge, atlasLineageOnDemandContext)) { filteredEdges.add(edge); - break; + if (hasAnyCheck) break; } } return filteredEdges; @@ -1524,6 +1526,7 @@ private void processEdge(final AtlasEdge edge, final Map resourcePolicies; + private List tagPolicies; + private List abacPolicies; + private static UsersGroupsRolesStore usersGroupsRolesStore; + + public static UsersGroupsRolesStore getInstance() { + synchronized (UsersGroupsRolesStore.class) { + if (usersGroupsRolesStore == null) { + usersGroupsRolesStore = new UsersGroupsRolesStore(); + } + return usersGroupsRolesStore; + } + } + + public UsersGroupsRolesStore () {} + + public void setUserStore(RangerUserStore userStore) { + this.userStore = userStore; + } + + public RangerUserStore getUserStore() { + return userStore; + } + + public void setAllRoles(RangerRoles allRoles) { + this.allRoles = allRoles; + } + + public RangerRoles getAllRoles() { + return allRoles; + } + + public void setResourcePolicies(List resourcePolicies) { + this.resourcePolicies = resourcePolicies; + } + + public List getResourcePolicies() { + return resourcePolicies; + } + + public void setTagPolicies(List tagPolicies) { + this.tagPolicies = tagPolicies; + } + + public List getTagPolicies() { + return tagPolicies; + } + + public void setAbacPolicies(List abacPolicies) { + this.abacPolicies = abacPolicies; + } + + public List getAbacPolicies() { + return abacPolicies; + } + +} diff --git a/repository/src/main/java/org/apache/atlas/glossary/GlossaryService.java b/repository/src/main/java/org/apache/atlas/glossary/GlossaryService.java index f87e92498e..3192a94b6b 100644 --- a/repository/src/main/java/org/apache/atlas/glossary/GlossaryService.java +++ b/repository/src/main/java/org/apache/atlas/glossary/GlossaryService.java @@ -35,7 +35,6 @@ import org.apache.atlas.repository.graphdb.AtlasGraph; import org.apache.atlas.repository.graphdb.AtlasVertex; import org.apache.atlas.repository.ogm.DataAccess; -import org.apache.atlas.repository.store.graph.AtlasEntityStore; import org.apache.atlas.repository.store.graph.AtlasRelationshipStore; import org.apache.atlas.repository.store.graph.v2.AtlasEntityChangeNotifier; import org.apache.atlas.repository.store.graph.v2.AtlasGraphUtilsV2; @@ -533,7 +532,7 @@ public void assignTermToEntities(String termGuid, List rel LOG.debug("==> GlossaryService.assignTermToEntities({}, {})", termGuid, relatedObjectIds); } - AtlasGlossaryTerm glossaryTerm = dataAccess.load(getAtlasGlossaryTermSkeleton(termGuid)); + AtlasGlossaryTerm glossaryTerm = dataAccess.loadWithMinInfo(getAtlasGlossaryTermSkeleton(termGuid), true, true); glossaryTermUtils.processTermAssignments(glossaryTerm, relatedObjectIds); diff --git a/repository/src/main/java/org/apache/atlas/glossary/GlossaryTermUtils.java b/repository/src/main/java/org/apache/atlas/glossary/GlossaryTermUtils.java index 72c6b8dbd3..d7a37bfb1b 100644 --- a/repository/src/main/java/org/apache/atlas/glossary/GlossaryTermUtils.java +++ b/repository/src/main/java/org/apache/atlas/glossary/GlossaryTermUtils.java @@ -18,6 +18,7 @@ package org.apache.atlas.glossary; import org.apache.atlas.AtlasErrorCode; +import org.apache.atlas.RequestContext; import org.apache.atlas.bulkimport.BulkImportResponse; import org.apache.atlas.bulkimport.BulkImportResponse.ImportInfo; import org.apache.atlas.exception.AtlasBaseException; @@ -37,6 +38,8 @@ import org.apache.atlas.type.AtlasRelationshipType; import org.apache.atlas.type.AtlasTypeRegistry; import org.apache.atlas.util.FileUtils; +import org.apache.atlas.utils.AtlasPerfMetrics; +import org.apache.atlas.utils.AtlasPerfTracer; import org.apache.commons.collections.CollectionUtils; import org.apache.commons.collections.MapUtils; import org.apache.commons.lang.ArrayUtils; @@ -68,6 +71,8 @@ public class GlossaryTermUtils extends GlossaryUtils { private static final Logger LOG = LoggerFactory.getLogger(GlossaryTermUtils.class); private static final boolean DEBUG_ENABLED = LOG.isDebugEnabled(); + private static final Logger PERF_LOG = AtlasPerfTracer.getPerfLogger("utils.GlossaryTermUtils"); + private static final int INDEX_FOR_GLOSSARY_AT_RECORD = 0; private static final int INDEX_FOR_TERM_AT_RECORD = 1; @@ -98,20 +103,31 @@ public void processTermAssignments(AtlasGlossaryTerm glossaryTerm, Collection GlossaryTermUtils.processTermAssignments({}, {})", glossaryTerm, relatedObjectIds); } + AtlasPerfMetrics.MetricRecorder metric = RequestContext.get().startMetricRecord("processTermAssignments"); + AtlasPerfTracer perf = null; + + if (AtlasPerfTracer.isPerfTraceEnabled(PERF_LOG)) { + perf = AtlasPerfTracer.getPerfTracer(PERF_LOG, "processTermAssignments"); + } + Objects.requireNonNull(glossaryTerm); - Set assignedEntities = glossaryTerm.getAssignedEntities(); + // Set assignedEntities = glossaryTerm.getAssignedEntities(); for (AtlasRelatedObjectId objectId : relatedObjectIds) { - if (CollectionUtils.isNotEmpty(assignedEntities) && assignedEntities.contains(objectId)) { - if (DEBUG_ENABLED) { - LOG.debug("Skipping already assigned entity {}", objectId); - } - continue; - } + /*** + * Discuss with @Aayush :PLT-305 + */ +// if (CollectionUtils.isNotEmpty(assignedEntities) && assignedEntities.contains(objectId)) { +// if (DEBUG_ENABLED) { +// LOG.debug("Skipping already assigned entity {}", objectId); +// } +// continue; +// } if (DEBUG_ENABLED) { LOG.debug("Assigning term guid={}, to entity guid = {}", glossaryTerm.getGuid(), objectId.getGuid()); } + createRelationship(defineTermAssignment(glossaryTerm.getGuid(), objectId)); AtlasVertex vertex = getVertexById(objectId.getGuid()); @@ -123,6 +139,8 @@ public void processTermAssignments(AtlasGlossaryTerm glossaryTerm, Collection relatedObjectIds) throws AtlasBaseException { diff --git a/repository/src/main/java/org/apache/atlas/glossary/GlossaryUtils.java b/repository/src/main/java/org/apache/atlas/glossary/GlossaryUtils.java index 0f16d0dc82..2310726b2e 100644 --- a/repository/src/main/java/org/apache/atlas/glossary/GlossaryUtils.java +++ b/repository/src/main/java/org/apache/atlas/glossary/GlossaryUtils.java @@ -55,8 +55,8 @@ public abstract class GlossaryUtils { public static final String TERM_ASSIGNMENT_ATTR_SOURCE = "source"; static final String ATLAS_GLOSSARY_TYPENAME = "AtlasGlossary"; - static final String ATLAS_GLOSSARY_TERM_TYPENAME = "AtlasGlossaryTerm"; - static final String ATLAS_GLOSSARY_CATEGORY_TYPENAME = "AtlasGlossaryCategory"; + public static final String ATLAS_GLOSSARY_TERM_TYPENAME = "AtlasGlossaryTerm"; + public static final String ATLAS_GLOSSARY_CATEGORY_TYPENAME = "AtlasGlossaryCategory"; public static final String NAME = "name"; public static final String QUALIFIED_NAME = "qualifiedName"; diff --git a/repository/src/main/java/org/apache/atlas/repository/audit/ESBasedAuditRepository.java b/repository/src/main/java/org/apache/atlas/repository/audit/ESBasedAuditRepository.java index cbab135606..2fefbc08df 100644 --- a/repository/src/main/java/org/apache/atlas/repository/audit/ESBasedAuditRepository.java +++ b/repository/src/main/java/org/apache/atlas/repository/audit/ESBasedAuditRepository.java @@ -84,6 +84,7 @@ public class ESBasedAuditRepository extends AbstractStorageBasedAuditRepository private static final String USER = "user"; private static final String DETAIL = "detail"; private static final String ENTITY = "entity"; + private static final String CLASSIFICATION_DETAIL= "classificationDetail"; private static final String bulkMetadata = String.format("{ \"index\" : { \"_index\" : \"%s\" } }%n", INDEX_NAME); /* @@ -134,7 +135,8 @@ public void putEventsV2(List events) throws AtlasBaseExcepti event.getEntityQualifiedName(), event.getEntity().getTypeName(), created, - "" + event.getEntity().getUpdateTime().getTime()); + "" + event.getEntity().getUpdateTime().getTime(), + event.getClassificationDetail()); bulkRequestBody.append(bulkMetadata); bulkRequestBody.append(bulkItem); @@ -174,7 +176,7 @@ private String getQueryTemplate(Map requestContextHeaders) { StringBuilder template = new StringBuilder(); template.append("'{'\"entityId\":\"{0}\",\"action\":\"{1}\",\"detail\":{2},\"user\":\"{3}\", \"eventKey\":\"{4}\", " + - "\"entityQualifiedName\": {5}, \"typeName\": \"{6}\",\"created\":{7}, \"timestamp\":{8}"); + "\"entityQualifiedName\": {5}, \"typeName\": \"{6}\",\"created\":{7}, \"timestamp\":{8}, \"classificationDetail\":{9}"); if (MapUtils.isNotEmpty(requestContextHeaders)) { template.append(",") @@ -226,7 +228,14 @@ private EntityAuditSearchResult getResultFromResponse(String responseString) thr EntityAuditEventV2 event = new EntityAuditEventV2(); event.setEntityId(entityGuid); event.setAction(EntityAuditEventV2.EntityAuditActionV2.fromString((String) source.get(ACTION))); - event.setDetail((Map) source.get(DETAIL)); + if (source.get(DETAIL) != null) { + if (source.get(DETAIL) instanceof Map) { + event.setDetail((Map) source.get(DETAIL)); + } + } + if (source.get(CLASSIFICATION_DETAIL) instanceof List) { + event.setClassificationDetails((List>) source.get(CLASSIFICATION_DETAIL)); + } event.setUser((String) source.get(USER)); event.setCreated((long) source.get(CREATED)); if (source.get(TIMESTAMP) != null) { diff --git a/repository/src/main/java/org/apache/atlas/repository/audit/EntityAuditListenerV2.java b/repository/src/main/java/org/apache/atlas/repository/audit/EntityAuditListenerV2.java index e83690774f..4f80f887a3 100644 --- a/repository/src/main/java/org/apache/atlas/repository/audit/EntityAuditListenerV2.java +++ b/repository/src/main/java/org/apache/atlas/repository/audit/EntityAuditListenerV2.java @@ -204,17 +204,10 @@ public void onClassificationsAdded(AtlasEntity entity, List MetricRecorder metric = RequestContext.get().startMetricRecord("entityAudit"); FixedBufferList classificationsAdded = getAuditEventsList(); - for (AtlasClassification classification : classifications) { - if (entity.getGuid().equals(classification.getEntityGuid())) { - createEvent(classificationsAdded.next(), entity, CLASSIFICATION_ADD, "Added classification: " + AtlasType.toJson(classification)); - } else { - createEvent(classificationsAdded.next(), entity, PROPAGATED_CLASSIFICATION_ADD, "Added propagated classification: " + AtlasType.toJson(classification)); - } - } - - for (EntityAuditRepository auditRepository: auditRepositories) { - auditRepository.putEventsV2(classificationsAdded.toList()); - } + Map> entityClassifications = new HashMap<>(); + Map> propagatedClassifications = new HashMap<>(); + getClassificationsFromEntity(classifications, entity, entityClassifications, propagatedClassifications); + emitAddClassificationEvent(classificationsAdded, entityClassifications, propagatedClassifications); RequestContext.get().endMetricRecord(metric); } @@ -222,23 +215,16 @@ public void onClassificationsAdded(AtlasEntity entity, List @Override public void onClassificationsAdded(List entities, List classifications, boolean forceInline) throws AtlasBaseException { + onClassificationsAdded(entities, classifications); + } + public void onClassificationsAdded(List entities, List classifications) throws AtlasBaseException { if (CollectionUtils.isNotEmpty(classifications)) { MetricRecorder metric = RequestContext.get().startMetricRecord("entityAudit"); FixedBufferList events = getAuditEventsList(); - - for (AtlasClassification classification : classifications) { - for (AtlasEntity entity : entities) { - if (entity.getGuid().equals(classification.getEntityGuid())) { - createEvent(events.next(), entity, CLASSIFICATION_ADD, "Added classification: " + AtlasType.toJson(classification)); - } else { - createEvent(events.next(), entity, PROPAGATED_CLASSIFICATION_ADD, "Added propagated classification: " + AtlasType.toJson(classification)); - } - } - } - - for (EntityAuditRepository auditRepository: auditRepositories) { - auditRepository.putEventsV2(events.toList()); - } + Map> entityClassifications = new HashMap<>(); + Map> propagatedClassifications = new HashMap<>(); + getClassificationsFromEntities(classifications, entities,entityClassifications, propagatedClassifications ); + emitAddClassificationEvent(events, entityClassifications, propagatedClassifications); RequestContext.get().endMetricRecord(metric); } @@ -251,22 +237,51 @@ public void onClassificationsUpdated(AtlasEntity entity, List events = getAuditEventsList(); String guid = entity.getGuid(); + Map> entityClassifications = new HashMap<>(); + Map> propagatedClassifications = new HashMap<>(); + getClassificationsFromEntity(classifications, entity, entityClassifications, propagatedClassifications); - for (AtlasClassification classification : classifications) { - if (guid.equals(classification.getEntityGuid())) { - createEvent(events.next(), entity, CLASSIFICATION_UPDATE, "Updated classification: " + AtlasType.toJson(classification)); - } else { + List addedClassification = new ArrayList<>(0); + List deletedClassification = new ArrayList<>(0); + List updatedClassification = new ArrayList<>(0); + + if (CollectionUtils.isNotEmpty(propagatedClassifications.get(entity))) { + propagatedClassifications.get(entity).forEach(classification -> { if (isPropagatedClassificationAdded(guid, classification)) { - createEvent(events.next(), entity, PROPAGATED_CLASSIFICATION_ADD, "Added propagated classification: " + AtlasType.toJson(classification)); + addedClassification.add(classification); } else if (isPropagatedClassificationDeleted(guid, classification)) { - createEvent(events.next(), entity, PROPAGATED_CLASSIFICATION_DELETE, "Deleted propagated classification: " + getDeleteClassificationString(classification.getTypeName())); + deletedClassification.add(new AtlasClassification(classification.getTypeName())); } else { - createEvent(events.next(), entity, PROPAGATED_CLASSIFICATION_UPDATE, "Updated propagated classification: " + AtlasType.toJson(classification)); + updatedClassification.add(classification); } - } + }); } - for (EntityAuditRepository auditRepository: auditRepositories) { + if (CollectionUtils.isNotEmpty(addedClassification)) { + EntityAuditEventV2 auditEvent = events.next(); + auditEvent.setClassificationDetail(AtlasJson.toV1Json(addedClassification)); + createEvent(auditEvent, entity, PROPAGATED_CLASSIFICATION_ADD, "Added propagated classifications: " + AtlasType.toJson(new AtlasClassification())); + } + + if (CollectionUtils.isNotEmpty(deletedClassification)) { + EntityAuditEventV2 auditEvent = events.next(); + auditEvent.setClassificationDetail(AtlasJson.toV1Json(deletedClassification)); + createEvent(auditEvent, entity, PROPAGATED_CLASSIFICATION_DELETE, "Deleted propagated classifications: " + AtlasType.toJson(new AtlasClassification())); + } + + if (CollectionUtils.isNotEmpty(updatedClassification)) { + EntityAuditEventV2 auditEvent = events.next(); + auditEvent.setClassificationDetail(AtlasJson.toV1Json(updatedClassification)); + createEvent(auditEvent, entity, PROPAGATED_CLASSIFICATION_UPDATE, "Updated propagated classifications: " + AtlasType.toJson(new AtlasClassification())); + } + + if (entityClassifications.get(entity) != null) { + EntityAuditEventV2 auditEvent = events.next(); + auditEvent.setClassificationDetail(AtlasJson.toV1Json(entityClassifications.get(entity))); + createEvent(auditEvent, entity, CLASSIFICATION_UPDATE, "Updated classifications: " + AtlasType.toJson(new AtlasClassification())); + } + + for (EntityAuditRepository auditRepository : auditRepositories) { auditRepository.putEventsV2(events.toList()); } @@ -278,6 +293,18 @@ private String getDeleteClassificationString(String typeName) { return String.format("{\"typeName\": \"%s\"}", typeName); } + private Map getDeleteClassificationMap(String typeName) { + Map map = new HashMap<>(); + map.put("typeName", typeName); + return map; + } + + private List> getDeleteClassificationsMap(List classifications) { + return classifications.stream() + .map(classification -> Collections.singletonMap("typeName", (Object) classification.getTypeName())) + .collect(Collectors.toList()); + } + private String getLabelsString(String labels) { return String.format("{\"labels\": \"%s\"}", labels); } @@ -288,42 +315,25 @@ public void onClassificationsDeleted(AtlasEntity entity, List events = getAuditEventsList(); - - for (AtlasClassification classification : classifications) { - if (StringUtils.equals(entity.getGuid(), classification.getEntityGuid())) { - createEvent(events.next(), entity, CLASSIFICATION_DELETE, "Deleted classification: " + getDeleteClassificationString(classification.getTypeName())); - } else { - createEvent(events.next(), entity, PROPAGATED_CLASSIFICATION_DELETE, "Deleted propagated classification: " + getDeleteClassificationString(classification.getTypeName())); - } - } - - for (EntityAuditRepository auditRepository: auditRepositories) { - auditRepository.putEventsV2(events.toList()); - } + Map>> entityClassifications = new HashMap<>(); + Map>> propagatedClassifications = new HashMap<>(); + getClassificationTextFromEntity(classifications, entity, entityClassifications, propagatedClassifications); + emitDeleteClassificationEvent(events, entityClassifications, propagatedClassifications); RequestContext.get().endMetricRecord(metric); } } + @Override public void onClassificationsDeleted(List entities, List classifications) throws AtlasBaseException { if (CollectionUtils.isNotEmpty(classifications) && CollectionUtils.isNotEmpty(entities)) { MetricRecorder metric = RequestContext.get().startMetricRecord("onClassificationsDeleted"); FixedBufferList events = getAuditEventsList(); - - for (AtlasClassification classification : classifications) { - for (AtlasEntity entity : entities) { - if (StringUtils.equals(entity.getGuid(), classification.getEntityGuid())) { - createEvent(events.next(), entity, CLASSIFICATION_DELETE, "Deleted classification: " + getDeleteClassificationString(classification.getTypeName())); - } else { - createEvent(events.next(), entity, PROPAGATED_CLASSIFICATION_DELETE, "Deleted propagated classification: " + getDeleteClassificationString(classification.getTypeName())); - } - } - } - - for (EntityAuditRepository auditRepository: auditRepositories) { - auditRepository.putEventsV2(events.toList()); - } + Map>> entityClassifications = new HashMap<>(); + Map>> propagatedClassifications = new HashMap<>(); + getClassificationsTextFromEntities(classifications, entities, entityClassifications, propagatedClassifications); + emitDeleteClassificationEvent(events, entityClassifications, propagatedClassifications); RequestContext.get().endMetricRecord(metric); } @@ -337,7 +347,7 @@ public void onTermAdded(AtlasGlossaryTerm term, List entit FixedBufferList events = getAuditEventsList(); for (AtlasRelatedObjectId relatedObjectId : entities) { - AtlasEntity entity = instanceConverter.getAndCacheEntity(relatedObjectId.getGuid()); + AtlasEntity entity = instanceConverter.getAndCacheEntity(relatedObjectId.getGuid(), true); if (entity != null) { createEvent(events.next(), entity, TERM_ADD, "Added term: " + term.toAuditString()); @@ -762,22 +772,22 @@ public static String getV2AuditPrefix(EntityAuditActionV2 action) { ret = "Purged: "; break; case CLASSIFICATION_ADD: - ret = "Added classification: "; + ret = "Added classifications: "; break; case CLASSIFICATION_DELETE: - ret = "Deleted classification: "; + ret = "Deleted classifications: "; break; case CLASSIFICATION_UPDATE: - ret = "Updated classification: "; + ret = "Updated classifications: "; break; case PROPAGATED_CLASSIFICATION_ADD: - ret = "Added propagated classification: "; + ret = "Added propagated classifications: "; break; case PROPAGATED_CLASSIFICATION_DELETE: - ret = "Deleted propagated classification: "; + ret = "Deleted propagated classifications: "; break; case PROPAGATED_CLASSIFICATION_UPDATE: - ret = "Updated propagated classification: "; + ret = "Updated propagated classifications: "; break; case ENTITY_IMPORT_CREATE: ret = "Created by import: "; @@ -813,4 +823,81 @@ private FixedBufferList getAuditEventsList() { return ret; } -} + private void getClassificationsFromEntity(List classifications, AtlasEntity entity, Map> entityClassifications, Map> propagatedClassifications) { + if (entityClassifications == null) { + entityClassifications = new HashMap<>(); + } + if (propagatedClassifications == null) { + propagatedClassifications = new HashMap<>(); + } + + for (AtlasClassification classification : classifications) { + if (entity.getGuid().equals(classification.getEntityGuid())) { + entityClassifications.computeIfAbsent(entity, key -> new ArrayList<>()).add(classification); + } else { + propagatedClassifications.computeIfAbsent(entity, key -> new ArrayList<>()).add(classification); + } + } + } + + private void getClassificationsFromEntities(List classifications, List entities, Map> entityClassifications, Map> propagatedClassifications) { + for (AtlasEntity entity : entities) { + getClassificationsFromEntity(classifications, entity, entityClassifications, propagatedClassifications); + } + } + + private void emitAddClassificationEvent(FixedBufferList events, Map> entityClassifications, Map> propagatedClassifications) throws AtlasBaseException { + entityClassifications.forEach((entity, eClassifications) -> { + EntityAuditEventV2 auditEvent = events.next(); + auditEvent.setClassificationDetail(AtlasJson.toV1Json(eClassifications)); + createEvent(auditEvent, entity, CLASSIFICATION_ADD, "Added classifications: " + null); + }); + + propagatedClassifications.forEach((entity, pClassifications) -> { + EntityAuditEventV2 auditEvent = events.next(); + auditEvent.setClassificationDetail(AtlasJson.toV1Json(pClassifications)); + createEvent(auditEvent, entity, PROPAGATED_CLASSIFICATION_ADD, "Added propagated classifications: " + null); + }); + for (EntityAuditRepository auditRepository : auditRepositories) { + auditRepository.putEventsV2(events.toList()); + } + } + private void getClassificationTextFromEntity(List classifications, AtlasEntity entity, Map>> entityClassifications, Map>> propagatedClassifications) { + if (entityClassifications == null) { + entityClassifications = new HashMap<>(); + } + if (propagatedClassifications == null) { + propagatedClassifications = new HashMap<>(); + } + + for (AtlasClassification classification : classifications) { + if (entity.getGuid().equals(classification.getEntityGuid())) { + entityClassifications.computeIfAbsent(entity, key -> new ArrayList<>()).add(getDeleteClassificationMap(classification.getTypeName())); + } else { + propagatedClassifications.computeIfAbsent(entity, key -> new ArrayList<>()).add(getDeleteClassificationMap(classification.getTypeName())); + } + } + } + + private void getClassificationsTextFromEntities(List classifications, List entities, Map>> entityClassifications, Map>> propagatedClassifications) { + for (AtlasEntity entity : entities) { + getClassificationTextFromEntity(classifications, entity, entityClassifications, propagatedClassifications); + } + } + private void emitDeleteClassificationEvent(FixedBufferList events, Map>> entityClassifications, Map>> propagatedClassifications) throws AtlasBaseException { + entityClassifications.forEach((entity, eClassifications) -> { + EntityAuditEventV2 auditEvent = events.next(); + auditEvent.setClassificationDetail(AtlasJson.toV1Json(eClassifications)); + createEvent(auditEvent, entity, CLASSIFICATION_DELETE, "Deleted classifications: " + null); + }); + propagatedClassifications.forEach((entity, pClassifications) -> { + EntityAuditEventV2 auditEvent = events.next(); + auditEvent.setClassificationDetail(AtlasJson.toV1Json(pClassifications)); + createEvent(auditEvent, entity, PROPAGATED_CLASSIFICATION_DELETE, "Deleted propagated classifications: " + null); + }); + + for (EntityAuditRepository auditRepository : auditRepositories) { + auditRepository.putEventsV2(events.toList()); + } + } +} \ No newline at end of file diff --git a/repository/src/main/java/org/apache/atlas/repository/audit/StartupTimeLogger.java b/repository/src/main/java/org/apache/atlas/repository/audit/StartupTimeLogger.java new file mode 100644 index 0000000000..dc816d3ed0 --- /dev/null +++ b/repository/src/main/java/org/apache/atlas/repository/audit/StartupTimeLogger.java @@ -0,0 +1,41 @@ +package org.apache.atlas.repository.audit; + +import org.apache.atlas.type.AtlasType; +import org.apache.atlas.utils.AtlasPerfTracer; +import org.apache.commons.logging.Log; +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; +import org.springframework.context.ApplicationListener; +import org.springframework.context.event.ContextRefreshedEvent; +import org.springframework.stereotype.Component; + +import java.util.ArrayList; +import java.util.List; +import java.util.Map; + +@Component +public class StartupTimeLogger implements ApplicationListener { + private final StartupTimeLoggerBeanPostProcessor beanPostProcessor; + + private static final Logger LOG = LoggerFactory.getLogger(StartupTimeLogger.class); + + public StartupTimeLogger(StartupTimeLoggerBeanPostProcessor beanPostProcessor) { + this.beanPostProcessor = beanPostProcessor; + } + + @Override + public void onApplicationEvent(ContextRefreshedEvent event) { + // Print the startup times after all beans are loaded + printHashMapInTableFormatDescendingOrder(beanPostProcessor.getDurationTimeMap(), "creationTime"); + } + + public static void printHashMapInTableFormatDescendingOrder(Map map, String value) { + // Convert map to a list of entries + List> list = new ArrayList<>(map.entrySet()); + + // Sort the list by values in descending order + list.sort((entry1, entry2) -> entry2.getValue().compareTo(entry1.getValue())); + + LOG.info("Capturing Bean creation time {}", AtlasType.toJson(list)); + } +} \ No newline at end of file diff --git a/repository/src/main/java/org/apache/atlas/repository/audit/StartupTimeLoggerBeanPostProcessor.java b/repository/src/main/java/org/apache/atlas/repository/audit/StartupTimeLoggerBeanPostProcessor.java new file mode 100644 index 0000000000..47e010c88c --- /dev/null +++ b/repository/src/main/java/org/apache/atlas/repository/audit/StartupTimeLoggerBeanPostProcessor.java @@ -0,0 +1,45 @@ +package org.apache.atlas.repository.audit; + +import org.apache.atlas.utils.AtlasPerfTracer; +import org.slf4j.Logger; +import org.springframework.beans.factory.config.BeanPostProcessor; +import org.springframework.stereotype.Component; +import java.util.HashMap; +import java.util.Map; + +@Component +public class StartupTimeLoggerBeanPostProcessor implements BeanPostProcessor { + private final Map startTimeMap = new HashMap<>(); + + public Map getDurationTimeMap() { + return durationTimeMap; + } + + private final Map durationTimeMap = new HashMap<>(); + + private static final Logger PERF_LOG = AtlasPerfTracer.getPerfLogger("Beans"); + + private AtlasPerfTracer perf = null; + + @Override + public Object postProcessBeforeInitialization(Object bean, String beanName) { + // Record the start time + startTimeMap.put(bean.getClass().getName(), System.currentTimeMillis()); + if (AtlasPerfTracer.isPerfTraceEnabled(PERF_LOG)) { + perf = AtlasPerfTracer.getPerfTracer(PERF_LOG, "Beans.create(" + beanName + ")"); + } + return bean; + } + + @Override + public Object postProcessAfterInitialization(Object bean, String beanName) { + AtlasPerfTracer.log(perf); + // Calculate and log the startup time + long startTime = startTimeMap.getOrDefault(bean.getClass().getName(), -1L); + long endTime = System.currentTimeMillis(); + if (startTime != -1L) { + durationTimeMap.put(bean.getClass().getName(), endTime-startTime); + } + return bean; + } +} diff --git a/repository/src/main/java/org/apache/atlas/repository/converters/AtlasInstanceConverter.java b/repository/src/main/java/org/apache/atlas/repository/converters/AtlasInstanceConverter.java index 14fd5563df..3978c32a80 100644 --- a/repository/src/main/java/org/apache/atlas/repository/converters/AtlasInstanceConverter.java +++ b/repository/src/main/java/org/apache/atlas/repository/converters/AtlasInstanceConverter.java @@ -36,6 +36,7 @@ import org.apache.atlas.model.legacy.EntityResult; import org.apache.atlas.repository.graphdb.AtlasGraph; import org.apache.atlas.repository.store.graph.v2.EntityGraphRetriever; +import org.apache.atlas.utils.AtlasPerfMetrics; import org.apache.atlas.v1.model.instance.Referenceable; import org.apache.atlas.v1.model.instance.Struct; import org.apache.atlas.repository.converters.AtlasFormatConverter.ConverterContext; @@ -300,6 +301,7 @@ public AtlasEntity getAndCacheEntity(String guid) throws AtlasBaseException { } public AtlasEntity getAndCacheEntity(String guid, boolean ignoreRelationshipAttributes) throws AtlasBaseException { + AtlasPerfMetrics.MetricRecorder recorder = RequestContext.get().startMetricRecord("getAndCacheEntity"); RequestContext context = RequestContext.get(); AtlasEntity entity = context.getEntity(guid); @@ -318,6 +320,7 @@ public AtlasEntity getAndCacheEntity(String guid, boolean ignoreRelationshipAttr } } } + RequestContext.get().endMetricRecord(recorder); return entity; } diff --git a/repository/src/main/java/org/apache/atlas/repository/graph/GraphHelper.java b/repository/src/main/java/org/apache/atlas/repository/graph/GraphHelper.java index d5926e8a00..0f3b237147 100755 --- a/repository/src/main/java/org/apache/atlas/repository/graph/GraphHelper.java +++ b/repository/src/main/java/org/apache/atlas/repository/graph/GraphHelper.java @@ -21,6 +21,7 @@ import com.google.common.annotations.VisibleForTesting; import com.google.common.collect.BiMap; import com.google.common.collect.HashBiMap; +import com.google.common.collect.Iterators; import org.apache.atlas.ApplicationProperties; import org.apache.atlas.AtlasErrorCode; import org.apache.atlas.AtlasException; @@ -56,6 +57,7 @@ import org.apache.atlas.exception.EntityNotFoundException; import org.apache.atlas.util.AttributeValueMap; import org.apache.atlas.util.IndexedInstance; +import org.apache.atlas.utils.AtlasPerfMetrics.MetricRecorder; import org.apache.commons.collections.CollectionUtils; import org.apache.commons.collections.IteratorUtils; import org.apache.commons.lang.StringUtils; @@ -426,6 +428,17 @@ public static AtlasEdge getClassificationEdge(AtlasVertex entityVertex, AtlasVer return ret; } + public static Integer getCountOfCategoryEdges(AtlasVertex entityVertex) { + + Iterator edges = getOutGoingEdgesByLabel(entityVertex, CATEGORY_TERMS_EDGE_LABEL); + + if (edges!=null) { + return Iterators.size(edges); + } + + return 0; + } + public static boolean isClassificationAttached(AtlasVertex entityVertex, AtlasVertex classificationVertex) { AtlasPerfMetrics.MetricRecorder isClassificationAttachedMetricRecorder = RequestContext.get().startMetricRecord("isClassificationAttached"); String classificationId = classificationVertex.getIdForDisplay(); @@ -858,6 +871,7 @@ public static List getTraitNames(AtlasVertex entityVertex, Boolean propa } public static List getPropagatableClassifications(AtlasEdge edge) { + MetricRecorder metric = RequestContext.get().startMetricRecord("getPropagatableClassifications"); List ret = new ArrayList<>(); RequestContext requestContext = RequestContext.get(); @@ -876,7 +890,7 @@ public static List getPropagatableClassifications(AtlasEdge edge) { ret.addAll(getPropagationEnabledClassificationVertices(inVertex)); } } - + RequestContext.get().endMetricRecord(metric); return ret; } //Returns the vertex from which the tag is being propagated @@ -1929,7 +1943,7 @@ public static String getDelimitedClassificationNames(Collection classifi * @return Iterator of children vertices */ public static Iterator getActiveParentVertices(AtlasVertex vertex, String parentEdgeLabel) throws AtlasBaseException { - return getActiveVertices(vertex, parentEdgeLabel, AtlasEdgeDirection.IN); + return getActiveVertices(vertex, AtlasEdgeDirection.IN, parentEdgeLabel); } /** @@ -1938,11 +1952,12 @@ public static Iterator getActiveParentVertices(AtlasVertex vertex, * @param childrenEdgeLabel Edge label of children * @return Iterator of children vertices */ - public static Iterator getActiveChildrenVertices(AtlasVertex vertex, String childrenEdgeLabel) throws AtlasBaseException { - return getActiveVertices(vertex, childrenEdgeLabel, AtlasEdgeDirection.OUT); + + public static Iterator getActiveChildrenVertices(AtlasVertex vertex, String... childrenEdgeLabel) throws AtlasBaseException { + return getActiveVertices(vertex, AtlasEdgeDirection.OUT, childrenEdgeLabel); } - public static Iterator getActiveVertices(AtlasVertex vertex, String childrenEdgeLabel, AtlasEdgeDirection direction) throws AtlasBaseException { + public static Iterator getActiveVertices(AtlasVertex vertex, AtlasEdgeDirection direction, String... childrenEdgeLabel) throws AtlasBaseException { AtlasPerfMetrics.MetricRecorder metricRecorder = RequestContext.get().startMetricRecord("CategoryPreProcessor.getEdges"); try { diff --git a/repository/src/main/java/org/apache/atlas/repository/graph/IndexRecoveryService.java b/repository/src/main/java/org/apache/atlas/repository/graph/IndexRecoveryService.java index c39876d19c..f6154727ac 100644 --- a/repository/src/main/java/org/apache/atlas/repository/graph/IndexRecoveryService.java +++ b/repository/src/main/java/org/apache/atlas/repository/graph/IndexRecoveryService.java @@ -21,7 +21,6 @@ import org.apache.atlas.ApplicationProperties; import org.apache.atlas.AtlasConstants; import org.apache.atlas.AtlasException; -import org.apache.atlas.RequestContext; import org.apache.atlas.ha.HAConfiguration; import org.apache.atlas.listener.ActiveStateChangeHandler; import org.apache.atlas.repository.graphdb.AtlasGraph; @@ -182,6 +181,7 @@ public void run() { continue; } boolean indexHealthy = isIndexHealthy(); + if (this.txRecoveryObject == null && indexHealthy) { startMonitoring(); } @@ -228,7 +228,6 @@ private void startMonitoring() { try { startTime = recoveryInfoManagement.getStartTime(); Instant newStartTime = Instant.now(); - this.graph.setEnableCache(false); txRecoveryObject = this.graph.getManagementSystem().startIndexRecovery(startTime); recoveryInfoManagement.updateStartTime(newStartTime.toEpochMilli()); diff --git a/repository/src/main/java/org/apache/atlas/repository/graph/SolrIndexHelper.java b/repository/src/main/java/org/apache/atlas/repository/graph/SolrIndexHelper.java index 401bc024a5..0d349382e9 100644 --- a/repository/src/main/java/org/apache/atlas/repository/graph/SolrIndexHelper.java +++ b/repository/src/main/java/org/apache/atlas/repository/graph/SolrIndexHelper.java @@ -78,6 +78,8 @@ public void onChange(ChangedTypeDefs changedTypeDefs) { return; } + LOG.info("SolrIndexHelper:initializationCompleted: {}", initializationCompleted); + if(initializationCompleted) { try { AtlasGraph graph = AtlasGraphProvider.getGraphInstance(); diff --git a/repository/src/main/java/org/apache/atlas/repository/ogm/DataAccess.java b/repository/src/main/java/org/apache/atlas/repository/ogm/DataAccess.java index ea345885ec..7fb04ca9d1 100644 --- a/repository/src/main/java/org/apache/atlas/repository/ogm/DataAccess.java +++ b/repository/src/main/java/org/apache/atlas/repository/ogm/DataAccess.java @@ -28,6 +28,8 @@ import org.apache.atlas.repository.store.graph.v2.AtlasEntityStream; import org.apache.atlas.DeleteType; import org.apache.atlas.utils.AtlasPerfTracer; +import org.apache.atlas.utils.AtlasPerfMetrics; +import org.apache.atlas.utils.AtlasPerfTracer; import org.apache.commons.collections.CollectionUtils; import org.apache.commons.lang3.StringUtils; import org.slf4j.Logger; @@ -136,13 +138,17 @@ public Iterable load(final Iterable objec } } + public T loadWithMinInfo(T obj, boolean isMinExtInfo, boolean ignoreRelationShip) throws AtlasBaseException { + return load(obj, false, true, true); + } public T load(T obj) throws AtlasBaseException { - return load(obj, false); + return load(obj, false, false, false); } - public T load(T obj, boolean loadDeleted) throws AtlasBaseException { + public T load(T obj, boolean loadDeleted, boolean isMinExtInfo, boolean ignoreRelationShip) throws AtlasBaseException { Objects.requireNonNull(obj, "Can't load a null object"); + AtlasPerfMetrics.MetricRecorder metric = RequestContext.get().startMetricRecord("DataAccess.load()"); AtlasPerfTracer perf = null; try { @@ -160,16 +166,24 @@ public T load(T obj, boolean loadDeleted) throw if (LOG.isDebugEnabled()) { LOG.debug("Load using GUID"); } - entityWithExtInfo = entityStore.getById(guid); + if (isMinExtInfo && ignoreRelationShip) { + entityWithExtInfo = entityStore.getById(guid, true, true); + } else { + entityWithExtInfo = entityStore.getById(guid); + } } else { if (LOG.isDebugEnabled()) { LOG.debug("Load using unique attributes"); } - entityWithExtInfo = entityStore.getByUniqueAttributes(dto.getEntityType(), dto.getUniqueAttributes(obj)); + if (isMinExtInfo && ignoreRelationShip) { + entityWithExtInfo = entityStore.getByUniqueAttributes(dto.getEntityType(), dto.getUniqueAttributes(obj), true, true); + } else { + entityWithExtInfo = entityStore.getByUniqueAttributes(dto.getEntityType(), dto.getUniqueAttributes(obj)); + } } // Since GUID alone can't be used to determine what ENTITY TYPE is loaded from the graph - String actualTypeName = entityWithExtInfo.getEntity().getTypeName(); + String actualTypeName = entityWithExtInfo.getEntity().getTypeName(); String expectedTypeName = dto.getEntityType().getTypeName(); if (!actualTypeName.equals(expectedTypeName)) { throw new AtlasBaseException(AtlasErrorCode.UNEXPECTED_TYPE, expectedTypeName, actualTypeName); @@ -182,9 +196,9 @@ public T load(T obj, boolean loadDeleted) throw return dto.from(entityWithExtInfo); } finally { + RequestContext.get().endMetricRecord(metric); AtlasPerfTracer.log(perf); } - } public T load(String guid, Class clazz) throws AtlasBaseException { diff --git a/repository/src/main/java/org/apache/atlas/repository/patches/AtlasPatchRegistry.java b/repository/src/main/java/org/apache/atlas/repository/patches/AtlasPatchRegistry.java index d9ae5800e4..1a90968b83 100644 --- a/repository/src/main/java/org/apache/atlas/repository/patches/AtlasPatchRegistry.java +++ b/repository/src/main/java/org/apache/atlas/repository/patches/AtlasPatchRegistry.java @@ -41,6 +41,7 @@ import java.util.Iterator; import java.util.List; import java.util.Map; +import java.util.concurrent.ConcurrentHashMap; import static org.apache.atlas.model.patches.AtlasPatch.PatchStatus.FAILED; import static org.apache.atlas.model.patches.AtlasPatch.PatchStatus.UNKNOWN; @@ -66,9 +67,9 @@ public AtlasPatchRegistry(AtlasGraph graph) { LOG.info("AtlasPatchRegistry: found {} patches", patchNameStatusMap.size()); - for (Map.Entry entry : patchNameStatusMap.entrySet()) { - LOG.info("AtlasPatchRegistry: patchId={}, status={}", entry.getKey(), entry.getValue()); - } +// for (Map.Entry entry : patchNameStatusMap.entrySet()) { +// LOG.info("AtlasPatchRegistry: patchId={}, status={}", entry.getKey(), entry.getValue()); +// } } public boolean isApplicable(String incomingId, String patchFile, int index) { @@ -146,13 +147,12 @@ private void createOrUpdatePatchVertex(AtlasGraph graph, String patchId, String setEncodedProperty(patchVertex, MODIFIED_BY_KEY, AtlasTypeDefGraphStoreV2.getCurrentUser()); } finally { graph.commit(); - patchNameStatusMap.put(patchId, patchStatus); } } private static Map getPatchNameStatusForAllRegistered(AtlasGraph graph) { - Map ret = new HashMap<>(); + Map ret = new ConcurrentHashMap<>(); AtlasPatches patches = getAllPatches(graph); for (AtlasPatch patch : patches.getPatches()) { diff --git a/repository/src/main/java/org/apache/atlas/repository/store/bootstrap/AtlasTypeDefStoreInitializer.java b/repository/src/main/java/org/apache/atlas/repository/store/bootstrap/AtlasTypeDefStoreInitializer.java index 2a867452b6..0526a2466a 100644 --- a/repository/src/main/java/org/apache/atlas/repository/store/bootstrap/AtlasTypeDefStoreInitializer.java +++ b/repository/src/main/java/org/apache/atlas/repository/store/bootstrap/AtlasTypeDefStoreInitializer.java @@ -26,7 +26,6 @@ import org.apache.atlas.RequestContext; import org.apache.atlas.authorize.AtlasAuthorizerFactory; import org.apache.atlas.exception.AtlasBaseException; -import org.apache.atlas.featureflag.FeatureFlagStore; import org.apache.atlas.ha.HAConfiguration; import org.apache.atlas.listener.ActiveStateChangeHandler; import org.apache.atlas.model.TypeCategory; @@ -74,7 +73,11 @@ import java.io.File; import java.nio.charset.StandardCharsets; import java.nio.file.Files; +import java.time.Duration; +import java.time.Instant; import java.util.*; +import java.util.concurrent.CompletableFuture; +import java.util.concurrent.ConcurrentHashMap; import static com.fasterxml.jackson.annotation.JsonAutoDetect.Visibility.NONE; import static com.fasterxml.jackson.annotation.JsonAutoDetect.Visibility.PUBLIC_ONLY; @@ -147,7 +150,7 @@ private void loadBootstrapTypeDefs() { AtlasPatchRegistry patchRegistry = new AtlasPatchRegistry(graph); if (modelsDirContents != null && modelsDirContents.length > 0) { - Arrays.sort(modelsDirContents); + Arrays.sort(modelsDirContents); for (File folder : modelsDirContents) { if (folder.isFile()) { @@ -181,7 +184,7 @@ private void loadModelsInFolder(File typesDir, AtlasPatchRegistry patchRegistry) LOG.info("Types directory {} does not exist or not readable or has no typedef files", typesDirName ); } else { // sort the files by filename - Arrays.sort(typeDefFiles); + Arrays.sort(typeDefFiles); for (File typeDefFile : typeDefFiles) { if (typeDefFile.isFile()) { @@ -217,6 +220,62 @@ private void loadModelsInFolder(File typesDir, AtlasPatchRegistry patchRegistry) LOG.info("<== AtlasTypeDefStoreInitializer({})", typesDir); } +// /** +// * Load all the model files in the supplied folder followed by the contents of the patches folder. +// * @param typesDir + // */ +// private void loadModelsInFolder(File typesDir, AtlasPatchRegistry patchRegistry) { +// LOG.info("==> AtlasTypeDefStoreInitializer({})", typesDir); +// +// String typesDirName = typesDir.getName(); +// File[] typeDefFiles = typesDir.exists() ? typesDir.listFiles() : null; +// +// if (typeDefFiles == null || typeDefFiles.length == 0) { +// LOG.info("Types directory {} does not exist or not readable or has no typedef files", typesDirName); +// } else { +// // sort the files by filename +// Arrays.sort(typeDefFiles); +// +// List> futures = new ArrayList<>(); +// +// for (File typeDefFile : typeDefFiles) { +// if (!typeDefFile.isFile()) { +// continue; +// } +// +// CompletableFuture future = CompletableFuture.runAsync(() -> { +// try { +// String jsonStr = new String(Files.readAllBytes(typeDefFile.toPath()), StandardCharsets.UTF_8); +// AtlasTypesDef typesDef = AtlasType.fromJson(jsonStr, AtlasTypesDef.class); +// +// if (typesDef == null || typesDef.isEmpty()) { +// LOG.info("No type in file {}", typeDefFile.getAbsolutePath()); +// return; +// } +// +// AtlasTypesDef typesToCreate = getTypesToCreate(typesDef, typeRegistry); +// AtlasTypesDef typesToUpdate = getTypesToUpdate(typesDef, typeRegistry, true); +// +// if (!typesToCreate.isEmpty() || !typesToUpdate.isEmpty()) { +// typeDefStore.createUpdateTypesDef(typesToCreate, typesToUpdate); +// LOG.info("Created/Updated types defined in file {}", typeDefFile.getAbsolutePath()); +// } else { +// LOG.info("No new type in file {}", typeDefFile.getAbsolutePath()); +// } +// } catch (Throwable t) { +// LOG.error("error while registering types in file {}", typeDefFile.getAbsolutePath(), t); +// } +// }); +// +// futures.add(future); +// } +// // Wait for all futures to complete +// CompletableFuture.allOf(futures.toArray(new CompletableFuture[0])).join(); +// applyTypePatches(typesDir.getPath(), patchRegistry); +// } +// LOG.info("<== AtlasTypeDefStoreInitializer({})", typesDir); +// } + public static AtlasTypesDef getTypesToCreate(AtlasTypesDef typesDef, AtlasTypeRegistry typeRegistry) { AtlasTypesDef typesToCreate = new AtlasTypesDef(); @@ -436,6 +495,72 @@ private static boolean isTypeUpdateApplicable(AtlasBaseTypeDef oldTypeDef, Atlas return ret; } +// private void applyTypePatches(String typesDirName, AtlasPatchRegistry patchRegistry) { +// String typePatchesDirName = typesDirName + File.separator + PATCHES_FOLDER_NAME; +// File typePatchesDir = new File(typePatchesDirName); +// File[] typePatchFiles = typePatchesDir.exists() ? typePatchesDir.listFiles() : null; +// +// if (typePatchFiles == null || typePatchFiles.length == 0) { +// LOG.info("Type patches directory {} does not exist or not readable or has no patches", typePatchesDirName); +// } else { +// LOG.info("Type patches directory {} is being processed", typePatchesDirName); +// +// // sort the files by filename +// Arrays.sort(typePatchFiles); +// +// PatchHandler[] patchHandlers = new PatchHandler[]{ +// new UpdateEnumDefPatchHandler(typeDefStore, typeRegistry), +// new AddAttributePatchHandler(typeDefStore, typeRegistry), +// new UpdateAttributePatchHandler(typeDefStore, typeRegistry), +// new RemoveLegacyRefAttributesPatchHandler(typeDefStore, typeRegistry), +// new UpdateTypeDefOptionsPatchHandler(typeDefStore, typeRegistry), +// new SetServiceTypePatchHandler(typeDefStore, typeRegistry), +// new UpdateAttributeMetadataHandler(typeDefStore, typeRegistry), +// new AddSuperTypePatchHandler(typeDefStore, typeRegistry), +// new AddMandatoryAttributePatchHandler(typeDefStore, typeRegistry) +// }; +// +// Map patchHandlerRegistry = new ConcurrentHashMap<>(); +// +// for (PatchHandler patchHandler : patchHandlers) { +// for (String supportedAction : patchHandler.getSupportedActions()) { +// patchHandlerRegistry.put(supportedAction, patchHandler); +// } +// } +// +// List> futures = new ArrayList<>(); +// +// for (File typePatchFile : typePatchFiles) { +// if (!typePatchFile.isFile()) { +// continue; +// } +// +// CompletableFuture future = CompletableFuture.runAsync(() -> { +// String patchFile = typePatchFile.getAbsolutePath(); +// LOG.info("Applying patches in file {}", patchFile); +// +// try { +// String jsonStr = new String(Files.readAllBytes(typePatchFile.toPath()), StandardCharsets.UTF_8); +// TypeDefPatches patches = AtlasType.fromJson(jsonStr, TypeDefPatches.class); +// +// if (patches == null || patches.getPatches().isEmpty()) { +// LOG.info("No patches in file {}", patchFile); +// return; +// } +// +// applyPatches(patchFile, patches, patchRegistry, patchHandlerRegistry); +// } catch (Throwable t) { +// LOG.error("Failed to apply patches in file {}. Ignored", patchFile, t); +// } +// }); +// +// futures.add(future); +// } +// +// // Wait for all futures to complete +// CompletableFuture.allOf(futures.toArray(new CompletableFuture[0])).join(); +// } +// } private void applyTypePatches(String typesDirName, AtlasPatchRegistry patchRegistry) { String typePatchesDirName = typesDirName + File.separator + PATCHES_FOLDER_NAME; @@ -499,12 +624,14 @@ private void applyTypePatches(String typesDirName, AtlasPatchRegistry patchRegis PatchStatus status; try { + Instant start = Instant.now(); status = patchHandler.applyPatch(patch); + LOG.info("Patch applied for handler {} : {}", patch.getId(), Duration.between(start, Instant.now()).toMillis()); } catch (AtlasBaseException ex) { status = FAILED; LOG.error("Failed to apply {} (status: {}; action: {}) in file: {}. Ignored.", - patch.getId(), status.toString(), patch.getAction(), patchFile); + patch.getId(), status.toString(), patch.getAction(), patchFile); } patchRegistry.register(patch.id, patch.description, TYPEDEF_PATCH_TYPE, patch.action, status); @@ -521,6 +648,38 @@ private void applyTypePatches(String typesDirName, AtlasPatchRegistry patchRegis } } +// +// private void applyPatches(String patchFile, TypeDefPatches patches, AtlasPatchRegistry patchRegistry, Map patchHandlerRegistry) { +// int patchIndex = 0; +// for (TypeDefPatch patch : patches.getPatches()) { +// PatchHandler patchHandler = patchHandlerRegistry.get(patch.getAction()); +// +// if (patchHandler == null) { +// LOG.error("Unknown patch action {} in file {}. Ignored", patch.getAction(), patchFile); +// continue; +// } +// +// if (!patchRegistry.isApplicable(patch.getId(), patchFile, patchIndex++)) { +// LOG.info("{} in file: {} already {}. Ignoring.", patch.getId(), patchFile, patchRegistry.getStatus(patch.getId()).toString()); +// continue; +// } +// +// PatchStatus status = applyPatch(patchHandler, patch, patchFile); +// patchRegistry.register(patch.id, patch.description, TYPEDEF_PATCH_TYPE, patch.action, status); +// LOG.info("{} (status: {}; action: {}) in file: {}", patch.getId(), status.toString(), patch.getAction(), patchFile); +// } +// } +// +// private PatchStatus applyPatch(PatchHandler patchHandler, TypeDefPatch patch, String patchFile) { +// try { +// return patchHandler.applyPatch(patch); +// } catch (AtlasBaseException ex) { +// LOG.error("Failed to apply {} (status: FAILED; action: {}) in file: {}. Ignored.", +// patch.getId(), patch.getAction(), patchFile); +// return FAILED; +// } +// } + /** * typedef patch details */ diff --git a/repository/src/main/java/org/apache/atlas/repository/store/bootstrap/AuthPoliciesBootstrapper.java b/repository/src/main/java/org/apache/atlas/repository/store/bootstrap/AuthPoliciesBootstrapper.java index 9b1327ba1f..5f4015d100 100644 --- a/repository/src/main/java/org/apache/atlas/repository/store/bootstrap/AuthPoliciesBootstrapper.java +++ b/repository/src/main/java/org/apache/atlas/repository/store/bootstrap/AuthPoliciesBootstrapper.java @@ -68,6 +68,11 @@ private void startInternal() { if ("atlas".equalsIgnoreCase(authorizer)) { loadBootstrapAuthPolicies(); + + boolean overridePolicies = ApplicationProperties.get().getBoolean("atlas.authorizer.policy.override", false); + if (overridePolicies) { + overrideBootstrapAuthPolicies(); + } } else { LOG.info("AuthPoliciesBootstrapper: startInternal: Skipping as not needed"); } @@ -96,6 +101,20 @@ private void loadBootstrapAuthPolicies() { LOG.info("<== AuthPoliciesBootstrapper.loadBootstrapAuthPolicies()"); } + private void overrideBootstrapAuthPolicies() { + LOG.info("==> AuthPoliciesBootstrapper.overrideBootstrapAuthPolicies()"); + RequestContext.get().setSkipAuthorizationCheck(true); + try { + String atlasHomeDir = System.getProperty("atlas.home"); + String policiesDirName = (StringUtils.isEmpty(atlasHomeDir) ? "." : atlasHomeDir) + File.separator + "override-policies"; + File topPoliciesDir = new File(policiesDirName); + loadPoliciesInFolder(topPoliciesDir); + } finally { + RequestContext.get().setSkipAuthorizationCheck(false); + } + LOG.info("<== AuthPoliciesBootstrapper.overrideBootstrapAuthPolicies()"); + } + private void loadPoliciesInFolder (File folder) { LOG.info("==> AuthPoliciesBootstrapper.loadPoliciesInFolder({})", folder); diff --git a/repository/src/main/java/org/apache/atlas/repository/store/graph/AtlasEntityStore.java b/repository/src/main/java/org/apache/atlas/repository/store/graph/AtlasEntityStore.java index 912799cdd6..5fd7680281 100644 --- a/repository/src/main/java/org/apache/atlas/repository/store/graph/AtlasEntityStore.java +++ b/repository/src/main/java/org/apache/atlas/repository/store/graph/AtlasEntityStore.java @@ -67,7 +67,6 @@ public interface AtlasEntityStore { */ AtlasEntityWithExtInfo getById(String guid, boolean isMinExtInfo, boolean ignoreRelationships) throws AtlasBaseException; - /** * Get entity header for the given GUID * @param guid @@ -297,6 +296,10 @@ EntityMutationResponse deleteByUniqueAttributes(List objectIds) */ void deleteClassification(String guid, String classificationName) throws AtlasBaseException; + void deleteClassifications(String guid, List classificationName) throws AtlasBaseException; + + public void deleteClassifications(final String guid, final List classifications, final String associatedEntityGuid) throws AtlasBaseException; + void deleteClassification(String guid, String classificationName, String associatedEntityGuid) throws AtlasBaseException; List getClassifications(String guid) throws AtlasBaseException; diff --git a/repository/src/main/java/org/apache/atlas/repository/store/graph/AtlasTypeDefGraphStore.java b/repository/src/main/java/org/apache/atlas/repository/store/graph/AtlasTypeDefGraphStore.java index a4f818980f..f359aab553 100644 --- a/repository/src/main/java/org/apache/atlas/repository/store/graph/AtlasTypeDefGraphStore.java +++ b/repository/src/main/java/org/apache/atlas/repository/store/graph/AtlasTypeDefGraphStore.java @@ -43,12 +43,7 @@ import org.slf4j.Logger; import org.slf4j.LoggerFactory; -import java.util.ArrayList; -import java.util.Collections; -import java.util.HashSet; -import java.util.List; -import java.util.Set; -import java.util.Arrays; +import java.util.*; import static org.apache.atlas.model.discovery.SearchParameters.ALL_ENTITY_TYPES; import static org.apache.atlas.model.discovery.SearchParameters.ALL_CLASSIFICATION_TYPES; @@ -878,42 +873,31 @@ private void rectifyTypeErrorsIfAny(AtlasTypesDef typesDef) { } private void removeDuplicateTypeIfAny(List defList) { + if (defList == null || defList.isEmpty()) { + return; + } + final Set entityDefNames = new HashSet<>(); + Iterator iterator = defList.iterator(); - for (int i = 0; i < defList.size(); i++) { - if (!entityDefNames.add((defList.get(i)).getName())) { - LOG.warn(" Found Duplicate Type => " + defList.get(i).getName()); - defList.remove(i); - i--; + while (iterator.hasNext()) { + T def = iterator.next(); + if (!entityDefNames.add(def.getName())) { + LOG.warn("Found Duplicate Type => " + def.getName()); + iterator.remove(); } } } - private void rectifyAttributesIfNeeded(final Set entityNames, AtlasStructDef structDef) { List attributeDefs = structDef.getAttributeDefs(); - if (CollectionUtils.isNotEmpty(attributeDefs)) { - for (AtlasAttributeDef attributeDef : attributeDefs) { - if (!hasOwnedReferenceConstraint(attributeDef.getConstraints())) { - continue; - } - - Set referencedTypeNames = AtlasTypeUtil.getReferencedTypeNames(attributeDef.getTypeName()); - - boolean valid = false; - - for (String referencedTypeName : referencedTypeNames) { - if (entityNames.contains(referencedTypeName)) { - valid = true; - break; - } - } - - if (!valid) { - rectifyOwnedReferenceError(structDef, attributeDef); - } - } + if (attributeDefs != null) { + attributeDefs.stream() + .filter(attributeDef -> hasOwnedReferenceConstraint(attributeDef.getConstraints())) + .filter(attributeDef -> AtlasTypeUtil.getReferencedTypeNames(attributeDef.getTypeName()).stream() + .noneMatch(entityNames::contains)) + .forEach(attributeDef -> rectifyOwnedReferenceError(structDef, attributeDef)); } } @@ -932,16 +916,18 @@ private boolean hasOwnedReferenceConstraint(List constraints private void rectifyOwnedReferenceError(AtlasStructDef structDef, AtlasAttributeDef attributeDef) { List constraints = attributeDef.getConstraints(); - if (CollectionUtils.isNotEmpty(constraints)) { - for (int i = 0; i < constraints.size(); i++) { - AtlasConstraintDef constraint = constraints.get(i); + if (constraints == null || constraints.isEmpty()) { + return; + } - if (constraint.isConstraintType(AtlasConstraintDef.CONSTRAINT_TYPE_OWNED_REF)) { - LOG.warn("Invalid constraint ownedRef for attribute {}.{}", structDef.getName(), attributeDef.getName()); + Iterator iterator = constraints.iterator(); - constraints.remove(i); - i--; - } + while (iterator.hasNext()) { + AtlasConstraintDef constraint = iterator.next(); + + if (constraint.isConstraintType(AtlasConstraintDef.CONSTRAINT_TYPE_OWNED_REF)) { + LOG.warn("Invalid constraint ownedRef for attribute {}.{}", structDef.getName(), attributeDef.getName()); + iterator.remove(); } } } diff --git a/repository/src/main/java/org/apache/atlas/repository/store/graph/v1/DeleteHandlerV1.java b/repository/src/main/java/org/apache/atlas/repository/store/graph/v1/DeleteHandlerV1.java index a4358e2967..bf0fb2f8af 100644 --- a/repository/src/main/java/org/apache/atlas/repository/store/graph/v1/DeleteHandlerV1.java +++ b/repository/src/main/java/org/apache/atlas/repository/store/graph/v1/DeleteHandlerV1.java @@ -53,6 +53,7 @@ import org.apache.atlas.type.AtlasStructType.AtlasAttribute.AtlasRelationshipEdgeDirection; import org.apache.atlas.utils.AtlasEntityUtil; import org.apache.atlas.utils.AtlasPerfMetrics; +import org.apache.atlas.utils.AtlasPerfMetrics.MetricRecorder; import org.apache.commons.collections.CollectionUtils; import org.apache.commons.collections.MapUtils; import org.apache.commons.lang.StringUtils; @@ -118,6 +119,7 @@ public DeleteHandlerV1(AtlasGraph graph, AtlasTypeRegistry typeRegistry, boolean * @throws AtlasException */ public void deleteEntities(Collection instanceVertices) throws AtlasBaseException { + MetricRecorder metric = RequestContext.get().startMetricRecord("deleteEntities"); final RequestContext requestContext = RequestContext.get(); final Set deletionCandidateVertices = new HashSet<>(); @@ -160,6 +162,7 @@ public void deleteEntities(Collection instanceVertices) throws Atla } } } + RequestContext.get().endMetricRecord(metric); } /** @@ -754,6 +757,7 @@ protected void deleteEdge(AtlasEdge edge, boolean updateInverseAttribute, boolea } protected void deleteTypeVertex(AtlasVertex instanceVertex, TypeCategory typeCategory, boolean force) throws AtlasBaseException { + MetricRecorder metric = RequestContext.get().startMetricRecord("deleteTypeVertex"); switch (typeCategory) { case STRUCT: deleteTypeVertex(instanceVertex, force); @@ -771,6 +775,7 @@ protected void deleteTypeVertex(AtlasVertex instanceVertex, TypeCategory typeCat default: throw new IllegalStateException("Type category " + typeCategory + " not handled"); } + RequestContext.get().endMetricRecord(metric); } /** @@ -779,6 +784,7 @@ protected void deleteTypeVertex(AtlasVertex instanceVertex, TypeCategory typeCat * @throws AtlasException */ protected void deleteTypeVertex(AtlasVertex instanceVertex, boolean force) throws AtlasBaseException { + MetricRecorder metric = RequestContext.get().startMetricRecord("deleteTypeVertex"); if (LOG.isDebugEnabled()) { LOG.debug("Deleting {}, force={}", string(instanceVertex), force); } @@ -852,6 +858,7 @@ protected void deleteTypeVertex(AtlasVertex instanceVertex, boolean force) throw } deleteVertex(instanceVertex, force); + RequestContext.get().endMetricRecord(metric); } protected AtlasAttribute getAttributeForEdge(AtlasEdge edge) throws AtlasBaseException { @@ -888,6 +895,7 @@ protected void deleteEdgeBetweenVertices(AtlasVertex outVertex, AtlasVertex inVe if (skipVertexForDelete(outVertex)) { return; } + MetricRecorder metric = RequestContext.get().startMetricRecord("deleteEdgeBetweenVertices"); AtlasStructType parentType = (AtlasStructType) typeRegistry.getType(GraphHelper.getTypeName(outVertex)); String propertyName = getQualifiedAttributePropertyKey(parentType, attribute.getName()); @@ -988,9 +996,11 @@ protected void deleteEdgeBetweenVertices(AtlasVertex outVertex, AtlasVertex inVe requestContext.recordEntityUpdate(entityRetriever.toAtlasEntityHeader(outVertex)); } } + RequestContext.get().endMetricRecord(metric); } protected void deleteVertex(AtlasVertex instanceVertex, boolean force) throws AtlasBaseException { + MetricRecorder metric = RequestContext.get().startMetricRecord("deleteVertex"); if (LOG.isDebugEnabled()) { LOG.debug("Setting the external references to {} to null(removing edges)", string(instanceVertex)); } @@ -1020,7 +1030,6 @@ protected void deleteVertex(AtlasVertex instanceVertex, boolean force) throws At if (!isDeletedEntity(outVertex)) { AtlasVertex inVertex = edge.getInVertex(); AtlasAttribute attribute = getAttributeForEdge(edge); - deleteEdgeBetweenVertices(outVertex, inVertex, attribute); } } @@ -1028,6 +1037,7 @@ protected void deleteVertex(AtlasVertex instanceVertex, boolean force) throws At } _deleteVertex(instanceVertex, force); + RequestContext.get().endMetricRecord(metric); } private boolean isDeletedEntity(AtlasVertex entityVertex) { @@ -1110,6 +1120,7 @@ private void deleteAllClassifications(AtlasVertex instanceVertex) throws AtlasBa if (!ACTIVE.equals(getState(instanceVertex))) return; + MetricRecorder metric = RequestContext.get().startMetricRecord("deleteAllClassifications"); List classificationEdges = getAllClassificationEdges(instanceVertex); for (AtlasEdge edge : classificationEdges) { @@ -1127,6 +1138,7 @@ private void deleteAllClassifications(AtlasVertex instanceVertex) throws AtlasBa deleteEdgeReference(edge, CLASSIFICATION, false, false, instanceVertex); } + RequestContext.get().endMetricRecord(metric); } private boolean skipVertexForDelete(AtlasVertex vertex) { @@ -1336,12 +1348,13 @@ public void createAndQueueTask(String taskType, AtlasEdge relationshipEdge, Atla } public void createAndQueueClassificationRefreshPropagationTask(AtlasEdge edge) throws AtlasBaseException{ - if (taskManagement==null) { LOG.warn("Task management is null, can't schedule task now"); return; } + MetricRecorder metric = RequestContext.get().startMetricRecord("createAndQueueClassificationRefreshPropagationTask"); + String currentUser = RequestContext.getCurrentUser(); boolean isRelationshipEdge = isRelationshipEdge(edge); boolean isTermEntityEdge = GraphHelper.isTermEntityEdge(edge); @@ -1377,7 +1390,7 @@ public void createAndQueueClassificationRefreshPropagationTask(AtlasEdge edge) t RequestContext.get().queueTask(task); } - + RequestContext.get().endMetricRecord(metric); } private boolean skipClassificationTaskCreation(String classificationId) throws AtlasBaseException { diff --git a/repository/src/main/java/org/apache/atlas/repository/store/graph/v1/SoftDeleteHandlerV1.java b/repository/src/main/java/org/apache/atlas/repository/store/graph/v1/SoftDeleteHandlerV1.java index ed103e2402..18cdf30949 100644 --- a/repository/src/main/java/org/apache/atlas/repository/store/graph/v1/SoftDeleteHandlerV1.java +++ b/repository/src/main/java/org/apache/atlas/repository/store/graph/v1/SoftDeleteHandlerV1.java @@ -30,6 +30,7 @@ import org.apache.atlas.repository.store.graph.v2.AtlasRelationshipStoreV2; import org.apache.atlas.tasks.TaskManagement; import org.apache.atlas.type.AtlasTypeRegistry; +import org.apache.atlas.utils.AtlasPerfMetrics.MetricRecorder; import org.apache.commons.collections.CollectionUtils; import javax.inject.Inject; @@ -68,6 +69,7 @@ protected void _deleteVertex(AtlasVertex instanceVertex, boolean force) { @Override protected void deleteEdge(AtlasEdge edge, boolean force) throws AtlasBaseException { + MetricRecorder metric = RequestContext.get().startMetricRecord("deleteEdge"); try { if (LOG.isDebugEnabled()) { LOG.debug("==> SoftDeleteHandlerV1.deleteEdge({}, {})", GraphHelper.string(edge), force); @@ -103,7 +105,8 @@ protected void deleteEdge(AtlasEdge edge, boolean force) throws AtlasBaseExcepti } catch (Exception e) { LOG.error("Error while deleting edge {}", GraphHelper.string(edge), e); throw new AtlasBaseException(e); + } finally { + RequestContext.get().endMetricRecord(metric); } - } } diff --git a/repository/src/main/java/org/apache/atlas/repository/store/graph/v2/AtlasEntityChangeNotifier.java b/repository/src/main/java/org/apache/atlas/repository/store/graph/v2/AtlasEntityChangeNotifier.java index 7fc95c3981..e0133148ea 100644 --- a/repository/src/main/java/org/apache/atlas/repository/store/graph/v2/AtlasEntityChangeNotifier.java +++ b/repository/src/main/java/org/apache/atlas/repository/store/graph/v2/AtlasEntityChangeNotifier.java @@ -171,6 +171,7 @@ public void onClassificationAddedToEntity(AtlasEntity entity, List entities, List addedClassifications, boolean forceInline) throws AtlasBaseException { if (isV2EntityNotificationEnabled) { diff --git a/repository/src/main/java/org/apache/atlas/repository/store/graph/v2/AtlasEntityStoreV2.java b/repository/src/main/java/org/apache/atlas/repository/store/graph/v2/AtlasEntityStoreV2.java index 83df0fe2ef..5e627dfa07 100644 --- a/repository/src/main/java/org/apache/atlas/repository/store/graph/v2/AtlasEntityStoreV2.java +++ b/repository/src/main/java/org/apache/atlas/repository/store/graph/v2/AtlasEntityStoreV2.java @@ -586,6 +586,8 @@ public EntityMutationResponse deleteById(final String guid) throws AtlasBaseExce throw new AtlasBaseException(AtlasErrorCode.INSTANCE_GUID_NOT_FOUND, guid); } + AtlasPerfMetrics.MetricRecorder metricRecorder = RequestContext.get().startMetricRecord("deleteById"); + Collection deletionCandidates = new ArrayList<>(); AtlasVertex vertex = AtlasGraphUtilsV2.findByGuid(graph, guid); @@ -611,6 +613,7 @@ public EntityMutationResponse deleteById(final String guid) throws AtlasBaseExce // Notify the change listeners entityChangeNotifier.onEntitiesMutated(ret, false); atlasRelationshipStore.onRelationshipsMutated(RequestContext.get().getRelationshipMutationMap()); + RequestContext.get().endMetricRecord(metricRecorder); return ret; } @@ -773,10 +776,12 @@ public EntityMutationResponse deleteByUniqueAttributes(AtlasEntityType entityTyp @Override @GraphTransaction public EntityMutationResponse deleteByUniqueAttributes(List objectIds) throws AtlasBaseException { + if (CollectionUtils.isEmpty(objectIds)) { throw new AtlasBaseException(AtlasErrorCode.INVALID_PARAMETERS); } + MetricRecorder metric = RequestContext.get().startMetricRecord("deleteByUniqueAttributes"); EntityMutationResponse ret = new EntityMutationResponse(); Collection deletionCandidates = new ArrayList<>(); try { @@ -820,10 +825,11 @@ public EntityMutationResponse deleteByUniqueAttributes(List objec // Notify the change listeners entityChangeNotifier.onEntitiesMutated(ret, false); atlasRelationshipStore.onRelationshipsMutated(RequestContext.get().getRelationshipMutationMap()); - } catch (Exception e) { LOG.error("Failed to delete objects:{}", objectIds.stream().map(AtlasObjectId::getUniqueAttributes).collect(Collectors.toList()), e); throw new AtlasBaseException(e); + } finally { + RequestContext.get().endMetricRecord(metric); } return ret; } @@ -1105,6 +1111,42 @@ public void deleteClassification(final String guid, final String classificationN deleteClassification(guid, classificationName, null); } + @Override + @GraphTransaction + public void deleteClassifications(final String guid, final List classifications) throws AtlasBaseException { + deleteClassifications(guid, classifications, null); + } + + @Override + @GraphTransaction + public void deleteClassifications(final String guid, final List classifications, final String associatedEntityGuid) throws AtlasBaseException { + if (StringUtils.isEmpty(guid)) { + throw new AtlasBaseException(AtlasErrorCode.INVALID_PARAMETERS, "Guid(s) not specified"); + } + if (CollectionUtils.isEmpty(classifications)) { + throw new AtlasBaseException(AtlasErrorCode.INVALID_PARAMETERS, "classifications not specified"); + } + + GraphTransactionInterceptor.lockObjectAndReleasePostCommit(guid); + + AtlasEntityHeader entityHeader = entityRetriever.toAtlasEntityHeaderWithClassifications(guid); + + // verify authorization only for removal of directly associated classification and not propagated one. + for (AtlasClassification classification: classifications){ + if (StringUtils.isEmpty(associatedEntityGuid) || guid.equals(associatedEntityGuid)) { + AtlasAuthorizationUtils.verifyAccess(new AtlasEntityAccessRequest(typeRegistry, AtlasPrivilege.ENTITY_REMOVE_CLASSIFICATION, + entityHeader, new AtlasClassification(classification.getTypeName())), + "remove classification: guid=", guid, ", classification=", classification.getDisplayName()); + } + + if (LOG.isDebugEnabled()) { + LOG.debug("Deleting classification={} from entity={}", classification.getDisplayName(), guid); + } + } + entityGraphMapper.deleteClassifications(guid, classifications, associatedEntityGuid); + } + + @Override @GraphTransaction public void deleteClassification(final String guid, final String classificationName, final String associatedEntityGuid) throws AtlasBaseException { @@ -1129,8 +1171,6 @@ entityHeader, new AtlasClassification(classificationName)), if (LOG.isDebugEnabled()) { LOG.debug("Deleting classification={} from entity={}", classificationName, guid); } - - entityGraphMapper.deleteClassification(guid, classificationName, associatedEntityGuid); } @@ -1443,6 +1483,33 @@ public void addLabels(String guid, Set labels) throws AtlasBaseException } } + private Map getMap(String key, Object value) { + Map map = new HashMap<>(); + map.put(key, value); + return map; + } + +// private Boolean isAccessAllowed(AtlasEntity entity, String action) { +// Map entityAttr = entity.getAttributes(); +// Map entityForAuth = getMap("objects", getMap("assetCriteria", getMap("attributes", entityAttr)));; +// +// String[] assetQualifiedNames = new String[1]; +// assetQualifiedNames[0] = (String) entity.getAttribute("qualifiedName"); +// ((Map) entityForAuth.get("objects")).put("assetQualifiedNames", assetQualifiedNames); +// +// +// String[] userArray = new String[1]; +// userArray[0] = RequestContext.getCurrentUser(); +// entityForAuth.put("subjects", getMap("users", userArray)); +// +// String[] actionArray = new String[1]; +// actionArray[0] = action; +// entityForAuth.put("actions", actionArray); +// +// Boolean accessAllowed = this.atlasAuthorization.isAccessAllowed(entityForAuth, RequestContext.getCurrentUser()); +// return accessAllowed; +// } + private EntityMutationResponse createOrUpdate(EntityStream entityStream, boolean isPartialUpdate, boolean replaceClassifications, boolean replaceBusinessAttributes, boolean isOverwriteBusinessAttribute) throws AtlasBaseException { if (LOG.isDebugEnabled()) { LOG.debug("==> createOrUpdate()"); @@ -1519,21 +1586,23 @@ private EntityMutationResponse createOrUpdate(EntityStream entityStream, boolean // Check if authorized to update entities if (!reqContext.isImportInProgress()) { for (AtlasEntity entity : context.getUpdatedEntities()) { - AtlasEntityHeader entityHeaderWithClassifications = entityRetriever.toAtlasEntityHeaderWithClassifications(entity.getGuid()); - AtlasEntityHeader entityHeader = new AtlasEntityHeader(entity); + if(!PreProcessor.skipUpdateAuthCheckTypes.contains(entity.getTypeName())){ + AtlasEntityHeader entityHeaderWithClassifications = entityRetriever.toAtlasEntityHeaderWithClassifications(entity.getGuid()); + AtlasEntityHeader entityHeader = new AtlasEntityHeader(entity); - if(CollectionUtils.isNotEmpty(entityHeaderWithClassifications.getClassifications())) { - entityHeader.setClassifications(entityHeaderWithClassifications.getClassifications()); - } + if(CollectionUtils.isNotEmpty(entityHeaderWithClassifications.getClassifications())) { + entityHeader.setClassifications(entityHeaderWithClassifications.getClassifications()); + } - AtlasEntity diffEntity = reqContext.getDifferentialEntity(entity.getGuid()); - boolean skipAuthBaseConditions = diffEntity != null && MapUtils.isEmpty(diffEntity.getCustomAttributes()) && MapUtils.isEmpty(diffEntity.getBusinessAttributes()) && CollectionUtils.isEmpty(diffEntity.getClassifications()) && CollectionUtils.isEmpty(diffEntity.getLabels()); - boolean skipAuthMeaningsUpdate = diffEntity != null && MapUtils.isNotEmpty(diffEntity.getRelationshipAttributes()) && diffEntity.getRelationshipAttributes().containsKey("meanings") && diffEntity.getRelationshipAttributes().size() == 1 && MapUtils.isEmpty(diffEntity.getAttributes()); - boolean skipAuthStarredDetailsUpdate = diffEntity != null && MapUtils.isEmpty(diffEntity.getRelationshipAttributes()) && MapUtils.isNotEmpty(diffEntity.getAttributes()) && diffEntity.getAttributes().size() == 3 && diffEntity.getAttributes().containsKey(ATTR_STARRED_BY) && diffEntity.getAttributes().containsKey(ATTR_STARRED_COUNT) && diffEntity.getAttributes().containsKey(ATTR_STARRED_DETAILS_LIST); - if (skipAuthBaseConditions && (skipAuthMeaningsUpdate || skipAuthStarredDetailsUpdate)) { - //do nothing, only diff is relationshipAttributes.meanings or starred, allow update - } else { - AtlasAuthorizationUtils.verifyUpdateEntityAccess(typeRegistry, entityHeader,"update entity: type=" + entity.getTypeName()); + AtlasEntity diffEntity = reqContext.getDifferentialEntity(entity.getGuid()); + boolean skipAuthBaseConditions = diffEntity != null && MapUtils.isEmpty(diffEntity.getCustomAttributes()) && MapUtils.isEmpty(diffEntity.getBusinessAttributes()) && CollectionUtils.isEmpty(diffEntity.getClassifications()) && CollectionUtils.isEmpty(diffEntity.getLabels()); + boolean skipAuthMeaningsUpdate = diffEntity != null && MapUtils.isNotEmpty(diffEntity.getRelationshipAttributes()) && diffEntity.getRelationshipAttributes().containsKey("meanings") && diffEntity.getRelationshipAttributes().size() == 1 && MapUtils.isEmpty(diffEntity.getAttributes()); + boolean skipAuthStarredDetailsUpdate = diffEntity != null && MapUtils.isEmpty(diffEntity.getRelationshipAttributes()) && MapUtils.isNotEmpty(diffEntity.getAttributes()) && diffEntity.getAttributes().size() == 3 && diffEntity.getAttributes().containsKey(ATTR_STARRED_BY) && diffEntity.getAttributes().containsKey(ATTR_STARRED_COUNT) && diffEntity.getAttributes().containsKey(ATTR_STARRED_DETAILS_LIST); + if (skipAuthBaseConditions && (skipAuthMeaningsUpdate || skipAuthStarredDetailsUpdate)) { + //do nothing, only diff is relationshipAttributes.meanings or starred, allow update + } else { + AtlasAuthorizationUtils.verifyUpdateEntityAccess(typeRegistry, entityHeader,"update entity: type=" + entity.getTypeName()); + } } } } @@ -1591,7 +1660,7 @@ private void executePreProcessor(EntityMutationContext context) throws AtlasBase private EntityMutationContext preCreateOrUpdate(EntityStream entityStream, EntityGraphMapper entityGraphMapper, boolean isPartialUpdate) throws AtlasBaseException { MetricRecorder metric = RequestContext.get().startMetricRecord("preCreateOrUpdate"); - this.graph.setEnableCache(RequestContext.get().isCacheEnabled()); + EntityGraphDiscovery graphDiscoverer = new AtlasEntityGraphDiscoveryV2(graph, typeRegistry, entityStream, entityGraphMapper); EntityGraphDiscoveryContext discoveryContext = graphDiscoverer.discoverEntities(); EntityMutationContext context = new EntityMutationContext(discoveryContext); @@ -1821,7 +1890,7 @@ public PreProcessor getPreProcessor(String typeName) { switch (typeName) { case ATLAS_GLOSSARY_ENTITY_TYPE: - preProcessor = new GlossaryPreProcessor(typeRegistry, entityRetriever); + preProcessor = new GlossaryPreProcessor(typeRegistry, entityRetriever, graph); break; case ATLAS_GLOSSARY_TERM_ENTITY_TYPE: @@ -1833,7 +1902,7 @@ public PreProcessor getPreProcessor(String typeName) { break; case DATA_DOMAIN_ENTITY_TYPE: - preProcessor = new DataDomainPreProcessor(typeRegistry, entityRetriever, graph); + preProcessor = new DataDomainPreProcessor(typeRegistry, entityRetriever, graph, this); break; case DATA_PRODUCT_ENTITY_TYPE: @@ -1931,7 +2000,7 @@ private EntityMutationResponse deleteVertices(Collection deletionCa Collection categories = new ArrayList<>(); Collection others = new ArrayList<>(); - MetricRecorder metric = RequestContext.get().startMetricRecord("filterCategoryVertices"); + MetricRecorder metric = RequestContext.get().startMetricRecord("deleteVertices_filterCategoryVertices"); for (AtlasVertex vertex : deletionCandidates) { String typeName = getTypeName(vertex); @@ -1947,7 +2016,7 @@ private EntityMutationResponse deleteVertices(Collection deletionCa } } RequestContext.get().endMetricRecord(metric); - + MetricRecorder metric2 = RequestContext.get().startMetricRecord("deleteVertices"); if (CollectionUtils.isNotEmpty(categories)) { entityGraphMapper.removeAttrForCategoryDelete(categories); deleteDelegate.getHandler(DeleteType.HARD).deleteEntities(categories); @@ -1976,11 +2045,11 @@ private EntityMutationResponse deleteVertices(Collection deletionCa for (AtlasEntityHeader entity : req.getUpdatedEntities()) { response.addEntity(UPDATE, entity); } + RequestContext.get().endMetricRecord(metric2); } catch (Exception e) { LOG.error("Delete vertices request failed", e); throw new AtlasBaseException(e); } - return response; } diff --git a/repository/src/main/java/org/apache/atlas/repository/store/graph/v2/ClassificationAssociator.java b/repository/src/main/java/org/apache/atlas/repository/store/graph/v2/ClassificationAssociator.java index 6cd9ac4e4b..8bea44fca7 100644 --- a/repository/src/main/java/org/apache/atlas/repository/store/graph/v2/ClassificationAssociator.java +++ b/repository/src/main/java/org/apache/atlas/repository/store/graph/v2/ClassificationAssociator.java @@ -193,45 +193,21 @@ public void setClassifications(Map map) throws AtlasB AtlasPerfMetrics.MetricRecorder recorder = RequestContext.get().startMetricRecord("commitChanges.notify"); Map> deleted = RequestContext.get().getDeletedClassificationAndVertices(); - Set allVertices = new HashSet<>(); - if (MapUtils.isNotEmpty(deleted)) { - for (AtlasClassification deletedClassification: deleted.keySet()) { - Collection vertices = deleted.get(deletedClassification); - List propagatedEntities = new ArrayList<>(); - - for (Object obj: vertices) { - AtlasVertex vertex = (AtlasVertex) obj; - AtlasEntity entity = instanceConverter.getAndCacheEntity(GraphHelper.getGuid(vertex), IGNORE_REL); - - allVertices.add(vertex); - propagatedEntities.add(entity); - } - - entityChangeNotifier.onClassificationsDeletedFromEntities(propagatedEntities, Collections.singletonList(deletedClassification)); + Map> entityClassification = getEntityClassificationsMapping(deleted); + for (Map.Entry> atlasEntityListEntry : entityClassification.entrySet()) { + entityChangeNotifier.onClassificationDeletedFromEntity(atlasEntityListEntry.getKey(), atlasEntityListEntry.getValue()); } } Map> added = RequestContext.get().getAddedClassificationAndVertices(); if (MapUtils.isNotEmpty(added)) { - for (AtlasClassification addedClassification: added.keySet()) { - Collection vertices = added.get(addedClassification); - List propagatedEntities = new ArrayList<>(); - - for (Object obj: vertices) { - AtlasVertex vertex = (AtlasVertex) obj; - AtlasEntity entity = instanceConverter.getAndCacheEntity(GraphHelper.getGuid(vertex), IGNORE_REL); - - allVertices.add(vertex); - propagatedEntities.add(entity); - } - - entityChangeNotifier.onClassificationsAddedToEntities(propagatedEntities, Collections.singletonList(addedClassification), false); + Map> entityClassification = getEntityClassificationsMapping(added); + for (Map.Entry> atlasEntityListEntry : entityClassification.entrySet()) { + entityChangeNotifier.onClassificationAddedToEntity(atlasEntityListEntry.getKey(), atlasEntityListEntry.getValue()); } } - entityGraphMapper.updateClassificationText(null, allVertices); transactionInterceptHelper.intercept(); - RequestContext.get().endMetricRecord(recorder); RequestContext.get().setDelayTagNotifications(false); } @@ -310,14 +286,12 @@ private void deleteClassifications(String entityGuid, String typeName, List> getEntityClassificationsMapping(Map> classificationVertices) throws AtlasBaseException { + Map> entityClassifications = new HashMap<>(); + Set vertices = new HashSet<>(); + for (AtlasClassification classification : classificationVertices.keySet()) { + for (Object obj : classificationVertices.get(classification)) { + AtlasVertex vertex = (AtlasVertex) obj; + vertices.add(vertex); + } + List propagatedEntities = entityGraphMapper.updateClassificationText(null, vertices); + propagatedEntities.forEach(entity -> entityClassifications.computeIfAbsent(entity, key -> new ArrayList<>()).add(classification)); + } + return entityClassifications; + } } private static class ListOps { diff --git a/repository/src/main/java/org/apache/atlas/repository/store/graph/v2/EntityGraphMapper.java b/repository/src/main/java/org/apache/atlas/repository/store/graph/v2/EntityGraphMapper.java index 798d86071e..782b6847c8 100644 --- a/repository/src/main/java/org/apache/atlas/repository/store/graph/v2/EntityGraphMapper.java +++ b/repository/src/main/java/org/apache/atlas/repository/store/graph/v2/EntityGraphMapper.java @@ -3241,17 +3241,21 @@ public void addClassifications(final EntityMutationContext context, String guid, if (CollectionUtils.isNotEmpty(entitiesToPropagateTo)) { notificationVertices.addAll(entitiesToPropagateTo); } - - - for (AtlasClassification classification : addedClassifications.keySet()) { - Set vertices = addedClassifications.get(classification); - - if (RequestContext.get().isDelayTagNotifications()) { + if (RequestContext.get().isDelayTagNotifications()) { + for (AtlasClassification classification : addedClassifications.keySet()) { + Set vertices = addedClassifications.get(classification); RequestContext.get().addAddedClassificationAndVertices(classification, new ArrayList<>(vertices)); - } else { + } + } else { + Map> entityClassification = new HashMap<>(); + for (AtlasClassification classification : addedClassifications.keySet()) { + Set vertices = addedClassifications.get(classification); List propagatedEntities = updateClassificationText(classification, vertices); + propagatedEntities.forEach(entity -> entityClassification.computeIfAbsent(entity, key -> new ArrayList<>()).add(classification)); + } - entityChangeNotifier.onClassificationsAddedToEntities(propagatedEntities, Collections.singletonList(classification), false); + for (Map.Entry> atlasEntityListEntry : entityClassification.entrySet()) { + entityChangeNotifier.onClassificationAddedToEntity(atlasEntityListEntry.getKey(), atlasEntityListEntry.getValue()); } } @@ -3504,18 +3508,195 @@ public void deleteClassification(String entityGuid, String classificationName) t entityVertex.setProperty(CLASSIFICATION_NAMES_KEY, getClassificationNamesString(traitNames)); updateModificationMetadata(entityVertex); + Map> entityClassification = new HashMap<>(); if (RequestContext.get().isDelayTagNotifications()) { RequestContext.get().addDeletedClassificationAndVertices(classification, new ArrayList<>(entityVertices)); } else if (CollectionUtils.isNotEmpty(entityVertices)) { List propagatedEntities = updateClassificationText(classification, entityVertices); - + propagatedEntities.forEach(entity -> entityClassification.computeIfAbsent(entity, key -> new ArrayList<>()).add(classification)); //Sending audit request for all entities at once - entityChangeNotifier.onClassificationsDeletedFromEntities(propagatedEntities, Collections.singletonList(classification)); + for (Map.Entry> atlasEntityListEntry : entityClassification.entrySet()) { + entityChangeNotifier.onClassificationDeletedFromEntity(atlasEntityListEntry.getKey(), atlasEntityListEntry.getValue()); + } } AtlasPerfTracer.log(perf); } + public void deleteClassifications(String entityGuid, List classifications, String associatedEntityGuid) throws AtlasBaseException { + if (StringUtils.isEmpty(associatedEntityGuid) || associatedEntityGuid.equals(entityGuid)) { + deleteClassifications(entityGuid, classifications); + } else { + for (AtlasClassification classification : classifications) { + deletePropagatedClassifications(entityGuid, classification.getTypeName(), associatedEntityGuid); + } + } + } + + private void deletePropagatedClassifications(String entityGuid, String classificationName, String associatedEntityGuid) throws AtlasBaseException { + if (StringUtils.isEmpty(classificationName)) { + throw new AtlasBaseException(AtlasErrorCode.INVALID_CLASSIFICATION_PARAMS, "delete", entityGuid); + } + + AtlasVertex entityVertex = AtlasGraphUtilsV2.findByGuid(this.graph, entityGuid); + + if (entityVertex == null) { + throw new AtlasBaseException(AtlasErrorCode.INSTANCE_GUID_NOT_FOUND, entityGuid); + } + + deleteDelegate.getHandler().deletePropagatedClassification(entityVertex, classificationName, associatedEntityGuid); + } + + public void deleteClassifications(String entityGuid, List classifications) throws AtlasBaseException { + if (CollectionUtils.isEmpty(classifications)){ + return; + } + + AtlasPerfTracer perf = null; + + if (AtlasPerfTracer.isPerfTraceEnabled(PERF_LOG)) { + perf = AtlasPerfTracer.getPerfTracer(PERF_LOG, "EntityGraphMapper.deleteClassification"); + } + Map> deletedClassifications = new HashMap<>(); + + for (AtlasClassification classificationn : classifications) { + + if (StringUtils.isEmpty(classificationn.getTypeName())) { + throw new AtlasBaseException(AtlasErrorCode.INVALID_CLASSIFICATION_PARAMS, "delete", entityGuid); + } + + AtlasVertex entityVertex = AtlasGraphUtilsV2.findByGuid(this.graph, entityGuid); + + if (entityVertex == null) { + throw new AtlasBaseException(AtlasErrorCode.INSTANCE_GUID_NOT_FOUND, entityGuid); + } + + List traitNames = getTraitNames(entityVertex); + + if (CollectionUtils.isEmpty(traitNames)) { + throw new AtlasBaseException(AtlasErrorCode.NO_CLASSIFICATIONS_FOUND_FOR_ENTITY, entityGuid); + } + + String classificationName = classificationn.getTypeName(); + validateClassificationExists(traitNames, classificationName); + + AtlasVertex classificationVertex = getClassificationVertex(entityVertex, classificationName); + + // Get in progress task to see if there already is a propagation for this particular vertex + List inProgressTasks = taskManagement.getInProgressTasks(); + for (AtlasTask task : inProgressTasks) { + if (isTaskMatchingWithVertexIdAndEntityGuid(task, classificationVertex.getIdForDisplay(), entityGuid)) { + throw new AtlasBaseException(AtlasErrorCode.CLASSIFICATION_CURRENTLY_BEING_PROPAGATED, classificationName); + } + } + + AtlasClassification classification = entityRetriever.toAtlasClassification(classificationVertex); + + if (classification == null) { + throw new AtlasBaseException(AtlasErrorCode.CLASSIFICATION_NOT_FOUND, classificationName); + } + + // remove classification from propagated entities if propagation is turned on + final List entityVertices; + + if (isPropagationEnabled(classificationVertex)) { + if (taskManagement != null && DEFERRED_ACTION_ENABLED) { + boolean propagateDelete = true; + String classificationVertexId = classificationVertex.getIdForDisplay(); + + List entityTaskGuids = (List) entityVertex.getPropertyValues(PENDING_TASKS_PROPERTY_KEY, String.class); + + if (CollectionUtils.isNotEmpty(entityTaskGuids)) { + List entityPendingTasks = taskManagement.getByGuidsES(entityTaskGuids); + + boolean pendingTaskExists = entityPendingTasks.stream() + .anyMatch(x -> isTaskMatchingWithVertexIdAndEntityGuid(x, classificationVertexId, entityGuid)); + + if (pendingTaskExists) { + List entityClassificationPendingTasks = entityPendingTasks.stream() + .filter(t -> t.getParameters().containsKey("entityGuid") + && t.getParameters().containsKey("classificationVertexId")) + .filter(t -> t.getParameters().get("entityGuid").equals(entityGuid) + && t.getParameters().get("classificationVertexId").equals(classificationVertexId) + && t.getType().equals(CLASSIFICATION_PROPAGATION_ADD)) + .collect(Collectors.toList()); + for (AtlasTask entityClassificationPendingTask : entityClassificationPendingTasks) { + String taskGuid = entityClassificationPendingTask.getGuid(); + taskManagement.deleteByGuid(taskGuid, TaskManagement.DeleteType.SOFT); + AtlasGraphUtilsV2.deleteProperty(entityVertex, PENDING_TASKS_PROPERTY_KEY, taskGuid); +// propagateDelete = false; TODO: Uncomment when all unnecessary ADD tasks are resolved + } + } + } + + if (propagateDelete) { + createAndQueueTask(CLASSIFICATION_PROPAGATION_DELETE, entityVertex, classificationVertex.getIdForDisplay()); + } + + entityVertices = new ArrayList<>(); + } else { + entityVertices = deleteDelegate.getHandler().removeTagPropagation(classificationVertex); + + if (LOG.isDebugEnabled()) { + LOG.debug("Number of propagations to delete -> {}", entityVertices.size()); + } + } + } else { + entityVertices = new ArrayList<>(); + } + + // add associated entity to entityVertices list + if (!entityVertices.contains(entityVertex)) { + entityVertices.add(entityVertex); + } + + // remove classifications from associated entity + if (LOG.isDebugEnabled()) { + LOG.debug("Removing classification: [{}] from: [{}][{}] with edge label: [{}]", classificationName, + getTypeName(entityVertex), entityGuid, CLASSIFICATION_LABEL); + } + + AtlasEdge edge = getClassificationEdge(entityVertex, classificationVertex); + + deleteDelegate.getHandler().deleteEdgeReference(edge, CLASSIFICATION, false, true, entityVertex); + + traitNames.remove(classificationName); + + // update 'TRAIT_NAMES_PROPERTY_KEY' property + entityVertex.removePropertyValue(TRAIT_NAMES_PROPERTY_KEY, classificationName); + + // update 'CLASSIFICATION_NAMES_KEY' property + entityVertex.removeProperty(CLASSIFICATION_NAMES_KEY); + + entityVertex.setProperty(CLASSIFICATION_NAMES_KEY, getClassificationNamesString(traitNames)); + + updateModificationMetadata(entityVertex); + + if(deletedClassifications.get(classification) == null) { + deletedClassifications.put(classification, new HashSet<>()); + } + //Add current Vertex to be notified + deletedClassifications.get(classification).add(entityVertex); + } + + Map> entityClassification = new HashMap<>(); + + for (AtlasClassification classification : deletedClassifications.keySet()) { + Set vertices = deletedClassifications.get(classification); + if (CollectionUtils.isNotEmpty(vertices)) { + List propagatedEntities = updateClassificationText(classification, vertices); + propagatedEntities.forEach(entity -> entityClassification.computeIfAbsent(entity, key -> new ArrayList<>()).add(classification)); + } + } + + //Sending audit request for all entities at once + for (Map.Entry> atlasEntityListEntry : entityClassification.entrySet()) { + entityChangeNotifier.onClassificationDeletedFromEntity(atlasEntityListEntry.getKey(), atlasEntityListEntry.getValue()); + } + + AtlasPerfTracer.log(perf); + + } private boolean isTaskMatchingWithVertexIdAndEntityGuid(AtlasTask task, String classificationVertexId, String entityGuid) { try { if (CLASSIFICATION_PROPAGATION_ADD.equals(task.getType())) { diff --git a/repository/src/main/java/org/apache/atlas/repository/store/graph/v2/preprocessor/AuthPolicyPreProcessor.java b/repository/src/main/java/org/apache/atlas/repository/store/graph/v2/preprocessor/AuthPolicyPreProcessor.java index 58fb516564..53c78ded9a 100644 --- a/repository/src/main/java/org/apache/atlas/repository/store/graph/v2/preprocessor/AuthPolicyPreProcessor.java +++ b/repository/src/main/java/org/apache/atlas/repository/store/graph/v2/preprocessor/AuthPolicyPreProcessor.java @@ -55,11 +55,9 @@ import static org.apache.atlas.authorize.AtlasAuthorizationUtils.verifyAccess; import static org.apache.atlas.model.instance.EntityMutations.EntityOperation.CREATE; import static org.apache.atlas.model.instance.EntityMutations.EntityOperation.UPDATE; -import static org.apache.atlas.repository.Constants.ATTR_ADMIN_ROLES; -import static org.apache.atlas.repository.Constants.KEYCLOAK_ROLE_ADMIN; -import static org.apache.atlas.repository.Constants.QUALIFIED_NAME; -import static org.apache.atlas.repository.Constants.STAKEHOLDER_ENTITY_TYPE; +import static org.apache.atlas.repository.Constants.*; import static org.apache.atlas.repository.util.AccessControlUtils.*; +import static org.apache.atlas.repository.util.AccessControlUtils.POLICY_SERVICE_NAME_ABAC; import static org.apache.atlas.repository.util.AccessControlUtils.getPolicySubCategory; public class AuthPolicyPreProcessor implements PreProcessor { @@ -111,7 +109,28 @@ private void processCreatePolicy(AtlasStruct entity) throws AtlasBaseException { verifyParentTypeName(parentEntity); } + String policyServiceName = getPolicyServiceName(policy); String policyCategory = getPolicyCategory(policy); + + if (POLICY_SERVICE_NAME_ABAC.equals(policyServiceName) && + (POLICY_CATEGORY_PERSONA.equals(policyCategory) || POLICY_CATEGORY_PURPOSE.equals(policyCategory))) { + + policy.setAttribute(QUALIFIED_NAME, String.format("%s/%s", getEntityQualifiedName(parentEntity), getUUID())); + + //extract role + String roleName = getPersonaRoleName(parentEntity); + List roles = Arrays.asList(roleName); + policy.setAttribute(ATTR_POLICY_ROLES, roles); + + policy.setAttribute(ATTR_POLICY_USERS, new ArrayList<>()); + policy.setAttribute(ATTR_POLICY_GROUPS, new ArrayList<>()); + + //aliasStore.updateAlias(parentEntity, policy); + + return; + } + + if (StringUtils.isEmpty(policyCategory)) { throw new AtlasBaseException(BAD_REQUEST, "Please provide attribute " + ATTR_POLICY_CATEGORY); } @@ -183,6 +202,12 @@ private void validateAndReduce(AtlasEntity policy) { private void processUpdatePolicy(AtlasStruct entity, AtlasVertex vertex) throws AtlasBaseException { AtlasPerfMetrics.MetricRecorder metricRecorder = RequestContext.get().startMetricRecord("processUpdatePolicy"); AtlasEntity policy = (AtlasEntity) entity; + + String policyServiceName = getPolicyServiceName(policy); + if (POLICY_SERVICE_NAME_ABAC.equals(policyServiceName)) { + return; + } + AtlasEntity existingPolicy = entityRetriever.toAtlasEntityWithExtInfo(vertex).getEntity(); String policyCategory = policy.hasAttribute(ATTR_POLICY_CATEGORY) ? getPolicyCategory(policy) : getPolicyCategory(existingPolicy); @@ -254,6 +279,11 @@ public void processDelete(AtlasVertex vertex) throws AtlasBaseException { try { AtlasEntity policy = entityRetriever.toAtlasEntity(vertex); + String policyServiceName = getPolicyServiceName(policy); + if (POLICY_SERVICE_NAME_ABAC.equals(policyServiceName)) { + return; + } + authorizeDeleteAuthPolicy(policy); if(!policy.getStatus().equals(AtlasEntity.Status.ACTIVE)) { diff --git a/repository/src/main/java/org/apache/atlas/repository/store/graph/v2/preprocessor/PreProcessor.java b/repository/src/main/java/org/apache/atlas/repository/store/graph/v2/preprocessor/PreProcessor.java index 45486e6917..f0544abad4 100644 --- a/repository/src/main/java/org/apache/atlas/repository/store/graph/v2/preprocessor/PreProcessor.java +++ b/repository/src/main/java/org/apache/atlas/repository/store/graph/v2/preprocessor/PreProcessor.java @@ -9,10 +9,7 @@ import java.util.HashSet; import java.util.Set; -import static org.apache.atlas.repository.Constants.ATLAS_GLOSSARY_CATEGORY_ENTITY_TYPE; -import static org.apache.atlas.repository.Constants.ATLAS_GLOSSARY_TERM_ENTITY_TYPE; -import static org.apache.atlas.repository.Constants.STAKEHOLDER_ENTITY_TYPE; -import static org.apache.atlas.repository.Constants.STAKEHOLDER_TITLE_ENTITY_TYPE; +import static org.apache.atlas.repository.Constants.*; public interface PreProcessor { @@ -22,6 +19,13 @@ public interface PreProcessor { add(ATLAS_GLOSSARY_CATEGORY_ENTITY_TYPE); add(STAKEHOLDER_ENTITY_TYPE); add(STAKEHOLDER_TITLE_ENTITY_TYPE); + add(DATA_DOMAIN_ENTITY_TYPE); + add(DATA_PRODUCT_ENTITY_TYPE); + }}; + + Set skipUpdateAuthCheckTypes = new HashSet() {{ + add(DATA_DOMAIN_ENTITY_TYPE); + add(DATA_PRODUCT_ENTITY_TYPE); }}; void processAttributes(AtlasStruct entity, EntityMutationContext context, EntityMutations.EntityOperation operation) throws AtlasBaseException; diff --git a/repository/src/main/java/org/apache/atlas/repository/store/graph/v2/preprocessor/PreProcessorUtils.java b/repository/src/main/java/org/apache/atlas/repository/store/graph/v2/preprocessor/PreProcessorUtils.java index 260f228351..b36c8babe6 100644 --- a/repository/src/main/java/org/apache/atlas/repository/store/graph/v2/preprocessor/PreProcessorUtils.java +++ b/repository/src/main/java/org/apache/atlas/repository/store/graph/v2/preprocessor/PreProcessorUtils.java @@ -1,6 +1,7 @@ package org.apache.atlas.repository.store.graph.v2.preprocessor; import org.apache.atlas.AtlasErrorCode; +import org.apache.atlas.RequestContext; import org.apache.atlas.discovery.EntityDiscoveryService; import org.apache.atlas.exception.AtlasBaseException; import org.apache.atlas.model.discovery.IndexSearchParams; @@ -14,6 +15,7 @@ import org.apache.atlas.type.AtlasStructType; import org.apache.atlas.type.AtlasTypeRegistry; import org.apache.atlas.util.NanoIdUtils; +import org.apache.atlas.util.lexoRank.LexoRank; import org.apache.atlas.utils.AtlasEntityUtil; import org.apache.commons.collections.CollectionUtils; import org.apache.commons.lang.StringUtils; @@ -21,11 +23,14 @@ import org.slf4j.LoggerFactory; import java.util.*; +import java.util.regex.Matcher; +import java.util.regex.Pattern; -import static org.apache.atlas.repository.Constants.QUERY_COLLECTION_ENTITY_TYPE; -import static org.apache.atlas.repository.Constants.QUALIFIED_NAME; -import static org.apache.atlas.repository.Constants.ENTITY_TYPE_PROPERTY_KEY; +import static org.apache.atlas.glossary.GlossaryUtils.ATLAS_GLOSSARY_CATEGORY_TYPENAME; +import static org.apache.atlas.glossary.GlossaryUtils.ATLAS_GLOSSARY_TERM_TYPENAME; +import static org.apache.atlas.repository.Constants.*; import static org.apache.atlas.repository.util.AtlasEntityUtils.mapOf; +import static org.apache.atlas.type.Constants.LEXICOGRAPHICAL_SORT_ORDER; public class PreProcessorUtils { private static final Logger LOG = LoggerFactory.getLogger(PreProcessorUtils.class); @@ -39,6 +44,8 @@ public class PreProcessorUtils { public static final String CATEGORY_CHILDREN = "childrenCategories"; public static final String GLOSSARY_TERM_REL_TYPE = "AtlasGlossaryTermAnchor"; public static final String GLOSSARY_CATEGORY_REL_TYPE = "AtlasGlossaryCategoryAnchor"; + public static final String INIT_LEXORANK_OFFSET = "0|100000:"; + public static final String INIT_TERM_LEXORANK_OFFSET = "0|500000:"; //DataMesh models constants public static final String PARENT_DOMAIN_REL_TYPE = "parentDomain"; @@ -52,6 +59,9 @@ public class PreProcessorUtils { public static final String DATA_PRODUCT_EDGE_LABEL = "__DataDomain.dataProducts"; public static final String DOMAIN_PARENT_EDGE_LABEL = "__DataDomain.subDomains"; + public static final String STAKEHOLDER_EDGE_LABEL = "__DataDomain.stakeholders"; + public static final String STAKEHOLDER_TITLE_EDGE_LABEL = "__StakeholderTitle.stakeholders"; + public static final String PARENT_DOMAIN_QN_ATTR = "parentDomainQualifiedName"; public static final String SUPER_DOMAIN_QN_ATTR = "superDomainQualifiedName"; @@ -85,6 +95,13 @@ public enum MigrationStatus { public static final String CHILDREN_QUERIES = "__Namespace.childrenQueries"; public static final String CHILDREN_FOLDERS = "__Namespace.childrenFolders"; + public static final int REBALANCING_TRIGGER = 119; + public static final int PRE_DELIMITER_LENGTH = 9; + public static final String LEXORANK_HARD_LIMIT = "" + (256 - PRE_DELIMITER_LENGTH); + public static final String LEXORANK_VALID_REGEX = "^0\\|[0-9a-z]{6}:(?:[0-9a-z]{0," + LEXORANK_HARD_LIMIT + "})?$"; + public static final Set ATTRIBUTES = new HashSet<>(Arrays.asList("lexicographicalSortOrder")); + + public static final Pattern LEXORANK_VALIDITY_PATTERN = Pattern.compile(LEXORANK_VALID_REGEX); public static String getUUID(){ return NanoIdUtils.randomNanoId(); @@ -202,4 +219,174 @@ public static void verifyDuplicateAssetByName(String typeName, String assetName, throw new AtlasBaseException(AtlasErrorCode.BAD_REQUEST, errorMessage); } } + + public static void isValidLexoRank(String inputLexorank, String glossaryQualifiedName, String parentQualifiedName, EntityDiscoveryService discovery) throws AtlasBaseException { + + Matcher matcher = LEXORANK_VALIDITY_PATTERN.matcher(inputLexorank); + + if(!matcher.matches() || StringUtils.isEmpty(inputLexorank)){ + throw new AtlasBaseException(AtlasErrorCode.BAD_REQUEST, "Invalid value for lexicographicalSortOrder attribute"); + } + // TODO : Need to discuss either to remove this after migration is successful on all tenants and custom-sort is successfully GA or keep it for re-balancing WF + Boolean requestFromMigration = RequestContext.get().getRequestContextHeaders().getOrDefault("x-atlan-request-id", "").contains("custom-sort-migration"); + if(requestFromMigration) { + return; + } + Map lexoRankCache = RequestContext.get().getLexoRankCache(); + if(Objects.isNull(lexoRankCache)) { + lexoRankCache = new HashMap<>(); + } + String cacheKey = glossaryQualifiedName + "-" + parentQualifiedName; + if(lexoRankCache.containsKey(cacheKey) && lexoRankCache.get(cacheKey).equals(inputLexorank)){ + throw new AtlasBaseException(AtlasErrorCode.BAD_REQUEST, "Duplicate value for the attribute :" + LEXICOGRAPHICAL_SORT_ORDER +" found"); + } + Map dslQuery = createDSLforCheckingPreExistingLexoRank(inputLexorank, glossaryQualifiedName, parentQualifiedName); + List assetsWithDuplicateRank = new ArrayList<>(); + try { + IndexSearchParams searchParams = new IndexSearchParams(); + searchParams.setDsl(dslQuery); + assetsWithDuplicateRank = discovery.directIndexSearch(searchParams).getEntities(); + } catch (AtlasBaseException e) { + LOG.error("IndexSearch Error Occured : " + e.getMessage()); + throw new AtlasBaseException(AtlasErrorCode.BAD_REQUEST, "Something went wrong with IndexSearch"); + } + + if (!CollectionUtils.isEmpty(assetsWithDuplicateRank)) { + throw new AtlasBaseException(AtlasErrorCode.BAD_REQUEST, "Duplicate Lexorank found"); + } + + lexoRankCache.put(cacheKey, inputLexorank); + RequestContext.get().setLexoRankCache(lexoRankCache); + // TODO : Add the rebalancing logic here +// int colonIndex = inputLexorank.indexOf(":"); +// if (colonIndex != -1 && inputLexorank.substring(colonIndex + 1).length() >= REBALANCING_TRIGGER) { + // Rebalancing trigger +// } + } + + public static void assignNewLexicographicalSortOrder(AtlasEntity entity, String glossaryQualifiedName, String parentQualifiedName, EntityDiscoveryService discovery) throws AtlasBaseException{ + Map lexoRankCache = RequestContext.get().getLexoRankCache(); + + if(Objects.isNull(lexoRankCache)) { + lexoRankCache = new HashMap<>(); + } + String lexoRank = ""; + String lastLexoRank = ""; + String cacheKey = glossaryQualifiedName + "-" + parentQualifiedName; + + if(lexoRankCache.containsKey(cacheKey)) { + lastLexoRank = lexoRankCache.get(cacheKey); + } else { + + List categories = null; + Map dslQuery = generateDSLQueryForLastChild(glossaryQualifiedName, parentQualifiedName); + try { + IndexSearchParams searchParams = new IndexSearchParams(); + searchParams.setAttributes(ATTRIBUTES); + searchParams.setDsl(dslQuery); + categories = discovery.directIndexSearch(searchParams).getEntities(); + } catch (AtlasBaseException e) { + e.printStackTrace(); + throw new AtlasBaseException("Something went wrong in assigning lexicographicalSortOrder"); + } + + if (CollectionUtils.isNotEmpty(categories)) { + AtlasEntityHeader category = categories.get(0); + String lexicographicalSortOrder = (String) category.getAttribute(LEXICOGRAPHICAL_SORT_ORDER); + if (StringUtils.isNotEmpty(lexicographicalSortOrder)) { + lastLexoRank = lexicographicalSortOrder; + } else { + lastLexoRank = INIT_LEXORANK_OFFSET; + } + } else { + lastLexoRank = INIT_LEXORANK_OFFSET; + } + } + + LexoRank parsedLexoRank = LexoRank.parse(lastLexoRank); + LexoRank nextLexoRank = parsedLexoRank.genNext().genNext(); + lexoRank = nextLexoRank.toString(); + + entity.setAttribute(LEXICOGRAPHICAL_SORT_ORDER, lexoRank); + lexoRankCache.put(cacheKey, lexoRank); + RequestContext.get().setLexoRankCache(lexoRankCache); + } + + public static Map createDSLforCheckingPreExistingLexoRank(String lexoRank, String glossaryQualifiedName, String parentQualifiedName) { + + Map boolMap = buildBoolQueryDuplicateLexoRank(lexoRank, glossaryQualifiedName, parentQualifiedName); + + Map dsl = new HashMap<>(); + dsl.put("from", 0); + dsl.put("size", 1); + dsl.put("query", mapOf("bool", boolMap)); + + return dsl; + } + + private static Map buildBoolQueryDuplicateLexoRank(String lexoRank, String glossaryQualifiedName, String parentQualifiedName) { + Map boolFilter = new HashMap<>(); + List> mustArray = new ArrayList<>(); + mustArray.add(mapOf("term", mapOf("__state", "ACTIVE"))); + mustArray.add(mapOf("term", mapOf(LEXICOGRAPHICAL_SORT_ORDER, lexoRank))); + if(StringUtils.isNotEmpty(glossaryQualifiedName)) { + mustArray.add(mapOf("terms", mapOf("__typeName.keyword", Arrays.asList(ATLAS_GLOSSARY_TERM_TYPENAME, ATLAS_GLOSSARY_CATEGORY_TYPENAME)))); + mustArray.add(mapOf("term", mapOf("__glossary", glossaryQualifiedName))); + if(StringUtils.isEmpty(parentQualifiedName)) { + boolFilter.put("must_not", Arrays.asList(mapOf("exists", mapOf("field", "__categories")),mapOf("exists", mapOf("field", "__parentCategory")))); + } else { + List> shouldParentArray = new ArrayList<>(); + shouldParentArray.add(mapOf("term", mapOf("__categories", parentQualifiedName))); + shouldParentArray.add(mapOf("term", mapOf("__parentCategory", parentQualifiedName))); + mustArray.add(mapOf("bool",mapOf("should", shouldParentArray))); + } + } else{ + mustArray.add(mapOf("terms", mapOf("__typeName.keyword", Arrays.asList(ATLAS_GLOSSARY_ENTITY_TYPE)))); + } + + boolFilter.put("must", mustArray); + + return boolFilter; + } + + public static Map generateDSLQueryForLastChild(String glossaryQualifiedName, String parentQualifiedName) { + + Map sortKeyOrder = mapOf(LEXICOGRAPHICAL_SORT_ORDER, mapOf("order", "desc")); + + Object[] sortArray = {sortKeyOrder}; + + Map boolMap = buildBoolQuery(glossaryQualifiedName, parentQualifiedName); + + Map dsl = new HashMap<>(); + dsl.put("from", 0); + dsl.put("size", 1); + dsl.put("sort", sortArray); + dsl.put("query", mapOf("bool", boolMap)); + + return dsl; + } + + private static Map buildBoolQuery(String glossaryQualifiedName, String parentQualifiedName) { + Map boolFilter = new HashMap<>(); + List> mustArray = new ArrayList<>(); + mustArray.add(mapOf("term", mapOf("__state", "ACTIVE"))); + if(StringUtils.isNotEmpty(glossaryQualifiedName)) { + mustArray.add(mapOf("terms", mapOf("__typeName.keyword", Arrays.asList("AtlasGlossaryTerm", "AtlasGlossaryCategory")))); + mustArray.add(mapOf("term", mapOf("__glossary", glossaryQualifiedName))); + if(StringUtils.isEmpty(parentQualifiedName)) { + boolFilter.put("must_not", Arrays.asList(mapOf("exists", mapOf("field", "__categories")),mapOf("exists", mapOf("field", "__parentCategory")))); + } else { + List> shouldParentArray = new ArrayList<>(); + shouldParentArray.add(mapOf("term", mapOf("__categories", parentQualifiedName))); + shouldParentArray.add(mapOf("term", mapOf("__parentCategory", parentQualifiedName))); + mustArray.add(mapOf("bool",mapOf("should", shouldParentArray))); + } + } else{ + mustArray.add(mapOf("terms", mapOf("__typeName.keyword", Arrays.asList("AtlasGlossary")))); + } + + boolFilter.put("must", mustArray); + + return boolFilter; + } } diff --git a/repository/src/main/java/org/apache/atlas/repository/store/graph/v2/preprocessor/contract/AbstractContractPreProcessor.java b/repository/src/main/java/org/apache/atlas/repository/store/graph/v2/preprocessor/contract/AbstractContractPreProcessor.java index 0a4521e34b..a89f4327de 100644 --- a/repository/src/main/java/org/apache/atlas/repository/store/graph/v2/preprocessor/contract/AbstractContractPreProcessor.java +++ b/repository/src/main/java/org/apache/atlas/repository/store/graph/v2/preprocessor/contract/AbstractContractPreProcessor.java @@ -4,27 +4,28 @@ import org.apache.atlas.authorize.AtlasAuthorizationUtils; import org.apache.atlas.authorize.AtlasEntityAccessRequest; import org.apache.atlas.authorize.AtlasPrivilege; +import org.apache.atlas.discovery.EntityDiscoveryService; import org.apache.atlas.exception.AtlasBaseException; import org.apache.atlas.model.TypeCategory; +import org.apache.atlas.model.discovery.AtlasSearchResult; +import org.apache.atlas.model.discovery.IndexSearchParams; import org.apache.atlas.model.instance.AtlasEntity; import org.apache.atlas.model.instance.AtlasEntityHeader; import org.apache.atlas.repository.graphdb.AtlasGraph; -import org.apache.atlas.repository.graphdb.AtlasVertex; -import org.apache.atlas.repository.store.graph.v2.AtlasGraphUtilsV2; import org.apache.atlas.repository.store.graph.v2.EntityGraphRetriever; import org.apache.atlas.repository.store.graph.v2.preprocessor.PreProcessor; import org.apache.atlas.type.AtlasEntityType; import org.apache.atlas.type.AtlasTypeRegistry; import org.apache.atlas.utils.AtlasPerfMetrics; +import org.apache.commons.collections.CollectionUtils; import org.slf4j.Logger; import org.slf4j.LoggerFactory; -import java.util.HashMap; -import java.util.Map; +import java.util.*; -import static org.apache.atlas.AtlasErrorCode.INSTANCE_BY_UNIQUE_ATTRIBUTE_NOT_FOUND; import static org.apache.atlas.AtlasErrorCode.TYPE_NAME_INVALID; import static org.apache.atlas.repository.Constants.*; +import static org.apache.atlas.repository.util.AtlasEntityUtils.mapOf; public abstract class AbstractContractPreProcessor implements PreProcessor { private static final Logger LOG = LoggerFactory.getLogger(AbstractContractPreProcessor.class); @@ -32,19 +33,21 @@ public abstract class AbstractContractPreProcessor implements PreProcessor { public final AtlasTypeRegistry typeRegistry; public final EntityGraphRetriever entityRetriever; public final AtlasGraph graph; + private final EntityDiscoveryService discovery; AbstractContractPreProcessor(AtlasGraph graph, AtlasTypeRegistry typeRegistry, - EntityGraphRetriever entityRetriever) { + EntityGraphRetriever entityRetriever, EntityDiscoveryService discovery) { this.graph = graph; this.typeRegistry = typeRegistry; this.entityRetriever = entityRetriever; + this.discovery = discovery; } - void authorizeContractCreateOrUpdate(AtlasEntity contractEntity, AtlasEntity.AtlasEntityWithExtInfo associatedAsset) throws AtlasBaseException { + void authorizeContractCreateOrUpdate(AtlasEntity contractEntity, AtlasEntity associatedAsset) throws AtlasBaseException { AtlasPerfMetrics.MetricRecorder metricRecorder = RequestContext.get().startMetricRecord("authorizeContractUpdate"); try { - AtlasEntityHeader entityHeader = new AtlasEntityHeader(associatedAsset.getEntity()); + AtlasEntityHeader entityHeader = new AtlasEntityHeader(associatedAsset); //First authorize entity update access verifyAssetAccess(entityHeader, AtlasPrivilege.ENTITY_UPDATE, contractEntity, AtlasPrivilege.ENTITY_UPDATE); @@ -70,16 +73,39 @@ private void verifyAccess(AtlasEntityHeader entityHeader, AtlasPrivilege privile AtlasAuthorizationUtils.verifyAccess(new AtlasEntityAccessRequest(typeRegistry, privilege, entityHeader), errorMessage); } - AtlasEntity.AtlasEntityWithExtInfo getAssociatedAsset(String datasetQName, String typeName) throws AtlasBaseException { + public AtlasEntity getAssociatedAsset(String datasetQName, DataContract contract) throws AtlasBaseException { + IndexSearchParams indexSearchParams = new IndexSearchParams(); + Map dsl = new HashMap<>(); + int size = 2; + + List> mustClauseList = new ArrayList<>(); + mustClauseList.add(mapOf("term", mapOf(QUALIFIED_NAME, datasetQName))); + if (contract.getType() != null) { + mustClauseList.add(mapOf("term", mapOf("__typeName.keyword", contract.getType().name()))); + } else { + mustClauseList.add(mapOf("term", mapOf("__superTypeNames.keyword", SQL_ENTITY_TYPE))); + } + + dsl.put("query", mapOf("bool", mapOf("must", mustClauseList))); + dsl.put("sort", Collections.singletonList(mapOf(ATTR_CONTRACT_VERSION, mapOf("order", "desc")))); + dsl.put("size", size); - Map uniqAttributes = new HashMap<>(); - uniqAttributes.put(QUALIFIED_NAME, datasetQName); + indexSearchParams.setDsl(dsl); + indexSearchParams.setSuppressLogs(true); - AtlasEntityType entityType = ensureEntityType(typeName); + AtlasSearchResult result = discovery.directIndexSearch(indexSearchParams); + if (result == null || CollectionUtils.isEmpty(result.getEntities())) { + throw new AtlasBaseException("Dataset doesn't exist for given qualified name."); - AtlasVertex entityVertex = AtlasGraphUtilsV2.getVertexByUniqueAttributes(graph, entityType, uniqAttributes); + } else if (result.getEntities().size() >1 ) { + throw new AtlasBaseException("Multiple dataset exists for given qualified name. " + + "Please specify the `type` attribute in contract."); + } else { + AtlasEntityHeader datasetEntity = result.getEntities().get(0); + contract.setType(datasetEntity.getTypeName()); + return new AtlasEntity(datasetEntity); + } - return entityRetriever.toAtlasEntityWithExtInfo(entityVertex); } AtlasEntityType ensureEntityType(String typeName) throws AtlasBaseException { diff --git a/repository/src/main/java/org/apache/atlas/repository/store/graph/v2/preprocessor/contract/ContractPreProcessor.java b/repository/src/main/java/org/apache/atlas/repository/store/graph/v2/preprocessor/contract/ContractPreProcessor.java index 1407c3c2ef..1a7aa64cfb 100644 --- a/repository/src/main/java/org/apache/atlas/repository/store/graph/v2/preprocessor/contract/ContractPreProcessor.java +++ b/repository/src/main/java/org/apache/atlas/repository/store/graph/v2/preprocessor/contract/ContractPreProcessor.java @@ -6,7 +6,6 @@ import org.apache.atlas.model.discovery.AtlasSearchResult; import org.apache.atlas.model.discovery.IndexSearchParams; import org.apache.atlas.model.instance.AtlasEntity; -import org.apache.atlas.model.instance.AtlasEntity.AtlasEntityWithExtInfo; import org.apache.atlas.model.instance.AtlasStruct; import org.apache.atlas.model.instance.EntityMutations; import org.apache.atlas.repository.graphdb.AtlasGraph; @@ -52,7 +51,7 @@ public ContractPreProcessor(AtlasGraph graph, AtlasTypeRegistry typeRegistry, EntityGraphRetriever entityRetriever, boolean storeDifferentialAudits, EntityDiscoveryService discovery) { - super(graph, typeRegistry, entityRetriever); + super(graph, typeRegistry, entityRetriever, discovery); this.storeDifferentialAudits = storeDifferentialAudits; this.discovery = discovery; this.entityComparator = new AtlasEntityComparator(typeRegistry, entityRetriever, null, true, true); @@ -79,14 +78,10 @@ private void processUpdateContract(AtlasEntity entity, EntityMutationContext con AtlasEntity existingContractEntity = entityRetriever.toAtlasEntity(vertex); // No update to relationships allowed for the existing contract version resetAllRelationshipAttributes(entity); - DataContract contract = DataContract.deserialize(contractString); - String existingContractString = getContractString(existingContractEntity); - boolean requestFromMigration = RequestContext.get().getRequestContextHeaders().getOrDefault( - "x-atlan-request-id", "").contains("json-to-yaml-migration"); - if (!requestFromMigration && !StringUtils.isEmpty(contractString) && - !contract.equals(DataContract.deserialize(existingContractString))) { + if (entity.getAttribute(ATTR_CERTIFICATE_STATUS) == DataContract.Status.VERIFIED.name() || + existingContractEntity.getAttribute(ATTR_CERTIFICATE_STATUS) == DataContract.Status.VERIFIED.name()) { // Update the same asset(entity) - throw new AtlasBaseException(OPERATION_NOT_SUPPORTED, "Can't update a specific version of contract"); + throw new AtlasBaseException(OPERATION_NOT_SUPPORTED, "Can't update published version of contract."); } } private void processCreateContract(AtlasEntity entity, EntityMutationContext context) throws AtlasBaseException { @@ -109,8 +104,8 @@ private void processCreateContract(AtlasEntity entity, EntityMutationContext con String contractString = getContractString(entity); DataContract contract = DataContract.deserialize(contractString); String datasetQName = contractQName.substring(0, contractQName.lastIndexOf('/')); - contractQName = String.format("%s/%s/%s", datasetQName, contract.getType().name(), CONTRACT_QUALIFIED_NAME_SUFFIX); - AtlasEntityWithExtInfo associatedAsset = getAssociatedAsset(datasetQName, contract.getType().name()); + AtlasEntity associatedAsset = getAssociatedAsset(datasetQName, contract); + contractQName = String.format("%s/%s/%s", datasetQName, associatedAsset.getTypeName(), CONTRACT_QUALIFIED_NAME_SUFFIX); authorizeContractCreateOrUpdate(entity, associatedAsset); @@ -120,8 +115,11 @@ private void processCreateContract(AtlasEntity entity, EntityMutationContext con String contractStringJSON = DataContract.serializeJSON(contract); entity.setAttribute(ATTR_CONTRACT_JSON, contractStringJSON); - AtlasEntity currentVersionEntity = getCurrentVersion(associatedAsset.getEntity().getGuid()); + AtlasEntity currentVersionEntity = getCurrentVersion(associatedAsset.getGuid()); Long newVersionNumber = 1L; + if (currentVersionEntity == null && contract.getStatus() == DataContract.Status.VERIFIED) { + throw new AtlasBaseException("Can't create a new published version"); + } if (currentVersionEntity != null) { // Contract already exist Long currentVersionNumber = (Long) currentVersionEntity.getAttribute(ATTR_CONTRACT_VERSION); @@ -130,13 +128,16 @@ private void processCreateContract(AtlasEntity entity, EntityMutationContext con // No changes in the contract, Not creating new version removeCreatingVertex(context, entity); return; - } else if (contract.equals(DataContract.deserialize(getContractString(currentVersionEntity)))) { + } else if (!currentVersionEntity.getAttribute(ATTR_CERTIFICATE_STATUS).equals(DataContract.Status.VERIFIED.name())) { resetAllRelationshipAttributes(entity); - // No change in contract, metadata changed + // Contract is in draft state. Update the same version updateExistingVersion(context, entity, currentVersionEntity); newVersionNumber = currentVersionNumber; } else { - // contract changed (metadata might/not changed). Create new version. + // Current version is published. Creating a new draft version. + if (contract.getStatus() == DataContract.Status.VERIFIED) { + throw new AtlasBaseException("Can't create a new published version"); + } newVersionNumber = currentVersionNumber + 1; resetAllRelationshipAttributes(entity); @@ -150,9 +151,9 @@ private void processCreateContract(AtlasEntity entity, EntityMutationContext con } entity.setAttribute(QUALIFIED_NAME, String.format("%s/V%s", contractQName, newVersionNumber)); entity.setAttribute(ATTR_CONTRACT_VERSION, newVersionNumber); - entity.setAttribute(ATTR_ASSET_GUID, associatedAsset.getEntity().getGuid()); + entity.setAttribute(ATTR_ASSET_GUID, associatedAsset.getGuid()); - datasetAttributeSync(context, associatedAsset.getEntity(), entity); + datasetAttributeSync(context, associatedAsset, entity); } diff --git a/repository/src/main/java/org/apache/atlas/repository/store/graph/v2/preprocessor/contract/DataContract.java b/repository/src/main/java/org/apache/atlas/repository/store/graph/v2/preprocessor/contract/DataContract.java index 4dce70108a..03aee74c08 100644 --- a/repository/src/main/java/org/apache/atlas/repository/store/graph/v2/preprocessor/contract/DataContract.java +++ b/repository/src/main/java/org/apache/atlas/repository/store/graph/v2/preprocessor/contract/DataContract.java @@ -43,7 +43,6 @@ public class DataContract { public String data_source; @Valid @NotNull public String dataset; - @Valid @NotNull public DatasetType type; public String description; public List owners; @@ -88,7 +87,7 @@ public static DatasetType from(String s) throws AtlasBaseException { case "materialisedview": return MaterialisedView; default: - throw new AtlasBaseException(String.format("dataset.type: %s value not supported yet.", s)); + throw new AtlasBaseException(String.format("type: %s value not supported yet.", s)); } } } @@ -143,7 +142,7 @@ public void setType(String type) throws AtlasBaseException { try { this.type = DatasetType.from(type); } catch (IllegalArgumentException | AtlasBaseException ex) { - throw new AtlasBaseException(AtlasErrorCode.INVALID_VALUE, "type " + type + " is inappropriate. Accepted values: " + Arrays.toString(DatasetType.values())); + throw new AtlasBaseException(AtlasErrorCode.INVALID_VALUE, "type: " + type + " is inappropriate. Accepted values: " + Arrays.toString(DatasetType.values())); } } diff --git a/repository/src/main/java/org/apache/atlas/repository/store/graph/v2/preprocessor/datamesh/AbstractDomainPreProcessor.java b/repository/src/main/java/org/apache/atlas/repository/store/graph/v2/preprocessor/datamesh/AbstractDomainPreProcessor.java index 9f930ab831..ff6ad04b5e 100644 --- a/repository/src/main/java/org/apache/atlas/repository/store/graph/v2/preprocessor/datamesh/AbstractDomainPreProcessor.java +++ b/repository/src/main/java/org/apache/atlas/repository/store/graph/v2/preprocessor/datamesh/AbstractDomainPreProcessor.java @@ -36,6 +36,7 @@ import org.apache.atlas.repository.store.graph.v2.EntityMutationContext; import org.apache.atlas.repository.store.graph.v2.preprocessor.AuthPolicyPreProcessor; import org.apache.atlas.repository.store.graph.v2.preprocessor.PreProcessor; +import org.apache.atlas.repository.store.graph.v2.preprocessor.PreProcessorUtils; import org.apache.atlas.type.AtlasEntityType; import org.apache.atlas.type.AtlasTypeRegistry; import org.apache.atlas.utils.AtlasPerfMetrics; @@ -70,7 +71,7 @@ public abstract class AbstractDomainPreProcessor implements PreProcessor { private static final Set POLICY_ATTRIBUTES_FOR_SEARCH = new HashSet<>(Arrays.asList(ATTR_POLICY_RESOURCES)); private static final Set STAKEHOLDER_ATTRIBUTES_FOR_SEARCH = new HashSet<>(Arrays.asList(ATTR_DOMAIN_QUALIFIED_NAMES, ATTR_DOMAIN_QUALIFIED_NAME)); - static final Set PARENT_ATTRIBUTES = new HashSet<>(Arrays.asList(SUPER_DOMAIN_QN_ATTR, PARENT_DOMAIN_QN_ATTR)); + static final Set PARENT_ATTRIBUTES = new HashSet<>(Arrays.asList(SUPER_DOMAIN_QN_ATTR, PreProcessorUtils.PARENT_DOMAIN_QN_ATTR)); static final Map customAttributes = new HashMap<>(); diff --git a/repository/src/main/java/org/apache/atlas/repository/store/graph/v2/preprocessor/datamesh/DataDomainPreProcessor.java b/repository/src/main/java/org/apache/atlas/repository/store/graph/v2/preprocessor/datamesh/DataDomainPreProcessor.java index 4d0792a70e..afd3b0500e 100644 --- a/repository/src/main/java/org/apache/atlas/repository/store/graph/v2/preprocessor/datamesh/DataDomainPreProcessor.java +++ b/repository/src/main/java/org/apache/atlas/repository/store/graph/v2/preprocessor/datamesh/DataDomainPreProcessor.java @@ -18,24 +18,26 @@ package org.apache.atlas.repository.store.graph.v2.preprocessor.datamesh; +import com.sun.org.apache.bcel.internal.generic.NEW; import org.apache.atlas.AtlasErrorCode; import org.apache.atlas.RequestContext; +import org.apache.atlas.authorize.AtlasAuthorizationUtils; +import org.apache.atlas.authorize.AtlasEntityAccessRequest; +import org.apache.atlas.authorize.AtlasPrivilege; import org.apache.atlas.exception.AtlasBaseException; -import org.apache.atlas.model.instance.AtlasEntity; -import org.apache.atlas.model.instance.AtlasEntityHeader; -import org.apache.atlas.model.instance.AtlasObjectId; -import org.apache.atlas.model.instance.AtlasRelatedObjectId; -import org.apache.atlas.model.instance.AtlasStruct; -import org.apache.atlas.model.instance.EntityMutations; +import org.apache.atlas.model.instance.*; import org.apache.atlas.repository.graph.GraphHelper; import org.apache.atlas.repository.graphdb.AtlasEdge; import org.apache.atlas.repository.graphdb.AtlasEdgeDirection; import org.apache.atlas.repository.graphdb.AtlasGraph; import org.apache.atlas.repository.graphdb.AtlasVertex; +import org.apache.atlas.repository.store.graph.AtlasEntityStore; +import org.apache.atlas.repository.store.graph.v2.AtlasGraphUtilsV2; import org.apache.atlas.repository.store.graph.v2.EntityGraphRetriever; import org.apache.atlas.repository.store.graph.v2.EntityMutationContext; import org.apache.atlas.type.AtlasTypeRegistry; import org.apache.atlas.utils.AtlasPerfMetrics; +import org.apache.commons.collections.CollectionUtils; import org.apache.commons.lang.StringUtils; import org.slf4j.Logger; import org.slf4j.LoggerFactory; @@ -43,8 +45,10 @@ import java.util.*; import static org.apache.atlas.repository.Constants.*; -import static org.apache.atlas.repository.graph.GraphHelper.getActiveChildrenVertices; +import static org.apache.atlas.repository.graph.GraphHelper.*; import static org.apache.atlas.repository.store.graph.v2.preprocessor.PreProcessorUtils.*; +import static org.apache.atlas.repository.store.graph.v2.preprocessor.datamesh.StakeholderTitlePreProcessor.*; +import static org.apache.atlas.repository.util.AtlasEntityUtils.mapOf; public class DataDomainPreProcessor extends AbstractDomainPreProcessor { private static final Logger LOG = LoggerFactory.getLogger(DataDomainPreProcessor.class); @@ -53,13 +57,15 @@ public class DataDomainPreProcessor extends AbstractDomainPreProcessor { private Map updatedPolicyResources; private EntityGraphRetriever retrieverNoRelation = null; private Map updatedDomainQualifiedNames; + private AtlasEntityStore entityStore; public DataDomainPreProcessor(AtlasTypeRegistry typeRegistry, EntityGraphRetriever entityRetriever, - AtlasGraph graph) { + AtlasGraph graph, AtlasEntityStore entityStore) { super(typeRegistry, entityRetriever, graph); this.updatedPolicyResources = new HashMap<>(); this.retrieverNoRelation = new EntityGraphRetriever(graph, typeRegistry, true); this.updatedDomainQualifiedNames = new HashMap<>(); + this.entityStore = entityStore; } @Override @@ -114,6 +120,9 @@ private void processCreateDomain(AtlasEntity entity) throws AtlasBaseException { entity.setAttribute(QUALIFIED_NAME, createQualifiedName(parentDomainQualifiedName)); + // Check if authorized to create entities + AtlasAuthorizationUtils.verifyAccess(new AtlasEntityAccessRequest(typeRegistry, AtlasPrivilege.ENTITY_CREATE, new AtlasEntityHeader(entity)), + "create entity: type=", entity.getTypeName()); entity.setCustomAttributes(customAttributes); @@ -133,6 +142,10 @@ private void processUpdateDomain(AtlasEntity entity, AtlasVertex vertex) throws validateStakeholderRelationship(entity); String vertexQnName = vertex.getProperty(QUALIFIED_NAME, String.class); + entity.setAttribute(QUALIFIED_NAME, vertexQnName); + // Check if authorized to update entities + AtlasAuthorizationUtils.verifyUpdateEntityAccess(typeRegistry, new AtlasEntityHeader(entity),"update entity: type=" + entity.getTypeName()); + AtlasEntity storedDomain = entityRetriever.toAtlasEntity(vertex); AtlasRelatedObjectId currentParentDomainObjectId = (AtlasRelatedObjectId) storedDomain.getRelationshipAttribute(PARENT_DOMAIN_REL_TYPE); @@ -179,9 +192,8 @@ private void processUpdateDomain(AtlasEntity entity, AtlasVertex vertex) throws if (!domainCurrentName.equals(domainNewName)) { domainExists(domainNewName, currentParentDomainQualifiedName, storedDomain.getGuid()); } - entity.setAttribute(QUALIFIED_NAME, vertexQnName); - } + } RequestContext.get().endMetricRecord(metricRecorder); } @@ -394,6 +406,83 @@ private void validateStakeholderRelationship(AtlasEntity entity) throws AtlasBas throw new AtlasBaseException(AtlasErrorCode.OPERATION_NOT_SUPPORTED, "Managing Stakeholders while creating/updating a domain"); } } + + public List getStakeholderTitle(String domainQualifiedName) throws AtlasBaseException { + List> mustClauseList = new ArrayList<>(); + mustClauseList.add(mapOf("term", mapOf("__state", "ACTIVE"))); + mustClauseList.add(mapOf("term", mapOf("__typeName.keyword", STAKEHOLDER_TITLE_ENTITY_TYPE))); + + List termsList = Arrays.asList( + NEW_STAR, + STAR, + domainQualifiedName + ); + + Map termsMap = mapOf(ATTR_DOMAIN_QUALIFIED_NAMES, termsList); + Map termsFilter = mapOf("terms", termsMap); + + mustClauseList.add(termsFilter); + + Map boolQuery = mapOf("must", mustClauseList); + Map query = mapOf("bool", boolQuery); + Map dsl = mapOf("query", query); + + List assets = indexSearchPaginated(dsl, null, super.discovery); + + return assets; + } + + + @Override + public void processDelete(AtlasVertex vertex) throws AtlasBaseException { + AtlasPerfMetrics.MetricRecorder metricRecorder = RequestContext.get().startMetricRecord("processDomainDelete"); + + try{ + List stakeHolderGuids = new ArrayList<>(); + + // active childrens exists? + Iterator childrens = getActiveChildrenVertices(vertex, + DOMAIN_PARENT_EDGE_LABEL, DATA_PRODUCT_EDGE_LABEL); + if (childrens.hasNext()){ + throw new AtlasBaseException(AtlasErrorCode.OPERATION_NOT_SUPPORTED, "Domain cannot be archived because some subdomains or products are active in this domain"); + } + + // active stakeholder exists? + childrens = getActiveChildrenVertices(vertex, STAKEHOLDER_EDGE_LABEL); + while (childrens.hasNext()){ + AtlasVertex child = childrens.next(); + AtlasObjectId childId = entityRetriever.toAtlasObjectId(child); + stakeHolderGuids.add(childId.getGuid()); + } + + if (CollectionUtils.isNotEmpty(stakeHolderGuids)) { + entityStore.deleteByIds(stakeHolderGuids); + LOG.info("Deleted Stakeholders: {}", stakeHolderGuids); + } + + // active stakeholder titles exists? + List stakeholderTitles = getStakeholderTitle(vertex.getProperty(QUALIFIED_NAME, String.class)); + if (CollectionUtils.isNotEmpty(stakeholderTitles)) { + for (AtlasEntityHeader stakeholderTitle : stakeholderTitles) { + AtlasVertex stakeholderTitleVertex = entityRetriever.getEntityVertex(stakeholderTitle.getGuid()); + AtlasGraphUtilsV2.removeItemFromListPropertyValue(stakeholderTitleVertex, ATTR_DOMAIN_QUALIFIED_NAMES, vertex.getProperty(QUALIFIED_NAME, String.class)); + List domainQualifiedNames = stakeholderTitleVertex.getMultiValuedProperty(ATTR_DOMAIN_QUALIFIED_NAMES, String.class); + + if (CollectionUtils.isEmpty(domainQualifiedNames)) { + Iterator stakeholders = getActiveChildrenVertices(stakeholderTitleVertex, STAKEHOLDER_TITLE_EDGE_LABEL); + if (!stakeholders.hasNext()) { + entityStore.deleteById(stakeholderTitle.getGuid()); + LOG.info("Deleted Stakeholder Title: {}", stakeholderTitle.getGuid()); + } + } + } + } + + } + finally { + RequestContext.get().endMetricRecord(metricRecorder); + } + } } diff --git a/repository/src/main/java/org/apache/atlas/repository/store/graph/v2/preprocessor/datamesh/DataProductPreProcessor.java b/repository/src/main/java/org/apache/atlas/repository/store/graph/v2/preprocessor/datamesh/DataProductPreProcessor.java index a619aad063..bdf2df1cf2 100644 --- a/repository/src/main/java/org/apache/atlas/repository/store/graph/v2/preprocessor/datamesh/DataProductPreProcessor.java +++ b/repository/src/main/java/org/apache/atlas/repository/store/graph/v2/preprocessor/datamesh/DataProductPreProcessor.java @@ -3,6 +3,9 @@ import org.apache.atlas.AtlasErrorCode; import org.apache.atlas.DeleteType; import org.apache.atlas.RequestContext; +import org.apache.atlas.authorize.AtlasAuthorizationUtils; +import org.apache.atlas.authorize.AtlasEntityAccessRequest; +import org.apache.atlas.authorize.AtlasPrivilege; import org.apache.atlas.exception.AtlasBaseException; import org.apache.atlas.model.instance.*; import org.apache.atlas.repository.graphdb.AtlasEdge; @@ -101,6 +104,12 @@ private void processCreateProduct(AtlasEntity entity,AtlasVertex vertex) throws entity.setAttribute(QUALIFIED_NAME, createQualifiedName(parentDomainQualifiedName)); + // Check if authorized to create entities + AtlasAuthorizationUtils.verifyAccess(new AtlasEntityAccessRequest(typeRegistry, AtlasPrivilege.ENTITY_CREATE, new AtlasEntityHeader(entity)), + "create entity: type=", entity.getTypeName()); + + entity.setCustomAttributes(customAttributes); + productExists(productName, parentDomainQualifiedName, null); createDaapVisibilityPolicy(entity, vertex); @@ -119,6 +128,9 @@ private void processUpdateProduct(AtlasEntity entity, AtlasVertex vertex) throws } String vertexQnName = vertex.getProperty(QUALIFIED_NAME, String.class); + entity.setAttribute(QUALIFIED_NAME, vertexQnName); + // Check if authorized to update entities + AtlasAuthorizationUtils.verifyUpdateEntityAccess(typeRegistry, new AtlasEntityHeader(entity),"update entity: type=" + entity.getTypeName()); AtlasEntity storedProduct = entityRetriever.toAtlasEntity(vertex); AtlasRelatedObjectId currentParentDomainObjectId = (AtlasRelatedObjectId) storedProduct.getRelationshipAttribute(DATA_DOMAIN_REL_TYPE); @@ -166,7 +178,6 @@ private void processUpdateProduct(AtlasEntity entity, AtlasVertex vertex) throws if (!productCurrentName.equals(productNewName)) { productExists(productNewName, currentParentDomainQualifiedName, storedProduct.getGuid()); } - entity.setAttribute(QUALIFIED_NAME, vertexQnName); } if (isDaapVisibilityChanged) { @@ -203,7 +214,7 @@ private void processMoveDataProductToAnotherDomain(AtlasEntity product, } product.setAttribute(QUALIFIED_NAME, updatedQualifiedName); - product.setAttribute(PARENT_DOMAIN_QN_ATTR, targetDomainQualifiedName); + product.setAttribute(PreProcessorUtils.PARENT_DOMAIN_QN_ATTR, targetDomainQualifiedName); product.setAttribute(SUPER_DOMAIN_QN_ATTR, superDomainQualifiedName); Iterator existingParentEdges = productVertex.getEdges(AtlasEdgeDirection.IN, DATA_PRODUCT_EDGE_LABEL).iterator(); diff --git a/repository/src/main/java/org/apache/atlas/repository/store/graph/v2/preprocessor/datamesh/StakeholderTitlePreProcessor.java b/repository/src/main/java/org/apache/atlas/repository/store/graph/v2/preprocessor/datamesh/StakeholderTitlePreProcessor.java index 1de5fe685e..a500d88902 100644 --- a/repository/src/main/java/org/apache/atlas/repository/store/graph/v2/preprocessor/datamesh/StakeholderTitlePreProcessor.java +++ b/repository/src/main/java/org/apache/atlas/repository/store/graph/v2/preprocessor/datamesh/StakeholderTitlePreProcessor.java @@ -25,8 +25,11 @@ import org.slf4j.Logger; import org.slf4j.LoggerFactory; +import java.util.Collections; +import java.util.Iterator; import java.util.List; import java.util.Optional; +import java.util.stream.Collectors; import static java.lang.String.format; import static org.apache.atlas.AtlasErrorCode.BAD_REQUEST; @@ -35,8 +38,8 @@ import static org.apache.atlas.repository.Constants.NAME; import static org.apache.atlas.repository.Constants.QUALIFIED_NAME; import static org.apache.atlas.repository.Constants.STAKEHOLDER_TITLE_ENTITY_TYPE; -import static org.apache.atlas.repository.store.graph.v2.preprocessor.PreProcessorUtils.getUUID; -import static org.apache.atlas.repository.store.graph.v2.preprocessor.PreProcessorUtils.verifyDuplicateAssetByName; +import static org.apache.atlas.repository.graph.GraphHelper.getActiveChildrenVertices; +import static org.apache.atlas.repository.store.graph.v2.preprocessor.PreProcessorUtils.*; import static org.apache.atlas.repository.util.AtlasEntityUtils.mapOf; public class StakeholderTitlePreProcessor implements PreProcessor { @@ -50,6 +53,7 @@ public class StakeholderTitlePreProcessor implements PreProcessor { public static final String STAR = "*/super"; public static final String NEW_STAR = "default/domain/*/super"; public static final String ATTR_DOMAIN_QUALIFIED_NAMES = "stakeholderTitleDomainQualifiedNames"; + public static final String ATTR_STAKEHOLDER_DOMAIN_QUALIFIED_NAME = "stakeholderDomainQualifiedName"; public static final String REL_ATTR_STAKEHOLDERS = "stakeholders"; @@ -159,15 +163,22 @@ private void processUpdateStakeholderTitle(EntityMutationContext context, AtlasE } List domainQualifiedNames = null; + List currentDomainQualifiedNames = vertex.getMultiValuedProperty(ATTR_DOMAIN_QUALIFIED_NAMES, String.class);; if (entity.hasAttribute(ATTR_DOMAIN_QUALIFIED_NAMES)) { Object qNamesAsObject = entity.getAttribute(ATTR_DOMAIN_QUALIFIED_NAMES); if (qNamesAsObject != null) { domainQualifiedNames = (List) qNamesAsObject; + if(CollectionUtils.isEqualCollection(domainQualifiedNames, currentDomainQualifiedNames)) { + domainQualifiedNames = currentDomainQualifiedNames; + } + else{ + handleDomainQualifiedNamesUpdate(entity, vertex, domainQualifiedNames, currentDomainQualifiedNames); + } } } if (CollectionUtils.isEmpty(domainQualifiedNames)) { - domainQualifiedNames = vertex.getMultiValuedProperty(ATTR_DOMAIN_QUALIFIED_NAMES, String.class); + domainQualifiedNames = currentDomainQualifiedNames; } authorizeDomainAccess(domainQualifiedNames); @@ -208,6 +219,43 @@ public void processDelete(AtlasVertex vertex) throws AtlasBaseException { } } + private List getRemovedItems(List oldList, List newList) { + return oldList.stream() + .filter(qName -> !newList.contains(qName)) + .collect(Collectors.toList()); + } + + private boolean isStakeholderAssociatedWithRemovedItems(AtlasVertex vertex, List removedItems) throws AtlasBaseException { + Iterator childrens = getActiveChildrenVertices(vertex, STAKEHOLDER_TITLE_EDGE_LABEL); + while (childrens.hasNext()) { + if(removedItems.contains(STAR) || removedItems.contains(NEW_STAR)) { + return true; + } + AtlasVertex child = childrens.next(); + String domainQualifiedName = child.getProperty(ATTR_STAKEHOLDER_DOMAIN_QUALIFIED_NAME, String.class); + for (String removedItem : removedItems) { + if (domainQualifiedName.equals(removedItem)) { + return true; + } + } + } + return false; + } + + private void handleDomainQualifiedNamesUpdate(AtlasEntity entity, AtlasVertex vertex, List domainQualifiedNames, List currentDomainQualifiedNames) throws AtlasBaseException { + if(domainQualifiedNames.contains(STAR) || domainQualifiedNames.contains(NEW_STAR)) { + domainQualifiedNames.clear(); + domainQualifiedNames.add(NEW_STAR); + entity.setAttribute(ATTR_DOMAIN_QUALIFIED_NAMES, domainQualifiedNames); + } + else{ + List removedItems = getRemovedItems(currentDomainQualifiedNames, domainQualifiedNames); + if (!removedItems.isEmpty() && isStakeholderAssociatedWithRemovedItems(vertex, removedItems)) { + throw new AtlasBaseException(OPERATION_NOT_SUPPORTED, "Cannot remove Domain as StakeholderTitle has reference to Stakeholder in that Domain"); + } + } + } + private void authorizeDomainAccess(List domainQualifiedNames) throws AtlasBaseException { for (String domainQualifiedName: domainQualifiedNames) { String domainQualifiedNameToAuth; diff --git a/repository/src/main/java/org/apache/atlas/repository/store/graph/v2/preprocessor/glossary/AbstractGlossaryPreProcessor.java b/repository/src/main/java/org/apache/atlas/repository/store/graph/v2/preprocessor/glossary/AbstractGlossaryPreProcessor.java index 08c604489c..383273d73a 100644 --- a/repository/src/main/java/org/apache/atlas/repository/store/graph/v2/preprocessor/glossary/AbstractGlossaryPreProcessor.java +++ b/repository/src/main/java/org/apache/atlas/repository/store/graph/v2/preprocessor/glossary/AbstractGlossaryPreProcessor.java @@ -26,7 +26,6 @@ import org.apache.atlas.authorize.AtlasPrivilege; import org.apache.atlas.discovery.EntityDiscoveryService; import org.apache.atlas.exception.AtlasBaseException; -import org.apache.atlas.model.discovery.IndexSearchParams; import org.apache.atlas.model.instance.AtlasEntity; import org.apache.atlas.model.instance.AtlasEntityHeader; import org.apache.atlas.model.instance.AtlasObjectId; @@ -41,17 +40,14 @@ import org.apache.atlas.tasks.TaskManagement; import org.apache.atlas.type.AtlasEntityType; import org.apache.atlas.type.AtlasTypeRegistry; +import org.apache.atlas.util.lexoRank.LexoRank; import org.apache.atlas.utils.AtlasPerfMetrics; import org.apache.commons.collections.CollectionUtils; import org.apache.commons.lang.StringUtils; import org.slf4j.Logger; import org.slf4j.LoggerFactory; -import java.util.ArrayList; -import java.util.HashSet; -import java.util.List; -import java.util.Map; -import java.util.Set; +import java.util.*; import java.util.stream.Collectors; import static org.apache.atlas.repository.Constants.ATLAS_GLOSSARY_TERM_ENTITY_TYPE; @@ -60,10 +56,8 @@ import static org.apache.atlas.repository.Constants.STATE_PROPERTY_KEY; import static org.apache.atlas.repository.store.graph.v2.preprocessor.PreProcessorUtils.indexSearchPaginated; import static org.apache.atlas.repository.util.AtlasEntityUtils.mapOf; -import static org.apache.atlas.type.Constants.MEANINGS_PROPERTY_KEY; -import static org.apache.atlas.type.Constants.MEANINGS_TEXT_PROPERTY_KEY; -import static org.apache.atlas.type.Constants.MEANING_NAMES_PROPERTY_KEY; -import static org.apache.atlas.type.Constants.PENDING_TASKS_PROPERTY_KEY; +import static org.apache.atlas.type.Constants.*; +import static org.apache.atlas.type.Constants.LEXICOGRAPHICAL_SORT_ORDER; public abstract class AbstractGlossaryPreProcessor implements PreProcessor { private static final Logger LOG = LoggerFactory.getLogger(AbstractGlossaryPreProcessor.class); @@ -73,6 +67,7 @@ public abstract class AbstractGlossaryPreProcessor implements PreProcessor { protected static final String ATTR_MEANINGS = "meanings"; protected static final String ATTR_CATEGORIES = "categories"; + protected final AtlasTypeRegistry typeRegistry; protected final EntityGraphRetriever entityRetriever; protected final TaskManagement taskManagement; diff --git a/repository/src/main/java/org/apache/atlas/repository/store/graph/v2/preprocessor/glossary/CategoryPreProcessor.java b/repository/src/main/java/org/apache/atlas/repository/store/graph/v2/preprocessor/glossary/CategoryPreProcessor.java index 88f72d2f16..0d3e26b83d 100644 --- a/repository/src/main/java/org/apache/atlas/repository/store/graph/v2/preprocessor/glossary/CategoryPreProcessor.java +++ b/repository/src/main/java/org/apache/atlas/repository/store/graph/v2/preprocessor/glossary/CategoryPreProcessor.java @@ -47,6 +47,7 @@ import org.slf4j.Logger; import org.slf4j.LoggerFactory; +import java.util.*; import java.util.ArrayList; import java.util.HashMap; import java.util.HashSet; @@ -54,6 +55,7 @@ import java.util.List; import java.util.Map; import java.util.Set; +import java.util.Objects; import java.util.stream.Collectors; import static org.apache.atlas.AtlasErrorCode.BAD_REQUEST; @@ -70,9 +72,7 @@ import static org.apache.atlas.repository.store.graph.v2.preprocessor.PreProcessorUtils.*; import static org.apache.atlas.repository.store.graph.v2.tasks.MeaningsTaskFactory.UPDATE_ENTITY_MEANINGS_ON_TERM_UPDATE; import static org.apache.atlas.repository.util.AtlasEntityUtils.mapOf; -import static org.apache.atlas.type.Constants.CATEGORIES_PARENT_PROPERTY_KEY; -import static org.apache.atlas.type.Constants.CATEGORIES_PROPERTY_KEY; -import static org.apache.atlas.type.Constants.GLOSSARY_PROPERTY_KEY; +import static org.apache.atlas.type.Constants.*; public class CategoryPreProcessor extends AbstractGlossaryPreProcessor { private static final Logger LOG = LoggerFactory.getLogger(CategoryPreProcessor.class); @@ -117,6 +117,7 @@ public void processAttributes(AtlasStruct entityStruct, EntityMutationContext co private void processCreateCategory(AtlasEntity entity, AtlasVertex vertex) throws AtlasBaseException { AtlasPerfMetrics.MetricRecorder metricRecorder = RequestContext.get().startMetricRecord("processCreateCategory"); String catName = (String) entity.getAttribute(NAME); + String parentQname = null; if (StringUtils.isEmpty(catName) || isNameInvalid(catName)) { throw new AtlasBaseException(AtlasErrorCode.INVALID_DISPLAY_NAME); @@ -126,6 +127,16 @@ private void processCreateCategory(AtlasEntity entity, AtlasVertex vertex) throw categoryExists(catName, glossaryQualifiedName); validateParent(glossaryQualifiedName); + if (parentCategory != null) { + parentQname = (String) parentCategory.getAttribute(QUALIFIED_NAME); + } + String lexicographicalSortOrder = (String) entity.getAttribute(LEXICOGRAPHICAL_SORT_ORDER); + if(StringUtils.isEmpty(lexicographicalSortOrder)){ + assignNewLexicographicalSortOrder(entity,glossaryQualifiedName, parentQname, this.discovery); + } else { + isValidLexoRank(lexicographicalSortOrder, glossaryQualifiedName, parentQname, this.discovery); + } + entity.setAttribute(QUALIFIED_NAME, createQualifiedName(vertex)); AtlasAuthorizationUtils.verifyAccess(new AtlasEntityAccessRequest(typeRegistry, AtlasPrivilege.ENTITY_CREATE, new AtlasEntityHeader(entity)), "create entity: type=", entity.getTypeName()); @@ -151,6 +162,17 @@ private void processUpdateCategory(AtlasEntity entity, AtlasVertex vertex) throw String newGlossaryQualifiedName = (String) anchor.getAttribute(QUALIFIED_NAME); + String lexicographicalSortOrder = (String) entity.getAttribute(LEXICOGRAPHICAL_SORT_ORDER); + String parentQname = ""; + if(Objects.nonNull(parentCategory)) { + parentQname = (String) parentCategory.getAttribute(QUALIFIED_NAME); + } + if(StringUtils.isNotEmpty(lexicographicalSortOrder)) { + isValidLexoRank(lexicographicalSortOrder, newGlossaryQualifiedName, parentQname, this.discovery); + } else { + entity.removeAttribute(LEXICOGRAPHICAL_SORT_ORDER); + } + if (!currentGlossaryQualifiedName.equals(newGlossaryQualifiedName)){ //Auth check isAuthorized(currentGlossaryHeader, anchor); @@ -273,6 +295,7 @@ public void moveChildTermToAnotherGlossary(AtlasVertex termVertex, //check duplicate term name termExists(termName, targetGlossaryQualifiedName); + ensureOnlyOneCategoryIsAssociated(termVertex); String currentTermQualifiedName = termVertex.getProperty(QUALIFIED_NAME, String.class); String updatedTermQualifiedName = currentTermQualifiedName.replace(sourceGlossaryQualifiedName, targetGlossaryQualifiedName); @@ -309,6 +332,15 @@ public void moveChildTermToAnotherGlossary(AtlasVertex termVertex, } } + private void ensureOnlyOneCategoryIsAssociated(AtlasVertex vertex) throws AtlasBaseException { + final Integer numOfCategoryEdges = GraphHelper.getCountOfCategoryEdges(vertex); + + if(numOfCategoryEdges>1) { + throw new AtlasBaseException(AtlasErrorCode.BAD_REQUEST, "Cannot move term with multiple " + + "categories associated to another glossary"); + } + } + private void validateParentForGlossaryChange(AtlasEntity category, AtlasVertex categoryVertex, String targetGlossaryQualifiedName) throws AtlasBaseException { @@ -489,4 +521,5 @@ private String createQualifiedName(AtlasVertex vertex) { return getUUID() + "@" + anchor.getAttribute(QUALIFIED_NAME); } + } diff --git a/repository/src/main/java/org/apache/atlas/repository/store/graph/v2/preprocessor/glossary/GlossaryPreProcessor.java b/repository/src/main/java/org/apache/atlas/repository/store/graph/v2/preprocessor/glossary/GlossaryPreProcessor.java index 6e3c962426..fc0bec0654 100644 --- a/repository/src/main/java/org/apache/atlas/repository/store/graph/v2/preprocessor/glossary/GlossaryPreProcessor.java +++ b/repository/src/main/java/org/apache/atlas/repository/store/graph/v2/preprocessor/glossary/GlossaryPreProcessor.java @@ -20,10 +20,12 @@ import org.apache.atlas.AtlasErrorCode; import org.apache.atlas.RequestContext; +import org.apache.atlas.discovery.EntityDiscoveryService; import org.apache.atlas.exception.AtlasBaseException; import org.apache.atlas.model.instance.AtlasEntity; import org.apache.atlas.model.instance.AtlasStruct; import org.apache.atlas.model.instance.EntityMutations; +import org.apache.atlas.repository.graphdb.AtlasGraph; import org.apache.atlas.repository.graphdb.AtlasVertex; import org.apache.atlas.repository.store.graph.v2.AtlasGraphUtilsV2; import org.apache.atlas.repository.store.graph.v2.EntityGraphRetriever; @@ -37,18 +39,24 @@ import static org.apache.atlas.repository.Constants.NAME; import static org.apache.atlas.repository.Constants.QUALIFIED_NAME; -import static org.apache.atlas.repository.store.graph.v2.preprocessor.PreProcessorUtils.getUUID; -import static org.apache.atlas.repository.store.graph.v2.preprocessor.PreProcessorUtils.isNameInvalid; +import static org.apache.atlas.repository.store.graph.v2.preprocessor.PreProcessorUtils.*; +import static org.apache.atlas.type.Constants.LEXICOGRAPHICAL_SORT_ORDER; public class GlossaryPreProcessor implements PreProcessor { private static final Logger LOG = LoggerFactory.getLogger(GlossaryPreProcessor.class); private final AtlasTypeRegistry typeRegistry; private final EntityGraphRetriever entityRetriever; + protected EntityDiscoveryService discovery; - public GlossaryPreProcessor(AtlasTypeRegistry typeRegistry, EntityGraphRetriever entityRetriever) { + public GlossaryPreProcessor(AtlasTypeRegistry typeRegistry, EntityGraphRetriever entityRetriever, AtlasGraph graph) { this.entityRetriever = entityRetriever; this.typeRegistry = typeRegistry; + try{ + this.discovery = new EntityDiscoveryService(typeRegistry, graph, null, null, null, null); + } catch (Exception e) { + e.printStackTrace(); + } } @Override @@ -77,11 +85,19 @@ private void processCreateGlossary(AtlasStruct entity) throws AtlasBaseException if (StringUtils.isEmpty(glossaryName) || isNameInvalid(glossaryName)) { throw new AtlasBaseException(AtlasErrorCode.INVALID_DISPLAY_NAME); } + String lexicographicalSortOrder = (String) entity.getAttribute(LEXICOGRAPHICAL_SORT_ORDER); + if (glossaryExists(glossaryName)) { throw new AtlasBaseException(AtlasErrorCode.GLOSSARY_ALREADY_EXISTS,glossaryName); } + if(StringUtils.isEmpty(lexicographicalSortOrder)) { + assignNewLexicographicalSortOrder((AtlasEntity) entity, null, null, this.discovery); + } else { + isValidLexoRank(lexicographicalSortOrder, "", "", this.discovery); + } + entity.setAttribute(QUALIFIED_NAME, createQualifiedName()); RequestContext.get().endMetricRecord(metricRecorder); } @@ -90,7 +106,6 @@ private void processUpdateGlossary(AtlasStruct entity, AtlasVertex vertex) throw AtlasPerfMetrics.MetricRecorder metricRecorder = RequestContext.get().startMetricRecord("processUpdateGlossary"); String glossaryName = (String) entity.getAttribute(NAME); String vertexName = vertex.getProperty(NAME, String.class); - if (!vertexName.equals(glossaryName) && glossaryExists(glossaryName)) { throw new AtlasBaseException(AtlasErrorCode.GLOSSARY_ALREADY_EXISTS,glossaryName); } @@ -98,6 +113,12 @@ private void processUpdateGlossary(AtlasStruct entity, AtlasVertex vertex) throw if (StringUtils.isEmpty(glossaryName) || isNameInvalid(glossaryName)) { throw new AtlasBaseException(AtlasErrorCode.INVALID_DISPLAY_NAME); } + String lexicographicalSortOrder = (String) entity.getAttribute(LEXICOGRAPHICAL_SORT_ORDER); + if(StringUtils.isNotEmpty(lexicographicalSortOrder)) { + isValidLexoRank(lexicographicalSortOrder, "", "", this.discovery); + } else { + entity.removeAttribute(LEXICOGRAPHICAL_SORT_ORDER); + } String vertexQnName = vertex.getProperty(QUALIFIED_NAME, String.class); diff --git a/repository/src/main/java/org/apache/atlas/repository/store/graph/v2/preprocessor/glossary/TermPreProcessor.java b/repository/src/main/java/org/apache/atlas/repository/store/graph/v2/preprocessor/glossary/TermPreProcessor.java index 53e12ea93e..b8b4ff2e44 100644 --- a/repository/src/main/java/org/apache/atlas/repository/store/graph/v2/preprocessor/glossary/TermPreProcessor.java +++ b/repository/src/main/java/org/apache/atlas/repository/store/graph/v2/preprocessor/glossary/TermPreProcessor.java @@ -45,11 +45,13 @@ import org.springframework.stereotype.Component; import java.util.Iterator; import java.util.List; +import java.util.Objects; import static org.apache.atlas.repository.Constants.*; import static org.apache.atlas.repository.graph.GraphHelper.getActiveParentVertices; import static org.apache.atlas.repository.store.graph.v2.preprocessor.PreProcessorUtils.*; import static org.apache.atlas.repository.store.graph.v2.tasks.MeaningsTaskFactory.UPDATE_ENTITY_MEANINGS_ON_TERM_UPDATE; +import static org.apache.atlas.type.Constants.LEXICOGRAPHICAL_SORT_ORDER; @Component public class TermPreProcessor extends AbstractGlossaryPreProcessor { @@ -95,7 +97,14 @@ private void processCreateTerm(AtlasEntity entity, AtlasVertex vertex) throws At termExists(termName, glossaryQName); - validateCategory(entity); + String parentQname = validateAndGetCategory(entity); + + String lexicographicalSortOrder = (String) entity.getAttribute(LEXICOGRAPHICAL_SORT_ORDER); + if(StringUtils.isEmpty(lexicographicalSortOrder)){ + assignNewLexicographicalSortOrder(entity, glossaryQName, parentQname, this.discovery); + } else { + isValidLexoRank(lexicographicalSortOrder, glossaryQName, parentQname, this.discovery); + } entity.setAttribute(QUALIFIED_NAME, createQualifiedName()); AtlasAuthorizationUtils.verifyAccess(new AtlasEntityAccessRequest(typeRegistry, AtlasPrivilege.ENTITY_CREATE, new AtlasEntityHeader(entity)), @@ -114,7 +123,7 @@ private void processUpdateTerm(AtlasEntity entity, AtlasVertex vertex) throws At throw new AtlasBaseException(AtlasErrorCode.INVALID_DISPLAY_NAME); } - validateCategory(entity); + String parentQname = validateAndGetCategory(entity); AtlasEntity storedTerm = entityRetriever.toAtlasEntity(vertex); AtlasRelatedObjectId currentGlossary = (AtlasRelatedObjectId) storedTerm.getRelationshipAttribute(ANCHOR); @@ -125,6 +134,13 @@ private void processUpdateTerm(AtlasEntity entity, AtlasVertex vertex) throws At String newGlossaryQualifiedName = (String) anchor.getAttribute(QUALIFIED_NAME); + String lexicographicalSortOrder = (String) entity.getAttribute(LEXICOGRAPHICAL_SORT_ORDER); + if(StringUtils.isNotEmpty(lexicographicalSortOrder)) { + isValidLexoRank(lexicographicalSortOrder, newGlossaryQualifiedName, parentQname, this.discovery); + } else { + entity.removeAttribute(LEXICOGRAPHICAL_SORT_ORDER); + } + if (!currentGlossaryQualifiedName.equals(newGlossaryQualifiedName)){ //Auth check isAuthorized(currentGlossaryHeader, anchor); @@ -159,15 +175,28 @@ private void processUpdateTerm(AtlasEntity entity, AtlasVertex vertex) throws At RequestContext.get().endMetricRecord(metricRecorder); } - private void validateCategory(AtlasEntity entity) throws AtlasBaseException { + private static void ensureOnlyOneCategoryIsAssociated(AtlasEntity entity) throws AtlasBaseException { + if(entity.hasRelationshipAttribute(ATTR_CATEGORIES) && Objects.nonNull(entity.getRelationshipAttribute(ATTR_CATEGORIES))) { + List categories = (List) entity.getRelationshipAttribute(ATTR_CATEGORIES); + + if(categories.size() > 1) { + throw new AtlasBaseException(AtlasErrorCode.BAD_REQUEST, "Cannot move term with multiple " + + "categories associated to another glossary"); + } + + } + + } + + private String validateAndGetCategory(AtlasEntity entity) throws AtlasBaseException { String glossaryQualifiedName = (String) anchor.getAttribute(QUALIFIED_NAME); + String categoryQualifiedName = null; if (entity.hasRelationshipAttribute(ATTR_CATEGORIES) && entity.getRelationshipAttribute(ATTR_CATEGORIES) != null) { List categories = (List) entity.getRelationshipAttribute(ATTR_CATEGORIES); if (CollectionUtils.isNotEmpty(categories)) { AtlasObjectId category = categories.get(0); - String categoryQualifiedName; if (category.getUniqueAttributes() != null && category.getUniqueAttributes().containsKey(QUALIFIED_NAME)) { categoryQualifiedName = (String) category.getUniqueAttributes().get(QUALIFIED_NAME); @@ -181,6 +210,7 @@ private void validateCategory(AtlasEntity entity) throws AtlasBaseException { } } } + return categoryQualifiedName; } public String moveTermToAnotherGlossary(AtlasEntity entity, AtlasVertex vertex, diff --git a/repository/src/main/java/org/apache/atlas/repository/util/AccessControlUtils.java b/repository/src/main/java/org/apache/atlas/repository/util/AccessControlUtils.java index c2c04b8d4e..a7052a1ee3 100644 --- a/repository/src/main/java/org/apache/atlas/repository/util/AccessControlUtils.java +++ b/repository/src/main/java/org/apache/atlas/repository/util/AccessControlUtils.java @@ -68,6 +68,7 @@ public final class AccessControlUtils { public static final String ATTR_POLICY_ACTIONS = "policyActions"; public static final String ATTR_POLICY_CATEGORY = "policyCategory"; public static final String ATTR_POLICY_SUB_CATEGORY = "policySubCategory"; + public static final String ATTR_POLICY_FILTER_CRITERIA = "policyFilterCriteria"; public static final String ATTR_POLICY_RESOURCES = "policyResources"; public static final String ATTR_POLICY_IS_ENABLED = "isPolicyEnabled"; public static final String ATTR_POLICY_CONNECTION_QN = "connectionQualifiedName"; @@ -87,7 +88,8 @@ public final class AccessControlUtils { public static final String ACCESS_READ_PERSONA_DOMAIN = "persona-domain-read"; public static final String ACCESS_READ_PERSONA_SUB_DOMAIN = "persona-domain-sub-domain-read"; public static final String ACCESS_READ_PERSONA_PRODUCT = "persona-domain-product-read"; - + public static final String ACCESS_READ_DOMAIN = "domain-entity-read"; + public static final String POLICY_CATEGORY_PERSONA = "persona"; public static final String POLICY_CATEGORY_PURPOSE = "purpose"; public static final String POLICY_CATEGORY_DATAMESH = "datamesh"; @@ -117,6 +119,8 @@ public final class AccessControlUtils { public static final String INSTANCE_DOMAIN_KEY = "instance"; + public static final String POLICY_SERVICE_NAME_ABAC = "atlas_abac"; + private AccessControlUtils() {} public static String getEntityName(AtlasEntity entity) { @@ -168,6 +172,14 @@ public static String getPolicyCategory(AtlasEntity policyEntity) { return getStringAttribute(policyEntity, ATTR_POLICY_CATEGORY); } + public static String getPolicyFilterCriteria(AtlasEntity policyEntity) { + return getStringAttribute(policyEntity, ATTR_POLICY_FILTER_CRITERIA); + } + + public static String getPolicyFilterCriteria(AtlasEntityHeader policyEntity) { + return getStringAttribute(policyEntity, ATTR_POLICY_FILTER_CRITERIA); + } + public static String getPolicyResourceCategory(AtlasEntity policyEntity) { return getStringAttribute(policyEntity, ATTR_POLICY_RESOURCES_CATEGORY); } @@ -192,6 +204,10 @@ public static String getPolicyServiceName(AtlasEntity policyEntity) { return getStringAttribute(policyEntity, ATTR_POLICY_SERVICE_NAME); } + public static String getPolicyServiceName(AtlasEntityHeader policyEntity) { + return getStringAttribute(policyEntity, ATTR_POLICY_SERVICE_NAME); + } + public static String getPolicyType(AtlasEntity policyEntity) { return getStringAttribute(policyEntity, ATTR_POLICY_TYPE); } diff --git a/repository/src/main/java/org/apache/atlas/services/MetricsService.java b/repository/src/main/java/org/apache/atlas/services/MetricsService.java index 5a8f445348..ef30675df1 100644 --- a/repository/src/main/java/org/apache/atlas/services/MetricsService.java +++ b/repository/src/main/java/org/apache/atlas/services/MetricsService.java @@ -98,7 +98,7 @@ public MetricsService(final AtlasGraph graph, final AtlasTypeRegistry typeRegist @SuppressWarnings("unchecked") @GraphTransaction public AtlasMetrics getMetrics() { - this.atlasGraph.setEnableCache(false); + final AtlasTypesDef typesDef = getTypesDef(); Collection entityDefs = typesDef.getEntityDefs(); diff --git a/repository/src/main/java/org/apache/atlas/util/AtlasMetricsUtil.java b/repository/src/main/java/org/apache/atlas/util/AtlasMetricsUtil.java index 971c4d6404..beb90e67b1 100644 --- a/repository/src/main/java/org/apache/atlas/util/AtlasMetricsUtil.java +++ b/repository/src/main/java/org/apache/atlas/util/AtlasMetricsUtil.java @@ -194,11 +194,9 @@ public Map getStats() { private boolean getBackendStoreStatus(){ try { - boolean isCacheEnabled = this.graph.isCacheEnabled(); runWithTimeout(new Runnable() { @Override public void run() { - graph.setEnableCache(isCacheEnabled); graph.query().has(TYPE_NAME_PROPERTY_KEY, TYPE_NAME_INTERNAL).vertices(1); graphCommit(); @@ -219,11 +217,9 @@ private boolean getIndexStoreStatus(){ final String query = AtlasGraphUtilsV2.getIndexSearchPrefix() + "\"" + Constants.TYPE_NAME_PROPERTY_KEY + "\":(" + TYPE_NAME_INTERNAL + ")"; try { - boolean isCacheEnabled = this.graph.isCacheEnabled(); runWithTimeout(new Runnable() { @Override public void run() { - graph.setEnableCache(isCacheEnabled); graph.indexQuery(Constants.VERTEX_INDEX, query).vertices(0, 1); graphCommit(); diff --git a/repository/src/main/java/org/apache/atlas/util/lexoRank/LexoDecimal.java b/repository/src/main/java/org/apache/atlas/util/lexoRank/LexoDecimal.java new file mode 100644 index 0000000000..195970660a --- /dev/null +++ b/repository/src/main/java/org/apache/atlas/util/lexoRank/LexoDecimal.java @@ -0,0 +1,178 @@ +package org.apache.atlas.util.lexoRank; + +import org.apache.atlas.util.lexoRank.system.LexoNumeralSystem; + +import java.util.Objects; + +public class LexoDecimal implements Comparable { + + private final LexoInteger mag; + private final int sig; + + private LexoDecimal(LexoInteger mag, int sig) { + this.mag = mag; + this.sig = sig; + } + + public static LexoDecimal half(LexoNumeralSystem sys) { + int mid = sys.getBase() / 2; + return make(LexoInteger.make(sys, 1, new int[] {mid}), 1); + } + + public static LexoDecimal parse(String str, LexoNumeralSystem system) { + int partialIndex = str.indexOf(system.getRadixPointChar()); + if (str.lastIndexOf(system.getRadixPointChar()) != partialIndex) + throw new IllegalArgumentException("More than one " + system.getRadixPointChar()); + + if (partialIndex < 0) return make(LexoInteger.parse(str, system), 0); + + String intStr = str.substring(0, partialIndex) + str.substring(partialIndex + 1); + return make(LexoInteger.parse(intStr, system), str.length() - 1 - partialIndex); + } + + public static LexoDecimal from(LexoInteger integer) { + return make(integer, 0); + } + + public static LexoDecimal make(LexoInteger integer, int sig) { + if (integer.isZero()) return new LexoDecimal(integer, 0); + + int zeroCount = 0; + + for (int i = 0; i < sig && integer.getMag(i) == 0; ++i) ++zeroCount; + + LexoInteger newInteger = integer.shiftRight(zeroCount); + int newSig = sig - zeroCount; + return new LexoDecimal(newInteger, newSig); + } + + public LexoNumeralSystem getSystem() { + return mag.getSystem(); + } + + public LexoDecimal add(LexoDecimal other) { + LexoInteger tMag = mag; + int tSig = sig; + LexoInteger oMag = other.mag; + + int oSig; + for (oSig = other.sig; tSig < oSig; ++tSig) tMag = tMag.shiftLeft(); + + while (tSig > oSig) { + oMag = oMag.shiftLeft(); + ++oSig; + } + + return make(tMag.add(oMag), tSig); + } + + public LexoDecimal subtract(LexoDecimal other) { + LexoInteger thisMag = mag; + int thisSig = sig; + LexoInteger otherMag = other.mag; + + int otherSig; + for (otherSig = other.sig; thisSig < otherSig; ++thisSig) thisMag = thisMag.shiftLeft(); + + while (thisSig > otherSig) { + otherMag = otherMag.shiftLeft(); + ++otherSig; + } + + return make(thisMag.subtract(otherMag), thisSig); + } + + public LexoDecimal multiply(LexoDecimal other) { + return make(mag.multiply(other.mag), sig + other.sig); + } + + public LexoInteger floor() { + return mag.shiftRight(sig); + } + + public LexoInteger ceil() { + if (isExact()) return mag; + + LexoInteger floor = floor(); + return floor.add(LexoInteger.one(floor.getSystem())); + } + + public boolean isExact() { + if (sig == 0) return true; + + for (int i = 0; i < sig; ++i) if (mag.getMag(i) != 0) return false; + + return true; + } + + public int getScale() { + return sig; + } + + public LexoDecimal setScale(int nSig) { + return setScale(nSig, false); + } + + public LexoDecimal setScale(int nSig, boolean ceiling) { + if (nSig >= sig) return this; + + if (nSig < 0) nSig = 0; + + int diff = sig - nSig; + LexoInteger nmag = mag.shiftRight(diff); + if (ceiling) nmag = nmag.add(LexoInteger.one(nmag.getSystem())); + + return make(nmag, nSig); + } + + public String format() { + String intStr = mag.format(); + if (sig == 0) return intStr; + + StringBuilder sb = new StringBuilder(intStr); + char head = sb.charAt(0); + boolean specialHead = + head == mag.getSystem().getPositiveChar() || head == mag.getSystem().getNegativeChar(); + if (specialHead) sb.delete(0, 1); + + while (sb.length() < sig + 1) sb.insert(0, mag.getSystem().toChar(0)); + + sb.insert(sb.length() - sig, mag.getSystem().getRadixPointChar()); + if (sb.length() - sig == 0) sb.insert(0, mag.getSystem().toChar(0)); + + if (specialHead) sb.insert(0, head); + + return sb.toString(); + } + + @Override + public boolean equals(Object o) { + if (this == o) return true; + if (o == null || getClass() != o.getClass()) return false; + LexoDecimal that = (LexoDecimal) o; + return sig == that.sig && Objects.equals(mag, that.mag); + } + + @Override + public int hashCode() { + return Objects.hash(mag, sig); + } + + @Override + public String toString() { + return format(); + } + + @Override + public int compareTo(LexoDecimal lexoDecimal) { + if (Objects.equals(this, lexoDecimal)) return 0; + if (Objects.equals(null, lexoDecimal)) return 1; + + LexoInteger tMag = mag; + LexoInteger oMag = lexoDecimal.mag; + if (sig > lexoDecimal.sig) oMag = oMag.shiftLeft(sig - lexoDecimal.sig); + else if (sig < lexoDecimal.sig) tMag = tMag.shiftLeft(lexoDecimal.sig - sig); + + return tMag.compareTo(oMag); + } +} diff --git a/repository/src/main/java/org/apache/atlas/util/lexoRank/LexoInteger.java b/repository/src/main/java/org/apache/atlas/util/lexoRank/LexoInteger.java new file mode 100644 index 0000000000..187797a20b --- /dev/null +++ b/repository/src/main/java/org/apache/atlas/util/lexoRank/LexoInteger.java @@ -0,0 +1,325 @@ +package org.apache.atlas.util.lexoRank; + + +import org.apache.atlas.util.lexoRank.system.LexoNumeralSystem; + +import java.util.Arrays; +import java.util.Objects; + +public class LexoInteger implements Comparable { + private static final int[] ZERO_MAG = {0}; + private static final int[] ONE_MAG = {1}; + private final int negativeSign = -1; + private final int zeroSign = 0; + private final int positiveSign = 1; + private final int[] mag; + private final int sign; + private final LexoNumeralSystem sys; + + private LexoInteger(LexoNumeralSystem system, int sign, int[] mag) { + sys = system; + this.sign = sign; + this.mag = mag; + } + + private static int[] add(LexoNumeralSystem sys, int[] l, int[] r) { + int estimatedSize = Math.max(l.length, r.length); + int[] result = new int[estimatedSize]; + int carry = 0; + + for (int i = 0; i < estimatedSize; ++i) { + int lNum = i < l.length ? l[i] : 0; + int rNum = i < r.length ? r[i] : 0; + int sum = lNum + rNum + carry; + + for (carry = 0; sum >= sys.getBase(); sum -= sys.getBase()) ++carry; + + result[i] = sum; + } + + return extendWithCarry(result, carry); + } + + private static int[] extendWithCarry(int[] mag, int carry) { + int[] result = mag; + if (carry > 0) { + int[] extendedMag = new int[mag.length + 1]; + System.arraycopy(mag, 0, extendedMag, 0, mag.length); + extendedMag[extendedMag.length - 1] = carry; + result = extendedMag; + } + + return result; + } + + private static int[] subtract(LexoNumeralSystem sys, int[] l, int[] r) { + int[] rComplement = complement(sys, r, l.length); + int[] rSum = add(sys, l, rComplement); + rSum[rSum.length - 1] = 0; + return add(sys, rSum, ONE_MAG); + } + + private static int[] multiply(LexoNumeralSystem sys, int[] l, int[] r) { + int[] result = new int[l.length + r.length]; + + for (int li = 0; li < l.length; ++li) + for (int ri = 0; ri < r.length; ++ri) { + int resultIndex = li + ri; + + for (result[resultIndex] += l[li] * r[ri]; + result[resultIndex] >= sys.getBase(); + result[resultIndex] -= sys.getBase()) ++result[resultIndex + 1]; + } + + return result; + } + + private static int[] complement(LexoNumeralSystem sys, int[] mag, int digits) { + if (digits <= 0) throw new IllegalArgumentException("Expected at least 1 digit"); + + int[] nmag = new int[digits]; + + Arrays.fill(nmag, sys.getBase() - 1); + + for (int i = 0; i < mag.length; ++i) nmag[i] = sys.getBase() - 1 - mag[i]; + + return nmag; + } + + private static int compare(int[] l, int[] r) { + if (l.length < r.length) return -1; + + if (l.length > r.length) return 1; + + for (int i = l.length - 1; i >= 0; --i) { + if (l[i] < r[i]) return -1; + + if (l[i] > r[i]) return 1; + } + + return 0; + } + + public static LexoInteger parse(String strFull, LexoNumeralSystem system) { + String str = strFull; + int sign = 1; + if (strFull.indexOf(system.getPositiveChar()) == 0) { + str = strFull.substring(1); + } else if (strFull.indexOf(system.getNegativeChar()) == 0) { + str = strFull.substring(1); + sign = -1; + } + + int[] mag = new int[str.length()]; + int strIndex = mag.length - 1; + + for (int magIndex = 0; strIndex >= 0; ++magIndex) { + mag[magIndex] = system.toDigit(str.charAt(strIndex)); + --strIndex; + } + + return make(system, sign, mag); + } + + protected static LexoInteger zero(LexoNumeralSystem sys) { + return new LexoInteger(sys, 0, ZERO_MAG); + } + + protected static LexoInteger one(LexoNumeralSystem sys) { + return make(sys, 1, ONE_MAG); + } + + public static LexoInteger make(LexoNumeralSystem sys, int sign, int[] mag) { + int actualLength; + actualLength = mag.length; + while (actualLength > 0 && mag[actualLength - 1] == 0) { + --actualLength; + } + + if (actualLength == 0) return zero(sys); + + if (actualLength == mag.length) return new LexoInteger(sys, sign, mag); + + int[] nmag = new int[actualLength]; + System.arraycopy(mag, 0, nmag, 0, actualLength); + return new LexoInteger(sys, sign, nmag); + } + + public LexoInteger add(LexoInteger other) { + checkSystem(other); + if (isZero()) return other; + + if (other.isZero()) return this; + + if (sign != other.sign) { + LexoInteger pos; + if (sign == -1) { + pos = negate(); + LexoInteger val = pos.subtract(other); + return val.negate(); + } + + pos = other.negate(); + return subtract(pos); + } + + int[] result = add(sys, mag, other.mag); + return make(sys, sign, result); + } + + public LexoInteger subtract(LexoInteger other) { + checkSystem(other); + if (isZero()) return other.negate(); + + if (other.isZero()) return this; + + if (sign != other.sign) { + LexoInteger negate; + if (sign == -1) { + negate = negate(); + LexoInteger sum = negate.add(other); + return sum.negate(); + } + + negate = other.negate(); + return add(negate); + } + + int cmp = compare(mag, other.mag); + if (cmp == 0) return zero(sys); + + return cmp < 0 + ? make(sys, sign == -1 ? 1 : -1, subtract(sys, other.mag, mag)) + : make(sys, sign == -1 ? -1 : 1, subtract(sys, mag, other.mag)); + } + + public LexoInteger multiply(LexoInteger other) { + checkSystem(other); + if (isZero()) return this; + + if (other.isZero()) return other; + + if (isOneish()) return sign == other.sign ? make(sys, 1, other.mag) : make(sys, -1, other.mag); + + if (other.isOneish()) return sign == other.sign ? make(sys, 1, mag) : make(sys, -1, mag); + + int[] newMag = multiply(sys, mag, other.mag); + return sign == other.sign ? make(sys, 1, newMag) : make(sys, -1, newMag); + } + + public LexoInteger negate() { + return isZero() ? this : make(sys, sign == 1 ? -1 : 1, mag); + } + + public LexoInteger shiftLeft() { + return shiftLeft(1); + } + + public LexoInteger shiftLeft(int times) { + if (times == 0) return this; + + if (times < 0) return shiftRight(Math.abs(times)); + + int[] nmag = new int[mag.length + times]; + System.arraycopy(mag, 0, nmag, times, mag.length); + return make(sys, sign, nmag); + } + + public LexoInteger shiftRight() { + return shiftRight(1); + } + + public LexoInteger shiftRight(int times) { + if (mag.length - times <= 0) return zero(sys); + + int[] nmag = new int[mag.length - times]; + System.arraycopy(mag, times, nmag, 0, nmag.length); + return make(sys, sign, nmag); + } + + public LexoInteger complement() { + return complement(mag.length); + } + + private LexoInteger complement(int digits) { + return make(sys, sign, complement(sys, mag, digits)); + } + + public boolean isZero() { + return sign == 0 && mag.length == 1 && mag[0] == 0; + } + + private boolean isOneish() { + return mag.length == 1 && mag[0] == 1; + } + + public boolean isOne() { + return sign == 1 && mag.length == 1 && mag[0] == 1; + } + + public int getMag(int index) { + return mag[index]; + } + + public LexoNumeralSystem getSystem() { + return sys; + } + + private void checkSystem(LexoInteger other) { + if (!sys.getName().equals(other.sys.getName())) + throw new IllegalArgumentException("Expected numbers of same numeral sys"); + } + + public String format() { + if (isZero()) return String.valueOf(sys.toChar(0)); + StringBuilder sb = new StringBuilder(); + for (int digit : mag) { + sb.insert(0, sys.toChar(digit)); + } + if (sign == -1) sb.setCharAt(0, sys.getNegativeChar()); + + return sb.toString(); + } + + @Override + public boolean equals(Object o) { + if (this == o) return true; + if (o == null || getClass() != o.getClass()) return false; + LexoInteger that = (LexoInteger) o; + return sign == that.sign && Arrays.equals(mag, that.mag) && Objects.equals(sys, that.sys); + } + + @Override + public int hashCode() { + int result = Objects.hash(negativeSign, zeroSign, positiveSign, sign, sys); + result = 31 * result + Arrays.hashCode(mag); + return result; + } + + @Override + public String toString() { + return format(); + } + + @Override + public int compareTo(LexoInteger lexoInteger) { + if (this.equals(lexoInteger)) return 0; + if (null == lexoInteger) return 1; + + if (sign == -1) { + if (lexoInteger.sign == -1) { + int cmp = compare(mag, lexoInteger.mag); + if (cmp == -1) return 1; + return cmp == 1 ? -1 : 0; + } + + return -1; + } + + if (sign == 1) return lexoInteger.sign == 1 ? compare(mag, lexoInteger.mag) : 1; + + if (lexoInteger.sign == -1) return 1; + + return lexoInteger.sign == 1 ? -1 : 0; + } +} diff --git a/repository/src/main/java/org/apache/atlas/util/lexoRank/LexoRank.java b/repository/src/main/java/org/apache/atlas/util/lexoRank/LexoRank.java new file mode 100644 index 0000000000..29a8bf2d41 --- /dev/null +++ b/repository/src/main/java/org/apache/atlas/util/lexoRank/LexoRank.java @@ -0,0 +1,287 @@ +package org.apache.atlas.util.lexoRank; + + + + +import org.apache.atlas.util.lexoRank.system.LexoNumeralSystem; +import org.apache.atlas.util.lexoRank.system.LexoNumeralSystem36; + +import java.util.Objects; + +public class LexoRank implements Comparable { + + public static final LexoNumeralSystem NUMERAL_SYSTEM = new LexoNumeralSystem36(); + private static final LexoDecimal ZERO_DECIMAL = LexoDecimal.parse("0", NUMERAL_SYSTEM); + private static final LexoDecimal ONE_DECIMAL = LexoDecimal.parse("1", NUMERAL_SYSTEM); + private static final LexoDecimal EIGHT_DECIMAL = LexoDecimal.parse("8", NUMERAL_SYSTEM); + private static final LexoDecimal MIN_DECIMAL = ZERO_DECIMAL; + + private static final LexoDecimal MAX_DECIMAL = + LexoDecimal.parse("1000000", NUMERAL_SYSTEM).subtract(ONE_DECIMAL); + + private static final LexoDecimal MID_DECIMAL = between(MIN_DECIMAL, MAX_DECIMAL); + private static final LexoDecimal INITIAL_MIN_DECIMAL = + LexoDecimal.parse("100000", NUMERAL_SYSTEM); + + private static final LexoDecimal INITIAL_MAX_DECIMAL = + LexoDecimal.parse( + NUMERAL_SYSTEM.toChar(NUMERAL_SYSTEM.getBase() - 2) + "00000", NUMERAL_SYSTEM); + + private final String value; + private final LexoRankBucket bucket; + private final LexoDecimal decimal; + + private LexoRank(String value) { + this.value = value; + String[] parts = this.value.split("\\|"); + bucket = LexoRankBucket.from(parts[0]); + decimal = LexoDecimal.parse(parts[1], NUMERAL_SYSTEM); + } + + private LexoRank(LexoRankBucket bucket, LexoDecimal dec) { + value = bucket.format() + "|" + formatDecimal(dec); + this.bucket = bucket; + decimal = dec; + } + + public static LexoRank min() { + return from(LexoRankBucket.BUCKET_0, MIN_DECIMAL); + } + + public static LexoRank max() { + return max(LexoRankBucket.BUCKET_0); + } + + public static LexoRank middle() { + LexoRank minLexoRank = min(); + return minLexoRank.between(max(minLexoRank.bucket)); + } + + public static LexoRank max(LexoRankBucket bucket) { + return from(bucket, MAX_DECIMAL); + } + + public static LexoRank initial(LexoRankBucket bucket) { + return bucket == LexoRankBucket.BUCKET_0 + ? from(bucket, INITIAL_MIN_DECIMAL) + : from(bucket, INITIAL_MAX_DECIMAL); + } + + private static LexoDecimal between(LexoDecimal oLeft, LexoDecimal oRight) { + if (oLeft.getSystem() != oRight.getSystem()) + throw new IllegalArgumentException("Expected same system"); + + LexoDecimal left = oLeft; + LexoDecimal right = oRight; + LexoDecimal nLeft; + if (oLeft.getScale() < oRight.getScale()) { + nLeft = oRight.setScale(oLeft.getScale(), false); + if (oLeft.compareTo(nLeft) >= 0) return middle(oLeft, oRight); + + right = nLeft; + } + + if (oLeft.getScale() > right.getScale()) { + nLeft = oLeft.setScale(right.getScale(), true); + if (nLeft.compareTo(right) >= 0) return middle(oLeft, oRight); + + left = nLeft; + } + + LexoDecimal nRight; + for (int scale = left.getScale(); scale > 0; right = nRight) { + int nScale1 = scale - 1; + LexoDecimal nLeft1 = left.setScale(nScale1, true); + nRight = right.setScale(nScale1, false); + int cmp = nLeft1.compareTo(nRight); + if (cmp == 0) return checkMid(oLeft, oRight, nLeft1); + + if (nLeft1.compareTo(nRight) > 0) break; + + scale = nScale1; + left = nLeft1; + } + + LexoDecimal mid = middle(oLeft, oRight, left, right); + + int nScale; + for (int mScale = mid.getScale(); mScale > 0; mScale = nScale) { + nScale = mScale - 1; + LexoDecimal nMid = mid.setScale(nScale); + if (oLeft.compareTo(nMid) >= 0 || nMid.compareTo(oRight) >= 0) break; + + mid = nMid; + } + + return mid; + } + + private static LexoDecimal middle( + LexoDecimal lBound, LexoDecimal rBound, LexoDecimal left, LexoDecimal right) { + LexoDecimal mid = middle(left, right); + return checkMid(lBound, rBound, mid); + } + + private static LexoDecimal checkMid(LexoDecimal lBound, LexoDecimal rBound, LexoDecimal mid) { + if (lBound.compareTo(mid) >= 0) return middle(lBound, rBound); + + return mid.compareTo(rBound) >= 0 ? middle(lBound, rBound) : mid; + } + + private static LexoDecimal middle(LexoDecimal left, LexoDecimal right) { + LexoDecimal sum = left.add(right); + LexoDecimal mid = sum.multiply(LexoDecimal.half(left.getSystem())); + int scale = Math.max(left.getScale(), right.getScale()); + if (mid.getScale() > scale) { + LexoDecimal roundDown = mid.setScale(scale, false); + if (roundDown.compareTo(left) > 0) return roundDown; + + LexoDecimal roundUp = mid.setScale(scale, true); + if (roundUp.compareTo(right) < 0) return roundUp; + } + + return mid; + } + + private static String formatDecimal(LexoDecimal dec) { + String formatVal = dec.format(); + StringBuilder val = new StringBuilder(formatVal); + int partialIndex = formatVal.indexOf(NUMERAL_SYSTEM.getRadixPointChar()); + char zero = NUMERAL_SYSTEM.toChar(0); + if (partialIndex < 0) { + partialIndex = formatVal.length(); + val.append(NUMERAL_SYSTEM.getRadixPointChar()); + } + + while (partialIndex < 6) { + val.insert(0, zero); + ++partialIndex; + } + + // TODO CHECK LOGIC + int valLength = val.length() - 1; + while (val.charAt(valLength) == zero) { + valLength = val.length() - 1; + } + + return val.toString(); + } + + public static LexoRank parse(String str) { + if (isNullOrWhiteSpace(str)) throw new IllegalArgumentException(str); + return new LexoRank(str); + } + + public static LexoRank from(LexoRankBucket bucket, LexoDecimal dec) { + if (!dec.getSystem().getName().equals(NUMERAL_SYSTEM.getName())) + throw new IllegalArgumentException("Expected different system"); + + return new LexoRank(bucket, dec); + } + + private static boolean isNullOrWhiteSpace(String string) { + return string == null || string.equals(" "); + } + + public LexoRankBucket getBucket() { + return bucket; + } + + public LexoDecimal getDecimal() { + return decimal; + } + + public int CompareTo(LexoRank other) { + if (Objects.equals(this, other)) return 0; + if (Objects.equals(null, other)) return 1; + return value.compareTo(other.value); + } + + public LexoRank genPrev() { + if (isMax()) return new LexoRank(bucket, INITIAL_MAX_DECIMAL); + + LexoInteger floorInteger = decimal.floor(); + LexoDecimal floorDecimal = LexoDecimal.from(floorInteger); + LexoDecimal nextDecimal = floorDecimal.subtract(EIGHT_DECIMAL); + if (nextDecimal.compareTo(MIN_DECIMAL) <= 0) nextDecimal = between(MIN_DECIMAL, decimal); + + return new LexoRank(bucket, nextDecimal); + } + + public LexoRank inNextBucket() { + return from(bucket.next(), decimal); + } + + public LexoRank inPrevBucket() { + return from(bucket.prev(), decimal); + } + + public boolean isMin() { + return decimal.equals(MIN_DECIMAL); + } + + public boolean isMax() { + return decimal.equals(MAX_DECIMAL); + } + + public String format() { + return value; + } + + public LexoRank genNext() { + if (isMin()) return new LexoRank(bucket, INITIAL_MIN_DECIMAL); + + LexoInteger ceilInteger = decimal.ceil(); + LexoDecimal ceilDecimal = LexoDecimal.from(ceilInteger); + LexoDecimal nextDecimal = ceilDecimal.add(EIGHT_DECIMAL); + if (nextDecimal.compareTo(MAX_DECIMAL) >= 0) nextDecimal = between(decimal, MAX_DECIMAL); + + return new LexoRank(bucket, nextDecimal); + } + + public LexoRank between(LexoRank other) { + if (!bucket.equals(other.bucket)) + throw new IllegalArgumentException("Between works only within the same bucket"); + + int cmp = decimal.compareTo(other.decimal); + if (cmp > 0) return new LexoRank(bucket, between(other.decimal, decimal)); + if (cmp == 0) + throw new IllegalArgumentException( + "Try to rank between issues with same rank this=" + + this + + " other=" + + other + + " this.decimal=" + + decimal + + " other.decimal=" + + other.decimal); + return new LexoRank(bucket, between(decimal, other.decimal)); + } + + @Override + public boolean equals(Object o) { + if (this == o) return true; + if (o == null || getClass() != o.getClass()) return false; + LexoRank lexoRank = (LexoRank) o; + return Objects.equals(value, lexoRank.value) + && Objects.equals(bucket, lexoRank.bucket) + && Objects.equals(decimal, lexoRank.decimal); + } + + @Override + public int hashCode() { + return Objects.hash(value, bucket, decimal); + } + + @Override + public String toString() { + return format(); + } + + @Override + public int compareTo(LexoRank lexoRank) { + if (Objects.equals(this, lexoRank)) return 0; + if (Objects.equals(null, lexoRank)) return 1; + return value.compareTo(lexoRank.value); + } +} diff --git a/repository/src/main/java/org/apache/atlas/util/lexoRank/LexoRankBucket.java b/repository/src/main/java/org/apache/atlas/util/lexoRank/LexoRankBucket.java new file mode 100644 index 0000000000..c3b60b4982 --- /dev/null +++ b/repository/src/main/java/org/apache/atlas/util/lexoRank/LexoRankBucket.java @@ -0,0 +1,83 @@ +package org.apache.atlas.util.lexoRank; + + +import java.util.Objects; + +public class LexoRankBucket { + + protected static final LexoRankBucket BUCKET_0 = new LexoRankBucket("0"); + protected static final LexoRankBucket BUCKET_1 = new LexoRankBucket("1"); + protected static final LexoRankBucket BUCKET_2 = new LexoRankBucket("2"); + + private static final LexoRankBucket[] VALUES = {BUCKET_0, BUCKET_1, BUCKET_2}; + + private final LexoInteger value; + + private LexoRankBucket(String val) { + value = LexoInteger.parse(val, LexoRank.NUMERAL_SYSTEM); + } + + public static LexoRankBucket resolve(int bucketId) { + for (LexoRankBucket bucket : VALUES) { + if (bucket.equals(from(String.valueOf(bucketId)))) return bucket; + } + + throw new IllegalArgumentException("No bucket found with id " + bucketId); + } + + public static LexoRankBucket from(String str) { + LexoInteger val = LexoInteger.parse(str, LexoRank.NUMERAL_SYSTEM); + + for (LexoRankBucket bucket : VALUES) { + if (bucket.value.equals(val)) return bucket; + } + + throw new IllegalArgumentException("Unknown bucket: " + str); + } + + public static LexoRankBucket min() { + return VALUES[0]; + } + + public static LexoRankBucket max() { + return VALUES[VALUES.length - 1]; + } + + public String format() { + return value.format(); + } + + public LexoRankBucket next() { + if (this == BUCKET_0) return BUCKET_1; + + if (this == BUCKET_1) return BUCKET_2; + + return this == BUCKET_2 ? BUCKET_0 : BUCKET_2; + } + + public LexoRankBucket prev() { + if (this == BUCKET_0) return BUCKET_2; + + if (this == BUCKET_1) return BUCKET_0; + + return this == BUCKET_2 ? BUCKET_1 : BUCKET_0; + } + + @Override + public boolean equals(Object o) { + if (this == o) return true; + if (o == null || getClass() != o.getClass()) return false; + LexoRankBucket that = (LexoRankBucket) o; + return Objects.equals(value, that.value); + } + + @Override + public String toString() { + return format(); + } + + @Override + public int hashCode() { + return Objects.hash(value); + } +} diff --git a/repository/src/main/java/org/apache/atlas/util/lexoRank/system/LexoNumeralSystem.java b/repository/src/main/java/org/apache/atlas/util/lexoRank/system/LexoNumeralSystem.java new file mode 100644 index 0000000000..a996079e3d --- /dev/null +++ b/repository/src/main/java/org/apache/atlas/util/lexoRank/system/LexoNumeralSystem.java @@ -0,0 +1,18 @@ +package org.apache.atlas.util.lexoRank.system; + +public interface LexoNumeralSystem { + + String getName(); + + int getBase(); + + char getPositiveChar(); + + char getNegativeChar(); + + char getRadixPointChar(); + + int toDigit(char var1); + + char toChar(int var1); +} diff --git a/repository/src/main/java/org/apache/atlas/util/lexoRank/system/LexoNumeralSystem10.java b/repository/src/main/java/org/apache/atlas/util/lexoRank/system/LexoNumeralSystem10.java new file mode 100644 index 0000000000..f2c84e1a50 --- /dev/null +++ b/repository/src/main/java/org/apache/atlas/util/lexoRank/system/LexoNumeralSystem10.java @@ -0,0 +1,32 @@ +package org.apache.atlas.util.lexoRank.system; + +public class LexoNumeralSystem10 implements LexoNumeralSystem { + public String getName() { + return "Base10"; + } + + public int getBase() { + return 10; + } + + public char getPositiveChar() { + return '+'; + } + + public char getNegativeChar() { + return '-'; + } + + public char getRadixPointChar() { + return '.'; + } + + public int toDigit(char ch) { + if (ch >= '0' && ch <= '9') return ch - 48; + throw new IllegalArgumentException("Not valid digit: " + ch); + } + + public char toChar(int digit) { + return (char) (digit + 48); + } +} diff --git a/repository/src/main/java/org/apache/atlas/util/lexoRank/system/LexoNumeralSystem36.java b/repository/src/main/java/org/apache/atlas/util/lexoRank/system/LexoNumeralSystem36.java new file mode 100644 index 0000000000..731871842e --- /dev/null +++ b/repository/src/main/java/org/apache/atlas/util/lexoRank/system/LexoNumeralSystem36.java @@ -0,0 +1,36 @@ +package org.apache.atlas.util.lexoRank.system; + + +public class LexoNumeralSystem36 implements LexoNumeralSystem { + private final char[] digits = "0123456789abcdefghijklmnopqrstuvwxyz".toCharArray(); + + public String getName() { + return "Base36"; + } + + public int getBase() { + return 36; + } + + public char getPositiveChar() { + return '+'; + } + + public char getNegativeChar() { + return '-'; + } + + public char getRadixPointChar() { + return ':'; + } + + public int toDigit(char ch) { + if (ch >= '0' && ch <= '9') return ch - 48; + if (ch >= 'a' && ch <= 'z') return ch - 97 + 10; + throw new IllegalArgumentException("Not valid digit: " + ch); + } + + public char toChar(int digit) { + return digits[digit]; + } +} diff --git a/repository/src/main/java/org/apache/atlas/util/lexoRank/system/LexoNumeralSystem64.java b/repository/src/main/java/org/apache/atlas/util/lexoRank/system/LexoNumeralSystem64.java new file mode 100644 index 0000000000..89b0af2390 --- /dev/null +++ b/repository/src/main/java/org/apache/atlas/util/lexoRank/system/LexoNumeralSystem64.java @@ -0,0 +1,41 @@ +package org.apache.atlas.util.lexoRank.system; + + +public class LexoNumeralSystem64 implements LexoNumeralSystem { + + private final char[] digits = + "0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZ^_abcdefghijklmnopqrstuvwxyz".toCharArray(); + + public String getName() { + return "Base64"; + } + + public int getBase() { + return 64; + } + + public char getPositiveChar() { + return '+'; + } + + public char getNegativeChar() { + return '-'; + } + + public char getRadixPointChar() { + return ':'; + } + + public int toDigit(char ch) { + if (ch >= '0' && ch <= '9') return ch - 48; + if (ch >= 'A' && ch <= 'Z') return ch - 65 + 10; + if (ch == '^') return 36; + if (ch == '_') return 37; + if (ch >= 'a' && ch <= 'z') return ch - 97 + 38; + throw new IllegalArgumentException("Not valid digit: " + ch); + } + + public char toChar(int digit) { + return digits[digit]; + } +} diff --git a/repository/src/main/resources/atlas-servicedef-atlas.json b/repository/src/main/resources/atlas-servicedef-atlas.json new file mode 100644 index 0000000000..0539a562b9 --- /dev/null +++ b/repository/src/main/resources/atlas-servicedef-atlas.json @@ -0,0 +1,502 @@ +{ + "id": 15, + "name": "atlas", + "displayName": "atlas", + "implClass": "org.apache.atlas.services.atlas.RangerServiceAtlas", + "label": "Atlas Metadata Server", + "description": "Atlas Metadata Server", + "guid": "311a79b7-16f5-46f4-9829-a0224b9999c5", + "resources": [ + { + "itemId": 1, + "name": "type-category", + "type": "string", + "level": 10, + "mandatory": true, + "lookupSupported": true, + "recursiveSupported": false, + "excludesSupported": true, + "matcher": "org.apache.atlas.plugin.resourcematcher.RangerDefaultResourceMatcher", + "matcherOptions": { + "wildCard": "true", + "ignoreCase": "true" + }, + "label": "Type Catagory", + "description": "Type Catagory" + }, + { + "itemId": 2, + "name": "type", + "type": "string", + "level": 20, + "mandatory": true, + "parent": "type-category", + "isValidLeaf": true, + "lookupSupported": true, + "recursiveSupported": false, + "excludesSupported": true, + "matcher": "org.apache.atlas.plugin.resourcematcher.RangerDefaultResourceMatcher", + "matcherOptions": { + "wildCard": "true", + "ignoreCase": "false" + }, + "label": "Type Name", + "description": "Type Name", + "accessTypeRestrictions": ["type-read" ,"type-create", "type-update", "type-delete" ] + }, + { + "itemId": 3, + "name": "entity-type", + "type": "string", + "level": 10, + "mandatory": true, + "lookupSupported": true, + "recursiveSupported": false, + "excludesSupported": true, + "matcher": "org.apache.atlas.plugin.resourcematcher.RangerDefaultResourceMatcher", + "matcherOptions": { + "wildCard": "true", + "ignoreCase": "false" + }, + "label": "Entity Type", + "description": "Entity Type" + }, + { + "itemId": 4, + "name": "entity-classification", + "type": "string", + "level": 20, + "mandatory": true, + "parent": "entity-type", + "lookupSupported": true, + "recursiveSupported": false, + "excludesSupported": true, + "matcher": "org.apache.atlas.plugin.resourcematcher.RangerDefaultResourceMatcher", + "matcherOptions": { + "wildCard": "true", + "ignoreCase": "false" + }, + "label": "Entity Classification", + "description": "Entity Classification" + }, + { + "itemId": 5, + "name": "entity", + "type": "string", + "level": 30, + "mandatory": true, + "parent": "entity-classification", + "isValidLeaf": true, + "lookupSupported": true, + "recursiveSupported": false, + "excludesSupported": true, + "matcher": "org.apache.atlas.plugin.resourcematcher.RangerDefaultResourceMatcher", + "matcherOptions": { + "wildCard": "true", + "ignoreCase": "true" + }, + "label": "Entity ID", + "description": "Entity ID", + "accessTypeRestrictions": ["entity-read", "entity-create", "entity-update", "entity-delete"] + }, + { + "itemId": 6, + "name": "atlas-service", + "type": "string", + "level": 10, + "mandatory": true, + "lookupSupported": true, + "recursiveSupported": false, + "excludesSupported": true, + "matcher": "org.apache.atlas.plugin.resourcematcher.RangerDefaultResourceMatcher", + "matcherOptions": { + "wildCard": "true", + "ignoreCase": "true" + }, + "label": "Atlas Service", + "description": "Atlas Service", + "accessTypeRestrictions": ["admin-import", "admin-export", "admin-purge", "admin-audits", "admin-entity-audits", "admin-repair-index", "admin-task-cud"] + }, + { + "itemId": 7, + "name": "relationship-type", + "type": "string", + "level": 10, + "mandatory": true, + "lookupSupported": true, + "recursiveSupported": false, + "excludesSupported": true, + "matcher": "org.apache.atlas.plugin.resourcematcher.RangerDefaultResourceMatcher", + "matcherOptions": { + "wildCard": "true", + "ignoreCase": "false" + }, + "label": "Relationship Type", + "description": "Relationship Type" + }, + { + "itemId": 8, + "name": "end-one-entity-type", + "type": "string", + "level": 20, + "mandatory": true, + "parent": "relationship-type", + "lookupSupported": true, + "recursiveSupported": false, + "excludesSupported": true, + "matcher": "org.apache.atlas.plugin.resourcematcher.RangerDefaultResourceMatcher", + "matcherOptions": { + "wildCard": "true", + "ignoreCase": "false" + }, + "label": "End1 Entity Type", + "description": "End1 Entity Type" + }, + { + "itemId": 9, + "name": "end-one-entity-classification", + "type": "string", + "level": 30, + "mandatory": true, + "parent": "end-one-entity-type", + "lookupSupported": true, + "recursiveSupported": false, + "excludesSupported": true, + "matcher": "org.apache.atlas.plugin.resourcematcher.RangerDefaultResourceMatcher", + "matcherOptions": { + "wildCard": "true", + "ignoreCase": "false" + }, + "label": "End1 Entity Classification", + "description": "End1 Entity Classification" + }, + { + "itemId": 10, + "name": "end-one-entity", + "type": "string", + "level": 40, + "mandatory": true, + "parent": "end-one-entity-classification", + "lookupSupported": true, + "recursiveSupported": false, + "excludesSupported": true, + "matcher": "org.apache.atlas.plugin.resourcematcher.RangerDefaultResourceMatcher", + "matcherOptions": { + "wildCard": "true", + "ignoreCase": "true" + }, + "label": "End1 Entity ID", + "description": "End1 Entity ID" + }, + { + "itemId": 11, + "name": "end-two-entity-type", + "type": "string", + "level": 50, + "mandatory": true, + "parent": "end-one-entity", + "lookupSupported": true, + "recursiveSupported": false, + "excludesSupported": true, + "matcher": "org.apache.atlas.plugin.resourcematcher.RangerDefaultResourceMatcher", + "matcherOptions": { + "wildCard": "true", + "ignoreCase": "false" + }, + "label": "End2 Entity Type", + "description": "End2 Entity Type" + }, + { + "itemId": 12, + "name": "end-two-entity-classification", + "type": "string", + "level": 60, + "mandatory": true, + "parent": "end-two-entity-type", + "lookupSupported": true, + "recursiveSupported": false, + "excludesSupported": true, + "matcher": "org.apache.atlas.plugin.resourcematcher.RangerDefaultResourceMatcher", + "matcherOptions": { + "wildCard": "true", + "ignoreCase": "false" + }, + "label": "End2 Entity Classification", + "description": "End2 Entity Classification" + }, + { + "itemId": 13, + "name": "end-two-entity", + "type": "string", + "level": 70, + "mandatory": true, + "parent": "end-two-entity-classification", + "isValidLeaf": true, + "lookupSupported": true, + "recursiveSupported": false, + "excludesSupported": true, + "matcher": "org.apache.atlas.plugin.resourcematcher.RangerDefaultResourceMatcher", + "matcherOptions": { + "wildCard": "true", + "ignoreCase": "true" + }, + "label": "End2 Entity ID", + "description": "End2 Entity ID", + "accessTypeRestrictions": [ + "add-relationship", + "update-relationship", + "remove-relationship" + ] + }, + { + "itemId": 14, + "name": "entity-label", + "type": "string", + "level": 40, + "mandatory": true, + "parent": "entity", + "isValidLeaf": true, + "lookupSupported": true, + "recursiveSupported": false, + "excludesSupported": true, + "matcher": "org.apache.atlas.plugin.resourcematcher.RangerDefaultResourceMatcher", + "matcherOptions": { + "wildCard": "true", + "ignoreCase": "true" + }, + "label": "Label", + "description": "Label", + "accessTypeRestrictions": [ + "entity-add-label", + "entity-remove-label" + ] + }, + { + "itemId": 15, + "name": "entity-business-metadata", + "type": "string", + "level": 40, + "mandatory": true, + "parent": "entity", + "isValidLeaf": true, + "lookupSupported": true, + "recursiveSupported": false, + "excludesSupported": true, + "matcher": "org.apache.atlas.plugin.resourcematcher.RangerDefaultResourceMatcher", + "matcherOptions": { + "wildCard": "true", + "ignoreCase": "true" + }, + "label": "Business Metadata", + "description": "Business Metadata", + "accessTypeRestrictions": [ + "entity-update-business-metadata" + ] + }, + { + "itemId": 16, + "name": "classification", + "type": "string", + "level": 40, + "mandatory": true, + "parent": "entity", + "isValidLeaf": true, + "lookupSupported": true, + "recursiveSupported": false, + "excludesSupported": true, + "matcher": "org.apache.atlas.plugin.resourcematcher.RangerDefaultResourceMatcher", + "matcherOptions": { + "wildCard": "true", + "ignoreCase": "false" + }, + "label": "Targetted classifications", + "description": "Targetted classifications", + "accessTypeRestrictions": [ + "entity-add-classification", + "entity-update-classification", + "entity-remove-classification" + ] + } + ], + "accessTypes": [ + { + "itemId": 1, + "name": "type-create", + "label": "Create Type", + "impliedGrants": + [ + "type-read" + ] + }, + { + "itemId": 2, + "name": "type-update", + "label": "Update Type", + "impliedGrants": + [ + "type-read" + ] + }, + { + "itemId": 3, + "name": "type-delete", + "label": "Delete Type", + "impliedGrants": + [ + "type-read" + ] + }, + { + "itemId": 4, + "name": "entity-read", + "label": "Read Entity" + }, + { + "itemId": 5, + "name": "entity-create", + "label": "Create Entity" + }, + { + "itemId": 6, + "name": "entity-update", + "label": "Update Entity" + }, + { + "itemId": 7, + "name": "entity-delete", + "label": "Delete Entity" + }, + { + "itemId": 8, + "name": "entity-add-classification", + "label": "Add Classification" + }, + { + "itemId": 9, + "name": "entity-update-classification", + "label": "Update Classification" + }, + { + "itemId": 10, + "name": "entity-remove-classification", + "label": "Remove Classification" + }, + { + "itemId": 11, + "name": "admin-export", + "label": "Admin Export" + }, + { + "itemId": 12, + "name": "admin-import", + "label": "Admin Import" + }, + { + "itemId": 13, + "name": "add-relationship", + "label": "Add Relationship" + }, + { + "itemId": 14, + "name": "update-relationship", + "label": "Update Relationship" + }, + { + "itemId": 15, + "name": "remove-relationship", + "label": "Remove Relationship" + }, + { + "itemId": 16, + "name": "admin-purge", + "label": "Admin Purge" + }, + { + "itemId": 17, + "name": "entity-add-label", + "label": "Add Label" + }, + { + "itemId": 18, + "name": "entity-remove-label", + "label": "Remove Label" + }, + { + "itemId": 19, + "name": "entity-update-business-metadata", + "label": "Update Business Metadata" + }, + { + "itemId": 20, + "name": "type-read", + "label": "Read Type" + }, + { + "itemId": 21, + "name": "admin-audits", + "label": "Admin Audits" + }, + { + "itemId": 22, + "name": "admin-entity-audits", + "label": "Admin Entity Audits" + }, + { + "itemId": 23, + "name": "admin-repair-index", + "label": "Admin Repair Index" + }, + { + "itemId": 24, + "name": "admin-task-cud", + "label": "Admin task CUD API" + } + + ], + "configs": [ + { + "itemId": 1, + "name": "username", + "type": "string", + "mandatory": true, + "label": "Username" + }, + { + "itemId": 2, + "name": "password", + "type": "password", + "mandatory": true, + "label": "Password" + }, + { + "itemId": 3, + "name": "atlas.rest.address", + "type": "string", + "mandatory": true, + "defaultValue": "http://localhost:21000" + }, + { + "itemId": 4, + "name": "commonNameForCertificate", + "type": "string", + "mandatory": false, + "label": "Common Name for Certificate" + }, + + { + "itemId": 5, + "name": "ranger.plugin.audit.filters", + "type": "string", + "subType": "", + "mandatory": false, + "validationRegEx":"", + "validationMessage": "", + "uiHint":"", + "label": "Ranger Default Audit Filters", + "defaultValue": "[ {'accessResult': 'DENIED', 'isAudited': true}, {'users':['atlas'] ,'isAudited':false} ]" + } + ], + "options": { + "enableDenyAndExceptionsInPolicies": "true" + } +} diff --git a/server-api/src/main/java/org/apache/atlas/RequestContext.java b/server-api/src/main/java/org/apache/atlas/RequestContext.java index 565832b7bd..26a46ff1c5 100644 --- a/server-api/src/main/java/org/apache/atlas/RequestContext.java +++ b/server-api/src/main/java/org/apache/atlas/RequestContext.java @@ -47,6 +47,9 @@ public class RequestContext { private final Map updatedEntities = new HashMap<>(); private final Map deletedEntities = new HashMap<>(); private final Map restoreEntities = new HashMap<>(); + + + private Map lexoRankCache = null; private final Map entityCache = new HashMap<>(); private final Map entityHeaderCache = new HashMap<>(); private final Map entityExtInfoCache = new HashMap<>(); @@ -99,7 +102,6 @@ public class RequestContext { private boolean skipAuthorizationCheck = false; private Set deletedEdgesIdsForResetHasLineage = new HashSet<>(0); private String requestUri; - private boolean cacheEnabled; private boolean delayTagNotifications = false; private Map> deletedClassificationAndVertices = new HashMap<>(); @@ -162,6 +164,7 @@ public void clearCache() { this.requestContextHeaders.clear(); this.relationshipEndToVertexIdMap.clear(); this.relationshipMutationMap.clear(); + this.lexoRankCache = null; this.currentTask = null; this.skipAuthorizationCheck = false; this.delayTagNotifications = false; @@ -713,14 +716,6 @@ public String getRequestUri() { return this.requestUri; } - public void setEnableCache(boolean cacheEnabled) { - this.cacheEnabled = cacheEnabled; - } - - public boolean isCacheEnabled() { - return this.cacheEnabled; - } - public boolean isIncludeClassificationNames() { return includeClassificationNames; } @@ -788,4 +783,12 @@ public void clearMutationContext(String event) { public Map> getRelationshipMutationMap() { return relationshipMutationMap; } + + public Map getLexoRankCache() { + return lexoRankCache; + } + + public void setLexoRankCache(Map lexoRankCache) { + this.lexoRankCache = lexoRankCache; + } } \ No newline at end of file diff --git a/webapp/pom.xml b/webapp/pom.xml index 8783276f6d..35a0e8a010 100755 --- a/webapp/pom.xml +++ b/webapp/pom.xml @@ -552,7 +552,6 @@ org.apache.atlas atlas-testtools ${project.version} - test diff --git a/webapp/src/main/java/org/apache/atlas/Atlas.java b/webapp/src/main/java/org/apache/atlas/Atlas.java index 548ef6e4e7..21662f241c 100755 --- a/webapp/src/main/java/org/apache/atlas/Atlas.java +++ b/webapp/src/main/java/org/apache/atlas/Atlas.java @@ -48,6 +48,8 @@ import java.net.SocketException; import java.nio.charset.StandardCharsets; import java.nio.file.Files; +import java.time.Duration; +import java.time.Instant; import java.util.*; import static org.apache.atlas.repository.Constants.INDEX_PREFIX; @@ -139,13 +141,17 @@ public static void main(String[] args) throws Exception { final boolean enableTLS = isTLSEnabled(enableTLSFlag, appPort); configuration.setProperty(SecurityProperties.TLS_ENABLED, String.valueOf(enableTLS)); + Instant start = Instant.now(); + showStartupInfo(buildConfiguration, enableTLS, appPort); if (configuration.getProperty("atlas.graph.index.search.backend").equals("elasticsearch")) { initElasticsearch(); + LOG.info("Starting service {} in {}", "elasticsearch", Duration.between(start, Instant.now()).toMillis()); } if (configuration.getString("atlas.authorizer.impl").equalsIgnoreCase("atlas")) { initAccessAuditElasticSearch(configuration); + LOG.info("Starting service {} in {}", "auditElasticsearch", Duration.between(start, Instant.now()).toMillis()); } server = EmbeddedServer.newServer(appHost, appPort, appPath, enableTLS); diff --git a/webapp/src/main/java/org/apache/atlas/web/resources/AdminResource.java b/webapp/src/main/java/org/apache/atlas/web/resources/AdminResource.java index 71d773a879..03af22db0f 100755 --- a/webapp/src/main/java/org/apache/atlas/web/resources/AdminResource.java +++ b/webapp/src/main/java/org/apache/atlas/web/resources/AdminResource.java @@ -47,6 +47,7 @@ import org.apache.atlas.model.metrics.AtlasMetrics; import org.apache.atlas.model.patches.AtlasPatch.AtlasPatches; import org.apache.atlas.model.tasks.AtlasTask; +import org.apache.atlas.repository.Constants; import org.apache.atlas.repository.audit.AtlasAuditService; import org.apache.atlas.repository.impexp.AtlasServerService; import org.apache.atlas.repository.impexp.ExportImportAuditService; @@ -123,6 +124,8 @@ import static org.apache.atlas.AtlasErrorCode.DEPRECATED_API; import static org.apache.atlas.AtlasErrorCode.DISABLED_API; +import static org.apache.atlas.repository.Constants.*; +import static org.apache.atlas.repository.store.graph.v2.AtlasGraphUtilsV2.VERTEX_TYPE; import static org.apache.atlas.web.filters.AtlasCSRFPreventionFilter.CSRF_TOKEN; @@ -431,10 +434,23 @@ public Response healthCheck() { for (final HealthStatus healthStatus : healthStatuses) { result.put(healthStatus.name, healthStatus); } - - GraphTraversal t = graph.V().limit(1); - t.hasNext(); - result.put("cassandra", new HealthStatus("cassandra", "ok", true, new Date().toString(), "")); + Iterator vertices = graph.query() + .has(ENTITY_TYPE_PROPERTY_KEY, "AuthService") + .has(QUALIFIED_NAME, "auth_service_atlas") + .vertices().iterator(); + + if (vertices.hasNext()) { + // If vertices are found, assume Cassandra is OK. + result.put("cassandra", new HealthStatus("cassandra", "ok", true, new Date().toString(), "")); + } else { + // Fallback to alternate method to check Cassandra's status. + GraphTraversal t = graph.V().limit(1); + if (t.hasNext()) { + result.put("cassandra", new HealthStatus("cassandra", "ok", true, new Date().toString(), "")); + } else { + throw new Exception("Cassandra check failed"); + } + } } catch (Exception e) { result.put("cassandra", new HealthStatus("cassandra", "error", true, new Date().toString(), e.toString())); cassandraFailed = true; diff --git a/webapp/src/main/java/org/apache/atlas/web/rest/EntityREST.java b/webapp/src/main/java/org/apache/atlas/web/rest/EntityREST.java index c5c95bb98f..cdb5db1d10 100644 --- a/webapp/src/main/java/org/apache/atlas/web/rest/EntityREST.java +++ b/webapp/src/main/java/org/apache/atlas/web/rest/EntityREST.java @@ -895,7 +895,7 @@ public EntityMutationResponse createOrUpdate(AtlasEntitiesWithExtInfo entities, @QueryParam("replaceBusinessAttributes") @DefaultValue("false") boolean replaceBusinessAttributes, @QueryParam("overwriteBusinessAttributes") @DefaultValue("false") boolean isOverwriteBusinessAttributes) throws AtlasBaseException { AtlasPerfTracer perf = null; - RequestContext.get().setEnableCache(false); + try { if (AtlasPerfTracer.isPerfTraceEnabled(PERF_LOG)) { perf = AtlasPerfTracer.getPerfTracer(PERF_LOG, "EntityREST.createOrUpdate(entityCount=" + diff --git a/webapp/src/main/java/org/apache/atlas/web/service/AtlasDebugMetricsSink.java b/webapp/src/main/java/org/apache/atlas/web/service/AtlasDebugMetricsSink.java index ef24b861ea..ec43d3e141 100644 --- a/webapp/src/main/java/org/apache/atlas/web/service/AtlasDebugMetricsSink.java +++ b/webapp/src/main/java/org/apache/atlas/web/service/AtlasDebugMetricsSink.java @@ -19,6 +19,7 @@ import org.apache.atlas.web.model.DebugMetrics; import org.apache.commons.lang.StringUtils; +import org.apache.hadoop.hbase.shaded.org.apache.commons.configuration2.SubsetConfiguration; import org.apache.hadoop.metrics2.AbstractMetric; import org.apache.hadoop.metrics2.MetricsRecord; import org.apache.hadoop.metrics2.MetricsSink; @@ -58,10 +59,6 @@ public HashMap getMetrics() { return metricStructuredSnapshot; } - @Override - public void init(org.apache.commons.configuration2.SubsetConfiguration subsetConfiguration) { - } - @Override public void flush() { } @@ -112,4 +109,9 @@ private void updateMetricType(DebugMetrics debugMetrics, String metricType, Abst private static String inferMeasureType(String fullName, String nameWithoutMetricType) { return fullName.replaceFirst(nameWithoutMetricType, ""); } + + @Override + public void init(SubsetConfiguration subsetConfiguration) { + + } } \ No newline at end of file