RANGER-4447: added API to get security-zone summary

Signed-off-by: Madhan Neethiraj <[email protected]>

agents-common/src/main/java/org/apache/ranger/plugin/model/RangerSecurityZone.java

@@ -19,6 +19,8 @@
 
 package org.apache.ranger.plugin.model;
 
+import org.apache.ranger.plugin.model.RangerPrincipal.PrincipalType;
+
 import org.codehaus.jackson.annotate.JsonAutoDetect;
 import org.codehaus.jackson.annotate.JsonIgnoreProperties;
 import org.codehaus.jackson.map.annotate.JsonSerialize;
@@ -206,5 +208,117 @@ public String toString() {
             return sb.toString();
         }
     }
+
+    @JsonAutoDetect(fieldVisibility=JsonAutoDetect.Visibility.ANY)
+    @JsonSerialize(include=JsonSerialize.Inclusion.NON_EMPTY)
+    @JsonIgnoreProperties(ignoreUnknown=true)
+    public static class SecurityZoneSummary extends RangerBaseModelObject implements java.io.Serializable {
+        private static final long serialVersionUID = 1L;
+
+        private String                      name;
+        private String                      description;
+        private Long                        totalResourceCount;
+        private Map<PrincipalType, Integer> adminCount;
+        private Map<PrincipalType, Integer> auditorCount;
+        private List<String>                tagServices;
+        private List<ZoneServiceSummary>    services;
+
+        public String getName() {
+            return name;
+        }
+
+        public void setName(String name) {
+            this.name = name;
+        }
+
+        public String getDescription() {
+            return description;
+        }
+
+        public void setDescription(String description) {
+            this.description = description;
+        }
+
+        public Long getTotalResourceCount() {
+            return totalResourceCount;
+        }
+
+        public void setTotalResourceCount(Long totalResourceCount) {
+            this.totalResourceCount = totalResourceCount;
+        }
+
+        public Map<PrincipalType, Integer> getAdminCount() {
+            return adminCount;
+        }
+
+        public void setAdminCount(Map<PrincipalType, Integer> adminCount) {
+            this.adminCount = adminCount;
+        }
+
+        public Map<PrincipalType, Integer> getAuditorCount() {
+            return auditorCount;
+        }
+
+        public void setAuditorCount(Map<PrincipalType, Integer> auditorCount) {
+            this.auditorCount = auditorCount;
+        }
+
+        public List<String> getTagServices() {
+            return tagServices;
+        }
+
+        public void setTagServices(List<String> tagServices) {
+            this.tagServices = tagServices;
+        }
+
+        public List<ZoneServiceSummary> getServices() {
+            return services;
+        }
+
+        public void setServices(List<ZoneServiceSummary> services) {
+            this.services = services;
+        }
+    }
+
+    public static class ZoneServiceSummary implements java.io.Serializable {
+        private static final long serialVersionUID = 1L;
+
+        private Long   id;
+        private String name;
+        private String type;
+        private Long   resourceCount;
+
+        public Long getId() {
+            return id;
+        }
+
+        public void setId(Long id) {
+            this.id = id;
+        }
+
+        public String getName() {
+            return name;
+        }
+
+        public void setName(String name) {
+            this.name = name;
+        }
+
+        public String getType() {
+            return type;
+        }
+
+        public void setType(String type) {
+            this.type = type;
+        }
+
+        public Long getResourceCount() {
+            return resourceCount;
+        }
+
+        public void setResourceCount(Long resourceCount) {
+            this.resourceCount = resourceCount;
+        }
+    }
 }
 

security-admin/src/main/java/org/apache/ranger/biz/SecurityZoneDBStore.java

@@ -19,24 +19,33 @@
 
 import java.io.IOException;
 import java.util.ArrayList;
+import java.util.Collections;
 import java.util.HashMap;
 import java.util.List;
 import java.util.Map;
 
 import javax.annotation.PostConstruct;
 
 import org.apache.commons.collections.CollectionUtils;
+import org.apache.commons.collections4.MapUtils;
 import org.apache.commons.lang.StringUtils;
 import org.apache.ranger.authorization.utils.StringUtil;
 import org.apache.ranger.common.MessageEnums;
 import org.apache.ranger.common.RESTErrorUtil;
 import org.apache.ranger.db.RangerDaoManager;
 import org.apache.ranger.entity.XXSecurityZone;
+import org.apache.ranger.entity.XXService;
+import org.apache.ranger.entity.XXServiceDef;
 import org.apache.ranger.entity.XXTrxLog;
 import org.apache.ranger.plugin.model.RangerSecurityZone;
 import org.apache.ranger.plugin.model.RangerSecurityZoneHeaderInfo;
 import org.apache.ranger.plugin.model.RangerServiceHeaderInfo;
+import org.apache.ranger.plugin.model.RangerPrincipal.PrincipalType;
+import org.apache.ranger.plugin.model.RangerSecurityZone.RangerSecurityZoneService;
+import org.apache.ranger.plugin.model.RangerSecurityZone.SecurityZoneSummary;
+import org.apache.ranger.plugin.model.RangerSecurityZone.ZoneServiceSummary;
 import org.apache.ranger.plugin.store.AbstractPredicateUtil;
+import org.apache.ranger.plugin.store.PList;
 import org.apache.ranger.plugin.store.SecurityZonePredicateUtil;
 import org.apache.ranger.plugin.store.SecurityZoneStore;
 import org.apache.ranger.plugin.util.SearchFilter;
@@ -71,6 +80,9 @@ public class SecurityZoneDBStore implements SecurityZoneStore {
 
     AbstractPredicateUtil predicateUtil = null;
 
+    @Autowired
+    ServiceMgr serviceMgr;
+
     public void init() throws Exception {}
 
     @PostConstruct
@@ -252,4 +264,95 @@ public List<RangerSecurityZoneHeaderInfo> getSecurityZoneHeaderInfoListByService
         }
         return daoMgr.getXXSecurityZoneDao().findAllZoneHeaderInfosByServiceId(serviceId,isTagService);
     }
+
+    public PList<SecurityZoneSummary> getZonesSummary(SearchFilter filter) throws Exception {
+        int maxRows    = filter.getMaxRows();
+        int startIndex = filter.getStartIndex();
+
+        filter.setStartIndex(0);
+        filter.setMaxRows(0);
+
+        List<RangerSecurityZone>  securityZones = getSecurityZones(filter);
+        List<SecurityZoneSummary> summaryList   = new ArrayList<>();
+
+        for (RangerSecurityZone securityZone : securityZones) {
+            if (serviceMgr.isZoneAdmin(securityZone.getName()) || serviceMgr.isZoneAuditor(securityZone.getName())) {
+                summaryList.add(toSecurityZoneSummary(securityZone));
+            }
+        }
+
+        List<SecurityZoneSummary>  paginatedList;
+
+        if (summaryList.size() > startIndex) {
+            int endIndex = Math.min((startIndex + maxRows), summaryList.size());
+
+            paginatedList = summaryList.subList(startIndex, endIndex);
+        } else {
+            paginatedList = Collections.emptyList();
+        }
+
+        PList<SecurityZoneSummary> ret = new PList<>(paginatedList, startIndex, maxRows, summaryList.size(), paginatedList.size(), filter.getSortType(), filter.getSortBy());
+
+        return ret;
+    }
+
+    private SecurityZoneSummary toSecurityZoneSummary(RangerSecurityZone securityZone) {
+        SecurityZoneSummary ret = new SecurityZoneSummary();
+
+        ret.setId(securityZone.getId());
+        ret.setName(securityZone.getName());
+        ret.setDescription(securityZone.getDescription());
+        ret.setGuid(securityZone.getGuid());
+        ret.setCreateTime(securityZone.getCreateTime());
+        ret.setUpdateTime(securityZone.getUpdateTime());
+        ret.setCreatedBy(securityZone.getCreatedBy());
+        ret.setUpdatedBy(securityZone.getUpdatedBy());
+        ret.setVersion(ret.getVersion());
+        ret.setIsEnabled(securityZone.getIsEnabled());
+        ret.setTagServices(securityZone.getTagServices());
+
+        Map<PrincipalType, Integer> adminCount   = new HashMap<>();
+        Map<PrincipalType, Integer> auditorCount = new HashMap<>();
+
+        adminCount.put(PrincipalType.USER, securityZone.getAdminUsers().size());
+        adminCount.put(PrincipalType.GROUP, securityZone.getAdminUserGroups().size());
+        adminCount.put(PrincipalType.ROLE, securityZone.getAdminRoles().size());
+
+        auditorCount.put(PrincipalType.USER, securityZone.getAuditUsers().size());
+        auditorCount.put(PrincipalType.GROUP, securityZone.getAuditUserGroups().size());
+        auditorCount.put(PrincipalType.ROLE, securityZone.getAuditRoles().size());
+
+        ret.setAdminCount(adminCount);
+        ret.setAuditorCount(auditorCount);
+
+        List<ZoneServiceSummary> services = getSecurityZoneServiceSummary(securityZone);
+
+        ret.setServices(services);
+        ret.setTotalResourceCount(services.stream().mapToLong(ZoneServiceSummary::getResourceCount).sum());
+
+        return ret;
+    }
+
+    private List<ZoneServiceSummary> getSecurityZoneServiceSummary(RangerSecurityZone securityZone) {
+        List<ZoneServiceSummary> ret = new ArrayList<>();
+
+        if(MapUtils.isNotEmpty(securityZone.getServices())) {
+            for(Map.Entry<String, RangerSecurityZoneService> entry : securityZone.getServices().entrySet()) {
+                String                    serviceName = entry.getKey();
+                RangerSecurityZoneService zoneService = entry.getValue();
+                XXService                 xService    = daoMgr.getXXService().findByName(serviceName);
+                XXServiceDef              serviceDef  = daoMgr.getXXServiceDef().getById(xService.getType());
+                ZoneServiceSummary        summary     = new ZoneServiceSummary();
+
+                summary.setId(xService.getId());
+                summary.setName(serviceName);
+                summary.setType(serviceDef.getName());
+                summary.setResourceCount((long)zoneService.getResources().size());
+
+                ret.add(summary);
+            }
+        }
+
+        return ret;
+    }
 }

security-admin/src/main/java/org/apache/ranger/rest/SecurityZoneREST.java

@@ -62,6 +62,7 @@
 import org.apache.ranger.plugin.model.RangerSecurityZone;
 import org.apache.ranger.plugin.model.RangerSecurityZoneHeaderInfo;
 import org.apache.ranger.plugin.model.RangerSecurityZoneV2;
+import org.apache.ranger.plugin.model.RangerSecurityZone.SecurityZoneSummary;
 import org.apache.ranger.plugin.model.validation.RangerSecurityZoneValidator;
 import org.apache.ranger.plugin.model.validation.RangerValidator;
 import org.apache.ranger.plugin.store.PList;
@@ -110,10 +111,10 @@ public class SecurityZoneREST {
 
     @Autowired
     RangerValidatorFactory validatorFactory;
-    
+
     @Autowired
     RangerBizUtil bizUtil;
-    
+
 	@Autowired
 	ServiceREST serviceRest;
 
@@ -420,6 +421,36 @@ public List<RangerSecurityZoneHeaderInfo> getSecurityZoneHeaderInfoListByService
         return ret;
     }
 
+    @GET
+    @Path("/summary")
+    @Produces({ "application/json" })
+    public PList<SecurityZoneSummary> getZonesSummary(@Context HttpServletRequest request) {
+        if (LOG.isDebugEnabled()) {
+            LOG.debug("==> getZonesSummary()");
+        }
+
+        if (!bizUtil.hasModuleAccess(RangerConstants.MODULE_SECURITY_ZONE)) {
+            throw restErrorUtil.createRESTException(STR_USER_NOT_AUTHORIZED_TO_ACCESS_ZONE, MessageEnums.OPER_NO_PERMISSION);
+        }
+
+        PList<SecurityZoneSummary>   ret    = null;
+        SearchFilter                 filter = searchUtil.getSearchFilter(request, securityZoneService.sortFields);
+        try {
+            ret = securityZoneStore.getZonesSummary(filter);
+        } catch (WebApplicationException excp) {
+            throw excp;
+        } catch (Throwable excp) {
+            LOG.error("getZonesSummary() failed", excp);
+
+            throw restErrorUtil.createRESTException(excp.getMessage());
+        }
+
+        if (LOG.isDebugEnabled()) {
+            LOG.debug("<== getZonesSummary():" + ret);
+        }
+        return ret;
+    }
+
     public RangerSecurityZoneV2 createSecurityZone(RangerSecurityZoneV2 securityZone) {
         LOG.debug("==> createSecurityZone({})", securityZone);