This is an automated email from the ASF dual-hosted git repository.
pradeep pushed a commit to branch ranger-2.7
in repository https://gitbox.apache.org/repos/asf/ranger.git
The following commit(s) were added to refs/heads/ranger-2.7 by this push:
new 87d6a3047 RANGER-5113: API to delete multiple policies including
policy name prefix filter
87d6a3047 is described below
commit 87d6a304770411e7ccdf4ef9630cc759504b95b8
Author: Guru Thejus Arveti <[email protected]>
AuthorDate: Thu Mar 13 19:25:08 2025 +0530
RANGER-5113: API to delete multiple policies including policy name prefix
filter
---
.../ranger/plugin/store/AbstractPredicateUtil.java | 31 +++
.../apache/ranger/plugin/util/SearchFilter.java | 1 +
.../java/org/apache/ranger/biz/ServiceDBStore.java | 42 ++++
.../org/apache/ranger/common/RangerSearchUtil.java | 1 +
.../java/org/apache/ranger/rest/PublicAPIsv2.java | 26 +++
.../java/org/apache/ranger/rest/ServiceREST.java | 108 ++++++++++
.../org/apache/ranger/biz/TestServiceDBStore.java | 229 +++++++++++++++++++++
7 files changed, 438 insertions(+)
diff --git
a/agents-common/src/main/java/org/apache/ranger/plugin/store/AbstractPredicateUtil.java
b/agents-common/src/main/java/org/apache/ranger/plugin/store/AbstractPredicateUtil.java
index 39aa15513..7ac4b93ca 100644
---
a/agents-common/src/main/java/org/apache/ranger/plugin/store/AbstractPredicateUtil.java
+++
b/agents-common/src/main/java/org/apache/ranger/plugin/store/AbstractPredicateUtil.java
@@ -104,6 +104,7 @@ public void addPredicates(SearchFilter filter,
List<Predicate> predicates) {
addPredicateForPolicyPriority(filter.getParam(SearchFilter.POLICY_PRIORITY),
predicates);
addPredicateForPartialPolicyLabels(filter.getParam(SearchFilter.POLICY_LABELS_PARTIAL),
predicates);
addPredicateForZoneName(filter.getParam(SearchFilter.ZONE_NAME), predicates);
+
addPredicateForPrefixPolicyName(filter.getParam(SearchFilter.POLICY_NAME_PREFIX),
predicates);
// addPredicateForZoneId(filter.getParam(SearchFilter.ZONE_ID),
predicates); // not supported
}
@@ -383,6 +384,36 @@ public boolean evaluate(Object object) {
return ret;
}
+ private Predicate addPredicateForPrefixPolicyName(final String
policyNamePrefix, List<Predicate> predicates) {
+ if (StringUtils.isEmpty(policyNamePrefix)) {
+ return null;
+ }
+
+ Predicate ret = object -> {
+ if (object == null) {
+ return false;
+ }
+
+ boolean ret1;
+
+ if (object instanceof RangerPolicy) {
+ RangerPolicy policy = (RangerPolicy) object;
+
+ ret1 =
StringUtils.startsWithIgnoreCase(policy.getName(), policyNamePrefix);
+ } else {
+ ret1 = true;
+ }
+
+ return ret1;
+ };
+
+ if (predicates != null) {
+ predicates.add(ret);
+ }
+
+ return ret;
+ }
+
private Predicate addPredicateForPartialPolicyName(final String
policyName, List<Predicate> predicates) {
if(StringUtils.isEmpty(policyName)) {
return null;
diff --git
a/agents-common/src/main/java/org/apache/ranger/plugin/util/SearchFilter.java
b/agents-common/src/main/java/org/apache/ranger/plugin/util/SearchFilter.java
index 8a60a2dab..8f1166f05 100644
---
a/agents-common/src/main/java/org/apache/ranger/plugin/util/SearchFilter.java
+++
b/agents-common/src/main/java/org/apache/ranger/plugin/util/SearchFilter.java
@@ -71,6 +71,7 @@ public class SearchFilter {
public static final String USER_NAME_PARTIAL = "userNamePartial";
// search
public static final String SERVICE_NAME_PREFIX = "serviceNamePrefix";
// search
public static final String ZONE_NAME_PREFIX = "zoneNamePrefix";
// search
+ public static final String POLICY_NAME_PREFIX = "policyNamePrefix";
public static final String TAG_DEF_ID = "tagDefId";
// search
public static final String TAG_DEF_GUID = "tagDefGuid";
// search
diff --git
a/security-admin/src/main/java/org/apache/ranger/biz/ServiceDBStore.java
b/security-admin/src/main/java/org/apache/ranger/biz/ServiceDBStore.java
index cb9d168ac..7b2b918e1 100644
--- a/security-admin/src/main/java/org/apache/ranger/biz/ServiceDBStore.java
+++ b/security-admin/src/main/java/org/apache/ranger/biz/ServiceDBStore.java
@@ -2689,6 +2689,48 @@ public List<RangerPolicy>
getPoliciesWithMetaAttributes(List<RangerPolicy> polic
return policiesList;
}
+ public void deletePolicies(Set<RangerPolicy> policies, String
serviceName, List<Long> deletedPolicyIds) throws Exception {
+ LOG.debug("==> ServiceDBStore.deletePolicies()");
+
+ if (policies == null) {
+ policies = Collections.emptySet();
+ }
+
+ RangerService service = getServiceByName(serviceName);
+
+ if (service == null) {
+ throw new Exception(serviceName + ": service does not
exist" + serviceName);
+ }
+
+ boolean isBulkMode = RangerBizUtil.isBulkMode();
+
+ if (!isBulkMode) {
+ RangerBizUtil.setBulkMode(true);
+ }
+
+ try {
+ for (RangerPolicy policy : policies) {
+ deletePolicy(policy, service);
+
+ deletedPolicyIds.add(policy.getId());
+
+ // it's a bulk policy delete call flush and
clear
+ if (deletedPolicyIds.size() %
RangerBizUtil.POLICY_BATCH_SIZE == 0) {
+ bizUtil.bulkModeOnlyFlushAndClear();
+ }
+ }
+ } finally {
+ // Flush and Clear remaining
+ bizUtil.bulkModeOnlyFlushAndClear();
+
+ if (!isBulkMode) {
+ RangerBizUtil.setBulkMode(false);
+ }
+ }
+
+ LOG.debug("<== ServiceDBStore.deletePolicies(policyCount={}):
deletedCount={}", policies.size(), deletedPolicyIds.size());
+ }
+
private List<RangerPolicy> getServicePolicies(XXService service,
SearchFilter filter) throws Exception {
if(LOG.isDebugEnabled()) {
LOG.debug("==> ServiceDBStore.getServicePolicies()");
diff --git
a/security-admin/src/main/java/org/apache/ranger/common/RangerSearchUtil.java
b/security-admin/src/main/java/org/apache/ranger/common/RangerSearchUtil.java
index 37dd73f9e..f16fd2a1f 100644
---
a/security-admin/src/main/java/org/apache/ranger/common/RangerSearchUtil.java
+++
b/security-admin/src/main/java/org/apache/ranger/common/RangerSearchUtil.java
@@ -105,6 +105,7 @@ public SearchFilter getSearchFilter(@Nonnull
HttpServletRequest request, List<So
ret.setParam(SearchFilter.TAG_DEF_ID,
request.getParameter(SearchFilter.TAG_DEF_ID));
ret.setParam(SearchFilter.TAG_ID,
request.getParameter(SearchFilter.TAG_ID));
ret.setParam(SearchFilter.CREATED_BY,
request.getParameter(SearchFilter.CREATED_BY));
+ ret.setParam(SearchFilter.POLICY_NAME_PREFIX,
request.getParameter(SearchFilter.POLICY_NAME_PREFIX));
for (Map.Entry<String, String[]> e :
request.getParameterMap().entrySet()) {
String name = e.getKey();
diff --git
a/security-admin/src/main/java/org/apache/ranger/rest/PublicAPIsv2.java
b/security-admin/src/main/java/org/apache/ranger/rest/PublicAPIsv2.java
index d9a214099..f4cf6d904 100644
--- a/security-admin/src/main/java/org/apache/ranger/rest/PublicAPIsv2.java
+++ b/security-admin/src/main/java/org/apache/ranger/rest/PublicAPIsv2.java
@@ -68,7 +68,10 @@
import java.util.ArrayList;
import java.util.Collection;
+import java.util.Collections;
+import java.util.HashSet;
import java.util.List;
+import java.util.Set;
@Path("public/v2")
@Component
@@ -717,6 +720,29 @@ public void deletePolicyByName(@QueryParam("servicename")
String serviceName,
}
}
+ @DELETE
+ @Path("/api/policies/bulk")
+ @Produces("application/json")
+ public List<Long> deletePolicies(@Context HttpServletRequest request,
@QueryParam("serviceName") String serviceName) {
+ logger.debug("==> PublicAPIsv2.deletePolicies()");
+
+ if (StringUtils.isBlank(serviceName)) {
+ throw
restErrorUtil.createRESTException(HttpServletResponse.SC_BAD_REQUEST, "Invalid
service name", true);
+ }
+
+ Set<RangerPolicy> policies = new
HashSet<>(serviceREST.getBulkPolicies(request));
+
+ serviceREST.ensureAdminAccessForServicePolicies(serviceName,
policies);
+
+ List<Long> ret = serviceREST.deleteBulkPolicies(policies,
serviceName);
+
+ Collections.sort(ret);
+
+ logger.debug("<== PublicAPIsv2.deletePolicies()");
+
+ return ret;
+ }
+
@DELETE
@Path("/api/policy/guid/{guid}")
public void
deletePolicyByGUIDAndServiceNameAndZoneName(@PathParam("guid") String guid,
diff --git
a/security-admin/src/main/java/org/apache/ranger/rest/ServiceREST.java
b/security-admin/src/main/java/org/apache/ranger/rest/ServiceREST.java
index 4bd9c5951..fbe3463c1 100644
--- a/security-admin/src/main/java/org/apache/ranger/rest/ServiceREST.java
+++ b/security-admin/src/main/java/org/apache/ranger/rest/ServiceREST.java
@@ -3969,6 +3969,59 @@ public List<RangerPurgeResult>
purgeRecords(@QueryParam("type") String recordTyp
return ret;
}
+ public List<RangerPolicy> getBulkPolicies(@Context HttpServletRequest
request) {
+ LOG.debug("==> ServiceREST.getBulkPolicies()");
+
+ List<RangerPolicy> ret;
+
+ RangerPerfTracer perf = null;
+
+ try {
+ if (RangerPerfTracer.isPerfTraceEnabled(PERF_LOG)) {
+ perf = RangerPerfTracer.getPerfTracer(PERF_LOG,
"ServiceREST.getBulkPolicies()");
+ }
+
+ SearchFilter filter =
searchUtil.getSearchFilter(request, policyService.sortFields);
+
+ filter.setStartIndex(0);
+ filter.setMaxRows(Integer.MAX_VALUE);
+
+ ret = svcStore.getPolicies(filter);
+
+ ret = applyAdminAccessFilter(ret);
+ } catch (WebApplicationException excp) {
+ throw excp;
+ } catch (Throwable excp) {
+ LOG.error("getBulkPolicies() failed", excp);
+
+ throw
restErrorUtil.createRESTException(excp.getMessage());
+ } finally {
+ RangerPerfTracer.log(perf);
+ }
+
+ LOG.debug("<== ServiceREST.getBulkPolicies(): count={}",
ret.size());
+
+ return ret;
+ }
+
+ public List<Long> deleteBulkPolicies(Set<RangerPolicy> rangerPolicies,
String serviceName) {
+ LOG.debug("==> ServiceREST.deleteBulkPolicies()");
+ bizUtil.blockAuditorRoleUser();
+
+ List<Long> ret = new ArrayList<>();
+
+ try {
+ svcStore.deletePolicies(rangerPolicies, serviceName,
ret);
+
+ LOG.debug("<== ServiceREST.deleteBulkPolicies():
count={}", ret.size());
+ return ret;
+ } catch (Exception e) {
+ LOG.error("deleteBulkPolicies(): failed after deleting
{} of {} policies", ret.size(), rangerPolicies.size(), e);
+
+ throw restErrorUtil.createRESTException("Failed after
deleting " + ret.size() + " of " + rangerPolicies.size() + " policies." + e);
+ }
+ }
+
public RangerPolicyResource getPolicyResource(Object resourceName,
GrantRevokeRequest grantRequest) {
RangerPolicyResource ret;
if (resourceName instanceof List) {
@@ -4197,6 +4250,45 @@ void ensureAdminAndAuditAccess(RangerPolicy policy) {
ensureAdminAndAuditAccess (policy, new HashMap<String,
String>());
}
+ void ensureAdminAccessForPolicies(Set<RangerPolicy> policies, XXService
xxService, String serviceName) {
+ LOG.debug("==> ServiceREST.ensureAdminAccessForPolicies({})",
serviceName);
+
+ boolean isAdmin = bizUtil.isAdmin();
+ boolean isKeyAdmin = bizUtil.isKeyAdmin();
+ String userName = bizUtil.getCurrentUserLoginId();
+
+ XXServiceDef xServiceDef =
daoManager.getXXServiceDef().getById(xxService.getType());
+ Set<String> userGroups =
userMgr.getGroupsForUser(userName);
+ RangerPolicyAdmin policyAdmin =
getPolicyAdminForDelegatedAdmin(serviceName);
+ Set<String> roles =
policyAdmin.getRolesFromUserAndGroups(userName, userGroups);
+ Map<String, Object> evalContext = new HashMap<>();
+ boolean isKmsService =
EmbeddedServiceDefsUtil.KMS_IMPL_CLASS_NAME.equals(xServiceDef.getImplclassname());
+
+ RangerAccessRequestUtil.setCurrentUserInContext(evalContext,
userName);
+
+ Map<String, Boolean> serviceToIsAdminUserMap = new HashMap<>();
+ Map<String, Boolean> zoneToIsAdminMap = new HashMap<>();
+
+ policies.forEach(policy -> {
+ boolean isServiceAdminUser =
serviceToIsAdminUserMap.computeIfAbsent(policy.getService(), svcName ->
svcStore.isServiceAdminUser(svcName, userName));
+ boolean isZoneAdmin =
!StringUtils.isEmpty(policy.getZoneName()) &&
zoneToIsAdminMap.computeIfAbsent(policy.getZoneName(), serviceMgr::isZoneAdmin);
+ boolean isSvcAdmin = isAdmin ||
isServiceAdminUser || isZoneAdmin;
+
+ if (!isAdmin && !isKeyAdmin && !isSvcAdmin) {
+ boolean isAllowed =
policyAdmin.isDelegatedAdminAccessAllowedForModify(policy, userName,
userGroups, roles, evalContext);
+
+ if (!isAllowed) {
+ throw
restErrorUtil.createRESTException(HttpServletResponse.SC_FORBIDDEN, "User '" +
userName + "' does not have delegated-admin privilege for policy id=" +
policy.getId(), true);
+ }
+ } else {
+ if ((isAdmin && isKmsService) || (isKeyAdmin &&
!isKmsService)) {
+ throw
restErrorUtil.createRESTException(xServiceDef.getName() + " policies are not
accessible for user '" + userName + "'.", MessageEnums.OPER_NO_PERMISSION);
+ }
+ }
+ });
+ LOG.debug("<== ServiceREST.ensureAdminAccessForPolicies({})",
serviceName);
+ }
+
void ensureAdminAndAuditAccess(RangerPolicy policy, Map<String, String>
mapServiceTypeAndImplClass) {
boolean isAdmin = bizUtil.isAdmin();
boolean isKeyAdmin = bizUtil.isKeyAdmin();
@@ -4468,6 +4560,22 @@ public RangerPolicy getPolicyByName(String serviceName,
String policyName, Strin
return ret;
}
+ public void ensureAdminAccessForServicePolicies(String serviceName,
Set<RangerPolicy> policies) {
+ LOG.debug("==>
ServiceREST.ensureAdminAccessForServicePolicies({})", serviceName);
+
+ if (!policies.isEmpty()) {
+ XXService xxService =
daoManager.getXXService().findByName(serviceName);
+
+ if (xxService == null) {
+ throw
restErrorUtil.createRESTException(HttpServletResponse.SC_BAD_REQUEST,
serviceName + ": service does not exist", true);
+ }
+
+ ensureAdminAccessForPolicies(policies, xxService,
serviceName);
+ }
+
+ LOG.debug("<==
ServiceREST.ensureAdminAccessForServicePolicies({})", serviceName);
+ }
+
private RangerPolicy createPolicyUnconditionally(RangerPolicy policy)
throws Exception {
if(LOG.isDebugEnabled()) {
LOG.debug("==> ServiceREST.createPolicyUnconditionally(
"+ policy +")");
diff --git
a/security-admin/src/test/java/org/apache/ranger/biz/TestServiceDBStore.java
b/security-admin/src/test/java/org/apache/ranger/biz/TestServiceDBStore.java
index d0071860a..bda4948fe 100644
--- a/security-admin/src/test/java/org/apache/ranger/biz/TestServiceDBStore.java
+++ b/security-admin/src/test/java/org/apache/ranger/biz/TestServiceDBStore.java
@@ -20,6 +20,7 @@
import static org.mockito.ArgumentMatchers.anyString;
import java.util.ArrayList;
+import java.util.Arrays;
import java.util.Date;
import java.util.HashMap;
import java.util.HashSet;
@@ -1866,6 +1867,234 @@ public void tess28updatePolicy() throws Exception {
rangerPolicy.getVersion());
}
+ @Test
+ public void test29deletePolicies() throws Exception {
+ setup();
+ XXServiceDao xServiceDao = Mockito.mock(XXServiceDao.class);
+ XXService xService = Mockito.mock(XXService.class);
+ XXPolicyLabelMapDao xPolicyLabelMapDao =
Mockito.mock(XXPolicyLabelMapDao.class);
+
+ RangerService rangerService = rangerService();
+ RangerPolicy rangerPolicy1 = rangerPolicy();
+ RangerPolicy rangerPolicy2 = rangerPolicy();
+ rangerPolicy2.setName("HDFS_1-2-20150316062453");
+ rangerPolicy2.setId(Id + 1L);
+ rangerPolicy2.setGuid("policyguid2");
+ String name = "HDFS_1-1-20150316062453";
+
+ List<XXPolicyItem> policyItemList = new
ArrayList<XXPolicyItem>();
+ XXPolicyItem policyItem1 = new XXPolicyItem();
+ policyItem1.setAddedByUserId(Id);
+ policyItem1.setCreateTime(new Date());
+ policyItem1.setDelegateAdmin(false);
+ policyItem1.setId(Id);
+ policyItem1.setOrder(1);
+ policyItem1.setPolicyId(Id);
+ policyItem1.setUpdatedByUserId(Id);
+ policyItem1.setUpdateTime(new Date());
+ policyItemList.add(policyItem1);
+
+ XXPolicyItem policyItem2 = new XXPolicyItem();
+ policyItem2.setAddedByUserId(Id);
+ policyItem2.setCreateTime(new Date());
+ policyItem2.setDelegateAdmin(false);
+ policyItem2.setId(Id + 1L);
+ policyItem2.setOrder(2);
+ policyItem2.setPolicyId(Id + 1L);
+ policyItem2.setUpdatedByUserId(Id);
+ policyItem2.setUpdateTime(new Date());
+ policyItemList.add(policyItem2);
+
+ List<XXPolicyItemCondition> policyItemConditionList = new
ArrayList<XXPolicyItemCondition>();
+ XXPolicyItemCondition policyItemCondition1 = new
XXPolicyItemCondition();
+ policyItemCondition1.setAddedByUserId(Id);
+ policyItemCondition1.setCreateTime(new Date());
+ policyItemCondition1.setType(1L);
+ policyItemCondition1.setId(Id);
+ policyItemCondition1.setOrder(1);
+ policyItemCondition1.setPolicyItemId(Id);
+ policyItemCondition1.setUpdatedByUserId(Id);
+ policyItemCondition1.setUpdateTime(new Date());
+ policyItemConditionList.add(policyItemCondition1);
+
+ XXPolicyItemCondition policyItemCondition2 = new
XXPolicyItemCondition();
+ policyItemCondition2.setAddedByUserId(Id);
+ policyItemCondition2.setCreateTime(new Date());
+ policyItemCondition2.setType(1L);
+ policyItemCondition2.setId(Id + 1L);
+ policyItemCondition2.setOrder(2);
+ policyItemCondition2.setPolicyItemId(Id + 1L);
+ policyItemCondition2.setUpdatedByUserId(Id);
+ policyItemCondition2.setUpdateTime(new Date());
+ policyItemConditionList.add(policyItemCondition2);
+
+ List<XXPolicyItemGroupPerm> policyItemGroupPermList = new
ArrayList<XXPolicyItemGroupPerm>();
+ XXPolicyItemGroupPerm policyItemGroupPerm1 = new
XXPolicyItemGroupPerm();
+ policyItemGroupPerm1.setAddedByUserId(Id);
+ policyItemGroupPerm1.setCreateTime(new Date());
+ policyItemGroupPerm1.setGroupId(Id);
+
+ XXPolicyItemGroupPerm policyItemGroupPerm2 = new
XXPolicyItemGroupPerm();
+ policyItemGroupPerm2.setAddedByUserId(Id);
+ policyItemGroupPerm2.setCreateTime(new Date());
+ policyItemGroupPerm2.setGroupId(Id);
+
+ List<XXServiceConfigMap> xConfMapList = new
ArrayList<XXServiceConfigMap>();
+ XXServiceConfigMap xConfMap1 = new XXServiceConfigMap();
+ xConfMap1.setAddedByUserId(null);
+ xConfMap1.setConfigkey(name);
+ xConfMap1.setConfigvalue(name);
+ xConfMap1.setCreateTime(new Date());
+ xConfMap1.setServiceId(null);
+ xConfMap1.setId(Id);
+ xConfMap1.setUpdatedByUserId(null);
+ xConfMap1.setUpdateTime(new Date());
+ xConfMapList.add(xConfMap1);
+
+ XXServiceConfigMap xConfMap2 = new XXServiceConfigMap();
+ xConfMap2.setAddedByUserId(null);
+ xConfMap2.setConfigkey(name);
+ xConfMap2.setConfigvalue(name);
+ xConfMap2.setCreateTime(new Date());
+ xConfMap2.setServiceId(null);
+ xConfMap2.setId(Id + 1L);
+ xConfMap2.setUpdatedByUserId(null);
+ xConfMap2.setUpdateTime(new Date());
+ xConfMapList.add(xConfMap2);
+
+ policyItemGroupPerm1.setId(Id);
+ policyItemGroupPerm1.setOrder(1);
+ policyItemGroupPerm1.setPolicyItemId(Id);
+ policyItemGroupPerm1.setUpdatedByUserId(Id);
+ policyItemGroupPerm1.setUpdateTime(new Date());
+ policyItemGroupPermList.add(policyItemGroupPerm1);
+
+ policyItemGroupPerm2.setId(Id + 1L);
+ policyItemGroupPerm2.setOrder(2);
+ policyItemGroupPerm2.setPolicyItemId(Id + 1L);
+ policyItemGroupPerm2.setUpdatedByUserId(Id);
+ policyItemGroupPerm2.setUpdateTime(new Date());
+ policyItemGroupPermList.add(policyItemGroupPerm2);
+
+ List<XXPolicyItemUserPerm> policyItemUserPermList = new
ArrayList<XXPolicyItemUserPerm>();
+ XXPolicyItemUserPerm policyItemUserPerm1 = new
XXPolicyItemUserPerm();
+ policyItemUserPerm1.setAddedByUserId(Id);
+ policyItemUserPerm1.setCreateTime(new Date());
+ policyItemUserPerm1.setPolicyItemId(Id);
+ policyItemUserPerm1.setId(Id);
+ policyItemUserPerm1.setOrder(1);
+ policyItemUserPerm1.setUpdatedByUserId(Id);
+ policyItemUserPerm1.setUpdateTime(new Date());
+ policyItemUserPermList.add(policyItemUserPerm1);
+
+ XXPolicyItemUserPerm policyItemUserPerm2 = new
XXPolicyItemUserPerm();
+ policyItemUserPerm2.setAddedByUserId(Id);
+ policyItemUserPerm2.setCreateTime(new Date());
+ policyItemUserPerm2.setPolicyItemId(Id + 1L);
+ policyItemUserPerm2.setId(Id + 1L);
+ policyItemUserPerm2.setOrder(2);
+ policyItemUserPerm2.setUpdatedByUserId(Id);
+ policyItemUserPerm2.setUpdateTime(new Date());
+ policyItemUserPermList.add(policyItemUserPerm2);
+
+ List<XXPolicyItemAccess> policyItemAccessList = new
ArrayList<XXPolicyItemAccess>();
+ XXPolicyItemAccess policyItemAccess1 = new XXPolicyItemAccess();
+ policyItemAccess1.setAddedByUserId(Id);
+ policyItemAccess1.setCreateTime(new Date());
+ policyItemAccess1.setPolicyitemid(Id);
+ policyItemAccess1.setId(Id);
+ policyItemAccess1.setOrder(1);
+ policyItemAccess1.setUpdatedByUserId(Id);
+ policyItemAccess1.setUpdateTime(new Date());
+ policyItemAccessList.add(policyItemAccess1);
+
+ XXPolicyItemAccess policyItemAccess2 = new XXPolicyItemAccess();
+ policyItemAccess2.setAddedByUserId(Id);
+ policyItemAccess2.setCreateTime(new Date());
+ policyItemAccess2.setPolicyitemid(Id + 1L);
+ policyItemAccess2.setId(Id + 1L);
+ policyItemAccess2.setOrder(2);
+ policyItemAccess2.setUpdatedByUserId(Id);
+ policyItemAccess2.setUpdateTime(new Date());
+ policyItemAccessList.add(policyItemAccess2);
+
+ List<XXPolicyResource> policyResourceList = new
ArrayList<XXPolicyResource>();
+ XXPolicyResource policyResource1 = new XXPolicyResource();
+ policyResource1.setId(Id);
+ policyResource1.setCreateTime(new Date());
+ policyResource1.setAddedByUserId(Id);
+ policyResource1.setIsExcludes(false);
+ policyResource1.setIsRecursive(false);
+ policyResource1.setPolicyId(Id);
+ policyResource1.setResDefId(Id);
+ policyResource1.setUpdatedByUserId(Id);
+ policyResource1.setUpdateTime(new Date());
+ policyResourceList.add(policyResource1);
+
+ XXPolicyResource policyResource2 = new XXPolicyResource();
+ policyResource2.setId(Id + 1L);
+ policyResource2.setCreateTime(new Date());
+ policyResource2.setAddedByUserId(Id);
+ policyResource2.setIsExcludes(false);
+ policyResource2.setIsRecursive(false);
+ policyResource2.setPolicyId(Id + 1L);
+ policyResource2.setResDefId(Id);
+ policyResource2.setUpdatedByUserId(Id);
+ policyResource2.setUpdateTime(new Date());
+ policyResourceList.add(policyResource2);
+
+ XXPolicyResourceMap policyResourceMap1 = new
XXPolicyResourceMap();
+ policyResourceMap1.setAddedByUserId(Id);
+ policyResourceMap1.setCreateTime(new Date());
+ policyResourceMap1.setId(Id);
+ policyResourceMap1.setOrder(1);
+ policyResourceMap1.setResourceId(Id);
+ policyResourceMap1.setUpdatedByUserId(Id);
+ policyResourceMap1.setUpdateTime(new Date());
+ policyResourceMap1.setValue("1L");
+
+ XXPolicyResourceMap policyResourceMap2 = new
XXPolicyResourceMap();
+ policyResourceMap2.setAddedByUserId(Id);
+ policyResourceMap2.setCreateTime(new Date());
+ policyResourceMap2.setId(Id + 1L);
+ policyResourceMap2.setOrder(2);
+ policyResourceMap2.setResourceId(Id);
+ policyResourceMap2.setUpdatedByUserId(Id);
+ policyResourceMap2.setUpdateTime(new Date());
+ policyResourceMap2.setValue("2L");
+
+ List<XXServiceConfigDef> xServiceConfigDefList = new
ArrayList<XXServiceConfigDef>();
+ XXServiceConfigDef serviceConfigDefObj = new
XXServiceConfigDef();
+ serviceConfigDefObj.setId(Id);
+ xServiceConfigDefList.add(serviceConfigDefObj);
+
+ Mockito.when(daoManager.getXXService()).thenReturn(xServiceDao);
+ Mockito.when(xServiceDao.findByName(name)).thenReturn(xService);
+
Mockito.when(svcService.getPopulatedViewObject(xService)).thenReturn(
+ rangerService);
+
+ Mockito.when(daoManager.getXXService()).thenReturn(xServiceDao);
+ Mockito.when(xServiceDao.getById(Id)).thenReturn(xService);
+
+ Mockito.when(daoManager.getXXService()).thenReturn(xServiceDao);
+
Mockito.when(xServiceDao.getById(rangerService.getId())).thenReturn(
+ xService);
+
Mockito.when(daoManager.getXXPolicyLabelMap()).thenReturn(xPolicyLabelMapDao);
+
Mockito.when(xPolicyLabelMapDao.findByPolicyId(rangerPolicy1.getId())).thenReturn(ListUtils.EMPTY_LIST);
+
+
Mockito.when(daoManager.getXXPolicyLabelMap()).thenReturn(xPolicyLabelMapDao);
+
Mockito.when(xPolicyLabelMapDao.findByPolicyId(rangerPolicy2.getId())).thenReturn(ListUtils.EMPTY_LIST);
+
+ Mockito.when(!bizUtil.hasAccess(xService,
null)).thenReturn(true);
+
Mockito.when(policyRefUpdater.cleanupRefTables(rangerPolicy1)).thenReturn(true);
+
Mockito.when(policyRefUpdater.cleanupRefTables(rangerPolicy2)).thenReturn(true);
+
+ serviceDBStore.deletePolicies(new
HashSet<>(Arrays.asList(rangerPolicy1, rangerPolicy2)), name, new
ArrayList<>());
+ Mockito.verify(policyService,
Mockito.times(1)).delete(rangerPolicy1);
+ Mockito.verify(policyService,
Mockito.times(1)).delete(rangerPolicy2);
+ Mockito.verify(bizUtil,
Mockito.atLeast(1)).bulkModeOnlyFlushAndClear();
+ }
+
@Test
public void tess29deletePolicy() throws Exception {
setup();
