Create privileges only if they aren't present (#1481)

* Create privileges only if they aren't present

* Added gradle tasks for creating privileges

* Read the privilege files from the InputStream

Author: srinathgit

marklogic-data-hub/src/main/java/com/marklogic/hub/deploy/commands/DeployHubPrivilegesCommand.java

@@ -0,0 +1,93 @@
+/*
+ * Copyright 2012-2018 MarkLogic Corporation
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *    http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package com.marklogic.hub.deploy.commands;
+
+import java.io.IOException;
+import java.io.InputStream;
+import java.util.ArrayList;
+import java.util.List;
+
+import org.apache.commons.io.IOUtils;
+import org.springframework.core.io.ClassPathResource;
+
+import com.fasterxml.jackson.databind.ObjectMapper;
+import com.fasterxml.jackson.databind.node.ObjectNode;
+import com.marklogic.appdeployer.command.CommandContext;
+import com.marklogic.appdeployer.command.security.DeployPrivilegesCommand;
+import com.marklogic.hub.error.DataHubConfigurationException;
+import com.marklogic.mgmt.ManageClient;
+import com.marklogic.mgmt.resource.ResourceManager;
+
+public class DeployHubPrivilegesCommand extends DeployPrivilegesCommand {
+	private List<String> payLoads;
+	
+	public DeployHubPrivilegesCommand() {
+		super();
+		payLoads = new ArrayList<String>();
+		try (
+			InputStream is1 = new ClassPathResource("hub-internal-config/security/privileges/dhf-internal-data-hub.json").getInputStream();
+			InputStream is2 = new ClassPathResource("hub-internal-config/security/privileges/dhf-internal-entities.json").getInputStream();
+			InputStream is3 = new ClassPathResource("hub-internal-config/security/privileges/dhf-internal-mappings.json").getInputStream();
+			InputStream is4 = new ClassPathResource("hub-internal-config/security/privileges/dhf-internal-trace-ui.json").getInputStream();
+		) {
+			this.payLoads.add(IOUtils.toString(is1, "utf-8"));
+			this.payLoads.add(IOUtils.toString(is2, "utf-8"));
+			this.payLoads.add(IOUtils.toString(is3, "utf-8"));
+			this.payLoads.add(IOUtils.toString(is4, "utf-8"));	       
+		} catch (IOException e) {
+			throw new DataHubConfigurationException(e);
+		}
+	}
+	
+	/**
+     * Deploys the privileges if they are not already present
+     * @param context The command context for execution.
+     */
+    @Override
+    public void execute(CommandContext context) {
+    	payLoads.stream().forEach((String payLoad)->{
+    		ObjectNode node = null;
+			try {
+				node = new ObjectMapper().readValue(payLoad, ObjectNode.class);
+			} catch (IOException e1) {
+				throw new DataHubConfigurationException(e1);
+			}
+        	String privName = node.get("privilege-name").asText();
+        	ManageClient manageClient = context.getManageClient();
+        	try {
+        		manageClient.getJsonAsSecurityUser("/manage/v2/privileges/"+ privName + "/properties?kind=uri");
+        	}
+        	catch(Exception e) {
+        		logger.info("Creating privilege "+privName);
+        		manageClient.postJsonAsSecurityUser("/manage/v2/privileges/", payLoad);
+        	}
+    	});    	
+    }
+    
+    /**
+     * Undeploys the privileges
+     * @param context The command context for execution.
+     */
+    @Override
+    public void undo(CommandContext context) {
+    	logger.info("Removing privileges");
+        ResourceManager mgr = getResourceManager(context);
+        for (String f : this.payLoads) {
+        	mgr.delete(f);
+            
+        }                  
+    }
+}

marklogic-data-hub/src/main/java/com/marklogic/hub/impl/DataHubImpl.java

@@ -622,6 +622,7 @@ private Map<String, List<Command>> getStagingCommands() {
         // staging deploys amps.
         List<Command> securityCommand = new ArrayList<>();
         securityCommand.add(new DeployHubAmpsCommand(hubConfig));
+        securityCommand.add(new DeployHubPrivilegesCommand());
         commandMap.put("mlSecurityCommand", securityCommand);
 
         // don't deploy rest api servers

marklogic-data-hub/src/main/java/com/marklogic/hub/impl/HubProjectImpl.java

@@ -189,26 +189,20 @@ public HubProjectImpl(String projectDirStr) {
         Path userSecurityDir = getUserSecurityDir();
         Path rolesDir = hubSecurityDir.resolve("roles");
         Path usersDir = hubSecurityDir.resolve("users");
-        Path privDir = hubSecurityDir.resolve("privileges"); 
-
+        
         Path userRolesDir = userSecurityDir.resolve("roles");
         Path userUsersDir = userSecurityDir.resolve("users");
 
         rolesDir.toFile().mkdirs();
         usersDir.toFile().mkdirs();
-        privDir.toFile().mkdirs();
+        
         userRolesDir.toFile().mkdirs();
         userUsersDir.toFile().mkdirs();
 
         writeResourceFile("hub-internal-config/security/roles/data-hub-role.json", rolesDir.resolve("data-hub-role.json"), true);
         writeResourceFile("hub-internal-config/security/users/data-hub-user.json", usersDir.resolve("data-hub-user.json"), true);
         writeResourceFile("hub-internal-config/security/roles/hub-admin-role.json", rolesDir.resolve("hub-admin-role.json"), true);
-        writeResourceFile("hub-internal-config/security/users/hub-admin-user.json", usersDir.resolve("hub-admin-user.json"), true);
-        
-        writeResourceFile("hub-internal-config/security/privileges/dhf-internal-data-hub.json", privDir.resolve("dhf-internal-data-hub.json"), true);
-        writeResourceFile("hub-internal-config/security/privileges/dhf-internal-entities.json", privDir.resolve("dhf-internal-entities.json"), true);
-        writeResourceFile("hub-internal-config/security/privileges/dhf-internal-mappings.json", privDir.resolve("dhf-internal-mappings.json"), true);
-        writeResourceFile("hub-internal-config/security/privileges/dhf-internal-trace-ui.json", privDir.resolve("dhf-internal-trace-ui.json"), true);
+        writeResourceFile("hub-internal-config/security/users/hub-admin-user.json", usersDir.resolve("hub-admin-user.json"), true);               
 
         getUserServersDir().toFile().mkdirs();
         getUserDatabaseDir().toFile().mkdirs();

ml-data-hub-plugin/src/main/groovy/com/marklogic/gradle/DataHubPlugin.groovy

@@ -95,11 +95,13 @@ class DataHubPlugin implements Plugin<Project> {
         project.tasks.replace("mlDeployRoles", DeployHubRolesTask);
         project.tasks.replace("mlDeployUsers", DeployHubUsersTask);
         project.tasks.replace("mlDeployAmps", DeployHubAmpsTask);
+        project.tasks.replace("mlDeployPrivileges", DeployHubPrivilegesTask);
         project.tasks.replace("mlUndeployRoles", UndeployHubRolesTask);
         project.tasks.replace("mlUndeployUsers", UndeployHubUsersTask);
         project.tasks.replace("mlUndeployAmps", UndeployHubAmpsTask);
+        project.tasks.replace("mlUndeployPrivileges", UndeployHubPrivilegesTask);
         project.tasks.replace("mlClearModulesDatabase", ClearDHFModulesTask)
-		project.tasks.replace("mlUpdateIndexes", UpdateIndexes)
+        project.tasks.replace("mlUpdateIndexes", UpdateIndexes)
         project.tasks.mlDeploySecurity.getDependsOn().add("mlDeployRoles");
         project.tasks.mlDeploySecurity.getDependsOn().add("mlDeployUsers");
         project.tasks.mlUndeploySecurity.getDependsOn().add("mlUndeployRoles");

ml-data-hub-plugin/src/main/groovy/com/marklogic/gradle/task/DeployHubPrivilegesTask.groovy

@@ -0,0 +1,30 @@
+/*
+ * Copyright 2012-2018 MarkLogic Corporation
+ *
+ *  Licensed under the Apache License, Version 2.0 (the "License");
+ *  you may not use this file except in compliance with the License.
+ *  You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  Unless required by applicable law or agreed to in writing, software
+ *  distributed under the License is distributed on an "AS IS" BASIS,
+ *  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *  See the License for the specific language governing permissions and
+ *  limitations under the License.
+ *
+ */
+
+package com.marklogic.gradle.task
+
+import com.marklogic.hub.deploy.commands.DeployHubPrivilegesCommand
+import org.gradle.api.tasks.TaskAction
+
+class DeployHubPrivilegesTask extends HubTask {
+
+    @TaskAction
+    void deployHubPrivileges() {
+        def cmd = new DeployHubPrivilegesCommand()
+        cmd.execute(getCommandContext())
+    }
+}

ml-data-hub-plugin/src/main/groovy/com/marklogic/gradle/task/UndeployHubPrivilegesTask.groovy

@@ -0,0 +1,12 @@
+package com.marklogic.gradle.task
+
+import com.marklogic.gradle.task.MarkLogicTask
+import org.gradle.api.tasks.TaskAction
+
+class UndeployHubPrivilegesTask extends MarkLogicTask {
+
+    @TaskAction
+    void undeployPrivileges() {
+        undeployWithCommandWithClassName("DeployHubPrivilegesCommand")
+    }
+}