RANGER-3846: Ranger DB patch 058 failing when multiple policies havin…

…g same resourceSignature

security-admin/src/main/java/org/apache/ranger/biz/RangerPolicyRetriever.java

@@ -343,7 +343,7 @@ String getUserScreenName(Long userId) {
 				ret = userScreenNames.get(userId);
 
 				if(ret == null) {
-					XXPortalUser user = daoMgr.getXXPortalUser().getById(userId);
+					XXPortalUser user = daoMgr.getXXPortalUser().findById(userId);
 
 					if(user != null) {
 						ret = user.getPublicScreenName();

security-admin/src/main/java/org/apache/ranger/db/XXPolicyDao.java

@@ -18,7 +18,9 @@
 package org.apache.ranger.db;
 
 import java.util.ArrayList;
+import java.util.HashMap;
 import java.util.List;
+import java.util.Map;
 
 import javax.persistence.NoResultException;
 
@@ -356,4 +358,34 @@ public List<XXPolicy> findPolicyByGUIDAndServiceIdAndZoneId(String guid, Long se
 		}
 		return ret;
 	}
+
+	public Map<String, Long> findDuplicatePoliciesByServiceAndResourceSignature() {
+		Map<String, Long> policies = new HashMap<String, Long>();
+		try {
+			List<Object[]> rows = (List<Object[]>) getEntityManager().createNamedQuery("XXPolicy.findDuplicatePoliciesByServiceAndResourceSignature").getResultList();
+			if (rows != null) {
+				for (Object[] row : rows) {
+					policies.put((String) row[0], (Long) row[1]);
+				}
+			}
+		} catch (NoResultException e) {
+			return null;
+		} catch (Exception ex) {
+		}
+		return policies;
+	}
+
+	public List<XXPolicy> findByServiceIdAndResourceSignature(Long serviceId, String policySignature) {
+		if (policySignature == null || serviceId == null) {
+			return new ArrayList<XXPolicy>();
+		}
+		try {
+			return getEntityManager().createNamedQuery("XXPolicy.findByServiceIdAndResourceSignature", tClass)
+					.setParameter("serviceId", serviceId)
+					.setParameter("resSignature", policySignature)
+					.getResultList();
+		} catch (NoResultException e) {
+			return new ArrayList<XXPolicy>();
+		}
+	}
 }

security-admin/src/main/java/org/apache/ranger/db/XXPortalUserDao.java

@@ -128,4 +128,25 @@ public List<XXPortalUser> findByUserSourceAndStatus(final int source, final int
 			return null;
 		}
 	}
+
+	public XXPortalUser findById(Long id) {
+		XXPortalUser xXPortalUser = null;
+		if (id == null) {
+			return xXPortalUser;
+		}
+		try {
+			xXPortalUser = new XXPortalUser();
+			Object[] row = (Object[]) getEntityManager().createNamedQuery("XXPortalUser.findById").setParameter("id", id).getSingleResult();
+			if (row != null) {
+				xXPortalUser.setFirstName((String) row[0]);
+				xXPortalUser.setLastName((String) row[1]);
+				xXPortalUser.setPublicScreenName((String) row[2]);
+				xXPortalUser.setLoginId((String) row[3]);
+				return xXPortalUser;
+			}
+		} catch (NoResultException e) {
+			return null;
+		}
+		return xXPortalUser;
+	}
 }

security-admin/src/main/java/org/apache/ranger/patch/PatchPreSql_058_ForUpdateToUniqueResoureceSignature_J10053.java

@@ -17,14 +17,18 @@
 
 package org.apache.ranger.patch;
 
+import java.util.Iterator;
 import java.util.List;
+import java.util.Map;
 
 import org.apache.commons.collections.CollectionUtils;
 import org.apache.ranger.authorization.utils.JsonUtils;
 import org.apache.ranger.biz.ServiceDBStore;
 import org.apache.ranger.common.RangerFactory;
 import org.apache.ranger.db.RangerDaoManager;
+import org.apache.ranger.db.XXPolicyLabelMapDao;
 import org.apache.ranger.entity.XXPolicy;
+import org.apache.ranger.entity.XXPolicyLabelMap;
 import org.apache.ranger.plugin.model.RangerPolicy;
 import org.apache.ranger.plugin.model.RangerPolicyResourceSignature;
 import org.apache.ranger.util.CLIUtil;
@@ -89,6 +93,7 @@ public void execLoad() {
 
 		try {
 			updateDisabledPolicyResourceSignature();
+			removeDuplicateResourceSignaturesPolicies();
 		} catch (Exception e) {
 			logger.error("Error while PatchPreSql_058_ForUpdateToUniqueResoureceSignature_J10053()", e);
 			System.exit(1);
@@ -128,4 +133,49 @@ private void updateDisabledPolicyResourceSignature() throws Exception {
 		}
 	}
 
+	private void removeDuplicateResourceSignaturesPolicies() throws Exception {
+		logger.info("==> removeDuplicateResourceSignaturesPolicies() ");
+		Map<String, Long> duplicateEntries = daoMgr.getXXPolicy().findDuplicatePoliciesByServiceAndResourceSignature();
+		if (duplicateEntries != null && duplicateEntries.size() > 0) {
+			logger.info("Total number of possible duplicate policies:" + duplicateEntries.size());
+			for (Map.Entry<String, Long> entry : duplicateEntries.entrySet()) {
+				logger.info("Duplicate policy Entry - {ResourceSignature:" + entry.getKey() + ", ServiceId:" + entry.getValue() + "}");
+				List<XXPolicy> xxPolicyList = daoMgr.getXXPolicy().findByServiceIdAndResourceSignature(entry.getValue(), entry.getKey());
+				if (CollectionUtils.isNotEmpty(xxPolicyList) && xxPolicyList.size() > 1) {
+					Iterator<XXPolicy> duplicatePolicies = xxPolicyList.iterator();
+					duplicatePolicies.next();
+					while (duplicatePolicies.hasNext()) {
+						XXPolicy xxPolicy = duplicatePolicies.next();
+						if (xxPolicy != null) {
+							logger.info("Attempting to Remove duplicate policy:{" + xxPolicy.getId() + ":" + xxPolicy.getName() + "}");
+							if (cleanupRefTables(xxPolicy.getId())) {
+								daoMgr.getXXPolicy().remove(xxPolicy.getId());
+							}
+						}
+					}
+				}
+			}
+		} else {
+			logger.info("no duplicate Policy found");
+		}
+	}
+
+	private Boolean cleanupRefTables(Long policyId) {
+		if (policyId == null) {
+			return false;
+		}
+		daoMgr.getXXPolicyRefResource().deleteByPolicyId(policyId);
+		daoMgr.getXXPolicyRefRole().deleteByPolicyId(policyId);
+		daoMgr.getXXPolicyRefGroup().deleteByPolicyId(policyId);
+		daoMgr.getXXPolicyRefUser().deleteByPolicyId(policyId);
+		daoMgr.getXXPolicyRefAccessType().deleteByPolicyId(policyId);
+		daoMgr.getXXPolicyRefCondition().deleteByPolicyId(policyId);
+		daoMgr.getXXPolicyRefDataMaskType().deleteByPolicyId(policyId);
+		XXPolicyLabelMapDao policyLabelMapDao = daoMgr.getXXPolicyLabelMap();
+		List<XXPolicyLabelMap> xxPolicyLabelMaps = policyLabelMapDao.findByPolicyId(policyId);
+		for (XXPolicyLabelMap xxPolicyLabelMap : xxPolicyLabelMaps) {
+			policyLabelMapDao.remove(xxPolicyLabelMap);
+		}
+		return true;
+	}
 }

security-admin/src/main/resources/META-INF/jpa_named_queries.xml

@@ -418,6 +418,14 @@
 		<query>select obj from XXPolicy obj, XXService svc, XXSecurityZone zone where obj.guid = :guid and obj.service = svc.id and svc.name = :serviceName and obj.zoneId = zone.id and zone.name = :zoneName</query>
 	</named-query>
 
+	<named-query name="XXPolicy.findDuplicatePoliciesByServiceAndResourceSignature">
+		<query>select obj.resourceSignature, obj.service from XXPolicy obj GROUP BY obj.resourceSignature, obj.service HAVING COUNT(obj.resourceSignature) > 1</query>
+	</named-query>
+
+	<named-query name="XXPolicy.findByServiceIdAndResourceSignature">
+		<query>select obj from XXPolicy obj where obj.service = :serviceId and obj.resourceSignature = :resSignature</query>
+	</named-query>
+
 	<!-- XXServiceDef -->
 	<named-query name="XXServiceDef.findByName">
 		<query>select obj from XXServiceDef obj where obj.name = :name</query>
@@ -1192,6 +1200,10 @@
 		<query>SELECT obj FROM XXPortalUser obj WHERE obj.userSource=:userSource and obj.status=:status</query>
 	</named-query>
 
+	<named-query name="XXPortalUser.findById">
+		<query>SELECT obj.firstName, obj.lastName, obj.publicScreenName, obj.loginId FROM XXPortalUser obj WHERE obj.id=:id</query>
+	</named-query>
+
 	<!-- VXModuleDef -->
 	<named-query name="XXModuleDef.findByModuleId">
 		<query>SELECT obj FROM XXModuleDef obj