Adding query-roleset support

Author: Miguel Rodriguez

src/main/java/com/marklogic/appdeployer/command/SortOrderConstants.java

@@ -14,6 +14,7 @@ public abstract class SortOrderConstants {
     public static Integer DEPLOY_PROTECTED_COLLECTIONS = 80;
     public static Integer DEPLOY_MIMETYPES = 90;
 	public static Integer DEPLOY_PROTECTED_PATHS = 95;
+	public static Integer DEPLOY_QUERY_ROLE_SETS = 97;
 
     public static Integer DEPLOY_TRIGGERS_DATABASE = 100;
     public static Integer DEPLOY_SCHEMAS_DATABASE = 100;
@@ -72,6 +73,7 @@ public abstract class SortOrderConstants {
     public static Integer DELETE_CERTIFICATE_AUTHORITIES = 9020;
     public static Integer DELETE_EXTERNAL_SECURITY = 9030;
     public static Integer DELETE_PROTECTED_COLLECTIONS = 9040;
+	public static Integer DELETE_QUERY_ROLE_SETS = 9050;
 
     // Roles can reference privileges, so must delete roles first
     public static Integer DELETE_ROLES = 9060;

src/main/java/com/marklogic/appdeployer/command/security/DeployQueryRoleSetsCommand.java

@@ -0,0 +1,26 @@
+package com.marklogic.appdeployer.command.security;
+
+import com.marklogic.appdeployer.command.AbstractResourceCommand;
+import com.marklogic.appdeployer.command.CommandContext;
+import com.marklogic.appdeployer.command.SortOrderConstants;
+import com.marklogic.mgmt.resource.ResourceManager;
+import com.marklogic.mgmt.resource.security.QueryRoleSetsManager;
+
+import java.io.File;
+
+public class DeployQueryRoleSetsCommand extends AbstractResourceCommand {
+
+	public DeployQueryRoleSetsCommand() {
+		setExecuteSortOrder(SortOrderConstants.DEPLOY_QUERY_ROLE_SETS);
+		setUndoSortOrder(SortOrderConstants.DELETE_QUERY_ROLE_SETS);
+	}
+	@Override
+	protected File[] getResourceDirs(CommandContext context) {
+		return new File[] { context.getAppConfig().getConfigDir().getQueryRoleSetsDir() };
+	}
+
+	@Override
+	protected ResourceManager getResourceManager(CommandContext context) {
+		return new QueryRoleSetsManager(context.getManageClient());
+	}
+}

src/main/java/com/marklogic/mgmt/PayloadParser.java

@@ -30,7 +30,8 @@ public String getPayloadFieldValue(String payload, String fieldName) {
                 throw new RuntimeException("Cannot get field value from JSON; field name: " + fieldName + "; JSON: "
                         + payload);
             }
-            return node.get(fieldName).asText();
+            return node.get(fieldName).isTextual() ? node.get(fieldName).asText() : node.get(fieldName).toString();
+
         } else {
             Fragment f = new Fragment(payload);
             String xpath = String.format("/node()/*[local-name(.) = '%s']", fieldName);

src/main/java/com/marklogic/mgmt/resource/security/ProtectedPathManager.java

@@ -3,6 +3,8 @@
 import com.marklogic.mgmt.ManageClient;
 import com.marklogic.mgmt.resource.AbstractResourceManager;
 import com.marklogic.rest.util.Fragment;
+import com.marklogic.rest.util.ResourcesFragment;
+import org.springframework.web.client.ResourceAccessException;
 
 import java.util.List;
 
@@ -65,4 +67,25 @@ public String getIdForPathExpression(String pathExpression) {
 
 	@Override
 	protected boolean useAdminUser() { return true; }
+
+
+	/**
+	 * Testing the deployment/undeployment of protected paths intermittently fails when performing a GET on the
+	 * /manage/v2/protected-paths endpoint. A single retry seems to address the issue, though the cause is still
+	 * unknown.
+	 *
+	 * @return ResourcesFragment
+	 */
+	@Override
+	public ResourcesFragment getAsXml() {
+		try {
+			return new ResourcesFragment(getManageClient().getXmlAsAdmin(getResourcesPath()));
+		} catch (ResourceAccessException ex) {
+			if (logger.isWarnEnabled()) {
+				logger.warn("Unable to get list of protected paths, retrying; cause: " + ex.getMessage());
+			}
+			return new ResourcesFragment(getManageClient().getXmlAsAdmin(getResourcesPath()));
+		}
+	}
+
 }

src/main/java/com/marklogic/mgmt/resource/security/QueryRoleSetsManager.java

@@ -0,0 +1,83 @@
+package com.marklogic.mgmt.resource.security;
+
+import com.fasterxml.jackson.databind.JsonNode;
+import com.marklogic.mgmt.ManageClient;
+import com.marklogic.mgmt.PayloadParser;
+import com.marklogic.mgmt.resource.AbstractResourceManager;
+import com.marklogic.rest.util.Fragment;
+
+import java.util.List;
+
+public class QueryRoleSetsManager extends AbstractResourceManager {
+
+	private boolean updateAllowed = false;
+
+	public QueryRoleSetsManager(ManageClient client) {
+		super(client);
+	}
+
+	@Override
+	public String getResourcesPath() {
+		return "/manage/v2/query-rolesets";
+	}
+
+	@Override
+	protected String getResourceName() {
+		return "query-rolesets";
+	}
+
+	@Override
+	protected String getIdFieldName() {
+		return "role-name";
+	}
+
+	@Override
+	public String getPropertiesPath(String resourceNameOrId, String... resourceUrlParams) {
+		String id = getIdForRoleNames(resourceNameOrId);
+		if (id == null) {
+			throw new RuntimeException("Could not find a query-roleset with roles: " + resourceNameOrId);
+		} else return getResourcesPath()  + "/" + id + "/properties";
+	}
+
+	@Override
+	public String getResourcePath(String resourceNameOrId, String... resourceUrlParams) {
+		String id = getIdForRoleNames(resourceNameOrId);
+		if (id == null) {
+			throw new RuntimeException("Could not find a query-roleset with roles: " + resourceNameOrId);
+		}else return getResourcesPath()  + "/" + id;
+	}
+
+	@Override
+	public boolean exists(String resourceNameOrId, String... resourceUrlParams) {
+		Fragment f = getAsXml();
+		return f.elementExists(format(
+			"/node()/*[local-name(.) = 'list-items']/node()[*[local-name(.) = 'idref'] = '%s']",
+			getIdForRoleNames(resourceNameOrId)));
+	}
+
+	public String getIdForRoleNames(String roles) {
+		Fragment f = getAsXml();
+		String xpath = "/node()/*[local-name(.) = 'list-items']/node()/*[local-name(.) = 'idref']";
+		String roleSetId = null;
+
+		//Transform roles into role JSON array
+		JsonNode roleArray = payloadParser.parseJson(roles);
+
+		//Get list of existing rolesets
+		for(String id : f.getElementValues(xpath)) {
+			String response =
+				payloadParser.getPayloadFieldValue(
+                    getManageClient().getJson(getResourcesPath() + "/" + id + "/properties"),
+                    getIdFieldName()
+				);
+
+			//does this roleset contain the same list of roles?
+			if (roleArray.equals(payloadParser.parseJson(response))) {
+				roleSetId = id;
+				break;
+			}
+		}
+		return roleSetId;
+	}
+
+}

src/test/java/com/marklogic/appdeployer/command/security/ManageProtectedPathsTest.java

@@ -21,14 +21,4 @@ protected String[] getResourceNames() {
 		return new String[] { "/test:element" };
 	}
 
-	/*
-	@Override
-	protected void afterResourcesCreatedAgain() {
-		try {
-			Thread.sleep(5000);
-		} catch (InterruptedException e) {
-			e.printStackTrace();
-		}
-	}
-	*/
 }

src/test/java/com/marklogic/appdeployer/command/security/ManageQueryRoleSetsTest.java

@@ -0,0 +1,23 @@
+package com.marklogic.appdeployer.command.security;
+
+import com.marklogic.appdeployer.command.AbstractManageResourceTest;
+import com.marklogic.appdeployer.command.Command;
+import com.marklogic.mgmt.resource.ResourceManager;
+import com.marklogic.mgmt.resource.security.QueryRoleSetsManager;
+
+public class ManageQueryRoleSetsTest extends AbstractManageResourceTest {
+    @Override
+    protected ResourceManager newResourceManager() {
+        return new QueryRoleSetsManager(manageClient);
+    }
+
+    @Override
+    protected Command newCommand() {
+        return new DeployQueryRoleSetsCommand();
+    }
+
+	@Override
+	protected String[] getResourceNames() {
+		return new String[] { "[\"view-admin\"]" };
+	}
+}

src/test/resources/sample-app/src/main/ml-config/security/query-rolesets/queryset-1.json

@@ -0,0 +1,3 @@
+{
+	"role-name": ["view-admin" ]
+}