You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@ranger.apache.org by pr...@apache.org on 2017/09/27 04:17:02 UTC
ranger git commit: RANGER-1748: User is unable to update existing
policy while importing policy from file
Repository: ranger
Updated Branches:
refs/heads/master 17deef643 -> a95606928
RANGER-1748: User is unable to update existing policy while importing policy from file
Signed-off-by: pradeep <pr...@apache.org>
Project: http://git-wip-us.apache.org/repos/asf/ranger/repo
Commit: http://git-wip-us.apache.org/repos/asf/ranger/commit/a9560692
Tree: http://git-wip-us.apache.org/repos/asf/ranger/tree/a9560692
Diff: http://git-wip-us.apache.org/repos/asf/ranger/diff/a9560692
Branch: refs/heads/master
Commit: a95606928d372f5214b0b55500408ad66a831bc0
Parents: 17deef6
Author: Bhavik Patel <bh...@gmail.com>
Authored: Mon Sep 25 12:00:24 2017 +0530
Committer: pradeep <pr...@apache.org>
Committed: Wed Sep 27 09:46:22 2017 +0530
----------------------------------------------------------------------
.../org/apache/ranger/rest/ServiceREST.java | 68 +++++++++++++++++++-
1 file changed, 65 insertions(+), 3 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/ranger/blob/a9560692/security-admin/src/main/java/org/apache/ranger/rest/ServiceREST.java
----------------------------------------------------------------------
diff --git a/security-admin/src/main/java/org/apache/ranger/rest/ServiceREST.java b/security-admin/src/main/java/org/apache/ranger/rest/ServiceREST.java
index f1ce3af..d8f217d 100644
--- a/security-admin/src/main/java/org/apache/ranger/rest/ServiceREST.java
+++ b/security-admin/src/main/java/org/apache/ranger/rest/ServiceREST.java
@@ -2017,18 +2017,27 @@ public class ServiceREST {
}
}
String updateIfExists = request.getParameter(PARAM_UPDATE_IF_EXISTS);
+ String polResource = request.getParameter(SearchFilter.POL_RESOURCE);
if (updateIfExists == null || updateIfExists.isEmpty()) {
updateIfExists = "false";
} else if (updateIfExists.equalsIgnoreCase("true")) {
isOverride = false;
}
- if (isOverride && updateIfExists.equalsIgnoreCase("false")){
+ if (isOverride && "false".equalsIgnoreCase(updateIfExists) && StringUtils.isEmpty(polResource)) {
if (LOG.isDebugEnabled()) {
LOG.debug("Deleting Policy from provided services in servicesMapJson file...");
}
+ if (CollectionUtils.isNotEmpty(sourceServices) && CollectionUtils.isNotEmpty(destinationServices)) {
+ deletePoliciesProvidedInServiceMap(sourceServices, destinationServices, null);
+ }
+ }
+
+ if ("true".equalsIgnoreCase(updateIfExists) && StringUtils.isNotEmpty(polResource)) {
+ if (LOG.isDebugEnabled()) {
+ LOG.debug("Deleting Policy from provided services in servicesMapJson file for specific resource...");
+ }
if (CollectionUtils.isNotEmpty(sourceServices) && CollectionUtils.isNotEmpty(destinationServices)){
- deletePoliciesProvidedInServiceMap(sourceServices,
- destinationServices, null);
+ deletePoliciesForResource(sourceServices, destinationServices, polResource, request, policies);
}
}
if (policies != null && !CollectionUtils.sizeIsEmpty(policies)){
@@ -2262,6 +2271,59 @@ public class ServiceREST {
}
}
+ private void deletePoliciesForResource(List<String> sourceServices, List<String> destinationServices, String resource, HttpServletRequest request, List<RangerPolicy> exportPolicies) {
+ int totalDeletedPilicies = 0;
+ if (CollectionUtils.isNotEmpty(sourceServices)
+ && CollectionUtils.isNotEmpty(destinationServices)) {
+ Set<String> exportedPolicyNames=new HashSet<String>();
+ if (CollectionUtils.isNotEmpty(exportPolicies)) {
+ for (RangerPolicy rangerPolicy : exportPolicies) {
+ if (rangerPolicy!=null) {
+ exportedPolicyNames.add(rangerPolicy.getName());
+ }
+ }
+ }
+ for (int i = 0; i < sourceServices.size(); i++) {
+ if (!destinationServices.get(i).isEmpty()) {
+ RangerPolicyList servicePolicies = null;
+ servicePolicies = getServicePoliciesByName(destinationServices.get(i), request);
+ if (servicePolicies != null) {
+ List<RangerPolicy> rangerPolicyList = servicePolicies.getPolicies();
+ if (CollectionUtils.isNotEmpty(rangerPolicyList)) {
+ for (RangerPolicy rangerPolicy : rangerPolicyList) {
+ if (rangerPolicy != null) {
+ Map<String, RangerPolicy.RangerPolicyResource> rangerPolicyResourceMap=rangerPolicy.getResources();
+ if (rangerPolicyResourceMap!=null) {
+ RangerPolicy.RangerPolicyResource rangerPolicyResource=null;
+ if (rangerPolicyResourceMap.containsKey("path")) {
+ rangerPolicyResource=rangerPolicyResourceMap.get("path");
+ } else if (rangerPolicyResourceMap.containsKey("database")) {
+ rangerPolicyResource=rangerPolicyResourceMap.get("database");
+ }
+ if (rangerPolicyResource!=null) {
+ if (CollectionUtils.isNotEmpty(rangerPolicyResource.getValues()) && rangerPolicyResource.getValues().size()>1) {
+ continue;
+ }
+ }
+ }
+ if (rangerPolicy.getId() != null) {
+ if (!exportedPolicyNames.contains(rangerPolicy.getName())) {
+ deletePolicy(rangerPolicy.getId());
+ if (LOG.isDebugEnabled()) {
+ LOG.debug("Policy " + rangerPolicy.getName() + " deleted successfully.");
+ }
+ totalDeletedPilicies = totalDeletedPilicies + 1;
+ }
+ }
+ }
+ }
+ }
+ }
+ }
+ }
+ }
+ }
+
public List<RangerPolicy> getPolicies(SearchFilter filter) {
if(LOG.isDebugEnabled()) {
LOG.debug("==> ServiceREST.getPolicies(filter)");