You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@ranger.apache.org by al...@apache.org on 2016/03/12 02:44:47 UTC
incubator-ranger git commit: RANGER-882 Scrub received policies
before policy engine uses it to guard against inadvertant data corruption:
remove null policy resource values
Repository: incubator-ranger
Updated Branches:
refs/heads/master bda66dd48 -> 880692ae9
RANGER-882 Scrub received policies before policy engine uses it to guard against inadvertant data corruption: remove null policy resource values
Project: http://git-wip-us.apache.org/repos/asf/incubator-ranger/repo
Commit: http://git-wip-us.apache.org/repos/asf/incubator-ranger/commit/880692ae
Tree: http://git-wip-us.apache.org/repos/asf/incubator-ranger/tree/880692ae
Diff: http://git-wip-us.apache.org/repos/asf/incubator-ranger/diff/880692ae
Branch: refs/heads/master
Commit: 880692ae98f7008ec5d5bf34a029cc461dbb0318
Parents: bda66dd
Author: Alok Lal <al...@apache.org>
Authored: Fri Mar 11 16:50:50 2016 -0800
Committer: Alok Lal <al...@apache.org>
Committed: Fri Mar 11 17:40:30 2016 -0800
----------------------------------------------------------------------
.../policyengine/RangerPolicyRepository.java | 32 ++++++++++++++++++++
1 file changed, 32 insertions(+)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/880692ae/agents-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerPolicyRepository.java
----------------------------------------------------------------------
diff --git a/agents-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerPolicyRepository.java b/agents-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerPolicyRepository.java
index e79b5cd..d39dd52 100644
--- a/agents-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerPolicyRepository.java
+++ b/agents-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerPolicyRepository.java
@@ -402,6 +402,7 @@ public class RangerPolicyRepository {
LOG.debug("==> RangerPolicyRepository.buildPolicyEvaluator(" + policy + "," + serviceDef + ", " + options + ")");
}
+ scrubPolicy(policy);
RangerPolicyEvaluator ret;
if(StringUtils.equalsIgnoreCase(options.evaluatorType, RangerPolicyEvaluator.EVALUATOR_TYPE_CACHED)) {
@@ -461,6 +462,37 @@ public class RangerPolicyRepository {
}
}
+ /**
+ * Remove nulls from policy resource values
+ * @param policy
+ */
+ boolean scrubPolicy(RangerPolicy policy) {
+ if (LOG.isDebugEnabled()) {
+ LOG.debug("==> RangerPolicyRepository.scrubPolicy(" + policy + ")");
+ }
+ boolean altered = false;
+ Long policyId = policy.getId();
+ Map<String, RangerPolicy.RangerPolicyResource> resourceMap = policy.getResources();
+ for (Map.Entry<String, RangerPolicy.RangerPolicyResource> entry : resourceMap.entrySet()) {
+ String resourceName = entry.getKey();
+ RangerPolicy.RangerPolicyResource resource = entry.getValue();
+ Iterator<String> iterator = resource.getValues().iterator();
+ while (iterator.hasNext()) {
+ String value = iterator.next();
+ if (value == null) {
+ LOG.warn("RangerPolicyRepository.scrubPolicyResource: found null resource value for " + resourceName + " in policy " + policyId + "! Removing...");
+ iterator.remove();
+ altered = true;
+ }
+ }
+ }
+
+ if (LOG.isDebugEnabled()) {
+ LOG.debug("<== RangerPolicyRepository.scrubPolicy(" + policy + "): " + altered);
+ }
+ return altered;
+ }
+
@Override
public String toString( ) {
StringBuilder sb = new StringBuilder();