You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@ranger.apache.org by ma...@apache.org on 2023/04/02 15:37:50 UTC
[ranger] 01/02: RANGER-4157: fixed handling of implicit addition of expression condition
This is an automated email from the ASF dual-hosted git repository.
madhan pushed a commit to branch ranger-2.4
in repository https://gitbox.apache.org/repos/asf/ranger.git
commit 2dbac18e01f83830558eccb18500f3c57923ae3d
Author: Madhan Neethiraj <ma...@apache.org>
AuthorDate: Tue Mar 28 12:47:49 2023 -0700
RANGER-4157: fixed handling of implicit addition of expression condition
(cherry picked from commit e89016cc581379b5c98f99de202c967f503dcfe3)
---
.../ranger/service/RangerServiceDefService.java | 64 ----------------------
.../service/RangerServiceDefServiceBase.java | 63 +++++++++++++++++++++
2 files changed, 63 insertions(+), 64 deletions(-)
diff --git a/security-admin/src/main/java/org/apache/ranger/service/RangerServiceDefService.java b/security-admin/src/main/java/org/apache/ranger/service/RangerServiceDefService.java
index 328d8baa6..7d363c4c7 100644
--- a/security-admin/src/main/java/org/apache/ranger/service/RangerServiceDefService.java
+++ b/security-admin/src/main/java/org/apache/ranger/service/RangerServiceDefService.java
@@ -18,19 +18,14 @@
package org.apache.ranger.service;
import java.util.ArrayList;
-import java.util.HashMap;
import java.util.List;
import java.util.Map;
import org.apache.commons.lang.StringUtils;
import org.apache.ranger.authorization.hadoop.config.RangerAdminConfig;
-import org.apache.ranger.common.PropertiesUtil;
import org.apache.ranger.entity.XXServiceDef;
-import org.apache.ranger.plugin.conditionevaluator.RangerScriptConditionEvaluator;
import org.apache.ranger.plugin.model.RangerServiceDef;
-import org.apache.ranger.plugin.model.RangerServiceDef.RangerPolicyConditionDef;
import org.apache.ranger.plugin.store.EmbeddedServiceDefsUtil;
-import org.apache.ranger.plugin.util.ServiceDefUtil;
import org.springframework.context.annotation.Scope;
import org.springframework.stereotype.Service;
@@ -38,12 +33,6 @@ import org.springframework.stereotype.Service;
@Service
@Scope("singleton")
public class RangerServiceDefService extends RangerServiceDefServiceBase<XXServiceDef, RangerServiceDef> {
- public static final String PROP_ENABLE_IMPLICIT_CONDITION_EXPRESSION = "ranger.servicedef.enableImplicitConditionExpression";
- public static final String IMPLICIT_CONDITION_EXPRESSION_EVALUATOR = RangerScriptConditionEvaluator.class.getCanonicalName();
- public static final String IMPLICIT_CONDITION_EXPRESSION_NAME = "_expression";
- public static final String IMPLICIT_CONDITION_EXPRESSION_LABEL = "Enter boolean expression";
- public static final String IMPLICIT_CONDITION_EXPRESSION_DESC = "Boolean expression";
-
private final RangerAdminConfig config;
public RangerServiceDefService() {
@@ -83,8 +72,6 @@ public class RangerServiceDefService extends RangerServiceDefServiceBase<XXServi
ret.setOptions(serviceDefOptions);
}
- addImplicitConditionExpressionIfNeeded(ret);
-
return ret;
}
@@ -102,55 +89,4 @@ public class RangerServiceDefService extends RangerServiceDefServiceBase<XXServi
public RangerServiceDef getPopulatedViewObject(XXServiceDef xServiceDef) {
return this.populateViewBean(xServiceDef);
}
-
-
- boolean addImplicitConditionExpressionIfNeeded(RangerServiceDef serviceDef) {
- boolean ret = false;
- boolean implicitConditionDefault = PropertiesUtil.getBooleanProperty(PROP_ENABLE_IMPLICIT_CONDITION_EXPRESSION, true);
- boolean implicitConditionEnabled = ServiceDefUtil.getBooleanValue(serviceDef.getOptions(), RangerServiceDef.OPTION_ENABLE_IMPLICIT_CONDITION_EXPRESSION, implicitConditionDefault);
-
- if (implicitConditionEnabled) {
- boolean exists = false;
- Long maxItemId = 0L;
- List<RangerPolicyConditionDef> conditionDefs = serviceDef.getPolicyConditions();
-
- if (conditionDefs == null) {
- conditionDefs = new ArrayList<>();
- }
-
- for (RangerPolicyConditionDef conditionDef : conditionDefs) {
- if (StringUtils.equalsIgnoreCase(conditionDef.getEvaluator(), IMPLICIT_CONDITION_EXPRESSION_EVALUATOR)) {
- exists = true;
-
- break;
- }
-
- if (conditionDef.getItemId() != null && maxItemId < conditionDef.getItemId()) {
- maxItemId = conditionDef.getItemId();
- }
- }
-
- if (!exists) {
- RangerPolicyConditionDef conditionDef = new RangerPolicyConditionDef();
- Map<String, String> options = new HashMap<>();
-
- options.put("ui.isMultiline", "true");
-
- conditionDef.setItemId(maxItemId + 1);
- conditionDef.setName(IMPLICIT_CONDITION_EXPRESSION_NAME);
- conditionDef.setLabel(IMPLICIT_CONDITION_EXPRESSION_LABEL);
- conditionDef.setDescription(IMPLICIT_CONDITION_EXPRESSION_DESC);
- conditionDef.setEvaluator(IMPLICIT_CONDITION_EXPRESSION_EVALUATOR);
- conditionDef.setEvaluatorOptions(options);
-
- conditionDefs.add(conditionDef);
-
- serviceDef.setPolicyConditions(conditionDefs);
-
- ret = true;
- }
- }
-
- return ret;
- }
}
diff --git a/security-admin/src/main/java/org/apache/ranger/service/RangerServiceDefServiceBase.java b/security-admin/src/main/java/org/apache/ranger/service/RangerServiceDefServiceBase.java
index 656bc0184..91d5f26bc 100644
--- a/security-admin/src/main/java/org/apache/ranger/service/RangerServiceDefServiceBase.java
+++ b/security-admin/src/main/java/org/apache/ranger/service/RangerServiceDefServiceBase.java
@@ -31,11 +31,13 @@ import org.apache.ranger.common.AppConstants;
import org.apache.ranger.common.GUIDUtil;
import org.apache.ranger.common.JSONUtil;
import org.apache.ranger.common.MessageEnums;
+import org.apache.ranger.common.PropertiesUtil;
import org.apache.ranger.common.SearchField;
import org.apache.ranger.common.SortField;
import org.apache.ranger.common.SearchField.DATA_TYPE;
import org.apache.ranger.common.SearchField.SEARCH_TYPE;
import org.apache.ranger.entity.*;
+import org.apache.ranger.plugin.conditionevaluator.RangerScriptConditionEvaluator;
import org.apache.ranger.plugin.model.RangerServiceDef;
import org.apache.ranger.plugin.model.RangerServiceDef.RangerAccessTypeDef;
import org.apache.ranger.plugin.model.RangerServiceDef.RangerContextEnricherDef;
@@ -60,6 +62,11 @@ public abstract class RangerServiceDefServiceBase<T extends XXServiceDefBase, V
private static final String OPTION_RESOURCE_ACCESS_TYPE_RESTRICTIONS = "__accessTypeRestrictions";
private static final String OPTION_RESOURCE_IS_VALID_LEAF = "__isValidLeaf";
+ public static final String PROP_ENABLE_IMPLICIT_CONDITION_EXPRESSION = "ranger.servicedef.enableImplicitConditionExpression";
+ public static final String IMPLICIT_CONDITION_EXPRESSION_EVALUATOR = RangerScriptConditionEvaluator.class.getCanonicalName();
+ public static final String IMPLICIT_CONDITION_EXPRESSION_NAME = "_expression";
+ public static final String IMPLICIT_CONDITION_EXPRESSION_LABEL = "Enter boolean expression";
+ public static final String IMPLICIT_CONDITION_EXPRESSION_DESC = "Boolean expression";
@Autowired
RangerAuditFields<?> rangerAuditFields;
@@ -201,6 +208,8 @@ public abstract class RangerServiceDefServiceBase<T extends XXServiceDefBase, V
serviceDef.setDataMaskDef(dataMaskDef);
serviceDef.setRowFilterDef(rowFilterDef);
+ addImplicitConditionExpressionIfNeeded(serviceDef);
+
ServiceDefUtil.normalize(serviceDef);
return serviceDef;
@@ -707,4 +716,58 @@ public abstract class RangerServiceDefServiceBase<T extends XXServiceDefBase, V
return ret;
}
+
+ boolean addImplicitConditionExpressionIfNeeded(RangerServiceDef serviceDef) {
+ boolean ret = false;
+ boolean implicitConditionDefault = PropertiesUtil.getBooleanProperty(PROP_ENABLE_IMPLICIT_CONDITION_EXPRESSION, true);
+ boolean implicitConditionEnabled = ServiceDefUtil.getBooleanValue(serviceDef.getOptions(), RangerServiceDef.OPTION_ENABLE_IMPLICIT_CONDITION_EXPRESSION, implicitConditionDefault);
+
+ if (implicitConditionEnabled) {
+ boolean exists = false;
+ Long maxItemId = 0L;
+ List<RangerPolicyConditionDef> conditionDefs = serviceDef.getPolicyConditions();
+
+ if (conditionDefs == null) {
+ conditionDefs = new ArrayList<>();
+ }
+
+ for (RangerPolicyConditionDef conditionDef : conditionDefs) {
+ if (StringUtils.equalsIgnoreCase(conditionDef.getEvaluator(), IMPLICIT_CONDITION_EXPRESSION_EVALUATOR)) {
+ exists = true;
+
+ break;
+ }
+
+ if (conditionDef.getItemId() != null && maxItemId < conditionDef.getItemId()) {
+ maxItemId = conditionDef.getItemId();
+ }
+ }
+
+ if (!exists) {
+ RangerPolicyConditionDef conditionDef = new RangerPolicyConditionDef();
+ Map<String, String> options = new HashMap<>();
+
+ options.put("ui.isMultiline", "true");
+
+ conditionDef.setItemId(maxItemId + 1);
+ conditionDef.setName(IMPLICIT_CONDITION_EXPRESSION_NAME);
+ conditionDef.setLabel(IMPLICIT_CONDITION_EXPRESSION_LABEL);
+ conditionDef.setDescription(IMPLICIT_CONDITION_EXPRESSION_DESC);
+ conditionDef.setEvaluator(IMPLICIT_CONDITION_EXPRESSION_EVALUATOR);
+ conditionDef.setEvaluatorOptions(options);
+
+ conditionDefs.add(conditionDef);
+
+ serviceDef.setPolicyConditions(conditionDefs);
+
+ ret = true;
+ }
+ }
+
+ if (LOG.isDebugEnabled()) {
+ LOG.debug("addImplicitConditionExpressionIfNeeded(serviceType={}): implicitConditionDefault={}, implicitConditionEnabled={}, conditionDefs={}, ret={}", serviceDef.getName(), implicitConditionDefault, implicitConditionEnabled, serviceDef.getPolicyConditions(), ret);
+ }
+
+ return ret;
+ }
}