You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@ranger.apache.org by pr...@apache.org on 2022/06/24 07:14:07 UTC
[ranger] branch master updated: RANGER-3797 : Not able to create security zone for solr service after upgrade
This is an automated email from the ASF dual-hosted git repository.
pradeep pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/ranger.git
The following commit(s) were added to refs/heads/master by this push:
new fc7ad98fb RANGER-3797 : Not able to create security zone for solr service after upgrade
fc7ad98fb is described below
commit fc7ad98fbb2ee7bb7d4cd3329abc438a73e0444a
Author: mateen.mansoori <ma...@gmail.com>
AuthorDate: Tue Jun 21 16:11:53 2022 +0530
RANGER-3797 : Not able to create security zone for solr service after upgrade
Signed-off-by: pradeep <pr...@apache.org>
---
...PatchForSolrSvcDefAndPoliciesUpdate_J10055.java | 56 ++++++++++++++++++----
1 file changed, 46 insertions(+), 10 deletions(-)
diff --git a/security-admin/src/main/java/org/apache/ranger/patch/PatchForSolrSvcDefAndPoliciesUpdate_J10055.java b/security-admin/src/main/java/org/apache/ranger/patch/PatchForSolrSvcDefAndPoliciesUpdate_J10055.java
index 949967cd3..4684923ca 100644
--- a/security-admin/src/main/java/org/apache/ranger/patch/PatchForSolrSvcDefAndPoliciesUpdate_J10055.java
+++ b/security-admin/src/main/java/org/apache/ranger/patch/PatchForSolrSvcDefAndPoliciesUpdate_J10055.java
@@ -27,8 +27,8 @@ import java.util.Map;
import java.util.Set;
import org.apache.commons.collections.CollectionUtils;
+import org.apache.commons.collections.MapUtils;
import org.apache.commons.lang.StringUtils;
-import org.apache.log4j.Logger;
import org.apache.ranger.biz.SecurityZoneDBStore;
import org.apache.ranger.biz.ServiceDBStore;
import org.apache.ranger.common.RangerValidatorFactory;
@@ -45,6 +45,7 @@ import org.apache.ranger.plugin.model.RangerPolicy.RangerPolicyItemAccess;
import org.apache.ranger.plugin.model.RangerPolicy.RangerPolicyResource;
import org.apache.ranger.plugin.model.RangerSecurityZone;
import org.apache.ranger.plugin.model.RangerSecurityZone.RangerSecurityZoneService;
+import org.apache.ranger.plugin.model.RangerService;
import org.apache.ranger.plugin.model.RangerServiceDef;
import org.apache.ranger.plugin.model.RangerServiceDef.RangerServiceConfigDef;
import org.apache.ranger.plugin.model.validation.RangerServiceDefValidator;
@@ -52,12 +53,14 @@ import org.apache.ranger.plugin.model.validation.RangerValidator.Action;
import org.apache.ranger.plugin.store.EmbeddedServiceDefsUtil;
import org.apache.ranger.plugin.util.SearchFilter;
import org.apache.ranger.util.CLIUtil;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Component;
@Component
public class PatchForSolrSvcDefAndPoliciesUpdate_J10055 extends BaseLoader {
- private static final Logger logger = Logger.getLogger(PatchForSolrSvcDefAndPoliciesUpdate_J10055.class);
+ private static final Logger logger = LoggerFactory.getLogger(PatchForSolrSvcDefAndPoliciesUpdate_J10055.class);
private static final String ACCESS_TYPE_UPDATE = "update";
private static final String ACCESS_TYPE_QUERY = "query";
private static final String ACCESS_TYPE_ADMIN = "solr_admin";
@@ -70,6 +73,8 @@ public class PatchForSolrSvcDefAndPoliciesUpdate_J10055 extends BaseLoader {
private static final String ACCESS_TYPE_OTHERS_TAG = "solr:others";
private enum NEW_RESOURCE { admin, config, schema }
+ private static final String SVC_ACCESS_TYPE_CONFIG_SUFFIX = "accessTypes";
+
private static final String SOLR_SVC_DEF_NAME = EmbeddedServiceDefsUtil.EMBEDDED_SERVICEDEF_SOLR_NAME;
private static RangerServiceDef embeddedSolrServiceDef = null;
@@ -134,7 +139,7 @@ public class PatchForSolrSvcDefAndPoliciesUpdate_J10055 extends BaseLoader {
throw new RuntimeException("Error while updating " + SOLR_SVC_DEF_NAME + " service-def");
}
} catch (Exception e) {
- logger.error("Error whille executing PatchForSolrSvcDefAndPoliciesUpdate_J10055.", e);
+ logger.error("Error whille executing PatchForSolrSvcDefAndPoliciesUpdate_J10055 - ", e);
System.exit(1);
}
@@ -142,7 +147,7 @@ public class PatchForSolrSvcDefAndPoliciesUpdate_J10055 extends BaseLoader {
// For RANGER-3725 - Update atlas default audit filter
updateDefaultAuditFilter(EmbeddedServiceDefsUtil.EMBEDDED_SERVICEDEF_ATLAS_NAME);
} catch (Throwable t) {
- logger.error("Failed to update atlas default audit filter, Error - ", t);
+ logger.error("Failed to update atlas default audit filter - ", t);
System.exit(1);
}
@@ -159,6 +164,7 @@ public class PatchForSolrSvcDefAndPoliciesUpdate_J10055 extends BaseLoader {
filter.setParam(SearchFilter.FETCH_ZONE_UNZONE_POLICIES, "true");
updateResPolicies(svcDBStore.getServicePolicies(dbService.getId(), filter));
updateZoneResourceMapping(dbService);
+ updateServiceConfig(dbService);
}
}
logger.info("<== PatchForSolrSvcDefAndPoliciesUpdate_J10055.updateExistingRangerResPolicy(...)");
@@ -236,8 +242,7 @@ public class PatchForSolrSvcDefAndPoliciesUpdate_J10055 extends BaseLoader {
updateTagPolicyItemAccess(exPolicy.getDenyExceptions());
this.svcDBStore.updatePolicy(exPolicy);
} catch (Exception e) {
- logger.error("Failed to apply the patch, Error - " + e.getCause());
- e.printStackTrace();
+ logger.error("Failed to apply the patch - ", e);
System.exit(1);
}
}
@@ -297,8 +302,7 @@ public class PatchForSolrSvcDefAndPoliciesUpdate_J10055 extends BaseLoader {
}
} catch (Exception e) {
- logger.error("Failed to apply the patch, Error Msg - " + e.getCause());
- e.printStackTrace();
+ logger.error("Failed to apply the patch - ", e);
System.exit(1);
}
}
@@ -310,8 +314,7 @@ public class PatchForSolrSvcDefAndPoliciesUpdate_J10055 extends BaseLoader {
updateResPolicyItemAccess(exPolicy.getDenyExceptions());
this.svcDBStore.updatePolicy(exPolicy);
} catch (Exception e) {
- logger.error("Failed to apply the patch, Error - " + e.getCause());
- e.printStackTrace();
+ logger.error("Failed to apply the patch - ", e);
System.exit(1);
}
}
@@ -479,6 +482,39 @@ public class PatchForSolrSvcDefAndPoliciesUpdate_J10055 extends BaseLoader {
logger.info("<== PatchForSolrSvcDefAndPoliciesUpdate_J10055.deleteOldAccessTypeRefs(" + svcDefId + ")");
}
+ private void updateServiceConfig(final XXService dbService) throws Exception {
+
+ final RangerService rangerSvc = this.svcDBStore.getService(dbService.getId());
+ final Map<String, String> configMap = rangerSvc != null ? rangerSvc.getConfigs() : null;
+ Set<String> accessTypeSet = new HashSet<String>();
+
+ if (MapUtils.isNotEmpty(configMap)) {
+ for (final Map.Entry<String, String> entry : configMap.entrySet()) {
+ final String configKey = entry.getKey();
+ final String configValue = entry.getValue();
+ accessTypeSet = new HashSet<String>();
+ if (StringUtils.endsWith(configKey, SVC_ACCESS_TYPE_CONFIG_SUFFIX) && StringUtils.isNotEmpty(configValue)) {
+ final String[] accessTypeArray = configValue.split(",");
+ for (String access : accessTypeArray) {
+ if (!ACCESS_TYPE_OTHERS.equalsIgnoreCase(access) && !ACCESS_TYPE_ADMIN.equalsIgnoreCase(access)) {
+ accessTypeSet.add(access);
+ } else {
+ if (ACCESS_TYPE_ADMIN.equalsIgnoreCase(access)) {
+ accessTypeSet.add(ACCESS_TYPE_QUERY);
+ accessTypeSet.add(ACCESS_TYPE_UPDATE);
+ } else if (ACCESS_TYPE_OTHERS.equalsIgnoreCase(access)) {
+ accessTypeSet.add(ACCESS_TYPE_QUERY);
+ }
+ }
+ }
+ configMap.put(configKey, StringUtils.join(accessTypeSet, ","));
+ }
+ }
+ rangerSvc.setConfigs(configMap);
+ this.svcDBStore.updateService(rangerSvc, null);
+ }
+ }
+
private void updateDefaultAuditFilter(final String svcDefName) throws Exception {
logger.info("==> PatchForSolrSvcDefAndPoliciesUpdate_J10055.updateAtlasDefaultAuditFilter()");
final RangerServiceDef embeddedAtlasServiceDef = EmbeddedServiceDefsUtil.instance()