You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@ranger.apache.org by me...@apache.org on 2020/04/14 11:59:02 UTC

[ranger] 01/03: RANGER-2772 : added functionality to marge role while using mergeIfExists parameter

This is an automated email from the ASF dual-hosted git repository.

mehul pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/ranger.git

commit 5b23eff7d1ce5b4cbd0fa1b7ad4709f7e48cd10f
Author: Dineshkumar Yadav <di...@outlook.com>
AuthorDate: Wed Apr 8 12:12:35 2020 +0530

    RANGER-2772 : added functionality to marge role while using mergeIfExists parameter
    
    Signed-off-by: Mehul Parikh <me...@apache.org>
---
 .../java/org/apache/ranger/rest/ServiceREST.java   |  4 ++--
 .../org/apache/ranger/rest/ServiceRESTUtil.java    | 22 ++++++++++++++++++----
 2 files changed, 20 insertions(+), 6 deletions(-)

diff --git a/security-admin/src/main/java/org/apache/ranger/rest/ServiceREST.java b/security-admin/src/main/java/org/apache/ranger/rest/ServiceREST.java
index 38b4982..82e67e6 100644
--- a/security-admin/src/main/java/org/apache/ranger/rest/ServiceREST.java
+++ b/security-admin/src/main/java/org/apache/ranger/rest/ServiceREST.java
@@ -1687,12 +1687,12 @@ public class ServiceREST {
 						}
 						if (StringUtils.isNotBlank(zoneName)) {
 							existingPolicy = getPolicyByNameAndZone(policy.getService(), policy.getName(), policy.getZoneName());
-							if(existingPolicy==null) {
+							if (existingPolicy == null && policy.getGuid() != null) {
 								existingPolicy = getPolicyByGuid(policy.getGuid(), policy.getService(), policy.getZoneName());
 							}
 						} else {
 							existingPolicy = getPolicyByName(policy.getService(), policy.getName());
-							if(existingPolicy==null) {
+							if (existingPolicy == null && policy.getGuid() != null) {
 								existingPolicy = getPolicyByGuid(policy.getGuid(), policy.getService(), null);
 							}
 						}
diff --git a/security-admin/src/main/java/org/apache/ranger/rest/ServiceRESTUtil.java b/security-admin/src/main/java/org/apache/ranger/rest/ServiceRESTUtil.java
index d85028c..640d3c3 100644
--- a/security-admin/src/main/java/org/apache/ranger/rest/ServiceRESTUtil.java
+++ b/security-admin/src/main/java/org/apache/ranger/rest/ServiceRESTUtil.java
@@ -329,8 +329,8 @@ public class ServiceRESTUtil {
 
 			// Split existing policyItems for users and groups extracted from appliedPolicyItem into userPolicyItems and groupPolicyItems
 			splitExistingPolicyItems(existingPolicy, users, userPolicyItems, groups, groupPolicyItems, roles, rolePolicyItems);
-			// Apply policyItems of given type in appliedPolicy to policyItems extracted from existingPolicy
-			mergePolicyItems(appliedPolicyItems, policyItemType, userPolicyItems, groupPolicyItems);
+			// Apply policyItems of given type in appliedPlicy to policyItems extracted from existingPolicy
+			mergePolicyItems(appliedPolicyItems, policyItemType, userPolicyItems, groupPolicyItems, rolePolicyItems);
 			// Add modified/new policyItems back to existing policy
 			mergeProcessedPolicyItems(existingPolicy, userPolicyItems, groupPolicyItems, rolePolicyItems);
 			compactPolicy(existingPolicy);
@@ -422,7 +422,6 @@ public class ServiceRESTUtil {
 			policyItem = splitAndGetConsolidatedPolicyItemForGroup(denyExceptionItems, group);
 			value[POLICYITEM_TYPE.DENY_EXCEPTIONS.ordinal()] = policyItem;
 		}
-
 		for (String role : roles) {
 			RangerPolicy.RangerPolicyItem value[] = rolePolicyItems.get(role);
 			if (value == null) {
@@ -666,7 +665,8 @@ public class ServiceRESTUtil {
 
 	static private void mergePolicyItems(List<RangerPolicy.RangerPolicyItem> appliedPolicyItems,
 			POLICYITEM_TYPE policyItemType, Map<String, RangerPolicy.RangerPolicyItem[]> existingUserPolicyItems,
-			Map<String, RangerPolicy.RangerPolicyItem[]> existingGroupPolicyItems) {
+			Map<String, RangerPolicy.RangerPolicyItem[]> existingGroupPolicyItems,
+			Map<String, RangerPolicy.RangerPolicyItem[]> existingRolePolicyItems ) {
 		if (LOG.isDebugEnabled()) {
 			LOG.debug("==> ServiceRESTUtil.mergePolicyItems()");
 		}
@@ -696,6 +696,20 @@ public class ServiceRESTUtil {
 				addPolicyItemForGroup(items, policyItemType.ordinal(), group, policyItem);
 			}
 		}
+
+		for (RangerPolicy.RangerPolicyItem policyItem : appliedPolicyItems) {
+			List<String> roles = policyItem.getRoles();
+			for (String role : roles) {
+				RangerPolicy.RangerPolicyItem[] items = existingRolePolicyItems.get(role);
+				if (items == null) {
+					// Should not get here
+					items = new RangerPolicy.RangerPolicyItem[4];
+					existingRolePolicyItems.put(role, items);
+				}
+				addPolicyItemForRole(items, policyItemType.ordinal(), role, policyItem);
+			}
+		}
+
 		if (LOG.isDebugEnabled()) {
 			LOG.debug("<== ServiceRESTUtil.mergePolicyItems()");
 		}