You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@ranger.apache.org by me...@apache.org on 2020/04/14 11:59:02 UTC
[ranger] 01/03: RANGER-2772 : added functionality to marge role
while using mergeIfExists parameter
This is an automated email from the ASF dual-hosted git repository.
mehul pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/ranger.git
commit 5b23eff7d1ce5b4cbd0fa1b7ad4709f7e48cd10f
Author: Dineshkumar Yadav <di...@outlook.com>
AuthorDate: Wed Apr 8 12:12:35 2020 +0530
RANGER-2772 : added functionality to marge role while using mergeIfExists parameter
Signed-off-by: Mehul Parikh <me...@apache.org>
---
.../java/org/apache/ranger/rest/ServiceREST.java | 4 ++--
.../org/apache/ranger/rest/ServiceRESTUtil.java | 22 ++++++++++++++++++----
2 files changed, 20 insertions(+), 6 deletions(-)
diff --git a/security-admin/src/main/java/org/apache/ranger/rest/ServiceREST.java b/security-admin/src/main/java/org/apache/ranger/rest/ServiceREST.java
index 38b4982..82e67e6 100644
--- a/security-admin/src/main/java/org/apache/ranger/rest/ServiceREST.java
+++ b/security-admin/src/main/java/org/apache/ranger/rest/ServiceREST.java
@@ -1687,12 +1687,12 @@ public class ServiceREST {
}
if (StringUtils.isNotBlank(zoneName)) {
existingPolicy = getPolicyByNameAndZone(policy.getService(), policy.getName(), policy.getZoneName());
- if(existingPolicy==null) {
+ if (existingPolicy == null && policy.getGuid() != null) {
existingPolicy = getPolicyByGuid(policy.getGuid(), policy.getService(), policy.getZoneName());
}
} else {
existingPolicy = getPolicyByName(policy.getService(), policy.getName());
- if(existingPolicy==null) {
+ if (existingPolicy == null && policy.getGuid() != null) {
existingPolicy = getPolicyByGuid(policy.getGuid(), policy.getService(), null);
}
}
diff --git a/security-admin/src/main/java/org/apache/ranger/rest/ServiceRESTUtil.java b/security-admin/src/main/java/org/apache/ranger/rest/ServiceRESTUtil.java
index d85028c..640d3c3 100644
--- a/security-admin/src/main/java/org/apache/ranger/rest/ServiceRESTUtil.java
+++ b/security-admin/src/main/java/org/apache/ranger/rest/ServiceRESTUtil.java
@@ -329,8 +329,8 @@ public class ServiceRESTUtil {
// Split existing policyItems for users and groups extracted from appliedPolicyItem into userPolicyItems and groupPolicyItems
splitExistingPolicyItems(existingPolicy, users, userPolicyItems, groups, groupPolicyItems, roles, rolePolicyItems);
- // Apply policyItems of given type in appliedPolicy to policyItems extracted from existingPolicy
- mergePolicyItems(appliedPolicyItems, policyItemType, userPolicyItems, groupPolicyItems);
+ // Apply policyItems of given type in appliedPlicy to policyItems extracted from existingPolicy
+ mergePolicyItems(appliedPolicyItems, policyItemType, userPolicyItems, groupPolicyItems, rolePolicyItems);
// Add modified/new policyItems back to existing policy
mergeProcessedPolicyItems(existingPolicy, userPolicyItems, groupPolicyItems, rolePolicyItems);
compactPolicy(existingPolicy);
@@ -422,7 +422,6 @@ public class ServiceRESTUtil {
policyItem = splitAndGetConsolidatedPolicyItemForGroup(denyExceptionItems, group);
value[POLICYITEM_TYPE.DENY_EXCEPTIONS.ordinal()] = policyItem;
}
-
for (String role : roles) {
RangerPolicy.RangerPolicyItem value[] = rolePolicyItems.get(role);
if (value == null) {
@@ -666,7 +665,8 @@ public class ServiceRESTUtil {
static private void mergePolicyItems(List<RangerPolicy.RangerPolicyItem> appliedPolicyItems,
POLICYITEM_TYPE policyItemType, Map<String, RangerPolicy.RangerPolicyItem[]> existingUserPolicyItems,
- Map<String, RangerPolicy.RangerPolicyItem[]> existingGroupPolicyItems) {
+ Map<String, RangerPolicy.RangerPolicyItem[]> existingGroupPolicyItems,
+ Map<String, RangerPolicy.RangerPolicyItem[]> existingRolePolicyItems ) {
if (LOG.isDebugEnabled()) {
LOG.debug("==> ServiceRESTUtil.mergePolicyItems()");
}
@@ -696,6 +696,20 @@ public class ServiceRESTUtil {
addPolicyItemForGroup(items, policyItemType.ordinal(), group, policyItem);
}
}
+
+ for (RangerPolicy.RangerPolicyItem policyItem : appliedPolicyItems) {
+ List<String> roles = policyItem.getRoles();
+ for (String role : roles) {
+ RangerPolicy.RangerPolicyItem[] items = existingRolePolicyItems.get(role);
+ if (items == null) {
+ // Should not get here
+ items = new RangerPolicy.RangerPolicyItem[4];
+ existingRolePolicyItems.put(role, items);
+ }
+ addPolicyItemForRole(items, policyItemType.ordinal(), role, policyItem);
+ }
+ }
+
if (LOG.isDebugEnabled()) {
LOG.debug("<== ServiceRESTUtil.mergePolicyItems()");
}