You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@ranger.apache.org by rm...@apache.org on 2020/05/28 16:50:10 UTC
[ranger] branch master updated: RANGER-2828:RangerExportPolicy with
resource filter fails to fetch policies
This is an automated email from the ASF dual-hosted git repository.
rmani pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/ranger.git
The following commit(s) were added to refs/heads/master by this push:
new 3a4a313 RANGER-2828:RangerExportPolicy with resource filter fails to fetch policies
3a4a313 is described below
commit 3a4a313e5ed97c7d36340ef59b6a4038e7bae89f
Author: Ramesh Mani <ra...@gmail.com>
AuthorDate: Sat May 23 12:36:06 2020 -0700
RANGER-2828:RangerExportPolicy with resource filter fails to fetch policies
---
.../java/org/apache/ranger/biz/ServiceDBStore.java | 103 ++++++++++++++++-----
.../org/apache/ranger/biz/TestServiceDBStore.java | 1 -
2 files changed, 82 insertions(+), 22 deletions(-)
diff --git a/security-admin/src/main/java/org/apache/ranger/biz/ServiceDBStore.java b/security-admin/src/main/java/org/apache/ranger/biz/ServiceDBStore.java
index ed69761..c6308ee 100644
--- a/security-admin/src/main/java/org/apache/ranger/biz/ServiceDBStore.java
+++ b/security-admin/src/main/java/org/apache/ranger/biz/ServiceDBStore.java
@@ -2544,10 +2544,13 @@ public class ServiceDBStore extends AbstractServiceStore {
boolean useLegacyResourceSearch = true;
+ Map<String, String> paramsCopy = new HashMap<>(filter.getParams());
+ SearchFilter searchFilter = new SearchFilter(paramsCopy);
+
if (MapUtils.isNotEmpty(filterResources) && resourceMatchScope != null) {
useLegacyResourceSearch = false;
for (Map.Entry<String, String> entry : filterResources.entrySet()) {
- filter.removeParam(SearchFilter.RESOURCE_PREFIX + entry.getKey());
+ searchFilter.removeParam(SearchFilter.RESOURCE_PREFIX + entry.getKey());
}
}
@@ -2556,7 +2559,7 @@ public class ServiceDBStore extends AbstractServiceStore {
}
ret = new ArrayList<>(policies);
- predicateUtil.applyFilter(ret, filter);
+ predicateUtil.applyFilter(ret, searchFilter);
if (!useLegacyResourceSearch && CollectionUtils.isNotEmpty(ret)) {
RangerPolicyResourceMatcher.MatchScope scope;
@@ -2593,7 +2596,7 @@ public class ServiceDBStore extends AbstractServiceStore {
break;
}
- ret = applyResourceFilter(serviceDef, ret, filterResources, filter, scope);
+ ret = applyResourceFilter(serviceDef, ret, filterResources, searchFilter, scope);
}
} else {
ret = policies;
@@ -4691,7 +4694,6 @@ public class ServiceDBStore extends AbstractServiceStore {
RangerPolicyList retList = new RangerPolicyList();
Map<Long,RangerPolicy> policyMap=new HashMap<Long,RangerPolicy>();
Set<Long> processedServices=new HashSet<Long>();
- Set<Long> processedServicesForGroup=new HashSet<Long>();
Set<Long> processedPolicies=new HashSet<Long>();
Comparator<RangerPolicy> comparator = new Comparator<RangerPolicy>() {
public int compare(RangerPolicy c1, RangerPolicy c2) {
@@ -4699,11 +4701,27 @@ public class ServiceDBStore extends AbstractServiceStore {
}
};
- List<XXPolicy> xPolList = (List<XXPolicy>) policyService.searchResources(searchFilter, policyService.searchFields, policyService.sortFields, retList);
- if (!CollectionUtils.isEmpty(xPolList)) {
- for (XXPolicy xXPolicy : xPolList) {
- if(!processedServices.contains(xXPolicy.getService())){
- loadRangerPolicies(xXPolicy.getService(),processedServices,policyMap,searchFilter);
+ List<XXPolicy> xPolList = null;
+ Long serviceId = null;
+ String serviceName = searchFilter.getParam(ServiceREST.PARAM_SERVICE_NAME);
+
+ if (StringUtils.isNotBlank(serviceName)) {
+ serviceId = getRangerServiceByName(serviceName.trim());
+ if (serviceId != null) {
+ loadRangerPolicies(serviceId, processedServices, policyMap, searchFilter);
+ }
+ } else {
+ xPolList = policyService.searchResources(searchFilter, policyService.searchFields, policyService.sortFields, retList);
+ if (!CollectionUtils.isEmpty(xPolList)) {
+ if (isSearchQuerybyResource(searchFilter)) {
+ XXPolicy xXPolicy = xPolList.get(0);
+ loadRangerPolicies(xXPolicy.getService(), processedServices, policyMap, searchFilter);
+ } else {
+ for (XXPolicy xXPolicy : xPolList) {
+ if (!processedServices.contains(xXPolicy.getService())) {
+ loadRangerPolicies(xXPolicy.getService(), processedServices, policyMap, searchFilter);
+ }
+ }
}
}
}
@@ -4712,11 +4730,11 @@ public class ServiceDBStore extends AbstractServiceStore {
searchFilter.removeParam("user");
Set<String> groupNames = daoMgr.getXXGroupUser().findGroupNamesByUserName(userName);
if (!CollectionUtils.isEmpty(groupNames)) {
- List<XXPolicy> xPolList2 = null;
+ Set<Long> processedServicesForGroup=new HashSet<Long>();
+ List<XXPolicy> xPolList2;
for (String groupName : groupNames) {
- xPolList2 = new ArrayList<XXPolicy>();
searchFilter.setParam("group", groupName);
- xPolList2 = (List<XXPolicy>) policyService.searchResources(searchFilter, policyService.searchFields, policyService.sortFields, retList);
+ xPolList2 = policyService.searchResources(searchFilter, policyService.searchFields, policyService.sortFields, retList);
if (!CollectionUtils.isEmpty(xPolList2)) {
for (XXPolicy xPol2 : xPolList2) {
if(xPol2!=null){
@@ -4736,25 +4754,68 @@ public class ServiceDBStore extends AbstractServiceStore {
}
}
if (!CollectionUtils.isEmpty(xPolList)) {
- for (XXPolicy xPol : xPolList) {
- if(xPol!=null){
- if(!processedPolicies.contains(xPol.getId())){
- if(!processedServices.contains(xPol.getService())){
- loadRangerPolicies(xPol.getService(),processedServices,policyMap,searchFilter);
- }
- if(policyMap.containsKey(xPol.getId())){
- policyList.add(policyMap.get(xPol.getId()));
- processedPolicies.add(xPol.getId());
+ if (isSearchQuerybyResource(searchFilter)) {
+ if (MapUtils.isNotEmpty(policyMap)) {
+ for(Entry<Long,RangerPolicy> entry:policyMap.entrySet()) {
+ policyList.add(entry.getValue());
+ processedPolicies.add(entry.getKey());
+ }
+ }
+ } else {
+ for (XXPolicy xPol : xPolList) {
+ if (xPol != null) {
+ if (!processedPolicies.contains(xPol.getId())) {
+ if (!processedServices.contains(xPol.getService())) {
+ loadRangerPolicies(xPol.getService(), processedServices, policyMap, searchFilter);
+ }
+ if (policyMap.containsKey(xPol.getId())) {
+ policyList.add(policyMap.get(xPol.getId()));
+ processedPolicies.add(xPol.getId());
+ }
}
}
}
}
+ } else {
+ if (MapUtils.isNotEmpty(policyMap)) {
+ for(Entry<Long,RangerPolicy> entry:policyMap.entrySet()) {
+ policyList.add(entry.getValue());
+ processedPolicies.add(entry.getKey());
+ }
+ }
+ }
+
+ if (CollectionUtils.isNotEmpty(policyList)) {
Collections.sort(policyList, comparator);
}
retList.setPolicies(policyList);
return retList;
}
+ private boolean isSearchQuerybyResource(SearchFilter searchFilter) {
+ boolean ret = false;
+ Map<String, String> filterResourcesPrefix = searchFilter.getParamsWithPrefix(SearchFilter.RESOURCE_PREFIX, true);
+ if(MapUtils.isNotEmpty(filterResourcesPrefix)) {
+ ret = true;
+ }
+ if(!ret) {
+ Map<String, String> filterResourcesPolResource = searchFilter.getParamsWithPrefix(SearchFilter.POL_RESOURCE, true);
+ if (MapUtils.isNotEmpty(filterResourcesPolResource)) {
+ ret = true;
+ }
+ }
+ return ret;
+ }
+
+ private Long getRangerServiceByName(String name) {
+ XXService xxService = null;
+ XXServiceDao xxServiceDao = daoMgr.getXXService();
+ if (xxServiceDao != null ) {
+ xxService = xxServiceDao.findByName(name);
+ }
+ return xxService == null ? null : xxService.getId();
+ }
+
private void loadRangerPolicies(Long serviceId,Set<Long> processedServices,Map<Long,RangerPolicy> policyMap,SearchFilter searchFilter){
try {
List<RangerPolicy> tempPolicyList = getServicePolicies(serviceId,searchFilter);
diff --git a/security-admin/src/test/java/org/apache/ranger/biz/TestServiceDBStore.java b/security-admin/src/test/java/org/apache/ranger/biz/TestServiceDBStore.java
index c219e6c..9677b4d 100644
--- a/security-admin/src/test/java/org/apache/ranger/biz/TestServiceDBStore.java
+++ b/security-admin/src/test/java/org/apache/ranger/biz/TestServiceDBStore.java
@@ -2145,7 +2145,6 @@ public class TestServiceDBStore {
//PList<RangerPolicy> dbRangerPolicyList =
serviceDBStore.getPaginatedServicePolicies(rangerService.getId(), filter);
- Mockito.verify(daoManager).getXXService();
}
@Test