You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@ranger.apache.org by ab...@apache.org on 2022/05/19 03:07:32 UTC
[ranger] branch master updated: RANGER-3769: Removing a tag-service association from a service does not update policy engine
This is an automated email from the ASF dual-hosted git repository.
abhay pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/ranger.git
The following commit(s) were added to refs/heads/master by this push:
new 48c0551b4 RANGER-3769: Removing a tag-service association from a service does not update policy engine
48c0551b4 is described below
commit 48c0551b47c41d0b9688fd3cdbf6d2c894bac82c
Author: Abhay Kulkarni <ab...@apache.org>
AuthorDate: Wed May 18 20:07:19 2022 -0700
RANGER-3769: Removing a tag-service association from a service does not update policy engine
---
.../apache/ranger/plugin/util/RangerPolicyDeltaUtil.java | 14 ++++++++++++--
.../java/org/apache/ranger/biz/RangerPolicyAdminCache.java | 4 ++++
2 files changed, 16 insertions(+), 2 deletions(-)
diff --git a/agents-common/src/main/java/org/apache/ranger/plugin/util/RangerPolicyDeltaUtil.java b/agents-common/src/main/java/org/apache/ranger/plugin/util/RangerPolicyDeltaUtil.java
index 43a494093..e9223fe69 100644
--- a/agents-common/src/main/java/org/apache/ranger/plugin/util/RangerPolicyDeltaUtil.java
+++ b/agents-common/src/main/java/org/apache/ranger/plugin/util/RangerPolicyDeltaUtil.java
@@ -228,9 +228,19 @@ public class RangerPolicyDeltaUtil {
LOG.warn("Downloaded ServicePolicies are [" + servicePolicies + "]");
ret = null;
} else if (!isPoliciesExist && !isPolicyDeltasExist) {
- LOG.warn("ServicePolicies do not contain any policies or policy-deltas!! There are no material changes in the policies.");
+ LOG.warn("ServicePolicies do not contain any policies or policy-deltas!!");
LOG.warn("Downloaded ServicePolicies are [" + servicePolicies + "]");
- ret = null;
+ if (servicePolicies.getPolicyDeltas() == null) {
+ if (LOG.isDebugEnabled()) {
+ LOG.debug("Complete set of servicePolicies is received. There may be a change to service. Forcing to create a new policy engine!");
+ }
+ ret = false; // Force new policy engine creation from servicePolicies
+ } else {
+ if (LOG.isDebugEnabled()) {
+ LOG.debug("servicePolicy deltas are received. There are no material changes in the policies.");
+ }
+ ret = null;
+ }
} else {
ret = isPolicyDeltasExist;
}
diff --git a/security-admin/src/main/java/org/apache/ranger/biz/RangerPolicyAdminCache.java b/security-admin/src/main/java/org/apache/ranger/biz/RangerPolicyAdminCache.java
index 1ca4415ae..a64e427c5 100644
--- a/security-admin/src/main/java/org/apache/ranger/biz/RangerPolicyAdminCache.java
+++ b/security-admin/src/main/java/org/apache/ranger/biz/RangerPolicyAdminCache.java
@@ -19,6 +19,7 @@
package org.apache.ranger.biz;
+import java.util.ArrayList;
import java.util.Collections;
import java.util.HashMap;
import java.util.Map;
@@ -159,6 +160,9 @@ public class RangerPolicyAdminCache {
LOG.error("Old policy engine is null! Cannot apply deltas without old policy engine!");
}
} else {
+ if (policies.getPolicies() == null) {
+ policies.setPolicies(new ArrayList<>());
+ }
policyAdmin = addPolicyAdmin(policies, roles, options);
}
} else {