You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@ranger.apache.org by rm...@apache.org on 2021/10/19 17:19:22 UTC
[ranger] branch ranger-2.2 updated: RANGER-3481: Incremental policy
updates do not work correctly for multiple security zones
This is an automated email from the ASF dual-hosted git repository.
rmani pushed a commit to branch ranger-2.2
in repository https://gitbox.apache.org/repos/asf/ranger.git
The following commit(s) were added to refs/heads/ranger-2.2 by this push:
new 07bac57 RANGER-3481: Incremental policy updates do not work correctly for multiple security zones
07bac57 is described below
commit 07bac5789bbf7103941cf8f9355f9e9502a5e17f
Author: Abhay Kulkarni <ab...@apache.org>
AuthorDate: Wed Oct 13 13:45:20 2021 -0700
RANGER-3481: Incremental policy updates do not work correctly for multiple security zones
---
.../ranger/plugin/policyengine/PolicyEngine.java | 20 +++++++-------------
.../ranger/plugin/util/RangerPolicyDeltaUtil.java | 2 +-
2 files changed, 8 insertions(+), 14 deletions(-)
diff --git a/agents-common/src/main/java/org/apache/ranger/plugin/policyengine/PolicyEngine.java b/agents-common/src/main/java/org/apache/ranger/plugin/policyengine/PolicyEngine.java
index eee1b7a..7299387 100644
--- a/agents-common/src/main/java/org/apache/ranger/plugin/policyengine/PolicyEngine.java
+++ b/agents-common/src/main/java/org/apache/ranger/plugin/policyengine/PolicyEngine.java
@@ -849,22 +849,16 @@ public class PolicyEngine {
Map<String, List<RangerPolicyDelta>> zoneDeltasMap = new HashMap<>();
for (Map.Entry<String, ServicePolicies.SecurityZoneInfo> zone : servicePolicies.getSecurityZones().entrySet()) {
- List<RangerPolicyDelta> deltas = zone.getValue().getPolicyDeltas();
+ String zoneName = zone.getKey();
+ List<RangerPolicyDelta> deltas = zone.getValue().getPolicyDeltas();
+ List<RangerPolicyDelta> zoneDeltas = new ArrayList<>();
- for (RangerPolicyDelta delta : deltas) {
- String zoneName = delta.getZoneName();
-
- if (StringUtils.isNotEmpty(zoneName)) {
- List<RangerPolicyDelta> zoneDeltas = zoneDeltasMap.get(zoneName);
-
- if (zoneDeltas == null) {
- zoneDeltas = new ArrayList<>();
- zoneDeltasMap.put(zoneName, zoneDeltas);
- }
+ if (StringUtils.isNotEmpty(zoneName)) {
+ zoneDeltasMap.put(zoneName, zoneDeltas);
+ for (RangerPolicyDelta delta : deltas) {
+ zoneDeltas = zoneDeltasMap.get(zoneName);
zoneDeltas.add(delta);
- } else {
- LOG.warn("policyDelta : [" + delta + "] does not belong to any zone. Should not have come here.");
}
}
}
diff --git a/agents-common/src/main/java/org/apache/ranger/plugin/util/RangerPolicyDeltaUtil.java b/agents-common/src/main/java/org/apache/ranger/plugin/util/RangerPolicyDeltaUtil.java
index 8866eed..38c62ed 100644
--- a/agents-common/src/main/java/org/apache/ranger/plugin/util/RangerPolicyDeltaUtil.java
+++ b/agents-common/src/main/java/org/apache/ranger/plugin/util/RangerPolicyDeltaUtil.java
@@ -134,7 +134,7 @@ public class RangerPolicyDeltaUtil {
}
} else {
if (LOG.isDebugEnabled()) {
- LOG.warn("Unexpected : applyDeltas called with deltas=null");
+ LOG.debug("applyDeltas called with empty deltas. Will return policies without change");
}
ret = policies;
}