You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@ranger.apache.org by me...@apache.org on 2022/04/28 06:13:49 UTC
[ranger] branch master updated: RANGER-3724: Create Ranger Admin API to refresh policy cache
This is an automated email from the ASF dual-hosted git repository.
mehul pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/ranger.git
The following commit(s) were added to refs/heads/master by this push:
new a613abdc7 RANGER-3724: Create Ranger Admin API to refresh policy cache
a613abdc7 is described below
commit a613abdc75933077317507c2229722b4d178c670
Author: Kishor Gollapalliwar <ki...@gmail.com>
AuthorDate: Wed Apr 27 18:57:43 2022 +0530
RANGER-3724: Create Ranger Admin API to refresh policy cache
Signed-off-by: Mehul Parikh <me...@apache.org>
---
.../java/org/apache/ranger/biz/ServiceDBStore.java | 14 +++++++
.../ranger/common/RangerServicePoliciesCache.java | 44 ++++++++++++++++++++++
.../java/org/apache/ranger/rest/ServiceREST.java | 42 +++++++++++++++++++--
3 files changed, 97 insertions(+), 3 deletions(-)
diff --git a/security-admin/src/main/java/org/apache/ranger/biz/ServiceDBStore.java b/security-admin/src/main/java/org/apache/ranger/biz/ServiceDBStore.java
index f58dcd2be..41fb3bb96 100644
--- a/security-admin/src/main/java/org/apache/ranger/biz/ServiceDBStore.java
+++ b/security-admin/src/main/java/org/apache/ranger/biz/ServiceDBStore.java
@@ -3022,6 +3022,20 @@ public class ServiceDBStore extends AbstractServiceStore {
return ret;
}
+ public boolean resetPolicyCache(final String serviceName) {
+ if (LOG.isDebugEnabled()) {
+ LOG.debug("==> ServiceDBStore.resetPolicyCache(" + serviceName + ")");
+ }
+
+ boolean ret = RangerServicePoliciesCache.getInstance().resetCache(serviceName);
+
+ if (LOG.isDebugEnabled()) {
+ LOG.debug("<== ServiceDBStore.resetPolicyCache(): ret=" + ret);
+ }
+
+ return ret;
+ }
+
private static class RangerPolicyDeltaComparator implements Comparator<RangerPolicyDelta>, java.io.Serializable {
@Override
public int compare(RangerPolicyDelta me, RangerPolicyDelta other) {
diff --git a/security-admin/src/main/java/org/apache/ranger/common/RangerServicePoliciesCache.java b/security-admin/src/main/java/org/apache/ranger/common/RangerServicePoliciesCache.java
index ba38836ac..b1447829b 100644
--- a/security-admin/src/main/java/org/apache/ranger/common/RangerServicePoliciesCache.java
+++ b/security-admin/src/main/java/org/apache/ranger/common/RangerServicePoliciesCache.java
@@ -139,6 +139,50 @@ public class RangerServicePoliciesCache {
return ret;
}
+ /**
+ * Reset policy cache using serviceName if provided.
+ * If serviceName is empty, reset everything.
+ * @param serviceName
+ * @return true if was able to reset policy cache, false otherwise
+ */
+ public boolean resetCache(final String serviceName) {
+ if (LOG.isDebugEnabled()) {
+ LOG.debug("==> RangerServicePoliciesCache.resetCache({})", serviceName);
+ }
+
+ boolean ret = false;
+ synchronized (this) {
+ if (!servicePoliciesMap.isEmpty()) {
+ if (StringUtils.isBlank(serviceName)) {
+ servicePoliciesMap.clear();
+ if (LOG.isDebugEnabled()) {
+ LOG.debug("RangerServicePoliciesCache.resetCache(): Removed policy caching for all services.");
+ }
+ ret = true;
+ } else {
+ ServicePoliciesWrapper removedServicePoliciesWrapper = servicePoliciesMap.remove(serviceName.trim()); // returns null if key not found
+ ret = removedServicePoliciesWrapper != null;
+
+ if (ret) {
+ if (LOG.isDebugEnabled()) {
+ LOG.debug("RangerServicePoliciesCache.resetCache(): Removed policy caching for [{}] service.", serviceName);
+ }
+ } else {
+ LOG.warn("RangerServicePoliciesCache.resetCache(): Caching for [{}] service not found, hence reset is skipped.", serviceName);
+ }
+ }
+ } else {
+ LOG.warn("RangerServicePoliciesCache.resetCache(): Policy cache is already empty.");
+ }
+ }
+
+ if (LOG.isDebugEnabled()) {
+ LOG.debug("<== RangerServicePoliciesCache.resetCache(): ret={}", ret);
+ }
+
+ return ret;
+ }
+
private class ServicePoliciesWrapper {
final Long serviceId;
ServicePolicies servicePolicies;
diff --git a/security-admin/src/main/java/org/apache/ranger/rest/ServiceREST.java b/security-admin/src/main/java/org/apache/ranger/rest/ServiceREST.java
index 2d2c80fc1..1aa861424 100644
--- a/security-admin/src/main/java/org/apache/ranger/rest/ServiceREST.java
+++ b/security-admin/src/main/java/org/apache/ranger/rest/ServiceREST.java
@@ -1596,8 +1596,8 @@ public class ServiceREST {
LOG.debug("<== ServiceREST.secureRevokeAccess(" + serviceName + ", " + revokeRequest + "): " + ret);
}
return ret;
- }
-
+ }
+
@POST
@Path("/policies")
@Produces({ "application/json", "application/xml" })
@@ -1908,7 +1908,7 @@ public class ServiceREST {
return ret;
}
- @GET
+ @GET
@Path("/policies")
@Produces({ "application/json", "application/xml" })
public RangerPolicyList getPolicies(@Context HttpServletRequest request) {
@@ -1957,6 +1957,42 @@ public class ServiceREST {
return ret;
}
+ @GET
+ @Path("/policies/cache/reset")
+ @Produces({ "application/json", "application/xml" })
+ public boolean resetPolicyCache(@QueryParam("name") String name) {
+ if (LOG.isDebugEnabled()) {
+ LOG.debug("==> ServiceREST.resetPolicyCache(" + name + ")");
+ }
+
+ // check for ADMIN access
+ if (!bizUtil.isAdmin()) {
+ boolean isServiceAdmin = false;
+ String loggedInUser = bizUtil.getCurrentUserLoginId();
+
+ if (StringUtils.isNotEmpty(name)) {
+ try {
+ RangerService rangerService = svcStore.getServiceByName(name);
+ isServiceAdmin = bizUtil.isUserServiceAdmin(rangerService, loggedInUser);
+ } catch (Exception e) {
+ LOG.warn("Failed to find if user [" + loggedInUser + "] has service admin privileges on service [" + name + "]", e);
+ }
+ }
+
+ if (!isServiceAdmin) {
+ throw restErrorUtil.createRESTException("User cannot reset policy cache", MessageEnums.OPER_NO_PERMISSION);
+ }
+ }
+
+ boolean ret = svcStore.resetPolicyCache(name);
+
+ if (LOG.isDebugEnabled()) {
+ LOG.debug("<== ServiceREST.resetPolicyCache(): ret=" + ret);
+ }
+
+ return ret;
+ }
+
@GET
@Path("/policies/downloadExcel")
@Produces("application/ms-excel")