You are viewing a plain text version of this content. The canonical link for it is here.

Posted to commits@ranger.apache.org by ab...@apache.org on 2019/05/14 17:52:37 UTC

[ranger] branch master updated: RANGER-2427: Tag policies are not evaluated if no security zones are configured

This is an automated email from the ASF dual-hosted git repository.

abhay pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/ranger.git


The following commit(s) were added to refs/heads/master by this push:
     new f2da997  RANGER-2427: Tag policies are not evaluated if no security zones are configured
f2da997 is described below

commit f2da9978b593cc777d78d18f54d292c00f18f4ca
Author: Abhay Kulkarni <ab...@apache.org>
AuthorDate: Tue May 14 10:52:24 2019 -0700

    RANGER-2427: Tag policies are not evaluated if no security zones are configured
---
 .../org/apache/ranger/plugin/policyengine/RangerPolicyEngineImpl.java | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/agents-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerPolicyEngineImpl.java b/agents-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerPolicyEngineImpl.java
index 365edcf..eab2c23 100644
--- a/agents-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerPolicyEngineImpl.java
+++ b/agents-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerPolicyEngineImpl.java
@@ -1375,9 +1375,9 @@ public class RangerPolicyEngineImpl implements RangerPolicyEngine {
 				RangerPolicyEvaluator evaluator = policyEvaluator.getEvaluator();
 
 				String policyZoneName = evaluator.getPolicy().getZoneName();
-				if (!StringUtils.equals(zoneName, policyZoneName)) {
+				if (!(StringUtils.isEmpty(policyZoneName) && StringUtils.isEmpty(zoneName)) && !StringUtils.equals(zoneName, policyZoneName)) {
 					if (LOG.isDebugEnabled()) {
-						LOG.debug("Tag policy does not belong to the zone:[" + zoneName + "] of the accessed resource. Not evaluating this policy:[" + evaluator.getPolicy() + "]");
+						LOG.debug("Tag policy [zone:" + policyZoneName + "] does not belong to the zone:[" + zoneName + "] of the accessed resource. Not evaluating this policy:[" + evaluator.getPolicy() + "]");
 					}
 					continue;
 				}