You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@ranger.apache.org by pr...@apache.org on 2020/05/16 07:08:18 UTC
[ranger] branch master updated: RANGER-2817: Service configuration update does not cause policies in the service to get downloaded to plugin

This is an automated email from the ASF dual-hosted git repository.

pradeep pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/ranger.git


The following commit(s) were added to refs/heads/master by this push:
     new acd7516  RANGER-2817: Service configuration update does not cause policies in the service to get downloaded to plugin
acd7516 is described below

commit acd7516eea2e11921a42478b717d58f2bead54e8
Author: maheshbandal <ma...@gmail.com>
AuthorDate: Fri May 15 13:42:31 2020 +0530

    RANGER-2817: Service configuration update does not cause policies in the service to get downloaded to plugin
    
    Signed-off-by: pradeep <pr...@apache.org>
---
 .../java/org/apache/ranger/biz/ServiceDBStore.java | 48 +++++++++++-------
 .../org/apache/ranger/biz/TestServiceDBStore.java  | 59 ++++++++++++++++++++++
 2 files changed, 88 insertions(+), 19 deletions(-)

diff --git a/security-admin/src/main/java/org/apache/ranger/biz/ServiceDBStore.java b/security-admin/src/main/java/org/apache/ranger/biz/ServiceDBStore.java
index 857a597..ed69761 100644
--- a/security-admin/src/main/java/org/apache/ranger/biz/ServiceDBStore.java
+++ b/security-admin/src/main/java/org/apache/ranger/biz/ServiceDBStore.java
@@ -243,6 +243,8 @@ public class ServiceDBStore extends AbstractServiceStore {
 	public static Integer RETENTION_PERIOD_IN_DAYS = 7;
 	public static Integer TAG_RETENTION_PERIOD_IN_DAYS = 3;
 
+	private static final String RANGER_PLUGIN_CONFIG_PREFIX = "ranger.plugin.";
+
 	static {
 		try {
 			LOCAL_HOSTNAME = java.net.InetAddress.getLocalHost().getCanonicalHostName();
@@ -1657,7 +1659,7 @@ public class ServiceDBStore extends AbstractServiceStore {
 		boolean hasIsEnabledChanged = !existing.getIsenabled().equals(service.getIsEnabled());
 
 		List<XXServiceConfigMap> dbConfigMaps = daoMgr.getXXServiceConfigMap().findByServiceId(service.getId());
-		boolean hasExcludedUGRConfigChanged = hasExcludedUGRConfigChanged(dbConfigMaps, validConfigs);
+		boolean hasServiceConfigForPluginChanged = hasServiceConfigForPluginChanged(dbConfigMaps, validConfigs);
 
 		List<XXTrxLog> trxLogList = svcService.getTransactionLog(service, existing, RangerServiceService.OPERATION_UPDATE_CONTEXT);
 
@@ -1671,7 +1673,7 @@ public class ServiceDBStore extends AbstractServiceStore {
 			service.setVersion(existing.getVersion());
 			service = svcService.update(service);
 
-			if (hasTagServiceValueChanged || hasIsEnabledChanged || hasExcludedUGRConfigChanged) {
+			if (hasTagServiceValueChanged || hasIsEnabledChanged || hasServiceConfigForPluginChanged) {
 				updatePolicyVersion(service, RangerPolicyDelta.CHANGE_TYPE_SERVICE_CHANGE, null, false);
 			}
 		}
@@ -5375,7 +5377,7 @@ public class ServiceDBStore extends AbstractServiceStore {
 		List<XXServiceConfigMap> xxServiceConfigMaps = daoMgr.getXXServiceConfigMap().findByServiceId(serviceId);
 		if (CollectionUtils.isNotEmpty(xxServiceConfigMaps)) {
 			for (XXServiceConfigMap svcConfMap : xxServiceConfigMaps) {
-				if (StringUtils.startsWith(svcConfMap.getConfigkey(), "ranger.plugin.")) {
+				if (StringUtils.startsWith(svcConfMap.getConfigkey(), RANGER_PLUGIN_CONFIG_PREFIX)) {
 					configs.put(svcConfMap.getConfigkey(), svcConfMap.getConfigvalue());
 				}
 			}
@@ -5383,23 +5385,31 @@ public class ServiceDBStore extends AbstractServiceStore {
 		return configs;
 	}
 
-	private boolean hasExcludedUGRConfigChanged(List<XXServiceConfigMap> dbConfigMaps, Map<String, String> validConfigs) {
+	boolean hasServiceConfigForPluginChanged(List<XXServiceConfigMap> dbConfigMaps, Map<String, String> validConfigs) {
 		boolean ret = false;
-		String auditExcludeUsers = null;
-		String auditExcludeGroups = null;
-		String auditExcludeRoles = null;
-		for (XXServiceConfigMap dbConfigMap : dbConfigMaps) {
-			if (StringUtils.equalsIgnoreCase(dbConfigMap.getConfigkey(), RangerPolicyEngine.PLUGIN_AUDIT_EXCLUDE_USERS)) {
-				auditExcludeUsers = StringUtils.trimToEmpty(dbConfigMap.getConfigvalue());
-			} else if (StringUtils.equalsIgnoreCase(dbConfigMap.getConfigkey(), RangerPolicyEngine.PLUGIN_AUDIT_EXCLUDE_GROUPS)) {
-				auditExcludeGroups = StringUtils.trimToEmpty(dbConfigMap.getConfigvalue());
-			} else if (StringUtils.equalsIgnoreCase(dbConfigMap.getConfigkey(), RangerPolicyEngine.PLUGIN_AUDIT_EXCLUDE_ROLES)) {
-				auditExcludeRoles = StringUtils.trimToEmpty(dbConfigMap.getConfigvalue());
-			}
-		}
-		ret = !StringUtils.equals(auditExcludeUsers, validConfigs.get(RangerPolicyEngine.PLUGIN_AUDIT_EXCLUDE_USERS))
-				|| !StringUtils.equals(auditExcludeGroups, validConfigs.get(RangerPolicyEngine.PLUGIN_AUDIT_EXCLUDE_GROUPS))
-				|| !StringUtils.equals(auditExcludeRoles, validConfigs.get(RangerPolicyEngine.PLUGIN_AUDIT_EXCLUDE_ROLES));
+		Map<String, String> configs = new HashMap<String, String>();
+		if (CollectionUtils.isNotEmpty(dbConfigMaps)) {
+			for (XXServiceConfigMap dbConfigMap : dbConfigMaps) {
+				if (StringUtils.startsWith(dbConfigMap.getConfigkey(), RANGER_PLUGIN_CONFIG_PREFIX)) {
+					configs.put(dbConfigMap.getConfigkey(), dbConfigMap.getConfigvalue());
+				}
+			}
+		}
+		if (MapUtils.isNotEmpty(validConfigs)) {
+			for (String key : validConfigs.keySet()) {
+				if (StringUtils.startsWith(key, RANGER_PLUGIN_CONFIG_PREFIX)) {
+					if (!StringUtils.equals(configs.get(key), validConfigs.get(key))) {
+						return true;
+					} else {
+						configs.remove(key);
+					}
+				}
+			}
+		}
+		if (configs.size() > 0) {
+			return true;
+		}
+
 		return ret;
 	}
 
diff --git a/security-admin/src/test/java/org/apache/ranger/biz/TestServiceDBStore.java b/security-admin/src/test/java/org/apache/ranger/biz/TestServiceDBStore.java
index 69c8a4c..c219e6c 100644
--- a/security-admin/src/test/java/org/apache/ranger/biz/TestServiceDBStore.java
+++ b/security-admin/src/test/java/org/apache/ranger/biz/TestServiceDBStore.java
@@ -2503,4 +2503,63 @@ public class TestServiceDBStore {
 		Mockito.verify(daoManager, Mockito.atLeast(1)).getXXService();
 		Mockito.verify(daoManager).getXXServiceConfigMap();
 	}
+
+	@Test
+	public void test50hasServiceConfigForPluginChanged() throws Exception {
+		String pluginConfigKey = "ranger.plugin.testconfig";
+		String otherConfigKey = "ranger.other.testconfig";
+		Map<String, String> serviceConfigs = rangerService().getConfigs();
+		List<XXServiceConfigMap> xConfMapList = new ArrayList<XXServiceConfigMap>();
+		for (String key : serviceConfigs.keySet()) {
+			XXServiceConfigMap xConfMap = new XXServiceConfigMap();
+			xConfMap.setConfigkey(key);
+			xConfMap.setConfigvalue(serviceConfigs.get(key));
+			xConfMap.setServiceId(Id);
+			xConfMapList.add(xConfMap);
+		}
+
+		Map<String, String> validConfig = new HashMap<String, String>();
+		validConfig.putAll(serviceConfigs);
+		Assert.assertFalse(serviceDBStore.hasServiceConfigForPluginChanged(null, null));
+		Assert.assertFalse(serviceDBStore.hasServiceConfigForPluginChanged(xConfMapList, validConfig));
+
+		validConfig.put(pluginConfigKey, "test value added");
+		Assert.assertTrue(serviceDBStore.hasServiceConfigForPluginChanged(xConfMapList, validConfig));
+
+		XXServiceConfigMap xConfMap = new XXServiceConfigMap();
+		xConfMap.setConfigkey(pluginConfigKey);
+		xConfMap.setConfigvalue("test value added");
+		xConfMap.setServiceId(Id);
+		xConfMapList.add(xConfMap);
+		Assert.assertFalse(serviceDBStore.hasServiceConfigForPluginChanged(xConfMapList, validConfig));
+
+		validConfig.put(pluginConfigKey, "test value changed");
+		Assert.assertTrue(serviceDBStore.hasServiceConfigForPluginChanged(xConfMapList, validConfig));
+
+		validConfig.remove(pluginConfigKey);
+		Assert.assertTrue(serviceDBStore.hasServiceConfigForPluginChanged(xConfMapList, validConfig));
+		int index = xConfMapList.size();
+		xConfMap = xConfMapList.remove(index - 1);
+		Assert.assertFalse(serviceDBStore.hasServiceConfigForPluginChanged(xConfMapList, validConfig));
+
+		validConfig.put(otherConfigKey, "other test value added");
+		Assert.assertFalse(serviceDBStore.hasServiceConfigForPluginChanged(xConfMapList, validConfig));
+
+		xConfMap = new XXServiceConfigMap();
+		xConfMap.setConfigkey(otherConfigKey);
+		xConfMap.setConfigvalue("other test value added");
+		xConfMap.setServiceId(Id);
+		xConfMapList.add(xConfMap);
+		Assert.assertFalse(serviceDBStore.hasServiceConfigForPluginChanged(xConfMapList, validConfig));
+
+		validConfig.put(otherConfigKey, "other test value changed");
+		Assert.assertFalse(serviceDBStore.hasServiceConfigForPluginChanged(xConfMapList, validConfig));
+
+		validConfig.remove(otherConfigKey);
+		Assert.assertFalse(serviceDBStore.hasServiceConfigForPluginChanged(xConfMapList, validConfig));
+
+		index = xConfMapList.size();
+		xConfMap = xConfMapList.remove(index - 1);
+		Assert.assertFalse(serviceDBStore.hasServiceConfigForPluginChanged(xConfMapList, validConfig));
+	}
 }