You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@ranger.apache.org by ab...@apache.org on 2021/10/13 21:03:34 UTC
[ranger] branch master updated: RANGER-3481: Incremental policy
updates do not work correctly for multiple security zones
This is an automated email from the ASF dual-hosted git repository.
abhay pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/ranger.git
The following commit(s) were added to refs/heads/master by this push:
new b8f8a3e RANGER-3481: Incremental policy updates do not work correctly for multiple security zones
b8f8a3e is described below
commit b8f8a3e30781a5e3165debe885cdc21e24e5d500
Author: Abhay Kulkarni <ab...@apache.org>
AuthorDate: Wed Oct 13 13:45:20 2021 -0700
RANGER-3481: Incremental policy updates do not work correctly for multiple security zones
---
.../ranger/plugin/policyengine/PolicyEngine.java | 20 +++++++-------------
.../ranger/plugin/util/RangerPolicyDeltaUtil.java | 2 +-
2 files changed, 8 insertions(+), 14 deletions(-)
diff --git a/agents-common/src/main/java/org/apache/ranger/plugin/policyengine/PolicyEngine.java b/agents-common/src/main/java/org/apache/ranger/plugin/policyengine/PolicyEngine.java
index eee1b7a..7299387 100644
--- a/agents-common/src/main/java/org/apache/ranger/plugin/policyengine/PolicyEngine.java
+++ b/agents-common/src/main/java/org/apache/ranger/plugin/policyengine/PolicyEngine.java
@@ -849,22 +849,16 @@ public class PolicyEngine {
Map<String, List<RangerPolicyDelta>> zoneDeltasMap = new HashMap<>();
for (Map.Entry<String, ServicePolicies.SecurityZoneInfo> zone : servicePolicies.getSecurityZones().entrySet()) {
- List<RangerPolicyDelta> deltas = zone.getValue().getPolicyDeltas();
+ String zoneName = zone.getKey();
+ List<RangerPolicyDelta> deltas = zone.getValue().getPolicyDeltas();
+ List<RangerPolicyDelta> zoneDeltas = new ArrayList<>();
- for (RangerPolicyDelta delta : deltas) {
- String zoneName = delta.getZoneName();
-
- if (StringUtils.isNotEmpty(zoneName)) {
- List<RangerPolicyDelta> zoneDeltas = zoneDeltasMap.get(zoneName);
-
- if (zoneDeltas == null) {
- zoneDeltas = new ArrayList<>();
- zoneDeltasMap.put(zoneName, zoneDeltas);
- }
+ if (StringUtils.isNotEmpty(zoneName)) {
+ zoneDeltasMap.put(zoneName, zoneDeltas);
+ for (RangerPolicyDelta delta : deltas) {
+ zoneDeltas = zoneDeltasMap.get(zoneName);
zoneDeltas.add(delta);
- } else {
- LOG.warn("policyDelta : [" + delta + "] does not belong to any zone. Should not have come here.");
}
}
}
diff --git a/agents-common/src/main/java/org/apache/ranger/plugin/util/RangerPolicyDeltaUtil.java b/agents-common/src/main/java/org/apache/ranger/plugin/util/RangerPolicyDeltaUtil.java
index 8866eed..38c62ed 100644
--- a/agents-common/src/main/java/org/apache/ranger/plugin/util/RangerPolicyDeltaUtil.java
+++ b/agents-common/src/main/java/org/apache/ranger/plugin/util/RangerPolicyDeltaUtil.java
@@ -134,7 +134,7 @@ public class RangerPolicyDeltaUtil {
}
} else {
if (LOG.isDebugEnabled()) {
- LOG.warn("Unexpected : applyDeltas called with deltas=null");
+ LOG.debug("applyDeltas called with empty deltas. Will return policies without change");
}
ret = policies;
}