You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@ranger.apache.org by ab...@apache.org on 2017/06/21 21:09:37 UTC
ranger git commit: RANGER-1494: Policy engine updates to support
tag-based masking policies - update datamask/rowfilter resources
Repository: ranger
Updated Branches:
refs/heads/master dbbc2eab1 -> ba29b4094
RANGER-1494: Policy engine updates to support tag-based masking policies - update datamask/rowfilter resources
Project: http://git-wip-us.apache.org/repos/asf/ranger/repo
Commit: http://git-wip-us.apache.org/repos/asf/ranger/commit/ba29b409
Tree: http://git-wip-us.apache.org/repos/asf/ranger/tree/ba29b409
Diff: http://git-wip-us.apache.org/repos/asf/ranger/diff/ba29b409
Branch: refs/heads/master
Commit: ba29b40946bf98be6a5776e09ecaa056e4754109
Parents: dbbc2ea
Author: Abhay Kulkarni <ak...@hortonworks.com>
Authored: Wed Jun 21 14:09:28 2017 -0700
Committer: Abhay Kulkarni <ak...@hortonworks.com>
Committed: Wed Jun 21 14:09:28 2017 -0700
----------------------------------------------------------------------
.../plugin/store/AbstractServiceStore.java | 56 ++++++++++++++++++++
1 file changed, 56 insertions(+)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/ranger/blob/ba29b409/agents-common/src/main/java/org/apache/ranger/plugin/store/AbstractServiceStore.java
----------------------------------------------------------------------
diff --git a/agents-common/src/main/java/org/apache/ranger/plugin/store/AbstractServiceStore.java b/agents-common/src/main/java/org/apache/ranger/plugin/store/AbstractServiceStore.java
index 782da41..0b3ac60 100644
--- a/agents-common/src/main/java/org/apache/ranger/plugin/store/AbstractServiceStore.java
+++ b/agents-common/src/main/java/org/apache/ranger/plugin/store/AbstractServiceStore.java
@@ -28,6 +28,7 @@ import org.apache.ranger.plugin.model.RangerPolicy;
import org.apache.ranger.plugin.model.RangerService;
import org.apache.ranger.plugin.model.RangerServiceDef;
import org.apache.ranger.plugin.util.SearchFilter;
+import org.apache.ranger.services.tag.RangerServiceTag;
import java.util.ArrayList;
import java.util.Collection;
@@ -303,6 +304,10 @@ public abstract class AbstractServiceStore implements ServiceStore {
updateNeeded = true;
}
+ boolean resourceUpdated = updateResourceInTagServiceDef(tagServiceDef);
+
+ updateNeeded = updateNeeded || resourceUpdated;
+
if (updateNeeded) {
try {
updateServiceDef(tagServiceDef);
@@ -346,6 +351,8 @@ public abstract class AbstractServiceStore implements ServiceStore {
updateTagServiceDefForDeletingDataMaskDef(tagServiceDef, serviceDefName);
updateTagServiceDefForDeletingRowFilterDef(tagServiceDef, serviceDefName);
+ updateResourceInTagServiceDef(tagServiceDef);
+
try {
updateServiceDef(tagServiceDef);
LOG.info("AbstractServiceStore.updateTagServiceDefForDeletingAccessTypes -- updated TAG service def with " + serviceDefName + " access types");
@@ -548,4 +555,53 @@ public abstract class AbstractServiceStore implements ServiceStore {
LOG.debug("<== AbstractServiceStore.updateTagServiceDefForDeletingRowFilterDef(" + serviceDefName + ")");
}
}
+
+ private boolean updateResourceInTagServiceDef(RangerServiceDef tagServiceDef) throws Exception {
+ if (LOG.isDebugEnabled()) {
+ LOG.debug("==> AbstractServiceStore.updateResourceInTagServiceDef(" + tagServiceDef + ")");
+ }
+ boolean ret = false;
+
+ RangerServiceDef.RangerResourceDef tagResource = new RangerServiceDef.RangerResourceDef();
+ tagResource.setName(RangerServiceTag.TAG_RESOURCE_NAME);
+ List<RangerServiceDef.RangerResourceDef> resources = new ArrayList<>();
+ resources.add(tagResource);
+
+ RangerServiceDef.RangerDataMaskDef dataMaskDef = tagServiceDef.getDataMaskDef();
+
+ if (dataMaskDef != null) {
+ if (CollectionUtils.isNotEmpty(dataMaskDef.getAccessTypes())) {
+ if (CollectionUtils.isEmpty(dataMaskDef.getResources())) {
+ dataMaskDef.setResources(resources);
+ ret = true;
+ }
+ } else {
+ if (CollectionUtils.isNotEmpty(dataMaskDef.getResources())) {
+ dataMaskDef.setResources(null);
+ ret = true;
+ }
+ }
+ }
+
+ RangerServiceDef.RangerRowFilterDef rowFilterDef = tagServiceDef.getRowFilterDef();
+
+ if (rowFilterDef != null) {
+ if (CollectionUtils.isNotEmpty(rowFilterDef.getAccessTypes())) {
+ if (CollectionUtils.isEmpty(rowFilterDef.getResources())) {
+ rowFilterDef.setResources(resources);
+ ret = true;
+ }
+ } else {
+ if (CollectionUtils.isNotEmpty(rowFilterDef.getResources())) {
+ rowFilterDef.setResources(null);
+ ret = true;
+ }
+ }
+ }
+
+ if (LOG.isDebugEnabled()) {
+ LOG.debug("<== AbstractServiceStore.updateResourceInTagServiceDef(" + tagServiceDef + ") : " + ret);
+ }
+ return ret;
+ }
}
\ No newline at end of file