You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@ranger.apache.org by ab...@apache.org on 2017/06/21 21:09:37 UTC

ranger git commit: RANGER-1494: Policy engine updates to support tag-based masking policies - update datamask/rowfilter resources

Repository: ranger
Updated Branches:
  refs/heads/master dbbc2eab1 -> ba29b4094


RANGER-1494: Policy engine updates to support tag-based masking policies - update datamask/rowfilter resources


Project: http://git-wip-us.apache.org/repos/asf/ranger/repo
Commit: http://git-wip-us.apache.org/repos/asf/ranger/commit/ba29b409
Tree: http://git-wip-us.apache.org/repos/asf/ranger/tree/ba29b409
Diff: http://git-wip-us.apache.org/repos/asf/ranger/diff/ba29b409

Branch: refs/heads/master
Commit: ba29b40946bf98be6a5776e09ecaa056e4754109
Parents: dbbc2ea
Author: Abhay Kulkarni <ak...@hortonworks.com>
Authored: Wed Jun 21 14:09:28 2017 -0700
Committer: Abhay Kulkarni <ak...@hortonworks.com>
Committed: Wed Jun 21 14:09:28 2017 -0700

----------------------------------------------------------------------
 .../plugin/store/AbstractServiceStore.java      | 56 ++++++++++++++++++++
 1 file changed, 56 insertions(+)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/ranger/blob/ba29b409/agents-common/src/main/java/org/apache/ranger/plugin/store/AbstractServiceStore.java
----------------------------------------------------------------------
diff --git a/agents-common/src/main/java/org/apache/ranger/plugin/store/AbstractServiceStore.java b/agents-common/src/main/java/org/apache/ranger/plugin/store/AbstractServiceStore.java
index 782da41..0b3ac60 100644
--- a/agents-common/src/main/java/org/apache/ranger/plugin/store/AbstractServiceStore.java
+++ b/agents-common/src/main/java/org/apache/ranger/plugin/store/AbstractServiceStore.java
@@ -28,6 +28,7 @@ import org.apache.ranger.plugin.model.RangerPolicy;
 import org.apache.ranger.plugin.model.RangerService;
 import org.apache.ranger.plugin.model.RangerServiceDef;
 import org.apache.ranger.plugin.util.SearchFilter;
+import org.apache.ranger.services.tag.RangerServiceTag;
 
 import java.util.ArrayList;
 import java.util.Collection;
@@ -303,6 +304,10 @@ public abstract class AbstractServiceStore implements ServiceStore {
 			updateNeeded = true;
 		}
 
+		boolean resourceUpdated = updateResourceInTagServiceDef(tagServiceDef);
+
+		updateNeeded = updateNeeded || resourceUpdated;
+
 		if (updateNeeded) {
 			try {
 				updateServiceDef(tagServiceDef);
@@ -346,6 +351,8 @@ public abstract class AbstractServiceStore implements ServiceStore {
 		updateTagServiceDefForDeletingDataMaskDef(tagServiceDef, serviceDefName);
 		updateTagServiceDefForDeletingRowFilterDef(tagServiceDef, serviceDefName);
 
+		updateResourceInTagServiceDef(tagServiceDef);
+
 		try {
 			updateServiceDef(tagServiceDef);
 			LOG.info("AbstractServiceStore.updateTagServiceDefForDeletingAccessTypes -- updated TAG service def with " + serviceDefName + " access types");
@@ -548,4 +555,53 @@ public abstract class AbstractServiceStore implements ServiceStore {
 			LOG.debug("<== AbstractServiceStore.updateTagServiceDefForDeletingRowFilterDef(" + serviceDefName + ")");
 		}
 	}
+
+	private boolean updateResourceInTagServiceDef(RangerServiceDef tagServiceDef) throws Exception {
+		if (LOG.isDebugEnabled()) {
+			LOG.debug("==> AbstractServiceStore.updateResourceInTagServiceDef(" + tagServiceDef + ")");
+		}
+		boolean ret = false;
+
+		RangerServiceDef.RangerResourceDef tagResource = new RangerServiceDef.RangerResourceDef();
+		tagResource.setName(RangerServiceTag.TAG_RESOURCE_NAME);
+		List<RangerServiceDef.RangerResourceDef> resources = new ArrayList<>();
+		resources.add(tagResource);
+
+		RangerServiceDef.RangerDataMaskDef dataMaskDef = tagServiceDef.getDataMaskDef();
+
+		if (dataMaskDef != null) {
+			if (CollectionUtils.isNotEmpty(dataMaskDef.getAccessTypes())) {
+				if (CollectionUtils.isEmpty(dataMaskDef.getResources())) {
+					dataMaskDef.setResources(resources);
+					ret = true;
+				}
+			} else {
+				if (CollectionUtils.isNotEmpty(dataMaskDef.getResources())) {
+					dataMaskDef.setResources(null);
+					ret = true;
+				}
+			}
+		}
+
+		RangerServiceDef.RangerRowFilterDef rowFilterDef = tagServiceDef.getRowFilterDef();
+
+		if (rowFilterDef != null) {
+			if (CollectionUtils.isNotEmpty(rowFilterDef.getAccessTypes())) {
+				if (CollectionUtils.isEmpty(rowFilterDef.getResources())) {
+					rowFilterDef.setResources(resources);
+					ret = true;
+				}
+			} else {
+				if (CollectionUtils.isNotEmpty(rowFilterDef.getResources())) {
+					rowFilterDef.setResources(null);
+					ret = true;
+				}
+			}
+		}
+
+		if (LOG.isDebugEnabled()) {
+			LOG.debug("<== AbstractServiceStore.updateResourceInTagServiceDef(" + tagServiceDef + ") : " + ret);
+		}
+		return ret;
+	}
 }
\ No newline at end of file