You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@ranger.apache.org by me...@apache.org on 2018/07/27 11:22:03 UTC
ranger git commit: RANGER-2164 : Ranger to add default altlas policy
for rangertagsync user
Repository: ranger
Updated Branches:
refs/heads/master 8702a98e4 -> c219420e7
RANGER-2164 : Ranger to add default altlas policy for rangertagsync user
Signed-off-by: Mehul Parikh <me...@apache.org>
Project: http://git-wip-us.apache.org/repos/asf/ranger/repo
Commit: http://git-wip-us.apache.org/repos/asf/ranger/commit/c219420e
Tree: http://git-wip-us.apache.org/repos/asf/ranger/tree/c219420e
Diff: http://git-wip-us.apache.org/repos/asf/ranger/diff/c219420e
Branch: refs/heads/master
Commit: c219420e7058ee6081408f82992f6ff1e847d5b1
Parents: 8702a98
Author: Nikhil P <ni...@gmail.com>
Authored: Thu Jul 26 16:06:09 2018 +0530
Committer: Mehul Parikh <me...@apache.org>
Committed: Fri Jul 27 16:51:28 2018 +0530
----------------------------------------------------------------------
.../services/atlas/RangerServiceAtlas.java | 26 +++++++++++++++++++-
1 file changed, 25 insertions(+), 1 deletion(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/ranger/blob/c219420e/plugin-atlas/src/main/java/org/apache/ranger/services/atlas/RangerServiceAtlas.java
----------------------------------------------------------------------
diff --git a/plugin-atlas/src/main/java/org/apache/ranger/services/atlas/RangerServiceAtlas.java b/plugin-atlas/src/main/java/org/apache/ranger/services/atlas/RangerServiceAtlas.java
index d4c196e..0ee2627 100644
--- a/plugin-atlas/src/main/java/org/apache/ranger/services/atlas/RangerServiceAtlas.java
+++ b/plugin-atlas/src/main/java/org/apache/ranger/services/atlas/RangerServiceAtlas.java
@@ -20,6 +20,7 @@ package org.apache.ranger.services.atlas;
import java.security.PrivilegedAction;
import java.util.ArrayList;
+import java.util.Arrays;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
@@ -39,6 +40,8 @@ import org.apache.commons.logging.LogFactory;
import org.apache.ranger.plugin.client.BaseClient;
import org.apache.ranger.plugin.client.HadoopException;
import org.apache.ranger.plugin.model.RangerPolicy;
+import org.apache.ranger.plugin.model.RangerPolicy.RangerPolicyItem;
+import org.apache.ranger.plugin.model.RangerPolicy.RangerPolicyItemAccess;
import org.apache.ranger.plugin.model.RangerService;
import org.apache.ranger.plugin.model.RangerServiceDef;
import org.apache.ranger.plugin.service.RangerBaseService;
@@ -125,9 +128,10 @@ public class RangerServiceAtlas extends RangerBaseService {
}
List<RangerPolicy> ret = super.getDefaultRangerPolicies();
-
+ RangerPolicyItemAccess readAccessTagsync = new RangerPolicyItemAccess();
for (RangerPolicy defaultPolicy : ret) {
for (RangerPolicy.RangerPolicyItem defaultPolicyItem : defaultPolicy.getPolicyItems()) {
+ List<RangerPolicyItemAccess> rPolItemAccessList=defaultPolicyItem.getAccesses();
List<String> users = defaultPolicyItem.getUsers();
String adminUser = service.getConfigs().get("atlas.admin.user");
@@ -137,6 +141,26 @@ public class RangerServiceAtlas extends RangerBaseService {
users.add(adminUser);
defaultPolicyItem.setUsers(users);
+ if(defaultPolicy.getName().contains(RangerServiceAtlas.RESOURCE_ENTITY_TYPE)){
+ for(RangerPolicyItemAccess rPolItemAccess: rPolItemAccessList){
+ if(rPolItemAccess.getType().contains("read")){
+ readAccessTagsync = rPolItemAccess;
+ }
+ }
+ }
+ }
+ if(defaultPolicy.getName().contains(RangerServiceAtlas.RESOURCE_ENTITY_TYPE)){
+ if(defaultPolicy.getResources().containsKey(RangerServiceAtlas.RESOURCE_ENTITY_TYPE)){
+ RangerPolicyItem rPItemTagsync = new RangerPolicyItem();
+ List<RangerPolicyItem> tagSyncpolicyItems = new ArrayList<RangerPolicyItem>();
+ rPItemTagsync.setUsers(new ArrayList<>(Arrays.asList("rangertagsync")));
+ List<RangerPolicyItemAccess> tagsyncAccessList = new ArrayList<RangerPolicyItemAccess>();
+ tagsyncAccessList.add(readAccessTagsync);
+ rPItemTagsync.setAccesses(tagsyncAccessList);
+ tagSyncpolicyItems = defaultPolicy.getPolicyItems();
+ tagSyncpolicyItems.add(rPItemTagsync);
+ defaultPolicy.setPolicyItems(tagSyncpolicyItems);
+ }
}
}