You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@ranger.apache.org by ab...@apache.org on 2021/03/23 22:41:30 UTC

[ranger] branch ranger-2.2 updated: User getting denied even after having tag based policy - Part 2

This is an automated email from the ASF dual-hosted git repository.

abhay pushed a commit to branch ranger-2.2
in repository https://gitbox.apache.org/repos/asf/ranger.git


The following commit(s) were added to refs/heads/ranger-2.2 by this push:
     new c32688c  User getting denied even after having tag based policy - Part 2
c32688c is described below

commit c32688c2c89d5ea646b6e112932978d19edca8d7
Author: Abhay Kulkarni <ab...@apache.org>
AuthorDate: Tue Mar 23 14:55:19 2021 -0700

    User getting denied even after having tag based policy - Part 2
---
 .../ranger/plugin/policyengine/PolicyEngine.java      | 19 +++++++++++++++++++
 1 file changed, 19 insertions(+)

diff --git a/agents-common/src/main/java/org/apache/ranger/plugin/policyengine/PolicyEngine.java b/agents-common/src/main/java/org/apache/ranger/plugin/policyengine/PolicyEngine.java
index f536335..eee1b7a 100644
--- a/agents-common/src/main/java/org/apache/ranger/plugin/policyengine/PolicyEngine.java
+++ b/agents-common/src/main/java/org/apache/ranger/plugin/policyengine/PolicyEngine.java
@@ -602,6 +602,25 @@ public class PolicyEngine {
             this.policyRepository = shareWith(other.policyRepository);
         }
 
+        if (MapUtils.isEmpty(zonePolicyRepositories) && MapUtils.isNotEmpty(other.zonePolicyRepositories)) {
+            if (LOG.isDebugEnabled()) {
+                LOG.debug("Existing engine contains some zonePolicyRepositories and new engine contains no zonePolicyRepositories");
+            }
+            for (Map.Entry<String, RangerPolicyRepository> entry : other.zonePolicyRepositories.entrySet()) {
+                if (LOG.isDebugEnabled()) {
+                    LOG.debug("Copying over zoneRepository for zone :[" + entry.getKey() + "]");
+                }
+                RangerPolicyRepository otherZonePolicyRepository = entry.getValue();
+                RangerPolicyRepository zonePolicyRepository = shareWith(otherZonePolicyRepository);
+                this.zonePolicyRepositories.put(entry.getKey(), zonePolicyRepository);
+            }
+        } else {
+            if (LOG.isDebugEnabled()) {
+                LOG.debug("Existing engine contains no zonePolicyRepositories or new engine contains some zonePolicyRepositories");
+                LOG.debug("Not copying zoneRepositories from existing engine, as they are already copied or modified");
+            }
+        }
+
         if (servicePolicies.getTagPolicies() != null && CollectionUtils.isNotEmpty(defaultZoneDeltasForTagPolicies)) {
             if (other.tagPolicyRepository == null) {