You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@ranger.apache.org by ab...@apache.org on 2021/03/23 22:41:30 UTC
[ranger] branch ranger-2.2 updated: User getting denied even after
having tag based policy - Part 2
This is an automated email from the ASF dual-hosted git repository.
abhay pushed a commit to branch ranger-2.2
in repository https://gitbox.apache.org/repos/asf/ranger.git
The following commit(s) were added to refs/heads/ranger-2.2 by this push:
new c32688c User getting denied even after having tag based policy - Part 2
c32688c is described below
commit c32688c2c89d5ea646b6e112932978d19edca8d7
Author: Abhay Kulkarni <ab...@apache.org>
AuthorDate: Tue Mar 23 14:55:19 2021 -0700
User getting denied even after having tag based policy - Part 2
---
.../ranger/plugin/policyengine/PolicyEngine.java | 19 +++++++++++++++++++
1 file changed, 19 insertions(+)
diff --git a/agents-common/src/main/java/org/apache/ranger/plugin/policyengine/PolicyEngine.java b/agents-common/src/main/java/org/apache/ranger/plugin/policyengine/PolicyEngine.java
index f536335..eee1b7a 100644
--- a/agents-common/src/main/java/org/apache/ranger/plugin/policyengine/PolicyEngine.java
+++ b/agents-common/src/main/java/org/apache/ranger/plugin/policyengine/PolicyEngine.java
@@ -602,6 +602,25 @@ public class PolicyEngine {
this.policyRepository = shareWith(other.policyRepository);
}
+ if (MapUtils.isEmpty(zonePolicyRepositories) && MapUtils.isNotEmpty(other.zonePolicyRepositories)) {
+ if (LOG.isDebugEnabled()) {
+ LOG.debug("Existing engine contains some zonePolicyRepositories and new engine contains no zonePolicyRepositories");
+ }
+ for (Map.Entry<String, RangerPolicyRepository> entry : other.zonePolicyRepositories.entrySet()) {
+ if (LOG.isDebugEnabled()) {
+ LOG.debug("Copying over zoneRepository for zone :[" + entry.getKey() + "]");
+ }
+ RangerPolicyRepository otherZonePolicyRepository = entry.getValue();
+ RangerPolicyRepository zonePolicyRepository = shareWith(otherZonePolicyRepository);
+ this.zonePolicyRepositories.put(entry.getKey(), zonePolicyRepository);
+ }
+ } else {
+ if (LOG.isDebugEnabled()) {
+ LOG.debug("Existing engine contains no zonePolicyRepositories or new engine contains some zonePolicyRepositories");
+ LOG.debug("Not copying zoneRepositories from existing engine, as they are already copied or modified");
+ }
+ }
+
if (servicePolicies.getTagPolicies() != null && CollectionUtils.isNotEmpty(defaultZoneDeltasForTagPolicies)) {
if (other.tagPolicyRepository == null) {