You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@ranger.apache.org by ab...@apache.org on 2021/03/23 22:40:39 UTC

[ranger] branch master updated: User getting denied even after having tag based policy - Part 2

This is an automated email from the ASF dual-hosted git repository.

abhay pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/ranger.git


The following commit(s) were added to refs/heads/master by this push:
     new 3a504bd  User getting denied even after having tag based policy - Part 2
3a504bd is described below

commit 3a504bd5af6946f020fb7e9b2f10610bb2c2dafe
Author: Abhay Kulkarni <ab...@apache.org>
AuthorDate: Tue Mar 23 14:55:19 2021 -0700

    User getting denied even after having tag based policy - Part 2
---
 .../ranger/plugin/policyengine/PolicyEngine.java      | 19 +++++++++++++++++++
 1 file changed, 19 insertions(+)

diff --git a/agents-common/src/main/java/org/apache/ranger/plugin/policyengine/PolicyEngine.java b/agents-common/src/main/java/org/apache/ranger/plugin/policyengine/PolicyEngine.java
index f536335..eee1b7a 100644
--- a/agents-common/src/main/java/org/apache/ranger/plugin/policyengine/PolicyEngine.java
+++ b/agents-common/src/main/java/org/apache/ranger/plugin/policyengine/PolicyEngine.java
@@ -602,6 +602,25 @@ public class PolicyEngine {
             this.policyRepository = shareWith(other.policyRepository);
         }
 
+        if (MapUtils.isEmpty(zonePolicyRepositories) && MapUtils.isNotEmpty(other.zonePolicyRepositories)) {
+            if (LOG.isDebugEnabled()) {
+                LOG.debug("Existing engine contains some zonePolicyRepositories and new engine contains no zonePolicyRepositories");
+            }
+            for (Map.Entry<String, RangerPolicyRepository> entry : other.zonePolicyRepositories.entrySet()) {
+                if (LOG.isDebugEnabled()) {
+                    LOG.debug("Copying over zoneRepository for zone :[" + entry.getKey() + "]");
+                }
+                RangerPolicyRepository otherZonePolicyRepository = entry.getValue();
+                RangerPolicyRepository zonePolicyRepository = shareWith(otherZonePolicyRepository);
+                this.zonePolicyRepositories.put(entry.getKey(), zonePolicyRepository);
+            }
+        } else {
+            if (LOG.isDebugEnabled()) {
+                LOG.debug("Existing engine contains no zonePolicyRepositories or new engine contains some zonePolicyRepositories");
+                LOG.debug("Not copying zoneRepositories from existing engine, as they are already copied or modified");
+            }
+        }
+
         if (servicePolicies.getTagPolicies() != null && CollectionUtils.isNotEmpty(defaultZoneDeltasForTagPolicies)) {
             if (other.tagPolicyRepository == null) {