This is an automated email from the ASF dual-hosted git repository. madhan pushed a commit to branch ranger-2.4 in repository https://gitbox.apache.org/repos/asf/ranger.git
commit 9f1dc3c541c7a6d4691eb0a795106020c57f2585 Author: Kishor Gollapalliwar <[email protected]> AuthorDate: Thu May 5 14:07:23 2022 +0530 RANGER-3740: Ranger- Add an API to refresh tag cache Signed-off-by: Mehul Parikh <[email protected]> (cherry picked from commit 59a5665e7b744606abb626e1dc8f5676a5f9713f) --- .../java/org/apache/ranger/biz/TagDBStore.java | 13 +++++++ .../ranger/common/RangerServiceTagsCache.java | 44 ++++++++++++++++++++++ .../main/java/org/apache/ranger/rest/TagREST.java | 37 ++++++++++++++++++ 3 files changed, 94 insertions(+) diff --git a/security-admin/src/main/java/org/apache/ranger/biz/TagDBStore.java b/security-admin/src/main/java/org/apache/ranger/biz/TagDBStore.java index 0ab3258c6..e434cf1bb 100644 --- a/security-admin/src/main/java/org/apache/ranger/biz/TagDBStore.java +++ b/security-admin/src/main/java/org/apache/ranger/biz/TagDBStore.java @@ -480,6 +480,19 @@ public class TagDBStore extends AbstractTagStore { return ret; } + public boolean resetTagCache(final String serviceName) { + if (LOG.isDebugEnabled()) { + LOG.debug("==> TagDBStore.resetTagCache({})", serviceName); + } + + boolean ret = RangerServiceTagsCache.getInstance().resetCache(serviceName); + + if (LOG.isDebugEnabled()) { + LOG.debug("<== TagDBStore.resetTagCache(): ret={}", ret); + } + + return ret; + } @Override public RangerServiceResource createServiceResource(RangerServiceResource resource) throws Exception { diff --git a/security-admin/src/main/java/org/apache/ranger/common/RangerServiceTagsCache.java b/security-admin/src/main/java/org/apache/ranger/common/RangerServiceTagsCache.java index 3b242c34f..05850ed6e 100644 --- a/security-admin/src/main/java/org/apache/ranger/common/RangerServiceTagsCache.java +++ b/security-admin/src/main/java/org/apache/ranger/common/RangerServiceTagsCache.java @@ -160,6 +160,50 @@ public class RangerServiceTagsCache { return ret; } + /** + * Reset service tag cache using serviceName if provided. + * If serviceName is empty, reset everything. + * @param serviceName + * @return true if was able to reset service tag cache, false otherwise + */ + public boolean resetCache(final String serviceName) { + if (LOG.isDebugEnabled()) { + LOG.debug("==> RangerServiceTagsCache.resetCache({})", serviceName); + } + + boolean ret = false; + synchronized (this) { + if (!serviceTagsMap.isEmpty()) { + if (StringUtils.isBlank(serviceName)) { + serviceTagsMap.clear(); + if (LOG.isDebugEnabled()) { + LOG.debug("RangerServiceTagsCache.resetCache(): Removed policy caching for all services."); + } + ret = true; + } else { + ServiceTagsWrapper removedServicePoliciesWrapper = serviceTagsMap.remove(serviceName.trim()); // returns null if key not found + ret = removedServicePoliciesWrapper != null; + + if (ret) { + if (LOG.isDebugEnabled()) { + LOG.debug("RangerServiceTagsCache.resetCache(): Removed policy caching for [{}] service.", serviceName); + } + } else { + LOG.warn("RangerServiceTagsCache.resetCache(): Caching for [{}] service not found, hence reset is skipped.", serviceName); + } + } + } else { + LOG.warn("RangerServiceTagsCache.resetCache(): Policy cache is already empty."); + } + } + + if (LOG.isDebugEnabled()) { + LOG.debug("<== RangerServiceTagsCache.resetCache(): ret={}", ret); + } + + return ret; + } + private class ServiceTagsWrapper { final Long serviceId; ServiceTags serviceTags; diff --git a/security-admin/src/main/java/org/apache/ranger/rest/TagREST.java b/security-admin/src/main/java/org/apache/ranger/rest/TagREST.java index f8898b75b..5d14f41ea 100644 --- a/security-admin/src/main/java/org/apache/ranger/rest/TagREST.java +++ b/security-admin/src/main/java/org/apache/ranger/rest/TagREST.java @@ -26,6 +26,7 @@ import org.apache.ranger.biz.AssetMgr; import org.apache.ranger.biz.RangerBizUtil; import org.apache.ranger.biz.ServiceDBStore; import org.apache.ranger.biz.TagDBStore; +import org.apache.ranger.common.MessageEnums; import org.apache.ranger.common.RESTErrorUtil; import org.apache.ranger.db.RangerDaoManager; import org.apache.ranger.entity.XXService; @@ -605,6 +606,42 @@ public class TagREST { return ret; } + @GET + @Path(TagRESTConstants.TAGS_RESOURCE + "cache/reset") + @Produces({ "application/json", "application/xml" }) + public boolean resetTagCache(@QueryParam("serviceName") String serviceName) { + if (LOG.isDebugEnabled()) { + LOG.debug("==> TagREST.resetTagCache({})", serviceName); + } + + // check for ADMIN access + if (!bizUtil.isAdmin()) { + boolean isServiceAdmin = false; + String loggedInUser = bizUtil.getCurrentUserLoginId(); + + if (StringUtils.isNotEmpty(serviceName)) { + try { + RangerService rangerService = svcStore.getServiceByName(serviceName); + isServiceAdmin = bizUtil.isUserServiceAdmin(rangerService, loggedInUser); + } catch (Exception e) { + LOG.warn("Failed to find if user [" + loggedInUser + "] has service admin privileges on service [" + serviceName + "]", e); + } + } + + if (!isServiceAdmin) { + throw restErrorUtil.createRESTException("User cannot reset tag cache", MessageEnums.OPER_NO_PERMISSION); + } + } + + boolean ret = tagStore.resetTagCache(serviceName); + + if (LOG.isDebugEnabled()) { + LOG.debug("<== TagREST.resetTagCache(): ret={}", ret); + } + + return ret; + } + @POST @Path(TagRESTConstants.RESOURCES_RESOURCE) @Consumes({ "application/json" })
