This is an automated email from the ASF dual-hosted git repository. madhan pushed a commit to branch ranger-2.4 in repository https://gitbox.apache.org/repos/asf/ranger.git
commit 2dbac18e01f83830558eccb18500f3c57923ae3d Author: Madhan Neethiraj <[email protected]> AuthorDate: Tue Mar 28 12:47:49 2023 -0700 RANGER-4157: fixed handling of implicit addition of expression condition (cherry picked from commit e89016cc581379b5c98f99de202c967f503dcfe3) --- .../ranger/service/RangerServiceDefService.java | 64 ---------------------- .../service/RangerServiceDefServiceBase.java | 63 +++++++++++++++++++++ 2 files changed, 63 insertions(+), 64 deletions(-) diff --git a/security-admin/src/main/java/org/apache/ranger/service/RangerServiceDefService.java b/security-admin/src/main/java/org/apache/ranger/service/RangerServiceDefService.java index 328d8baa6..7d363c4c7 100644 --- a/security-admin/src/main/java/org/apache/ranger/service/RangerServiceDefService.java +++ b/security-admin/src/main/java/org/apache/ranger/service/RangerServiceDefService.java @@ -18,19 +18,14 @@ package org.apache.ranger.service; import java.util.ArrayList; -import java.util.HashMap; import java.util.List; import java.util.Map; import org.apache.commons.lang.StringUtils; import org.apache.ranger.authorization.hadoop.config.RangerAdminConfig; -import org.apache.ranger.common.PropertiesUtil; import org.apache.ranger.entity.XXServiceDef; -import org.apache.ranger.plugin.conditionevaluator.RangerScriptConditionEvaluator; import org.apache.ranger.plugin.model.RangerServiceDef; -import org.apache.ranger.plugin.model.RangerServiceDef.RangerPolicyConditionDef; import org.apache.ranger.plugin.store.EmbeddedServiceDefsUtil; -import org.apache.ranger.plugin.util.ServiceDefUtil; import org.springframework.context.annotation.Scope; import org.springframework.stereotype.Service; @@ -38,12 +33,6 @@ import org.springframework.stereotype.Service; @Service @Scope("singleton") public class RangerServiceDefService extends RangerServiceDefServiceBase<XXServiceDef, RangerServiceDef> { - public static final String PROP_ENABLE_IMPLICIT_CONDITION_EXPRESSION = "ranger.servicedef.enableImplicitConditionExpression"; - public static final String IMPLICIT_CONDITION_EXPRESSION_EVALUATOR = RangerScriptConditionEvaluator.class.getCanonicalName(); - public static final String IMPLICIT_CONDITION_EXPRESSION_NAME = "_expression"; - public static final String IMPLICIT_CONDITION_EXPRESSION_LABEL = "Enter boolean expression"; - public static final String IMPLICIT_CONDITION_EXPRESSION_DESC = "Boolean expression"; - private final RangerAdminConfig config; public RangerServiceDefService() { @@ -83,8 +72,6 @@ public class RangerServiceDefService extends RangerServiceDefServiceBase<XXServi ret.setOptions(serviceDefOptions); } - addImplicitConditionExpressionIfNeeded(ret); - return ret; } @@ -102,55 +89,4 @@ public class RangerServiceDefService extends RangerServiceDefServiceBase<XXServi public RangerServiceDef getPopulatedViewObject(XXServiceDef xServiceDef) { return this.populateViewBean(xServiceDef); } - - - boolean addImplicitConditionExpressionIfNeeded(RangerServiceDef serviceDef) { - boolean ret = false; - boolean implicitConditionDefault = PropertiesUtil.getBooleanProperty(PROP_ENABLE_IMPLICIT_CONDITION_EXPRESSION, true); - boolean implicitConditionEnabled = ServiceDefUtil.getBooleanValue(serviceDef.getOptions(), RangerServiceDef.OPTION_ENABLE_IMPLICIT_CONDITION_EXPRESSION, implicitConditionDefault); - - if (implicitConditionEnabled) { - boolean exists = false; - Long maxItemId = 0L; - List<RangerPolicyConditionDef> conditionDefs = serviceDef.getPolicyConditions(); - - if (conditionDefs == null) { - conditionDefs = new ArrayList<>(); - } - - for (RangerPolicyConditionDef conditionDef : conditionDefs) { - if (StringUtils.equalsIgnoreCase(conditionDef.getEvaluator(), IMPLICIT_CONDITION_EXPRESSION_EVALUATOR)) { - exists = true; - - break; - } - - if (conditionDef.getItemId() != null && maxItemId < conditionDef.getItemId()) { - maxItemId = conditionDef.getItemId(); - } - } - - if (!exists) { - RangerPolicyConditionDef conditionDef = new RangerPolicyConditionDef(); - Map<String, String> options = new HashMap<>(); - - options.put("ui.isMultiline", "true"); - - conditionDef.setItemId(maxItemId + 1); - conditionDef.setName(IMPLICIT_CONDITION_EXPRESSION_NAME); - conditionDef.setLabel(IMPLICIT_CONDITION_EXPRESSION_LABEL); - conditionDef.setDescription(IMPLICIT_CONDITION_EXPRESSION_DESC); - conditionDef.setEvaluator(IMPLICIT_CONDITION_EXPRESSION_EVALUATOR); - conditionDef.setEvaluatorOptions(options); - - conditionDefs.add(conditionDef); - - serviceDef.setPolicyConditions(conditionDefs); - - ret = true; - } - } - - return ret; - } } diff --git a/security-admin/src/main/java/org/apache/ranger/service/RangerServiceDefServiceBase.java b/security-admin/src/main/java/org/apache/ranger/service/RangerServiceDefServiceBase.java index 656bc0184..91d5f26bc 100644 --- a/security-admin/src/main/java/org/apache/ranger/service/RangerServiceDefServiceBase.java +++ b/security-admin/src/main/java/org/apache/ranger/service/RangerServiceDefServiceBase.java @@ -31,11 +31,13 @@ import org.apache.ranger.common.AppConstants; import org.apache.ranger.common.GUIDUtil; import org.apache.ranger.common.JSONUtil; import org.apache.ranger.common.MessageEnums; +import org.apache.ranger.common.PropertiesUtil; import org.apache.ranger.common.SearchField; import org.apache.ranger.common.SortField; import org.apache.ranger.common.SearchField.DATA_TYPE; import org.apache.ranger.common.SearchField.SEARCH_TYPE; import org.apache.ranger.entity.*; +import org.apache.ranger.plugin.conditionevaluator.RangerScriptConditionEvaluator; import org.apache.ranger.plugin.model.RangerServiceDef; import org.apache.ranger.plugin.model.RangerServiceDef.RangerAccessTypeDef; import org.apache.ranger.plugin.model.RangerServiceDef.RangerContextEnricherDef; @@ -60,6 +62,11 @@ public abstract class RangerServiceDefServiceBase<T extends XXServiceDefBase, V private static final String OPTION_RESOURCE_ACCESS_TYPE_RESTRICTIONS = "__accessTypeRestrictions"; private static final String OPTION_RESOURCE_IS_VALID_LEAF = "__isValidLeaf"; + public static final String PROP_ENABLE_IMPLICIT_CONDITION_EXPRESSION = "ranger.servicedef.enableImplicitConditionExpression"; + public static final String IMPLICIT_CONDITION_EXPRESSION_EVALUATOR = RangerScriptConditionEvaluator.class.getCanonicalName(); + public static final String IMPLICIT_CONDITION_EXPRESSION_NAME = "_expression"; + public static final String IMPLICIT_CONDITION_EXPRESSION_LABEL = "Enter boolean expression"; + public static final String IMPLICIT_CONDITION_EXPRESSION_DESC = "Boolean expression"; @Autowired RangerAuditFields<?> rangerAuditFields; @@ -201,6 +208,8 @@ public abstract class RangerServiceDefServiceBase<T extends XXServiceDefBase, V serviceDef.setDataMaskDef(dataMaskDef); serviceDef.setRowFilterDef(rowFilterDef); + addImplicitConditionExpressionIfNeeded(serviceDef); + ServiceDefUtil.normalize(serviceDef); return serviceDef; @@ -707,4 +716,58 @@ public abstract class RangerServiceDefServiceBase<T extends XXServiceDefBase, V return ret; } + + boolean addImplicitConditionExpressionIfNeeded(RangerServiceDef serviceDef) { + boolean ret = false; + boolean implicitConditionDefault = PropertiesUtil.getBooleanProperty(PROP_ENABLE_IMPLICIT_CONDITION_EXPRESSION, true); + boolean implicitConditionEnabled = ServiceDefUtil.getBooleanValue(serviceDef.getOptions(), RangerServiceDef.OPTION_ENABLE_IMPLICIT_CONDITION_EXPRESSION, implicitConditionDefault); + + if (implicitConditionEnabled) { + boolean exists = false; + Long maxItemId = 0L; + List<RangerPolicyConditionDef> conditionDefs = serviceDef.getPolicyConditions(); + + if (conditionDefs == null) { + conditionDefs = new ArrayList<>(); + } + + for (RangerPolicyConditionDef conditionDef : conditionDefs) { + if (StringUtils.equalsIgnoreCase(conditionDef.getEvaluator(), IMPLICIT_CONDITION_EXPRESSION_EVALUATOR)) { + exists = true; + + break; + } + + if (conditionDef.getItemId() != null && maxItemId < conditionDef.getItemId()) { + maxItemId = conditionDef.getItemId(); + } + } + + if (!exists) { + RangerPolicyConditionDef conditionDef = new RangerPolicyConditionDef(); + Map<String, String> options = new HashMap<>(); + + options.put("ui.isMultiline", "true"); + + conditionDef.setItemId(maxItemId + 1); + conditionDef.setName(IMPLICIT_CONDITION_EXPRESSION_NAME); + conditionDef.setLabel(IMPLICIT_CONDITION_EXPRESSION_LABEL); + conditionDef.setDescription(IMPLICIT_CONDITION_EXPRESSION_DESC); + conditionDef.setEvaluator(IMPLICIT_CONDITION_EXPRESSION_EVALUATOR); + conditionDef.setEvaluatorOptions(options); + + conditionDefs.add(conditionDef); + + serviceDef.setPolicyConditions(conditionDefs); + + ret = true; + } + } + + if (LOG.isDebugEnabled()) { + LOG.debug("addImplicitConditionExpressionIfNeeded(serviceType={}): implicitConditionDefault={}, implicitConditionEnabled={}, conditionDefs={}, ret={}", serviceDef.getName(), implicitConditionDefault, implicitConditionEnabled, serviceDef.getPolicyConditions(), ret); + } + + return ret; + } }
