This is an automated email from the ASF dual-hosted git repository.
madhan pushed a commit to branch RANGER-3923
in repository https://gitbox.apache.org/repos/asf/ranger.git
The following commit(s) were added to refs/heads/RANGER-3923 by this push:
new dc338c184 RANGER-4265: updated ServicePolicies to include GDS policies
- #2
dc338c184 is described below
commit dc338c1846ed384245ce184e6b24ac6b83ec3be6
Author: Madhan Neethiraj <[email protected]>
AuthorDate: Tue Jun 20 11:45:10 2023 -0700
RANGER-4265: updated ServicePolicies to include GDS policies - #2
---
.../ranger/plugin/service/RangerBasePlugin.java | 88 ++++++++++++++++++++-
.../apache/ranger/plugin/util/ServicePolicies.java | 92 ----------------------
2 files changed, 87 insertions(+), 93 deletions(-)
diff --git
a/agents-common/src/main/java/org/apache/ranger/plugin/service/RangerBasePlugin.java
b/agents-common/src/main/java/org/apache/ranger/plugin/service/RangerBasePlugin.java
index 9249b3295..644c00fac 100644
---
a/agents-common/src/main/java/org/apache/ranger/plugin/service/RangerBasePlugin.java
+++
b/agents-common/src/main/java/org/apache/ranger/plugin/service/RangerBasePlugin.java
@@ -341,7 +341,7 @@ public class RangerBasePlugin {
// Rebuild policies from deltas
RangerPolicyEngineImpl
policyEngine = (RangerPolicyEngineImpl) oldPolicyEngine;
- servicePolicies =
ServicePolicies.applyDelta(policies, policyEngine);
+ servicePolicies =
applyDelta(policies, policyEngine);
if (servicePolicies != null) {
usePolicyDeltas = true;
@@ -1328,4 +1328,90 @@ public class RangerBasePlugin {
return ret;
}
+
+ public static ServicePolicies applyDelta(final ServicePolicies
servicePolicies, RangerPolicyEngineImpl policyEngine) {
+ ServicePolicies ret =
ServicePolicies.copyHeader(servicePolicies);
+
+ List<RangerPolicy> oldResourcePolicies =
policyEngine.getResourcePolicies();
+ List<RangerPolicy> oldTagPolicies =
policyEngine.getTagPolicies();
+ List<RangerPolicy> oldGdsPolicies =
Collections.emptyList(); // TODO: policyEngine.getGdsPolicies();
+
+ List<RangerPolicy> newResourcePolicies =
RangerPolicyDeltaUtil.applyDeltas(oldResourcePolicies,
servicePolicies.getPolicyDeltas(), servicePolicies.getServiceDef().getName());
+
+ ret.setPolicies(newResourcePolicies);
+
+ final List<RangerPolicy> newTagPolicies;
+ if (servicePolicies.getTagPolicies() != null) {
+ if (LOG.isDebugEnabled()) {
+ LOG.debug("applyingDeltas for tag policies");
+ }
+ newTagPolicies =
RangerPolicyDeltaUtil.applyDeltas(oldTagPolicies,
servicePolicies.getPolicyDeltas(),
servicePolicies.getTagPolicies().getServiceDef().getName());
+ } else {
+ if (LOG.isDebugEnabled()) {
+ LOG.debug("No need to apply deltas for tag
policies");
+ }
+ newTagPolicies = oldTagPolicies;
+ }
+
+ if (LOG.isDebugEnabled()) {
+ LOG.debug("New tag policies:[" +
Arrays.toString(newTagPolicies.toArray()) + "]");
+ }
+
+ final List<RangerPolicy> newGdsPolicies;
+ if (servicePolicies.getGdsPolicies() != null) {
+ LOG.debug("applyingDeltas for gds policies");
+
+ newGdsPolicies =
RangerPolicyDeltaUtil.applyDeltas(oldGdsPolicies,
servicePolicies.getPolicyDeltas(),
servicePolicies.getGdsPolicies().getServiceDef().getName());
+ } else {
+ LOG.debug("No need to apply deltas for gds policies");
+
+ newGdsPolicies = oldGdsPolicies;
+ }
+
+ if (LOG.isDebugEnabled()) {
+ LOG.debug("New gds policies:[" +
Arrays.toString(newGdsPolicies.toArray()) + "]");
+ }
+
+ if (ret.getTagPolicies() != null) {
+ ret.getTagPolicies().setPolicies(newTagPolicies);
+ }
+
+ if (ret.getGdsPolicies() != null) {
+ ret.getGdsPolicies().setPolicies(newGdsPolicies);
+ }
+
+ if (MapUtils.isNotEmpty(servicePolicies.getSecurityZones())) {
+ Map<String, ServicePolicies.SecurityZoneInfo>
newSecurityZones = new HashMap<>();
+
+ for (Map.Entry<String,
ServicePolicies.SecurityZoneInfo> entry :
servicePolicies.getSecurityZones().entrySet()) {
+ String zoneName =
entry.getKey();
+ ServicePolicies.SecurityZoneInfo zoneInfo =
entry.getValue();
+
+ List<RangerPolicy> zoneResourcePolicies =
policyEngine.getResourcePolicies(zoneName);
+ // There are no separate
tag-policy-repositories for each zone
+
+ if (LOG.isDebugEnabled()) {
+ LOG.debug("Applying deltas for
security-zone:[" + zoneName + "]");
+ }
+
+ final List<RangerPolicy> newZonePolicies =
RangerPolicyDeltaUtil.applyDeltas(zoneResourcePolicies,
zoneInfo.getPolicyDeltas(), servicePolicies.getServiceDef().getName());
+
+ if (LOG.isDebugEnabled()) {
+ LOG.debug("New resource policies for
security-zone:[" + zoneName + "], zoneResourcePolicies:[" +
Arrays.toString(newZonePolicies.toArray())+ "]");
+ }
+
+ ServicePolicies.SecurityZoneInfo newZoneInfo =
new ServicePolicies.SecurityZoneInfo();
+
+ newZoneInfo.setZoneName(zoneName);
+
newZoneInfo.setResources(zoneInfo.getResources());
+ newZoneInfo.setPolicies(newZonePolicies);
+
+ newSecurityZones.put(zoneName, newZoneInfo);
+ }
+
+ ret.setSecurityZones(newSecurityZones);
+ }
+
+ return ret;
+ }
}
diff --git
a/agents-common/src/main/java/org/apache/ranger/plugin/util/ServicePolicies.java
b/agents-common/src/main/java/org/apache/ranger/plugin/util/ServicePolicies.java
index 288672a20..f6a8c7efd 100644
---
a/agents-common/src/main/java/org/apache/ranger/plugin/util/ServicePolicies.java
+++
b/agents-common/src/main/java/org/apache/ranger/plugin/util/ServicePolicies.java
@@ -21,7 +21,6 @@ package org.apache.ranger.plugin.util;
import java.util.ArrayList;
-import java.util.Arrays;
import java.util.Collections;
import java.util.Date;
import java.util.HashMap;
@@ -32,19 +31,15 @@ import javax.xml.bind.annotation.XmlAccessType;
import javax.xml.bind.annotation.XmlAccessorType;
import javax.xml.bind.annotation.XmlRootElement;
-import org.apache.commons.collections.MapUtils;
import org.apache.ranger.authorization.utils.StringUtil;
import org.apache.ranger.plugin.model.RangerPolicy;
import org.apache.ranger.plugin.model.RangerPolicyDelta;
import org.apache.ranger.plugin.model.RangerServiceDef;
import org.apache.ranger.plugin.policyengine.RangerPolicyEngine;
-import org.apache.ranger.plugin.policyengine.RangerPolicyEngineImpl;
import org.codehaus.jackson.annotate.JsonAutoDetect;
import org.codehaus.jackson.annotate.JsonIgnoreProperties;
import org.codehaus.jackson.annotate.JsonAutoDetect.Visibility;
import org.codehaus.jackson.map.annotate.JsonSerialize;
-import org.slf4j.Logger;
-import org.slf4j.LoggerFactory;
@JsonAutoDetect(fieldVisibility=Visibility.ANY)
@JsonSerialize(include=JsonSerialize.Inclusion.NON_EMPTY)
@@ -53,7 +48,6 @@ import org.slf4j.LoggerFactory;
@XmlAccessorType(XmlAccessType.FIELD)
public class ServicePolicies implements java.io.Serializable {
private static final long serialVersionUID = 1L;
- private static final Logger LOG =
LoggerFactory.getLogger(ServicePolicies.class);
private String serviceName;
private Long serviceId;
@@ -650,90 +644,4 @@ public class ServicePolicies implements
java.io.Serializable {
return ret;
}
-
- public static ServicePolicies applyDelta(final ServicePolicies
servicePolicies, RangerPolicyEngineImpl policyEngine) {
- ServicePolicies ret = copyHeader(servicePolicies);
-
- List<RangerPolicy> oldResourcePolicies =
policyEngine.getResourcePolicies();
- List<RangerPolicy> oldTagPolicies =
policyEngine.getTagPolicies();
- List<RangerPolicy> oldGdsPolicies =
policyEngine.getGdsPolicies();
-
- List<RangerPolicy> newResourcePolicies =
RangerPolicyDeltaUtil.applyDeltas(oldResourcePolicies,
servicePolicies.getPolicyDeltas(), servicePolicies.getServiceDef().getName());
-
- ret.setPolicies(newResourcePolicies);
-
- final List<RangerPolicy> newTagPolicies;
- if (servicePolicies.getTagPolicies() != null) {
- if (LOG.isDebugEnabled()) {
- LOG.debug("applyingDeltas for tag policies");
- }
- newTagPolicies =
RangerPolicyDeltaUtil.applyDeltas(oldTagPolicies,
servicePolicies.getPolicyDeltas(),
servicePolicies.getTagPolicies().getServiceDef().getName());
- } else {
- if (LOG.isDebugEnabled()) {
- LOG.debug("No need to apply deltas for tag
policies");
- }
- newTagPolicies = oldTagPolicies;
- }
-
- if (LOG.isDebugEnabled()) {
- LOG.debug("New tag policies:[" +
Arrays.toString(newTagPolicies.toArray()) + "]");
- }
-
- final List<RangerPolicy> newGdsPolicies;
- if (servicePolicies.getGdsPolicies() != null) {
- LOG.debug("applyingDeltas for gds policies");
-
- newGdsPolicies =
RangerPolicyDeltaUtil.applyDeltas(oldGdsPolicies,
servicePolicies.getPolicyDeltas(),
servicePolicies.getGdsPolicies().getServiceDef().getName());
- } else {
- LOG.debug("No need to apply deltas for gds policies");
-
- newGdsPolicies = oldGdsPolicies;
- }
-
- if (LOG.isDebugEnabled()) {
- LOG.debug("New gds policies:[" +
Arrays.toString(newGdsPolicies.toArray()) + "]");
- }
-
- if (ret.getTagPolicies() != null) {
- ret.getTagPolicies().setPolicies(newTagPolicies);
- }
-
- if (ret.getGdsPolicies() != null) {
- ret.getGdsPolicies().setPolicies(newGdsPolicies);
- }
-
- if (MapUtils.isNotEmpty(servicePolicies.getSecurityZones())) {
- Map<String, SecurityZoneInfo> newSecurityZones = new
HashMap<>();
-
- for (Map.Entry<String, SecurityZoneInfo> entry :
servicePolicies.getSecurityZones().entrySet()) {
- String zoneName =
entry.getKey();
- SecurityZoneInfo zoneInfo = entry.getValue();
-
- List<RangerPolicy> zoneResourcePolicies =
policyEngine.getResourcePolicies(zoneName);
- // There are no separate
tag-policy-repositories for each zone
-
- if (LOG.isDebugEnabled()) {
- LOG.debug("Applying deltas for
security-zone:[" + zoneName + "]");
- }
-
- final List<RangerPolicy> newZonePolicies =
RangerPolicyDeltaUtil.applyDeltas(zoneResourcePolicies,
zoneInfo.getPolicyDeltas(), servicePolicies.getServiceDef().getName());
-
- if (LOG.isDebugEnabled()) {
- LOG.debug("New resource policies for
security-zone:[" + zoneName + "], zoneResourcePolicies:[" +
Arrays.toString(newZonePolicies.toArray())+ "]");
- }
-
- SecurityZoneInfo newZoneInfo = new
SecurityZoneInfo();
-
- newZoneInfo.setZoneName(zoneName);
-
newZoneInfo.setResources(zoneInfo.getResources());
- newZoneInfo.setPolicies(newZonePolicies);
-
- newSecurityZones.put(zoneName, newZoneInfo);
- }
-
- ret.setSecurityZones(newSecurityZones);
- }
-
- return ret;
- }
}
