This is an automated email from the ASF dual-hosted git repository.
madhan pushed a commit to branch RANGER-3923
in repository https://gitbox.apache.org/repos/asf/ranger.git
The following commit(s) were added to refs/heads/RANGER-3923 by this push:
new 3056b6cbb RANGER-3923: removed RangerDataset.admins and
RangerProject.admins; replaced RangerDataShare.admins with RangerDataShare.acl
3056b6cbb is described below
commit 3056b6cbb5caa9890c1deb88bf28ed079c33d549
Author: Madhan Neethiraj <[email protected]>
AuthorDate: Fri Jul 7 00:34:49 2023 -0700
RANGER-3923: removed RangerDataset.admins and RangerProject.admins;
replaced RangerDataShare.admins with RangerDataShare.acl
---
.../org/apache/ranger/plugin/model/RangerGds.java | 32 +++----
.../main/python/apache_ranger/model/ranger_gds.py | 12 +--
.../src/main/python/sample_gds_client.py | 14 +--
.../optimized/current/ranger_core_db_mysql.sql | 4 +-
.../optimized/current/ranger_core_db_postgres.sql | 4 +-
.../org/apache/ranger/entity/XXGdsDataShare.java | 14 +--
.../org/apache/ranger/entity/XXGdsDataset.java | 11 +--
.../org/apache/ranger/entity/XXGdsProject.java | 11 +--
.../ranger/service/RangerGdsDataShareService.java | 5 +-
.../ranger/service/RangerGdsDatasetService.java | 2 -
.../ranger/service/RangerGdsProjectService.java | 2 -
.../ranger/validation/RangerGdsValidator.java | 100 ++++++++++++++-------
12 files changed, 103 insertions(+), 108 deletions(-)
diff --git
a/agents-common/src/main/java/org/apache/ranger/plugin/model/RangerGds.java
b/agents-common/src/main/java/org/apache/ranger/plugin/model/RangerGds.java
index b735da97a..d53762b06 100644
--- a/agents-common/src/main/java/org/apache/ranger/plugin/model/RangerGds.java
+++ b/agents-common/src/main/java/org/apache/ranger/plugin/model/RangerGds.java
@@ -88,10 +88,9 @@ public class RangerGds {
public static class RangerDataset extends RangerGdsBaseModelObject
implements java.io.Serializable {
private static final long serialVersionUID = 1L;
- private String name;
- private List<RangerPrincipal> admins;
- private RangerGdsObjectACL acl;
- private String termsOfUse;
+ private String name;
+ private RangerGdsObjectACL acl;
+ private String termsOfUse;
public RangerDataset() { }
@@ -99,10 +98,6 @@ public class RangerGds {
public void setName(String name) { this.name = name; }
- public List<RangerPrincipal> getAdmins() { return admins; }
-
- public void setAdmins(List<RangerPrincipal> admins) { this.admins =
admins; }
-
public RangerGdsObjectACL getAcl() { return acl; }
public void setAcl(RangerGdsObjectACL acl) { this.acl = acl; }
@@ -118,7 +113,6 @@ public class RangerGds {
super.toString(sb);
sb.append("name={").append(name).append("} ")
- .append("admin={").append(admins).append("} ")
.append("acl={").append(acl).append("} ")
.append("termsOfUse={").append(termsOfUse).append("} ")
.append("}");
@@ -135,10 +129,9 @@ public class RangerGds {
public static class RangerProject extends RangerGdsBaseModelObject
implements java.io.Serializable {
private static final long serialVersionUID = 1L;
- private String name;
- private List<RangerPrincipal> admins;
- private RangerGdsObjectACL acl;
- private String termsOfUse;
+ private String name;
+ private RangerGdsObjectACL acl;
+ private String termsOfUse;
public RangerProject() { }
@@ -146,10 +139,6 @@ public class RangerGds {
public void setName(String name) { this.name = name; }
- public List<RangerPrincipal> getAdmins() { return admins; }
-
- public void setAdmins(List<RangerPrincipal> admins) { this.admins =
admins; }
-
public RangerGdsObjectACL getAcl() { return acl; }
public void setAcl(RangerGdsObjectACL acl) { this.acl = acl; }
@@ -165,7 +154,6 @@ public class RangerGds {
super.toString(sb);
sb.append("name={").append(name).append("} ")
- .append("admins={").append(admins).append("} ")
.append("acl={").append(acl).append("} ")
.append("termsOfUse={").append(termsOfUse).append("} ")
.append("}");
@@ -183,7 +171,7 @@ public class RangerGds {
private static final long serialVersionUID = 1L;
private String name;
- private List<RangerPrincipal> admins;
+ private RangerGdsObjectACL acl;
private String service;
private String zone;
private String conditionExpr;
@@ -197,9 +185,9 @@ public class RangerGds {
public void setName(String name) { this.name = name; }
- public List<RangerPrincipal> getAdmins() { return admins; }
+ public RangerGdsObjectACL getAcl() { return acl; }
- public void setAdmins(List<RangerPrincipal> admins) { this.admins =
admins; }
+ public void setAcl(RangerGdsObjectACL acl) { this.acl = acl; }
public String getService() { return service; }
@@ -240,7 +228,7 @@ public class RangerGds {
super.toString(sb);
sb.append("name={").append(name).append("} ")
- .append("admins={").append(admins).append("} ")
+ .append("acl={").append(acl).append("} ")
.append("service={").append(service).append("} ")
.append("zone={").append(zone).append("} ")
.append("conditionExpr={").append(conditionExpr).append("} ")
diff --git a/intg/src/main/python/apache_ranger/model/ranger_gds.py
b/intg/src/main/python/apache_ranger/model/ranger_gds.py
index f1572738c..cd8aac8e6 100644
--- a/intg/src/main/python/apache_ranger/model/ranger_gds.py
+++ b/intg/src/main/python/apache_ranger/model/ranger_gds.py
@@ -80,15 +80,13 @@ class RangerDataset(RangerGdsBaseModelObject):
RangerGdsBaseModelObject.__init__(self, attrs)
self.name = attrs.get('name')
- self.admins = attrs.get('admins')
self.acl = attrs.get('acl')
self.termsOfUse = attrs.get('termsOfUse')
def type_coerce_attrs(self):
super(RangerDataset, self).type_coerce_attrs()
- self.admins = type_coerce_list(self.admins, RangerPrincipal)
- self.acl = type_coerce_dict(self.acl, RangerGdsObjectACL)
+ self.acl = type_coerce_dict(self.acl, RangerGdsObjectACL)
class RangerProject(RangerGdsBaseModelObject):
@@ -99,15 +97,13 @@ class RangerProject(RangerGdsBaseModelObject):
RangerGdsBaseModelObject.__init__(self, attrs)
self.name = attrs.get('name')
- self.admins = attrs.get('admins')
self.acl = attrs.get('acl')
self.termsOfUse = attrs.get('termsOfUse')
def type_coerce_attrs(self):
super(RangerProject, self).type_coerce_attrs()
- self.admins = type_coerce_list(self.admins, RangerPrincipal)
- self.acl = type_coerce_dict(self.acl, RangerGdsObjectACL)
+ self.acl = type_coerce_dict(self.acl, RangerGdsObjectACL)
class RangerDataShare(RangerGdsBaseModelObject):
@@ -118,7 +114,7 @@ class RangerDataShare(RangerGdsBaseModelObject):
RangerGdsBaseModelObject.__init__(self, attrs)
self.name = attrs.get('name')
- self.admins = attrs.get('admins')
+ self.acl = attrs.get('acl')
self.service = attrs.get('service')
self.zone = attrs.get('zone')
self.conditionExpr = attrs.get('conditionExpr')
@@ -129,7 +125,7 @@ class RangerDataShare(RangerGdsBaseModelObject):
def type_coerce_attrs(self):
super(RangerDataShare, self).type_coerce_attrs()
- self.admins = type_coerce_list(self.admins, RangerPrincipal)
+ self.acl = type_coerce_dict(self.acl, RangerGdsObjectACL)
self.defaultMasks = type_coerce_dict(self.defaultMasks,
RangerPolicyItemDataMaskInfo)
diff --git a/ranger-examples/sample-client/src/main/python/sample_gds_client.py
b/ranger-examples/sample-client/src/main/python/sample_gds_client.py
index 35e80609a..e40e0736f 100644
--- a/ranger-examples/sample-client/src/main/python/sample_gds_client.py
+++ b/ranger-examples/sample-client/src/main/python/sample_gds_client.py
@@ -29,21 +29,23 @@ ranger_auth = ('admin', 'rangerR0cks!')
ranger = RangerClient(ranger_url, ranger_auth)
gds = RangerGdsClient(ranger)
+userJohnDoe = RangerPrincipal({ 'type': PrincipalType.USER, 'name': 'John.Doe'
})
-dataset_1 = RangerDataset({ 'name': 'dataset-1', 'description': 'the first
dataset!', 'admins': [ { 'type': PrincipalType.USER, 'name': 'John.Doe' } ],
'acl': {}, 'termsOfUse': None })
-dataset_2 = RangerDataset({ 'name': 'dataset-2', 'description': 'the second
dataset!', 'admins': [ { 'type': PrincipalType.GROUP, 'name': 'sales' } ],
'acl': {}, 'termsOfUse': None })
-project_1 = RangerProject({ 'name': 'project-1', 'description': 'the first
project!', 'admins': [ { 'type': PrincipalType.USER, 'name': 'Diane.Scott' } ],
'acl': {}, 'termsOfUse': None })
-project_2 = RangerProject({ 'name': 'project-2', 'description': 'the second
project!', 'admins': [ { 'type': PrincipalType.GROUP, 'name': 'marketing' } ],
'acl': {}, 'termsOfUse': None })
+dataset_1 = RangerDataset({ 'name': 'dataset-1', 'description': 'the first
dataset!', 'acl': { 'users': { 'John.Doe': GdsPermission.ADMIN } },
'termsOfUse': None })
+dataset_2 = RangerDataset({ 'name': 'dataset-2', 'description': 'the second
dataset!', 'acl': { 'groups': { 'sales': GdsPermission.ADMIN } }, 'termsOfUse':
None })
-hive_share_1 = RangerDataShare({ 'name': 'datashare-1', 'description': 'the
first datashare!', 'admins': [ { 'type': PrincipalType.USER, 'name':
'Sandy.Williams' } ], 'termsOfUse': None })
+project_1 = RangerProject({ 'name': 'project-1', 'description': 'the first
project!', 'acl': { 'users': { 'Diane.Scott': GdsPermission.ADMIN } },
'termsOfUse': None })
+project_2 = RangerProject({ 'name': 'project-2', 'description': 'the second
project!', 'acl': { 'groups': { 'marketing': GdsPermission.ADMIN } },
'termsOfUse': None })
+
+hive_share_1 = RangerDataShare({ 'name': 'datashare-1', 'description': 'the
first datashare!', 'acl': { 'users': { 'Sandy.Williams': GdsPermission.ADMIN }
}, 'termsOfUse': None })
hive_share_1.service = 'dev_hive'
hive_share_1.zone = None
hive_share_1.conditionExpr = "HAS_TAG('SCAN_COMPLETE')"
hive_share_1.defaultAccessTypes = [ '_READ' ]
hive_share_1.defaultMasks = { 'HAS_TAG("PII")': { 'dataMaskType': 'MASK'
} }
-hdfs_share_1 = RangerDataShare({ 'name': 'datashare-2', 'description': 'the
second datashare!', 'admins': [ { 'type': PrincipalType.GROUP, 'name':
'finance' } ], 'termsOfUse': None })
+hdfs_share_1 = RangerDataShare({ 'name': 'datashare-2', 'description': 'the
second datashare!', 'acl': { 'groups': { 'finance': GdsPermission.ADMIN } },
'termsOfUse': None })
hdfs_share_1.service = 'dev_hdfs'
hdfs_share_1.zone = None
hdfs_share_1.conditionExpr = "HAS_TAG('SCAN_COMPLETE')"
diff --git a/security-admin/db/mysql/optimized/current/ranger_core_db_mysql.sql
b/security-admin/db/mysql/optimized/current/ranger_core_db_mysql.sql
index 12262dfc5..b4e3f57b8 100644
--- a/security-admin/db/mysql/optimized/current/ranger_core_db_mysql.sql
+++ b/security-admin/db/mysql/optimized/current/ranger_core_db_mysql.sql
@@ -1712,7 +1712,6 @@ CREATE TABLE `x_gds_dataset` (
, `is_enabled` TINYINT(1) NOT NULL DEFAULT '1'
, `name` VARCHAR(512) NOT NULL
, `description` TEXT NULL DEFAULT NULL
- , `admins` TEXT NOT NULL
, `acl` TEXT NULL DEFAULT NULL
, `terms_of_use` TEXT NULL DEFAULT NULL
, `options` TEXT NULL DEFAULT NULL
@@ -1735,7 +1734,6 @@ CREATE TABLE `x_gds_project` (
, `is_enabled` TINYINT(1) NOT NULL DEFAULT '1'
, `name` VARCHAR(512) NOT NULL
, `description` TEXT NULL DEFAULT NULL
- , `admins` TEXT NOT NULL
, `acl` TEXT NULL DEFAULT NULL
, `terms_of_use` TEXT NULL DEFAULT NULL
, `options` TEXT NULL DEFAULT NULL
@@ -1758,7 +1756,7 @@ CREATE TABLE `x_gds_data_share`(
, `is_enabled` TINYINT(1) NOT NULL DEFAULT '1'
, `name` VARCHAR(512) NOT NULL
, `description` TEXT NULL DEFAULT NULL
- , `admins` TEXT NOT NULL
+ , `acl` TEXT NOT NULL
, `service_id` BIGINT(20) NOT NULL
, `zone_id` BIGINT(20) NOT NULL
, `condition_expr` TEXT NULL
diff --git
a/security-admin/db/postgres/optimized/current/ranger_core_db_postgres.sql
b/security-admin/db/postgres/optimized/current/ranger_core_db_postgres.sql
index bb2569d84..6b82aead4 100644
--- a/security-admin/db/postgres/optimized/current/ranger_core_db_postgres.sql
+++ b/security-admin/db/postgres/optimized/current/ranger_core_db_postgres.sql
@@ -1701,7 +1701,6 @@ CREATE TABLE x_gds_dataset (
, is_enabled BOOLEAN NOT NULL DEFAULT '1'
, name VARCHAR(512) NOT NULL
, description TEXT NULL DEFAULT NULL
- , admins TEXT NOT NULL
, acl TEXT NULL DEFAULT NULL
, terms_of_use TEXT NULL DEFAULT NULL
, options TEXT NULL DEFAULT NULL
@@ -1726,7 +1725,6 @@ CREATE TABLE x_gds_project (
, is_enabled BOOLEAN NOT NULL DEFAULT '1'
, name VARCHAR(512) NOT NULL
, description TEXT NULL DEFAULT NULL
- , admins TEXT NOT NULL
, acl TEXT NULL DEFAULT NULL
, terms_of_use TEXT NULL DEFAULT NULL
, options TEXT NULL DEFAULT NULL
@@ -1751,7 +1749,7 @@ CREATE TABLE x_gds_data_share(
, is_enabled BOOLEAN NOT NULL DEFAULT '1'
, name VARCHAR(512) NOT NULL
, description TEXT NULL DEFAULT NULL
- , admins TEXT NOT NULL
+ , acl TEXT NOT NULL
, service_id BIGINT NOT NULL
, zone_id BIGINT NOT NULL
, condition_expr TEXT NULL
diff --git
a/security-admin/src/main/java/org/apache/ranger/entity/XXGdsDataShare.java
b/security-admin/src/main/java/org/apache/ranger/entity/XXGdsDataShare.java
index d3abada0d..1d2f6a189 100644
--- a/security-admin/src/main/java/org/apache/ranger/entity/XXGdsDataShare.java
+++ b/security-admin/src/main/java/org/apache/ranger/entity/XXGdsDataShare.java
@@ -61,8 +61,8 @@ public class XXGdsDataShare extends XXDBBase implements
Serializable {
@Column(name = "description")
protected String description;
- @Column(name = "admins")
- protected String admins;
+ @Column(name = "acl")
+ protected String acl;
@Column(name = "condition_expr")
protected String conditionExpr;
@@ -117,9 +117,9 @@ public class XXGdsDataShare extends XXDBBase implements
Serializable {
public void setDescription(String description) { this.description =
description; }
- public String getAdmins() { return admins; }
+ public String getAcl() { return acl; }
- public void setAdmins(String admins) { this.admins = admins; }
+ public void setAcl(String acl) { this.acl = acl; }
public String getConditionExpr() { return conditionExpr; }
@@ -150,7 +150,7 @@ public class XXGdsDataShare extends XXDBBase implements
Serializable {
@Override
public int hashCode() {
- return Objects.hash(id, guid, version, isEnabled, serviceId, zoneId,
name, description, admins, conditionExpr, defaultAccessTypes, defaultMasks,
termsOfUse, options, additionalInfo);
+ return Objects.hash(id, guid, version, isEnabled, serviceId, zoneId,
name, description, acl, conditionExpr, defaultAccessTypes, defaultMasks,
termsOfUse, options, additionalInfo);
}
@Override
@@ -173,7 +173,7 @@ public class XXGdsDataShare extends XXDBBase implements
Serializable {
Objects.equals(zoneId, other.zoneId) &&
Objects.equals(name, other.name) &&
Objects.equals(description, other.description) &&
- Objects.equals(admins, other.admins) &&
+ Objects.equals(acl, other.acl) &&
Objects.equals(conditionExpr, other.conditionExpr) &&
Objects.equals(defaultAccessTypes, other.defaultAccessTypes) &&
Objects.equals(defaultMasks, other.defaultMasks) &&
@@ -198,7 +198,7 @@ public class XXGdsDataShare extends XXDBBase implements
Serializable {
.append("zoneId={").append(zoneId).append("} ")
.append("name={").append(name).append("} ")
.append("description={").append(description).append("} ")
- .append("admins={").append(admins).append("} ")
+ .append("acl={").append(acl).append("} ")
.append("conditionExpr={").append(conditionExpr).append("} ")
.append("defaultAccessTypes={").append(defaultAccessTypes).append("}
")
.append("defaultMasks={").append(defaultMasks).append("} ")
diff --git
a/security-admin/src/main/java/org/apache/ranger/entity/XXGdsDataset.java
b/security-admin/src/main/java/org/apache/ranger/entity/XXGdsDataset.java
index 3a722f044..6fdc5be95 100644
--- a/security-admin/src/main/java/org/apache/ranger/entity/XXGdsDataset.java
+++ b/security-admin/src/main/java/org/apache/ranger/entity/XXGdsDataset.java
@@ -55,9 +55,6 @@ public class XXGdsDataset extends XXDBBase implements
Serializable {
@Column(name = "description")
protected String description;
- @Column(name = "admins")
- protected String admins;
-
@Column(name = "acl")
protected String acl;
@@ -97,10 +94,6 @@ public class XXGdsDataset extends XXDBBase implements
Serializable {
public void setDescription(String description) { this.description =
description; }
- public String getAdmins() { return admins; }
-
- public void setAdmins(String admins) { this.admins = admins; }
-
public String getAcl() { return acl; }
public void setAcl(String acl) { this.acl = acl; }
@@ -122,7 +115,7 @@ public class XXGdsDataset extends XXDBBase implements
Serializable {
@Override
public int hashCode() {
- return Objects.hash(id, guid, version, isEnabled, name, description,
admins, acl, termsOfUse, options, additionalInfo);
+ return Objects.hash(id, guid, version, isEnabled, name, description,
acl, termsOfUse, options, additionalInfo);
}
@Override
@@ -143,7 +136,6 @@ public class XXGdsDataset extends XXDBBase implements
Serializable {
Objects.equals(isEnabled, other.isEnabled) &&
Objects.equals(name, other.name) &&
Objects.equals(description, other.description) &&
- Objects.equals(admins, other.admins) &&
Objects.equals(acl, other.acl) &&
Objects.equals(termsOfUse, other.termsOfUse) &&
Objects.equals(options, other.options) &&
@@ -164,7 +156,6 @@ public class XXGdsDataset extends XXDBBase implements
Serializable {
.append("isEnabled={").append(isEnabled).append("} ")
.append("name={").append(name).append("} ")
.append("description={").append(description).append("} ")
- .append("admins={").append(admins).append("} ")
.append("condition={").append(acl).append("} ")
.append("acl={").append(acl).append("} ")
.append("termsOfUse={").append(termsOfUse).append("} ")
diff --git
a/security-admin/src/main/java/org/apache/ranger/entity/XXGdsProject.java
b/security-admin/src/main/java/org/apache/ranger/entity/XXGdsProject.java
index 84c9169c7..566fdac96 100644
--- a/security-admin/src/main/java/org/apache/ranger/entity/XXGdsProject.java
+++ b/security-admin/src/main/java/org/apache/ranger/entity/XXGdsProject.java
@@ -55,9 +55,6 @@ public class XXGdsProject extends XXDBBase implements
Serializable {
@Column(name = "description")
protected String description;
- @Column(name = "admins")
- protected String admins;
-
@Column(name = "acl")
protected String acl;
@@ -96,10 +93,6 @@ public class XXGdsProject extends XXDBBase implements
Serializable {
public void setDescription(String description) { this.description =
description; }
- public String getAdmins() { return admins; }
-
- public void setAdmins(String admins) { this.admins = admins; }
-
public String getAcl() { return acl; }
public void setAcl(String acl) { this.acl = acl; }
@@ -121,7 +114,7 @@ public class XXGdsProject extends XXDBBase implements
Serializable {
@Override
public int hashCode() {
- return Objects.hash(id, guid, version, isEnabled, name, description,
admins, acl, termsOfUse, options, additionalInfo);
+ return Objects.hash(id, guid, version, isEnabled, name, description,
acl, termsOfUse, options, additionalInfo);
}
@Override
@@ -142,7 +135,6 @@ public class XXGdsProject extends XXDBBase implements
Serializable {
Objects.equals(isEnabled, other.isEnabled) &&
Objects.equals(name, other.name) &&
Objects.equals(description, other.description) &&
- Objects.equals(admins, other.admins) &&
Objects.equals(acl, other.acl) &&
Objects.equals(termsOfUse, other.termsOfUse) &&
Objects.equals(options, other.options) &&
@@ -163,7 +155,6 @@ public class XXGdsProject extends XXDBBase implements
Serializable {
.append("isEnabled={").append(isEnabled).append("} ")
.append("name={").append(name).append("} ")
.append("description={").append(description).append("} ")
- .append("admins={").append(admins).append("} ")
.append("condition={").append(acl).append("} ")
.append("termsOfUse={").append(termsOfUse).append("} ")
.append("options={").append(options).append("} ")
diff --git
a/security-admin/src/main/java/org/apache/ranger/service/RangerGdsDataShareService.java
b/security-admin/src/main/java/org/apache/ranger/service/RangerGdsDataShareService.java
index 3c212284b..a07fb9ea7 100644
---
a/security-admin/src/main/java/org/apache/ranger/service/RangerGdsDataShareService.java
+++
b/security-admin/src/main/java/org/apache/ranger/service/RangerGdsDataShareService.java
@@ -28,6 +28,7 @@ import org.apache.ranger.common.SortField;
import org.apache.ranger.entity.XXGdsDataShare;
import org.apache.ranger.entity.XXSecurityZone;
import org.apache.ranger.entity.XXService;
+import org.apache.ranger.plugin.model.RangerGds;
import org.apache.ranger.plugin.model.RangerGds.RangerDataShare;
import org.apache.ranger.plugin.model.RangerSecurityZone;
import org.apache.ranger.plugin.util.SearchFilter;
@@ -221,7 +222,7 @@ public class RangerGdsDataShareService extends
RangerGdsBaseModelService<XXGdsDa
xObj.setIsEnabled(vObj.getIsEnabled());
xObj.setName(vObj.getName());
xObj.setDescription(vObj.getDescription());
- xObj.setAdmins(JsonUtils.listToJson(vObj.getAdmins()));
+ xObj.setAcl(JsonUtils.objectToJson(vObj.getAcl()));
xObj.setServiceId(xService.getId());
xObj.setZoneId(zoneId);
xObj.setConditionExpr(vObj.getConditionExpr());
@@ -247,7 +248,7 @@ public class RangerGdsDataShareService extends
RangerGdsBaseModelService<XXGdsDa
vObj.setVersion(xObj.getVersion());
vObj.setName(xObj.getName());
vObj.setDescription(xObj.getDescription());
- vObj.setAdmins(JsonUtils.jsonToRangerPrincipalList(xObj.getAdmins()));
+ vObj.setAcl(JsonUtils.jsonToObject(xObj.getAcl(),
RangerGds.RangerGdsObjectACL.class));
vObj.setService(serviceName);
vObj.setZone(zoneName);
vObj.setConditionExpr(xObj.getConditionExpr());
diff --git
a/security-admin/src/main/java/org/apache/ranger/service/RangerGdsDatasetService.java
b/security-admin/src/main/java/org/apache/ranger/service/RangerGdsDatasetService.java
index 09c28cced..747cc9f17 100644
---
a/security-admin/src/main/java/org/apache/ranger/service/RangerGdsDatasetService.java
+++
b/security-admin/src/main/java/org/apache/ranger/service/RangerGdsDatasetService.java
@@ -158,7 +158,6 @@ public class RangerGdsDatasetService extends
RangerGdsBaseModelService<XXGdsData
xObj.setIsEnabled(vObj.getIsEnabled());
xObj.setName(vObj.getName());
xObj.setDescription(vObj.getDescription());
- xObj.setAdmins(JsonUtils.listToJson(vObj.getAdmins()));
xObj.setAcl(JsonUtils.objectToJson(vObj.getAcl()));
xObj.setTermsOfUse(vObj.getTermsOfUse());
xObj.setOptions(JsonUtils.mapToJson(vObj.getOptions()));
@@ -174,7 +173,6 @@ public class RangerGdsDatasetService extends
RangerGdsBaseModelService<XXGdsData
vObj.setVersion(xObj.getVersion());
vObj.setName(xObj.getName());
vObj.setDescription(xObj.getDescription());
- vObj.setAdmins(JsonUtils.jsonToRangerPrincipalList(xObj.getAdmins()));
vObj.setAcl(JsonUtils.jsonToObject(xObj.getAcl(),
RangerGds.RangerGdsObjectACL.class));
vObj.setTermsOfUse(xObj.getTermsOfUse());
vObj.setOptions(JsonUtils.jsonToMapStringString(xObj.getOptions()));
diff --git
a/security-admin/src/main/java/org/apache/ranger/service/RangerGdsProjectService.java
b/security-admin/src/main/java/org/apache/ranger/service/RangerGdsProjectService.java
index 2aa7a1ea8..8c0ddc65d 100644
---
a/security-admin/src/main/java/org/apache/ranger/service/RangerGdsProjectService.java
+++
b/security-admin/src/main/java/org/apache/ranger/service/RangerGdsProjectService.java
@@ -158,7 +158,6 @@ public class RangerGdsProjectService extends
RangerGdsBaseModelService<XXGdsProj
xObj.setIsEnabled(vObj.getIsEnabled());
xObj.setName(vObj.getName());
xObj.setDescription(vObj.getDescription());
- xObj.setAdmins(JsonUtils.listToJson(vObj.getAdmins()));
xObj.setAcl(JsonUtils.objectToJson(vObj.getAcl()));
xObj.setTermsOfUse(vObj.getTermsOfUse());
xObj.setOptions(JsonUtils.mapToJson(vObj.getOptions()));
@@ -174,7 +173,6 @@ public class RangerGdsProjectService extends
RangerGdsBaseModelService<XXGdsProj
vObj.setVersion(xObj.getVersion());
vObj.setName(xObj.getName());
vObj.setDescription(xObj.getDescription());
- vObj.setAdmins(JsonUtils.jsonToRangerPrincipalList(xObj.getAdmins()));
vObj.setAcl(JsonUtils.jsonToObject(xObj.getAcl(),
RangerGds.RangerGdsObjectACL.class));
vObj.setTermsOfUse(xObj.getTermsOfUse());
vObj.setOptions(JsonUtils.jsonToMapStringString(xObj.getOptions()));
diff --git
a/security-admin/src/main/java/org/apache/ranger/validation/RangerGdsValidator.java
b/security-admin/src/main/java/org/apache/ranger/validation/RangerGdsValidator.java
index 3c6dd1fdf..55da4a238 100644
---
a/security-admin/src/main/java/org/apache/ranger/validation/RangerGdsValidator.java
+++
b/security-admin/src/main/java/org/apache/ranger/validation/RangerGdsValidator.java
@@ -17,11 +17,13 @@
package org.apache.ranger.validation;
+import org.apache.commons.collections.MapUtils;
import org.apache.commons.lang.StringUtils;
import org.apache.ranger.common.MessageEnums;
import org.apache.ranger.common.RESTErrorUtil;
import org.apache.ranger.plugin.errors.ValidationErrorCode;
import org.apache.ranger.plugin.model.RangerGds;
+import org.apache.ranger.plugin.model.RangerGds.GdsPermission;
import org.apache.ranger.plugin.model.RangerGds.RangerDataShareInDataset;
import org.apache.ranger.plugin.model.RangerGds.RangerDataShare;
import org.apache.ranger.plugin.model.RangerGds.RangerDatasetInProject;
@@ -64,7 +66,6 @@ public class RangerGdsValidator {
result.addValidationFailure(new
ValidationFailureDetails(ValidationErrorCode.GDS_VALIDATION_ERR_DATASET_NAME_CONFLICT,
"name", dataset.getName(), existing));
}
- validatePrincipals(dataset.getAdmins(), "admins", result);
validateAcl(dataset.getAcl(), "acl", result);
if (!result.isSuccess()) {
@@ -83,10 +84,9 @@ public class RangerGdsValidator {
result.addValidationFailure(new
ValidationFailureDetails(ValidationErrorCode.GDS_VALIDATION_ERR_DATASET_NAME_NOT_FOUND,
"name", dataset.getName()));
} else {
if (!dataProvider.isAdminUser()) {
- validateAdmin(dataProvider.getCurrentUserLoginId(), "dataset",
existing.getName(), existing.getAdmins(), result);
+ validateAdmin(dataProvider.getCurrentUserLoginId(), "dataset",
existing.getName(), existing.getAcl(), result);
}
- validatePrincipals(dataset.getAdmins(), "admins", result);
validateAcl(dataset.getAcl(), "acl", result);
}
@@ -106,7 +106,7 @@ public class RangerGdsValidator {
result.addValidationFailure(new
ValidationFailureDetails(ValidationErrorCode.GDS_VALIDATION_ERR_DATASET_ID_NOT_FOUND,
"id", datasetId));
} else {
if (!dataProvider.isAdminUser()) {
- validateAdmin(dataProvider.getCurrentUserLoginId(), "dataset",
existing.getName(), existing.getAdmins(), result);
+ validateAdmin(dataProvider.getCurrentUserLoginId(), "dataset",
existing.getName(), existing.getAcl(), result);
}
}
@@ -127,7 +127,6 @@ public class RangerGdsValidator {
result.addValidationFailure(new
ValidationFailureDetails(ValidationErrorCode.GDS_VALIDATION_ERR_PROJECT_NAME_CONFLICT,
"name", project.getName(), existing));
}
- validatePrincipals(project.getAdmins(), "admins", result);
validateAcl(project.getAcl(), "acl", result);
if (!result.isSuccess()) {
@@ -146,10 +145,9 @@ public class RangerGdsValidator {
result.addValidationFailure(new
ValidationFailureDetails(ValidationErrorCode.GDS_VALIDATION_ERR_PROJECT_NAME_NOT_FOUND,
"name", project.getName()));
} else {
if (!dataProvider.isAdminUser()) {
- validateAdmin(dataProvider.getCurrentUserLoginId(), "project",
existing.getName(), existing.getAdmins(), result);
+ validateAdmin(dataProvider.getCurrentUserLoginId(), "project",
existing.getName(), existing.getAcl(), result);
}
- validatePrincipals(project.getAdmins(), "admins", result);
validateAcl(project.getAcl(), "acl", result);
}
@@ -169,7 +167,7 @@ public class RangerGdsValidator {
result.addValidationFailure(new
ValidationFailureDetails(ValidationErrorCode.GDS_VALIDATION_ERR_PROJECT_ID_NOT_FOUND,
"id", projectId));
} else {
if (!dataProvider.isAdminUser()) {
- validateAdmin(dataProvider.getCurrentUserLoginId(), "project",
existing.getName(), existing.getAdmins(), result);
+ validateAdmin(dataProvider.getCurrentUserLoginId(), "project",
existing.getName(), existing.getAcl(), result);
}
}
@@ -192,7 +190,7 @@ public class RangerGdsValidator {
validateServiceZoneAdmin(dataShare.getService(), dataShare.getZone(),
result);
- validatePrincipals(dataShare.getAdmins(), "admins", result);
+ validateAcl(dataShare.getAcl(), "acl", result);
validateAccessTypes(dataShare.getService(), "defaultAccessTypes",
dataShare.getDefaultAccessTypes(), result);
validateMaskTypes(dataShare.getService(), "defaultMasks",
dataShare.getDefaultMasks(), result);
@@ -212,10 +210,10 @@ public class RangerGdsValidator {
result.addValidationFailure(new
ValidationFailureDetails(ValidationErrorCode.GDS_VALIDATION_ERR_DATA_SHARE_NAME_NOT_FOUND,
"name", dataShare.getName()));
} else {
if (!dataProvider.isAdminUser()) {
- validateAdmin(dataProvider.getCurrentUserLoginId(),
"datashare", existing.getName(), existing.getAdmins(), result);
+ validateAdmin(dataProvider.getCurrentUserLoginId(),
"datashare", existing.getName(), existing.getAcl(), result);
}
- validatePrincipals(dataShare.getAdmins(), "admins", result);
+ validateAcl(dataShare.getAcl(), "acl", result);
validateAccessTypes(dataShare.getService(), "defaultAccessTypes",
dataShare.getDefaultAccessTypes(), result);
validateMaskTypes(dataShare.getService(), "defaultMasks",
dataShare.getDefaultMasks(), result);
}
@@ -236,7 +234,7 @@ public class RangerGdsValidator {
result.addValidationFailure(new
ValidationFailureDetails(ValidationErrorCode.GDS_VALIDATION_ERR_DATA_SHARE_ID_NOT_FOUND,
"id", dataShareId));
} else {
if (!dataProvider.isAdminUser()) {
- validateAdmin(dataProvider.getCurrentUserLoginId(),
"datashare", existing.getName(), existing.getAdmins(), result);
+ validateAdmin(dataProvider.getCurrentUserLoginId(),
"datashare", existing.getName(), existing.getAcl(), result);
}
}
@@ -262,7 +260,7 @@ public class RangerGdsValidator {
result.addValidationFailure(new
ValidationFailureDetails(ValidationErrorCode.GDS_VALIDATION_ERR_SHARED_RESOURCE_NAME_CONFLICT,
"name", resource.getName(), dataShare.getName(), existing));
} else {
if (!dataProvider.isAdminUser() &&
!dataProvider.isServiceAdmin(dataShare.getService()) &&
!dataProvider.isZoneAdmin(dataShare.getZone())) {
- validateAdmin(dataProvider.getCurrentUserLoginId(),
"datashare", dataShare.getName(), dataShare.getAdmins(), result);
+ validateAdmin(dataProvider.getCurrentUserLoginId(),
"datashare", dataShare.getName(), dataShare.getAcl(), result);
}
}
}
@@ -288,7 +286,7 @@ public class RangerGdsValidator {
result.addValidationFailure(new
ValidationFailureDetails(ValidationErrorCode.GDS_VALIDATION_ERR_DATA_SHARE_ID_NOT_FOUND,
"dataShareId", resource.getDataShareId()));
} else {
if (!dataProvider.isAdminUser() &&
!dataProvider.isServiceAdmin(dataShare.getService()) &&
!dataProvider.isZoneAdmin(dataShare.getZone())) {
- validateAdmin(dataProvider.getCurrentUserLoginId(),
"datashare", dataShare.getName(), dataShare.getAdmins(), result);
+ validateAdmin(dataProvider.getCurrentUserLoginId(),
"datashare", dataShare.getName(), dataShare.getAcl(), result);
}
}
}
@@ -314,7 +312,7 @@ public class RangerGdsValidator {
result.addValidationFailure(new
ValidationFailureDetails(ValidationErrorCode.GDS_VALIDATION_ERR_DATA_SHARE_ID_NOT_FOUND,
"dataShareId", existing.getDataShareId()));
} else {
if (!dataProvider.isAdminUser() &&
!dataProvider.isServiceAdmin(dataShare.getService()) &&
!dataProvider.isZoneAdmin(dataShare.getZone())) {
- validateAdmin(dataProvider.getCurrentUserLoginId(),
"datashare", dataShare.getName(), dataShare.getAdmins(), result);
+ validateAdmin(dataProvider.getCurrentUserLoginId(),
"datashare", dataShare.getName(), dataShare.getAcl(), result);
}
}
}
@@ -343,7 +341,7 @@ public class RangerGdsValidator {
if (dataShare != null) {
if (!dataProvider.isAdminUser() &&
!dataProvider.isServiceAdmin(dataShare.getService()) &&
!dataProvider.isZoneAdmin(dataShare.getZone())) {
- validateAdmin(dataProvider.getCurrentUserLoginId(),
"datashare", dataShare.getName(), dataShare.getAdmins(), result);
+ validateAdmin(dataProvider.getCurrentUserLoginId(),
"datashare", dataShare.getName(), dataShare.getAcl(), result);
}
}
@@ -428,11 +426,11 @@ public class RangerGdsValidator {
if (requireDataShareAdmin) {
if (!dataProvider.isAdminUser() &&
!dataProvider.isServiceAdmin(dataShare.getService()) &&
!dataProvider.isZoneAdmin(dataShare.getZone())) {
-
validateAdmin(dataProvider.getCurrentUserLoginId(), "datashare",
dataShare.getName(), dataShare.getAdmins(), result);
+
validateAdmin(dataProvider.getCurrentUserLoginId(), "datashare",
dataShare.getName(), dataShare.getAcl(), result);
}
} else if (requireDatasetAdmin) {
if (!dataProvider.isAdminUser()) {
-
validateAdmin(dataProvider.getCurrentUserLoginId(), "dataset",
dataset.getName(), dataset.getAdmins(), result);
+
validateAdmin(dataProvider.getCurrentUserLoginId(), "dataset",
dataset.getName(), dataset.getAcl(), result);
}
} else { // must be either a dataset admin or a datashare
admin
// TODO:
@@ -544,19 +542,19 @@ public class RangerGdsValidator {
private void validateAcl(RangerGdsObjectACL acl, String fieldName,
ValidationResult result) {
if (acl != null) {
- if (acl.getUsers() != null) {
+ if (MapUtils.isNotEmpty(acl.getUsers())) {
for (String userName : acl.getUsers().keySet()) {
validateUser(userName, fieldName, result);
}
}
- if (acl.getGroups() != null) {
+ if (MapUtils.isNotEmpty(acl.getGroups())) {
for (String groupName : acl.getGroups().keySet()) {
validateGroup(groupName, fieldName, result);
}
}
- if (acl.getRoles() != null) {
+ if (MapUtils.isNotEmpty(acl.getRoles())) {
for (String roleName : acl.getRoles().keySet()) {
validateRole(roleName, fieldName, result);
}
@@ -588,23 +586,59 @@ public class RangerGdsValidator {
}
}
- private void validateAdmin(String userName, String objType, String
objName, List<RangerPrincipal> admins, ValidationResult result) {
+ private void validateAdmin(String userName, String objType, String
objName, RangerGdsObjectACL acl, ValidationResult result) {
boolean isAdmin = false;
- if (admins != null) {
+ if (acl != null) {
Set<String> userGroups = null;
Set<String> userRoles = null;
- for (RangerPrincipal admin : admins) {
- if (admin.getType() == RangerPrincipal.PrincipalType.USER) {
- isAdmin = StringUtils.equals(userName, admin.getName());
- } else if (admin.getType() ==
RangerPrincipal.PrincipalType.GROUP) {
+ if (MapUtils.isNotEmpty(acl.getUsers())) {
+ for (Map.Entry<String, GdsPermission> entry :
acl.getUsers().entrySet()) {
+ GdsPermission permission = entry.getValue();
+
+ if (permission != GdsPermission.ADMIN) {
+ continue;
+ }
+
+ if (StringUtils.equals(userName, entry.getKey())) {
+ isAdmin = true;
+
+ break;
+ }
+ }
+ }
+
+ if (!isAdmin && MapUtils.isNotEmpty(acl.getGroups())) {
+ for (Map.Entry<String, GdsPermission> entry :
acl.getGroups().entrySet()) {
+ String groupName = entry.getKey();
+ GdsPermission permission = entry.getValue();
+
+ if (permission != GdsPermission.ADMIN) {
+ continue;
+ }
+
if (userGroups == null) {
userGroups = dataProvider.getGroupsForUser(userName);
}
- isAdmin = userGroups.contains(admin.getName());
- } else if (admin.getType() ==
RangerPrincipal.PrincipalType.ROLE) {
+ if (userGroups != null && userGroups.contains(groupName)) {
+ isAdmin = true;
+
+ break;
+ }
+ }
+ }
+
+ if (!isAdmin && MapUtils.isNotEmpty(acl.getRoles())) {
+ for (Map.Entry<String, GdsPermission> entry :
acl.getRoles().entrySet()) {
+ String roleName = entry.getKey();
+ GdsPermission permission = entry.getValue();
+
+ if (permission != GdsPermission.ADMIN) {
+ continue;
+ }
+
if (userRoles == null) {
if (userGroups == null) {
userGroups =
dataProvider.getGroupsForUser(userName);
@@ -613,11 +647,11 @@ public class RangerGdsValidator {
userRoles = dataProvider.getRolesForUser(userName);
}
- isAdmin = userRoles != null &&
userRoles.contains(admin.getName());
- }
+ if (userRoles != null && userRoles.contains(roleName)) {
+ isAdmin = true;
- if (isAdmin) {
- break;
+ break;
+ }
}
}
}
