This is an automated email from the ASF dual-hosted git repository.
dineshkumar pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/ranger.git
The following commit(s) were added to refs/heads/master by this push:
new f1f5c02e2 Revert "RANGER-4300: HBase shell revoke command failed with
'HTTP 400 Error: processSecureRevokeRequest processing failed'"
f1f5c02e2 is described below
commit f1f5c02e29e50fb175c1dcb7756638e58f65c207
Author: Dineshkumar Yadav <[email protected]>
AuthorDate: Fri Aug 4 08:55:17 2023 +0530
Revert "RANGER-4300: HBase shell revoke command failed with 'HTTP 400
Error: processSecureRevokeRequest processing failed'"
This reverts commit ff38d0b3ee474c9fa9332311ed31b56e53e858dd.
---
.../org/apache/ranger/rest/ServiceRESTUtil.java | 57 ----------------------
1 file changed, 57 deletions(-)
diff --git
a/security-admin/src/main/java/org/apache/ranger/rest/ServiceRESTUtil.java
b/security-admin/src/main/java/org/apache/ranger/rest/ServiceRESTUtil.java
index 4385573b6..60e34c0c7 100644
--- a/security-admin/src/main/java/org/apache/ranger/rest/ServiceRESTUtil.java
+++ b/security-admin/src/main/java/org/apache/ranger/rest/ServiceRESTUtil.java
@@ -95,31 +95,6 @@ public class ServiceRESTUtil {
// remove all existing privileges for users and groups
if (revokeRequest.getReplaceExistingPermissions()) {
policyUpdated =
removeUsersGroupsAndRolesFromPolicy(existingRangerPolicy,
revokeRequest.getUsers(), revokeRequest.getGroups(), revokeRequest.getRoles());
-
- // handling hbase shell revoke access for users
- if
(CollectionUtils.isNotEmpty(revokeRequest.getUsers()) ||
CollectionUtils.isNotEmpty(revokeRequest.getGroups())
- ||
CollectionUtils.isNotEmpty(revokeRequest.getRoles())) {
- RangerPolicy appliedPolicy = new RangerPolicy();
- RangerPolicy.RangerPolicyItem
deniedRangerPolicyItem = new RangerPolicy.RangerPolicyItem();
-
- deniedRangerPolicyItem.setDelegateAdmin(false);
-
deniedRangerPolicyItem.getUsers().addAll(revokeRequest.getUsers());
-
deniedRangerPolicyItem.getGroups().addAll(revokeRequest.getGroups());
-
deniedRangerPolicyItem.getRoles().addAll(revokeRequest.getRoles());
-
- List<RangerPolicy.RangerPolicyItemAccess>
deniedRangerPolicyItemAccess = new
ArrayList<RangerPolicy.RangerPolicyItemAccess>();
-
- Set<String> deniedPolicyItemAccessType =
revokeRequest.getAccessTypes();
- for (String accessType :
deniedPolicyItemAccessType) {
- deniedRangerPolicyItemAccess.add(new
RangerPolicy.RangerPolicyItemAccess(accessType, true));
- }
-
-
deniedRangerPolicyItem.setAccesses(deniedRangerPolicyItemAccess);
-
-
appliedPolicy.getDenyPolicyItems().add(deniedRangerPolicyItem);
- processApplyPolicy(existingRangerPolicy,
appliedPolicy);
- policyUpdated = true;
- }
} else {
//Build a policy and set up policyItem in it to mimic
revoke request
RangerPolicy appliedRangerPolicy = new RangerPolicy();
@@ -1086,7 +1061,6 @@ public class ServiceRESTUtil {
boolean policyUpdated = false;
List<RangerPolicy.RangerPolicyItem> policyItems =
policy.getPolicyItems();
- List<RangerPolicy.RangerPolicyItem> denyPolicyItems =
policy.getDenyPolicyItems();
int numOfItems = policyItems.size();
@@ -1120,37 +1094,6 @@ public class ServiceRESTUtil {
}
}
- for (int i = 0; i < denyPolicyItems.size(); i++) {
- RangerPolicy.RangerPolicyItem policyItem =
denyPolicyItems.get(i);
-
- if (CollectionUtils.containsAny(policyItem.getUsers(),
users)) {
- policyItem.getUsers().removeAll(users);
-
- policyUpdated = true;
- }
-
- if (CollectionUtils.containsAny(policyItem.getGroups(),
groups)) {
- policyItem.getGroups().removeAll(groups);
-
- policyUpdated = true;
- }
-
- if (CollectionUtils.containsAny(policyItem.getRoles(),
roles)) {
- policyItem.getRoles().removeAll(roles);
-
- policyUpdated = true;
- }
-
- if (CollectionUtils.isEmpty(policyItem.getUsers()) &&
CollectionUtils.isEmpty(policyItem.getGroups())
- &&
CollectionUtils.isEmpty(policyItem.getRoles())) {
- denyPolicyItems.remove(i);
- numOfItems--;
- i--;
-
- policyUpdated = true;
- }
- }
-
return policyUpdated;
}
