This is an automated email from the ASF dual-hosted git repository.
madhan pushed a commit to branch RANGER-3923
in repository https://gitbox.apache.org/repos/asf/ranger.git
The following commit(s) were added to refs/heads/RANGER-3923 by this push:
new 6de7d4cce RANGER-4541: fix to allow users with Ranger admin privilege
to update status of RangerDataShareInDataset
6de7d4cce is described below
commit 6de7d4ccef26b539777c4c153fe15cf8e1aa732e
Author: prashant <[email protected]>
AuthorDate: Tue Nov 21 15:46:38 2023 +0530
RANGER-4541: fix to allow users with Ranger admin privilege to update
status of RangerDataShareInDataset
Signed-off-by: Madhan Neethiraj <[email protected]>
---
.../ranger/plugin/errors/ValidationErrorCode.java | 1 +
.../ranger/validation/RangerGdsValidator.java | 45 ++++++++++++++++++----
2 files changed, 38 insertions(+), 8 deletions(-)
diff --git
a/agents-common/src/main/java/org/apache/ranger/plugin/errors/ValidationErrorCode.java
b/agents-common/src/main/java/org/apache/ranger/plugin/errors/ValidationErrorCode.java
index 682956b03..03de8e023 100644
---
a/agents-common/src/main/java/org/apache/ranger/plugin/errors/ValidationErrorCode.java
+++
b/agents-common/src/main/java/org/apache/ranger/plugin/errors/ValidationErrorCode.java
@@ -162,6 +162,7 @@ public enum ValidationErrorCode {
GDS_VALIDATION_ERR_DATA_SHARE_IN_DATASET_ID_NOT_FOUND(4124, "Data
share-in-dataset with ID [{0}] does not exist"),
GDS_VALIDATION_ERR_INVALID_STATUS_CHANGE(4125, "invalid status change from
[{0}] to [{1}]"),
GDS_VALIDATION_ERR_UPDATE_IMMUTABLE_FIELD(4126, "[{0}] can't be updated"),
+ GDS_VALIDATION_ERR_DATASET_IN_PROJECT_ID_NOT_FOUND(4127,
"Dataset-in-project with ID [{0}] does not exist"),
;
diff --git
a/security-admin/src/main/java/org/apache/ranger/validation/RangerGdsValidator.java
b/security-admin/src/main/java/org/apache/ranger/validation/RangerGdsValidator.java
index 6c55fd029..d0a1142f6 100755
---
a/security-admin/src/main/java/org/apache/ranger/validation/RangerGdsValidator.java
+++
b/security-admin/src/main/java/org/apache/ranger/validation/RangerGdsValidator.java
@@ -320,8 +320,8 @@ public class RangerGdsValidator {
result.addValidationFailure(new
ValidationFailureDetails(ValidationErrorCode.GDS_VALIDATION_ERR_DATASET_ID_NOT_FOUND,
"datasetId", dshInDataset.getDatasetId()));
}
- if (dataShare != null && dataset != null) {
- if (!dataProvider.isAdminUser() &&
!dataProvider.isServiceAdmin(dataShare.getService()) &&
!dataProvider.isZoneAdmin(dataShare.getZone())) {
+ if (dataShare != null && dataset != null &&
!dataProvider.isAdminUser()) {
+ if (!dataProvider.isServiceAdmin(dataShare.getService()) &&
!dataProvider.isZoneAdmin(dataShare.getZone())) {
validateAdmin(dataProvider.getCurrentUserLoginId(),
"datashare", dataShare.getName(), dataShare.getAcl(), result);
}
@@ -381,7 +381,7 @@ public class RangerGdsValidator {
dataset = null;
}
- if (dataShare != null && dataset != null) {
+ if (dataShare != null && dataset != null &&
!dataProvider.isAdminUser()) {
boolean requireDataShareAdmin = false;
boolean requireDatasetAdmin = false;
@@ -484,10 +484,10 @@ public class RangerGdsValidator {
}
if (project == null) {
- result.addValidationFailure(new
ValidationFailureDetails(ValidationErrorCode.GDS_VALIDATION_ERR_PROJECT_ID_NOT_FOUND,
"project", dsInProject.getProjectId()));
+ result.addValidationFailure(new
ValidationFailureDetails(ValidationErrorCode.GDS_VALIDATION_ERR_PROJECT_ID_NOT_FOUND,
"projectId", dsInProject.getProjectId()));
}
- if (dataset != null && project != null) {
+ if (dataset != null && project != null && !dataProvider.isAdminUser())
{
switch (dsInProject.getStatus()) {
case GRANTED:
case DENIED:
@@ -516,9 +516,21 @@ public class RangerGdsValidator {
public void validateUpdate(RangerDatasetInProject dsInProject,
RangerDatasetInProject existing) {
LOG.debug("==> validateUpdate(dsInProject={}, existing={})",
dsInProject, existing);
- ValidationResult result = new ValidationResult();
+ ValidationResult result = new ValidationResult();
+ RangerDataset dataset =
dataProvider.getDataset(dsInProject.getDatasetId());
+ RangerProject project =
dataProvider.getProject(dsInProject.getProjectId());
+
+ if (dataset == null) {
+ result.addValidationFailure(new
ValidationFailureDetails(ValidationErrorCode.GDS_VALIDATION_ERR_DATASET_ID_NOT_FOUND,
"datasetId", dsInProject.getDatasetId()));
+ }
+
+ if (project == null) {
+ result.addValidationFailure(new
ValidationFailureDetails(ValidationErrorCode.GDS_VALIDATION_ERR_PROJECT_ID_NOT_FOUND,
"projectId", dsInProject.getProjectId()));
+ }
- // TODO:
+ if (dataset != null && project != null && !dataProvider.isAdminUser())
{
+ // TODO:
+ }
if (!result.isSuccess()) {
result.throwRESTException();
@@ -532,7 +544,24 @@ public class RangerGdsValidator {
ValidationResult result = new ValidationResult();
- // TODO:
+ if (existing == null) {
+ result.addValidationFailure(new
ValidationFailureDetails(ValidationErrorCode.GDS_VALIDATION_ERR_DATASET_IN_PROJECT_ID_NOT_FOUND,
"id", dsInProjectId));
+ } else {
+ RangerDataset dataset =
dataProvider.getDataset(existing.getDatasetId());
+ RangerProject project =
dataProvider.getProject(existing.getProjectId());
+
+ if (dataset == null) {
+ result.addValidationFailure(new
ValidationFailureDetails(ValidationErrorCode.GDS_VALIDATION_ERR_DATASET_ID_NOT_FOUND,
"datasetId", existing.getDatasetId()));
+ }
+
+ if (project == null) {
+ result.addValidationFailure(new
ValidationFailureDetails(ValidationErrorCode.GDS_VALIDATION_ERR_PROJECT_ID_NOT_FOUND,
"projectId", existing.getProjectId()));
+ }
+
+ if (dataset != null && project != null &&
!dataProvider.isAdminUser()) {
+ // TODO: must be either a dataset admin or project admin
+ }
+ }
if (!result.isSuccess()) {
result.throwRESTException();
