This is an automated email from the ASF dual-hosted git repository.
madhan pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/ranger.git
The following commit(s) were added to refs/heads/master by this push:
new 87b7bb96c RANGER-4697: increment GDS version of services when a
security zone is updated
87b7bb96c is described below
commit 87b7bb96c9653b6bae3e35804083ed066909f59a
Author: Anand Nadar <[email protected]>
AuthorDate: Wed Feb 14 13:29:46 2024 -0800
RANGER-4697: increment GDS version of services when a security zone is
updated
Signed-off-by: Madhan Neethiraj <[email protected]>
---
.../org/apache/ranger/plugin/store/GdsStore.java | 2 +-
.../java/org/apache/ranger/biz/GdsDBStore.java | 34 +++++++++++++++++-----
.../service/RangerSecurityZoneServiceService.java | 2 +-
3 files changed, 28 insertions(+), 10 deletions(-)
diff --git
a/agents-common/src/main/java/org/apache/ranger/plugin/store/GdsStore.java
b/agents-common/src/main/java/org/apache/ranger/plugin/store/GdsStore.java
old mode 100644
new mode 100755
index 0dad263d9..976fa4989
--- a/agents-common/src/main/java/org/apache/ranger/plugin/store/GdsStore.java
+++ b/agents-common/src/main/java/org/apache/ranger/plugin/store/GdsStore.java
@@ -137,5 +137,5 @@ public interface GdsStore {
void deleteAllGdsObjectsForSecurityZone(Long zoneId) throws Exception;
- void deleteAllGdsObjectsForServicesInSecurityZone(Collection<String>
serviceNames, Long zoneId) throws Exception;
+ void onSecurityZoneUpdate(Long zoneId, Collection<String> updatedServices,
Collection<String> removedServices) throws Exception;
}
diff --git a/security-admin/src/main/java/org/apache/ranger/biz/GdsDBStore.java
b/security-admin/src/main/java/org/apache/ranger/biz/GdsDBStore.java
index 4fa9c48df..a1a2f9920 100755
--- a/security-admin/src/main/java/org/apache/ranger/biz/GdsDBStore.java
+++ b/security-admin/src/main/java/org/apache/ranger/biz/GdsDBStore.java
@@ -1230,19 +1230,37 @@ public class GdsDBStore extends AbstractGdsStore {
}
@Override
- public void
deleteAllGdsObjectsForServicesInSecurityZone(Collection<String> serviceNames,
Long zoneId) {
- LOG.debug("==> deleteAllGdsObjectsForServicesInSecurityZone({}, {})",
serviceNames, zoneId);
+ public void onSecurityZoneUpdate(Long zoneId, Collection<String>
updatedServices, Collection<String> removedServices) {
+ LOG.debug("==> onSecurityZoneUpdate({}, {}, {})", zoneId,
updatedServices, removedServices);
- if (zoneId != null && CollectionUtils.isNotEmpty(serviceNames)) {
- XXServiceDao serviceDao = daoMgr.getXXService();
- XXGdsDataShareDao dataShareDao = daoMgr.getXXGdsDataShare();
+ XXServiceDao serviceDao = daoMgr.getXXService();
+ XXGdsDataShareDao dataShareDao = daoMgr.getXXGdsDataShare();
- for (String serviceName : serviceNames) {
+ if (zoneId != null && CollectionUtils.isNotEmpty(updatedServices)) {
+ for (String serviceName : updatedServices) {
Long serviceId = serviceDao.findIdByName(serviceName);
if (serviceId == null) {
- LOG.warn("deleteAllGdsObjectsForServicesInSecurityZone():
invalid service name={}. Ignored", serviceName);
+ LOG.warn("onSecurityZoneUpdate(): updatedServices invalid
service name={}. Ignored", serviceName);
+ continue;
+ }
+
+ List<XXGdsDataShare> dataShares =
dataShareDao.findByServiceIdAndZoneId(serviceId, zoneId);
+
+ if (CollectionUtils.isEmpty(dataShares)) {
+ continue;
+ }
+
+ updateGdsVersionForService(serviceId);
+ }
+ }
+ if (zoneId != null && CollectionUtils.isNotEmpty(removedServices)) {
+ for (String serviceName : removedServices) {
+ Long serviceId = serviceDao.findIdByName(serviceName);
+
+ if (serviceId == null) {
+ LOG.warn("onSecurityZoneUpdate(): removedServices invalid
service name={}. Ignored", serviceName);
continue;
}
@@ -1262,7 +1280,7 @@ public class GdsDBStore extends AbstractGdsStore {
}
}
- LOG.debug("<== deleteAllGdsObjectsForServicesInSecurityZone({}, {})",
serviceNames, zoneId);
+ LOG.debug("<== onSecurityZoneUpdate({}, {}, {})", zoneId,
updatedServices, removedServices);
}
public ServiceGdsInfo getGdsInfoIfUpdated(String serviceName, Long
lastKnownVersion) throws Exception {
diff --git
a/security-admin/src/main/java/org/apache/ranger/service/RangerSecurityZoneServiceService.java
b/security-admin/src/main/java/org/apache/ranger/service/RangerSecurityZoneServiceService.java
old mode 100644
new mode 100755
index 25567c727..a6cb2ae74
---
a/security-admin/src/main/java/org/apache/ranger/service/RangerSecurityZoneServiceService.java
+++
b/security-admin/src/main/java/org/apache/ranger/service/RangerSecurityZoneServiceService.java
@@ -231,7 +231,7 @@ public class RangerSecurityZoneServiceService extends
RangerSecurityZoneServiceB
serviceDBStore.deleteZonePolicies(deletedTagServiceNames,
ret.getId());
-
gdsStore.deleteAllGdsObjectsForServicesInSecurityZone(deletedServiceNames,
ret.getId());
+ gdsStore.onSecurityZoneUpdate(ret.getId(), updatedServiceNames,
deletedServiceNames);
oldServiceNames.addAll(updatedServiceNames);
updateServiceInfos(oldServiceNames);
