ranger-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From prad...@apache.org
Subject ranger git commit: RANGER-1748 : User is unable to update existing policy while importing policy from file
Date Wed, 27 Sep 2017 04:22:14 GMT
Repository: ranger
Updated Branches:
  refs/heads/ranger-0.7 bd0e82555 -> 90ed7025d


RANGER-1748 : User is unable to update existing policy while importing policy from file

Signed-off-by: pradeep <pradeep@apache.org>


Project: http://git-wip-us.apache.org/repos/asf/ranger/repo
Commit: http://git-wip-us.apache.org/repos/asf/ranger/commit/90ed7025
Tree: http://git-wip-us.apache.org/repos/asf/ranger/tree/90ed7025
Diff: http://git-wip-us.apache.org/repos/asf/ranger/diff/90ed7025

Branch: refs/heads/ranger-0.7
Commit: 90ed7025d9abfdd98b72349bf54b19957065a5e2
Parents: bd0e825
Author: Bhavik Patel <bhavikpatel552@gmail.com>
Authored: Mon Sep 25 12:31:16 2017 +0530
Committer: pradeep <pradeep@apache.org>
Committed: Wed Sep 27 09:51:50 2017 +0530

----------------------------------------------------------------------
 .../org/apache/ranger/rest/ServiceREST.java     | 81 +++++++++++++++++++-
 1 file changed, 77 insertions(+), 4 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/ranger/blob/90ed7025/security-admin/src/main/java/org/apache/ranger/rest/ServiceREST.java
----------------------------------------------------------------------
diff --git a/security-admin/src/main/java/org/apache/ranger/rest/ServiceREST.java b/security-admin/src/main/java/org/apache/ranger/rest/ServiceREST.java
index 5fa114d..3703d1f 100644
--- a/security-admin/src/main/java/org/apache/ranger/rest/ServiceREST.java
+++ b/security-admin/src/main/java/org/apache/ranger/rest/ServiceREST.java
@@ -2018,21 +2018,34 @@ public class ServiceREST {
 						}
 					}
 					String updateIfExists = request.getParameter(PARAM_UPDATE_IF_EXISTS);
+					String polResource = request.getParameter(SearchFilter.POL_RESOURCE);
 					if (updateIfExists == null || updateIfExists.isEmpty()) {
 						updateIfExists = "false";
 					} else if (updateIfExists.equalsIgnoreCase("true")) {
 						isOverride = false;
 					}
 
-					if (isOverride && updateIfExists.equalsIgnoreCase("false")){
+					if (isOverride && "false".equalsIgnoreCase(updateIfExists) && StringUtils.isEmpty(polResource))
{
 						if (LOG.isDebugEnabled()) {
 							LOG.debug("Deleting Policy from provided services in servicesMapJson file...");
 						}
-						if (CollectionUtils.isNotEmpty(sourceServices) && CollectionUtils.isNotEmpty(destinationServices)){
-							deletePoliciesProvidedInServiceMap(sourceServices,
-									destinationServices, null);
+						if (CollectionUtils.isNotEmpty(sourceServices)
+								&& CollectionUtils.isNotEmpty(destinationServices)) {
+							deletePoliciesProvidedInServiceMap(sourceServices, destinationServices, null);
 						}
 					}
+					if ("true".equalsIgnoreCase(updateIfExists) && StringUtils.isNotEmpty(polResource))
{
+						if (LOG.isDebugEnabled()) {
+							LOG.debug(
+									"Deleting Policy from provided services in servicesMapJson file for specific resource...");
+						}
+						if (CollectionUtils.isNotEmpty(sourceServices)
+								&& CollectionUtils.isNotEmpty(destinationServices)) {
+							deletePoliciesForResource(sourceServices, destinationServices, polResource, request,
+									policies);
+						}
+					}
+
 					if (policies != null && !CollectionUtils.sizeIsEmpty(policies)){
 						for (RangerPolicy policyInJson: policies){
 							if (policyInJson != null){
@@ -2264,6 +2277,66 @@ public class ServiceREST {
 		}
 	}
 
+	private void deletePoliciesForResource(List<String> sourceServices, List<String>
destinationServices,
+			String resource, HttpServletRequest request, List<RangerPolicy> exportPolicies)
{
+		int totalDeletedPilicies = 0;
+		if (CollectionUtils.isNotEmpty(sourceServices) && CollectionUtils.isNotEmpty(destinationServices))
{
+			Set<String> exportedPolicyNames = new HashSet<String>();
+			if (CollectionUtils.isNotEmpty(exportPolicies)) {
+				for (RangerPolicy rangerPolicy : exportPolicies) {
+					if (rangerPolicy != null) {
+						exportedPolicyNames.add(rangerPolicy.getName());
+					}
+				}
+			}
+			for (int i = 0; i < sourceServices.size(); i++) {
+				if (!destinationServices.get(i).isEmpty()) {
+					RangerPolicyList servicePolicies = null;
+					servicePolicies = getServicePoliciesByName(destinationServices.get(i), request);
+					if (servicePolicies != null) {
+						List<RangerPolicy> rangerPolicyList = servicePolicies.getPolicies();
+						if (CollectionUtils.isNotEmpty(rangerPolicyList)) {
+							for (RangerPolicy rangerPolicy : rangerPolicyList) {
+								if (rangerPolicy != null) {
+									Map<String, RangerPolicy.RangerPolicyResource> rangerPolicyResourceMap = rangerPolicy
+											.getResources();
+									if (rangerPolicyResourceMap != null) {
+										RangerPolicy.RangerPolicyResource rangerPolicyResource = null;
+										if (rangerPolicyResourceMap.containsKey("path")) {
+											rangerPolicyResource = rangerPolicyResourceMap.get("path");
+										} else if (rangerPolicyResourceMap.containsKey("database")) {
+											rangerPolicyResource = rangerPolicyResourceMap.get("database");
+										}
+										if (rangerPolicyResource != null) {
+											if (CollectionUtils.isNotEmpty(rangerPolicyResource.getValues())
+													&& rangerPolicyResource.getValues().size() > 1) {
+												continue;
+											}
+										}
+									}
+									if (rangerPolicy.getId() != null) {
+										if (!exportedPolicyNames.contains(rangerPolicy.getName())) {
+											deletePolicy(rangerPolicy.getId());
+											if (LOG.isDebugEnabled()) {
+												LOG.debug(
+														"Policy " + rangerPolicy.getName() + " deleted successfully.");
+											}
+											totalDeletedPilicies = totalDeletedPilicies + 1;
+										}
+									}
+								}
+							}
+						}
+					}
+				}
+			}
+		}
+		if (LOG.isDebugEnabled()) {
+			LOG.debug("Total Deleted Policy : " + totalDeletedPilicies);
+		}
+	}
+
+
 	public List<RangerPolicy> getPolicies(SearchFilter filter) {
 		if(LOG.isDebugEnabled()) {
 			LOG.debug("==> ServiceREST.getPolicies(filter)");


Mime
View raw message