Repository: ranger Updated Branches: refs/heads/master bf7a8bbde -> 0f0bfc6dc
RANGER-1612 : When servicedef is accessed, def_options property "enableDenyAndExceptionsInPolicies" is returned as "false" if there is no value set for it. Change-Id: Icb63b00e09412544ae5eabc745cf7c99af435362 Project: http://git-wip-us.apache.org/repos/asf/ranger/repo Commit: http://git-wip-us.apache.org/repos/asf/ranger/commit/0f0bfc6d Tree: http://git-wip-us.apache.org/repos/asf/ranger/tree/0f0bfc6d Diff: http://git-wip-us.apache.org/repos/asf/ranger/diff/0f0bfc6d Branch: refs/heads/master Commit: 0f0bfc6dcece0c19d353cc54c5d08416afa38493 Parents: bf7a8bb Author: pradeep <prad...@apache.org> Authored: Fri May 26 16:59:22 2017 +0530 Committer: pradeep <prad...@apache.org> Committed: Fri May 26 17:55:18 2017 +0530 ---------------------------------------------------------------------- NOTICE.txt | 1 - .../PatchForHiveServiceDefUpdate_J10006.java | 68 ++++++++++++++++++ .../PatchForHiveServiceDefUpdate_J10007.java | 75 +++++++++++++++++++- 3 files changed, 140 insertions(+), 4 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/ranger/blob/0f0bfc6d/NOTICE.txt ---------------------------------------------------------------------- diff --git a/NOTICE.txt b/NOTICE.txt index 0cd1f15..f6c41f3 100644 --- a/NOTICE.txt +++ b/NOTICE.txt @@ -2,6 +2,5 @@ Apache Ranger Copyright 2014-2017 The Apache Software Foundation This product includes software developed at The Apache Software Foundation (http://www.apache.org/). -This product includes json2.js (https://github.com/douglascrockford/JSON-js - Public Domain license) by Douglas Crockford This product includes Font Awesome 3.2.1 (http://fontawesome.io/ - SIL Open Font License (OFL) licensee) by Dave Gandy This product includes software developed by Spring Security Project (http://www.springframework.org/security) http://git-wip-us.apache.org/repos/asf/ranger/blob/0f0bfc6d/security-admin/src/main/java/org/apache/ranger/patch/PatchForHiveServiceDefUpdate_J10006.java ---------------------------------------------------------------------- diff --git a/security-admin/src/main/java/org/apache/ranger/patch/PatchForHiveServiceDefUpdate_J10006.java b/security-admin/src/main/java/org/apache/ranger/patch/PatchForHiveServiceDefUpdate_J10006.java index 7d6a23d..348969a 100644 --- a/security-admin/src/main/java/org/apache/ranger/patch/PatchForHiveServiceDefUpdate_J10006.java +++ b/security-admin/src/main/java/org/apache/ranger/patch/PatchForHiveServiceDefUpdate_J10006.java @@ -17,7 +17,9 @@ package org.apache.ranger.patch; +import org.apache.commons.lang.StringUtils; import org.apache.log4j.Logger; +import org.apache.ranger.entity.XXServiceDef; import org.apache.ranger.biz.RangerBizUtil; import org.apache.ranger.biz.ServiceDBStore; import org.apache.ranger.common.JSONUtil; @@ -37,6 +39,9 @@ import org.apache.ranger.util.CLIUtil; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.stereotype.Component; +import java.util.HashMap; +import java.util.Map; + @Component public class PatchForHiveServiceDefUpdate_J10006 extends BaseLoader { private static final Logger logger = Logger.getLogger(PatchForHiveServiceDefUpdate_J10006.class); @@ -114,9 +119,18 @@ public class PatchForHiveServiceDefUpdate_J10006 extends BaseLoader { RangerServiceDef dbHiveServiceDef = null; RangerDataMaskDef dataMaskDef = null; RangerRowFilterDef rowFilterDef = null; + XXServiceDef xXServiceDefObj = null; try{ embeddedHiveServiceDef=EmbeddedServiceDefsUtil.instance().getEmbeddedServiceDef(SERVICEDBSTORE_SERVICEDEFBYNAME_HIVE_NAME); if(embeddedHiveServiceDef!=null){ + xXServiceDefObj = daoMgr.getXXServiceDef().findByName(SERVICEDBSTORE_SERVICEDEFBYNAME_HIVE_NAME); + Map<String, String> serviceDefOptionsPreUpdate=null; + String jsonStrPreUpdate=null; + if(xXServiceDefObj!=null) { + jsonStrPreUpdate=xXServiceDefObj.getDefOptions(); + serviceDefOptionsPreUpdate=jsonStringToMap(jsonStrPreUpdate); + xXServiceDefObj=null; + } dataMaskDef= embeddedHiveServiceDef.getDataMaskDef(); rowFilterDef= embeddedHiveServiceDef.getRowFilterDef(); @@ -137,6 +151,23 @@ public class PatchForHiveServiceDefUpdate_J10006 extends BaseLoader { logger.error("Error while updating "+SERVICEDBSTORE_SERVICEDEFBYNAME_HIVE_NAME+"service-def"); System.exit(1); } + xXServiceDefObj = daoMgr.getXXServiceDef().findByName(SERVICEDBSTORE_SERVICEDEFBYNAME_HIVE_NAME); + if(xXServiceDefObj!=null) { + String jsonStrPostUpdate=xXServiceDefObj.getDefOptions(); + Map<String, String> serviceDefOptionsPostUpdate=jsonStringToMap(jsonStrPostUpdate); + if (serviceDefOptionsPostUpdate != null && serviceDefOptionsPostUpdate.containsKey(RangerServiceDef.OPTION_ENABLE_DENY_AND_EXCEPTIONS_IN_POLICIES)) { + if(serviceDefOptionsPreUpdate == null || !serviceDefOptionsPreUpdate.containsKey(RangerServiceDef.OPTION_ENABLE_DENY_AND_EXCEPTIONS_IN_POLICIES)) { + String preUpdateValue = serviceDefOptionsPreUpdate == null ? null : serviceDefOptionsPreUpdate.get(RangerServiceDef.OPTION_ENABLE_DENY_AND_EXCEPTIONS_IN_POLICIES); + if (preUpdateValue == null) { + serviceDefOptionsPostUpdate.remove(RangerServiceDef.OPTION_ENABLE_DENY_AND_EXCEPTIONS_IN_POLICIES); + } else { + serviceDefOptionsPostUpdate.put(RangerServiceDef.OPTION_ENABLE_DENY_AND_EXCEPTIONS_IN_POLICIES, preUpdateValue); + } + xXServiceDefObj.setDefOptions(mapToJsonString(serviceDefOptionsPostUpdate)); + daoMgr.getXXServiceDef().update(xXServiceDefObj); + } + } + } } } }catch(Exception e) @@ -144,4 +175,41 @@ public class PatchForHiveServiceDefUpdate_J10006 extends BaseLoader { logger.error("Error while updating "+SERVICEDBSTORE_SERVICEDEFBYNAME_HIVE_NAME+"service-def", e); } } + private String mapToJsonString(Map<String, String> map) { + String ret = null; + if(map != null) { + try { + ret = jsonUtil.readMapToString(map); + } catch(Exception excp) { + logger.warn("mapToJsonString() failed to convert map: " + map, excp); + } + } + return ret; + } + protected Map<String, String> jsonStringToMap(String jsonStr) { + Map<String, String> ret = null; + if(!StringUtils.isEmpty(jsonStr)) { + try { + ret = jsonUtil.jsonToMap(jsonStr); + } catch(Exception excp) { + // fallback to earlier format: "name1=value1;name2=value2" + for(String optionString : jsonStr.split(";")) { + if(StringUtils.isEmpty(optionString)) { + continue; + } + String[] nvArr = optionString.split("="); + String name = (nvArr != null && nvArr.length > 0) ? nvArr[0].trim() : null; + String value = (nvArr != null && nvArr.length > 1) ? nvArr[1].trim() : null; + if(StringUtils.isEmpty(name)) { + continue; + } + if(ret == null) { + ret = new HashMap<String, String>(); + } + ret.put(name, value); + } + } + } + return ret; + } } \ No newline at end of file http://git-wip-us.apache.org/repos/asf/ranger/blob/0f0bfc6d/security-admin/src/main/java/org/apache/ranger/patch/PatchForHiveServiceDefUpdate_J10007.java ---------------------------------------------------------------------- diff --git a/security-admin/src/main/java/org/apache/ranger/patch/PatchForHiveServiceDefUpdate_J10007.java b/security-admin/src/main/java/org/apache/ranger/patch/PatchForHiveServiceDefUpdate_J10007.java index e0c6a65..e4bcdfa 100644 --- a/security-admin/src/main/java/org/apache/ranger/patch/PatchForHiveServiceDefUpdate_J10007.java +++ b/security-admin/src/main/java/org/apache/ranger/patch/PatchForHiveServiceDefUpdate_J10007.java @@ -17,6 +17,7 @@ package org.apache.ranger.patch; +import org.apache.commons.lang.StringUtils; import org.apache.log4j.Logger; import org.apache.ranger.biz.RangerBizUtil; import org.apache.ranger.biz.ServiceDBStore; @@ -34,8 +35,10 @@ import org.apache.ranger.service.XPolicyService; import org.apache.ranger.util.CLIUtil; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.stereotype.Component; - +import org.apache.ranger.entity.XXServiceDef; +import java.util.HashMap; import java.util.List; +import java.util.Map; @Component public class PatchForHiveServiceDefUpdate_J10007 extends BaseLoader { @@ -116,11 +119,19 @@ public class PatchForHiveServiceDefUpdate_J10007 extends BaseLoader { RangerServiceDef dbHiveServiceDef = null; List<RangerServiceDef.RangerResourceDef> embeddedHiveResourceDefs = null; List<RangerServiceDef.RangerAccessTypeDef> embeddedHiveAccessTypes = null; - + XXServiceDef xXServiceDefObj = null; try{ embeddedHiveServiceDef=EmbeddedServiceDefsUtil.instance().getEmbeddedServiceDef(SERVICEDBSTORE_SERVICEDEFBYNAME_HIVE_NAME); if(embeddedHiveServiceDef!=null){ + xXServiceDefObj = daoMgr.getXXServiceDef().findByName(SERVICEDBSTORE_SERVICEDEFBYNAME_HIVE_NAME); + Map<String, String> serviceDefOptionsPreUpdate=null; + String jsonStrPreUpdate=null; + if(xXServiceDefObj!=null) { + jsonStrPreUpdate=xXServiceDefObj.getDefOptions(); + serviceDefOptionsPreUpdate=jsonStringToMap(jsonStrPreUpdate); + xXServiceDefObj=null; + } dbHiveServiceDef=svcDBStore.getServiceDefByName(SERVICEDBSTORE_SERVICEDEFBYNAME_HIVE_NAME); if(dbHiveServiceDef!=null){ @@ -133,7 +144,9 @@ public class PatchForHiveServiceDefUpdate_J10007 extends BaseLoader { dbHiveServiceDef.setResources(embeddedHiveResourceDefs); } if (embeddedHiveAccessTypes != null) { - dbHiveServiceDef.setAccessTypes(embeddedHiveAccessTypes); + if(!embeddedHiveAccessTypes.toString().equalsIgnoreCase(dbHiveServiceDef.getAccessTypes().toString())) { + dbHiveServiceDef.setAccessTypes(embeddedHiveAccessTypes); + } } } @@ -145,6 +158,23 @@ public class PatchForHiveServiceDefUpdate_J10007 extends BaseLoader { logger.error("Error while updating "+SERVICEDBSTORE_SERVICEDEFBYNAME_HIVE_NAME+"service-def"); throw new RuntimeException("Error while updating "+SERVICEDBSTORE_SERVICEDEFBYNAME_HIVE_NAME+"service-def"); } + xXServiceDefObj = daoMgr.getXXServiceDef().findByName(SERVICEDBSTORE_SERVICEDEFBYNAME_HIVE_NAME); + if(xXServiceDefObj!=null) { + String jsonStrPostUpdate=xXServiceDefObj.getDefOptions(); + Map<String, String> serviceDefOptionsPostUpdate=jsonStringToMap(jsonStrPostUpdate); + if (serviceDefOptionsPostUpdate != null && serviceDefOptionsPostUpdate.containsKey(RangerServiceDef.OPTION_ENABLE_DENY_AND_EXCEPTIONS_IN_POLICIES)) { + if(serviceDefOptionsPreUpdate == null || !serviceDefOptionsPreUpdate.containsKey(RangerServiceDef.OPTION_ENABLE_DENY_AND_EXCEPTIONS_IN_POLICIES)) { + String preUpdateValue = serviceDefOptionsPreUpdate == null ? null : serviceDefOptionsPreUpdate.get(RangerServiceDef.OPTION_ENABLE_DENY_AND_EXCEPTIONS_IN_POLICIES); + if (preUpdateValue == null) { + serviceDefOptionsPostUpdate.remove(RangerServiceDef.OPTION_ENABLE_DENY_AND_EXCEPTIONS_IN_POLICIES); + } else { + serviceDefOptionsPostUpdate.put(RangerServiceDef.OPTION_ENABLE_DENY_AND_EXCEPTIONS_IN_POLICIES, preUpdateValue); + } + xXServiceDefObj.setDefOptions(mapToJsonString(serviceDefOptionsPostUpdate)); + daoMgr.getXXServiceDef().update(xXServiceDefObj); + } + } + } } } }catch(Exception e) @@ -163,4 +193,43 @@ public class PatchForHiveServiceDefUpdate_J10007 extends BaseLoader { } return ret; } + + private String mapToJsonString(Map<String, String> map) { + String ret = null; + if(map != null) { + try { + ret = jsonUtil.readMapToString(map); + } catch(Exception excp) { + logger.warn("mapToJsonString() failed to convert map: " + map, excp); + } + } + return ret; + } + + protected Map<String, String> jsonStringToMap(String jsonStr) { + Map<String, String> ret = null; + if(!StringUtils.isEmpty(jsonStr)) { + try { + ret = jsonUtil.jsonToMap(jsonStr); + } catch(Exception excp) { + // fallback to earlier format: "name1=value1;name2=value2" + for(String optionString : jsonStr.split(";")) { + if(StringUtils.isEmpty(optionString)) { + continue; + } + String[] nvArr = optionString.split("="); + String name = (nvArr != null && nvArr.length > 0) ? nvArr[0].trim() : null; + String value = (nvArr != null && nvArr.length > 1) ? nvArr[1].trim() : null; + if(StringUtils.isEmpty(name)) { + continue; + } + if(ret == null) { + ret = new HashMap<String, String>(); + } + ret.put(name, value); + } + } + } + return ret; + } } \ No newline at end of file