This is an automated email from the ASF dual-hosted git repository. abhay pushed a commit to branch master in repository https://gitbox.apache.org/repos/asf/ranger.git
The following commit(s) were added to refs/heads/master by this push: new 2c29f06 RANGER-2659: Zone-based policies are not listed for USER_ROLE with delegate admin privilege 2c29f06 is described below commit 2c29f0623c3571fdfad5ddd918e87d8a2c7cd3a2 Author: Abhay Kulkarni <ab...@apache.org> AuthorDate: Tue Dec 3 18:29:32 2019 -0800 RANGER-2659: Zone-based policies are not listed for USER_ROLE with delegate admin privilege --- .../java/org/apache/ranger/biz/RangerPolicyAdminCache.java | 4 ++-- .../ranger/biz/RangerPolicyAdminCacheForEngineOptions.java | 6 +++--- .../src/main/java/org/apache/ranger/db/XXGlobalStateDao.java | 12 +++++++----- .../src/main/java/org/apache/ranger/rest/ServiceREST.java | 6 +++--- 4 files changed, 15 insertions(+), 13 deletions(-) diff --git a/security-admin/src/main/java/org/apache/ranger/biz/RangerPolicyAdminCache.java b/security-admin/src/main/java/org/apache/ranger/biz/RangerPolicyAdminCache.java index c6cd6b8..76dabb4 100644 --- a/security-admin/src/main/java/org/apache/ranger/biz/RangerPolicyAdminCache.java +++ b/security-admin/src/main/java/org/apache/ranger/biz/RangerPolicyAdminCache.java @@ -51,8 +51,8 @@ public class RangerPolicyAdminCache { final RangerPolicyAdmin getServicePoliciesAdmin(String serviceName, ServiceStore svcStore, RoleStore roleStore, SecurityZoneStore zoneStore, RangerPolicyEngineOptions options) { RangerPolicyAdmin ret = null; - if (serviceName == null || svcStore == null || roleStore == null) { - LOG.warn("Cannot get policy-admin for null serviceName or serviceStore or roleStore"); + if (serviceName == null || svcStore == null || roleStore == null || zoneStore == null) { + LOG.warn("Cannot get policy-admin for null serviceName or serviceStore or roleStore or zoneStore"); return ret; } diff --git a/security-admin/src/main/java/org/apache/ranger/biz/RangerPolicyAdminCacheForEngineOptions.java b/security-admin/src/main/java/org/apache/ranger/biz/RangerPolicyAdminCacheForEngineOptions.java index b6a1862..224bdc2 100644 --- a/security-admin/src/main/java/org/apache/ranger/biz/RangerPolicyAdminCacheForEngineOptions.java +++ b/security-admin/src/main/java/org/apache/ranger/biz/RangerPolicyAdminCacheForEngineOptions.java @@ -50,11 +50,11 @@ public class RangerPolicyAdminCacheForEngineOptions { return ret; } - public final RangerPolicyAdmin getServicePoliciesAdmin(String serviceName, ServiceStore svcStore, RoleStore roleStore, RangerPolicyEngineOptions options) { - return getServicePoliciesAdmin(serviceName, svcStore, roleStore, null, options); + public final RangerPolicyAdmin getServicePoliciesAdmin(String serviceName, ServiceStore svcStore, SecurityZoneStore zoneStore, RoleStore roleStore, RangerPolicyEngineOptions options) { + return getServicePoliciesAdmin(serviceName, svcStore, roleStore, zoneStore, options); } - public final RangerPolicyAdmin getServicePoliciesAdmin(String serviceName, ServiceStore svcStore, RoleStore roleStore, SecurityZoneStore zoneStore, RangerPolicyEngineOptions options) { + private RangerPolicyAdmin getServicePoliciesAdmin(String serviceName, ServiceStore svcStore, RoleStore roleStore, SecurityZoneStore zoneStore, RangerPolicyEngineOptions options) { RangerPolicyAdminCache policyAdminCache; synchronized (this) { diff --git a/security-admin/src/main/java/org/apache/ranger/db/XXGlobalStateDao.java b/security-admin/src/main/java/org/apache/ranger/db/XXGlobalStateDao.java index 65bb8ed..2e462bd 100644 --- a/security-admin/src/main/java/org/apache/ranger/db/XXGlobalStateDao.java +++ b/security-admin/src/main/java/org/apache/ranger/db/XXGlobalStateDao.java @@ -89,11 +89,13 @@ public class XXGlobalStateDao extends BaseDao<XXGlobalState> { Long ret = null; try { XXGlobalState globalState = findByStateName(stateName); - Map<String, String> roleVersionJson = new Gson().fromJson(globalState.getAppData(), Map.class); - if(MapUtils.isNotEmpty(roleVersionJson)) { - ret = Long.valueOf(roleVersionJson.get(APP_DATA_ENTRY_ROLE_VERSION)); - } else { - ret = 1L; + if (globalState != null) { + Map<String, String> roleVersionJson = new Gson().fromJson(globalState.getAppData(), Map.class); + if (MapUtils.isNotEmpty(roleVersionJson)) { + ret = Long.valueOf(roleVersionJson.get(APP_DATA_ENTRY_ROLE_VERSION)); + } else { + ret = 1L; + } } } catch (Exception exception) { if (logger.isDebugEnabled()) { diff --git a/security-admin/src/main/java/org/apache/ranger/rest/ServiceREST.java b/security-admin/src/main/java/org/apache/ranger/rest/ServiceREST.java index 2a2aa22..5a57ee0 100644 --- a/security-admin/src/main/java/org/apache/ranger/rest/ServiceREST.java +++ b/security-admin/src/main/java/org/apache/ranger/rest/ServiceREST.java @@ -3721,15 +3721,15 @@ public class ServiceREST { } public RangerPolicyAdmin getPolicyAdminForDelegatedAdmin(String serviceName) { - return RangerPolicyAdminCacheForEngineOptions.getInstance().getServicePoliciesAdmin(serviceName, svcStore, roleDBStore, delegateAdminOptions); + return RangerPolicyAdminCacheForEngineOptions.getInstance().getServicePoliciesAdmin(serviceName, svcStore, zoneStore, roleDBStore, delegateAdminOptions); } private RangerPolicyAdmin getPolicyAdminForSearch(String serviceName) { - return RangerPolicyAdminCacheForEngineOptions.getInstance().getServicePoliciesAdmin(serviceName, svcStore, roleDBStore, policySearchAdminOptions); + return RangerPolicyAdminCacheForEngineOptions.getInstance().getServicePoliciesAdmin(serviceName, svcStore, zoneStore, roleDBStore, policySearchAdminOptions); } private RangerPolicyAdmin getPolicyAdmin(String serviceName) { - return RangerPolicyAdminCacheForEngineOptions.getInstance().getServicePoliciesAdmin(serviceName, svcStore, roleDBStore, defaultAdminOptions); + return RangerPolicyAdminCacheForEngineOptions.getInstance().getServicePoliciesAdmin(serviceName, svcStore, zoneStore,roleDBStore, defaultAdminOptions); } @GET