This is an automated email from the ASF dual-hosted git repository.
abhay pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/ranger.git
The following commit(s) were added to refs/heads/master by this push:
new 2c29f06 RANGER-2659: Zone-based policies are not listed for USER_ROLE
with delegate admin privilege
2c29f06 is described below
commit 2c29f0623c3571fdfad5ddd918e87d8a2c7cd3a2
Author: Abhay Kulkarni <ab...@apache.org>
AuthorDate: Tue Dec 3 18:29:32 2019 -0800
RANGER-2659: Zone-based policies are not listed for USER_ROLE with delegate
admin privilege
---
.../java/org/apache/ranger/biz/RangerPolicyAdminCache.java | 4 ++--
.../ranger/biz/RangerPolicyAdminCacheForEngineOptions.java | 6 +++---
.../src/main/java/org/apache/ranger/db/XXGlobalStateDao.java | 12 +++++++-----
.../src/main/java/org/apache/ranger/rest/ServiceREST.java | 6 +++---
4 files changed, 15 insertions(+), 13 deletions(-)
diff --git
a/security-admin/src/main/java/org/apache/ranger/biz/RangerPolicyAdminCache.java
b/security-admin/src/main/java/org/apache/ranger/biz/RangerPolicyAdminCache.java
index c6cd6b8..76dabb4 100644
---
a/security-admin/src/main/java/org/apache/ranger/biz/RangerPolicyAdminCache.java
+++
b/security-admin/src/main/java/org/apache/ranger/biz/RangerPolicyAdminCache.java
@@ -51,8 +51,8 @@ public class RangerPolicyAdminCache {
final RangerPolicyAdmin getServicePoliciesAdmin(String serviceName,
ServiceStore svcStore, RoleStore roleStore, SecurityZoneStore zoneStore,
RangerPolicyEngineOptions options) {
RangerPolicyAdmin ret = null;
- if (serviceName == null || svcStore == null || roleStore ==
null) {
- LOG.warn("Cannot get policy-admin for null serviceName
or serviceStore or roleStore");
+ if (serviceName == null || svcStore == null || roleStore ==
null || zoneStore == null) {
+ LOG.warn("Cannot get policy-admin for null serviceName
or serviceStore or roleStore or zoneStore");
return ret;
}
diff --git
a/security-admin/src/main/java/org/apache/ranger/biz/RangerPolicyAdminCacheForEngineOptions.java
b/security-admin/src/main/java/org/apache/ranger/biz/RangerPolicyAdminCacheForEngineOptions.java
index b6a1862..224bdc2 100644
---
a/security-admin/src/main/java/org/apache/ranger/biz/RangerPolicyAdminCacheForEngineOptions.java
+++
b/security-admin/src/main/java/org/apache/ranger/biz/RangerPolicyAdminCacheForEngineOptions.java
@@ -50,11 +50,11 @@ public class RangerPolicyAdminCacheForEngineOptions {
return ret;
}
- public final RangerPolicyAdmin getServicePoliciesAdmin(String serviceName,
ServiceStore svcStore, RoleStore roleStore, RangerPolicyEngineOptions options) {
- return getServicePoliciesAdmin(serviceName, svcStore, roleStore, null,
options);
+ public final RangerPolicyAdmin getServicePoliciesAdmin(String serviceName,
ServiceStore svcStore, SecurityZoneStore zoneStore, RoleStore roleStore,
RangerPolicyEngineOptions options) {
+ return getServicePoliciesAdmin(serviceName, svcStore, roleStore,
zoneStore, options);
}
- public final RangerPolicyAdmin getServicePoliciesAdmin(String serviceName,
ServiceStore svcStore, RoleStore roleStore, SecurityZoneStore zoneStore,
RangerPolicyEngineOptions options) {
+ private RangerPolicyAdmin getServicePoliciesAdmin(String serviceName,
ServiceStore svcStore, RoleStore roleStore, SecurityZoneStore zoneStore,
RangerPolicyEngineOptions options) {
RangerPolicyAdminCache policyAdminCache;
synchronized (this) {
diff --git
a/security-admin/src/main/java/org/apache/ranger/db/XXGlobalStateDao.java
b/security-admin/src/main/java/org/apache/ranger/db/XXGlobalStateDao.java
index 65bb8ed..2e462bd 100644
--- a/security-admin/src/main/java/org/apache/ranger/db/XXGlobalStateDao.java
+++ b/security-admin/src/main/java/org/apache/ranger/db/XXGlobalStateDao.java
@@ -89,11 +89,13 @@ public class XXGlobalStateDao extends
BaseDao<XXGlobalState> {
Long ret = null;
try {
XXGlobalState globalState = findByStateName(stateName);
- Map<String, String> roleVersionJson = new
Gson().fromJson(globalState.getAppData(), Map.class);
- if(MapUtils.isNotEmpty(roleVersionJson)) {
- ret =
Long.valueOf(roleVersionJson.get(APP_DATA_ENTRY_ROLE_VERSION));
- } else {
- ret = 1L;
+ if (globalState != null) {
+ Map<String, String> roleVersionJson = new
Gson().fromJson(globalState.getAppData(), Map.class);
+ if (MapUtils.isNotEmpty(roleVersionJson)) {
+ ret =
Long.valueOf(roleVersionJson.get(APP_DATA_ENTRY_ROLE_VERSION));
+ } else {
+ ret = 1L;
+ }
}
} catch (Exception exception) {
if (logger.isDebugEnabled()) {
diff --git
a/security-admin/src/main/java/org/apache/ranger/rest/ServiceREST.java
b/security-admin/src/main/java/org/apache/ranger/rest/ServiceREST.java
index 2a2aa22..5a57ee0 100644
--- a/security-admin/src/main/java/org/apache/ranger/rest/ServiceREST.java
+++ b/security-admin/src/main/java/org/apache/ranger/rest/ServiceREST.java
@@ -3721,15 +3721,15 @@ public class ServiceREST {
}
public RangerPolicyAdmin getPolicyAdminForDelegatedAdmin(String
serviceName) {
- return
RangerPolicyAdminCacheForEngineOptions.getInstance().getServicePoliciesAdmin(serviceName,
svcStore, roleDBStore, delegateAdminOptions);
+ return
RangerPolicyAdminCacheForEngineOptions.getInstance().getServicePoliciesAdmin(serviceName,
svcStore, zoneStore, roleDBStore, delegateAdminOptions);
}
private RangerPolicyAdmin getPolicyAdminForSearch(String serviceName) {
- return
RangerPolicyAdminCacheForEngineOptions.getInstance().getServicePoliciesAdmin(serviceName,
svcStore, roleDBStore, policySearchAdminOptions);
+ return
RangerPolicyAdminCacheForEngineOptions.getInstance().getServicePoliciesAdmin(serviceName,
svcStore, zoneStore, roleDBStore, policySearchAdminOptions);
}
private RangerPolicyAdmin getPolicyAdmin(String serviceName) {
- return
RangerPolicyAdminCacheForEngineOptions.getInstance().getServicePoliciesAdmin(serviceName,
svcStore, roleDBStore, defaultAdminOptions);
+ return
RangerPolicyAdminCacheForEngineOptions.getInstance().getServicePoliciesAdmin(serviceName,
svcStore, zoneStore,roleDBStore, defaultAdminOptions);
}
@GET
