[ranger] branch master updated: RANGER-2875:Security zone policy not getting enforced correctly for some servicedef

rmani Fri, 26 Jun 2020 11:29:34 -0700

This is an automated email from the ASF dual-hosted git repository.

rmani pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/ranger.git



The following commit(s) were added to refs/heads/master by this push:
     new e3e0e0d  RANGER-2875:Security zone policy not getting enforced 
correctly for some servicedef
e3e0e0d is described below

commit e3e0e0d76774996223a4e1207b1fcae984bf9acb
Author: Ramesh Mani <ramesh.m...@gmail.com>
AuthorDate: Fri Jun 26 08:20:31 2020 -0700

    RANGER-2875:Security zone policy not getting enforced correctly for some 
servicedef
---
 .../model/validation/RangerSecurityZoneValidator.java       |  2 +-
 .../org/apache/ranger/plugin/policyengine/PolicyEngine.java |  3 +--
 .../apache/ranger/plugin/store/EmbeddedServiceDefsUtil.java | 13 +++++++++++++
 3 files changed, 15 insertions(+), 3 deletions(-)

diff --git 
a/agents-common/src/main/java/org/apache/ranger/plugin/model/validation/RangerSecurityZoneValidator.java
 
b/agents-common/src/main/java/org/apache/ranger/plugin/model/validation/RangerSecurityZoneValidator.java
index ba25f13..2db2f22 100644
--- 
a/agents-common/src/main/java/org/apache/ranger/plugin/model/validation/RangerSecurityZoneValidator.java
+++ 
b/agents-common/src/main/java/org/apache/ranger/plugin/model/validation/RangerSecurityZoneValidator.java
@@ -363,7 +363,7 @@ public class RangerSecurityZoneValidator extends 
RangerValidator {
                     RangerPolicy.RangerPolicyResource policyResource = new 
RangerPolicy.RangerPolicyResource();
 
                     policyResource.setIsExcludes(false);
-                    
policyResource.setIsRecursive(StringUtils.equals(serviceDef.getName(), 
EmbeddedServiceDefsUtil.EMBEDDED_SERVICEDEF_HDFS_NAME));
+                    
policyResource.setIsRecursive(EmbeddedServiceDefsUtil.isRecursiveEnabled(serviceDef,
 resourceDefName));
                     policyResource.setValues(resourceValues);
                     policyResources.put(resourceDefName, policyResource);
 
diff --git 
a/agents-common/src/main/java/org/apache/ranger/plugin/policyengine/PolicyEngine.java
 
b/agents-common/src/main/java/org/apache/ranger/plugin/policyengine/PolicyEngine.java
index c22f61f..3250719 100644
--- 
a/agents-common/src/main/java/org/apache/ranger/plugin/policyengine/PolicyEngine.java
+++ 
b/agents-common/src/main/java/org/apache/ranger/plugin/policyengine/PolicyEngine.java
@@ -686,9 +686,8 @@ public class PolicyEngine {
                         String                            resourceDefName = 
entry.getKey();
                         List<String>                      resourceValues  = 
entry.getValue();
                         RangerPolicy.RangerPolicyResource policyResource  = 
new RangerPolicy.RangerPolicyResource();
-
                         policyResource.setIsExcludes(false);
-                        
policyResource.setIsRecursive(StringUtils.equals(serviceDef.getName(), 
EmbeddedServiceDefsUtil.EMBEDDED_SERVICEDEF_HDFS_NAME));
+                        
policyResource.setIsRecursive(EmbeddedServiceDefsUtil.isRecursiveEnabled(serviceDef,
 resourceDefName));
                         policyResource.setValues(resourceValues);
                         policyResources.put(resourceDefName, policyResource);
                     }
diff --git 
a/agents-common/src/main/java/org/apache/ranger/plugin/store/EmbeddedServiceDefsUtil.java
 
b/agents-common/src/main/java/org/apache/ranger/plugin/store/EmbeddedServiceDefsUtil.java
index b63e82b..7775b08 100755
--- 
a/agents-common/src/main/java/org/apache/ranger/plugin/store/EmbeddedServiceDefsUtil.java
+++ 
b/agents-common/src/main/java/org/apache/ranger/plugin/store/EmbeddedServiceDefsUtil.java
@@ -22,6 +22,7 @@ package org.apache.ranger.plugin.store;
 import java.io.InputStream;
 import java.io.InputStreamReader;
 import java.util.HashSet;
+import java.util.List;
 import java.util.Set;
 import org.apache.commons.collections.CollectionUtils;
 import org.apache.commons.lang.StringUtils;
@@ -259,6 +260,18 @@ public class EmbeddedServiceDefsUtil {
                return serviceDef;
        }
 
+       public static boolean isRecursiveEnabled(final RangerServiceDef 
rangerServiceDef, final String resourceDefName) {
+               boolean ret = false;
+               List<RangerServiceDef.RangerResourceDef>  resourceDefs = 
rangerServiceDef.getResources();
+               for(RangerServiceDef.RangerResourceDef 
resourceDef:resourceDefs) {
+                       if (resourceDefName.equals(resourceDef.getName())) {
+                               ret =  resourceDef.getRecursiveSupported();
+                               break;
+                       }
+               }
+               return ret;
+       }
+
        private long getId(RangerServiceDef serviceDef) {
                return serviceDef == null || serviceDef.getId() == null ? -1 : 
serviceDef.getId().longValue();
        }

[ranger] branch master updated: RANGER-2875:Security zone policy not getting enforced correctly for some servicedef

Reply via email to