This is an automated email from the ASF dual-hosted git repository.
vel pushed a commit to branch ranger-2.2
in repository https://gitbox.apache.org/repos/asf/ranger.git
commit 0c72d21ca917327ce25ef4bfb54ff0316de643d0
Author: Dhaval B. Shah <dhavalshah9...@gmail.com>
AuthorDate: Tue Jan 12 21:50:32 2021 +0530
RANGER-3149 : Adding exisitng policy check for
PatchForKafkaServiceDefUpdate_J10033
Signed-off-by: Velmurugan Periasamy <v...@apache.org>
---
.../PatchForKafkaServiceDefUpdate_J10033.java | 207 ++++++++++++---------
1 file changed, 118 insertions(+), 89 deletions(-)
diff --git
a/security-admin/src/main/java/org/apache/ranger/patch/PatchForKafkaServiceDefUpdate_J10033.java
b/security-admin/src/main/java/org/apache/ranger/patch/PatchForKafkaServiceDefUpdate_J10033.java
index 5b80cc2..6a869ce 100644
---
a/security-admin/src/main/java/org/apache/ranger/patch/PatchForKafkaServiceDefUpdate_J10033.java
+++
b/security-admin/src/main/java/org/apache/ranger/patch/PatchForKafkaServiceDefUpdate_J10033.java
@@ -17,6 +17,7 @@
package org.apache.ranger.patch;
+import org.apache.commons.collections.CollectionUtils;
import org.apache.commons.lang.StringUtils;
import org.apache.log4j.Logger;
import org.apache.ranger.authorization.utils.JsonUtils;
@@ -266,7 +267,7 @@ public class PatchForKafkaServiceDefUpdate_J10033 extends
BaseLoader {
Long xServiceDefId = xXServiceDefObj.getId();
List<XXService> xxServices =
daoMgr.getXXService().findByServiceDefId(xServiceDefId);
-
+
for (XXService xxService : xxServices) {
int resourceMapOrder = 0;
XXPolicy xxPolicy = new XXPolicy();
@@ -284,105 +285,133 @@ public class PatchForKafkaServiceDefUpdate_J10033
extends BaseLoader {
xxPolicy.setPolicyText(JsonUtils.objectToJson(rangerPolicy));
xxPolicy.setResourceSignature(rangerPolicy.getResourceSignature());
xxPolicy.setZoneId(1L);
- XXPolicy createdPolicy =
daoMgr.getXXPolicy().create(xxPolicy);
-
- XXPolicyItem xxPolicyItem = new XXPolicyItem();
- xxPolicyItem.setIsEnabled(Boolean.TRUE);
- xxPolicyItem.setDelegateAdmin(Boolean.TRUE);
- xxPolicyItem.setItemType(0);
- xxPolicyItem.setOrder(0);
- xxPolicyItem.setAddedByUserId(currentUserId);
- xxPolicyItem.setUpdatedByUserId(currentUserId);
- xxPolicyItem.setPolicyId(createdPolicy.getId());
- XXPolicyItem createdXXPolicyItem =
daoMgr.getXXPolicyItem().create(xxPolicyItem);
-
- List<String> accessTypes = getAccessTypes();
- for (int i = 0; i < accessTypes.size(); i++) {
- XXAccessTypeDef xAccTypeDef =
daoMgr.getXXAccessTypeDef().findByNameAndServiceId(accessTypes.get(i),
- xxPolicy.getService());
- if (xAccTypeDef == null) {
- throw new
RuntimeException(accessTypes.get(i) + ": is not a valid access-type. policy='"
- + xxPolicy.getName() +
"' service='" + xxPolicy.getService() + "'");
- }
- XXPolicyItemAccess xPolItemAcc = new
XXPolicyItemAccess();
- xPolItemAcc.setIsAllowed(Boolean.TRUE);
- xPolItemAcc.setType(xAccTypeDef.getId());
- xPolItemAcc.setOrder(i);
- xPolItemAcc.setAddedByUserId(currentUserId);
- xPolItemAcc.setUpdatedByUserId(currentUserId);
-
xPolItemAcc.setPolicyitemid(createdXXPolicyItem.getId());
-
daoMgr.getXXPolicyItemAccess().create(xPolItemAcc);
- }
+ boolean policyExist = false;
+ try {
+ List<RangerPolicy> rangerpolicies =
svcDBStore.getPoliciesByResourceSignature(xxService.getName(),
+
rangerPolicy.getResourceSignature(), true);
+ if (CollectionUtils.isNotEmpty(rangerpolicies))
{
+ for (RangerPolicy rPolicy :
rangerpolicies) {
+ if (rangerPolicy != null) {
+ if
(logger.isDebugEnabled()) {
+
logger.debug("print Policy: " + rPolicy);
+
logger.debug("policy found with resource " + rPolicy.getResources()
+
+ " and ResourceSignature " + rPolicy.getResourceSignature()
+
+ " service name : " + rPolicy.getService());
+ }
- for (int i = 0; i < DEFAULT_POLICY_USERS.size(); i++) {
- String user = DEFAULT_POLICY_USERS.get(i);
- if (StringUtils.isBlank(user)) {
- continue;
- }
- XXUser xxUser =
daoMgr.getXXUser().findByUserName(user);
- if (xxUser == null) {
- throw new RuntimeException(user + ":
user does not exist. policy='" + xxPolicy.getName()
- + "' service='" +
xxPolicy.getService() + "' user='" + user + "'");
+ if
(rPolicy.getResourceSignature().equalsIgnoreCase(rangerPolicy.getResourceSignature()))
{
+ policyExist =
true;
+ }
+
+ }
+ }
}
- XXPolicyItemUserPerm xUserPerm = new
XXPolicyItemUserPerm();
- xUserPerm.setUserId(xxUser.getId());
-
xUserPerm.setPolicyItemId(createdXXPolicyItem.getId());
- xUserPerm.setOrder(i);
- xUserPerm.setAddedByUserId(currentUserId);
- xUserPerm.setUpdatedByUserId(currentUserId);
-
daoMgr.getXXPolicyItemUserPerm().create(xUserPerm);
+ } catch (Exception ex) {
+ logger.error(" Error while getting policy using
Resource Signature, Servie Name and policy enabled flag" + ex);
}
+
+ if(!policyExist) {
+ XXPolicy createdPolicy =
daoMgr.getXXPolicy().create(xxPolicy);
+
+ XXPolicyItem xxPolicyItem = new XXPolicyItem();
+ xxPolicyItem.setIsEnabled(Boolean.TRUE);
+ xxPolicyItem.setDelegateAdmin(Boolean.TRUE);
+ xxPolicyItem.setItemType(0);
+ xxPolicyItem.setOrder(0);
+ xxPolicyItem.setAddedByUserId(currentUserId);
+ xxPolicyItem.setUpdatedByUserId(currentUserId);
+ xxPolicyItem.setPolicyId(createdPolicy.getId());
+ XXPolicyItem createdXXPolicyItem =
daoMgr.getXXPolicyItem().create(xxPolicyItem);
+
+ List<String> accessTypes = getAccessTypes();
+ for (int i = 0; i < accessTypes.size(); i++) {
+ XXAccessTypeDef xAccTypeDef =
daoMgr.getXXAccessTypeDef().findByNameAndServiceId(accessTypes.get(i),
+ xxPolicy.getService());
+ if (xAccTypeDef == null) {
+ throw new
RuntimeException(accessTypes.get(i) + ": is not a valid access-type. policy='"
+ +
xxPolicy.getName() + "' service='" + xxPolicy.getService() + "'");
+ }
+ XXPolicyItemAccess xPolItemAcc = new
XXPolicyItemAccess();
+ xPolItemAcc.setIsAllowed(Boolean.TRUE);
+
xPolItemAcc.setType(xAccTypeDef.getId());
+ xPolItemAcc.setOrder(i);
+
xPolItemAcc.setAddedByUserId(currentUserId);
+
xPolItemAcc.setUpdatedByUserId(currentUserId);
+
xPolItemAcc.setPolicyitemid(createdXXPolicyItem.getId());
+
daoMgr.getXXPolicyItemAccess().create(xPolItemAcc);
+ }
- for (int i = 0; i < DEFAULT_POLICY_GROUP.size(); i++) {
- String group = DEFAULT_POLICY_GROUP.get(i);
- if (StringUtils.isBlank(group)) {
- continue;
+ for (int i = 0; i <
DEFAULT_POLICY_USERS.size(); i++) {
+ String user =
DEFAULT_POLICY_USERS.get(i);
+ if (StringUtils.isBlank(user)) {
+ continue;
+ }
+ XXUser xxUser =
daoMgr.getXXUser().findByUserName(user);
+ if (xxUser == null) {
+ throw new RuntimeException(user
+ ": user does not exist. policy='" + xxPolicy.getName()
+ + "' service='"
+ xxPolicy.getService() + "' user='" + user + "'");
+ }
+ XXPolicyItemUserPerm xUserPerm = new
XXPolicyItemUserPerm();
+ xUserPerm.setUserId(xxUser.getId());
+
xUserPerm.setPolicyItemId(createdXXPolicyItem.getId());
+ xUserPerm.setOrder(i);
+
xUserPerm.setAddedByUserId(currentUserId);
+
xUserPerm.setUpdatedByUserId(currentUserId);
+
daoMgr.getXXPolicyItemUserPerm().create(xUserPerm);
}
- XXGroup xxGroup =
daoMgr.getXXGroup().findByGroupName(group);
- if (xxGroup == null) {
- throw new RuntimeException(group + ":
group does not exist. policy='" + xxPolicy.getName()
- + "' service='" +
xxPolicy.getService() + "' group='" + group + "'");
+
+ for (int i = 0; i <
DEFAULT_POLICY_GROUP.size(); i++) {
+ String group =
DEFAULT_POLICY_GROUP.get(i);
+ if (StringUtils.isBlank(group)) {
+ continue;
+ }
+ XXGroup xxGroup =
daoMgr.getXXGroup().findByGroupName(group);
+ if (xxGroup == null) {
+ throw new
RuntimeException(group + ": group does not exist. policy='" + xxPolicy.getName()
+ + "' service='"
+ xxPolicy.getService() + "' group='" + group + "'");
+ }
+ XXPolicyItemGroupPerm xGroupPerm = new
XXPolicyItemGroupPerm();
+ xGroupPerm.setGroupId(xxGroup.getId());
+
xGroupPerm.setPolicyItemId(createdXXPolicyItem.getId());
+ xGroupPerm.setOrder(i);
+
xGroupPerm.setAddedByUserId(currentUserId);
+
xGroupPerm.setUpdatedByUserId(currentUserId);
+
daoMgr.getXXPolicyItemGroupPerm().create(xGroupPerm);
}
- XXPolicyItemGroupPerm xGroupPerm = new
XXPolicyItemGroupPerm();
- xGroupPerm.setGroupId(xxGroup.getId());
-
xGroupPerm.setPolicyItemId(createdXXPolicyItem.getId());
- xGroupPerm.setOrder(i);
- xGroupPerm.setAddedByUserId(currentUserId);
- xGroupPerm.setUpdatedByUserId(currentUserId);
-
daoMgr.getXXPolicyItemGroupPerm().create(xGroupPerm);
- }
- String policyResourceName = CONSUMERGROUP_RESOURCE_NAME;
+ String policyResourceName =
CONSUMERGROUP_RESOURCE_NAME;
- XXResourceDef xResDef =
daoMgr.getXXResourceDef().findByNameAndPolicyId(policyResourceName,
- createdPolicy.getId());
- if (xResDef == null) {
- throw new RuntimeException(policyResourceName +
": is not a valid resource-type. policy='"
- + createdPolicy.getName() + "'
service='" + createdPolicy.getService() + "'");
- }
+ XXResourceDef xResDef =
daoMgr.getXXResourceDef().findByNameAndPolicyId(policyResourceName,
+ createdPolicy.getId());
+ if (xResDef == null) {
+ throw new
RuntimeException(policyResourceName + ": is not a valid resource-type. policy='"
+ +
createdPolicy.getName() + "' service='" + createdPolicy.getService() + "'");
+ }
- XXPolicyResource xPolRes = new XXPolicyResource();
-
- xPolRes.setAddedByUserId(currentUserId);
- xPolRes.setUpdatedByUserId(currentUserId);
- xPolRes.setIsExcludes(Boolean.FALSE);
- xPolRes.setIsRecursive(Boolean.FALSE);
- xPolRes.setPolicyId(createdPolicy.getId());
- xPolRes.setResDefId(xResDef.getId());
- xPolRes = daoMgr.getXXPolicyResource().create(xPolRes);
-
- XXPolicyResourceMap xPolResMap = new
XXPolicyResourceMap();
- xPolResMap.setResourceId(xPolRes.getId());
- xPolResMap.setValue("*");
- xPolResMap.setOrder(resourceMapOrder);
- xPolResMap.setAddedByUserId(currentUserId);
- xPolResMap.setUpdatedByUserId(currentUserId);
- daoMgr.getXXPolicyResourceMap().create(xPolResMap);
- resourceMapOrder++;
- logger.info("Creating policy for service id : " +
xxService.getId());
+ XXPolicyResource xPolRes = new
XXPolicyResource();
+
+ xPolRes.setAddedByUserId(currentUserId);
+ xPolRes.setUpdatedByUserId(currentUserId);
+ xPolRes.setIsExcludes(Boolean.FALSE);
+ xPolRes.setIsRecursive(Boolean.FALSE);
+ xPolRes.setPolicyId(createdPolicy.getId());
+ xPolRes.setResDefId(xResDef.getId());
+ xPolRes =
daoMgr.getXXPolicyResource().create(xPolRes);
+
+ XXPolicyResourceMap xPolResMap = new
XXPolicyResourceMap();
+ xPolResMap.setResourceId(xPolRes.getId());
+ xPolResMap.setValue("*");
+ xPolResMap.setOrder(resourceMapOrder);
+ xPolResMap.setAddedByUserId(currentUserId);
+ xPolResMap.setUpdatedByUserId(currentUserId);
+
daoMgr.getXXPolicyResourceMap().create(xPolResMap);
+ resourceMapOrder++;
+ logger.info("Creating policy for service id : "
+ xxService.getId());
+ }
+ logger.info("<== createDefaultPolicyForNewResources ");
}
- logger.info("<== createDefaultPolicyForNewResources ");
+
}
