This is an automated email from the ASF dual-hosted git repository. mehul pushed a commit to branch master in repository https://gitbox.apache.org/repos/asf/ranger.git
commit 59a5665e7b744606abb626e1dc8f5676a5f9713f Author: Kishor Gollapalliwar <kishor.gollapalli...@gmail.com> AuthorDate: Thu May 5 14:07:23 2022 +0530 RANGER-3740: Ranger- Add an API to refresh tag cache Signed-off-by: Mehul Parikh <me...@apache.org> --- .../java/org/apache/ranger/biz/TagDBStore.java | 13 +++++++ .../ranger/common/RangerServiceTagsCache.java | 44 ++++++++++++++++++++++ .../main/java/org/apache/ranger/rest/TagREST.java | 37 ++++++++++++++++++ 3 files changed, 94 insertions(+) diff --git a/security-admin/src/main/java/org/apache/ranger/biz/TagDBStore.java b/security-admin/src/main/java/org/apache/ranger/biz/TagDBStore.java index e99b38b4a..d8154b7de 100644 --- a/security-admin/src/main/java/org/apache/ranger/biz/TagDBStore.java +++ b/security-admin/src/main/java/org/apache/ranger/biz/TagDBStore.java @@ -477,6 +477,19 @@ public class TagDBStore extends AbstractTagStore { return ret; } + public boolean resetTagCache(final String serviceName) { + if (LOG.isDebugEnabled()) { + LOG.debug("==> TagDBStore.resetTagCache({})", serviceName); + } + + boolean ret = RangerServiceTagsCache.getInstance().resetCache(serviceName); + + if (LOG.isDebugEnabled()) { + LOG.debug("<== TagDBStore.resetTagCache(): ret={}", ret); + } + + return ret; + } @Override public RangerServiceResource createServiceResource(RangerServiceResource resource) throws Exception { diff --git a/security-admin/src/main/java/org/apache/ranger/common/RangerServiceTagsCache.java b/security-admin/src/main/java/org/apache/ranger/common/RangerServiceTagsCache.java index 93c283fbc..576546f29 100644 --- a/security-admin/src/main/java/org/apache/ranger/common/RangerServiceTagsCache.java +++ b/security-admin/src/main/java/org/apache/ranger/common/RangerServiceTagsCache.java @@ -153,6 +153,50 @@ public class RangerServiceTagsCache { return ret; } + /** + * Reset service tag cache using serviceName if provided. + * If serviceName is empty, reset everything. + * @param serviceName + * @return true if was able to reset service tag cache, false otherwise + */ + public boolean resetCache(final String serviceName) { + if (LOG.isDebugEnabled()) { + LOG.debug("==> RangerServiceTagsCache.resetCache({})", serviceName); + } + + boolean ret = false; + synchronized (this) { + if (!serviceTagsMap.isEmpty()) { + if (StringUtils.isBlank(serviceName)) { + serviceTagsMap.clear(); + if (LOG.isDebugEnabled()) { + LOG.debug("RangerServiceTagsCache.resetCache(): Removed policy caching for all services."); + } + ret = true; + } else { + ServiceTagsWrapper removedServicePoliciesWrapper = serviceTagsMap.remove(serviceName.trim()); // returns null if key not found + ret = removedServicePoliciesWrapper != null; + + if (ret) { + if (LOG.isDebugEnabled()) { + LOG.debug("RangerServiceTagsCache.resetCache(): Removed policy caching for [{}] service.", serviceName); + } + } else { + LOG.warn("RangerServiceTagsCache.resetCache(): Caching for [{}] service not found, hence reset is skipped.", serviceName); + } + } + } else { + LOG.warn("RangerServiceTagsCache.resetCache(): Policy cache is already empty."); + } + } + + if (LOG.isDebugEnabled()) { + LOG.debug("<== RangerServiceTagsCache.resetCache(): ret={}", ret); + } + + return ret; + } + private class ServiceTagsWrapper { final Long serviceId; ServiceTags serviceTags; diff --git a/security-admin/src/main/java/org/apache/ranger/rest/TagREST.java b/security-admin/src/main/java/org/apache/ranger/rest/TagREST.java index 8b0baf904..79dbdc76d 100644 --- a/security-admin/src/main/java/org/apache/ranger/rest/TagREST.java +++ b/security-admin/src/main/java/org/apache/ranger/rest/TagREST.java @@ -25,6 +25,7 @@ import org.apache.ranger.biz.AssetMgr; import org.apache.ranger.biz.RangerBizUtil; import org.apache.ranger.biz.ServiceDBStore; import org.apache.ranger.biz.TagDBStore; +import org.apache.ranger.common.MessageEnums; import org.apache.ranger.common.RESTErrorUtil; import org.apache.ranger.db.RangerDaoManager; import org.apache.ranger.entity.XXService; @@ -601,6 +602,42 @@ public class TagREST { return ret; } + @GET + @Path(TagRESTConstants.TAGS_RESOURCE + "cache/reset") + @Produces({ "application/json", "application/xml" }) + public boolean resetTagCache(@QueryParam("serviceName") String serviceName) { + if (LOG.isDebugEnabled()) { + LOG.debug("==> TagREST.resetTagCache({})", serviceName); + } + + // check for ADMIN access + if (!bizUtil.isAdmin()) { + boolean isServiceAdmin = false; + String loggedInUser = bizUtil.getCurrentUserLoginId(); + + if (StringUtils.isNotEmpty(serviceName)) { + try { + RangerService rangerService = svcStore.getServiceByName(serviceName); + isServiceAdmin = bizUtil.isUserServiceAdmin(rangerService, loggedInUser); + } catch (Exception e) { + LOG.warn("Failed to find if user [" + loggedInUser + "] has service admin privileges on service [" + serviceName + "]", e); + } + } + + if (!isServiceAdmin) { + throw restErrorUtil.createRESTException("User cannot reset tag cache", MessageEnums.OPER_NO_PERMISSION); + } + } + + boolean ret = tagStore.resetTagCache(serviceName); + + if (LOG.isDebugEnabled()) { + LOG.debug("<== TagREST.resetTagCache(): ret={}", ret); + } + + return ret; + } + @POST @Path(TagRESTConstants.RESOURCES_RESOURCE) @Produces({ "application/json", "application/xml" })