This is an automated email from the ASF dual-hosted git repository.
madhan pushed a commit to branch RANGER-3923
in repository https://gitbox.apache.org/repos/asf/ranger.git
The following commit(s) were added to refs/heads/RANGER-3923 by this push:
new a3fc43cfe RANGER-4265: updated ServicePolicies to include GDS policies
a3fc43cfe is described below
commit a3fc43cfeabf9be2e1b3d58502ba6e0f45104fb1
Author: Madhan Neethiraj <mad...@apache.org>
AuthorDate: Sun Jun 18 19:54:51 2023 -0700
RANGER-4265: updated ServicePolicies to include GDS policies
---
.../apache/ranger/plugin/util/ServicePolicies.java | 193 ++++++++++++++++++
.../java/org/apache/ranger/biz/ServiceDBStore.java | 218 ++++++++++++++++-----
2 files changed, 367 insertions(+), 44 deletions(-)
diff --git
a/agents-common/src/main/java/org/apache/ranger/plugin/util/ServicePolicies.java
b/agents-common/src/main/java/org/apache/ranger/plugin/util/ServicePolicies.java
index e022a1b17..288672a20 100644
---
a/agents-common/src/main/java/org/apache/ranger/plugin/util/ServicePolicies.java
+++
b/agents-common/src/main/java/org/apache/ranger/plugin/util/ServicePolicies.java
@@ -63,6 +63,7 @@ public class ServicePolicies implements java.io.Serializable {
private RangerServiceDef serviceDef;
private String auditMode = RangerPolicyEngine.AUDIT_DEFAULT;
private TagPolicies tagPolicies;
+ private GdsPolicies gdsPolicies;
private Map<String, SecurityZoneInfo> securityZones;
private List<RangerPolicyDelta> policyDeltas;
private Map<String, String> serviceConfig;
@@ -168,6 +169,19 @@ public class ServicePolicies implements
java.io.Serializable {
this.tagPolicies = tagPolicies;
}
+ /**
+ * @return the gdsPolicies
+ */
+ public ServicePolicies.GdsPolicies getGdsPolicies() {
+ return gdsPolicies;
+ }
+ /**
+ * @param gdsPolicies the gdsPolicies to set
+ */
+ public void setGdsPolicies(ServicePolicies.GdsPolicies gdsPolicies) {
+ this.gdsPolicies = gdsPolicies;
+ }
+
public Map<String, SecurityZoneInfo> getSecurityZones() { return
securityZones; }
public void setSecurityZones(Map<String, SecurityZoneInfo>
securityZones) {
@@ -195,6 +209,10 @@ public class ServicePolicies implements
java.io.Serializable {
tagPolicies.dedupStrings(strTbl);
}
+ if (gdsPolicies != null) {
+ gdsPolicies.dedupStrings(strTbl);
+ }
+
if (securityZones != null) {
for (SecurityZoneInfo securityZoneInfo :
securityZones.values()) {
securityZoneInfo.dedupStrings(strTbl);
@@ -216,6 +234,7 @@ public class ServicePolicies implements
java.io.Serializable {
+ "policyUpdateTime=" + policyUpdateTime + ", "
+ "policies=" + policies + ", "
+ "tagPolicies=" + tagPolicies + ", "
+ + "gdsPolicies=" + gdsPolicies + ", "
+ "policyDeltas=" + policyDeltas + ", "
+ "serviceDef=" + serviceDef + ", "
+ "auditMode=" + auditMode + ", "
@@ -362,6 +381,142 @@ public class ServicePolicies implements
java.io.Serializable {
}
}
+ @JsonAutoDetect(fieldVisibility=Visibility.ANY)
+ @JsonSerialize(include=JsonSerialize.Inclusion.NON_EMPTY)
+ @JsonIgnoreProperties(ignoreUnknown=true)
+ @XmlRootElement
+ @XmlAccessorType(XmlAccessType.FIELD)
+ public static class GdsPolicies implements java.io.Serializable {
+ private static final long serialVersionUID = 1L;
+
+ private String serviceName;
+ private Long serviceId;
+ private Long policyVersion;
+ private Date policyUpdateTime;
+ private List<RangerPolicy> policies;
+ private RangerServiceDef serviceDef;
+ private String auditMode =
RangerPolicyEngine.AUDIT_DEFAULT;
+ private Map<String, String> serviceConfig;
+
+ /**
+ * @return the serviceName
+ */
+ public String getServiceName() {
+ return serviceName;
+ }
+ /**
+ * @param serviceName the serviceName to set
+ */
+ public void setServiceName(String serviceName) {
+ this.serviceName = serviceName;
+ }
+ /**
+ * @return the serviceId
+ */
+ public Long getServiceId() {
+ return serviceId;
+ }
+ /**
+ * @param serviceId the serviceId to set
+ */
+ public void setServiceId(Long serviceId) {
+ this.serviceId = serviceId;
+ }
+ /**
+ * @return the policyVersion
+ */
+ public Long getPolicyVersion() {
+ return policyVersion;
+ }
+ /**
+ * @param policyVersion the policyVersion to set
+ */
+ public void setPolicyVersion(Long policyVersion) {
+ this.policyVersion = policyVersion;
+ }
+ /**
+ * @return the policyUpdateTime
+ */
+ public Date getPolicyUpdateTime() {
+ return policyUpdateTime;
+ }
+ /**
+ * @param policyUpdateTime the policyUpdateTime to set
+ */
+ public void setPolicyUpdateTime(Date policyUpdateTime) {
+ this.policyUpdateTime = policyUpdateTime;
+ }
+ /**
+ * @return the policies
+ */
+ public List<RangerPolicy> getPolicies() {
+ return policies;
+ }
+ /**
+ * @param policies the policies to set
+ */
+ public void setPolicies(List<RangerPolicy> policies) {
+ this.policies = policies;
+ }
+ /**
+ * @return the serviceDef
+ */
+ public RangerServiceDef getServiceDef() {
+ return serviceDef;
+ }
+ /**
+ * @param serviceDef the serviceDef to set
+ */
+ public void setServiceDef(RangerServiceDef serviceDef) {
+ this.serviceDef = serviceDef;
+ }
+
+ public String getAuditMode() {
+ return auditMode;
+ }
+
+ public void setAuditMode(String auditMode) {
+ this.auditMode = auditMode;
+ }
+
+ public Map<String, String> getServiceConfig() {
+ return serviceConfig;
+ }
+
+ public void setServiceConfig(Map<String, String> serviceConfig)
{
+ this.serviceConfig = serviceConfig;
+ }
+
+ public void dedupStrings(Map<String, String> strTbl) {
+ serviceName = StringUtil.dedupString(serviceName,
strTbl);
+ auditMode = StringUtil.dedupString(auditMode,
strTbl);
+ serviceConfig =
StringUtil.dedupStringsMap(serviceConfig, strTbl);
+
+ if (policies != null) {
+ for (RangerPolicy policy : policies) {
+ policy.dedupStrings(strTbl);
+ }
+ }
+
+ if (serviceDef != null) {
+ serviceDef.dedupStrings(strTbl);
+ }
+ }
+
+ @Override
+ public String toString() {
+ return "serviceName=" + serviceName + ", "
+ + "serviceId=" + serviceId + ", "
+ + "policyVersion=" + policyVersion + ",
"
+ + "policyUpdateTime=" +
policyUpdateTime + ", "
+ + "policies=" + policies + ", "
+ + "serviceDef=" + serviceDef + ", "
+ + "auditMode=" + auditMode
+ + "serviceConfig=" + serviceConfig
+ ;
+ }
+ }
+
@JsonAutoDetect(fieldVisibility = Visibility.ANY)
@JsonSerialize(include = JsonSerialize.Inclusion.NON_EMPTY)
@JsonIgnoreProperties(ignoreUnknown = true)
@@ -460,6 +615,10 @@ public class ServicePolicies implements
java.io.Serializable {
TagPolicies tagPolicies =
copyHeader(source.getTagPolicies(), source.getServiceDef().getName());
ret.setTagPolicies(tagPolicies);
}
+ if (source.getGdsPolicies() != null) {
+ GdsPolicies gdsPolicies =
copyHeader(source.getGdsPolicies(), source.getServiceDef().getName());
+ ret.setGdsPolicies(gdsPolicies);
+ }
return ret;
}
@@ -478,11 +637,26 @@ public class ServicePolicies implements
java.io.Serializable {
return ret;
}
+ static public GdsPolicies copyHeader(GdsPolicies source, String
componentServiceName) {
+ GdsPolicies ret = new GdsPolicies();
+
+ ret.setServiceName(source.getServiceName());
+ ret.setServiceId(source.getServiceId());
+ ret.setPolicyVersion(source.getPolicyVersion());
+ ret.setAuditMode(source.getAuditMode());
+
ret.setServiceDef(ServiceDefUtil.normalizeAccessTypeDefs(source.getServiceDef(),
componentServiceName));
+ ret.setPolicyUpdateTime(source.getPolicyUpdateTime());
+ ret.setPolicies(Collections.emptyList());
+
+ return ret;
+ }
+
public static ServicePolicies applyDelta(final ServicePolicies
servicePolicies, RangerPolicyEngineImpl policyEngine) {
ServicePolicies ret = copyHeader(servicePolicies);
List<RangerPolicy> oldResourcePolicies =
policyEngine.getResourcePolicies();
List<RangerPolicy> oldTagPolicies =
policyEngine.getTagPolicies();
+ List<RangerPolicy> oldGdsPolicies =
policyEngine.getGdsPolicies();
List<RangerPolicy> newResourcePolicies =
RangerPolicyDeltaUtil.applyDeltas(oldResourcePolicies,
servicePolicies.getPolicyDeltas(), servicePolicies.getServiceDef().getName());
@@ -505,10 +679,29 @@ public class ServicePolicies implements
java.io.Serializable {
LOG.debug("New tag policies:[" +
Arrays.toString(newTagPolicies.toArray()) + "]");
}
+ final List<RangerPolicy> newGdsPolicies;
+ if (servicePolicies.getGdsPolicies() != null) {
+ LOG.debug("applyingDeltas for gds policies");
+
+ newGdsPolicies =
RangerPolicyDeltaUtil.applyDeltas(oldGdsPolicies,
servicePolicies.getPolicyDeltas(),
servicePolicies.getGdsPolicies().getServiceDef().getName());
+ } else {
+ LOG.debug("No need to apply deltas for gds policies");
+
+ newGdsPolicies = oldGdsPolicies;
+ }
+
+ if (LOG.isDebugEnabled()) {
+ LOG.debug("New gds policies:[" +
Arrays.toString(newGdsPolicies.toArray()) + "]");
+ }
+
if (ret.getTagPolicies() != null) {
ret.getTagPolicies().setPolicies(newTagPolicies);
}
+ if (ret.getGdsPolicies() != null) {
+ ret.getGdsPolicies().setPolicies(newGdsPolicies);
+ }
+
if (MapUtils.isNotEmpty(servicePolicies.getSecurityZones())) {
Map<String, SecurityZoneInfo> newSecurityZones = new
HashMap<>();
diff --git
a/security-admin/src/main/java/org/apache/ranger/biz/ServiceDBStore.java
b/security-admin/src/main/java/org/apache/ranger/biz/ServiceDBStore.java
index 231472143..bd8149f3d 100644
--- a/security-admin/src/main/java/org/apache/ranger/biz/ServiceDBStore.java
+++ b/security-admin/src/main/java/org/apache/ranger/biz/ServiceDBStore.java
@@ -2454,22 +2454,39 @@ public class ServiceDBStore extends
AbstractServiceStore {
}
private List<RangerPolicy>
searchRangerTagPoliciesOnBasisOfServiceName(List<RangerPolicy>
allExceptTagPolicies) throws Exception {
- Set<String> rangerServiceNames = new HashSet<String>();
+ List<RangerPolicy> ret = new ArrayList<>();
+ Set<String> serviceNames = new HashSet<>();
+ Map<String, Long> tagServices = new HashMap<>();
+
for(RangerPolicy pol : allExceptTagPolicies) {
- rangerServiceNames.add(pol.getService());
- }
- List<RangerPolicy> retPolicies = new ArrayList<RangerPolicy>();
- for(String eachRangerService : rangerServiceNames) {
- List<RangerPolicy> policies = new
ArrayList<RangerPolicy>();
- RangerService rangerServiceObj =
getServiceByName(eachRangerService);
- RangerService rangerTagService =
getServiceByName(rangerServiceObj.getTagService());
- if(rangerTagService != null) {
- ServicePolicies servicePolicies =
RangerServicePoliciesCache.getInstance().getServicePolicies(rangerTagService.getName(),rangerTagService.getId(),
-1L, true, this);
- policies = servicePolicies != null ?
servicePolicies.getPolicies() : null;
- retPolicies.addAll(policies);
+ serviceNames.add(pol.getService());
+ }
+
+ for(String serviceName : serviceNames) {
+ RangerService service = getServiceByName(serviceName);
+
+ if (StringUtils.isNotBlank(service.getTagService())) {
+ RangerService tagService =
getServiceByName(service.getTagService());
+
+ if (tagService != null) {
+ tagServices.put(tagService.getName(),
tagService.getId());
}
}
- return retPolicies;
+ }
+
+ for (Map.Entry<String, Long> entry : tagServices.entrySet()) {
+ String tagServiceName = entry.getKey();
+ Long tagServiceId = entry.getValue();
+
+ ServicePolicies tagServicePolicies =
RangerServicePoliciesCache.getInstance().getServicePolicies(tagServiceName,
tagServiceId, -1L, true, this);
+ List<RangerPolicy> policies =
tagServicePolicies != null ? tagServicePolicies.getPolicies() : null;
+
+ if (policies != null) {
+ ret.addAll(policies);
+ }
+ }
+
+ return ret;
}
@Override
@@ -2897,37 +2914,30 @@ public class ServiceDBStore extends
AbstractServiceStore {
if (!serviceDbObj.getIsenabled()) {
ret = ServicePolicies.copyHeader(ret);
ret.setTagPolicies(null);
+ ret.setGdsPolicies(null);
} else {
- boolean isTagServiceActive = true;
+ String tagServiceName =
ret.getTagPolicies() != null ? ret.getTagPolicies().getServiceName() : null;
+ String gdsServiceName =
ret.getGdsPolicies() != null ? ret.getGdsPolicies().getServiceName() : null;
+ boolean isTagServiceActive =
isServiceActive(tagServiceName);
+ boolean isGdsServiceActive =
isServiceActive(gdsServiceName);
- if (ret.getTagPolicies() != null) {
- if (LOG.isDebugEnabled()) {
- LOG.debug("Checking if
tag-service:[" + ret.getTagPolicies().getServiceName() + "] is disabled");
+ if (!isTagServiceActive || !isGdsServiceActive)
{
+ ServicePolicies copy =
ServicePolicies.copyHeader(ret);
+
+ if (!isTagServiceActive) {
+ copy.setTagPolicies(null);
}
- String tagServiceName =
ret.getTagPolicies().getServiceName();
- if
(StringUtils.isNotEmpty(tagServiceName)) {
- XXService tagService =
daoMgr.getXXService().findByName(tagServiceName);
- if (tagService == null ||
!tagService.getIsenabled()) {
- if
(LOG.isDebugEnabled()) {
-
LOG.debug("tag-service:[" + tagServiceName + "] is disabled");
- }
- isTagServiceActive =
false;
- }
- } else {
- isTagServiceActive = false;
+ if (!isGdsServiceActive) {
+ copy.setGdsPolicies(null);
}
- } else {
- isTagServiceActive = false;
- }
- if (!isTagServiceActive) {
- ServicePolicies copy =
ServicePolicies.copyHeader(ret);
- copy.setTagPolicies(null);
- List<RangerPolicy> copyPolicies =
ret.getPolicies() != null ? new ArrayList<>(ret.getPolicies()) : null;
+ List<RangerPolicy> copyPolicies
= ret.getPolicies() != null ? new ArrayList<>(ret.getPolicies()) : null;
List<RangerPolicyDelta>
copyPolicyDeltas = ret.getPolicyDeltas() != null ? new
ArrayList<>(ret.getPolicyDeltas()) : null;
+
copy.setPolicies(copyPolicies);
copy.setPolicyDeltas(copyPolicyDeltas);
+
ret = copy;
}
}
@@ -3025,14 +3035,21 @@ public class ServiceDBStore extends
AbstractServiceStore {
String auditMode = getAuditMode(serviceType, serviceName);
- XXService tagServiceDbObj = null;
- RangerServiceDef tagServiceDef = null;
+ XXService tagServiceDbObj = null;
+ RangerServiceDef tagServiceDef = null;
XXServiceVersionInfo tagServiceVersionInfoDbObj= null;
+ XXService gdsServiceDbObj = null;
+ RangerServiceDef gdsServiceDef = null;
+ XXServiceVersionInfo gdsServiceVersionInfoDbObj= null;
if (serviceDbObj.getTagService() != null) {
tagServiceDbObj =
daoMgr.getXXService().getById(serviceDbObj.getTagService());
}
+ if (serviceDbObj.getGdsService() != null) {
+ gdsServiceDbObj =
daoMgr.getXXService().getById(serviceDbObj.getGdsService());
+ }
+
if (tagServiceDbObj != null) {
tagServiceDef =
getServiceDef(tagServiceDbObj.getType());
@@ -3049,8 +3066,24 @@ public class ServiceDBStore extends AbstractServiceStore
{
}
}
+ if (gdsServiceDbObj != null) {
+ gdsServiceDef =
getServiceDef(gdsServiceDbObj.getType());
+
+ if (gdsServiceDef == null) {
+ throw new Exception("service-def does not
exist. id=" + gdsServiceDbObj.getType());
+ }
+
+ ServiceDefUtil.normalizeAccessTypeDefs(gdsServiceDef,
serviceType);
+
+ gdsServiceVersionInfoDbObj =
daoMgr.getXXServiceVersionInfo().findByServiceId(serviceDbObj.getGdsService());
+
+ if (gdsServiceVersionInfoDbObj == null) {
+ LOG.warn("serviceVersionInfo does not exist.
name=" + gdsServiceDbObj.getName());
+ }
+ }
+
if (isDeltaEnabled) {
- ret = getServicePoliciesWithDeltas(serviceDef,
serviceDbObj, tagServiceDef, tagServiceDbObj, lastKnownVersion,
maxNeededVersion);
+ ret = getServicePoliciesWithDeltas(serviceDef,
serviceDbObj, tagServiceDef, tagServiceDbObj, gdsServiceDef, gdsServiceDbObj,
lastKnownVersion, maxNeededVersion);
}
if (ret != null) {
@@ -3060,11 +3093,15 @@ public class ServiceDBStore extends
AbstractServiceStore {
ret.getTagPolicies().setPolicyUpdateTime(tagServiceVersionInfoDbObj == null ?
null : tagServiceVersionInfoDbObj.getPolicyUpdateTime());
ret.getTagPolicies().setAuditMode(auditMode);
}
+ if (ret.getGdsPolicies() != null) {
+
ret.getGdsPolicies().setPolicyUpdateTime(gdsServiceVersionInfoDbObj == null ?
null : gdsServiceVersionInfoDbObj.getPolicyUpdateTime());
+ ret.getGdsPolicies().setAuditMode(auditMode);
+ }
} else if (!getOnlyDeltas) {
ServicePolicies.TagPolicies tagPolicies = null;
+ ServicePolicies.GdsPolicies gdsPolicies = null;
if (tagServiceDbObj != null) {
-
tagPolicies = new ServicePolicies.TagPolicies();
tagPolicies.setServiceId(tagServiceDbObj.getId());
@@ -3075,6 +3112,19 @@ public class ServiceDBStore extends AbstractServiceStore
{
tagPolicies.setServiceDef(tagServiceDef);
tagPolicies.setAuditMode(auditMode);
}
+
+ if (gdsServiceDbObj != null) {
+ gdsPolicies = new ServicePolicies.GdsPolicies();
+
+
gdsPolicies.setServiceId(gdsServiceDbObj.getId());
+
gdsPolicies.setServiceName(gdsServiceDbObj.getName());
+
gdsPolicies.setPolicyVersion(gdsServiceVersionInfoDbObj == null ? null :
gdsServiceVersionInfoDbObj.getPolicyVersion());
+
gdsPolicies.setPolicyUpdateTime(gdsServiceVersionInfoDbObj == null ? null :
gdsServiceVersionInfoDbObj.getPolicyUpdateTime());
+
gdsPolicies.setPolicies(getServicePoliciesFromDb(gdsServiceDbObj));
+ gdsPolicies.setServiceDef(gdsServiceDef);
+ gdsPolicies.setAuditMode(auditMode);
+ }
+
List<RangerPolicy> policies =
getServicePoliciesFromDb(serviceDbObj);
ret = new ServicePolicies();
@@ -3087,6 +3137,7 @@ public class ServiceDBStore extends AbstractServiceStore {
ret.setServiceDef(serviceDef);
ret.setAuditMode(auditMode);
ret.setTagPolicies(tagPolicies);
+ ret.setGdsPolicies(gdsPolicies);
}
if (LOG.isDebugEnabled()) {
@@ -3259,7 +3310,7 @@ public class ServiceDBStore extends AbstractServiceStore {
}
- ServicePolicies getServicePoliciesWithDeltas(RangerServiceDef
serviceDef, XXService service, RangerServiceDef tagServiceDef, XXService
tagService, Long lastKnownVersion, Long maxNeededVersion) {
+ ServicePolicies getServicePoliciesWithDeltas(RangerServiceDef
serviceDef, XXService service, RangerServiceDef tagServiceDef, XXService
tagService, RangerServiceDef gdsServiceDef, XXService gdsService, Long
lastKnownVersion, Long maxNeededVersion) {
ServicePolicies ret = null;
// if lastKnownVersion != -1L : try and get deltas. Get delta
for serviceName first. Find id of the delta
@@ -3271,9 +3322,11 @@ public class ServiceDBStore extends AbstractServiceStore
{
if (lastKnownVersion != -1L) {
List<RangerPolicyDelta> resourcePolicyDeltas;
- List<RangerPolicyDelta> tagPolicyDeltas = null;
- Long retrievedPolicyVersion = null;
+ List<RangerPolicyDelta> tagPolicyDeltas =
null;
+ List<RangerPolicyDelta> gdsPolicyDeltas =
null;
+ Long retrievedPolicyVersion =
null;
Long retrievedTagPolicyVersion =
null;
+ Long retrievedGdsPolicyVersion =
null;
String componentServiceType = serviceDef.getName();
@@ -3293,7 +3346,6 @@ public class ServiceDBStore extends AbstractServiceStore {
Long id =
resourcePolicyDeltas.get(0).getId();
tagPolicyDeltas =
daoMgr.getXXPolicyChangeLog().findGreaterThan(id, maxNeededVersion,
tagService.getId());
-
if
(CollectionUtils.isNotEmpty(tagPolicyDeltas)) {
String tagServiceType =
tagServiceDef.getName();
@@ -3307,6 +3359,23 @@ public class ServiceDBStore extends AbstractServiceStore
{
}
}
+ if (isValid && gdsService != null) {
+ Long id =
resourcePolicyDeltas.get(0).getId();
+ gdsPolicyDeltas =
daoMgr.getXXPolicyChangeLog().findGreaterThan(id, maxNeededVersion,
gdsService.getId());
+
+ if
(CollectionUtils.isNotEmpty(gdsPolicyDeltas)) {
+ String gdsServiceType =
gdsServiceDef.getName();
+
+ isValid =
RangerPolicyDeltaUtil.isValidDeltas(gdsPolicyDeltas, gdsServiceType);
+
+ if (isValid) {
+
retrievedGdsPolicyVersion = gdsPolicyDeltas.get(gdsPolicyDeltas.size() -
1).getPoliciesVersion();
+ } else {
+ LOG.warn("Gds
policy-Deltas :[" + gdsPolicyDeltas + "] for service-version :[" +
lastKnownVersion + "] and delta-id :[" + id + "] are not valid");
+ }
+ }
+ }
+
if (isValid) {
if
(CollectionUtils.isNotEmpty(tagPolicyDeltas)) {
// To ensure that
resource-policy-deltas with service-type of 'tag' are ignored after validation
@@ -3335,6 +3404,16 @@ public class ServiceDBStore extends AbstractServiceStore
{
tagPolicies.setPolicyVersion(retrievedTagPolicyVersion);
ret.setTagPolicies(tagPolicies);
}
+
+ if (gdsServiceDef != null &&
gdsService != null) {
+
ServicePolicies.GdsPolicies gdsPolicies = new ServicePolicies.GdsPolicies();
+
gdsPolicies.setServiceDef(gdsServiceDef);
+
gdsPolicies.setServiceId(gdsService.getId());
+
gdsPolicies.setServiceName(gdsService.getName());
+
gdsPolicies.setPolicies(null);
+
gdsPolicies.setPolicyVersion(retrievedGdsPolicyVersion);
+
ret.setGdsPolicies(gdsPolicies);
+ }
} else {
LOG.warn("Deltas :[" +
resourcePolicyDeltas + "] from version :[" + lastKnownVersion + "] after
compressing are null!");
}
@@ -6072,6 +6151,7 @@ public class ServiceDBStore extends AbstractServiceStore {
ret.setPolicyVersion(servicePolicies.getPolicyVersion());
ret.setPolicyUpdateTime(servicePolicies.getPolicyUpdateTime());
ret.setTagPolicies(servicePolicies.getTagPolicies());
+ ret.setGdsPolicies(servicePolicies.getGdsPolicies());
Map<String, ServicePolicies.SecurityZoneInfo>
securityZonesInfo = new HashMap<>();
@@ -6183,6 +6263,7 @@ public class ServiceDBStore extends AbstractServiceStore {
ServicePolicies ret = null;
boolean containsDisabledResourcePolicies = false;
boolean containsDisabledTagPolicies = false;
+ boolean containsDisabledGdsPolicies = false;
if (servicePolicies != null) {
List<RangerPolicy> policies = null;
@@ -6209,7 +6290,19 @@ public class ServiceDBStore extends AbstractServiceStore
{
}
}
- if (!containsDisabledResourcePolicies &&
!containsDisabledTagPolicies) {
+ if (servicePolicies.getGdsPolicies() != null) {
+ policies =
servicePolicies.getGdsPolicies().getPolicies();
+ if (CollectionUtils.isNotEmpty(policies)) {
+ for (RangerPolicy policy : policies) {
+ if (!policy.getIsEnabled()) {
+
containsDisabledGdsPolicies = true;
+ break;
+ }
+ }
+ }
+ }
+
+ if (!containsDisabledResourcePolicies &&
!containsDisabledTagPolicies && !containsDisabledGdsPolicies) {
ret = servicePolicies;
} else {
ret = new ServicePolicies();
@@ -6221,6 +6314,7 @@ public class ServiceDBStore extends AbstractServiceStore {
ret.setPolicyUpdateTime(servicePolicies.getPolicyUpdateTime());
ret.setPolicies(servicePolicies.getPolicies());
ret.setTagPolicies(servicePolicies.getTagPolicies());
+
ret.setGdsPolicies(servicePolicies.getGdsPolicies());
ret.setSecurityZones(servicePolicies.getSecurityZones());
if (containsDisabledResourcePolicies) {
@@ -6252,6 +6346,26 @@ public class ServiceDBStore extends AbstractServiceStore
{
ret.setTagPolicies(tagPolicies);
}
+
+ if (containsDisabledGdsPolicies) {
+ ServicePolicies.GdsPolicies gdsPolicies
= new ServicePolicies.GdsPolicies();
+
+
gdsPolicies.setServiceDef(servicePolicies.getGdsPolicies().getServiceDef());
+
gdsPolicies.setServiceId(servicePolicies.getGdsPolicies().getServiceId());
+
gdsPolicies.setServiceName(servicePolicies.getGdsPolicies().getServiceName());
+
gdsPolicies.setPolicyVersion(servicePolicies.getGdsPolicies().getPolicyVersion());
+
gdsPolicies.setPolicyUpdateTime(servicePolicies.getGdsPolicies().getPolicyUpdateTime());
+
+ List<RangerPolicy> filteredPolicies =
new ArrayList<>();
+ for (RangerPolicy policy :
servicePolicies.getGdsPolicies().getPolicies()) {
+ if (policy.getIsEnabled()) {
+
filteredPolicies.add(policy);
+ }
+ }
+
gdsPolicies.setPolicies(filteredPolicies);
+
+ ret.setGdsPolicies(gdsPolicies);
+ }
}
}
@@ -6409,4 +6523,20 @@ public class ServiceDBStore extends AbstractServiceStore
{
}
return roleNames;
}
+
+ private boolean isServiceActive(String serviceName) {
+ boolean ret = false;
+
+ if (StringUtils.isNotBlank(serviceName)) {
+ XXService service =
daoMgr.getXXService().findByName(serviceName);
+
+ ret = (service != null && service.getIsenabled());
+
+ if (LOG.isDebugEnabled()) {
+ LOG.debug("isServiceActive(" + serviceName +
"): " + ret);
+ }
+ }
+
+ return ret;
+ }
}
