This is an automated email from the ASF dual-hosted git repository. madhan pushed a commit to branch RANGER-3923 in repository https://gitbox.apache.org/repos/asf/ranger.git
The following commit(s) were added to refs/heads/RANGER-3923 by this push: new a3fc43cfe RANGER-4265: updated ServicePolicies to include GDS policies a3fc43cfe is described below commit a3fc43cfeabf9be2e1b3d58502ba6e0f45104fb1 Author: Madhan Neethiraj <mad...@apache.org> AuthorDate: Sun Jun 18 19:54:51 2023 -0700 RANGER-4265: updated ServicePolicies to include GDS policies --- .../apache/ranger/plugin/util/ServicePolicies.java | 193 ++++++++++++++++++ .../java/org/apache/ranger/biz/ServiceDBStore.java | 218 ++++++++++++++++----- 2 files changed, 367 insertions(+), 44 deletions(-) diff --git a/agents-common/src/main/java/org/apache/ranger/plugin/util/ServicePolicies.java b/agents-common/src/main/java/org/apache/ranger/plugin/util/ServicePolicies.java index e022a1b17..288672a20 100644 --- a/agents-common/src/main/java/org/apache/ranger/plugin/util/ServicePolicies.java +++ b/agents-common/src/main/java/org/apache/ranger/plugin/util/ServicePolicies.java @@ -63,6 +63,7 @@ public class ServicePolicies implements java.io.Serializable { private RangerServiceDef serviceDef; private String auditMode = RangerPolicyEngine.AUDIT_DEFAULT; private TagPolicies tagPolicies; + private GdsPolicies gdsPolicies; private Map<String, SecurityZoneInfo> securityZones; private List<RangerPolicyDelta> policyDeltas; private Map<String, String> serviceConfig; @@ -168,6 +169,19 @@ public class ServicePolicies implements java.io.Serializable { this.tagPolicies = tagPolicies; } + /** + * @return the gdsPolicies + */ + public ServicePolicies.GdsPolicies getGdsPolicies() { + return gdsPolicies; + } + /** + * @param gdsPolicies the gdsPolicies to set + */ + public void setGdsPolicies(ServicePolicies.GdsPolicies gdsPolicies) { + this.gdsPolicies = gdsPolicies; + } + public Map<String, SecurityZoneInfo> getSecurityZones() { return securityZones; } public void setSecurityZones(Map<String, SecurityZoneInfo> securityZones) { @@ -195,6 +209,10 @@ public class ServicePolicies implements java.io.Serializable { tagPolicies.dedupStrings(strTbl); } + if (gdsPolicies != null) { + gdsPolicies.dedupStrings(strTbl); + } + if (securityZones != null) { for (SecurityZoneInfo securityZoneInfo : securityZones.values()) { securityZoneInfo.dedupStrings(strTbl); @@ -216,6 +234,7 @@ public class ServicePolicies implements java.io.Serializable { + "policyUpdateTime=" + policyUpdateTime + ", " + "policies=" + policies + ", " + "tagPolicies=" + tagPolicies + ", " + + "gdsPolicies=" + gdsPolicies + ", " + "policyDeltas=" + policyDeltas + ", " + "serviceDef=" + serviceDef + ", " + "auditMode=" + auditMode + ", " @@ -362,6 +381,142 @@ public class ServicePolicies implements java.io.Serializable { } } + @JsonAutoDetect(fieldVisibility=Visibility.ANY) + @JsonSerialize(include=JsonSerialize.Inclusion.NON_EMPTY) + @JsonIgnoreProperties(ignoreUnknown=true) + @XmlRootElement + @XmlAccessorType(XmlAccessType.FIELD) + public static class GdsPolicies implements java.io.Serializable { + private static final long serialVersionUID = 1L; + + private String serviceName; + private Long serviceId; + private Long policyVersion; + private Date policyUpdateTime; + private List<RangerPolicy> policies; + private RangerServiceDef serviceDef; + private String auditMode = RangerPolicyEngine.AUDIT_DEFAULT; + private Map<String, String> serviceConfig; + + /** + * @return the serviceName + */ + public String getServiceName() { + return serviceName; + } + /** + * @param serviceName the serviceName to set + */ + public void setServiceName(String serviceName) { + this.serviceName = serviceName; + } + /** + * @return the serviceId + */ + public Long getServiceId() { + return serviceId; + } + /** + * @param serviceId the serviceId to set + */ + public void setServiceId(Long serviceId) { + this.serviceId = serviceId; + } + /** + * @return the policyVersion + */ + public Long getPolicyVersion() { + return policyVersion; + } + /** + * @param policyVersion the policyVersion to set + */ + public void setPolicyVersion(Long policyVersion) { + this.policyVersion = policyVersion; + } + /** + * @return the policyUpdateTime + */ + public Date getPolicyUpdateTime() { + return policyUpdateTime; + } + /** + * @param policyUpdateTime the policyUpdateTime to set + */ + public void setPolicyUpdateTime(Date policyUpdateTime) { + this.policyUpdateTime = policyUpdateTime; + } + /** + * @return the policies + */ + public List<RangerPolicy> getPolicies() { + return policies; + } + /** + * @param policies the policies to set + */ + public void setPolicies(List<RangerPolicy> policies) { + this.policies = policies; + } + /** + * @return the serviceDef + */ + public RangerServiceDef getServiceDef() { + return serviceDef; + } + /** + * @param serviceDef the serviceDef to set + */ + public void setServiceDef(RangerServiceDef serviceDef) { + this.serviceDef = serviceDef; + } + + public String getAuditMode() { + return auditMode; + } + + public void setAuditMode(String auditMode) { + this.auditMode = auditMode; + } + + public Map<String, String> getServiceConfig() { + return serviceConfig; + } + + public void setServiceConfig(Map<String, String> serviceConfig) { + this.serviceConfig = serviceConfig; + } + + public void dedupStrings(Map<String, String> strTbl) { + serviceName = StringUtil.dedupString(serviceName, strTbl); + auditMode = StringUtil.dedupString(auditMode, strTbl); + serviceConfig = StringUtil.dedupStringsMap(serviceConfig, strTbl); + + if (policies != null) { + for (RangerPolicy policy : policies) { + policy.dedupStrings(strTbl); + } + } + + if (serviceDef != null) { + serviceDef.dedupStrings(strTbl); + } + } + + @Override + public String toString() { + return "serviceName=" + serviceName + ", " + + "serviceId=" + serviceId + ", " + + "policyVersion=" + policyVersion + ", " + + "policyUpdateTime=" + policyUpdateTime + ", " + + "policies=" + policies + ", " + + "serviceDef=" + serviceDef + ", " + + "auditMode=" + auditMode + + "serviceConfig=" + serviceConfig + ; + } + } + @JsonAutoDetect(fieldVisibility = Visibility.ANY) @JsonSerialize(include = JsonSerialize.Inclusion.NON_EMPTY) @JsonIgnoreProperties(ignoreUnknown = true) @@ -460,6 +615,10 @@ public class ServicePolicies implements java.io.Serializable { TagPolicies tagPolicies = copyHeader(source.getTagPolicies(), source.getServiceDef().getName()); ret.setTagPolicies(tagPolicies); } + if (source.getGdsPolicies() != null) { + GdsPolicies gdsPolicies = copyHeader(source.getGdsPolicies(), source.getServiceDef().getName()); + ret.setGdsPolicies(gdsPolicies); + } return ret; } @@ -478,11 +637,26 @@ public class ServicePolicies implements java.io.Serializable { return ret; } + static public GdsPolicies copyHeader(GdsPolicies source, String componentServiceName) { + GdsPolicies ret = new GdsPolicies(); + + ret.setServiceName(source.getServiceName()); + ret.setServiceId(source.getServiceId()); + ret.setPolicyVersion(source.getPolicyVersion()); + ret.setAuditMode(source.getAuditMode()); + ret.setServiceDef(ServiceDefUtil.normalizeAccessTypeDefs(source.getServiceDef(), componentServiceName)); + ret.setPolicyUpdateTime(source.getPolicyUpdateTime()); + ret.setPolicies(Collections.emptyList()); + + return ret; + } + public static ServicePolicies applyDelta(final ServicePolicies servicePolicies, RangerPolicyEngineImpl policyEngine) { ServicePolicies ret = copyHeader(servicePolicies); List<RangerPolicy> oldResourcePolicies = policyEngine.getResourcePolicies(); List<RangerPolicy> oldTagPolicies = policyEngine.getTagPolicies(); + List<RangerPolicy> oldGdsPolicies = policyEngine.getGdsPolicies(); List<RangerPolicy> newResourcePolicies = RangerPolicyDeltaUtil.applyDeltas(oldResourcePolicies, servicePolicies.getPolicyDeltas(), servicePolicies.getServiceDef().getName()); @@ -505,10 +679,29 @@ public class ServicePolicies implements java.io.Serializable { LOG.debug("New tag policies:[" + Arrays.toString(newTagPolicies.toArray()) + "]"); } + final List<RangerPolicy> newGdsPolicies; + if (servicePolicies.getGdsPolicies() != null) { + LOG.debug("applyingDeltas for gds policies"); + + newGdsPolicies = RangerPolicyDeltaUtil.applyDeltas(oldGdsPolicies, servicePolicies.getPolicyDeltas(), servicePolicies.getGdsPolicies().getServiceDef().getName()); + } else { + LOG.debug("No need to apply deltas for gds policies"); + + newGdsPolicies = oldGdsPolicies; + } + + if (LOG.isDebugEnabled()) { + LOG.debug("New gds policies:[" + Arrays.toString(newGdsPolicies.toArray()) + "]"); + } + if (ret.getTagPolicies() != null) { ret.getTagPolicies().setPolicies(newTagPolicies); } + if (ret.getGdsPolicies() != null) { + ret.getGdsPolicies().setPolicies(newGdsPolicies); + } + if (MapUtils.isNotEmpty(servicePolicies.getSecurityZones())) { Map<String, SecurityZoneInfo> newSecurityZones = new HashMap<>(); diff --git a/security-admin/src/main/java/org/apache/ranger/biz/ServiceDBStore.java b/security-admin/src/main/java/org/apache/ranger/biz/ServiceDBStore.java index 231472143..bd8149f3d 100644 --- a/security-admin/src/main/java/org/apache/ranger/biz/ServiceDBStore.java +++ b/security-admin/src/main/java/org/apache/ranger/biz/ServiceDBStore.java @@ -2454,22 +2454,39 @@ public class ServiceDBStore extends AbstractServiceStore { } private List<RangerPolicy> searchRangerTagPoliciesOnBasisOfServiceName(List<RangerPolicy> allExceptTagPolicies) throws Exception { - Set<String> rangerServiceNames = new HashSet<String>(); + List<RangerPolicy> ret = new ArrayList<>(); + Set<String> serviceNames = new HashSet<>(); + Map<String, Long> tagServices = new HashMap<>(); + for(RangerPolicy pol : allExceptTagPolicies) { - rangerServiceNames.add(pol.getService()); - } - List<RangerPolicy> retPolicies = new ArrayList<RangerPolicy>(); - for(String eachRangerService : rangerServiceNames) { - List<RangerPolicy> policies = new ArrayList<RangerPolicy>(); - RangerService rangerServiceObj = getServiceByName(eachRangerService); - RangerService rangerTagService = getServiceByName(rangerServiceObj.getTagService()); - if(rangerTagService != null) { - ServicePolicies servicePolicies = RangerServicePoliciesCache.getInstance().getServicePolicies(rangerTagService.getName(),rangerTagService.getId(), -1L, true, this); - policies = servicePolicies != null ? servicePolicies.getPolicies() : null; - retPolicies.addAll(policies); + serviceNames.add(pol.getService()); + } + + for(String serviceName : serviceNames) { + RangerService service = getServiceByName(serviceName); + + if (StringUtils.isNotBlank(service.getTagService())) { + RangerService tagService = getServiceByName(service.getTagService()); + + if (tagService != null) { + tagServices.put(tagService.getName(), tagService.getId()); } } - return retPolicies; + } + + for (Map.Entry<String, Long> entry : tagServices.entrySet()) { + String tagServiceName = entry.getKey(); + Long tagServiceId = entry.getValue(); + + ServicePolicies tagServicePolicies = RangerServicePoliciesCache.getInstance().getServicePolicies(tagServiceName, tagServiceId, -1L, true, this); + List<RangerPolicy> policies = tagServicePolicies != null ? tagServicePolicies.getPolicies() : null; + + if (policies != null) { + ret.addAll(policies); + } + } + + return ret; } @Override @@ -2897,37 +2914,30 @@ public class ServiceDBStore extends AbstractServiceStore { if (!serviceDbObj.getIsenabled()) { ret = ServicePolicies.copyHeader(ret); ret.setTagPolicies(null); + ret.setGdsPolicies(null); } else { - boolean isTagServiceActive = true; + String tagServiceName = ret.getTagPolicies() != null ? ret.getTagPolicies().getServiceName() : null; + String gdsServiceName = ret.getGdsPolicies() != null ? ret.getGdsPolicies().getServiceName() : null; + boolean isTagServiceActive = isServiceActive(tagServiceName); + boolean isGdsServiceActive = isServiceActive(gdsServiceName); - if (ret.getTagPolicies() != null) { - if (LOG.isDebugEnabled()) { - LOG.debug("Checking if tag-service:[" + ret.getTagPolicies().getServiceName() + "] is disabled"); + if (!isTagServiceActive || !isGdsServiceActive) { + ServicePolicies copy = ServicePolicies.copyHeader(ret); + + if (!isTagServiceActive) { + copy.setTagPolicies(null); } - String tagServiceName = ret.getTagPolicies().getServiceName(); - if (StringUtils.isNotEmpty(tagServiceName)) { - XXService tagService = daoMgr.getXXService().findByName(tagServiceName); - if (tagService == null || !tagService.getIsenabled()) { - if (LOG.isDebugEnabled()) { - LOG.debug("tag-service:[" + tagServiceName + "] is disabled"); - } - isTagServiceActive = false; - } - } else { - isTagServiceActive = false; + if (!isGdsServiceActive) { + copy.setGdsPolicies(null); } - } else { - isTagServiceActive = false; - } - if (!isTagServiceActive) { - ServicePolicies copy = ServicePolicies.copyHeader(ret); - copy.setTagPolicies(null); - List<RangerPolicy> copyPolicies = ret.getPolicies() != null ? new ArrayList<>(ret.getPolicies()) : null; + List<RangerPolicy> copyPolicies = ret.getPolicies() != null ? new ArrayList<>(ret.getPolicies()) : null; List<RangerPolicyDelta> copyPolicyDeltas = ret.getPolicyDeltas() != null ? new ArrayList<>(ret.getPolicyDeltas()) : null; + copy.setPolicies(copyPolicies); copy.setPolicyDeltas(copyPolicyDeltas); + ret = copy; } } @@ -3025,14 +3035,21 @@ public class ServiceDBStore extends AbstractServiceStore { String auditMode = getAuditMode(serviceType, serviceName); - XXService tagServiceDbObj = null; - RangerServiceDef tagServiceDef = null; + XXService tagServiceDbObj = null; + RangerServiceDef tagServiceDef = null; XXServiceVersionInfo tagServiceVersionInfoDbObj= null; + XXService gdsServiceDbObj = null; + RangerServiceDef gdsServiceDef = null; + XXServiceVersionInfo gdsServiceVersionInfoDbObj= null; if (serviceDbObj.getTagService() != null) { tagServiceDbObj = daoMgr.getXXService().getById(serviceDbObj.getTagService()); } + if (serviceDbObj.getGdsService() != null) { + gdsServiceDbObj = daoMgr.getXXService().getById(serviceDbObj.getGdsService()); + } + if (tagServiceDbObj != null) { tagServiceDef = getServiceDef(tagServiceDbObj.getType()); @@ -3049,8 +3066,24 @@ public class ServiceDBStore extends AbstractServiceStore { } } + if (gdsServiceDbObj != null) { + gdsServiceDef = getServiceDef(gdsServiceDbObj.getType()); + + if (gdsServiceDef == null) { + throw new Exception("service-def does not exist. id=" + gdsServiceDbObj.getType()); + } + + ServiceDefUtil.normalizeAccessTypeDefs(gdsServiceDef, serviceType); + + gdsServiceVersionInfoDbObj = daoMgr.getXXServiceVersionInfo().findByServiceId(serviceDbObj.getGdsService()); + + if (gdsServiceVersionInfoDbObj == null) { + LOG.warn("serviceVersionInfo does not exist. name=" + gdsServiceDbObj.getName()); + } + } + if (isDeltaEnabled) { - ret = getServicePoliciesWithDeltas(serviceDef, serviceDbObj, tagServiceDef, tagServiceDbObj, lastKnownVersion, maxNeededVersion); + ret = getServicePoliciesWithDeltas(serviceDef, serviceDbObj, tagServiceDef, tagServiceDbObj, gdsServiceDef, gdsServiceDbObj, lastKnownVersion, maxNeededVersion); } if (ret != null) { @@ -3060,11 +3093,15 @@ public class ServiceDBStore extends AbstractServiceStore { ret.getTagPolicies().setPolicyUpdateTime(tagServiceVersionInfoDbObj == null ? null : tagServiceVersionInfoDbObj.getPolicyUpdateTime()); ret.getTagPolicies().setAuditMode(auditMode); } + if (ret.getGdsPolicies() != null) { + ret.getGdsPolicies().setPolicyUpdateTime(gdsServiceVersionInfoDbObj == null ? null : gdsServiceVersionInfoDbObj.getPolicyUpdateTime()); + ret.getGdsPolicies().setAuditMode(auditMode); + } } else if (!getOnlyDeltas) { ServicePolicies.TagPolicies tagPolicies = null; + ServicePolicies.GdsPolicies gdsPolicies = null; if (tagServiceDbObj != null) { - tagPolicies = new ServicePolicies.TagPolicies(); tagPolicies.setServiceId(tagServiceDbObj.getId()); @@ -3075,6 +3112,19 @@ public class ServiceDBStore extends AbstractServiceStore { tagPolicies.setServiceDef(tagServiceDef); tagPolicies.setAuditMode(auditMode); } + + if (gdsServiceDbObj != null) { + gdsPolicies = new ServicePolicies.GdsPolicies(); + + gdsPolicies.setServiceId(gdsServiceDbObj.getId()); + gdsPolicies.setServiceName(gdsServiceDbObj.getName()); + gdsPolicies.setPolicyVersion(gdsServiceVersionInfoDbObj == null ? null : gdsServiceVersionInfoDbObj.getPolicyVersion()); + gdsPolicies.setPolicyUpdateTime(gdsServiceVersionInfoDbObj == null ? null : gdsServiceVersionInfoDbObj.getPolicyUpdateTime()); + gdsPolicies.setPolicies(getServicePoliciesFromDb(gdsServiceDbObj)); + gdsPolicies.setServiceDef(gdsServiceDef); + gdsPolicies.setAuditMode(auditMode); + } + List<RangerPolicy> policies = getServicePoliciesFromDb(serviceDbObj); ret = new ServicePolicies(); @@ -3087,6 +3137,7 @@ public class ServiceDBStore extends AbstractServiceStore { ret.setServiceDef(serviceDef); ret.setAuditMode(auditMode); ret.setTagPolicies(tagPolicies); + ret.setGdsPolicies(gdsPolicies); } if (LOG.isDebugEnabled()) { @@ -3259,7 +3310,7 @@ public class ServiceDBStore extends AbstractServiceStore { } - ServicePolicies getServicePoliciesWithDeltas(RangerServiceDef serviceDef, XXService service, RangerServiceDef tagServiceDef, XXService tagService, Long lastKnownVersion, Long maxNeededVersion) { + ServicePolicies getServicePoliciesWithDeltas(RangerServiceDef serviceDef, XXService service, RangerServiceDef tagServiceDef, XXService tagService, RangerServiceDef gdsServiceDef, XXService gdsService, Long lastKnownVersion, Long maxNeededVersion) { ServicePolicies ret = null; // if lastKnownVersion != -1L : try and get deltas. Get delta for serviceName first. Find id of the delta @@ -3271,9 +3322,11 @@ public class ServiceDBStore extends AbstractServiceStore { if (lastKnownVersion != -1L) { List<RangerPolicyDelta> resourcePolicyDeltas; - List<RangerPolicyDelta> tagPolicyDeltas = null; - Long retrievedPolicyVersion = null; + List<RangerPolicyDelta> tagPolicyDeltas = null; + List<RangerPolicyDelta> gdsPolicyDeltas = null; + Long retrievedPolicyVersion = null; Long retrievedTagPolicyVersion = null; + Long retrievedGdsPolicyVersion = null; String componentServiceType = serviceDef.getName(); @@ -3293,7 +3346,6 @@ public class ServiceDBStore extends AbstractServiceStore { Long id = resourcePolicyDeltas.get(0).getId(); tagPolicyDeltas = daoMgr.getXXPolicyChangeLog().findGreaterThan(id, maxNeededVersion, tagService.getId()); - if (CollectionUtils.isNotEmpty(tagPolicyDeltas)) { String tagServiceType = tagServiceDef.getName(); @@ -3307,6 +3359,23 @@ public class ServiceDBStore extends AbstractServiceStore { } } + if (isValid && gdsService != null) { + Long id = resourcePolicyDeltas.get(0).getId(); + gdsPolicyDeltas = daoMgr.getXXPolicyChangeLog().findGreaterThan(id, maxNeededVersion, gdsService.getId()); + + if (CollectionUtils.isNotEmpty(gdsPolicyDeltas)) { + String gdsServiceType = gdsServiceDef.getName(); + + isValid = RangerPolicyDeltaUtil.isValidDeltas(gdsPolicyDeltas, gdsServiceType); + + if (isValid) { + retrievedGdsPolicyVersion = gdsPolicyDeltas.get(gdsPolicyDeltas.size() - 1).getPoliciesVersion(); + } else { + LOG.warn("Gds policy-Deltas :[" + gdsPolicyDeltas + "] for service-version :[" + lastKnownVersion + "] and delta-id :[" + id + "] are not valid"); + } + } + } + if (isValid) { if (CollectionUtils.isNotEmpty(tagPolicyDeltas)) { // To ensure that resource-policy-deltas with service-type of 'tag' are ignored after validation @@ -3335,6 +3404,16 @@ public class ServiceDBStore extends AbstractServiceStore { tagPolicies.setPolicyVersion(retrievedTagPolicyVersion); ret.setTagPolicies(tagPolicies); } + + if (gdsServiceDef != null && gdsService != null) { + ServicePolicies.GdsPolicies gdsPolicies = new ServicePolicies.GdsPolicies(); + gdsPolicies.setServiceDef(gdsServiceDef); + gdsPolicies.setServiceId(gdsService.getId()); + gdsPolicies.setServiceName(gdsService.getName()); + gdsPolicies.setPolicies(null); + gdsPolicies.setPolicyVersion(retrievedGdsPolicyVersion); + ret.setGdsPolicies(gdsPolicies); + } } else { LOG.warn("Deltas :[" + resourcePolicyDeltas + "] from version :[" + lastKnownVersion + "] after compressing are null!"); } @@ -6072,6 +6151,7 @@ public class ServiceDBStore extends AbstractServiceStore { ret.setPolicyVersion(servicePolicies.getPolicyVersion()); ret.setPolicyUpdateTime(servicePolicies.getPolicyUpdateTime()); ret.setTagPolicies(servicePolicies.getTagPolicies()); + ret.setGdsPolicies(servicePolicies.getGdsPolicies()); Map<String, ServicePolicies.SecurityZoneInfo> securityZonesInfo = new HashMap<>(); @@ -6183,6 +6263,7 @@ public class ServiceDBStore extends AbstractServiceStore { ServicePolicies ret = null; boolean containsDisabledResourcePolicies = false; boolean containsDisabledTagPolicies = false; + boolean containsDisabledGdsPolicies = false; if (servicePolicies != null) { List<RangerPolicy> policies = null; @@ -6209,7 +6290,19 @@ public class ServiceDBStore extends AbstractServiceStore { } } - if (!containsDisabledResourcePolicies && !containsDisabledTagPolicies) { + if (servicePolicies.getGdsPolicies() != null) { + policies = servicePolicies.getGdsPolicies().getPolicies(); + if (CollectionUtils.isNotEmpty(policies)) { + for (RangerPolicy policy : policies) { + if (!policy.getIsEnabled()) { + containsDisabledGdsPolicies = true; + break; + } + } + } + } + + if (!containsDisabledResourcePolicies && !containsDisabledTagPolicies && !containsDisabledGdsPolicies) { ret = servicePolicies; } else { ret = new ServicePolicies(); @@ -6221,6 +6314,7 @@ public class ServiceDBStore extends AbstractServiceStore { ret.setPolicyUpdateTime(servicePolicies.getPolicyUpdateTime()); ret.setPolicies(servicePolicies.getPolicies()); ret.setTagPolicies(servicePolicies.getTagPolicies()); + ret.setGdsPolicies(servicePolicies.getGdsPolicies()); ret.setSecurityZones(servicePolicies.getSecurityZones()); if (containsDisabledResourcePolicies) { @@ -6252,6 +6346,26 @@ public class ServiceDBStore extends AbstractServiceStore { ret.setTagPolicies(tagPolicies); } + + if (containsDisabledGdsPolicies) { + ServicePolicies.GdsPolicies gdsPolicies = new ServicePolicies.GdsPolicies(); + + gdsPolicies.setServiceDef(servicePolicies.getGdsPolicies().getServiceDef()); + gdsPolicies.setServiceId(servicePolicies.getGdsPolicies().getServiceId()); + gdsPolicies.setServiceName(servicePolicies.getGdsPolicies().getServiceName()); + gdsPolicies.setPolicyVersion(servicePolicies.getGdsPolicies().getPolicyVersion()); + gdsPolicies.setPolicyUpdateTime(servicePolicies.getGdsPolicies().getPolicyUpdateTime()); + + List<RangerPolicy> filteredPolicies = new ArrayList<>(); + for (RangerPolicy policy : servicePolicies.getGdsPolicies().getPolicies()) { + if (policy.getIsEnabled()) { + filteredPolicies.add(policy); + } + } + gdsPolicies.setPolicies(filteredPolicies); + + ret.setGdsPolicies(gdsPolicies); + } } } @@ -6409,4 +6523,20 @@ public class ServiceDBStore extends AbstractServiceStore { } return roleNames; } + + private boolean isServiceActive(String serviceName) { + boolean ret = false; + + if (StringUtils.isNotBlank(serviceName)) { + XXService service = daoMgr.getXXService().findByName(serviceName); + + ret = (service != null && service.getIsenabled()); + + if (LOG.isDebugEnabled()) { + LOG.debug("isServiceActive(" + serviceName + "): " + ret); + } + } + + return ret; + } }