This is an automated email from the ASF dual-hosted git repository.
madhan pushed a commit to branch ranger-2.5
in repository https://gitbox.apache.org/repos/asf/ranger.git
commit d3a1a8c48e568b354a4f957e3000b9595c4ac443
Author: Rakesh Gupta <rakesh.gupta.dev...@gmail.com>
AuthorDate: Wed Jul 17 15:46:21 2024 +0530
RANGER-4805: removed Atlas permissions in tag-based policies
Signed-off-by: Madhan Neethiraj <mad...@apache.org>
(cherry picked from commit f51a086dfd4e8fe20ccd09d170493d54bbe181a1)
---
.../ranger/plugin/model/RangerServiceDef.java | 1 +
.../ranger/plugin/store/AbstractServiceStore.java | 5 +-
.../apache/ranger/plugin/util/ServiceDefUtil.java | 11 +
.../service-defs/ranger-servicedef-atlas.json | 7 +-
.../optimized/current/ranger_core_db_mysql.sql | 1 +
.../optimized/current/ranger_core_db_oracle.sql | 1 +
.../optimized/current/ranger_core_db_postgres.sql | 1 +
.../current/ranger_core_db_sqlanywhere.sql | 2 +
.../optimized/current/ranger_core_db_sqlserver.sql | 1 +
...orUpdatingAtlasSvcDefAndTagPolicies_J10063.java | 236 +++++++++++++++++++++
.../ranger/service/RangerServiceDefService.java | 9 +
11 files changed, 271 insertions(+), 4 deletions(-)
diff --git
a/agents-common/src/main/java/org/apache/ranger/plugin/model/RangerServiceDef.java
b/agents-common/src/main/java/org/apache/ranger/plugin/model/RangerServiceDef.java
index ec6bc77c5..08afeb438 100644
---
a/agents-common/src/main/java/org/apache/ranger/plugin/model/RangerServiceDef.java
+++
b/agents-common/src/main/java/org/apache/ranger/plugin/model/RangerServiceDef.java
@@ -42,6 +42,7 @@ public class RangerServiceDef extends RangerBaseModelObject
implements java.io.S
public static final String
OPTION_ENABLE_DENY_AND_EXCEPTIONS_IN_POLICIES =
"enableDenyAndExceptionsInPolicies";
public static final String OPTION_ENABLE_IMPLICIT_CONDITION_EXPRESSION
= "enableImplicitConditionExpression";
+ public static final String OPTION_ENABLE_TAG_BASED_POLICIES =
"enableTagBasedPolicies";
private String name;
private String displayName;
diff --git
a/agents-common/src/main/java/org/apache/ranger/plugin/store/AbstractServiceStore.java
b/agents-common/src/main/java/org/apache/ranger/plugin/store/AbstractServiceStore.java
index 85cb9166d..589c71899 100644
---
a/agents-common/src/main/java/org/apache/ranger/plugin/store/AbstractServiceStore.java
+++
b/agents-common/src/main/java/org/apache/ranger/plugin/store/AbstractServiceStore.java
@@ -27,6 +27,7 @@ import org.apache.ranger.plugin.model.RangerPolicy;
import org.apache.ranger.plugin.model.RangerService;
import org.apache.ranger.plugin.model.RangerServiceDef;
import org.apache.ranger.plugin.util.SearchFilter;
+import org.apache.ranger.plugin.util.ServiceDefUtil;
import org.apache.ranger.services.tag.RangerServiceTag;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
@@ -65,7 +66,9 @@ public abstract class AbstractServiceStore implements
ServiceStore {
}
List<RangerServiceDef> allServiceDefs = getServiceDefs(new
SearchFilter());
for (RangerServiceDef serviceDef : allServiceDefs) {
- updateTagServiceDefForUpdatingAccessTypes(serviceDef);
+ if
(ServiceDefUtil.getOption_enableTagBasedPolicies(serviceDef, config)) {
+
updateTagServiceDefForUpdatingAccessTypes(serviceDef);
+ }
}
if (LOG.isDebugEnabled()) {
LOG.debug("<==
ServiceDefDBStore.updateTagServiceDefForAccessTypes()");
diff --git
a/agents-common/src/main/java/org/apache/ranger/plugin/util/ServiceDefUtil.java
b/agents-common/src/main/java/org/apache/ranger/plugin/util/ServiceDefUtil.java
index e3b6ef29f..e3690bf04 100644
---
a/agents-common/src/main/java/org/apache/ranger/plugin/util/ServiceDefUtil.java
+++
b/agents-common/src/main/java/org/apache/ranger/plugin/util/ServiceDefUtil.java
@@ -104,6 +104,17 @@ public class ServiceDefUtil {
return ret;
}
+ public static boolean getOption_enableTagBasedPolicies(RangerServiceDef
serviceDef, Configuration config) {
+ boolean ret = false;
+
+ if(serviceDef != null) {
+ boolean defaultValue = config == null ||
config.getBoolean("ranger.servicedef.enableTagBasedPolicies", true);
+ ret = ServiceDefUtil.getBooleanValue(serviceDef.getOptions(),
RangerServiceDef.OPTION_ENABLE_TAG_BASED_POLICIES, defaultValue);
+ }
+
+ return ret;
+ }
+
public static RangerDataMaskTypeDef getDataMaskType(RangerServiceDef
serviceDef, String typeName) {
RangerDataMaskTypeDef ret = null;
diff --git
a/agents-common/src/main/resources/service-defs/ranger-servicedef-atlas.json
b/agents-common/src/main/resources/service-defs/ranger-servicedef-atlas.json
index c98da315d..e9edfd5ba 100644
--- a/agents-common/src/main/resources/service-defs/ranger-servicedef-atlas.json
+++ b/agents-common/src/main/resources/service-defs/ranger-servicedef-atlas.json
@@ -21,8 +21,8 @@
"wildCard": "true",
"ignoreCase": "true"
},
- "label": "Type Catagory",
- "description": "Type Catagory"
+ "label": "Type Category",
+ "description": "Type Category"
},
{
"itemId": 2,
@@ -502,6 +502,7 @@
}
],
"options": {
- "enableDenyAndExceptionsInPolicies": "true"
+ "enableDenyAndExceptionsInPolicies": "true",
+ "enableTagBasedPolicies":"false"
}
}
diff --git a/security-admin/db/mysql/optimized/current/ranger_core_db_mysql.sql
b/security-admin/db/mysql/optimized/current/ranger_core_db_mysql.sql
index 2d0d8ace9..deecac27e 100644
--- a/security-admin/db/mysql/optimized/current/ranger_core_db_mysql.sql
+++ b/security-admin/db/mysql/optimized/current/ranger_core_db_mysql.sql
@@ -1877,4 +1877,5 @@ INSERT INTO x_db_version_h
(version,inst_at,inst_by,updated_at,updated_by,active
INSERT INTO x_db_version_h
(version,inst_at,inst_by,updated_at,updated_by,active) VALUES
('J10060',UTC_TIMESTAMP(),'Ranger 3.0.0',UTC_TIMESTAMP(),'localhost','Y');
INSERT INTO x_db_version_h
(version,inst_at,inst_by,updated_at,updated_by,active) VALUES
('J10061',UTC_TIMESTAMP(),'Ranger 3.0.0',UTC_TIMESTAMP(),'localhost','Y');
INSERT INTO x_db_version_h
(version,inst_at,inst_by,updated_at,updated_by,active) VALUES
('J10062',UTC_TIMESTAMP(),'Ranger 3.0.0',UTC_TIMESTAMP(),'localhost','Y');
+INSERT INTO x_db_version_h
(version,inst_at,inst_by,updated_at,updated_by,active) VALUES
('J10063',UTC_TIMESTAMP(),'Ranger 3.0.0',UTC_TIMESTAMP(),'localhost','Y');
INSERT INTO x_db_version_h
(version,inst_at,inst_by,updated_at,updated_by,active) VALUES
('JAVA_PATCHES',UTC_TIMESTAMP(),'Ranger 1.0.0',UTC_TIMESTAMP(),'localhost','Y');
diff --git
a/security-admin/db/oracle/optimized/current/ranger_core_db_oracle.sql
b/security-admin/db/oracle/optimized/current/ranger_core_db_oracle.sql
index 9551aef28..aa64b48e5 100644
--- a/security-admin/db/oracle/optimized/current/ranger_core_db_oracle.sql
+++ b/security-admin/db/oracle/optimized/current/ranger_core_db_oracle.sql
@@ -2059,5 +2059,6 @@ INSERT INTO x_db_version_h
(id,version,inst_at,inst_by,updated_at,updated_by,act
INSERT INTO x_db_version_h
(id,version,inst_at,inst_by,updated_at,updated_by,active) VALUES
(X_DB_VERSION_H_SEQ.nextval,'J10060',sys_extract_utc(systimestamp),'Ranger
3.0.0',sys_extract_utc(systimestamp),'localhost','Y');
INSERT INTO x_db_version_h
(id,version,inst_at,inst_by,updated_at,updated_by,active) VALUES
(X_DB_VERSION_H_SEQ.nextval,'J10061',sys_extract_utc(systimestamp),'Ranger
3.0.0',sys_extract_utc(systimestamp),'localhost','Y');
INSERT INTO x_db_version_h
(id,version,inst_at,inst_by,updated_at,updated_by,active) VALUES
(X_DB_VERSION_H_SEQ.nextval,'J10062',sys_extract_utc(systimestamp),'Ranger
3.0.0',sys_extract_utc(systimestamp),'localhost','Y');
+INSERT INTO x_db_version_h
(id,version,inst_at,inst_by,updated_at,updated_by,active) VALUES
(X_DB_VERSION_H_SEQ.nextval,'J10063',sys_extract_utc(systimestamp),'Ranger
3.0.0',sys_extract_utc(systimestamp),'localhost','Y');
INSERT INTO x_db_version_h
(id,version,inst_at,inst_by,updated_at,updated_by,active) VALUES
(X_DB_VERSION_H_SEQ.nextval,'JAVA_PATCHES',sys_extract_utc(systimestamp),'Ranger
1.0.0',sys_extract_utc(systimestamp),'localhost','Y');
commit;
diff --git
a/security-admin/db/postgres/optimized/current/ranger_core_db_postgres.sql
b/security-admin/db/postgres/optimized/current/ranger_core_db_postgres.sql
index 821438c3b..2eec8aafd 100644
--- a/security-admin/db/postgres/optimized/current/ranger_core_db_postgres.sql
+++ b/security-admin/db/postgres/optimized/current/ranger_core_db_postgres.sql
@@ -2012,6 +2012,7 @@ INSERT INTO x_db_version_h
(version,inst_at,inst_by,updated_at,updated_by,active
INSERT INTO x_db_version_h
(version,inst_at,inst_by,updated_at,updated_by,active) VALUES
('J10060',current_timestamp,'Ranger 3.0.0',current_timestamp,'localhost','Y');
INSERT INTO x_db_version_h
(version,inst_at,inst_by,updated_at,updated_by,active) VALUES
('J10061',current_timestamp,'Ranger 3.0.0',current_timestamp,'localhost','Y');
INSERT INTO x_db_version_h
(version,inst_at,inst_by,updated_at,updated_by,active) VALUES
('J10062',current_timestamp,'Ranger 3.0.0',current_timestamp,'localhost','Y');
+INSERT INTO x_db_version_h
(version,inst_at,inst_by,updated_at,updated_by,active) VALUES
('J10063',current_timestamp,'Ranger 3.0.0',current_timestamp,'localhost','Y');
INSERT INTO x_db_version_h
(version,inst_at,inst_by,updated_at,updated_by,active) VALUES
('JAVA_PATCHES',current_timestamp,'Ranger
1.0.0',current_timestamp,'localhost','Y');
DROP VIEW IF EXISTS vx_principal;
diff --git
a/security-admin/db/sqlanywhere/optimized/current/ranger_core_db_sqlanywhere.sql
b/security-admin/db/sqlanywhere/optimized/current/ranger_core_db_sqlanywhere.sql
index e7dfaeead..1d276fb85 100644
---
a/security-admin/db/sqlanywhere/optimized/current/ranger_core_db_sqlanywhere.sql
+++
b/security-admin/db/sqlanywhere/optimized/current/ranger_core_db_sqlanywhere.sql
@@ -2430,6 +2430,8 @@ INSERT INTO x_db_version_h
(version,inst_at,inst_by,updated_at,updated_by,active
GO
INSERT INTO x_db_version_h
(version,inst_at,inst_by,updated_at,updated_by,active) VALUES
('J10062',CURRENT_TIMESTAMP,'Ranger 3.0.0',CURRENT_TIMESTAMP,'localhost','Y');
GO
+INSERT INTO x_db_version_h
(version,inst_at,inst_by,updated_at,updated_by,active) VALUES
('J10063',CURRENT_TIMESTAMP,'Ranger 3.0.0',CURRENT_TIMESTAMP,'localhost','Y');
+GO
INSERT INTO x_db_version_h
(version,inst_at,inst_by,updated_at,updated_by,active) VALUES
('JAVA_PATCHES',CURRENT_TIMESTAMP,'Ranger
1.0.0',CURRENT_TIMESTAMP,'localhost','Y');
GO
exit
diff --git
a/security-admin/db/sqlserver/optimized/current/ranger_core_db_sqlserver.sql
b/security-admin/db/sqlserver/optimized/current/ranger_core_db_sqlserver.sql
index 4e2c9a9aa..c49d4c09c 100644
--- a/security-admin/db/sqlserver/optimized/current/ranger_core_db_sqlserver.sql
+++ b/security-admin/db/sqlserver/optimized/current/ranger_core_db_sqlserver.sql
@@ -4215,5 +4215,6 @@ INSERT INTO x_db_version_h
(version,inst_at,inst_by,updated_at,updated_by,active
INSERT INTO x_db_version_h
(version,inst_at,inst_by,updated_at,updated_by,active) VALUES
('J10060',CURRENT_TIMESTAMP,'Ranger 3.0.0',CURRENT_TIMESTAMP,'localhost','Y');
INSERT INTO x_db_version_h
(version,inst_at,inst_by,updated_at,updated_by,active) VALUES
('J10061',CURRENT_TIMESTAMP,'Ranger 3.0.0',CURRENT_TIMESTAMP,'localhost','Y');
INSERT INTO x_db_version_h
(version,inst_at,inst_by,updated_at,updated_by,active) VALUES
('J10062',CURRENT_TIMESTAMP,'Ranger 3.0.0',CURRENT_TIMESTAMP,'localhost','Y');
+INSERT INTO x_db_version_h
(version,inst_at,inst_by,updated_at,updated_by,active) VALUES
('J10063',CURRENT_TIMESTAMP,'Ranger 3.0.0',CURRENT_TIMESTAMP,'localhost','Y');
INSERT INTO x_db_version_h
(version,inst_at,inst_by,updated_at,updated_by,active) VALUES
('JAVA_PATCHES',CURRENT_TIMESTAMP,'Ranger
1.0.0',CURRENT_TIMESTAMP,'localhost','Y');
GO
diff --git
a/security-admin/src/main/java/org/apache/ranger/patch/PatchForUpdatingAtlasSvcDefAndTagPolicies_J10063.java
b/security-admin/src/main/java/org/apache/ranger/patch/PatchForUpdatingAtlasSvcDefAndTagPolicies_J10063.java
new file mode 100644
index 000000000..ce1804000
--- /dev/null
+++
b/security-admin/src/main/java/org/apache/ranger/patch/PatchForUpdatingAtlasSvcDefAndTagPolicies_J10063.java
@@ -0,0 +1,236 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.ranger.patch;
+
+import java.util.ArrayList;
+import java.util.HashMap;
+import java.util.List;
+import java.util.Map;
+
+import org.apache.commons.collections.CollectionUtils;
+import org.apache.commons.lang.StringUtils;
+import org.apache.ranger.biz.ServiceDBStore;
+import org.apache.ranger.common.JSONUtil;
+import org.apache.ranger.common.StringUtil;
+import org.apache.ranger.db.RangerDaoManager;
+import org.apache.ranger.entity.XXAccessTypeDef;
+import org.apache.ranger.entity.XXPolicy;
+import org.apache.ranger.entity.XXServiceDef;
+import org.apache.ranger.plugin.model.RangerPolicy;
+import org.apache.ranger.plugin.model.RangerPolicy.RangerPolicyItem;
+import org.apache.ranger.plugin.model.RangerPolicy.RangerPolicyItemAccess;
+import org.apache.ranger.plugin.model.RangerServiceDef;
+import org.apache.ranger.plugin.store.EmbeddedServiceDefsUtil;
+import org.apache.ranger.util.CLIUtil;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.stereotype.Component;
+
+@Component
+public class PatchForUpdatingAtlasSvcDefAndTagPolicies_J10063 extends
BaseLoader {
+ private static final Logger logger = LoggerFactory
+
.getLogger(PatchForUpdatingAtlasSvcDefAndTagPolicies_J10063.class);
+
+ @Autowired
+ RangerDaoManager daoMgr;
+
+ @Autowired
+ JSONUtil jsonUtil;
+
+ @Autowired
+ StringUtil stringUtil;
+
+ @Autowired
+ ServiceDBStore svcStore;
+
+ public static void main(String[] args) {
+ logger.info("main()");
+ try {
+ PatchForUpdatingAtlasSvcDefAndTagPolicies_J10063 loader
= (PatchForUpdatingAtlasSvcDefAndTagPolicies_J10063) CLIUtil
+
.getBean(PatchForUpdatingAtlasSvcDefAndTagPolicies_J10063.class);
+ loader.init();
+ while (loader.isMoreToProcess()) {
+ loader.load();
+ }
+ logger.info("Load complete. Exiting.");
+ System.exit(0);
+ } catch (Exception e) {
+ logger.error("Error loading", e);
+ System.exit(1);
+ }
+ }
+
+ @Override
+ public void printStats() {
+ logger.info("PatchForUpdatingAtlasSvcDefAndTagPolicies_J10063
data ");
+ }
+
+ @Override
+ public void execLoad() {
+ logger.info("==>
PatchForUpdatingAtlasSvcDefAndTagPolicies_J10063.execLoad()");
+ try {
+ if (updateAtlasServiceDef()) {
+ disableAtlasAccessForTagPolicies();
+ }
+ } catch (Exception e) {
+ logger.error("Error while updateTagServiceDef()data.",
e);
+ System.exit(1);
+ }
+ logger.info("<==
PatchForUpdatingAtlasSvcDefAndTagPolicies_J10063.execLoad()");
+ }
+
+ @Override
+ public void init() throws Exception {
+ // Do Nothing
+ }
+
+ private boolean updateAtlasServiceDef() throws Exception {
+ logger.info("==>
PatchForUpdatingAtlasSvcDefAndTagPolicies_J10063.updateAtlasServiceDef()");
+ RangerServiceDef embeddedAtlasServiceDef;
+ XXServiceDef xXServiceDefObj;
+
+ embeddedAtlasServiceDef = EmbeddedServiceDefsUtil.instance()
+
.getEmbeddedServiceDef(EmbeddedServiceDefsUtil.EMBEDDED_SERVICEDEF_ATLAS_NAME);
+
+ if (embeddedAtlasServiceDef != null) {
+ xXServiceDefObj =
daoMgr.getXXServiceDef().findByName(EmbeddedServiceDefsUtil.EMBEDDED_SERVICEDEF_ATLAS_NAME);
+
+ if (xXServiceDefObj != null) {
+ String jsonStrUpdate =
xXServiceDefObj.getDefOptions();
+ Map<String, String> serviceDefOptionsUpdate =
jsonStringToMap(jsonStrUpdate);
+ if (serviceDefOptionsUpdate == null) {
+ serviceDefOptionsUpdate = new
HashMap<>();
+ }
+
serviceDefOptionsUpdate.put(RangerServiceDef.OPTION_ENABLE_TAG_BASED_POLICIES,
"false");
+
xXServiceDefObj.setDefOptions(mapToJsonString(serviceDefOptionsUpdate));
+
daoMgr.getXXServiceDef().update(xXServiceDefObj);
+ } else {
+ logger.error("Atlas service-definition does not
exist in the Ranger DAO.");
+ return false;
+ }
+ } else {
+ logger.error("The embedded Atlas service-definition
does not exist.");
+ return false;
+ }
+ logger.info("<==
PatchForUpdatingAtlasSvcDefAndTagPolicies_J10063.updateAtlasServiceDef()");
+ return true;
+ }
+
+ private void disableAtlasAccessForTagPolicies() throws Exception {
+ logger.info("==>
PatchForUpdatingAtlasSvcDefAndTagPolicies_J10063.disableAtlasAccessForTagPolicies()");
+ RangerServiceDef embeddedTagServiceDef =
EmbeddedServiceDefsUtil.instance()
+
.getEmbeddedServiceDef(EmbeddedServiceDefsUtil.EMBEDDED_SERVICEDEF_TAG_NAME);
+ if (embeddedTagServiceDef != null) {
+ List<XXPolicy> xxPolicies =
daoMgr.getXXPolicy().findByServiceDefId(embeddedTagServiceDef.getId());
+ if (CollectionUtils.isNotEmpty(xxPolicies)) {
+ for (XXPolicy xxPolicy : xxPolicies) {
+ RangerPolicy rPolicy =
svcStore.getPolicy(xxPolicy.getId());
+ if
(CollectionUtils.isNotEmpty(rPolicy.getPolicyItems()) ||
CollectionUtils.isNotEmpty(rPolicy.getAllowExceptions())
+ ||
CollectionUtils.isNotEmpty(rPolicy.getDenyPolicyItems()) ||
CollectionUtils.isNotEmpty(rPolicy.getDenyExceptions())) {
+
updateAccessTypeForTagPolicies(rPolicy.getPolicyItems());
+
updateAccessTypeForTagPolicies(rPolicy.getAllowExceptions());
+
updateAccessTypeForTagPolicies(rPolicy.getDenyPolicyItems());
+
updateAccessTypeForTagPolicies(rPolicy.getDenyExceptions());
+ svcStore.updatePolicy(rPolicy);
+ }
+ }
+ }
+ } else {
+ logger.error("The embedded Tag service-definition does
not exist.");
+ }
+
+ // delete XXAccessTypeDef records of tagDef where name
startWith Atlas
+ List<XXAccessTypeDef> xxAccessTypes =
daoMgr.getXXAccessTypeDef().findByServiceDefId(embeddedTagServiceDef.getId());
+ for (XXAccessTypeDef xAccess : xxAccessTypes) {
+ if (xAccess != null &&
xAccess.getName().startsWith(EmbeddedServiceDefsUtil.EMBEDDED_SERVICEDEF_ATLAS_NAME))
{
+ svcStore.deleteXXAccessTypeDef(xAccess);
+ }
+ }
+ logger.info("<==
PatchForUpdatingAtlasSvcDefAndTagPolicies_J10063.disableAtlasAccessForTagPolicies()");
+ }
+
+ private void updateAccessTypeForTagPolicies(List<RangerPolicyItem>
policyItems) throws Exception {
+ logger.info("==>
PatchForDisableAccessTypeForTagPolicies_J10063.updateAccessTypeForTagPolicies()
"+policyItems);
+ if (CollectionUtils.isEmpty(policyItems)) {
+ logger.info("==>
PatchForDisableAccessTypeForTagPolicies_J10063.updateAccessTypeForTagPolicies()
policy items collection was null/empty");
+ } else {
+ List<RangerPolicy.RangerPolicyItem> removePolicyItem =
new ArrayList<RangerPolicy.RangerPolicyItem>();
+ for (RangerPolicyItem policyItem : policyItems) {
+ if (policyItem != null &&
policyItem.getAccesses() != null) {
+
List<RangerPolicy.RangerPolicyItemAccess> accessesToRemove = new
ArrayList<RangerPolicy.RangerPolicyItemAccess>();
+ for (RangerPolicyItemAccess access :
policyItem.getAccesses()) {
+ if (access != null) {
+ String[] svcDefAccType
= access.getType().split(":");
+ String serviceDefName =
svcDefAccType.length > 0 ? svcDefAccType[0] : null;
+ if (serviceDefName !=
null &&
serviceDefName.equals(EmbeddedServiceDefsUtil.EMBEDDED_SERVICEDEF_ATLAS_NAME)) {
+
accessesToRemove.add(access);
+ }
+ }
+ }
+
policyItem.getAccesses().removeAll(accessesToRemove);
+ }
+ if(policyItem != null &&
CollectionUtils.isEmpty(policyItem.getAccesses())) {
+ removePolicyItem.add(policyItem);
+ }
+ }
+ policyItems.removeAll(removePolicyItem);
+ }
+ logger.info("<==
PatchForDisableAccessTypeForTagPolicies_J10063.updateAccessTypeForTagPolicies()
"+policyItems);
+ }
+
+ private String mapToJsonString(Map<String, String> map) {
+ String ret = null;
+ if (map != null) {
+ try {
+ ret = jsonUtil.readMapToString(map);
+ } catch (Exception ex) {
+ logger.warn("mapToJsonString() failed to
convert map: " + map, ex);
+ }
+ }
+ return ret;
+ }
+
+ private Map<String, String> jsonStringToMap(String jsonStr) {
+ Map<String, String> ret = null;
+ if (!StringUtils.isEmpty(jsonStr)) {
+ try {
+ ret = jsonUtil.jsonToMap(jsonStr);
+ } catch (Exception ex) {
+ // fallback to earlier format:
"name1=value1;name2=value2"
+ for (String optionString : jsonStr.split(";")) {
+ if (StringUtils.isEmpty(optionString)) {
+ continue;
+ }
+ String[] nvArr =
optionString.split("=");
+ String name = (nvArr.length > 0) ?
nvArr[0].trim() : null;
+ String value = (nvArr.length > 1) ?
nvArr[1].trim() : null;
+ if (StringUtils.isEmpty(name)) {
+ continue;
+ }
+ if (ret == null) {
+ ret = new HashMap<>();
+ }
+ ret.put(name, value);
+ }
+ }
+ }
+ return ret;
+ }
+
+}
diff --git
a/security-admin/src/main/java/org/apache/ranger/service/RangerServiceDefService.java
b/security-admin/src/main/java/org/apache/ranger/service/RangerServiceDefService.java
index 7d363c4c7..3fb3dea40 100644
---
a/security-admin/src/main/java/org/apache/ranger/service/RangerServiceDefService.java
+++
b/security-admin/src/main/java/org/apache/ranger/service/RangerServiceDefService.java
@@ -72,6 +72,15 @@ public class RangerServiceDefService extends
RangerServiceDefServiceBase<XXServi
ret.setOptions(serviceDefOptions);
}
+ if
(serviceDefOptions.get(RangerServiceDef.OPTION_ENABLE_TAG_BASED_POLICIES) ==
null) {
+ boolean enableTagBasedPoliciesHiddenOption =
config.getBoolean("ranger.servicedef.enableTagBasedPolicies", true);
+ if (enableTagBasedPoliciesHiddenOption) {
+
serviceDefOptions.put(RangerServiceDef.OPTION_ENABLE_TAG_BASED_POLICIES,
"true");
+ } else {
+
serviceDefOptions.put(RangerServiceDef.OPTION_ENABLE_TAG_BASED_POLICIES,
"false");
+ }
+ ret.setOptions(serviceDefOptions);
+ }
return ret;
}
