Re: [PR] RANGER-5215 : Policy authorisation fails for Ranger Plugins in case of users/groups converted by Ranger userysnc as per given Regex [ranger]

via GitHub Fri, 18 Jul 2025 13:22:38 -0700


kumaab commented on code in PR #584:
URL: https://github.com/apache/ranger/pull/584#discussion_r2216866064



##########
security-admin/src/main/java/org/apache/ranger/biz/ServiceDBStore.java:
##########
@@ -222,147 +222,113 @@
 
 @Component
 public class ServiceDBStore extends AbstractServiceStore {
-    private static final Logger LOG = 
LoggerFactory.getLogger(ServiceDBStore.class);
-
-    public static final String  SERVICE_ADMIN_USERS         = 
"service.admin.users";
-    public static final String  SERVICE_ADMIN_GROUPS        = 
"service.admin.groups";
-    public static final String  GDS_SERVICE_NAME            = "_gds";
-    public static final String  CRYPT_ALGO                  = 
PropertiesUtil.getProperty("ranger.password.encryption.algorithm", 
PasswordUtils.DEFAULT_CRYPT_ALGO);
-    public static final String  ENCRYPT_KEY                 = 
PropertiesUtil.getProperty("ranger.password.encryption.key", 
PasswordUtils.DEFAULT_ENCRYPT_KEY);
-    public static final String  SALT                        = 
PropertiesUtil.getProperty("ranger.password.salt", PasswordUtils.DEFAULT_SALT);
-    public static final Integer ITERATION_COUNT             = 
PropertiesUtil.getIntProperty("ranger.password.iteration.count", 
PasswordUtils.DEFAULT_ITERATION_COUNT);
-    public static final String  RANGER_PLUGIN_AUDIT_FILTERS = 
"ranger.plugin.audit.filters";
-    public static final String  HIDDEN_PASSWORD_STR         = "*****";
-    public static final String  CONFIG_KEY_PASSWORD         = "password";
-    public static final String  ACCESS_TYPE_DECRYPT_EEK     = "decrypteek";
-    public static final String  ACCESS_TYPE_GENERATE_EEK    = "generateeek";
-    public static final String  ACCESS_TYPE_GET_METADATA    = "getmetadata";
-
-    private static final String POLICY_ALLOW_EXCLUDE        = "Policy 
Allow:Exclude";
-    private static final String POLICY_ALLOW_INCLUDE        = "Policy 
Allow:Include";
-    private static final String POLICY_DENY_EXCLUDE         = "Policy 
Deny:Exclude";
-    private static final String POLICY_DENY_INCLUDE         = "Policy 
Deny:Include";
-    private static final String POLICY_TYPE_ACCESS          = "Access";
-    private static final String POLICY_TYPE_DATAMASK        = "Masking";
-    private static final String POLICY_TYPE_ROWFILTER       = "Row Level 
Filter";
-    private static final String HOSTNAME                    = "Host name";
-    private static final String USER_NAME                   = "Exported by";
-    private static final String RANGER_VERSION              = "Ranger apache 
version";
-    private static final String TIMESTAMP                   = "Export time";
-    private static final String EXPORT_COUNT                = "Exported count";
-    private static final String SERVICE_CHECK_USER          = 
"service.check.user";
-    private static final String AMBARI_SERVICE_CHECK_USER   = 
"ambari.service.check.user";
-    private static final String RANGER_PLUGIN_CONFIG_PREFIX = "ranger.plugin.";
-    private static final String LINE_SEPARATOR              = "\n";
-    private static final String FILE_HEADER                 = 
"ID|Name|Resources|Roles|Groups|Users|Accesses|Service Type|Status|Policy 
Type|Delegate Admin|isRecursive|isExcludes|Service 
Name|Description|isAuditEnabled|Policy Conditions|Policy Condition Type|Masking 
Options|Row Filter Expr|Policy Label Name";
-    private static final String COMMA_DELIMITER             = "|";
-
-    private static final String  DEFAULT_CSV_SANITIZATION_PATTERN = 
"^[=+\\-@\\t\\r]";
-    private static final Pattern CSV_SANITIZATION_PATTERN = 
Pattern.compile(PropertiesUtil.getProperty("ranger.admin.csv.sanitization.pattern",
 DEFAULT_CSV_SANITIZATION_PATTERN));
-
-    private static final Comparator<RangerPolicyDelta> 
POLICY_DELTA_ID_COMPARATOR = new RangerPolicyDeltaComparator();
-
-    public static boolean SUPPORTS_POLICY_DELTAS;
-    public static boolean SUPPORTS_IN_PLACE_POLICY_UPDATES;
-    public static Integer RETENTION_PERIOD_IN_DAYS     = 7;
-    public static Integer TAG_RETENTION_PERIOD_IN_DAYS = 3;
-    public static boolean SUPPORTS_PURGE_LOGIN_RECORDS;
-    public static Integer LOGIN_RECORDS_RETENTION_PERIOD_IN_DAYS;
-    public static boolean SUPPORTS_PURGE_TRANSACTION_RECORDS;
-    public static Integer TRANSACTION_RECORDS_RETENTION_PERIOD_IN_DAYS;
-    public static boolean SUPPORTS_PURGE_POLICY_EXPORT_LOGS;
-    public static Integer POLICY_EXPORT_LOGS_RETENTION_PERIOD_IN_DAYS;
-
-    private static String  LOCAL_HOSTNAME;
-    private static boolean isRolesDownloadedByService;
-
-    private static volatile boolean legacyServiceDefsInitDone;
-
+    public static final     String                        SERVICE_ADMIN_USERS  
             = "service.admin.users";
+    public static final     String                        SERVICE_ADMIN_GROUPS 
             = "service.admin.groups";
+    public static final     String                        GDS_SERVICE_NAME     
             = "_gds";
+    public static final     String                        CRYPT_ALGO           
             = 
PropertiesUtil.getProperty("ranger.password.encryption.algorithm", 
PasswordUtils.DEFAULT_CRYPT_ALGO);
+    public static final     String                        ENCRYPT_KEY          
             = PropertiesUtil.getProperty("ranger.password.encryption.key", 
PasswordUtils.DEFAULT_ENCRYPT_KEY);
+    public static final     String                        SALT                 
             = PropertiesUtil.getProperty("ranger.password.salt", 
PasswordUtils.DEFAULT_SALT);
+    public static final     Integer                       ITERATION_COUNT      
             = PropertiesUtil.getIntProperty("ranger.password.iteration.count", 
PasswordUtils.DEFAULT_ITERATION_COUNT);
+    public static final     String                        
RANGER_PLUGIN_AUDIT_FILTERS       = "ranger.plugin.audit.filters";
+    public static final     String                        
RANGER_PLUGINS_CONFIG_CONF_PREFIX = "ranger.plugins.conf.";
+    public static final     String                        HIDDEN_PASSWORD_STR  
             = "*****";
+    public static final     String                        CONFIG_KEY_PASSWORD  
             = "password";
+    public static final     String                        
ACCESS_TYPE_DECRYPT_EEK           = "decrypteek";
+    public static final     String                        
ACCESS_TYPE_GENERATE_EEK          = "generateeek";
+    public static final     String                        
ACCESS_TYPE_GET_METADATA          = "getmetadata";
+    private static final    Logger                        LOG                  
             = LoggerFactory.getLogger(ServiceDBStore.class);

Review Comment:
   Extensive refactoring changes seem unnecessary, please see guidelines here 
(RANGER-5017): 
https://cwiki.apache.org/confluence/display/RANGER/Apache+Ranger+Java+Style+Guide
   
   - logger should be at the top
   - LOG.isDebugEnabled() should not be used unless it's a heavy operation.
   - Avoid String concatenation in log statements.



-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: dev-unsubscr...@ranger.apache.org

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org

Re: [PR] RANGER-5215 : Policy authorisation fails for Ranger Plugins in case of users/groups converted by Ranger userysnc as per given Regex [ranger]

Reply via email to