[ranger] branch ranger-2.2 updated (9c69c0b -> bc42f47)
This is an automated email from the ASF dual-hosted git repository. mehul pushed a change to branch ranger-2.2 in repository https://gitbox.apache.org/repos/asf/ranger.git. from 9c69c0b RANGER-3371: Update algorithm to build Ranger policy-database object from Ranger policy-view object add bc42f47 RANGER-3361 : Improve error message while deleting users and groups associated with role No new revisions were added by this update. Summary of changes: .../main/java/org/apache/ranger/biz/XUserMgr.java | 64 +- .../java/org/apache/ranger/biz/TestXUserMgr.java | 20 +++ 2 files changed, 70 insertions(+), 14 deletions(-)
[ranger] branch ranger-2.2 updated: RANGER-3371: Update algorithm to build Ranger policy-database object from Ranger policy-view object
This is an automated email from the ASF dual-hosted git repository. abhay pushed a commit to branch ranger-2.2 in repository https://gitbox.apache.org/repos/asf/ranger.git The following commit(s) were added to refs/heads/ranger-2.2 by this push: new 9c69c0b RANGER-3371: Update algorithm to build Ranger policy-database object from Ranger policy-view object 9c69c0b is described below commit 9c69c0b25812ef977bb5d351ed312437ca3e53cd Author: Abhay Kulkarni AuthorDate: Tue Aug 17 10:51:26 2021 -0700 RANGER-3371: Update algorithm to build Ranger policy-database object from Ranger policy-view object --- .../ranger/plugin/util/RangerPolicyDeltaUtil.java | 2 +- .../java/org/apache/ranger/biz/ServiceDBStore.java | 61 +++--- .../ranger/common/RangerServicePoliciesCache.java | 6 +-- .../RangerTransactionSynchronizationAdapter.java | 27 +++--- .../org/apache/ranger/db/XXPolicyChangeLogDao.java | 15 +++--- .../ranger/service/RangerPolicyServiceBase.java| 28 +++--- 6 files changed, 94 insertions(+), 45 deletions(-) diff --git a/agents-common/src/main/java/org/apache/ranger/plugin/util/RangerPolicyDeltaUtil.java b/agents-common/src/main/java/org/apache/ranger/plugin/util/RangerPolicyDeltaUtil.java index f040a66..42143d0 100644 --- a/agents-common/src/main/java/org/apache/ranger/plugin/util/RangerPolicyDeltaUtil.java +++ b/agents-common/src/main/java/org/apache/ranger/plugin/util/RangerPolicyDeltaUtil.java @@ -90,7 +90,7 @@ public class RangerPolicyDeltaUtil { while (iter.hasNext()) { RangerPolicy policy = iter.next(); -if (policyId.equals(policy.getId())) { +if (policyId.equals(policy.getId()) && changeType == RangerPolicyDelta.CHANGE_TYPE_POLICY_DELETE) { deletedPolicies.add(policy); iter.remove(); } diff --git a/security-admin/src/main/java/org/apache/ranger/biz/ServiceDBStore.java b/security-admin/src/main/java/org/apache/ranger/biz/ServiceDBStore.java index c5add3a..b9a926b 100644 --- a/security-admin/src/main/java/org/apache/ranger/biz/ServiceDBStore.java +++ b/security-admin/src/main/java/org/apache/ranger/biz/ServiceDBStore.java @@ -1401,7 +1401,7 @@ public class ServiceDBStore extends AbstractServiceStore { } if (LOG.isDebugEnabled()) { - LOG.debug("== ServiceDBStore.getServiceDefByName(" + name + "): " + ret); + LOG.debug("== ServiceDBStore.getServiceDefByName(" + name + "): " ); } return ret; @@ -3139,7 +3139,7 @@ public class ServiceDBStore extends AbstractServiceStore { boolean isValid; - resourcePolicyDeltas = daoMgr.getXXPolicyChangeLog().findLaterThan(policyService, lastKnownVersion, service.getId()); + resourcePolicyDeltas = daoMgr.getXXPolicyChangeLog().findLaterThan(lastKnownVersion, service.getId()); if (CollectionUtils.isNotEmpty(resourcePolicyDeltas)) { isValid = RangerPolicyDeltaUtil.isValidDeltas(resourcePolicyDeltas, componentServiceType); @@ -3151,7 +3151,7 @@ public class ServiceDBStore extends AbstractServiceStore { if (isValid && tagService != null) { Long id = resourcePolicyDeltas.get(0).getId(); - tagPolicyDeltas = daoMgr.getXXPolicyChangeLog().findGreaterThan(policyService, id, tagService.getId()); + tagPolicyDeltas = daoMgr.getXXPolicyChangeLog().findGreaterThan(id, tagService.getId()); if (CollectionUtils.isNotEmpty(tagPolicyDeltas)) { @@ -3542,46 +3542,53 @@ public class ServiceDBStore extends AbstractServiceStore { XXServiceVersionInfo serviceVersionInfoDbObj = serviceVersionInfoDao.findByServiceId(id); XXService service = daoMgr.getXXService().getById(id); - Long nextPolicyVersion = 1L; + Long nextVersion = 1L; Date now = new Date(); if (serviceVersionInfoDbObj != null) { if (versionType == VERSION_TYPE.POLICY_VERSION) { - nextPolicyVersion = getNextVersion(serviceVersionInfoDbObj.getPolicyVersion()); - - serviceVersionInfoDbObj.setPolicyVersion(nextPolicyVersion); + nextVersion = getNextVersion(serviceVersionInfoDbObj.getPolicyVersion()); + serviceVersionInfoDbObj.setPolicyVersion(nextVersion); serviceVersionInfoDbObj.setPolicyUpdateTime(now); - } - if
[ranger] branch master updated: RANGER-3371: Update algorithm to build Ranger policy-database object from Ranger policy-view object
This is an automated email from the ASF dual-hosted git repository. abhay pushed a commit to branch master in repository https://gitbox.apache.org/repos/asf/ranger.git The following commit(s) were added to refs/heads/master by this push: new 6030613 RANGER-3371: Update algorithm to build Ranger policy-database object from Ranger policy-view object 6030613 is described below commit 6030613254ae628b924b2337a59c6ddb1fba1155 Author: Abhay Kulkarni AuthorDate: Tue Aug 17 10:51:26 2021 -0700 RANGER-3371: Update algorithm to build Ranger policy-database object from Ranger policy-view object --- .../ranger/plugin/util/RangerPolicyDeltaUtil.java | 2 +- .../java/org/apache/ranger/biz/ServiceDBStore.java | 61 +++--- .../ranger/common/RangerServicePoliciesCache.java | 6 +-- .../RangerTransactionSynchronizationAdapter.java | 27 +++--- .../org/apache/ranger/db/XXPolicyChangeLogDao.java | 15 +++--- .../ranger/service/RangerPolicyServiceBase.java| 28 +++--- 6 files changed, 94 insertions(+), 45 deletions(-) diff --git a/agents-common/src/main/java/org/apache/ranger/plugin/util/RangerPolicyDeltaUtil.java b/agents-common/src/main/java/org/apache/ranger/plugin/util/RangerPolicyDeltaUtil.java index f040a66..42143d0 100644 --- a/agents-common/src/main/java/org/apache/ranger/plugin/util/RangerPolicyDeltaUtil.java +++ b/agents-common/src/main/java/org/apache/ranger/plugin/util/RangerPolicyDeltaUtil.java @@ -90,7 +90,7 @@ public class RangerPolicyDeltaUtil { while (iter.hasNext()) { RangerPolicy policy = iter.next(); -if (policyId.equals(policy.getId())) { +if (policyId.equals(policy.getId()) && changeType == RangerPolicyDelta.CHANGE_TYPE_POLICY_DELETE) { deletedPolicies.add(policy); iter.remove(); } diff --git a/security-admin/src/main/java/org/apache/ranger/biz/ServiceDBStore.java b/security-admin/src/main/java/org/apache/ranger/biz/ServiceDBStore.java index c5add3a..b9a926b 100644 --- a/security-admin/src/main/java/org/apache/ranger/biz/ServiceDBStore.java +++ b/security-admin/src/main/java/org/apache/ranger/biz/ServiceDBStore.java @@ -1401,7 +1401,7 @@ public class ServiceDBStore extends AbstractServiceStore { } if (LOG.isDebugEnabled()) { - LOG.debug("== ServiceDBStore.getServiceDefByName(" + name + "): " + ret); + LOG.debug("== ServiceDBStore.getServiceDefByName(" + name + "): " ); } return ret; @@ -3139,7 +3139,7 @@ public class ServiceDBStore extends AbstractServiceStore { boolean isValid; - resourcePolicyDeltas = daoMgr.getXXPolicyChangeLog().findLaterThan(policyService, lastKnownVersion, service.getId()); + resourcePolicyDeltas = daoMgr.getXXPolicyChangeLog().findLaterThan(lastKnownVersion, service.getId()); if (CollectionUtils.isNotEmpty(resourcePolicyDeltas)) { isValid = RangerPolicyDeltaUtil.isValidDeltas(resourcePolicyDeltas, componentServiceType); @@ -3151,7 +3151,7 @@ public class ServiceDBStore extends AbstractServiceStore { if (isValid && tagService != null) { Long id = resourcePolicyDeltas.get(0).getId(); - tagPolicyDeltas = daoMgr.getXXPolicyChangeLog().findGreaterThan(policyService, id, tagService.getId()); + tagPolicyDeltas = daoMgr.getXXPolicyChangeLog().findGreaterThan(id, tagService.getId()); if (CollectionUtils.isNotEmpty(tagPolicyDeltas)) { @@ -3542,46 +3542,53 @@ public class ServiceDBStore extends AbstractServiceStore { XXServiceVersionInfo serviceVersionInfoDbObj = serviceVersionInfoDao.findByServiceId(id); XXService service = daoMgr.getXXService().getById(id); - Long nextPolicyVersion = 1L; + Long nextVersion = 1L; Date now = new Date(); if (serviceVersionInfoDbObj != null) { if (versionType == VERSION_TYPE.POLICY_VERSION) { - nextPolicyVersion = getNextVersion(serviceVersionInfoDbObj.getPolicyVersion()); - - serviceVersionInfoDbObj.setPolicyVersion(nextPolicyVersion); + nextVersion = getNextVersion(serviceVersionInfoDbObj.getPolicyVersion()); + serviceVersionInfoDbObj.setPolicyVersion(nextVersion); serviceVersionInfoDbObj.setPolicyUpdateTime(now); - } - if (versionType ==
[ranger] branch master updated: RANGER-3361 : Improve error message while deleting users and groups associated with role
This is an automated email from the ASF dual-hosted git repository. mehul pushed a commit to branch master in repository https://gitbox.apache.org/repos/asf/ranger.git The following commit(s) were added to refs/heads/master by this push: new 8f177b0 RANGER-3361 : Improve error message while deleting users and groups associated with role 8f177b0 is described below commit 8f177b03b22875ba46537371136d3bd6a330fa48 Author: mateenmansoori AuthorDate: Thu Aug 12 14:50:15 2021 +0530 RANGER-3361 : Improve error message while deleting users and groups associated with role Signed-off-by: Mehul Parikh --- .../main/java/org/apache/ranger/biz/XUserMgr.java | 64 +- .../java/org/apache/ranger/biz/TestXUserMgr.java | 20 +++ 2 files changed, 70 insertions(+), 14 deletions(-) diff --git a/security-admin/src/main/java/org/apache/ranger/biz/XUserMgr.java b/security-admin/src/main/java/org/apache/ranger/biz/XUserMgr.java index 38b06d1..6596bac 100755 --- a/security-admin/src/main/java/org/apache/ranger/biz/XUserMgr.java +++ b/security-admin/src/main/java/org/apache/ranger/biz/XUserMgr.java @@ -74,6 +74,9 @@ import org.apache.ranger.entity.XXPermMap; import org.apache.ranger.entity.XXPolicy; import org.apache.ranger.entity.XXPortalUser; import org.apache.ranger.entity.XXResource; +import org.apache.ranger.entity.XXRole; +import org.apache.ranger.entity.XXRoleRefGroup; +import org.apache.ranger.entity.XXRoleRefUser; import org.apache.ranger.entity.XXSecurityZone; import org.apache.ranger.entity.XXSecurityZoneRefGroup; import org.apache.ranger.entity.XXSecurityZoneRefUser; @@ -98,6 +101,8 @@ import org.springframework.transaction.support.TransactionTemplate; public class XUserMgr extends XUserMgrBase { private static final String RANGER_USER_GROUP_GLOBAL_STATE_NAME = "RangerUserStore"; + private static final String USER = "User"; + private static final String GROUP = "Group"; private static final int MAX_DB_TRANSACTION_RETRIES = 5; @Autowired @@ -2031,6 +2036,7 @@ public class XUserMgr extends XUserMgrBase { public void deleteXGroup(Long id, boolean force) { checkAdminAccess(); blockIfZoneGroup(id); + this.blockIfRoleGroup(id); xaBizUtil.blockAuditorRoleUser(); XXGroupDao xXGroupDao = daoManager.getXXGroup(); XXGroup xXGroup = xXGroupDao.getById(id); @@ -2207,14 +2213,9 @@ public class XUserMgr extends XUserMgrBase { for(XXSecurityZoneRefGroup zoneRefGrp : zoneRefGrpList) { XXSecurityZone xSecZone=daoManager.getXXSecurityZoneDao().getById(zoneRefGrp.getZoneId()); if(zones.indexOf(xSecZone.getName())<0) - zones.append(", " + xSecZone.getName()); + zones.append(xSecZone.getName() + ","); } - logger.info("Can Not Delete Group :" + zoneRefGrpList.get(0).getGroupName() + "' as its already present in Zone " +zones); - VXResponse vXResponse = new VXResponse(); - vXResponse.setStatusCode(HttpServletResponse.SC_BAD_REQUEST); - vXResponse.setMsgDesc( - "Can Not Delete Group '" + zoneRefGrpList.get(0).getGroupName() + "' as its already present in Zone " +zones); - throw restErrorUtil.generateRESTException(vXResponse); + this.prepareAndThrow(zoneRefGrpList.get(0).getGroupName(), RangerConstants.MODULE_SECURITY_ZONE, zones, GROUP); } } @@ -2241,6 +2242,7 @@ public class XUserMgr extends XUserMgrBase { } restrictSelfAccountDeletion(vXUser.getName().trim()); blockIfZoneUser(id); + this.blockIfRoleUser(id); SearchCriteria searchCriteria = new SearchCriteria(); searchCriteria.addParam("xUserId", id); VXGroupUserList vxGroupUserList = searchXGroupUsers(searchCriteria); @@ -2414,17 +2416,51 @@ public class XUserMgr extends XUserMgrBase { for(XXSecurityZoneRefUser zoneRefUser :zoneRefUserList ) { XXSecurityZone xSecZone = daoManager.getXXSecurityZoneDao().getById(zoneRefUser.getZoneId()); if(zones.indexOf(xSecZone.getName())<0) - zones.append(", " + xSecZone.getName()); + zones.append(xSecZone.getName() + ","); } - logger.info("Can Not Delete User :" + zoneRefUserList.get(0).getUserName()); - VXResponse vXResponse = new VXResponse(); -
[ranger] branch ranger-2.2 updated (7dc0950 -> 30730b1)
This is an automated email from the ASF dual-hosted git repository. mehul pushed a change to branch ranger-2.2 in repository https://gitbox.apache.org/repos/asf/ranger.git. from 7dc0950 RANGER-3362 : UI Improvements. add 30730b1 RANGER-3367: [Intermittent] Ranger Admin perf logs are not getting logged after Spring Security upgrade No new revisions were added by this update. Summary of changes: security-admin/pom.xml | 6 ++ 1 file changed, 6 insertions(+)
[ranger] branch master updated: RANGER-3367: [Intermittent] Ranger Admin perf logs are not getting logged after Spring Security upgrade
This is an automated email from the ASF dual-hosted git repository. mehul pushed a commit to branch master in repository https://gitbox.apache.org/repos/asf/ranger.git The following commit(s) were added to refs/heads/master by this push: new 10d0a83 RANGER-3367: [Intermittent] Ranger Admin perf logs are not getting logged after Spring Security upgrade 10d0a83 is described below commit 10d0a833eedba764e60ac1012f8371764a2468dd Author: Mahesh Bandal AuthorDate: Mon Aug 16 13:58:15 2021 +0530 RANGER-3367: [Intermittent] Ranger Admin perf logs are not getting logged after Spring Security upgrade Signed-off-by: Mehul Parikh --- security-admin/pom.xml | 6 ++ 1 file changed, 6 insertions(+) diff --git a/security-admin/pom.xml b/security-admin/pom.xml index f64e747..032b79f 100644 --- a/security-admin/pom.xml +++ b/security-admin/pom.xml @@ -190,6 +190,12 @@ org.springframework spring-core ${springframework.version} + + + org.springframework + spring-jcl + + org.springframework