[ranger] branch master updated: Revert "RANGER-3135: optimze log print for querying roles"
This is an automated email from the ASF dual-hosted git repository.
pradeep pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/ranger.git
The following commit(s) were added to refs/heads/master by this push:
new 5d12723 Revert "RANGER-3135: optimze log print for querying roles"
5d12723 is described below
commit 5d1272335156dfc6d32862c6ee9af2e92b087169
Author: pradeep
AuthorDate: Thu Nov 25 09:34:23 2021 +0530
Revert "RANGER-3135: optimze log print for querying roles"
This reverts commit 5797bb9541c1bfa84fbfd9bd19dbd635c4928b6f.
---
.../main/java/org/apache/ranger/rest/RoleREST.java | 20
1 file changed, 8 insertions(+), 12 deletions(-)
diff --git a/security-admin/src/main/java/org/apache/ranger/rest/RoleREST.java
b/security-admin/src/main/java/org/apache/ranger/rest/RoleREST.java
index 11df6b7..79978b5 100644
--- a/security-admin/src/main/java/org/apache/ranger/rest/RoleREST.java
+++ b/security-admin/src/main/java/org/apache/ranger/rest/RoleREST.java
@@ -289,9 +289,6 @@ public class RoleREST {
if (ret == null) {
throw restErrorUtil.createRESTException("User doesn't have
permissions to get details for " + roleName);
}
-if (ret.getName() == null) {
-throw restErrorUtil.createRESTException("Role with name: " +
roleName + " does not exist");
-}
} catch(WebApplicationException excp) {
throw excp;
@@ -943,17 +940,16 @@ public class RoleREST {
effectiveUser = loggedInUser;
}
try {
-existingRole = roleStore.getRole(roleName);
-if (!ensureRoleAccess(effectiveUser, userGroups, existingRole)) {
-LOG.error("User does not have permission for this operation");
-return null;
-}
-} catch (Exception ex) {
-if (bizUtil.isUserRangerAdmin(effectiveUser)) {
-return new RangerRole();
+if (!bizUtil.isUserRangerAdmin(effectiveUser)) {
+existingRole = roleStore.getRole(roleName);
+ensureRoleAccess(effectiveUser, userGroups, existingRole);
+
} else {
-return null;
+existingRole = roleStore.getRole(roleName);
}
+} catch (Exception ex) {
+LOG.error(ex.getMessage());
+return null;
}
return existingRole;
[ranger] branch master updated: RANGER-3490: Make policy resource signature is unique in a service
This is an automated email from the ASF dual-hosted git repository.
abhay pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/ranger.git
The following commit(s) were added to refs/heads/master by this push:
new 856571c RANGER-3490: Make policy resource signature is unique in a
service
856571c is described below
commit 856571c4348e31725498c0922338339c76ebba02
Author: Abhay Kulkarni
AuthorDate: Wed Nov 24 07:38:20 2021 -0800
RANGER-3490: Make policy resource signature is unique in a service
---
.../model/RangerPolicyResourceSignature.java | 5
.../model/validation/RangerPolicyValidator.java| 35 ++
.../plugin/model/validation/RangerValidator.java | 21 +
.../model/TestRangerPolicyResourceSignature.java | 18 +++
.../validation/TestRangerPolicyValidator.java | 24 +--
.../model/validation/TestRangerValidator.java | 4 +--
.../java/org/apache/ranger/biz/ServiceDBStore.java | 30 ---
.../org/apache/ranger/biz/TestServiceDBStore.java | 4 +++
8 files changed, 95 insertions(+), 46 deletions(-)
diff --git
a/agents-common/src/main/java/org/apache/ranger/plugin/model/RangerPolicyResourceSignature.java
b/agents-common/src/main/java/org/apache/ranger/plugin/model/RangerPolicyResourceSignature.java
index 312005e..c84d0bc 100644
---
a/agents-common/src/main/java/org/apache/ranger/plugin/model/RangerPolicyResourceSignature.java
+++
b/agents-common/src/main/java/org/apache/ranger/plugin/model/RangerPolicyResourceSignature.java
@@ -121,6 +121,8 @@ public class RangerPolicyResourceSignature {
LOG.debug("isPolicyValidForResourceSignatureComputation: resources collection
on policy was null!");
} else if (_policy.getResources().containsKey(null)) {
LOG.debug("isPolicyValidForResourceSignatureComputation: resources collection
has resource with null name!");
+ } else if (StringUtils.isEmpty(_policy.getGuid())) {
+
LOG.debug("isPolicyValidForResourceSignatureComputation: policy GUID is
empty!");
} else {
valid = true;
}
@@ -163,6 +165,9 @@ public class RangerPolicyResourceSignature {
CustomConditionSerialiser
customConditionSerialiser = new
CustomConditionSerialiser(_policy.getConditions());
resource +=
customConditionSerialiser.toString();
}
+ if (!_policy.getIsEnabled()) {
+ resource += _policy.getGuid();
+ }
String result =
String.format("{version=%d,type=%d,resource=%s}", _SignatureVersion, type,
resource);
return result;
diff --git
a/agents-common/src/main/java/org/apache/ranger/plugin/model/validation/RangerPolicyValidator.java
b/agents-common/src/main/java/org/apache/ranger/plugin/model/validation/RangerPolicyValidator.java
index 0ba1fb9..0519227 100644
---
a/agents-common/src/main/java/org/apache/ranger/plugin/model/validation/RangerPolicyValidator.java
+++
b/agents-common/src/main/java/org/apache/ranger/plugin/model/validation/RangerPolicyValidator.java
@@ -539,25 +539,22 @@ public class RangerPolicyValidator extends
RangerValidator {
}
boolean valid = true;
- if (!Boolean.TRUE.equals(policy.getIsEnabled())) {
- LOG.debug("Policy is disabled. Skipping resource
uniqueness validation.");
- } else {
- RangerPolicyResourceSignature policySignature =
_factory.createPolicyResourceSignature(policy);
- String signature = policySignature.getSignature();
- List policies =
getPoliciesForResourceSignature(policy.getService(), signature);
- if (CollectionUtils.isNotEmpty(policies)) {
- ValidationErrorCode error =
ValidationErrorCode.POLICY_VALIDATION_ERR_DUPLICATE_POLICY_RESOURCE;
- RangerPolicy matchedPolicy =
policies.iterator().next();
- // there shouldn't be a matching policy for
create. During update only match should be to itself
- if (action == Action.CREATE || (action ==
Action.UPDATE && (policies.size() > 1 ||
!matchedPolicy.getId().equals(policy.getId() {
- failures.add(new
ValidationFailureDetailsBuilder()
- .field("resources")
-
.isSemanticallyIncorrect()
-
.becauseOf(error.getMessage(matchedPolicy.getName(),
[ranger] branch master updated: RANGER-3511: Create Java patch to update policy resource-signature to unique value.
This is an automated email from the ASF dual-hosted git repository.
pradeep pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/ranger.git
The following commit(s) were added to refs/heads/master by this push:
new 4fdb3af RANGER-3511: Create Java patch to update policy
resource-signature to unique value.
4fdb3af is described below
commit 4fdb3af5fc21f43ab22b2fb4d0e411b500460cbc
Author: Dineshkumar Yadav
AuthorDate: Tue Nov 23 14:59:37 2021 +0530
RANGER-3511: Create Java patch to update policy resource-signature to
unique value.
Signed-off-by: pradeep
---
.../optimized/current/ranger_core_db_mysql.sql | 1 +
.../optimized/current/ranger_core_db_oracle.sql| 1 +
.../optimized/current/ranger_core_db_postgres.sql | 1 +
.../current/ranger_core_db_sqlanywhere.sql | 2 +
.../optimized/current/ranger_core_db_sqlserver.sql | 1 +
.../java/org/apache/ranger/db/XXPolicyDao.java | 13 +++
...ForUpdateToUniqueResoureceSignature_J10053.java | 115 +
.../main/resources/META-INF/jpa_named_queries.xml | 4 +
8 files changed, 138 insertions(+)
diff --git a/security-admin/db/mysql/optimized/current/ranger_core_db_mysql.sql
b/security-admin/db/mysql/optimized/current/ranger_core_db_mysql.sql
index 44a0976..e444e78 100644
--- a/security-admin/db/mysql/optimized/current/ranger_core_db_mysql.sql
+++ b/security-admin/db/mysql/optimized/current/ranger_core_db_mysql.sql
@@ -1835,5 +1835,6 @@ INSERT INTO x_db_version_h
(version,inst_at,inst_by,updated_at,updated_by,active
INSERT INTO x_db_version_h
(version,inst_at,inst_by,updated_at,updated_by,active) VALUES
('J10049',UTC_TIMESTAMP(),'Ranger 1.0.0',UTC_TIMESTAMP(),'localhost','Y');
INSERT INTO x_db_version_h
(version,inst_at,inst_by,updated_at,updated_by,active) VALUES
('J10050',UTC_TIMESTAMP(),'Ranger 1.0.0',UTC_TIMESTAMP(),'localhost','Y');
INSERT INTO x_db_version_h
(version,inst_at,inst_by,updated_at,updated_by,active) VALUES
('J10051',UTC_TIMESTAMP(),'Ranger 1.0.0',UTC_TIMESTAMP(),'localhost','Y');
+INSERT INTO x_db_version_h
(version,inst_at,inst_by,updated_at,updated_by,active) VALUES
('J10053',UTC_TIMESTAMP(),'Ranger 1.0.0',UTC_TIMESTAMP(),'localhost','Y');
INSERT INTO x_db_version_h
(version,inst_at,inst_by,updated_at,updated_by,active) VALUES
('J10054',UTC_TIMESTAMP(),'Ranger 3.0.0',UTC_TIMESTAMP(),'localhost','Y');
INSERT INTO x_db_version_h
(version,inst_at,inst_by,updated_at,updated_by,active) VALUES
('JAVA_PATCHES',UTC_TIMESTAMP(),'Ranger 1.0.0',UTC_TIMESTAMP(),'localhost','Y');
diff --git
a/security-admin/db/oracle/optimized/current/ranger_core_db_oracle.sql
b/security-admin/db/oracle/optimized/current/ranger_core_db_oracle.sql
index 8884f60..9e5da70 100644
--- a/security-admin/db/oracle/optimized/current/ranger_core_db_oracle.sql
+++ b/security-admin/db/oracle/optimized/current/ranger_core_db_oracle.sql
@@ -2039,6 +2039,7 @@ INSERT INTO x_db_version_h
(id,version,inst_at,inst_by,updated_at,updated_by,act
INSERT INTO x_db_version_h
(id,version,inst_at,inst_by,updated_at,updated_by,active) VALUES
(X_DB_VERSION_H_SEQ.nextval,'J10049',sys_extract_utc(systimestamp),'Ranger
1.0.0',sys_extract_utc(systimestamp),'localhost','Y');
INSERT INTO x_db_version_h
(id,version,inst_at,inst_by,updated_at,updated_by,active) VALUES
(X_DB_VERSION_H_SEQ.nextval,'J10050',sys_extract_utc(systimestamp),'Ranger
1.0.0',sys_extract_utc(systimestamp),'localhost','Y');
INSERT INTO x_db_version_h
(id,version,inst_at,inst_by,updated_at,updated_by,active) VALUES
(X_DB_VERSION_H_SEQ.nextval,'J10051',sys_extract_utc(systimestamp),'Ranger
1.0.0',sys_extract_utc(systimestamp),'localhost','Y');
+INSERT INTO x_db_version_h
(id,version,inst_at,inst_by,updated_at,updated_by,active) VALUES
(X_DB_VERSION_H_SEQ.nextval,'J10053',sys_extract_utc(systimestamp),'Ranger
1.0.0',sys_extract_utc(systimestamp),'localhost','Y');
INSERT INTO x_db_version_h
(id,version,inst_at,inst_by,updated_at,updated_by,active) VALUES
(X_DB_VERSION_H_SEQ.nextval,'J10054',sys_extract_utc(systimestamp),'Ranger
3.0.0',sys_extract_utc(systimestamp),'localhost','Y');
INSERT INTO x_db_version_h
(id,version,inst_at,inst_by,updated_at,updated_by,active) VALUES
(X_DB_VERSION_H_SEQ.nextval,'JAVA_PATCHES',sys_extract_utc(systimestamp),'Ranger
1.0.0',sys_extract_utc(systimestamp),'localhost','Y');
commit;
diff --git
a/security-admin/db/postgres/optimized/current/ranger_core_db_postgres.sql
b/security-admin/db/postgres/optimized/current/ranger_core_db_postgres.sql
index 4b69cb1..9fd4503 100644
--- a/security-admin/db/postgres/optimized/current/ranger_core_db_postgres.sql
+++ b/security-admin/db/postgres/optimized/current/ranger_core_db_postgres.sql
@@ -1983,6 +1983,7 @@ INSERT INTO x_db_version_h
(version,inst_at,inst_by,updated_at,updated_by,active
INSERT INTO x_db_version_h
(version,inst_at,inst_by,updated_at,updated_by,active) VALUES
('J10049',current_timestamp,'Ranger
