[ranger] branch master updated: Revert "RANGER-3135: optimze log print for querying roles"
This is an automated email from the ASF dual-hosted git repository. pradeep pushed a commit to branch master in repository https://gitbox.apache.org/repos/asf/ranger.git The following commit(s) were added to refs/heads/master by this push: new 5d12723 Revert "RANGER-3135: optimze log print for querying roles" 5d12723 is described below commit 5d1272335156dfc6d32862c6ee9af2e92b087169 Author: pradeep AuthorDate: Thu Nov 25 09:34:23 2021 +0530 Revert "RANGER-3135: optimze log print for querying roles" This reverts commit 5797bb9541c1bfa84fbfd9bd19dbd635c4928b6f. --- .../main/java/org/apache/ranger/rest/RoleREST.java | 20 1 file changed, 8 insertions(+), 12 deletions(-) diff --git a/security-admin/src/main/java/org/apache/ranger/rest/RoleREST.java b/security-admin/src/main/java/org/apache/ranger/rest/RoleREST.java index 11df6b7..79978b5 100644 --- a/security-admin/src/main/java/org/apache/ranger/rest/RoleREST.java +++ b/security-admin/src/main/java/org/apache/ranger/rest/RoleREST.java @@ -289,9 +289,6 @@ public class RoleREST { if (ret == null) { throw restErrorUtil.createRESTException("User doesn't have permissions to get details for " + roleName); } -if (ret.getName() == null) { -throw restErrorUtil.createRESTException("Role with name: " + roleName + " does not exist"); -} } catch(WebApplicationException excp) { throw excp; @@ -943,17 +940,16 @@ public class RoleREST { effectiveUser = loggedInUser; } try { -existingRole = roleStore.getRole(roleName); -if (!ensureRoleAccess(effectiveUser, userGroups, existingRole)) { -LOG.error("User does not have permission for this operation"); -return null; -} -} catch (Exception ex) { -if (bizUtil.isUserRangerAdmin(effectiveUser)) { -return new RangerRole(); +if (!bizUtil.isUserRangerAdmin(effectiveUser)) { +existingRole = roleStore.getRole(roleName); +ensureRoleAccess(effectiveUser, userGroups, existingRole); + } else { -return null; +existingRole = roleStore.getRole(roleName); } +} catch (Exception ex) { +LOG.error(ex.getMessage()); +return null; } return existingRole;
[ranger] branch master updated: RANGER-3490: Make policy resource signature is unique in a service
This is an automated email from the ASF dual-hosted git repository. abhay pushed a commit to branch master in repository https://gitbox.apache.org/repos/asf/ranger.git The following commit(s) were added to refs/heads/master by this push: new 856571c RANGER-3490: Make policy resource signature is unique in a service 856571c is described below commit 856571c4348e31725498c0922338339c76ebba02 Author: Abhay Kulkarni AuthorDate: Wed Nov 24 07:38:20 2021 -0800 RANGER-3490: Make policy resource signature is unique in a service --- .../model/RangerPolicyResourceSignature.java | 5 .../model/validation/RangerPolicyValidator.java| 35 ++ .../plugin/model/validation/RangerValidator.java | 21 + .../model/TestRangerPolicyResourceSignature.java | 18 +++ .../validation/TestRangerPolicyValidator.java | 24 +-- .../model/validation/TestRangerValidator.java | 4 +-- .../java/org/apache/ranger/biz/ServiceDBStore.java | 30 --- .../org/apache/ranger/biz/TestServiceDBStore.java | 4 +++ 8 files changed, 95 insertions(+), 46 deletions(-) diff --git a/agents-common/src/main/java/org/apache/ranger/plugin/model/RangerPolicyResourceSignature.java b/agents-common/src/main/java/org/apache/ranger/plugin/model/RangerPolicyResourceSignature.java index 312005e..c84d0bc 100644 --- a/agents-common/src/main/java/org/apache/ranger/plugin/model/RangerPolicyResourceSignature.java +++ b/agents-common/src/main/java/org/apache/ranger/plugin/model/RangerPolicyResourceSignature.java @@ -121,6 +121,8 @@ public class RangerPolicyResourceSignature { LOG.debug("isPolicyValidForResourceSignatureComputation: resources collection on policy was null!"); } else if (_policy.getResources().containsKey(null)) { LOG.debug("isPolicyValidForResourceSignatureComputation: resources collection has resource with null name!"); + } else if (StringUtils.isEmpty(_policy.getGuid())) { + LOG.debug("isPolicyValidForResourceSignatureComputation: policy GUID is empty!"); } else { valid = true; } @@ -163,6 +165,9 @@ public class RangerPolicyResourceSignature { CustomConditionSerialiser customConditionSerialiser = new CustomConditionSerialiser(_policy.getConditions()); resource += customConditionSerialiser.toString(); } + if (!_policy.getIsEnabled()) { + resource += _policy.getGuid(); + } String result = String.format("{version=%d,type=%d,resource=%s}", _SignatureVersion, type, resource); return result; diff --git a/agents-common/src/main/java/org/apache/ranger/plugin/model/validation/RangerPolicyValidator.java b/agents-common/src/main/java/org/apache/ranger/plugin/model/validation/RangerPolicyValidator.java index 0ba1fb9..0519227 100644 --- a/agents-common/src/main/java/org/apache/ranger/plugin/model/validation/RangerPolicyValidator.java +++ b/agents-common/src/main/java/org/apache/ranger/plugin/model/validation/RangerPolicyValidator.java @@ -539,25 +539,22 @@ public class RangerPolicyValidator extends RangerValidator { } boolean valid = true; - if (!Boolean.TRUE.equals(policy.getIsEnabled())) { - LOG.debug("Policy is disabled. Skipping resource uniqueness validation."); - } else { - RangerPolicyResourceSignature policySignature = _factory.createPolicyResourceSignature(policy); - String signature = policySignature.getSignature(); - List policies = getPoliciesForResourceSignature(policy.getService(), signature); - if (CollectionUtils.isNotEmpty(policies)) { - ValidationErrorCode error = ValidationErrorCode.POLICY_VALIDATION_ERR_DUPLICATE_POLICY_RESOURCE; - RangerPolicy matchedPolicy = policies.iterator().next(); - // there shouldn't be a matching policy for create. During update only match should be to itself - if (action == Action.CREATE || (action == Action.UPDATE && (policies.size() > 1 || !matchedPolicy.getId().equals(policy.getId() { - failures.add(new ValidationFailureDetailsBuilder() - .field("resources") - .isSemanticallyIncorrect() - .becauseOf(error.getMessage(matchedPolicy.getName(),
[ranger] branch master updated: RANGER-3511: Create Java patch to update policy resource-signature to unique value.
This is an automated email from the ASF dual-hosted git repository. pradeep pushed a commit to branch master in repository https://gitbox.apache.org/repos/asf/ranger.git The following commit(s) were added to refs/heads/master by this push: new 4fdb3af RANGER-3511: Create Java patch to update policy resource-signature to unique value. 4fdb3af is described below commit 4fdb3af5fc21f43ab22b2fb4d0e411b500460cbc Author: Dineshkumar Yadav AuthorDate: Tue Nov 23 14:59:37 2021 +0530 RANGER-3511: Create Java patch to update policy resource-signature to unique value. Signed-off-by: pradeep --- .../optimized/current/ranger_core_db_mysql.sql | 1 + .../optimized/current/ranger_core_db_oracle.sql| 1 + .../optimized/current/ranger_core_db_postgres.sql | 1 + .../current/ranger_core_db_sqlanywhere.sql | 2 + .../optimized/current/ranger_core_db_sqlserver.sql | 1 + .../java/org/apache/ranger/db/XXPolicyDao.java | 13 +++ ...ForUpdateToUniqueResoureceSignature_J10053.java | 115 + .../main/resources/META-INF/jpa_named_queries.xml | 4 + 8 files changed, 138 insertions(+) diff --git a/security-admin/db/mysql/optimized/current/ranger_core_db_mysql.sql b/security-admin/db/mysql/optimized/current/ranger_core_db_mysql.sql index 44a0976..e444e78 100644 --- a/security-admin/db/mysql/optimized/current/ranger_core_db_mysql.sql +++ b/security-admin/db/mysql/optimized/current/ranger_core_db_mysql.sql @@ -1835,5 +1835,6 @@ INSERT INTO x_db_version_h (version,inst_at,inst_by,updated_at,updated_by,active INSERT INTO x_db_version_h (version,inst_at,inst_by,updated_at,updated_by,active) VALUES ('J10049',UTC_TIMESTAMP(),'Ranger 1.0.0',UTC_TIMESTAMP(),'localhost','Y'); INSERT INTO x_db_version_h (version,inst_at,inst_by,updated_at,updated_by,active) VALUES ('J10050',UTC_TIMESTAMP(),'Ranger 1.0.0',UTC_TIMESTAMP(),'localhost','Y'); INSERT INTO x_db_version_h (version,inst_at,inst_by,updated_at,updated_by,active) VALUES ('J10051',UTC_TIMESTAMP(),'Ranger 1.0.0',UTC_TIMESTAMP(),'localhost','Y'); +INSERT INTO x_db_version_h (version,inst_at,inst_by,updated_at,updated_by,active) VALUES ('J10053',UTC_TIMESTAMP(),'Ranger 1.0.0',UTC_TIMESTAMP(),'localhost','Y'); INSERT INTO x_db_version_h (version,inst_at,inst_by,updated_at,updated_by,active) VALUES ('J10054',UTC_TIMESTAMP(),'Ranger 3.0.0',UTC_TIMESTAMP(),'localhost','Y'); INSERT INTO x_db_version_h (version,inst_at,inst_by,updated_at,updated_by,active) VALUES ('JAVA_PATCHES',UTC_TIMESTAMP(),'Ranger 1.0.0',UTC_TIMESTAMP(),'localhost','Y'); diff --git a/security-admin/db/oracle/optimized/current/ranger_core_db_oracle.sql b/security-admin/db/oracle/optimized/current/ranger_core_db_oracle.sql index 8884f60..9e5da70 100644 --- a/security-admin/db/oracle/optimized/current/ranger_core_db_oracle.sql +++ b/security-admin/db/oracle/optimized/current/ranger_core_db_oracle.sql @@ -2039,6 +2039,7 @@ INSERT INTO x_db_version_h (id,version,inst_at,inst_by,updated_at,updated_by,act INSERT INTO x_db_version_h (id,version,inst_at,inst_by,updated_at,updated_by,active) VALUES (X_DB_VERSION_H_SEQ.nextval,'J10049',sys_extract_utc(systimestamp),'Ranger 1.0.0',sys_extract_utc(systimestamp),'localhost','Y'); INSERT INTO x_db_version_h (id,version,inst_at,inst_by,updated_at,updated_by,active) VALUES (X_DB_VERSION_H_SEQ.nextval,'J10050',sys_extract_utc(systimestamp),'Ranger 1.0.0',sys_extract_utc(systimestamp),'localhost','Y'); INSERT INTO x_db_version_h (id,version,inst_at,inst_by,updated_at,updated_by,active) VALUES (X_DB_VERSION_H_SEQ.nextval,'J10051',sys_extract_utc(systimestamp),'Ranger 1.0.0',sys_extract_utc(systimestamp),'localhost','Y'); +INSERT INTO x_db_version_h (id,version,inst_at,inst_by,updated_at,updated_by,active) VALUES (X_DB_VERSION_H_SEQ.nextval,'J10053',sys_extract_utc(systimestamp),'Ranger 1.0.0',sys_extract_utc(systimestamp),'localhost','Y'); INSERT INTO x_db_version_h (id,version,inst_at,inst_by,updated_at,updated_by,active) VALUES (X_DB_VERSION_H_SEQ.nextval,'J10054',sys_extract_utc(systimestamp),'Ranger 3.0.0',sys_extract_utc(systimestamp),'localhost','Y'); INSERT INTO x_db_version_h (id,version,inst_at,inst_by,updated_at,updated_by,active) VALUES (X_DB_VERSION_H_SEQ.nextval,'JAVA_PATCHES',sys_extract_utc(systimestamp),'Ranger 1.0.0',sys_extract_utc(systimestamp),'localhost','Y'); commit; diff --git a/security-admin/db/postgres/optimized/current/ranger_core_db_postgres.sql b/security-admin/db/postgres/optimized/current/ranger_core_db_postgres.sql index 4b69cb1..9fd4503 100644 --- a/security-admin/db/postgres/optimized/current/ranger_core_db_postgres.sql +++ b/security-admin/db/postgres/optimized/current/ranger_core_db_postgres.sql @@ -1983,6 +1983,7 @@ INSERT INTO x_db_version_h (version,inst_at,inst_by,updated_at,updated_by,active INSERT INTO x_db_version_h (version,inst_at,inst_by,updated_at,updated_by,active) VALUES ('J10049',current_timestamp,'Ranger