[ranger] branch ranger-2.3 updated: RANGER-3769: Removing a tag-service association from a service does not update policy engine
This is an automated email from the ASF dual-hosted git repository.
abhay pushed a commit to branch ranger-2.3
in repository https://gitbox.apache.org/repos/asf/ranger.git
The following commit(s) were added to refs/heads/ranger-2.3 by this push:
new 57a01c74e RANGER-3769: Removing a tag-service association from a
service does not update policy engine
57a01c74e is described below
commit 57a01c74e1d7c58377eb28c5ccea17f5e06490fe
Author: Abhay Kulkarni
AuthorDate: Wed May 18 20:07:19 2022 -0700
RANGER-3769: Removing a tag-service association from a service does not
update policy engine
---
.../apache/ranger/plugin/util/RangerPolicyDeltaUtil.java | 14 --
.../java/org/apache/ranger/biz/RangerPolicyAdminCache.java | 4
2 files changed, 16 insertions(+), 2 deletions(-)
diff --git
a/agents-common/src/main/java/org/apache/ranger/plugin/util/RangerPolicyDeltaUtil.java
b/agents-common/src/main/java/org/apache/ranger/plugin/util/RangerPolicyDeltaUtil.java
index 43a494093..e9223fe69 100644
---
a/agents-common/src/main/java/org/apache/ranger/plugin/util/RangerPolicyDeltaUtil.java
+++
b/agents-common/src/main/java/org/apache/ranger/plugin/util/RangerPolicyDeltaUtil.java
@@ -228,9 +228,19 @@ public class RangerPolicyDeltaUtil {
LOG.warn("Downloaded ServicePolicies are [" + servicePolicies
+ "]");
ret = null;
} else if (!isPoliciesExist && !isPolicyDeltasExist) {
-LOG.warn("ServicePolicies do not contain any policies or
policy-deltas!! There are no material changes in the policies.");
+LOG.warn("ServicePolicies do not contain any policies or
policy-deltas!!");
LOG.warn("Downloaded ServicePolicies are [" + servicePolicies
+ "]");
-ret = null;
+if (servicePolicies.getPolicyDeltas() == null) {
+if (LOG.isDebugEnabled()) {
+LOG.debug("Complete set of servicePolicies is
received. There may be a change to service. Forcing to create a new policy
engine!");
+}
+ret = false;// Force new policy engine creation from
servicePolicies
+} else {
+if (LOG.isDebugEnabled()) {
+LOG.debug("servicePolicy deltas are received. There
are no material changes in the policies.");
+}
+ret = null;
+}
} else {
ret = isPolicyDeltasExist;
}
diff --git
a/security-admin/src/main/java/org/apache/ranger/biz/RangerPolicyAdminCache.java
b/security-admin/src/main/java/org/apache/ranger/biz/RangerPolicyAdminCache.java
index 053a41064..a52e07b9f 100644
---
a/security-admin/src/main/java/org/apache/ranger/biz/RangerPolicyAdminCache.java
+++
b/security-admin/src/main/java/org/apache/ranger/biz/RangerPolicyAdminCache.java
@@ -19,6 +19,7 @@
package org.apache.ranger.biz;
+import java.util.ArrayList;
import java.util.Collections;
import java.util.HashMap;
import java.util.Map;
@@ -161,6 +162,9 @@ public class RangerPolicyAdminCache {
LOG.error("Old policy engine is null!
Cannot apply deltas without old policy engine!");
}
} else {
+ if (policies.getPolicies() == null) {
+ policies.setPolicies(new ArrayList<>());
+ }
policyAdmin = addPolicyAdmin(policies, roles,
options);
}
} else {
[ranger] branch master updated: RANGER-3769: Removing a tag-service association from a service does not update policy engine
This is an automated email from the ASF dual-hosted git repository.
abhay pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/ranger.git
The following commit(s) were added to refs/heads/master by this push:
new 48c0551b4 RANGER-3769: Removing a tag-service association from a
service does not update policy engine
48c0551b4 is described below
commit 48c0551b47c41d0b9688fd3cdbf6d2c894bac82c
Author: Abhay Kulkarni
AuthorDate: Wed May 18 20:07:19 2022 -0700
RANGER-3769: Removing a tag-service association from a service does not
update policy engine
---
.../apache/ranger/plugin/util/RangerPolicyDeltaUtil.java | 14 --
.../java/org/apache/ranger/biz/RangerPolicyAdminCache.java | 4
2 files changed, 16 insertions(+), 2 deletions(-)
diff --git
a/agents-common/src/main/java/org/apache/ranger/plugin/util/RangerPolicyDeltaUtil.java
b/agents-common/src/main/java/org/apache/ranger/plugin/util/RangerPolicyDeltaUtil.java
index 43a494093..e9223fe69 100644
---
a/agents-common/src/main/java/org/apache/ranger/plugin/util/RangerPolicyDeltaUtil.java
+++
b/agents-common/src/main/java/org/apache/ranger/plugin/util/RangerPolicyDeltaUtil.java
@@ -228,9 +228,19 @@ public class RangerPolicyDeltaUtil {
LOG.warn("Downloaded ServicePolicies are [" + servicePolicies
+ "]");
ret = null;
} else if (!isPoliciesExist && !isPolicyDeltasExist) {
-LOG.warn("ServicePolicies do not contain any policies or
policy-deltas!! There are no material changes in the policies.");
+LOG.warn("ServicePolicies do not contain any policies or
policy-deltas!!");
LOG.warn("Downloaded ServicePolicies are [" + servicePolicies
+ "]");
-ret = null;
+if (servicePolicies.getPolicyDeltas() == null) {
+if (LOG.isDebugEnabled()) {
+LOG.debug("Complete set of servicePolicies is
received. There may be a change to service. Forcing to create a new policy
engine!");
+}
+ret = false;// Force new policy engine creation from
servicePolicies
+} else {
+if (LOG.isDebugEnabled()) {
+LOG.debug("servicePolicy deltas are received. There
are no material changes in the policies.");
+}
+ret = null;
+}
} else {
ret = isPolicyDeltasExist;
}
diff --git
a/security-admin/src/main/java/org/apache/ranger/biz/RangerPolicyAdminCache.java
b/security-admin/src/main/java/org/apache/ranger/biz/RangerPolicyAdminCache.java
index 1ca4415ae..a64e427c5 100644
---
a/security-admin/src/main/java/org/apache/ranger/biz/RangerPolicyAdminCache.java
+++
b/security-admin/src/main/java/org/apache/ranger/biz/RangerPolicyAdminCache.java
@@ -19,6 +19,7 @@
package org.apache.ranger.biz;
+import java.util.ArrayList;
import java.util.Collections;
import java.util.HashMap;
import java.util.Map;
@@ -159,6 +160,9 @@ public class RangerPolicyAdminCache {
LOG.error("Old policy engine is null!
Cannot apply deltas without old policy engine!");
}
} else {
+ if (policies.getPolicies() == null) {
+ policies.setPolicies(new ArrayList<>());
+ }
policyAdmin = addPolicyAdmin(policies, roles,
options);
}
} else {
