[ranger] branch ranger-2.3 updated: RANGER-3769: Removing a tag-service association from a service does not update policy engine
This is an automated email from the ASF dual-hosted git repository. abhay pushed a commit to branch ranger-2.3 in repository https://gitbox.apache.org/repos/asf/ranger.git The following commit(s) were added to refs/heads/ranger-2.3 by this push: new 57a01c74e RANGER-3769: Removing a tag-service association from a service does not update policy engine 57a01c74e is described below commit 57a01c74e1d7c58377eb28c5ccea17f5e06490fe Author: Abhay Kulkarni AuthorDate: Wed May 18 20:07:19 2022 -0700 RANGER-3769: Removing a tag-service association from a service does not update policy engine --- .../apache/ranger/plugin/util/RangerPolicyDeltaUtil.java | 14 -- .../java/org/apache/ranger/biz/RangerPolicyAdminCache.java | 4 2 files changed, 16 insertions(+), 2 deletions(-) diff --git a/agents-common/src/main/java/org/apache/ranger/plugin/util/RangerPolicyDeltaUtil.java b/agents-common/src/main/java/org/apache/ranger/plugin/util/RangerPolicyDeltaUtil.java index 43a494093..e9223fe69 100644 --- a/agents-common/src/main/java/org/apache/ranger/plugin/util/RangerPolicyDeltaUtil.java +++ b/agents-common/src/main/java/org/apache/ranger/plugin/util/RangerPolicyDeltaUtil.java @@ -228,9 +228,19 @@ public class RangerPolicyDeltaUtil { LOG.warn("Downloaded ServicePolicies are [" + servicePolicies + "]"); ret = null; } else if (!isPoliciesExist && !isPolicyDeltasExist) { -LOG.warn("ServicePolicies do not contain any policies or policy-deltas!! There are no material changes in the policies."); +LOG.warn("ServicePolicies do not contain any policies or policy-deltas!!"); LOG.warn("Downloaded ServicePolicies are [" + servicePolicies + "]"); -ret = null; +if (servicePolicies.getPolicyDeltas() == null) { +if (LOG.isDebugEnabled()) { +LOG.debug("Complete set of servicePolicies is received. There may be a change to service. Forcing to create a new policy engine!"); +} +ret = false;// Force new policy engine creation from servicePolicies +} else { +if (LOG.isDebugEnabled()) { +LOG.debug("servicePolicy deltas are received. There are no material changes in the policies."); +} +ret = null; +} } else { ret = isPolicyDeltasExist; } diff --git a/security-admin/src/main/java/org/apache/ranger/biz/RangerPolicyAdminCache.java b/security-admin/src/main/java/org/apache/ranger/biz/RangerPolicyAdminCache.java index 053a41064..a52e07b9f 100644 --- a/security-admin/src/main/java/org/apache/ranger/biz/RangerPolicyAdminCache.java +++ b/security-admin/src/main/java/org/apache/ranger/biz/RangerPolicyAdminCache.java @@ -19,6 +19,7 @@ package org.apache.ranger.biz; +import java.util.ArrayList; import java.util.Collections; import java.util.HashMap; import java.util.Map; @@ -161,6 +162,9 @@ public class RangerPolicyAdminCache { LOG.error("Old policy engine is null! Cannot apply deltas without old policy engine!"); } } else { + if (policies.getPolicies() == null) { + policies.setPolicies(new ArrayList<>()); + } policyAdmin = addPolicyAdmin(policies, roles, options); } } else {
[ranger] branch master updated: RANGER-3769: Removing a tag-service association from a service does not update policy engine
This is an automated email from the ASF dual-hosted git repository. abhay pushed a commit to branch master in repository https://gitbox.apache.org/repos/asf/ranger.git The following commit(s) were added to refs/heads/master by this push: new 48c0551b4 RANGER-3769: Removing a tag-service association from a service does not update policy engine 48c0551b4 is described below commit 48c0551b47c41d0b9688fd3cdbf6d2c894bac82c Author: Abhay Kulkarni AuthorDate: Wed May 18 20:07:19 2022 -0700 RANGER-3769: Removing a tag-service association from a service does not update policy engine --- .../apache/ranger/plugin/util/RangerPolicyDeltaUtil.java | 14 -- .../java/org/apache/ranger/biz/RangerPolicyAdminCache.java | 4 2 files changed, 16 insertions(+), 2 deletions(-) diff --git a/agents-common/src/main/java/org/apache/ranger/plugin/util/RangerPolicyDeltaUtil.java b/agents-common/src/main/java/org/apache/ranger/plugin/util/RangerPolicyDeltaUtil.java index 43a494093..e9223fe69 100644 --- a/agents-common/src/main/java/org/apache/ranger/plugin/util/RangerPolicyDeltaUtil.java +++ b/agents-common/src/main/java/org/apache/ranger/plugin/util/RangerPolicyDeltaUtil.java @@ -228,9 +228,19 @@ public class RangerPolicyDeltaUtil { LOG.warn("Downloaded ServicePolicies are [" + servicePolicies + "]"); ret = null; } else if (!isPoliciesExist && !isPolicyDeltasExist) { -LOG.warn("ServicePolicies do not contain any policies or policy-deltas!! There are no material changes in the policies."); +LOG.warn("ServicePolicies do not contain any policies or policy-deltas!!"); LOG.warn("Downloaded ServicePolicies are [" + servicePolicies + "]"); -ret = null; +if (servicePolicies.getPolicyDeltas() == null) { +if (LOG.isDebugEnabled()) { +LOG.debug("Complete set of servicePolicies is received. There may be a change to service. Forcing to create a new policy engine!"); +} +ret = false;// Force new policy engine creation from servicePolicies +} else { +if (LOG.isDebugEnabled()) { +LOG.debug("servicePolicy deltas are received. There are no material changes in the policies."); +} +ret = null; +} } else { ret = isPolicyDeltasExist; } diff --git a/security-admin/src/main/java/org/apache/ranger/biz/RangerPolicyAdminCache.java b/security-admin/src/main/java/org/apache/ranger/biz/RangerPolicyAdminCache.java index 1ca4415ae..a64e427c5 100644 --- a/security-admin/src/main/java/org/apache/ranger/biz/RangerPolicyAdminCache.java +++ b/security-admin/src/main/java/org/apache/ranger/biz/RangerPolicyAdminCache.java @@ -19,6 +19,7 @@ package org.apache.ranger.biz; +import java.util.ArrayList; import java.util.Collections; import java.util.HashMap; import java.util.Map; @@ -159,6 +160,9 @@ public class RangerPolicyAdminCache { LOG.error("Old policy engine is null! Cannot apply deltas without old policy engine!"); } } else { + if (policies.getPolicies() == null) { + policies.setPolicies(new ArrayList<>()); + } policyAdmin = addPolicyAdmin(policies, roles, options); } } else {