[ranger] branch master updated: RANGER-2772: Adding the functionality of merging the policy - Part 3

[abhay]

This is an automated email from the ASF dual-hosted git repository.

abhay pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/ranger.git


The following commit(s) were added to refs/heads/master by this push:
 new b7a2902  RANGER-2772: Adding the functionality of merging the policy - 
Part 3
b7a2902 is described below

commit b7a2902939f0d5ae64ead9fde539e76a766238a2
Author: Abhay Kulkarni 
AuthorDate: Thu Apr 23 19:38:33 2020 -0700

RANGER-2772: Adding the functionality of merging the policy - Part 3
---
 .../java/org/apache/ranger/rest/ServiceREST.java   | 53 ++---
 .../org/apache/ranger/rest/ServiceRESTUtil.java| 68 +-
 2 files changed, 88 insertions(+), 33 deletions(-)

diff --git 
a/security-admin/src/main/java/org/apache/ranger/rest/ServiceREST.java 
b/security-admin/src/main/java/org/apache/ranger/rest/ServiceREST.java
index 82e67e6..1bdee86 100644
--- a/security-admin/src/main/java/org/apache/ranger/rest/ServiceREST.java
+++ b/security-admin/src/main/java/org/apache/ranger/rest/ServiceREST.java
@@ -83,6 +83,7 @@ import org.apache.ranger.common.ServiceUtil;
 import org.apache.ranger.common.UserSessionBase;
 import org.apache.ranger.common.db.RangerTransactionSynchronizationAdapter;
 import org.apache.ranger.db.RangerDaoManager;
+import org.apache.ranger.entity.XXPolicy;
 import org.apache.ranger.entity.XXPolicyExportAudit;
 import org.apache.ranger.entity.XXSecurityZone;
 import org.apache.ranger.entity.XXSecurityZoneRefService;
@@ -97,6 +98,7 @@ import 
org.apache.ranger.plugin.model.RangerPolicy.RangerPolicyItem;
 import org.apache.ranger.plugin.model.RangerPolicy.RangerPolicyItemAccess;
 import org.apache.ranger.plugin.model.RangerPolicy.RangerPolicyResource;
 import org.apache.ranger.plugin.model.RangerPolicyDelta;
+import org.apache.ranger.plugin.model.RangerPolicyResourceSignature;
 import org.apache.ranger.plugin.model.RangerSecurityZone;
 import org.apache.ranger.plugin.model.RangerService;
 import org.apache.ranger.plugin.model.RangerServiceDef;
@@ -1661,7 +1663,13 @@ public class ServiceREST {
}
boolean 
updateIfExists=("true".equalsIgnoreCase(StringUtils.trimToEmpty(request.getParameter(PARAM_UPDATE_IF_EXISTS
 ? true : false ;
boolean mergeIfExists  = 
"true".equalsIgnoreCase(StringUtils.trimToEmpty(request.getParameter(PARAM_MERGE_IF_EXISTS)))
  ? true : false;
-   if(updateIfExists || mergeIfExists) {
+
+   if (mergeIfExists && updateIfExists) {
+   LOG.warn("Cannot use both 
updateIfExists and mergeIfExists for a createPolicy. mergeIfExists will 
override updateIfExists for policy :[" + policy.getName() + "]");
+   }
+   if (mergeIfExists) {
+   ret = applyPolicy(policy, request);
+   } else if(updateIfExists) {
RangerPolicy existingPolicy = null;
String serviceName = 
request.getParameter(PARAM_SERVICE_NAME);
if (serviceName == null) {
@@ -1699,20 +1707,11 @@ public class ServiceREST {
}
try {
if (existingPolicy != null) {
-   if (updateIfExists) {
-   
policy.setId(existingPolicy.getId());
-   ret = 
updatePolicy(policy);
-   } else 
if(mergeIfExists){
-   
ServiceRESTUtil.mergeExactMatchPolicyForResource(existingPolicy, policy);
-   ret = 
updatePolicy(existingPolicy);
-   }
+   
policy.setId(existingPolicy.getId());
+   ret = 
updatePolicy(policy);
}
} catch (Exception excp){
-   if(updateIfExists) {
-   
LOG.error("updatePolicy(" + policy + ") failed", excp);
-   }else if(mergeIfExists) {
-   LOG.error("updatePolicy 
for merge (" + existingPolicy + ") failed", excp);
-   }
+   LOG.error("updatePolicy(" + 

[ranger] branch master updated: RANGER-2772 : Adding the functionality of merging the policy

[vel]

This is an automated email from the ASF dual-hosted git repository.

vel pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/ranger.git


The following commit(s) were added to refs/heads/master by this push:
 new d65abd8  RANGER-2772 : Adding the functionality of merging the policy
d65abd8 is described below

commit d65abd8c4f7a5297f376c167f5f31b57e68bf601
Author: Dineshkumar Yadav 
AuthorDate: Wed Apr 1 13:39:16 2020 +0530

RANGER-2772 : Adding the functionality of merging the policy

Signed-off-by: Velmurugan Periasamy 
---
 .../main/java/org/apache/ranger/rest/ServiceREST.java  | 18 ++
 1 file changed, 14 insertions(+), 4 deletions(-)

diff --git 
a/security-admin/src/main/java/org/apache/ranger/rest/ServiceREST.java 
b/security-admin/src/main/java/org/apache/ranger/rest/ServiceREST.java
index 8618f32..38b4982 100644
--- a/security-admin/src/main/java/org/apache/ranger/rest/ServiceREST.java
+++ b/security-admin/src/main/java/org/apache/ranger/rest/ServiceREST.java
@@ -1660,7 +1660,8 @@ public class ServiceREST {

deleteExactMatchPolicyForResource(policies, request.getRemoteUser(), null);
}
boolean 
updateIfExists=("true".equalsIgnoreCase(StringUtils.trimToEmpty(request.getParameter(PARAM_UPDATE_IF_EXISTS
 ? true : false ;
-   if(updateIfExists) {
+   boolean mergeIfExists  = 
"true".equalsIgnoreCase(StringUtils.trimToEmpty(request.getParameter(PARAM_MERGE_IF_EXISTS)))
  ? true : false;
+   if(updateIfExists || mergeIfExists) {
RangerPolicy existingPolicy = null;
String serviceName = 
request.getParameter(PARAM_SERVICE_NAME);
if (serviceName == null) {
@@ -1698,11 +1699,20 @@ public class ServiceREST {
}
try {
if (existingPolicy != null) {
-   
policy.setId(existingPolicy.getId());
-   ret = 
updatePolicy(policy);
+   if (updateIfExists) {
+   
policy.setId(existingPolicy.getId());
+   ret = 
updatePolicy(policy);
+   } else 
if(mergeIfExists){
+   
ServiceRESTUtil.mergeExactMatchPolicyForResource(existingPolicy, policy);
+   ret = 
updatePolicy(existingPolicy);
+   }
}
} catch (Exception excp){
-   LOG.error("updatePolicy(" + 
policy + ") failed", excp);
+   if(updateIfExists) {
+   
LOG.error("updatePolicy(" + policy + ") failed", excp);
+   }else if(mergeIfExists) {
+   LOG.error("updatePolicy 
for merge (" + existingPolicy + ") failed", excp);
+   }
throw 
restErrorUtil.createRESTException(excp.getMessage());
}
}