This is an automated email from the ASF dual-hosted git repository. abhay pushed a commit to branch ranger-2.2 in repository https://gitbox.apache.org/repos/asf/ranger.git
The following commit(s) were added to refs/heads/ranger-2.2 by this push: new b1dcfb4 RANGER-3397: Update ACL computation to (optionally) expand Ranger Roles to users and groups and include chained-plugins in ACL computation - Part 3 b1dcfb4 is described below commit b1dcfb42f942273de17bba58ab4c94cd3990b4f2 Author: Abhay Kulkarni <ab...@apache.org> AuthorDate: Sun Sep 12 09:52:52 2021 -0700 RANGER-3397: Update ACL computation to (optionally) expand Ranger Roles to users and groups and include chained-plugins in ACL computation - Part 3 --- .../plugin/policyengine/RangerResourceACLs.java | 6 ++-- .../ranger/plugin/service/RangerBasePlugin.java | 36 +++++++++++----------- 2 files changed, 21 insertions(+), 21 deletions(-) diff --git a/agents-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerResourceACLs.java b/agents-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerResourceACLs.java index eb12543..aa49507 100644 --- a/agents-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerResourceACLs.java +++ b/agents-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerResourceACLs.java @@ -176,7 +176,7 @@ public class RangerResourceACLs { sb.append("permissions={"); for (Map.Entry<String, AccessResult> permission : entry.getValue().entrySet()) { sb.append("{Permission=").append(permission.getKey()).append(", value=").append(permission.getValue()).append("},"); - sb.append("{RangerPolicyID=").append(permission.getValue().getPolicy().getId()).append("},"); + sb.append("{RangerPolicyID=").append(permission.getValue().getPolicy() == null ? null : permission.getValue().getPolicy().getId()).append("},"); } sb.append("},"); } @@ -188,7 +188,7 @@ public class RangerResourceACLs { sb.append("permissions={"); for (Map.Entry<String, AccessResult> permission : entry.getValue().entrySet()) { sb.append("{Permission=").append(permission.getKey()).append(", value=").append(permission.getValue()).append("}, "); - sb.append("{RangerPolicy ID=").append(permission.getValue().getPolicy().getId()).append("},"); + sb.append("{RangerPolicy ID=").append(permission.getValue().getPolicy() == null ? null : permission.getValue().getPolicy().getId()).append("},"); } sb.append("},"); } @@ -200,7 +200,7 @@ public class RangerResourceACLs { sb.append("permissions={"); for (Map.Entry<String, AccessResult> permission : entry.getValue().entrySet()) { sb.append("{Permission=").append(permission.getKey()).append(", value=").append(permission.getValue()).append("}, "); - sb.append("{RangerPolicy ID=").append(permission.getValue().getPolicy().getId()).append("},"); + sb.append("{RangerPolicy ID=").append(permission.getValue().getPolicy() == null ? null : permission.getValue().getPolicy().getId()).append("},"); } sb.append("},"); } diff --git a/agents-common/src/main/java/org/apache/ranger/plugin/service/RangerBasePlugin.java b/agents-common/src/main/java/org/apache/ranger/plugin/service/RangerBasePlugin.java index 99c48d0..57a4b4b 100644 --- a/agents-common/src/main/java/org/apache/ranger/plugin/service/RangerBasePlugin.java +++ b/agents-common/src/main/java/org/apache/ranger/plugin/service/RangerBasePlugin.java @@ -994,6 +994,23 @@ public class RangerBasePlugin { return ret; } + public static RangerResourceACLs getMergedResourceACLs(RangerResourceACLs baseACLs, RangerResourceACLs chainedACLs) { + if (LOG.isDebugEnabled()) { + LOG.debug("==> RangerBasePlugin.getMergedResourceACLs()"); + LOG.debug("baseACLs:[" + baseACLs + "]"); + LOG.debug("chainedACLS:[" + chainedACLs + "]"); + } + + overrideACLs(chainedACLs, baseACLs, RangerRolesUtil.ROLES_FOR.USER); + overrideACLs(chainedACLs, baseACLs, RangerRolesUtil.ROLES_FOR.GROUP); + overrideACLs(chainedACLs, baseACLs, RangerRolesUtil.ROLES_FOR.ROLE); + + if (LOG.isDebugEnabled()) { + LOG.debug("<== RangerBasePlugin.getMergedResourceACLs() : ret:[" + baseACLs + "]"); + } + return baseACLs; + } + private RangerAdminClient getAdminClient() throws Exception { PolicyRefresher refresher = this.refresher; RangerAdminClient admin = refresher == null ? null : refresher.getRangerAdminClient(); @@ -1068,24 +1085,7 @@ public class RangerBasePlugin { } } - private RangerResourceACLs getMergedResourceACLs(RangerResourceACLs baseACLs, RangerResourceACLs chainedACLs) { - if (LOG.isDebugEnabled()) { - LOG.debug("==> RangerBasePlugin.getMergedResourceACLs()"); - LOG.debug("baseACLs:[" + baseACLs + "]"); - LOG.debug("chainedACLS:[" + chainedACLs + "]"); - } - - overrideACLs(chainedACLs, baseACLs, RangerRolesUtil.ROLES_FOR.USER); - overrideACLs(chainedACLs, baseACLs, RangerRolesUtil.ROLES_FOR.GROUP); - overrideACLs(chainedACLs, baseACLs, RangerRolesUtil.ROLES_FOR.ROLE); - - if (LOG.isDebugEnabled()) { - LOG.debug("<== RangerBasePlugin.getMergedResourceACLs() : ret:[" + baseACLs + "]"); - } - return baseACLs; - } - - private void overrideACLs(final RangerResourceACLs chainedResourceACLs, RangerResourceACLs baseResourceACLs, final RangerRolesUtil.ROLES_FOR userType) { + private static void overrideACLs(final RangerResourceACLs chainedResourceACLs, RangerResourceACLs baseResourceACLs, final RangerRolesUtil.ROLES_FOR userType) { if (LOG.isDebugEnabled()) { LOG.debug("==> RangerBasePlugin.overrideACLs(isUser=" + userType.name() + ")"); }