This is an automated email from the ASF dual-hosted git repository.
abhay pushed a commit to branch ranger-2.2
in repository https://gitbox.apache.org/repos/asf/ranger.git
The following commit(s) were added to refs/heads/ranger-2.2 by this push:
new b1dcfb4 RANGER-3397: Update ACL computation to (optionally) expand
Ranger Roles to users and groups and include chained-plugins in ACL computation
- Part 3
b1dcfb4 is described below
commit b1dcfb42f942273de17bba58ab4c94cd3990b4f2
Author: Abhay Kulkarni <ab...@apache.org>
AuthorDate: Sun Sep 12 09:52:52 2021 -0700
RANGER-3397: Update ACL computation to (optionally) expand Ranger Roles to
users and groups and include chained-plugins in ACL computation - Part 3
---
.../plugin/policyengine/RangerResourceACLs.java | 6 ++--
.../ranger/plugin/service/RangerBasePlugin.java | 36 +++++++++++-----------
2 files changed, 21 insertions(+), 21 deletions(-)
diff --git
a/agents-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerResourceACLs.java
b/agents-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerResourceACLs.java
index eb12543..aa49507 100644
---
a/agents-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerResourceACLs.java
+++
b/agents-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerResourceACLs.java
@@ -176,7 +176,7 @@ public class RangerResourceACLs {
sb.append("permissions={");
for (Map.Entry<String, AccessResult> permission :
entry.getValue().entrySet()) {
sb.append("{Permission=").append(permission.getKey()).append(",
value=").append(permission.getValue()).append("},");
-
sb.append("{RangerPolicyID=").append(permission.getValue().getPolicy().getId()).append("},");
+
sb.append("{RangerPolicyID=").append(permission.getValue().getPolicy() == null
? null : permission.getValue().getPolicy().getId()).append("},");
}
sb.append("},");
}
@@ -188,7 +188,7 @@ public class RangerResourceACLs {
sb.append("permissions={");
for (Map.Entry<String, AccessResult> permission :
entry.getValue().entrySet()) {
sb.append("{Permission=").append(permission.getKey()).append(",
value=").append(permission.getValue()).append("}, ");
- sb.append("{RangerPolicy
ID=").append(permission.getValue().getPolicy().getId()).append("},");
+ sb.append("{RangerPolicy
ID=").append(permission.getValue().getPolicy() == null ? null :
permission.getValue().getPolicy().getId()).append("},");
}
sb.append("},");
}
@@ -200,7 +200,7 @@ public class RangerResourceACLs {
sb.append("permissions={");
for (Map.Entry<String, AccessResult> permission :
entry.getValue().entrySet()) {
sb.append("{Permission=").append(permission.getKey()).append(",
value=").append(permission.getValue()).append("}, ");
- sb.append("{RangerPolicy
ID=").append(permission.getValue().getPolicy().getId()).append("},");
+ sb.append("{RangerPolicy
ID=").append(permission.getValue().getPolicy() == null ? null :
permission.getValue().getPolicy().getId()).append("},");
}
sb.append("},");
}
diff --git
a/agents-common/src/main/java/org/apache/ranger/plugin/service/RangerBasePlugin.java
b/agents-common/src/main/java/org/apache/ranger/plugin/service/RangerBasePlugin.java
index 99c48d0..57a4b4b 100644
---
a/agents-common/src/main/java/org/apache/ranger/plugin/service/RangerBasePlugin.java
+++
b/agents-common/src/main/java/org/apache/ranger/plugin/service/RangerBasePlugin.java
@@ -994,6 +994,23 @@ public class RangerBasePlugin {
return ret;
}
+ public static RangerResourceACLs
getMergedResourceACLs(RangerResourceACLs baseACLs, RangerResourceACLs
chainedACLs) {
+ if (LOG.isDebugEnabled()) {
+ LOG.debug("==>
RangerBasePlugin.getMergedResourceACLs()");
+ LOG.debug("baseACLs:[" + baseACLs + "]");
+ LOG.debug("chainedACLS:[" + chainedACLs + "]");
+ }
+
+ overrideACLs(chainedACLs, baseACLs,
RangerRolesUtil.ROLES_FOR.USER);
+ overrideACLs(chainedACLs, baseACLs,
RangerRolesUtil.ROLES_FOR.GROUP);
+ overrideACLs(chainedACLs, baseACLs,
RangerRolesUtil.ROLES_FOR.ROLE);
+
+ if (LOG.isDebugEnabled()) {
+ LOG.debug("<== RangerBasePlugin.getMergedResourceACLs()
: ret:[" + baseACLs + "]");
+ }
+ return baseACLs;
+ }
+
private RangerAdminClient getAdminClient() throws Exception {
PolicyRefresher refresher = this.refresher;
RangerAdminClient admin = refresher == null ? null :
refresher.getRangerAdminClient();
@@ -1068,24 +1085,7 @@ public class RangerBasePlugin {
}
}
- private RangerResourceACLs getMergedResourceACLs(RangerResourceACLs
baseACLs, RangerResourceACLs chainedACLs) {
- if (LOG.isDebugEnabled()) {
- LOG.debug("==>
RangerBasePlugin.getMergedResourceACLs()");
- LOG.debug("baseACLs:[" + baseACLs + "]");
- LOG.debug("chainedACLS:[" + chainedACLs + "]");
- }
-
- overrideACLs(chainedACLs, baseACLs,
RangerRolesUtil.ROLES_FOR.USER);
- overrideACLs(chainedACLs, baseACLs,
RangerRolesUtil.ROLES_FOR.GROUP);
- overrideACLs(chainedACLs, baseACLs,
RangerRolesUtil.ROLES_FOR.ROLE);
-
- if (LOG.isDebugEnabled()) {
- LOG.debug("<== RangerBasePlugin.getMergedResourceACLs()
: ret:[" + baseACLs + "]");
- }
- return baseACLs;
- }
-
- private void overrideACLs(final RangerResourceACLs chainedResourceACLs,
RangerResourceACLs baseResourceACLs, final RangerRolesUtil.ROLES_FOR userType) {
+ private static void overrideACLs(final RangerResourceACLs
chainedResourceACLs, RangerResourceACLs baseResourceACLs, final
RangerRolesUtil.ROLES_FOR userType) {
if (LOG.isDebugEnabled()) {
LOG.debug("==> RangerBasePlugin.overrideACLs(isUser=" +
userType.name() + ")");
}
