Repository: ranger Updated Branches: refs/heads/master 17deef643 -> a95606928
RANGER-1748: User is unable to update existing policy while importing policy from file Signed-off-by: pradeep <[email protected]> Project: http://git-wip-us.apache.org/repos/asf/ranger/repo Commit: http://git-wip-us.apache.org/repos/asf/ranger/commit/a9560692 Tree: http://git-wip-us.apache.org/repos/asf/ranger/tree/a9560692 Diff: http://git-wip-us.apache.org/repos/asf/ranger/diff/a9560692 Branch: refs/heads/master Commit: a95606928d372f5214b0b55500408ad66a831bc0 Parents: 17deef6 Author: Bhavik Patel <[email protected]> Authored: Mon Sep 25 12:00:24 2017 +0530 Committer: pradeep <[email protected]> Committed: Wed Sep 27 09:46:22 2017 +0530 ---------------------------------------------------------------------- .../org/apache/ranger/rest/ServiceREST.java | 68 +++++++++++++++++++- 1 file changed, 65 insertions(+), 3 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/ranger/blob/a9560692/security-admin/src/main/java/org/apache/ranger/rest/ServiceREST.java ---------------------------------------------------------------------- diff --git a/security-admin/src/main/java/org/apache/ranger/rest/ServiceREST.java b/security-admin/src/main/java/org/apache/ranger/rest/ServiceREST.java index f1ce3af..d8f217d 100644 --- a/security-admin/src/main/java/org/apache/ranger/rest/ServiceREST.java +++ b/security-admin/src/main/java/org/apache/ranger/rest/ServiceREST.java @@ -2017,18 +2017,27 @@ public class ServiceREST { } } String updateIfExists = request.getParameter(PARAM_UPDATE_IF_EXISTS); + String polResource = request.getParameter(SearchFilter.POL_RESOURCE); if (updateIfExists == null || updateIfExists.isEmpty()) { updateIfExists = "false"; } else if (updateIfExists.equalsIgnoreCase("true")) { isOverride = false; } - if (isOverride && updateIfExists.equalsIgnoreCase("false")){ + if (isOverride && "false".equalsIgnoreCase(updateIfExists) && StringUtils.isEmpty(polResource)) { if (LOG.isDebugEnabled()) { LOG.debug("Deleting Policy from provided services in servicesMapJson file..."); } + if (CollectionUtils.isNotEmpty(sourceServices) && CollectionUtils.isNotEmpty(destinationServices)) { + deletePoliciesProvidedInServiceMap(sourceServices, destinationServices, null); + } + } + + if ("true".equalsIgnoreCase(updateIfExists) && StringUtils.isNotEmpty(polResource)) { + if (LOG.isDebugEnabled()) { + LOG.debug("Deleting Policy from provided services in servicesMapJson file for specific resource..."); + } if (CollectionUtils.isNotEmpty(sourceServices) && CollectionUtils.isNotEmpty(destinationServices)){ - deletePoliciesProvidedInServiceMap(sourceServices, - destinationServices, null); + deletePoliciesForResource(sourceServices, destinationServices, polResource, request, policies); } } if (policies != null && !CollectionUtils.sizeIsEmpty(policies)){ @@ -2262,6 +2271,59 @@ public class ServiceREST { } } + private void deletePoliciesForResource(List<String> sourceServices, List<String> destinationServices, String resource, HttpServletRequest request, List<RangerPolicy> exportPolicies) { + int totalDeletedPilicies = 0; + if (CollectionUtils.isNotEmpty(sourceServices) + && CollectionUtils.isNotEmpty(destinationServices)) { + Set<String> exportedPolicyNames=new HashSet<String>(); + if (CollectionUtils.isNotEmpty(exportPolicies)) { + for (RangerPolicy rangerPolicy : exportPolicies) { + if (rangerPolicy!=null) { + exportedPolicyNames.add(rangerPolicy.getName()); + } + } + } + for (int i = 0; i < sourceServices.size(); i++) { + if (!destinationServices.get(i).isEmpty()) { + RangerPolicyList servicePolicies = null; + servicePolicies = getServicePoliciesByName(destinationServices.get(i), request); + if (servicePolicies != null) { + List<RangerPolicy> rangerPolicyList = servicePolicies.getPolicies(); + if (CollectionUtils.isNotEmpty(rangerPolicyList)) { + for (RangerPolicy rangerPolicy : rangerPolicyList) { + if (rangerPolicy != null) { + Map<String, RangerPolicy.RangerPolicyResource> rangerPolicyResourceMap=rangerPolicy.getResources(); + if (rangerPolicyResourceMap!=null) { + RangerPolicy.RangerPolicyResource rangerPolicyResource=null; + if (rangerPolicyResourceMap.containsKey("path")) { + rangerPolicyResource=rangerPolicyResourceMap.get("path"); + } else if (rangerPolicyResourceMap.containsKey("database")) { + rangerPolicyResource=rangerPolicyResourceMap.get("database"); + } + if (rangerPolicyResource!=null) { + if (CollectionUtils.isNotEmpty(rangerPolicyResource.getValues()) && rangerPolicyResource.getValues().size()>1) { + continue; + } + } + } + if (rangerPolicy.getId() != null) { + if (!exportedPolicyNames.contains(rangerPolicy.getName())) { + deletePolicy(rangerPolicy.getId()); + if (LOG.isDebugEnabled()) { + LOG.debug("Policy " + rangerPolicy.getName() + " deleted successfully."); + } + totalDeletedPilicies = totalDeletedPilicies + 1; + } + } + } + } + } + } + } + } + } + } + public List<RangerPolicy> getPolicies(SearchFilter filter) { if(LOG.isDebugEnabled()) { LOG.debug("==> ServiceREST.getPolicies(filter)");
