Repository: ranger Updated Branches: refs/heads/ranger-0.7 bd0e82555 -> 90ed7025d
RANGER-1748 : User is unable to update existing policy while importing policy from file Signed-off-by: pradeep <[email protected]> Project: http://git-wip-us.apache.org/repos/asf/ranger/repo Commit: http://git-wip-us.apache.org/repos/asf/ranger/commit/90ed7025 Tree: http://git-wip-us.apache.org/repos/asf/ranger/tree/90ed7025 Diff: http://git-wip-us.apache.org/repos/asf/ranger/diff/90ed7025 Branch: refs/heads/ranger-0.7 Commit: 90ed7025d9abfdd98b72349bf54b19957065a5e2 Parents: bd0e825 Author: Bhavik Patel <[email protected]> Authored: Mon Sep 25 12:31:16 2017 +0530 Committer: pradeep <[email protected]> Committed: Wed Sep 27 09:51:50 2017 +0530 ---------------------------------------------------------------------- .../org/apache/ranger/rest/ServiceREST.java | 81 +++++++++++++++++++- 1 file changed, 77 insertions(+), 4 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/ranger/blob/90ed7025/security-admin/src/main/java/org/apache/ranger/rest/ServiceREST.java ---------------------------------------------------------------------- diff --git a/security-admin/src/main/java/org/apache/ranger/rest/ServiceREST.java b/security-admin/src/main/java/org/apache/ranger/rest/ServiceREST.java index 5fa114d..3703d1f 100644 --- a/security-admin/src/main/java/org/apache/ranger/rest/ServiceREST.java +++ b/security-admin/src/main/java/org/apache/ranger/rest/ServiceREST.java @@ -2018,21 +2018,34 @@ public class ServiceREST { } } String updateIfExists = request.getParameter(PARAM_UPDATE_IF_EXISTS); + String polResource = request.getParameter(SearchFilter.POL_RESOURCE); if (updateIfExists == null || updateIfExists.isEmpty()) { updateIfExists = "false"; } else if (updateIfExists.equalsIgnoreCase("true")) { isOverride = false; } - if (isOverride && updateIfExists.equalsIgnoreCase("false")){ + if (isOverride && "false".equalsIgnoreCase(updateIfExists) && StringUtils.isEmpty(polResource)) { if (LOG.isDebugEnabled()) { LOG.debug("Deleting Policy from provided services in servicesMapJson file..."); } - if (CollectionUtils.isNotEmpty(sourceServices) && CollectionUtils.isNotEmpty(destinationServices)){ - deletePoliciesProvidedInServiceMap(sourceServices, - destinationServices, null); + if (CollectionUtils.isNotEmpty(sourceServices) + && CollectionUtils.isNotEmpty(destinationServices)) { + deletePoliciesProvidedInServiceMap(sourceServices, destinationServices, null); } } + if ("true".equalsIgnoreCase(updateIfExists) && StringUtils.isNotEmpty(polResource)) { + if (LOG.isDebugEnabled()) { + LOG.debug( + "Deleting Policy from provided services in servicesMapJson file for specific resource..."); + } + if (CollectionUtils.isNotEmpty(sourceServices) + && CollectionUtils.isNotEmpty(destinationServices)) { + deletePoliciesForResource(sourceServices, destinationServices, polResource, request, + policies); + } + } + if (policies != null && !CollectionUtils.sizeIsEmpty(policies)){ for (RangerPolicy policyInJson: policies){ if (policyInJson != null){ @@ -2264,6 +2277,66 @@ public class ServiceREST { } } + private void deletePoliciesForResource(List<String> sourceServices, List<String> destinationServices, + String resource, HttpServletRequest request, List<RangerPolicy> exportPolicies) { + int totalDeletedPilicies = 0; + if (CollectionUtils.isNotEmpty(sourceServices) && CollectionUtils.isNotEmpty(destinationServices)) { + Set<String> exportedPolicyNames = new HashSet<String>(); + if (CollectionUtils.isNotEmpty(exportPolicies)) { + for (RangerPolicy rangerPolicy : exportPolicies) { + if (rangerPolicy != null) { + exportedPolicyNames.add(rangerPolicy.getName()); + } + } + } + for (int i = 0; i < sourceServices.size(); i++) { + if (!destinationServices.get(i).isEmpty()) { + RangerPolicyList servicePolicies = null; + servicePolicies = getServicePoliciesByName(destinationServices.get(i), request); + if (servicePolicies != null) { + List<RangerPolicy> rangerPolicyList = servicePolicies.getPolicies(); + if (CollectionUtils.isNotEmpty(rangerPolicyList)) { + for (RangerPolicy rangerPolicy : rangerPolicyList) { + if (rangerPolicy != null) { + Map<String, RangerPolicy.RangerPolicyResource> rangerPolicyResourceMap = rangerPolicy + .getResources(); + if (rangerPolicyResourceMap != null) { + RangerPolicy.RangerPolicyResource rangerPolicyResource = null; + if (rangerPolicyResourceMap.containsKey("path")) { + rangerPolicyResource = rangerPolicyResourceMap.get("path"); + } else if (rangerPolicyResourceMap.containsKey("database")) { + rangerPolicyResource = rangerPolicyResourceMap.get("database"); + } + if (rangerPolicyResource != null) { + if (CollectionUtils.isNotEmpty(rangerPolicyResource.getValues()) + && rangerPolicyResource.getValues().size() > 1) { + continue; + } + } + } + if (rangerPolicy.getId() != null) { + if (!exportedPolicyNames.contains(rangerPolicy.getName())) { + deletePolicy(rangerPolicy.getId()); + if (LOG.isDebugEnabled()) { + LOG.debug( + "Policy " + rangerPolicy.getName() + " deleted successfully."); + } + totalDeletedPilicies = totalDeletedPilicies + 1; + } + } + } + } + } + } + } + } + } + if (LOG.isDebugEnabled()) { + LOG.debug("Total Deleted Policy : " + totalDeletedPilicies); + } + } + + public List<RangerPolicy> getPolicies(SearchFilter filter) { if(LOG.isDebugEnabled()) { LOG.debug("==> ServiceREST.getPolicies(filter)");
