This is an automated email from the ASF dual-hosted git repository.
abhay pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/ranger.git
The following commit(s) were added to refs/heads/master by this push:
new 4f1a65d RANGER-2400: policy name needs to be unique within security
zone and service - part 3
4f1a65d is described below
commit 4f1a65ddeceee932444cce7e8354afffe198133b
Author: Abhay Kulkarni <[email protected]>
AuthorDate: Fri Apr 19 16:43:47 2019 -0700
RANGER-2400: policy name needs to be unique within security zone and
service - part 3
---
.../model/validation/RangerPolicyValidator.java | 2 +-
.../optimized/current/ranger_core_db_mysql.sql | 2 +-
.../patches/037-create-security-zone-schema.sql | 2 +-
.../optimized/current/ranger_core_db_oracle.sql | 2 +-
.../patches/037-create-security-zone-schema.sql | 2 +-
.../optimized/current/ranger_core_db_postgres.sql | 2 +-
.../patches/037-create-security-zone-schema.sql | 2 +-
.../current/ranger_core_db_sqlanywhere.sql | 2 +-
.../patches/037-create-security-zone-schema.sql | 2 +-
.../optimized/current/ranger_core_db_sqlserver.sql | 2 +-
.../patches/037-create-security-zone-schema.sql | 2 +-
.../apache/ranger/biz/RangerPolicyRetriever.java | 39 +++++++++++++---------
12 files changed, 34 insertions(+), 27 deletions(-)
diff --git
a/agents-common/src/main/java/org/apache/ranger/plugin/model/validation/RangerPolicyValidator.java
b/agents-common/src/main/java/org/apache/ranger/plugin/model/validation/RangerPolicyValidator.java
index 8882f43..990aab0 100644
---
a/agents-common/src/main/java/org/apache/ranger/plugin/model/validation/RangerPolicyValidator.java
+++
b/agents-common/src/main/java/org/apache/ranger/plugin/model/validation/RangerPolicyValidator.java
@@ -284,7 +284,7 @@ public class RangerPolicyValidator extends RangerValidator {
failures.add(new
ValidationFailureDetailsBuilder()
.field("zoneName")
.isSemanticallyIncorrect()
-
.becauseOf(error.getMessage(id, existingZoneName, zoneName))
+
.becauseOf(error.getMessage(existingZoneName, zoneName))
.errorCode(error.getErrorCode())
.build());
valid = false;
diff --git a/security-admin/db/mysql/optimized/current/ranger_core_db_mysql.sql
b/security-admin/db/mysql/optimized/current/ranger_core_db_mysql.sql
index 769afb5..63e1b6f 100644
--- a/security-admin/db/mysql/optimized/current/ranger_core_db_mysql.sql
+++ b/security-admin/db/mysql/optimized/current/ranger_core_db_mysql.sql
@@ -1519,7 +1519,7 @@ INSERT INTO
x_user(create_time,update_time,added_by_id,upd_by_id,user_name,descr
INSERT INTO `x_modules_master`
(`create_time`,`update_time`,`added_by_id`,`upd_by_id`,`module`,`url`) VALUES
(UTC_TIMESTAMP(),UTC_TIMESTAMP(),getXportalUIdByLoginId('admin'),getXportalUIdByLoginId('admin'),'Resource
Based
Policies',''),(UTC_TIMESTAMP(),UTC_TIMESTAMP(),getXportalUIdByLoginId('admin'),getXportalUIdByLoginId('admin'),'Users/Groups',''),(UTC_TIMESTAMP(),UTC_TIMESTAMP(),getXportalUIdByLoginId('admin'),getXportalUIdByLoginId('admin'),'Reports',''),(UTC_TIMESTAMP(),UTC_TIMESTAM
[...]
INSERT INTO `x_modules_master`
(`create_time`,`update_time`,`added_by_id`,`upd_by_id`,`module`,`url`) VALUES
(UTC_TIMESTAMP(),UTC_TIMESTAMP(),getXportalUIdByLoginId('admin'),getXportalUIdByLoginId('admin'),'Security
Zone','');
-INSERT INTO x_security_zone(id, create_time, update_time, added_by_id,
upd_by_id, version, name, jsonData, description) VALUES (1,
UTC_TIMESTAMP(),UTC_TIMESTAMP(), getXportalUIdByLoginId('admin'),
getXportalUIdByLoginId('admin'), 1, ' ', '', 'Unzoned zone');
+INSERT INTO x_security_zone(id, create_time, update_time, added_by_id,
upd_by_id, version, name, jsonData, description) VALUES (1,
UTC_TIMESTAMP(),UTC_TIMESTAMP(), getXportalUIdByLoginId('admin'),
getXportalUIdByLoginId('admin'), 1, '', '', 'Unzoned zone');
INSERT INTO x_db_version_h
(version,inst_at,inst_by,updated_at,updated_by,active) VALUES
('CORE_DB_SCHEMA',UTC_TIMESTAMP(),'Ranger
1.0.0',UTC_TIMESTAMP(),'localhost','Y');
INSERT INTO x_db_version_h
(version,inst_at,inst_by,updated_at,updated_by,active) VALUES
('001',UTC_TIMESTAMP(),'Ranger 1.0.0',UTC_TIMESTAMP(),'localhost','Y');
INSERT INTO x_db_version_h
(version,inst_at,inst_by,updated_at,updated_by,active) VALUES
('002',UTC_TIMESTAMP(),'Ranger 1.0.0',UTC_TIMESTAMP(),'localhost','Y');
diff --git
a/security-admin/db/mysql/patches/037-create-security-zone-schema.sql
b/security-admin/db/mysql/patches/037-create-security-zone-schema.sql
index 8c9e073..b6c1080 100644
--- a/security-admin/db/mysql/patches/037-create-security-zone-schema.sql
+++ b/security-admin/db/mysql/patches/037-create-security-zone-schema.sql
@@ -202,7 +202,7 @@ drop procedure if exists add_unzone_entry;
delimiter ;;
create procedure add_unzone_entry() begin
if not exists (select * from x_security_zone where id=1 and name=' ') then
- INSERT INTO x_security_zone(id, create_time, update_time, added_by_id,
upd_by_id, version, name, jsonData, description) VALUES (1,
UTC_TIMESTAMP(),UTC_TIMESTAMP(), getXportalUIdByLoginId('admin'),
getXportalUIdByLoginId('admin'), 1, ' ', '', 'Unzoned zone');
+ INSERT INTO x_security_zone(id, create_time, update_time, added_by_id,
upd_by_id, version, name, jsonData, description) VALUES (1,
UTC_TIMESTAMP(),UTC_TIMESTAMP(), getXportalUIdByLoginId('admin'),
getXportalUIdByLoginId('admin'), 1, '', '', 'Unzoned zone');
end if;
end;;
delimiter ;
diff --git
a/security-admin/db/oracle/optimized/current/ranger_core_db_oracle.sql
b/security-admin/db/oracle/optimized/current/ranger_core_db_oracle.sql
index 9a9e36b..8cb1ba1 100644
--- a/security-admin/db/oracle/optimized/current/ranger_core_db_oracle.sql
+++ b/security-admin/db/oracle/optimized/current/ranger_core_db_oracle.sql
@@ -1693,7 +1693,7 @@ INSERT INTO x_modules_master
VALUES(X_MODULES_MASTER_SEQ.NEXTVAL,sys_extract_utc
INSERT INTO x_modules_master
VALUES(X_MODULES_MASTER_SEQ.NEXTVAL,sys_extract_utc(systimestamp),sys_extract_utc(systimestamp),getXportalUIdByLoginId('admin'),getXportalUIdByLoginId('admin'),'Key
Manager','');
INSERT INTO x_modules_master
VALUES(X_MODULES_MASTER_SEQ.NEXTVAL,sys_extract_utc(systimestamp),sys_extract_utc(systimestamp),getXportalUIdByLoginId('admin'),getXportalUIdByLoginId('admin'),'Tag
Based Policies','');
INSERT INTO x_modules_master
VALUES(X_MODULES_MASTER_SEQ.NEXTVAL,sys_extract_utc(systimestamp),sys_extract_utc(systimestamp),getXportalUIdByLoginId('admin'),getXportalUIdByLoginId('admin'),'Security
Zone','');
-INSERT INTO x_security_zone(id, create_time, update_time, added_by_id,
upd_by_id, version, name, jsonData, description) VALUES
(X_SECURITY_ZONE_SEQ.NEXTVAL, sys_extract_utc(systimestamp),
sys_extract_utc(systimestamp), getXportalUIdByLoginId('admin'),
getXportalUIdByLoginId('admin'), 1, ' ', '','Unzoned zone');
+INSERT INTO x_security_zone(id, create_time, update_time, added_by_id,
upd_by_id, version, name, jsonData, description) VALUES
(X_SECURITY_ZONE_SEQ.NEXTVAL, sys_extract_utc(systimestamp),
sys_extract_utc(systimestamp), getXportalUIdByLoginId('admin'),
getXportalUIdByLoginId('admin'), 1, '', '','Unzoned zone');
commit;
INSERT INTO x_db_version_h
(id,version,inst_at,inst_by,updated_at,updated_by,active) VALUES
(X_DB_VERSION_H_SEQ.nextval,
'CORE_DB_SCHEMA',sys_extract_utc(systimestamp),'Ranger
1.0.0',sys_extract_utc(systimestamp),'localhost','Y');
INSERT INTO x_db_version_h
(id,version,inst_at,inst_by,updated_at,updated_by,active) VALUES
(X_DB_VERSION_H_SEQ.nextval, '001',sys_extract_utc(systimestamp),'Ranger
1.0.0',sys_extract_utc(systimestamp),'localhost','Y');
diff --git
a/security-admin/db/oracle/patches/037-create-security-zone-schema.sql
b/security-admin/db/oracle/patches/037-create-security-zone-schema.sql
index 8ed2b66..efb51e2 100644
--- a/security-admin/db/oracle/patches/037-create-security-zone-schema.sql
+++ b/security-admin/db/oracle/patches/037-create-security-zone-schema.sql
@@ -231,7 +231,7 @@ DECLARE
BEGIN
Select count(*) into v_column_exists from x_security_zone where id = 1 and
name = ' ';
if (v_column_exists = 0) then
- INSERT INTO x_security_zone(id, create_time, update_time,
added_by_id, upd_by_id, version, name, jsonData, description) VALUES
(X_SECURITY_ZONE_SEQ.NEXTVAL, sys_extract_utc(systimestamp),
sys_extract_utc(systimestamp), getXportalUIdByLoginId('admin'),
getXportalUIdByLoginId('admin'), 1, ' ', '','Unzoned zone');
+ INSERT INTO x_security_zone(id, create_time, update_time,
added_by_id, upd_by_id, version, name, jsonData, description) VALUES
(X_SECURITY_ZONE_SEQ.NEXTVAL, sys_extract_utc(systimestamp),
sys_extract_utc(systimestamp), getXportalUIdByLoginId('admin'),
getXportalUIdByLoginId('admin'), 1, '', '','Unzoned zone');
commit;
end if;
end;/
diff --git
a/security-admin/db/postgres/optimized/current/ranger_core_db_postgres.sql
b/security-admin/db/postgres/optimized/current/ranger_core_db_postgres.sql
index df4201d..fa768cc 100644
--- a/security-admin/db/postgres/optimized/current/ranger_core_db_postgres.sql
+++ b/security-admin/db/postgres/optimized/current/ranger_core_db_postgres.sql
@@ -1628,7 +1628,7 @@ INSERT INTO
x_user(CREATE_TIME,UPDATE_TIME,user_name,status,descr)VALUES(current
INSERT INTO
x_modules_master(create_time,update_time,added_by_id,upd_by_id,module,url)
VALUES(current_timestamp,current_timestamp,getXportalUIdByLoginId('admin'),getXportalUIdByLoginId('admin'),'Tag
Based Policies','');
INSERT INTO
x_modules_master(create_time,update_time,added_by_id,upd_by_id,module,url)
VALUES(current_timestamp,current_timestamp,getXportalUIdByLoginId('admin'),getXportalUIdByLoginId('admin'),'Security
Zone','');
-INSERT INTO x_security_zone(create_time, update_time, added_by_id, upd_by_id,
version, name, jsonData, description) VALUES (current_timestamp,
current_timestamp, getXportalUIdByLoginId('admin'),
getXportalUIdByLoginId('admin'), 1, ' ', '', 'Unzoned zone');
+INSERT INTO x_security_zone(create_time, update_time, added_by_id, upd_by_id,
version, name, jsonData, description) VALUES (current_timestamp,
current_timestamp, getXportalUIdByLoginId('admin'),
getXportalUIdByLoginId('admin'), 1, '', '', 'Unzoned zone');
INSERT INTO x_db_version_h
(version,inst_at,inst_by,updated_at,updated_by,active) VALUES
('CORE_DB_SCHEMA',current_timestamp,'Ranger
1.0.0',current_timestamp,'localhost','Y');
INSERT INTO x_db_version_h
(version,inst_at,inst_by,updated_at,updated_by,active) VALUES
('016',current_timestamp,'Ranger 1.0.0',current_timestamp,'localhost','Y');
diff --git
a/security-admin/db/postgres/patches/037-create-security-zone-schema.sql
b/security-admin/db/postgres/patches/037-create-security-zone-schema.sql
index f55e5b1..7125118 100644
--- a/security-admin/db/postgres/patches/037-create-security-zone-schema.sql
+++ b/security-admin/db/postgres/patches/037-create-security-zone-schema.sql
@@ -239,7 +239,7 @@ DECLARE
BEGIN
select count(*) into v_column_exists from x_security_zone where id=1 and
name=' ';
IF v_column_exists = 0 THEN
- INSERT INTO x_security_zone(create_time, update_time,
added_by_id, upd_by_id, version, name, jsonData, description) VALUES
(current_timestamp, current_timestamp, getXportalUIdByLoginId('admin'),
getXportalUIdByLoginId('admin'), 1, ' ', '', 'Unzoned zone');
+ INSERT INTO x_security_zone(create_time, update_time,
added_by_id, upd_by_id, version, name, jsonData, description) VALUES
(current_timestamp, current_timestamp, getXportalUIdByLoginId('admin'),
getXportalUIdByLoginId('admin'), 1, '', '', 'Unzoned zone');
END IF;
END;
$$ LANGUAGE plpgsql;
diff --git
a/security-admin/db/sqlanywhere/optimized/current/ranger_core_db_sqlanywhere.sql
b/security-admin/db/sqlanywhere/optimized/current/ranger_core_db_sqlanywhere.sql
index a2d4137..0f877b5 100644
---
a/security-admin/db/sqlanywhere/optimized/current/ranger_core_db_sqlanywhere.sql
+++
b/security-admin/db/sqlanywhere/optimized/current/ranger_core_db_sqlanywhere.sql
@@ -1949,7 +1949,7 @@ INSERT INTO
x_portal_user_role(create_time,update_time,added_by_id,upd_by_id,use
GO
INSERT INTO
x_user(create_time,update_time,added_by_id,upd_by_id,user_name,descr,status)
values (CURRENT_TIMESTAMP,
CURRENT_TIMESTAMP,NULL,NULL,'rangertagsync','rangertagsync',0);
GO
-INSERT INTO x_security_zone(create_time, update_time, added_by_id, upd_by_id,
version, name, jsonData, description) VALUES (CURRENT_TIMESTAMP,
CURRENT_TIMESTAMP, dbo.getXportalUIdByLoginId('admin'),
dbo.getXportalUIdByLoginId('admin'), 1, ' ', '', 'Unzoned zone');
+INSERT INTO x_security_zone(create_time, update_time, added_by_id, upd_by_id,
version, name, jsonData, description) VALUES (CURRENT_TIMESTAMP,
CURRENT_TIMESTAMP, dbo.getXportalUIdByLoginId('admin'),
dbo.getXportalUIdByLoginId('admin'), 1, '', '', 'Unzoned zone');
GO
INSERT INTO x_db_version_h
(version,inst_at,inst_by,updated_at,updated_by,active) VALUES
('CORE_DB_SCHEMA',CURRENT_TIMESTAMP,'Ranger
1.0.0',CURRENT_TIMESTAMP,'localhost','Y');
GO
diff --git
a/security-admin/db/sqlanywhere/patches/037-create-security-zone-schema.sql
b/security-admin/db/sqlanywhere/patches/037-create-security-zone-schema.sql
index ba11bea..9c66c53 100644
--- a/security-admin/db/sqlanywhere/patches/037-create-security-zone-schema.sql
+++ b/security-admin/db/sqlanywhere/patches/037-create-security-zone-schema.sql
@@ -223,7 +223,7 @@ BEGIN
END;
GO
IF NOT EXISTS(select * from x_security_zone where id = 1 and name=' ') THEN
- INSERT INTO x_security_zone(create_time, update_time, added_by_id,
upd_by_id, version, name, jsonData, description) VALUES (CURRENT_TIMESTAMP,
CURRENT_TIMESTAMP, dbo.getXportalUIdByLoginId('admin'),
dbo.getXportalUIdByLoginId('admin'), 1, ' ', '', 'Unzoned zone');
+ INSERT INTO x_security_zone(create_time, update_time, added_by_id,
upd_by_id, version, name, jsonData, description) VALUES (CURRENT_TIMESTAMP,
CURRENT_TIMESTAMP, dbo.getXportalUIdByLoginId('admin'),
dbo.getXportalUIdByLoginId('admin'), 1, '', '', 'Unzoned zone');
END IF;
GO
IF NOT EXISTS(select * from SYS.SYSCOLUMNS where tname = 'x_policy' and
cname='zone_id') THEN
diff --git
a/security-admin/db/sqlserver/optimized/current/ranger_core_db_sqlserver.sql
b/security-admin/db/sqlserver/optimized/current/ranger_core_db_sqlserver.sql
index 1f3ccbf..44c1722 100644
--- a/security-admin/db/sqlserver/optimized/current/ranger_core_db_sqlserver.sql
+++ b/security-admin/db/sqlserver/optimized/current/ranger_core_db_sqlserver.sql
@@ -3656,7 +3656,7 @@ insert into x_user
(CREATE_TIME,UPDATE_TIME,user_name,status,descr) values (CURR
insert into x_portal_user
(CREATE_TIME,UPDATE_TIME,FIRST_NAME,LAST_NAME,PUB_SCR_NAME,LOGIN_ID,PASSWORD,EMAIL,STATUS)
values
(CURRENT_TIMESTAMP,CURRENT_TIMESTAMP,'rangertagsync','','rangertagsync','rangertagsync','f5820e1229418dcf2575908f2c493da5','rangertagsync',1);
insert into x_portal_user_role
(CREATE_TIME,UPDATE_TIME,USER_ID,USER_ROLE,STATUS) values
(CURRENT_TIMESTAMP,CURRENT_TIMESTAMP,dbo.getXportalUIdByLoginId('rangertagsync'),'ROLE_SYS_ADMIN',1);
insert into x_user (CREATE_TIME,UPDATE_TIME,user_name,status,descr) values
(CURRENT_TIMESTAMP,CURRENT_TIMESTAMP,'rangertagsync',0,'rangertagsync');
-INSERT INTO x_security_zone(create_time, update_time, added_by_id, upd_by_id,
version, name, jsonData, description) VALUES (CURRENT_TIMESTAMP,
CURRENT_TIMESTAMP, dbo.getXportalUIdByLoginId('admin'),
dbo.getXportalUIdByLoginId('admin'), 1, ' ', '', 'Unzoned zone');
+INSERT INTO x_security_zone(create_time, update_time, added_by_id, upd_by_id,
version, name, jsonData, description) VALUES (CURRENT_TIMESTAMP,
CURRENT_TIMESTAMP, dbo.getXportalUIdByLoginId('admin'),
dbo.getXportalUIdByLoginId('admin'), 1, '', '', 'Unzoned zone');
INSERT INTO x_db_version_h
(version,inst_at,inst_by,updated_at,updated_by,active) VALUES
('CORE_DB_SCHEMA',CURRENT_TIMESTAMP,'Ranger
1.0.0',CURRENT_TIMESTAMP,'localhost','Y');
INSERT INTO x_db_version_h
(version,inst_at,inst_by,updated_at,updated_by,active) VALUES
('016',CURRENT_TIMESTAMP,'Ranger 1.0.0',CURRENT_TIMESTAMP,'localhost','Y');
INSERT INTO x_db_version_h
(version,inst_at,inst_by,updated_at,updated_by,active) VALUES
('018',CURRENT_TIMESTAMP,'Ranger 1.0.0',CURRENT_TIMESTAMP,'localhost','Y');
diff --git
a/security-admin/db/sqlserver/patches/037-create-security-zone-schema.sql
b/security-admin/db/sqlserver/patches/037-create-security-zone-schema.sql
index e5d558f..8156471 100644
--- a/security-admin/db/sqlserver/patches/037-create-security-zone-schema.sql
+++ b/security-admin/db/sqlserver/patches/037-create-security-zone-schema.sql
@@ -437,7 +437,7 @@ END
GO
IF NOT EXISTS(select * from x_security_zone where id = 1 and name=' ')
BEGIN
- INSERT INTO x_security_zone(create_time, update_time, added_by_id,
upd_by_id, version, name, jsonData, description) VALUES (CURRENT_TIMESTAMP,
CURRENT_TIMESTAMP, dbo.getXportalUIdByLoginId('admin'),
dbo.getXportalUIdByLoginId('admin'), 1, ' ', '', 'Unzoned zone');
+ INSERT INTO x_security_zone(create_time, update_time, added_by_id,
upd_by_id, version, name, jsonData, description) VALUES (CURRENT_TIMESTAMP,
CURRENT_TIMESTAMP, dbo.getXportalUIdByLoginId('admin'),
dbo.getXportalUIdByLoginId('admin'), 1, '', '', 'Unzoned zone');
END
GO
IF NOT EXISTS(select * from INFORMATION_SCHEMA.columns where table_name =
'x_policy' and column_name in('zone_id'))
diff --git
a/security-admin/src/main/java/org/apache/ranger/biz/RangerPolicyRetriever.java
b/security-admin/src/main/java/org/apache/ranger/biz/RangerPolicyRetriever.java
index a000fb5..1bd8dc0 100644
---
a/security-admin/src/main/java/org/apache/ranger/biz/RangerPolicyRetriever.java
+++
b/security-admin/src/main/java/org/apache/ranger/biz/RangerPolicyRetriever.java
@@ -27,6 +27,7 @@ import java.util.Map;
import org.apache.commons.collections.CollectionUtils;
import org.apache.commons.collections.MapUtils;
+import org.apache.commons.lang.StringUtils;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.apache.ranger.authorization.utils.JsonUtils;
@@ -44,6 +45,7 @@ import
org.apache.ranger.plugin.model.RangerPolicy.RangerPolicyItem;
import org.apache.ranger.plugin.model.RangerPolicy.RangerPolicyItemAccess;
import org.apache.ranger.plugin.model.RangerPolicy.RangerPolicyItemCondition;
import org.apache.ranger.plugin.model.RangerPolicy.RangerPolicyResource;
+import org.apache.ranger.plugin.model.RangerSecurityZone;
import org.apache.ranger.plugin.util.RangerPerfTracer;
import org.springframework.transaction.PlatformTransactionManager;
import org.springframework.transaction.TransactionStatus;
@@ -366,27 +368,32 @@ public class RangerPolicyRetriever {
return ret;
}
- String getSecurityZoneName(Long zoneId) {
- String ret = null;
+ String getSecurityZoneName(Long zoneId) {
+ String ret = null;
- if(zoneId != null) {
- ret = zoneNames.get(zoneId);
+ if(zoneId != null) {
+ if (zoneId ==
RangerSecurityZone.RANGER_UNZONED_SECURITY_ZONE_ID) {
+ ret = StringUtils.EMPTY;
+ } else {
+ ret = zoneNames.get(zoneId);
- if(ret == null) {
- XXSecurityZone securityZone =
daoMgr.getXXSecurityZoneDao().getById(zoneId);
+ if (ret == null) {
+ XXSecurityZone securityZone =
daoMgr.getXXSecurityZoneDao().getById(zoneId);
- if(securityZone != null) {
- ret = securityZone.getName();
+ if (securityZone != null) {
+ ret =
securityZone.getName();
- if(ret != null) {
- zoneNames.put(zoneId, ret);
- }
- }
- }
- }
+ if (ret != null) {
+
zoneNames.put(zoneId, ret);
+ }
+ }
+ }
+ }
+ }
+
+ return ret;
+ }
- return ret;
- }
void setNameMapping(Map<Long, Map<String, String>>
nameMappingContainer, List<PolicyTextNameMap> nameMappings) {
nameMappingContainer.clear();
