[ranger] branch master updated: RANGER-2692:RangerKafkaAuthorizer support for ConsumerGroup resource for authorization -Default policy udate

rmani Mon, 20 Jan 2020 00:18:25 -0800

This is an automated email from the ASF dual-hosted git repository.

rmani pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/ranger.git



The following commit(s) were added to refs/heads/master by this push:
     new b87dab0  RANGER-2692:RangerKafkaAuthorizer support for ConsumerGroup 
resource for authorization -Default policy udate
b87dab0 is described below

commit b87dab05c1ef268cdc038668e91c0203fe9bc40d
Author: Ramesh Mani <[email protected]>
AuthorDate: Sun Jan 19 23:45:36 2020 -0800

    RANGER-2692:RangerKafkaAuthorizer support for ConsumerGroup resource for 
authorization -Default policy udate
---
 .../PatchForKafkaServiceDefUpdate_J10033.java      | 35 ++++++++++++++--------
 1 file changed, 22 insertions(+), 13 deletions(-)

diff --git 
a/security-admin/src/main/java/org/apache/ranger/patch/PatchForKafkaServiceDefUpdate_J10033.java
 
b/security-admin/src/main/java/org/apache/ranger/patch/PatchForKafkaServiceDefUpdate_J10033.java
index b2e9b74..5b80cc2 100644
--- 
a/security-admin/src/main/java/org/apache/ranger/patch/PatchForKafkaServiceDefUpdate_J10033.java
+++ 
b/security-admin/src/main/java/org/apache/ranger/patch/PatchForKafkaServiceDefUpdate_J10033.java
@@ -27,18 +27,7 @@ import org.apache.ranger.common.JSONUtil;
 import org.apache.ranger.common.RangerValidatorFactory;
 import org.apache.ranger.common.StringUtil;
 import org.apache.ranger.db.RangerDaoManager;
-import org.apache.ranger.entity.XXAccessTypeDef;
-import org.apache.ranger.entity.XXPolicy;
-import org.apache.ranger.entity.XXPolicyItem;
-import org.apache.ranger.entity.XXPolicyItemAccess;
-import org.apache.ranger.entity.XXPolicyItemUserPerm;
-import org.apache.ranger.entity.XXPolicyResource;
-import org.apache.ranger.entity.XXPolicyResourceMap;
-import org.apache.ranger.entity.XXPortalUser;
-import org.apache.ranger.entity.XXResourceDef;
-import org.apache.ranger.entity.XXService;
-import org.apache.ranger.entity.XXServiceDef;
-import org.apache.ranger.entity.XXUser;
+import org.apache.ranger.entity.*;
 import org.apache.ranger.plugin.model.RangerPolicy;
 import org.apache.ranger.plugin.model.RangerPolicyResourceSignature;
 import org.apache.ranger.plugin.model.RangerServiceDef;
@@ -66,6 +55,7 @@ public class PatchForKafkaServiceDefUpdate_J10033 extends 
BaseLoader {
        private static final String LOGIN_ID_ADMIN = "admin";
 
        private static final List<String> DEFAULT_POLICY_USERS = new 
ArrayList<>(Arrays.asList("kafka","rangerlookup"));
+       private static final List<String> DEFAULT_POLICY_GROUP = new 
ArrayList<>(Arrays.asList("public"));
 
        public static final String SERVICEDBSTORE_SERVICEDEFBYNAME_KAFKA_NAME = 
"kafka";
        public static final String CONSUMERGROUP_RESOURCE_NAME = 
"consumergroup";
@@ -343,6 +333,25 @@ public class PatchForKafkaServiceDefUpdate_J10033 extends 
BaseLoader {
                                
daoMgr.getXXPolicyItemUserPerm().create(xUserPerm);
                        }
 
+                       for (int i = 0; i < DEFAULT_POLICY_GROUP.size(); i++) {
+                               String group = DEFAULT_POLICY_GROUP.get(i);
+                               if (StringUtils.isBlank(group)) {
+                                       continue;
+                               }
+                               XXGroup xxGroup = 
daoMgr.getXXGroup().findByGroupName(group);
+                               if (xxGroup == null) {
+                                       throw new RuntimeException(group + ": 
group does not exist. policy='" + xxPolicy.getName()
+                                                       + "' service='" + 
xxPolicy.getService() + "' group='" + group + "'");
+                               }
+                               XXPolicyItemGroupPerm xGroupPerm = new 
XXPolicyItemGroupPerm();
+                               xGroupPerm.setGroupId(xxGroup.getId());
+                               
xGroupPerm.setPolicyItemId(createdXXPolicyItem.getId());
+                               xGroupPerm.setOrder(i);
+                               xGroupPerm.setAddedByUserId(currentUserId);
+                               xGroupPerm.setUpdatedByUserId(currentUserId);
+                               
daoMgr.getXXPolicyItemGroupPerm().create(xGroupPerm);
+                       }
+
 
                        String policyResourceName = CONSUMERGROUP_RESOURCE_NAME;
 
@@ -382,7 +391,7 @@ public class PatchForKafkaServiceDefUpdate_J10033 extends 
BaseLoader {
 
                List<RangerPolicy.RangerPolicyItemAccess> accesses = 
getPolicyItemAccesses();
                List<String> users = new ArrayList<>(DEFAULT_POLICY_USERS);
-               List<String> groups = new ArrayList<>();
+               List<String> groups = new ArrayList<>(DEFAULT_POLICY_GROUP);
                List<RangerPolicy.RangerPolicyItemCondition> conditions = new 
ArrayList<>();
                List<RangerPolicy.RangerPolicyItem> policyItems = new 
ArrayList<>();
                RangerPolicy.RangerPolicyItem rangerPolicyItem = new 
RangerPolicy.RangerPolicyItem();

[ranger] branch master updated: RANGER-2692:RangerKafkaAuthorizer support for ConsumerGroup resource for authorization -Default policy udate

Reply via email to