This is an automated email from the ASF dual-hosted git repository.
rmani pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/ranger.git
The following commit(s) were added to refs/heads/master by this push:
new 6b5df44 RANGER-2724 Support EXECUTE permission in HBase Authorisation
6b5df44 is described below
commit 6b5df44448c4524e6881ed3682c4b1ffa2163b28
Author: Rajeshbabu Chintaguntla <[email protected]>
AuthorDate: Wed Mar 25 23:59:36 2020 +0530
RANGER-2724 Support EXECUTE permission in HBase Authorisation
Signed-off-by: Ramesh Mani <[email protected]>
---
.../service-defs/ranger-servicedef-hbase.json | 5 +
.../ranger/authorization/hbase/HbaseAuthUtils.java | 3 +
.../authorization/hbase/HbaseAuthUtilsImpl.java | 7 +
.../hbase/RangerAuthorizationCoprocessor.java | 24 +-
.../hbase/HbaseAuthUtilsImplTest.java | 1 +
.../optimized/current/ranger_core_db_mysql.sql | 1 +
.../optimized/current/ranger_core_db_oracle.sql | 1 +
.../optimized/current/ranger_core_db_postgres.sql | 1 +
.../current/ranger_core_db_sqlanywhere.sql | 2 +
.../optimized/current/ranger_core_db_sqlserver.sql | 1 +
.../PatchForHBaseServiceDefUpdate_J10035.java | 241 +++++++++++++++++++++
11 files changed, 286 insertions(+), 1 deletion(-)
diff --git
a/agents-common/src/main/resources/service-defs/ranger-servicedef-hbase.json
b/agents-common/src/main/resources/service-defs/ranger-servicedef-hbase.json
index f98c919..594e175 100644
--- a/agents-common/src/main/resources/service-defs/ranger-servicedef-hbase.json
+++ b/agents-common/src/main/resources/service-defs/ranger-servicedef-hbase.json
@@ -96,6 +96,11 @@
"write",
"create"
]
+ },
+ {
+ "itemId": 5,
+ "name": "execute",
+ "label": "Execute"
}
],
diff --git
a/hbase-agent/src/main/java/org/apache/ranger/authorization/hbase/HbaseAuthUtils.java
b/hbase-agent/src/main/java/org/apache/ranger/authorization/hbase/HbaseAuthUtils.java
index f8ee168..928a135 100644
---
a/hbase-agent/src/main/java/org/apache/ranger/authorization/hbase/HbaseAuthUtils.java
+++
b/hbase-agent/src/main/java/org/apache/ranger/authorization/hbase/HbaseAuthUtils.java
@@ -26,6 +26,7 @@ public interface HbaseAuthUtils {
String ACCESS_TYPE_WRITE = "write";
String ACCESS_TYPE_CREATE = "create";
String ACCESS_TYPE_ADMIN = "admin";
+ String ACCESS_TYPE_EXECUTE = "execute";
String getAccess(Action action);
@@ -33,5 +34,7 @@ public interface HbaseAuthUtils {
boolean isWriteAccess(String access);
+ boolean isExecuteAccess(String access);
+
String getTable(RegionCoprocessorEnvironment regionServerEnv);
}
diff --git
a/hbase-agent/src/main/java/org/apache/ranger/authorization/hbase/HbaseAuthUtilsImpl.java
b/hbase-agent/src/main/java/org/apache/ranger/authorization/hbase/HbaseAuthUtilsImpl.java
index c2e1e77..5754942 100644
---
a/hbase-agent/src/main/java/org/apache/ranger/authorization/hbase/HbaseAuthUtilsImpl.java
+++
b/hbase-agent/src/main/java/org/apache/ranger/authorization/hbase/HbaseAuthUtilsImpl.java
@@ -39,6 +39,8 @@ public class HbaseAuthUtilsImpl implements HbaseAuthUtils {
return ACCESS_TYPE_CREATE;
case ADMIN:
return ACCESS_TYPE_ADMIN;
+ case EXEC:
+ return ACCESS_TYPE_EXECUTE;
default:
return action.name().toLowerCase();
}
@@ -55,6 +57,11 @@ public class HbaseAuthUtilsImpl implements HbaseAuthUtils {
}
@Override
+ public boolean isExecuteAccess(String access) {
+ return getAccess(Action.EXEC).equals(access);
+ }
+
+ @Override
public String getTable(RegionCoprocessorEnvironment regionServerEnv) {
RegionInfo hri = regionServerEnv.getRegion().getRegionInfo();
byte[] tableName = hri.getTable().getName();
diff --git
a/hbase-agent/src/main/java/org/apache/ranger/authorization/hbase/RangerAuthorizationCoprocessor.java
b/hbase-agent/src/main/java/org/apache/ranger/authorization/hbase/RangerAuthorizationCoprocessor.java
index 952ef61..a5697f2 100644
---
a/hbase-agent/src/main/java/org/apache/ranger/authorization/hbase/RangerAuthorizationCoprocessor.java
+++
b/hbase-agent/src/main/java/org/apache/ranger/authorization/hbase/RangerAuthorizationCoprocessor.java
@@ -23,6 +23,7 @@ import java.util.*;
import java.util.Map.Entry;
import java.security.PrivilegedExceptionAction;
+import com.google.protobuf.Message;
import com.google.protobuf.Service;
import org.apache.commons.collections.CollectionUtils;
import org.apache.commons.logging.Log;
@@ -85,6 +86,8 @@ public class RangerAuthorizationCoprocessor implements
AccessControlService.Inte
private UserProvider userProvider;
private RegionCoprocessorEnvironment regionEnv;
private Map<InternalScanner, String> scannerOwners = new
MapMaker().weakKeys().makeMap();
+ /** if we should check EXEC permissions */
+ private boolean shouldCheckExecPermission;
/*
* These are package level only for testability and aren't meant to be
exposed outside via getters/setters or made available to derived classes.
@@ -1071,6 +1074,9 @@ public class RangerAuthorizationCoprocessor implements
AccessControlService.Inte
public void start(CoprocessorEnvironment env) throws IOException {
String appType = "unknown";
+ shouldCheckExecPermission = env.getConfiguration().getBoolean(
+
AccessControlConstants.EXEC_PERMISSION_CHECKS_KEY,
+
AccessControlConstants.DEFAULT_EXEC_PERMISSION_CHECKS);
if (env instanceof MasterCoprocessorEnvironment) {
coprocessorType = MASTER_COPROCESSOR_TYPE;
appType = "hbaseMaster";
@@ -1221,7 +1227,23 @@ public class RangerAuthorizationCoprocessor implements
AccessControlService.Inte
requirePermission(ctx, "preCleanupBulkLoad",
Permission.Action.WRITE, ctx.getEnvironment(), cfs);
}
-
+
+ /* ---- EndpointObserver implementation ---- */
+
+ @Override
+ public Message
preEndpointInvocation(ObserverContext<RegionCoprocessorEnvironment> ctx,
+
Service service, String methodName, Message request) throws IOException {
+ // Don't intercept calls to our own AccessControlService, we
check for
+ // appropriate permissions in the service handlers
+ if (shouldCheckExecPermission && !(service instanceof
AccessControlService)) {
+ requirePermission(ctx,
+ "invoke(" +
service.getDescriptorForType().getName() + "." + methodName + ")",
+ getTableName(ctx.getEnvironment()),
null, null,
+ Action.EXEC);
+ }
+ return request;
+ }
+
@Override
public void grant(RpcController controller,
AccessControlProtos.GrantRequest request,
RpcCallback<AccessControlProtos.GrantResponse> done) {
boolean isSuccess = false;
diff --git
a/hbase-agent/src/test/java/org/apache/ranger/authorization/hbase/HbaseAuthUtilsImplTest.java
b/hbase-agent/src/test/java/org/apache/ranger/authorization/hbase/HbaseAuthUtilsImplTest.java
index 1b8edd4..d14b83e 100644
---
a/hbase-agent/src/test/java/org/apache/ranger/authorization/hbase/HbaseAuthUtilsImplTest.java
+++
b/hbase-agent/src/test/java/org/apache/ranger/authorization/hbase/HbaseAuthUtilsImplTest.java
@@ -29,5 +29,6 @@ public class HbaseAuthUtilsImplTest {
HbaseAuthUtilsImpl authUtils = new HbaseAuthUtilsImpl();
assertTrue(authUtils.isReadAccess("read"));
assertTrue(authUtils.isWriteAccess("write"));
+ assertTrue(authUtils.isExecuteAccess("execute"));
}
}
diff --git a/security-admin/db/mysql/optimized/current/ranger_core_db_mysql.sql
b/security-admin/db/mysql/optimized/current/ranger_core_db_mysql.sql
index 49d0639..2d93fc4 100644
--- a/security-admin/db/mysql/optimized/current/ranger_core_db_mysql.sql
+++ b/security-admin/db/mysql/optimized/current/ranger_core_db_mysql.sql
@@ -1747,4 +1747,5 @@ INSERT INTO x_db_version_h
(version,inst_at,inst_by,updated_at,updated_by,active
INSERT INTO x_db_version_h
(version,inst_at,inst_by,updated_at,updated_by,active) VALUES
('J10030',UTC_TIMESTAMP(),'Ranger 1.0.0',UTC_TIMESTAMP(),'localhost','Y');
INSERT INTO x_db_version_h
(version,inst_at,inst_by,updated_at,updated_by,active) VALUES
('J10033',UTC_TIMESTAMP(),'Ranger 1.0.0',UTC_TIMESTAMP(),'localhost','Y');
INSERT INTO x_db_version_h
(version,inst_at,inst_by,updated_at,updated_by,active) VALUES
('J10034',UTC_TIMESTAMP(),'Ranger 1.0.0',UTC_TIMESTAMP(),'localhost','Y');
+INSERT INTO x_db_version_h
(version,inst_at,inst_by,updated_at,updated_by,active) VALUES
('J10035',UTC_TIMESTAMP(),'Ranger 1.0.0',UTC_TIMESTAMP(),'localhost','Y');
INSERT INTO x_db_version_h
(version,inst_at,inst_by,updated_at,updated_by,active) VALUES
('JAVA_PATCHES',UTC_TIMESTAMP(),'Ranger 1.0.0',UTC_TIMESTAMP(),'localhost','Y');
diff --git
a/security-admin/db/oracle/optimized/current/ranger_core_db_oracle.sql
b/security-admin/db/oracle/optimized/current/ranger_core_db_oracle.sql
index 580b6fb..38e546a 100644
--- a/security-admin/db/oracle/optimized/current/ranger_core_db_oracle.sql
+++ b/security-admin/db/oracle/optimized/current/ranger_core_db_oracle.sql
@@ -1921,5 +1921,6 @@ INSERT INTO x_db_version_h
(id,version,inst_at,inst_by,updated_at,updated_by,act
INSERT INTO x_db_version_h
(id,version,inst_at,inst_by,updated_at,updated_by,active) VALUES
(X_DB_VERSION_H_SEQ.nextval,'J10030',sys_extract_utc(systimestamp),'Ranger
1.0.0',sys_extract_utc(systimestamp),'localhost','Y');
INSERT INTO x_db_version_h
(id,version,inst_at,inst_by,updated_at,updated_by,active) VALUES
(X_DB_VERSION_H_SEQ.nextval,'J10033',sys_extract_utc(systimestamp),'Ranger
1.0.0',sys_extract_utc(systimestamp),'localhost','Y');
INSERT INTO x_db_version_h
(id,version,inst_at,inst_by,updated_at,updated_by,active) VALUES
(X_DB_VERSION_H_SEQ.nextval,'J10034',sys_extract_utc(systimestamp),'Ranger
1.0.0',sys_extract_utc(systimestamp),'localhost','Y');
+INSERT INTO x_db_version_h
(id,version,inst_at,inst_by,updated_at,updated_by,active) VALUES
(X_DB_VERSION_H_SEQ.nextval,'J10035',sys_extract_utc(systimestamp),'Ranger
1.0.0',sys_extract_utc(systimestamp),'localhost','Y');
INSERT INTO x_db_version_h
(id,version,inst_at,inst_by,updated_at,updated_by,active) VALUES
(X_DB_VERSION_H_SEQ.nextval,'JAVA_PATCHES',sys_extract_utc(systimestamp),'Ranger
1.0.0',sys_extract_utc(systimestamp),'localhost','Y');
commit;
diff --git
a/security-admin/db/postgres/optimized/current/ranger_core_db_postgres.sql
b/security-admin/db/postgres/optimized/current/ranger_core_db_postgres.sql
index 56f5a4d..7c2ada5 100644
--- a/security-admin/db/postgres/optimized/current/ranger_core_db_postgres.sql
+++ b/security-admin/db/postgres/optimized/current/ranger_core_db_postgres.sql
@@ -1869,6 +1869,7 @@ INSERT INTO x_db_version_h
(version,inst_at,inst_by,updated_at,updated_by,active
INSERT INTO x_db_version_h
(version,inst_at,inst_by,updated_at,updated_by,active) VALUES
('J10030',current_timestamp,'Ranger 1.0.0',current_timestamp,'localhost','Y');
INSERT INTO x_db_version_h
(version,inst_at,inst_by,updated_at,updated_by,active) VALUES
('J10033',current_timestamp,'Ranger 1.0.0',current_timestamp,'localhost','Y');
INSERT INTO x_db_version_h
(version,inst_at,inst_by,updated_at,updated_by,active) VALUES
('J10034',current_timestamp,'Ranger 1.0.0',current_timestamp,'localhost','Y');
+INSERT INTO x_db_version_h
(version,inst_at,inst_by,updated_at,updated_by,active) VALUES
('J10035',current_timestamp,'Ranger 1.0.0',current_timestamp,'localhost','Y');
INSERT INTO x_db_version_h
(version,inst_at,inst_by,updated_at,updated_by,active) VALUES
('JAVA_PATCHES',current_timestamp,'Ranger
1.0.0',current_timestamp,'localhost','Y');
DROP VIEW IF EXISTS vx_trx_log;
diff --git
a/security-admin/db/sqlanywhere/optimized/current/ranger_core_db_sqlanywhere.sql
b/security-admin/db/sqlanywhere/optimized/current/ranger_core_db_sqlanywhere.sql
index 3ccd5ca..7b0509c 100644
---
a/security-admin/db/sqlanywhere/optimized/current/ranger_core_db_sqlanywhere.sql
+++
b/security-admin/db/sqlanywhere/optimized/current/ranger_core_db_sqlanywhere.sql
@@ -2259,6 +2259,8 @@ INSERT INTO x_db_version_h
(version,inst_at,inst_by,updated_at,updated_by,active
GO
INSERT INTO x_db_version_h
(version,inst_at,inst_by,updated_at,updated_by,active) VALUES
('J10034',CURRENT_TIMESTAMP,'Ranger 1.0.0',CURRENT_TIMESTAMP,'localhost','Y');
GO
+INSERT INTO x_db_version_h
(version,inst_at,inst_by,updated_at,updated_by,active) VALUES
('J10035',CURRENT_TIMESTAMP,'Ranger 1.0.0',CURRENT_TIMESTAMP,'localhost','Y');
+GO
INSERT INTO x_db_version_h
(version,inst_at,inst_by,updated_at,updated_by,active) VALUES
('JAVA_PATCHES',CURRENT_TIMESTAMP,'Ranger
1.0.0',CURRENT_TIMESTAMP,'localhost','Y');
GO
exit
diff --git
a/security-admin/db/sqlserver/optimized/current/ranger_core_db_sqlserver.sql
b/security-admin/db/sqlserver/optimized/current/ranger_core_db_sqlserver.sql
index 3418ea5..25b3bed 100644
--- a/security-admin/db/sqlserver/optimized/current/ranger_core_db_sqlserver.sql
+++ b/security-admin/db/sqlserver/optimized/current/ranger_core_db_sqlserver.sql
@@ -3953,6 +3953,7 @@ INSERT INTO x_db_version_h
(version,inst_at,inst_by,updated_at,updated_by,active
INSERT INTO x_db_version_h
(version,inst_at,inst_by,updated_at,updated_by,active) VALUES
('J10030',CURRENT_TIMESTAMP,'Ranger 1.0.0',CURRENT_TIMESTAMP,'localhost','Y');
INSERT INTO x_db_version_h
(version,inst_at,inst_by,updated_at,updated_by,active) VALUES
('J10033',CURRENT_TIMESTAMP,'Ranger 1.0.0',CURRENT_TIMESTAMP,'localhost','Y');
INSERT INTO x_db_version_h
(version,inst_at,inst_by,updated_at,updated_by,active) VALUES
('J10034',CURRENT_TIMESTAMP,'Ranger 1.0.0',CURRENT_TIMESTAMP,'localhost','Y');
+INSERT INTO x_db_version_h
(version,inst_at,inst_by,updated_at,updated_by,active) VALUES
('J10035',CURRENT_TIMESTAMP,'Ranger 1.0.0',CURRENT_TIMESTAMP,'localhost','Y');
INSERT INTO x_db_version_h
(version,inst_at,inst_by,updated_at,updated_by,active) VALUES
('JAVA_PATCHES',CURRENT_TIMESTAMP,'Ranger
1.0.0',CURRENT_TIMESTAMP,'localhost','Y');
GO
CREATE VIEW [dbo].[vx_trx_log] AS
diff --git
a/security-admin/src/main/java/org/apache/ranger/patch/PatchForHBaseServiceDefUpdate_J10035.java
b/security-admin/src/main/java/org/apache/ranger/patch/PatchForHBaseServiceDefUpdate_J10035.java
new file mode 100644
index 0000000..d13df23
--- /dev/null
+++
b/security-admin/src/main/java/org/apache/ranger/patch/PatchForHBaseServiceDefUpdate_J10035.java
@@ -0,0 +1,241 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.ranger.patch;
+
+import org.apache.commons.lang.StringUtils;
+import org.apache.log4j.Logger;
+import org.apache.ranger.biz.RangerBizUtil;
+import org.apache.ranger.biz.ServiceDBStore;
+import org.apache.ranger.common.JSONUtil;
+import org.apache.ranger.common.RangerValidatorFactory;
+import org.apache.ranger.common.StringUtil;
+import org.apache.ranger.db.RangerDaoManager;
+import org.apache.ranger.entity.XXServiceDef;
+import org.apache.ranger.plugin.model.RangerServiceDef;
+import org.apache.ranger.plugin.model.validation.RangerServiceDefValidator;
+import org.apache.ranger.plugin.model.validation.RangerValidator;
+import org.apache.ranger.plugin.store.EmbeddedServiceDefsUtil;
+import org.apache.ranger.service.RangerPolicyService;
+import org.apache.ranger.service.XPermMapService;
+import org.apache.ranger.service.XPolicyService;
+import org.apache.ranger.util.CLIUtil;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.stereotype.Component;
+
+import java.util.HashMap;
+import java.util.List;
+import java.util.Map;
+
+@Component
+public class PatchForHBaseServiceDefUpdate_J10035 extends BaseLoader {
+ private static final Logger logger =
Logger.getLogger(PatchForHBaseServiceDefUpdate_J10035.class);
+ public static final String SERVICEDBSTORE_SERVICEDEFBYNAME_HBASE_NAME =
"hbase";
+ public static final String REFRESH_ACCESS_TYPE_NAME = "execute";
+
+ @Autowired
+ RangerDaoManager daoMgr;
+
+ @Autowired
+ ServiceDBStore svcDBStore;
+
+ @Autowired
+ JSONUtil jsonUtil;
+
+ @Autowired
+ RangerPolicyService policyService;
+
+ @Autowired
+ StringUtil stringUtil;
+
+ @Autowired
+ XPolicyService xPolService;
+
+ @Autowired
+ XPermMapService xPermMapService;
+
+ @Autowired
+ RangerBizUtil bizUtil;
+
+ @Autowired
+ RangerValidatorFactory validatorFactory;
+
+ @Autowired
+ ServiceDBStore svcStore;
+
+ public static void main(String[] args) {
+ logger.info("main()");
+ try {
+ PatchForHBaseServiceDefUpdate_J10035 loader =
(PatchForHBaseServiceDefUpdate_J10035)
CLIUtil.getBean(PatchForHBaseServiceDefUpdate_J10035.class);
+ loader.init();
+ while (loader.isMoreToProcess()) {
+ loader.load();
+ }
+ logger.info("Load complete. Exiting.");
+ System.exit(0);
+ } catch (Exception e) {
+ logger.error("Error loading", e);
+ System.exit(1);
+ }
+ }
+
+ @Override
+ public void printStats() {
+ logger.info("PatchForHBaseServiceDefUpdate data ");
+ }
+
+ @Override
+ public void execLoad() {
+ logger.info("==> PatchForHBaseServiceDefUpdate.execLoad()");
+ try {
+ if (!updateHBaseServiceDef()) {
+ logger.error("Failed to apply the patch.");
+ System.exit(1);
+ }
+ } catch (Exception e) {
+ logger.error("Error while PatchForHBaseServiceDefUpdate()data.",
e);
+ System.exit(1);
+ }
+ logger.info("<== PatchForHBaseServiceDefUpdate.execLoad()");
+ }
+
+ @Override
+ public void init() throws Exception {
+ // Do Nothing
+ }
+
+ private boolean updateHBaseServiceDef() throws Exception {
+ RangerServiceDef ret;
+ RangerServiceDef embeddedHBasServiceDef;
+ RangerServiceDef dbHBaseServiceDef;
+ List<RangerServiceDef.RangerAccessTypeDef> embeddedHBaseAccessTypes;
+ XXServiceDef xXServiceDefObj;
+
+ embeddedHBasServiceDef =
EmbeddedServiceDefsUtil.instance().getEmbeddedServiceDef(SERVICEDBSTORE_SERVICEDEFBYNAME_HBASE_NAME);
+
+ if (embeddedHBasServiceDef != null) {
+ xXServiceDefObj =
daoMgr.getXXServiceDef().findByName(SERVICEDBSTORE_SERVICEDEFBYNAME_HBASE_NAME);
+ Map<String, String> serviceDefOptionsPreUpdate;
+ String jsonPreUpdate;
+
+ if (xXServiceDefObj != null) {
+ jsonPreUpdate = xXServiceDefObj.getDefOptions();
+ serviceDefOptionsPreUpdate = jsonStringToMap(jsonPreUpdate);
+ } else {
+ logger.error("HBase service-definition does not exist in the
Ranger DAO.");
+ return false;
+ }
+ dbHBaseServiceDef =
svcDBStore.getServiceDefByName(SERVICEDBSTORE_SERVICEDEFBYNAME_HBASE_NAME);
+
+ if (dbHBaseServiceDef != null) {
+ embeddedHBaseAccessTypes =
embeddedHBasServiceDef.getAccessTypes();
+
+ if (embeddedHBaseAccessTypes != null) {
+ if
(checkNewHBaseAccessTypesPresent(embeddedHBaseAccessTypes)) {
+ if
(!embeddedHBaseAccessTypes.toString().equalsIgnoreCase(dbHBaseServiceDef.getAccessTypes().toString()))
{
+
dbHBaseServiceDef.setAccessTypes(embeddedHBaseAccessTypes);
+ }
+ }
+ }
+ } else {
+ logger.error("HBase service-definition does not exist in the
db store.");
+ return false;
+ }
+ RangerServiceDefValidator validator =
validatorFactory.getServiceDefValidator(svcStore);
+ validator.validate(dbHBaseServiceDef,
RangerValidator.Action.UPDATE);
+
+ ret = svcStore.updateServiceDef(dbHBaseServiceDef);
+ if (ret == null) {
+ throw new RuntimeException("Error while updating " +
SERVICEDBSTORE_SERVICEDEFBYNAME_HBASE_NAME + " service-def");
+ }
+ xXServiceDefObj =
daoMgr.getXXServiceDef().findByName(SERVICEDBSTORE_SERVICEDEFBYNAME_HBASE_NAME);
+ if (xXServiceDefObj != null) {
+ String jsonStrPostUpdate = xXServiceDefObj.getDefOptions();
+ Map<String, String> serviceDefOptionsPostUpdate =
jsonStringToMap(jsonStrPostUpdate);
+ if (serviceDefOptionsPostUpdate != null &&
serviceDefOptionsPostUpdate.containsKey(RangerServiceDef.OPTION_ENABLE_DENY_AND_EXCEPTIONS_IN_POLICIES))
{
+ if (serviceDefOptionsPreUpdate == null ||
!serviceDefOptionsPreUpdate.containsKey(RangerServiceDef.OPTION_ENABLE_DENY_AND_EXCEPTIONS_IN_POLICIES))
{
+ String preUpdateValue = serviceDefOptionsPreUpdate ==
null ? null :
serviceDefOptionsPreUpdate.get(RangerServiceDef.OPTION_ENABLE_DENY_AND_EXCEPTIONS_IN_POLICIES);
+ if (preUpdateValue == null) {
+
serviceDefOptionsPostUpdate.remove(RangerServiceDef.OPTION_ENABLE_DENY_AND_EXCEPTIONS_IN_POLICIES);
+ } else {
+
serviceDefOptionsPostUpdate.put(RangerServiceDef.OPTION_ENABLE_DENY_AND_EXCEPTIONS_IN_POLICIES,
preUpdateValue);
+ }
+
xXServiceDefObj.setDefOptions(mapToJsonString(serviceDefOptionsPostUpdate));
+ daoMgr.getXXServiceDef().update(xXServiceDefObj);
+ }
+ }
+ } else {
+ logger.error("HBase service-definition does not exist in the
Ranger DAO.");
+ return false;
+ }
+ } else {
+ logger.error("The embedded HBase service-definition does not
exist.");
+ return false;
+ }
+ return true;
+ }
+
+ private static boolean
checkNewHBaseAccessTypesPresent(List<RangerServiceDef.RangerAccessTypeDef>
accessTypeDefs) {
+ boolean ret = false;
+ for (RangerServiceDef.RangerAccessTypeDef accessTypeDef :
accessTypeDefs) {
+ if (REFRESH_ACCESS_TYPE_NAME.equals(accessTypeDef.getName())) {
+ ret = true;
+ break;
+ }
+ }
+ return ret;
+ }
+
+ private String mapToJsonString(Map<String, String> map) {
+ String ret = null;
+ if (map != null) {
+ try {
+ ret = jsonUtil.readMapToString(map);
+ } catch (Exception ex) {
+ logger.warn("mapToJsonString() failed to convert map: " + map,
ex);
+ }
+ }
+ return ret;
+ }
+
+ protected Map<String, String> jsonStringToMap(String jsonStr) {
+ Map<String, String> ret = null;
+ if (!StringUtils.isEmpty(jsonStr)) {
+ try {
+ ret = jsonUtil.jsonToMap(jsonStr);
+ } catch (Exception ex) {
+ // fallback to earlier format: "name1=value1;name2=value2"
+ for (String optionString : jsonStr.split(";")) {
+ if (StringUtils.isEmpty(optionString)) {
+ continue;
+ }
+ String[] nvArr = optionString.split("=");
+ String name = (nvArr != null && nvArr.length > 0) ?
nvArr[0].trim() : null;
+ String value = (nvArr != null && nvArr.length > 1) ?
nvArr[1].trim() : null;
+ if (StringUtils.isEmpty(name)) {
+ continue;
+ }
+ if (ret == null) {
+ ret = new HashMap<String, String>();
+ }
+ ret.put(name, value);
+ }
+ }
+ }
+ return ret;
+ }
+}
