This is an automated email from the ASF dual-hosted git repository.
rmani pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/ranger.git
The following commit(s) were added to refs/heads/master by this push:
new 3a4a313 RANGER-2828:RangerExportPolicy with resource filter fails to
fetch policies
3a4a313 is described below
commit 3a4a313e5ed97c7d36340ef59b6a4038e7bae89f
Author: Ramesh Mani <[email protected]>
AuthorDate: Sat May 23 12:36:06 2020 -0700
RANGER-2828:RangerExportPolicy with resource filter fails to fetch policies
---
.../java/org/apache/ranger/biz/ServiceDBStore.java | 103 ++++++++++++++++-----
.../org/apache/ranger/biz/TestServiceDBStore.java | 1 -
2 files changed, 82 insertions(+), 22 deletions(-)
diff --git
a/security-admin/src/main/java/org/apache/ranger/biz/ServiceDBStore.java
b/security-admin/src/main/java/org/apache/ranger/biz/ServiceDBStore.java
index ed69761..c6308ee 100644
--- a/security-admin/src/main/java/org/apache/ranger/biz/ServiceDBStore.java
+++ b/security-admin/src/main/java/org/apache/ranger/biz/ServiceDBStore.java
@@ -2544,10 +2544,13 @@ public class ServiceDBStore extends
AbstractServiceStore {
boolean useLegacyResourceSearch = true;
+ Map<String, String> paramsCopy = new
HashMap<>(filter.getParams());
+ SearchFilter searchFilter = new
SearchFilter(paramsCopy);
+
if (MapUtils.isNotEmpty(filterResources) &&
resourceMatchScope != null) {
useLegacyResourceSearch = false;
for (Map.Entry<String, String> entry :
filterResources.entrySet()) {
-
filter.removeParam(SearchFilter.RESOURCE_PREFIX + entry.getKey());
+
searchFilter.removeParam(SearchFilter.RESOURCE_PREFIX + entry.getKey());
}
}
@@ -2556,7 +2559,7 @@ public class ServiceDBStore extends AbstractServiceStore {
}
ret = new ArrayList<>(policies);
- predicateUtil.applyFilter(ret, filter);
+ predicateUtil.applyFilter(ret, searchFilter);
if (!useLegacyResourceSearch &&
CollectionUtils.isNotEmpty(ret)) {
RangerPolicyResourceMatcher.MatchScope scope;
@@ -2593,7 +2596,7 @@ public class ServiceDBStore extends AbstractServiceStore {
break;
}
- ret = applyResourceFilter(serviceDef, ret,
filterResources, filter, scope);
+ ret = applyResourceFilter(serviceDef, ret,
filterResources, searchFilter, scope);
}
} else {
ret = policies;
@@ -4691,7 +4694,6 @@ public class ServiceDBStore extends AbstractServiceStore {
RangerPolicyList retList = new RangerPolicyList();
Map<Long,RangerPolicy> policyMap=new
HashMap<Long,RangerPolicy>();
Set<Long> processedServices=new HashSet<Long>();
- Set<Long> processedServicesForGroup=new HashSet<Long>();
Set<Long> processedPolicies=new HashSet<Long>();
Comparator<RangerPolicy> comparator = new
Comparator<RangerPolicy>() {
public int compare(RangerPolicy c1, RangerPolicy c2) {
@@ -4699,11 +4701,27 @@ public class ServiceDBStore extends
AbstractServiceStore {
}
};
- List<XXPolicy> xPolList = (List<XXPolicy>)
policyService.searchResources(searchFilter, policyService.searchFields,
policyService.sortFields, retList);
- if (!CollectionUtils.isEmpty(xPolList)) {
- for (XXPolicy xXPolicy : xPolList) {
-
if(!processedServices.contains(xXPolicy.getService())){
-
loadRangerPolicies(xXPolicy.getService(),processedServices,policyMap,searchFilter);
+ List<XXPolicy> xPolList = null;
+ Long serviceId = null;
+ String serviceName =
searchFilter.getParam(ServiceREST.PARAM_SERVICE_NAME);
+
+ if (StringUtils.isNotBlank(serviceName)) {
+ serviceId = getRangerServiceByName(serviceName.trim());
+ if (serviceId != null) {
+ loadRangerPolicies(serviceId,
processedServices, policyMap, searchFilter);
+ }
+ } else {
+ xPolList = policyService.searchResources(searchFilter,
policyService.searchFields, policyService.sortFields, retList);
+ if (!CollectionUtils.isEmpty(xPolList)) {
+ if (isSearchQuerybyResource(searchFilter)) {
+ XXPolicy xXPolicy = xPolList.get(0);
+
loadRangerPolicies(xXPolicy.getService(), processedServices, policyMap,
searchFilter);
+ } else {
+ for (XXPolicy xXPolicy : xPolList) {
+ if
(!processedServices.contains(xXPolicy.getService())) {
+
loadRangerPolicies(xXPolicy.getService(), processedServices, policyMap,
searchFilter);
+ }
+ }
}
}
}
@@ -4712,11 +4730,11 @@ public class ServiceDBStore extends
AbstractServiceStore {
searchFilter.removeParam("user");
Set<String> groupNames =
daoMgr.getXXGroupUser().findGroupNamesByUserName(userName);
if (!CollectionUtils.isEmpty(groupNames)) {
- List<XXPolicy> xPolList2 = null;
+ Set<Long> processedServicesForGroup=new
HashSet<Long>();
+ List<XXPolicy> xPolList2;
for (String groupName : groupNames) {
- xPolList2 = new ArrayList<XXPolicy>();
searchFilter.setParam("group",
groupName);
- xPolList2 = (List<XXPolicy>)
policyService.searchResources(searchFilter, policyService.searchFields,
policyService.sortFields, retList);
+ xPolList2 =
policyService.searchResources(searchFilter, policyService.searchFields,
policyService.sortFields, retList);
if
(!CollectionUtils.isEmpty(xPolList2)) {
for (XXPolicy xPol2 :
xPolList2) {
if(xPol2!=null){
@@ -4736,25 +4754,68 @@ public class ServiceDBStore extends
AbstractServiceStore {
}
}
if (!CollectionUtils.isEmpty(xPolList)) {
- for (XXPolicy xPol : xPolList) {
- if(xPol!=null){
-
if(!processedPolicies.contains(xPol.getId())){
-
if(!processedServices.contains(xPol.getService())){
-
loadRangerPolicies(xPol.getService(),processedServices,policyMap,searchFilter);
- }
-
if(policyMap.containsKey(xPol.getId())){
-
policyList.add(policyMap.get(xPol.getId()));
-
processedPolicies.add(xPol.getId());
+ if (isSearchQuerybyResource(searchFilter)) {
+ if (MapUtils.isNotEmpty(policyMap)) {
+ for(Entry<Long,RangerPolicy>
entry:policyMap.entrySet()) {
+
policyList.add(entry.getValue());
+
processedPolicies.add(entry.getKey());
+ }
+ }
+ } else {
+ for (XXPolicy xPol : xPolList) {
+ if (xPol != null) {
+ if
(!processedPolicies.contains(xPol.getId())) {
+ if
(!processedServices.contains(xPol.getService())) {
+
loadRangerPolicies(xPol.getService(), processedServices, policyMap,
searchFilter);
+ }
+ if
(policyMap.containsKey(xPol.getId())) {
+
policyList.add(policyMap.get(xPol.getId()));
+
processedPolicies.add(xPol.getId());
+ }
}
}
}
}
+ } else {
+ if (MapUtils.isNotEmpty(policyMap)) {
+ for(Entry<Long,RangerPolicy>
entry:policyMap.entrySet()) {
+ policyList.add(entry.getValue());
+ processedPolicies.add(entry.getKey());
+ }
+ }
+ }
+
+ if (CollectionUtils.isNotEmpty(policyList)) {
Collections.sort(policyList, comparator);
}
retList.setPolicies(policyList);
return retList;
}
+ private boolean isSearchQuerybyResource(SearchFilter searchFilter) {
+ boolean ret = false;
+ Map<String, String> filterResourcesPrefix =
searchFilter.getParamsWithPrefix(SearchFilter.RESOURCE_PREFIX, true);
+ if(MapUtils.isNotEmpty(filterResourcesPrefix)) {
+ ret = true;
+ }
+ if(!ret) {
+ Map<String, String> filterResourcesPolResource =
searchFilter.getParamsWithPrefix(SearchFilter.POL_RESOURCE, true);
+ if (MapUtils.isNotEmpty(filterResourcesPolResource)) {
+ ret = true;
+ }
+ }
+ return ret;
+ }
+
+ private Long getRangerServiceByName(String name) {
+ XXService xxService = null;
+ XXServiceDao xxServiceDao = daoMgr.getXXService();
+ if (xxServiceDao != null ) {
+ xxService = xxServiceDao.findByName(name);
+ }
+ return xxService == null ? null : xxService.getId();
+ }
+
private void loadRangerPolicies(Long serviceId,Set<Long>
processedServices,Map<Long,RangerPolicy> policyMap,SearchFilter searchFilter){
try {
List<RangerPolicy> tempPolicyList =
getServicePolicies(serviceId,searchFilter);
diff --git
a/security-admin/src/test/java/org/apache/ranger/biz/TestServiceDBStore.java
b/security-admin/src/test/java/org/apache/ranger/biz/TestServiceDBStore.java
index c219e6c..9677b4d 100644
--- a/security-admin/src/test/java/org/apache/ranger/biz/TestServiceDBStore.java
+++ b/security-admin/src/test/java/org/apache/ranger/biz/TestServiceDBStore.java
@@ -2145,7 +2145,6 @@ public class TestServiceDBStore {
//PList<RangerPolicy> dbRangerPolicyList =
serviceDBStore.getPaginatedServicePolicies(rangerService.getId(),
filter);
- Mockito.verify(daoManager).getXXService();
}
@Test
