This is an automated email from the ASF dual-hosted git repository.
pradeep pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/ranger.git
The following commit(s) were added to refs/heads/master by this push:
new 400beaa RANGER-2856: A policy should be deleted if it has no
policyItems
400beaa is described below
commit 400beaa7604e4c83d051dc6e83b8bc109e5d8c53
Author: RickyMa <mhx8...@gmail.com>
AuthorDate: Tue Jul 7 13:22:16 2020 +0530
RANGER-2856: A policy should be deleted if it has no policyItems
Signed-off-by: pradeep <prad...@apache.org>
---
.../org/apache/ranger/biz/PolicyRefUpdater.java | 2 +-
.../java/org/apache/ranger/rest/PublicAPIsv2.java | 19 ++++++++
.../java/org/apache/ranger/rest/ServiceREST.java | 51 +++++++++++++++++++++-
3 files changed, 69 insertions(+), 3 deletions(-)
diff --git
a/security-admin/src/main/java/org/apache/ranger/biz/PolicyRefUpdater.java
b/security-admin/src/main/java/org/apache/ranger/biz/PolicyRefUpdater.java
index 9ce481c..6bd06f4 100644
--- a/security-admin/src/main/java/org/apache/ranger/biz/PolicyRefUpdater.java
+++ b/security-admin/src/main/java/org/apache/ranger/biz/PolicyRefUpdater.java
@@ -352,7 +352,7 @@ public class PolicyRefUpdater {
return true;
}
- static List<List<? extends RangerPolicyItem>>
getAllPolicyItems(RangerPolicy policy) {
+ public static List<List<? extends RangerPolicyItem>>
getAllPolicyItems(RangerPolicy policy) {
List<List<? extends RangerPolicyItem>> ret = new ArrayList<>();
if (CollectionUtils.isNotEmpty(policy.getPolicyItems())) {
diff --git
a/security-admin/src/main/java/org/apache/ranger/rest/PublicAPIsv2.java
b/security-admin/src/main/java/org/apache/ranger/rest/PublicAPIsv2.java
index 4862442..19b93e6 100644
--- a/security-admin/src/main/java/org/apache/ranger/rest/PublicAPIsv2.java
+++ b/security-admin/src/main/java/org/apache/ranger/rest/PublicAPIsv2.java
@@ -554,6 +554,25 @@ public class PublicAPIsv2 {
}
}
+ @DELETE
+ @Path("/api/server/purgepolicies/{serviceName}")
+ @PreAuthorize("hasRole('ROLE_SYS_ADMIN')")
+ public void purgeEmptyPolicies(@PathParam("serviceName") String
serviceName, @Context HttpServletRequest request) {
+ if (logger.isDebugEnabled()) {
+ logger.debug("==> PublicAPIsv2.purgeEmptyPolicies(" +
serviceName + ")");
+ }
+
+ if (serviceName == null) {
+ throw
restErrorUtil.createRESTException(HttpServletResponse.SC_BAD_REQUEST , "Invalid
service name", true);
+ }
+
+ serviceREST.purgeEmptyPolicies(serviceName, request);
+
+ if (logger.isDebugEnabled()) {
+ logger.debug("<== PublicAPIsv2.purgeEmptyPolicies(" +
serviceName + ")");
+ }
+ }
+
/*
* Role Creation API
*/
diff --git
a/security-admin/src/main/java/org/apache/ranger/rest/ServiceREST.java
b/security-admin/src/main/java/org/apache/ranger/rest/ServiceREST.java
index 62cc26e..3422e43 100644
--- a/security-admin/src/main/java/org/apache/ranger/rest/ServiceREST.java
+++ b/security-admin/src/main/java/org/apache/ranger/rest/ServiceREST.java
@@ -62,8 +62,11 @@ import org.apache.ranger.admin.client.datatype.RESTResponse;
import org.apache.ranger.authorization.hadoop.config.RangerAdminConfig;
import org.apache.ranger.authorization.utils.StringUtil;
import org.apache.ranger.biz.AssetMgr;
+import org.apache.ranger.biz.PolicyRefUpdater;
import org.apache.ranger.biz.RangerPolicyAdmin;
import org.apache.ranger.biz.RangerBizUtil;
+import org.apache.ranger.biz.RangerPolicyAdminCache;
+import org.apache.ranger.biz.RangerPolicyAdminCacheForEngineOptions;
import org.apache.ranger.biz.RoleDBStore;
import org.apache.ranger.biz.SecurityZoneDBStore;
import org.apache.ranger.biz.ServiceDBStore;
@@ -110,8 +113,6 @@ import
org.apache.ranger.plugin.model.validation.RangerValidator.Action;
import org.apache.ranger.plugin.policyengine.RangerAccessResource;
import org.apache.ranger.plugin.policyengine.RangerAccessResourceImpl;
import org.apache.ranger.plugin.policyengine.RangerPolicyEngine;
-import org.apache.ranger.biz.RangerPolicyAdminCache;
-import org.apache.ranger.biz.RangerPolicyAdminCacheForEngineOptions;
import org.apache.ranger.plugin.policyengine.RangerPolicyEngineOptions;
import org.apache.ranger.plugin.service.ResourceLookupContext;
import org.apache.ranger.plugin.store.EmbeddedServiceDefsUtil;
@@ -3255,6 +3256,52 @@ public class ServiceREST {
}
}
+ @DELETE
+ @Path("/server/purgepolicies/{serviceName}")
+ @PreAuthorize("hasRole('ROLE_SYS_ADMIN')")
+ public void purgeEmptyPolicies(@PathParam("serviceName") String
serviceName, @Context HttpServletRequest request) {
+ if (LOG.isDebugEnabled()) {
+ LOG.debug("==> ServiceREST.purgeEmptyPolicies(" +
serviceName + ")");
+ }
+
+ if (serviceName == null) {
+ throw
restErrorUtil.createRESTException(HttpServletResponse.SC_BAD_REQUEST , "Invalid
service name", true);
+ }
+
+ RangerPerfTracer perf = null;
+
+ try {
+ if(RangerPerfTracer.isPerfTraceEnabled(PERF_LOG)) {
+ perf = RangerPerfTracer.getPerfTracer(PERF_LOG,
"ServiceREST.purgeEmptyPolicies(serviceName=" + serviceName + ")");
+ }
+
+ if (svcStore.getServiceByName(serviceName) == null) {
+ throw new Exception("service does not exist -
name=" + serviceName);
+ }
+
+ ServicePolicies servicePolicies =
svcStore.getServicePolicies(serviceName, -1L);
+ if (servicePolicies != null &&
CollectionUtils.isNotEmpty(servicePolicies.getPolicies())) {
+ for (RangerPolicy policy :
servicePolicies.getPolicies()) {
+ if
(CollectionUtils.isEmpty(PolicyRefUpdater.getAllPolicyItems(policy))) {
+ deletePolicy(policy.getId());
+ }
+ }
+ }
+ } catch(WebApplicationException excp) {
+ throw excp;
+ } catch(Throwable excp) {
+ LOG.error("purgeEmptyPolicies(" + serviceName + ")
failed", excp);
+
+ throw
restErrorUtil.createRESTException(excp.getMessage());
+ } finally {
+ RangerPerfTracer.log(perf);
+ }
+
+ if (LOG.isDebugEnabled()) {
+ LOG.debug("<== ServiceREST.purgeEmptyPolicies(" +
serviceName + ")");
+ }
+ }
+
private void createPolicyDownloadAudit(String serviceName, Long
lastKnownVersion, String pluginId, int httpRespCode, String clusterName, String
zoneName, HttpServletRequest request) {
try {
String ipAddress = request.getHeader("X-FORWARDED-FOR");
