This is an automated email from the ASF dual-hosted git repository.
madhan pushed a commit to branch RANGER-3923
in repository https://gitbox.apache.org/repos/asf/ranger.git
commit f80b8c148098aa647f3fc2d7c0841150e247d086
Merge: d5dc40c8c 00fd78a9b
Author: Madhan Neethiraj <mad...@apache.org>
AuthorDate: Wed Sep 27 21:40:36 2023 -0700
Merge branch 'master' into RANGER-3923
agents-common/dev-support/spotbugsIncludeFile.xml | 64 ++++++++++++
.../apache/ranger/plugin/model/RangerPolicy.java | 4 +
.../ranger/plugin/policyengine/PolicyEngine.java | 44 +++++++++
.../policyengine/RangerRequestScriptEvaluator.java | 25 +++--
.../plugin/policyengine/RangerResourceTrie.java | 12 ++-
.../RangerAbstractPolicyItemEvaluator.java | 59 ++++++++++++
.../RangerAuditPolicyEvaluator.java | 2 +-
.../RangerDefaultPolicyEvaluator.java | 25 ++++-
.../RangerDefaultPolicyItemEvaluator.java | 107 ++++++++++++---------
.../RangerDefaultRowFilterPolicyItemEvaluator.java | 9 +-
.../RangerOptimizedPolicyEvaluator.java | 106 ++++++++++++++------
.../policyevaluator/RangerPolicyEvaluator.java | 43 +++++++--
.../policyevaluator/RangerPolicyItemEvaluator.java | 1 +
.../plugin/resourcematcher/ResourceMatcher.java | 4 +
.../ranger/plugin/service/RangerBasePlugin.java | 91 +-----------------
.../apache/ranger/plugin/util/JavaScriptEdits.java | 77 +++++++++++++++
.../apache/ranger/plugin/util/PolicyRefresher.java | 66 +++++++++++--
.../plugin/util/RangerSecurityZoneHelper.java | 14 +--
.../apache/ranger/plugin/util/ServicePolicies.java | 72 ++++++++++++++
.../ranger/plugin/util/JavaScriptEditsTest.java | 45 +++++++++
pom.xml | 2 +-
.../java/org/apache/ranger/biz/ServiceDBStore.java | 7 +-
.../ranger/common/RangerServicePoliciesCache.java | 44 +++++++++
.../org/apache/ranger/service/XGroupService.java | 2 +-
.../org/apache/ranger/service/XUserService.java | 2 +-
.../react-webapp/src/components/Editable.jsx | 16 +--
.../react-webapp/src/components/XATableLayout.jsx | 9 +-
.../main/webapp/react-webapp/src/styles/style.css | 3 +-
.../main/webapp/react-webapp/src/utils/XAEnums.js | 13 +++
.../main/webapp/react-webapp/src/utils/fetchAPI.js | 2 +-
.../src/views/AuditEvent/AdminLogs/UserLogs.jsx | 6 +-
.../src/views/AuditEvent/PluginStatusLogs.jsx | 9 +-
.../src/views/Encryption/KeyManager.jsx | 72 +++++++-------
.../src/views/PermissionsModule/EditPermission.jsx | 61 +++++++-----
.../views/PolicyListing/AddUpdatePolicyForm.jsx | 2 +-
.../src/views/SecurityZone/SecurityZoneForm.jsx | 74 ++++++++------
.../src/views/ServiceManager/ServiceDefinition.jsx | 21 +++-
.../src/views/ServiceManager/ServiceForm.jsx | 79 +++++++--------
.../views/ServiceManager/ServiceViewDetails.jsx | 23 ++++-
.../UserGroupRoleListing/SyncSourceDetails.jsx | 4 +-
.../groups_details/GroupListing.jsx | 3 +-
.../role_details/RoleListing.jsx | 8 +-
.../users_details/UserFormComp.jsx | 26 ++---
.../users_details/UserListing.jsx | 3 +-
44 files changed, 956 insertions(+), 405 deletions(-)
diff --cc
agents-common/src/main/java/org/apache/ranger/plugin/policyevaluator/RangerAuditPolicyEvaluator.java
index 96610e2eb,9051a8ce4..1d3a16ea0
---
a/agents-common/src/main/java/org/apache/ranger/plugin/policyevaluator/RangerAuditPolicyEvaluator.java
+++
b/agents-common/src/main/java/org/apache/ranger/plugin/policyevaluator/RangerAuditPolicyEvaluator.java
@@@ -100,10 -100,10 +100,10 @@@ public class RangerAuditPolicyEvaluato
}
@Override
- protected void preprocessPolicy(RangerPolicy policy, RangerServiceDef
serviceDef) {
- super.preprocessPolicy(policy, serviceDef);
+ protected void preprocessPolicy(RangerPolicy policy, RangerServiceDef
serviceDef, RangerPolicyEngineOptions options) {
+ super.preprocessPolicy(policy, serviceDef, options);
- Map<String, Collection<String>> impliedAccessGrants =
options.getServiceDefHelper().getImpliedAccessGrants();
+ Map<String, Collection<String>> impliedAccessGrants =
PolicyEngine.getImpliedAccessGrants(serviceDef);
if (impliedAccessGrants == null || impliedAccessGrants.isEmpty()) {
return;
diff --cc
agents-common/src/main/java/org/apache/ranger/plugin/policyevaluator/RangerDefaultPolicyEvaluator.java
index 821f34631,bf7ebe86a..3ea36322e
---
a/agents-common/src/main/java/org/apache/ranger/plugin/policyevaluator/RangerDefaultPolicyEvaluator.java
+++
b/agents-common/src/main/java/org/apache/ranger/plugin/policyevaluator/RangerDefaultPolicyEvaluator.java
@@@ -1153,8 -1165,9 +1165,9 @@@ public class RangerDefaultPolicyEvaluat
if(policy == null || (!hasAllow() && !hasDeny()) || serviceDef
== null) {
return;
}
+ /*
- Map<String, Collection<String>> impliedAccessGrants =
getImpliedAccessGrants(serviceDef);
+ Map<String, Collection<String>> impliedAccessGrants =
options.getServiceDefHelper().getImpliedAccessGrants();
if(impliedAccessGrants == null ||
impliedAccessGrants.isEmpty()) {
return;
diff --cc
agents-common/src/main/java/org/apache/ranger/plugin/util/ServicePolicies.java
index deaf524b1,dd64a6767..225f8526b
---
a/agents-common/src/main/java/org/apache/ranger/plugin/util/ServicePolicies.java
+++
b/agents-common/src/main/java/org/apache/ranger/plugin/util/ServicePolicies.java
@@@ -619,17 -468,69 +625,83 @@@ public class ServicePolicies implement
return ret;
}
+ static public GdsPolicies copyHeader(GdsPolicies source, String
componentServiceName) {
+ GdsPolicies ret = new GdsPolicies();
+
+ ret.setServiceName(source.getServiceName());
+ ret.setServiceId(source.getServiceId());
+ ret.setPolicyVersion(source.getPolicyVersion());
+ ret.setAuditMode(source.getAuditMode());
+
ret.setServiceDef(ServiceDefUtil.normalizeAccessTypeDefs(source.getServiceDef(),
componentServiceName));
+ ret.setPolicyUpdateTime(source.getPolicyUpdateTime());
+ ret.setPolicies(Collections.emptyList());
+
+ return ret;
+ }
++
+ public static ServicePolicies applyDelta(final ServicePolicies
servicePolicies, RangerPolicyEngineImpl policyEngine) {
+ ServicePolicies ret = copyHeader(servicePolicies);
+
+ List<RangerPolicy> oldResourcePolicies =
policyEngine.getResourcePolicies();
+ List<RangerPolicy> oldTagPolicies =
policyEngine.getTagPolicies();
+
+ List<RangerPolicy> newResourcePolicies =
RangerPolicyDeltaUtil.applyDeltas(oldResourcePolicies,
servicePolicies.getPolicyDeltas(), servicePolicies.getServiceDef().getName());
+
+ ret.setPolicies(newResourcePolicies);
+
+ final List<RangerPolicy> newTagPolicies;
+ if (servicePolicies.getTagPolicies() != null) {
+ if (LOG.isDebugEnabled()) {
+ LOG.debug("applyingDeltas for tag policies");
+ }
+ newTagPolicies =
RangerPolicyDeltaUtil.applyDeltas(oldTagPolicies,
servicePolicies.getPolicyDeltas(),
servicePolicies.getTagPolicies().getServiceDef().getName());
+ } else {
+ if (LOG.isDebugEnabled()) {
+ LOG.debug("No need to apply deltas for tag
policies");
+ }
+ newTagPolicies = oldTagPolicies;
+ }
+
+ if (LOG.isDebugEnabled()) {
+ LOG.debug("New tag policies:[" +
Arrays.toString(newTagPolicies.toArray()) + "]");
+ }
+
+ if (ret.getTagPolicies() != null) {
+ ret.getTagPolicies().setPolicies(newTagPolicies);
+ }
+
+ if (MapUtils.isNotEmpty(servicePolicies.getSecurityZones())) {
+ Map<String, SecurityZoneInfo> newSecurityZones = new
HashMap<>();
+
+ for (Map.Entry<String, SecurityZoneInfo> entry :
servicePolicies.getSecurityZones().entrySet()) {
+ String zoneName =
entry.getKey();
+ SecurityZoneInfo zoneInfo = entry.getValue();
+
+ List<RangerPolicy> zoneResourcePolicies =
policyEngine.getResourcePolicies(zoneName);
+ // There are no separate
tag-policy-repositories for each zone
+
+ if (LOG.isDebugEnabled()) {
+ LOG.debug("Applying deltas for
security-zone:[" + zoneName + "]");
+ }
+
+ final List<RangerPolicy> newZonePolicies =
RangerPolicyDeltaUtil.applyDeltas(zoneResourcePolicies,
zoneInfo.getPolicyDeltas(), servicePolicies.getServiceDef().getName());
+
+ if (LOG.isDebugEnabled()) {
+ LOG.debug("New resource policies for
security-zone:[" + zoneName + "], zoneResourcePolicies:[" +
Arrays.toString(newZonePolicies.toArray())+ "]");
+ }
+
+ SecurityZoneInfo newZoneInfo = new
SecurityZoneInfo();
+
+ newZoneInfo.setZoneName(zoneName);
+
newZoneInfo.setResources(zoneInfo.getResources());
+ newZoneInfo.setPolicies(newZonePolicies);
+
+ newSecurityZones.put(zoneName, newZoneInfo);
+ }
+
+ ret.setSecurityZones(newSecurityZones);
+ }
+
+ return ret;
+ }
}
