[ranger] branch master updated: RANGER-4486: ZoneV2 partial update allows duplicate principals and tagServices

[madhan]

This is an automated email from the ASF dual-hosted git repository.

madhan pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/ranger.git


The following commit(s) were added to refs/heads/master by this push:
     new f4db92475 RANGER-4486: ZoneV2 partial update allows duplicate 
principals and tagServices
f4db92475 is described below

commit f4db92475daa4b2590b789a291463f51f0e0af64
Author: Subhrat Chaudhary <such...@yahoo.com>
AuthorDate: Thu Oct 19 23:41:14 2023 -0700

    RANGER-4486: ZoneV2 partial update allows duplicate principals and 
tagServices
    
    Signed-off-by: Madhan Neethiraj <mad...@apache.org>
---
 .../ranger/plugin/util/RangerSecurityZoneHelper.java       | 14 ++++++++++----
 1 file changed, 10 insertions(+), 4 deletions(-)

diff --git 
a/agents-common/src/main/java/org/apache/ranger/plugin/util/RangerSecurityZoneHelper.java
 
b/agents-common/src/main/java/org/apache/ranger/plugin/util/RangerSecurityZoneHelper.java
index facc305fe..fbdacd4a6 100644
--- 
a/agents-common/src/main/java/org/apache/ranger/plugin/util/RangerSecurityZoneHelper.java
+++ 
b/agents-common/src/main/java/org/apache/ranger/plugin/util/RangerSecurityZoneHelper.java
@@ -132,7 +132,7 @@ public class RangerSecurityZoneHelper {
         }
 
         if (changeData.getTagServicesToAdd() != null) {
-            zone.getTagServices().addAll(changeData.getTagServicesToAdd());
+            changeData.getTagServicesToAdd().forEach(tagService -> 
addIfAbsent(tagService, zone.getTagServices()));
         }
 
         if (changeData.getTagServicesToRemove() != null) {
@@ -161,11 +161,11 @@ public class RangerSecurityZoneHelper {
     private void addPrincipals(List<RangerPrincipal> principals, List<String> 
users, List<String> groups, List<String> roles) {
         for (RangerPrincipal principal : principals) {
             if (principal.getType() == RangerPrincipal.PrincipalType.USER) {
-                users.add(principal.getName());
+                addIfAbsent(principal.getName(), users);
             } else if (principal.getType() == 
RangerPrincipal.PrincipalType.GROUP) {
-                groups.add(principal.getName());
+                addIfAbsent(principal.getName(), groups);
             } else if (principal.getType() == 
RangerPrincipal.PrincipalType.ROLE) {
-                roles.add(principal.getName());
+                addIfAbsent(principal.getName(), roles);
             }
         }
     }
@@ -182,6 +182,12 @@ public class RangerSecurityZoneHelper {
         }
     }
 
+    private void addIfAbsent(String item, List<String> lst) {
+        if (!lst.contains(item)) {
+            lst.add(item);
+        }
+    }
+
     public static class RangerSecurityZoneServiceHelper {
         private final RangerSecurityZoneService            zoneService;
         private final String                               currentUser;