This is an automated email from the ASF dual-hosted git repository. madhan pushed a commit to branch master in repository https://gitbox.apache.org/repos/asf/ranger.git
The following commit(s) were added to refs/heads/master by this push: new 3ba5e9263 RANGER-4486: zone-v2 PUT API Partial update #2 3ba5e9263 is described below commit 3ba5e92635f0f61f6a08a0c0a658d8e9d431b6f8 Author: Subhrat Chaudhary <such...@yahoo.com> AuthorDate: Mon Oct 30 22:29:28 2023 -0700 RANGER-4486: zone-v2 PUT API Partial update #2 Signed-off-by: Madhan Neethiraj <mad...@apache.org> --- .../plugin/util/RangerSecurityZoneHelper.java | 46 +++++++++++++++++----- .../org/apache/ranger/rest/SecurityZoneREST.java | 20 +++++++--- 2 files changed, 51 insertions(+), 15 deletions(-) diff --git a/agents-common/src/main/java/org/apache/ranger/plugin/util/RangerSecurityZoneHelper.java b/agents-common/src/main/java/org/apache/ranger/plugin/util/RangerSecurityZoneHelper.java index fbdacd4a6..72ec4a4c7 100644 --- a/agents-common/src/main/java/org/apache/ranger/plugin/util/RangerSecurityZoneHelper.java +++ b/agents-common/src/main/java/org/apache/ranger/plugin/util/RangerSecurityZoneHelper.java @@ -82,7 +82,7 @@ public class RangerSecurityZoneHelper { zone.getServices().remove(serviceName); } - public RangerSecurityZone updateZone(RangerSecurityZoneChangeRequest changeData) { + public RangerSecurityZone updateZone(RangerSecurityZoneChangeRequest changeData) throws Exception { if (changeData.getName() != null) { zone.setName(changeData.getName()); } @@ -116,10 +116,18 @@ public class RangerSecurityZoneHelper { if (zoneServiceHelper != null && zoneService != null && zoneService.getResources() != null) { for (RangerSecurityZoneResource resource : zoneService.getResources()) { if (resource != null) { + final RangerSecurityZoneResource removedResource; + if (resource.getId() != null) { - zoneServiceHelper.removeResource(resource.getId()); + removedResource = zoneServiceHelper.removeResource(resource.getId()); } else if (resource.getResource() != null) { - zoneServiceHelper.removeResource(resource.getResource()); + removedResource = zoneServiceHelper.removeResource(resource.getResource()); + } else { + removedResource = null; + } + + if (removedResource == null) { + throw new Exception(resource + ": resource not in zone"); } } } @@ -136,7 +144,11 @@ public class RangerSecurityZoneHelper { } if (changeData.getTagServicesToRemove() != null) { - zone.getTagServices().removeAll(changeData.getTagServicesToRemove()); + for (String tagServiceToRemove : changeData.getTagServicesToRemove()) { + if (!zone.getTagServices().remove(tagServiceToRemove)) { + throw new Exception(tagServiceToRemove + ": tag service not in zone"); + } + } } if (changeData.getAdminsToAdd() != null) { @@ -170,14 +182,20 @@ public class RangerSecurityZoneHelper { } } - private void removePrincipals(List<RangerPrincipal> principals, List<String> users, List<String> groups, List<String> roles) { + private void removePrincipals(List<RangerPrincipal> principals, List<String> users, List<String> groups, List<String> roles) throws Exception { for (RangerPrincipal principal : principals) { + boolean isRemoved = false; + if (principal.getType() == RangerPrincipal.PrincipalType.USER) { - users.remove(principal.getName()); + isRemoved = users.remove(principal.getName()); } else if (principal.getType() == RangerPrincipal.PrincipalType.GROUP) { - groups.remove(principal.getName()); + isRemoved = groups.remove(principal.getName()); } else if (principal.getType() == RangerPrincipal.PrincipalType.ROLE) { - roles.remove(principal.getName()); + isRemoved = roles.remove(principal.getName()); + } + + if(!isRemoved) { + throw new Exception(principal + ": principal not an admin or auditor in zone"); } } } @@ -308,7 +326,7 @@ public class RangerSecurityZoneHelper { if (resourceIdx == -1) { addResource(resource); } else { - setUpdated(resource); + setUpdated(resource, resourceIdx); resources.set(resourceIdx, (HashMap<String, List<String>>) resource.getResource()); resourcesBaseInfo.set(resourceIdx, new RangerSecurityZoneResourceBase(resource)); @@ -397,7 +415,15 @@ public class RangerSecurityZoneHelper { baseInfo.setUpdateTime(new Date()); } - private void setUpdated(RangerSecurityZoneResourceBase baseInfo) { + private void setUpdated(RangerSecurityZoneResourceBase baseInfo, int idx) { + RangerSecurityZoneResourceBase resourceBase = (resourcesBaseInfo != null && resourcesBaseInfo.size() > idx) ? resourcesBaseInfo.get(idx) : null; + + if(resourceBase != null) { + baseInfo.setId(resourceBase.getId()); + baseInfo.setCreatedBy(resourceBase.getCreatedBy()); + baseInfo.setCreateTime(resourceBase.getCreateTime()); + } + baseInfo.setUpdatedBy(currentUser); baseInfo.setUpdateTime(new Date()); } diff --git a/security-admin/src/main/java/org/apache/ranger/rest/SecurityZoneREST.java b/security-admin/src/main/java/org/apache/ranger/rest/SecurityZoneREST.java index f45cdd396..6513ad6b5 100644 --- a/security-admin/src/main/java/org/apache/ranger/rest/SecurityZoneREST.java +++ b/security-admin/src/main/java/org/apache/ranger/rest/SecurityZoneREST.java @@ -476,12 +476,22 @@ public class SecurityZoneREST { public Boolean updateSecurityZone(Long zoneId, RangerSecurityZoneChangeRequest changeData) { LOG.debug("==> updateSecurityZone({}, {})", zoneId, changeData); - RangerSecurityZone zone = getSecurityZone(zoneId); - RangerSecurityZoneHelper zoneHelper = new RangerSecurityZoneHelper(zone, bizUtil.getCurrentUserLoginId()); - RangerSecurityZone updatedZone = zoneHelper.updateZone(changeData); + Boolean ret; - RangerSecurityZone retV1 = updateSecurityZone(zoneId, updatedZone); - Boolean ret = retV1 != null; + try { + RangerSecurityZone zone = getSecurityZone(zoneId); + RangerSecurityZoneHelper zoneHelper = new RangerSecurityZoneHelper(zone, bizUtil.getCurrentUserLoginId()); + RangerSecurityZone updatedZone = zoneHelper.updateZone(changeData); + + RangerSecurityZone retV1 = updateSecurityZone(zoneId, updatedZone); + ret = retV1 != null; + } catch (WebApplicationException excp) { + throw excp; + } catch (Throwable excp) { + LOG.error("updateSecurityZone({}, {})", zoneId, changeData, excp); + + throw restErrorUtil.createRESTException(excp.getMessage()); + } LOG.debug("<== updateSecurityZone({}, {}): ret={}", zoneId, changeData, ret);