This is an automated email from the ASF dual-hosted git repository.
madhan pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/ranger.git
The following commit(s) were added to refs/heads/master by this push:
new 3ba5e9263 RANGER-4486: zone-v2 PUT API Partial update #2
3ba5e9263 is described below
commit 3ba5e92635f0f61f6a08a0c0a658d8e9d431b6f8
Author: Subhrat Chaudhary <[email protected]>
AuthorDate: Mon Oct 30 22:29:28 2023 -0700
RANGER-4486: zone-v2 PUT API Partial update #2
Signed-off-by: Madhan Neethiraj <[email protected]>
---
.../plugin/util/RangerSecurityZoneHelper.java | 46 +++++++++++++++++-----
.../org/apache/ranger/rest/SecurityZoneREST.java | 20 +++++++---
2 files changed, 51 insertions(+), 15 deletions(-)
diff --git
a/agents-common/src/main/java/org/apache/ranger/plugin/util/RangerSecurityZoneHelper.java
b/agents-common/src/main/java/org/apache/ranger/plugin/util/RangerSecurityZoneHelper.java
index fbdacd4a6..72ec4a4c7 100644
---
a/agents-common/src/main/java/org/apache/ranger/plugin/util/RangerSecurityZoneHelper.java
+++
b/agents-common/src/main/java/org/apache/ranger/plugin/util/RangerSecurityZoneHelper.java
@@ -82,7 +82,7 @@ public class RangerSecurityZoneHelper {
zone.getServices().remove(serviceName);
}
- public RangerSecurityZone updateZone(RangerSecurityZoneChangeRequest
changeData) {
+ public RangerSecurityZone updateZone(RangerSecurityZoneChangeRequest
changeData) throws Exception {
if (changeData.getName() != null) {
zone.setName(changeData.getName());
}
@@ -116,10 +116,18 @@ public class RangerSecurityZoneHelper {
if (zoneServiceHelper != null && zoneService != null &&
zoneService.getResources() != null) {
for (RangerSecurityZoneResource resource :
zoneService.getResources()) {
if (resource != null) {
+ final RangerSecurityZoneResource removedResource;
+
if (resource.getId() != null) {
-
zoneServiceHelper.removeResource(resource.getId());
+ removedResource =
zoneServiceHelper.removeResource(resource.getId());
} else if (resource.getResource() != null) {
-
zoneServiceHelper.removeResource(resource.getResource());
+ removedResource =
zoneServiceHelper.removeResource(resource.getResource());
+ } else {
+ removedResource = null;
+ }
+
+ if (removedResource == null) {
+ throw new Exception(resource + ": resource not
in zone");
}
}
}
@@ -136,7 +144,11 @@ public class RangerSecurityZoneHelper {
}
if (changeData.getTagServicesToRemove() != null) {
-
zone.getTagServices().removeAll(changeData.getTagServicesToRemove());
+ for (String tagServiceToRemove :
changeData.getTagServicesToRemove()) {
+ if (!zone.getTagServices().remove(tagServiceToRemove)) {
+ throw new Exception(tagServiceToRemove + ": tag service
not in zone");
+ }
+ }
}
if (changeData.getAdminsToAdd() != null) {
@@ -170,14 +182,20 @@ public class RangerSecurityZoneHelper {
}
}
- private void removePrincipals(List<RangerPrincipal> principals,
List<String> users, List<String> groups, List<String> roles) {
+ private void removePrincipals(List<RangerPrincipal> principals,
List<String> users, List<String> groups, List<String> roles) throws Exception {
for (RangerPrincipal principal : principals) {
+ boolean isRemoved = false;
+
if (principal.getType() == RangerPrincipal.PrincipalType.USER) {
- users.remove(principal.getName());
+ isRemoved = users.remove(principal.getName());
} else if (principal.getType() ==
RangerPrincipal.PrincipalType.GROUP) {
- groups.remove(principal.getName());
+ isRemoved = groups.remove(principal.getName());
} else if (principal.getType() ==
RangerPrincipal.PrincipalType.ROLE) {
- roles.remove(principal.getName());
+ isRemoved = roles.remove(principal.getName());
+ }
+
+ if(!isRemoved) {
+ throw new Exception(principal + ": principal not an admin or
auditor in zone");
}
}
}
@@ -308,7 +326,7 @@ public class RangerSecurityZoneHelper {
if (resourceIdx == -1) {
addResource(resource);
} else {
- setUpdated(resource);
+ setUpdated(resource, resourceIdx);
resources.set(resourceIdx, (HashMap<String, List<String>>)
resource.getResource());
resourcesBaseInfo.set(resourceIdx, new
RangerSecurityZoneResourceBase(resource));
@@ -397,7 +415,15 @@ public class RangerSecurityZoneHelper {
baseInfo.setUpdateTime(new Date());
}
- private void setUpdated(RangerSecurityZoneResourceBase baseInfo) {
+ private void setUpdated(RangerSecurityZoneResourceBase baseInfo, int
idx) {
+ RangerSecurityZoneResourceBase resourceBase = (resourcesBaseInfo
!= null && resourcesBaseInfo.size() > idx) ? resourcesBaseInfo.get(idx) : null;
+
+ if(resourceBase != null) {
+ baseInfo.setId(resourceBase.getId());
+ baseInfo.setCreatedBy(resourceBase.getCreatedBy());
+ baseInfo.setCreateTime(resourceBase.getCreateTime());
+ }
+
baseInfo.setUpdatedBy(currentUser);
baseInfo.setUpdateTime(new Date());
}
diff --git
a/security-admin/src/main/java/org/apache/ranger/rest/SecurityZoneREST.java
b/security-admin/src/main/java/org/apache/ranger/rest/SecurityZoneREST.java
index f45cdd396..6513ad6b5 100644
--- a/security-admin/src/main/java/org/apache/ranger/rest/SecurityZoneREST.java
+++ b/security-admin/src/main/java/org/apache/ranger/rest/SecurityZoneREST.java
@@ -476,12 +476,22 @@ public class SecurityZoneREST {
public Boolean updateSecurityZone(Long zoneId,
RangerSecurityZoneChangeRequest changeData) {
LOG.debug("==> updateSecurityZone({}, {})", zoneId, changeData);
- RangerSecurityZone zone = getSecurityZone(zoneId);
- RangerSecurityZoneHelper zoneHelper = new
RangerSecurityZoneHelper(zone, bizUtil.getCurrentUserLoginId());
- RangerSecurityZone updatedZone =
zoneHelper.updateZone(changeData);
+ Boolean ret;
- RangerSecurityZone retV1 = updateSecurityZone(zoneId, updatedZone);
- Boolean ret = retV1 != null;
+ try {
+ RangerSecurityZone zone = getSecurityZone(zoneId);
+ RangerSecurityZoneHelper zoneHelper = new
RangerSecurityZoneHelper(zone, bizUtil.getCurrentUserLoginId());
+ RangerSecurityZone updatedZone =
zoneHelper.updateZone(changeData);
+
+ RangerSecurityZone retV1 = updateSecurityZone(zoneId, updatedZone);
+ ret = retV1 != null;
+ } catch (WebApplicationException excp) {
+ throw excp;
+ } catch (Throwable excp) {
+ LOG.error("updateSecurityZone({}, {})", zoneId, changeData, excp);
+
+ throw restErrorUtil.createRESTException(excp.getMessage());
+ }
LOG.debug("<== updateSecurityZone({}, {}): ret={}", zoneId,
changeData, ret);
