This is an automated email from the ASF dual-hosted git repository. madhan pushed a commit to branch ranger-2.6 in repository https://gitbox.apache.org/repos/asf/ranger.git
commit c1223edf5e42695503432268c17ad3c08e58640f Author: Madhan Neethiraj <[email protected]> AuthorDate: Tue Dec 17 11:18:00 2024 -0800 RANGER-4991: updated RangerServiceDefHelper with addition of getAllAccessTypes() --- .../model/validation/RangerServiceDefHelper.java | 14 +++++++++++++- .../ranger/plugin/policyengine/RangerPolicyEngine.java | 3 +++ .../plugin/policyengine/RangerPolicyEngineImpl.java | 18 ++++++++++++++++++ 3 files changed, 34 insertions(+), 1 deletion(-) diff --git a/agents-common/src/main/java/org/apache/ranger/plugin/model/validation/RangerServiceDefHelper.java b/agents-common/src/main/java/org/apache/ranger/plugin/model/validation/RangerServiceDefHelper.java index aee6203d8..fa98ba15d 100644 --- a/agents-common/src/main/java/org/apache/ranger/plugin/model/validation/RangerServiceDefHelper.java +++ b/agents-common/src/main/java/org/apache/ranger/plugin/model/validation/RangerServiceDefHelper.java @@ -30,6 +30,7 @@ import java.util.Map; import java.util.Objects; import java.util.Set; import java.util.concurrent.ConcurrentHashMap; +import java.util.stream.Collectors; import org.apache.commons.collections.CollectionUtils; import org.apache.commons.lang.StringUtils; @@ -350,6 +351,10 @@ public class RangerServiceDefHelper { return _delegate.getWildcardEnabledResourceDef(resourceName, policyType); } + public Set<String> getAllAccessTypes() { + return _delegate.getAllAccessTypes(); + } + public Map<String, Collection<String>> getImpliedAccessGrants() { return _delegate.getImpliedAccessGrants(); } @@ -368,6 +373,7 @@ public class RangerServiceDefHelper { final boolean _valid; final List<String> _orderedResourceNames; final Map<String, Collection<String>> _impliedGrants; + final Set<String> _allAccessTypes; final static Set<List<RangerResourceDef>> EMPTY_RESOURCE_HIERARCHY = Collections.unmodifiableSet(new HashSet<List<RangerResourceDef>>()); @@ -406,7 +412,8 @@ public class RangerServiceDefHelper { } } - _impliedGrants = computeImpliedGrants(); + _impliedGrants = computeImpliedGrants(); + _allAccessTypes = Collections.unmodifiableSet(serviceDef.getAccessTypes().stream().map(RangerAccessTypeDef::getName).collect(Collectors.toSet())); if (isValid) { _orderedResourceNames = buildSortedResourceNames(); @@ -493,6 +500,11 @@ public class RangerServiceDefHelper { public boolean isResourceGraphValid() { return _valid; } + + public Set<String> getAllAccessTypes() { + return _allAccessTypes; + } + /** * Builds a directed graph where each resource is node and arc goes from parent level to child level * diff --git a/agents-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerPolicyEngine.java b/agents-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerPolicyEngine.java index 7bf8c7ca4..37b5418e7 100644 --- a/agents-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerPolicyEngine.java +++ b/agents-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerPolicyEngine.java @@ -25,6 +25,7 @@ import java.util.Set; import org.apache.ranger.plugin.model.RangerPolicy; import org.apache.ranger.plugin.model.RangerServiceDef; +import org.apache.ranger.plugin.model.validation.RangerServiceDefHelper; import org.apache.ranger.plugin.util.GrantRevokeRequest; import org.apache.ranger.plugin.util.RangerAccessRequestUtil; import org.apache.ranger.plugin.util.RangerRoles; @@ -56,6 +57,8 @@ public interface RangerPolicyEngine { RangerServiceDef getServiceDef(); + RangerServiceDefHelper getServiceDefHelper(); + long getPolicyVersion(); long getRoleVersion(); diff --git a/agents-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerPolicyEngineImpl.java b/agents-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerPolicyEngineImpl.java index bb2d57640..514a52c82 100644 --- a/agents-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerPolicyEngineImpl.java +++ b/agents-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerPolicyEngineImpl.java @@ -29,6 +29,7 @@ import org.apache.ranger.authorization.utils.StringUtil; import org.apache.ranger.plugin.contextenricher.RangerTagForEval; import org.apache.ranger.plugin.model.RangerPolicy; import org.apache.ranger.plugin.model.RangerServiceDef; +import org.apache.ranger.plugin.model.validation.RangerServiceDefHelper; import org.apache.ranger.plugin.policyevaluator.RangerPolicyEvaluator; import org.apache.ranger.plugin.policyresourcematcher.RangerPolicyResourceMatcher.MatchType; import org.apache.ranger.plugin.service.RangerDefaultRequestProcessor; @@ -377,6 +378,23 @@ public class RangerPolicyEngineImpl implements RangerPolicyEngine { return ret; } + @Override + public RangerServiceDefHelper getServiceDefHelper() { + final RangerServiceDefHelper ret; + + try (RangerReadWriteLock.RangerLock readLock = policyEngine.getReadLock()) { + if (LOG.isDebugEnabled()) { + if (readLock.isLockingEnabled()) { + LOG.debug("Acquired lock - " + readLock); + } + } + + ret = policyEngine.getServiceDefHelper(); + } + + return ret; + } + @Override public long getPolicyVersion() { long ret;
