incubator-ranger git commit: RANGER-454: updated default policy for KMS service to grant access to public group

[madhan]

Repository: incubator-ranger
Updated Branches:
  refs/heads/master 4faca7151 -> b28a924dc


RANGER-454: updated default policy for KMS service to grant access to public 
group


Project: http://git-wip-us.apache.org/repos/asf/incubator-ranger/repo
Commit: http://git-wip-us.apache.org/repos/asf/incubator-ranger/commit/b28a924d
Tree: http://git-wip-us.apache.org/repos/asf/incubator-ranger/tree/b28a924d
Diff: http://git-wip-us.apache.org/repos/asf/incubator-ranger/diff/b28a924d

Branch: refs/heads/master
Commit: b28a924dc3199dfd1986419c1f9f63cfcdeadd32
Parents: 4faca71
Author: Madhan Neethiraj <mad...@apache.org>
Authored: Mon May 4 15:12:58 2015 -0700
Committer: Madhan Neethiraj <mad...@apache.org>
Committed: Mon May 4 15:12:58 2015 -0700

----------------------------------------------------------------------
 .../src/main/java/org/apache/ranger/biz/ServiceDBStore.java | 9 +++++++++
 1 file changed, 9 insertions(+)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/b28a924d/security-admin/src/main/java/org/apache/ranger/biz/ServiceDBStore.java
----------------------------------------------------------------------
diff --git 
a/security-admin/src/main/java/org/apache/ranger/biz/ServiceDBStore.java 
b/security-admin/src/main/java/org/apache/ranger/biz/ServiceDBStore.java
index 5542f72..d217f61 100644
--- a/security-admin/src/main/java/org/apache/ranger/biz/ServiceDBStore.java
+++ b/security-admin/src/main/java/org/apache/ranger/biz/ServiceDBStore.java
@@ -39,6 +39,7 @@ import org.apache.ranger.common.MessageEnums;
 import org.apache.ranger.common.PasswordUtils;
 import org.apache.ranger.common.RESTErrorUtil;
 import org.apache.ranger.common.RangerCommonEnums;
+import org.apache.ranger.common.RangerConstants;
 import org.apache.ranger.common.StringUtil;
 import org.apache.ranger.common.UserSessionBase;
 import org.apache.ranger.db.RangerDaoManager;
@@ -1643,6 +1644,14 @@ public class ServiceDBStore extends AbstractServiceStore 
{
                        List<String> users = new ArrayList<String>();
                        users.add(vXUser.getName());
                        policyItem.setUsers(users);
+
+                       // Default policy for KMS should grant all access to 
'public'
+                       long serviceType = createdService.getType() == null ? 
-1 : createdService.getType();
+                       if(serviceType == 
EmbeddedServiceDefsUtil.instance().getKmsServiceDefId()) {
+                               List<String> groups = new ArrayList<String>();
+                               groups.add(RangerConstants.GROUP_PUBLIC);
+                               policyItem.setGroups(groups);
+                       }
                        
                        List<XXAccessTypeDef> accessTypeDefs = 
daoMgr.getXXAccessTypeDef().findByServiceDefId(createdService.getType());
                        List<RangerPolicyItemAccess> accesses = new 
ArrayList<RangerPolicyItemAccess>();