RANGER-562: Policy migration updated to ignore incorrect permission type and continue with migration
Signed-off-by: Madhan Neethiraj <[email protected]> Project: http://git-wip-us.apache.org/repos/asf/incubator-ranger/repo Commit: http://git-wip-us.apache.org/repos/asf/incubator-ranger/commit/e2a59009 Tree: http://git-wip-us.apache.org/repos/asf/incubator-ranger/tree/e2a59009 Diff: http://git-wip-us.apache.org/repos/asf/incubator-ranger/diff/e2a59009 Branch: refs/heads/tag-policy Commit: e2a590096a3637398565f70a53726e4b253ed1f9 Parents: 6f903e3 Author: Gautam Borad <[email protected]> Authored: Fri Jun 19 18:33:59 2015 -0400 Committer: Madhan Neethiraj <[email protected]> Committed: Fri Jun 19 18:34:50 2015 -0400 ---------------------------------------------------------------------- .../ranger/patch/PatchMigration_J10002.java | 28 +++++++++++++++++++- 1 file changed, 27 insertions(+), 1 deletion(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/e2a59009/security-admin/src/main/java/org/apache/ranger/patch/PatchMigration_J10002.java ---------------------------------------------------------------------- diff --git a/security-admin/src/main/java/org/apache/ranger/patch/PatchMigration_J10002.java b/security-admin/src/main/java/org/apache/ranger/patch/PatchMigration_J10002.java index 1747324..44306d8 100644 --- a/security-admin/src/main/java/org/apache/ranger/patch/PatchMigration_J10002.java +++ b/security-admin/src/main/java/org/apache/ranger/patch/PatchMigration_J10002.java @@ -20,10 +20,13 @@ package org.apache.ranger.patch; import java.util.ArrayList; import java.util.Collections; import java.util.HashMap; +import java.util.HashSet; import java.util.List; import java.util.Map; import java.util.Map.Entry; +import java.util.Set; +import org.apache.commons.collections.CollectionUtils; import org.apache.commons.lang.StringUtils; import org.apache.log4j.Logger; import org.apache.ranger.biz.RangerBizUtil; @@ -91,6 +94,15 @@ public class PatchMigration_J10002 extends BaseLoader { private static int policyCounter = 0; private static int serviceCounter = 0; + static Set<String> unsupportedLegacyPermTypes = new HashSet<String>(); + + static { + unsupportedLegacyPermTypes.add("Unknown"); + unsupportedLegacyPermTypes.add("Reset"); + unsupportedLegacyPermTypes.add("Obfuscate"); + unsupportedLegacyPermTypes.add("Mask"); + } + public static void main(String[] args) { logger.info("main()"); try { @@ -451,6 +463,10 @@ public class PatchMigration_J10002 extends BaseLoader { } String accessType = ServiceUtil.toAccessType(permMap.getPermType()); + if(StringUtils.isBlank(accessType) || unsupportedLegacyPermTypes.contains(accessType)) { + logger.info(accessType + ": is not a valid access-type, ignoring accesstype for policy: " + xRes.getPolicyName()); + continue; + } if(StringUtils.equalsIgnoreCase(accessType, "Admin")) { policyItem.setDelegateAdmin(Boolean.TRUE); @@ -464,6 +480,16 @@ public class PatchMigration_J10002 extends BaseLoader { ipAddress = permMap.getIpAddress(); } + if(CollectionUtils.isEmpty(accessList)) { + logger.info("no access specified. ignoring policyItem for policy: " + xRes.getPolicyName()); + continue; + } + + if(CollectionUtils.isEmpty(userList) && CollectionUtils.isEmpty(groupList)) { + logger.info("no user or group specified. ignoring policyItem for policy: " + xRes.getPolicyName()); + continue; + } + policyItem.setUsers(userList); policyItem.setGroups(groupList); policyItem.setAccesses(accessList); @@ -525,4 +551,4 @@ public class PatchMigration_J10002 extends BaseLoader { return groupName; } -} \ No newline at end of file +}
