RANGER-704: Service enable/disable should refresh the policies in the plugins
Signed-off-by: Madhan Neethiraj <[email protected]> Project: http://git-wip-us.apache.org/repos/asf/incubator-ranger/repo Commit: http://git-wip-us.apache.org/repos/asf/incubator-ranger/commit/f17ed115 Tree: http://git-wip-us.apache.org/repos/asf/incubator-ranger/tree/f17ed115 Diff: http://git-wip-us.apache.org/repos/asf/incubator-ranger/diff/f17ed115 Branch: refs/heads/master Commit: f17ed11505a8504954dc3a0f4a7a8751507a1315 Parents: be03c44 Author: Abhay Kulkarni <[email protected]> Authored: Wed Oct 21 14:04:45 2015 -0700 Committer: Madhan Neethiraj <[email protected]> Committed: Wed Oct 21 17:40:32 2015 -0700 ---------------------------------------------------------------------- .../plugin/store/file/ServiceFileStore.java | 25 +++++++--- .../org/apache/ranger/biz/ServiceDBStore.java | 48 +++++++++++--------- 2 files changed, 45 insertions(+), 28 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/f17ed115/agents-common/src/main/java/org/apache/ranger/plugin/store/file/ServiceFileStore.java ---------------------------------------------------------------------- diff --git a/agents-common/src/main/java/org/apache/ranger/plugin/store/file/ServiceFileStore.java b/agents-common/src/main/java/org/apache/ranger/plugin/store/file/ServiceFileStore.java index d71436f..4552fc1 100644 --- a/agents-common/src/main/java/org/apache/ranger/plugin/store/file/ServiceFileStore.java +++ b/agents-common/src/main/java/org/apache/ranger/plugin/store/file/ServiceFileStore.java @@ -346,6 +346,11 @@ public class ServiceFileStore extends AbstractServiceStore { } } + boolean hasIsEnabledChanged = !existing.getIsEnabled().equals(service.getIsEnabled()); + + if (hasIsEnabledChanged) { + handlePolicyUpdate(service); + } RangerService ret = null; try { @@ -741,10 +746,16 @@ public class ServiceFileStore extends AbstractServiceStore { } if(lastKnownVersion == null || service.getPolicyVersion() == null || lastKnownVersion.longValue() != service.getPolicyVersion().longValue()) { - SearchFilter filter = new SearchFilter(SearchFilter.SERVICE_NAME, serviceName); - List<RangerPolicy> policies = getPolicies(filter); + List<RangerPolicy> policies = null; + + if (service.getIsEnabled()) { + SearchFilter filter = new SearchFilter(SearchFilter.SERVICE_NAME, serviceName); + policies = getPolicies(filter); + } else { + policies = new ArrayList<RangerPolicy>(); + } ret = new ServicePolicies(); ret.setServiceId(service.getId()); @@ -760,7 +771,7 @@ public class ServiceFileStore extends AbstractServiceStore { } if(ret != null && ret.getPolicies() != null) { - Collections.sort(ret.getPolicies(), predicateUtil.idComparator); + Collections.sort(ret.getPolicies(), ServicePredicateUtil.idComparator); } return ret; @@ -901,10 +912,10 @@ public class ServiceFileStore extends AbstractServiceStore { } if(ret != null) { - Collections.sort(ret, predicateUtil.idComparator); + Collections.sort(ret, ServicePredicateUtil.idComparator); for(RangerServiceDef sd : ret) { - Collections.sort(sd.getResources(), predicateUtil.resourceLevelComparator); + Collections.sort(sd.getResources(), ServicePredicateUtil.resourceLevelComparator); } } @@ -931,7 +942,7 @@ public class ServiceFileStore extends AbstractServiceStore { } if(ret != null) { - Collections.sort(ret, predicateUtil.idComparator); + Collections.sort(ret, ServicePredicateUtil.idComparator); } return ret; @@ -953,7 +964,7 @@ public class ServiceFileStore extends AbstractServiceStore { } if(ret != null) { - Collections.sort(ret, predicateUtil.idComparator); + Collections.sort(ret, ServicePredicateUtil.idComparator); } if(LOG.isDebugEnabled()) { http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/f17ed115/security-admin/src/main/java/org/apache/ranger/biz/ServiceDBStore.java ---------------------------------------------------------------------- diff --git a/security-admin/src/main/java/org/apache/ranger/biz/ServiceDBStore.java b/security-admin/src/main/java/org/apache/ranger/biz/ServiceDBStore.java index 30c0897..123e5ac 100644 --- a/security-admin/src/main/java/org/apache/ranger/biz/ServiceDBStore.java +++ b/security-admin/src/main/java/org/apache/ranger/biz/ServiceDBStore.java @@ -1177,6 +1177,8 @@ public class ServiceDBStore extends AbstractServiceStore { hasTagServiceValueChanged = true; } + boolean hasIsEnabledChanged = !existing.getIsenabled().equals(service.getIsEnabled()); + if(populateExistingBaseFields) { svcServiceWithAssignedId.setPopulateExistingBaseFields(true); service = svcServiceWithAssignedId.update(service); @@ -1190,12 +1192,11 @@ public class ServiceDBStore extends AbstractServiceStore { service.setTagVersion(existing.getTagVersion()); service.setTagUpdateTime(existing.getTagUpdateTime()); - if (hasTagServiceValueChanged) { - service.setPolicyVersion(getNextVersion(service.getPolicyVersion())); - } - - service = svcService.update(service); + + if (hasTagServiceValueChanged || hasIsEnabledChanged) { + updatePolicyVersion(service); + } } XXService xUpdService = daoMgr.getXXService().getById(service.getId()); @@ -1726,30 +1727,35 @@ public class ServiceDBStore extends AbstractServiceStore { throw new Exception("service-def does not exist. id=" + serviceDbObj.getType()); } + List<RangerPolicy> policies = null; ServicePolicies.TagPolicies tagPolicies = null; - if(serviceDbObj.getTagService() != null) { - XXService tagServiceDbObj = daoMgr.getXXService().getById(serviceDbObj.getTagService()); + if (serviceDbObj.getIsenabled()) { + if (serviceDbObj.getTagService() != null) { + XXService tagServiceDbObj = daoMgr.getXXService().getById(serviceDbObj.getTagService()); - if(tagServiceDbObj != null) { - RangerServiceDef tagServiceDef = getServiceDef(tagServiceDbObj.getType()); + if (tagServiceDbObj != null && tagServiceDbObj.getIsenabled()) { + RangerServiceDef tagServiceDef = getServiceDef(tagServiceDbObj.getType()); - if(tagServiceDef == null) { - throw new Exception("service-def does not exist. id=" + tagServiceDbObj.getType()); - } + if (tagServiceDef == null) { + throw new Exception("service-def does not exist. id=" + tagServiceDbObj.getType()); + } - tagPolicies = new ServicePolicies.TagPolicies(); + tagPolicies = new ServicePolicies.TagPolicies(); - tagPolicies.setServiceId(tagServiceDbObj.getId()); - tagPolicies.setServiceName(tagServiceDbObj.getName()); - tagPolicies.setPolicyVersion(tagServiceDbObj.getPolicyVersion()); - tagPolicies.setPolicyUpdateTime(tagServiceDbObj.getPolicyUpdateTime()); - tagPolicies.setPolicies(getServicePolicies(tagServiceDbObj.getName(), null)); - tagPolicies.setServiceDef(tagServiceDef); + tagPolicies.setServiceId(tagServiceDbObj.getId()); + tagPolicies.setServiceName(tagServiceDbObj.getName()); + tagPolicies.setPolicyVersion(tagServiceDbObj.getPolicyVersion()); + tagPolicies.setPolicyUpdateTime(tagServiceDbObj.getPolicyUpdateTime()); + tagPolicies.setPolicies(getServicePolicies(tagServiceDbObj.getName(), null)); + tagPolicies.setServiceDef(tagServiceDef); + } } - } - List<RangerPolicy> policies = getServicePolicies(serviceName, null); + policies = getServicePolicies(serviceName, null); + } else { + policies = new ArrayList<RangerPolicy>(); + } ret = new ServicePolicies();
