Repository: incubator-ranger Updated Branches: refs/heads/master 4b892a358 -> 5a4e1a31e
RANGER-1021: Ranger plugins should download only enabled policies Signed-off-by: Madhan Neethiraj <[email protected]> Project: http://git-wip-us.apache.org/repos/asf/incubator-ranger/repo Commit: http://git-wip-us.apache.org/repos/asf/incubator-ranger/commit/5a4e1a31 Tree: http://git-wip-us.apache.org/repos/asf/incubator-ranger/tree/5a4e1a31 Diff: http://git-wip-us.apache.org/repos/asf/incubator-ranger/diff/5a4e1a31 Branch: refs/heads/master Commit: 5a4e1a31e8dded60ac288293a14bef5a07fd26c2 Parents: 4b892a3 Author: Abhay Kulkarni <[email protected]> Authored: Sun Jun 12 11:11:51 2016 -0700 Committer: Madhan Neethiraj <[email protected]> Committed: Mon Jun 13 19:48:30 2016 -0700 ---------------------------------------------------------------------- .../org/apache/ranger/rest/ServiceREST.java | 88 +++++++++++++++++++- 1 file changed, 84 insertions(+), 4 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/5a4e1a31/security-admin/src/main/java/org/apache/ranger/rest/ServiceREST.java ---------------------------------------------------------------------- diff --git a/security-admin/src/main/java/org/apache/ranger/rest/ServiceREST.java b/security-admin/src/main/java/org/apache/ranger/rest/ServiceREST.java index 646554e..aa5188c 100644 --- a/security-admin/src/main/java/org/apache/ranger/rest/ServiceREST.java +++ b/security-admin/src/main/java/org/apache/ranger/rest/ServiceREST.java @@ -1803,12 +1803,13 @@ public class ServiceREST { if(RangerPerfTracer.isPerfTraceEnabled(PERF_LOG)) { perf = RangerPerfTracer.getPerfTracer(PERF_LOG, "ServiceREST.getServicePoliciesIfUpdated(serviceName=" + serviceName + ",lastKnownVersion=" + lastKnownVersion + ")"); } - ret = svcStore.getServicePoliciesIfUpdated(serviceName, lastKnownVersion); + ServicePolicies servicePolicies = svcStore.getServicePoliciesIfUpdated(serviceName, lastKnownVersion); - if(ret == null) { + if(servicePolicies == null) { httpCode = HttpServletResponse.SC_NOT_MODIFIED; logMsg = "No change since last update"; } else { + ret = filterServicePolicies(servicePolicies); httpCode = HttpServletResponse.SC_OK; logMsg = "Returning " + (ret.getPolicies() != null ? ret.getPolicies().size() : 0) + " policies. Policy version=" + ret.getPolicyVersion(); } @@ -1883,11 +1884,12 @@ public class ServiceREST { } } if (isAllowed) { - ret = svcStore.getServicePoliciesIfUpdated(serviceName,lastKnownVersion); - if (ret == null) { + ServicePolicies servicePolicies = svcStore.getServicePoliciesIfUpdated(serviceName,lastKnownVersion); + if (servicePolicies == null) { httpCode = HttpServletResponse.SC_NOT_MODIFIED; logMsg = "No change since last update"; } else { + ret = filterServicePolicies(servicePolicies); httpCode = HttpServletResponse.SC_OK; logMsg = "Returning " + (ret.getPolicies() != null ? ret.getPolicies().size() : 0) + " policies. Policy version=" + ret.getPolicyVersion(); } @@ -2340,4 +2342,82 @@ public class ServiceREST { return ret; } + private ServicePolicies filterServicePolicies(ServicePolicies servicePolicies) { + ServicePolicies ret = null; + boolean containsDisabledResourcePolicies = false; + boolean containsDisabledTagPolicies = false; + + if (servicePolicies != null) { + List<RangerPolicy> policies = null; + + policies = servicePolicies.getPolicies(); + if (CollectionUtils.isNotEmpty(policies)) { + for (RangerPolicy policy : policies) { + if (!policy.getIsEnabled()) { + containsDisabledResourcePolicies = true; + break; + } + } + } + + if (servicePolicies.getTagPolicies() != null) { + policies = servicePolicies.getTagPolicies().getPolicies(); + if (CollectionUtils.isNotEmpty(policies)) { + List<RangerPolicy> filteredPolicies = new ArrayList<RangerPolicy>(); + for (RangerPolicy policy : policies) { + if (!policy.getIsEnabled()) { + containsDisabledTagPolicies = true; + break; + } + } + } + } + + if (!containsDisabledResourcePolicies && !containsDisabledTagPolicies) { + ret = servicePolicies; + } else { + ret = new ServicePolicies(); + + ret.setServiceDef(servicePolicies.getServiceDef()); + ret.setServiceId(servicePolicies.getServiceId()); + ret.setServiceName(servicePolicies.getServiceName()); + ret.setPolicyVersion(servicePolicies.getPolicyVersion()); + ret.setPolicyUpdateTime(servicePolicies.getPolicyUpdateTime()); + ret.setPolicies(servicePolicies.getPolicies()); + ret.setTagPolicies(servicePolicies.getTagPolicies()); + + if (containsDisabledResourcePolicies) { + List<RangerPolicy> filteredPolicies = new ArrayList<RangerPolicy>(); + for (RangerPolicy policy : servicePolicies.getPolicies()) { + if (policy.getIsEnabled()) { + filteredPolicies.add(policy); + } + } + ret.setPolicies(filteredPolicies); + } + + if (containsDisabledTagPolicies) { + ServicePolicies.TagPolicies tagPolicies = new ServicePolicies.TagPolicies(); + + tagPolicies.setServiceDef(servicePolicies.getTagPolicies().getServiceDef()); + tagPolicies.setServiceId(servicePolicies.getTagPolicies().getServiceId()); + tagPolicies.setServiceName(servicePolicies.getTagPolicies().getServiceName()); + tagPolicies.setPolicyVersion(servicePolicies.getTagPolicies().getPolicyVersion()); + tagPolicies.setPolicyUpdateTime(servicePolicies.getTagPolicies().getPolicyUpdateTime()); + + List<RangerPolicy> filteredPolicies = new ArrayList<RangerPolicy>(); + for (RangerPolicy policy : servicePolicies.getTagPolicies().getPolicies()) { + if (policy.getIsEnabled()) { + filteredPolicies.add(policy); + } + } + tagPolicies.setPolicies(filteredPolicies); + + ret.setTagPolicies(tagPolicies); + } + } + } + + return ret; + } }
