date:20231004

[ranger] branch master updated (b0ae138ce -> 376c8f7d6)

2023-10-04 Thread rmani

This is an automated email from the ASF dual-hosted git repository.

rmani pushed a change to branch master
in repository https://gitbox.apache.org/repos/asf/ranger.git


from b0ae138ce RANGER-4378: updated implied-grants handling to use 
RangerServiceDefHelper
 add 376c8f7d6 RANGER-4400: Fixed ConcurrentModificationException in 
RangerKafkaAuditHandler.processResults(Collection results) 
(#285)

No new revisions were added by this update.

Summary of changes:
 .../kafka/authorizer/RangerKafkaAuditHandler.java  | 78 --
 1 file changed, 29 insertions(+), 49 deletions(-)

[ranger] 01/02: RANGER-4455: updated RangerGdsValidator to account for permissions assigned to public group

2023-10-04 Thread madhan

This is an automated email from the ASF dual-hosted git repository.

madhan pushed a commit to branch RANGER-3923
in repository https://gitbox.apache.org/repos/asf/ranger.git

commit bee247bd42ce542b00cbffe8a27e41180443dfa4
Author: prashant 
AuthorDate: Wed Oct 4 16:45:25 2023 +0530

RANGER-4455: updated RangerGdsValidator to account for permissions assigned 
to public group

Signed-off-by: Madhan Neethiraj 
---
 .../ranger/validation/RangerGdsValidator.java  | 49 +-
 1 file changed, 30 insertions(+), 19 deletions(-)

diff --git 
a/security-admin/src/main/java/org/apache/ranger/validation/RangerGdsValidator.java
 
b/security-admin/src/main/java/org/apache/ranger/validation/RangerGdsValidator.java
index be5ac56e6..d9f204eef 100755
--- 
a/security-admin/src/main/java/org/apache/ranger/validation/RangerGdsValidator.java
+++ 
b/security-admin/src/main/java/org/apache/ranger/validation/RangerGdsValidator.java
@@ -22,6 +22,7 @@ import org.apache.commons.collections.MapUtils;
 import org.apache.commons.lang.StringUtils;
 import org.apache.ranger.common.MessageEnums;
 import org.apache.ranger.common.RESTErrorUtil;
+import org.apache.ranger.common.RangerConstants;
 import org.apache.ranger.plugin.errors.ValidationErrorCode;
 import org.apache.ranger.plugin.model.RangerGds;
 import org.apache.ranger.plugin.model.RangerGds.GdsPermission;
@@ -62,21 +63,23 @@ public class RangerGdsValidator {
 
 GdsPermission permission = GdsPermission.NONE;
 
-   if (acl.getUsers() != null) {
+if (acl.getUsers() != null) {
 permission = getHigherPrivilegePermission(permission, 
acl.getUsers().get(user));
-   }
+}
+
+if (acl.getGroups() != null) {
+permission = getHigherPrivilegePermission(permission, 
acl.getGroups().get(RangerConstants.GROUP_PUBLIC));
 
-   if (acl.getGroups() != null) {
-   Set groups = 
dataProvider.getGroupsForUser(user);
+Set groups = dataProvider.getGroupsForUser(user);
 
 if (CollectionUtils.isNotEmpty(groups)) {
 for (String group : groups) {
 permission = getHigherPrivilegePermission(permission, 
acl.getGroups().get(group));
 }
 }
-   }
+}
 
-   if (acl.getRoles() != null) {
+if (acl.getRoles() != null) {
 Set roles = dataProvider.getRolesForUser(user);
 
 if (CollectionUtils.isNotEmpty(roles)) {
@@ -84,9 +87,9 @@ public class RangerGdsValidator {
 permission = getHigherPrivilegePermission(permission, 
acl.getRoles().get(role));
 }
 }
-   }
+}
 
-   return permission;
+return permission;
 }
 
 public void validateCreate(RangerDataset dataset) {
@@ -564,13 +567,17 @@ public class RangerGdsValidator {
 }
 
 if (!ret && acl.getGroups() != null) {
-Set userGroups = 
dataProvider.getGroupsForUser(userName);
+ret = 
isAllowed(acl.getGroups().get(RangerConstants.GROUP_PUBLIC), permission);
 
-for (String userGroup : userGroups) {
-ret = isAllowed(acl.getGroups().get(userGroup), 
permission);
+if(!ret) {
+Set userGroups = 
dataProvider.getGroupsForUser(userName);
 
-if (ret) {
-break;
+for (String userGroup : userGroups) {
+ret = isAllowed(acl.getGroups().get(userGroup), 
permission);
+
+if (ret) {
+break;
+}
 }
 }
 }
@@ -648,14 +655,18 @@ public class RangerGdsValidator {
 }
 
 if (!isAdmin && MapUtils.isNotEmpty(acl.getGroups())) {
-Set userGroups = 
dataProvider.getGroupsForUser(userName);
+isAdmin = 
isAllowed(acl.getGroups().get(RangerConstants.GROUP_PUBLIC), 
GdsPermission.ADMIN);
 
-if (userGroups != null) {
-for (String userGroup : userGroups) {
-isAdmin = isAllowed(acl.getGroups().get(userGroup), 
GdsPermission.ADMIN);
+if (!isAdmin) {
+Set userGroups = 
dataProvider.getGroupsForUser(userName);
 
-if (isAdmin) {
-break;
+if (userGroups != null) {
+for (String userGroup : userGroups) {
+isAdmin = 
isAllowed(acl.getGroups().get(userGroup), GdsPermission.ADMIN);
+
+if (isAdmin) {
+break;
+}
 }
 }
 }

[ranger] branch RANGER-3923 updated (ff6f20d23 -> 4c37f3080)

2023-10-04 Thread madhan

This is an automated email from the ASF dual-hosted git repository.

madhan pushed a change to branch RANGER-3923
in repository https://gitbox.apache.org/repos/asf/ranger.git


from ff6f20d23 Merge branch 'master' into RANGER-3923
 new bee247bd4 RANGER-4455: updated RangerGdsValidator to account for 
permissions assigned to public group
 new 4c37f3080 RANGER-4410: updated sharedResource search to support filter 
by zone-id and zone-name

The 2 revisions listed above as "new" are entirely new to this
repository and will be described in separate emails.  The revisions
listed as "add" were already present in the repository and have only
been added to this reference.


Summary of changes:
 .../service/RangerGdsSharedResourceService.java|  3 ++
 .../ranger/validation/RangerGdsValidator.java  | 49 +-
 2 files changed, 33 insertions(+), 19 deletions(-)

[ranger] 02/02: RANGER-4410: updated sharedResource search to support filter by zone-id and zone-name

2023-10-04 Thread madhan

This is an automated email from the ASF dual-hosted git repository.

madhan pushed a commit to branch RANGER-3923
in repository https://gitbox.apache.org/repos/asf/ranger.git

commit 4c37f308017e3acee694e9b13cdfee01da817e10
Author: root 
AuthorDate: Wed Oct 4 18:18:59 2023 +0530

RANGER-4410: updated sharedResource search to support filter by zone-id and 
zone-name

Signed-off-by: Madhan Neethiraj 
---
 .../java/org/apache/ranger/service/RangerGdsSharedResourceService.java | 3 +++
 1 file changed, 3 insertions(+)

diff --git 
a/security-admin/src/main/java/org/apache/ranger/service/RangerGdsSharedResourceService.java
 
b/security-admin/src/main/java/org/apache/ranger/service/RangerGdsSharedResourceService.java
index eadbb9228..7f6dee9ec 100755
--- 
a/security-admin/src/main/java/org/apache/ranger/service/RangerGdsSharedResourceService.java
+++ 
b/security-admin/src/main/java/org/apache/ranger/service/RangerGdsSharedResourceService.java
@@ -64,6 +64,9 @@ public class RangerGdsSharedResourceService extends 
RangerGdsBaseModelService

[ranger] 01/01: Merge branch 'master' into RANGER-3923

2023-10-04 Thread madhan

This is an automated email from the ASF dual-hosted git repository.

madhan pushed a commit to branch RANGER-3923
in repository https://gitbox.apache.org/repos/asf/ranger.git

commit ff6f20d23a10a907203978850a804b1cbdf0118f
Merge: 249b47083 b0ae138ce
Author: Madhan Neethiraj 
AuthorDate: Wed Oct 4 09:36:05 2023 -0700

Merge branch 'master' into RANGER-3923

 .../plugin/model/RangerSecurityZoneHeaderInfo.java |   7 +
 .../service-defs/ranger-servicedef-kafka.json  |   2 +-
 .../org/apache/ranger/biz/SecurityZoneDBStore.java |   7 +
 .../org/apache/ranger/db/XXSecurityZoneDao.java|  23 +++
 .../java/org/apache/ranger/rest/PublicAPIsv2.java  |  16 ++
 .../org/apache/ranger/rest/SecurityZoneREST.java   |  27 
 .../main/resources/META-INF/jpa_named_queries.xml  |  12 ++
 .../main/webapp/react-webapp/src/views/Home.jsx|  13 +-
 .../views/PolicyListing/PolicyListingTabView.jsx   | 169 ++---
 .../views/PolicyListing/PolicyPermissionItem.jsx   |   1 +
 .../views/PolicyListing/TagBasePermissionItem.jsx  |  81 ++
 .../src/views/SecurityZone/SecurityZoneForm.jsx|   2 +-
 .../src/views/ServiceManager/ImportPolicy.jsx  |  27 +++-
 .../views/ServiceManager/ServiceDefinitions.jsx|  14 +-
 .../react-webapp/src/views/SideBar/TopNavBar.jsx   |   6 -
 15 files changed, 226 insertions(+), 181 deletions(-)

[ranger] branch RANGER-3923 updated (249b47083 -> ff6f20d23)

2023-10-04 Thread madhan

This is an automated email from the ASF dual-hosted git repository.

madhan pushed a change to branch RANGER-3923
in repository https://gitbox.apache.org/repos/asf/ranger.git


from 249b47083 RANGER-4442: add creator as ADMIN in ACL dataShare, dataset 
and project
 add ee7bf6909 RANGER-4348: Filter audits for cc_metric_reporter user on 
Kafka service repo
 add e23d09f49 RANGER-4419 : In Tag-based policy from Ranger Admin UI, 
Allow Conditions permissions item is not showing services permissions which 
have enableDenyAndExceptionsInPolicies flag false.
 add f400998bd RANGER-4399 : Need to fix zone drop-down option in policy 
listing for user not having 'Security Zone' module permission
 add b0ae138ce RANGER-4378: updated implied-grants handling to use 
RangerServiceDefHelper
 new ff6f20d23 Merge branch 'master' into RANGER-3923

The 1 revisions listed above as "new" are entirely new to this
repository and will be described in separate emails.  The revisions
listed as "add" were already present in the repository and have only
been added to this reference.


Summary of changes:
 .../plugin/model/RangerSecurityZoneHeaderInfo.java |   7 +
 .../service-defs/ranger-servicedef-kafka.json  |   2 +-
 .../org/apache/ranger/biz/SecurityZoneDBStore.java |   7 +
 .../org/apache/ranger/db/XXSecurityZoneDao.java|  23 +++
 .../java/org/apache/ranger/rest/PublicAPIsv2.java  |  16 ++
 .../org/apache/ranger/rest/SecurityZoneREST.java   |  27 
 .../main/resources/META-INF/jpa_named_queries.xml  |  12 ++
 .../main/webapp/react-webapp/src/views/Home.jsx|  13 +-
 .../views/PolicyListing/PolicyListingTabView.jsx   | 169 ++---
 .../views/PolicyListing/PolicyPermissionItem.jsx   |   1 +
 .../views/PolicyListing/TagBasePermissionItem.jsx  |  81 ++
 .../src/views/SecurityZone/SecurityZoneForm.jsx|   2 +-
 .../src/views/ServiceManager/ImportPolicy.jsx  |  27 +++-
 .../views/ServiceManager/ServiceDefinitions.jsx|  14 +-
 .../react-webapp/src/views/SideBar/TopNavBar.jsx   |   6 -
 15 files changed, 226 insertions(+), 181 deletions(-)

[ranger] branch master updated: RANGER-4378: updated implied-grants handling to use RangerServiceDefHelper

2023-10-04 Thread madhan

This is an automated email from the ASF dual-hosted git repository.

madhan pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/ranger.git


The following commit(s) were added to refs/heads/master by this push:
 new b0ae138ce RANGER-4378: updated implied-grants handling to use 
RangerServiceDefHelper
b0ae138ce is described below

commit b0ae138ce7d55a0e1f75702a432af6124b832a08
Author: Madhan Neethiraj 
AuthorDate: Mon Oct 2 03:38:31 2023 -0700

RANGER-4378: updated implied-grants handling to use RangerServiceDefHelper
---
 .../model/validation/RangerServiceDefHelper.java   | 32 ++
 .../ranger/plugin/policyengine/PolicyEngine.java   | 27 --
 2 files changed, 38 insertions(+), 21 deletions(-)

diff --git 
a/agents-common/src/main/java/org/apache/ranger/plugin/model/validation/RangerServiceDefHelper.java
 
b/agents-common/src/main/java/org/apache/ranger/plugin/model/validation/RangerServiceDefHelper.java
index 4e287f9a4..c1388abc2 100644
--- 
a/agents-common/src/main/java/org/apache/ranger/plugin/model/validation/RangerServiceDefHelper.java
+++ 
b/agents-common/src/main/java/org/apache/ranger/plugin/model/validation/RangerServiceDefHelper.java
@@ -36,6 +36,7 @@ import org.apache.commons.collections.CollectionUtils;
 import org.apache.commons.lang.StringUtils;
 import org.apache.ranger.plugin.model.RangerPolicy;
 import org.apache.ranger.plugin.model.RangerServiceDef;
+import org.apache.ranger.plugin.model.RangerServiceDef.RangerAccessTypeDef;
 import org.apache.ranger.plugin.model.RangerServiceDef.RangerResourceDef;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
@@ -311,6 +312,10 @@ public class RangerServiceDefHelper {
return _delegate.getWildcardEnabledResourceDef(resourceName, 
policyType);
}
 
+   public Map> getImpliedAccessGrants() {
+   return _delegate.getImpliedAccessGrants();
+   }
+
/**
 * Not designed for public access.  Package level only for testability.
 */
@@ -323,6 +328,7 @@ public class RangerServiceDefHelper {
final boolean _checkForCycles;
final boolean _valid;
final List _orderedResourceNames;
+   final Map> _impliedGrants;
final static Set> 
EMPTY_RESOURCE_HIERARCHY = Collections.unmodifiableSet(new 
HashSet>());
 
 
@@ -352,6 +358,8 @@ public class RangerServiceDefHelper {
}
}
 
+   _impliedGrants = computeImpliedGrants();
+
if (isValid) {
_orderedResourceNames = 
buildSortedResourceNames();
} else {
@@ -611,6 +619,30 @@ public class RangerServiceDefHelper {
return this._orderedResourceNames;
}
 
+   Map> getImpliedAccessGrants() { 
return _impliedGrants; }
+
+   private Map> computeImpliedGrants() {
+   Map> ret = new HashMap<>();
+
+   if (_serviceDef != null && 
CollectionUtils.isNotEmpty(_serviceDef.getAccessTypes())) {
+   for (RangerAccessTypeDef accessTypeDef : 
_serviceDef.getAccessTypes()) {
+   if 
(CollectionUtils.isNotEmpty(accessTypeDef.getImpliedGrants())) {
+   Collection 
impliedAccessGrants = ret.get(accessTypeDef.getName());
+
+   if(impliedAccessGrants == null) 
{
+   impliedAccessGrants = 
new HashSet<>();
+
+   
ret.put(accessTypeDef.getName(), impliedAccessGrants);
+   }
+
+   
impliedAccessGrants.addAll(accessTypeDef.getImpliedGrants());
+   }
+   }
+   }
+
+   return ret;
+   }
+
private static class ResourceNameLevel implements 
Comparable {
private String resourceName;
private intlevel;
diff --git 
a/agents-common/src/main/java/org/apache/ranger/plugin/policyengine/PolicyEngine.java
 
b/agents-common/src/main/java/org/apache/ranger/plugin/policyengine/PolicyEngine.java
index 4a5406301..04f010a03 100644
--- 
a/agents-common/src/main/java/org/apache/ranger/plugin/policyengine/PolicyEngine.java
+++ 
b/agents-common/src/main/java/org/apache/ranger/plugin/policyengine/PolicyEngine.java
@@ -36,6 +36,7 @@ import 
org.apache.ranger.plugin.contextenricher.RangerContextEnricher;
 import org.apache.ranger.plugin.model.RangerPolicy;
 import org.apache.ranger.plugin.model.RangerPolicyDelta;
 import org.apache.ranger.plugin.model.RangerServiceDef;
+import

[ranger] branch master updated: RANGER-4399 : Need to fix zone drop-down option in policy listing for user not having 'Security Zone' module permission

2023-10-04 Thread dineshkumar

This is an automated email from the ASF dual-hosted git repository.

dineshkumar pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/ranger.git


The following commit(s) were added to refs/heads/master by this push:
 new f400998bd RANGER-4399 : Need to fix zone drop-down option in policy 
listing for user not having 'Security Zone' module permission
f400998bd is described below

commit f400998bdac38b5f9cfd5401345155017e9d05f9
Author: Dineshkumar Yadav 
AuthorDate: Tue Sep 26 18:52:59 2023 +0530

RANGER-4399 : Need to fix zone drop-down option in policy listing for user 
not having 'Security Zone' module permission

Signed-off-by: Dineshkumar Yadav 
---
 .../plugin/model/RangerSecurityZoneHeaderInfo.java |   7 +
 .../org/apache/ranger/biz/SecurityZoneDBStore.java |   7 +
 .../org/apache/ranger/db/XXSecurityZoneDao.java|  23 +++
 .../java/org/apache/ranger/rest/PublicAPIsv2.java  |  16 ++
 .../org/apache/ranger/rest/SecurityZoneREST.java   |  27 
 .../main/resources/META-INF/jpa_named_queries.xml  |  12 ++
 .../main/webapp/react-webapp/src/views/Home.jsx|  13 +-
 .../views/PolicyListing/PolicyListingTabView.jsx   | 169 ++---
 .../src/views/ServiceManager/ImportPolicy.jsx  |  27 +++-
 .../views/ServiceManager/ServiceDefinitions.jsx|  14 +-
 .../react-webapp/src/views/SideBar/TopNavBar.jsx   |   6 -
 11 files changed, 175 insertions(+), 146 deletions(-)

diff --git 
a/agents-common/src/main/java/org/apache/ranger/plugin/model/RangerSecurityZoneHeaderInfo.java
 
b/agents-common/src/main/java/org/apache/ranger/plugin/model/RangerSecurityZoneHeaderInfo.java
index 02927b07b..c42b0bedd 100644
--- 
a/agents-common/src/main/java/org/apache/ranger/plugin/model/RangerSecurityZoneHeaderInfo.java
+++ 
b/agents-common/src/main/java/org/apache/ranger/plugin/model/RangerSecurityZoneHeaderInfo.java
@@ -46,4 +46,11 @@ public class RangerSecurityZoneHeaderInfo extends 
RangerBaseModelObject implemen
 public void setName(String name) {
 this.name = name;
 }
+
+public StringBuilder toString(StringBuilder sb) {
+sb.append("id={").append(getId()).append("} ");
+sb.append("name={").append(name).append("} ");
+sb.append("isEnabled={").append(getIsEnabled()).append("} ");
+return sb;
+}
 }
diff --git 
a/security-admin/src/main/java/org/apache/ranger/biz/SecurityZoneDBStore.java 
b/security-admin/src/main/java/org/apache/ranger/biz/SecurityZoneDBStore.java
index a2c4e30ca..3cecfbc2f 100644
--- 
a/security-admin/src/main/java/org/apache/ranger/biz/SecurityZoneDBStore.java
+++ 
b/security-admin/src/main/java/org/apache/ranger/biz/SecurityZoneDBStore.java
@@ -245,4 +245,11 @@ public class SecurityZoneDBStore implements 
SecurityZoneStore {
 
 return services;
 }
+
+public List 
getSecurityZoneHeaderInfoListByServiceId(Long serviceId, Boolean isTagService ) 
{
+if(serviceId == null){
+throw restErrorUtil.createRESTException("Invalid value for 
serviceId", MessageEnums.INVALID_INPUT_DATA);
+}
+return 
daoMgr.getXXSecurityZoneDao().findAllZoneHeaderInfosByServiceId(serviceId,isTagService);
+}
 }
diff --git 
a/security-admin/src/main/java/org/apache/ranger/db/XXSecurityZoneDao.java 
b/security-admin/src/main/java/org/apache/ranger/db/XXSecurityZoneDao.java
index 5f73b64ea..5fe0e856d 100644
--- a/security-admin/src/main/java/org/apache/ranger/db/XXSecurityZoneDao.java
+++ b/security-admin/src/main/java/org/apache/ranger/db/XXSecurityZoneDao.java
@@ -122,4 +122,27 @@ public class XXSecurityZoneDao extends 
BaseDao {
 
 return securityZoneList;
 }
+
+public List 
findAllZoneHeaderInfosByServiceId(Long serviceId, Boolean isTagService) {
+if(serviceId == null){
+return  Collections.emptyList();
+}
+List results = null;
+if(isTagService){
+results = 
getEntityManager().createNamedQuery("XXSecurityZone.findAllZoneHeaderInfosByTagServiceId")
+.setParameter("tagServiceId", serviceId)
+.getResultList();
+}else{
+results = 
getEntityManager().createNamedQuery("XXSecurityZone.findAllZoneHeaderInfosByServiceId")
+.setParameter("serviceId", serviceId)
+.getResultList();
+}
+
+List securityZoneList = new 
ArrayList(results.size());
+for (Object[] result : results) {
+securityZoneList.add(new RangerSecurityZoneHeaderInfo((Long) 
result[0], (String) result[1]));
+}
+
+return securityZoneList;
+}
 }
diff --git 
a/security-admin/src/main/java/org/apache/ranger/rest/PublicAPIsv2.java 
b/security-admin/src/main/java/org/apache/ranger/rest/PublicAPIsv2.java
index 92ade823b..eebab8108 100644
--- a/security-admin/src/main/java/org/apache/ranger/rest/PublicAPIsv2.java
+++

[ranger] 02/02: RANGER-4442: add creator as ADMIN in ACL dataShare, dataset and project

2023-10-04 Thread madhan

This is an automated email from the ASF dual-hosted git repository.

madhan pushed a commit to branch RANGER-3923
in repository https://gitbox.apache.org/repos/asf/ranger.git

commit 249b47083b4ec0751d6436380306bda87056314b
Author: prashant 
AuthorDate: Wed Oct 4 12:12:53 2023 +0530

RANGER-4442: add creator as ADMIN in ACL dataShare, dataset and project

Signed-off-by: Madhan Neethiraj 
---
 .../java/org/apache/ranger/biz/GdsDBStore.java | 34 ++
 1 file changed, 34 insertions(+)

diff --git a/security-admin/src/main/java/org/apache/ranger/biz/GdsDBStore.java 
b/security-admin/src/main/java/org/apache/ranger/biz/GdsDBStore.java
index a1f5ef6fe..42a2fa16c 100755
--- a/security-admin/src/main/java/org/apache/ranger/biz/GdsDBStore.java
+++ b/security-admin/src/main/java/org/apache/ranger/biz/GdsDBStore.java
@@ -46,6 +46,7 @@ import 
org.apache.ranger.plugin.model.RangerGds.RangerDataShare;
 import org.apache.ranger.plugin.model.RangerGds.RangerDataShareInDataset;
 import org.apache.ranger.plugin.model.RangerGds.RangerDataset;
 import org.apache.ranger.plugin.model.RangerGds.RangerDatasetInProject;
+import org.apache.ranger.plugin.model.RangerGds.RangerGdsObjectACL;
 import org.apache.ranger.plugin.model.RangerGds.RangerProject;
 import org.apache.ranger.plugin.model.RangerGds.RangerSharedResource;
 import org.apache.ranger.plugin.model.RangerPolicy.RangerPolicyItem;
@@ -174,6 +175,12 @@ public class GdsDBStore extends AbstractGdsStore {
 dataset.setGuid(guidUtil.genGUID());
 }
 
+if (dataset.getAcl() == null) {
+dataset.setAcl(new RangerGdsObjectACL());
+}
+
+addCreatorAsAclAdmin(dataset.getAcl());
+
 RangerDataset ret = datasetService.create(dataset);
 
 datasetService.createObjectHistory(ret, null, 
RangerServiceService.OPERATION_CREATE_CONTEXT);
@@ -451,6 +458,12 @@ public class GdsDBStore extends AbstractGdsStore {
 project.setGuid(guidUtil.genGUID());
 }
 
+if (project.getAcl() == null) {
+project.setAcl(new RangerGdsObjectACL());
+}
+
+addCreatorAsAclAdmin(project.getAcl());
+
 RangerProject ret = projectService.create(project);
 
 projectService.createObjectHistory(ret, null, 
RangerServiceService.OPERATION_CREATE_CONTEXT);
@@ -733,6 +746,12 @@ public class GdsDBStore extends AbstractGdsStore {
 dataShare.setGuid(guidUtil.genGUID());
 }
 
+if (dataShare.getAcl() == null) {
+dataShare.setAcl(new RangerGdsObjectACL());
+}
+
+addCreatorAsAclAdmin(dataShare.getAcl());
+
 RangerDataShare ret = dataShareService.create(dataShare);
 
 dataShareService.createObjectHistory(ret, null, 
RangerServiceService.OPERATION_CREATE_CONTEXT);
@@ -1394,4 +1413,19 @@ public class GdsDBStore extends AbstractGdsStore {
 }
 }
 }
+
+private void addCreatorAsAclAdmin(RangerGdsObjectACL acl) {
+String currentUser = 
bizUtil.getCurrentUserLoginId();
+Map userAcl = acl.getUsers();
+
+if (userAcl == null) {
+userAcl = new HashMap<>();
+
+acl.setUsers(userAcl);
+}
+
+if (acl.getUsers().get(currentUser) != GdsPermission.ADMIN) {
+acl.getUsers().put(currentUser, GdsPermission.ADMIN);
+}
+}
 }

[ranger] 01/02: RANGER-4445: new REST endpoints for dataset policies

2023-10-04 Thread madhan

This is an automated email from the ASF dual-hosted git repository.

madhan pushed a commit to branch RANGER-3923
in repository https://gitbox.apache.org/repos/asf/ranger.git

commit 55d2e6bfcbc02825aa5d23f38adad11f7ea1eea9
Author: Madhan Neethiraj 
AuthorDate: Mon Oct 2 12:15:44 2023 -0700

RANGER-4445: new REST endpoints for dataset policies
---
 .../apache/ranger/plugin/model/RangerService.java  |  66 +---
 .../model/validation/RangerServiceValidator.java   |  83 ++---
 .../ranger/plugin/store/AbstractGdsStore.java  |  25 --
 .../ranger/plugin/store/AbstractPredicateUtil.java |  34 --
 .../ranger/plugin/store/AbstractServiceStore.java  |   3 +-
 .../org/apache/ranger/plugin/store/GdsStore.java   |  34 +-
 .../ranger/plugin/store/ServicePredicateUtil.java  |  77 -
 .../ranger/plugin/util/RangerPerfTracer.java   |  28 +-
 .../ranger/services/gds/RangerServiceGds.java  |  58 +---
 .../service-defs/ranger-servicedef-gds.json|  16 +-
 .../apache_ranger/client/ranger_gds_client.py  |  80 -
 .../main/python/apache_ranger/model/ranger_base.py |   2 +
 .../src/main/python/sample_gds_client.py   |  14 +
 .../optimized/current/ranger_core_db_mysql.sql |  32 +-
 .../optimized/current/ranger_core_db_postgres.sql  |  36 ++-
 .../java/org/apache/ranger/biz/GdsDBStore.java | 353 -
 .../java/org/apache/ranger/biz/RangerBizUtil.java  |   8 +
 .../java/org/apache/ranger/biz/ServiceDBStore.java |  53 +---
 .../java/org/apache/ranger/biz/ServiceMgr.java |   6 -
 .../org/apache/ranger/common/AppConstants.java |   7 +-
 .../org/apache/ranger/db/RangerDaoManagerBase.java |   2 +
 .../apache/ranger/db/XXGdsDatasetPolicyMapDao.java |  85 +
 .../apache/ranger/db/XXGdsProjectPolicyMapDao.java |  85 +
 .../java/org/apache/ranger/db/XXPolicyDao.java |  33 ++
 .../java/org/apache/ranger/db/XXServiceDao.java|  23 +-
 .../ranger/entity/XXGdsDatasetPolicyMap.java   | 106 +++
 .../ranger/entity/XXGdsProjectPolicyMap.java   | 106 +++
 .../org/apache/ranger/entity/XXServiceBase.java|  24 +-
 .../apache/ranger/entity/XXServiceVersionInfo.java |  29 +-
 .../main/java/org/apache/ranger/rest/GdsREST.java  | 316 +-
 .../java/org/apache/ranger/rest/ServiceREST.java   |  61 +++-
 .../ranger/security/context/RangerAPIList.java |   2 +
 .../service/RangerServiceDefServiceBase.java   |   4 +-
 .../ranger/service/RangerServiceService.java   |   7 -
 .../ranger/service/RangerServiceServiceBase.java   |  26 +-
 .../main/resources/META-INF/jpa_named_queries.xml  |  31 +-
 36 files changed, 1405 insertions(+), 550 deletions(-)

diff --git 
a/agents-common/src/main/java/org/apache/ranger/plugin/model/RangerService.java 
b/agents-common/src/main/java/org/apache/ranger/plugin/model/RangerService.java
index e79c5d8e3..0cb58bae0 100644
--- 
a/agents-common/src/main/java/org/apache/ranger/plugin/model/RangerService.java
+++ 
b/agents-common/src/main/java/org/apache/ranger/plugin/model/RangerService.java
@@ -49,16 +49,13 @@ public class RangerService extends RangerBaseModelObject 
implements java.io.Seri
private DatepolicyUpdateTime;
private LongtagVersion;
private DatetagUpdateTime;
-   private String  gdsService;
-   private LonggdsVersion;
-   private DategdsUpdateTime;
 
 
/**
 * @param
 */
public RangerService() {
-   this(null, null, null, null, null, null);
+   this(null, null, null, null, null);
}
 
/**
@@ -69,24 +66,12 @@ public class RangerService extends RangerBaseModelObject 
implements java.io.Seri
 * @param tagService
 */
public RangerService(String type, String name, String description, 
String tagService, Map configs) {
-   this(type, name, description, tagService, null, configs);
-   }
-
-   /**
-* @param type
-* @param name
-* @param description
-* @param configs
-* @param tagService
-*/
-   public RangerService(String type, String name, String description, 
String tagService, String gdsService, Map configs) {
super();
 
setType(type);
setName(name);
setDescription(description);
setTagService(tagService);
-   setGdsService(gdsService);
setConfigs(configs);
}
 
@@ -106,9 +91,6 @@ public class RangerService extends RangerBaseModelObject 
implements java.io.Seri
setPolicyUpdateTime(other.getPolicyUpdateTime());
setTagVersion(other.getTagVersion());
setTagUpdateTime(other.getTagUpdateTime());
-   setGdsService(other.getGdsService());
-   setGdsVersion(other.getGdsVersion());
-

[ranger] branch RANGER-3923 updated (5597dedd7 -> 249b47083)

2023-10-04 Thread madhan

This is an automated email from the ASF dual-hosted git repository.

madhan pushed a change to branch RANGER-3923
in repository https://gitbox.apache.org/repos/asf/ranger.git


from 5597dedd7 RANGER-4426: added approver in GDS request entities
 new 55d2e6bfc RANGER-4445: new REST endpoints for dataset policies
 new 249b47083 RANGER-4442: add creator as ADMIN in ACL dataShare, dataset 
and project

The 2 revisions listed above as "new" are entirely new to this
repository and will be described in separate emails.  The revisions
listed as "add" were already present in the repository and have only
been added to this reference.


Summary of changes:
 .../apache/ranger/plugin/model/RangerService.java  |  66 +---
 .../model/validation/RangerServiceValidator.java   |  83 +
 .../ranger/plugin/store/AbstractGdsStore.java  |  25 --
 .../ranger/plugin/store/AbstractPredicateUtil.java |  34 --
 .../ranger/plugin/store/AbstractServiceStore.java  |   3 +-
 .../org/apache/ranger/plugin/store/GdsStore.java   |  34 +-
 .../ranger/plugin/store/ServicePredicateUtil.java  |  77 
 .../ranger/plugin/util/RangerPerfTracer.java   |  28 +-
 .../ranger/services/gds/RangerServiceGds.java  |  58 +--
 .../service-defs/ranger-servicedef-gds.json|  16 +-
 .../apache_ranger/client/ranger_gds_client.py  |  80 -
 .../main/python/apache_ranger/model/ranger_base.py |   2 +
 .../src/main/python/sample_gds_client.py   |  14 +
 .../optimized/current/ranger_core_db_mysql.sql |  32 +-
 .../optimized/current/ranger_core_db_postgres.sql  |  36 +-
 .../java/org/apache/ranger/biz/GdsDBStore.java | 387 -
 .../java/org/apache/ranger/biz/RangerBizUtil.java  |   8 +
 .../java/org/apache/ranger/biz/ServiceDBStore.java |  53 +--
 .../java/org/apache/ranger/biz/ServiceMgr.java |   6 -
 .../org/apache/ranger/common/AppConstants.java |   7 +-
 .../org/apache/ranger/db/RangerDaoManagerBase.java |   2 +
 .../apache/ranger/db/XXGdsDatasetPolicyMapDao.java |  85 +
 .../apache/ranger/db/XXGdsProjectPolicyMapDao.java |  85 +
 .../java/org/apache/ranger/db/XXPolicyDao.java |  33 ++
 .../java/org/apache/ranger/db/XXServiceDao.java|  23 +-
 .../ranger/entity/XXGdsDatasetPolicyMap.java   | 106 ++
 .../ranger/entity/XXGdsProjectPolicyMap.java   | 106 ++
 .../org/apache/ranger/entity/XXServiceBase.java|  24 +-
 .../apache/ranger/entity/XXServiceVersionInfo.java |  29 +-
 .../main/java/org/apache/ranger/rest/GdsREST.java  | 316 -
 .../java/org/apache/ranger/rest/ServiceREST.java   |  61 +++-
 .../ranger/security/context/RangerAPIList.java |   2 +
 .../service/RangerServiceDefServiceBase.java   |   4 +-
 .../ranger/service/RangerServiceService.java   |   7 -
 .../ranger/service/RangerServiceServiceBase.java   |  26 +-
 .../main/resources/META-INF/jpa_named_queries.xml  |  31 +-
 36 files changed, 1439 insertions(+), 550 deletions(-)
 create mode 100644 
security-admin/src/main/java/org/apache/ranger/db/XXGdsDatasetPolicyMapDao.java
 create mode 100644 
security-admin/src/main/java/org/apache/ranger/db/XXGdsProjectPolicyMapDao.java
 create mode 100644 
security-admin/src/main/java/org/apache/ranger/entity/XXGdsDatasetPolicyMap.java
 create mode 100644 
security-admin/src/main/java/org/apache/ranger/entity/XXGdsProjectPolicyMap.java

[ranger] branch master updated (b0ae138ce -> 376c8f7d6)

[ranger] 01/02: RANGER-4455: updated RangerGdsValidator to account for permissions assigned to public group

[ranger] branch RANGER-3923 updated (ff6f20d23 -> 4c37f3080)

[ranger] 02/02: RANGER-4410: updated sharedResource search to support filter by zone-id and zone-name

[ranger] 01/01: Merge branch 'master' into RANGER-3923

[ranger] branch RANGER-3923 updated (249b47083 -> ff6f20d23)

[ranger] branch master updated: RANGER-4378: updated implied-grants handling to use RangerServiceDefHelper

[ranger] branch master updated: RANGER-4399 : Need to fix zone drop-down option in policy listing for user not having 'Security Zone' module permission

[ranger] 02/02: RANGER-4442: add creator as ADMIN in ACL dataShare, dataset and project

[ranger] 01/02: RANGER-4445: new REST endpoints for dataset policies

[ranger] branch RANGER-3923 updated (5597dedd7 -> 249b47083)

11 matches

Site Navigation

Mail list logo

Footer information