This is an automated email from the ASF dual-hosted git repository.
madhan pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/ranger.git
The following commit(s) were added to refs/heads/master by this push:
new c49ed48d1 RANGER-4484: security-zone names should be made available in
context
c49ed48d1 is described below
commit c49ed48d131c2bc39a1da3c6d8173a12c299baa8
Author: Madhan Neethiraj
AuthorDate: Wed Oct 18 15:49:15 2023 -0700
RANGER-4484: security-zone names should be made available in context
---
.../ranger/plugin/policyengine/PolicyEngine.java | 10 +++---
.../policyengine/RangerPolicyEngineImpl.java | 6 ++--
.../policyengine/RangerRequestScriptEvaluator.java | 12
.../service/RangerDefaultRequestProcessor.java | 4 +++
.../plugin/util/RangerAccessRequestUtil.java | 36 ++
.../apache/ranger/biz/RangerPolicyAdminImpl.java | 2 +-
6 files changed, 61 insertions(+), 9 deletions(-)
diff --git
a/agents-common/src/main/java/org/apache/ranger/plugin/policyengine/PolicyEngine.java
b/agents-common/src/main/java/org/apache/ranger/plugin/policyengine/PolicyEngine.java
index 3373dbae9..063b685d0 100644
---
a/agents-common/src/main/java/org/apache/ranger/plugin/policyengine/PolicyEngine.java
+++
b/agents-common/src/main/java/org/apache/ranger/plugin/policyengine/PolicyEngine.java
@@ -408,13 +408,13 @@ public class PolicyEngine {
}
public String getUniquelyMatchedZoneName(Map resourceAsMap) {
-String ret = null;
Set matchedZones =
getMatchedZonesForResourceAndChildren(resourceAsMap,
convertToAccessResource(resourceAsMap));
-if (CollectionUtils.isNotEmpty(matchedZones) && matchedZones.size() ==
1) {
-String[] matchedZonesArray = new String[1];
-matchedZones.toArray(matchedZonesArray);
-ret = matchedZonesArray[0];
+String ret = (matchedZones != null &&
matchedZones.size() == 1) ? matchedZones.iterator().next() : null;
+
+if (LOG.isDebugEnabled()) {
+LOG.debug("getUniquelyMatchedZoneName(" + resourceAsMap + "):
matchedZones=" + matchedZones + ", ret=" + ret);
}
+
return ret;
}
diff --git
a/agents-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerPolicyEngineImpl.java
b/agents-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerPolicyEngineImpl.java
index fd78fd8e0..12f8a1705 100644
---
a/agents-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerPolicyEngineImpl.java
+++
b/agents-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerPolicyEngineImpl.java
@@ -273,7 +273,7 @@ public class RangerPolicyEngineImpl implements
RangerPolicyEngine {
requestProcessor.preProcess(request);
- String zoneName =
policyEngine.getUniquelyMatchedZoneName(request.getResource().getAsMap());
+ String zoneName =
RangerAccessRequestUtil.getResourceZoneNameFromContext(request.getContext());
if (LOG.isDebugEnabled()) {
LOG.debug("zoneName:[" + zoneName + "]");
@@ -556,7 +556,7 @@ public class RangerPolicyEngineImpl implements
RangerPolicyEngine {
requestProcessor.preProcess(request);
RangerResourceAccessInfo ret = new
RangerResourceAccessInfo(request);
- Set zoneNames =
policyEngine.getMatchedZonesForResourceAndChildren(request.getResource());
+ Set zoneNames =
RangerAccessRequestUtil.getResourceZoneNamesFromContext(request.getContext());
if (LOG.isDebugEnabled()) {
LOG.debug("zoneNames:[" + zoneNames + "]");
@@ -633,7 +633,7 @@ public class RangerPolicyEngineImpl implements
RangerPolicyEngine {
RangerAccessResult ret = null;
RangerPolicyRepository policyRepository=
policyEngine.getPolicyRepository();
RangerPolicyRepository tagPolicyRepository =
policyEngine.getTagPolicyRepository();
- SetzoneNames=
policyEngine.getMatchedZonesForResourceAndChildren(request.getResource()); //
Evaluate zone-name from request
+ SetzoneNames=
RangerAccessRequestUtil.getResourceZoneNamesFromContext(request.getContext());
if (LOG.isDebugEnabled()) {
LOG.debug("zoneNames:[" + zoneNames + "]");
diff --git
a/agents-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerRequestScriptEvaluator.java
b/agents-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerRequestScriptEvaluator.java
index 0df8686e3..884f69137 100644
---
a/agents-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerRequestScriptEvaluator.java
+++