Skip to content

Commit

Permalink
RANGER-4486: zone-v2 PUT API Partial update #2
Browse files Browse the repository at this point in the history 
Signed-off-by: Madhan Neethiraj <madhan@apache.org>
  • Loading branch information
@suchnit @mneethiraj
suchnit authored and mneethiraj committed Oct 31, 2023
1 parent 353af28 commit 3ba5e92
Show file tree
Hide file tree
Showing 2 changed files with 51 additions and 15 deletions.
46 changes: 36 additions & 10 deletions agents-common/src/main/java/org/apache/ranger/plugin/util/RangerSecurityZoneHelper.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -82,7 +82,7 @@ public void removeService(String serviceName) {
zone.getServices().remove(serviceName);
}

public RangerSecurityZone updateZone(RangerSecurityZoneChangeRequest changeData) {
public RangerSecurityZone updateZone(RangerSecurityZoneChangeRequest changeData) throws Exception {
if (changeData.getName() != null) {
zone.setName(changeData.getName());
}
Expand Down Expand Up @@ -116,10 +116,18 @@ public RangerSecurityZone updateZone(RangerSecurityZoneChangeRequest changeData)
if (zoneServiceHelper != null && zoneService != null && zoneService.getResources() != null) {
for (RangerSecurityZoneResource resource : zoneService.getResources()) {
if (resource != null) {
final RangerSecurityZoneResource removedResource;

if (resource.getId() != null) {
zoneServiceHelper.removeResource(resource.getId());
removedResource = zoneServiceHelper.removeResource(resource.getId());
} else if (resource.getResource() != null) {
zoneServiceHelper.removeResource(resource.getResource());
removedResource = zoneServiceHelper.removeResource(resource.getResource());
} else {
removedResource = null;
}

if (removedResource == null) {
throw new Exception(resource + ": resource not in zone");
}
}
}
Expand All @@ -136,7 +144,11 @@ public RangerSecurityZone updateZone(RangerSecurityZoneChangeRequest changeData)
}

if (changeData.getTagServicesToRemove() != null) {
zone.getTagServices().removeAll(changeData.getTagServicesToRemove());
for (String tagServiceToRemove : changeData.getTagServicesToRemove()) {
if (!zone.getTagServices().remove(tagServiceToRemove)) {
throw new Exception(tagServiceToRemove + ": tag service not in zone");
}
}
}

if (changeData.getAdminsToAdd() != null) {
Expand Down Expand Up @@ -170,14 +182,20 @@ private void addPrincipals(List<RangerPrincipal> principals, List<String> users,
}
}

private void removePrincipals(List<RangerPrincipal> principals, List<String> users, List<String> groups, List<String> roles) {
private void removePrincipals(List<RangerPrincipal> principals, List<String> users, List<String> groups, List<String> roles) throws Exception {
for (RangerPrincipal principal : principals) {
boolean isRemoved = false;

if (principal.getType() == RangerPrincipal.PrincipalType.USER) {
users.remove(principal.getName());
isRemoved = users.remove(principal.getName());
} else if (principal.getType() == RangerPrincipal.PrincipalType.GROUP) {
groups.remove(principal.getName());
isRemoved = groups.remove(principal.getName());
} else if (principal.getType() == RangerPrincipal.PrincipalType.ROLE) {
roles.remove(principal.getName());
isRemoved = roles.remove(principal.getName());
}

if(!isRemoved) {
throw new Exception(principal + ": principal not an admin or auditor in zone");
}
}
}
Expand Down Expand Up @@ -308,7 +326,7 @@ public RangerSecurityZoneResource updateResource(RangerSecurityZoneResource reso
if (resourceIdx == -1) {
addResource(resource);
} else {
setUpdated(resource);
setUpdated(resource, resourceIdx);

resources.set(resourceIdx, (HashMap<String, List<String>>) resource.getResource());
resourcesBaseInfo.set(resourceIdx, new RangerSecurityZoneResourceBase(resource));
Expand Down Expand Up @@ -397,7 +415,15 @@ private void setCreated(RangerSecurityZoneResourceBase baseInfo) {
baseInfo.setUpdateTime(new Date());
}

private void setUpdated(RangerSecurityZoneResourceBase baseInfo) {
private void setUpdated(RangerSecurityZoneResourceBase baseInfo, int idx) {
RangerSecurityZoneResourceBase resourceBase = (resourcesBaseInfo != null && resourcesBaseInfo.size() > idx) ? resourcesBaseInfo.get(idx) : null;

if(resourceBase != null) {
baseInfo.setId(resourceBase.getId());
baseInfo.setCreatedBy(resourceBase.getCreatedBy());
baseInfo.setCreateTime(resourceBase.getCreateTime());
}

baseInfo.setUpdatedBy(currentUser);
baseInfo.setUpdateTime(new Date());
}
Expand Down
20 changes: 15 additions & 5 deletions security-admin/src/main/java/org/apache/ranger/rest/SecurityZoneREST.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -476,12 +476,22 @@ public RangerSecurityZoneV2 updateSecurityZone(Long zoneId, RangerSecurityZoneV2
public Boolean updateSecurityZone(Long zoneId, RangerSecurityZoneChangeRequest changeData) {
LOG.debug("==> updateSecurityZone({}, {})", zoneId, changeData);

RangerSecurityZone zone = getSecurityZone(zoneId);
RangerSecurityZoneHelper zoneHelper = new RangerSecurityZoneHelper(zone, bizUtil.getCurrentUserLoginId());
RangerSecurityZone updatedZone = zoneHelper.updateZone(changeData);
Boolean ret;

RangerSecurityZone retV1 = updateSecurityZone(zoneId, updatedZone);
Boolean ret = retV1 != null;
try {
RangerSecurityZone zone = getSecurityZone(zoneId);
RangerSecurityZoneHelper zoneHelper = new RangerSecurityZoneHelper(zone, bizUtil.getCurrentUserLoginId());
RangerSecurityZone updatedZone = zoneHelper.updateZone(changeData);

RangerSecurityZone retV1 = updateSecurityZone(zoneId, updatedZone);
ret = retV1 != null;
} catch (WebApplicationException excp) {
throw excp;
} catch (Throwable excp) {
LOG.error("updateSecurityZone({}, {})", zoneId, changeData, excp);

throw restErrorUtil.createRESTException(excp.getMessage());
}

LOG.debug("<== updateSecurityZone({}, {}): ret={}", zoneId, changeData, ret);

Expand Down

0 comments on commit 3ba5e92

Please sign in to comment.