Skip to content

Commit

Permalink
Merge branch 'master' into RANGER-3923
Browse files Browse the repository at this point in the history
  • Loading branch information
@mneethiraj
mneethiraj committed Jan 9, 2024
2 parents 2f7f762 + 96da0c8 commit 65b17ec
Show file tree
Hide file tree
Showing 2 changed files with 11 additions and 1 deletion.
8 changes: 7 additions & 1 deletion agents-common/src/main/java/org/apache/ranger/plugin/service/RangerBasePlugin.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -526,7 +526,13 @@ public RangerAccessResult isAccessAllowed(RangerAccessRequest request, RangerAcc
LOG.debug("BasePlugin.isAccessAllowed result=[" + ret + "]");
LOG.debug("Calling chainedPlugin.isAccessAllowed for service:[" + chainedPlugin.plugin.pluginConfig.getServiceName() + "]");
}
RangerAccessResult chainedResult = chainedPlugin.isAccessAllowed(request);
RangerAccessResult chainedResult;

if (ret.getIsAccessDetermined() && chainedPlugin.skipAccessCheckIfAlreadyDetermined) {
chainedResult = null;
} else {
chainedResult = chainedPlugin.isAccessAllowed(request);
}

if (chainedResult != null) {
if (LOG.isDebugEnabled()) {
Expand Down
4 changes: 4 additions & 0 deletions agents-common/src/main/java/org/apache/ranger/plugin/service/RangerChainedPlugin.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -19,6 +19,7 @@

package org.apache.ranger.plugin.service;

import org.apache.ranger.authorization.hadoop.config.RangerPluginConfig;
import org.apache.ranger.plugin.policyengine.RangerAccessRequest;
import org.apache.ranger.plugin.policyengine.RangerAccessResult;
import org.apache.ranger.plugin.policyengine.RangerResourceACLs;
Expand All @@ -34,6 +35,7 @@ public abstract class RangerChainedPlugin {
protected final String serviceType;
protected final String serviceName;
protected final RangerBasePlugin plugin;
protected final boolean skipAccessCheckIfAlreadyDetermined;

protected RangerChainedPlugin(RangerBasePlugin rootPlugin, String serviceType, String serviceName) {
LOG.info("RangerChainedPlugin(" + serviceType + ", " + serviceName + ")");
Expand All @@ -42,6 +44,8 @@ protected RangerChainedPlugin(RangerBasePlugin rootPlugin, String serviceType, S
this.serviceType = serviceType;
this.serviceName = serviceName;
this.plugin = buildChainedPlugin(serviceType, serviceName, rootPlugin.getAppId());
RangerPluginConfig rootPluginConfig = rootPlugin.getPluginContext().getConfig();
skipAccessCheckIfAlreadyDetermined = rootPluginConfig.getBoolean(rootPluginConfig.getPropertyPrefix() + ".bypass.chained.plugin.evaluation.if.access.is.determined", false);
}

public void init() {
Expand Down

0 comments on commit 65b17ec

Please sign in to comment.