RANGER-4662: fix to update GDS version after deletion of user, group

Signed-off-by: Madhan Neethiraj <[email protected]>
apache · Jan 23, 2024 · a07b6d4 · a07b6d4
1 parent a62c0a0
commit a07b6d4
Show file tree

Hide file tree

Showing 2 changed files with 56 additions and 3 deletions.
diff --git a/security-admin/src/main/java/org/apache/ranger/biz/XUserMgr.java b/security-admin/src/main/java/org/apache/ranger/biz/XUserMgr.java
@@ -44,9 +44,11 @@
 import org.apache.ranger.plugin.model.RangerPolicy;
 import org.apache.ranger.plugin.model.RangerPolicy.RangerDataMaskPolicyItem;
 import org.apache.ranger.plugin.model.RangerPolicy.RangerPolicyItem;
+import org.apache.ranger.plugin.model.RangerPolicy.RangerPolicyResource;
 import org.apache.ranger.plugin.model.RangerPolicy.RangerRowFilterPolicyItem;
 import org.apache.ranger.plugin.model.RangerPrincipal;
 import org.apache.ranger.plugin.model.UserInfo;
+import org.apache.ranger.plugin.store.EmbeddedServiceDefsUtil;
 import org.apache.ranger.plugin.util.RangerUserStore;
 import org.apache.ranger.service.*;
 import org.apache.ranger.ugsyncutil.model.GroupUserInfo;
@@ -2153,12 +2155,37 @@ public void deleteXGroup(Long id, boolean force) {
 				rangerPolicy.setRowFilterPolicyItems(rowFilterItems);
 
 				try {
-					svcStore.updatePolicy(rangerPolicy);
+					if (StringUtils.equals(rangerPolicy.getServiceType(), EmbeddedServiceDefsUtil.EMBEDDED_SERVICEDEF_GDS_NAME)) {
+						Map<String, RangerPolicyResource> resources = rangerPolicy.getResources();
+
+						if (MapUtils.isEmpty(resources)) {
+							continue;
+						}
+
+						if (resources.containsKey(GdsDBStore.RESOURCE_NAME_DATASET_ID)) {
+							RangerPolicyResource policyRes = resources.get(GdsDBStore.RESOURCE_NAME_DATASET_ID);
+							List<String>         resValues = policyRes != null ? policyRes.getValues() : null;
+
+							if (CollectionUtils.isNotEmpty(resValues)) {
+								gdsStore.updateDatasetPolicy(Long.valueOf(resValues.get(0)), rangerPolicy);
+							}
+						} else if (resources.containsKey(GdsDBStore.RESOURCE_NAME_PROJECT_ID)) {
+							RangerPolicyResource policyRes = resources.get(GdsDBStore.RESOURCE_NAME_PROJECT_ID);
+							List<String>         resValues = policyRes != null ? policyRes.getValues() : null;
+
+							if (CollectionUtils.isNotEmpty(resValues)) {
+								gdsStore.updateProjectPolicy(Long.valueOf(resValues.get(0)), rangerPolicy);
+							}
+						}
+					} else {
+						svcStore.updatePolicy(rangerPolicy);
+					}
 				} catch (Throwable excp) {
 					logger.error("updatePolicy(" + rangerPolicy + ") failed", excp);
 					restErrorUtil.createRESTException(excp.getMessage());
 				}
 			}
+
 			if(CollectionUtils.isNotEmpty(xXGroupPermissions)){
 				for (XXGroupPermission xXGroupPermission : xXGroupPermissions) {
 					if(xXGroupPermission!=null){
@@ -2393,12 +2420,37 @@ public synchronized void deleteXUser(Long id, boolean force) {
 				rangerPolicy.setRowFilterPolicyItems(rowFilterItems);
 
 				try{
-					svcStore.updatePolicy(rangerPolicy);
-				}catch(Throwable excp) {
+					if (StringUtils.equals(rangerPolicy.getServiceType(), EmbeddedServiceDefsUtil.EMBEDDED_SERVICEDEF_GDS_NAME)) {
+						Map<String, RangerPolicyResource> resources = rangerPolicy.getResources();
+
+						if (MapUtils.isEmpty(resources)) {
+							continue;
+						}
+
+						if (resources.containsKey(GdsDBStore.RESOURCE_NAME_DATASET_ID)) {
+							RangerPolicyResource policyRes = resources.get(GdsDBStore.RESOURCE_NAME_DATASET_ID);
+							List<String>         resValues = policyRes != null ? policyRes.getValues() : null;
+
+							if (CollectionUtils.isNotEmpty(resValues)) {
+								gdsStore.updateDatasetPolicy(Long.valueOf(resValues.get(0)), rangerPolicy);
+							}
+						} else if (resources.containsKey(GdsDBStore.RESOURCE_NAME_PROJECT_ID)) {
+							RangerPolicyResource policyRes = resources.get(GdsDBStore.RESOURCE_NAME_PROJECT_ID);
+							List<String>         resValues = policyRes != null ? policyRes.getValues() : null;
+
+							if (CollectionUtils.isNotEmpty(resValues)) {
+								gdsStore.updateProjectPolicy(Long.valueOf(resValues.get(0)), rangerPolicy);
+							}
+						}
+					} else {
+						svcStore.updatePolicy(rangerPolicy);
+					}
+				} catch(Throwable excp) {
 					logger.error("updatePolicy(" + rangerPolicy + ") failed", excp);
 					throw restErrorUtil.createRESTException(excp.getMessage());
 				}
 			}
+
 			//delete user from audit filter configs
 			svcStore.updateServiceAuditConfig(vXUser.getName(), REMOVE_REF_TYPE.USER);
 			//delete gdsObject mapping of user

diff --git a/security-admin/src/test/java/org/apache/ranger/biz/TestXUserMgr.java b/security-admin/src/test/java/org/apache/ranger/biz/TestXUserMgr.java
@@ -584,6 +584,7 @@ private RangerPolicy rangerPolicy() {
 		policy.setPolicyItems(policyItems);
 		policy.setResources(policyResource);
 		policy.setPolicyLabels(policyLabels);
+		policy.setServiceType("hdfs");
 		return policy;
 	}