RANGER-4697: increment GDS version of services when a security zone is updated
Signed-off-by: Madhan Neethiraj <madhan@apache.org>
diff --git a/agents-common/src/main/java/org/apache/ranger/plugin/store/GdsStore.java b/agents-common/src/main/java/org/apache/ranger/plugin/store/GdsStore.java
old mode 100644
new mode 100755
index 0dad263..976fa49
--- a/agents-common/src/main/java/org/apache/ranger/plugin/store/GdsStore.java
+++ b/agents-common/src/main/java/org/apache/ranger/plugin/store/GdsStore.java
@@ -137,5 +137,5 @@
void deleteAllGdsObjectsForSecurityZone(Long zoneId) throws Exception;
- void deleteAllGdsObjectsForServicesInSecurityZone(Collection<String> serviceNames, Long zoneId) throws Exception;
+ void onSecurityZoneUpdate(Long zoneId, Collection<String> updatedServices, Collection<String> removedServices) throws Exception;
}
diff --git a/security-admin/src/main/java/org/apache/ranger/biz/GdsDBStore.java b/security-admin/src/main/java/org/apache/ranger/biz/GdsDBStore.java
index 4fa9c48..a1a2f99 100755
--- a/security-admin/src/main/java/org/apache/ranger/biz/GdsDBStore.java
+++ b/security-admin/src/main/java/org/apache/ranger/biz/GdsDBStore.java
@@ -1230,19 +1230,37 @@
}
@Override
- public void deleteAllGdsObjectsForServicesInSecurityZone(Collection<String> serviceNames, Long zoneId) {
- LOG.debug("==> deleteAllGdsObjectsForServicesInSecurityZone({}, {})", serviceNames, zoneId);
+ public void onSecurityZoneUpdate(Long zoneId, Collection<String> updatedServices, Collection<String> removedServices) {
+ LOG.debug("==> onSecurityZoneUpdate({}, {}, {})", zoneId, updatedServices, removedServices);
- if (zoneId != null && CollectionUtils.isNotEmpty(serviceNames)) {
- XXServiceDao serviceDao = daoMgr.getXXService();
- XXGdsDataShareDao dataShareDao = daoMgr.getXXGdsDataShare();
+ XXServiceDao serviceDao = daoMgr.getXXService();
+ XXGdsDataShareDao dataShareDao = daoMgr.getXXGdsDataShare();
- for (String serviceName : serviceNames) {
+ if (zoneId != null && CollectionUtils.isNotEmpty(updatedServices)) {
+ for (String serviceName : updatedServices) {
Long serviceId = serviceDao.findIdByName(serviceName);
if (serviceId == null) {
- LOG.warn("deleteAllGdsObjectsForServicesInSecurityZone(): invalid service name={}. Ignored", serviceName);
+ LOG.warn("onSecurityZoneUpdate(): updatedServices invalid service name={}. Ignored", serviceName);
+ continue;
+ }
+ List<XXGdsDataShare> dataShares = dataShareDao.findByServiceIdAndZoneId(serviceId, zoneId);
+
+ if (CollectionUtils.isEmpty(dataShares)) {
+ continue;
+ }
+
+ updateGdsVersionForService(serviceId);
+ }
+ }
+
+ if (zoneId != null && CollectionUtils.isNotEmpty(removedServices)) {
+ for (String serviceName : removedServices) {
+ Long serviceId = serviceDao.findIdByName(serviceName);
+
+ if (serviceId == null) {
+ LOG.warn("onSecurityZoneUpdate(): removedServices invalid service name={}. Ignored", serviceName);
continue;
}
@@ -1262,7 +1280,7 @@
}
}
- LOG.debug("<== deleteAllGdsObjectsForServicesInSecurityZone({}, {})", serviceNames, zoneId);
+ LOG.debug("<== onSecurityZoneUpdate({}, {}, {})", zoneId, updatedServices, removedServices);
}
public ServiceGdsInfo getGdsInfoIfUpdated(String serviceName, Long lastKnownVersion) throws Exception {
diff --git a/security-admin/src/main/java/org/apache/ranger/service/RangerSecurityZoneServiceService.java b/security-admin/src/main/java/org/apache/ranger/service/RangerSecurityZoneServiceService.java
old mode 100644
new mode 100755
index 25567c7..a6cb2ae
--- a/security-admin/src/main/java/org/apache/ranger/service/RangerSecurityZoneServiceService.java
+++ b/security-admin/src/main/java/org/apache/ranger/service/RangerSecurityZoneServiceService.java
@@ -231,7 +231,7 @@
serviceDBStore.deleteZonePolicies(deletedTagServiceNames, ret.getId());
- gdsStore.deleteAllGdsObjectsForServicesInSecurityZone(deletedServiceNames, ret.getId());
+ gdsStore.onSecurityZoneUpdate(ret.getId(), updatedServiceNames, deletedServiceNames);
oldServiceNames.addAll(updatedServiceNames);
updateServiceInfos(oldServiceNames);
