commit b87dab05c1ef268cdc038668e91c0203fe9bc40d
author Ramesh Mani <ramesh.mani@gmail.com> Sun Jan 19 23:45:36 2020 -0800
committer Ramesh Mani <ramesh.mani@gmail.com> Sun Jan 19 23:45:36 2020 -0800
tree 42281dddb054d08dd6be7c1ccc9c95a5bac74d95
parent ef1e02dc9421e3d56c9ead3d8711d5de6d2ee496

RANGER-2692:RangerKafkaAuthorizer support for ConsumerGroup resource for authorization -Default policy udate

security-admin/src/main/java/org/apache/ranger/patch/PatchForKafkaServiceDefUpdate_J10033.java

diff --git a/security-admin/src/main/java/org/apache/ranger/patch/PatchForKafkaServiceDefUpdate_J10033.java b/security-admin/src/main/java/org/apache/ranger/patch/PatchForKafkaServiceDefUpdate_J10033.java
index b2e9b74..5b80cc2 100644
--- a/security-admin/src/main/java/org/apache/ranger/patch/PatchForKafkaServiceDefUpdate_J10033.java
+++ b/security-admin/src/main/java/org/apache/ranger/patch/PatchForKafkaServiceDefUpdate_J10033.java
@@ -27,18 +27,7 @@
 import org.apache.ranger.common.RangerValidatorFactory;
 import org.apache.ranger.common.StringUtil;
 import org.apache.ranger.db.RangerDaoManager;
-import org.apache.ranger.entity.XXAccessTypeDef;
-import org.apache.ranger.entity.XXPolicy;
-import org.apache.ranger.entity.XXPolicyItem;
-import org.apache.ranger.entity.XXPolicyItemAccess;
-import org.apache.ranger.entity.XXPolicyItemUserPerm;
-import org.apache.ranger.entity.XXPolicyResource;
-import org.apache.ranger.entity.XXPolicyResourceMap;
-import org.apache.ranger.entity.XXPortalUser;
-import org.apache.ranger.entity.XXResourceDef;
-import org.apache.ranger.entity.XXService;
-import org.apache.ranger.entity.XXServiceDef;
-import org.apache.ranger.entity.XXUser;
+import org.apache.ranger.entity.*;
 import org.apache.ranger.plugin.model.RangerPolicy;
 import org.apache.ranger.plugin.model.RangerPolicyResourceSignature;
 import org.apache.ranger.plugin.model.RangerServiceDef;
@@ -66,6 +55,7 @@
 	private static final String LOGIN_ID_ADMIN = "admin";
 
 	private static final List<String> DEFAULT_POLICY_USERS = new ArrayList<>(Arrays.asList("kafka","rangerlookup"));
+	private static final List<String> DEFAULT_POLICY_GROUP = new ArrayList<>(Arrays.asList("public"));
 
 	public static final String SERVICEDBSTORE_SERVICEDEFBYNAME_KAFKA_NAME = "kafka";
 	public static final String CONSUMERGROUP_RESOURCE_NAME = "consumergroup";
@@ -343,6 +333,25 @@
 				daoMgr.getXXPolicyItemUserPerm().create(xUserPerm);
 			}
 
+			for (int i = 0; i < DEFAULT_POLICY_GROUP.size(); i++) {
+				String group = DEFAULT_POLICY_GROUP.get(i);
+				if (StringUtils.isBlank(group)) {
+					continue;
+				}
+				XXGroup xxGroup = daoMgr.getXXGroup().findByGroupName(group);
+				if (xxGroup == null) {
+					throw new RuntimeException(group + ": group does not exist. policy='" + xxPolicy.getName()
+							+ "' service='" + xxPolicy.getService() + "' group='" + group + "'");
+				}
+				XXPolicyItemGroupPerm xGroupPerm = new XXPolicyItemGroupPerm();
+				xGroupPerm.setGroupId(xxGroup.getId());
+				xGroupPerm.setPolicyItemId(createdXXPolicyItem.getId());
+				xGroupPerm.setOrder(i);
+				xGroupPerm.setAddedByUserId(currentUserId);
+				xGroupPerm.setUpdatedByUserId(currentUserId);
+				daoMgr.getXXPolicyItemGroupPerm().create(xGroupPerm);
+			}
+
 
 			String policyResourceName = CONSUMERGROUP_RESOURCE_NAME;
 
@@ -382,7 +391,7 @@
 
 		List<RangerPolicy.RangerPolicyItemAccess> accesses = getPolicyItemAccesses();
 		List<String> users = new ArrayList<>(DEFAULT_POLICY_USERS);
-		List<String> groups = new ArrayList<>();
+		List<String> groups = new ArrayList<>(DEFAULT_POLICY_GROUP);
 		List<RangerPolicy.RangerPolicyItemCondition> conditions = new ArrayList<>();
 		List<RangerPolicy.RangerPolicyItem> policyItems = new ArrayList<>();
 		RangerPolicy.RangerPolicyItem rangerPolicyItem = new RangerPolicy.RangerPolicyItem();