protected void updatePolicyByMetadataObject()

in authorizations/authorization-ranger/src/main/java/org/apache/gravitino/authorization/ranger/RangerAuthorizationHDFSPlugin.java [204:284]

• 72 lines of code
• 12 McCabe index (conditional complexity)

  protected void updatePolicyByMetadataObject(
      MetadataObject.Type operationType,
      AuthorizationMetadataObject oldAuthzMetaObject,
      AuthorizationMetadataObject newAuthzMetaObject) {
    List<RangerPolicy> oldPolicies = wildcardSearchPolies(oldAuthzMetaObject);
    List<RangerPolicy> existNewPolicies = wildcardSearchPolies(newAuthzMetaObject);
    if (oldPolicies.isEmpty()) {
      LOG.warn("Cannot find the Ranger policy for the metadata object({})!", oldAuthzMetaObject);
      return;
    }
    if (!existNewPolicies.isEmpty()) {
      LOG.warn("The Ranger policy for the metadata object({}) already exists!", newAuthzMetaObject);
    }
    oldPolicies.forEach(
        policy -> {
          try {
            // Update the policy name is following Gravitino's spec
            // Only Hive managed table rename will use this case
            String oldResource =
                policy
                    .getResources()
                    .get(rangerHelper.policyResourceDefines.get(0))
                    .getValues()
                    .get(0);
            List<String> oldResourceNames =
                Arrays.stream(oldResource.split("/"))
                    .filter(path -> StringUtils.isNotBlank(path) && !".".equals(path))
                    .collect(Collectors.toList());
            List<String> newResourceNames =
                Arrays.stream(
                        getAuthorizationPath((PathBasedMetadataObject) newAuthzMetaObject)
                            .split("/"))
                    .filter(path -> StringUtils.isNotBlank(path) && !".".equals(path))
                    .collect(Collectors.toList());

            int minLen = Math.min(oldResourceNames.size(), newResourceNames.size());
            for (int i = 0; i < minLen; i++) {
              String oldName = oldResourceNames.get(i);
              String newName = newResourceNames.get(i);
              if (!oldName.equals(newName)) {
                if (oldName.equals(oldAuthzMetaObject.name())
                    && newName.equals(newAuthzMetaObject.name())) {
                  oldResourceNames.set(i, newAuthzMetaObject.name());
                  break;
                } else {
                  // If resource doesn't match, ignore this resource
                  return;
                }
              }
            }
            String newResourcePath = "/" + String.join("/", oldResourceNames);

            policy.setName(newResourcePath);
            // Update the policy resource name to new name
            policy
                .getResources()
                .put(
                    rangerHelper.policyResourceDefines.get(0),
                    new RangerPolicy.RangerPolicyResource(newResourcePath));

            boolean alreadyExist =
                existNewPolicies.stream()
                    .anyMatch(
                        existNewPolicy ->
                            existNewPolicy.getName().equals(policy.getName())
                                || existNewPolicy.getResources().equals(policy.getResources()));
            if (alreadyExist) {
              LOG.warn(
                  "The Ranger policy for the metadata object({}) already exists!",
                  newAuthzMetaObject);
              return;
            }

            // Update the policy
            rangerClient.updatePolicy(policy.getId(), policy);
          } catch (RangerServiceException e) {
            LOG.error("Failed to rename the policy {}!", policy);
            throw new RuntimeException(e);
          }
        });
  }