[ranger] branch master updated: RANGER-3752: Restrict duplicate access types entries in policy creation

[pradeep]

This is an automated email from the ASF dual-hosted git repository.

pradeep pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/ranger.git


The following commit(s) were added to refs/heads/master by this push:
     new 3c2f61276 RANGER-3752: Restrict duplicate access types entries in 
policy creation
3c2f61276 is described below

commit 3c2f6127609dd032452165d2cb3d4068de4cfe47
Author: pradeep <prad...@apache.org>
AuthorDate: Tue May 10 12:42:03 2022 +0530

    RANGER-3752: Restrict duplicate access types entries in policy creation
---
 .../plugin/model/validation/RangerPolicyValidator.java       | 12 ++++++++++--
 1 file changed, 10 insertions(+), 2 deletions(-)

diff --git 
a/agents-common/src/main/java/org/apache/ranger/plugin/model/validation/RangerPolicyValidator.java
 
b/agents-common/src/main/java/org/apache/ranger/plugin/model/validation/RangerPolicyValidator.java
index fb6556b59..0a58bb36d 100644
--- 
a/agents-common/src/main/java/org/apache/ranger/plugin/model/validation/RangerPolicyValidator.java
+++ 
b/agents-common/src/main/java/org/apache/ranger/plugin/model/validation/RangerPolicyValidator.java
@@ -963,7 +963,10 @@ public class RangerPolicyValidator extends RangerValidator 
{
                        LOG.debug("policy item accesses collection was 
null/empty!");
                } else {
                        Set<String> accessTypes = getAccessTypes(serviceDef);
-                       for (RangerPolicyItemAccess access : accesses) {
+                       Set<String> uniqueAccesses = new HashSet<>();
+                       Iterator<RangerPolicyItemAccess> accessTypeIterator = 
accesses.iterator();
+                       while (accessTypeIterator.hasNext()) {
+                               RangerPolicyItemAccess access = 
accessTypeIterator.next();
                                if (access == null) {
                                        ValidationErrorCode error = 
ValidationErrorCode.POLICY_VALIDATION_ERR_NULL_POLICY_ITEM_ACCESS;
                                        failures.add(new 
ValidationFailureDetailsBuilder()
@@ -975,7 +978,12 @@ public class RangerPolicyValidator extends RangerValidator 
{
                                        valid = false;
                                } else {
                                        // we want to go through all elements 
even though one may be bad so all failures are captured
-                                       valid = isValidPolicyItemAccess(access, 
failures, accessTypes) && valid;
+                                       if 
(uniqueAccesses.contains(access.getType())) {
+                                               accessTypeIterator.remove();
+                                       } else {
+                                               valid = 
isValidPolicyItemAccess(access, failures, accessTypes) && valid;
+                                               
uniqueAccesses.add(access.getType());
+                                       }
                                }
                        }
                }