This is an automated email from the ASF dual-hosted git repository. pradeep pushed a commit to branch master in repository https://gitbox.apache.org/repos/asf/ranger.git
The following commit(s) were added to refs/heads/master by this push: new 3c2f61276 RANGER-3752: Restrict duplicate access types entries in policy creation 3c2f61276 is described below commit 3c2f6127609dd032452165d2cb3d4068de4cfe47 Author: pradeep <prad...@apache.org> AuthorDate: Tue May 10 12:42:03 2022 +0530 RANGER-3752: Restrict duplicate access types entries in policy creation --- .../plugin/model/validation/RangerPolicyValidator.java | 12 ++++++++++-- 1 file changed, 10 insertions(+), 2 deletions(-) diff --git a/agents-common/src/main/java/org/apache/ranger/plugin/model/validation/RangerPolicyValidator.java b/agents-common/src/main/java/org/apache/ranger/plugin/model/validation/RangerPolicyValidator.java index fb6556b59..0a58bb36d 100644 --- a/agents-common/src/main/java/org/apache/ranger/plugin/model/validation/RangerPolicyValidator.java +++ b/agents-common/src/main/java/org/apache/ranger/plugin/model/validation/RangerPolicyValidator.java @@ -963,7 +963,10 @@ public class RangerPolicyValidator extends RangerValidator { LOG.debug("policy item accesses collection was null/empty!"); } else { Set<String> accessTypes = getAccessTypes(serviceDef); - for (RangerPolicyItemAccess access : accesses) { + Set<String> uniqueAccesses = new HashSet<>(); + Iterator<RangerPolicyItemAccess> accessTypeIterator = accesses.iterator(); + while (accessTypeIterator.hasNext()) { + RangerPolicyItemAccess access = accessTypeIterator.next(); if (access == null) { ValidationErrorCode error = ValidationErrorCode.POLICY_VALIDATION_ERR_NULL_POLICY_ITEM_ACCESS; failures.add(new ValidationFailureDetailsBuilder() @@ -975,7 +978,12 @@ public class RangerPolicyValidator extends RangerValidator { valid = false; } else { // we want to go through all elements even though one may be bad so all failures are captured - valid = isValidPolicyItemAccess(access, failures, accessTypes) && valid; + if (uniqueAccesses.contains(access.getType())) { + accessTypeIterator.remove(); + } else { + valid = isValidPolicyItemAccess(access, failures, accessTypes) && valid; + uniqueAccesses.add(access.getType()); + } } } }