[
https://issues.apache.org/jira/browse/RANGER-2760?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
star resolved RANGER-2760.
--------------------------
Resolution: Won't Fix
meged with RANGER-2761.
> Bugs about wildcard evaluator incremental updates
> --------------------------------------------------
>
> Key: RANGER-2760
> URL: https://issues.apache.org/jira/browse/RANGER-2760
> Project: Ranger
> Issue Type: Bug
> Components: Ranger
> Affects Versions: 2.0.0
> Reporter: star
> Assignee: star
> Priority: Major
> Attachments: RANGER-2760.patch
>
> Time Spent: 10m
> Remaining Estimate: 0h
>
> When incrementally update wildcard policies, it will not cause any effect.
> Reproduce steps:
> 1. Create a policy A to grant Peter select access to database test and
> table t. Verify Peter did have select access.
> 2. Create a policy B to deny Peter select access to all database and
> table. Verify Peter is rejected select access to database test and table t.
> 3. Delete deny rule from policy B and expecting that Peter again has
> select access. However it is does not happen.
> The bug is caused by following code.
>
> {code:java}
> //RangerResourceTrie
> boolean removeWildcardEvaluator(U evaluator) {
> ...
> this.wildcardEvaluators.remove(evaluator);
> undoSetup();
> ...
> }
> void undoSetup() {
> ...
> if (wildcardEvaluators != null) {
> evaluators.removeAll(this.wildcardEvaluators);
> }
> ...
> }
> Set<T> getEvaluatorsForResource(String resource) {
> ...
> Set<T> ret = i == len ? curr.getEvaluators() :
> curr.getWildcardEvaluators();
> ...
> }
> {code}
> Func 'removeWildcardEvaluator' removed the wildcard evaluator from
> this.wildcardEvaluators first. Then, evaluators fail to remove the same
> wildcard evaluator. As a result, the old evaluator will be matched in func
> 'getEvaluatorsForResource'。
>
>
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
