Abhishek Shukla created RANGER-2857:
---------------------------------------
Summary: Create volume fails for a policy with specific
volume/bucket/key names
Key: RANGER-2857
URL: https://issues.apache.org/jira/browse/RANGER-2857
Project: Ranger
Issue Type: Bug
Components: plugins
Affects Versions: 2.1.0
Reporter: Abhishek Shukla
*Test Policy Contents:*
{noformat}
{
"resources": {
"volume": {
"values": [
"volume-ojzj-1",
"volume-ojzj-2"
],
"isExcludes": false,
"isRecursive": false
},
"bucket": {
"values": [
"bucket-jezv-1",
"bucket-jezv-2"
],
"isExcludes": false,
"isRecursive": false
},
"key": {
"values": [
"key-wssb_1",
"key-wssb_2"
],
"isExcludes": false,
"isRecursive": false
}
},
"policyItems": [
{
"accesses": [
{
"type": "read",
"isAllowed": true
},
{
"type": "write",
"isAllowed": true
},
{
"type": "create",
"isAllowed": true
},
{
"type": "delete",
"isAllowed": true
}
],
"users": [
"hrt_qa"
],
"groups": [],
"roles": [],
"conditions": [],
"delegateAdmin": false
}
],
"denyPolicyItems": [],
"allowExceptions": [],
"denyExceptions": [],
"dataMaskPolicyItems": [],
"rowFilterPolicyItems": [],
"serviceType": "ozone",
"options": {},
"validitySchedules": [],
"policyLabels": [],
"zoneName": "",
"isDenyAllElse": false
}{noformat}
*Ozone Client Commands:*
{noformat}
$ ozone sh volume create o3://ozone1/volume-ojzj-1
INFO rpc.RpcClient: Creating Volume: volume-ojzj-1, with hrt_qa as owner.
PERMISSION_DENIED User hrt_qa doesn't have CREATE permission to access volume
$ ozone sh volume delete o3://ozone1/volume-ojzj-1
PERMISSION_DENIED User hrt_qa doesn't have DELETE permission to access volume
{noformat}
Now in the same test policy, if I select bucket as *none* or give wildcard [*]
for the bucket and key resources, the access is provided to create/delete the
volume.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
