----------------------------------------------------------- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/74550/#review225698 -----------------------------------------------------------
Ship it! Ship It! - Mehul Parikh On Aug. 17, 2023, 10:09 a.m., Pradeep Agrawal wrote: > > ----------------------------------------------------------- > This is an automatically generated e-mail. To reply, visit: > https://reviews.apache.org/r/74550/ > ----------------------------------------------------------- > > (Updated Aug. 17, 2023, 10:09 a.m.) > > > Review request for ranger, bhavik patel, Abhay Kulkarni, Madhan Neethiraj, > Nikhil P, Pradeep Agrawal, Ramesh Mani, Selvamohan Neethiraj, Sailaja > Polavarapu, and Velmurugan Periasamy. > > > Bugs: RANGER-4356 > https://issues.apache.org/jira/browse/RANGER-4356 > > > Repository: ranger > > > Description > ------- > > **Problem Statement:** User updated a policy with a null entry in the group > list of policy item, during csv export parsing of policy item for null group > failed with null pointer exception > > **Proposed Solution:** Changes proposed > 1) Add null user/group/role validations during policy create/update and fail > the request if it has null user/group/role > 2) Skip null user/group/role while parsing the policy items for exportCSV > request > > > Diffs > ----- > > > agents-common/src/main/java/org/apache/ranger/plugin/errors/ValidationErrorCode.java > 85c42bcc8 > > agents-common/src/main/java/org/apache/ranger/plugin/model/validation/RangerPolicyValidator.java > e1b5fe8f1 > security-admin/src/main/java/org/apache/ranger/biz/ServiceDBStore.java > ed1ea0376 > > > Diff: https://reviews.apache.org/r/74550/diff/1/ > > > Testing > ------- > > After reproducing the issue > Built ranger with proposed patch and provided same db configs which was used > earlier. > > Tried to update a policy with null entry in the user and group list: > > curl -ivk -u admin:Admin123 -H "Accept: application/json" -H "Content-Type: > application/json" -X PUT http://localhost:6080/service/plugins/policies/12 -d > '{"id":12,"guid":"85107138-2a55-4baa-bcc3-08767cdd9ca4","isEnabled":true,"createdBy":"Admin","updatedBy":"Admin","createTime":1692169569000,"updateTime":1692169569000,"version":1,"service":"service_hive","name":"all > - database","policyType":0,"policyPriority":"0","description":"Policy for > all - > database","resourceSignature":"319fd63cad4bb7c8ed17fda910b636dc2e0f6b0112e28487d9e44e8a5c846314","isAuditEnabled":true,"resources":{"database":{"isExcludes":false,"isRecursive":false,"values":["*"]}},"policyItems":[{"delegateAdmin":true,"accesses":[{"type":"select","isAllowed":true},{"type":"update","isAllowed":true},{"type":"create","isAllowed":true},{"type":"drop","isAllowed":true},{"type":"alter","isAllowed":true},{"type":"index","isAllowed":true},{"type":"lock","isAllowed":true},{"type":"all","isAllowed":true},{"type":"read","isAllowed" :true},{"type":"write","isAllowed":true},{"type":"repladmin","isAllowed":true},{"type":"serviceadmin","isAllowed":true},{"type":"tempudfadmin","isAllowed":true},{"type":"refresh","isAllowed":true},{"type":"rwstorage","isAllowed":true}],"users":["hive","beacon","dpprofiler","hue","admin","impala"]},{"delegateAdmin":false,"accesses":[{"type":"read","isAllowed":true},{"type":"select","isAllowed":true}],"users":["rangerlookup"]},{"delegateAdmin":false,"accesses":[{"type":"create","isAllowed":true}],"groups":["public",null]},{"delegateAdmin":true,"accesses":[{"type":"all","isAllowed":true}],"users":["{OWNER}",null]}],"denyPolicyItems":[],"allowExceptions":[],"denyExceptions":[],"dataMaskPolicyItems":[],"rowFilterPolicyItems":[],"serviceType":"hive","options":{},"validitySchedules":[],"policyLabels":[],"zoneName":"","isDenyAllElse":false,"conditions":[]}' > > Expected output: Policy update should fail. > > Actual output: Policy update failed with below error messages: > > {"statusCode":1,"msgDesc":"(0) Validation failure: error code[3055], > reason[policy items group was null], field[policy item groups], > subfield[null], type[missing] (1) Validation failure: error code[3054], > reason[policy items user was null], field[policy item users], subfield[null], > type[missing] "} > > > Thanks, > > Pradeep Agrawal > >
