[
https://issues.apache.org/jira/browse/RANGER-4486?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Subhrat Chaudhary updated RANGER-4486:
--------------------------------------
Description:
In RANGER-4398 , we added support for incremental updates with the PUT API -
/service/public/v2/api/zones-v2/\{zoneId}/partial. This allows addition of
duplicate principals (admin and auditor UGR) and tagServices.
Steps to reproduce. Create a security-zone and update with above PUT API:
{code:java}
{
"id": 5,
"isEnabled": true,
"createdBy": "Admin",
"updatedBy": "Admin",
"createTime": 1697718906795,
"updateTime": 1697718906796,
"name": "zone10",
"services": {
"hive1": {
"resources": [
{
"id": 1,
"resource": {
"database": [
"db10"
]
}
}
]
}
},
"tagServicesToAdd": [
"tag1"
],
"adminsToAdd": [
{
"type": "USER",
"name": "mark"
}
]
}{code}
If we call the same API with same request again, it creates duplicate adminUser
and tagService as below:
{code:java}
{
"id": 5,
"isEnabled": true,
"createdBy": "Admin",
"updatedBy": "Admin",
"createTime": 1697718906795,
"updateTime": 1697719001243,
"name": "zone10",
"services": {
"hive1": {
"resources": [
{
"id": 1,
"resource": {
"database": [
"db10"
]
}
}
]
}
},
"tagServices": [
"tag1",
"tag1"
],
"admins": [
{
"type": "USER",
"name": "mark"
},
{
"type": "USER",
"name": "mark"
}
],
"auditors": [
{
"type": "USER",
"name": "mark"
}
]
}{code}
was:
In RANGER-4398 , we added support for incremental updates with the PUT API -
/service/public/v2/api/zones-v2/\{zoneId}/partial. This allows addition of
duplicate adminUsers, auditorUser and tagServices.
Steps to reproduce. Create a security-zone and update with above PUT API:
{code:java}
{
"id": 5,
"isEnabled": true,
"createdBy": "Admin",
"updatedBy": "Admin",
"createTime": 1697718906795,
"updateTime": 1697718906796,
"name": "zone10",
"services": {
"hive1": {
"resources": [
{
"id": 1,
"resource": {
"database": [
"db10"
]
}
}
]
}
},
"tagServicesToAdd": [
"tag1"
],
"adminsToAdd": [
{
"type": "USER",
"name": "mark"
}
]
}{code}
If we call the same API with same request again, it creates duplicate adminUser
and tagService as below:
{code:java}
{
"id": 5,
"isEnabled": true,
"createdBy": "Admin",
"updatedBy": "Admin",
"createTime": 1697718906795,
"updateTime": 1697719001243,
"name": "zone10",
"services": {
"hive1": {
"resources": [
{
"id": 1,
"resource": {
"database": [
"db10"
]
}
}
]
}
},
"tagServices": [
"tag1",
"tag1"
],
"admins": [
{
"type": "USER",
"name": "mark"
},
{
"type": "USER",
"name": "mark"
}
],
"auditors": [
{
"type": "USER",
"name": "mark"
}
]
}{code}
> ZoneV2 partial update allows duplicate principals and tagServices
> -----------------------------------------------------------------
>
> Key: RANGER-4486
> URL: https://issues.apache.org/jira/browse/RANGER-4486
> Project: Ranger
> Issue Type: Bug
> Components: admin
> Reporter: Subhrat Chaudhary
> Assignee: Subhrat Chaudhary
> Priority: Major
>
> In RANGER-4398 , we added support for incremental updates with the PUT API -
> /service/public/v2/api/zones-v2/\{zoneId}/partial. This allows addition of
> duplicate principals (admin and auditor UGR) and tagServices.
> Steps to reproduce. Create a security-zone and update with above PUT API:
> {code:java}
> {
> "id": 5,
> "isEnabled": true,
> "createdBy": "Admin",
> "updatedBy": "Admin",
> "createTime": 1697718906795,
> "updateTime": 1697718906796,
> "name": "zone10",
> "services": {
> "hive1": {
> "resources": [
> {
> "id": 1,
> "resource": {
> "database": [
> "db10"
> ]
> }
> }
> ]
> }
> },
> "tagServicesToAdd": [
> "tag1"
> ],
> "adminsToAdd": [
> {
> "type": "USER",
> "name": "mark"
> }
> ]
> }{code}
> If we call the same API with same request again, it creates duplicate
> adminUser and tagService as below:
> {code:java}
> {
> "id": 5,
> "isEnabled": true,
> "createdBy": "Admin",
> "updatedBy": "Admin",
> "createTime": 1697718906795,
> "updateTime": 1697719001243,
> "name": "zone10",
> "services": {
> "hive1": {
> "resources": [
> {
> "id": 1,
> "resource": {
> "database": [
> "db10"
> ]
> }
> }
> ]
> }
> },
> "tagServices": [
> "tag1",
> "tag1"
> ],
> "admins": [
> {
> "type": "USER",
> "name": "mark"
> },
> {
> "type": "USER",
> "name": "mark"
> }
> ],
> "auditors": [
> {
> "type": "USER",
> "name": "mark"
> }
> ]
> }{code}
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
