----------------------------------------------------------- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/74686/#review225879 -----------------------------------------------------------
agents-common/src/main/java/org/apache/ranger/plugin/util/RangerSecurityZoneHelper.java Line 163 (original), 163 (patched) <https://reviews.apache.org/r/74686/#comment314290> when users already has principal.getName(), else conditions in #165 and #167 be evaluated unnecessaitly. Consider adding following method and call it from here: private void addIfAbsent(String item, List<String> lst) { if (!lst.contains(item)) { lst.add(item); } } if (principal.getType() == RangerPrincipal.PrincipalType.USER) { addIfAbsent(principal.getName(), users); } else if (principal.getType() == RangerPrincipal.PrincipalType.GROUP) { addIfAbsent(principal.getName(), groups); } else if (principal.getType() == RangerPrincipal.PrincipalType.ROLE) { addIfAbsent(principal.getName(), roles); } agents-common/src/main/java/org/apache/ranger/plugin/util/RangerSecurityZoneHelper.java Lines 185 (patched) <https://reviews.apache.org/r/74686/#comment314289> addIfAbesnt => addTagServiceIfAbesnt - Madhan Neethiraj On Oct. 20, 2023, 4:28 a.m., Subhrat Chaudhary wrote: > > ----------------------------------------------------------- > This is an automatically generated e-mail. To reply, visit: > https://reviews.apache.org/r/74686/ > ----------------------------------------------------------- > > (Updated Oct. 20, 2023, 4:28 a.m.) > > > Review request for ranger, Anand Nadar, Ankita Sinha, Madhan Neethiraj, > Monika Kachhadiya, and Prashant Satam. > > > Bugs: RANGER-4486 > https://issues.apache.org/jira/browse/RANGER-4486 > > > Repository: ranger > > > Description > ------- > > The PUT API - /service/public/v2/api/zones-v2/{zoneId}/partial allows > addition of duplicate principals (admin and auditor UGR) and tagServices. > > > Diffs > ----- > > > agents-common/src/main/java/org/apache/ranger/plugin/util/RangerSecurityZoneHelper.java > facc305fe > > > Diff: https://reviews.apache.org/r/74686/diff/1/ > > > Testing > ------- > > Validated the PUT API - /service/public/v2/api/zones-v2/{zoneId}/partial, by > passing duplicate tagService and adminUser in request repeatedly: > > { > "id": 5, > "isEnabled": true, > "createdBy": "Admin", > "updatedBy": "Admin", > "createTime": 1697718906795, > "updateTime": 1697718906796, > "name": "zone10", > "services": { > "hive1": { > "resources": [ > { > "id": 1, > "resource": { > "database": [ > "db10" > ] > } > } > ] > } > }, > "tagServicesToAdd": [ > "tag1", "tag1" > ], > "adminsToAdd": [ > { > "type": "USER", > "name": "mark" > }, > { > "type": "USER", > "name": "mark" > } > ] > } > > The zone is updated with single adminUser and tagService: > > { > "id": 5, > "isEnabled": true, > "createdBy": "Admin", > "updatedBy": "Admin", > "createTime": 1697718906795, > "updateTime": 1697775464068, > "name": "zone10", > "services": { > "hive1": { > "resources": [ > { > "id": 1, > "resource": { > "database": [ > "db10" > ] > } > } > ] > } > }, > "tagServices": [ > "tag1" > ], > "admins": [ > { > "type": "USER", > "name": "mark" > } > ], > "auditors": [ > { > "type": "USER", > "name": "mark" > } > ] > } > > > Thanks, > > Subhrat Chaudhary > >
