> On March 8, 2024, 12:13 a.m., Madhan Neethiraj wrote:
> > agents-common/src/main/java/org/apache/ranger/plugin/util/ServiceDefUtil.java
> > Lines 719 (patched)
> > <https://reviews.apache.org/r/74897/diff/2/?file=2285749#file2285749line719>
> >
> > @Himanshu - how does adding "engineName" to evaluator options help
> > resolve this issue? Can you please add details? Thanks!
>
> Himanshu Maurya wrote:
> Hi @Madhan Neethiraj
>
> If engineName is not present in evaluatorOptions then we are adding this
> in RangerScriptConditionEvaluator.java while evaluation but before that in
> PermissionList.js at line 760 we are checking if engineName is not present in
> evaluatorOptions along with ui.isMultiline then split the value in policy
> conditon on commas.
> In ranger-servicedef-gds.json I can see we are adding engineName to
> evaluatorOptions in policyConditions but for other services
> ranger-servicedef-{service}.json policyConditions is empty, for them we are
> adding this through ServiceDefUtil.java and
> RangerScriptConditionEvaluator.java to avoid updation of existing
> ranger-servicedef-{service}.json and skip the json patches during upgrades.
> So I added this engineName to evaluatorOptions in ServiceDefUtil.java.
>
> Thanks and Regards
Hi @Madhan Neethiraj
Kindly ignore my previous reply.
If engineName is not present in evaluatorOptions then we are adding this in
RangerScriptConditionEvaluator.java during evaluation, but before that in
PermissionList.js at line 760, we are checking if engineName is not present in
evaluatorOptions along with ui.isMultiline then split the value in policy
condition on commas.
In ranger-servicedef-gds.json, I can see we are adding engineName to
evaluatorOptions in policyConditions but for other services in
ranger-servicedef-{service}.json policyConditions is empty, for them we are
adding this through ServiceDefUtil.java and RangerServiceDefServiceBase.java to
avoid updation of existing ranger-servicedef-{service}.json and skip the json
patches during upgrades. So I added this engineName to evaluatorOptions in
ServiceDefUtil.java.
Thanks and Regards
- Himanshu
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/74897/#review226299
-----------------------------------------------------------
On March 6, 2024, 11:57 a.m., Himanshu Maurya wrote:
>
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/74897/
> -----------------------------------------------------------
>
> (Updated March 6, 2024, 11:57 a.m.)
>
>
> Review request for ranger, bhavik patel, Dhaval Shah, Dineshkumar Yadav,
> Harshal Chavan, Kishor Gollapalliwar, Madhan Neethiraj, Mehul Parikh, Nitin
> Galave, Pradeep Agrawal, and Velmurugan Periasamy.
>
>
> Bugs: RANGER-4719
> https://issues.apache.org/jira/browse/RANGER-4719
>
>
> Repository: ranger
>
>
> Description
> -------
>
> While using attributes with default values introduced in RANGER-3997 like
> GET_USER_ATTR('state', 'null') in policy condition.
> It is observed that ranger is splitting condition string in to parts
> separated by comma of the parameters passed to GET_USER_ATTR(), due to this
> it is not taking default value and conditions are converted to invalid
> strings.
>
>
> Diffs
> -----
>
>
> agents-common/src/main/java/org/apache/ranger/plugin/util/ServiceDefUtil.java
> ea76e6c33
>
>
> Diff: https://reviews.apache.org/r/74897/diff/2/
>
>
> Testing
> -------
>
> Done the required code changes and installed ranger.
> Validated the policy conditions with default comma separated parameters
> passed with attributes.
>
>
> Thanks,
>
> Himanshu Maurya
>
>
