[jira] [Updated] (RANGER-4767) Deleted policies are still taking effect if all policies for a security zone are deleted

Thu, 04 Apr 2024 09:32:25 -0700 


     [ 
https://issues.apache.org/jira/browse/RANGER-4767?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Abhay Kulkarni updated RANGER-4767:
-----------------------------------
    Description: 
If all the policies for a security zone are deleted, then still the previous 
policies are taking effect.
If there are no policies in the repo, then the following error is seen in the 
logs
while syncing the policies, and the previously existing policies are still 
taking effect and operations are allowed through those policies
{code:java|bgColor=#f4f5f7}
2024-04-02T16:09:42.913Z        ERROR   
PolicyRefresher(serviceName=cm_trino)-233       
org.apache.ranger.plugin.service.RangerBasePlugin       setPolicies: policy 
engine initialization failed!  Leaving current policy engine as-is. Exception : 
java.lang.NullPointerException: Cannot invoke "java.util.List.iterator()" 
because "this.policies" is null
        at 
org.apache.ranger.plugin.policyengine.RangerPolicyRepository.init(RangerPolicyRepository.java:887)
        at 
org.apache.ranger.plugin.policyengine.RangerPolicyRepository.<init>(RangerPolicyRepository.java:229)
        at 
org.apache.ranger.plugin.policyengine.PolicyEngine.<init>(PolicyEngine.java:264)
        at 
org.apache.ranger.plugin.policyengine.RangerPolicyEngineImpl.<init>(RangerPolicyEngineImpl.java:104)
        at 
org.apache.ranger.plugin.service.RangerBasePlugin.setPolicies(RangerBasePlugin.java:363)
        at 
org.apache.ranger.plugin.util.PolicyRefresher.loadPolicy(PolicyRefresher.java:264)
        at 
org.apache.ranger.plugin.util.PolicyRefresher.run(PolicyRefresher.java:210) 
{code}

  was:
If all the policies in a repo are deleted, then still the previous policies are 
taking effect.
If there are no policies in the repo, then the following error is seen in the 
logs
while syncing the policies, and the previously existing policies are still 
taking effect and operations are allowed through those policies
{code:java|bgColor=#f4f5f7}
2024-04-02T16:09:42.913Z        ERROR   
PolicyRefresher(serviceName=cm_trino)-233       
org.apache.ranger.plugin.service.RangerBasePlugin       setPolicies: policy 
engine initialization failed!  Leaving current policy engine as-is. Exception : 
java.lang.NullPointerException: Cannot invoke "java.util.List.iterator()" 
because "this.policies" is null
        at 
org.apache.ranger.plugin.policyengine.RangerPolicyRepository.init(RangerPolicyRepository.java:887)
        at 
org.apache.ranger.plugin.policyengine.RangerPolicyRepository.<init>(RangerPolicyRepository.java:229)
        at 
org.apache.ranger.plugin.policyengine.PolicyEngine.<init>(PolicyEngine.java:264)
        at 
org.apache.ranger.plugin.policyengine.RangerPolicyEngineImpl.<init>(RangerPolicyEngineImpl.java:104)
        at 
org.apache.ranger.plugin.service.RangerBasePlugin.setPolicies(RangerBasePlugin.java:363)
        at 
org.apache.ranger.plugin.util.PolicyRefresher.loadPolicy(PolicyRefresher.java:264)
        at 
org.apache.ranger.plugin.util.PolicyRefresher.run(PolicyRefresher.java:210) 
{code}


> Deleted policies are still taking effect if all policies for a security zone 
> are deleted
> ----------------------------------------------------------------------------------------
>
>                 Key: RANGER-4767
>                 URL: https://issues.apache.org/jira/browse/RANGER-4767
>             Project: Ranger
>          Issue Type: Bug
>          Components: Ranger
>            Reporter: Abhishek
>            Assignee: Abhay Kulkarni
>            Priority: Major
>
> If all the policies for a security zone are deleted, then still the previous 
> policies are taking effect.
> If there are no policies in the repo, then the following error is seen in the 
> logs
> while syncing the policies, and the previously existing policies are still 
> taking effect and operations are allowed through those policies
> {code:java|bgColor=#f4f5f7}
> 2024-04-02T16:09:42.913Z      ERROR   
> PolicyRefresher(serviceName=cm_trino)-233       
> org.apache.ranger.plugin.service.RangerBasePlugin       setPolicies: policy 
> engine initialization failed!  Leaving current policy engine as-is. Exception 
> : 
> java.lang.NullPointerException: Cannot invoke "java.util.List.iterator()" 
> because "this.policies" is null
>       at 
> org.apache.ranger.plugin.policyengine.RangerPolicyRepository.init(RangerPolicyRepository.java:887)
>       at 
> org.apache.ranger.plugin.policyengine.RangerPolicyRepository.<init>(RangerPolicyRepository.java:229)
>       at 
> org.apache.ranger.plugin.policyengine.PolicyEngine.<init>(PolicyEngine.java:264)
>       at 
> org.apache.ranger.plugin.policyengine.RangerPolicyEngineImpl.<init>(RangerPolicyEngineImpl.java:104)
>       at 
> org.apache.ranger.plugin.service.RangerBasePlugin.setPolicies(RangerBasePlugin.java:363)
>       at 
> org.apache.ranger.plugin.util.PolicyRefresher.loadPolicy(PolicyRefresher.java:264)
>       at 
> org.apache.ranger.plugin.util.PolicyRefresher.run(PolicyRefresher.java:210) 
> {code}



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

Reply via email to