-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/75052/
-----------------------------------------------------------
Review request for ranger, madhan, Madhan Neethiraj, Pradeep Agrawal, and
Velmurugan Periasamy.
Bugs: RANGER-4823
https://issues.apache.org/jira/browse/RANGER-4823
Repository: ranger
Description
-------
When policy deltas are enabled, and there is no material change in policy-set
after previous policy download processed by Ranger admin, the ServicePolicies
object downloaded contains null value instead of an empty list for policyDeltas
attribute because of change made to the annotations by RANGER-3948. As the
plugin considers empty-list value differently than null value, the
policy-engine built by the plugin does not correctly reflect the existing
policy-set, and leads to incorrect authorization result.
A material change to policy-set indicates that there is at least one policy
added/deleted/updated to previous policy-set.
The fix is to annotate policyDelta attribute in ServicePolicies and
SecurityZone class with
@JsonSerialize(include=JsonSerialize.Inclusion.NON_NULL)
Diffs
-----
agents-common/src/main/java/org/apache/ranger/plugin/util/ServicePolicies.java
dd64a6767
Diff: https://reviews.apache.org/r/75052/diff/1/
Testing
-------
Ran all unit tests successfully
Thanks,
Abhay Kulkarni
