----------------------------------------------------------- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/75052/#review226557 -----------------------------------------------------------
Ship it! Ship It! - Madhan Neethiraj On June 17, 2024, 11:41 p.m., Abhay Kulkarni wrote: > > ----------------------------------------------------------- > This is an automatically generated e-mail. To reply, visit: > https://reviews.apache.org/r/75052/ > ----------------------------------------------------------- > > (Updated June 17, 2024, 11:41 p.m.) > > > Review request for ranger, madhan, Madhan Neethiraj, Pradeep Agrawal, and > Velmurugan Periasamy. > > > Bugs: RANGER-4823 > https://issues.apache.org/jira/browse/RANGER-4823 > > > Repository: ranger > > > Description > ------- > > When policy deltas are enabled, and there is no material change in policy-set > after previous policy download processed by Ranger admin, the ServicePolicies > object downloaded contains null value instead of an empty list for > policyDeltas attribute because of change made to the annotations by > RANGER-3948. As the plugin considers empty-list value differently than null > value, the policy-engine built by the plugin does not correctly reflect the > existing policy-set, and leads to incorrect authorization result. > > > > A material change to policy-set indicates that there is at least one policy > added/deleted/updated to previous policy-set. > > The fix is to annotate policyDelta attribute in ServicePolicies and > SecurityZone class with > > @JsonSerialize(include=JsonSerialize.Inclusion.NON_NULL) > > > Diffs > ----- > > > agents-common/src/main/java/org/apache/ranger/plugin/util/ServicePolicies.java > dd64a6767 > > > Diff: https://reviews.apache.org/r/75052/diff/1/ > > > Testing > ------- > > Ran all unit tests successfully > > > Thanks, > > Abhay Kulkarni > >
