----------------------------------------------------------- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/75280/#review227076 -----------------------------------------------------------
agents-common/src/main/java/org/apache/ranger/plugin/errors/ValidationErrorCode.java Lines 112 (patched) <https://reviews.apache.org/r/75280/#comment315357> - POLICY_VALIDATION_ERR_NULL_POLICY_ITEM_ACCESS_TYPE => POLICY_VALIDATION_ERR_INVALID_ACCESS_TYPE - "Invalid access type: [{0}]" security-admin/src/main/java/org/apache/ranger/validation/RangerGdsValidator.java Lines 694 (patched) <https://reviews.apache.org/r/75280/#comment315358> remove line #694. security-admin/src/main/java/org/apache/ranger/validation/RangerGdsValidator.java Lines 882 (patched) <https://reviews.apache.org/r/75280/#comment315359> if (CollectionUtils.isNotEmpty(policyItem.getAccesses())) { for (RangerPolicyItemAccess itemAccess : policyItem.getAccesses()) { if (itemAccess == null) { addValidationFailure(result, ValidationErrorCode.POLICY_VALIDATION_ERR_NULL_POLICY_ITEM_ACCESS); } else { if (StringUtils.isEmpty(itemAccess.getType())) { addValidationFailure(result, ValidationErrorCode.POLICY_VALIDATION_ERR_INVALID_ACCESS_TYPE, itemAccess.getType()); } } } } - Madhan Neethiraj On Nov. 20, 2024, 10:56 p.m., Radhika Kundam wrote: > > ----------------------------------------------------------- > This is an automatically generated e-mail. To reply, visit: > https://reviews.apache.org/r/75280/ > ----------------------------------------------------------- > > (Updated Nov. 20, 2024, 10:56 p.m.) > > > Review request for ranger, Madhan Neethiraj and Ramesh Mani. > > > Bugs: RANGER-5000 > https://issues.apache.org/jira/browse/RANGER-5000 > > > Repository: ranger > > > Description > ------- > > Dataset policy creation works even when the policy items are not properly > formed in the policy.With this patch it'll validate policy items while > creating policy. And below are the validations included. > > UseCase-1: Null policy items > "policyItems": [ > null > ] > Error Msg: "msgDesc": "[ Validation failure: error code[3019], reason[policy > items object was null], field[policy items], subfield[null], type[]]", > > UseCase-2: No principals or Principals object with empty or no values > "policyItems": [ > { > "delegateAdmin": false, > "accesses": [ > { > "type": "_ALL", > "isAllowed": null > } > ] > } > ] > > "policyItems": [ > { > "delegateAdmin": false, > "accesses": [ > { > "type": "_ALL", > "isAllowed": null > } > ], > "users": [ > " " > ] > } > > "policyItems": [ > { > "delegateAdmin": false, > "accesses": [ > { > "type": "_ALL", > "isAllowed": null > } > ], > "users": [ > > ] > } > ] > Error Msg: "msgDesc": "[ Validation failure: error code[3020], reason[All of > users, user-groups and roles collections on the policy item were > null/empty], field[policy items], subfield[null], type[]]" > > > UseCase-3: Access object with no or empty access type > > "policyItems": [ > { > "delegateAdmin": false, > "accesses": [ > { > "isAllowed": true > } > ], > "users": [ > "hive" > ] > } > ] > > "policyItems": [ > { > "delegateAdmin": false, > "accesses": [ > { > "type": " ", > "isAllowed": true > } > ], > "users": [ > "hive" > ] > } > ] > Error Msg: "msgDesc": "[ Validation failure: error code[4010], reason[policy > items access object has empty or null values for type], field[policy items], > subfield[null], type[]]" > > Note: No validation exists for isAllowed being null, as it will default to > true if isAllowed is passed as NULL. > > > Diffs > ----- > > > agents-common/src/main/java/org/apache/ranger/plugin/errors/ValidationErrorCode.java > 13a362437 > security-admin/src/main/java/org/apache/ranger/biz/GdsDBStore.java > 768192e84 > > security-admin/src/main/java/org/apache/ranger/validation/RangerGdsValidator.java > c5d8200fc > > > Diff: https://reviews.apache.org/r/75280/diff/1/ > > > Testing > ------- > > Tested locally. > > > Thanks, > > Radhika Kundam > >
