[jira] [Updated] (RANGER-5000) Add validations to ensure that the policy items are properly formed during dataset policy creation / edit

Thu, 21 Nov 2024 16:16:06 -0800 


     [ 
https://issues.apache.org/jira/browse/RANGER-5000?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Radhika Kundam updated RANGER-5000:
-----------------------------------
    Attachment: PolicyValidationErrorUseCases.pdf

> Add validations to ensure that the policy items are properly formed during 
> dataset policy creation / edit
> ---------------------------------------------------------------------------------------------------------
>
>                 Key: RANGER-5000
>                 URL: https://issues.apache.org/jira/browse/RANGER-5000
>             Project: Ranger
>          Issue Type: Bug
>          Components: Ranger
>            Reporter: Abhishek
>            Assignee: Radhika Kundam
>            Priority: Major
>         Attachments: PolicyValidationErrorUseCases.pdf
>
>
> *Problem statement*
> Dataset policy creation works even when the policy items are not properly 
> formed in the policy.
> *Steps to reproduce*
> 1. Create a dataset
> 2.  Make a POST request to 
> \{BASE_URL}/service/gds/dataset/\{DATASET_ID}/policy using the following 
> payload
> {code:java}
> {
>    "id":149,
>    "guid":"aa020de3-a433-46c3-b082-5a9330f64c4a",
>    "isEnabled":true,
>    "createdBy":"Admin",
>    "updatedBy":"Admin",
>    "createTime":1731577607000,
>    "updateTime":1731577607000,
>    "version":1,
>    "service":"_gds",
>    "name":"DATASET: test_dataset_1_gckcvky@1731577606501",
>    "policyType":0,
>    "policyPriority":0,
>    "description":"Policy for dataset: test_dataset_1_gckcvky",
>    
> "resourceSignature":"a2ba2622d4ea10daf494c293d9896b5764319e836b891a4eca6eb5d03b816e69",
>    "isAuditEnabled":true,
>    "resources":{
>       "dataset-id":{
>          "values":[
>             "12"
>          ],
>          "isExcludes":false,
>          "isRecursive":false
>       }
>    },
>    "policyItems":[
>       {
>          "users":[
>             "hrt_10"
>          ],
>          "delegateAdmin":false
>       }
>    ],
>    "serviceType":"gds",
>    "isDenyAllElse":false
> } {code}
> The policy creation is allowed, even though the access types are not present 
> in the policyItems.
> Similarly, if the users/groups/roles section is missing in the policyItems 
> field and only accessTypes are present, still the policy creation works fine.
> This issue is present with the PUT  
> \{BASE_URL}/service/gds/dataset/\{DATASET_ID}/policy/\{POLICY_ID} API 
> endpoint as well.
> *Expectation*
> Validations have to be added to ensure that the policy items are properly 
> formed during dataset policy creation / edit via API.
> Such validations are already present for dataset policy creation / update via 
> UI.
>  
>  



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

Reply via email to