vyommani opened a new pull request, #592:
URL: https://github.com/apache/ranger/pull/592
## What changes were proposed in this pull request?
When tag de duplication is enabled in Apache Ranger, deleting and recreating
one resource causes the tag-based policy to fail for another resource that
retains the same tag in Apache Atlas. After recreating the first resource, a
user with access via the tag-based policy is unexpectedly denied access to the
second resource, despite the tag still being associated with it.
In the dedupTags() method, if a tag’s ID is higher than the retained ID, the
tag is removed from the tags map instead of updating its ID. This can
invalidate the tag’s mapping for the second resource after the first resource’s
deletion, breaking the policy.
## How was this patch tested?
Modified the extsting test(TestServiceTags.java) and newly added test will
fail without fix and passes after fix.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
