Re: Review Request 74952: RANGER-4767: Deleted policies are still taking effect if all policies for a security zone are deleted
--- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/74952/#review226378 --- Ship it! Ship It! - Madhan Neethiraj On April 4, 2024, 5:04 p.m., Abhay Kulkarni wrote: > > --- > This is an automatically generated e-mail. To reply, visit: > https://reviews.apache.org/r/74952/ > --- > > (Updated April 4, 2024, 5:04 p.m.) > > > Review request for ranger, Abhishek Patil, madhan, Madhan Neethiraj, and > Pradeep Agrawal. > > > Bugs: RANGER-4767 > https://issues.apache.org/jira/browse/RANGER-4767 > > > Repository: ranger > > > Description > --- > > If all the policies for a security zone are deleted, then still the previous > policies are taking effect. > If there are no policies in the repo, then the following error is seen in the > logs > while syncing the policies, and the previously existing policies are still > taking effect and operations are allowed through those policies. > > The policy-engine creation failed with a NPE when processing the set of > policies containing a security zone with no policies in it. > > > Diffs > - > > > agents-common/src/main/java/org/apache/ranger/plugin/service/RangerBasePlugin.java > 6a3d59dae > > > Diff: https://reviews.apache.org/r/74952/diff/1/ > > > Testing > --- > > Compiled and ran all unit tests successfully. > > Verified by manually testing the scenario in the cluster. > > > Thanks, > > Abhay Kulkarni > >
Review Request 74952: RANGER-4767: Deleted policies are still taking effect if all policies for a security zone are deleted
--- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/74952/ --- Review request for ranger, Abhishek Patil, madhan, Madhan Neethiraj, and Pradeep Agrawal. Bugs: RANGER-4767 https://issues.apache.org/jira/browse/RANGER-4767 Repository: ranger Description --- If all the policies for a security zone are deleted, then still the previous policies are taking effect. If there are no policies in the repo, then the following error is seen in the logs while syncing the policies, and the previously existing policies are still taking effect and operations are allowed through those policies. The policy-engine creation failed with a NPE when processing the set of policies containing a security zone with no policies in it. Diffs - agents-common/src/main/java/org/apache/ranger/plugin/service/RangerBasePlugin.java 6a3d59dae Diff: https://reviews.apache.org/r/74952/diff/1/ Testing --- Compiled and ran all unit tests successfully. Verified by manually testing the scenario in the cluster. Thanks, Abhay Kulkarni
[jira] [Updated] (RANGER-4767) Deleted policies are still taking effect if all policies for a security zone are deleted
[ https://issues.apache.org/jira/browse/RANGER-4767?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Abhay Kulkarni updated RANGER-4767: --- Description: If all the policies for a security zone are deleted, then still the previous policies are taking effect. If there are no policies in the repo, then the following error is seen in the logs while syncing the policies, and the previously existing policies are still taking effect and operations are allowed through those policies {code:java|bgColor=#f4f5f7} 2024-04-02T16:09:42.913ZERROR PolicyRefresher(serviceName=cm_trino)-233 org.apache.ranger.plugin.service.RangerBasePlugin setPolicies: policy engine initialization failed! Leaving current policy engine as-is. Exception : java.lang.NullPointerException: Cannot invoke "java.util.List.iterator()" because "this.policies" is null at org.apache.ranger.plugin.policyengine.RangerPolicyRepository.init(RangerPolicyRepository.java:887) at org.apache.ranger.plugin.policyengine.RangerPolicyRepository.(RangerPolicyRepository.java:229) at org.apache.ranger.plugin.policyengine.PolicyEngine.(PolicyEngine.java:264) at org.apache.ranger.plugin.policyengine.RangerPolicyEngineImpl.(RangerPolicyEngineImpl.java:104) at org.apache.ranger.plugin.service.RangerBasePlugin.setPolicies(RangerBasePlugin.java:363) at org.apache.ranger.plugin.util.PolicyRefresher.loadPolicy(PolicyRefresher.java:264) at org.apache.ranger.plugin.util.PolicyRefresher.run(PolicyRefresher.java:210) {code} was: If all the policies in a repo are deleted, then still the previous policies are taking effect. If there are no policies in the repo, then the following error is seen in the logs while syncing the policies, and the previously existing policies are still taking effect and operations are allowed through those policies {code:java|bgColor=#f4f5f7} 2024-04-02T16:09:42.913ZERROR PolicyRefresher(serviceName=cm_trino)-233 org.apache.ranger.plugin.service.RangerBasePlugin setPolicies: policy engine initialization failed! Leaving current policy engine as-is. Exception : java.lang.NullPointerException: Cannot invoke "java.util.List.iterator()" because "this.policies" is null at org.apache.ranger.plugin.policyengine.RangerPolicyRepository.init(RangerPolicyRepository.java:887) at org.apache.ranger.plugin.policyengine.RangerPolicyRepository.(RangerPolicyRepository.java:229) at org.apache.ranger.plugin.policyengine.PolicyEngine.(PolicyEngine.java:264) at org.apache.ranger.plugin.policyengine.RangerPolicyEngineImpl.(RangerPolicyEngineImpl.java:104) at org.apache.ranger.plugin.service.RangerBasePlugin.setPolicies(RangerBasePlugin.java:363) at org.apache.ranger.plugin.util.PolicyRefresher.loadPolicy(PolicyRefresher.java:264) at org.apache.ranger.plugin.util.PolicyRefresher.run(PolicyRefresher.java:210) {code} > Deleted policies are still taking effect if all policies for a security zone > are deleted > > > Key: RANGER-4767 > URL: https://issues.apache.org/jira/browse/RANGER-4767 > Project: Ranger > Issue Type: Bug > Components: Ranger >Reporter: Abhishek >Assignee: Abhay Kulkarni >Priority: Major > > If all the policies for a security zone are deleted, then still the previous > policies are taking effect. > If there are no policies in the repo, then the following error is seen in the > logs > while syncing the policies, and the previously existing policies are still > taking effect and operations are allowed through those policies > {code:java|bgColor=#f4f5f7} > 2024-04-02T16:09:42.913Z ERROR > PolicyRefresher(serviceName=cm_trino)-233 > org.apache.ranger.plugin.service.RangerBasePlugin setPolicies: policy > engine initialization failed! Leaving current policy engine as-is. Exception > : > java.lang.NullPointerException: Cannot invoke "java.util.List.iterator()" > because "this.policies" is null > at > org.apache.ranger.plugin.policyengine.RangerPolicyRepository.init(RangerPolicyRepository.java:887) > at > org.apache.ranger.plugin.policyengine.RangerPolicyRepository.(RangerPolicyRepository.java:229) > at > org.apache.ranger.plugin.policyengine.PolicyEngine.(PolicyEngine.java:264) > at > org.apache.ranger.plugin.policyengine.RangerPolicyEngineImpl.(RangerPolicyEngineImpl.java:104) > at > org.apache.ranger.plugin.service.RangerBasePlugin.setPolicies(RangerBasePlugin.java:363) > at > org.apache.ranger.plugin.util.PolicyRefresher.loadPolicy(PolicyRefresher.java:264) > at > org.apache.ranger.plugin.util.PolicyRefresher.run(PolicyRefresher.java:210) > {code}
[jira] [Updated] (RANGER-4767) Deleted policies are still taking effect if all policies for a security zone are deleted
[ https://issues.apache.org/jira/browse/RANGER-4767?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Abhay Kulkarni updated RANGER-4767: --- Summary: Deleted policies are still taking effect if all policies for a security zone are deleted (was: Deleted policies are still taking effect if all policies in a repo for a security zone are deleted) > Deleted policies are still taking effect if all policies for a security zone > are deleted > > > Key: RANGER-4767 > URL: https://issues.apache.org/jira/browse/RANGER-4767 > Project: Ranger > Issue Type: Bug > Components: Ranger >Reporter: Abhishek >Assignee: Abhay Kulkarni >Priority: Major > > If all the policies in a repo are deleted, then still the previous policies > are taking effect. > If there are no policies in the repo, then the following error is seen in the > logs > while syncing the policies, and the previously existing policies are still > taking effect and operations are allowed through those policies > {code:java|bgColor=#f4f5f7} > 2024-04-02T16:09:42.913Z ERROR > PolicyRefresher(serviceName=cm_trino)-233 > org.apache.ranger.plugin.service.RangerBasePlugin setPolicies: policy > engine initialization failed! Leaving current policy engine as-is. Exception > : > java.lang.NullPointerException: Cannot invoke "java.util.List.iterator()" > because "this.policies" is null > at > org.apache.ranger.plugin.policyengine.RangerPolicyRepository.init(RangerPolicyRepository.java:887) > at > org.apache.ranger.plugin.policyengine.RangerPolicyRepository.(RangerPolicyRepository.java:229) > at > org.apache.ranger.plugin.policyengine.PolicyEngine.(PolicyEngine.java:264) > at > org.apache.ranger.plugin.policyengine.RangerPolicyEngineImpl.(RangerPolicyEngineImpl.java:104) > at > org.apache.ranger.plugin.service.RangerBasePlugin.setPolicies(RangerBasePlugin.java:363) > at > org.apache.ranger.plugin.util.PolicyRefresher.loadPolicy(PolicyRefresher.java:264) > at > org.apache.ranger.plugin.util.PolicyRefresher.run(PolicyRefresher.java:210) > {code} -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Updated] (RANGER-4767) Deleted policies are still taking effect if all policies in a repo for a security zone are deleted
[ https://issues.apache.org/jira/browse/RANGER-4767?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Abhay Kulkarni updated RANGER-4767: --- Summary: Deleted policies are still taking effect if all policies in a repo for a security zone are deleted (was: Deleted policies are still taking effect if all policies in a repo are deleted) > Deleted policies are still taking effect if all policies in a repo for a > security zone are deleted > -- > > Key: RANGER-4767 > URL: https://issues.apache.org/jira/browse/RANGER-4767 > Project: Ranger > Issue Type: Bug > Components: Ranger >Reporter: Abhishek >Assignee: Abhay Kulkarni >Priority: Major > > If all the policies in a repo are deleted, then still the previous policies > are taking effect. > If there are no policies in the repo, then the following error is seen in the > logs > while syncing the policies, and the previously existing policies are still > taking effect and operations are allowed through those policies > {code:java|bgColor=#f4f5f7} > 2024-04-02T16:09:42.913Z ERROR > PolicyRefresher(serviceName=cm_trino)-233 > org.apache.ranger.plugin.service.RangerBasePlugin setPolicies: policy > engine initialization failed! Leaving current policy engine as-is. Exception > : > java.lang.NullPointerException: Cannot invoke "java.util.List.iterator()" > because "this.policies" is null > at > org.apache.ranger.plugin.policyengine.RangerPolicyRepository.init(RangerPolicyRepository.java:887) > at > org.apache.ranger.plugin.policyengine.RangerPolicyRepository.(RangerPolicyRepository.java:229) > at > org.apache.ranger.plugin.policyengine.PolicyEngine.(PolicyEngine.java:264) > at > org.apache.ranger.plugin.policyengine.RangerPolicyEngineImpl.(RangerPolicyEngineImpl.java:104) > at > org.apache.ranger.plugin.service.RangerBasePlugin.setPolicies(RangerBasePlugin.java:363) > at > org.apache.ranger.plugin.util.PolicyRefresher.loadPolicy(PolicyRefresher.java:264) > at > org.apache.ranger.plugin.util.PolicyRefresher.run(PolicyRefresher.java:210) > {code} -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Updated] (RANGER-4681) Audit logs for Mask & Row policy does not show policy condition under policy item
[ https://issues.apache.org/jira/browse/RANGER-4681?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Mugdha Varadkar updated RANGER-4681: Attachment: 0003-RANGER-4681.patch > Audit logs for Mask & Row policy does not show policy condition under policy > item > - > > Key: RANGER-4681 > URL: https://issues.apache.org/jira/browse/RANGER-4681 > Project: Ranger > Issue Type: Bug > Components: Ranger >Reporter: Vishal Bhavsar >Assignee: Brijesh Bhalala >Priority: Major > Labels: ranger-react > Attachments: 0001-RANGER-4681.patch, 0002-RANGER-4681.patch, > 0003-RANGER-4681.patch > > > Audit logs for Mask & Row policy does not show policy condition under policy > item. > > Steps to repro: > 1) Inside Hive service, navigate hive masking policy listing page. > 2) Click on "Add New Policy", add all the details. Under policy item section > add policy condition. Now save the policy > 3) Go to Audits, Admin page, click on the audit record of above newly policy. > One modal would be opened which show all the details for the policy > 4) Under "Row Level Filter Policy Items" section we would not see policy > condition details. -- This message was sent by Atlassian Jira (v8.20.10#820010)