-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/72605/
-----------------------------------------------------------
Review request for ranger, deepak sharma, Madhan Neethiraj, Ramesh Mani,
Sailaja Polavarapu, and Velmurugan Periasamy.
Bugs: RANGER-2839
https://issues.apache.org/jira/browse/RANGER-2839
Repository: ranger
Description
-------
This patch addresses two issues, both are uncovered when incremental policy
downloads are enabled:
1. If the downloaded service-policies don't have policies as well as
policy-deltas, then creating policy-engine causes NPE.
2. In some situations, removing a wild-card evaluator from Trie index (when
corresponding policy is deleted), causes NPE.
Diffs
-----
agents-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerResourceTrie.java
95af89d10
agents-common/src/main/java/org/apache/ranger/plugin/service/RangerBasePlugin.java
d5e5c79e9
security-admin/src/main/java/org/apache/ranger/common/RangerServicePoliciesCache.java
23c40b549
Diff: https://reviews.apache.org/r/72605/diff/1/
Testing
-------
Tested with hbase plugin.
1. A policy was created and immediately deleted between successive download
requests from hbase plugin. The net result to the policies as a whole is zero.
Verified that on policy download, the old policy engine was kept intact and no
NPE was thrown.
2. Deleted and existing policy containing wildcards. Verified that
corresponding policy-evaluator was removed from the Trie index cleanly in all
situations.
Thanks,
Abhay Kulkarni
