-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/73579/
-----------------------------------------------------------
Review request for ranger and Abhay Kulkarni.
Bugs: RANGER-3371
https://issues.apache.org/jira/browse/RANGER-3371
Repository: ranger
Description
-------
**Problem Statement-1:** While converting policy json text to object, an error
is thrown because stored date/time format is not matched with the expected
format.
Due to this delta policies calculation fails and delta policies are not
returned, Since delta policy result is empty ranger is fetching all ranger
policies.
Exception thrown during the conversion:
ERROR org.apache.ranger.db.XXPolicyChangeLogDao: Cannot read policy:[45].
Should not have come here!! Offending log-record-id:[47] and returning...
org.codehaus.jackson.map.JsonMappingException: Can not construct instance of
java.util.Date from String value '20210913-05:12:16.000-+0000': not a valid
representation (error: Can not parse date "20210913-05:12:16.000-+0000": not
compatible with any of standard forms ("yyyy-MM-dd'T'HH:mm:ss.SSSZ",
"yyyy-MM-dd'T'HH:mm:ss.SSS'Z'", "EEE, dd MMM yyyy HH:mm:ss zzz", "yyyy-MM-dd"))
at [Source: java.io.StringReader@4b7b45c7; line: 1, column: 911] (through
reference chain: org.apache.ranger.plugin.model.RangerPolicy["createTime"])
**Proposed Solution:** Parsing method to handle this issue need to be changed.
Current code : policy = JsonUtilsV2.jsonToObj(xxPolicy.getPolicyText(),
RangerPolicy.class);
Proposed fix : policy = policy =
JsonUtils.jsonToObject(xxPolicy.getPolicyText(), RangerPolicy.class);
JsonUtils can accepts a json string having date/time format as
'yyyyMMdd-HH:mm:ss.SSS-Z' which is the same format used during the conversion
from object to json at line 150 of RangerPolicyServiceBase.java
**Behaviour after proposed change:** After proposed fix, delta was calculated
and it was observed that returned policy json may contain duplicate entries of
the same policy.
**Problem Statement-2:** After a policy is created, In Case of multiple update
operations on the same policy, when call goes to
RangerPolicyDeltaUtil.applyDeltas() method then existing list of policies will
contain the policy object and the list of delta policy objects shall also
contain delta of the policy which was updated. in this case when existing
policy and delta policy object are added for the same policy then final list of
policies may contain more than one entry for the same policy.
**Proposed Solution:** for each delta policy object entries of the existing
policy objects should be checked for the same policy id, and only delta policy
object should be consider/prioritize. If record matches then entry for the same
policy id can be removed from list of existing policy objects and delta policy
can be added.
Diffs
-----
agents-common/src/main/java/org/apache/ranger/plugin/util/RangerPolicyDeltaUtil.java
42143d06b
security-admin/src/main/java/org/apache/ranger/db/XXPolicyChangeLogDao.java
6136bd304
Diff: https://reviews.apache.org/r/73579/diff/1/
Testing
-------
Tested the updated patch by replacing the respective class/jar files in the
existing env and restarted ranger-admin. Parsing is working fine and result was
returned as expected.
Thanks,
Pradeep Agrawal
