----------------------------------------------------------- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/73579/#review223480 -----------------------------------------------------------
agents-common/src/main/java/org/apache/ranger/plugin/util/RangerPolicyDeltaUtil.java Line 93 (original), 93 (patched) <https://reviews.apache.org/r/73579/#comment312557> Consider making this specific only for DELETE and UPDATE change-types. Also, with current code, the log should contain a warning level message emitted because the condition at line 112 would evaluate to true. Is this warning seen in the ranger-admin log? - Abhay Kulkarni On Sept. 13, 2021, 8:43 a.m., Pradeep Agrawal wrote: > > ----------------------------------------------------------- > This is an automatically generated e-mail. To reply, visit: > https://reviews.apache.org/r/73579/ > ----------------------------------------------------------- > > (Updated Sept. 13, 2021, 8:43 a.m.) > > > Review request for ranger and Abhay Kulkarni. > > > Bugs: RANGER-3371 > https://issues.apache.org/jira/browse/RANGER-3371 > > > Repository: ranger > > > Description > ------- > > **Problem Statement-1:** While converting policy json text to object, an > error is thrown because stored date/time format is not matched with the > expected format. > Due to this delta policies calculation fails and delta policies are not > returned, Since delta policy result is empty ranger is fetching all ranger > policies. > > Exception thrown during the conversion: > > ERROR org.apache.ranger.db.XXPolicyChangeLogDao: Cannot read policy:[45]. > Should not have come here!! Offending log-record-id:[47] and returning... > org.codehaus.jackson.map.JsonMappingException: Can not construct instance of > java.util.Date from String value '20210913-05:12:16.000-+0000': not a valid > representation (error: Can not parse date "20210913-05:12:16.000-+0000": not > compatible with any of standard forms ("yyyy-MM-dd'T'HH:mm:ss.SSSZ", > "yyyy-MM-dd'T'HH:mm:ss.SSS'Z'", "EEE, dd MMM yyyy HH:mm:ss zzz", > "yyyy-MM-dd")) > at [Source: java.io.StringReader@4b7b45c7; line: 1, column: 911] (through > reference chain: org.apache.ranger.plugin.model.RangerPolicy["createTime"]) > > **Proposed Solution:** Parsing method to handle this issue need to be > changed. > Current code : policy = JsonUtilsV2.jsonToObj(xxPolicy.getPolicyText(), > RangerPolicy.class); > Proposed fix : policy = policy = > JsonUtils.jsonToObject(xxPolicy.getPolicyText(), RangerPolicy.class); > > JsonUtils can accepts a json string having date/time format as > 'yyyyMMdd-HH:mm:ss.SSS-Z' which is the same format used during the conversion > from object to json at line 150 of RangerPolicyServiceBase.java > > > **Behaviour after proposed change:** After proposed fix, delta was calculated > and it was observed that returned policy json may contain duplicate entries > of the same policy. > > > **Problem Statement-2:** After a policy is created, In Case of multiple > update operations on the same policy, when call goes to > RangerPolicyDeltaUtil.applyDeltas() method then existing list of policies > will contain the policy object and the list of delta policy objects shall > also contain delta of the policy which was updated. in this case when > existing policy and delta policy object are added for the same policy then > final list of policies may contain more than one entry for the same policy. > > **Proposed Solution:** for each delta policy object entries of the existing > policy objects should be checked for the same policy id, and only delta > policy object should be consider/prioritize. If record matches then entry for > the same policy id can be removed from list of existing policy objects and > delta policy can be added. > > > Diffs > ----- > > > agents-common/src/main/java/org/apache/ranger/plugin/util/RangerPolicyDeltaUtil.java > 42143d06b > security-admin/src/main/java/org/apache/ranger/db/XXPolicyChangeLogDao.java > 6136bd304 > > > Diff: https://reviews.apache.org/r/73579/diff/1/ > > > Testing > ------- > > Tested the updated patch by replacing the respective class/jar files in the > existing env and restarted ranger-admin. Parsing is working fine and result > was returned as expected. > > > Thanks, > > Pradeep Agrawal > >
