> On Dec. 15, 2021, 6:51 p.m., Abhay Kulkarni wrote: > > agents-common/src/main/java/org/apache/ranger/plugin/conditionevaluator/RangerScriptConditionEvaluator.java > > Lines 105 (patched) > > <https://reviews.apache.org/r/73759/diff/2/?file=2256611#file2256611line105> > > > > If value of SCRIPT_OPTION_ENABLE_JSON_CTX is set to "false" in the > > condition-definition, and the script contains VAR_NAMES_PATTERN, then what > > is expected to happen? Will the script evaluation fail?
if 'enableJsonCtx' is explicitly set to 'false' in the condition-def (in service-def), references to variables like TAG, USER, UG can fail, unless such variables are declared in the expression. > On Dec. 15, 2021, 6:51 p.m., Abhay Kulkarni wrote: > > agents-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerRequestScriptEvaluator.java > > Line 648 (original), 648 (patched) > > <https://reviews.apache.org/r/73759/diff/2/?file=2256612#file2256612line648> > > > > Is this comment relevant? If not, please consider removing it. This is to alert that following variables shouldn't be included here, as they are defined irrespective of 'enableJsonCtx' value: - SCRIPT_VAR_ctx = "ctx" - SCRIPT_VAR_tag = "tag" - SCRIPT_VAR_tagAttr = "tagAttr" - Madhan ----------------------------------------------------------- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/73759/#review223858 ----------------------------------------------------------- On Dec. 15, 2021, 8:28 a.m., Madhan Neethiraj wrote: > > ----------------------------------------------------------- > This is an automatically generated e-mail. To reply, visit: > https://reviews.apache.org/r/73759/ > ----------------------------------------------------------- > > (Updated Dec. 15, 2021, 8:28 a.m.) > > > Review request for ranger, Abhishek Kumar, Ankita Sinha, Don Bosco Durai, > Abhay Kulkarni, Ramesh Mani, Selvamohan Neethiraj, Sailaja Polavarapu, and > Velmurugan Periasamy. > > > Bugs: RANGER-3550 > https://issues.apache.org/jira/browse/RANGER-3550 > > > Repository: ranger > > > Description > ------- > > updated row-filter and condition handling to evaluate expressions given under > markers '${{' and '}}' > > > Diffs > ----- > > > agents-common/src/main/java/org/apache/ranger/plugin/conditionevaluator/RangerScriptConditionEvaluator.java > b94225b36 > > agents-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerRequestScriptEvaluator.java > 64f01c95f > > agents-common/src/main/java/org/apache/ranger/plugin/policyevaluator/RangerDefaultRowFilterPolicyItemEvaluator.java > 0831dde08 > > agents-common/src/main/java/org/apache/ranger/plugin/util/RangerCommonConstants.java > 71029dd12 > > agents-common/src/main/java/org/apache/ranger/plugin/util/RangerRequestExprResolver.java > PRE-CREATION > > agents-common/src/main/java/org/apache/ranger/plugin/util/ScriptEngineUtil.java > b0782ecb5 > > agents-common/src/test/java/org/apache/ranger/plugin/conditionevaluator/RangerCustomConditionMatcherTest.java > db7d3e582 > > agents-common/src/test/java/org/apache/ranger/plugin/conditionevaluator/RangerRequestScriptEvaluatorTest.java > 798da052f > > agents-common/src/test/java/org/apache/ranger/plugin/util/RangerRequestExprResolverTest.java > PRE-CREATION > > > Diff: https://reviews.apache.org/r/73759/diff/2/ > > > Testing > ------- > > - added test cases to validate evaluation of expressions > - verified Hive plugin row-filter expressions that include user attribute, > like: "owner == '${{USER._name}}' > > > Thanks, > > Madhan Neethiraj > >
