Review Request 73979: RANGER-3750 : PatchForSolrSvcDefAndPoliciesUpdate_J10055 failing with 'duplicate key value violates unique constraint'

Fri, 06 May 2022 02:14:11 -0700 

-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/73979/
-----------------------------------------------------------

Review request for ranger, Mehul Parikh, Pradeep Agrawal, Sailaja Polavarapu, 
and Velmurugan Periasamy.


Bugs: RANGER-3750
    https://issues.apache.org/jira/browse/RANGER-3750


Repository: ranger


Description
-------

Steps to reproduce.

1.Keep the existing default policy as it is
2. create a policy with resource
collection - test, *
3.Perform upgrade
4.The upgrade fails for java patch 55

2022-05-05 17:31:40,644  [I] java patch 
PatchForSolrSvcDefAndPoliciesUpdate_J10055 is being applied..
javax.persistence.PersistenceException: Exception [EclipseLink-4002] (Eclipse 
Persistence Services - 2.7.7.v20200504-69f2c2b80d): 
org.eclipse.persistence.exceptions.DatabaseException
Internal Exception: org.postgresql.util.PSQLException: ERROR: duplicate key 
value violates unique constraint "x_policy_uk_service_signature"
  Detail: Key (service, resource_signature)=(11, 
217ea0f3a46f347e055088a9418291595af70c473ad18d4d70dfe555d9243c33) already 
exists.
Error Code: 0
Call: INSERT INTO x_policy (id, ADDED_BY_ID, CREATE_TIME, description, guid, 
is_audit_enabled, is_enabled, name, policy_options, policy_priority, 
policy_text, policy_type, resource_signature, service, UPDATE_TIME, UPD_BY_ID, 
version, zone_id) VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?)
    bind => [18 parameters bound] 
    
The reason of failure is - we already have a policy(default) with resource as 
collections and value as *, So during upgrade based on some conditions we are 
creating additional three policies with different resources 
 - admin -> *
 - schema -> *
 - confing -> *

So let say someone created another policy with 'colletions -> some_res_name, *' 
then during upgrade - As per current code it will try to create another 
policies with similar resources as mentioned above and it will fail as ranger 
admin doesn't allow policy creation with duplicate resource. 

Removed hardcoded resource from the code and using original resource only which 
are coming from existing policies.


Diffs
-----

  
security-admin/src/main/java/org/apache/ranger/patch/PatchForSolrSvcDefAndPoliciesUpdate_J10055.java
 dacfab696 


Diff: https://reviews.apache.org/r/73979/diff/1/


Testing
-------

Tested on local VM.


Thanks,

Mateen Mansoori

Reply via email to