> On April 17, 2023, 7:13 a.m., Abhishek Kumar wrote:
> > security-admin/src/main/java/org/apache/ranger/rest/ServiceREST.java
> > Line 1764 (original), 1764 (patched)
> > <https://reviews.apache.org/r/74397/diff/1/?file=2275853#file2275853line1764>
> >
> > There are other occurences of updatePolicy(policy, null); in the same
> > file, they don't require the policy id to be passed ?
As part of updatePolicy method ,we are checking policy.getId().equals(id)
In this case it seems it throws the 400 Error
public RangerPolicy updatePolicy(RangerPolicy policy, @PathParam("id") Long id)
{
if(LOG.isDebugEnabled()) {
LOG.debug("==> ServiceREST.updatePolicy(" + policy +
")");
}
// if policy.id and param 'id' are specified, policy.id should
be same as the param 'id'
// if policy.id is null, then set param 'id' into policy Object
if (policy.getId() == null) {
policy.setId(id);
} else if(!policy.getId().equals(id)) {
throw
restErrorUtil.createRESTException(HttpServletResponse.SC_BAD_REQUEST ,
"policyID mismatch", true);
}
One way As Pradeep said,Rather then sending null we will pass the policy Id
or we need to change the validation logic a bit
id != null && !policy.getId().equals(id)
// if policy.id and param 'id' are specified, policy.id should be same as the
param 'id'
// if policy.id is null, then set param 'id' into policy Object
if (policy.getId() == null) {
policy.setId(id);
} else if(id != null && !policy.getId().equals(id)) {
throw
restErrorUtil.createRESTException(HttpServletResponse.SC_BAD_REQUEST ,
"policyID mismatch", true);
}
- Ramachandran
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/74397/#review225385
-----------------------------------------------------------
On April 14, 2023, 3:14 p.m., Pradeep Agrawal wrote:
>
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/74397/
> -----------------------------------------------------------
>
> (Updated April 14, 2023, 3:14 p.m.)
>
>
> Review request for ranger, Abhishek Kumar, Dineshkumar Yadav, Kishor
> Gollapalliwar, Abhay Kulkarni, Madhan Neethiraj, Nikhil P, Pradeep Agrawal,
> Ramesh Mani, Sailaja Polavarapu, and Velmurugan Periasamy.
>
>
> Bugs: RANGER-4188
> https://issues.apache.org/jira/browse/RANGER-4188
>
>
> Repository: ranger
>
>
> Description
> -------
>
> **Problem Statement: ** Ranger createPolicy request failed with response code
> 400 and following stacktrace.
>
> 2023-04-12 16:05:31,526 INFO org.apache.zookeeper.ClientCnxn:
> [Thread-2-SendThread(pfelker-dest-1.pfelker-dest.root.hwx.site:2181)]: Socket
> connection established, initiating se2023-04-12 16:30:53,674 INFO
> org.apache.ranger.common.RESTErrorUtil: [https-jsse-nio-6182-exec-3]: Request
> failed. loginId=ranger, logMessage=policyID mismatch
> javax.ws.rs.WebApplicationException: null
> at
> org.apache.ranger.common.RESTErrorUtil.createRESTException(RESTErrorUtil.java:338)
> [classes/:?]
> at
> org.apache.ranger.rest.ServiceREST.updatePolicy(ServiceREST.java:1782)
> [classes/:?]
> at
> org.apache.ranger.rest.ServiceREST.applyPolicy(ServiceREST.java:1749)
> [classes/:?]
> at
> org.apache.ranger.rest.ServiceREST.createPolicy(ServiceREST.java:1658)
> [classes/:?]
>
> **Proposed solution: ** After debugging the issue found the call from
> applyPolicy is sending policy id as null which is caused by RANGER-3883.
> Rather sending a null value the proposed patch shall pass the policy id.
>
>
> Diffs
> -----
>
> security-admin/src/main/java/org/apache/ranger/rest/ServiceREST.java
> 5542250aa
>
>
> Diff: https://reviews.apache.org/r/74397/diff/1/
>
>
> Testing
> -------
>
> Tested the policy create request using a curl request on this patch change
> instance and got 200 response code.
>
>
> Thanks,
>
> Pradeep Agrawal
>
>
