-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/74550/
-----------------------------------------------------------
Review request for ranger, bhavik patel, Abhay Kulkarni, Madhan Neethiraj,
Nikhil P, Pradeep Agrawal, Ramesh Mani, Selvamohan Neethiraj, Sailaja
Polavarapu, and Velmurugan Periasamy.
Bugs: RANGER-4356
https://issues.apache.org/jira/browse/RANGER-4356
Repository: ranger
Description
-------
**Problem Statement:** User updated a policy with a null entry in the group
list of policy item, during csv export parsing of policy item for null group
failed with null pointer exception
**Proposed Solution:** Changes proposed
1) Add null user/group/role validations during policy create/update and fail
the request if it has null user/group/role
2) Skip null user/group/role while parsing the policy items for exportCSV
request
Diffs
-----
agents-common/src/main/java/org/apache/ranger/plugin/errors/ValidationErrorCode.java
85c42bcc8
agents-common/src/main/java/org/apache/ranger/plugin/model/validation/RangerPolicyValidator.java
e1b5fe8f1
security-admin/src/main/java/org/apache/ranger/biz/ServiceDBStore.java
ed1ea0376
Diff: https://reviews.apache.org/r/74550/diff/1/
Testing
-------
After reproducing the issue
Built ranger with proposed patch and provided same db configs which was used
earlier.
Tried to update a policy with null entry in the user and group list:
curl -ivk -u admin:Admin123 -H "Accept: application/json" -H "Content-Type:
application/json" -X PUT http://localhost:6080/service/plugins/policies/12 -d
'{"id":12,"guid":"85107138-2a55-4baa-bcc3-08767cdd9ca4","isEnabled":true,"createdBy":"Admin","updatedBy":"Admin","createTime":1692169569000,"updateTime":1692169569000,"version":1,"service":"service_hive","name":"all
- database","policyType":0,"policyPriority":"0","description":"Policy for all
-
database","resourceSignature":"319fd63cad4bb7c8ed17fda910b636dc2e0f6b0112e28487d9e44e8a5c846314","isAuditEnabled":true,"resources":{"database":{"isExcludes":false,"isRecursive":false,"values":["*"]}},"policyItems":[{"delegateAdmin":true,"accesses":[{"type":"select","isAllowed":true},{"type":"update","isAllowed":true},{"type":"create","isAllowed":true},{"type":"drop","isAllowed":true},{"type":"alter","isAllowed":true},{"type":"index","isAllowed":true},{"type":"lock","isAllowed":true},{"type":"all","isAllowed":true},{"type":"read","isAllowed":t
rue},{"type":"write","isAllowed":true},{"type":"repladmin","isAllowed":true},{"type":"serviceadmin","isAllowed":true},{"type":"tempudfadmin","isAllowed":true},{"type":"refresh","isAllowed":true},{"type":"rwstorage","isAllowed":true}],"users":["hive","beacon","dpprofiler","hue","admin","impala"]},{"delegateAdmin":false,"accesses":[{"type":"read","isAllowed":true},{"type":"select","isAllowed":true}],"users":["rangerlookup"]},{"delegateAdmin":false,"accesses":[{"type":"create","isAllowed":true}],"groups":["public",null]},{"delegateAdmin":true,"accesses":[{"type":"all","isAllowed":true}],"users":["{OWNER}",null]}],"denyPolicyItems":[],"allowExceptions":[],"denyExceptions":[],"dataMaskPolicyItems":[],"rowFilterPolicyItems":[],"serviceType":"hive","options":{},"validitySchedules":[],"policyLabels":[],"zoneName":"","isDenyAllElse":false,"conditions":[]}'
Expected output: Policy update should fail.
Actual output: Policy update failed with below error messages:
{"statusCode":1,"msgDesc":"(0) Validation failure: error code[3055],
reason[policy items group was null], field[policy item groups], subfield[null],
type[missing] (1) Validation failure: error code[3054], reason[policy items
user was null], field[policy item users], subfield[null], type[missing] "}
Thanks,
Pradeep Agrawal
