----------------------------------------------------------- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/74681/#review225938 -----------------------------------------------------------
security-admin/src/main/java/org/apache/ranger/biz/GdsDBStore.java Line 615 (original) <https://reviews.apache.org/r/74681/#comment314336> searchProjects() method doesn't seem to exclude/filter any item retrieved from projectService.searchProjects(). It only does scrubbing of projects when requested permission is LIST. Given this, is it necessary to retrieve entire projects list? Please review. security-admin/src/main/java/org/apache/ranger/common/RangerSearchUtil.java Line 261 (original), 261 (patched) <https://reviews.apache.org/r/74681/#comment314337> I suggest renaming DISABLE_PAGINATION to RETRIEVE_ALL_PAGES. boolean skipPagination = isCountQuery || Boolean.parseBoolean(searchCriteria.getParam(SearchFilter.RETRIEVE_ALL_PAGES)); if (!skipPagination)) { query.setFirstResult(searchCriteria.getStartIndex()); updateQueryPageSize(query, searchCriteria); } security-admin/src/main/java/org/apache/ranger/service/RangerGdsDataShareService.java Lines 294 (patched) <https://reviews.apache.org/r/74681/#comment314338> searchDataShares() is called from multiple places. Diabling of pagination may not be expected for all callers. I suggest to have the caller disable pagination where needed - like GdsDBStore.getUnscrubbedDataShares(). Please review and update other search() method as well for above: - RangerGdsDatasetService.searchDatasets() - RangerGdsProjectService.searchProject() - RangerGdsSharedResourceService. - Madhan Neethiraj On Nov. 3, 2023, 2:56 p.m., Prashant Satam wrote: > > ----------------------------------------------------------- > This is an automatically generated e-mail. To reply, visit: > https://reviews.apache.org/r/74681/ > ----------------------------------------------------------- > > (Updated Nov. 3, 2023, 2:56 p.m.) > > > Review request for ranger, Anand Nadar, Ankita Sinha, Madhan Neethiraj, > Monika Kachhadiya, and Subhrat Chaudhary. > > > Bugs: RANGER-4480 > https://issues.apache.org/jira/browse/RANGER-4480 > > > Repository: ranger > > > Description > ------- > > In case of GDS existing pagination behaviour will not work as we have filters > after the DB results.Hence will not get appropriate paginated result > > Example > > 1)GET shared resource API we have a query param 'resourceContains' using this > we can get shared-resource which has resource value matching with the query > param > 2)If a user has 250 resources in DB trying to fetch single resource object > using query Param "resourceContains" which ranks 250th in position in DB he > will get empty response but the actual object is present in the DB, reason is > ranger has default pagination behaviour (i.e to fetch paginated objects in > batch size of 200) so DB result will have first 200 resource objects and then > filter of queryParam 'resourceContains' will be applied hence the output will > be empty as the expected object was never fetched from the DB beacuse of > pagination behavior > 3)So we need to disable this current pagination behaviour for GDS APIs > > So in case of GDS APIs we need to disable pagination > > > Diffs > ----- > > agents-common/src/main/java/org/apache/ranger/plugin/util/SearchFilter.java > 93bd7f73d > security-admin/src/main/java/org/apache/ranger/biz/GdsDBStore.java > 10986823d > security-admin/src/main/java/org/apache/ranger/common/RangerSearchUtil.java > 719d8a900 > > security-admin/src/main/java/org/apache/ranger/service/RangerGdsDataShareService.java > 6a93e44dc > > security-admin/src/main/java/org/apache/ranger/service/RangerGdsDatasetService.java > 072889f1d > > security-admin/src/main/java/org/apache/ranger/service/RangerGdsProjectService.java > 4ccb063fe > > security-admin/src/main/java/org/apache/ranger/service/RangerGdsSharedResourceService.java > 4bdb09f4d > > > Diff: https://reviews.apache.org/r/74681/diff/1/ > > > Testing > ------- > > 1)Create shared resources more than default pageSize i.e 200 > 2)use GET-API --------> (/service/gds/resource) to fetch resource which has > resourceContains = resource_1 this shared resource should be beyond the > pageSize 200 > 3)In response you will receive the shared resource having resource as > resource_1 which was beyond 200th position in DB > Request -----------------> (/service/gds/resource?resourceContains=resource_1) > Response-----------------> > { > "startIndex": 0, > "pageSize": 200, > "totalCount": 1, > "resultSize": 1, > "sortType": "sharedResourceId", > "sortBy": "asc", > "queryTimeMS": 1697626402403, > "list": [ > { > "id": 388, > "guid": "1d9e2fcf-8cc8-45b0-ab87-3f596c04350a", > "isEnabled": true, > "createdBy": "Admin", > "updatedBy": "Admin", > "createTime": 1697192628000, > "updateTime": 1697192628000, > "version": 1, > "description": "This is RangerResource", > "options": { > "property1": "This is Options 1", > "property2": "This is Options 2" > }, > "additionalInfo": { > "property1": "This is AdditionalInfo 1", > "property2": "This is AdditionalInfo 2" > }, > "name": "RangerResource_399", > "dataShareId": 1, > "resource": { > "RAngerResourceName": { > "values": [ > "res_399", > "res_399" > ], > "isExcludes": true, > "isRecursive": true > } > }, > "conditionExpr": "conditionExpr_1", > "accessTypes": [ > "Resource_Access_type_1", > "Resource_Access_type_2" > ], > "profiles": [ > "resource_profile_1", > "resource_profile_2" > ] > } > ], > "listSize": 1 > } > > > Thanks, > > Prashant Satam > >
