Re: Review Request 74897: RANGER-4719: Policy condition expressions are split by the Ranger UI on commas

Fri, 08 Mar 2024 04:27:38 -0800 


> On March 8, 2024, 12:13 a.m., Madhan Neethiraj wrote:
> > agents-common/src/main/java/org/apache/ranger/plugin/util/ServiceDefUtil.java
> > Lines 719 (patched)
> > <https://reviews.apache.org/r/74897/diff/2/?file=2285749#file2285749line719>
> >
> >     @Himanshu - how does adding "engineName" to evaluator options help 
> > resolve this issue? Can you please add details? Thanks!

Hi @Madhan Neethiraj

If engineName is not present in evaluatorOptions then we are adding this in 
RangerScriptConditionEvaluator.java while evaluation but before that in 
PermissionList.js at line 760 we are checking if engineName is not present in 
evaluatorOptions along with ui.isMultiline then split the value in policy 
conditon on commas.
In ranger-servicedef-gds.json I can see we are adding engineName to 
evaluatorOptions in policyConditions but for other services 
ranger-servicedef-{service}.json policyConditions is empty, for them we are 
adding this through ServiceDefUtil.java and RangerScriptConditionEvaluator.java 
to avoid updation of existing ranger-servicedef-{service}.json and skip the 
json patches during upgrades. So I added this engineName to evaluatorOptions in 
ServiceDefUtil.java.

Thanks and Regards


- Himanshu


-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/74897/#review226299
-----------------------------------------------------------


On March 6, 2024, 11:57 a.m., Himanshu Maurya wrote:
> 
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/74897/
> -----------------------------------------------------------
> 
> (Updated March 6, 2024, 11:57 a.m.)
> 
> 
> Review request for ranger, bhavik patel, Dhaval Shah, Dineshkumar Yadav, 
> Harshal Chavan, Kishor Gollapalliwar, Madhan Neethiraj, Mehul Parikh, Nitin 
> Galave, Pradeep Agrawal, and Velmurugan Periasamy.
> 
> 
> Bugs: RANGER-4719
>     https://issues.apache.org/jira/browse/RANGER-4719
> 
> 
> Repository: ranger
> 
> 
> Description
> -------
> 
> While using attributes with default values introduced in RANGER-3997 like 
> GET_USER_ATTR('state', 'null') in policy condition.
> It is observed that ranger is splitting condition string in to parts 
> separated by comma of the parameters passed to GET_USER_ATTR(), due to this 
> it is not taking default value and conditions are converted to invalid 
> strings.
> 
> 
> Diffs
> -----
> 
>   
> agents-common/src/main/java/org/apache/ranger/plugin/util/ServiceDefUtil.java 
> ea76e6c33 
> 
> 
> Diff: https://reviews.apache.org/r/74897/diff/2/
> 
> 
> Testing
> -------
> 
> Done the required code changes and installed ranger.
> Validated the policy conditions with default comma separated parameters 
> passed with attributes.
> 
> 
> Thanks,
> 
> Himanshu Maurya
> 
>

Reply via email to