> On March 8, 2024, 12:13 a.m., Madhan Neethiraj wrote: > > agents-common/src/main/java/org/apache/ranger/plugin/util/ServiceDefUtil.java > > Lines 719 (patched) > > <https://reviews.apache.org/r/74897/diff/2/?file=2285749#file2285749line719> > > > > @Himanshu - how does adding "engineName" to evaluator options help > > resolve this issue? Can you please add details? Thanks! > > Himanshu Maurya wrote: > Hi @Madhan Neethiraj > > If engineName is not present in evaluatorOptions then we are adding this > in RangerScriptConditionEvaluator.java while evaluation but before that in > PermissionList.js at line 760 we are checking if engineName is not present in > evaluatorOptions along with ui.isMultiline then split the value in policy > conditon on commas. > In ranger-servicedef-gds.json I can see we are adding engineName to > evaluatorOptions in policyConditions but for other services > ranger-servicedef-{service}.json policyConditions is empty, for them we are > adding this through ServiceDefUtil.java and > RangerScriptConditionEvaluator.java to avoid updation of existing > ranger-servicedef-{service}.json and skip the json patches during upgrades. > So I added this engineName to evaluatorOptions in ServiceDefUtil.java. > > Thanks and Regards > > Himanshu Maurya wrote: > Hi @Madhan Neethiraj > > Kindly ignore my previous reply. > If engineName is not present in evaluatorOptions then we are adding this > in RangerScriptConditionEvaluator.java during evaluation, but before that in > PermissionList.js at line 760, we are checking if engineName is not present > in evaluatorOptions along with ui.isMultiline then split the value in policy > condition on commas. > In ranger-servicedef-gds.json, I can see we are adding engineName to > evaluatorOptions in policyConditions but for other services in > ranger-servicedef-{service}.json policyConditions is empty, for them we are > adding this through ServiceDefUtil.java and RangerServiceDefServiceBase.java > to avoid updation of existing ranger-servicedef-{service}.json and skip the > json patches during upgrades. So I added this engineName to evaluatorOptions > in ServiceDefUtil.java. > > > Thanks and Regards
Himanshu - thank you for adding the details. The fix looks good. - Madhan ----------------------------------------------------------- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/74897/#review226299 ----------------------------------------------------------- On March 6, 2024, 11:57 a.m., Himanshu Maurya wrote: > > ----------------------------------------------------------- > This is an automatically generated e-mail. To reply, visit: > https://reviews.apache.org/r/74897/ > ----------------------------------------------------------- > > (Updated March 6, 2024, 11:57 a.m.) > > > Review request for ranger, bhavik patel, Dhaval Shah, Dineshkumar Yadav, > Harshal Chavan, Kishor Gollapalliwar, Madhan Neethiraj, Mehul Parikh, Nitin > Galave, Pradeep Agrawal, and Velmurugan Periasamy. > > > Bugs: RANGER-4719 > https://issues.apache.org/jira/browse/RANGER-4719 > > > Repository: ranger > > > Description > ------- > > While using attributes with default values introduced in RANGER-3997 like > GET_USER_ATTR('state', 'null') in policy condition. > It is observed that ranger is splitting condition string in to parts > separated by comma of the parameters passed to GET_USER_ATTR(), due to this > it is not taking default value and conditions are converted to invalid > strings. > > > Diffs > ----- > > > agents-common/src/main/java/org/apache/ranger/plugin/util/ServiceDefUtil.java > ea76e6c33 > > > Diff: https://reviews.apache.org/r/74897/diff/2/ > > > Testing > ------- > > Done the required code changes and installed ranger. > Validated the policy conditions with default comma separated parameters > passed with attributes. > > > Thanks, > > Himanshu Maurya > >
