[jira] [Created] (RANGER-4829) Atlas policy engine tests need fix

Thu, 20 Jun 2024 15:08:06 -0700 

Fateh Singh created RANGER-4829:
-----------------------------------

             Summary: Atlas policy engine tests need fix
                 Key: RANGER-4829
                 URL: https://issues.apache.org/jira/browse/RANGER-4829
             Project: Ranger
          Issue Type: Bug
          Components: Ranger
            Reporter: Fateh Singh
            Assignee: Fateh Singh


# Tthe "level" for entity be 3 here and not 2 

{code:java}
    "resources":[ 
{"name":"entity-type","level":1,"mandatory":true,"lookupSupported":true,"matcher":"org.apache.ranger.plugin.resourcematcher.RangerDefaultResourceMatcher","matcherOptions":{"wildCard":true,
 "ignoreCase":true},"label":"Entity Type","description":"Entity Type"}, 
{"name":"entity-classification","level":2,"parent":"entity-type","mandatory":true,"lookupSupported":true,"matcher":"org.apache.ranger.plugin.resourcematcher.RangerDefaultResourceMatcher","matcherOptions":{"wildCard":true,
 "ignoreCase":true},"label":"Entity Classification","description":"Entity 
Classification"}, 
{"name":"entity","level":2,"parent":"entity-classification","mandatory":true,"lookupSupported":true,"matcher":"org.apache.ranger.plugin.resourcematcher.RangerDefaultResourceMatcher","matcherOptions":{"wildCard":true,
 "ignoreCase":true},"label":"Entity ID","description":"Entity ID"} ],{code}
 
2. For any of the test cases, the resource looks like this
{code:java}
"resource":{"elements":{"entity-type":"DataSet", "entity-classification":[]}, 
"entity":"default@cl1"},{code}
When policy engine creates test case for this, there are just 2 elements in the 
resource (entity-type and classification) -- "entity" is totally skipped in the 
resource..
According to me, it should look like
{code:java}
"resource":{"elements":{"entity-type":"DataSet", "entity-classification":[], 
"entity":"default@cl1"}}{code}
This results in resource having 3 elements which I would expect.
If there are just 2 elements then resource matching ignores the "entity" 
completely during evaluation which results in incorrect access denied for the 
below test scenario

{code:java}
 "policies":[ { "id":30,"name":"policy for allow 
test_atlas","isEnabled":true,"isAuditEnabled":true, 
"resources":{"entity-type":{"values":["abc"]},"entity-classification":{"values":["PII"]},"entity":{"values":["test_atlas"]}},
 "policyItems":[ {"accesses":[{"type":"entity-read", 
"isAllowed":true}],"users":["user1"],"groups":["g1"],"delegateAdmin":false} ] } 
], "tests":[ {"name":"DataSet read by a data-steward", "request":{ 
"resource":{"elements":{"entity-type":["abc"], 
"entity-classification":["PII"]}, "entity":"test_atlas"}, 
"accessType":"entity-read","user":"user1","userGroups":["g1"] }, 
"result":{"isAudited":true,"isAllowed":true,"policyId":30} }{code}



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

Reply via email to