> On July 9, 2024, 2:38 p.m., Madhan Neethiraj wrote: > > agents-common/src/main/java/org/apache/ranger/plugin/model/validation/RangerPolicyValidator.java > > Line 1002 (original), 1011 (patched) > > <https://reviews.apache.org/r/75004/diff/3/?file=2289829#file2289829line1011> > > > > Consider moving this to a static, to avoid instantiation on every call > > to isValidPolicyItem(). > > > > private static final Set<String> INVALID_POLICY_ITEM_VALUES = new > > HashSet<>(Arrays.asList("null", "NULL", "Null", null, "")); > > > > > > Also, consider replacing the following with a call to > > invalidItems.contains(), as shown: > > - CollectionUtils.containsAny(policyItem.getUsers(), > > INVALID_POLICY_ITEM_VALUES) => > > INVALID_POLICY_ITEM_VALUES.contains(policyItem.getUsers()) > > - CollectionUtils.containsAny(policyItem.getGroups(), > > INVALID_POLICY_ITEM_VALUES) => > > INVALID_POLICY_ITEM_VALUES.contains(policyItem.getGroups()) > > - CollectionUtils.containsAny(policyItem.getRoles(), > > INVALID_POLICY_ITEM_VALUES) => > > INVALID_POLICY_ITEM_VALUES.contains(policyItem.getRoles())
The contains method expects a String object, but policyItem.getUsers() returns a List<String>. This is not suitable, hence ignored. - Rakesh ----------------------------------------------------------- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/75004/#review226644 ----------------------------------------------------------- On July 9, 2024, 12:46 p.m., Rakesh Gupta wrote: > > ----------------------------------------------------------- > This is an automatically generated e-mail. To reply, visit: > https://reviews.apache.org/r/75004/ > ----------------------------------------------------------- > > (Updated July 9, 2024, 12:46 p.m.) > > > Review request for ranger, Dineshkumar Yadav, Kishor Gollapalliwar, Abhay > Kulkarni, Madhan Neethiraj, Mehul Parikh, Pradeep Agrawal, Ramesh Mani, > sanket shelar, Sailaja Polavarapu, and Velmurugan Periasamy. > > > Bugs: RANGER-4795 > https://issues.apache.org/jira/browse/RANGER-4795 > > > Repository: ranger > > > Description > ------- > > There is an inconsistency between Ranger API and UI not doing the same > validation for Policy creation. > > Policy creation API should fail when a policy with all empty values and along > with [""] or ["null"] in policyItem --> users, groups and roles. > > Similar validation should be applied for data masking and row filter Policy. > > > Diffs > ----- > > > agents-common/src/main/java/org/apache/ranger/plugin/model/validation/RangerPolicyValidator.java > d73d91b36 > > > Diff: https://reviews.apache.org/r/75004/diff/3/ > > > Testing > ------- > > Verified while creating/updating Policy API fails, when users, groups, roles, > data masking, and row filter fields are all empty values or contain arrays > with empty strings (e.g. [""]) within the policy items. > > > Thanks, > > Rakesh Gupta > >
