[jira] [Commented] (RANGER-4829) Atlas policy engine tests need fix

Thu, 18 Jul 2024 14:27:05 -0700 


    [ 
https://issues.apache.org/jira/browse/RANGER-4829?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17867116#comment-17867116
 ] 

Abhishek Kumar commented on RANGER-4829:
----------------------------------------

Merged to master: 
https://github.com/apache/ranger/commit/f806430350d06652572a791e7218dc100fa63751,
 you may close the jira.

> Atlas policy engine tests need fix
> ----------------------------------
>
>                 Key: RANGER-4829
>                 URL: https://issues.apache.org/jira/browse/RANGER-4829
>             Project: Ranger
>          Issue Type: Bug
>          Components: Ranger
>            Reporter: Fateh Singh
>            Assignee: Fateh Singh
>            Priority: Major
>          Time Spent: 10m
>  Remaining Estimate: 0h
>
> # Tthe "level" for entity be 3 here and not 2 
> {code:java}
>     "resources":[ 
> {"name":"entity-type","level":1,"mandatory":true,"lookupSupported":true,"matcher":"org.apache.ranger.plugin.resourcematcher.RangerDefaultResourceMatcher","matcherOptions":{"wildCard":true,
>  "ignoreCase":true},"label":"Entity Type","description":"Entity Type"}, 
> {"name":"entity-classification","level":2,"parent":"entity-type","mandatory":true,"lookupSupported":true,"matcher":"org.apache.ranger.plugin.resourcematcher.RangerDefaultResourceMatcher","matcherOptions":{"wildCard":true,
>  "ignoreCase":true},"label":"Entity Classification","description":"Entity 
> Classification"}, 
> {"name":"entity","level":2,"parent":"entity-classification","mandatory":true,"lookupSupported":true,"matcher":"org.apache.ranger.plugin.resourcematcher.RangerDefaultResourceMatcher","matcherOptions":{"wildCard":true,
>  "ignoreCase":true},"label":"Entity ID","description":"Entity ID"} ],{code}
>  
> 2. For any of the test cases, the resource looks like this
> {code:java}
> "resource":{"elements":{"entity-type":"DataSet", "entity-classification":[]}, 
> "entity":"default@cl1"},{code}
> When policy engine creates test case for this, there are just 2 elements in 
> the resource (entity-type and classification) -- "entity" is totally skipped 
> in the resource..
> According to me, it should look like
> {code:java}
> "resource":{"elements":{"entity-type":"DataSet", "entity-classification":[], 
> "entity":"default@cl1"}}{code}
> This results in resource having 3 elements which I would expect.
> If there are just 2 elements then resource matching ignores the "entity" 
> completely during evaluation which results in incorrect access denied for the 
> below test scenario
> {code:java}
>  "policies":[ { "id":30,"name":"policy for allow 
> test_atlas","isEnabled":true,"isAuditEnabled":true, 
> "resources":{"entity-type":{"values":["abc"]},"entity-classification":{"values":["PII"]},"entity":{"values":["test_atlas"]}},
>  "policyItems":[ {"accesses":[{"type":"entity-read", 
> "isAllowed":true}],"users":["user1"],"groups":["g1"],"delegateAdmin":false} ] 
> } ], "tests":[ {"name":"DataSet read by a data-steward", "request":{ 
> "resource":{"elements":{"entity-type":["abc"], 
> "entity-classification":["PII"]}, "entity":"test_atlas"}, 
> "accessType":"entity-read","user":"user1","userGroups":["g1"] }, 
> "result":{"isAudited":true,"isAllowed":true,"policyId":30} }{code}



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

Reply via email to