Abhishek created RANGER-5000:
--------------------------------
Summary: Add validations to ensure that the policy items are
properly formed during dataset policy creation / edit
Key: RANGER-5000
URL: https://issues.apache.org/jira/browse/RANGER-5000
Project: Ranger
Issue Type: Bug
Components: Ranger
Reporter: Abhishek
*Problem statement*
Dataset policy creation works even when the policy items are not properly
formed in the policy.
*Steps to reproduce*
1. Create a dataset
2. Make a POST request to \{BASE_URL}/service/gds/dataset/\{DATASET_ID}/policy
using the following payload
{code:java}
{
"id":149,
"guid":"aa020de3-a433-46c3-b082-5a9330f64c4a",
"isEnabled":true,
"createdBy":"Admin",
"updatedBy":"Admin",
"createTime":1731577607000,
"updateTime":1731577607000,
"version":1,
"service":"_gds",
"name":"DATASET: test_dataset_1_gckcvky@1731577606501",
"policyType":0,
"policyPriority":0,
"description":"Policy for dataset: test_dataset_1_gckcvky",
"resourceSignature":"a2ba2622d4ea10daf494c293d9896b5764319e836b891a4eca6eb5d03b816e69",
"isAuditEnabled":true,
"resources":{
"dataset-id":{
"values":[
"12"
],
"isExcludes":false,
"isRecursive":false
}
},
"policyItems":[
{
"users":[
"hrt_10"
],
"delegateAdmin":false
}
],
"serviceType":"gds",
"isDenyAllElse":false
} {code}
The policy creation is allowed, even though the access types are not present in
the policyItems.
Similarly, if the users/groups/roles section is missing in the policyItems
field and only accessTypes are present, still the policy creation works fine.
This issue is present with the PUT
\{BASE_URL}/service/gds/dataset/\{DATASET_ID}/policy/\{POLICY_ID} API endpoint
as well.
*Expectation*
Validations have to be added to ensure that the policy items are properly
formed during dataset policy creation / edit via API.
Such validations are already present for dataset policy creation / update via
UI.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
