----------------------------------------------------------- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/75280/#review227105 -----------------------------------------------------------
Ship it! Ship It! - Madhan Neethiraj On Dec. 2, 2024, 5:18 p.m., Radhika Kundam wrote: > > ----------------------------------------------------------- > This is an automatically generated e-mail. To reply, visit: > https://reviews.apache.org/r/75280/ > ----------------------------------------------------------- > > (Updated Dec. 2, 2024, 5:18 p.m.) > > > Review request for ranger, Madhan Neethiraj and Ramesh Mani. > > > Bugs: RANGER-5000 > https://issues.apache.org/jira/browse/RANGER-5000 > > > Repository: ranger > > > Description > ------- > > Dataset policy creation works even when the policy items are not properly > formed in the policy.With this patch it'll validate policy items while > creating policy. And below are the validations included. > > UseCase-1: Null policy items > --------- > "policyItems": [ > null > ] > Error Msg: "msgDesc": "[ Validation failure: error code[3019], reason[policy > items object was null], field[policy items], subfield[null], type[]]", > > UseCase-2: No principals or Principals object with empty or no values > --------- > "policyItems": [ > { > "delegateAdmin": false, > "accesses": [ > { > "type": "_ALL", > "isAllowed": null > } > ] > } > ] > > "policyItems": [ > { > "delegateAdmin": false, > "accesses": [ > { > "type": "_ALL", > "isAllowed": null > } > ], > "users": [ > " " > ] > } > > "policyItems": [ > { > "delegateAdmin": false, > "accesses": [ > { > "type": "_ALL", > "isAllowed": null > } > ], > "users": [ > > ] > } > ] > Error Msg: "msgDesc": "[ Validation failure: error code[3020], reason[All of > users, user-groups and roles collections on the policy item were > null/empty], field[policy items], subfield[null], type[]]" > > UseCase-3: Null or Empty Access Object > --------- > "policyItems": [ > { > "delegateAdmin": false, > "accesses": [], > "users": [ > "hive" > ] > } > ] > > "policyItems": [ > { > "delegateAdmin": false, > "accesses": [null], > "users": [ > "hive" > ] > } > ] > Error Msg: "msgDesc": "[ Validation failure: error code[3021], reason[policy > items access object was null], field[policy items], subfield[null], type[]]" > > > UseCase-4: Access object with no or empty access type > --------- > "policyItems": [ > { > "delegateAdmin": false, > "accesses": [ > { > "isAllowed": true > } > ], > "users": [ > "hive" > ] > } > ] > > "policyItems": [ > { > "delegateAdmin": false, > "accesses": [ > { > "type": " ", > "isAllowed": true > } > ], > "users": [ > "hive" > ] > } > ] > Error Msg: "msgDesc": "[ Validation failure: error code[4010], reason[policy > items access object has empty or null values for type], field[policy items], > subfield[null], type[]]" > > Note: No validation exists for isAllowed being null, as it will default to > true if isAllowed is passed as NULL. > > > Diffs > ----- > > > agents-common/src/main/java/org/apache/ranger/plugin/errors/ValidationErrorCode.java > 13a362437 > security-admin/src/main/java/org/apache/ranger/biz/GdsDBStore.java > 768192e84 > > security-admin/src/main/java/org/apache/ranger/validation/RangerGdsValidator.java > 627056bfd > > > Diff: https://reviews.apache.org/r/75280/diff/2/ > > > Testing > ------- > > Tested locally. > > > Thanks, > > Radhika Kundam > >
