[
https://issues.apache.org/jira/browse/RANGER-5526?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Rakesh Gupta updated RANGER-5526:
---------------------------------
Description:
While creating a Security Zone with a tag service, the operation fails during
postCreate execution. The stack trace shows a NonUniqueResultException from
XXAccessTypeDefDao.findByNameAndServiceId(), triggered during default policy
creation.
This issue is caused by duplicate entries in the access type definition tables
for the associated service.
For example, the following query returns 2 records:
select * from x_access_type_def where name = 'ozone:assume_role';
{code:java}
ERROR [RangerSecurityZoneServiceService.java:102] postCreate processing failed
for security-zone:[{name=zone_1,
services={dev_hive={resources=[{resource={resource-def-name=database,
values=[t]} {resource-def-name=column, values=[*]} {resource-def-name=table,
values=[*]} } {baseInfo={id=1, createdBy=admin, createTime=Thu Mar 19 11:26:49
UTC 2026, updatedBy=admin, updateTime=Thu Mar 19 11:26:49 UTC 2026}} ]}},
tagServices=[dev_tag], adminUsers=[admin], adminUserGroups=[testgroup],
adminRoles=[], auditUsers=[admin], auditUserGroups=[testgroup], auditRoles=[],
description=}]javax.persistence.NonUniqueResultException: More than one result
was returned from Query.getSingleResult() at
org.eclipse.persistence.internal.jpa.QueryImpl.throwNonUniqueResultException(QueryImpl.java:991)
at
org.eclipse.persistence.internal.jpa.QueryImpl.getSingleResult(QueryImpl.java:538)
at
org.eclipse.persistence.internal.jpa.EJBQueryImpl.getSingleResult(EJBQueryImpl.java:404)
at
org.apache.ranger.db.XXAccessTypeDefDao.findByNameAndServiceId(XXAccessTypeDefDao.java:59)
at
org.apache.ranger.biz.PolicyRefUpdater.createNewPolMappingForRefTable(PolicyRefUpdater.java:279)
at
org.apache.ranger.biz.ServiceDBStore.createPolicy(ServiceDBStore.java:2293) at
org.apache.ranger.biz.ServiceDBStore.createDefaultPolicy(ServiceDBStore.java:1416)
at
org.apache.ranger.biz.ServiceDBStore.createZoneDefaultPolicies(ServiceDBStore.java:2438)
at
org.apache.ranger.service.RangerSecurityZoneServiceService.postCreate(RangerSecurityZoneServiceService.java:99)
at
org.apache.ranger.service.RangerSecurityZoneServiceService.postCreate(RangerSecurityZoneServiceService.java:53)
at
org.apache.ranger.service.RangerBaseModelService.create(RangerBaseModelService.java:138)
at
org.apache.ranger.biz.SecurityZoneDBStore.createSecurityZone(SecurityZoneDBStore.java:99)
at
org.apache.ranger.rest.SecurityZoneREST.createSecurityZone(SecurityZoneREST.java:147)
at
org.apache.ranger.rest.SecurityZoneREST$$FastClassBySpringCGLIB$$797df817.invoke(<generated>)
at
org.springframework.cglib.proxy.MethodProxy.invoke(MethodProxy.java:218) {code}
was:
While creating a Security Zone with a tag service, the operation fails during
postCreate execution. The stack trace shows a NonUniqueResultException from
XXAccessTypeDefDao.findByNameAndServiceId(), triggered during default policy
creation.
This issue is caused by duplicate entries in the access type definition tables
for the associated service.
{code:java}
ERROR [RangerSecurityZoneServiceService.java:102] postCreate processing failed
for security-zone:[{name=zone_1,
services={dev_hive={resources=[{resource={resource-def-name=database,
values=[t]} {resource-def-name=column, values=[*]} {resource-def-name=table,
values=[*]} } {baseInfo={id=1, createdBy=admin, createTime=Thu Mar 19 11:26:49
UTC 2026, updatedBy=admin, updateTime=Thu Mar 19 11:26:49 UTC 2026}} ]}},
tagServices=[dev_tag], adminUsers=[admin], adminUserGroups=[testgroup],
adminRoles=[], auditUsers=[admin], auditUserGroups=[testgroup], auditRoles=[],
description=}]javax.persistence.NonUniqueResultException: More than one result
was returned from Query.getSingleResult() at
org.eclipse.persistence.internal.jpa.QueryImpl.throwNonUniqueResultException(QueryImpl.java:991)
at
org.eclipse.persistence.internal.jpa.QueryImpl.getSingleResult(QueryImpl.java:538)
at
org.eclipse.persistence.internal.jpa.EJBQueryImpl.getSingleResult(EJBQueryImpl.java:404)
at
org.apache.ranger.db.XXAccessTypeDefDao.findByNameAndServiceId(XXAccessTypeDefDao.java:59)
at
org.apache.ranger.biz.PolicyRefUpdater.createNewPolMappingForRefTable(PolicyRefUpdater.java:279)
at
org.apache.ranger.biz.ServiceDBStore.createPolicy(ServiceDBStore.java:2293) at
org.apache.ranger.biz.ServiceDBStore.createDefaultPolicy(ServiceDBStore.java:1416)
at
org.apache.ranger.biz.ServiceDBStore.createZoneDefaultPolicies(ServiceDBStore.java:2438)
at
org.apache.ranger.service.RangerSecurityZoneServiceService.postCreate(RangerSecurityZoneServiceService.java:99)
at
org.apache.ranger.service.RangerSecurityZoneServiceService.postCreate(RangerSecurityZoneServiceService.java:53)
at
org.apache.ranger.service.RangerBaseModelService.create(RangerBaseModelService.java:138)
at
org.apache.ranger.biz.SecurityZoneDBStore.createSecurityZone(SecurityZoneDBStore.java:99)
at
org.apache.ranger.rest.SecurityZoneREST.createSecurityZone(SecurityZoneREST.java:147)
at
org.apache.ranger.rest.SecurityZoneREST$$FastClassBySpringCGLIB$$797df817.invoke(<generated>)
at
org.springframework.cglib.proxy.MethodProxy.invoke(MethodProxy.java:218) {code}
> Security Zone creation fails with tag service due to NonUniqueResultException
> -----------------------------------------------------------------------------
>
> Key: RANGER-5526
> URL: https://issues.apache.org/jira/browse/RANGER-5526
> Project: Ranger
> Issue Type: Bug
> Components: Ranger
> Reporter: Rakesh Gupta
> Assignee: Rakesh Gupta
> Priority: Major
>
> While creating a Security Zone with a tag service, the operation fails during
> postCreate execution. The stack trace shows a NonUniqueResultException from
> XXAccessTypeDefDao.findByNameAndServiceId(), triggered during default policy
> creation.
> This issue is caused by duplicate entries in the access type definition
> tables for the associated service.
> For example, the following query returns 2 records:
> select * from x_access_type_def where name = 'ozone:assume_role';
>
> {code:java}
> ERROR [RangerSecurityZoneServiceService.java:102] postCreate processing
> failed for security-zone:[{name=zone_1,
> services={dev_hive={resources=[{resource={resource-def-name=database,
> values=[t]} {resource-def-name=column, values=[*]} {resource-def-name=table,
> values=[*]} } {baseInfo={id=1, createdBy=admin, createTime=Thu Mar 19
> 11:26:49 UTC 2026, updatedBy=admin, updateTime=Thu Mar 19 11:26:49 UTC 2026}}
> ]}}, tagServices=[dev_tag], adminUsers=[admin], adminUserGroups=[testgroup],
> adminRoles=[], auditUsers=[admin], auditUserGroups=[testgroup],
> auditRoles=[], description=}]javax.persistence.NonUniqueResultException: More
> than one result was returned from Query.getSingleResult() at
> org.eclipse.persistence.internal.jpa.QueryImpl.throwNonUniqueResultException(QueryImpl.java:991)
> at
> org.eclipse.persistence.internal.jpa.QueryImpl.getSingleResult(QueryImpl.java:538)
> at
> org.eclipse.persistence.internal.jpa.EJBQueryImpl.getSingleResult(EJBQueryImpl.java:404)
> at
> org.apache.ranger.db.XXAccessTypeDefDao.findByNameAndServiceId(XXAccessTypeDefDao.java:59)
> at
> org.apache.ranger.biz.PolicyRefUpdater.createNewPolMappingForRefTable(PolicyRefUpdater.java:279)
> at
> org.apache.ranger.biz.ServiceDBStore.createPolicy(ServiceDBStore.java:2293)
> at
> org.apache.ranger.biz.ServiceDBStore.createDefaultPolicy(ServiceDBStore.java:1416)
> at
> org.apache.ranger.biz.ServiceDBStore.createZoneDefaultPolicies(ServiceDBStore.java:2438)
> at
> org.apache.ranger.service.RangerSecurityZoneServiceService.postCreate(RangerSecurityZoneServiceService.java:99)
> at
> org.apache.ranger.service.RangerSecurityZoneServiceService.postCreate(RangerSecurityZoneServiceService.java:53)
> at
> org.apache.ranger.service.RangerBaseModelService.create(RangerBaseModelService.java:138)
> at
> org.apache.ranger.biz.SecurityZoneDBStore.createSecurityZone(SecurityZoneDBStore.java:99)
> at
> org.apache.ranger.rest.SecurityZoneREST.createSecurityZone(SecurityZoneREST.java:147)
> at
> org.apache.ranger.rest.SecurityZoneREST$$FastClassBySpringCGLIB$$797df817.invoke(<generated>)
> at
> org.springframework.cglib.proxy.MethodProxy.invoke(MethodProxy.java:218)
> {code}
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
