You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@ranger.apache.org by ab...@apache.org on 2021/05/20 22:06:19 UTC
[ranger] branch master updated: RANGER-3291: NPE in BasePlugin if
the first policy download contains no policies and no policy-deltas
This is an automated email from the ASF dual-hosted git repository.
abhay pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/ranger.git
The following commit(s) were added to refs/heads/master by this push:
new 87e7f9c RANGER-3291: NPE in BasePlugin if the first policy download contains no policies and no policy-deltas
87e7f9c is described below
commit 87e7f9c63ec87babcaf2b56faa64cac1e56e2860
Author: Abhay Kulkarni <ab...@apache.org>
AuthorDate: Thu May 20 14:49:56 2021 -0700
RANGER-3291: NPE in BasePlugin if the first policy download contains no policies and no policy-deltas
---
.../ranger/plugin/service/RangerBasePlugin.java | 22 +++++++++++++++++++---
.../java/org/apache/ranger/rest/ServiceREST.java | 4 +++-
2 files changed, 22 insertions(+), 4 deletions(-)
diff --git a/agents-common/src/main/java/org/apache/ranger/plugin/service/RangerBasePlugin.java b/agents-common/src/main/java/org/apache/ranger/plugin/service/RangerBasePlugin.java
index 0aab809..4d7fb6c 100644
--- a/agents-common/src/main/java/org/apache/ranger/plugin/service/RangerBasePlugin.java
+++ b/agents-common/src/main/java/org/apache/ranger/plugin/service/RangerBasePlugin.java
@@ -254,8 +254,25 @@ public class RangerBasePlugin {
Boolean hasPolicyDeltas = RangerPolicyDeltaUtil.hasPolicyDeltas(policies);
if (hasPolicyDeltas == null) {
- LOG.warn("Downloaded policies do not require policy change !! [" + policies + "]. Keeping old policy-engine!");
- isNewEngineNeeded = false;
+ LOG.info("Downloaded policies do not require policy change !! [" + policies + "]");
+
+ if (this.policyEngine == null) {
+
+ LOG.info("There are no material changes, and current policy-engine is null! Creating a policy-engine with default service policies");
+ ServicePolicies defaultSvcPolicies = getDefaultSvcPolicies();
+
+ if (defaultSvcPolicies == null) {
+ LOG.error("Could not get default Service Policies. Keeping old policy-engine! This is a FATAL error as the old policy-engine is null!");
+ isNewEngineNeeded = false;
+ } else {
+ defaultSvcPolicies.setPolicyVersion(policies.getPolicyVersion());
+ policies = defaultSvcPolicies;
+ isNewEngineNeeded = true;
+ }
+ } else {
+ LOG.info("Keeping old policy-engine!");
+ isNewEngineNeeded = false;
+ }
} else {
if (hasPolicyDeltas.equals(Boolean.TRUE)) {
// Rebuild policies from deltas
@@ -271,7 +288,6 @@ public class RangerBasePlugin {
isNewEngineNeeded = false;
}
} else {
- usePolicyDeltas = false;
if (policies.getPolicies() == null) {
policies.setPolicies(new ArrayList<>());
}
diff --git a/security-admin/src/main/java/org/apache/ranger/rest/ServiceREST.java b/security-admin/src/main/java/org/apache/ranger/rest/ServiceREST.java
index 2369f41..7d26b0a 100644
--- a/security-admin/src/main/java/org/apache/ranger/rest/ServiceREST.java
+++ b/security-admin/src/main/java/org/apache/ranger/rest/ServiceREST.java
@@ -4119,7 +4119,9 @@ public class ServiceREST {
if (StringUtils.isEmpty(ret)) {
RangerPolicyAdmin policyAdmin = getPolicyAdmin(serviceName);
- ret = policyAdmin.getUniquelyMatchedZoneName(grantRevokeRequest);
+ if (policyAdmin != null) {
+ ret = policyAdmin.getUniquelyMatchedZoneName(grantRevokeRequest);
+ }
}
return ret;