RANGER-4319: Restricting policy name character to configurable length

Signed-off-by: Mehul Parikh <[email protected]>
apache · Aug 28, 2023 · 5f8e3c1 · 5f8e3c1
1 parent 2da8a1f
commit 5f8e3c1
Showing 1 changed file with 16 additions and 0 deletions.
diff --git a/security-admin/src/main/java/org/apache/ranger/rest/ServiceREST.java b/security-admin/src/main/java/org/apache/ranger/rest/ServiceREST.java
@@ -261,6 +261,9 @@ public class ServiceREST {
 	private RangerPolicyEngineOptions defaultAdminOptions;
 	private final RangerAdminConfig   config = RangerAdminConfig.getInstance();
 
+	private final int maxPolicyNameLength = config.getInt("ranger.policyname.maxlength", 255);
+	private final boolean isPolicyNameLengthValidationEnabled = config.getBoolean("ranger.policyname.maxlength.validation.enabled", true);
+
 	public ServiceREST() {
 	}
 
@@ -1809,6 +1812,13 @@ public RangerPolicy updatePolicy(RangerPolicy policy, @PathParam("id") Long id)
 			if(RangerPerfTracer.isPerfTraceEnabled(PERF_LOG)) {
 				perf = RangerPerfTracer.getPerfTracer(PERF_LOG, "ServiceREST.updatePolicy(policyId=" + policy.getId() + ")");
 			}
+			if (isPolicyNameLengthValidationEnabled) {
+				if (policy.getName().length() > maxPolicyNameLength) {
+					throw restErrorUtil.createRESTException(
+							"Policy name should not be longer than " + maxPolicyNameLength + " characters",
+							MessageEnums.INPUT_DATA_OUT_OF_BOUND, null, "policy name", "" + policy.getName());
+				}
+			}
 			RangerPolicyValidator validator = validatorFactory.getPolicyValidator(svcStore);
 			validator.validate(policy, Action.UPDATE, bizUtil.isAdmin() || isServiceAdmin(policy.getService()) || isZoneAdmin(policy.getZoneName()));
 
@@ -4470,6 +4480,12 @@ private RangerPolicy createPolicyUnconditionally(RangerPolicy policy) throws Exc
 			if (LOG.isDebugEnabled()) {
 				LOG.debug("Policy did not have its name set!  Ok, setting name to [" + name + "]");
 			}
+		} else if (isPolicyNameLengthValidationEnabled) {
+			if (policy.getName().length() > maxPolicyNameLength) {
+				throw restErrorUtil.createRESTException(
+						"Policy name should not be longer than " + maxPolicyNameLength + " characters",
+						MessageEnums.INPUT_DATA_OUT_OF_BOUND, null, "policy name", "" + policy.getName());
+			}
 		}
 		RangerPolicyValidator validator = validatorFactory.getPolicyValidator(svcStore);
 		validator.validate(policy, Action.CREATE, bizUtil.isAdmin() || isServiceAdmin(policy.getService()) || isZoneAdmin(policy.getZoneName()));