search

apache / gravitino

World's most powerful open data catalog for building a high-performance, geo-distributed and federated metadata lake.
https://gravitino.apache.org
Apache License 2.0
1.09k stars 343 forks source link

[Subtask] Create a role, delete a role and recreate a role, it will throw an exception #5129

Closed jerqi closed 1 month ago

jerqi commented 1 month ago

Describe the subtask

    "code": 1002,
    "type": "RuntimeException",
    "message": "Failed to operate object [role1] operation [CREATE] under [metalake_demo], reason [Ranger API org.apache.ranger.RangerClient$API@59a7c963 failed: statusCode=400, status=Bad Request, response:{\"statusCode\":1,\"msgDesc\":\"(0) Validation failure: error code[3006], reason[Another policy already exists for this name: policy-id=[19], service=[hiveDev]], field[policy name], subfield[null], type[semantically incorrect] \

I run the command

import requests
import json

url = "http://gravitino:8090/api/metalakes/metalake_demo/roles"
headers = {
    "Accept": "application/vnd.gravitino.v1+json",
    "Content-Type": "application/json",
}
data = {
    "name": "role1",
    "properties": {"k1": "v1"},
    "securableObjects": [
        {
            "fullName": "catalog_hive.access_control",
            "type": "SCHEMA",
            "privileges": [
                {
                    "name": "CREATE_TABLE",
                    "condition": "ALLOW"
                },
                {
                    "name": "MODIFY_TABLE",
                    "condition": "ALLOW"
                },
                {
                    "name": "SELECT_TABLE",
                    "condition": "ALLOW"
                }
            ]    
        }
    ]
}

response = requests.post(url, headers=headers, data=json.dumps(data))

print(response.text)
import requests
import json

url = "http://gravitino:8090/api/metalakes/metalake_demo/permissions/users/root/grant"
headers = {
    "Accept": "application/vnd.gravitino.v1+json",
    "Content-Type": "application/json",
}
data = {
    "roleNames": ["role1"]
}

response = requests.put(url, headers=headers, data=json.dumps(data))

# print status code and response text
print(response.status_code)
print(response.text)
import requests
import json

url = "http://gravitino:8090/api/metalakes/metalake_demo/roles"
headers = {
    "Accept": "application/vnd.gravitino.v1+json",
    "Content-Type": "application/json",
}
data = {
    "name": "role1",
    "properties": {"k1": "v1"},
    "securableObjects": [
        {
            "fullName": "catalog_hive.access_control",
            "type": "SCHEMA",
            "privileges": [
                {
                    "name": "SELECT_TABLE",
                    "condition": "ALLOW"
                }
            ]    
        }
    ]
}

response = requests.post(url, headers=headers, data=json.dumps(data))

print(response.text)

Parent issue

5115

jerqi commented 1 month ago

Because I modify the policy parameter.