Skip to content

RANGER-5402 Fix the out-of-bounds issue caused by overly long kms keys#734

Closed
yunyezhang-work wants to merge 1 commit intoapache:ranger-2.3from
yunyezhang-work:release-ranger-2.3.0-bounding
Closed

RANGER-5402 Fix the out-of-bounds issue caused by overly long kms keys#734
yunyezhang-work wants to merge 1 commit intoapache:ranger-2.3from
yunyezhang-work:release-ranger-2.3.0-bounding

Conversation

@yunyezhang-work
Copy link
Contributor

@yunyezhang-work yunyezhang-work commented Nov 18, 2025
edited
Loading

What changes were proposed in this pull request?

When creating a kms key, if the key name exceeds 240+ characters, it will display "Key createed successfully". However, in reality, the key creation failed and the corresponding key could not be found in the database either. The reason for this problem is that when creating the ranger_keystore table in the scripts/db/sqlserver/kms_core_db_sqlserver.sql file, the length of the kms_alias field was restricted. Therefore, judgment logic needs to be added in the code. If the length exceeds the limit, an exception will be thrown.
Clipboard_Screenshot_1763435066

How was this patch tested?

To test this patch, create keys of different lengths in the ranger ui test. When the number of key characters exceeds 255, an error will be reported and creation will not be allowed. When the number of key characters is less than 255, it is created normally.
The repaired example is shown in the figure:
The key length exceeds the limit:
image
The key length is within the limit:
Clipboard_Screenshot_1763435325

vikaskr22
vikaskr22 reviewed Nov 18, 2025
View reviewed changes
Copy link
Contributor

@vikaskr22 vikaskr22 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Hi @yunyezhang-work , I had fixed one related JIRA: https://issues.apache.org/jira/browse/RANGER-3965 .

My observation: It's more about how code is handling the runtime failures. Here, exception is occurring but KMS logic is not re-throwing the exception.

I suggest to add handling in org.apache.ranger.kms.dao.BaseDao methods. Here instead of catching and logging, we should throw the RuntimeException to break the API call.

Similar fix I merged as part of above JIRA. Pls see if that resolves your issues This is planned to go into next release.

@yunyezhang-work
Copy link
Contributor Author

yunyezhang-work commented Nov 18, 2025

Hi @yunyezhang-work , I had fixed one related JIRA: https://issues.apache.org/jira/browse/RANGER-3965 .

My observation: It's more about how code is handling the runtime failures. Here, exception is occurring but KMS logic is not re-throwing the exception.

I suggest to add handling in org.apache.ranger.kms.dao.BaseDao methods. Here instead of catching and logging, we should throw the RuntimeException to break the API call.

Similar fix I merged as part of above JIRA. Pls see if that resolves your issues This is planned to go into next release.

OK. The above-mentioned modifications can solve this problem.

@vikaskr22
Copy link
Contributor

vikaskr22 commented Nov 18, 2025

Thanks for the confirmation. In that case, you can mark your JIRA as related/duplicate of RANGER-3965.

@yunyezhang-work
Copy link
Contributor Author

yunyezhang-work commented Nov 22, 2025

Thanks for the confirmation. In that case, you can mark your JIRA as related/duplicate of RANGER-3965.

Hello. Could you please help review the other two PR? It seems GitHub doesn't assign viewers. We hope to have more interaction with the open-source community and look forward to your reply.
#741
#739

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@vikaskr22 vikaskr22 vikaskr22 left review comments

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@yunyezhang-work @vikaskr22