Fixed wrangler permissions for 6.7.1

cdap-ldap-role/pom.xml

@@ -21,7 +21,7 @@
 
   <properties>
     <security.authorizer.class>io.cdap.cdap.security.authorization.ldap.role.LDAPRoleAccessController</security.authorizer.class>
-    <jackson.version>2.8.8</jackson.version>
+    <jackson.version>2.13.4</jackson.version>
     <maven.build.timestamp.format>HH:mm:ss dd-MM-yyyy</maven.build.timestamp.format>
   </properties>
 
@@ -118,6 +118,7 @@
                 <manifestEntries>
                   <Build-Time>${maven.build.timestamp}</Build-Time>
                   <Build-Commit-Hash>${buildNumber}</Build-Commit-Hash>
+                  <Specification-Version>${version}</Specification-Version>
                 </manifestEntries>
                 <manifest>
                   <mainClass>

cdap-ldap-role/src/main/java/io/cdap/cdap/security/authorization/ldap/role/RoleAuthorizationUtil.java

@@ -82,7 +82,7 @@ public static boolean getDisablePermissionsPropagationValue(Properties propertie
    * @return {@link GroupWithRolesProvider}
    */
   public static GroupWithRolesProvider createLDAPGroupRoleProvider(Properties properties) {
-    String yamlPath = properties.getProperty(RoleAuthorizationConstants.ROLE_YAML_PATH);
+    String yamlPath = getProperty(RoleAuthorizationConstants.ROLE_YAML_PATH, properties);
     return new GroupWithRolesProvider(yamlPath);
   }
 
@@ -97,10 +97,10 @@ public static LDAPSearchConfig createSearchConfig(Properties properties) {
     String recursiveSearchString = properties.getProperty(RoleAuthorizationConstants.LDAP_RECURSIVE_SEARCH);
 
     return LDAPSearchConfig.builder()
-      .withUrl(properties.getProperty(RoleAuthorizationConstants.LDAP_URL))
-      .withSearchBaseDn(properties.getProperty(RoleAuthorizationConstants.LDAP_SEARCH_BASE_DN))
-      .withSearchFilter(properties.getProperty(RoleAuthorizationConstants.LDAP_SEARCH_FILTER))
-      .withMemberAttribute(properties.getProperty(RoleAuthorizationConstants.LDAP_MEMBER_ATTRIBUTE))
+      .withUrl(getProperty(RoleAuthorizationConstants.LDAP_URL, properties))
+      .withSearchBaseDn(getProperty(RoleAuthorizationConstants.LDAP_SEARCH_BASE_DN, properties))
+      .withSearchFilter(getProperty(RoleAuthorizationConstants.LDAP_SEARCH_FILTER, properties))
+      .withMemberAttribute(properties.getProperty((RoleAuthorizationConstants.LDAP_MEMBER_ATTRIBUTE)))
       .withLookUpBindDN(properties.getProperty(RoleAuthorizationConstants.LDAP_LOOKUP_BIND_DN))
       .withLookUpBindPassword(properties.getProperty(RoleAuthorizationConstants.LDAP_LOOKUP_BIND_PASSWORD))
       .withIgnoreSSLVerify(Boolean.parseBoolean(ignoreSSLVerifyString))
@@ -156,4 +156,24 @@ public static Set<? extends Permission> getPropagatedPermissions(EntityId entity
 
     return principalPermissions.getPermissions(namespace, EntityType.NAMESPACE, permissions);
   }
+
+  /**
+   * Returns property's value
+   *
+   * @param propertyName {@link EntityId}
+   * @param properties   Set of {@link Permission}
+   * @return property's value
+   * @throws RuntimeException - if property is empty or not set
+   */
+  public static String getProperty(String propertyName, Properties properties) throws RuntimeException {
+    String value = properties.getProperty(propertyName);
+
+    if (value == null || value.isEmpty()) {
+      String errorMsg = String.format("Value for property '%s' was not found, please check it",
+              propertyName);
+      throw new RuntimeException(errorMsg);
+    }
+
+    return value;
+  }
 }

cdap-ldap-role/src/main/java/io/cdap/cdap/security/authorization/ldap/role/permission/RolePermissionConverter.java

@@ -155,7 +155,13 @@ public static List<EntityTypeWithPermission> convertToEntityTypeWithPermission(R
       case USE_WRANGLER:
         return Arrays.asList(
           new EntityTypeWithPermission(EntityType.APPLICATION, StandardPermission.GET, true),
-          new EntityTypeWithPermission(EntityType.DATASET, StandardPermission.LIST, true)
+          new EntityTypeWithPermission(EntityType.DATASET, StandardPermission.LIST, true),
+          new EntityTypeWithPermission(EntityType.SYSTEM_APP_ENTITY, StandardPermission.LIST),
+          new EntityTypeWithPermission(EntityType.SYSTEM_APP_ENTITY, StandardPermission.USE),
+          new EntityTypeWithPermission(EntityType.SYSTEM_APP_ENTITY, StandardPermission.GET),
+          new EntityTypeWithPermission(EntityType.SYSTEM_APP_ENTITY, StandardPermission.CREATE),
+          new EntityTypeWithPermission(EntityType.SYSTEM_APP_ENTITY, StandardPermission.DELETE),
+          new EntityTypeWithPermission(EntityType.SYSTEM_APP_ENTITY, StandardPermission.UPDATE)
         );
       case MANAGE_SECURE_KEY:
         return Arrays.asList(