apache · ramackri · Jun 15, 2026 · Jun 15, 2026 · Jun 15, 2026
diff --git a/...mon/src/main/java/org/apache/ranger/plugin/resourcematcher/RangerPathResourceMatcher.java b/...mon/src/main/java/org/apache/ranger/plugin/resourcematcher/RangerPathResourceMatcher.java
@@ -542,16 +542,18 @@ static class RecursiveWildcardResourceMatcher extends AbstractPathResourceMatche
         boolean isMatch(String resourceValue, Map<String, Object> evalContext) {
             LOG.debug("==> RecursiveWildcardResourceMatcher.isMatch(resourceValue={}, evalContext={})", resourceValue, evalContext);
 
-            String expandedValue;
+            String   expandedValue;
+            String[] pathElements;
 
             if (getNeedsDynamicEval()) {
-                expandedValue        = getExpandedValue(evalContext);
-                wildcardPathElements = StringUtils.split(expandedValue, pathSeparatorChar);
+                expandedValue = getExpandedValue(evalContext);
+                pathElements  = StringUtils.split(expandedValue, pathSeparatorChar);
             } else {
                 expandedValue = value;
+                pathElements  = wildcardPathElements;
             }
 
-            boolean ret = function.apply(resourceValue, expandedValue, pathSeparatorChar, ioCase, wildcardPathElements);
+            boolean ret = function.apply(resourceValue, expandedValue, pathSeparatorChar, ioCase, pathElements);
 
             LOG.debug("<== RecursiveWildcardResourceMatcher.isMatch(resourceValue={}, expandedValue={}) : result:[{}]", resourceValue, expandedValue, ret);
 

diff --git a/agents-common/src/test/resources/policyengine/ACLResourceTags.json b/agents-common/src/test/resources/policyengine/ACLResourceTags.json
@@ -43,7 +43,7 @@
     "tags": {
       "1": {
         "type": "EXPIRES_ON",
-        "attributes": { "expiry_date": "2026/06/15" },
+        "attributes": { "expiry_date": "2099/12/31" },
         "id": 1,
         "guid": "tag-expires-on-1-guid"
       },
@@ -61,19 +61,19 @@
       },
       "4": {
         "type": "RESTRICTED-FINAL",
-        "attributes": { "activation_date": "2026/06/15" },
+        "attributes": { "activation_date": "2099/12/31" },
         "id": 4,
         "guid": "tag-restricted-final-4-guid"
       },
       "5": {
         "type": "PII",
-        "attributes": { "expiry": "2026/06/15" },
+        "attributes": { "expiry": "2099/12/31" },
         "id": 5,
         "guid": "tag-pii-5-guid"
       },
       "6": {
         "type": "PII-FINAL",
-        "attributes": { "expiry": "2026/06/15" },
+        "attributes": { "expiry": "2099/12/31" },
         "id": 6,
         "guid": "tag-pii-final-6-guid"
       },

diff --git a/agents-common/src/test/resources/policyengine/descendant_tags.json b/agents-common/src/test/resources/policyengine/descendant_tags.json
@@ -26,7 +26,7 @@
     "tags": {
       "1": {
         "type": "PII",
-        "attributes": { "expiry": "2026/06/15" },
+        "attributes": { "expiry": "2099/12/31" },
         "id": 1,
         "guid": "tag-pii-1-guid"
       },

diff --git a/agents-common/src/test/resources/policyengine/plugin/resourceTags.json b/agents-common/src/test/resources/policyengine/plugin/resourceTags.json
@@ -37,7 +37,7 @@
     "tags": {
       "1": {
         "type": "EXPIRES_ON",
-        "attributes": { "expiry_date": "2026/06/15" },
+        "attributes": { "expiry_date": "2099/12/31" },
         "id": 1,
         "guid": "tag-expires-on-1-guid"
       },
@@ -55,19 +55,19 @@
       },
       "4": {
         "type": "RESTRICTED-FINAL",
-        "attributes": { "activation_date": "2026/06/15" },
+        "attributes": { "activation_date": "2099/12/31" },
         "id": 4,
         "guid": "tag-restricted-final-4-guid"
       },
       "5": {
         "type": "PII",
-        "attributes": { "expiry": "2026/06/15" },
+        "attributes": { "expiry": "2099/12/31" },
         "id": 5,
         "guid": "tag-pii-5-guid"
       },
       "6": {
         "type": "PII-FINAL",
-        "attributes": { "expiry": "2026/06/15" },
+        "attributes": { "expiry": "2099/12/31" },
         "id": 6,
         "guid": "tag-pii-final-6-guid"
       }

diff --git a/agents-common/src/test/resources/policyengine/resourceTags.json b/agents-common/src/test/resources/policyengine/resourceTags.json
@@ -37,7 +37,7 @@
     "tags": {
       "1": {
         "type": "EXPIRES_ON",
-        "attributes": { "expiry_date": "2026/06/15" },
+        "attributes": { "expiry_date": "2099/12/31" },
         "id": 1,
         "guid": "tag-expires-on-1-guid"
       },
@@ -55,19 +55,19 @@
       },
       "4": {
         "type": "RESTRICTED-FINAL",
-        "attributes": { "activation_date": "2026/06/15" },
+        "attributes": { "activation_date": "2099/12/31" },
         "id": 4,
         "guid": "tag-restricted-final-4-guid"
       },
       "5": {
         "type": "PII",
-        "attributes": { "expiry": "2026/06/15" },
+        "attributes": { "expiry": "2099/12/31" },
         "id": 5,
         "guid": "tag-pii-5-guid"
       },
       "6": {
         "type": "PII-FINAL",
-        "attributes": { "expiry": "2026/06/15" },
+        "attributes": { "expiry": "2099/12/31" },
         "id": 6,
         "guid": "tag-pii-final-6-guid"
       }

diff --git a/agents-common/src/test/resources/policyengine/test_policyengine_tag_hive.json b/agents-common/src/test/resources/policyengine/test_policyengine_tag_hive.json
@@ -241,7 +241,7 @@
       "request":{
         "resource":{"elements":{"database":"default", "table":"table2"}},
         "accessType":"","user":"denieduser","userGroups":[],"requestData":"desc default.table2;' for denieduser",
-        "context": {"TAGS":"[{\"type\":\"PII-FINAL\", \"attributes\":{\"expiry\":\"2026/06/15\"}}]"}
+        "context": {"TAGS":"[{\"type\":\"PII-FINAL\", \"attributes\":{\"expiry\":\"2099/12/31\"}}]"}
       },
       "result":{"isAudited":true,"isAllowed":false,"policyId":103}
     },
@@ -292,15 +292,15 @@
       "request":{
         "resource":{"elements":{"database":"employee", "table":"personal", "column":"ssn"}},
         "accessType":"select","user":"user1","userGroups":[],"requestData":"select ssn from employee.personal;' for user1",
-        "context": {"TAGS":"[{\"type\":\"RESTRICTED\", \"attributes\":{\"expiry\":\"2026/06/15\"}}]"}
+        "context": {"TAGS":"[{\"type\":\"RESTRICTED\", \"attributes\":{\"expiry\":\"2099/12/31\"}}]"}
       },
       "result":{"isAudited":true,"isAllowed":true,"policyId":1}
     },
     {"name":"DENY 'select ssn from employee.personal;' for user2",
       "request":{
         "resource":{"elements":{"database":"employee", "table":"personal", "column":"ssn"}},
         "accessType":"select","user":"user2","userGroups":[],"requestData":"select ssn from employee.personal;' for user2",
-        "context": {"TAGS":"[{\"type\":\"RESTRICTED-FINAL\", \"attributes\":{\"expiry\":\"2026/06/15\"}}]"}
+        "context": {"TAGS":"[{\"type\":\"RESTRICTED-FINAL\", \"attributes\":{\"expiry\":\"2099/12/31\"}}]"}
       },
       "result":{"isAudited":true,"isAllowed":false,"policyId":4}
     },
@@ -325,55 +325,55 @@
       "request":{
         "resource":{"elements":{"database":"default", "table":"table1", "column":"name"}},
         "accessType":"select","user":"hive","userGroups":[],"requestData":"select name from default.table1;' for hive",
-        "context": {"TAGS":"[{\"type\":\"PII\", \"attributes\":{\"expiry\":\"2026/06/15\"}}]"}
+        "context": {"TAGS":"[{\"type\":\"PII\", \"attributes\":{\"expiry\":\"2099/12/31\"}}]"}
       },
       "result":{"isAudited":true,"isAllowed":true,"policyId":2}
     },
     {"name":"ALLOW 'desc default.table1;' for hive",
       "request":{
         "resource":{"elements":{"database":"default", "table":"table1"}},
         "accessType":"","user":"hive","userGroups":[],"requestData":"desc default.table1;' for hive",
-        "context": {"TAGS":"[{\"type\":\"PII\", \"attributes\":{\"expiry\":\"2026/06/15\"}}]"}
+        "context": {"TAGS":"[{\"type\":\"PII\", \"attributes\":{\"expiry\":\"2099/12/31\"}}]"}
       },
       "result":{"isAudited":true,"isAllowed":true,"policyId":2}
     },
     {"name":"DENY 'desc default.table1;' for user1",
       "request":{
         "resource":{"elements":{"database":"default", "table":"table1"}},
         "accessType":"","user":"user1","userGroups":[],"requestData":"desc default.table1;' for user1",
-        "context": {"TAGS":"[{\"type\":\"PII-FINAL\", \"attributes\":{\"expiry\":\"2026/06/15\"}}]"}
+        "context": {"TAGS":"[{\"type\":\"PII-FINAL\", \"attributes\":{\"expiry\":\"2099/12/31\"}}]"}
       },
       "result":{"isAudited":true,"isAllowed":false,"policyId":3}
     },
     {"name":"DENY 'desc default.table1;' for testuser",
       "request":{
         "resource":{"elements":{"database":"default", "table":"table1"}},
         "accessType":"","user":"testuser","userGroups":[],"requestData":"desc default.table1;' for testuser",
-        "context": {"TAGS":"[{\"type\":\"PII-FINAL\", \"attributes\":{\"expiry\":\"2026/06/15\"}}]"}
+        "context": {"TAGS":"[{\"type\":\"PII-FINAL\", \"attributes\":{\"expiry\":\"2099/12/31\"}}]"}
       },
       "result":{"isAudited":true,"isAllowed":false,"policyId":-1}
     },
     {"name":"ALLOW 'use default;' for hive",
       "request":{
         "resource":{"elements":{"database":"default"}},
         "accessType":"","user":"hive","userGroups":[],"requestData":"use default",
-        "context": {"TAGS":"[{\"type\":\"PII-FINAL\", \"attributes\":{\"expiry\":\"2026/06/15\"}}]"}
+        "context": {"TAGS":"[{\"type\":\"PII-FINAL\", \"attributes\":{\"expiry\":\"2099/12/31\"}}]"}
       },
       "result":{"isAudited":true,"isAllowed":true,"policyId":101}
     },
     {"name":"DENY 'use default;' for user1",
       "request":{
         "resource":{"elements":{"database":"default"}},
         "accessType":"","user":"user1","userGroups":[],"requestData":"use default for user1",
-        "context": {"TAGS":"[{\"type\":\"PII-FINAL\", \"attributes\":{\"expiry\":\"2026/06/15\"}}]"}
+        "context": {"TAGS":"[{\"type\":\"PII-FINAL\", \"attributes\":{\"expiry\":\"2099/12/31\"}}]"}
       },
       "result":{"isAudited":true,"isAllowed":false,"policyId":3}
     },
     {"name":"ALLOW 'select * from default.table1;' for hive",
       "request":{
         "resource":{"elements":{"database":"default", "table":"table1", "column":"name"}},
         "accessType":"select","user":"hive","userGroups":[],"requestData":"select * from default.table1",
-        "context": {"TAGS":"[{\"type\":\"PII\", \"attributes\":{\"expiry\":\"2026/06/15\"}}]"}
+        "context": {"TAGS":"[{\"type\":\"PII\", \"attributes\":{\"expiry\":\"2099/12/31\"}}]"}
       },
       "result":{"isAudited":true,"isAllowed":true,"policyId":2}
     },