----------------------------------------------------------- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/71023/#review216505 -----------------------------------------------------------
Ship it! Ship It! - Abhay Kulkarni On July 8, 2019, 5:39 a.m., Pradeep Agrawal wrote: > > ----------------------------------------------------------- > This is an automatically generated e-mail. To reply, visit: > https://reviews.apache.org/r/71023/ > ----------------------------------------------------------- > > (Updated July 8, 2019, 5:39 a.m.) > > > Review request for ranger, Ankita Sinha, bhavik patel, Gautam Borad, Abhay > Kulkarni, Madhan Neethiraj, Mehul Parikh, Nikhil P, Nitin Galave, Ramesh > Mani, Sailaja Polavarapu, and Velmurugan Periasamy. > > > Bugs: RANGER-2500 > https://issues.apache.org/jira/browse/RANGER-2500 > > > Repository: ranger > > > Description > ------- > > **Problem Statement:** Zone Policies import may fail when > 'updateIfExists=true' is passed through curl. > After zone implementation its possible that same policy may exist in a zone > and unzone. if it exists unzone then the current implementation will bring > that existing db object in memory and try to update the same with new > request. since the request will try to update unzone policy to a zone policy; > the request will fail during the policy update validation as there is a check > that policy zone can't be updated. > > **Proposed Solution:** The proposed solution will bring policy from > respective zone only. This way policy update request will happen with in the > same zone policy and update validation shall pass. > > **Other notes:** > When updateIfExists true is passed then following flow will happen. > 1) First it will check if the new policy guid and the existing policy guid is > same or not. if found same then it will try to update that record. please > note that if existing object is in unzone and the new request is for the zone > then request may fail due to policy update validation check as mentioned > above. > 2) if first condition is not applied then it will try to get a policy by name > and zone. if record is found then it will try to update that record. > 3) if first and second condition is not applied then it will try to get a > policy by name. if record is found then it will try to update that record. > 4) if any of the above condition fail then policy update will fail but if all > three conditions are not met then it will try to create the policy. > > > Diffs > ----- > > security-admin/src/main/java/org/apache/ranger/rest/ServiceREST.java > 171d73bfa > > > Diff: https://reviews.apache.org/r/71023/diff/2/ > > > Testing > ------- > > Tested with 'updateIfExists=true' param and unable to reproduce the case. > > > Thanks, > > Pradeep Agrawal > >
