-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/71063/
-----------------------------------------------------------
Review request for ranger, Ankita Sinha, bhavik patel, Gautam Borad, Abhay
Kulkarni, Madhan Neethiraj, Mehul Parikh, Nikhil P, Nitin Galave, Ramesh Mani,
Sailaja Polavarapu, and Velmurugan Periasamy.
Bugs: RANGER-2503
https://issues.apache.org/jira/browse/RANGER-2503
Repository: ranger
Description
-------
**Problem Statement:**
Currently, Import Policy API provide option to override all policies of given
service but it do not override given set of policies of a service.
**Proposed improvements :**
If there is a policy which matches the resource, the policy should be deleted
and the new policy should be created with the data provided.
If there is no policy which matches the resource, a new policy should be
created with the data provided.
**Proposed Solution :**
Patch shall delete the existing policy of which resource is exactly matching
with the new policy then it will create the policy using new json.
**other changes:**
1) This patch also has little improvement merge feature flag(Refer
RANGER-2484). 'ignorePolicyName' flag is replaced with 'mergeIfExist' for
better understanding.
**Behaviour of the Import API shall be:**
1) 'Override' flag : API shall delete all the policies of given target service
and shall create the new policies from the received json.
2) 'deleteIfExists' flag : API shall delete those existing policies which are
exactly matching after comparing with new policy based on their resources.
After deleting the existing policy, API shall create the new policy from the
given json file.
3) 'updateIfExists' flag with resource input : API shall delete all the
existing policies from target service of which resources are exactly matching
with given policies resources.
4) 'updateIfExists' flag without resource input : API shall update existing
policies with new policy json based on either of the following conditions.
a) existing and new policy guid is matching
b) existing and new policy name, service and zone are matching
c) existing and new policy name and service are matching.
5) 'mergeIfExists' flag : API shall merge the existing policy's policy-items
with the new policy of which resources will match exactly with available
policies.
6) 'deleteIfExists' flag and 'updateIfExists' : delete the policies of which
resources are exactly matching. update the policies which are matching else
will create the policy.
If none of the cases are matching then API shall try to create the policy.
Policy creation validation will be done before creating the policy.
Diffs
-----
security-admin/src/main/java/org/apache/ranger/biz/ServiceDBStore.java
b88a68426
security-admin/src/main/java/org/apache/ranger/rest/ServiceREST.java
3f6b7e1eb
Diff: https://reviews.apache.org/r/71063/diff/1/
Testing
-------
Thanks,
Pradeep Agrawal
