----------------------------------------------------------- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/71063/#review216758 -----------------------------------------------------------
Ship it! Ship It! - Abhay Kulkarni On July 17, 2019, 3:55 a.m., Pradeep Agrawal wrote: > > ----------------------------------------------------------- > This is an automatically generated e-mail. To reply, visit: > https://reviews.apache.org/r/71063/ > ----------------------------------------------------------- > > (Updated July 17, 2019, 3:55 a.m.) > > > Review request for ranger, Ankita Sinha, bhavik patel, Gautam Borad, Abhay > Kulkarni, Madhan Neethiraj, Mehul Parikh, Nikhil P, Nitin Galave, Ramesh > Mani, Sailaja Polavarapu, and Velmurugan Periasamy. > > > Bugs: RANGER-2503 > https://issues.apache.org/jira/browse/RANGER-2503 > > > Repository: ranger > > > Description > ------- > > **Problem Statement:** > > Currently, Import Policy API provide option to override all policies of given > service but it do not override given set of policies of a service. > > **Proposed improvements :** > > If there is a policy which matches the resource, the policy should be deleted > and the new policy should be created with the data provided. > > If there is no policy which matches the resource, a new policy should be > created with the data provided. > > **Proposed Solution :** > > Patch shall delete the existing policy of which resource is exactly matching > with the new policy then it will create the policy using new json. > > **other changes:** > 1) This patch also has little improvement merge feature flag(Refer > RANGER-2484). 'ignorePolicyName' flag is replaced with 'mergeIfExist' for > better understanding. > > **Behaviour of the Import API shall be:** > 1) 'Override' flag : API shall delete all the policies of given target > service and shall create the new policies from the received json. > 2) 'deleteIfExists' flag : API shall delete those existing policies which are > exactly matching after comparing with new policy based on their resources. > After deleting the existing policy, API shall create the new policy from the > given json file. > 3) 'updateIfExists' flag with resource input : API shall delete all the > existing policies from target service of which resources are exactly matching > with given policies resources. > 4) 'updateIfExists' flag without resource input : API shall update existing > policies with new policy json based on either of the following conditions. > a) existing and new policy guid is matching > b) existing and new policy name, service and zone are matching > c) existing and new policy name and service are matching. > 5) 'mergeIfExists' flag : API shall merge the existing policy's policy-items > with the new policy of which resources will match exactly with available > policies. > 6) 'deleteIfExists' flag and 'updateIfExists' : delete the policies of > which resources are exactly matching. update the policies which are matching > else will create the policy. > > If none of the cases are matching then API shall try to create the policy. > Policy creation validation will be done before creating the policy. > > > Diffs > ----- > > security-admin/src/main/java/org/apache/ranger/biz/ServiceDBStore.java > b88a68426 > security-admin/src/main/java/org/apache/ranger/rest/ServiceREST.java > 3f6b7e1eb > > > Diff: https://reviews.apache.org/r/71063/diff/1/ > > > Testing > ------- > > > Thanks, > > Pradeep Agrawal > >
