Re: Review Request 72957: RANGER-3036 : Multiple disabled policies getting created with same resource while import

Fri, 23 Oct 2020 06:39:30 -0700 

-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/72957/#review222113
-----------------------------------------------------------




security-admin/src/main/java/org/apache/ranger/rest/ServiceREST.java
Line 2432 (original), 2451 (patched)
<https://reviews.apache.org/r/72957/#comment311181>

    This will result in import operation to create new policy for every 
disabled policy. Multiple import operations will result in multiple such 
dupliate policies. This is not desirable.
    
    Also, does Ranger allow multiple policies with the same name?


- Madhan Neethiraj


On Oct. 23, 2020, 12:32 p.m., Dineshkumar Yadav wrote:
> 
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/72957/
> -----------------------------------------------------------
> 
> (Updated Oct. 23, 2020, 12:32 p.m.)
> 
> 
> Review request for ranger, Ankita Sinha, Gautam Borad, Kishor Gollapalliwar, 
> Abhay Kulkarni, Mehul Parikh, Pradeep Agrawal, and Velmurugan Periasamy.
> 
> 
> Repository: ranger
> 
> 
> Description
> -------
> 
> If updateifexist/mergeIfExist parameter passed while importing the ranger 
> policies then additional policies are created for disabled policy with same 
> resource.
> 
> Solution: 1. New disabled policy will be created only if no 
> resource-signature matching policy found in ranger.
>           2. If policy with same resource-signature found in Ranger then 
> policy get merged or updated according to parameter passed during import.
>           3. If multiple disabled policy with same resource-signature found 
> then policy with same name will be picked up for update/merge otherwise 
> randomly one policy will be picked-up for update/merge.
> 
> Note: While creating new policy with existing name we appending 
> System.currentTimeMillis() in the name of the policy to get unique 
> name.(current implementation)
> 
> 
> Diffs
> -----
> 
>   security-admin/src/main/java/org/apache/ranger/rest/ServiceREST.java 
> 4ef9abeb8 
> 
> 
> Diff: https://reviews.apache.org/r/72957/diff/3/
> 
> 
> Testing
> -------
> 
> Tested for below scenario 
>     1. With no disable policy 
>     2. With single disable policy 
>     3. With multiple disable policy
>     4. Scenario 
>             1. Create enabled policy1 with resource1 and export the policy.
>             2. Disabled the exported policy and try to import it.
>        Expected Result new disabled policy should get created.
> 
> 
> Thanks,
> 
> Dineshkumar Yadav
> 
>

Reply via email to