----------------------------------------------------------- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/72957/#review222114 -----------------------------------------------------------
security-admin/src/main/java/org/apache/ranger/rest/ServiceREST.java Line 1743 (original), 1742 (patched) <https://reviews.apache.org/r/72957/#comment311182> Consider the following scenario: Step #1: - at source Ranger, a repo has an enabled policy (say, id=1) - target Ranger doesn't have this repo - export policies in this repo from source Ranger and import into target Ranger - target Ranger will now have the repo with one policy Step #2: - at source Ranger, disable policy (id=1) - export policies from source Ranger and import into target Ranger - a new policy, with status=disabled, will be created at the target Ranger; and earlier policy will continue to be present Ideally import should disable the existing policy, and not create the new policy. - Madhan Neethiraj On Oct. 23, 2020, 12:32 p.m., Dineshkumar Yadav wrote: > > ----------------------------------------------------------- > This is an automatically generated e-mail. To reply, visit: > https://reviews.apache.org/r/72957/ > ----------------------------------------------------------- > > (Updated Oct. 23, 2020, 12:32 p.m.) > > > Review request for ranger, Ankita Sinha, Gautam Borad, Kishor Gollapalliwar, > Abhay Kulkarni, Mehul Parikh, Pradeep Agrawal, and Velmurugan Periasamy. > > > Repository: ranger > > > Description > ------- > > If updateifexist/mergeIfExist parameter passed while importing the ranger > policies then additional policies are created for disabled policy with same > resource. > > Solution: 1. New disabled policy will be created only if no > resource-signature matching policy found in ranger. > 2. If policy with same resource-signature found in Ranger then > policy get merged or updated according to parameter passed during import. > 3. If multiple disabled policy with same resource-signature found > then policy with same name will be picked up for update/merge otherwise > randomly one policy will be picked-up for update/merge. > > Note: While creating new policy with existing name we appending > System.currentTimeMillis() in the name of the policy to get unique > name.(current implementation) > > > Diffs > ----- > > security-admin/src/main/java/org/apache/ranger/rest/ServiceREST.java > 4ef9abeb8 > > > Diff: https://reviews.apache.org/r/72957/diff/3/ > > > Testing > ------- > > Tested for below scenario > 1. With no disable policy > 2. With single disable policy > 3. With multiple disable policy > 4. Scenario > 1. Create enabled policy1 with resource1 and export the policy. > 2. Disabled the exported policy and try to import it. > Expected Result new disabled policy should get created. > > > Thanks, > > Dineshkumar Yadav > >
