----------------------------------------------------------- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/73659/#review223671 -----------------------------------------------------------
agents-common/src/main/java/org/apache/ranger/plugin/model/validation/RangerPolicyValidator.java Lines 544 (patched) <https://reviews.apache.org/r/73659/#comment312765> Consider moving 'action' value validations at #544 and #570, depending on presence of existing policy, to isValid() method at #109. agents-common/src/main/java/org/apache/ranger/plugin/model/validation/RangerPolicyValidator.java Lines 559 (patched) <https://reviews.apache.org/r/73659/#comment312766> Wouldn't "!policy.getIsEnabled()" be same as "existingPolicy.getIsEnabled()" - given the 'if' at #548? agents-common/src/main/java/org/apache/ranger/plugin/model/validation/RangerPolicyValidator.java Line 548 (original), 564 (patched) <https://reviews.apache.org/r/73659/#comment312767> if a policy update includes change in resources, the signatures would be different. In such case would #564 result in validation failure? Please review. - Madhan Neethiraj On Oct. 26, 2021, 5:47 p.m., Abhay Kulkarni wrote: > > ----------------------------------------------------------- > This is an automatically generated e-mail. To reply, visit: > https://reviews.apache.org/r/73659/ > ----------------------------------------------------------- > > (Updated Oct. 26, 2021, 5:47 p.m.) > > > Review request for ranger, Dineshkumar Yadav, Madhan Neethiraj, Pradeep > Agrawal, Ramesh Mani, and Sailaja Polavarapu. > > > Bugs: RANGER-3490 > https://issues.apache.org/jira/browse/RANGER-3490 > > > Repository: ranger > > > Description > ------- > > There may be multiple policies with the same resource signature within a > service (at most one enabled policy and potentially any number of disabled > policies). Therefore, the resource-signature uniqueness within a service > cannot be enforced at the database level. > > The proposal is to encode GUID of a disabled policy within the resource > signature, thus making the resource signature unique within a service. > > > Diffs > ----- > > > agents-common/src/main/java/org/apache/ranger/plugin/model/RangerPolicyResourceSignature.java > 312005e0f > > agents-common/src/main/java/org/apache/ranger/plugin/model/validation/RangerPolicyValidator.java > 0ba1fb918 > > agents-common/src/test/java/org/apache/ranger/plugin/model/TestRangerPolicyResourceSignature.java > bc9df31cc > > agents-common/src/test/java/org/apache/ranger/plugin/model/validation/TestRangerPolicyValidator.java > f0e2d07d9 > security-admin/src/main/java/org/apache/ranger/biz/ServiceDBStore.java > f13cef71d > security-admin/src/test/java/org/apache/ranger/biz/TestServiceDBStore.java > ef0d3b4eb > > > Diff: https://reviews.apache.org/r/73659/diff/2/ > > > Testing > ------- > > Compiled and ran all unit tests successfully. > > > Thanks, > > Abhay Kulkarni > >
