Re: Review Request 74268: RANGER-4031:Not able to fetch Policy details using guid /api/policy/guid/{guid} without service name

Tue, 03 Jan 2023 09:50:32 -0800 

-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/74268/#review225034
-----------------------------------------------------------




security-admin/src/main/java/org/apache/ranger/db/XXPolicyDao.java
Line 296 (original), 297 (patched)
<https://reviews.apache.org/r/74268/#comment313829>

    Please review the conditions for if/else here and consider rewritting as 
given below:
    
    if (StringUtils.isNotBlank(serviceName)) {
      if (StringUtils.isBlank(zoneName)) {
        return 
getEntityManager().createNamedQuery("XXPolicy.findPolicyByPolicyGUIDAndServiceName",
 tClass)
                                 .setParameter("guid", guid)
                                 .setParameter("serviceName", serviceName)
                                 .setParameter("zoneId", 
RangerSecurityZone.RANGER_UNZONED_SECURITY_ZONE_ID)
                                 .getSingleResult();
      } else {
        return 
getEntityManager().createNamedQuery("XXPolicy.findPolicyByPolicyGUIDAndServiceNameAndZoneName",
 tClass)
                                 .setParameter("guid", guid)
                                 .setParameter("serviceName", serviceName)
                                 .setParameter("zoneName", zoneName)
                                 .getSingleResult();
      }
    } else {
      return 
getEntityManager().createNamedQuery("XXPolicy.findPolicyByPolicyGUID", tClass)
                               .setParameter("guid", guid)
                               .getSingleResult();
    }



security-admin/src/main/resources/META-INF/jpa_named_queries.xml
Lines 421 (patched)
<https://reviews.apache.org/r/74268/#comment313830>

    Is 'and obj.service = svc.id' necessary in this query?


- Madhan Neethiraj


On Jan. 3, 2023, 3:52 p.m., Ramachandran Krishnan wrote:
> 
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/74268/
> -----------------------------------------------------------
> 
> (Updated Jan. 3, 2023, 3:52 p.m.)
> 
> 
> Review request for ranger, Don Bosco Durai, Abhay Kulkarni, Madhan Neethiraj, 
> Mehul Parikh, Nikhil P, Pradeep Agrawal, Ramesh Mani, Selvamohan Neethiraj, 
> Sailaja Polavarapu, Subhrat Chaudhary, and Velmurugan Periasamy.
> 
> 
> Bugs: RANGER-4031
>     https://issues.apache.org/jira/browse/RANGER-4031
> 
> 
> Repository: ranger
> 
> 
> Description
> -------
> 
> Not able to fetch Policy details using guid /api/policy/guid/{guid} without 
> service name
> 
> Request without servicename 
> 
> curl -s -L -X GET 
> "https://q************/service/public/v2/api/policy/guid/****-2f42-4451-9edf-****";
>  -H "Content-Type: application/json" -H "Accept: application/json" -H 
> "Authorization: Basic *********DEyMw=="
> Response : 404 
> 
> Request with servicename 
> 
> curl -s -L -X GET 
> "https://****************/service/public/v2/api/policy/guid/*****-2f42-4451-9edf-****?serviceName=hive";
>  -H "Content-Type: application/json" -H "Accept: application/json" -H 
> "Authorization: Basic ***************=="
> Response Proper : 200 with proper details 
> 
> Code : 
> https://github.com/apache/ranger/blob/master/security-admin/src/main/java/org/apache/ranger/rest/PublicAPIsv2.java#L505
> 
> @GET  @Path("/api/policy/guid/{guid}")        
> @Produces({ "application/json", "application/xml" })
> public RangerPolicy 
> getPolicyByGUIDAndServiceNameAndZoneName(@PathParam("guid") String guid,      
>                                                                               
>                                        @DefaultValue("") 
> @QueryParam("serviceName") String serviceName,                                
>                                                                               
>                   @DefaultValue("") @QueryParam("ZoneName") String zoneName) {
>               return 
> serviceREST.getPolicyByGUIDAndServiceNameAndZoneName(guid, serviceName, 
> zoneName);       } 
> As query parameters are optional it should give proper response 
> 
> Expected : User should be able to get policy details using only guid in path 
> params 
> 
> 
> As part of the current design, Ranger expects both serviceName,guid should be 
> mandatory and zoneName can be optional 
> Proposal:
> Add the logic to fetch the RangerPolicy by guid from the backend
> 
> 
> Diffs
> -----
> 
>   security-admin/src/main/java/org/apache/ranger/biz/ServiceDBStore.java 
> 6b9604817 
>   security-admin/src/main/java/org/apache/ranger/db/XXPolicyDao.java 
> 37d7561d4 
>   security-admin/src/main/java/org/apache/ranger/rest/PublicAPIsv2.java 
> c7a6ea0a6 
>   security-admin/src/main/java/org/apache/ranger/rest/ServiceREST.java 
> e17494fa9 
>   security-admin/src/main/resources/META-INF/jpa_named_queries.xml 85c8b6213 
>   security-admin/src/test/java/org/apache/ranger/biz/TestServiceDBStore.java 
> 7f1ec6d3e 
>   security-admin/src/test/java/org/apache/ranger/rest/TestPublicAPIsv2.java 
> 2a123de93 
>   security-admin/src/test/java/org/apache/ranger/rest/TestServiceREST.java 
> 7b15810e0 
> 
> 
> Diff: https://reviews.apache.org/r/74268/diff/2/
> 
> 
> Testing
> -------
> 
> 
> Thanks,
> 
> Ramachandran Krishnan
> 
>

Reply via email to