> On Jan. 20, 2023, 5:56 p.m., Madhan Neethiraj wrote:
> > security-admin/src/main/java/org/apache/ranger/rest/PublicAPIsv2.java
> > Line 471 (original), 471 (patched)
> > <https://reviews.apache.org/r/74251/diff/3/?file=2273892#file2273892line471>
> >
> > Multiple policies within a service can have the same name - each in
> > different zone. Please review and update to handle this case.
When we pass the serviceName and policyName and zoneName is null then
we will use the ZoneId is RangerSecurityZone.RANGER_UNZONED_SECURITY_ZONE_ID
and getting the single result from DB
if (StringUtils.isNotBlank(serviceName) && StringUtils.isNotBlank(policyName))
{
XXPolicy dbPolicy = daoManager.getXXPolicy().findPolicy(policyName,
serviceName, null);
if (dbPolicy != null) {
ret = policyService.getPopulatedViewObject(dbPolicy);
}
}
public XXPolicy findPolicy(String policyName, String serviceName, String
zoneName) {
if (policyName == null || serviceName == null) {
return null;
}
try {
if (zoneName == null) {
return
getEntityManager().createNamedQuery("XXPolicy.findPolicyByPolicyNameAndServiceName",
tClass)
.setParameter("policyName", policyName).setParameter("serviceName",
serviceName)
.setParameter("zoneId",
RangerSecurityZone.RANGER_UNZONED_SECURITY_ZONE_ID)
.getSingleResult();
} else {
return getEntityManager()
.createNamedQuery("XXPolicy.findPolicyByPolicyNameAndServiceNameAndZoneName",
tClass)
.setParameter("policyName", policyName).setParameter("serviceName",
serviceName)
.setParameter("zoneName", zoneName).getSingleResult();
}
} catch (NoResultException e) {
return null;
}
}
- Ramachandran
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/74251/#review225110
-----------------------------------------------------------
On Jan. 20, 2023, 3:22 p.m., Ramachandran Krishnan wrote:
>
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/74251/
> -----------------------------------------------------------
>
> (Updated Jan. 20, 2023, 3:22 p.m.)
>
>
> Review request for ranger, Don Bosco Durai, Kirby Zhou, Abhay Kulkarni,
> Madhan Neethiraj, Mehul Parikh, Nikhil P, Pradeep Agrawal, Ramesh Mani,
> Selvamohan Neethiraj, Sailaja Polavarapu, Subhrat Chaudhary, and Velmurugan
> Periasamy.
>
>
> Bugs: RANGER-4012
> https://issues.apache.org/jira/browse/RANGER-4012
>
>
> Repository: ranger
>
>
> Description
> -------
>
> getPolicyByName searches policy by serviceName, policyName simply by traverse
> all policies in RangerServicePoliciesCache.
>
> However, It takes more time to search for policies from the cache when there
> are millions of policies
>
> As well as The above REST API sometimes gives stable data due to the deleted
> element is present in the Cache
>
> We need to call the DB to fetch policy instead of calling
> RangerServicePoliciesCache
>
> In PublicAPIsv2 we add the API's which are available in ServiceREST as an API
> and the getPolicyByName is not available as an API in ServiceREST.
>
> getPolicyByName ---> (/api/service/{servicename}/policy/{policyname}) in
> PublicAPIsv2
>
> I guess we should add the below API in ServiceREST also for the same.
>
> getPolicyByName ---> (/policies/service/{serviceName}/policy/{policyName}) in
> ServiceREST
>
>
> Diffs
> -----
>
> security-admin/src/main/java/org/apache/ranger/rest/PublicAPIsv2.java
> d98910bee
> security-admin/src/main/java/org/apache/ranger/rest/ServiceREST.java
> ec02f47f7
> security-admin/src/test/java/org/apache/ranger/rest/TestPublicAPIsv2.java
> 7409883ab
> security-admin/src/test/java/org/apache/ranger/rest/TestServiceREST.java
> 8fdcc43c8
>
>
> Diff: https://reviews.apache.org/r/74251/diff/3/
>
>
> Testing
> -------
>
>
> Thanks,
>
> Ramachandran Krishnan
>
>
