> On Jan. 20, 2023, 5:56 p.m., Madhan Neethiraj wrote: > > security-admin/src/main/java/org/apache/ranger/rest/PublicAPIsv2.java > > Line 471 (original), 471 (patched) > > <https://reviews.apache.org/r/74251/diff/3/?file=2273892#file2273892line471> > > > > Multiple policies within a service can have the same name - each in > > different zone. Please review and update to handle this case. > > Ramachandran Krishnan wrote: > When we pass the serviceName and policyName and zoneName is null then > we will use the ZoneId is > RangerSecurityZone.RANGER_UNZONED_SECURITY_ZONE_ID > and getting the single result from DB > > if (StringUtils.isNotBlank(serviceName) && > StringUtils.isNotBlank(policyName)) { > XXPolicy dbPolicy = daoManager.getXXPolicy().findPolicy(policyName, > serviceName, null); > if (dbPolicy != null) { > ret = policyService.getPopulatedViewObject(dbPolicy); > } > } > > > public XXPolicy findPolicy(String policyName, String serviceName, > String zoneName) { > if (policyName == null || serviceName == null) { > return null; > } > > try { > if (zoneName == null) { > return > getEntityManager().createNamedQuery("XXPolicy.findPolicyByPolicyNameAndServiceName", > tClass) > .setParameter("policyName", > policyName).setParameter("serviceName", serviceName) > .setParameter("zoneId", > RangerSecurityZone.RANGER_UNZONED_SECURITY_ZONE_ID) > .getSingleResult(); > } else { > return getEntityManager() > > .createNamedQuery("XXPolicy.findPolicyByPolicyNameAndServiceNameAndZoneName", > tClass) > .setParameter("policyName", > policyName).setParameter("serviceName", serviceName) > .setParameter("zoneName", zoneName).getSingleResult(); > } > } catch (NoResultException e) { > return null; > } > > } > > Madhan Neethiraj wrote: > @Ramachandran - given PublicAPIsv2.getPolicyByName() doesn't deal with > zoneName, how would the API caller supply zoneName when necessary? > > Ramachandran Krishnan wrote: > @madhan Yeah ,We are not provoding the option to caller for passing the > zoneName in the PublicAPIsv2.getPolicyByName() > Instead we can change the rest api for the caller to pass zoneName as > query parameter > like > /api/service/{servicename}/policy/{policyname}?zoneName=test1 > > @GET > @Path("/api/service/{servicename}/policy/{policyname}") > @Produces({ "application/json" }) > public RangerPolicy getPolicyByName(@PathParam("servicename") String > serviceName, > @PathParam("policyname") String > policyName, > @DefaultValue("") > @QueryParam("zoneName") String zoneName, > @Context HttpServletRequest > request) { > > So that caller can pass zoneName if it needed
Please take a look at the changes required here as well : https://github.com/apache/ranger/blob/master/intg/src/main/java/org/apache/ranger/RangerClient.java#L283 - Abhishek ----------------------------------------------------------- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/74251/#review225110 ----------------------------------------------------------- On Jan. 23, 2023, 4:41 a.m., Ramachandran Krishnan wrote: > > ----------------------------------------------------------- > This is an automatically generated e-mail. To reply, visit: > https://reviews.apache.org/r/74251/ > ----------------------------------------------------------- > > (Updated Jan. 23, 2023, 4:41 a.m.) > > > Review request for ranger, Don Bosco Durai, Kirby Zhou, Abhay Kulkarni, > Madhan Neethiraj, Mehul Parikh, Nikhil P, Pradeep Agrawal, Ramesh Mani, > Selvamohan Neethiraj, Sailaja Polavarapu, Subhrat Chaudhary, and Velmurugan > Periasamy. > > > Bugs: RANGER-4012 > https://issues.apache.org/jira/browse/RANGER-4012 > > > Repository: ranger > > > Description > ------- > > getPolicyByName searches policy by serviceName, policyName simply by traverse > all policies in RangerServicePoliciesCache. > > However, It takes more time to search for policies from the cache when there > are millions of policies > > As well as The above REST API sometimes gives stable data due to the deleted > element is present in the Cache > > We need to call the DB to fetch policy instead of calling > RangerServicePoliciesCache > > In PublicAPIsv2 we add the API's which are available in ServiceREST as an API > and the getPolicyByName is not available as an API in ServiceREST. > > getPolicyByName ---> (/api/service/{servicename}/policy/{policyname}) in > PublicAPIsv2 > > I guess we should add the below API in ServiceREST also for the same. > > getPolicyByName ---> (/policies/service/{serviceName}/policy/{policyName}) in > ServiceREST > > > Diffs > ----- > > security-admin/src/main/java/org/apache/ranger/rest/PublicAPIsv2.java > d98910bee > security-admin/src/main/java/org/apache/ranger/rest/ServiceREST.java > ec02f47f7 > security-admin/src/test/java/org/apache/ranger/rest/TestPublicAPIsv2.java > 7409883ab > security-admin/src/test/java/org/apache/ranger/rest/TestServiceREST.java > 8fdcc43c8 > > > Diff: https://reviews.apache.org/r/74251/diff/4/ > > > Testing > ------- > > > Thanks, > > Ramachandran Krishnan > >
