Re: Review Request 74705: RANGER-4486: zone-v2 PUT API Partial update #2

Mon, 30 Oct 2023 15:32:07 -0700 

-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/74705/#review225906
-----------------------------------------------------------




agents-common/src/main/java/org/apache/ranger/plugin/util/RangerSecurityZoneHelper.java
Lines 147 (patched)
<https://reviews.apache.org/r/74705/#comment314313>

    Is a HashSet<>() needed here? Why not 
zone.getTagServices().containsAll(changeData.getTagServicesToRemove())?



agents-common/src/main/java/org/apache/ranger/plugin/util/RangerSecurityZoneHelper.java
Lines 187 (patched)
<https://reviews.apache.org/r/74705/#comment314314>

    isPrincipalAvailable => isRemoved



agents-common/src/main/java/org/apache/ranger/plugin/util/RangerSecurityZoneHelper.java
Lines 198 (patched)
<https://reviews.apache.org/r/74705/#comment314315>

    principal + ": principal not in an admin or auditor zone"


- Madhan Neethiraj


On Oct. 30, 2023, 5:05 p.m., Subhrat Chaudhary wrote:
> 
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/74705/
> -----------------------------------------------------------
> 
> (Updated Oct. 30, 2023, 5:05 p.m.)
> 
> 
> Review request for ranger, Anand Nadar, Ankita Sinha, Madhan Neethiraj, 
> Monika Kachhadiya, and Prashant Satam.
> 
> 
> Bugs: RANGER-4486
>     https://issues.apache.org/jira/browse/RANGER-4486
> 
> 
> Repository: ranger
> 
> 
> Description
> -------
> 
> Following issues are noticed in the zone-v2 PUT API - 
> /service/public/v2/api/zones-v2/{zone-id}/partial:
> 1. If adminsToRemove or auditorsToRemove have some principal that doesn't 
> exist, response is true (updated to throw exception in this case).
> 2. If tagServicesToRemove have some tag service name that doesn't exist, 
> response is true (updated to throw exception in this case).
> 3. If resourcesToRemove have some resource that doesn't exist, response is 
> true (updated to throw exception in this case).
> 4. If the resource, is updated, the audit data i.e. createdBy and createTime 
> is overwritten,
> 
> 
> Diffs
> -----
> 
>   
> agents-common/src/main/java/org/apache/ranger/plugin/util/RangerSecurityZoneHelper.java
>  fbdacd4a6 
>   security-admin/src/main/java/org/apache/ranger/rest/SecurityZoneREST.java 
> f45cdd396 
> 
> 
> Diff: https://reviews.apache.org/r/74705/diff/1/
> 
> 
> Testing
> -------
> 
> Validations done:
> 1.Tried to remove resources (one valid and one invalid) from a zone using 
> partial PUT API - error thrown.
> 2.Tried to remove tag services (one valid and one invalid) from a zone using 
> partial PUT API - error thrown.
> 3.Tried to remove user (one valid and one invalid) from a zone using partial 
> PUT API - error thrown.
> 4.Updated resource using zone-v2 PUT API - createdBy/createTime available in 
> updated resource in the zone.
> 
> 
> Thanks,
> 
> Subhrat Chaudhary
> 
>

Reply via email to