---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/72586/#review221008
---
Ship it!
Ship It!
- Abhay Kulkarni
On June 12, 2020, 12:31 p.m., Dineshkumar Yadav wrote:
>
> ---
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/72586/
> ---
>
> (Updated June 12, 2020, 12:31 p.m.)
>
>
> Review request for ranger, Ankita Sinha, Gautam Borad, Kishor Gollapalliwar,
> Abhay Kulkarni, Madhan Neethiraj, Mehul Parikh, Pradeep Agrawal, Vishal
> Suvagia, and Velmurugan Periasamy.
>
>
> Repository: ranger
>
>
> Description
> ---
>
> Problem Statement:
>
> Currently, Import Policy API provide option to updateIfExist all policies of
> given service but it update the non matching policy.
>
> Current Imlementation
> 'updateIfExists' flag : API shall update existing policies with new policy
> json based on either of the following conditions.
> a) existing and new policy guid is matching
> b) existing and new policy name, service and zone are matching
> c) existing and new policy name and service are matching.
>
> If there is a policy which matches the resource, the policy should be updated
> with the data provided.
> If there is no policy which matches the resource, a new policy should be
> created with the data provided.
>
> Proposed Solution :
> Patch shall compare resource signature of existing policy with new policy
> provide if it matches then update otherwise create new policy.
>
> Behaviour of the Import API shall be:
> 1) 'Override' flag : API shall delete all the policies of given target
> service and shall create the new policies from the received json.
> 2) 'deleteIfExists' flag : API shall delete those existing policies which are
> exactly matching after comparing with new policy based on their resources.
> After deleting the existing policy, API shall create the new policy from the
> given json file.
> 3) 'updateIfExists' flag with polResource input : API shall delete all the
> existing policies from target service of which resources are exactly matching
> with given policies resources.
> 4) 'updateIfExists' flag without resource input : API shall update existing
> policies with new policy json based on following conditions.
> a) existing and new policy should match by resource signature
> 5) 'mergeIfExists' flag : API shall merge the existing policy's policy-items
> with the new policy of which resources will match exactly with available
> policies.
> 6) 'deleteIfExists' flag and 'updateIfExists' : delete the policies of which
> resources are exactly matching. update the policies which are matching else
> will create the policy.
> If none of the cases are matching then API shall try to create the policy.
> Policy creation validation will be done before creating the policy.
>
>
> Diffs
> -
>
> security-admin/src/main/java/org/apache/ranger/rest/ServiceREST.java
> 1bdee86d3
>
>
> Diff: https://reviews.apache.org/r/72586/diff/1/
>
>
> Testing
> ---
>
> Testing done
> Without patch
> When we import policy policy in ranger it override the existing policy.
>
> After applying patch
> New policy is getting created when no matching policy is found.
>
>
> Thanks,
>
> Dineshkumar Yadav
>
>