ranger-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Dineshkumar Yadav <dineshkumar.ya...@outlook.com>
Subject Re: Review Request 73011: RANGER-3078 : Supporting import policy based on PolicyName, ServiceName and ZoneName
Date Thu, 12 Nov 2020 07:57:44 GMT

-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/73011/
-----------------------------------------------------------

(Updated Nov. 12, 2020, 7:57 a.m.)


Review request for ranger, Ankita Sinha, Gautam Borad, Abhay Kulkarni, Mehul Parikh, Pradeep
Agrawal, and Velmurugan Periasamy.


Changes
-------

added debug log and changed the rename mathod


Bugs: RANGER-3078
    https://issues.apache.org/jira/browse/RANGER-3078


Repository: ranger


Description
-------

Currently we support Import Policy by matching the resource signature of existing policy.

Now we support below matching criteria 
1. matching by resource signature
2. matching by policy Name, Service Name and Zone Name

A. By default it will use matching by resource signature. 
B. If you want to match by PolicyName then you have to pass extra parameter "policyMatchingAlgorithm=matchByName"
while calling import API.
C. if you want to specify match by resource signature then you can pass "policyMatchingAlgorithm=matchByPolicySignature"
while calling import API.


Diffs (updated)
-----

  security-admin/src/main/java/org/apache/ranger/biz/ServiceDBStore.java 3baee02fd 
  security-admin/src/main/java/org/apache/ranger/db/XXPolicyDao.java a1db6004e 
  security-admin/src/main/java/org/apache/ranger/rest/ServiceREST.java 00ffabedd 
  security-admin/src/main/resources/META-INF/jpa_named_queries.xml d608ff849 


Diff: https://reviews.apache.org/r/73011/diff/3/

Changes: https://reviews.apache.org/r/73011/diff/2-3/


Testing
-------

Testing done for updateIfExist=true with policyMatchingAlgorithm=matchByName and polResource

case1 : source cluster has policy1 with resource db1 and imported. 
      Result : Policy1 get created at target.
	
case2 : source cluster has modified policy1 added resource db2 and imported.
      Result : Policy1 get update now with resource db1,db2.

case3 : source cluster has renamed policy1 to Policy2 and imported.
      Result : Policy1 get deleted new Policy2 get created.

case3 : source cluster created new policy3 with resource db3 and imported.
      Result : Policy2 get updated and new Policy3 get created.

case3 : source cluster deleted policy2 imported.
      Result : Policy2 get deleted and new Policy3 get updated.


Thanks,

Dineshkumar Yadav


Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message