You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@ranger.apache.org by Dineshkumar Yadav <di...@outlook.com> on 2020/11/12 07:57:44 UTC
Re: Review Request 73011: RANGER-3078 : Supporting import policy
based on PolicyName, ServiceName and ZoneName
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/73011/
-----------------------------------------------------------
(Updated Nov. 12, 2020, 7:57 a.m.)
Review request for ranger, Ankita Sinha, Gautam Borad, Abhay Kulkarni, Mehul Parikh, Pradeep Agrawal, and Velmurugan Periasamy.
Changes
-------
added debug log and changed the rename mathod
Bugs: RANGER-3078
https://issues.apache.org/jira/browse/RANGER-3078
Repository: ranger
Description
-------
Currently we support Import Policy by matching the resource signature of existing policy.
Now we support below matching criteria
1. matching by resource signature
2. matching by policy Name, Service Name and Zone Name
A. By default it will use matching by resource signature.
B. If you want to match by PolicyName then you have to pass extra parameter "policyMatchingAlgorithm=matchByName" while calling import API.
C. if you want to specify match by resource signature then you can pass "policyMatchingAlgorithm=matchByPolicySignature" while calling import API.
Diffs (updated)
-----
security-admin/src/main/java/org/apache/ranger/biz/ServiceDBStore.java 3baee02fd
security-admin/src/main/java/org/apache/ranger/db/XXPolicyDao.java a1db6004e
security-admin/src/main/java/org/apache/ranger/rest/ServiceREST.java 00ffabedd
security-admin/src/main/resources/META-INF/jpa_named_queries.xml d608ff849
Diff: https://reviews.apache.org/r/73011/diff/3/
Changes: https://reviews.apache.org/r/73011/diff/2-3/
Testing
-------
Testing done for updateIfExist=true with policyMatchingAlgorithm=matchByName and polResource
case1 : source cluster has policy1 with resource db1 and imported.
Result : Policy1 get created at target.
case2 : source cluster has modified policy1 added resource db2 and imported.
Result : Policy1 get update now with resource db1,db2.
case3 : source cluster has renamed policy1 to Policy2 and imported.
Result : Policy1 get deleted new Policy2 get created.
case3 : source cluster created new policy3 with resource db3 and imported.
Result : Policy2 get updated and new Policy3 get created.
case3 : source cluster deleted policy2 imported.
Result : Policy2 get deleted and new Policy3 get updated.
Thanks,
Dineshkumar Yadav
Re: Review Request 73011: RANGER-3078 : Supporting import policy
based on PolicyName, ServiceName and ZoneName
Posted by Abhay Kulkarni <ak...@hortonworks.com>.
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/73011/#review222202
-----------------------------------------------------------
Ship it!
Ship It!
- Abhay Kulkarni
On Nov. 12, 2020, 7:57 a.m., Dineshkumar Yadav wrote:
>
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/73011/
> -----------------------------------------------------------
>
> (Updated Nov. 12, 2020, 7:57 a.m.)
>
>
> Review request for ranger, Ankita Sinha, Gautam Borad, Abhay Kulkarni, Mehul Parikh, Pradeep Agrawal, and Velmurugan Periasamy.
>
>
> Bugs: RANGER-3078
> https://issues.apache.org/jira/browse/RANGER-3078
>
>
> Repository: ranger
>
>
> Description
> -------
>
> Currently we support Import Policy by matching the resource signature of existing policy.
>
> Now we support below matching criteria
> 1. matching by resource signature
> 2. matching by policy Name, Service Name and Zone Name
>
> A. By default it will use matching by resource signature.
> B. If you want to match by PolicyName then you have to pass extra parameter "policyMatchingAlgorithm=matchByName" while calling import API.
> C. if you want to specify match by resource signature then you can pass "policyMatchingAlgorithm=matchByPolicySignature" while calling import API.
>
>
> Diffs
> -----
>
> security-admin/src/main/java/org/apache/ranger/biz/ServiceDBStore.java 3baee02fd
> security-admin/src/main/java/org/apache/ranger/db/XXPolicyDao.java a1db6004e
> security-admin/src/main/java/org/apache/ranger/rest/ServiceREST.java 00ffabedd
> security-admin/src/main/resources/META-INF/jpa_named_queries.xml d608ff849
>
>
> Diff: https://reviews.apache.org/r/73011/diff/3/
>
>
> Testing
> -------
>
> Testing done for updateIfExist=true with policyMatchingAlgorithm=matchByName and polResource
>
> case1 : source cluster has policy1 with resource db1 and imported.
> Result : Policy1 get created at target.
>
> case2 : source cluster has modified policy1 added resource db2 and imported.
> Result : Policy1 get update now with resource db1,db2.
>
> case3 : source cluster has renamed policy1 to Policy2 and imported.
> Result : Policy1 get deleted new Policy2 get created.
>
> case3 : source cluster created new policy3 with resource db3 and imported.
> Result : Policy2 get updated and new Policy3 get created.
>
> case3 : source cluster deleted policy2 imported.
> Result : Policy2 get deleted and new Policy3 get updated.
>
>
> Thanks,
>
> Dineshkumar Yadav
>
>