Review Request 71023: RANGER-2500: Zone Policies not getting imported when 'updateIfExists=true' is passed through curl

Sun, 07 Jul 2019 22:40:23 -0700 

-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/71023/
-----------------------------------------------------------

Review request for ranger, Ankita Sinha, bhavik patel, Gautam Borad, Abhay 
Kulkarni, Madhan Neethiraj, Mehul Parikh, Nikhil P, Nitin Galave, Ramesh Mani, 
Sailaja Polavarapu, and Velmurugan Periasamy.


Bugs: RANGER-2500
    https://issues.apache.org/jira/browse/RANGER-2500


Repository: ranger


Description
-------

**Problem Statement:** Zone Policies import may fail when 'updateIfExists=true' 
is passed through curl. 
After zone implementation its possible that same policy may exist in a zone and 
unzone. if it exists unzone then the current implementation will bring that 
existing db object in memory and try to update the same with new request. since 
the request will try to update unzone policy to a zone policy; the request will 
fail during the policy update validation as there is a check that policy zone 
can't be updated.

**Proposed Solution:** The proposed solution will bring policy from respective 
zone only. This way policy update request will happen with in the same zone 
policy and update validation shall pass.

**Other notes:**
When updateIfExists true is passed then following flow will happen.
1) First it will check if the new policy guid and the existing policy guid is 
same or not. if found same then it will try to update that record. please note 
that if existing object is in unzone and the new request is for the zone then 
request may fail due to policy update validation check as mentioned above.
2) if first condition is not applied then it will try to get a policy by name 
and zone. if record is found then it will try to update that record. 
3) if first and second condition is not applied then it will try to get a 
policy by name. if record is found then it will try to update that record. 
4) if any of the above condition fail then policy update will fail but if all 
three conditions are not met then it will try to create the policy.


Diffs
-----

  security-admin/src/main/java/org/apache/ranger/rest/ServiceREST.java 
171d73bfa 


Diff: https://reviews.apache.org/r/71023/diff/1/


Testing
-------

Tested with 'updateIfExists=true' param and unable to reproduce the case.


Thanks,

Pradeep Agrawal

Reply via email to