[
https://issues.apache.org/jira/browse/RANGER-2855?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17148567#comment-17148567
]
Pradeep Agrawal commented on RANGER-2855:
-----------------------------------------
Patch committed :
[https://github.com/apache/ranger/commit/a14b6d6aa57d6bc0026713e73750df716c65aa8f]
> import policy for ranger is not working properly if updateifexist parameter
> is passed
> -------------------------------------------------------------------------------------
>
> Key: RANGER-2855
> URL: https://issues.apache.org/jira/browse/RANGER-2855
> Project: Ranger
> Issue Type: Bug
> Components: Ranger
> Reporter: Dineshkumar Yadav
> Assignee: Dineshkumar Yadav
> Priority: Major
> Fix For: 2.1.0
>
>
> *Problem Statement:*
> Currently, Import Policy API provide option to updateIfExist all policies of
> given service but it update the non matching policy.
> *Current Imlementation*
> 'updateIfExists' flag : API shall update existing policies with new policy
> json based on either of the following conditions.
> a) existing and new policy guid is matching
> b) existing and new policy name, service and zone are matching
> c) existing and new policy name and service are matching.
> If there is a policy which matches the resource, the policy should be updated
> with the data provided.
> If there is no policy which matches the resource, a new policy should be
> created with the data provided.
> *Proposed Solution :*
> Patch shall compare resource signature of existing policy with new policy
> provide if it matches then update otherwise create new policy.
> *Behaviour of the Import API shall be:*
> 1) 'Override' flag : API shall delete all the policies of given target
> service and shall create the new policies from the received json.
> 2) 'deleteIfExists' flag : API shall delete those existing policies which are
> exactly matching after comparing with new policy based on their resources.
> After deleting the existing policy, API shall create the new policy from the
> given json file.
> 3) 'updateIfExists' flag with polResource input : API shall delete all the
> existing policies from target service of which resources are exactly matching
> with given policies resources.
> 4) 'updateIfExists' flag without resource input : API shall update existing
> policies with new policy json based on following conditions.
> a) existing and new policy should match by resource signature
> 5) 'mergeIfExists' flag : API shall merge the existing policy's policy-items
> with the new policy of which resources will match exactly with available
> policies.
> 6) 'deleteIfExists' flag and 'updateIfExists' : delete the policies of which
> resources are exactly matching. update the policies which are matching else
> will create the policy.
> If none of the cases are matching then API shall try to create the policy.
> Policy creation validation will be done before creating the policy.
>
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
