-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/74112/
-----------------------------------------------------------
(Updated Nov. 8, 2022, 3:56 a.m.)
Review request for ranger, Abhay Kulkarni, Madhan Neethiraj, Nikhil P, Pradeep
Agrawal, Ramesh Mani, Selvamohan Neethiraj, Sailaja Polavarapu, and Velmurugan
Periasamy.
Bugs: RANGER-3903
https://issues.apache.org/jira/browse/RANGER-3903
Repository: ranger
Description
-------
After going through the below code snippets in the master branch
while (iter.hasNext()) {
RangerPolicy policy = iter.next();
if (policyId.equals(policy.getId()) && (changeType ==
RangerPolicyDelta.CHANGE_TYPE_POLICY_DELETE || changeType ==
RangerPolicyDelta.CHANGE_TYPE_POLICY_UPDATE)) {
deletedPolicies.add(policy);
iter.remove();
}
}
switch (changeType) {
case RangerPolicyDelta.CHANGE_TYPE_POLICY_CREATE:
{
if (CollectionUtils.isNotEmpty(deletedPolicies)) {
LOG.warn("Unexpected: found existing policy for
CHANGE_TYPE_POLICY_CREATE: " + Arrays.toString(deletedPolicies.toArray()));
}
break;
}
case RangerPolicyDelta.CHANGE_TYPE_POLICY_UPDATE:
{
if (CollectionUtils.isEmpty(deletedPolicies) ||
deletedPolicies.size() > 1) {
LOG.warn("Unexpected: found no policy or multiple policies for
CHANGE_TYPE_POLICY_UPDATE: " + Arrays.toString(deletedPolicies.toArray()));
}
break;
}
case RangerPolicyDelta.CHANGE_TYPE_POLICY_DELETE:
{
if (CollectionUtils.isEmpty(deletedPolicies) ||
deletedPolicies.size() > 1) {
LOG.warn("Unexpected: found no policy or multiple policies for
CHANGE_TYPE_POLICY_DELETE: " + Arrays.toString(deletedPolicies.toArray()));
}
break;
}
default:
break;
}
>From the above code, we iterate delta policies and check if this policy exists
>in the existing policy, we add that to deletePolicies list.
If a delta change type is created, we expect that it should not be in the
existing old policy which should not have happened. So the below block code is
not needed
case RangerPolicyDelta.CHANGE_TYPE_POLICY_CREATE: {
if
(CollectionUtils.isNotEmpty(deletedPolicies)) {
LOG.warn("Unexpected: found existing policy
for CHANGE_TYPE_POLICY_CREATE: " + Arrays.toString(deletedPolicies.toArray()));
}
break;
}
Diffs (updated)
-----
agents-common/src/main/java/org/apache/ranger/plugin/util/RangerPolicyDeltaUtil.java
e9223fe69
Diff: https://reviews.apache.org/r/74112/diff/3/
Changes: https://reviews.apache.org/r/74112/diff/2-3/
Testing
-------
Tested the below Rest API's to make sure everything works fine
1. ServiceREST Rest API :GET /plugins/policies/download/{serviceName}
2. ServiceREST Rest API :GET /plugins/secure/policies/download/{serviceName}
Thanks,
Ramachandran Krishnan
