Re: Review Request 75359: RANGER-5113: API to delete multiple policies using a wildcard

[Madhan Neethiraj]

-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/75359/#review227279
-----------------------------------------------------------




security-admin/src/main/java/org/apache/ranger/biz/ServiceDBStore.java
Lines 1601 (patched)
<https://reviews.apache.org/r/75359/#comment315524>

    Consider replacing #1601 to #1616 with a call to:
    
    ```
    deletePolicy(policy, service);
    ```
    
    This will cause retrieval of XXService for each policy. However, this is an 
inexpensive call as the XXService object would already be in the cache.



security-admin/src/main/java/org/apache/ranger/rest/PublicAPIsv2.java
Lines 702 (patched)
<https://reviews.apache.org/r/75359/#comment315525>

    Admin access should be required to allow policy deletion i.e. audit access 
is not enough.



security-admin/src/main/java/org/apache/ranger/rest/ServiceREST.java
Lines 3271 (patched)
<https://reviews.apache.org/r/75359/#comment315527>

    policy delete should require permission to modify the policy:
    
    `isDelegatedAdminAccessAllowedForRead()` => 
`isDelegatedAdminAccessAllowedForModify()`



security-admin/src/main/java/org/apache/ranger/rest/ServiceREST.java
Lines 3285 (patched)
<https://reviews.apache.org/r/75359/#comment315526>

    Would `serviceDefImplClass` be set to any value other than 
`xServiceDef.getImplclassname()`? If not, consider eliminating #3278 - #3285.


- Madhan Neethiraj


On March 6, 2025, 8:07 a.m., Guru Thejus Arveti wrote:
> 
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/75359/
> -----------------------------------------------------------
> 
> (Updated March 6, 2025, 8:07 a.m.)
> 
> 
> Review request for ranger, Madhan Neethiraj, Pradeep Agrawal, and Ramesh Mani.
> 
> 
> Repository: ranger
> 
> 
> Description
> -------
> 
> API to delete multiple policies using a wildcard
> 
> 
> Diffs
> -----
> 
>   
> agents-common/src/main/java/org/apache/ranger/plugin/store/AbstractPredicateUtil.java
>  b4d549df7 
>   agents-common/src/main/java/org/apache/ranger/plugin/util/SearchFilter.java 
> 5a5556a2f 
>   security-admin/src/main/java/org/apache/ranger/biz/ServiceDBStore.java 
> 7beef34c7 
>   security-admin/src/main/java/org/apache/ranger/common/RangerSearchUtil.java 
> 6833048e6 
>   security-admin/src/main/java/org/apache/ranger/rest/PublicAPIsv2.java 
> 7b1eb7fe7 
>   security-admin/src/main/java/org/apache/ranger/rest/ServiceREST.java 
> f7c521111 
>   security-admin/src/test/java/org/apache/ranger/biz/TestServiceDBStore.java 
> 7747e327a 
> 
> 
> Diff: https://reviews.apache.org/r/75359/diff/5/
> 
> 
> Testing
> -------
> 
> Locally tested using docker by bulk creating ~10k policies and deleting them 
> by using the API. Time to execution ~25-30sec
> 
> 
> Thanks,
> 
> Guru Thejus Arveti
> 
>