You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@ranger.apache.org by Abhay Kulkarni <ak...@hortonworks.com> on 2021/12/22 17:45:15 UTC

Review Request 73777: RANGER-3562: Redesign post commit tasks for updating ref-tables when policy/role is updated

-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/73777/
-----------------------------------------------------------

Review request for ranger, Dineshkumar Yadav, Kishor Gollapalliwar, Madhan Neethiraj, Mahesh Bandal, Mehul Parikh, Pradeep Agrawal, Ramesh Mani, Sailaja Polavarapu, and Velmurugan Periasamy.


Bugs: RANGER-3562
    https://issues.apache.org/jira/browse/RANGER-3562


Repository: ranger


Description
-------

If a ranger administrator creates/updates a policy or role, the users and groups specified in the policy, if not present, are created in a separate task that is executed after the original transaction is committed. This Jira addresses improving the structure and design of the post commit tasks.


Diffs
-----

  security-admin/src/main/java/org/apache/ranger/biz/AssetMgr.java d3ce25158 
  security-admin/src/main/java/org/apache/ranger/biz/PolicyRefUpdater.java 4452676f5 
  security-admin/src/main/java/org/apache/ranger/biz/RoleRefUpdater.java 4c50d8176 
  security-admin/src/main/java/org/apache/ranger/service/RangerPluginActivityLogger.java 702df4c2c 
  security-admin/src/test/java/org/apache/ranger/service/TestRangerPluginActivityLogger.java e501cc33f 


Diff: https://reviews.apache.org/r/73777/diff/1/


Testing
-------

Passed all unit tests


Thanks,

Abhay Kulkarni

Re: Review Request 73777: RANGER-3562: Redesign post commit tasks for updating ref-tables when policy/role is updated

Posted by Madhan Neethiraj <ma...@apache.org>.

-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/73777/#review223920
-----------------------------------------------------------


Ship it!




Ship It!

- Madhan Neethiraj


On Jan. 3, 2022, 10:19 p.m., Abhay Kulkarni wrote:
> 
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/73777/
> -----------------------------------------------------------
> 
> (Updated Jan. 3, 2022, 10:19 p.m.)
> 
> 
> Review request for ranger, Dineshkumar Yadav, Kishor Gollapalliwar, Madhan Neethiraj, Mahesh Bandal, Mehul Parikh, Pradeep Agrawal, Ramesh Mani, Sailaja Polavarapu, and Velmurugan Periasamy.
> 
> 
> Bugs: RANGER-3562
>     https://issues.apache.org/jira/browse/RANGER-3562
> 
> 
> Repository: ranger
> 
> 
> Description
> -------
> 
> If a ranger administrator creates/updates a policy or role, the users and groups specified in the policy, if not present, are created in a separate task that is executed after the original transaction is committed. This Jira addresses improving the structure and design of the post commit tasks.
> 
> 
> Diffs
> -----
> 
>   security-admin/src/main/java/org/apache/ranger/biz/AssetMgr.java 36f137e63 
>   security-admin/src/main/java/org/apache/ranger/biz/PolicyRefUpdater.java 4452676f5 
>   security-admin/src/main/java/org/apache/ranger/biz/RoleRefUpdater.java 4c50d8176 
>   security-admin/src/main/java/org/apache/ranger/service/RangerPluginActivityLogger.java 702df4c2c 
>   security-admin/src/test/java/org/apache/ranger/service/TestRangerPluginActivityLogger.java e501cc33f 
> 
> 
> Diff: https://reviews.apache.org/r/73777/diff/3/
> 
> 
> Testing
> -------
> 
> Passed all unit tests
> 
> 
> Thanks,
> 
> Abhay Kulkarni
> 
>

Re: Review Request 73777: RANGER-3562: Redesign post commit tasks for updating ref-tables when policy/role is updated

Posted by Abhay Kulkarni <ak...@hortonworks.com>.

-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/73777/
-----------------------------------------------------------

(Updated Jan. 3, 2022, 10:19 p.m.)


Review request for ranger, Dineshkumar Yadav, Kishor Gollapalliwar, Madhan Neethiraj, Mahesh Bandal, Mehul Parikh, Pradeep Agrawal, Ramesh Mani, Sailaja Polavarapu, and Velmurugan Periasamy.


Changes
-------

Addressed review comments


Bugs: RANGER-3562
    https://issues.apache.org/jira/browse/RANGER-3562


Repository: ranger


Description
-------

If a ranger administrator creates/updates a policy or role, the users and groups specified in the policy, if not present, are created in a separate task that is executed after the original transaction is committed. This Jira addresses improving the structure and design of the post commit tasks.


Diffs (updated)
-----

  security-admin/src/main/java/org/apache/ranger/biz/AssetMgr.java 36f137e63 
  security-admin/src/main/java/org/apache/ranger/biz/PolicyRefUpdater.java 4452676f5 
  security-admin/src/main/java/org/apache/ranger/biz/RoleRefUpdater.java 4c50d8176 
  security-admin/src/main/java/org/apache/ranger/service/RangerPluginActivityLogger.java 702df4c2c 
  security-admin/src/test/java/org/apache/ranger/service/TestRangerPluginActivityLogger.java e501cc33f 


Diff: https://reviews.apache.org/r/73777/diff/3/

Changes: https://reviews.apache.org/r/73777/diff/2-3/


Testing
-------

Passed all unit tests


Thanks,

Abhay Kulkarni

Re: Review Request 73777: RANGER-3562: Redesign post commit tasks for updating ref-tables when policy/role is updated

Posted by Abhay Kulkarni <ak...@hortonworks.com>.


> On Jan. 3, 2022, 7:33 p.m., Madhan Neethiraj wrote:
> > security-admin/src/main/java/org/apache/ranger/biz/PolicyRefUpdater.java
> > Line 466 (original), 431 (patched)
> > <https://reviews.apache.org/r/73777/diff/2/?file=2257408#file2257408line524>
> >
> >     when group creation fails, it might be useful to try to 'get' - as it could have been created in another trx.
> >     
> >     Same for role creation as well.

It's better return false. Then the caller throws Exception, the transaction fails and the retry mechanism in RangerTransactionSynchronizationAdaptor.runRunnables() will take care of a Get() in next attempt.


- Abhay


-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/73777/#review223917
-----------------------------------------------------------


On Jan. 3, 2022, 6:52 p.m., Abhay Kulkarni wrote:
> 
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/73777/
> -----------------------------------------------------------
> 
> (Updated Jan. 3, 2022, 6:52 p.m.)
> 
> 
> Review request for ranger, Dineshkumar Yadav, Kishor Gollapalliwar, Madhan Neethiraj, Mahesh Bandal, Mehul Parikh, Pradeep Agrawal, Ramesh Mani, Sailaja Polavarapu, and Velmurugan Periasamy.
> 
> 
> Bugs: RANGER-3562
>     https://issues.apache.org/jira/browse/RANGER-3562
> 
> 
> Repository: ranger
> 
> 
> Description
> -------
> 
> If a ranger administrator creates/updates a policy or role, the users and groups specified in the policy, if not present, are created in a separate task that is executed after the original transaction is committed. This Jira addresses improving the structure and design of the post commit tasks.
> 
> 
> Diffs
> -----
> 
>   security-admin/src/main/java/org/apache/ranger/biz/AssetMgr.java 36f137e63 
>   security-admin/src/main/java/org/apache/ranger/biz/PolicyRefUpdater.java 4452676f5 
>   security-admin/src/main/java/org/apache/ranger/biz/RoleRefUpdater.java 4c50d8176 
>   security-admin/src/main/java/org/apache/ranger/service/RangerPluginActivityLogger.java 702df4c2c 
>   security-admin/src/test/java/org/apache/ranger/service/TestRangerPluginActivityLogger.java e501cc33f 
> 
> 
> Diff: https://reviews.apache.org/r/73777/diff/2/
> 
> 
> Testing
> -------
> 
> Passed all unit tests
> 
> 
> Thanks,
> 
> Abhay Kulkarni
> 
>

Re: Review Request 73777: RANGER-3562: Redesign post commit tasks for updating ref-tables when policy/role is updated

Posted by Madhan Neethiraj <ma...@apache.org>.

-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/73777/#review223917
-----------------------------------------------------------




security-admin/src/main/java/org/apache/ranger/biz/PolicyRefUpdater.java
Lines 74 (patched)
<https://reviews.apache.org/r/73777/#comment312955>

    USER_TYPE => PRICIPAL_TYPE



security-admin/src/main/java/org/apache/ranger/biz/PolicyRefUpdater.java
Lines 189 (patched)
<https://reviews.apache.org/r/73777/#comment312957>

    "User name" => "Role name"



security-admin/src/main/java/org/apache/ranger/biz/PolicyRefUpdater.java
Line 306 (original), 295 (patched)
<https://reviews.apache.org/r/73777/#comment312956>

    PolicyUGAssociator => PolicyPrincipalAssociator



security-admin/src/main/java/org/apache/ranger/biz/PolicyRefUpdater.java
Line 381 (original), 338 (patched)
<https://reviews.apache.org/r/73777/#comment312958>

    createOrGetUser() => createOrGetPrincipal()



security-admin/src/main/java/org/apache/ranger/biz/PolicyRefUpdater.java
Line 445 (original), 390 (patched)
<https://reviews.apache.org/r/73777/#comment312961>

    createUser() => createPrincipal()



security-admin/src/main/java/org/apache/ranger/biz/PolicyRefUpdater.java
Line 466 (original), 431 (patched)
<https://reviews.apache.org/r/73777/#comment312962>

    when group creation fails, it might be useful to try to 'get' - as it could have been created in another trx.
    
    Same for role creation as well.


- Madhan Neethiraj


On Jan. 3, 2022, 6:52 p.m., Abhay Kulkarni wrote:
> 
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/73777/
> -----------------------------------------------------------
> 
> (Updated Jan. 3, 2022, 6:52 p.m.)
> 
> 
> Review request for ranger, Dineshkumar Yadav, Kishor Gollapalliwar, Madhan Neethiraj, Mahesh Bandal, Mehul Parikh, Pradeep Agrawal, Ramesh Mani, Sailaja Polavarapu, and Velmurugan Periasamy.
> 
> 
> Bugs: RANGER-3562
>     https://issues.apache.org/jira/browse/RANGER-3562
> 
> 
> Repository: ranger
> 
> 
> Description
> -------
> 
> If a ranger administrator creates/updates a policy or role, the users and groups specified in the policy, if not present, are created in a separate task that is executed after the original transaction is committed. This Jira addresses improving the structure and design of the post commit tasks.
> 
> 
> Diffs
> -----
> 
>   security-admin/src/main/java/org/apache/ranger/biz/AssetMgr.java 36f137e63 
>   security-admin/src/main/java/org/apache/ranger/biz/PolicyRefUpdater.java 4452676f5 
>   security-admin/src/main/java/org/apache/ranger/biz/RoleRefUpdater.java 4c50d8176 
>   security-admin/src/main/java/org/apache/ranger/service/RangerPluginActivityLogger.java 702df4c2c 
>   security-admin/src/test/java/org/apache/ranger/service/TestRangerPluginActivityLogger.java e501cc33f 
> 
> 
> Diff: https://reviews.apache.org/r/73777/diff/2/
> 
> 
> Testing
> -------
> 
> Passed all unit tests
> 
> 
> Thanks,
> 
> Abhay Kulkarni
> 
>

Re: Review Request 73777: RANGER-3562: Redesign post commit tasks for updating ref-tables when policy/role is updated

Posted by Abhay Kulkarni <ak...@hortonworks.com>.

-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/73777/
-----------------------------------------------------------

(Updated Jan. 3, 2022, 6:52 p.m.)


Review request for ranger, Dineshkumar Yadav, Kishor Gollapalliwar, Madhan Neethiraj, Mahesh Bandal, Mehul Parikh, Pradeep Agrawal, Ramesh Mani, Sailaja Polavarapu, and Velmurugan Periasamy.


Changes
-------

Clean up.


Bugs: RANGER-3562
    https://issues.apache.org/jira/browse/RANGER-3562


Repository: ranger


Description
-------

If a ranger administrator creates/updates a policy or role, the users and groups specified in the policy, if not present, are created in a separate task that is executed after the original transaction is committed. This Jira addresses improving the structure and design of the post commit tasks.


Diffs (updated)
-----

  security-admin/src/main/java/org/apache/ranger/biz/AssetMgr.java 36f137e63 
  security-admin/src/main/java/org/apache/ranger/biz/PolicyRefUpdater.java 4452676f5 
  security-admin/src/main/java/org/apache/ranger/biz/RoleRefUpdater.java 4c50d8176 
  security-admin/src/main/java/org/apache/ranger/service/RangerPluginActivityLogger.java 702df4c2c 
  security-admin/src/test/java/org/apache/ranger/service/TestRangerPluginActivityLogger.java e501cc33f 


Diff: https://reviews.apache.org/r/73777/diff/2/

Changes: https://reviews.apache.org/r/73777/diff/1-2/


Testing
-------

Passed all unit tests


Thanks,

Abhay Kulkarni