You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@ranger.apache.org by Abhay Kulkarni <ak...@hortonworks.com> on 2021/12/22 17:45:15 UTC
Review Request 73777: RANGER-3562: Redesign post commit tasks for updating ref-tables when policy/role is updated
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/73777/
-----------------------------------------------------------
Review request for ranger, Dineshkumar Yadav, Kishor Gollapalliwar, Madhan Neethiraj, Mahesh Bandal, Mehul Parikh, Pradeep Agrawal, Ramesh Mani, Sailaja Polavarapu, and Velmurugan Periasamy.
Bugs: RANGER-3562
https://issues.apache.org/jira/browse/RANGER-3562
Repository: ranger
Description
-------
If a ranger administrator creates/updates a policy or role, the users and groups specified in the policy, if not present, are created in a separate task that is executed after the original transaction is committed. This Jira addresses improving the structure and design of the post commit tasks.
Diffs
-----
security-admin/src/main/java/org/apache/ranger/biz/AssetMgr.java d3ce25158
security-admin/src/main/java/org/apache/ranger/biz/PolicyRefUpdater.java 4452676f5
security-admin/src/main/java/org/apache/ranger/biz/RoleRefUpdater.java 4c50d8176
security-admin/src/main/java/org/apache/ranger/service/RangerPluginActivityLogger.java 702df4c2c
security-admin/src/test/java/org/apache/ranger/service/TestRangerPluginActivityLogger.java e501cc33f
Diff: https://reviews.apache.org/r/73777/diff/1/
Testing
-------
Passed all unit tests
Thanks,
Abhay Kulkarni
Re: Review Request 73777: RANGER-3562: Redesign post commit tasks for updating ref-tables when policy/role is updated
Posted by Madhan Neethiraj <ma...@apache.org>.
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/73777/#review223920
-----------------------------------------------------------
Ship it!
Ship It!
- Madhan Neethiraj
On Jan. 3, 2022, 10:19 p.m., Abhay Kulkarni wrote:
>
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/73777/
> -----------------------------------------------------------
>
> (Updated Jan. 3, 2022, 10:19 p.m.)
>
>
> Review request for ranger, Dineshkumar Yadav, Kishor Gollapalliwar, Madhan Neethiraj, Mahesh Bandal, Mehul Parikh, Pradeep Agrawal, Ramesh Mani, Sailaja Polavarapu, and Velmurugan Periasamy.
>
>
> Bugs: RANGER-3562
> https://issues.apache.org/jira/browse/RANGER-3562
>
>
> Repository: ranger
>
>
> Description
> -------
>
> If a ranger administrator creates/updates a policy or role, the users and groups specified in the policy, if not present, are created in a separate task that is executed after the original transaction is committed. This Jira addresses improving the structure and design of the post commit tasks.
>
>
> Diffs
> -----
>
> security-admin/src/main/java/org/apache/ranger/biz/AssetMgr.java 36f137e63
> security-admin/src/main/java/org/apache/ranger/biz/PolicyRefUpdater.java 4452676f5
> security-admin/src/main/java/org/apache/ranger/biz/RoleRefUpdater.java 4c50d8176
> security-admin/src/main/java/org/apache/ranger/service/RangerPluginActivityLogger.java 702df4c2c
> security-admin/src/test/java/org/apache/ranger/service/TestRangerPluginActivityLogger.java e501cc33f
>
>
> Diff: https://reviews.apache.org/r/73777/diff/3/
>
>
> Testing
> -------
>
> Passed all unit tests
>
>
> Thanks,
>
> Abhay Kulkarni
>
>
Re: Review Request 73777: RANGER-3562: Redesign post commit tasks for updating ref-tables when policy/role is updated
Posted by Abhay Kulkarni <ak...@hortonworks.com>.
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/73777/
-----------------------------------------------------------
(Updated Jan. 3, 2022, 10:19 p.m.)
Review request for ranger, Dineshkumar Yadav, Kishor Gollapalliwar, Madhan Neethiraj, Mahesh Bandal, Mehul Parikh, Pradeep Agrawal, Ramesh Mani, Sailaja Polavarapu, and Velmurugan Periasamy.
Changes
-------
Addressed review comments
Bugs: RANGER-3562
https://issues.apache.org/jira/browse/RANGER-3562
Repository: ranger
Description
-------
If a ranger administrator creates/updates a policy or role, the users and groups specified in the policy, if not present, are created in a separate task that is executed after the original transaction is committed. This Jira addresses improving the structure and design of the post commit tasks.
Diffs (updated)
-----
security-admin/src/main/java/org/apache/ranger/biz/AssetMgr.java 36f137e63
security-admin/src/main/java/org/apache/ranger/biz/PolicyRefUpdater.java 4452676f5
security-admin/src/main/java/org/apache/ranger/biz/RoleRefUpdater.java 4c50d8176
security-admin/src/main/java/org/apache/ranger/service/RangerPluginActivityLogger.java 702df4c2c
security-admin/src/test/java/org/apache/ranger/service/TestRangerPluginActivityLogger.java e501cc33f
Diff: https://reviews.apache.org/r/73777/diff/3/
Changes: https://reviews.apache.org/r/73777/diff/2-3/
Testing
-------
Passed all unit tests
Thanks,
Abhay Kulkarni
Re: Review Request 73777: RANGER-3562: Redesign post commit tasks for updating ref-tables when policy/role is updated
Posted by Abhay Kulkarni <ak...@hortonworks.com>.
> On Jan. 3, 2022, 7:33 p.m., Madhan Neethiraj wrote:
> > security-admin/src/main/java/org/apache/ranger/biz/PolicyRefUpdater.java
> > Line 466 (original), 431 (patched)
> > <https://reviews.apache.org/r/73777/diff/2/?file=2257408#file2257408line524>
> >
> > when group creation fails, it might be useful to try to 'get' - as it could have been created in another trx.
> >
> > Same for role creation as well.
It's better return false. Then the caller throws Exception, the transaction fails and the retry mechanism in RangerTransactionSynchronizationAdaptor.runRunnables() will take care of a Get() in next attempt.
- Abhay
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/73777/#review223917
-----------------------------------------------------------
On Jan. 3, 2022, 6:52 p.m., Abhay Kulkarni wrote:
>
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/73777/
> -----------------------------------------------------------
>
> (Updated Jan. 3, 2022, 6:52 p.m.)
>
>
> Review request for ranger, Dineshkumar Yadav, Kishor Gollapalliwar, Madhan Neethiraj, Mahesh Bandal, Mehul Parikh, Pradeep Agrawal, Ramesh Mani, Sailaja Polavarapu, and Velmurugan Periasamy.
>
>
> Bugs: RANGER-3562
> https://issues.apache.org/jira/browse/RANGER-3562
>
>
> Repository: ranger
>
>
> Description
> -------
>
> If a ranger administrator creates/updates a policy or role, the users and groups specified in the policy, if not present, are created in a separate task that is executed after the original transaction is committed. This Jira addresses improving the structure and design of the post commit tasks.
>
>
> Diffs
> -----
>
> security-admin/src/main/java/org/apache/ranger/biz/AssetMgr.java 36f137e63
> security-admin/src/main/java/org/apache/ranger/biz/PolicyRefUpdater.java 4452676f5
> security-admin/src/main/java/org/apache/ranger/biz/RoleRefUpdater.java 4c50d8176
> security-admin/src/main/java/org/apache/ranger/service/RangerPluginActivityLogger.java 702df4c2c
> security-admin/src/test/java/org/apache/ranger/service/TestRangerPluginActivityLogger.java e501cc33f
>
>
> Diff: https://reviews.apache.org/r/73777/diff/2/
>
>
> Testing
> -------
>
> Passed all unit tests
>
>
> Thanks,
>
> Abhay Kulkarni
>
>
Re: Review Request 73777: RANGER-3562: Redesign post commit tasks for updating ref-tables when policy/role is updated
Posted by Madhan Neethiraj <ma...@apache.org>.
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/73777/#review223917
-----------------------------------------------------------
security-admin/src/main/java/org/apache/ranger/biz/PolicyRefUpdater.java
Lines 74 (patched)
<https://reviews.apache.org/r/73777/#comment312955>
USER_TYPE => PRICIPAL_TYPE
security-admin/src/main/java/org/apache/ranger/biz/PolicyRefUpdater.java
Lines 189 (patched)
<https://reviews.apache.org/r/73777/#comment312957>
"User name" => "Role name"
security-admin/src/main/java/org/apache/ranger/biz/PolicyRefUpdater.java
Line 306 (original), 295 (patched)
<https://reviews.apache.org/r/73777/#comment312956>
PolicyUGAssociator => PolicyPrincipalAssociator
security-admin/src/main/java/org/apache/ranger/biz/PolicyRefUpdater.java
Line 381 (original), 338 (patched)
<https://reviews.apache.org/r/73777/#comment312958>
createOrGetUser() => createOrGetPrincipal()
security-admin/src/main/java/org/apache/ranger/biz/PolicyRefUpdater.java
Line 445 (original), 390 (patched)
<https://reviews.apache.org/r/73777/#comment312961>
createUser() => createPrincipal()
security-admin/src/main/java/org/apache/ranger/biz/PolicyRefUpdater.java
Line 466 (original), 431 (patched)
<https://reviews.apache.org/r/73777/#comment312962>
when group creation fails, it might be useful to try to 'get' - as it could have been created in another trx.
Same for role creation as well.
- Madhan Neethiraj
On Jan. 3, 2022, 6:52 p.m., Abhay Kulkarni wrote:
>
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/73777/
> -----------------------------------------------------------
>
> (Updated Jan. 3, 2022, 6:52 p.m.)
>
>
> Review request for ranger, Dineshkumar Yadav, Kishor Gollapalliwar, Madhan Neethiraj, Mahesh Bandal, Mehul Parikh, Pradeep Agrawal, Ramesh Mani, Sailaja Polavarapu, and Velmurugan Periasamy.
>
>
> Bugs: RANGER-3562
> https://issues.apache.org/jira/browse/RANGER-3562
>
>
> Repository: ranger
>
>
> Description
> -------
>
> If a ranger administrator creates/updates a policy or role, the users and groups specified in the policy, if not present, are created in a separate task that is executed after the original transaction is committed. This Jira addresses improving the structure and design of the post commit tasks.
>
>
> Diffs
> -----
>
> security-admin/src/main/java/org/apache/ranger/biz/AssetMgr.java 36f137e63
> security-admin/src/main/java/org/apache/ranger/biz/PolicyRefUpdater.java 4452676f5
> security-admin/src/main/java/org/apache/ranger/biz/RoleRefUpdater.java 4c50d8176
> security-admin/src/main/java/org/apache/ranger/service/RangerPluginActivityLogger.java 702df4c2c
> security-admin/src/test/java/org/apache/ranger/service/TestRangerPluginActivityLogger.java e501cc33f
>
>
> Diff: https://reviews.apache.org/r/73777/diff/2/
>
>
> Testing
> -------
>
> Passed all unit tests
>
>
> Thanks,
>
> Abhay Kulkarni
>
>
Re: Review Request 73777: RANGER-3562: Redesign post commit tasks for updating ref-tables when policy/role is updated
Posted by Abhay Kulkarni <ak...@hortonworks.com>.
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/73777/
-----------------------------------------------------------
(Updated Jan. 3, 2022, 6:52 p.m.)
Review request for ranger, Dineshkumar Yadav, Kishor Gollapalliwar, Madhan Neethiraj, Mahesh Bandal, Mehul Parikh, Pradeep Agrawal, Ramesh Mani, Sailaja Polavarapu, and Velmurugan Periasamy.
Changes
-------
Clean up.
Bugs: RANGER-3562
https://issues.apache.org/jira/browse/RANGER-3562
Repository: ranger
Description
-------
If a ranger administrator creates/updates a policy or role, the users and groups specified in the policy, if not present, are created in a separate task that is executed after the original transaction is committed. This Jira addresses improving the structure and design of the post commit tasks.
Diffs (updated)
-----
security-admin/src/main/java/org/apache/ranger/biz/AssetMgr.java 36f137e63
security-admin/src/main/java/org/apache/ranger/biz/PolicyRefUpdater.java 4452676f5
security-admin/src/main/java/org/apache/ranger/biz/RoleRefUpdater.java 4c50d8176
security-admin/src/main/java/org/apache/ranger/service/RangerPluginActivityLogger.java 702df4c2c
security-admin/src/test/java/org/apache/ranger/service/TestRangerPluginActivityLogger.java e501cc33f
Diff: https://reviews.apache.org/r/73777/diff/2/
Changes: https://reviews.apache.org/r/73777/diff/1-2/
Testing
-------
Passed all unit tests
Thanks,
Abhay Kulkarni