WHBANG commented on code in PR #1507:
URL:
https://github.com/apache/incubator-pegasus/pull/1507#discussion_r1214242713
##########
src/runtime/ranger/ranger_resource_policy_manager.cpp:
##########
@@ -590,24 +599,21 @@ dsn::error_code
ranger_resource_policy_manager::sync_policies_to_app_envs()
{dsn::replication::replica_envs::REPLICA_ACCESS_CONTROLLER_RANGER_POLICIES});
bool is_policy_matched = false;
for (const auto &policy : table_policies->second) {
- if (policy.database_names.count(database_name) == 0) {
+ // this table does not match any database, app Ranger policy will
be cleaned up
+ if (policy.database_names.count(database_name) == 0 &&
+ policy.database_names.count("*") == 0) {
continue;
}
- // if table name does not conform to the naming
rules(database_name.table_name),
- // database is defined by "*" in ranger for acl matching
- if (policy.table_names.count("*") != 0 ||
policy.table_names.count(table_name) != 0) {
- is_policy_matched = true;
-
req->__set_op(dsn::replication::app_env_operation::type::APP_ENV_OP_SET);
- req->__set_values(
-
{json::json_forwarder<acl_policies>::encode(policy.policies).to_string()});
-
- dsn::replication::update_app_env_rpc rpc(std::move(req),
-
LPC_USE_RANGER_ACCESS_CONTROL);
- _meta_svc->get_server_state()->set_app_envs(rpc);
- LOG_AND_RETURN_NOT_OK(ERROR, rpc.response().err, "set_app_envs
failed.");
- break;
- }
+ is_policy_matched = true;
+
req->__set_op(dsn::replication::app_env_operation::type::APP_ENV_OP_SET);
+ req->__set_values(
+
{json::json_forwarder<acl_policies>::encode(policy.policies).to_string()});
+
+ dsn::replication::update_app_env_rpc rpc(std::move(req),
LPC_USE_RANGER_ACCESS_CONTROL);
+ _meta_svc->get_server_state()->set_app_envs(rpc);
+ LOG_AND_RETURN_NOT_OK(ERROR, rpc.response().err, "set_app_envs
failed.");
+ break;
Review Comment:
Yes, next patch will solve this problem: i will add a new data structure to
record all matching policies
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
