----------------------------------------------------------- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/70940/#review216118 -----------------------------------------------------------
security-admin/src/main/java/org/apache/ranger/biz/SessionMgr.java Line 166 (original) <https://reviews.apache.org/r/70940/#comment303113> This file has only whitespace changes. Please review and revert. security-admin/src/main/java/org/apache/ranger/rest/ServiceREST.java Lines 1313 (patched) <https://reviews.apache.org/r/70940/#comment303115> duplicate call, of the previous line. Please review and remove. security-admin/src/main/java/org/apache/ranger/rest/ServiceREST.java Lines 3917 (patched) <https://reviews.apache.org/r/70940/#comment303116> - LOG.error => LOG.info - Consider the following alternate message: LOG.info("failed to retrieve tag-service [" + tagServiceName + "]. Will attempt to create.", e); security-admin/src/main/java/org/apache/ranger/rest/ServiceREST.java Lines 4004 (patched) <https://reviews.apache.org/r/70940/#comment303118> Please review handling of condition where multiple threads are simultanously in this block (perhaps across Ranger admin instances), trying to create the same tag service (while trying to create different resource services?). svcStore.createService() will succeed in only thread, others will get error like ERROR_DUPLICATE_OBJECT. In such cases, this block should try to retrieve the tag-service. security-admin/src/main/java/org/apache/ranger/rest/ServiceREST.java Lines 4021 (patched) <https://reviews.apache.org/r/70940/#comment303117> Instead of another timedTask to link, why not remove lines #4021 - #4035? - Madhan Neethiraj On June 25, 2019, 2:07 a.m., Abhay Kulkarni wrote: > > ----------------------------------------------------------- > This is an automatically generated e-mail. To reply, visit: > https://reviews.apache.org/r/70940/ > ----------------------------------------------------------- > > (Updated June 25, 2019, 2:07 a.m.) > > > Review request for ranger, Madhan Neethiraj, Ramesh Mani, and Velmurugan > Periasamy. > > > Bugs: RANGER-2481 > https://issues.apache.org/jira/browse/RANGER-2481 > > > Repository: ranger > > > Description > ------- > > Ranger supports tag-based policies out of the box. However, there are a few > configuration steps that need to be performed in order to set up Ranger to > perform tag-based authorization. As these steps are often missed, it will be > useful to provide a commonly used/structured way of automatically creating > tag service and linking it to resource service. > > This may be controlled through few configuration parameters: > > tag.service.auto.create=<true|false> ==> If tag-service needs to be created > when resource-service is created. > > tag.service.name=<auto|tag-service-name> ==> If tag-service needs to be > created, how is it named (automatically or user-specified) > > tag.service.auto.link=<true|false> ==> If resource-service needs to be linked > to the tag-service > > > Diffs > ----- > > security-admin/src/main/java/org/apache/ranger/biz/SessionMgr.java > 4a426b78a > security-admin/src/main/java/org/apache/ranger/common/TimedExecutor.java > 6f97337b7 > security-admin/src/main/java/org/apache/ranger/rest/ServiceREST.java > 1d9391f20 > > > Diff: https://reviews.apache.org/r/70940/diff/1/ > > > Testing > ------- > > Tested by creating a resource service, and ensuring that corresponding tag > service is created and linked with resource service > > > Thanks, > > Abhay Kulkarni > >