[
https://issues.apache.org/jira/browse/RANGER-3898?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Ramachandran updated RANGER-3898:
---------------------------------
Summary: Ranger Roles cache Improvement (was: Bug in Ranger Roles
Improvement)
> Ranger Roles cache Improvement
> -------------------------------
>
> Key: RANGER-3898
> URL: https://issues.apache.org/jira/browse/RANGER-3898
> Project: Ranger
> Issue Type: Bug
> Components: Ranger
> Affects Versions: 3.0.0
> Reporter: Ramachandran
> Assignee: Ramachandran
> Priority: Major
> Attachments: 0001-RANGER-3898-Bug-in-Ranger-Roles-Cache.patch
>
> Time Spent: 10m
> Remaining Estimate: 0h
>
> It seems Apache Ranger open source contains a bug where else block in the
> below code will not be called at all
> In the below code else block is a dead code
>
> {code:java}
> public RangerRoles getLatestRangerRoleOrCached(String serviceName,
> RoleDBStore roleDBStore, Long lastKnownRoleVersion, Long
> rangerRoleVersionInDB) throws Exception {
> final RangerRoles ret;
> if (lastKnownRoleVersion == null ||
> !lastKnownRoleVersion.equals(rangerRoleVersionInDB)) {
> roleCacheWrapper = new RangerRoleCacheWrapper();
> ret = roleCacheWrapper.getLatestRangerRoles(serviceName,
> roleDBStore, lastKnownRoleVersion, rangerRoleVersionInDB);
> } else if (lastKnownRoleVersion.equals(rangerRoleVersionInDB)) {
> ret = null;
> } else {
> ret = roleCacheWrapper.getRoles();
> }
> return ret;
> }{code}
> The below behaviour also broken
> when multiple threads are trying to access and one or more threads got
> timeout while acquiring the lock,it will fetch the roles from cache but ,we
> are not setting the roles in cache anywhere in our code
>
> {code}
> public RangerRoles getLatestRangerRoles(String serviceName, RoleDBStore
> roleDBStore, Long lastKnownRoleVersion, Long rolesVersionInDB) throws
> Exception {
> RangerRoles ret = null;
> boolean lockResult = false;
> if (LOG.isDebugEnabled()) {
> LOG.debug("==> RangerRoleCache.getLatestRangerRoles(ServiceName= " +
> serviceName + " lastKnownRoleVersion= " + lastKnownRoleVersion + "
> rolesVersionInDB= " + rolesVersionInDB + ")");
> }
> try {
> lockResult = lock.tryLock(waitTimeInSeconds, TimeUnit.SECONDS);
> if (lockResult) {
> // We are getting all the Roles to be downloaded for now. Should do
> downloades for each service based on what roles are there in the policies.
> SearchFilter searchFilter = null;
> final Set<RangerRole> rolesInDB = new
> HashSet<>(roleDBStore.getRoles(searchFilter));
> Date updateTime = new Date();
> if (rolesInDB != null) {
> ret = new RangerRoles();
> ret.setRangerRoles(rolesInDB);
> ret.setRoleUpdateTime(updateTime);
> ret.setRoleVersion(rolesVersionInDB);
> rolesVersion = rolesVersionInDB;
> } else {
> LOG.error("Could not get Ranger Roles from database ...");
> }
> } else {
> if (LOG.isDebugEnabled()) {
> LOG.debug("Could not get lock in [" + waitTimeInSeconds + "]
> seconds, returning cached RangerRoles");
> }
> ret = getRoles();
> }
> } catch (InterruptedException exception) {
> LOG.error("RangerRoleCache.getLatestRangerRoles:lock got
> interrupted..", exception);
> } finally {
> if (lockResult) {
> lock.unlock();
> }
> }
> if (LOG.isDebugEnabled()) {
> LOG.debug("<== RangerRoleCache.getLatestRangerRoles(ServiceName= " +
> serviceName + " lastKnownRoleVersion= " + lastKnownRoleVersion + "
> rolesVersionInDB= " + rolesVersionInDB + " RangerRoles= " + ret + ")");
> }
> return ret;
> }{code}
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
