[ https://issues.apache.org/jira/browse/RANGER-3898?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Ramachandran updated RANGER-3898: --------------------------------- Summary: Ranger Roles cache Improvement (was: Bug in Ranger Roles Improvement) > Ranger Roles cache Improvement > ------------------------------- > > Key: RANGER-3898 > URL: https://issues.apache.org/jira/browse/RANGER-3898 > Project: Ranger > Issue Type: Bug > Components: Ranger > Affects Versions: 3.0.0 > Reporter: Ramachandran > Assignee: Ramachandran > Priority: Major > Attachments: 0001-RANGER-3898-Bug-in-Ranger-Roles-Cache.patch > > Time Spent: 10m > Remaining Estimate: 0h > > It seems Apache Ranger open source contains a bug where else block in the > below code will not be called at all > In the below code else block is a dead code > > {code:java} > public RangerRoles getLatestRangerRoleOrCached(String serviceName, > RoleDBStore roleDBStore, Long lastKnownRoleVersion, Long > rangerRoleVersionInDB) throws Exception { > final RangerRoles ret; > if (lastKnownRoleVersion == null || > !lastKnownRoleVersion.equals(rangerRoleVersionInDB)) { > roleCacheWrapper = new RangerRoleCacheWrapper(); > ret = roleCacheWrapper.getLatestRangerRoles(serviceName, > roleDBStore, lastKnownRoleVersion, rangerRoleVersionInDB); > } else if (lastKnownRoleVersion.equals(rangerRoleVersionInDB)) { > ret = null; > } else { > ret = roleCacheWrapper.getRoles(); > } > return ret; > }{code} > The below behaviour also broken > when multiple threads are trying to access and one or more threads got > timeout while acquiring the lock,it will fetch the roles from cache but ,we > are not setting the roles in cache anywhere in our code > > {code} > public RangerRoles getLatestRangerRoles(String serviceName, RoleDBStore > roleDBStore, Long lastKnownRoleVersion, Long rolesVersionInDB) throws > Exception { > RangerRoles ret = null; > boolean lockResult = false; > if (LOG.isDebugEnabled()) { > LOG.debug("==> RangerRoleCache.getLatestRangerRoles(ServiceName= " + > serviceName + " lastKnownRoleVersion= " + lastKnownRoleVersion + " > rolesVersionInDB= " + rolesVersionInDB + ")"); > } > try { > lockResult = lock.tryLock(waitTimeInSeconds, TimeUnit.SECONDS); > if (lockResult) { > // We are getting all the Roles to be downloaded for now. Should do > downloades for each service based on what roles are there in the policies. > SearchFilter searchFilter = null; > final Set<RangerRole> rolesInDB = new > HashSet<>(roleDBStore.getRoles(searchFilter)); > Date updateTime = new Date(); > if (rolesInDB != null) { > ret = new RangerRoles(); > ret.setRangerRoles(rolesInDB); > ret.setRoleUpdateTime(updateTime); > ret.setRoleVersion(rolesVersionInDB); > rolesVersion = rolesVersionInDB; > } else { > LOG.error("Could not get Ranger Roles from database ..."); > } > } else { > if (LOG.isDebugEnabled()) { > LOG.debug("Could not get lock in [" + waitTimeInSeconds + "] > seconds, returning cached RangerRoles"); > } > ret = getRoles(); > } > } catch (InterruptedException exception) { > LOG.error("RangerRoleCache.getLatestRangerRoles:lock got > interrupted..", exception); > } finally { > if (lockResult) { > lock.unlock(); > } > } > if (LOG.isDebugEnabled()) { > LOG.debug("<== RangerRoleCache.getLatestRangerRoles(ServiceName= " + > serviceName + " lastKnownRoleVersion= " + lastKnownRoleVersion + " > rolesVersionInDB= " + rolesVersionInDB + " RangerRoles= " + ret + ")"); > } > return ret; > }{code} -- This message was sent by Atlassian Jira (v8.20.10#820010)