[jira] [Commented] (SENTRY-2121) Notifications processed during times when HDFS sync is disabled will not be applied as ACLs when later HDFS sync was to be enabled

Wed, 10 Jan 2018 16:36:36 -0800 

    [ 
https://issues.apache.org/jira/browse/SENTRY-2121?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16321458#comment-16321458
 ] 

Na Li commented on SENTRY-2121:
-------------------------------

To solve this issue, we have two options:

1) When HDFS is disabled, we clear the MAuthzPathsSnapshotId table. So when 
HDFS is enabled again, the following condition will be met, and trigger getting 
full snapshot. This approach has less overhead when HDFS is disabled, but 
higher overhead at the moment when HDFS is enabled again (getting a full 
snapshot)

{code}
// Once HDFS sync is enabled, and if MAuthzPathsSnapshotId
    // table is still empty, we need to request a full snapshot
    if(hdfsSyncEnabled && sentryStore.isAuthzPathsSnapshotEmpty()) {
      LOGGER.debug("HDFSSync is enabled and MAuthzPathsSnapshotId table is 
empty. Need to request a full snapshot");
      return true;
    }
{code}

2) When HDFS is disabled, still update MAuthzPathsMapping table. So when HDFS 
is enabled again, there is no missing path info. This approach has higher 
overhead when HDFS is disabled, but no extra overhead at the moment when HDFS 
is enabled again.

> Notifications processed during times when HDFS sync is disabled will not be 
> applied as ACLs when later HDFS sync was to be enabled
> ----------------------------------------------------------------------------------------------------------------------------------
>
>                 Key: SENTRY-2121
>                 URL: https://issues.apache.org/jira/browse/SENTRY-2121
>             Project: Sentry
>          Issue Type: Bug
>          Components: Sentry
>    Affects Versions: 2.1.0
>            Reporter: Arjun Mishra
>            Assignee: Arjun Mishra
>              Labels: triaged
>
> When HDFS sync is disabled, we don't update the AUTHZ_PATHS_MAPPING table. 
> However, when HDFS sync is enabled, ACLs that are generated are based on 
> entries in the AUTHZ_PATHS_MAPPING table. So this means that if we were to 
> disable HDFS sync and later enable HDFS sync, ACLs for all notifications that 
> were processed during the times when HDFS sycn was disabled won't be created



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)

Reply via email to