[ranger] branch master updated: RANGER-3562: Redesign post commit tasks for updating ref-tables when policy/role is updated - Part 2
This is an automated email from the ASF dual-hosted git repository.
abhay pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/ranger.git
The following commit(s) were added to refs/heads/master by this push:
new dd7c773 RANGER-3562: Redesign post commit tasks for updating
ref-tables when policy/role is updated - Part 2
dd7c773 is described below
commit dd7c773dee6d8f15ffcb14304d71b79c29fdf082
Author: Abhay Kulkarni
AuthorDate: Wed Jan 5 15:24:39 2022 -0800
RANGER-3562: Redesign post commit tasks for updating ref-tables when
policy/role is updated - Part 2
---
.../java/org/apache/ranger/biz/PolicyRefUpdater.java | 18 +++---
.../java/org/apache/ranger/biz/RoleRefUpdater.java | 18 +++---
.../resources/stability-tests/ranger-policy/app.conf | 6 +++---
.../resources/stability-tests/ranger-policy/start.sh | 2 +-
4 files changed, 10 insertions(+), 34 deletions(-)
diff --git
a/security-admin/src/main/java/org/apache/ranger/biz/PolicyRefUpdater.java
b/security-admin/src/main/java/org/apache/ranger/biz/PolicyRefUpdater.java
index f8f0ee9..b1f331b 100644
--- a/security-admin/src/main/java/org/apache/ranger/biz/PolicyRefUpdater.java
+++ b/security-admin/src/main/java/org/apache/ranger/biz/PolicyRefUpdater.java
@@ -176,11 +176,7 @@ public class PolicyRefUpdater {
continue;
}
PolicyPrincipalAssociator associator = new
PolicyPrincipalAssociator(PRINCIPAL_TYPE.ROLE, role, xPolicy);
- if (associator.doAssociate(false)) {
- if (LOG.isDebugEnabled()) {
- LOG.debug("Role name: " + role + "
specified in policy does not exist in ranger admin.");
- }
- } else {
+ if (!associator.doAssociate(false)) {
if (isAdmin) {
rangerTransactionSynchronizationAdapter.executeOnTransactionCommit(associator);
} else {
@@ -200,11 +196,7 @@ public class PolicyRefUpdater {
}
PolicyPrincipalAssociator associator = new
PolicyPrincipalAssociator(PRINCIPAL_TYPE.GROUP, group, xPolicy);
- if (associator.doAssociate(false)) {
- if (LOG.isDebugEnabled()) {
- LOG.debug("Group name: " + group + "
specified in policy does not exist in ranger admin.");
- }
- } else {
+ if (!associator.doAssociate(false)) {
if (isAdmin) {
rangerTransactionSynchronizationAdapter.executeOnTransactionCommit(associator);
} else {
@@ -221,11 +213,7 @@ public class PolicyRefUpdater {
continue;
}
PolicyPrincipalAssociator associator = new
PolicyPrincipalAssociator(PRINCIPAL_TYPE.USER, user, xPolicy);
- if (associator.doAssociate(false)) {
- if (LOG.isDebugEnabled()) {
- LOG.debug("User name: " + user + "
specified in policy does not exist in ranger admin.");
- }
- } else {
+ if (!associator.doAssociate(false)) {
if (isAdmin) {
rangerTransactionSynchronizationAdapter.executeOnTransactionCommit(associator);
} else {
diff --git
a/security-admin/src/main/java/org/apache/ranger/biz/RoleRefUpdater.java
b/security-admin/src/main/java/org/apache/ranger/biz/RoleRefUpdater.java
index 0e5ccd3..6ada7ee 100644
--- a/security-admin/src/main/java/org/apache/ranger/biz/RoleRefUpdater.java
+++ b/security-admin/src/main/java/org/apache/ranger/biz/RoleRefUpdater.java
@@ -107,11 +107,7 @@ public class RoleRefUpdater {
}
RolePrincipalAssociator associator = new
RolePrincipalAssociator(PolicyRefUpdater.PRINCIPAL_TYPE.USER, roleUser, roleId);
- if (associator.doAssociate(false)) {
- if (LOG.isDebugEnabled()) {
- LOG.debug("User name: " +
roleUser + " specified in role does not exist in ranger admin.");
- }
- } else {
+ if (!associator.doAssociate(false)) {
if (isCreateNonExistentUGs) {
[ranger] branch master updated: RANGER-3562: Redesign post commit tasks for updating ref-tables when policy/role is updated
This is an automated email from the ASF dual-hosted git repository.
abhay pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/ranger.git
The following commit(s) were added to refs/heads/master by this push:
new df07b0d RANGER-3562: Redesign post commit tasks for updating
ref-tables when policy/role is updated
df07b0d is described below
commit df07b0da94dced97e6022b1d0d243c8b2e358803
Author: Abhay Kulkarni
AuthorDate: Mon Jan 3 18:38:55 2022 -0800
RANGER-3562: Redesign post commit tasks for updating ref-tables when
policy/role is updated
---
.../main/java/org/apache/ranger/biz/AssetMgr.java | 18 +-
.../org/apache/ranger/biz/PolicyRefUpdater.java| 474 ++---
.../java/org/apache/ranger/biz/RoleRefUpdater.java | 395 +
.../ranger/service/RangerPluginActivityLogger.java | 15 +-
.../service/TestRangerPluginActivityLogger.java| 3 +-
5 files changed, 436 insertions(+), 469 deletions(-)
diff --git a/security-admin/src/main/java/org/apache/ranger/biz/AssetMgr.java
b/security-admin/src/main/java/org/apache/ranger/biz/AssetMgr.java
index 36f137e..08255b3 100644
--- a/security-admin/src/main/java/org/apache/ranger/biz/AssetMgr.java
+++ b/security-admin/src/main/java/org/apache/ranger/biz/AssetMgr.java
@@ -48,6 +48,7 @@ import org.apache.ranger.common.RangerCommonEnums;
import org.apache.ranger.common.RangerConstants;
import org.apache.ranger.common.SearchCriteria;
import org.apache.ranger.common.StringUtil;
+import org.apache.ranger.common.db.RangerTransactionSynchronizationAdapter;
import org.apache.ranger.db.RangerDaoManager;
import org.apache.ranger.elasticsearch.ElasticSearchAccessAuditsService;
import org.apache.ranger.entity.XXPermMap;
@@ -121,7 +122,7 @@ public class AssetMgr extends AssetMgrBase {
XPolicyService xPolicyService;
@Autowired
- RangerPluginActivityLogger activityLogger;
+ RangerTransactionSynchronizationAdapter
transactionSynchronizationAdapter;
@Autowired
RangerPluginInfoService pluginInfoService;
@@ -663,7 +664,7 @@ public class AssetMgr extends AssetMgrBase {
}
};
-
activityLogger.commitAfterTransactionComplete(commitWork);
+
transactionSynchronizationAdapter.executeOnTransactionCompletion(commitWork);
}
} else {
ret =
rangerDaoManager.getXXPolicyExportAudit().create(xXPolicyExportAudit);
@@ -733,6 +734,7 @@ public class AssetMgr extends AssetMgrBase {
}
final boolean isTagVersionResetNeeded;
+ final Runnable commitWork;
if (httpCode == HttpServletResponse.SC_NOT_MODIFIED) {
// Create or update PluginInfo record after transaction
is completed. If it is created in-line here
@@ -757,15 +759,13 @@ public class AssetMgr extends AssetMgrBase {
break;
}
- Runnable commitWork = new Runnable() {
+ commitWork = new Runnable() {
@Override
public void run() {
doCreateOrUpdateXXPluginInfo(pluginInfo, entityType, isTagVersionResetNeeded,
clusterName);
}
};
-
activityLogger.commitAfterTransactionComplete(commitWork);
} else if (httpCode == HttpServletResponse.SC_NOT_FOUND) {
- Runnable commitWork;
if ((isPolicyDownloadRequest(entityType) &&
(pluginInfo.getPolicyActiveVersion() == null ||
pluginInfo.getPolicyActiveVersion() == -1))
|| (isTagDownloadRequest(entityType) &&
(pluginInfo.getTagActiveVersion() == null || pluginInfo.getTagActiveVersion()
== -1))
|| (isRoleDownloadRequest(entityType)
&& (pluginInfo.getRoleActiveVersion() == null ||
pluginInfo.getRoleActiveVersion() == -1))
@@ -784,12 +784,16 @@ public class AssetMgr extends AssetMgrBase {
}
};
}
-
activityLogger.commitAfterTransactionComplete(commitWork);
-
} else {
isTagVersionResetNeeded = false;
+ commitWork = null;
doCreateOrUpdateXXPluginInfo(pluginInfo, entityType,
isTagVersionResetNeeded, clusterName);
}
+
+ if (commitWork != null) {
+
transactionSynchronizationAdapter.executeOnTransactionCompletion(commitWork);
+ }
+
if (logger.isDebugEnabled()) {
