[jira] [Assigned] (RANGER-3955) optimization to reduce duplicate strings

[Madhan Neethiraj (Jira)]

 [ 
https://issues.apache.org/jira/browse/RANGER-3955?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Madhan Neethiraj reassigned RANGER-3955:


Assignee: Madhan Neethiraj

> optimization to reduce duplicate strings
> 
>
> Key: RANGER-3955
> URL: https://issues.apache.org/jira/browse/RANGER-3955
> Project: Ranger
>  Issue Type: Improvement
>  Components: plugins
>Reporter: Madhan Neethiraj
>Assignee: Madhan Neethiraj
>Priority: Major
>
> Ranger plugins cache policies and tags which enables them to quickly respond 
> to authorization requests. This cache contains a large amount of string 
> objects, many of them having same values - like resource names 
> database/table/column. Eliminating such duplicate strings will help reduce 
> the memory needed for the plugins.



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

[jira] [Created] (RANGER-3955) optimization to reduce duplicate strings

[Madhan Neethiraj (Jira)]

Madhan Neethiraj created RANGER-3955:


 Summary: optimization to reduce duplicate strings
 Key: RANGER-3955
 URL: https://issues.apache.org/jira/browse/RANGER-3955
 Project: Ranger
  Issue Type: Improvement
  Components: plugins
Reporter: Madhan Neethiraj


Ranger plugins cache policies and tags which enables them to quickly respond to 
authorization requests. This cache contains a large amount of string objects, 
many of them having same values - like resource names database/table/column. 
Eliminating such duplicate strings will help reduce the memory needed for the 
plugins.



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

Re: Review Request 74142: RangerExternalUserStoreRetriever class Ranger-3855

[Barbara Eckman via Review Board]

> On Oct. 25, 2022, 7:43 a.m., Madhan Neethiraj wrote:
> >

Did you really mean to remove writeToFile() and encodeSecrets() from the 
project?  I understand moving most of the HandleSecrets methods to getFromURL, 
but don't we want to give folks the tools to easily write to file secrets that 
are encoded the way we later decodethem?


> On Oct. 25, 2022, 7:43 a.m., Madhan Neethiraj wrote:
> > agents-common/src/main/java/org/apache/ranger/plugin/contextenricher/externalUserStoreRetrievers/RangerRoleUserStoreRetriever.java
> > Lines 61 (patched)
> > 
> >
> > A comment here with details of hour RangerRoles contents are used to 
> > create RangerUserStore object - wth an example.

Done.


> On Oct. 25, 2022, 7:43 a.m., Madhan Neethiraj wrote:
> > agents-common/src/main/java/org/apache/ranger/plugin/contextenricher/externalUserStoreRetrievers/RangerRoleUserStoreRetriever.java
> > Lines 64 (patched)
> > 
> >
> > Given roleName is initialized in init() method, consider moving 
> > compliing patter to this method - this will help avoid compiling on every 
> > call to retrieveUserStoreInfo().

done


> On Oct. 25, 2022, 7:43 a.m., Madhan Neethiraj wrote:
> > agents-common/src/main/java/org/apache/ranger/plugin/contextenricher/externalretrievers/GetBearerToken.java
> > Lines 62 (patched)
> > 
> >
> > Did you mean to check if response is null? Shouldn't this be "response 
> > == null"?

Done


> On Oct. 25, 2022, 7:43 a.m., Madhan Neethiraj wrote:
> > agents-common/src/main/java/org/apache/ranger/plugin/contextenricher/externalretrievers/GetFromURL.java
> > Lines 85 (patched)
> > 
> >
> > Perhaps flattenedAttrMap.put() should be after the for loop at #81?

I think you realized that it was in the right place as is-- that's where it is 
in your patch, I think..


> On Oct. 25, 2022, 7:43 a.m., Madhan Neethiraj wrote:
> > agents-common/src/main/java/org/apache/ranger/plugin/contextenricher/externalretrievers/RangerExternalUserStoreRetriever.java
> > Lines 56 (patched)
> > 
> >
> > Since the user-store returned by a given instance of 
> > RangerExternalUserStoreRetriever always contains the same userAttrMap, it 
> > might be useful to instantiate RangerUserStore in init() method itself.

userStore is used in retrieveUserStoreInfo method as well as init, so it needs 
to be initiated outside.


- Barbara


---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/74142/#review224827
---


On Oct. 21, 2022, 9:09 p.m., Barbara Eckman wrote:
> 
> ---
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/74142/
> ---
> 
> (Updated Oct. 21, 2022, 9:09 p.m.)
> 
> 
> Review request for ranger and madhan.
> 
> 
> Bugs: Ranger-3855
> https://issues.apache.org/jira/browse/Ranger-3855
> 
> 
> Repository: ranger
> 
> 
> Description
> ---
> 
> RangerExternalUserStoreRetriever class Ranger-3855
> 
> Ranger version 3.0.0 provides a means, via a context enricher, to add or 
> retrieve attributes to the database of users for whom Ranger controls access. 
> This permits syntax like "Dumbo" in $USER.aliases any Ranger policy 
> condition, including row and tag filters.   This greatly enhances the ability 
> to provide custom Attribute-based Access Control based on the specific 
> business needs of one's organization.
> 
> I believe that the original assumption was that such attributes would be 
> added to AD/LDAP and enter Ranger via regular user sync's. However, this 
> process does not currently work with Azure AD, which many organizations use. 
> Neither does it provide timely support for organizations for whom adding each 
> new attribute to AD would be subject to prolonged scrutiny by overworked 
> security teams.  
> 
> In the spirit of the RangerAdminUserStoreRetriever context enricher, we have 
> written a RangerExternalUserStoreRetriever class which adds arbitrary 
> attributes to Ranger users via external API calls, thus freeing additions to 
> the UserStore from dependency on AD/LDAP.   We have also written a 
> RangerRoleUserStoreRetriever class, which transforms role membership into 
> user attributes, for ease of use in complex policy conditions.
> 
> 
> Diffs
> -
> 
>   
> agents-common/src/main/java/org/apache/ranger/plugin/contextenricher/externalUserStoreRetrievers/GetBearerToken.java
>  4e1d19556 
>   
> agents-common/src/main/ja

Re: Review Request 74142: RangerExternalUserStoreRetriever class Ranger-3855

[Madhan Neethiraj]

---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/74142/#review224827
---




agents-common/src/main/java/org/apache/ranger/plugin/contextenricher/externalUserStoreRetrievers/RangerRoleUserStoreRetriever.java
Lines 37 (patched)


userStoreMap => userAttrMapping?



agents-common/src/main/java/org/apache/ranger/plugin/contextenricher/externalUserStoreRetrievers/RangerRoleUserStoreRetriever.java
Lines 61 (patched)


A comment here with details of hour RangerRoles contents are used to create 
RangerUserStore object - wth an example.



agents-common/src/main/java/org/apache/ranger/plugin/contextenricher/externalUserStoreRetrievers/RangerRoleUserStoreRetriever.java
Lines 64 (patched)


Given roleName is initialized in init() method, consider moving compliing 
patter to this method - this will help avoid compiling on every call to 
retrieveUserStoreInfo().



agents-common/src/main/java/org/apache/ranger/plugin/contextenricher/externalretrievers/GetBearerToken.java
Lines 1 (patched)


License header is missing. Please add.



agents-common/src/main/java/org/apache/ranger/plugin/contextenricher/externalretrievers/GetBearerToken.java
Lines 62 (patched)


Did you mean to check if response is null? Shouldn't this be "response == 
null"?



agents-common/src/main/java/org/apache/ranger/plugin/contextenricher/externalretrievers/GetFromDataFile.java
Lines 1 (patched)


License header is missing. Please add.



agents-common/src/main/java/org/apache/ranger/plugin/contextenricher/externalretrievers/GetFromDataFile.java
Lines 15 (patched)


userAttrMap is used only within getFromDataFile() method. Consider moving 
this instance member inside getFromDataFile() method.



agents-common/src/main/java/org/apache/ranger/plugin/contextenricher/externalretrievers/GetFromURL.java
Lines 1 (patched)


License header is missing. Please add.



agents-common/src/main/java/org/apache/ranger/plugin/contextenricher/externalretrievers/GetFromURL.java
Lines 24 (patched)


flattenedAttrMap is used only within getFromURL() method. Consider moving 
this instance member inside getFromURL() method.



agents-common/src/main/java/org/apache/ranger/plugin/contextenricher/externalretrievers/GetFromURL.java
Lines 85 (patched)


Perhaps flattenedAttrMap.put() should be after the for loop at #81?



agents-common/src/main/java/org/apache/ranger/plugin/contextenricher/externalretrievers/HandleSecrets.java
Lines 1 (patched)


License header is missing. Please add.



agents-common/src/main/java/org/apache/ranger/plugin/contextenricher/externalretrievers/HandleSecrets.java
Lines 46 (patched)


verifyToken() is called only within this class. Consider marking this 
method as private.



agents-common/src/main/java/org/apache/ranger/plugin/contextenricher/externalretrievers/HandleSecrets.java
Lines 60 (patched)


Consider replacing for loop at #60 with the following:
  if (h.containsKey("Content-Type") &&
  !StringUtils.equalsIgnoreCase(h.get("Content-Type"), 
"application/x-www-form-urlencoded")) {
errorMessage += "Content-Type, if specified, must be 
\"application/x-www-form-urlencoded\"; ";
  }



agents-common/src/main/java/org/apache/ranger/plugin/contextenricher/externalretrievers/README.md
Lines 1 (patched)


License header is missing. Please add.



agents-common/src/main/java/org/apache/ranger/plugin/contextenricher/externalretrievers/RangerExternalUserStoreRetriever.java
Lines 1 (patched)


License header is missing. Please add.



agents-common/src/main/java/org/apache/ranger/plugin/contextenricher/externalretrievers/RangerExternalUserStoreRetriever.java
Lines 14 (patched)


Following instance members are only used within init() method. Consider 
moving these as method local.
 - configFile
 - dataFile
 - attrName



agents-common/src/main/java/org/apache/ranger/plugin/contextenricher/externalretrievers/RangerExternalUserStoreRetriever.java
Lines 56 (patched)