[jira] [Commented] (NIFI-4925) Ranger Authorizer - Memory Leak
[ https://issues.apache.org/jira/browse/NIFI-4925?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16386736#comment-16386736 ] ASF GitHub Bot commented on NIFI-4925: -- Github user markap14 commented on the issue: https://github.com/apache/nifi/pull/2511 @mcgilman this looks good. Was able to read through the code and I think it does what is expected. Was able to verify that the issue no longer exists. +1 merged to master. Thanks! > Ranger Authorizer - Memory Leak > --- > > Key: NIFI-4925 > URL: https://issues.apache.org/jira/browse/NIFI-4925 > Project: Apache NiFi > Issue Type: Bug > Components: Extensions >Reporter: Matt Gilman >Assignee: Matt Gilman >Priority: Critical > Fix For: 1.6.0 > > > Authorization requests/results are now explicitly audited. This change was > due to the fact that the Ranger was auditing a lot of false positives > previously. This is partly because the NiFi uses authorization to check which > features the user may have permissions to. This check is used to > enable/disable various parts of the UI. The remainder of the false positives > came from the authorizer not knowing the entire context of the request. For > instance, when a Processor has no policy we check its parent and so on. > The memory leak is due to the authorizer holding onto authorization results > that are never destined for auditing. -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Commented] (NIFI-4925) Ranger Authorizer - Memory Leak
[ https://issues.apache.org/jira/browse/NIFI-4925?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16386734#comment-16386734 ] ASF GitHub Bot commented on NIFI-4925: -- Github user asfgit closed the pull request at: https://github.com/apache/nifi/pull/2511 > Ranger Authorizer - Memory Leak > --- > > Key: NIFI-4925 > URL: https://issues.apache.org/jira/browse/NIFI-4925 > Project: Apache NiFi > Issue Type: Bug > Components: Extensions >Reporter: Matt Gilman >Assignee: Matt Gilman >Priority: Critical > Fix For: 1.6.0 > > > Authorization requests/results are now explicitly audited. This change was > due to the fact that the Ranger was auditing a lot of false positives > previously. This is partly because the NiFi uses authorization to check which > features the user may have permissions to. This check is used to > enable/disable various parts of the UI. The remainder of the false positives > came from the authorizer not knowing the entire context of the request. For > instance, when a Processor has no policy we check its parent and so on. > The memory leak is due to the authorizer holding onto authorization results > that are never destined for auditing. -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Commented] (NIFI-4925) Ranger Authorizer - Memory Leak
[ https://issues.apache.org/jira/browse/NIFI-4925?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16386436#comment-16386436 ] ASF GitHub Bot commented on NIFI-4925: -- GitHub user mcgilman opened a pull request: https://github.com/apache/nifi/pull/2511 NIFI-4925: Ranger Authorizer Memory Leak NIFI-4925: - Addressing memory leak from lingering authorization results that did not represent actual access attempts. You can merge this pull request into a Git repository by running: $ git pull https://github.com/mcgilman/nifi NIFI-4925 Alternatively you can review and apply these changes as the patch at: https://github.com/apache/nifi/pull/2511.patch To close this pull request, make a commit to your master/trunk branch with (at least) the following in the commit message: This closes #2511 commit d8e79a9427bb36f39290feb85ae908e8426f245a Author: Matt Gilman Date: 2018-03-02T21:24:34Z NIFI-4925: - Addressing memory leak from lingering authorization results that did not represent actual access attempts. > Ranger Authorizer - Memory Leak > --- > > Key: NIFI-4925 > URL: https://issues.apache.org/jira/browse/NIFI-4925 > Project: Apache NiFi > Issue Type: Bug > Components: Extensions >Reporter: Matt Gilman >Assignee: Matt Gilman >Priority: Critical > > Authorization requests/results are now explicitly audited. This change was > due to the fact that the Ranger was auditing a lot of false positives > previously. This is partly because the NiFi uses authorization to check which > features the user may have permissions to. This check is used to > enable/disable various parts of the UI. The remainder of the false positives > came from the authorizer not knowing the entire context of the request. For > instance, when a Processor has no policy we check its parent and so on. > The memory leak is due to the authorizer holding onto authorization results > that are never destined for auditing. -- This message was sent by Atlassian JIRA (v7.6.3#76005)