sentry-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From ak...@apache.org
Subject sentry git commit: SENTRY-1824: SentryStore may serialize transactions that rely on unique key (Na Li, reviewed by Alex Kolbasov)
Date Thu, 29 Jun 2017 22:01:34 GMT
Repository: sentry
Updated Branches:
  refs/heads/sentry-ha-redesign f5b4a1576 -> a2892aa73


SENTRY-1824: SentryStore may serialize transactions that rely on unique key (Na Li, reviewed
by Alex Kolbasov)


Project: http://git-wip-us.apache.org/repos/asf/sentry/repo
Commit: http://git-wip-us.apache.org/repos/asf/sentry/commit/a2892aa7
Tree: http://git-wip-us.apache.org/repos/asf/sentry/tree/a2892aa7
Diff: http://git-wip-us.apache.org/repos/asf/sentry/diff/a2892aa7

Branch: refs/heads/sentry-ha-redesign
Commit: a2892aa736666514b6ffdd14824ade7f097d9cf6
Parents: f5b4a15
Author: Alexander Kolbasov <akolb@cloudera.com>
Authored: Thu Jun 29 15:01:15 2017 -0700
Committer: Alexander Kolbasov <akolb@cloudera.com>
Committed: Thu Jun 29 15:01:30 2017 -0700

----------------------------------------------------------------------
 .../db/service/persistent/SentryStore.java      | 32 +++++++++++++++-----
 1 file changed, 25 insertions(+), 7 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/sentry/blob/a2892aa7/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/persistent/SentryStore.java
----------------------------------------------------------------------
diff --git a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/persistent/SentryStore.java
b/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/persistent/SentryStore.java
index 9ad97bc..1402ab1 100644
--- a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/persistent/SentryStore.java
+++ b/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/persistent/SentryStore.java
@@ -99,6 +99,24 @@ import static org.apache.sentry.provider.db.service.persistent.QueryParamBuilder
  * SentryStore is the data access object for Sentry data. Strings
  * such as role and group names will be normalized to lowercase
  * in addition to starting and ending whitespace.
+ * <p>
+ * We have several places where we rely on transactions to support
+ * read/modify/write semantics for incrementing IDs.
+ * This works but using DB support is rather expensive and we can
+ * user in-core serializations to help with this a least within a
+ * single node and rely on DB for multi-node synchronization.
+ * <p>
+ * This isn't much of a problem for path updates since they are
+ * driven by HMSFollower which usually runs on a single leader
+ * node, but permission updates originate from clients
+ * directly and may be highly concurrent.
+ * <p>
+ * We are internally serializing all permissions update anyway, so doing
+ * partial serialization on every node helps. For this reason all
+ * SentryStore calls that affect permission deltas are serialized.
+ * <p>
+ * See <a href="https://issues.apache.org/jira/browse/SENTRY-1824">SENTRY-1824</a>
+ * for more detail.
  */
 public class SentryStore {
   private static final Logger LOGGER = LoggerFactory
@@ -604,7 +622,7 @@ public class SentryStore {
    * @throws Exception
    *
    */
-  void alterSentryRoleGrantPrivilege(final String grantorPrincipal,
+  synchronized void alterSentryRoleGrantPrivilege(final String grantorPrincipal,
       final String roleName, final TSentryPrivilege privilege,
       final Update update) throws Exception {
 
@@ -764,7 +782,7 @@ public class SentryStore {
    * @throws Exception
    *
    */
-  private void alterSentryRoleRevokePrivilege(final String grantorPrincipal,
+  private synchronized void alterSentryRoleRevokePrivilege(final String grantorPrincipal,
                                               final String roleName, final TSentryPrivilege
tPrivilege,
                                               final Update update) throws Exception {
     execute(new DeltaTransactionBlock(update), new TransactionBlock<Object>() {
@@ -1100,7 +1118,7 @@ public class SentryStore {
    * @param update the corresponding permission delta update
    * @throws Exception
    */
-  public void dropSentryRole(final String roleName,
+  public synchronized void dropSentryRole(final String roleName,
       final Update update) throws Exception {
 
     execute(new DeltaTransactionBlock(update), new TransactionBlock<Object>() {
@@ -1177,7 +1195,7 @@ public class SentryStore {
    * @param update the corresponding permission delta update
    * @throws Exception
    */
-  public void alterSentryRoleAddGroups(final String grantorPrincipal,
+  public synchronized void alterSentryRoleAddGroups(final String grantorPrincipal,
       final String roleName, final Set<TSentryGroup> groupNames,
       final Update update) throws Exception {
 
@@ -1327,7 +1345,7 @@ public class SentryStore {
    * @param update the corresponding permission delta update
    * @throws Exception
    */
-  public void alterSentryRoleDeleteGroups(final String roleName,
+  public synchronized void alterSentryRoleDeleteGroups(final String roleName,
       final Set<TSentryGroup> groupNames, final Update update)
           throws Exception {
     execute(new DeltaTransactionBlock(update), new TransactionBlock<Object>() {
@@ -2062,7 +2080,7 @@ public class SentryStore {
    * @param update the corresponding permission delta update.
    * @throws Exception
    */
-  public void dropPrivilege(final TSentryAuthorizable tAuthorizable,
+  public synchronized void dropPrivilege(final TSentryAuthorizable tAuthorizable,
       final Update update) throws Exception {
 
     execute(new DeltaTransactionBlock(update), new TransactionBlock<Object>() {
@@ -2140,7 +2158,7 @@ public class SentryStore {
    * @throws SentryNoSuchObjectException
    * @throws SentryInvalidInputException
    */
-  public void renamePrivilege(final TSentryAuthorizable oldTAuthorizable,
+  public synchronized void renamePrivilege(final TSentryAuthorizable oldTAuthorizable,
       final TSentryAuthorizable newTAuthorizable, final Update update)
         throws Exception {
 


Mime
View raw message