trafodion-codereview mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From robertamarton <...@git.apache.org>
Subject [GitHub] incubator-trafodion pull request #523: TRAFODION [2025] Initialize authoriza...
Date Sun, 05 Jun 2016 19:47:54 GMT
GitHub user robertamarton opened a pull request:

    https://github.com/apache/incubator-trafodion/pull/523

    TRAFODION [2025] Initialize authorization cannot be run in a DDL transaction

    As part of DDL transaction work, there is a goal to run all DDL and DDL like
    operations in a single DDL transaction.  This delivery changes initialize
    trafodion and initialize authorization to make this happen.
    
    Prior to DDL transactions, initialize authorization would either add or drop
    authorization support.  Part of this required that all compiler processes 
    associated with the master process be killed to clear out information stored
    in memory.  When DDL transactions were added, killing the compiler processes
    caused the DDL transaction to abort.  This means that initialize authorization
    could not be run in DDL transations.  Initialize trafodion calls initialize
    authorization when security is enabled, so initialize trafodion was not 
    enabled to run in DDL transactions.

You can merge this pull request into a Git repository by running:

    $ git pull https://github.com/robertamarton/incubator-trafodion initauth

Alternatively you can review and apply these changes as the patch at:

    https://github.com/apache/incubator-trafodion/pull/523.patch

To close this pull request, make a commit to your master/trunk branch
with (at least) the following in the commit message:

    This closes #523
    
----
commit 626370ee584eb5c3c847c01cd8615f204d29c3ff
Author: Roberta Marton <roberta.marton@apache.org>
Date:   2016-06-05T19:43:17Z

    TRAFODION [2025] Initialize authorization cannot be run in a DDL transaction
    
    As part of DDL transaction work, there is a goal to run all DDL and DDL like
    operations in a single DDL transaction.  This delivery changes initialize
    trafodion and initialize authorization to make this happen.
    
    Prior to DDL transactions, initialize authorization would either add or drop
    authorization support.  Part of this required that all compiler processes
    associated with the master process be killed to clear out information stored
    in memory.  When DDL transactions were added, killing the compiler processes
    caused the DDL transaction to abort.  This means that initialize authorization
    could not be run in DDL transation.  Initialize trafodion calls initialize
    authorization when security is enabled, so initialize trafodion was not able
    to run in DDL transactions.
    
    A change was made to send a CmpMessageDatabaseUser request to the child arkcmp
    processes after authorization was initialized or dropped. This request is
    reponsible for setting appropriate memory attributes so we no longer require
    arkcmps to be terminated.  Changes were piggy backed on current support that
    sends usernames and IDs to child arkcmps.
    
    A new method called ContextCli::updateMxcmpSession is called during initialize
    and drop requests.  This calls send a message to associated arkcmp process to
    update session attributes for user information.  It then propagates the message
    to other child arkcmp processes.
    
    To make this work, the following code was changed to generate and recognize the
    new message format:
         CmpStatement.cpp (process - CmpMessageDatabaseUser)
         Context.cpp (createMxcmpSession & updateMxcmpSession)
         ExSqlComp.cpp (resendControls)
    
    The following was changed to support DDL transactions:
       CmpSeabaseDDLcommon.cpp (initSeabaseAuthorization & dropSeabaseAuthorization)
       GenPreCode.cpp (allow DDL transaction for initialize trafodion)
       SqlciErrors.txt (allow initialize authorization to succeed with warnings)
    
    This also includes a change on how Trafodion processes alter user operations
    that allow predefined users to be modified by someone with the correct
    privileges.

----


---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastructure@apache.org or file a JIRA ticket
with INFRA.
---

Mime
View raw message