ranger-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Madhan Neethiraj <mad...@apache.org>
Subject Re: Review Request 73056: RANGER-3098: Updates to validity period of tag are not reflected in Ranger database
Date Wed, 02 Dec 2020 05:09:51 GMT

-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/73056/#review222266
-----------------------------------------------------------




agents-common/src/main/java/org/apache/ranger/plugin/contextenricher/RangerTagEnricher.java
Line 615 (original), 617 (patched)
<https://reviews.apache.org/r/73056/#comment311335>

    - "new Date()" => request.getAccessTime()
    - I guess getTagsForEmptyResourceAndAnyAccess() was added as an optimization to avoid
creating large Set i.e. that includes all tags (RANGER-1208?). Stream filtering added here
will endup creating duplicating the set, which will nullify earlier optimization. Please review.



agents-common/src/main/java/org/apache/ranger/plugin/contextenricher/RangerTagEnricher.java
Lines 768 (patched)
<https://reviews.apache.org/r/73056/#comment311336>

    Instead of instantiating Date (i.e. using current time), consider having the caller send
request.getAccessTime() as argument to this method.


- Madhan Neethiraj


On Dec. 2, 2020, 2:47 a.m., Abhay Kulkarni wrote:
> 
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/73056/
> -----------------------------------------------------------
> 
> (Updated Dec. 2, 2020, 2:47 a.m.)
> 
> 
> Review request for ranger, Madhan Neethiraj and Ramesh Mani.
> 
> 
> Bugs: RANGER-3098
>     https://issues.apache.org/jira/browse/RANGER-3098
> 
> 
> Repository: ranger
> 
> 
> Description
> -------
> 
> If validity period of a tag is updated upstream, then the Ranger database is not getting
updated accordingly. Also, now, if tag is not applicable because of expired validity period,
then it is not listed in the audit record.
> 
> 
> Diffs
> -----
> 
>   agents-common/src/main/java/org/apache/ranger/plugin/contextenricher/RangerTagEnricher.java
fc7319485 
>   security-admin/src/main/java/org/apache/ranger/db/XXServiceVersionInfoDao.java b18f8f2d0

>   security-admin/src/main/java/org/apache/ranger/rest/ServiceTagsProcessor.java 9c19bb032

> 
> 
> Diff: https://reviews.apache.org/r/73056/diff/1/
> 
> 
> Testing
> -------
> 
> Ensured that, in a cluster, updates to validity periods are correctly shown up in Ranger
database.
> 
> 
> Thanks,
> 
> Abhay Kulkarni
> 
>


Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message