ranger-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Madhan Neethiraj <mad...@apache.org>
Subject Re: Review Request 73342: RANGER-3280: Ensure that the policy/tag versions gets correctly updated for every change to service/policy/tag
Date Sat, 29 May 2021 02:13:32 GMT

-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/73342/#review223075
-----------------------------------------------------------




security-admin/src/main/java/org/apache/ranger/common/db/RangerTransactionSynchronizationAdapter.java
Line 159 (original), 147 (patched)
<https://reviews.apache.org/r/73342/#comment312214>

    isParentTransactionCommitted => retryUntilSucceed


- Madhan Neethiraj


On May 13, 2021, 9:48 p.m., Abhay Kulkarni wrote:
> 
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/73342/
> -----------------------------------------------------------
> 
> (Updated May 13, 2021, 9:48 p.m.)
> 
> 
> Review request for ranger, Dineshkumar Yadav, Kishor Gollapalliwar, Madhan Neethiraj,
Mehul Parikh, and Velmurugan Periasamy.
> 
> 
> Bugs: RANGER-3280
>     https://issues.apache.org/jira/browse/RANGER-3280
> 
> 
> Repository: ranger
> 
> 
> Description
> -------
> 
> Every change to service/policy/tag should be recorded by incrementing the policy-version
(or tag-version) for the service. Policy-version(or tag-version) is updated in a separate
transaction after the original change that caused the version change has been committed. 
This opens up a small window where the policy-version may be overwritten when multiple such
transactions are concurrently active, leading to some 'lost' updates.
> 
> The fix includes the database patches to build a unique index on the (service_id, policy_version)
fields for x_policy_change_log table and a unique index on (service_id, service_tags_version)
fields on x_tag_change_log table. The tasks scheduled to be executed when parent transaction
is committed are repeatedly attempted until succcessful when the parent transaction is committed
successfully.
> 
> 
> Diffs
> -----
> 
>   security-admin/db/mysql/optimized/current/ranger_core_db_mysql.sql a42c2f17c 
>   security-admin/db/mysql/patches/052-add-unique-constraint-on-change-logs.sql PRE-CREATION

>   security-admin/db/oracle/optimized/current/ranger_core_db_oracle.sql 149d94d60 
>   security-admin/db/oracle/patches/052-add-unique-constraint-on-change-logs.sql PRE-CREATION

>   security-admin/db/postgres/optimized/current/ranger_core_db_postgres.sql 867bed5b6

>   security-admin/db/postgres/patches/052-add-unique-constraint-on-change-logs.sql PRE-CREATION

>   security-admin/db/sqlanywhere/optimized/current/ranger_core_db_sqlanywhere.sql fd30f9648

>   security-admin/db/sqlanywhere/patches/052-add-unique-constraint-on-change-logs.sql
PRE-CREATION 
>   security-admin/db/sqlserver/optimized/current/ranger_core_db_sqlserver.sql 276a57cc2

>   security-admin/db/sqlserver/patches/053-add-unique-constraint-on-change-logs.sql PRE-CREATION

>   security-admin/src/main/java/org/apache/ranger/biz/ServiceDBStore.java e3c5b542f 
>   security-admin/src/main/java/org/apache/ranger/common/db/RangerTransactionSynchronizationAdapter.java
4bee9293b 
> 
> 
> Diff: https://reviews.apache.org/r/73342/diff/3/
> 
> 
> Testing
> -------
> 
> Passed on unit tests.
> Ensured that the x_service_version_info table is correctly updated when any change to
service/policy/tag is effected. Also ensured that correct set of rows are created in x_policy_change_log
and x_tag_change_log tables.
> 
> 
> Thanks,
> 
> Abhay Kulkarni
> 
>


Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message