[jira] [Updated] (RANGER-2416) a single user created twice when creating default policy and usersync process syncs user at the same time,and got 404 http code when retrive service policies

zhangxiong (JIRA) Mon, 06 May 2019 22:34:21 -0700


     [ 
https://issues.apache.org/jira/browse/RANGER-2416?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]


zhangxiong updated RANGER-2416:
-------------------------------
    Description: 
a single user created twice when creating default policy and usersync process 
syncs user at the same time,and got 404 http code when retrive service policies.
  the two  concurrent processes creating the same  user at the same time:

1)where create a service repository like kafka, ranger admin will create a 
default policy for the user kafka.if the user kafka doesn't exists,ranger admin 
would create the user first.
  2)ranger usersnc process syncs user kafka from ldap.
 if the above two process happens nearly the same time,the user will be create 
twice in the ranger admin side.as a result,ranger admin db's x_user table got 
two record for the user kafka,as shown below:
 mysql> select id,added_by_id,user_name,descr from x_user where 
user_name='kafka' or id=2 or id=27;
 +-----+------------++-----------------------------------------------+
|id|added_by_id|user_name   |descr|

+-----+------------++-----------------------------------------------+
|2   |NULL       |rangerusersync|rangerusersync                         |
|27|2             |ambari-qa         |ambari-qa - add from Unix box|
|28|27           |kafka                 |kafka                                  
       |
|29|2              |kafka                   |kafka - add from Unix box       |

in this situation,if we search policies for service kafka,we got 404 http 
code,.this caused by XXUserDao's error for getting singleResult.

getEntityManager()
 .createNamedQuery("XXUser.findByUserName", XXUser.class)
 .setParameter("name", name.trim())
 .getSingleResult();

the command for search policies:
 curl -i -H 'Authorization:Basic YW1iX3Jhbmdlcl9hZG1pbjphbWJhcmkxMjM='  -H 
'Accept:application/json'  -H 'Content-Type:application/json' 
[http://tbds-10-0-0-16:6080/service/public/api/policy?repositoryName=tdw_kafka\&repositoryType=kafka\&isEnabled=true

t|http://tbds-10-0-0-16:6080/service/public/api/policy?repositoryName=tdw_kafka&repositoryType=kafka&isEnabled=true]his
 bug reproduced several times in the last two years.And our data platform uses 
ranger to manage 9 services for security.the above problem just happens when we 
create a service repository.

  was:
a single user created twice when creating default policy and usersync process 
syncs user at the same time,and got 404 http code when retrive service policies.
 the two  concurrent processes creating the same  user at the same time:

1)where create a service repository like kafka, ranger admin will create a 
default policy for the user kafka.if the user kafka doesn't exists,ranger admin 
would create the user first.
 2)ranger usersnc process syncs user kafka from ldap.
if the above two process happens nearly the same time,the user will be create 
twice in the ranger admin side.as a result,ranger admin db's x_user table got 
two record for the user kafka,as shown below:
mysql> select id,added_by_id,user_name,descr from x_user where 
user_name='kafka' or id=2 or id=27;
+----+-------------+----------------+-------------------------------+
| id | added_by_id | user_name    | descr |
+----+-------------+----------------+-------------------------------+
| 2   | NULL       | rangerusersync | rangerusersync                         |
| 27 | 2              | ambari-qa          | ambari-qa - add from Unix box |
| 28 | 27            | kafka                  | kafka                           
              |
|29|2              |kafka                   |kafka - add from Unix box       |


in this situation,if we search policies for service kafka,we got 404 http 
code,.this caused by XXUserDao's error for getting singleResult.

getEntityManager()
 .createNamedQuery("XXUser.findByUserName", XXUser.class)
 .setParameter("name", name.trim())
 .getSingleResult();

the command for search policies:
curl -i -H 'Authorization:Basic YW1iX3Jhbmdlcl9hZG1pbjphbWJhcmkxMjM='  -H 
'Accept:application/json'  -H 'Content-Type:application/json' 
http://tbds-10-0-0-16:6080/service/public/api/policy?repositoryName=tdw_kafka\&repositoryType=kafka\&isEnabled=true


> a single user created twice when creating default policy and usersync process 
> syncs user at the same time,and got 404 http code when retrive service 
> policies
> -------------------------------------------------------------------------------------------------------------------------------------------------------------
>
>                 Key: RANGER-2416
>                 URL: https://issues.apache.org/jira/browse/RANGER-2416
>             Project: Ranger
>          Issue Type: Bug
>          Components: admin
>    Affects Versions: 0.6.0
>         Environment: in hdp ambari 2.6
>            Reporter: zhangxiong
>            Priority: Major
>
> a single user created twice when creating default policy and usersync process 
> syncs user at the same time,and got 404 http code when retrive service 
> policies.
>   the two  concurrent processes creating the same  user at the same time:
> 1)where create a service repository like kafka, ranger admin will create a 
> default policy for the user kafka.if the user kafka doesn't exists,ranger 
> admin would create the user first.
>   2)ranger usersnc process syncs user kafka from ldap.
>  if the above two process happens nearly the same time,the user will be 
> create twice in the ranger admin side.as a result,ranger admin db's x_user 
> table got two record for the user kafka,as shown below:
>  mysql> select id,added_by_id,user_name,descr from x_user where 
> user_name='kafka' or id=2 or id=27;
>  +-----+------------++-----------------------------------------------+
> |id|added_by_id|user_name   |descr|
> +-----+------------++-----------------------------------------------+
> |2   |NULL       |rangerusersync|rangerusersync                         |
> |27|2             |ambari-qa         |ambari-qa - add from Unix box|
> |28|27           |kafka                 |kafka                                
>          |
> |29|2              |kafka                   |kafka - add from Unix box       |
> in this situation,if we search policies for service kafka,we got 404 http 
> code,.this caused by XXUserDao's error for getting singleResult.
> getEntityManager()
>  .createNamedQuery("XXUser.findByUserName", XXUser.class)
>  .setParameter("name", name.trim())
>  .getSingleResult();
> the command for search policies:
>  curl -i -H 'Authorization:Basic YW1iX3Jhbmdlcl9hZG1pbjphbWJhcmkxMjM='  -H 
> 'Accept:application/json'  -H 'Content-Type:application/json' 
> [http://tbds-10-0-0-16:6080/service/public/api/policy?repositoryName=tdw_kafka\&repositoryType=kafka\&isEnabled=true
> t|http://tbds-10-0-0-16:6080/service/public/api/policy?repositoryName=tdw_kafka&repositoryType=kafka&isEnabled=true]his
>  bug reproduced several times in the last two years.And our data platform 
> uses ranger to manage 9 services for security.the above problem just happens 
> when we create a service repository.



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

[jira] [Updated] (RANGER-2416) a single user created twice when creating default policy and usersync process syncs user at the same time,and got 404 http code when retrive service policies

Reply via email to