> On July 3, 2019, 5:49 p.m., Abhay Kulkarni wrote:
> > security-admin/src/main/java/org/apache/ranger/biz/ServiceDBStore.java
> > Lines 3010 (patched)
> > <https://reviews.apache.org/r/71007/diff/1/?file=2153486#file2153486line3011>
> >
> > Consider moving lines 3010-3013 to after line 3008.
>
> Pradeep Agrawal wrote:
> @Abhay : Please read the comments added before the code.
>
> public void deleteZonePolicies(Collection<String> serviceNames, Long
> zoneId) throws Exception {
> if (CollectionUtils.isNotEmpty(serviceNames)) {
> XXPolicyDao policyDao = daoMgr.getXXPolicy();
> for (String serviceName : serviceNames) {
> RangerService service =
> getServiceByName(serviceName);
> //below statement will pull only policy IDs rather
> XXPolicy object
> List<Long> policyIds =
> policyDao.findPolicyIdsByServiceNameAndZoneId(serviceName, zoneId);
> List<RangerPolicy> rangerPolicyList=new
> ArrayList<RangerPolicy>();
> if (CollectionUtils.isNotEmpty(policyIds)) {
> for (Long id : policyIds) {
> //from the policy id we need to get RangerPolicy
> policy object which shall be added first in the rangerPolicyList
>
> rangerPolicyList.add(getPolicy(id));
> }
> }
> // run through rangerPolicyList and delete ranger
> policies.
> for (RangerPolicy rangerPolicy :
> rangerPolicyList) {
> deletePolicy(rangerPolicy, service);
> }
> //rangerPolicyList object is required for Trx logs and
> Policy history.
>
> createTrxLogsAndHistoryAfterDelete(rangerPolicyList, service);
> }
> }
> }
I was suggesting this instead. Policies need to be deleted only if policyIds
collection is non empty.
public void deleteZonePolicies(Collection<String> serviceNames, Long zoneId)
throws Exception {
if (CollectionUtils.isNotEmpty(serviceNames)) {
XXPolicyDao policyDao = daoMgr.getXXPolicy();
for (String serviceName : serviceNames) {
RangerService service = getServiceByName(serviceName);
//below statement will pull only policy IDs rather XXPolicy object
List<Long> policyIds =
policyDao.findPolicyIdsByServiceNameAndZoneId(serviceName, zoneId);
if (CollectionUtils.isNotEmpty(policyIds)) {
List<RangerPolicy> rangerPolicyList = new ArrayList<>();
for (Long id : policyIds) {
//from the policy id we need to get RangerPolicy policy
object which shall be added first in the rangerPolicyList
rangerPolicyList.add(getPolicy(id));
}
// run through rangerPolicyList and delete ranger policies.
for (RangerPolicy rangerPolicy : rangerPolicyList) {
deletePolicy(rangerPolicy, service);
}
//rangerPolicyList object is required for Trx logs and Policy
history.
createTrxLogsAndHistoryAfterDelete(rangerPolicyList, service);
}
}
}
}
- Abhay
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/71007/#review216348
-----------------------------------------------------------
On July 4, 2019, 7:17 a.m., Pradeep Agrawal wrote:
>
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/71007/
> -----------------------------------------------------------
>
> (Updated July 4, 2019, 7:17 a.m.)
>
>
> Review request for ranger, Ankita Sinha, bhavik patel, Gautam Borad, Abhay
> Kulkarni, Madhan Neethiraj, Mehul Parikh, Nikhil P, Nitin Galave, Ramesh
> Mani, Sailaja Polavarapu, and Velmurugan Periasamy.
>
>
> Bugs: RANGER-2493
> https://issues.apache.org/jira/browse/RANGER-2493
>
>
> Repository: ranger
>
>
> Description
> -------
>
> ** Problem Statement ** Ranger takes an extremely long time to override a
> service with many policies, will crash ranger if admin JVM heap size is the 1
> GB default
>
>
> Diffs
> -----
>
> security-admin/src/main/java/org/apache/ranger/biz/ServiceDBStore.java
> bf50df3a8
> security-admin/src/main/java/org/apache/ranger/common/db/BaseDao.java
> 51c0de56c
> security-admin/src/main/java/org/apache/ranger/db/XXPolicyDao.java
> baf6b6ea4
> security-admin/src/main/java/org/apache/ranger/rest/ServiceREST.java
> 171d73bfa
> security-admin/src/main/resources/META-INF/jpa_named_queries.xml eb0384b14
> security-admin/src/test/java/org/apache/ranger/biz/TestServiceDBStore.java
> dc845cf80
> security-admin/src/test/java/org/apache/ranger/rest/TestServiceREST.java
> 9b9aa8377
>
>
> Diff: https://reviews.apache.org/r/71007/diff/2/
>
>
> Testing
> -------
>
> Tested 500 policy import json and unable to reproduce JVM issue.
>
>
> Thanks,
>
> Pradeep Agrawal
>
>
