> On April 27, 2021, 6:59 p.m., Madhan Neethiraj wrote: > > security-admin/src/main/java/org/apache/ranger/biz/ServiceDBStore.java > > Lines 3144 (patched) > > <https://reviews.apache.org/r/73301/diff/1/?file=2249184#file2249184line3146> > > > > retrievedPolicyVersion is the version of the last policy in the list of > > deltas. Using this to populate ServicePolicies.policyVesion, #3184, doesn't > > seem appropriate. > > > > Same for retrievedTagPolicyVersion and #3192.
It is likely that the second read of the policyVersion for the given service may give a different value than what is read from the policy/tag change log table (READ_COMMITTED serialization level, in a busy ranger-admin server can cause this). Therefore, it is better to set the value of service-policy/tag-policy/tag version from the actual records read from the change log table. - Abhay ----------------------------------------------------------- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/73301/#review222884 ----------------------------------------------------------- On April 26, 2021, 5:52 p.m., Abhay Kulkarni wrote: > > ----------------------------------------------------------- > This is an automatically generated e-mail. To reply, visit: > https://reviews.apache.org/r/73301/ > ----------------------------------------------------------- > > (Updated April 26, 2021, 5:52 p.m.) > > > Review request for ranger, Madhan Neethiraj, Ramesh Mani, and Velmurugan > Periasamy. > > > Bugs: RANGER-3253 > https://issues.apache.org/jira/browse/RANGER-3253 > > > Repository: ranger > > > Description > ------- > > Ranger admin, when incremental policies are enabled, retrieves changes to > policies from database since last provided policy-version and applies these > changes on the cached policies to compute new set of policies. This > computation needs to be more resilient - for example - if a change suggests > that a policy is created, but it already exists in the policy-cache, then it > should not be added again. > > > Diffs > ----- > > > agents-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerPolicyRepository.java > f92cd3f7b > > agents-common/src/main/java/org/apache/ranger/plugin/util/RangerPolicyDeltaUtil.java > 4661f79b9 > security-admin/src/main/java/org/apache/ranger/biz/ServiceDBStore.java > 4fb71f0b7 > > security-admin/src/main/java/org/apache/ranger/common/RangerServicePoliciesCache.java > 1176e0b9e > security-admin/src/main/java/org/apache/ranger/db/XXPolicyChangeLogDao.java > 0a1d1c142 > > > Diff: https://reviews.apache.org/r/73301/diff/1/ > > > Testing > ------- > > Passes all unit tests. > > > Thanks, > > Abhay Kulkarni > >
