[
https://issues.apache.org/jira/browse/RANGER-3472?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17428897#comment-17428897
]
Madhan Neethiraj commented on RANGER-3472:
------------------------------------------
[~Xuze Yang] - yes, unique-key constraint should include "service" as well.
However, zone_id is not needed, as the resource_signature already includes
zoneName i.e. for a given resource-set, signature will be different across
zones.
Also, I don't think including "is_enbled" will help much - as this would still
not allow multiple disabled policies to exist for a given resource-set. Until
we come up with a generic solution to handle this scenario, I would suggest
unique-key on "service" and "resource_signature".
> The createPolicy() method is not thread safe. In another word, we can create
> policies with same resources when creating policies concurrently
> ---------------------------------------------------------------------------------------------------------------------------------------------
>
> Key: RANGER-3472
> URL: https://issues.apache.org/jira/browse/RANGER-3472
> Project: Ranger
> Issue Type: Bug
> Components: Ranger
> Affects Versions: 2.1.0
> Reporter: Xuze Yang
> Priority: Major
>
> In our production environment, we happen to find that two policies exist with
> the same resources.In this case, when we want to modify either policy, ranger
> doesn't allow this operation and throws message like "*Error Code : 3010
> Another policy already exists for matching resource: policy-name=[hhh9],
> service=[default-Hdfs]*".
> I go through the source code about create policy, find that the
> createPolicy() in class ServiceREST is not thread safe. When we create
> policies concurrently, we may create several policies with the same resources.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
