Review Request 74464: RANGER-4255: Introduce option in Ranger to control retention period of x_auth_sess table data

Fri, 02 Jun 2023 02:08:05 -0700 

-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/74464/
-----------------------------------------------------------

Review request for ranger, Abhishek  Kumar, Dineshkumar Yadav, Kishor 
Gollapalliwar, Abhay Kulkarni, Madhan Neethiraj, Nikhil P, Pradeep Agrawal, 
Ramesh Mani, Sailaja Polavarapu, and Velmurugan Periasamy.


Bugs: RANGER-4255
    https://issues.apache.org/jira/browse/RANGER-4255


Repository: ranger


Description
-------

**Problem Statement:** Currently ranger authentication entries are being stored 
in x_auth_sess table which may have lot of entries in few days. User need to 
manually remove the entries from x_auth_sess table time to time in order to 
maintain disk space or handle disk space issues in a production env.

**Proposed Solution:** This patch exposes a ranger config 
"ranger.admin.auth_sessions.retention.time.in.days" which accepts numerical 
values in days. During the start of ranger-admin x_auth_sess table entries 
older than the mentioned days shall be removed. By default current 
implementation will work as is because default value is set to -1.

Value greater than 0 provided for the config 
"ranger.admin.auth_sessions.retention.time.in.days" shall enable this feature 
and during every restart of ranger x_auth_sess entries old than given days 
shall be deleted.

**Note:** The proposed implementation shall not delete entries every day as 
there is no daemon process shall be running at the background, hence deletion 
of entries shall be attempted only during the start of ranger.


Diffs
-----

  security-admin/src/main/java/org/apache/ranger/biz/ServiceDBStore.java 
04aee289e 
  security-admin/src/main/java/org/apache/ranger/db/XXAuthSessionDao.java 
c3bd13c63 
  security-admin/src/main/resources/META-INF/jpa_named_queries.xml 2baf53673 
  security-admin/src/main/resources/conf.dist/ranger-admin-site.xml 839cf180a 


Diff: https://reviews.apache.org/r/74464/diff/1/


Testing
-------

Added "ranger.admin.auth_sessions.retention.time.in.days" in 
ranger-admin-site.xml with value 2 and restart the ranger-admin.
Verified the entries of x_auth_sess table after restart and it does not have 
entries older than 2 days.


Thanks,

Pradeep Agrawal

Reply via email to