----------------------------------------------------------- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/74464/#review225508 -----------------------------------------------------------
Pradeep - it will help to provide a REST endpoint (like: /public/v2/admin/purge?type=login_records&retentionDays=180) to trigger cleaning up of x_auth_sess table data. This will enable admins to setup scripts to periodically purge records, without having to restart Ranger admin server. With this API in place, Ranger can call this API on startup if configured: ranger.admin.init.purge.login_records=true ranger.admin.init.purge.login_records.retention.days=180 - Madhan Neethiraj On June 2, 2023, 9:07 a.m., Pradeep Agrawal wrote: > > ----------------------------------------------------------- > This is an automatically generated e-mail. To reply, visit: > https://reviews.apache.org/r/74464/ > ----------------------------------------------------------- > > (Updated June 2, 2023, 9:07 a.m.) > > > Review request for ranger, Abhishek Kumar, Dineshkumar Yadav, Kishor > Gollapalliwar, Abhay Kulkarni, Madhan Neethiraj, Nikhil P, Pradeep Agrawal, > Ramesh Mani, Sailaja Polavarapu, and Velmurugan Periasamy. > > > Bugs: RANGER-4255 > https://issues.apache.org/jira/browse/RANGER-4255 > > > Repository: ranger > > > Description > ------- > > **Problem Statement:** Currently ranger authentication entries are being > stored in x_auth_sess table which may have lot of entries in few days. User > need to manually remove the entries from x_auth_sess table time to time in > order to maintain disk space or handle disk space issues in a production env. > > **Proposed Solution:** This patch exposes a ranger config > "ranger.admin.auth_sessions.retention.time.in.days" which accepts numerical > values in days. During the start of ranger-admin x_auth_sess table entries > older than the mentioned days shall be removed. By default current > implementation will work as is because default value is set to -1. > > Value greater than 0 provided for the config > "ranger.admin.auth_sessions.retention.time.in.days" shall enable this feature > and during every restart of ranger x_auth_sess entries old than given days > shall be deleted. > > **Note:** The proposed implementation shall not delete entries every day as > there is no daemon process shall be running at the background, hence deletion > of entries shall be attempted only during the start of ranger. > > > Diffs > ----- > > security-admin/src/main/java/org/apache/ranger/biz/ServiceDBStore.java > 04aee289e > security-admin/src/main/java/org/apache/ranger/db/XXAuthSessionDao.java > c3bd13c63 > security-admin/src/main/resources/META-INF/jpa_named_queries.xml 2baf53673 > security-admin/src/main/resources/conf.dist/ranger-admin-site.xml 839cf180a > > > Diff: https://reviews.apache.org/r/74464/diff/1/ > > > Testing > ------- > > Added "ranger.admin.auth_sessions.retention.time.in.days" in > ranger-admin-site.xml with value 2 and restart the ranger-admin. > Verified the entries of x_auth_sess table after restart and it does not have > entries older than 2 days. > > > Thanks, > > Pradeep Agrawal > >
