GitHub user robertamarton opened a pull request:
https://github.com/apache/incubator-trafodion/pull/523
TRAFODION [2025] Initialize authorization cannot be run in a DDL transaction
As part of DDL transaction work, there is a goal to run all DDL and DDL like
operations in a single DDL transaction. This delivery changes initialize
trafodion and initialize authorization to make this happen.
Prior to DDL transactions, initialize authorization would either add or drop
authorization support. Part of this required that all compiler processes
associated with the master process be killed to clear out information stored
in memory. When DDL transactions were added, killing the compiler processes
caused the DDL transaction to abort. This means that initialize
authorization
could not be run in DDL transations. Initialize trafodion calls initialize
authorization when security is enabled, so initialize trafodion was not
enabled to run in DDL transactions.
You can merge this pull request into a Git repository by running:
$ git pull https://github.com/robertamarton/incubator-trafodion initauth
Alternatively you can review and apply these changes as the patch at:
https://github.com/apache/incubator-trafodion/pull/523.patch
To close this pull request, make a commit to your master/trunk branch
with (at least) the following in the commit message:
This closes #523
----
commit 626370ee584eb5c3c847c01cd8615f204d29c3ff
Author: Roberta Marton <roberta.mar...@apache.org>
Date: 2016-06-05T19:43:17Z
TRAFODION [2025] Initialize authorization cannot be run in a DDL transaction
As part of DDL transaction work, there is a goal to run all DDL and DDL like
operations in a single DDL transaction. This delivery changes initialize
trafodion and initialize authorization to make this happen.
Prior to DDL transactions, initialize authorization would either add or drop
authorization support. Part of this required that all compiler processes
associated with the master process be killed to clear out information stored
in memory. When DDL transactions were added, killing the compiler processes
caused the DDL transaction to abort. This means that initialize
authorization
could not be run in DDL transation. Initialize trafodion calls initialize
authorization when security is enabled, so initialize trafodion was not able
to run in DDL transactions.
A change was made to send a CmpMessageDatabaseUser request to the child
arkcmp
processes after authorization was initialized or dropped. This request is
reponsible for setting appropriate memory attributes so we no longer require
arkcmps to be terminated. Changes were piggy backed on current support that
sends usernames and IDs to child arkcmps.
A new method called ContextCli::updateMxcmpSession is called during
initialize
and drop requests. This calls send a message to associated arkcmp process
to
update session attributes for user information. It then propagates the
message
to other child arkcmp processes.
To make this work, the following code was changed to generate and recognize
the
new message format:
CmpStatement.cpp (process - CmpMessageDatabaseUser)
Context.cpp (createMxcmpSession & updateMxcmpSession)
ExSqlComp.cpp (resendControls)
The following was changed to support DDL transactions:
CmpSeabaseDDLcommon.cpp (initSeabaseAuthorization &
dropSeabaseAuthorization)
GenPreCode.cpp (allow DDL transaction for initialize trafodion)
SqlciErrors.txt (allow initialize authorization to succeed with warnings)
This also includes a change on how Trafodion processes alter user operations
that allow predefined users to be modified by someone with the correct
privileges.
----
---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastruct...@apache.org or file a JIRA ticket
with INFRA.
---
