Uploaded image for project: 'Ranger'
  1. Ranger
  2. RANGER-3472

The createPolicy() method is not thread safe. In another word, we can create policies with same resources when creating policies concurrently

    XMLWordPrintableJSON

Details

    • Bug
    • Status: Resolved
    • Major
    • Resolution: Fixed
    • 2.1.0
    • 3.0.0
    • Ranger
    • None

    Description

      In our production environment, we happen to find that two policies exist with the same resources.In this case, when we want to modify either policy, ranger doesn't allow this operation and throws message like "Error Code : 3010 Another policy already exists for matching resource: policy-name=[hhh9], service=[default-Hdfs]". 

      I go through the source code about create policy, find that the createPolicy() in class ServiceREST is not thread safe. When we create policies concurrently, we may create several policies with the same resources.

      Attachments

        Issue Links

          is fixed by

          Sub-task - The sub-task of the issue RANGER-3493 Add unique index on service and resource_signature column of x_policy table

          • Major - Major loss of function.
          • Resolved

          Sub-task - The sub-task of the issue RANGER-3511 Create Java patch to update policy resource-signature to unique value.

          • Major - Major loss of function.
          • Resolved

          Bug - A problem which impairs or prevents the functions of the product. RANGER-3490 Make policy resource signature is unique in a service

          • Major - Major loss of function.
          • Resolved

          Activity

            People

              pradeep Pradeep Agrawal
              Xuze Yang Xuze Yang
              Votes:
              0 Vote for this issue
              Watchers:
              4 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: