RANGER-2594: Improve policy validation performance during delete
Signed-off-by: Mehul Parikh <mehul@apache.org>
diff --git a/agents-common/src/main/java/org/apache/ranger/plugin/model/validation/RangerPolicyValidator.java b/agents-common/src/main/java/org/apache/ranger/plugin/model/validation/RangerPolicyValidator.java
index a854107..fb0afba 100644
--- a/agents-common/src/main/java/org/apache/ranger/plugin/model/validation/RangerPolicyValidator.java
+++ b/agents-common/src/main/java/org/apache/ranger/plugin/model/validation/RangerPolicyValidator.java
@@ -94,7 +94,7 @@
.becauseOf(error.getMessage("id"))
.build());
valid = false;
- } else if (getPolicy(id) == null) {
+ } else if (policyExists(id)) {
if (LOG.isDebugEnabled()) {
LOG.debug("No policy found for id[" + id + "]! ok!");
}
diff --git a/agents-common/src/main/java/org/apache/ranger/plugin/model/validation/RangerValidator.java b/agents-common/src/main/java/org/apache/ranger/plugin/model/validation/RangerValidator.java
index 74653b2..c4ec63b 100644
--- a/agents-common/src/main/java/org/apache/ranger/plugin/model/validation/RangerValidator.java
+++ b/agents-common/src/main/java/org/apache/ranger/plugin/model/validation/RangerValidator.java
@@ -263,6 +263,15 @@
return result;
}
+ boolean policyExists(Long id) {
+ try {
+ return _store.policyExists(id);
+ } catch (Exception e) {
+ LOG.debug("Encountred exception while retrieving policy from service store!", e);
+ return false;
+ }
+ }
+
RangerPolicy getPolicy(Long id) {
if(LOG.isDebugEnabled()) {
diff --git a/agents-common/src/main/java/org/apache/ranger/plugin/store/ServiceStore.java b/agents-common/src/main/java/org/apache/ranger/plugin/store/ServiceStore.java
index ba7407f..4af457e 100644
--- a/agents-common/src/main/java/org/apache/ranger/plugin/store/ServiceStore.java
+++ b/agents-common/src/main/java/org/apache/ranger/plugin/store/ServiceStore.java
@@ -73,6 +73,8 @@
void deletePolicy(RangerPolicy policy) throws Exception;
+ boolean policyExists(Long id) throws Exception;
+
RangerPolicy getPolicy(Long id) throws Exception;
List<RangerPolicy> getPolicies(SearchFilter filter) throws Exception;
diff --git a/security-admin/src/main/java/org/apache/ranger/biz/ServiceDBStore.java b/security-admin/src/main/java/org/apache/ranger/biz/ServiceDBStore.java
index ec44aa1..866eed9 100644
--- a/security-admin/src/main/java/org/apache/ranger/biz/ServiceDBStore.java
+++ b/security-admin/src/main/java/org/apache/ranger/biz/ServiceDBStore.java
@@ -2192,6 +2192,11 @@
}
@Override
+ public boolean policyExists(Long id) throws Exception {
+ return daoMgr.getXXPolicy().getCountById(id) > 0;
+ }
+
+ @Override
public RangerPolicy getPolicy(Long id) throws Exception {
return policyService.read(id);
}
diff --git a/security-admin/src/main/java/org/apache/ranger/db/XXPolicyDao.java b/security-admin/src/main/java/org/apache/ranger/db/XXPolicyDao.java
index b242171..4c501e4 100644
--- a/security-admin/src/main/java/org/apache/ranger/db/XXPolicyDao.java
+++ b/security-admin/src/main/java/org/apache/ranger/db/XXPolicyDao.java
@@ -40,6 +40,13 @@
super(daoManager);
}
+ public long getCountById(Long policyId) {
+ return getEntityManager()
+ .createNamedQuery("XXPolicy.countById", Long.class)
+ .setParameter("policyId", policyId)
+ .getSingleResult();
+ }
+
public XXPolicy findByNameAndServiceId(String polName, Long serviceId) {
return findByNameAndServiceIdAndZoneId(polName, serviceId, RangerSecurityZone.RANGER_UNZONED_SECURITY_ZONE_ID);
}
diff --git a/security-admin/src/main/resources/META-INF/jpa_named_queries.xml b/security-admin/src/main/resources/META-INF/jpa_named_queries.xml
index 6cc4799..bc8062c 100755
--- a/security-admin/src/main/resources/META-INF/jpa_named_queries.xml
+++ b/security-admin/src/main/resources/META-INF/jpa_named_queries.xml
@@ -266,6 +266,10 @@
<!-- XXPolicy -->
+ <named-query name="XXPolicy.countById">
+ <query>select count(obj.id) from XXPolicy obj where obj.id = :policyId</query>
+ </named-query>
+
<named-query name="XXPolicy.findByPolicyName">
<query>select obj from XXPolicy obj where obj.name = :polName order by obj.id</query>
</named-query>
