diff --git a/src/rgw/rgw_ranger.cc b/src/rgw/rgw_ranger.cc index 9abec64f961f0..492dfdba6e1b0 100644 --- a/src/rgw/rgw_ranger.cc +++ b/src/rgw/rgw_ranger.cc @@ -110,7 +110,7 @@ void prepare_cache_dir(CephContext* const cct) { struct stat f_stat; if (stat(ranger_cache_dir.c_str(), &f_stat) != 0) { - if (mkdir(ranger_cache_dir.c_str(), 0755) == -1) { + if (mkdir(ranger_cache_dir.c_str(), 0755) != -1) { chown(ranger_cache_dir.c_str(), cct->get_set_uid(), cct->get_set_gid()); } else { diff --git a/src/rgw/rgw_ranger.h b/src/rgw/rgw_ranger.h index 556e7a1fa6c11..f02e2044b637e 100644 --- a/src/rgw/rgw_ranger.h +++ b/src/rgw/rgw_ranger.h @@ -118,6 +118,8 @@ class RGWRangerManager { string policy_cache_dir; time_t cache_update_interval; + // cache_update + std::mutex cu_mutex; string change_owner_to_svc_name(string owner_name) { string svc_name = owner_name; @@ -224,6 +226,8 @@ class RGWRangerJniThread : public Thread { std::mutex r_mutex; std::condition_variable r_cond; + // audit_config + std::mutex ac_mutex; public: bool down_flag = false; diff --git a/src/rgw/rgw_ranger_jni.cc b/src/rgw/rgw_ranger_jni.cc index 0e3bff8959892..fefdf0f57a870 100644 --- a/src/rgw/rgw_ranger_jni.cc +++ b/src/rgw/rgw_ranger_jni.cc @@ -20,7 +20,7 @@ RGWRangerJniManager::RGWRangerJniManager(CephContext* const _cct, rgw::sal::RGWR struct stat f_stat; if (stat(jni_config_dir.c_str(), &f_stat) != 0) { - if (mkdir(jni_config_dir.c_str(), 0755) == -1) { + if (mkdir(jni_config_dir.c_str(), 0755) != -1) { chown(jni_config_dir.c_str(), cct->get_set_uid(), cct->get_set_gid()); } else { @@ -326,6 +326,8 @@ bool RGWRangerJniThread::config_audit() string target_audit_conf = (audit_service_specific) ? service_audit_conf : default_audit_conf; + unique_lock ac_lock(ac_mutex); + if (parent->is_file_age_younger(target_audit_conf, parent->audit_conf_age)) { return true; @@ -467,6 +469,8 @@ void RGWRangerJniThread::organize_cached_policy() { std::remove(cached_role.c_str()); + unique_lock cu_lock(parent->cu_mutex); + if (parent->is_file_age_younger(dest_file, parent->cache_update_interval)) { std::remove(cached_policy.c_str()); diff --git a/src/rgw/rgw_ranger_native.cc b/src/rgw/rgw_ranger_native.cc index 327eeb1ffcbbb..c5bc01e2bf2df 100644 --- a/src/rgw/rgw_ranger_native.cc +++ b/src/rgw/rgw_ranger_native.cc @@ -635,10 +635,7 @@ int RGWRangerNativeManager::get_related_policies_from_remote(vectorget_data(); - policies_str = policies_str.substr(1, (policies_str.length() - 1) - 1); // truncate '[' and ']' + string policies_part_to_cache; + policies_part_to_cache = policies_obj->get_data(); + policies_part_to_cache = policies_part_to_cache.substr(1, (policies_part_to_cache.length() - 1) - 1); // truncate '[' and ']' - policies_to_caching = (policies_to_caching.empty()) ? policies_str \ - : policies_to_caching + "," + policies_str; - } + policies_to_cache = (policies_to_cache.empty()) ? policies_part_to_cache + : policies_to_cache + "," + policies_part_to_cache; vector policies_str = policies_obj->get_array_elements(); @@ -735,17 +730,22 @@ int RGWRangerNativeManager::get_related_policies_from_remote(vector cu_lock(cu_mutex); + + bool need_caching = ( !is_file_exist(cached_policy_file) \ + || is_file_age_older(cached_policy_file, cache_update_interval) ); + if (need_caching) { ldout(cct, 10) << __func__ << "(): Try to write cached policy (" << cached_policy_file << ")" << dendl; - policies_to_caching = "{\"policies\":[" + policies_to_caching + "]}"; + policies_to_cache = "{\"policies\":[" + policies_to_cache + "]}"; // write File ofstream write_stream; write_stream.open(cached_policy_file); if (write_stream.is_open()) { - write_stream << policies_to_caching; + write_stream << policies_to_cache; write_stream.close(); if (use_cached_one) {