From 7c291164006dca019b10f8d9821f13d676bc42ce Mon Sep 17 00:00:00 2001 From: bgy217 Date: Fri, 13 Oct 2023 17:18:48 +0900 Subject: [PATCH 1/2] rgw_ranger_integration: fix 'does not chown for relative directory' issue --- src/rgw/rgw_ranger.cc | 2 +- src/rgw/rgw_ranger_jni.cc | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/src/rgw/rgw_ranger.cc b/src/rgw/rgw_ranger.cc index 9abec64f961f0..492dfdba6e1b0 100644 --- a/src/rgw/rgw_ranger.cc +++ b/src/rgw/rgw_ranger.cc @@ -110,7 +110,7 @@ void prepare_cache_dir(CephContext* const cct) { struct stat f_stat; if (stat(ranger_cache_dir.c_str(), &f_stat) != 0) { - if (mkdir(ranger_cache_dir.c_str(), 0755) == -1) { + if (mkdir(ranger_cache_dir.c_str(), 0755) != -1) { chown(ranger_cache_dir.c_str(), cct->get_set_uid(), cct->get_set_gid()); } else { diff --git a/src/rgw/rgw_ranger_jni.cc b/src/rgw/rgw_ranger_jni.cc index ff4af19596021..bae9b4d225e40 100644 --- a/src/rgw/rgw_ranger_jni.cc +++ b/src/rgw/rgw_ranger_jni.cc @@ -20,7 +20,7 @@ RGWRangerJniManager::RGWRangerJniManager(CephContext* const _cct, rgw::sal::RGWR struct stat f_stat; if (stat(jni_config_dir.c_str(), &f_stat) != 0) { - if (mkdir(jni_config_dir.c_str(), 0755) == -1) { + if (mkdir(jni_config_dir.c_str(), 0755) != -1) { chown(jni_config_dir.c_str(), cct->get_set_uid(), cct->get_set_gid()); } else { From 388b2f632bb95f069a4fee19fd08dc164c424c46 Mon Sep 17 00:00:00 2001 From: bgy217 Date: Fri, 13 Oct 2023 17:20:52 +0900 Subject: [PATCH 2/2] rgw_ranger_integration: add mutex treatment for writing relative files --- src/rgw/rgw_ranger.h | 4 ++++ src/rgw/rgw_ranger_jni.cc | 4 ++++ src/rgw/rgw_ranger_native.cc | 26 +++++++++++++------------- 3 files changed, 21 insertions(+), 13 deletions(-) diff --git a/src/rgw/rgw_ranger.h b/src/rgw/rgw_ranger.h index 90449b4937d9b..56947cef1c8d4 100644 --- a/src/rgw/rgw_ranger.h +++ b/src/rgw/rgw_ranger.h @@ -117,6 +117,8 @@ class RGWRangerManager { string policy_cache_dir; time_t cache_update_interval; + // cache_update + std::mutex cu_mutex; public: RGWRangerManager(CephContext* const _cct) : cct(_cct) { @@ -215,6 +217,8 @@ class RGWRangerJniThread : public Thread { std::mutex r_mutex; std::condition_variable r_cond; + // audit_config + std::mutex ac_mutex; public: bool down_flag = false; diff --git a/src/rgw/rgw_ranger_jni.cc b/src/rgw/rgw_ranger_jni.cc index bae9b4d225e40..f59c86ec56763 100644 --- a/src/rgw/rgw_ranger_jni.cc +++ b/src/rgw/rgw_ranger_jni.cc @@ -326,6 +326,8 @@ bool RGWRangerJniThread::config_audit() string target_audit_conf = (audit_service_specific) ? service_audit_conf : default_audit_conf; + unique_lock ac_lock(ac_mutex); + if (parent->is_file_age_younger(target_audit_conf, parent->audit_conf_age)) { return true; @@ -467,6 +469,8 @@ void RGWRangerJniThread::organize_cached_policy() { std::remove(cached_role.c_str()); + unique_lock cu_lock(parent->cu_mutex); + if (parent->is_file_age_younger(dest_file, parent->cache_update_interval)) { std::remove(cached_policy.c_str()); diff --git a/src/rgw/rgw_ranger_native.cc b/src/rgw/rgw_ranger_native.cc index ccb42c3c5cc63..a0e976d50f766 100644 --- a/src/rgw/rgw_ranger_native.cc +++ b/src/rgw/rgw_ranger_native.cc @@ -636,10 +636,7 @@ int RGWRangerNativeManager::get_related_policies_from_remote(vectorget_data(); - policies_str = policies_str.substr(1, (policies_str.length() - 1) - 1); // truncate '[' and ']' + string policies_part_to_cache; + policies_part_to_cache = policies_obj->get_data(); + policies_part_to_cache = policies_part_to_cache.substr(1, (policies_part_to_cache.length() - 1) - 1); // truncate '[' and ']' - policies_to_caching = (policies_to_caching.empty()) ? policies_str \ - : policies_to_caching + "," + policies_str; - } + policies_to_cache = (policies_to_cache.empty()) ? policies_part_to_cache + : policies_to_cache + "," + policies_part_to_cache; vector policies_str = policies_obj->get_array_elements(); @@ -736,17 +731,22 @@ int RGWRangerNativeManager::get_related_policies_from_remote(vector cu_lock(cu_mutex); + + bool need_caching = ( !is_file_exist(cached_policy_file) \ + || is_file_age_older(cached_policy_file, cache_update_interval) ); + if (need_caching) { ldout(cct, 10) << __func__ << "(): Try to write cached policy (" << cached_policy_file << ")" << dendl; - policies_to_caching = "{\"policies\":[" + policies_to_caching + "]}"; + policies_to_cache = "{\"policies\":[" + policies_to_cache + "]}"; // write File ofstream write_stream; write_stream.open(cached_policy_file); if (write_stream.is_open()) { - write_stream << policies_to_caching; + write_stream << policies_to_cache; write_stream.close(); if (use_cached_one) {