RANGER-5406 Support export policies in a segmented manner#748
Open
yunyezhang-work wants to merge 1 commit intoapache:masterfrom
Open
RANGER-5406 Support export policies in a segmented manner#748yunyezhang-work wants to merge 1 commit intoapache:masterfrom
yunyezhang-work wants to merge 1 commit intoapache:masterfrom
Conversation
vyommani
reviewed
Nov 29, 2025
security-admin/src/main/java/org/apache/ranger/common/RangerSearchUtil.java
Show resolved
Hide resolved
vyommani
reviewed
Nov 29, 2025
security-admin/src/main/java/org/apache/ranger/rest/ServiceREST.java
Outdated
Show resolved
Hide resolved
vyommani
reviewed
Nov 29, 2025
security-admin/src/main/java/org/apache/ranger/rest/ServiceREST.java
Outdated
Show resolved
Hide resolved
vyommani
reviewed
Nov 29, 2025
security-admin/src/main/java/org/apache/ranger/rest/ServiceREST.java
Outdated
Show resolved
Hide resolved
vyommani
reviewed
Dec 8, 2025
security-admin/src/main/java/org/apache/ranger/rest/ServiceREST.java
Outdated
Show resolved
Hide resolved
yunyezhang-work
force-pushed
the
master-getRangerPoliciesInRange
branch
from
b59f0d6 to
9689308
Compare
vyommani
reviewed
Dec 8, 2025
security-admin/src/main/java/org/apache/ranger/rest/ServiceREST.java
Outdated
Show resolved
Hide resolved
yunyezhang-work
force-pushed
the
master-getRangerPoliciesInRange
branch
from
9689308 to
9d6bacc
Compare
vyommani
approved these changes
Dec 9, 2025
Contributor
vyommani
left a comment
vyommani
left a comment
There was a problem hiding this comment.
The latest changes look good to me. Since I'm not the official reviewer, you'll need approval from at least one Apache reviewer.
Contributor
Author
|
@kumaab @mneethiraj Please review this PR regarding feature optimization for the export interface. |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
What changes were proposed in this pull request?
In big data production environments, customers create a massive number of policies, often reaching hundreds of thousands or even millions. Exporting the entire set of policies for disaster recovery would result in an enormous data volume and extremely slow import speeds into the backup cluster. Our current experimental data shows that importing 10,000 policies via the API is very memory-intensive and takes approximately 15 minutes. Importing 100,000 policies via the API will take 2.5h or even longer.
With an even larger number of policies, memory consumption will increase significantly, and insufficient memory can cause import interruptions. Therefore, we recommend modifying the API to allow for segmented export. This will save memory and ensure data reliability when importing to other clusters for disaster recovery.
How was this patch tested?
To manually test this feature, you can send an HTTP request to the ranger. Using a shell command as an example:
Without the segmentation parameter, calling the export API
getPoliciesInJsonwill export all policies. As shown in the figure, there are 18 policies in this environment for hdfs-xxx.curl -u$USER:$PASSWORD -XGET "http://$RANGER_HOST:$RANGER_PORT/service/plugins/policies/exportJson?serviceName=$SERVICE&checkPoliciesExists=true" -v -o export.jsonAdding the segmentation parameter will export the policies for the specified start and end position range. As shown in the figure, policies 1-5 of hdfs-xxx are exported.
curl -u$USER:$PASSWORD -XGET "http://$RANGER_HOST:$RANGER_PORT/service/plugins/policies/exportJson?serviceName=$SERVICE&checkPoliciesExists=true&beginIndex=$BEGIN_INDEX&offsetIndex=$OFFSET_INDEX" -v -o export_${BEGIN_INDEX}_${OFFSET_INDEX}.json