You are viewing a plain text version of this content. The canonical link for it is here.
Posted to jira@kafka.apache.org by GitBox <gi...@apache.org> on 2022/09/12 23:54:35 UTC

[GitHub] [kafka] akhileshchg commented on pull request #12628: KAFKA-14214: Introduce read-write lock to StandardAuthorizer for consistent ACL reads.

akhileshchg commented on PR #12628:
URL: https://github.com/apache/kafka/pull/12628#issuecomment-1244722682

   ```Benchmark                                           (aclCount)  (authorizerType)  (denyPercentage)  (resourceCount)  Mode  Cnt     Score   Error  Units
   AclAuthorizerBenchmark.testAclsIterator                     50               ACL                20           200000  avgt        730.070          ms/op
   AclAuthorizerBenchmark.testAuthorizeByResourceType          50               ACL                20           200000  avgt          0.010          ms/op
   AclAuthorizerBenchmark.testAuthorizer                       50               ACL                20           200000  avgt          4.505          ms/op
   AclAuthorizerBenchmark.testUpdateCache                      50               ACL                20           200000  avgt       1936.356          ms/op
   
   Benchmark                                           (aclCount)  (authorizerType)  (denyPercentage)  (resourceCount)  Mode  Cnt     Score   Error  Units
   AclAuthorizerBenchmark.testAclsIterator                     50             KRAFT                20           200000  avgt       2084.634          ms/op
   AclAuthorizerBenchmark.testAuthorizeByResourceType          50             KRAFT                20           200000  avgt       6180.318          ms/op
   AclAuthorizerBenchmark.testAuthorizer                       50             KRAFT                20           200000  avgt          2.768          ms/op
   AclAuthorizerBenchmark.testUpdateCache                      50             KRAFT                20           200000  avgt         ≈ 10⁻⁶          ms/op
   ```
   
   NOTE: `authorizeByResourceType` is not implemented in `StandardAuthorizer`, so it uses the default implementation in `Authorizer`, hence it is not in the same ballpark as AclAuthorizer. Similarly `updateCache` is not implemented for `StandardAuthorizer` (we use `AclMutator`, so we cannot compare the numbers).
   
   With the new implementation, StandardAuthorizer seems to be doing worse on the `AclsIterator` benchmark than `AclAuthorizer` and doing better in `testAuthorizer` which calls `Authorizer#authorize`.
   
   I updated the iterator method to only loop once through acls and the performance is in the same ballpark as AclAuthorizer.
   
   ```
   Benchmark                                           (aclCount)  (authorizerType)  (denyPercentage)  (resourceCount)  Mode  Cnt     Score   Error  Units
   AclAuthorizerBenchmark.testAclsIterator          50             KRAFT                20           200000  avgt       833.482          ms/op
   ```


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: jira-unsubscribe@kafka.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org