You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@impala.apache.org by ta...@apache.org on 2019/06/18 16:39:48 UTC

[impala] 03/05: IMPALA-8671: Do not re-create RangerAuthorizationChecker instance on catalog update

This is an automated email from the ASF dual-hosted git repository.

tarmstrong pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/impala.git

commit 0415130a8e764575adc7d0a38e0ed5597d249307
Author: Fredy Wijaya <fw...@cloudera.com>
AuthorDate: Mon Jun 17 14:51:59 2019 -0500

    IMPALA-8671: Do not re-create RangerAuthorizationChecker instance on catalog update
    
    This patch fixes the issue where RangerAuthorizationChecker instance
    gets created on every catalog update, which can impact the performance
    due to the need to re-initialize the Ranger plugin. Unlike
    SentryAuthorizationChecker which is stateful (it uses
    AuthorizationPolicy), RangerAuthorizationChecker is stateless and we can
    reuse the same instance of it.
    
    Testing:
    - Ran FE tests
    - Ran E2E authorization tests
    
    Change-Id: Iabd5c1b5c7cafc7a03681def0c0f6f775d690c41
    Reviewed-on: http://gerrit.cloudera.org:8080/13663
    Reviewed-by: Todd Lipcon <to...@apache.org>
    Tested-by: Impala Public Jenkins <im...@cloudera.com>
---
 .../impala/authorization/ranger/RangerAuthorizationFactory.java  | 9 ++++++++-
 1 file changed, 8 insertions(+), 1 deletion(-)

diff --git a/fe/src/main/java/org/apache/impala/authorization/ranger/RangerAuthorizationFactory.java b/fe/src/main/java/org/apache/impala/authorization/ranger/RangerAuthorizationFactory.java
index 13eac99..c4711b1 100644
--- a/fe/src/main/java/org/apache/impala/authorization/ranger/RangerAuthorizationFactory.java
+++ b/fe/src/main/java/org/apache/impala/authorization/ranger/RangerAuthorizationFactory.java
@@ -36,10 +36,12 @@ import java.util.function.Supplier;
  */
 public class RangerAuthorizationFactory implements AuthorizationFactory {
   private final AuthorizationConfig authzConfig_;
+  private final RangerAuthorizationChecker authzChecker_;
 
   public RangerAuthorizationFactory(BackendConfig backendConfig) {
     Preconditions.checkNotNull(backendConfig);
     authzConfig_ = newAuthorizationConfig(backendConfig);
+    authzChecker_ = new RangerAuthorizationChecker(authzConfig_);
   }
 
   /**
@@ -49,6 +51,7 @@ public class RangerAuthorizationFactory implements AuthorizationFactory {
   public RangerAuthorizationFactory(AuthorizationConfig authzConfig) {
     Preconditions.checkNotNull(authzConfig);
     authzConfig_ = authzConfig;
+    authzChecker_ = new RangerAuthorizationChecker(authzConfig_);
   }
 
   private static AuthorizationConfig newAuthorizationConfig(BackendConfig backendConfig) {
@@ -72,7 +75,11 @@ public class RangerAuthorizationFactory implements AuthorizationFactory {
 
   @Override
   public AuthorizationChecker newAuthorizationChecker(AuthorizationPolicy authzPolicy) {
-    return new RangerAuthorizationChecker(authzConfig_);
+    // Do not create a new instance of RangerAuthorizationChecker. It is unnecessary
+    // since RangerAuthorizationChecker is stateless and creating a new instance of
+    // RangerAuthorizationChecker can be expensive due to the need to re-initialize the
+    // Ranger plugin.
+    return authzChecker_;
   }
 
   @Override