You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@impala.apache.org by ta...@apache.org on 2019/06/18 16:39:48 UTC
[impala] 03/05: IMPALA-8671: Do not re-create
RangerAuthorizationChecker instance on catalog update
This is an automated email from the ASF dual-hosted git repository.
tarmstrong pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/impala.git
commit 0415130a8e764575adc7d0a38e0ed5597d249307
Author: Fredy Wijaya <fw...@cloudera.com>
AuthorDate: Mon Jun 17 14:51:59 2019 -0500
IMPALA-8671: Do not re-create RangerAuthorizationChecker instance on catalog update
This patch fixes the issue where RangerAuthorizationChecker instance
gets created on every catalog update, which can impact the performance
due to the need to re-initialize the Ranger plugin. Unlike
SentryAuthorizationChecker which is stateful (it uses
AuthorizationPolicy), RangerAuthorizationChecker is stateless and we can
reuse the same instance of it.
Testing:
- Ran FE tests
- Ran E2E authorization tests
Change-Id: Iabd5c1b5c7cafc7a03681def0c0f6f775d690c41
Reviewed-on: http://gerrit.cloudera.org:8080/13663
Reviewed-by: Todd Lipcon <to...@apache.org>
Tested-by: Impala Public Jenkins <im...@cloudera.com>
---
.../impala/authorization/ranger/RangerAuthorizationFactory.java | 9 ++++++++-
1 file changed, 8 insertions(+), 1 deletion(-)
diff --git a/fe/src/main/java/org/apache/impala/authorization/ranger/RangerAuthorizationFactory.java b/fe/src/main/java/org/apache/impala/authorization/ranger/RangerAuthorizationFactory.java
index 13eac99..c4711b1 100644
--- a/fe/src/main/java/org/apache/impala/authorization/ranger/RangerAuthorizationFactory.java
+++ b/fe/src/main/java/org/apache/impala/authorization/ranger/RangerAuthorizationFactory.java
@@ -36,10 +36,12 @@ import java.util.function.Supplier;
*/
public class RangerAuthorizationFactory implements AuthorizationFactory {
private final AuthorizationConfig authzConfig_;
+ private final RangerAuthorizationChecker authzChecker_;
public RangerAuthorizationFactory(BackendConfig backendConfig) {
Preconditions.checkNotNull(backendConfig);
authzConfig_ = newAuthorizationConfig(backendConfig);
+ authzChecker_ = new RangerAuthorizationChecker(authzConfig_);
}
/**
@@ -49,6 +51,7 @@ public class RangerAuthorizationFactory implements AuthorizationFactory {
public RangerAuthorizationFactory(AuthorizationConfig authzConfig) {
Preconditions.checkNotNull(authzConfig);
authzConfig_ = authzConfig;
+ authzChecker_ = new RangerAuthorizationChecker(authzConfig_);
}
private static AuthorizationConfig newAuthorizationConfig(BackendConfig backendConfig) {
@@ -72,7 +75,11 @@ public class RangerAuthorizationFactory implements AuthorizationFactory {
@Override
public AuthorizationChecker newAuthorizationChecker(AuthorizationPolicy authzPolicy) {
- return new RangerAuthorizationChecker(authzConfig_);
+ // Do not create a new instance of RangerAuthorizationChecker. It is unnecessary
+ // since RangerAuthorizationChecker is stateless and creating a new instance of
+ // RangerAuthorizationChecker can be expensive due to the need to re-initialize the
+ // Ranger plugin.
+ return authzChecker_;
}
@Override