This is an automated email from the ASF dual-hosted git repository.
roryqi pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/gravitino.git
The following commit(s) were added to refs/heads/main by this push:
new d97f25fafa [#9170] improvement(authz): Avoid overhead when
authorization plugin is empty (#10053)
d97f25fafa is described below
commit d97f25fafa5b4ec6969888afc37c127e51a50b5c
Author: roryqi <[email protected]>
AuthorDate: Mon Mar 2 15:21:31 2026 +0800
[#9170] improvement(authz): Avoid overhead when authorization plugin is
empty (#10053)
### What changes were proposed in this pull request?
Avoid overhead when authorization plugin is empty
### Why are the changes needed?
Fix: #9170
### Does this PR introduce _any_ user-facing change?
No.
### How was this patch tested?
Test by hand.
---
.../authorization/FutureGrantManager.java | 28 ++++++++++------------
1 file changed, 13 insertions(+), 15 deletions(-)
diff --git
a/core/src/main/java/org/apache/gravitino/authorization/FutureGrantManager.java
b/core/src/main/java/org/apache/gravitino/authorization/FutureGrantManager.java
index b6aee4b1c8..3b828d9faa 100644
---
a/core/src/main/java/org/apache/gravitino/authorization/FutureGrantManager.java
+++
b/core/src/main/java/org/apache/gravitino/authorization/FutureGrantManager.java
@@ -57,15 +57,20 @@ public class FutureGrantManager {
public void grantNewlyCreatedCatalog(String metalake, BaseCatalog catalog) {
try {
+ AuthorizationPlugin authorizationPlugin =
catalog.getAuthorizationPlugin();
+
+ if (authorizationPlugin == null) {
+ // If the authorization plugin is null, it means the catalog does not
support authorization,
+ // so we can skip the future grant process to avoid overhead.
+ return;
+ }
MetadataObject metalakeObject =
MetadataObjects.of(null, metalake, MetadataObject.Type.METALAKE);
Optional<Owner> ownerOptional = ownerDispatcher.getOwner(metalake,
metalakeObject);
+
ownerOptional.ifPresent(
owner -> {
- AuthorizationPlugin authorizationPlugin =
catalog.getAuthorizationPlugin();
- if (authorizationPlugin != null) {
- authorizationPlugin.onOwnerSet(metalakeObject, null, owner);
- }
+ authorizationPlugin.onOwnerSet(metalakeObject, null, owner);
});
Map<UserEntity, Set<RoleEntity>> userGrantRoles = Maps.newHashMap();
@@ -129,20 +134,13 @@ public class FutureGrantManager {
}
for (Map.Entry<UserEntity, Set<RoleEntity>> entry :
userGrantRoles.entrySet()) {
- AuthorizationPlugin authorizationPlugin =
catalog.getAuthorizationPlugin();
- if (authorizationPlugin != null) {
- authorizationPlugin.onGrantedRolesToUser(
- Lists.newArrayList(entry.getValue()), entry.getKey());
- }
+ authorizationPlugin.onGrantedRolesToUser(
+ Lists.newArrayList(entry.getValue()), entry.getKey());
}
for (Map.Entry<GroupEntity, Set<RoleEntity>> entry :
groupGrantRoles.entrySet()) {
- AuthorizationPlugin authorizationPlugin =
catalog.getAuthorizationPlugin();
-
- if (authorizationPlugin != null) {
- authorizationPlugin.onGrantedRolesToGroup(
- Lists.newArrayList(entry.getValue()), entry.getKey());
- }
+ authorizationPlugin.onGrantedRolesToGroup(
+ Lists.newArrayList(entry.getValue()), entry.getKey());
}
} catch (IOException e) {
throw new RuntimeException(e);
