[GitHub] [pinot] walterddr commented on a diff in pull request #9636: feat: Cache BCrypt checkpw to enhance pinot query performance

Fri, 21 Oct 2022 09:34:27 -0700 


walterddr commented on code in PR #9636:
URL: https://github.com/apache/pinot/pull/9636#discussion_r1001984102


##########
pinot-common/src/main/java/org/apache/pinot/common/config/provider/AccessControlUserCache.java:
##########
@@ -54,6 +58,8 @@ public class AccessControlUserCache {
     private final Map<String, UserConfig> _userControllerConfigMap = new 
ConcurrentHashMap<>();
     private final Map<String, UserConfig> _userBrokerConfigMap = new 
ConcurrentHashMap<>();
     private final Map<String, UserConfig> _userServerConfigMap = new 
ConcurrentHashMap<>();
+    private Cache<String, String> _userPasswordAuthCache = 
CacheBuilder.newBuilder()

Review Comment:
   final
   ```suggestion
       private final Cache<String, String> _userPasswordAuthCache = 
CacheBuilder.newBuilder()
   ```



##########
pinot-broker/src/main/java/org/apache/pinot/broker/broker/ZkBasicAuthAccessControlFactory.java:
##########
@@ -101,8 +101,9 @@ public boolean hasAccess(RequesterIdentity 
requesterIdentity, BrokerRequest brok
 
             Optional<ZkBasicAuthPrincipal> principalOpt =
               password2principal.entrySet().stream()
-                .filter(entry -> BcryptUtils.checkpw(entry.getKey(), 
entry.getValue().getPassword()))
-                .map(u -> u.getValue()).filter(Objects::nonNull).findFirst();
+                      .filter(entry -> 
BcryptUtils.checkpwWithCache(entry.getKey(), entry.getValue().getPassword(),
+                              _userCache.getUserPasswordAuthCache()))
+                      .map(u -> 
u.getValue()).filter(Objects::nonNull).findFirst();

Review Comment:
   i dont know what's the relationship between this and the 
`pinot-controller/src/main/java/org/apache/pinot/controller/api/access/ZkBasicAuthAccessControlFactory.java`.
 please make sure both side are consistent



##########
pinot-core/src/main/java/org/apache/pinot/server/access/ZkBasicAuthAccessFactory.java:
##########
@@ -97,7 +97,8 @@ public boolean hasDataAccess(RequesterIdentity 
requesterIdentity, String tableNa
             Map<String, ZkBasicAuthPrincipal> password2principal = 
name2password.keySet().stream()
               .collect(Collectors.toMap(name2password::get, 
_name2principal::get));
             return password2principal.entrySet().stream()
-                .filter(entry -> BcryptUtils.checkpw(entry.getKey(), 
entry.getValue().getPassword()))
+                .filter(entry -> BcryptUtils.checkpwWithCache(entry.getKey(), 
entry.getValue().getPassword(),

Review Comment:
   name it consistent with the broker one. 
   also why do we need 3? can't we just keep one in core?



-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: [email protected]

For queries about this service, please contact Infrastructure at:
[email protected]


---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

Reply via email to