----------------------------------------------------------- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/75045/#review226537 -----------------------------------------------------------
hdfs-agent/src/main/java/org/apache/ranger/authorization/hadoop/RangerHdfsAuthorizer.java Lines 114 (patched) <https://reviews.apache.org/r/75045/#comment314780> Consider retaining the datatype of value as Set<String> (instead of List<String>). hdfs-agent/src/main/java/org/apache/ranger/authorization/hadoop/RangerHdfsAuthorizer.java Lines 121 (patched) <https://reviews.apache.org/r/75045/#comment314779> Most of these new members seem to be used to measure the performance improvements during dev testing. Consider removing them if they are not needed for production: - AUTHZ_METRICS_TEST_USER - DUMP_AUTHZ_CALL_INFO - SAVED_EVALUATIONS - SAVED_EVALUATIONS_LOG - SAVED_EVALUATIONS_LOG_INTERVAL_MS - SAVED_EVALUATIONS_NEXT_LOG_TIME - OPER_COUNTS - OPER_TIME_TAKEN - OP_COUNT_NEXT_LOG_TIME - ACCESS_TYPE_COUNTS - LOG_INTERVAL_MS - LAST_PATH_IN_THREAD - SAME_PATH_CALL_COUNT - ACE_INSTANCE_COUNT Also, consider removing class OperTimeTracker as this is likely not needed in production. hdfs-agent/src/main/java/org/apache/ranger/authorization/hadoop/RangerHdfsAuthorizer.java Lines 242 (patched) <https://reviews.apache.org/r/75045/#comment314781> Consider removing INSTANCE_INDEX and CALL_COUNT if these are not needed in production. - Madhan Neethiraj On June 11, 2024, 7:09 p.m., Abhay Kulkarni wrote: > > ----------------------------------------------------------- > This is an automatically generated e-mail. To reply, visit: > https://reviews.apache.org/r/75045/ > ----------------------------------------------------------- > > (Updated June 11, 2024, 7:09 p.m.) > > > Review request for ranger, madhan, Madhan Neethiraj, Ramesh Mani, and > Velmurugan Periasamy. > > > Bugs: RANGER-4817 > https://issues.apache.org/jira/browse/RANGER-4817 > > > Repository: ranger > > > Description > ------- > > The focus of optimizations described below is to minimize the number of times > the Ranger policy-engine is called to authorize a NameNode RPC without > modifying the Namenode authorization interface or authorization call sequence. > > This optimization is possible as the Namenode calls the authorizer more than > once to authorize some RPCs, as observed during the testing. > > The following boolean valued config parameter - > "ranger.hdfs.authz.enable.optimization" control the optimization behaviour; > default value is false which disables the optimization. > > > Diffs > ----- > > > agents-common/src/main/java/org/apache/ranger/plugin/service/RangerBasePlugin.java > 6a614bf2d > > agents-common/src/main/java/org/apache/ranger/plugin/util/RangerAccessRequestUtil.java > a56ecb268 > > hdfs-agent/src/main/java/org/apache/ranger/authorization/hadoop/RangerHdfsAuthorizer.java > b11ee62a3 > > ranger-hdfs-plugin-shim/src/main/java/org/apache/ranger/authorization/hadoop/RangerHdfsAuthorizer.java > 22d0b450d > > > Diff: https://reviews.apache.org/r/75045/diff/1/ > > > Testing > ------- > > Passes all unit tests. > Verified the optimization by setting the config parameter > "ranger.hdfs.authz.enable.optimization" to true. > > > Thanks, > > Abhay Kulkarni > >
