> On Aug. 16, 2018, 8:26 p.m., Na Li wrote: > > sentry-service/sentry-service-server/src/main/java/org/apache/sentry/api/generic/thrift/SentryGenericPolicyProcessor.java > > Line 588 (original), 588 (patched) > > <https://reviews.apache.org/r/64661/diff/5/?file=2073587#file2073587line588> > > > > can you change the API to return Set<TSentryRole>? like what's in the > > following code? It is even simplier. > > > > "roleSet = sentryStore.getTSentryRolesByGroupName(groups, > > checkAllGroups);" > > > > > > https://github.com/apache/sentry/blob/master/sentry-service/sentry-service-server/src/main/java/org/apache/sentry/api/service/thrift/SentryPolicyStoreProcessor.java#L646 > > Arjun Mishra wrote: > Lina, there are two types of TSentryRole, > org.apache.sentry.api.generic.thrift.TSentryRole, and > org.apache.sentry.api.service.thrift.TSentryRole > > Na Li wrote: > 1) DelegateSentryStore.getRolesByGroups gets > org.apache.sentry.api.service.thrift.TSentryRole right now, then return list > of role names > 2) You can add a new function in DelegateSentryStore.getRolesByGroups to > get org.apache.sentry.api.service.thrift.TSentryRole, and then return set of > org.apache.sentry.api.generic.thrift.TSentryRole, which can be returned by > SentryGenericPolicyProcessor.list_sentry_roles_by_group > > org.apache.sentry.api.service.thrift.TSentryRole is defined in > sentry_policy_service.thrift > > struct TSentryRole { > 1: required string roleName, > 2: required set<TSentryGroup> groups, > 3: required string grantorPrincipal #Deprecated > } > > org.apache.sentry.api.generic.thrift.TSentryRole is defined in > sentry_generic_policy_service.thrift > struct TSentryRole { > 1: required string roleName, > 2: required set<string> groups > } > > as you can see, you can easily convert > org.apache.sentry.api.service.thrift.TSentryRole to > org.apache.sentry.api.generic.thrift.TSentryRole
I ended up doing that - Arjun ----------------------------------------------------------- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/64661/#review207431 ----------------------------------------------------------- On Aug. 16, 2018, 7:55 p.m., Arjun Mishra wrote: > > ----------------------------------------------------------- > This is an automatically generated e-mail. To reply, visit: > https://reviews.apache.org/r/64661/ > ----------------------------------------------------------- > > (Updated Aug. 16, 2018, 7:55 p.m.) > > > Review request for sentry, kalyan kumar kalvagadda, Na Li, Steve Moist, and > Sergio Pena. > > > Bugs: SENTRY-1944 > https://issues.apache.org/jira/browse/SENTRY-1944 > > > Repository: sentry > > > Description > ------- > > When Solr is using Sentry server for authorization, it issues a lot of calls > to getGroupsByRoles() function in DelegateSentryStore. > > This function isn't very efficient - it walks over each role in the set, > obtains role by name, get groups for each role, and collects all group names > into a set. > > It may be possible to optimize it. > > Also, in SentryGenericPolicyProcessor class method > list_sentry_roles_by_group() would make N transactions to build the roles to > set of groups map. Instead, make it to a single transaction. This will > significantly speed up operation > > Attach one or more files to this issue > > > Diffs > ----- > > > sentry-service/sentry-service-server/src/main/java/org/apache/sentry/api/generic/thrift/SentryGenericPolicyProcessor.java > 1cc4b1b37 > > sentry-service/sentry-service-server/src/main/java/org/apache/sentry/provider/db/generic/service/persistent/DelegateSentryStore.java > 3026a6225 > > sentry-service/sentry-service-server/src/main/java/org/apache/sentry/provider/db/generic/service/persistent/SentryStoreLayer.java > eec2757d3 > > sentry-service/sentry-service-server/src/test/java/org/apache/sentry/api/generic/thrift/TestSentryGenericPolicyProcessor.java > 4c207e9b4 > > sentry-service/sentry-service-server/src/test/java/org/apache/sentry/provider/db/generic/service/persistent/TestDelegateSentryStore.java > 69d16238f > > > Diff: https://reviews.apache.org/r/64661/diff/5/ > > > Testing > ------- > > mvn -f sentry-provider/sentry-provider-db/pom.xml test > > > Thanks, > > Arjun Mishra > >
