[Engine-patches] Change in ovirt-engine[ovirt-engine-3.5]: aaa: Optimizing fetchPrincipalIdsRecursively

Alon Bar-Lev Fri, 18 Jul 2014 09:45:05 -0700

Hello Yair Zaslavsky,

I'd like you to do a code review.  Please visit


    http://gerrit.ovirt.org/30461

to review the following change.

Change subject: aaa: Optimizing fetchPrincipalIdsRecursively
......................................................................

aaa: Optimizing fetchPrincipalIdsRecursively

The following optimization is introruced:
a. Not using recursive groups resolving - performing manual recursion instead
b. During the manual recrusion - don't fetch groups that were already fetched

Bug-Url: https://bugzilla.redhat.com/show_bug.cgi?id=1120720
Change-Id: I095bb91810e25d345fcd053cbd51d1d25a4b494d
Signed-off-by: Yair Zaslavsky <[email protected]>
---
M 
backend/manager/modules/aaa/src/main/java/org/ovirt/engine/core/aaa/AuthzUtils.java
1 file changed, 56 insertions(+), 1 deletion(-)


  git pull ssh://gerrit.ovirt.org:29418/ovirt-engine refs/changes/61/30461/1

diff --git 
a/backend/manager/modules/aaa/src/main/java/org/ovirt/engine/core/aaa/AuthzUtils.java
 
b/backend/manager/modules/aaa/src/main/java/org/ovirt/engine/core/aaa/AuthzUtils.java
index 7c16814..2ca4eff 100644
--- 
a/backend/manager/modules/aaa/src/main/java/org/ovirt/engine/core/aaa/AuthzUtils.java
+++ 
b/backend/manager/modules/aaa/src/main/java/org/ovirt/engine/core/aaa/AuthzUtils.java
@@ -2,12 +2,22 @@
 
 import java.util.ArrayList;
 import java.util.Collection;
+import java.util.Collections;
+import java.util.HashMap;
+import java.util.List;
+import java.util.Map;
+import java.util.Map.Entry;
+import java.util.Set;
 
 import org.ovirt.engine.api.extensions.Base;
+import org.ovirt.engine.api.extensions.ExtKey;
 import org.ovirt.engine.api.extensions.ExtMap;
 import org.ovirt.engine.api.extensions.aaa.Authn;
 import org.ovirt.engine.api.extensions.aaa.Authz;
+import org.ovirt.engine.api.extensions.aaa.Authz.GroupRecord;
+import org.ovirt.engine.api.extensions.aaa.Authz.PrincipalRecord;
 import org.ovirt.engine.core.extensions.mgr.ExtensionProxy;
+import org.ovirt.engine.core.utils.collections.MultiValueMapUtils;
 
 public class AuthzUtils {
 
@@ -43,7 +53,52 @@
             final ExtensionProxy extension,
             final String namespace,
             final Collection<String> ids) {
-                return findPrincipalsByIds(extension, namespace, ids, true, 
true);
+
+        Map<String, ExtMap> groupsCache = new HashMap<>();
+        Map<String, Set<String>> idsToFetchPerNamespace = new HashMap<String, 
Set<String>>();
+        Collection<ExtMap> principals = findPrincipalsByIds(extension, 
namespace, ids, true, false);
+        for (ExtMap principal : principals) {
+            for (ExtMap memberOf : principal.get(PrincipalRecord.GROUPS, 
Collections.<ExtMap> emptyList())) {
+                addIdToFetch(idsToFetchPerNamespace, memberOf);
+            }
+        }
+        while (!idsToFetchPerNamespace.isEmpty()) {
+            List<ExtMap> groups = new ArrayList<>();
+            for (Entry<String, Set<String>> entry : 
idsToFetchPerNamespace.entrySet()) {
+                groups.addAll(findGroupRecordsByIds(extension,
+                        entry.getKey(),
+                        entry.getValue(),
+                        true,
+                        false));
+            }
+            idsToFetchPerNamespace.clear();
+            for (ExtMap group : groups) {
+                groupsCache.put(group.<String> get(GroupRecord.ID), group);
+                for (ExtMap memberOf : group.get(GroupRecord.GROUPS, 
Collections.<ExtMap> emptyList())) {
+                    if 
(!groupsCache.containsKey(memberOf.get(GroupRecord.ID))) {
+                        addIdToFetch(idsToFetchPerNamespace, memberOf);
+                    }
+                }
+            }
+        }
+        // After the groups are fetched, the "group membership" tree for the 
principals should be modified accordingly.
+        for (ExtMap principal : principals) {
+            constructGroupsMembershipTree(principal, PrincipalRecord.GROUPS, 
groupsCache);
+        }
+        return principals;
+    }
+
+    private static void addIdToFetch(Map<String, Set<String>> 
idsToFetchPerNamespace, ExtMap memberOf) {
+        
MultiValueMapUtils.addToMapOfSets(memberOf.<String>get(GroupRecord.NAMESPACE), 
memberOf.<String> get(GroupRecord.ID), idsToFetchPerNamespace);
+    }
+
+    private static void constructGroupsMembershipTree(ExtMap entity, ExtKey 
key, Map<String, ExtMap> groupsCache) {
+        List<ExtMap> groups = new ArrayList<>();
+        for (ExtMap memberOf : entity.get(key, Collections.<ExtMap> 
emptyList())) {
+            constructGroupsMembershipTree(memberOf, GroupRecord.GROUPS, 
groupsCache);
+            groups.add(groupsCache.get(memberOf.get(GroupRecord.ID)));
+        }
+        entity.put(key, groups);
     }
 
     public static Collection<ExtMap> queryPrincipalRecords(


-- 
To view, visit http://gerrit.ovirt.org/30461
To unsubscribe, visit http://gerrit.ovirt.org/settings

Gerrit-MessageType: newchange
Gerrit-Change-Id: I095bb91810e25d345fcd053cbd51d1d25a4b494d
Gerrit-PatchSet: 1
Gerrit-Project: ovirt-engine
Gerrit-Branch: ovirt-engine-3.5
Gerrit-Owner: Alon Bar-Lev <[email protected]>
Gerrit-Reviewer: Yair Zaslavsky <[email protected]>
_______________________________________________
Engine-patches mailing list
[email protected]
http://lists.ovirt.org/mailman/listinfo/engine-patches

[Engine-patches] Change in ovirt-engine[ovirt-engine-3.5]: aaa: Optimizing fetchPrincipalIdsRecursively

Reply via email to