[
https://issues.apache.org/jira/browse/HDDS-4593?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Rakesh Radhakrishnan updated HDDS-4593:
---------------------------------------
Description:
OM server is presently doing ACL check access for each path separately. This
will become too costly RPC calls assume if user performs recursive delete on a
path where there are millions of sub-directories under this path.
The idea/proposal is to refine #checkAccess interface by giving
"recursiveDelete" hint and make only one single call and the implementation
classes(native or external entity) can do recursive logic in an optimized way.
{code:java}
IAccessAuthorizer#checkAccess(IOzoneObj ozoneObject, RequestContext context)
public class RequestContext {
…...
private final boolean recursiveDelete; // add new attribute
}
{code}
was:
OM server is presently doing Ranger ACL check access for each path separately.
This will become too costly RPC calls assume if user performs recursive delete
on a path where there are millions of sub-directories under this path.
The idea/proposal is to refine #checkAccess interface by giving
"recursiveDelete" hint and make only one single call to Ranger. Also, Ranger
can do an optimized approach similar to HDFS -
[Reference|https://github.com/apache/ranger/blob/master/hdfs-agent/src/main/java/org/apache/ranger/authorization/hadoop/RangerHdfsAuthorizer.java#L444]
{code:java}
IAccessAuthorizer#checkAccess(IOzoneObj ozoneObject, RequestContext context)
public class RequestContext {
…...
private final boolean recursiveDelete; // add new attribute
}
{code}
> Refine IAccessAuthorizer interface to do recursive ACL check on a path
> ----------------------------------------------------------------------
>
> Key: HDDS-4593
> URL: https://issues.apache.org/jira/browse/HDDS-4593
> Project: Hadoop Distributed Data Store
> Issue Type: Sub-task
> Reporter: Rakesh Radhakrishnan
> Assignee: Ke-Yi Sung
> Priority: Major
>
> OM server is presently doing ACL check access for each path separately. This
> will become too costly RPC calls assume if user performs recursive delete on
> a path where there are millions of sub-directories under this path.
> The idea/proposal is to refine #checkAccess interface by giving
> "recursiveDelete" hint and make only one single call and the implementation
> classes(native or external entity) can do recursive logic in an optimized way.
>
> {code:java}
> IAccessAuthorizer#checkAccess(IOzoneObj ozoneObject, RequestContext context)
> public class RequestContext {
> …...
> private final boolean recursiveDelete; // add new attribute
> }
> {code}
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
