[kudu-CR] [authz] new SentryAuthzProvider's caching strategy

Fri, 19 Apr 2019 19:19:32 -0700 

Alexey Serbin has posted comments on this change. ( 
http://gerrit.cloudera.org:8080/13069 )

Change subject: [authz] new SentryAuthzProvider's caching strategy
......................................................................


Patch Set 2:

(3 comments)

http://gerrit.cloudera.org:8080/#/c/13069/2/src/kudu/master/sentry_privileges_fetcher.cc
File src/kudu/master/sentry_privileges_fetcher.cc:

http://gerrit.cloudera.org:8080/#/c/13069/2/src/kudu/master/sentry_privileges_fetcher.cc@541
PS2, Line 541: auto handle = cache_->Get(e);
             :       if (!handle) {
             :         continue;
             :       }
             :       handles.emplace_back(std::move(handle));
> We're now doing Get() in a loop. Does this mean that we might go to Sentry
No, it does not -- those are queries to the cache.


http://gerrit.cloudera.org:8080/#/c/13069/2/src/kudu/master/sentry_privileges_fetcher.cc@548
PS2, Line 548:   if (!handles.empty()) {
             :     SentryPrivilegesBranch result;
             :     for (const auto& e : handles) {
             :       DCHECK(e);
             :       result.Merge(e.value());
             :     }
             :     *privileges = std::move(result);
             :     return Status::OK();
             :   }
> Yeah this is a bug:
This is addressed now.


http://gerrit.cloudera.org:8080/#/c/13069/2/src/kudu/master/sentry_privileges_fetcher.cc@610
PS2, Line 610: requested_scope >= SentryAuthorizableScope::TABLE
> This seems to be tied to the implementation/order of the enums instead of t
Yeah, but it makes sense to keep in that order that reflect the hierarchy.  I'm 
not sure Implies() is clearer, at least for me Implies() is much more obscure.  
IMO, in the context of PrivilegeFetcher it's easier to reason about hierarchy 
in terms of level.



--
To view, visit http://gerrit.cloudera.org:8080/13069
To unsubscribe, visit http://gerrit.cloudera.org:8080/settings

Gerrit-Project: kudu
Gerrit-Branch: master
Gerrit-MessageType: comment
Gerrit-Change-Id: Id96181345e357a104e28314d8d8d88633dcf9608
Gerrit-Change-Number: 13069
Gerrit-PatchSet: 2
Gerrit-Owner: Alexey Serbin <aser...@cloudera.com>
Gerrit-Reviewer: Alexey Serbin <aser...@cloudera.com>
Gerrit-Reviewer: Andrew Wong <aw...@cloudera.com>
Gerrit-Reviewer: Hao Hao <hao....@cloudera.com>
Gerrit-Reviewer: Kudu Jenkins (120)
Gerrit-Comment-Date: Sat, 20 Apr 2019 02:19:07 +0000
Gerrit-HasComments: Yes

Reply via email to