Re: Review Request 64661: SENTRY-1944: Optimize DelegateSentryStore.getGroupsByRoles()

Alexander Kolbasov Wed, 20 Dec 2017 11:37:12 -0800


> On Dec. 18, 2017, 6:55 p.m., Alexander Kolbasov wrote:
> > sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/generic/service/persistent/DelegateSentryStore.java
> > Line 267 (original), 271 (patched)
> > <https://reviews.apache.org/r/64661/diff/3/?file=1922322#file1922322line271>
> >
> >     I think there is a way to directly test for membership in the JDOQL - 
> > can you check this?
> >     
> >     We have similar code in SentryStore which does that.
> 
> Arjun Mishra wrote:
>     Sasha not sure what exactly you are asking for? Are you asking for cases 
> when a role is not mapped to any group? Also are your comments specific to my 
> change? 
>     
>     I did look at SentryStore. There are many places in the class where we 
> addRolesFilter and run executeWithMap but I didn't see any check for 
> membership being done here.


I mean something similar to this:

      private Set<String> getRoleNamesForGroupsCore(PersistenceManager pm, 
Set<String> groups) {
         Query query = pm.newQuery(MSentryGroup.class);
         query.setFilter(":p1.contains(this.groupName)");
         List<MSentryGroup> sentryGroups = (List) 
query.execute(groups.toArray());


- Alexander


-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/64661/#review194080
-----------------------------------------------------------


On Dec. 19, 2017, 8:04 p.m., Arjun Mishra wrote:
> 
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/64661/
> -----------------------------------------------------------
> 
> (Updated Dec. 19, 2017, 8:04 p.m.)
> 
> 
> Review request for sentry, Alexander Kolbasov, Brian Towles, kalyan kumar 
> kalvagadda, Na Li, Sergio Pena, and Vadim Spector.
> 
> 
> Repository: sentry
> 
> 
> Description
> -------
> 
> When Solr is using Sentry server for authorization, it issues a lot of calls 
> to {{getGroupsByRoles()}} function in {{DelegateSentryStore}}.
> 
> This function isn't very efficient - it walks over each role in the set, 
> obtains role by name, get groups for each role, and collects all group names 
> into a set.
> 
> It may be possible to optimize it.
> 
> 
> Diffs
> -----
> 
>   
> sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/generic/service/persistent/DelegateSentryStore.java
>  4cb46abc5 
>   
> sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/provider/db/generic/service/persistent/TestDelegateSentryStore.java
>  69d16238f 
> 
> 
> Diff: https://reviews.apache.org/r/64661/diff/4/
> 
> 
> Testing
> -------
> 
> mvn -f sentry-provider/sentry-provider-db/pom.xml test
> 
> 
> Thanks,
> 
> Arjun Mishra
> 
>

Re: Review Request 64661: SENTRY-1944: Optimize DelegateSentryStore.getGroupsByRoles()

Reply via email to