Yair Zaslavsky has uploaded a new change for review. Change subject: aaa: Optimize fetchPrincipalIdsRecursively ......................................................................
aaa: Optimize fetchPrincipalIdsRecursively The following optimization is introruced: a. Not using recursive groups resolving - performing manual recursion instead b. During the manual recrusion - don't fetch groups that were already fetched Change-Id: I095bb91810e25d345fcd053cbd51d1d25a4b494d Signed-off-by: Yair Zaslavsky <[email protected]> --- M backend/manager/modules/aaa/src/main/java/org/ovirt/engine/core/aaa/AuthzUtils.java 1 file changed, 51 insertions(+), 1 deletion(-) git pull ssh://gerrit.ovirt.org:29418/ovirt-engine refs/changes/80/29880/1 diff --git a/backend/manager/modules/aaa/src/main/java/org/ovirt/engine/core/aaa/AuthzUtils.java b/backend/manager/modules/aaa/src/main/java/org/ovirt/engine/core/aaa/AuthzUtils.java index a8abdd3..0459ebd 100644 --- a/backend/manager/modules/aaa/src/main/java/org/ovirt/engine/core/aaa/AuthzUtils.java +++ b/backend/manager/modules/aaa/src/main/java/org/ovirt/engine/core/aaa/AuthzUtils.java @@ -1,12 +1,19 @@ package org.ovirt.engine.core.aaa; import java.util.ArrayList; +import java.util.Collections; +import java.util.HashMap; +import java.util.HashSet; import java.util.List; +import java.util.Map; +import java.util.Set; import org.ovirt.engine.api.extensions.Base; import org.ovirt.engine.api.extensions.ExtMap; import org.ovirt.engine.api.extensions.aaa.Authn; import org.ovirt.engine.api.extensions.aaa.Authz; +import org.ovirt.engine.api.extensions.aaa.Authz.GroupRecord; +import org.ovirt.engine.api.extensions.aaa.Authz.PrincipalRecord; import org.ovirt.engine.core.extensions.mgr.ExtensionProxy; public class AuthzUtils { @@ -43,7 +50,50 @@ final ExtensionProxy extension, final String namespace, final List<String> ids) { - return findPrincipalsByIds(extension, namespace, ids, true, true); + + Map<String, ExtMap> groupsCache = new HashMap<>(); + Set<String> idsToFetch = new HashSet<>(); + List<ExtMap> principals = findPrincipalsByIds(extension, namespace, ids, true, false); + for (ExtMap principal : principals) { + for (ExtMap memberOf : principal.get(PrincipalRecord.GROUPS, Collections.<ExtMap> emptyList())) { + idsToFetch.add(memberOf.<String> get(PrincipalRecord.ID)); + } + } + while (!idsToFetch.isEmpty()) { + List<ExtMap> groups = + findGroupRecordsByIds(extension, namespace, new ArrayList<String>(idsToFetch), true, false); + idsToFetch.clear(); + for (ExtMap group : groups) { + groupsCache.put(group.<String> get(GroupRecord.ID), group); + for (ExtMap memberOf : group.get(GroupRecord.GROUPS, Collections.<ExtMap> emptyList())) { + if (!groupsCache.containsKey(memberOf.get(GroupRecord.ID))) { + idsToFetch.add(memberOf.<String> get(GroupRecord.ID)); + } + } + } + } + // After the groups are fetched, the "group membership" tree for the principals should be modified accordingly. + for (ExtMap principal : principals) { + List<ExtMap> groups = new ArrayList<>(); + for (ExtMap memberOf : principal.get(PrincipalRecord.GROUPS, Collections.<ExtMap> emptyList())) { + groups.add(groupsCache.get(memberOf.get(GroupRecord.ID))); + } + principal.put(PrincipalRecord.GROUPS, groups); + constructGroupsMembershipTree(groups, groupsCache); + + } + return principals; + } + + private static void constructGroupsMembershipTree(List<ExtMap> groups, Map<String, ExtMap> groupsCache) { + for (ExtMap group: groups) { + List<ExtMap> membersOf = new ArrayList<>(); + for (ExtMap memberOf : group.get(GroupRecord.GROUPS, Collections.<ExtMap> emptyList())) { + membersOf.add(groupsCache.get(memberOf.get(GroupRecord.ID))); + } + group.put(GroupRecord.GROUPS, membersOf); + constructGroupsMembershipTree(membersOf, groupsCache); + } } public static List<ExtMap> queryPrincipalRecords( -- To view, visit http://gerrit.ovirt.org/29880 To unsubscribe, visit http://gerrit.ovirt.org/settings Gerrit-MessageType: newchange Gerrit-Change-Id: I095bb91810e25d345fcd053cbd51d1d25a4b494d Gerrit-PatchSet: 1 Gerrit-Project: ovirt-engine Gerrit-Branch: master Gerrit-Owner: Yair Zaslavsky <[email protected]> _______________________________________________ Engine-patches mailing list [email protected] http://lists.ovirt.org/mailman/listinfo/engine-patches
