[jira] [Commented] (HDFS-17478) FSPermissionChecker to avoid obtaining a new AccessControlEnforcer instance before each authz call

Wed, 17 Apr 2024 19:17:35 -0700 


    [ 
https://issues.apache.org/jira/browse/HDFS-17478?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17838426#comment-17838426
 ] 

ASF GitHub Bot commented on HDFS-17478:
---------------------------------------

mneethiraj opened a new pull request, #6749:
URL: https://github.com/apache/hadoop/pull/6749

   ### Description of PR
   Updated FsPermissionChecker to initialize accessControlEnforcer with 
INodeAttributeProvider.getExternalAccessControlEnforcer() and use this instance 
to authorize accesses, instead of calling 
INodeAttributeProvider.getExternalAccessControlEnforcer() for every 
authorization.
   
   ### How was this patch tested?
   
   
   ### For code changes:
   
   - [x] Does the title or this PR starts with the corresponding JIRA issue id 
(e.g. 'HADOOP-17799. Your PR title ...')?
   - [ ] Object storage: have the integration tests been executed and the 
endpoint declared according to the connector-specific documentation?
   - [ ] If adding new dependencies to the code, are these dependencies 
licensed in a way that is compatible for inclusion under [ASF 
2.0](http://www.apache.org/legal/resolved.html#category-a)?
   - [ ] If applicable, have you updated the `LICENSE`, `LICENSE-binary`, 
`NOTICE-binary` files?




> FSPermissionChecker to avoid obtaining a new AccessControlEnforcer instance 
> before each authz call
> --------------------------------------------------------------------------------------------------
>
>                 Key: HDFS-17478
>                 URL: https://issues.apache.org/jira/browse/HDFS-17478
>             Project: Hadoop HDFS
>          Issue Type: Improvement
>          Components: namanode
>            Reporter: Madhan Neethiraj
>            Assignee: Madhan Neethiraj
>            Priority: Major
>         Attachments: HDFS-17478.patch
>
>
> An instance of AccessControlEnforcer is obtained from the registered 
> INodeAttributeProvider before every call made to authorizer. This can be 
> avoided by initializing the AccessControlEnforcer instance during 
> construction of FsPermissionChecker and using it in every subsequent call to 
> the authorizer. This will eliminate the unnecessary overhead in highly 
> performance sensitive authz code path.
>  
> CC: [~abhay], [~arp], [~swagle]



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

---------------------------------------------------------------------
To unsubscribe, e-mail: hdfs-issues-unsubscr...@hadoop.apache.org
For additional commands, e-mail: hdfs-issues-h...@hadoop.apache.org

Reply via email to