[jira] [Commented] (IMPALA-8671) Do not re-create a new instance of AuthorizationChecker with Ranger authorization

Tue, 18 Jun 2019 09:41:02 -0700 


    [ 
https://issues.apache.org/jira/browse/IMPALA-8671?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16866819#comment-16866819
 ] 

ASF subversion and git services commented on IMPALA-8671:
---------------------------------------------------------

Commit 0415130a8e764575adc7d0a38e0ed5597d249307 in impala's branch 
refs/heads/master from Fredy Wijaya
[ https://gitbox.apache.org/repos/asf?p=impala.git;h=0415130 ]

IMPALA-8671: Do not re-create RangerAuthorizationChecker instance on catalog 
update

This patch fixes the issue where RangerAuthorizationChecker instance
gets created on every catalog update, which can impact the performance
due to the need to re-initialize the Ranger plugin. Unlike
SentryAuthorizationChecker which is stateful (it uses
AuthorizationPolicy), RangerAuthorizationChecker is stateless and we can
reuse the same instance of it.

Testing:
- Ran FE tests
- Ran E2E authorization tests

Change-Id: Iabd5c1b5c7cafc7a03681def0c0f6f775d690c41
Reviewed-on: http://gerrit.cloudera.org:8080/13663
Reviewed-by: Todd Lipcon <t...@apache.org>
Tested-by: Impala Public Jenkins <impala-public-jenk...@cloudera.com>


> Do not re-create a new instance of AuthorizationChecker with Ranger 
> authorization
> ---------------------------------------------------------------------------------
>
>                 Key: IMPALA-8671
>                 URL: https://issues.apache.org/jira/browse/IMPALA-8671
>             Project: IMPALA
>          Issue Type: Sub-task
>          Components: Frontend
>            Reporter: Fredy Wijaya
>            Assignee: Fredy Wijaya
>            Priority: Critical
>             Fix For: Impala 3.3.0
>
>
> RangerAuthorizationChecker is stateless unlike SentryAuthorizationChecker. 
> However, in some cases, we always re-create a new instance of 
> RangerAuthorizationChecker due to the logic here: 
> https://github.com/apache/impala/blob/3bd53972cec3b8a863075cb2344115a950be848a/fe/src/main/java/org/apache/impala/service/Frontend.java#L290-L293.
>  This causes the plugin to be re-initialized, which can be expensive. The 
> solution is to reuse the same RangerAuthorizationChecker instance.



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

---------------------------------------------------------------------
To unsubscribe, e-mail: issues-all-unsubscr...@impala.apache.org
For additional commands, e-mail: issues-all-h...@impala.apache.org

Reply via email to