d8tltanc commented on a change in pull request #9485:
URL: https://github.com/apache/kafka/pull/9485#discussion_r534763817
##########
File path:
jmh-benchmarks/src/main/java/org/apache/kafka/jmh/acl/AclAuthorizerBenchmark.java
##########
@@ -115,45 +122,62 @@ private void setFieldValue(Object obj, String fieldName,
Object value) throws Ex
Set<AclEntry> entries = aclEntries.computeIfAbsent(resource, k ->
new HashSet<>());
- for (int aclId = 0; aclId < aclCount; aclId++) {
- AccessControlEntry ace = new
AccessControlEntry(principal.toString() + aclId,
- "*", AclOperation.READ, AclPermissionType.ALLOW);
- entries.add(new AclEntry(ace));
+ for (int aclId = 0; aclId < aclCount / 2; aclId++) {
+ String acePrinciple = principal.toString() + (aclId == 0 ? ""
: aclId);
+ AccessControlEntry allowAce = new AccessControlEntry(
+ acePrinciple,
+ "*", AclOperation.WRITE, AclPermissionType.ALLOW);
+ AccessControlEntry denyAce = new AccessControlEntry(
+ acePrinciple,
+ "*", AclOperation.WRITE, AclPermissionType.DENY);
Review comment:
I think adding some dominant denies won't change the performance pattern
of AclAuthorizer::acls and AclAuthorizer::authorize.
1. AclAuthorizer::acls just return all the matching acls by the filter rule.
The portion btw "allow" and "deny" resources doesn't matter.
2. AclAuthorizer::authorize will iterate the and filter out the allow and
deny ACEs respectively. Since it's using ResourcePattern as its indexing
method, the portion btw "allow" and "deny" resources doesn't matter as well.
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org
