Hello Kudu Jenkins, Andrew Wong, Hao Hao, I'd like you to reexamine a change. Please visit
http://gerrit.cloudera.org:8080/13069 to look at the new patch set (#2). Change subject: [authz] updated SentryAuthzProvider caching strategy ...................................................................... [authz] updated SentryAuthzProvider caching strategy This patch updates the way how the privilege cache in SentryAuthzProvider is populated. Prior to this patch, only one entry per sanitized Sentry's response was created. With this patch, a response may be split into two entries: one contains server- and database-scope privileges, and another contains table- and column-scope privileges. Of course, it also changes the lookup process: now it's necessary to search for two entries in the cache if looking up for information related to table-level authz scope. The new caching strategy leverages the fact that Sentry includes privileges granted on authorizables of higher scopes in the hierarchy, if any. The new strategy is beneficial in cases when a user has privileges granted on database, and those privileges imply privileges on tables and columns. In that case, once there was a request to authorize an action on one table or a column of that table, next request to authorize an action on another table or column of another table will hit the cache, avoiding extra RPC to Sentry. Another example that benefits from the new caching scheme is AuthorizeDropTable(tableA) followed by AuthorizeCreateTable(tableA). Change-Id: Id96181345e357a104e28314d8d8d88633dcf9608 --- M src/kudu/master/sentry_authz_provider-test.cc M src/kudu/master/sentry_privileges_fetcher.cc M src/kudu/master/sentry_privileges_fetcher.h 3 files changed, 208 insertions(+), 36 deletions(-) git pull ssh://gerrit.cloudera.org:29418/kudu refs/changes/69/13069/2 -- To view, visit http://gerrit.cloudera.org:8080/13069 To unsubscribe, visit http://gerrit.cloudera.org:8080/settings Gerrit-Project: kudu Gerrit-Branch: master Gerrit-MessageType: newpatchset Gerrit-Change-Id: Id96181345e357a104e28314d8d8d88633dcf9608 Gerrit-Change-Number: 13069 Gerrit-PatchSet: 2 Gerrit-Owner: Alexey Serbin <aser...@cloudera.com> Gerrit-Reviewer: Andrew Wong <aw...@cloudera.com> Gerrit-Reviewer: Hao Hao <hao....@cloudera.com> Gerrit-Reviewer: Kudu Jenkins (120)