Re: [PR] [feat](Authorization-plugin)Authorization framework modularization [doris]

Mon, 23 Sep 2024 06:38:29 -0700 


morningman commented on code in PR #40750:
URL: https://github.com/apache/doris/pull/40750#discussion_r1771445241


##########
fe/fe-core/src/main/java/org/apache/doris/mysql/privilege/AccessControllerManager.java:
##########
@@ -52,19 +55,51 @@ public class AccessControllerManager {
     private static final Logger LOG = 
LogManager.getLogger(AccessControllerManager.class);
 
     private Auth auth;
+    // Default access controller instance used for handling cases where no 
specific controller is specified
     private CatalogAccessController defaultAccessController;
+    // Map that stores the mapping between catalogs and their corresponding 
access controllers
     private Map<String, CatalogAccessController> ctlToCtlAccessController = 
Maps.newConcurrentMap();
+    // Cache of loaded access controller factories for quick creation of new 
access controllers
+    private ConcurrentHashMap<String, AccessControllerFactory> 
accessControllerFactoriesCache
+            = new ConcurrentHashMap<>();
+    // Mapping between access controller class names and their identifiers for 
easy lookup of factory identifiers
+    private ConcurrentHashMap<String, String> accessControllerClassNameMapping 
= new ConcurrentHashMap<>();
 
     public AccessControllerManager(Auth auth) {
         this.auth = auth;
-        if (Config.access_controller_type.equalsIgnoreCase("ranger-doris")) {
-            defaultAccessController = new 
RangerCacheDorisAccessController("doris");
-        } else {
-            defaultAccessController = new InternalAccessController(auth);
-        }
+        loadAccessControllerPlugins();
+        String accessControllerName = Config.access_controller_type;
+        this.defaultAccessController = 
loadAccessControllerOrThrow(accessControllerName);
         ctlToCtlAccessController.put(InternalCatalog.INTERNAL_CATALOG_NAME, 
defaultAccessController);
     }
 
+    private CatalogAccessController loadAccessControllerOrThrow(String 
accessControllerName) {
+        if (accessControllerName.equalsIgnoreCase("default")) {
+            return new InternalAccessController(auth);
+        }
+        if (accessControllerFactoriesCache.containsKey(accessControllerName)) {
+            Map<String, String> prop;
+            try {
+                prop = PropertiesUtils.loadAccessControllerPropertiesOrNull();
+            } catch (IOException e) {
+                throw new RuntimeException("Failed to load authorization 
properties,"
+                        + "please check the configuration file, authorization 
name is " + accessControllerName, e);
+            }
+            return 
accessControllerFactoriesCache.get(accessControllerName).createAccessController(prop);
+        }
+        throw new RuntimeException("No authorization plugin factory found for 
" + accessControllerName
+                + "Please confirm that your plugin is placed in the correct 
location.");

Review Comment:
   ```suggestion
                   + ". Please confirm that your plugin is placed in the 
correct location.");
   ```



##########
fe/fe-core/src/main/java/org/apache/doris/mysql/privilege/AccessControllerManager.java:
##########
@@ -94,23 +129,28 @@ public boolean checkIfAccessControllerExist(String ctl) {
     }
 
     public void createAccessController(String ctl, String acFactoryClassName, 
Map<String, String> prop,
-            boolean isDryRun) {
-        Class<?> factoryClazz = null;
-        try {
-            factoryClazz = Class.forName(acFactoryClassName);
-            AccessControllerFactory factory = (AccessControllerFactory) 
factoryClazz.newInstance();
-            CatalogAccessController accessController = 
factory.createAccessController(prop);
-            if (!isDryRun) {
-                ctlToCtlAccessController.put(ctl, accessController);
-                LOG.info("create access controller {} for catalog {}", ctl, 
acFactoryClassName);
-            }
-        } catch (ClassNotFoundException e) {
-            throw new RuntimeException(e);
-        } catch (InstantiationException e) {
-            throw new RuntimeException(e);
-        } catch (IllegalAccessException e) {
-            throw new RuntimeException(e);
+                                       boolean isDryRun) {
+        String pluginIdentifier = 
getPluginIdentifierForAccessController(acFactoryClassName);
+        CatalogAccessController accessController = 
accessControllerFactoriesCache.get(pluginIdentifier)
+                .createAccessController(prop);
+        if (!isDryRun) {
+            ctlToCtlAccessController.put(ctl, accessController);
+            LOG.info("create access controller {} for catalog {}", ctl, 
acFactoryClassName);

Review Comment:
   ```suggestion
               LOG.info("create access controller {} for catalog {}", 
acFactoryClassName, ctl);
   ```



##########
fe/fe-core/src/main/java/org/apache/doris/mysql/privilege/AccessControllerManager.java:
##########
@@ -52,19 +55,51 @@ public class AccessControllerManager {
     private static final Logger LOG = 
LogManager.getLogger(AccessControllerManager.class);
 
     private Auth auth;
+    // Default access controller instance used for handling cases where no 
specific controller is specified
     private CatalogAccessController defaultAccessController;
+    // Map that stores the mapping between catalogs and their corresponding 
access controllers
     private Map<String, CatalogAccessController> ctlToCtlAccessController = 
Maps.newConcurrentMap();
+    // Cache of loaded access controller factories for quick creation of new 
access controllers
+    private ConcurrentHashMap<String, AccessControllerFactory> 
accessControllerFactoriesCache
+            = new ConcurrentHashMap<>();
+    // Mapping between access controller class names and their identifiers for 
easy lookup of factory identifiers
+    private ConcurrentHashMap<String, String> accessControllerClassNameMapping 
= new ConcurrentHashMap<>();
 
     public AccessControllerManager(Auth auth) {
         this.auth = auth;
-        if (Config.access_controller_type.equalsIgnoreCase("ranger-doris")) {
-            defaultAccessController = new 
RangerCacheDorisAccessController("doris");
-        } else {
-            defaultAccessController = new InternalAccessController(auth);
-        }
+        loadAccessControllerPlugins();
+        String accessControllerName = Config.access_controller_type;
+        this.defaultAccessController = 
loadAccessControllerOrThrow(accessControllerName);
         ctlToCtlAccessController.put(InternalCatalog.INTERNAL_CATALOG_NAME, 
defaultAccessController);
     }
 
+    private CatalogAccessController loadAccessControllerOrThrow(String 
accessControllerName) {
+        if (accessControllerName.equalsIgnoreCase("default")) {
+            return new InternalAccessController(auth);
+        }
+        if (accessControllerFactoriesCache.containsKey(accessControllerName)) {
+            Map<String, String> prop;
+            try {
+                prop = PropertiesUtils.loadAccessControllerPropertiesOrNull();
+            } catch (IOException e) {
+                throw new RuntimeException("Failed to load authorization 
properties,"

Review Comment:
   ```suggestion
                   throw new RuntimeException("Failed to load authorization 
properties."
   ```



##########
fe/fe-core/src/main/java/org/apache/doris/mysql/privilege/AccessControllerManager.java:
##########
@@ -52,19 +55,51 @@ public class AccessControllerManager {
     private static final Logger LOG = 
LogManager.getLogger(AccessControllerManager.class);
 
     private Auth auth;
+    // Default access controller instance used for handling cases where no 
specific controller is specified
     private CatalogAccessController defaultAccessController;
+    // Map that stores the mapping between catalogs and their corresponding 
access controllers
     private Map<String, CatalogAccessController> ctlToCtlAccessController = 
Maps.newConcurrentMap();
+    // Cache of loaded access controller factories for quick creation of new 
access controllers
+    private ConcurrentHashMap<String, AccessControllerFactory> 
accessControllerFactoriesCache
+            = new ConcurrentHashMap<>();
+    // Mapping between access controller class names and their identifiers for 
easy lookup of factory identifiers
+    private ConcurrentHashMap<String, String> accessControllerClassNameMapping 
= new ConcurrentHashMap<>();
 
     public AccessControllerManager(Auth auth) {
         this.auth = auth;
-        if (Config.access_controller_type.equalsIgnoreCase("ranger-doris")) {
-            defaultAccessController = new 
RangerCacheDorisAccessController("doris");
-        } else {
-            defaultAccessController = new InternalAccessController(auth);
-        }
+        loadAccessControllerPlugins();
+        String accessControllerName = Config.access_controller_type;
+        this.defaultAccessController = 
loadAccessControllerOrThrow(accessControllerName);
         ctlToCtlAccessController.put(InternalCatalog.INTERNAL_CATALOG_NAME, 
defaultAccessController);
     }
 
+    private CatalogAccessController loadAccessControllerOrThrow(String 
accessControllerName) {
+        if (accessControllerName.equalsIgnoreCase("default")) {
+            return new InternalAccessController(auth);
+        }
+        if (accessControllerFactoriesCache.containsKey(accessControllerName)) {
+            Map<String, String> prop;
+            try {
+                prop = PropertiesUtils.loadAccessControllerPropertiesOrNull();
+            } catch (IOException e) {
+                throw new RuntimeException("Failed to load authorization 
properties,"
+                        + "please check the configuration file, authorization 
name is " + accessControllerName, e);

Review Comment:
   ```suggestion
                           + " Please check the configuration file, 
authorization name is " + accessControllerName, e);
   ```



-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: commits-unsubscr...@doris.apache.org

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org


---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscr...@doris.apache.org
For additional commands, e-mail: commits-h...@doris.apache.org

Reply via email to