RANGER-3377: HDFS plugin performance improvement - conditionally ignore deny and exception conditions
Signed-off-by: Madhan Neethiraj <madhan@apache.org>
(cherry picked from commit 79f6cdec2cce5d6dc3a8bb72ac2a82329cba7d4a)
diff --git a/agents-common/src/main/java/org/apache/ranger/plugin/policyevaluator/RangerDefaultPolicyEvaluator.java b/agents-common/src/main/java/org/apache/ranger/plugin/policyevaluator/RangerDefaultPolicyEvaluator.java
index ecd6cb7..c67589c 100644
--- a/agents-common/src/main/java/org/apache/ranger/plugin/policyevaluator/RangerDefaultPolicyEvaluator.java
+++ b/agents-common/src/main/java/org/apache/ranger/plugin/policyevaluator/RangerDefaultPolicyEvaluator.java
@@ -147,9 +147,17 @@
denyExceptionEvaluators = Collections.<RangerPolicyItemEvaluator>emptyList();
} else {
allowEvaluators = createPolicyItemEvaluators(policy, serviceDef, options, RangerPolicyItemEvaluator.POLICY_ITEM_TYPE_ALLOW);
- denyEvaluators = createPolicyItemEvaluators(policy, serviceDef, options, RangerPolicyItemEvaluator.POLICY_ITEM_TYPE_DENY);
- allowExceptionEvaluators = createPolicyItemEvaluators(policy, serviceDef, options, RangerPolicyItemEvaluator.POLICY_ITEM_TYPE_ALLOW_EXCEPTIONS);
- denyExceptionEvaluators = createPolicyItemEvaluators(policy, serviceDef, options, RangerPolicyItemEvaluator.POLICY_ITEM_TYPE_DENY_EXCEPTIONS);
+
+ if (ServiceDefUtil.getOption_enableDenyAndExceptionsInPolicies(serviceDef)) {
+ denyEvaluators = createPolicyItemEvaluators(policy, serviceDef, options, RangerPolicyItemEvaluator.POLICY_ITEM_TYPE_DENY);
+ allowExceptionEvaluators = createPolicyItemEvaluators(policy, serviceDef, options, RangerPolicyItemEvaluator.POLICY_ITEM_TYPE_ALLOW_EXCEPTIONS);
+ denyExceptionEvaluators = createPolicyItemEvaluators(policy, serviceDef, options, RangerPolicyItemEvaluator.POLICY_ITEM_TYPE_DENY_EXCEPTIONS);
+ } else {
+ denyEvaluators = Collections.<RangerPolicyItemEvaluator>emptyList();
+ allowExceptionEvaluators = Collections.<RangerPolicyItemEvaluator>emptyList();
+ denyExceptionEvaluators = Collections.<RangerPolicyItemEvaluator>emptyList();
+ }
+
}
dataMaskEvaluators = createDataMaskPolicyItemEvaluators(policy, serviceDef, options, policy.getDataMaskPolicyItems());
@@ -1268,4 +1276,4 @@
return rangerConditionEvaluators;
}
-}
\ No newline at end of file
+}