RANGER-3377: HDFS plugin performance improvement - conditionally ignore deny and exception conditions

lfxy · rpignolet · commit f96b96e78455 · 2023-11-17T14:56:50.000+01:00
Signed-off-by: Madhan Neethiraj <madhan@apache.org> (cherry picked from commit 79f6cde)
diff --git a/agents-common/src/main/java/org/apache/ranger/plugin/policyevaluator/RangerDefaultPolicyEvaluator.java b/agents-common/src/main/java/org/apache/ranger/plugin/policyevaluator/RangerDefaultPolicyEvaluator.java
@@ -147,9 +147,17 @@ public void init(RangerPolicy policy, RangerServiceDef serviceDef, RangerPolicyE
 				denyExceptionEvaluators  = Collections.<RangerPolicyItemEvaluator>emptyList();
 			} else {
 				allowEvaluators          = createPolicyItemEvaluators(policy, serviceDef, options, RangerPolicyItemEvaluator.POLICY_ITEM_TYPE_ALLOW);
-				denyEvaluators           = createPolicyItemEvaluators(policy, serviceDef, options, RangerPolicyItemEvaluator.POLICY_ITEM_TYPE_DENY);
-				allowExceptionEvaluators = createPolicyItemEvaluators(policy, serviceDef, options, RangerPolicyItemEvaluator.POLICY_ITEM_TYPE_ALLOW_EXCEPTIONS);
-				denyExceptionEvaluators  = createPolicyItemEvaluators(policy, serviceDef, options, RangerPolicyItemEvaluator.POLICY_ITEM_TYPE_DENY_EXCEPTIONS);
+
+				if (ServiceDefUtil.getOption_enableDenyAndExceptionsInPolicies(serviceDef)) {
+					denyEvaluators           = createPolicyItemEvaluators(policy, serviceDef, options, RangerPolicyItemEvaluator.POLICY_ITEM_TYPE_DENY);
+					allowExceptionEvaluators = createPolicyItemEvaluators(policy, serviceDef, options, RangerPolicyItemEvaluator.POLICY_ITEM_TYPE_ALLOW_EXCEPTIONS);
+					denyExceptionEvaluators  = createPolicyItemEvaluators(policy, serviceDef, options, RangerPolicyItemEvaluator.POLICY_ITEM_TYPE_DENY_EXCEPTIONS);
+				} else {
+					denyEvaluators           = Collections.<RangerPolicyItemEvaluator>emptyList();
+					allowExceptionEvaluators = Collections.<RangerPolicyItemEvaluator>emptyList();
+					denyExceptionEvaluators  = Collections.<RangerPolicyItemEvaluator>emptyList();
+				}
+
 			}
 
 			dataMaskEvaluators  = createDataMaskPolicyItemEvaluators(policy, serviceDef, options, policy.getDataMaskPolicyItems());
@@ -1268,4 +1276,4 @@ private List<RangerConditionEvaluator> createRangerPolicyConditionEvaluator(Rang
 		return rangerConditionEvaluators;
 	}
 
-}
+}
