Details
-
Improvement
-
Status: Resolved
-
Major
-
Resolution: Won't Do
-
0.10.2.1
-
None
-
None
Description
Currently, looking at the KafkaApis class, it seems that every request going through Kafka is also going through an authorize check:
private def authorize(session: Session, operation: Operation, resource: Resource): Boolean = authorizer.forall(_.authorize(session, operation, resource))
The SimpleAclAuthorizer logic runs through checks which all look to be done in linear time (except on first run) proportional to the number of acls on a specific resource. This operation is re-run every time a client tries to use a Kafka Api, especially on the very often called `handleProducerRequest` and `handleFetchRequest`
I believe a cache could be built to store the result of the authorize call, possibly allowing more expensive authorize() calls to happen, and reducing greatly the CPU usage in the long run. The cache would be invalidated every time a change happens to aclCache
Thoughts before I try giving it a go with a PR?
