Change ABACGuard to call execute_ABAC_query, not ABACManager.query #213
Comments
|
We have the fix to this sitting in a chapi branch tkt213_abacguard_query. But it proves to be much too slow for the number of calls we make to the ABAC manager. Either we need to fix the memory leak in ABAC so we can all it internally, or we need to change the pattern of calling, or we need to continue to use ABACManager.query. But this proposed fix is not the right way to go. Trac comment by mbrinn (github user: MarshallBrinn) on 02-08-2014 at 11:11 |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
The ABACManager has three modes for evaluating queries:
Currently most ABAC queries are done with #2 since #1 has some memory leak issues. But the queries done in ABACGuard.authorize_call uses ABACManager.query which is configured to use the internal quick prover.
We should change this to call the standard ABAC library context engine as an external process so that we are using a standard mechanism for making policy decisions.
Imported from trac ticket #213, created by mbrinn on 01-22-2014 at 15:04, last modified: 02-08-2014 at 11:11
The text was updated successfully, but these errors were encountered: