Closed apiscevs closed 3 years ago
Hi @sagilio , after this adjustment, performance is just fine after this fix, I don't think any other performance optimization is required.
Thanks, Alex
:tada: This PR is included in version 1.10.1 :tada:
The release is available on GitHub release
Your semantic-release bot :package::rocket:
I've noticed that performance is very poor for policy files containing 10k+ policies, even when trying to enforce highest priority level policies.
It turned out, that we cannot rely on nowEffect is not Effect.Effect.Indeterminate check, as in some policy file versions it will never recover from Indeterminate status.
Easiest way how to reproduce a performance issue I'm talking about is: 1. to replace policies of priority_explicit_deny_override_policy.csv
2. Add following test
My proposing change is to add a hit policies counter to chainEffector, and checking against hit policies count while jumping to lower priority level.