You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@sentry.apache.org by Ashish Singh <as...@cloudera.com> on 2016/03/02 20:05:37 UTC
Re: Review Request 43979: SENTRY-1057: Add CRUD support for ACLs,
roles and privileges for Kafka plugin.
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/43979/
-----------------------------------------------------------
(Updated March 2, 2016, 7:05 p.m.)
Review request for sentry, Anne Yu, Dapeng Sun, and Hao Hao.
Changes
-------
Rebase.
Bugs: SENTRY-1057
https://issues.apache.org/jira/browse/SENTRY-1057
Repository: sentry
Description
-------
SENTRY-1057: Add CRUD support for ACLs, roles and privileges for Kafka plugin.
Diffs (updated)
-----
.gitignore a89bad852812015695f373d18f8d9f72a3acce0e
pom.xml ca2c92a26e3e42fe036c974235db47255d1465de
sentry-binding/sentry-binding-kafka/src/main/java/org/apache/sentry/kafka/authorizer/SentryKafkaAuthorizer.java 5bf520b3c06ccdd9d84ad9997a0b540beff0bf43
sentry-binding/sentry-binding-kafka/src/main/java/org/apache/sentry/kafka/binding/KafkaAuthBinding.java a54eb8f0250084f0509103abfb52bb8388efd5c6
sentry-binding/sentry-binding-kafka/src/main/java/org/apache/sentry/kafka/binding/KafkaAuthBindingSingleton.java d7a5d1c24b6b27f572eb09842448b9b039d83669
sentry-binding/sentry-binding-kafka/src/main/java/org/apache/sentry/kafka/conf/KafkaAuthConf.java cff9418c8f2938ae96cf6c705c545d0e91f184ed
sentry-binding/sentry-binding-kafka/src/test/java/org/apache/sentry/kafka/authorizer/SentryKafkaAuthorizerTest.java eafe0f0ee5482fadee43ddec99bdc5da3f42e30f
sentry-core/sentry-core-model-kafka/src/main/java/org/apache/sentry/core/model/kafka/KafkaActionFactory.java 7b8b5187e3d95a49304512e238e778da885fd27d
sentry-core/sentry-core-model-kafka/src/test/java/org/apache/sentry/core/model/kafka/TestKafkaAuthorizable.java 81446a76f7ac7f893a23523dcb53b3f7d0ce5398
sentry-provider/sentry-provider-db/pom.xml 7514a7cdfcc7934f2dd0386996fdaf88c0ccbb14
sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/generic/service/persistent/PrivilegeOperatePersistence.java c3b0be8694c746cb09797425f98578b8faef8b4a
sentry-tests/pom.xml 3294335e95fb7dbb2da4151041269392004426fb
sentry-tests/sentry-tests-kafka/pom.xml PRE-CREATION
sentry-tests/sentry-tests-kafka/src/main/java/org/apache/sentry/tests/e2e/kafka/CustomPrincipalBuilder.java PRE-CREATION
sentry-tests/sentry-tests-kafka/src/main/java/org/apache/sentry/tests/e2e/kafka/EmbeddedZkServer.java PRE-CREATION
sentry-tests/sentry-tests-kafka/src/main/java/org/apache/sentry/tests/e2e/kafka/KafkaTestServer.java PRE-CREATION
sentry-tests/sentry-tests-kafka/src/main/java/org/apache/sentry/tests/e2e/kafka/TestUtils.java PRE-CREATION
sentry-tests/sentry-tests-kafka/src/test/java/org/apache/sentry/tests/e2e/kafka/AbstractKafkaSentryTestBase.java PRE-CREATION
sentry-tests/sentry-tests-kafka/src/test/java/org/apache/sentry/tests/e2e/kafka/StaticUserGroupRole.java PRE-CREATION
sentry-tests/sentry-tests-kafka/src/test/java/org/apache/sentry/tests/e2e/kafka/TestAclsCrud.java PRE-CREATION
sentry-tests/sentry-tests-kafka/src/test/resources/log4j.properties PRE-CREATION
sentry-tests/sentry-tests-kafka/src/test/resources/test.crt PRE-CREATION
sentry-tests/sentry-tests-kafka/src/test/resources/test.keystore.jks PRE-CREATION
sentry-tests/sentry-tests-kafka/src/test/resources/test.truststore.jks PRE-CREATION
sentry-tests/sentry-tests-kafka/src/test/resources/user1.crt PRE-CREATION
sentry-tests/sentry-tests-kafka/src/test/resources/user1.keystore.jks PRE-CREATION
sentry-tests/sentry-tests-kafka/src/test/resources/user1.truststore.jks PRE-CREATION
sentry-tests/sentry-tests-kafka/src/test/resources/user2.crt PRE-CREATION
sentry-tests/sentry-tests-kafka/src/test/resources/user2.keystore.jks PRE-CREATION
sentry-tests/sentry-tests-kafka/src/test/resources/user2.truststore.jks PRE-CREATION
Diff: https://reviews.apache.org/r/43979/diff/
Testing
-------
Tested with E2E tests added as part of SENTRY-1014.
Note that this contains changes from SENTRY-1098, SENTRY-1056 and SENTRY-1030, and will have to be rebased once they get it.
Thanks,
Ashish Singh
Re: Review Request 43979: SENTRY-1057: Add CRUD support for ACLs,
roles and privileges for Kafka plugin.
Posted by Ashish Singh <as...@cloudera.com>.
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/43979/#review122114
-----------------------------------------------------------
sentry-binding/sentry-binding-kafka/src/main/java/org/apache/sentry/kafka/authorizer/SentryKafkaAuthorizer.java (line 148)
<https://reviews.apache.org/r/43979/#comment184022>
Hao, addRole, addRoleToGroups and deleteAllRoles, these methods/capabilities are sentry centric and are not in Kafka's authorizer interface. There is no way as of now Kafka or kafka-acls cli can use these methods.
I will have to add a small sentry specific CLI that will perform these operations. Auth can be done as part of the CLI.
- Ashish Singh
On March 2, 2016, 7:05 p.m., Ashish Singh wrote:
>
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/43979/
> -----------------------------------------------------------
>
> (Updated March 2, 2016, 7:05 p.m.)
>
>
> Review request for sentry, Anne Yu, Dapeng Sun, and Hao Hao.
>
>
> Bugs: SENTRY-1057
> https://issues.apache.org/jira/browse/SENTRY-1057
>
>
> Repository: sentry
>
>
> Description
> -------
>
> SENTRY-1057: Add CRUD support for ACLs, roles and privileges for Kafka plugin.
>
>
> Diffs
> -----
>
> .gitignore a89bad852812015695f373d18f8d9f72a3acce0e
> pom.xml ca2c92a26e3e42fe036c974235db47255d1465de
> sentry-binding/sentry-binding-kafka/src/main/java/org/apache/sentry/kafka/authorizer/SentryKafkaAuthorizer.java 5bf520b3c06ccdd9d84ad9997a0b540beff0bf43
> sentry-binding/sentry-binding-kafka/src/main/java/org/apache/sentry/kafka/binding/KafkaAuthBinding.java a54eb8f0250084f0509103abfb52bb8388efd5c6
> sentry-binding/sentry-binding-kafka/src/main/java/org/apache/sentry/kafka/binding/KafkaAuthBindingSingleton.java d7a5d1c24b6b27f572eb09842448b9b039d83669
> sentry-binding/sentry-binding-kafka/src/main/java/org/apache/sentry/kafka/conf/KafkaAuthConf.java cff9418c8f2938ae96cf6c705c545d0e91f184ed
> sentry-binding/sentry-binding-kafka/src/test/java/org/apache/sentry/kafka/authorizer/SentryKafkaAuthorizerTest.java eafe0f0ee5482fadee43ddec99bdc5da3f42e30f
> sentry-core/sentry-core-model-kafka/src/main/java/org/apache/sentry/core/model/kafka/KafkaActionFactory.java 7b8b5187e3d95a49304512e238e778da885fd27d
> sentry-core/sentry-core-model-kafka/src/test/java/org/apache/sentry/core/model/kafka/TestKafkaAuthorizable.java 81446a76f7ac7f893a23523dcb53b3f7d0ce5398
> sentry-provider/sentry-provider-db/pom.xml 7514a7cdfcc7934f2dd0386996fdaf88c0ccbb14
> sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/generic/service/persistent/PrivilegeOperatePersistence.java c3b0be8694c746cb09797425f98578b8faef8b4a
> sentry-tests/pom.xml 3294335e95fb7dbb2da4151041269392004426fb
> sentry-tests/sentry-tests-kafka/pom.xml PRE-CREATION
> sentry-tests/sentry-tests-kafka/src/main/java/org/apache/sentry/tests/e2e/kafka/CustomPrincipalBuilder.java PRE-CREATION
> sentry-tests/sentry-tests-kafka/src/main/java/org/apache/sentry/tests/e2e/kafka/EmbeddedZkServer.java PRE-CREATION
> sentry-tests/sentry-tests-kafka/src/main/java/org/apache/sentry/tests/e2e/kafka/KafkaTestServer.java PRE-CREATION
> sentry-tests/sentry-tests-kafka/src/main/java/org/apache/sentry/tests/e2e/kafka/TestUtils.java PRE-CREATION
> sentry-tests/sentry-tests-kafka/src/test/java/org/apache/sentry/tests/e2e/kafka/AbstractKafkaSentryTestBase.java PRE-CREATION
> sentry-tests/sentry-tests-kafka/src/test/java/org/apache/sentry/tests/e2e/kafka/StaticUserGroupRole.java PRE-CREATION
> sentry-tests/sentry-tests-kafka/src/test/java/org/apache/sentry/tests/e2e/kafka/TestAclsCrud.java PRE-CREATION
> sentry-tests/sentry-tests-kafka/src/test/resources/log4j.properties PRE-CREATION
> sentry-tests/sentry-tests-kafka/src/test/resources/test.crt PRE-CREATION
> sentry-tests/sentry-tests-kafka/src/test/resources/test.keystore.jks PRE-CREATION
> sentry-tests/sentry-tests-kafka/src/test/resources/test.truststore.jks PRE-CREATION
> sentry-tests/sentry-tests-kafka/src/test/resources/user1.crt PRE-CREATION
> sentry-tests/sentry-tests-kafka/src/test/resources/user1.keystore.jks PRE-CREATION
> sentry-tests/sentry-tests-kafka/src/test/resources/user1.truststore.jks PRE-CREATION
> sentry-tests/sentry-tests-kafka/src/test/resources/user2.crt PRE-CREATION
> sentry-tests/sentry-tests-kafka/src/test/resources/user2.keystore.jks PRE-CREATION
> sentry-tests/sentry-tests-kafka/src/test/resources/user2.truststore.jks PRE-CREATION
>
> Diff: https://reviews.apache.org/r/43979/diff/
>
>
> Testing
> -------
>
> Tested with E2E tests added as part of SENTRY-1014.
>
> Note that this contains changes from SENTRY-1098, SENTRY-1056 and SENTRY-1030, and will have to be rebased once they get it.
>
>
> Thanks,
>
> Ashish Singh
>
>
Re: Review Request 43979: SENTRY-1057: Add CRUD support for ACLs,
roles and privileges for Kafka plugin.
Posted by Hao Hao <ha...@cloudera.com>.
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/43979/#review122130
-----------------------------------------------------------
Ship it!
+1 LGTM with a minor comment.
- Hao Hao
On March 2, 2016, 7:05 p.m., Ashish Singh wrote:
>
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/43979/
> -----------------------------------------------------------
>
> (Updated March 2, 2016, 7:05 p.m.)
>
>
> Review request for sentry, Anne Yu, Dapeng Sun, and Hao Hao.
>
>
> Bugs: SENTRY-1057
> https://issues.apache.org/jira/browse/SENTRY-1057
>
>
> Repository: sentry
>
>
> Description
> -------
>
> SENTRY-1057: Add CRUD support for ACLs, roles and privileges for Kafka plugin.
>
>
> Diffs
> -----
>
> .gitignore a89bad852812015695f373d18f8d9f72a3acce0e
> pom.xml ca2c92a26e3e42fe036c974235db47255d1465de
> sentry-binding/sentry-binding-kafka/src/main/java/org/apache/sentry/kafka/authorizer/SentryKafkaAuthorizer.java 5bf520b3c06ccdd9d84ad9997a0b540beff0bf43
> sentry-binding/sentry-binding-kafka/src/main/java/org/apache/sentry/kafka/binding/KafkaAuthBinding.java a54eb8f0250084f0509103abfb52bb8388efd5c6
> sentry-binding/sentry-binding-kafka/src/main/java/org/apache/sentry/kafka/binding/KafkaAuthBindingSingleton.java d7a5d1c24b6b27f572eb09842448b9b039d83669
> sentry-binding/sentry-binding-kafka/src/main/java/org/apache/sentry/kafka/conf/KafkaAuthConf.java cff9418c8f2938ae96cf6c705c545d0e91f184ed
> sentry-binding/sentry-binding-kafka/src/test/java/org/apache/sentry/kafka/authorizer/SentryKafkaAuthorizerTest.java eafe0f0ee5482fadee43ddec99bdc5da3f42e30f
> sentry-core/sentry-core-model-kafka/src/main/java/org/apache/sentry/core/model/kafka/KafkaActionFactory.java 7b8b5187e3d95a49304512e238e778da885fd27d
> sentry-core/sentry-core-model-kafka/src/test/java/org/apache/sentry/core/model/kafka/TestKafkaAuthorizable.java 81446a76f7ac7f893a23523dcb53b3f7d0ce5398
> sentry-provider/sentry-provider-db/pom.xml 7514a7cdfcc7934f2dd0386996fdaf88c0ccbb14
> sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/generic/service/persistent/PrivilegeOperatePersistence.java c3b0be8694c746cb09797425f98578b8faef8b4a
> sentry-tests/pom.xml 3294335e95fb7dbb2da4151041269392004426fb
> sentry-tests/sentry-tests-kafka/pom.xml PRE-CREATION
> sentry-tests/sentry-tests-kafka/src/main/java/org/apache/sentry/tests/e2e/kafka/CustomPrincipalBuilder.java PRE-CREATION
> sentry-tests/sentry-tests-kafka/src/main/java/org/apache/sentry/tests/e2e/kafka/EmbeddedZkServer.java PRE-CREATION
> sentry-tests/sentry-tests-kafka/src/main/java/org/apache/sentry/tests/e2e/kafka/KafkaTestServer.java PRE-CREATION
> sentry-tests/sentry-tests-kafka/src/main/java/org/apache/sentry/tests/e2e/kafka/TestUtils.java PRE-CREATION
> sentry-tests/sentry-tests-kafka/src/test/java/org/apache/sentry/tests/e2e/kafka/AbstractKafkaSentryTestBase.java PRE-CREATION
> sentry-tests/sentry-tests-kafka/src/test/java/org/apache/sentry/tests/e2e/kafka/StaticUserGroupRole.java PRE-CREATION
> sentry-tests/sentry-tests-kafka/src/test/java/org/apache/sentry/tests/e2e/kafka/TestAclsCrud.java PRE-CREATION
> sentry-tests/sentry-tests-kafka/src/test/resources/log4j.properties PRE-CREATION
> sentry-tests/sentry-tests-kafka/src/test/resources/test.crt PRE-CREATION
> sentry-tests/sentry-tests-kafka/src/test/resources/test.keystore.jks PRE-CREATION
> sentry-tests/sentry-tests-kafka/src/test/resources/test.truststore.jks PRE-CREATION
> sentry-tests/sentry-tests-kafka/src/test/resources/user1.crt PRE-CREATION
> sentry-tests/sentry-tests-kafka/src/test/resources/user1.keystore.jks PRE-CREATION
> sentry-tests/sentry-tests-kafka/src/test/resources/user1.truststore.jks PRE-CREATION
> sentry-tests/sentry-tests-kafka/src/test/resources/user2.crt PRE-CREATION
> sentry-tests/sentry-tests-kafka/src/test/resources/user2.keystore.jks PRE-CREATION
> sentry-tests/sentry-tests-kafka/src/test/resources/user2.truststore.jks PRE-CREATION
>
> Diff: https://reviews.apache.org/r/43979/diff/
>
>
> Testing
> -------
>
> Tested with E2E tests added as part of SENTRY-1014.
>
> Note that this contains changes from SENTRY-1098, SENTRY-1056 and SENTRY-1030, and will have to be rebased once they get it.
>
>
> Thanks,
>
> Ashish Singh
>
>
Re: Review Request 43979: SENTRY-1057: Add CRUD support for ACLs,
roles and privileges for Kafka plugin.
Posted by Ashish Singh <as...@cloudera.com>.
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/43979/
-----------------------------------------------------------
(Updated March 5, 2016, 12:14 a.m.)
Review request for sentry, Anne Yu, Dapeng Sun, and Hao Hao.
Changes
-------
Add some comments,
Bugs: SENTRY-1057
https://issues.apache.org/jira/browse/SENTRY-1057
Repository: sentry
Description
-------
SENTRY-1057: Add CRUD support for ACLs, roles and privileges for Kafka plugin.
Diffs (updated)
-----
.gitignore a89bad852812015695f373d18f8d9f72a3acce0e
pom.xml ca2c92a26e3e42fe036c974235db47255d1465de
sentry-binding/sentry-binding-kafka/src/main/java/org/apache/sentry/kafka/authorizer/SentryKafkaAuthorizer.java 5bf520b3c06ccdd9d84ad9997a0b540beff0bf43
sentry-binding/sentry-binding-kafka/src/main/java/org/apache/sentry/kafka/binding/KafkaAuthBinding.java a54eb8f0250084f0509103abfb52bb8388efd5c6
sentry-binding/sentry-binding-kafka/src/main/java/org/apache/sentry/kafka/binding/KafkaAuthBindingSingleton.java d7a5d1c24b6b27f572eb09842448b9b039d83669
sentry-binding/sentry-binding-kafka/src/main/java/org/apache/sentry/kafka/conf/KafkaAuthConf.java cff9418c8f2938ae96cf6c705c545d0e91f184ed
sentry-binding/sentry-binding-kafka/src/test/java/org/apache/sentry/kafka/authorizer/SentryKafkaAuthorizerTest.java eafe0f0ee5482fadee43ddec99bdc5da3f42e30f
sentry-core/sentry-core-model-kafka/src/main/java/org/apache/sentry/core/model/kafka/KafkaActionFactory.java 7b8b5187e3d95a49304512e238e778da885fd27d
sentry-core/sentry-core-model-kafka/src/test/java/org/apache/sentry/core/model/kafka/TestKafkaAuthorizable.java 81446a76f7ac7f893a23523dcb53b3f7d0ce5398
sentry-provider/sentry-provider-db/pom.xml 7514a7cdfcc7934f2dd0386996fdaf88c0ccbb14
sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/generic/service/persistent/PrivilegeOperatePersistence.java c3b0be8694c746cb09797425f98578b8faef8b4a
sentry-tests/pom.xml 3294335e95fb7dbb2da4151041269392004426fb
sentry-tests/sentry-tests-kafka/pom.xml PRE-CREATION
sentry-tests/sentry-tests-kafka/src/main/java/org/apache/sentry/tests/e2e/kafka/CustomPrincipalBuilder.java PRE-CREATION
sentry-tests/sentry-tests-kafka/src/main/java/org/apache/sentry/tests/e2e/kafka/EmbeddedZkServer.java PRE-CREATION
sentry-tests/sentry-tests-kafka/src/main/java/org/apache/sentry/tests/e2e/kafka/KafkaTestServer.java PRE-CREATION
sentry-tests/sentry-tests-kafka/src/main/java/org/apache/sentry/tests/e2e/kafka/TestUtils.java PRE-CREATION
sentry-tests/sentry-tests-kafka/src/test/java/org/apache/sentry/tests/e2e/kafka/AbstractKafkaSentryTestBase.java PRE-CREATION
sentry-tests/sentry-tests-kafka/src/test/java/org/apache/sentry/tests/e2e/kafka/StaticUserGroupRole.java PRE-CREATION
sentry-tests/sentry-tests-kafka/src/test/java/org/apache/sentry/tests/e2e/kafka/TestAclsCrud.java PRE-CREATION
sentry-tests/sentry-tests-kafka/src/test/resources/log4j.properties PRE-CREATION
sentry-tests/sentry-tests-kafka/src/test/resources/test.crt PRE-CREATION
sentry-tests/sentry-tests-kafka/src/test/resources/test.keystore.jks PRE-CREATION
sentry-tests/sentry-tests-kafka/src/test/resources/test.truststore.jks PRE-CREATION
sentry-tests/sentry-tests-kafka/src/test/resources/user1.crt PRE-CREATION
sentry-tests/sentry-tests-kafka/src/test/resources/user1.keystore.jks PRE-CREATION
sentry-tests/sentry-tests-kafka/src/test/resources/user1.truststore.jks PRE-CREATION
sentry-tests/sentry-tests-kafka/src/test/resources/user2.crt PRE-CREATION
sentry-tests/sentry-tests-kafka/src/test/resources/user2.keystore.jks PRE-CREATION
sentry-tests/sentry-tests-kafka/src/test/resources/user2.truststore.jks PRE-CREATION
Diff: https://reviews.apache.org/r/43979/diff/
Testing
-------
Tested with E2E tests added as part of SENTRY-1014.
Note that this contains changes from SENTRY-1098, SENTRY-1056 and SENTRY-1030, and will have to be rebased once they get it.
Thanks,
Ashish Singh
Re: Review Request 43979: SENTRY-1057: Add CRUD support for ACLs,
roles and privileges for Kafka plugin.
Posted by Hao Hao <ha...@cloudera.com>.
> On March 4, 2016, 6:55 a.m., Hao Hao wrote:
> > sentry-binding/sentry-binding-kafka/src/main/java/org/apache/sentry/kafka/authorizer/SentryKafkaAuthorizer.java, line 150
> > <https://reviews.apache.org/r/43979/diff/3/?file=1277996#file1277996line150>
> >
> > This will also be called after authentication?
>
> Ashish Singh wrote:
> Hao, addRole, addRoleToGroups and deleteAllRoles, these methods/capabilities are sentry centric and are not in Kafka's authorizer interface. There is no way as of now Kafka or kafka-acls cli can use these methods.
>
> I will have to add a small sentry specific CLI that will perform these operations. Auth can be done as part of the CLI.
I see, could you please add comments on all these methods to doc this? Thanks!
- Hao
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/43979/#review122022
-----------------------------------------------------------
On March 2, 2016, 7:05 p.m., Ashish Singh wrote:
>
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/43979/
> -----------------------------------------------------------
>
> (Updated March 2, 2016, 7:05 p.m.)
>
>
> Review request for sentry, Anne Yu, Dapeng Sun, and Hao Hao.
>
>
> Bugs: SENTRY-1057
> https://issues.apache.org/jira/browse/SENTRY-1057
>
>
> Repository: sentry
>
>
> Description
> -------
>
> SENTRY-1057: Add CRUD support for ACLs, roles and privileges for Kafka plugin.
>
>
> Diffs
> -----
>
> .gitignore a89bad852812015695f373d18f8d9f72a3acce0e
> pom.xml ca2c92a26e3e42fe036c974235db47255d1465de
> sentry-binding/sentry-binding-kafka/src/main/java/org/apache/sentry/kafka/authorizer/SentryKafkaAuthorizer.java 5bf520b3c06ccdd9d84ad9997a0b540beff0bf43
> sentry-binding/sentry-binding-kafka/src/main/java/org/apache/sentry/kafka/binding/KafkaAuthBinding.java a54eb8f0250084f0509103abfb52bb8388efd5c6
> sentry-binding/sentry-binding-kafka/src/main/java/org/apache/sentry/kafka/binding/KafkaAuthBindingSingleton.java d7a5d1c24b6b27f572eb09842448b9b039d83669
> sentry-binding/sentry-binding-kafka/src/main/java/org/apache/sentry/kafka/conf/KafkaAuthConf.java cff9418c8f2938ae96cf6c705c545d0e91f184ed
> sentry-binding/sentry-binding-kafka/src/test/java/org/apache/sentry/kafka/authorizer/SentryKafkaAuthorizerTest.java eafe0f0ee5482fadee43ddec99bdc5da3f42e30f
> sentry-core/sentry-core-model-kafka/src/main/java/org/apache/sentry/core/model/kafka/KafkaActionFactory.java 7b8b5187e3d95a49304512e238e778da885fd27d
> sentry-core/sentry-core-model-kafka/src/test/java/org/apache/sentry/core/model/kafka/TestKafkaAuthorizable.java 81446a76f7ac7f893a23523dcb53b3f7d0ce5398
> sentry-provider/sentry-provider-db/pom.xml 7514a7cdfcc7934f2dd0386996fdaf88c0ccbb14
> sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/generic/service/persistent/PrivilegeOperatePersistence.java c3b0be8694c746cb09797425f98578b8faef8b4a
> sentry-tests/pom.xml 3294335e95fb7dbb2da4151041269392004426fb
> sentry-tests/sentry-tests-kafka/pom.xml PRE-CREATION
> sentry-tests/sentry-tests-kafka/src/main/java/org/apache/sentry/tests/e2e/kafka/CustomPrincipalBuilder.java PRE-CREATION
> sentry-tests/sentry-tests-kafka/src/main/java/org/apache/sentry/tests/e2e/kafka/EmbeddedZkServer.java PRE-CREATION
> sentry-tests/sentry-tests-kafka/src/main/java/org/apache/sentry/tests/e2e/kafka/KafkaTestServer.java PRE-CREATION
> sentry-tests/sentry-tests-kafka/src/main/java/org/apache/sentry/tests/e2e/kafka/TestUtils.java PRE-CREATION
> sentry-tests/sentry-tests-kafka/src/test/java/org/apache/sentry/tests/e2e/kafka/AbstractKafkaSentryTestBase.java PRE-CREATION
> sentry-tests/sentry-tests-kafka/src/test/java/org/apache/sentry/tests/e2e/kafka/StaticUserGroupRole.java PRE-CREATION
> sentry-tests/sentry-tests-kafka/src/test/java/org/apache/sentry/tests/e2e/kafka/TestAclsCrud.java PRE-CREATION
> sentry-tests/sentry-tests-kafka/src/test/resources/log4j.properties PRE-CREATION
> sentry-tests/sentry-tests-kafka/src/test/resources/test.crt PRE-CREATION
> sentry-tests/sentry-tests-kafka/src/test/resources/test.keystore.jks PRE-CREATION
> sentry-tests/sentry-tests-kafka/src/test/resources/test.truststore.jks PRE-CREATION
> sentry-tests/sentry-tests-kafka/src/test/resources/user1.crt PRE-CREATION
> sentry-tests/sentry-tests-kafka/src/test/resources/user1.keystore.jks PRE-CREATION
> sentry-tests/sentry-tests-kafka/src/test/resources/user1.truststore.jks PRE-CREATION
> sentry-tests/sentry-tests-kafka/src/test/resources/user2.crt PRE-CREATION
> sentry-tests/sentry-tests-kafka/src/test/resources/user2.keystore.jks PRE-CREATION
> sentry-tests/sentry-tests-kafka/src/test/resources/user2.truststore.jks PRE-CREATION
>
> Diff: https://reviews.apache.org/r/43979/diff/
>
>
> Testing
> -------
>
> Tested with E2E tests added as part of SENTRY-1014.
>
> Note that this contains changes from SENTRY-1098, SENTRY-1056 and SENTRY-1030, and will have to be rebased once they get it.
>
>
> Thanks,
>
> Ashish Singh
>
>
Re: Review Request 43979: SENTRY-1057: Add CRUD support for ACLs,
roles and privileges for Kafka plugin.
Posted by Ashish Singh <as...@cloudera.com>.
> On March 4, 2016, 6:55 a.m., Hao Hao wrote:
> > sentry-binding/sentry-binding-kafka/src/main/java/org/apache/sentry/kafka/authorizer/SentryKafkaAuthorizer.java, line 150
> > <https://reviews.apache.org/r/43979/diff/3/?file=1277996#file1277996line150>
> >
> > This will also be called after authentication?
Hao, addRole, addRoleToGroups and deleteAllRoles, these methods/capabilities are sentry centric and are not in Kafka's authorizer interface. There is no way as of now Kafka or kafka-acls cli can use these methods.
I will have to add a small sentry specific CLI that will perform these operations. Auth can be done as part of the CLI.
- Ashish
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/43979/#review122022
-----------------------------------------------------------
On March 2, 2016, 7:05 p.m., Ashish Singh wrote:
>
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/43979/
> -----------------------------------------------------------
>
> (Updated March 2, 2016, 7:05 p.m.)
>
>
> Review request for sentry, Anne Yu, Dapeng Sun, and Hao Hao.
>
>
> Bugs: SENTRY-1057
> https://issues.apache.org/jira/browse/SENTRY-1057
>
>
> Repository: sentry
>
>
> Description
> -------
>
> SENTRY-1057: Add CRUD support for ACLs, roles and privileges for Kafka plugin.
>
>
> Diffs
> -----
>
> .gitignore a89bad852812015695f373d18f8d9f72a3acce0e
> pom.xml ca2c92a26e3e42fe036c974235db47255d1465de
> sentry-binding/sentry-binding-kafka/src/main/java/org/apache/sentry/kafka/authorizer/SentryKafkaAuthorizer.java 5bf520b3c06ccdd9d84ad9997a0b540beff0bf43
> sentry-binding/sentry-binding-kafka/src/main/java/org/apache/sentry/kafka/binding/KafkaAuthBinding.java a54eb8f0250084f0509103abfb52bb8388efd5c6
> sentry-binding/sentry-binding-kafka/src/main/java/org/apache/sentry/kafka/binding/KafkaAuthBindingSingleton.java d7a5d1c24b6b27f572eb09842448b9b039d83669
> sentry-binding/sentry-binding-kafka/src/main/java/org/apache/sentry/kafka/conf/KafkaAuthConf.java cff9418c8f2938ae96cf6c705c545d0e91f184ed
> sentry-binding/sentry-binding-kafka/src/test/java/org/apache/sentry/kafka/authorizer/SentryKafkaAuthorizerTest.java eafe0f0ee5482fadee43ddec99bdc5da3f42e30f
> sentry-core/sentry-core-model-kafka/src/main/java/org/apache/sentry/core/model/kafka/KafkaActionFactory.java 7b8b5187e3d95a49304512e238e778da885fd27d
> sentry-core/sentry-core-model-kafka/src/test/java/org/apache/sentry/core/model/kafka/TestKafkaAuthorizable.java 81446a76f7ac7f893a23523dcb53b3f7d0ce5398
> sentry-provider/sentry-provider-db/pom.xml 7514a7cdfcc7934f2dd0386996fdaf88c0ccbb14
> sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/generic/service/persistent/PrivilegeOperatePersistence.java c3b0be8694c746cb09797425f98578b8faef8b4a
> sentry-tests/pom.xml 3294335e95fb7dbb2da4151041269392004426fb
> sentry-tests/sentry-tests-kafka/pom.xml PRE-CREATION
> sentry-tests/sentry-tests-kafka/src/main/java/org/apache/sentry/tests/e2e/kafka/CustomPrincipalBuilder.java PRE-CREATION
> sentry-tests/sentry-tests-kafka/src/main/java/org/apache/sentry/tests/e2e/kafka/EmbeddedZkServer.java PRE-CREATION
> sentry-tests/sentry-tests-kafka/src/main/java/org/apache/sentry/tests/e2e/kafka/KafkaTestServer.java PRE-CREATION
> sentry-tests/sentry-tests-kafka/src/main/java/org/apache/sentry/tests/e2e/kafka/TestUtils.java PRE-CREATION
> sentry-tests/sentry-tests-kafka/src/test/java/org/apache/sentry/tests/e2e/kafka/AbstractKafkaSentryTestBase.java PRE-CREATION
> sentry-tests/sentry-tests-kafka/src/test/java/org/apache/sentry/tests/e2e/kafka/StaticUserGroupRole.java PRE-CREATION
> sentry-tests/sentry-tests-kafka/src/test/java/org/apache/sentry/tests/e2e/kafka/TestAclsCrud.java PRE-CREATION
> sentry-tests/sentry-tests-kafka/src/test/resources/log4j.properties PRE-CREATION
> sentry-tests/sentry-tests-kafka/src/test/resources/test.crt PRE-CREATION
> sentry-tests/sentry-tests-kafka/src/test/resources/test.keystore.jks PRE-CREATION
> sentry-tests/sentry-tests-kafka/src/test/resources/test.truststore.jks PRE-CREATION
> sentry-tests/sentry-tests-kafka/src/test/resources/user1.crt PRE-CREATION
> sentry-tests/sentry-tests-kafka/src/test/resources/user1.keystore.jks PRE-CREATION
> sentry-tests/sentry-tests-kafka/src/test/resources/user1.truststore.jks PRE-CREATION
> sentry-tests/sentry-tests-kafka/src/test/resources/user2.crt PRE-CREATION
> sentry-tests/sentry-tests-kafka/src/test/resources/user2.keystore.jks PRE-CREATION
> sentry-tests/sentry-tests-kafka/src/test/resources/user2.truststore.jks PRE-CREATION
>
> Diff: https://reviews.apache.org/r/43979/diff/
>
>
> Testing
> -------
>
> Tested with E2E tests added as part of SENTRY-1014.
>
> Note that this contains changes from SENTRY-1098, SENTRY-1056 and SENTRY-1030, and will have to be rebased once they get it.
>
>
> Thanks,
>
> Ashish Singh
>
>
Re: Review Request 43979: SENTRY-1057: Add CRUD support for ACLs,
roles and privileges for Kafka plugin.
Posted by Hao Hao <ha...@cloudera.com>.
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/43979/#review122022
-----------------------------------------------------------
sentry-binding/sentry-binding-kafka/src/main/java/org/apache/sentry/kafka/authorizer/SentryKafkaAuthorizer.java (line 148)
<https://reviews.apache.org/r/43979/#comment183871>
This will also be called after authentication?
- Hao Hao
On March 2, 2016, 7:05 p.m., Ashish Singh wrote:
>
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/43979/
> -----------------------------------------------------------
>
> (Updated March 2, 2016, 7:05 p.m.)
>
>
> Review request for sentry, Anne Yu, Dapeng Sun, and Hao Hao.
>
>
> Bugs: SENTRY-1057
> https://issues.apache.org/jira/browse/SENTRY-1057
>
>
> Repository: sentry
>
>
> Description
> -------
>
> SENTRY-1057: Add CRUD support for ACLs, roles and privileges for Kafka plugin.
>
>
> Diffs
> -----
>
> .gitignore a89bad852812015695f373d18f8d9f72a3acce0e
> pom.xml ca2c92a26e3e42fe036c974235db47255d1465de
> sentry-binding/sentry-binding-kafka/src/main/java/org/apache/sentry/kafka/authorizer/SentryKafkaAuthorizer.java 5bf520b3c06ccdd9d84ad9997a0b540beff0bf43
> sentry-binding/sentry-binding-kafka/src/main/java/org/apache/sentry/kafka/binding/KafkaAuthBinding.java a54eb8f0250084f0509103abfb52bb8388efd5c6
> sentry-binding/sentry-binding-kafka/src/main/java/org/apache/sentry/kafka/binding/KafkaAuthBindingSingleton.java d7a5d1c24b6b27f572eb09842448b9b039d83669
> sentry-binding/sentry-binding-kafka/src/main/java/org/apache/sentry/kafka/conf/KafkaAuthConf.java cff9418c8f2938ae96cf6c705c545d0e91f184ed
> sentry-binding/sentry-binding-kafka/src/test/java/org/apache/sentry/kafka/authorizer/SentryKafkaAuthorizerTest.java eafe0f0ee5482fadee43ddec99bdc5da3f42e30f
> sentry-core/sentry-core-model-kafka/src/main/java/org/apache/sentry/core/model/kafka/KafkaActionFactory.java 7b8b5187e3d95a49304512e238e778da885fd27d
> sentry-core/sentry-core-model-kafka/src/test/java/org/apache/sentry/core/model/kafka/TestKafkaAuthorizable.java 81446a76f7ac7f893a23523dcb53b3f7d0ce5398
> sentry-provider/sentry-provider-db/pom.xml 7514a7cdfcc7934f2dd0386996fdaf88c0ccbb14
> sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/generic/service/persistent/PrivilegeOperatePersistence.java c3b0be8694c746cb09797425f98578b8faef8b4a
> sentry-tests/pom.xml 3294335e95fb7dbb2da4151041269392004426fb
> sentry-tests/sentry-tests-kafka/pom.xml PRE-CREATION
> sentry-tests/sentry-tests-kafka/src/main/java/org/apache/sentry/tests/e2e/kafka/CustomPrincipalBuilder.java PRE-CREATION
> sentry-tests/sentry-tests-kafka/src/main/java/org/apache/sentry/tests/e2e/kafka/EmbeddedZkServer.java PRE-CREATION
> sentry-tests/sentry-tests-kafka/src/main/java/org/apache/sentry/tests/e2e/kafka/KafkaTestServer.java PRE-CREATION
> sentry-tests/sentry-tests-kafka/src/main/java/org/apache/sentry/tests/e2e/kafka/TestUtils.java PRE-CREATION
> sentry-tests/sentry-tests-kafka/src/test/java/org/apache/sentry/tests/e2e/kafka/AbstractKafkaSentryTestBase.java PRE-CREATION
> sentry-tests/sentry-tests-kafka/src/test/java/org/apache/sentry/tests/e2e/kafka/StaticUserGroupRole.java PRE-CREATION
> sentry-tests/sentry-tests-kafka/src/test/java/org/apache/sentry/tests/e2e/kafka/TestAclsCrud.java PRE-CREATION
> sentry-tests/sentry-tests-kafka/src/test/resources/log4j.properties PRE-CREATION
> sentry-tests/sentry-tests-kafka/src/test/resources/test.crt PRE-CREATION
> sentry-tests/sentry-tests-kafka/src/test/resources/test.keystore.jks PRE-CREATION
> sentry-tests/sentry-tests-kafka/src/test/resources/test.truststore.jks PRE-CREATION
> sentry-tests/sentry-tests-kafka/src/test/resources/user1.crt PRE-CREATION
> sentry-tests/sentry-tests-kafka/src/test/resources/user1.keystore.jks PRE-CREATION
> sentry-tests/sentry-tests-kafka/src/test/resources/user1.truststore.jks PRE-CREATION
> sentry-tests/sentry-tests-kafka/src/test/resources/user2.crt PRE-CREATION
> sentry-tests/sentry-tests-kafka/src/test/resources/user2.keystore.jks PRE-CREATION
> sentry-tests/sentry-tests-kafka/src/test/resources/user2.truststore.jks PRE-CREATION
>
> Diff: https://reviews.apache.org/r/43979/diff/
>
>
> Testing
> -------
>
> Tested with E2E tests added as part of SENTRY-1014.
>
> Note that this contains changes from SENTRY-1098, SENTRY-1056 and SENTRY-1030, and will have to be rebased once they get it.
>
>
> Thanks,
>
> Ashish Singh
>
>