You are viewing a plain text version of this content. The canonical link for it is here.
Posted to reviews@kudu.apache.org by "Andrew Wong (Code Review)" <ge...@cloudera.org> on 2019/04/03 15:59:36 UTC
[kudu-CR] sentry: sanitize and parse privileges from Sentry
Hello Tidy Bot, Kudu Jenkins,
I'd like you to reexamine a change. Please visit
http://gerrit.cloudera.org:8080/12919
to look at the new patch set (#3).
Change subject: sentry: sanitize and parse privileges from Sentry
......................................................................
sentry: sanitize and parse privileges from Sentry
Currently, we pass around the Thrift privileges received from Sentry,
which can be both expensive memory-wise and cumbersome to use. This
patch:
- sanitizes the responses from Sentry, only keeping those that are
well-formed and potentially Kudu-related,
- stores them in a more ergonomic form, e.g. keeping around enums rather
than strings for SentryActions, etc. This form may be updated in the
future to facilitate privilege evaluation -- for now, my goal is just
to make it easier to work with Sentry privileges,
- encapsulates the above in an abstracted version of a Sentry response
that corresponds to the hierarchy tree for a given table, with the
hope that it will make changing the in-memory format more painless,
- switches the SentryAuthorizableScope and SentryAction enum classes to
enums, to avoid having to use the extra enum class typename
everywhere (e.g. now SentryAuthorizableScope::SERVER instead of
SentryAuthorizableScope::Scope::SERVER will suffice).
Change-Id: Ib6de6814f99abfbee4f030298b74f21f4e7c729b
---
M src/kudu/gutil/map-util.h
M src/kudu/master/sentry_authz_provider-test.cc
M src/kudu/master/sentry_authz_provider.cc
M src/kudu/master/sentry_authz_provider.h
M src/kudu/sentry/sentry_action.h
M src/kudu/sentry/sentry_authorizable_scope.h
6 files changed, 593 insertions(+), 84 deletions(-)
git pull ssh://gerrit.cloudera.org:29418/kudu refs/changes/19/12919/3
--
To view, visit http://gerrit.cloudera.org:8080/12919
To unsubscribe, visit http://gerrit.cloudera.org:8080/settings
Gerrit-Project: kudu
Gerrit-Branch: master
Gerrit-MessageType: newpatchset
Gerrit-Change-Id: Ib6de6814f99abfbee4f030298b74f21f4e7c729b
Gerrit-Change-Number: 12919
Gerrit-PatchSet: 3
Gerrit-Owner: Andrew Wong <aw...@cloudera.com>
Gerrit-Reviewer: Kudu Jenkins (120)
Gerrit-Reviewer: Tidy Bot (241)