You are viewing a plain text version of this content. The canonical link for it is here.
Posted to reviews@kudu.apache.org by "Hao Hao (Code Review)" <ge...@cloudera.org> on 2018/11/01 03:36:25 UTC

[kudu-CR] [sentry] add AuthzProvider 

Hello Tidy Bot, Alexey Serbin, Dan Burkert, Kudu Jenkins, Andrew Wong, Adar Dembo, 

I'd like you to reexamine a change. Please visit

    http://gerrit.cloudera.org:8080/11659

to look at the new patch set (#6).

Change subject: [sentry] add AuthzProvider
......................................................................

[sentry] add AuthzProvider

This commit adds a high-level abstraction which handles authorizations
on Kudu operations, called AuthzProvider. It has a default implementation
which always allow any operations for any users, and a SentryAuthzProvider
implementation which connects to the Sentry service for authorization
metadata. AuthzProvider, along with its implementations, is placed in the
master module. The idea is to decouple it from Sentry since in the future,
other authorization implementations might be introduced.

A follow-up commit will integrate the AuthzProvider into CatalogManager
to perform authorization checks on Master RPCs.

Change-Id: I254828d640cd905e33dbaf0fe100d660bc9e6772
---
M src/kudu/master/CMakeLists.txt
A src/kudu/master/authz_provider.h
A src/kudu/master/default_authz_provider.h
A src/kudu/master/sentry_authz_provider-test.cc
A src/kudu/master/sentry_authz_provider.cc
A src/kudu/master/sentry_authz_provider.h
A src/kudu/sentry/sentry-test-base.h
M src/kudu/sentry/sentry_action-test.cc
M src/kudu/sentry/sentry_action.cc
M src/kudu/sentry/sentry_action.h
M src/kudu/sentry/sentry_client-test.cc
M src/kudu/sentry/sentry_client.cc
M src/kudu/sentry/sentry_client.h
13 files changed, 910 insertions(+), 96 deletions(-)


  git pull ssh://gerrit.cloudera.org:29418/kudu refs/changes/59/11659/6
-- 
To view, visit http://gerrit.cloudera.org:8080/11659
To unsubscribe, visit http://gerrit.cloudera.org:8080/settings

Gerrit-Project: kudu
Gerrit-Branch: master
Gerrit-MessageType: newpatchset
Gerrit-Change-Id: I254828d640cd905e33dbaf0fe100d660bc9e6772
Gerrit-Change-Number: 11659
Gerrit-PatchSet: 6
Gerrit-Owner: Hao Hao <ha...@cloudera.com>
Gerrit-Reviewer: Adar Dembo <ad...@cloudera.com>
Gerrit-Reviewer: Alexey Serbin <as...@cloudera.com>
Gerrit-Reviewer: Andrew Wong <aw...@cloudera.com>
Gerrit-Reviewer: Dan Burkert <da...@apache.org>
Gerrit-Reviewer: Hao Hao <ha...@cloudera.com>
Gerrit-Reviewer: Kudu Jenkins (120)
Gerrit-Reviewer: Tidy Bot (241)