You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@sentry.apache.org by Xiaomeng Huang <xi...@intel.com> on 2015/03/11 03:50:11 UTC

Re: Review Request 29650: SENTRY-498: Sentry Hive authorization V2 via Hive authorization framework

-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/29650/
-----------------------------------------------------------

(Updated March 11, 2015, 2:50 a.m.)


Review request for sentry and Prasad Mujumdar.


Changes
-------

fix some test cases failed and memory leak issue.


Bugs: SENTRY-498
    https://issues.apache.org/jira/browse/SENTRY-498


Repository: sentry


Description
-------

Currently Sentry grant/revoke privileges via hook DDLTask, and do authorization via HiveSemanticAnalyzerHook. Now hive has a pluggable authorization framework via exposing some interfaces HiveAccessController and HiveAuthorizationValidator. In this patch, SentryAccessController is used to grant/revoke roles and privileges, and SentryAuthorizationValidator is used to do fine-grained authorization.
Now it still blocked by some sentry jiras and a hive improvement(Prasad in working on this).


Diffs (updated)
-----

  sentry-binding/sentry-binding-hive/src/main/java/org/apache/sentry/binding/hive/authz/SentryConfigTool.java ecbd664 
  sentry-binding/sentry-binding-hive/src/main/java/org/apache/sentry/binding/hive/v2/HiveAuthzBindingSessionHookV2.java PRE-CREATION 
  sentry-binding/sentry-binding-hive/src/main/java/org/apache/sentry/binding/hive/v2/SentryAccessController.java PRE-CREATION 
  sentry-binding/sentry-binding-hive/src/main/java/org/apache/sentry/binding/hive/v2/SentryAuthorizationValidator.java PRE-CREATION 
  sentry-binding/sentry-binding-hive/src/main/java/org/apache/sentry/binding/hive/v2/SentryAuthorizerFactory.java PRE-CREATION 
  sentry-binding/sentry-binding-hive/src/main/java/org/apache/sentry/binding/hive/v2/impl/DefaultSentryAccessController.java PRE-CREATION 
  sentry-binding/sentry-binding-hive/src/main/java/org/apache/sentry/binding/hive/v2/impl/DefaultSentryAuthorizationValidator.java PRE-CREATION 
  sentry-binding/sentry-binding-hive/src/main/java/org/apache/sentry/binding/hive/v2/impl/SentryAuthorizationTaskFactoryImplV2.java PRE-CREATION 
  sentry-binding/sentry-binding-hive/src/main/java/org/apache/sentry/binding/hive/v2/impl/SentryAuthorizerImpl.java PRE-CREATION 
  sentry-binding/sentry-binding-hive/src/main/java/org/apache/sentry/binding/hive/v2/impl/SimpleSemanticAnalyzer.java PRE-CREATION 
  sentry-binding/sentry-binding-hive/src/main/java/org/apache/sentry/binding/hive/v2/util/SentryAccessControlException.java PRE-CREATION 
  sentry-binding/sentry-binding-hive/src/main/java/org/apache/sentry/binding/hive/v2/util/SentryAuthorizerUtil.java PRE-CREATION 
  sentry-binding/sentry-binding-hive/src/test/java/org/apache/sentry/binding/hive/v2/TestDefaultSentryAuthorizationValidator.java PRE-CREATION 
  sentry-binding/sentry-binding-hive/src/test/java/org/apache/sentry/binding/hive/v2/TestSentryAuthorizerUtil.java PRE-CREATION 
  sentry-binding/sentry-binding-hive/src/test/java/org/apache/sentry/binding/hive/v2/TestSentryHiveAuthorizerFactory.java PRE-CREATION 
  sentry-core/sentry-core-model-db/src/main/java/org/apache/sentry/core/model/db/PrivilegeInfo.java PRE-CREATION 
  sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/thrift/SentryPolicyServiceClient.java 7a9f0df 
  sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/thrift/SentryPolicyServiceClientDefaultImpl.java 44681ca 
  sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/service/thrift/SentryServiceClientFactory.java 574f23c 
  sentry-provider/sentry-provider-file/src/main/java/org/apache/sentry/provider/file/SimpleFileProviderBackend.java fa5ab69 
  sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/dbprovider/AbstractTestWithDbProvider.java 04f50ed 
  sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/dbprovider/TestColumnEndToEnd.java 742c74f 
  sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/dbprovider/TestDatabaseProvider.java f9e8f80 
  sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/dbprovider/TestDbDDLAuditLog.java 2cecdfd 
  sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/dbprovider/TestDbEndToEnd.java acb789f 
  sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/dbprovider/TestDbPrivilegeCleanupOnDrop.java a35cf21 
  sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/dbprovider/TestDbSentryOnFailureHookLoading.java 1af8baa 
  sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/ha/TestHaEnd2End.java 78894d1 
  sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/hive/AbstractTestWithStaticConfiguration.java 3a8a6ef 
  sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/hive/TestMovingToProduction.java a6edf03 
  sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/hive/TestOperations.java 2fbdfa6 
  sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/hive/TestPrivilegesAtDatabaseScope.java 7c9a66d 
  sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/hive/TestPrivilegesAtTableScope.java 7abc684 
  sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/hive/TestRuntimeMetadataRetrieval.java c47686b 
  sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/hive/TestServerConfiguration.java d8ebea6 
  sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/hive/hiveserver/HiveServerFactory.java 1014361 
  sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/hive/hiveserver/InternalHiveServer.java 0e53d3d 

Diff: https://reviews.apache.org/r/29650/diff/


Testing
-------


Thanks,

Xiaomeng Huang