You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@sentry.apache.org by kalyan kumar kalvagadda via Review Board <no...@reviews.apache.org> on 2017/11/01 20:42:10 UTC
Re: Review Request 63250: [SENTRY-1475] SOLR/Sentry authorization
plugin (with solr 7)
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/63250/#review189823
-----------------------------------------------------------
These are my comments in initial pass. I'm still reviewing the changes.
sentry-binding/sentry-binding-solr/src/main/java/org/apache/sentry/binding/solr/authz/SentrySolrPluginImpl.java
Lines 166-178 (patched)
<https://reviews.apache.org/r/63250/#comment267027>
This block can be smplified like below. There need not be multiple return statements.
```
switch (perm) {
case READ_PERM:
case UPDATE_PERM: {
Set<SolrModelAction> actions = (perm == Name.READ_PERM) ? QUERY : UPDATE;
for (CollectionRequest req : authCtx.getCollectionRequests()) {
AuthorizationResponse resp = binding.authorizeCollection(userName,
new Collection(req.collectionName), actions);
if (resp != AuthorizationResponse.OK) {
break;
}
}
audit (perm, authCtx, resp)
return resp;
}
```
sentry-binding/sentry-binding-solr/src/main/java/org/apache/sentry/binding/solr/authz/SentrySolrPluginImpl.java
Lines 174 (patched)
<https://reviews.apache.org/r/63250/#comment267026>
Returning authorization response like this confusing.
audit method is a helper method to actually log the request and need not return any value.
sentry-binding/sentry-binding-solr/src/main/java/org/apache/sentry/binding/solr/authz/SentrySolrPluginImpl.java
Lines 180 (patched)
<https://reviews.apache.org/r/63250/#comment267028>
Don't we need to audit all the authorization requests?
sentry-binding/sentry-binding-solr/src/main/java/org/apache/sentry/binding/solr/authz/SentrySolrPluginImpl.java
Lines 185-188 (patched)
<https://reviews.apache.org/r/63250/#comment267038>
What is the difference between CORE_READ_PERM and COLL_READ_PERM permissions.
sentry-binding/sentry-binding-solr/src/main/java/org/apache/sentry/binding/solr/authz/SentrySolrPluginImpl.java
Lines 193-194 (patched)
<https://reviews.apache.org/r/63250/#comment267029>
Same as above, mixind audit method invocation with other functionality makes code complex.
```
AuthorizationResponse r;
binding.authorize(
userName, Collections.singleton(auth), actions);
audit (perm, authCtx, r);
```
sentry-binding/sentry-binding-solr/src/main/java/org/apache/sentry/binding/solr/authz/SentrySolrPluginImpl.java
Lines 202 (patched)
<https://reviews.apache.org/r/63250/#comment267030>
Maintain consistency in compring the reponses.
I see two approches in same file
1. resp != AuthorizationResponse.OK
2. AuthorizationResponse.FORBIDDEN.equals(t)
It's better to stick on to one.
sentry-binding/sentry-binding-solr/src/main/java/org/apache/sentry/binding/solr/authz/SentrySolrPluginImpl.java
Lines 232 (patched)
<https://reviews.apache.org/r/63250/#comment267044>
I'm not sure if returning " AuthorizationResponse.OK" is correct. Shouldn't you be calling authorize API with appropriate info?
sentry-binding/sentry-binding-solr/src/main/java/org/apache/sentry/binding/solr/authz/SentrySolrPluginImpl.java
Lines 238 (patched)
<https://reviews.apache.org/r/63250/#comment267045>
With this code, authorization will be succesfull for all the permissions that sentry doesn't support.
Is this desirable bahavior?
sentry-binding/sentry-binding-solr/src/main/java/org/apache/sentry/binding/solr/authz/SolrAuthzBinding.java
Line 187 (original), 156 (patched)
<https://reviews.apache.org/r/63250/#comment267041>
In sentry we have decided use this method "isDebugEnabled" only when needed. We need this check only in cases where is some computation involved in contructing the variable that are actually logged.
In rest of the cases we can avaoid using this call.
Please conider this comment and make changes in all the relevent places.
sentry-binding/sentry-binding-solr/src/main/java/org/apache/sentry/binding/solr/authz/SolrAuthzUtil.java
Lines 87 (patched)
<https://reviews.apache.org/r/63250/#comment267040>
using isDebugEnabled makes sence here as the toString() methid need not be called unless debug level logging is configured.
sentry-binding/sentry-binding-solr/src/main/java/org/apache/sentry/binding/solr/conf/SolrAuthzConf.java
Lines 79-87 (patched)
<https://reviews.apache.org/r/63250/#comment267055>
If you think this API should not be used, why not remove it?
This is a major version of sentry and this version of sentry doesn't work with older version's of solr and I feel this can be removed.
I will leave it to you.
sentry-binding/sentry-binding-solr/src/main/java/org/apache/solr/sentry/RollingFileWithoutDeleteAppender.java
Lines 32 (patched)
<https://reviews.apache.org/r/63250/#comment267056>
Please add comments on what this class does?
sentry-binding/sentry-binding-solr/src/test/java/org/apache/sentry/binding/solr/TestSolrAuthzBinding.java
Line 113 (original), 122 (patched)
<https://reviews.apache.org/r/63250/#comment267057>
SolrAuthzBinding should implement java.lang.AutoCloseable interface to use try-with-resources Statement and close it.
https://docs.oracle.com/javase/tutorial/essential/exceptions/tryResourceClose.html
sentry-core/sentry-core-model-solr/src/main/java/org/apache/sentry/core/model/solr/Admin.java
Lines 26 (patched)
<https://reviews.apache.org/r/63250/#comment267058>
Here name Admin doesn't explain anything. Please change the name to be more relavent.
- kalyan kumar kalvagadda
On Oct. 29, 2017, 10:19 p.m., Hrishikesh Gadre wrote:
>
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/63250/
> -----------------------------------------------------------
>
> (Updated Oct. 29, 2017, 10:19 p.m.)
>
>
> Review request for sentry and Sergio Pena.
>
>
> Bugs: SENTRY-1475
> https://issues.apache.org/jira/browse/SENTRY-1475
>
>
> Repository: sentry
>
>
> Description
> -------
>
> - Upgraded Solr to latest version (v7.1.0)
> - Introduced following new authorizable entity types,
> - Admin (to authorize various cluster admin operations)
> - Note that privilege configuration for Solr collections admin operations have changed from "collection=admin->action= <some_action>" to "admin=collections->action=<some_action>". A migration tool will be provided as part of SENTRY-1480).
> - Config (to authorize various Solr collection configuration operations)
> - Schema (to authorize Solr schema changes)
> - Renamed sentry-core-model-search module to sentry-core-model-solr to reflect the fact that it represents logic for Apache SOLR and is consistent with naming convention used for other components (e.g. kafka)
> - Moved the Solr audit log functionality to sentry-binding-solr module so that it can be integrated with the Solr/Sentry authorization plugin.
> - Deleted all the custom Solr request handlers in the sentry-solr/solr-sentry-handlers module since the Solr authorization plugin handles the authorization of all solr requests. This module now contains just the functionality required for implementing Solr document level security.
>
>
> Diffs
> -----
>
> pom.xml af54480
> sentry-binding/sentry-binding-solr/pom.xml ed2624b
> sentry-binding/sentry-binding-solr/src/main/java/org/apache/sentry/binding/solr/authz/SentrySolrAuthorizationException.java 938dbfd
> sentry-binding/sentry-binding-solr/src/main/java/org/apache/sentry/binding/solr/authz/SentrySolrPluginImpl.java PRE-CREATION
> sentry-binding/sentry-binding-solr/src/main/java/org/apache/sentry/binding/solr/authz/SolrAuthzBinding.java 0a818e5
> sentry-binding/sentry-binding-solr/src/main/java/org/apache/sentry/binding/solr/authz/SolrAuthzUtil.java PRE-CREATION
> sentry-binding/sentry-binding-solr/src/main/java/org/apache/sentry/binding/solr/conf/SolrAuthzConf.java 37efa5b
> sentry-binding/sentry-binding-solr/src/main/java/org/apache/solr/sentry/AuditLogger.java PRE-CREATION
> sentry-binding/sentry-binding-solr/src/main/java/org/apache/solr/sentry/RollingFileWithoutDeleteAppender.java PRE-CREATION
> sentry-binding/sentry-binding-solr/src/test/java/org/apache/sentry/binding/solr/HdfsTestUtil.java 859c793
> sentry-binding/sentry-binding-solr/src/test/java/org/apache/sentry/binding/solr/TestSolrAuthzBinding.java 7a88d90
> sentry-binding/sentry-binding-solr/src/test/java/org/apache/sentry/policy/solr/AbstractTestSearchPolicyEngine.java 3df6ecf
> sentry-binding/sentry-binding-solr/src/test/java/org/apache/sentry/policy/solr/AbstractTestSolrPolicyEngine.java PRE-CREATION
> sentry-binding/sentry-binding-solr/src/test/java/org/apache/sentry/policy/solr/SearchPolicyTestUtil.java e198b5c
> sentry-binding/sentry-binding-solr/src/test/java/org/apache/sentry/policy/solr/SolrPolicyTestUtil.java PRE-CREATION
> sentry-binding/sentry-binding-solr/src/test/java/org/apache/sentry/policy/solr/TestCollectionRequiredInRole.java 76211dd
> sentry-binding/sentry-binding-solr/src/test/java/org/apache/sentry/policy/solr/TestSearchAuthorizationProviderGeneralCases.java b4aa684
> sentry-binding/sentry-binding-solr/src/test/java/org/apache/sentry/policy/solr/TestSearchAuthorizationProviderSpecialCases.java 371f361
> sentry-binding/sentry-binding-solr/src/test/java/org/apache/sentry/policy/solr/TestSearchModelAuthorizables.java e7da13a
> sentry-binding/sentry-binding-solr/src/test/java/org/apache/sentry/policy/solr/TestSearchPolicyEngineDFS.java 59283ea
> sentry-binding/sentry-binding-solr/src/test/java/org/apache/sentry/policy/solr/TestSearchPolicyEngineLocalFS.java 0ff4502
> sentry-binding/sentry-binding-solr/src/test/java/org/apache/sentry/policy/solr/TestSearchPolicyNegative.java 20fee76
> sentry-binding/sentry-binding-solr/src/test/java/org/apache/sentry/policy/solr/TestSolrAuthorizationProviderGeneralCases.java PRE-CREATION
> sentry-binding/sentry-binding-solr/src/test/java/org/apache/sentry/policy/solr/TestSolrAuthorizationProviderSpecialCases.java PRE-CREATION
> sentry-binding/sentry-binding-solr/src/test/java/org/apache/sentry/policy/solr/TestSolrModelAuthorizables.java PRE-CREATION
> sentry-binding/sentry-binding-solr/src/test/java/org/apache/sentry/policy/solr/TestSolrPolicyEngineDFS.java PRE-CREATION
> sentry-binding/sentry-binding-solr/src/test/java/org/apache/sentry/policy/solr/TestSolrPolicyEngineLocalFS.java PRE-CREATION
> sentry-binding/sentry-binding-solr/src/test/java/org/apache/sentry/policy/solr/TestSolrPolicyNegative.java PRE-CREATION
> sentry-binding/sentry-binding-solr/src/test/java/org/apache/sentry/privilege/solr/TestCommonPrivilegeForSearch.java de6d6e0
> sentry-binding/sentry-binding-solr/src/test/java/org/apache/sentry/privilege/solr/TestCommonPrivilegeForSolr.java PRE-CREATION
> sentry-binding/sentry-binding-solr/src/test/resources/test-authz-provider.ini 56317db
> sentry-core/pom.xml 6b91767
> sentry-core/sentry-core-model-search/pom.xml 5917a63
> sentry-core/sentry-core-model-search/src/main/java/org/apache/sentry/core/model/search/Collection.java 26ea287
> sentry-core/sentry-core-model-search/src/main/java/org/apache/sentry/core/model/search/Field.java 2dd9065
> sentry-core/sentry-core-model-search/src/main/java/org/apache/sentry/core/model/search/SearchActionFactory.java 3f10726
> sentry-core/sentry-core-model-search/src/main/java/org/apache/sentry/core/model/search/SearchConstants.java a2b17fc
> sentry-core/sentry-core-model-search/src/main/java/org/apache/sentry/core/model/search/SearchModelAction.java 48ac267
> sentry-core/sentry-core-model-search/src/main/java/org/apache/sentry/core/model/search/SearchModelAuthorizable.java 5a55963
> sentry-core/sentry-core-model-search/src/main/java/org/apache/sentry/core/model/search/SearchModelAuthorizables.java 2b190e5
> sentry-core/sentry-core-model-search/src/main/java/org/apache/sentry/core/model/search/SearchPrivilegeModel.java 9429a25
> sentry-core/sentry-core-model-search/src/main/java/org/apache/sentry/core/model/search/validator/AbstractSearchPrivilegeValidator.java c06131c
> sentry-core/sentry-core-model-search/src/main/java/org/apache/sentry/core/model/search/validator/CollectionRequiredInPrivilege.java 93b3861
> sentry-core/sentry-core-model-search/src/test/java/org/apache/sentry/core/search/TestCollection.java 2311401
> sentry-core/sentry-core-model-search/src/test/java/org/apache/sentry/core/search/TestSearchBitFieldAction.java 0056f40
> sentry-core/sentry-core-model-solr/pom.xml PRE-CREATION
> sentry-core/sentry-core-model-solr/src/main/java/org/apache/sentry/core/model/solr/Admin.java PRE-CREATION
> sentry-core/sentry-core-model-solr/src/main/java/org/apache/sentry/core/model/solr/Collection.java PRE-CREATION
> sentry-core/sentry-core-model-solr/src/main/java/org/apache/sentry/core/model/solr/Config.java PRE-CREATION
> sentry-core/sentry-core-model-solr/src/main/java/org/apache/sentry/core/model/solr/Field.java PRE-CREATION
> sentry-core/sentry-core-model-solr/src/main/java/org/apache/sentry/core/model/solr/Schema.java PRE-CREATION
> sentry-core/sentry-core-model-solr/src/main/java/org/apache/sentry/core/model/solr/SolrActionFactory.java PRE-CREATION
> sentry-core/sentry-core-model-solr/src/main/java/org/apache/sentry/core/model/solr/SolrConstants.java PRE-CREATION
> sentry-core/sentry-core-model-solr/src/main/java/org/apache/sentry/core/model/solr/SolrModelAction.java PRE-CREATION
> sentry-core/sentry-core-model-solr/src/main/java/org/apache/sentry/core/model/solr/SolrModelAuthorizable.java PRE-CREATION
> sentry-core/sentry-core-model-solr/src/main/java/org/apache/sentry/core/model/solr/SolrModelAuthorizables.java PRE-CREATION
> sentry-core/sentry-core-model-solr/src/main/java/org/apache/sentry/core/model/solr/SolrPrivilegeModel.java PRE-CREATION
> sentry-core/sentry-core-model-solr/src/main/java/org/apache/sentry/core/model/solr/validator/SolrPrivilegeValidator.java PRE-CREATION
> sentry-core/sentry-core-model-solr/src/test/java/org/apache/sentry/core/solr/TestCollection.java PRE-CREATION
> sentry-core/sentry-core-model-solr/src/test/java/org/apache/sentry/core/solr/TestSolrBitFieldAction.java PRE-CREATION
> sentry-dist/pom.xml 2d7f57e
> sentry-provider/sentry-provider-db/pom.xml cd19032
> sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/generic/service/persistent/PrivilegeOperatePersistence.java d8b4887
> sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/generic/tools/GenericPrivilegeConverter.java 51d6df9
> sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/generic/tools/SentryConfigToolSolr.java 77d3919
> sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/provider/db/generic/service/persistent/TestPrivilegeOperatePersistence.java 34c2107
> sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/provider/db/generic/service/persistent/TestSentryGMPrivilege.java 258721e
> sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/provider/db/generic/service/persistent/TestSentryRole.java 9be4a8b
> sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/provider/db/generic/service/thrift/TestSentryGenericPolicyProcessor.java b7f0774
> sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/provider/db/generic/service/thrift/TestSentryGenericServiceIntegration.java ac8b2a7
> sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/provider/db/generic/tools/TestSentryConfigToolSolr.java 3685073
> sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/provider/db/generic/tools/TestSentryShellSolr.java 55831a4
> sentry-solr/pom.xml 133ea60
> sentry-solr/solr-sentry-core/pom.xml e788262
> sentry-solr/solr-sentry-core/src/main/java/org/apache/solr/sentry/AuditLogger.java 7f3e391
> sentry-solr/solr-sentry-core/src/main/java/org/apache/solr/sentry/RollingFileWithoutDeleteAppender.java f749740
> sentry-solr/solr-sentry-core/src/main/java/org/apache/solr/sentry/SecureRequestHandlerUtil.java be9642b
> sentry-solr/solr-sentry-core/src/main/java/org/apache/solr/sentry/SentryIndexAuthorizationSingleton.java 8bd93ad
> sentry-solr/solr-sentry-handlers/pom.xml 5b024db
> sentry-solr/solr-sentry-handlers/src/main/java/org/apache/solr/handler/SecureDocumentAnalysisRequestHandler.java 1c1f6f8
> sentry-solr/solr-sentry-handlers/src/main/java/org/apache/solr/handler/SecureFieldAnalysisRequestHandler.java 62f9a19
> sentry-solr/solr-sentry-handlers/src/main/java/org/apache/solr/handler/SecureRealTimeGetHandler.java db182ef
> sentry-solr/solr-sentry-handlers/src/main/java/org/apache/solr/handler/SecureReplicationHandler.java bdcd830
> sentry-solr/solr-sentry-handlers/src/main/java/org/apache/solr/handler/admin/SecureAdminHandlers.java 44db3b4
> sentry-solr/solr-sentry-handlers/src/main/java/org/apache/solr/handler/admin/SecureCollectionsHandler.java b5edf20
> sentry-solr/solr-sentry-handlers/src/main/java/org/apache/solr/handler/admin/SecureCoreAdminHandler.java ff6e281
> sentry-solr/solr-sentry-handlers/src/main/java/org/apache/solr/handler/admin/SecureInfoHandler.java 628d1d7
> sentry-solr/solr-sentry-handlers/src/main/java/org/apache/solr/handler/component/QueryDocAuthorizationComponent.java 933db43
> sentry-solr/solr-sentry-handlers/src/main/java/org/apache/solr/handler/component/QueryIndexAuthorizationComponent.java 5fbb743
> sentry-solr/solr-sentry-handlers/src/main/java/org/apache/solr/handler/component/SecureRealTimeGetComponent.java 7d55a7f
> sentry-solr/solr-sentry-handlers/src/main/java/org/apache/solr/update/processor/UpdateIndexAuthorizationProcessor.java d995a7d
> sentry-solr/solr-sentry-handlers/src/main/java/org/apache/solr/update/processor/UpdateIndexAuthorizationProcessorFactory.java 07f7f28
> sentry-solr/solr-sentry-handlers/src/main/resources/sentry-handlers/solr/collection1/lib/classes/empty-file-main-lib.txt 8b13789
> sentry-solr/solr-sentry-handlers/src/test/java/org/apache/solr/handler/TestSecureAnalysisHandlers.java 28406e2
> sentry-solr/solr-sentry-handlers/src/test/java/org/apache/solr/handler/TestSecureReplicationHandler.java 6367814
> sentry-solr/solr-sentry-handlers/src/test/java/org/apache/solr/handler/admin/SecureAdminHandlersTest.java aea44f7
> sentry-solr/solr-sentry-handlers/src/test/java/org/apache/solr/handler/admin/SecureCollectionsHandlerTest.java 218302e
> sentry-solr/solr-sentry-handlers/src/test/java/org/apache/solr/handler/admin/SecureCoreAdminHandlerTest.java f93fb65
> sentry-solr/solr-sentry-handlers/src/test/java/org/apache/solr/handler/admin/SecureInfoHandlerTest.java 54784f4
> sentry-solr/solr-sentry-handlers/src/test/java/org/apache/solr/handler/component/QueryDocAuthorizationComponentTest.java 1f44628
> sentry-solr/solr-sentry-handlers/src/test/java/org/apache/solr/handler/component/QueryIndexAuthorizationComponentTest.java a1f3760
> sentry-solr/solr-sentry-handlers/src/test/java/org/apache/solr/sentry/SentryIndexAuthorizationSingletonTest.java c294cf3
> sentry-solr/solr-sentry-handlers/src/test/java/org/apache/solr/sentry/SentrySingletonTestInstance.java 579f791
> sentry-solr/solr-sentry-handlers/src/test/java/org/apache/solr/sentry/SentryTestBase.java e1a1ba8
> sentry-solr/solr-sentry-handlers/src/test/java/org/apache/solr/update/processor/UpdateIndexAuthorizationProcessorTest.java 630ca7c
> sentry-tests/sentry-tests-solr/pom.xml 311e441
> sentry-tests/sentry-tests-solr/src/test/java/org/apache/sentry/tests/e2e/solr/AbstractSolrSentryTestBase.java 7ddd1e2
> sentry-tests/sentry-tests-solr/src/test/java/org/apache/sentry/tests/e2e/solr/AbstractSolrSentryTestCase.java PRE-CREATION
> sentry-tests/sentry-tests-solr/src/test/java/org/apache/sentry/tests/e2e/solr/DocLevelGenerator.java e50e3f8
> sentry-tests/sentry-tests-solr/src/test/java/org/apache/sentry/tests/e2e/solr/DummyAuthPluginImpl.java PRE-CREATION
> sentry-tests/sentry-tests-solr/src/test/java/org/apache/sentry/tests/e2e/solr/ModifiableUserAuthenticationFilter.java ac676a8
> sentry-tests/sentry-tests-solr/src/test/java/org/apache/sentry/tests/e2e/solr/TestCollAdminCoreOperations.java b0d6db1
> sentry-tests/sentry-tests-solr/src/test/java/org/apache/sentry/tests/e2e/solr/TestDocLevelOperations.java 71452e2
> sentry-tests/sentry-tests-solr/src/test/java/org/apache/sentry/tests/e2e/solr/TestQueryOperations.java f8ed955
> sentry-tests/sentry-tests-solr/src/test/java/org/apache/sentry/tests/e2e/solr/TestRealTimeGet.java f9b6c07
> sentry-tests/sentry-tests-solr/src/test/java/org/apache/sentry/tests/e2e/solr/TestSentryServer.java PRE-CREATION
> sentry-tests/sentry-tests-solr/src/test/java/org/apache/sentry/tests/e2e/solr/TestSolrAdminOperations.java PRE-CREATION
> sentry-tests/sentry-tests-solr/src/test/java/org/apache/sentry/tests/e2e/solr/TestSolrCollectionOperations.java PRE-CREATION
> sentry-tests/sentry-tests-solr/src/test/java/org/apache/sentry/tests/e2e/solr/TestSolrConfigOperations.java PRE-CREATION
> sentry-tests/sentry-tests-solr/src/test/java/org/apache/sentry/tests/e2e/solr/TestSolrSchemaOperations.java PRE-CREATION
> sentry-tests/sentry-tests-solr/src/test/java/org/apache/sentry/tests/e2e/solr/TestUpdateOperations.java 2b246b5
> sentry-tests/sentry-tests-solr/src/test/java/org/apache/sentry/tests/e2e/solr/db/integration/AbstractSolrSentryTestWithDbProvider.java 71c3cb6
> sentry-tests/sentry-tests-solr/src/test/java/org/apache/sentry/tests/e2e/solr/db/integration/TestSolrAdminOperations.java c07b3b8
> sentry-tests/sentry-tests-solr/src/test/java/org/apache/sentry/tests/e2e/solr/db/integration/TestSolrDocLevelOperations.java 7f1fdfd
> sentry-tests/sentry-tests-solr/src/test/java/org/apache/sentry/tests/e2e/solr/db/integration/TestSolrQueryOperations.java 3eb6c0f
> sentry-tests/sentry-tests-solr/src/test/java/org/apache/sentry/tests/e2e/solr/db/integration/TestSolrUpdateOperations.java 9412325
> sentry-tests/sentry-tests-solr/src/test/resources/solr/configsets/cloud-managed/conf/managed-schema PRE-CREATION
> sentry-tests/sentry-tests-solr/src/test/resources/solr/configsets/cloud-managed/conf/solrconfig.xml PRE-CREATION
> sentry-tests/sentry-tests-solr/src/test/resources/solr/configsets/cloud-minimal/conf/schema.xml PRE-CREATION
> sentry-tests/sentry-tests-solr/src/test/resources/solr/configsets/cloud-minimal/conf/solrconfig.xml PRE-CREATION
> sentry-tests/sentry-tests-solr/src/test/resources/solr/configsets/cloud-minimal_doc_level_security/conf/schema.xml PRE-CREATION
> sentry-tests/sentry-tests-solr/src/test/resources/solr/configsets/cloud-minimal_doc_level_security/conf/solrconfig.xml PRE-CREATION
> sentry-tests/sentry-tests-solr/src/test/resources/solr/security/security.json PRE-CREATION
>
>
> Diff: https://reviews.apache.org/r/63250/diff/3/
>
>
> Testing
> -------
>
> All Solr/Sentry unit tests passing
>
>
> Thanks,
>
> Hrishikesh Gadre
>
>
Re: Review Request 63250: [SENTRY-1475] SOLR/Sentry authorization
plugin (with solr 7)
Posted by kalyan kumar kalvagadda via Review Board <no...@reviews.apache.org>.
> On Nov. 1, 2017, 8:42 p.m., kalyan kumar kalvagadda wrote:
> > sentry-core/sentry-core-model-solr/src/main/java/org/apache/sentry/core/model/solr/Admin.java
> > Lines 26 (patched)
> > <https://reviews.apache.org/r/63250/diff/3/?file=1872470#file1872470line26>
> >
> > Here name Admin doesn't explain anything. Please change the name to be more relavent.
>
> Hrishikesh Gadre wrote:
> As we discussed, it is difficult to come up with a different name. Feel free to suggest any alternatives you can think of.
>
> kalyan kumar kalvagadda wrote:
> do you think AdminOperation is more appropriate?
>
> Hrishikesh Gadre wrote:
> Yes. While AdminOperation seems clearer than Admin, it is a bit verbose. Also we should keep the permission name simple and easy to remember. So we can change the class name from Admin -> AdminOperation, but will still use "admin" in the permission definition. e.g. admin=collections -> action=update INSTEAD of adminoperation=collections -> action=collections. What do you think?
That should be fine. Please elaborate the comments for the Admin class.
- kalyan kumar
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/63250/#review189823
-----------------------------------------------------------
On Nov. 3, 2017, 7:02 p.m., Hrishikesh Gadre wrote:
>
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/63250/
> -----------------------------------------------------------
>
> (Updated Nov. 3, 2017, 7:02 p.m.)
>
>
> Review request for sentry and Sergio Pena.
>
>
> Bugs: SENTRY-1475
> https://issues.apache.org/jira/browse/SENTRY-1475
>
>
> Repository: sentry
>
>
> Description
> -------
>
> - Upgraded Solr to latest version (v7.1.0)
> - Introduced following new authorizable entity types,
> - Admin (to authorize various cluster admin operations)
> - Note that privilege configuration for Solr collections admin operations have changed from "collection=admin->action= <some_action>" to "admin=collections->action=<some_action>". A migration tool will be provided as part of SENTRY-1480).
> - Config (to authorize various Solr collection configuration operations)
> - Schema (to authorize Solr schema changes)
> - Renamed sentry-core-model-search module to sentry-core-model-solr to reflect the fact that it represents logic for Apache SOLR and is consistent with naming convention used for other components (e.g. kafka)
> - Moved the Solr audit log functionality to sentry-binding-solr module so that it can be integrated with the Solr/Sentry authorization plugin.
> - Deleted all the custom Solr request handlers in the sentry-solr/solr-sentry-handlers module since the Solr authorization plugin handles the authorization of all solr requests. This module now contains just the functionality required for implementing Solr document level security.
>
>
> Diffs
> -----
>
> pom.xml af54480906489a14788f594da2a923f9e9c0ed29
> sentry-binding/sentry-binding-solr/pom.xml ed2624b68322186c10f42c615f635419147ba1f9
> sentry-binding/sentry-binding-solr/src/main/java/org/apache/sentry/binding/solr/authz/SentrySolrAuthorizationException.java 938dbfdbd9df440b9e6dad574627ebfece6c7f0b
> sentry-binding/sentry-binding-solr/src/main/java/org/apache/sentry/binding/solr/authz/SentrySolrPluginImpl.java PRE-CREATION
> sentry-binding/sentry-binding-solr/src/main/java/org/apache/sentry/binding/solr/authz/SolrAuthzBinding.java 0a818e58c72e52a6d7d60593fd63446402eab2f9
> sentry-binding/sentry-binding-solr/src/main/java/org/apache/sentry/binding/solr/authz/SolrAuthzUtil.java PRE-CREATION
> sentry-binding/sentry-binding-solr/src/main/java/org/apache/sentry/binding/solr/conf/SolrAuthzConf.java 37efa5bfda0a2dbc46c38e6cd6c0b8d7b987f865
> sentry-binding/sentry-binding-solr/src/main/java/org/apache/solr/sentry/AuditLogger.java PRE-CREATION
> sentry-binding/sentry-binding-solr/src/main/java/org/apache/solr/sentry/RollingFileWithoutDeleteAppender.java PRE-CREATION
> sentry-binding/sentry-binding-solr/src/test/java/org/apache/sentry/binding/solr/HdfsTestUtil.java 859c793c54663af867e710c421929404ef5322e1
> sentry-binding/sentry-binding-solr/src/test/java/org/apache/sentry/binding/solr/TestSolrAuthzBinding.java 7a88d905a7dcdf719669c8a14e74b291975606fc
> sentry-binding/sentry-binding-solr/src/test/java/org/apache/sentry/policy/solr/AbstractTestSearchPolicyEngine.java 3df6ecfd67129af96a1ffe6688738292fc773993
> sentry-binding/sentry-binding-solr/src/test/java/org/apache/sentry/policy/solr/AbstractTestSolrPolicyEngine.java PRE-CREATION
> sentry-binding/sentry-binding-solr/src/test/java/org/apache/sentry/policy/solr/SearchPolicyTestUtil.java e198b5c762ca6eca435d75e07887a10ddd38e361
> sentry-binding/sentry-binding-solr/src/test/java/org/apache/sentry/policy/solr/SolrPolicyTestUtil.java PRE-CREATION
> sentry-binding/sentry-binding-solr/src/test/java/org/apache/sentry/policy/solr/TestCollectionRequiredInRole.java 76211dd0b30a36a67434f9fef2b4d350a1fab941
> sentry-binding/sentry-binding-solr/src/test/java/org/apache/sentry/policy/solr/TestSearchAuthorizationProviderGeneralCases.java b4aa684358a37530037cd68797a325f1099c3e46
> sentry-binding/sentry-binding-solr/src/test/java/org/apache/sentry/policy/solr/TestSearchAuthorizationProviderSpecialCases.java 371f3614a723bd8f515b6d2011e522db5bd7ac51
> sentry-binding/sentry-binding-solr/src/test/java/org/apache/sentry/policy/solr/TestSearchModelAuthorizables.java e7da13ae5cf21a72933f0124d200071ab89379df
> sentry-binding/sentry-binding-solr/src/test/java/org/apache/sentry/policy/solr/TestSearchPolicyEngineDFS.java 59283ea451cbd60d39c0ffd7c98a3ea863238358
> sentry-binding/sentry-binding-solr/src/test/java/org/apache/sentry/policy/solr/TestSearchPolicyEngineLocalFS.java 0ff4502b7f191d8e2cb74a1616124733484cad43
> sentry-binding/sentry-binding-solr/src/test/java/org/apache/sentry/policy/solr/TestSearchPolicyNegative.java 20fee76982094918ec8a98e0ed060ccf37c3b591
> sentry-binding/sentry-binding-solr/src/test/java/org/apache/sentry/policy/solr/TestSolrAuthorizationProviderGeneralCases.java PRE-CREATION
> sentry-binding/sentry-binding-solr/src/test/java/org/apache/sentry/policy/solr/TestSolrAuthorizationProviderSpecialCases.java PRE-CREATION
> sentry-binding/sentry-binding-solr/src/test/java/org/apache/sentry/policy/solr/TestSolrModelAuthorizables.java PRE-CREATION
> sentry-binding/sentry-binding-solr/src/test/java/org/apache/sentry/policy/solr/TestSolrPolicyEngineDFS.java PRE-CREATION
> sentry-binding/sentry-binding-solr/src/test/java/org/apache/sentry/policy/solr/TestSolrPolicyEngineLocalFS.java PRE-CREATION
> sentry-binding/sentry-binding-solr/src/test/java/org/apache/sentry/policy/solr/TestSolrPolicyNegative.java PRE-CREATION
> sentry-binding/sentry-binding-solr/src/test/java/org/apache/sentry/privilege/solr/TestCommonPrivilegeForSearch.java de6d6e0410e0207d62f560403b51cc7b0130c2aa
> sentry-binding/sentry-binding-solr/src/test/java/org/apache/sentry/privilege/solr/TestCommonPrivilegeForSolr.java PRE-CREATION
> sentry-binding/sentry-binding-solr/src/test/resources/test-authz-provider.ini 56317dbf88b833f3a69a78084f345acc613c807a
> sentry-core/pom.xml 6b9176798d5bf466c7e19e7a681dabfa792fdf1d
> sentry-core/sentry-core-model-search/pom.xml 5917a63426179ed06aba22a9dae24f15a7adcac2
> sentry-core/sentry-core-model-search/src/main/java/org/apache/sentry/core/model/search/Collection.java 26ea2874fa81b491fdad5ca23e9d5d1355697ea4
> sentry-core/sentry-core-model-search/src/main/java/org/apache/sentry/core/model/search/Field.java 2dd9065a74a2a0125730fa3ad44d56fd67914b8b
> sentry-core/sentry-core-model-search/src/main/java/org/apache/sentry/core/model/search/SearchActionFactory.java 3f107264955c9603335497f71b5e947cf5ed2bc9
> sentry-core/sentry-core-model-search/src/main/java/org/apache/sentry/core/model/search/SearchConstants.java a2b17fc4ce186430544d315ee00182e3172bafdc
> sentry-core/sentry-core-model-search/src/main/java/org/apache/sentry/core/model/search/SearchModelAction.java 48ac267f5ac45a3c239f71a0860acc65a2151a79
> sentry-core/sentry-core-model-search/src/main/java/org/apache/sentry/core/model/search/SearchModelAuthorizable.java 5a55963d40a9ad959660cf5381d3c2c6269ab0db
> sentry-core/sentry-core-model-search/src/main/java/org/apache/sentry/core/model/search/SearchModelAuthorizables.java 2b190e5ca2b49ca5737a9835e4b301317138ac21
> sentry-core/sentry-core-model-search/src/main/java/org/apache/sentry/core/model/search/SearchPrivilegeModel.java 9429a25e06f2334e5ab847ddfbae2cec42d0d140
> sentry-core/sentry-core-model-search/src/main/java/org/apache/sentry/core/model/search/validator/AbstractSearchPrivilegeValidator.java c06131cbff0000b5991f9c910652d1ff6fba8fa3
> sentry-core/sentry-core-model-search/src/main/java/org/apache/sentry/core/model/search/validator/CollectionRequiredInPrivilege.java 93b3861225c078021dfd6c2e25943efd28ef5b52
> sentry-core/sentry-core-model-search/src/test/java/org/apache/sentry/core/search/TestCollection.java 231140163c4a5db181882f365e888315a7583c0b
> sentry-core/sentry-core-model-search/src/test/java/org/apache/sentry/core/search/TestSearchBitFieldAction.java 0056f40858244331dabe80b29473e94e41a4062e
> sentry-core/sentry-core-model-solr/pom.xml PRE-CREATION
> sentry-core/sentry-core-model-solr/src/main/java/org/apache/sentry/core/model/solr/Admin.java PRE-CREATION
> sentry-core/sentry-core-model-solr/src/main/java/org/apache/sentry/core/model/solr/Collection.java PRE-CREATION
> sentry-core/sentry-core-model-solr/src/main/java/org/apache/sentry/core/model/solr/Config.java PRE-CREATION
> sentry-core/sentry-core-model-solr/src/main/java/org/apache/sentry/core/model/solr/Field.java PRE-CREATION
> sentry-core/sentry-core-model-solr/src/main/java/org/apache/sentry/core/model/solr/Schema.java PRE-CREATION
> sentry-core/sentry-core-model-solr/src/main/java/org/apache/sentry/core/model/solr/SolrActionFactory.java PRE-CREATION
> sentry-core/sentry-core-model-solr/src/main/java/org/apache/sentry/core/model/solr/SolrConstants.java PRE-CREATION
> sentry-core/sentry-core-model-solr/src/main/java/org/apache/sentry/core/model/solr/SolrModelAction.java PRE-CREATION
> sentry-core/sentry-core-model-solr/src/main/java/org/apache/sentry/core/model/solr/SolrModelAuthorizable.java PRE-CREATION
> sentry-core/sentry-core-model-solr/src/main/java/org/apache/sentry/core/model/solr/SolrModelAuthorizables.java PRE-CREATION
> sentry-core/sentry-core-model-solr/src/main/java/org/apache/sentry/core/model/solr/SolrPrivilegeModel.java PRE-CREATION
> sentry-core/sentry-core-model-solr/src/main/java/org/apache/sentry/core/model/solr/validator/SolrPrivilegeValidator.java PRE-CREATION
> sentry-core/sentry-core-model-solr/src/test/java/org/apache/sentry/core/solr/TestCollection.java PRE-CREATION
> sentry-core/sentry-core-model-solr/src/test/java/org/apache/sentry/core/solr/TestSolrBitFieldAction.java PRE-CREATION
> sentry-dist/pom.xml 2d7f57e77f058ce35bd4b4e5dfcaab38849141f2
> sentry-provider/sentry-provider-db/pom.xml cd190324b444f5d95a54268e1919fe0588f2375c
> sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/generic/service/persistent/PrivilegeOperatePersistence.java d8b48874bfe4045ac3c032f4db7839ccdf470101
> sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/generic/tools/GenericPrivilegeConverter.java 51d6df958aea7681c62a751f25e3d2d624dc96dd
> sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/generic/tools/SentryConfigToolSolr.java 77d39194f548dad8700d6f6ef6330c2fa0b92579
> sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/provider/db/generic/service/persistent/TestPrivilegeOperatePersistence.java 34c2107055420db49142a0eb14b1d9f8deb1e2c3
> sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/provider/db/generic/service/persistent/TestSentryGMPrivilege.java 258721e906adb45e7fac29b90955a0b00f9e7e55
> sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/provider/db/generic/service/persistent/TestSentryRole.java 9be4a8b502ad78a17b4528a7c181728e21e8316f
> sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/provider/db/generic/service/thrift/TestSentryGenericPolicyProcessor.java b7f0774ac2a19de915035d1844e0e92392566fb0
> sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/provider/db/generic/service/thrift/TestSentryGenericServiceIntegration.java ac8b2a774964c9f877bc284748d9ec9f9f00a727
> sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/provider/db/generic/tools/TestSentryConfigToolSolr.java 3685073910e4b5f45183742723c6146749a927f1
> sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/provider/db/generic/tools/TestSentryShellSolr.java 55831a45b4e75fefecbebd8ce13da73ce3697d4f
> sentry-solr/pom.xml 133ea60e4eadb04204d187e8298d8e67a01d287e
> sentry-solr/solr-sentry-core/pom.xml e7882626f388b329fd00745e36e356674aae77c8
> sentry-solr/solr-sentry-core/src/main/java/org/apache/solr/sentry/AuditLogger.java 7f3e391e1f7b5a4e4e836639b3ad8b792d1f57d4
> sentry-solr/solr-sentry-core/src/main/java/org/apache/solr/sentry/RollingFileWithoutDeleteAppender.java f749740a376f874dfca885b7acb197381453c3dc
> sentry-solr/solr-sentry-core/src/main/java/org/apache/solr/sentry/SecureRequestHandlerUtil.java be9642bca489a39529c86b9b0f5c36b4724fdc5e
> sentry-solr/solr-sentry-core/src/main/java/org/apache/solr/sentry/SentryIndexAuthorizationSingleton.java 8bd93ad686c056c11f355f14640ad4fc3129b342
> sentry-solr/solr-sentry-handlers/pom.xml 5b024db9dcac387ba447eedd54c33159bb039b8f
> sentry-solr/solr-sentry-handlers/src/main/java/org/apache/solr/handler/SecureDocumentAnalysisRequestHandler.java 1c1f6f8a38579888711dd2cea41319eca52220fe
> sentry-solr/solr-sentry-handlers/src/main/java/org/apache/solr/handler/SecureFieldAnalysisRequestHandler.java 62f9a1969830c1356712b54005cd2036c4b3e7a1
> sentry-solr/solr-sentry-handlers/src/main/java/org/apache/solr/handler/SecureRealTimeGetHandler.java db182ef8e718b90efe2b31cbd8621dfefabb1bef
> sentry-solr/solr-sentry-handlers/src/main/java/org/apache/solr/handler/SecureReplicationHandler.java bdcd830dedacd40afb227594672b7cb2b392fb46
> sentry-solr/solr-sentry-handlers/src/main/java/org/apache/solr/handler/admin/SecureAdminHandlers.java 44db3b479a33ad2c9979f1f1aa0213d959dfdef1
> sentry-solr/solr-sentry-handlers/src/main/java/org/apache/solr/handler/admin/SecureCollectionsHandler.java b5edf2093cd7fda3d53fab39a587df9711dc1e7b
> sentry-solr/solr-sentry-handlers/src/main/java/org/apache/solr/handler/admin/SecureCoreAdminHandler.java ff6e281821f064691d45edb04b2d50761a9b010e
> sentry-solr/solr-sentry-handlers/src/main/java/org/apache/solr/handler/admin/SecureInfoHandler.java 628d1d7ef7a1c526f4529cf8dec6fe2c3a4acf1c
> sentry-solr/solr-sentry-handlers/src/main/java/org/apache/solr/handler/component/QueryDocAuthorizationComponent.java 933db43738af09eb4cf6ea7b678d14df8aaa6aae
> sentry-solr/solr-sentry-handlers/src/main/java/org/apache/solr/handler/component/QueryIndexAuthorizationComponent.java 5fbb7436ea008e9c47c9322702115c7ce74e65ff
> sentry-solr/solr-sentry-handlers/src/main/java/org/apache/solr/handler/component/SecureRealTimeGetComponent.java 7d55a7f65ba518deb4ed755f949640f8c052e310
> sentry-solr/solr-sentry-handlers/src/main/java/org/apache/solr/update/processor/UpdateIndexAuthorizationProcessor.java d995a7d3ca017163a511f6d3f662c4b8ecc4aa6b
> sentry-solr/solr-sentry-handlers/src/main/java/org/apache/solr/update/processor/UpdateIndexAuthorizationProcessorFactory.java 07f7f28395f7e1d06a9517ff95a7ff874975f095
> sentry-solr/solr-sentry-handlers/src/main/resources/sentry-handlers/solr/collection1/lib/classes/empty-file-main-lib.txt 8b137891791fe96927ad78e64b0aad7bded08bdc
> sentry-solr/solr-sentry-handlers/src/test/java/org/apache/solr/handler/TestSecureAnalysisHandlers.java 28406e244b60907eb8bcbc5f2d0b49baa7b0508c
> sentry-solr/solr-sentry-handlers/src/test/java/org/apache/solr/handler/TestSecureReplicationHandler.java 6367814d5ee80f3ca0a4b44ce1dd88fc1d71569e
> sentry-solr/solr-sentry-handlers/src/test/java/org/apache/solr/handler/admin/SecureAdminHandlersTest.java aea44f7e66dd7adffbfd013bbc1bd6cf51cdb4d9
> sentry-solr/solr-sentry-handlers/src/test/java/org/apache/solr/handler/admin/SecureCollectionsHandlerTest.java 218302e87adc417b8df534babdbb392bb5bad747
> sentry-solr/solr-sentry-handlers/src/test/java/org/apache/solr/handler/admin/SecureCoreAdminHandlerTest.java f93fb656156513d80e4e299e00a01ef93b703345
> sentry-solr/solr-sentry-handlers/src/test/java/org/apache/solr/handler/admin/SecureInfoHandlerTest.java 54784f44ae85a989848e1ee026f28d3f647a5e24
> sentry-solr/solr-sentry-handlers/src/test/java/org/apache/solr/handler/component/QueryDocAuthorizationComponentTest.java 1f44628f115b8f9147384fcdf4fc4ac8f6e28709
> sentry-solr/solr-sentry-handlers/src/test/java/org/apache/solr/handler/component/QueryIndexAuthorizationComponentTest.java a1f3760851a3b8b7df595b2679ae7f3ccfd8f3ca
> sentry-solr/solr-sentry-handlers/src/test/java/org/apache/solr/sentry/SentryIndexAuthorizationSingletonTest.java c294cf36672aa8135114d63197d08438b7d6d6c6
> sentry-solr/solr-sentry-handlers/src/test/java/org/apache/solr/sentry/SentrySingletonTestInstance.java 579f79111a16f058e4ab26ded9ba4070ff2e7454
> sentry-solr/solr-sentry-handlers/src/test/java/org/apache/solr/sentry/SentryTestBase.java e1a1ba8c9deeb39dfa43159947ff35fab60d9ecb
> sentry-solr/solr-sentry-handlers/src/test/java/org/apache/solr/update/processor/UpdateIndexAuthorizationProcessorTest.java 630ca7caf36784166062e3ddcba7c064974d9242
> sentry-tests/sentry-tests-solr/pom.xml 311e441a4715230f809252be2ab7882955b80c68
> sentry-tests/sentry-tests-solr/src/test/java/org/apache/sentry/tests/e2e/solr/AbstractSolrSentryTestBase.java 7ddd1e2a35fef843e388e5491af2d58ee678c576
> sentry-tests/sentry-tests-solr/src/test/java/org/apache/sentry/tests/e2e/solr/AbstractSolrSentryTestCase.java PRE-CREATION
> sentry-tests/sentry-tests-solr/src/test/java/org/apache/sentry/tests/e2e/solr/DocLevelGenerator.java e50e3f8d8b75a128323d547f3bd20fa5338ffdb1
> sentry-tests/sentry-tests-solr/src/test/java/org/apache/sentry/tests/e2e/solr/DummyAuthPluginImpl.java PRE-CREATION
> sentry-tests/sentry-tests-solr/src/test/java/org/apache/sentry/tests/e2e/solr/ModifiableUserAuthenticationFilter.java ac676a84c82d4f638aea0ca047fd440c42cfb816
> sentry-tests/sentry-tests-solr/src/test/java/org/apache/sentry/tests/e2e/solr/TestCollAdminCoreOperations.java b0d6db10e9b20062456b112ed28a3b46d4e678fb
> sentry-tests/sentry-tests-solr/src/test/java/org/apache/sentry/tests/e2e/solr/TestDocLevelOperations.java 71452e24528b885b72a66ed8085ffd186f540c4d
> sentry-tests/sentry-tests-solr/src/test/java/org/apache/sentry/tests/e2e/solr/TestQueryOperations.java f8ed955db9350ce59e05d68435757de7935d3314
> sentry-tests/sentry-tests-solr/src/test/java/org/apache/sentry/tests/e2e/solr/TestRealTimeGet.java f9b6c07ca3fabd81dc08687098eb29f4c7c94207
> sentry-tests/sentry-tests-solr/src/test/java/org/apache/sentry/tests/e2e/solr/TestSentryServer.java PRE-CREATION
> sentry-tests/sentry-tests-solr/src/test/java/org/apache/sentry/tests/e2e/solr/TestSolrAdminOperations.java PRE-CREATION
> sentry-tests/sentry-tests-solr/src/test/java/org/apache/sentry/tests/e2e/solr/TestSolrCollectionOperations.java PRE-CREATION
> sentry-tests/sentry-tests-solr/src/test/java/org/apache/sentry/tests/e2e/solr/TestSolrConfigOperations.java PRE-CREATION
> sentry-tests/sentry-tests-solr/src/test/java/org/apache/sentry/tests/e2e/solr/TestSolrSchemaOperations.java PRE-CREATION
> sentry-tests/sentry-tests-solr/src/test/java/org/apache/sentry/tests/e2e/solr/TestUpdateOperations.java 2b246b582c25bd1b5adf1016078c2b9aa3edb6fc
> sentry-tests/sentry-tests-solr/src/test/java/org/apache/sentry/tests/e2e/solr/db/integration/AbstractSolrSentryTestWithDbProvider.java 71c3cb634d744a1985591db6f794e1b3bb96b475
> sentry-tests/sentry-tests-solr/src/test/java/org/apache/sentry/tests/e2e/solr/db/integration/TestSolrAdminOperations.java c07b3b8efebca5693cddf84cc1a7104d9a7b17ee
> sentry-tests/sentry-tests-solr/src/test/java/org/apache/sentry/tests/e2e/solr/db/integration/TestSolrDocLevelOperations.java 7f1fdfdbe2edbf7b340693ea1045470efc79b043
> sentry-tests/sentry-tests-solr/src/test/java/org/apache/sentry/tests/e2e/solr/db/integration/TestSolrQueryOperations.java 3eb6c0f0250e0e6cd8362cd63b7988423d120d80
> sentry-tests/sentry-tests-solr/src/test/java/org/apache/sentry/tests/e2e/solr/db/integration/TestSolrUpdateOperations.java 94123259ab9f9ac90cc3a6d1978f4df7af3f0425
> sentry-tests/sentry-tests-solr/src/test/resources/solr/configsets/cloud-managed/conf/managed-schema PRE-CREATION
> sentry-tests/sentry-tests-solr/src/test/resources/solr/configsets/cloud-managed/conf/solrconfig.xml PRE-CREATION
> sentry-tests/sentry-tests-solr/src/test/resources/solr/configsets/cloud-minimal/conf/schema.xml PRE-CREATION
> sentry-tests/sentry-tests-solr/src/test/resources/solr/configsets/cloud-minimal/conf/solrconfig.xml PRE-CREATION
> sentry-tests/sentry-tests-solr/src/test/resources/solr/configsets/cloud-minimal_doc_level_security/conf/schema.xml PRE-CREATION
> sentry-tests/sentry-tests-solr/src/test/resources/solr/configsets/cloud-minimal_doc_level_security/conf/solrconfig.xml PRE-CREATION
> sentry-tests/sentry-tests-solr/src/test/resources/solr/security/security.json PRE-CREATION
>
>
> Diff: https://reviews.apache.org/r/63250/diff/4/
>
>
> Testing
> -------
>
> All Solr/Sentry unit tests passing
>
>
> Thanks,
>
> Hrishikesh Gadre
>
>
Re: Review Request 63250: [SENTRY-1475] SOLR/Sentry authorization
plugin (with solr 7)
Posted by kalyan kumar kalvagadda via Review Board <no...@reviews.apache.org>.
> On Nov. 1, 2017, 8:42 p.m., kalyan kumar kalvagadda wrote:
> > sentry-core/sentry-core-model-solr/src/main/java/org/apache/sentry/core/model/solr/Admin.java
> > Lines 26 (patched)
> > <https://reviews.apache.org/r/63250/diff/3/?file=1872470#file1872470line26>
> >
> > Here name Admin doesn't explain anything. Please change the name to be more relavent.
>
> Hrishikesh Gadre wrote:
> As we discussed, it is difficult to come up with a different name. Feel free to suggest any alternatives you can think of.
do you think AdminOperation is more appropriate?
- kalyan kumar
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/63250/#review189823
-----------------------------------------------------------
On Oct. 29, 2017, 10:19 p.m., Hrishikesh Gadre wrote:
>
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/63250/
> -----------------------------------------------------------
>
> (Updated Oct. 29, 2017, 10:19 p.m.)
>
>
> Review request for sentry and Sergio Pena.
>
>
> Bugs: SENTRY-1475
> https://issues.apache.org/jira/browse/SENTRY-1475
>
>
> Repository: sentry
>
>
> Description
> -------
>
> - Upgraded Solr to latest version (v7.1.0)
> - Introduced following new authorizable entity types,
> - Admin (to authorize various cluster admin operations)
> - Note that privilege configuration for Solr collections admin operations have changed from "collection=admin->action= <some_action>" to "admin=collections->action=<some_action>". A migration tool will be provided as part of SENTRY-1480).
> - Config (to authorize various Solr collection configuration operations)
> - Schema (to authorize Solr schema changes)
> - Renamed sentry-core-model-search module to sentry-core-model-solr to reflect the fact that it represents logic for Apache SOLR and is consistent with naming convention used for other components (e.g. kafka)
> - Moved the Solr audit log functionality to sentry-binding-solr module so that it can be integrated with the Solr/Sentry authorization plugin.
> - Deleted all the custom Solr request handlers in the sentry-solr/solr-sentry-handlers module since the Solr authorization plugin handles the authorization of all solr requests. This module now contains just the functionality required for implementing Solr document level security.
>
>
> Diffs
> -----
>
> pom.xml af54480
> sentry-binding/sentry-binding-solr/pom.xml ed2624b
> sentry-binding/sentry-binding-solr/src/main/java/org/apache/sentry/binding/solr/authz/SentrySolrAuthorizationException.java 938dbfd
> sentry-binding/sentry-binding-solr/src/main/java/org/apache/sentry/binding/solr/authz/SentrySolrPluginImpl.java PRE-CREATION
> sentry-binding/sentry-binding-solr/src/main/java/org/apache/sentry/binding/solr/authz/SolrAuthzBinding.java 0a818e5
> sentry-binding/sentry-binding-solr/src/main/java/org/apache/sentry/binding/solr/authz/SolrAuthzUtil.java PRE-CREATION
> sentry-binding/sentry-binding-solr/src/main/java/org/apache/sentry/binding/solr/conf/SolrAuthzConf.java 37efa5b
> sentry-binding/sentry-binding-solr/src/main/java/org/apache/solr/sentry/AuditLogger.java PRE-CREATION
> sentry-binding/sentry-binding-solr/src/main/java/org/apache/solr/sentry/RollingFileWithoutDeleteAppender.java PRE-CREATION
> sentry-binding/sentry-binding-solr/src/test/java/org/apache/sentry/binding/solr/HdfsTestUtil.java 859c793
> sentry-binding/sentry-binding-solr/src/test/java/org/apache/sentry/binding/solr/TestSolrAuthzBinding.java 7a88d90
> sentry-binding/sentry-binding-solr/src/test/java/org/apache/sentry/policy/solr/AbstractTestSearchPolicyEngine.java 3df6ecf
> sentry-binding/sentry-binding-solr/src/test/java/org/apache/sentry/policy/solr/AbstractTestSolrPolicyEngine.java PRE-CREATION
> sentry-binding/sentry-binding-solr/src/test/java/org/apache/sentry/policy/solr/SearchPolicyTestUtil.java e198b5c
> sentry-binding/sentry-binding-solr/src/test/java/org/apache/sentry/policy/solr/SolrPolicyTestUtil.java PRE-CREATION
> sentry-binding/sentry-binding-solr/src/test/java/org/apache/sentry/policy/solr/TestCollectionRequiredInRole.java 76211dd
> sentry-binding/sentry-binding-solr/src/test/java/org/apache/sentry/policy/solr/TestSearchAuthorizationProviderGeneralCases.java b4aa684
> sentry-binding/sentry-binding-solr/src/test/java/org/apache/sentry/policy/solr/TestSearchAuthorizationProviderSpecialCases.java 371f361
> sentry-binding/sentry-binding-solr/src/test/java/org/apache/sentry/policy/solr/TestSearchModelAuthorizables.java e7da13a
> sentry-binding/sentry-binding-solr/src/test/java/org/apache/sentry/policy/solr/TestSearchPolicyEngineDFS.java 59283ea
> sentry-binding/sentry-binding-solr/src/test/java/org/apache/sentry/policy/solr/TestSearchPolicyEngineLocalFS.java 0ff4502
> sentry-binding/sentry-binding-solr/src/test/java/org/apache/sentry/policy/solr/TestSearchPolicyNegative.java 20fee76
> sentry-binding/sentry-binding-solr/src/test/java/org/apache/sentry/policy/solr/TestSolrAuthorizationProviderGeneralCases.java PRE-CREATION
> sentry-binding/sentry-binding-solr/src/test/java/org/apache/sentry/policy/solr/TestSolrAuthorizationProviderSpecialCases.java PRE-CREATION
> sentry-binding/sentry-binding-solr/src/test/java/org/apache/sentry/policy/solr/TestSolrModelAuthorizables.java PRE-CREATION
> sentry-binding/sentry-binding-solr/src/test/java/org/apache/sentry/policy/solr/TestSolrPolicyEngineDFS.java PRE-CREATION
> sentry-binding/sentry-binding-solr/src/test/java/org/apache/sentry/policy/solr/TestSolrPolicyEngineLocalFS.java PRE-CREATION
> sentry-binding/sentry-binding-solr/src/test/java/org/apache/sentry/policy/solr/TestSolrPolicyNegative.java PRE-CREATION
> sentry-binding/sentry-binding-solr/src/test/java/org/apache/sentry/privilege/solr/TestCommonPrivilegeForSearch.java de6d6e0
> sentry-binding/sentry-binding-solr/src/test/java/org/apache/sentry/privilege/solr/TestCommonPrivilegeForSolr.java PRE-CREATION
> sentry-binding/sentry-binding-solr/src/test/resources/test-authz-provider.ini 56317db
> sentry-core/pom.xml 6b91767
> sentry-core/sentry-core-model-search/pom.xml 5917a63
> sentry-core/sentry-core-model-search/src/main/java/org/apache/sentry/core/model/search/Collection.java 26ea287
> sentry-core/sentry-core-model-search/src/main/java/org/apache/sentry/core/model/search/Field.java 2dd9065
> sentry-core/sentry-core-model-search/src/main/java/org/apache/sentry/core/model/search/SearchActionFactory.java 3f10726
> sentry-core/sentry-core-model-search/src/main/java/org/apache/sentry/core/model/search/SearchConstants.java a2b17fc
> sentry-core/sentry-core-model-search/src/main/java/org/apache/sentry/core/model/search/SearchModelAction.java 48ac267
> sentry-core/sentry-core-model-search/src/main/java/org/apache/sentry/core/model/search/SearchModelAuthorizable.java 5a55963
> sentry-core/sentry-core-model-search/src/main/java/org/apache/sentry/core/model/search/SearchModelAuthorizables.java 2b190e5
> sentry-core/sentry-core-model-search/src/main/java/org/apache/sentry/core/model/search/SearchPrivilegeModel.java 9429a25
> sentry-core/sentry-core-model-search/src/main/java/org/apache/sentry/core/model/search/validator/AbstractSearchPrivilegeValidator.java c06131c
> sentry-core/sentry-core-model-search/src/main/java/org/apache/sentry/core/model/search/validator/CollectionRequiredInPrivilege.java 93b3861
> sentry-core/sentry-core-model-search/src/test/java/org/apache/sentry/core/search/TestCollection.java 2311401
> sentry-core/sentry-core-model-search/src/test/java/org/apache/sentry/core/search/TestSearchBitFieldAction.java 0056f40
> sentry-core/sentry-core-model-solr/pom.xml PRE-CREATION
> sentry-core/sentry-core-model-solr/src/main/java/org/apache/sentry/core/model/solr/Admin.java PRE-CREATION
> sentry-core/sentry-core-model-solr/src/main/java/org/apache/sentry/core/model/solr/Collection.java PRE-CREATION
> sentry-core/sentry-core-model-solr/src/main/java/org/apache/sentry/core/model/solr/Config.java PRE-CREATION
> sentry-core/sentry-core-model-solr/src/main/java/org/apache/sentry/core/model/solr/Field.java PRE-CREATION
> sentry-core/sentry-core-model-solr/src/main/java/org/apache/sentry/core/model/solr/Schema.java PRE-CREATION
> sentry-core/sentry-core-model-solr/src/main/java/org/apache/sentry/core/model/solr/SolrActionFactory.java PRE-CREATION
> sentry-core/sentry-core-model-solr/src/main/java/org/apache/sentry/core/model/solr/SolrConstants.java PRE-CREATION
> sentry-core/sentry-core-model-solr/src/main/java/org/apache/sentry/core/model/solr/SolrModelAction.java PRE-CREATION
> sentry-core/sentry-core-model-solr/src/main/java/org/apache/sentry/core/model/solr/SolrModelAuthorizable.java PRE-CREATION
> sentry-core/sentry-core-model-solr/src/main/java/org/apache/sentry/core/model/solr/SolrModelAuthorizables.java PRE-CREATION
> sentry-core/sentry-core-model-solr/src/main/java/org/apache/sentry/core/model/solr/SolrPrivilegeModel.java PRE-CREATION
> sentry-core/sentry-core-model-solr/src/main/java/org/apache/sentry/core/model/solr/validator/SolrPrivilegeValidator.java PRE-CREATION
> sentry-core/sentry-core-model-solr/src/test/java/org/apache/sentry/core/solr/TestCollection.java PRE-CREATION
> sentry-core/sentry-core-model-solr/src/test/java/org/apache/sentry/core/solr/TestSolrBitFieldAction.java PRE-CREATION
> sentry-dist/pom.xml 2d7f57e
> sentry-provider/sentry-provider-db/pom.xml cd19032
> sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/generic/service/persistent/PrivilegeOperatePersistence.java d8b4887
> sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/generic/tools/GenericPrivilegeConverter.java 51d6df9
> sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/generic/tools/SentryConfigToolSolr.java 77d3919
> sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/provider/db/generic/service/persistent/TestPrivilegeOperatePersistence.java 34c2107
> sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/provider/db/generic/service/persistent/TestSentryGMPrivilege.java 258721e
> sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/provider/db/generic/service/persistent/TestSentryRole.java 9be4a8b
> sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/provider/db/generic/service/thrift/TestSentryGenericPolicyProcessor.java b7f0774
> sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/provider/db/generic/service/thrift/TestSentryGenericServiceIntegration.java ac8b2a7
> sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/provider/db/generic/tools/TestSentryConfigToolSolr.java 3685073
> sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/provider/db/generic/tools/TestSentryShellSolr.java 55831a4
> sentry-solr/pom.xml 133ea60
> sentry-solr/solr-sentry-core/pom.xml e788262
> sentry-solr/solr-sentry-core/src/main/java/org/apache/solr/sentry/AuditLogger.java 7f3e391
> sentry-solr/solr-sentry-core/src/main/java/org/apache/solr/sentry/RollingFileWithoutDeleteAppender.java f749740
> sentry-solr/solr-sentry-core/src/main/java/org/apache/solr/sentry/SecureRequestHandlerUtil.java be9642b
> sentry-solr/solr-sentry-core/src/main/java/org/apache/solr/sentry/SentryIndexAuthorizationSingleton.java 8bd93ad
> sentry-solr/solr-sentry-handlers/pom.xml 5b024db
> sentry-solr/solr-sentry-handlers/src/main/java/org/apache/solr/handler/SecureDocumentAnalysisRequestHandler.java 1c1f6f8
> sentry-solr/solr-sentry-handlers/src/main/java/org/apache/solr/handler/SecureFieldAnalysisRequestHandler.java 62f9a19
> sentry-solr/solr-sentry-handlers/src/main/java/org/apache/solr/handler/SecureRealTimeGetHandler.java db182ef
> sentry-solr/solr-sentry-handlers/src/main/java/org/apache/solr/handler/SecureReplicationHandler.java bdcd830
> sentry-solr/solr-sentry-handlers/src/main/java/org/apache/solr/handler/admin/SecureAdminHandlers.java 44db3b4
> sentry-solr/solr-sentry-handlers/src/main/java/org/apache/solr/handler/admin/SecureCollectionsHandler.java b5edf20
> sentry-solr/solr-sentry-handlers/src/main/java/org/apache/solr/handler/admin/SecureCoreAdminHandler.java ff6e281
> sentry-solr/solr-sentry-handlers/src/main/java/org/apache/solr/handler/admin/SecureInfoHandler.java 628d1d7
> sentry-solr/solr-sentry-handlers/src/main/java/org/apache/solr/handler/component/QueryDocAuthorizationComponent.java 933db43
> sentry-solr/solr-sentry-handlers/src/main/java/org/apache/solr/handler/component/QueryIndexAuthorizationComponent.java 5fbb743
> sentry-solr/solr-sentry-handlers/src/main/java/org/apache/solr/handler/component/SecureRealTimeGetComponent.java 7d55a7f
> sentry-solr/solr-sentry-handlers/src/main/java/org/apache/solr/update/processor/UpdateIndexAuthorizationProcessor.java d995a7d
> sentry-solr/solr-sentry-handlers/src/main/java/org/apache/solr/update/processor/UpdateIndexAuthorizationProcessorFactory.java 07f7f28
> sentry-solr/solr-sentry-handlers/src/main/resources/sentry-handlers/solr/collection1/lib/classes/empty-file-main-lib.txt 8b13789
> sentry-solr/solr-sentry-handlers/src/test/java/org/apache/solr/handler/TestSecureAnalysisHandlers.java 28406e2
> sentry-solr/solr-sentry-handlers/src/test/java/org/apache/solr/handler/TestSecureReplicationHandler.java 6367814
> sentry-solr/solr-sentry-handlers/src/test/java/org/apache/solr/handler/admin/SecureAdminHandlersTest.java aea44f7
> sentry-solr/solr-sentry-handlers/src/test/java/org/apache/solr/handler/admin/SecureCollectionsHandlerTest.java 218302e
> sentry-solr/solr-sentry-handlers/src/test/java/org/apache/solr/handler/admin/SecureCoreAdminHandlerTest.java f93fb65
> sentry-solr/solr-sentry-handlers/src/test/java/org/apache/solr/handler/admin/SecureInfoHandlerTest.java 54784f4
> sentry-solr/solr-sentry-handlers/src/test/java/org/apache/solr/handler/component/QueryDocAuthorizationComponentTest.java 1f44628
> sentry-solr/solr-sentry-handlers/src/test/java/org/apache/solr/handler/component/QueryIndexAuthorizationComponentTest.java a1f3760
> sentry-solr/solr-sentry-handlers/src/test/java/org/apache/solr/sentry/SentryIndexAuthorizationSingletonTest.java c294cf3
> sentry-solr/solr-sentry-handlers/src/test/java/org/apache/solr/sentry/SentrySingletonTestInstance.java 579f791
> sentry-solr/solr-sentry-handlers/src/test/java/org/apache/solr/sentry/SentryTestBase.java e1a1ba8
> sentry-solr/solr-sentry-handlers/src/test/java/org/apache/solr/update/processor/UpdateIndexAuthorizationProcessorTest.java 630ca7c
> sentry-tests/sentry-tests-solr/pom.xml 311e441
> sentry-tests/sentry-tests-solr/src/test/java/org/apache/sentry/tests/e2e/solr/AbstractSolrSentryTestBase.java 7ddd1e2
> sentry-tests/sentry-tests-solr/src/test/java/org/apache/sentry/tests/e2e/solr/AbstractSolrSentryTestCase.java PRE-CREATION
> sentry-tests/sentry-tests-solr/src/test/java/org/apache/sentry/tests/e2e/solr/DocLevelGenerator.java e50e3f8
> sentry-tests/sentry-tests-solr/src/test/java/org/apache/sentry/tests/e2e/solr/DummyAuthPluginImpl.java PRE-CREATION
> sentry-tests/sentry-tests-solr/src/test/java/org/apache/sentry/tests/e2e/solr/ModifiableUserAuthenticationFilter.java ac676a8
> sentry-tests/sentry-tests-solr/src/test/java/org/apache/sentry/tests/e2e/solr/TestCollAdminCoreOperations.java b0d6db1
> sentry-tests/sentry-tests-solr/src/test/java/org/apache/sentry/tests/e2e/solr/TestDocLevelOperations.java 71452e2
> sentry-tests/sentry-tests-solr/src/test/java/org/apache/sentry/tests/e2e/solr/TestQueryOperations.java f8ed955
> sentry-tests/sentry-tests-solr/src/test/java/org/apache/sentry/tests/e2e/solr/TestRealTimeGet.java f9b6c07
> sentry-tests/sentry-tests-solr/src/test/java/org/apache/sentry/tests/e2e/solr/TestSentryServer.java PRE-CREATION
> sentry-tests/sentry-tests-solr/src/test/java/org/apache/sentry/tests/e2e/solr/TestSolrAdminOperations.java PRE-CREATION
> sentry-tests/sentry-tests-solr/src/test/java/org/apache/sentry/tests/e2e/solr/TestSolrCollectionOperations.java PRE-CREATION
> sentry-tests/sentry-tests-solr/src/test/java/org/apache/sentry/tests/e2e/solr/TestSolrConfigOperations.java PRE-CREATION
> sentry-tests/sentry-tests-solr/src/test/java/org/apache/sentry/tests/e2e/solr/TestSolrSchemaOperations.java PRE-CREATION
> sentry-tests/sentry-tests-solr/src/test/java/org/apache/sentry/tests/e2e/solr/TestUpdateOperations.java 2b246b5
> sentry-tests/sentry-tests-solr/src/test/java/org/apache/sentry/tests/e2e/solr/db/integration/AbstractSolrSentryTestWithDbProvider.java 71c3cb6
> sentry-tests/sentry-tests-solr/src/test/java/org/apache/sentry/tests/e2e/solr/db/integration/TestSolrAdminOperations.java c07b3b8
> sentry-tests/sentry-tests-solr/src/test/java/org/apache/sentry/tests/e2e/solr/db/integration/TestSolrDocLevelOperations.java 7f1fdfd
> sentry-tests/sentry-tests-solr/src/test/java/org/apache/sentry/tests/e2e/solr/db/integration/TestSolrQueryOperations.java 3eb6c0f
> sentry-tests/sentry-tests-solr/src/test/java/org/apache/sentry/tests/e2e/solr/db/integration/TestSolrUpdateOperations.java 9412325
> sentry-tests/sentry-tests-solr/src/test/resources/solr/configsets/cloud-managed/conf/managed-schema PRE-CREATION
> sentry-tests/sentry-tests-solr/src/test/resources/solr/configsets/cloud-managed/conf/solrconfig.xml PRE-CREATION
> sentry-tests/sentry-tests-solr/src/test/resources/solr/configsets/cloud-minimal/conf/schema.xml PRE-CREATION
> sentry-tests/sentry-tests-solr/src/test/resources/solr/configsets/cloud-minimal/conf/solrconfig.xml PRE-CREATION
> sentry-tests/sentry-tests-solr/src/test/resources/solr/configsets/cloud-minimal_doc_level_security/conf/schema.xml PRE-CREATION
> sentry-tests/sentry-tests-solr/src/test/resources/solr/configsets/cloud-minimal_doc_level_security/conf/solrconfig.xml PRE-CREATION
> sentry-tests/sentry-tests-solr/src/test/resources/solr/security/security.json PRE-CREATION
>
>
> Diff: https://reviews.apache.org/r/63250/diff/3/
>
>
> Testing
> -------
>
> All Solr/Sentry unit tests passing
>
>
> Thanks,
>
> Hrishikesh Gadre
>
>
Re: Review Request 63250: [SENTRY-1475] SOLR/Sentry authorization
plugin (with solr 7)
Posted by Hrishikesh Gadre via Review Board <no...@reviews.apache.org>.
> On Nov. 1, 2017, 8:42 p.m., kalyan kumar kalvagadda wrote:
> > sentry-core/sentry-core-model-solr/src/main/java/org/apache/sentry/core/model/solr/Admin.java
> > Lines 26 (patched)
> > <https://reviews.apache.org/r/63250/diff/3/?file=1872470#file1872470line26>
> >
> > Here name Admin doesn't explain anything. Please change the name to be more relavent.
>
> Hrishikesh Gadre wrote:
> As we discussed, it is difficult to come up with a different name. Feel free to suggest any alternatives you can think of.
>
> kalyan kumar kalvagadda wrote:
> do you think AdminOperation is more appropriate?
Yes. While AdminOperation seems clearer than Admin, it is a bit verbose. Also we should keep the permission name simple and easy to remember. So we can change the class name from Admin -> AdminOperation, but will still use "admin" in the permission definition. e.g. admin=collections -> action=update INSTEAD of adminoperation=collections -> action=collections. What do you think?
- Hrishikesh
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/63250/#review189823
-----------------------------------------------------------
On Nov. 3, 2017, 7:02 p.m., Hrishikesh Gadre wrote:
>
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/63250/
> -----------------------------------------------------------
>
> (Updated Nov. 3, 2017, 7:02 p.m.)
>
>
> Review request for sentry and Sergio Pena.
>
>
> Bugs: SENTRY-1475
> https://issues.apache.org/jira/browse/SENTRY-1475
>
>
> Repository: sentry
>
>
> Description
> -------
>
> - Upgraded Solr to latest version (v7.1.0)
> - Introduced following new authorizable entity types,
> - Admin (to authorize various cluster admin operations)
> - Note that privilege configuration for Solr collections admin operations have changed from "collection=admin->action= <some_action>" to "admin=collections->action=<some_action>". A migration tool will be provided as part of SENTRY-1480).
> - Config (to authorize various Solr collection configuration operations)
> - Schema (to authorize Solr schema changes)
> - Renamed sentry-core-model-search module to sentry-core-model-solr to reflect the fact that it represents logic for Apache SOLR and is consistent with naming convention used for other components (e.g. kafka)
> - Moved the Solr audit log functionality to sentry-binding-solr module so that it can be integrated with the Solr/Sentry authorization plugin.
> - Deleted all the custom Solr request handlers in the sentry-solr/solr-sentry-handlers module since the Solr authorization plugin handles the authorization of all solr requests. This module now contains just the functionality required for implementing Solr document level security.
>
>
> Diffs
> -----
>
> pom.xml af54480906489a14788f594da2a923f9e9c0ed29
> sentry-binding/sentry-binding-solr/pom.xml ed2624b68322186c10f42c615f635419147ba1f9
> sentry-binding/sentry-binding-solr/src/main/java/org/apache/sentry/binding/solr/authz/SentrySolrAuthorizationException.java 938dbfdbd9df440b9e6dad574627ebfece6c7f0b
> sentry-binding/sentry-binding-solr/src/main/java/org/apache/sentry/binding/solr/authz/SentrySolrPluginImpl.java PRE-CREATION
> sentry-binding/sentry-binding-solr/src/main/java/org/apache/sentry/binding/solr/authz/SolrAuthzBinding.java 0a818e58c72e52a6d7d60593fd63446402eab2f9
> sentry-binding/sentry-binding-solr/src/main/java/org/apache/sentry/binding/solr/authz/SolrAuthzUtil.java PRE-CREATION
> sentry-binding/sentry-binding-solr/src/main/java/org/apache/sentry/binding/solr/conf/SolrAuthzConf.java 37efa5bfda0a2dbc46c38e6cd6c0b8d7b987f865
> sentry-binding/sentry-binding-solr/src/main/java/org/apache/solr/sentry/AuditLogger.java PRE-CREATION
> sentry-binding/sentry-binding-solr/src/main/java/org/apache/solr/sentry/RollingFileWithoutDeleteAppender.java PRE-CREATION
> sentry-binding/sentry-binding-solr/src/test/java/org/apache/sentry/binding/solr/HdfsTestUtil.java 859c793c54663af867e710c421929404ef5322e1
> sentry-binding/sentry-binding-solr/src/test/java/org/apache/sentry/binding/solr/TestSolrAuthzBinding.java 7a88d905a7dcdf719669c8a14e74b291975606fc
> sentry-binding/sentry-binding-solr/src/test/java/org/apache/sentry/policy/solr/AbstractTestSearchPolicyEngine.java 3df6ecfd67129af96a1ffe6688738292fc773993
> sentry-binding/sentry-binding-solr/src/test/java/org/apache/sentry/policy/solr/AbstractTestSolrPolicyEngine.java PRE-CREATION
> sentry-binding/sentry-binding-solr/src/test/java/org/apache/sentry/policy/solr/SearchPolicyTestUtil.java e198b5c762ca6eca435d75e07887a10ddd38e361
> sentry-binding/sentry-binding-solr/src/test/java/org/apache/sentry/policy/solr/SolrPolicyTestUtil.java PRE-CREATION
> sentry-binding/sentry-binding-solr/src/test/java/org/apache/sentry/policy/solr/TestCollectionRequiredInRole.java 76211dd0b30a36a67434f9fef2b4d350a1fab941
> sentry-binding/sentry-binding-solr/src/test/java/org/apache/sentry/policy/solr/TestSearchAuthorizationProviderGeneralCases.java b4aa684358a37530037cd68797a325f1099c3e46
> sentry-binding/sentry-binding-solr/src/test/java/org/apache/sentry/policy/solr/TestSearchAuthorizationProviderSpecialCases.java 371f3614a723bd8f515b6d2011e522db5bd7ac51
> sentry-binding/sentry-binding-solr/src/test/java/org/apache/sentry/policy/solr/TestSearchModelAuthorizables.java e7da13ae5cf21a72933f0124d200071ab89379df
> sentry-binding/sentry-binding-solr/src/test/java/org/apache/sentry/policy/solr/TestSearchPolicyEngineDFS.java 59283ea451cbd60d39c0ffd7c98a3ea863238358
> sentry-binding/sentry-binding-solr/src/test/java/org/apache/sentry/policy/solr/TestSearchPolicyEngineLocalFS.java 0ff4502b7f191d8e2cb74a1616124733484cad43
> sentry-binding/sentry-binding-solr/src/test/java/org/apache/sentry/policy/solr/TestSearchPolicyNegative.java 20fee76982094918ec8a98e0ed060ccf37c3b591
> sentry-binding/sentry-binding-solr/src/test/java/org/apache/sentry/policy/solr/TestSolrAuthorizationProviderGeneralCases.java PRE-CREATION
> sentry-binding/sentry-binding-solr/src/test/java/org/apache/sentry/policy/solr/TestSolrAuthorizationProviderSpecialCases.java PRE-CREATION
> sentry-binding/sentry-binding-solr/src/test/java/org/apache/sentry/policy/solr/TestSolrModelAuthorizables.java PRE-CREATION
> sentry-binding/sentry-binding-solr/src/test/java/org/apache/sentry/policy/solr/TestSolrPolicyEngineDFS.java PRE-CREATION
> sentry-binding/sentry-binding-solr/src/test/java/org/apache/sentry/policy/solr/TestSolrPolicyEngineLocalFS.java PRE-CREATION
> sentry-binding/sentry-binding-solr/src/test/java/org/apache/sentry/policy/solr/TestSolrPolicyNegative.java PRE-CREATION
> sentry-binding/sentry-binding-solr/src/test/java/org/apache/sentry/privilege/solr/TestCommonPrivilegeForSearch.java de6d6e0410e0207d62f560403b51cc7b0130c2aa
> sentry-binding/sentry-binding-solr/src/test/java/org/apache/sentry/privilege/solr/TestCommonPrivilegeForSolr.java PRE-CREATION
> sentry-binding/sentry-binding-solr/src/test/resources/test-authz-provider.ini 56317dbf88b833f3a69a78084f345acc613c807a
> sentry-core/pom.xml 6b9176798d5bf466c7e19e7a681dabfa792fdf1d
> sentry-core/sentry-core-model-search/pom.xml 5917a63426179ed06aba22a9dae24f15a7adcac2
> sentry-core/sentry-core-model-search/src/main/java/org/apache/sentry/core/model/search/Collection.java 26ea2874fa81b491fdad5ca23e9d5d1355697ea4
> sentry-core/sentry-core-model-search/src/main/java/org/apache/sentry/core/model/search/Field.java 2dd9065a74a2a0125730fa3ad44d56fd67914b8b
> sentry-core/sentry-core-model-search/src/main/java/org/apache/sentry/core/model/search/SearchActionFactory.java 3f107264955c9603335497f71b5e947cf5ed2bc9
> sentry-core/sentry-core-model-search/src/main/java/org/apache/sentry/core/model/search/SearchConstants.java a2b17fc4ce186430544d315ee00182e3172bafdc
> sentry-core/sentry-core-model-search/src/main/java/org/apache/sentry/core/model/search/SearchModelAction.java 48ac267f5ac45a3c239f71a0860acc65a2151a79
> sentry-core/sentry-core-model-search/src/main/java/org/apache/sentry/core/model/search/SearchModelAuthorizable.java 5a55963d40a9ad959660cf5381d3c2c6269ab0db
> sentry-core/sentry-core-model-search/src/main/java/org/apache/sentry/core/model/search/SearchModelAuthorizables.java 2b190e5ca2b49ca5737a9835e4b301317138ac21
> sentry-core/sentry-core-model-search/src/main/java/org/apache/sentry/core/model/search/SearchPrivilegeModel.java 9429a25e06f2334e5ab847ddfbae2cec42d0d140
> sentry-core/sentry-core-model-search/src/main/java/org/apache/sentry/core/model/search/validator/AbstractSearchPrivilegeValidator.java c06131cbff0000b5991f9c910652d1ff6fba8fa3
> sentry-core/sentry-core-model-search/src/main/java/org/apache/sentry/core/model/search/validator/CollectionRequiredInPrivilege.java 93b3861225c078021dfd6c2e25943efd28ef5b52
> sentry-core/sentry-core-model-search/src/test/java/org/apache/sentry/core/search/TestCollection.java 231140163c4a5db181882f365e888315a7583c0b
> sentry-core/sentry-core-model-search/src/test/java/org/apache/sentry/core/search/TestSearchBitFieldAction.java 0056f40858244331dabe80b29473e94e41a4062e
> sentry-core/sentry-core-model-solr/pom.xml PRE-CREATION
> sentry-core/sentry-core-model-solr/src/main/java/org/apache/sentry/core/model/solr/Admin.java PRE-CREATION
> sentry-core/sentry-core-model-solr/src/main/java/org/apache/sentry/core/model/solr/Collection.java PRE-CREATION
> sentry-core/sentry-core-model-solr/src/main/java/org/apache/sentry/core/model/solr/Config.java PRE-CREATION
> sentry-core/sentry-core-model-solr/src/main/java/org/apache/sentry/core/model/solr/Field.java PRE-CREATION
> sentry-core/sentry-core-model-solr/src/main/java/org/apache/sentry/core/model/solr/Schema.java PRE-CREATION
> sentry-core/sentry-core-model-solr/src/main/java/org/apache/sentry/core/model/solr/SolrActionFactory.java PRE-CREATION
> sentry-core/sentry-core-model-solr/src/main/java/org/apache/sentry/core/model/solr/SolrConstants.java PRE-CREATION
> sentry-core/sentry-core-model-solr/src/main/java/org/apache/sentry/core/model/solr/SolrModelAction.java PRE-CREATION
> sentry-core/sentry-core-model-solr/src/main/java/org/apache/sentry/core/model/solr/SolrModelAuthorizable.java PRE-CREATION
> sentry-core/sentry-core-model-solr/src/main/java/org/apache/sentry/core/model/solr/SolrModelAuthorizables.java PRE-CREATION
> sentry-core/sentry-core-model-solr/src/main/java/org/apache/sentry/core/model/solr/SolrPrivilegeModel.java PRE-CREATION
> sentry-core/sentry-core-model-solr/src/main/java/org/apache/sentry/core/model/solr/validator/SolrPrivilegeValidator.java PRE-CREATION
> sentry-core/sentry-core-model-solr/src/test/java/org/apache/sentry/core/solr/TestCollection.java PRE-CREATION
> sentry-core/sentry-core-model-solr/src/test/java/org/apache/sentry/core/solr/TestSolrBitFieldAction.java PRE-CREATION
> sentry-dist/pom.xml 2d7f57e77f058ce35bd4b4e5dfcaab38849141f2
> sentry-provider/sentry-provider-db/pom.xml cd190324b444f5d95a54268e1919fe0588f2375c
> sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/generic/service/persistent/PrivilegeOperatePersistence.java d8b48874bfe4045ac3c032f4db7839ccdf470101
> sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/generic/tools/GenericPrivilegeConverter.java 51d6df958aea7681c62a751f25e3d2d624dc96dd
> sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/generic/tools/SentryConfigToolSolr.java 77d39194f548dad8700d6f6ef6330c2fa0b92579
> sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/provider/db/generic/service/persistent/TestPrivilegeOperatePersistence.java 34c2107055420db49142a0eb14b1d9f8deb1e2c3
> sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/provider/db/generic/service/persistent/TestSentryGMPrivilege.java 258721e906adb45e7fac29b90955a0b00f9e7e55
> sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/provider/db/generic/service/persistent/TestSentryRole.java 9be4a8b502ad78a17b4528a7c181728e21e8316f
> sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/provider/db/generic/service/thrift/TestSentryGenericPolicyProcessor.java b7f0774ac2a19de915035d1844e0e92392566fb0
> sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/provider/db/generic/service/thrift/TestSentryGenericServiceIntegration.java ac8b2a774964c9f877bc284748d9ec9f9f00a727
> sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/provider/db/generic/tools/TestSentryConfigToolSolr.java 3685073910e4b5f45183742723c6146749a927f1
> sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/provider/db/generic/tools/TestSentryShellSolr.java 55831a45b4e75fefecbebd8ce13da73ce3697d4f
> sentry-solr/pom.xml 133ea60e4eadb04204d187e8298d8e67a01d287e
> sentry-solr/solr-sentry-core/pom.xml e7882626f388b329fd00745e36e356674aae77c8
> sentry-solr/solr-sentry-core/src/main/java/org/apache/solr/sentry/AuditLogger.java 7f3e391e1f7b5a4e4e836639b3ad8b792d1f57d4
> sentry-solr/solr-sentry-core/src/main/java/org/apache/solr/sentry/RollingFileWithoutDeleteAppender.java f749740a376f874dfca885b7acb197381453c3dc
> sentry-solr/solr-sentry-core/src/main/java/org/apache/solr/sentry/SecureRequestHandlerUtil.java be9642bca489a39529c86b9b0f5c36b4724fdc5e
> sentry-solr/solr-sentry-core/src/main/java/org/apache/solr/sentry/SentryIndexAuthorizationSingleton.java 8bd93ad686c056c11f355f14640ad4fc3129b342
> sentry-solr/solr-sentry-handlers/pom.xml 5b024db9dcac387ba447eedd54c33159bb039b8f
> sentry-solr/solr-sentry-handlers/src/main/java/org/apache/solr/handler/SecureDocumentAnalysisRequestHandler.java 1c1f6f8a38579888711dd2cea41319eca52220fe
> sentry-solr/solr-sentry-handlers/src/main/java/org/apache/solr/handler/SecureFieldAnalysisRequestHandler.java 62f9a1969830c1356712b54005cd2036c4b3e7a1
> sentry-solr/solr-sentry-handlers/src/main/java/org/apache/solr/handler/SecureRealTimeGetHandler.java db182ef8e718b90efe2b31cbd8621dfefabb1bef
> sentry-solr/solr-sentry-handlers/src/main/java/org/apache/solr/handler/SecureReplicationHandler.java bdcd830dedacd40afb227594672b7cb2b392fb46
> sentry-solr/solr-sentry-handlers/src/main/java/org/apache/solr/handler/admin/SecureAdminHandlers.java 44db3b479a33ad2c9979f1f1aa0213d959dfdef1
> sentry-solr/solr-sentry-handlers/src/main/java/org/apache/solr/handler/admin/SecureCollectionsHandler.java b5edf2093cd7fda3d53fab39a587df9711dc1e7b
> sentry-solr/solr-sentry-handlers/src/main/java/org/apache/solr/handler/admin/SecureCoreAdminHandler.java ff6e281821f064691d45edb04b2d50761a9b010e
> sentry-solr/solr-sentry-handlers/src/main/java/org/apache/solr/handler/admin/SecureInfoHandler.java 628d1d7ef7a1c526f4529cf8dec6fe2c3a4acf1c
> sentry-solr/solr-sentry-handlers/src/main/java/org/apache/solr/handler/component/QueryDocAuthorizationComponent.java 933db43738af09eb4cf6ea7b678d14df8aaa6aae
> sentry-solr/solr-sentry-handlers/src/main/java/org/apache/solr/handler/component/QueryIndexAuthorizationComponent.java 5fbb7436ea008e9c47c9322702115c7ce74e65ff
> sentry-solr/solr-sentry-handlers/src/main/java/org/apache/solr/handler/component/SecureRealTimeGetComponent.java 7d55a7f65ba518deb4ed755f949640f8c052e310
> sentry-solr/solr-sentry-handlers/src/main/java/org/apache/solr/update/processor/UpdateIndexAuthorizationProcessor.java d995a7d3ca017163a511f6d3f662c4b8ecc4aa6b
> sentry-solr/solr-sentry-handlers/src/main/java/org/apache/solr/update/processor/UpdateIndexAuthorizationProcessorFactory.java 07f7f28395f7e1d06a9517ff95a7ff874975f095
> sentry-solr/solr-sentry-handlers/src/main/resources/sentry-handlers/solr/collection1/lib/classes/empty-file-main-lib.txt 8b137891791fe96927ad78e64b0aad7bded08bdc
> sentry-solr/solr-sentry-handlers/src/test/java/org/apache/solr/handler/TestSecureAnalysisHandlers.java 28406e244b60907eb8bcbc5f2d0b49baa7b0508c
> sentry-solr/solr-sentry-handlers/src/test/java/org/apache/solr/handler/TestSecureReplicationHandler.java 6367814d5ee80f3ca0a4b44ce1dd88fc1d71569e
> sentry-solr/solr-sentry-handlers/src/test/java/org/apache/solr/handler/admin/SecureAdminHandlersTest.java aea44f7e66dd7adffbfd013bbc1bd6cf51cdb4d9
> sentry-solr/solr-sentry-handlers/src/test/java/org/apache/solr/handler/admin/SecureCollectionsHandlerTest.java 218302e87adc417b8df534babdbb392bb5bad747
> sentry-solr/solr-sentry-handlers/src/test/java/org/apache/solr/handler/admin/SecureCoreAdminHandlerTest.java f93fb656156513d80e4e299e00a01ef93b703345
> sentry-solr/solr-sentry-handlers/src/test/java/org/apache/solr/handler/admin/SecureInfoHandlerTest.java 54784f44ae85a989848e1ee026f28d3f647a5e24
> sentry-solr/solr-sentry-handlers/src/test/java/org/apache/solr/handler/component/QueryDocAuthorizationComponentTest.java 1f44628f115b8f9147384fcdf4fc4ac8f6e28709
> sentry-solr/solr-sentry-handlers/src/test/java/org/apache/solr/handler/component/QueryIndexAuthorizationComponentTest.java a1f3760851a3b8b7df595b2679ae7f3ccfd8f3ca
> sentry-solr/solr-sentry-handlers/src/test/java/org/apache/solr/sentry/SentryIndexAuthorizationSingletonTest.java c294cf36672aa8135114d63197d08438b7d6d6c6
> sentry-solr/solr-sentry-handlers/src/test/java/org/apache/solr/sentry/SentrySingletonTestInstance.java 579f79111a16f058e4ab26ded9ba4070ff2e7454
> sentry-solr/solr-sentry-handlers/src/test/java/org/apache/solr/sentry/SentryTestBase.java e1a1ba8c9deeb39dfa43159947ff35fab60d9ecb
> sentry-solr/solr-sentry-handlers/src/test/java/org/apache/solr/update/processor/UpdateIndexAuthorizationProcessorTest.java 630ca7caf36784166062e3ddcba7c064974d9242
> sentry-tests/sentry-tests-solr/pom.xml 311e441a4715230f809252be2ab7882955b80c68
> sentry-tests/sentry-tests-solr/src/test/java/org/apache/sentry/tests/e2e/solr/AbstractSolrSentryTestBase.java 7ddd1e2a35fef843e388e5491af2d58ee678c576
> sentry-tests/sentry-tests-solr/src/test/java/org/apache/sentry/tests/e2e/solr/AbstractSolrSentryTestCase.java PRE-CREATION
> sentry-tests/sentry-tests-solr/src/test/java/org/apache/sentry/tests/e2e/solr/DocLevelGenerator.java e50e3f8d8b75a128323d547f3bd20fa5338ffdb1
> sentry-tests/sentry-tests-solr/src/test/java/org/apache/sentry/tests/e2e/solr/DummyAuthPluginImpl.java PRE-CREATION
> sentry-tests/sentry-tests-solr/src/test/java/org/apache/sentry/tests/e2e/solr/ModifiableUserAuthenticationFilter.java ac676a84c82d4f638aea0ca047fd440c42cfb816
> sentry-tests/sentry-tests-solr/src/test/java/org/apache/sentry/tests/e2e/solr/TestCollAdminCoreOperations.java b0d6db10e9b20062456b112ed28a3b46d4e678fb
> sentry-tests/sentry-tests-solr/src/test/java/org/apache/sentry/tests/e2e/solr/TestDocLevelOperations.java 71452e24528b885b72a66ed8085ffd186f540c4d
> sentry-tests/sentry-tests-solr/src/test/java/org/apache/sentry/tests/e2e/solr/TestQueryOperations.java f8ed955db9350ce59e05d68435757de7935d3314
> sentry-tests/sentry-tests-solr/src/test/java/org/apache/sentry/tests/e2e/solr/TestRealTimeGet.java f9b6c07ca3fabd81dc08687098eb29f4c7c94207
> sentry-tests/sentry-tests-solr/src/test/java/org/apache/sentry/tests/e2e/solr/TestSentryServer.java PRE-CREATION
> sentry-tests/sentry-tests-solr/src/test/java/org/apache/sentry/tests/e2e/solr/TestSolrAdminOperations.java PRE-CREATION
> sentry-tests/sentry-tests-solr/src/test/java/org/apache/sentry/tests/e2e/solr/TestSolrCollectionOperations.java PRE-CREATION
> sentry-tests/sentry-tests-solr/src/test/java/org/apache/sentry/tests/e2e/solr/TestSolrConfigOperations.java PRE-CREATION
> sentry-tests/sentry-tests-solr/src/test/java/org/apache/sentry/tests/e2e/solr/TestSolrSchemaOperations.java PRE-CREATION
> sentry-tests/sentry-tests-solr/src/test/java/org/apache/sentry/tests/e2e/solr/TestUpdateOperations.java 2b246b582c25bd1b5adf1016078c2b9aa3edb6fc
> sentry-tests/sentry-tests-solr/src/test/java/org/apache/sentry/tests/e2e/solr/db/integration/AbstractSolrSentryTestWithDbProvider.java 71c3cb634d744a1985591db6f794e1b3bb96b475
> sentry-tests/sentry-tests-solr/src/test/java/org/apache/sentry/tests/e2e/solr/db/integration/TestSolrAdminOperations.java c07b3b8efebca5693cddf84cc1a7104d9a7b17ee
> sentry-tests/sentry-tests-solr/src/test/java/org/apache/sentry/tests/e2e/solr/db/integration/TestSolrDocLevelOperations.java 7f1fdfdbe2edbf7b340693ea1045470efc79b043
> sentry-tests/sentry-tests-solr/src/test/java/org/apache/sentry/tests/e2e/solr/db/integration/TestSolrQueryOperations.java 3eb6c0f0250e0e6cd8362cd63b7988423d120d80
> sentry-tests/sentry-tests-solr/src/test/java/org/apache/sentry/tests/e2e/solr/db/integration/TestSolrUpdateOperations.java 94123259ab9f9ac90cc3a6d1978f4df7af3f0425
> sentry-tests/sentry-tests-solr/src/test/resources/solr/configsets/cloud-managed/conf/managed-schema PRE-CREATION
> sentry-tests/sentry-tests-solr/src/test/resources/solr/configsets/cloud-managed/conf/solrconfig.xml PRE-CREATION
> sentry-tests/sentry-tests-solr/src/test/resources/solr/configsets/cloud-minimal/conf/schema.xml PRE-CREATION
> sentry-tests/sentry-tests-solr/src/test/resources/solr/configsets/cloud-minimal/conf/solrconfig.xml PRE-CREATION
> sentry-tests/sentry-tests-solr/src/test/resources/solr/configsets/cloud-minimal_doc_level_security/conf/schema.xml PRE-CREATION
> sentry-tests/sentry-tests-solr/src/test/resources/solr/configsets/cloud-minimal_doc_level_security/conf/solrconfig.xml PRE-CREATION
> sentry-tests/sentry-tests-solr/src/test/resources/solr/security/security.json PRE-CREATION
>
>
> Diff: https://reviews.apache.org/r/63250/diff/4/
>
>
> Testing
> -------
>
> All Solr/Sentry unit tests passing
>
>
> Thanks,
>
> Hrishikesh Gadre
>
>
Re: Review Request 63250: [SENTRY-1475] SOLR/Sentry authorization
plugin (with solr 7)
Posted by Hrishikesh Gadre via Review Board <no...@reviews.apache.org>.
> On Nov. 1, 2017, 8:42 p.m., kalyan kumar kalvagadda wrote:
> > sentry-binding/sentry-binding-solr/src/main/java/org/apache/sentry/binding/solr/authz/SentrySolrPluginImpl.java
> > Lines 180 (patched)
> > <https://reviews.apache.org/r/63250/diff/3/?file=1872427#file1872427line180>
> >
> > Don't we need to audit all the authorization requests?
We need to make the audit log format extensible before we can enable audit capability for all requests. Hence for this patch, the audit capability is enabled for operations which the audit log format support.
> On Nov. 1, 2017, 8:42 p.m., kalyan kumar kalvagadda wrote:
> > sentry-binding/sentry-binding-solr/src/main/java/org/apache/sentry/binding/solr/authz/SentrySolrPluginImpl.java
> > Lines 185-188 (patched)
> > <https://reviews.apache.org/r/63250/diff/3/?file=1872427#file1872427line185>
> >
> > What is the difference between CORE_READ_PERM and COLL_READ_PERM permissions.
First one is the Core admin READ operation (e.g. STATUS call for a given core)
Second one is the Collection admin READ operation (e.g. LIST call to enumerate all collections in the system).
> On Nov. 1, 2017, 8:42 p.m., kalyan kumar kalvagadda wrote:
> > sentry-binding/sentry-binding-solr/src/main/java/org/apache/sentry/binding/solr/authz/SentrySolrPluginImpl.java
> > Lines 232 (patched)
> > <https://reviews.apache.org/r/63250/diff/3/?file=1872427#file1872427line232>
> >
> > I'm not sure if returning " AuthorizationResponse.OK" is correct. Shouldn't you be calling authorize API with appropriate info?
The ALL permission name is reserved for those operations which need not be authorized.
> On Nov. 1, 2017, 8:42 p.m., kalyan kumar kalvagadda wrote:
> > sentry-binding/sentry-binding-solr/src/main/java/org/apache/sentry/binding/solr/authz/SentrySolrPluginImpl.java
> > Lines 238 (patched)
> > <https://reviews.apache.org/r/63250/diff/3/?file=1872427#file1872427line238>
> >
> > With this code, authorization will be succesfull for all the permissions that sentry doesn't support.
> >
> > Is this desirable bahavior?
Sentry supports all possible permissions exposed by a specific version of SOLR. As I mentioned above ALL is reserved for those operations that need not be authorized.
> On Nov. 1, 2017, 8:42 p.m., kalyan kumar kalvagadda wrote:
> > sentry-binding/sentry-binding-solr/src/main/java/org/apache/sentry/binding/solr/authz/SolrAuthzBinding.java
> > Line 187 (original), 156 (patched)
> > <https://reviews.apache.org/r/63250/diff/3/?file=1872428#file1872428line205>
> >
> > In sentry we have decided use this method "isDebugEnabled" only when needed. We need this check only in cases where is some computation involved in contructing the variable that are actually logged.
> > In rest of the cases we can avaoid using this call.
> >
> > Please conider this comment and make changes in all the relevent places.
This logic is present even before this patch. Let's use a different jira for this cleanup.
> On Nov. 1, 2017, 8:42 p.m., kalyan kumar kalvagadda wrote:
> > sentry-binding/sentry-binding-solr/src/main/java/org/apache/sentry/binding/solr/authz/SolrAuthzUtil.java
> > Lines 87 (patched)
> > <https://reviews.apache.org/r/63250/diff/3/?file=1872429#file1872429line87>
> >
> > using isDebugEnabled makes sence here as the toString() methid need not be called unless debug level logging is configured.
Not sure if I have any action item here?
> On Nov. 1, 2017, 8:42 p.m., kalyan kumar kalvagadda wrote:
> > sentry-binding/sentry-binding-solr/src/test/java/org/apache/sentry/binding/solr/TestSolrAuthzBinding.java
> > Line 113 (original), 122 (patched)
> > <https://reviews.apache.org/r/63250/diff/3/?file=1872434#file1872434line126>
> >
> > SolrAuthzBinding should implement java.lang.AutoCloseable interface to use try-with-resources Statement and close it.
> >
> > https://docs.oracle.com/javase/tutorial/essential/exceptions/tryResourceClose.html
It turns out that java.io.Closable extends java.io.AutoClosable. Since this class implements java.io.Closable, we are good.
https://stackoverflow.com/questions/19572537/why-is-autocloseable-the-base-interface-for-closeable-and-not-vice-versa
> On Nov. 1, 2017, 8:42 p.m., kalyan kumar kalvagadda wrote:
> > sentry-core/sentry-core-model-solr/src/main/java/org/apache/sentry/core/model/solr/Admin.java
> > Lines 26 (patched)
> > <https://reviews.apache.org/r/63250/diff/3/?file=1872470#file1872470line26>
> >
> > Here name Admin doesn't explain anything. Please change the name to be more relavent.
As we discussed, it is difficult to come up with a different name. Feel free to suggest any alternatives you can think of.
- Hrishikesh
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/63250/#review189823
-----------------------------------------------------------
On Oct. 29, 2017, 10:19 p.m., Hrishikesh Gadre wrote:
>
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/63250/
> -----------------------------------------------------------
>
> (Updated Oct. 29, 2017, 10:19 p.m.)
>
>
> Review request for sentry and Sergio Pena.
>
>
> Bugs: SENTRY-1475
> https://issues.apache.org/jira/browse/SENTRY-1475
>
>
> Repository: sentry
>
>
> Description
> -------
>
> - Upgraded Solr to latest version (v7.1.0)
> - Introduced following new authorizable entity types,
> - Admin (to authorize various cluster admin operations)
> - Note that privilege configuration for Solr collections admin operations have changed from "collection=admin->action= <some_action>" to "admin=collections->action=<some_action>". A migration tool will be provided as part of SENTRY-1480).
> - Config (to authorize various Solr collection configuration operations)
> - Schema (to authorize Solr schema changes)
> - Renamed sentry-core-model-search module to sentry-core-model-solr to reflect the fact that it represents logic for Apache SOLR and is consistent with naming convention used for other components (e.g. kafka)
> - Moved the Solr audit log functionality to sentry-binding-solr module so that it can be integrated with the Solr/Sentry authorization plugin.
> - Deleted all the custom Solr request handlers in the sentry-solr/solr-sentry-handlers module since the Solr authorization plugin handles the authorization of all solr requests. This module now contains just the functionality required for implementing Solr document level security.
>
>
> Diffs
> -----
>
> pom.xml af54480
> sentry-binding/sentry-binding-solr/pom.xml ed2624b
> sentry-binding/sentry-binding-solr/src/main/java/org/apache/sentry/binding/solr/authz/SentrySolrAuthorizationException.java 938dbfd
> sentry-binding/sentry-binding-solr/src/main/java/org/apache/sentry/binding/solr/authz/SentrySolrPluginImpl.java PRE-CREATION
> sentry-binding/sentry-binding-solr/src/main/java/org/apache/sentry/binding/solr/authz/SolrAuthzBinding.java 0a818e5
> sentry-binding/sentry-binding-solr/src/main/java/org/apache/sentry/binding/solr/authz/SolrAuthzUtil.java PRE-CREATION
> sentry-binding/sentry-binding-solr/src/main/java/org/apache/sentry/binding/solr/conf/SolrAuthzConf.java 37efa5b
> sentry-binding/sentry-binding-solr/src/main/java/org/apache/solr/sentry/AuditLogger.java PRE-CREATION
> sentry-binding/sentry-binding-solr/src/main/java/org/apache/solr/sentry/RollingFileWithoutDeleteAppender.java PRE-CREATION
> sentry-binding/sentry-binding-solr/src/test/java/org/apache/sentry/binding/solr/HdfsTestUtil.java 859c793
> sentry-binding/sentry-binding-solr/src/test/java/org/apache/sentry/binding/solr/TestSolrAuthzBinding.java 7a88d90
> sentry-binding/sentry-binding-solr/src/test/java/org/apache/sentry/policy/solr/AbstractTestSearchPolicyEngine.java 3df6ecf
> sentry-binding/sentry-binding-solr/src/test/java/org/apache/sentry/policy/solr/AbstractTestSolrPolicyEngine.java PRE-CREATION
> sentry-binding/sentry-binding-solr/src/test/java/org/apache/sentry/policy/solr/SearchPolicyTestUtil.java e198b5c
> sentry-binding/sentry-binding-solr/src/test/java/org/apache/sentry/policy/solr/SolrPolicyTestUtil.java PRE-CREATION
> sentry-binding/sentry-binding-solr/src/test/java/org/apache/sentry/policy/solr/TestCollectionRequiredInRole.java 76211dd
> sentry-binding/sentry-binding-solr/src/test/java/org/apache/sentry/policy/solr/TestSearchAuthorizationProviderGeneralCases.java b4aa684
> sentry-binding/sentry-binding-solr/src/test/java/org/apache/sentry/policy/solr/TestSearchAuthorizationProviderSpecialCases.java 371f361
> sentry-binding/sentry-binding-solr/src/test/java/org/apache/sentry/policy/solr/TestSearchModelAuthorizables.java e7da13a
> sentry-binding/sentry-binding-solr/src/test/java/org/apache/sentry/policy/solr/TestSearchPolicyEngineDFS.java 59283ea
> sentry-binding/sentry-binding-solr/src/test/java/org/apache/sentry/policy/solr/TestSearchPolicyEngineLocalFS.java 0ff4502
> sentry-binding/sentry-binding-solr/src/test/java/org/apache/sentry/policy/solr/TestSearchPolicyNegative.java 20fee76
> sentry-binding/sentry-binding-solr/src/test/java/org/apache/sentry/policy/solr/TestSolrAuthorizationProviderGeneralCases.java PRE-CREATION
> sentry-binding/sentry-binding-solr/src/test/java/org/apache/sentry/policy/solr/TestSolrAuthorizationProviderSpecialCases.java PRE-CREATION
> sentry-binding/sentry-binding-solr/src/test/java/org/apache/sentry/policy/solr/TestSolrModelAuthorizables.java PRE-CREATION
> sentry-binding/sentry-binding-solr/src/test/java/org/apache/sentry/policy/solr/TestSolrPolicyEngineDFS.java PRE-CREATION
> sentry-binding/sentry-binding-solr/src/test/java/org/apache/sentry/policy/solr/TestSolrPolicyEngineLocalFS.java PRE-CREATION
> sentry-binding/sentry-binding-solr/src/test/java/org/apache/sentry/policy/solr/TestSolrPolicyNegative.java PRE-CREATION
> sentry-binding/sentry-binding-solr/src/test/java/org/apache/sentry/privilege/solr/TestCommonPrivilegeForSearch.java de6d6e0
> sentry-binding/sentry-binding-solr/src/test/java/org/apache/sentry/privilege/solr/TestCommonPrivilegeForSolr.java PRE-CREATION
> sentry-binding/sentry-binding-solr/src/test/resources/test-authz-provider.ini 56317db
> sentry-core/pom.xml 6b91767
> sentry-core/sentry-core-model-search/pom.xml 5917a63
> sentry-core/sentry-core-model-search/src/main/java/org/apache/sentry/core/model/search/Collection.java 26ea287
> sentry-core/sentry-core-model-search/src/main/java/org/apache/sentry/core/model/search/Field.java 2dd9065
> sentry-core/sentry-core-model-search/src/main/java/org/apache/sentry/core/model/search/SearchActionFactory.java 3f10726
> sentry-core/sentry-core-model-search/src/main/java/org/apache/sentry/core/model/search/SearchConstants.java a2b17fc
> sentry-core/sentry-core-model-search/src/main/java/org/apache/sentry/core/model/search/SearchModelAction.java 48ac267
> sentry-core/sentry-core-model-search/src/main/java/org/apache/sentry/core/model/search/SearchModelAuthorizable.java 5a55963
> sentry-core/sentry-core-model-search/src/main/java/org/apache/sentry/core/model/search/SearchModelAuthorizables.java 2b190e5
> sentry-core/sentry-core-model-search/src/main/java/org/apache/sentry/core/model/search/SearchPrivilegeModel.java 9429a25
> sentry-core/sentry-core-model-search/src/main/java/org/apache/sentry/core/model/search/validator/AbstractSearchPrivilegeValidator.java c06131c
> sentry-core/sentry-core-model-search/src/main/java/org/apache/sentry/core/model/search/validator/CollectionRequiredInPrivilege.java 93b3861
> sentry-core/sentry-core-model-search/src/test/java/org/apache/sentry/core/search/TestCollection.java 2311401
> sentry-core/sentry-core-model-search/src/test/java/org/apache/sentry/core/search/TestSearchBitFieldAction.java 0056f40
> sentry-core/sentry-core-model-solr/pom.xml PRE-CREATION
> sentry-core/sentry-core-model-solr/src/main/java/org/apache/sentry/core/model/solr/Admin.java PRE-CREATION
> sentry-core/sentry-core-model-solr/src/main/java/org/apache/sentry/core/model/solr/Collection.java PRE-CREATION
> sentry-core/sentry-core-model-solr/src/main/java/org/apache/sentry/core/model/solr/Config.java PRE-CREATION
> sentry-core/sentry-core-model-solr/src/main/java/org/apache/sentry/core/model/solr/Field.java PRE-CREATION
> sentry-core/sentry-core-model-solr/src/main/java/org/apache/sentry/core/model/solr/Schema.java PRE-CREATION
> sentry-core/sentry-core-model-solr/src/main/java/org/apache/sentry/core/model/solr/SolrActionFactory.java PRE-CREATION
> sentry-core/sentry-core-model-solr/src/main/java/org/apache/sentry/core/model/solr/SolrConstants.java PRE-CREATION
> sentry-core/sentry-core-model-solr/src/main/java/org/apache/sentry/core/model/solr/SolrModelAction.java PRE-CREATION
> sentry-core/sentry-core-model-solr/src/main/java/org/apache/sentry/core/model/solr/SolrModelAuthorizable.java PRE-CREATION
> sentry-core/sentry-core-model-solr/src/main/java/org/apache/sentry/core/model/solr/SolrModelAuthorizables.java PRE-CREATION
> sentry-core/sentry-core-model-solr/src/main/java/org/apache/sentry/core/model/solr/SolrPrivilegeModel.java PRE-CREATION
> sentry-core/sentry-core-model-solr/src/main/java/org/apache/sentry/core/model/solr/validator/SolrPrivilegeValidator.java PRE-CREATION
> sentry-core/sentry-core-model-solr/src/test/java/org/apache/sentry/core/solr/TestCollection.java PRE-CREATION
> sentry-core/sentry-core-model-solr/src/test/java/org/apache/sentry/core/solr/TestSolrBitFieldAction.java PRE-CREATION
> sentry-dist/pom.xml 2d7f57e
> sentry-provider/sentry-provider-db/pom.xml cd19032
> sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/generic/service/persistent/PrivilegeOperatePersistence.java d8b4887
> sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/generic/tools/GenericPrivilegeConverter.java 51d6df9
> sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/generic/tools/SentryConfigToolSolr.java 77d3919
> sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/provider/db/generic/service/persistent/TestPrivilegeOperatePersistence.java 34c2107
> sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/provider/db/generic/service/persistent/TestSentryGMPrivilege.java 258721e
> sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/provider/db/generic/service/persistent/TestSentryRole.java 9be4a8b
> sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/provider/db/generic/service/thrift/TestSentryGenericPolicyProcessor.java b7f0774
> sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/provider/db/generic/service/thrift/TestSentryGenericServiceIntegration.java ac8b2a7
> sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/provider/db/generic/tools/TestSentryConfigToolSolr.java 3685073
> sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/provider/db/generic/tools/TestSentryShellSolr.java 55831a4
> sentry-solr/pom.xml 133ea60
> sentry-solr/solr-sentry-core/pom.xml e788262
> sentry-solr/solr-sentry-core/src/main/java/org/apache/solr/sentry/AuditLogger.java 7f3e391
> sentry-solr/solr-sentry-core/src/main/java/org/apache/solr/sentry/RollingFileWithoutDeleteAppender.java f749740
> sentry-solr/solr-sentry-core/src/main/java/org/apache/solr/sentry/SecureRequestHandlerUtil.java be9642b
> sentry-solr/solr-sentry-core/src/main/java/org/apache/solr/sentry/SentryIndexAuthorizationSingleton.java 8bd93ad
> sentry-solr/solr-sentry-handlers/pom.xml 5b024db
> sentry-solr/solr-sentry-handlers/src/main/java/org/apache/solr/handler/SecureDocumentAnalysisRequestHandler.java 1c1f6f8
> sentry-solr/solr-sentry-handlers/src/main/java/org/apache/solr/handler/SecureFieldAnalysisRequestHandler.java 62f9a19
> sentry-solr/solr-sentry-handlers/src/main/java/org/apache/solr/handler/SecureRealTimeGetHandler.java db182ef
> sentry-solr/solr-sentry-handlers/src/main/java/org/apache/solr/handler/SecureReplicationHandler.java bdcd830
> sentry-solr/solr-sentry-handlers/src/main/java/org/apache/solr/handler/admin/SecureAdminHandlers.java 44db3b4
> sentry-solr/solr-sentry-handlers/src/main/java/org/apache/solr/handler/admin/SecureCollectionsHandler.java b5edf20
> sentry-solr/solr-sentry-handlers/src/main/java/org/apache/solr/handler/admin/SecureCoreAdminHandler.java ff6e281
> sentry-solr/solr-sentry-handlers/src/main/java/org/apache/solr/handler/admin/SecureInfoHandler.java 628d1d7
> sentry-solr/solr-sentry-handlers/src/main/java/org/apache/solr/handler/component/QueryDocAuthorizationComponent.java 933db43
> sentry-solr/solr-sentry-handlers/src/main/java/org/apache/solr/handler/component/QueryIndexAuthorizationComponent.java 5fbb743
> sentry-solr/solr-sentry-handlers/src/main/java/org/apache/solr/handler/component/SecureRealTimeGetComponent.java 7d55a7f
> sentry-solr/solr-sentry-handlers/src/main/java/org/apache/solr/update/processor/UpdateIndexAuthorizationProcessor.java d995a7d
> sentry-solr/solr-sentry-handlers/src/main/java/org/apache/solr/update/processor/UpdateIndexAuthorizationProcessorFactory.java 07f7f28
> sentry-solr/solr-sentry-handlers/src/main/resources/sentry-handlers/solr/collection1/lib/classes/empty-file-main-lib.txt 8b13789
> sentry-solr/solr-sentry-handlers/src/test/java/org/apache/solr/handler/TestSecureAnalysisHandlers.java 28406e2
> sentry-solr/solr-sentry-handlers/src/test/java/org/apache/solr/handler/TestSecureReplicationHandler.java 6367814
> sentry-solr/solr-sentry-handlers/src/test/java/org/apache/solr/handler/admin/SecureAdminHandlersTest.java aea44f7
> sentry-solr/solr-sentry-handlers/src/test/java/org/apache/solr/handler/admin/SecureCollectionsHandlerTest.java 218302e
> sentry-solr/solr-sentry-handlers/src/test/java/org/apache/solr/handler/admin/SecureCoreAdminHandlerTest.java f93fb65
> sentry-solr/solr-sentry-handlers/src/test/java/org/apache/solr/handler/admin/SecureInfoHandlerTest.java 54784f4
> sentry-solr/solr-sentry-handlers/src/test/java/org/apache/solr/handler/component/QueryDocAuthorizationComponentTest.java 1f44628
> sentry-solr/solr-sentry-handlers/src/test/java/org/apache/solr/handler/component/QueryIndexAuthorizationComponentTest.java a1f3760
> sentry-solr/solr-sentry-handlers/src/test/java/org/apache/solr/sentry/SentryIndexAuthorizationSingletonTest.java c294cf3
> sentry-solr/solr-sentry-handlers/src/test/java/org/apache/solr/sentry/SentrySingletonTestInstance.java 579f791
> sentry-solr/solr-sentry-handlers/src/test/java/org/apache/solr/sentry/SentryTestBase.java e1a1ba8
> sentry-solr/solr-sentry-handlers/src/test/java/org/apache/solr/update/processor/UpdateIndexAuthorizationProcessorTest.java 630ca7c
> sentry-tests/sentry-tests-solr/pom.xml 311e441
> sentry-tests/sentry-tests-solr/src/test/java/org/apache/sentry/tests/e2e/solr/AbstractSolrSentryTestBase.java 7ddd1e2
> sentry-tests/sentry-tests-solr/src/test/java/org/apache/sentry/tests/e2e/solr/AbstractSolrSentryTestCase.java PRE-CREATION
> sentry-tests/sentry-tests-solr/src/test/java/org/apache/sentry/tests/e2e/solr/DocLevelGenerator.java e50e3f8
> sentry-tests/sentry-tests-solr/src/test/java/org/apache/sentry/tests/e2e/solr/DummyAuthPluginImpl.java PRE-CREATION
> sentry-tests/sentry-tests-solr/src/test/java/org/apache/sentry/tests/e2e/solr/ModifiableUserAuthenticationFilter.java ac676a8
> sentry-tests/sentry-tests-solr/src/test/java/org/apache/sentry/tests/e2e/solr/TestCollAdminCoreOperations.java b0d6db1
> sentry-tests/sentry-tests-solr/src/test/java/org/apache/sentry/tests/e2e/solr/TestDocLevelOperations.java 71452e2
> sentry-tests/sentry-tests-solr/src/test/java/org/apache/sentry/tests/e2e/solr/TestQueryOperations.java f8ed955
> sentry-tests/sentry-tests-solr/src/test/java/org/apache/sentry/tests/e2e/solr/TestRealTimeGet.java f9b6c07
> sentry-tests/sentry-tests-solr/src/test/java/org/apache/sentry/tests/e2e/solr/TestSentryServer.java PRE-CREATION
> sentry-tests/sentry-tests-solr/src/test/java/org/apache/sentry/tests/e2e/solr/TestSolrAdminOperations.java PRE-CREATION
> sentry-tests/sentry-tests-solr/src/test/java/org/apache/sentry/tests/e2e/solr/TestSolrCollectionOperations.java PRE-CREATION
> sentry-tests/sentry-tests-solr/src/test/java/org/apache/sentry/tests/e2e/solr/TestSolrConfigOperations.java PRE-CREATION
> sentry-tests/sentry-tests-solr/src/test/java/org/apache/sentry/tests/e2e/solr/TestSolrSchemaOperations.java PRE-CREATION
> sentry-tests/sentry-tests-solr/src/test/java/org/apache/sentry/tests/e2e/solr/TestUpdateOperations.java 2b246b5
> sentry-tests/sentry-tests-solr/src/test/java/org/apache/sentry/tests/e2e/solr/db/integration/AbstractSolrSentryTestWithDbProvider.java 71c3cb6
> sentry-tests/sentry-tests-solr/src/test/java/org/apache/sentry/tests/e2e/solr/db/integration/TestSolrAdminOperations.java c07b3b8
> sentry-tests/sentry-tests-solr/src/test/java/org/apache/sentry/tests/e2e/solr/db/integration/TestSolrDocLevelOperations.java 7f1fdfd
> sentry-tests/sentry-tests-solr/src/test/java/org/apache/sentry/tests/e2e/solr/db/integration/TestSolrQueryOperations.java 3eb6c0f
> sentry-tests/sentry-tests-solr/src/test/java/org/apache/sentry/tests/e2e/solr/db/integration/TestSolrUpdateOperations.java 9412325
> sentry-tests/sentry-tests-solr/src/test/resources/solr/configsets/cloud-managed/conf/managed-schema PRE-CREATION
> sentry-tests/sentry-tests-solr/src/test/resources/solr/configsets/cloud-managed/conf/solrconfig.xml PRE-CREATION
> sentry-tests/sentry-tests-solr/src/test/resources/solr/configsets/cloud-minimal/conf/schema.xml PRE-CREATION
> sentry-tests/sentry-tests-solr/src/test/resources/solr/configsets/cloud-minimal/conf/solrconfig.xml PRE-CREATION
> sentry-tests/sentry-tests-solr/src/test/resources/solr/configsets/cloud-minimal_doc_level_security/conf/schema.xml PRE-CREATION
> sentry-tests/sentry-tests-solr/src/test/resources/solr/configsets/cloud-minimal_doc_level_security/conf/solrconfig.xml PRE-CREATION
> sentry-tests/sentry-tests-solr/src/test/resources/solr/security/security.json PRE-CREATION
>
>
> Diff: https://reviews.apache.org/r/63250/diff/3/
>
>
> Testing
> -------
>
> All Solr/Sentry unit tests passing
>
>
> Thanks,
>
> Hrishikesh Gadre
>
>
Re: Review Request 63250: [SENTRY-1475] SOLR/Sentry authorization
plugin (with solr 7)
Posted by Hrishikesh Gadre via Review Board <no...@reviews.apache.org>.
> On Nov. 1, 2017, 8:42 p.m., kalyan kumar kalvagadda wrote:
> > sentry-binding/sentry-binding-solr/src/main/java/org/apache/sentry/binding/solr/authz/SentrySolrPluginImpl.java
> > Lines 232 (patched)
> > <https://reviews.apache.org/r/63250/diff/3/?file=1872427#file1872427line232>
> >
> > I'm not sure if returning " AuthorizationResponse.OK" is correct. Shouldn't you be calling authorize API with appropriate info?
>
> Hrishikesh Gadre wrote:
> The ALL permission name is reserved for those operations which need not be authorized.
>
> kalyan kumar kalvagadda wrote:
> I'm not taking about ALL permission. I'm taking about last return in that method. If perm doesn't match with any of the case statements, API return's AuthorizationResponse.OK. That is what i'm taking about.
Note that the switch-case statement handles *all* possible values of permission types. Hence that is not a problem. The reason why this statement is added is that some of the request handlers in SOLR don't implement the interface expected by the authorization framework (PermissionNameProvider). Hence they can not provide the type of permission associated with the request. This is a design limitation (or a bug) on the SOLR side. Until that issue is resolved, this Sentry behavior is appropriate.
- Hrishikesh
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/63250/#review189823
-----------------------------------------------------------
On Nov. 3, 2017, 7:02 p.m., Hrishikesh Gadre wrote:
>
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/63250/
> -----------------------------------------------------------
>
> (Updated Nov. 3, 2017, 7:02 p.m.)
>
>
> Review request for sentry and Sergio Pena.
>
>
> Bugs: SENTRY-1475
> https://issues.apache.org/jira/browse/SENTRY-1475
>
>
> Repository: sentry
>
>
> Description
> -------
>
> - Upgraded Solr to latest version (v7.1.0)
> - Introduced following new authorizable entity types,
> - Admin (to authorize various cluster admin operations)
> - Note that privilege configuration for Solr collections admin operations have changed from "collection=admin->action= <some_action>" to "admin=collections->action=<some_action>". A migration tool will be provided as part of SENTRY-1480).
> - Config (to authorize various Solr collection configuration operations)
> - Schema (to authorize Solr schema changes)
> - Renamed sentry-core-model-search module to sentry-core-model-solr to reflect the fact that it represents logic for Apache SOLR and is consistent with naming convention used for other components (e.g. kafka)
> - Moved the Solr audit log functionality to sentry-binding-solr module so that it can be integrated with the Solr/Sentry authorization plugin.
> - Deleted all the custom Solr request handlers in the sentry-solr/solr-sentry-handlers module since the Solr authorization plugin handles the authorization of all solr requests. This module now contains just the functionality required for implementing Solr document level security.
>
>
> Diffs
> -----
>
> pom.xml af54480906489a14788f594da2a923f9e9c0ed29
> sentry-binding/sentry-binding-solr/pom.xml ed2624b68322186c10f42c615f635419147ba1f9
> sentry-binding/sentry-binding-solr/src/main/java/org/apache/sentry/binding/solr/authz/SentrySolrAuthorizationException.java 938dbfdbd9df440b9e6dad574627ebfece6c7f0b
> sentry-binding/sentry-binding-solr/src/main/java/org/apache/sentry/binding/solr/authz/SentrySolrPluginImpl.java PRE-CREATION
> sentry-binding/sentry-binding-solr/src/main/java/org/apache/sentry/binding/solr/authz/SolrAuthzBinding.java 0a818e58c72e52a6d7d60593fd63446402eab2f9
> sentry-binding/sentry-binding-solr/src/main/java/org/apache/sentry/binding/solr/authz/SolrAuthzUtil.java PRE-CREATION
> sentry-binding/sentry-binding-solr/src/main/java/org/apache/sentry/binding/solr/conf/SolrAuthzConf.java 37efa5bfda0a2dbc46c38e6cd6c0b8d7b987f865
> sentry-binding/sentry-binding-solr/src/main/java/org/apache/solr/sentry/AuditLogger.java PRE-CREATION
> sentry-binding/sentry-binding-solr/src/main/java/org/apache/solr/sentry/RollingFileWithoutDeleteAppender.java PRE-CREATION
> sentry-binding/sentry-binding-solr/src/test/java/org/apache/sentry/binding/solr/HdfsTestUtil.java 859c793c54663af867e710c421929404ef5322e1
> sentry-binding/sentry-binding-solr/src/test/java/org/apache/sentry/binding/solr/TestSolrAuthzBinding.java 7a88d905a7dcdf719669c8a14e74b291975606fc
> sentry-binding/sentry-binding-solr/src/test/java/org/apache/sentry/policy/solr/AbstractTestSearchPolicyEngine.java 3df6ecfd67129af96a1ffe6688738292fc773993
> sentry-binding/sentry-binding-solr/src/test/java/org/apache/sentry/policy/solr/AbstractTestSolrPolicyEngine.java PRE-CREATION
> sentry-binding/sentry-binding-solr/src/test/java/org/apache/sentry/policy/solr/SearchPolicyTestUtil.java e198b5c762ca6eca435d75e07887a10ddd38e361
> sentry-binding/sentry-binding-solr/src/test/java/org/apache/sentry/policy/solr/SolrPolicyTestUtil.java PRE-CREATION
> sentry-binding/sentry-binding-solr/src/test/java/org/apache/sentry/policy/solr/TestCollectionRequiredInRole.java 76211dd0b30a36a67434f9fef2b4d350a1fab941
> sentry-binding/sentry-binding-solr/src/test/java/org/apache/sentry/policy/solr/TestSearchAuthorizationProviderGeneralCases.java b4aa684358a37530037cd68797a325f1099c3e46
> sentry-binding/sentry-binding-solr/src/test/java/org/apache/sentry/policy/solr/TestSearchAuthorizationProviderSpecialCases.java 371f3614a723bd8f515b6d2011e522db5bd7ac51
> sentry-binding/sentry-binding-solr/src/test/java/org/apache/sentry/policy/solr/TestSearchModelAuthorizables.java e7da13ae5cf21a72933f0124d200071ab89379df
> sentry-binding/sentry-binding-solr/src/test/java/org/apache/sentry/policy/solr/TestSearchPolicyEngineDFS.java 59283ea451cbd60d39c0ffd7c98a3ea863238358
> sentry-binding/sentry-binding-solr/src/test/java/org/apache/sentry/policy/solr/TestSearchPolicyEngineLocalFS.java 0ff4502b7f191d8e2cb74a1616124733484cad43
> sentry-binding/sentry-binding-solr/src/test/java/org/apache/sentry/policy/solr/TestSearchPolicyNegative.java 20fee76982094918ec8a98e0ed060ccf37c3b591
> sentry-binding/sentry-binding-solr/src/test/java/org/apache/sentry/policy/solr/TestSolrAuthorizationProviderGeneralCases.java PRE-CREATION
> sentry-binding/sentry-binding-solr/src/test/java/org/apache/sentry/policy/solr/TestSolrAuthorizationProviderSpecialCases.java PRE-CREATION
> sentry-binding/sentry-binding-solr/src/test/java/org/apache/sentry/policy/solr/TestSolrModelAuthorizables.java PRE-CREATION
> sentry-binding/sentry-binding-solr/src/test/java/org/apache/sentry/policy/solr/TestSolrPolicyEngineDFS.java PRE-CREATION
> sentry-binding/sentry-binding-solr/src/test/java/org/apache/sentry/policy/solr/TestSolrPolicyEngineLocalFS.java PRE-CREATION
> sentry-binding/sentry-binding-solr/src/test/java/org/apache/sentry/policy/solr/TestSolrPolicyNegative.java PRE-CREATION
> sentry-binding/sentry-binding-solr/src/test/java/org/apache/sentry/privilege/solr/TestCommonPrivilegeForSearch.java de6d6e0410e0207d62f560403b51cc7b0130c2aa
> sentry-binding/sentry-binding-solr/src/test/java/org/apache/sentry/privilege/solr/TestCommonPrivilegeForSolr.java PRE-CREATION
> sentry-binding/sentry-binding-solr/src/test/resources/test-authz-provider.ini 56317dbf88b833f3a69a78084f345acc613c807a
> sentry-core/pom.xml 6b9176798d5bf466c7e19e7a681dabfa792fdf1d
> sentry-core/sentry-core-model-search/pom.xml 5917a63426179ed06aba22a9dae24f15a7adcac2
> sentry-core/sentry-core-model-search/src/main/java/org/apache/sentry/core/model/search/Collection.java 26ea2874fa81b491fdad5ca23e9d5d1355697ea4
> sentry-core/sentry-core-model-search/src/main/java/org/apache/sentry/core/model/search/Field.java 2dd9065a74a2a0125730fa3ad44d56fd67914b8b
> sentry-core/sentry-core-model-search/src/main/java/org/apache/sentry/core/model/search/SearchActionFactory.java 3f107264955c9603335497f71b5e947cf5ed2bc9
> sentry-core/sentry-core-model-search/src/main/java/org/apache/sentry/core/model/search/SearchConstants.java a2b17fc4ce186430544d315ee00182e3172bafdc
> sentry-core/sentry-core-model-search/src/main/java/org/apache/sentry/core/model/search/SearchModelAction.java 48ac267f5ac45a3c239f71a0860acc65a2151a79
> sentry-core/sentry-core-model-search/src/main/java/org/apache/sentry/core/model/search/SearchModelAuthorizable.java 5a55963d40a9ad959660cf5381d3c2c6269ab0db
> sentry-core/sentry-core-model-search/src/main/java/org/apache/sentry/core/model/search/SearchModelAuthorizables.java 2b190e5ca2b49ca5737a9835e4b301317138ac21
> sentry-core/sentry-core-model-search/src/main/java/org/apache/sentry/core/model/search/SearchPrivilegeModel.java 9429a25e06f2334e5ab847ddfbae2cec42d0d140
> sentry-core/sentry-core-model-search/src/main/java/org/apache/sentry/core/model/search/validator/AbstractSearchPrivilegeValidator.java c06131cbff0000b5991f9c910652d1ff6fba8fa3
> sentry-core/sentry-core-model-search/src/main/java/org/apache/sentry/core/model/search/validator/CollectionRequiredInPrivilege.java 93b3861225c078021dfd6c2e25943efd28ef5b52
> sentry-core/sentry-core-model-search/src/test/java/org/apache/sentry/core/search/TestCollection.java 231140163c4a5db181882f365e888315a7583c0b
> sentry-core/sentry-core-model-search/src/test/java/org/apache/sentry/core/search/TestSearchBitFieldAction.java 0056f40858244331dabe80b29473e94e41a4062e
> sentry-core/sentry-core-model-solr/pom.xml PRE-CREATION
> sentry-core/sentry-core-model-solr/src/main/java/org/apache/sentry/core/model/solr/Admin.java PRE-CREATION
> sentry-core/sentry-core-model-solr/src/main/java/org/apache/sentry/core/model/solr/Collection.java PRE-CREATION
> sentry-core/sentry-core-model-solr/src/main/java/org/apache/sentry/core/model/solr/Config.java PRE-CREATION
> sentry-core/sentry-core-model-solr/src/main/java/org/apache/sentry/core/model/solr/Field.java PRE-CREATION
> sentry-core/sentry-core-model-solr/src/main/java/org/apache/sentry/core/model/solr/Schema.java PRE-CREATION
> sentry-core/sentry-core-model-solr/src/main/java/org/apache/sentry/core/model/solr/SolrActionFactory.java PRE-CREATION
> sentry-core/sentry-core-model-solr/src/main/java/org/apache/sentry/core/model/solr/SolrConstants.java PRE-CREATION
> sentry-core/sentry-core-model-solr/src/main/java/org/apache/sentry/core/model/solr/SolrModelAction.java PRE-CREATION
> sentry-core/sentry-core-model-solr/src/main/java/org/apache/sentry/core/model/solr/SolrModelAuthorizable.java PRE-CREATION
> sentry-core/sentry-core-model-solr/src/main/java/org/apache/sentry/core/model/solr/SolrModelAuthorizables.java PRE-CREATION
> sentry-core/sentry-core-model-solr/src/main/java/org/apache/sentry/core/model/solr/SolrPrivilegeModel.java PRE-CREATION
> sentry-core/sentry-core-model-solr/src/main/java/org/apache/sentry/core/model/solr/validator/SolrPrivilegeValidator.java PRE-CREATION
> sentry-core/sentry-core-model-solr/src/test/java/org/apache/sentry/core/solr/TestCollection.java PRE-CREATION
> sentry-core/sentry-core-model-solr/src/test/java/org/apache/sentry/core/solr/TestSolrBitFieldAction.java PRE-CREATION
> sentry-dist/pom.xml 2d7f57e77f058ce35bd4b4e5dfcaab38849141f2
> sentry-provider/sentry-provider-db/pom.xml cd190324b444f5d95a54268e1919fe0588f2375c
> sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/generic/service/persistent/PrivilegeOperatePersistence.java d8b48874bfe4045ac3c032f4db7839ccdf470101
> sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/generic/tools/GenericPrivilegeConverter.java 51d6df958aea7681c62a751f25e3d2d624dc96dd
> sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/generic/tools/SentryConfigToolSolr.java 77d39194f548dad8700d6f6ef6330c2fa0b92579
> sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/provider/db/generic/service/persistent/TestPrivilegeOperatePersistence.java 34c2107055420db49142a0eb14b1d9f8deb1e2c3
> sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/provider/db/generic/service/persistent/TestSentryGMPrivilege.java 258721e906adb45e7fac29b90955a0b00f9e7e55
> sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/provider/db/generic/service/persistent/TestSentryRole.java 9be4a8b502ad78a17b4528a7c181728e21e8316f
> sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/provider/db/generic/service/thrift/TestSentryGenericPolicyProcessor.java b7f0774ac2a19de915035d1844e0e92392566fb0
> sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/provider/db/generic/service/thrift/TestSentryGenericServiceIntegration.java ac8b2a774964c9f877bc284748d9ec9f9f00a727
> sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/provider/db/generic/tools/TestSentryConfigToolSolr.java 3685073910e4b5f45183742723c6146749a927f1
> sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/provider/db/generic/tools/TestSentryShellSolr.java 55831a45b4e75fefecbebd8ce13da73ce3697d4f
> sentry-solr/pom.xml 133ea60e4eadb04204d187e8298d8e67a01d287e
> sentry-solr/solr-sentry-core/pom.xml e7882626f388b329fd00745e36e356674aae77c8
> sentry-solr/solr-sentry-core/src/main/java/org/apache/solr/sentry/AuditLogger.java 7f3e391e1f7b5a4e4e836639b3ad8b792d1f57d4
> sentry-solr/solr-sentry-core/src/main/java/org/apache/solr/sentry/RollingFileWithoutDeleteAppender.java f749740a376f874dfca885b7acb197381453c3dc
> sentry-solr/solr-sentry-core/src/main/java/org/apache/solr/sentry/SecureRequestHandlerUtil.java be9642bca489a39529c86b9b0f5c36b4724fdc5e
> sentry-solr/solr-sentry-core/src/main/java/org/apache/solr/sentry/SentryIndexAuthorizationSingleton.java 8bd93ad686c056c11f355f14640ad4fc3129b342
> sentry-solr/solr-sentry-handlers/pom.xml 5b024db9dcac387ba447eedd54c33159bb039b8f
> sentry-solr/solr-sentry-handlers/src/main/java/org/apache/solr/handler/SecureDocumentAnalysisRequestHandler.java 1c1f6f8a38579888711dd2cea41319eca52220fe
> sentry-solr/solr-sentry-handlers/src/main/java/org/apache/solr/handler/SecureFieldAnalysisRequestHandler.java 62f9a1969830c1356712b54005cd2036c4b3e7a1
> sentry-solr/solr-sentry-handlers/src/main/java/org/apache/solr/handler/SecureRealTimeGetHandler.java db182ef8e718b90efe2b31cbd8621dfefabb1bef
> sentry-solr/solr-sentry-handlers/src/main/java/org/apache/solr/handler/SecureReplicationHandler.java bdcd830dedacd40afb227594672b7cb2b392fb46
> sentry-solr/solr-sentry-handlers/src/main/java/org/apache/solr/handler/admin/SecureAdminHandlers.java 44db3b479a33ad2c9979f1f1aa0213d959dfdef1
> sentry-solr/solr-sentry-handlers/src/main/java/org/apache/solr/handler/admin/SecureCollectionsHandler.java b5edf2093cd7fda3d53fab39a587df9711dc1e7b
> sentry-solr/solr-sentry-handlers/src/main/java/org/apache/solr/handler/admin/SecureCoreAdminHandler.java ff6e281821f064691d45edb04b2d50761a9b010e
> sentry-solr/solr-sentry-handlers/src/main/java/org/apache/solr/handler/admin/SecureInfoHandler.java 628d1d7ef7a1c526f4529cf8dec6fe2c3a4acf1c
> sentry-solr/solr-sentry-handlers/src/main/java/org/apache/solr/handler/component/QueryDocAuthorizationComponent.java 933db43738af09eb4cf6ea7b678d14df8aaa6aae
> sentry-solr/solr-sentry-handlers/src/main/java/org/apache/solr/handler/component/QueryIndexAuthorizationComponent.java 5fbb7436ea008e9c47c9322702115c7ce74e65ff
> sentry-solr/solr-sentry-handlers/src/main/java/org/apache/solr/handler/component/SecureRealTimeGetComponent.java 7d55a7f65ba518deb4ed755f949640f8c052e310
> sentry-solr/solr-sentry-handlers/src/main/java/org/apache/solr/update/processor/UpdateIndexAuthorizationProcessor.java d995a7d3ca017163a511f6d3f662c4b8ecc4aa6b
> sentry-solr/solr-sentry-handlers/src/main/java/org/apache/solr/update/processor/UpdateIndexAuthorizationProcessorFactory.java 07f7f28395f7e1d06a9517ff95a7ff874975f095
> sentry-solr/solr-sentry-handlers/src/main/resources/sentry-handlers/solr/collection1/lib/classes/empty-file-main-lib.txt 8b137891791fe96927ad78e64b0aad7bded08bdc
> sentry-solr/solr-sentry-handlers/src/test/java/org/apache/solr/handler/TestSecureAnalysisHandlers.java 28406e244b60907eb8bcbc5f2d0b49baa7b0508c
> sentry-solr/solr-sentry-handlers/src/test/java/org/apache/solr/handler/TestSecureReplicationHandler.java 6367814d5ee80f3ca0a4b44ce1dd88fc1d71569e
> sentry-solr/solr-sentry-handlers/src/test/java/org/apache/solr/handler/admin/SecureAdminHandlersTest.java aea44f7e66dd7adffbfd013bbc1bd6cf51cdb4d9
> sentry-solr/solr-sentry-handlers/src/test/java/org/apache/solr/handler/admin/SecureCollectionsHandlerTest.java 218302e87adc417b8df534babdbb392bb5bad747
> sentry-solr/solr-sentry-handlers/src/test/java/org/apache/solr/handler/admin/SecureCoreAdminHandlerTest.java f93fb656156513d80e4e299e00a01ef93b703345
> sentry-solr/solr-sentry-handlers/src/test/java/org/apache/solr/handler/admin/SecureInfoHandlerTest.java 54784f44ae85a989848e1ee026f28d3f647a5e24
> sentry-solr/solr-sentry-handlers/src/test/java/org/apache/solr/handler/component/QueryDocAuthorizationComponentTest.java 1f44628f115b8f9147384fcdf4fc4ac8f6e28709
> sentry-solr/solr-sentry-handlers/src/test/java/org/apache/solr/handler/component/QueryIndexAuthorizationComponentTest.java a1f3760851a3b8b7df595b2679ae7f3ccfd8f3ca
> sentry-solr/solr-sentry-handlers/src/test/java/org/apache/solr/sentry/SentryIndexAuthorizationSingletonTest.java c294cf36672aa8135114d63197d08438b7d6d6c6
> sentry-solr/solr-sentry-handlers/src/test/java/org/apache/solr/sentry/SentrySingletonTestInstance.java 579f79111a16f058e4ab26ded9ba4070ff2e7454
> sentry-solr/solr-sentry-handlers/src/test/java/org/apache/solr/sentry/SentryTestBase.java e1a1ba8c9deeb39dfa43159947ff35fab60d9ecb
> sentry-solr/solr-sentry-handlers/src/test/java/org/apache/solr/update/processor/UpdateIndexAuthorizationProcessorTest.java 630ca7caf36784166062e3ddcba7c064974d9242
> sentry-tests/sentry-tests-solr/pom.xml 311e441a4715230f809252be2ab7882955b80c68
> sentry-tests/sentry-tests-solr/src/test/java/org/apache/sentry/tests/e2e/solr/AbstractSolrSentryTestBase.java 7ddd1e2a35fef843e388e5491af2d58ee678c576
> sentry-tests/sentry-tests-solr/src/test/java/org/apache/sentry/tests/e2e/solr/AbstractSolrSentryTestCase.java PRE-CREATION
> sentry-tests/sentry-tests-solr/src/test/java/org/apache/sentry/tests/e2e/solr/DocLevelGenerator.java e50e3f8d8b75a128323d547f3bd20fa5338ffdb1
> sentry-tests/sentry-tests-solr/src/test/java/org/apache/sentry/tests/e2e/solr/DummyAuthPluginImpl.java PRE-CREATION
> sentry-tests/sentry-tests-solr/src/test/java/org/apache/sentry/tests/e2e/solr/ModifiableUserAuthenticationFilter.java ac676a84c82d4f638aea0ca047fd440c42cfb816
> sentry-tests/sentry-tests-solr/src/test/java/org/apache/sentry/tests/e2e/solr/TestCollAdminCoreOperations.java b0d6db10e9b20062456b112ed28a3b46d4e678fb
> sentry-tests/sentry-tests-solr/src/test/java/org/apache/sentry/tests/e2e/solr/TestDocLevelOperations.java 71452e24528b885b72a66ed8085ffd186f540c4d
> sentry-tests/sentry-tests-solr/src/test/java/org/apache/sentry/tests/e2e/solr/TestQueryOperations.java f8ed955db9350ce59e05d68435757de7935d3314
> sentry-tests/sentry-tests-solr/src/test/java/org/apache/sentry/tests/e2e/solr/TestRealTimeGet.java f9b6c07ca3fabd81dc08687098eb29f4c7c94207
> sentry-tests/sentry-tests-solr/src/test/java/org/apache/sentry/tests/e2e/solr/TestSentryServer.java PRE-CREATION
> sentry-tests/sentry-tests-solr/src/test/java/org/apache/sentry/tests/e2e/solr/TestSolrAdminOperations.java PRE-CREATION
> sentry-tests/sentry-tests-solr/src/test/java/org/apache/sentry/tests/e2e/solr/TestSolrCollectionOperations.java PRE-CREATION
> sentry-tests/sentry-tests-solr/src/test/java/org/apache/sentry/tests/e2e/solr/TestSolrConfigOperations.java PRE-CREATION
> sentry-tests/sentry-tests-solr/src/test/java/org/apache/sentry/tests/e2e/solr/TestSolrSchemaOperations.java PRE-CREATION
> sentry-tests/sentry-tests-solr/src/test/java/org/apache/sentry/tests/e2e/solr/TestUpdateOperations.java 2b246b582c25bd1b5adf1016078c2b9aa3edb6fc
> sentry-tests/sentry-tests-solr/src/test/java/org/apache/sentry/tests/e2e/solr/db/integration/AbstractSolrSentryTestWithDbProvider.java 71c3cb634d744a1985591db6f794e1b3bb96b475
> sentry-tests/sentry-tests-solr/src/test/java/org/apache/sentry/tests/e2e/solr/db/integration/TestSolrAdminOperations.java c07b3b8efebca5693cddf84cc1a7104d9a7b17ee
> sentry-tests/sentry-tests-solr/src/test/java/org/apache/sentry/tests/e2e/solr/db/integration/TestSolrDocLevelOperations.java 7f1fdfdbe2edbf7b340693ea1045470efc79b043
> sentry-tests/sentry-tests-solr/src/test/java/org/apache/sentry/tests/e2e/solr/db/integration/TestSolrQueryOperations.java 3eb6c0f0250e0e6cd8362cd63b7988423d120d80
> sentry-tests/sentry-tests-solr/src/test/java/org/apache/sentry/tests/e2e/solr/db/integration/TestSolrUpdateOperations.java 94123259ab9f9ac90cc3a6d1978f4df7af3f0425
> sentry-tests/sentry-tests-solr/src/test/resources/solr/configsets/cloud-managed/conf/managed-schema PRE-CREATION
> sentry-tests/sentry-tests-solr/src/test/resources/solr/configsets/cloud-managed/conf/solrconfig.xml PRE-CREATION
> sentry-tests/sentry-tests-solr/src/test/resources/solr/configsets/cloud-minimal/conf/schema.xml PRE-CREATION
> sentry-tests/sentry-tests-solr/src/test/resources/solr/configsets/cloud-minimal/conf/solrconfig.xml PRE-CREATION
> sentry-tests/sentry-tests-solr/src/test/resources/solr/configsets/cloud-minimal_doc_level_security/conf/schema.xml PRE-CREATION
> sentry-tests/sentry-tests-solr/src/test/resources/solr/configsets/cloud-minimal_doc_level_security/conf/solrconfig.xml PRE-CREATION
> sentry-tests/sentry-tests-solr/src/test/resources/solr/security/security.json PRE-CREATION
>
>
> Diff: https://reviews.apache.org/r/63250/diff/4/
>
>
> Testing
> -------
>
> All Solr/Sentry unit tests passing
>
>
> Thanks,
>
> Hrishikesh Gadre
>
>