You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@sentry.apache.org by Na Li via Review Board <no...@reviews.apache.org> on 2019/12/11 21:17:43 UTC
Review Request 71901: SENTRY-2540: Only use SELECT action for filter
SHOW DATABASES and SHOW TABLES command based on configuration
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/71901/
-----------------------------------------------------------
Review request for sentry, kalyan kumar kalvagadda and Vihang Karajgaonkar.
Bugs: sentry-2540
https://issues.apache.org/jira/browse/sentry-2540
Repository: sentry
Description
-------
When there are thousands of databases, SHOW DATABASES may take a really long time because SENTRY checks if user has any of the following privileges on that database for filtering out the database
DBModelAction.SELECT, DBModelAction.INSERT, DBModelAction.ALTER,
DBModelAction.CREATE, DBModelAction.DROP, DBModelAction.INDEX,
DBModelAction.LOCK
To speedup the authorization checking for this case, Sentry can check only the select privilege for SHOW DATABASES and SHOW TABLES based on configuration.
Diffs
-----
sentry-binding/sentry-binding-hive-conf/src/main/java/org/apache/sentry/binding/hive/conf/HiveAuthzConf.java 5c43329
sentry-binding/sentry-binding-hive/src/main/java/org/apache/sentry/binding/hive/authz/MetastoreAuthzObjectFilter.java e64d1a5
Diff: https://reviews.apache.org/r/71901/diff/1/
Testing
-------
manually set the configuration to be true, and see only select action is used for authorization check
Thanks,
Na Li
Re: Review Request 71901: SENTRY-2540: Only use SELECT action for
filter SHOW DATABASES and SHOW TABLES command based on configuration
Posted by Na Li via Review Board <no...@reviews.apache.org>.
> On Dec. 12, 2019, 6:02 p.m., kalyan kumar kalvagadda wrote:
> > Code change looks good. Please add unit tests to cover the same.
tests are added for the new behavior both default and enabled
- Na
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/71901/#review219015
-----------------------------------------------------------
On Dec. 13, 2019, 12:23 a.m., Na Li wrote:
>
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/71901/
> -----------------------------------------------------------
>
> (Updated Dec. 13, 2019, 12:23 a.m.)
>
>
> Review request for sentry, kalyan kumar kalvagadda and Vihang Karajgaonkar.
>
>
> Bugs: sentry-2540
> https://issues.apache.org/jira/browse/sentry-2540
>
>
> Repository: sentry
>
>
> Description
> -------
>
> When there are thousands of databases, SHOW DATABASES may take a really long time because SENTRY checks if user has any of the following privileges on that database for filtering out the database
>
> DBModelAction.SELECT, DBModelAction.INSERT, DBModelAction.ALTER,
> DBModelAction.CREATE, DBModelAction.DROP, DBModelAction.INDEX,
> DBModelAction.LOCK
>
> To speedup the authorization checking for this case, Sentry can check only the select privilege for SHOW DATABASES and SHOW TABLES based on configuration.
>
>
> Diffs
> -----
>
> sentry-binding/sentry-binding-hive-conf/src/main/java/org/apache/sentry/binding/hive/conf/HiveAuthzConf.java 5c43329
> sentry-binding/sentry-binding-hive/src/main/java/org/apache/sentry/binding/hive/authz/MetastoreAuthzObjectFilter.java e64d1a5
> sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/hive/AbstractTestWithStaticConfiguration.java cc0465a
> sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/hive/TestShowMetadataPrivileges.java 6a88d0b
> sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/hive/TestShowMetadataPrivilegesOnSelectOnly.java PRE-CREATION
>
>
> Diff: https://reviews.apache.org/r/71901/diff/2/
>
>
> Testing
> -------
>
> manually set the configuration to be true, and see only select action is used for authorization check
>
>
> Thanks,
>
> Na Li
>
>
Re: Review Request 71901: SENTRY-2540: Only use SELECT action for
filter SHOW DATABASES and SHOW TABLES command based on configuration
Posted by kalyan kumar kalvagadda via Review Board <no...@reviews.apache.org>.
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/71901/#review219015
-----------------------------------------------------------
Code change looks good. Please add unit tests to cover the same.
- kalyan kumar kalvagadda
On Dec. 11, 2019, 9:17 p.m., Na Li wrote:
>
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/71901/
> -----------------------------------------------------------
>
> (Updated Dec. 11, 2019, 9:17 p.m.)
>
>
> Review request for sentry, kalyan kumar kalvagadda and Vihang Karajgaonkar.
>
>
> Bugs: sentry-2540
> https://issues.apache.org/jira/browse/sentry-2540
>
>
> Repository: sentry
>
>
> Description
> -------
>
> When there are thousands of databases, SHOW DATABASES may take a really long time because SENTRY checks if user has any of the following privileges on that database for filtering out the database
>
> DBModelAction.SELECT, DBModelAction.INSERT, DBModelAction.ALTER,
> DBModelAction.CREATE, DBModelAction.DROP, DBModelAction.INDEX,
> DBModelAction.LOCK
>
> To speedup the authorization checking for this case, Sentry can check only the select privilege for SHOW DATABASES and SHOW TABLES based on configuration.
>
>
> Diffs
> -----
>
> sentry-binding/sentry-binding-hive-conf/src/main/java/org/apache/sentry/binding/hive/conf/HiveAuthzConf.java 5c43329
> sentry-binding/sentry-binding-hive/src/main/java/org/apache/sentry/binding/hive/authz/MetastoreAuthzObjectFilter.java e64d1a5
>
>
> Diff: https://reviews.apache.org/r/71901/diff/1/
>
>
> Testing
> -------
>
> manually set the configuration to be true, and see only select action is used for authorization check
>
>
> Thanks,
>
> Na Li
>
>
Re: Review Request 71901: SENTRY-2540: Only use SELECT action for
filter SHOW DATABASES and SHOW TABLES command based on configuration
Posted by Vihang Karajgaonkar via Review Board <no...@reviews.apache.org>.
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/71901/#review219010
-----------------------------------------------------------
Ship it!
LGTM.
- Vihang Karajgaonkar
On Dec. 11, 2019, 9:17 p.m., Na Li wrote:
>
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/71901/
> -----------------------------------------------------------
>
> (Updated Dec. 11, 2019, 9:17 p.m.)
>
>
> Review request for sentry, kalyan kumar kalvagadda and Vihang Karajgaonkar.
>
>
> Bugs: sentry-2540
> https://issues.apache.org/jira/browse/sentry-2540
>
>
> Repository: sentry
>
>
> Description
> -------
>
> When there are thousands of databases, SHOW DATABASES may take a really long time because SENTRY checks if user has any of the following privileges on that database for filtering out the database
>
> DBModelAction.SELECT, DBModelAction.INSERT, DBModelAction.ALTER,
> DBModelAction.CREATE, DBModelAction.DROP, DBModelAction.INDEX,
> DBModelAction.LOCK
>
> To speedup the authorization checking for this case, Sentry can check only the select privilege for SHOW DATABASES and SHOW TABLES based on configuration.
>
>
> Diffs
> -----
>
> sentry-binding/sentry-binding-hive-conf/src/main/java/org/apache/sentry/binding/hive/conf/HiveAuthzConf.java 5c43329
> sentry-binding/sentry-binding-hive/src/main/java/org/apache/sentry/binding/hive/authz/MetastoreAuthzObjectFilter.java e64d1a5
>
>
> Diff: https://reviews.apache.org/r/71901/diff/1/
>
>
> Testing
> -------
>
> manually set the configuration to be true, and see only select action is used for authorization check
>
>
> Thanks,
>
> Na Li
>
>
Re: Review Request 71901: SENTRY-2540: Only use SELECT action for
filter SHOW DATABASES and SHOW TABLES command based on configuration
Posted by kalyan kumar kalvagadda via Review Board <no...@reviews.apache.org>.
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/71901/#review219044
-----------------------------------------------------------
Ship it!
Ship It!
- kalyan kumar kalvagadda
On Dec. 13, 2019, 4:38 p.m., Na Li wrote:
>
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/71901/
> -----------------------------------------------------------
>
> (Updated Dec. 13, 2019, 4:38 p.m.)
>
>
> Review request for sentry, kalyan kumar kalvagadda and Vihang Karajgaonkar.
>
>
> Bugs: sentry-2540
> https://issues.apache.org/jira/browse/sentry-2540
>
>
> Repository: sentry
>
>
> Description
> -------
>
> When there are thousands of databases, SHOW DATABASES may take a really long time because SENTRY checks if user has any of the following privileges on that database for filtering out the database
>
> DBModelAction.SELECT, DBModelAction.INSERT, DBModelAction.ALTER,
> DBModelAction.CREATE, DBModelAction.DROP, DBModelAction.INDEX,
> DBModelAction.LOCK
>
> To speedup the authorization checking for this case, Sentry can check only the select privilege for SHOW DATABASES and SHOW TABLES based on configuration.
>
>
> Diffs
> -----
>
> sentry-binding/sentry-binding-hive-conf/src/main/java/org/apache/sentry/binding/hive/conf/HiveAuthzConf.java 5c43329
> sentry-binding/sentry-binding-hive/src/main/java/org/apache/sentry/binding/hive/authz/MetastoreAuthzObjectFilter.java e64d1a5
> sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/hive/AbstractTestWithStaticConfiguration.java cc0465a
> sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/hive/TestShowMetadataPrivileges.java 6a88d0b
> sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/hive/TestShowMetadataPrivilegesOnSelectOnly.java PRE-CREATION
>
>
> Diff: https://reviews.apache.org/r/71901/diff/3/
>
>
> Testing
> -------
>
> manually set the configuration to be true, and see only select action is used for authorization check
>
>
> Thanks,
>
> Na Li
>
>
Re: Review Request 71901: SENTRY-2540: Only use SELECT action for
filter SHOW DATABASES and SHOW TABLES command based on configuration
Posted by Na Li via Review Board <no...@reviews.apache.org>.
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/71901/
-----------------------------------------------------------
(Updated Dec. 13, 2019, 4:38 p.m.)
Review request for sentry, kalyan kumar kalvagadda and Vihang Karajgaonkar.
Bugs: sentry-2540
https://issues.apache.org/jira/browse/sentry-2540
Repository: sentry
Description
-------
When there are thousands of databases, SHOW DATABASES may take a really long time because SENTRY checks if user has any of the following privileges on that database for filtering out the database
DBModelAction.SELECT, DBModelAction.INSERT, DBModelAction.ALTER,
DBModelAction.CREATE, DBModelAction.DROP, DBModelAction.INDEX,
DBModelAction.LOCK
To speedup the authorization checking for this case, Sentry can check only the select privilege for SHOW DATABASES and SHOW TABLES based on configuration.
Diffs (updated)
-----
sentry-binding/sentry-binding-hive-conf/src/main/java/org/apache/sentry/binding/hive/conf/HiveAuthzConf.java 5c43329
sentry-binding/sentry-binding-hive/src/main/java/org/apache/sentry/binding/hive/authz/MetastoreAuthzObjectFilter.java e64d1a5
sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/hive/AbstractTestWithStaticConfiguration.java cc0465a
sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/hive/TestShowMetadataPrivileges.java 6a88d0b
sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/hive/TestShowMetadataPrivilegesOnSelectOnly.java PRE-CREATION
Diff: https://reviews.apache.org/r/71901/diff/3/
Changes: https://reviews.apache.org/r/71901/diff/2-3/
Testing
-------
manually set the configuration to be true, and see only select action is used for authorization check
Thanks,
Na Li
Re: Review Request 71901: SENTRY-2540: Only use SELECT action for
filter SHOW DATABASES and SHOW TABLES command based on configuration
Posted by Na Li via Review Board <no...@reviews.apache.org>.
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/71901/
-----------------------------------------------------------
(Updated Dec. 13, 2019, 12:23 a.m.)
Review request for sentry, kalyan kumar kalvagadda and Vihang Karajgaonkar.
Bugs: sentry-2540
https://issues.apache.org/jira/browse/sentry-2540
Repository: sentry
Description
-------
When there are thousands of databases, SHOW DATABASES may take a really long time because SENTRY checks if user has any of the following privileges on that database for filtering out the database
DBModelAction.SELECT, DBModelAction.INSERT, DBModelAction.ALTER,
DBModelAction.CREATE, DBModelAction.DROP, DBModelAction.INDEX,
DBModelAction.LOCK
To speedup the authorization checking for this case, Sentry can check only the select privilege for SHOW DATABASES and SHOW TABLES based on configuration.
Diffs (updated)
-----
sentry-binding/sentry-binding-hive-conf/src/main/java/org/apache/sentry/binding/hive/conf/HiveAuthzConf.java 5c43329
sentry-binding/sentry-binding-hive/src/main/java/org/apache/sentry/binding/hive/authz/MetastoreAuthzObjectFilter.java e64d1a5
sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/hive/AbstractTestWithStaticConfiguration.java cc0465a
sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/hive/TestShowMetadataPrivileges.java 6a88d0b
sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/hive/TestShowMetadataPrivilegesOnSelectOnly.java PRE-CREATION
Diff: https://reviews.apache.org/r/71901/diff/2/
Changes: https://reviews.apache.org/r/71901/diff/1-2/
Testing
-------
manually set the configuration to be true, and see only select action is used for authorization check
Thanks,
Na Li