I'd rather handle it differently - have a string setting which tells which
class to use but use hard-coded classes
something like this:
switch(backendType) {
case "File":
backend = new FIleBackend();
break;
case "DB":
backend = new DBBackend();
break;
default:
throw InvalidBackend();
}
This way we have static Java linking, can find all uses of backends, have
enough flexibility when we need it and can't shoot ourselves in the foot Or
this is oh-too-inflexible?
On Thu, Jun 29, 2017 at 9:18 AM, Colm O hEigeartaigh <[email protected]>
wrote:
> If SimpleDBProviderBackend/SentryGenericProviderBackend is hard-coded,
> would it mean that it wouldn't be possible to plug in the
> SimpleFileProviderBackend? That's useful for testing purposes if you want
> to check the plugin is working correctly.
>
> Colm.
>
> On Thu, Jun 29, 2017 at 5:13 PM, Na Li <[email protected]> wrote:
>
> > Flexibility means when you make different choices, it works, but has
> > different behavior.
> > When you make the wrong choice, and it breaks, it is not flexibility, it
> > is a trap.
> >
> > Should we create a Jira and hardcode the java assembly?
> >
> > On Thu, Jun 29, 2017 at 10:57 AM, Alexander Kolbasov <[email protected]
> >
> > wrote:
> >
> >> That's why I hate the "flexibility" that Sentry provides in terms of
> >> configuring JAVA assembly. This should be hard-coded.
> >>
> >> On Thu, Jun 29, 2017 at 8:20 AM, Colm O hEigeartaigh <
> [email protected]
> >> >
> >> wrote:
> >>
> >> > Actually it was my mistake. For "sentry.kafka.provider.backend" I was
> >> > using "org.apache.sentry.provider.db.SimpleDBProviderBackend". When
> >> > instead I use "org.apache.sentry.provider.db
> >> .generic.SentryGenericProviderBackend"
> >> > it works fine.
> >> >
> >> > Perhaps we should be logging an error if SimpleDBProviderBackend is
> used
> >> > with anything other than Hive?
> >> >
> >> > Colm.
> >> >
> >> > On Wed, Jun 28, 2017 at 8:24 PM, Alexander Kolbasov <
> [email protected]
> >> >
> >> > wrote:
> >> >
> >> >> This is weird, Hive and Generic privileges are separated at the
> Thrift
> >> >> level so Kafka should send different Thrift calls which should return
> >> >> different results. This can be a bug though. Doesn't look like some
> >> that
> >> >> comes from configuration.
> >> >>
> >> >> On Wed, Jun 28, 2017 at 4:19 AM, Colm O hEigeartaigh <
> >> [email protected]
> >> >> > wrote:
> >> >>
> >> >>> Hi all,
> >> >>>
> >> >>> This must be a simple question but I can't find the answer
> anywhere. I
> >> >>> have
> >> >>> a Sentry Service with some (test) privileges for both Hive + Kafka:
> >> >>>
> >> >>> > ./sentryShell -conf ../sentry-site.xml -lp -r admin_role -t hive
> >> >>> server=*
> >> >>>
> >> >>> > ./sentryShell -conf ../sentry-site.xml -lp -r admin_role -t kafka
> >> >>> HOST=*->CLUSTER=kafka-cluster->action=all
> >> >>>
> >> >>> However, when my Kafka broker attempts to get the privileges for the
> >> >>> "admin" group it returns the Hive privilege:
> >> >>>
> >> >>> [2017-06-28 11:02:38,952] DEBUG result = [server=*]
> >> >>> (org.apache.sentry.policy.kafka.SimpleKafkaPolicyEngine)
> >> >>>
> >> >>> How do I configure my "sentry-site.xml" on the Kafka side to instead
> >> >>> return
> >> >>> the Kafka privilege?
> >> >>>
> >> >>> Colm.
> >> >>>
> >> >>>
> >> >>> --
> >> >>> Colm O hEigeartaigh
> >> >>>
> >> >>> Talend Community Coder
> >> >>> http://coders.talend.com
> >> >>>
> >> >>
> >> >>
> >> >
> >> >
> >> > --
> >> > Colm O hEigeartaigh
> >> >
> >> > Talend Community Coder
> >> > http://coders.talend.com
> >> >
> >>
> >
> >
>
>
> --
> Colm O hEigeartaigh
>
> Talend Community Coder
> http://coders.talend.com
>
