OK sounds good. Could you create a JIRA for it? Colm.
On Fri, Jun 30, 2017 at 6:51 PM, Alexander Kolbasov <[email protected]> wrote: > We can as well do it in a very compatible name where we read plugin name > and use it in the case statement above, so the configuration is the same, > but the implementation doesn't use any dynamic class loading. > > On Fri, Jun 30, 2017 at 1:23 AM, Colm O hEigeartaigh <[email protected]> > wrote: > > > Fine with me (we also need to handle the "Generic" case in that example). > > If we're doing this for 1.8.0 it needs to be documented in the release > > notes as older configuration wouldn't work anymore. > > > > Colm. > > > > On Thu, Jun 29, 2017 at 6:12 PM, Alexander Kolbasov <[email protected]> > > wrote: > > > > > I'd rather handle it differently - have a string setting which tells > > which > > > class to use but use hard-coded classes > > > > > > something like this: > > > > > > switch(backendType) { > > > case "File": > > > backend = new FIleBackend(); > > > break; > > > > > > case "DB": > > > backend = new DBBackend(); > > > break; > > > > > > default: > > > throw InvalidBackend(); > > > } > > > > > > This way we have static Java linking, can find all uses of backends, > have > > > enough flexibility when we need it and can't shoot ourselves in the > foot > > Or > > > this is oh-too-inflexible? > > > > > > > > > > > > On Thu, Jun 29, 2017 at 9:18 AM, Colm O hEigeartaigh < > > [email protected]> > > > wrote: > > > > > > > If SimpleDBProviderBackend/SentryGenericProviderBackend is > hard-coded, > > > > would it mean that it wouldn't be possible to plug in the > > > > SimpleFileProviderBackend? That's useful for testing purposes if you > > want > > > > to check the plugin is working correctly. > > > > > > > > Colm. > > > > > > > > On Thu, Jun 29, 2017 at 5:13 PM, Na Li <[email protected]> wrote: > > > > > > > > > Flexibility means when you make different choices, it works, but > has > > > > > different behavior. > > > > > When you make the wrong choice, and it breaks, it is not > flexibility, > > > it > > > > > is a trap. > > > > > > > > > > Should we create a Jira and hardcode the java assembly? > > > > > > > > > > On Thu, Jun 29, 2017 at 10:57 AM, Alexander Kolbasov < > > > [email protected] > > > > > > > > > > wrote: > > > > > > > > > >> That's why I hate the "flexibility" that Sentry provides in terms > of > > > > >> configuring JAVA assembly. This should be hard-coded. > > > > >> > > > > >> On Thu, Jun 29, 2017 at 8:20 AM, Colm O hEigeartaigh < > > > > [email protected] > > > > >> > > > > > >> wrote: > > > > >> > > > > >> > Actually it was my mistake. For "sentry.kafka.provider.backend" > I > > > was > > > > >> > using "org.apache.sentry.provider.db.SimpleDBProviderBackend". > > When > > > > >> > instead I use "org.apache.sentry.provider.db > > > > >> .generic.SentryGenericProviderBackend" > > > > >> > it works fine. > > > > >> > > > > > >> > Perhaps we should be logging an error if SimpleDBProviderBackend > > is > > > > used > > > > >> > with anything other than Hive? > > > > >> > > > > > >> > Colm. > > > > >> > > > > > >> > On Wed, Jun 28, 2017 at 8:24 PM, Alexander Kolbasov < > > > > [email protected] > > > > >> > > > > > >> > wrote: > > > > >> > > > > > >> >> This is weird, Hive and Generic privileges are separated at the > > > > Thrift > > > > >> >> level so Kafka should send different Thrift calls which should > > > return > > > > >> >> different results. This can be a bug though. Doesn't look like > > some > > > > >> that > > > > >> >> comes from configuration. > > > > >> >> > > > > >> >> On Wed, Jun 28, 2017 at 4:19 AM, Colm O hEigeartaigh < > > > > >> [email protected] > > > > >> >> > wrote: > > > > >> >> > > > > >> >>> Hi all, > > > > >> >>> > > > > >> >>> This must be a simple question but I can't find the answer > > > > anywhere. I > > > > >> >>> have > > > > >> >>> a Sentry Service with some (test) privileges for both Hive + > > > Kafka: > > > > >> >>> > > > > >> >>> > ./sentryShell -conf ../sentry-site.xml -lp -r admin_role -t > > hive > > > > >> >>> server=* > > > > >> >>> > > > > >> >>> > ./sentryShell -conf ../sentry-site.xml -lp -r admin_role -t > > > kafka > > > > >> >>> HOST=*->CLUSTER=kafka-cluster->action=all > > > > >> >>> > > > > >> >>> However, when my Kafka broker attempts to get the privileges > for > > > the > > > > >> >>> "admin" group it returns the Hive privilege: > > > > >> >>> > > > > >> >>> [2017-06-28 11:02:38,952] DEBUG result = [server=*] > > > > >> >>> (org.apache.sentry.policy.kafka.SimpleKafkaPolicyEngine) > > > > >> >>> > > > > >> >>> How do I configure my "sentry-site.xml" on the Kafka side to > > > instead > > > > >> >>> return > > > > >> >>> the Kafka privilege? > > > > >> >>> > > > > >> >>> Colm. > > > > >> >>> > > > > >> >>> > > > > >> >>> -- > > > > >> >>> Colm O hEigeartaigh > > > > >> >>> > > > > >> >>> Talend Community Coder > > > > >> >>> http://coders.talend.com > > > > >> >>> > > > > >> >> > > > > >> >> > > > > >> > > > > > >> > > > > > >> > -- > > > > >> > Colm O hEigeartaigh > > > > >> > > > > > >> > Talend Community Coder > > > > >> > http://coders.talend.com > > > > >> > > > > > >> > > > > > > > > > > > > > > > > > > > > > > -- > > > > Colm O hEigeartaigh > > > > > > > > Talend Community Coder > > > > http://coders.talend.com > > > > > > > > > > > > > > > -- > > Colm O hEigeartaigh > > > > Talend Community Coder > > http://coders.talend.com > > > -- Colm O hEigeartaigh Talend Community Coder http://coders.talend.com
