----------------------------------------------------------- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/62902/#review188013 -----------------------------------------------------------
sentry-binding/sentry-binding-hive/src/main/java/org/apache/sentry/binding/hive/authz/SentryHiveAuthorizerImpl.java Line 52 (original), 64 (patched) <https://reviews.apache.org/r/62902/#comment265085> should it be v2? This is auth-2 API sentry-binding/sentry-binding-hive/src/main/java/org/apache/sentry/binding/hive/authz/SentryHiveAuthorizerImpl.java Line 112 (original), 126 (patched) <https://reviews.apache.org/r/62902/#comment265086> should we just return here? This function will be called by Hive when auth-2 is enabled. If we do authorization at semantic hook (called before this function), it should be OK to just return. If we throw exception here, it will cause every hive command to fail. sentry-binding/sentry-binding-hive/src/main/java/org/apache/sentry/binding/hive/authz/SentryHiveAuthorizerImpl.java Line 165 (original), 184 (patched) <https://reviews.apache.org/r/62902/#comment265092> filter should be based on user's privileges. Where is the username or group info is used? sentry-binding/sentry-binding-hive/src/main/java/org/apache/sentry/binding/hive/authz/SentryHiveAuthorizerImpl.java Line 184 (original), 203 (patched) <https://reviews.apache.org/r/62902/#comment265096> Is it true all objects in the list have the same DB? If not, then we need to get DB for each object, and filter it - Na Li On Oct. 12, 2017, 7:35 p.m., Sergio Pena wrote: > > ----------------------------------------------------------- > This is an automatically generated e-mail. To reply, visit: > https://reviews.apache.org/r/62902/ > ----------------------------------------------------------- > > (Updated Oct. 12, 2017, 7:35 p.m.) > > > Review request for sentry, Alexander Kolbasov, Colm O hEigeartaigh, and > kalyan kumar kalvagadda. > > > Bugs: sentry-1978 > https://issues.apache.org/jira/browse/sentry-1978 > > > Repository: sentry > > > Description > ------- > > This patch is moving some hive-authz2 profile classes related to the > grant/revoke tasks to allow running the current tests with it and start doing > the switch to authz2. > > The patch does the following: > - Stop using the SentryGrantRevokeTask for grant/revoke task execution. > - Use SentryHiveAccessController to execute similar tasks that > SentryGrantRevokeTask used to have. > - Configure the new controller on the HiveAuthzBindingSessionHook class. > - Configure tests to run the authz2 access controller. > > > Diffs > ----- > > > sentry-binding/sentry-binding-hive/src/main/java/org/apache/sentry/binding/hive/HiveAuthzBindingHook.java > 3454910db1950f11e3317011bf4c08041a4ec5ac > > sentry-binding/sentry-binding-hive/src/main/java/org/apache/sentry/binding/hive/HiveAuthzBindingSessionHook.java > 994ae7a852d36653eb642112da7c0c58952f2f33 > > sentry-binding/sentry-binding-hive/src/main/java/org/apache/sentry/binding/hive/SentryHiveAuthorizationTaskFactoryImpl.java > ceb3b17714d5dfc4c6186b5f9cf536d6ddbb662b > > sentry-binding/sentry-binding-hive/src/main/java/org/apache/sentry/binding/hive/SentryHivePrivilegeObject.java > PRE-CREATION > > sentry-binding/sentry-binding-hive/src/main/java/org/apache/sentry/binding/hive/authz/DefaultSentryAccessController.java > PRE-CREATION > > sentry-binding/sentry-binding-hive/src/main/java/org/apache/sentry/binding/hive/authz/SentryHiveAccessController.java > PRE-CREATION > > sentry-binding/sentry-binding-hive/src/main/java/org/apache/sentry/binding/hive/authz/SentryHiveAuthorizerFactory.java > f6297e9a19e4624cfc9c5a57d939e5873261263d > > sentry-binding/sentry-binding-hive/src/main/java/org/apache/sentry/binding/hive/authz/SentryHiveAuthorizerImpl.java > 9c72876abbde2d1217503b90dfbfcd6d609427a8 > > sentry-binding/sentry-binding-hive/src/main/java/org/apache/sentry/binding/util/SentryAuthorizerUtil.java > PRE-CREATION > > sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/dbprovider/TestDatabaseProvider.java > a62a0a66f1894f9039f099691b9fcfa2e98d8549 > > sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/hdfs/TestHDFSIntegrationBase.java > 27cfba9fab49f44f74f7b7d24564b22e3ac437ba > > sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/hive/hiveserver/HiveServerFactory.java > 35cb2bb4ffb9109721ba24e6dac84667bfdefa37 > > sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/metastore/TestMetastoreEndToEnd.java > 5cd69e17b3d70dfc7b739354e9fe21a5f7678120 > > > Diff: https://reviews.apache.org/r/62902/diff/1/ > > > Testing > ------- > > All tests passed. > > > Thanks, > > Sergio Pena > >
