> On Oct. 13, 2017, 9:09 p.m., Na Li wrote: > > sentry-binding/sentry-binding-hive/src/main/java/org/apache/sentry/binding/util/SentryAuthorizerUtil.java > > Lines 129 (patched) > > <https://reviews.apache.org/r/62902/diff/1/?file=1852559#file1852559line129> > > > > Can you add the following for function? > > > > baseHierarchy.add(server); > > baseHierarchy.add(new Database(privilege.getDbname())); > > baseHierarchy.add(new Function(privilege.getObjectName(), > > privilege.getClassName())); > > objectHierarchy.add(baseHierarchy); > > break; > > > > > > and have a new class Function > > > > public class Function implements DBModelAuthorizable { > > private final String name; > > private final String className; > > > > public Function(String name, String className) { > > this.name = name; > > this.className = className; > > } > > > > @Override > > public String getName() { > > return name; > > } > > > > public String getClassName() { return className; } > > > > @Override > > public String toString() { > > return "Function [name=" + name + "]"; > > } > > > > @Override > > public AuthorizableType getAuthzType() { > > return AuthorizableType.Function; > > } > > > > @Override > > public String getTypeName() { > > return getAuthzType().name(); > > } > > > > } > > Sergio Pena wrote: > Probably better to have this patch in another JIRA so that we add more > tests cases as well. This sounds like a new feature as all the current tests > cases related to FUNCTION already pass. > Why do we need this code? Anyway, please file a JIRA for this as well.
it is tracked in SENTRY-1971. This issue needs to be fixed if we switch to use checkPrivileges() for authorization. When we use semantic hook, it may be OK not to fix this. - Na ----------------------------------------------------------- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/62902/#review188022 ----------------------------------------------------------- On Oct. 12, 2017, 7:35 p.m., Sergio Pena wrote: > > ----------------------------------------------------------- > This is an automatically generated e-mail. To reply, visit: > https://reviews.apache.org/r/62902/ > ----------------------------------------------------------- > > (Updated Oct. 12, 2017, 7:35 p.m.) > > > Review request for sentry, Alexander Kolbasov, Colm O hEigeartaigh, and > kalyan kumar kalvagadda. > > > Bugs: sentry-1978 > https://issues.apache.org/jira/browse/sentry-1978 > > > Repository: sentry > > > Description > ------- > > This patch is moving some hive-authz2 profile classes related to the > grant/revoke tasks to allow running the current tests with it and start doing > the switch to authz2. > > The patch does the following: > - Stop using the SentryGrantRevokeTask for grant/revoke task execution. > - Use SentryHiveAccessController to execute similar tasks that > SentryGrantRevokeTask used to have. > - Configure the new controller on the HiveAuthzBindingSessionHook class. > - Configure tests to run the authz2 access controller. > > > Diffs > ----- > > > sentry-binding/sentry-binding-hive/src/main/java/org/apache/sentry/binding/hive/HiveAuthzBindingHook.java > 3454910db1950f11e3317011bf4c08041a4ec5ac > > sentry-binding/sentry-binding-hive/src/main/java/org/apache/sentry/binding/hive/HiveAuthzBindingSessionHook.java > 994ae7a852d36653eb642112da7c0c58952f2f33 > > sentry-binding/sentry-binding-hive/src/main/java/org/apache/sentry/binding/hive/SentryHiveAuthorizationTaskFactoryImpl.java > ceb3b17714d5dfc4c6186b5f9cf536d6ddbb662b > > sentry-binding/sentry-binding-hive/src/main/java/org/apache/sentry/binding/hive/SentryHivePrivilegeObject.java > PRE-CREATION > > sentry-binding/sentry-binding-hive/src/main/java/org/apache/sentry/binding/hive/authz/DefaultSentryAccessController.java > PRE-CREATION > > sentry-binding/sentry-binding-hive/src/main/java/org/apache/sentry/binding/hive/authz/SentryHiveAccessController.java > PRE-CREATION > > sentry-binding/sentry-binding-hive/src/main/java/org/apache/sentry/binding/hive/authz/SentryHiveAuthorizerFactory.java > f6297e9a19e4624cfc9c5a57d939e5873261263d > > sentry-binding/sentry-binding-hive/src/main/java/org/apache/sentry/binding/hive/authz/SentryHiveAuthorizerImpl.java > 9c72876abbde2d1217503b90dfbfcd6d609427a8 > > sentry-binding/sentry-binding-hive/src/main/java/org/apache/sentry/binding/util/SentryAuthorizerUtil.java > PRE-CREATION > > sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/dbprovider/TestDatabaseProvider.java > a62a0a66f1894f9039f099691b9fcfa2e98d8549 > > sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/hdfs/TestHDFSIntegrationBase.java > 27cfba9fab49f44f74f7b7d24564b22e3ac437ba > > sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/hive/hiveserver/HiveServerFactory.java > 35cb2bb4ffb9109721ba24e6dac84667bfdefa37 > > sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/metastore/TestMetastoreEndToEnd.java > 5cd69e17b3d70dfc7b739354e9fe21a5f7678120 > > > Diff: https://reviews.apache.org/r/62902/diff/1/ > > > Testing > ------- > > All tests passed. > > > Thanks, > > Sergio Pena > >
