----------------------------------------------------------- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/66590/#review201127 -----------------------------------------------------------
sentry-abac/example-delta.json Lines 1 (patched) <https://reviews.apache.org/r/66590/#comment282118> A file-based representation of deltas/changes may not be necessary. It is a simpler workflow for the user to edit the original file (e.g. example-definition.json) rather than provide explicit delta files. The server can detect changes to this file and update ingested attributes as appropriate. sentry-abac/notes.txt Lines 19 (patched) <https://reviews.apache.org/r/66590/#comment282119> Lines 19 - 20 can be removed if the example-delta.json file is removed. sentry-abac/pom.xml Lines 25 (patched) <https://reviews.apache.org/r/66590/#comment282120> Should the project version be parameterized? sentry-abac/src/main/java/org/apache/sentry/abac/AttributeMap.java Lines 77 (patched) <https://reviews.apache.org/r/66590/#comment282129> This is a common and expected occurrence based on the implementation of the addEntry method. Change from warn to debug? sentry-abac/src/main/java/org/apache/sentry/abac/AttributeMap.java Lines 86 (patched) <https://reviews.apache.org/r/66590/#comment282130> This is a common and expected occurrence based on the implementation of the addEntry method. Change from warn to debug? sentry-abac/src/main/java/org/apache/sentry/abac/AttributeMap.java Lines 228 (patched) <https://reviews.apache.org/r/66590/#comment282132> Profile does not need to be maintained, managed or handled during attribute ingestion. Just the object is needed (not the object and the profile). See comments above about 'server.db.table.column' vs. 'db.table.column'. sentry-abac/src/main/java/org/apache/sentry/abac/SentryObject.java Lines 33 (patched) <https://reviews.apache.org/r/66590/#comment282125> Add field, getter and setter for descriptor (contentDescriptor). Also add a two-arg constructor and update toString, equals and hashCode methods. sentry-abac/src/main/java/org/apache/sentry/abac/SentryObject.java Lines 37 (patched) <https://reviews.apache.org/r/66590/#comment282122> This is just the SentryObject. Keep mention of Profile distinct; remove here. sentry-abac/src/main/java/org/apache/sentry/abac/SentryObject.java Lines 39 (patched) <https://reviews.apache.org/r/66590/#comment282128> I guess this string will look like "db.table.column" not "server.db.table.column". Where will the server value come from during ingestion? Also, is the multipart single string representation best or should we consider db, table and column, each in separate instance variables? sentry-abac/src/main/java/org/apache/sentry/abac/SentryObject.java Lines 43 (patched) <https://reviews.apache.org/r/66590/#comment282123> Remove. This will be incredibly verbose. sentry-abac/src/test/java/org/apache/sentry/tests/abac/TestAttributeMap.java Lines 54 (patched) <https://reviews.apache.org/r/66590/#comment282138> See notes on SentryObject on server.db.table.column vs. db.table.column. sentry-abac/src/test/java/org/apache/sentry/tests/abac/TestAttributeMap.java Lines 55 (patched) <https://reviews.apache.org/r/66590/#comment282139> Add test objects witih content descriptors also (see SentryObject class). sentry-abac/src/test/java/org/apache/sentry/tests/abac/TestAttributeMap.java Lines 274 (patched) <https://reviews.apache.org/r/66590/#comment282140> See notes on SentryObject on server.db.table.column vs. db.table.column. sentry-abac/src/test/java/org/apache/sentry/tests/abac/TestAttributeMap.java Lines 295 (patched) <https://reviews.apache.org/r/66590/#comment282141> See notes on SentryObject on server.db.table.column vs. db.table.column. sentry-abac/src/test/java/org/apache/sentry/tests/abac/TestStaticProvider.java Lines 50 (patched) <https://reviews.apache.org/r/66590/#comment282143> See notes on SentryObject on server.db.table.column vs. db.table.column. sentry-abac/src/test/java/org/apache/sentry/tests/abac/TestStaticProvider.java Lines 85 (patched) <https://reviews.apache.org/r/66590/#comment282144> See notes on SentryObject on server.db.table.column vs. db.table.column. sentry-abac/src/test/java/org/apache/sentry/tests/abac/TestStaticProvider.java Lines 122 (patched) <https://reviews.apache.org/r/66590/#comment282145> See notes on SentryObject on server.db.table.column vs. db.table.column. - Anthony Young-Garner On April 12, 2018, 8:45 p.m., Steve Moist wrote: > > ----------------------------------------------------------- > This is an automatically generated e-mail. To reply, visit: > https://reviews.apache.org/r/66590/ > ----------------------------------------------------------- > > (Updated April 12, 2018, 8:45 p.m.) > > > Review request for sentry. > > > Repository: sentry > > > Description > ------- > > This is the inital draft of attribute based access control. > > > Diffs > ----- > > pom.xml 16a3838a > sentry-abac/example-definition.json PRE-CREATION > sentry-abac/example-delta.json PRE-CREATION > sentry-abac/notes.txt PRE-CREATION > sentry-abac/pom.xml PRE-CREATION > sentry-abac/src/main/java/org/apache/sentry/abac/Attribute.java > PRE-CREATION > sentry-abac/src/main/java/org/apache/sentry/abac/AttributeMap.java > PRE-CREATION > sentry-abac/src/main/java/org/apache/sentry/abac/AttributeMapAdapter.java > PRE-CREATION > > sentry-abac/src/main/java/org/apache/sentry/abac/AttributeMapKeyException.java > PRE-CREATION > > sentry-abac/src/main/java/org/apache/sentry/abac/GenericAttributeProvider.java > PRE-CREATION > > sentry-abac/src/main/java/org/apache/sentry/abac/SentryAttributeAuthorizer.java > PRE-CREATION > sentry-abac/src/main/java/org/apache/sentry/abac/SentryObject.java > PRE-CREATION > > sentry-abac/src/main/java/org/apache/sentry/abac/StaticAttributeProvider.java > PRE-CREATION > sentry-abac/src/test/java/org/apache/sentry/tests/abac/TestAttribute.java > PRE-CREATION > > sentry-abac/src/test/java/org/apache/sentry/tests/abac/TestAttributeMap.java > PRE-CREATION > > sentry-abac/src/test/java/org/apache/sentry/tests/abac/TestSentryAttributeAuthorizer.java > PRE-CREATION > > sentry-abac/src/test/java/org/apache/sentry/tests/abac/TestStaticProvider.java > PRE-CREATION > sentry-abac/src/test/resources/abac.props PRE-CREATION > sentry-binding/sentry-binding-hive/pom.xml ccfa9cfe > > sentry-binding/sentry-binding-hive/src/main/java/org/apache/sentry/binding/hive/authz/DefaultSentryValidator.java > 1ab5be35 > > sentry-binding/sentry-binding-hive/src/main/java/org/apache/sentry/binding/hive/authz/SentryHiveAuthorizerImpl.java > 86ff0cc2 > > > Diff: https://reviews.apache.org/r/66590/diff/3/ > > > Testing > ------- > > full build,added unit tests, tested code on a cluster. > > > Thanks, > > Steve Moist > >