> On April 19, 2018, 10:04 p.m., Na Li wrote:
> > sentry-abac/src/main/java/org/apache/sentry/abac/AttributeMap.java
> > Lines 60 (patched)
> > <https://reviews.apache.org/r/66590/diff/4/?file=2002482#file2002482line60>
> >
> >     should we make this function thread-safe? It invoves two tables and 
> > they have to be consistent.

Not at this time, there should only be 1 thread that would be calling this at 
this time and for the next few revisions.


> On April 19, 2018, 10:04 p.m., Na Li wrote:
> > sentry-abac/src/main/java/org/apache/sentry/abac/AttributeMap.java
> > Lines 101 (patched)
> > <https://reviews.apache.org/r/66590/diff/4/?file=2002482#file2002482line101>
> >
> >     do we need to make this function thread-safe? Otherwise, those two 
> > tables may be in inconsistent state.

Not at this time, there should only be 1 thread that would be calling this at 
this time and for the next few revisions.


> On April 19, 2018, 10:04 p.m., Na Li wrote:
> > sentry-abac/src/main/java/org/apache/sentry/abac/SentryAttributeAuthorizer.java
> > Lines 116 (patched)
> > <https://reviews.apache.org/r/66590/diff/4/?file=2002486#file2002486line116>
> >
> >     should each policy has an index? So you can print the index and it is 
> > easy to debug and correleate events.

It can, once we add profiles it would go better here.


> On April 19, 2018, 10:04 p.m., Na Li wrote:
> > sentry-abac/src/main/java/org/apache/sentry/abac/SentryAttributeAuthorizer.java
> > Lines 119 (patched)
> > <https://reviews.apache.org/r/66590/diff/4/?file=2002486#file2002486line119>
> >
> >     This logic has some problem. will the policies have priorities? then 
> > they should be sorted before you check them and need to handle conflict.
> >     
> >     If you don't do that, what's the assumption the policies behave?

Yes, the policies WILL have priorities, for now if there is a label on the 
field it is redacted.  This will be expanded upon in later versions.


> On April 19, 2018, 10:04 p.m., Na Li wrote:
> > sentry-abac/src/main/java/org/apache/sentry/abac/StaticAttributeProvider.java
> > Lines 48 (patched)
> > <https://reviews.apache.org/r/66590/diff/4/?file=2002488#file2002488line48>
> >
> >     do you expect someone calls this function?
> >     
> >     It seems you should have a internal thread to periodically pull other 
> > places to get delta change.

Yes, right now static ingestion is provided, this a placeholder for deltas in 
the next ingestion method that will poll for changes.


- Steve


-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/66590/#review201567
-----------------------------------------------------------


On April 19, 2018, 9:09 p.m., Steve Moist wrote:
> 
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/66590/
> -----------------------------------------------------------
> 
> (Updated April 19, 2018, 9:09 p.m.)
> 
> 
> Review request for sentry.
> 
> 
> Repository: sentry
> 
> 
> Description
> -------
> 
> This is the inital draft of attribute based access control.
> 
> 
> Diffs
> -----
> 
>   pom.xml 16a3838a 
>   sentry-abac/example-definition.json PRE-CREATION 
>   sentry-abac/example-delta.json PRE-CREATION 
>   sentry-abac/notes.txt PRE-CREATION 
>   sentry-abac/pom.xml PRE-CREATION 
>   sentry-abac/src/main/java/org/apache/sentry/abac/Attribute.java 
> PRE-CREATION 
>   sentry-abac/src/main/java/org/apache/sentry/abac/AttributeMap.java 
> PRE-CREATION 
>   sentry-abac/src/main/java/org/apache/sentry/abac/AttributeMapAdapter.java 
> PRE-CREATION 
>   
> sentry-abac/src/main/java/org/apache/sentry/abac/AttributeMapKeyException.java
>  PRE-CREATION 
>   
> sentry-abac/src/main/java/org/apache/sentry/abac/GenericAttributeProvider.java
>  PRE-CREATION 
>   
> sentry-abac/src/main/java/org/apache/sentry/abac/SentryAttributeAuthorizer.java
>  PRE-CREATION 
>   sentry-abac/src/main/java/org/apache/sentry/abac/SentryObject.java 
> PRE-CREATION 
>   
> sentry-abac/src/main/java/org/apache/sentry/abac/StaticAttributeProvider.java 
> PRE-CREATION 
>   sentry-abac/src/test/java/org/apache/sentry/tests/abac/TestAttribute.java 
> PRE-CREATION 
>   
> sentry-abac/src/test/java/org/apache/sentry/tests/abac/TestAttributeMap.java 
> PRE-CREATION 
>   
> sentry-abac/src/test/java/org/apache/sentry/tests/abac/TestSentryAttributeAuthorizer.java
>  PRE-CREATION 
>   
> sentry-abac/src/test/java/org/apache/sentry/tests/abac/TestStaticProvider.java
>  PRE-CREATION 
>   sentry-abac/src/test/resources/abac.props PRE-CREATION 
>   sentry-binding/sentry-binding-hive/pom.xml ccfa9cfe 
>   
> sentry-binding/sentry-binding-hive/src/main/java/org/apache/sentry/binding/hive/authz/DefaultSentryValidator.java
>  1ab5be35 
>   
> sentry-binding/sentry-binding-hive/src/main/java/org/apache/sentry/binding/hive/authz/SentryHiveAuthorizerImpl.java
>  86ff0cc2 
> 
> 
> Diff: https://reviews.apache.org/r/66590/diff/5/
> 
> 
> Testing
> -------
> 
> full build,added unit tests, tested code on a cluster.
> 
> 
> Thanks,
> 
> Steve Moist
> 
>

Reply via email to