> On June 15, 2018, 10:46 p.m., Sergio Pena wrote: > > sentry-binding/sentry-binding-hive/src/main/java/org/apache/sentry/binding/hive/authz/DefaultSentryAccessController.java > > Lines 291 (patched) > > <https://reviews.apache.org/r/67134/diff/7/?file=2041080#file2041080line291> > > > > I don't feel this line should be here. If this is required only to get > > the active roles, then we should move the method that allow us to get the > > active roles. Is there a utility class that we used where we can move it?
Ok. I will move the line hiveAuthzBinding = new HiveAuthzBinding(hiveHook, conf, authzConf); to the constructor > On June 15, 2018, 10:46 p.m., Sergio Pena wrote: > > sentry-binding/sentry-binding-hive/src/main/java/org/apache/sentry/binding/hive/authz/DefaultSentryAccessController.java > > Lines 292-295 (patched) > > <https://reviews.apache.org/r/67134/diff/7/?file=2041080#file2041080line292> > > > > We should be able to reduce these two calls to one single call that > > returns all privileges for roles, users (and in the future groups). > > > > The refactor should not be big. You can create a class that wraps the > > different map objects returned by the Server, then you can return that wrap > > object instead of the map. > > > > For instance: > > > > public SentryObjectPrivileges listPrivilegsbyAuthorizable() { > > TListSentryPrivilegesByAuthResponse response = client.list_...(); > > > > SentryObjectPrivileges privs = new SentryObjectPrivileges() > > privs.setPrivilegesForRoles(privs.getPrivilegesMapByAuth()); > > > > privs.setPrivilegesForUsers(privs.getPrivilegesMapByAuthForUsers()); > > > > return privs; > > } > > > > That's an example. You can come up with a different thing, but that > > would allow us to obtain all privileges for a specific object regardless of > > the entity type. I think we would need to rename the method too to avoid a > > confusion of the methods that return either users or roles. Ok works. Thanks > On June 15, 2018, 10:46 p.m., Sergio Pena wrote: > > sentry-binding/sentry-binding-hive/src/main/java/org/apache/sentry/binding/hive/authz/DefaultSentryAccessController.java > > Lines 300-314 (patched) > > <https://reviews.apache.org/r/67134/diff/7/?file=2041080#file2041080line300> > > > > I honestly didn't get this. There are 4 for() here, isn't that too > > much? Is there a way to reduce this? > > > > I also see a variable name rolePrivilegesMap, but we can get privileges > > for users, can't we? Its because listPrivilegsbyAuthorizable returns a Map<TSentryAuthorizable, TSentryPrivilegeMap> and TSentryPrivilegeMap has Map<String, Set<TSentryPrivilege>> where the key is the principal name. So we really need to drill deep. I'll make some changes but I don't think we can get away with too many for loops - Arjun ----------------------------------------------------------- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/67134/#review204880 ----------------------------------------------------------- On June 15, 2018, 8:08 p.m., Arjun Mishra wrote: > > ----------------------------------------------------------- > This is an automatically generated e-mail. To reply, visit: > https://reviews.apache.org/r/67134/ > ----------------------------------------------------------- > > (Updated June 15, 2018, 8:08 p.m.) > > > Review request for sentry, kalyan kumar kalvagadda, Na Li, Steve Moist, and > Sergio Pena. > > > Repository: sentry > > > Description > ------- > > Currently Sentry doesn't support Hive command to show privileges on > authorizables without mentioning any role or user name > > > Diffs > ----- > > > sentry-binding/sentry-binding-hive/src/main/java/org/apache/sentry/binding/hive/SentryHiveAuthorizationTaskFactoryImpl.java > 23246c903 > > sentry-binding/sentry-binding-hive/src/main/java/org/apache/sentry/binding/hive/authz/DefaultSentryAccessController.java > f0b4b4466 > > sentry-binding/sentry-binding-hive/src/test/java/org/apache/sentry/binding/hive/TestSentryHiveAuthorizationTaskFactory.java > 2e3fd7f36 > > sentry-service/sentry-service-api/src/main/java/org/apache/sentry/api/service/thrift/SentryPolicyServiceClient.java > 6f38ed20d > > sentry-service/sentry-service-api/src/main/java/org/apache/sentry/api/service/thrift/SentryPolicyServiceClientDefaultImpl.java > 45dce0e7c > > sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/dbprovider/TestShowGrants.java > PRE-CREATION > > > Diff: https://reviews.apache.org/r/67134/diff/7/ > > > Testing > ------- > > $ mvn -f sentry-binding/pom.xml test > $ mvn -f sentry-provider/pom.xml test > > > Thanks, > > Arjun Mishra > >
