> On Dec. 20, 2018, 6:12 p.m., Arjun Mishra wrote: > > Sergio, seems like we are authorizing one database or one table at a time > > and then adding it to the list of filtered entities. Can we authorize them > > collectively in a single transacation?
This would be a good idea to improve, but the current code in the HiveAuthzBinding.authorize() does not allow to do so. If I pass a list of objects to check for authorization, if at least one is denied, then the method will throw an AuthorizationException which it is not desired. The Hive binding will need to be improved to allow this. - Sergio ----------------------------------------------------------- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/69586/#review211470 ----------------------------------------------------------- On Dec. 20, 2018, 3:45 p.m., Sergio Pena wrote: > > ----------------------------------------------------------- > This is an automatically generated e-mail. To reply, visit: > https://reviews.apache.org/r/69586/ > ----------------------------------------------------------- > > (Updated Dec. 20, 2018, 3:45 p.m.) > > > Review request for sentry, Arjun Mishra, kalyan kumar kalvagadda, and Na Li. > > > Bugs: sentry-2481 > https://issues.apache.org/jira/browse/sentry-2481 > > > Repository: sentry > > > Description > ------- > > Re-use the SentryMetaStoreFilterHook to support HMS server-side object > filtering. The SentryMetaStoreFilterHook class was deprecated and not used in > the HMS client anymore (replaced by the calls to DefaultSentryValidator). Due > to code duplication between SentryMetaStoreFilterHook and > DefaultSentryValidator, a new class MetaStoreAuthzObjectFilter is created > that accepts different types of objects to be filtered (unit tests are added > to verify the cases). > > > Diffs > ----- > > .gitignore 6ce3a6c11f6caf743fb00271af2cb4d33a18aa5d > pom.xml f28be5afb7c9673c0b111325d7728381f8c89d2f > > sentry-binding/sentry-binding-hive-common/src/main/java/org/apache/sentry/binding/hive/authz/HiveAuthzBinding.java > 520de52ac3a41d0b4c01b1bdf60944fd44add5e7 > > sentry-binding/sentry-binding-hive-common/src/main/java/org/apache/sentry/binding/hive/authz/HiveAuthzPrivileges.java > c37ce646da97afb2e5c033fb3acf43190a4fae80 > > sentry-binding/sentry-binding-hive-conf/src/main/java/org/apache/sentry/binding/hive/conf/HiveAuthzConf.java > cd4ae4a8c80b34769c65d4b8b86b2d6ecc78b075 > sentry-binding/sentry-binding-hive/pom.xml > b74516d70eaf873ef46914e2fbcfe08753bc1be4 > > sentry-binding/sentry-binding-hive/src/main/java/org/apache/sentry/binding/hive/authz/DefaultSentryValidator.java > 38ce2db374ee4f46190544479bc0713de2fce420 > > sentry-binding/sentry-binding-hive/src/main/java/org/apache/sentry/binding/hive/authz/MetastoreAuthzObjectFilter.java > PRE-CREATION > > sentry-binding/sentry-binding-hive/src/main/java/org/apache/sentry/binding/metastore/AuthorizingObjectStore.java > 92eb1366be44bd53f57e0900634b1cb4eae6470e > > sentry-binding/sentry-binding-hive/src/main/java/org/apache/sentry/binding/metastore/AuthorizingObjectStoreBase.java > d015085c71822c34a3315dc884596acc8ee2421a > > sentry-binding/sentry-binding-hive/src/main/java/org/apache/sentry/binding/metastore/HiveAuthzBindingFactory.java > PRE-CREATION > > sentry-binding/sentry-binding-hive/src/main/java/org/apache/sentry/binding/metastore/MetastoreAuthzBindingBase.java > 8ad9e50350a1a45ebdde9d8acb7f039b14a13f41 > > sentry-binding/sentry-binding-hive/src/main/java/org/apache/sentry/binding/metastore/SentryHiveMetaStoreClient.java > e30a86050a23a69cb9d613ec3500a1915974ed65 > > sentry-binding/sentry-binding-hive/src/main/java/org/apache/sentry/binding/metastore/SentryMetaStoreFilterHook.java > 5ecc87f9be36d6096e30de1f3c8697cd2d4da091 > > sentry-binding/sentry-binding-hive/src/test/java/org/apache/sentry/binding/hive/authz/TestMetastoreAuthzObjectFilter.java > PRE-CREATION > > sentry-binding/sentry-binding-hive/src/test/java/org/apache/sentry/binding/metastore/TestSentryMetaStoreFilterHook.java > PRE-CREATION > > sentry-core/sentry-core-common/src/main/java/org/apache/sentry/core/common/Subject.java > bcd1fa2351f7e7928f5499aa5f86906640f62504 > > > Diff: https://reviews.apache.org/r/69586/diff/3/ > > > Testing > ------- > > Added unit tests for the SentryMetaStoreFilterHook. > > > Thanks, > > Sergio Pena > >
