> On Feb. 20, 2019, 10:06 p.m., kalyan kumar kalvagadda wrote: > > sentry-solr/solr-sentry-handlers/src/main/java/org/apache/solr/handler/component/SolrAttrBasedFilter.java > > Lines 114-119 (patched) > > <https://reviews.apache.org/r/70004/diff/1/?file=2125767#file2125767line114> > > > > How does CachingUserAttributeSource work with LdapUserAttributeSource. > > > > Let's say cache is enabled and source is ldap then there will be two > > cache's, right as there is a cache in LdapUserAttributeSource.
The reason for the cache on the nested groups is independent of users, so if you have 100 users with 10 groups, you only have 10 LDAP calls for those groups. The wrapper cache is to save repeated calls on a per user basis - Tristan ----------------------------------------------------------- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/70004/#review212989 ----------------------------------------------------------- On Feb. 21, 2019, 7:45 p.m., Tristan Stevens wrote: > > ----------------------------------------------------------- > This is an automatically generated e-mail. To reply, visit: > https://reviews.apache.org/r/70004/ > ----------------------------------------------------------- > > (Updated Feb. 21, 2019, 7:45 p.m.) > > > Review request for sentry. > > > Repository: sentry > > > Description > ------- > > This is an improvement request to cover enhanced document level security for > the Solr document level controls, specifically to cover: > > Security controls against multiple fields > Filters based on user attributes as well as just Sentry roles > Different security predicates (AND, LessThan, GreaterThan, OR) > Pluggable user attribute source ahead of Sentry enhancements. > Sample LDAP user attribute source > The ambition is this will be a precursor to full complex predicate support > being served by Sentry ABAC roadmap. > > > Diffs > ----- > > sentry-solr/solr-sentry-handlers/pom.xml 621d8325 > > sentry-solr/solr-sentry-handlers/src/main/java/org/apache/solr/handler/component/CachingUserAttributeSource.java > PRE-CREATION > > sentry-solr/solr-sentry-handlers/src/main/java/org/apache/solr/handler/component/FieldToAttributeMapping.java > PRE-CREATION > > sentry-solr/solr-sentry-handlers/src/main/java/org/apache/solr/handler/component/LdapUserAttributeSource.java > PRE-CREATION > > sentry-solr/solr-sentry-handlers/src/main/java/org/apache/solr/handler/component/LdapUserAttributeSourceParams.java > PRE-CREATION > > sentry-solr/solr-sentry-handlers/src/main/java/org/apache/solr/handler/component/SolrAttrBasedFilter.java > PRE-CREATION > > sentry-solr/solr-sentry-handlers/src/main/java/org/apache/solr/handler/component/UserAttributeSource.java > PRE-CREATION > > sentry-solr/solr-sentry-handlers/src/main/java/org/apache/solr/handler/component/UserAttributeSourceParams.java > PRE-CREATION > > sentry-solr/solr-sentry-handlers/src/test/java/org/apache/solr/handler/component/CachingUserAttributeSourceTest.java > PRE-CREATION > > sentry-solr/solr-sentry-handlers/src/test/java/org/apache/solr/handler/component/LdapRegexTest.java > PRE-CREATION > > sentry-solr/solr-sentry-handlers/src/test/java/org/apache/solr/handler/component/MockUserAttributeSource.java > PRE-CREATION > sentry-tests/sentry-tests-solr/pom.xml 7c28bda5 > > sentry-tests/sentry-tests-solr/src/test/java/org/apache/sentry/tests/e2e/solr/SolrSentryServiceTestBase.java > 09f095a3 > > sentry-tests/sentry-tests-solr/src/test/java/org/apache/sentry/tests/e2e/solr/TestAbacOperations.java > PRE-CREATION > sentry-tests/sentry-tests-solr/src/test/resources/ldap/ldap.ldiff > PRE-CREATION > sentry-tests/sentry-tests-solr/src/test/resources/ldap/ldap.schema > PRE-CREATION > > sentry-tests/sentry-tests-solr/src/test/resources/solr/configsets/cloud-minimal_abac/conf/enumsConfig.xml > PRE-CREATION > > sentry-tests/sentry-tests-solr/src/test/resources/solr/configsets/cloud-minimal_abac/conf/schema.xml > PRE-CREATION > > sentry-tests/sentry-tests-solr/src/test/resources/solr/configsets/cloud-minimal_abac/conf/solrconfig.xml > PRE-CREATION > > > Diff: https://reviews.apache.org/r/70004/diff/2/ > > > Testing > ------- > > Added unit tests to cover specific areas and also TestAbacOperations.java > which tests full integration with a mocked LDAP server against a live > SolrCloud. > > Addiitonally I've run manual tests against a live Solr cluster with this > plugin deployed against Active Directory. > > > Thanks, > > Tristan Stevens > >
