-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/29403/
-----------------------------------------------------------
Review request for sentry and Sravya Tirukkovalur.
Bugs: SENTRY-598
https://issues.apache.org/jira/browse/SENTRY-598
Repository: sentry
Description
-------
Currently Sentry restricts the Transforms for users with non-admin privileges.
Hive didn't have a way to discover transforms used in a query via Semantic
hooks. As a workaround Sentry has pre-exec hook which can detect if the query
has transforms (just a boolean flag though).
As part of HIVE-8938, Hive compiler now captures the transform script as input
read entity. This patch is leveraging that mechanism to enforce URI privileges
on transform.
The existing pre-exec hook mechanism is no longer needed and removed.
Diffs
-----
sentry-binding/sentry-binding-hive/src/main/java/org/apache/sentry/binding/hive/HiveAuthzBindingHook.java
d096551
sentry-binding/sentry-binding-hive/src/main/java/org/apache/sentry/binding/hive/HiveAuthzBindingPreExecHook.java
813200a
sentry-binding/sentry-binding-hive/src/main/java/org/apache/sentry/binding/hive/HiveAuthzBindingSessionHook.java
cc7ef45
sentry-binding/sentry-binding-hive/src/main/java/org/apache/sentry/binding/hive/authz/HiveAuthzPrivilegesMap.java
3dedbc3
sentry-core/sentry-core-common/src/main/java/org/apache/sentry/core/common/utils/PathUtils.java
73f91ee
sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/hive/TestPrivilegeAtTransform.java
2d34015
sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/hive/TestServerConfiguration.java
7efa83d
Diff: https://reviews.apache.org/r/29403/diff/
Testing
-------
Updated transform tests
Thanks,
Prasad Mujumdar
