----------------------------------------------------------- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/30017/ -----------------------------------------------------------
Review request for sentry and Vamsee Yarlagadda. Repository: sentry Description ------- The Solr schema API allows using a REST API to get schema about the each collection, including defined field types, fields, dynamic fields, and copy field declarations. There exists a risk that user can get the collection schema they does not access to. For example, user1 has no query privilege on collection collection1, but currently the user1 can get the schema metadata about collection1 as running the command: curl http://localhost:8983/solr/collection1/schema It’s should deny the users get the schema information that they haven’t query privilege on. Diffs ----- pom.xml 60a9f4a sentry-solr/solr-sentry-handlers/pom.xml 8ca1cb3 sentry-solr/solr-sentry-handlers/src/main/java/org/apache/solr/handler/rest/SecureSolrSchemaRestApi.java PRE-CREATION sentry-solr/solr-sentry-handlers/src/main/java/org/apache/solr/handler/rest/SentryAuthorizerFilter.java PRE-CREATION sentry-solr/solr-sentry-handlers/src/main/java/org/apache/solr/handler/rest/SentryAuthorizerFilterException.java PRE-CREATION sentry-solr/solr-sentry-handlers/src/main/resources/sentry-handlers/sentry/test-authz-provider.ini 8f48a8c sentry-solr/solr-sentry-handlers/src/test/java/org/apache/solr/handler/rest/TestSentryAuthorizerFilter.java PRE-CREATION sentry-tests/sentry-tests-solr/src/test/java/org/apache/sentry/tests/e2e/solr/rest/RestTestHarness.java PRE-CREATION sentry-tests/sentry-tests-solr/src/test/java/org/apache/sentry/tests/e2e/solr/rest/SolrSentryRestTestBase.java PRE-CREATION sentry-tests/sentry-tests-solr/src/test/java/org/apache/sentry/tests/e2e/solr/rest/TestSchemaProtection.java PRE-CREATION Diff: https://reviews.apache.org/r/30017/diff/ Testing ------- Thanks, shen guoquan
