[jira] [Commented] (HCATALOG-245) StorageHandler authorization providers

[email protected] (Commented) (JIRA) Thu, 16 Feb 2012 17:32:29 -0800

    [ 
https://issues.apache.org/jira/browse/HCATALOG-245?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13209968#comment-13209968
 ]

[email protected] commented on HCATALOG-245:
--------------------------------------------------------

bq.  On 2012-02-17 00:55:58, Ashutosh Chauhan wrote:
bq.  > 
src/java/org/apache/hcatalog/cli/SemanticAnalysis/HCatSemanticAnalyzer.java, 
line 130
bq.  > <https://reviews.apache.org/r/3846/diff/3/?file=75536#file75536line130>
bq.  >
bq.  >     Looks like this switch statement is no longer of any value now. Can 
this be removed?

The switch serves as to differentiate what is allowed and what is not. The 
default: case throws an exception. 

bq.  On 2012-02-17 00:55:58, Ashutosh Chauhan wrote:
bq.  > 
src/java/org/apache/hcatalog/security/StorageDelegationAuthorizationProvider.java,
 line 43
bq.  > <https://reviews.apache.org/r/3846/diff/3/?file=75540#file75540line43>
bq.  >
bq.  >     Do we need to put class name of this class as a default value in 
conf/proto-hive-site.xml for authprovider conf value?

There is two conf values:
hive.security.authorization.enabled and hive.security.authorization.manager. I 
think we can default the authorization.manager, but I am not sure about 
defaulting authorization.enabled. If we also default that, then existing code 
and unit tests will be affected. 

bq.  On 2012-02-17 00:55:58, Ashutosh Chauhan wrote:
bq.  > src/test/org/apache/hcatalog/cli/TestEximSemanticAnalysis.java.broken, 
line 1
bq.  > <https://reviews.apache.org/r/3846/diff/3/?file=75543#file75543line1>
bq.  >
bq.  >     Did you rename this file to disable the tests? You can just add name 
of this file in src/test/excluded-tests to exclude it, instead of renaming it.

yes indeed. Did not notice we have src/test/excluded-tests. I'll add to that. 

bq.  On 2012-02-17 00:55:58, Ashutosh Chauhan wrote:
bq.  > 
src/java/org/apache/hcatalog/cli/SemanticAnalysis/HCatSemanticAnalyzer.java, 
lines 263-264
bq.  > <https://reviews.apache.org/r/3846/diff/3/?file=75536#file75536line263>
bq.  >
bq.  >     This could potentially be an issue when table has lots of partitions 
in it. This will generate many listStatus call on NN in short time. Not sure if 
there is a way around that though.

I guess, we can relax this check to look for table permissions. Agreed on the 
possible load generated by huge number of partitions. 

- enis

-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/3846/#review5175
-----------------------------------------------------------

On 2012-02-16 22:49:20, enis wrote:
bq.  
bq.  -----------------------------------------------------------
bq.  This is an automatically generated e-mail. To reply, visit:
bq.  https://reviews.apache.org/r/3846/
bq.  -----------------------------------------------------------
bq.  
bq.  (Updated 2012-02-16 22:49:20)
bq.  
bq.  
bq.  Review request for hcatalog.
bq.  
bq.  
bq.  Summary
bq.  -------
bq.  
bq.  As per the design in the parent issue, we will delegate the authorization 
checks to the storage handler (hdfs is considered as a storage handler as 
well). This jira will introduce HiveAuthorizationProviders for hbase + hdfs.
bq.  
bq.  
bq.  This addresses bug HCATALOG-245.
bq.      https://issues.apache.org/jira/browse/HCATALOG-245
bq.  
bq.  
bq.  Diffs
bq.  -----
bq.  
bq.    src/java/org/apache/hcatalog/cli/SemanticAnalysis/AddPartitionHook.java 
efbb79a 
bq.    
src/java/org/apache/hcatalog/cli/SemanticAnalysis/CreateDatabaseHook.java 
109de31 
bq.    src/java/org/apache/hcatalog/cli/SemanticAnalysis/CreateTableHook.java 
098a06b 
bq.    
src/java/org/apache/hcatalog/cli/SemanticAnalysis/HCatSemanticAnalyzer.java 
8387d8e 
bq.    
src/java/org/apache/hcatalog/cli/SemanticAnalysis/HCatSemanticAnalyzerBase.java 
PRE-CREATION 
bq.    src/java/org/apache/hcatalog/common/AuthUtils.java 7cba8dc 
bq.    src/java/org/apache/hcatalog/security/HdfsAuthorizationProvider.java 
PRE-CREATION 
bq.    
src/java/org/apache/hcatalog/security/StorageDelegationAuthorizationProvider.java
 PRE-CREATION 
bq.    src/test/org/apache/hcatalog/HcatTestUtils.java PRE-CREATION 
bq.    src/test/org/apache/hcatalog/cli/TestEximSemanticAnalysis.java 64bde1b 
bq.    src/test/org/apache/hcatalog/cli/TestEximSemanticAnalysis.java.broken 
PRE-CREATION 
bq.    src/test/org/apache/hcatalog/security/TestHdfsAuthorizationProvider.java 
PRE-CREATION 
bq.  
bq.  Diff: https://reviews.apache.org/r/3846/diff
bq.  
bq.  
bq.  Testing
bq.  -------
bq.  
bq.  
bq.  Thanks,
bq.  
bq.  enis
bq.  
bq.

> StorageHandler authorization providers 
> ---------------------------------------
>
>                 Key: HCATALOG-245
>                 URL: https://issues.apache.org/jira/browse/HCATALOG-245
>             Project: HCatalog
>          Issue Type: Sub-task
>            Reporter: Enis Soztutar
>            Assignee: Enis Soztutar
>         Attachments: hcat-auth_v1.patch
>
>
> As per the design in the parent issue, we will delegate the authorization 
> checks to the storage handler (hdfs is considered as a storage handler as 
> well). This jira will introduce HiveAuthorizationProviders for hbase + hdfs.

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: 
https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira

[jira] [Commented] (HCATALOG-245) StorageHandler authorization providers

Reply via email to