[
https://issues.apache.org/jira/browse/SENTRY-999?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15245282#comment-15245282
]
Colin Ma commented on SENTRY-999:
---------------------------------
hi, [~hahao], the following is what I thought on these improvements:
* Should we enforce validator when creating the privileges?
A new method createValidatedPrivilege() can be added to PrivilegeFactory,
and add validate(List<PrivilegeValidator>) method to Privilege. Then we can
validate the Privilege during the creation if necessary.
* It looks like policy engine and provider backend has a lot of overlaps. Do
we really need policy engine?
I think these 2 are different, providerBackend is responsible for how to
get the privilege data, currently, by file or by db. PolicyEngine is
responsible for deal with the data from providerBackend, format changes,
advance filter, etc. There is no difference in currently code, but I prefer to
keep these 2 layers when get privileges.
* The package layout of sentry-core and sentry-policy may need to reorg to
make it more clean?
Totally agree on this.
We can merge SENTRY-999 to master first and do the improvements with the
separated JIRA.
> Refactor the sentry to integrate with external components quickly
> -----------------------------------------------------------------
>
> Key: SENTRY-999
> URL: https://issues.apache.org/jira/browse/SENTRY-999
> Project: Sentry
> Issue Type: Improvement
> Reporter: Colin Ma
> Assignee: Colin Ma
> Labels: integration
> Fix For: 1.8.0
>
> Attachments: Design Document of Refactor Sentry for easy
> integration.docx
>
>
> *Problem*
> Currently, many components are integrated with Sentry, eg, Solr, Sqoop. But
> when do the integration, some duplicated work need to be done, for example,
> sentry-core-model-xxx and sentry-policy-xxx should be created for new
> component and the code is kind of duplicated. These makes the integration
> complex and the source maintenance will be hard.
> Considering others components will be integrated with Sentry, eg, Kafka. The
> Sentry should be refactored to be easy integrated.
> *Refactor point*
> *1*. PolicyEngine: Currently, Sentry has many PolicyEngine, eg,
> SimpleSearchPolicyEngine for Solr, SimpleSqoopPolicyEngine for Sqoop. One
> CommonPolicyEngine should be ok for these external components.
> *2*. Privilege: Currently, SearchWildcardPrivilege,
> IndexerWildcardPrivilege, SqoopWildcardPrivilege have the same
> implementation. One CommonPrivilege is enough.
> *3*. Action: Currently, SearchActionFactory, SqoopActionFactory are never
> used in Privilege.imply(). The idea for these ActionFactory is good, but it
> is component related and should be located in sentry-xxx-binding project.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
