Csaba Ringhofer has posted comments on this change. ( http://gerrit.cloudera.org:8080/11509 )
Change subject: IMPALA-7616: Remove the use of privilege name in TPrivilege ...................................................................... Patch Set 7: (6 comments) The comments are optional with the exception of the one in SentryProxy.java. http://gerrit.cloudera.org:8080/#/c/11509/7/common/thrift/CatalogObjects.thrift File common/thrift/CatalogObjects.thrift: http://gerrit.cloudera.org:8080/#/c/11509/7/common/thrift/CatalogObjects.thrift@537 PS7, Line 537: 1 My suggestion would be to avoid changing the numbers and leave a gap at 1 (comment out the original member). This is not about compatibility (removing a required field breaks that anyway + it is not a goal for internal thrift structs) but about keeping the history of this file as simple as possible. pros: can make cherry-picking easier - imagine a commit that adds new field, and someone who tries to backport it to a branch without your change - if the numbers are shifted then to new field will be 12, which will cause conflict on the old branch. cons: I do not see any, leaving gaps in numbers does not add any overhead as far as I understand thrift I have seen examples both for replacing numbers and leaving gaps in older commits, so I think that there is no consensus about this in Impala. http://gerrit.cloudera.org:8080/#/c/11509/7/fe/src/main/java/org/apache/impala/catalog/AuthorizationPolicy.java File fe/src/main/java/org/apache/impala/catalog/AuthorizationPolicy.java: http://gerrit.cloudera.org:8080/#/c/11509/7/fe/src/main/java/org/apache/impala/catalog/AuthorizationPolicy.java@490 PS7, Line 490: String privName = PrincipalPrivilege.buildPrivilegeName(filter); : if (!privName.equalsIgnoreCase( : PrincipalPrivilege.buildPrivilegeName(privilege))) { : continue; : } Building the filter priv name could be moved outside the loop, or with some refactor principal.getPrivilige() could be used for the filtered path. http://gerrit.cloudera.org:8080/#/c/11509/7/fe/src/main/java/org/apache/impala/catalog/Catalog.java File fe/src/main/java/org/apache/impala/catalog/Catalog.java: http://gerrit.cloudera.org:8080/#/c/11509/7/fe/src/main/java/org/apache/impala/catalog/Catalog.java@524 PS7, Line 524: for (PrincipalPrivilege p: tmpPrincipal.getPrivileges()) { : if (p.getName().equalsIgnoreCase(privilegeName)) { This could be replaced with tmpPrincipal.GetPrivilege(privilegeName). It is also case insensitive and should be faster. http://gerrit.cloudera.org:8080/#/c/11509/7/fe/src/main/java/org/apache/impala/catalog/CatalogServiceCatalog.java File fe/src/main/java/org/apache/impala/catalog/CatalogServiceCatalog.java: http://gerrit.cloudera.org:8080/#/c/11509/7/fe/src/main/java/org/apache/impala/catalog/CatalogServiceCatalog.java@1825 PS7, Line 1825: principal.removePrivilege(PrincipalPrivilege.buildPrivilegeName(privilege)); Building the privilege name could be moved outside the lock. http://gerrit.cloudera.org:8080/#/c/11509/7/fe/src/main/java/org/apache/impala/catalog/CatalogServiceCatalog.java@1850 PS7, Line 1850: return principal.getPrivilege(PrincipalPrivilege.buildPrivilegeName(privSpec)); Building the privilege name could be moved outside the lock. http://gerrit.cloudera.org:8080/#/c/11509/7/fe/src/main/java/org/apache/impala/util/SentryProxy.java File fe/src/main/java/org/apache/impala/util/SentryProxy.java: http://gerrit.cloudera.org:8080/#/c/11509/7/fe/src/main/java/org/apache/impala/util/SentryProxy.java@268 PS7, Line 268: // Remove the privileges that no longer exist. : for (String privilegeName: privilegesToRemove) { : TPrivilege privilege = new TPrivilege(); : if (principal.getPrincipalType() == TPrincipalType.ROLE) { : catalog_.removeRolePrivilege(principal.getName(), privilege); : } else { : catalog_.removeUserPrivilege(principal.getName(), privilege); : } : } This doesn't look ok to me - we are trying to remove the default privilege. remove*Privilege functions use the privilege's name only, so it would be easy to rewrite those to expect privilege names instead of TPrivilege-s. + I am curios if there is any test that would catch such a bug - I am not saying that it should be added in this commit, but it may worth a follow up Jira -- To view, visit http://gerrit.cloudera.org:8080/11509 To unsubscribe, visit http://gerrit.cloudera.org:8080/settings Gerrit-Project: Impala-ASF Gerrit-Branch: master Gerrit-MessageType: comment Gerrit-Change-Id: Ia813dcc7d3872f126865c1f8f37175201a0b10ab Gerrit-Change-Number: 11509 Gerrit-PatchSet: 7 Gerrit-Owner: Fredy Wijaya <[email protected]> Gerrit-Reviewer: Adam Holley <[email protected]> Gerrit-Reviewer: Csaba Ringhofer <[email protected]> Gerrit-Reviewer: Fredy Wijaya <[email protected]> Gerrit-Reviewer: Impala Public Jenkins <[email protected]> Gerrit-Comment-Date: Wed, 26 Sep 2018 12:21:27 +0000 Gerrit-HasComments: Yes
