[kudu-CR] [sentry] add AuthzProvider

Hao Hao (Code Review) Fri, 02 Nov 2018 09:24:14 -0700

Hao Hao has posted comments on this change. ( 
http://gerrit.cloudera.org:8080/11659 )


Change subject: [sentry] add AuthzProvider
......................................................................


Patch Set 12:

(3 comments)

http://gerrit.cloudera.org:8080/#/c/11659/11/src/kudu/master/authz_provider.h
File src/kudu/master/authz_provider.h:

http://gerrit.cloudera.org:8080/#/c/11659/11/src/kudu/master/authz_provider.h@63
PS11, Line 63:   // Checks if retrieving metadata about the table is authorized 
for the
> nit: "metadata" seems like it might be a Sentry construct, which is fine, b
Done


http://gerrit.cloudera.org:8080/#/c/11659/11/src/kudu/master/sentry_authz_provider.h
File src/kudu/master/sentry_authz_provider.h:

http://gerrit.cloudera.org:8080/#/c/11659/11/src/kudu/master/sentry_authz_provider.h@39
PS11, Line 39:
             : // An implementation of AuthzProvider that connects to the 
Sentry Service
             : // for authorization metadata and allow or deny the actions 
performed by
             : // users based on the metadata.
> nit: "An implementation of AuthzProvider that connects to Apache Sentry for
I would prefer to not use Apache Sentry here in order to match how we refer 
'Sentry' in other places.


http://gerrit.cloudera.org:8080/#/c/11659/11/src/kudu/master/sentry_authz_provider.cc
File src/kudu/master/sentry_authz_provider.cc:

http://gerrit.cloudera.org:8080/#/c/11659/11/src/kudu/master/sentry_authz_provider.cc@246
PS11, Line 246:   return Authorize(db_authorizable, db_action, user);
              : }
              :
              : Status SentryAuthzProvider::AuthorizeGetTableMetadata(const 
std::string& table_name,
              :                                                       const 
std::string& user) {
              :   // Retrieving table metadata requires 'METADATA ON TABLE' 
privilege.
              :   TSentryAuthorizable authorizable;
              :   RETURN_NOT_OK(GetAuthorizable(table_name, 
AuthorizableScope::TABLE, &authorizable));
              :   SentryAction action = 
SentryAction(SentryAction::Action::METADATA);
              :   return Authorize(authorizable, action, user);
              : }
              :
> Now that this is tested elsewhere, it doesn't need to be part of the class.
Done



--
To view, visit http://gerrit.cloudera.org:8080/11659
To unsubscribe, visit http://gerrit.cloudera.org:8080/settings

Gerrit-Project: kudu
Gerrit-Branch: master
Gerrit-MessageType: comment
Gerrit-Change-Id: I254828d640cd905e33dbaf0fe100d660bc9e6772
Gerrit-Change-Number: 11659
Gerrit-PatchSet: 12
Gerrit-Owner: Hao Hao <hao....@cloudera.com>
Gerrit-Reviewer: Adar Dembo <a...@cloudera.com>
Gerrit-Reviewer: Alexey Serbin <aser...@cloudera.com>
Gerrit-Reviewer: Andrew Wong <aw...@cloudera.com>
Gerrit-Reviewer: Dan Burkert <danburk...@apache.org>
Gerrit-Reviewer: Hao Hao <hao....@cloudera.com>
Gerrit-Reviewer: Kudu Jenkins (120)
Gerrit-Reviewer: Tidy Bot (241)
Gerrit-Comment-Date: Fri, 02 Nov 2018 16:24:07 +0000
Gerrit-HasComments: Yes

[kudu-CR] [sentry] add AuthzProvider

Reply via email to