Hao Hao has posted comments on this change. ( http://gerrit.cloudera.org:8080/12919 )
Change subject: sentry: sanitize and parse privileges from Sentry ...................................................................... Patch Set 10: Code-Review+1 (2 comments) http://gerrit.cloudera.org:8080/#/c/12919/5/src/kudu/master/sentry_authz_provider.cc File src/kudu/master/sentry_authz_provider.cc: http://gerrit.cloudera.org:8080/#/c/12919/5/src/kudu/master/sentry_authz_provider.cc@176 PS5, Line 176: for (const auto& granted_action : privilege.granted_privileges) { : if (SentryAction(granted_action).Implies(action)) { : return true; : } : } > Maybe, but not as a part of this patch. I doubt this will be the bottleneck I agree it should be a separate patch. Though it can be useful when user has privileges on the same authorizable with N kinds of fine-grained action, it will slow down the Implies() process N times per SentryPrivilegesBranch, compare to if we can do a bit wise verification. If you think it makes sense, can you add a TODO here? http://gerrit.cloudera.org:8080/#/c/12919/5/src/kudu/master/sentry_authz_provider.cc@513 PS5, Line 513: > Interesting, seems like OWNER could use some more test coverage in general. In general, the test coverage for equivalency between OWNER and ALL are covered in sentry_action-test.cc. However, as now we have a 'hack' which link action 'ALL' with grant option, so yes, we need more test coverage where grant options are used. Though I think it is only in CreateTable. -- To view, visit http://gerrit.cloudera.org:8080/12919 To unsubscribe, visit http://gerrit.cloudera.org:8080/settings Gerrit-Project: kudu Gerrit-Branch: master Gerrit-MessageType: comment Gerrit-Change-Id: Ib6de6814f99abfbee4f030298b74f21f4e7c729b Gerrit-Change-Number: 12919 Gerrit-PatchSet: 10 Gerrit-Owner: Andrew Wong <aw...@cloudera.com> Gerrit-Reviewer: Alexey Serbin <aser...@cloudera.com> Gerrit-Reviewer: Andrew Wong <aw...@cloudera.com> Gerrit-Reviewer: Hao Hao <hao....@cloudera.com> Gerrit-Reviewer: Kudu Jenkins (120) Gerrit-Reviewer: Tidy Bot (241) Gerrit-Comment-Date: Fri, 05 Apr 2019 00:58:53 +0000 Gerrit-HasComments: Yes