date:20180416

Re: Review Request 66590: SENTRY-2201 Initial Attriubte based access control

2018-04-16 Thread Steve Moist via Review Board


---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/66590/
---

(Updated April 16, 2018, 7:51 p.m.)


Review request for sentry.


Repository: sentry


Description
---

This is the inital draft of attribute based access control.


Diffs (updated)
-

  pom.xml 16a3838a 
  sentry-abac/example-definition.json PRE-CREATION 
  sentry-abac/pom.xml PRE-CREATION 
  sentry-abac/src/main/java/org/apache/sentry/abac/Attribute.java PRE-CREATION 
  sentry-abac/src/main/java/org/apache/sentry/abac/AttributeMap.java 
PRE-CREATION 
  sentry-abac/src/main/java/org/apache/sentry/abac/AttributeMapAdapter.java 
PRE-CREATION 
  
sentry-abac/src/main/java/org/apache/sentry/abac/AttributeMapKeyException.java 
PRE-CREATION 
  
sentry-abac/src/main/java/org/apache/sentry/abac/GenericAttributeProvider.java 
PRE-CREATION 
  
sentry-abac/src/main/java/org/apache/sentry/abac/SentryAttributeAuthorizer.java 
PRE-CREATION 
  sentry-abac/src/main/java/org/apache/sentry/abac/SentryObject.java 
PRE-CREATION 
  sentry-abac/src/main/java/org/apache/sentry/abac/StaticAttributeProvider.java 
PRE-CREATION 
  sentry-abac/src/test/java/org/apache/sentry/tests/abac/TestAttribute.java 
PRE-CREATION 
  sentry-abac/src/test/java/org/apache/sentry/tests/abac/TestAttributeMap.java 
PRE-CREATION 
  
sentry-abac/src/test/java/org/apache/sentry/tests/abac/TestSentryAttributeAuthorizer.java
 PRE-CREATION 
  
sentry-abac/src/test/java/org/apache/sentry/tests/abac/TestStaticProvider.java 
PRE-CREATION 
  sentry-abac/src/test/resources/abac.props PRE-CREATION 
  sentry-binding/sentry-binding-hive/pom.xml ccfa9cfe 
  
sentry-binding/sentry-binding-hive/src/main/java/org/apache/sentry/binding/hive/authz/DefaultSentryValidator.java
 1ab5be35 
  
sentry-binding/sentry-binding-hive/src/main/java/org/apache/sentry/binding/hive/authz/SentryHiveAuthorizerImpl.java
 86ff0cc2 


Diff: https://reviews.apache.org/r/66590/diff/4/

Changes: https://reviews.apache.org/r/66590/diff/3-4/


Testing
---

full build,added unit tests, tested code on a cluster.


Thanks,

Steve Moist

Re: Review Request 66590: SENTRY-2201 Initial Attriubte based access control

2018-04-16 Thread Steve Moist via Review Board



> On April 13, 2018, 9:13 p.m., Anthony Young-Garner wrote:
> > sentry-abac/notes.txt
> > Lines 19 (patched)
> > 
> >
> > Lines 19 - 20 can be removed if the example-delta.json file is removed.

I just deleted the notes file.


> On April 13, 2018, 9:13 p.m., Anthony Young-Garner wrote:
> > sentry-abac/pom.xml
> > Lines 25 (patched)
> > 
> >
> > Should the project version be parameterized?

None of the other modules when declaring it's parent are parameterized.


> On April 13, 2018, 9:13 p.m., Anthony Young-Garner wrote:
> > sentry-abac/src/main/java/org/apache/sentry/abac/SentryObject.java
> > Lines 33 (patched)
> > 
> >
> > Add field, getter and setter for descriptor (contentDescriptor). Also 
> > add a two-arg constructor and update toString, equals and hashCode methods.

That's a moderate size change to make at this point, it would be better to 
include it in another ticket.  Especially since we have profiles and actions to 
include as well.


- Steve


---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/66590/#review201127
---


On April 12, 2018, 8:45 p.m., Steve Moist wrote:
> 
> ---
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/66590/
> ---
> 
> (Updated April 12, 2018, 8:45 p.m.)
> 
> 
> Review request for sentry.
> 
> 
> Repository: sentry
> 
> 
> Description
> ---
> 
> This is the inital draft of attribute based access control.
> 
> 
> Diffs
> -
> 
>   pom.xml 16a3838a 
>   sentry-abac/example-definition.json PRE-CREATION 
>   sentry-abac/example-delta.json PRE-CREATION 
>   sentry-abac/notes.txt PRE-CREATION 
>   sentry-abac/pom.xml PRE-CREATION 
>   sentry-abac/src/main/java/org/apache/sentry/abac/Attribute.java 
> PRE-CREATION 
>   sentry-abac/src/main/java/org/apache/sentry/abac/AttributeMap.java 
> PRE-CREATION 
>   sentry-abac/src/main/java/org/apache/sentry/abac/AttributeMapAdapter.java 
> PRE-CREATION 
>   
> sentry-abac/src/main/java/org/apache/sentry/abac/AttributeMapKeyException.java
>  PRE-CREATION 
>   
> sentry-abac/src/main/java/org/apache/sentry/abac/GenericAttributeProvider.java
>  PRE-CREATION 
>   
> sentry-abac/src/main/java/org/apache/sentry/abac/SentryAttributeAuthorizer.java
>  PRE-CREATION 
>   sentry-abac/src/main/java/org/apache/sentry/abac/SentryObject.java 
> PRE-CREATION 
>   
> sentry-abac/src/main/java/org/apache/sentry/abac/StaticAttributeProvider.java 
> PRE-CREATION 
>   sentry-abac/src/test/java/org/apache/sentry/tests/abac/TestAttribute.java 
> PRE-CREATION 
>   
> sentry-abac/src/test/java/org/apache/sentry/tests/abac/TestAttributeMap.java 
> PRE-CREATION 
>   
> sentry-abac/src/test/java/org/apache/sentry/tests/abac/TestSentryAttributeAuthorizer.java
>  PRE-CREATION 
>   
> sentry-abac/src/test/java/org/apache/sentry/tests/abac/TestStaticProvider.java
>  PRE-CREATION 
>   sentry-abac/src/test/resources/abac.props PRE-CREATION 
>   sentry-binding/sentry-binding-hive/pom.xml ccfa9cfe 
>   
> sentry-binding/sentry-binding-hive/src/main/java/org/apache/sentry/binding/hive/authz/DefaultSentryValidator.java
>  1ab5be35 
>   
> sentry-binding/sentry-binding-hive/src/main/java/org/apache/sentry/binding/hive/authz/SentryHiveAuthorizerImpl.java
>  86ff0cc2 
> 
> 
> Diff: https://reviews.apache.org/r/66590/diff/3/
> 
> 
> Testing
> ---
> 
> full build,added unit tests, tested code on a cluster.
> 
> 
> Thanks,
> 
> Steve Moist
> 
>

Review Request 66636: SENTRY-2200 Update Sentry datanucleus config names

2018-04-16 Thread Xinran Tinney


---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/66636/
---

Review request for sentry, Alexander Kolbasov, Brian Towles, kalyan kumar 
kalvagadda, Na Li, Steve Moist, Sergio Pena, Vadim Spector, and Xinran Tinney.


Repository: sentry


Description
---

Since 2.0, the datanucleus version in Sentry changed from 3.2 to 4.1.

Based on the datanucleus documentation following config names are renamed. 
Sentry has several places use those configuration names. We should update the 
config names to reflect the correct names.

Migration from 3.3.7 to 4.0.0.M1
Migrating will require the following changes

Persistence property datanucleus.allowAttachOfTransient now defaults to true 
for JPA usage; set it explicitly to get old behaviour
Persistence property datanucleus.metadata.validate was removed (replaced by 
datanucleus.metadata.xml.validate some time back)
Persistence property datanucleus.defaultInheritanceStrategy is renamed to 
datanucleus.metadata.defaultInheritanceStrategy
Persistence property datanucleus.autoCreateSchema is renamed to 
datanucleus.schema.autoCreateAll
Persistence property datanucleus.autoCreateTables is renamed to 
datanucleus.schema.autoCreateTables
Persistence property datanucleus.autoCreateColumns is renamed to 
datanucleus.schema.autoCreateColumns
Persistence property datanucleus.autoCreateConstraints is renamed to 
datanucleus.schema.autoCreateConstraints
Persistence property datanucleus.validateSchema is renamed to 
datanucleus.schema.validateAll
Persistence property datanucleus.validateTables is renamed to 
datanucleus.schema.validateTables
Persistence property datanucleus.validateColumns is renamed to 
datanucleus.schema.validateColumns
Persistence property datanucleus.validateConstraints is renamed to 
datanucleus.schema.validateConstraints
Persistence property datanucleus.fixedDatastore is now removed, since it only 
equated to setting the "autoCreate" properties to false.


Diffs
-

  
sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/persistent/SentryStore.java
 83c0fc47 
  
sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/service/thrift/ServiceConstants.java
 7e02874b 
  
sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/provider/db/generic/service/persistent/TestSentryRole.java
 61a74c3f 
  
sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/hdfs/TestHDFSIntegrationBase.java
 9b0aeb2f 


Diff: https://reviews.apache.org/r/66636/diff/1/


Testing
---

mvn clean install all SUCCESS


Thanks,

Xinran Tinney

Re: Review Request 66337: SENTRY-2167: Fix the logs in NotificationProcessor

2018-04-16 Thread Xinran Tinney


---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/66337/#review201211
---


Ship it!




Ship It!

- Xinran Tinney


On March 28, 2018, 4:16 p.m., kalyan kumar kalvagadda wrote:
> 
> ---
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/66337/
> ---
> 
> (Updated March 28, 2018, 4:16 p.m.)
> 
> 
> Review request for sentry, Na Li and Sergio Pena.
> 
> 
> Bugs: SENTRY-2167
> https://issues.apache.org/jira/browse/SENTRY-2167
> 
> 
> Repository: sentry
> 
> 
> Description
> ---
> 
> 1. When the location and name of the object is not changed, sentry ignores 
> that event. It is not an error. This should be logged with debug level.
> 
> 2. When ever, SentryNoSuchObjectException is thrown, it is logged with INFO 
> level. It is common that sentry doesn't have permissions on the objects that 
> are changed. It need not be logged with INFO, instead it should be logged 
> with debug level.
> 
> 
> Diffs
> -
> 
>   
> sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/persistent/NotificationProcessor.java
>  e5ad3b5df5f1fdacd91b18f29394ec8275bb31e1 
> 
> 
> Diff: https://reviews.apache.org/r/66337/diff/1/
> 
> 
> Testing
> ---
> 
> Made sure all the tests passed.
> 
> 
> Thanks,
> 
> kalyan kumar kalvagadda
> 
>

Re: Review Request 66480: SENTRY-2140: Static Attribute Ingestion

2018-04-16 Thread Xinran Tinney


---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/66480/#review201210
---



Is SENTRY-2140 titled: Attribute based access control?

- Xinran Tinney


On April 5, 2018, 9:20 p.m., Liam Sargent wrote:
> 
> ---
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/66480/
> ---
> 
> (Updated April 5, 2018, 9:20 p.m.)
> 
> 
> Review request for sentry, Na Li, Steve Moist, and Sergio Pena.
> 
> 
> Bugs: SENTRY-2189
> https://issues.apache.org/jira/browse/SENTRY-2189
> 
> 
> Repository: sentry
> 
> 
> Description
> ---
> 
> - Example configuration file: example-definition.json
> - Attribute: plain old java object for string attribute.
> - Object: plain old java object for fully qualified sentry object.
> - AttributeMap: Bidirectional map type for quick lookup between Attribute -> 
> Object, Object -> Attribute.
> - AttributeMapAdapter: JSON deserializer for file-based attribute ingestion.
> 
> 
> Diffs
> -
> 
>   pom.xml 61e0f970017aa8ddf38a59c7c1334fadb97abe40 
>   sentry-abac/example-definition.json PRE-CREATION 
>   sentry-abac/example-delta.json PRE-CREATION 
>   sentry-abac/notes.txt PRE-CREATION 
>   sentry-abac/pom.xml PRE-CREATION 
>   sentry-abac/src/main/java/org/apache/sentry/abac/Attribute.java 
> PRE-CREATION 
>   sentry-abac/src/main/java/org/apache/sentry/abac/AttributeMap.java 
> PRE-CREATION 
>   sentry-abac/src/main/java/org/apache/sentry/abac/AttributeMapAdapter.java 
> PRE-CREATION 
>   
> sentry-abac/src/main/java/org/apache/sentry/abac/AttributeMapKeyException.java
>  PRE-CREATION 
>   
> sentry-abac/src/main/java/org/apache/sentry/abac/GenericAttributeProvider.java
>  PRE-CREATION 
>   sentry-abac/src/main/java/org/apache/sentry/abac/SentryObject.java 
> PRE-CREATION 
>   
> sentry-abac/src/main/java/org/apache/sentry/abac/StaticAttributeProvider.java 
> PRE-CREATION 
>   sentry-abac/src/test/java/org/apache/sentry/tests/abac/TestAttribute.java 
> PRE-CREATION 
>   
> sentry-abac/src/test/java/org/apache/sentry/tests/abac/TestAttributeMap.java 
> PRE-CREATION 
>   
> sentry-abac/src/test/java/org/apache/sentry/tests/abac/TestStaticProvider.java
>  PRE-CREATION 
> 
> 
> Diff: https://reviews.apache.org/r/66480/diff/1/
> 
> 
> Testing
> ---
> 
> - Unittests for all useful functions.
> 
> 
> Thanks,
> 
> Liam Sargent
> 
>

Re: Review Request 66590: SENTRY-2201 Initial Attriubte based access control

2018-04-16 Thread Xinran Tinney


---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/66590/#review201207
---




sentry-abac/src/main/java/org/apache/sentry/abac/AttributeMap.java
Lines 117 (patched)


targetObjects.size()=0 might because of line 111, so logically, there were 
targets for the attribute actually.



sentry-abac/src/main/java/org/apache/sentry/abac/SentryAttributeAuthorizer.java
Lines 146 (patched)


do we have coding style restrictions for long lines?


- Xinran Tinney


On April 12, 2018, 8:45 p.m., Steve Moist wrote:
> 
> ---
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/66590/
> ---
> 
> (Updated April 12, 2018, 8:45 p.m.)
> 
> 
> Review request for sentry.
> 
> 
> Repository: sentry
> 
> 
> Description
> ---
> 
> This is the inital draft of attribute based access control.
> 
> 
> Diffs
> -
> 
>   pom.xml 16a3838a 
>   sentry-abac/example-definition.json PRE-CREATION 
>   sentry-abac/example-delta.json PRE-CREATION 
>   sentry-abac/notes.txt PRE-CREATION 
>   sentry-abac/pom.xml PRE-CREATION 
>   sentry-abac/src/main/java/org/apache/sentry/abac/Attribute.java 
> PRE-CREATION 
>   sentry-abac/src/main/java/org/apache/sentry/abac/AttributeMap.java 
> PRE-CREATION 
>   sentry-abac/src/main/java/org/apache/sentry/abac/AttributeMapAdapter.java 
> PRE-CREATION 
>   
> sentry-abac/src/main/java/org/apache/sentry/abac/AttributeMapKeyException.java
>  PRE-CREATION 
>   
> sentry-abac/src/main/java/org/apache/sentry/abac/GenericAttributeProvider.java
>  PRE-CREATION 
>   
> sentry-abac/src/main/java/org/apache/sentry/abac/SentryAttributeAuthorizer.java
>  PRE-CREATION 
>   sentry-abac/src/main/java/org/apache/sentry/abac/SentryObject.java 
> PRE-CREATION 
>   
> sentry-abac/src/main/java/org/apache/sentry/abac/StaticAttributeProvider.java 
> PRE-CREATION 
>   sentry-abac/src/test/java/org/apache/sentry/tests/abac/TestAttribute.java 
> PRE-CREATION 
>   
> sentry-abac/src/test/java/org/apache/sentry/tests/abac/TestAttributeMap.java 
> PRE-CREATION 
>   
> sentry-abac/src/test/java/org/apache/sentry/tests/abac/TestSentryAttributeAuthorizer.java
>  PRE-CREATION 
>   
> sentry-abac/src/test/java/org/apache/sentry/tests/abac/TestStaticProvider.java
>  PRE-CREATION 
>   sentry-abac/src/test/resources/abac.props PRE-CREATION 
>   sentry-binding/sentry-binding-hive/pom.xml ccfa9cfe 
>   
> sentry-binding/sentry-binding-hive/src/main/java/org/apache/sentry/binding/hive/authz/DefaultSentryValidator.java
>  1ab5be35 
>   
> sentry-binding/sentry-binding-hive/src/main/java/org/apache/sentry/binding/hive/authz/SentryHiveAuthorizerImpl.java
>  86ff0cc2 
> 
> 
> Diff: https://reviews.apache.org/r/66590/diff/3/
> 
> 
> Testing
> ---
> 
> full build,added unit tests, tested code on a cluster.
> 
> 
> Thanks,
> 
> Steve Moist
> 
>

Re: Review Request 66590: SENTRY-2201 Initial Attriubte based access control

Re: Review Request 66590: SENTRY-2201 Initial Attriubte based access control

Review Request 66636: SENTRY-2200 Update Sentry datanucleus config names

Re: Review Request 66337: SENTRY-2167: Fix the logs in NotificationProcessor

Re: Review Request 66480: SENTRY-2140: Static Attribute Ingestion

Re: Review Request 66590: SENTRY-2201 Initial Attriubte based access control

6 matches

Site Navigation

Mail list logo

Footer information