Re: Review Request 69353: SENTRY-2454: Add new sentry store api to gather the privileges for a list of authorizables.

2018-12-18 Thread kalyan kumar kalvagadda via Review Board 

---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/69353/
---

(Updated Dec. 18, 2018, 11:23 p.m.)


Review request for sentry and Sergio Pena.


Bugs: SENTRY-2454
https://issues.apache.org/jira/browse/SENTRY-2454


Repository: sentry


Description
---

New sentry API should be implemented to fetch the privileges granted to 
authorizables and it's children. authorizables include database, tables, 
columns and URI's.


Diffs (updated)
-

  
sentry-service/sentry-service-server/src/main/java/org/apache/sentry/provider/db/service/persistent/SentryStore.java
 63f53752f5a376015dce642ca1cb59aaa1dd16ba 
  
sentry-service/sentry-service-server/src/main/java/org/apache/sentry/provider/db/service/persistent/SentryStoreInterface.java
 85ea6d1c06c84f89108fb1313f505dba5e324eb3 
  
sentry-service/sentry-service-server/src/test/java/org/apache/sentry/provider/db/service/persistent/TestSentryStore.java
 b327e9e510483787311bf5218eac4039f04291ff 


Diff: https://reviews.apache.org/r/69353/diff/4/

Changes: https://reviews.apache.org/r/69353/diff/3-4/


Testing
---

Added new unit tests to test the API added.


Thanks,

kalyan kumar kalvagadda

Re: Review Request 69586: SENTRY-2481: Filter HMS server-side objects based on HMS user authorization

2018-12-18 Thread Na Li via Review Board 

---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/69586/#review211412
---




sentry-binding/sentry-binding-hive/src/main/java/org/apache/sentry/binding/hive/authz/DefaultSentryValidator.java
Lines 67 (patched)


If the object is not a table, then this would be wrong. Is there a type 
field to check it is indeed a table?



sentry-binding/sentry-binding-hive/src/main/java/org/apache/sentry/binding/metastore/SentryMetaStoreFilterHook.java
Lines 115 (patched)


should we keep the username case? see 
https://issues.apache.org/jira/browse/SENTRY-2432


- Na Li


On Dec. 18, 2018, 7:28 p.m., Sergio Pena wrote:
> 
> ---
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/69586/
> ---
> 
> (Updated Dec. 18, 2018, 7:28 p.m.)
> 
> 
> Review request for sentry, Arjun Mishra, kalyan kumar kalvagadda, and Na Li.
> 
> 
> Bugs: sentry-2481
> https://issues.apache.org/jira/browse/sentry-2481
> 
> 
> Repository: sentry
> 
> 
> Description
> ---
> 
> Re-use the SentryMetaStoreFilterHook to support HMS server-side object 
> filtering. The SentryMetaStoreFilterHook class was deprecated and not used in 
> the HMS client anymore (replaced by the calls to DefaultSentryValidator). Due 
> to code duplication between SentryMetaStoreFilterHook and 
> DefaultSentryValidator, a new class MetaStoreAuthzObjectFilter is created 
> that accepts different types of objects to be filtered (unit tests are added 
> to verify the cases).
> 
> 
> Diffs
> -
> 
>   .gitignore 6ce3a6c11f6caf743fb00271af2cb4d33a18aa5d 
>   pom.xml f28be5afb7c9673c0b111325d7728381f8c89d2f 
>   
> sentry-binding/sentry-binding-hive-common/src/main/java/org/apache/sentry/binding/hive/authz/HiveAuthzBinding.java
>  520de52ac3a41d0b4c01b1bdf60944fd44add5e7 
>   
> sentry-binding/sentry-binding-hive-common/src/main/java/org/apache/sentry/binding/hive/authz/HiveAuthzPrivileges.java
>  c37ce646da97afb2e5c033fb3acf43190a4fae80 
>   
> sentry-binding/sentry-binding-hive-conf/src/main/java/org/apache/sentry/binding/hive/conf/HiveAuthzConf.java
>  cd4ae4a8c80b34769c65d4b8b86b2d6ecc78b075 
>   sentry-binding/sentry-binding-hive/pom.xml 
> b74516d70eaf873ef46914e2fbcfe08753bc1be4 
>   
> sentry-binding/sentry-binding-hive/src/main/java/org/apache/sentry/binding/hive/authz/DefaultSentryValidator.java
>  38ce2db374ee4f46190544479bc0713de2fce420 
>   
> sentry-binding/sentry-binding-hive/src/main/java/org/apache/sentry/binding/hive/authz/MetastoreAuthzObjectFilter.java
>  PRE-CREATION 
>   
> sentry-binding/sentry-binding-hive/src/main/java/org/apache/sentry/binding/metastore/HiveAuthzBindingFactory.java
>  PRE-CREATION 
>   
> sentry-binding/sentry-binding-hive/src/main/java/org/apache/sentry/binding/metastore/MetastoreAuthzBindingBase.java
>  8ad9e50350a1a45ebdde9d8acb7f039b14a13f41 
>   
> sentry-binding/sentry-binding-hive/src/main/java/org/apache/sentry/binding/metastore/SentryMetaStoreFilterHook.java
>  5ecc87f9be36d6096e30de1f3c8697cd2d4da091 
>   
> sentry-binding/sentry-binding-hive/src/test/java/org/apache/sentry/binding/hive/authz/TestMetastoreAuthzObjectFilter.java
>  PRE-CREATION 
>   
> sentry-binding/sentry-binding-hive/src/test/java/org/apache/sentry/binding/metastore/TestSentryMetaStoreFilterHook.java
>  PRE-CREATION 
> 
> 
> Diff: https://reviews.apache.org/r/69586/diff/1/
> 
> 
> Testing
> ---
> 
> Added unit tests for the SentryMetaStoreFilterHook.
> 
> 
> Thanks,
> 
> Sergio Pena
> 
>

Review Request 69586: SENTRY-2481: Filter HMS server-side objects based on HMS user authorization

2018-12-18 Thread Sergio Pena via Review Board 

---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/69586/
---

Review request for sentry, Arjun Mishra, kalyan kumar kalvagadda, and Na Li.


Bugs: sentry-2481
https://issues.apache.org/jira/browse/sentry-2481


Repository: sentry


Description
---

Re-use the SentryMetaStoreFilterHook to support HMS server-side object 
filtering. The SentryMetaStoreFilterHook class was deprecated and not used in 
the HMS client anymore (replaced by the calls to DefaultSentryValidator). Due 
to code duplication between SentryMetaStoreFilterHook and 
DefaultSentryValidator, a new class MetaStoreAuthzObjectFilter is created that 
accepts different types of objects to be filtered (unit tests are added to 
verify the cases).


Diffs
-

  .gitignore 6ce3a6c11f6caf743fb00271af2cb4d33a18aa5d 
  pom.xml f28be5afb7c9673c0b111325d7728381f8c89d2f 
  
sentry-binding/sentry-binding-hive-common/src/main/java/org/apache/sentry/binding/hive/authz/HiveAuthzBinding.java
 520de52ac3a41d0b4c01b1bdf60944fd44add5e7 
  
sentry-binding/sentry-binding-hive-common/src/main/java/org/apache/sentry/binding/hive/authz/HiveAuthzPrivileges.java
 c37ce646da97afb2e5c033fb3acf43190a4fae80 
  
sentry-binding/sentry-binding-hive-conf/src/main/java/org/apache/sentry/binding/hive/conf/HiveAuthzConf.java
 cd4ae4a8c80b34769c65d4b8b86b2d6ecc78b075 
  sentry-binding/sentry-binding-hive/pom.xml 
b74516d70eaf873ef46914e2fbcfe08753bc1be4 
  
sentry-binding/sentry-binding-hive/src/main/java/org/apache/sentry/binding/hive/authz/DefaultSentryValidator.java
 38ce2db374ee4f46190544479bc0713de2fce420 
  
sentry-binding/sentry-binding-hive/src/main/java/org/apache/sentry/binding/hive/authz/MetastoreAuthzObjectFilter.java
 PRE-CREATION 
  
sentry-binding/sentry-binding-hive/src/main/java/org/apache/sentry/binding/metastore/HiveAuthzBindingFactory.java
 PRE-CREATION 
  
sentry-binding/sentry-binding-hive/src/main/java/org/apache/sentry/binding/metastore/MetastoreAuthzBindingBase.java
 8ad9e50350a1a45ebdde9d8acb7f039b14a13f41 
  
sentry-binding/sentry-binding-hive/src/main/java/org/apache/sentry/binding/metastore/SentryMetaStoreFilterHook.java
 5ecc87f9be36d6096e30de1f3c8697cd2d4da091 
  
sentry-binding/sentry-binding-hive/src/test/java/org/apache/sentry/binding/hive/authz/TestMetastoreAuthzObjectFilter.java
 PRE-CREATION 
  
sentry-binding/sentry-binding-hive/src/test/java/org/apache/sentry/binding/metastore/TestSentryMetaStoreFilterHook.java
 PRE-CREATION 


Diff: https://reviews.apache.org/r/69586/diff/1/


Testing
---

Added unit tests for the SentryMetaStoreFilterHook.


Thanks,

Sergio Pena