Re: Review Request 69619: SENTRY-2482: Sentry Solr to support multi-attribute document level security
> On Feb. 12, 2019, 8:38 p.m., kalyan kumar kalvagadda wrote: > > Tristan Stevens, > > > > This patch has two enhancements > > 1. Subset Match Filtering/ > > 2. User Attribute Filter > > > > Having multiple enhacements in single commit is not easy to understand. Can > > you seperate them to two different patches? Hi Kalyan, I understand the concern. The problem we have is that both enhancements depend on the SubsetQueryPlugin, which in itself doesn't merit a JIRA on its own. Also, I'm not sure how do submit a review board for one patch built on another. To break it down, please consider: 1. SubsetQueryPlugin.java which used by both QueryDocAuthorizationComponent.java and SolrAttrBasedFilter.java. 2. QueryDocAuthorizationComponent.java provides the first enhancement, extending DocAuthorizationComponent.java 3. All other classes under src/main are related to SolrAttrBasedFilter.java. - Tristan --- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/69619/#review212760 --- On Jan. 15, 2019, 9:49 p.m., Tristan Stevens wrote: > > --- > This is an automatically generated e-mail. To reply, visit: > https://reviews.apache.org/r/69619/ > --- > > (Updated Jan. 15, 2019, 9:49 p.m.) > > > Review request for sentry. > > > Repository: sentry > > > Description > --- > > This is an improvement request to cover enhanced document level security for > the Solr document level controls, specifically to cover: > > - Security controls against multiple fields > - Filters based on user attributes as well as just Sentry roles > - Different security predicates (AND, LessThan, GreaterThan - in addition to > the currently supported OR) > - Pluggable user attribute source ahead of Sentry enhancements. > - Sample LDAP user attribute source > > The ambition is this will be a precursor to full complex predicate support > being served by Sentry ABAC roadmap. > > > Diffs > - > > sentry-solr/solr-sentry-handlers/pom.xml 621d8325 > > sentry-solr/solr-sentry-handlers/src/main/java/org/apache/solr/handler/component/CachingUserAttributeSource.java > PRE-CREATION > > sentry-solr/solr-sentry-handlers/src/main/java/org/apache/solr/handler/component/DocAuthorizationComponent.java > PRE-CREATION > > sentry-solr/solr-sentry-handlers/src/main/java/org/apache/solr/handler/component/FieldToAttributeMapping.java > PRE-CREATION > > sentry-solr/solr-sentry-handlers/src/main/java/org/apache/solr/handler/component/LdapUserAttributeSource.java > PRE-CREATION > > sentry-solr/solr-sentry-handlers/src/main/java/org/apache/solr/handler/component/LdapUserAttributeSourceParams.java > PRE-CREATION > > sentry-solr/solr-sentry-handlers/src/main/java/org/apache/solr/handler/component/QueryDocAuthorizationComponent.java > 9da3d6e1 > > sentry-solr/solr-sentry-handlers/src/main/java/org/apache/solr/handler/component/SolrAttrBasedFilter.java > PRE-CREATION > > sentry-solr/solr-sentry-handlers/src/main/java/org/apache/solr/handler/component/SubsetQueryPlugin.java > PRE-CREATION > > sentry-solr/solr-sentry-handlers/src/main/java/org/apache/solr/handler/component/UserAttributeSource.java > PRE-CREATION > > sentry-solr/solr-sentry-handlers/src/main/java/org/apache/solr/handler/component/UserAttributeSourceParams.java > PRE-CREATION > > sentry-solr/solr-sentry-handlers/src/test/java/org/apache/solr/handler/component/CachingUserAttributeSourceTest.java > PRE-CREATION > > sentry-solr/solr-sentry-handlers/src/test/java/org/apache/solr/handler/component/LdapRegexTest.java > PRE-CREATION > > sentry-solr/solr-sentry-handlers/src/test/java/org/apache/solr/handler/component/MockUserAttributeSource.java > PRE-CREATION > > sentry-solr/solr-sentry-handlers/src/test/java/org/apache/solr/handler/component/SubsetQueryTest.java > PRE-CREATION > > sentry-solr/solr-sentry-handlers/src/test/resources/solr/collection1/schema-docValuesSubsetMatch.xml > PRE-CREATION > > sentry-solr/solr-sentry-handlers/src/test/resources/solr/collection1/solrconfig-subsetmatchcomponent.xml > PRE-CREATION > > sentry-solr/solr-sentry-handlers/src/test/resources/solr/collection1/solrconfig-subsetquery.xml > PRE-CREATION > > sentry-solr/solr-sentry-handlers/src/test/resources/solr/collection1/solrconfig.snippet.randomindexconfig.xml > PRE-CREATION > sentry-tests/sentry-tests-solr/pom.xml 7c28bda5 > > sentry-tests/sentry-tests-solr/src/test/java/org/apache/sentry/tests/e2e/solr/AbstractSolrSentryTestCase.java > 3d4d555f > > sentry-tests/sentry-tests-solr/src/test/java/org/apache/sentry/tests/e2e/solr/DocLevelGenerator.java > 40cc153e > >
Re: Review Request 69619: SENTRY-2482: Sentry Solr to support multi-attribute document level security
--- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/69619/#review212760 --- Tristan Stevens, This patch has two enhancements 1. Subset Match Filtering/ 2. User Attribute Filter Having multiple enhacements in single commit is not easy to understand. Can you seperate them to two different patches? - kalyan kumar kalvagadda On Jan. 15, 2019, 9:49 p.m., Tristan Stevens wrote: > > --- > This is an automatically generated e-mail. To reply, visit: > https://reviews.apache.org/r/69619/ > --- > > (Updated Jan. 15, 2019, 9:49 p.m.) > > > Review request for sentry. > > > Repository: sentry > > > Description > --- > > This is an improvement request to cover enhanced document level security for > the Solr document level controls, specifically to cover: > > - Security controls against multiple fields > - Filters based on user attributes as well as just Sentry roles > - Different security predicates (AND, LessThan, GreaterThan - in addition to > the currently supported OR) > - Pluggable user attribute source ahead of Sentry enhancements. > - Sample LDAP user attribute source > > The ambition is this will be a precursor to full complex predicate support > being served by Sentry ABAC roadmap. > > > Diffs > - > > sentry-solr/solr-sentry-handlers/pom.xml 621d8325 > > sentry-solr/solr-sentry-handlers/src/main/java/org/apache/solr/handler/component/CachingUserAttributeSource.java > PRE-CREATION > > sentry-solr/solr-sentry-handlers/src/main/java/org/apache/solr/handler/component/DocAuthorizationComponent.java > PRE-CREATION > > sentry-solr/solr-sentry-handlers/src/main/java/org/apache/solr/handler/component/FieldToAttributeMapping.java > PRE-CREATION > > sentry-solr/solr-sentry-handlers/src/main/java/org/apache/solr/handler/component/LdapUserAttributeSource.java > PRE-CREATION > > sentry-solr/solr-sentry-handlers/src/main/java/org/apache/solr/handler/component/LdapUserAttributeSourceParams.java > PRE-CREATION > > sentry-solr/solr-sentry-handlers/src/main/java/org/apache/solr/handler/component/QueryDocAuthorizationComponent.java > 9da3d6e1 > > sentry-solr/solr-sentry-handlers/src/main/java/org/apache/solr/handler/component/SolrAttrBasedFilter.java > PRE-CREATION > > sentry-solr/solr-sentry-handlers/src/main/java/org/apache/solr/handler/component/SubsetQueryPlugin.java > PRE-CREATION > > sentry-solr/solr-sentry-handlers/src/main/java/org/apache/solr/handler/component/UserAttributeSource.java > PRE-CREATION > > sentry-solr/solr-sentry-handlers/src/main/java/org/apache/solr/handler/component/UserAttributeSourceParams.java > PRE-CREATION > > sentry-solr/solr-sentry-handlers/src/test/java/org/apache/solr/handler/component/CachingUserAttributeSourceTest.java > PRE-CREATION > > sentry-solr/solr-sentry-handlers/src/test/java/org/apache/solr/handler/component/LdapRegexTest.java > PRE-CREATION > > sentry-solr/solr-sentry-handlers/src/test/java/org/apache/solr/handler/component/MockUserAttributeSource.java > PRE-CREATION > > sentry-solr/solr-sentry-handlers/src/test/java/org/apache/solr/handler/component/SubsetQueryTest.java > PRE-CREATION > > sentry-solr/solr-sentry-handlers/src/test/resources/solr/collection1/schema-docValuesSubsetMatch.xml > PRE-CREATION > > sentry-solr/solr-sentry-handlers/src/test/resources/solr/collection1/solrconfig-subsetmatchcomponent.xml > PRE-CREATION > > sentry-solr/solr-sentry-handlers/src/test/resources/solr/collection1/solrconfig-subsetquery.xml > PRE-CREATION > > sentry-solr/solr-sentry-handlers/src/test/resources/solr/collection1/solrconfig.snippet.randomindexconfig.xml > PRE-CREATION > sentry-tests/sentry-tests-solr/pom.xml 7c28bda5 > > sentry-tests/sentry-tests-solr/src/test/java/org/apache/sentry/tests/e2e/solr/AbstractSolrSentryTestCase.java > 3d4d555f > > sentry-tests/sentry-tests-solr/src/test/java/org/apache/sentry/tests/e2e/solr/DocLevelGenerator.java > 40cc153e > > sentry-tests/sentry-tests-solr/src/test/java/org/apache/sentry/tests/e2e/solr/SolrSentryServiceTestBase.java > e1f789cb > > sentry-tests/sentry-tests-solr/src/test/java/org/apache/sentry/tests/e2e/solr/TestAbacOperations.java > PRE-CREATION > > sentry-tests/sentry-tests-solr/src/test/java/org/apache/sentry/tests/e2e/solr/TestDocLevelOperations.java > 7834f339 > > sentry-tests/sentry-tests-solr/src/test/java/org/apache/sentry/tests/e2e/solr/TestSubsetQueryOperations.java > PRE-CREATION > sentry-tests/sentry-tests-solr/src/test/resources/ldap/ldap.ldiff > PRE-CREATION > sentry-tests/sentry-tests-solr/src/test/resources/ldap/ldap.schema > PRE-CREATION >