Re: Review Request 70004: SENTRY-2496 Support multi-field attribute based document level controls for Solr

[kalyan kumar kalvagadda via Review Board]

---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/70004/#review212989
---




sentry-solr/solr-sentry-handlers/src/main/java/org/apache/solr/handler/component/CachingUserAttributeSource.java
Lines 33 (patched)


Please add java doc for this class.



sentry-solr/solr-sentry-handlers/src/main/java/org/apache/solr/handler/component/FieldToAttributeMapping.java
Lines 26 (patched)


Please add java doc for this class.



sentry-solr/solr-sentry-handlers/src/main/java/org/apache/solr/handler/component/SolrAttrBasedFilter.java
Lines 114-119 (patched)


How does CachingUserAttributeSource work with LdapUserAttributeSource.

Let's say cache is enabled and source is ldap then there will be two 
cache's, right as there is a cache in LdapUserAttributeSource.


- kalyan kumar kalvagadda


On Feb. 18, 2019, 2:36 p.m., Tristan Stevens wrote:
> 
> ---
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/70004/
> ---
> 
> (Updated Feb. 18, 2019, 2:36 p.m.)
> 
> 
> Review request for sentry.
> 
> 
> Repository: sentry
> 
> 
> Description
> ---
> 
> This is an improvement request to cover enhanced document level security for 
> the Solr document level controls, specifically to cover:
> 
> Security controls against multiple fields
> Filters based on user attributes as well as just Sentry roles
> Different security predicates (AND, LessThan, GreaterThan, OR)
> Pluggable user attribute source ahead of Sentry enhancements.
> Sample LDAP user attribute source
> The ambition is this will be a precursor to full complex predicate support 
> being served by Sentry ABAC roadmap.
> 
> 
> Diffs
> -
> 
>   sentry-solr/solr-sentry-handlers/pom.xml 621d8325 
>   
> sentry-solr/solr-sentry-handlers/src/main/java/org/apache/solr/handler/component/CachingUserAttributeSource.java
>  PRE-CREATION 
>   
> sentry-solr/solr-sentry-handlers/src/main/java/org/apache/solr/handler/component/FieldToAttributeMapping.java
>  PRE-CREATION 
>   
> sentry-solr/solr-sentry-handlers/src/main/java/org/apache/solr/handler/component/LdapUserAttributeSource.java
>  PRE-CREATION 
>   
> sentry-solr/solr-sentry-handlers/src/main/java/org/apache/solr/handler/component/LdapUserAttributeSourceParams.java
>  PRE-CREATION 
>   
> sentry-solr/solr-sentry-handlers/src/main/java/org/apache/solr/handler/component/SolrAttrBasedFilter.java
>  PRE-CREATION 
>   
> sentry-solr/solr-sentry-handlers/src/main/java/org/apache/solr/handler/component/UserAttributeSource.java
>  PRE-CREATION 
>   
> sentry-solr/solr-sentry-handlers/src/main/java/org/apache/solr/handler/component/UserAttributeSourceParams.java
>  PRE-CREATION 
>   
> sentry-solr/solr-sentry-handlers/src/test/java/org/apache/solr/handler/component/CachingUserAttributeSourceTest.java
>  PRE-CREATION 
>   
> sentry-solr/solr-sentry-handlers/src/test/java/org/apache/solr/handler/component/LdapRegexTest.java
>  PRE-CREATION 
>   
> sentry-solr/solr-sentry-handlers/src/test/java/org/apache/solr/handler/component/MockUserAttributeSource.java
>  PRE-CREATION 
>   sentry-tests/sentry-tests-solr/pom.xml 7c28bda5 
>   
> sentry-tests/sentry-tests-solr/src/test/java/org/apache/sentry/tests/e2e/solr/SolrSentryServiceTestBase.java
>  09f095a3 
>   
> sentry-tests/sentry-tests-solr/src/test/java/org/apache/sentry/tests/e2e/solr/TestAbacOperations.java
>  PRE-CREATION 
>   sentry-tests/sentry-tests-solr/src/test/resources/ldap/ldap.ldiff 
> PRE-CREATION 
>   sentry-tests/sentry-tests-solr/src/test/resources/ldap/ldap.schema 
> PRE-CREATION 
>   
> sentry-tests/sentry-tests-solr/src/test/resources/solr/configsets/cloud-minimal_abac/conf/enumsConfig.xml
>  PRE-CREATION 
>   
> sentry-tests/sentry-tests-solr/src/test/resources/solr/configsets/cloud-minimal_abac/conf/schema.xml
>  PRE-CREATION 
>   
> sentry-tests/sentry-tests-solr/src/test/resources/solr/configsets/cloud-minimal_abac/conf/solrconfig.xml
>  PRE-CREATION 
> 
> 
> Diff: https://reviews.apache.org/r/70004/diff/1/
> 
> 
> Testing
> ---
> 
> Added unit tests to cover specific areas and also TestAbacOperations.java 
> which tests full integration with a mocked LDAP server against a live 
> SolrCloud.
> 
> Addiitonally I've run manual tests against a live Solr cluster with this 
> plugin deployed against Active Directory.
> 
> 
> Thanks,
> 
> Tristan Stevens
> 
>

Re: Review Request 70013: SENTRY-2501: Add cache for HMS server filtering hook

[Na Li via Review Board]

---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/70013/
---

(Updated Feb. 20, 2019, 9:59 p.m.)


Review request for sentry, Arjun Mishra, Haley Reeve, and kalyan kumar 
kalvagadda.


Bugs: sentry-2501
https://issues.apache.org/jira/browse/sentry-2501


Repository: sentry


Description
---

The filter in SentryMetaStoreFilterHook does not cache sentry privileges. 
Therefore, for each item in the list, sentry client has to get privileges from 
sentry server.

To improve performance, we need to add cache in SentryMetaStoreFilterHook


Diffs (updated)
-

  
sentry-binding/sentry-binding-hive/src/main/java/org/apache/sentry/binding/metastore/MetastoreAuthzBindingBase.java
 cdb6de4 
  
sentry-binding/sentry-binding-hive/src/main/java/org/apache/sentry/binding/metastore/SentryMetaStoreFilterHook.java
 312c5db 


Diff: https://reviews.apache.org/r/70013/diff/2/

Changes: https://reviews.apache.org/r/70013/diff/1-2/


Testing
---

existing HMS tests succeeded


Thanks,

Na Li

Re: Review Request 70008: SENTRY-2500: CREATE on server does not provide HMS server side read authorization for get_all_tables(database_name)

[Na Li via Review Board]

---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/70008/
---

(Updated Feb. 20, 2019, 9:39 p.m.)


Review request for sentry, Arjun Mishra, Haley Reeve, and kalyan kumar 
kalvagadda.


Bugs: SENTRY-2500
https://issues.apache.org/jira/browse/SENTRY-2500


Repository: sentry


Description
---

CREATE privilege is added for listing tables. So create on server can get list 
of table names


Diffs (updated)
-

  
sentry-binding/sentry-binding-hive/src/main/java/org/apache/sentry/binding/hive/authz/MetastoreAuthzObjectFilter.java
 178780e 
  
sentry-binding/sentry-binding-hive/src/test/java/org/apache/sentry/binding/hive/authz/TestMetastoreAuthzObjectFilter.java
 3ca89be 
  
sentry-binding/sentry-binding-hive/src/test/java/org/apache/sentry/binding/metastore/TestSentryMetaStoreFilterHook.java
 1f7148b 
  
sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/hive/AbstractTestWithStaticConfiguration.java
 d63957a 
  
sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/hive/StaticUserGroup.java
 8306e95 
  
sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/hive/TestShowMetadataPrivileges.java
 88e697b 
  
sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/metastore/AbstractMetastoreTestWithStaticConfiguration.java
 f1600c5 
  
sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/metastore/TestMetastoreEndToEnd.java
 6327f16 


Diff: https://reviews.apache.org/r/70008/diff/5/

Changes: https://reviews.apache.org/r/70008/diff/4-5/


Testing
---

existing tests for metastore, and add two new tests for reading database and 
tables.


Thanks,

Na Li

Re: Review Request 70013: SENTRY-2501: Add cache for HMS server filtering hook

[kalyan kumar kalvagadda via Review Board]

---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/70013/#review212980
---


Ship it!




Ship It!

- kalyan kumar kalvagadda


On Feb. 19, 2019, 9:59 p.m., Na Li wrote:
> 
> ---
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/70013/
> ---
> 
> (Updated Feb. 19, 2019, 9:59 p.m.)
> 
> 
> Review request for sentry, Arjun Mishra, Haley Reeve, and kalyan kumar 
> kalvagadda.
> 
> 
> Bugs: sentry-2501
> https://issues.apache.org/jira/browse/sentry-2501
> 
> 
> Repository: sentry
> 
> 
> Description
> ---
> 
> The filter in SentryMetaStoreFilterHook does not cache sentry privileges. 
> Therefore, for each item in the list, sentry client has to get privileges 
> from sentry server.
> 
> To improve performance, we need to add cache in SentryMetaStoreFilterHook
> 
> 
> Diffs
> -
> 
>   
> sentry-binding/sentry-binding-hive/src/main/java/org/apache/sentry/binding/metastore/MetastoreAuthzBindingBase.java
>  cdb6de4 
>   
> sentry-binding/sentry-binding-hive/src/main/java/org/apache/sentry/binding/metastore/SentryMetaStoreFilterHook.java
>  312c5db 
> 
> 
> Diff: https://reviews.apache.org/r/70013/diff/1/
> 
> 
> Testing
> ---
> 
> existing HMS tests succeeded
> 
> 
> Thanks,
> 
> Na Li
> 
>

Re: Review Request 70013: SENTRY-2501: Add cache for HMS server filtering hook

[Na Li via Review Board]

> On Feb. 20, 2019, 3:36 p.m., kalyan kumar kalvagadda wrote:
> > sentry-binding/sentry-binding-hive/src/main/java/org/apache/sentry/binding/metastore/MetastoreAuthzBindingBase.java
> > Lines 479-506 (patched)
> > 
> >
> > Functionally I'm good with the change but it is a code duplication as 
> > we will have same implementation in MetastoreAuthzBindingBase and 
> > HiveAuthzBindingHookBase.
> > 
> > Could you move this caching to an abstract class and have these classes 
> > reuse it?

what is the abstract class would you suggest?

HiveAuthzBindingHookBase extends AbstractSemanticAnalyzerHook, and 
MetastoreAuthzBindingBase extends MetaStorePreEventListener. They don't have 
comment parent.

If I force them to derive from the same class, which extends 
AbstractSemanticAnalyzerHook and MetaStorePreEventListener, the inherantance 
structure would be very twisted just to share a common implementatioon of a 
function. I don't feel comfortable for that.


- Na


---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/70013/#review212962
---


On Feb. 19, 2019, 9:59 p.m., Na Li wrote:
> 
> ---
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/70013/
> ---
> 
> (Updated Feb. 19, 2019, 9:59 p.m.)
> 
> 
> Review request for sentry, Arjun Mishra, Haley Reeve, and kalyan kumar 
> kalvagadda.
> 
> 
> Bugs: sentry-2501
> https://issues.apache.org/jira/browse/sentry-2501
> 
> 
> Repository: sentry
> 
> 
> Description
> ---
> 
> The filter in SentryMetaStoreFilterHook does not cache sentry privileges. 
> Therefore, for each item in the list, sentry client has to get privileges 
> from sentry server.
> 
> To improve performance, we need to add cache in SentryMetaStoreFilterHook
> 
> 
> Diffs
> -
> 
>   
> sentry-binding/sentry-binding-hive/src/main/java/org/apache/sentry/binding/metastore/MetastoreAuthzBindingBase.java
>  cdb6de4 
>   
> sentry-binding/sentry-binding-hive/src/main/java/org/apache/sentry/binding/metastore/SentryMetaStoreFilterHook.java
>  312c5db 
> 
> 
> Diff: https://reviews.apache.org/r/70013/diff/1/
> 
> 
> Testing
> ---
> 
> existing HMS tests succeeded
> 
> 
> Thanks,
> 
> Na Li
> 
>

Re: Review Request 70004: SENTRY-2496 Support multi-field attribute based document level controls for Solr

[Hrishikesh Gadre via Review Board]

---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/70004/#review212966
---


Ship it!




Ship It!

- Hrishikesh Gadre


On Feb. 18, 2019, 2:36 p.m., Tristan Stevens wrote:
> 
> ---
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/70004/
> ---
> 
> (Updated Feb. 18, 2019, 2:36 p.m.)
> 
> 
> Review request for sentry.
> 
> 
> Repository: sentry
> 
> 
> Description
> ---
> 
> This is an improvement request to cover enhanced document level security for 
> the Solr document level controls, specifically to cover:
> 
> Security controls against multiple fields
> Filters based on user attributes as well as just Sentry roles
> Different security predicates (AND, LessThan, GreaterThan, OR)
> Pluggable user attribute source ahead of Sentry enhancements.
> Sample LDAP user attribute source
> The ambition is this will be a precursor to full complex predicate support 
> being served by Sentry ABAC roadmap.
> 
> 
> Diffs
> -
> 
>   sentry-solr/solr-sentry-handlers/pom.xml 621d8325 
>   
> sentry-solr/solr-sentry-handlers/src/main/java/org/apache/solr/handler/component/CachingUserAttributeSource.java
>  PRE-CREATION 
>   
> sentry-solr/solr-sentry-handlers/src/main/java/org/apache/solr/handler/component/FieldToAttributeMapping.java
>  PRE-CREATION 
>   
> sentry-solr/solr-sentry-handlers/src/main/java/org/apache/solr/handler/component/LdapUserAttributeSource.java
>  PRE-CREATION 
>   
> sentry-solr/solr-sentry-handlers/src/main/java/org/apache/solr/handler/component/LdapUserAttributeSourceParams.java
>  PRE-CREATION 
>   
> sentry-solr/solr-sentry-handlers/src/main/java/org/apache/solr/handler/component/SolrAttrBasedFilter.java
>  PRE-CREATION 
>   
> sentry-solr/solr-sentry-handlers/src/main/java/org/apache/solr/handler/component/UserAttributeSource.java
>  PRE-CREATION 
>   
> sentry-solr/solr-sentry-handlers/src/main/java/org/apache/solr/handler/component/UserAttributeSourceParams.java
>  PRE-CREATION 
>   
> sentry-solr/solr-sentry-handlers/src/test/java/org/apache/solr/handler/component/CachingUserAttributeSourceTest.java
>  PRE-CREATION 
>   
> sentry-solr/solr-sentry-handlers/src/test/java/org/apache/solr/handler/component/LdapRegexTest.java
>  PRE-CREATION 
>   
> sentry-solr/solr-sentry-handlers/src/test/java/org/apache/solr/handler/component/MockUserAttributeSource.java
>  PRE-CREATION 
>   sentry-tests/sentry-tests-solr/pom.xml 7c28bda5 
>   
> sentry-tests/sentry-tests-solr/src/test/java/org/apache/sentry/tests/e2e/solr/SolrSentryServiceTestBase.java
>  09f095a3 
>   
> sentry-tests/sentry-tests-solr/src/test/java/org/apache/sentry/tests/e2e/solr/TestAbacOperations.java
>  PRE-CREATION 
>   sentry-tests/sentry-tests-solr/src/test/resources/ldap/ldap.ldiff 
> PRE-CREATION 
>   sentry-tests/sentry-tests-solr/src/test/resources/ldap/ldap.schema 
> PRE-CREATION 
>   
> sentry-tests/sentry-tests-solr/src/test/resources/solr/configsets/cloud-minimal_abac/conf/enumsConfig.xml
>  PRE-CREATION 
>   
> sentry-tests/sentry-tests-solr/src/test/resources/solr/configsets/cloud-minimal_abac/conf/schema.xml
>  PRE-CREATION 
>   
> sentry-tests/sentry-tests-solr/src/test/resources/solr/configsets/cloud-minimal_abac/conf/solrconfig.xml
>  PRE-CREATION 
> 
> 
> Diff: https://reviews.apache.org/r/70004/diff/1/
> 
> 
> Testing
> ---
> 
> Added unit tests to cover specific areas and also TestAbacOperations.java 
> which tests full integration with a mocked LDAP server against a live 
> SolrCloud.
> 
> Addiitonally I've run manual tests against a live Solr cluster with this 
> plugin deployed against Active Directory.
> 
> 
> Thanks,
> 
> Tristan Stevens
> 
>

Re: Review Request 70013: SENTRY-2501: Add cache for HMS server filtering hook

[kalyan kumar kalvagadda via Review Board]

---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/70013/#review212962
---




sentry-binding/sentry-binding-hive/src/main/java/org/apache/sentry/binding/metastore/MetastoreAuthzBindingBase.java
Lines 479-506 (patched)


Functionally I'm good with the change but it is a code duplication as we 
will have same implementation in MetastoreAuthzBindingBase and 
HiveAuthzBindingHookBase.

Could you move this caching to an abstract class and have these classes 
reuse it?


- kalyan kumar kalvagadda


On Feb. 19, 2019, 9:59 p.m., Na Li wrote:
> 
> ---
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/70013/
> ---
> 
> (Updated Feb. 19, 2019, 9:59 p.m.)
> 
> 
> Review request for sentry, Arjun Mishra, Haley Reeve, and kalyan kumar 
> kalvagadda.
> 
> 
> Bugs: sentry-2501
> https://issues.apache.org/jira/browse/sentry-2501
> 
> 
> Repository: sentry
> 
> 
> Description
> ---
> 
> The filter in SentryMetaStoreFilterHook does not cache sentry privileges. 
> Therefore, for each item in the list, sentry client has to get privileges 
> from sentry server.
> 
> To improve performance, we need to add cache in SentryMetaStoreFilterHook
> 
> 
> Diffs
> -
> 
>   
> sentry-binding/sentry-binding-hive/src/main/java/org/apache/sentry/binding/metastore/MetastoreAuthzBindingBase.java
>  cdb6de4 
>   
> sentry-binding/sentry-binding-hive/src/main/java/org/apache/sentry/binding/metastore/SentryMetaStoreFilterHook.java
>  312c5db 
> 
> 
> Diff: https://reviews.apache.org/r/70013/diff/1/
> 
> 
> Testing
> ---
> 
> existing HMS tests succeeded
> 
> 
> Thanks,
> 
> Na Li
> 
>

Re: Review Request 70008: SENTRY-2500: CREATE on server does not provide HMS server side read authorization for get_all_tables(database_name)

[kalyan kumar kalvagadda via Review Board]

---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/70008/#review212960
---




sentry-binding/sentry-binding-hive/src/test/java/org/apache/sentry/binding/metastore/TestSentryMetaStoreFilterHook.java
Lines 58-78 (original)


Same comment as above.


- kalyan kumar kalvagadda


On Feb. 19, 2019, 9:56 p.m., Na Li wrote:
> 
> ---
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/70008/
> ---
> 
> (Updated Feb. 19, 2019, 9:56 p.m.)
> 
> 
> Review request for sentry, Arjun Mishra, Haley Reeve, and kalyan kumar 
> kalvagadda.
> 
> 
> Bugs: SENTRY-2500
> https://issues.apache.org/jira/browse/SENTRY-2500
> 
> 
> Repository: sentry
> 
> 
> Description
> ---
> 
> CREATE privilege is added for listing tables. So create on server can get 
> list of table names
> 
> 
> Diffs
> -
> 
>   
> sentry-binding/sentry-binding-hive/src/main/java/org/apache/sentry/binding/hive/authz/MetastoreAuthzObjectFilter.java
>  178780e 
>   
> sentry-binding/sentry-binding-hive/src/test/java/org/apache/sentry/binding/hive/authz/TestMetastoreAuthzObjectFilter.java
>  3ca89be 
>   
> sentry-binding/sentry-binding-hive/src/test/java/org/apache/sentry/binding/metastore/TestSentryMetaStoreFilterHook.java
>  1f7148b 
>   
> sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/hive/AbstractTestWithStaticConfiguration.java
>  d63957a 
>   
> sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/hive/StaticUserGroup.java
>  8306e95 
>   
> sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/hive/TestShowMetadataPrivileges.java
>  88e697b 
>   
> sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/metastore/AbstractMetastoreTestWithStaticConfiguration.java
>  f1600c5 
>   
> sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/metastore/TestMetastoreEndToEnd.java
>  6327f16 
> 
> 
> Diff: https://reviews.apache.org/r/70008/diff/4/
> 
> 
> Testing
> ---
> 
> existing tests for metastore, and add two new tests for reading database and 
> tables.
> 
> 
> Thanks,
> 
> Na Li
> 
>

Re: Review Request 70008: SENTRY-2500: CREATE on server does not provide HMS server side read authorization for get_all_tables(database_name)

[kalyan kumar kalvagadda via Review Board]

---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/70008/#review212959
---




sentry-binding/sentry-binding-hive/src/test/java/org/apache/sentry/binding/hive/authz/TestMetastoreAuthzObjectFilter.java
Lines 83-102 (original)


I prefer having the older code. Reusing the privileges defined in 
MetastoreAuthzObjectFilter might not be good option. Here is why

Currently test code has defined LIST_DATABASES_PRIVILEGES and 
LIST_TABLES_PRIVILEGES seperately. Some time later some one change the 
priviliege definations in MetastoreAuthzObjectFilter tests would fail because 
of they are defined seperatly. It's ont way to find something changed. 

If test code used he same definations there will be chance that issues will 
not be exposed by tests.

I understand multiple tests has the same code. You can normalize that part 
if you want but resuing the definations in MetastoreAuthzObjectFilter might not 
be good idea.


- kalyan kumar kalvagadda


On Feb. 19, 2019, 9:56 p.m., Na Li wrote:
> 
> ---
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/70008/
> ---
> 
> (Updated Feb. 19, 2019, 9:56 p.m.)
> 
> 
> Review request for sentry, Arjun Mishra, Haley Reeve, and kalyan kumar 
> kalvagadda.
> 
> 
> Bugs: SENTRY-2500
> https://issues.apache.org/jira/browse/SENTRY-2500
> 
> 
> Repository: sentry
> 
> 
> Description
> ---
> 
> CREATE privilege is added for listing tables. So create on server can get 
> list of table names
> 
> 
> Diffs
> -
> 
>   
> sentry-binding/sentry-binding-hive/src/main/java/org/apache/sentry/binding/hive/authz/MetastoreAuthzObjectFilter.java
>  178780e 
>   
> sentry-binding/sentry-binding-hive/src/test/java/org/apache/sentry/binding/hive/authz/TestMetastoreAuthzObjectFilter.java
>  3ca89be 
>   
> sentry-binding/sentry-binding-hive/src/test/java/org/apache/sentry/binding/metastore/TestSentryMetaStoreFilterHook.java
>  1f7148b 
>   
> sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/hive/AbstractTestWithStaticConfiguration.java
>  d63957a 
>   
> sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/hive/StaticUserGroup.java
>  8306e95 
>   
> sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/hive/TestShowMetadataPrivileges.java
>  88e697b 
>   
> sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/metastore/AbstractMetastoreTestWithStaticConfiguration.java
>  f1600c5 
>   
> sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/metastore/TestMetastoreEndToEnd.java
>  6327f16 
> 
> 
> Diff: https://reviews.apache.org/r/70008/diff/4/
> 
> 
> Testing
> ---
> 
> existing tests for metastore, and add two new tests for reading database and 
> tables.
> 
> 
> Thanks,
> 
> Na Li
> 
>