date:20191221

Re: Review Request 71915: SENTRY-2539: PolicyEngine should be able to return privilege directly

2019-12-21 Thread Na Li via Review Board


---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/71915/
---

(Updated Dec. 22, 2019, 7:33 a.m.)


Review request for sentry, kalyan kumar kalvagadda and Vihang Karajgaonkar.


Bugs: sentry-2359
https://issues.apache.org/jira/browse/sentry-2359


Repository: sentry


Description
---

Right now, the PolicyEngine Interface only returns the list of privileges in 
the form of String. As a result, every authorization check has to convert the 
privilege string to privilege object even though the cached privilege objects 
are of the correct type already.

We should add a new function that returns privilege object directly to avoid 
the overhead of conversion.


Diffs (updated)
-

  
sentry-binding/sentry-binding-hive-common/src/main/java/org/apache/sentry/binding/hive/authz/HiveAuthzBinding.java
 5c7f84f 
  
sentry-binding/sentry-binding-hive-conf/src/main/java/org/apache/sentry/binding/hive/conf/HiveAuthzConf.java
 8f45c60 
  
sentry-binding/sentry-binding-hive/src/main/java/org/apache/sentry/binding/hive/authz/HiveAuthzBindingHookBase.java
 de88705 
  
sentry-binding/sentry-binding-hive/src/main/java/org/apache/sentry/binding/metastore/MetastoreAuthzBindingBase.java
 2940a1e 
  
sentry-binding/sentry-binding-hive/src/main/java/org/apache/sentry/binding/metastore/SentryMetaStoreFilterHook.java
 8e09490 
  
sentry-binding/sentry-binding-hive/src/test/java/org/apache/sentry/privilege/hive/TestCommonPrivilegeForHive.java
 6a8b871 
  
sentry-binding/sentry-binding-kafka/src/test/java/org/apache/sentry/privilege/kafka/TestKafkaWildcardPrivilege.java
 0a0e2f0 
  
sentry-binding/sentry-binding-solr/src/test/java/org/apache/sentry/privilege/solr/TestCommonPrivilegeForSolr.java
 6782089 
  
sentry-binding/sentry-binding-sqoop/src/test/java/org/apache/sentry/privilege/sqoop/TestCommonPrivilegeForSqoop.java
 94e9919 
  
sentry-core/sentry-core-common/src/main/java/org/apache/sentry/core/common/utils/KeyValue.java
 b6a1faa 
  
sentry-core/sentry-core-model-db/src/main/java/org/apache/sentry/core/model/db/DBModelAuthorizables.java
 7bc94c9 
  
sentry-core/sentry-core-model-db/src/main/java/org/apache/sentry/core/model/db/validator/AbstractDBPrivilegeValidator.java
 fa28716 
  
sentry-policy/sentry-policy-common/src/main/java/org/apache/sentry/policy/common/CommonPrivilege.java
 5b261e3 
  
sentry-policy/sentry-policy-common/src/main/java/org/apache/sentry/policy/common/PolicyEngine.java
 504b5ea 
  
sentry-policy/sentry-policy-common/src/main/java/org/apache/sentry/policy/common/Privilege.java
 6c2737a 
  
sentry-policy/sentry-policy-engine/src/main/java/org/apache/sentry/policy/engine/common/CommonPolicyEngine.java
 a819bb0 
  
sentry-provider/sentry-provider-cache/src/main/java/org/apache/sentry/provider/cache/FilteredPrivilegeCache.java
 PRE-CREATION 
  
sentry-provider/sentry-provider-cache/src/main/java/org/apache/sentry/provider/cache/PrivilegeCache.java
 4bb6d32 
  
sentry-provider/sentry-provider-cache/src/main/java/org/apache/sentry/provider/cache/SimpleCacheProviderBackend.java
 ddb4ec5 
  
sentry-provider/sentry-provider-cache/src/main/java/org/apache/sentry/provider/cache/SimpleFilteredPrivilegeCache.java
 PRE-CREATION 
  
sentry-provider/sentry-provider-cache/src/main/java/org/apache/sentry/provider/cache/SimplePrivilegeCache.java
 5de3135 
  
sentry-provider/sentry-provider-cache/src/main/java/org/apache/sentry/provider/cache/TreePrivilegeCache.java
 PRE-CREATION 
  
sentry-provider/sentry-provider-cache/src/main/java/org/apache/sentry/provider/cache/TreePrivilegeNode.java
 PRE-CREATION 
  
sentry-provider/sentry-provider-cache/src/test/java/org/apache/sentry/provider/cache/PrivilegeCacheTestImpl.java
 f2f735b 
  
sentry-provider/sentry-provider-cache/src/test/java/org/apache/sentry/provider/cache/TestSimpleFilteredPrivilegeCache.java
 PRE-CREATION 
  
sentry-provider/sentry-provider-cache/src/test/java/org/apache/sentry/provider/cache/TestSimplePrivilegeCache.java
 891c1d9 
  
sentry-provider/sentry-provider-cache/src/test/java/org/apache/sentry/provider/cache/TestTreePrivilegeCache.java
 PRE-CREATION 
  
sentry-provider/sentry-provider-common/src/main/java/org/apache/sentry/provider/common/CacheProvider.java
 d50a0bc 
  
sentry-provider/sentry-provider-common/src/main/java/org/apache/sentry/provider/common/ProviderBackend.java
 b244dba 
  
sentry-provider/sentry-provider-common/src/main/java/org/apache/sentry/provider/common/ResourceAuthorizationProvider.java
 222b77a 
  
sentry-provider/sentry-provider-common/src/test/java/org/apache/sentry/provider/common/TestGetGroupMapping.java
 ccc505f 
  
sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/SimpleDBProviderBackend.java
 277f6b3 
  
sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/generic/SentryGenericProviderBackend.java
 f8dc211

Re: Review Request 71915: SENTRY-2539: PolicyEngine should be able to return privilege directly

2019-12-21 Thread Na Li via Review Board



> On Dec. 21, 2019, 12:35 a.m., kalyan kumar kalvagadda wrote:
> > sentry-provider/sentry-provider-cache/src/main/java/org/apache/sentry/provider/cache/TreePrivilegeCache.java
> > Lines 170 (patched)
> > 
> >
> > Second argument here is basically is partIndex. 
> > You sending a -1 and using it by incrementing by one.
> > Instead, I think you should just pass 0.
> 
> Na Li wrote:
> If I pass 0 to the function getChildResourceValue(), the index will be 0 
> + 1 = 1, and the result will be wrong.
> 
> To make it work, I implemented the function getTopLevelResourceValue() 
> that is even simpler, and does not need caller to pass in any index. The 
> equivalent index is 0, which is (- 1 + 1) = 0.

added function getResourceValue() that can accept index value of 0.


- Na


---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/71915/#review219091
---


On Dec. 20, 2019, 9:27 p.m., Na Li wrote:
> 
> ---
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/71915/
> ---
> 
> (Updated Dec. 20, 2019, 9:27 p.m.)
> 
> 
> Review request for sentry, kalyan kumar kalvagadda and Vihang Karajgaonkar.
> 
> 
> Bugs: sentry-2359
> https://issues.apache.org/jira/browse/sentry-2359
> 
> 
> Repository: sentry
> 
> 
> Description
> ---
> 
> Right now, the PolicyEngine Interface only returns the list of privileges in 
> the form of String. As a result, every authorization check has to convert the 
> privilege string to privilege object even though the cached privilege objects 
> are of the correct type already.
> 
> We should add a new function that returns privilege object directly to avoid 
> the overhead of conversion.
> 
> 
> Diffs
> -
> 
>   
> sentry-binding/sentry-binding-hive-common/src/main/java/org/apache/sentry/binding/hive/authz/HiveAuthzBinding.java
>  5c7f84f 
>   
> sentry-binding/sentry-binding-hive-conf/src/main/java/org/apache/sentry/binding/hive/conf/HiveAuthzConf.java
>  90fcfc3 
>   
> sentry-binding/sentry-binding-hive/src/main/java/org/apache/sentry/binding/hive/authz/HiveAuthzBindingHookBase.java
>  de88705 
>   
> sentry-binding/sentry-binding-hive/src/main/java/org/apache/sentry/binding/metastore/MetastoreAuthzBindingBase.java
>  2940a1e 
>   
> sentry-binding/sentry-binding-hive/src/main/java/org/apache/sentry/binding/metastore/SentryMetaStoreFilterHook.java
>  8e09490 
>   
> sentry-binding/sentry-binding-hive/src/test/java/org/apache/sentry/privilege/hive/TestCommonPrivilegeForHive.java
>  6a8b871 
>   
> sentry-binding/sentry-binding-kafka/src/test/java/org/apache/sentry/privilege/kafka/TestKafkaWildcardPrivilege.java
>  0a0e2f0 
>   
> sentry-binding/sentry-binding-solr/src/test/java/org/apache/sentry/privilege/solr/TestCommonPrivilegeForSolr.java
>  6782089 
>   
> sentry-binding/sentry-binding-sqoop/src/test/java/org/apache/sentry/privilege/sqoop/TestCommonPrivilegeForSqoop.java
>  94e9919 
>   
> sentry-core/sentry-core-common/src/main/java/org/apache/sentry/core/common/utils/KeyValue.java
>  b6a1faa 
>   
> sentry-core/sentry-core-model-db/src/main/java/org/apache/sentry/core/model/db/DBModelAuthorizables.java
>  7bc94c9 
>   
> sentry-core/sentry-core-model-db/src/main/java/org/apache/sentry/core/model/db/validator/AbstractDBPrivilegeValidator.java
>  fa28716 
>   
> sentry-policy/sentry-policy-common/src/main/java/org/apache/sentry/policy/common/CommonPrivilege.java
>  5b261e3 
>   
> sentry-policy/sentry-policy-common/src/main/java/org/apache/sentry/policy/common/PolicyEngine.java
>  504b5ea 
>   
> sentry-policy/sentry-policy-common/src/main/java/org/apache/sentry/policy/common/Privilege.java
>  6c2737a 
>   
> sentry-policy/sentry-policy-engine/src/main/java/org/apache/sentry/policy/engine/common/CommonPolicyEngine.java
>  a819bb0 
>   
> sentry-provider/sentry-provider-cache/src/main/java/org/apache/sentry/provider/cache/FilteredPrivilegeCache.java
>  PRE-CREATION 
>   
> sentry-provider/sentry-provider-cache/src/main/java/org/apache/sentry/provider/cache/PrivilegeCache.java
>  4bb6d32 
>   
> sentry-provider/sentry-provider-cache/src/main/java/org/apache/sentry/provider/cache/SimpleCacheProviderBackend.java
>  ddb4ec5 
>   
> sentry-provider/sentry-provider-cache/src/main/java/org/apache/sentry/provider/cache/SimpleFilteredPrivilegeCache.java
>  PRE-CREATION 
>   
> sentry-provider/sentry-provider-cache/src/main/java/org/apache/sentry/provider/cache/SimplePrivilegeCache.java
>  5de3135 
>   
> sentry-provider/sentry-provider-cache/src/main/java/org/apache/sentry/provider/cache/TreePrivilegeCache.java
>  PRE-CREATION 
>   
>

Re: Review Request 71915: SENTRY-2539: PolicyEngine should be able to return privilege directly

2019-12-21 Thread Na Li via Review Board

> On Dec. 21, 2019, 12:35 a.m., kalyan kumar kalvagadda wrote:
> > sentry-binding/sentry-binding-hive/src/main/java/org/apache/sentry/binding/metastore/SentryMetaStoreFilterHook.java
> > Lines 233-236 (patched)
> > 
> >
> > Did you see any issue with out this change?

yes. without this change, if the same hook is called the second time to filter 
databases or tables, the privileges are not refectched, and may not be 
up-to-date.

> On Dec. 21, 2019, 12:35 a.m., kalyan kumar kalvagadda wrote:
> > sentry-provider/sentry-provider-cache/src/main/java/org/apache/sentry/provider/cache/PrivilegeCache.java
> > Line 46 (original)
> > 
> >
> > I agree.

this function was added by SENTRY-1291 
https://reviews.apache.org/r/47872/diff/6#9.

I want to keep this Interface the same as before SENTRY-1291 was committed, and 
all changes in SENTRY-1291 and SENTRY-2539 in another interface to maintain 
backward compatibility. 

In this way, if the changes in SENTRY-1291 and SENTRY-2539 cause problem, we 
can easily rollback to the behavior before SENTRY-1291 and SENTRY-2539.

> On Dec. 21, 2019, 12:35 a.m., kalyan kumar kalvagadda wrote:
> > sentry-provider/sentry-provider-cache/src/main/java/org/apache/sentry/provider/cache/SimpleCacheProviderBackend.java
> > Lines 75-78 (original), 76-84 (patched)
> > 
> >
> > Why should be do this up-casting?
> > 
> > If the below API is not removed from Privilge cache we would need this 
> > special check.
> > 
> >   Set listPrivileges(Set groups, Set users, 
> > ActiveRoleSet roleSet,
> >   Authorizable... authorizationhierarchy);
> >   
> >   
> >   Is there any reason to remove this API. This might even break 
> > Impala which implements this interface.

"Is there any reason to remove this API. This might even break Impala which 
implements this interface."

this function was added by SENTRY-1291 
https://reviews.apache.org/r/47872/diff/6#9, and Impala rejected this change, 
and does NOT suppor this function. To avoid breaking Impala, we should not keep 
this function in Interface PrivilegeCache.java.

I want to keep the Interface PrivilegeCache.java the same as before SENTRY-1291 
was committed, and all changes in SENTRY-1291 and SENTRY-2539 in another 
interface to maintain backward compatibility. 

In this way, if the changes in SENTRY-1291 and SENTRY-2539 cause problem, we 
can easily rollback to the behavior before SENTRY-1291 and SENTRY-2539.

> On Dec. 21, 2019, 12:35 a.m., kalyan kumar kalvagadda wrote:
> > sentry-provider/sentry-provider-cache/src/main/java/org/apache/sentry/provider/cache/TreePrivilegeCache.java
> > Lines 170 (patched)
> > 
> >
> > Second argument here is basically is partIndex. 
> > You sending a -1 and using it by incrementing by one.
> > Instead, I think you should just pass 0.

If I pass 0 to the function getChildResourceValue(), the index will be 0 + 1 = 
1, and the result will be wrong.

To make it work, I implemented the function getTopLevelResourceValue() that is 
even simpler, and does not need caller to pass in any index. The equivalent 
index is 0, which is (- 1 + 1) = 0.

> On Dec. 21, 2019, 12:35 a.m., kalyan kumar kalvagadda wrote:
> > sentry-provider/sentry-provider-cache/src/main/java/org/apache/sentry/provider/cache/TreePrivilegeCache.java
> > Lines 174 (patched)
> > 
> >
> > First argument here is basically is partIndex. 
> > You sending a -1 and using it by incrementing by one.
> > Instead, I think you should just pass 0. 
> > 
> > 
> > +1 on vehang's comment.

I have added new function getResourceValue() to make code more readable.

> On Dec. 21, 2019, 12:35 a.m., kalyan kumar kalvagadda wrote:
> > sentry-provider/sentry-provider-common/src/main/java/org/apache/sentry/provider/common/ResourceAuthorizationProvider.java
> > Lines 217-225 (patched)
> > 
> >
> > Why are you converting the privilge object to string and performening 
> > the check?
> > 
> > Something like
> > 
> >  private boolean hasOnlyServerPrivilege(Privilege privObj) {
> > if(privObj.getParts().size() == 1 && 
> > privObj.getParts().get(0).getKey().equalsIgnoreCase("server")) {
> >   return privObj.getParts().get(0).getValue().endsWith("+");
> > }
> > return false;
> >   }

Thanks for the suggestion. I did that before adding function getParts() in 
Privilege. After adding this function, I don't need to convert the privilege to 
string and can use your suggestion.

> On

Re: Review Request 71915: SENTRY-2539: PolicyEngine should be able to return privilege directly

2019-12-21 Thread Na Li via Review Board

> On Dec. 20, 2019, 11:07 p.m., Vihang Karajgaonkar wrote:
> > sentry-provider/sentry-provider-cache/src/main/java/org/apache/sentry/provider/cache/FilteredPrivilegeCache.java
> > Lines 35 (patched)
> > 
> >
> > I think instead of setPrivilegeFactory, we should just have 
> > PrivilegeFactory getPrivilegeFactory(). That would mean that we can make 
> > privilegeFactory final field in the cache. I am not sure if we would want 
> > to have privilegeFactory to be configurable once the instance of the cache 
> > is created.

remove this function, and let privilege factory be an input to create a 
filtered cache

> On Dec. 20, 2019, 11:07 p.m., Vihang Karajgaonkar wrote:
> > sentry-provider/sentry-provider-cache/src/main/java/org/apache/sentry/provider/cache/PrivilegeCache.java
> > Line 46 (original)
> > 
> >
> > do we need to remove this? This nullifies the objective of creating a 
> > separate interface FilteredPrivilegeCache

yes. Removing this function makes PrivilegeCache the same as its original 
content before SENTRY-1291. And the changes from SENTRY-1291 and SENTRY-2539 
are only in FilteredPrivilegeCache, which adds another 
functionlistPrivilegeObjects

> On Dec. 20, 2019, 11:07 p.m., Vihang Karajgaonkar wrote:
> > sentry-provider/sentry-provider-cache/src/main/java/org/apache/sentry/provider/cache/SimpleCacheProviderBackend.java
> > Lines 97 (patched)
> > 
> >
> > do we need copyOf?
> 
> kalyan kumar kalvagadda wrote:
> How about using 
> Collections.unmodifiableSet(filteredPrivilegeCache.listPrivilegeObjects(groups,
>  users, roleSet, authorizableHierarchy)));
> This avoids creating new copy of the collection for each call. It still 
> makes sure that the caller will not be able to modify the list.
> Using Collections.unmodifiableList creates a wrapper around your List. if 
> the underlying list changes, so does your unmodifiableList's view.
> 
> Creating copy is not efficient. It's a more expensive computation and 
> consumes more memor.

Collections.unmodifiableSet() returns type of Set, however, the 
returned type should be ImmutableSet. See this link for more info.
https://stackoverflow.com/questions/5611324/whats-the-difference-between-collections-unmodifiableset-and-immutableset-of

an important difference between ImmutableSet and the Set created by 
Collections.unmodifiableSet is that ImmutableSet is a type

> On Dec. 20, 2019, 11:07 p.m., Vihang Karajgaonkar wrote:
> > sentry-provider/sentry-provider-cache/src/main/java/org/apache/sentry/provider/cache/SimpleCacheProviderBackend.java
> > Lines 101 (patched)
> > 
> >
> > instead of returning empty may be throw a 
> > UnsupportedOperationException. Also you can add a 
> > Preconditions.checkState(cacheHandle instanceOf FilteredPrivilegeCache) in 
> > such a case.

The caller ResourceAuthorizationProvider does not know what type of cache is 
used. If the cache does not support getPrivilegeObjects, we don't want to throw 
exception for each authorization check. it is too expensive. Instead, the 
caller should call getPrivileges() to get corresponding privileges

> On Dec. 20, 2019, 11:07 p.m., Vihang Karajgaonkar wrote:
> > sentry-provider/sentry-provider-cache/src/main/java/org/apache/sentry/provider/cache/SimpleFilteredPrivilegeCache.java
> > Lines 41 (patched)
> > 
> >
> > If you don't modify the existing PrivilegeCache interface, we don't 
> > need this implementation. We should keep SimplePrivilegeCache as is so that 
> > fallback to previous behavior is possible.

We have three implementations of the privilege caches.

 1.1) org.apache.sentry.provider.cache.SimplePrivilegeCache (the original cache 
implementation before SENTRY-1291. This is what customers use right now, and 
they are having performance issue. If customers have issue using 
TreePrivilegeCache, they can fall back to this original SimplePrivilegeCache)

 1.2) org.apache.sentry.provider.cache.SimpleFilteredPrivilegeCache (the cache 
implemented in SENTRY-1291 with class name of SimplePrivilegeCache. Its 
implementation is now moved to SimpleFilteredPrivilegeCache. It is not used by 
big customers.)

 1.3) org.apache.sentry.provider.cache.TreePrivilegeCache (the cache 
implemented in this Jira SENTRY-2539. It should be used to reduce performance 
issue.)

> On Dec. 20, 2019, 11:07 p.m., Vihang Karajgaonkar wrote:
> > sentry-provider/sentry-provider-cache/src/main/java/org/apache/sentry/provider/cache/SimpleFilteredPrivilegeCache.java
> > Lines 58 (patched)
> > 
> >
> > can we use

Re: Review Request 71915: SENTRY-2539: PolicyEngine should be able to return privilege directly

2019-12-21 Thread kalyan kumar kalvagadda via Review Board



> On Dec. 20, 2019, 11:07 p.m., Vihang Karajgaonkar wrote:
> > sentry-provider/sentry-provider-cache/src/main/java/org/apache/sentry/provider/cache/SimpleCacheProviderBackend.java
> > Lines 97 (patched)
> > 
> >
> > do we need copyOf?

How about using 
Collections.unmodifiableSet(filteredPrivilegeCache.listPrivilegeObjects(groups, 
users, roleSet, authorizableHierarchy)));
This avoids creating new copy of the collection for each call. It still makes 
sure that the caller will not be able to modify the list.
Using Collections.unmodifiableList creates a wrapper around your List. if the 
underlying list changes, so does your unmodifiableList's view.

Creating copy is not efficient. It's a more expensive computation and consumes 
more memor.


- kalyan kumar


---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/71915/#review219090
---


On Dec. 20, 2019, 9:27 p.m., Na Li wrote:
> 
> ---
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/71915/
> ---
> 
> (Updated Dec. 20, 2019, 9:27 p.m.)
> 
> 
> Review request for sentry, kalyan kumar kalvagadda and Vihang Karajgaonkar.
> 
> 
> Bugs: sentry-2359
> https://issues.apache.org/jira/browse/sentry-2359
> 
> 
> Repository: sentry
> 
> 
> Description
> ---
> 
> Right now, the PolicyEngine Interface only returns the list of privileges in 
> the form of String. As a result, every authorization check has to convert the 
> privilege string to privilege object even though the cached privilege objects 
> are of the correct type already.
> 
> We should add a new function that returns privilege object directly to avoid 
> the overhead of conversion.
> 
> 
> Diffs
> -
> 
>   
> sentry-binding/sentry-binding-hive-common/src/main/java/org/apache/sentry/binding/hive/authz/HiveAuthzBinding.java
>  5c7f84f 
>   
> sentry-binding/sentry-binding-hive-conf/src/main/java/org/apache/sentry/binding/hive/conf/HiveAuthzConf.java
>  90fcfc3 
>   
> sentry-binding/sentry-binding-hive/src/main/java/org/apache/sentry/binding/hive/authz/HiveAuthzBindingHookBase.java
>  de88705 
>   
> sentry-binding/sentry-binding-hive/src/main/java/org/apache/sentry/binding/metastore/MetastoreAuthzBindingBase.java
>  2940a1e 
>   
> sentry-binding/sentry-binding-hive/src/main/java/org/apache/sentry/binding/metastore/SentryMetaStoreFilterHook.java
>  8e09490 
>   
> sentry-binding/sentry-binding-hive/src/test/java/org/apache/sentry/privilege/hive/TestCommonPrivilegeForHive.java
>  6a8b871 
>   
> sentry-binding/sentry-binding-kafka/src/test/java/org/apache/sentry/privilege/kafka/TestKafkaWildcardPrivilege.java
>  0a0e2f0 
>   
> sentry-binding/sentry-binding-solr/src/test/java/org/apache/sentry/privilege/solr/TestCommonPrivilegeForSolr.java
>  6782089 
>   
> sentry-binding/sentry-binding-sqoop/src/test/java/org/apache/sentry/privilege/sqoop/TestCommonPrivilegeForSqoop.java
>  94e9919 
>   
> sentry-core/sentry-core-common/src/main/java/org/apache/sentry/core/common/utils/KeyValue.java
>  b6a1faa 
>   
> sentry-core/sentry-core-model-db/src/main/java/org/apache/sentry/core/model/db/DBModelAuthorizables.java
>  7bc94c9 
>   
> sentry-core/sentry-core-model-db/src/main/java/org/apache/sentry/core/model/db/validator/AbstractDBPrivilegeValidator.java
>  fa28716 
>   
> sentry-policy/sentry-policy-common/src/main/java/org/apache/sentry/policy/common/CommonPrivilege.java
>  5b261e3 
>   
> sentry-policy/sentry-policy-common/src/main/java/org/apache/sentry/policy/common/PolicyEngine.java
>  504b5ea 
>   
> sentry-policy/sentry-policy-common/src/main/java/org/apache/sentry/policy/common/Privilege.java
>  6c2737a 
>   
> sentry-policy/sentry-policy-engine/src/main/java/org/apache/sentry/policy/engine/common/CommonPolicyEngine.java
>  a819bb0 
>   
> sentry-provider/sentry-provider-cache/src/main/java/org/apache/sentry/provider/cache/FilteredPrivilegeCache.java
>  PRE-CREATION 
>   
> sentry-provider/sentry-provider-cache/src/main/java/org/apache/sentry/provider/cache/PrivilegeCache.java
>  4bb6d32 
>   
> sentry-provider/sentry-provider-cache/src/main/java/org/apache/sentry/provider/cache/SimpleCacheProviderBackend.java
>  ddb4ec5 
>   
> sentry-provider/sentry-provider-cache/src/main/java/org/apache/sentry/provider/cache/SimpleFilteredPrivilegeCache.java
>  PRE-CREATION 
>   
> sentry-provider/sentry-provider-cache/src/main/java/org/apache/sentry/provider/cache/SimplePrivilegeCache.java
>  5de3135 
>   
> sentry-provider/sentry-provider-cache/src/main/java/org/apache/sentry/provider/cache/TreePrivilegeCache.java
>  PRE-CREATION 
>   
>

Re: Review Request 71915: SENTRY-2539: PolicyEngine should be able to return privilege directly

Re: Review Request 71915: SENTRY-2539: PolicyEngine should be able to return privilege directly

Re: Review Request 71915: SENTRY-2539: PolicyEngine should be able to return privilege directly

Re: Review Request 71915: SENTRY-2539: PolicyEngine should be able to return privilege directly

Re: Review Request 71915: SENTRY-2539: PolicyEngine should be able to return privilege directly

5 matches

Site Navigation

Mail list logo

Footer information