subject:"Review Request 69619\: SENTRY\-2482\: Sentry Solr to support multi\-attribute document level security"

Re: Review Request 69619: SENTRY-2482: Sentry Solr to support multi-attribute document level security

2019-02-13 Thread kalyan kumar kalvagadda via Review Board



> On Feb. 12, 2019, 8:38 p.m., kalyan kumar kalvagadda wrote:
> > Tristan Stevens,
> > 
> > This patch has two enhancements
> > 1.  Subset Match Filtering/
> > 2.  User Attribute Filter
> > 
> > Having multiple enhacements in single commit is not easy to understand. Can 
> > you seperate them to two different patches?
> 
> Tristan Stevens wrote:
> Hi Kalyan,
> I understand the concern. The problem we have is that both enhancements 
> depend on the SubsetQueryPlugin, which in itself doesn't merit a JIRA on its 
> own. Also, I'm not sure how do submit a review board for one patch built on 
> another.
> 
> To break it down, please consider:
> 
> 1. SubsetQueryPlugin.java which used by both 
> QueryDocAuthorizationComponent.java and SolrAttrBasedFilter.java.
> 2. QueryDocAuthorizationComponent.java provides the first enhancement, 
> extending DocAuthorizationComponent.java
> 3. All other classes under src/main are related to 
> SolrAttrBasedFilter.java.

Tristan,

You don't have to submit both the patches at the same time. You can sumbit one 
first, i will reiview it and commit it so that you can submit another one after 
that.
I will not out delay in the review process.


- kalyan kumar


---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/69619/#review212760
---


On Jan. 15, 2019, 9:49 p.m., Tristan Stevens wrote:
> 
> ---
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/69619/
> ---
> 
> (Updated Jan. 15, 2019, 9:49 p.m.)
> 
> 
> Review request for sentry.
> 
> 
> Repository: sentry
> 
> 
> Description
> ---
> 
> This is an improvement request to cover enhanced document level security for 
> the Solr document level controls, specifically to cover:
> 
> - Security controls against multiple fields
> - Filters based on user attributes as well as just Sentry roles
> - Different security predicates (AND, LessThan, GreaterThan - in addition to 
> the currently supported OR)
> - Pluggable user attribute source ahead of Sentry enhancements.
> - Sample LDAP user attribute source
> 
> The ambition is this will be a precursor to full complex predicate support 
> being served by Sentry ABAC roadmap.
> 
> 
> Diffs
> -
> 
>   sentry-solr/solr-sentry-handlers/pom.xml 621d8325 
>   
> sentry-solr/solr-sentry-handlers/src/main/java/org/apache/solr/handler/component/CachingUserAttributeSource.java
>  PRE-CREATION 
>   
> sentry-solr/solr-sentry-handlers/src/main/java/org/apache/solr/handler/component/DocAuthorizationComponent.java
>  PRE-CREATION 
>   
> sentry-solr/solr-sentry-handlers/src/main/java/org/apache/solr/handler/component/FieldToAttributeMapping.java
>  PRE-CREATION 
>   
> sentry-solr/solr-sentry-handlers/src/main/java/org/apache/solr/handler/component/LdapUserAttributeSource.java
>  PRE-CREATION 
>   
> sentry-solr/solr-sentry-handlers/src/main/java/org/apache/solr/handler/component/LdapUserAttributeSourceParams.java
>  PRE-CREATION 
>   
> sentry-solr/solr-sentry-handlers/src/main/java/org/apache/solr/handler/component/QueryDocAuthorizationComponent.java
>  9da3d6e1 
>   
> sentry-solr/solr-sentry-handlers/src/main/java/org/apache/solr/handler/component/SolrAttrBasedFilter.java
>  PRE-CREATION 
>   
> sentry-solr/solr-sentry-handlers/src/main/java/org/apache/solr/handler/component/SubsetQueryPlugin.java
>  PRE-CREATION 
>   
> sentry-solr/solr-sentry-handlers/src/main/java/org/apache/solr/handler/component/UserAttributeSource.java
>  PRE-CREATION 
>   
> sentry-solr/solr-sentry-handlers/src/main/java/org/apache/solr/handler/component/UserAttributeSourceParams.java
>  PRE-CREATION 
>   
> sentry-solr/solr-sentry-handlers/src/test/java/org/apache/solr/handler/component/CachingUserAttributeSourceTest.java
>  PRE-CREATION 
>   
> sentry-solr/solr-sentry-handlers/src/test/java/org/apache/solr/handler/component/LdapRegexTest.java
>  PRE-CREATION 
>   
> sentry-solr/solr-sentry-handlers/src/test/java/org/apache/solr/handler/component/MockUserAttributeSource.java
>  PRE-CREATION 
>   
> sentry-solr/solr-sentry-handlers/src/test/java/org/apache/solr/handler/component/SubsetQueryTest.java
>  PRE-CREATION 
>   
> sentry-solr/solr-sentry-handlers/src/test/resources/solr/collection1/schema-docValuesSubsetMatch.xml
>  PRE-CREATION 
>   
> sentry-solr/solr-sentry-handlers/src/test/resources/solr/collection1/solrconfig-subsetmatchcomponent.xml
>  PRE-CREATION 
>   
> sentry-solr/solr-sentry-handlers/src/test/resources/solr/collection1/solrconfig-subsetquery.xml
>  PRE-CREATION 
>   
> sentry-solr/solr-sentry-handlers/src/test/resources/solr/collection1/solrconfig.snippet.randomindexconfig.xml
>  PRE-CREATION 
>   sentry-tests/sentry-tests-solr/pom.xml 7c28bda5 
>   
>

Re: Review Request 69619: SENTRY-2482: Sentry Solr to support multi-attribute document level security

2019-02-12 Thread Tristan Stevens via Review Board



> On Feb. 12, 2019, 8:38 p.m., kalyan kumar kalvagadda wrote:
> > Tristan Stevens,
> > 
> > This patch has two enhancements
> > 1.  Subset Match Filtering/
> > 2.  User Attribute Filter
> > 
> > Having multiple enhacements in single commit is not easy to understand. Can 
> > you seperate them to two different patches?

Hi Kalyan,
I understand the concern. The problem we have is that both enhancements depend 
on the SubsetQueryPlugin, which in itself doesn't merit a JIRA on its own. 
Also, I'm not sure how do submit a review board for one patch built on another.

To break it down, please consider:

1. SubsetQueryPlugin.java which used by both 
QueryDocAuthorizationComponent.java and SolrAttrBasedFilter.java.
2. QueryDocAuthorizationComponent.java provides the first enhancement, 
extending DocAuthorizationComponent.java
3. All other classes under src/main are related to SolrAttrBasedFilter.java.


- Tristan


---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/69619/#review212760
---


On Jan. 15, 2019, 9:49 p.m., Tristan Stevens wrote:
> 
> ---
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/69619/
> ---
> 
> (Updated Jan. 15, 2019, 9:49 p.m.)
> 
> 
> Review request for sentry.
> 
> 
> Repository: sentry
> 
> 
> Description
> ---
> 
> This is an improvement request to cover enhanced document level security for 
> the Solr document level controls, specifically to cover:
> 
> - Security controls against multiple fields
> - Filters based on user attributes as well as just Sentry roles
> - Different security predicates (AND, LessThan, GreaterThan - in addition to 
> the currently supported OR)
> - Pluggable user attribute source ahead of Sentry enhancements.
> - Sample LDAP user attribute source
> 
> The ambition is this will be a precursor to full complex predicate support 
> being served by Sentry ABAC roadmap.
> 
> 
> Diffs
> -
> 
>   sentry-solr/solr-sentry-handlers/pom.xml 621d8325 
>   
> sentry-solr/solr-sentry-handlers/src/main/java/org/apache/solr/handler/component/CachingUserAttributeSource.java
>  PRE-CREATION 
>   
> sentry-solr/solr-sentry-handlers/src/main/java/org/apache/solr/handler/component/DocAuthorizationComponent.java
>  PRE-CREATION 
>   
> sentry-solr/solr-sentry-handlers/src/main/java/org/apache/solr/handler/component/FieldToAttributeMapping.java
>  PRE-CREATION 
>   
> sentry-solr/solr-sentry-handlers/src/main/java/org/apache/solr/handler/component/LdapUserAttributeSource.java
>  PRE-CREATION 
>   
> sentry-solr/solr-sentry-handlers/src/main/java/org/apache/solr/handler/component/LdapUserAttributeSourceParams.java
>  PRE-CREATION 
>   
> sentry-solr/solr-sentry-handlers/src/main/java/org/apache/solr/handler/component/QueryDocAuthorizationComponent.java
>  9da3d6e1 
>   
> sentry-solr/solr-sentry-handlers/src/main/java/org/apache/solr/handler/component/SolrAttrBasedFilter.java
>  PRE-CREATION 
>   
> sentry-solr/solr-sentry-handlers/src/main/java/org/apache/solr/handler/component/SubsetQueryPlugin.java
>  PRE-CREATION 
>   
> sentry-solr/solr-sentry-handlers/src/main/java/org/apache/solr/handler/component/UserAttributeSource.java
>  PRE-CREATION 
>   
> sentry-solr/solr-sentry-handlers/src/main/java/org/apache/solr/handler/component/UserAttributeSourceParams.java
>  PRE-CREATION 
>   
> sentry-solr/solr-sentry-handlers/src/test/java/org/apache/solr/handler/component/CachingUserAttributeSourceTest.java
>  PRE-CREATION 
>   
> sentry-solr/solr-sentry-handlers/src/test/java/org/apache/solr/handler/component/LdapRegexTest.java
>  PRE-CREATION 
>   
> sentry-solr/solr-sentry-handlers/src/test/java/org/apache/solr/handler/component/MockUserAttributeSource.java
>  PRE-CREATION 
>   
> sentry-solr/solr-sentry-handlers/src/test/java/org/apache/solr/handler/component/SubsetQueryTest.java
>  PRE-CREATION 
>   
> sentry-solr/solr-sentry-handlers/src/test/resources/solr/collection1/schema-docValuesSubsetMatch.xml
>  PRE-CREATION 
>   
> sentry-solr/solr-sentry-handlers/src/test/resources/solr/collection1/solrconfig-subsetmatchcomponent.xml
>  PRE-CREATION 
>   
> sentry-solr/solr-sentry-handlers/src/test/resources/solr/collection1/solrconfig-subsetquery.xml
>  PRE-CREATION 
>   
> sentry-solr/solr-sentry-handlers/src/test/resources/solr/collection1/solrconfig.snippet.randomindexconfig.xml
>  PRE-CREATION 
>   sentry-tests/sentry-tests-solr/pom.xml 7c28bda5 
>   
> sentry-tests/sentry-tests-solr/src/test/java/org/apache/sentry/tests/e2e/solr/AbstractSolrSentryTestCase.java
>  3d4d555f 
>   
> sentry-tests/sentry-tests-solr/src/test/java/org/apache/sentry/tests/e2e/solr/DocLevelGenerator.java
>  40cc153e 
>   
>

Re: Review Request 69619: SENTRY-2482: Sentry Solr to support multi-attribute document level security

2019-02-12 Thread kalyan kumar kalvagadda via Review Board


---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/69619/#review212760
---



Tristan Stevens,

This patch has two enhancements
1.  Subset Match Filtering/
2.  User Attribute Filter

Having multiple enhacements in single commit is not easy to understand. Can you 
seperate them to two different patches?

- kalyan kumar kalvagadda


On Jan. 15, 2019, 9:49 p.m., Tristan Stevens wrote:
> 
> ---
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/69619/
> ---
> 
> (Updated Jan. 15, 2019, 9:49 p.m.)
> 
> 
> Review request for sentry.
> 
> 
> Repository: sentry
> 
> 
> Description
> ---
> 
> This is an improvement request to cover enhanced document level security for 
> the Solr document level controls, specifically to cover:
> 
> - Security controls against multiple fields
> - Filters based on user attributes as well as just Sentry roles
> - Different security predicates (AND, LessThan, GreaterThan - in addition to 
> the currently supported OR)
> - Pluggable user attribute source ahead of Sentry enhancements.
> - Sample LDAP user attribute source
> 
> The ambition is this will be a precursor to full complex predicate support 
> being served by Sentry ABAC roadmap.
> 
> 
> Diffs
> -
> 
>   sentry-solr/solr-sentry-handlers/pom.xml 621d8325 
>   
> sentry-solr/solr-sentry-handlers/src/main/java/org/apache/solr/handler/component/CachingUserAttributeSource.java
>  PRE-CREATION 
>   
> sentry-solr/solr-sentry-handlers/src/main/java/org/apache/solr/handler/component/DocAuthorizationComponent.java
>  PRE-CREATION 
>   
> sentry-solr/solr-sentry-handlers/src/main/java/org/apache/solr/handler/component/FieldToAttributeMapping.java
>  PRE-CREATION 
>   
> sentry-solr/solr-sentry-handlers/src/main/java/org/apache/solr/handler/component/LdapUserAttributeSource.java
>  PRE-CREATION 
>   
> sentry-solr/solr-sentry-handlers/src/main/java/org/apache/solr/handler/component/LdapUserAttributeSourceParams.java
>  PRE-CREATION 
>   
> sentry-solr/solr-sentry-handlers/src/main/java/org/apache/solr/handler/component/QueryDocAuthorizationComponent.java
>  9da3d6e1 
>   
> sentry-solr/solr-sentry-handlers/src/main/java/org/apache/solr/handler/component/SolrAttrBasedFilter.java
>  PRE-CREATION 
>   
> sentry-solr/solr-sentry-handlers/src/main/java/org/apache/solr/handler/component/SubsetQueryPlugin.java
>  PRE-CREATION 
>   
> sentry-solr/solr-sentry-handlers/src/main/java/org/apache/solr/handler/component/UserAttributeSource.java
>  PRE-CREATION 
>   
> sentry-solr/solr-sentry-handlers/src/main/java/org/apache/solr/handler/component/UserAttributeSourceParams.java
>  PRE-CREATION 
>   
> sentry-solr/solr-sentry-handlers/src/test/java/org/apache/solr/handler/component/CachingUserAttributeSourceTest.java
>  PRE-CREATION 
>   
> sentry-solr/solr-sentry-handlers/src/test/java/org/apache/solr/handler/component/LdapRegexTest.java
>  PRE-CREATION 
>   
> sentry-solr/solr-sentry-handlers/src/test/java/org/apache/solr/handler/component/MockUserAttributeSource.java
>  PRE-CREATION 
>   
> sentry-solr/solr-sentry-handlers/src/test/java/org/apache/solr/handler/component/SubsetQueryTest.java
>  PRE-CREATION 
>   
> sentry-solr/solr-sentry-handlers/src/test/resources/solr/collection1/schema-docValuesSubsetMatch.xml
>  PRE-CREATION 
>   
> sentry-solr/solr-sentry-handlers/src/test/resources/solr/collection1/solrconfig-subsetmatchcomponent.xml
>  PRE-CREATION 
>   
> sentry-solr/solr-sentry-handlers/src/test/resources/solr/collection1/solrconfig-subsetquery.xml
>  PRE-CREATION 
>   
> sentry-solr/solr-sentry-handlers/src/test/resources/solr/collection1/solrconfig.snippet.randomindexconfig.xml
>  PRE-CREATION 
>   sentry-tests/sentry-tests-solr/pom.xml 7c28bda5 
>   
> sentry-tests/sentry-tests-solr/src/test/java/org/apache/sentry/tests/e2e/solr/AbstractSolrSentryTestCase.java
>  3d4d555f 
>   
> sentry-tests/sentry-tests-solr/src/test/java/org/apache/sentry/tests/e2e/solr/DocLevelGenerator.java
>  40cc153e 
>   
> sentry-tests/sentry-tests-solr/src/test/java/org/apache/sentry/tests/e2e/solr/SolrSentryServiceTestBase.java
>  e1f789cb 
>   
> sentry-tests/sentry-tests-solr/src/test/java/org/apache/sentry/tests/e2e/solr/TestAbacOperations.java
>  PRE-CREATION 
>   
> sentry-tests/sentry-tests-solr/src/test/java/org/apache/sentry/tests/e2e/solr/TestDocLevelOperations.java
>  7834f339 
>   
> sentry-tests/sentry-tests-solr/src/test/java/org/apache/sentry/tests/e2e/solr/TestSubsetQueryOperations.java
>  PRE-CREATION 
>   sentry-tests/sentry-tests-solr/src/test/resources/ldap/ldap.ldiff 
> PRE-CREATION 
>   sentry-tests/sentry-tests-solr/src/test/resources/ldap/ldap.schema 
> PRE-CREATION 
>

Re: Review Request 69619: SENTRY-2482: Sentry Solr to support multi-attribute document level security

2019-01-18 Thread Hrishikesh Gadre via Review Board


---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/69619/#review212158
---


Ship it!




Ship It!

- Hrishikesh Gadre


On Jan. 15, 2019, 9:49 p.m., Tristan Stevens wrote:
> 
> ---
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/69619/
> ---
> 
> (Updated Jan. 15, 2019, 9:49 p.m.)
> 
> 
> Review request for sentry.
> 
> 
> Repository: sentry
> 
> 
> Description
> ---
> 
> This is an improvement request to cover enhanced document level security for 
> the Solr document level controls, specifically to cover:
> 
> - Security controls against multiple fields
> - Filters based on user attributes as well as just Sentry roles
> - Different security predicates (AND, LessThan, GreaterThan - in addition to 
> the currently supported OR)
> - Pluggable user attribute source ahead of Sentry enhancements.
> - Sample LDAP user attribute source
> 
> The ambition is this will be a precursor to full complex predicate support 
> being served by Sentry ABAC roadmap.
> 
> 
> Diffs
> -
> 
>   sentry-solr/solr-sentry-handlers/pom.xml 621d8325 
>   
> sentry-solr/solr-sentry-handlers/src/main/java/org/apache/solr/handler/component/CachingUserAttributeSource.java
>  PRE-CREATION 
>   
> sentry-solr/solr-sentry-handlers/src/main/java/org/apache/solr/handler/component/DocAuthorizationComponent.java
>  PRE-CREATION 
>   
> sentry-solr/solr-sentry-handlers/src/main/java/org/apache/solr/handler/component/FieldToAttributeMapping.java
>  PRE-CREATION 
>   
> sentry-solr/solr-sentry-handlers/src/main/java/org/apache/solr/handler/component/LdapUserAttributeSource.java
>  PRE-CREATION 
>   
> sentry-solr/solr-sentry-handlers/src/main/java/org/apache/solr/handler/component/LdapUserAttributeSourceParams.java
>  PRE-CREATION 
>   
> sentry-solr/solr-sentry-handlers/src/main/java/org/apache/solr/handler/component/QueryDocAuthorizationComponent.java
>  9da3d6e1 
>   
> sentry-solr/solr-sentry-handlers/src/main/java/org/apache/solr/handler/component/SolrAttrBasedFilter.java
>  PRE-CREATION 
>   
> sentry-solr/solr-sentry-handlers/src/main/java/org/apache/solr/handler/component/SubsetQueryPlugin.java
>  PRE-CREATION 
>   
> sentry-solr/solr-sentry-handlers/src/main/java/org/apache/solr/handler/component/UserAttributeSource.java
>  PRE-CREATION 
>   
> sentry-solr/solr-sentry-handlers/src/main/java/org/apache/solr/handler/component/UserAttributeSourceParams.java
>  PRE-CREATION 
>   
> sentry-solr/solr-sentry-handlers/src/test/java/org/apache/solr/handler/component/CachingUserAttributeSourceTest.java
>  PRE-CREATION 
>   
> sentry-solr/solr-sentry-handlers/src/test/java/org/apache/solr/handler/component/LdapRegexTest.java
>  PRE-CREATION 
>   
> sentry-solr/solr-sentry-handlers/src/test/java/org/apache/solr/handler/component/MockUserAttributeSource.java
>  PRE-CREATION 
>   
> sentry-solr/solr-sentry-handlers/src/test/java/org/apache/solr/handler/component/SubsetQueryTest.java
>  PRE-CREATION 
>   
> sentry-solr/solr-sentry-handlers/src/test/resources/solr/collection1/schema-docValuesSubsetMatch.xml
>  PRE-CREATION 
>   
> sentry-solr/solr-sentry-handlers/src/test/resources/solr/collection1/solrconfig-subsetmatchcomponent.xml
>  PRE-CREATION 
>   
> sentry-solr/solr-sentry-handlers/src/test/resources/solr/collection1/solrconfig-subsetquery.xml
>  PRE-CREATION 
>   
> sentry-solr/solr-sentry-handlers/src/test/resources/solr/collection1/solrconfig.snippet.randomindexconfig.xml
>  PRE-CREATION 
>   sentry-tests/sentry-tests-solr/pom.xml 7c28bda5 
>   
> sentry-tests/sentry-tests-solr/src/test/java/org/apache/sentry/tests/e2e/solr/AbstractSolrSentryTestCase.java
>  3d4d555f 
>   
> sentry-tests/sentry-tests-solr/src/test/java/org/apache/sentry/tests/e2e/solr/DocLevelGenerator.java
>  40cc153e 
>   
> sentry-tests/sentry-tests-solr/src/test/java/org/apache/sentry/tests/e2e/solr/SolrSentryServiceTestBase.java
>  e1f789cb 
>   
> sentry-tests/sentry-tests-solr/src/test/java/org/apache/sentry/tests/e2e/solr/TestAbacOperations.java
>  PRE-CREATION 
>   
> sentry-tests/sentry-tests-solr/src/test/java/org/apache/sentry/tests/e2e/solr/TestDocLevelOperations.java
>  7834f339 
>   
> sentry-tests/sentry-tests-solr/src/test/java/org/apache/sentry/tests/e2e/solr/TestSubsetQueryOperations.java
>  PRE-CREATION 
>   sentry-tests/sentry-tests-solr/src/test/resources/ldap/ldap.ldiff 
> PRE-CREATION 
>   sentry-tests/sentry-tests-solr/src/test/resources/ldap/ldap.schema 
> PRE-CREATION 
>   sentry-tests/sentry-tests-solr/src/test/resources/log4j.properties d9418167 
>   
> sentry-tests/sentry-tests-solr/src/test/resources/solr/configsets/cloud-minimal_abac/conf/enumsConfig.xml
>  PRE-CREATION 
>   
>

Re: Review Request 69619: SENTRY-2482: Sentry Solr to support multi-attribute document level security

2019-01-15 Thread Tristan Stevens via Review Board


---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/69619/
---

(Updated Jan. 15, 2019, 9:49 p.m.)


Review request for sentry.


Changes
---

Whitespace fixes.


Repository: sentry


Description
---

This is an improvement request to cover enhanced document level security for 
the Solr document level controls, specifically to cover:

- Security controls against multiple fields
- Filters based on user attributes as well as just Sentry roles
- Different security predicates (AND, LessThan, GreaterThan - in addition to 
the currently supported OR)
- Pluggable user attribute source ahead of Sentry enhancements.
- Sample LDAP user attribute source

The ambition is this will be a precursor to full complex predicate support 
being served by Sentry ABAC roadmap.


Diffs (updated)
-

  sentry-solr/solr-sentry-handlers/pom.xml 621d8325 
  
sentry-solr/solr-sentry-handlers/src/main/java/org/apache/solr/handler/component/CachingUserAttributeSource.java
 PRE-CREATION 
  
sentry-solr/solr-sentry-handlers/src/main/java/org/apache/solr/handler/component/DocAuthorizationComponent.java
 PRE-CREATION 
  
sentry-solr/solr-sentry-handlers/src/main/java/org/apache/solr/handler/component/FieldToAttributeMapping.java
 PRE-CREATION 
  
sentry-solr/solr-sentry-handlers/src/main/java/org/apache/solr/handler/component/LdapUserAttributeSource.java
 PRE-CREATION 
  
sentry-solr/solr-sentry-handlers/src/main/java/org/apache/solr/handler/component/LdapUserAttributeSourceParams.java
 PRE-CREATION 
  
sentry-solr/solr-sentry-handlers/src/main/java/org/apache/solr/handler/component/QueryDocAuthorizationComponent.java
 9da3d6e1 
  
sentry-solr/solr-sentry-handlers/src/main/java/org/apache/solr/handler/component/SolrAttrBasedFilter.java
 PRE-CREATION 
  
sentry-solr/solr-sentry-handlers/src/main/java/org/apache/solr/handler/component/SubsetQueryPlugin.java
 PRE-CREATION 
  
sentry-solr/solr-sentry-handlers/src/main/java/org/apache/solr/handler/component/UserAttributeSource.java
 PRE-CREATION 
  
sentry-solr/solr-sentry-handlers/src/main/java/org/apache/solr/handler/component/UserAttributeSourceParams.java
 PRE-CREATION 
  
sentry-solr/solr-sentry-handlers/src/test/java/org/apache/solr/handler/component/CachingUserAttributeSourceTest.java
 PRE-CREATION 
  
sentry-solr/solr-sentry-handlers/src/test/java/org/apache/solr/handler/component/LdapRegexTest.java
 PRE-CREATION 
  
sentry-solr/solr-sentry-handlers/src/test/java/org/apache/solr/handler/component/MockUserAttributeSource.java
 PRE-CREATION 
  
sentry-solr/solr-sentry-handlers/src/test/java/org/apache/solr/handler/component/SubsetQueryTest.java
 PRE-CREATION 
  
sentry-solr/solr-sentry-handlers/src/test/resources/solr/collection1/schema-docValuesSubsetMatch.xml
 PRE-CREATION 
  
sentry-solr/solr-sentry-handlers/src/test/resources/solr/collection1/solrconfig-subsetmatchcomponent.xml
 PRE-CREATION 
  
sentry-solr/solr-sentry-handlers/src/test/resources/solr/collection1/solrconfig-subsetquery.xml
 PRE-CREATION 
  
sentry-solr/solr-sentry-handlers/src/test/resources/solr/collection1/solrconfig.snippet.randomindexconfig.xml
 PRE-CREATION 
  sentry-tests/sentry-tests-solr/pom.xml 7c28bda5 
  
sentry-tests/sentry-tests-solr/src/test/java/org/apache/sentry/tests/e2e/solr/AbstractSolrSentryTestCase.java
 3d4d555f 
  
sentry-tests/sentry-tests-solr/src/test/java/org/apache/sentry/tests/e2e/solr/DocLevelGenerator.java
 40cc153e 
  
sentry-tests/sentry-tests-solr/src/test/java/org/apache/sentry/tests/e2e/solr/SolrSentryServiceTestBase.java
 e1f789cb 
  
sentry-tests/sentry-tests-solr/src/test/java/org/apache/sentry/tests/e2e/solr/TestAbacOperations.java
 PRE-CREATION 
  
sentry-tests/sentry-tests-solr/src/test/java/org/apache/sentry/tests/e2e/solr/TestDocLevelOperations.java
 7834f339 
  
sentry-tests/sentry-tests-solr/src/test/java/org/apache/sentry/tests/e2e/solr/TestSubsetQueryOperations.java
 PRE-CREATION 
  sentry-tests/sentry-tests-solr/src/test/resources/ldap/ldap.ldiff 
PRE-CREATION 
  sentry-tests/sentry-tests-solr/src/test/resources/ldap/ldap.schema 
PRE-CREATION 
  sentry-tests/sentry-tests-solr/src/test/resources/log4j.properties d9418167 
  
sentry-tests/sentry-tests-solr/src/test/resources/solr/configsets/cloud-minimal_abac/conf/enumsConfig.xml
 PRE-CREATION 
  
sentry-tests/sentry-tests-solr/src/test/resources/solr/configsets/cloud-minimal_abac/conf/schema.xml
 PRE-CREATION 
  
sentry-tests/sentry-tests-solr/src/test/resources/solr/configsets/cloud-minimal_abac/conf/solrconfig.xml
 PRE-CREATION 
  
sentry-tests/sentry-tests-solr/src/test/resources/solr/configsets/cloud-minimal_subset_match/conf/schema.xml
 PRE-CREATION 
  
sentry-tests/sentry-tests-solr/src/test/resources/solr/configsets/cloud-minimal_subset_match/conf/solrconfig.xml
 PRE-CREATION

Re: Review Request 69619: SENTRY-2482: Sentry Solr to support multi-attribute document level security

2019-01-14 Thread Tristan Stevens via Review Board


---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/69619/
---

(Updated Jan. 14, 2019, 1:45 p.m.)


Review request for sentry.


Changes
---

Added unit tests for cache settings


Repository: sentry


Description
---

This is an improvement request to cover enhanced document level security for 
the Solr document level controls, specifically to cover:

- Security controls against multiple fields
- Filters based on user attributes as well as just Sentry roles
- Different security predicates (AND, LessThan, GreaterThan - in addition to 
the currently supported OR)
- Pluggable user attribute source ahead of Sentry enhancements.
- Sample LDAP user attribute source

The ambition is this will be a precursor to full complex predicate support 
being served by Sentry ABAC roadmap.


Diffs (updated)
-

  sentry-solr/solr-sentry-handlers/pom.xml 621d8325 
  
sentry-solr/solr-sentry-handlers/src/main/java/org/apache/solr/handler/component/CachingUserAttributeSource.java
 PRE-CREATION 
  
sentry-solr/solr-sentry-handlers/src/main/java/org/apache/solr/handler/component/DocAuthorizationComponent.java
 PRE-CREATION 
  
sentry-solr/solr-sentry-handlers/src/main/java/org/apache/solr/handler/component/FieldToAttributeMapping.java
 PRE-CREATION 
  
sentry-solr/solr-sentry-handlers/src/main/java/org/apache/solr/handler/component/LdapUserAttributeSource.java
 PRE-CREATION 
  
sentry-solr/solr-sentry-handlers/src/main/java/org/apache/solr/handler/component/LdapUserAttributeSourceParams.java
 PRE-CREATION 
  
sentry-solr/solr-sentry-handlers/src/main/java/org/apache/solr/handler/component/QueryDocAuthorizationComponent.java
 9da3d6e1 
  
sentry-solr/solr-sentry-handlers/src/main/java/org/apache/solr/handler/component/SolrAttrBasedFilter.java
 PRE-CREATION 
  
sentry-solr/solr-sentry-handlers/src/main/java/org/apache/solr/handler/component/SubsetQueryPlugin.java
 PRE-CREATION 
  
sentry-solr/solr-sentry-handlers/src/main/java/org/apache/solr/handler/component/UserAttributeSource.java
 PRE-CREATION 
  
sentry-solr/solr-sentry-handlers/src/main/java/org/apache/solr/handler/component/UserAttributeSourceParams.java
 PRE-CREATION 
  
sentry-solr/solr-sentry-handlers/src/test/java/org/apache/solr/handler/component/CachingUserAttributeSourceTest.java
 PRE-CREATION 
  
sentry-solr/solr-sentry-handlers/src/test/java/org/apache/solr/handler/component/LdapRegexTest.java
 PRE-CREATION 
  
sentry-solr/solr-sentry-handlers/src/test/java/org/apache/solr/handler/component/MockUserAttributeSource.java
 PRE-CREATION 
  
sentry-solr/solr-sentry-handlers/src/test/java/org/apache/solr/handler/component/SubsetQueryTest.java
 PRE-CREATION 
  
sentry-solr/solr-sentry-handlers/src/test/resources/solr/collection1/schema-docValuesSubsetMatch.xml
 PRE-CREATION 
  
sentry-solr/solr-sentry-handlers/src/test/resources/solr/collection1/solrconfig-subsetmatchcomponent.xml
 PRE-CREATION 
  
sentry-solr/solr-sentry-handlers/src/test/resources/solr/collection1/solrconfig-subsetquery.xml
 PRE-CREATION 
  
sentry-solr/solr-sentry-handlers/src/test/resources/solr/collection1/solrconfig.snippet.randomindexconfig.xml
 PRE-CREATION 
  sentry-tests/sentry-tests-solr/pom.xml 7c28bda5 
  
sentry-tests/sentry-tests-solr/src/test/java/org/apache/sentry/tests/e2e/solr/AbstractSolrSentryTestCase.java
 3d4d555f 
  
sentry-tests/sentry-tests-solr/src/test/java/org/apache/sentry/tests/e2e/solr/DocLevelGenerator.java
 40cc153e 
  
sentry-tests/sentry-tests-solr/src/test/java/org/apache/sentry/tests/e2e/solr/SolrSentryServiceTestBase.java
 e1f789cb 
  
sentry-tests/sentry-tests-solr/src/test/java/org/apache/sentry/tests/e2e/solr/TestAbacOperations.java
 PRE-CREATION 
  
sentry-tests/sentry-tests-solr/src/test/java/org/apache/sentry/tests/e2e/solr/TestDocLevelOperations.java
 7834f339 
  
sentry-tests/sentry-tests-solr/src/test/java/org/apache/sentry/tests/e2e/solr/TestSubsetQueryOperations.java
 PRE-CREATION 
  sentry-tests/sentry-tests-solr/src/test/resources/ldap/ldap.ldiff 
PRE-CREATION 
  sentry-tests/sentry-tests-solr/src/test/resources/ldap/ldap.schema 
PRE-CREATION 
  sentry-tests/sentry-tests-solr/src/test/resources/log4j.properties d9418167 
  
sentry-tests/sentry-tests-solr/src/test/resources/solr/configsets/cloud-minimal_abac/conf/enumsConfig.xml
 PRE-CREATION 
  
sentry-tests/sentry-tests-solr/src/test/resources/solr/configsets/cloud-minimal_abac/conf/schema.xml
 PRE-CREATION 
  
sentry-tests/sentry-tests-solr/src/test/resources/solr/configsets/cloud-minimal_abac/conf/solrconfig.xml
 PRE-CREATION 
  
sentry-tests/sentry-tests-solr/src/test/resources/solr/configsets/cloud-minimal_subset_match/conf/schema.xml
 PRE-CREATION 
  
sentry-tests/sentry-tests-solr/src/test/resources/solr/configsets/cloud-minimal_subset_match/conf/solrconfig.xml
 PRE-CREATION

Re: Review Request 69619: SENTRY-2482: Sentry Solr to support multi-attribute document level security

2019-01-12 Thread Tristan Stevens via Review Board


---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/69619/
---

(Updated Jan. 12, 2019, 7:48 p.m.)


Review request for sentry.


Changes
---

Update to avoid exposing cache internals


Repository: sentry


Description
---

This is an improvement request to cover enhanced document level security for 
the Solr document level controls, specifically to cover:

- Security controls against multiple fields
- Filters based on user attributes as well as just Sentry roles
- Different security predicates (AND, LessThan, GreaterThan - in addition to 
the currently supported OR)
- Pluggable user attribute source ahead of Sentry enhancements.
- Sample LDAP user attribute source

The ambition is this will be a precursor to full complex predicate support 
being served by Sentry ABAC roadmap.


Diffs (updated)
-

  sentry-solr/solr-sentry-handlers/pom.xml 621d8325 
  
sentry-solr/solr-sentry-handlers/src/main/java/org/apache/solr/handler/component/CachingUserAttributeSource.java
 PRE-CREATION 
  
sentry-solr/solr-sentry-handlers/src/main/java/org/apache/solr/handler/component/DocAuthorizationComponent.java
 PRE-CREATION 
  
sentry-solr/solr-sentry-handlers/src/main/java/org/apache/solr/handler/component/FieldToAttributeMapping.java
 PRE-CREATION 
  
sentry-solr/solr-sentry-handlers/src/main/java/org/apache/solr/handler/component/LdapUserAttributeSource.java
 PRE-CREATION 
  
sentry-solr/solr-sentry-handlers/src/main/java/org/apache/solr/handler/component/LdapUserAttributeSourceParams.java
 PRE-CREATION 
  
sentry-solr/solr-sentry-handlers/src/main/java/org/apache/solr/handler/component/QueryDocAuthorizationComponent.java
 9da3d6e1 
  
sentry-solr/solr-sentry-handlers/src/main/java/org/apache/solr/handler/component/SolrAttrBasedFilter.java
 PRE-CREATION 
  
sentry-solr/solr-sentry-handlers/src/main/java/org/apache/solr/handler/component/SubsetQueryPlugin.java
 PRE-CREATION 
  
sentry-solr/solr-sentry-handlers/src/main/java/org/apache/solr/handler/component/UserAttributeSource.java
 PRE-CREATION 
  
sentry-solr/solr-sentry-handlers/src/main/java/org/apache/solr/handler/component/UserAttributeSourceParams.java
 PRE-CREATION 
  
sentry-solr/solr-sentry-handlers/src/test/java/org/apache/solr/handler/component/CachingUserAttributeSourceTest.java
 PRE-CREATION 
  
sentry-solr/solr-sentry-handlers/src/test/java/org/apache/solr/handler/component/LdapRegexTest.java
 PRE-CREATION 
  
sentry-solr/solr-sentry-handlers/src/test/java/org/apache/solr/handler/component/MockUserAttributeSource.java
 PRE-CREATION 
  
sentry-solr/solr-sentry-handlers/src/test/java/org/apache/solr/handler/component/SubsetQueryTest.java
 PRE-CREATION 
  
sentry-solr/solr-sentry-handlers/src/test/resources/solr/collection1/schema-docValuesSubsetMatch.xml
 PRE-CREATION 
  
sentry-solr/solr-sentry-handlers/src/test/resources/solr/collection1/solrconfig-subsetmatchcomponent.xml
 PRE-CREATION 
  
sentry-solr/solr-sentry-handlers/src/test/resources/solr/collection1/solrconfig-subsetquery.xml
 PRE-CREATION 
  
sentry-solr/solr-sentry-handlers/src/test/resources/solr/collection1/solrconfig.snippet.randomindexconfig.xml
 PRE-CREATION 
  sentry-tests/sentry-tests-solr/pom.xml 7c28bda5 
  
sentry-tests/sentry-tests-solr/src/test/java/org/apache/sentry/tests/e2e/solr/AbstractSolrSentryTestCase.java
 3d4d555f 
  
sentry-tests/sentry-tests-solr/src/test/java/org/apache/sentry/tests/e2e/solr/DocLevelGenerator.java
 40cc153e 
  
sentry-tests/sentry-tests-solr/src/test/java/org/apache/sentry/tests/e2e/solr/SolrSentryServiceTestBase.java
 e1f789cb 
  
sentry-tests/sentry-tests-solr/src/test/java/org/apache/sentry/tests/e2e/solr/TestAbacOperations.java
 PRE-CREATION 
  
sentry-tests/sentry-tests-solr/src/test/java/org/apache/sentry/tests/e2e/solr/TestDocLevelOperations.java
 7834f339 
  
sentry-tests/sentry-tests-solr/src/test/java/org/apache/sentry/tests/e2e/solr/TestSubsetQueryOperations.java
 PRE-CREATION 
  sentry-tests/sentry-tests-solr/src/test/resources/ldap/ldap.ldiff 
PRE-CREATION 
  sentry-tests/sentry-tests-solr/src/test/resources/ldap/ldap.schema 
PRE-CREATION 
  sentry-tests/sentry-tests-solr/src/test/resources/log4j.properties d9418167 
  
sentry-tests/sentry-tests-solr/src/test/resources/solr/configsets/cloud-minimal_abac/conf/enumsConfig.xml
 PRE-CREATION 
  
sentry-tests/sentry-tests-solr/src/test/resources/solr/configsets/cloud-minimal_abac/conf/schema.xml
 PRE-CREATION 
  
sentry-tests/sentry-tests-solr/src/test/resources/solr/configsets/cloud-minimal_abac/conf/solrconfig.xml
 PRE-CREATION 
  
sentry-tests/sentry-tests-solr/src/test/resources/solr/configsets/cloud-minimal_subset_match/conf/schema.xml
 PRE-CREATION 
  
sentry-tests/sentry-tests-solr/src/test/resources/solr/configsets/cloud-minimal_subset_match/conf/solrconfig.xml
 PRE-CREATION

Re: Review Request 69619: SENTRY-2482: Sentry Solr to support multi-attribute document level security

2019-01-11 Thread Tristan Stevens via Review Board


---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/69619/
---

(Updated Jan. 11, 2019, 6:10 p.m.)


Review request for sentry.


Changes
---

Added changes from offline feedback from zsgyulavari


Repository: sentry


Description
---

This is an improvement request to cover enhanced document level security for 
the Solr document level controls, specifically to cover:

- Security controls against multiple fields
- Filters based on user attributes as well as just Sentry roles
- Different security predicates (AND, LessThan, GreaterThan - in addition to 
the currently supported OR)
- Pluggable user attribute source ahead of Sentry enhancements.
- Sample LDAP user attribute source

The ambition is this will be a precursor to full complex predicate support 
being served by Sentry ABAC roadmap.


Diffs (updated)
-

  sentry-solr/solr-sentry-handlers/pom.xml 621d8325 
  
sentry-solr/solr-sentry-handlers/src/main/java/org/apache/solr/handler/component/CachingUserAttributeSource.java
 PRE-CREATION 
  
sentry-solr/solr-sentry-handlers/src/main/java/org/apache/solr/handler/component/DocAuthorizationComponent.java
 PRE-CREATION 
  
sentry-solr/solr-sentry-handlers/src/main/java/org/apache/solr/handler/component/FieldToAttributeMapping.java
 PRE-CREATION 
  
sentry-solr/solr-sentry-handlers/src/main/java/org/apache/solr/handler/component/LdapUserAttributeSource.java
 PRE-CREATION 
  
sentry-solr/solr-sentry-handlers/src/main/java/org/apache/solr/handler/component/LdapUserAttributeSourceParams.java
 PRE-CREATION 
  
sentry-solr/solr-sentry-handlers/src/main/java/org/apache/solr/handler/component/QueryDocAuthorizationComponent.java
 9da3d6e1 
  
sentry-solr/solr-sentry-handlers/src/main/java/org/apache/solr/handler/component/SolrAttrBasedFilter.java
 PRE-CREATION 
  
sentry-solr/solr-sentry-handlers/src/main/java/org/apache/solr/handler/component/SubsetQueryPlugin.java
 PRE-CREATION 
  
sentry-solr/solr-sentry-handlers/src/main/java/org/apache/solr/handler/component/UserAttributeSource.java
 PRE-CREATION 
  
sentry-solr/solr-sentry-handlers/src/main/java/org/apache/solr/handler/component/UserAttributeSourceParams.java
 PRE-CREATION 
  
sentry-solr/solr-sentry-handlers/src/test/java/org/apache/solr/handler/component/CachingUserAttributeSourceTest.java
 PRE-CREATION 
  
sentry-solr/solr-sentry-handlers/src/test/java/org/apache/solr/handler/component/LdapRegexTest.java
 PRE-CREATION 
  
sentry-solr/solr-sentry-handlers/src/test/java/org/apache/solr/handler/component/MockUserAttributeSource.java
 PRE-CREATION 
  
sentry-solr/solr-sentry-handlers/src/test/java/org/apache/solr/handler/component/SubsetQueryTest.java
 PRE-CREATION 
  
sentry-solr/solr-sentry-handlers/src/test/resources/solr/collection1/schema-docValuesSubsetMatch.xml
 PRE-CREATION 
  
sentry-solr/solr-sentry-handlers/src/test/resources/solr/collection1/solrconfig-subsetmatchcomponent.xml
 PRE-CREATION 
  
sentry-solr/solr-sentry-handlers/src/test/resources/solr/collection1/solrconfig-subsetquery.xml
 PRE-CREATION 
  
sentry-solr/solr-sentry-handlers/src/test/resources/solr/collection1/solrconfig.snippet.randomindexconfig.xml
 PRE-CREATION 
  sentry-tests/sentry-tests-solr/pom.xml 7c28bda5 
  
sentry-tests/sentry-tests-solr/src/test/java/org/apache/sentry/tests/e2e/solr/AbstractSolrSentryTestCase.java
 3d4d555f 
  
sentry-tests/sentry-tests-solr/src/test/java/org/apache/sentry/tests/e2e/solr/DocLevelGenerator.java
 40cc153e 
  
sentry-tests/sentry-tests-solr/src/test/java/org/apache/sentry/tests/e2e/solr/SolrSentryServiceTestBase.java
 e1f789cb 
  
sentry-tests/sentry-tests-solr/src/test/java/org/apache/sentry/tests/e2e/solr/TestAbacOperations.java
 PRE-CREATION 
  
sentry-tests/sentry-tests-solr/src/test/java/org/apache/sentry/tests/e2e/solr/TestDocLevelOperations.java
 7834f339 
  
sentry-tests/sentry-tests-solr/src/test/java/org/apache/sentry/tests/e2e/solr/TestSubsetQueryOperations.java
 PRE-CREATION 
  sentry-tests/sentry-tests-solr/src/test/resources/ldap/ldap.ldiff 
PRE-CREATION 
  sentry-tests/sentry-tests-solr/src/test/resources/ldap/ldap.schema 
PRE-CREATION 
  sentry-tests/sentry-tests-solr/src/test/resources/log4j.properties d9418167 
  
sentry-tests/sentry-tests-solr/src/test/resources/solr/configsets/cloud-minimal_abac/conf/enumsConfig.xml
 PRE-CREATION 
  
sentry-tests/sentry-tests-solr/src/test/resources/solr/configsets/cloud-minimal_abac/conf/schema.xml
 PRE-CREATION 
  
sentry-tests/sentry-tests-solr/src/test/resources/solr/configsets/cloud-minimal_abac/conf/solrconfig.xml
 PRE-CREATION 
  
sentry-tests/sentry-tests-solr/src/test/resources/solr/configsets/cloud-minimal_subset_match/conf/schema.xml
 PRE-CREATION 
  
sentry-tests/sentry-tests-solr/src/test/resources/solr/configsets/cloud-minimal_subset_match/conf/solrconfig.xml
 PRE-CREATION

Re: Review Request 69619: SENTRY-2482: Sentry Solr to support multi-attribute document level security

2019-01-11 Thread Hrishikesh Gadre via Review Board



> On Jan. 7, 2019, 9:37 p.m., Hrishikesh Gadre wrote:
> > sentry-solr/solr-sentry-handlers/src/main/java/org/apache/solr/handler/component/CachingUserAttributeSource.java
> > Lines 34 (patched)
> > 
> >
> > Can we use an integer constant instead?
> 
> Tristan Stevens wrote:
> I'll add a comment. This String should be of the format specified in 
> https://google.github.io/guava/releases/14.0/api/docs/com/google/common/cache/CacheBuilderSpec.html.
>  It's quite possible that someone would want to specify a more detailed 
> cache. I'm not sure there's value in deconstructing the spec as a constant.

I don't really like the idea of exposing the details of cacheing implementation 
to the end user. e.g. what if we want to refactor the implementation to use 
some other caching library. But if you really want to maintain the flexibility 
configuring arbitrary cache properties, you can use a design pattern that I 
used for configuring Solr/Sentry plugin. Basically we allow user to specify 
arbitrary config properties (and optionally default values as well). You could 
implement something similar.

https://github.com/apache/sentry/blob/3ba5998b87595ea158d1d3b71b00cbcdb4092a0a/sentry-binding/sentry-binding-solr/src/main/java/org/apache/sentry/binding/solr/authz/SentrySolrPluginImpl.java#L71-L91
https://github.com/apache/sentry/blob/3ba5998b87595ea158d1d3b71b00cbcdb4092a0a/sentry-tests/sentry-tests-solr/src/test/resources/solr/security/security.json


- Hrishikesh


---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/69619/#review211740
---


On Jan. 8, 2019, 2:08 p.m., Tristan Stevens wrote:
> 
> ---
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/69619/
> ---
> 
> (Updated Jan. 8, 2019, 2:08 p.m.)
> 
> 
> Review request for sentry.
> 
> 
> Repository: sentry
> 
> 
> Description
> ---
> 
> This is an improvement request to cover enhanced document level security for 
> the Solr document level controls, specifically to cover:
> 
> - Security controls against multiple fields
> - Filters based on user attributes as well as just Sentry roles
> - Different security predicates (AND, LessThan, GreaterThan - in addition to 
> the currently supported OR)
> - Pluggable user attribute source ahead of Sentry enhancements.
> - Sample LDAP user attribute source
> 
> The ambition is this will be a precursor to full complex predicate support 
> being served by Sentry ABAC roadmap.
> 
> 
> Diffs
> -
> 
>   sentry-solr/solr-sentry-handlers/pom.xml 621d8325 
>   
> sentry-solr/solr-sentry-handlers/src/main/java/org/apache/solr/handler/component/CachingUserAttributeSource.java
>  PRE-CREATION 
>   
> sentry-solr/solr-sentry-handlers/src/main/java/org/apache/solr/handler/component/DocAuthorizationComponent.java
>  PRE-CREATION 
>   
> sentry-solr/solr-sentry-handlers/src/main/java/org/apache/solr/handler/component/FieldToAttributeMapping.java
>  PRE-CREATION 
>   
> sentry-solr/solr-sentry-handlers/src/main/java/org/apache/solr/handler/component/LdapUserAttributeSource.java
>  PRE-CREATION 
>   
> sentry-solr/solr-sentry-handlers/src/main/java/org/apache/solr/handler/component/LdapUserAttributeSourceParams.java
>  PRE-CREATION 
>   
> sentry-solr/solr-sentry-handlers/src/main/java/org/apache/solr/handler/component/QueryDocAuthorizationComponent.java
>  9da3d6e1 
>   
> sentry-solr/solr-sentry-handlers/src/main/java/org/apache/solr/handler/component/SolrAttrBasedFilter.java
>  PRE-CREATION 
>   
> sentry-solr/solr-sentry-handlers/src/main/java/org/apache/solr/handler/component/SubsetQueryPlugin.java
>  PRE-CREATION 
>   
> sentry-solr/solr-sentry-handlers/src/main/java/org/apache/solr/handler/component/UserAttributeSource.java
>  PRE-CREATION 
>   
> sentry-solr/solr-sentry-handlers/src/main/java/org/apache/solr/handler/component/UserAttributeSourceParams.java
>  PRE-CREATION 
>   
> sentry-solr/solr-sentry-handlers/src/test/java/org/apache/solr/handler/component/CachingUserAttributeSourceTest.java
>  PRE-CREATION 
>   
> sentry-solr/solr-sentry-handlers/src/test/java/org/apache/solr/handler/component/LdapRegexTest.java
>  PRE-CREATION 
>   
> sentry-solr/solr-sentry-handlers/src/test/java/org/apache/solr/handler/component/MockUserAttributeSource.java
>  PRE-CREATION 
>   
> sentry-solr/solr-sentry-handlers/src/test/java/org/apache/solr/handler/component/SubsetQueryTest.java
>  PRE-CREATION 
>   
> sentry-solr/solr-sentry-handlers/src/test/resources/solr/collection1/schema-docValuesSubsetMatch.xml
>  PRE-CREATION 
>   
> sentry-solr/solr-sentry-handlers/src/test/resources/solr/collection1/solrconfig-subsetmatchcomponent.xml
>  PRE-CREATION 
>

Re: Review Request 69619: SENTRY-2482: Sentry Solr to support multi-attribute document level security

2019-01-08 Thread Tristan Stevens via Review Board


---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/69619/
---

(Updated Jan. 8, 2019, 2:08 p.m.)


Review request for sentry.


Changes
---

Updated, including some revisions from zsgyulavari


Repository: sentry


Description
---

This is an improvement request to cover enhanced document level security for 
the Solr document level controls, specifically to cover:

- Security controls against multiple fields
- Filters based on user attributes as well as just Sentry roles
- Different security predicates (AND, LessThan, GreaterThan - in addition to 
the currently supported OR)
- Pluggable user attribute source ahead of Sentry enhancements.
- Sample LDAP user attribute source

The ambition is this will be a precursor to full complex predicate support 
being served by Sentry ABAC roadmap.


Diffs (updated)
-

  sentry-solr/solr-sentry-handlers/pom.xml 621d8325 
  
sentry-solr/solr-sentry-handlers/src/main/java/org/apache/solr/handler/component/CachingUserAttributeSource.java
 PRE-CREATION 
  
sentry-solr/solr-sentry-handlers/src/main/java/org/apache/solr/handler/component/DocAuthorizationComponent.java
 PRE-CREATION 
  
sentry-solr/solr-sentry-handlers/src/main/java/org/apache/solr/handler/component/FieldToAttributeMapping.java
 PRE-CREATION 
  
sentry-solr/solr-sentry-handlers/src/main/java/org/apache/solr/handler/component/LdapUserAttributeSource.java
 PRE-CREATION 
  
sentry-solr/solr-sentry-handlers/src/main/java/org/apache/solr/handler/component/LdapUserAttributeSourceParams.java
 PRE-CREATION 
  
sentry-solr/solr-sentry-handlers/src/main/java/org/apache/solr/handler/component/QueryDocAuthorizationComponent.java
 9da3d6e1 
  
sentry-solr/solr-sentry-handlers/src/main/java/org/apache/solr/handler/component/SolrAttrBasedFilter.java
 PRE-CREATION 
  
sentry-solr/solr-sentry-handlers/src/main/java/org/apache/solr/handler/component/SubsetQueryPlugin.java
 PRE-CREATION 
  
sentry-solr/solr-sentry-handlers/src/main/java/org/apache/solr/handler/component/UserAttributeSource.java
 PRE-CREATION 
  
sentry-solr/solr-sentry-handlers/src/main/java/org/apache/solr/handler/component/UserAttributeSourceParams.java
 PRE-CREATION 
  
sentry-solr/solr-sentry-handlers/src/test/java/org/apache/solr/handler/component/CachingUserAttributeSourceTest.java
 PRE-CREATION 
  
sentry-solr/solr-sentry-handlers/src/test/java/org/apache/solr/handler/component/LdapRegexTest.java
 PRE-CREATION 
  
sentry-solr/solr-sentry-handlers/src/test/java/org/apache/solr/handler/component/MockUserAttributeSource.java
 PRE-CREATION 
  
sentry-solr/solr-sentry-handlers/src/test/java/org/apache/solr/handler/component/SubsetQueryTest.java
 PRE-CREATION 
  
sentry-solr/solr-sentry-handlers/src/test/resources/solr/collection1/schema-docValuesSubsetMatch.xml
 PRE-CREATION 
  
sentry-solr/solr-sentry-handlers/src/test/resources/solr/collection1/solrconfig-subsetmatchcomponent.xml
 PRE-CREATION 
  
sentry-solr/solr-sentry-handlers/src/test/resources/solr/collection1/solrconfig-subsetquery.xml
 PRE-CREATION 
  
sentry-solr/solr-sentry-handlers/src/test/resources/solr/collection1/solrconfig.snippet.randomindexconfig.xml
 PRE-CREATION 
  sentry-tests/sentry-tests-solr/pom.xml 7c28bda5 
  
sentry-tests/sentry-tests-solr/src/test/java/org/apache/sentry/tests/e2e/solr/AbstractSolrSentryTestCase.java
 3d4d555f 
  
sentry-tests/sentry-tests-solr/src/test/java/org/apache/sentry/tests/e2e/solr/DocLevelGenerator.java
 40cc153e 
  
sentry-tests/sentry-tests-solr/src/test/java/org/apache/sentry/tests/e2e/solr/SolrSentryServiceTestBase.java
 e1f789cb 
  
sentry-tests/sentry-tests-solr/src/test/java/org/apache/sentry/tests/e2e/solr/TestAbacOperations.java
 PRE-CREATION 
  
sentry-tests/sentry-tests-solr/src/test/java/org/apache/sentry/tests/e2e/solr/TestDocLevelOperations.java
 7834f339 
  
sentry-tests/sentry-tests-solr/src/test/java/org/apache/sentry/tests/e2e/solr/TestSubsetQueryOperations.java
 PRE-CREATION 
  sentry-tests/sentry-tests-solr/src/test/resources/ldap/ldap.ldiff 
PRE-CREATION 
  sentry-tests/sentry-tests-solr/src/test/resources/ldap/ldap.schema 
PRE-CREATION 
  sentry-tests/sentry-tests-solr/src/test/resources/log4j.properties d9418167 
  
sentry-tests/sentry-tests-solr/src/test/resources/solr/configsets/cloud-minimal_abac/conf/enumsConfig.xml
 PRE-CREATION 
  
sentry-tests/sentry-tests-solr/src/test/resources/solr/configsets/cloud-minimal_abac/conf/schema.xml
 PRE-CREATION 
  
sentry-tests/sentry-tests-solr/src/test/resources/solr/configsets/cloud-minimal_abac/conf/solrconfig.xml
 PRE-CREATION 
  
sentry-tests/sentry-tests-solr/src/test/resources/solr/configsets/cloud-minimal_subset_match/conf/schema.xml
 PRE-CREATION 
  
sentry-tests/sentry-tests-solr/src/test/resources/solr/configsets/cloud-minimal_subset_match/conf/solrconfig.xml
 PRE-CREATION

Re: Review Request 69619: SENTRY-2482: Sentry Solr to support multi-attribute document level security

2019-01-08 Thread Tristan Stevens via Review Board



> On Jan. 7, 2019, 9:37 p.m., Hrishikesh Gadre wrote:
> >

Updated, including some revisions from zsgyulavari


> On Jan. 7, 2019, 9:37 p.m., Hrishikesh Gadre wrote:
> > sentry-solr/solr-sentry-handlers/src/main/java/org/apache/solr/handler/component/CachingUserAttributeSource.java
> > Lines 34 (patched)
> > 
> >
> > Can we use an integer constant instead?

I'll add a comment. This String should be of the format specified in 
https://google.github.io/guava/releases/14.0/api/docs/com/google/common/cache/CacheBuilderSpec.html.
 It's quite possible that someone would want to specify a more detailed cache. 
I'm not sure there's value in deconstructing the spec as a constant.


> On Jan. 7, 2019, 9:37 p.m., Hrishikesh Gadre wrote:
> > sentry-solr/solr-sentry-handlers/src/main/java/org/apache/solr/handler/component/UserAttributeSource.java
> > Lines 24 (patched)
> > 
> >
> > Please add java docs for the interface.

Will add to next version of patch


> On Jan. 7, 2019, 9:37 p.m., Hrishikesh Gadre wrote:
> > sentry-solr/solr-sentry-handlers/src/main/java/org/apache/solr/handler/component/UserAttributeSourceParams.java
> > Lines 21 (patched)
> > 
> >
> > Please add javadocs

Will add to next version of patch.


- Tristan


---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/69619/#review211740
---


On Dec. 21, 2018, 3:54 p.m., Tristan Stevens wrote:
> 
> ---
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/69619/
> ---
> 
> (Updated Dec. 21, 2018, 3:54 p.m.)
> 
> 
> Review request for sentry.
> 
> 
> Repository: sentry
> 
> 
> Description
> ---
> 
> This is an improvement request to cover enhanced document level security for 
> the Solr document level controls, specifically to cover:
> 
> - Security controls against multiple fields
> - Filters based on user attributes as well as just Sentry roles
> - Different security predicates (AND, LessThan, GreaterThan - in addition to 
> the currently supported OR)
> - Pluggable user attribute source ahead of Sentry enhancements.
> - Sample LDAP user attribute source
> 
> The ambition is this will be a precursor to full complex predicate support 
> being served by Sentry ABAC roadmap.
> 
> 
> Diffs
> -
> 
>   sentry-solr/solr-sentry-handlers/pom.xml 621d8325 
>   
> sentry-solr/solr-sentry-handlers/src/main/java/org/apache/solr/handler/component/CachingUserAttributeSource.java
>  PRE-CREATION 
>   
> sentry-solr/solr-sentry-handlers/src/main/java/org/apache/solr/handler/component/DocAuthorizationComponent.java
>  PRE-CREATION 
>   
> sentry-solr/solr-sentry-handlers/src/main/java/org/apache/solr/handler/component/FieldToAttributeMapping.java
>  PRE-CREATION 
>   
> sentry-solr/solr-sentry-handlers/src/main/java/org/apache/solr/handler/component/LdapUserAttributeSource.java
>  PRE-CREATION 
>   
> sentry-solr/solr-sentry-handlers/src/main/java/org/apache/solr/handler/component/LdapUserAttributeSourceParams.java
>  PRE-CREATION 
>   
> sentry-solr/solr-sentry-handlers/src/main/java/org/apache/solr/handler/component/QueryDocAuthorizationComponent.java
>  9da3d6e1 
>   
> sentry-solr/solr-sentry-handlers/src/main/java/org/apache/solr/handler/component/SolrAttrBasedFilter.java
>  PRE-CREATION 
>   
> sentry-solr/solr-sentry-handlers/src/main/java/org/apache/solr/handler/component/SubsetQueryPlugin.java
>  PRE-CREATION 
>   
> sentry-solr/solr-sentry-handlers/src/main/java/org/apache/solr/handler/component/UserAttributeSource.java
>  PRE-CREATION 
>   
> sentry-solr/solr-sentry-handlers/src/main/java/org/apache/solr/handler/component/UserAttributeSourceParams.java
>  PRE-CREATION 
>   
> sentry-solr/solr-sentry-handlers/src/test/java/org/apache/solr/handler/component/CachingUserAttributeSourceTest.java
>  PRE-CREATION 
>   
> sentry-solr/solr-sentry-handlers/src/test/java/org/apache/solr/handler/component/LdapRegexTest.java
>  PRE-CREATION 
>   
> sentry-solr/solr-sentry-handlers/src/test/java/org/apache/solr/handler/component/MockUserAttributeSource.java
>  PRE-CREATION 
>   
> sentry-solr/solr-sentry-handlers/src/test/java/org/apache/solr/handler/component/SubsetQueryTest.java
>  PRE-CREATION 
>   
> sentry-solr/solr-sentry-handlers/src/test/resources/solr/collection1/schema-docValuesSubsetMatch.xml
>  PRE-CREATION 
>   
> sentry-solr/solr-sentry-handlers/src/test/resources/solr/collection1/solrconfig-subsetmatchcomponent.xml
>  PRE-CREATION 
>   
>

Re: Review Request 69619: SENTRY-2482: Sentry Solr to support multi-attribute document level security

2019-01-07 Thread Hrishikesh Gadre via Review Board


---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/69619/#review211740
---




sentry-solr/solr-sentry-handlers/src/main/java/org/apache/solr/handler/component/CachingUserAttributeSource.java
Lines 34 (patched)


Can we use an integer constant instead?



sentry-solr/solr-sentry-handlers/src/main/java/org/apache/solr/handler/component/UserAttributeSource.java
Lines 24 (patched)


Please add java docs for the interface.



sentry-solr/solr-sentry-handlers/src/main/java/org/apache/solr/handler/component/UserAttributeSourceParams.java
Lines 21 (patched)


Please add javadocs


- Hrishikesh Gadre


On Dec. 21, 2018, 3:54 p.m., Tristan Stevens wrote:
> 
> ---
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/69619/
> ---
> 
> (Updated Dec. 21, 2018, 3:54 p.m.)
> 
> 
> Review request for sentry.
> 
> 
> Repository: sentry
> 
> 
> Description
> ---
> 
> This is an improvement request to cover enhanced document level security for 
> the Solr document level controls, specifically to cover:
> 
> - Security controls against multiple fields
> - Filters based on user attributes as well as just Sentry roles
> - Different security predicates (AND, LessThan, GreaterThan - in addition to 
> the currently supported OR)
> - Pluggable user attribute source ahead of Sentry enhancements.
> - Sample LDAP user attribute source
> 
> The ambition is this will be a precursor to full complex predicate support 
> being served by Sentry ABAC roadmap.
> 
> 
> Diffs
> -
> 
>   sentry-solr/solr-sentry-handlers/pom.xml 621d8325 
>   
> sentry-solr/solr-sentry-handlers/src/main/java/org/apache/solr/handler/component/CachingUserAttributeSource.java
>  PRE-CREATION 
>   
> sentry-solr/solr-sentry-handlers/src/main/java/org/apache/solr/handler/component/DocAuthorizationComponent.java
>  PRE-CREATION 
>   
> sentry-solr/solr-sentry-handlers/src/main/java/org/apache/solr/handler/component/FieldToAttributeMapping.java
>  PRE-CREATION 
>   
> sentry-solr/solr-sentry-handlers/src/main/java/org/apache/solr/handler/component/LdapUserAttributeSource.java
>  PRE-CREATION 
>   
> sentry-solr/solr-sentry-handlers/src/main/java/org/apache/solr/handler/component/LdapUserAttributeSourceParams.java
>  PRE-CREATION 
>   
> sentry-solr/solr-sentry-handlers/src/main/java/org/apache/solr/handler/component/QueryDocAuthorizationComponent.java
>  9da3d6e1 
>   
> sentry-solr/solr-sentry-handlers/src/main/java/org/apache/solr/handler/component/SolrAttrBasedFilter.java
>  PRE-CREATION 
>   
> sentry-solr/solr-sentry-handlers/src/main/java/org/apache/solr/handler/component/SubsetQueryPlugin.java
>  PRE-CREATION 
>   
> sentry-solr/solr-sentry-handlers/src/main/java/org/apache/solr/handler/component/UserAttributeSource.java
>  PRE-CREATION 
>   
> sentry-solr/solr-sentry-handlers/src/main/java/org/apache/solr/handler/component/UserAttributeSourceParams.java
>  PRE-CREATION 
>   
> sentry-solr/solr-sentry-handlers/src/test/java/org/apache/solr/handler/component/CachingUserAttributeSourceTest.java
>  PRE-CREATION 
>   
> sentry-solr/solr-sentry-handlers/src/test/java/org/apache/solr/handler/component/LdapRegexTest.java
>  PRE-CREATION 
>   
> sentry-solr/solr-sentry-handlers/src/test/java/org/apache/solr/handler/component/MockUserAttributeSource.java
>  PRE-CREATION 
>   
> sentry-solr/solr-sentry-handlers/src/test/java/org/apache/solr/handler/component/SubsetQueryTest.java
>  PRE-CREATION 
>   
> sentry-solr/solr-sentry-handlers/src/test/resources/solr/collection1/schema-docValuesSubsetMatch.xml
>  PRE-CREATION 
>   
> sentry-solr/solr-sentry-handlers/src/test/resources/solr/collection1/solrconfig-subsetmatchcomponent.xml
>  PRE-CREATION 
>   
> sentry-solr/solr-sentry-handlers/src/test/resources/solr/collection1/solrconfig-subsetquery.xml
>  PRE-CREATION 
>   
> sentry-solr/solr-sentry-handlers/src/test/resources/solr/collection1/solrconfig.snippet.randomindexconfig.xml
>  PRE-CREATION 
>   sentry-tests/sentry-tests-solr/pom.xml 7c28bda5 
>   
> sentry-tests/sentry-tests-solr/src/test/java/org/apache/sentry/tests/e2e/solr/AbstractSolrSentryTestCase.java
>  3d4d555f 
>   
> sentry-tests/sentry-tests-solr/src/test/java/org/apache/sentry/tests/e2e/solr/DocLevelGenerator.java
>  40cc153e 
>   
> sentry-tests/sentry-tests-solr/src/test/java/org/apache/sentry/tests/e2e/solr/SolrSentryServiceTestBase.java
>  e1f789cb 
>   
> sentry-tests/sentry-tests-solr/src/test/java/org/apache/sentry/tests/e2e/solr/TestAbacOperations.java
>  PRE-CREATION 
>   
>

Re: Review Request 69619: SENTRY-2482: Sentry Solr to support multi-attribute document level security

Re: Review Request 69619: SENTRY-2482: Sentry Solr to support multi-attribute document level security

Re: Review Request 69619: SENTRY-2482: Sentry Solr to support multi-attribute document level security

Re: Review Request 69619: SENTRY-2482: Sentry Solr to support multi-attribute document level security

Re: Review Request 69619: SENTRY-2482: Sentry Solr to support multi-attribute document level security

Re: Review Request 69619: SENTRY-2482: Sentry Solr to support multi-attribute document level security

Re: Review Request 69619: SENTRY-2482: Sentry Solr to support multi-attribute document level security

Re: Review Request 69619: SENTRY-2482: Sentry Solr to support multi-attribute document level security

Re: Review Request 69619: SENTRY-2482: Sentry Solr to support multi-attribute document level security

Re: Review Request 69619: SENTRY-2482: Sentry Solr to support multi-attribute document level security

Re: Review Request 69619: SENTRY-2482: Sentry Solr to support multi-attribute document level security

Re: Review Request 69619: SENTRY-2482: Sentry Solr to support multi-attribute document level security

12 matches

Site Navigation

Mail list logo

Footer information