Re: Review Request 71901: SENTRY-2540: Only use SELECT action for filter SHOW DATABASES and SHOW TABLES command based on configuration
--- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/71901/#review219044 --- Ship it! Ship It! - kalyan kumar kalvagadda On Dec. 13, 2019, 4:38 p.m., Na Li wrote: > > --- > This is an automatically generated e-mail. To reply, visit: > https://reviews.apache.org/r/71901/ > --- > > (Updated Dec. 13, 2019, 4:38 p.m.) > > > Review request for sentry, kalyan kumar kalvagadda and Vihang Karajgaonkar. > > > Bugs: sentry-2540 > https://issues.apache.org/jira/browse/sentry-2540 > > > Repository: sentry > > > Description > --- > > When there are thousands of databases, SHOW DATABASES may take a really long > time because SENTRY checks if user has any of the following privileges on > that database for filtering out the database > > DBModelAction.SELECT, DBModelAction.INSERT, DBModelAction.ALTER, > DBModelAction.CREATE, DBModelAction.DROP, DBModelAction.INDEX, > DBModelAction.LOCK > > To speedup the authorization checking for this case, Sentry can check only > the select privilege for SHOW DATABASES and SHOW TABLES based on > configuration. > > > Diffs > - > > > sentry-binding/sentry-binding-hive-conf/src/main/java/org/apache/sentry/binding/hive/conf/HiveAuthzConf.java > 5c43329 > > sentry-binding/sentry-binding-hive/src/main/java/org/apache/sentry/binding/hive/authz/MetastoreAuthzObjectFilter.java > e64d1a5 > > sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/hive/AbstractTestWithStaticConfiguration.java > cc0465a > > sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/hive/TestShowMetadataPrivileges.java > 6a88d0b > > sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/hive/TestShowMetadataPrivilegesOnSelectOnly.java > PRE-CREATION > > > Diff: https://reviews.apache.org/r/71901/diff/3/ > > > Testing > --- > > manually set the configuration to be true, and see only select action is used > for authorization check > > > Thanks, > > Na Li > >
Re: Review Request 71901: SENTRY-2540: Only use SELECT action for filter SHOW DATABASES and SHOW TABLES command based on configuration
--- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/71901/ --- (Updated Dec. 13, 2019, 4:38 p.m.) Review request for sentry, kalyan kumar kalvagadda and Vihang Karajgaonkar. Bugs: sentry-2540 https://issues.apache.org/jira/browse/sentry-2540 Repository: sentry Description --- When there are thousands of databases, SHOW DATABASES may take a really long time because SENTRY checks if user has any of the following privileges on that database for filtering out the database DBModelAction.SELECT, DBModelAction.INSERT, DBModelAction.ALTER, DBModelAction.CREATE, DBModelAction.DROP, DBModelAction.INDEX, DBModelAction.LOCK To speedup the authorization checking for this case, Sentry can check only the select privilege for SHOW DATABASES and SHOW TABLES based on configuration. Diffs (updated) - sentry-binding/sentry-binding-hive-conf/src/main/java/org/apache/sentry/binding/hive/conf/HiveAuthzConf.java 5c43329 sentry-binding/sentry-binding-hive/src/main/java/org/apache/sentry/binding/hive/authz/MetastoreAuthzObjectFilter.java e64d1a5 sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/hive/AbstractTestWithStaticConfiguration.java cc0465a sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/hive/TestShowMetadataPrivileges.java 6a88d0b sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/hive/TestShowMetadataPrivilegesOnSelectOnly.java PRE-CREATION Diff: https://reviews.apache.org/r/71901/diff/3/ Changes: https://reviews.apache.org/r/71901/diff/2-3/ Testing --- manually set the configuration to be true, and see only select action is used for authorization check Thanks, Na Li
Re: Review Request 71901: SENTRY-2540: Only use SELECT action for filter SHOW DATABASES and SHOW TABLES command based on configuration
> On Dec. 12, 2019, 6:02 p.m., kalyan kumar kalvagadda wrote: > > Code change looks good. Please add unit tests to cover the same. tests are added for the new behavior both default and enabled - Na --- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/71901/#review219015 --- On Dec. 13, 2019, 12:23 a.m., Na Li wrote: > > --- > This is an automatically generated e-mail. To reply, visit: > https://reviews.apache.org/r/71901/ > --- > > (Updated Dec. 13, 2019, 12:23 a.m.) > > > Review request for sentry, kalyan kumar kalvagadda and Vihang Karajgaonkar. > > > Bugs: sentry-2540 > https://issues.apache.org/jira/browse/sentry-2540 > > > Repository: sentry > > > Description > --- > > When there are thousands of databases, SHOW DATABASES may take a really long > time because SENTRY checks if user has any of the following privileges on > that database for filtering out the database > > DBModelAction.SELECT, DBModelAction.INSERT, DBModelAction.ALTER, > DBModelAction.CREATE, DBModelAction.DROP, DBModelAction.INDEX, > DBModelAction.LOCK > > To speedup the authorization checking for this case, Sentry can check only > the select privilege for SHOW DATABASES and SHOW TABLES based on > configuration. > > > Diffs > - > > > sentry-binding/sentry-binding-hive-conf/src/main/java/org/apache/sentry/binding/hive/conf/HiveAuthzConf.java > 5c43329 > > sentry-binding/sentry-binding-hive/src/main/java/org/apache/sentry/binding/hive/authz/MetastoreAuthzObjectFilter.java > e64d1a5 > > sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/hive/AbstractTestWithStaticConfiguration.java > cc0465a > > sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/hive/TestShowMetadataPrivileges.java > 6a88d0b > > sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/hive/TestShowMetadataPrivilegesOnSelectOnly.java > PRE-CREATION > > > Diff: https://reviews.apache.org/r/71901/diff/2/ > > > Testing > --- > > manually set the configuration to be true, and see only select action is used > for authorization check > > > Thanks, > > Na Li > >
Re: Review Request 71901: SENTRY-2540: Only use SELECT action for filter SHOW DATABASES and SHOW TABLES command based on configuration
--- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/71901/ --- (Updated Dec. 13, 2019, 12:23 a.m.) Review request for sentry, kalyan kumar kalvagadda and Vihang Karajgaonkar. Bugs: sentry-2540 https://issues.apache.org/jira/browse/sentry-2540 Repository: sentry Description --- When there are thousands of databases, SHOW DATABASES may take a really long time because SENTRY checks if user has any of the following privileges on that database for filtering out the database DBModelAction.SELECT, DBModelAction.INSERT, DBModelAction.ALTER, DBModelAction.CREATE, DBModelAction.DROP, DBModelAction.INDEX, DBModelAction.LOCK To speedup the authorization checking for this case, Sentry can check only the select privilege for SHOW DATABASES and SHOW TABLES based on configuration. Diffs (updated) - sentry-binding/sentry-binding-hive-conf/src/main/java/org/apache/sentry/binding/hive/conf/HiveAuthzConf.java 5c43329 sentry-binding/sentry-binding-hive/src/main/java/org/apache/sentry/binding/hive/authz/MetastoreAuthzObjectFilter.java e64d1a5 sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/hive/AbstractTestWithStaticConfiguration.java cc0465a sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/hive/TestShowMetadataPrivileges.java 6a88d0b sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/hive/TestShowMetadataPrivilegesOnSelectOnly.java PRE-CREATION Diff: https://reviews.apache.org/r/71901/diff/2/ Changes: https://reviews.apache.org/r/71901/diff/1-2/ Testing --- manually set the configuration to be true, and see only select action is used for authorization check Thanks, Na Li
Re: Review Request 71901: SENTRY-2540: Only use SELECT action for filter SHOW DATABASES and SHOW TABLES command based on configuration
--- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/71901/#review219015 --- Code change looks good. Please add unit tests to cover the same. - kalyan kumar kalvagadda On Dec. 11, 2019, 9:17 p.m., Na Li wrote: > > --- > This is an automatically generated e-mail. To reply, visit: > https://reviews.apache.org/r/71901/ > --- > > (Updated Dec. 11, 2019, 9:17 p.m.) > > > Review request for sentry, kalyan kumar kalvagadda and Vihang Karajgaonkar. > > > Bugs: sentry-2540 > https://issues.apache.org/jira/browse/sentry-2540 > > > Repository: sentry > > > Description > --- > > When there are thousands of databases, SHOW DATABASES may take a really long > time because SENTRY checks if user has any of the following privileges on > that database for filtering out the database > > DBModelAction.SELECT, DBModelAction.INSERT, DBModelAction.ALTER, > DBModelAction.CREATE, DBModelAction.DROP, DBModelAction.INDEX, > DBModelAction.LOCK > > To speedup the authorization checking for this case, Sentry can check only > the select privilege for SHOW DATABASES and SHOW TABLES based on > configuration. > > > Diffs > - > > > sentry-binding/sentry-binding-hive-conf/src/main/java/org/apache/sentry/binding/hive/conf/HiveAuthzConf.java > 5c43329 > > sentry-binding/sentry-binding-hive/src/main/java/org/apache/sentry/binding/hive/authz/MetastoreAuthzObjectFilter.java > e64d1a5 > > > Diff: https://reviews.apache.org/r/71901/diff/1/ > > > Testing > --- > > manually set the configuration to be true, and see only select action is used > for authorization check > > > Thanks, > > Na Li > >
Re: Review Request 71901: SENTRY-2540: Only use SELECT action for filter SHOW DATABASES and SHOW TABLES command based on configuration
--- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/71901/#review219010 --- Ship it! LGTM. - Vihang Karajgaonkar On Dec. 11, 2019, 9:17 p.m., Na Li wrote: > > --- > This is an automatically generated e-mail. To reply, visit: > https://reviews.apache.org/r/71901/ > --- > > (Updated Dec. 11, 2019, 9:17 p.m.) > > > Review request for sentry, kalyan kumar kalvagadda and Vihang Karajgaonkar. > > > Bugs: sentry-2540 > https://issues.apache.org/jira/browse/sentry-2540 > > > Repository: sentry > > > Description > --- > > When there are thousands of databases, SHOW DATABASES may take a really long > time because SENTRY checks if user has any of the following privileges on > that database for filtering out the database > > DBModelAction.SELECT, DBModelAction.INSERT, DBModelAction.ALTER, > DBModelAction.CREATE, DBModelAction.DROP, DBModelAction.INDEX, > DBModelAction.LOCK > > To speedup the authorization checking for this case, Sentry can check only > the select privilege for SHOW DATABASES and SHOW TABLES based on > configuration. > > > Diffs > - > > > sentry-binding/sentry-binding-hive-conf/src/main/java/org/apache/sentry/binding/hive/conf/HiveAuthzConf.java > 5c43329 > > sentry-binding/sentry-binding-hive/src/main/java/org/apache/sentry/binding/hive/authz/MetastoreAuthzObjectFilter.java > e64d1a5 > > > Diff: https://reviews.apache.org/r/71901/diff/1/ > > > Testing > --- > > manually set the configuration to be true, and see only select action is used > for authorization check > > > Thanks, > > Na Li > >
Review Request 71901: SENTRY-2540: Only use SELECT action for filter SHOW DATABASES and SHOW TABLES command based on configuration
--- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/71901/ --- Review request for sentry, kalyan kumar kalvagadda and Vihang Karajgaonkar. Bugs: sentry-2540 https://issues.apache.org/jira/browse/sentry-2540 Repository: sentry Description --- When there are thousands of databases, SHOW DATABASES may take a really long time because SENTRY checks if user has any of the following privileges on that database for filtering out the database DBModelAction.SELECT, DBModelAction.INSERT, DBModelAction.ALTER, DBModelAction.CREATE, DBModelAction.DROP, DBModelAction.INDEX, DBModelAction.LOCK To speedup the authorization checking for this case, Sentry can check only the select privilege for SHOW DATABASES and SHOW TABLES based on configuration. Diffs - sentry-binding/sentry-binding-hive-conf/src/main/java/org/apache/sentry/binding/hive/conf/HiveAuthzConf.java 5c43329 sentry-binding/sentry-binding-hive/src/main/java/org/apache/sentry/binding/hive/authz/MetastoreAuthzObjectFilter.java e64d1a5 Diff: https://reviews.apache.org/r/71901/diff/1/ Testing --- manually set the configuration to be true, and see only select action is used for authorization check Thanks, Na Li