[jira] [Commented] (SENTRY-2329) Integrate sentry with Hadoop 3.1.1
[ https://issues.apache.org/jira/browse/SENTRY-2329?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16665287#comment-16665287 ] Hadoop QA commented on SENTRY-2329: --- Here are the results of testing the latest attachment https://issues.apache.org/jira/secure/attachment/12945784/SENTRY-2329.4.patch against master. {color:red}Overall:{color} -1 due to 6 errors {color:red}ERROR:{color} mvn test exited 1 {color:red}ERROR:{color} Failed: org.apache.sentry.policy.solr.TestSolrPolicyEngineDFS {color:red}ERROR:{color} Failed: org.apache.sentry.binding.solr.TestSolrAuthzBinding {color:red}ERROR:{color} Failed: org.apache.sentry.api.service.thrift.TestSentryWebServerWithKerberos {color:red}ERROR:{color} Failed: org.apache.sentry.api.service.thrift.TestSentryWebServerWithKerberos {color:red}ERROR:{color} Failed: org.apache.sentry.api.service.thrift.TestSentryWebServerWithKerberos Console output: https://builds.apache.org/job/PreCommit-SENTRY-Build/4203/console This message is automatically generated. > Integrate sentry with Hadoop 3.1.1 > -- > > Key: SENTRY-2329 > URL: https://issues.apache.org/jira/browse/SENTRY-2329 > Project: Sentry > Issue Type: Improvement > Components: Sentry >Affects Versions: 2.1.0 >Reporter: kalyan kumar kalvagadda >Assignee: Sergio Peña >Priority: Major > Attachments: SENTRY-2329.001.patch, SENTRY-2329.2.patch, > SENTRY-2329.3.patch, SENTRY-2329.4.patch > > > Change the sentry dependency of hadoop to 3.1.1 so that sentry can integrate > with hadoop 3.1.1 -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Created] (SENTRY-2436) Add annotations for classes that are used in binding as public
Xinran Tinney created SENTRY-2436: - Summary: Add annotations for classes that are used in binding as public Key: SENTRY-2436 URL: https://issues.apache.org/jira/browse/SENTRY-2436 Project: Sentry Issue Type: Task Reporter: Xinran Tinney Some classes e.g. PolicyEngine etc are used in the bindings. These classes should be annotated as public. -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Assigned] (SENTRY-2436) Add annotations for classes that are used in binding as public
[ https://issues.apache.org/jira/browse/SENTRY-2436?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Xinran Tinney reassigned SENTRY-2436: - Assignee: Xinran Tinney > Add annotations for classes that are used in binding as public > -- > > Key: SENTRY-2436 > URL: https://issues.apache.org/jira/browse/SENTRY-2436 > Project: Sentry > Issue Type: Task >Reporter: Xinran Tinney >Assignee: Xinran Tinney >Priority: Minor > > Some classes e.g. PolicyEngine etc are used in the bindings. These classes > should be annotated as public. -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Updated] (SENTRY-2372) SentryStore should not implement grantOptionCheck
[ https://issues.apache.org/jira/browse/SENTRY-2372?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Sergio Peña updated SENTRY-2372: Attachment: SENTRY-2372.7.patch > SentryStore should not implement grantOptionCheck > - > > Key: SENTRY-2372 > URL: https://issues.apache.org/jira/browse/SENTRY-2372 > Project: Sentry > Issue Type: Improvement > Components: Sentry, sentrystore >Affects Versions: 2.1.0 >Reporter: Sergio Peña >Assignee: Sergio Peña >Priority: Major > Attachments: SENTRY-2372.1.patch, SENTRY-2372.2.patch, > SENTRY-2372.3.patch, SENTRY-2372.4.patch, SENTRY-2372.5.patch, > SENTRY-2372.6.patch, SENTRY-2372.7.patch > > > During functional testing it was found that SentryStore implementation > contains logic that enforces sentry rights and depends on cluster-specific > context. Specifically grantOptionCheck needs to be able to resolve hadoop > user's groups and sentry admin groups configured on the cluster. > There are two problems with this: > # Some backends use SentryStore in a multi-tenant way and does have the > context that SentryStore expects when it is used in cluster. > # Security enforcement logic shouldn't be in SentryStore if it is to be > trusted. Since the backends Sentry API may be stateless the caller has to > pass request context to such implementation backend together with the > explicit SentryStore arguments. If the context (e.g. groups) is passed with > the request the checks become unenforceable since caller controls variables > on both sides of the comparison. > The recommendation is to remove {{grantOptionCheck}} and {{SentryStore}} and > to implement equivalent logic in {{SentryPolicyStoreProcessor}}. -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Commented] (SENTRY-2433) Dropping object privileges does not include update of dropping user privileges
[ https://issues.apache.org/jira/browse/SENTRY-2433?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16665738#comment-16665738 ] Hadoop QA commented on SENTRY-2433: --- Here are the results of testing the latest attachment https://issues.apache.org/jira/secure/attachment/12945819/SENTRY-2433.001.patch against master. {color:green}Overall:{color} +1 all checks pass {color:green}SUCCESS:{color} all tests passed Console output: https://builds.apache.org/job/PreCommit-SENTRY-Build/4205/console This message is automatically generated. > Dropping object privileges does not include update of dropping user privileges > -- > > Key: SENTRY-2433 > URL: https://issues.apache.org/jira/browse/SENTRY-2433 > Project: Sentry > Issue Type: Bug > Components: Sentry >Affects Versions: 2.1.0, 2.2.0 >Reporter: Na Li >Assignee: Na Li >Priority: Major > Attachments: SENTRY-2433.001.patch, SENTRY-2433.001.patch > > > When dropping privileges of an object, the update of this processing only > includes dropping role based privileges, and does not includes dropping user > based privileges. > If the to-be-dropped object is an external table, the path at HDFS still > exists, and the user access wills till be there even after sentry privileges > associated with that external table is dropped. -- This message was sent by Atlassian JIRA (v7.6.3#76005)