[jira] [Commented] (SENTRY-2162) Retrieve and list user privileges for authorization
[
https://issues.apache.org/jira/browse/SENTRY-2162?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16501195#comment-16501195
]
Hadoop QA commented on SENTRY-2162:
---
Here are the results of testing the latest attachment
https://issues.apache.org/jira/secure/attachment/12926488/SENTRY-2162.1.patch
against master.
{color:red}Overall:{color} -1 due to 3 errors
{color:red}ERROR:{color} mvn test exited 1
{color:red}ERROR:{color} Failed:
org.apache.sentry.api.service.thrift.TestSentryServerForPoolWithoutKerberos
{color:red}ERROR:{color} Failed:
org.apache.sentry.api.service.thrift.TestSentryServerWithoutKerberos
Console output:
https://builds.apache.org/job/PreCommit-SENTRY-Build/3851/console
This message is automatically generated.
> Retrieve and list user privileges for authorization
> ---
>
> Key: SENTRY-2162
> URL: https://issues.apache.org/jira/browse/SENTRY-2162
> Project: Sentry
> Issue Type: Sub-task
> Components: Sentry
>Affects Versions: 2.1.0
>Reporter: Na Li
>Assignee: Sergio Peña
>Priority: Major
> Fix For: 2.1.0
>
> Attachments: SENTRY-2162.1.patch
>
>
> Make sure the implicit privileges assigned to user directly are retried and
> applied for authorization request. This may require the code change in
> SentryPolicyStoreProcessor and several other places.
> For example,
> after user_A creates table_B and get "all" privilege on table_B, user_A can
> insert rows into that table.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
[jira] [Updated] (SENTRY-2162) Retrieve and list user privileges for authorization
[ https://issues.apache.org/jira/browse/SENTRY-2162?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Sergio Peña updated SENTRY-2162: Attachment: SENTRY-2162.1.patch > Retrieve and list user privileges for authorization > --- > > Key: SENTRY-2162 > URL: https://issues.apache.org/jira/browse/SENTRY-2162 > Project: Sentry > Issue Type: Sub-task > Components: Sentry >Affects Versions: 2.1.0 >Reporter: Na Li >Assignee: Sergio Peña >Priority: Major > Fix For: 2.1.0 > > Attachments: SENTRY-2162.1.patch > > > Make sure the implicit privileges assigned to user directly are retried and > applied for authorization request. This may require the code change in > SentryPolicyStoreProcessor and several other places. > For example, > after user_A creates table_B and get "all" privilege on table_B, user_A can > insert rows into that table. -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Updated] (SENTRY-2256) Make thrift API changes to get user privileges from Sentry
[ https://issues.apache.org/jira/browse/SENTRY-2256?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Sergio Peña updated SENTRY-2256: Resolution: Fixed Fix Version/s: 2.1.0 Status: Resolved (was: Patch Available) > Make thrift API changes to get user privileges from Sentry > -- > > Key: SENTRY-2256 > URL: https://issues.apache.org/jira/browse/SENTRY-2256 > Project: Sentry > Issue Type: Sub-task > Components: Sentry >Affects Versions: 2.1.0 >Reporter: Sergio Peña >Assignee: Sergio Peña >Priority: Major > Fix For: 2.1.0 > > Attachments: SENTRY-2256.1.patch, SENTRY-2256.2.patch, > SENTRY-2256.3.patch, SENTRY-2256.4.patch > > > This subtask will add new thrift API changes to allow Sentry clients to > request user privileges from the Sentry server. -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Commented] (SENTRY-2158) Update notification handler to update privileges to user
[
https://issues.apache.org/jira/browse/SENTRY-2158?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16501087#comment-16501087
]
Hadoop QA commented on SENTRY-2158:
---
Here are the results of testing the latest attachment
https://issues.apache.org/jira/secure/attachment/12926450/SENTRY-2158.001.patch
against master.
{color:green}Overall:{color} +1 all checks pass
{color:green}SUCCESS:{color} all tests passed
Console output:
https://builds.apache.org/job/PreCommit-SENTRY-Build/3850/console
This message is automatically generated.
> Update notification handler to update privileges to user
>
>
> Key: SENTRY-2158
> URL: https://issues.apache.org/jira/browse/SENTRY-2158
> Project: Sentry
> Issue Type: Sub-task
> Components: Sentry
>Affects Versions: 2.1.0
>Reporter: Na Li
>Assignee: Na Li
>Priority: Major
> Fix For: 2.1.0
>
> Attachments: SENTRY-2158.001.patch
>
>
> SentryPolicyStoreProcessor calls NotificationHandlerInvoker when processing
> permission related commands. We should update notification handler in the
> following files when granting privileges to user.
> When authorizable changes, need to change user privileges too
>
> sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/thrift/NotificationHandler.java
> sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/thrift/NotificationHandlerInvoker.java
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
[jira] [Commented] (SENTRY-2256) Make thrift API changes to get user privileges from Sentry
[
https://issues.apache.org/jira/browse/SENTRY-2256?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16501007#comment-16501007
]
Hadoop QA commented on SENTRY-2256:
---
Here are the results of testing the latest attachment
https://issues.apache.org/jira/secure/attachment/12926415/SENTRY-2256.4.patch
against master.
{color:green}Overall:{color} +1 all checks pass
{color:green}SUCCESS:{color} all tests passed
Console output:
https://builds.apache.org/job/PreCommit-SENTRY-Build/3849/console
This message is automatically generated.
> Make thrift API changes to get user privileges from Sentry
> --
>
> Key: SENTRY-2256
> URL: https://issues.apache.org/jira/browse/SENTRY-2256
> Project: Sentry
> Issue Type: Sub-task
> Components: Sentry
>Affects Versions: 2.1.0
>Reporter: Sergio Peña
>Assignee: Sergio Peña
>Priority: Major
> Attachments: SENTRY-2256.1.patch, SENTRY-2256.2.patch,
> SENTRY-2256.3.patch, SENTRY-2256.4.patch
>
>
> This subtask will add new thrift API changes to allow Sentry clients to
> request user privileges from the Sentry server.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
[jira] [Updated] (SENTRY-2258) Remove user when it is not associated with other objects
[ https://issues.apache.org/jira/browse/SENTRY-2258?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Na Li updated SENTRY-2258: -- Attachment: SENTRY-2258.001.patch > Remove user when it is not associated with other objects > > > Key: SENTRY-2258 > URL: https://issues.apache.org/jira/browse/SENTRY-2258 > Project: Sentry > Issue Type: Sub-task > Components: Sentry >Affects Versions: 2.1.0 >Reporter: Na Li >Assignee: Na Li >Priority: Major > Attachments: SENTRY-2258.001.patch > > Original Estimate: 72h > Remaining Estimate: 72h > > When a privilege is created and assigned to a user, this user is > automatically created if it does not exist. > So when a privilege is removed from a user, or a role is removed from a user, > this user should be removed when it is not associated with other objects > (like privileges and roles) -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Updated] (SENTRY-2158) Update notification handler to update privileges to user
[ https://issues.apache.org/jira/browse/SENTRY-2158?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Na Li updated SENTRY-2158: -- Status: Patch Available (was: Open) > Update notification handler to update privileges to user > > > Key: SENTRY-2158 > URL: https://issues.apache.org/jira/browse/SENTRY-2158 > Project: Sentry > Issue Type: Sub-task > Components: Sentry >Affects Versions: 2.1.0 >Reporter: Na Li >Assignee: Na Li >Priority: Major > Fix For: 2.1.0 > > Attachments: SENTRY-2158.001.patch > > > SentryPolicyStoreProcessor calls NotificationHandlerInvoker when processing > permission related commands. We should update notification handler in the > following files when granting privileges to user. > When authorizable changes, need to change user privileges too > > sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/thrift/NotificationHandler.java > sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/thrift/NotificationHandlerInvoker.java -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Updated] (SENTRY-2158) Update notification handler to update privileges to user
[ https://issues.apache.org/jira/browse/SENTRY-2158?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Na Li updated SENTRY-2158: -- Attachment: SENTRY-2158.001.patch > Update notification handler to update privileges to user > > > Key: SENTRY-2158 > URL: https://issues.apache.org/jira/browse/SENTRY-2158 > Project: Sentry > Issue Type: Sub-task > Components: Sentry >Affects Versions: 2.1.0 >Reporter: Na Li >Assignee: Na Li >Priority: Major > Fix For: 2.1.0 > > Attachments: SENTRY-2158.001.patch > > > SentryPolicyStoreProcessor calls NotificationHandlerInvoker when processing > permission related commands. We should update notification handler in the > following files when granting privileges to user. > When authorizable changes, need to change user privileges too > > sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/thrift/NotificationHandler.java > sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/thrift/NotificationHandlerInvoker.java -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Commented] (SENTRY-2157) Update audit log to grant/Revoke privilege to user
[ https://issues.apache.org/jira/browse/SENTRY-2157?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16500836#comment-16500836 ] Na Li commented on SENTRY-2157: --- Can following similar approach in sentry-728. https://reviews.apache.org/r/34080 > Update audit log to grant/Revoke privilege to user > -- > > Key: SENTRY-2157 > URL: https://issues.apache.org/jira/browse/SENTRY-2157 > Project: Sentry > Issue Type: Sub-task > Components: Sentry >Affects Versions: 2.1.0 >Reporter: Na Li >Priority: Major > Fix For: 2.1.0 > > > Update audit log to grant/revoke privileges to user -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Updated] (SENTRY-2162) Retrieve and list user privileges for authorization
[ https://issues.apache.org/jira/browse/SENTRY-2162?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Sergio Peña updated SENTRY-2162: Attachment: (was: SENTRY-2162.1.patch) > Retrieve and list user privileges for authorization > --- > > Key: SENTRY-2162 > URL: https://issues.apache.org/jira/browse/SENTRY-2162 > Project: Sentry > Issue Type: Sub-task > Components: Sentry >Affects Versions: 2.1.0 >Reporter: Na Li >Assignee: Sergio Peña >Priority: Major > Fix For: 2.1.0 > > > Make sure the implicit privileges assigned to user directly are retried and > applied for authorization request. This may require the code change in > SentryPolicyStoreProcessor and several other places. > For example, > after user_A creates table_B and get "all" privilege on table_B, user_A can > insert rows into that table. -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Created] (SENTRY-2258) Remove user when it is not associated with other objects
Na Li created SENTRY-2258: - Summary: Remove user when it is not associated with other objects Key: SENTRY-2258 URL: https://issues.apache.org/jira/browse/SENTRY-2258 Project: Sentry Issue Type: Sub-task Components: Sentry Affects Versions: 2.1.0 Reporter: Na Li Assignee: Na Li When a privilege is created and assigned to a user, this user is automatically created if it does not exist. So when a privilege is removed from a user, or a role is removed from a user, this user should be removed when it is not associated with other objects (like privileges and roles) -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Commented] (SENTRY-2256) Make thrift API changes to get user privileges from Sentry
[
https://issues.apache.org/jira/browse/SENTRY-2256?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16500801#comment-16500801
]
Hadoop QA commented on SENTRY-2256:
---
Here are the results of testing the latest attachment
https://issues.apache.org/jira/secure/attachment/12926415/SENTRY-2256.4.patch
against master.
{color:red}Overall:{color} -1 due to 4 errors
{color:red}ERROR:{color} mvn test exited 1
{color:red}ERROR:{color} Failed:
org.apache.sentry.tests.e2e.hdfs.TestHDFSIntegrationWithHA
{color:red}ERROR:{color} Failed:
org.apache.sentry.tests.e2e.hdfs.TestHDFSIntegrationTogglingConf
{color:red}ERROR:{color} Failed:
org.apache.sentry.tests.e2e.hdfs.TestHDFSIntegrationAdvanced
Console output:
https://builds.apache.org/job/PreCommit-SENTRY-Build/3847/console
This message is automatically generated.
> Make thrift API changes to get user privileges from Sentry
> --
>
> Key: SENTRY-2256
> URL: https://issues.apache.org/jira/browse/SENTRY-2256
> Project: Sentry
> Issue Type: Sub-task
> Components: Sentry
>Affects Versions: 2.1.0
>Reporter: Sergio Peña
>Assignee: Sergio Peña
>Priority: Major
> Attachments: SENTRY-2256.1.patch, SENTRY-2256.2.patch,
> SENTRY-2256.3.patch, SENTRY-2256.4.patch
>
>
> This subtask will add new thrift API changes to allow Sentry clients to
> request user privileges from the Sentry server.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
[jira] [Commented] (SENTRY-2256) Make thrift API changes to get user privileges from Sentry
[
https://issues.apache.org/jira/browse/SENTRY-2256?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16500798#comment-16500798
]
Hadoop QA commented on SENTRY-2256:
---
Here are the results of testing the latest attachment
https://issues.apache.org/jira/secure/attachment/12926415/SENTRY-2256.4.patch
against master.
{color:red}Overall:{color} -1 due to an error
{color:red}ERROR:{color} failed to build with patch (exit code 143)
Console output:
https://builds.apache.org/job/PreCommit-SENTRY-Build/3848/console
This message is automatically generated.
> Make thrift API changes to get user privileges from Sentry
> --
>
> Key: SENTRY-2256
> URL: https://issues.apache.org/jira/browse/SENTRY-2256
> Project: Sentry
> Issue Type: Sub-task
> Components: Sentry
>Affects Versions: 2.1.0
>Reporter: Sergio Peña
>Assignee: Sergio Peña
>Priority: Major
> Attachments: SENTRY-2256.1.patch, SENTRY-2256.2.patch,
> SENTRY-2256.3.patch, SENTRY-2256.4.patch
>
>
> This subtask will add new thrift API changes to allow Sentry clients to
> request user privileges from the Sentry server.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
[jira] [Resolved] (SENTRY-2161) Make sure partial invoke only applies to explicit privileges
[ https://issues.apache.org/jira/browse/SENTRY-2161?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Na Li resolved SENTRY-2161. --- Resolution: Not A Problem New design assigns owner a privilege "OWNER", and won't cause User_A to lose its original "SELECT" privilege. So this is no longer an issue. > Make sure partial invoke only applies to explicit privileges > > > Key: SENTRY-2161 > URL: https://issues.apache.org/jira/browse/SENTRY-2161 > Project: Sentry > Issue Type: Sub-task >Reporter: Na Li >Assignee: Na Li >Priority: Major > > *Background:* > Partial revoke > For examples: > 1. When a role has been granted "all" on table and the role already has > select/insert on privileges, they are removed automatically as "all" covers > the "select/insert". > 2. When a role already has "all" privileges on a table and "select" privilege > are revoked, "all" privileges is revoked and "insert" is added automatically > as there are only "select", "insert", and "all". > Hierarchical privileges: > Revoking privilege on a database would effect the privileges granted to the > tables in that database. > *Problem:* > For example: > 1) User_A has "select" on table_B > 2) User_A is set to owner of table_B and gets "ALL" privilege on table_B as > implicit privilege > 3) User_A is not owner of table_B any more > based on partial invoke behavior, User_A will lose "select" on table_B after > step 3). The desired behavior is for User_A still retains "select" on table_B > after step 3) > *Solution:* > Only apply partial revoke to user configured privileges (explicit privilege), > and not affect implicit privileges. -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Updated] (SENTRY-2161) Make sure partial invoke only applies to explicit privileges
[ https://issues.apache.org/jira/browse/SENTRY-2161?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Na Li updated SENTRY-2161: -- Description: *Background:* Partial revoke For examples: 1. When a role has been granted "all" on table and the role already has select/insert on privileges, they are removed automatically as "all" covers the "select/insert". 2. When a role already has "all" privileges on a table and "select" privilege are revoked, "all" privileges is revoked and "insert" is added automatically as there are only "select", "insert", and "all". Hierarchical privileges: Revoking privilege on a database would effect the privileges granted to the tables in that database. *Problem:* For example: 1) User_A has "select" on table_B 2) User_A is set to owner of table_B and gets "ALL" privilege on table_B as implicit privilege 3) User_A is not owner of table_B any more based on partial invoke behavior, User_A will lose "select" on table_B after step 3). The desired behavior is for User_A still retains "select" on table_B after step 3) *Solution:* Only apply partial revoke to user configured privileges (explicit privilege), and not affect implicit privileges. was: *Background:* Partial revoke For examples: 1. When a role has been granted "all" on table and the role already has select/insert on privileges, they are removed automatically as "all" covers the "select/insert". 2. When a role already has "all" privileges on a table and "select" privilege are revoked, "all" privileges is revoked and "insert" is added automatically as there are only "select", "insert", and "all". Hierarchical privileges: Revoking privilege on a database would effect the privileges granted to the tables in that database. *Problem:* For example: 1) User_A has "select" on table_B 2) User_A is set to owner of table_B and gets "all" privilege on table_B as implicit privilege 3) User_A is not owner of table_B any more based on partial invoke behavior, User_A will lose "select" on table_B after step 3). The desired behavior is for User_A still retains "select" on table_B after step 3) *Solution:* Only apply partial revoke to user configured privileges (explicit privilege), and not affect implicit privileges. > Make sure partial invoke only applies to explicit privileges > > > Key: SENTRY-2161 > URL: https://issues.apache.org/jira/browse/SENTRY-2161 > Project: Sentry > Issue Type: Sub-task >Reporter: Na Li >Assignee: Na Li >Priority: Major > > *Background:* > Partial revoke > For examples: > 1. When a role has been granted "all" on table and the role already has > select/insert on privileges, they are removed automatically as "all" covers > the "select/insert". > 2. When a role already has "all" privileges on a table and "select" privilege > are revoked, "all" privileges is revoked and "insert" is added automatically > as there are only "select", "insert", and "all". > Hierarchical privileges: > Revoking privilege on a database would effect the privileges granted to the > tables in that database. > *Problem:* > For example: > 1) User_A has "select" on table_B > 2) User_A is set to owner of table_B and gets "ALL" privilege on table_B as > implicit privilege > 3) User_A is not owner of table_B any more > based on partial invoke behavior, User_A will lose "select" on table_B after > step 3). The desired behavior is for User_A still retains "select" on table_B > after step 3) > *Solution:* > Only apply partial revoke to user configured privileges (explicit privilege), > and not affect implicit privileges. -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Updated] (SENTRY-2257) Implement Sentry store API to update owner privilege on a authorizable
[ https://issues.apache.org/jira/browse/SENTRY-2257?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] kalyan kumar kalvagadda updated SENTRY-2257: Summary: Implement Sentry store API to update owner privilege on a authorizable (was: Implement Sentry store API to remove update on a authorizable) > Implement Sentry store API to update owner privilege on a authorizable > -- > > Key: SENTRY-2257 > URL: https://issues.apache.org/jira/browse/SENTRY-2257 > Project: Sentry > Issue Type: Bug > Components: Sentry >Affects Versions: 2.1.0 >Reporter: kalyan kumar kalvagadda >Assignee: kalyan kumar kalvagadda >Priority: Major > Fix For: 2.1.0 > > > Implement functionality in sentry store to update owner privilege on an > authorizable. -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Updated] (SENTRY-2257) Implement Sentry store API to remove update on a authorizable
[ https://issues.apache.org/jira/browse/SENTRY-2257?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] kalyan kumar kalvagadda updated SENTRY-2257: Description: Implement functionality in sentry store to update owner privilege on an authorizable. (was: Implement functionality in sentry store to remove owner privilege on an authorizable.) > Implement Sentry store API to remove update on a authorizable > - > > Key: SENTRY-2257 > URL: https://issues.apache.org/jira/browse/SENTRY-2257 > Project: Sentry > Issue Type: Bug > Components: Sentry >Affects Versions: 2.1.0 >Reporter: kalyan kumar kalvagadda >Assignee: kalyan kumar kalvagadda >Priority: Major > Fix For: 2.1.0 > > > Implement functionality in sentry store to update owner privilege on an > authorizable. -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Updated] (SENTRY-2257) Implement Sentry store API to remove update on a authorizable
[ https://issues.apache.org/jira/browse/SENTRY-2257?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] kalyan kumar kalvagadda updated SENTRY-2257: Summary: Implement Sentry store API to remove update on a authorizable (was: Implement Sentry store API to remove owner on a authorizable) > Implement Sentry store API to remove update on a authorizable > - > > Key: SENTRY-2257 > URL: https://issues.apache.org/jira/browse/SENTRY-2257 > Project: Sentry > Issue Type: Bug > Components: Sentry >Affects Versions: 2.1.0 >Reporter: kalyan kumar kalvagadda >Assignee: kalyan kumar kalvagadda >Priority: Major > Fix For: 2.1.0 > > > Implement functionality in sentry store to remove owner privilege on an > authorizable. -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Commented] (SENTRY-2257) Implement Sentry store API to remove owner on a authorizable
[ https://issues.apache.org/jira/browse/SENTRY-2257?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16500692#comment-16500692 ] kalyan kumar kalvagadda commented on SENTRY-2257: - I initially thought of having them in separate transactions after taking to [~lina.li] i'm convinced that they should be in same transaction. I will update the Jira accordingly. > Implement Sentry store API to remove owner on a authorizable > > > Key: SENTRY-2257 > URL: https://issues.apache.org/jira/browse/SENTRY-2257 > Project: Sentry > Issue Type: Bug > Components: Sentry >Affects Versions: 2.1.0 >Reporter: kalyan kumar kalvagadda >Assignee: kalyan kumar kalvagadda >Priority: Major > Fix For: 2.1.0 > > > Implement functionality in sentry store to remove owner privilege on an > authorizable. -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Commented] (SENTRY-2257) Implement Sentry store API to remove owner on a authorizable
[ https://issues.apache.org/jira/browse/SENTRY-2257?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16500671#comment-16500671 ] Sergio Peña commented on SENTRY-2257: - Would this be to replace? The remove and insert of owner privileges will need to be run in a transaction, right? > Implement Sentry store API to remove owner on a authorizable > > > Key: SENTRY-2257 > URL: https://issues.apache.org/jira/browse/SENTRY-2257 > Project: Sentry > Issue Type: Bug > Components: Sentry >Affects Versions: 2.1.0 >Reporter: kalyan kumar kalvagadda >Assignee: kalyan kumar kalvagadda >Priority: Major > Fix For: 2.1.0 > > > Implement functionality in sentry store to remove owner privilege on an > authorizable. -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Commented] (SENTRY-2244) Alter sentry role or user at granting privilege can avoid extra query to database
[
https://issues.apache.org/jira/browse/SENTRY-2244?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16500661#comment-16500661
]
Hadoop QA commented on SENTRY-2244:
---
Here are the results of testing the latest attachment
https://issues.apache.org/jira/secure/attachment/12926398/SENTRY-2244.002.patch
against master.
{color:green}Overall:{color} +1 all checks pass
{color:green}SUCCESS:{color} all tests passed
Console output:
https://builds.apache.org/job/PreCommit-SENTRY-Build/3844/console
This message is automatically generated.
> Alter sentry role or user at granting privilege can avoid extra query to
> database
> -
>
> Key: SENTRY-2244
> URL: https://issues.apache.org/jira/browse/SENTRY-2244
> Project: Sentry
> Issue Type: Sub-task
> Components: Sentry
>Affects Versions: 2.1.0
>Reporter: Na Li
>Assignee: Na Li
>Priority: Major
> Attachments: SENTRY-2244.001.patch, SENTRY-2244.002.patch,
> SENTRY-2244.002.patch
>
>
> In alterSentryRoleGrantPrivilegeCore and alterSentryUserGrantPrivilegeCore ,
> all of the privileges of a role or a user are already fetched from DB. In
> following processing, there is no need to query DB to get privilege INSERT,
> SELECT, ALL of this role again.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
[jira] [Created] (SENTRY-2257) Implement Sentry store API to remove owner on a authorizable
kalyan kumar kalvagadda created SENTRY-2257: --- Summary: Implement Sentry store API to remove owner on a authorizable Key: SENTRY-2257 URL: https://issues.apache.org/jira/browse/SENTRY-2257 Project: Sentry Issue Type: Bug Components: Sentry Affects Versions: 2.1.0 Reporter: kalyan kumar kalvagadda Assignee: kalyan kumar kalvagadda Fix For: 2.1.0 Implement functionality in sentry store to remove owner privilege on an authorizable. -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Commented] (SENTRY-2241) Extend the Sync Listener to pass owner information to sentry server.
[
https://issues.apache.org/jira/browse/SENTRY-2241?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16500561#comment-16500561
]
Hadoop QA commented on SENTRY-2241:
---
Here are the results of testing the latest attachment
https://issues.apache.org/jira/secure/attachment/12926403/SENTRY-2241.001.patch
against master.
{color:green}Overall:{color} +1 all checks pass
{color:green}SUCCESS:{color} all tests passed
Console output:
https://builds.apache.org/job/PreCommit-SENTRY-Build/3845/console
This message is automatically generated.
> Extend the Sync Listener to pass owner information to sentry server.
>
>
> Key: SENTRY-2241
> URL: https://issues.apache.org/jira/browse/SENTRY-2241
> Project: Sentry
> Issue Type: Sub-task
> Components: Sentry
>Affects Versions: 2.1.0
>Reporter: kalyan kumar kalvagadda
>Assignee: kalyan kumar kalvagadda
>Priority: Major
> Attachments: SENTRY-2241.001.patch
>
>
> Sentry has SentrySyncHMSNotificationsPostEventListener which is added a post
> listener in HMS. This listener should be extended to get the owner
> information of tables and databases.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
[jira] [Updated] (SENTRY-2256) Make thrift API changes to get user privileges from Sentry
[ https://issues.apache.org/jira/browse/SENTRY-2256?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Sergio Peña updated SENTRY-2256: Attachment: SENTRY-2256.4.patch > Make thrift API changes to get user privileges from Sentry > -- > > Key: SENTRY-2256 > URL: https://issues.apache.org/jira/browse/SENTRY-2256 > Project: Sentry > Issue Type: Sub-task > Components: Sentry >Affects Versions: 2.1.0 >Reporter: Sergio Peña >Assignee: Sergio Peña >Priority: Major > Attachments: SENTRY-2256.1.patch, SENTRY-2256.2.patch, > SENTRY-2256.3.patch, SENTRY-2256.4.patch > > > This subtask will add new thrift API changes to allow Sentry clients to > request user privileges from the Sentry server. -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Commented] (SENTRY-2256) Make thrift API changes to get user privileges from Sentry
[
https://issues.apache.org/jira/browse/SENTRY-2256?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16500466#comment-16500466
]
Hadoop QA commented on SENTRY-2256:
---
Here are the results of testing the latest attachment
https://issues.apache.org/jira/secure/attachment/12926408/SENTRY-2256.3.patch
against master.
{color:red}Overall:{color} -1 due to an error
{color:red}ERROR:{color} failed to build with patch (exit code 1)
Console output:
https://builds.apache.org/job/PreCommit-SENTRY-Build/3846/console
This message is automatically generated.
> Make thrift API changes to get user privileges from Sentry
> --
>
> Key: SENTRY-2256
> URL: https://issues.apache.org/jira/browse/SENTRY-2256
> Project: Sentry
> Issue Type: Sub-task
> Components: Sentry
>Affects Versions: 2.1.0
>Reporter: Sergio Peña
>Assignee: Sergio Peña
>Priority: Major
> Attachments: SENTRY-2256.1.patch, SENTRY-2256.2.patch,
> SENTRY-2256.3.patch
>
>
> This subtask will add new thrift API changes to allow Sentry clients to
> request user privileges from the Sentry server.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
[jira] [Updated] (SENTRY-2256) Make thrift API changes to get user privileges from Sentry
[ https://issues.apache.org/jira/browse/SENTRY-2256?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Sergio Peña updated SENTRY-2256: Attachment: SENTRY-2256.3.patch > Make thrift API changes to get user privileges from Sentry > -- > > Key: SENTRY-2256 > URL: https://issues.apache.org/jira/browse/SENTRY-2256 > Project: Sentry > Issue Type: Sub-task > Components: Sentry >Affects Versions: 2.1.0 >Reporter: Sergio Peña >Assignee: Sergio Peña >Priority: Major > Attachments: SENTRY-2256.1.patch, SENTRY-2256.2.patch, > SENTRY-2256.3.patch > > > This subtask will add new thrift API changes to allow Sentry clients to > request user privileges from the Sentry server. -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Updated] (SENTRY-2241) Extend the Sync Listener to pass owner information to sentry server.
[ https://issues.apache.org/jira/browse/SENTRY-2241?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] kalyan kumar kalvagadda updated SENTRY-2241: Attachment: SENTRY-2241.001.patch > Extend the Sync Listener to pass owner information to sentry server. > > > Key: SENTRY-2241 > URL: https://issues.apache.org/jira/browse/SENTRY-2241 > Project: Sentry > Issue Type: Sub-task > Components: Sentry >Affects Versions: 2.1.0 >Reporter: kalyan kumar kalvagadda >Assignee: kalyan kumar kalvagadda >Priority: Major > Attachments: SENTRY-2241.001.patch > > > Sentry has SentrySyncHMSNotificationsPostEventListener which is added a post > listener in HMS. This listener should be extended to get the owner > information of tables and databases. -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Updated] (SENTRY-2241) Extend the Sync Listener to pass owner information to sentry server.
[ https://issues.apache.org/jira/browse/SENTRY-2241?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] kalyan kumar kalvagadda updated SENTRY-2241: Attachment: (was: SENTRY-2241.001.patch) > Extend the Sync Listener to pass owner information to sentry server. > > > Key: SENTRY-2241 > URL: https://issues.apache.org/jira/browse/SENTRY-2241 > Project: Sentry > Issue Type: Sub-task > Components: Sentry >Affects Versions: 2.1.0 >Reporter: kalyan kumar kalvagadda >Assignee: kalyan kumar kalvagadda >Priority: Major > Attachments: SENTRY-2241.001.patch > > > Sentry has SentrySyncHMSNotificationsPostEventListener which is added a post > listener in HMS. This listener should be extended to get the owner > information of tables and databases. -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Updated] (SENTRY-2241) Extend the Sync Listener to pass owner information to sentry server.
[ https://issues.apache.org/jira/browse/SENTRY-2241?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] kalyan kumar kalvagadda updated SENTRY-2241: Attachment: (was: SENTRY-2241.001.patch) > Extend the Sync Listener to pass owner information to sentry server. > > > Key: SENTRY-2241 > URL: https://issues.apache.org/jira/browse/SENTRY-2241 > Project: Sentry > Issue Type: Sub-task > Components: Sentry >Affects Versions: 2.1.0 >Reporter: kalyan kumar kalvagadda >Assignee: kalyan kumar kalvagadda >Priority: Major > Attachments: SENTRY-2241.001.patch > > > Sentry has SentrySyncHMSNotificationsPostEventListener which is added a post > listener in HMS. This listener should be extended to get the owner > information of tables and databases. -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Updated] (SENTRY-2244) Alter sentry role or user at granting privilege can avoid extra query to database
[ https://issues.apache.org/jira/browse/SENTRY-2244?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Na Li updated SENTRY-2244: -- Attachment: SENTRY-2244.002.patch > Alter sentry role or user at granting privilege can avoid extra query to > database > - > > Key: SENTRY-2244 > URL: https://issues.apache.org/jira/browse/SENTRY-2244 > Project: Sentry > Issue Type: Sub-task > Components: Sentry >Affects Versions: 2.1.0 >Reporter: Na Li >Assignee: Na Li >Priority: Major > Attachments: SENTRY-2244.001.patch, SENTRY-2244.002.patch, > SENTRY-2244.002.patch > > > In alterSentryRoleGrantPrivilegeCore and alterSentryUserGrantPrivilegeCore , > all of the privileges of a role or a user are already fetched from DB. In > following processing, there is no need to query DB to get privilege INSERT, > SELECT, ALL of this role again. -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Commented] (SENTRY-2241) Extend the Sync Listener to pass owner information to sentry server.
[
https://issues.apache.org/jira/browse/SENTRY-2241?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16500229#comment-16500229
]
Hadoop QA commented on SENTRY-2241:
---
Here are the results of testing the latest attachment
https://issues.apache.org/jira/secure/attachment/12926376/SENTRY-2241.001.patch
against master.
{color:red}Overall:{color} -1 due to an error
{color:red}ERROR:{color} failed to apply patch (exit code 1):
error:
a/sentry-binding/sentry-binding-hive/src/main/java/org/apache/sentry/binding/metastore/SentrySyncHMSNotificationsPostEventListener.java:
does not exist in index
error:
a/sentry-binding/sentry-binding-hive/src/test/java/org/apache/sentry/binding/hive/TestSentryHiveAuthorizationTaskFactory.java:
does not exist in index
error:
a/sentry-binding/sentry-binding-hive/src/test/java/org/apache/sentry/binding/metastore/TestSentrySyncHMSNotificationsPostEventListener.java:
does not exist in index
error:
a/sentry-hdfs/sentry-hdfs-service/src/main/java/org/apache/sentry/hdfs/SentryPlugin.java:
does not exist in index
error:
a/sentry-service/sentry-service-api/src/main/java/org/apache/sentry/api/service/thrift/SentryPolicyServiceClient.java:
does not exist in index
error:
a/sentry-service/sentry-service-api/src/main/java/org/apache/sentry/api/service/thrift/SentryPolicyServiceClientDefaultImpl.java:
does not exist in index
error:
a/sentry-service/sentry-service-server/src/main/java/org/apache/sentry/api/service/thrift/SentryPolicyStoreProcessor.java:
does not exist in index
error:
a/sentry-service/sentry-service-server/src/main/java/org/apache/sentry/provider/db/SentryPolicyStorePlugin.java:
does not exist in index
error:
a/sentry-service/sentry-service-server/src/main/java/org/apache/sentry/provider/db/service/persistent/CounterWait.java:
does not exist in index
error:
a/sentry-service/sentry-service-server/src/test/java/org/apache/sentry/api/service/thrift/TestSentryPolicyStoreProcessor.java:
does not exist in index
error: patch failed:
sentry-binding/sentry-binding-hive/src/main/java/org/apache/sentry/binding/metastore/SentrySyncHMSNotificationsPostEventListener.java:78
Falling back to three-way merge...
Applied patch to
'sentry-binding/sentry-binding-hive/src/main/java/org/apache/sentry/binding/metastore/SentrySyncHMSNotificationsPostEventListener.java'
with conflicts.
Going to apply patch with: git apply -p1
error: patch failed:
sentry-binding/sentry-binding-hive/src/main/java/org/apache/sentry/binding/metastore/SentrySyncHMSNotificationsPostEventListener.java:78
Falling back to three-way merge...
Applied patch to
'sentry-binding/sentry-binding-hive/src/main/java/org/apache/sentry/binding/metastore/SentrySyncHMSNotificationsPostEventListener.java'
with conflicts.
U
sentry-binding/sentry-binding-hive/src/main/java/org/apache/sentry/binding/metastore/SentrySyncHMSNotificationsPostEventListener.java
Console output:
https://builds.apache.org/job/PreCommit-SENTRY-Build/3843/console
This message is automatically generated.
> Extend the Sync Listener to pass owner information to sentry server.
>
>
> Key: SENTRY-2241
> URL: https://issues.apache.org/jira/browse/SENTRY-2241
> Project: Sentry
> Issue Type: Sub-task
> Components: Sentry
>Affects Versions: 2.1.0
>Reporter: kalyan kumar kalvagadda
>Assignee: kalyan kumar kalvagadda
>Priority: Major
> Attachments: SENTRY-2241.001.patch, SENTRY-2241.001.patch
>
>
> Sentry has SentrySyncHMSNotificationsPostEventListener which is added a post
> listener in HMS. This listener should be extended to get the owner
> information of tables and databases.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
[jira] [Updated] (SENTRY-2241) Extend the Sync Listener to pass owner information to sentry server.
[ https://issues.apache.org/jira/browse/SENTRY-2241?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] kalyan kumar kalvagadda updated SENTRY-2241: Attachment: SENTRY-2241.001.patch > Extend the Sync Listener to pass owner information to sentry server. > > > Key: SENTRY-2241 > URL: https://issues.apache.org/jira/browse/SENTRY-2241 > Project: Sentry > Issue Type: Sub-task > Components: Sentry >Affects Versions: 2.1.0 >Reporter: kalyan kumar kalvagadda >Assignee: kalyan kumar kalvagadda >Priority: Major > Attachments: SENTRY-2241.001.patch, SENTRY-2241.001.patch > > > Sentry has SentrySyncHMSNotificationsPostEventListener which is added a post > listener in HMS. This listener should be extended to get the owner > information of tables and databases. -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Commented] (SENTRY-2244) Alter sentry role or user at granting privilege can avoid extra query to database
[
https://issues.apache.org/jira/browse/SENTRY-2244?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16499791#comment-16499791
]
Hadoop QA commented on SENTRY-2244:
---
Here are the results of testing the latest attachment
https://issues.apache.org/jira/secure/attachment/12926302/SENTRY-2244.002.patch
against master.
{color:red}Overall:{color} -1 due to 2 errors
{color:red}ERROR:{color} mvn test exited 1
{color:red}ERROR:{color} Failed:
org.apache.sentry.tests.e2e.hdfs.TestHDFSIntegrationAdvanced
Console output:
https://builds.apache.org/job/PreCommit-SENTRY-Build/3842/console
This message is automatically generated.
> Alter sentry role or user at granting privilege can avoid extra query to
> database
> -
>
> Key: SENTRY-2244
> URL: https://issues.apache.org/jira/browse/SENTRY-2244
> Project: Sentry
> Issue Type: Sub-task
> Components: Sentry
>Affects Versions: 2.1.0
>Reporter: Na Li
>Assignee: Na Li
>Priority: Major
> Attachments: SENTRY-2244.001.patch, SENTRY-2244.002.patch
>
>
> In alterSentryRoleGrantPrivilegeCore and alterSentryUserGrantPrivilegeCore ,
> all of the privileges of a role or a user are already fetched from DB. In
> following processing, there is no need to query DB to get privilege INSERT,
> SELECT, ALL of this role again.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
