[jira] [Commented] (SENTRY-2270) Illegal privileges on columns can be granted on Hive
[
https://issues.apache.org/jira/browse/SENTRY-2270?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16511873#comment-16511873
]
Hadoop QA commented on SENTRY-2270:
---
Here are the results of testing the latest attachment
https://issues.apache.org/jira/secure/attachment/12927732/SENTRY-2270.1.patch
against master.
{color:green}Overall:{color} +1 all checks pass
{color:green}SUCCESS:{color} all tests passed
Console output:
https://builds.apache.org/job/PreCommit-SENTRY-Build/3884/console
This message is automatically generated.
> Illegal privileges on columns can be granted on Hive
>
>
> Key: SENTRY-2270
> URL: https://issues.apache.org/jira/browse/SENTRY-2270
> Project: Sentry
> Issue Type: Bug
> Components: Sentry
>Affects Versions: 2.0.0
>Reporter: Sergio Peña
>Assignee: Sergio Peña
>Priority: Major
> Attachments: SENTRY-2270.1.patch
>
>
> It is possible to grant the following privileges on columns in beeline:
> ALTER, CREATE, DROP. However, these privileges have no semantics for a column.
> For ALL, and INSERT, beeline raises an error if the user tries to grant the
> privilege to a column, e.g.:
> {noformat}
> beeline> grant all(fn) on table tbl1 to role r1;
> Error: Error while compiling statement: FAILED: SemanticException Sentry does
> not support privilege: All on Column (state=42000,code=4)
> beeline> grant insert(fn) on table tbl1 to role r1;
> Error: Error while compiling statement: FAILED: SemanticException Sentry does
> not support privilege: Insert on Column (state=42000,code=4)
> {noformat}
> A similar error should be created when granting CREATE, ALTER, and DROP on
> column.
>
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
[jira] [Commented] (SENTRY-2269) Make SentryStore pluggable
[
https://issues.apache.org/jira/browse/SENTRY-2269?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16511809#comment-16511809
]
Fahd Siddiqui commented on SENTRY-2269:
---
[~akolb] - Basically, there are no backward compatibility guarantees on this
interface. The external pluggable implementations of this interface have to
deal with this reality. This is basically the same as HMS's RawStore pattern.
This doesn't mean it can't be better in a follow on change. We should think
about looking at the interface and breaking it up in some fashion that makes
sense for maintainability. But, that is a design exercise of its own, and
should be done separate to this change (hopefully soon).
Just to be sure, I am assuming when you say "modify the API", you mean modify
the SentryStoreInterface. Sure, devs will want to do that, and as I said there
is no backward compatibility guarantee to this interface. The pluggable
implementations would have to upgrade with each breaking version.
> Make SentryStore pluggable
> --
>
> Key: SENTRY-2269
> URL: https://issues.apache.org/jira/browse/SENTRY-2269
> Project: Sentry
> Issue Type: Improvement
> Components: sentrystore
>Affects Versions: 2.1.0
>Reporter: Fahd Siddiqui
>Assignee: Fahd Siddiqui
>Priority: Major
> Attachments: SENTRY-2269.1.patch
>
>
> Make SentryStore pluggable so a different implementation can be plugged in at
> run-time using a config property ("sentry.service.sentrystore"), similar to
> what we have for processor factories.
> This would entail extracting all public methods of SentryStore to a
> SentryStoreInterface and converting all call sites to program to the
> interface.
> It will default to the existing SentryStore.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
[jira] [Commented] (SENTRY-2224) Support SHOW GRANT on HIVE_OBJECT
[
https://issues.apache.org/jira/browse/SENTRY-2224?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16511802#comment-16511802
]
Hadoop QA commented on SENTRY-2224:
---
Here are the results of testing the latest attachment
https://issues.apache.org/jira/secure/attachment/12927728/SENTRY-2224.04.patch
against master.
{color:red}Overall:{color} -1 due to 2 errors
{color:red}ERROR:{color} mvn test exited 1
{color:red}ERROR:{color} Failed:
org.apache.sentry.api.service.thrift.TestSentryWebServiceForAuthTypeNone
Console output:
https://builds.apache.org/job/PreCommit-SENTRY-Build/3885/console
This message is automatically generated.
> Support SHOW GRANT on HIVE_OBJECT
> -
>
> Key: SENTRY-2224
> URL: https://issues.apache.org/jira/browse/SENTRY-2224
> Project: Sentry
> Issue Type: Sub-task
>Reporter: Arjun Mishra
>Assignee: Arjun Mishra
>Priority: Major
> Attachments: SENTRY-2224.002.patch, SENTRY-2224.01.patch,
> SENTRY-2224.02.patch, SENTRY-2224.03.patch, SENTRY-2224.04.patch
>
>
> Currently Sentry doesn't support Hive command to show privileges on
> authorizables without mentioning any role or user name
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
[jira] [Commented] (SENTRY-2269) Make SentryStore pluggable
[
https://issues.apache.org/jira/browse/SENTRY-2269?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16511764#comment-16511764
]
Hadoop QA commented on SENTRY-2269:
---
Here are the results of testing the latest attachment
https://issues.apache.org/jira/secure/attachment/12927716/SENTRY-2269.1.patch
against master.
{color:green}Overall:{color} +1 all checks pass
{color:green}SUCCESS:{color} all tests passed
Console output:
https://builds.apache.org/job/PreCommit-SENTRY-Build/3883/console
This message is automatically generated.
> Make SentryStore pluggable
> --
>
> Key: SENTRY-2269
> URL: https://issues.apache.org/jira/browse/SENTRY-2269
> Project: Sentry
> Issue Type: Improvement
> Components: sentrystore
>Affects Versions: 2.1.0
>Reporter: Fahd Siddiqui
>Assignee: Fahd Siddiqui
>Priority: Major
> Attachments: SENTRY-2269.1.patch
>
>
> Make SentryStore pluggable so a different implementation can be plugged in at
> run-time using a config property ("sentry.service.sentrystore"), similar to
> what we have for processor factories.
> This would entail extracting all public methods of SentryStore to a
> SentryStoreInterface and converting all call sites to program to the
> interface.
> It will default to the existing SentryStore.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
[jira] [Commented] (SENTRY-2224) Support SHOW GRANT on HIVE_OBJECT
[ https://issues.apache.org/jira/browse/SENTRY-2224?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16511749#comment-16511749 ] Arjun Mishra commented on SENTRY-2224: -- Yeah a new SENTRY-2224.04 patch has been attached > Support SHOW GRANT on HIVE_OBJECT > - > > Key: SENTRY-2224 > URL: https://issues.apache.org/jira/browse/SENTRY-2224 > Project: Sentry > Issue Type: Sub-task >Reporter: Arjun Mishra >Assignee: Arjun Mishra >Priority: Major > Attachments: SENTRY-2224.002.patch, SENTRY-2224.01.patch, > SENTRY-2224.02.patch, SENTRY-2224.03.patch, SENTRY-2224.04.patch > > > Currently Sentry doesn't support Hive command to show privileges on > authorizables without mentioning any role or user name -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Comment Edited] (SENTRY-2224) Support SHOW GRANT on HIVE_OBJECT
[ https://issues.apache.org/jira/browse/SENTRY-2224?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16511749#comment-16511749 ] Arjun Mishra edited comment on SENTRY-2224 at 6/13/18 10:51 PM: [~spena] Yeah a new SENTRY-2224.04 patch has been attached was (Author: arjunmishra13): Yeah a new SENTRY-2224.04 patch has been attached > Support SHOW GRANT on HIVE_OBJECT > - > > Key: SENTRY-2224 > URL: https://issues.apache.org/jira/browse/SENTRY-2224 > Project: Sentry > Issue Type: Sub-task >Reporter: Arjun Mishra >Assignee: Arjun Mishra >Priority: Major > Attachments: SENTRY-2224.002.patch, SENTRY-2224.01.patch, > SENTRY-2224.02.patch, SENTRY-2224.03.patch, SENTRY-2224.04.patch > > > Currently Sentry doesn't support Hive command to show privileges on > authorizables without mentioning any role or user name -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Updated] (SENTRY-2270) Illegal privileges on columns can be granted on Hive
[
https://issues.apache.org/jira/browse/SENTRY-2270?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Sergio Peña updated SENTRY-2270:
Attachment: SENTRY-2270.1.patch
> Illegal privileges on columns can be granted on Hive
>
>
> Key: SENTRY-2270
> URL: https://issues.apache.org/jira/browse/SENTRY-2270
> Project: Sentry
> Issue Type: Bug
> Components: Sentry
>Affects Versions: 2.0.0
>Reporter: Sergio Peña
>Priority: Major
> Attachments: SENTRY-2270.1.patch
>
>
> It is possible to grant the following privileges on columns in beeline:
> ALTER, CREATE, DROP. However, these privileges have no semantics for a column.
> For ALL, and INSERT, beeline raises an error if the user tries to grant the
> privilege to a column, e.g.:
> {noformat}
> beeline> grant all(fn) on table tbl1 to role r1;
> Error: Error while compiling statement: FAILED: SemanticException Sentry does
> not support privilege: All on Column (state=42000,code=4)
> beeline> grant insert(fn) on table tbl1 to role r1;
> Error: Error while compiling statement: FAILED: SemanticException Sentry does
> not support privilege: Insert on Column (state=42000,code=4)
> {noformat}
> A similar error should be created when granting CREATE, ALTER, and DROP on
> column.
>
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
[jira] [Updated] (SENTRY-2270) Illegal privileges on columns can be granted on Hive
[
https://issues.apache.org/jira/browse/SENTRY-2270?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Sergio Peña updated SENTRY-2270:
Assignee: Sergio Peña
Status: Patch Available (was: Open)
> Illegal privileges on columns can be granted on Hive
>
>
> Key: SENTRY-2270
> URL: https://issues.apache.org/jira/browse/SENTRY-2270
> Project: Sentry
> Issue Type: Bug
> Components: Sentry
>Affects Versions: 2.0.0
>Reporter: Sergio Peña
>Assignee: Sergio Peña
>Priority: Major
> Attachments: SENTRY-2270.1.patch
>
>
> It is possible to grant the following privileges on columns in beeline:
> ALTER, CREATE, DROP. However, these privileges have no semantics for a column.
> For ALL, and INSERT, beeline raises an error if the user tries to grant the
> privilege to a column, e.g.:
> {noformat}
> beeline> grant all(fn) on table tbl1 to role r1;
> Error: Error while compiling statement: FAILED: SemanticException Sentry does
> not support privilege: All on Column (state=42000,code=4)
> beeline> grant insert(fn) on table tbl1 to role r1;
> Error: Error while compiling statement: FAILED: SemanticException Sentry does
> not support privilege: Insert on Column (state=42000,code=4)
> {noformat}
> A similar error should be created when granting CREATE, ALTER, and DROP on
> column.
>
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
[jira] [Created] (SENTRY-2270) Illegal privileges on columns can be granted on Hive
Sergio Peña created SENTRY-2270:
---
Summary: Illegal privileges on columns can be granted on Hive
Key: SENTRY-2270
URL: https://issues.apache.org/jira/browse/SENTRY-2270
Project: Sentry
Issue Type: Bug
Components: Sentry
Affects Versions: 2.0.0
Reporter: Sergio Peña
It is possible to grant the following privileges on columns in beeline: ALTER,
CREATE, DROP. However, these privileges have no semantics for a column.
For ALL, and INSERT, beeline raises an error if the user tries to grant the
privilege to a column, e.g.:
{noformat}
beeline> grant all(fn) on table tbl1 to role r1;
Error: Error while compiling statement: FAILED: SemanticException Sentry does
not support privilege: All on Column (state=42000,code=4)
beeline> grant insert(fn) on table tbl1 to role r1;
Error: Error while compiling statement: FAILED: SemanticException Sentry does
not support privilege: Insert on Column (state=42000,code=4)
{noformat}
A similar error should be created when granting CREATE, ALTER, and DROP on
column.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
[jira] [Commented] (SENTRY-2269) Make SentryStore pluggable
[
https://issues.apache.org/jira/browse/SENTRY-2269?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16511732#comment-16511732
]
Fahd Siddiqui commented on SENTRY-2269:
---
[~akolb] cc. [~spena] - The use case is that one may want to have an
implementation of SentryStore to store the data in a shared environment or
proxy the calls to a cloud service instead of a database for persistence. I
don't have a use case for other components, but they can. Can you explain
"stability levels of SentryStore interfaces"? If you mean pinning it down, then
this change doesn't make any claims about that. It only concerns itself by
making it a pluggable interface. SentryStoreInterface can be refactored later
if it is deemed necessary.
I don't intend to include an alternative implementation to Sentry, since it
will be a pluggable implementation separate from Sentry code base.
> Make SentryStore pluggable
> --
>
> Key: SENTRY-2269
> URL: https://issues.apache.org/jira/browse/SENTRY-2269
> Project: Sentry
> Issue Type: Improvement
> Components: sentrystore
>Affects Versions: 2.1.0
>Reporter: Fahd Siddiqui
>Assignee: Fahd Siddiqui
>Priority: Major
> Attachments: SENTRY-2269.1.patch
>
>
> Make SentryStore pluggable so a different implementation can be plugged in at
> run-time using a config property ("sentry.service.sentrystore"), similar to
> what we have for processor factories.
> This would entail extracting all public methods of SentryStore to a
> SentryStoreInterface and converting all call sites to program to the
> interface.
> It will default to the existing SentryStore.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
[jira] [Updated] (SENTRY-2224) Support SHOW GRANT on HIVE_OBJECT
[ https://issues.apache.org/jira/browse/SENTRY-2224?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Arjun Mishra updated SENTRY-2224: - Attachment: SENTRY-2224.04.patch > Support SHOW GRANT on HIVE_OBJECT > - > > Key: SENTRY-2224 > URL: https://issues.apache.org/jira/browse/SENTRY-2224 > Project: Sentry > Issue Type: Sub-task >Reporter: Arjun Mishra >Assignee: Arjun Mishra >Priority: Major > Attachments: SENTRY-2224.002.patch, SENTRY-2224.01.patch, > SENTRY-2224.02.patch, SENTRY-2224.03.patch, SENTRY-2224.04.patch > > > Currently Sentry doesn't support Hive command to show privileges on > authorizables without mentioning any role or user name -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Commented] (SENTRY-2269) Make SentryStore pluggable
[
https://issues.apache.org/jira/browse/SENTRY-2269?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16511717#comment-16511717
]
kalyan kumar kalvagadda commented on SENTRY-2269:
-
[~akolb] Currently SentryStore is the only backend store implementation for
sentry server but making it configurable might be good idea and would open
options for implementing alternate implementations in future.
> Make SentryStore pluggable
> --
>
> Key: SENTRY-2269
> URL: https://issues.apache.org/jira/browse/SENTRY-2269
> Project: Sentry
> Issue Type: Improvement
> Components: sentrystore
>Affects Versions: 2.1.0
>Reporter: Fahd Siddiqui
>Assignee: Fahd Siddiqui
>Priority: Major
> Attachments: SENTRY-2269.1.patch
>
>
> Make SentryStore pluggable so a different implementation can be plugged in at
> run-time using a config property ("sentry.service.sentrystore"), similar to
> what we have for processor factories.
> This would entail extracting all public methods of SentryStore to a
> SentryStoreInterface and converting all call sites to program to the
> interface.
> It will default to the existing SentryStore.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
[jira] [Updated] (SENTRY-2269) Make SentryStore pluggable
[
https://issues.apache.org/jira/browse/SENTRY-2269?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Fahd Siddiqui updated SENTRY-2269:
--
Attachment: SENTRY-2269.1.patch
Status: Patch Available (was: Open)
> Make SentryStore pluggable
> --
>
> Key: SENTRY-2269
> URL: https://issues.apache.org/jira/browse/SENTRY-2269
> Project: Sentry
> Issue Type: Improvement
> Components: sentrystore
>Affects Versions: 2.1.0
>Reporter: Fahd Siddiqui
>Assignee: Fahd Siddiqui
>Priority: Major
> Attachments: SENTRY-2269.1.patch
>
>
> Make SentryStore pluggable so a different implementation can be plugged in at
> run-time using a config property ("sentry.service.sentrystore"), similar to
> what we have for processor factories.
> This would entail extracting all public methods of SentryStore to a
> SentryStoreInterface and converting all call sites to program to the
> interface.
> It will default to the existing SentryStore.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
[jira] [Commented] (SENTRY-2269) Make SentryStore pluggable
[
https://issues.apache.org/jira/browse/SENTRY-2269?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16511669#comment-16511669
]
Alexander Kolbasov commented on SENTRY-2269:
Can you explain why this is a useful feature? What is the use case? Do you
envision other components writing different implementations? Does this affect
stability levels of SentryStore interfaces? Do you intend to include
alternative implementation in a later commit?
> Make SentryStore pluggable
> --
>
> Key: SENTRY-2269
> URL: https://issues.apache.org/jira/browse/SENTRY-2269
> Project: Sentry
> Issue Type: Improvement
> Components: sentrystore
>Affects Versions: 2.1.0
>Reporter: Fahd Siddiqui
>Assignee: Fahd Siddiqui
>Priority: Major
> Attachments: SENTRY-2269.1.patch
>
>
> Make SentryStore pluggable so a different implementation can be plugged in at
> run-time using a config property ("sentry.service.sentrystore"), similar to
> what we have for processor factories.
> This would entail extracting all public methods of SentryStore to a
> SentryStoreInterface and converting all call sites to program to the
> interface.
> It will default to the existing SentryStore.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
[jira] [Updated] (SENTRY-2269) Make SentryStore pluggable
[
https://issues.apache.org/jira/browse/SENTRY-2269?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Fahd Siddiqui updated SENTRY-2269:
--
Attachment: (was: SENTRY-2269.1.patch)
> Make SentryStore pluggable
> --
>
> Key: SENTRY-2269
> URL: https://issues.apache.org/jira/browse/SENTRY-2269
> Project: Sentry
> Issue Type: Improvement
> Components: sentrystore
>Affects Versions: 2.1.0
>Reporter: Fahd Siddiqui
>Assignee: Fahd Siddiqui
>Priority: Major
>
> Make SentryStore pluggable so a different implementation can be plugged in at
> run-time using a config property ("sentry.service.sentrystore"), similar to
> what we have for processor factories.
> This would entail extracting all public methods of SentryStore to a
> SentryStoreInterface and converting all call sites to program to the
> interface.
> It will default to the existing SentryStore.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
[jira] [Updated] (SENTRY-2269) Make SentryStore pluggable
[
https://issues.apache.org/jira/browse/SENTRY-2269?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Fahd Siddiqui updated SENTRY-2269:
--
Attachment: SENTRY-2269.1.patch
> Make SentryStore pluggable
> --
>
> Key: SENTRY-2269
> URL: https://issues.apache.org/jira/browse/SENTRY-2269
> Project: Sentry
> Issue Type: Improvement
> Components: sentrystore
>Affects Versions: 2.1.0
>Reporter: Fahd Siddiqui
>Assignee: Fahd Siddiqui
>Priority: Major
>
> Make SentryStore pluggable so a different implementation can be plugged in at
> run-time using a config property ("sentry.service.sentrystore"), similar to
> what we have for processor factories.
> This would entail extracting all public methods of SentryStore to a
> SentryStoreInterface and converting all call sites to program to the
> interface.
> It will default to the existing SentryStore.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
[jira] [Updated] (SENTRY-2269) Make SentryStore pluggable
[
https://issues.apache.org/jira/browse/SENTRY-2269?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Fahd Siddiqui updated SENTRY-2269:
--
Attachment: (was: SENTRY-2269.1.patch)
> Make SentryStore pluggable
> --
>
> Key: SENTRY-2269
> URL: https://issues.apache.org/jira/browse/SENTRY-2269
> Project: Sentry
> Issue Type: Improvement
> Components: sentrystore
>Affects Versions: 2.1.0
>Reporter: Fahd Siddiqui
>Assignee: Fahd Siddiqui
>Priority: Major
>
> Make SentryStore pluggable so a different implementation can be plugged in at
> run-time using a config property ("sentry.service.sentrystore"), similar to
> what we have for processor factories.
> This would entail extracting all public methods of SentryStore to a
> SentryStoreInterface and converting all call sites to program to the
> interface.
> It will default to the existing SentryStore.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
[jira] [Updated] (SENTRY-2269) Make SentryStore pluggable
[
https://issues.apache.org/jira/browse/SENTRY-2269?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Fahd Siddiqui updated SENTRY-2269:
--
Status: Open (was: Patch Available)
> Make SentryStore pluggable
> --
>
> Key: SENTRY-2269
> URL: https://issues.apache.org/jira/browse/SENTRY-2269
> Project: Sentry
> Issue Type: Improvement
> Components: sentrystore
>Affects Versions: 2.1.0
>Reporter: Fahd Siddiqui
>Assignee: Fahd Siddiqui
>Priority: Major
>
> Make SentryStore pluggable so a different implementation can be plugged in at
> run-time using a config property ("sentry.service.sentrystore"), similar to
> what we have for processor factories.
> This would entail extracting all public methods of SentryStore to a
> SentryStoreInterface and converting all call sites to program to the
> interface.
> It will default to the existing SentryStore.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
[jira] [Commented] (SENTRY-2269) Make SentryStore pluggable
[
https://issues.apache.org/jira/browse/SENTRY-2269?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16511649#comment-16511649
]
Hadoop QA commented on SENTRY-2269:
---
Here are the results of testing the latest attachment
https://issues.apache.org/jira/secure/attachment/12927684/SENTRY-2269.1.patch
against master.
{color:red}Overall:{color} -1 due to 7 errors
{color:red}ERROR:{color} mvn test exited 1
{color:red}ERROR:{color} Failed:
org.apache.sentry.tests.e2e.dbprovider.TestHmsNotificationProcessingWithOutHdfsSync
{color:red}ERROR:{color} Failed:
org.apache.sentry.tests.e2e.dbprovider.TestHmsNotificationProcessingWithOutHdfsSync
{color:red}ERROR:{color} Failed:
org.apache.sentry.tests.e2e.dbprovider.TestDbPrivilegeCleanupOnDrop
{color:red}ERROR:{color} Failed:
org.apache.sentry.tests.e2e.dbprovider.TestHmsNotificationProcessingWithOutSyncOnDrop
{color:red}ERROR:{color} Failed:
org.apache.sentry.tests.e2e.hdfs.TestHDFSIntegrationTogglingConf
{color:red}ERROR:{color} Failed:
org.apache.sentry.tests.e2e.dbprovider.TestHmsNotificationProcessingWithOutSyncOnCreate
Console output:
https://builds.apache.org/job/PreCommit-SENTRY-Build/3882/console
This message is automatically generated.
> Make SentryStore pluggable
> --
>
> Key: SENTRY-2269
> URL: https://issues.apache.org/jira/browse/SENTRY-2269
> Project: Sentry
> Issue Type: Improvement
> Components: sentrystore
>Affects Versions: 2.1.0
>Reporter: Fahd Siddiqui
>Assignee: Fahd Siddiqui
>Priority: Major
> Attachments: SENTRY-2269.1.patch
>
>
> Make SentryStore pluggable so a different implementation can be plugged in at
> run-time using a config property ("sentry.service.sentrystore"), similar to
> what we have for processor factories.
> This would entail extracting all public methods of SentryStore to a
> SentryStoreInterface and converting all call sites to program to the
> interface.
> It will default to the existing SentryStore.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
[jira] [Commented] (SENTRY-2224) Support SHOW GRANT on HIVE_OBJECT
[ https://issues.apache.org/jira/browse/SENTRY-2224?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16511596#comment-16511596 ] Sergio Peña commented on SENTRY-2224: - [~arjunmishra13] I think you should rebase this patch. I tried to apply it but it fails. > Support SHOW GRANT on HIVE_OBJECT > - > > Key: SENTRY-2224 > URL: https://issues.apache.org/jira/browse/SENTRY-2224 > Project: Sentry > Issue Type: Sub-task >Reporter: Arjun Mishra >Assignee: Arjun Mishra >Priority: Major > Attachments: SENTRY-2224.002.patch, SENTRY-2224.01.patch, > SENTRY-2224.02.patch, SENTRY-2224.03.patch > > > Currently Sentry doesn't support Hive command to show privileges on > authorizables without mentioning any role or user name -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Updated] (SENTRY-2269) Make SentryStore pluggable
[
https://issues.apache.org/jira/browse/SENTRY-2269?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Fahd Siddiqui updated SENTRY-2269:
--
Fix Version/s: (was: 2.1.0)
Affects Version/s: (was: 1.8.0)
2.1.0
Attachment: SENTRY-2269.1.patch
Status: Patch Available (was: In Progress)
> Make SentryStore pluggable
> --
>
> Key: SENTRY-2269
> URL: https://issues.apache.org/jira/browse/SENTRY-2269
> Project: Sentry
> Issue Type: Improvement
> Components: sentrystore
>Affects Versions: 2.1.0
>Reporter: Fahd Siddiqui
>Assignee: Fahd Siddiqui
>Priority: Major
> Attachments: SENTRY-2269.1.patch
>
>
> Make SentryStore pluggable so a different implementation can be plugged in at
> run-time using a config property ("sentry.service.sentrystore"), similar to
> what we have for processor factories.
> This would entail extracting all public methods of SentryStore to a
> SentryStoreInterface and converting all call sites to program to the
> interface.
> It will default to the existing SentryStore.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
[jira] [Commented] (SENTRY-2264) It is possible to elevate privileges from DROP using alter table rename
[ https://issues.apache.org/jira/browse/SENTRY-2264?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16511447#comment-16511447 ] Sergio Peña commented on SENTRY-2264: - The ALTER privilege is also required in the source table as it is the action the user is doing ALTER TABLE. We don't have a DELETE privilege yet, so should we treat this case as the user requires ALL privileges in the source table instead? Why is the ALTER privilege required on the destination? Is the INSERT on the database needed? This means the user won't be able to move tables between databases they have CREATE privileges. The CREATE comes with OWNER privileges, so the user will end up having ALL privileges in the table anyway. Which brings an interesting question, if I have ALL privileges (but not ownership) and I move the table, then I will transfer the ownership to me. We need to check if HMS generates only an ALTER operation in this cases of if it generates DROP and CREATE events which will complicate things. If ownership is disabled, then If the user has ALL privileges in the source table, then when moving the table those privileges will be moved so the user will have ALL privileges in the destination table. > It is possible to elevate privileges from DROP using alter table rename > --- > > Key: SENTRY-2264 > URL: https://issues.apache.org/jira/browse/SENTRY-2264 > Project: Sentry > Issue Type: Bug > Components: Sentry >Affects Versions: 2.1.0 >Reporter: Na Li >Assignee: Na Li >Priority: Major > Attachments: SENTRY-2264.001.patch, SENTRY-2264.002.patch > > > After introducing FGP, a user with only DROP on a database db1 and at least > CREATE on db2 can run ALTER TABLE RENAME db1.table1 db2.table2, and thus > elevate their privileges. > To reproduce: > As admin (e.g. hive): > 1. Create db1, db1.table1, db2, role r1. > 2. Grant DROP on db1 to role r1. > 3. Grant ALL on db2 to role r1 > 4. Grant role r1 to user testuser1. > As testuser1: > 1. use db1; alter table db1.table1 rename to db2.table1 > 2. select * from db2. table1 > Result: the select command succeeds. > Desired behavior: > we should at least require following privileges to execute the table rename > command: > table level "SELECT" and database level "DELECT" at source > database level "CREATE" at destination. > The reason we don't require "alter, insert" for destination DB is that > "alter" and "insert" is table level privileges and when "alter table rename" > command is executed, there is no table in destination DB. So we cannot > enforce these table level privileges. Therefore the only change is add > table-level "select" privilege in required input privileges -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Created] (SENTRY-2269) Make SentryStore pluggable
Fahd Siddiqui created SENTRY-2269:
-
Summary: Make SentryStore pluggable
Key: SENTRY-2269
URL: https://issues.apache.org/jira/browse/SENTRY-2269
Project: Sentry
Issue Type: Improvement
Components: sentrystore
Affects Versions: 1.8.0
Reporter: Fahd Siddiqui
Assignee: Fahd Siddiqui
Fix For: 2.1.0
Make SentryStore pluggable so a different implementation can be plugged in at
run-time using a config property ("sentry.service.sentrystore"), similar to
what we have for processor factories.
This would entail extracting all public methods of SentryStore to a
SentryStoreInterface and converting all call sites to program to the interface.
It will default to the existing SentryStore.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
[jira] [Commented] (SENTRY-2241) Extend the Sync Listener to pass owner information to sentry server.
[
https://issues.apache.org/jira/browse/SENTRY-2241?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16511435#comment-16511435
]
Hadoop QA commented on SENTRY-2241:
---
Here are the results of testing the latest attachment
https://issues.apache.org/jira/secure/attachment/12927668/SENTRY-2241.004.patch
against master.
{color:green}Overall:{color} +1 all checks pass
{color:green}SUCCESS:{color} all tests passed
Console output:
https://builds.apache.org/job/PreCommit-SENTRY-Build/3881/console
This message is automatically generated.
> Extend the Sync Listener to pass owner information to sentry server.
>
>
> Key: SENTRY-2241
> URL: https://issues.apache.org/jira/browse/SENTRY-2241
> Project: Sentry
> Issue Type: Sub-task
> Components: Sentry
>Affects Versions: 2.1.0
>Reporter: kalyan kumar kalvagadda
>Assignee: kalyan kumar kalvagadda
>Priority: Major
> Attachments: SENTRY-2241.001.patch, SENTRY-2241.004.patch
>
>
> Sentry has SentrySyncHMSNotificationsPostEventListener which is added a post
> listener in HMS. This listener should be extended to get the owner
> information of tables and databases.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
[jira] [Updated] (SENTRY-2241) Extend the Sync Listener to pass owner information to sentry server.
[ https://issues.apache.org/jira/browse/SENTRY-2241?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] kalyan kumar kalvagadda updated SENTRY-2241: Attachment: SENTRY-2241.004.patch > Extend the Sync Listener to pass owner information to sentry server. > > > Key: SENTRY-2241 > URL: https://issues.apache.org/jira/browse/SENTRY-2241 > Project: Sentry > Issue Type: Sub-task > Components: Sentry >Affects Versions: 2.1.0 >Reporter: kalyan kumar kalvagadda >Assignee: kalyan kumar kalvagadda >Priority: Major > Attachments: SENTRY-2241.001.patch, SENTRY-2241.004.patch > > > Sentry has SentrySyncHMSNotificationsPostEventListener which is added a post > listener in HMS. This listener should be extended to get the owner > information of tables and databases. -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Updated] (SENTRY-2241) Extend the Sync Listener to pass owner information to sentry server.
[ https://issues.apache.org/jira/browse/SENTRY-2241?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] kalyan kumar kalvagadda updated SENTRY-2241: Attachment: (was: SENTRY-2241.004.patch) > Extend the Sync Listener to pass owner information to sentry server. > > > Key: SENTRY-2241 > URL: https://issues.apache.org/jira/browse/SENTRY-2241 > Project: Sentry > Issue Type: Sub-task > Components: Sentry >Affects Versions: 2.1.0 >Reporter: kalyan kumar kalvagadda >Assignee: kalyan kumar kalvagadda >Priority: Major > Attachments: SENTRY-2241.001.patch, SENTRY-2241.004.patch > > > Sentry has SentrySyncHMSNotificationsPostEventListener which is added a post > listener in HMS. This listener should be extended to get the owner > information of tables and databases. -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Updated] (SENTRY-2267) Listing user privileges fails because roleName field is required on Thrift
[ https://issues.apache.org/jira/browse/SENTRY-2267?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Sergio Peña updated SENTRY-2267: Resolution: Fixed Fix Version/s: 2.1.0 Status: Resolved (was: Patch Available) > Listing user privileges fails because roleName field is required on Thrift > -- > > Key: SENTRY-2267 > URL: https://issues.apache.org/jira/browse/SENTRY-2267 > Project: Sentry > Issue Type: Bug > Components: Sentry >Reporter: Sergio Peña >Assignee: Sergio Peña >Priority: Major > Fix For: 2.1.0 > > Attachments: SENTRY-2267.1.patch > > > The SHOW GRANT USER is failing because the Thrift API requires the roleName > field. -- This message was sent by Atlassian JIRA (v7.6.3#76005)
