[jira] [Commented] (SENTRY-498) Sentry integration with Hive authorization framework V2

Hadoop QA (JIRA) Thu, 29 Oct 2015 22:27:54 -0700

    [ 
https://issues.apache.org/jira/browse/SENTRY-498?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14981937#comment-14981937
 ]


Hadoop QA commented on SENTRY-498:
----------------------------------

Here are the results of testing the latest attachment
https://issues.apache.org/jira/secure/attachment/12769690/SENTRY-498.008-hive_plugin_v2.patch
 against hive_plugin_v2.

{color:red}Overall:{color} -1 due to 45 errors

{color:red}ERROR:{color} mvn test exited 1
{color:red}ERROR:{color} Failed: 
org.apache.sentry.tests.e2e.dbprovider.TestDbPrivilegeCleanupOnDrop
{color:red}ERROR:{color} Failed: 
org.apache.sentry.tests.e2e.dbprovider.TestDbPrivilegeCleanupOnDrop
{color:red}ERROR:{color} Failed: org.apache.sentry.tests.e2e.hive.TestSandboxOps
{color:red}ERROR:{color} Failed: 
org.apache.sentry.tests.e2e.dbprovider.TestColumnEndToEnd
{color:red}ERROR:{color} Failed: 
org.apache.sentry.tests.e2e.dbprovider.TestDbMetadataObjectRetrieval
{color:red}ERROR:{color} Failed: 
org.apache.sentry.tests.e2e.dbprovider.TestDbMetadataObjectRetrieval
{color:red}ERROR:{color} Failed: 
org.apache.sentry.tests.e2e.dbprovider.TestDbMetadataObjectRetrieval
{color:red}ERROR:{color} Failed: 
org.apache.sentry.tests.e2e.hive.TestMetadataObjectRetrieval
{color:red}ERROR:{color} Failed: 
org.apache.sentry.tests.e2e.hive.TestMetadataObjectRetrieval
{color:red}ERROR:{color} Failed: 
org.apache.sentry.tests.e2e.hive.TestMetadataObjectRetrieval
{color:red}ERROR:{color} Failed: org.apache.sentry.tests.e2e.hive.TestOperations
{color:red}ERROR:{color} Failed: org.apache.sentry.tests.e2e.hive.TestOperations
{color:red}ERROR:{color} Failed: org.apache.sentry.tests.e2e.hive.TestOperations
{color:red}ERROR:{color} Failed: org.apache.sentry.tests.e2e.hive.TestOperations
{color:red}ERROR:{color} Failed: org.apache.sentry.tests.e2e.hive.TestOperations
{color:red}ERROR:{color} Failed: 
org.apache.sentry.tests.e2e.hive.TestLockPrivileges
{color:red}ERROR:{color} Failed: 
org.apache.sentry.tests.e2e.hive.TestLockPrivileges
{color:red}ERROR:{color} Failed: 
org.apache.sentry.tests.e2e.dbprovider.TestDbExportImportPrivileges
{color:red}ERROR:{color} Failed: 
org.apache.sentry.tests.e2e.hive.TestPrivilegesAtColumnScope
{color:red}ERROR:{color} Failed: 
org.apache.sentry.tests.e2e.hive.TestPrivilegesAtColumnScope
{color:red}ERROR:{color} Failed: 
org.apache.sentry.tests.e2e.hive.TestPrivilegesAtColumnScope
{color:red}ERROR:{color} Failed: 
org.apache.sentry.tests.e2e.hive.TestPrivilegesAtColumnScope
{color:red}ERROR:{color} Failed: 
org.apache.sentry.tests.e2e.hive.TestPrivilegesAtColumnScope
{color:red}ERROR:{color} Failed: 
org.apache.sentry.tests.e2e.hive.TestPrivilegesAtColumnScope
{color:red}ERROR:{color} Failed: 
org.apache.sentry.tests.e2e.dbprovider.TestDbOperations
{color:red}ERROR:{color} Failed: 
org.apache.sentry.tests.e2e.dbprovider.TestDbOperations
{color:red}ERROR:{color} Failed: 
org.apache.sentry.tests.e2e.dbprovider.TestDbOperations
{color:red}ERROR:{color} Failed: 
org.apache.sentry.tests.e2e.dbprovider.TestDbOperations
{color:red}ERROR:{color} Failed: 
org.apache.sentry.tests.e2e.dbprovider.TestDbOperations
{color:red}ERROR:{color} Failed: 
org.apache.sentry.tests.e2e.hive.TestExportImportPrivileges
{color:red}ERROR:{color} Failed: 
org.apache.sentry.tests.e2e.dbprovider.TestDbConnections
{color:red}ERROR:{color} Failed: 
org.apache.sentry.tests.e2e.dbprovider.TestDbUriPermissions
{color:red}ERROR:{color} Failed: 
org.apache.sentry.tests.e2e.dbprovider.TestDbSandboxOps
{color:red}ERROR:{color} Failed: 
org.apache.sentry.tests.e2e.dbprovider.TestDbPrivilegesAtDatabaseScope
{color:red}ERROR:{color} Failed: 
org.apache.sentry.tests.e2e.dbprovider.TestDbPrivilegesAtDatabaseScope
{color:red}ERROR:{color} Failed: 
org.apache.sentry.tests.e2e.dbprovider.TestDbPrivilegesAtColumnScope
{color:red}ERROR:{color} Failed: 
org.apache.sentry.tests.e2e.dbprovider.TestDbPrivilegesAtColumnScope
{color:red}ERROR:{color} Failed: 
org.apache.sentry.tests.e2e.dbprovider.TestDbPrivilegesAtColumnScope
{color:red}ERROR:{color} Failed: 
org.apache.sentry.tests.e2e.dbprovider.TestDbPrivilegesAtColumnScope
{color:red}ERROR:{color} Failed: 
org.apache.sentry.tests.e2e.dbprovider.TestDbPrivilegesAtColumnScope
{color:red}ERROR:{color} Failed: 
org.apache.sentry.tests.e2e.dbprovider.TestDbPrivilegesAtColumnScope
{color:red}ERROR:{color} Failed: 
org.apache.sentry.tests.e2e.hive.TestPrivilegesAtDatabaseScope
{color:red}ERROR:{color} Failed: 
org.apache.sentry.tests.e2e.hive.TestPrivilegesAtDatabaseScope
{color:red}ERROR:{color} Failed: 
org.apache.sentry.tests.e2e.hive.TestUriPermissions

Console output: https://builds.apache.org/job/PreCommit-SENTRY-Build/936/console

This message is automatically generated.

> Sentry integration with Hive authorization framework V2 
> --------------------------------------------------------
>
>                 Key: SENTRY-498
>                 URL: https://issues.apache.org/jira/browse/SENTRY-498
>             Project: Sentry
>          Issue Type: New Feature
>            Reporter: Xiaomeng Huang
>            Assignee: Dapeng Sun
>              Labels: roadmap
>         Attachments: SENTRY-498.003.patch, 
> SENTRY-498.004-hive_plugin_v2.patch, SENTRY-498.005-hive_plugin_v2.patch, 
> SENTRY-498.007-hive_plugin_v2.patch, SENTRY-498.008-hive_plugin_v2.patch
>
>
> Currently Sentry grant/revoke privileges via hook DDLTask, and do 
> authorization via HiveSemanticAnalyzerHook. Now hive has a pluggable 
> authorization framework via exposing some interfaces HiveAccessController and 
> HiveAuthorizationValidator. HiveAccessController is used to grant/revoke 
> roles and privileges. HiveAuthorizationValidator is used to do fine-grained 
> authorization. 
> Advantages to use this framework to grant/revoke privileges and do 
> authorization:
> - This framework is very convenient to use by external authorization system. 
> - Using this framework will be better accepted by community.
> - We don't need to take efforts to add so many hooks. 
> - Some hooks has limitations. e.g. For column level security, we can't get 
> accessed cloumns from query via HiveSemanticAnalyzerHook, so I extend the 
> readEntity to put accessed columns into it(HIVE-7730). But if we use this 
> framework, we don't need to extend the readEntity, we can just get accessed 
> columns from ColumnAccessInfo directly. 
> I will not remove the old sentry authorization framework, I will just add a 
> new authorizationV2 via implement Hive authorization framework. If all the 
> e2e tests passed, we can mark the old authorization deprecated.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

[jira] [Commented] (SENTRY-498) Sentry integration with Hive authorization framework V2

Reply via email to