That's good. Permission updates - even full permission update shouldn't be very expensive, so we may be more willing to send one when we detect improper holes.
On Mon, Jul 24, 2017 at 5:59 PM, Na Li <[email protected]> wrote: > Sasha, > > Yes. > > SentryHDFSServiceProcessor.get_authz_updates gets perm update and path > update separately, and puts them into the response object. > > Thanks, > > Lina > > On Mon, Jul 24, 2017 at 10:48 AM, Alexander Kolbasov <[email protected]> > wrote: > > > Does it mean that without any changes the current code may send e.g. full > > update for permissions and partial update for paths or visa versa? > > > > - Alex > > > > On Mon, Jul 24, 2017 at 5:36 PM, Na Li <[email protected]> wrote: > > > > > Sasha, > > > > > > When NameNode plugin asks for updates, it includes info for both > > permission > > > and path. However, the processing is separate. It is possible for > Sentry > > to > > > send full snapshot of permission and delta change to HDFS. At Sentry, > > perm > > > and path processing share the same class, but they have their own > > > instances. > > > > > > The current behavior can already satisfy your requirements. I have > > > confirmed this with Sergio. > > > > > > You can see it in SentryPlugin.java at sentry server side. > > > > > > public void initialize(Configuration conf, SentryStore sentryStore) > > > throws SentryPluginException { > > > PermImageRetriever permImageRetriever = new > > > PermImageRetriever(sentryStore); > > > PathImageRetriever pathImageRetriever = new > > > PathImageRetriever(sentryStore); > > > PermDeltaRetriever permDeltaRetriever = new > > > PermDeltaRetriever(sentryStore); > > > PathDeltaRetriever pathDeltaRetriever = new > > > PathDeltaRetriever(sentryStore); > > > pathsUpdater = new DBUpdateForwarder<>(pathImageRetriever, > > > pathDeltaRetriever); <- path has its own instance > > > permsUpdater = new DBUpdateForwarder<>(permImageRetriever, > > > permDeltaRetriever); <- perm has its own instance > > > ... > > > } > > > > > > Thanks, > > > > > > Lina > > > > > > On Fri, Jul 21, 2017 at 6:35 PM, Alexander Kolbasov < > [email protected]> > > > wrote: > > > > > > > Lina’s email prompted an interesting thought - right now when the > > > NameNode > > > > plugin isn’t happy and wants a full update we send it both > permissions > > > > update and path update. Path update is very expensive while > permissions > > > > update is usually much smaller. > > > > > > > > It would be very useful to be able to send just full path update or > > just > > > > full perms update when there is a problem with just path or just > > > > permissions. > > > > > > > > Any thoughts? > > > > > > > > - Alex > > > > > >
