----------------------------------------------------------- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/63250/ -----------------------------------------------------------
(Updated Nov. 8, 2017, 6:15 p.m.) Review request for sentry and Sergio Pena. Changes ------- Addressed review comments. Bugs: SENTRY-1475 https://issues.apache.org/jira/browse/SENTRY-1475 Repository: sentry Description ------- - Upgraded Solr to latest version (v7.1.0) - Introduced following new authorizable entity types, - Admin (to authorize various cluster admin operations) - Note that privilege configuration for Solr collections admin operations have changed from "collection=admin->action= <some_action>" to "admin=collections->action=<some_action>". A migration tool will be provided as part of SENTRY-1480). - Config (to authorize various Solr collection configuration operations) - Schema (to authorize Solr schema changes) - Renamed sentry-core-model-search module to sentry-core-model-solr to reflect the fact that it represents logic for Apache SOLR and is consistent with naming convention used for other components (e.g. kafka) - Moved the Solr audit log functionality to sentry-binding-solr module so that it can be integrated with the Solr/Sentry authorization plugin. - Deleted all the custom Solr request handlers in the sentry-solr/solr-sentry-handlers module since the Solr authorization plugin handles the authorization of all solr requests. This module now contains just the functionality required for implementing Solr document level security. Diffs (updated) ----- pom.xml bea2c5fe4bae53eb6b45602f2586ef30e9e7c309 sentry-binding/sentry-binding-solr/pom.xml ed2624b68322186c10f42c615f635419147ba1f9 sentry-binding/sentry-binding-solr/src/main/java/org/apache/sentry/binding/solr/authz/SentrySolrAuthorizationException.java 938dbfdbd9df440b9e6dad574627ebfece6c7f0b sentry-binding/sentry-binding-solr/src/main/java/org/apache/sentry/binding/solr/authz/SentrySolrPluginImpl.java PRE-CREATION sentry-binding/sentry-binding-solr/src/main/java/org/apache/sentry/binding/solr/authz/SolrAuthzBinding.java 0a818e58c72e52a6d7d60593fd63446402eab2f9 sentry-binding/sentry-binding-solr/src/main/java/org/apache/sentry/binding/solr/authz/SolrAuthzUtil.java PRE-CREATION sentry-binding/sentry-binding-solr/src/main/java/org/apache/sentry/binding/solr/conf/SolrAuthzConf.java 37efa5bfda0a2dbc46c38e6cd6c0b8d7b987f865 sentry-binding/sentry-binding-solr/src/main/java/org/apache/solr/sentry/AuditLogger.java PRE-CREATION sentry-binding/sentry-binding-solr/src/main/java/org/apache/solr/sentry/RollingFileWithoutDeleteAppender.java PRE-CREATION sentry-binding/sentry-binding-solr/src/test/java/org/apache/sentry/binding/solr/HdfsTestUtil.java 859c793c54663af867e710c421929404ef5322e1 sentry-binding/sentry-binding-solr/src/test/java/org/apache/sentry/binding/solr/TestSolrAuthzBinding.java 7a88d905a7dcdf719669c8a14e74b291975606fc sentry-binding/sentry-binding-solr/src/test/java/org/apache/sentry/policy/solr/AbstractTestSearchPolicyEngine.java 3df6ecfd67129af96a1ffe6688738292fc773993 sentry-binding/sentry-binding-solr/src/test/java/org/apache/sentry/policy/solr/AbstractTestSolrPolicyEngine.java PRE-CREATION sentry-binding/sentry-binding-solr/src/test/java/org/apache/sentry/policy/solr/SearchPolicyTestUtil.java e198b5c762ca6eca435d75e07887a10ddd38e361 sentry-binding/sentry-binding-solr/src/test/java/org/apache/sentry/policy/solr/SolrPolicyTestUtil.java PRE-CREATION sentry-binding/sentry-binding-solr/src/test/java/org/apache/sentry/policy/solr/TestCollectionRequiredInRole.java 76211dd0b30a36a67434f9fef2b4d350a1fab941 sentry-binding/sentry-binding-solr/src/test/java/org/apache/sentry/policy/solr/TestSearchAuthorizationProviderGeneralCases.java b4aa684358a37530037cd68797a325f1099c3e46 sentry-binding/sentry-binding-solr/src/test/java/org/apache/sentry/policy/solr/TestSearchAuthorizationProviderSpecialCases.java 371f3614a723bd8f515b6d2011e522db5bd7ac51 sentry-binding/sentry-binding-solr/src/test/java/org/apache/sentry/policy/solr/TestSearchModelAuthorizables.java e7da13ae5cf21a72933f0124d200071ab89379df sentry-binding/sentry-binding-solr/src/test/java/org/apache/sentry/policy/solr/TestSearchPolicyEngineDFS.java 59283ea451cbd60d39c0ffd7c98a3ea863238358 sentry-binding/sentry-binding-solr/src/test/java/org/apache/sentry/policy/solr/TestSearchPolicyEngineLocalFS.java 0ff4502b7f191d8e2cb74a1616124733484cad43 sentry-binding/sentry-binding-solr/src/test/java/org/apache/sentry/policy/solr/TestSearchPolicyNegative.java 20fee76982094918ec8a98e0ed060ccf37c3b591 sentry-binding/sentry-binding-solr/src/test/java/org/apache/sentry/policy/solr/TestSolrAuthorizationProviderGeneralCases.java PRE-CREATION sentry-binding/sentry-binding-solr/src/test/java/org/apache/sentry/policy/solr/TestSolrAuthorizationProviderSpecialCases.java PRE-CREATION sentry-binding/sentry-binding-solr/src/test/java/org/apache/sentry/policy/solr/TestSolrModelAuthorizables.java PRE-CREATION sentry-binding/sentry-binding-solr/src/test/java/org/apache/sentry/policy/solr/TestSolrPolicyEngineDFS.java PRE-CREATION sentry-binding/sentry-binding-solr/src/test/java/org/apache/sentry/policy/solr/TestSolrPolicyEngineLocalFS.java PRE-CREATION sentry-binding/sentry-binding-solr/src/test/java/org/apache/sentry/policy/solr/TestSolrPolicyNegative.java PRE-CREATION sentry-binding/sentry-binding-solr/src/test/java/org/apache/sentry/privilege/solr/TestCommonPrivilegeForSearch.java de6d6e0410e0207d62f560403b51cc7b0130c2aa sentry-binding/sentry-binding-solr/src/test/java/org/apache/sentry/privilege/solr/TestCommonPrivilegeForSolr.java PRE-CREATION sentry-binding/sentry-binding-solr/src/test/resources/test-authz-provider.ini 56317dbf88b833f3a69a78084f345acc613c807a sentry-core/pom.xml 6b9176798d5bf466c7e19e7a681dabfa792fdf1d sentry-core/sentry-core-model-search/pom.xml 5917a63426179ed06aba22a9dae24f15a7adcac2 sentry-core/sentry-core-model-search/src/main/java/org/apache/sentry/core/model/search/Collection.java 26ea2874fa81b491fdad5ca23e9d5d1355697ea4 sentry-core/sentry-core-model-search/src/main/java/org/apache/sentry/core/model/search/Field.java 2dd9065a74a2a0125730fa3ad44d56fd67914b8b sentry-core/sentry-core-model-search/src/main/java/org/apache/sentry/core/model/search/SearchActionFactory.java 3f107264955c9603335497f71b5e947cf5ed2bc9 sentry-core/sentry-core-model-search/src/main/java/org/apache/sentry/core/model/search/SearchConstants.java a2b17fc4ce186430544d315ee00182e3172bafdc sentry-core/sentry-core-model-search/src/main/java/org/apache/sentry/core/model/search/SearchModelAction.java 48ac267f5ac45a3c239f71a0860acc65a2151a79 sentry-core/sentry-core-model-search/src/main/java/org/apache/sentry/core/model/search/SearchModelAuthorizable.java 5a55963d40a9ad959660cf5381d3c2c6269ab0db sentry-core/sentry-core-model-search/src/main/java/org/apache/sentry/core/model/search/SearchModelAuthorizables.java 2b190e5ca2b49ca5737a9835e4b301317138ac21 sentry-core/sentry-core-model-search/src/main/java/org/apache/sentry/core/model/search/SearchPrivilegeModel.java 9429a25e06f2334e5ab847ddfbae2cec42d0d140 sentry-core/sentry-core-model-search/src/main/java/org/apache/sentry/core/model/search/validator/AbstractSearchPrivilegeValidator.java c06131cbff0000b5991f9c910652d1ff6fba8fa3 sentry-core/sentry-core-model-search/src/main/java/org/apache/sentry/core/model/search/validator/CollectionRequiredInPrivilege.java 93b3861225c078021dfd6c2e25943efd28ef5b52 sentry-core/sentry-core-model-search/src/test/java/org/apache/sentry/core/search/TestCollection.java 231140163c4a5db181882f365e888315a7583c0b sentry-core/sentry-core-model-search/src/test/java/org/apache/sentry/core/search/TestSearchBitFieldAction.java 0056f40858244331dabe80b29473e94e41a4062e sentry-core/sentry-core-model-solr/pom.xml PRE-CREATION sentry-core/sentry-core-model-solr/src/main/java/org/apache/sentry/core/model/solr/AdminOperation.java PRE-CREATION sentry-core/sentry-core-model-solr/src/main/java/org/apache/sentry/core/model/solr/Collection.java PRE-CREATION sentry-core/sentry-core-model-solr/src/main/java/org/apache/sentry/core/model/solr/Config.java PRE-CREATION sentry-core/sentry-core-model-solr/src/main/java/org/apache/sentry/core/model/solr/Field.java PRE-CREATION sentry-core/sentry-core-model-solr/src/main/java/org/apache/sentry/core/model/solr/Schema.java PRE-CREATION sentry-core/sentry-core-model-solr/src/main/java/org/apache/sentry/core/model/solr/SolrActionFactory.java PRE-CREATION sentry-core/sentry-core-model-solr/src/main/java/org/apache/sentry/core/model/solr/SolrConstants.java PRE-CREATION sentry-core/sentry-core-model-solr/src/main/java/org/apache/sentry/core/model/solr/SolrModelAction.java PRE-CREATION sentry-core/sentry-core-model-solr/src/main/java/org/apache/sentry/core/model/solr/SolrModelAuthorizable.java PRE-CREATION sentry-core/sentry-core-model-solr/src/main/java/org/apache/sentry/core/model/solr/SolrModelAuthorizables.java PRE-CREATION sentry-core/sentry-core-model-solr/src/main/java/org/apache/sentry/core/model/solr/SolrPrivilegeModel.java PRE-CREATION sentry-core/sentry-core-model-solr/src/main/java/org/apache/sentry/core/model/solr/validator/SolrPrivilegeValidator.java PRE-CREATION sentry-core/sentry-core-model-solr/src/test/java/org/apache/sentry/core/solr/TestCollection.java PRE-CREATION sentry-core/sentry-core-model-solr/src/test/java/org/apache/sentry/core/solr/TestSolrBitFieldAction.java PRE-CREATION sentry-dist/pom.xml 2d7f57e77f058ce35bd4b4e5dfcaab38849141f2 sentry-provider/sentry-provider-db/pom.xml cd190324b444f5d95a54268e1919fe0588f2375c sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/generic/service/persistent/PrivilegeOperatePersistence.java d8b48874bfe4045ac3c032f4db7839ccdf470101 sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/generic/tools/GenericPrivilegeConverter.java 51d6df958aea7681c62a751f25e3d2d624dc96dd sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/generic/tools/SentryConfigToolSolr.java 77d39194f548dad8700d6f6ef6330c2fa0b92579 sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/provider/db/generic/service/persistent/TestPrivilegeOperatePersistence.java 34c2107055420db49142a0eb14b1d9f8deb1e2c3 sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/provider/db/generic/service/persistent/TestSentryGMPrivilege.java 258721e906adb45e7fac29b90955a0b00f9e7e55 sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/provider/db/generic/service/persistent/TestSentryRole.java 9be4a8b502ad78a17b4528a7c181728e21e8316f sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/provider/db/generic/service/thrift/TestSentryGenericPolicyProcessor.java b7f0774ac2a19de915035d1844e0e92392566fb0 sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/provider/db/generic/service/thrift/TestSentryGenericServiceIntegration.java ac8b2a774964c9f877bc284748d9ec9f9f00a727 sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/provider/db/generic/tools/TestSentryConfigToolSolr.java 3685073910e4b5f45183742723c6146749a927f1 sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/provider/db/generic/tools/TestSentryShellSolr.java 55831a45b4e75fefecbebd8ce13da73ce3697d4f sentry-solr/pom.xml 133ea60e4eadb04204d187e8298d8e67a01d287e sentry-solr/solr-sentry-core/pom.xml e7882626f388b329fd00745e36e356674aae77c8 sentry-solr/solr-sentry-core/src/main/java/org/apache/solr/sentry/AuditLogger.java 7f3e391e1f7b5a4e4e836639b3ad8b792d1f57d4 sentry-solr/solr-sentry-core/src/main/java/org/apache/solr/sentry/RollingFileWithoutDeleteAppender.java f749740a376f874dfca885b7acb197381453c3dc sentry-solr/solr-sentry-core/src/main/java/org/apache/solr/sentry/SecureRequestHandlerUtil.java be9642bca489a39529c86b9b0f5c36b4724fdc5e sentry-solr/solr-sentry-core/src/main/java/org/apache/solr/sentry/SentryIndexAuthorizationSingleton.java 8bd93ad686c056c11f355f14640ad4fc3129b342 sentry-solr/solr-sentry-handlers/pom.xml 5b024db9dcac387ba447eedd54c33159bb039b8f sentry-solr/solr-sentry-handlers/src/main/java/org/apache/solr/handler/SecureDocumentAnalysisRequestHandler.java 1c1f6f8a38579888711dd2cea41319eca52220fe sentry-solr/solr-sentry-handlers/src/main/java/org/apache/solr/handler/SecureFieldAnalysisRequestHandler.java 62f9a1969830c1356712b54005cd2036c4b3e7a1 sentry-solr/solr-sentry-handlers/src/main/java/org/apache/solr/handler/SecureRealTimeGetHandler.java db182ef8e718b90efe2b31cbd8621dfefabb1bef sentry-solr/solr-sentry-handlers/src/main/java/org/apache/solr/handler/SecureReplicationHandler.java bdcd830dedacd40afb227594672b7cb2b392fb46 sentry-solr/solr-sentry-handlers/src/main/java/org/apache/solr/handler/admin/SecureAdminHandlers.java 44db3b479a33ad2c9979f1f1aa0213d959dfdef1 sentry-solr/solr-sentry-handlers/src/main/java/org/apache/solr/handler/admin/SecureCollectionsHandler.java b5edf2093cd7fda3d53fab39a587df9711dc1e7b sentry-solr/solr-sentry-handlers/src/main/java/org/apache/solr/handler/admin/SecureCoreAdminHandler.java ff6e281821f064691d45edb04b2d50761a9b010e sentry-solr/solr-sentry-handlers/src/main/java/org/apache/solr/handler/admin/SecureInfoHandler.java 628d1d7ef7a1c526f4529cf8dec6fe2c3a4acf1c sentry-solr/solr-sentry-handlers/src/main/java/org/apache/solr/handler/component/QueryDocAuthorizationComponent.java 933db43738af09eb4cf6ea7b678d14df8aaa6aae sentry-solr/solr-sentry-handlers/src/main/java/org/apache/solr/handler/component/QueryIndexAuthorizationComponent.java 5fbb7436ea008e9c47c9322702115c7ce74e65ff sentry-solr/solr-sentry-handlers/src/main/java/org/apache/solr/handler/component/SecureRealTimeGetComponent.java 7d55a7f65ba518deb4ed755f949640f8c052e310 sentry-solr/solr-sentry-handlers/src/main/java/org/apache/solr/update/processor/UpdateIndexAuthorizationProcessor.java d995a7d3ca017163a511f6d3f662c4b8ecc4aa6b sentry-solr/solr-sentry-handlers/src/main/java/org/apache/solr/update/processor/UpdateIndexAuthorizationProcessorFactory.java 07f7f28395f7e1d06a9517ff95a7ff874975f095 sentry-solr/solr-sentry-handlers/src/main/resources/sentry-handlers/solr/collection1/lib/classes/empty-file-main-lib.txt 8b137891791fe96927ad78e64b0aad7bded08bdc sentry-solr/solr-sentry-handlers/src/test/java/org/apache/solr/handler/TestSecureAnalysisHandlers.java 28406e244b60907eb8bcbc5f2d0b49baa7b0508c sentry-solr/solr-sentry-handlers/src/test/java/org/apache/solr/handler/TestSecureReplicationHandler.java 6367814d5ee80f3ca0a4b44ce1dd88fc1d71569e sentry-solr/solr-sentry-handlers/src/test/java/org/apache/solr/handler/admin/SecureAdminHandlersTest.java aea44f7e66dd7adffbfd013bbc1bd6cf51cdb4d9 sentry-solr/solr-sentry-handlers/src/test/java/org/apache/solr/handler/admin/SecureCollectionsHandlerTest.java 218302e87adc417b8df534babdbb392bb5bad747 sentry-solr/solr-sentry-handlers/src/test/java/org/apache/solr/handler/admin/SecureCoreAdminHandlerTest.java f93fb656156513d80e4e299e00a01ef93b703345 sentry-solr/solr-sentry-handlers/src/test/java/org/apache/solr/handler/admin/SecureInfoHandlerTest.java 54784f44ae85a989848e1ee026f28d3f647a5e24 sentry-solr/solr-sentry-handlers/src/test/java/org/apache/solr/handler/component/QueryDocAuthorizationComponentTest.java 1f44628f115b8f9147384fcdf4fc4ac8f6e28709 sentry-solr/solr-sentry-handlers/src/test/java/org/apache/solr/handler/component/QueryIndexAuthorizationComponentTest.java a1f3760851a3b8b7df595b2679ae7f3ccfd8f3ca sentry-solr/solr-sentry-handlers/src/test/java/org/apache/solr/sentry/SentryIndexAuthorizationSingletonTest.java c294cf36672aa8135114d63197d08438b7d6d6c6 sentry-solr/solr-sentry-handlers/src/test/java/org/apache/solr/sentry/SentrySingletonTestInstance.java 579f79111a16f058e4ab26ded9ba4070ff2e7454 sentry-solr/solr-sentry-handlers/src/test/java/org/apache/solr/sentry/SentryTestBase.java e1a1ba8c9deeb39dfa43159947ff35fab60d9ecb sentry-solr/solr-sentry-handlers/src/test/java/org/apache/solr/update/processor/UpdateIndexAuthorizationProcessorTest.java 630ca7caf36784166062e3ddcba7c064974d9242 sentry-tests/sentry-tests-solr/pom.xml 311e441a4715230f809252be2ab7882955b80c68 sentry-tests/sentry-tests-solr/src/test/java/org/apache/sentry/tests/e2e/solr/AbstractSolrSentryTestBase.java 7ddd1e2a35fef843e388e5491af2d58ee678c576 sentry-tests/sentry-tests-solr/src/test/java/org/apache/sentry/tests/e2e/solr/AbstractSolrSentryTestCase.java PRE-CREATION sentry-tests/sentry-tests-solr/src/test/java/org/apache/sentry/tests/e2e/solr/DocLevelGenerator.java e50e3f8d8b75a128323d547f3bd20fa5338ffdb1 sentry-tests/sentry-tests-solr/src/test/java/org/apache/sentry/tests/e2e/solr/DummyAuthPluginImpl.java PRE-CREATION sentry-tests/sentry-tests-solr/src/test/java/org/apache/sentry/tests/e2e/solr/ModifiableUserAuthenticationFilter.java ac676a84c82d4f638aea0ca047fd440c42cfb816 sentry-tests/sentry-tests-solr/src/test/java/org/apache/sentry/tests/e2e/solr/TestCollAdminCoreOperations.java b0d6db10e9b20062456b112ed28a3b46d4e678fb sentry-tests/sentry-tests-solr/src/test/java/org/apache/sentry/tests/e2e/solr/TestDocLevelOperations.java 71452e24528b885b72a66ed8085ffd186f540c4d sentry-tests/sentry-tests-solr/src/test/java/org/apache/sentry/tests/e2e/solr/TestQueryOperations.java f8ed955db9350ce59e05d68435757de7935d3314 sentry-tests/sentry-tests-solr/src/test/java/org/apache/sentry/tests/e2e/solr/TestRealTimeGet.java f9b6c07ca3fabd81dc08687098eb29f4c7c94207 sentry-tests/sentry-tests-solr/src/test/java/org/apache/sentry/tests/e2e/solr/TestSentryServer.java PRE-CREATION sentry-tests/sentry-tests-solr/src/test/java/org/apache/sentry/tests/e2e/solr/TestSolrAdminOperations.java PRE-CREATION sentry-tests/sentry-tests-solr/src/test/java/org/apache/sentry/tests/e2e/solr/TestSolrCollectionOperations.java PRE-CREATION sentry-tests/sentry-tests-solr/src/test/java/org/apache/sentry/tests/e2e/solr/TestSolrConfigOperations.java PRE-CREATION sentry-tests/sentry-tests-solr/src/test/java/org/apache/sentry/tests/e2e/solr/TestSolrSchemaOperations.java PRE-CREATION sentry-tests/sentry-tests-solr/src/test/java/org/apache/sentry/tests/e2e/solr/TestUpdateOperations.java 2b246b582c25bd1b5adf1016078c2b9aa3edb6fc sentry-tests/sentry-tests-solr/src/test/java/org/apache/sentry/tests/e2e/solr/db/integration/AbstractSolrSentryTestWithDbProvider.java 71c3cb634d744a1985591db6f794e1b3bb96b475 sentry-tests/sentry-tests-solr/src/test/java/org/apache/sentry/tests/e2e/solr/db/integration/TestSolrAdminOperations.java c07b3b8efebca5693cddf84cc1a7104d9a7b17ee sentry-tests/sentry-tests-solr/src/test/java/org/apache/sentry/tests/e2e/solr/db/integration/TestSolrDocLevelOperations.java 7f1fdfdbe2edbf7b340693ea1045470efc79b043 sentry-tests/sentry-tests-solr/src/test/java/org/apache/sentry/tests/e2e/solr/db/integration/TestSolrQueryOperations.java 3eb6c0f0250e0e6cd8362cd63b7988423d120d80 sentry-tests/sentry-tests-solr/src/test/java/org/apache/sentry/tests/e2e/solr/db/integration/TestSolrUpdateOperations.java 94123259ab9f9ac90cc3a6d1978f4df7af3f0425 sentry-tests/sentry-tests-solr/src/test/resources/solr/configsets/cloud-managed/conf/managed-schema PRE-CREATION sentry-tests/sentry-tests-solr/src/test/resources/solr/configsets/cloud-managed/conf/solrconfig.xml PRE-CREATION sentry-tests/sentry-tests-solr/src/test/resources/solr/configsets/cloud-minimal/conf/schema.xml PRE-CREATION sentry-tests/sentry-tests-solr/src/test/resources/solr/configsets/cloud-minimal/conf/solrconfig.xml PRE-CREATION sentry-tests/sentry-tests-solr/src/test/resources/solr/configsets/cloud-minimal_doc_level_security/conf/schema.xml PRE-CREATION sentry-tests/sentry-tests-solr/src/test/resources/solr/configsets/cloud-minimal_doc_level_security/conf/solrconfig.xml PRE-CREATION sentry-tests/sentry-tests-solr/src/test/resources/solr/security/security.json PRE-CREATION Diff: https://reviews.apache.org/r/63250/diff/7/ Changes: https://reviews.apache.org/r/63250/diff/6-7/ Testing ------- All Solr/Sentry unit tests passing Thanks, Hrishikesh Gadre