Re: Review Request 66590: SENTRY-2201 Initial Attriubte based access control

Anthony Young-Garner via Review Board Fri, 13 Apr 2018 14:13:45 -0700

-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/66590/#review201127
-----------------------------------------------------------





sentry-abac/example-delta.json
Lines 1 (patched)
<https://reviews.apache.org/r/66590/#comment282118>

    A file-based representation of deltas/changes may not be necessary. It is a 
simpler workflow for the user to edit the original file (e.g. 
example-definition.json) rather than provide explicit delta files. The server 
can detect changes to this file and update ingested attributes as appropriate.



sentry-abac/notes.txt
Lines 19 (patched)
<https://reviews.apache.org/r/66590/#comment282119>

    Lines 19 - 20 can be removed if the example-delta.json file is removed.



sentry-abac/pom.xml
Lines 25 (patched)
<https://reviews.apache.org/r/66590/#comment282120>

    Should the project version be parameterized?



sentry-abac/src/main/java/org/apache/sentry/abac/AttributeMap.java
Lines 77 (patched)
<https://reviews.apache.org/r/66590/#comment282129>

    This is a common and expected occurrence based on the implementation of the 
addEntry method. Change from warn to debug?



sentry-abac/src/main/java/org/apache/sentry/abac/AttributeMap.java
Lines 86 (patched)
<https://reviews.apache.org/r/66590/#comment282130>

    This is a common and expected occurrence based on the implementation of the 
addEntry method. Change from warn to debug?



sentry-abac/src/main/java/org/apache/sentry/abac/AttributeMap.java
Lines 228 (patched)
<https://reviews.apache.org/r/66590/#comment282132>

    Profile does not need to be maintained, managed or handled during attribute 
ingestion. Just the object is needed (not the object and the profile). See 
comments above about 'server.db.table.column' vs. 'db.table.column'.



sentry-abac/src/main/java/org/apache/sentry/abac/SentryObject.java
Lines 33 (patched)
<https://reviews.apache.org/r/66590/#comment282125>

    Add field, getter and setter for descriptor (contentDescriptor). Also add a 
two-arg constructor and update toString, equals and hashCode methods.



sentry-abac/src/main/java/org/apache/sentry/abac/SentryObject.java
Lines 37 (patched)
<https://reviews.apache.org/r/66590/#comment282122>

    This is just the SentryObject. Keep mention of Profile distinct; remove 
here.



sentry-abac/src/main/java/org/apache/sentry/abac/SentryObject.java
Lines 39 (patched)
<https://reviews.apache.org/r/66590/#comment282128>

    I guess this string will look like "db.table.column" not 
"server.db.table.column". Where will the server value come from during 
ingestion? Also, is the multipart single string representation best or should 
we consider db, table and column, each in separate instance variables?



sentry-abac/src/main/java/org/apache/sentry/abac/SentryObject.java
Lines 43 (patched)
<https://reviews.apache.org/r/66590/#comment282123>

    Remove. This will be incredibly verbose.



sentry-abac/src/test/java/org/apache/sentry/tests/abac/TestAttributeMap.java
Lines 54 (patched)
<https://reviews.apache.org/r/66590/#comment282138>

    See notes on SentryObject on server.db.table.column vs. db.table.column.



sentry-abac/src/test/java/org/apache/sentry/tests/abac/TestAttributeMap.java
Lines 55 (patched)
<https://reviews.apache.org/r/66590/#comment282139>

    Add test objects witih content descriptors also (see SentryObject class).



sentry-abac/src/test/java/org/apache/sentry/tests/abac/TestAttributeMap.java
Lines 274 (patched)
<https://reviews.apache.org/r/66590/#comment282140>

    See notes on SentryObject on server.db.table.column vs. db.table.column.



sentry-abac/src/test/java/org/apache/sentry/tests/abac/TestAttributeMap.java
Lines 295 (patched)
<https://reviews.apache.org/r/66590/#comment282141>

    See notes on SentryObject on server.db.table.column vs. db.table.column.



sentry-abac/src/test/java/org/apache/sentry/tests/abac/TestStaticProvider.java
Lines 50 (patched)
<https://reviews.apache.org/r/66590/#comment282143>

    See notes on SentryObject on server.db.table.column vs. db.table.column.



sentry-abac/src/test/java/org/apache/sentry/tests/abac/TestStaticProvider.java
Lines 85 (patched)
<https://reviews.apache.org/r/66590/#comment282144>

    See notes on SentryObject on server.db.table.column vs. db.table.column.



sentry-abac/src/test/java/org/apache/sentry/tests/abac/TestStaticProvider.java
Lines 122 (patched)
<https://reviews.apache.org/r/66590/#comment282145>

    See notes on SentryObject on server.db.table.column vs. db.table.column.


- Anthony Young-Garner


On April 12, 2018, 8:45 p.m., Steve Moist wrote:
> 
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/66590/
> -----------------------------------------------------------
> 
> (Updated April 12, 2018, 8:45 p.m.)
> 
> 
> Review request for sentry.
> 
> 
> Repository: sentry
> 
> 
> Description
> -------
> 
> This is the inital draft of attribute based access control.
> 
> 
> Diffs
> -----
> 
>   pom.xml 16a3838a 
>   sentry-abac/example-definition.json PRE-CREATION 
>   sentry-abac/example-delta.json PRE-CREATION 
>   sentry-abac/notes.txt PRE-CREATION 
>   sentry-abac/pom.xml PRE-CREATION 
>   sentry-abac/src/main/java/org/apache/sentry/abac/Attribute.java 
> PRE-CREATION 
>   sentry-abac/src/main/java/org/apache/sentry/abac/AttributeMap.java 
> PRE-CREATION 
>   sentry-abac/src/main/java/org/apache/sentry/abac/AttributeMapAdapter.java 
> PRE-CREATION 
>   
> sentry-abac/src/main/java/org/apache/sentry/abac/AttributeMapKeyException.java
>  PRE-CREATION 
>   
> sentry-abac/src/main/java/org/apache/sentry/abac/GenericAttributeProvider.java
>  PRE-CREATION 
>   
> sentry-abac/src/main/java/org/apache/sentry/abac/SentryAttributeAuthorizer.java
>  PRE-CREATION 
>   sentry-abac/src/main/java/org/apache/sentry/abac/SentryObject.java 
> PRE-CREATION 
>   
> sentry-abac/src/main/java/org/apache/sentry/abac/StaticAttributeProvider.java 
> PRE-CREATION 
>   sentry-abac/src/test/java/org/apache/sentry/tests/abac/TestAttribute.java 
> PRE-CREATION 
>   
> sentry-abac/src/test/java/org/apache/sentry/tests/abac/TestAttributeMap.java 
> PRE-CREATION 
>   
> sentry-abac/src/test/java/org/apache/sentry/tests/abac/TestSentryAttributeAuthorizer.java
>  PRE-CREATION 
>   
> sentry-abac/src/test/java/org/apache/sentry/tests/abac/TestStaticProvider.java
>  PRE-CREATION 
>   sentry-abac/src/test/resources/abac.props PRE-CREATION 
>   sentry-binding/sentry-binding-hive/pom.xml ccfa9cfe 
>   
> sentry-binding/sentry-binding-hive/src/main/java/org/apache/sentry/binding/hive/authz/DefaultSentryValidator.java
>  1ab5be35 
>   
> sentry-binding/sentry-binding-hive/src/main/java/org/apache/sentry/binding/hive/authz/SentryHiveAuthorizerImpl.java
>  86ff0cc2 
> 
> 
> Diff: https://reviews.apache.org/r/66590/diff/3/
> 
> 
> Testing
> -------
> 
> full build,added unit tests, tested code on a cluster.
> 
> 
> Thanks,
> 
> Steve Moist
> 
>

Re: Review Request 66590: SENTRY-2201 Initial Attriubte based access control

Reply via email to