Re: Review Request 66590: SENTRY-2201 Initial Attriubte based access control

Thu, 19 Apr 2018 08:23:49 -0700 

-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/66590/#review201522
-----------------------------------------------------------




sentry-abac/src/main/java/org/apache/sentry/abac/Attribute.java
Lines 19 (patched)
<https://reviews.apache.org/r/66590/#comment282806>

    Is Attribute persisted?



sentry-abac/src/main/java/org/apache/sentry/abac/AttributeMap.java
Lines 44 (patched)
<https://reviews.apache.org/r/66590/#comment282813>

    If Attribute and SentryObject are tables, I believe that this should also 
be a table. Seems like it is a Many-To-Many mapping. If you had the database we 
won't need many of the below methods right?



sentry-abac/src/main/java/org/apache/sentry/abac/AttributeMap.java
Lines 60 (patched)
<https://reviews.apache.org/r/66590/#comment282809>

    Thinking if there is a better way to do this
    
    Instead of addEntry, can we have addAttributeToObject, and 
addObjectToAttribute? Then we could have 2 methods as opposed to 3 separate 
addEntry methods



sentry-abac/src/main/java/org/apache/sentry/abac/AttributeMap.java
Lines 61 (patched)
<https://reviews.apache.org/r/66590/#comment282811>

    Add Null checks?



sentry-abac/src/main/java/org/apache/sentry/abac/AttributeMap.java
Lines 121 (patched)
<https://reviews.apache.org/r/66590/#comment282812>

    This check should happen before we call targetObjects.remove(targetObject). 
    
    I don't think we should be removing the object, if we can't remove the 
attribute



sentry-abac/src/main/java/org/apache/sentry/abac/SentryObject.java
Lines 25 (patched)
<https://reviews.apache.org/r/66590/#comment282807>

    Can we have a description here, just like the one you had for Attribute?



sentry-abac/src/main/java/org/apache/sentry/abac/SentryObject.java
Lines 27 (patched)
<https://reviews.apache.org/r/66590/#comment282808>

    this class seems identical to Attrubute. Any reason why we have another 
one? Is this going to be persisted?


- Arjun Mishra


On April 16, 2018, 7:51 p.m., Steve Moist wrote:
> 
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/66590/
> -----------------------------------------------------------
> 
> (Updated April 16, 2018, 7:51 p.m.)
> 
> 
> Review request for sentry.
> 
> 
> Repository: sentry
> 
> 
> Description
> -------
> 
> This is the inital draft of attribute based access control.
> 
> 
> Diffs
> -----
> 
>   pom.xml 16a3838a 
>   sentry-abac/example-definition.json PRE-CREATION 
>   sentry-abac/pom.xml PRE-CREATION 
>   sentry-abac/src/main/java/org/apache/sentry/abac/Attribute.java 
> PRE-CREATION 
>   sentry-abac/src/main/java/org/apache/sentry/abac/AttributeMap.java 
> PRE-CREATION 
>   sentry-abac/src/main/java/org/apache/sentry/abac/AttributeMapAdapter.java 
> PRE-CREATION 
>   
> sentry-abac/src/main/java/org/apache/sentry/abac/AttributeMapKeyException.java
>  PRE-CREATION 
>   
> sentry-abac/src/main/java/org/apache/sentry/abac/GenericAttributeProvider.java
>  PRE-CREATION 
>   
> sentry-abac/src/main/java/org/apache/sentry/abac/SentryAttributeAuthorizer.java
>  PRE-CREATION 
>   sentry-abac/src/main/java/org/apache/sentry/abac/SentryObject.java 
> PRE-CREATION 
>   
> sentry-abac/src/main/java/org/apache/sentry/abac/StaticAttributeProvider.java 
> PRE-CREATION 
>   sentry-abac/src/test/java/org/apache/sentry/tests/abac/TestAttribute.java 
> PRE-CREATION 
>   
> sentry-abac/src/test/java/org/apache/sentry/tests/abac/TestAttributeMap.java 
> PRE-CREATION 
>   
> sentry-abac/src/test/java/org/apache/sentry/tests/abac/TestSentryAttributeAuthorizer.java
>  PRE-CREATION 
>   
> sentry-abac/src/test/java/org/apache/sentry/tests/abac/TestStaticProvider.java
>  PRE-CREATION 
>   sentry-abac/src/test/resources/abac.props PRE-CREATION 
>   sentry-binding/sentry-binding-hive/pom.xml ccfa9cfe 
>   
> sentry-binding/sentry-binding-hive/src/main/java/org/apache/sentry/binding/hive/authz/DefaultSentryValidator.java
>  1ab5be35 
>   
> sentry-binding/sentry-binding-hive/src/main/java/org/apache/sentry/binding/hive/authz/SentryHiveAuthorizerImpl.java
>  86ff0cc2 
> 
> 
> Diff: https://reviews.apache.org/r/66590/diff/4/
> 
> 
> Testing
> -------
> 
> full build,added unit tests, tested code on a cluster.
> 
> 
> Thanks,
> 
> Steve Moist
> 
>

Reply via email to