> On Dec. 20, 2018, 6:06 p.m., Arjun Mishra wrote: > > sentry-binding/sentry-binding-hive/src/main/java/org/apache/sentry/binding/hive/authz/MetastoreAuthzObjectFilter.java > > Lines 184 (patched) > > <https://reviews.apache.org/r/69586/diff/2/?file=2114938#file2114938line184> > > > > We should throw an AuthorizationException with message here. Otherwise > > the expected privileges won't be printed out on Hive console
Not possible. This filter is for the HMS server, and the denied authorization is to let the user know that the object does not exist. The reason is to avoid users to guess which objects exist and which do not. - Sergio ----------------------------------------------------------- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/69586/#review211468 ----------------------------------------------------------- On Dec. 20, 2018, 3:45 p.m., Sergio Pena wrote: > > ----------------------------------------------------------- > This is an automatically generated e-mail. To reply, visit: > https://reviews.apache.org/r/69586/ > ----------------------------------------------------------- > > (Updated Dec. 20, 2018, 3:45 p.m.) > > > Review request for sentry, Arjun Mishra, kalyan kumar kalvagadda, and Na Li. > > > Bugs: sentry-2481 > https://issues.apache.org/jira/browse/sentry-2481 > > > Repository: sentry > > > Description > ------- > > Re-use the SentryMetaStoreFilterHook to support HMS server-side object > filtering. The SentryMetaStoreFilterHook class was deprecated and not used in > the HMS client anymore (replaced by the calls to DefaultSentryValidator). Due > to code duplication between SentryMetaStoreFilterHook and > DefaultSentryValidator, a new class MetaStoreAuthzObjectFilter is created > that accepts different types of objects to be filtered (unit tests are added > to verify the cases). > > > Diffs > ----- > > .gitignore 6ce3a6c11f6caf743fb00271af2cb4d33a18aa5d > pom.xml f28be5afb7c9673c0b111325d7728381f8c89d2f > > sentry-binding/sentry-binding-hive-common/src/main/java/org/apache/sentry/binding/hive/authz/HiveAuthzBinding.java > 520de52ac3a41d0b4c01b1bdf60944fd44add5e7 > > sentry-binding/sentry-binding-hive-common/src/main/java/org/apache/sentry/binding/hive/authz/HiveAuthzPrivileges.java > c37ce646da97afb2e5c033fb3acf43190a4fae80 > > sentry-binding/sentry-binding-hive-conf/src/main/java/org/apache/sentry/binding/hive/conf/HiveAuthzConf.java > cd4ae4a8c80b34769c65d4b8b86b2d6ecc78b075 > sentry-binding/sentry-binding-hive/pom.xml > b74516d70eaf873ef46914e2fbcfe08753bc1be4 > > sentry-binding/sentry-binding-hive/src/main/java/org/apache/sentry/binding/hive/authz/DefaultSentryValidator.java > 38ce2db374ee4f46190544479bc0713de2fce420 > > sentry-binding/sentry-binding-hive/src/main/java/org/apache/sentry/binding/hive/authz/MetastoreAuthzObjectFilter.java > PRE-CREATION > > sentry-binding/sentry-binding-hive/src/main/java/org/apache/sentry/binding/metastore/AuthorizingObjectStore.java > 92eb1366be44bd53f57e0900634b1cb4eae6470e > > sentry-binding/sentry-binding-hive/src/main/java/org/apache/sentry/binding/metastore/AuthorizingObjectStoreBase.java > d015085c71822c34a3315dc884596acc8ee2421a > > sentry-binding/sentry-binding-hive/src/main/java/org/apache/sentry/binding/metastore/HiveAuthzBindingFactory.java > PRE-CREATION > > sentry-binding/sentry-binding-hive/src/main/java/org/apache/sentry/binding/metastore/MetastoreAuthzBindingBase.java > 8ad9e50350a1a45ebdde9d8acb7f039b14a13f41 > > sentry-binding/sentry-binding-hive/src/main/java/org/apache/sentry/binding/metastore/SentryHiveMetaStoreClient.java > e30a86050a23a69cb9d613ec3500a1915974ed65 > > sentry-binding/sentry-binding-hive/src/main/java/org/apache/sentry/binding/metastore/SentryMetaStoreFilterHook.java > 5ecc87f9be36d6096e30de1f3c8697cd2d4da091 > > sentry-binding/sentry-binding-hive/src/test/java/org/apache/sentry/binding/hive/authz/TestMetastoreAuthzObjectFilter.java > PRE-CREATION > > sentry-binding/sentry-binding-hive/src/test/java/org/apache/sentry/binding/metastore/TestSentryMetaStoreFilterHook.java > PRE-CREATION > > sentry-core/sentry-core-common/src/main/java/org/apache/sentry/core/common/Subject.java > bcd1fa2351f7e7928f5499aa5f86906640f62504 > > > Diff: https://reviews.apache.org/r/69586/diff/3/ > > > Testing > ------- > > Added unit tests for the SentryMetaStoreFilterHook. > > > Thanks, > > Sergio Pena > >
