----------------------------------------------------------- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/69620/#review211584 -----------------------------------------------------------
sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/hive/AbstractTestWithStaticConfiguration.java Lines 284 (patched) <https://reviews.apache.org/r/69620/#comment296942> I don't think we should use "org.apache.sentry.binding.metastore.AuthorizingObjectStore" in testing because in production, the property should be set to "org.apache.hadoop.hive.metastore.ObjectStore", which is implemented by HMS. SENTRY-355 "Support metadata read privilege enforcement for Metastore pluging" replaces the implementation of ObjectStore, but we are not going to use this approach. The approach we decide to take is for HMS server to call Preeventlisten for authorization and filter hook to remove items that user does not have access. In HMS server, Sentry implementation of the hook (refered as <Sentry_HookImpl>, and should be SentryMetaStoreFilterHook ) is configured in following way. MetastoreConf.setClass(conf, ConfVars.FILTER_HOOK, <Sentry_HookImpl>.class, MetaStoreFilterHook.class); Therefore, in e2e test, we should configure HMS server to use filter hook and keep the value of HiveConf.ConfVars.METASTORE_RAW_STORE_IMPL to be default, which is "org.apache.hadoop.hive.metastore.ObjectStore". In this way, we can test the real sentry-hive integration. On the other hand, you need fix of HIVE-20776 in order to make the test work. - Na Li On Dec. 21, 2018, 5:39 p.m., Sergio Pena wrote: > > ----------------------------------------------------------- > This is an automatically generated e-mail. To reply, visit: > https://reviews.apache.org/r/69620/ > ----------------------------------------------------------- > > (Updated Dec. 21, 2018, 5:39 p.m.) > > > Review request for sentry and Na Li. > > > Bugs: sentry-2483 > https://issues.apache.org/jira/browse/sentry-2483 > > > Repository: sentry > > > Description > ------- > > Add READ_DATABASE and READ_TABLE events support to provide read authorization > to HMS. > > > Diffs > ----- > > > sentry-binding/sentry-binding-hive/src/main/java/org/apache/sentry/binding/metastore/MetastoreAuthzBindingBase.java > 328d2b5c69451922e062cc3f04d37c5e7347d17f > sentry-tests/sentry-tests-hive/pom.xml > 74777bbff590ea63c18492c77ae86042734d8e70 > > sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/hive/AbstractTestWithStaticConfiguration.java > 8bf486e7d7d7a2e89278f1287115bf835513ef3f > > sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/hive/hiveserver/HiveServerFactory.java > 7d41348572f0c01001b6bfa03d5ffb780f5a5e75 > > sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/metastore/TestMetastoreEndToEnd.java > f8f304fbb9926d98939ee0aa8c74f0abc8789fa9 > > > Diff: https://reviews.apache.org/r/69620/diff/1/ > > > Testing > ------- > > > Thanks, > > Sergio Pena > >
