Re: Review Request 39928: SENTRY-944: Setting HDFS rules on Sentry managed hdfs paths should not affect original hdfs rules.

Thu, 05 Nov 2015 16:00:13 -0800 


> On Nov. 5, 2015, 11:45 p.m., Sravya Tirukkovalur wrote:
> >
> 
> Hao Hao wrote:
>     In getUser / getGroup and some otehr APIs we are doing the same checking, 
> if the condition is not good, then we should change all of them at the same 
> time to be consistent?

There is a difference between the two

if (!authzInfo.isManaged(pathElements)
            || !authzInfo.doesBelongToAuthzObject(pathElements)) //Either not 
in prefix or not a hive object


if (!authzInfo.isManaged(pathElements)) { //If not in prefix
      group = getDefaultProviderGroup(node, snapshotId);
    } else if (!authzInfo.doesBelongToAuthzObject(pathElements)) { //If in 
prefix and not a hive object
      group = getDefaultProviderGroup(node, snapshotId);
    }


- Sravya


-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/39928/#review105329
-----------------------------------------------------------


On Nov. 5, 2015, 5:38 a.m., Hao Hao wrote:
> 
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/39928/
> -----------------------------------------------------------
> 
> (Updated Nov. 5, 2015, 5:38 a.m.)
> 
> 
> Review request for sentry, Anne Yu, Lenni Kuff, and Sravya Tirukkovalur.
> 
> 
> Repository: sentry
> 
> 
> Description
> -------
> 
> Paths that are sentry managed should not succesfully chmod/chown/removeACL.
> We should update setGroup/setUser/setPermission and removeAclFeature.
> 
> Old behavior:
> chmod/chown
>     if not under prefix + unmanaged: writes to hdfs.
>     if managed: writes to hdfs.
> Removing acls:
>     if not under prefix + unmanag: removes from hdfs.
>     if managed: removes from hdfs.
> 
> New behavior:
> If not under prefix: writes to/removes from hdfs.
> If else: no op.
> 
> 
> Diffs
> -----
> 
>   
> sentry-hdfs/sentry-hdfs-namenode-plugin/src/main/java/org/apache/sentry/hdfs/SentryAuthorizationProvider.java
>  419ab68e0d03f995c55d229b762453468de47571 
>   
> sentry-hdfs/sentry-hdfs-namenode-plugin/src/test/java/org/apache/sentry/hdfs/TestSentryAuthorizationProvider.java
>  fd5146f079d93687738a522f42beaa59031a4f82 
> 
> Diff: https://reviews.apache.org/r/39928/diff/
> 
> 
> Testing
> -------
> 
> Added several new unit tests for setPermission/setUser/setGroup/removeAcl 
> cases validation.
> 
> 
> Thanks,
> 
> Hao Hao
> 
>

Reply via email to