[jira] [Commented] (SENTRY-2372) SentryStore should not implement grantOptionCheck

Mon, 22 Oct 2018 17:30:39 -0700 


    [ 
https://issues.apache.org/jira/browse/SENTRY-2372?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16659877#comment-16659877
 ] 

Hadoop QA commented on SENTRY-2372:
-----------------------------------

Here are the results of testing the latest attachment
https://issues.apache.org/jira/secure/attachment/12945092/SENTRY-2372.6.patch 
against master.

{color:green}Overall:{color} +1 all checks pass

{color:green}SUCCESS:{color} all tests passed

Console output: 
https://builds.apache.org/job/PreCommit-SENTRY-Build/4193/console

This message is automatically generated.

> SentryStore should not implement grantOptionCheck
> -------------------------------------------------
>
>                 Key: SENTRY-2372
>                 URL: https://issues.apache.org/jira/browse/SENTRY-2372
>             Project: Sentry
>          Issue Type: Improvement
>          Components: Sentry, sentrystore
>    Affects Versions: 2.1.0
>            Reporter: Sergio Peña
>            Assignee: Sergio Peña
>            Priority: Major
>         Attachments: SENTRY-2372.1.patch, SENTRY-2372.2.patch, 
> SENTRY-2372.3.patch, SENTRY-2372.4.patch, SENTRY-2372.5.patch, 
> SENTRY-2372.6.patch
>
>
> During functional testing it was found that SentryStore implementation 
> contains logic that enforces sentry rights and depends on cluster-specific 
> context. Specifically grantOptionCheck needs to be able to resolve hadoop 
> user's groups and sentry admin groups configured on the cluster. 
> There are two problems with this:
>  # Some backends use SentryStore in a multi-tenant way and does have the 
> context that SentryStore expects when it is used in cluster.
>  # Security enforcement logic shouldn't be in SentryStore if it is to be 
> trusted. Since the backends Sentry API may be stateless the caller has to 
> pass request context to such implementation backend together with the 
> explicit SentryStore arguments. If the context (e.g. groups) is passed with 
> the request the checks become unenforceable since caller controls variables 
> on both sides of the comparison.
> The recommendation is to remove {{grantOptionCheck}} and {{SentryStore}} and 
> to implement equivalent logic in {{SentryPolicyStoreProcessor}}.



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

Reply via email to