Austin Nobis has posted comments on this change. ( http://gerrit.cloudera.org:8080/13309 )
Change subject: IMPALA-8400: Implement Ranger audit event handler ...................................................................... Patch Set 4: (1 comment) http://gerrit.cloudera.org:8080/#/c/13309/4/fe/src/main/java/org/apache/impala/analysis/AnalysisContext.java File fe/src/main/java/org/apache/impala/analysis/AnalysisContext.java: http://gerrit.cloudera.org:8080/#/c/13309/4/fe/src/main/java/org/apache/impala/analysis/AnalysisContext.java@435 PS4, Line 435: try { : authzCtx = authzChecker.preAuthorize(analysisResult_, catalog_); : authzChecker.authorize(authzCtx, analysisResult_, catalog_); : } catch (AuthorizationException e) { : authException = e; : } finally { : if (authzCtx != null) { : authzChecker.postAuthorize(authzCtx, analysisResult_, catalog_); : } : } Had a discussion with Fredy because I didn't understand the purpose of having `preAuthorize`, `authorize`, and then `postAuthorize` called sequentially. The `BaseAuthorizationChecker` class has 2 `authorize` methods with different signatures. The `abstract` one is the one that is being `override`'d. This is why these 3 methods can't be merged into a single `authorize`. Fredy and I came to an agreement that we should rename the `abstract authorize` method to `authorizeResource` as it is an authorization that occurs per resources, whereas the `authorize` being called here is the authorization for the entire SQL statement. The logic flow is as follows: RangerAuthorizationChecker#preAuthorize BaseAuthorizationChecker#authorize foreach resource: RangerAuthorizationChecker#authorize (authorizeResource) RangerAuthorizationChecker#postAuthorize I still think the `preAuthorize`, `authorize`, `postAuthorize` sequence is a little strange as the methods execute sequentially. -- To view, visit http://gerrit.cloudera.org:8080/13309 To unsubscribe, visit http://gerrit.cloudera.org:8080/settings Gerrit-Project: Impala-ASF Gerrit-Branch: master Gerrit-MessageType: comment Gerrit-Change-Id: Ife93c3e708875ef5fc0117153ad8ee225a88518b Gerrit-Change-Number: 13309 Gerrit-PatchSet: 4 Gerrit-Owner: Fredy Wijaya <fwij...@cloudera.com> Gerrit-Reviewer: Austin Nobis <ano...@cloudera.com> Gerrit-Reviewer: Fredy Wijaya <fwij...@cloudera.com> Gerrit-Reviewer: Impala Public Jenkins <impala-public-jenk...@cloudera.com> Gerrit-Reviewer: Todd Lipcon <t...@apache.org> Gerrit-Comment-Date: Tue, 14 May 2019 22:44:14 +0000 Gerrit-HasComments: Yes