Re: [DISCUSS] Sentry roadmap after 2.0

2018-02-02 Thread Stephen Moist 
Sure here, you go 
https://issues.apache.org/jira/browse/SENTRY-2137 

https://issues.apache.org/jira/browse/SENTRY-2138 

https://issues.apache.org/jira/browse/SENTRY-2139 

https://issues.apache.org/jira/browse/SENTRY-2140 


I’ll leave the access control on database operations to someone else who knows 
more about that.


> On Jan 25, 2018, at 2:31 PM, Stephen Moist  wrote:
> 
> A few things come to mind.
> 
> Improving and expanding on the capabilities of the Sentry CLI.  It would be 
> good to see all the other services integrate with Sentry in a consistent way. 
>  Along with be able to administer grants/roles/etc through a common framework 
> rather than say beeline.
> 
> Improving documentation of Sentry’s integration, preferably with more 
> examples of how to configure services.
> 
> Adding access control on database operations such as drop table, insert, 
> delete from, update, etc.
> 
> I know for sure a feature we need is going to be tag based attribute control 
> for Hive.
> 
> These last two ideas would need some reworking to make Sentry more flexible 
> to support these, and I’m willing to lead up the latter for tags.
> 
>> On Jan 25, 2018, at 2:19 PM, Na Li  wrote:
>> 
>> https://issues.apache.org/jira/browse/SENTRY-2129 is create to track the
>> development activities for user-based privilege. I will add more sub-tasks
>> to it
>> 
>> On Thu, Jan 25, 2018 at 1:42 PM, Alexander Kolbasov 
>> wrote:
>> 
>>> Agreed, making 2.1 with just user-level privileges improvements (plus set
>>> of accumulated bug fixes) sounds reasonable.
>>> 
>>> On Thu, Jan 25, 2018 at 11:41 AM, Alexander Kolbasov 
>>> wrote:
>>> 
 Looks like we have a consensus of doing user-level privileges
>>> improvements
 for 2.1. Let's see whether anyone wants to add more content.
 
 On Thu, Jan 25, 2018 at 11:38 AM, Na Li  wrote:
 
> Sasha,
> 
> I have looked into how to complete the user-based privilege for a while,
> and can commit to implement it. I can work with Kalyan to create a
>>> design
> doc for user-based privilege.
> 
> Thanks,
> 
> Lina
> 
> On Thu, Jan 25, 2018 at 1:35 PM, Na Li  wrote:
> 
>> Sasha,
>> 
>> The current user-based privilege missed some items:
>> 
>> 
>>  - Sentry policy has two service API: SentryPolicyService and
> SentryGenericPolicyService.
>>  The current implementation does not support user-based privilege
>>> for
>>  SentryGenericPolicyService
>>  - SENTRY-2091: User-based Privilege is broken by SENTRY-769. The
> patch
>>  is available for review.
>>  - Name Node need change to generate ACL using user privilege.
>> - The full snapshot update only contains authorization to roles
>> mapping and role to group mapping. *Need to add role to user
>> mapping in* SentryStore.retrieveFullRoleImageCore
>> - The delta updates are taken from table SENTRY_PERM_CHANGE,
>>> which
>> does not distinguish group based permission or user based
> permission. No
>> change is needed
>> - The user changes to a role is not included when sending delta
>> update from Sentry to NN. *Need to add AddUsers and DropUsers
>> in TRoleChanges*.
>> - Sentry only create ACL for group with ACL type
>> as AclEntryType.GROUP. *Need to add code to create ACL with type
>> as *AclEntryType.USER
>> - SentryINodeAttributesProvider.checkPermission
>>-> FSPermissionChecker.checkPermission ->
>>SentryINodeAttributesProvider.getAclFeature
>>-> SentryAuthorizationInfo.getAclEntries ->
>>> SentryPermissions.
>>constructAclEntry
>> - SentryStore.grantOptionCheck() has to be changed to find user
>>  level privilege.
>> 
>> Thanks,
>> 
>> Lina
>> 
>> On Thu, Jan 25, 2018 at 1:13 PM, Sergio Pena <
>>> sergio.p...@cloudera.com>
>> wrote:
>> 
>>> There is a section on the Wiki about roadmap ideas and JIRAs already
>>> created:
>>> https://cwiki.apache.org/confluence/display/SENTRY/Sentry+
>>> Roadmap+and+ideas
>>> 
>>> I'm interested in having user-level privileges and special user
> privileges
>>> for objects owners.
>>> 
>>> I got this from the linked above:
>>> SENTRY-1073 User who creates a table should be granted all
> privileges on
>>> it by default
>>> SENTRY-1068 Allow user who created a table to have "with grant"
>>> over
>>> that
>>> table by default
>>> Creator of a table should have ownership of it (all privileges)
>>> Allow

Review Request 65487: Bump com.codahale.metrics package to io.dropwizard.metrics version 3.2.2

2018-02-02 Thread Liam Sargent via Review Board 

---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/65487/
---

Review request for sentry, Alexander Kolbasov, Arjun Mishra, Na Li, Steve 
Moist, and Sergio Pena.


Bugs: SENTRY-2136
https://issues.apache.org/jira/browse/SENTRY-2136


Repository: sentry


Description
---

Bump com.codahale.metrics package to io.dropwizard.metrics version 3.2.2


Diffs
-

  pom.xml 6f9856e45b72ef9e0c43a222eddc8452b64f1a71 
  sentry-provider/sentry-provider-db/pom.xml 
5733445af481fd83bb71189178647af234fe77a1 
  sentry-tests/sentry-tests-solr/pom.xml 
5ef7a2b1de67a2f35510ad41c0150ad1bc957118 


Diff: https://reviews.apache.org/r/65487/diff/1/


Testing
---

mvn test - ALL PASS


Thanks,

Liam Sargent