[SENTRY-2372] SentryStore should not implement grantOptionCheck - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Improvement
Status: Resolved
Priority: Major
Resolution: Fixed
Affects Version/s: 2.1.0
Fix Version/s: 2.2.0
Component/s: Sentry, sentrystore
Labels:
None

Description

During functional testing it was found that SentryStore implementation contains logic that enforces sentry rights and depends on cluster-specific context. Specifically grantOptionCheck needs to be able to resolve hadoop user's groups and sentry admin groups configured on the cluster.

There are two problems with this:

Some backends use SentryStore in a multi-tenant way and does have the context that SentryStore expects when it is used in cluster.
Security enforcement logic shouldn't be in SentryStore if it is to be trusted. Since the backends Sentry API may be stateless the caller has to pass request context to such implementation backend together with the explicit SentryStore arguments. If the context (e.g. groups) is passed with the request the checks become unenforceable since caller controls variables on both sides of the comparison.

The recommendation is to remove grantOptionCheck and SentryStore and to implement equivalent logic in SentryPolicyStoreProcessor.

Attachments

- Sort By Name
- Sort By Date
- Ascending
- Descending

SENTRY-2372.7.patch
26/Oct/18 19:13
149 kB
Sergio Peña
SENTRY-2372.6.patch
22/Oct/18 19:16
143 kB
Sergio Peña
SENTRY-2372.5.patch
20/Oct/18 19:06
47 kB
Sergio Peña
SENTRY-2372.4.patch
20/Oct/18 01:57
51 kB
Sergio Peña
SENTRY-2372.3.patch
05/Oct/18 14:22
157 kB
Sergio Peña
SENTRY-2372.2.patch
05/Oct/18 14:16
159 kB
Sergio Peña
SENTRY-2372.1.patch
04/Oct/18 20:20
121 kB
Sergio Peña

Issue Links

links to

Review Board

Activity

People

Assignee:: Sergio Peña

Reporter:: Sergio Peña

Votes:: 0 Vote for this issue

Watchers:: 1 Start watching this issue

Dates

Created:: 29/Aug/18 16:26

Updated:: 27/Oct/18 15:01

Resolved:: 27/Oct/18 15:01