Uploaded image for project: 'Sentry'
  1. Sentry
  2. SENTRY-9 Refactoring to support search
  3. SENTRY-27

Refactor to be able to support different provider backends (e.g. db vs file)

    XMLWordPrintableJSON

    Details

    • Type: Sub-task
    • Status: Resolved
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: 1.2.0
    • Fix Version/s: 1.3.0
    • Component/s: None
    • Labels:
      None

      Description

      see this review request: https://reviews.apache.org/r/14344/

      Here's the part that is relevant to this JIRA (note: this is just refactoring to be able to support other backends, this is not support for other backends).

      The issue right now is the sentry-provider-file and sentry-provider-hive have things that are both backend-specific (e.g. PolicyFileConstants) and backend-agnostic (e.g. HadoopMappingService). Let's take an specific use case: we want to use the HadoopGroupResourceAuthorizationProvider via a database-backend. If today I specify the AuthorizationProvider to be say "org.apache.sentry.provider.hive.HadoopGroupResourceAuthorizationProvider" it will automatically be file-backed because it automatically instantiates a SimpleHivePolicyEngine which in turn uses the file.SimplePolicyParser. So, we should separate out the specification of the AuthorizationProvider and the PolicyEngine. So I would specify the AuthorizationProvider to be "org.apache.sentry.provider.hive.HadoopGroupResourceAuthorizationProvider" and the PolicyEngine to be "org.apache.sentry.policyengine.db.DBPolicyEngine" (that example sort of sucks because it has db twice – maybe dbbackend.DBPolicyEngine). I think that is pretty similar to what you are saying – just using "PolicyEngine" or "Policy" instead of "Permission Implementation".

      In my mind, there are 6 different files-types here, if we assume support for file/db backends and db/solr services:
      Policy-Engine Specific

      {common, db, solr}

      Non-Policy-Engine Specific

      {common, file, db}

      Now I don't have a huge preference for where this should all go, except that the policy-engine specific stuff for db and solr should be in their own package, to avoid pulling in a bunch of dependencies if they aren't needed. So this could be something like:
      sentry-policy/sentry-policy-db
      sentry-policy/sentry-policy-solr
      sentry-policy/sentry-policy-common
      sentry-provider/sentry-provider-backend-file
      sentry-provider/sentry-provider-backend-db
      sentry-provider/sentry-provider-common

      Or we could just throw all the "common" stuff into core.

        Attachments

        1. SENTRY-27v2.patch
          106 kB
          Gregory Chanan
        2. SENTRY-27v3.patch
          106 kB
          Gregory Chanan

          Activity

            People

            • Assignee:
              gchanan Gregory Chanan
              Reporter:
              gchanan Gregory Chanan
            • Votes:
              0 Vote for this issue
              Watchers:
              4 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: