Details
-
Sub-task
-
Status: Resolved
-
Major
-
Resolution: Fixed
-
1.2.0
-
None
-
None
Description
see this review request: https://reviews.apache.org/r/14344/
Here's the part that is relevant to this JIRA (note: this is just refactoring to be able to support other backends, this is not support for other backends).
The issue right now is the sentry-provider-file and sentry-provider-hive have things that are both backend-specific (e.g. PolicyFileConstants) and backend-agnostic (e.g. HadoopMappingService). Let's take an specific use case: we want to use the HadoopGroupResourceAuthorizationProvider via a database-backend. If today I specify the AuthorizationProvider to be say "org.apache.sentry.provider.hive.HadoopGroupResourceAuthorizationProvider" it will automatically be file-backed because it automatically instantiates a SimpleHivePolicyEngine which in turn uses the file.SimplePolicyParser. So, we should separate out the specification of the AuthorizationProvider and the PolicyEngine. So I would specify the AuthorizationProvider to be "org.apache.sentry.provider.hive.HadoopGroupResourceAuthorizationProvider" and the PolicyEngine to be "org.apache.sentry.policyengine.db.DBPolicyEngine" (that example sort of sucks because it has db twice – maybe dbbackend.DBPolicyEngine). I think that is pretty similar to what you are saying – just using "PolicyEngine" or "Policy" instead of "Permission Implementation".
In my mind, there are 6 different files-types here, if we assume support for file/db backends and db/solr services:
Policy-Engine Specific
Non-Policy-Engine Specific
{common, file, db}Now I don't have a huge preference for where this should all go, except that the policy-engine specific stuff for db and solr should be in their own package, to avoid pulling in a bunch of dependencies if they aren't needed. So this could be something like:
sentry-policy/sentry-policy-db
sentry-policy/sentry-policy-solr
sentry-policy/sentry-policy-common
sentry-provider/sentry-provider-backend-file
sentry-provider/sentry-provider-backend-db
sentry-provider/sentry-provider-common
Or we could just throw all the "common" stuff into core.