Uploaded image for project: 'Sentry'
  1. Sentry
  2. SENTRY-37

Implement a DB backed policy store

    XMLWordPrintableJSON

    Details

    • Type: New Feature
    • Status: Resolved
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: db_policy_store
    • Fix Version/s: 1.4.0
    • Component/s: None
    • Labels:
      None

      Description

      Today, Sentry stores policies that govern authorization in a policy file. While policy file allows for ease of deployment and flexibility, directly editing the policy file makes it hard to manage. This JIRA is an umbrella JIRA for the work needed to support policy store backed by a DB.

        Attachments

        1. SentryDBBackedStoreDesign.pdf
          265 kB
          Shreepadma Venugopalan

          Issue Links

          1.
          Create basic thrift infrastructure for policy service Sub-task Resolved Shreepadma Venugopalan
          2.
          Implement policy store API functionality Sub-task Resolved Unassigned
          3.
          Thrift API status should be an object with status code Sub-task Resolved Brock Noland
          4.
          Create Sentry Service and Sentry Service Client Sub-task Resolved Shreepadma Venugopalan
          5.
          Add Kerberos and SSL support to Sentry Service Sub-task Resolved Brock Noland
          6.
          Create a notification interface for Sentry Service Sub-task Resolved Unassigned
          7.
          Create service configuration properties Sub-task Resolved Shreepadma Venugopalan
          8.
          Add Sentry Service startup/shutdown scripts Sub-task Resolved Brock Noland
          9.
          Create infrastructure for notification Sub-task Resolved Brock Noland
          10.
          Sentry Service version should be an int instead of an enum Sub-task Resolved Brock Noland
          11.
          Implement Security on Sentry Service and Sentry Client Sub-task Resolved Brock Noland
          12.
          Restrict connect to Sentry Service Sub-task Resolved Shreepadma Venugopalan
          13.
          Remove db specific name from sentry service package Sub-task Resolved Brock Noland
          14.
          Create sentry store infrastructure Sub-task Resolved Shreepadma Venugopalan
          15.
          Create database schemas for mysql, postgres, and oracle Sub-task Resolved Brock Noland
          16.
          Refactor provider/policy API to allow for DB-policy provider Sub-task Resolved Brock Noland
          17.
          Implement alter role grant/revoke privilege in sentry service and sentry store Sub-task Resolved Shreepadma Venugopalan
          18.
          Expose datanucleus configs through server side configuration file Sub-task Resolved Unassigned
          19.
          Implement Hive Sentry Authz DDL Task Factory Sub-task Resolved Brock Noland
          20.
          Integrate sentry script Sub-task Resolved Brock Noland
          21.
          Implement APIs that grant/revoke roles to groups Sub-task Resolved Brock Noland
          22.
          Use BoneCP, add unique constraint to GROUP_NAME, and expose jdo/datanucleus properties Sub-task Resolved Brock Noland
          23.
          Restrict access to policy store apis based on user/group Sub-task Resolved Unassigned
          24.
          Thrift request structs should include the groupName in addition to the userName Sub-task Resolved Shreepadma Venugopalan
          25.
          Validate privilege scope in sentry service Sub-task Resolved Prasad Suresh Mujumdar
          26.
          Use server timestamp for createTime for role, privilege and group Sub-task Resolved Shreepadma Venugopalan
          27.
          Active roles need to be pushed done to provider Sub-task Resolved Brock Noland
          28.
          Create database backed ProviderBackend Sub-task Resolved Brock Noland
          29.
          Merge db_policy_store branch into master Sub-task Resolved Brock Noland
          30.
          Merge db_policy_store into master Sub-task Resolved Brock Noland
          31.
          Store needs to handle privilege normalization Sub-task Resolved Brock Noland
          32.
          Add UNIQUE constraint to group name Sub-task Resolved Unassigned
          33.
          Support SET ROLE Sub-task Resolved Brock Noland
          34.
          Support various SHOW commands Sub-task Resolved Sravya Tirukkovalur
          35.
          Add Hive e2e test with grant/revoke statements Sub-task Resolved Prasad Suresh Mujumdar
          36.
          Support local privilege validation APIs Sub-task Resolved Prasad Suresh Mujumdar
          37.
          Class to table mapping in package.jdo is incorrect Sub-task Resolved Shreepadma Venugopalan

            Activity

              People

              • Assignee:
                shreepadma Shreepadma Venugopalan
                Reporter:
                shreepadma Shreepadma Venugopalan
              • Votes:
                1 Vote for this issue
                Watchers:
                7 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: