Uploaded image for project: 'Sentry (Retired)'
  1. Sentry (Retired)
  2. SENTRY-498

Sentry integration with Hive authorization framework V2

    XMLWordPrintableJSON

Details

    • New Feature
    • Status: Resolved
    • Major
    • Resolution: Fixed
    • hive_plugin_v2
    • hive_plugin_v2, 1.7.0
    • None

    Description

      Currently Sentry grant/revoke privileges via hook DDLTask, and do authorization via HiveSemanticAnalyzerHook. Now hive has a pluggable authorization framework via exposing some interfaces HiveAccessController and HiveAuthorizationValidator. HiveAccessController is used to grant/revoke roles and privileges. HiveAuthorizationValidator is used to do fine-grained authorization.

      Advantages to use this framework to grant/revoke privileges and do authorization:

      • This framework is very convenient to use by external authorization system.
      • Using this framework will be better accepted by community.
      • We don't need to take efforts to add so many hooks.
      • Some hooks has limitations. e.g. For column level security, we can't get accessed cloumns from query via HiveSemanticAnalyzerHook, so I extend the readEntity to put accessed columns into it(HIVE-7730). But if we use this framework, we don't need to extend the readEntity, we can just get accessed columns from ColumnAccessInfo directly.

      I will not remove the old sentry authorization framework, I will just add a new authorizationV2 via implement Hive authorization framework. If all the e2e tests passed, we can mark the old authorization deprecated.

      Attachments

        1. SENTRY-498.011.patch
          156 kB
          Dapeng Sun
        2. SENTRY-498.010-hive_plugin_v2.patch
          160 kB
          Dapeng Sun
        3. SENTRY-498.009-hive_plugin_v2.patch
          161 kB
          Dapeng Sun
        4. SENTRY-498.008-hive_plugin_v2.patch
          161 kB
          Dapeng Sun
        5. SENTRY-498.007-hive_plugin_v2.patch
          198 kB
          Dapeng Sun
        6. SENTRY-498.005-hive_plugin_v2.patch
          238 kB
          Dapeng Sun
        7. SENTRY-498.004-hive_plugin_v2.patch
          231 kB
          Dapeng Sun
        8. SENTRY-498.003.patch
          216 kB
          Xiaomeng Huang

        Issue Links

          There are no Sub-Tasks for this issue.

          Activity

            People

              dapengsun Dapeng Sun
              Huang Xiaomeng Xiaomeng Huang
              Votes:
              0 Vote for this issue
              Watchers:
              8 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: