Uploaded image for project: 'Sentry'
  1. Sentry
  2. SENTRY-498

Sentry integration with Hive authorization framework V2

    XMLWordPrintableJSON

    Details

    • Type: New Feature
    • Status: Resolved
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: hive_plugin_v2
    • Fix Version/s: hive_plugin_v2, 1.7.0
    • Component/s: None
    • Labels:

      Description

      Currently Sentry grant/revoke privileges via hook DDLTask, and do authorization via HiveSemanticAnalyzerHook. Now hive has a pluggable authorization framework via exposing some interfaces HiveAccessController and HiveAuthorizationValidator. HiveAccessController is used to grant/revoke roles and privileges. HiveAuthorizationValidator is used to do fine-grained authorization.

      Advantages to use this framework to grant/revoke privileges and do authorization:

      • This framework is very convenient to use by external authorization system.
      • Using this framework will be better accepted by community.
      • We don't need to take efforts to add so many hooks.
      • Some hooks has limitations. e.g. For column level security, we can't get accessed cloumns from query via HiveSemanticAnalyzerHook, so I extend the readEntity to put accessed columns into it(HIVE-7730). But if we use this framework, we don't need to extend the readEntity, we can just get accessed columns from ColumnAccessInfo directly.

      I will not remove the old sentry authorization framework, I will just add a new authorizationV2 via implement Hive authorization framework. If all the e2e tests passed, we can mark the old authorization deprecated.

        Attachments

        1. SENTRY-498.011.patch
          156 kB
          Dapeng Sun
        2. SENTRY-498.010-hive_plugin_v2.patch
          160 kB
          Dapeng Sun
        3. SENTRY-498.009-hive_plugin_v2.patch
          161 kB
          Dapeng Sun
        4. SENTRY-498.008-hive_plugin_v2.patch
          161 kB
          Dapeng Sun
        5. SENTRY-498.007-hive_plugin_v2.patch
          198 kB
          Dapeng Sun
        6. SENTRY-498.005-hive_plugin_v2.patch
          238 kB
          Dapeng Sun
        7. SENTRY-498.004-hive_plugin_v2.patch
          231 kB
          Dapeng Sun
        8. SENTRY-498.003.patch
          216 kB
          Xiaomeng Huang

          Issue Links

            Activity

              People

              • Assignee:
                dapengsun Dapeng Sun
                Reporter:
                Huang Xiaomeng Xiaomeng Huang
              • Votes:
                0 Vote for this issue
                Watchers:
                8 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: