From commits-return-9649-apmail-sentry-commits-archive=sentry.apache.org@sentry.incubator.apache.org Mon Feb 1 02:19:42 2016 Return-Path: X-Original-To: apmail-sentry-commits-archive@minotaur.apache.org Delivered-To: apmail-sentry-commits-archive@minotaur.apache.org Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by minotaur.apache.org (Postfix) with SMTP id 1577C18B34 for ; Mon, 1 Feb 2016 02:19:42 +0000 (UTC) Received: (qmail 49518 invoked by uid 500); 1 Feb 2016 02:19:42 -0000 Delivered-To: apmail-sentry-commits-archive@sentry.apache.org Received: (qmail 49461 invoked by uid 500); 1 Feb 2016 02:19:42 -0000 Mailing-List: contact commits-help@sentry.incubator.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: dev@sentry.incubator.apache.org Delivered-To: mailing list commits@sentry.incubator.apache.org Received: (qmail 49452 invoked by uid 99); 1 Feb 2016 02:19:41 -0000 Received: from Unknown (HELO spamd1-us-west.apache.org) (209.188.14.142) by apache.org (qpsmtpd/0.29) with ESMTP; Mon, 01 Feb 2016 02:19:41 +0000 Received: from localhost (localhost [127.0.0.1]) by spamd1-us-west.apache.org (ASF Mail Server at spamd1-us-west.apache.org) with ESMTP id 73E9AC061F for ; Mon, 1 Feb 2016 02:19:41 +0000 (UTC) X-Virus-Scanned: Debian amavisd-new at spamd1-us-west.apache.org X-Spam-Flag: NO X-Spam-Score: 0.427 X-Spam-Level: X-Spam-Status: No, score=0.427 tagged_above=-999 required=6.31 tests=[KAM_LAZY_DOMAIN_SECURITY=1, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, RP_MATCHES_RCVD=-0.553] autolearn=disabled Received: from mx1-us-east.apache.org ([10.40.0.8]) by localhost (spamd1-us-west.apache.org [10.40.0.7]) (amavisd-new, port 10024) with ESMTP id 7h_agFVvsv1a for ; Mon, 1 Feb 2016 02:19:41 +0000 (UTC) Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by mx1-us-east.apache.org (ASF Mail Server at mx1-us-east.apache.org) with SMTP id 8ED6143B35 for ; Mon, 1 Feb 2016 02:19:40 +0000 (UTC) Received: (qmail 49232 invoked by uid 99); 1 Feb 2016 02:19:40 -0000 Received: from arcas.apache.org (HELO arcas) (140.211.11.28) by apache.org (qpsmtpd/0.29) with ESMTP; Mon, 01 Feb 2016 02:19:40 +0000 Received: from arcas.apache.org (localhost [127.0.0.1]) by arcas (Postfix) with ESMTP id F34702C1F5D for ; Mon, 1 Feb 2016 02:19:39 +0000 (UTC) Date: Mon, 1 Feb 2016 02:19:39 +0000 (UTC) From: "Colin Ma (JIRA)" To: commits@sentry.incubator.apache.org Message-ID: In-Reply-To: References: Subject: [jira] [Commented] (SENTRY-1004) Create CommonPrivilege for external component MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 7bit X-JIRA-FingerPrint: 30527f35849b9dde25b450d4833f0394 [ https://issues.apache.org/jira/browse/SENTRY-1004?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15125639#comment-15125639 ] Colin Ma commented on SENTRY-1004: ---------------------------------- [~anneyu], thanks for the review. To make integration with Sentry easily, this is one of patch for the common model and common privilege. The other part should be the common policy. Like the test case in this patch, the external component only need to implement the Model, Resource and binding. Another improvement is the action compare is more flexibility. Look into SENTRY-912 about Kafka integration, the sub tasks SENTRY-1012 and SENTRY-1013 have a lot of changes. The refactor will remove these unnecessary implementation and make the integration easily. > Create CommonPrivilege for external component > --------------------------------------------- > > Key: SENTRY-1004 > URL: https://issues.apache.org/jira/browse/SENTRY-1004 > Project: Sentry > Issue Type: Sub-task > Reporter: Colin Ma > Assignee: Colin Ma > Fix For: 1.7.0 > > Attachments: SENTRY-1004.001.patch, SENTRY-1004.002.patch, SENTRY-1004.003.patch > > > Create CommonPrivilege for every component. > The main change is for the interface Privilege, implies(Privilege p) ---> implies(Privilege privilege, Map implyMethodMap, Map actionMap) > The actionMap is stored the mapping between action name and action value, eg: > for Hive: select ---> 1 (binary: 0000001) > insert ---> 3 (binary: 0000011) > create ---> 4 (binary: 0000100) > all ---> 7 (binary: 0000111) > when compare the action, use the action value with the & operator > The implyMethodMap is stored the mapping between resource type and imply method, eg: > for Hive: db ---> string (imply as string value) > url ---> url (imply as url value) -- This message was sent by Atlassian JIRA (v6.3.4#6332)