sentry-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Hadoop QA (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (SENTRY-2300) Move Permission Update due to DDL to HMS Post Event Listener
Date Mon, 01 Oct 2018 20:56:00 GMT

    [ https://issues.apache.org/jira/browse/SENTRY-2300?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16634627#comment-16634627
] 

Hadoop QA commented on SENTRY-2300:
-----------------------------------

Here are the results of testing the latest attachment
https://issues.apache.org/jira/secure/attachment/12942029/SENTRY-2300.001.patch against master.

{color:red}Overall:{color} -1 due to 11 errors

{color:red}ERROR:{color} mvn test exited 1
{color:red}ERROR:{color} Failed: org.apache.sentry.binding.metastore.TestSentrySyncHMSNotificationsPostEventListener
{color:red}ERROR:{color} Failed: org.apache.sentry.binding.metastore.TestSentrySyncHMSNotificationsPostEventListener
{color:red}ERROR:{color} Failed: org.apache.sentry.binding.metastore.TestSentrySyncHMSNotificationsPostEventListener
{color:red}ERROR:{color} Failed: org.apache.sentry.binding.metastore.TestSentrySyncHMSNotificationsPostEventListener
{color:red}ERROR:{color} Failed: org.apache.sentry.binding.metastore.TestSentrySyncHMSNotificationsPostEventListener
{color:red}ERROR:{color} Failed: org.apache.sentry.binding.metastore.TestSentrySyncHMSNotificationsPostEventListener
{color:red}ERROR:{color} Failed: org.apache.sentry.binding.metastore.TestSentrySyncHMSNotificationsPostEventListener
{color:red}ERROR:{color} Failed: org.apache.sentry.binding.metastore.TestSentrySyncHMSNotificationsPostEventListener
{color:red}ERROR:{color} Failed: org.apache.sentry.provider.db.service.persistent.TestHMSFollowerSentryStoreIntegration
{color:red}ERROR:{color} Failed: org.apache.sentry.provider.db.service.persistent.TestHMSFollowerSentryStoreIntegration

Console output: https://builds.apache.org/job/PreCommit-SENTRY-Build/4159/console

This message is automatically generated.

> Move Permission Update due to DDL to HMS Post Event Listener
> ------------------------------------------------------------
>
>                 Key: SENTRY-2300
>                 URL: https://issues.apache.org/jira/browse/SENTRY-2300
>             Project: Sentry
>          Issue Type: Bug
>          Components: Sentry
>    Affects Versions: 2.1.0, 2.2.0
>            Reporter: Na Li
>            Assignee: Na Li
>            Priority: Major
>         Attachments: SENTRY-2300.001.patch
>
>
> There was a code in MetastorePlugin that modified Sentry privileges on table Create/Drop
and database Create/Drop. As part of Sentry HA work we moved all this logic from Sentry plugin
to be driven by notifications which required the extra synchronization between HMS and Sentry.
> It should be possible to do permission changes in the post event listener itself to avoid
blocking for Sentry. This requires some experiments though because it may cause strange artifacts
since at the time these DDL operations are done Sentry may not be aware of the current state
- for example you may try to change permissions of a table that Sentry doesn’t know about,
which seems to be OK. 
> This update will have the following benefits:
> {code}
> * HMS waits on Sentry polling HMS update takes 0.5 to 1 second. This update will remove
this delay
> * Sentry knows every DDL update, and therefore can update permission correctly. In current
approach using notification processing, Sentry could miss updates if full snapshot is fetched
from HMS, and permission is not updated correctly. In the case of table rename, when mission
DDL update event because of full snapshot, sentry will not move the permissions associated
with old table to the new table. And the authorization on queries on the renamed table will
fail.
> {code}



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

Mime
View raw message