Versions Compared

Old Version 2

changes.mady.by.user Colin Ma

Saved on

compared with

New Version 3

changes.mady.by.user Colin Ma

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

       Apache Solr will be the example for the following guide.

  1. Define authorization model (related reference code: https://github.com/apache/sentry/tree/master/sentry-core/sentry-core-model-search)
    1. Create the sentry-core-model-search for Solr
    2. Create SearchModelAuthorizable which should extend the interface Authorizable
    3. Create all authorization types with enum AuthorizableType, eg, Collection, Field
    4. Create sub class of SearchModelAuthorizable for every authorization type, eg, Collection, Field
  2. Define action factory  factory  (related reference code: https://github.com/apache/sentry/treeblob/master/sentry-core/sentry-core-model-search/src/main/java/org/apache/sentry/core/model/search/SearchActionFactory.java)
    1. SearchAction defines all actions for Solr with name and code, eg, UPDATE(0x0001), QUERY(0x0002), ALL(0x0001|0x0002). 
    2. The action code will be used for action imply with operation &. The imply rule is defined in org.apache.sentry.core.common.BitFieldAction. According to the rule, UPDATE imply QUERY = FALSE, ALL imply UPDATE = TRUE
  3. Define privilegeModel with authorization model and action factoryfactory (reference code: https://github.com/apache/sentry/blob/master/sentry-core/sentry-core-model-search/src/main/java/org/apache/sentry/core/model/search/SearchPrivilegeModel.java)
    1. Create implyMethodMap which is responsible for imply the authorization type, the following imply methods are supported:

      1. STRING : compare the authorization type as string and case insensitive

      2. STRING_CASE_SENSITIVE : compare the authorization type as string and case sensitive

      3. URL : compare the authorization type as url according to org.apache.sentry.core.common.utils.PathUtils

    2. Implement the getImplyMethodMap() with the created implyMethodMap.
    3. Implement the getBitFieldActionFactory with SearchActionFactory
  4. Define binding for the component (reference code: https://github.com/apache/sentry/blob/master/sentry-binding/sentry-binding-solr/src/main/java/org/apache/sentry/binding/solr/authz/SolrAuthzBinding.java)
    1. Initialize the AuthorizationProvider for authorization

 


Main modules:

  • Binding: Authorization checks happen here

  • Model: Define what are the objects in your system that you want to control access and define the granularity

  • Policy engine: Define how you want to evaluate policies. For example: Wildcards?

  • E2E tests

...