Sentry currently integrates with Apache Hive, Apache Sqoop, Apache Solr, HDFS and Cloudera Impala. Sentry is pluggable and it is fairly simple to delegate Sentry to your authorization and policy management needs. In this document we talk about the main steps required for integration, code organization and examples to get you started.
Integration step by step:
Apache Solr will be the example for the following guide.
- Define authorization model (related code: https://github.com/apache/sentry/tree/master/sentry-core/sentry-core-model-search)
- Create the sentry-core-model-search for Solr
- Create SearchModelAuthorizable which should extend the interface Authorizable
- Create all authorization types with enum AuthorizableType, eg, Collection, Field
- Create sub class of SearchModelAuthorizable for every authorization type, eg, Collection, Field
- Define action factory (related code: https://github.com/apache/sentry/tree/master/sentry-core/sentry-core-model-search)
- SearchAction defines all actions for Solr with name and code, eg, UPDATE(0x0001), QUERY(0x0002), ALL(0x0001|0x0002).
- The action code will be used for action imply with operation &. The imply rule is defined in org.apache.sentry.core.common.BitFieldAction. According to the rule, UPDATE imply QUERY = FALSE, ALL imply UPDATE = TRUE
- Define privilegeModel with authorization model and action factory
Main modules:
Binding: Authorization checks happen here
Model: Define what are the objects in your system that you want to control access and define the granularity
Policy engine: Define how you want to evaluate policies. For example: Wildcards?
E2E tests
Example:
Sqoop integration: https://issues.apache.org/jira/browse/SENTRY-612
Code organization:
Repo: https://github.com/apache/sentry
Binding code: https://github.com/apache/sentry/tree/master/sentry-binding
Model: https://github.com/apache/sentry/tree/master/sentry-core
Policy engine: https://github.com/apache/sentry/tree/master/sentry-policy
E2E tests: https://github.com/apache/sentry/tree/master/sentry-tests