THIS IS A TEST INSTANCE. ALL YOUR CHANGES WILL BE LOST!!!!
Sentry currently integrates with Apache Hive, Apache Sqoop, Apache Solr, HDFS and Cloudera Impala. Sentry is pluggable and it is fairly simple to delegate Sentry to your authorization and policy management needs. In this document we talk about the main steps required for integration, code organization and examples to get you started.
Integration step by step:
Apache Solr will be the example for the following guide.
- Define authorization model (reference code: https://github.com/apache/sentry/tree/master/sentry-core/sentry-core-model-search)
- Create the sentry-core-model-search for Solr
- Create SearchModelAuthorizable which should extend the interface Authorizable
- Create all authorization types with enum AuthorizableType, eg, Collection, Field
- Create sub class of SearchModelAuthorizable for every authorization type, eg, Collection, Field
- Define action factory (reference code: https://github.com/apache/sentry/blob/master/sentry-core/sentry-core-model-search/src/main/java/org/apache/sentry/core/model/search/SearchActionFactory.java)
- SearchAction defines all actions for Solr with name and code, eg, UPDATE(0x0001), QUERY(0x0002), ALL(0x0001|0x0002).
- The action code will be used for action imply with operation &. The imply rule is defined in org.apache.sentry.core.common.BitFieldAction. According to the rule, UPDATE imply QUERY = FALSE, ALL imply UPDATE = TRUE
- Define privilegeModel with authorization model and action factory (reference code: https://github.com/apache/sentry/blob/master/sentry-core/sentry-core-model-search/src/main/java/org/apache/sentry/core/model/search/SearchPrivilegeModel.java)
- Create implyMethodMap which is responsible for imply the authorization type, the following imply methods are supported:
STRING : compare the authorization type as string and case insensitive
STRING_CASE_SENSITIVE : compare the authorization type as string and case sensitive
URL : compare the authorization type as url according to org.apache.sentry.core.common.utils.PathUtils
- Implement the getImplyMethodMap() with the created implyMethodMap.
- Implement the getBitFieldActionFactory with SearchActionFactory
- Create implyMethodMap which is responsible for imply the authorization type, the following imply methods are supported:
- Define binding for the component (reference code: https://github.com/apache/sentry/blob/master/sentry-binding/sentry-binding-solr/src/main/java/org/apache/sentry/binding/solr/authz/SolrAuthzBinding.java)
- Initialize the AuthorizationProvider for authorization
Main modules:
Binding: Authorization checks happen here
Model: Define what are the objects in your system that you want to control access and define the granularity
Policy engine: Define how you want to evaluate policies. For example: Wildcards?
E2E tests
Example:
Sqoop integration: https://issues.apache.org/jira/browse/SENTRY-612
Code organization:
Repo: https://github.com/apache/sentry
Binding code: https://github.com/apache/sentry/tree/master/sentry-binding
Model: https://github.com/apache/sentry/tree/master/sentry-core
Policy engine: https://github.com/apache/sentry/tree/master/sentry-policy
E2E tests: https://github.com/apache/sentry/tree/master/sentry-tests