You are viewing a plain text version of this content. The canonical link for it is here.
Posted to reviews@impala.apache.org by "Adam Holley (Code Review)" <ge...@cloudera.org> on 2018/09/24 21:47:46 UTC
[Impala-ASF-CR] IMPALA-7456: Deprecate file-based authorization
Adam Holley has uploaded this change for review. ( http://gerrit.cloudera.org:8080/11502
Change subject: IMPALA-7456: Deprecate file-based authorization
......................................................................
IMPALA-7456: Deprecate file-based authorization
This patch simply add a warning message to the log when the
authorization_policy_file run-time flag is used. Sentry has
depreated the use of policy files and they do not support
user level privileges which are required for object ownership.
Test:
- Added custom cluster test to validate logs
- Ran all custom cluster tests
Change-Id: Ibbb13f3ef1c3a00812c180ecef022ea638c2ebc7
---
M fe/src/main/java/org/apache/impala/service/BackendConfig.java
M fe/src/main/java/org/apache/impala/service/JniFrontend.java
M tests/authorization/test_authorization.py
M tests/common/custom_cluster_test_suite.py
M tests/common/file_utils.py
M tests/custom_cluster/test_redaction.py
6 files changed, 101 insertions(+), 55 deletions(-)
git pull ssh://gerrit.cloudera.org:29418/Impala-ASF refs/changes/02/11502/1
--
To view, visit http://gerrit.cloudera.org:8080/11502
To unsubscribe, visit http://gerrit.cloudera.org:8080/settings
Gerrit-Project: Impala-ASF
Gerrit-Branch: master
Gerrit-MessageType: newchange
Gerrit-Change-Id: Ibbb13f3ef1c3a00812c180ecef022ea638c2ebc7
Gerrit-Change-Number: 11502
Gerrit-PatchSet: 1
Gerrit-Owner: Adam Holley <ah...@cloudera.com>
[Impala-ASF-CR] IMPALA-7456: Deprecate file-based authorization
Posted by "Impala Public Jenkins (Code Review)" <ge...@cloudera.org>.
Impala Public Jenkins has posted comments on this change. ( http://gerrit.cloudera.org:8080/11502 )
Change subject: IMPALA-7456: Deprecate file-based authorization
......................................................................
Patch Set 4: Verified+1
--
To view, visit http://gerrit.cloudera.org:8080/11502
To unsubscribe, visit http://gerrit.cloudera.org:8080/settings
Gerrit-Project: Impala-ASF
Gerrit-Branch: master
Gerrit-MessageType: comment
Gerrit-Change-Id: Ibbb13f3ef1c3a00812c180ecef022ea638c2ebc7
Gerrit-Change-Number: 11502
Gerrit-PatchSet: 4
Gerrit-Owner: Adam Holley <ah...@cloudera.com>
Gerrit-Reviewer: Adam Holley <ah...@cloudera.com>
Gerrit-Reviewer: Fredy Wijaya <fw...@cloudera.com>
Gerrit-Reviewer: Impala Public Jenkins <im...@cloudera.com>
Gerrit-Comment-Date: Tue, 25 Sep 2018 23:03:26 +0000
Gerrit-HasComments: No
[Impala-ASF-CR] IMPALA-7456: Deprecate file-based authorization
Posted by "Impala Public Jenkins (Code Review)" <ge...@cloudera.org>.
Impala Public Jenkins has posted comments on this change. ( http://gerrit.cloudera.org:8080/11502 )
Change subject: IMPALA-7456: Deprecate file-based authorization
......................................................................
Patch Set 1:
Build Successful
https://jenkins.impala.io/job/gerrit-code-review-checks/769/ : Initial code review checks passed. Use gerrit-verify-dryrun-external or gerrit-verify-dryrun to run full precommit tests.
--
To view, visit http://gerrit.cloudera.org:8080/11502
To unsubscribe, visit http://gerrit.cloudera.org:8080/settings
Gerrit-Project: Impala-ASF
Gerrit-Branch: master
Gerrit-MessageType: comment
Gerrit-Change-Id: Ibbb13f3ef1c3a00812c180ecef022ea638c2ebc7
Gerrit-Change-Number: 11502
Gerrit-PatchSet: 1
Gerrit-Owner: Adam Holley <ah...@cloudera.com>
Gerrit-Reviewer: Fredy Wijaya <fw...@cloudera.com>
Gerrit-Reviewer: Impala Public Jenkins <im...@cloudera.com>
Gerrit-Comment-Date: Mon, 24 Sep 2018 22:18:09 +0000
Gerrit-HasComments: No
[Impala-ASF-CR] IMPALA-7456: Deprecate file-based authorization
Posted by "Adam Holley (Code Review)" <ge...@cloudera.org>.
Adam Holley has uploaded a new patch set (#2). ( http://gerrit.cloudera.org:8080/11502 )
Change subject: IMPALA-7456: Deprecate file-based authorization
......................................................................
IMPALA-7456: Deprecate file-based authorization
This patch simply adds a warning message to the log when the
authorization_policy_file run-time flag is used. Sentry has
depreated the use of policy files and they do not support
user level privileges which are required for object ownership.
Here is the Jira where it will be removed.
https://issues.apache.org/jira/browse/SENTRY-1922
Test:
- Added custom cluster test to validate logs
- Ran all custom cluster tests
Change-Id: Ibbb13f3ef1c3a00812c180ecef022ea638c2ebc7
---
M fe/src/main/java/org/apache/impala/service/BackendConfig.java
M fe/src/main/java/org/apache/impala/service/JniFrontend.java
M tests/authorization/test_authorization.py
M tests/common/custom_cluster_test_suite.py
M tests/common/file_utils.py
M tests/custom_cluster/test_redaction.py
6 files changed, 103 insertions(+), 55 deletions(-)
git pull ssh://gerrit.cloudera.org:29418/Impala-ASF refs/changes/02/11502/2
--
To view, visit http://gerrit.cloudera.org:8080/11502
To unsubscribe, visit http://gerrit.cloudera.org:8080/settings
Gerrit-Project: Impala-ASF
Gerrit-Branch: master
Gerrit-MessageType: newpatchset
Gerrit-Change-Id: Ibbb13f3ef1c3a00812c180ecef022ea638c2ebc7
Gerrit-Change-Number: 11502
Gerrit-PatchSet: 2
Gerrit-Owner: Adam Holley <ah...@cloudera.com>
Gerrit-Reviewer: Fredy Wijaya <fw...@cloudera.com>
Gerrit-Reviewer: Impala Public Jenkins <im...@cloudera.com>
[Impala-ASF-CR] IMPALA-7456: Deprecate file-based authorization
Posted by "Impala Public Jenkins (Code Review)" <ge...@cloudera.org>.
Impala Public Jenkins has posted comments on this change. ( http://gerrit.cloudera.org:8080/11502 )
Change subject: IMPALA-7456: Deprecate file-based authorization
......................................................................
Patch Set 2:
Build Successful
https://jenkins.impala.io/job/gerrit-code-review-checks/777/ : Initial code review checks passed. Use gerrit-verify-dryrun-external or gerrit-verify-dryrun to run full precommit tests.
--
To view, visit http://gerrit.cloudera.org:8080/11502
To unsubscribe, visit http://gerrit.cloudera.org:8080/settings
Gerrit-Project: Impala-ASF
Gerrit-Branch: master
Gerrit-MessageType: comment
Gerrit-Change-Id: Ibbb13f3ef1c3a00812c180ecef022ea638c2ebc7
Gerrit-Change-Number: 11502
Gerrit-PatchSet: 2
Gerrit-Owner: Adam Holley <ah...@cloudera.com>
Gerrit-Reviewer: Adam Holley <ah...@cloudera.com>
Gerrit-Reviewer: Fredy Wijaya <fw...@cloudera.com>
Gerrit-Reviewer: Impala Public Jenkins <im...@cloudera.com>
Gerrit-Comment-Date: Tue, 25 Sep 2018 15:28:04 +0000
Gerrit-HasComments: No
[Impala-ASF-CR] IMPALA-7456: Deprecate file-based authorization
Posted by "Impala Public Jenkins (Code Review)" <ge...@cloudera.org>.
Impala Public Jenkins has posted comments on this change. ( http://gerrit.cloudera.org:8080/11502 )
Change subject: IMPALA-7456: Deprecate file-based authorization
......................................................................
Patch Set 3:
Build Successful
https://jenkins.impala.io/job/gerrit-code-review-checks/790/ : Initial code review checks passed. Use gerrit-verify-dryrun-external or gerrit-verify-dryrun to run full precommit tests.
--
To view, visit http://gerrit.cloudera.org:8080/11502
To unsubscribe, visit http://gerrit.cloudera.org:8080/settings
Gerrit-Project: Impala-ASF
Gerrit-Branch: master
Gerrit-MessageType: comment
Gerrit-Change-Id: Ibbb13f3ef1c3a00812c180ecef022ea638c2ebc7
Gerrit-Change-Number: 11502
Gerrit-PatchSet: 3
Gerrit-Owner: Adam Holley <ah...@cloudera.com>
Gerrit-Reviewer: Adam Holley <ah...@cloudera.com>
Gerrit-Reviewer: Fredy Wijaya <fw...@cloudera.com>
Gerrit-Reviewer: Impala Public Jenkins <im...@cloudera.com>
Gerrit-Comment-Date: Tue, 25 Sep 2018 18:47:45 +0000
Gerrit-HasComments: No
[Impala-ASF-CR] IMPALA-7456: Deprecate file-based authorization
Posted by "Impala Public Jenkins (Code Review)" <ge...@cloudera.org>.
Impala Public Jenkins has posted comments on this change. ( http://gerrit.cloudera.org:8080/11502 )
Change subject: IMPALA-7456: Deprecate file-based authorization
......................................................................
Patch Set 1:
(9 comments)
http://gerrit.cloudera.org:8080/#/c/11502/1/tests/authorization/test_authorization.py
File tests/authorization/test_authorization.py:
http://gerrit.cloudera.org:8080/#/c/11502/1/tests/authorization/test_authorization.py@378
PS1, Line 378: \
flake8: E502 the backslash is redundant between brackets
http://gerrit.cloudera.org:8080/#/c/11502/1/tests/authorization/test_authorization.py@385
PS1, Line 385:
flake8: W391 blank line at end of file
http://gerrit.cloudera.org:8080/#/c/11502/1/tests/common/file_utils.py
File tests/common/file_utils.py:
http://gerrit.cloudera.org:8080/#/c/11502/1/tests/common/file_utils.py@62
PS1, Line 62: def grep_dir(dir, search):
flake8: E302 expected 2 blank lines, found 1
http://gerrit.cloudera.org:8080/#/c/11502/1/tests/common/file_utils.py@78
PS1, Line 78: def grep_file(file, search):
flake8: E302 expected 2 blank lines, found 1
http://gerrit.cloudera.org:8080/#/c/11502/1/tests/common/file_utils.py@88
PS1, Line 88: def assert_file_in_dir_contains(dir, search):
flake8: E302 expected 2 blank lines, found 1
http://gerrit.cloudera.org:8080/#/c/11502/1/tests/common/file_utils.py@90
PS1, Line 90: ,
flake8: E231 missing whitespace after ','
http://gerrit.cloudera.org:8080/#/c/11502/1/tests/common/file_utils.py@94
PS1, Line 94: def assert_no_files_in_dir_contain(dir, search):
flake8: E302 expected 2 blank lines, found 1
http://gerrit.cloudera.org:8080/#/c/11502/1/tests/common/file_utils.py@96
PS1, Line 96: ,
flake8: E231 missing whitespace after ','
http://gerrit.cloudera.org:8080/#/c/11502/1/tests/custom_cluster/test_redaction.py
File tests/custom_cluster/test_redaction.py:
http://gerrit.cloudera.org:8080/#/c/11502/1/tests/custom_cluster/test_redaction.py@30
PS1, Line 30: from tests.common.file_utils import grep_dir, grep_file, assert_file_in_dir_contains,\
flake8: F401 'tests.common.file_utils.grep_dir' imported but unused
--
To view, visit http://gerrit.cloudera.org:8080/11502
To unsubscribe, visit http://gerrit.cloudera.org:8080/settings
Gerrit-Project: Impala-ASF
Gerrit-Branch: master
Gerrit-MessageType: comment
Gerrit-Change-Id: Ibbb13f3ef1c3a00812c180ecef022ea638c2ebc7
Gerrit-Change-Number: 11502
Gerrit-PatchSet: 1
Gerrit-Owner: Adam Holley <ah...@cloudera.com>
Gerrit-Reviewer: Fredy Wijaya <fw...@cloudera.com>
Gerrit-Reviewer: Impala Public Jenkins <im...@cloudera.com>
Gerrit-Comment-Date: Tue, 25 Sep 2018 13:07:02 +0000
Gerrit-HasComments: Yes
[Impala-ASF-CR] IMPALA-7456: Deprecate file-based authorization
Posted by "Impala Public Jenkins (Code Review)" <ge...@cloudera.org>.
Impala Public Jenkins has posted comments on this change. ( http://gerrit.cloudera.org:8080/11502 )
Change subject: IMPALA-7456: Deprecate file-based authorization
......................................................................
Patch Set 4:
Build Successful
https://jenkins.impala.io/job/gerrit-code-review-checks/791/ : Initial code review checks passed. Use gerrit-verify-dryrun-external or gerrit-verify-dryrun to run full precommit tests.
--
To view, visit http://gerrit.cloudera.org:8080/11502
To unsubscribe, visit http://gerrit.cloudera.org:8080/settings
Gerrit-Project: Impala-ASF
Gerrit-Branch: master
Gerrit-MessageType: comment
Gerrit-Change-Id: Ibbb13f3ef1c3a00812c180ecef022ea638c2ebc7
Gerrit-Change-Number: 11502
Gerrit-PatchSet: 4
Gerrit-Owner: Adam Holley <ah...@cloudera.com>
Gerrit-Reviewer: Adam Holley <ah...@cloudera.com>
Gerrit-Reviewer: Fredy Wijaya <fw...@cloudera.com>
Gerrit-Reviewer: Impala Public Jenkins <im...@cloudera.com>
Gerrit-Comment-Date: Tue, 25 Sep 2018 19:12:39 +0000
Gerrit-HasComments: No
[Impala-ASF-CR] IMPALA-7456: Deprecate file-based authorization
Posted by "Adam Holley (Code Review)" <ge...@cloudera.org>.
Adam Holley has posted comments on this change. ( http://gerrit.cloudera.org:8080/11502 )
Change subject: IMPALA-7456: Deprecate file-based authorization
......................................................................
Patch Set 2:
(12 comments)
http://gerrit.cloudera.org:8080/#/c/11502/1//COMMIT_MSG
Commit Message:
http://gerrit.cloudera.org:8080/#/c/11502/1//COMMIT_MSG@9
PS1, Line 9: add
> nit: adds
Done
http://gerrit.cloudera.org:8080/#/c/11502/1//COMMIT_MSG@10
PS1, Line 10: Sentry has
: depreated the use of policy files
> Please put a SENTRY JIRA for this.
Done
http://gerrit.cloudera.org:8080/#/c/11502/1/fe/src/main/java/org/apache/impala/service/JniFrontend.java
File fe/src/main/java/org/apache/impala/service/JniFrontend.java:
http://gerrit.cloudera.org:8080/#/c/11502/1/fe/src/main/java/org/apache/impala/service/JniFrontend.java@700
PS1, Line 700: authorization_policy_file flag is deprecated
> Instead of mentioning the flag name, maybe it's better to say "Authorizatio
Since this is in the logs and meant for admins, I think it'd be better to let them know the exact flag they are using that they shouldn't.
http://gerrit.cloudera.org:8080/#/c/11502/1/tests/authorization/test_authorization.py
File tests/authorization/test_authorization.py:
http://gerrit.cloudera.org:8080/#/c/11502/1/tests/authorization/test_authorization.py@378
PS1, Line 378:
> flake8: E502 the backslash is redundant between brackets
Done
http://gerrit.cloudera.org:8080/#/c/11502/1/tests/authorization/test_authorization.py@385
PS1, Line 385:
> flake8: W391 blank line at end of file
Done
http://gerrit.cloudera.org:8080/#/c/11502/1/tests/common/file_utils.py
File tests/common/file_utils.py:
http://gerrit.cloudera.org:8080/#/c/11502/1/tests/common/file_utils.py@62
PS1, Line 62:
> flake8: E302 expected 2 blank lines, found 1
Done
http://gerrit.cloudera.org:8080/#/c/11502/1/tests/common/file_utils.py@78
PS1, Line 78:
> flake8: E302 expected 2 blank lines, found 1
Done
http://gerrit.cloudera.org:8080/#/c/11502/1/tests/common/file_utils.py@88
PS1, Line 88: return matching_lines
> flake8: E302 expected 2 blank lines, found 1
Done
http://gerrit.cloudera.org:8080/#/c/11502/1/tests/common/file_utils.py@90
PS1, Line 90:
> flake8: E231 missing whitespace after ','
Done
http://gerrit.cloudera.org:8080/#/c/11502/1/tests/common/file_utils.py@94
PS1, Line 94: assert results, "%s should have a file containing '%s' but no file was found" \
> flake8: E302 expected 2 blank lines, found 1
Done
http://gerrit.cloudera.org:8080/#/c/11502/1/tests/common/file_utils.py@96
PS1, Line 96:
> flake8: E231 missing whitespace after ','
Done
http://gerrit.cloudera.org:8080/#/c/11502/1/tests/custom_cluster/test_redaction.py
File tests/custom_cluster/test_redaction.py:
http://gerrit.cloudera.org:8080/#/c/11502/1/tests/custom_cluster/test_redaction.py@30
PS1, Line 30: from tests.common.file_utils import grep_file, assert_file_in_dir_contains,\
> flake8: F401 'tests.common.file_utils.grep_dir' imported but unused
Done
--
To view, visit http://gerrit.cloudera.org:8080/11502
To unsubscribe, visit http://gerrit.cloudera.org:8080/settings
Gerrit-Project: Impala-ASF
Gerrit-Branch: master
Gerrit-MessageType: comment
Gerrit-Change-Id: Ibbb13f3ef1c3a00812c180ecef022ea638c2ebc7
Gerrit-Change-Number: 11502
Gerrit-PatchSet: 2
Gerrit-Owner: Adam Holley <ah...@cloudera.com>
Gerrit-Reviewer: Adam Holley <ah...@cloudera.com>
Gerrit-Reviewer: Fredy Wijaya <fw...@cloudera.com>
Gerrit-Reviewer: Impala Public Jenkins <im...@cloudera.com>
Gerrit-Comment-Date: Tue, 25 Sep 2018 14:56:10 +0000
Gerrit-HasComments: Yes
[Impala-ASF-CR] IMPALA-7456: Deprecate file-based authorization
Posted by "Adam Holley (Code Review)" <ge...@cloudera.org>.
Adam Holley has uploaded a new patch set (#3). ( http://gerrit.cloudera.org:8080/11502 )
Change subject: IMPALA-7456: Deprecate file-based authorization
......................................................................
IMPALA-7456: Deprecate file-based authorization
This patch simply adds a warning message to the log when the
authorization_policy_file run-time flag is used. Sentry has
depreated the use of policy files and they do not support
user level privileges which are required for object ownership.
Here is the Jira where it will be removed. SENTRY-1922
Test:
- Added custom cluster test to validate logs
- Ran all custom cluster tests
Change-Id: Ibbb13f3ef1c3a00812c180ecef022ea638c2ebc7
---
M fe/src/main/java/org/apache/impala/service/BackendConfig.java
M fe/src/main/java/org/apache/impala/service/JniFrontend.java
M tests/authorization/test_authorization.py
M tests/common/custom_cluster_test_suite.py
M tests/common/file_utils.py
M tests/custom_cluster/test_redaction.py
6 files changed, 103 insertions(+), 55 deletions(-)
git pull ssh://gerrit.cloudera.org:29418/Impala-ASF refs/changes/02/11502/3
--
To view, visit http://gerrit.cloudera.org:8080/11502
To unsubscribe, visit http://gerrit.cloudera.org:8080/settings
Gerrit-Project: Impala-ASF
Gerrit-Branch: master
Gerrit-MessageType: newpatchset
Gerrit-Change-Id: Ibbb13f3ef1c3a00812c180ecef022ea638c2ebc7
Gerrit-Change-Number: 11502
Gerrit-PatchSet: 3
Gerrit-Owner: Adam Holley <ah...@cloudera.com>
Gerrit-Reviewer: Adam Holley <ah...@cloudera.com>
Gerrit-Reviewer: Fredy Wijaya <fw...@cloudera.com>
Gerrit-Reviewer: Impala Public Jenkins <im...@cloudera.com>
[Impala-ASF-CR] IMPALA-7456: Deprecate file-based authorization
Posted by "Fredy Wijaya (Code Review)" <ge...@cloudera.org>.
Fredy Wijaya has posted comments on this change. ( http://gerrit.cloudera.org:8080/11502 )
Change subject: IMPALA-7456: Deprecate file-based authorization
......................................................................
Patch Set 1:
(3 comments)
LGTM after couple flake8 errors are fixed.
http://gerrit.cloudera.org:8080/#/c/11502/1//COMMIT_MSG
Commit Message:
http://gerrit.cloudera.org:8080/#/c/11502/1//COMMIT_MSG@9
PS1, Line 9: add
nit: adds
http://gerrit.cloudera.org:8080/#/c/11502/1//COMMIT_MSG@10
PS1, Line 10: Sentry has
: depreated the use of policy files
Please put a SENTRY JIRA for this.
http://gerrit.cloudera.org:8080/#/c/11502/1/fe/src/main/java/org/apache/impala/service/JniFrontend.java
File fe/src/main/java/org/apache/impala/service/JniFrontend.java:
http://gerrit.cloudera.org:8080/#/c/11502/1/fe/src/main/java/org/apache/impala/service/JniFrontend.java@700
PS1, Line 700: authorization_policy_file flag is deprecated
Instead of mentioning the flag name, maybe it's better to say "Authorization policy file is deprecated. Object Ownership feature is not supported with authorization policy file".
--
To view, visit http://gerrit.cloudera.org:8080/11502
To unsubscribe, visit http://gerrit.cloudera.org:8080/settings
Gerrit-Project: Impala-ASF
Gerrit-Branch: master
Gerrit-MessageType: comment
Gerrit-Change-Id: Ibbb13f3ef1c3a00812c180ecef022ea638c2ebc7
Gerrit-Change-Number: 11502
Gerrit-PatchSet: 1
Gerrit-Owner: Adam Holley <ah...@cloudera.com>
Gerrit-Reviewer: Fredy Wijaya <fw...@cloudera.com>
Gerrit-Reviewer: Impala Public Jenkins <im...@cloudera.com>
Gerrit-Comment-Date: Tue, 25 Sep 2018 13:44:21 +0000
Gerrit-HasComments: Yes
[Impala-ASF-CR] IMPALA-7456: Deprecate file-based authorization
Posted by "Impala Public Jenkins (Code Review)" <ge...@cloudera.org>.
Impala Public Jenkins has submitted this change and it was merged. ( http://gerrit.cloudera.org:8080/11502 )
Change subject: IMPALA-7456: Deprecate file-based authorization
......................................................................
IMPALA-7456: Deprecate file-based authorization
This patch simply adds a warning message to the log when the
authorization_policy_file run-time flag is used. Sentry has
deprecated the use of policy files and they do not support
user level privileges which are required for object ownership.
Here is the Jira where it will be removed. SENTRY-1922
Test:
- Added custom cluster test to validate logs
- Ran all custom cluster tests
Change-Id: Ibbb13f3ef1c3a00812c180ecef022ea638c2ebc7
Reviewed-on: http://gerrit.cloudera.org:8080/11502
Reviewed-by: Fredy Wijaya <fw...@cloudera.com>
Tested-by: Impala Public Jenkins <im...@cloudera.com>
---
M fe/src/main/java/org/apache/impala/service/BackendConfig.java
M fe/src/main/java/org/apache/impala/service/JniFrontend.java
M tests/authorization/test_authorization.py
M tests/common/custom_cluster_test_suite.py
M tests/common/file_utils.py
M tests/custom_cluster/test_redaction.py
6 files changed, 103 insertions(+), 55 deletions(-)
Approvals:
Fredy Wijaya: Looks good to me, approved
Impala Public Jenkins: Verified
--
To view, visit http://gerrit.cloudera.org:8080/11502
To unsubscribe, visit http://gerrit.cloudera.org:8080/settings
Gerrit-Project: Impala-ASF
Gerrit-Branch: master
Gerrit-MessageType: merged
Gerrit-Change-Id: Ibbb13f3ef1c3a00812c180ecef022ea638c2ebc7
Gerrit-Change-Number: 11502
Gerrit-PatchSet: 5
Gerrit-Owner: Adam Holley <ah...@cloudera.com>
Gerrit-Reviewer: Adam Holley <ah...@cloudera.com>
Gerrit-Reviewer: Fredy Wijaya <fw...@cloudera.com>
Gerrit-Reviewer: Impala Public Jenkins <im...@cloudera.com>
[Impala-ASF-CR] IMPALA-7456: Deprecate file-based authorization
Posted by "Adam Holley (Code Review)" <ge...@cloudera.org>.
Adam Holley has uploaded a new patch set (#4). ( http://gerrit.cloudera.org:8080/11502 )
Change subject: IMPALA-7456: Deprecate file-based authorization
......................................................................
IMPALA-7456: Deprecate file-based authorization
This patch simply adds a warning message to the log when the
authorization_policy_file run-time flag is used. Sentry has
deprecated the use of policy files and they do not support
user level privileges which are required for object ownership.
Here is the Jira where it will be removed. SENTRY-1922
Test:
- Added custom cluster test to validate logs
- Ran all custom cluster tests
Change-Id: Ibbb13f3ef1c3a00812c180ecef022ea638c2ebc7
---
M fe/src/main/java/org/apache/impala/service/BackendConfig.java
M fe/src/main/java/org/apache/impala/service/JniFrontend.java
M tests/authorization/test_authorization.py
M tests/common/custom_cluster_test_suite.py
M tests/common/file_utils.py
M tests/custom_cluster/test_redaction.py
6 files changed, 103 insertions(+), 55 deletions(-)
git pull ssh://gerrit.cloudera.org:29418/Impala-ASF refs/changes/02/11502/4
--
To view, visit http://gerrit.cloudera.org:8080/11502
To unsubscribe, visit http://gerrit.cloudera.org:8080/settings
Gerrit-Project: Impala-ASF
Gerrit-Branch: master
Gerrit-MessageType: newpatchset
Gerrit-Change-Id: Ibbb13f3ef1c3a00812c180ecef022ea638c2ebc7
Gerrit-Change-Number: 11502
Gerrit-PatchSet: 4
Gerrit-Owner: Adam Holley <ah...@cloudera.com>
Gerrit-Reviewer: Adam Holley <ah...@cloudera.com>
Gerrit-Reviewer: Fredy Wijaya <fw...@cloudera.com>
Gerrit-Reviewer: Impala Public Jenkins <im...@cloudera.com>
[Impala-ASF-CR] IMPALA-7456: Deprecate file-based authorization
Posted by "Impala Public Jenkins (Code Review)" <ge...@cloudera.org>.
Impala Public Jenkins has posted comments on this change. ( http://gerrit.cloudera.org:8080/11502 )
Change subject: IMPALA-7456: Deprecate file-based authorization
......................................................................
Patch Set 4:
Build started: https://jenkins.impala.io/job/gerrit-verify-dryrun/3216/ DRY_RUN=false
--
To view, visit http://gerrit.cloudera.org:8080/11502
To unsubscribe, visit http://gerrit.cloudera.org:8080/settings
Gerrit-Project: Impala-ASF
Gerrit-Branch: master
Gerrit-MessageType: comment
Gerrit-Change-Id: Ibbb13f3ef1c3a00812c180ecef022ea638c2ebc7
Gerrit-Change-Number: 11502
Gerrit-PatchSet: 4
Gerrit-Owner: Adam Holley <ah...@cloudera.com>
Gerrit-Reviewer: Adam Holley <ah...@cloudera.com>
Gerrit-Reviewer: Fredy Wijaya <fw...@cloudera.com>
Gerrit-Reviewer: Impala Public Jenkins <im...@cloudera.com>
Gerrit-Comment-Date: Tue, 25 Sep 2018 19:17:21 +0000
Gerrit-HasComments: No
[Impala-ASF-CR] IMPALA-7456: Deprecate file-based authorization
Posted by "Impala Public Jenkins (Code Review)" <ge...@cloudera.org>.
Impala Public Jenkins has posted comments on this change. ( http://gerrit.cloudera.org:8080/11502 )
Change subject: IMPALA-7456: Deprecate file-based authorization
......................................................................
Patch Set 2:
Build Successful
https://jenkins.impala.io/job/gerrit-code-review-checks/782/ : Initial code review checks passed. Use gerrit-verify-dryrun-external or gerrit-verify-dryrun to run full precommit tests.
--
To view, visit http://gerrit.cloudera.org:8080/11502
To unsubscribe, visit http://gerrit.cloudera.org:8080/settings
Gerrit-Project: Impala-ASF
Gerrit-Branch: master
Gerrit-MessageType: comment
Gerrit-Change-Id: Ibbb13f3ef1c3a00812c180ecef022ea638c2ebc7
Gerrit-Change-Number: 11502
Gerrit-PatchSet: 2
Gerrit-Owner: Adam Holley <ah...@cloudera.com>
Gerrit-Reviewer: Adam Holley <ah...@cloudera.com>
Gerrit-Reviewer: Fredy Wijaya <fw...@cloudera.com>
Gerrit-Reviewer: Impala Public Jenkins <im...@cloudera.com>
Gerrit-Comment-Date: Tue, 25 Sep 2018 18:10:57 +0000
Gerrit-HasComments: No
[Impala-ASF-CR] IMPALA-7456: Deprecate file-based authorization
Posted by "Adam Holley (Code Review)" <ge...@cloudera.org>.
Adam Holley has posted comments on this change. ( http://gerrit.cloudera.org:8080/11502 )
Change subject: IMPALA-7456: Deprecate file-based authorization
......................................................................
Patch Set 4:
(2 comments)
http://gerrit.cloudera.org:8080/#/c/11502/2//COMMIT_MSG
Commit Message:
http://gerrit.cloudera.org:8080/#/c/11502/2//COMMIT_MSG@11
PS2, Line 11: deprecate
> typo: deprecated. Just put the SENTRY-1922 here.
Done
http://gerrit.cloudera.org:8080/#/c/11502/1/fe/src/main/java/org/apache/impala/service/JniFrontend.java
File fe/src/main/java/org/apache/impala/service/JniFrontend.java:
http://gerrit.cloudera.org:8080/#/c/11502/1/fe/src/main/java/org/apache/impala/service/JniFrontend.java@700
PS1, Line 700: authorization_policy_file flag is deprecated
> Wouldn't it better to throw an exception when object ownership and authoriz
Object ownership can only be enabled via the sentry server. They should be mutually exclusive.
--
To view, visit http://gerrit.cloudera.org:8080/11502
To unsubscribe, visit http://gerrit.cloudera.org:8080/settings
Gerrit-Project: Impala-ASF
Gerrit-Branch: master
Gerrit-MessageType: comment
Gerrit-Change-Id: Ibbb13f3ef1c3a00812c180ecef022ea638c2ebc7
Gerrit-Change-Number: 11502
Gerrit-PatchSet: 4
Gerrit-Owner: Adam Holley <ah...@cloudera.com>
Gerrit-Reviewer: Adam Holley <ah...@cloudera.com>
Gerrit-Reviewer: Fredy Wijaya <fw...@cloudera.com>
Gerrit-Reviewer: Impala Public Jenkins <im...@cloudera.com>
Gerrit-Comment-Date: Tue, 25 Sep 2018 18:28:55 +0000
Gerrit-HasComments: Yes
[Impala-ASF-CR] IMPALA-7456: Deprecate file-based authorization
Posted by "Fredy Wijaya (Code Review)" <ge...@cloudera.org>.
Fredy Wijaya has posted comments on this change. ( http://gerrit.cloudera.org:8080/11502 )
Change subject: IMPALA-7456: Deprecate file-based authorization
......................................................................
Patch Set 2:
(2 comments)
http://gerrit.cloudera.org:8080/#/c/11502/2//COMMIT_MSG
Commit Message:
http://gerrit.cloudera.org:8080/#/c/11502/2//COMMIT_MSG@11
PS2, Line 11: depreated
typo: deprecated. Just put the SENTRY-1922 here.
http://gerrit.cloudera.org:8080/#/c/11502/1/fe/src/main/java/org/apache/impala/service/JniFrontend.java
File fe/src/main/java/org/apache/impala/service/JniFrontend.java:
http://gerrit.cloudera.org:8080/#/c/11502/1/fe/src/main/java/org/apache/impala/service/JniFrontend.java@700
PS1, Line 700: authorization_policy_file flag is deprecated
> Since this is in the logs and meant for admins, I think it'd be better to l
Wouldn't it better to throw an exception when object ownership and authorization policy file are both enabled and give a warn when only authorization policy file is enabled?
--
To view, visit http://gerrit.cloudera.org:8080/11502
To unsubscribe, visit http://gerrit.cloudera.org:8080/settings
Gerrit-Project: Impala-ASF
Gerrit-Branch: master
Gerrit-MessageType: comment
Gerrit-Change-Id: Ibbb13f3ef1c3a00812c180ecef022ea638c2ebc7
Gerrit-Change-Number: 11502
Gerrit-PatchSet: 2
Gerrit-Owner: Adam Holley <ah...@cloudera.com>
Gerrit-Reviewer: Adam Holley <ah...@cloudera.com>
Gerrit-Reviewer: Fredy Wijaya <fw...@cloudera.com>
Gerrit-Reviewer: Impala Public Jenkins <im...@cloudera.com>
Gerrit-Comment-Date: Tue, 25 Sep 2018 15:08:56 +0000
Gerrit-HasComments: Yes
[Impala-ASF-CR] IMPALA-7456: Deprecate file-based authorization
Posted by "Fredy Wijaya (Code Review)" <ge...@cloudera.org>.
Fredy Wijaya has posted comments on this change. ( http://gerrit.cloudera.org:8080/11502 )
Change subject: IMPALA-7456: Deprecate file-based authorization
......................................................................
Patch Set 4: Code-Review+2
--
To view, visit http://gerrit.cloudera.org:8080/11502
To unsubscribe, visit http://gerrit.cloudera.org:8080/settings
Gerrit-Project: Impala-ASF
Gerrit-Branch: master
Gerrit-MessageType: comment
Gerrit-Change-Id: Ibbb13f3ef1c3a00812c180ecef022ea638c2ebc7
Gerrit-Change-Number: 11502
Gerrit-PatchSet: 4
Gerrit-Owner: Adam Holley <ah...@cloudera.com>
Gerrit-Reviewer: Adam Holley <ah...@cloudera.com>
Gerrit-Reviewer: Fredy Wijaya <fw...@cloudera.com>
Gerrit-Reviewer: Impala Public Jenkins <im...@cloudera.com>
Gerrit-Comment-Date: Tue, 25 Sep 2018 18:37:44 +0000
Gerrit-HasComments: No