You are viewing a plain text version of this content. The canonical link for it is here.
Posted to reviews@kudu.apache.org by "Sailesh Mukil (Code Review)" <ge...@cloudera.org> on 2017/11/30 21:39:24 UTC
[kudu-CR] [security] Make the kerberos principal configurable for Kudu servers
Sailesh Mukil has uploaded this change for review. ( http://gerrit.cloudera.org:8080/8700
Change subject: [security] Make the kerberos principal configurable for Kudu servers
......................................................................
[security] Make the kerberos principal configurable for Kudu servers
The Kudu security library currently sources the kerberos principal
directly from FLAGS_principal. Since this is a library, we'd rather
move this to be an option that is passed through InitKerberosForServer().
Users of the sercurity library may pass any principal that they want
to.
Testing: All current tests pass. Since this is a minor refactor, no new
tests are needed.
Change-Id: Idd16b3360d8d2df5a609eb897bb9810e662fc695
---
M src/kudu/security/init.cc
M src/kudu/security/init.h
M src/kudu/security/test/mini_kdc-test.cc
M src/kudu/server/server_base.cc
4 files changed, 29 insertions(+), 21 deletions(-)
git pull ssh://gerrit.cloudera.org:29418/kudu refs/changes/00/8700/1
--
To view, visit http://gerrit.cloudera.org:8080/8700
To unsubscribe, visit http://gerrit.cloudera.org:8080/settings
Gerrit-Project: kudu
Gerrit-Branch: master
Gerrit-MessageType: newchange
Gerrit-Change-Id: Idd16b3360d8d2df5a609eb897bb9810e662fc695
Gerrit-Change-Number: 8700
Gerrit-PatchSet: 1
Gerrit-Owner: Sailesh Mukil <sa...@cloudera.com>
[kudu-CR] [security] Make the kerberos principal configurable for Kudu servers
Posted by "Sailesh Mukil (Code Review)" <ge...@cloudera.org>.
Sailesh Mukil has posted comments on this change. ( http://gerrit.cloudera.org:8080/8700 )
Change subject: [security] Make the kerberos principal configurable for Kudu servers
......................................................................
Patch Set 5:
(1 comment)
http://gerrit.cloudera.org:8080/#/c/8700/5/src/kudu/security/init.cc
File src/kudu/security/init.cc:
http://gerrit.cloudera.org:8080/#/c/8700/5/src/kudu/security/init.cc@383
PS5, Line 383: *out_principal = in_principal;
Forgot to initialize 'out_principal' here which led to the test failures. It's fixed now.
--
To view, visit http://gerrit.cloudera.org:8080/8700
To unsubscribe, visit http://gerrit.cloudera.org:8080/settings
Gerrit-Project: kudu
Gerrit-Branch: master
Gerrit-MessageType: comment
Gerrit-Change-Id: Idd16b3360d8d2df5a609eb897bb9810e662fc695
Gerrit-Change-Number: 8700
Gerrit-PatchSet: 5
Gerrit-Owner: Sailesh Mukil <sa...@cloudera.com>
Gerrit-Reviewer: Alexey Serbin <as...@cloudera.com>
Gerrit-Reviewer: Dan Burkert <da...@apache.org>
Gerrit-Reviewer: Kudu Jenkins
Gerrit-Reviewer: Michael Ho <kw...@cloudera.com>
Gerrit-Reviewer: Sailesh Mukil <sa...@cloudera.com>
Gerrit-Comment-Date: Mon, 04 Dec 2017 22:49:32 +0000
Gerrit-HasComments: Yes
[kudu-CR] [security] Make the kerberos principal configurable for Kudu servers
Posted by "Alexey Serbin (Code Review)" <ge...@cloudera.org>.
Alexey Serbin has posted comments on this change. ( http://gerrit.cloudera.org:8080/8700 )
Change subject: [security] Make the kerberos principal configurable for Kudu servers
......................................................................
Patch Set 5: Code-Review+1
--
To view, visit http://gerrit.cloudera.org:8080/8700
To unsubscribe, visit http://gerrit.cloudera.org:8080/settings
Gerrit-Project: kudu
Gerrit-Branch: master
Gerrit-MessageType: comment
Gerrit-Change-Id: Idd16b3360d8d2df5a609eb897bb9810e662fc695
Gerrit-Change-Number: 8700
Gerrit-PatchSet: 5
Gerrit-Owner: Sailesh Mukil <sa...@cloudera.com>
Gerrit-Reviewer: Alexey Serbin <as...@cloudera.com>
Gerrit-Reviewer: Dan Burkert <da...@apache.org>
Gerrit-Reviewer: Kudu Jenkins
Gerrit-Reviewer: Michael Ho <kw...@cloudera.com>
Gerrit-Reviewer: Sailesh Mukil <sa...@cloudera.com>
Gerrit-Comment-Date: Mon, 04 Dec 2017 22:59:13 +0000
Gerrit-HasComments: No
[kudu-CR] [security] Make the kerberos principal configurable for Kudu servers
Posted by "Sailesh Mukil (Code Review)" <ge...@cloudera.org>.
Sailesh Mukil has posted comments on this change. ( http://gerrit.cloudera.org:8080/8700 )
Change subject: [security] Make the kerberos principal configurable for Kudu servers
......................................................................
Patch Set 2:
(1 comment)
http://gerrit.cloudera.org:8080/#/c/8700/1/src/kudu/security/init.cc
File src/kudu/security/init.cc:
http://gerrit.cloudera.org:8080/#/c/8700/1/src/kudu/security/init.cc@382
PS1, Line 382: in_principal,
> in_principal seems like a better name.
Done
--
To view, visit http://gerrit.cloudera.org:8080/8700
To unsubscribe, visit http://gerrit.cloudera.org:8080/settings
Gerrit-Project: kudu
Gerrit-Branch: master
Gerrit-MessageType: comment
Gerrit-Change-Id: Idd16b3360d8d2df5a609eb897bb9810e662fc695
Gerrit-Change-Number: 8700
Gerrit-PatchSet: 2
Gerrit-Owner: Sailesh Mukil <sa...@cloudera.com>
Gerrit-Reviewer: Dan Burkert <da...@apache.org>
Gerrit-Reviewer: Kudu Jenkins
Gerrit-Reviewer: Michael Ho <kw...@cloudera.com>
Gerrit-Reviewer: Sailesh Mukil <sa...@cloudera.com>
Gerrit-Comment-Date: Fri, 01 Dec 2017 19:57:38 +0000
Gerrit-HasComments: Yes
[kudu-CR] [security] Make the kerberos principal configurable for Kudu servers
Posted by "Dan Burkert (Code Review)" <ge...@cloudera.org>.
Dan Burkert has submitted this change and it was merged. ( http://gerrit.cloudera.org:8080/8700 )
Change subject: [security] Make the kerberos principal configurable for Kudu servers
......................................................................
[security] Make the kerberos principal configurable for Kudu servers
The Kudu security library currently sources the kerberos principal
directly from FLAGS_principal. Since this is a library, we'd rather
move this to be an option that is passed through InitKerberosForServer().
Users of the security library may pass any principal that they want
to.
Testing: All current tests pass. Since this is a minor refactor, no new
tests are needed.
Change-Id: Idd16b3360d8d2df5a609eb897bb9810e662fc695
Reviewed-on: http://gerrit.cloudera.org:8080/8700
Reviewed-by: Dan Burkert <da...@apache.org>
Reviewed-by: Alexey Serbin <as...@cloudera.com>
Tested-by: Kudu Jenkins
---
M src/kudu/security/init.cc
M src/kudu/security/init.h
M src/kudu/security/test/mini_kdc-test.cc
M src/kudu/server/server_base.cc
4 files changed, 30 insertions(+), 23 deletions(-)
Approvals:
Dan Burkert: Looks good to me, approved
Alexey Serbin: Looks good to me, but someone else must approve
Kudu Jenkins: Verified
--
To view, visit http://gerrit.cloudera.org:8080/8700
To unsubscribe, visit http://gerrit.cloudera.org:8080/settings
Gerrit-Project: kudu
Gerrit-Branch: master
Gerrit-MessageType: merged
Gerrit-Change-Id: Idd16b3360d8d2df5a609eb897bb9810e662fc695
Gerrit-Change-Number: 8700
Gerrit-PatchSet: 6
Gerrit-Owner: Sailesh Mukil <sa...@cloudera.com>
Gerrit-Reviewer: Alexey Serbin <as...@cloudera.com>
Gerrit-Reviewer: Dan Burkert <da...@apache.org>
Gerrit-Reviewer: Kudu Jenkins
Gerrit-Reviewer: Michael Ho <kw...@cloudera.com>
Gerrit-Reviewer: Sailesh Mukil <sa...@cloudera.com>
[kudu-CR] [security] Make the kerberos principal configurable for Kudu servers
Posted by "Alexey Serbin (Code Review)" <ge...@cloudera.org>.
Alexey Serbin has posted comments on this change. ( http://gerrit.cloudera.org:8080/8700 )
Change subject: [security] Make the kerberos principal configurable for Kudu servers
......................................................................
Patch Set 3:
(1 comment)
http://gerrit.cloudera.org:8080/#/c/8700/3/src/kudu/security/init.cc
File src/kudu/security/init.cc:
http://gerrit.cloudera.org:8080/#/c/8700/3/src/kudu/security/init.cc@392
PS3, Line 392: const_cast<string*>(&in_principal)
Is it possible to assign in_principal to a local copy and then update that local copy, assigning the updated string to the out_principal on return?
--
To view, visit http://gerrit.cloudera.org:8080/8700
To unsubscribe, visit http://gerrit.cloudera.org:8080/settings
Gerrit-Project: kudu
Gerrit-Branch: master
Gerrit-MessageType: comment
Gerrit-Change-Id: Idd16b3360d8d2df5a609eb897bb9810e662fc695
Gerrit-Change-Number: 8700
Gerrit-PatchSet: 3
Gerrit-Owner: Sailesh Mukil <sa...@cloudera.com>
Gerrit-Reviewer: Alexey Serbin <as...@cloudera.com>
Gerrit-Reviewer: Dan Burkert <da...@apache.org>
Gerrit-Reviewer: Kudu Jenkins
Gerrit-Reviewer: Michael Ho <kw...@cloudera.com>
Gerrit-Reviewer: Sailesh Mukil <sa...@cloudera.com>
Gerrit-Comment-Date: Mon, 04 Dec 2017 21:21:48 +0000
Gerrit-HasComments: Yes
[kudu-CR] [security] Make the kerberos principal configurable for Kudu servers
Posted by "Dan Burkert (Code Review)" <ge...@cloudera.org>.
Dan Burkert has posted comments on this change. ( http://gerrit.cloudera.org:8080/8700 )
Change subject: [security] Make the kerberos principal configurable for Kudu servers
......................................................................
Patch Set 3:
(1 comment)
http://gerrit.cloudera.org:8080/#/c/8700/3/src/kudu/security/init.cc
File src/kudu/security/init.cc:
http://gerrit.cloudera.org:8080/#/c/8700/3/src/kudu/security/init.cc@392
PS3, Line 392: const_cast<string*>(&in_principal)
> That's what I had done in the initial patchset, but I changed it based on D
Could you pass on out_principal instead of in_principal here?
--
To view, visit http://gerrit.cloudera.org:8080/8700
To unsubscribe, visit http://gerrit.cloudera.org:8080/settings
Gerrit-Project: kudu
Gerrit-Branch: master
Gerrit-MessageType: comment
Gerrit-Change-Id: Idd16b3360d8d2df5a609eb897bb9810e662fc695
Gerrit-Change-Number: 8700
Gerrit-PatchSet: 3
Gerrit-Owner: Sailesh Mukil <sa...@cloudera.com>
Gerrit-Reviewer: Alexey Serbin <as...@cloudera.com>
Gerrit-Reviewer: Dan Burkert <da...@apache.org>
Gerrit-Reviewer: Kudu Jenkins
Gerrit-Reviewer: Michael Ho <kw...@cloudera.com>
Gerrit-Reviewer: Sailesh Mukil <sa...@cloudera.com>
Gerrit-Comment-Date: Mon, 04 Dec 2017 21:54:44 +0000
Gerrit-HasComments: Yes
[kudu-CR] [security] Make the kerberos principal configurable for Kudu servers
Posted by "Alexey Serbin (Code Review)" <ge...@cloudera.org>.
Alexey Serbin has posted comments on this change. ( http://gerrit.cloudera.org:8080/8700 )
Change subject: [security] Make the kerberos principal configurable for Kudu servers
......................................................................
Patch Set 3:
(1 comment)
http://gerrit.cloudera.org:8080/#/c/8700/3/src/kudu/security/init.cc
File src/kudu/security/init.cc:
http://gerrit.cloudera.org:8080/#/c/8700/3/src/kudu/security/init.cc@392
PS3, Line 392: const_cast<string*>(&in_principal)
> That's what I had done in the initial patchset, but I changed it based on D
I think Dan meant to use out_principal instead of the local copy. I think that or using local copy is better than modifying the parameter which is declared as const.
--
To view, visit http://gerrit.cloudera.org:8080/8700
To unsubscribe, visit http://gerrit.cloudera.org:8080/settings
Gerrit-Project: kudu
Gerrit-Branch: master
Gerrit-MessageType: comment
Gerrit-Change-Id: Idd16b3360d8d2df5a609eb897bb9810e662fc695
Gerrit-Change-Number: 8700
Gerrit-PatchSet: 3
Gerrit-Owner: Sailesh Mukil <sa...@cloudera.com>
Gerrit-Reviewer: Alexey Serbin <as...@cloudera.com>
Gerrit-Reviewer: Dan Burkert <da...@apache.org>
Gerrit-Reviewer: Kudu Jenkins
Gerrit-Reviewer: Michael Ho <kw...@cloudera.com>
Gerrit-Reviewer: Sailesh Mukil <sa...@cloudera.com>
Gerrit-Comment-Date: Mon, 04 Dec 2017 21:53:49 +0000
Gerrit-HasComments: Yes
[kudu-CR] [security] Make the kerberos principal configurable for Kudu servers
Posted by "Sailesh Mukil (Code Review)" <ge...@cloudera.org>.
Hello Michael Ho, Alexey Serbin, Dan Burkert, Kudu Jenkins,
I'd like you to reexamine a change. Please visit
http://gerrit.cloudera.org:8080/8700
to look at the new patch set (#5).
Change subject: [security] Make the kerberos principal configurable for Kudu servers
......................................................................
[security] Make the kerberos principal configurable for Kudu servers
The Kudu security library currently sources the kerberos principal
directly from FLAGS_principal. Since this is a library, we'd rather
move this to be an option that is passed through InitKerberosForServer().
Users of the security library may pass any principal that they want
to.
Testing: All current tests pass. Since this is a minor refactor, no new
tests are needed.
Change-Id: Idd16b3360d8d2df5a609eb897bb9810e662fc695
---
M src/kudu/security/init.cc
M src/kudu/security/init.h
M src/kudu/security/test/mini_kdc-test.cc
M src/kudu/server/server_base.cc
4 files changed, 30 insertions(+), 23 deletions(-)
git pull ssh://gerrit.cloudera.org:29418/kudu refs/changes/00/8700/5
--
To view, visit http://gerrit.cloudera.org:8080/8700
To unsubscribe, visit http://gerrit.cloudera.org:8080/settings
Gerrit-Project: kudu
Gerrit-Branch: master
Gerrit-MessageType: newpatchset
Gerrit-Change-Id: Idd16b3360d8d2df5a609eb897bb9810e662fc695
Gerrit-Change-Number: 8700
Gerrit-PatchSet: 5
Gerrit-Owner: Sailesh Mukil <sa...@cloudera.com>
Gerrit-Reviewer: Alexey Serbin <as...@cloudera.com>
Gerrit-Reviewer: Dan Burkert <da...@apache.org>
Gerrit-Reviewer: Kudu Jenkins
Gerrit-Reviewer: Michael Ho <kw...@cloudera.com>
Gerrit-Reviewer: Sailesh Mukil <sa...@cloudera.com>
[kudu-CR] [security] Make the kerberos principal configurable for Kudu servers
Posted by "Dan Burkert (Code Review)" <ge...@cloudera.org>.
Dan Burkert has posted comments on this change. ( http://gerrit.cloudera.org:8080/8700 )
Change subject: [security] Make the kerberos principal configurable for Kudu servers
......................................................................
Patch Set 4: Code-Review+2
--
To view, visit http://gerrit.cloudera.org:8080/8700
To unsubscribe, visit http://gerrit.cloudera.org:8080/settings
Gerrit-Project: kudu
Gerrit-Branch: master
Gerrit-MessageType: comment
Gerrit-Change-Id: Idd16b3360d8d2df5a609eb897bb9810e662fc695
Gerrit-Change-Number: 8700
Gerrit-PatchSet: 4
Gerrit-Owner: Sailesh Mukil <sa...@cloudera.com>
Gerrit-Reviewer: Alexey Serbin <as...@cloudera.com>
Gerrit-Reviewer: Dan Burkert <da...@apache.org>
Gerrit-Reviewer: Kudu Jenkins
Gerrit-Reviewer: Michael Ho <kw...@cloudera.com>
Gerrit-Reviewer: Sailesh Mukil <sa...@cloudera.com>
Gerrit-Comment-Date: Mon, 04 Dec 2017 22:31:03 +0000
Gerrit-HasComments: No
[kudu-CR] [security] Make the kerberos principal configurable for Kudu servers
Posted by "Sailesh Mukil (Code Review)" <ge...@cloudera.org>.
Hello Michael Ho, Dan Burkert, Kudu Jenkins,
I'd like you to reexamine a change. Please visit
http://gerrit.cloudera.org:8080/8700
to look at the new patch set (#3).
Change subject: [security] Make the kerberos principal configurable for Kudu servers
......................................................................
[security] Make the kerberos principal configurable for Kudu servers
The Kudu security library currently sources the kerberos principal
directly from FLAGS_principal. Since this is a library, we'd rather
move this to be an option that is passed through InitKerberosForServer().
Users of the security library may pass any principal that they want
to.
Testing: All current tests pass. Since this is a minor refactor, no new
tests are needed.
Change-Id: Idd16b3360d8d2df5a609eb897bb9810e662fc695
---
M src/kudu/security/init.cc
M src/kudu/security/init.h
M src/kudu/security/test/mini_kdc-test.cc
M src/kudu/server/server_base.cc
4 files changed, 30 insertions(+), 23 deletions(-)
git pull ssh://gerrit.cloudera.org:29418/kudu refs/changes/00/8700/3
--
To view, visit http://gerrit.cloudera.org:8080/8700
To unsubscribe, visit http://gerrit.cloudera.org:8080/settings
Gerrit-Project: kudu
Gerrit-Branch: master
Gerrit-MessageType: newpatchset
Gerrit-Change-Id: Idd16b3360d8d2df5a609eb897bb9810e662fc695
Gerrit-Change-Number: 8700
Gerrit-PatchSet: 3
Gerrit-Owner: Sailesh Mukil <sa...@cloudera.com>
Gerrit-Reviewer: Dan Burkert <da...@apache.org>
Gerrit-Reviewer: Kudu Jenkins
Gerrit-Reviewer: Michael Ho <kw...@cloudera.com>
Gerrit-Reviewer: Sailesh Mukil <sa...@cloudera.com>
[kudu-CR] [security] Make the kerberos principal configurable for Kudu servers
Posted by "Sailesh Mukil (Code Review)" <ge...@cloudera.org>.
Sailesh Mukil has posted comments on this change. ( http://gerrit.cloudera.org:8080/8700 )
Change subject: [security] Make the kerberos principal configurable for Kudu servers
......................................................................
Patch Set 4:
(1 comment)
http://gerrit.cloudera.org:8080/#/c/8700/3/src/kudu/security/init.cc
File src/kudu/security/init.cc:
http://gerrit.cloudera.org:8080/#/c/8700/3/src/kudu/security/init.cc@392
PS3, Line 392: out_principal);
> Could you pass on out_principal instead of in_principal here?
Ha, silly me, sorry. Done.
--
To view, visit http://gerrit.cloudera.org:8080/8700
To unsubscribe, visit http://gerrit.cloudera.org:8080/settings
Gerrit-Project: kudu
Gerrit-Branch: master
Gerrit-MessageType: comment
Gerrit-Change-Id: Idd16b3360d8d2df5a609eb897bb9810e662fc695
Gerrit-Change-Number: 8700
Gerrit-PatchSet: 4
Gerrit-Owner: Sailesh Mukil <sa...@cloudera.com>
Gerrit-Reviewer: Alexey Serbin <as...@cloudera.com>
Gerrit-Reviewer: Dan Burkert <da...@apache.org>
Gerrit-Reviewer: Kudu Jenkins
Gerrit-Reviewer: Michael Ho <kw...@cloudera.com>
Gerrit-Reviewer: Sailesh Mukil <sa...@cloudera.com>
Gerrit-Comment-Date: Mon, 04 Dec 2017 22:19:04 +0000
Gerrit-HasComments: Yes
[kudu-CR] [security] Make the kerberos principal configurable for Kudu servers
Posted by "Dan Burkert (Code Review)" <ge...@cloudera.org>.
Dan Burkert has posted comments on this change. ( http://gerrit.cloudera.org:8080/8700 )
Change subject: [security] Make the kerberos principal configurable for Kudu servers
......................................................................
Patch Set 5: Code-Review+2
(1 comment)
http://gerrit.cloudera.org:8080/#/c/8700/5/src/kudu/security/init.cc
File src/kudu/security/init.cc:
http://gerrit.cloudera.org:8080/#/c/8700/5/src/kudu/security/init.cc@383
PS5, Line 383: *out_principal = in_principal;
> Forgot to initialize 'out_principal' here which led to the test failures. I
huh, I figured GlobalReplaceSubstring would always write to the out param, but apparently not. That's kind of annoying, but no big deal.
--
To view, visit http://gerrit.cloudera.org:8080/8700
To unsubscribe, visit http://gerrit.cloudera.org:8080/settings
Gerrit-Project: kudu
Gerrit-Branch: master
Gerrit-MessageType: comment
Gerrit-Change-Id: Idd16b3360d8d2df5a609eb897bb9810e662fc695
Gerrit-Change-Number: 8700
Gerrit-PatchSet: 5
Gerrit-Owner: Sailesh Mukil <sa...@cloudera.com>
Gerrit-Reviewer: Alexey Serbin <as...@cloudera.com>
Gerrit-Reviewer: Dan Burkert <da...@apache.org>
Gerrit-Reviewer: Kudu Jenkins
Gerrit-Reviewer: Michael Ho <kw...@cloudera.com>
Gerrit-Reviewer: Sailesh Mukil <sa...@cloudera.com>
Gerrit-Comment-Date: Mon, 04 Dec 2017 22:54:20 +0000
Gerrit-HasComments: Yes
[kudu-CR] [security] Make the kerberos principal configurable for Kudu servers
Posted by "Dan Burkert (Code Review)" <ge...@cloudera.org>.
Dan Burkert has posted comments on this change. ( http://gerrit.cloudera.org:8080/8700 )
Change subject: [security] Make the kerberos principal configurable for Kudu servers
......................................................................
Patch Set 2:
(2 comments)
looks good, just a few small nits.
http://gerrit.cloudera.org:8080/#/c/8700/2//COMMIT_MSG
Commit Message:
http://gerrit.cloudera.org:8080/#/c/8700/2//COMMIT_MSG@12
PS2, Line 12: sercurity
security
http://gerrit.cloudera.org:8080/#/c/8700/2/src/kudu/security/init.cc
File src/kudu/security/init.cc:
http://gerrit.cloudera.org:8080/#/c/8700/2/src/kudu/security/init.cc@383
PS2, Line 383: string p = in_principal;
I think you can skip this local copy altogether by using in_prinicipal and out_principal instead, as appropriate.
--
To view, visit http://gerrit.cloudera.org:8080/8700
To unsubscribe, visit http://gerrit.cloudera.org:8080/settings
Gerrit-Project: kudu
Gerrit-Branch: master
Gerrit-MessageType: comment
Gerrit-Change-Id: Idd16b3360d8d2df5a609eb897bb9810e662fc695
Gerrit-Change-Number: 8700
Gerrit-PatchSet: 2
Gerrit-Owner: Sailesh Mukil <sa...@cloudera.com>
Gerrit-Reviewer: Dan Burkert <da...@apache.org>
Gerrit-Reviewer: Kudu Jenkins
Gerrit-Reviewer: Michael Ho <kw...@cloudera.com>
Gerrit-Reviewer: Sailesh Mukil <sa...@cloudera.com>
Gerrit-Comment-Date: Mon, 04 Dec 2017 18:54:08 +0000
Gerrit-HasComments: Yes
[kudu-CR] [security] Make the kerberos principal configurable for Kudu servers
Posted by "Sailesh Mukil (Code Review)" <ge...@cloudera.org>.
Sailesh Mukil has posted comments on this change. ( http://gerrit.cloudera.org:8080/8700 )
Change subject: [security] Make the kerberos principal configurable for Kudu servers
......................................................................
Patch Set 3:
(1 comment)
http://gerrit.cloudera.org:8080/#/c/8700/3/src/kudu/security/init.cc
File src/kudu/security/init.cc:
http://gerrit.cloudera.org:8080/#/c/8700/3/src/kudu/security/init.cc@392
PS3, Line 392: const_cast<string*>(&in_principal)
> Is it possible to assign in_principal to a local copy and then update that
That's what I had done in the initial patchset, but I changed it based on Dan's comment.
I'm fine with it either way. The one caveat this way when we use 'in_principal' directly, is that it amounts to modifying the FLAGS_principal itself. But that shouldn't cause any bugs.
Let me know what you think is better.
--
To view, visit http://gerrit.cloudera.org:8080/8700
To unsubscribe, visit http://gerrit.cloudera.org:8080/settings
Gerrit-Project: kudu
Gerrit-Branch: master
Gerrit-MessageType: comment
Gerrit-Change-Id: Idd16b3360d8d2df5a609eb897bb9810e662fc695
Gerrit-Change-Number: 8700
Gerrit-PatchSet: 3
Gerrit-Owner: Sailesh Mukil <sa...@cloudera.com>
Gerrit-Reviewer: Alexey Serbin <as...@cloudera.com>
Gerrit-Reviewer: Dan Burkert <da...@apache.org>
Gerrit-Reviewer: Kudu Jenkins
Gerrit-Reviewer: Michael Ho <kw...@cloudera.com>
Gerrit-Reviewer: Sailesh Mukil <sa...@cloudera.com>
Gerrit-Comment-Date: Mon, 04 Dec 2017 21:33:21 +0000
Gerrit-HasComments: Yes
[kudu-CR] [security] Make the kerberos principal configurable for Kudu servers
Posted by "Sailesh Mukil (Code Review)" <ge...@cloudera.org>.
Hello Michael Ho, Alexey Serbin, Dan Burkert, Kudu Jenkins,
I'd like you to reexamine a change. Please visit
http://gerrit.cloudera.org:8080/8700
to look at the new patch set (#4).
Change subject: [security] Make the kerberos principal configurable for Kudu servers
......................................................................
[security] Make the kerberos principal configurable for Kudu servers
The Kudu security library currently sources the kerberos principal
directly from FLAGS_principal. Since this is a library, we'd rather
move this to be an option that is passed through InitKerberosForServer().
Users of the security library may pass any principal that they want
to.
Testing: All current tests pass. Since this is a minor refactor, no new
tests are needed.
Change-Id: Idd16b3360d8d2df5a609eb897bb9810e662fc695
---
M src/kudu/security/init.cc
M src/kudu/security/init.h
M src/kudu/security/test/mini_kdc-test.cc
M src/kudu/server/server_base.cc
4 files changed, 29 insertions(+), 23 deletions(-)
git pull ssh://gerrit.cloudera.org:29418/kudu refs/changes/00/8700/4
--
To view, visit http://gerrit.cloudera.org:8080/8700
To unsubscribe, visit http://gerrit.cloudera.org:8080/settings
Gerrit-Project: kudu
Gerrit-Branch: master
Gerrit-MessageType: newpatchset
Gerrit-Change-Id: Idd16b3360d8d2df5a609eb897bb9810e662fc695
Gerrit-Change-Number: 8700
Gerrit-PatchSet: 4
Gerrit-Owner: Sailesh Mukil <sa...@cloudera.com>
Gerrit-Reviewer: Alexey Serbin <as...@cloudera.com>
Gerrit-Reviewer: Dan Burkert <da...@apache.org>
Gerrit-Reviewer: Kudu Jenkins
Gerrit-Reviewer: Michael Ho <kw...@cloudera.com>
Gerrit-Reviewer: Sailesh Mukil <sa...@cloudera.com>
[kudu-CR] [security] Make the kerberos principal configurable for Kudu servers
Posted by "Sailesh Mukil (Code Review)" <ge...@cloudera.org>.
Hello Michael Ho, Dan Burkert, Kudu Jenkins,
I'd like you to reexamine a change. Please visit
http://gerrit.cloudera.org:8080/8700
to look at the new patch set (#2).
Change subject: [security] Make the kerberos principal configurable for Kudu servers
......................................................................
[security] Make the kerberos principal configurable for Kudu servers
The Kudu security library currently sources the kerberos principal
directly from FLAGS_principal. Since this is a library, we'd rather
move this to be an option that is passed through InitKerberosForServer().
Users of the sercurity library may pass any principal that they want
to.
Testing: All current tests pass. Since this is a minor refactor, no new
tests are needed.
Change-Id: Idd16b3360d8d2df5a609eb897bb9810e662fc695
---
M src/kudu/security/init.cc
M src/kudu/security/init.h
M src/kudu/security/test/mini_kdc-test.cc
M src/kudu/server/server_base.cc
4 files changed, 29 insertions(+), 21 deletions(-)
git pull ssh://gerrit.cloudera.org:29418/kudu refs/changes/00/8700/2
--
To view, visit http://gerrit.cloudera.org:8080/8700
To unsubscribe, visit http://gerrit.cloudera.org:8080/settings
Gerrit-Project: kudu
Gerrit-Branch: master
Gerrit-MessageType: newpatchset
Gerrit-Change-Id: Idd16b3360d8d2df5a609eb897bb9810e662fc695
Gerrit-Change-Number: 8700
Gerrit-PatchSet: 2
Gerrit-Owner: Sailesh Mukil <sa...@cloudera.com>
Gerrit-Reviewer: Dan Burkert <da...@apache.org>
Gerrit-Reviewer: Kudu Jenkins
Gerrit-Reviewer: Michael Ho <kw...@cloudera.com>
[kudu-CR] [security] Make the kerberos principal configurable for Kudu servers
Posted by "Michael Ho (Code Review)" <ge...@cloudera.org>.
Michael Ho has posted comments on this change. ( http://gerrit.cloudera.org:8080/8700 )
Change subject: [security] Make the kerberos principal configurable for Kudu servers
......................................................................
Patch Set 1:
(1 comment)
http://gerrit.cloudera.org:8080/#/c/8700/1/src/kudu/security/init.cc
File src/kudu/security/init.cc:
http://gerrit.cloudera.org:8080/#/c/8700/1/src/kudu/security/init.cc@382
PS1, Line 382: raw_principal
in_principal seems like a better name.
--
To view, visit http://gerrit.cloudera.org:8080/8700
To unsubscribe, visit http://gerrit.cloudera.org:8080/settings
Gerrit-Project: kudu
Gerrit-Branch: master
Gerrit-MessageType: comment
Gerrit-Change-Id: Idd16b3360d8d2df5a609eb897bb9810e662fc695
Gerrit-Change-Number: 8700
Gerrit-PatchSet: 1
Gerrit-Owner: Sailesh Mukil <sa...@cloudera.com>
Gerrit-Reviewer: Dan Burkert <da...@apache.org>
Gerrit-Reviewer: Kudu Jenkins
Gerrit-Reviewer: Michael Ho <kw...@cloudera.com>
Gerrit-Comment-Date: Fri, 01 Dec 2017 07:08:58 +0000
Gerrit-HasComments: Yes
[kudu-CR] [security] Make the kerberos principal configurable for Kudu servers
Posted by "Sailesh Mukil (Code Review)" <ge...@cloudera.org>.
Sailesh Mukil has posted comments on this change. ( http://gerrit.cloudera.org:8080/8700 )
Change subject: [security] Make the kerberos principal configurable for Kudu servers
......................................................................
Patch Set 3:
(2 comments)
http://gerrit.cloudera.org:8080/#/c/8700/2//COMMIT_MSG
Commit Message:
http://gerrit.cloudera.org:8080/#/c/8700/2//COMMIT_MSG@12
PS2, Line 12: security
> security
Done
http://gerrit.cloudera.org:8080/#/c/8700/2/src/kudu/security/init.cc
File src/kudu/security/init.cc:
http://gerrit.cloudera.org:8080/#/c/8700/2/src/kudu/security/init.cc@383
PS2, Line 383: const auto& kHostToken = "_HOST";
> I think you can skip this local copy altogether by using in_prinicipal and
Done
--
To view, visit http://gerrit.cloudera.org:8080/8700
To unsubscribe, visit http://gerrit.cloudera.org:8080/settings
Gerrit-Project: kudu
Gerrit-Branch: master
Gerrit-MessageType: comment
Gerrit-Change-Id: Idd16b3360d8d2df5a609eb897bb9810e662fc695
Gerrit-Change-Number: 8700
Gerrit-PatchSet: 3
Gerrit-Owner: Sailesh Mukil <sa...@cloudera.com>
Gerrit-Reviewer: Dan Burkert <da...@apache.org>
Gerrit-Reviewer: Kudu Jenkins
Gerrit-Reviewer: Michael Ho <kw...@cloudera.com>
Gerrit-Reviewer: Sailesh Mukil <sa...@cloudera.com>
Gerrit-Comment-Date: Mon, 04 Dec 2017 21:05:25 +0000
Gerrit-HasComments: Yes