You are viewing a plain text version of this content. The canonical link for it is here.

Posted to reviews@kudu.apache.org by "Sailesh Mukil (Code Review)" <ge...@cloudera.org> on 2017/11/30 21:39:24 UTC

[kudu-CR] [security] Make the kerberos principal configurable for Kudu servers

Sailesh Mukil has uploaded this change for review. ( http://gerrit.cloudera.org:8080/8700


Change subject: [security] Make the kerberos principal configurable for Kudu servers
......................................................................

[security] Make the kerberos principal configurable for Kudu servers

The Kudu security library currently sources the kerberos principal
directly from FLAGS_principal. Since this is a library, we'd rather
move this to be an option that is passed through InitKerberosForServer().
Users of the sercurity library may pass any principal that they want
to.

Testing: All current tests pass. Since this is a minor refactor, no new
tests are needed.

Change-Id: Idd16b3360d8d2df5a609eb897bb9810e662fc695
---
M src/kudu/security/init.cc
M src/kudu/security/init.h
M src/kudu/security/test/mini_kdc-test.cc
M src/kudu/server/server_base.cc
4 files changed, 29 insertions(+), 21 deletions(-)



  git pull ssh://gerrit.cloudera.org:29418/kudu refs/changes/00/8700/1
-- 
To view, visit http://gerrit.cloudera.org:8080/8700
To unsubscribe, visit http://gerrit.cloudera.org:8080/settings

Gerrit-Project: kudu
Gerrit-Branch: master
Gerrit-MessageType: newchange
Gerrit-Change-Id: Idd16b3360d8d2df5a609eb897bb9810e662fc695
Gerrit-Change-Number: 8700
Gerrit-PatchSet: 1
Gerrit-Owner: Sailesh Mukil <sa...@cloudera.com>

[kudu-CR] [security] Make the kerberos principal configurable for Kudu servers

Posted by "Sailesh Mukil (Code Review)" <ge...@cloudera.org>.

Sailesh Mukil has posted comments on this change. ( http://gerrit.cloudera.org:8080/8700 )

Change subject: [security] Make the kerberos principal configurable for Kudu servers
......................................................................


Patch Set 5:

(1 comment)

http://gerrit.cloudera.org:8080/#/c/8700/5/src/kudu/security/init.cc
File src/kudu/security/init.cc:

http://gerrit.cloudera.org:8080/#/c/8700/5/src/kudu/security/init.cc@383
PS5, Line 383: *out_principal = in_principal;
Forgot to initialize 'out_principal' here which led to the test failures. It's fixed now.



-- 
To view, visit http://gerrit.cloudera.org:8080/8700
To unsubscribe, visit http://gerrit.cloudera.org:8080/settings

Gerrit-Project: kudu
Gerrit-Branch: master
Gerrit-MessageType: comment
Gerrit-Change-Id: Idd16b3360d8d2df5a609eb897bb9810e662fc695
Gerrit-Change-Number: 8700
Gerrit-PatchSet: 5
Gerrit-Owner: Sailesh Mukil <sa...@cloudera.com>
Gerrit-Reviewer: Alexey Serbin <as...@cloudera.com>
Gerrit-Reviewer: Dan Burkert <da...@apache.org>
Gerrit-Reviewer: Kudu Jenkins
Gerrit-Reviewer: Michael Ho <kw...@cloudera.com>
Gerrit-Reviewer: Sailesh Mukil <sa...@cloudera.com>
Gerrit-Comment-Date: Mon, 04 Dec 2017 22:49:32 +0000
Gerrit-HasComments: Yes

[kudu-CR] [security] Make the kerberos principal configurable for Kudu servers

Posted by "Alexey Serbin (Code Review)" <ge...@cloudera.org>.

Alexey Serbin has posted comments on this change. ( http://gerrit.cloudera.org:8080/8700 )

Change subject: [security] Make the kerberos principal configurable for Kudu servers
......................................................................


Patch Set 5: Code-Review+1


-- 
To view, visit http://gerrit.cloudera.org:8080/8700
To unsubscribe, visit http://gerrit.cloudera.org:8080/settings

Gerrit-Project: kudu
Gerrit-Branch: master
Gerrit-MessageType: comment
Gerrit-Change-Id: Idd16b3360d8d2df5a609eb897bb9810e662fc695
Gerrit-Change-Number: 8700
Gerrit-PatchSet: 5
Gerrit-Owner: Sailesh Mukil <sa...@cloudera.com>
Gerrit-Reviewer: Alexey Serbin <as...@cloudera.com>
Gerrit-Reviewer: Dan Burkert <da...@apache.org>
Gerrit-Reviewer: Kudu Jenkins
Gerrit-Reviewer: Michael Ho <kw...@cloudera.com>
Gerrit-Reviewer: Sailesh Mukil <sa...@cloudera.com>
Gerrit-Comment-Date: Mon, 04 Dec 2017 22:59:13 +0000
Gerrit-HasComments: No

[kudu-CR] [security] Make the kerberos principal configurable for Kudu servers

Posted by "Sailesh Mukil (Code Review)" <ge...@cloudera.org>.

Sailesh Mukil has posted comments on this change. ( http://gerrit.cloudera.org:8080/8700 )

Change subject: [security] Make the kerberos principal configurable for Kudu servers
......................................................................


Patch Set 2:

(1 comment)

http://gerrit.cloudera.org:8080/#/c/8700/1/src/kudu/security/init.cc
File src/kudu/security/init.cc:

http://gerrit.cloudera.org:8080/#/c/8700/1/src/kudu/security/init.cc@382
PS1, Line 382: in_principal,
> in_principal seems like a better name.
Done



-- 
To view, visit http://gerrit.cloudera.org:8080/8700
To unsubscribe, visit http://gerrit.cloudera.org:8080/settings

Gerrit-Project: kudu
Gerrit-Branch: master
Gerrit-MessageType: comment
Gerrit-Change-Id: Idd16b3360d8d2df5a609eb897bb9810e662fc695
Gerrit-Change-Number: 8700
Gerrit-PatchSet: 2
Gerrit-Owner: Sailesh Mukil <sa...@cloudera.com>
Gerrit-Reviewer: Dan Burkert <da...@apache.org>
Gerrit-Reviewer: Kudu Jenkins
Gerrit-Reviewer: Michael Ho <kw...@cloudera.com>
Gerrit-Reviewer: Sailesh Mukil <sa...@cloudera.com>
Gerrit-Comment-Date: Fri, 01 Dec 2017 19:57:38 +0000
Gerrit-HasComments: Yes

[kudu-CR] [security] Make the kerberos principal configurable for Kudu servers

Posted by "Dan Burkert (Code Review)" <ge...@cloudera.org>.

Dan Burkert has submitted this change and it was merged. ( http://gerrit.cloudera.org:8080/8700 )

Change subject: [security] Make the kerberos principal configurable for Kudu servers
......................................................................

[security] Make the kerberos principal configurable for Kudu servers

The Kudu security library currently sources the kerberos principal
directly from FLAGS_principal. Since this is a library, we'd rather
move this to be an option that is passed through InitKerberosForServer().
Users of the security library may pass any principal that they want
to.

Testing: All current tests pass. Since this is a minor refactor, no new
tests are needed.

Change-Id: Idd16b3360d8d2df5a609eb897bb9810e662fc695
Reviewed-on: http://gerrit.cloudera.org:8080/8700
Reviewed-by: Dan Burkert <da...@apache.org>
Reviewed-by: Alexey Serbin <as...@cloudera.com>
Tested-by: Kudu Jenkins
---
M src/kudu/security/init.cc
M src/kudu/security/init.h
M src/kudu/security/test/mini_kdc-test.cc
M src/kudu/server/server_base.cc
4 files changed, 30 insertions(+), 23 deletions(-)

Approvals:
  Dan Burkert: Looks good to me, approved
  Alexey Serbin: Looks good to me, but someone else must approve
  Kudu Jenkins: Verified

-- 
To view, visit http://gerrit.cloudera.org:8080/8700
To unsubscribe, visit http://gerrit.cloudera.org:8080/settings

Gerrit-Project: kudu
Gerrit-Branch: master
Gerrit-MessageType: merged
Gerrit-Change-Id: Idd16b3360d8d2df5a609eb897bb9810e662fc695
Gerrit-Change-Number: 8700
Gerrit-PatchSet: 6
Gerrit-Owner: Sailesh Mukil <sa...@cloudera.com>
Gerrit-Reviewer: Alexey Serbin <as...@cloudera.com>
Gerrit-Reviewer: Dan Burkert <da...@apache.org>
Gerrit-Reviewer: Kudu Jenkins
Gerrit-Reviewer: Michael Ho <kw...@cloudera.com>
Gerrit-Reviewer: Sailesh Mukil <sa...@cloudera.com>

[kudu-CR] [security] Make the kerberos principal configurable for Kudu servers

Posted by "Alexey Serbin (Code Review)" <ge...@cloudera.org>.

Alexey Serbin has posted comments on this change. ( http://gerrit.cloudera.org:8080/8700 )

Change subject: [security] Make the kerberos principal configurable for Kudu servers
......................................................................


Patch Set 3:

(1 comment)

http://gerrit.cloudera.org:8080/#/c/8700/3/src/kudu/security/init.cc
File src/kudu/security/init.cc:

http://gerrit.cloudera.org:8080/#/c/8700/3/src/kudu/security/init.cc@392
PS3, Line 392: const_cast<string*>(&in_principal)
Is it possible to assign in_principal to a local copy and then update that local copy, assigning the updated string to the out_principal on return?



-- 
To view, visit http://gerrit.cloudera.org:8080/8700
To unsubscribe, visit http://gerrit.cloudera.org:8080/settings

Gerrit-Project: kudu
Gerrit-Branch: master
Gerrit-MessageType: comment
Gerrit-Change-Id: Idd16b3360d8d2df5a609eb897bb9810e662fc695
Gerrit-Change-Number: 8700
Gerrit-PatchSet: 3
Gerrit-Owner: Sailesh Mukil <sa...@cloudera.com>
Gerrit-Reviewer: Alexey Serbin <as...@cloudera.com>
Gerrit-Reviewer: Dan Burkert <da...@apache.org>
Gerrit-Reviewer: Kudu Jenkins
Gerrit-Reviewer: Michael Ho <kw...@cloudera.com>
Gerrit-Reviewer: Sailesh Mukil <sa...@cloudera.com>
Gerrit-Comment-Date: Mon, 04 Dec 2017 21:21:48 +0000
Gerrit-HasComments: Yes

[kudu-CR] [security] Make the kerberos principal configurable for Kudu servers

Posted by "Dan Burkert (Code Review)" <ge...@cloudera.org>.

Dan Burkert has posted comments on this change. ( http://gerrit.cloudera.org:8080/8700 )

Change subject: [security] Make the kerberos principal configurable for Kudu servers
......................................................................


Patch Set 3:

(1 comment)

http://gerrit.cloudera.org:8080/#/c/8700/3/src/kudu/security/init.cc
File src/kudu/security/init.cc:

http://gerrit.cloudera.org:8080/#/c/8700/3/src/kudu/security/init.cc@392
PS3, Line 392: const_cast<string*>(&in_principal)
> That's what I had done in the initial patchset, but I changed it based on D
Could you pass on out_principal instead of in_principal here?



-- 
To view, visit http://gerrit.cloudera.org:8080/8700
To unsubscribe, visit http://gerrit.cloudera.org:8080/settings

Gerrit-Project: kudu
Gerrit-Branch: master
Gerrit-MessageType: comment
Gerrit-Change-Id: Idd16b3360d8d2df5a609eb897bb9810e662fc695
Gerrit-Change-Number: 8700
Gerrit-PatchSet: 3
Gerrit-Owner: Sailesh Mukil <sa...@cloudera.com>
Gerrit-Reviewer: Alexey Serbin <as...@cloudera.com>
Gerrit-Reviewer: Dan Burkert <da...@apache.org>
Gerrit-Reviewer: Kudu Jenkins
Gerrit-Reviewer: Michael Ho <kw...@cloudera.com>
Gerrit-Reviewer: Sailesh Mukil <sa...@cloudera.com>
Gerrit-Comment-Date: Mon, 04 Dec 2017 21:54:44 +0000
Gerrit-HasComments: Yes

[kudu-CR] [security] Make the kerberos principal configurable for Kudu servers

Posted by "Alexey Serbin (Code Review)" <ge...@cloudera.org>.

Alexey Serbin has posted comments on this change. ( http://gerrit.cloudera.org:8080/8700 )

Change subject: [security] Make the kerberos principal configurable for Kudu servers
......................................................................


Patch Set 3:

(1 comment)

http://gerrit.cloudera.org:8080/#/c/8700/3/src/kudu/security/init.cc
File src/kudu/security/init.cc:

http://gerrit.cloudera.org:8080/#/c/8700/3/src/kudu/security/init.cc@392
PS3, Line 392: const_cast<string*>(&in_principal)
> That's what I had done in the initial patchset, but I changed it based on D
I think Dan meant to use out_principal instead of the local copy.  I think that or using local copy is better than modifying the parameter which is declared as const.



-- 
To view, visit http://gerrit.cloudera.org:8080/8700
To unsubscribe, visit http://gerrit.cloudera.org:8080/settings

Gerrit-Project: kudu
Gerrit-Branch: master
Gerrit-MessageType: comment
Gerrit-Change-Id: Idd16b3360d8d2df5a609eb897bb9810e662fc695
Gerrit-Change-Number: 8700
Gerrit-PatchSet: 3
Gerrit-Owner: Sailesh Mukil <sa...@cloudera.com>
Gerrit-Reviewer: Alexey Serbin <as...@cloudera.com>
Gerrit-Reviewer: Dan Burkert <da...@apache.org>
Gerrit-Reviewer: Kudu Jenkins
Gerrit-Reviewer: Michael Ho <kw...@cloudera.com>
Gerrit-Reviewer: Sailesh Mukil <sa...@cloudera.com>
Gerrit-Comment-Date: Mon, 04 Dec 2017 21:53:49 +0000
Gerrit-HasComments: Yes

[kudu-CR] [security] Make the kerberos principal configurable for Kudu servers

Posted by "Sailesh Mukil (Code Review)" <ge...@cloudera.org>.

Hello Michael Ho, Alexey Serbin, Dan Burkert, Kudu Jenkins, 

I'd like you to reexamine a change. Please visit

    http://gerrit.cloudera.org:8080/8700

to look at the new patch set (#5).

Change subject: [security] Make the kerberos principal configurable for Kudu servers
......................................................................

[security] Make the kerberos principal configurable for Kudu servers

The Kudu security library currently sources the kerberos principal
directly from FLAGS_principal. Since this is a library, we'd rather
move this to be an option that is passed through InitKerberosForServer().
Users of the security library may pass any principal that they want
to.

Testing: All current tests pass. Since this is a minor refactor, no new
tests are needed.

Change-Id: Idd16b3360d8d2df5a609eb897bb9810e662fc695
---
M src/kudu/security/init.cc
M src/kudu/security/init.h
M src/kudu/security/test/mini_kdc-test.cc
M src/kudu/server/server_base.cc
4 files changed, 30 insertions(+), 23 deletions(-)


  git pull ssh://gerrit.cloudera.org:29418/kudu refs/changes/00/8700/5
-- 
To view, visit http://gerrit.cloudera.org:8080/8700
To unsubscribe, visit http://gerrit.cloudera.org:8080/settings

Gerrit-Project: kudu
Gerrit-Branch: master
Gerrit-MessageType: newpatchset
Gerrit-Change-Id: Idd16b3360d8d2df5a609eb897bb9810e662fc695
Gerrit-Change-Number: 8700
Gerrit-PatchSet: 5
Gerrit-Owner: Sailesh Mukil <sa...@cloudera.com>
Gerrit-Reviewer: Alexey Serbin <as...@cloudera.com>
Gerrit-Reviewer: Dan Burkert <da...@apache.org>
Gerrit-Reviewer: Kudu Jenkins
Gerrit-Reviewer: Michael Ho <kw...@cloudera.com>
Gerrit-Reviewer: Sailesh Mukil <sa...@cloudera.com>

[kudu-CR] [security] Make the kerberos principal configurable for Kudu servers

Posted by "Dan Burkert (Code Review)" <ge...@cloudera.org>.

Dan Burkert has posted comments on this change. ( http://gerrit.cloudera.org:8080/8700 )

Change subject: [security] Make the kerberos principal configurable for Kudu servers
......................................................................


Patch Set 4: Code-Review+2


-- 
To view, visit http://gerrit.cloudera.org:8080/8700
To unsubscribe, visit http://gerrit.cloudera.org:8080/settings

Gerrit-Project: kudu
Gerrit-Branch: master
Gerrit-MessageType: comment
Gerrit-Change-Id: Idd16b3360d8d2df5a609eb897bb9810e662fc695
Gerrit-Change-Number: 8700
Gerrit-PatchSet: 4
Gerrit-Owner: Sailesh Mukil <sa...@cloudera.com>
Gerrit-Reviewer: Alexey Serbin <as...@cloudera.com>
Gerrit-Reviewer: Dan Burkert <da...@apache.org>
Gerrit-Reviewer: Kudu Jenkins
Gerrit-Reviewer: Michael Ho <kw...@cloudera.com>
Gerrit-Reviewer: Sailesh Mukil <sa...@cloudera.com>
Gerrit-Comment-Date: Mon, 04 Dec 2017 22:31:03 +0000
Gerrit-HasComments: No

[kudu-CR] [security] Make the kerberos principal configurable for Kudu servers

Posted by "Sailesh Mukil (Code Review)" <ge...@cloudera.org>.

Hello Michael Ho, Dan Burkert, Kudu Jenkins, 

I'd like you to reexamine a change. Please visit

    http://gerrit.cloudera.org:8080/8700

to look at the new patch set (#3).

Change subject: [security] Make the kerberos principal configurable for Kudu servers
......................................................................

[security] Make the kerberos principal configurable for Kudu servers

The Kudu security library currently sources the kerberos principal
directly from FLAGS_principal. Since this is a library, we'd rather
move this to be an option that is passed through InitKerberosForServer().
Users of the security library may pass any principal that they want
to.

Testing: All current tests pass. Since this is a minor refactor, no new
tests are needed.

Change-Id: Idd16b3360d8d2df5a609eb897bb9810e662fc695
---
M src/kudu/security/init.cc
M src/kudu/security/init.h
M src/kudu/security/test/mini_kdc-test.cc
M src/kudu/server/server_base.cc
4 files changed, 30 insertions(+), 23 deletions(-)


  git pull ssh://gerrit.cloudera.org:29418/kudu refs/changes/00/8700/3
-- 
To view, visit http://gerrit.cloudera.org:8080/8700
To unsubscribe, visit http://gerrit.cloudera.org:8080/settings

Gerrit-Project: kudu
Gerrit-Branch: master
Gerrit-MessageType: newpatchset
Gerrit-Change-Id: Idd16b3360d8d2df5a609eb897bb9810e662fc695
Gerrit-Change-Number: 8700
Gerrit-PatchSet: 3
Gerrit-Owner: Sailesh Mukil <sa...@cloudera.com>
Gerrit-Reviewer: Dan Burkert <da...@apache.org>
Gerrit-Reviewer: Kudu Jenkins
Gerrit-Reviewer: Michael Ho <kw...@cloudera.com>
Gerrit-Reviewer: Sailesh Mukil <sa...@cloudera.com>

[kudu-CR] [security] Make the kerberos principal configurable for Kudu servers

Posted by "Sailesh Mukil (Code Review)" <ge...@cloudera.org>.

Sailesh Mukil has posted comments on this change. ( http://gerrit.cloudera.org:8080/8700 )

Change subject: [security] Make the kerberos principal configurable for Kudu servers
......................................................................


Patch Set 4:

(1 comment)

http://gerrit.cloudera.org:8080/#/c/8700/3/src/kudu/security/init.cc
File src/kudu/security/init.cc:

http://gerrit.cloudera.org:8080/#/c/8700/3/src/kudu/security/init.cc@392
PS3, Line 392: out_principal);
> Could you pass on out_principal instead of in_principal here?
Ha, silly me, sorry. Done.



-- 
To view, visit http://gerrit.cloudera.org:8080/8700
To unsubscribe, visit http://gerrit.cloudera.org:8080/settings

Gerrit-Project: kudu
Gerrit-Branch: master
Gerrit-MessageType: comment
Gerrit-Change-Id: Idd16b3360d8d2df5a609eb897bb9810e662fc695
Gerrit-Change-Number: 8700
Gerrit-PatchSet: 4
Gerrit-Owner: Sailesh Mukil <sa...@cloudera.com>
Gerrit-Reviewer: Alexey Serbin <as...@cloudera.com>
Gerrit-Reviewer: Dan Burkert <da...@apache.org>
Gerrit-Reviewer: Kudu Jenkins
Gerrit-Reviewer: Michael Ho <kw...@cloudera.com>
Gerrit-Reviewer: Sailesh Mukil <sa...@cloudera.com>
Gerrit-Comment-Date: Mon, 04 Dec 2017 22:19:04 +0000
Gerrit-HasComments: Yes

[kudu-CR] [security] Make the kerberos principal configurable for Kudu servers

Posted by "Dan Burkert (Code Review)" <ge...@cloudera.org>.

Dan Burkert has posted comments on this change. ( http://gerrit.cloudera.org:8080/8700 )

Change subject: [security] Make the kerberos principal configurable for Kudu servers
......................................................................


Patch Set 5: Code-Review+2

(1 comment)

http://gerrit.cloudera.org:8080/#/c/8700/5/src/kudu/security/init.cc
File src/kudu/security/init.cc:

http://gerrit.cloudera.org:8080/#/c/8700/5/src/kudu/security/init.cc@383
PS5, Line 383: *out_principal = in_principal;
> Forgot to initialize 'out_principal' here which led to the test failures. I
huh, I figured GlobalReplaceSubstring would always write to the out param, but apparently not.  That's kind of annoying, but no big deal.



-- 
To view, visit http://gerrit.cloudera.org:8080/8700
To unsubscribe, visit http://gerrit.cloudera.org:8080/settings

Gerrit-Project: kudu
Gerrit-Branch: master
Gerrit-MessageType: comment
Gerrit-Change-Id: Idd16b3360d8d2df5a609eb897bb9810e662fc695
Gerrit-Change-Number: 8700
Gerrit-PatchSet: 5
Gerrit-Owner: Sailesh Mukil <sa...@cloudera.com>
Gerrit-Reviewer: Alexey Serbin <as...@cloudera.com>
Gerrit-Reviewer: Dan Burkert <da...@apache.org>
Gerrit-Reviewer: Kudu Jenkins
Gerrit-Reviewer: Michael Ho <kw...@cloudera.com>
Gerrit-Reviewer: Sailesh Mukil <sa...@cloudera.com>
Gerrit-Comment-Date: Mon, 04 Dec 2017 22:54:20 +0000
Gerrit-HasComments: Yes

[kudu-CR] [security] Make the kerberos principal configurable for Kudu servers

Posted by "Dan Burkert (Code Review)" <ge...@cloudera.org>.

Dan Burkert has posted comments on this change. ( http://gerrit.cloudera.org:8080/8700 )

Change subject: [security] Make the kerberos principal configurable for Kudu servers
......................................................................


Patch Set 2:

(2 comments)

looks good, just a few small nits.

http://gerrit.cloudera.org:8080/#/c/8700/2//COMMIT_MSG
Commit Message:

http://gerrit.cloudera.org:8080/#/c/8700/2//COMMIT_MSG@12
PS2, Line 12: sercurity
security


http://gerrit.cloudera.org:8080/#/c/8700/2/src/kudu/security/init.cc
File src/kudu/security/init.cc:

http://gerrit.cloudera.org:8080/#/c/8700/2/src/kudu/security/init.cc@383
PS2, Line 383:   string p = in_principal;
I think you can skip this local copy altogether by using in_prinicipal and out_principal instead, as appropriate.



-- 
To view, visit http://gerrit.cloudera.org:8080/8700
To unsubscribe, visit http://gerrit.cloudera.org:8080/settings

Gerrit-Project: kudu
Gerrit-Branch: master
Gerrit-MessageType: comment
Gerrit-Change-Id: Idd16b3360d8d2df5a609eb897bb9810e662fc695
Gerrit-Change-Number: 8700
Gerrit-PatchSet: 2
Gerrit-Owner: Sailesh Mukil <sa...@cloudera.com>
Gerrit-Reviewer: Dan Burkert <da...@apache.org>
Gerrit-Reviewer: Kudu Jenkins
Gerrit-Reviewer: Michael Ho <kw...@cloudera.com>
Gerrit-Reviewer: Sailesh Mukil <sa...@cloudera.com>
Gerrit-Comment-Date: Mon, 04 Dec 2017 18:54:08 +0000
Gerrit-HasComments: Yes

[kudu-CR] [security] Make the kerberos principal configurable for Kudu servers

Posted by "Sailesh Mukil (Code Review)" <ge...@cloudera.org>.

Sailesh Mukil has posted comments on this change. ( http://gerrit.cloudera.org:8080/8700 )

Change subject: [security] Make the kerberos principal configurable for Kudu servers
......................................................................


Patch Set 3:

(1 comment)

http://gerrit.cloudera.org:8080/#/c/8700/3/src/kudu/security/init.cc
File src/kudu/security/init.cc:

http://gerrit.cloudera.org:8080/#/c/8700/3/src/kudu/security/init.cc@392
PS3, Line 392: const_cast<string*>(&in_principal)
> Is it possible to assign in_principal to a local copy and then update that 
That's what I had done in the initial patchset, but I changed it based on Dan's comment.

I'm fine with it either way. The one caveat this way when we use 'in_principal' directly, is that it amounts to modifying the FLAGS_principal itself. But that shouldn't cause any bugs.

Let me know what you think is better.



-- 
To view, visit http://gerrit.cloudera.org:8080/8700
To unsubscribe, visit http://gerrit.cloudera.org:8080/settings

Gerrit-Project: kudu
Gerrit-Branch: master
Gerrit-MessageType: comment
Gerrit-Change-Id: Idd16b3360d8d2df5a609eb897bb9810e662fc695
Gerrit-Change-Number: 8700
Gerrit-PatchSet: 3
Gerrit-Owner: Sailesh Mukil <sa...@cloudera.com>
Gerrit-Reviewer: Alexey Serbin <as...@cloudera.com>
Gerrit-Reviewer: Dan Burkert <da...@apache.org>
Gerrit-Reviewer: Kudu Jenkins
Gerrit-Reviewer: Michael Ho <kw...@cloudera.com>
Gerrit-Reviewer: Sailesh Mukil <sa...@cloudera.com>
Gerrit-Comment-Date: Mon, 04 Dec 2017 21:33:21 +0000
Gerrit-HasComments: Yes

[kudu-CR] [security] Make the kerberos principal configurable for Kudu servers

Posted by "Sailesh Mukil (Code Review)" <ge...@cloudera.org>.

Hello Michael Ho, Alexey Serbin, Dan Burkert, Kudu Jenkins, 

I'd like you to reexamine a change. Please visit

    http://gerrit.cloudera.org:8080/8700

to look at the new patch set (#4).

Change subject: [security] Make the kerberos principal configurable for Kudu servers
......................................................................

[security] Make the kerberos principal configurable for Kudu servers

The Kudu security library currently sources the kerberos principal
directly from FLAGS_principal. Since this is a library, we'd rather
move this to be an option that is passed through InitKerberosForServer().
Users of the security library may pass any principal that they want
to.

Testing: All current tests pass. Since this is a minor refactor, no new
tests are needed.

Change-Id: Idd16b3360d8d2df5a609eb897bb9810e662fc695
---
M src/kudu/security/init.cc
M src/kudu/security/init.h
M src/kudu/security/test/mini_kdc-test.cc
M src/kudu/server/server_base.cc
4 files changed, 29 insertions(+), 23 deletions(-)


  git pull ssh://gerrit.cloudera.org:29418/kudu refs/changes/00/8700/4
-- 
To view, visit http://gerrit.cloudera.org:8080/8700
To unsubscribe, visit http://gerrit.cloudera.org:8080/settings

Gerrit-Project: kudu
Gerrit-Branch: master
Gerrit-MessageType: newpatchset
Gerrit-Change-Id: Idd16b3360d8d2df5a609eb897bb9810e662fc695
Gerrit-Change-Number: 8700
Gerrit-PatchSet: 4
Gerrit-Owner: Sailesh Mukil <sa...@cloudera.com>
Gerrit-Reviewer: Alexey Serbin <as...@cloudera.com>
Gerrit-Reviewer: Dan Burkert <da...@apache.org>
Gerrit-Reviewer: Kudu Jenkins
Gerrit-Reviewer: Michael Ho <kw...@cloudera.com>
Gerrit-Reviewer: Sailesh Mukil <sa...@cloudera.com>

[kudu-CR] [security] Make the kerberos principal configurable for Kudu servers

Posted by "Sailesh Mukil (Code Review)" <ge...@cloudera.org>.

Hello Michael Ho, Dan Burkert, Kudu Jenkins, 

I'd like you to reexamine a change. Please visit

    http://gerrit.cloudera.org:8080/8700

to look at the new patch set (#2).

Change subject: [security] Make the kerberos principal configurable for Kudu servers
......................................................................

[security] Make the kerberos principal configurable for Kudu servers

The Kudu security library currently sources the kerberos principal
directly from FLAGS_principal. Since this is a library, we'd rather
move this to be an option that is passed through InitKerberosForServer().
Users of the sercurity library may pass any principal that they want
to.

Testing: All current tests pass. Since this is a minor refactor, no new
tests are needed.

Change-Id: Idd16b3360d8d2df5a609eb897bb9810e662fc695
---
M src/kudu/security/init.cc
M src/kudu/security/init.h
M src/kudu/security/test/mini_kdc-test.cc
M src/kudu/server/server_base.cc
4 files changed, 29 insertions(+), 21 deletions(-)


  git pull ssh://gerrit.cloudera.org:29418/kudu refs/changes/00/8700/2
-- 
To view, visit http://gerrit.cloudera.org:8080/8700
To unsubscribe, visit http://gerrit.cloudera.org:8080/settings

Gerrit-Project: kudu
Gerrit-Branch: master
Gerrit-MessageType: newpatchset
Gerrit-Change-Id: Idd16b3360d8d2df5a609eb897bb9810e662fc695
Gerrit-Change-Number: 8700
Gerrit-PatchSet: 2
Gerrit-Owner: Sailesh Mukil <sa...@cloudera.com>
Gerrit-Reviewer: Dan Burkert <da...@apache.org>
Gerrit-Reviewer: Kudu Jenkins
Gerrit-Reviewer: Michael Ho <kw...@cloudera.com>

[kudu-CR] [security] Make the kerberos principal configurable for Kudu servers

Posted by "Michael Ho (Code Review)" <ge...@cloudera.org>.

Michael Ho has posted comments on this change. ( http://gerrit.cloudera.org:8080/8700 )

Change subject: [security] Make the kerberos principal configurable for Kudu servers
......................................................................


Patch Set 1:

(1 comment)

http://gerrit.cloudera.org:8080/#/c/8700/1/src/kudu/security/init.cc
File src/kudu/security/init.cc:

http://gerrit.cloudera.org:8080/#/c/8700/1/src/kudu/security/init.cc@382
PS1, Line 382: raw_principal
in_principal seems like a better name.



-- 
To view, visit http://gerrit.cloudera.org:8080/8700
To unsubscribe, visit http://gerrit.cloudera.org:8080/settings

Gerrit-Project: kudu
Gerrit-Branch: master
Gerrit-MessageType: comment
Gerrit-Change-Id: Idd16b3360d8d2df5a609eb897bb9810e662fc695
Gerrit-Change-Number: 8700
Gerrit-PatchSet: 1
Gerrit-Owner: Sailesh Mukil <sa...@cloudera.com>
Gerrit-Reviewer: Dan Burkert <da...@apache.org>
Gerrit-Reviewer: Kudu Jenkins
Gerrit-Reviewer: Michael Ho <kw...@cloudera.com>
Gerrit-Comment-Date: Fri, 01 Dec 2017 07:08:58 +0000
Gerrit-HasComments: Yes

[kudu-CR] [security] Make the kerberos principal configurable for Kudu servers

Posted by "Sailesh Mukil (Code Review)" <ge...@cloudera.org>.

Sailesh Mukil has posted comments on this change. ( http://gerrit.cloudera.org:8080/8700 )

Change subject: [security] Make the kerberos principal configurable for Kudu servers
......................................................................


Patch Set 3:

(2 comments)

http://gerrit.cloudera.org:8080/#/c/8700/2//COMMIT_MSG
Commit Message:

http://gerrit.cloudera.org:8080/#/c/8700/2//COMMIT_MSG@12
PS2, Line 12: security 
> security
Done


http://gerrit.cloudera.org:8080/#/c/8700/2/src/kudu/security/init.cc
File src/kudu/security/init.cc:

http://gerrit.cloudera.org:8080/#/c/8700/2/src/kudu/security/init.cc@383
PS2, Line 383:   const auto& kHostToken = "_HOST";
> I think you can skip this local copy altogether by using in_prinicipal and 
Done



-- 
To view, visit http://gerrit.cloudera.org:8080/8700
To unsubscribe, visit http://gerrit.cloudera.org:8080/settings

Gerrit-Project: kudu
Gerrit-Branch: master
Gerrit-MessageType: comment
Gerrit-Change-Id: Idd16b3360d8d2df5a609eb897bb9810e662fc695
Gerrit-Change-Number: 8700
Gerrit-PatchSet: 3
Gerrit-Owner: Sailesh Mukil <sa...@cloudera.com>
Gerrit-Reviewer: Dan Burkert <da...@apache.org>
Gerrit-Reviewer: Kudu Jenkins
Gerrit-Reviewer: Michael Ho <kw...@cloudera.com>
Gerrit-Reviewer: Sailesh Mukil <sa...@cloudera.com>
Gerrit-Comment-Date: Mon, 04 Dec 2017 21:05:25 +0000
Gerrit-HasComments: Yes