You are viewing a plain text version of this content. The canonical link for it is here.
Posted to reviews@kudu.apache.org by "Alexey Serbin (Code Review)" <ge...@cloudera.org> on 2019/05/03 07:39:08 UTC
[kudu-CR] [authz] validator for --sentry service rpc addresses flag
Alexey Serbin has uploaded this change for review. ( http://gerrit.cloudera.org:8080/13227
Change subject: [authz] validator for --sentry_service_rpc_addresses flag
......................................................................
[authz] validator for --sentry_service_rpc_addresses flag
This patch introduces a group validator for the
--sentry_service_rpc_addresses runtime flag. It makes it's necessary
to set a non-empty value for the --hive_metastore_uris flag if the
--sentry_service_rpc_addresses flag is set. In other words, this patch
makes it explicitly impossible to run Kudu master for a hypothetical
configuration of Kudu+Sentry authz without HMS catalog.
That reflects the logical dependency of the Kudu+Sentry fine-grain
authz scheme on the HMS catalog. The dependency is there by design.
This patchs also contains a test for the introduced flag validator.
As of now, all existing tests for Kudu+Sentry authz are run with
configuration where the integration with HMS catalog is enabled as well.
Change-Id: Iec0470f68e34edf72a9e8baf608eda1b83272921
---
M src/kudu/integration-tests/master_sentry-itest.cc
M src/kudu/master/sentry_authz_provider-test.cc
M src/kudu/master/sentry_authz_provider.cc
M src/kudu/master/sentry_privileges_fetcher.cc
4 files changed, 44 insertions(+), 1 deletion(-)
git pull ssh://gerrit.cloudera.org:29418/kudu refs/changes/27/13227/1
--
To view, visit http://gerrit.cloudera.org:8080/13227
To unsubscribe, visit http://gerrit.cloudera.org:8080/settings
Gerrit-Project: kudu
Gerrit-Branch: master
Gerrit-MessageType: newchange
Gerrit-Change-Id: Iec0470f68e34edf72a9e8baf608eda1b83272921
Gerrit-Change-Number: 13227
Gerrit-PatchSet: 1
Gerrit-Owner: Alexey Serbin <as...@cloudera.com>
[kudu-CR] [authz] validator for --sentry service rpc addresses flag
Posted by "Alexey Serbin (Code Review)" <ge...@cloudera.org>.
Alexey Serbin has posted comments on this change. ( http://gerrit.cloudera.org:8080/13227 )
Change subject: [authz] validator for --sentry_service_rpc_addresses flag
......................................................................
Patch Set 2: Verified+1
unrelated flake in Java tests:
* org.apache.kudu.backup.TestKuduBackup
--
To view, visit http://gerrit.cloudera.org:8080/13227
To unsubscribe, visit http://gerrit.cloudera.org:8080/settings
Gerrit-Project: kudu
Gerrit-Branch: master
Gerrit-MessageType: comment
Gerrit-Change-Id: Iec0470f68e34edf72a9e8baf608eda1b83272921
Gerrit-Change-Number: 13227
Gerrit-PatchSet: 2
Gerrit-Owner: Alexey Serbin <as...@cloudera.com>
Gerrit-Reviewer: Alexey Serbin <as...@cloudera.com>
Gerrit-Reviewer: Andrew Wong <aw...@cloudera.com>
Gerrit-Reviewer: Hao Hao <ha...@cloudera.com>
Gerrit-Comment-Date: Fri, 03 May 2019 15:46:24 +0000
Gerrit-HasComments: No
[kudu-CR] [authz] validator for --sentry service rpc addresses flag
Posted by "Adar Dembo (Code Review)" <ge...@cloudera.org>.
Adar Dembo has posted comments on this change. ( http://gerrit.cloudera.org:8080/13227 )
Change subject: [authz] validator for --sentry_service_rpc_addresses flag
......................................................................
Patch Set 3: Code-Review+2
--
To view, visit http://gerrit.cloudera.org:8080/13227
To unsubscribe, visit http://gerrit.cloudera.org:8080/settings
Gerrit-Project: kudu
Gerrit-Branch: master
Gerrit-MessageType: comment
Gerrit-Change-Id: Iec0470f68e34edf72a9e8baf608eda1b83272921
Gerrit-Change-Number: 13227
Gerrit-PatchSet: 3
Gerrit-Owner: Alexey Serbin <as...@cloudera.com>
Gerrit-Reviewer: Adar Dembo <ad...@cloudera.com>
Gerrit-Reviewer: Alexey Serbin <as...@cloudera.com>
Gerrit-Reviewer: Andrew Wong <aw...@cloudera.com>
Gerrit-Reviewer: Hao Hao <ha...@cloudera.com>
Gerrit-Reviewer: Kudu Jenkins (120)
Gerrit-Comment-Date: Fri, 03 May 2019 18:20:06 +0000
Gerrit-HasComments: No
[kudu-CR] [authz] validator for --sentry service rpc addresses flag
Posted by "Alexey Serbin (Code Review)" <ge...@cloudera.org>.
Alexey Serbin has submitted this change and it was merged. ( http://gerrit.cloudera.org:8080/13227 )
Change subject: [authz] validator for --sentry_service_rpc_addresses flag
......................................................................
[authz] validator for --sentry_service_rpc_addresses flag
This patch introduces a group validator for the
--sentry_service_rpc_addresses runtime flag. It makes it necessary
to set a non-empty value for the --hive_metastore_uris flag if the
--sentry_service_rpc_addresses flag is set. In other words, this patch
makes it explicitly impossible to run Kudu master for a hypothetical
configuration of Kudu+Sentry authz without HMS catalog.
That reflects the logical dependency of the Kudu+Sentry fine-grain
authz scheme on the HMS catalog. The dependency is there by design.
This patchs also contains a test for the introduced flag validator.
As of now, all existing tests for Kudu+Sentry authz are run with
configuration where the integration with HMS catalog is enabled as well.
Change-Id: Iec0470f68e34edf72a9e8baf608eda1b83272921
Reviewed-on: http://gerrit.cloudera.org:8080/13227
Reviewed-by: Adar Dembo <ad...@cloudera.com>
Tested-by: Alexey Serbin <as...@cloudera.com>
---
M src/kudu/integration-tests/master_sentry-itest.cc
M src/kudu/master/sentry_privileges_fetcher.cc
2 files changed, 50 insertions(+), 0 deletions(-)
Approvals:
Adar Dembo: Looks good to me, approved
Alexey Serbin: Verified
--
To view, visit http://gerrit.cloudera.org:8080/13227
To unsubscribe, visit http://gerrit.cloudera.org:8080/settings
Gerrit-Project: kudu
Gerrit-Branch: master
Gerrit-MessageType: merged
Gerrit-Change-Id: Iec0470f68e34edf72a9e8baf608eda1b83272921
Gerrit-Change-Number: 13227
Gerrit-PatchSet: 4
Gerrit-Owner: Alexey Serbin <as...@cloudera.com>
Gerrit-Reviewer: Adar Dembo <ad...@cloudera.com>
Gerrit-Reviewer: Alexey Serbin <as...@cloudera.com>
Gerrit-Reviewer: Andrew Wong <aw...@cloudera.com>
Gerrit-Reviewer: Hao Hao <ha...@cloudera.com>
[kudu-CR] [authz] validator for --sentry service rpc addresses flag
Posted by "Alexey Serbin (Code Review)" <ge...@cloudera.org>.
Alexey Serbin has removed Kudu Jenkins from this change. ( http://gerrit.cloudera.org:8080/13227 )
Change subject: [authz] validator for --sentry_service_rpc_addresses flag
......................................................................
Removed reviewer Kudu Jenkins with the following votes:
* Verified-1 by Kudu Jenkins (120)
--
To view, visit http://gerrit.cloudera.org:8080/13227
To unsubscribe, visit http://gerrit.cloudera.org:8080/settings
Gerrit-Project: kudu
Gerrit-Branch: master
Gerrit-MessageType: deleteReviewer
Gerrit-Change-Id: Iec0470f68e34edf72a9e8baf608eda1b83272921
Gerrit-Change-Number: 13227
Gerrit-PatchSet: 3
Gerrit-Owner: Alexey Serbin <as...@cloudera.com>
Gerrit-Reviewer: Adar Dembo <ad...@cloudera.com>
Gerrit-Reviewer: Alexey Serbin <as...@cloudera.com>
Gerrit-Reviewer: Andrew Wong <aw...@cloudera.com>
Gerrit-Reviewer: Hao Hao <ha...@cloudera.com>
[kudu-CR] [authz] validator for --sentry service rpc addresses flag
Posted by "Alexey Serbin (Code Review)" <ge...@cloudera.org>.
Hello Kudu Jenkins, Andrew Wong, Hao Hao,
I'd like you to reexamine a change. Please visit
http://gerrit.cloudera.org:8080/13227
to look at the new patch set (#2).
Change subject: [authz] validator for --sentry_service_rpc_addresses flag
......................................................................
[authz] validator for --sentry_service_rpc_addresses flag
This patch introduces a group validator for the
--sentry_service_rpc_addresses runtime flag. It makes it's necessary
to set a non-empty value for the --hive_metastore_uris flag if the
--sentry_service_rpc_addresses flag is set. In other words, this patch
makes it explicitly impossible to run Kudu master for a hypothetical
configuration of Kudu+Sentry authz without HMS catalog.
That reflects the logical dependency of the Kudu+Sentry fine-grain
authz scheme on the HMS catalog. The dependency is there by design.
This patchs also contains a test for the introduced flag validator.
As of now, all existing tests for Kudu+Sentry authz are run with
configuration where the integration with HMS catalog is enabled as well.
Change-Id: Iec0470f68e34edf72a9e8baf608eda1b83272921
---
M src/kudu/integration-tests/master_sentry-itest.cc
M src/kudu/master/sentry_privileges_fetcher.cc
2 files changed, 42 insertions(+), 0 deletions(-)
git pull ssh://gerrit.cloudera.org:29418/kudu refs/changes/27/13227/2
--
To view, visit http://gerrit.cloudera.org:8080/13227
To unsubscribe, visit http://gerrit.cloudera.org:8080/settings
Gerrit-Project: kudu
Gerrit-Branch: master
Gerrit-MessageType: newpatchset
Gerrit-Change-Id: Iec0470f68e34edf72a9e8baf608eda1b83272921
Gerrit-Change-Number: 13227
Gerrit-PatchSet: 2
Gerrit-Owner: Alexey Serbin <as...@cloudera.com>
Gerrit-Reviewer: Andrew Wong <aw...@cloudera.com>
Gerrit-Reviewer: Hao Hao <ha...@cloudera.com>
Gerrit-Reviewer: Kudu Jenkins (120)
[kudu-CR] [authz] validator for --sentry service rpc addresses flag
Posted by "Alexey Serbin (Code Review)" <ge...@cloudera.org>.
Hello Andrew Wong, Adar Dembo, Hao Hao,
I'd like you to reexamine a change. Please visit
http://gerrit.cloudera.org:8080/13227
to look at the new patch set (#3).
Change subject: [authz] validator for --sentry_service_rpc_addresses flag
......................................................................
[authz] validator for --sentry_service_rpc_addresses flag
This patch introduces a group validator for the
--sentry_service_rpc_addresses runtime flag. It makes it necessary
to set a non-empty value for the --hive_metastore_uris flag if the
--sentry_service_rpc_addresses flag is set. In other words, this patch
makes it explicitly impossible to run Kudu master for a hypothetical
configuration of Kudu+Sentry authz without HMS catalog.
That reflects the logical dependency of the Kudu+Sentry fine-grain
authz scheme on the HMS catalog. The dependency is there by design.
This patchs also contains a test for the introduced flag validator.
As of now, all existing tests for Kudu+Sentry authz are run with
configuration where the integration with HMS catalog is enabled as well.
Change-Id: Iec0470f68e34edf72a9e8baf608eda1b83272921
---
M src/kudu/integration-tests/master_sentry-itest.cc
M src/kudu/master/sentry_privileges_fetcher.cc
2 files changed, 50 insertions(+), 0 deletions(-)
git pull ssh://gerrit.cloudera.org:29418/kudu refs/changes/27/13227/3
--
To view, visit http://gerrit.cloudera.org:8080/13227
To unsubscribe, visit http://gerrit.cloudera.org:8080/settings
Gerrit-Project: kudu
Gerrit-Branch: master
Gerrit-MessageType: newpatchset
Gerrit-Change-Id: Iec0470f68e34edf72a9e8baf608eda1b83272921
Gerrit-Change-Number: 13227
Gerrit-PatchSet: 3
Gerrit-Owner: Alexey Serbin <as...@cloudera.com>
Gerrit-Reviewer: Adar Dembo <ad...@cloudera.com>
Gerrit-Reviewer: Alexey Serbin <as...@cloudera.com>
Gerrit-Reviewer: Andrew Wong <aw...@cloudera.com>
Gerrit-Reviewer: Hao Hao <ha...@cloudera.com>
[kudu-CR] [authz] validator for --sentry service rpc addresses flag
Posted by "Andrew Wong (Code Review)" <ge...@cloudera.org>.
Andrew Wong has posted comments on this change. ( http://gerrit.cloudera.org:8080/13227 )
Change subject: [authz] validator for --sentry_service_rpc_addresses flag
......................................................................
Patch Set 2: Code-Review+1
Looks good modulo Adar's nits.
--
To view, visit http://gerrit.cloudera.org:8080/13227
To unsubscribe, visit http://gerrit.cloudera.org:8080/settings
Gerrit-Project: kudu
Gerrit-Branch: master
Gerrit-MessageType: comment
Gerrit-Change-Id: Iec0470f68e34edf72a9e8baf608eda1b83272921
Gerrit-Change-Number: 13227
Gerrit-PatchSet: 2
Gerrit-Owner: Alexey Serbin <as...@cloudera.com>
Gerrit-Reviewer: Adar Dembo <ad...@cloudera.com>
Gerrit-Reviewer: Alexey Serbin <as...@cloudera.com>
Gerrit-Reviewer: Andrew Wong <aw...@cloudera.com>
Gerrit-Reviewer: Hao Hao <ha...@cloudera.com>
Gerrit-Comment-Date: Fri, 03 May 2019 17:42:51 +0000
Gerrit-HasComments: No
[kudu-CR] [authz] validator for --sentry service rpc addresses flag
Posted by "Alexey Serbin (Code Review)" <ge...@cloudera.org>.
Alexey Serbin has removed Kudu Jenkins from this change. ( http://gerrit.cloudera.org:8080/13227 )
Change subject: [authz] validator for --sentry_service_rpc_addresses flag
......................................................................
Removed reviewer Kudu Jenkins with the following votes:
* Verified-1 by Kudu Jenkins (120)
--
To view, visit http://gerrit.cloudera.org:8080/13227
To unsubscribe, visit http://gerrit.cloudera.org:8080/settings
Gerrit-Project: kudu
Gerrit-Branch: master
Gerrit-MessageType: deleteReviewer
Gerrit-Change-Id: Iec0470f68e34edf72a9e8baf608eda1b83272921
Gerrit-Change-Number: 13227
Gerrit-PatchSet: 2
Gerrit-Owner: Alexey Serbin <as...@cloudera.com>
Gerrit-Reviewer: Andrew Wong <aw...@cloudera.com>
Gerrit-Reviewer: Hao Hao <ha...@cloudera.com>
[kudu-CR] [authz] validator for --sentry service rpc addresses flag
Posted by "Alexey Serbin (Code Review)" <ge...@cloudera.org>.
Alexey Serbin has posted comments on this change. ( http://gerrit.cloudera.org:8080/13227 )
Change subject: [authz] validator for --sentry_service_rpc_addresses flag
......................................................................
Patch Set 3: Verified+1
(2 comments)
unrelated flakes in java tests:
* org.apache.kudu.backup.TestKuduBackup
* org.apache.kudu.spark.kudu.DefaultSourceTest
http://gerrit.cloudera.org:8080/#/c/13227/2//COMMIT_MSG
Commit Message:
http://gerrit.cloudera.org:8080/#/c/13227/2//COMMIT_MSG@10
PS2, Line 10: it n
> it
Done
http://gerrit.cloudera.org:8080/#/c/13227/2/src/kudu/integration-tests/master_sentry-itest.cc
File src/kudu/integration-tests/master_sentry-itest.cc:
http://gerrit.cloudera.org:8080/#/c/13227/2/src/kudu/integration-tests/master_sentry-itest.cc@943
PS2, Line 943: // for all the positive cases.
> Nit: add an empty line just before.
Done
--
To view, visit http://gerrit.cloudera.org:8080/13227
To unsubscribe, visit http://gerrit.cloudera.org:8080/settings
Gerrit-Project: kudu
Gerrit-Branch: master
Gerrit-MessageType: comment
Gerrit-Change-Id: Iec0470f68e34edf72a9e8baf608eda1b83272921
Gerrit-Change-Number: 13227
Gerrit-PatchSet: 3
Gerrit-Owner: Alexey Serbin <as...@cloudera.com>
Gerrit-Reviewer: Adar Dembo <ad...@cloudera.com>
Gerrit-Reviewer: Alexey Serbin <as...@cloudera.com>
Gerrit-Reviewer: Andrew Wong <aw...@cloudera.com>
Gerrit-Reviewer: Hao Hao <ha...@cloudera.com>
Gerrit-Reviewer: Kudu Jenkins (120)
Gerrit-Comment-Date: Fri, 03 May 2019 18:21:12 +0000
Gerrit-HasComments: Yes
[kudu-CR] [authz] validator for --sentry service rpc addresses flag
Posted by "Adar Dembo (Code Review)" <ge...@cloudera.org>.
Adar Dembo has posted comments on this change. ( http://gerrit.cloudera.org:8080/13227 )
Change subject: [authz] validator for --sentry_service_rpc_addresses flag
......................................................................
Patch Set 2:
(2 comments)
http://gerrit.cloudera.org:8080/#/c/13227/2//COMMIT_MSG
Commit Message:
http://gerrit.cloudera.org:8080/#/c/13227/2//COMMIT_MSG@10
PS2, Line 10: it's
it
http://gerrit.cloudera.org:8080/#/c/13227/2/src/kudu/integration-tests/master_sentry-itest.cc
File src/kudu/integration-tests/master_sentry-itest.cc:
http://gerrit.cloudera.org:8080/#/c/13227/2/src/kudu/integration-tests/master_sentry-itest.cc@943
PS2, Line 943: TEST_F(MasterSentryAndHmsFlagsTest, ValidateSentryServiceRpcAddresses) {
Nit: add an empty line just before.
--
To view, visit http://gerrit.cloudera.org:8080/13227
To unsubscribe, visit http://gerrit.cloudera.org:8080/settings
Gerrit-Project: kudu
Gerrit-Branch: master
Gerrit-MessageType: comment
Gerrit-Change-Id: Iec0470f68e34edf72a9e8baf608eda1b83272921
Gerrit-Change-Number: 13227
Gerrit-PatchSet: 2
Gerrit-Owner: Alexey Serbin <as...@cloudera.com>
Gerrit-Reviewer: Adar Dembo <ad...@cloudera.com>
Gerrit-Reviewer: Alexey Serbin <as...@cloudera.com>
Gerrit-Reviewer: Andrew Wong <aw...@cloudera.com>
Gerrit-Reviewer: Hao Hao <ha...@cloudera.com>
Gerrit-Comment-Date: Fri, 03 May 2019 16:40:54 +0000
Gerrit-HasComments: Yes