You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@sentry.apache.org by Hao Hao via Review Board <no...@reviews.apache.org> on 2019/02/07 23:47:54 UTC

Review Request 69924: SENTRY-2440: Add a new thrift API for checking if a user is in admin group

-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/69924/
-----------------------------------------------------------

Review request for sentry, kalyan kumar kalvagadda and Na Li.


Repository: sentry


Description
-------

SENTRY-2440: Add a new thrift API for checking if a user is in admin group to check if a given user is in the Sentry admin group or not.

This is useful for Sentry client to recognize failure earlier than actually making a call to privileged API such as 'create_role', 'drop_role'.

This API shouldn't leak any sensitive information because connection to teh Sentry server is guarded by 'sentry.service.allow.connect' config, that only the trusted service users can connect to the Sentry service.


Diffs
-----

  sentry-service/sentry-service-api/src/gen/thrift/gen-javabean/org/apache/sentry/api/service/thrift/SentryPolicyService.java 0cbd8ab0a624d4c09aead4097f72762e12d1d21b 
  sentry-service/sentry-service-api/src/gen/thrift/gen-javabean/org/apache/sentry/api/service/thrift/TIsSentryAdminRequest.java PRE-CREATION 
  sentry-service/sentry-service-api/src/gen/thrift/gen-javabean/org/apache/sentry/api/service/thrift/TIsSentryAdminResponse.java PRE-CREATION 
  sentry-service/sentry-service-api/src/main/java/org/apache/sentry/api/service/thrift/SentryPolicyServiceClient.java 5fc299b2485e0af6df333e4a288299f39e18b3b7 
  sentry-service/sentry-service-api/src/main/java/org/apache/sentry/api/service/thrift/SentryPolicyServiceClientDefaultImpl.java 68d864cfbdf18057d87a65a04af8991292aadccf 
  sentry-service/sentry-service-api/src/main/resources/sentry_policy_service.thrift 2e79e5646ae9102d8c0c28da4260a539254fcd15 
  sentry-service/sentry-service-server/src/main/java/org/apache/sentry/api/service/thrift/SentryMetrics.java 236a07bdf5191cdc0f167f20a406b721b3dc506d 
  sentry-service/sentry-service-server/src/main/java/org/apache/sentry/api/service/thrift/SentryPolicyStoreProcessor.java 30875299ebf81e74a78b396d4aeaf27890083370 
  sentry-service/sentry-service-server/src/test/java/org/apache/sentry/api/service/thrift/TestSentryServiceIntegration.java bfafa7d99735bec07bd81ebe665f4e84e65bd3b7 


Diff: https://reviews.apache.org/r/69924/diff/1/


Testing
-------

Unit test.


Thanks,

Hao Hao

Re: Review Request 69924: SENTRY-2440: Add a new thrift API for checking if a user is in admin group

Posted by Na Li via Review Board <no...@reviews.apache.org>.

-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/69924/#review212802
-----------------------------------------------------------


Ship it!




Ship It!

- Na Li


On Feb. 7, 2019, 11:47 p.m., Hao Hao wrote:
> 
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/69924/
> -----------------------------------------------------------
> 
> (Updated Feb. 7, 2019, 11:47 p.m.)
> 
> 
> Review request for sentry, kalyan kumar kalvagadda and Na Li.
> 
> 
> Repository: sentry
> 
> 
> Description
> -------
> 
> SENTRY-2440: Add a new thrift API for checking if a user is in admin group to check if a given user is in the Sentry admin group or not.
> 
> This is useful for Sentry client to recognize failure earlier than actually making a call to privileged API such as 'create_role', 'drop_role'.
> 
> This API shouldn't leak any sensitive information because connection to teh Sentry server is guarded by 'sentry.service.allow.connect' config, that only the trusted service users can connect to the Sentry service.
> 
> 
> Diffs
> -----
> 
>   sentry-service/sentry-service-api/src/gen/thrift/gen-javabean/org/apache/sentry/api/service/thrift/SentryPolicyService.java 0cbd8ab0a624d4c09aead4097f72762e12d1d21b 
>   sentry-service/sentry-service-api/src/gen/thrift/gen-javabean/org/apache/sentry/api/service/thrift/TIsSentryAdminRequest.java PRE-CREATION 
>   sentry-service/sentry-service-api/src/gen/thrift/gen-javabean/org/apache/sentry/api/service/thrift/TIsSentryAdminResponse.java PRE-CREATION 
>   sentry-service/sentry-service-api/src/main/java/org/apache/sentry/api/service/thrift/SentryPolicyServiceClient.java 5fc299b2485e0af6df333e4a288299f39e18b3b7 
>   sentry-service/sentry-service-api/src/main/java/org/apache/sentry/api/service/thrift/SentryPolicyServiceClientDefaultImpl.java 68d864cfbdf18057d87a65a04af8991292aadccf 
>   sentry-service/sentry-service-api/src/main/resources/sentry_policy_service.thrift 2e79e5646ae9102d8c0c28da4260a539254fcd15 
>   sentry-service/sentry-service-server/src/main/java/org/apache/sentry/api/service/thrift/SentryMetrics.java 236a07bdf5191cdc0f167f20a406b721b3dc506d 
>   sentry-service/sentry-service-server/src/main/java/org/apache/sentry/api/service/thrift/SentryPolicyStoreProcessor.java 30875299ebf81e74a78b396d4aeaf27890083370 
>   sentry-service/sentry-service-server/src/test/java/org/apache/sentry/api/service/thrift/TestSentryServiceIntegration.java bfafa7d99735bec07bd81ebe665f4e84e65bd3b7 
> 
> 
> Diff: https://reviews.apache.org/r/69924/diff/1/
> 
> 
> Testing
> -------
> 
> Unit test.
> 
> 
> Thanks,
> 
> Hao Hao
> 
>