You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@sentry.apache.org by Hao Hao via Review Board <no...@reviews.apache.org> on 2019/02/07 23:47:54 UTC
Review Request 69924: SENTRY-2440: Add a new thrift API for checking
if a user is in admin group
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/69924/
-----------------------------------------------------------
Review request for sentry, kalyan kumar kalvagadda and Na Li.
Repository: sentry
Description
-------
SENTRY-2440: Add a new thrift API for checking if a user is in admin group to check if a given user is in the Sentry admin group or not.
This is useful for Sentry client to recognize failure earlier than actually making a call to privileged API such as 'create_role', 'drop_role'.
This API shouldn't leak any sensitive information because connection to teh Sentry server is guarded by 'sentry.service.allow.connect' config, that only the trusted service users can connect to the Sentry service.
Diffs
-----
sentry-service/sentry-service-api/src/gen/thrift/gen-javabean/org/apache/sentry/api/service/thrift/SentryPolicyService.java 0cbd8ab0a624d4c09aead4097f72762e12d1d21b
sentry-service/sentry-service-api/src/gen/thrift/gen-javabean/org/apache/sentry/api/service/thrift/TIsSentryAdminRequest.java PRE-CREATION
sentry-service/sentry-service-api/src/gen/thrift/gen-javabean/org/apache/sentry/api/service/thrift/TIsSentryAdminResponse.java PRE-CREATION
sentry-service/sentry-service-api/src/main/java/org/apache/sentry/api/service/thrift/SentryPolicyServiceClient.java 5fc299b2485e0af6df333e4a288299f39e18b3b7
sentry-service/sentry-service-api/src/main/java/org/apache/sentry/api/service/thrift/SentryPolicyServiceClientDefaultImpl.java 68d864cfbdf18057d87a65a04af8991292aadccf
sentry-service/sentry-service-api/src/main/resources/sentry_policy_service.thrift 2e79e5646ae9102d8c0c28da4260a539254fcd15
sentry-service/sentry-service-server/src/main/java/org/apache/sentry/api/service/thrift/SentryMetrics.java 236a07bdf5191cdc0f167f20a406b721b3dc506d
sentry-service/sentry-service-server/src/main/java/org/apache/sentry/api/service/thrift/SentryPolicyStoreProcessor.java 30875299ebf81e74a78b396d4aeaf27890083370
sentry-service/sentry-service-server/src/test/java/org/apache/sentry/api/service/thrift/TestSentryServiceIntegration.java bfafa7d99735bec07bd81ebe665f4e84e65bd3b7
Diff: https://reviews.apache.org/r/69924/diff/1/
Testing
-------
Unit test.
Thanks,
Hao Hao
Re: Review Request 69924: SENTRY-2440: Add a new thrift API for
checking if a user is in admin group
Posted by Na Li via Review Board <no...@reviews.apache.org>.
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/69924/#review212802
-----------------------------------------------------------
Ship it!
Ship It!
- Na Li
On Feb. 7, 2019, 11:47 p.m., Hao Hao wrote:
>
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/69924/
> -----------------------------------------------------------
>
> (Updated Feb. 7, 2019, 11:47 p.m.)
>
>
> Review request for sentry, kalyan kumar kalvagadda and Na Li.
>
>
> Repository: sentry
>
>
> Description
> -------
>
> SENTRY-2440: Add a new thrift API for checking if a user is in admin group to check if a given user is in the Sentry admin group or not.
>
> This is useful for Sentry client to recognize failure earlier than actually making a call to privileged API such as 'create_role', 'drop_role'.
>
> This API shouldn't leak any sensitive information because connection to teh Sentry server is guarded by 'sentry.service.allow.connect' config, that only the trusted service users can connect to the Sentry service.
>
>
> Diffs
> -----
>
> sentry-service/sentry-service-api/src/gen/thrift/gen-javabean/org/apache/sentry/api/service/thrift/SentryPolicyService.java 0cbd8ab0a624d4c09aead4097f72762e12d1d21b
> sentry-service/sentry-service-api/src/gen/thrift/gen-javabean/org/apache/sentry/api/service/thrift/TIsSentryAdminRequest.java PRE-CREATION
> sentry-service/sentry-service-api/src/gen/thrift/gen-javabean/org/apache/sentry/api/service/thrift/TIsSentryAdminResponse.java PRE-CREATION
> sentry-service/sentry-service-api/src/main/java/org/apache/sentry/api/service/thrift/SentryPolicyServiceClient.java 5fc299b2485e0af6df333e4a288299f39e18b3b7
> sentry-service/sentry-service-api/src/main/java/org/apache/sentry/api/service/thrift/SentryPolicyServiceClientDefaultImpl.java 68d864cfbdf18057d87a65a04af8991292aadccf
> sentry-service/sentry-service-api/src/main/resources/sentry_policy_service.thrift 2e79e5646ae9102d8c0c28da4260a539254fcd15
> sentry-service/sentry-service-server/src/main/java/org/apache/sentry/api/service/thrift/SentryMetrics.java 236a07bdf5191cdc0f167f20a406b721b3dc506d
> sentry-service/sentry-service-server/src/main/java/org/apache/sentry/api/service/thrift/SentryPolicyStoreProcessor.java 30875299ebf81e74a78b396d4aeaf27890083370
> sentry-service/sentry-service-server/src/test/java/org/apache/sentry/api/service/thrift/TestSentryServiceIntegration.java bfafa7d99735bec07bd81ebe665f4e84e65bd3b7
>
>
> Diff: https://reviews.apache.org/r/69924/diff/1/
>
>
> Testing
> -------
>
> Unit test.
>
>
> Thanks,
>
> Hao Hao
>
>