You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@sentry.apache.org by Sravya Tirukkovalur <sr...@cloudera.com> on 2014/06/13 20:33:44 UTC
Review Request 22578: SENTRY-300: HiveAuthzBinding checks for Hive server2
config which is not available when using Sentry with Hive meta store server
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/22578/
-----------------------------------------------------------
Review request for sentry and Prasad Mujumdar.
Bugs: sentry-300
https://issues.apache.org/jira/browse/sentry-300
Repository: sentry
Description
-------
Refactored the code a little bit so that we have following checks for the following paths:
If request coming from HiveServer2, we make sure:
hive.server2.authentication !=none
hive.server2.enable.doAs = false
If request coming from HiveMetastore, we make sure:
hive.metastore.sasl.enabled = true
hive.metastore.execute.setugi = true
Also now, invalid configurations throw InvalidConfigurationException, rather than using a dummy provider.
Diffs
-----
sentry-binding/sentry-binding-hive/src/main/java/org/apache/sentry/binding/hive/authz/HiveAuthzBinding.java 39f5384a059d5c2df1cbda986f9e2af727421409
sentry-binding/sentry-binding-hive/src/main/java/org/apache/sentry/binding/metastore/MetastoreAuthzBinding.java 30c348845150b87cdda5f6266d7d804cc20fc39e
sentry-binding/sentry-binding-hive/src/test/java/org/apache/sentry/binding/hive/TestHiveAuthzBindings.java e6d790a4d09f3f5e7b019dfcbbf50d5a65ddba4d
sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/hive/Context.java 4985912fbf16d362107d3168d115ff92282589f3
sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/hive/TestServerConfiguration.java c05bb4fa69591c4f8ce6225939fab34db5b217e1
Diff: https://reviews.apache.org/r/22578/diff/
Testing
-------
Added new test cases.
Thanks,
Sravya Tirukkovalur
Re: Review Request 22578: SENTRY-300: HiveAuthzBinding checks for Hive
server2 config which is not available when using Sentry with Hive meta
store server
Posted by Prasad Mujumdar <pr...@cloudera.com>.
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/22578/#review45772
-----------------------------------------------------------
Ship it!
- Prasad Mujumdar
On June 16, 2014, 4:36 p.m., Sravya Tirukkovalur wrote:
>
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/22578/
> -----------------------------------------------------------
>
> (Updated June 16, 2014, 4:36 p.m.)
>
>
> Review request for sentry and Prasad Mujumdar.
>
>
> Bugs: sentry-300
> https://issues.apache.org/jira/browse/sentry-300
>
>
> Repository: sentry
>
>
> Description
> -------
>
> Refactored the code a little bit so that we have following checks for the following paths:
>
> If request coming from HiveServer2, we make sure:
> hive.server2.authentication !=none
> hive.server2.enable.doAs = false
>
> If request coming from HiveMetastore, we make sure:
> hive.metastore.sasl.enabled = true
> hive.metastore.execute.setugi = true
>
> Also now, invalid configurations throw InvalidConfigurationException, rather than using a dummy provider.
>
>
> Diffs
> -----
>
> sentry-binding/sentry-binding-hive/src/main/java/org/apache/sentry/binding/hive/authz/HiveAuthzBinding.java 39f5384a059d5c2df1cbda986f9e2af727421409
> sentry-binding/sentry-binding-hive/src/main/java/org/apache/sentry/binding/metastore/MetastoreAuthzBinding.java 30c348845150b87cdda5f6266d7d804cc20fc39e
> sentry-binding/sentry-binding-hive/src/test/java/org/apache/sentry/binding/hive/TestHiveAuthzBindings.java e6d790a4d09f3f5e7b019dfcbbf50d5a65ddba4d
> sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/hive/Context.java 4985912fbf16d362107d3168d115ff92282589f3
> sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/hive/TestServerConfiguration.java c05bb4fa69591c4f8ce6225939fab34db5b217e1
>
> Diff: https://reviews.apache.org/r/22578/diff/
>
>
> Testing
> -------
>
> Added new test cases.
>
>
> Thanks,
>
> Sravya Tirukkovalur
>
>
Re: Review Request 22578: SENTRY-300: HiveAuthzBinding checks for Hive
server2 config which is not available when using Sentry with Hive meta
store server
Posted by Sravya Tirukkovalur <sr...@cloudera.com>.
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/22578/
-----------------------------------------------------------
(Updated June 16, 2014, 4:36 p.m.)
Review request for sentry and Prasad Mujumdar.
Changes
-------
Test for ugi property only in non testing (non secure) mode.
Bugs: sentry-300
https://issues.apache.org/jira/browse/sentry-300
Repository: sentry
Description
-------
Refactored the code a little bit so that we have following checks for the following paths:
If request coming from HiveServer2, we make sure:
hive.server2.authentication !=none
hive.server2.enable.doAs = false
If request coming from HiveMetastore, we make sure:
hive.metastore.sasl.enabled = true
hive.metastore.execute.setugi = true
Also now, invalid configurations throw InvalidConfigurationException, rather than using a dummy provider.
Diffs (updated)
-----
sentry-binding/sentry-binding-hive/src/main/java/org/apache/sentry/binding/hive/authz/HiveAuthzBinding.java 39f5384a059d5c2df1cbda986f9e2af727421409
sentry-binding/sentry-binding-hive/src/main/java/org/apache/sentry/binding/metastore/MetastoreAuthzBinding.java 30c348845150b87cdda5f6266d7d804cc20fc39e
sentry-binding/sentry-binding-hive/src/test/java/org/apache/sentry/binding/hive/TestHiveAuthzBindings.java e6d790a4d09f3f5e7b019dfcbbf50d5a65ddba4d
sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/hive/Context.java 4985912fbf16d362107d3168d115ff92282589f3
sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/hive/TestServerConfiguration.java c05bb4fa69591c4f8ce6225939fab34db5b217e1
Diff: https://reviews.apache.org/r/22578/diff/
Testing
-------
Added new test cases.
Thanks,
Sravya Tirukkovalur
Re: Review Request 22578: SENTRY-300: HiveAuthzBinding checks for Hive
server2 config which is not available when using Sentry with Hive meta
store server
Posted by Vamsee Yarlagadda <va...@cloudera.com>.
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/22578/#review45654
-----------------------------------------------------------
Ship it!
LGTM. The final say is with Prasad though.
- Vamsee Yarlagadda
On June 13, 2014, 6:57 p.m., Sravya Tirukkovalur wrote:
>
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/22578/
> -----------------------------------------------------------
>
> (Updated June 13, 2014, 6:57 p.m.)
>
>
> Review request for sentry and Prasad Mujumdar.
>
>
> Bugs: sentry-300
> https://issues.apache.org/jira/browse/sentry-300
>
>
> Repository: sentry
>
>
> Description
> -------
>
> Refactored the code a little bit so that we have following checks for the following paths:
>
> If request coming from HiveServer2, we make sure:
> hive.server2.authentication !=none
> hive.server2.enable.doAs = false
>
> If request coming from HiveMetastore, we make sure:
> hive.metastore.sasl.enabled = true
> hive.metastore.execute.setugi = true
>
> Also now, invalid configurations throw InvalidConfigurationException, rather than using a dummy provider.
>
>
> Diffs
> -----
>
> sentry-binding/sentry-binding-hive/src/main/java/org/apache/sentry/binding/hive/authz/HiveAuthzBinding.java 39f5384a059d5c2df1cbda986f9e2af727421409
> sentry-binding/sentry-binding-hive/src/main/java/org/apache/sentry/binding/metastore/MetastoreAuthzBinding.java 30c348845150b87cdda5f6266d7d804cc20fc39e
> sentry-binding/sentry-binding-hive/src/test/java/org/apache/sentry/binding/hive/TestHiveAuthzBindings.java e6d790a4d09f3f5e7b019dfcbbf50d5a65ddba4d
> sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/hive/Context.java 4985912fbf16d362107d3168d115ff92282589f3
> sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/hive/TestServerConfiguration.java c05bb4fa69591c4f8ce6225939fab34db5b217e1
>
> Diff: https://reviews.apache.org/r/22578/diff/
>
>
> Testing
> -------
>
> Added new test cases.
>
>
> Thanks,
>
> Sravya Tirukkovalur
>
>
Re: Review Request 22578: SENTRY-300: HiveAuthzBinding checks for Hive
server2 config which is not available when using Sentry with Hive meta
store server
Posted by Sravya Tirukkovalur <sr...@cloudera.com>.
> On June 14, 2014, 1:07 a.m., Prasad Mujumdar wrote:
> > sentry-binding/sentry-binding-hive/src/main/java/org/apache/sentry/binding/hive/authz/HiveAuthzBinding.java, line 172
> > <https://reviews.apache.org/r/22578/diff/4/?file=609454#file609454line172>
> >
> > The SET_UGI is actually applicable to non-secure connect. We don't have to enforce that here.
>
> Sravya Tirukkovalur wrote:
> Oh ok, this is defaulted to true on secure clusters then?
I meant restricted to true on secure clusters?
- Sravya
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/22578/#review45684
-----------------------------------------------------------
On June 13, 2014, 6:57 p.m., Sravya Tirukkovalur wrote:
>
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/22578/
> -----------------------------------------------------------
>
> (Updated June 13, 2014, 6:57 p.m.)
>
>
> Review request for sentry and Prasad Mujumdar.
>
>
> Bugs: sentry-300
> https://issues.apache.org/jira/browse/sentry-300
>
>
> Repository: sentry
>
>
> Description
> -------
>
> Refactored the code a little bit so that we have following checks for the following paths:
>
> If request coming from HiveServer2, we make sure:
> hive.server2.authentication !=none
> hive.server2.enable.doAs = false
>
> If request coming from HiveMetastore, we make sure:
> hive.metastore.sasl.enabled = true
> hive.metastore.execute.setugi = true
>
> Also now, invalid configurations throw InvalidConfigurationException, rather than using a dummy provider.
>
>
> Diffs
> -----
>
> sentry-binding/sentry-binding-hive/src/main/java/org/apache/sentry/binding/hive/authz/HiveAuthzBinding.java 39f5384a059d5c2df1cbda986f9e2af727421409
> sentry-binding/sentry-binding-hive/src/main/java/org/apache/sentry/binding/metastore/MetastoreAuthzBinding.java 30c348845150b87cdda5f6266d7d804cc20fc39e
> sentry-binding/sentry-binding-hive/src/test/java/org/apache/sentry/binding/hive/TestHiveAuthzBindings.java e6d790a4d09f3f5e7b019dfcbbf50d5a65ddba4d
> sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/hive/Context.java 4985912fbf16d362107d3168d115ff92282589f3
> sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/hive/TestServerConfiguration.java c05bb4fa69591c4f8ce6225939fab34db5b217e1
>
> Diff: https://reviews.apache.org/r/22578/diff/
>
>
> Testing
> -------
>
> Added new test cases.
>
>
> Thanks,
>
> Sravya Tirukkovalur
>
>
Re: Review Request 22578: SENTRY-300: HiveAuthzBinding checks for Hive
server2 config which is not available when using Sentry with Hive meta
store server
Posted by Sravya Tirukkovalur <sr...@cloudera.com>.
> On June 14, 2014, 1:07 a.m., Prasad Mujumdar wrote:
> > sentry-binding/sentry-binding-hive/src/main/java/org/apache/sentry/binding/hive/authz/HiveAuthzBinding.java, line 172
> > <https://reviews.apache.org/r/22578/diff/4/?file=609454#file609454line172>
> >
> > The SET_UGI is actually applicable to non-secure connect. We don't have to enforce that here.
Oh ok, this is defaulted to true on secure clusters then?
- Sravya
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/22578/#review45684
-----------------------------------------------------------
On June 13, 2014, 6:57 p.m., Sravya Tirukkovalur wrote:
>
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/22578/
> -----------------------------------------------------------
>
> (Updated June 13, 2014, 6:57 p.m.)
>
>
> Review request for sentry and Prasad Mujumdar.
>
>
> Bugs: sentry-300
> https://issues.apache.org/jira/browse/sentry-300
>
>
> Repository: sentry
>
>
> Description
> -------
>
> Refactored the code a little bit so that we have following checks for the following paths:
>
> If request coming from HiveServer2, we make sure:
> hive.server2.authentication !=none
> hive.server2.enable.doAs = false
>
> If request coming from HiveMetastore, we make sure:
> hive.metastore.sasl.enabled = true
> hive.metastore.execute.setugi = true
>
> Also now, invalid configurations throw InvalidConfigurationException, rather than using a dummy provider.
>
>
> Diffs
> -----
>
> sentry-binding/sentry-binding-hive/src/main/java/org/apache/sentry/binding/hive/authz/HiveAuthzBinding.java 39f5384a059d5c2df1cbda986f9e2af727421409
> sentry-binding/sentry-binding-hive/src/main/java/org/apache/sentry/binding/metastore/MetastoreAuthzBinding.java 30c348845150b87cdda5f6266d7d804cc20fc39e
> sentry-binding/sentry-binding-hive/src/test/java/org/apache/sentry/binding/hive/TestHiveAuthzBindings.java e6d790a4d09f3f5e7b019dfcbbf50d5a65ddba4d
> sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/hive/Context.java 4985912fbf16d362107d3168d115ff92282589f3
> sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/hive/TestServerConfiguration.java c05bb4fa69591c4f8ce6225939fab34db5b217e1
>
> Diff: https://reviews.apache.org/r/22578/diff/
>
>
> Testing
> -------
>
> Added new test cases.
>
>
> Thanks,
>
> Sravya Tirukkovalur
>
>
Re: Review Request 22578: SENTRY-300: HiveAuthzBinding checks for Hive
server2 config which is not available when using Sentry with Hive meta
store server
Posted by Prasad Mujumdar <pr...@cloudera.com>.
> On June 14, 2014, 1:07 a.m., Prasad Mujumdar wrote:
> > sentry-binding/sentry-binding-hive/src/main/java/org/apache/sentry/binding/hive/authz/HiveAuthzBinding.java, line 172
> > <https://reviews.apache.org/r/22578/diff/4/?file=609454#file609454line172>
> >
> > The SET_UGI is actually applicable to non-secure connect. We don't have to enforce that here.
>
> Sravya Tirukkovalur wrote:
> Oh ok, this is defaulted to true on secure clusters then?
>
> Sravya Tirukkovalur wrote:
> I meant restricted to true on secure clusters?
It's ignored by Metastore in case of secure cluster. CM does set it by default, but it's not needed.
- Prasad
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/22578/#review45684
-----------------------------------------------------------
On June 13, 2014, 6:57 p.m., Sravya Tirukkovalur wrote:
>
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/22578/
> -----------------------------------------------------------
>
> (Updated June 13, 2014, 6:57 p.m.)
>
>
> Review request for sentry and Prasad Mujumdar.
>
>
> Bugs: sentry-300
> https://issues.apache.org/jira/browse/sentry-300
>
>
> Repository: sentry
>
>
> Description
> -------
>
> Refactored the code a little bit so that we have following checks for the following paths:
>
> If request coming from HiveServer2, we make sure:
> hive.server2.authentication !=none
> hive.server2.enable.doAs = false
>
> If request coming from HiveMetastore, we make sure:
> hive.metastore.sasl.enabled = true
> hive.metastore.execute.setugi = true
>
> Also now, invalid configurations throw InvalidConfigurationException, rather than using a dummy provider.
>
>
> Diffs
> -----
>
> sentry-binding/sentry-binding-hive/src/main/java/org/apache/sentry/binding/hive/authz/HiveAuthzBinding.java 39f5384a059d5c2df1cbda986f9e2af727421409
> sentry-binding/sentry-binding-hive/src/main/java/org/apache/sentry/binding/metastore/MetastoreAuthzBinding.java 30c348845150b87cdda5f6266d7d804cc20fc39e
> sentry-binding/sentry-binding-hive/src/test/java/org/apache/sentry/binding/hive/TestHiveAuthzBindings.java e6d790a4d09f3f5e7b019dfcbbf50d5a65ddba4d
> sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/hive/Context.java 4985912fbf16d362107d3168d115ff92282589f3
> sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/hive/TestServerConfiguration.java c05bb4fa69591c4f8ce6225939fab34db5b217e1
>
> Diff: https://reviews.apache.org/r/22578/diff/
>
>
> Testing
> -------
>
> Added new test cases.
>
>
> Thanks,
>
> Sravya Tirukkovalur
>
>
Re: Review Request 22578: SENTRY-300: HiveAuthzBinding checks for Hive
server2 config which is not available when using Sentry with Hive meta
store server
Posted by Prasad Mujumdar <pr...@cloudera.com>.
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/22578/#review45684
-----------------------------------------------------------
Looks fine, just one suggestion below.
sentry-binding/sentry-binding-hive/src/main/java/org/apache/sentry/binding/hive/authz/HiveAuthzBinding.java
<https://reviews.apache.org/r/22578/#comment80628>
The SET_UGI is actually applicable to non-secure connect. We don't have to enforce that here.
- Prasad Mujumdar
On June 13, 2014, 6:57 p.m., Sravya Tirukkovalur wrote:
>
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/22578/
> -----------------------------------------------------------
>
> (Updated June 13, 2014, 6:57 p.m.)
>
>
> Review request for sentry and Prasad Mujumdar.
>
>
> Bugs: sentry-300
> https://issues.apache.org/jira/browse/sentry-300
>
>
> Repository: sentry
>
>
> Description
> -------
>
> Refactored the code a little bit so that we have following checks for the following paths:
>
> If request coming from HiveServer2, we make sure:
> hive.server2.authentication !=none
> hive.server2.enable.doAs = false
>
> If request coming from HiveMetastore, we make sure:
> hive.metastore.sasl.enabled = true
> hive.metastore.execute.setugi = true
>
> Also now, invalid configurations throw InvalidConfigurationException, rather than using a dummy provider.
>
>
> Diffs
> -----
>
> sentry-binding/sentry-binding-hive/src/main/java/org/apache/sentry/binding/hive/authz/HiveAuthzBinding.java 39f5384a059d5c2df1cbda986f9e2af727421409
> sentry-binding/sentry-binding-hive/src/main/java/org/apache/sentry/binding/metastore/MetastoreAuthzBinding.java 30c348845150b87cdda5f6266d7d804cc20fc39e
> sentry-binding/sentry-binding-hive/src/test/java/org/apache/sentry/binding/hive/TestHiveAuthzBindings.java e6d790a4d09f3f5e7b019dfcbbf50d5a65ddba4d
> sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/hive/Context.java 4985912fbf16d362107d3168d115ff92282589f3
> sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/hive/TestServerConfiguration.java c05bb4fa69591c4f8ce6225939fab34db5b217e1
>
> Diff: https://reviews.apache.org/r/22578/diff/
>
>
> Testing
> -------
>
> Added new test cases.
>
>
> Thanks,
>
> Sravya Tirukkovalur
>
>
Re: Review Request 22578: SENTRY-300: HiveAuthzBinding checks for Hive
server2 config which is not available when using Sentry with Hive meta
store server
Posted by Sravya Tirukkovalur <sr...@cloudera.com>.
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/22578/
-----------------------------------------------------------
(Updated June 13, 2014, 6:57 p.m.)
Review request for sentry and Prasad Mujumdar.
Changes
-------
Updated as per Vamsee's comments.
Bugs: sentry-300
https://issues.apache.org/jira/browse/sentry-300
Repository: sentry
Description
-------
Refactored the code a little bit so that we have following checks for the following paths:
If request coming from HiveServer2, we make sure:
hive.server2.authentication !=none
hive.server2.enable.doAs = false
If request coming from HiveMetastore, we make sure:
hive.metastore.sasl.enabled = true
hive.metastore.execute.setugi = true
Also now, invalid configurations throw InvalidConfigurationException, rather than using a dummy provider.
Diffs (updated)
-----
sentry-binding/sentry-binding-hive/src/main/java/org/apache/sentry/binding/hive/authz/HiveAuthzBinding.java 39f5384a059d5c2df1cbda986f9e2af727421409
sentry-binding/sentry-binding-hive/src/main/java/org/apache/sentry/binding/metastore/MetastoreAuthzBinding.java 30c348845150b87cdda5f6266d7d804cc20fc39e
sentry-binding/sentry-binding-hive/src/test/java/org/apache/sentry/binding/hive/TestHiveAuthzBindings.java e6d790a4d09f3f5e7b019dfcbbf50d5a65ddba4d
sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/hive/Context.java 4985912fbf16d362107d3168d115ff92282589f3
sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/hive/TestServerConfiguration.java c05bb4fa69591c4f8ce6225939fab34db5b217e1
Diff: https://reviews.apache.org/r/22578/diff/
Testing
-------
Added new test cases.
Thanks,
Sravya Tirukkovalur
Re: Review Request 22578: SENTRY-300: HiveAuthzBinding checks for Hive
server2 config which is not available when using Sentry with Hive meta
store server
Posted by Sravya Tirukkovalur <sr...@cloudera.com>.
> On June 13, 2014, 6:48 p.m., Vamsee Yarlagadda wrote:
> > sentry-binding/sentry-binding-hive/src/main/java/org/apache/sentry/binding/hive/authz/HiveAuthzBinding.java, line 196
> > <https://reviews.apache.org/r/22578/diff/1/?file=609439#file609439line196>
> >
> > Looks like the exception message is misleading?
Good catch!
- Sravya
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/22578/#review45636
-----------------------------------------------------------
On June 13, 2014, 6:42 p.m., Sravya Tirukkovalur wrote:
>
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/22578/
> -----------------------------------------------------------
>
> (Updated June 13, 2014, 6:42 p.m.)
>
>
> Review request for sentry and Prasad Mujumdar.
>
>
> Bugs: sentry-300
> https://issues.apache.org/jira/browse/sentry-300
>
>
> Repository: sentry
>
>
> Description
> -------
>
> Refactored the code a little bit so that we have following checks for the following paths:
>
> If request coming from HiveServer2, we make sure:
> hive.server2.authentication !=none
> hive.server2.enable.doAs = false
>
> If request coming from HiveMetastore, we make sure:
> hive.metastore.sasl.enabled = true
> hive.metastore.execute.setugi = true
>
> Also now, invalid configurations throw InvalidConfigurationException, rather than using a dummy provider.
>
>
> Diffs
> -----
>
> sentry-binding/sentry-binding-hive/src/main/java/org/apache/sentry/binding/hive/authz/HiveAuthzBinding.java 39f5384a059d5c2df1cbda986f9e2af727421409
> sentry-binding/sentry-binding-hive/src/main/java/org/apache/sentry/binding/metastore/MetastoreAuthzBinding.java 30c348845150b87cdda5f6266d7d804cc20fc39e
> sentry-binding/sentry-binding-hive/src/test/java/org/apache/sentry/binding/hive/TestHiveAuthzBindings.java e6d790a4d09f3f5e7b019dfcbbf50d5a65ddba4d
> sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/hive/Context.java 4985912fbf16d362107d3168d115ff92282589f3
> sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/hive/TestServerConfiguration.java c05bb4fa69591c4f8ce6225939fab34db5b217e1
>
> Diff: https://reviews.apache.org/r/22578/diff/
>
>
> Testing
> -------
>
> Added new test cases.
>
>
> Thanks,
>
> Sravya Tirukkovalur
>
>
Re: Review Request 22578: SENTRY-300: HiveAuthzBinding checks for Hive
server2 config which is not available when using Sentry with Hive meta
store server
Posted by Vamsee Yarlagadda <va...@cloudera.com>.
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/22578/#review45636
-----------------------------------------------------------
sentry-binding/sentry-binding-hive/src/main/java/org/apache/sentry/binding/hive/authz/HiveAuthzBinding.java
<https://reviews.apache.org/r/22578/#comment80534>
Looks like the exception message is misleading?
sentry-binding/sentry-binding-hive/src/main/java/org/apache/sentry/binding/hive/authz/HiveAuthzBinding.java
<https://reviews.apache.org/r/22578/#comment80535>
Looks like the exception message is misleading?
- Vamsee Yarlagadda
On June 13, 2014, 6:42 p.m., Sravya Tirukkovalur wrote:
>
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/22578/
> -----------------------------------------------------------
>
> (Updated June 13, 2014, 6:42 p.m.)
>
>
> Review request for sentry and Prasad Mujumdar.
>
>
> Bugs: sentry-300
> https://issues.apache.org/jira/browse/sentry-300
>
>
> Repository: sentry
>
>
> Description
> -------
>
> Refactored the code a little bit so that we have following checks for the following paths:
>
> If request coming from HiveServer2, we make sure:
> hive.server2.authentication !=none
> hive.server2.enable.doAs = false
>
> If request coming from HiveMetastore, we make sure:
> hive.metastore.sasl.enabled = true
> hive.metastore.execute.setugi = true
>
> Also now, invalid configurations throw InvalidConfigurationException, rather than using a dummy provider.
>
>
> Diffs
> -----
>
> sentry-binding/sentry-binding-hive/src/main/java/org/apache/sentry/binding/hive/authz/HiveAuthzBinding.java 39f5384a059d5c2df1cbda986f9e2af727421409
> sentry-binding/sentry-binding-hive/src/main/java/org/apache/sentry/binding/metastore/MetastoreAuthzBinding.java 30c348845150b87cdda5f6266d7d804cc20fc39e
> sentry-binding/sentry-binding-hive/src/test/java/org/apache/sentry/binding/hive/TestHiveAuthzBindings.java e6d790a4d09f3f5e7b019dfcbbf50d5a65ddba4d
> sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/hive/Context.java 4985912fbf16d362107d3168d115ff92282589f3
> sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/hive/TestServerConfiguration.java c05bb4fa69591c4f8ce6225939fab34db5b217e1
>
> Diff: https://reviews.apache.org/r/22578/diff/
>
>
> Testing
> -------
>
> Added new test cases.
>
>
> Thanks,
>
> Sravya Tirukkovalur
>
>
Re: Review Request 22578: SENTRY-300: HiveAuthzBinding checks for Hive
server2 config which is not available when using Sentry with Hive meta
store server
Posted by Sravya Tirukkovalur <sr...@cloudera.com>.
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/22578/
-----------------------------------------------------------
(Updated June 13, 2014, 6:42 p.m.)
Review request for sentry and Prasad Mujumdar.
Bugs: sentry-300
https://issues.apache.org/jira/browse/sentry-300
Repository: sentry
Description
-------
Refactored the code a little bit so that we have following checks for the following paths:
If request coming from HiveServer2, we make sure:
hive.server2.authentication !=none
hive.server2.enable.doAs = false
If request coming from HiveMetastore, we make sure:
hive.metastore.sasl.enabled = true
hive.metastore.execute.setugi = true
Also now, invalid configurations throw InvalidConfigurationException, rather than using a dummy provider.
Diffs (updated)
-----
sentry-binding/sentry-binding-hive/src/main/java/org/apache/sentry/binding/hive/authz/HiveAuthzBinding.java 39f5384a059d5c2df1cbda986f9e2af727421409
sentry-binding/sentry-binding-hive/src/main/java/org/apache/sentry/binding/metastore/MetastoreAuthzBinding.java 30c348845150b87cdda5f6266d7d804cc20fc39e
sentry-binding/sentry-binding-hive/src/test/java/org/apache/sentry/binding/hive/TestHiveAuthzBindings.java e6d790a4d09f3f5e7b019dfcbbf50d5a65ddba4d
sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/hive/Context.java 4985912fbf16d362107d3168d115ff92282589f3
sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/hive/TestServerConfiguration.java c05bb4fa69591c4f8ce6225939fab34db5b217e1
Diff: https://reviews.apache.org/r/22578/diff/
Testing
-------
Added new test cases.
Thanks,
Sravya Tirukkovalur
Re: Review Request 22578: SENTRY-300: HiveAuthzBinding checks for Hive
server2 config which is not available when using Sentry with Hive meta
store server
Posted by Sravya Tirukkovalur <sr...@cloudera.com>.
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/22578/
-----------------------------------------------------------
(Updated June 13, 2014, 6:39 p.m.)
Review request for sentry and Prasad Mujumdar.
Changes
-------
Updated some comments
Bugs: sentry-300
https://issues.apache.org/jira/browse/sentry-300
Repository: sentry
Description
-------
Refactored the code a little bit so that we have following checks for the following paths:
If request coming from HiveServer2, we make sure:
hive.server2.authentication !=none
hive.server2.enable.doAs = false
If request coming from HiveMetastore, we make sure:
hive.metastore.sasl.enabled = true
hive.metastore.execute.setugi = true
Also now, invalid configurations throw InvalidConfigurationException, rather than using a dummy provider.
Diffs (updated)
-----
sentry-binding/sentry-binding-hive/src/main/java/org/apache/sentry/binding/hive/authz/HiveAuthzBinding.java 39f5384a059d5c2df1cbda986f9e2af727421409
sentry-binding/sentry-binding-hive/src/main/java/org/apache/sentry/binding/metastore/MetastoreAuthzBinding.java 30c348845150b87cdda5f6266d7d804cc20fc39e
sentry-binding/sentry-binding-hive/src/test/java/org/apache/sentry/binding/hive/TestHiveAuthzBindings.java e6d790a4d09f3f5e7b019dfcbbf50d5a65ddba4d
sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/hive/Context.java 4985912fbf16d362107d3168d115ff92282589f3
sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/hive/TestServerConfiguration.java c05bb4fa69591c4f8ce6225939fab34db5b217e1
Diff: https://reviews.apache.org/r/22578/diff/
Testing
-------
Added new test cases.
Thanks,
Sravya Tirukkovalur