You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@sentry.apache.org by Sravya Tirukkovalur <sr...@cloudera.com> on 2014/06/13 20:33:44 UTC

Review Request 22578: SENTRY-300: HiveAuthzBinding checks for Hive server2 config which is not available when using Sentry with Hive meta store server

-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/22578/
-----------------------------------------------------------

Review request for sentry and Prasad Mujumdar.


Bugs: sentry-300
    https://issues.apache.org/jira/browse/sentry-300


Repository: sentry


Description
-------

Refactored the code a little bit so that we have following checks for the following paths:

If request coming from HiveServer2, we make sure:
hive.server2.authentication !=none
hive.server2.enable.doAs = false

If request coming from HiveMetastore, we make sure:
hive.metastore.sasl.enabled = true
hive.metastore.execute.setugi = true

Also now, invalid configurations throw InvalidConfigurationException, rather than using a dummy provider.


Diffs
-----

  sentry-binding/sentry-binding-hive/src/main/java/org/apache/sentry/binding/hive/authz/HiveAuthzBinding.java 39f5384a059d5c2df1cbda986f9e2af727421409 
  sentry-binding/sentry-binding-hive/src/main/java/org/apache/sentry/binding/metastore/MetastoreAuthzBinding.java 30c348845150b87cdda5f6266d7d804cc20fc39e 
  sentry-binding/sentry-binding-hive/src/test/java/org/apache/sentry/binding/hive/TestHiveAuthzBindings.java e6d790a4d09f3f5e7b019dfcbbf50d5a65ddba4d 
  sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/hive/Context.java 4985912fbf16d362107d3168d115ff92282589f3 
  sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/hive/TestServerConfiguration.java c05bb4fa69591c4f8ce6225939fab34db5b217e1 

Diff: https://reviews.apache.org/r/22578/diff/


Testing
-------

Added new test cases.


Thanks,

Sravya Tirukkovalur

Re: Review Request 22578: SENTRY-300: HiveAuthzBinding checks for Hive server2 config which is not available when using Sentry with Hive meta store server

Posted by Prasad Mujumdar <pr...@cloudera.com>.

-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/22578/#review45772
-----------------------------------------------------------

Ship it!


- Prasad Mujumdar


On June 16, 2014, 4:36 p.m., Sravya Tirukkovalur wrote:
> 
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/22578/
> -----------------------------------------------------------
> 
> (Updated June 16, 2014, 4:36 p.m.)
> 
> 
> Review request for sentry and Prasad Mujumdar.
> 
> 
> Bugs: sentry-300
>     https://issues.apache.org/jira/browse/sentry-300
> 
> 
> Repository: sentry
> 
> 
> Description
> -------
> 
> Refactored the code a little bit so that we have following checks for the following paths:
> 
> If request coming from HiveServer2, we make sure:
> hive.server2.authentication !=none
> hive.server2.enable.doAs = false
> 
> If request coming from HiveMetastore, we make sure:
> hive.metastore.sasl.enabled = true
> hive.metastore.execute.setugi = true
> 
> Also now, invalid configurations throw InvalidConfigurationException, rather than using a dummy provider.
> 
> 
> Diffs
> -----
> 
>   sentry-binding/sentry-binding-hive/src/main/java/org/apache/sentry/binding/hive/authz/HiveAuthzBinding.java 39f5384a059d5c2df1cbda986f9e2af727421409 
>   sentry-binding/sentry-binding-hive/src/main/java/org/apache/sentry/binding/metastore/MetastoreAuthzBinding.java 30c348845150b87cdda5f6266d7d804cc20fc39e 
>   sentry-binding/sentry-binding-hive/src/test/java/org/apache/sentry/binding/hive/TestHiveAuthzBindings.java e6d790a4d09f3f5e7b019dfcbbf50d5a65ddba4d 
>   sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/hive/Context.java 4985912fbf16d362107d3168d115ff92282589f3 
>   sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/hive/TestServerConfiguration.java c05bb4fa69591c4f8ce6225939fab34db5b217e1 
> 
> Diff: https://reviews.apache.org/r/22578/diff/
> 
> 
> Testing
> -------
> 
> Added new test cases.
> 
> 
> Thanks,
> 
> Sravya Tirukkovalur
> 
>

Re: Review Request 22578: SENTRY-300: HiveAuthzBinding checks for Hive server2 config which is not available when using Sentry with Hive meta store server

Posted by Sravya Tirukkovalur <sr...@cloudera.com>.

-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/22578/
-----------------------------------------------------------

(Updated June 16, 2014, 4:36 p.m.)


Review request for sentry and Prasad Mujumdar.


Changes
-------

Test for ugi property only in non testing (non secure) mode.


Bugs: sentry-300
    https://issues.apache.org/jira/browse/sentry-300


Repository: sentry


Description
-------

Refactored the code a little bit so that we have following checks for the following paths:

If request coming from HiveServer2, we make sure:
hive.server2.authentication !=none
hive.server2.enable.doAs = false

If request coming from HiveMetastore, we make sure:
hive.metastore.sasl.enabled = true
hive.metastore.execute.setugi = true

Also now, invalid configurations throw InvalidConfigurationException, rather than using a dummy provider.


Diffs (updated)
-----

  sentry-binding/sentry-binding-hive/src/main/java/org/apache/sentry/binding/hive/authz/HiveAuthzBinding.java 39f5384a059d5c2df1cbda986f9e2af727421409 
  sentry-binding/sentry-binding-hive/src/main/java/org/apache/sentry/binding/metastore/MetastoreAuthzBinding.java 30c348845150b87cdda5f6266d7d804cc20fc39e 
  sentry-binding/sentry-binding-hive/src/test/java/org/apache/sentry/binding/hive/TestHiveAuthzBindings.java e6d790a4d09f3f5e7b019dfcbbf50d5a65ddba4d 
  sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/hive/Context.java 4985912fbf16d362107d3168d115ff92282589f3 
  sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/hive/TestServerConfiguration.java c05bb4fa69591c4f8ce6225939fab34db5b217e1 

Diff: https://reviews.apache.org/r/22578/diff/


Testing
-------

Added new test cases.


Thanks,

Sravya Tirukkovalur

Re: Review Request 22578: SENTRY-300: HiveAuthzBinding checks for Hive server2 config which is not available when using Sentry with Hive meta store server

Posted by Vamsee Yarlagadda <va...@cloudera.com>.

-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/22578/#review45654
-----------------------------------------------------------

Ship it!


LGTM. The final say is with Prasad though.

- Vamsee Yarlagadda


On June 13, 2014, 6:57 p.m., Sravya Tirukkovalur wrote:
> 
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/22578/
> -----------------------------------------------------------
> 
> (Updated June 13, 2014, 6:57 p.m.)
> 
> 
> Review request for sentry and Prasad Mujumdar.
> 
> 
> Bugs: sentry-300
>     https://issues.apache.org/jira/browse/sentry-300
> 
> 
> Repository: sentry
> 
> 
> Description
> -------
> 
> Refactored the code a little bit so that we have following checks for the following paths:
> 
> If request coming from HiveServer2, we make sure:
> hive.server2.authentication !=none
> hive.server2.enable.doAs = false
> 
> If request coming from HiveMetastore, we make sure:
> hive.metastore.sasl.enabled = true
> hive.metastore.execute.setugi = true
> 
> Also now, invalid configurations throw InvalidConfigurationException, rather than using a dummy provider.
> 
> 
> Diffs
> -----
> 
>   sentry-binding/sentry-binding-hive/src/main/java/org/apache/sentry/binding/hive/authz/HiveAuthzBinding.java 39f5384a059d5c2df1cbda986f9e2af727421409 
>   sentry-binding/sentry-binding-hive/src/main/java/org/apache/sentry/binding/metastore/MetastoreAuthzBinding.java 30c348845150b87cdda5f6266d7d804cc20fc39e 
>   sentry-binding/sentry-binding-hive/src/test/java/org/apache/sentry/binding/hive/TestHiveAuthzBindings.java e6d790a4d09f3f5e7b019dfcbbf50d5a65ddba4d 
>   sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/hive/Context.java 4985912fbf16d362107d3168d115ff92282589f3 
>   sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/hive/TestServerConfiguration.java c05bb4fa69591c4f8ce6225939fab34db5b217e1 
> 
> Diff: https://reviews.apache.org/r/22578/diff/
> 
> 
> Testing
> -------
> 
> Added new test cases.
> 
> 
> Thanks,
> 
> Sravya Tirukkovalur
> 
>

Re: Review Request 22578: SENTRY-300: HiveAuthzBinding checks for Hive server2 config which is not available when using Sentry with Hive meta store server

Posted by Sravya Tirukkovalur <sr...@cloudera.com>.


> On June 14, 2014, 1:07 a.m., Prasad Mujumdar wrote:
> > sentry-binding/sentry-binding-hive/src/main/java/org/apache/sentry/binding/hive/authz/HiveAuthzBinding.java, line 172
> > <https://reviews.apache.org/r/22578/diff/4/?file=609454#file609454line172>
> >
> >     The SET_UGI is actually applicable to non-secure connect. We don't have to enforce that here.
> 
> Sravya Tirukkovalur wrote:
>     Oh ok, this is defaulted to true on secure clusters then?

I meant restricted to true on secure clusters?


- Sravya


-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/22578/#review45684
-----------------------------------------------------------


On June 13, 2014, 6:57 p.m., Sravya Tirukkovalur wrote:
> 
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/22578/
> -----------------------------------------------------------
> 
> (Updated June 13, 2014, 6:57 p.m.)
> 
> 
> Review request for sentry and Prasad Mujumdar.
> 
> 
> Bugs: sentry-300
>     https://issues.apache.org/jira/browse/sentry-300
> 
> 
> Repository: sentry
> 
> 
> Description
> -------
> 
> Refactored the code a little bit so that we have following checks for the following paths:
> 
> If request coming from HiveServer2, we make sure:
> hive.server2.authentication !=none
> hive.server2.enable.doAs = false
> 
> If request coming from HiveMetastore, we make sure:
> hive.metastore.sasl.enabled = true
> hive.metastore.execute.setugi = true
> 
> Also now, invalid configurations throw InvalidConfigurationException, rather than using a dummy provider.
> 
> 
> Diffs
> -----
> 
>   sentry-binding/sentry-binding-hive/src/main/java/org/apache/sentry/binding/hive/authz/HiveAuthzBinding.java 39f5384a059d5c2df1cbda986f9e2af727421409 
>   sentry-binding/sentry-binding-hive/src/main/java/org/apache/sentry/binding/metastore/MetastoreAuthzBinding.java 30c348845150b87cdda5f6266d7d804cc20fc39e 
>   sentry-binding/sentry-binding-hive/src/test/java/org/apache/sentry/binding/hive/TestHiveAuthzBindings.java e6d790a4d09f3f5e7b019dfcbbf50d5a65ddba4d 
>   sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/hive/Context.java 4985912fbf16d362107d3168d115ff92282589f3 
>   sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/hive/TestServerConfiguration.java c05bb4fa69591c4f8ce6225939fab34db5b217e1 
> 
> Diff: https://reviews.apache.org/r/22578/diff/
> 
> 
> Testing
> -------
> 
> Added new test cases.
> 
> 
> Thanks,
> 
> Sravya Tirukkovalur
> 
>

Re: Review Request 22578: SENTRY-300: HiveAuthzBinding checks for Hive server2 config which is not available when using Sentry with Hive meta store server

Posted by Sravya Tirukkovalur <sr...@cloudera.com>.


> On June 14, 2014, 1:07 a.m., Prasad Mujumdar wrote:
> > sentry-binding/sentry-binding-hive/src/main/java/org/apache/sentry/binding/hive/authz/HiveAuthzBinding.java, line 172
> > <https://reviews.apache.org/r/22578/diff/4/?file=609454#file609454line172>
> >
> >     The SET_UGI is actually applicable to non-secure connect. We don't have to enforce that here.

Oh ok, this is defaulted to true on secure clusters then?


- Sravya


-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/22578/#review45684
-----------------------------------------------------------


On June 13, 2014, 6:57 p.m., Sravya Tirukkovalur wrote:
> 
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/22578/
> -----------------------------------------------------------
> 
> (Updated June 13, 2014, 6:57 p.m.)
> 
> 
> Review request for sentry and Prasad Mujumdar.
> 
> 
> Bugs: sentry-300
>     https://issues.apache.org/jira/browse/sentry-300
> 
> 
> Repository: sentry
> 
> 
> Description
> -------
> 
> Refactored the code a little bit so that we have following checks for the following paths:
> 
> If request coming from HiveServer2, we make sure:
> hive.server2.authentication !=none
> hive.server2.enable.doAs = false
> 
> If request coming from HiveMetastore, we make sure:
> hive.metastore.sasl.enabled = true
> hive.metastore.execute.setugi = true
> 
> Also now, invalid configurations throw InvalidConfigurationException, rather than using a dummy provider.
> 
> 
> Diffs
> -----
> 
>   sentry-binding/sentry-binding-hive/src/main/java/org/apache/sentry/binding/hive/authz/HiveAuthzBinding.java 39f5384a059d5c2df1cbda986f9e2af727421409 
>   sentry-binding/sentry-binding-hive/src/main/java/org/apache/sentry/binding/metastore/MetastoreAuthzBinding.java 30c348845150b87cdda5f6266d7d804cc20fc39e 
>   sentry-binding/sentry-binding-hive/src/test/java/org/apache/sentry/binding/hive/TestHiveAuthzBindings.java e6d790a4d09f3f5e7b019dfcbbf50d5a65ddba4d 
>   sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/hive/Context.java 4985912fbf16d362107d3168d115ff92282589f3 
>   sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/hive/TestServerConfiguration.java c05bb4fa69591c4f8ce6225939fab34db5b217e1 
> 
> Diff: https://reviews.apache.org/r/22578/diff/
> 
> 
> Testing
> -------
> 
> Added new test cases.
> 
> 
> Thanks,
> 
> Sravya Tirukkovalur
> 
>

Re: Review Request 22578: SENTRY-300: HiveAuthzBinding checks for Hive server2 config which is not available when using Sentry with Hive meta store server

Posted by Prasad Mujumdar <pr...@cloudera.com>.


> On June 14, 2014, 1:07 a.m., Prasad Mujumdar wrote:
> > sentry-binding/sentry-binding-hive/src/main/java/org/apache/sentry/binding/hive/authz/HiveAuthzBinding.java, line 172
> > <https://reviews.apache.org/r/22578/diff/4/?file=609454#file609454line172>
> >
> >     The SET_UGI is actually applicable to non-secure connect. We don't have to enforce that here.
> 
> Sravya Tirukkovalur wrote:
>     Oh ok, this is defaulted to true on secure clusters then?
> 
> Sravya Tirukkovalur wrote:
>     I meant restricted to true on secure clusters?

It's ignored by Metastore in case of secure cluster. CM does set it by default, but it's not needed.


- Prasad


-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/22578/#review45684
-----------------------------------------------------------


On June 13, 2014, 6:57 p.m., Sravya Tirukkovalur wrote:
> 
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/22578/
> -----------------------------------------------------------
> 
> (Updated June 13, 2014, 6:57 p.m.)
> 
> 
> Review request for sentry and Prasad Mujumdar.
> 
> 
> Bugs: sentry-300
>     https://issues.apache.org/jira/browse/sentry-300
> 
> 
> Repository: sentry
> 
> 
> Description
> -------
> 
> Refactored the code a little bit so that we have following checks for the following paths:
> 
> If request coming from HiveServer2, we make sure:
> hive.server2.authentication !=none
> hive.server2.enable.doAs = false
> 
> If request coming from HiveMetastore, we make sure:
> hive.metastore.sasl.enabled = true
> hive.metastore.execute.setugi = true
> 
> Also now, invalid configurations throw InvalidConfigurationException, rather than using a dummy provider.
> 
> 
> Diffs
> -----
> 
>   sentry-binding/sentry-binding-hive/src/main/java/org/apache/sentry/binding/hive/authz/HiveAuthzBinding.java 39f5384a059d5c2df1cbda986f9e2af727421409 
>   sentry-binding/sentry-binding-hive/src/main/java/org/apache/sentry/binding/metastore/MetastoreAuthzBinding.java 30c348845150b87cdda5f6266d7d804cc20fc39e 
>   sentry-binding/sentry-binding-hive/src/test/java/org/apache/sentry/binding/hive/TestHiveAuthzBindings.java e6d790a4d09f3f5e7b019dfcbbf50d5a65ddba4d 
>   sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/hive/Context.java 4985912fbf16d362107d3168d115ff92282589f3 
>   sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/hive/TestServerConfiguration.java c05bb4fa69591c4f8ce6225939fab34db5b217e1 
> 
> Diff: https://reviews.apache.org/r/22578/diff/
> 
> 
> Testing
> -------
> 
> Added new test cases.
> 
> 
> Thanks,
> 
> Sravya Tirukkovalur
> 
>

Re: Review Request 22578: SENTRY-300: HiveAuthzBinding checks for Hive server2 config which is not available when using Sentry with Hive meta store server

Posted by Prasad Mujumdar <pr...@cloudera.com>.

-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/22578/#review45684
-----------------------------------------------------------


Looks fine, just one suggestion below.


sentry-binding/sentry-binding-hive/src/main/java/org/apache/sentry/binding/hive/authz/HiveAuthzBinding.java
<https://reviews.apache.org/r/22578/#comment80628>

    The SET_UGI is actually applicable to non-secure connect. We don't have to enforce that here.


- Prasad Mujumdar


On June 13, 2014, 6:57 p.m., Sravya Tirukkovalur wrote:
> 
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/22578/
> -----------------------------------------------------------
> 
> (Updated June 13, 2014, 6:57 p.m.)
> 
> 
> Review request for sentry and Prasad Mujumdar.
> 
> 
> Bugs: sentry-300
>     https://issues.apache.org/jira/browse/sentry-300
> 
> 
> Repository: sentry
> 
> 
> Description
> -------
> 
> Refactored the code a little bit so that we have following checks for the following paths:
> 
> If request coming from HiveServer2, we make sure:
> hive.server2.authentication !=none
> hive.server2.enable.doAs = false
> 
> If request coming from HiveMetastore, we make sure:
> hive.metastore.sasl.enabled = true
> hive.metastore.execute.setugi = true
> 
> Also now, invalid configurations throw InvalidConfigurationException, rather than using a dummy provider.
> 
> 
> Diffs
> -----
> 
>   sentry-binding/sentry-binding-hive/src/main/java/org/apache/sentry/binding/hive/authz/HiveAuthzBinding.java 39f5384a059d5c2df1cbda986f9e2af727421409 
>   sentry-binding/sentry-binding-hive/src/main/java/org/apache/sentry/binding/metastore/MetastoreAuthzBinding.java 30c348845150b87cdda5f6266d7d804cc20fc39e 
>   sentry-binding/sentry-binding-hive/src/test/java/org/apache/sentry/binding/hive/TestHiveAuthzBindings.java e6d790a4d09f3f5e7b019dfcbbf50d5a65ddba4d 
>   sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/hive/Context.java 4985912fbf16d362107d3168d115ff92282589f3 
>   sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/hive/TestServerConfiguration.java c05bb4fa69591c4f8ce6225939fab34db5b217e1 
> 
> Diff: https://reviews.apache.org/r/22578/diff/
> 
> 
> Testing
> -------
> 
> Added new test cases.
> 
> 
> Thanks,
> 
> Sravya Tirukkovalur
> 
>

Re: Review Request 22578: SENTRY-300: HiveAuthzBinding checks for Hive server2 config which is not available when using Sentry with Hive meta store server

Posted by Sravya Tirukkovalur <sr...@cloudera.com>.

-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/22578/
-----------------------------------------------------------

(Updated June 13, 2014, 6:57 p.m.)


Review request for sentry and Prasad Mujumdar.


Changes
-------

Updated as per Vamsee's comments.


Bugs: sentry-300
    https://issues.apache.org/jira/browse/sentry-300


Repository: sentry


Description
-------

Refactored the code a little bit so that we have following checks for the following paths:

If request coming from HiveServer2, we make sure:
hive.server2.authentication !=none
hive.server2.enable.doAs = false

If request coming from HiveMetastore, we make sure:
hive.metastore.sasl.enabled = true
hive.metastore.execute.setugi = true

Also now, invalid configurations throw InvalidConfigurationException, rather than using a dummy provider.


Diffs (updated)
-----

  sentry-binding/sentry-binding-hive/src/main/java/org/apache/sentry/binding/hive/authz/HiveAuthzBinding.java 39f5384a059d5c2df1cbda986f9e2af727421409 
  sentry-binding/sentry-binding-hive/src/main/java/org/apache/sentry/binding/metastore/MetastoreAuthzBinding.java 30c348845150b87cdda5f6266d7d804cc20fc39e 
  sentry-binding/sentry-binding-hive/src/test/java/org/apache/sentry/binding/hive/TestHiveAuthzBindings.java e6d790a4d09f3f5e7b019dfcbbf50d5a65ddba4d 
  sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/hive/Context.java 4985912fbf16d362107d3168d115ff92282589f3 
  sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/hive/TestServerConfiguration.java c05bb4fa69591c4f8ce6225939fab34db5b217e1 

Diff: https://reviews.apache.org/r/22578/diff/


Testing
-------

Added new test cases.


Thanks,

Sravya Tirukkovalur

Re: Review Request 22578: SENTRY-300: HiveAuthzBinding checks for Hive server2 config which is not available when using Sentry with Hive meta store server

Posted by Sravya Tirukkovalur <sr...@cloudera.com>.


> On June 13, 2014, 6:48 p.m., Vamsee Yarlagadda wrote:
> > sentry-binding/sentry-binding-hive/src/main/java/org/apache/sentry/binding/hive/authz/HiveAuthzBinding.java, line 196
> > <https://reviews.apache.org/r/22578/diff/1/?file=609439#file609439line196>
> >
> >     Looks like the exception message is misleading?

Good catch!


- Sravya


-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/22578/#review45636
-----------------------------------------------------------


On June 13, 2014, 6:42 p.m., Sravya Tirukkovalur wrote:
> 
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/22578/
> -----------------------------------------------------------
> 
> (Updated June 13, 2014, 6:42 p.m.)
> 
> 
> Review request for sentry and Prasad Mujumdar.
> 
> 
> Bugs: sentry-300
>     https://issues.apache.org/jira/browse/sentry-300
> 
> 
> Repository: sentry
> 
> 
> Description
> -------
> 
> Refactored the code a little bit so that we have following checks for the following paths:
> 
> If request coming from HiveServer2, we make sure:
> hive.server2.authentication !=none
> hive.server2.enable.doAs = false
> 
> If request coming from HiveMetastore, we make sure:
> hive.metastore.sasl.enabled = true
> hive.metastore.execute.setugi = true
> 
> Also now, invalid configurations throw InvalidConfigurationException, rather than using a dummy provider.
> 
> 
> Diffs
> -----
> 
>   sentry-binding/sentry-binding-hive/src/main/java/org/apache/sentry/binding/hive/authz/HiveAuthzBinding.java 39f5384a059d5c2df1cbda986f9e2af727421409 
>   sentry-binding/sentry-binding-hive/src/main/java/org/apache/sentry/binding/metastore/MetastoreAuthzBinding.java 30c348845150b87cdda5f6266d7d804cc20fc39e 
>   sentry-binding/sentry-binding-hive/src/test/java/org/apache/sentry/binding/hive/TestHiveAuthzBindings.java e6d790a4d09f3f5e7b019dfcbbf50d5a65ddba4d 
>   sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/hive/Context.java 4985912fbf16d362107d3168d115ff92282589f3 
>   sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/hive/TestServerConfiguration.java c05bb4fa69591c4f8ce6225939fab34db5b217e1 
> 
> Diff: https://reviews.apache.org/r/22578/diff/
> 
> 
> Testing
> -------
> 
> Added new test cases.
> 
> 
> Thanks,
> 
> Sravya Tirukkovalur
> 
>

Re: Review Request 22578: SENTRY-300: HiveAuthzBinding checks for Hive server2 config which is not available when using Sentry with Hive meta store server

Posted by Vamsee Yarlagadda <va...@cloudera.com>.

-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/22578/#review45636
-----------------------------------------------------------



sentry-binding/sentry-binding-hive/src/main/java/org/apache/sentry/binding/hive/authz/HiveAuthzBinding.java
<https://reviews.apache.org/r/22578/#comment80534>

    Looks like the exception message is misleading?



sentry-binding/sentry-binding-hive/src/main/java/org/apache/sentry/binding/hive/authz/HiveAuthzBinding.java
<https://reviews.apache.org/r/22578/#comment80535>

    Looks like the exception message is misleading?


- Vamsee Yarlagadda


On June 13, 2014, 6:42 p.m., Sravya Tirukkovalur wrote:
> 
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/22578/
> -----------------------------------------------------------
> 
> (Updated June 13, 2014, 6:42 p.m.)
> 
> 
> Review request for sentry and Prasad Mujumdar.
> 
> 
> Bugs: sentry-300
>     https://issues.apache.org/jira/browse/sentry-300
> 
> 
> Repository: sentry
> 
> 
> Description
> -------
> 
> Refactored the code a little bit so that we have following checks for the following paths:
> 
> If request coming from HiveServer2, we make sure:
> hive.server2.authentication !=none
> hive.server2.enable.doAs = false
> 
> If request coming from HiveMetastore, we make sure:
> hive.metastore.sasl.enabled = true
> hive.metastore.execute.setugi = true
> 
> Also now, invalid configurations throw InvalidConfigurationException, rather than using a dummy provider.
> 
> 
> Diffs
> -----
> 
>   sentry-binding/sentry-binding-hive/src/main/java/org/apache/sentry/binding/hive/authz/HiveAuthzBinding.java 39f5384a059d5c2df1cbda986f9e2af727421409 
>   sentry-binding/sentry-binding-hive/src/main/java/org/apache/sentry/binding/metastore/MetastoreAuthzBinding.java 30c348845150b87cdda5f6266d7d804cc20fc39e 
>   sentry-binding/sentry-binding-hive/src/test/java/org/apache/sentry/binding/hive/TestHiveAuthzBindings.java e6d790a4d09f3f5e7b019dfcbbf50d5a65ddba4d 
>   sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/hive/Context.java 4985912fbf16d362107d3168d115ff92282589f3 
>   sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/hive/TestServerConfiguration.java c05bb4fa69591c4f8ce6225939fab34db5b217e1 
> 
> Diff: https://reviews.apache.org/r/22578/diff/
> 
> 
> Testing
> -------
> 
> Added new test cases.
> 
> 
> Thanks,
> 
> Sravya Tirukkovalur
> 
>

Re: Review Request 22578: SENTRY-300: HiveAuthzBinding checks for Hive server2 config which is not available when using Sentry with Hive meta store server

Posted by Sravya Tirukkovalur <sr...@cloudera.com>.

-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/22578/
-----------------------------------------------------------

(Updated June 13, 2014, 6:42 p.m.)


Review request for sentry and Prasad Mujumdar.


Bugs: sentry-300
    https://issues.apache.org/jira/browse/sentry-300


Repository: sentry


Description
-------

Refactored the code a little bit so that we have following checks for the following paths:

If request coming from HiveServer2, we make sure:
hive.server2.authentication !=none
hive.server2.enable.doAs = false

If request coming from HiveMetastore, we make sure:
hive.metastore.sasl.enabled = true
hive.metastore.execute.setugi = true

Also now, invalid configurations throw InvalidConfigurationException, rather than using a dummy provider.


Diffs (updated)
-----

  sentry-binding/sentry-binding-hive/src/main/java/org/apache/sentry/binding/hive/authz/HiveAuthzBinding.java 39f5384a059d5c2df1cbda986f9e2af727421409 
  sentry-binding/sentry-binding-hive/src/main/java/org/apache/sentry/binding/metastore/MetastoreAuthzBinding.java 30c348845150b87cdda5f6266d7d804cc20fc39e 
  sentry-binding/sentry-binding-hive/src/test/java/org/apache/sentry/binding/hive/TestHiveAuthzBindings.java e6d790a4d09f3f5e7b019dfcbbf50d5a65ddba4d 
  sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/hive/Context.java 4985912fbf16d362107d3168d115ff92282589f3 
  sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/hive/TestServerConfiguration.java c05bb4fa69591c4f8ce6225939fab34db5b217e1 

Diff: https://reviews.apache.org/r/22578/diff/


Testing
-------

Added new test cases.


Thanks,

Sravya Tirukkovalur

Re: Review Request 22578: SENTRY-300: HiveAuthzBinding checks for Hive server2 config which is not available when using Sentry with Hive meta store server

Posted by Sravya Tirukkovalur <sr...@cloudera.com>.

-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/22578/
-----------------------------------------------------------

(Updated June 13, 2014, 6:39 p.m.)


Review request for sentry and Prasad Mujumdar.


Changes
-------

Updated some comments


Bugs: sentry-300
    https://issues.apache.org/jira/browse/sentry-300


Repository: sentry


Description
-------

Refactored the code a little bit so that we have following checks for the following paths:

If request coming from HiveServer2, we make sure:
hive.server2.authentication !=none
hive.server2.enable.doAs = false

If request coming from HiveMetastore, we make sure:
hive.metastore.sasl.enabled = true
hive.metastore.execute.setugi = true

Also now, invalid configurations throw InvalidConfigurationException, rather than using a dummy provider.


Diffs (updated)
-----

  sentry-binding/sentry-binding-hive/src/main/java/org/apache/sentry/binding/hive/authz/HiveAuthzBinding.java 39f5384a059d5c2df1cbda986f9e2af727421409 
  sentry-binding/sentry-binding-hive/src/main/java/org/apache/sentry/binding/metastore/MetastoreAuthzBinding.java 30c348845150b87cdda5f6266d7d804cc20fc39e 
  sentry-binding/sentry-binding-hive/src/test/java/org/apache/sentry/binding/hive/TestHiveAuthzBindings.java e6d790a4d09f3f5e7b019dfcbbf50d5a65ddba4d 
  sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/hive/Context.java 4985912fbf16d362107d3168d115ff92282589f3 
  sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/hive/TestServerConfiguration.java c05bb4fa69591c4f8ce6225939fab34db5b217e1 

Diff: https://reviews.apache.org/r/22578/diff/


Testing
-------

Added new test cases.


Thanks,

Sravya Tirukkovalur