You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@sentry.apache.org by Gregory Chanan <gc...@cloudera.com> on 2014/08/13 23:01:16 UTC

Review Request 24666: SENTRY-388: Solr Binding initKerberos should use supplied Configuration

-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/24666/
-----------------------------------------------------------

Review request for sentry and Vamsee Yarlagadda.


Repository: sentry


Description
-------

Sentry communicates with secure HDFS by creating a new Configuration object:
https://github.com/apache/incubator-sentry/blob/3be10df92c92e39e4d91ff2114f3f72783926e82/sentry-binding/sentry-binding-solr/src/main/java/org/apache/sentry/binding/solr/authz/SolrAuthzBinding.java#L185

The issue with that is when its used to set the UserGroupInformation configuration, it overwrites the existing configuration, which may have other (server) settings like kerberos rules. Ideally there would be separate client/servers interfaces, but lacking that, we need to use the passed in configuration.


Diffs
-----

  sentry-binding/sentry-binding-solr/src/main/java/org/apache/sentry/binding/solr/authz/SolrAuthzBinding.java c384cd1 

Diff: https://reviews.apache.org/r/24666/diff/


Testing
-------

We don't have unit tests that run on secure hdfs, so I tested this on a real cluster with kerberos name rules and it passed.


Thanks,

Gregory Chanan

Re: Review Request 24666: SENTRY-388: Solr Binding initKerberos should use supplied Configuration

Posted by Vamsee Yarlagadda <va...@cloudera.com>.

-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/24666/#review50509
-----------------------------------------------------------

Ship it!


Ship It!

- Vamsee Yarlagadda


On Aug. 13, 2014, 9:01 p.m., Gregory Chanan wrote:
> 
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/24666/
> -----------------------------------------------------------
> 
> (Updated Aug. 13, 2014, 9:01 p.m.)
> 
> 
> Review request for sentry and Vamsee Yarlagadda.
> 
> 
> Repository: sentry
> 
> 
> Description
> -------
> 
> Sentry communicates with secure HDFS by creating a new Configuration object:
> https://github.com/apache/incubator-sentry/blob/3be10df92c92e39e4d91ff2114f3f72783926e82/sentry-binding/sentry-binding-solr/src/main/java/org/apache/sentry/binding/solr/authz/SolrAuthzBinding.java#L185
> 
> The issue with that is when its used to set the UserGroupInformation configuration, it overwrites the existing configuration, which may have other (server) settings like kerberos rules. Ideally there would be separate client/servers interfaces, but lacking that, we need to use the passed in configuration.
> 
> 
> Diffs
> -----
> 
>   sentry-binding/sentry-binding-solr/src/main/java/org/apache/sentry/binding/solr/authz/SolrAuthzBinding.java c384cd1 
> 
> Diff: https://reviews.apache.org/r/24666/diff/
> 
> 
> Testing
> -------
> 
> We don't have unit tests that run on secure hdfs, so I tested this on a real cluster with kerberos name rules and it passed.
> 
> 
> Thanks,
> 
> Gregory Chanan
> 
>