You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@sentry.apache.org by Gregory Chanan <gc...@cloudera.com> on 2014/08/13 23:01:16 UTC
Review Request 24666: SENTRY-388: Solr Binding initKerberos should use
supplied Configuration
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/24666/
-----------------------------------------------------------
Review request for sentry and Vamsee Yarlagadda.
Repository: sentry
Description
-------
Sentry communicates with secure HDFS by creating a new Configuration object:
https://github.com/apache/incubator-sentry/blob/3be10df92c92e39e4d91ff2114f3f72783926e82/sentry-binding/sentry-binding-solr/src/main/java/org/apache/sentry/binding/solr/authz/SolrAuthzBinding.java#L185
The issue with that is when its used to set the UserGroupInformation configuration, it overwrites the existing configuration, which may have other (server) settings like kerberos rules. Ideally there would be separate client/servers interfaces, but lacking that, we need to use the passed in configuration.
Diffs
-----
sentry-binding/sentry-binding-solr/src/main/java/org/apache/sentry/binding/solr/authz/SolrAuthzBinding.java c384cd1
Diff: https://reviews.apache.org/r/24666/diff/
Testing
-------
We don't have unit tests that run on secure hdfs, so I tested this on a real cluster with kerberos name rules and it passed.
Thanks,
Gregory Chanan
Re: Review Request 24666: SENTRY-388: Solr Binding initKerberos should use
supplied Configuration
Posted by Vamsee Yarlagadda <va...@cloudera.com>.
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/24666/#review50509
-----------------------------------------------------------
Ship it!
Ship It!
- Vamsee Yarlagadda
On Aug. 13, 2014, 9:01 p.m., Gregory Chanan wrote:
>
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/24666/
> -----------------------------------------------------------
>
> (Updated Aug. 13, 2014, 9:01 p.m.)
>
>
> Review request for sentry and Vamsee Yarlagadda.
>
>
> Repository: sentry
>
>
> Description
> -------
>
> Sentry communicates with secure HDFS by creating a new Configuration object:
> https://github.com/apache/incubator-sentry/blob/3be10df92c92e39e4d91ff2114f3f72783926e82/sentry-binding/sentry-binding-solr/src/main/java/org/apache/sentry/binding/solr/authz/SolrAuthzBinding.java#L185
>
> The issue with that is when its used to set the UserGroupInformation configuration, it overwrites the existing configuration, which may have other (server) settings like kerberos rules. Ideally there would be separate client/servers interfaces, but lacking that, we need to use the passed in configuration.
>
>
> Diffs
> -----
>
> sentry-binding/sentry-binding-solr/src/main/java/org/apache/sentry/binding/solr/authz/SolrAuthzBinding.java c384cd1
>
> Diff: https://reviews.apache.org/r/24666/diff/
>
>
> Testing
> -------
>
> We don't have unit tests that run on secure hdfs, so I tested this on a real cluster with kerberos name rules and it passed.
>
>
> Thanks,
>
> Gregory Chanan
>
>