You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@kudu.apache.org by al...@apache.org on 2019/04/18 22:52:08 UTC
[kudu] branch master updated: [catalog_manager] simplify lifecycle
of authz provider
This is an automated email from the ASF dual-hosted git repository.
alexey pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/kudu.git
The following commit(s) were added to refs/heads/master by this push:
new 1f61479 [catalog_manager] simplify lifecycle of authz provider
1f61479 is described below
commit 1f61479715e9f9bc22d7e6262db030ed5b7fae8f
Author: Alexey Serbin <al...@apache.org>
AuthorDate: Wed Apr 17 21:43:37 2019 -0700
[catalog_manager] simplify lifecycle of authz provider
This patch simplifies CatalogManager::authz_provider_ member's
lifecycle. The motivation for this change is to make the
authz_provider_ member available right after construction of
a CatalogManager instance: this will be used in follow-up changelists.
I also did a couple of other style-related changes.
Change-Id: I47a83a332dc1e55725dd46d4d9510ac4fd8d37c2
Reviewed-on: http://gerrit.cloudera.org:8080/13062
Tested-by: Alexey Serbin <as...@cloudera.com>
Reviewed-by: Adar Dembo <ad...@cloudera.com>
Reviewed-by: Andrew Wong <aw...@cloudera.com>
Reviewed-by: Hao Hao <ha...@cloudera.com>
---
src/kudu/master/authz_provider.cc | 2 +-
src/kudu/master/authz_provider.h | 5 ++---
src/kudu/master/catalog_manager.cc | 12 +++++-------
3 files changed, 8 insertions(+), 11 deletions(-)
diff --git a/src/kudu/master/authz_provider.cc b/src/kudu/master/authz_provider.cc
index 89cebc8..72aa092 100644
--- a/src/kudu/master/authz_provider.cc
+++ b/src/kudu/master/authz_provider.cc
@@ -45,7 +45,7 @@ AuthzProvider::AuthzProvider() {
std::move(acls.begin(), acls.end(), std::inserter(trusted_users_, trusted_users_.end()));
}
-bool AuthzProvider::IsTrustedUser(const string& user) {
+bool AuthzProvider::IsTrustedUser(const string& user) const {
return ContainsKey(trusted_users_, user);
}
diff --git a/src/kudu/master/authz_provider.h b/src/kudu/master/authz_provider.h
index 4231fde..c75456b 100644
--- a/src/kudu/master/authz_provider.h
+++ b/src/kudu/master/authz_provider.h
@@ -38,6 +38,7 @@ class AuthzProvider {
public:
AuthzProvider();
+ virtual ~AuthzProvider() = default;
// Starts the AuthzProvider instance.
virtual Status Start() = 0;
@@ -87,11 +88,9 @@ class AuthzProvider {
const SchemaPB& schema_pb,
security::TablePrivilegePB* pb) WARN_UNUSED_RESULT = 0;
- virtual ~AuthzProvider() {}
-
// Checks if the given user is trusted and thus can be exempted from
// authorization validation.
- bool IsTrustedUser(const std::string& user);
+ bool IsTrustedUser(const std::string& user) const;
private:
std::unordered_set<std::string> trusted_users_;
diff --git a/src/kudu/master/catalog_manager.cc b/src/kudu/master/catalog_manager.cc
index ced919f..d59c45a 100644
--- a/src/kudu/master/catalog_manager.cc
+++ b/src/kudu/master/catalog_manager.cc
@@ -697,6 +697,11 @@ CatalogManager::CatalogManager(Master* master)
leader_ready_term_(-1),
hms_notification_log_event_id_(-1),
leader_lock_(RWMutex::Priority::PREFER_WRITING) {
+ if (hms::HmsCatalog::IsEnabled() && SentryAuthzProvider::IsEnabled()) {
+ authz_provider_.reset(new SentryAuthzProvider(master_->metric_entity()));
+ } else {
+ authz_provider_.reset(new DefaultAuthzProvider);
+ }
CHECK_OK(ThreadPoolBuilder("leader-initialization")
// Presently, this thread pool must contain only a single thread
// (to correctly serialize invocations of ElectedAsLeaderCb upon
@@ -727,8 +732,6 @@ Status CatalogManager::Init(bool is_first_run) {
RETURN_NOT_OK_PREPEND(sys_catalog_->WaitUntilRunning(),
"Failed waiting for the catalog tablet to run");
- authz_provider_.reset(new DefaultAuthzProvider);
-
if (hms::HmsCatalog::IsEnabled()) {
vector<HostPortPB> master_addrs_pb;
RETURN_NOT_OK(master_->GetMasterHostPorts(&master_addrs_pb));
@@ -754,11 +757,6 @@ Status CatalogManager::Init(bool is_first_run) {
hms_notification_log_listener_.reset(new HmsNotificationLogListenerTask(this));
RETURN_NOT_OK_PREPEND(hms_notification_log_listener_->Init(),
"failed to initialize Hive Metastore notification log listener task");
-
- // Use SentryAuthzProvider when both Sentry and the HMS integration are enabled.
- if (SentryAuthzProvider::IsEnabled()) {
- authz_provider_.reset(new SentryAuthzProvider(master_->metric_entity()));
- }
}
RETURN_NOT_OK_PREPEND(authz_provider_->Start(), "failed to start Authz Provider");