You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@kudu.apache.org by al...@apache.org on 2019/04/18 22:52:08 UTC

[kudu] branch master updated: [catalog_manager] simplify lifecycle of authz provider

This is an automated email from the ASF dual-hosted git repository.

alexey pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/kudu.git


The following commit(s) were added to refs/heads/master by this push:
     new 1f61479  [catalog_manager] simplify lifecycle of authz provider
1f61479 is described below

commit 1f61479715e9f9bc22d7e6262db030ed5b7fae8f
Author: Alexey Serbin <al...@apache.org>
AuthorDate: Wed Apr 17 21:43:37 2019 -0700

    [catalog_manager] simplify lifecycle of authz provider
    
    This patch simplifies CatalogManager::authz_provider_ member's
    lifecycle.  The motivation for this change is to make the
    authz_provider_ member available right after construction of
    a CatalogManager instance: this will be used in follow-up changelists.
    
    I also did a couple of other style-related changes.
    
    Change-Id: I47a83a332dc1e55725dd46d4d9510ac4fd8d37c2
    Reviewed-on: http://gerrit.cloudera.org:8080/13062
    Tested-by: Alexey Serbin <as...@cloudera.com>
    Reviewed-by: Adar Dembo <ad...@cloudera.com>
    Reviewed-by: Andrew Wong <aw...@cloudera.com>
    Reviewed-by: Hao Hao <ha...@cloudera.com>
---
 src/kudu/master/authz_provider.cc  |  2 +-
 src/kudu/master/authz_provider.h   |  5 ++---
 src/kudu/master/catalog_manager.cc | 12 +++++-------
 3 files changed, 8 insertions(+), 11 deletions(-)

diff --git a/src/kudu/master/authz_provider.cc b/src/kudu/master/authz_provider.cc
index 89cebc8..72aa092 100644
--- a/src/kudu/master/authz_provider.cc
+++ b/src/kudu/master/authz_provider.cc
@@ -45,7 +45,7 @@ AuthzProvider::AuthzProvider() {
   std::move(acls.begin(), acls.end(), std::inserter(trusted_users_, trusted_users_.end()));
 }
 
-bool AuthzProvider::IsTrustedUser(const string& user) {
+bool AuthzProvider::IsTrustedUser(const string& user) const {
   return ContainsKey(trusted_users_, user);
 }
 
diff --git a/src/kudu/master/authz_provider.h b/src/kudu/master/authz_provider.h
index 4231fde..c75456b 100644
--- a/src/kudu/master/authz_provider.h
+++ b/src/kudu/master/authz_provider.h
@@ -38,6 +38,7 @@ class AuthzProvider {
  public:
 
   AuthzProvider();
+  virtual ~AuthzProvider() = default;
 
   // Starts the AuthzProvider instance.
   virtual Status Start() = 0;
@@ -87,11 +88,9 @@ class AuthzProvider {
                                       const SchemaPB& schema_pb,
                                       security::TablePrivilegePB* pb) WARN_UNUSED_RESULT = 0;
 
-  virtual ~AuthzProvider() {}
-
   // Checks if the given user is trusted and thus can be exempted from
   // authorization validation.
-  bool IsTrustedUser(const std::string& user);
+  bool IsTrustedUser(const std::string& user) const;
 
  private:
   std::unordered_set<std::string> trusted_users_;
diff --git a/src/kudu/master/catalog_manager.cc b/src/kudu/master/catalog_manager.cc
index ced919f..d59c45a 100644
--- a/src/kudu/master/catalog_manager.cc
+++ b/src/kudu/master/catalog_manager.cc
@@ -697,6 +697,11 @@ CatalogManager::CatalogManager(Master* master)
       leader_ready_term_(-1),
       hms_notification_log_event_id_(-1),
       leader_lock_(RWMutex::Priority::PREFER_WRITING) {
+  if (hms::HmsCatalog::IsEnabled() && SentryAuthzProvider::IsEnabled()) {
+    authz_provider_.reset(new SentryAuthzProvider(master_->metric_entity()));
+  } else {
+    authz_provider_.reset(new DefaultAuthzProvider);
+  }
   CHECK_OK(ThreadPoolBuilder("leader-initialization")
            // Presently, this thread pool must contain only a single thread
            // (to correctly serialize invocations of ElectedAsLeaderCb upon
@@ -727,8 +732,6 @@ Status CatalogManager::Init(bool is_first_run) {
   RETURN_NOT_OK_PREPEND(sys_catalog_->WaitUntilRunning(),
                         "Failed waiting for the catalog tablet to run");
 
-  authz_provider_.reset(new DefaultAuthzProvider);
-
   if (hms::HmsCatalog::IsEnabled()) {
     vector<HostPortPB> master_addrs_pb;
     RETURN_NOT_OK(master_->GetMasterHostPorts(&master_addrs_pb));
@@ -754,11 +757,6 @@ Status CatalogManager::Init(bool is_first_run) {
     hms_notification_log_listener_.reset(new HmsNotificationLogListenerTask(this));
     RETURN_NOT_OK_PREPEND(hms_notification_log_listener_->Init(),
         "failed to initialize Hive Metastore notification log listener task");
-
-    // Use SentryAuthzProvider when both Sentry and the HMS integration are enabled.
-    if (SentryAuthzProvider::IsEnabled()) {
-      authz_provider_.reset(new SentryAuthzProvider(master_->metric_entity()));
-    }
   }
 
   RETURN_NOT_OK_PREPEND(authz_provider_->Start(), "failed to start Authz Provider");