You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@sentry.apache.org by Li Li <li...@cloudera.com> on 2016/04/07 05:57:33 UTC

Review Request 45859: SENTRY-1120: Show role / privileges info in Sentry Service Webpage

-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/45859/
-----------------------------------------------------------

Review request for sentry, Anne Yu, Hao Hao, Lenni Kuff, and Sravya Tirukkovalur.


Repository: sentry


Description
-------

Show role / privileges info in Sentry Service Webpage


Diffs
-----

  sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/thrift/AdminServlet.java PRE-CREATION 
  sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/thrift/SentryWebServer.java 1bdea2c55de12a999f94ea33f8709311c7c2c7f2 
  sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/service/thrift/ServiceConstants.java 94bd2a95c77a9691cbaa578ebf417e49c339b7ed 
  sentry-provider/sentry-provider-db/src/main/webapp/SentryService.html ee112ce8d39626784d5d73ef0a4c28f43e7c4f1f 

Diff: https://reviews.apache.org/r/45859/diff/


Testing
-------


Thanks,

Li Li

Re: Review Request 45859: SENTRY-1120: Show role / privileges info in Sentry Service Webpage

Posted by Li Li <li...@cloudera.com>.

-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/45859/
-----------------------------------------------------------

(Updated Sept. 19, 2016, 11:29 p.m.)


Review request for sentry, Anne Yu, Hao Hao, Lenni Kuff, and Sravya Tirukkovalur.


Repository: sentry


Description
-------

Show role / privileges info in Sentry Service Webpage


Diffs (updated)
-----

  sentry-service/sentry-service-server/pom.xml be165b6d43fa2f902749458634ab64bdc9b1d044 
  sentry-service/sentry-service-server/src/main/java/org/apache/sentry/provider/db/service/thrift/SentryAdminServlet.java PRE-CREATION 
  sentry-service/sentry-service-server/src/main/java/org/apache/sentry/provider/db/service/thrift/SentryWebServer.java a42f395270996da345ce49edca909e0438383759 
  sentry-service/sentry-service-server/src/main/resources/realm.properties PRE-CREATION 
  sentry-service/sentry-service-server/src/main/webapp/SentryService.html 9eb5f0eb4743c1215caf99a90bc89e810b21db87 

Diff: https://reviews.apache.org/r/45859/diff/


Testing
-------


Thanks,

Li Li

Re: Review Request 45859: SENTRY-1120: Show role / privileges info in Sentry Service Webpage

Posted by Li Li <li...@cloudera.com>.

-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/45859/
-----------------------------------------------------------

(Updated April 23, 2016, 1:06 a.m.)


Review request for sentry, Anne Yu, Hao Hao, Lenni Kuff, and Sravya Tirukkovalur.


Repository: sentry


Description
-------

Show role / privileges info in Sentry Service Webpage


Diffs (updated)
-----

  sentry-provider/sentry-provider-db/pom.xml bf4dfdc1de90b1018767e2a61bee970655f02682 
  sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/thrift/SentryAdminServlet.java PRE-CREATION 
  sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/thrift/SentryWebServer.java 1bdea2c55de12a999f94ea33f8709311c7c2c7f2 
  sentry-provider/sentry-provider-db/src/main/resources/realm.properties PRE-CREATION 
  sentry-provider/sentry-provider-db/src/main/webapp/SentryService.html ee112ce8d39626784d5d73ef0a4c28f43e7c4f1f 

Diff: https://reviews.apache.org/r/45859/diff/


Testing
-------


Thanks,

Li Li

Re: Review Request 45859: SENTRY-1120: Show role / privileges info in Sentry Service Webpage

Posted by Li Li <li...@cloudera.com>.

-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/45859/
-----------------------------------------------------------

(Updated April 23, 2016, 1:06 a.m.)


Review request for sentry, Anne Yu, Hao Hao, Lenni Kuff, and Sravya Tirukkovalur.


Repository: sentry


Description
-------

Show role / privileges info in Sentry Service Webpage


Diffs
-----

  sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/thrift/AdminServlet.java PRE-CREATION 
  sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/thrift/SentryWebServer.java 1bdea2c55de12a999f94ea33f8709311c7c2c7f2 
  sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/service/thrift/ServiceConstants.java 94bd2a95c77a9691cbaa578ebf417e49c339b7ed 
  sentry-provider/sentry-provider-db/src/main/webapp/SentryService.html ee112ce8d39626784d5d73ef0a4c28f43e7c4f1f 

Diff: https://reviews.apache.org/r/45859/diff/


Testing
-------


Thanks,

Li Li

Re: Review Request 45859: SENTRY-1120: Show role / privileges info in Sentry Service Webpage

Posted by Li Li <li...@cloudera.com>.

-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/45859/
-----------------------------------------------------------

(Updated April 23, 2016, 1:05 a.m.)


Review request for sentry, Anne Yu, Hao Hao, Lenni Kuff, and Sravya Tirukkovalur.


Repository: sentry


Description
-------

Show role / privileges info in Sentry Service Webpage


Diffs
-----

  sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/thrift/AdminServlet.java PRE-CREATION 
  sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/thrift/SentryWebServer.java 1bdea2c55de12a999f94ea33f8709311c7c2c7f2 
  sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/service/thrift/ServiceConstants.java 94bd2a95c77a9691cbaa578ebf417e49c339b7ed 
  sentry-provider/sentry-provider-db/src/main/webapp/SentryService.html ee112ce8d39626784d5d73ef0a4c28f43e7c4f1f 

Diff: https://reviews.apache.org/r/45859/diff/


Testing
-------


File Attachments (updated)
----------------

SENTRY-1120.1.patch
  https://reviews.apache.org/media/uploaded/files/2016/04/23/ff24a4bf-107d-48a0-bbbb-dafa0fbad804__SENTRY-1120.1.patch


Thanks,

Li Li

Re: Review Request 45859: SENTRY-1120: Show role / privileges info in Sentry Service Webpage

Posted by Li Li <li...@cloudera.com>.


> On April 13, 2016, 4:30 a.m., Lenni Kuff wrote:
> > sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/thrift/AdminServlet.java, line 57
> > <https://reviews.apache.org/r/45859/diff/1/?file=1329281#file1329281line57>
> >
> >     We shouldn't get in the business of validating passwords within Sentry, especially in plaintext. 
> >     It is probably better to use something like .htaccess / .htpasswd, however that hooks into Jetty. That way we can do the authentication using certificates rather than this type of check. Perhaps this is actually a seperate item from just listing roles - we want to instead add basic ACL support (Admin-only) to the debug webpage.

Yes, the listing roles feature need at least some basic ACL support. I will create a jira about adding basic ACL support for Admin-only to the debug webpage.


> On April 13, 2016, 4:30 a.m., Lenni Kuff wrote:
> > sentry-provider/sentry-provider-db/src/main/webapp/SentryService.html, line 65
> > <https://reviews.apache.org/r/45859/diff/1/?file=1329284#file1329284line65>
> >
> >     Is it bad the password is cleartext?

Thanks for pointing it out! I will update it in the next patch.


- Li


-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/45859/#review128608
-----------------------------------------------------------


On April 7, 2016, 3:57 a.m., Li Li wrote:
> 
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/45859/
> -----------------------------------------------------------
> 
> (Updated April 7, 2016, 3:57 a.m.)
> 
> 
> Review request for sentry, Anne Yu, Hao Hao, Lenni Kuff, and Sravya Tirukkovalur.
> 
> 
> Repository: sentry
> 
> 
> Description
> -------
> 
> Show role / privileges info in Sentry Service Webpage
> 
> 
> Diffs
> -----
> 
>   sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/thrift/AdminServlet.java PRE-CREATION 
>   sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/thrift/SentryWebServer.java 1bdea2c55de12a999f94ea33f8709311c7c2c7f2 
>   sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/service/thrift/ServiceConstants.java 94bd2a95c77a9691cbaa578ebf417e49c339b7ed 
>   sentry-provider/sentry-provider-db/src/main/webapp/SentryService.html ee112ce8d39626784d5d73ef0a4c28f43e7c4f1f 
> 
> Diff: https://reviews.apache.org/r/45859/diff/
> 
> 
> Testing
> -------
> 
> 
> Thanks,
> 
> Li Li
> 
>

Re: Review Request 45859: SENTRY-1120: Show role / privileges info in Sentry Service Webpage

Posted by Lenni Kuff <ls...@cloudera.com>.

-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/45859/#review128608
-----------------------------------------------------------




sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/thrift/AdminServlet.java (line 57)
<https://reviews.apache.org/r/45859/#comment192059>

    We shouldn't get in the business of validating passwords within Sentry, especially in plaintext. 
    It is probably better to use something like .htaccess / .htpasswd, however that hooks into Jetty. That way we can do the authentication using certificates rather than this type of check. Perhaps this is actually a seperate item from just listing roles - we want to instead add basic ACL support (Admin-only) to the debug webpage.



sentry-provider/sentry-provider-db/src/main/webapp/SentryService.html (line 65)
<https://reviews.apache.org/r/45859/#comment192058>

    Is it bad the password is cleartext?


- Lenni Kuff


On April 7, 2016, 3:57 a.m., Li Li wrote:
> 
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/45859/
> -----------------------------------------------------------
> 
> (Updated April 7, 2016, 3:57 a.m.)
> 
> 
> Review request for sentry, Anne Yu, Hao Hao, Lenni Kuff, and Sravya Tirukkovalur.
> 
> 
> Repository: sentry
> 
> 
> Description
> -------
> 
> Show role / privileges info in Sentry Service Webpage
> 
> 
> Diffs
> -----
> 
>   sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/thrift/AdminServlet.java PRE-CREATION 
>   sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/thrift/SentryWebServer.java 1bdea2c55de12a999f94ea33f8709311c7c2c7f2 
>   sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/service/thrift/ServiceConstants.java 94bd2a95c77a9691cbaa578ebf417e49c339b7ed 
>   sentry-provider/sentry-provider-db/src/main/webapp/SentryService.html ee112ce8d39626784d5d73ef0a4c28f43e7c4f1f 
> 
> Diff: https://reviews.apache.org/r/45859/diff/
> 
> 
> Testing
> -------
> 
> 
> Thanks,
> 
> Li Li
> 
>