You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@sentry.apache.org by Li Li <li...@cloudera.com> on 2016/04/07 05:57:33 UTC
Review Request 45859: SENTRY-1120: Show role / privileges info in
Sentry Service Webpage
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/45859/
-----------------------------------------------------------
Review request for sentry, Anne Yu, Hao Hao, Lenni Kuff, and Sravya Tirukkovalur.
Repository: sentry
Description
-------
Show role / privileges info in Sentry Service Webpage
Diffs
-----
sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/thrift/AdminServlet.java PRE-CREATION
sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/thrift/SentryWebServer.java 1bdea2c55de12a999f94ea33f8709311c7c2c7f2
sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/service/thrift/ServiceConstants.java 94bd2a95c77a9691cbaa578ebf417e49c339b7ed
sentry-provider/sentry-provider-db/src/main/webapp/SentryService.html ee112ce8d39626784d5d73ef0a4c28f43e7c4f1f
Diff: https://reviews.apache.org/r/45859/diff/
Testing
-------
Thanks,
Li Li
Re: Review Request 45859: SENTRY-1120: Show role / privileges info in
Sentry Service Webpage
Posted by Li Li <li...@cloudera.com>.
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/45859/
-----------------------------------------------------------
(Updated Sept. 19, 2016, 11:29 p.m.)
Review request for sentry, Anne Yu, Hao Hao, Lenni Kuff, and Sravya Tirukkovalur.
Repository: sentry
Description
-------
Show role / privileges info in Sentry Service Webpage
Diffs (updated)
-----
sentry-service/sentry-service-server/pom.xml be165b6d43fa2f902749458634ab64bdc9b1d044
sentry-service/sentry-service-server/src/main/java/org/apache/sentry/provider/db/service/thrift/SentryAdminServlet.java PRE-CREATION
sentry-service/sentry-service-server/src/main/java/org/apache/sentry/provider/db/service/thrift/SentryWebServer.java a42f395270996da345ce49edca909e0438383759
sentry-service/sentry-service-server/src/main/resources/realm.properties PRE-CREATION
sentry-service/sentry-service-server/src/main/webapp/SentryService.html 9eb5f0eb4743c1215caf99a90bc89e810b21db87
Diff: https://reviews.apache.org/r/45859/diff/
Testing
-------
Thanks,
Li Li
Re: Review Request 45859: SENTRY-1120: Show role / privileges info in
Sentry Service Webpage
Posted by Li Li <li...@cloudera.com>.
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/45859/
-----------------------------------------------------------
(Updated April 23, 2016, 1:06 a.m.)
Review request for sentry, Anne Yu, Hao Hao, Lenni Kuff, and Sravya Tirukkovalur.
Repository: sentry
Description
-------
Show role / privileges info in Sentry Service Webpage
Diffs (updated)
-----
sentry-provider/sentry-provider-db/pom.xml bf4dfdc1de90b1018767e2a61bee970655f02682
sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/thrift/SentryAdminServlet.java PRE-CREATION
sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/thrift/SentryWebServer.java 1bdea2c55de12a999f94ea33f8709311c7c2c7f2
sentry-provider/sentry-provider-db/src/main/resources/realm.properties PRE-CREATION
sentry-provider/sentry-provider-db/src/main/webapp/SentryService.html ee112ce8d39626784d5d73ef0a4c28f43e7c4f1f
Diff: https://reviews.apache.org/r/45859/diff/
Testing
-------
Thanks,
Li Li
Re: Review Request 45859: SENTRY-1120: Show role / privileges info in
Sentry Service Webpage
Posted by Li Li <li...@cloudera.com>.
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/45859/
-----------------------------------------------------------
(Updated April 23, 2016, 1:06 a.m.)
Review request for sentry, Anne Yu, Hao Hao, Lenni Kuff, and Sravya Tirukkovalur.
Repository: sentry
Description
-------
Show role / privileges info in Sentry Service Webpage
Diffs
-----
sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/thrift/AdminServlet.java PRE-CREATION
sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/thrift/SentryWebServer.java 1bdea2c55de12a999f94ea33f8709311c7c2c7f2
sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/service/thrift/ServiceConstants.java 94bd2a95c77a9691cbaa578ebf417e49c339b7ed
sentry-provider/sentry-provider-db/src/main/webapp/SentryService.html ee112ce8d39626784d5d73ef0a4c28f43e7c4f1f
Diff: https://reviews.apache.org/r/45859/diff/
Testing
-------
Thanks,
Li Li
Re: Review Request 45859: SENTRY-1120: Show role / privileges info in
Sentry Service Webpage
Posted by Li Li <li...@cloudera.com>.
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/45859/
-----------------------------------------------------------
(Updated April 23, 2016, 1:05 a.m.)
Review request for sentry, Anne Yu, Hao Hao, Lenni Kuff, and Sravya Tirukkovalur.
Repository: sentry
Description
-------
Show role / privileges info in Sentry Service Webpage
Diffs
-----
sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/thrift/AdminServlet.java PRE-CREATION
sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/thrift/SentryWebServer.java 1bdea2c55de12a999f94ea33f8709311c7c2c7f2
sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/service/thrift/ServiceConstants.java 94bd2a95c77a9691cbaa578ebf417e49c339b7ed
sentry-provider/sentry-provider-db/src/main/webapp/SentryService.html ee112ce8d39626784d5d73ef0a4c28f43e7c4f1f
Diff: https://reviews.apache.org/r/45859/diff/
Testing
-------
File Attachments (updated)
----------------
SENTRY-1120.1.patch
https://reviews.apache.org/media/uploaded/files/2016/04/23/ff24a4bf-107d-48a0-bbbb-dafa0fbad804__SENTRY-1120.1.patch
Thanks,
Li Li
Re: Review Request 45859: SENTRY-1120: Show role / privileges info in
Sentry Service Webpage
Posted by Li Li <li...@cloudera.com>.
> On April 13, 2016, 4:30 a.m., Lenni Kuff wrote:
> > sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/thrift/AdminServlet.java, line 57
> > <https://reviews.apache.org/r/45859/diff/1/?file=1329281#file1329281line57>
> >
> > We shouldn't get in the business of validating passwords within Sentry, especially in plaintext.
> > It is probably better to use something like .htaccess / .htpasswd, however that hooks into Jetty. That way we can do the authentication using certificates rather than this type of check. Perhaps this is actually a seperate item from just listing roles - we want to instead add basic ACL support (Admin-only) to the debug webpage.
Yes, the listing roles feature need at least some basic ACL support. I will create a jira about adding basic ACL support for Admin-only to the debug webpage.
> On April 13, 2016, 4:30 a.m., Lenni Kuff wrote:
> > sentry-provider/sentry-provider-db/src/main/webapp/SentryService.html, line 65
> > <https://reviews.apache.org/r/45859/diff/1/?file=1329284#file1329284line65>
> >
> > Is it bad the password is cleartext?
Thanks for pointing it out! I will update it in the next patch.
- Li
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/45859/#review128608
-----------------------------------------------------------
On April 7, 2016, 3:57 a.m., Li Li wrote:
>
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/45859/
> -----------------------------------------------------------
>
> (Updated April 7, 2016, 3:57 a.m.)
>
>
> Review request for sentry, Anne Yu, Hao Hao, Lenni Kuff, and Sravya Tirukkovalur.
>
>
> Repository: sentry
>
>
> Description
> -------
>
> Show role / privileges info in Sentry Service Webpage
>
>
> Diffs
> -----
>
> sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/thrift/AdminServlet.java PRE-CREATION
> sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/thrift/SentryWebServer.java 1bdea2c55de12a999f94ea33f8709311c7c2c7f2
> sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/service/thrift/ServiceConstants.java 94bd2a95c77a9691cbaa578ebf417e49c339b7ed
> sentry-provider/sentry-provider-db/src/main/webapp/SentryService.html ee112ce8d39626784d5d73ef0a4c28f43e7c4f1f
>
> Diff: https://reviews.apache.org/r/45859/diff/
>
>
> Testing
> -------
>
>
> Thanks,
>
> Li Li
>
>
Re: Review Request 45859: SENTRY-1120: Show role / privileges info in
Sentry Service Webpage
Posted by Lenni Kuff <ls...@cloudera.com>.
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/45859/#review128608
-----------------------------------------------------------
sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/thrift/AdminServlet.java (line 57)
<https://reviews.apache.org/r/45859/#comment192059>
We shouldn't get in the business of validating passwords within Sentry, especially in plaintext.
It is probably better to use something like .htaccess / .htpasswd, however that hooks into Jetty. That way we can do the authentication using certificates rather than this type of check. Perhaps this is actually a seperate item from just listing roles - we want to instead add basic ACL support (Admin-only) to the debug webpage.
sentry-provider/sentry-provider-db/src/main/webapp/SentryService.html (line 65)
<https://reviews.apache.org/r/45859/#comment192058>
Is it bad the password is cleartext?
- Lenni Kuff
On April 7, 2016, 3:57 a.m., Li Li wrote:
>
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/45859/
> -----------------------------------------------------------
>
> (Updated April 7, 2016, 3:57 a.m.)
>
>
> Review request for sentry, Anne Yu, Hao Hao, Lenni Kuff, and Sravya Tirukkovalur.
>
>
> Repository: sentry
>
>
> Description
> -------
>
> Show role / privileges info in Sentry Service Webpage
>
>
> Diffs
> -----
>
> sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/thrift/AdminServlet.java PRE-CREATION
> sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/thrift/SentryWebServer.java 1bdea2c55de12a999f94ea33f8709311c7c2c7f2
> sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/service/thrift/ServiceConstants.java 94bd2a95c77a9691cbaa578ebf417e49c339b7ed
> sentry-provider/sentry-provider-db/src/main/webapp/SentryService.html ee112ce8d39626784d5d73ef0a4c28f43e7c4f1f
>
> Diff: https://reviews.apache.org/r/45859/diff/
>
>
> Testing
> -------
>
>
> Thanks,
>
> Li Li
>
>