> On Jan. 11, 2019, 4:59 a.m., Na Li wrote: > > sentry-service/sentry-service-server/src/main/java/org/apache/sentry/service/thrift/HiveSimpleConnectionFactory.java > > Line 112 (original), 117 (patched) > > <https://reviews.apache.org/r/69702/diff/3/?file=2119162#file2119162line117> > > > > If I don't make this change, in insecured mode, the user will be > > current login user. It will be hard to configure super user at HMS server > > to bypass authoriozation check at readiong metadata. > > > > The value of realm is not important as only short user name is checked.
Why would it be the current login user? If it is insecure we wou;dn't have initialized the KerberonContext. Do we want to allow insecure connection between Sentry and HMS? I don't think we should be forcing this change. Instead of this you could remove the if (insecure) code block from the init method. That way the connection is always secure - Arjun ----------------------------------------------------------- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/69702/#review211854 ----------------------------------------------------------- On Jan. 11, 2019, 4:55 a.m., Na Li wrote: > > ----------------------------------------------------------- > This is an automatically generated e-mail. To reply, visit: > https://reviews.apache.org/r/69702/ > ----------------------------------------------------------- > > (Updated Jan. 11, 2019, 4:55 a.m.) > > > Review request for sentry, Arjun Mishra and kalyan kumar kalvagadda. > > > Bugs: sentry-2483 > https://issues.apache.org/jira/browse/sentry-2483 > > > Repository: sentry > > > Description > ------- > > Add READ_DATABASE and READ_TABLE events support to provide read authorization > to HMS. > > This is based on changed made by Sergio at > https://reviews.apache.org/r/69620/, and add code to fix unstable e2e tests > > > Diffs > ----- > > > sentry-binding/sentry-binding-hive/src/main/java/org/apache/sentry/binding/metastore/MetastoreAuthzBindingBase.java > 328d2b5 > > sentry-service/sentry-service-server/src/main/java/org/apache/sentry/service/thrift/HiveSimpleConnectionFactory.java > 31e58fd > sentry-tests/sentry-tests-hive/pom.xml 74777bb > > sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/hdfs/TestHDFSIntegrationBase.java > 47f7466 > > sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/hdfs/TestHDFSIntegrationTogglingConf.java > e504a8a > > sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/hive/AbstractTestWithStaticConfiguration.java > 8bf486e > > sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/hive/hiveserver/HiveServerFactory.java > 7d41348 > > sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/metastore/TestAuthorizingObjectStore.java > 3c28fd0 > > sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/metastore/TestMetastoreEndToEnd.java > f8f304f > > sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/minisentry/InternalSentrySrv.java > 9fa42f2 > > > Diff: https://reviews.apache.org/r/69702/diff/3/ > > > Testing > ------- > > add new e2e tests for READ_DATABASE and READ_TABLE at HMS > > > Thanks, > > Na Li > >
