[
https://issues.apache.org/jira/browse/SENTRY-2486?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16752798#comment-16752798
]
Hadoop QA commented on SENTRY-2486:
-----------------------------------
Here are the results of testing the latest attachment
https://issues.apache.org/jira/secure/attachment/12956395/SENTRY-2486.001.patch
against master.
{color:green}Overall:{color} +1 all checks pass
{color:green}SUCCESS:{color} all tests passed
Console output:
https://builds.apache.org/job/PreCommit-SENTRY-Build/4336/console
This message is automatically generated.
> Wrong user name when sentry HMSFollower gets full snapshot from HMS at
> insecure mode
> ------------------------------------------------------------------------------------
>
> Key: SENTRY-2486
> URL: https://issues.apache.org/jira/browse/SENTRY-2486
> Project: Sentry
> Issue Type: Bug
> Components: Sentry
> Affects Versions: 2.2.0
> Reporter: Na Li
> Assignee: Na Li
> Priority: Major
> Attachments: SENTRY-2486.001.patch, SENTRY-2486.001.patch
>
>
> In insecure mode, the current login user name is passed from Sentry to HMS
> server when sentry HMSFollower gets full snapshot from HMS.
> The user name should be "sentry" instead of current login user.
> The followiong code shows how current login user name is used when subject is
> null.
> In UserGroupInformation, if the context does not have subject, the
> getLoginUser() is used as user name
> @Public
> @Evolving
> public static UserGroupInformation getCurrentUser() throws IOException {
> AccessControlContext context = AccessController.getContext();
> Subject subject = Subject.getSubject(context);
> return subject != null && !subject.getPrincipals(User.class).isEmpty() ?
> new UserGroupInformation(subject) : getLoginUser();
> }
> This issue should not happen in production because secure mode is always
> used. Insecure mode is only used in test.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
