[ https://issues.apache.org/jira/browse/SENTRY-2486?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16754336#comment-16754336 ]
Hadoop QA commented on SENTRY-2486: ----------------------------------- Here are the results of testing the latest attachment https://issues.apache.org/jira/secure/attachment/12956596/SENTRY-2486.002.patch against master. {color:green}Overall:{color} +1 all checks pass {color:green}SUCCESS:{color} all tests passed Console output: https://builds.apache.org/job/PreCommit-SENTRY-Build/4344/console This message is automatically generated. > Wrong user name when sentry HMSFollower gets full snapshot from HMS at > insecure mode > ------------------------------------------------------------------------------------ > > Key: SENTRY-2486 > URL: https://issues.apache.org/jira/browse/SENTRY-2486 > Project: Sentry > Issue Type: Bug > Components: Sentry > Affects Versions: 2.2.0 > Reporter: Na Li > Assignee: Na Li > Priority: Major > Attachments: SENTRY-2486.001.patch, SENTRY-2486.001.patch, > SENTRY-2486.002.patch > > > In insecure mode, the current login user name is passed from Sentry to HMS > server when sentry HMSFollower gets full snapshot from HMS. > The user name should be "sentry" instead of current login user. > The followiong code shows how current login user name is used when subject is > null. > In UserGroupInformation, if the context does not have subject, the > getLoginUser() is used as user name > @Public > @Evolving > public static UserGroupInformation getCurrentUser() throws IOException { > AccessControlContext context = AccessController.getContext(); > Subject subject = Subject.getSubject(context); > return subject != null && !subject.getPrincipals(User.class).isEmpty() ? > new UserGroupInformation(subject) : getLoginUser(); > } > This issue should not happen in production because secure mode is always > used. Insecure mode is only used in test. -- This message was sent by Atlassian JIRA (v7.6.3#76005)