[kudu-CR] WIP [master] introduced SentryPrivilegesFetcher

Tue, 02 Apr 2019 22:39:26 -0700 

Hello Tidy Bot, Kudu Jenkins, Andrew Wong, Adar Dembo, Hao Hao,

I'd like you to reexamine a change. Please visit

    http://gerrit.cloudera.org:8080/12833

to look at the new patch set (#7).

Change subject: WIP [master] introduced SentryPrivilegesFetcher
......................................................................

WIP [master] introduced SentryPrivilegesFetcher

This patch incorporates a TTL-based cache into the data paths
of SentryAuthzProvider.  As of now, the cache stores raw responses
received from Sentry.  It's possible to enable or disable caching
upon creation of SentryAuthzProvider instance: set the newly introduced
`--sentry_authz_cache_capacity_mb` command-line flag to 0 to disable
caching of authz privilege information returned from Sentry.

In addition, it's possible to force the cache to fetch and cache
information from broader levels of Sentry's authz hierarchy: use the
`--sentry_authz_cache_finest_scope` flag for that.

WIP
  * clarify on --sentry_authz_cache_finest_scope: do we need it
    or we are going to use some other approach
  * proper sanitization of Sentry responses (comes from other patch?)
  * cache processed and sanitized info, not raw Sentry responses
  * to add tests specific to SentryPrivilegesFetcher

Change-Id: Idaefacd50736f1f152dae34e76778e17b2e84cbe
---
M src/kudu/integration-tests/master_sentry-itest.cc
M src/kudu/master/CMakeLists.txt
M src/kudu/master/catalog_manager.cc
M src/kudu/master/default_authz_provider.h
M src/kudu/master/sentry_authz_provider-test.cc
M src/kudu/master/sentry_authz_provider.cc
M src/kudu/master/sentry_authz_provider.h
A src/kudu/master/sentry_privileges_cache_metrics.cc
A src/kudu/master/sentry_privileges_cache_metrics.h
A src/kudu/master/sentry_privileges_fetcher.cc
A src/kudu/master/sentry_privileges_fetcher.h
M src/kudu/sentry/sentry_authorizable_scope.cc
12 files changed, 1,112 insertions(+), 287 deletions(-)


  git pull ssh://gerrit.cloudera.org:29418/kudu refs/changes/33/12833/7
--
To view, visit http://gerrit.cloudera.org:8080/12833
To unsubscribe, visit http://gerrit.cloudera.org:8080/settings

Gerrit-Project: kudu
Gerrit-Branch: master
Gerrit-MessageType: newpatchset
Gerrit-Change-Id: Idaefacd50736f1f152dae34e76778e17b2e84cbe
Gerrit-Change-Number: 12833
Gerrit-PatchSet: 7
Gerrit-Owner: Alexey Serbin <aser...@cloudera.com>
Gerrit-Reviewer: Adar Dembo <a...@cloudera.com>
Gerrit-Reviewer: Alexey Serbin <aser...@cloudera.com>
Gerrit-Reviewer: Andrew Wong <aw...@cloudera.com>
Gerrit-Reviewer: Hao Hao <hao....@cloudera.com>
Gerrit-Reviewer: Kudu Jenkins (120)
Gerrit-Reviewer: Tidy Bot (241)

Reply via email to