Andrew Wong has posted comments on this change. ( http://gerrit.cloudera.org:8080/15416 )
Change subject: [ranger] pass 'principal' and 'keytab' to the subprocess ...................................................................... Patch Set 3: (4 comments) http://gerrit.cloudera.org:8080/#/c/15416/3/src/kudu/ranger/ranger_client.h File src/kudu/ranger/ranger_client.h: http://gerrit.cloudera.org:8080/#/c/15416/3/src/kudu/ranger/ranger_client.h@101 PS3, Line 101: // Builds the arguments for the Ranger subprocess. Specifically pass : // the principal and keytab file that the Ranger subprocess will log in with : // if Kerberos is enabled. 'args' has the final arguments. : // Returns 'OK' if arguments successfully created, error otherwise. : static Status BuildArgs(std::vector<std::string>* args); Maybe just put this in an anonymous namespace in the .cc file? Then we don't need to include <vector>. Unless there's a good reason for keeping it in the header. http://gerrit.cloudera.org:8080/#/c/15416/3/src/kudu/ranger/ranger_client.cc File src/kudu/ranger/ranger_client.cc: http://gerrit.cloudera.org:8080/#/c/15416/3/src/kudu/ranger/ranger_client.cc@371 PS3, Line 371: std::vector<std::string> nit: Remove std. http://gerrit.cloudera.org:8080/#/c/15416/3/src/kudu/ranger/ranger_client.cc@385 PS3, Line 385: Status s = security::GetConfiguredPrincipal(FLAGS_principal, &configured_principal); : if (!s.ok()) { : LOG(WARNING) << Substitute("unable to get the configured principal from ($0) for " : "the Ranger subprocess", FLAGS_principal); : return s; : } nit: Why not just RETURN_NOT_OK_PREPEND? http://gerrit.cloudera.org:8080/#/c/15416/3/src/kudu/ranger/ranger_client.cc@372 PS3, Line 372: DCHECK(args); : : // Pass the required arguments to run the Ranger subprocess. : args->emplace_back(FLAGS_ranger_java_path); : args->emplace_back("-cp"); : args->emplace_back(GetJavaClasspath()); : args->emplace_back(kMainClass); : : // When Kerberos is enabled in Kudu, pass both Kudu principal and keytab file : // to the Ranger subprocess. : const bool has_keytab = !FLAGS_keytab_file.empty(); : if (has_keytab) { : string configured_principal; : Status s = security::GetConfiguredPrincipal(FLAGS_principal, &configured_principal); : if (!s.ok()) { : LOG(WARNING) << Substitute("unable to get the configured principal from ($0) for " : "the Ranger subprocess", FLAGS_principal); : return s; : } : args->emplace_back("-i"); : args->emplace_back(configured_principal); : args->emplace_back("-k"); : args->emplace_back(FLAGS_keytab_file); : } nit: It's generally less error-prone to only mutate an outparam if this succeeds. Consider creating a local vector<string> and std::move()ing it before returning OK. Also such a local variable can be initialized with an initializer list instead of emplace_back. -- To view, visit http://gerrit.cloudera.org:8080/15416 To unsubscribe, visit http://gerrit.cloudera.org:8080/settings Gerrit-Project: kudu Gerrit-Branch: master Gerrit-MessageType: comment Gerrit-Change-Id: Ie30b835b6d44ddb51d95c587f1329bfefebeb37c Gerrit-Change-Number: 15416 Gerrit-PatchSet: 3 Gerrit-Owner: Hao Hao <hao....@cloudera.com> Gerrit-Reviewer: Adar Dembo <a...@cloudera.com> Gerrit-Reviewer: Andrew Wong <aw...@cloudera.com> Gerrit-Reviewer: Attila Bukor <abu...@apache.org> Gerrit-Reviewer: Hao Hao <hao....@cloudera.com> Gerrit-Reviewer: Kudu Jenkins (120) Gerrit-Comment-Date: Sat, 14 Mar 2020 19:34:45 +0000 Gerrit-HasComments: Yes