[kudu-CR] KUDU-3078 Add Ranger tests to master authz-itest

Hao Hao (Code Review) Thu, 09 Apr 2020 10:17:25 -0700

Hao Hao has posted comments on this change. ( 
http://gerrit.cloudera.org:8080/15681 )


Change subject: KUDU-3078 Add Ranger tests to master_authz-itest
......................................................................


Patch Set 14:

(3 comments)

http://gerrit.cloudera.org:8080/#/c/15681/13/src/kudu/integration-tests/master_authz-itest.cc
File src/kudu/integration-tests/master_authz-itest.cc:

http://gerrit.cloudera.org:8080/#/c/15681/13/src/kudu/integration-tests/master_authz-itest.cc@515
PS13, Line 515: policy.tables.emplace_back("*");
> Unfortunately it can't be removed, METADATA on the table level is necessary
We are requesting METADATA on db level in authz provider, 
https://github.com/apache/kudu/blob/master/src/kudu/master/ranger_authz_provider.cc#L65.
 If that is the case, then it is a bug?


http://gerrit.cloudera.org:8080/#/c/15681/13/src/kudu/integration-tests/master_authz-itest.cc@554
PS13, Line 554: policy_new_table.tables.emplace_back("*");
> Unfortunately it can't be removed, METADATA on the table level is necessary
Same here.


http://gerrit.cloudera.org:8080/#/c/15681/14/src/kudu/master/ranger_authz_provider.cc
File src/kudu/master/ranger_authz_provider.cc:

http://gerrit.cloudera.org:8080/#/c/15681/14/src/kudu/master/ranger_authz_provider.cc@194
PS14, Line 194: // AuthorizeActionMultipleColumns shouldn't return 
NotAuthorized at this point
              :   // as it only returns NotAuthorized if the table name is 
invalid, but the
              :   // previous AuthorizeActions() call would've also returned a 
NotAuthorized in
              :   // that case.
              :   //
              :   // TODO(abukor): revisit if it's worth merge this into the 
previous request
              :   RETURN_NOT_OK(client_.AuthorizeActionMultipleColumns(user, 
ActionPB::SELECT, table_name,
              :                                                        
&column_names));
This should belong to https://gerrit.cloudera.org/c/15696/?



--
To view, visit http://gerrit.cloudera.org:8080/15681
To unsubscribe, visit http://gerrit.cloudera.org:8080/settings

Gerrit-Project: kudu
Gerrit-Branch: master
Gerrit-MessageType: comment
Gerrit-Change-Id: I25dc67516cd61f0624914989f8db4c4f94d7e3bf
Gerrit-Change-Number: 15681
Gerrit-PatchSet: 14
Gerrit-Owner: Attila Bukor <abu...@apache.org>
Gerrit-Reviewer: Adar Dembo <a...@cloudera.com>
Gerrit-Reviewer: Andrew Wong <aw...@cloudera.com>
Gerrit-Reviewer: Attila Bukor <abu...@apache.org>
Gerrit-Reviewer: Grant Henke <granthe...@apache.org>
Gerrit-Reviewer: Hao Hao <hao....@cloudera.com>
Gerrit-Reviewer: Kudu Jenkins (120)
Gerrit-Reviewer: Tidy Bot (241)
Gerrit-Comment-Date: Thu, 09 Apr 2020 17:16:53 +0000
Gerrit-HasComments: Yes

[kudu-CR] KUDU-3078 Add Ranger tests to master authz-itest

Reply via email to