Hao Hao has posted comments on this change. ( http://gerrit.cloudera.org:8080/15681 )
Change subject: KUDU-3078 Add Ranger tests to master_authz-itest ...................................................................... Patch Set 14: (3 comments) http://gerrit.cloudera.org:8080/#/c/15681/13/src/kudu/integration-tests/master_authz-itest.cc File src/kudu/integration-tests/master_authz-itest.cc: http://gerrit.cloudera.org:8080/#/c/15681/13/src/kudu/integration-tests/master_authz-itest.cc@515 PS13, Line 515: policy.tables.emplace_back("*"); > Unfortunately it can't be removed, METADATA on the table level is necessary We are requesting METADATA on db level in authz provider, https://github.com/apache/kudu/blob/master/src/kudu/master/ranger_authz_provider.cc#L65. If that is the case, then it is a bug? http://gerrit.cloudera.org:8080/#/c/15681/13/src/kudu/integration-tests/master_authz-itest.cc@554 PS13, Line 554: policy_new_table.tables.emplace_back("*"); > Unfortunately it can't be removed, METADATA on the table level is necessary Same here. http://gerrit.cloudera.org:8080/#/c/15681/14/src/kudu/master/ranger_authz_provider.cc File src/kudu/master/ranger_authz_provider.cc: http://gerrit.cloudera.org:8080/#/c/15681/14/src/kudu/master/ranger_authz_provider.cc@194 PS14, Line 194: // AuthorizeActionMultipleColumns shouldn't return NotAuthorized at this point : // as it only returns NotAuthorized if the table name is invalid, but the : // previous AuthorizeActions() call would've also returned a NotAuthorized in : // that case. : // : // TODO(abukor): revisit if it's worth merge this into the previous request : RETURN_NOT_OK(client_.AuthorizeActionMultipleColumns(user, ActionPB::SELECT, table_name, : &column_names)); This should belong to https://gerrit.cloudera.org/c/15696/? -- To view, visit http://gerrit.cloudera.org:8080/15681 To unsubscribe, visit http://gerrit.cloudera.org:8080/settings Gerrit-Project: kudu Gerrit-Branch: master Gerrit-MessageType: comment Gerrit-Change-Id: I25dc67516cd61f0624914989f8db4c4f94d7e3bf Gerrit-Change-Number: 15681 Gerrit-PatchSet: 14 Gerrit-Owner: Attila Bukor <abu...@apache.org> Gerrit-Reviewer: Adar Dembo <a...@cloudera.com> Gerrit-Reviewer: Andrew Wong <aw...@cloudera.com> Gerrit-Reviewer: Attila Bukor <abu...@apache.org> Gerrit-Reviewer: Grant Henke <granthe...@apache.org> Gerrit-Reviewer: Hao Hao <hao....@cloudera.com> Gerrit-Reviewer: Kudu Jenkins (120) Gerrit-Reviewer: Tidy Bot (241) Gerrit-Comment-Date: Thu, 09 Apr 2020 17:16:53 +0000 Gerrit-HasComments: Yes