date:20161005

Re: Review Request 45859: SENTRY-1120: Show role / privileges info in Sentry Service Webpage

2016-10-05 Thread Li Li



> On Oct. 6, 2016, 12:05 a.m., Alexander Kolbasov wrote:
> > sentry-service/sentry-service-server/src/main/java/org/apache/sentry/provider/db/service/thrift/SentryAdminServlet.java,
> >  line 39
> > 
> >
> > Please add some comment explaining where did this teplate come from. 
> > Did you invent it? Did you copy it from somewhere?

sure. I copied the way used in com.codahale.metrics.servlets.AdminServlet, and 
the contents is different since we are using the twitter bootstrap kit. Also 
here we only use the TEMPLATE as a static html with some links referenced to 
other debug pages.


> On Oct. 6, 2016, 12:05 a.m., Alexander Kolbasov wrote:
> > sentry-service/sentry-service-server/src/main/java/org/apache/sentry/provider/db/service/thrift/SentryAdminServlet.java,
> >  line 92
> > 
> >
> > Do you need to add
> > 
> > Pragma: no-cache
> > Expires: 0
> > 
> > as well to disable caching? Different clients usig differet mechanisms.

since it is only used for admin to debug / test, I assume there are not many 
clients using it.
Also do we really want it is cached, since it contains very sensitive info?


- Li


---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/45859/#review151591
---


On Oct. 4, 2016, 10:23 p.m., Li Li wrote:
> 
> ---
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/45859/
> ---
> 
> (Updated Oct. 4, 2016, 10:23 p.m.)
> 
> 
> Review request for sentry, Alexander Kolbasov, Anne Yu, Hao Hao, Lenni Kuff, 
> and Sravya Tirukkovalur.
> 
> 
> Repository: sentry
> 
> 
> Description
> ---
> 
> Show role / privileges info in Sentry Service Webpage. Since it is only used 
> for debug / test currently, this webpage can be seen only when 
> SENTRY_WEB_ADMIN_SERVLET_ENABLED is true.
> 
> 
> Diffs
> -
> 
>   
> sentry-service/sentry-service-common/src/main/java/org/apache/sentry/service/thrift/ServiceConstants.java
>  5ec364c460e74d0a9dae8a28c20042360157b8a0 
>   
> sentry-service/sentry-service-server/src/main/java/org/apache/sentry/provider/db/service/thrift/SentryAdminServlet.java
>  PRE-CREATION 
>   
> sentry-service/sentry-service-server/src/main/java/org/apache/sentry/provider/db/service/thrift/SentryWebServer.java
>  a42f395270996da345ce49edca909e0438383759 
> 
> Diff: https://reviews.apache.org/r/45859/diff/
> 
> 
> Testing
> ---
> 
> Already tested in kerberos cluster. When 
> sentry.service.web.authentication.type is set to KERBEROS, only the 
> SENTRY_WEB_SECURITY_ALLOW_CONNECT_USERS can see this page. Also this webpage 
> can be seen only when SENTRY_WEB_ADMIN_SERVLET_ENABLED is true.
> 
> 
> Thanks,
> 
> Li Li
> 
>

Re: Review Request 45859: SENTRY-1120: Show role / privileges info in Sentry Service Webpage

2016-10-05 Thread Alexander Kolbasov


---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/45859/#review151591
---


Fix it, then Ship it!





sentry-service/sentry-service-server/src/main/java/org/apache/sentry/provider/db/service/thrift/SentryAdminServlet.java
 (line 39)


Please add some comment explaining where did this teplate come from. Did 
you invent it? Did you copy it from somewhere?



sentry-service/sentry-service-server/src/main/java/org/apache/sentry/provider/db/service/thrift/SentryAdminServlet.java
 (line 92)


Do you need to add

Pragma: no-cache
Expires: 0

as well to disable caching? Different clients usig differet mechanisms.


- Alexander Kolbasov


On Oct. 4, 2016, 10:23 p.m., Li Li wrote:
> 
> ---
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/45859/
> ---
> 
> (Updated Oct. 4, 2016, 10:23 p.m.)
> 
> 
> Review request for sentry, Alexander Kolbasov, Anne Yu, Hao Hao, Lenni Kuff, 
> and Sravya Tirukkovalur.
> 
> 
> Repository: sentry
> 
> 
> Description
> ---
> 
> Show role / privileges info in Sentry Service Webpage. Since it is only used 
> for debug / test currently, this webpage can be seen only when 
> SENTRY_WEB_ADMIN_SERVLET_ENABLED is true.
> 
> 
> Diffs
> -
> 
>   
> sentry-service/sentry-service-common/src/main/java/org/apache/sentry/service/thrift/ServiceConstants.java
>  5ec364c460e74d0a9dae8a28c20042360157b8a0 
>   
> sentry-service/sentry-service-server/src/main/java/org/apache/sentry/provider/db/service/thrift/SentryAdminServlet.java
>  PRE-CREATION 
>   
> sentry-service/sentry-service-server/src/main/java/org/apache/sentry/provider/db/service/thrift/SentryWebServer.java
>  a42f395270996da345ce49edca909e0438383759 
> 
> Diff: https://reviews.apache.org/r/45859/diff/
> 
> 
> Testing
> ---
> 
> Already tested in kerberos cluster. When 
> sentry.service.web.authentication.type is set to KERBEROS, only the 
> SENTRY_WEB_SECURITY_ALLOW_CONNECT_USERS can see this page. Also this webpage 
> can be seen only when SENTRY_WEB_ADMIN_SERVLET_ENABLED is true.
> 
> 
> Thanks,
> 
> Li Li
> 
>

Review Request 52582: SENTRY-1489: Categorize e2e tests into slow and regular tests, so that can adapt the timeout and etc.

2016-10-05 Thread Anne Yu


---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/52582/
---

Review request for sentry, Hao Hao, Li Li, and Sravya Tirukkovalur.


Bugs: SENTRY-1489
https://issues.apache.org/jira/browse/SENTRY-1489


Repository: sentry


Description
---

org.apache.sentry.tests.e2e.dbprovider.TestDbCrossOperations and some other 
tests occasionally fail with time out exception. Should make a more flexible 
rule for different type of tests. By nature, some tests just take longer time 
to finish.


Diffs
-

  
sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/dbprovider/AbstractTestWithDbProvider.java
 e7cccbfb7955a497f485e3b69e9dc4d9db191473 
  
sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/dbprovider/TestDbCrossOperations.java
 60812cfa82d318ddfad32e439d3895f49ed21180 
  
sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/hive/AbstractTestWithHiveServer.java
 a314c0dde9c60e7dbb51156cea13980bf8600bf1 
  
sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/hive/AbstractTestWithStaticConfiguration.java
 62da0256e8546a25f0ed0a97b8f3c21eec4fecaa 
  
sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/hive/RulesForE2ETest.java
 PRE-CREATION 
  
sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/hive/SlowE2ETest.java
 PRE-CREATION 

Diff: https://reviews.apache.org/r/52582/diff/


Testing
---


Thanks,

Anne Yu

New User Questions

2016-10-05 Thread lewis john mcgibbney

Hi Folks,
I've spent the last few nights trying to read through as much of the sentry
documentation as I can and have a couple of very basic questions
particularly surrounding my requirement to have a secure Hadoop ecosystem.
Say for example I want to lock down the entire Hadoop cluster including all
system ports, WebUI's as well as implementation of security based roles and
authorization. Is Sentry the tool to use? Do I also need to have configured
and be running Hadoop in secure mode?
I appreciate any feedback on this one as it is not immediately obvious
looking at the Sentry website and documentation (I don't think) if there
are other options over and above Sentry to make the cluster secure.
Thanks
Lewis

-- 
http://home.apache.org/~lewismc/
@hectorMcSpector
http://www.linkedin.com/in/lmcgibbney

Re: Review Request 45859: SENTRY-1120: Show role / privileges info in Sentry Service Webpage

Re: Review Request 45859: SENTRY-1120: Show role / privileges info in Sentry Service Webpage

Review Request 52582: SENTRY-1489: Categorize e2e tests into slow and regular tests, so that can adapt the timeout and etc.

New User Questions

4 matches

Site Navigation

Mail list logo

Footer information