[jira] [Updated] (SENTRY-2486) Wrong user name when sentry HMSFollower gets full snapshot from HMS at insecure mode
[
https://issues.apache.org/jira/browse/SENTRY-2486?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Kalyan Kalvagadda updated SENTRY-2486:
--
Fix Version/s: 2.2.0
> Wrong user name when sentry HMSFollower gets full snapshot from HMS at
> insecure mode
>
>
> Key: SENTRY-2486
> URL: https://issues.apache.org/jira/browse/SENTRY-2486
> Project: Sentry
> Issue Type: Bug
> Components: Sentry
>Affects Versions: 2.2.0
>Reporter: Na Li
>Assignee: Na Li
>Priority: Major
> Fix For: 2.2.0
>
> Attachments: SENTRY-2486.001.patch, SENTRY-2486.001.patch,
> SENTRY-2486.002.patch
>
>
> In insecure mode, the current login user name is passed from Sentry to HMS
> server when sentry HMSFollower gets full snapshot from HMS.
> The user name should be "sentry" instead of current login user.
> The followiong code shows how current login user name is used when subject is
> null.
> In UserGroupInformation, if the context does not have subject, the
> getLoginUser() is used as user name
> @Public
> @Evolving
> public static UserGroupInformation getCurrentUser() throws IOException {
> AccessControlContext context = AccessController.getContext();
> Subject subject = Subject.getSubject(context);
> return subject != null && !subject.getPrincipals(User.class).isEmpty() ?
> new UserGroupInformation(subject) : getLoginUser();
> }
> This issue should not happen in production because secure mode is always
> used. Insecure mode is only used in test.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
[jira] [Updated] (SENTRY-2486) Wrong user name when sentry HMSFollower gets full snapshot from HMS at insecure mode
[
https://issues.apache.org/jira/browse/SENTRY-2486?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Na Li updated SENTRY-2486:
--
Resolution: Fixed
Status: Resolved (was: Patch Available)
[~calyanbandi][~arjunmishra13] Thanks for reviewing the code
> Wrong user name when sentry HMSFollower gets full snapshot from HMS at
> insecure mode
>
>
> Key: SENTRY-2486
> URL: https://issues.apache.org/jira/browse/SENTRY-2486
> Project: Sentry
> Issue Type: Bug
> Components: Sentry
>Affects Versions: 2.2.0
>Reporter: Na Li
>Assignee: Na Li
>Priority: Major
> Attachments: SENTRY-2486.001.patch, SENTRY-2486.001.patch,
> SENTRY-2486.002.patch
>
>
> In insecure mode, the current login user name is passed from Sentry to HMS
> server when sentry HMSFollower gets full snapshot from HMS.
> The user name should be "sentry" instead of current login user.
> The followiong code shows how current login user name is used when subject is
> null.
> In UserGroupInformation, if the context does not have subject, the
> getLoginUser() is used as user name
> @Public
> @Evolving
> public static UserGroupInformation getCurrentUser() throws IOException {
> AccessControlContext context = AccessController.getContext();
> Subject subject = Subject.getSubject(context);
> return subject != null && !subject.getPrincipals(User.class).isEmpty() ?
> new UserGroupInformation(subject) : getLoginUser();
> }
> This issue should not happen in production because secure mode is always
> used. Insecure mode is only used in test.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
[jira] [Updated] (SENTRY-2486) Wrong user name when sentry HMSFollower gets full snapshot from HMS at insecure mode
[
https://issues.apache.org/jira/browse/SENTRY-2486?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Na Li updated SENTRY-2486:
--
Attachment: SENTRY-2486.002.patch
> Wrong user name when sentry HMSFollower gets full snapshot from HMS at
> insecure mode
>
>
> Key: SENTRY-2486
> URL: https://issues.apache.org/jira/browse/SENTRY-2486
> Project: Sentry
> Issue Type: Bug
> Components: Sentry
>Affects Versions: 2.2.0
>Reporter: Na Li
>Assignee: Na Li
>Priority: Major
> Attachments: SENTRY-2486.001.patch, SENTRY-2486.001.patch,
> SENTRY-2486.002.patch
>
>
> In insecure mode, the current login user name is passed from Sentry to HMS
> server when sentry HMSFollower gets full snapshot from HMS.
> The user name should be "sentry" instead of current login user.
> The followiong code shows how current login user name is used when subject is
> null.
> In UserGroupInformation, if the context does not have subject, the
> getLoginUser() is used as user name
> @Public
> @Evolving
> public static UserGroupInformation getCurrentUser() throws IOException {
> AccessControlContext context = AccessController.getContext();
> Subject subject = Subject.getSubject(context);
> return subject != null && !subject.getPrincipals(User.class).isEmpty() ?
> new UserGroupInformation(subject) : getLoginUser();
> }
> This issue should not happen in production because secure mode is always
> used. Insecure mode is only used in test.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
[jira] [Updated] (SENTRY-2486) Wrong user name when sentry HMSFollower gets full snapshot from HMS at insecure mode
[
https://issues.apache.org/jira/browse/SENTRY-2486?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Na Li updated SENTRY-2486:
--
Attachment: SENTRY-2486.001.patch
> Wrong user name when sentry HMSFollower gets full snapshot from HMS at
> insecure mode
>
>
> Key: SENTRY-2486
> URL: https://issues.apache.org/jira/browse/SENTRY-2486
> Project: Sentry
> Issue Type: Bug
> Components: Sentry
>Affects Versions: 2.2.0
>Reporter: Na Li
>Assignee: Na Li
>Priority: Major
> Attachments: SENTRY-2486.001.patch, SENTRY-2486.001.patch
>
>
> In insecure mode, the current login user name is passed from Sentry to HMS
> server when sentry HMSFollower gets full snapshot from HMS.
> The user name should be "sentry" instead of current login user.
> The followiong code shows how current login user name is used when subject is
> null.
> In UserGroupInformation, if the context does not have subject, the
> getLoginUser() is used as user name
> @Public
> @Evolving
> public static UserGroupInformation getCurrentUser() throws IOException {
> AccessControlContext context = AccessController.getContext();
> Subject subject = Subject.getSubject(context);
> return subject != null && !subject.getPrincipals(User.class).isEmpty() ?
> new UserGroupInformation(subject) : getLoginUser();
> }
> This issue should not happen in production because secure mode is always
> used. Insecure mode is only used in test.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
[jira] [Updated] (SENTRY-2486) Wrong user name when sentry HMSFollower gets full snapshot from HMS at insecure mode
[
https://issues.apache.org/jira/browse/SENTRY-2486?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Na Li updated SENTRY-2486:
--
Description:
In insecure mode, the current login user name is passed from Sentry to HMS
server when sentry HMSFollower gets full snapshot from HMS.
The user name should be "sentry" instead of current login user.
The followiong code shows how current login user name is used when subject is
null.
In UserGroupInformation, if the context does not have subject, the
getLoginUser() is used as user name
@Public
@Evolving
public static UserGroupInformation getCurrentUser() throws IOException {
AccessControlContext context = AccessController.getContext();
Subject subject = Subject.getSubject(context);
return subject != null && !subject.getPrincipals(User.class).isEmpty() ?
new UserGroupInformation(subject) : getLoginUser();
}
This issue should not happen in production because secure mode is always used.
Insecure mode is only used in test.
was:
In insecure mode, the current login user name is passed from Sentry to HMS
server when sentry HMSFollower gets full snapshot from HMS.
The user name should be "sentry" instead of current login user.
The followiong code shows how current login user name is used when subject is
null.
In UserGroupInformation, if the context does not have subject, the
getLoginUser()
@Public
@Evolving
public static UserGroupInformation getCurrentUser() throws IOException {
AccessControlContext context = AccessController.getContext();
Subject subject = Subject.getSubject(context);
return subject != null && !subject.getPrincipals(User.class).isEmpty() ?
new UserGroupInformation(subject) : getLoginUser();
}
This issue should not happen in production because secure mode is always used.
Insecure mode is only used in test.
> Wrong user name when sentry HMSFollower gets full snapshot from HMS at
> insecure mode
>
>
> Key: SENTRY-2486
> URL: https://issues.apache.org/jira/browse/SENTRY-2486
> Project: Sentry
> Issue Type: Bug
> Components: Sentry
>Affects Versions: 2.2.0
>Reporter: Na Li
>Assignee: Na Li
>Priority: Major
> Attachments: SENTRY-2486.001.patch
>
>
> In insecure mode, the current login user name is passed from Sentry to HMS
> server when sentry HMSFollower gets full snapshot from HMS.
> The user name should be "sentry" instead of current login user.
> The followiong code shows how current login user name is used when subject is
> null.
> In UserGroupInformation, if the context does not have subject, the
> getLoginUser() is used as user name
> @Public
> @Evolving
> public static UserGroupInformation getCurrentUser() throws IOException {
> AccessControlContext context = AccessController.getContext();
> Subject subject = Subject.getSubject(context);
> return subject != null && !subject.getPrincipals(User.class).isEmpty() ?
> new UserGroupInformation(subject) : getLoginUser();
> }
> This issue should not happen in production because secure mode is always
> used. Insecure mode is only used in test.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
[jira] [Updated] (SENTRY-2486) Wrong user name when sentry HMSFollower gets full snapshot from HMS at insecure mode
[
https://issues.apache.org/jira/browse/SENTRY-2486?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Na Li updated SENTRY-2486:
--
Attachment: SENTRY-2486.001.patch
> Wrong user name when sentry HMSFollower gets full snapshot from HMS at
> insecure mode
>
>
> Key: SENTRY-2486
> URL: https://issues.apache.org/jira/browse/SENTRY-2486
> Project: Sentry
> Issue Type: Bug
> Components: Sentry
>Affects Versions: 2.2.0
>Reporter: Na Li
>Assignee: Na Li
>Priority: Major
> Attachments: SENTRY-2486.001.patch
>
>
> In insecure mode, the current login user name is passed from Sentry to HMS
> server when sentry HMSFollower gets full snapshot from HMS.
> The user name should be "sentry" instead of current login user.
> The followiong code shows how current login user name is used when subject is
> null.
> In UserGroupInformation, if the context does not have subject, the
> getLoginUser()
> @Public
> @Evolving
> public static UserGroupInformation getCurrentUser() throws IOException {
> AccessControlContext context = AccessController.getContext();
> Subject subject = Subject.getSubject(context);
> return subject != null && !subject.getPrincipals(User.class).isEmpty() ?
> new UserGroupInformation(subject) : getLoginUser();
> }
> This issue should not happen in production because secure mode is always
> used. Insecure mode is only used in test.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
[jira] [Updated] (SENTRY-2486) Wrong user name when sentry HMSFollower gets full snapshot from HMS at insecure mode
[
https://issues.apache.org/jira/browse/SENTRY-2486?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Na Li updated SENTRY-2486:
--
Status: Patch Available (was: Open)
> Wrong user name when sentry HMSFollower gets full snapshot from HMS at
> insecure mode
>
>
> Key: SENTRY-2486
> URL: https://issues.apache.org/jira/browse/SENTRY-2486
> Project: Sentry
> Issue Type: Bug
> Components: Sentry
>Affects Versions: 2.2.0
>Reporter: Na Li
>Assignee: Na Li
>Priority: Major
> Attachments: SENTRY-2486.001.patch
>
>
> In insecure mode, the current login user name is passed from Sentry to HMS
> server when sentry HMSFollower gets full snapshot from HMS.
> The user name should be "sentry" instead of current login user.
> The followiong code shows how current login user name is used when subject is
> null.
> In UserGroupInformation, if the context does not have subject, the
> getLoginUser()
> @Public
> @Evolving
> public static UserGroupInformation getCurrentUser() throws IOException {
> AccessControlContext context = AccessController.getContext();
> Subject subject = Subject.getSubject(context);
> return subject != null && !subject.getPrincipals(User.class).isEmpty() ?
> new UserGroupInformation(subject) : getLoginUser();
> }
> This issue should not happen in production because secure mode is always
> used. Insecure mode is only used in test.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
