subject:"\[kudu\-CR\] authz\: authorize ListTablets"

[kudu-CR] authz: authorize ListTablets

2019-04-05 Thread Andrew Wong (Code Review)

Hello Dan Burkert, Kudu Jenkins, Hao Hao,

I'd like you to reexamine a change. Please visit

http://gerrit.cloudera.org:8080/11752

to look at the new patch set (#2).

Change subject: authz: authorize ListTablets
..

authz: authorize ListTablets

See the comment in tablet_service.h for details.

Change-Id: I4bb2d09f23d7b77729e21060dad41c0501b17ded
---
M src/kudu/integration-tests/security-itest.cc
M src/kudu/tserver/tablet_service.cc
M src/kudu/tserver/tablet_service.h
M src/kudu/tserver/tserver_service.proto
4 files changed, 46 insertions(+), 1 deletion(-)


  git pull ssh://gerrit.cloudera.org:29418/kudu refs/changes/52/11752/2
--
To view, visit http://gerrit.cloudera.org:8080/11752
To unsubscribe, visit http://gerrit.cloudera.org:8080/settings

Gerrit-Project: kudu
Gerrit-Branch: master
Gerrit-MessageType: newpatchset
Gerrit-Change-Id: I4bb2d09f23d7b77729e21060dad41c0501b17ded
Gerrit-Change-Number: 11752
Gerrit-PatchSet: 2
Gerrit-Owner: Andrew Wong 
Gerrit-Reviewer: Andrew Wong 
Gerrit-Reviewer: Dan Burkert 
Gerrit-Reviewer: Hao Hao 
Gerrit-Reviewer: Kudu Jenkins (120)

[kudu-CR] authz: authorize ListTablets

2019-04-06 Thread Andrew Wong (Code Review)

Hello Dan Burkert, Kudu Jenkins, Adar Dembo, Hao Hao,

I'd like you to reexamine a change. Please visit

http://gerrit.cloudera.org:8080/11752

to look at the new patch set (#3).

Change subject: authz: authorize ListTablets
..

authz: authorize ListTablets

See the comment in tablet_service.h for details.

Change-Id: I4bb2d09f23d7b77729e21060dad41c0501b17ded
---
M src/kudu/integration-tests/security-itest.cc
M src/kudu/tserver/tablet_service.cc
M src/kudu/tserver/tablet_service.h
M src/kudu/tserver/tserver_service.proto
4 files changed, 47 insertions(+), 1 deletion(-)


  git pull ssh://gerrit.cloudera.org:29418/kudu refs/changes/52/11752/3
--
To view, visit http://gerrit.cloudera.org:8080/11752
To unsubscribe, visit http://gerrit.cloudera.org:8080/settings

Gerrit-Project: kudu
Gerrit-Branch: master
Gerrit-MessageType: newpatchset
Gerrit-Change-Id: I4bb2d09f23d7b77729e21060dad41c0501b17ded
Gerrit-Change-Number: 11752
Gerrit-PatchSet: 3
Gerrit-Owner: Andrew Wong 
Gerrit-Reviewer: Adar Dembo 
Gerrit-Reviewer: Andrew Wong 
Gerrit-Reviewer: Dan Burkert 
Gerrit-Reviewer: Hao Hao 
Gerrit-Reviewer: Kudu Jenkins (120)

[kudu-CR] authz: authorize ListTablets

2019-04-06 Thread Andrew Wong (Code Review)

Hello Dan Burkert, Kudu Jenkins, Adar Dembo, Hao Hao,

I'd like you to reexamine a change. Please visit

http://gerrit.cloudera.org:8080/11752

to look at the new patch set (#4).

Change subject: authz: authorize ListTablets
..

authz: authorize ListTablets

See the comment in tablet_service.h for details.

Change-Id: I4bb2d09f23d7b77729e21060dad41c0501b17ded
---
M src/kudu/integration-tests/security-itest.cc
M src/kudu/tserver/tablet_service.cc
M src/kudu/tserver/tablet_service.h
M src/kudu/tserver/tserver_service.proto
4 files changed, 46 insertions(+), 1 deletion(-)


  git pull ssh://gerrit.cloudera.org:29418/kudu refs/changes/52/11752/4
--
To view, visit http://gerrit.cloudera.org:8080/11752
To unsubscribe, visit http://gerrit.cloudera.org:8080/settings

Gerrit-Project: kudu
Gerrit-Branch: master
Gerrit-MessageType: newpatchset
Gerrit-Change-Id: I4bb2d09f23d7b77729e21060dad41c0501b17ded
Gerrit-Change-Number: 11752
Gerrit-PatchSet: 4
Gerrit-Owner: Andrew Wong 
Gerrit-Reviewer: Adar Dembo 
Gerrit-Reviewer: Andrew Wong 
Gerrit-Reviewer: Dan Burkert 
Gerrit-Reviewer: Hao Hao 
Gerrit-Reviewer: Kudu Jenkins (120)

[kudu-CR] authz: authorize ListTablets

2019-04-07 Thread Adar Dembo (Code Review)

Adar Dembo has posted comments on this change. ( 
http://gerrit.cloudera.org:8080/11752 )

Change subject: authz: authorize ListTablets
..


Patch Set 4:

(1 comment)

http://gerrit.cloudera.org:8080/#/c/11752/4/src/kudu/tserver/tablet_service.h
File src/kudu/tserver/tablet_service.h:

http://gerrit.cloudera.org:8080/#/c/11752/4/src/kudu/tserver/tablet_service.h@113
PS4, Line 113: Rather than authorizing multiple tables at
 :   // once, if enforcing access control, we require the 
super-user role and omit
 :   // checking table privileges, and authorize as a client 
otherwise.
Should we do the same for ListTables in the master? Why or why not?



--
To view, visit http://gerrit.cloudera.org:8080/11752
To unsubscribe, visit http://gerrit.cloudera.org:8080/settings

Gerrit-Project: kudu
Gerrit-Branch: master
Gerrit-MessageType: comment
Gerrit-Change-Id: I4bb2d09f23d7b77729e21060dad41c0501b17ded
Gerrit-Change-Number: 11752
Gerrit-PatchSet: 4
Gerrit-Owner: Andrew Wong 
Gerrit-Reviewer: Adar Dembo 
Gerrit-Reviewer: Andrew Wong 
Gerrit-Reviewer: Dan Burkert 
Gerrit-Reviewer: Hao Hao 
Gerrit-Reviewer: Kudu Jenkins (120)
Gerrit-Comment-Date: Mon, 08 Apr 2019 05:19:22 +
Gerrit-HasComments: Yes

[kudu-CR] authz: authorize ListTablets

2019-04-07 Thread Andrew Wong (Code Review)

Andrew Wong has posted comments on this change. ( 
http://gerrit.cloudera.org:8080/11752 )

Change subject: authz: authorize ListTablets
..


Patch Set 4:

(1 comment)

http://gerrit.cloudera.org:8080/#/c/11752/4/src/kudu/tserver/tablet_service.h
File src/kudu/tserver/tablet_service.h:

http://gerrit.cloudera.org:8080/#/c/11752/4/src/kudu/tserver/tablet_service.h@113
PS4, Line 113: Rather than authorizing multiple tables at
 :   // once, if enforcing access control, we require the 
super-user role and omit
 :   // checking table privileges, and authorize as a client 
otherwise.
> Should we do the same for ListTables in the master? Why or why not?
The rationale for why this isn't contentious here is that, as far as Kudu's 
codebase is concerned, this is used by tools only. Sure, there might be people 
using the endpoint directly, but that's quite unlikely.

This isn't the case for ListTables, which is a part of the public client API. 
I'd love for us to do this for ListTables, but it seems like a much 
higher-impact restriction. We could, and maybe that would be good enough. But 
it's less of a no-brainer IMO.



--
To view, visit http://gerrit.cloudera.org:8080/11752
To unsubscribe, visit http://gerrit.cloudera.org:8080/settings

Gerrit-Project: kudu
Gerrit-Branch: master
Gerrit-MessageType: comment
Gerrit-Change-Id: I4bb2d09f23d7b77729e21060dad41c0501b17ded
Gerrit-Change-Number: 11752
Gerrit-PatchSet: 4
Gerrit-Owner: Andrew Wong 
Gerrit-Reviewer: Adar Dembo 
Gerrit-Reviewer: Andrew Wong 
Gerrit-Reviewer: Dan Burkert 
Gerrit-Reviewer: Hao Hao 
Gerrit-Reviewer: Kudu Jenkins (120)
Gerrit-Comment-Date: Mon, 08 Apr 2019 05:53:15 +
Gerrit-HasComments: Yes

[kudu-CR] authz: authorize ListTablets

2019-04-07 Thread Andrew Wong (Code Review)

Andrew Wong has removed a vote on this change.

Change subject: authz: authorize ListTablets
..


Removed Verified-1 by Kudu Jenkins (120)
--
To view, visit http://gerrit.cloudera.org:8080/11752
To unsubscribe, visit http://gerrit.cloudera.org:8080/settings

Gerrit-Project: kudu
Gerrit-Branch: master
Gerrit-MessageType: deleteVote
Gerrit-Change-Id: I4bb2d09f23d7b77729e21060dad41c0501b17ded
Gerrit-Change-Number: 11752
Gerrit-PatchSet: 4
Gerrit-Owner: Andrew Wong 
Gerrit-Reviewer: Adar Dembo 
Gerrit-Reviewer: Andrew Wong 
Gerrit-Reviewer: Dan Burkert 
Gerrit-Reviewer: Hao Hao 
Gerrit-Reviewer: Kudu Jenkins (120)

[kudu-CR] authz: authorize ListTablets

2019-04-07 Thread Andrew Wong (Code Review)

Andrew Wong has posted comments on this change. ( 
http://gerrit.cloudera.org:8080/11752 )

Change subject: authz: authorize ListTablets
..


Patch Set 4: Verified+1

Flaky: KUDU-2718


--
To view, visit http://gerrit.cloudera.org:8080/11752
To unsubscribe, visit http://gerrit.cloudera.org:8080/settings

Gerrit-Project: kudu
Gerrit-Branch: master
Gerrit-MessageType: comment
Gerrit-Change-Id: I4bb2d09f23d7b77729e21060dad41c0501b17ded
Gerrit-Change-Number: 11752
Gerrit-PatchSet: 4
Gerrit-Owner: Andrew Wong 
Gerrit-Reviewer: Adar Dembo 
Gerrit-Reviewer: Andrew Wong 
Gerrit-Reviewer: Dan Burkert 
Gerrit-Reviewer: Hao Hao 
Gerrit-Reviewer: Kudu Jenkins (120)
Gerrit-Comment-Date: Mon, 08 Apr 2019 06:07:05 +
Gerrit-HasComments: No

[kudu-CR] authz: authorize ListTablets

2019-04-08 Thread Adar Dembo (Code Review)

Adar Dembo has posted comments on this change. ( 
http://gerrit.cloudera.org:8080/11752 )

Change subject: authz: authorize ListTablets
..


Patch Set 4: Code-Review+1

(1 comment)

http://gerrit.cloudera.org:8080/#/c/11752/4/src/kudu/tserver/tablet_service.h
File src/kudu/tserver/tablet_service.h:

http://gerrit.cloudera.org:8080/#/c/11752/4/src/kudu/tserver/tablet_service.h@113
PS4, Line 113: Rather than authorizing multiple tables at
 :   // once, if enforcing access control, we require the 
super-user role and omit
 :   // checking table privileges, and authorize as a client 
otherwise.
> The rationale for why this isn't contentious here is that, as far as Kudu's
Makes sense.



--
To view, visit http://gerrit.cloudera.org:8080/11752
To unsubscribe, visit http://gerrit.cloudera.org:8080/settings

Gerrit-Project: kudu
Gerrit-Branch: master
Gerrit-MessageType: comment
Gerrit-Change-Id: I4bb2d09f23d7b77729e21060dad41c0501b17ded
Gerrit-Change-Number: 11752
Gerrit-PatchSet: 4
Gerrit-Owner: Andrew Wong 
Gerrit-Reviewer: Adar Dembo 
Gerrit-Reviewer: Andrew Wong 
Gerrit-Reviewer: Dan Burkert 
Gerrit-Reviewer: Hao Hao 
Gerrit-Reviewer: Kudu Jenkins (120)
Gerrit-Comment-Date: Mon, 08 Apr 2019 23:37:00 +
Gerrit-HasComments: Yes

[kudu-CR] authz: authorize ListTablets

2019-04-08 Thread Hao Hao (Code Review)

Hao Hao has posted comments on this change. ( 
http://gerrit.cloudera.org:8080/11752 )

Change subject: authz: authorize ListTablets
..


Patch Set 4: Code-Review+2


--
To view, visit http://gerrit.cloudera.org:8080/11752
To unsubscribe, visit http://gerrit.cloudera.org:8080/settings

Gerrit-Project: kudu
Gerrit-Branch: master
Gerrit-MessageType: comment
Gerrit-Change-Id: I4bb2d09f23d7b77729e21060dad41c0501b17ded
Gerrit-Change-Number: 11752
Gerrit-PatchSet: 4
Gerrit-Owner: Andrew Wong 
Gerrit-Reviewer: Adar Dembo 
Gerrit-Reviewer: Alexey Serbin 
Gerrit-Reviewer: Andrew Wong 
Gerrit-Reviewer: Dan Burkert 
Gerrit-Reviewer: Hao Hao 
Gerrit-Reviewer: Kudu Jenkins (120)
Gerrit-Comment-Date: Tue, 09 Apr 2019 05:30:26 +
Gerrit-HasComments: No

[kudu-CR] authz: authorize ListTablets

2019-04-08 Thread Andrew Wong (Code Review)

Andrew Wong has submitted this change and it was merged. ( 
http://gerrit.cloudera.org:8080/11752 )

Change subject: authz: authorize ListTablets
..

authz: authorize ListTablets

See the comment in tablet_service.h for details.

Change-Id: I4bb2d09f23d7b77729e21060dad41c0501b17ded
Reviewed-on: http://gerrit.cloudera.org:8080/11752
Tested-by: Andrew Wong 
Reviewed-by: Adar Dembo 
Reviewed-by: Hao Hao 
---
M src/kudu/integration-tests/security-itest.cc
M src/kudu/tserver/tablet_service.cc
M src/kudu/tserver/tablet_service.h
M src/kudu/tserver/tserver_service.proto
4 files changed, 46 insertions(+), 1 deletion(-)

Approvals:
  Andrew Wong: Verified
  Adar Dembo: Looks good to me, but someone else must approve
  Hao Hao: Looks good to me, approved

--
To view, visit http://gerrit.cloudera.org:8080/11752
To unsubscribe, visit http://gerrit.cloudera.org:8080/settings

Gerrit-Project: kudu
Gerrit-Branch: master
Gerrit-MessageType: merged
Gerrit-Change-Id: I4bb2d09f23d7b77729e21060dad41c0501b17ded
Gerrit-Change-Number: 11752
Gerrit-PatchSet: 5
Gerrit-Owner: Andrew Wong 
Gerrit-Reviewer: Adar Dembo 
Gerrit-Reviewer: Alexey Serbin 
Gerrit-Reviewer: Andrew Wong 
Gerrit-Reviewer: Dan Burkert 
Gerrit-Reviewer: Hao Hao 
Gerrit-Reviewer: Kudu Jenkins (120)

[kudu-CR] authz: authorize ListTablets

[kudu-CR] authz: authorize ListTablets

[kudu-CR] authz: authorize ListTablets

[kudu-CR] authz: authorize ListTablets

[kudu-CR] authz: authorize ListTablets

[kudu-CR] authz: authorize ListTablets

[kudu-CR] authz: authorize ListTablets

[kudu-CR] authz: authorize ListTablets

[kudu-CR] authz: authorize ListTablets

[kudu-CR] authz: authorize ListTablets

10 matches

Site Navigation

Mail list logo

Footer information