kudu-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From ale...@apache.org
Subject [kudu] 01/03: [catalog_manager] update criterion to choose authz provider
Date Fri, 03 May 2019 18:22:09 GMT
This is an automated email from the ASF dual-hosted git repository.

alexey pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/kudu.git

commit 98d9765e0514f8753731e04bddf7789c5bf2ca64
Author: Alexey Serbin <alexey@apache.org>
AuthorDate: Thu May 2 22:05:53 2019 -0700

    [catalog_manager] update criterion to choose authz provider
    Prior to this change, the hypothetical case when Kudu master is given
    Sentry server's RPC end-point but no HMS catalog RPC end-point, the
    fine-grained authorization was not be enabled since the catalog
    manager would use DefaultAuthzProvider instead of SentryAuthzProvider
    for authz decisions.
    Code-wise, SentryAuthzProvider does not explicitly depend on the HMS
    catalog.  From that perspective, the decision whether to use
    SentryAuthzProvider or DefaultAuthzProvider for authz decisions should
    be gated only by the presence of the Sentry server's RPC end-point
    in the corresponding runtime flags.
    From the design perspective, Kudu+Sentry fine-grain authz scheme
    logically depends on the integration with HMS catalog (that's why the
    case described above is pure hypothetical one).  The logical dependency
    will be addressed in a few follow-up changelists.
    Change-Id: Iee1760a8fe6ffc9d6822db2472da5ddef78aec8d
    Reviewed-on: http://gerrit.cloudera.org:8080/13223
    Reviewed-by: Andrew Wong <awong@cloudera.com>
    Tested-by: Alexey Serbin <aserbin@cloudera.com>
 src/kudu/master/catalog_manager.cc | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/kudu/master/catalog_manager.cc b/src/kudu/master/catalog_manager.cc
index c5b9dcd..4a87f46 100644
--- a/src/kudu/master/catalog_manager.cc
+++ b/src/kudu/master/catalog_manager.cc
@@ -698,7 +698,7 @@ CatalogManager::CatalogManager(Master* master)
       leader_lock_(RWMutex::Priority::PREFER_WRITING) {
-  if (hms::HmsCatalog::IsEnabled() && SentryAuthzProvider::IsEnabled()) {
+  if (SentryAuthzProvider::IsEnabled()) {
     authz_provider_.reset(new SentryAuthzProvider(master_->metric_entity()));
   } else {
     authz_provider_.reset(new DefaultAuthzProvider);

View raw message