sentry-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From gqs...@apache.org
Subject incubator-sentry git commit: SENTRY-750: Use the Sqoop Server principal as the requester when removing the Sqoop resource (GuoquanShen, reviewed by Colin Ma)
Date Wed, 03 Jun 2015 00:44:09 GMT
Repository: incubator-sentry
Updated Branches:
  refs/heads/master 67b2146e3 -> 4d0e2e7c3


SENTRY-750: Use the Sqoop Server principal as the requester when removing the Sqoop resource
(GuoquanShen, reviewed by Colin Ma)


Project: http://git-wip-us.apache.org/repos/asf/incubator-sentry/repo
Commit: http://git-wip-us.apache.org/repos/asf/incubator-sentry/commit/4d0e2e7c
Tree: http://git-wip-us.apache.org/repos/asf/incubator-sentry/tree/4d0e2e7c
Diff: http://git-wip-us.apache.org/repos/asf/incubator-sentry/diff/4d0e2e7c

Branch: refs/heads/master
Commit: 4d0e2e7c347f5e247b553aff3ddec8524ba221f1
Parents: 67b2146
Author: Guoquan Shen <guoquan.shen@intel.com>
Authored: Wed Jun 3 08:20:19 2015 +0800
Committer: Guoquan Shen <guoquan.shen@intel.com>
Committed: Wed Jun 3 08:20:19 2015 +0800

----------------------------------------------------------------------
 .../apache/sentry/sqoop/authz/SentryAccessController.java   | 2 +-
 .../org/apache/sentry/sqoop/binding/SqoopAuthBinding.java   | 9 +++++++--
 2 files changed, 8 insertions(+), 3 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/4d0e2e7c/sentry-binding/sentry-binding-sqoop/src/main/java/org/apache/sentry/sqoop/authz/SentryAccessController.java
----------------------------------------------------------------------
diff --git a/sentry-binding/sentry-binding-sqoop/src/main/java/org/apache/sentry/sqoop/authz/SentryAccessController.java
b/sentry-binding/sentry-binding-sqoop/src/main/java/org/apache/sentry/sqoop/authz/SentryAccessController.java
index 7762f61..3d115e8 100644
--- a/sentry-binding/sentry-binding-sqoop/src/main/java/org/apache/sentry/sqoop/authz/SentryAccessController.java
+++ b/sentry-binding/sentry-binding-sqoop/src/main/java/org/apache/sentry/sqoop/authz/SentryAccessController.java
@@ -140,7 +140,7 @@ public class SentryAccessController extends AuthorizationAccessController
{
 
   @Override
   public void removeResource(MResource resource) throws SqoopException {
-    binding.dropPrivilege(getSubject(), resource);
+    binding.dropPrivilege(resource);
   }
 
   @Override

http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/4d0e2e7c/sentry-binding/sentry-binding-sqoop/src/main/java/org/apache/sentry/sqoop/binding/SqoopAuthBinding.java
----------------------------------------------------------------------
diff --git a/sentry-binding/sentry-binding-sqoop/src/main/java/org/apache/sentry/sqoop/binding/SqoopAuthBinding.java
b/sentry-binding/sentry-binding-sqoop/src/main/java/org/apache/sentry/sqoop/binding/SqoopAuthBinding.java
index 86b157c..4052e2a 100644
--- a/sentry-binding/sentry-binding-sqoop/src/main/java/org/apache/sentry/sqoop/binding/SqoopAuthBinding.java
+++ b/sentry-binding/sentry-binding-sqoop/src/main/java/org/apache/sentry/sqoop/binding/SqoopAuthBinding.java
@@ -21,6 +21,7 @@ import java.util.List;
 import java.util.Set;
 
 import org.apache.hadoop.conf.Configuration;
+import org.apache.hadoop.security.UserGroupInformation;
 import org.apache.sentry.SentryUserException;
 import org.apache.sentry.core.common.ActiveRoleSet;
 import org.apache.sentry.core.common.Authorizable;
@@ -56,6 +57,7 @@ public class SqoopAuthBinding {
   private final Configuration authConf;
   private final AuthorizationProvider authProvider;
   private final Server sqoopServer;
+  private final Subject bindingSubject;
   private ProviderBackend providerBackend;
 
   private final SqoopActionFactory actionFactory = new SqoopActionFactory();
@@ -65,6 +67,9 @@ public class SqoopAuthBinding {
     this.authConf.set(AuthzConfVars.AUTHZ_SERVER_NAME.getVar(), serverName);
     this.sqoopServer = new Server(serverName);
     this.authProvider = createAuthProvider();
+    /** The Sqoop server principal will use the binding */
+    this.bindingSubject = new Subject(UserGroupInformation.getCurrentUser()
+        .getShortUserName());
   }
 
   /**
@@ -265,7 +270,7 @@ public class SqoopAuthBinding {
     });
   }
 
-  public void dropPrivilege(final Subject subject, final MResource resource) throws SqoopException
{
+  public void dropPrivilege(final MResource resource) throws SqoopException {
     execute(new Command<Void>() {
       @Override
       public Void run(SentryGenericServiceClient client) throws Exception {
@@ -274,7 +279,7 @@ public class SqoopAuthBinding {
         privilege.setServiceName(sqoopServer.getName());
         privilege.setAuthorizables(toTSentryAuthorizable(resource));
         privilege.setAction(SqoopActionConstant.ALL);
-        client.dropPrivilege(subject.getName(), COMPONENT_TYPE, privilege);
+        client.dropPrivilege(bindingSubject.getName(), COMPONENT_TYPE, privilege);
         return null;
       }
     });


Mime
View raw message