This is an automated email from the ASF dual-hosted git repository. alexey pushed a commit to branch master in repository https://gitbox.apache.org/repos/asf/kudu.git
commit 98d9765e0514f8753731e04bddf7789c5bf2ca64 Author: Alexey Serbin <[email protected]> AuthorDate: Thu May 2 22:05:53 2019 -0700 [catalog_manager] update criterion to choose authz provider Prior to this change, the hypothetical case when Kudu master is given Sentry server's RPC end-point but no HMS catalog RPC end-point, the fine-grained authorization was not be enabled since the catalog manager would use DefaultAuthzProvider instead of SentryAuthzProvider for authz decisions. Code-wise, SentryAuthzProvider does not explicitly depend on the HMS catalog. From that perspective, the decision whether to use SentryAuthzProvider or DefaultAuthzProvider for authz decisions should be gated only by the presence of the Sentry server's RPC end-point in the corresponding runtime flags. From the design perspective, Kudu+Sentry fine-grain authz scheme logically depends on the integration with HMS catalog (that's why the case described above is pure hypothetical one). The logical dependency will be addressed in a few follow-up changelists. Change-Id: Iee1760a8fe6ffc9d6822db2472da5ddef78aec8d Reviewed-on: http://gerrit.cloudera.org:8080/13223 Reviewed-by: Andrew Wong <[email protected]> Tested-by: Alexey Serbin <[email protected]> --- src/kudu/master/catalog_manager.cc | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/kudu/master/catalog_manager.cc b/src/kudu/master/catalog_manager.cc index c5b9dcd..4a87f46 100644 --- a/src/kudu/master/catalog_manager.cc +++ b/src/kudu/master/catalog_manager.cc @@ -698,7 +698,7 @@ CatalogManager::CatalogManager(Master* master) leader_ready_term_(-1), hms_notification_log_event_id_(-1), leader_lock_(RWMutex::Priority::PREFER_WRITING) { - if (hms::HmsCatalog::IsEnabled() && SentryAuthzProvider::IsEnabled()) { + if (SentryAuthzProvider::IsEnabled()) { authz_provider_.reset(new SentryAuthzProvider(master_->metric_entity())); } else { authz_provider_.reset(new DefaultAuthzProvider);
