> On June 14, 2014, 1:07 a.m., Prasad Mujumdar wrote: > > sentry-binding/sentry-binding-hive/src/main/java/org/apache/sentry/binding/hive/authz/HiveAuthzBinding.java, > > line 172 > > <https://reviews.apache.org/r/22578/diff/4/?file=609454#file609454line172> > > > > The SET_UGI is actually applicable to non-secure connect. We don't have > > to enforce that here. > > Sravya Tirukkovalur wrote: > Oh ok, this is defaulted to true on secure clusters then? > > Sravya Tirukkovalur wrote: > I meant restricted to true on secure clusters?
It's ignored by Metastore in case of secure cluster. CM does set it by default, but it's not needed. - Prasad ----------------------------------------------------------- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/22578/#review45684 ----------------------------------------------------------- On June 13, 2014, 6:57 p.m., Sravya Tirukkovalur wrote: > > ----------------------------------------------------------- > This is an automatically generated e-mail. To reply, visit: > https://reviews.apache.org/r/22578/ > ----------------------------------------------------------- > > (Updated June 13, 2014, 6:57 p.m.) > > > Review request for sentry and Prasad Mujumdar. > > > Bugs: sentry-300 > https://issues.apache.org/jira/browse/sentry-300 > > > Repository: sentry > > > Description > ------- > > Refactored the code a little bit so that we have following checks for the > following paths: > > If request coming from HiveServer2, we make sure: > hive.server2.authentication !=none > hive.server2.enable.doAs = false > > If request coming from HiveMetastore, we make sure: > hive.metastore.sasl.enabled = true > hive.metastore.execute.setugi = true > > Also now, invalid configurations throw InvalidConfigurationException, rather > than using a dummy provider. > > > Diffs > ----- > > > sentry-binding/sentry-binding-hive/src/main/java/org/apache/sentry/binding/hive/authz/HiveAuthzBinding.java > 39f5384a059d5c2df1cbda986f9e2af727421409 > > sentry-binding/sentry-binding-hive/src/main/java/org/apache/sentry/binding/metastore/MetastoreAuthzBinding.java > 30c348845150b87cdda5f6266d7d804cc20fc39e > > sentry-binding/sentry-binding-hive/src/test/java/org/apache/sentry/binding/hive/TestHiveAuthzBindings.java > e6d790a4d09f3f5e7b019dfcbbf50d5a65ddba4d > > sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/hive/Context.java > 4985912fbf16d362107d3168d115ff92282589f3 > > sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/hive/TestServerConfiguration.java > c05bb4fa69591c4f8ce6225939fab34db5b217e1 > > Diff: https://reviews.apache.org/r/22578/diff/ > > > Testing > ------- > > Added new test cases. > > > Thanks, > > Sravya Tirukkovalur > >
