-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/25520/
-----------------------------------------------------------
Review request for sentry and Brock Noland.
Bugs: SENTRY-428
https://issues.apache.org/jira/browse/SENTRY-428
Repository: sentry
Description
-------
Sentry service should periodically renew the server kerberos ticket. The patch
introduces a new thread to renew the ticket when less than 20% time left for
the ticket to expire.
Diffs
-----
sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/service/thrift/SentryKerberosContext.java
PRE-CREATION
sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/service/thrift/SentryService.java
33e51de
sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/provider/db/service/thrift/SentryMiniKdcTestcase.java
PRE-CREATION
sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/provider/db/service/thrift/TestConnectionWithTicketTimeout.java
PRE-CREATION
sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/provider/db/service/thrift/TestSentryServiceWithKerberos.java
3209ccf
sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/service/thrift/SentryServiceIntegrationBase.java
838e8d3
Diff: https://reviews.apache.org/r/25520/diff/
Testing
-------
Added a minikdc unit test to verify the timeout. The test is diabled by default
as it needs to block for few mins to simulate the timeout (miniKDC doesn't
allow setting default ticket life too low).
Manually verified in a secure cluster.
Thanks,
Prasad Mujumdar
