-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/25555/
-----------------------------------------------------------
Review request for sentry and Brock Noland.
Bugs: SENTRY-431
https://issues.apache.org/jira/browse/SENTRY-431
Repository: sentry
Description
-------
Hive currently has a logic to renew the kerberos ticket inline during metastore
connection. The sentry DB store client is loaded via semantic hook which
happens before the metastore connection. That means if there's a long inactive
perior in HS2, the ticket will be expired and sentry connection will fail.
This patch ensures that the ticket is renewed before every new Sentry service
connection. The Hadoop UGI api used here will relogin only if less that 20%
time left on the ticket to expire.
Diffs
-----
sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/thrift/SentryPolicyServiceClient.java
6895927
Diff: https://reviews.apache.org/r/25555/diff/
Testing
-------
Manucally tested on a secure cluster
Thanks,
Prasad Mujumdar
