> On Oct. 21, 2014, 12:24 a.m., Prasad Mujumdar wrote: > > sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/thrift/HASentryPolicyServiceClientImpl.java, > > line 90 > > <https://reviews.apache.org/r/25980/diff/1/?file=704029#file704029line90> > > > > In secure connection the client would need the kerberos principal of > > the server. How do we handle that case ? > > Dapeng Sun wrote: > Hi Prasad, the patch had the following code in renewSentryClient > **conf.set(ServiceConstants.ClientConfig.SERVER_RPC_ADDRESS, > serverAddress.getHostName());**, and currently we get the server principal > using **serverPrincipal = SecurityUtil.getServerPrincipal(serverPrincipal, > serverAddress.getAddress());** the security related Tests are added in > SENTRY-459, do you think it's okay?
I think the issue is related to adding the correct hostname in the sentry server principal. We can discuss that in SENTRY-459 review. - Prasad ----------------------------------------------------------- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/25980/#review57483 ----------------------------------------------------------- On Oct. 27, 2014, 7:15 a.m., Dapeng Sun wrote: > > ----------------------------------------------------------- > This is an automatically generated e-mail. To reply, visit: > https://reviews.apache.org/r/25980/ > ----------------------------------------------------------- > > (Updated Oct. 27, 2014, 7:15 a.m.) > > > Review request for sentry, Arun Suresh, Lenni Kuff, Prasad Mujumdar, and > Sravya Tirukkovalur. > > > Bugs: SENTRY-464 > https://issues.apache.org/jira/browse/SENTRY-464 > > > Repository: sentry > > > Description > ------- > > * Add service register in **SentryPolicyStoreProcessor** > * Add **HASentryPolicyServiceClientImpl** as a HA implementation for > SentryPolicyServiceClient, it can select active node which registered in > Zookeeper > * Add **doOperationAndRetry** , use **SentryPolicyServiceClientDefaultImpl** > as a field, this make all HA method can reuse the same logic for retry. > ````java > private <T> T doOperationAndRetry(SentryOperation<T> sentryOption) throws > SentryUserException { > while (true) { > try { > return sentryOption.doOperation(); > } catch (SentryUserException e) { > throw e; > } catch (Exception e) { > LOGGER.warn(THRIFT_EXCEPTION_MESSAGE > + ": Error in connect current service, will retry other > service.", e); > try { > renewSentryClient(); > } catch (IOException e1) { > throw new SentryUserException(e1.getMessage(),e1.getCause()); > } > } > } > } > ```` > > > Diffs > ----- > > > sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/thrift/SentryPolicyStoreProcessor.java > b54e12e > > sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/service/thrift/HAClientInvocationHandler.java > PRE-CREATION > > sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/service/thrift/SentryService.java > 40e8a0e > > sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/service/thrift/SentryServiceClientFactory.java > 11545a5 > > sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/dbprovider/AbstractTestWithDbProvider.java > 47e01a7 > > sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/dbprovider/TestPrivilegeWithHAGrantOption.java > PRE-CREATION > > Diff: https://reviews.apache.org/r/25980/diff/ > > > Testing > ------- > > The addition UnitTest is used for test client reconnect, other UnitTest > passed in local > > > Thanks, > > Dapeng Sun > >
