Re: Review Request 42933: SENTRY-1037: Handle solr shell configuration in the same manner as sentry-binding

Fri, 29 Jan 2016 10:57:18 -0800 

-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/42933/#review116984
-----------------------------------------------------------



>From this 
>(https://github.com/apache/incubator-sentry/blob/95b1e40e7062343f05e131afaea0a97bbf71ba4f/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/generic/service/thrift/SentryGenericServiceClientDefaultImpl.java#L127)
> , it looks like the client is using property "sentry.service.security.mode" 
>to get the authentication mechanism. I dont think clients should be required 
>to set this property. We should fix this in Sentry service/client if possible. 
>Where in the client did you find looking up the hadoop property?

- Sravya Tirukkovalur


On Jan. 29, 2016, 1:32 a.m., Gregory Chanan wrote:
> 
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/42933/
> -----------------------------------------------------------
> 
> (Updated Jan. 29, 2016, 1:32 a.m.)
> 
> 
> Review request for sentry.
> 
> 
> Repository: sentry
> 
> 
> Description
> -------
> 
> From the jira:
> Today, the SentryShellSolr follows the same pattern as SentryShellHive, which 
> is just getting a "new Configuration()". In order to connect to a service 
> requiring kerberos, the Configuration must have 
> "hadoop.security.authentication" set to "kerberos" since the generic client 
> uses hadoop-auth to do the authentication. But this will often not be set in 
> the context of Solr, which may not even have a hadoop-related configuration 
> around.
> 
> So, we should handle the configuration in the same way as we do for the 
> binding; namely, if the client intends to use kerberos, we set 
> "hadoop.security.authentication" to "kerberos"
> 
> 
> Diffs
> -----
> 
>   
> sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/generic/tools/SentryShellSolr.java
>  ec786a546b9def25e5b4c9d22ae5b49b79982c88 
> 
> Diff: https://reviews.apache.org/r/42933/diff/
> 
> 
> Testing
> -------
> 
> Tested on a cluster where sentry-site.xml does not specify 
> hadoop.security.authentication and there are no other Configuration files on 
> the classpath.
> 
> 
> Thanks,
> 
> Gregory Chanan
> 
>

Reply via email to