----------------------------------------------------------- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/43233/ -----------------------------------------------------------
Review request for sentry, Colin Ma and Sravya Tirukkovalur. Repository: sentry Description ------- Currently, the sentry shell uses the java "user.name" which gives some unexpected behavior if the user is logged in via kerberos (i.e. you get error messages about your OS user when connecting to a secure sentry service). From my testing, just using the UserGroupInformation.getLoginUser() does the right thing -- if using kerberos, it gives you the kerberos user, otherwise the OS user. In addition, the error messages around kerberos are sometimes missing. For example, for a GSS initiate failure, which happens if there is kerberos ticket, you get no error message returned because the top-level exception has no error message (it's an UndeclaredThrowableException or somethign). We should follow the exception causes until we find something reasonable to print. Diffs ----- sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/generic/tools/SentryShellSolr.java b0d97cd361730a4eef234b1339b2303a9dc8af18 sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/tools/SentryShellHive.java 80c8442f0f2da38ced0795ecf1e06406f8571a93 Diff: https://reviews.apache.org/r/43233/diff/ Testing ------- Ran the shell unit tests. Thanks, Gregory Chanan
