----------------------------------------------------------- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/43233/#review118105 -----------------------------------------------------------
Ship it! Ship It! - Hao Hao On Feb. 5, 2016, 8:37 a.m., Gregory Chanan wrote: > > ----------------------------------------------------------- > This is an automatically generated e-mail. To reply, visit: > https://reviews.apache.org/r/43233/ > ----------------------------------------------------------- > > (Updated Feb. 5, 2016, 8:37 a.m.) > > > Review request for sentry, Colin Ma and Sravya Tirukkovalur. > > > Repository: sentry > > > Description > ------- > > Currently, the sentry shell uses the java "user.name" which gives some > unexpected behavior if the user is logged in via kerberos (i.e. you get error > messages about your OS user when connecting to a secure sentry service). > From my testing, just using the UserGroupInformation.getLoginUser() does the > right thing -- if using kerberos, it gives you the kerberos user, otherwise > the OS user. > > In addition, the error messages around kerberos are sometimes missing. For > example, for a GSS initiate failure, which happens if there is kerberos > ticket, you get no error message returned because the top-level exception has > no error message (it's an UndeclaredThrowableException or somethign). We > should follow the exception causes until we find something reasonable to > print. > > > Diffs > ----- > > > sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/generic/tools/SentryShellSolr.java > b0d97cd361730a4eef234b1339b2303a9dc8af18 > > sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/tools/SentryShellHive.java > 80c8442f0f2da38ced0795ecf1e06406f8571a93 > > Diff: https://reviews.apache.org/r/43233/diff/ > > > Testing > ------- > > Ran the shell unit tests. > > > Thanks, > > Gregory Chanan > >
