Hello Tidy Bot, Alexey Serbin, Dan Burkert, Kudu Jenkins, Andrew Wong, Adar
Dembo,
I'd like you to reexamine a change. Please visit
http://gerrit.cloudera.org:8080/11797
to look at the new patch set (#11).
Change subject: [sentry] Integrate AuthzProvider into CatalogManager
......................................................................
[sentry] Integrate AuthzProvider into CatalogManager
This commit enables master RPC authorization enforcement by connecting
the CatalogManager to the Sentry service via the SentryAuthzProvider.
When the Sentry integration is enabled (by setting the
--sentry_service_rpc_addresses flag), DDLs such as table creation,
alteration, deletion are validated to see if the connected user has
the permission to perform such operations. Note that the coarse-grained
access control is still applied to these endpoints. A --trusted_user_acl
flag is introduced to allow the trusted user, e.g. 'impala', to skip the
authorization enforcement.
Testing: This commit adds a new integration test (master_sentry-itest)
which tests that the integration works as expected with all exposed
table operations. More coverage on DDL stress tests with Sentry
integration enabled will be in a follow up patch.
Change-Id: Iab4aa027ae6eb4520db48ce348db552c9feec2a8
---
M src/kudu/client/client-test.cc
M src/kudu/common/table_util-test.cc
M src/kudu/integration-tests/CMakeLists.txt
M src/kudu/integration-tests/alter_table-test.cc
M src/kudu/integration-tests/consistency-itest.cc
M src/kudu/integration-tests/create-table-stress-test.cc
A src/kudu/integration-tests/hms_itest-base.cc
A src/kudu/integration-tests/hms_itest-base.h
M src/kudu/integration-tests/master_hms-itest.cc
M src/kudu/integration-tests/master_sentry-itest.cc
M src/kudu/integration-tests/registration-test.cc
M src/kudu/master/CMakeLists.txt
A src/kudu/master/authz_provider.cc
M src/kudu/master/authz_provider.h
M src/kudu/master/catalog_manager.cc
M src/kudu/master/catalog_manager.h
M src/kudu/master/master-test-util.h
M src/kudu/master/master.proto
M src/kudu/master/master_service.cc
A src/kudu/master/sentry_authz_provider-test-base.h
M src/kudu/master/sentry_authz_provider-test.cc
M src/kudu/master/sentry_authz_provider.cc
M src/kudu/master/sentry_authz_provider.h
M src/kudu/sentry/mini_sentry.cc
24 files changed, 1,421 insertions(+), 460 deletions(-)
git pull ssh://gerrit.cloudera.org:29418/kudu refs/changes/97/11797/11
--
To view, visit http://gerrit.cloudera.org:8080/11797
To unsubscribe, visit http://gerrit.cloudera.org:8080/settings
Gerrit-Project: kudu
Gerrit-Branch: master
Gerrit-MessageType: newpatchset
Gerrit-Change-Id: Iab4aa027ae6eb4520db48ce348db552c9feec2a8
Gerrit-Change-Number: 11797
Gerrit-PatchSet: 11
Gerrit-Owner: Hao Hao <[email protected]>
Gerrit-Reviewer: Adar Dembo <[email protected]>
Gerrit-Reviewer: Alexey Serbin <[email protected]>
Gerrit-Reviewer: Andrew Wong <[email protected]>
Gerrit-Reviewer: Dan Burkert <[email protected]>
Gerrit-Reviewer: Hao Hao <[email protected]>
Gerrit-Reviewer: Kudu Jenkins (120)
Gerrit-Reviewer: Tidy Bot (241)
