[kudu-CR] WIP [master] introduced SentryPrivilegesFetcher

Wed, 03 Apr 2019 23:27:51 -0700 

Hello Tidy Bot, Kudu Jenkins, Andrew Wong, Adar Dembo, Hao Hao,

I'd like you to reexamine a change. Please visit

    http://gerrit.cloudera.org:8080/12833

to look at the new patch set (#8).

Change subject: WIP [master] introduced SentryPrivilegesFetcher
......................................................................

WIP [master] introduced SentryPrivilegesFetcher

This patch incorporates a TTL-based cache into the data paths
of SentryAuthzProvider.  As of now, the cache stores raw responses
received from Sentry.  It's possible to enable or disable caching
upon creation of SentryAuthzProvider instance: set the newly introduced
`--sentry_authz_cache_capacity_mb` command-line flag to 0 to disable
caching of authz privilege information returned from Sentry.

In addition, it's possible to force the cache to fetch and cache
information from broader levels of Sentry's authz hierarchy: use the
`--sentry_authz_cache_finest_scope` flag for that.

WIP
  * clarify on --sentry_authz_cache_finest_scope: do we need it
    or we are going to use some other approach
  * proper sanitization of Sentry responses (comes from Andrew's patch?)
  * cache processed and sanitized info, not raw Sentry responses
  * to add tests specific to SentryPrivilegesFetcher

Change-Id: Idaefacd50736f1f152dae34e76778e17b2e84cbe
---
M src/kudu/integration-tests/master_sentry-itest.cc
M src/kudu/master/CMakeLists.txt
M src/kudu/master/catalog_manager.cc
M src/kudu/master/default_authz_provider.h
M src/kudu/master/sentry_authz_provider-test.cc
M src/kudu/master/sentry_authz_provider.cc
M src/kudu/master/sentry_authz_provider.h
A src/kudu/master/sentry_privileges_cache_metrics.cc
A src/kudu/master/sentry_privileges_cache_metrics.h
A src/kudu/master/sentry_privileges_fetcher.cc
A src/kudu/master/sentry_privileges_fetcher.h
M src/kudu/sentry/sentry_authorizable_scope.cc
12 files changed, 1,121 insertions(+), 304 deletions(-)


  git pull ssh://gerrit.cloudera.org:29418/kudu refs/changes/33/12833/8
--
To view, visit http://gerrit.cloudera.org:8080/12833
To unsubscribe, visit http://gerrit.cloudera.org:8080/settings

Gerrit-Project: kudu
Gerrit-Branch: master
Gerrit-MessageType: newpatchset
Gerrit-Change-Id: Idaefacd50736f1f152dae34e76778e17b2e84cbe
Gerrit-Change-Number: 12833
Gerrit-PatchSet: 8
Gerrit-Owner: Alexey Serbin <[email protected]>
Gerrit-Reviewer: Adar Dembo <[email protected]>
Gerrit-Reviewer: Alexey Serbin <[email protected]>
Gerrit-Reviewer: Andrew Wong <[email protected]>
Gerrit-Reviewer: Hao Hao <[email protected]>
Gerrit-Reviewer: Kudu Jenkins (120)
Gerrit-Reviewer: Tidy Bot (241)

Reply via email to