Andrew Wong has posted comments on this change. ( http://gerrit.cloudera.org:8080/15416 )
Change subject: [ranger] pass 'principal' and 'keytab' to the subprocess ...................................................................... Patch Set 1: (4 comments) http://gerrit.cloudera.org:8080/#/c/15416/1/src/kudu/ranger/CMakeLists.txt File src/kudu/ranger/CMakeLists.txt: http://gerrit.cloudera.org:8080/#/c/15416/1/src/kudu/ranger/CMakeLists.txt@45 PS1, Line 45: server_process Kind of surprised to see this instead of just 'security'? Upon looking around though it seems like this is needed for the --keytab_file flag and validation. Would it work to define them in the security module and then declare them in server_base.cc as needed? http://gerrit.cloudera.org:8080/#/c/15416/1/src/kudu/ranger/ranger_client.h File src/kudu/ranger/ranger_client.h: http://gerrit.cloudera.org:8080/#/c/15416/1/src/kudu/ranger/ranger_client.h@101 PS1, Line 101: Kerberos nit: "the Kerberos principal" http://gerrit.cloudera.org:8080/#/c/15416/1/src/kudu/ranger/ranger_client.h@101 PS1, Line 101: this daemon nit: to reduce terminology we have, maybe just call this "the Ranger subprocess" http://gerrit.cloudera.org:8080/#/c/15416/1/src/kudu/ranger/ranger_client.cc File src/kudu/ranger/ranger_client.cc: http://gerrit.cloudera.org:8080/#/c/15416/1/src/kudu/ranger/ranger_client.cc@354 PS1, Line 354: ignore_result Usually ignore_result() signifies that we don't care about the result of the call. In this case, we _should_ care about the result, right? Otherwise the first sign of failure would be the Java process crashing, unable to login with the principal, which seems much more troublesome to debug than failing here. -- To view, visit http://gerrit.cloudera.org:8080/15416 To unsubscribe, visit http://gerrit.cloudera.org:8080/settings Gerrit-Project: kudu Gerrit-Branch: master Gerrit-MessageType: comment Gerrit-Change-Id: Ie30b835b6d44ddb51d95c587f1329bfefebeb37c Gerrit-Change-Number: 15416 Gerrit-PatchSet: 1 Gerrit-Owner: Hao Hao <[email protected]> Gerrit-Reviewer: Adar Dembo <[email protected]> Gerrit-Reviewer: Andrew Wong <[email protected]> Gerrit-Reviewer: Hao Hao <[email protected]> Gerrit-Reviewer: Kudu Jenkins (120) Gerrit-Comment-Date: Thu, 12 Mar 2020 01:41:45 +0000 Gerrit-HasComments: Yes
