Hao Hao has posted comments on this change. ( http://gerrit.cloudera.org:8080/15414 )
Change subject: [java] fix Kudu Ranger plugin when Ranger is Kerberized ...................................................................... Patch Set 3: (6 comments) http://gerrit.cloudera.org:8080/#/c/15414/2//COMMIT_MSG Commit Message: PS2: > I think the commit description to clarify that we're talking about a _Kerbe Done http://gerrit.cloudera.org:8080/#/c/15414/2/java/kudu-subprocess/src/main/java/org/apache/kudu/subprocess/SubprocessConfiguration.java File java/kudu-subprocess/src/main/java/org/apache/kudu/subprocess/SubprocessConfiguration.java: http://gerrit.cloudera.org:8080/#/c/15414/2/java/kudu-subprocess/src/main/java/org/apache/kudu/subprocess/SubprocessConfiguration.java@40 PS2, Line 40: KEYTAB_ > Nit: KEYTAB Done http://gerrit.cloudera.org:8080/#/c/15414/2/java/kudu-subprocess/src/main/java/org/apache/kudu/subprocess/ranger/RangerProtocolHandler.java File java/kudu-subprocess/src/main/java/org/apache/kudu/subprocess/ranger/RangerProtocolHandler.java: http://gerrit.cloudera.org:8080/#/c/15414/2/java/kudu-subprocess/src/main/java/org/apache/kudu/subprocess/ranger/RangerProtocolHandler.java@47 PS2, Line 47: authz.init(kuduPrincipal, keytab); > Yeah I think we should decouple this module from Kerberization, since using Right. Although I added the null check because 'kuduPrincipal' and 'keytab' will be set to empty by SubprocessConfiguration as default. But yeah I think it is better not to rely on that. So removed it. http://gerrit.cloudera.org:8080/#/c/15414/2/java/kudu-subprocess/src/main/java/org/apache/kudu/subprocess/ranger/authorization/RangerKuduAuthorizer.java File java/kudu-subprocess/src/main/java/org/apache/kudu/subprocess/ranger/authorization/RangerKuduAuthorizer.java: http://gerrit.cloudera.org:8080/#/c/15414/2/java/kudu-subprocess/src/main/java/org/apache/kudu/subprocess/ranger/authorization/RangerKuduAuthorizer.java@78 PS2, Line 78: f (kuduPrincipal == > Can you elaborate on what this means in terms of configuration? Is this det Done http://gerrit.cloudera.org:8080/#/c/15414/2/java/kudu-subprocess/src/main/java/org/apache/kudu/subprocess/ranger/authorization/RangerKuduAuthorizer.java@80 PS2, Line 80: throw new KuduSubprocessException("Kudu principal and Keytab file must be " + > In the case kerberos isn't enabled should we let the principle and keytab b I added the null check because 'kuduPrincipal' and 'keytab' will be set to empty by SubprocessConfiguration as default. But yeah I think it is better not to rely on that. Updated. http://gerrit.cloudera.org:8080/#/c/15414/2/java/kudu-subprocess/src/main/java/org/apache/kudu/subprocess/ranger/authorization/RangerKuduAuthorizer.java@88 PS2, Line 88: } catch (IOException e) { > You shouldn't need this given there in no expensive computation in the if s Done -- To view, visit http://gerrit.cloudera.org:8080/15414 To unsubscribe, visit http://gerrit.cloudera.org:8080/settings Gerrit-Project: kudu Gerrit-Branch: master Gerrit-MessageType: comment Gerrit-Change-Id: Ibe043293ea9cc1c2f43a331603dc1e3b36ff6ae0 Gerrit-Change-Number: 15414 Gerrit-PatchSet: 3 Gerrit-Owner: Hao Hao <[email protected]> Gerrit-Reviewer: Adar Dembo <[email protected]> Gerrit-Reviewer: Andrew Wong <[email protected]> Gerrit-Reviewer: Grant Henke <[email protected]> Gerrit-Reviewer: Hao Hao <[email protected]> Gerrit-Reviewer: Kudu Jenkins (120) Gerrit-Comment-Date: Sat, 14 Mar 2020 18:50:42 +0000 Gerrit-HasComments: Yes
