Re: Review Request 69841: SENTRY-2486: Wrong user name when sentry HMSFollower gets full snapshot from HMS at insecure mode
--- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/69841/#review212389 --- Ship it! Ship It! - Arjun Mishra On Jan. 28, 2019, 6:55 p.m., Na Li wrote: > > --- > This is an automatically generated e-mail. To reply, visit: > https://reviews.apache.org/r/69841/ > --- > > (Updated Jan. 28, 2019, 6:55 p.m.) > > > Review request for sentry, Arjun Mishra, Haley Reeve, and kalyan kumar > kalvagadda. > > > Bugs: sentry-2486 > https://issues.apache.org/jira/browse/sentry-2486 > > > Repository: sentry > > > Description > --- > > In insecure mode, the current login user name is passed from Sentry to HMS > server when sentry HMSFollower gets full snapshot from HMS. > > The user name should be "sentry" instead of current login user. > > This issue should not happen in production because secure mode is always > used. Insecure mode is only used in test. > > > Diffs > - > > > sentry-service/sentry-service-server/src/main/java/org/apache/sentry/service/thrift/HiveSimpleConnectionFactory.java > 31e58fd > > sentry-service/sentry-service-server/src/test/java/org/apache/sentry/provider/db/service/persistent/TestHMSFollower.java > 0d62941 > > sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/hdfs/TestHDFSIntegrationBase.java > 47f7466 > > > Diff: https://reviews.apache.org/r/69841/diff/2/ > > > Testing > --- > > Tested manually and verified the user name now is "sentry" when sentry > HMSFollower gets notifications from HMS server > > > Thanks, > > Na Li > >
Re: Review Request 69841: SENTRY-2486: Wrong user name when sentry HMSFollower gets full snapshot from HMS at insecure mode
--- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/69841/#review212388 --- Looks good. Wiating for the tests to pass to give a +2. - kalyan kumar kalvagadda On Jan. 28, 2019, 6:55 p.m., Na Li wrote: > > --- > This is an automatically generated e-mail. To reply, visit: > https://reviews.apache.org/r/69841/ > --- > > (Updated Jan. 28, 2019, 6:55 p.m.) > > > Review request for sentry, Arjun Mishra, Haley Reeve, and kalyan kumar > kalvagadda. > > > Bugs: sentry-2486 > https://issues.apache.org/jira/browse/sentry-2486 > > > Repository: sentry > > > Description > --- > > In insecure mode, the current login user name is passed from Sentry to HMS > server when sentry HMSFollower gets full snapshot from HMS. > > The user name should be "sentry" instead of current login user. > > This issue should not happen in production because secure mode is always > used. Insecure mode is only used in test. > > > Diffs > - > > > sentry-service/sentry-service-server/src/main/java/org/apache/sentry/service/thrift/HiveSimpleConnectionFactory.java > 31e58fd > > sentry-service/sentry-service-server/src/test/java/org/apache/sentry/provider/db/service/persistent/TestHMSFollower.java > 0d62941 > > sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/hdfs/TestHDFSIntegrationBase.java > 47f7466 > > > Diff: https://reviews.apache.org/r/69841/diff/2/ > > > Testing > --- > > Tested manually and verified the user name now is "sentry" when sentry > HMSFollower gets notifications from HMS server > > > Thanks, > > Na Li > >
Re: Review Request 69841: SENTRY-2486: Wrong user name when sentry HMSFollower gets full snapshot from HMS at insecure mode
--- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/69841/ --- (Updated Jan. 28, 2019, 6:55 p.m.) Review request for sentry, Arjun Mishra, Haley Reeve, and kalyan kumar kalvagadda. Bugs: sentry-2486 https://issues.apache.org/jira/browse/sentry-2486 Repository: sentry Description --- In insecure mode, the current login user name is passed from Sentry to HMS server when sentry HMSFollower gets full snapshot from HMS. The user name should be "sentry" instead of current login user. This issue should not happen in production because secure mode is always used. Insecure mode is only used in test. Diffs (updated) - sentry-service/sentry-service-server/src/main/java/org/apache/sentry/service/thrift/HiveSimpleConnectionFactory.java 31e58fd sentry-service/sentry-service-server/src/test/java/org/apache/sentry/provider/db/service/persistent/TestHMSFollower.java 0d62941 sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/hdfs/TestHDFSIntegrationBase.java 47f7466 Diff: https://reviews.apache.org/r/69841/diff/2/ Changes: https://reviews.apache.org/r/69841/diff/1-2/ Testing --- Tested manually and verified the user name now is "sentry" when sentry HMSFollower gets notifications from HMS server Thanks, Na Li
Re: Review Request 69841: SENTRY-2486: Wrong user name when sentry HMSFollower gets full snapshot from HMS at insecure mode
> On Jan. 28, 2019, 1:55 a.m., kalyan kumar kalvagadda wrote:
> > Idea here is to make sure that hive client knows the details of the user
> > who is sending the request. In this specific case, hive should know the
> > details of the user who running sentry service. Using
> > sentry.service.server.principal and entry.service.realm doesn’t seem
> > correct.
> >
> >
> > I have a thought.
> > ```
> > public HMSClient connect() throws IOException, InterruptedException,
> > MetaException
> > {?
> > UserGroupInformation clientUGI = null;
> > if (insecure) {?
> > clientUGI = UserGroupInformation.getCurrentUser();?
> > } else {?
> > clientUGI =
> > UserGroupInformation.getUGIFromSubject(kerberosContext.getSubject());?
> > }?
> > return new HMSClient(clientUGI.doAs(new
> > PrivilegedExceptionAction()
> > {?
> > @Override?
> > public HiveMetaStoreClient run() throws MetaException {?
> >return new HiveMetaStoreClient(hiveConf);?
> >}?
> > }));
> > }
> >
> > ```
> > All you have additionally do is change the tests to run sentry server as
> > user “sentry”.
> >
> > Here is the sample code. I have tested it locally.
>
> Na Li wrote:
> HiveSimpleConnectionFactory is used by HMSFollower to get notifications
> from HMS server. It is not used for any other purposes in Sentry.
>
> If we following your suggestion, the user will be the login user, it
> could be "root" for one run, and "jenkins" for another run. How to make sure
> fetching notification from sentry works in your suggested approach?
>
> That is why I have this solution here. Make sure the user is "sentry" in
> insecured mode, and add "sentry" as services in HMS server.
>
> kalyan kumar kalvagadda wrote:
> Lina, Idea is to use the UserGroupInformation.getCurrentUser(). Please
> look at the patch i sugessted. All you have to do is perform doAs() while
> starting the service. I have sent you details offline.
>
> What you are suggesting will effect the users who are using sentry in non
> secure mode. Approach that i'm usggesting will address the issues with the
> tests and not change the behavior.
>
> Na Li wrote:
> Kalyan, your suggestion is the current code behavior without my code
> change.
>
> 1) Do you agree that when sentry HMS follower gets notification, the user
> name should be "sentry" instead of your name, or my name?
> 2) If you agree above, then your suggestion of using
> "UserGroupInformation.getCurrentUser()" won't work because it returns current
> login name, which is your name when you run the test, and my name if I run
> the test, or Jenkins name name if it runs on build machine.
> 3) When we have read authorization, HMS needs to check if the user has
> read access to the metadata or if user is service users.
> 3.1) If your approach is used, how do we write a test for read
> authorization? We don't know what user name to configure as service user, or
> give read access.
> 3.2) If my approach is used, we can add "sentry" as service user in test
> to pass read authorization, and sentry can get notifications
Thanks! I have updated according to your suggestion: change caller of the
HiveSimpleConnectionFactory
- Na
---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/69841/#review212365
---
On Jan. 25, 2019, 9:07 p.m., Na Li wrote:
>
> ---
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/69841/
> ---
>
> (Updated Jan. 25, 2019, 9:07 p.m.)
>
>
> Review request for sentry, Arjun Mishra, Haley Reeve, and kalyan kumar
> kalvagadda.
>
>
> Bugs: sentry-2486
> https://issues.apache.org/jira/browse/sentry-2486
>
>
> Repository: sentry
>
>
> Description
> ---
>
> In insecure mode, the current login user name is passed from Sentry to HMS
> server when sentry HMSFollower gets full snapshot from HMS.
>
> The user name should be "sentry" instead of current login user.
>
> This issue should not happen in production because secure mode is always
> used. Insecure mode is only used in test.
>
>
> Diffs
> -
>
>
> sentry-service/sentry-service-server/src/main/java/org/apache/sentry/service/thrift/HiveSimpleConnectionFactory.java
> 31e58fd
>
> sentry-service/sentry-service-server/src/test/java/org/apache/sentry/provider/db/service/persistent/TestHMSFollower.java
> 0d62941
>
> sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/hdfs/TestHDFSIntegrationBase.java
> 47f7466
>
>
> Diff: https://reviews.apache.org/r/69841/diff/1/
>
>
> Testing
> ---
>
> Tested manually and verified the user name now is "sentry" when sentry
>
Re: Review Request 69841: SENTRY-2486: Wrong user name when sentry HMSFollower gets full snapshot from HMS at insecure mode
> On Jan. 28, 2019, 1:55 a.m., kalyan kumar kalvagadda wrote:
> > Idea here is to make sure that hive client knows the details of the user
> > who is sending the request. In this specific case, hive should know the
> > details of the user who running sentry service. Using
> > sentry.service.server.principal and entry.service.realm doesn’t seem
> > correct.
> >
> >
> > I have a thought.
> > ```
> > public HMSClient connect() throws IOException, InterruptedException,
> > MetaException
> > {?
> > UserGroupInformation clientUGI = null;
> > if (insecure) {?
> > clientUGI = UserGroupInformation.getCurrentUser();?
> > } else {?
> > clientUGI =
> > UserGroupInformation.getUGIFromSubject(kerberosContext.getSubject());?
> > }?
> > return new HMSClient(clientUGI.doAs(new
> > PrivilegedExceptionAction()
> > {?
> > @Override?
> > public HiveMetaStoreClient run() throws MetaException {?
> >return new HiveMetaStoreClient(hiveConf);?
> >}?
> > }));
> > }
> >
> > ```
> > All you have additionally do is change the tests to run sentry server as
> > user “sentry”.
> >
> > Here is the sample code. I have tested it locally.
>
> Na Li wrote:
> HiveSimpleConnectionFactory is used by HMSFollower to get notifications
> from HMS server. It is not used for any other purposes in Sentry.
>
> If we following your suggestion, the user will be the login user, it
> could be "root" for one run, and "jenkins" for another run. How to make sure
> fetching notification from sentry works in your suggested approach?
>
> That is why I have this solution here. Make sure the user is "sentry" in
> insecured mode, and add "sentry" as services in HMS server.
>
> kalyan kumar kalvagadda wrote:
> Lina, Idea is to use the UserGroupInformation.getCurrentUser(). Please
> look at the patch i sugessted. All you have to do is perform doAs() while
> starting the service. I have sent you details offline.
>
> What you are suggesting will effect the users who are using sentry in non
> secure mode. Approach that i'm usggesting will address the issues with the
> tests and not change the behavior.
Kalyan, your suggestion is the current code behavior without my code change.
1) Do you agree that when sentry HMS follower gets notification, the user name
should be "sentry" instead of your name, or my name?
2) If you agree above, then your suggestion of using
"UserGroupInformation.getCurrentUser()" won't work because it returns current
login name, which is your name when you run the test, and my name if I run the
test, or Jenkins name name if it runs on build machine.
3) When we have read authorization, HMS needs to check if the user has read
access to the metadata or if user is service users.
3.1) If your approach is used, how do we write a test for read authorization?
We don't know what user name to configure as service user, or give read access.
3.2) If my approach is used, we can add "sentry" as service user in test to
pass read authorization, and sentry can get notifications
- Na
---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/69841/#review212365
---
On Jan. 25, 2019, 9:07 p.m., Na Li wrote:
>
> ---
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/69841/
> ---
>
> (Updated Jan. 25, 2019, 9:07 p.m.)
>
>
> Review request for sentry, Arjun Mishra, Haley Reeve, and kalyan kumar
> kalvagadda.
>
>
> Bugs: sentry-2486
> https://issues.apache.org/jira/browse/sentry-2486
>
>
> Repository: sentry
>
>
> Description
> ---
>
> In insecure mode, the current login user name is passed from Sentry to HMS
> server when sentry HMSFollower gets full snapshot from HMS.
>
> The user name should be "sentry" instead of current login user.
>
> This issue should not happen in production because secure mode is always
> used. Insecure mode is only used in test.
>
>
> Diffs
> -
>
>
> sentry-service/sentry-service-server/src/main/java/org/apache/sentry/service/thrift/HiveSimpleConnectionFactory.java
> 31e58fd
>
> sentry-service/sentry-service-server/src/test/java/org/apache/sentry/provider/db/service/persistent/TestHMSFollower.java
> 0d62941
>
> sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/hdfs/TestHDFSIntegrationBase.java
> 47f7466
>
>
> Diff: https://reviews.apache.org/r/69841/diff/1/
>
>
> Testing
> ---
>
> Tested manually and verified the user name now is "sentry" when sentry
> HMSFollower gets notifications from HMS server
>
>
> Thanks,
>
> Na Li
>
>
Re: Review Request 69841: SENTRY-2486: Wrong user name when sentry HMSFollower gets full snapshot from HMS at insecure mode
> On Jan. 28, 2019, 1:55 a.m., kalyan kumar kalvagadda wrote:
> > Idea here is to make sure that hive client knows the details of the user
> > who is sending the request. In this specific case, hive should know the
> > details of the user who running sentry service. Using
> > sentry.service.server.principal and entry.service.realm doesn’t seem
> > correct.
> >
> >
> > I have a thought.
> > ```
> > public HMSClient connect() throws IOException, InterruptedException,
> > MetaException
> > {?
> > UserGroupInformation clientUGI = null;
> > if (insecure) {?
> > clientUGI = UserGroupInformation.getCurrentUser();?
> > } else {?
> > clientUGI =
> > UserGroupInformation.getUGIFromSubject(kerberosContext.getSubject());?
> > }?
> > return new HMSClient(clientUGI.doAs(new
> > PrivilegedExceptionAction()
> > {?
> > @Override?
> > public HiveMetaStoreClient run() throws MetaException {?
> >return new HiveMetaStoreClient(hiveConf);?
> >}?
> > }));
> > }
> >
> > ```
> > All you have additionally do is change the tests to run sentry server as
> > user “sentry”.
> >
> > Here is the sample code. I have tested it locally.
>
> Na Li wrote:
> HiveSimpleConnectionFactory is used by HMSFollower to get notifications
> from HMS server. It is not used for any other purposes in Sentry.
>
> If we following your suggestion, the user will be the login user, it
> could be "root" for one run, and "jenkins" for another run. How to make sure
> fetching notification from sentry works in your suggested approach?
>
> That is why I have this solution here. Make sure the user is "sentry" in
> insecured mode, and add "sentry" as services in HMS server.
Lina, Idea is to use the UserGroupInformation.getCurrentUser(). Please look at
the patch i sugessted. All you have to do is perform doAs() while starting the
service. I have sent you details offline.
What you are suggesting will effect the users who are using sentry in non
secure mode. Approach that i'm usggesting will address the issues with the
tests and not change the behavior.
- kalyan kumar
---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/69841/#review212365
---
On Jan. 25, 2019, 9:07 p.m., Na Li wrote:
>
> ---
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/69841/
> ---
>
> (Updated Jan. 25, 2019, 9:07 p.m.)
>
>
> Review request for sentry, Arjun Mishra, Haley Reeve, and kalyan kumar
> kalvagadda.
>
>
> Bugs: sentry-2486
> https://issues.apache.org/jira/browse/sentry-2486
>
>
> Repository: sentry
>
>
> Description
> ---
>
> In insecure mode, the current login user name is passed from Sentry to HMS
> server when sentry HMSFollower gets full snapshot from HMS.
>
> The user name should be "sentry" instead of current login user.
>
> This issue should not happen in production because secure mode is always
> used. Insecure mode is only used in test.
>
>
> Diffs
> -
>
>
> sentry-service/sentry-service-server/src/main/java/org/apache/sentry/service/thrift/HiveSimpleConnectionFactory.java
> 31e58fd
>
> sentry-service/sentry-service-server/src/test/java/org/apache/sentry/provider/db/service/persistent/TestHMSFollower.java
> 0d62941
>
> sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/hdfs/TestHDFSIntegrationBase.java
> 47f7466
>
>
> Diff: https://reviews.apache.org/r/69841/diff/1/
>
>
> Testing
> ---
>
> Tested manually and verified the user name now is "sentry" when sentry
> HMSFollower gets notifications from HMS server
>
>
> Thanks,
>
> Na Li
>
>
Re: Review Request 69841: SENTRY-2486: Wrong user name when sentry HMSFollower gets full snapshot from HMS at insecure mode
> On Jan. 28, 2019, 1:55 a.m., kalyan kumar kalvagadda wrote:
> > Idea here is to make sure that hive client knows the details of the user
> > who is sending the request. In this specific case, hive should know the
> > details of the user who running sentry service. Using
> > sentry.service.server.principal and entry.service.realm doesn’t seem
> > correct.
> >
> >
> > I have a thought.
> > ```
> > public HMSClient connect() throws IOException, InterruptedException,
> > MetaException
> > {?
> > UserGroupInformation clientUGI = null;
> > if (insecure) {?
> > clientUGI = UserGroupInformation.getCurrentUser();?
> > } else {?
> > clientUGI =
> > UserGroupInformation.getUGIFromSubject(kerberosContext.getSubject());?
> > }?
> > return new HMSClient(clientUGI.doAs(new
> > PrivilegedExceptionAction()
> > {?
> > @Override?
> > public HiveMetaStoreClient run() throws MetaException {?
> >return new HiveMetaStoreClient(hiveConf);?
> >}?
> > }));
> > }
> >
> > ```
> > All you have additionally do is change the tests to run sentry server as
> > user “sentry”.
> >
> > Here is the sample code. I have tested it locally.
HiveSimpleConnectionFactory is used by HMSFollower to get notifications from
HMS server. It is not used for any other purposes in Sentry.
If we following your suggestion, the user will be the login user, it could be
"root" for one run, and "jenkins" for another run. How to make sure fetching
notification from sentry works in your suggested approach?
That is why I have this solution here. Make sure the user is "sentry" in
insecured mode, and add "sentry" as services in HMS server.
- Na
---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/69841/#review212365
---
On Jan. 25, 2019, 9:07 p.m., Na Li wrote:
>
> ---
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/69841/
> ---
>
> (Updated Jan. 25, 2019, 9:07 p.m.)
>
>
> Review request for sentry, Arjun Mishra, Haley Reeve, and kalyan kumar
> kalvagadda.
>
>
> Bugs: sentry-2486
> https://issues.apache.org/jira/browse/sentry-2486
>
>
> Repository: sentry
>
>
> Description
> ---
>
> In insecure mode, the current login user name is passed from Sentry to HMS
> server when sentry HMSFollower gets full snapshot from HMS.
>
> The user name should be "sentry" instead of current login user.
>
> This issue should not happen in production because secure mode is always
> used. Insecure mode is only used in test.
>
>
> Diffs
> -
>
>
> sentry-service/sentry-service-server/src/main/java/org/apache/sentry/service/thrift/HiveSimpleConnectionFactory.java
> 31e58fd
>
> sentry-service/sentry-service-server/src/test/java/org/apache/sentry/provider/db/service/persistent/TestHMSFollower.java
> 0d62941
>
> sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/hdfs/TestHDFSIntegrationBase.java
> 47f7466
>
>
> Diff: https://reviews.apache.org/r/69841/diff/1/
>
>
> Testing
> ---
>
> Tested manually and verified the user name now is "sentry" when sentry
> HMSFollower gets notifications from HMS server
>
>
> Thanks,
>
> Na Li
>
>
Re: Review Request 69841: SENTRY-2486: Wrong user name when sentry HMSFollower gets full snapshot from HMS at insecure mode
---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/69841/#review212365
---
Idea here is to make sure that hive client knows the details of the user who is
sending the request. In this specific case, hive should know the details of the
user who running sentry service. Using sentry.service.server.principal and
entry.service.realm doesn’t seem correct.
I have a thought.
```
public HMSClient connect() throws IOException, InterruptedException,
MetaException
{?
UserGroupInformation clientUGI = null;
if (insecure) {?
clientUGI = UserGroupInformation.getCurrentUser();?
} else {?
clientUGI =
UserGroupInformation.getUGIFromSubject(kerberosContext.getSubject());?
}?
return new HMSClient(clientUGI.doAs(new
PrivilegedExceptionAction()
{?
@Override?
public HiveMetaStoreClient run() throws MetaException {?
return new HiveMetaStoreClient(hiveConf);?
}?
}));
}
```
All you have additionally do is change the tests to run sentry server as user
“sentry”.
Here is the sample code. I have tested it locally.
- kalyan kumar kalvagadda
On Jan. 25, 2019, 9:07 p.m., Na Li wrote:
>
> ---
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/69841/
> ---
>
> (Updated Jan. 25, 2019, 9:07 p.m.)
>
>
> Review request for sentry, Arjun Mishra, Haley Reeve, and kalyan kumar
> kalvagadda.
>
>
> Bugs: sentry-2486
> https://issues.apache.org/jira/browse/sentry-2486
>
>
> Repository: sentry
>
>
> Description
> ---
>
> In insecure mode, the current login user name is passed from Sentry to HMS
> server when sentry HMSFollower gets full snapshot from HMS.
>
> The user name should be "sentry" instead of current login user.
>
> This issue should not happen in production because secure mode is always
> used. Insecure mode is only used in test.
>
>
> Diffs
> -
>
>
> sentry-service/sentry-service-server/src/main/java/org/apache/sentry/service/thrift/HiveSimpleConnectionFactory.java
> 31e58fd
>
> sentry-service/sentry-service-server/src/test/java/org/apache/sentry/provider/db/service/persistent/TestHMSFollower.java
> 0d62941
>
> sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/hdfs/TestHDFSIntegrationBase.java
> 47f7466
>
>
> Diff: https://reviews.apache.org/r/69841/diff/1/
>
>
> Testing
> ---
>
> Tested manually and verified the user name now is "sentry" when sentry
> HMSFollower gets notifications from HMS server
>
>
> Thanks,
>
> Na Li
>
>
Review Request 69841: SENTRY-2486: Wrong user name when sentry HMSFollower gets full snapshot from HMS at insecure mode
--- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/69841/ --- Review request for sentry, Arjun Mishra, Haley Reeve, and kalyan kumar kalvagadda. Bugs: sentry-2486 https://issues.apache.org/jira/browse/sentry-2486 Repository: sentry Description --- In insecure mode, the current login user name is passed from Sentry to HMS server when sentry HMSFollower gets full snapshot from HMS. The user name should be "sentry" instead of current login user. This issue should not happen in production because secure mode is always used. Insecure mode is only used in test. Diffs - sentry-service/sentry-service-server/src/main/java/org/apache/sentry/service/thrift/HiveSimpleConnectionFactory.java 31e58fd sentry-service/sentry-service-server/src/test/java/org/apache/sentry/provider/db/service/persistent/TestHMSFollower.java 0d62941 sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/hdfs/TestHDFSIntegrationBase.java 47f7466 Diff: https://reviews.apache.org/r/69841/diff/1/ Testing --- Tested manually and verified the user name now is "sentry" when sentry HMSFollower gets notifications from HMS server Thanks, Na Li
