Uploaded image for project: 'Sentry'
  1. Sentry
  2. SENTRY-20

Sentry should throw an exception if testing.mode is not set on non-secure cluster

    XMLWordPrintableJSON

    Details

    • Type: Improvement
    • Status: Resolved
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: 1.2.0
    • Fix Version/s: 1.3.0
    • Component/s: None
    • Labels:
      None

      Description

      Currently, on non-Kerberized clusters, Sentry logs an error message and proceeds to block access for everybody for every operation.

      ERROR org.apache.sentry.binding.hive.authz.HiveAuthzBinding: HiveServer2 authentication method cannot be set to none unless testing mode is enabled

      When operations fail, it's not clear if it's unhappy because the policy file is not parse-able, it's a policy file permission issue, or if it doesn't like non-Kerberos clusters.

      The error message is followed by bunch of auth failure exceptions, so it's hard to see this error message. It should throw an exception instead.

        Attachments

        1. SENTRY-20.patch
          10 kB
          Shreepadma Venugopalan

          Activity

            People

            • Assignee:
              shreepadma Shreepadma Venugopalan
              Reporter:
              mohitsabharwal Mohit Sabharwal
            • Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: