You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@sentry.apache.org by pr...@apache.org on 2013/09/27 09:30:43 UTC
git commit: SENTRY-20: Sentry should throw an exception if
testing.mode is not set on non-secure cluster (Shreepadma Venugopalan vi
Prasad Mujumdar)
Updated Branches:
refs/heads/master 3ce50d56c -> 055e0146f
SENTRY-20: Sentry should throw an exception if testing.mode is not set on non-secure cluster (Shreepadma Venugopalan vi Prasad Mujumdar)
Project: http://git-wip-us.apache.org/repos/asf/incubator-sentry/repo
Commit: http://git-wip-us.apache.org/repos/asf/incubator-sentry/commit/055e0146
Tree: http://git-wip-us.apache.org/repos/asf/incubator-sentry/tree/055e0146
Diff: http://git-wip-us.apache.org/repos/asf/incubator-sentry/diff/055e0146
Branch: refs/heads/master
Commit: 055e0146f83522a4668c2d20a04e7ba67dad085a
Parents: 3ce50d5
Author: Prasad Mujumdar <pr...@cloudera.com>
Authored: Mon Sep 23 23:22:27 2013 -0700
Committer: Prasad Mujumdar <pr...@cloudera.com>
Committed: Mon Sep 23 23:22:27 2013 -0700
----------------------------------------------------------------------
.../binding/hive/authz/HiveAuthzBinding.java | 7 ++++---
.../sentry/binding/hive/conf/HiveAuthzConf.java | 6 +++---
.../conf/InvalidConfigurationException.java | 15 ++++++++++++++
.../binding/hive/TestHiveAuthzBindings.java | 21 +++++++++++++++++---
.../e2e/hive/hiveserver/HiveServerFactory.java | 2 +-
5 files changed, 41 insertions(+), 10 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/055e0146/sentry-binding/sentry-binding-hive/src/main/java/org/apache/sentry/binding/hive/authz/HiveAuthzBinding.java
----------------------------------------------------------------------
diff --git a/sentry-binding/sentry-binding-hive/src/main/java/org/apache/sentry/binding/hive/authz/HiveAuthzBinding.java b/sentry-binding/sentry-binding-hive/src/main/java/org/apache/sentry/binding/hive/authz/HiveAuthzBinding.java
index 5190ba6..542b22c 100644
--- a/sentry-binding/sentry-binding-hive/src/main/java/org/apache/sentry/binding/hive/authz/HiveAuthzBinding.java
+++ b/sentry-binding/sentry-binding-hive/src/main/java/org/apache/sentry/binding/hive/authz/HiveAuthzBinding.java
@@ -17,6 +17,7 @@
package org.apache.sentry.binding.hive.authz;
import java.lang.reflect.Constructor;
+
import java.util.EnumSet;
import java.util.List;
import java.util.Map;
@@ -41,6 +42,7 @@ import org.apache.sentry.core.Subject;
import org.apache.sentry.core.Authorizable.AuthorizableType;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
+import org.apache.sentry.binding.hive.conf.InvalidConfigurationException;
import com.google.common.base.Strings;
@@ -100,13 +102,12 @@ public class HiveAuthzBinding {
// Instantiate the configured authz provider
private AuthorizationProvider getAuthProvider(HiveConf hiveConf, String serverName) throws Exception {
boolean isTestingMode = Boolean.parseBoolean(Strings.nullToEmpty(
- authzConf.get(AuthzConfVars.ACCESS_TESTING_MODE.getVar())).trim());
+ authzConf.get(AuthzConfVars.SENTRY_TESTING_MODE.getVar())).trim());
LOG.debug("Testing mode is " + isTestingMode);
if(!isTestingMode) {
String authMethod = Strings.nullToEmpty(hiveConf.getVar(ConfVars.HIVE_SERVER2_AUTHENTICATION)).trim();
if("none".equalsIgnoreCase(authMethod)) {
- LOG.error("HiveServer2 authentication method cannot be set to none unless testing mode is enabled");
- return new NoAuthorizationProvider();
+ throw new InvalidConfigurationException("Authentication can't be NONE in non-testing mode");
}
boolean impersonation = hiveConf.getBoolVar(ConfVars.HIVE_SERVER2_KERBEROS_IMPERSONATION);
boolean allowImpersonation = Boolean.parseBoolean(Strings.nullToEmpty(
http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/055e0146/sentry-binding/sentry-binding-hive/src/main/java/org/apache/sentry/binding/hive/conf/HiveAuthzConf.java
----------------------------------------------------------------------
diff --git a/sentry-binding/sentry-binding-hive/src/main/java/org/apache/sentry/binding/hive/conf/HiveAuthzConf.java b/sentry-binding/sentry-binding-hive/src/main/java/org/apache/sentry/binding/hive/conf/HiveAuthzConf.java
index bfd58fa..c51ce54 100644
--- a/sentry-binding/sentry-binding-hive/src/main/java/org/apache/sentry/binding/hive/conf/HiveAuthzConf.java
+++ b/sentry-binding/sentry-binding-hive/src/main/java/org/apache/sentry/binding/hive/conf/HiveAuthzConf.java
@@ -46,7 +46,7 @@ public class HiveAuthzConf extends Configuration {
AUTHZ_PROVIDER_RESOURCE("hive.sentry.provider.resource", ""),
AUTHZ_SERVER_NAME("hive.sentry.server", "HS2"),
AUTHZ_RESTRICT_DEFAULT_DB("hive.sentry.restrict.defaultDB", "false"),
- ACCESS_TESTING_MODE("hive.sentry.testing.mode", "false"),
+ SENTRY_TESTING_MODE("hive.sentry.testing.mode", "false"),
AUTHZ_UDF_WHITELIST("hive.sentry.udf.whitelist", HIVE_UDF_WHITE_LIST),
AUTHZ_ALLOW_HIVE_IMPERSONATION("hive.sentry.allow.hive.impersonation", "false"),
AUTHZ_ONFAILURE_HOOKS("hive.sentry.failure.hooks", ""),
@@ -56,7 +56,7 @@ public class HiveAuthzConf extends Configuration {
AUTHZ_PROVIDER_RESOURCE_DEPRECATED("hive.access.provider.resource", ""),
AUTHZ_SERVER_NAME_DEPRECATED("hive.access.server", "HS2"),
AUTHZ_RESTRICT_DEFAULT_DB_DEPRECATED("hive.access.restrict.defaultDB", "false"),
- ACCESS_TESTING_MODE_DEPRECATED("hive.access.testing.mode", "false"),
+ SENTRY_TESTING_MODE_DEPRECATED("hive.access.testing.mode", "false"),
AUTHZ_UDF_WHITELIST_DEPRECATED("hive.access.udf.whitelist", HIVE_UDF_WHITE_LIST),
AUTHZ_ALLOW_HIVE_IMPERSONATION_DEPRECATED("hive.access.allow.hive.impersonation", "false"),
AUTHZ_ONFAILURE_HOOKS_DEPRECATED("hive.access.failure.hooks", ""),
@@ -115,7 +115,7 @@ public class HiveAuthzConf extends Configuration {
deprecatedConfigs.put(AuthzConfVars.AUTHZ_PROVIDER_RESOURCE_DEPRECATED.getVar(), AuthzConfVars.AUTHZ_PROVIDER_RESOURCE);
deprecatedConfigs.put(AuthzConfVars.AUTHZ_SERVER_NAME_DEPRECATED.getVar(), AuthzConfVars.AUTHZ_SERVER_NAME);
deprecatedConfigs.put(AuthzConfVars.AUTHZ_RESTRICT_DEFAULT_DB_DEPRECATED.getVar(), AuthzConfVars.AUTHZ_RESTRICT_DEFAULT_DB);
- deprecatedConfigs.put(AuthzConfVars.ACCESS_TESTING_MODE_DEPRECATED.getVar(), AuthzConfVars.ACCESS_TESTING_MODE);
+ deprecatedConfigs.put(AuthzConfVars.SENTRY_TESTING_MODE_DEPRECATED.getVar(), AuthzConfVars.SENTRY_TESTING_MODE);
deprecatedConfigs.put(AuthzConfVars.AUTHZ_UDF_WHITELIST_DEPRECATED.getVar(), AuthzConfVars.AUTHZ_UDF_WHITELIST);
deprecatedConfigs.put(AuthzConfVars.AUTHZ_ALLOW_HIVE_IMPERSONATION_DEPRECATED.getVar(), AuthzConfVars.AUTHZ_ALLOW_HIVE_IMPERSONATION);
deprecatedConfigs.put(AuthzConfVars.AUTHZ_ONFAILURE_HOOKS_DEPRECATED.getVar(), AuthzConfVars.AUTHZ_ONFAILURE_HOOKS);
http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/055e0146/sentry-binding/sentry-binding-hive/src/main/java/org/apache/sentry/binding/hive/conf/InvalidConfigurationException.java
----------------------------------------------------------------------
diff --git a/sentry-binding/sentry-binding-hive/src/main/java/org/apache/sentry/binding/hive/conf/InvalidConfigurationException.java b/sentry-binding/sentry-binding-hive/src/main/java/org/apache/sentry/binding/hive/conf/InvalidConfigurationException.java
new file mode 100644
index 0000000..84fc410
--- /dev/null
+++ b/sentry-binding/sentry-binding-hive/src/main/java/org/apache/sentry/binding/hive/conf/InvalidConfigurationException.java
@@ -0,0 +1,15 @@
+package org.apache.sentry.binding.hive.conf;
+
+public class InvalidConfigurationException extends Exception
+{
+ private static final long serialVersionUID = 1L;
+
+ //Parameterless Constructor
+ public InvalidConfigurationException() {}
+
+ //Constructor that accepts a message
+ public InvalidConfigurationException(String message)
+ {
+ super(message);
+ }
+ }
http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/055e0146/sentry-binding/sentry-binding-hive/src/test/java/org/apache/sentry/binding/hive/TestHiveAuthzBindings.java
----------------------------------------------------------------------
diff --git a/sentry-binding/sentry-binding-hive/src/test/java/org/apache/sentry/binding/hive/TestHiveAuthzBindings.java b/sentry-binding/sentry-binding-hive/src/test/java/org/apache/sentry/binding/hive/TestHiveAuthzBindings.java
index 20d4e8f..fb3d3f0 100644
--- a/sentry-binding/sentry-binding-hive/src/test/java/org/apache/sentry/binding/hive/TestHiveAuthzBindings.java
+++ b/sentry-binding/sentry-binding-hive/src/test/java/org/apache/sentry/binding/hive/TestHiveAuthzBindings.java
@@ -21,6 +21,8 @@ import java.util.ArrayList;
import java.util.Arrays;
import java.util.List;
+import junit.framework.Assert;
+
import org.apache.commons.io.FileUtils;
import org.apache.hadoop.hive.conf.HiveConf;
import org.apache.hadoop.hive.conf.HiveConf.ConfVars;
@@ -31,6 +33,7 @@ import org.apache.sentry.binding.hive.authz.HiveAuthzPrivileges;
import org.apache.sentry.binding.hive.authz.HiveAuthzPrivilegesMap;
import org.apache.sentry.binding.hive.conf.HiveAuthzConf;
import org.apache.sentry.binding.hive.conf.HiveAuthzConf.AuthzConfVars;
+import org.apache.sentry.binding.hive.conf.InvalidConfigurationException;
import org.apache.sentry.core.AccessConstants;
import org.apache.sentry.core.AccessURI;
import org.apache.sentry.core.Authorizable;
@@ -107,7 +110,7 @@ public class TestHiveAuthzBindings {
authzConf.set(AuthzConfVars.AUTHZ_PROVIDER_RESOURCE.getVar(),
new File(baseDir, RESOURCE_PATH).getPath());
authzConf.set(AuthzConfVars.AUTHZ_SERVER_NAME.getVar(), SERVER1);
- authzConf.set(AuthzConfVars.ACCESS_TESTING_MODE.getVar(), "true");
+ authzConf.set(AuthzConfVars.SENTRY_TESTING_MODE.getVar(), "true");
testAuth = new HiveAuthzBinding(hiveConf, authzConf);
}
@@ -288,7 +291,7 @@ public class TestHiveAuthzBindings {
// perpare the hive and auth configs
hiveConf.setBoolVar(ConfVars.HIVE_SERVER2_KERBEROS_IMPERSONATION, true);
hiveConf.setVar(ConfVars.HIVE_SERVER2_AUTHENTICATION, "Kerberos");
- authzConf.set(AuthzConfVars.ACCESS_TESTING_MODE.getVar(), "false");
+ authzConf.set(AuthzConfVars.SENTRY_TESTING_MODE.getVar(), "false");
testAuth = new HiveAuthzBinding(hiveConf, authzConf);
// following check should pass, but with impersonation it will fail with due to NoAuthorizationProvider
@@ -306,7 +309,7 @@ public class TestHiveAuthzBindings {
// perpare the hive and auth configs
hiveConf.setBoolVar(ConfVars.HIVE_SERVER2_KERBEROS_IMPERSONATION, true);
hiveConf.setVar(ConfVars.HIVE_SERVER2_AUTHENTICATION, "Kerberos");
- authzConf.set(AuthzConfVars.ACCESS_TESTING_MODE.getVar(), "false");
+ authzConf.set(AuthzConfVars.SENTRY_TESTING_MODE.getVar(), "false");
authzConf.set(AuthzConfVars.AUTHZ_ALLOW_HIVE_IMPERSONATION.getVar(), "true");
testAuth = new HiveAuthzBinding(hiveConf, authzConf);
@@ -327,4 +330,16 @@ public class TestHiveAuthzBindings {
}
return authList;
}
+
+ /**
+ * Turn off authentication and verify exception is raised in non-testing mode
+ * @throws Exception
+ */
+ @Test(expected=InvalidConfigurationException.class)
+ public void testNoAuthenticationRestriction() throws Exception {
+ // perpare the hive and auth configs
+ hiveConf.setVar(ConfVars.HIVE_SERVER2_AUTHENTICATION, "None");
+ authzConf.set(AuthzConfVars.SENTRY_TESTING_MODE.getVar(), "false");
+ testAuth = new HiveAuthzBinding(hiveConf, authzConf);
+ }
}
http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/055e0146/sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/hive/hiveserver/HiveServerFactory.java
----------------------------------------------------------------------
diff --git a/sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/hive/hiveserver/HiveServerFactory.java b/sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/hive/hiveserver/HiveServerFactory.java
index f6d1791..288a7b3 100644
--- a/sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/hive/hiveserver/HiveServerFactory.java
+++ b/sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/hive/hiveserver/HiveServerFactory.java
@@ -51,7 +51,7 @@ public class HiveServerFactory {
public static final String AUTHZ_PROVIDER_RESOURCE = HiveAuthzConf.AuthzConfVars.AUTHZ_PROVIDER_RESOURCE.getVar();
public static final String AUTHZ_PROVIDER_FILENAME = "test-authz-provider.ini";
public static final String AUTHZ_SERVER_NAME = HiveAuthzConf.AuthzConfVars.AUTHZ_SERVER_NAME.getVar();
- public static final String ACCESS_TESTING_MODE = HiveAuthzConf.AuthzConfVars.ACCESS_TESTING_MODE.getVar();
+ public static final String ACCESS_TESTING_MODE = HiveAuthzConf.AuthzConfVars.SENTRY_TESTING_MODE.getVar();
public static final String HS2_PORT = ConfVars.HIVE_SERVER2_THRIFT_PORT.toString();
public static final String SUPPORT_CONCURRENCY = HiveConf.ConfVars.HIVE_SUPPORT_CONCURRENCY.varname;
public static final String HADOOPBIN = ConfVars.HADOOPBIN.toString();
Fwd: git commit: SENTRY-20: Sentry should throw an exception if
testing.mode is not set on non-secure cluster (Shreepadma Venugopalan vi
Prasad Mujumdar)
Posted by Prasad Mujumdar <pr...@cloudera.com>.
@commiters, I was not able to commit before from my current linux
setup. Turned out that I needed the netrc setup in order to commit. Please
see the instructions on
https://git-wip-us.apache.org/#committers-getting-started if you run into
problems with git push.
thanks
Prasad
---------- Forwarded message ----------
From: <pr...@apache.org>
Date: Fri, Sep 27, 2013 at 12:30 AM
Subject: git commit: SENTRY-20: Sentry should throw an exception if
testing.mode is not set on non-secure cluster (Shreepadma Venugopalan vi
Prasad Mujumdar)
To: commits@sentry.incubator.apache.org
Updated Branches:
refs/heads/master 3ce50d56c -> 055e0146f
SENTRY-20: Sentry should throw an exception if testing.mode is not set on
non-secure cluster (Shreepadma Venugopalan vi Prasad Mujumdar)
Project: http://git-wip-us.apache.org/repos/asf/incubator-sentry/repo
Commit:
http://git-wip-us.apache.org/repos/asf/incubator-sentry/commit/055e0146
Tree: http://git-wip-us.apache.org/repos/asf/incubator-sentry/tree/055e0146
Diff: http://git-wip-us.apache.org/repos/asf/incubator-sentry/diff/055e0146
Branch: refs/heads/master
Commit: 055e0146f83522a4668c2d20a04e7ba67dad085a
Parents: 3ce50d5
Author: Prasad Mujumdar <pr...@cloudera.com>
Authored: Mon Sep 23 23:22:27 2013 -0700
Committer: Prasad Mujumdar <pr...@cloudera.com>
Committed: Mon Sep 23 23:22:27 2013 -0700
----------------------------------------------------------------------
.../binding/hive/authz/HiveAuthzBinding.java | 7 ++++---
.../sentry/binding/hive/conf/HiveAuthzConf.java | 6 +++---
.../conf/InvalidConfigurationException.java | 15 ++++++++++++++
.../binding/hive/TestHiveAuthzBindings.java | 21 +++++++++++++++++---
.../e2e/hive/hiveserver/HiveServerFactory.java | 2 +-
5 files changed, 41 insertions(+), 10 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/055e0146/sentry-binding/sentry-binding-hive/src/main/java/org/apache/sentry/binding/hive/authz/HiveAuthzBinding.java
----------------------------------------------------------------------
diff --git
a/sentry-binding/sentry-binding-hive/src/main/java/org/apache/sentry/binding/hive/authz/HiveAuthzBinding.java
b/sentry-binding/sentry-binding-hive/src/main/java/org/apache/sentry/binding/hive/authz/HiveAuthzBinding.java
index 5190ba6..542b22c 100644
---
a/sentry-binding/sentry-binding-hive/src/main/java/org/apache/sentry/binding/hive/authz/HiveAuthzBinding.java
+++
b/sentry-binding/sentry-binding-hive/src/main/java/org/apache/sentry/binding/hive/authz/HiveAuthzBinding.java
@@ -17,6 +17,7 @@
package org.apache.sentry.binding.hive.authz;
import java.lang.reflect.Constructor;
+
import java.util.EnumSet;
import java.util.List;
import java.util.Map;
@@ -41,6 +42,7 @@ import org.apache.sentry.core.Subject;
import org.apache.sentry.core.Authorizable.AuthorizableType;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
+import org.apache.sentry.binding.hive.conf.InvalidConfigurationException;
import com.google.common.base.Strings;
@@ -100,13 +102,12 @@ public class HiveAuthzBinding {
// Instantiate the configured authz provider
private AuthorizationProvider getAuthProvider(HiveConf hiveConf, String
serverName) throws Exception {
boolean isTestingMode = Boolean.parseBoolean(Strings.nullToEmpty(
- authzConf.get(AuthzConfVars.ACCESS_TESTING_MODE.getVar())).trim());
+ authzConf.get(AuthzConfVars.SENTRY_TESTING_MODE.getVar())).trim());
LOG.debug("Testing mode is " + isTestingMode);
if(!isTestingMode) {
String authMethod =
Strings.nullToEmpty(hiveConf.getVar(ConfVars.HIVE_SERVER2_AUTHENTICATION)).trim();
if("none".equalsIgnoreCase(authMethod)) {
- LOG.error("HiveServer2 authentication method cannot be set to none
unless testing mode is enabled");
- return new NoAuthorizationProvider();
+ throw new InvalidConfigurationException("Authentication can't be
NONE in non-testing mode");
}
boolean impersonation =
hiveConf.getBoolVar(ConfVars.HIVE_SERVER2_KERBEROS_IMPERSONATION);
boolean allowImpersonation =
Boolean.parseBoolean(Strings.nullToEmpty(
http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/055e0146/sentry-binding/sentry-binding-hive/src/main/java/org/apache/sentry/binding/hive/conf/HiveAuthzConf.java
----------------------------------------------------------------------
diff --git
a/sentry-binding/sentry-binding-hive/src/main/java/org/apache/sentry/binding/hive/conf/HiveAuthzConf.java
b/sentry-binding/sentry-binding-hive/src/main/java/org/apache/sentry/binding/hive/conf/HiveAuthzConf.java
index bfd58fa..c51ce54 100644
---
a/sentry-binding/sentry-binding-hive/src/main/java/org/apache/sentry/binding/hive/conf/HiveAuthzConf.java
+++
b/sentry-binding/sentry-binding-hive/src/main/java/org/apache/sentry/binding/hive/conf/HiveAuthzConf.java
@@ -46,7 +46,7 @@ public class HiveAuthzConf extends Configuration {
AUTHZ_PROVIDER_RESOURCE("hive.sentry.provider.resource", ""),
AUTHZ_SERVER_NAME("hive.sentry.server", "HS2"),
AUTHZ_RESTRICT_DEFAULT_DB("hive.sentry.restrict.defaultDB",
"false"),
- ACCESS_TESTING_MODE("hive.sentry.testing.mode", "false"),
+ SENTRY_TESTING_MODE("hive.sentry.testing.mode", "false"),
AUTHZ_UDF_WHITELIST("hive.sentry.udf.whitelist",
HIVE_UDF_WHITE_LIST),
AUTHZ_ALLOW_HIVE_IMPERSONATION("hive.sentry.allow.hive.impersonation",
"false"),
AUTHZ_ONFAILURE_HOOKS("hive.sentry.failure.hooks", ""),
@@ -56,7 +56,7 @@ public class HiveAuthzConf extends Configuration {
AUTHZ_PROVIDER_RESOURCE_DEPRECATED("hive.access.provider.resource", ""),
AUTHZ_SERVER_NAME_DEPRECATED("hive.access.server", "HS2"),
AUTHZ_RESTRICT_DEFAULT_DB_DEPRECATED("hive.access.restrict.defaultDB",
"false"),
- ACCESS_TESTING_MODE_DEPRECATED("hive.access.testing.mode",
"false"),
+ SENTRY_TESTING_MODE_DEPRECATED("hive.access.testing.mode",
"false"),
AUTHZ_UDF_WHITELIST_DEPRECATED("hive.access.udf.whitelist",
HIVE_UDF_WHITE_LIST),
AUTHZ_ALLOW_HIVE_IMPERSONATION_DEPRECATED("hive.access.allow.hive.impersonation",
"false"),
AUTHZ_ONFAILURE_HOOKS_DEPRECATED("hive.access.failure.hooks", ""),
@@ -115,7 +115,7 @@ public class HiveAuthzConf extends Configuration {
deprecatedConfigs.put(AuthzConfVars.AUTHZ_PROVIDER_RESOURCE_DEPRECATED.getVar(),
AuthzConfVars.AUTHZ_PROVIDER_RESOURCE);
deprecatedConfigs.put(AuthzConfVars.AUTHZ_SERVER_NAME_DEPRECATED.getVar(),
AuthzConfVars.AUTHZ_SERVER_NAME);
deprecatedConfigs.put(AuthzConfVars.AUTHZ_RESTRICT_DEFAULT_DB_DEPRECATED.getVar(),
AuthzConfVars.AUTHZ_RESTRICT_DEFAULT_DB);
-
deprecatedConfigs.put(AuthzConfVars.ACCESS_TESTING_MODE_DEPRECATED.getVar(),
AuthzConfVars.ACCESS_TESTING_MODE);
+
deprecatedConfigs.put(AuthzConfVars.SENTRY_TESTING_MODE_DEPRECATED.getVar(),
AuthzConfVars.SENTRY_TESTING_MODE);
deprecatedConfigs.put(AuthzConfVars.AUTHZ_UDF_WHITELIST_DEPRECATED.getVar(),
AuthzConfVars.AUTHZ_UDF_WHITELIST);
deprecatedConfigs.put(AuthzConfVars.AUTHZ_ALLOW_HIVE_IMPERSONATION_DEPRECATED.getVar(),
AuthzConfVars.AUTHZ_ALLOW_HIVE_IMPERSONATION);
deprecatedConfigs.put(AuthzConfVars.AUTHZ_ONFAILURE_HOOKS_DEPRECATED.getVar(),
AuthzConfVars.AUTHZ_ONFAILURE_HOOKS);
http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/055e0146/sentry-binding/sentry-binding-hive/src/main/java/org/apache/sentry/binding/hive/conf/InvalidConfigurationException.java
----------------------------------------------------------------------
diff --git
a/sentry-binding/sentry-binding-hive/src/main/java/org/apache/sentry/binding/hive/conf/InvalidConfigurationException.java
b/sentry-binding/sentry-binding-hive/src/main/java/org/apache/sentry/binding/hive/conf/InvalidConfigurationException.java
new file mode 100644
index 0000000..84fc410
--- /dev/null
+++
b/sentry-binding/sentry-binding-hive/src/main/java/org/apache/sentry/binding/hive/conf/InvalidConfigurationException.java
@@ -0,0 +1,15 @@
+package org.apache.sentry.binding.hive.conf;
+
+public class InvalidConfigurationException extends Exception
+{
+ private static final long serialVersionUID = 1L;
+
+ //Parameterless Constructor
+ public InvalidConfigurationException() {}
+
+ //Constructor that accepts a message
+ public InvalidConfigurationException(String message)
+ {
+ super(message);
+ }
+ }
http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/055e0146/sentry-binding/sentry-binding-hive/src/test/java/org/apache/sentry/binding/hive/TestHiveAuthzBindings.java
----------------------------------------------------------------------
diff --git
a/sentry-binding/sentry-binding-hive/src/test/java/org/apache/sentry/binding/hive/TestHiveAuthzBindings.java
b/sentry-binding/sentry-binding-hive/src/test/java/org/apache/sentry/binding/hive/TestHiveAuthzBindings.java
index 20d4e8f..fb3d3f0 100644
---
a/sentry-binding/sentry-binding-hive/src/test/java/org/apache/sentry/binding/hive/TestHiveAuthzBindings.java
+++
b/sentry-binding/sentry-binding-hive/src/test/java/org/apache/sentry/binding/hive/TestHiveAuthzBindings.java
@@ -21,6 +21,8 @@ import java.util.ArrayList;
import java.util.Arrays;
import java.util.List;
+import junit.framework.Assert;
+
import org.apache.commons.io.FileUtils;
import org.apache.hadoop.hive.conf.HiveConf;
import org.apache.hadoop.hive.conf.HiveConf.ConfVars;
@@ -31,6 +33,7 @@ import
org.apache.sentry.binding.hive.authz.HiveAuthzPrivileges;
import org.apache.sentry.binding.hive.authz.HiveAuthzPrivilegesMap;
import org.apache.sentry.binding.hive.conf.HiveAuthzConf;
import org.apache.sentry.binding.hive.conf.HiveAuthzConf.AuthzConfVars;
+import org.apache.sentry.binding.hive.conf.InvalidConfigurationException;
import org.apache.sentry.core.AccessConstants;
import org.apache.sentry.core.AccessURI;
import org.apache.sentry.core.Authorizable;
@@ -107,7 +110,7 @@ public class TestHiveAuthzBindings {
authzConf.set(AuthzConfVars.AUTHZ_PROVIDER_RESOURCE.getVar(),
new File(baseDir, RESOURCE_PATH).getPath());
authzConf.set(AuthzConfVars.AUTHZ_SERVER_NAME.getVar(), SERVER1);
- authzConf.set(AuthzConfVars.ACCESS_TESTING_MODE.getVar(), "true");
+ authzConf.set(AuthzConfVars.SENTRY_TESTING_MODE.getVar(), "true");
testAuth = new HiveAuthzBinding(hiveConf, authzConf);
}
@@ -288,7 +291,7 @@ public class TestHiveAuthzBindings {
// perpare the hive and auth configs
hiveConf.setBoolVar(ConfVars.HIVE_SERVER2_KERBEROS_IMPERSONATION,
true);
hiveConf.setVar(ConfVars.HIVE_SERVER2_AUTHENTICATION, "Kerberos");
- authzConf.set(AuthzConfVars.ACCESS_TESTING_MODE.getVar(), "false");
+ authzConf.set(AuthzConfVars.SENTRY_TESTING_MODE.getVar(), "false");
testAuth = new HiveAuthzBinding(hiveConf, authzConf);
// following check should pass, but with impersonation it will fail
with due to NoAuthorizationProvider
@@ -306,7 +309,7 @@ public class TestHiveAuthzBindings {
// perpare the hive and auth configs
hiveConf.setBoolVar(ConfVars.HIVE_SERVER2_KERBEROS_IMPERSONATION,
true);
hiveConf.setVar(ConfVars.HIVE_SERVER2_AUTHENTICATION, "Kerberos");
- authzConf.set(AuthzConfVars.ACCESS_TESTING_MODE.getVar(), "false");
+ authzConf.set(AuthzConfVars.SENTRY_TESTING_MODE.getVar(), "false");
authzConf.set(AuthzConfVars.AUTHZ_ALLOW_HIVE_IMPERSONATION.getVar(),
"true");
testAuth = new HiveAuthzBinding(hiveConf, authzConf);
@@ -327,4 +330,16 @@ public class TestHiveAuthzBindings {
}
return authList;
}
+
+ /**
+ * Turn off authentication and verify exception is raised in non-testing
mode
+ * @throws Exception
+ */
+ @Test(expected=InvalidConfigurationException.class)
+ public void testNoAuthenticationRestriction() throws Exception {
+ // perpare the hive and auth configs
+ hiveConf.setVar(ConfVars.HIVE_SERVER2_AUTHENTICATION, "None");
+ authzConf.set(AuthzConfVars.SENTRY_TESTING_MODE.getVar(), "false");
+ testAuth = new HiveAuthzBinding(hiveConf, authzConf);
+ }
}
http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/055e0146/sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/hive/hiveserver/HiveServerFactory.java
----------------------------------------------------------------------
diff --git
a/sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/hive/hiveserver/HiveServerFactory.java
b/sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/hive/hiveserver/HiveServerFactory.java
index f6d1791..288a7b3 100644
---
a/sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/hive/hiveserver/HiveServerFactory.java
+++
b/sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/hive/hiveserver/HiveServerFactory.java
@@ -51,7 +51,7 @@ public class HiveServerFactory {
public static final String AUTHZ_PROVIDER_RESOURCE =
HiveAuthzConf.AuthzConfVars.AUTHZ_PROVIDER_RESOURCE.getVar();
public static final String AUTHZ_PROVIDER_FILENAME =
"test-authz-provider.ini";
public static final String AUTHZ_SERVER_NAME =
HiveAuthzConf.AuthzConfVars.AUTHZ_SERVER_NAME.getVar();
- public static final String ACCESS_TESTING_MODE =
HiveAuthzConf.AuthzConfVars.ACCESS_TESTING_MODE.getVar();
+ public static final String ACCESS_TESTING_MODE =
HiveAuthzConf.AuthzConfVars.SENTRY_TESTING_MODE.getVar();
public static final String HS2_PORT =
ConfVars.HIVE_SERVER2_THRIFT_PORT.toString();
public static final String SUPPORT_CONCURRENCY =
HiveConf.ConfVars.HIVE_SUPPORT_CONCURRENCY.varname;
public static final String HADOOPBIN = ConfVars.HADOOPBIN.toString();