You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@sentry.apache.org by co...@apache.org on 2017/10/19 09:00:06 UTC
[25/26] sentry git commit: SENTRY-1453: Enable passing sentry client
cache configs from kafka conf (Ashish Singh, reviewed by Sravya Tirukkovalur)
SENTRY-1453: Enable passing sentry client cache configs from kafka conf (Ashish Singh, reviewed by Sravya Tirukkovalur)
Project: http://git-wip-us.apache.org/repos/asf/sentry/repo
Commit: http://git-wip-us.apache.org/repos/asf/sentry/commit/436787cb
Tree: http://git-wip-us.apache.org/repos/asf/sentry/tree/436787cb
Diff: http://git-wip-us.apache.org/repos/asf/sentry/diff/436787cb
Branch: refs/heads/akolb-cli
Commit: 436787cb6745da67f296984230949b07e28f00ca
Parents: 09761c7
Author: Sergio Pena <se...@cloudera.com>
Authored: Wed Oct 18 17:08:35 2017 -0500
Committer: Sergio Pena <se...@cloudera.com>
Committed: Wed Oct 18 17:08:35 2017 -0500
----------------------------------------------------------------------
.../sentry/kafka/binding/KafkaAuthBinding.java | 28 +++++++++++++++++---
.../apache/sentry/kafka/conf/KafkaAuthConf.java | 8 +++++-
.../sentry/tests/e2e/kafka/KafkaTestServer.java | 7 ++++-
.../e2e/kafka/AbstractKafkaSentryTestBase.java | 6 ++---
4 files changed, 40 insertions(+), 9 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/sentry/blob/436787cb/sentry-binding/sentry-binding-kafka/src/main/java/org/apache/sentry/kafka/binding/KafkaAuthBinding.java
----------------------------------------------------------------------
diff --git a/sentry-binding/sentry-binding-kafka/src/main/java/org/apache/sentry/kafka/binding/KafkaAuthBinding.java b/sentry-binding/sentry-binding-kafka/src/main/java/org/apache/sentry/kafka/binding/KafkaAuthBinding.java
index 7a36c5f..660e66f 100644
--- a/sentry-binding/sentry-binding-kafka/src/main/java/org/apache/sentry/kafka/binding/KafkaAuthBinding.java
+++ b/sentry-binding/sentry-binding-kafka/src/main/java/org/apache/sentry/kafka/binding/KafkaAuthBinding.java
@@ -154,9 +154,31 @@ public class KafkaAuthBinding {
" are required configs to be able to initialize Kerberos");
}
- // for convenience, set the PrivilegeConverter.
- if (authConf.get(ServiceConstants.ClientConfig.PRIVILEGE_CONVERTER) == null) {
- authConf.set(ServiceConstants.ClientConfig.PRIVILEGE_CONVERTER, GenericPrivilegeConverter.class.getName());
+ // Pass sentry privileges caching settings from kafka conf to sentry's auth conf
+ final Object enableCachingConfig = kafkaConfigs.get(AuthzConfVars.AUTHZ_CACHING_ENABLE_NAME.getVar());
+ if (enableCachingConfig != null) {
+ String enableCaching = enableCachingConfig.toString();
+ if (Boolean.parseBoolean(enableCaching)) {
+ authConf.set(ServiceConstants.ClientConfig.ENABLE_CACHING, enableCaching);
+
+ final Object cacheTtlMsConfig = kafkaConfigs
+ .get(AuthzConfVars.AUTHZ_CACHING_TTL_MS_NAME.getVar());
+ if (cacheTtlMsConfig != null) {
+ authConf.set(ServiceConstants.ClientConfig.CACHE_TTL_MS, cacheTtlMsConfig.toString());
+ }
+
+ final Object cacheUpdateFailuresCountConfig = kafkaConfigs
+ .get(AuthzConfVars.AUTHZ_CACHING_UPDATE_FAILURES_COUNT_NAME.getVar());
+ if (cacheUpdateFailuresCountConfig != null) {
+ authConf.set(ServiceConstants.ClientConfig.CACHE_UPDATE_FAILURES_BEFORE_PRIV_REVOKE,
+ cacheUpdateFailuresCountConfig.toString());
+ }
+
+ if (authConf.get(ServiceConstants.ClientConfig.PRIVILEGE_CONVERTER) == null) {
+ authConf.set(ServiceConstants.ClientConfig.PRIVILEGE_CONVERTER,
+ GenericPrivilegeConverter.class.getName());
+ }
+ }
}
// Instantiate the configured providerBackend
http://git-wip-us.apache.org/repos/asf/sentry/blob/436787cb/sentry-binding/sentry-binding-kafka/src/main/java/org/apache/sentry/kafka/conf/KafkaAuthConf.java
----------------------------------------------------------------------
diff --git a/sentry-binding/sentry-binding-kafka/src/main/java/org/apache/sentry/kafka/conf/KafkaAuthConf.java b/sentry-binding/sentry-binding-kafka/src/main/java/org/apache/sentry/kafka/conf/KafkaAuthConf.java
index 3b1cb9c..6ca6210 100644
--- a/sentry-binding/sentry-binding-kafka/src/main/java/org/apache/sentry/kafka/conf/KafkaAuthConf.java
+++ b/sentry-binding/sentry-binding-kafka/src/main/java/org/apache/sentry/kafka/conf/KafkaAuthConf.java
@@ -33,6 +33,9 @@ public class KafkaAuthConf extends Configuration {
public static final String KAFKA_PRINCIPAL_HOSTNAME = "sentry.kafka.principal.hostname";
public static final String KAFKA_PRINCIPAL_NAME = "sentry.kafka.kerberos.principal";
public static final String KAFKA_KEYTAB_FILE_NAME = "sentry.kafka.keytab.file";
+ public static final String SENTRY_KAFKA_CACHING_ENABLE_NAME = "sentry.kafka.caching.enable";
+ public static final String SENTRY_KAFKA_CACHING_TTL_MS_NAME = "sentry.kafka.caching.ttl.ms";
+ public static final String SENTRY_KAFKA_CACHING_UPDATE_FAILURES_COUNT_NAME = "sentry.kafka.caching.update.failures.count";
/**
* Config setting definitions
@@ -46,7 +49,10 @@ public class KafkaAuthConf extends Configuration {
AUTHZ_SERVICE_USER_NAME(KAFKA_SERVICE_USER_NAME, "kafka"),
AUTHZ_PRINCIPAL_HOSTNAME(KAFKA_PRINCIPAL_HOSTNAME, null),
AUTHZ_PRINCIPAL_NAME(KAFKA_PRINCIPAL_NAME, null),
- AUTHZ_KEYTAB_FILE_NAME(KAFKA_KEYTAB_FILE_NAME, null);
+ AUTHZ_KEYTAB_FILE_NAME(KAFKA_KEYTAB_FILE_NAME, null),
+ AUTHZ_CACHING_ENABLE_NAME(SENTRY_KAFKA_CACHING_ENABLE_NAME, "false"),
+ AUTHZ_CACHING_TTL_MS_NAME(SENTRY_KAFKA_CACHING_TTL_MS_NAME, "30000"),
+ AUTHZ_CACHING_UPDATE_FAILURES_COUNT_NAME(SENTRY_KAFKA_CACHING_UPDATE_FAILURES_COUNT_NAME, "3");
private final String varName;
private final String defaultVal;
http://git-wip-us.apache.org/repos/asf/sentry/blob/436787cb/sentry-tests/sentry-tests-kafka/src/main/java/org/apache/sentry/tests/e2e/kafka/KafkaTestServer.java
----------------------------------------------------------------------
diff --git a/sentry-tests/sentry-tests-kafka/src/main/java/org/apache/sentry/tests/e2e/kafka/KafkaTestServer.java b/sentry-tests/sentry-tests-kafka/src/main/java/org/apache/sentry/tests/e2e/kafka/KafkaTestServer.java
index e7273ee..faeb369 100644
--- a/sentry-tests/sentry-tests-kafka/src/main/java/org/apache/sentry/tests/e2e/kafka/KafkaTestServer.java
+++ b/sentry-tests/sentry-tests-kafka/src/main/java/org/apache/sentry/tests/e2e/kafka/KafkaTestServer.java
@@ -18,6 +18,7 @@
package org.apache.sentry.tests.e2e.kafka;
import kafka.server.KafkaServerStartable;
+import org.apache.sentry.kafka.conf.KafkaAuthConf;
import org.apache.curator.test.TestingServer;
import org.slf4j.Logger;
@@ -32,6 +33,8 @@ import java.nio.file.Path;
import java.util.Properties;
public class KafkaTestServer {
+ public static final int CACHE_TTL_MS = 1;
+
private static final Logger LOGGER = LoggerFactory.getLogger(KafkaTestServer.class);
private int kafkaPort = -1;
@@ -99,7 +102,9 @@ public class KafkaTestServer {
props.put("ssl.truststore.password", "test-ts-passwd");
props.put("security.inter.broker.protocol", "SSL");
props.put("ssl.client.auth", "required");
- props.put("super.users", "User:CN=superuser;User:CN=superuser1; User:CN=Superuser2 ");
+ props.put(KafkaAuthConf.KAFKA_SUPER_USERS, "User:CN=superuser;User:CN=superuser1; User:CN=Superuser2 ");
+ props.put(KafkaAuthConf.SENTRY_KAFKA_CACHING_ENABLE_NAME, "true");
+ props.put(KafkaAuthConf.SENTRY_KAFKA_CACHING_TTL_MS_NAME, String.valueOf(CACHE_TTL_MS));
}
private void createKafkaServer() throws UnknownHostException {
http://git-wip-us.apache.org/repos/asf/sentry/blob/436787cb/sentry-tests/sentry-tests-kafka/src/test/java/org/apache/sentry/tests/e2e/kafka/AbstractKafkaSentryTestBase.java
----------------------------------------------------------------------
diff --git a/sentry-tests/sentry-tests-kafka/src/test/java/org/apache/sentry/tests/e2e/kafka/AbstractKafkaSentryTestBase.java b/sentry-tests/sentry-tests-kafka/src/test/java/org/apache/sentry/tests/e2e/kafka/AbstractKafkaSentryTestBase.java
index 0aa6fd3..100d885 100644
--- a/sentry-tests/sentry-tests-kafka/src/test/java/org/apache/sentry/tests/e2e/kafka/AbstractKafkaSentryTestBase.java
+++ b/sentry-tests/sentry-tests-kafka/src/test/java/org/apache/sentry/tests/e2e/kafka/AbstractKafkaSentryTestBase.java
@@ -74,8 +74,8 @@ public class AbstractKafkaSentryTestBase {
protected static String bootstrapServers = null;
protected static KafkaTestServer kafkaServer = null;
-
- private static final long CACHE_TTL_MS = 1;
+
+ private static final int CACHE_TTL_MS = 1;
private static final int SAFETY_FACTOR = 2; // Sleep for specified times of expected time for an operation to complete.
@BeforeClass
@@ -216,8 +216,6 @@ public class AbstractKafkaSentryTestBase {
conf.set(KafkaAuthConf.AuthzConfVars.AUTHZ_PROVIDER_BACKEND.getVar(),
SentryGenericProviderBackend.class.getName());
conf.set(KafkaAuthConf.AuthzConfVars.AUTHZ_PROVIDER_RESOURCE.getVar(), policyFilePath.getPath());
- conf.setBoolean(ClientConfig.ENABLE_CACHING, true);
- conf.setLong(ClientConfig.CACHE_TTL_MS, CACHE_TTL_MS);
return conf;
}