You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@sentry.apache.org by gc...@apache.org on 2016/01/30 01:41:07 UTC
incubator-sentry git commit: SENTRY-1037: Set
"hadoop.security.authentication" to "kerberos" in the Generic Client (Gregory
Chanan, reviewed by Sravya Tirukkovalur)
Repository: incubator-sentry
Updated Branches:
refs/heads/master 20f3960ce -> a01a75011
SENTRY-1037: Set "hadoop.security.authentication" to "kerberos" in the Generic Client (Gregory Chanan, reviewed by Sravya Tirukkovalur)
Project: http://git-wip-us.apache.org/repos/asf/incubator-sentry/repo
Commit: http://git-wip-us.apache.org/repos/asf/incubator-sentry/commit/a01a7501
Tree: http://git-wip-us.apache.org/repos/asf/incubator-sentry/tree/a01a7501
Diff: http://git-wip-us.apache.org/repos/asf/incubator-sentry/diff/a01a7501
Branch: refs/heads/master
Commit: a01a7501114ca0934255a0fb5e2635214f8ce887
Parents: 20f3960
Author: Gregory Chanan <gc...@cloudera.com>
Authored: Thu Jan 28 16:35:05 2016 -0800
Committer: Gregory Chanan <gc...@cloudera.com>
Committed: Fri Jan 29 16:40:05 2016 -0800
----------------------------------------------------------------------
.../thrift/SentryGenericServiceClientDefaultImpl.java | 14 +++++++++++---
.../provider/db/generic/tools/SentryShellSolr.java | 4 +++-
2 files changed, 14 insertions(+), 4 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/a01a7501/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/generic/service/thrift/SentryGenericServiceClientDefaultImpl.java
----------------------------------------------------------------------
diff --git a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/generic/service/thrift/SentryGenericServiceClientDefaultImpl.java b/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/generic/service/thrift/SentryGenericServiceClientDefaultImpl.java
index 761b0a4..ce57513 100644
--- a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/generic/service/thrift/SentryGenericServiceClientDefaultImpl.java
+++ b/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/generic/service/thrift/SentryGenericServiceClientDefaultImpl.java
@@ -28,6 +28,7 @@ import java.util.Set;
import javax.security.auth.callback.CallbackHandler;
import org.apache.hadoop.conf.Configuration;
+import static org.apache.hadoop.fs.CommonConfigurationKeysPublic.HADOOP_SECURITY_AUTHENTICATION;
import org.apache.hadoop.net.NetUtils;
import org.apache.hadoop.security.SaslRpcServer;
import org.apache.hadoop.security.SaslRpcServer.AuthMethod;
@@ -75,11 +76,14 @@ public class SentryGenericServiceClientDefaultImpl implements SentryGenericServi
public UgiSaslClientTransport(String mechanism, String authorizationId,
String protocol, String serverName, Map<String, String> props,
- CallbackHandler cbh, TTransport transport, boolean wrapUgi)
+ CallbackHandler cbh, TTransport transport, boolean wrapUgi, Configuration conf)
throws IOException {
super(mechanism, authorizationId, protocol, serverName, props, cbh,
transport);
if (wrapUgi) {
+ // If we don't set the configuration, the UGI will be created based on
+ // what's on the classpath, which may lack the kerberos changes we require
+ UserGroupInformation.setConfiguration(conf);
ugi = UserGroupInformation.getLoginUser();
}
}
@@ -116,7 +120,8 @@ public class SentryGenericServiceClientDefaultImpl implements SentryGenericServi
}
public SentryGenericServiceClientDefaultImpl(Configuration conf) throws IOException {
- this.conf = conf;
+ // copy the configuration because we may make modifications to it.
+ this.conf = new Configuration(conf);
Preconditions.checkNotNull(this.conf, "Configuration object cannot be null");
this.serverAddress = NetUtils.createSocketAddr(Preconditions.checkNotNull(
conf.get(ClientConfig.SERVER_RPC_ADDRESS), "Config key "
@@ -130,6 +135,9 @@ public class SentryGenericServiceClientDefaultImpl implements SentryGenericServi
serverAddress.getPort(), connectionTimeout);
if (kerberos) {
String serverPrincipal = Preconditions.checkNotNull(conf.get(ServerConfig.PRINCIPAL), ServerConfig.PRINCIPAL + " is required");
+ // since the client uses hadoop-auth, we need to set kerberos in
+ // hadoop-auth if we plan to use kerberos
+ conf.set(HADOOP_SECURITY_AUTHENTICATION, ServerConfig.SECURITY_MODE_KERBEROS);
// Resolve server host in the same way as we are doing on server side
serverPrincipal = SecurityUtil.getServerPrincipal(serverPrincipal, serverAddress.getAddress());
@@ -142,7 +150,7 @@ public class SentryGenericServiceClientDefaultImpl implements SentryGenericServi
.get(ServerConfig.SECURITY_USE_UGI_TRANSPORT, "true"));
transport = new UgiSaslClientTransport(AuthMethod.KERBEROS.getMechanismName(),
null, serverPrincipalParts[0], serverPrincipalParts[1],
- ClientConfig.SASL_PROPERTIES, null, transport, wrapUgi);
+ ClientConfig.SASL_PROPERTIES, null, transport, wrapUgi, conf);
} else {
serverPrincipalParts = null;
}
http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/a01a7501/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/generic/tools/SentryShellSolr.java
----------------------------------------------------------------------
diff --git a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/generic/tools/SentryShellSolr.java b/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/generic/tools/SentryShellSolr.java
index ec786a5..15f4a26 100644
--- a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/generic/tools/SentryShellSolr.java
+++ b/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/generic/tools/SentryShellSolr.java
@@ -45,6 +45,7 @@ public class SentryShellSolr extends SentryShellCommon {
String requestorName = System.getProperty("user.name", "");
String component = "SOLR";
Configuration conf = getSentryConf();
+
String service = conf.get(SOLR_SERVICE_NAME, "service1");
SentryGenericServiceClient client = SentryGenericServiceClientFactory.create(conf);
@@ -94,7 +95,8 @@ public class SentryShellSolr extends SentryShellCommon {
}
} catch (Exception e) {
LOGGER.error(e.getMessage(), e);
- System.out.println("The operation failed, please refer to log file for the root cause.");
+ System.out.println("The operation failed." +
+ e.getMessage() == null ? "" : "Message: " + e.getMessage());
}
}