You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@sentry.apache.org by sr...@apache.org on 2014/06/13 00:39:02 UTC
git commit: SENTRY-294: The Sentry service client should execute UGI
privilege action by default ( Prasad Mujumdar via Sravya Tirukkovalur)
Repository: incubator-sentry
Updated Branches:
refs/heads/master 398183228 -> b08717243
SENTRY-294: The Sentry service client should execute UGI privilege action by default ( Prasad Mujumdar via Sravya Tirukkovalur)
Project: http://git-wip-us.apache.org/repos/asf/incubator-sentry/repo
Commit: http://git-wip-us.apache.org/repos/asf/incubator-sentry/commit/b0871724
Tree: http://git-wip-us.apache.org/repos/asf/incubator-sentry/tree/b0871724
Diff: http://git-wip-us.apache.org/repos/asf/incubator-sentry/diff/b0871724
Branch: refs/heads/master
Commit: b08717243372973d2b264617314de629065278cb
Parents: 3981832
Author: Sravya Tirukkovalur <sr...@clouera.com>
Authored: Thu Jun 12 15:38:17 2014 -0700
Committer: Sravya Tirukkovalur <sr...@clouera.com>
Committed: Thu Jun 12 15:38:17 2014 -0700
----------------------------------------------------------------------
.../java/org/apache/sentry/binding/hive/HiveAuthzBindingHook.java | 2 --
.../provider/db/service/thrift/SentryPolicyServiceClient.java | 2 +-
.../java/org/apache/sentry/service/thrift/ServiceConstants.java | 2 +-
.../apache/sentry/service/thrift/SentryServiceIntegrationBase.java | 1 +
4 files changed, 3 insertions(+), 4 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/b0871724/sentry-binding/sentry-binding-hive/src/main/java/org/apache/sentry/binding/hive/HiveAuthzBindingHook.java
----------------------------------------------------------------------
diff --git a/sentry-binding/sentry-binding-hive/src/main/java/org/apache/sentry/binding/hive/HiveAuthzBindingHook.java b/sentry-binding/sentry-binding-hive/src/main/java/org/apache/sentry/binding/hive/HiveAuthzBindingHook.java
index 042fb00..6c507b8 100644
--- a/sentry-binding/sentry-binding-hive/src/main/java/org/apache/sentry/binding/hive/HiveAuthzBindingHook.java
+++ b/sentry-binding/sentry-binding-hive/src/main/java/org/apache/sentry/binding/hive/HiveAuthzBindingHook.java
@@ -65,7 +65,6 @@ import org.apache.sentry.core.model.db.DBModelAuthorizable;
import org.apache.sentry.core.model.db.DBModelAuthorizable.AuthorizableType;
import org.apache.sentry.core.model.db.Database;
import org.apache.sentry.core.model.db.Table;
-import org.apache.sentry.service.thrift.ServiceConstants.ServerConfig;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
@@ -121,7 +120,6 @@ implements HiveDriverFilterHook {
+ " specifies a malformed URL '" + hiveAuthzConf + "'", e);
}
}
- newAuthzConf.set(ServerConfig.SECURITY_USE_UGI_TRANSPORT, "true");
return newAuthzConf;
}
http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/b0871724/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/thrift/SentryPolicyServiceClient.java
----------------------------------------------------------------------
diff --git a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/thrift/SentryPolicyServiceClient.java b/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/thrift/SentryPolicyServiceClient.java
index afbedb3..15a2e43 100644
--- a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/thrift/SentryPolicyServiceClient.java
+++ b/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/thrift/SentryPolicyServiceClient.java
@@ -139,7 +139,7 @@ public class SentryPolicyServiceClient {
Preconditions.checkArgument(serverPrincipalParts.length == 3,
"Kerberos principal should have 3 parts: " + serverPrincipal);
boolean wrapUgi = "true".equalsIgnoreCase(conf
- .get(ServerConfig.SECURITY_USE_UGI_TRANSPORT));
+ .get(ServerConfig.SECURITY_USE_UGI_TRANSPORT, "true"));
transport = new UgiSaslClientTransport(AuthMethod.KERBEROS.getMechanismName(),
null, serverPrincipalParts[0], serverPrincipalParts[1],
ClientConfig.SASL_PROPERTIES, null, transport, wrapUgi);
http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/b0871724/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/service/thrift/ServiceConstants.java
----------------------------------------------------------------------
diff --git a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/service/thrift/ServiceConstants.java b/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/service/thrift/ServiceConstants.java
index ba6a712..111fabf 100644
--- a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/service/thrift/ServiceConstants.java
+++ b/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/service/thrift/ServiceConstants.java
@@ -53,7 +53,7 @@ public class ServiceConstants {
public static final String SECURITY_MODE = "sentry.service.security.mode";
public static final String SECURITY_MODE_KERBEROS = "kerberos";
public static final String SECURITY_MODE_NONE = "none";
- public static final String SECURITY_USE_UGI_TRANSPORT = "true";
+ public static final String SECURITY_USE_UGI_TRANSPORT = "sentry.service.security.use.ugi";
public static final String ADMIN_GROUPS = "sentry.service.admin.group";
public static final String PRINCIPAL = "sentry.service.server.principal";
public static final String KEY_TAB = "sentry.service.server.keytab";
http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/b0871724/sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/service/thrift/SentryServiceIntegrationBase.java
----------------------------------------------------------------------
diff --git a/sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/service/thrift/SentryServiceIntegrationBase.java b/sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/service/thrift/SentryServiceIntegrationBase.java
index 20265a4..838e8d3 100644
--- a/sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/service/thrift/SentryServiceIntegrationBase.java
+++ b/sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/service/thrift/SentryServiceIntegrationBase.java
@@ -139,6 +139,7 @@ public abstract class SentryServiceIntegrationBase extends KerberosSecurityTestc
// therefore we must manually login in the integration tests
final SentryServiceClientFactory factory = new SentryServiceClientFactory();
if (kerberos) {
+ conf.set(ServerConfig.SECURITY_USE_UGI_TRANSPORT, "false");
clientSubject = new Subject(false, Sets.newHashSet(
new KerberosPrincipal(CLIENT_KERBEROS_NAME)), new HashSet<Object>(),
new HashSet<Object>());