You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@sentry.apache.org by sr...@apache.org on 2014/06/13 00:39:02 UTC

git commit: SENTRY-294: The Sentry service client should execute UGI privilege action by default ( Prasad Mujumdar via Sravya Tirukkovalur)

Repository: incubator-sentry
Updated Branches:
  refs/heads/master 398183228 -> b08717243


SENTRY-294: The Sentry service client should execute UGI privilege action by default ( Prasad Mujumdar via Sravya Tirukkovalur)


Project: http://git-wip-us.apache.org/repos/asf/incubator-sentry/repo
Commit: http://git-wip-us.apache.org/repos/asf/incubator-sentry/commit/b0871724
Tree: http://git-wip-us.apache.org/repos/asf/incubator-sentry/tree/b0871724
Diff: http://git-wip-us.apache.org/repos/asf/incubator-sentry/diff/b0871724

Branch: refs/heads/master
Commit: b08717243372973d2b264617314de629065278cb
Parents: 3981832
Author: Sravya Tirukkovalur <sr...@clouera.com>
Authored: Thu Jun 12 15:38:17 2014 -0700
Committer: Sravya Tirukkovalur <sr...@clouera.com>
Committed: Thu Jun 12 15:38:17 2014 -0700

----------------------------------------------------------------------
 .../java/org/apache/sentry/binding/hive/HiveAuthzBindingHook.java  | 2 --
 .../provider/db/service/thrift/SentryPolicyServiceClient.java      | 2 +-
 .../java/org/apache/sentry/service/thrift/ServiceConstants.java    | 2 +-
 .../apache/sentry/service/thrift/SentryServiceIntegrationBase.java | 1 +
 4 files changed, 3 insertions(+), 4 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/b0871724/sentry-binding/sentry-binding-hive/src/main/java/org/apache/sentry/binding/hive/HiveAuthzBindingHook.java
----------------------------------------------------------------------
diff --git a/sentry-binding/sentry-binding-hive/src/main/java/org/apache/sentry/binding/hive/HiveAuthzBindingHook.java b/sentry-binding/sentry-binding-hive/src/main/java/org/apache/sentry/binding/hive/HiveAuthzBindingHook.java
index 042fb00..6c507b8 100644
--- a/sentry-binding/sentry-binding-hive/src/main/java/org/apache/sentry/binding/hive/HiveAuthzBindingHook.java
+++ b/sentry-binding/sentry-binding-hive/src/main/java/org/apache/sentry/binding/hive/HiveAuthzBindingHook.java
@@ -65,7 +65,6 @@ import org.apache.sentry.core.model.db.DBModelAuthorizable;
 import org.apache.sentry.core.model.db.DBModelAuthorizable.AuthorizableType;
 import org.apache.sentry.core.model.db.Database;
 import org.apache.sentry.core.model.db.Table;
-import org.apache.sentry.service.thrift.ServiceConstants.ServerConfig;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 
@@ -121,7 +120,6 @@ implements HiveDriverFilterHook {
             + " specifies a malformed URL '" + hiveAuthzConf + "'", e);
       }
     }
-    newAuthzConf.set(ServerConfig.SECURITY_USE_UGI_TRANSPORT, "true");
     return newAuthzConf;
   }
 

http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/b0871724/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/thrift/SentryPolicyServiceClient.java
----------------------------------------------------------------------
diff --git a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/thrift/SentryPolicyServiceClient.java b/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/thrift/SentryPolicyServiceClient.java
index afbedb3..15a2e43 100644
--- a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/thrift/SentryPolicyServiceClient.java
+++ b/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/thrift/SentryPolicyServiceClient.java
@@ -139,7 +139,7 @@ public class SentryPolicyServiceClient {
       Preconditions.checkArgument(serverPrincipalParts.length == 3,
            "Kerberos principal should have 3 parts: " + serverPrincipal);
       boolean wrapUgi = "true".equalsIgnoreCase(conf
-          .get(ServerConfig.SECURITY_USE_UGI_TRANSPORT));
+          .get(ServerConfig.SECURITY_USE_UGI_TRANSPORT, "true"));
       transport = new UgiSaslClientTransport(AuthMethod.KERBEROS.getMechanismName(),
           null, serverPrincipalParts[0], serverPrincipalParts[1],
           ClientConfig.SASL_PROPERTIES, null, transport, wrapUgi);

http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/b0871724/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/service/thrift/ServiceConstants.java
----------------------------------------------------------------------
diff --git a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/service/thrift/ServiceConstants.java b/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/service/thrift/ServiceConstants.java
index ba6a712..111fabf 100644
--- a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/service/thrift/ServiceConstants.java
+++ b/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/service/thrift/ServiceConstants.java
@@ -53,7 +53,7 @@ public class ServiceConstants {
     public static final String SECURITY_MODE = "sentry.service.security.mode";
     public static final String SECURITY_MODE_KERBEROS = "kerberos";
     public static final String SECURITY_MODE_NONE = "none";
-    public static final String SECURITY_USE_UGI_TRANSPORT = "true";
+    public static final String SECURITY_USE_UGI_TRANSPORT = "sentry.service.security.use.ugi";
     public static final String ADMIN_GROUPS = "sentry.service.admin.group";
     public static final String PRINCIPAL = "sentry.service.server.principal";
     public static final String KEY_TAB = "sentry.service.server.keytab";

http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/b0871724/sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/service/thrift/SentryServiceIntegrationBase.java
----------------------------------------------------------------------
diff --git a/sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/service/thrift/SentryServiceIntegrationBase.java b/sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/service/thrift/SentryServiceIntegrationBase.java
index 20265a4..838e8d3 100644
--- a/sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/service/thrift/SentryServiceIntegrationBase.java
+++ b/sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/service/thrift/SentryServiceIntegrationBase.java
@@ -139,6 +139,7 @@ public abstract class SentryServiceIntegrationBase extends KerberosSecurityTestc
     // therefore we must manually login in the integration tests
     final SentryServiceClientFactory factory = new SentryServiceClientFactory();
     if (kerberos) {
+      conf.set(ServerConfig.SECURITY_USE_UGI_TRANSPORT, "false");
       clientSubject = new Subject(false, Sets.newHashSet(
           new KerberosPrincipal(CLIENT_KERBEROS_NAME)), new HashSet<Object>(),
         new HashSet<Object>());