You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@sentry.apache.org by sd...@apache.org on 2015/11/05 02:44:41 UTC
[13/25] incubator-sentry git commit: SENTRY-893: Synchronize calls in
SentryClient and create sentry client once per request in SimpleDBProvider (
Sravya Tirukkovalur, Reviewed by: Lenni Kuff)
SENTRY-893: Synchronize calls in SentryClient and create sentry client once per request in SimpleDBProvider ( Sravya Tirukkovalur, Reviewed by: Lenni Kuff)
Project: http://git-wip-us.apache.org/repos/asf/incubator-sentry/repo
Commit: http://git-wip-us.apache.org/repos/asf/incubator-sentry/commit/f1724f15
Tree: http://git-wip-us.apache.org/repos/asf/incubator-sentry/tree/f1724f15
Diff: http://git-wip-us.apache.org/repos/asf/incubator-sentry/diff/f1724f15
Branch: refs/heads/hive_plugin_v2
Commit: f1724f156dd22b30887ae09d783bcea777bf4ce1
Parents: 45b28a7
Author: Sravya Tirukkovalur <sr...@cloudera.com>
Authored: Thu Sep 24 14:47:12 2015 -0500
Committer: Sun Dapeng <sd...@apache.org>
Committed: Mon Nov 2 16:36:36 2015 +0800
----------------------------------------------------------------------
.../metastore/SentryMetaStoreFilterHook.java | 2 +-
.../provider/db/SimpleDBProviderBackend.java | 77 ++++++------------
.../SentryPolicyServiceClientDefaultImpl.java | 83 +++++++++++---------
.../tests/e2e/dbprovider/TestDbConnections.java | 8 +-
4 files changed, 75 insertions(+), 95 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/f1724f15/sentry-binding/sentry-binding-hive/src/main/java/org/apache/sentry/binding/metastore/SentryMetaStoreFilterHook.java
----------------------------------------------------------------------
diff --git a/sentry-binding/sentry-binding-hive/src/main/java/org/apache/sentry/binding/metastore/SentryMetaStoreFilterHook.java b/sentry-binding/sentry-binding-hive/src/main/java/org/apache/sentry/binding/metastore/SentryMetaStoreFilterHook.java
index 2ae4fbd..e8f21e5 100644
--- a/sentry-binding/sentry-binding-hive/src/main/java/org/apache/sentry/binding/metastore/SentryMetaStoreFilterHook.java
+++ b/sentry-binding/sentry-binding-hive/src/main/java/org/apache/sentry/binding/metastore/SentryMetaStoreFilterHook.java
@@ -141,7 +141,7 @@ public class SentryMetaStoreFilterHook implements MetaStoreFilterHook {
/**
* Invoke Hive table filtering that removes the entries which use has no
* privileges to access
- * @param dbList
+ * @param tabList
* @return
* @throws MetaException
*/
http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/f1724f15/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/SimpleDBProviderBackend.java
----------------------------------------------------------------------
diff --git a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/SimpleDBProviderBackend.java b/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/SimpleDBProviderBackend.java
index ea8eb79..191e099 100644
--- a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/SimpleDBProviderBackend.java
+++ b/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/SimpleDBProviderBackend.java
@@ -16,11 +16,9 @@
*/
package org.apache.sentry.provider.db;
-import java.io.IOException;
import java.util.Set;
import org.apache.hadoop.conf.Configuration;
-import org.apache.sentry.SentryUserException;
import org.apache.sentry.core.common.ActiveRoleSet;
import org.apache.sentry.core.common.Authorizable;
import org.apache.sentry.core.common.SentryConfigurationException;
@@ -31,7 +29,6 @@ import org.apache.sentry.service.thrift.SentryServiceClientFactory;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
-import com.google.common.annotations.VisibleForTesting;
import com.google.common.collect.ImmutableSet;
public class SimpleDBProviderBackend implements ProviderBackend {
@@ -39,10 +36,7 @@ public class SimpleDBProviderBackend implements ProviderBackend {
private static final Logger LOGGER = LoggerFactory
.getLogger(SimpleDBProviderBackend.class);
- private SentryPolicyServiceClient policyServiceClient;
-
- private volatile boolean initialized;
- private Configuration conf;
+ private Configuration conf;
public SimpleDBProviderBackend(Configuration conf, String resourcePath) throws Exception {
// DB Provider doesn't use policy file path
@@ -50,26 +44,14 @@ public class SimpleDBProviderBackend implements ProviderBackend {
}
public SimpleDBProviderBackend(Configuration conf) throws Exception {
- this(SentryServiceClientFactory.create(conf));
- this.initialized = false;
this.conf = conf;
}
-
- @VisibleForTesting
- public SimpleDBProviderBackend(SentryPolicyServiceClient policyServiceClient) throws IOException {
- this.initialized = false;
- this.policyServiceClient = policyServiceClient;
- }
-
/**
* {@inheritDoc}
*/
@Override
public void initialize(ProviderBackendContext context) {
- if (initialized) {
- throw new IllegalStateException("Backend has already been initialized, cannot be initialized twice");
- }
- this.initialized = true;
+ //Noop
}
/**
@@ -81,22 +63,26 @@ public class SimpleDBProviderBackend implements ProviderBackend {
}
private ImmutableSet<String> getPrivileges(int retryCount, Set<String> groups, ActiveRoleSet roleSet, Authorizable... authorizableHierarchy) {
- if (!initialized) {
- throw new IllegalStateException("Backend has not been properly initialized");
- }
+ SentryPolicyServiceClient policyServiceClient = null;
try {
- return ImmutableSet.copyOf(getSentryClient().listPrivilegesForProvider(groups, roleSet, authorizableHierarchy));
+ policyServiceClient = SentryServiceClientFactory.create(conf);
} catch (Exception e) {
- policyServiceClient = null;
- if (retryCount > 0) {
- return getPrivileges(retryCount - 1, groups, roleSet, authorizableHierarchy);
- } else {
- String msg = "Unable to obtain privileges from server: " + e.getMessage();
- LOGGER.error(msg, e);
- try {
+ LOGGER.error("Error connecting to Sentry ['{}'] !!",
+ e.getMessage());
+ }
+ if(policyServiceClient!= null) {
+ try {
+ return ImmutableSet.copyOf(policyServiceClient.listPrivilegesForProvider(groups, roleSet, authorizableHierarchy));
+ } catch (Exception e) {
+ if (retryCount > 0) {
+ return getPrivileges(retryCount - 1, groups, roleSet, authorizableHierarchy);
+ } else {
+ String msg = "Unable to obtain privileges from server: " + e.getMessage();
+ LOGGER.error(msg, e);
+ }
+ } finally {
+ if(policyServiceClient != null) {
policyServiceClient.close();
- } catch (Exception ex2) {
- // Ignore
}
}
}
@@ -113,32 +99,15 @@ public class SimpleDBProviderBackend implements ProviderBackend {
@Override
public void close() {
- if (policyServiceClient != null) {
- policyServiceClient.close();
- }
- }
-
- private SentryPolicyServiceClient getSentryClient() {
- if (policyServiceClient == null) {
- try {
- policyServiceClient = SentryServiceClientFactory.create(conf);
- } catch (Exception e) {
- LOGGER.error("Error connecting to Sentry ['{}'] !!",
- e.getMessage());
- policyServiceClient = null;
- return null;
- }
- }
- return policyServiceClient;
+ //Noop
}
+
/**
* SimpleDBProviderBackend does not implement validatePolicy()
*/
@Override
public void validatePolicy(boolean strictValidation) throws SentryConfigurationException {
- if (!initialized) {
- throw new IllegalStateException("Backend has not been properly initialized");
- }
- // db provider does not implement validation
+ //Noop
}
}
+
http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/f1724f15/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/thrift/SentryPolicyServiceClientDefaultImpl.java
----------------------------------------------------------------------
diff --git a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/thrift/SentryPolicyServiceClientDefaultImpl.java b/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/thrift/SentryPolicyServiceClientDefaultImpl.java
index fe2fef7..ae0eec2 100644
--- a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/thrift/SentryPolicyServiceClientDefaultImpl.java
+++ b/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/thrift/SentryPolicyServiceClientDefaultImpl.java
@@ -64,6 +64,11 @@ import com.google.common.collect.Lists;
import com.google.common.collect.Maps;
import com.google.common.collect.Sets;
+/*
+ A Sentry Client in which all the operations are synchronized for thread safety
+ Note: When using this client, if there is an exception in RPC, socket can get into an inconsistent state.
+ So it is important to recreate the client, which uses a new socket.
+ */
public class SentryPolicyServiceClientDefaultImpl implements SentryPolicyServiceClient {
private final Configuration conf;
@@ -97,7 +102,7 @@ public class SentryPolicyServiceClientDefaultImpl implements SentryPolicyService
// open the SASL transport with using the current UserGroupInformation
// This is needed to get the current login context stored
@Override
- public void open() throws TTransportException {
+ public synchronized void open() throws TTransportException {
if (ugi == null) {
baseOpen();
} else {
@@ -183,19 +188,19 @@ public class SentryPolicyServiceClientDefaultImpl implements SentryPolicyService
}
}
- public void dropRole(String requestorUserName,
+ public synchronized void dropRole(String requestorUserName,
String roleName)
throws SentryUserException {
dropRole(requestorUserName, roleName, false);
}
- public void dropRoleIfExists(String requestorUserName,
+ public synchronized void dropRoleIfExists(String requestorUserName,
String roleName)
throws SentryUserException {
dropRole(requestorUserName, roleName, true);
}
- private void dropRole(String requestorUserName,
+ private synchronized void dropRole(String requestorUserName,
String roleName, boolean ifExists)
throws SentryUserException {
TDropSentryRoleRequest request = new TDropSentryRoleRequest();
@@ -239,7 +244,7 @@ public class SentryPolicyServiceClientDefaultImpl implements SentryPolicyService
}
}
- public Set<TSentryPrivilege> listAllPrivilegesByRoleName(String requestorUserName, String roleName)
+ public synchronized Set<TSentryPrivilege> listAllPrivilegesByRoleName(String requestorUserName, String roleName)
throws SentryUserException {
return listPrivilegesByRoleName(requestorUserName, roleName, null);
}
@@ -252,7 +257,7 @@ public class SentryPolicyServiceClientDefaultImpl implements SentryPolicyService
* @return Set of thrift sentry privilege objects
* @throws SentryUserException
*/
- public Set<TSentryPrivilege> listPrivilegesByRoleName(String requestorUserName,
+ public synchronized Set<TSentryPrivilege> listPrivilegesByRoleName(String requestorUserName,
String roleName, List<? extends Authorizable> authorizable)
throws SentryUserException {
TListSentryPrivilegesRequest request = new TListSentryPrivilegesRequest();
@@ -273,31 +278,31 @@ public class SentryPolicyServiceClientDefaultImpl implements SentryPolicyService
}
}
- public Set<TSentryRole> listRoles(String requestorUserName)
+ public synchronized Set<TSentryRole> listRoles(String requestorUserName)
throws SentryUserException {
return listRolesByGroupName(requestorUserName, null);
}
- public Set<TSentryRole> listUserRoles(String requestorUserName)
+ public synchronized Set<TSentryRole> listUserRoles(String requestorUserName)
throws SentryUserException {
return listRolesByGroupName(requestorUserName, AccessConstants.ALL);
}
- public TSentryPrivilege grantURIPrivilege(String requestorUserName,
+ public synchronized TSentryPrivilege grantURIPrivilege(String requestorUserName,
String roleName, String server, String uri)
throws SentryUserException {
return grantPrivilege(requestorUserName, roleName,
PrivilegeScope.URI, server, uri, null, null, null, AccessConstants.ALL);
}
- public TSentryPrivilege grantURIPrivilege(String requestorUserName,
+ public synchronized TSentryPrivilege grantURIPrivilege(String requestorUserName,
String roleName, String server, String uri, Boolean grantOption)
throws SentryUserException {
return grantPrivilege(requestorUserName, roleName,
PrivilegeScope.URI, server, uri, null, null, null, AccessConstants.ALL, grantOption);
}
- public void grantServerPrivilege(String requestorUserName,
+ public synchronized void grantServerPrivilege(String requestorUserName,
String roleName, String server, String action)
throws SentryUserException {
grantPrivilege(requestorUserName, roleName,
@@ -309,34 +314,34 @@ public class SentryPolicyServiceClientDefaultImpl implements SentryPolicyService
* Should use grantServerPrivilege(String requestorUserName,
* String roleName, String server, String action, Boolean grantOption)
*/
- public TSentryPrivilege grantServerPrivilege(String requestorUserName,
+ public synchronized TSentryPrivilege grantServerPrivilege(String requestorUserName,
String roleName, String server, Boolean grantOption) throws SentryUserException {
return grantServerPrivilege(requestorUserName, roleName, server,
AccessConstants.ALL, grantOption);
}
- public TSentryPrivilege grantServerPrivilege(String requestorUserName,
+ public synchronized TSentryPrivilege grantServerPrivilege(String requestorUserName,
String roleName, String server, String action, Boolean grantOption)
throws SentryUserException {
return grantPrivilege(requestorUserName, roleName,
PrivilegeScope.SERVER, server, null, null, null, null, action, grantOption);
}
- public TSentryPrivilege grantDatabasePrivilege(String requestorUserName,
+ public synchronized TSentryPrivilege grantDatabasePrivilege(String requestorUserName,
String roleName, String server, String db, String action)
throws SentryUserException {
return grantPrivilege(requestorUserName, roleName,
PrivilegeScope.DATABASE, server, null, db, null, null, action);
}
- public TSentryPrivilege grantDatabasePrivilege(String requestorUserName,
+ public synchronized TSentryPrivilege grantDatabasePrivilege(String requestorUserName,
String roleName, String server, String db, String action, Boolean grantOption)
throws SentryUserException {
return grantPrivilege(requestorUserName, roleName,
PrivilegeScope.DATABASE, server, null, db, null, null, action, grantOption);
}
- public TSentryPrivilege grantTablePrivilege(String requestorUserName,
+ public synchronized TSentryPrivilege grantTablePrivilege(String requestorUserName,
String roleName, String server, String db, String table, String action)
throws SentryUserException {
return grantPrivilege(requestorUserName, roleName, PrivilegeScope.TABLE, server,
@@ -344,14 +349,14 @@ public class SentryPolicyServiceClientDefaultImpl implements SentryPolicyService
db, table, null, action);
}
- public TSentryPrivilege grantTablePrivilege(String requestorUserName,
+ public synchronized TSentryPrivilege grantTablePrivilege(String requestorUserName,
String roleName, String server, String db, String table, String action, Boolean grantOption)
throws SentryUserException {
return grantPrivilege(requestorUserName, roleName, PrivilegeScope.TABLE, server,
null, db, table, null, action, grantOption);
}
- public TSentryPrivilege grantColumnPrivilege(String requestorUserName,
+ public synchronized TSentryPrivilege grantColumnPrivilege(String requestorUserName,
String roleName, String server, String db, String table, String columnName, String action)
throws SentryUserException {
return grantPrivilege(requestorUserName, roleName, PrivilegeScope.COLUMN, server,
@@ -359,14 +364,14 @@ public class SentryPolicyServiceClientDefaultImpl implements SentryPolicyService
db, table, columnName, action);
}
- public TSentryPrivilege grantColumnPrivilege(String requestorUserName,
+ public synchronized TSentryPrivilege grantColumnPrivilege(String requestorUserName,
String roleName, String server, String db, String table, String columnName, String action, Boolean grantOption)
throws SentryUserException {
return grantPrivilege(requestorUserName, roleName, PrivilegeScope.COLUMN, server,
null, db, table, columnName, action, grantOption);
}
- public Set<TSentryPrivilege> grantColumnsPrivileges(String requestorUserName,
+ public synchronized Set<TSentryPrivilege> grantColumnsPrivileges(String requestorUserName,
String roleName, String server, String db, String table, List<String> columnNames, String action)
throws SentryUserException {
return grantPrivileges(requestorUserName, roleName, PrivilegeScope.COLUMN, server,
@@ -374,7 +379,7 @@ public class SentryPolicyServiceClientDefaultImpl implements SentryPolicyService
db, table, columnNames, action);
}
- public Set<TSentryPrivilege> grantColumnsPrivileges(String requestorUserName,
+ public synchronized Set<TSentryPrivilege> grantColumnsPrivileges(String requestorUserName,
String roleName, String server, String db, String table, List<String> columnNames, String action, Boolean grantOption)
throws SentryUserException {
return grantPrivileges(requestorUserName, roleName, PrivilegeScope.COLUMN,
@@ -469,56 +474,56 @@ public class SentryPolicyServiceClientDefaultImpl implements SentryPolicyService
}
}
- public void revokeURIPrivilege(String requestorUserName,
+ public synchronized void revokeURIPrivilege(String requestorUserName,
String roleName, String server, String uri)
throws SentryUserException {
revokePrivilege(requestorUserName, roleName,
PrivilegeScope.URI, server, uri, null, null, null, AccessConstants.ALL);
}
- public void revokeURIPrivilege(String requestorUserName,
+ public synchronized void revokeURIPrivilege(String requestorUserName,
String roleName, String server, String uri, Boolean grantOption)
throws SentryUserException {
revokePrivilege(requestorUserName, roleName,
PrivilegeScope.URI, server, uri, null, null, null, AccessConstants.ALL, grantOption);
}
- public void revokeServerPrivilege(String requestorUserName,
+ public synchronized void revokeServerPrivilege(String requestorUserName,
String roleName, String server, String action)
throws SentryUserException {
revokePrivilege(requestorUserName, roleName,
PrivilegeScope.SERVER, server, null, null, null, null, action);
}
- public void revokeServerPrivilege(String requestorUserName,
+ public synchronized void revokeServerPrivilege(String requestorUserName,
String roleName, String server, String action, Boolean grantOption)
throws SentryUserException {
revokePrivilege(requestorUserName, roleName,
PrivilegeScope.SERVER, server, null, null, null, null, action, grantOption);
}
- public void revokeServerPrivilege(String requestorUserName,
+ public synchronized void revokeServerPrivilege(String requestorUserName,
String roleName, String server, boolean grantOption)
throws SentryUserException {
revokePrivilege(requestorUserName, roleName,
PrivilegeScope.SERVER, server, null, null, null, null, AccessConstants.ALL, grantOption);
}
- public void revokeDatabasePrivilege(String requestorUserName,
+ public synchronized void revokeDatabasePrivilege(String requestorUserName,
String roleName, String server, String db, String action)
throws SentryUserException {
revokePrivilege(requestorUserName, roleName,
PrivilegeScope.DATABASE, server, null, db, null, null, action);
}
- public void revokeDatabasePrivilege(String requestorUserName,
+ public synchronized void revokeDatabasePrivilege(String requestorUserName,
String roleName, String server, String db, String action, Boolean grantOption)
throws SentryUserException {
revokePrivilege(requestorUserName, roleName,
PrivilegeScope.DATABASE, server, null, db, null, null, action, grantOption);
}
- public void revokeTablePrivilege(String requestorUserName,
+ public synchronized void revokeTablePrivilege(String requestorUserName,
String roleName, String server, String db, String table, String action)
throws SentryUserException {
revokePrivilege(requestorUserName, roleName,
@@ -526,7 +531,7 @@ public class SentryPolicyServiceClientDefaultImpl implements SentryPolicyService
db, table, null, action);
}
- public void revokeTablePrivilege(String requestorUserName,
+ public synchronized void revokeTablePrivilege(String requestorUserName,
String roleName, String server, String db, String table, String action, Boolean grantOption)
throws SentryUserException {
revokePrivilege(requestorUserName, roleName,
@@ -534,7 +539,7 @@ public class SentryPolicyServiceClientDefaultImpl implements SentryPolicyService
db, table, null, action, grantOption);
}
- public void revokeColumnPrivilege(String requestorUserName, String roleName,
+ public synchronized void revokeColumnPrivilege(String requestorUserName, String roleName,
String server, String db, String table, String columnName, String action)
throws SentryUserException {
ImmutableList.Builder<String> listBuilder = ImmutableList.builder();
@@ -544,7 +549,7 @@ public class SentryPolicyServiceClientDefaultImpl implements SentryPolicyService
db, table, listBuilder.build(), action);
}
- public void revokeColumnPrivilege(String requestorUserName, String roleName,
+ public synchronized void revokeColumnPrivilege(String requestorUserName, String roleName,
String server, String db, String table, String columnName, String action, Boolean grantOption)
throws SentryUserException {
ImmutableList.Builder<String> listBuilder = ImmutableList.builder();
@@ -554,7 +559,7 @@ public class SentryPolicyServiceClientDefaultImpl implements SentryPolicyService
db, table, listBuilder.build(), action, grantOption);
}
- public void revokeColumnsPrivilege(String requestorUserName, String roleName,
+ public synchronized void revokeColumnsPrivilege(String requestorUserName, String roleName,
String server, String db, String table, List<String> columns, String action)
throws SentryUserException {
revokePrivilege(requestorUserName, roleName,
@@ -562,7 +567,7 @@ public class SentryPolicyServiceClientDefaultImpl implements SentryPolicyService
db, table, columns, action);
}
- public void revokeColumnsPrivilege(String requestorUserName, String roleName,
+ public synchronized void revokeColumnsPrivilege(String requestorUserName, String roleName,
String server, String db, String table, List<String> columns, String action, Boolean grantOption)
throws SentryUserException {
revokePrivilege(requestorUserName, roleName,
@@ -659,7 +664,7 @@ public class SentryPolicyServiceClientDefaultImpl implements SentryPolicyService
return TSentryGrantOption.FALSE;
}
- public Set<String> listPrivilegesForProvider(Set<String> groups, ActiveRoleSet roleSet, Authorizable... authorizable)
+ public synchronized Set<String> listPrivilegesForProvider(Set<String> groups, ActiveRoleSet roleSet, Authorizable... authorizable)
throws SentryUserException {
TSentryActiveRoleSet thriftRoleSet = new TSentryActiveRoleSet(roleSet.isAll(), roleSet.getRoles());
TListSentryPrivilegesForProviderRequest request =
@@ -806,7 +811,7 @@ public class SentryPolicyServiceClientDefaultImpl implements SentryPolicyService
* @return The value of the propertyName
* @throws SentryUserException
*/
- public String getConfigValue(String propertyName, String defaultValue)
+ public synchronized String getConfigValue(String propertyName, String defaultValue)
throws SentryUserException {
TSentryConfigValueRequest request = new TSentryConfigValueRequest(
ThriftConstants.TSENTRY_SERVICE_VERSION_CURRENT, propertyName);
@@ -822,7 +827,7 @@ public class SentryPolicyServiceClientDefaultImpl implements SentryPolicyService
}
}
- public void close() {
+ public synchronized void close() {
if (transport != null) {
transport.close();
}
@@ -853,7 +858,7 @@ public class SentryPolicyServiceClientDefaultImpl implements SentryPolicyService
* @param requestorUserName
* The name of the request user
*/
- public void importPolicy(Map<String, Map<String, Set<String>>> policyFileMappingData,
+ public synchronized void importPolicy(Map<String, Map<String, Set<String>>> policyFileMappingData,
String requestorUserName, boolean isOverwriteRole)
throws SentryUserException {
try {
@@ -895,7 +900,7 @@ public class SentryPolicyServiceClientDefaultImpl implements SentryPolicyService
}
// export the sentry mapping data with map structure
- public Map<String, Map<String, Set<String>>> exportPolicy(String requestorUserName)
+ public synchronized Map<String, Map<String, Set<String>>> exportPolicy(String requestorUserName)
throws SentryUserException {
TSentryExportMappingDataRequest request = new TSentryExportMappingDataRequest(
ThriftConstants.TSENTRY_SERVICE_VERSION_CURRENT, requestorUserName);
http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/f1724f15/sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/dbprovider/TestDbConnections.java
----------------------------------------------------------------------
diff --git a/sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/dbprovider/TestDbConnections.java b/sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/dbprovider/TestDbConnections.java
index 04cdb81..ae790f0 100644
--- a/sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/dbprovider/TestDbConnections.java
+++ b/sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/dbprovider/TestDbConnections.java
@@ -91,6 +91,11 @@ public class TestDbConnections extends AbstractTestWithStaticConfiguration {
assertTrue(preConnectionClientId < getSentrySrv().getTotalClients());
// assertEquals(0, getSentrySrv().getNumActiveClients());
+ // client invocation via metastore filter
+ preConnectionClientId = getSentrySrv().getTotalClients();
+ statement.executeQuery("show tables");
+ assertTrue(preConnectionClientId < getSentrySrv().getTotalClients());
+
preConnectionClientId = getSentrySrv().getTotalClients();
statement.execute("DROP TABLE t1");
assertTrue(preConnectionClientId < getSentrySrv().getTotalClients());
@@ -110,7 +115,8 @@ public class TestDbConnections extends AbstractTestWithStaticConfiguration {
// client invocation via metastore filter
preConnectionClientId = getSentrySrv().getTotalClients();
statement.executeQuery("show tables");
- assertTrue(preConnectionClientId < getSentrySrv().getTotalClients());
+ //There are no tables, so auth check does not happen
+ assertTrue(preConnectionClientId == getSentrySrv().getTotalClients());
// assertEquals(0, getSentrySrv().getNumActiveClients());
statement.close();