You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@sentry.apache.org by sd...@apache.org on 2015/08/14 09:29:13 UTC
[39/50] [abbrv] incubator-sentry git commit: SENTRY-825:
SecureAdminHandler no longer pulls collection name for create correctly
(Gregory Chanan, Reviewed by: Vamsee Yarlagadda)
SENTRY-825: SecureAdminHandler no longer pulls collection name for create correctly (Gregory Chanan, Reviewed by: Vamsee Yarlagadda)
Project: http://git-wip-us.apache.org/repos/asf/incubator-sentry/repo
Commit: http://git-wip-us.apache.org/repos/asf/incubator-sentry/commit/789af33b
Tree: http://git-wip-us.apache.org/repos/asf/incubator-sentry/tree/789af33b
Diff: http://git-wip-us.apache.org/repos/asf/incubator-sentry/diff/789af33b
Branch: refs/heads/hive_plugin_v2
Commit: 789af33b110919fd393fecb4e5821000cb3c805e
Parents: 4622aa4
Author: Vamsee Yarlagadda <va...@cloudera.com>
Authored: Fri Jul 31 13:19:02 2015 -0700
Committer: Vamsee Yarlagadda <va...@cloudera.com>
Committed: Fri Jul 31 13:19:02 2015 -0700
----------------------------------------------------------------------
.../handler/admin/SecureCoreAdminHandler.java | 9 ++-
.../admin/SecureCoreAdminHandlerTest.java | 61 ++++++++++++++++----
2 files changed, 58 insertions(+), 12 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/789af33b/sentry-solr/solr-sentry-handlers/src/main/java/org/apache/solr/handler/admin/SecureCoreAdminHandler.java
----------------------------------------------------------------------
diff --git a/sentry-solr/solr-sentry-handlers/src/main/java/org/apache/solr/handler/admin/SecureCoreAdminHandler.java b/sentry-solr/solr-sentry-handlers/src/main/java/org/apache/solr/handler/admin/SecureCoreAdminHandler.java
index 77548b9..57ccc94 100644
--- a/sentry-solr/solr-sentry-handlers/src/main/java/org/apache/solr/handler/admin/SecureCoreAdminHandler.java
+++ b/sentry-solr/solr-sentry-handlers/src/main/java/org/apache/solr/handler/admin/SecureCoreAdminHandler.java
@@ -21,6 +21,7 @@ import org.apache.solr.common.params.CoreAdminParams;
import org.apache.solr.common.params.CoreAdminParams.CoreAdminAction;
import org.apache.solr.common.params.SolrParams;
import org.apache.solr.core.CoreContainer;
+import org.apache.solr.core.CoreDescriptor;
import org.apache.solr.core.SolrCore;
import org.apache.solr.handler.SecureRequestHandlerUtil;
import org.apache.solr.request.SolrQueryRequest;
@@ -90,7 +91,13 @@ public class SecureCoreAdminHandler extends CoreAdminHandler {
collection = getCollectionFromCoreName(cname);
break;
}
- case CREATE:
+ case CREATE: {
+ CoreDescriptor coreDescriptor = buildCoreDescriptor(params, coreContainer);
+ if (coreDescriptor != null) {
+ collection = coreDescriptor.getCloudDescriptor().getCollectionName();
+ }
+ break;
+ }
case REQUESTAPPLYUPDATES:
case REQUESTBUFFERUPDATES: {
String cname = params.get(CoreAdminParams.NAME, "");
http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/789af33b/sentry-solr/solr-sentry-handlers/src/test/java/org/apache/solr/handler/admin/SecureCoreAdminHandlerTest.java
----------------------------------------------------------------------
diff --git a/sentry-solr/solr-sentry-handlers/src/test/java/org/apache/solr/handler/admin/SecureCoreAdminHandlerTest.java b/sentry-solr/solr-sentry-handlers/src/test/java/org/apache/solr/handler/admin/SecureCoreAdminHandlerTest.java
index 0dbb271..2a19902 100644
--- a/sentry-solr/solr-sentry-handlers/src/test/java/org/apache/solr/handler/admin/SecureCoreAdminHandlerTest.java
+++ b/sentry-solr/solr-sentry-handlers/src/test/java/org/apache/solr/handler/admin/SecureCoreAdminHandlerTest.java
@@ -16,14 +16,21 @@
*/
package org.apache.solr.handler.admin;
+import java.lang.reflect.Method;
import java.util.Arrays;
import java.util.List;
+import java.util.Map;
+
+import net.sf.cglib.proxy.Enhancer;
+import net.sf.cglib.proxy.MethodInterceptor;
+import net.sf.cglib.proxy.MethodProxy;
import org.apache.solr.cloud.CloudDescriptor;
import org.apache.solr.common.params.CoreAdminParams;
import org.apache.solr.common.params.CoreAdminParams.CoreAdminAction;
import org.apache.solr.common.params.ModifiableSolrParams;
import org.apache.solr.common.params.CoreAdminParams.CoreAdminAction;
+import org.apache.solr.core.CoreContainer;
import org.apache.solr.core.SolrCore;
import org.apache.solr.request.SolrQueryRequest;
import org.apache.solr.sentry.SentryTestBase;
@@ -65,7 +72,7 @@ public class SecureCoreAdminHandlerTest extends SentryTestBase {
CoreAdminAction.RELOAD
);
- // only specify the collection on these, no cores
+ // These actions require that the collection is specified on the request.
public final static List<CoreAdminAction> REQUIRES_COLLECTION = Arrays.asList(
CoreAdminAction.CREATE
);
@@ -115,23 +122,25 @@ public class SecureCoreAdminHandlerTest extends SentryTestBase {
modParams.set(CoreAdminParams.COLLECTION, "");
modParams.set(CoreAdminParams.CORE, "");
modParams.set(CoreAdminParams.NAME, "");
- if (!REQUIRES_COLLECTION.contains(action)) {
- for (SolrCore core : h.getCoreContainer().getCores()) {
- if(core.getCoreDescriptor().getCloudDescriptor().getCollectionName().equals(collection)) {
- modParams.set(CoreAdminParams.CORE, core.getName());
- modParams.set(CoreAdminParams.NAME, core.getName());
- break;
- }
+ for (SolrCore core : h.getCoreContainer().getCores()) {
+ if(core.getCoreDescriptor().getCloudDescriptor().getCollectionName().equals(collection)) {
+ modParams.set(CoreAdminParams.CORE, core.getName());
+ modParams.set(CoreAdminParams.NAME, core.getName());
+ break;
}
- } else {
+ }
+ if (REQUIRES_COLLECTION.contains(action)) {
modParams.set(CoreAdminParams.COLLECTION, collection);
+ modParams.set(CoreAdminParams.CORE, core.getName());
+ modParams.set(CoreAdminParams.NAME, core.getName());
}
req.setParams(modParams);
return req;
}
private void verifyQueryAccess(CoreAdminAction action, boolean checkCollection) throws Exception {
- CoreAdminHandler handler = new SecureCoreAdminHandler(h.getCoreContainer());
+ CoreContainer cc = getCleanCoreContainer(action, h.getCoreContainer());
+ CoreAdminHandler handler = new SecureCoreAdminHandler(cc);
verifyAuthorized(handler, getCoreAdminRequest("collection1", "junit", action));
verifyAuthorized(handler, getCoreAdminRequest("queryCollection", "junit", action));
if (!checkCollection) {
@@ -144,7 +153,8 @@ public class SecureCoreAdminHandlerTest extends SentryTestBase {
}
private void verifyUpdateAccess(CoreAdminAction action, boolean checkCollection) throws Exception {
- CoreAdminHandler handler = new SecureCoreAdminHandler(h.getCoreContainer());
+ CoreContainer cc = getCleanCoreContainer(action, h.getCoreContainer());
+ CoreAdminHandler handler = new SecureCoreAdminHandler(cc);
verifyAuthorized(handler, getCoreAdminRequest("collection1", "junit", action));
verifyAuthorized(handler, getCoreAdminRequest("updateCollection", "junit", action));
verifyUnauthorized(handler, getCoreAdminRequest("bogusCollection", "bogusUser", action), "bogusCollection", "bogusUser", true);
@@ -153,6 +163,35 @@ public class SecureCoreAdminHandlerTest extends SentryTestBase {
}
}
+ private CoreContainer getZkAwareCoreContainer(final CoreContainer cc) {
+ Enhancer e = new Enhancer();
+ e.setClassLoader(cc.getClass().getClassLoader());
+ e.setSuperclass(CoreContainer.class);
+ e.setCallback(new MethodInterceptor() {
+ public Object intercept(Object obj, Method method, Object [] args, MethodProxy proxy) throws Throwable {
+ if (method.getName().equals("isZooKeeperAware")) {
+ return Boolean.TRUE;
+ }
+ return method.invoke(cc, args);
+ }
+ });
+ return (CoreContainer)e.create();
+ }
+
+ private CoreContainer getCleanCoreContainer(CoreAdminAction action, CoreContainer cc) {
+ // Ensure CoreContainer is empty
+ for (String coreName : h.getCoreContainer().getCoreNames()) {
+ h.getCoreContainer().unload(coreName);
+ }
+ for (Map.Entry entry : h.getCoreContainer().getCoreInitFailures().entrySet()) {
+ String coreName = entry.getKey().toString();
+ h.getCoreContainer().unload(coreName);
+ }
+ // actions that require the collection attempt to read the collection off the CloudDescriptor, which is only
+ // present when the CoreContainer is ZkAware.
+ return REQUIRES_COLLECTION.contains(action) ? getZkAwareCoreContainer(h.getCoreContainer()) : h.getCoreContainer();
+ }
+
@Test
public void testSecureAdminHandler() throws Exception {
for (CoreAdminAction action : QUERY_ACTIONS) {