You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@sentry.apache.org by sr...@apache.org on 2015/10/21 22:58:56 UTC
incubator-sentry git commit: SENTRY-904: Set max message size for
thrift messages ( Li Li, Reviewed by: Sravya Tirukkovalur)
Repository: incubator-sentry
Updated Branches:
refs/heads/master 7fe082a65 -> 6c7c5f6d1
SENTRY-904: Set max message size for thrift messages ( Li Li, Reviewed by: Sravya Tirukkovalur)
Project: http://git-wip-us.apache.org/repos/asf/incubator-sentry/repo
Commit: http://git-wip-us.apache.org/repos/asf/incubator-sentry/commit/6c7c5f6d
Tree: http://git-wip-us.apache.org/repos/asf/incubator-sentry/tree/6c7c5f6d
Diff: http://git-wip-us.apache.org/repos/asf/incubator-sentry/diff/6c7c5f6d
Branch: refs/heads/master
Commit: 6c7c5f6d15ac4601cb07a0ca441c0bc4acd9e11e
Parents: 7fe082a
Author: Sravya Tirukkovalur <sr...@cloudera.com>
Authored: Wed Oct 21 13:53:02 2015 -0700
Committer: Sravya Tirukkovalur <sr...@cloudera.com>
Committed: Wed Oct 21 13:58:33 2015 -0700
----------------------------------------------------------------------
.../SentryHDFSServiceClientDefaultImpl.java | 6 +-
.../apache/sentry/hdfs/ServiceConstants.java | 4 +
.../apache/sentry/hdfs/ThriftSerializer.java | 16 ++-
.../sentry/hdfs/TestHMSPathsFullDump.java | 76 +++++++++---
.../SentryGenericServiceClientDefaultImpl.java | 7 +-
.../SentryPolicyServiceClientDefaultImpl.java | 7 +-
.../sentry/service/thrift/SentryService.java | 5 +-
.../sentry/service/thrift/ServiceConstants.java | 7 ++
.../TestSentryServiceWithInvalidMsgSize.java | 119 +++++++++++++++++++
9 files changed, 218 insertions(+), 29 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/6c7c5f6d/sentry-hdfs/sentry-hdfs-common/src/main/java/org/apache/sentry/hdfs/SentryHDFSServiceClientDefaultImpl.java
----------------------------------------------------------------------
diff --git a/sentry-hdfs/sentry-hdfs-common/src/main/java/org/apache/sentry/hdfs/SentryHDFSServiceClientDefaultImpl.java b/sentry-hdfs/sentry-hdfs-common/src/main/java/org/apache/sentry/hdfs/SentryHDFSServiceClientDefaultImpl.java
index c727403..03bf39e 100644
--- a/sentry-hdfs/sentry-hdfs-common/src/main/java/org/apache/sentry/hdfs/SentryHDFSServiceClientDefaultImpl.java
+++ b/sentry-hdfs/sentry-hdfs-common/src/main/java/org/apache/sentry/hdfs/SentryHDFSServiceClientDefaultImpl.java
@@ -154,11 +154,13 @@ public class SentryHDFSServiceClientDefaultImpl implements SentryHDFSServiceClie
}
LOGGER.info("Successfully opened transport: " + transport + " to " + serverAddress);
TProtocol tProtocol = null;
+ long maxMessageSize = conf.getLong(ServiceConstants.ClientConfig.SENTRY_HDFS_THRIFT_MAX_MESSAGE_SIZE,
+ ServiceConstants.ClientConfig.SENTRY_HDFS_THRIFT_MAX_MESSAGE_SIZE_DEFAULT);
if (conf.getBoolean(ClientConfig.USE_COMPACT_TRANSPORT,
ClientConfig.USE_COMPACT_TRANSPORT_DEFAULT)) {
- tProtocol = new TCompactProtocol(transport);
+ tProtocol = new TCompactProtocol(transport, maxMessageSize, maxMessageSize);
} else {
- tProtocol = new TBinaryProtocol(transport);
+ tProtocol = new TBinaryProtocol(transport, maxMessageSize, maxMessageSize, true, true);
}
TMultiplexedProtocol protocol = new TMultiplexedProtocol(
tProtocol, SentryHDFSServiceClient.SENTRY_HDFS_SERVICE_NAME);
http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/6c7c5f6d/sentry-hdfs/sentry-hdfs-common/src/main/java/org/apache/sentry/hdfs/ServiceConstants.java
----------------------------------------------------------------------
diff --git a/sentry-hdfs/sentry-hdfs-common/src/main/java/org/apache/sentry/hdfs/ServiceConstants.java b/sentry-hdfs/sentry-hdfs-common/src/main/java/org/apache/sentry/hdfs/ServiceConstants.java
index 19b0b49..8f62496 100644
--- a/sentry-hdfs/sentry-hdfs-common/src/main/java/org/apache/sentry/hdfs/ServiceConstants.java
+++ b/sentry-hdfs/sentry-hdfs-common/src/main/java/org/apache/sentry/hdfs/ServiceConstants.java
@@ -80,6 +80,10 @@ public class ServiceConstants {
public static final int SERVER_RPC_CONN_TIMEOUT_DEFAULT = 200000;
public static final String USE_COMPACT_TRANSPORT = "sentry.hdfs.service.client.compact.transport";
public static final boolean USE_COMPACT_TRANSPORT_DEFAULT = false;
+
+ // max message size for thrift messages
+ public static String SENTRY_HDFS_THRIFT_MAX_MESSAGE_SIZE = "sentry.hdfs.thrift.max.message.size";
+ public static long SENTRY_HDFS_THRIFT_MAX_MESSAGE_SIZE_DEFAULT = 100 * 1024 * 1024;
}
}
http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/6c7c5f6d/sentry-hdfs/sentry-hdfs-common/src/main/java/org/apache/sentry/hdfs/ThriftSerializer.java
----------------------------------------------------------------------
diff --git a/sentry-hdfs/sentry-hdfs-common/src/main/java/org/apache/sentry/hdfs/ThriftSerializer.java b/sentry-hdfs/sentry-hdfs-common/src/main/java/org/apache/sentry/hdfs/ThriftSerializer.java
index b585773..782367a 100644
--- a/sentry-hdfs/sentry-hdfs-common/src/main/java/org/apache/sentry/hdfs/ThriftSerializer.java
+++ b/sentry-hdfs/sentry-hdfs-common/src/main/java/org/apache/sentry/hdfs/ThriftSerializer.java
@@ -19,18 +19,24 @@ package org.apache.sentry.hdfs;
import java.io.IOException;
+import com.google.common.annotations.VisibleForTesting;
import org.apache.thrift.TBase;
import org.apache.thrift.TDeserializer;
import org.apache.thrift.TException;
import org.apache.thrift.TSerializer;
-import org.apache.thrift.protocol.TBinaryProtocol;
import org.apache.thrift.protocol.TCompactProtocol;
public class ThriftSerializer {
+ // Use default max thrift message size here.
+ // TODO: Figure out a way to make maxMessageSize configurable, eg. create a serializer singleton at startup by
+ // passing a max_size parameter
+ @VisibleForTesting
+ static long maxMessageSize = ServiceConstants.ClientConfig.SENTRY_HDFS_THRIFT_MAX_MESSAGE_SIZE_DEFAULT;
+
@SuppressWarnings("rawtypes")
public static byte[] serialize(TBase baseObject) throws IOException {
- TSerializer serializer = new TSerializer(new TCompactProtocol.Factory());
+ TSerializer serializer = new TSerializer(new TCompactProtocol.Factory(maxMessageSize, maxMessageSize));
try {
return serializer.serialize(baseObject);
} catch (TException e) {
@@ -40,10 +46,8 @@ public class ThriftSerializer {
}
@SuppressWarnings("rawtypes")
- public static TBase deserialize(TBase baseObject, byte[] serialized)
- throws IOException {
- TDeserializer deserializer = new TDeserializer(
- new TCompactProtocol.Factory());
+ public static TBase deserialize(TBase baseObject, byte[] serialized) throws IOException {
+ TDeserializer deserializer = new TDeserializer(new TCompactProtocol.Factory(maxMessageSize, maxMessageSize));
try {
deserializer.deserialize(baseObject, serialized);
} catch (TException e) {
http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/6c7c5f6d/sentry-hdfs/sentry-hdfs-common/src/test/java/org/apache/sentry/hdfs/TestHMSPathsFullDump.java
----------------------------------------------------------------------
diff --git a/sentry-hdfs/sentry-hdfs-common/src/test/java/org/apache/sentry/hdfs/TestHMSPathsFullDump.java b/sentry-hdfs/sentry-hdfs-common/src/test/java/org/apache/sentry/hdfs/TestHMSPathsFullDump.java
index f74a75d..d01f7dd 100644
--- a/sentry-hdfs/sentry-hdfs-common/src/test/java/org/apache/sentry/hdfs/TestHMSPathsFullDump.java
+++ b/sentry-hdfs/sentry-hdfs-common/src/test/java/org/apache/sentry/hdfs/TestHMSPathsFullDump.java
@@ -30,6 +30,12 @@ import org.junit.Test;
import com.google.common.collect.Lists;
+import java.io.IOException;
+
+import static org.junit.Assert.assertEquals;
+import static org.junit.Assert.assertFalse;
+import static org.junit.Assert.assertNull;
+
public class TestHMSPathsFullDump {
private static boolean useCompact = true;
@@ -76,6 +82,59 @@ public class TestHMSPathsFullDump {
@Test
public void testThrftSerialization() throws TException {
+ HMSPathsDumper serDe = genHMSPathsDumper();
+ long t1 = System.currentTimeMillis();
+ TPathsDump pathsDump = serDe.createPathsDump();
+
+ TProtocolFactory protoFactory = useCompact ? new TCompactProtocol.Factory(
+ ServiceConstants.ClientConfig.SENTRY_HDFS_THRIFT_MAX_MESSAGE_SIZE_DEFAULT,
+ ServiceConstants.ClientConfig.SENTRY_HDFS_THRIFT_MAX_MESSAGE_SIZE_DEFAULT)
+ : new TBinaryProtocol.Factory(true, true,
+ ServiceConstants.ClientConfig.SENTRY_HDFS_THRIFT_MAX_MESSAGE_SIZE_DEFAULT,
+ ServiceConstants.ClientConfig.SENTRY_HDFS_THRIFT_MAX_MESSAGE_SIZE_DEFAULT);
+ byte[] ser = new TSerializer(protoFactory).serialize(pathsDump);
+ long serTime = System.currentTimeMillis() - t1;
+ System.out.println("Serialization Time: " + serTime + ", " + ser.length);
+
+ t1 = System.currentTimeMillis();
+ TPathsDump tPathsDump = new TPathsDump();
+ new TDeserializer(protoFactory).deserialize(tPathsDump, ser);
+ HMSPaths fromDump = serDe.initializeFromDump(tPathsDump);
+ System.out.println("Deserialization Time: " + (System.currentTimeMillis() - t1));
+ Assert.assertEquals("db9.tbl999", fromDump.findAuthzObject(new String[]{"user", "hive", "warehouse", "db9", "tbl999"}, false));
+ Assert.assertEquals("db9.tbl999", fromDump.findAuthzObject(new String[]{"user", "hive", "warehouse", "db9", "tbl999", "part99"}, false));
+ }
+
+ /**
+ * Test ThriftSerializer with a larger message than thrift max message size.
+ */
+ @Test
+ public void testThriftSerializerWithInvalidMsgSize() throws TException, IOException {
+ HMSPathsDumper serDe = genHMSPathsDumper();
+ TPathsDump pathsDump = serDe.createPathsDump();
+ byte[] ser =ThriftSerializer.serialize(pathsDump);
+
+ boolean exceptionThrown = false;
+ try {
+ // deserialize a msg with a larger size should throw IO exception
+ ThriftSerializer.maxMessageSize = 1024;
+ ThriftSerializer.deserialize(new TPathsDump(), ser);
+ } catch (IOException e) {
+ exceptionThrown = true;
+ Assert.assertTrue(e.getCause().getMessage().contains("Length exceeded max allowed:"));
+ Assert.assertTrue(e.getMessage().contains("Error deserializing thrift object TPathsDump"));
+ } finally {
+ Assert.assertEquals(true, exceptionThrown);
+ }
+ // deserialize a normal msg should succeed
+ ThriftSerializer.maxMessageSize = ServiceConstants.ClientConfig.SENTRY_HDFS_THRIFT_MAX_MESSAGE_SIZE_DEFAULT;
+ ThriftSerializer.deserialize(new TPathsDump(), ser);
+ }
+
+ /**
+ * Generate HMSPathsDumper for ThrftSerialization tests
+ */
+ private HMSPathsDumper genHMSPathsDumper() {
HMSPaths hmsPaths = new HMSPaths(new String[] {"/"});
String prefix = "/user/hive/warehouse/";
for (int dbNum = 0; dbNum < 10; dbNum++) {
@@ -94,22 +153,7 @@ public class TestHMSPathsFullDump {
}
}
}
- HMSPathsDumper serDe = hmsPaths.getPathsDump();
- long t1 = System.currentTimeMillis();
- TPathsDump pathsDump = serDe.createPathsDump();
-
- TProtocolFactory protoFactory = useCompact ? new TCompactProtocol.Factory() : new TBinaryProtocol.Factory();
- byte[] ser = new TSerializer(protoFactory).serialize(pathsDump);
- long serTime = System.currentTimeMillis() - t1;
- System.out.println("Serialization Time: " + serTime + ", " + ser.length);
-
- t1 = System.currentTimeMillis();
- TPathsDump tPathsDump = new TPathsDump();
- new TDeserializer(protoFactory).deserialize(tPathsDump, ser);
- HMSPaths fromDump = serDe.initializeFromDump(tPathsDump);
- System.out.println("Deserialization Time: " + (System.currentTimeMillis() - t1));
- Assert.assertEquals("db9.tbl999", fromDump.findAuthzObject(new String[]{"user", "hive", "warehouse", "db9", "tbl999"}, false));
- Assert.assertEquals("db9.tbl999", fromDump.findAuthzObject(new String[]{"user", "hive", "warehouse", "db9", "tbl999", "part99"}, false));
+ return hmsPaths.getPathsDump();
}
}
http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/6c7c5f6d/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/generic/service/thrift/SentryGenericServiceClientDefaultImpl.java
----------------------------------------------------------------------
diff --git a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/generic/service/thrift/SentryGenericServiceClientDefaultImpl.java b/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/generic/service/thrift/SentryGenericServiceClientDefaultImpl.java
index 67a3574..c1eafe4 100644
--- a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/generic/service/thrift/SentryGenericServiceClientDefaultImpl.java
+++ b/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/generic/service/thrift/SentryGenericServiceClientDefaultImpl.java
@@ -37,6 +37,7 @@ import org.apache.sentry.SentryUserException;
import org.apache.sentry.core.common.ActiveRoleSet;
import org.apache.sentry.core.common.Authorizable;
import org.apache.sentry.core.model.db.AccessConstants;
+import org.apache.sentry.service.thrift.ServiceConstants;
import org.apache.sentry.service.thrift.ServiceConstants.ClientConfig;
import org.apache.sentry.service.thrift.ServiceConstants.ServerConfig;
import org.apache.sentry.service.thrift.Status;
@@ -151,9 +152,11 @@ public class SentryGenericServiceClientDefaultImpl implements SentryGenericServi
throw new IOException("Transport exception while opening transport: " + e.getMessage(), e);
}
LOGGER.debug("Successfully opened transport: " + transport + " to " + serverAddress);
+ long maxMessageSize = conf.getLong(ServiceConstants.ClientConfig.SENTRY_POLICY_CLIENT_THRIFT_MAX_MESSAGE_SIZE,
+ ServiceConstants.ClientConfig.SENTRY_POLICY_CLIENT_THRIFT_MAX_MESSAGE_SIZE_DEFAULT);
TMultiplexedProtocol protocol = new TMultiplexedProtocol(
- new TBinaryProtocol(transport),
- SentryGenericPolicyProcessor.SENTRY_GENERIC_SERVICE_NAME);
+ new TBinaryProtocol(transport, maxMessageSize, maxMessageSize, true, true),
+ SentryGenericPolicyProcessor.SENTRY_GENERIC_SERVICE_NAME);
client = new SentryGenericPolicyService.Client(protocol);
LOGGER.debug("Successfully created client");
}
http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/6c7c5f6d/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/thrift/SentryPolicyServiceClientDefaultImpl.java
----------------------------------------------------------------------
diff --git a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/thrift/SentryPolicyServiceClientDefaultImpl.java b/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/thrift/SentryPolicyServiceClientDefaultImpl.java
index ae0eec2..74f379a 100644
--- a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/thrift/SentryPolicyServiceClientDefaultImpl.java
+++ b/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/thrift/SentryPolicyServiceClientDefaultImpl.java
@@ -41,6 +41,7 @@ import org.apache.sentry.core.model.db.AccessConstants;
import org.apache.sentry.core.model.db.DBModelAuthorizable;
import org.apache.sentry.provider.common.PolicyFileConstants;
import org.apache.sentry.service.thrift.SentryServiceUtil;
+import org.apache.sentry.service.thrift.ServiceConstants;
import org.apache.sentry.service.thrift.ServiceConstants.ClientConfig;
import org.apache.sentry.service.thrift.ServiceConstants.PrivilegeScope;
import org.apache.sentry.service.thrift.ServiceConstants.ServerConfig;
@@ -167,9 +168,11 @@ public class SentryPolicyServiceClientDefaultImpl implements SentryPolicyService
throw new IOException("Transport exception while opening transport: " + e.getMessage(), e);
}
LOGGER.debug("Successfully opened transport: " + transport + " to " + serverAddress);
+ long maxMessageSize = conf.getLong(ServiceConstants.ClientConfig.SENTRY_POLICY_CLIENT_THRIFT_MAX_MESSAGE_SIZE,
+ ServiceConstants.ClientConfig.SENTRY_POLICY_CLIENT_THRIFT_MAX_MESSAGE_SIZE_DEFAULT);
TMultiplexedProtocol protocol = new TMultiplexedProtocol(
- new TBinaryProtocol(transport),
- SentryPolicyStoreProcessor.SENTRY_POLICY_SERVICE_NAME);
+ new TBinaryProtocol(transport, maxMessageSize, maxMessageSize, true, true),
+ SentryPolicyStoreProcessor.SENTRY_POLICY_SERVICE_NAME);
client = new SentryPolicyService.Client(protocol);
LOGGER.debug("Successfully created client");
}
http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/6c7c5f6d/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/service/thrift/SentryService.java
----------------------------------------------------------------------
diff --git a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/service/thrift/SentryService.java b/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/service/thrift/SentryService.java
index 1af7a8b..26a32e4 100644
--- a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/service/thrift/SentryService.java
+++ b/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/service/thrift/SentryService.java
@@ -91,6 +91,7 @@ public class SentryService implements Callable {
private Status status;
private int webServerPort;
private SentryWebServer sentryWebServer;
+ private long maxMessageSize;
public SentryService(Configuration conf) {
this.conf = conf;
@@ -110,6 +111,8 @@ public class SentryService implements Callable {
ServerConfig.RPC_MAX_THREADS_DEFAULT);
minThreads = conf.getInt(ServerConfig.RPC_MIN_THREADS,
ServerConfig.RPC_MIN_THREADS_DEFAULT);
+ maxMessageSize = conf.getLong(ServerConfig.SENTRY_POLICY_SERVER_THRIFT_MAX_MESSAGE_SIZE,
+ ServerConfig.SENTRY_POLICY_SERVER_THRIFT_MAX_MESSAGE_SIZE_DEFAULT);
if (kerberos) {
// Use Hadoop libraries to translate the _HOST placeholder with actual hostname
try {
@@ -222,7 +225,7 @@ public class SentryService implements Callable {
TThreadPoolServer.Args args = new TThreadPoolServer.Args(
serverTransport).processor(processor)
.transportFactory(transportFactory)
- .protocolFactory(new TBinaryProtocol.Factory())
+ .protocolFactory(new TBinaryProtocol.Factory(true, true, maxMessageSize, maxMessageSize))
.minWorkerThreads(minThreads).maxWorkerThreads(maxThreads);
thriftServer = new TThreadPoolServer(args);
LOGGER.info("Serving on " + address);
http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/6c7c5f6d/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/service/thrift/ServiceConstants.java
----------------------------------------------------------------------
diff --git a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/service/thrift/ServiceConstants.java b/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/service/thrift/ServiceConstants.java
index bc35742..e23e9d7 100644
--- a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/service/thrift/ServiceConstants.java
+++ b/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/service/thrift/ServiceConstants.java
@@ -167,6 +167,10 @@ public class ServiceConstants {
public static final String SENTRY_WEB_SECURITY_PRINCIPAL = SENTRY_WEB_SECURITY_PREFIX + ".kerberos.principal";
public static final String SENTRY_WEB_SECURITY_KEYTAB = SENTRY_WEB_SECURITY_PREFIX + ".kerberos.keytab";
public static final String SENTRY_WEB_SECURITY_ALLOW_CONNECT_USERS = SENTRY_WEB_SECURITY_PREFIX + ".allow.connect.users";
+
+ // max message size for thrift messages
+ public static String SENTRY_POLICY_SERVER_THRIFT_MAX_MESSAGE_SIZE = "sentry.policy.server.thrift.max.message.size";
+ public static long SENTRY_POLICY_SERVER_THRIFT_MAX_MESSAGE_SIZE_DEFAULT = 100 * 1024 * 1024;
}
public static class ClientConfig {
public static final ImmutableMap<String, String> SASL_PROPERTIES = ServiceConstants.SASL_PROPERTIES;
@@ -200,6 +204,9 @@ public class ServiceConstants {
public static final String SENTRY_POOL_RETRY_TOTAL = "sentry.service.client.connection.pool.retry-total";
public static final int SENTRY_POOL_RETRY_TOTAL_DEFAULT = 3;
+ // max message size for thrift messages
+ public static String SENTRY_POLICY_CLIENT_THRIFT_MAX_MESSAGE_SIZE = "sentry.policy.client.thrift.max.message.size";
+ public static long SENTRY_POLICY_CLIENT_THRIFT_MAX_MESSAGE_SIZE_DEFAULT = 100 * 1024 * 1024;
}
/**
http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/6c7c5f6d/sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/provider/db/service/thrift/TestSentryServiceWithInvalidMsgSize.java
----------------------------------------------------------------------
diff --git a/sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/provider/db/service/thrift/TestSentryServiceWithInvalidMsgSize.java b/sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/provider/db/service/thrift/TestSentryServiceWithInvalidMsgSize.java
new file mode 100644
index 0000000..09f3d8e
--- /dev/null
+++ b/sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/provider/db/service/thrift/TestSentryServiceWithInvalidMsgSize.java
@@ -0,0 +1,119 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.sentry.provider.db.service.thrift;
+
+import com.google.common.collect.Sets;
+import org.apache.hadoop.conf.Configuration;
+import org.apache.sentry.SentryUserException;
+import org.apache.sentry.service.thrift.SentryServiceClientFactory;
+import org.apache.sentry.service.thrift.SentryServiceFactory;
+import org.apache.sentry.service.thrift.SentryServiceIntegrationBase;
+import org.apache.sentry.service.thrift.ServiceConstants;
+import org.junit.Assert;
+import org.junit.Test;
+
+import java.util.Set;
+
+/**
+ * Test sentry service with a larger message size than the server's or client's thrift max message size.
+ */
+public class TestSentryServiceWithInvalidMsgSize extends SentryServiceIntegrationBase {
+ private final Set<String> REQUESTER_USER_GROUP_NAMES = Sets.newHashSet(ADMIN_GROUP);
+ private final String ROLE_NAME = "admin_r";
+
+ /**
+ * Test the case when the message size is larger than the client's thrift max message size.
+ */
+ @Test
+ public void testClientWithSmallMaxMsgSize() throws Exception {
+ runTestAsSubject(new TestOperation() {
+ @Override
+ public void runTestAsSubject() throws Exception {
+ Configuration confWithSmallMaxMsgSize = new Configuration(conf);
+ confWithSmallMaxMsgSize.setLong(ServiceConstants.ClientConfig.SENTRY_POLICY_CLIENT_THRIFT_MAX_MESSAGE_SIZE, 20);
+ // create a client with a small thrift max message size
+ SentryPolicyServiceClient clientWithSmallMaxMsgSize = SentryServiceClientFactory.create(confWithSmallMaxMsgSize);
+
+ setLocalGroupMapping(ADMIN_USER, REQUESTER_USER_GROUP_NAMES);
+ writePolicyFile();
+
+ boolean exceptionThrown = false;
+ try {
+ // client throws exception when message size is larger than the client's thrift max message size.
+ clientWithSmallMaxMsgSize.listRoles(ADMIN_USER);
+ } catch (SentryUserException e) {
+ exceptionThrown = true;
+ Assert.assertTrue(e.getMessage().contains("Thrift exception occurred"));
+ Assert.assertTrue(e.getCause().getMessage().contains("Length exceeded max allowed"));
+ } finally {
+ Assert.assertEquals(true, exceptionThrown);
+ clientWithSmallMaxMsgSize.close();
+ }
+
+ // client can still talk with sentry server when message size is smaller.
+ client.dropRoleIfExists(ADMIN_USER, ROLE_NAME);
+ client.listRoles(ADMIN_USER);
+ client.createRole(ADMIN_USER, ROLE_NAME);
+ client.listRoles(ADMIN_USER);
+ }
+ });
+ }
+
+ /**
+ * Test the case when the message size is larger than the server's thrift max message size.
+ */
+ @Test
+ public void testServerWithSmallMaxMsgSize() throws Exception {
+ runTestAsSubject(new TestOperation() {
+ @Override
+ public void runTestAsSubject() throws Exception {
+ Configuration confWithSmallMaxMsgSize = new Configuration(conf);
+ confWithSmallMaxMsgSize.setLong(ServiceConstants.ServerConfig.SENTRY_POLICY_SERVER_THRIFT_MAX_MESSAGE_SIZE,
+ 50);
+ stopSentryService();
+
+ // create a server with a small max thrift message size
+ server = new SentryServiceFactory().create(confWithSmallMaxMsgSize);
+ startSentryService();
+
+ setLocalGroupMapping(ADMIN_USER, REQUESTER_USER_GROUP_NAMES);
+ writePolicyFile();
+
+ // client can talk with server when message size is smaller.
+ client.listRoles(ADMIN_USER);
+ client.createRole(ADMIN_USER, ROLE_NAME);
+
+ boolean exceptionThrown = false;
+ try {
+ // client throws exception when message size is larger than the server's thrift max message size.
+ client.grantServerPrivilege(ADMIN_USER, ROLE_NAME, "server", false);
+ } catch (SentryUserException e) {
+ exceptionThrown = true;
+ Assert.assertTrue(e.getMessage().contains("org.apache.thrift.transport.TTransportException"));
+ } finally {
+ Assert.assertEquals(true, exceptionThrown);
+ }
+
+ // client can still talk with sentry server when message size is smaller.
+ Set<TSentryRole> roles = client.listRoles(ADMIN_USER);
+ Assert.assertTrue(roles.size() == 1);
+ Assert.assertEquals(ROLE_NAME, roles.iterator().next().getRoleName());
+ }
+ });
+ }
+}