You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@sentry.apache.org by co...@apache.org on 2017/07/19 13:59:48 UTC
sentry git commit: SENTRY-1846 - Use a consistent configuration
variable for the sentry provider property - Reviewed by Sergio Pena,
Brian Towles, Na Li.
Repository: sentry
Updated Branches:
refs/heads/master 0659a2a8b -> adbf1ae83
SENTRY-1846 - Use a consistent configuration variable for the sentry provider property
- Reviewed by Sergio Pena, Brian Towles, Na Li.
Project: http://git-wip-us.apache.org/repos/asf/sentry/repo
Commit: http://git-wip-us.apache.org/repos/asf/sentry/commit/adbf1ae8
Tree: http://git-wip-us.apache.org/repos/asf/sentry/tree/adbf1ae8
Diff: http://git-wip-us.apache.org/repos/asf/sentry/diff/adbf1ae8
Branch: refs/heads/master
Commit: adbf1ae832d853bb4392ea5af48d734907eb725d
Parents: 0659a2a
Author: Colm O hEigeartaigh <co...@apache.org>
Authored: Wed Jul 19 13:54:22 2017 +0100
Committer: Colm O hEigeartaigh <co...@apache.org>
Committed: Wed Jul 19 13:54:22 2017 +0100
----------------------------------------------------------------------
conf/sentry-site.xml.hive-client.template | 2 +-
conf/sentry-site.xml.solr-client.example | 2 +-
.../sentry/binding/hive/conf/HiveAuthzConf.java | 45 ++++++++++++++------
.../DefaultSentryAccessController.java | 2 +-
.../sentry/binding/solr/conf/SolrAuthzConf.java | 29 +++++++++++--
5 files changed, 60 insertions(+), 20 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/sentry/blob/adbf1ae8/conf/sentry-site.xml.hive-client.template
----------------------------------------------------------------------
diff --git a/conf/sentry-site.xml.hive-client.template b/conf/sentry-site.xml.hive-client.template
index 0e8a74e..becff9c 100644
--- a/conf/sentry-site.xml.hive-client.template
+++ b/conf/sentry-site.xml.hive-client.template
@@ -72,7 +72,7 @@
-->
<property>
- <name>sentry.provider</name>
+ <name>sentry.hive.provider</name>
<value>org.apache.sentry.provider.file.HadoopGroupResourceAuthorizationProvider</value>
<description> Deprecated name: hive.sentry.provider. Group mapping which should be used at client side</description>
</property>
http://git-wip-us.apache.org/repos/asf/sentry/blob/adbf1ae8/conf/sentry-site.xml.solr-client.example
----------------------------------------------------------------------
diff --git a/conf/sentry-site.xml.solr-client.example b/conf/sentry-site.xml.solr-client.example
index dd39908..d0a367d 100644
--- a/conf/sentry-site.xml.solr-client.example
+++ b/conf/sentry-site.xml.solr-client.example
@@ -19,7 +19,7 @@
<configuration>
<property>
- <name>sentry.provider</name>
+ <name>sentry.solr.provider</name>
<value>org.apache.sentry.provider.file.LocalGroupResourceAuthorizationProvider</value>
</property>
<property>
http://git-wip-us.apache.org/repos/asf/sentry/blob/adbf1ae8/sentry-binding/sentry-binding-hive-common/src/main/java/org/apache/sentry/binding/hive/conf/HiveAuthzConf.java
----------------------------------------------------------------------
diff --git a/sentry-binding/sentry-binding-hive-common/src/main/java/org/apache/sentry/binding/hive/conf/HiveAuthzConf.java b/sentry-binding/sentry-binding-hive-common/src/main/java/org/apache/sentry/binding/hive/conf/HiveAuthzConf.java
index ad19b37..644367f 100644
--- a/sentry-binding/sentry-binding-hive-common/src/main/java/org/apache/sentry/binding/hive/conf/HiveAuthzConf.java
+++ b/sentry-binding/sentry-binding-hive-common/src/main/java/org/apache/sentry/binding/hive/conf/HiveAuthzConf.java
@@ -18,7 +18,11 @@ package org.apache.sentry.binding.hive.conf;
import java.net.MalformedURLException;
import java.net.URL;
+import java.util.ArrayList;
+import java.util.Arrays;
+import java.util.Collections;
import java.util.HashMap;
+import java.util.List;
import java.util.Map;
import java.util.Map.Entry;
@@ -88,7 +92,7 @@ public class HiveAuthzConf extends Configuration {
* Config setting definitions
*/
public static enum AuthzConfVars {
- AUTHZ_PROVIDER("sentry.provider",
+ AUTHZ_PROVIDER("sentry.hive.provider",
"org.apache.sentry.provider.common.HadoopGroupResourceAuthorizationProvider"),
AUTHZ_PROVIDER_RESOURCE("sentry.hive.provider.resource", ""),
AUTHZ_PROVIDER_BACKEND("sentry.hive.provider.backend", "org.apache.sentry.provider.file.SimpleFileProviderBackend"),
@@ -108,6 +112,8 @@ public class HiveAuthzConf extends Configuration {
AUTHZ_PROVIDER_DEPRECATED("hive.sentry.provider",
"org.apache.sentry.provider.file.ResourceAuthorizationProvider"),
+ AUTHZ_PROVIDER_DEPRECATED2("sentry.provider",
+ "org.apache.sentry.provider.common.HadoopGroupResourceAuthorizationProvider"),
AUTHZ_PROVIDER_RESOURCE_DEPRECATED("hive.sentry.provider.resource", ""),
AUTHZ_SERVER_NAME_DEPRECATED("hive.sentry.server", ""),
AUTHZ_RESTRICT_DEFAULT_DB_DEPRECATED("hive.sentry.restrict.defaultDB", "false"),
@@ -146,16 +152,22 @@ public class HiveAuthzConf extends Configuration {
// as long as the new property names aren't also provided. Since the binding code
// only calls the new property names, we require a map from current names to deprecated
// names in order to check if the deprecated name of a property was set.
- private static final Map<String, AuthzConfVars> currentToDeprecatedProps =
- new HashMap<String, AuthzConfVars>();
+ private static final Map<String, List<AuthzConfVars>> currentToDeprecatedProps = new HashMap<>();
static {
- currentToDeprecatedProps.put(AuthzConfVars.AUTHZ_PROVIDER.getVar(), AuthzConfVars.AUTHZ_PROVIDER_DEPRECATED);
- currentToDeprecatedProps.put(AuthzConfVars.AUTHZ_PROVIDER_RESOURCE.getVar(), AuthzConfVars.AUTHZ_PROVIDER_RESOURCE_DEPRECATED);
- currentToDeprecatedProps.put(AuthzConfVars.AUTHZ_SERVER_NAME.getVar(), AuthzConfVars.AUTHZ_SERVER_NAME_DEPRECATED);
- currentToDeprecatedProps.put(AuthzConfVars.AUTHZ_RESTRICT_DEFAULT_DB.getVar(), AuthzConfVars.AUTHZ_RESTRICT_DEFAULT_DB_DEPRECATED);
- currentToDeprecatedProps.put(AuthzConfVars.SENTRY_TESTING_MODE.getVar(), AuthzConfVars.SENTRY_TESTING_MODE_DEPRECATED);
- currentToDeprecatedProps.put(AuthzConfVars.AUTHZ_ALLOW_HIVE_IMPERSONATION.getVar(), AuthzConfVars.AUTHZ_ALLOW_HIVE_IMPERSONATION_DEPRECATED);
- currentToDeprecatedProps.put(AuthzConfVars.AUTHZ_ONFAILURE_HOOKS.getVar(), AuthzConfVars.AUTHZ_ONFAILURE_HOOKS_DEPRECATED);
+ currentToDeprecatedProps.put(AuthzConfVars.AUTHZ_PROVIDER.getVar(),
+ Arrays.asList(AuthzConfVars.AUTHZ_PROVIDER_DEPRECATED, AuthzConfVars.AUTHZ_PROVIDER_DEPRECATED2));
+ currentToDeprecatedProps.put(AuthzConfVars.AUTHZ_PROVIDER_RESOURCE.getVar(),
+ Collections.singletonList(AuthzConfVars.AUTHZ_PROVIDER_RESOURCE_DEPRECATED));
+ currentToDeprecatedProps.put(AuthzConfVars.AUTHZ_SERVER_NAME.getVar(),
+ Collections.singletonList(AuthzConfVars.AUTHZ_SERVER_NAME_DEPRECATED));
+ currentToDeprecatedProps.put(AuthzConfVars.AUTHZ_RESTRICT_DEFAULT_DB.getVar(),
+ Collections.singletonList(AuthzConfVars.AUTHZ_RESTRICT_DEFAULT_DB_DEPRECATED));
+ currentToDeprecatedProps.put(AuthzConfVars.SENTRY_TESTING_MODE.getVar(),
+ Collections.singletonList(AuthzConfVars.SENTRY_TESTING_MODE_DEPRECATED));
+ currentToDeprecatedProps.put(AuthzConfVars.AUTHZ_ALLOW_HIVE_IMPERSONATION.getVar(),
+ Collections.singletonList(AuthzConfVars.AUTHZ_ALLOW_HIVE_IMPERSONATION_DEPRECATED));
+ currentToDeprecatedProps.put(AuthzConfVars.AUTHZ_ONFAILURE_HOOKS.getVar(),
+ Collections.singletonList(AuthzConfVars.AUTHZ_ONFAILURE_HOOKS_DEPRECATED));
};
private static final Logger LOG = LoggerFactory
@@ -168,7 +180,6 @@ public class HiveAuthzConf extends Configuration {
LOG.info("DefaultFS: " + super.get("fs.defaultFS"));
addResource(hiveAuthzSiteURL);
applySystemProperties();
- LOG.info("DefaultFS: " + super.get("fs.defaultFS"));
this.hiveAuthzSiteFile = hiveAuthzSiteURL.toString();
}
/**
@@ -208,14 +219,20 @@ public class HiveAuthzConf extends Configuration {
String retVal = super.get(varName);
if (retVal == null) {
// check if the deprecated value is set here
+ String deprecatedPropName = null;
if (currentToDeprecatedProps.containsKey(varName)) {
- retVal = super.get(currentToDeprecatedProps.get(varName).getVar());
+ for (AuthzConfVars var : currentToDeprecatedProps.get(varName)) {
+ retVal = super.get(var.getVar());
+ if (retVal != null) {
+ deprecatedPropName = var.getVar();
+ break;
+ }
+ }
}
if (retVal == null) {
retVal = AuthzConfVars.getDefault(varName);
} else {
- LOG.warn("Using the deprecated config setting " + currentToDeprecatedProps.get(varName).getVar() +
- " instead of " + varName);
+ LOG.warn("Using the deprecated config setting " + deprecatedPropName + " instead of " + varName);
}
}
if (retVal == null) {
http://git-wip-us.apache.org/repos/asf/sentry/blob/adbf1ae8/sentry-binding/sentry-binding-hive-v2/src/main/java/org/apache/sentry/binding/hive/v2/authorizer/DefaultSentryAccessController.java
----------------------------------------------------------------------
diff --git a/sentry-binding/sentry-binding-hive-v2/src/main/java/org/apache/sentry/binding/hive/v2/authorizer/DefaultSentryAccessController.java b/sentry-binding/sentry-binding-hive-v2/src/main/java/org/apache/sentry/binding/hive/v2/authorizer/DefaultSentryAccessController.java
index c63cf64..db8d6a2 100644
--- a/sentry-binding/sentry-binding-hive-v2/src/main/java/org/apache/sentry/binding/hive/v2/authorizer/DefaultSentryAccessController.java
+++ b/sentry-binding/sentry-binding-hive-v2/src/main/java/org/apache/sentry/binding/hive/v2/authorizer/DefaultSentryAccessController.java
@@ -347,7 +347,7 @@ public class DefaultSentryAccessController extends SentryHiveAccessController {
// Apply rest of the configuration only to HiveServer2
if (ctx.getClientType() != CLIENT_TYPE.HIVESERVER2
|| !hiveConf.getBoolVar(ConfVars.HIVE_AUTHORIZATION_ENABLED)) {
- throw new HiveAuthzPluginException("Sentry just support for hiveserver2");
+ throw new HiveAuthzPluginException("Sentry only supports hiveserver2");
}
}
http://git-wip-us.apache.org/repos/asf/sentry/blob/adbf1ae8/sentry-binding/sentry-binding-solr/src/main/java/org/apache/sentry/binding/solr/conf/SolrAuthzConf.java
----------------------------------------------------------------------
diff --git a/sentry-binding/sentry-binding-solr/src/main/java/org/apache/sentry/binding/solr/conf/SolrAuthzConf.java b/sentry-binding/sentry-binding-solr/src/main/java/org/apache/sentry/binding/solr/conf/SolrAuthzConf.java
index b31f4fa..37efa5b 100644
--- a/sentry-binding/sentry-binding-solr/src/main/java/org/apache/sentry/binding/solr/conf/SolrAuthzConf.java
+++ b/sentry-binding/sentry-binding-solr/src/main/java/org/apache/sentry/binding/solr/conf/SolrAuthzConf.java
@@ -17,6 +17,8 @@
package org.apache.sentry.binding.solr.conf;
import java.net.URL;
+import java.util.HashMap;
+import java.util.Map;
import org.apache.hadoop.conf.Configuration;
import org.slf4j.Logger;
@@ -29,11 +31,14 @@ public class SolrAuthzConf extends Configuration {
* Config setting definitions
*/
public static enum AuthzConfVars {
- AUTHZ_PROVIDER("sentry.provider",
+ AUTHZ_PROVIDER("sentry.solr.provider",
"org.apache.sentry.provider.common.HadoopGroupResourceAuthorizationProvider"),
AUTHZ_PROVIDER_RESOURCE("sentry.solr.provider.resource", ""),
AUTHZ_PROVIDER_BACKEND("sentry.solr.provider.backend", "org.apache.sentry.provider.file.SimpleFileProviderBackend"),
- AUTHZ_POLICY_ENGINE("sentry.solr.policy.engine", "org.apache.sentry.policy.engine.common.CommonPolicyEngine");
+ AUTHZ_POLICY_ENGINE("sentry.solr.policy.engine", "org.apache.sentry.policy.engine.common.CommonPolicyEngine"),
+
+ AUTHZ_PROVIDER_DEPRECATED("sentry.provider",
+ "org.apache.sentry.provider.common.HadoopGroupResourceAuthorizationProvider");
private final String varName;
private final String defaultVal;
@@ -61,6 +66,11 @@ public class SolrAuthzConf extends Configuration {
}
}
+ private static final Map<String, AuthzConfVars> currentToDeprecatedProps = new HashMap<>();
+ static {
+ currentToDeprecatedProps.put(AuthzConfVars.AUTHZ_PROVIDER.getVar(), AuthzConfVars.AUTHZ_PROVIDER_DEPRECATED);
+ }
+
@SuppressWarnings("unused")
private static final Logger LOG = LoggerFactory
.getLogger(SolrAuthzConf.class);
@@ -73,6 +83,19 @@ public class SolrAuthzConf extends Configuration {
@Override
public String get(String varName) {
- return get(varName, AuthzConfVars.getDefault(varName));
+ String retVal = super.get(varName);
+ if (retVal == null) {
+ // check if the deprecated value is set here
+ if (currentToDeprecatedProps.containsKey(varName)) {
+ AuthzConfVars var = currentToDeprecatedProps.get(varName);
+ retVal = super.get(var.getVar());
+ }
+ if (retVal == null) {
+ retVal = AuthzConfVars.getDefault(varName);
+ } else {
+ LOG.warn("Using the deprecated config setting " + currentToDeprecatedProps.get(varName).getVar() + " instead of " + varName);
+ }
+ }
+ return retVal;
}
}