This is an automated email from the ASF dual-hosted git repository. granthenke pushed a commit to branch master in repository https://gitbox.apache.org/repos/asf/kudu.git
commit 6be025faa8f2e36d31bcc6c4e4f65324d07a3926 Author: Hao Hao <[email protected]> AuthorDate: Wed Mar 27 23:51:58 2019 -0700 [sentry] enable sentry integration for master stress test This patch adds more coverage for master authorization enforcement via enabling Sentry integration for master stress and failover tests. I looped each of the following tests 2000 times: alter_table-randomized-test: http://dist-test.cloudera.org/job?job_id=hao.hao.1555900144.107645 master-stress-test: http://dist-test.cloudera.org/job?job_id=hao.hao.1555897983.99429 master_failover-itest: http://dist-test.cloudera.org/job?job_id=hao.hao.1555893155.81719 All of the failures are due to known flakiness (KUDU-2621, KUDU-2774, KUDU-2779, and KUDU-1358). Change-Id: Ic48aa1bfd0947c645bb81137bb34e6cdfc088cf4 Reviewed-on: http://gerrit.cloudera.org:8080/12877 Reviewed-by: Andrew Wong <[email protected]> Reviewed-by: Alexey Serbin <[email protected]> Tested-by: Hao Hao <[email protected]> --- src/kudu/integration-tests/CMakeLists.txt | 4 +- .../alter_table-randomized-test.cc | 63 +++++++---- src/kudu/integration-tests/cluster_itest_util.cc | 119 +++++++++++++-------- src/kudu/integration-tests/cluster_itest_util.h | 12 +++ src/kudu/integration-tests/hms_itest-base.h | 12 +-- src/kudu/integration-tests/master-stress-test.cc | 31 ++++-- .../integration-tests/master_failover-itest.cc | 56 ++++++---- src/kudu/integration-tests/master_hms-itest.cc | 4 +- src/kudu/integration-tests/master_sentry-itest.cc | 10 +- 9 files changed, 204 insertions(+), 107 deletions(-) diff --git a/src/kudu/integration-tests/CMakeLists.txt b/src/kudu/integration-tests/CMakeLists.txt index 477231d..97968b2 100644 --- a/src/kudu/integration-tests/CMakeLists.txt +++ b/src/kudu/integration-tests/CMakeLists.txt @@ -56,7 +56,7 @@ SET_KUDU_TEST_LINK_LIBS(itest_util) ADD_KUDU_TEST(all_types-itest PROCESSORS 4 NUM_SHARDS 8) -ADD_KUDU_TEST(alter_table-randomized-test NUM_SHARDS 2 PROCESSORS 4) +ADD_KUDU_TEST(alter_table-randomized-test NUM_SHARDS 3 PROCESSORS 4) ADD_KUDU_TEST(alter_table-test PROCESSORS 3) ADD_KUDU_TEST(auth_token_expire-itest) ADD_KUDU_TEST(authz_token-itest PROCESSORS 2) @@ -91,7 +91,7 @@ ADD_KUDU_TEST_DEPENDENCIES(master_migration-itest kudu) ADD_KUDU_TEST(master_replication-itest) ADD_KUDU_TEST(master_sentry-itest RUN_SERIAL true NUM_SHARDS 8 PROCESSORS 4) -ADD_KUDU_TEST(master-stress-test RUN_SERIAL true) +ADD_KUDU_TEST(master-stress-test RUN_SERIAL true NUM_SHARDS 3) ADD_KUDU_TEST(multidir_cluster-itest) ADD_KUDU_TEST(open-readonly-fs-itest PROCESSORS 4) ADD_KUDU_TEST(raft_config_change-itest) diff --git a/src/kudu/integration-tests/alter_table-randomized-test.cc b/src/kudu/integration-tests/alter_table-randomized-test.cc index cfe2847..200b8fc 100644 --- a/src/kudu/integration-tests/alter_table-randomized-test.cc +++ b/src/kudu/integration-tests/alter_table-randomized-test.cc @@ -43,32 +43,33 @@ #include "kudu/gutil/stl_util.h" #include "kudu/gutil/strings/join.h" #include "kudu/gutil/strings/substitute.h" +#include "kudu/integration-tests/cluster_itest_util.h" #include "kudu/integration-tests/cluster_verifier.h" #include "kudu/mini-cluster/external_mini_cluster.h" +#include "kudu/sentry/mini_sentry.h" #include "kudu/util/monotime.h" #include "kudu/util/random.h" #include "kudu/util/status.h" #include "kudu/util/test_macros.h" #include "kudu/util/test_util.h" -namespace kudu { - -using client::KuduClient; -using client::KuduColumnSchema; -using client::KuduColumnStorageAttributes; -using client::KuduError; -using client::KuduScanner; -using client::KuduSchema; -using client::KuduSchemaBuilder; -using client::KuduSession; -using client::KuduTable; -using client::KuduTableAlterer; -using client::KuduTableCreator; -using client::KuduValue; -using client::KuduWriteOperation; -using client::sp::shared_ptr; -using cluster::ExternalMiniCluster; -using cluster::ExternalMiniClusterOptions; +using kudu::client::KuduClient; +using kudu::client::KuduColumnSchema; +using kudu::client::KuduColumnStorageAttributes; +using kudu::client::KuduError; +using kudu::client::KuduScanner; +using kudu::client::KuduSchema; +using kudu::client::KuduSchemaBuilder; +using kudu::client::KuduSession; +using kudu::client::KuduTable; +using kudu::client::KuduTableAlterer; +using kudu::client::KuduTableCreator; +using kudu::client::KuduValue; +using kudu::client::KuduWriteOperation; +using kudu::client::sp::shared_ptr; +using kudu::cluster::ExternalMiniCluster; +using kudu::cluster::ExternalMiniClusterOptions; +using kudu::itest::SentryMode; using std::make_pair; using std::map; using std::pair; @@ -78,6 +79,8 @@ using std::vector; using strings::Substitute; using strings::SubstituteAndAppend; +namespace kudu { + const char* kTableName = "default.test_table"; const int kMaxColumns = 30; const uint32_t kMaxRangePartitions = 32; @@ -94,15 +97,19 @@ const vector <KuduColumnStorageAttributes::EncodingType> kInt32Encodings = const vector<int32_t> kBlockSizes = {0, 2 * 1024 * 1024, 4 * 1024 * 1024, 8 * 1024 * 1024}; +// Parameterized based on HmsMode and whether or not to enable Sentry integration. class AlterTableRandomized : public KuduTest, - public ::testing::WithParamInterface<HmsMode> { + public ::testing::WithParamInterface<pair<HmsMode, SentryMode>> { public: void SetUp() override { KuduTest::SetUp(); ExternalMiniClusterOptions opts; opts.num_tablet_servers = 3; - opts.hms_mode = GetParam(); + opts.hms_mode = std::get<0>(GetParam()); + bool enable_sentry = (std::get<1>(GetParam()) == SentryMode::ENABLED); + opts.enable_sentry = enable_sentry; + opts.enable_kerberos = enable_sentry; // This test produces tables with lots of columns. With container preallocation, // we end up using quite a bit of disk space. So, we disable it. opts.extra_tserver_flags.emplace_back("--log_container_preallocate_bytes=0"); @@ -110,6 +117,10 @@ class AlterTableRandomized : public KuduTest, ASSERT_OK(cluster_->Start()); ASSERT_OK(cluster_->CreateClient(nullptr, &client_)); + if (enable_sentry) { + itest::SetupAdministratorPrivileges(cluster_->kdc(), + cluster_->sentry()->address()); + } } void TearDown() override { @@ -140,9 +151,15 @@ class AlterTableRandomized : public KuduTest, shared_ptr<KuduClient> client_; }; -// Run the test with the HMS integration enabled and disabled. -INSTANTIATE_TEST_CASE_P(HmsConfigurations, AlterTableRandomized, - ::testing::Values(HmsMode::NONE, HmsMode::ENABLE_METASTORE_INTEGRATION)); +// Run the test with the HMS/Sentry integration enabled and disabled. Sentry integration +// should be only enabled when HMS integration is enabled. +INSTANTIATE_TEST_CASE_P(HmsSentryConfigurations, AlterTableRandomized, ::testing::ValuesIn( + vector<pair<HmsMode, SentryMode>> { + { HmsMode::NONE, SentryMode::DISABLED }, + { HmsMode::ENABLE_METASTORE_INTEGRATION, SentryMode::DISABLED }, + { HmsMode::ENABLE_METASTORE_INTEGRATION, SentryMode::ENABLED }, + } +)); struct RowState { // We use this special value to denote NULL values. diff --git a/src/kudu/integration-tests/cluster_itest_util.cc b/src/kudu/integration-tests/cluster_itest_util.cc index 49a22cb..bdaf403 100644 --- a/src/kudu/integration-tests/cluster_itest_util.cc +++ b/src/kudu/integration-tests/cluster_itest_util.cc @@ -42,9 +42,14 @@ #include "kudu/gutil/strings/substitute.h" #include "kudu/master/master.pb.h" #include "kudu/master/master.proxy.h" +#include "kudu/master/sentry_authz_provider-test-base.h" #include "kudu/rpc/rpc_controller.h" #include "kudu/rpc/rpc_header.pb.h" +#include "kudu/security/test/mini_kdc.h" +#include "kudu/sentry/sentry_client.h" +#include "kudu/sentry/sentry_policy_service_types.h" #include "kudu/tablet/tablet.pb.h" +#include "kudu/thrift/client.h" #include "kudu/tserver/tablet_copy.proxy.h" #include "kudu/tserver/tablet_server_test_util.h" #include "kudu/tserver/tserver_admin.pb.h" @@ -62,41 +67,52 @@ #include "kudu/util/test_macros.h" #include "kudu/util/test_util.h" -namespace kudu { -namespace itest { - +using ::sentry::TSentryGrantOption; +using ::sentry::TSentryPrivilege; using boost::optional; -using client::KuduSchema; -using client::KuduSchemaBuilder; -using consensus::BulkChangeConfigRequestPB; -using consensus::ChangeConfigRequestPB; -using consensus::ChangeConfigResponsePB; -using consensus::ConsensusStatePB; -using consensus::CountVoters; -using consensus::EXCLUDE_HEALTH_REPORT; -using consensus::GetConsensusStateRequestPB; -using consensus::GetConsensusStateResponsePB; -using consensus::GetLastOpIdRequestPB; -using consensus::GetLastOpIdResponsePB; -using consensus::IncludeHealthReport; -using consensus::LeaderStepDownRequestPB; -using consensus::LeaderStepDownResponsePB; -using consensus::OpId; -using consensus::OpIdType; -using consensus::RaftPeerPB; -using consensus::RunLeaderElectionResponsePB; -using consensus::RunLeaderElectionRequestPB; -using consensus::VoteRequestPB; -using consensus::VoteResponsePB; -using consensus::kInvalidOpIdIndex; -using master::ListTabletServersResponsePB_Entry; -using master::MasterServiceProxy; -using master::TabletLocationsPB; -using pb_util::SecureDebugString; -using pb_util::SecureShortDebugString; +using kudu::client::KuduSchema; +using kudu::client::KuduSchemaBuilder; +using kudu::consensus::BulkChangeConfigRequestPB; +using kudu::consensus::ChangeConfigRequestPB; +using kudu::consensus::ChangeConfigResponsePB; +using kudu::consensus::ConsensusStatePB; +using kudu::consensus::CountVoters; +using kudu::consensus::EXCLUDE_HEALTH_REPORT; +using kudu::consensus::GetConsensusStateRequestPB; +using kudu::consensus::GetConsensusStateResponsePB; +using kudu::consensus::GetLastOpIdRequestPB; +using kudu::consensus::GetLastOpIdResponsePB; +using kudu::consensus::IncludeHealthReport; +using kudu::consensus::LeaderStepDownRequestPB; +using kudu::consensus::LeaderStepDownResponsePB; +using kudu::consensus::OpId; +using kudu::consensus::OpIdType; +using kudu::consensus::RaftPeerPB; +using kudu::consensus::RunLeaderElectionResponsePB; +using kudu::consensus::RunLeaderElectionRequestPB; +using kudu::consensus::VoteRequestPB; +using kudu::consensus::VoteResponsePB; +using kudu::consensus::kInvalidOpIdIndex; +using kudu::master::ListTabletServersResponsePB_Entry; +using kudu::master::MasterServiceProxy; +using kudu::master::TabletLocationsPB; +using kudu::pb_util::SecureDebugString; +using kudu::pb_util::SecureShortDebugString; +using kudu::rpc::Messenger; +using kudu::rpc::RpcController; +using kudu::sentry::SentryClient; +using kudu::tablet::TabletDataState; +using kudu::tserver::CreateTsClientProxies; +using kudu::tserver::ListTabletsResponsePB; +using kudu::tserver::DeleteTabletRequestPB; +using kudu::tserver::DeleteTabletResponsePB; +using kudu::tserver::BeginTabletCopySessionRequestPB; +using kudu::tserver::BeginTabletCopySessionResponsePB; +using kudu::tserver::TabletCopyErrorPB; +using kudu::tserver::TabletServerErrorPB; +using kudu::tserver::WriteRequestPB; +using kudu::tserver::WriteResponsePB; using rapidjson::Value; -using rpc::Messenger; -using rpc::RpcController; using std::min; using std::shared_ptr; using std::string; @@ -104,17 +120,9 @@ using std::unique_ptr; using std::unordered_map; using std::vector; using strings::Substitute; -using tablet::TabletDataState; -using tserver::CreateTsClientProxies; -using tserver::ListTabletsResponsePB; -using tserver::DeleteTabletRequestPB; -using tserver::DeleteTabletResponsePB; -using tserver::BeginTabletCopySessionRequestPB; -using tserver::BeginTabletCopySessionResponsePB; -using tserver::TabletCopyErrorPB; -using tserver::TabletServerErrorPB; -using tserver::WriteRequestPB; -using tserver::WriteResponsePB; + +namespace kudu { +namespace itest { const string& TServerDetails::uuid() const { return instance_id.permanent_uuid(); @@ -1228,5 +1236,28 @@ Status GetInt64Metric(const HostPort& http_hp, return Status::NotFound(msg); } +Status SetupAdministratorPrivileges(MiniKdc* kdc, + const HostPort& address) { + DCHECK(kdc); + RETURN_NOT_OK(kdc->CreateUserPrincipal("kudu")); + RETURN_NOT_OK(kdc->Kinit("kudu")); + + thrift::ClientOptions sentry_opts; + sentry_opts.service_principal = "sentry"; + sentry_opts.enable_kerberos = true; + unique_ptr<SentryClient> sentry_client( + new SentryClient(address, sentry_opts)); + RETURN_NOT_OK(sentry_client->Start()); + + // Create an admin role for the "admin" group specified in mini_sentry.cc. + // Grant this role all privileges for the server so the admin user can + // perform any operations required in tests. + RETURN_NOT_OK(master::CreateRoleAndAddToGroups(sentry_client.get(), "admin-role", "admin")); + TSentryPrivilege privilege = master::GetServerPrivilege("ALL", TSentryGrantOption::DISABLED); + RETURN_NOT_OK(master::AlterRoleGrantPrivilege(sentry_client.get(), "admin-role", privilege)); + return kdc->Kinit("test-admin"); +} + + } // namespace itest } // namespace kudu diff --git a/src/kudu/integration-tests/cluster_itest_util.h b/src/kudu/integration-tests/cluster_itest_util.h index fba9fae..352ed27 100644 --- a/src/kudu/integration-tests/cluster_itest_util.h +++ b/src/kudu/integration-tests/cluster_itest_util.h @@ -50,6 +50,7 @@ namespace kudu { class HostPort; class MetricEntityPrototype; class MetricPrototype; +class MiniKdc; class MonoDelta; class Status; @@ -71,6 +72,12 @@ class Messenger; namespace itest { +// Mode to indicate whether external service Sentry is enabled or not. +enum class SentryMode { + DISABLED, + ENABLED +}; + struct TServerDetails { NodeInstancePB instance_id; ServerRegistrationPB registration; @@ -445,6 +452,11 @@ Status GetInt64Metric(const HostPort& http_hp, const char* value_field, int64_t* value); +// Grants the 'test-admin' user Sentry privileges to perform any operation, +// using 'kdc' to authenticate with the Sentry instance at 'address'. Once +// called, the 'test-admin' user will be logged in. +Status SetupAdministratorPrivileges(MiniKdc* kdc, + const HostPort& address); } // namespace itest } // namespace kudu diff --git a/src/kudu/integration-tests/hms_itest-base.h b/src/kudu/integration-tests/hms_itest-base.h index 57f1a3f..b348031 100644 --- a/src/kudu/integration-tests/hms_itest-base.h +++ b/src/kudu/integration-tests/hms_itest-base.h @@ -30,24 +30,24 @@ namespace kudu { class HmsITestBase : public ExternalMiniClusterITestBase { public: - Status StopHms(); - Status StartHms(); + Status StartHms() WARN_UNUSED_RESULT; + Status StopHms() WARN_UNUSED_RESULT; // Creates a database in the HMS catalog. - Status CreateDatabase(const std::string& database_name); + Status CreateDatabase(const std::string& database_name) WARN_UNUSED_RESULT; // Creates a table in Kudu. Status CreateKuduTable(const std::string& database_name, - const std::string& table_name); + const std::string& table_name) WARN_UNUSED_RESULT; // Renames a table entry in the HMS catalog. Status RenameHmsTable(const std::string& database_name, const std::string& old_table_name, - const std::string& new_table_name); + const std::string& new_table_name) WARN_UNUSED_RESULT; // Drops all columns from a Kudu HMS table entry. Status AlterHmsTableDropColumns(const std::string& database_name, - const std::string& table_name); + const std::string& table_name) WARN_UNUSED_RESULT; // Checks that the Kudu table schema and the HMS table entry in their // respective catalogs are synchronized for a particular table. It also diff --git a/src/kudu/integration-tests/master-stress-test.cc b/src/kudu/integration-tests/master-stress-test.cc index 995848d..f5471d6 100644 --- a/src/kudu/integration-tests/master-stress-test.cc +++ b/src/kudu/integration-tests/master-stress-test.cc @@ -39,11 +39,13 @@ #include "kudu/gutil/strings/substitute.h" #include "kudu/gutil/strings/util.h" #include "kudu/integration-tests/cluster_itest_util.h" +#include "kudu/integration-tests/external_mini_cluster-itest-base.h" #include "kudu/master/master.pb.h" #include "kudu/master/master.proxy.h" #include "kudu/mini-cluster/external_mini_cluster.h" #include "kudu/rpc/messenger.h" #include "kudu/rpc/rpc_controller.h" +#include "kudu/sentry/mini_sentry.h" #include "kudu/tablet/tablet.pb.h" #include "kudu/tools/tool_action_common.h" #include "kudu/tserver/tserver.pb.h" @@ -82,6 +84,7 @@ using kudu::cluster::ExternalMaster; using kudu::cluster::ExternalMiniCluster; using kudu::cluster::ExternalMiniClusterOptions; using kudu::itest::ListTablets; +using kudu::itest::SentryMode; using kudu::master::ListTablesRequestPB; using kudu::master::ListTablesResponsePB; using kudu::master::ReplaceTabletRequestPB; @@ -91,6 +94,7 @@ using kudu::rpc::Messenger; using kudu::rpc::MessengerBuilder; using kudu::rpc::RpcController; using kudu::tools::LeaderMasterProxy; +using std::pair; using std::shared_ptr; using std::string; using std::thread; @@ -103,8 +107,9 @@ namespace kudu { static const MonoDelta kDefaultAdminTimeout = MonoDelta::FromSeconds(300); static const MonoDelta kTransientStateBackoff = MonoDelta::FromMilliseconds(50); -class MasterStressTest : public KuduTest, - public ::testing::WithParamInterface<HmsMode> { +// Parameterized based on HmsMode and whether or not to enable Sentry integration. +class MasterStressTest : public ExternalMiniClusterITestBase, + public ::testing::WithParamInterface<pair<HmsMode, SentryMode>> { public: MasterStressTest() : done_(1), @@ -134,7 +139,10 @@ class MasterStressTest : public KuduTest, opts.start_process_timeout = MonoDelta::FromSeconds(60); opts.rpc_negotiation_timeout = MonoDelta::FromSeconds(30); - opts.hms_mode = GetParam(); + opts.hms_mode = std::get<0>(GetParam()); + bool enable_sentry = (std::get<1>(GetParam()) == SentryMode::ENABLED); + opts.enable_sentry = enable_sentry; + opts.enable_kerberos = enable_sentry; // Tune down the notification log poll period in order to speed up catalog convergence. opts.extra_master_flags.emplace_back("--hive_metastore_notification_log_poll_period_seconds=1"); @@ -192,6 +200,11 @@ class MasterStressTest : public KuduTest, shared_ptr<MasterServiceProxy> m_proxy( new MasterServiceProxy(cluster_->messenger(), addr, addr.host())); ASSERT_OK(CreateTabletServerMap(m_proxy, cluster_->messenger(), &ts_map_)); + + if (enable_sentry) { + itest::SetupAdministratorPrivileges(cluster_->kdc(), + cluster_->sentry()->address()); + } } void TearDown() override { @@ -483,9 +496,15 @@ class MasterStressTest : public KuduTest, std::unordered_map<string, itest::TServerDetails*> ts_map_; }; -// Run the test with the HMS integration enabled and disabled. -INSTANTIATE_TEST_CASE_P(HmsConfigurations, MasterStressTest, - ::testing::Values(HmsMode::NONE, HmsMode::ENABLE_METASTORE_INTEGRATION)); +// Run the test with the HMS/Sentry integration enabled and disabled. Sentry integration +// should be only enabled when HMS integration is enabled. +INSTANTIATE_TEST_CASE_P(HmsSentryConfigurations, MasterStressTest, ::testing::ValuesIn( + vector<pair<HmsMode, SentryMode>> { + { HmsMode::NONE, SentryMode::DISABLED }, + { HmsMode::ENABLE_METASTORE_INTEGRATION, SentryMode::DISABLED }, + { HmsMode::ENABLE_METASTORE_INTEGRATION, SentryMode::ENABLED }, + } +)); TEST_P(MasterStressTest, Test) { OverrideFlagForSlowTests("num_create_table_threads", "10"); diff --git a/src/kudu/integration-tests/master_failover-itest.cc b/src/kudu/integration-tests/master_failover-itest.cc index cb1af80..9dcaa97 100644 --- a/src/kudu/integration-tests/master_failover-itest.cc +++ b/src/kudu/integration-tests/master_failover-itest.cc @@ -20,6 +20,7 @@ #include <ostream> // IWYU pragma: keep #include <set> #include <string> +#include <utility> #include <vector> #include <glog/logging.h> @@ -37,6 +38,7 @@ #include "kudu/integration-tests/cluster_itest_util.h" #include "kudu/master/sys_catalog.h" // IWYU pragma: keep #include "kudu/mini-cluster/external_mini_cluster.h" +#include "kudu/sentry/mini_sentry.h" #include "kudu/util/metrics.h" #include "kudu/util/monotime.h" #include "kudu/util/net/net_util.h" // IWYU pragma: keep @@ -49,6 +51,22 @@ METRIC_DECLARE_entity(server); METRIC_DECLARE_histogram(handler_latency_kudu_consensus_ConsensusService_GetNodeInstance); +using kudu::client::sp::shared_ptr; +using kudu::cluster::ExternalDaemon; +using kudu::cluster::ExternalMaster; +using kudu::cluster::ExternalMiniCluster; +using kudu::cluster::ExternalMiniClusterOptions; +using kudu::cluster::ScopedResumeExternalDaemon; +using kudu::itest::GetInt64Metric; +using kudu::itest::SentryMode; +using std::pair; +using std::set; +using std::string; +using std::unique_ptr; +using std::vector; +using strings::Split; +using strings::Substitute; + namespace kudu { // Note: this test needs to be in the client namespace in order for @@ -57,22 +75,9 @@ namespace client { const int kNumTabletServerReplicas = 3; -using cluster::ExternalDaemon; -using cluster::ExternalMaster; -using cluster::ExternalMiniCluster; -using cluster::ExternalMiniClusterOptions; -using cluster::ScopedResumeExternalDaemon; -using itest::GetInt64Metric; -using sp::shared_ptr; -using std::set; -using std::string; -using std::unique_ptr; -using std::vector; -using strings::Split; -using strings::Substitute; - +// Parameterized based on HmsMode and whether or not to enable Sentry integration. class MasterFailoverTest : public KuduTest, - public ::testing::WithParamInterface<HmsMode> { + public ::testing::WithParamInterface<pair<HmsMode, SentryMode>> { public: enum CreateTableMode { kWaitForCreate = 0, @@ -82,7 +87,9 @@ class MasterFailoverTest : public KuduTest, MasterFailoverTest() { opts_.num_masters = 3; opts_.num_tablet_servers = kNumTabletServerReplicas; - opts_.hms_mode = GetParam(); + opts_.hms_mode = std::get<0>(GetParam()); + opts_.enable_sentry = (std::get<1>(GetParam()) == SentryMode::ENABLED); + opts_.enable_kerberos = opts_.enable_sentry; // Reduce various timeouts below as to make the detection of // leader master failures (specifically, failures as result of @@ -126,6 +133,11 @@ class MasterFailoverTest : public KuduTest, // the global operation timeout. builder.default_admin_operation_timeout(MonoDelta::FromSeconds(90)); ASSERT_OK(cluster_->CreateClient(&builder, &client_)); + + if (opts_.enable_sentry) { + ASSERT_OK(itest::SetupAdministratorPrivileges(cluster_->kdc(), + cluster_->sentry()->address())); + } } Status CreateTable(const std::string& table_name, CreateTableMode mode) { @@ -157,9 +169,15 @@ class MasterFailoverTest : public KuduTest, shared_ptr<KuduClient> client_; }; -// Run the test with the HMS integration enabled and disabled. -INSTANTIATE_TEST_CASE_P(HmsConfigurations, MasterFailoverTest, - ::testing::Values(HmsMode::NONE, HmsMode::ENABLE_METASTORE_INTEGRATION)); +// Run the test with the HMS/Sentry integration enabled and disabled. Sentry integration +// should be only enabled when HMS integration is enabled. +INSTANTIATE_TEST_CASE_P(HmsSentryConfigurations, MasterFailoverTest, ::testing::ValuesIn( + vector<pair<HmsMode, SentryMode>> { + { HmsMode::NONE, SentryMode::DISABLED }, + { HmsMode::ENABLE_METASTORE_INTEGRATION, SentryMode::DISABLED }, + { HmsMode::ENABLE_METASTORE_INTEGRATION, SentryMode::ENABLED }, + } +)); // Test that synchronous CreateTable (issue CreateTable call and then // wait until the table has been created) works even when the original diff --git a/src/kudu/integration-tests/master_hms-itest.cc b/src/kudu/integration-tests/master_hms-itest.cc index f539c08..0574eba 100644 --- a/src/kudu/integration-tests/master_hms-itest.cc +++ b/src/kudu/integration-tests/master_hms-itest.cc @@ -348,12 +348,12 @@ TEST_F(MasterHmsTest, TestNotificationLogListener) { // Ensure that Kudu can rename a table just after it's been renamed through the HMS. - RenameHmsTable("default", "a", "b"); + ASSERT_OK(RenameHmsTable("default", "a", "b")); table_alterer.reset(client_->NewTableAlterer("default.b")->RenameTo("default.c")); ASSERT_OK(table_alterer->Alter()); // Ensure that Kudu can drop a table just after it's been renamed through the HMS. - RenameHmsTable("default", "c", "a"); + ASSERT_OK(RenameHmsTable("default", "c", "a")); ASSERT_OK(client_->DeleteTable("default.a")); // Test concurrent drops from the HMS and Kudu. diff --git a/src/kudu/integration-tests/master_sentry-itest.cc b/src/kudu/integration-tests/master_sentry-itest.cc index 0ada81f..a110162 100644 --- a/src/kudu/integration-tests/master_sentry-itest.cc +++ b/src/kudu/integration-tests/master_sentry-itest.cc @@ -109,8 +109,8 @@ class SentryITestBase : public HmsITestBase { return Status::OK(); } - Status GetTableLocationsWithTableId(const string& table_name, - optional<const string&> table_id) { + Status GetTableLocationsWithTableId(const string& table_name, + optional<const string&> table_id) { const MonoDelta kTimeout = MonoDelta::FromSeconds(30); std::shared_ptr<MasterServiceProxy> proxy = cluster_->master_proxy(); UserCredentials user_credentials; @@ -120,7 +120,7 @@ class SentryITestBase : public HmsITestBase { GetTableLocationsResponsePB table_locations; return itest::GetTableLocations(proxy, table_name, kTimeout, master::VOTER_REPLICA, table_id, &table_locations); - } + } Status GrantCreateTablePrivilege(const string& database_name, const string& /*table_name*/) { @@ -324,10 +324,10 @@ class SentryITestBase : public HmsITestBase { void TearDown() override { if (sentry_client_) { - ASSERT_OK(sentry_client_->Stop()); + ASSERT_OK(sentry_client_->Stop()); } if (hms_client_) { - ASSERT_OK(hms_client_->Stop()); + ASSERT_OK(hms_client_->Stop()); } HmsITestBase::TearDown(); }
