Repository: sentry Updated Branches: refs/heads/master 89d64b660 -> ed39dc855
SENTRY-1212: Small authorization and compatibility checking bugs in Sentry conversion tool Project: http://git-wip-us.apache.org/repos/asf/sentry/repo Commit: http://git-wip-us.apache.org/repos/asf/sentry/commit/ed39dc85 Tree: http://git-wip-us.apache.org/repos/asf/sentry/tree/ed39dc85 Diff: http://git-wip-us.apache.org/repos/asf/sentry/diff/ed39dc85 Branch: refs/heads/master Commit: ed39dc855afc9beee3491c8c50fbffecfaee2e1c Parents: 89d64b6 Author: Gregory Chanan <[email protected]> Authored: Thu Apr 21 17:54:48 2016 -0700 Committer: Gregory Chanan <[email protected]> Committed: Fri Apr 22 17:32:35 2016 -0700 ---------------------------------------------------------------------- .../db/generic/tools/SentryConfigToolSolr.java | 24 ++++++++++++-------- .../generic/tools/TestSentryConfigToolSolr.java | 15 +++++++++++- 2 files changed, 28 insertions(+), 11 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/sentry/blob/ed39dc85/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/generic/tools/SentryConfigToolSolr.java ---------------------------------------------------------------------- diff --git a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/generic/tools/SentryConfigToolSolr.java b/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/generic/tools/SentryConfigToolSolr.java index d25ce4b..22895eb 100644 --- a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/generic/tools/SentryConfigToolSolr.java +++ b/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/generic/tools/SentryConfigToolSolr.java @@ -60,11 +60,14 @@ public class SentryConfigToolSolr extends SentryConfigToolCommon { Configuration conf = getSentryConf(); String service = conf.get(SOLR_SERVICE_NAME, "service1"); + // instantiate a solr client for sentry service. This sets the ugi, so must + // be done before getting the ugi below. + SentryGenericServiceClient client = SentryGenericServiceClientFactory.create(conf); UserGroupInformation ugi = UserGroupInformation.getLoginUser(); String requestorName = ugi.getShortUserName(); - convertINIToSentryServiceCmds(component, service, requestorName, - conf, getPolicyFile(), getValidate(), getImportPolicy(), getCheckCompat()); + convertINIToSentryServiceCmds(component, service, requestorName, conf, client, + getPolicyFile(), getValidate(), getImportPolicy(), getCheckCompat()); } private Configuration getSentryConf() { @@ -77,12 +80,11 @@ public class SentryConfigToolSolr extends SentryConfigToolCommon { * Convert policy file to solrctl commands -- based on SENTRY-480 */ private void convertINIToSentryServiceCmds(String component, - String service, String requestorName, Configuration conf, + String service, String requestorName, + Configuration conf, SentryGenericServiceClient client, String policyFile, boolean validate, boolean importPolicy, boolean checkCompat) throws Exception { - //instantiate a solr client for sentry service - SentryGenericServiceClient client = SentryGenericServiceClientFactory.create(conf); //instantiate a file providerBackend for parsing LOGGER.info("Reading policy file at: " + policyFile); SimpleFileProviderBackend policyFileBackend = @@ -217,11 +219,13 @@ public class SentryConfigToolSolr extends SentryConfigToolCommon { System.out.println("\n"); System.out.println("Warning: " + warningString.toString()); - SentryConfigurationException ex = - new SentryConfigurationException("Compatibility check failure"); - ex.setConfigErrors(errors); - ex.setConfigWarnings(Lists.<String>asList(warningString.toString(), new String[0])); - throw ex; + if (errors.size() > 0) { + SentryConfigurationException ex = + new SentryConfigurationException("Compatibility check failure"); + ex.setConfigErrors(errors); + ex.setConfigWarnings(Lists.<String>asList(warningString.toString(), new String[0])); + throw ex; + } } public static void main(String[] args) throws Exception { http://git-wip-us.apache.org/repos/asf/sentry/blob/ed39dc85/sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/provider/db/generic/tools/TestSentryConfigToolSolr.java ---------------------------------------------------------------------- diff --git a/sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/provider/db/generic/tools/TestSentryConfigToolSolr.java b/sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/provider/db/generic/tools/TestSentryConfigToolSolr.java index 7149f17..51679de 100644 --- a/sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/provider/db/generic/tools/TestSentryConfigToolSolr.java +++ b/sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/provider/db/generic/tools/TestSentryConfigToolSolr.java @@ -1,4 +1,4 @@ -/** + /** * Licensed to the Apache Software Foundation (ASF) under one * or more contributor license agreements. See the NOTICE file * distributed with this work for additional information @@ -240,6 +240,19 @@ public class TestSentryConfigToolSolr extends SentryGenericServiceIntegrationBas }); } + // Test that a valid compat check doesn't throw an exception + @Test + public void testCompatCheckValid() throws Exception { + runTestAsSubject(new TestOperation() { + @Override + public void runTestAsSubject() throws Exception { + String[] args = { "-p", VALID_POLICY_INI, "-conf", confPath.getAbsolutePath(), "-v", "-i", "-c"}; + SentryConfigToolSolr sentryTool = new SentryConfigToolSolr(); + sentryTool.executeConfigTool(args); + } + }); + } + private void assertCasedRoleNamesInMessage(String message, String ... casedRoleNames) { for (String casedRoleName : casedRoleNames) { assertTrue("Expected cased role name: " + casedRoleName, message.contains(casedRoleName));
