SENTRY-1593: proposed changes to config interface
Project: http://git-wip-us.apache.org/repos/asf/sentry/repo Commit: http://git-wip-us.apache.org/repos/asf/sentry/commit/d22df694 Tree: http://git-wip-us.apache.org/repos/asf/sentry/tree/d22df694 Diff: http://git-wip-us.apache.org/repos/asf/sentry/diff/d22df694 Branch: refs/heads/akolb-SENTRY-1593 Commit: d22df6947c3960f06b98345d3c69a321275cf20f Parents: 5300344 Author: Alexander Kolbasov <[email protected]> Authored: Mon Feb 20 01:52:49 2017 -0600 Committer: Alexander Kolbasov <[email protected]> Committed: Mon Feb 20 01:52:49 2017 -0600 ---------------------------------------------------------------------- .../core/common/SentryClientConstants.java | 126 +++++++++++++++++++ .../SentryClientTransportConfigInterface.java | 35 ++++++ .../common/SentryHDFSClientTransportConfig.java | 90 +++++++++++++ .../SentryPolicyClientTransportConfig.java | 91 ++++++++++++++ 4 files changed, 342 insertions(+) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/sentry/blob/d22df694/sentry-core/sentry-core-common/src/main/java/org/apache/sentry/core/common/SentryClientConstants.java ---------------------------------------------------------------------- diff --git a/sentry-core/sentry-core-common/src/main/java/org/apache/sentry/core/common/SentryClientConstants.java b/sentry-core/sentry-core-common/src/main/java/org/apache/sentry/core/common/SentryClientConstants.java new file mode 100644 index 0000000..8c8b9ba --- /dev/null +++ b/sentry-core/sentry-core-common/src/main/java/org/apache/sentry/core/common/SentryClientConstants.java @@ -0,0 +1,126 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package org.apache.sentry.core.common; + +class SentryClientConstants { + + enum sentryClientType { + POLICY_CLIENT, + HDFS_CLIENT, + } + + enum sentryClientSecurityMode { + SECURITY_MODE_KERBEROS, + SECURITY_MODE_NONE, + } + + static final String KERBEROS_MODE = "kerberos"; + + /** + * max retry num for client rpc + * {link RetryClientInvocationHandler#invokeImpl(Object, Method, Object[])} + */ + static final String SENTRY_RPC_RETRY_TOTAL = "sentry.service.client.rpc.retry-total"; + static final int SENTRY_RPC_RETRY_TOTAL_DEFAULT = 3; + + /** + * full retry num for getting the connection in non-pool model + * In a full retry, it will cycle through all available sentry servers + */ + static final String SENTRY_FULL_RETRY_TOTAL = "sentry.service.client.connection.full.retry-total"; + static final int SENTRY_FULL_RETRY_TOTAL_DEFAULT = 2; + + + static class PolicyClientConstants { + static final String SERVER_RPC_PORT = "sentry.service.client.server.rpc-port"; + static final int RPC_PORT_DEFAULT = 8038; + static final String SERVER_RPC_ADDRESS = "sentry.service.client.server.rpc-address"; + // connection pool configuration + static final String SENTRY_POOL_ENABLED = "sentry.service.client.connection.pool.enabled"; + static final boolean SENTRY_POOL_ENABLED_DEFAULT = false; + + // commons-pool configuration for pool size + static final String SENTRY_POOL_MAX_TOTAL = "sentry.service.client.connection.pool.max-total"; + static final int SENTRY_POOL_MAX_TOTAL_DEFAULT = 8; + static final String SENTRY_POOL_MAX_IDLE = "sentry.service.client.connection.pool.max-idle"; + static final int SENTRY_POOL_MAX_IDLE_DEFAULT = 8; + static final String SENTRY_POOL_MIN_IDLE = "sentry.service.client.connection.pool.min-idle"; + static final int SENTRY_POOL_MIN_IDLE_DEFAULT = 0; + + // retry num for getting the connection from connection pool + static final String SENTRY_POOL_RETRY_TOTAL = SentryClientConstants.SENTRY_FULL_RETRY_TOTAL; + static final int SENTRY_POOL_RETRY_TOTAL_DEFAULT = SentryClientConstants.SENTRY_RPC_RETRY_TOTAL_DEFAULT; + + /** + * full retry num for getting the connection in non-pool model + * In a full retry, it will cycle through all available sentry servers + */ + static final String SENTRY_FULL_RETRY_TOTAL = "sentry.service.client.connection.full.retry-total"; + static final int SENTRY_FULL_RETRY_TOTAL_DEFAULT = 2; + + /** + * max retry num for client rpc + * {link RetryClientInvocationHandler#invokeImpl(Object, Method, Object[])} + */ + static final String SENTRY_RPC_RETRY_TOTAL = "sentry.service.client.rpc.retry-total"; + static final int SENTRY_RPC_RETRY_TOTAL_DEFAULT = 3; + + /** + * This configuration parameter is only meant to be used for testing purposes. + */ + static final String SECURITY_MODE = "sentry.service.security.mode"; + + static final String SECURITY_USE_UGI_TRANSPORT = "sentry.service.security.use.ugi"; + static final String PRINCIPAL = "sentry.service.server.principal"; + static final String SERVER_RPC_CONN_TIMEOUT = "sentry.service.client.server.rpc-connection-timeout"; + static final int SERVER_RPC_CONN_TIMEOUT_DEFAULT = 200000; + } + + static class HDFSClientConstants { + /** + * This configuration parameter is only meant to be used for testing purposes. + */ + static final String SECURITY_MODE = "sentry.hdfs.service.security.mode"; + + /** + * max retry num for client rpc + * {link RetryClientInvocationHandler#invokeImpl(Object, Method, Object[])} + */ + static final String SENTRY_RPC_RETRY_TOTAL = SentryClientConstants.SENTRY_RPC_RETRY_TOTAL; + static final int SENTRY_RPC_RETRY_TOTAL_DEFAULT = 3; + + /** + * full retry num for getting the connection in non-pool model + * In a full retry, it will cycle through all available sentry servers + */ + static final String SENTRY_FULL_RETRY_TOTAL = SentryClientConstants.SENTRY_FULL_RETRY_TOTAL; + static final int SENTRY_FULL_RETRY_TOTAL_DEFAULT = SentryClientConstants.SENTRY_FULL_RETRY_TOTAL_DEFAULT; + + static final String SECURITY_USE_UGI_TRANSPORT = "sentry.hdfs.service.security.use.ugi"; + static final String PRINCIPAL = "sentry.hdfs.service.server.principal"; + static final String RPC_ADDRESS = "sentry.hdfs.service.client.server.rpc-address"; + static final String RPC_ADDRESS_DEFAULT = "0.0.0.0"; //NOPMD + + static final String SERVER_RPC_PORT = "sentry.hdfs.service.client.server.rpc-port"; + static final int RPC_PORT_DEFAULT = ServiceTransportConstants.RPC_PORT_DEFAULT; + static final String SERVER_RPC_ADDRESS = "sentry.hdfs.service.client.server.rpc-address"; + static final String SERVER_RPC_CONN_TIMEOUT = "sentry.hdfs.service.client.server.rpc-connection-timeout"; + static final int SERVER_RPC_CONN_TIMEOUT_DEFAULT = 200000; + } +} http://git-wip-us.apache.org/repos/asf/sentry/blob/d22df694/sentry-core/sentry-core-common/src/main/java/org/apache/sentry/core/common/SentryClientTransportConfigInterface.java ---------------------------------------------------------------------- diff --git a/sentry-core/sentry-core-common/src/main/java/org/apache/sentry/core/common/SentryClientTransportConfigInterface.java b/sentry-core/sentry-core-common/src/main/java/org/apache/sentry/core/common/SentryClientTransportConfigInterface.java new file mode 100644 index 0000000..97d56a3 --- /dev/null +++ b/sentry-core/sentry-core-common/src/main/java/org/apache/sentry/core/common/SentryClientTransportConfigInterface.java @@ -0,0 +1,35 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package org.apache.sentry.core.common; + +import org.apache.hadoop.conf.Configuration; + +import java.util.Map; + +interface SentryClientTransportConfigInterface { + SentryClientConstants.sentryClientSecurityMode getSecurityMode(Configuration conf); + int getClientRetryTotal(Configuration conf); + int getClientFullRetryTotal(Configuration conf); + boolean useUgiTransport(Configuration conf); + String getPrincipal(Configuration conf); + String getServerRpcAddress(Configuration conf); + int getServerRpcPort(Configuration conf); + int getServerRpcConnTimeout(Configuration conf); + Map<String, String> getSaslProperties(); +} http://git-wip-us.apache.org/repos/asf/sentry/blob/d22df694/sentry-core/sentry-core-common/src/main/java/org/apache/sentry/core/common/SentryHDFSClientTransportConfig.java ---------------------------------------------------------------------- diff --git a/sentry-core/sentry-core-common/src/main/java/org/apache/sentry/core/common/SentryHDFSClientTransportConfig.java b/sentry-core/sentry-core-common/src/main/java/org/apache/sentry/core/common/SentryHDFSClientTransportConfig.java new file mode 100644 index 0000000..281e073 --- /dev/null +++ b/sentry-core/sentry-core-common/src/main/java/org/apache/sentry/core/common/SentryHDFSClientTransportConfig.java @@ -0,0 +1,90 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package org.apache.sentry.core.common; + +import org.apache.hadoop.conf.Configuration; + +import javax.security.sasl.Sasl; +import java.util.Collections; +import java.util.HashMap; +import java.util.Map; + +import static org.apache.sentry.core.common.SentryClientConstants.KERBEROS_MODE; +import static org.apache.sentry.core.common.SentryClientConstants.HDFSClientConstants.*; +import static org.apache.sentry.core.common.SentryClientConstants.sentryClientSecurityMode.SECURITY_MODE_KERBEROS; +import static org.apache.sentry.core.common.SentryClientConstants.sentryClientSecurityMode.SECURITY_MODE_NONE; + +public class SentryHDFSClientTransportConfig implements SentryClientTransportConfigInterface { + private static final Map<String, String> SASL_PROPERTIES; + + static { + Map<String, String> saslProps = new HashMap<>(); + saslProps.put(Sasl.SERVER_AUTH, "true"); + saslProps.put(Sasl.QOP, "auth-conf"); + SASL_PROPERTIES = Collections.unmodifiableMap(saslProps); + } + + @Override + public SentryClientConstants.sentryClientSecurityMode getSecurityMode(Configuration conf) { + return (conf.get(SECURITY_MODE, KERBEROS_MODE) + .equalsIgnoreCase((KERBEROS_MODE)) ? + SECURITY_MODE_KERBEROS : SECURITY_MODE_NONE); + } + + @Override + public int getClientRetryTotal(Configuration conf) { + return conf.getInt(SENTRY_RPC_RETRY_TOTAL, SENTRY_RPC_RETRY_TOTAL_DEFAULT); + } + + @Override + public int getClientFullRetryTotal(Configuration conf) { + return conf.getInt(SENTRY_FULL_RETRY_TOTAL, SENTRY_FULL_RETRY_TOTAL_DEFAULT); + } + + @Override + public boolean useUgiTransport(Configuration conf) { + return "true".equalsIgnoreCase(conf.get(SECURITY_USE_UGI_TRANSPORT, "false")); + } + + @Override + public String getPrincipal(Configuration conf) { + return conf.get(PRINCIPAL); + } + + @Override + public String getServerRpcAddress(Configuration conf) { + return conf.get(SERVER_RPC_ADDRESS); + } + + @Override + public int getServerRpcPort(Configuration conf) { + return conf.getInt(SERVER_RPC_PORT, RPC_PORT_DEFAULT); + } + + @Override + public int getServerRpcConnTimeout(Configuration conf) { + return conf.getInt(SERVER_RPC_CONN_TIMEOUT, SERVER_RPC_CONN_TIMEOUT_DEFAULT); + } + + @Override + public Map<String, String> getSaslProperties() { + return SASL_PROPERTIES; + } + +} http://git-wip-us.apache.org/repos/asf/sentry/blob/d22df694/sentry-core/sentry-core-common/src/main/java/org/apache/sentry/core/common/SentryPolicyClientTransportConfig.java ---------------------------------------------------------------------- diff --git a/sentry-core/sentry-core-common/src/main/java/org/apache/sentry/core/common/SentryPolicyClientTransportConfig.java b/sentry-core/sentry-core-common/src/main/java/org/apache/sentry/core/common/SentryPolicyClientTransportConfig.java new file mode 100644 index 0000000..c05caa4 --- /dev/null +++ b/sentry-core/sentry-core-common/src/main/java/org/apache/sentry/core/common/SentryPolicyClientTransportConfig.java @@ -0,0 +1,91 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package org.apache.sentry.core.common; + +import org.apache.hadoop.conf.Configuration; + +import javax.security.sasl.Sasl; + +import static org.apache.sentry.core.common.SentryClientConstants.KERBEROS_MODE; +import static org.apache.sentry.core.common.SentryClientConstants.PolicyClientConstants.*; +import static org.apache.sentry.core.common.SentryClientConstants.sentryClientSecurityMode.SECURITY_MODE_KERBEROS; +import static org.apache.sentry.core.common.SentryClientConstants.sentryClientSecurityMode.SECURITY_MODE_NONE; + +import java.util.Collections; +import java.util.HashMap; +import java.util.Map; + +class SentryPolicyClientTransportConfig implements SentryClientTransportConfigInterface { + + private static final Map<String, String> SASL_PROPERTIES; + + static { + Map<String, String> saslProps = new HashMap<>(); + saslProps.put(Sasl.SERVER_AUTH, "true"); + saslProps.put(Sasl.QOP, "auth-conf"); + SASL_PROPERTIES = Collections.unmodifiableMap(saslProps); + } + + @Override + public SentryClientConstants.sentryClientSecurityMode getSecurityMode(Configuration conf) { + return (conf.get(SECURITY_MODE, KERBEROS_MODE) + .equalsIgnoreCase((KERBEROS_MODE)) ? + SECURITY_MODE_KERBEROS : SECURITY_MODE_NONE); + } + + @Override + public int getClientRetryTotal(Configuration conf) { + return conf.getInt(SENTRY_RPC_RETRY_TOTAL, SENTRY_RPC_RETRY_TOTAL_DEFAULT); + } + + @Override + public int getClientFullRetryTotal(Configuration conf) { + return conf.getInt(SENTRY_FULL_RETRY_TOTAL, SENTRY_FULL_RETRY_TOTAL_DEFAULT); + } + + @Override + public boolean useUgiTransport(Configuration conf) { + return "true".equalsIgnoreCase(conf.get(SECURITY_USE_UGI_TRANSPORT, "false")); + } + + @Override + public String getPrincipal(Configuration conf) { + return conf.get(PRINCIPAL); + } + + @Override + public String getServerRpcAddress(Configuration conf) { + return conf.get(SERVER_RPC_ADDRESS); + } + + @Override + public int getServerRpcPort(Configuration conf) { + return conf.getInt(SERVER_RPC_PORT, RPC_PORT_DEFAULT); + } + + @Override + public int getServerRpcConnTimeout(Configuration conf) { + return conf.getInt(SERVER_RPC_CONN_TIMEOUT, SERVER_RPC_CONN_TIMEOUT_DEFAULT); + } + + @Override + public Map<String, String> getSaslProperties() { + return SASL_PROPERTIES; + } +}
