Repository: sentry Updated Branches: refs/heads/sentry-ha-redesign 5b7cccccf -> bcb7ffeb0
SENTRY-1846 - Use a consistent configuration variable for the sentry provider property - Reviewed by Sergio Pena, Brian Towles, Na Li. Project: http://git-wip-us.apache.org/repos/asf/sentry/repo Commit: http://git-wip-us.apache.org/repos/asf/sentry/commit/bcb7ffeb Tree: http://git-wip-us.apache.org/repos/asf/sentry/tree/bcb7ffeb Diff: http://git-wip-us.apache.org/repos/asf/sentry/diff/bcb7ffeb Branch: refs/heads/sentry-ha-redesign Commit: bcb7ffeb00b24f0e5fbfefb7d167f17278dc39a9 Parents: 5b7cccc Author: Colm O hEigeartaigh <[email protected]> Authored: Wed Jul 19 13:54:22 2017 +0100 Committer: Colm O hEigeartaigh <[email protected]> Committed: Wed Jul 19 15:10:46 2017 +0100 ---------------------------------------------------------------------- conf/sentry-site.xml.hive-client.template | 2 +- conf/sentry-site.xml.solr-client.example | 2 +- .../sentry/binding/hive/conf/HiveAuthzConf.java | 41 +++++++++++++------- .../DefaultSentryAccessController.java | 2 +- .../sentry/binding/solr/conf/SolrAuthzConf.java | 29 ++++++++++++-- 5 files changed, 56 insertions(+), 20 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/sentry/blob/bcb7ffeb/conf/sentry-site.xml.hive-client.template ---------------------------------------------------------------------- diff --git a/conf/sentry-site.xml.hive-client.template b/conf/sentry-site.xml.hive-client.template index 0e8a74e..becff9c 100644 --- a/conf/sentry-site.xml.hive-client.template +++ b/conf/sentry-site.xml.hive-client.template @@ -72,7 +72,7 @@ --> <property> - <name>sentry.provider</name> + <name>sentry.hive.provider</name> <value>org.apache.sentry.provider.file.HadoopGroupResourceAuthorizationProvider</value> <description> Deprecated name: hive.sentry.provider. Group mapping which should be used at client side</description> </property> http://git-wip-us.apache.org/repos/asf/sentry/blob/bcb7ffeb/conf/sentry-site.xml.solr-client.example ---------------------------------------------------------------------- diff --git a/conf/sentry-site.xml.solr-client.example b/conf/sentry-site.xml.solr-client.example index dd39908..d0a367d 100644 --- a/conf/sentry-site.xml.solr-client.example +++ b/conf/sentry-site.xml.solr-client.example @@ -19,7 +19,7 @@ <configuration> <property> - <name>sentry.provider</name> + <name>sentry.solr.provider</name> <value>org.apache.sentry.provider.file.LocalGroupResourceAuthorizationProvider</value> </property> <property> http://git-wip-us.apache.org/repos/asf/sentry/blob/bcb7ffeb/sentry-binding/sentry-binding-hive-conf/src/main/java/org/apache/sentry/binding/hive/conf/HiveAuthzConf.java ---------------------------------------------------------------------- diff --git a/sentry-binding/sentry-binding-hive-conf/src/main/java/org/apache/sentry/binding/hive/conf/HiveAuthzConf.java b/sentry-binding/sentry-binding-hive-conf/src/main/java/org/apache/sentry/binding/hive/conf/HiveAuthzConf.java index 4de755f..fe5e352 100644 --- a/sentry-binding/sentry-binding-hive-conf/src/main/java/org/apache/sentry/binding/hive/conf/HiveAuthzConf.java +++ b/sentry-binding/sentry-binding-hive-conf/src/main/java/org/apache/sentry/binding/hive/conf/HiveAuthzConf.java @@ -88,7 +88,7 @@ public class HiveAuthzConf extends Configuration { * Config setting definitions */ public static enum AuthzConfVars { - AUTHZ_PROVIDER("sentry.provider", + AUTHZ_PROVIDER("sentry.hive.provider", "org.apache.sentry.provider.common.HadoopGroupResourceAuthorizationProvider"), AUTHZ_PROVIDER_RESOURCE("sentry.hive.provider.resource", ""), AUTHZ_PROVIDER_BACKEND("sentry.hive.provider.backend", "org.apache.sentry.provider.file.SimpleFileProviderBackend"), @@ -108,6 +108,8 @@ public class HiveAuthzConf extends Configuration { AUTHZ_PROVIDER_DEPRECATED("hive.sentry.provider", "org.apache.sentry.provider.file.ResourceAuthorizationProvider"), + AUTHZ_PROVIDER_DEPRECATED2("sentry.provider", + "org.apache.sentry.provider.common.HadoopGroupResourceAuthorizationProvider"), AUTHZ_PROVIDER_RESOURCE_DEPRECATED("hive.sentry.provider.resource", ""), AUTHZ_SERVER_NAME_DEPRECATED("hive.sentry.server", ""), AUTHZ_RESTRICT_DEFAULT_DB_DEPRECATED("hive.sentry.restrict.defaultDB", "false"), @@ -146,16 +148,22 @@ public class HiveAuthzConf extends Configuration { // as long as the new property names aren't also provided. Since the binding code // only calls the new property names, we require a map from current names to deprecated // names in order to check if the deprecated name of a property was set. - private static final Map<String, AuthzConfVars> currentToDeprecatedProps = - new HashMap<String, AuthzConfVars>(); + private static final Map<String, List<AuthzConfVars>> currentToDeprecatedProps = new HashMap<>(); static { - currentToDeprecatedProps.put(AuthzConfVars.AUTHZ_PROVIDER.getVar(), AuthzConfVars.AUTHZ_PROVIDER_DEPRECATED); - currentToDeprecatedProps.put(AuthzConfVars.AUTHZ_PROVIDER_RESOURCE.getVar(), AuthzConfVars.AUTHZ_PROVIDER_RESOURCE_DEPRECATED); - currentToDeprecatedProps.put(AuthzConfVars.AUTHZ_SERVER_NAME.getVar(), AuthzConfVars.AUTHZ_SERVER_NAME_DEPRECATED); - currentToDeprecatedProps.put(AuthzConfVars.AUTHZ_RESTRICT_DEFAULT_DB.getVar(), AuthzConfVars.AUTHZ_RESTRICT_DEFAULT_DB_DEPRECATED); - currentToDeprecatedProps.put(AuthzConfVars.SENTRY_TESTING_MODE.getVar(), AuthzConfVars.SENTRY_TESTING_MODE_DEPRECATED); - currentToDeprecatedProps.put(AuthzConfVars.AUTHZ_ALLOW_HIVE_IMPERSONATION.getVar(), AuthzConfVars.AUTHZ_ALLOW_HIVE_IMPERSONATION_DEPRECATED); - currentToDeprecatedProps.put(AuthzConfVars.AUTHZ_ONFAILURE_HOOKS.getVar(), AuthzConfVars.AUTHZ_ONFAILURE_HOOKS_DEPRECATED); + currentToDeprecatedProps.put(AuthzConfVars.AUTHZ_PROVIDER.getVar(), + Arrays.asList(AuthzConfVars.AUTHZ_PROVIDER_DEPRECATED, AuthzConfVars.AUTHZ_PROVIDER_DEPRECATED2)); + currentToDeprecatedProps.put(AuthzConfVars.AUTHZ_PROVIDER_RESOURCE.getVar(), + Collections.singletonList(AuthzConfVars.AUTHZ_PROVIDER_RESOURCE_DEPRECATED)); + currentToDeprecatedProps.put(AuthzConfVars.AUTHZ_SERVER_NAME.getVar(), + Collections.singletonList(AuthzConfVars.AUTHZ_SERVER_NAME_DEPRECATED)); + currentToDeprecatedProps.put(AuthzConfVars.AUTHZ_RESTRICT_DEFAULT_DB.getVar(), + Collections.singletonList(AuthzConfVars.AUTHZ_RESTRICT_DEFAULT_DB_DEPRECATED)); + currentToDeprecatedProps.put(AuthzConfVars.SENTRY_TESTING_MODE.getVar(), + Collections.singletonList(AuthzConfVars.SENTRY_TESTING_MODE_DEPRECATED)); + currentToDeprecatedProps.put(AuthzConfVars.AUTHZ_ALLOW_HIVE_IMPERSONATION.getVar(), + Collections.singletonList(AuthzConfVars.AUTHZ_ALLOW_HIVE_IMPERSONATION_DEPRECATED)); + currentToDeprecatedProps.put(AuthzConfVars.AUTHZ_ONFAILURE_HOOKS.getVar(), + Collections.singletonList(AuthzConfVars.AUTHZ_ONFAILURE_HOOKS_DEPRECATED)); }; private static final Logger LOG = LoggerFactory @@ -168,7 +176,6 @@ public class HiveAuthzConf extends Configuration { LOG.info("DefaultFS: " + super.get("fs.defaultFS")); addResource(hiveAuthzSiteURL); applySystemProperties(); - LOG.info("DefaultFS: " + super.get("fs.defaultFS")); this.hiveAuthzSiteFile = hiveAuthzSiteURL.toString(); } /** @@ -208,14 +215,20 @@ public class HiveAuthzConf extends Configuration { String retVal = super.get(varName); if (retVal == null) { // check if the deprecated value is set here + String deprecatedPropName = null; if (currentToDeprecatedProps.containsKey(varName)) { - retVal = super.get(currentToDeprecatedProps.get(varName).getVar()); + for (AuthzConfVars var : currentToDeprecatedProps.get(varName)) { + retVal = super.get(var.getVar()); + if (retVal != null) { + deprecatedPropName = var.getVar(); + break; + } + } } if (retVal == null) { retVal = AuthzConfVars.getDefault(varName); } else { - LOG.warn("Using the deprecated config setting " + currentToDeprecatedProps.get(varName).getVar() + - " instead of " + varName); + LOG.warn("Using the deprecated config setting " + deprecatedPropName + " instead of " + varName); } } if (retVal == null) { http://git-wip-us.apache.org/repos/asf/sentry/blob/bcb7ffeb/sentry-binding/sentry-binding-hive-v2/src/main/java/org/apache/sentry/binding/hive/v2/authorizer/DefaultSentryAccessController.java ---------------------------------------------------------------------- diff --git a/sentry-binding/sentry-binding-hive-v2/src/main/java/org/apache/sentry/binding/hive/v2/authorizer/DefaultSentryAccessController.java b/sentry-binding/sentry-binding-hive-v2/src/main/java/org/apache/sentry/binding/hive/v2/authorizer/DefaultSentryAccessController.java index 98fba8c..c5a2f42 100644 --- a/sentry-binding/sentry-binding-hive-v2/src/main/java/org/apache/sentry/binding/hive/v2/authorizer/DefaultSentryAccessController.java +++ b/sentry-binding/sentry-binding-hive-v2/src/main/java/org/apache/sentry/binding/hive/v2/authorizer/DefaultSentryAccessController.java @@ -333,7 +333,7 @@ public class DefaultSentryAccessController extends SentryHiveAccessController { // Apply rest of the configuration only to HiveServer2 if (ctx.getClientType() != CLIENT_TYPE.HIVESERVER2 || !hiveConf.getBoolVar(ConfVars.HIVE_AUTHORIZATION_ENABLED)) { - throw new HiveAuthzPluginException("Sentry just support for hiveserver2"); + throw new HiveAuthzPluginException("Sentry only supports hiveserver2"); } } http://git-wip-us.apache.org/repos/asf/sentry/blob/bcb7ffeb/sentry-binding/sentry-binding-solr/src/main/java/org/apache/sentry/binding/solr/conf/SolrAuthzConf.java ---------------------------------------------------------------------- diff --git a/sentry-binding/sentry-binding-solr/src/main/java/org/apache/sentry/binding/solr/conf/SolrAuthzConf.java b/sentry-binding/sentry-binding-solr/src/main/java/org/apache/sentry/binding/solr/conf/SolrAuthzConf.java index b31f4fa..37efa5b 100644 --- a/sentry-binding/sentry-binding-solr/src/main/java/org/apache/sentry/binding/solr/conf/SolrAuthzConf.java +++ b/sentry-binding/sentry-binding-solr/src/main/java/org/apache/sentry/binding/solr/conf/SolrAuthzConf.java @@ -17,6 +17,8 @@ package org.apache.sentry.binding.solr.conf; import java.net.URL; +import java.util.HashMap; +import java.util.Map; import org.apache.hadoop.conf.Configuration; import org.slf4j.Logger; @@ -29,11 +31,14 @@ public class SolrAuthzConf extends Configuration { * Config setting definitions */ public static enum AuthzConfVars { - AUTHZ_PROVIDER("sentry.provider", + AUTHZ_PROVIDER("sentry.solr.provider", "org.apache.sentry.provider.common.HadoopGroupResourceAuthorizationProvider"), AUTHZ_PROVIDER_RESOURCE("sentry.solr.provider.resource", ""), AUTHZ_PROVIDER_BACKEND("sentry.solr.provider.backend", "org.apache.sentry.provider.file.SimpleFileProviderBackend"), - AUTHZ_POLICY_ENGINE("sentry.solr.policy.engine", "org.apache.sentry.policy.engine.common.CommonPolicyEngine"); + AUTHZ_POLICY_ENGINE("sentry.solr.policy.engine", "org.apache.sentry.policy.engine.common.CommonPolicyEngine"), + + AUTHZ_PROVIDER_DEPRECATED("sentry.provider", + "org.apache.sentry.provider.common.HadoopGroupResourceAuthorizationProvider"); private final String varName; private final String defaultVal; @@ -61,6 +66,11 @@ public class SolrAuthzConf extends Configuration { } } + private static final Map<String, AuthzConfVars> currentToDeprecatedProps = new HashMap<>(); + static { + currentToDeprecatedProps.put(AuthzConfVars.AUTHZ_PROVIDER.getVar(), AuthzConfVars.AUTHZ_PROVIDER_DEPRECATED); + } + @SuppressWarnings("unused") private static final Logger LOG = LoggerFactory .getLogger(SolrAuthzConf.class); @@ -73,6 +83,19 @@ public class SolrAuthzConf extends Configuration { @Override public String get(String varName) { - return get(varName, AuthzConfVars.getDefault(varName)); + String retVal = super.get(varName); + if (retVal == null) { + // check if the deprecated value is set here + if (currentToDeprecatedProps.containsKey(varName)) { + AuthzConfVars var = currentToDeprecatedProps.get(varName); + retVal = super.get(var.getVar()); + } + if (retVal == null) { + retVal = AuthzConfVars.getDefault(varName); + } else { + LOG.warn("Using the deprecated config setting " + currentToDeprecatedProps.get(varName).getVar() + " instead of " + varName); + } + } + return retVal; } }
