SENTRY-1825: Dropping a Hive database/table doesn't cleanup the permissions associated with it (Na Li, reviewed by Alex Kolbasov)
Project: http://git-wip-us.apache.org/repos/asf/sentry/repo Commit: http://git-wip-us.apache.org/repos/asf/sentry/commit/66686420 Tree: http://git-wip-us.apache.org/repos/asf/sentry/tree/66686420 Diff: http://git-wip-us.apache.org/repos/asf/sentry/diff/66686420 Branch: refs/heads/master Commit: 66686420bb6fbca4c8922c4b502266da1e6551c1 Parents: ad7837f Author: Alexander Kolbasov <[email protected]> Authored: Mon Jul 24 21:25:28 2017 +0200 Committer: Alexander Kolbasov <[email protected]> Committed: Mon Jul 24 21:25:28 2017 +0200 ---------------------------------------------------------------------- .../sentry/binding/hive/conf/HiveAuthzConf.java | 5 +- .../sentry/service/thrift/HMSFollower.java | 27 +- .../thrift/HiveSimpleConnectionFactory.java | 2 +- .../service/thrift/NotificationProcessor.java | 5 + .../TestHMSFollowerSentryStoreIntegration.java | 304 +++++++++++++++++++ .../sentry/service/thrift/TestHMSFollower.java | 66 +++- 6 files changed, 395 insertions(+), 14 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/sentry/blob/66686420/sentry-binding/sentry-binding-hive-conf/src/main/java/org/apache/sentry/binding/hive/conf/HiveAuthzConf.java ---------------------------------------------------------------------- diff --git a/sentry-binding/sentry-binding-hive-conf/src/main/java/org/apache/sentry/binding/hive/conf/HiveAuthzConf.java b/sentry-binding/sentry-binding-hive-conf/src/main/java/org/apache/sentry/binding/hive/conf/HiveAuthzConf.java index e1312bf..d651691 100644 --- a/sentry-binding/sentry-binding-hive-conf/src/main/java/org/apache/sentry/binding/hive/conf/HiveAuthzConf.java +++ b/sentry-binding/sentry-binding-hive-conf/src/main/java/org/apache/sentry/binding/hive/conf/HiveAuthzConf.java @@ -87,6 +87,7 @@ public class HiveAuthzConf extends Configuration { "noopstreaming,noopwithmapstreaming,windowingtablefunction,matchpath"; public static final String HIVE_UDF_BLACK_LIST = "reflect,reflect2,java_method"; + public static final String SENTRY_HIVE_SERVER_DEFAULT = ""; /** * Config setting definitions @@ -100,7 +101,7 @@ public class HiveAuthzConf extends Configuration { AUTHZ_POLICY_FILE_FORMATTER( "sentry.hive.policy.file.formatter", "org.apache.sentry.binding.hive.SentryIniPolicyFileFormatter"), - AUTHZ_SERVER_NAME("sentry.hive.server", ""), + AUTHZ_SERVER_NAME("sentry.hive.server", SENTRY_HIVE_SERVER_DEFAULT), AUTHZ_RESTRICT_DEFAULT_DB("sentry.hive.restrict.defaultDB", "false"), SENTRY_TESTING_MODE("sentry.hive.testing.mode", "false"), AUTHZ_ALLOW_HIVE_IMPERSONATION("sentry.hive.allow.hive.impersonation", "false"), @@ -115,7 +116,7 @@ public class HiveAuthzConf extends Configuration { AUTHZ_PROVIDER_DEPRECATED2("sentry.provider", "org.apache.sentry.provider.common.HadoopGroupResourceAuthorizationProvider"), AUTHZ_PROVIDER_RESOURCE_DEPRECATED("hive.sentry.provider.resource", ""), - AUTHZ_SERVER_NAME_DEPRECATED("hive.sentry.server", ""), + AUTHZ_SERVER_NAME_DEPRECATED("hive.sentry.server", SENTRY_HIVE_SERVER_DEFAULT), AUTHZ_RESTRICT_DEFAULT_DB_DEPRECATED("hive.sentry.restrict.defaultDB", "false"), SENTRY_TESTING_MODE_DEPRECATED("hive.sentry.testing.mode", "false"), AUTHZ_ALLOW_HIVE_IMPERSONATION_DEPRECATED("hive.sentry.allow.hive.impersonation", "false"), http://git-wip-us.apache.org/repos/asf/sentry/blob/66686420/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/service/thrift/HMSFollower.java ---------------------------------------------------------------------- diff --git a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/service/thrift/HMSFollower.java b/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/service/thrift/HMSFollower.java index 547a61f..9e8e0e7 100644 --- a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/service/thrift/HMSFollower.java +++ b/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/service/thrift/HMSFollower.java @@ -18,17 +18,16 @@ package org.apache.sentry.service.thrift; -import com.google.common.annotations.VisibleForTesting; +import com.google.common.annotations.VisibleForTesting; import java.net.SocketException; - import java.util.Collection; import java.util.List; import javax.jdo.JDODataStoreException; import org.apache.hadoop.conf.Configuration; -import org.apache.hadoop.hive.conf.HiveConf; import org.apache.hadoop.hive.metastore.api.NotificationEvent; -import org.apache.sentry.binding.hive.conf.HiveAuthzConf; +import static org.apache.sentry.binding.hive.conf.HiveAuthzConf.AuthzConfVars.AUTHZ_SERVER_NAME; +import static org.apache.sentry.binding.hive.conf.HiveAuthzConf.AuthzConfVars.AUTHZ_SERVER_NAME_DEPRECATED; import org.apache.sentry.provider.db.service.persistent.PathsImage; import org.apache.sentry.provider.db.service.persistent.SentryStore; import org.apache.thrift.TException; @@ -73,16 +72,18 @@ public class HMSFollower implements Runnable, AutoCloseable { * @param leaderMonitor * @param authServerName Server that sentry is Authorizing */ - HMSFollower(Configuration conf, SentryStore store, LeaderStatusMonitor leaderMonitor, + public HMSFollower(Configuration conf, SentryStore store, LeaderStatusMonitor leaderMonitor, HiveSimpleConnectionFactory hiveConnectionFactory, String authServerName) { LOGGER.info("HMSFollower is being initialized"); authzConf = conf; this.leaderMonitor = leaderMonitor; sentryStore = store; - if (authServerName == null) { - HiveConf hiveConf = new HiveConf(); - authServerName = hiveConf.get(HiveAuthzConf.AuthzConfVars.AUTHZ_SERVER_NAME.getVar()); - } + + if (authServerName == null) { + authServerName = conf.get(AUTHZ_SERVER_NAME.getVar(), + conf.get(AUTHZ_SERVER_NAME_DEPRECATED.getVar(), AUTHZ_SERVER_NAME_DEPRECATED.getDefault())); + } + notificationProcessor = new NotificationProcessor(sentryStore, authServerName, authzConf); client = new SentryHMSClient(authzConf, hiveConnectionFactory); } @@ -135,6 +136,11 @@ public class HMSFollower implements Runnable, AutoCloseable { return (leaderMonitor == null) || leaderMonitor.isLeader(); } + @VisibleForTesting + String getAuthServerName() { + return notificationProcessor.getAuthServerName(); + } + /** * Processes new Hive Metastore notifications. * @@ -301,11 +307,12 @@ public class HMSFollower implements Runnable, AutoCloseable { * @param events list of event to be processed * @throws Exception if the complete notification list is not processed because of JDO Exception */ - void processNotifications(Collection<NotificationEvent> events) throws Exception { + public void processNotifications(Collection<NotificationEvent> events) throws Exception { boolean isNotificationProcessed; if (events.isEmpty()) { return; } + for (NotificationEvent event : events) { isNotificationProcessed = false; try { http://git-wip-us.apache.org/repos/asf/sentry/blob/66686420/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/service/thrift/HiveSimpleConnectionFactory.java ---------------------------------------------------------------------- diff --git a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/service/thrift/HiveSimpleConnectionFactory.java b/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/service/thrift/HiveSimpleConnectionFactory.java index 3d67401..77634cf 100644 --- a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/service/thrift/HiveSimpleConnectionFactory.java +++ b/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/service/thrift/HiveSimpleConnectionFactory.java @@ -56,7 +56,7 @@ public final class HiveSimpleConnectionFactory implements HiveConnectionFactory private final boolean insecure; private SentryKerberosContext kerberosContext = null; - HiveSimpleConnectionFactory(Configuration sentryConf, HiveConf hiveConf) { + public HiveSimpleConnectionFactory(Configuration sentryConf, HiveConf hiveConf) { this.conf = sentryConf; this.hiveConf = hiveConf; insecure = !ServerConfig.SECURITY_MODE_KERBEROS.equalsIgnoreCase( http://git-wip-us.apache.org/repos/asf/sentry/blob/66686420/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/service/thrift/NotificationProcessor.java ---------------------------------------------------------------------- diff --git a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/service/thrift/NotificationProcessor.java b/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/service/thrift/NotificationProcessor.java index 62fde2c..1f34d05 100644 --- a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/service/thrift/NotificationProcessor.java +++ b/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/service/thrift/NotificationProcessor.java @@ -124,6 +124,11 @@ final class NotificationProcessor { return update; } + @VisibleForTesting + String getAuthServerName() { + return authServerName; + } + /** * Constructs permission update to be persisted for rename event that can be persisted from thrift * object. http://git-wip-us.apache.org/repos/asf/sentry/blob/66686420/sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/provider/db/service/persistent/TestHMSFollowerSentryStoreIntegration.java ---------------------------------------------------------------------- diff --git a/sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/provider/db/service/persistent/TestHMSFollowerSentryStoreIntegration.java b/sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/provider/db/service/persistent/TestHMSFollowerSentryStoreIntegration.java new file mode 100644 index 0000000..82f600b --- /dev/null +++ b/sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/provider/db/service/persistent/TestHMSFollowerSentryStoreIntegration.java @@ -0,0 +1,304 @@ +/** + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package org.apache.sentry.provider.db.service.persistent; + +import static org.apache.sentry.binding.hive.conf.HiveAuthzConf.AuthzConfVars.AUTHZ_SERVER_NAME; + +import com.google.common.io.Files; +import java.io.File; +import org.apache.commons.io.FileUtils; +import org.apache.hadoop.conf.Configuration; +import org.apache.hadoop.hive.conf.HiveConf; +import org.apache.hadoop.hive.metastore.api.*; +import org.apache.hadoop.security.alias.CredentialProvider; +import org.apache.hadoop.security.alias.CredentialProviderFactory; +import org.apache.hadoop.security.alias.UserProvider; +import org.apache.hive.hcatalog.messaging.HCatEventMessage; +import org.apache.hive.hcatalog.messaging.HCatEventMessage.EventType; +import org.apache.sentry.binding.metastore.messaging.json.SentryJSONMessageFactory; +import org.apache.sentry.core.common.exception.SentryNoSuchObjectException; +import org.apache.sentry.provider.db.service.thrift.TSentryAuthorizable; + +import org.apache.sentry.provider.db.service.thrift.TSentryPrivilege; +import org.apache.sentry.service.thrift.HiveSimpleConnectionFactory; +import org.apache.sentry.provider.file.PolicyFile; +import org.apache.sentry.service.thrift.HMSFollower; +import org.apache.sentry.service.thrift.ServiceConstants.ServerConfig; +import org.junit.After; +import org.junit.AfterClass; +import org.junit.Assert; +import org.junit.Before; +import org.junit.BeforeClass; +import org.junit.Test; + +import java.util.ArrayList; +import java.util.List; + +/** + * Test integration of HMSFollower with SentryStore + */ +public class TestHMSFollowerSentryStoreIntegration { + + // SentryStore related member + private static File dataDir; + private static SentryStore sentryStore; + private static String[] adminGroups = { "adminGroup1" }; + private static PolicyFile policyFile; + private static File policyFilePath; + private static Configuration conf = null; + private static char[] passwd = new char[] { '1', '2', '3'}; + private static String dbName1 = "db1"; + private static String tableName1 = "table1"; + private static String serverName1 = "server1"; + + // HMSFollower related member + SentryJSONMessageFactory messageFactory = new SentryJSONMessageFactory(); + final static String hiveInstance = serverName1; + + + // SentryStore related + @BeforeClass + public static void setup() throws Exception { + conf = new Configuration(false); + final String ourUrl = UserProvider.SCHEME_NAME + ":///"; + conf.set(CredentialProviderFactory.CREDENTIAL_PROVIDER_PATH, ourUrl); + + // THis should be a UserGroupInformation provider + CredentialProvider provider = CredentialProviderFactory.getProviders(conf).get(0); + + + // The user credentials are stored as a static variable by UserGrouoInformation provider. + // We need to only set the password the first time, an attempt to set it for the second + // time fails with an exception. + if(provider.getCredentialEntry(ServerConfig.SENTRY_STORE_JDBC_PASS) == null) { + provider.createCredentialEntry(ServerConfig.SENTRY_STORE_JDBC_PASS, passwd); + provider.flush(); + } + + dataDir = new File(Files.createTempDir(), "sentry_policy_db"); + conf.set(ServerConfig.SENTRY_VERIFY_SCHEM_VERSION, "false"); + conf.set(ServerConfig.SENTRY_STORE_JDBC_URL, + "jdbc:derby:;databaseName=" + dataDir.getPath() + ";create=true"); + conf.set(ServerConfig.SENTRY_STORE_JDBC_PASS, "dummy"); + conf.setStrings(ServerConfig.ADMIN_GROUPS, adminGroups); + conf.set(ServerConfig.SENTRY_STORE_GROUP_MAPPING, + ServerConfig.SENTRY_STORE_LOCAL_GROUP_MAPPING); + policyFilePath = new File(dataDir, "local_policy_file.ini"); + conf.set(ServerConfig.SENTRY_STORE_GROUP_MAPPING_RESOURCE, + policyFilePath.getPath()); + conf.setInt(ServerConfig.SENTRY_STORE_TRANSACTION_RETRY, 10); + + } + + @Before + public void before() throws Exception { + sentryStore = new SentryStore(conf); + policyFile = new PolicyFile(); + String adminUser = "g1"; + addGroupsToUser(adminUser, adminGroups); + writePolicyFile(); + } + + @After + public void after() { + if (sentryStore != null) { + sentryStore.clearAllTables(); + sentryStore.stop(); + } + } + + @AfterClass + public static void teardown() { + + if (dataDir != null) { + FileUtils.deleteQuietly(dataDir); + } + } + + /** + * Fail test if role already exists + * @param roleName Role name to checl + * @throws Exception + */ + private void checkRoleDoesNotExist(String roleName) throws Exception { + try { + sentryStore.getMSentryRoleByName(roleName); + Assert.fail("Role " + roleName + "already exists"); + } catch (SentryNoSuchObjectException e) { + // Ok + } + } + + /** + * Fail test if role doesn't exist + * @param roleName Role name to checl + * @throws Exception + */ + private void checkRoleExists(String roleName) throws Exception { + Assert.assertEquals(roleName.toLowerCase(), + sentryStore.getMSentryRoleByName(roleName).getRoleName()); + } + + /** + * Create a role with the given name and verify that it is created + * @param roleName + * @throws Exception + */ + private void createRole(String roleName) throws Exception { + checkRoleDoesNotExist(roleName); + sentryStore.createSentryRole(roleName); + checkRoleExists(roleName); + } + + private TSentryAuthorizable toTSentryAuthorizable( + TSentryPrivilege tSentryPrivilege) { + TSentryAuthorizable tSentryAuthorizable = new TSentryAuthorizable(); + tSentryAuthorizable.setServer(tSentryPrivilege.getServerName()); + tSentryAuthorizable.setDb(tSentryPrivilege.getDbName()); + tSentryAuthorizable.setTable(tSentryPrivilege.getTableName()); + tSentryAuthorizable.setUri(tSentryPrivilege.getURI()); + return tSentryAuthorizable; + } + + protected static void addGroupsToUser(String user, String... groupNames) { + policyFile.addGroupsToUser(user, groupNames); + } + + protected static void writePolicyFile() throws Exception { + policyFile.write(policyFilePath); + } + + /** + * Test that SentryStore droppes the permission associated with the table when HMSFollower + * processes the drop table event + * @throws Exception + */ + @Test + public void testDropTableDropRelatedPermission() throws Exception { + String serverName = "server1"; + + // create HMSFollower + Configuration configuration = new Configuration(); + configuration.set(AUTHZ_SERVER_NAME.getVar(), serverName); + HMSFollower hmsFollower = new HMSFollower(configuration, sentryStore, null, + new HiveSimpleConnectionFactory(conf, new HiveConf()), null); + + // configure permission of the table + String roleName1 = "list-privs-r1"; + String grantor = "g1"; + sentryStore.createSentryRole(roleName1); + + TSentryPrivilege privilege_tbl1 = new TSentryPrivilege(); + privilege_tbl1.setPrivilegeScope("TABLE"); + privilege_tbl1.setServerName(serverName); + privilege_tbl1.setDbName(dbName1); + privilege_tbl1.setTableName(tableName1); + privilege_tbl1.setCreateTime(System.currentTimeMillis()); + + TSentryPrivilege privilege1 = new TSentryPrivilege(privilege_tbl1); + privilege1.setAction("SELECT"); + + TSentryPrivilege privilege1_2 = new TSentryPrivilege(privilege_tbl1); + privilege1_2.setAction("INSERT"); + TSentryPrivilege privilege1_3 = new TSentryPrivilege(privilege_tbl1); + privilege1_3.setAction("*"); + + TSentryPrivilege privilege_server = new TSentryPrivilege(); + privilege_server.setPrivilegeScope("SERVER"); + privilege_server.setServerName(serverName1); + privilege_server.setCreateTime(System.currentTimeMillis()); + + sentryStore.alterSentryRoleGrantPrivilege(grantor, roleName1, privilege1); + + sentryStore.alterSentryRoleGrantPrivilege(grantor, roleName1, privilege1_2); + sentryStore.alterSentryRoleGrantPrivilege(grantor, roleName1, privilege_server); + sentryStore.alterSentryRoleGrantPrivilege(grantor, roleName1, privilege1_3); + + // Create notification events to drop the table + StorageDescriptor sd = new StorageDescriptor(); + sd.setLocation("hdfs:///db1.db/table1"); + NotificationEvent notificationEvent = new NotificationEvent(1, 0, HCatEventMessage.EventType.DROP_TABLE.toString(), + messageFactory.buildDropTableMessage(new Table(tableName1, dbName1, null, 0, 0, 0, sd, null, null, null, null, null)).toString()); + List<NotificationEvent> events = new ArrayList<>(); + events.add(notificationEvent); + + hmsFollower.processNotifications(events); + + Assert.assertEquals(1, sentryStore.getAllTSentryPrivilegesByRoleName(roleName1) + .size()); + } + + /** + * Test that SentryStore droppes the permission associated with the database when HMSFollower + * processes the drop database event + * @throws Exception + */ + @Test + public void testDropDatabaseDropRelatedPermission() throws Exception { + String serverName = "server1"; + + // create HMSFollower + Configuration configuration = new Configuration(); + configuration.set(AUTHZ_SERVER_NAME.getVar(), serverName); + HMSFollower hmsFollower = new HMSFollower(configuration, sentryStore, null, + new HiveSimpleConnectionFactory(conf, new HiveConf()), null); + + // configure permission of the database + String roleName1 = "list-privs-r1"; + String grantor = "g1"; + sentryStore.createSentryRole(roleName1); + + TSentryPrivilege privilege_tbl1 = new TSentryPrivilege(); + privilege_tbl1.setPrivilegeScope("DATABASE"); + privilege_tbl1.setServerName(serverName); + privilege_tbl1.setDbName(dbName1); + privilege_tbl1.setTableName(tableName1); + privilege_tbl1.setCreateTime(System.currentTimeMillis()); + + TSentryPrivilege privilege1 = new TSentryPrivilege(privilege_tbl1); + privilege1.setAction("SELECT"); + + TSentryPrivilege privilege1_2 = new TSentryPrivilege(privilege_tbl1); + privilege1_2.setAction("INSERT"); + TSentryPrivilege privilege1_3 = new TSentryPrivilege(privilege_tbl1); + privilege1_3.setAction("*"); + + TSentryPrivilege privilege_server = new TSentryPrivilege(); + privilege_server.setPrivilegeScope("SERVER"); + privilege_server.setServerName(serverName1); + privilege_server.setCreateTime(System.currentTimeMillis()); + + sentryStore.alterSentryRoleGrantPrivilege(grantor, roleName1, privilege1); + + sentryStore.alterSentryRoleGrantPrivilege(grantor, roleName1, privilege1_2); + sentryStore.alterSentryRoleGrantPrivilege(grantor, roleName1, privilege_server); + sentryStore.alterSentryRoleGrantPrivilege(grantor, roleName1, privilege1_3); + + // Create notification events to drop the database + NotificationEvent notificationEvent = new NotificationEvent(1, 0, EventType.DROP_DATABASE.toString(), + messageFactory.buildDropDatabaseMessage(new Database(dbName1, null, "hdfs:///" + dbName1, null)).toString()); + List<NotificationEvent> events = new ArrayList<>(); + events.add(notificationEvent); + + hmsFollower.processNotifications(events); + + Assert.assertEquals(1, sentryStore.getAllTSentryPrivilegesByRoleName(roleName1) + .size()); + } +} http://git-wip-us.apache.org/repos/asf/sentry/blob/66686420/sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/service/thrift/TestHMSFollower.java ---------------------------------------------------------------------- diff --git a/sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/service/thrift/TestHMSFollower.java b/sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/service/thrift/TestHMSFollower.java index fdf52bf..9b31b3c 100644 --- a/sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/service/thrift/TestHMSFollower.java +++ b/sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/service/thrift/TestHMSFollower.java @@ -28,6 +28,7 @@ import java.util.HashMap; import java.util.List; import java.util.Map; import java.util.Set; +import junit.framework.Assert; import org.apache.hadoop.conf.Configuration; import org.apache.hadoop.hive.conf.HiveConf; import org.apache.hadoop.hive.metastore.api.Database; @@ -38,6 +39,8 @@ import org.apache.hadoop.hive.metastore.api.StorageDescriptor; import org.apache.hadoop.hive.metastore.api.Table; import org.apache.hive.hcatalog.messaging.HCatEventMessage; import org.apache.hive.hcatalog.messaging.HCatEventMessage.EventType; +import org.apache.sentry.binding.hive.conf.HiveAuthzConf; +import org.apache.sentry.binding.hive.conf.HiveAuthzConf.AuthzConfVars; import org.apache.sentry.binding.metastore.messaging.json.SentryJSONMessageFactory; import org.apache.sentry.hdfs.Updateable; import org.apache.sentry.provider.db.service.persistent.PathsImage; @@ -190,7 +193,8 @@ public class TestHMSFollower { hmsFollower.setSentryHmsClient(sentryHmsClient); // 1st run should get a full snapshot - Mockito.when(sentryStore.getLastProcessedNotificationID()).thenReturn(SENTRY_PROCESSED_EVENT_ID); + Mockito.when(sentryStore.getLastProcessedNotificationID()) + .thenReturn(SENTRY_PROCESSED_EVENT_ID); Mockito.when(sentryStore.isAuthzPathsMappingEmpty()).thenReturn(false); hmsFollower.run(); Mockito.verify(sentryStore, times(1)).persistFullPathsImage(Mockito.anyMap()); @@ -207,6 +211,66 @@ public class TestHMSFollower { } /** + * Test that HMSFollower uses the input authentication server name when it is not null + */ + @Test + public void testInputConfigurationGetInputAuthServerName() { + Configuration sentryConfiguration = new Configuration(); + HMSFollower hmsFollower = new HMSFollower(sentryConfiguration, sentryStore, null, + hiveConnectionFactory, hiveInstance); + String authServerName = hmsFollower.getAuthServerName(); + + Assert.assertEquals(true, authServerName.equals(hiveInstance)); + } + + /** + * Test that HMSFollower uses the default authentication server name when its constructor input + * value is null and the configuration does not configure AUTHZ_SERVER_NAME nor + * AUTHZ_SERVER_NAME_DEPRECATED + */ + @Test + public void testNoConfigurationGetDefaultAuthServerName() { + Configuration sentryConfiguration = new Configuration(); + HMSFollower hmsFollower = new HMSFollower(sentryConfiguration, sentryStore, null, + hiveConnectionFactory, null); + String authServerName = hmsFollower.getAuthServerName(); + + Assert.assertEquals(true, authServerName.equals(AuthzConfVars.AUTHZ_SERVER_NAME_DEPRECATED.getDefault())); + } + + /** + * Test that HMSFollower uses the configured authentication server name when its constructor input + * value is null and the configuration contains configuration for AUTHZ_SERVER_NAME + */ + @Test + public void testNewNameConfigurationGetAuthServerName() { + String serverName = "newServer"; + Configuration sentryConfiguration = new Configuration(); + sentryConfiguration.set(HiveAuthzConf.AuthzConfVars.AUTHZ_SERVER_NAME.getVar(), serverName); + HMSFollower hmsFollower = new HMSFollower(sentryConfiguration, sentryStore, null, + hiveConnectionFactory, null); + String authServerName = hmsFollower.getAuthServerName(); + + Assert.assertEquals(true, authServerName.equals(serverName)); + } + + /** + * Test that HMSFollower uses the configured deprecated authentication server name when its constructor input + * value is null and the configuration contains configuration for AUTHZ_SERVER_NAME_DEPRECATED + */ + @Test + public void testOldNameConfigurationGetAuthServerName() { + String serverName = "oldServer"; + Configuration sentryConfiguration = new Configuration(); + sentryConfiguration.set(AuthzConfVars.AUTHZ_SERVER_NAME_DEPRECATED.getVar(), serverName); + HMSFollower hmsFollower = new HMSFollower(sentryConfiguration, sentryStore, null, + hiveConnectionFactory, null); + String authServerName = hmsFollower.getAuthServerName(); + + Assert.assertEquals(true, authServerName.equals(serverName)); + } + + /** * Constructs create database event and makes sure that appropriate sentry store API's * are invoke when the event is processed by hms follower. *
