Repository: sentry Updated Branches: refs/heads/master e0bdf3e65 -> 6e1651fab
SENTRY-1996 - Rename Sqoop SentryAuthorizationHander Project: http://git-wip-us.apache.org/repos/asf/sentry/repo Commit: http://git-wip-us.apache.org/repos/asf/sentry/commit/6e1651fa Tree: http://git-wip-us.apache.org/repos/asf/sentry/tree/6e1651fa Diff: http://git-wip-us.apache.org/repos/asf/sentry/diff/6e1651fa Branch: refs/heads/master Commit: 6e1651fab00bdc9bb5f713d1a04fddecdd7b7d27 Parents: e0bdf3e Author: Colm O hEigeartaigh <[email protected]> Authored: Wed Oct 18 11:32:29 2017 +0100 Committer: Colm O hEigeartaigh <[email protected]> Committed: Wed Oct 18 11:32:29 2017 +0100 ---------------------------------------------------------------------- .../apache/sentry/sqoop/SentrySqoopError.java | 12 +- .../sqoop/authz/SentryAccessController.java | 2 +- .../sqoop/authz/SentryAuthorizationHander.java | 117 ------------------- .../sqoop/authz/SentryAuthorizationHandler.java | 117 +++++++++++++++++++ .../binding/SqoopAuthBindingSingleton.java | 2 +- .../sqoop/TestSentryAuthorizationHander.java | 74 ------------ .../sqoop/TestSentryAuthorizationHandler.java | 74 ++++++++++++ .../tests/e2e/sqoop/TomcatSqoopRunner.java | 2 +- 8 files changed, 200 insertions(+), 200 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/sentry/blob/6e1651fa/sentry-binding/sentry-binding-sqoop/src/main/java/org/apache/sentry/sqoop/SentrySqoopError.java ---------------------------------------------------------------------- diff --git a/sentry-binding/sentry-binding-sqoop/src/main/java/org/apache/sentry/sqoop/SentrySqoopError.java b/sentry-binding/sentry-binding-sqoop/src/main/java/org/apache/sentry/sqoop/SentrySqoopError.java index 41bd6fc..c7a5fcf 100644 --- a/sentry-binding/sentry-binding-sqoop/src/main/java/org/apache/sentry/sqoop/SentrySqoopError.java +++ b/sentry-binding/sentry-binding-sqoop/src/main/java/org/apache/sentry/sqoop/SentrySqoopError.java @@ -18,17 +18,17 @@ package org.apache.sentry.sqoop; public final class SentrySqoopError { public static final String SHOW_GRANT_NOT_SUPPORTED_FOR_PRINCIPAL = - "Sentry does only support show roles on group, not supported on "; + "Sentry only supports show roles on group, not supported on "; public static final String AUTHORIZE_CHECK_NOT_SUPPORT_FOR_PRINCIPAL = - "Sentry does only support authorization check on user principal, not supported on "; + "Sentry only supports authorization check on the user principal, not supported on "; public static final String SHOW_PRIVILEGE_NOT_SUPPORTED_FOR_PRINCIPAL = - "Sentry does only support show privilege on role, not supported on "; + "Sentry only supports show privilege on role, not supported on "; public static final String GRANT_REVOKE_PRIVILEGE_NOT_SUPPORT_FOR_PRINCIPAL = - "Sentry does only support grant/revoke privilege to/from role, not supported on "; + "Sentry only supports grant/revoke privilege to/from role, not supported on "; public static final String GRANT_REVOKE_ROLE_NOT_SUPPORT_FOR_PRINCIPAL = - "Sentry does only support grant/revoke role to/from group, not supported on "; + "Sentry only supports grant/revoke role to/from group, not supported on "; public static final String NOT_IMPLEMENT_YET = - "Sentry does not implement yet "; + "Sentry does not implement "; private SentrySqoopError() { // Make constructor private to avoid instantiation http://git-wip-us.apache.org/repos/asf/sentry/blob/6e1651fa/sentry-binding/sentry-binding-sqoop/src/main/java/org/apache/sentry/sqoop/authz/SentryAccessController.java ---------------------------------------------------------------------- diff --git a/sentry-binding/sentry-binding-sqoop/src/main/java/org/apache/sentry/sqoop/authz/SentryAccessController.java b/sentry-binding/sentry-binding-sqoop/src/main/java/org/apache/sentry/sqoop/authz/SentryAccessController.java index 3d115e8..676b8ea 100644 --- a/sentry-binding/sentry-binding-sqoop/src/main/java/org/apache/sentry/sqoop/authz/SentryAccessController.java +++ b/sentry-binding/sentry-binding-sqoop/src/main/java/org/apache/sentry/sqoop/authz/SentryAccessController.java @@ -42,7 +42,7 @@ public class SentryAccessController extends AuthorizationAccessController { } private Subject getSubject() { - return new Subject(SentryAuthorizationHander.getAuthenticator().getUserName()); + return new Subject(SentryAuthorizationHandler.getAuthenticator().getUserName()); } @Override http://git-wip-us.apache.org/repos/asf/sentry/blob/6e1651fa/sentry-binding/sentry-binding-sqoop/src/main/java/org/apache/sentry/sqoop/authz/SentryAuthorizationHander.java ---------------------------------------------------------------------- diff --git a/sentry-binding/sentry-binding-sqoop/src/main/java/org/apache/sentry/sqoop/authz/SentryAuthorizationHander.java b/sentry-binding/sentry-binding-sqoop/src/main/java/org/apache/sentry/sqoop/authz/SentryAuthorizationHander.java deleted file mode 100644 index 93bf3f3..0000000 --- a/sentry-binding/sentry-binding-sqoop/src/main/java/org/apache/sentry/sqoop/authz/SentryAuthorizationHander.java +++ /dev/null @@ -1,117 +0,0 @@ -/* - * Licensed to the Apache Software Foundation (ASF) under one or more - * contributor license agreements. See the NOTICE file distributed with - * this work for additional information regarding copyright ownership. - * The ASF licenses this file to You under the Apache License, Version 2.0 - * (the "License"); you may not use this file except in compliance with - * the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ -package org.apache.sentry.sqoop.authz; - -import java.util.List; - -import org.apache.sqoop.common.SqoopException; -import org.apache.sqoop.model.MPrincipal; -import org.apache.sqoop.model.MPrivilege; -import org.apache.sqoop.model.MResource; -import org.apache.sqoop.model.MRole; -import org.apache.sqoop.security.AuthenticationProvider; -import org.apache.sqoop.security.authorization.DefaultAuthorizationHandler; - -public class SentryAuthorizationHander extends DefaultAuthorizationHandler { - private static AuthenticationProvider authenticator; - - public static AuthenticationProvider getAuthenticator() { - if (authenticator == null) { - throw new RuntimeException("authenticator can't be null"); - } - return authenticator; - } - @Override - public void doInitialize(AuthenticationProvider authenticationProvider, String serverName) - throws ClassNotFoundException, IllegalAccessException, - InstantiationException { - super.doInitialize(authenticationProvider, serverName); - authenticator = authenticationProvider; - } - - @Override - public void checkPrivileges(MPrincipal principal, List<MPrivilege> privileges) - throws SqoopException { - authorizationValidator.checkPrivileges(principal, privileges); - } - - @Override - public void createRole(MRole role) throws SqoopException { - authorizationAccessController.createRole(role); - } - - @Override - public void dropRole(MRole role) throws SqoopException { - authorizationAccessController.dropRole(role); - } - - @Override - public List<MRole> getAllRoles() throws SqoopException { - return authorizationAccessController.getAllRoles(); - } - - @Override - public List<MPrincipal> getPrincipalsByRole(MRole role) throws SqoopException { - return authorizationAccessController.getPrincipalsByRole(role); - } - - @Override - public List<MPrivilege> getPrivilegesByPrincipal(MPrincipal principal, - MResource resource) throws SqoopException { - return authorizationAccessController.getPrivilegesByPrincipal(principal, resource); - } - - @Override - public List<MRole> getRolesByPrincipal(MPrincipal principal) throws SqoopException { - return authorizationAccessController.getRolesByPrincipal(principal); - } - - @Override - public void grantPrivileges(List<MPrincipal> principals, List<MPrivilege> privileges) - throws SqoopException { - authorizationAccessController.grantPrivileges(principals, privileges); - } - - @Override - public void grantRole(List<MPrincipal> principals, List<MRole> roles) - throws SqoopException { - authorizationAccessController.grantRole(principals, roles); - } - - @Override - public void removeResource(MResource resource) throws SqoopException { - authorizationAccessController.removeResource(resource); - } - - @Override - public void revokePrivileges(List<MPrincipal> principals, List<MPrivilege> privileges) - throws SqoopException { - authorizationAccessController.revokePrivileges(principals, privileges); - } - - @Override - public void revokeRole(List<MPrincipal> principals, List<MRole> roles) - throws SqoopException { - authorizationAccessController.revokeRole(principals, roles); - } - - @Override - public void updateResource(MResource srcResource, MResource dstResource) - throws SqoopException { - authorizationAccessController.updateResource(srcResource, dstResource); - } -} http://git-wip-us.apache.org/repos/asf/sentry/blob/6e1651fa/sentry-binding/sentry-binding-sqoop/src/main/java/org/apache/sentry/sqoop/authz/SentryAuthorizationHandler.java ---------------------------------------------------------------------- diff --git a/sentry-binding/sentry-binding-sqoop/src/main/java/org/apache/sentry/sqoop/authz/SentryAuthorizationHandler.java b/sentry-binding/sentry-binding-sqoop/src/main/java/org/apache/sentry/sqoop/authz/SentryAuthorizationHandler.java new file mode 100644 index 0000000..5582a36 --- /dev/null +++ b/sentry-binding/sentry-binding-sqoop/src/main/java/org/apache/sentry/sqoop/authz/SentryAuthorizationHandler.java @@ -0,0 +1,117 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright ownership. + * The ASF licenses this file to You under the Apache License, Version 2.0 + * (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package org.apache.sentry.sqoop.authz; + +import java.util.List; + +import org.apache.sqoop.common.SqoopException; +import org.apache.sqoop.model.MPrincipal; +import org.apache.sqoop.model.MPrivilege; +import org.apache.sqoop.model.MResource; +import org.apache.sqoop.model.MRole; +import org.apache.sqoop.security.AuthenticationProvider; +import org.apache.sqoop.security.authorization.DefaultAuthorizationHandler; + +public class SentryAuthorizationHandler extends DefaultAuthorizationHandler { + private static AuthenticationProvider authenticator; + + public static AuthenticationProvider getAuthenticator() { + if (authenticator == null) { + throw new RuntimeException("authenticator can't be null"); + } + return authenticator; + } + @Override + public void doInitialize(AuthenticationProvider authenticationProvider, String serverName) + throws ClassNotFoundException, IllegalAccessException, + InstantiationException { + super.doInitialize(authenticationProvider, serverName); + authenticator = authenticationProvider; + } + + @Override + public void checkPrivileges(MPrincipal principal, List<MPrivilege> privileges) + throws SqoopException { + authorizationValidator.checkPrivileges(principal, privileges); + } + + @Override + public void createRole(MRole role) throws SqoopException { + authorizationAccessController.createRole(role); + } + + @Override + public void dropRole(MRole role) throws SqoopException { + authorizationAccessController.dropRole(role); + } + + @Override + public List<MRole> getAllRoles() throws SqoopException { + return authorizationAccessController.getAllRoles(); + } + + @Override + public List<MPrincipal> getPrincipalsByRole(MRole role) throws SqoopException { + return authorizationAccessController.getPrincipalsByRole(role); + } + + @Override + public List<MPrivilege> getPrivilegesByPrincipal(MPrincipal principal, + MResource resource) throws SqoopException { + return authorizationAccessController.getPrivilegesByPrincipal(principal, resource); + } + + @Override + public List<MRole> getRolesByPrincipal(MPrincipal principal) throws SqoopException { + return authorizationAccessController.getRolesByPrincipal(principal); + } + + @Override + public void grantPrivileges(List<MPrincipal> principals, List<MPrivilege> privileges) + throws SqoopException { + authorizationAccessController.grantPrivileges(principals, privileges); + } + + @Override + public void grantRole(List<MPrincipal> principals, List<MRole> roles) + throws SqoopException { + authorizationAccessController.grantRole(principals, roles); + } + + @Override + public void removeResource(MResource resource) throws SqoopException { + authorizationAccessController.removeResource(resource); + } + + @Override + public void revokePrivileges(List<MPrincipal> principals, List<MPrivilege> privileges) + throws SqoopException { + authorizationAccessController.revokePrivileges(principals, privileges); + } + + @Override + public void revokeRole(List<MPrincipal> principals, List<MRole> roles) + throws SqoopException { + authorizationAccessController.revokeRole(principals, roles); + } + + @Override + public void updateResource(MResource srcResource, MResource dstResource) + throws SqoopException { + authorizationAccessController.updateResource(srcResource, dstResource); + } +} http://git-wip-us.apache.org/repos/asf/sentry/blob/6e1651fa/sentry-binding/sentry-binding-sqoop/src/main/java/org/apache/sentry/sqoop/binding/SqoopAuthBindingSingleton.java ---------------------------------------------------------------------- diff --git a/sentry-binding/sentry-binding-sqoop/src/main/java/org/apache/sentry/sqoop/binding/SqoopAuthBindingSingleton.java b/sentry-binding/sentry-binding-sqoop/src/main/java/org/apache/sentry/sqoop/binding/SqoopAuthBindingSingleton.java index eae85ce..d0a0c99 100644 --- a/sentry-binding/sentry-binding-sqoop/src/main/java/org/apache/sentry/sqoop/binding/SqoopAuthBindingSingleton.java +++ b/sentry-binding/sentry-binding-sqoop/src/main/java/org/apache/sentry/sqoop/binding/SqoopAuthBindingSingleton.java @@ -81,7 +81,7 @@ public final class SqoopAuthBindingSingleton { .getString(SecurityConstants.AUTHENTICATION_TYPE, SecurityConstants.TYPE.SIMPLE.name()); String kerberos = SecurityConstants.TYPE.KERBEROS.name(); if(!isTestingMode && !kerberos.equalsIgnoreCase(authentication)) { - throw new IllegalArgumentException(SecurityConstants.AUTHENTICATION_TYPE + "can't be set simple mode in non-testing mode"); + throw new IllegalArgumentException(SecurityConstants.AUTHENTICATION_TYPE + " can't be set to simple mode in non-testing mode"); } } http://git-wip-us.apache.org/repos/asf/sentry/blob/6e1651fa/sentry-binding/sentry-binding-sqoop/src/test/java/org/apache/sentry/sqoop/TestSentryAuthorizationHander.java ---------------------------------------------------------------------- diff --git a/sentry-binding/sentry-binding-sqoop/src/test/java/org/apache/sentry/sqoop/TestSentryAuthorizationHander.java b/sentry-binding/sentry-binding-sqoop/src/test/java/org/apache/sentry/sqoop/TestSentryAuthorizationHander.java deleted file mode 100644 index 2c6d61c..0000000 --- a/sentry-binding/sentry-binding-sqoop/src/test/java/org/apache/sentry/sqoop/TestSentryAuthorizationHander.java +++ /dev/null @@ -1,74 +0,0 @@ -/* - * Licensed to the Apache Software Foundation (ASF) under one or more - * contributor license agreements. See the NOTICE file distributed with - * this work for additional information regarding copyright ownership. - * The ASF licenses this file to You under the Apache License, Version 2.0 - * (the "License"); you may not use this file except in compliance with - * the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ -package org.apache.sentry.sqoop; - -import static org.junit.Assert.fail; - -import java.io.File; - -import org.apache.commons.io.FileUtils; -import org.apache.sentry.core.common.utils.PolicyFiles; -import org.apache.sentry.sqoop.conf.SqoopAuthConf; -import org.apache.sentry.sqoop.conf.SqoopAuthConf.AuthzConfVars; -import org.apache.sqoop.security.SecurityFactory; -import org.junit.After; -import org.junit.Before; -import org.junit.Test; - -import com.google.common.io.Files; -import com.google.common.io.Resources; - -public class TestSentryAuthorizationHander { - private static final String RESOURCE_PATH = "test-authz-provider.ini"; - private SqoopAuthConf authzConf; - private File baseDir; - - @Before - public void setup() throws Exception { - baseDir = Files.createTempDir(); - PolicyFiles.copyToDir(baseDir, RESOURCE_PATH); - authzConf = new SqoopAuthConf(Resources.getResource("sentry-site.xml")); - authzConf.set(AuthzConfVars.AUTHZ_PROVIDER_RESOURCE.getVar(), new File(baseDir, RESOURCE_PATH).getPath()); - } - - @After - public void teardown() { - if(baseDir != null) { - FileUtils.deleteQuietly(baseDir); - } - } - - /** - * Test that incorrect specification of classes for - * AUTHZ_ACCESS_CONTROLLER and AUTHZ_ACCESS_VALIDATOR - * correctly throw ClassNotFoundExceptions - */ - @Test - public void testClassNotFound() throws Exception { - try { - SecurityFactory.getAuthorizationAccessController("org.apache.sentry.sqoop.authz.BogusSentryAccessController"); - fail("Exception should have been thrown"); - } catch (Exception ex) { - } - - try { - SecurityFactory.getAuthorizationValidator("org.apache.sentry.sqoop.authz.BogusSentryAuthorizationValidator"); - fail("Exception should have been thrown"); - } catch (Exception ex) { - } - } -} http://git-wip-us.apache.org/repos/asf/sentry/blob/6e1651fa/sentry-binding/sentry-binding-sqoop/src/test/java/org/apache/sentry/sqoop/TestSentryAuthorizationHandler.java ---------------------------------------------------------------------- diff --git a/sentry-binding/sentry-binding-sqoop/src/test/java/org/apache/sentry/sqoop/TestSentryAuthorizationHandler.java b/sentry-binding/sentry-binding-sqoop/src/test/java/org/apache/sentry/sqoop/TestSentryAuthorizationHandler.java new file mode 100644 index 0000000..d653b86 --- /dev/null +++ b/sentry-binding/sentry-binding-sqoop/src/test/java/org/apache/sentry/sqoop/TestSentryAuthorizationHandler.java @@ -0,0 +1,74 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright ownership. + * The ASF licenses this file to You under the Apache License, Version 2.0 + * (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package org.apache.sentry.sqoop; + +import static org.junit.Assert.fail; + +import java.io.File; + +import org.apache.commons.io.FileUtils; +import org.apache.sentry.core.common.utils.PolicyFiles; +import org.apache.sentry.sqoop.conf.SqoopAuthConf; +import org.apache.sentry.sqoop.conf.SqoopAuthConf.AuthzConfVars; +import org.apache.sqoop.security.SecurityFactory; +import org.junit.After; +import org.junit.Before; +import org.junit.Test; + +import com.google.common.io.Files; +import com.google.common.io.Resources; + +public class TestSentryAuthorizationHandler { + private static final String RESOURCE_PATH = "test-authz-provider.ini"; + private SqoopAuthConf authzConf; + private File baseDir; + + @Before + public void setup() throws Exception { + baseDir = Files.createTempDir(); + PolicyFiles.copyToDir(baseDir, RESOURCE_PATH); + authzConf = new SqoopAuthConf(Resources.getResource("sentry-site.xml")); + authzConf.set(AuthzConfVars.AUTHZ_PROVIDER_RESOURCE.getVar(), new File(baseDir, RESOURCE_PATH).getPath()); + } + + @After + public void teardown() { + if(baseDir != null) { + FileUtils.deleteQuietly(baseDir); + } + } + + /** + * Test that incorrect specification of classes for + * AUTHZ_ACCESS_CONTROLLER and AUTHZ_ACCESS_VALIDATOR + * correctly throw ClassNotFoundExceptions + */ + @Test + public void testClassNotFound() throws Exception { + try { + SecurityFactory.getAuthorizationAccessController("org.apache.sentry.sqoop.authz.BogusSentryAccessController"); + fail("Exception should have been thrown"); + } catch (Exception ex) { + } + + try { + SecurityFactory.getAuthorizationValidator("org.apache.sentry.sqoop.authz.BogusSentryAuthorizationValidator"); + fail("Exception should have been thrown"); + } catch (Exception ex) { + } + } +} http://git-wip-us.apache.org/repos/asf/sentry/blob/6e1651fa/sentry-tests/sentry-tests-sqoop/src/test/java/org/apache/sentry/tests/e2e/sqoop/TomcatSqoopRunner.java ---------------------------------------------------------------------- diff --git a/sentry-tests/sentry-tests-sqoop/src/test/java/org/apache/sentry/tests/e2e/sqoop/TomcatSqoopRunner.java b/sentry-tests/sentry-tests-sqoop/src/test/java/org/apache/sentry/tests/e2e/sqoop/TomcatSqoopRunner.java index 2687bc5..0f0496b 100644 --- a/sentry-tests/sentry-tests-sqoop/src/test/java/org/apache/sentry/tests/e2e/sqoop/TomcatSqoopRunner.java +++ b/sentry-tests/sentry-tests-sqoop/src/test/java/org/apache/sentry/tests/e2e/sqoop/TomcatSqoopRunner.java @@ -201,7 +201,7 @@ public class TomcatSqoopRunner { private void configureSentryAuthorization(Map<String, String> properties) { properties.put("org.apache.sqoop.security.authorization.handler", - "org.apache.sentry.sqoop.authz.SentryAuthorizationHander"); + "org.apache.sentry.sqoop.authz.SentryAuthorizationHandler"); properties.put("org.apache.sqoop.security.authorization.access_controller", "org.apache.sentry.sqoop.authz.SentryAccessController"); properties.put("org.apache.sqoop.security.authorization.validator",
