Repository: sentry Updated Branches: refs/heads/master 09761c709 -> 436787cb6
SENTRY-1453: Enable passing sentry client cache configs from kafka conf (Ashish Singh, reviewed by Sravya Tirukkovalur) Project: http://git-wip-us.apache.org/repos/asf/sentry/repo Commit: http://git-wip-us.apache.org/repos/asf/sentry/commit/436787cb Tree: http://git-wip-us.apache.org/repos/asf/sentry/tree/436787cb Diff: http://git-wip-us.apache.org/repos/asf/sentry/diff/436787cb Branch: refs/heads/master Commit: 436787cb6745da67f296984230949b07e28f00ca Parents: 09761c7 Author: Sergio Pena <[email protected]> Authored: Wed Oct 18 17:08:35 2017 -0500 Committer: Sergio Pena <[email protected]> Committed: Wed Oct 18 17:08:35 2017 -0500 ---------------------------------------------------------------------- .../sentry/kafka/binding/KafkaAuthBinding.java | 28 +++++++++++++++++--- .../apache/sentry/kafka/conf/KafkaAuthConf.java | 8 +++++- .../sentry/tests/e2e/kafka/KafkaTestServer.java | 7 ++++- .../e2e/kafka/AbstractKafkaSentryTestBase.java | 6 ++--- 4 files changed, 40 insertions(+), 9 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/sentry/blob/436787cb/sentry-binding/sentry-binding-kafka/src/main/java/org/apache/sentry/kafka/binding/KafkaAuthBinding.java ---------------------------------------------------------------------- diff --git a/sentry-binding/sentry-binding-kafka/src/main/java/org/apache/sentry/kafka/binding/KafkaAuthBinding.java b/sentry-binding/sentry-binding-kafka/src/main/java/org/apache/sentry/kafka/binding/KafkaAuthBinding.java index 7a36c5f..660e66f 100644 --- a/sentry-binding/sentry-binding-kafka/src/main/java/org/apache/sentry/kafka/binding/KafkaAuthBinding.java +++ b/sentry-binding/sentry-binding-kafka/src/main/java/org/apache/sentry/kafka/binding/KafkaAuthBinding.java @@ -154,9 +154,31 @@ public class KafkaAuthBinding { " are required configs to be able to initialize Kerberos"); } - // for convenience, set the PrivilegeConverter. - if (authConf.get(ServiceConstants.ClientConfig.PRIVILEGE_CONVERTER) == null) { - authConf.set(ServiceConstants.ClientConfig.PRIVILEGE_CONVERTER, GenericPrivilegeConverter.class.getName()); + // Pass sentry privileges caching settings from kafka conf to sentry's auth conf + final Object enableCachingConfig = kafkaConfigs.get(AuthzConfVars.AUTHZ_CACHING_ENABLE_NAME.getVar()); + if (enableCachingConfig != null) { + String enableCaching = enableCachingConfig.toString(); + if (Boolean.parseBoolean(enableCaching)) { + authConf.set(ServiceConstants.ClientConfig.ENABLE_CACHING, enableCaching); + + final Object cacheTtlMsConfig = kafkaConfigs + .get(AuthzConfVars.AUTHZ_CACHING_TTL_MS_NAME.getVar()); + if (cacheTtlMsConfig != null) { + authConf.set(ServiceConstants.ClientConfig.CACHE_TTL_MS, cacheTtlMsConfig.toString()); + } + + final Object cacheUpdateFailuresCountConfig = kafkaConfigs + .get(AuthzConfVars.AUTHZ_CACHING_UPDATE_FAILURES_COUNT_NAME.getVar()); + if (cacheUpdateFailuresCountConfig != null) { + authConf.set(ServiceConstants.ClientConfig.CACHE_UPDATE_FAILURES_BEFORE_PRIV_REVOKE, + cacheUpdateFailuresCountConfig.toString()); + } + + if (authConf.get(ServiceConstants.ClientConfig.PRIVILEGE_CONVERTER) == null) { + authConf.set(ServiceConstants.ClientConfig.PRIVILEGE_CONVERTER, + GenericPrivilegeConverter.class.getName()); + } + } } // Instantiate the configured providerBackend http://git-wip-us.apache.org/repos/asf/sentry/blob/436787cb/sentry-binding/sentry-binding-kafka/src/main/java/org/apache/sentry/kafka/conf/KafkaAuthConf.java ---------------------------------------------------------------------- diff --git a/sentry-binding/sentry-binding-kafka/src/main/java/org/apache/sentry/kafka/conf/KafkaAuthConf.java b/sentry-binding/sentry-binding-kafka/src/main/java/org/apache/sentry/kafka/conf/KafkaAuthConf.java index 3b1cb9c..6ca6210 100644 --- a/sentry-binding/sentry-binding-kafka/src/main/java/org/apache/sentry/kafka/conf/KafkaAuthConf.java +++ b/sentry-binding/sentry-binding-kafka/src/main/java/org/apache/sentry/kafka/conf/KafkaAuthConf.java @@ -33,6 +33,9 @@ public class KafkaAuthConf extends Configuration { public static final String KAFKA_PRINCIPAL_HOSTNAME = "sentry.kafka.principal.hostname"; public static final String KAFKA_PRINCIPAL_NAME = "sentry.kafka.kerberos.principal"; public static final String KAFKA_KEYTAB_FILE_NAME = "sentry.kafka.keytab.file"; + public static final String SENTRY_KAFKA_CACHING_ENABLE_NAME = "sentry.kafka.caching.enable"; + public static final String SENTRY_KAFKA_CACHING_TTL_MS_NAME = "sentry.kafka.caching.ttl.ms"; + public static final String SENTRY_KAFKA_CACHING_UPDATE_FAILURES_COUNT_NAME = "sentry.kafka.caching.update.failures.count"; /** * Config setting definitions @@ -46,7 +49,10 @@ public class KafkaAuthConf extends Configuration { AUTHZ_SERVICE_USER_NAME(KAFKA_SERVICE_USER_NAME, "kafka"), AUTHZ_PRINCIPAL_HOSTNAME(KAFKA_PRINCIPAL_HOSTNAME, null), AUTHZ_PRINCIPAL_NAME(KAFKA_PRINCIPAL_NAME, null), - AUTHZ_KEYTAB_FILE_NAME(KAFKA_KEYTAB_FILE_NAME, null); + AUTHZ_KEYTAB_FILE_NAME(KAFKA_KEYTAB_FILE_NAME, null), + AUTHZ_CACHING_ENABLE_NAME(SENTRY_KAFKA_CACHING_ENABLE_NAME, "false"), + AUTHZ_CACHING_TTL_MS_NAME(SENTRY_KAFKA_CACHING_TTL_MS_NAME, "30000"), + AUTHZ_CACHING_UPDATE_FAILURES_COUNT_NAME(SENTRY_KAFKA_CACHING_UPDATE_FAILURES_COUNT_NAME, "3"); private final String varName; private final String defaultVal; http://git-wip-us.apache.org/repos/asf/sentry/blob/436787cb/sentry-tests/sentry-tests-kafka/src/main/java/org/apache/sentry/tests/e2e/kafka/KafkaTestServer.java ---------------------------------------------------------------------- diff --git a/sentry-tests/sentry-tests-kafka/src/main/java/org/apache/sentry/tests/e2e/kafka/KafkaTestServer.java b/sentry-tests/sentry-tests-kafka/src/main/java/org/apache/sentry/tests/e2e/kafka/KafkaTestServer.java index e7273ee..faeb369 100644 --- a/sentry-tests/sentry-tests-kafka/src/main/java/org/apache/sentry/tests/e2e/kafka/KafkaTestServer.java +++ b/sentry-tests/sentry-tests-kafka/src/main/java/org/apache/sentry/tests/e2e/kafka/KafkaTestServer.java @@ -18,6 +18,7 @@ package org.apache.sentry.tests.e2e.kafka; import kafka.server.KafkaServerStartable; +import org.apache.sentry.kafka.conf.KafkaAuthConf; import org.apache.curator.test.TestingServer; import org.slf4j.Logger; @@ -32,6 +33,8 @@ import java.nio.file.Path; import java.util.Properties; public class KafkaTestServer { + public static final int CACHE_TTL_MS = 1; + private static final Logger LOGGER = LoggerFactory.getLogger(KafkaTestServer.class); private int kafkaPort = -1; @@ -99,7 +102,9 @@ public class KafkaTestServer { props.put("ssl.truststore.password", "test-ts-passwd"); props.put("security.inter.broker.protocol", "SSL"); props.put("ssl.client.auth", "required"); - props.put("super.users", "User:CN=superuser;User:CN=superuser1; User:CN=Superuser2 "); + props.put(KafkaAuthConf.KAFKA_SUPER_USERS, "User:CN=superuser;User:CN=superuser1; User:CN=Superuser2 "); + props.put(KafkaAuthConf.SENTRY_KAFKA_CACHING_ENABLE_NAME, "true"); + props.put(KafkaAuthConf.SENTRY_KAFKA_CACHING_TTL_MS_NAME, String.valueOf(CACHE_TTL_MS)); } private void createKafkaServer() throws UnknownHostException { http://git-wip-us.apache.org/repos/asf/sentry/blob/436787cb/sentry-tests/sentry-tests-kafka/src/test/java/org/apache/sentry/tests/e2e/kafka/AbstractKafkaSentryTestBase.java ---------------------------------------------------------------------- diff --git a/sentry-tests/sentry-tests-kafka/src/test/java/org/apache/sentry/tests/e2e/kafka/AbstractKafkaSentryTestBase.java b/sentry-tests/sentry-tests-kafka/src/test/java/org/apache/sentry/tests/e2e/kafka/AbstractKafkaSentryTestBase.java index 0aa6fd3..100d885 100644 --- a/sentry-tests/sentry-tests-kafka/src/test/java/org/apache/sentry/tests/e2e/kafka/AbstractKafkaSentryTestBase.java +++ b/sentry-tests/sentry-tests-kafka/src/test/java/org/apache/sentry/tests/e2e/kafka/AbstractKafkaSentryTestBase.java @@ -74,8 +74,8 @@ public class AbstractKafkaSentryTestBase { protected static String bootstrapServers = null; protected static KafkaTestServer kafkaServer = null; - - private static final long CACHE_TTL_MS = 1; + + private static final int CACHE_TTL_MS = 1; private static final int SAFETY_FACTOR = 2; // Sleep for specified times of expected time for an operation to complete. @BeforeClass @@ -216,8 +216,6 @@ public class AbstractKafkaSentryTestBase { conf.set(KafkaAuthConf.AuthzConfVars.AUTHZ_PROVIDER_BACKEND.getVar(), SentryGenericProviderBackend.class.getName()); conf.set(KafkaAuthConf.AuthzConfVars.AUTHZ_PROVIDER_RESOURCE.getVar(), policyFilePath.getPath()); - conf.setBoolean(ClientConfig.ENABLE_CACHING, true); - conf.setLong(ClientConfig.CACHE_TTL_MS, CACHE_TTL_MS); return conf; }
