SENTRY-893: Synchronize calls in SentryClient and create sentry client once per request in SimpleDBProvider ( Sravya Tirukkovalur, Reviewed by: Lenni Kuff)
Project: http://git-wip-us.apache.org/repos/asf/incubator-sentry/repo Commit: http://git-wip-us.apache.org/repos/asf/incubator-sentry/commit/f1724f15 Tree: http://git-wip-us.apache.org/repos/asf/incubator-sentry/tree/f1724f15 Diff: http://git-wip-us.apache.org/repos/asf/incubator-sentry/diff/f1724f15 Branch: refs/heads/hive_plugin_v2 Commit: f1724f156dd22b30887ae09d783bcea777bf4ce1 Parents: 45b28a7 Author: Sravya Tirukkovalur <sra...@cloudera.com> Authored: Thu Sep 24 14:47:12 2015 -0500 Committer: Sun Dapeng <s...@apache.org> Committed: Mon Nov 2 16:36:36 2015 +0800 ---------------------------------------------------------------------- .../metastore/SentryMetaStoreFilterHook.java | 2 +- .../provider/db/SimpleDBProviderBackend.java | 77 ++++++------------ .../SentryPolicyServiceClientDefaultImpl.java | 83 +++++++++++--------- .../tests/e2e/dbprovider/TestDbConnections.java | 8 +- 4 files changed, 75 insertions(+), 95 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/f1724f15/sentry-binding/sentry-binding-hive/src/main/java/org/apache/sentry/binding/metastore/SentryMetaStoreFilterHook.java ---------------------------------------------------------------------- diff --git a/sentry-binding/sentry-binding-hive/src/main/java/org/apache/sentry/binding/metastore/SentryMetaStoreFilterHook.java b/sentry-binding/sentry-binding-hive/src/main/java/org/apache/sentry/binding/metastore/SentryMetaStoreFilterHook.java index 2ae4fbd..e8f21e5 100644 --- a/sentry-binding/sentry-binding-hive/src/main/java/org/apache/sentry/binding/metastore/SentryMetaStoreFilterHook.java +++ b/sentry-binding/sentry-binding-hive/src/main/java/org/apache/sentry/binding/metastore/SentryMetaStoreFilterHook.java @@ -141,7 +141,7 @@ public class SentryMetaStoreFilterHook implements MetaStoreFilterHook { /** * Invoke Hive table filtering that removes the entries which use has no * privileges to access - * @param dbList + * @param tabList * @return * @throws MetaException */ http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/f1724f15/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/SimpleDBProviderBackend.java ---------------------------------------------------------------------- diff --git a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/SimpleDBProviderBackend.java b/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/SimpleDBProviderBackend.java index ea8eb79..191e099 100644 --- a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/SimpleDBProviderBackend.java +++ b/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/SimpleDBProviderBackend.java @@ -16,11 +16,9 @@ */ package org.apache.sentry.provider.db; -import java.io.IOException; import java.util.Set; import org.apache.hadoop.conf.Configuration; -import org.apache.sentry.SentryUserException; import org.apache.sentry.core.common.ActiveRoleSet; import org.apache.sentry.core.common.Authorizable; import org.apache.sentry.core.common.SentryConfigurationException; @@ -31,7 +29,6 @@ import org.apache.sentry.service.thrift.SentryServiceClientFactory; import org.slf4j.Logger; import org.slf4j.LoggerFactory; -import com.google.common.annotations.VisibleForTesting; import com.google.common.collect.ImmutableSet; public class SimpleDBProviderBackend implements ProviderBackend { @@ -39,10 +36,7 @@ public class SimpleDBProviderBackend implements ProviderBackend { private static final Logger LOGGER = LoggerFactory .getLogger(SimpleDBProviderBackend.class); - private SentryPolicyServiceClient policyServiceClient; - - private volatile boolean initialized; - private Configuration conf; + private Configuration conf; public SimpleDBProviderBackend(Configuration conf, String resourcePath) throws Exception { // DB Provider doesn't use policy file path @@ -50,26 +44,14 @@ public class SimpleDBProviderBackend implements ProviderBackend { } public SimpleDBProviderBackend(Configuration conf) throws Exception { - this(SentryServiceClientFactory.create(conf)); - this.initialized = false; this.conf = conf; } - - @VisibleForTesting - public SimpleDBProviderBackend(SentryPolicyServiceClient policyServiceClient) throws IOException { - this.initialized = false; - this.policyServiceClient = policyServiceClient; - } - /** * {@inheritDoc} */ @Override public void initialize(ProviderBackendContext context) { - if (initialized) { - throw new IllegalStateException("Backend has already been initialized, cannot be initialized twice"); - } - this.initialized = true; + //Noop } /** @@ -81,22 +63,26 @@ public class SimpleDBProviderBackend implements ProviderBackend { } private ImmutableSet<String> getPrivileges(int retryCount, Set<String> groups, ActiveRoleSet roleSet, Authorizable... authorizableHierarchy) { - if (!initialized) { - throw new IllegalStateException("Backend has not been properly initialized"); - } + SentryPolicyServiceClient policyServiceClient = null; try { - return ImmutableSet.copyOf(getSentryClient().listPrivilegesForProvider(groups, roleSet, authorizableHierarchy)); + policyServiceClient = SentryServiceClientFactory.create(conf); } catch (Exception e) { - policyServiceClient = null; - if (retryCount > 0) { - return getPrivileges(retryCount - 1, groups, roleSet, authorizableHierarchy); - } else { - String msg = "Unable to obtain privileges from server: " + e.getMessage(); - LOGGER.error(msg, e); - try { + LOGGER.error("Error connecting to Sentry ['{}'] !!", + e.getMessage()); + } + if(policyServiceClient!= null) { + try { + return ImmutableSet.copyOf(policyServiceClient.listPrivilegesForProvider(groups, roleSet, authorizableHierarchy)); + } catch (Exception e) { + if (retryCount > 0) { + return getPrivileges(retryCount - 1, groups, roleSet, authorizableHierarchy); + } else { + String msg = "Unable to obtain privileges from server: " + e.getMessage(); + LOGGER.error(msg, e); + } + } finally { + if(policyServiceClient != null) { policyServiceClient.close(); - } catch (Exception ex2) { - // Ignore } } } @@ -113,32 +99,15 @@ public class SimpleDBProviderBackend implements ProviderBackend { @Override public void close() { - if (policyServiceClient != null) { - policyServiceClient.close(); - } - } - - private SentryPolicyServiceClient getSentryClient() { - if (policyServiceClient == null) { - try { - policyServiceClient = SentryServiceClientFactory.create(conf); - } catch (Exception e) { - LOGGER.error("Error connecting to Sentry ['{}'] !!", - e.getMessage()); - policyServiceClient = null; - return null; - } - } - return policyServiceClient; + //Noop } + /** * SimpleDBProviderBackend does not implement validatePolicy() */ @Override public void validatePolicy(boolean strictValidation) throws SentryConfigurationException { - if (!initialized) { - throw new IllegalStateException("Backend has not been properly initialized"); - } - // db provider does not implement validation + //Noop } } + http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/f1724f15/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/thrift/SentryPolicyServiceClientDefaultImpl.java ---------------------------------------------------------------------- diff --git a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/thrift/SentryPolicyServiceClientDefaultImpl.java b/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/thrift/SentryPolicyServiceClientDefaultImpl.java index fe2fef7..ae0eec2 100644 --- a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/thrift/SentryPolicyServiceClientDefaultImpl.java +++ b/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/thrift/SentryPolicyServiceClientDefaultImpl.java @@ -64,6 +64,11 @@ import com.google.common.collect.Lists; import com.google.common.collect.Maps; import com.google.common.collect.Sets; +/* + A Sentry Client in which all the operations are synchronized for thread safety + Note: When using this client, if there is an exception in RPC, socket can get into an inconsistent state. + So it is important to recreate the client, which uses a new socket. + */ public class SentryPolicyServiceClientDefaultImpl implements SentryPolicyServiceClient { private final Configuration conf; @@ -97,7 +102,7 @@ public class SentryPolicyServiceClientDefaultImpl implements SentryPolicyService // open the SASL transport with using the current UserGroupInformation // This is needed to get the current login context stored @Override - public void open() throws TTransportException { + public synchronized void open() throws TTransportException { if (ugi == null) { baseOpen(); } else { @@ -183,19 +188,19 @@ public class SentryPolicyServiceClientDefaultImpl implements SentryPolicyService } } - public void dropRole(String requestorUserName, + public synchronized void dropRole(String requestorUserName, String roleName) throws SentryUserException { dropRole(requestorUserName, roleName, false); } - public void dropRoleIfExists(String requestorUserName, + public synchronized void dropRoleIfExists(String requestorUserName, String roleName) throws SentryUserException { dropRole(requestorUserName, roleName, true); } - private void dropRole(String requestorUserName, + private synchronized void dropRole(String requestorUserName, String roleName, boolean ifExists) throws SentryUserException { TDropSentryRoleRequest request = new TDropSentryRoleRequest(); @@ -239,7 +244,7 @@ public class SentryPolicyServiceClientDefaultImpl implements SentryPolicyService } } - public Set<TSentryPrivilege> listAllPrivilegesByRoleName(String requestorUserName, String roleName) + public synchronized Set<TSentryPrivilege> listAllPrivilegesByRoleName(String requestorUserName, String roleName) throws SentryUserException { return listPrivilegesByRoleName(requestorUserName, roleName, null); } @@ -252,7 +257,7 @@ public class SentryPolicyServiceClientDefaultImpl implements SentryPolicyService * @return Set of thrift sentry privilege objects * @throws SentryUserException */ - public Set<TSentryPrivilege> listPrivilegesByRoleName(String requestorUserName, + public synchronized Set<TSentryPrivilege> listPrivilegesByRoleName(String requestorUserName, String roleName, List<? extends Authorizable> authorizable) throws SentryUserException { TListSentryPrivilegesRequest request = new TListSentryPrivilegesRequest(); @@ -273,31 +278,31 @@ public class SentryPolicyServiceClientDefaultImpl implements SentryPolicyService } } - public Set<TSentryRole> listRoles(String requestorUserName) + public synchronized Set<TSentryRole> listRoles(String requestorUserName) throws SentryUserException { return listRolesByGroupName(requestorUserName, null); } - public Set<TSentryRole> listUserRoles(String requestorUserName) + public synchronized Set<TSentryRole> listUserRoles(String requestorUserName) throws SentryUserException { return listRolesByGroupName(requestorUserName, AccessConstants.ALL); } - public TSentryPrivilege grantURIPrivilege(String requestorUserName, + public synchronized TSentryPrivilege grantURIPrivilege(String requestorUserName, String roleName, String server, String uri) throws SentryUserException { return grantPrivilege(requestorUserName, roleName, PrivilegeScope.URI, server, uri, null, null, null, AccessConstants.ALL); } - public TSentryPrivilege grantURIPrivilege(String requestorUserName, + public synchronized TSentryPrivilege grantURIPrivilege(String requestorUserName, String roleName, String server, String uri, Boolean grantOption) throws SentryUserException { return grantPrivilege(requestorUserName, roleName, PrivilegeScope.URI, server, uri, null, null, null, AccessConstants.ALL, grantOption); } - public void grantServerPrivilege(String requestorUserName, + public synchronized void grantServerPrivilege(String requestorUserName, String roleName, String server, String action) throws SentryUserException { grantPrivilege(requestorUserName, roleName, @@ -309,34 +314,34 @@ public class SentryPolicyServiceClientDefaultImpl implements SentryPolicyService * Should use grantServerPrivilege(String requestorUserName, * String roleName, String server, String action, Boolean grantOption) */ - public TSentryPrivilege grantServerPrivilege(String requestorUserName, + public synchronized TSentryPrivilege grantServerPrivilege(String requestorUserName, String roleName, String server, Boolean grantOption) throws SentryUserException { return grantServerPrivilege(requestorUserName, roleName, server, AccessConstants.ALL, grantOption); } - public TSentryPrivilege grantServerPrivilege(String requestorUserName, + public synchronized TSentryPrivilege grantServerPrivilege(String requestorUserName, String roleName, String server, String action, Boolean grantOption) throws SentryUserException { return grantPrivilege(requestorUserName, roleName, PrivilegeScope.SERVER, server, null, null, null, null, action, grantOption); } - public TSentryPrivilege grantDatabasePrivilege(String requestorUserName, + public synchronized TSentryPrivilege grantDatabasePrivilege(String requestorUserName, String roleName, String server, String db, String action) throws SentryUserException { return grantPrivilege(requestorUserName, roleName, PrivilegeScope.DATABASE, server, null, db, null, null, action); } - public TSentryPrivilege grantDatabasePrivilege(String requestorUserName, + public synchronized TSentryPrivilege grantDatabasePrivilege(String requestorUserName, String roleName, String server, String db, String action, Boolean grantOption) throws SentryUserException { return grantPrivilege(requestorUserName, roleName, PrivilegeScope.DATABASE, server, null, db, null, null, action, grantOption); } - public TSentryPrivilege grantTablePrivilege(String requestorUserName, + public synchronized TSentryPrivilege grantTablePrivilege(String requestorUserName, String roleName, String server, String db, String table, String action) throws SentryUserException { return grantPrivilege(requestorUserName, roleName, PrivilegeScope.TABLE, server, @@ -344,14 +349,14 @@ public class SentryPolicyServiceClientDefaultImpl implements SentryPolicyService db, table, null, action); } - public TSentryPrivilege grantTablePrivilege(String requestorUserName, + public synchronized TSentryPrivilege grantTablePrivilege(String requestorUserName, String roleName, String server, String db, String table, String action, Boolean grantOption) throws SentryUserException { return grantPrivilege(requestorUserName, roleName, PrivilegeScope.TABLE, server, null, db, table, null, action, grantOption); } - public TSentryPrivilege grantColumnPrivilege(String requestorUserName, + public synchronized TSentryPrivilege grantColumnPrivilege(String requestorUserName, String roleName, String server, String db, String table, String columnName, String action) throws SentryUserException { return grantPrivilege(requestorUserName, roleName, PrivilegeScope.COLUMN, server, @@ -359,14 +364,14 @@ public class SentryPolicyServiceClientDefaultImpl implements SentryPolicyService db, table, columnName, action); } - public TSentryPrivilege grantColumnPrivilege(String requestorUserName, + public synchronized TSentryPrivilege grantColumnPrivilege(String requestorUserName, String roleName, String server, String db, String table, String columnName, String action, Boolean grantOption) throws SentryUserException { return grantPrivilege(requestorUserName, roleName, PrivilegeScope.COLUMN, server, null, db, table, columnName, action, grantOption); } - public Set<TSentryPrivilege> grantColumnsPrivileges(String requestorUserName, + public synchronized Set<TSentryPrivilege> grantColumnsPrivileges(String requestorUserName, String roleName, String server, String db, String table, List<String> columnNames, String action) throws SentryUserException { return grantPrivileges(requestorUserName, roleName, PrivilegeScope.COLUMN, server, @@ -374,7 +379,7 @@ public class SentryPolicyServiceClientDefaultImpl implements SentryPolicyService db, table, columnNames, action); } - public Set<TSentryPrivilege> grantColumnsPrivileges(String requestorUserName, + public synchronized Set<TSentryPrivilege> grantColumnsPrivileges(String requestorUserName, String roleName, String server, String db, String table, List<String> columnNames, String action, Boolean grantOption) throws SentryUserException { return grantPrivileges(requestorUserName, roleName, PrivilegeScope.COLUMN, @@ -469,56 +474,56 @@ public class SentryPolicyServiceClientDefaultImpl implements SentryPolicyService } } - public void revokeURIPrivilege(String requestorUserName, + public synchronized void revokeURIPrivilege(String requestorUserName, String roleName, String server, String uri) throws SentryUserException { revokePrivilege(requestorUserName, roleName, PrivilegeScope.URI, server, uri, null, null, null, AccessConstants.ALL); } - public void revokeURIPrivilege(String requestorUserName, + public synchronized void revokeURIPrivilege(String requestorUserName, String roleName, String server, String uri, Boolean grantOption) throws SentryUserException { revokePrivilege(requestorUserName, roleName, PrivilegeScope.URI, server, uri, null, null, null, AccessConstants.ALL, grantOption); } - public void revokeServerPrivilege(String requestorUserName, + public synchronized void revokeServerPrivilege(String requestorUserName, String roleName, String server, String action) throws SentryUserException { revokePrivilege(requestorUserName, roleName, PrivilegeScope.SERVER, server, null, null, null, null, action); } - public void revokeServerPrivilege(String requestorUserName, + public synchronized void revokeServerPrivilege(String requestorUserName, String roleName, String server, String action, Boolean grantOption) throws SentryUserException { revokePrivilege(requestorUserName, roleName, PrivilegeScope.SERVER, server, null, null, null, null, action, grantOption); } - public void revokeServerPrivilege(String requestorUserName, + public synchronized void revokeServerPrivilege(String requestorUserName, String roleName, String server, boolean grantOption) throws SentryUserException { revokePrivilege(requestorUserName, roleName, PrivilegeScope.SERVER, server, null, null, null, null, AccessConstants.ALL, grantOption); } - public void revokeDatabasePrivilege(String requestorUserName, + public synchronized void revokeDatabasePrivilege(String requestorUserName, String roleName, String server, String db, String action) throws SentryUserException { revokePrivilege(requestorUserName, roleName, PrivilegeScope.DATABASE, server, null, db, null, null, action); } - public void revokeDatabasePrivilege(String requestorUserName, + public synchronized void revokeDatabasePrivilege(String requestorUserName, String roleName, String server, String db, String action, Boolean grantOption) throws SentryUserException { revokePrivilege(requestorUserName, roleName, PrivilegeScope.DATABASE, server, null, db, null, null, action, grantOption); } - public void revokeTablePrivilege(String requestorUserName, + public synchronized void revokeTablePrivilege(String requestorUserName, String roleName, String server, String db, String table, String action) throws SentryUserException { revokePrivilege(requestorUserName, roleName, @@ -526,7 +531,7 @@ public class SentryPolicyServiceClientDefaultImpl implements SentryPolicyService db, table, null, action); } - public void revokeTablePrivilege(String requestorUserName, + public synchronized void revokeTablePrivilege(String requestorUserName, String roleName, String server, String db, String table, String action, Boolean grantOption) throws SentryUserException { revokePrivilege(requestorUserName, roleName, @@ -534,7 +539,7 @@ public class SentryPolicyServiceClientDefaultImpl implements SentryPolicyService db, table, null, action, grantOption); } - public void revokeColumnPrivilege(String requestorUserName, String roleName, + public synchronized void revokeColumnPrivilege(String requestorUserName, String roleName, String server, String db, String table, String columnName, String action) throws SentryUserException { ImmutableList.Builder<String> listBuilder = ImmutableList.builder(); @@ -544,7 +549,7 @@ public class SentryPolicyServiceClientDefaultImpl implements SentryPolicyService db, table, listBuilder.build(), action); } - public void revokeColumnPrivilege(String requestorUserName, String roleName, + public synchronized void revokeColumnPrivilege(String requestorUserName, String roleName, String server, String db, String table, String columnName, String action, Boolean grantOption) throws SentryUserException { ImmutableList.Builder<String> listBuilder = ImmutableList.builder(); @@ -554,7 +559,7 @@ public class SentryPolicyServiceClientDefaultImpl implements SentryPolicyService db, table, listBuilder.build(), action, grantOption); } - public void revokeColumnsPrivilege(String requestorUserName, String roleName, + public synchronized void revokeColumnsPrivilege(String requestorUserName, String roleName, String server, String db, String table, List<String> columns, String action) throws SentryUserException { revokePrivilege(requestorUserName, roleName, @@ -562,7 +567,7 @@ public class SentryPolicyServiceClientDefaultImpl implements SentryPolicyService db, table, columns, action); } - public void revokeColumnsPrivilege(String requestorUserName, String roleName, + public synchronized void revokeColumnsPrivilege(String requestorUserName, String roleName, String server, String db, String table, List<String> columns, String action, Boolean grantOption) throws SentryUserException { revokePrivilege(requestorUserName, roleName, @@ -659,7 +664,7 @@ public class SentryPolicyServiceClientDefaultImpl implements SentryPolicyService return TSentryGrantOption.FALSE; } - public Set<String> listPrivilegesForProvider(Set<String> groups, ActiveRoleSet roleSet, Authorizable... authorizable) + public synchronized Set<String> listPrivilegesForProvider(Set<String> groups, ActiveRoleSet roleSet, Authorizable... authorizable) throws SentryUserException { TSentryActiveRoleSet thriftRoleSet = new TSentryActiveRoleSet(roleSet.isAll(), roleSet.getRoles()); TListSentryPrivilegesForProviderRequest request = @@ -806,7 +811,7 @@ public class SentryPolicyServiceClientDefaultImpl implements SentryPolicyService * @return The value of the propertyName * @throws SentryUserException */ - public String getConfigValue(String propertyName, String defaultValue) + public synchronized String getConfigValue(String propertyName, String defaultValue) throws SentryUserException { TSentryConfigValueRequest request = new TSentryConfigValueRequest( ThriftConstants.TSENTRY_SERVICE_VERSION_CURRENT, propertyName); @@ -822,7 +827,7 @@ public class SentryPolicyServiceClientDefaultImpl implements SentryPolicyService } } - public void close() { + public synchronized void close() { if (transport != null) { transport.close(); } @@ -853,7 +858,7 @@ public class SentryPolicyServiceClientDefaultImpl implements SentryPolicyService * @param requestorUserName * The name of the request user */ - public void importPolicy(Map<String, Map<String, Set<String>>> policyFileMappingData, + public synchronized void importPolicy(Map<String, Map<String, Set<String>>> policyFileMappingData, String requestorUserName, boolean isOverwriteRole) throws SentryUserException { try { @@ -895,7 +900,7 @@ public class SentryPolicyServiceClientDefaultImpl implements SentryPolicyService } // export the sentry mapping data with map structure - public Map<String, Map<String, Set<String>>> exportPolicy(String requestorUserName) + public synchronized Map<String, Map<String, Set<String>>> exportPolicy(String requestorUserName) throws SentryUserException { TSentryExportMappingDataRequest request = new TSentryExportMappingDataRequest( ThriftConstants.TSENTRY_SERVICE_VERSION_CURRENT, requestorUserName); http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/f1724f15/sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/dbprovider/TestDbConnections.java ---------------------------------------------------------------------- diff --git a/sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/dbprovider/TestDbConnections.java b/sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/dbprovider/TestDbConnections.java index 04cdb81..ae790f0 100644 --- a/sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/dbprovider/TestDbConnections.java +++ b/sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/dbprovider/TestDbConnections.java @@ -91,6 +91,11 @@ public class TestDbConnections extends AbstractTestWithStaticConfiguration { assertTrue(preConnectionClientId < getSentrySrv().getTotalClients()); // assertEquals(0, getSentrySrv().getNumActiveClients()); + // client invocation via metastore filter + preConnectionClientId = getSentrySrv().getTotalClients(); + statement.executeQuery("show tables"); + assertTrue(preConnectionClientId < getSentrySrv().getTotalClients()); + preConnectionClientId = getSentrySrv().getTotalClients(); statement.execute("DROP TABLE t1"); assertTrue(preConnectionClientId < getSentrySrv().getTotalClients()); @@ -110,7 +115,8 @@ public class TestDbConnections extends AbstractTestWithStaticConfiguration { // client invocation via metastore filter preConnectionClientId = getSentrySrv().getTotalClients(); statement.executeQuery("show tables"); - assertTrue(preConnectionClientId < getSentrySrv().getTotalClients()); + //There are no tables, so auth check does not happen + assertTrue(preConnectionClientId == getSentrySrv().getTotalClients()); // assertEquals(0, getSentrySrv().getNumActiveClients()); statement.close();
