[jira] [Commented] (SENTRY-1757) Avoid using local hive meta store using wrong configuration

[Na Li (JIRA)]

    [ 
https://issues.apache.org/jira/browse/SENTRY-1757?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16004001#comment-16004001
 ] 

Na Li commented on SENTRY-1757:
-------------------------------

in the test, the following happens in the order below
1. in TestHDFSIntegrationBase.startSentry(), sentry server is created and 
started 
2. in TestHDFSIntegrationBase.startHiveAndMetastore(), hive port is found, hive 
configuration is set, and sentry-site.xml and hive-site.xml are saved from 
configuration. The meta store uri is in both sentry-site.xml and hive-site.xml. 
for example 
"<property><name>hive.metastore.uris</name><value>thrift://localhost:43334</value><source>programatically</source></property>"
3. When HMSFollower.run() is called, in HMSFollower.getMetaStoreClient(), 
HiveConf instance is created. In its static block called by constructor, it 
finds location of hive-site.xml ("hiveSiteURL = 
arr$.getResource("hive-site.xml");"). 
If the hive-site.xml at step 2 is present, its configuration is loaded in 
HiveConf.initialize(). And meta data uri is used by HiveMetaStoreClient in 
HMSFollower.getMetaStoreClient(). 
If the hive-site.xml at step 2 is not present yet, the local metastore will be 
loaded. 
        (String msUri =this.getVar(HiveConf.ConfVars.METASTOREURIS);        
         if(HiveConfUtil.isEmbeddedMetaStore(msUri)) {
            setLoadMetastoreConfig(true);
        })


> Avoid using local hive meta store using wrong configuration
> -----------------------------------------------------------
>
>                 Key: SENTRY-1757
>                 URL: https://issues.apache.org/jira/browse/SENTRY-1757
>             Project: Sentry
>          Issue Type: Sub-task
>          Components: Sentry
>    Affects Versions: sentry-ha-redesign
>            Reporter: Na Li
>            Assignee: Na Li
>            Priority: Blocker
>              Labels: security
>         Attachments: SENTRY-1757.001-sentry-ha-redesign.patch
>
>
> When HMSFollower.getMetaStoreClient() checks if it should create 
> HiveMetaStoreClient, it uses the input configuration from SentryService.
> In real cluster deployment, the configuration does not contain value for 
> "hive.metastore.uris", and therefore, HMSFollower never connects to the real 
> meta store. 
> In integration test, the configuration contains value for 
> "hive.metastore.uris". Therefore integration tests pass. 
> We need to check Hive configuration to avoid connecting to local meta store. 
> And remove the value for "hive.metastore.uris" in integration test, so its 
> behavior is the same as real cluster deployment.
> TestHDFSIntegrationBase.startSentry() `properties.put("hive.metastore.uris", 
> "thrift://localhost:" + hmsPort);` is introduced in SENTRY-1429, SENTRY-1454, 
> and SENTRY-1456



--
This message was sent by Atlassian JIRA
(v6.3.15#6346)