sentry-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From ak...@apache.org
Subject [45/50] [abbrv] sentry git commit: SENTRY-1825: Dropping a Hive database/table doesn't cleanup the permissions associated with it (Na Li, reviewed by Alex Kolbasov)
Date Fri, 28 Jul 2017 17:07:03 GMT
SENTRY-1825: Dropping a Hive database/table doesn't cleanup the permissions associated with
it (Na Li, reviewed by Alex Kolbasov)


Project: http://git-wip-us.apache.org/repos/asf/sentry/repo
Commit: http://git-wip-us.apache.org/repos/asf/sentry/commit/66686420
Tree: http://git-wip-us.apache.org/repos/asf/sentry/tree/66686420
Diff: http://git-wip-us.apache.org/repos/asf/sentry/diff/66686420

Branch: refs/heads/master
Commit: 66686420bb6fbca4c8922c4b502266da1e6551c1
Parents: ad7837f
Author: Alexander Kolbasov <akolb@cloudera.com>
Authored: Mon Jul 24 21:25:28 2017 +0200
Committer: Alexander Kolbasov <akolb@cloudera.com>
Committed: Mon Jul 24 21:25:28 2017 +0200

----------------------------------------------------------------------
 .../sentry/binding/hive/conf/HiveAuthzConf.java |   5 +-
 .../sentry/service/thrift/HMSFollower.java      |  27 +-
 .../thrift/HiveSimpleConnectionFactory.java     |   2 +-
 .../service/thrift/NotificationProcessor.java   |   5 +
 .../TestHMSFollowerSentryStoreIntegration.java  | 304 +++++++++++++++++++
 .../sentry/service/thrift/TestHMSFollower.java  |  66 +++-
 6 files changed, 395 insertions(+), 14 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/sentry/blob/66686420/sentry-binding/sentry-binding-hive-conf/src/main/java/org/apache/sentry/binding/hive/conf/HiveAuthzConf.java
----------------------------------------------------------------------
diff --git a/sentry-binding/sentry-binding-hive-conf/src/main/java/org/apache/sentry/binding/hive/conf/HiveAuthzConf.java
b/sentry-binding/sentry-binding-hive-conf/src/main/java/org/apache/sentry/binding/hive/conf/HiveAuthzConf.java
index e1312bf..d651691 100644
--- a/sentry-binding/sentry-binding-hive-conf/src/main/java/org/apache/sentry/binding/hive/conf/HiveAuthzConf.java
+++ b/sentry-binding/sentry-binding-hive-conf/src/main/java/org/apache/sentry/binding/hive/conf/HiveAuthzConf.java
@@ -87,6 +87,7 @@ public class HiveAuthzConf extends Configuration {
                     "noopstreaming,noopwithmapstreaming,windowingtablefunction,matchpath";
 
     public static final String HIVE_UDF_BLACK_LIST = "reflect,reflect2,java_method";
+    public static final String SENTRY_HIVE_SERVER_DEFAULT = "";
 
     /**
      * Config setting definitions
@@ -100,7 +101,7 @@ public class HiveAuthzConf extends Configuration {
         AUTHZ_POLICY_FILE_FORMATTER(
                 "sentry.hive.policy.file.formatter",
                 "org.apache.sentry.binding.hive.SentryIniPolicyFileFormatter"),
-        AUTHZ_SERVER_NAME("sentry.hive.server", ""),
+        AUTHZ_SERVER_NAME("sentry.hive.server", SENTRY_HIVE_SERVER_DEFAULT),
         AUTHZ_RESTRICT_DEFAULT_DB("sentry.hive.restrict.defaultDB", "false"),
         SENTRY_TESTING_MODE("sentry.hive.testing.mode", "false"),
         AUTHZ_ALLOW_HIVE_IMPERSONATION("sentry.hive.allow.hive.impersonation", "false"),
@@ -115,7 +116,7 @@ public class HiveAuthzConf extends Configuration {
         AUTHZ_PROVIDER_DEPRECATED2("sentry.provider",
                 "org.apache.sentry.provider.common.HadoopGroupResourceAuthorizationProvider"),
         AUTHZ_PROVIDER_RESOURCE_DEPRECATED("hive.sentry.provider.resource", ""),
-        AUTHZ_SERVER_NAME_DEPRECATED("hive.sentry.server", ""),
+        AUTHZ_SERVER_NAME_DEPRECATED("hive.sentry.server", SENTRY_HIVE_SERVER_DEFAULT),
         AUTHZ_RESTRICT_DEFAULT_DB_DEPRECATED("hive.sentry.restrict.defaultDB", "false"),
         SENTRY_TESTING_MODE_DEPRECATED("hive.sentry.testing.mode", "false"),
         AUTHZ_ALLOW_HIVE_IMPERSONATION_DEPRECATED("hive.sentry.allow.hive.impersonation",
"false"),

http://git-wip-us.apache.org/repos/asf/sentry/blob/66686420/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/service/thrift/HMSFollower.java
----------------------------------------------------------------------
diff --git a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/service/thrift/HMSFollower.java
b/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/service/thrift/HMSFollower.java
index 547a61f..9e8e0e7 100644
--- a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/service/thrift/HMSFollower.java
+++ b/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/service/thrift/HMSFollower.java
@@ -18,17 +18,16 @@
 
 package org.apache.sentry.service.thrift;
 
-import com.google.common.annotations.VisibleForTesting;
 
+import com.google.common.annotations.VisibleForTesting;
 import java.net.SocketException;
-
 import java.util.Collection;
 import java.util.List;
 import javax.jdo.JDODataStoreException;
 import org.apache.hadoop.conf.Configuration;
-import org.apache.hadoop.hive.conf.HiveConf;
 import org.apache.hadoop.hive.metastore.api.NotificationEvent;
-import org.apache.sentry.binding.hive.conf.HiveAuthzConf;
+import static org.apache.sentry.binding.hive.conf.HiveAuthzConf.AuthzConfVars.AUTHZ_SERVER_NAME;
+import static org.apache.sentry.binding.hive.conf.HiveAuthzConf.AuthzConfVars.AUTHZ_SERVER_NAME_DEPRECATED;
 import org.apache.sentry.provider.db.service.persistent.PathsImage;
 import org.apache.sentry.provider.db.service.persistent.SentryStore;
 import org.apache.thrift.TException;
@@ -73,16 +72,18 @@ public class HMSFollower implements Runnable, AutoCloseable {
    * @param leaderMonitor
    * @param authServerName Server that sentry is Authorizing
    */
-  HMSFollower(Configuration conf, SentryStore store, LeaderStatusMonitor leaderMonitor,
+  public HMSFollower(Configuration conf, SentryStore store, LeaderStatusMonitor leaderMonitor,
               HiveSimpleConnectionFactory hiveConnectionFactory, String authServerName) {
     LOGGER.info("HMSFollower is being initialized");
     authzConf = conf;
     this.leaderMonitor = leaderMonitor;
     sentryStore = store;
-   if (authServerName == null) {
-     HiveConf hiveConf = new HiveConf();
-     authServerName = hiveConf.get(HiveAuthzConf.AuthzConfVars.AUTHZ_SERVER_NAME.getVar());
-   }
+
+    if (authServerName == null) {
+      authServerName = conf.get(AUTHZ_SERVER_NAME.getVar(),
+        conf.get(AUTHZ_SERVER_NAME_DEPRECATED.getVar(), AUTHZ_SERVER_NAME_DEPRECATED.getDefault()));
+    }
+
     notificationProcessor = new NotificationProcessor(sentryStore, authServerName, authzConf);
     client = new SentryHMSClient(authzConf, hiveConnectionFactory);
   }
@@ -135,6 +136,11 @@ public class HMSFollower implements Runnable, AutoCloseable {
     return (leaderMonitor == null) || leaderMonitor.isLeader();
   }
 
+  @VisibleForTesting
+  String getAuthServerName() {
+    return notificationProcessor.getAuthServerName();
+  }
+
   /**
    * Processes new Hive Metastore notifications.
    *
@@ -301,11 +307,12 @@ public class HMSFollower implements Runnable, AutoCloseable {
    * @param events list of event to be processed
    * @throws Exception if the complete notification list is not processed because of JDO
Exception
    */
-  void processNotifications(Collection<NotificationEvent> events) throws Exception
{
+  public void processNotifications(Collection<NotificationEvent> events) throws Exception
{
     boolean isNotificationProcessed;
     if (events.isEmpty()) {
       return;
     }
+
     for (NotificationEvent event : events) {
       isNotificationProcessed = false;
       try {

http://git-wip-us.apache.org/repos/asf/sentry/blob/66686420/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/service/thrift/HiveSimpleConnectionFactory.java
----------------------------------------------------------------------
diff --git a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/service/thrift/HiveSimpleConnectionFactory.java
b/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/service/thrift/HiveSimpleConnectionFactory.java
index 3d67401..77634cf 100644
--- a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/service/thrift/HiveSimpleConnectionFactory.java
+++ b/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/service/thrift/HiveSimpleConnectionFactory.java
@@ -56,7 +56,7 @@ public final class HiveSimpleConnectionFactory implements HiveConnectionFactory
   private final boolean insecure;
   private SentryKerberosContext kerberosContext = null;
 
-  HiveSimpleConnectionFactory(Configuration sentryConf, HiveConf hiveConf) {
+  public HiveSimpleConnectionFactory(Configuration sentryConf, HiveConf hiveConf) {
     this.conf = sentryConf;
     this.hiveConf = hiveConf;
     insecure = !ServerConfig.SECURITY_MODE_KERBEROS.equalsIgnoreCase(

http://git-wip-us.apache.org/repos/asf/sentry/blob/66686420/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/service/thrift/NotificationProcessor.java
----------------------------------------------------------------------
diff --git a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/service/thrift/NotificationProcessor.java
b/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/service/thrift/NotificationProcessor.java
index 62fde2c..1f34d05 100644
--- a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/service/thrift/NotificationProcessor.java
+++ b/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/service/thrift/NotificationProcessor.java
@@ -124,6 +124,11 @@ final class NotificationProcessor {
     return update;
   }
 
+  @VisibleForTesting
+  String getAuthServerName() {
+    return authServerName;
+  }
+
   /**
    * Constructs permission update to be persisted for rename event that can be persisted
from thrift
    * object.

http://git-wip-us.apache.org/repos/asf/sentry/blob/66686420/sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/provider/db/service/persistent/TestHMSFollowerSentryStoreIntegration.java
----------------------------------------------------------------------
diff --git a/sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/provider/db/service/persistent/TestHMSFollowerSentryStoreIntegration.java
b/sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/provider/db/service/persistent/TestHMSFollowerSentryStoreIntegration.java
new file mode 100644
index 0000000..82f600b
--- /dev/null
+++ b/sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/provider/db/service/persistent/TestHMSFollowerSentryStoreIntegration.java
@@ -0,0 +1,304 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership.  The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License.  You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.sentry.provider.db.service.persistent;
+
+import static org.apache.sentry.binding.hive.conf.HiveAuthzConf.AuthzConfVars.AUTHZ_SERVER_NAME;
+
+import com.google.common.io.Files;
+import java.io.File;
+import org.apache.commons.io.FileUtils;
+import org.apache.hadoop.conf.Configuration;
+import org.apache.hadoop.hive.conf.HiveConf;
+import org.apache.hadoop.hive.metastore.api.*;
+import org.apache.hadoop.security.alias.CredentialProvider;
+import org.apache.hadoop.security.alias.CredentialProviderFactory;
+import org.apache.hadoop.security.alias.UserProvider;
+import org.apache.hive.hcatalog.messaging.HCatEventMessage;
+import org.apache.hive.hcatalog.messaging.HCatEventMessage.EventType;
+import org.apache.sentry.binding.metastore.messaging.json.SentryJSONMessageFactory;
+import org.apache.sentry.core.common.exception.SentryNoSuchObjectException;
+import org.apache.sentry.provider.db.service.thrift.TSentryAuthorizable;
+
+import org.apache.sentry.provider.db.service.thrift.TSentryPrivilege;
+import org.apache.sentry.service.thrift.HiveSimpleConnectionFactory;
+import org.apache.sentry.provider.file.PolicyFile;
+import org.apache.sentry.service.thrift.HMSFollower;
+import org.apache.sentry.service.thrift.ServiceConstants.ServerConfig;
+import org.junit.After;
+import org.junit.AfterClass;
+import org.junit.Assert;
+import org.junit.Before;
+import org.junit.BeforeClass;
+import org.junit.Test;
+
+import java.util.ArrayList;
+import java.util.List;
+
+/**
+ * Test integration of HMSFollower with SentryStore
+ */
+public class TestHMSFollowerSentryStoreIntegration {
+
+  // SentryStore related member
+  private static File dataDir;
+  private static SentryStore sentryStore;
+  private static String[] adminGroups = { "adminGroup1" };
+  private static PolicyFile policyFile;
+  private static File policyFilePath;
+  private static Configuration conf = null;
+  private static char[] passwd = new char[] { '1', '2', '3'};
+  private static String dbName1 = "db1";
+  private static String tableName1 = "table1";
+  private static String serverName1 = "server1";
+
+  // HMSFollower related member
+  SentryJSONMessageFactory messageFactory = new SentryJSONMessageFactory();
+  final static String hiveInstance = serverName1;
+
+
+  // SentryStore related
+  @BeforeClass
+  public static void setup() throws Exception {
+    conf = new Configuration(false);
+    final String ourUrl = UserProvider.SCHEME_NAME + ":///";
+    conf.set(CredentialProviderFactory.CREDENTIAL_PROVIDER_PATH, ourUrl);
+
+    // THis should be a UserGroupInformation provider
+    CredentialProvider provider = CredentialProviderFactory.getProviders(conf).get(0);
+
+
+    // The user credentials are stored as a static variable by UserGrouoInformation provider.
+    // We need to only set the password the first time, an attempt to set it for the second
+    // time fails with an exception.
+    if(provider.getCredentialEntry(ServerConfig.SENTRY_STORE_JDBC_PASS) == null) {
+      provider.createCredentialEntry(ServerConfig.SENTRY_STORE_JDBC_PASS, passwd);
+      provider.flush();
+    }
+
+    dataDir = new File(Files.createTempDir(), "sentry_policy_db");
+    conf.set(ServerConfig.SENTRY_VERIFY_SCHEM_VERSION, "false");
+    conf.set(ServerConfig.SENTRY_STORE_JDBC_URL,
+        "jdbc:derby:;databaseName=" + dataDir.getPath() + ";create=true");
+    conf.set(ServerConfig.SENTRY_STORE_JDBC_PASS, "dummy");
+    conf.setStrings(ServerConfig.ADMIN_GROUPS, adminGroups);
+    conf.set(ServerConfig.SENTRY_STORE_GROUP_MAPPING,
+        ServerConfig.SENTRY_STORE_LOCAL_GROUP_MAPPING);
+    policyFilePath = new File(dataDir, "local_policy_file.ini");
+    conf.set(ServerConfig.SENTRY_STORE_GROUP_MAPPING_RESOURCE,
+        policyFilePath.getPath());
+    conf.setInt(ServerConfig.SENTRY_STORE_TRANSACTION_RETRY, 10);
+
+  }
+
+  @Before
+  public void before() throws Exception {
+    sentryStore = new SentryStore(conf);
+    policyFile = new PolicyFile();
+    String adminUser = "g1";
+    addGroupsToUser(adminUser, adminGroups);
+    writePolicyFile();
+  }
+
+  @After
+  public void after() {
+    if (sentryStore != null) {
+      sentryStore.clearAllTables();
+      sentryStore.stop();
+    }
+  }
+
+  @AfterClass
+  public static void teardown() {
+
+    if (dataDir != null) {
+      FileUtils.deleteQuietly(dataDir);
+    }
+  }
+
+  /**
+   * Fail test if role already exists
+   * @param roleName Role name to checl
+   * @throws Exception
+   */
+  private void checkRoleDoesNotExist(String roleName) throws Exception {
+    try {
+      sentryStore.getMSentryRoleByName(roleName);
+      Assert.fail("Role " + roleName + "already exists");
+    } catch (SentryNoSuchObjectException e) {
+      // Ok
+    }
+  }
+
+  /**
+   * Fail test if role doesn't exist
+   * @param roleName Role name to checl
+   * @throws Exception
+   */
+  private void checkRoleExists(String roleName) throws Exception {
+    Assert.assertEquals(roleName.toLowerCase(),
+        sentryStore.getMSentryRoleByName(roleName).getRoleName());
+  }
+
+  /**
+   * Create a role with the given name and verify that it is created
+   * @param roleName
+   * @throws Exception
+   */
+  private void createRole(String roleName) throws Exception {
+    checkRoleDoesNotExist(roleName);
+    sentryStore.createSentryRole(roleName);
+    checkRoleExists(roleName);
+  }
+
+  private TSentryAuthorizable toTSentryAuthorizable(
+      TSentryPrivilege tSentryPrivilege) {
+    TSentryAuthorizable tSentryAuthorizable = new TSentryAuthorizable();
+    tSentryAuthorizable.setServer(tSentryPrivilege.getServerName());
+    tSentryAuthorizable.setDb(tSentryPrivilege.getDbName());
+    tSentryAuthorizable.setTable(tSentryPrivilege.getTableName());
+    tSentryAuthorizable.setUri(tSentryPrivilege.getURI());
+    return tSentryAuthorizable;
+  }
+
+  protected static void addGroupsToUser(String user, String... groupNames) {
+    policyFile.addGroupsToUser(user, groupNames);
+  }
+
+  protected static void writePolicyFile() throws Exception {
+    policyFile.write(policyFilePath);
+  }
+
+  /**
+   * Test that SentryStore droppes the permission associated with the table when HMSFollower
+   * processes the drop table event
+   * @throws Exception
+   */
+  @Test
+  public void testDropTableDropRelatedPermission() throws Exception {
+    String serverName = "server1";
+
+    // create HMSFollower
+    Configuration configuration = new Configuration();
+    configuration.set(AUTHZ_SERVER_NAME.getVar(), serverName);
+    HMSFollower hmsFollower = new HMSFollower(configuration, sentryStore, null,
+      new HiveSimpleConnectionFactory(conf, new HiveConf()), null);
+
+    // configure permission of the table
+    String roleName1 = "list-privs-r1";
+    String grantor = "g1";
+    sentryStore.createSentryRole(roleName1);
+
+    TSentryPrivilege privilege_tbl1 = new TSentryPrivilege();
+    privilege_tbl1.setPrivilegeScope("TABLE");
+    privilege_tbl1.setServerName(serverName);
+    privilege_tbl1.setDbName(dbName1);
+    privilege_tbl1.setTableName(tableName1);
+    privilege_tbl1.setCreateTime(System.currentTimeMillis());
+
+    TSentryPrivilege privilege1 = new TSentryPrivilege(privilege_tbl1);
+    privilege1.setAction("SELECT");
+
+    TSentryPrivilege privilege1_2 = new TSentryPrivilege(privilege_tbl1);
+    privilege1_2.setAction("INSERT");
+    TSentryPrivilege privilege1_3 = new TSentryPrivilege(privilege_tbl1);
+    privilege1_3.setAction("*");
+
+    TSentryPrivilege privilege_server = new TSentryPrivilege();
+    privilege_server.setPrivilegeScope("SERVER");
+    privilege_server.setServerName(serverName1);
+    privilege_server.setCreateTime(System.currentTimeMillis());
+
+    sentryStore.alterSentryRoleGrantPrivilege(grantor, roleName1, privilege1);
+
+    sentryStore.alterSentryRoleGrantPrivilege(grantor, roleName1, privilege1_2);
+    sentryStore.alterSentryRoleGrantPrivilege(grantor, roleName1, privilege_server);
+    sentryStore.alterSentryRoleGrantPrivilege(grantor, roleName1, privilege1_3);
+
+    // Create notification events to drop the table
+    StorageDescriptor sd = new StorageDescriptor();
+    sd.setLocation("hdfs:///db1.db/table1");
+    NotificationEvent notificationEvent = new NotificationEvent(1, 0, HCatEventMessage.EventType.DROP_TABLE.toString(),
+        messageFactory.buildDropTableMessage(new Table(tableName1, dbName1, null, 0, 0, 0,
sd, null, null, null, null, null)).toString());
+    List<NotificationEvent> events = new ArrayList<>();
+    events.add(notificationEvent);
+
+    hmsFollower.processNotifications(events);
+
+    Assert.assertEquals(1, sentryStore.getAllTSentryPrivilegesByRoleName(roleName1)
+        .size());
+  }
+
+  /**
+   * Test that SentryStore droppes the permission associated with the database when HMSFollower
+   * processes the drop database event
+   * @throws Exception
+   */
+  @Test
+  public void testDropDatabaseDropRelatedPermission() throws Exception {
+    String serverName = "server1";
+
+    // create HMSFollower
+    Configuration configuration = new Configuration();
+    configuration.set(AUTHZ_SERVER_NAME.getVar(), serverName);
+    HMSFollower hmsFollower = new HMSFollower(configuration, sentryStore, null,
+        new HiveSimpleConnectionFactory(conf, new HiveConf()), null);
+
+    // configure permission of the database
+    String roleName1 = "list-privs-r1";
+    String grantor = "g1";
+    sentryStore.createSentryRole(roleName1);
+
+    TSentryPrivilege privilege_tbl1 = new TSentryPrivilege();
+    privilege_tbl1.setPrivilegeScope("DATABASE");
+    privilege_tbl1.setServerName(serverName);
+    privilege_tbl1.setDbName(dbName1);
+    privilege_tbl1.setTableName(tableName1);
+    privilege_tbl1.setCreateTime(System.currentTimeMillis());
+
+    TSentryPrivilege privilege1 = new TSentryPrivilege(privilege_tbl1);
+    privilege1.setAction("SELECT");
+
+    TSentryPrivilege privilege1_2 = new TSentryPrivilege(privilege_tbl1);
+    privilege1_2.setAction("INSERT");
+    TSentryPrivilege privilege1_3 = new TSentryPrivilege(privilege_tbl1);
+    privilege1_3.setAction("*");
+
+    TSentryPrivilege privilege_server = new TSentryPrivilege();
+    privilege_server.setPrivilegeScope("SERVER");
+    privilege_server.setServerName(serverName1);
+    privilege_server.setCreateTime(System.currentTimeMillis());
+
+    sentryStore.alterSentryRoleGrantPrivilege(grantor, roleName1, privilege1);
+
+    sentryStore.alterSentryRoleGrantPrivilege(grantor, roleName1, privilege1_2);
+    sentryStore.alterSentryRoleGrantPrivilege(grantor, roleName1, privilege_server);
+    sentryStore.alterSentryRoleGrantPrivilege(grantor, roleName1, privilege1_3);
+
+    // Create notification events to drop the database
+    NotificationEvent notificationEvent = new NotificationEvent(1, 0, EventType.DROP_DATABASE.toString(),
+        messageFactory.buildDropDatabaseMessage(new Database(dbName1, null, "hdfs:///" +
dbName1, null)).toString());
+    List<NotificationEvent> events = new ArrayList<>();
+    events.add(notificationEvent);
+
+    hmsFollower.processNotifications(events);
+
+    Assert.assertEquals(1, sentryStore.getAllTSentryPrivilegesByRoleName(roleName1)
+        .size());
+  }
+}

http://git-wip-us.apache.org/repos/asf/sentry/blob/66686420/sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/service/thrift/TestHMSFollower.java
----------------------------------------------------------------------
diff --git a/sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/service/thrift/TestHMSFollower.java
b/sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/service/thrift/TestHMSFollower.java
index fdf52bf..9b31b3c 100644
--- a/sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/service/thrift/TestHMSFollower.java
+++ b/sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/service/thrift/TestHMSFollower.java
@@ -28,6 +28,7 @@ import java.util.HashMap;
 import java.util.List;
 import java.util.Map;
 import java.util.Set;
+import junit.framework.Assert;
 import org.apache.hadoop.conf.Configuration;
 import org.apache.hadoop.hive.conf.HiveConf;
 import org.apache.hadoop.hive.metastore.api.Database;
@@ -38,6 +39,8 @@ import org.apache.hadoop.hive.metastore.api.StorageDescriptor;
 import org.apache.hadoop.hive.metastore.api.Table;
 import org.apache.hive.hcatalog.messaging.HCatEventMessage;
 import org.apache.hive.hcatalog.messaging.HCatEventMessage.EventType;
+import org.apache.sentry.binding.hive.conf.HiveAuthzConf;
+import org.apache.sentry.binding.hive.conf.HiveAuthzConf.AuthzConfVars;
 import org.apache.sentry.binding.metastore.messaging.json.SentryJSONMessageFactory;
 import org.apache.sentry.hdfs.Updateable;
 import org.apache.sentry.provider.db.service.persistent.PathsImage;
@@ -190,7 +193,8 @@ public class TestHMSFollower {
     hmsFollower.setSentryHmsClient(sentryHmsClient);
 
     // 1st run should get a full snapshot
-    Mockito.when(sentryStore.getLastProcessedNotificationID()).thenReturn(SENTRY_PROCESSED_EVENT_ID);
+    Mockito.when(sentryStore.getLastProcessedNotificationID())
+        .thenReturn(SENTRY_PROCESSED_EVENT_ID);
     Mockito.when(sentryStore.isAuthzPathsMappingEmpty()).thenReturn(false);
     hmsFollower.run();
     Mockito.verify(sentryStore, times(1)).persistFullPathsImage(Mockito.anyMap());
@@ -207,6 +211,66 @@ public class TestHMSFollower {
   }
 
   /**
+   * Test that HMSFollower uses the input authentication server name when it is not null
+   */
+  @Test
+  public void testInputConfigurationGetInputAuthServerName() {
+    Configuration sentryConfiguration = new Configuration();
+    HMSFollower hmsFollower = new HMSFollower(sentryConfiguration, sentryStore, null,
+        hiveConnectionFactory, hiveInstance);
+    String authServerName = hmsFollower.getAuthServerName();
+
+    Assert.assertEquals(true, authServerName.equals(hiveInstance));
+  }
+
+  /**
+   * Test that HMSFollower uses the default authentication server name when its constructor
input
+   * value is null and the configuration does not configure AUTHZ_SERVER_NAME nor
+   * AUTHZ_SERVER_NAME_DEPRECATED
+   */
+  @Test
+  public void testNoConfigurationGetDefaultAuthServerName() {
+    Configuration sentryConfiguration = new Configuration();
+    HMSFollower hmsFollower = new HMSFollower(sentryConfiguration, sentryStore, null,
+        hiveConnectionFactory, null);
+    String authServerName = hmsFollower.getAuthServerName();
+
+    Assert.assertEquals(true, authServerName.equals(AuthzConfVars.AUTHZ_SERVER_NAME_DEPRECATED.getDefault()));
+  }
+
+  /**
+   * Test that HMSFollower uses the configured authentication server name when its constructor
input
+   * value is null and the configuration contains configuration for AUTHZ_SERVER_NAME
+   */
+  @Test
+  public void testNewNameConfigurationGetAuthServerName() {
+    String serverName = "newServer";
+    Configuration sentryConfiguration = new Configuration();
+    sentryConfiguration.set(HiveAuthzConf.AuthzConfVars.AUTHZ_SERVER_NAME.getVar(), serverName);
+    HMSFollower hmsFollower = new HMSFollower(sentryConfiguration, sentryStore, null,
+        hiveConnectionFactory, null);
+    String authServerName = hmsFollower.getAuthServerName();
+
+    Assert.assertEquals(true, authServerName.equals(serverName));
+  }
+
+  /**
+   * Test that HMSFollower uses the configured deprecated authentication server name when
its constructor input
+   * value is null and the configuration contains configuration for AUTHZ_SERVER_NAME_DEPRECATED
+   */
+  @Test
+  public void testOldNameConfigurationGetAuthServerName() {
+    String serverName = "oldServer";
+    Configuration sentryConfiguration = new Configuration();
+    sentryConfiguration.set(AuthzConfVars.AUTHZ_SERVER_NAME_DEPRECATED.getVar(), serverName);
+    HMSFollower hmsFollower = new HMSFollower(sentryConfiguration, sentryStore, null,
+        hiveConnectionFactory, null);
+    String authServerName = hmsFollower.getAuthServerName();
+
+    Assert.assertEquals(true, authServerName.equals(serverName));
+  }
+
+  /**
    * Constructs create database event and makes sure that appropriate sentry store API's
    * are invoke when the event is processed by hms follower.
    *


Mime
View raw message