sentry-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From cohei...@apache.org
Subject sentry git commit: SENTRY-1846 - Use a consistent configuration variable for the sentry provider property - Reviewed by Sergio Pena, Brian Towles, Na Li.
Date Wed, 19 Jul 2017 15:44:43 GMT
Repository: sentry
Updated Branches:
  refs/heads/sentry-ha-redesign 5b7cccccf -> bcb7ffeb0


SENTRY-1846 - Use a consistent configuration variable for the sentry provider property
 - Reviewed by Sergio Pena, Brian Towles, Na Li.


Project: http://git-wip-us.apache.org/repos/asf/sentry/repo
Commit: http://git-wip-us.apache.org/repos/asf/sentry/commit/bcb7ffeb
Tree: http://git-wip-us.apache.org/repos/asf/sentry/tree/bcb7ffeb
Diff: http://git-wip-us.apache.org/repos/asf/sentry/diff/bcb7ffeb

Branch: refs/heads/sentry-ha-redesign
Commit: bcb7ffeb00b24f0e5fbfefb7d167f17278dc39a9
Parents: 5b7cccc
Author: Colm O hEigeartaigh <coheigea@apache.org>
Authored: Wed Jul 19 13:54:22 2017 +0100
Committer: Colm O hEigeartaigh <coheigea@apache.org>
Committed: Wed Jul 19 15:10:46 2017 +0100

----------------------------------------------------------------------
 conf/sentry-site.xml.hive-client.template       |  2 +-
 conf/sentry-site.xml.solr-client.example        |  2 +-
 .../sentry/binding/hive/conf/HiveAuthzConf.java | 41 +++++++++++++-------
 .../DefaultSentryAccessController.java          |  2 +-
 .../sentry/binding/solr/conf/SolrAuthzConf.java | 29 ++++++++++++--
 5 files changed, 56 insertions(+), 20 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/sentry/blob/bcb7ffeb/conf/sentry-site.xml.hive-client.template
----------------------------------------------------------------------
diff --git a/conf/sentry-site.xml.hive-client.template b/conf/sentry-site.xml.hive-client.template
index 0e8a74e..becff9c 100644
--- a/conf/sentry-site.xml.hive-client.template
+++ b/conf/sentry-site.xml.hive-client.template
@@ -72,7 +72,7 @@
 -->
 
   <property>
-    <name>sentry.provider</name>
+    <name>sentry.hive.provider</name>
     <value>org.apache.sentry.provider.file.HadoopGroupResourceAuthorizationProvider</value>
     <description> Deprecated name: hive.sentry.provider.  Group mapping which should
be used at client side</description>
   </property>

http://git-wip-us.apache.org/repos/asf/sentry/blob/bcb7ffeb/conf/sentry-site.xml.solr-client.example
----------------------------------------------------------------------
diff --git a/conf/sentry-site.xml.solr-client.example b/conf/sentry-site.xml.solr-client.example
index dd39908..d0a367d 100644
--- a/conf/sentry-site.xml.solr-client.example
+++ b/conf/sentry-site.xml.solr-client.example
@@ -19,7 +19,7 @@
 
 <configuration>
   <property>
-    <name>sentry.provider</name>
+    <name>sentry.solr.provider</name>
     <value>org.apache.sentry.provider.file.LocalGroupResourceAuthorizationProvider</value>
   </property>
   <property>

http://git-wip-us.apache.org/repos/asf/sentry/blob/bcb7ffeb/sentry-binding/sentry-binding-hive-conf/src/main/java/org/apache/sentry/binding/hive/conf/HiveAuthzConf.java
----------------------------------------------------------------------
diff --git a/sentry-binding/sentry-binding-hive-conf/src/main/java/org/apache/sentry/binding/hive/conf/HiveAuthzConf.java
b/sentry-binding/sentry-binding-hive-conf/src/main/java/org/apache/sentry/binding/hive/conf/HiveAuthzConf.java
index 4de755f..fe5e352 100644
--- a/sentry-binding/sentry-binding-hive-conf/src/main/java/org/apache/sentry/binding/hive/conf/HiveAuthzConf.java
+++ b/sentry-binding/sentry-binding-hive-conf/src/main/java/org/apache/sentry/binding/hive/conf/HiveAuthzConf.java
@@ -88,7 +88,7 @@ public class HiveAuthzConf extends Configuration {
      * Config setting definitions
      */
     public static enum AuthzConfVars {
-        AUTHZ_PROVIDER("sentry.provider",
+        AUTHZ_PROVIDER("sentry.hive.provider",
                 "org.apache.sentry.provider.common.HadoopGroupResourceAuthorizationProvider"),
         AUTHZ_PROVIDER_RESOURCE("sentry.hive.provider.resource", ""),
         AUTHZ_PROVIDER_BACKEND("sentry.hive.provider.backend", "org.apache.sentry.provider.file.SimpleFileProviderBackend"),
@@ -108,6 +108,8 @@ public class HiveAuthzConf extends Configuration {
 
         AUTHZ_PROVIDER_DEPRECATED("hive.sentry.provider",
                 "org.apache.sentry.provider.file.ResourceAuthorizationProvider"),
+        AUTHZ_PROVIDER_DEPRECATED2("sentry.provider",
+                "org.apache.sentry.provider.common.HadoopGroupResourceAuthorizationProvider"),
         AUTHZ_PROVIDER_RESOURCE_DEPRECATED("hive.sentry.provider.resource", ""),
         AUTHZ_SERVER_NAME_DEPRECATED("hive.sentry.server", ""),
         AUTHZ_RESTRICT_DEFAULT_DB_DEPRECATED("hive.sentry.restrict.defaultDB", "false"),
@@ -146,16 +148,22 @@ public class HiveAuthzConf extends Configuration {
     // as long as the new property names aren't also provided.  Since the binding code
     // only calls the new property names, we require a map from current names to deprecated
     // names in order to check if the deprecated name of a property was set.
-    private static final Map<String, AuthzConfVars> currentToDeprecatedProps =
-            new HashMap<String, AuthzConfVars>();
+    private static final Map<String, List<AuthzConfVars>> currentToDeprecatedProps
= new HashMap<>();
     static {
-        currentToDeprecatedProps.put(AuthzConfVars.AUTHZ_PROVIDER.getVar(), AuthzConfVars.AUTHZ_PROVIDER_DEPRECATED);
-        currentToDeprecatedProps.put(AuthzConfVars.AUTHZ_PROVIDER_RESOURCE.getVar(), AuthzConfVars.AUTHZ_PROVIDER_RESOURCE_DEPRECATED);
-        currentToDeprecatedProps.put(AuthzConfVars.AUTHZ_SERVER_NAME.getVar(), AuthzConfVars.AUTHZ_SERVER_NAME_DEPRECATED);
-        currentToDeprecatedProps.put(AuthzConfVars.AUTHZ_RESTRICT_DEFAULT_DB.getVar(), AuthzConfVars.AUTHZ_RESTRICT_DEFAULT_DB_DEPRECATED);
-        currentToDeprecatedProps.put(AuthzConfVars.SENTRY_TESTING_MODE.getVar(), AuthzConfVars.SENTRY_TESTING_MODE_DEPRECATED);
-        currentToDeprecatedProps.put(AuthzConfVars.AUTHZ_ALLOW_HIVE_IMPERSONATION.getVar(),
AuthzConfVars.AUTHZ_ALLOW_HIVE_IMPERSONATION_DEPRECATED);
-        currentToDeprecatedProps.put(AuthzConfVars.AUTHZ_ONFAILURE_HOOKS.getVar(), AuthzConfVars.AUTHZ_ONFAILURE_HOOKS_DEPRECATED);
+        currentToDeprecatedProps.put(AuthzConfVars.AUTHZ_PROVIDER.getVar(),
+                                     Arrays.asList(AuthzConfVars.AUTHZ_PROVIDER_DEPRECATED,
AuthzConfVars.AUTHZ_PROVIDER_DEPRECATED2));
+        currentToDeprecatedProps.put(AuthzConfVars.AUTHZ_PROVIDER_RESOURCE.getVar(),
+                                     Collections.singletonList(AuthzConfVars.AUTHZ_PROVIDER_RESOURCE_DEPRECATED));
+        currentToDeprecatedProps.put(AuthzConfVars.AUTHZ_SERVER_NAME.getVar(),
+                                     Collections.singletonList(AuthzConfVars.AUTHZ_SERVER_NAME_DEPRECATED));
+        currentToDeprecatedProps.put(AuthzConfVars.AUTHZ_RESTRICT_DEFAULT_DB.getVar(),
+                                     Collections.singletonList(AuthzConfVars.AUTHZ_RESTRICT_DEFAULT_DB_DEPRECATED));
+        currentToDeprecatedProps.put(AuthzConfVars.SENTRY_TESTING_MODE.getVar(),
+                                     Collections.singletonList(AuthzConfVars.SENTRY_TESTING_MODE_DEPRECATED));
+        currentToDeprecatedProps.put(AuthzConfVars.AUTHZ_ALLOW_HIVE_IMPERSONATION.getVar(),
+                                     Collections.singletonList(AuthzConfVars.AUTHZ_ALLOW_HIVE_IMPERSONATION_DEPRECATED));
+        currentToDeprecatedProps.put(AuthzConfVars.AUTHZ_ONFAILURE_HOOKS.getVar(),
+                                     Collections.singletonList(AuthzConfVars.AUTHZ_ONFAILURE_HOOKS_DEPRECATED));
     };
 
     private static final Logger LOG = LoggerFactory
@@ -168,7 +176,6 @@ public class HiveAuthzConf extends Configuration {
         LOG.info("DefaultFS: " + super.get("fs.defaultFS"));
         addResource(hiveAuthzSiteURL);
         applySystemProperties();
-        LOG.info("DefaultFS: " + super.get("fs.defaultFS"));
         this.hiveAuthzSiteFile = hiveAuthzSiteURL.toString();
     }
     /**
@@ -208,14 +215,20 @@ public class HiveAuthzConf extends Configuration {
         String retVal = super.get(varName);
         if (retVal == null) {
             // check if the deprecated value is set here
+            String deprecatedPropName = null;
             if (currentToDeprecatedProps.containsKey(varName)) {
-                retVal = super.get(currentToDeprecatedProps.get(varName).getVar());
+                for (AuthzConfVars var : currentToDeprecatedProps.get(varName)) {
+                    retVal = super.get(var.getVar());
+                    if (retVal != null) {
+                        deprecatedPropName = var.getVar();
+                        break;
+                    }
+                }
             }
             if (retVal == null) {
                 retVal = AuthzConfVars.getDefault(varName);
             } else {
-                LOG.warn("Using the deprecated config setting " + currentToDeprecatedProps.get(varName).getVar()
+
-                        " instead of " + varName);
+                LOG.warn("Using the deprecated config setting " + deprecatedPropName + "
instead of " + varName);
             }
         }
         if (retVal == null) {

http://git-wip-us.apache.org/repos/asf/sentry/blob/bcb7ffeb/sentry-binding/sentry-binding-hive-v2/src/main/java/org/apache/sentry/binding/hive/v2/authorizer/DefaultSentryAccessController.java
----------------------------------------------------------------------
diff --git a/sentry-binding/sentry-binding-hive-v2/src/main/java/org/apache/sentry/binding/hive/v2/authorizer/DefaultSentryAccessController.java
b/sentry-binding/sentry-binding-hive-v2/src/main/java/org/apache/sentry/binding/hive/v2/authorizer/DefaultSentryAccessController.java
index 98fba8c..c5a2f42 100644
--- a/sentry-binding/sentry-binding-hive-v2/src/main/java/org/apache/sentry/binding/hive/v2/authorizer/DefaultSentryAccessController.java
+++ b/sentry-binding/sentry-binding-hive-v2/src/main/java/org/apache/sentry/binding/hive/v2/authorizer/DefaultSentryAccessController.java
@@ -333,7 +333,7 @@ public class DefaultSentryAccessController extends SentryHiveAccessController
{
     // Apply rest of the configuration only to HiveServer2
     if (ctx.getClientType() != CLIENT_TYPE.HIVESERVER2
         || !hiveConf.getBoolVar(ConfVars.HIVE_AUTHORIZATION_ENABLED)) {
-      throw new HiveAuthzPluginException("Sentry just support for hiveserver2");
+      throw new HiveAuthzPluginException("Sentry only supports hiveserver2");
     }
   }
 

http://git-wip-us.apache.org/repos/asf/sentry/blob/bcb7ffeb/sentry-binding/sentry-binding-solr/src/main/java/org/apache/sentry/binding/solr/conf/SolrAuthzConf.java
----------------------------------------------------------------------
diff --git a/sentry-binding/sentry-binding-solr/src/main/java/org/apache/sentry/binding/solr/conf/SolrAuthzConf.java
b/sentry-binding/sentry-binding-solr/src/main/java/org/apache/sentry/binding/solr/conf/SolrAuthzConf.java
index b31f4fa..37efa5b 100644
--- a/sentry-binding/sentry-binding-solr/src/main/java/org/apache/sentry/binding/solr/conf/SolrAuthzConf.java
+++ b/sentry-binding/sentry-binding-solr/src/main/java/org/apache/sentry/binding/solr/conf/SolrAuthzConf.java
@@ -17,6 +17,8 @@
 package org.apache.sentry.binding.solr.conf;
 
 import java.net.URL;
+import java.util.HashMap;
+import java.util.Map;
 
 import org.apache.hadoop.conf.Configuration;
 import org.slf4j.Logger;
@@ -29,11 +31,14 @@ public class SolrAuthzConf extends Configuration {
    * Config setting definitions
    */
   public static enum AuthzConfVars {
-    AUTHZ_PROVIDER("sentry.provider",
+    AUTHZ_PROVIDER("sentry.solr.provider",
       "org.apache.sentry.provider.common.HadoopGroupResourceAuthorizationProvider"),
     AUTHZ_PROVIDER_RESOURCE("sentry.solr.provider.resource", ""),
     AUTHZ_PROVIDER_BACKEND("sentry.solr.provider.backend", "org.apache.sentry.provider.file.SimpleFileProviderBackend"),
-    AUTHZ_POLICY_ENGINE("sentry.solr.policy.engine", "org.apache.sentry.policy.engine.common.CommonPolicyEngine");
+    AUTHZ_POLICY_ENGINE("sentry.solr.policy.engine", "org.apache.sentry.policy.engine.common.CommonPolicyEngine"),
+
+    AUTHZ_PROVIDER_DEPRECATED("sentry.provider",
+      "org.apache.sentry.provider.common.HadoopGroupResourceAuthorizationProvider");
 
     private final String varName;
     private final String defaultVal;
@@ -61,6 +66,11 @@ public class SolrAuthzConf extends Configuration {
     }
   }
 
+  private static final Map<String, AuthzConfVars> currentToDeprecatedProps = new HashMap<>();
+  static {
+    currentToDeprecatedProps.put(AuthzConfVars.AUTHZ_PROVIDER.getVar(), AuthzConfVars.AUTHZ_PROVIDER_DEPRECATED);
+  }
+
   @SuppressWarnings("unused")
   private static final Logger LOG = LoggerFactory
       .getLogger(SolrAuthzConf.class);
@@ -73,6 +83,19 @@ public class SolrAuthzConf extends Configuration {
 
   @Override
   public String get(String varName) {
-    return get(varName, AuthzConfVars.getDefault(varName));
+    String retVal = super.get(varName);
+    if (retVal == null) {
+      // check if the deprecated value is set here
+      if (currentToDeprecatedProps.containsKey(varName)) {
+          AuthzConfVars var = currentToDeprecatedProps.get(varName);
+          retVal = super.get(var.getVar());
+      }
+      if (retVal == null) {
+        retVal = AuthzConfVars.getDefault(varName);
+      } else {
+        LOG.warn("Using the deprecated config setting " + currentToDeprecatedProps.get(varName).getVar()
+ " instead of " + varName);
+      }
+    }
+    return retVal;
   }
 }


Mime
View raw message