sentry-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From pras...@apache.org
Subject git commit: SENTRY-20: Sentry should throw an exception if testing.mode is not set on non-secure cluster (Shreepadma Venugopalan vi Prasad Mujumdar)
Date Fri, 27 Sep 2013 07:30:43 GMT
Updated Branches:
  refs/heads/master 3ce50d56c -> 055e0146f


SENTRY-20: Sentry should throw an exception if testing.mode is not set on non-secure cluster
(Shreepadma Venugopalan vi Prasad Mujumdar)


Project: http://git-wip-us.apache.org/repos/asf/incubator-sentry/repo
Commit: http://git-wip-us.apache.org/repos/asf/incubator-sentry/commit/055e0146
Tree: http://git-wip-us.apache.org/repos/asf/incubator-sentry/tree/055e0146
Diff: http://git-wip-us.apache.org/repos/asf/incubator-sentry/diff/055e0146

Branch: refs/heads/master
Commit: 055e0146f83522a4668c2d20a04e7ba67dad085a
Parents: 3ce50d5
Author: Prasad Mujumdar <prasadm@cloudera.com>
Authored: Mon Sep 23 23:22:27 2013 -0700
Committer: Prasad Mujumdar <prasadm@cloudera.com>
Committed: Mon Sep 23 23:22:27 2013 -0700

----------------------------------------------------------------------
 .../binding/hive/authz/HiveAuthzBinding.java    |  7 ++++---
 .../sentry/binding/hive/conf/HiveAuthzConf.java |  6 +++---
 .../conf/InvalidConfigurationException.java     | 15 ++++++++++++++
 .../binding/hive/TestHiveAuthzBindings.java     | 21 +++++++++++++++++---
 .../e2e/hive/hiveserver/HiveServerFactory.java  |  2 +-
 5 files changed, 41 insertions(+), 10 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/055e0146/sentry-binding/sentry-binding-hive/src/main/java/org/apache/sentry/binding/hive/authz/HiveAuthzBinding.java
----------------------------------------------------------------------
diff --git a/sentry-binding/sentry-binding-hive/src/main/java/org/apache/sentry/binding/hive/authz/HiveAuthzBinding.java
b/sentry-binding/sentry-binding-hive/src/main/java/org/apache/sentry/binding/hive/authz/HiveAuthzBinding.java
index 5190ba6..542b22c 100644
--- a/sentry-binding/sentry-binding-hive/src/main/java/org/apache/sentry/binding/hive/authz/HiveAuthzBinding.java
+++ b/sentry-binding/sentry-binding-hive/src/main/java/org/apache/sentry/binding/hive/authz/HiveAuthzBinding.java
@@ -17,6 +17,7 @@
 package org.apache.sentry.binding.hive.authz;
 
 import java.lang.reflect.Constructor;
+
 import java.util.EnumSet;
 import java.util.List;
 import java.util.Map;
@@ -41,6 +42,7 @@ import org.apache.sentry.core.Subject;
 import org.apache.sentry.core.Authorizable.AuthorizableType;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
+import org.apache.sentry.binding.hive.conf.InvalidConfigurationException;
 
 import com.google.common.base.Strings;
 
@@ -100,13 +102,12 @@ public class HiveAuthzBinding {
   // Instantiate the configured authz provider
   private AuthorizationProvider getAuthProvider(HiveConf hiveConf, String serverName) throws
Exception {
     boolean isTestingMode = Boolean.parseBoolean(Strings.nullToEmpty(
-        authzConf.get(AuthzConfVars.ACCESS_TESTING_MODE.getVar())).trim());
+        authzConf.get(AuthzConfVars.SENTRY_TESTING_MODE.getVar())).trim());
     LOG.debug("Testing mode is " + isTestingMode);
     if(!isTestingMode) {
       String authMethod = Strings.nullToEmpty(hiveConf.getVar(ConfVars.HIVE_SERVER2_AUTHENTICATION)).trim();
       if("none".equalsIgnoreCase(authMethod)) {
-        LOG.error("HiveServer2 authentication method cannot be set to none unless testing
mode is enabled");
-        return new NoAuthorizationProvider();
+        throw new InvalidConfigurationException("Authentication can't be NONE in non-testing
mode");
       }
       boolean impersonation = hiveConf.getBoolVar(ConfVars.HIVE_SERVER2_KERBEROS_IMPERSONATION);
       boolean allowImpersonation = Boolean.parseBoolean(Strings.nullToEmpty(

http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/055e0146/sentry-binding/sentry-binding-hive/src/main/java/org/apache/sentry/binding/hive/conf/HiveAuthzConf.java
----------------------------------------------------------------------
diff --git a/sentry-binding/sentry-binding-hive/src/main/java/org/apache/sentry/binding/hive/conf/HiveAuthzConf.java
b/sentry-binding/sentry-binding-hive/src/main/java/org/apache/sentry/binding/hive/conf/HiveAuthzConf.java
index bfd58fa..c51ce54 100644
--- a/sentry-binding/sentry-binding-hive/src/main/java/org/apache/sentry/binding/hive/conf/HiveAuthzConf.java
+++ b/sentry-binding/sentry-binding-hive/src/main/java/org/apache/sentry/binding/hive/conf/HiveAuthzConf.java
@@ -46,7 +46,7 @@ public class HiveAuthzConf extends Configuration {
         AUTHZ_PROVIDER_RESOURCE("hive.sentry.provider.resource", ""),
         AUTHZ_SERVER_NAME("hive.sentry.server", "HS2"),
         AUTHZ_RESTRICT_DEFAULT_DB("hive.sentry.restrict.defaultDB", "false"),
-        ACCESS_TESTING_MODE("hive.sentry.testing.mode", "false"),
+        SENTRY_TESTING_MODE("hive.sentry.testing.mode", "false"),
         AUTHZ_UDF_WHITELIST("hive.sentry.udf.whitelist", HIVE_UDF_WHITE_LIST),
         AUTHZ_ALLOW_HIVE_IMPERSONATION("hive.sentry.allow.hive.impersonation", "false"),
         AUTHZ_ONFAILURE_HOOKS("hive.sentry.failure.hooks", ""),
@@ -56,7 +56,7 @@ public class HiveAuthzConf extends Configuration {
         AUTHZ_PROVIDER_RESOURCE_DEPRECATED("hive.access.provider.resource", ""),
         AUTHZ_SERVER_NAME_DEPRECATED("hive.access.server", "HS2"),
         AUTHZ_RESTRICT_DEFAULT_DB_DEPRECATED("hive.access.restrict.defaultDB", "false"),
-        ACCESS_TESTING_MODE_DEPRECATED("hive.access.testing.mode", "false"),
+        SENTRY_TESTING_MODE_DEPRECATED("hive.access.testing.mode", "false"),
         AUTHZ_UDF_WHITELIST_DEPRECATED("hive.access.udf.whitelist", HIVE_UDF_WHITE_LIST),
         AUTHZ_ALLOW_HIVE_IMPERSONATION_DEPRECATED("hive.access.allow.hive.impersonation",
"false"),
         AUTHZ_ONFAILURE_HOOKS_DEPRECATED("hive.access.failure.hooks", ""),
@@ -115,7 +115,7 @@ public class HiveAuthzConf extends Configuration {
    deprecatedConfigs.put(AuthzConfVars.AUTHZ_PROVIDER_RESOURCE_DEPRECATED.getVar(), AuthzConfVars.AUTHZ_PROVIDER_RESOURCE);
    deprecatedConfigs.put(AuthzConfVars.AUTHZ_SERVER_NAME_DEPRECATED.getVar(), AuthzConfVars.AUTHZ_SERVER_NAME);
    deprecatedConfigs.put(AuthzConfVars.AUTHZ_RESTRICT_DEFAULT_DB_DEPRECATED.getVar(), AuthzConfVars.AUTHZ_RESTRICT_DEFAULT_DB);
-   deprecatedConfigs.put(AuthzConfVars.ACCESS_TESTING_MODE_DEPRECATED.getVar(), AuthzConfVars.ACCESS_TESTING_MODE);
+   deprecatedConfigs.put(AuthzConfVars.SENTRY_TESTING_MODE_DEPRECATED.getVar(), AuthzConfVars.SENTRY_TESTING_MODE);
    deprecatedConfigs.put(AuthzConfVars.AUTHZ_UDF_WHITELIST_DEPRECATED.getVar(), AuthzConfVars.AUTHZ_UDF_WHITELIST);
    deprecatedConfigs.put(AuthzConfVars.AUTHZ_ALLOW_HIVE_IMPERSONATION_DEPRECATED.getVar(),
AuthzConfVars.AUTHZ_ALLOW_HIVE_IMPERSONATION);
    deprecatedConfigs.put(AuthzConfVars.AUTHZ_ONFAILURE_HOOKS_DEPRECATED.getVar(), AuthzConfVars.AUTHZ_ONFAILURE_HOOKS);

http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/055e0146/sentry-binding/sentry-binding-hive/src/main/java/org/apache/sentry/binding/hive/conf/InvalidConfigurationException.java
----------------------------------------------------------------------
diff --git a/sentry-binding/sentry-binding-hive/src/main/java/org/apache/sentry/binding/hive/conf/InvalidConfigurationException.java
b/sentry-binding/sentry-binding-hive/src/main/java/org/apache/sentry/binding/hive/conf/InvalidConfigurationException.java
new file mode 100644
index 0000000..84fc410
--- /dev/null
+++ b/sentry-binding/sentry-binding-hive/src/main/java/org/apache/sentry/binding/hive/conf/InvalidConfigurationException.java
@@ -0,0 +1,15 @@
+package org.apache.sentry.binding.hive.conf;
+
+public class InvalidConfigurationException extends Exception
+{
+	private static final long serialVersionUID = 1L;
+
+	//Parameterless Constructor
+    public InvalidConfigurationException() {}
+
+    //Constructor that accepts a message
+    public InvalidConfigurationException(String message)
+    {
+      super(message);
+    }
+ }

http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/055e0146/sentry-binding/sentry-binding-hive/src/test/java/org/apache/sentry/binding/hive/TestHiveAuthzBindings.java
----------------------------------------------------------------------
diff --git a/sentry-binding/sentry-binding-hive/src/test/java/org/apache/sentry/binding/hive/TestHiveAuthzBindings.java
b/sentry-binding/sentry-binding-hive/src/test/java/org/apache/sentry/binding/hive/TestHiveAuthzBindings.java
index 20d4e8f..fb3d3f0 100644
--- a/sentry-binding/sentry-binding-hive/src/test/java/org/apache/sentry/binding/hive/TestHiveAuthzBindings.java
+++ b/sentry-binding/sentry-binding-hive/src/test/java/org/apache/sentry/binding/hive/TestHiveAuthzBindings.java
@@ -21,6 +21,8 @@ import java.util.ArrayList;
 import java.util.Arrays;
 import java.util.List;
 
+import junit.framework.Assert;
+
 import org.apache.commons.io.FileUtils;
 import org.apache.hadoop.hive.conf.HiveConf;
 import org.apache.hadoop.hive.conf.HiveConf.ConfVars;
@@ -31,6 +33,7 @@ import org.apache.sentry.binding.hive.authz.HiveAuthzPrivileges;
 import org.apache.sentry.binding.hive.authz.HiveAuthzPrivilegesMap;
 import org.apache.sentry.binding.hive.conf.HiveAuthzConf;
 import org.apache.sentry.binding.hive.conf.HiveAuthzConf.AuthzConfVars;
+import org.apache.sentry.binding.hive.conf.InvalidConfigurationException;
 import org.apache.sentry.core.AccessConstants;
 import org.apache.sentry.core.AccessURI;
 import org.apache.sentry.core.Authorizable;
@@ -107,7 +110,7 @@ public class TestHiveAuthzBindings {
     authzConf.set(AuthzConfVars.AUTHZ_PROVIDER_RESOURCE.getVar(),
         new File(baseDir, RESOURCE_PATH).getPath());
     authzConf.set(AuthzConfVars.AUTHZ_SERVER_NAME.getVar(), SERVER1);
-    authzConf.set(AuthzConfVars.ACCESS_TESTING_MODE.getVar(), "true");
+    authzConf.set(AuthzConfVars.SENTRY_TESTING_MODE.getVar(), "true");
     testAuth = new HiveAuthzBinding(hiveConf, authzConf);
   }
 
@@ -288,7 +291,7 @@ public class TestHiveAuthzBindings {
     // perpare the hive and auth configs
     hiveConf.setBoolVar(ConfVars.HIVE_SERVER2_KERBEROS_IMPERSONATION, true);
     hiveConf.setVar(ConfVars.HIVE_SERVER2_AUTHENTICATION, "Kerberos");
-    authzConf.set(AuthzConfVars.ACCESS_TESTING_MODE.getVar(), "false");
+    authzConf.set(AuthzConfVars.SENTRY_TESTING_MODE.getVar(), "false");
     testAuth = new HiveAuthzBinding(hiveConf, authzConf);
 
     // following check should pass, but with impersonation it will fail with due to NoAuthorizationProvider
@@ -306,7 +309,7 @@ public class TestHiveAuthzBindings {
     // perpare the hive and auth configs
     hiveConf.setBoolVar(ConfVars.HIVE_SERVER2_KERBEROS_IMPERSONATION, true);
     hiveConf.setVar(ConfVars.HIVE_SERVER2_AUTHENTICATION, "Kerberos");
-    authzConf.set(AuthzConfVars.ACCESS_TESTING_MODE.getVar(), "false");
+    authzConf.set(AuthzConfVars.SENTRY_TESTING_MODE.getVar(), "false");
     authzConf.set(AuthzConfVars.AUTHZ_ALLOW_HIVE_IMPERSONATION.getVar(), "true");
     testAuth = new HiveAuthzBinding(hiveConf, authzConf);
 
@@ -327,4 +330,16 @@ public class TestHiveAuthzBindings {
     }
     return authList;
   }
+  
+  /**
+   * Turn off authentication and verify exception is raised in non-testing mode
+   * @throws Exception
+   */
+  @Test(expected=InvalidConfigurationException.class)
+  public void testNoAuthenticationRestriction() throws Exception {
+    // perpare the hive and auth configs
+    hiveConf.setVar(ConfVars.HIVE_SERVER2_AUTHENTICATION, "None");
+    authzConf.set(AuthzConfVars.SENTRY_TESTING_MODE.getVar(), "false");
+    testAuth = new HiveAuthzBinding(hiveConf, authzConf);
+  }
 }

http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/055e0146/sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/hive/hiveserver/HiveServerFactory.java
----------------------------------------------------------------------
diff --git a/sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/hive/hiveserver/HiveServerFactory.java
b/sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/hive/hiveserver/HiveServerFactory.java
index f6d1791..288a7b3 100644
--- a/sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/hive/hiveserver/HiveServerFactory.java
+++ b/sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/hive/hiveserver/HiveServerFactory.java
@@ -51,7 +51,7 @@ public class HiveServerFactory {
   public static final String AUTHZ_PROVIDER_RESOURCE = HiveAuthzConf.AuthzConfVars.AUTHZ_PROVIDER_RESOURCE.getVar();
   public static final String AUTHZ_PROVIDER_FILENAME = "test-authz-provider.ini";
   public static final String AUTHZ_SERVER_NAME = HiveAuthzConf.AuthzConfVars.AUTHZ_SERVER_NAME.getVar();
-  public static final String ACCESS_TESTING_MODE = HiveAuthzConf.AuthzConfVars.ACCESS_TESTING_MODE.getVar();
+  public static final String ACCESS_TESTING_MODE = HiveAuthzConf.AuthzConfVars.SENTRY_TESTING_MODE.getVar();
   public static final String HS2_PORT = ConfVars.HIVE_SERVER2_THRIFT_PORT.toString();
   public static final String SUPPORT_CONCURRENCY = HiveConf.ConfVars.HIVE_SUPPORT_CONCURRENCY.varname;
   public static final String HADOOPBIN = ConfVars.HADOOPBIN.toString();


Mime
View raw message