sentry-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From ak...@apache.org
Subject [3/3] sentry git commit: SENTRY-1593: proposed changes to config interface
Date Mon, 20 Feb 2017 07:53:17 GMT
SENTRY-1593: proposed changes to config interface


Project: http://git-wip-us.apache.org/repos/asf/sentry/repo
Commit: http://git-wip-us.apache.org/repos/asf/sentry/commit/d22df694
Tree: http://git-wip-us.apache.org/repos/asf/sentry/tree/d22df694
Diff: http://git-wip-us.apache.org/repos/asf/sentry/diff/d22df694

Branch: refs/heads/akolb-SENTRY-1593
Commit: d22df6947c3960f06b98345d3c69a321275cf20f
Parents: 5300344
Author: Alexander Kolbasov <akolb@cloudera.com>
Authored: Mon Feb 20 01:52:49 2017 -0600
Committer: Alexander Kolbasov <akolb@cloudera.com>
Committed: Mon Feb 20 01:52:49 2017 -0600

----------------------------------------------------------------------
 .../core/common/SentryClientConstants.java      | 126 +++++++++++++++++++
 .../SentryClientTransportConfigInterface.java   |  35 ++++++
 .../common/SentryHDFSClientTransportConfig.java |  90 +++++++++++++
 .../SentryPolicyClientTransportConfig.java      |  91 ++++++++++++++
 4 files changed, 342 insertions(+)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/sentry/blob/d22df694/sentry-core/sentry-core-common/src/main/java/org/apache/sentry/core/common/SentryClientConstants.java
----------------------------------------------------------------------
diff --git a/sentry-core/sentry-core-common/src/main/java/org/apache/sentry/core/common/SentryClientConstants.java
b/sentry-core/sentry-core-common/src/main/java/org/apache/sentry/core/common/SentryClientConstants.java
new file mode 100644
index 0000000..8c8b9ba
--- /dev/null
+++ b/sentry-core/sentry-core-common/src/main/java/org/apache/sentry/core/common/SentryClientConstants.java
@@ -0,0 +1,126 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership.  The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License.  You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.sentry.core.common;
+
+class SentryClientConstants {
+
+  enum sentryClientType {
+    POLICY_CLIENT,
+    HDFS_CLIENT,
+  }
+
+  enum sentryClientSecurityMode {
+    SECURITY_MODE_KERBEROS,
+    SECURITY_MODE_NONE,
+  }
+
+  static final String KERBEROS_MODE = "kerberos";
+
+  /**
+   * max retry num for client rpc
+   * {link RetryClientInvocationHandler#invokeImpl(Object, Method, Object[])}
+   */
+  static final String SENTRY_RPC_RETRY_TOTAL = "sentry.service.client.rpc.retry-total";
+  static final int SENTRY_RPC_RETRY_TOTAL_DEFAULT = 3;
+
+  /**
+   * full retry num for getting the connection in non-pool model
+   * In a full retry, it will cycle through all available sentry servers
+   */
+  static final String SENTRY_FULL_RETRY_TOTAL = "sentry.service.client.connection.full.retry-total";
+  static final int SENTRY_FULL_RETRY_TOTAL_DEFAULT = 2;
+
+
+  static class PolicyClientConstants {
+    static final String SERVER_RPC_PORT = "sentry.service.client.server.rpc-port";
+    static final int RPC_PORT_DEFAULT = 8038;
+    static final String SERVER_RPC_ADDRESS = "sentry.service.client.server.rpc-address";
+    // connection pool configuration
+    static final String SENTRY_POOL_ENABLED = "sentry.service.client.connection.pool.enabled";
+    static final boolean SENTRY_POOL_ENABLED_DEFAULT = false;
+
+    // commons-pool configuration for pool size
+    static final String SENTRY_POOL_MAX_TOTAL = "sentry.service.client.connection.pool.max-total";
+    static final int SENTRY_POOL_MAX_TOTAL_DEFAULT = 8;
+    static final String SENTRY_POOL_MAX_IDLE = "sentry.service.client.connection.pool.max-idle";
+    static final int SENTRY_POOL_MAX_IDLE_DEFAULT = 8;
+    static final String SENTRY_POOL_MIN_IDLE = "sentry.service.client.connection.pool.min-idle";
+    static final int SENTRY_POOL_MIN_IDLE_DEFAULT = 0;
+
+    // retry num for getting the connection from connection pool
+    static final String SENTRY_POOL_RETRY_TOTAL = SentryClientConstants.SENTRY_FULL_RETRY_TOTAL;
+    static final int SENTRY_POOL_RETRY_TOTAL_DEFAULT = SentryClientConstants.SENTRY_RPC_RETRY_TOTAL_DEFAULT;
+
+    /**
+     * full retry num for getting the connection in non-pool model
+     * In a full retry, it will cycle through all available sentry servers
+     */
+    static final String SENTRY_FULL_RETRY_TOTAL = "sentry.service.client.connection.full.retry-total";
+    static final int SENTRY_FULL_RETRY_TOTAL_DEFAULT = 2;
+
+    /**
+     * max retry num for client rpc
+     * {link RetryClientInvocationHandler#invokeImpl(Object, Method, Object[])}
+     */
+    static final String SENTRY_RPC_RETRY_TOTAL = "sentry.service.client.rpc.retry-total";
+    static final int SENTRY_RPC_RETRY_TOTAL_DEFAULT = 3;
+
+    /**
+     * This configuration parameter is only meant to be used for testing purposes.
+     */
+    static final String SECURITY_MODE = "sentry.service.security.mode";
+
+    static final String SECURITY_USE_UGI_TRANSPORT = "sentry.service.security.use.ugi";
+    static final String PRINCIPAL = "sentry.service.server.principal";
+    static final String SERVER_RPC_CONN_TIMEOUT = "sentry.service.client.server.rpc-connection-timeout";
+    static final int SERVER_RPC_CONN_TIMEOUT_DEFAULT = 200000;
+  }
+
+  static class HDFSClientConstants {
+    /**
+     * This configuration parameter is only meant to be used for testing purposes.
+     */
+    static final String SECURITY_MODE = "sentry.hdfs.service.security.mode";
+
+    /**
+     * max retry num for client rpc
+     * {link RetryClientInvocationHandler#invokeImpl(Object, Method, Object[])}
+     */
+    static final String SENTRY_RPC_RETRY_TOTAL = SentryClientConstants.SENTRY_RPC_RETRY_TOTAL;
+    static final int SENTRY_RPC_RETRY_TOTAL_DEFAULT = 3;
+
+    /**
+     * full retry num for getting the connection in non-pool model
+     * In a full retry, it will cycle through all available sentry servers
+     */
+    static final String SENTRY_FULL_RETRY_TOTAL = SentryClientConstants.SENTRY_FULL_RETRY_TOTAL;
+    static final int SENTRY_FULL_RETRY_TOTAL_DEFAULT = SentryClientConstants.SENTRY_FULL_RETRY_TOTAL_DEFAULT;
+
+    static final String SECURITY_USE_UGI_TRANSPORT = "sentry.hdfs.service.security.use.ugi";
+    static final String PRINCIPAL = "sentry.hdfs.service.server.principal";
+    static final String RPC_ADDRESS = "sentry.hdfs.service.client.server.rpc-address";
+    static final String RPC_ADDRESS_DEFAULT = "0.0.0.0"; //NOPMD
+
+    static final String SERVER_RPC_PORT = "sentry.hdfs.service.client.server.rpc-port";
+    static final int RPC_PORT_DEFAULT = ServiceTransportConstants.RPC_PORT_DEFAULT;
+    static final String SERVER_RPC_ADDRESS = "sentry.hdfs.service.client.server.rpc-address";
+    static final String SERVER_RPC_CONN_TIMEOUT = "sentry.hdfs.service.client.server.rpc-connection-timeout";
+    static final int SERVER_RPC_CONN_TIMEOUT_DEFAULT = 200000;
+  }
+}

http://git-wip-us.apache.org/repos/asf/sentry/blob/d22df694/sentry-core/sentry-core-common/src/main/java/org/apache/sentry/core/common/SentryClientTransportConfigInterface.java
----------------------------------------------------------------------
diff --git a/sentry-core/sentry-core-common/src/main/java/org/apache/sentry/core/common/SentryClientTransportConfigInterface.java
b/sentry-core/sentry-core-common/src/main/java/org/apache/sentry/core/common/SentryClientTransportConfigInterface.java
new file mode 100644
index 0000000..97d56a3
--- /dev/null
+++ b/sentry-core/sentry-core-common/src/main/java/org/apache/sentry/core/common/SentryClientTransportConfigInterface.java
@@ -0,0 +1,35 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership.  The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License.  You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.sentry.core.common;
+
+import org.apache.hadoop.conf.Configuration;
+
+import java.util.Map;
+
+interface SentryClientTransportConfigInterface {
+  SentryClientConstants.sentryClientSecurityMode getSecurityMode(Configuration conf);
+  int getClientRetryTotal(Configuration conf);
+  int getClientFullRetryTotal(Configuration conf);
+  boolean useUgiTransport(Configuration conf);
+  String getPrincipal(Configuration conf);
+  String getServerRpcAddress(Configuration conf);
+  int getServerRpcPort(Configuration conf);
+  int getServerRpcConnTimeout(Configuration conf);
+  Map<String, String> getSaslProperties();
+}

http://git-wip-us.apache.org/repos/asf/sentry/blob/d22df694/sentry-core/sentry-core-common/src/main/java/org/apache/sentry/core/common/SentryHDFSClientTransportConfig.java
----------------------------------------------------------------------
diff --git a/sentry-core/sentry-core-common/src/main/java/org/apache/sentry/core/common/SentryHDFSClientTransportConfig.java
b/sentry-core/sentry-core-common/src/main/java/org/apache/sentry/core/common/SentryHDFSClientTransportConfig.java
new file mode 100644
index 0000000..281e073
--- /dev/null
+++ b/sentry-core/sentry-core-common/src/main/java/org/apache/sentry/core/common/SentryHDFSClientTransportConfig.java
@@ -0,0 +1,90 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership.  The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License.  You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.sentry.core.common;
+
+import org.apache.hadoop.conf.Configuration;
+
+import javax.security.sasl.Sasl;
+import java.util.Collections;
+import java.util.HashMap;
+import java.util.Map;
+
+import static org.apache.sentry.core.common.SentryClientConstants.KERBEROS_MODE;
+import static org.apache.sentry.core.common.SentryClientConstants.HDFSClientConstants.*;
+import static org.apache.sentry.core.common.SentryClientConstants.sentryClientSecurityMode.SECURITY_MODE_KERBEROS;
+import static org.apache.sentry.core.common.SentryClientConstants.sentryClientSecurityMode.SECURITY_MODE_NONE;
+
+public class SentryHDFSClientTransportConfig implements SentryClientTransportConfigInterface
{
+  private static final Map<String, String> SASL_PROPERTIES;
+
+  static {
+    Map<String, String> saslProps = new HashMap<>();
+    saslProps.put(Sasl.SERVER_AUTH, "true");
+    saslProps.put(Sasl.QOP, "auth-conf");
+    SASL_PROPERTIES = Collections.unmodifiableMap(saslProps);
+  }
+
+  @Override
+  public SentryClientConstants.sentryClientSecurityMode getSecurityMode(Configuration conf)
{
+    return (conf.get(SECURITY_MODE, KERBEROS_MODE)
+            .equalsIgnoreCase((KERBEROS_MODE)) ?
+            SECURITY_MODE_KERBEROS : SECURITY_MODE_NONE);
+  }
+
+  @Override
+  public int getClientRetryTotal(Configuration conf) {
+    return conf.getInt(SENTRY_RPC_RETRY_TOTAL, SENTRY_RPC_RETRY_TOTAL_DEFAULT);
+  }
+
+  @Override
+  public int getClientFullRetryTotal(Configuration conf) {
+    return conf.getInt(SENTRY_FULL_RETRY_TOTAL, SENTRY_FULL_RETRY_TOTAL_DEFAULT);
+  }
+
+  @Override
+  public boolean useUgiTransport(Configuration conf) {
+    return "true".equalsIgnoreCase(conf.get(SECURITY_USE_UGI_TRANSPORT, "false"));
+  }
+
+  @Override
+  public String getPrincipal(Configuration conf) {
+    return conf.get(PRINCIPAL);
+  }
+
+  @Override
+  public String getServerRpcAddress(Configuration conf) {
+    return conf.get(SERVER_RPC_ADDRESS);
+  }
+
+  @Override
+  public int getServerRpcPort(Configuration conf) {
+    return conf.getInt(SERVER_RPC_PORT, RPC_PORT_DEFAULT);
+  }
+
+  @Override
+  public int getServerRpcConnTimeout(Configuration conf) {
+    return conf.getInt(SERVER_RPC_CONN_TIMEOUT, SERVER_RPC_CONN_TIMEOUT_DEFAULT);
+  }
+
+  @Override
+  public Map<String, String> getSaslProperties() {
+    return SASL_PROPERTIES;
+  }
+
+}

http://git-wip-us.apache.org/repos/asf/sentry/blob/d22df694/sentry-core/sentry-core-common/src/main/java/org/apache/sentry/core/common/SentryPolicyClientTransportConfig.java
----------------------------------------------------------------------
diff --git a/sentry-core/sentry-core-common/src/main/java/org/apache/sentry/core/common/SentryPolicyClientTransportConfig.java
b/sentry-core/sentry-core-common/src/main/java/org/apache/sentry/core/common/SentryPolicyClientTransportConfig.java
new file mode 100644
index 0000000..c05caa4
--- /dev/null
+++ b/sentry-core/sentry-core-common/src/main/java/org/apache/sentry/core/common/SentryPolicyClientTransportConfig.java
@@ -0,0 +1,91 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership.  The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License.  You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.sentry.core.common;
+
+import org.apache.hadoop.conf.Configuration;
+
+import javax.security.sasl.Sasl;
+
+import static org.apache.sentry.core.common.SentryClientConstants.KERBEROS_MODE;
+import static org.apache.sentry.core.common.SentryClientConstants.PolicyClientConstants.*;
+import static org.apache.sentry.core.common.SentryClientConstants.sentryClientSecurityMode.SECURITY_MODE_KERBEROS;
+import static org.apache.sentry.core.common.SentryClientConstants.sentryClientSecurityMode.SECURITY_MODE_NONE;
+
+import java.util.Collections;
+import java.util.HashMap;
+import java.util.Map;
+
+class SentryPolicyClientTransportConfig implements SentryClientTransportConfigInterface {
+
+  private static final Map<String, String> SASL_PROPERTIES;
+
+  static {
+    Map<String, String> saslProps = new HashMap<>();
+    saslProps.put(Sasl.SERVER_AUTH, "true");
+    saslProps.put(Sasl.QOP, "auth-conf");
+    SASL_PROPERTIES = Collections.unmodifiableMap(saslProps);
+  }
+
+  @Override
+  public SentryClientConstants.sentryClientSecurityMode getSecurityMode(Configuration conf)
{
+    return (conf.get(SECURITY_MODE, KERBEROS_MODE)
+            .equalsIgnoreCase((KERBEROS_MODE)) ?
+            SECURITY_MODE_KERBEROS : SECURITY_MODE_NONE);
+  }
+
+  @Override
+  public int getClientRetryTotal(Configuration conf) {
+    return conf.getInt(SENTRY_RPC_RETRY_TOTAL, SENTRY_RPC_RETRY_TOTAL_DEFAULT);
+  }
+
+  @Override
+  public int getClientFullRetryTotal(Configuration conf) {
+    return conf.getInt(SENTRY_FULL_RETRY_TOTAL, SENTRY_FULL_RETRY_TOTAL_DEFAULT);
+  }
+
+  @Override
+  public boolean useUgiTransport(Configuration conf) {
+    return "true".equalsIgnoreCase(conf.get(SECURITY_USE_UGI_TRANSPORT, "false"));
+  }
+
+  @Override
+  public String getPrincipal(Configuration conf) {
+    return conf.get(PRINCIPAL);
+  }
+
+  @Override
+  public String getServerRpcAddress(Configuration conf) {
+    return conf.get(SERVER_RPC_ADDRESS);
+  }
+
+  @Override
+  public int getServerRpcPort(Configuration conf) {
+    return conf.getInt(SERVER_RPC_PORT, RPC_PORT_DEFAULT);
+  }
+
+  @Override
+  public int getServerRpcConnTimeout(Configuration conf) {
+    return conf.getInt(SERVER_RPC_CONN_TIMEOUT, SERVER_RPC_CONN_TIMEOUT_DEFAULT);
+  }
+
+  @Override
+  public Map<String, String> getSaslProperties() {
+    return SASL_PROPERTIES;
+  }
+}


Mime
View raw message