Updated Branches: refs/heads/master 055e0146f -> 7649aad99
SENTRY-4: Rename Configuration properties that mention hive but are sentry related (Gregory Chanan via Shreepadma Venugopalan) Project: http://git-wip-us.apache.org/repos/asf/incubator-sentry/repo Commit: http://git-wip-us.apache.org/repos/asf/incubator-sentry/commit/7649aad9 Tree: http://git-wip-us.apache.org/repos/asf/incubator-sentry/tree/7649aad9 Diff: http://git-wip-us.apache.org/repos/asf/incubator-sentry/diff/7649aad9 Branch: refs/heads/master Commit: 7649aad99655c306948d2b1b520d2d151e604b5c Parents: 055e014 Author: Shreepadma Venugopalan <[email protected]> Authored: Fri Sep 27 14:49:50 2013 -0700 Committer: Shreepadma Venugopalan <[email protected]> Committed: Fri Sep 27 14:49:50 2013 -0700 ---------------------------------------------------------------------- .../binding/hive/authz/HiveAuthzBinding.java | 2 +- .../sentry/binding/hive/conf/HiveAuthzConf.java | 69 ++++++++++---------- .../binding/hive/TestHiveAuthzBindings.java | 2 +- .../sentry/binding/hive/TestHiveAuthzConf.java | 45 +++++++++---- .../src/test/resources/access-site.xml | 34 ---------- .../src/test/resources/sentry-site.xml | 6 +- .../src/test/resources/sentry-site.xml | 6 +- 7 files changed, 76 insertions(+), 88 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/7649aad9/sentry-binding/sentry-binding-hive/src/main/java/org/apache/sentry/binding/hive/authz/HiveAuthzBinding.java ---------------------------------------------------------------------- diff --git a/sentry-binding/sentry-binding-hive/src/main/java/org/apache/sentry/binding/hive/authz/HiveAuthzBinding.java b/sentry-binding/sentry-binding-hive/src/main/java/org/apache/sentry/binding/hive/authz/HiveAuthzBinding.java index 542b22c..8ecb41b 100644 --- a/sentry-binding/sentry-binding-hive/src/main/java/org/apache/sentry/binding/hive/authz/HiveAuthzBinding.java +++ b/sentry-binding/sentry-binding-hive/src/main/java/org/apache/sentry/binding/hive/authz/HiveAuthzBinding.java @@ -127,7 +127,7 @@ public class HiveAuthzBinding { String authProviderName = authzConf.get(AuthzConfVars.AUTHZ_PROVIDER.getVar()); String resourceName = authzConf.get(AuthzConfVars.AUTHZ_PROVIDER_RESOURCE.getVar()); - LOG.debug("Using authorization provide " + authProviderName + + LOG.debug("Using authorization provider " + authProviderName + " with resource " + resourceName); // load the authz provider class http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/7649aad9/sentry-binding/sentry-binding-hive/src/main/java/org/apache/sentry/binding/hive/conf/HiveAuthzConf.java ---------------------------------------------------------------------- diff --git a/sentry-binding/sentry-binding-hive/src/main/java/org/apache/sentry/binding/hive/conf/HiveAuthzConf.java b/sentry-binding/sentry-binding-hive/src/main/java/org/apache/sentry/binding/hive/conf/HiveAuthzConf.java index c51ce54..49edb09 100644 --- a/sentry-binding/sentry-binding-hive/src/main/java/org/apache/sentry/binding/hive/conf/HiveAuthzConf.java +++ b/sentry-binding/sentry-binding-hive/src/main/java/org/apache/sentry/binding/hive/conf/HiveAuthzConf.java @@ -41,27 +41,25 @@ public class HiveAuthzConf extends Configuration { * Config setting definitions */ public static enum AuthzConfVars { - AUTHZ_PROVIDER("hive.sentry.provider", - "org.apache.sentry.provider.file.ResourceAuthorizationProvider"), - AUTHZ_PROVIDER_RESOURCE("hive.sentry.provider.resource", ""), - AUTHZ_SERVER_NAME("hive.sentry.server", "HS2"), - AUTHZ_RESTRICT_DEFAULT_DB("hive.sentry.restrict.defaultDB", "false"), - SENTRY_TESTING_MODE("hive.sentry.testing.mode", "false"), - AUTHZ_UDF_WHITELIST("hive.sentry.udf.whitelist", HIVE_UDF_WHITE_LIST), - AUTHZ_ALLOW_HIVE_IMPERSONATION("hive.sentry.allow.hive.impersonation", "false"), - AUTHZ_ONFAILURE_HOOKS("hive.sentry.failure.hooks", ""), - - AUTHZ_PROVIDER_DEPRECATED("hive.access.provider", - "org.apache.sentry.provider.file.ResourceAuthorizationProvider"), - AUTHZ_PROVIDER_RESOURCE_DEPRECATED("hive.access.provider.resource", ""), - AUTHZ_SERVER_NAME_DEPRECATED("hive.access.server", "HS2"), - AUTHZ_RESTRICT_DEFAULT_DB_DEPRECATED("hive.access.restrict.defaultDB", "false"), - SENTRY_TESTING_MODE_DEPRECATED("hive.access.testing.mode", "false"), - AUTHZ_UDF_WHITELIST_DEPRECATED("hive.access.udf.whitelist", HIVE_UDF_WHITE_LIST), - AUTHZ_ALLOW_HIVE_IMPERSONATION_DEPRECATED("hive.access.allow.hive.impersonation", "false"), - AUTHZ_ONFAILURE_HOOKS_DEPRECATED("hive.access.failure.hooks", ""), - - ; + AUTHZ_PROVIDER("sentry.provider", + "org.apache.sentry.provider.file.ResourceAuthorizationProvider"), + AUTHZ_PROVIDER_RESOURCE("sentry.hive.provider.resource", ""), + AUTHZ_SERVER_NAME("sentry.hive.server", "HS2"), + AUTHZ_RESTRICT_DEFAULT_DB("sentry.hive.restrict.defaultDB", "false"), + SENTRY_TESTING_MODE("sentry.hive.testing.mode", "false"), + AUTHZ_UDF_WHITELIST("sentry.hive.udf.whitelist", HIVE_UDF_WHITE_LIST), + AUTHZ_ALLOW_HIVE_IMPERSONATION("sentry.hive.allow.hive.impersonation", "false"), + AUTHZ_ONFAILURE_HOOKS("sentry.hive.failure.hooks", ""), + + AUTHZ_PROVIDER_DEPRECATED("hive.sentry.provider", + "org.apache.sentry.provider.file.ResourceAuthorizationProvider"), + AUTHZ_PROVIDER_RESOURCE_DEPRECATED("hive.sentry.provider.resource", ""), + AUTHZ_SERVER_NAME_DEPRECATED("hive.sentry.server", "HS2"), + AUTHZ_RESTRICT_DEFAULT_DB_DEPRECATED("hive.sentry.restrict.defaultDB", "false"), + SENTRY_TESTING_MODE_DEPRECATED("hive.sentry.testing.mode", "false"), + AUTHZ_UDF_WHITELIST_DEPRECATED("hive.sentry.udf.whitelist", HIVE_UDF_WHITE_LIST), + AUTHZ_ALLOW_HIVE_IMPERSONATION_DEPRECATED("hive.sentry.allow.hive.impersonation", "false"), + AUTHZ_ONFAILURE_HOOKS_DEPRECATED("hive.sentry.failure.hooks", ""); private final String varName; private final String defaultVal; @@ -108,17 +106,22 @@ public class HiveAuthzConf extends Configuration { "variance,weekofyear,when,xpath,xpath_boolean,xpath_double,xpath_float,xpath_int,xpath_long," + "xpath_number,xpath_short,xpath_string,year"; - private static final Map<String, AuthzConfVars> deprecatedConfigs = + // map of current property names - > deprecated property names. + // The binding layer code should work if the deprecated property names are provided, + // as long as the new property names aren't also provided. Since the binding code + // only calls the new property names, we require a map from current names to deprecated + // names in order to check if the deprecated name of a property was set. + private static final Map<String, AuthzConfVars> currentToDeprecatedProps = new HashMap<String, AuthzConfVars>(); static { - deprecatedConfigs.put(AuthzConfVars.AUTHZ_PROVIDER_DEPRECATED.getVar(), AuthzConfVars.AUTHZ_PROVIDER); - deprecatedConfigs.put(AuthzConfVars.AUTHZ_PROVIDER_RESOURCE_DEPRECATED.getVar(), AuthzConfVars.AUTHZ_PROVIDER_RESOURCE); - deprecatedConfigs.put(AuthzConfVars.AUTHZ_SERVER_NAME_DEPRECATED.getVar(), AuthzConfVars.AUTHZ_SERVER_NAME); - deprecatedConfigs.put(AuthzConfVars.AUTHZ_RESTRICT_DEFAULT_DB_DEPRECATED.getVar(), AuthzConfVars.AUTHZ_RESTRICT_DEFAULT_DB); - deprecatedConfigs.put(AuthzConfVars.SENTRY_TESTING_MODE_DEPRECATED.getVar(), AuthzConfVars.SENTRY_TESTING_MODE); - deprecatedConfigs.put(AuthzConfVars.AUTHZ_UDF_WHITELIST_DEPRECATED.getVar(), AuthzConfVars.AUTHZ_UDF_WHITELIST); - deprecatedConfigs.put(AuthzConfVars.AUTHZ_ALLOW_HIVE_IMPERSONATION_DEPRECATED.getVar(), AuthzConfVars.AUTHZ_ALLOW_HIVE_IMPERSONATION); - deprecatedConfigs.put(AuthzConfVars.AUTHZ_ONFAILURE_HOOKS_DEPRECATED.getVar(), AuthzConfVars.AUTHZ_ONFAILURE_HOOKS); + currentToDeprecatedProps.put(AuthzConfVars.AUTHZ_PROVIDER.getVar(), AuthzConfVars.AUTHZ_PROVIDER_DEPRECATED); + currentToDeprecatedProps.put(AuthzConfVars.AUTHZ_PROVIDER_RESOURCE.getVar(), AuthzConfVars.AUTHZ_PROVIDER_RESOURCE_DEPRECATED); + currentToDeprecatedProps.put(AuthzConfVars.AUTHZ_SERVER_NAME.getVar(), AuthzConfVars.AUTHZ_SERVER_NAME_DEPRECATED); + currentToDeprecatedProps.put(AuthzConfVars.AUTHZ_RESTRICT_DEFAULT_DB.getVar(), AuthzConfVars.AUTHZ_RESTRICT_DEFAULT_DB_DEPRECATED); + currentToDeprecatedProps.put(AuthzConfVars.SENTRY_TESTING_MODE.getVar(), AuthzConfVars.SENTRY_TESTING_MODE_DEPRECATED); + currentToDeprecatedProps.put(AuthzConfVars.AUTHZ_UDF_WHITELIST.getVar(), AuthzConfVars.AUTHZ_UDF_WHITELIST_DEPRECATED); + currentToDeprecatedProps.put(AuthzConfVars.AUTHZ_ALLOW_HIVE_IMPERSONATION.getVar(), AuthzConfVars.AUTHZ_ALLOW_HIVE_IMPERSONATION_DEPRECATED); + currentToDeprecatedProps.put(AuthzConfVars.AUTHZ_ONFAILURE_HOOKS.getVar(), AuthzConfVars.AUTHZ_ONFAILURE_HOOKS_DEPRECATED); }; @SuppressWarnings("unused") @@ -163,13 +166,13 @@ public class HiveAuthzConf extends Configuration { String retVal = super.get(varName); if (retVal == null) { // check if the deprecated value is set here - if (deprecatedConfigs.containsKey(varName)) { - retVal = super.get(deprecatedConfigs.get(varName).getVar()); + if (currentToDeprecatedProps.containsKey(varName)) { + retVal = super.get(currentToDeprecatedProps.get(varName).getVar()); } if (retVal == null) { retVal = AuthzConfVars.getDefault(varName); } else { - Log.info("Using the deprecated config setting " + deprecatedConfigs.get(varName).getVar() + + Log.warn("Using the deprecated config setting " + currentToDeprecatedProps.get(varName).getVar() + " instead of " + varName); } } http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/7649aad9/sentry-binding/sentry-binding-hive/src/test/java/org/apache/sentry/binding/hive/TestHiveAuthzBindings.java ---------------------------------------------------------------------- diff --git a/sentry-binding/sentry-binding-hive/src/test/java/org/apache/sentry/binding/hive/TestHiveAuthzBindings.java b/sentry-binding/sentry-binding-hive/src/test/java/org/apache/sentry/binding/hive/TestHiveAuthzBindings.java index fb3d3f0..fde3181 100644 --- a/sentry-binding/sentry-binding-hive/src/test/java/org/apache/sentry/binding/hive/TestHiveAuthzBindings.java +++ b/sentry-binding/sentry-binding-hive/src/test/java/org/apache/sentry/binding/hive/TestHiveAuthzBindings.java @@ -79,7 +79,7 @@ public class TestHiveAuthzBindings { private List<List<Authorizable>> inputTabHierarcyList = new ArrayList<List<Authorizable>>(); private List<List<Authorizable>> outputTabHierarcyList = new ArrayList<List<Authorizable>>(); private HiveConf hiveConf = new HiveConf(); - private HiveAuthzConf authzConf = new HiveAuthzConf(Resources.getResource("access-site.xml")); + private HiveAuthzConf authzConf = new HiveAuthzConf(Resources.getResource("sentry-deprecated-site.xml")); // Privileges private static final HiveAuthzPrivileges queryPrivileges = http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/7649aad9/sentry-binding/sentry-binding-hive/src/test/java/org/apache/sentry/binding/hive/TestHiveAuthzConf.java ---------------------------------------------------------------------- diff --git a/sentry-binding/sentry-binding-hive/src/test/java/org/apache/sentry/binding/hive/TestHiveAuthzConf.java b/sentry-binding/sentry-binding-hive/src/test/java/org/apache/sentry/binding/hive/TestHiveAuthzConf.java index de59546..ea2c7ea 100644 --- a/sentry-binding/sentry-binding-hive/src/test/java/org/apache/sentry/binding/hive/TestHiveAuthzConf.java +++ b/sentry-binding/sentry-binding-hive/src/test/java/org/apache/sentry/binding/hive/TestHiveAuthzConf.java @@ -16,6 +16,8 @@ */ package org.apache.sentry.binding.hive; +import java.util.Arrays; +import java.util.List; import org.apache.sentry.binding.hive.conf.HiveAuthzConf; import org.apache.sentry.binding.hive.conf.HiveAuthzConf.AuthzConfVars; import org.junit.Assert; @@ -27,37 +29,54 @@ import com.google.common.io.Resources; public class TestHiveAuthzConf { private HiveAuthzConf authzConf; private HiveAuthzConf authzDepConf; + private List<AuthzConfVars> currentProps; @Before public void setUp() { authzConf = new HiveAuthzConf(Resources.getResource("sentry-site.xml")); - authzDepConf = new HiveAuthzConf(Resources.getResource("access-site.xml")); + authzDepConf = new HiveAuthzConf(Resources.getResource("sentry-deprecated-site.xml")); + currentProps = Arrays.asList(new AuthzConfVars[] { + AuthzConfVars.AUTHZ_PROVIDER, AuthzConfVars.AUTHZ_PROVIDER_RESOURCE, + AuthzConfVars.AUTHZ_SERVER_NAME, AuthzConfVars.AUTHZ_RESTRICT_DEFAULT_DB, + AuthzConfVars.SENTRY_TESTING_MODE, AuthzConfVars.AUTHZ_UDF_WHITELIST, + AuthzConfVars.AUTHZ_ALLOW_HIVE_IMPERSONATION, AuthzConfVars.AUTHZ_ONFAILURE_HOOKS }); + } @Test public void testConfig() { - Assert.assertEquals("org.apache.sentry.provider.file.fooProvider", + Assert.assertEquals("deprecated", authzDepConf.get(AuthzConfVars.AUTHZ_PROVIDER_DEPRECATED.getVar())); Assert.assertEquals("org.apache.sentry.provider.file.fooProvider", authzConf.get(AuthzConfVars.AUTHZ_PROVIDER.getVar())); } + /** + * Check that the deprecated property values are used if the current properties + * are not set. + */ @Test - public void testConfigOverload() { - authzConf.set(AuthzConfVars.AUTHZ_PROVIDER_RESOURCE.getVar(), "fooFile"); - Assert.assertEquals("fooFile", - authzConf.get(AuthzConfVars.AUTHZ_PROVIDER_RESOURCE.getVar())); - authzDepConf.set(AuthzConfVars.AUTHZ_PROVIDER_RESOURCE_DEPRECATED.getVar(), "fooFile"); - Assert.assertEquals("fooFile", - authzDepConf.get(AuthzConfVars.AUTHZ_PROVIDER_RESOURCE_DEPRECATED.getVar())); + public void testDeprecatedConfig() { + for (AuthzConfVars currentVar : currentProps) { + Assert.assertEquals("deprecated", authzDepConf.get(currentVar.getVar())); + } } /** - * Check the deprecated properties from the config files that doesn't explicitly set it + * Test that deprecated configs do not override non-deprecated configs */ @Test - public void testDeprecatedConfig() { - Assert.assertEquals("classpath:test-authz-provider.ini", - authzConf.get(AuthzConfVars.AUTHZ_PROVIDER_RESOURCE_DEPRECATED.getVar())); + public void testDeprecatedOverride() { + try { + for (AuthzConfVars currentVar : currentProps) { + authzDepConf.set(currentVar.getVar(), "current"); + Assert.assertEquals("current", authzDepConf.get(currentVar.getVar())); + } + } + finally { + for (AuthzConfVars currentVar : currentProps) { + authzDepConf.unset(currentVar.getVar()); + } + } } } http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/7649aad9/sentry-binding/sentry-binding-hive/src/test/resources/access-site.xml ---------------------------------------------------------------------- diff --git a/sentry-binding/sentry-binding-hive/src/test/resources/access-site.xml b/sentry-binding/sentry-binding-hive/src/test/resources/access-site.xml deleted file mode 100644 index 1936c21..0000000 --- a/sentry-binding/sentry-binding-hive/src/test/resources/access-site.xml +++ /dev/null @@ -1,34 +0,0 @@ -<?xml version="1.0"?> -<?xml-stylesheet type="text/xsl" href="configuration.xsl"?> -<!-- - Licensed to the Apache Software Foundation (ASF) under one or more - contributor license agreements. See the NOTICE file distributed with - this work for additional information regarding copyright ownership. - The ASF licenses this file to You under the Apache License, Version 2.0 - (the "License"); you may not use this file except in compliance with - the License. You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - - Unless required by applicable law or agreed to in writing, software - distributed under the License is distributed on an "AS IS" BASIS, - WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - See the License for the specific language governing permissions and - limitations under the License. ---> - -<configuration> - <property> - <name>hive.access.provider</name> - <value>org.apache.sentry.provider.file.fooProvider</value> - </property> - <property> - <name>hive.access.provider.resource</name> - <value>classpath:test-authz-provider.ini</value> - </property> - <property> - <name>hive.access.server</name> - <value>myHS2</value> - </property> -</configuration> - http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/7649aad9/sentry-binding/sentry-binding-hive/src/test/resources/sentry-site.xml ---------------------------------------------------------------------- diff --git a/sentry-binding/sentry-binding-hive/src/test/resources/sentry-site.xml b/sentry-binding/sentry-binding-hive/src/test/resources/sentry-site.xml index beef40d..26fdab1 100644 --- a/sentry-binding/sentry-binding-hive/src/test/resources/sentry-site.xml +++ b/sentry-binding/sentry-binding-hive/src/test/resources/sentry-site.xml @@ -19,15 +19,15 @@ <configuration> <property> - <name>hive.sentry.provider</name> + <name>sentry.provider</name> <value>org.apache.sentry.provider.file.fooProvider</value> </property> <property> - <name>hive.sentry.provider.resource</name> + <name>sentry.hive.provider.resource</name> <value>classpath:test-authz-provider.ini</value> </property> <property> - <name>hive.sentry.server</name> + <name>sentry.hive.server</name> <value>myHS2</value> </property> </configuration> http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/7649aad9/sentry-tests/sentry-tests-hive/src/test/resources/sentry-site.xml ---------------------------------------------------------------------- diff --git a/sentry-tests/sentry-tests-hive/src/test/resources/sentry-site.xml b/sentry-tests/sentry-tests-hive/src/test/resources/sentry-site.xml index de0c9cf..d068011 100644 --- a/sentry-tests/sentry-tests-hive/src/test/resources/sentry-site.xml +++ b/sentry-tests/sentry-tests-hive/src/test/resources/sentry-site.xml @@ -19,15 +19,15 @@ <configuration> <property> - <name>hive.sentry.provider</name> + <name>sentry.provider</name> <value>invalid</value> </property> <property> - <name>hive.sentry.provider.resource</name> + <name>sentry.hive.provider.resource</name> <value>invalid</value> </property> <property> - <name>hive.sentry.server</name> + <name>sentry.hive.server</name> <value>myHS2</value> </property> </configuration>
