[
https://issues.apache.org/jira/browse/SENTRY-1757?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16004001#comment-16004001
]
Na Li edited comment on SENTRY-1757 at 5/10/17 4:03 AM:
--------------------------------------------------------
in the test, the following happens in the order below
1. in TestHDFSIntegrationBase.startSentry(), sentry server is created and
started
2. in TestHDFSIntegrationBase.startHiveAndMetastore(), hive port is found, hive
configuration is set, and sentry-site.xml and hive-site.xml are saved from
configuration. The meta store uri is in both sentry-site.xml and hive-site.xml.
for example
"<property><name>hive.metastore.uris</name><value>thrift://localhost:43334</value><source>programatically</source></property>"
3. When HMSFollower.run() is called, in HMSFollower.getMetaStoreClient(),
HiveConf instance is created. In its static block called by constructor, it
finds location of hive-site.xml ("hiveSiteURL =
arr$.getResource("hive-site.xml");").
If the hive-site.xml at step 2 is present, its configuration is loaded in
HiveConf.initialize(). And meta data uri is used by HiveMetaStoreClient in
HMSFollower.getMetaStoreClient(). So real meta store is used by client.
If the hive-site.xml at step 2 is not present yet, the local metastore will be
loaded, and local meta store will be used by client.
(String msUri =this.getVar(HiveConf.ConfVars.METASTOREURIS);
if(HiveConfUtil.isEmbeddedMetaStore(msUri)) {
setLoadMetastoreConfig(true);
})
was (Author: linaataustin):
in the test, the following happens in the order below
1. in TestHDFSIntegrationBase.startSentry(), sentry server is created and
started
2. in TestHDFSIntegrationBase.startHiveAndMetastore(), hive port is found, hive
configuration is set, and sentry-site.xml and hive-site.xml are saved from
configuration. The meta store uri is in both sentry-site.xml and hive-site.xml.
for example
"<property><name>hive.metastore.uris</name><value>thrift://localhost:43334</value><source>programatically</source></property>"
3. When HMSFollower.run() is called, in HMSFollower.getMetaStoreClient(),
HiveConf instance is created. In its static block called by constructor, it
finds location of hive-site.xml ("hiveSiteURL =
arr$.getResource("hive-site.xml");").
If the hive-site.xml at step 2 is present, its configuration is loaded in
HiveConf.initialize(). And meta data uri is used by HiveMetaStoreClient in
HMSFollower.getMetaStoreClient().
If the hive-site.xml at step 2 is not present yet, the local metastore will be
loaded.
(String msUri =this.getVar(HiveConf.ConfVars.METASTOREURIS);
if(HiveConfUtil.isEmbeddedMetaStore(msUri)) {
setLoadMetastoreConfig(true);
})
> Avoid using local hive meta store using wrong configuration
> -----------------------------------------------------------
>
> Key: SENTRY-1757
> URL: https://issues.apache.org/jira/browse/SENTRY-1757
> Project: Sentry
> Issue Type: Sub-task
> Components: Sentry
> Affects Versions: sentry-ha-redesign
> Reporter: Na Li
> Assignee: Na Li
> Priority: Blocker
> Labels: security
> Attachments: SENTRY-1757.001-sentry-ha-redesign.patch
>
>
> When HMSFollower.getMetaStoreClient() checks if it should create
> HiveMetaStoreClient, it uses the input configuration from SentryService.
> In real cluster deployment, the configuration does not contain value for
> "hive.metastore.uris", and therefore, HMSFollower never connects to the real
> meta store.
> In integration test, the configuration contains value for
> "hive.metastore.uris". Therefore integration tests pass.
> We need to check Hive configuration to avoid connecting to local meta store.
> And remove the value for "hive.metastore.uris" in integration test, so its
> behavior is the same as real cluster deployment.
> TestHDFSIntegrationBase.startSentry() `properties.put("hive.metastore.uris",
> "thrift://localhost:" + hmsPort);` is introduced in SENTRY-1429, SENTRY-1454,
> and SENTRY-1456
--
This message was sent by Atlassian JIRA
(v6.3.15#6346)
