def get_sentry_client(username,
client_class,
exempt_host=None,
component=None):
server = None
if is_ha_enabled():
servers = _get_server_properties(exempt_host=exempt_host)
if servers:
server = random.choice(servers)
if server is None:
if HOSTNAME.get() and PORT.get():
LOG.info(
'No Sentry servers configured in %s, falling back to libsentry configured host: %s:%s'
% (_CONF_SENTRY_SERVER_RPC_ADDRESSES, HOSTNAME.get(),
PORT.get()))
server = {'hostname': HOSTNAME.get(), 'port': PORT.get()}
else:
raise PopupException(_('No Sentry servers are configured.'))
if component:
client = client_class(server['hostname'],
server['port'],
username,
component=component)
else:
client = client_class(server['hostname'], server['port'], username)
return client
def test_no_rpc_hosts(self):
# Test with no rpc hosts and fallback to hostname and port
xml = self._sentry_site_xml(rpc_addresses='')
file(os.path.join(self.tmpdir, 'sentry-site.xml'), 'w').write(xml)
sentry_site.reset()
api = get_api(self.user)
assert_false(sentry_site.is_ha_enabled(), sentry_site.get_sentry_server_rpc_addresses())
assert_true(is_enabled() and HOSTNAME.get() and HOSTNAME.get() != 'localhost')
resp = api.list_sentry_roles_by_group(groupName='*')
assert_true(isinstance(resp, list))
api2 = get_api2(self.user, 'solr')
resp = api2.list_sentry_roles_by_group(groupName='*')
assert_true(isinstance(resp, list))
def get_sentry_server_principal():
# Get kerberos principal and replace host pattern
principal = get_conf().get(_CONF_SENTRY_SERVER_PRINCIPAL, None)
if principal:
fqdn = security_util.get_fqdn(HOSTNAME.get())
return security_util.get_kerberos_principal(principal, fqdn)
else:
return None
def test_get_collections(self):
client = SentryClient(HOSTNAME.get(), PORT.get(), 'test')
resp = client.list_sentry_roles_by_group() # Non Sentry Admin can do that
assert_not_equal(0, resp.status.value, resp)
assert_true('denied' in resp.status.message, resp)
resp = client.list_sentry_roles_by_group(groupName='*')
assert_equal(0, resp.status.value, resp)
def get_sentry_server_principal():
# Get kerberos principal and replace host pattern
principal = get_conf().get(_CONF_SENTRY_SERVER_PRINCIPAL, None)
if principal:
fqdn = security_util.get_fqdn(HOSTNAME.get())
return security_util.get_kerberos_principal(principal, fqdn)
else:
return None
def _get_client(username):
if get_sentry_server_ha_enabled():
servers = _get_server_properties()
if servers:
server = random.choice(servers)
else:
raise PopupException(_('No Sentry servers are available.'))
else:
server = {'hostname': HOSTNAME.get(), 'port': PORT.get()}
return SentryClient(server['hostname'], server['port'], username)
def _get_client(username):
if get_sentry_server_ha_enabled():
servers = _get_server_properties()
if servers:
server = random.choice(servers)
else:
raise PopupException(_("No Sentry servers are available."))
else:
server = {"hostname": HOSTNAME.get(), "port": PORT.get()}
return SentryClient(server["hostname"], server["port"], username)
def setup_class(cls):
if not is_live_cluster():
raise SkipTest()
cls.client = make_logged_in_client(username='******', is_superuser=False)
cls.user = User.objects.get(username='******')
add_to_group('test')
grant_access("test", "test", "libsentry")
cls.db = SentryClient(HOSTNAME.get(), PORT.get(), 'test')
def setup_class(cls):
if not is_live_cluster():
raise SkipTest()
cls.client = make_logged_in_client(username='******', is_superuser=False)
cls.user = User.objects.get(username='******')
add_to_group('test')
grant_access("test", "test", "libsentry")
cls.db = SentryClient(HOSTNAME.get(), PORT.get(), 'test')
def _get_client(username):
if get_sentry_server_ha_enabled():
servers = _get_server_properties()
if servers:
server = random.choice(servers)
else:
raise PopupException(_('No Sentry servers are available.'))
else:
server = {
'hostname': HOSTNAME.get(),
'port': PORT.get()
}
return SentryClient(server['hostname'], server['port'], username)
def setup_class(cls):
if not is_live_cluster():
raise SkipTest('Sentry tests require a live sentry server')
if not os.path.exists(os.path.join(SENTRY_CONF_DIR.get(), 'sentry-site.xml')):
raise SkipTest('Could not find sentry-site.xml, skipping sentry tests')
cls.client = make_logged_in_client(username='******', is_superuser=False)
cls.user = User.objects.get(username='******')
add_to_group('test')
grant_access("test", "test", "libsentry")
cls.db = SentryClient(HOSTNAME.get(), PORT.get(), 'test')
def get_sentry_client(username,
client_class,
exempt_host=None,
component=None,
retries=0,
seed=None):
server = None
if is_ha_enabled():
servers = _get_server_properties(exempt_host=exempt_host)
seed_function = lambda: seed if seed else random.random()
random.shuffle(servers, seed_function)
if servers and retries < len(servers):
server = servers[retries]
else:
raise PopupException(
_('Tried %s Sentry servers HA, none are available.') % retries)
else:
if HOSTNAME.get() and PORT.get():
LOG.info(
'No Sentry servers configured in %s, falling back to libsentry configured host: %s:%s'
% (_CONF_SENTRY_SERVER_RPC_ADDRESSES, HOSTNAME.get(),
PORT.get()))
server = {'hostname': HOSTNAME.get(), 'port': PORT.get()}
else:
raise PopupException(_('No Sentry servers are configured.'))
if component:
client = client_class(server['hostname'],
server['port'],
username,
component=component)
else:
client = client_class(server['hostname'], server['port'], username)
return client
def get_sentry_server(current_host=None):
'''
Returns the next Sentry server if current_host is set, or a random server if current_host is None.
If servers contains a single server, the server will be set to the same current_host.
If servers is None, attempts to fallback to libsentry configs, else raises exception.
@param current_host: currently set host, if any
@return: server dict with hostname and port key/values
'''
if is_ha_enabled():
servers = get_sentry_servers()
hosts = [s['hostname'] for s in servers]
next_idx = random.randint(0, len(servers) - 1)
if current_host is not None and hosts:
try:
current_idx = hosts.index(current_host)
LOG.debug("Current Sentry host, %s, index is: %d." %
(current_host, current_idx))
next_idx = (current_idx + 1) % len(servers)
except ValueError as e:
LOG.warn("Current host: %s not found in list of servers: %s" %
(current_host, ','.join(hosts)))
server = servers[next_idx]
LOG.debug("Returning Sentry host, %s, at next index: %d." %
(server['hostname'], next_idx))
else:
if HOSTNAME.get() and PORT.get():
LOG.info(
'No Sentry servers configured in %s, falling back to libsentry configured host: %s:%s'
% (_CONF_SENTRY_SERVER_RPC_ADDRESSES, HOSTNAME.get(),
PORT.get()))
server = {'hostname': HOSTNAME.get(), 'port': PORT.get()}
else:
raise PopupException(_('No Sentry servers are configured.'))
return server
def setup_class(cls):
if not is_live_cluster():
raise SkipTest('Sentry tests require a live sentry server')
if not os.path.exists(
os.path.join(SENTRY_CONF_DIR.get(), 'sentry-site.xml')):
raise SkipTest(
'Could not find sentry-site.xml, skipping sentry tests')
cls.client = make_logged_in_client(username='******', is_superuser=False)
cls.user = User.objects.get(username='******')
add_to_group('test')
grant_access("test", "test", "libsentry")
cls.db = SentryClient(HOSTNAME.get(), PORT.get(), 'test')
def get_api(user): return SentryApi(SentryClient(HOSTNAME.get(), PORT.get(), user.username))
def get_api(user):
return SentryApi(SentryClient(HOSTNAME.get(), PORT.get(), user.username))
next_idx = random.randint(0, len(servers) - 1)
if current_host is not None and hosts:
try:
current_idx = hosts.index(current_host)
LOG.debug("Current Sentry host, %s, index is: %d." %
(current_host, current_idx))
next_idx = (current_idx + 1) % len(servers)
except ValueError, e:
LOG.warn("Current host: %s not found in list of servers: %s" %
(current_host, ','.join(hosts)))
server = servers[next_idx]
LOG.debug("Returning Sentry host, %s, at next index: %d." %
(server['hostname'], next_idx))
else:
if HOSTNAME.get() and PORT.get():
LOG.info(
'No Sentry servers configured in %s, falling back to libsentry configured host: %s:%s'
% (_CONF_SENTRY_SERVER_RPC_ADDRESSES, HOSTNAME.get(),
PORT.get()))
server = {'hostname': HOSTNAME.get(), 'port': PORT.get()}
else:
raise PopupException(_('No Sentry servers are configured.'))
return server
def get_sentry_servers():
try:
servers = []
sentry_servers = get_sentry_server_rpc_addresses()
