def get_sentry_client(username, client_class, exempt_host=None, component=None): server = None if is_ha_enabled(): servers = _get_server_properties(exempt_host=exempt_host) if servers: server = random.choice(servers) if server is None: if HOSTNAME.get() and PORT.get(): LOG.info( 'No Sentry servers configured in %s, falling back to libsentry configured host: %s:%s' % (_CONF_SENTRY_SERVER_RPC_ADDRESSES, HOSTNAME.get(), PORT.get())) server = {'hostname': HOSTNAME.get(), 'port': PORT.get()} else: raise PopupException(_('No Sentry servers are configured.')) if component: client = client_class(server['hostname'], server['port'], username, component=component) else: client = client_class(server['hostname'], server['port'], username) return client
def test_no_rpc_hosts(self): # Test with no rpc hosts and fallback to hostname and port xml = self._sentry_site_xml(rpc_addresses='') file(os.path.join(self.tmpdir, 'sentry-site.xml'), 'w').write(xml) sentry_site.reset() api = get_api(self.user) assert_false(sentry_site.is_ha_enabled(), sentry_site.get_sentry_server_rpc_addresses()) assert_true(is_enabled() and HOSTNAME.get() and HOSTNAME.get() != 'localhost') resp = api.list_sentry_roles_by_group(groupName='*') assert_true(isinstance(resp, list)) api2 = get_api2(self.user, 'solr') resp = api2.list_sentry_roles_by_group(groupName='*') assert_true(isinstance(resp, list))
def get_sentry_server_principal(): # Get kerberos principal and replace host pattern principal = get_conf().get(_CONF_SENTRY_SERVER_PRINCIPAL, None) if principal: fqdn = security_util.get_fqdn(HOSTNAME.get()) return security_util.get_kerberos_principal(principal, fqdn) else: return None
def test_get_collections(self): client = SentryClient(HOSTNAME.get(), PORT.get(), 'test') resp = client.list_sentry_roles_by_group() # Non Sentry Admin can do that assert_not_equal(0, resp.status.value, resp) assert_true('denied' in resp.status.message, resp) resp = client.list_sentry_roles_by_group(groupName='*') assert_equal(0, resp.status.value, resp)
def _get_client(username): if get_sentry_server_ha_enabled(): servers = _get_server_properties() if servers: server = random.choice(servers) else: raise PopupException(_('No Sentry servers are available.')) else: server = {'hostname': HOSTNAME.get(), 'port': PORT.get()} return SentryClient(server['hostname'], server['port'], username)
def _get_client(username): if get_sentry_server_ha_enabled(): servers = _get_server_properties() if servers: server = random.choice(servers) else: raise PopupException(_("No Sentry servers are available.")) else: server = {"hostname": HOSTNAME.get(), "port": PORT.get()} return SentryClient(server["hostname"], server["port"], username)
def setup_class(cls): if not is_live_cluster(): raise SkipTest() cls.client = make_logged_in_client(username='******', is_superuser=False) cls.user = User.objects.get(username='******') add_to_group('test') grant_access("test", "test", "libsentry") cls.db = SentryClient(HOSTNAME.get(), PORT.get(), 'test')
def _get_client(username): if get_sentry_server_ha_enabled(): servers = _get_server_properties() if servers: server = random.choice(servers) else: raise PopupException(_('No Sentry servers are available.')) else: server = { 'hostname': HOSTNAME.get(), 'port': PORT.get() } return SentryClient(server['hostname'], server['port'], username)
def setup_class(cls): if not is_live_cluster(): raise SkipTest('Sentry tests require a live sentry server') if not os.path.exists(os.path.join(SENTRY_CONF_DIR.get(), 'sentry-site.xml')): raise SkipTest('Could not find sentry-site.xml, skipping sentry tests') cls.client = make_logged_in_client(username='******', is_superuser=False) cls.user = User.objects.get(username='******') add_to_group('test') grant_access("test", "test", "libsentry") cls.db = SentryClient(HOSTNAME.get(), PORT.get(), 'test')
def get_sentry_client(username, client_class, exempt_host=None, component=None, retries=0, seed=None): server = None if is_ha_enabled(): servers = _get_server_properties(exempt_host=exempt_host) seed_function = lambda: seed if seed else random.random() random.shuffle(servers, seed_function) if servers and retries < len(servers): server = servers[retries] else: raise PopupException( _('Tried %s Sentry servers HA, none are available.') % retries) else: if HOSTNAME.get() and PORT.get(): LOG.info( 'No Sentry servers configured in %s, falling back to libsentry configured host: %s:%s' % (_CONF_SENTRY_SERVER_RPC_ADDRESSES, HOSTNAME.get(), PORT.get())) server = {'hostname': HOSTNAME.get(), 'port': PORT.get()} else: raise PopupException(_('No Sentry servers are configured.')) if component: client = client_class(server['hostname'], server['port'], username, component=component) else: client = client_class(server['hostname'], server['port'], username) return client
def get_sentry_server(current_host=None): ''' Returns the next Sentry server if current_host is set, or a random server if current_host is None. If servers contains a single server, the server will be set to the same current_host. If servers is None, attempts to fallback to libsentry configs, else raises exception. @param current_host: currently set host, if any @return: server dict with hostname and port key/values ''' if is_ha_enabled(): servers = get_sentry_servers() hosts = [s['hostname'] for s in servers] next_idx = random.randint(0, len(servers) - 1) if current_host is not None and hosts: try: current_idx = hosts.index(current_host) LOG.debug("Current Sentry host, %s, index is: %d." % (current_host, current_idx)) next_idx = (current_idx + 1) % len(servers) except ValueError as e: LOG.warn("Current host: %s not found in list of servers: %s" % (current_host, ','.join(hosts))) server = servers[next_idx] LOG.debug("Returning Sentry host, %s, at next index: %d." % (server['hostname'], next_idx)) else: if HOSTNAME.get() and PORT.get(): LOG.info( 'No Sentry servers configured in %s, falling back to libsentry configured host: %s:%s' % (_CONF_SENTRY_SERVER_RPC_ADDRESSES, HOSTNAME.get(), PORT.get())) server = {'hostname': HOSTNAME.get(), 'port': PORT.get()} else: raise PopupException(_('No Sentry servers are configured.')) return server
def setup_class(cls): if not is_live_cluster(): raise SkipTest('Sentry tests require a live sentry server') if not os.path.exists( os.path.join(SENTRY_CONF_DIR.get(), 'sentry-site.xml')): raise SkipTest( 'Could not find sentry-site.xml, skipping sentry tests') cls.client = make_logged_in_client(username='******', is_superuser=False) cls.user = User.objects.get(username='******') add_to_group('test') grant_access("test", "test", "libsentry") cls.db = SentryClient(HOSTNAME.get(), PORT.get(), 'test')
def get_api(user): return SentryApi(SentryClient(HOSTNAME.get(), PORT.get(), user.username))
next_idx = random.randint(0, len(servers) - 1) if current_host is not None and hosts: try: current_idx = hosts.index(current_host) LOG.debug("Current Sentry host, %s, index is: %d." % (current_host, current_idx)) next_idx = (current_idx + 1) % len(servers) except ValueError, e: LOG.warn("Current host: %s not found in list of servers: %s" % (current_host, ','.join(hosts))) server = servers[next_idx] LOG.debug("Returning Sentry host, %s, at next index: %d." % (server['hostname'], next_idx)) else: if HOSTNAME.get() and PORT.get(): LOG.info( 'No Sentry servers configured in %s, falling back to libsentry configured host: %s:%s' % (_CONF_SENTRY_SERVER_RPC_ADDRESSES, HOSTNAME.get(), PORT.get())) server = {'hostname': HOSTNAME.get(), 'port': PORT.get()} else: raise PopupException(_('No Sentry servers are configured.')) return server def get_sentry_servers(): try: servers = [] sentry_servers = get_sentry_server_rpc_addresses()