SENTRY-1846 - Use a consistent configuration variable for the sentry provider property

 - Reviewed by Sergio Pena, Brian Towles, Na Li.

Author: coheigea

conf/sentry-site.xml.hive-client.template

@@ -72,7 +72,7 @@
 -->
 
   <property>
-    <name>sentry.provider</name>
+    <name>sentry.hive.provider</name>
     <value>org.apache.sentry.provider.file.HadoopGroupResourceAuthorizationProvider</value>
     <description> Deprecated name: hive.sentry.provider.  Group mapping which should be used at client side</description>
   </property>

conf/sentry-site.xml.solr-client.example

@@ -19,7 +19,7 @@
 
 <configuration>
   <property>
-    <name>sentry.provider</name>
+    <name>sentry.solr.provider</name>
     <value>org.apache.sentry.provider.file.LocalGroupResourceAuthorizationProvider</value>
   </property>
   <property>

sentry-binding/sentry-binding-hive-conf/src/main/java/org/apache/sentry/binding/hive/conf/HiveAuthzConf.java

@@ -88,7 +88,7 @@ public class HiveAuthzConf extends Configuration {
      * Config setting definitions
      */
     public static enum AuthzConfVars {
-        AUTHZ_PROVIDER("sentry.provider",
+        AUTHZ_PROVIDER("sentry.hive.provider",
                 "org.apache.sentry.provider.common.HadoopGroupResourceAuthorizationProvider"),
         AUTHZ_PROVIDER_RESOURCE("sentry.hive.provider.resource", ""),
         AUTHZ_PROVIDER_BACKEND("sentry.hive.provider.backend", "org.apache.sentry.provider.file.SimpleFileProviderBackend"),
@@ -108,6 +108,8 @@ public static enum AuthzConfVars {
 
         AUTHZ_PROVIDER_DEPRECATED("hive.sentry.provider",
                 "org.apache.sentry.provider.file.ResourceAuthorizationProvider"),
+        AUTHZ_PROVIDER_DEPRECATED2("sentry.provider",
+                "org.apache.sentry.provider.common.HadoopGroupResourceAuthorizationProvider"),
         AUTHZ_PROVIDER_RESOURCE_DEPRECATED("hive.sentry.provider.resource", ""),
         AUTHZ_SERVER_NAME_DEPRECATED("hive.sentry.server", ""),
         AUTHZ_RESTRICT_DEFAULT_DB_DEPRECATED("hive.sentry.restrict.defaultDB", "false"),
@@ -146,16 +148,22 @@ public static String getDefault(String varName) {
     // as long as the new property names aren't also provided.  Since the binding code
     // only calls the new property names, we require a map from current names to deprecated
     // names in order to check if the deprecated name of a property was set.
-    private static final Map<String, AuthzConfVars> currentToDeprecatedProps =
-            new HashMap<String, AuthzConfVars>();
+    private static final Map<String, List<AuthzConfVars>> currentToDeprecatedProps = new HashMap<>();
     static {
-        currentToDeprecatedProps.put(AuthzConfVars.AUTHZ_PROVIDER.getVar(), AuthzConfVars.AUTHZ_PROVIDER_DEPRECATED);
-        currentToDeprecatedProps.put(AuthzConfVars.AUTHZ_PROVIDER_RESOURCE.getVar(), AuthzConfVars.AUTHZ_PROVIDER_RESOURCE_DEPRECATED);
-        currentToDeprecatedProps.put(AuthzConfVars.AUTHZ_SERVER_NAME.getVar(), AuthzConfVars.AUTHZ_SERVER_NAME_DEPRECATED);
-        currentToDeprecatedProps.put(AuthzConfVars.AUTHZ_RESTRICT_DEFAULT_DB.getVar(), AuthzConfVars.AUTHZ_RESTRICT_DEFAULT_DB_DEPRECATED);
-        currentToDeprecatedProps.put(AuthzConfVars.SENTRY_TESTING_MODE.getVar(), AuthzConfVars.SENTRY_TESTING_MODE_DEPRECATED);
-        currentToDeprecatedProps.put(AuthzConfVars.AUTHZ_ALLOW_HIVE_IMPERSONATION.getVar(), AuthzConfVars.AUTHZ_ALLOW_HIVE_IMPERSONATION_DEPRECATED);
-        currentToDeprecatedProps.put(AuthzConfVars.AUTHZ_ONFAILURE_HOOKS.getVar(), AuthzConfVars.AUTHZ_ONFAILURE_HOOKS_DEPRECATED);
+        currentToDeprecatedProps.put(AuthzConfVars.AUTHZ_PROVIDER.getVar(),
+                                     Arrays.asList(AuthzConfVars.AUTHZ_PROVIDER_DEPRECATED, AuthzConfVars.AUTHZ_PROVIDER_DEPRECATED2));
+        currentToDeprecatedProps.put(AuthzConfVars.AUTHZ_PROVIDER_RESOURCE.getVar(),
+                                     Collections.singletonList(AuthzConfVars.AUTHZ_PROVIDER_RESOURCE_DEPRECATED));
+        currentToDeprecatedProps.put(AuthzConfVars.AUTHZ_SERVER_NAME.getVar(),
+                                     Collections.singletonList(AuthzConfVars.AUTHZ_SERVER_NAME_DEPRECATED));
+        currentToDeprecatedProps.put(AuthzConfVars.AUTHZ_RESTRICT_DEFAULT_DB.getVar(),
+                                     Collections.singletonList(AuthzConfVars.AUTHZ_RESTRICT_DEFAULT_DB_DEPRECATED));
+        currentToDeprecatedProps.put(AuthzConfVars.SENTRY_TESTING_MODE.getVar(),
+                                     Collections.singletonList(AuthzConfVars.SENTRY_TESTING_MODE_DEPRECATED));
+        currentToDeprecatedProps.put(AuthzConfVars.AUTHZ_ALLOW_HIVE_IMPERSONATION.getVar(),
+                                     Collections.singletonList(AuthzConfVars.AUTHZ_ALLOW_HIVE_IMPERSONATION_DEPRECATED));
+        currentToDeprecatedProps.put(AuthzConfVars.AUTHZ_ONFAILURE_HOOKS.getVar(),
+                                     Collections.singletonList(AuthzConfVars.AUTHZ_ONFAILURE_HOOKS_DEPRECATED));
     };
 
     private static final Logger LOG = LoggerFactory
@@ -168,7 +176,6 @@ public HiveAuthzConf(URL hiveAuthzSiteURL) {
         LOG.info("DefaultFS: " + super.get("fs.defaultFS"));
         addResource(hiveAuthzSiteURL);
         applySystemProperties();
-        LOG.info("DefaultFS: " + super.get("fs.defaultFS"));
         this.hiveAuthzSiteFile = hiveAuthzSiteURL.toString();
     }
     /**
@@ -208,14 +215,20 @@ public String get(String varName, String defaultVal) {
         String retVal = super.get(varName);
         if (retVal == null) {
             // check if the deprecated value is set here
+            String deprecatedPropName = null;
             if (currentToDeprecatedProps.containsKey(varName)) {
-                retVal = super.get(currentToDeprecatedProps.get(varName).getVar());
+                for (AuthzConfVars var : currentToDeprecatedProps.get(varName)) {
+                    retVal = super.get(var.getVar());
+                    if (retVal != null) {
+                        deprecatedPropName = var.getVar();
+                        break;
+                    }
+                }
             }
             if (retVal == null) {
                 retVal = AuthzConfVars.getDefault(varName);
             } else {
-                LOG.warn("Using the deprecated config setting " + currentToDeprecatedProps.get(varName).getVar() +
-                        " instead of " + varName);
+                LOG.warn("Using the deprecated config setting " + deprecatedPropName + " instead of " + varName);
             }
         }
         if (retVal == null) {

sentry-binding/sentry-binding-hive-v2/src/main/java/org/apache/sentry/binding/hive/v2/authorizer/DefaultSentryAccessController.java

@@ -333,7 +333,7 @@ public void applyAuthorizationConfigPolicy(HiveConf hiveConf) throws HiveAuthzPl
     // Apply rest of the configuration only to HiveServer2
     if (ctx.getClientType() != CLIENT_TYPE.HIVESERVER2
         || !hiveConf.getBoolVar(ConfVars.HIVE_AUTHORIZATION_ENABLED)) {
-      throw new HiveAuthzPluginException("Sentry just support for hiveserver2");
+      throw new HiveAuthzPluginException("Sentry only supports hiveserver2");
     }
   }
 

sentry-binding/sentry-binding-solr/src/main/java/org/apache/sentry/binding/solr/conf/SolrAuthzConf.java

@@ -17,6 +17,8 @@
 package org.apache.sentry.binding.solr.conf;
 
 import java.net.URL;
+import java.util.HashMap;
+import java.util.Map;
 
 import org.apache.hadoop.conf.Configuration;
 import org.slf4j.Logger;
@@ -29,11 +31,14 @@ public class SolrAuthzConf extends Configuration {
    * Config setting definitions
    */
   public static enum AuthzConfVars {
-    AUTHZ_PROVIDER("sentry.provider",
+    AUTHZ_PROVIDER("sentry.solr.provider",
       "org.apache.sentry.provider.common.HadoopGroupResourceAuthorizationProvider"),
     AUTHZ_PROVIDER_RESOURCE("sentry.solr.provider.resource", ""),
     AUTHZ_PROVIDER_BACKEND("sentry.solr.provider.backend", "org.apache.sentry.provider.file.SimpleFileProviderBackend"),
-    AUTHZ_POLICY_ENGINE("sentry.solr.policy.engine", "org.apache.sentry.policy.engine.common.CommonPolicyEngine");
+    AUTHZ_POLICY_ENGINE("sentry.solr.policy.engine", "org.apache.sentry.policy.engine.common.CommonPolicyEngine"),
+
+    AUTHZ_PROVIDER_DEPRECATED("sentry.provider",
+      "org.apache.sentry.provider.common.HadoopGroupResourceAuthorizationProvider");
 
     private final String varName;
     private final String defaultVal;
@@ -61,6 +66,11 @@ public static String getDefault(String varName) {
     }
   }
 
+  private static final Map<String, AuthzConfVars> currentToDeprecatedProps = new HashMap<>();
+  static {
+    currentToDeprecatedProps.put(AuthzConfVars.AUTHZ_PROVIDER.getVar(), AuthzConfVars.AUTHZ_PROVIDER_DEPRECATED);
+  }
+
   @SuppressWarnings("unused")
   private static final Logger LOG = LoggerFactory
       .getLogger(SolrAuthzConf.class);
@@ -73,6 +83,19 @@ public SolrAuthzConf(URL solrAuthzSiteURL) {
 
   @Override
   public String get(String varName) {
-    return get(varName, AuthzConfVars.getDefault(varName));
+    String retVal = super.get(varName);
+    if (retVal == null) {
+      // check if the deprecated value is set here
+      if (currentToDeprecatedProps.containsKey(varName)) {
+          AuthzConfVars var = currentToDeprecatedProps.get(varName);
+          retVal = super.get(var.getVar());
+      }
+      if (retVal == null) {
+        retVal = AuthzConfVars.getDefault(varName);
+      } else {
+        LOG.warn("Using the deprecated config setting " + currentToDeprecatedProps.get(varName).getVar() + " instead of " + varName);
+      }
+    }
+    return retVal;
   }
 }