Impala
Impalaistheopensource,nativeanalyticdatabaseforApacheHadoop.
 All Classes Namespaces Files Functions Variables Typedefs Enumerations Enumerator Friends Macros
AuthorizationConfig.java
Go to the documentation of this file.
1 // Copyright 2013 Cloudera Inc.
2 //
3 // Licensed under the Apache License, Version 2.0 (the "License");
4 // you may not use this file except in compliance with the License.
5 // You may obtain a copy of the License at
6 //
7 // http://www.apache.org/licenses/LICENSE-2.0
8 //
9 // Unless required by applicable law or agreed to in writing, software
10 // distributed under the License is distributed on an "AS IS" BASIS,
11 // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 // See the License for the specific language governing permissions and
13 // limitations under the License.
14 
15 package com.cloudera.impala.authorization;
16 
17 
18 import org.apache.sentry.provider.common.HadoopGroupResourceAuthorizationProvider;
19 import org.apache.sentry.provider.common.ResourceAuthorizationProvider;
20 
21 import com.google.common.base.Preconditions;
22 import com.google.common.base.Strings;
23 
24 /*
25  * Class that contains configuration details for Impala authorization.
26  */
27 public class AuthorizationConfig {
28  private final String serverName_;
29  // Set only if the policy provider is file-based.
30  private final String policyFile_;
31  private final SentryConfig sentryConfig_;
32  private final String policyProviderClassName_;
33 
42  public AuthorizationConfig(String serverName, String policyFile,
43  String sentryConfigFile, String policyProviderClassName) {
44  serverName_ = serverName;
45  policyFile_ = policyFile;
46  sentryConfig_ = new SentryConfig(sentryConfigFile);
47  if (!Strings.isNullOrEmpty(policyProviderClassName)) {
48  policyProviderClassName = policyProviderClassName.trim();
49  }
50  policyProviderClassName_ = policyProviderClassName;
51  }
52 
56  public static AuthorizationConfig createAuthDisabledConfig() {
57  return new AuthorizationConfig(null, null, null, null);
58  }
59 
64  public static AuthorizationConfig createHadoopGroupAuthConfig(String serverName,
65  String policyFile, String sentryConfigFile) {
66  return new AuthorizationConfig(serverName, policyFile, sentryConfigFile,
67  HadoopGroupResourceAuthorizationProvider.class.getName());
68  }
69 
70  /*
71  * Validates the authorization configuration and throws an AuthorizationException
72  * if any problems are found. If authorization is disabled, config checks are skipped.
73  */
74  public void validateConfig() throws IllegalArgumentException {
75  // If authorization is not enabled, config checks are skipped.
76  if (!isEnabled()) return;
77 
78  // Only load the sentry configuration if a sentry-site.xml configuration file was
79  // specified. It is optional for impalad.
80  if (!Strings.isNullOrEmpty(sentryConfig_.getConfigFile())) {
81  sentryConfig_.loadConfig();
82  }
83 
84  if (Strings.isNullOrEmpty(serverName_)) {
85  throw new IllegalArgumentException(
86  "Authorization is enabled but the server name is null or empty. Set the " +
87  "server name using the impalad --server_name flag.");
88  }
89  if (Strings.isNullOrEmpty(policyProviderClassName_)) {
90  throw new IllegalArgumentException("Authorization is enabled but the " +
91  "authorization policy provider class name is null or empty. Set the class " +
92  "name using the --authorization_policy_provider_class impalad flag.");
93  }
94 
95  Class<?> providerClass = null;
96  try {
97  // Get the Class object without performing any initialization.
98  providerClass = Class.forName(policyProviderClassName_, false,
99  this.getClass().getClassLoader());
100  } catch (ClassNotFoundException e) {
101  throw new IllegalArgumentException(String.format("The authorization policy " +
102  "provider class '%s' was not found.", policyProviderClassName_), e);
103  }
104  Preconditions.checkNotNull(providerClass);
105  if (!ResourceAuthorizationProvider.class.isAssignableFrom(providerClass)) {
106  throw new IllegalArgumentException(String.format("The authorization policy " +
107  "provider class '%s' must be a subclass of '%s'.",
108  policyProviderClassName_,
109  ResourceAuthorizationProvider.class.getName()));
110  }
111  }
112 
118  public boolean isEnabled() {
119  return !Strings.isNullOrEmpty(serverName_) || !Strings.isNullOrEmpty(policyFile_) ||
120  !Strings.isNullOrEmpty(sentryConfig_.getConfigFile());
121  }
122 
128  public boolean isFileBasedPolicy() { return !Strings.isNullOrEmpty(policyFile_); }
129 
133  public String getServerName() { return serverName_; }
134 
138  public String getPolicyFile() { return policyFile_; }
139 
143  public SentryConfig getSentryConfig() { return sentryConfig_; }
144  public String getPolicyProviderClassName() { return policyProviderClassName_; }
145 }
com.cloudera.impala.authorization.AuthorizationConfig.createHadoopGroupAuthConfig
static AuthorizationConfig createHadoopGroupAuthConfig(String serverName, String policyFile, String sentryConfigFile)
Definition: AuthorizationConfig.java:64
com.cloudera.impala.authorization.AuthorizationConfig.AuthorizationConfig
AuthorizationConfig(String serverName, String policyFile, String sentryConfigFile, String policyProviderClassName)
Definition: AuthorizationConfig.java:42