You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@sentry.apache.org by ha...@apache.org on 2019/06/10 19:43:18 UTC
[sentry] branch master updated: SENTRY-2522: Add a new thrift API
for getting all privileges a user has for a given set of authorizable (Hao
Hao reviewed by Arjun Mishra)
This is an automated email from the ASF dual-hosted git repository.
hahao pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/sentry.git
The following commit(s) were added to refs/heads/master by this push:
new 148ba6c SENTRY-2522: Add a new thrift API for getting all privileges a user has for a given set of authorizable (Hao Hao reviewed by Arjun Mishra)
148ba6c is described below
commit 148ba6c225ac785844476213f3d70ccbf637e9ba
Author: Hao Hao <ha...@cloudera.com>
AuthorDate: Thu Jun 6 23:33:36 2019 -0700
SENTRY-2522: Add a new thrift API for getting all privileges a user has for a given set of authorizable (Hao Hao reviewed by Arjun Mishra)
Change-Id: Ie49d8ee57b840f21e3e8276914fcb6c950399aee
---
.../api/service/thrift/SentryPolicyService.java | 858 +++++++++++++++++++++
.../TListSentryPrivilegesByAuthUserRequest.java | 746 ++++++++++++++++++
.../TListSentryPrivilegesByAuthUserResponse.java | 598 ++++++++++++++
.../main/resources/sentry_policy_service.thrift | 19 +
.../sentry/api/service/thrift/SentryMetrics.java | 2 +
.../service/thrift/SentryPolicyStoreProcessor.java | 94 +++
.../thrift/TestSentryPolicyStoreProcessor.java | 127 ++-
7 files changed, 2442 insertions(+), 2 deletions(-)
diff --git a/sentry-service/sentry-service-api/src/gen/thrift/gen-javabean/org/apache/sentry/api/service/thrift/SentryPolicyService.java b/sentry-service/sentry-service-api/src/gen/thrift/gen-javabean/org/apache/sentry/api/service/thrift/SentryPolicyService.java
index df18706..44e31dd 100644
--- a/sentry-service/sentry-service-api/src/gen/thrift/gen-javabean/org/apache/sentry/api/service/thrift/SentryPolicyService.java
+++ b/sentry-service/sentry-service-api/src/gen/thrift/gen-javabean/org/apache/sentry/api/service/thrift/SentryPolicyService.java
@@ -75,6 +75,8 @@ public class SentryPolicyService {
public TListSentryPrivilegesByAuthResponse list_sentry_privileges_by_authorizable(TListSentryPrivilegesByAuthRequest request) throws org.apache.thrift.TException;
+ public TListSentryPrivilegesByAuthUserResponse list_sentry_privileges_by_authorizable_and_user(TListSentryPrivilegesByAuthUserRequest request) throws org.apache.thrift.TException;
+
public TSentryConfigValueResponse get_sentry_config_value(TSentryConfigValueRequest request) throws org.apache.thrift.TException;
public TSentryExportMappingDataResponse export_sentry_mapping_data(TSentryExportMappingDataRequest request) throws org.apache.thrift.TException;
@@ -129,6 +131,8 @@ public class SentryPolicyService {
public void list_sentry_privileges_by_authorizable(TListSentryPrivilegesByAuthRequest request, org.apache.thrift.async.AsyncMethodCallback resultHandler) throws org.apache.thrift.TException;
+ public void list_sentry_privileges_by_authorizable_and_user(TListSentryPrivilegesByAuthUserRequest request, org.apache.thrift.async.AsyncMethodCallback resultHandler) throws org.apache.thrift.TException;
+
public void get_sentry_config_value(TSentryConfigValueRequest request, org.apache.thrift.async.AsyncMethodCallback resultHandler) throws org.apache.thrift.TException;
public void export_sentry_mapping_data(TSentryExportMappingDataRequest request, org.apache.thrift.async.AsyncMethodCallback resultHandler) throws org.apache.thrift.TException;
@@ -579,6 +583,29 @@ public class SentryPolicyService {
throw new org.apache.thrift.TApplicationException(org.apache.thrift.TApplicationException.MISSING_RESULT, "list_sentry_privileges_by_authorizable failed: unknown result");
}
+ public TListSentryPrivilegesByAuthUserResponse list_sentry_privileges_by_authorizable_and_user(TListSentryPrivilegesByAuthUserRequest request) throws org.apache.thrift.TException
+ {
+ send_list_sentry_privileges_by_authorizable_and_user(request);
+ return recv_list_sentry_privileges_by_authorizable_and_user();
+ }
+
+ public void send_list_sentry_privileges_by_authorizable_and_user(TListSentryPrivilegesByAuthUserRequest request) throws org.apache.thrift.TException
+ {
+ list_sentry_privileges_by_authorizable_and_user_args args = new list_sentry_privileges_by_authorizable_and_user_args();
+ args.setRequest(request);
+ sendBase("list_sentry_privileges_by_authorizable_and_user", args);
+ }
+
+ public TListSentryPrivilegesByAuthUserResponse recv_list_sentry_privileges_by_authorizable_and_user() throws org.apache.thrift.TException
+ {
+ list_sentry_privileges_by_authorizable_and_user_result result = new list_sentry_privileges_by_authorizable_and_user_result();
+ receiveBase(result, "list_sentry_privileges_by_authorizable_and_user");
+ if (result.isSetSuccess()) {
+ return result.success;
+ }
+ throw new org.apache.thrift.TApplicationException(org.apache.thrift.TApplicationException.MISSING_RESULT, "list_sentry_privileges_by_authorizable_and_user failed: unknown result");
+ }
+
public TSentryConfigValueResponse get_sentry_config_value(TSentryConfigValueRequest request) throws org.apache.thrift.TException
{
send_get_sentry_config_value(request);
@@ -1334,6 +1361,38 @@ public class SentryPolicyService {
}
}
+ public void list_sentry_privileges_by_authorizable_and_user(TListSentryPrivilegesByAuthUserRequest request, org.apache.thrift.async.AsyncMethodCallback resultHandler) throws org.apache.thrift.TException {
+ checkReady();
+ list_sentry_privileges_by_authorizable_and_user_call method_call = new list_sentry_privileges_by_authorizable_and_user_call(request, resultHandler, this, ___protocolFactory, ___transport);
+ this.___currentMethod = method_call;
+ ___manager.call(method_call);
+ }
+
+ public static class list_sentry_privileges_by_authorizable_and_user_call extends org.apache.thrift.async.TAsyncMethodCall {
+ private TListSentryPrivilegesByAuthUserRequest request;
+ public list_sentry_privileges_by_authorizable_and_user_call(TListSentryPrivilegesByAuthUserRequest request, org.apache.thrift.async.AsyncMethodCallback resultHandler, org.apache.thrift.async.TAsyncClient client, org.apache.thrift.protocol.TProtocolFactory protocolFactory, org.apache.thrift.transport.TNonblockingTransport transport) throws org.apache.thrift.TException {
+ super(client, protocolFactory, transport, resultHandler, false);
+ this.request = request;
+ }
+
+ public void write_args(org.apache.thrift.protocol.TProtocol prot) throws org.apache.thrift.TException {
+ prot.writeMessageBegin(new org.apache.thrift.protocol.TMessage("list_sentry_privileges_by_authorizable_and_user", org.apache.thrift.protocol.TMessageType.CALL, 0));
+ list_sentry_privileges_by_authorizable_and_user_args args = new list_sentry_privileges_by_authorizable_and_user_args();
+ args.setRequest(request);
+ args.write(prot);
+ prot.writeMessageEnd();
+ }
+
+ public TListSentryPrivilegesByAuthUserResponse getResult() throws org.apache.thrift.TException {
+ if (getState() != org.apache.thrift.async.TAsyncMethodCall.State.RESPONSE_READ) {
+ throw new IllegalStateException("Method call not finished!");
+ }
+ org.apache.thrift.transport.TMemoryInputTransport memoryTransport = new org.apache.thrift.transport.TMemoryInputTransport(getFrameBuffer().array());
+ org.apache.thrift.protocol.TProtocol prot = client.getProtocolFactory().getProtocol(memoryTransport);
+ return (new Client(prot)).recv_list_sentry_privileges_by_authorizable_and_user();
+ }
+ }
+
public void get_sentry_config_value(TSentryConfigValueRequest request, org.apache.thrift.async.AsyncMethodCallback resultHandler) throws org.apache.thrift.TException {
checkReady();
get_sentry_config_value_call method_call = new get_sentry_config_value_call(request, resultHandler, this, ___protocolFactory, ___transport);
@@ -1589,6 +1648,7 @@ public class SentryPolicyService {
processMap.put("drop_sentry_privilege", new drop_sentry_privilege());
processMap.put("rename_sentry_privilege", new rename_sentry_privilege());
processMap.put("list_sentry_privileges_by_authorizable", new list_sentry_privileges_by_authorizable());
+ processMap.put("list_sentry_privileges_by_authorizable_and_user", new list_sentry_privileges_by_authorizable_and_user());
processMap.put("get_sentry_config_value", new get_sentry_config_value());
processMap.put("export_sentry_mapping_data", new export_sentry_mapping_data());
processMap.put("import_sentry_mapping_data", new import_sentry_mapping_data());
@@ -1959,6 +2019,26 @@ public class SentryPolicyService {
}
}
+ public static class list_sentry_privileges_by_authorizable_and_user<I extends Iface> extends org.apache.thrift.ProcessFunction<I, list_sentry_privileges_by_authorizable_and_user_args> {
+ public list_sentry_privileges_by_authorizable_and_user() {
+ super("list_sentry_privileges_by_authorizable_and_user");
+ }
+
+ public list_sentry_privileges_by_authorizable_and_user_args getEmptyArgsInstance() {
+ return new list_sentry_privileges_by_authorizable_and_user_args();
+ }
+
+ protected boolean isOneway() {
+ return false;
+ }
+
+ public list_sentry_privileges_by_authorizable_and_user_result getResult(I iface, list_sentry_privileges_by_authorizable_and_user_args args) throws org.apache.thrift.TException {
+ list_sentry_privileges_by_authorizable_and_user_result result = new list_sentry_privileges_by_authorizable_and_user_result();
+ result.success = iface.list_sentry_privileges_by_authorizable_and_user(args.request);
+ return result;
+ }
+ }
+
public static class get_sentry_config_value<I extends Iface> extends org.apache.thrift.ProcessFunction<I, get_sentry_config_value_args> {
public get_sentry_config_value() {
super("get_sentry_config_value");
@@ -2130,6 +2210,7 @@ public class SentryPolicyService {
processMap.put("drop_sentry_privilege", new drop_sentry_privilege());
processMap.put("rename_sentry_privilege", new rename_sentry_privilege());
processMap.put("list_sentry_privileges_by_authorizable", new list_sentry_privileges_by_authorizable());
+ processMap.put("list_sentry_privileges_by_authorizable_and_user", new list_sentry_privileges_by_authorizable_and_user());
processMap.put("get_sentry_config_value", new get_sentry_config_value());
processMap.put("export_sentry_mapping_data", new export_sentry_mapping_data());
processMap.put("import_sentry_mapping_data", new import_sentry_mapping_data());
@@ -3058,6 +3139,57 @@ public class SentryPolicyService {
}
}
+ public static class list_sentry_privileges_by_authorizable_and_user<I extends AsyncIface> extends org.apache.thrift.AsyncProcessFunction<I, list_sentry_privileges_by_authorizable_and_user_args, TListSentryPrivilegesByAuthUserResponse> {
+ public list_sentry_privileges_by_authorizable_and_user() {
+ super("list_sentry_privileges_by_authorizable_and_user");
+ }
+
+ public list_sentry_privileges_by_authorizable_and_user_args getEmptyArgsInstance() {
+ return new list_sentry_privileges_by_authorizable_and_user_args();
+ }
+
+ public AsyncMethodCallback<TListSentryPrivilegesByAuthUserResponse> getResultHandler(final AsyncFrameBuffer fb, final int seqid) {
+ final org.apache.thrift.AsyncProcessFunction fcall = this;
+ return new AsyncMethodCallback<TListSentryPrivilegesByAuthUserResponse>() {
+ public void onComplete(TListSentryPrivilegesByAuthUserResponse o) {
+ list_sentry_privileges_by_authorizable_and_user_result result = new list_sentry_privileges_by_authorizable_and_user_result();
+ result.success = o;
+ try {
+ fcall.sendResponse(fb,result, org.apache.thrift.protocol.TMessageType.REPLY,seqid);
+ return;
+ } catch (Exception e) {
+ LOGGER.error("Exception writing to internal frame buffer", e);
+ }
+ fb.close();
+ }
+ public void onError(Exception e) {
+ byte msgType = org.apache.thrift.protocol.TMessageType.REPLY;
+ org.apache.thrift.TBase msg;
+ list_sentry_privileges_by_authorizable_and_user_result result = new list_sentry_privileges_by_authorizable_and_user_result();
+ {
+ msgType = org.apache.thrift.protocol.TMessageType.EXCEPTION;
+ msg = (org.apache.thrift.TBase)new org.apache.thrift.TApplicationException(org.apache.thrift.TApplicationException.INTERNAL_ERROR, e.getMessage());
+ }
+ try {
+ fcall.sendResponse(fb,msg,msgType,seqid);
+ return;
+ } catch (Exception ex) {
+ LOGGER.error("Exception writing to internal frame buffer", ex);
+ }
+ fb.close();
+ }
+ };
+ }
+
+ protected boolean isOneway() {
+ return false;
+ }
+
+ public void start(I iface, list_sentry_privileges_by_authorizable_and_user_args args, org.apache.thrift.async.AsyncMethodCallback<TListSentryPrivilegesByAuthUserResponse> resultHandler) throws TException {
+ iface.list_sentry_privileges_by_authorizable_and_user(args.request,resultHandler);
+ }
+ }
+
public static class get_sentry_config_value<I extends AsyncIface> extends org.apache.thrift.AsyncProcessFunction<I, get_sentry_config_value_args, TSentryConfigValueResponse> {
public get_sentry_config_value() {
super("get_sentry_config_value");
@@ -16485,6 +16617,732 @@ public class SentryPolicyService {
}
+ public static class list_sentry_privileges_by_authorizable_and_user_args implements org.apache.thrift.TBase<list_sentry_privileges_by_authorizable_and_user_args, list_sentry_privileges_by_authorizable_and_user_args._Fields>, java.io.Serializable, Cloneable, Comparable<list_sentry_privileges_by_authorizable_and_user_args> {
+ private static final org.apache.thrift.protocol.TStruct STRUCT_DESC = new org.apache.thrift.protocol.TStruct("list_sentry_privileges_by_authorizable_and_user_args");
+
+ private static final org.apache.thrift.protocol.TField REQUEST_FIELD_DESC = new org.apache.thrift.protocol.TField("request", org.apache.thrift.protocol.TType.STRUCT, (short)1);
+
+ private static final Map<Class<? extends IScheme>, SchemeFactory> schemes = new HashMap<Class<? extends IScheme>, SchemeFactory>();
+ static {
+ schemes.put(StandardScheme.class, new list_sentry_privileges_by_authorizable_and_user_argsStandardSchemeFactory());
+ schemes.put(TupleScheme.class, new list_sentry_privileges_by_authorizable_and_user_argsTupleSchemeFactory());
+ }
+
+ private TListSentryPrivilegesByAuthUserRequest request; // required
+
+ /** The set of fields this struct contains, along with convenience methods for finding and manipulating them. */
+ public enum _Fields implements org.apache.thrift.TFieldIdEnum {
+ REQUEST((short)1, "request");
+
+ private static final Map<String, _Fields> byName = new HashMap<String, _Fields>();
+
+ static {
+ for (_Fields field : EnumSet.allOf(_Fields.class)) {
+ byName.put(field.getFieldName(), field);
+ }
+ }
+
+ /**
+ * Find the _Fields constant that matches fieldId, or null if its not found.
+ */
+ public static _Fields findByThriftId(int fieldId) {
+ switch(fieldId) {
+ case 1: // REQUEST
+ return REQUEST;
+ default:
+ return null;
+ }
+ }
+
+ /**
+ * Find the _Fields constant that matches fieldId, throwing an exception
+ * if it is not found.
+ */
+ public static _Fields findByThriftIdOrThrow(int fieldId) {
+ _Fields fields = findByThriftId(fieldId);
+ if (fields == null) throw new IllegalArgumentException("Field " + fieldId + " doesn't exist!");
+ return fields;
+ }
+
+ /**
+ * Find the _Fields constant that matches name, or null if its not found.
+ */
+ public static _Fields findByName(String name) {
+ return byName.get(name);
+ }
+
+ private final short _thriftId;
+ private final String _fieldName;
+
+ _Fields(short thriftId, String fieldName) {
+ _thriftId = thriftId;
+ _fieldName = fieldName;
+ }
+
+ public short getThriftFieldId() {
+ return _thriftId;
+ }
+
+ public String getFieldName() {
+ return _fieldName;
+ }
+ }
+
+ // isset id assignments
+ public static final Map<_Fields, org.apache.thrift.meta_data.FieldMetaData> metaDataMap;
+ static {
+ Map<_Fields, org.apache.thrift.meta_data.FieldMetaData> tmpMap = new EnumMap<_Fields, org.apache.thrift.meta_data.FieldMetaData>(_Fields.class);
+ tmpMap.put(_Fields.REQUEST, new org.apache.thrift.meta_data.FieldMetaData("request", org.apache.thrift.TFieldRequirementType.DEFAULT,
+ new org.apache.thrift.meta_data.StructMetaData(org.apache.thrift.protocol.TType.STRUCT, TListSentryPrivilegesByAuthUserRequest.class)));
+ metaDataMap = Collections.unmodifiableMap(tmpMap);
+ org.apache.thrift.meta_data.FieldMetaData.addStructMetaDataMap(list_sentry_privileges_by_authorizable_and_user_args.class, metaDataMap);
+ }
+
+ public list_sentry_privileges_by_authorizable_and_user_args() {
+ }
+
+ public list_sentry_privileges_by_authorizable_and_user_args(
+ TListSentryPrivilegesByAuthUserRequest request)
+ {
+ this();
+ this.request = request;
+ }
+
+ /**
+ * Performs a deep copy on <i>other</i>.
+ */
+ public list_sentry_privileges_by_authorizable_and_user_args(list_sentry_privileges_by_authorizable_and_user_args other) {
+ if (other.isSetRequest()) {
+ this.request = new TListSentryPrivilegesByAuthUserRequest(other.request);
+ }
+ }
+
+ public list_sentry_privileges_by_authorizable_and_user_args deepCopy() {
+ return new list_sentry_privileges_by_authorizable_and_user_args(this);
+ }
+
+ @Override
+ public void clear() {
+ this.request = null;
+ }
+
+ public TListSentryPrivilegesByAuthUserRequest getRequest() {
+ return this.request;
+ }
+
+ public void setRequest(TListSentryPrivilegesByAuthUserRequest request) {
+ this.request = request;
+ }
+
+ public void unsetRequest() {
+ this.request = null;
+ }
+
+ /** Returns true if field request is set (has been assigned a value) and false otherwise */
+ public boolean isSetRequest() {
+ return this.request != null;
+ }
+
+ public void setRequestIsSet(boolean value) {
+ if (!value) {
+ this.request = null;
+ }
+ }
+
+ public void setFieldValue(_Fields field, Object value) {
+ switch (field) {
+ case REQUEST:
+ if (value == null) {
+ unsetRequest();
+ } else {
+ setRequest((TListSentryPrivilegesByAuthUserRequest)value);
+ }
+ break;
+
+ }
+ }
+
+ public Object getFieldValue(_Fields field) {
+ switch (field) {
+ case REQUEST:
+ return getRequest();
+
+ }
+ throw new IllegalStateException();
+ }
+
+ /** Returns true if field corresponding to fieldID is set (has been assigned a value) and false otherwise */
+ public boolean isSet(_Fields field) {
+ if (field == null) {
+ throw new IllegalArgumentException();
+ }
+
+ switch (field) {
+ case REQUEST:
+ return isSetRequest();
+ }
+ throw new IllegalStateException();
+ }
+
+ @Override
+ public boolean equals(Object that) {
+ if (that == null)
+ return false;
+ if (that instanceof list_sentry_privileges_by_authorizable_and_user_args)
+ return this.equals((list_sentry_privileges_by_authorizable_and_user_args)that);
+ return false;
+ }
+
+ public boolean equals(list_sentry_privileges_by_authorizable_and_user_args that) {
+ if (that == null)
+ return false;
+
+ boolean this_present_request = true && this.isSetRequest();
+ boolean that_present_request = true && that.isSetRequest();
+ if (this_present_request || that_present_request) {
+ if (!(this_present_request && that_present_request))
+ return false;
+ if (!this.request.equals(that.request))
+ return false;
+ }
+
+ return true;
+ }
+
+ @Override
+ public int hashCode() {
+ List<Object> list = new ArrayList<Object>();
+
+ boolean present_request = true && (isSetRequest());
+ list.add(present_request);
+ if (present_request)
+ list.add(request);
+
+ return list.hashCode();
+ }
+
+ @Override
+ public int compareTo(list_sentry_privileges_by_authorizable_and_user_args other) {
+ if (!getClass().equals(other.getClass())) {
+ return getClass().getName().compareTo(other.getClass().getName());
+ }
+
+ int lastComparison = 0;
+
+ lastComparison = Boolean.valueOf(isSetRequest()).compareTo(other.isSetRequest());
+ if (lastComparison != 0) {
+ return lastComparison;
+ }
+ if (isSetRequest()) {
+ lastComparison = org.apache.thrift.TBaseHelper.compareTo(this.request, other.request);
+ if (lastComparison != 0) {
+ return lastComparison;
+ }
+ }
+ return 0;
+ }
+
+ public _Fields fieldForId(int fieldId) {
+ return _Fields.findByThriftId(fieldId);
+ }
+
+ public void read(org.apache.thrift.protocol.TProtocol iprot) throws org.apache.thrift.TException {
+ schemes.get(iprot.getScheme()).getScheme().read(iprot, this);
+ }
+
+ public void write(org.apache.thrift.protocol.TProtocol oprot) throws org.apache.thrift.TException {
+ schemes.get(oprot.getScheme()).getScheme().write(oprot, this);
+ }
+
+ @Override
+ public String toString() {
+ StringBuilder sb = new StringBuilder("list_sentry_privileges_by_authorizable_and_user_args(");
+ boolean first = true;
+
+ sb.append("request:");
+ if (this.request == null) {
+ sb.append("null");
+ } else {
+ sb.append(this.request);
+ }
+ first = false;
+ sb.append(")");
+ return sb.toString();
+ }
+
+ public void validate() throws org.apache.thrift.TException {
+ // check for required fields
+ // check for sub-struct validity
+ if (request != null) {
+ request.validate();
+ }
+ }
+
+ private void writeObject(java.io.ObjectOutputStream out) throws java.io.IOException {
+ try {
+ write(new org.apache.thrift.protocol.TCompactProtocol(new org.apache.thrift.transport.TIOStreamTransport(out)));
+ } catch (org.apache.thrift.TException te) {
+ throw new java.io.IOException(te);
+ }
+ }
+
+ private void readObject(java.io.ObjectInputStream in) throws java.io.IOException, ClassNotFoundException {
+ try {
+ read(new org.apache.thrift.protocol.TCompactProtocol(new org.apache.thrift.transport.TIOStreamTransport(in)));
+ } catch (org.apache.thrift.TException te) {
+ throw new java.io.IOException(te);
+ }
+ }
+
+ private static class list_sentry_privileges_by_authorizable_and_user_argsStandardSchemeFactory implements SchemeFactory {
+ public list_sentry_privileges_by_authorizable_and_user_argsStandardScheme getScheme() {
+ return new list_sentry_privileges_by_authorizable_and_user_argsStandardScheme();
+ }
+ }
+
+ private static class list_sentry_privileges_by_authorizable_and_user_argsStandardScheme extends StandardScheme<list_sentry_privileges_by_authorizable_and_user_args> {
+
+ public void read(org.apache.thrift.protocol.TProtocol iprot, list_sentry_privileges_by_authorizable_and_user_args struct) throws org.apache.thrift.TException {
+ org.apache.thrift.protocol.TField schemeField;
+ iprot.readStructBegin();
+ while (true)
+ {
+ schemeField = iprot.readFieldBegin();
+ if (schemeField.type == org.apache.thrift.protocol.TType.STOP) {
+ break;
+ }
+ switch (schemeField.id) {
+ case 1: // REQUEST
+ if (schemeField.type == org.apache.thrift.protocol.TType.STRUCT) {
+ struct.request = new TListSentryPrivilegesByAuthUserRequest();
+ struct.request.read(iprot);
+ struct.setRequestIsSet(true);
+ } else {
+ org.apache.thrift.protocol.TProtocolUtil.skip(iprot, schemeField.type);
+ }
+ break;
+ default:
+ org.apache.thrift.protocol.TProtocolUtil.skip(iprot, schemeField.type);
+ }
+ iprot.readFieldEnd();
+ }
+ iprot.readStructEnd();
+ struct.validate();
+ }
+
+ public void write(org.apache.thrift.protocol.TProtocol oprot, list_sentry_privileges_by_authorizable_and_user_args struct) throws org.apache.thrift.TException {
+ struct.validate();
+
+ oprot.writeStructBegin(STRUCT_DESC);
+ if (struct.request != null) {
+ oprot.writeFieldBegin(REQUEST_FIELD_DESC);
+ struct.request.write(oprot);
+ oprot.writeFieldEnd();
+ }
+ oprot.writeFieldStop();
+ oprot.writeStructEnd();
+ }
+
+ }
+
+ private static class list_sentry_privileges_by_authorizable_and_user_argsTupleSchemeFactory implements SchemeFactory {
+ public list_sentry_privileges_by_authorizable_and_user_argsTupleScheme getScheme() {
+ return new list_sentry_privileges_by_authorizable_and_user_argsTupleScheme();
+ }
+ }
+
+ private static class list_sentry_privileges_by_authorizable_and_user_argsTupleScheme extends TupleScheme<list_sentry_privileges_by_authorizable_and_user_args> {
+
+ @Override
+ public void write(org.apache.thrift.protocol.TProtocol prot, list_sentry_privileges_by_authorizable_and_user_args struct) throws org.apache.thrift.TException {
+ TTupleProtocol oprot = (TTupleProtocol) prot;
+ BitSet optionals = new BitSet();
+ if (struct.isSetRequest()) {
+ optionals.set(0);
+ }
+ oprot.writeBitSet(optionals, 1);
+ if (struct.isSetRequest()) {
+ struct.request.write(oprot);
+ }
+ }
+
+ @Override
+ public void read(org.apache.thrift.protocol.TProtocol prot, list_sentry_privileges_by_authorizable_and_user_args struct) throws org.apache.thrift.TException {
+ TTupleProtocol iprot = (TTupleProtocol) prot;
+ BitSet incoming = iprot.readBitSet(1);
+ if (incoming.get(0)) {
+ struct.request = new TListSentryPrivilegesByAuthUserRequest();
+ struct.request.read(iprot);
+ struct.setRequestIsSet(true);
+ }
+ }
+ }
+
+ }
+
+ public static class list_sentry_privileges_by_authorizable_and_user_result implements org.apache.thrift.TBase<list_sentry_privileges_by_authorizable_and_user_result, list_sentry_privileges_by_authorizable_and_user_result._Fields>, java.io.Serializable, Cloneable, Comparable<list_sentry_privileges_by_authorizable_and_user_result> {
+ private static final org.apache.thrift.protocol.TStruct STRUCT_DESC = new org.apache.thrift.protocol.TStruct("list_sentry_privileges_by_authorizable_and_user_result");
+
+ private static final org.apache.thrift.protocol.TField SUCCESS_FIELD_DESC = new org.apache.thrift.protocol.TField("success", org.apache.thrift.protocol.TType.STRUCT, (short)0);
+
+ private static final Map<Class<? extends IScheme>, SchemeFactory> schemes = new HashMap<Class<? extends IScheme>, SchemeFactory>();
+ static {
+ schemes.put(StandardScheme.class, new list_sentry_privileges_by_authorizable_and_user_resultStandardSchemeFactory());
+ schemes.put(TupleScheme.class, new list_sentry_privileges_by_authorizable_and_user_resultTupleSchemeFactory());
+ }
+
+ private TListSentryPrivilegesByAuthUserResponse success; // required
+
+ /** The set of fields this struct contains, along with convenience methods for finding and manipulating them. */
+ public enum _Fields implements org.apache.thrift.TFieldIdEnum {
+ SUCCESS((short)0, "success");
+
+ private static final Map<String, _Fields> byName = new HashMap<String, _Fields>();
+
+ static {
+ for (_Fields field : EnumSet.allOf(_Fields.class)) {
+ byName.put(field.getFieldName(), field);
+ }
+ }
+
+ /**
+ * Find the _Fields constant that matches fieldId, or null if its not found.
+ */
+ public static _Fields findByThriftId(int fieldId) {
+ switch(fieldId) {
+ case 0: // SUCCESS
+ return SUCCESS;
+ default:
+ return null;
+ }
+ }
+
+ /**
+ * Find the _Fields constant that matches fieldId, throwing an exception
+ * if it is not found.
+ */
+ public static _Fields findByThriftIdOrThrow(int fieldId) {
+ _Fields fields = findByThriftId(fieldId);
+ if (fields == null) throw new IllegalArgumentException("Field " + fieldId + " doesn't exist!");
+ return fields;
+ }
+
+ /**
+ * Find the _Fields constant that matches name, or null if its not found.
+ */
+ public static _Fields findByName(String name) {
+ return byName.get(name);
+ }
+
+ private final short _thriftId;
+ private final String _fieldName;
+
+ _Fields(short thriftId, String fieldName) {
+ _thriftId = thriftId;
+ _fieldName = fieldName;
+ }
+
+ public short getThriftFieldId() {
+ return _thriftId;
+ }
+
+ public String getFieldName() {
+ return _fieldName;
+ }
+ }
+
+ // isset id assignments
+ public static final Map<_Fields, org.apache.thrift.meta_data.FieldMetaData> metaDataMap;
+ static {
+ Map<_Fields, org.apache.thrift.meta_data.FieldMetaData> tmpMap = new EnumMap<_Fields, org.apache.thrift.meta_data.FieldMetaData>(_Fields.class);
+ tmpMap.put(_Fields.SUCCESS, new org.apache.thrift.meta_data.FieldMetaData("success", org.apache.thrift.TFieldRequirementType.DEFAULT,
+ new org.apache.thrift.meta_data.StructMetaData(org.apache.thrift.protocol.TType.STRUCT, TListSentryPrivilegesByAuthUserResponse.class)));
+ metaDataMap = Collections.unmodifiableMap(tmpMap);
+ org.apache.thrift.meta_data.FieldMetaData.addStructMetaDataMap(list_sentry_privileges_by_authorizable_and_user_result.class, metaDataMap);
+ }
+
+ public list_sentry_privileges_by_authorizable_and_user_result() {
+ }
+
+ public list_sentry_privileges_by_authorizable_and_user_result(
+ TListSentryPrivilegesByAuthUserResponse success)
+ {
+ this();
+ this.success = success;
+ }
+
+ /**
+ * Performs a deep copy on <i>other</i>.
+ */
+ public list_sentry_privileges_by_authorizable_and_user_result(list_sentry_privileges_by_authorizable_and_user_result other) {
+ if (other.isSetSuccess()) {
+ this.success = new TListSentryPrivilegesByAuthUserResponse(other.success);
+ }
+ }
+
+ public list_sentry_privileges_by_authorizable_and_user_result deepCopy() {
+ return new list_sentry_privileges_by_authorizable_and_user_result(this);
+ }
+
+ @Override
+ public void clear() {
+ this.success = null;
+ }
+
+ public TListSentryPrivilegesByAuthUserResponse getSuccess() {
+ return this.success;
+ }
+
+ public void setSuccess(TListSentryPrivilegesByAuthUserResponse success) {
+ this.success = success;
+ }
+
+ public void unsetSuccess() {
+ this.success = null;
+ }
+
+ /** Returns true if field success is set (has been assigned a value) and false otherwise */
+ public boolean isSetSuccess() {
+ return this.success != null;
+ }
+
+ public void setSuccessIsSet(boolean value) {
+ if (!value) {
+ this.success = null;
+ }
+ }
+
+ public void setFieldValue(_Fields field, Object value) {
+ switch (field) {
+ case SUCCESS:
+ if (value == null) {
+ unsetSuccess();
+ } else {
+ setSuccess((TListSentryPrivilegesByAuthUserResponse)value);
+ }
+ break;
+
+ }
+ }
+
+ public Object getFieldValue(_Fields field) {
+ switch (field) {
+ case SUCCESS:
+ return getSuccess();
+
+ }
+ throw new IllegalStateException();
+ }
+
+ /** Returns true if field corresponding to fieldID is set (has been assigned a value) and false otherwise */
+ public boolean isSet(_Fields field) {
+ if (field == null) {
+ throw new IllegalArgumentException();
+ }
+
+ switch (field) {
+ case SUCCESS:
+ return isSetSuccess();
+ }
+ throw new IllegalStateException();
+ }
+
+ @Override
+ public boolean equals(Object that) {
+ if (that == null)
+ return false;
+ if (that instanceof list_sentry_privileges_by_authorizable_and_user_result)
+ return this.equals((list_sentry_privileges_by_authorizable_and_user_result)that);
+ return false;
+ }
+
+ public boolean equals(list_sentry_privileges_by_authorizable_and_user_result that) {
+ if (that == null)
+ return false;
+
+ boolean this_present_success = true && this.isSetSuccess();
+ boolean that_present_success = true && that.isSetSuccess();
+ if (this_present_success || that_present_success) {
+ if (!(this_present_success && that_present_success))
+ return false;
+ if (!this.success.equals(that.success))
+ return false;
+ }
+
+ return true;
+ }
+
+ @Override
+ public int hashCode() {
+ List<Object> list = new ArrayList<Object>();
+
+ boolean present_success = true && (isSetSuccess());
+ list.add(present_success);
+ if (present_success)
+ list.add(success);
+
+ return list.hashCode();
+ }
+
+ @Override
+ public int compareTo(list_sentry_privileges_by_authorizable_and_user_result other) {
+ if (!getClass().equals(other.getClass())) {
+ return getClass().getName().compareTo(other.getClass().getName());
+ }
+
+ int lastComparison = 0;
+
+ lastComparison = Boolean.valueOf(isSetSuccess()).compareTo(other.isSetSuccess());
+ if (lastComparison != 0) {
+ return lastComparison;
+ }
+ if (isSetSuccess()) {
+ lastComparison = org.apache.thrift.TBaseHelper.compareTo(this.success, other.success);
+ if (lastComparison != 0) {
+ return lastComparison;
+ }
+ }
+ return 0;
+ }
+
+ public _Fields fieldForId(int fieldId) {
+ return _Fields.findByThriftId(fieldId);
+ }
+
+ public void read(org.apache.thrift.protocol.TProtocol iprot) throws org.apache.thrift.TException {
+ schemes.get(iprot.getScheme()).getScheme().read(iprot, this);
+ }
+
+ public void write(org.apache.thrift.protocol.TProtocol oprot) throws org.apache.thrift.TException {
+ schemes.get(oprot.getScheme()).getScheme().write(oprot, this);
+ }
+
+ @Override
+ public String toString() {
+ StringBuilder sb = new StringBuilder("list_sentry_privileges_by_authorizable_and_user_result(");
+ boolean first = true;
+
+ sb.append("success:");
+ if (this.success == null) {
+ sb.append("null");
+ } else {
+ sb.append(this.success);
+ }
+ first = false;
+ sb.append(")");
+ return sb.toString();
+ }
+
+ public void validate() throws org.apache.thrift.TException {
+ // check for required fields
+ // check for sub-struct validity
+ if (success != null) {
+ success.validate();
+ }
+ }
+
+ private void writeObject(java.io.ObjectOutputStream out) throws java.io.IOException {
+ try {
+ write(new org.apache.thrift.protocol.TCompactProtocol(new org.apache.thrift.transport.TIOStreamTransport(out)));
+ } catch (org.apache.thrift.TException te) {
+ throw new java.io.IOException(te);
+ }
+ }
+
+ private void readObject(java.io.ObjectInputStream in) throws java.io.IOException, ClassNotFoundException {
+ try {
+ read(new org.apache.thrift.protocol.TCompactProtocol(new org.apache.thrift.transport.TIOStreamTransport(in)));
+ } catch (org.apache.thrift.TException te) {
+ throw new java.io.IOException(te);
+ }
+ }
+
+ private static class list_sentry_privileges_by_authorizable_and_user_resultStandardSchemeFactory implements SchemeFactory {
+ public list_sentry_privileges_by_authorizable_and_user_resultStandardScheme getScheme() {
+ return new list_sentry_privileges_by_authorizable_and_user_resultStandardScheme();
+ }
+ }
+
+ private static class list_sentry_privileges_by_authorizable_and_user_resultStandardScheme extends StandardScheme<list_sentry_privileges_by_authorizable_and_user_result> {
+
+ public void read(org.apache.thrift.protocol.TProtocol iprot, list_sentry_privileges_by_authorizable_and_user_result struct) throws org.apache.thrift.TException {
+ org.apache.thrift.protocol.TField schemeField;
+ iprot.readStructBegin();
+ while (true)
+ {
+ schemeField = iprot.readFieldBegin();
+ if (schemeField.type == org.apache.thrift.protocol.TType.STOP) {
+ break;
+ }
+ switch (schemeField.id) {
+ case 0: // SUCCESS
+ if (schemeField.type == org.apache.thrift.protocol.TType.STRUCT) {
+ struct.success = new TListSentryPrivilegesByAuthUserResponse();
+ struct.success.read(iprot);
+ struct.setSuccessIsSet(true);
+ } else {
+ org.apache.thrift.protocol.TProtocolUtil.skip(iprot, schemeField.type);
+ }
+ break;
+ default:
+ org.apache.thrift.protocol.TProtocolUtil.skip(iprot, schemeField.type);
+ }
+ iprot.readFieldEnd();
+ }
+ iprot.readStructEnd();
+ struct.validate();
+ }
+
+ public void write(org.apache.thrift.protocol.TProtocol oprot, list_sentry_privileges_by_authorizable_and_user_result struct) throws org.apache.thrift.TException {
+ struct.validate();
+
+ oprot.writeStructBegin(STRUCT_DESC);
+ if (struct.success != null) {
+ oprot.writeFieldBegin(SUCCESS_FIELD_DESC);
+ struct.success.write(oprot);
+ oprot.writeFieldEnd();
+ }
+ oprot.writeFieldStop();
+ oprot.writeStructEnd();
+ }
+
+ }
+
+ private static class list_sentry_privileges_by_authorizable_and_user_resultTupleSchemeFactory implements SchemeFactory {
+ public list_sentry_privileges_by_authorizable_and_user_resultTupleScheme getScheme() {
+ return new list_sentry_privileges_by_authorizable_and_user_resultTupleScheme();
+ }
+ }
+
+ private static class list_sentry_privileges_by_authorizable_and_user_resultTupleScheme extends TupleScheme<list_sentry_privileges_by_authorizable_and_user_result> {
+
+ @Override
+ public void write(org.apache.thrift.protocol.TProtocol prot, list_sentry_privileges_by_authorizable_and_user_result struct) throws org.apache.thrift.TException {
+ TTupleProtocol oprot = (TTupleProtocol) prot;
+ BitSet optionals = new BitSet();
+ if (struct.isSetSuccess()) {
+ optionals.set(0);
+ }
+ oprot.writeBitSet(optionals, 1);
+ if (struct.isSetSuccess()) {
+ struct.success.write(oprot);
+ }
+ }
+
+ @Override
+ public void read(org.apache.thrift.protocol.TProtocol prot, list_sentry_privileges_by_authorizable_and_user_result struct) throws org.apache.thrift.TException {
+ TTupleProtocol iprot = (TTupleProtocol) prot;
+ BitSet incoming = iprot.readBitSet(1);
+ if (incoming.get(0)) {
+ struct.success = new TListSentryPrivilegesByAuthUserResponse();
+ struct.success.read(iprot);
+ struct.setSuccessIsSet(true);
+ }
+ }
+ }
+
+ }
+
public static class get_sentry_config_value_args implements org.apache.thrift.TBase<get_sentry_config_value_args, get_sentry_config_value_args._Fields>, java.io.Serializable, Cloneable, Comparable<get_sentry_config_value_args> {
private static final org.apache.thrift.protocol.TStruct STRUCT_DESC = new org.apache.thrift.protocol.TStruct("get_sentry_config_value_args");
diff --git a/sentry-service/sentry-service-api/src/gen/thrift/gen-javabean/org/apache/sentry/api/service/thrift/TListSentryPrivilegesByAuthUserRequest.java b/sentry-service/sentry-service-api/src/gen/thrift/gen-javabean/org/apache/sentry/api/service/thrift/TListSentryPrivilegesByAuthUserRequest.java
new file mode 100644
index 0000000..62c0210
--- /dev/null
+++ b/sentry-service/sentry-service-api/src/gen/thrift/gen-javabean/org/apache/sentry/api/service/thrift/TListSentryPrivilegesByAuthUserRequest.java
@@ -0,0 +1,746 @@
+/**
+ * Autogenerated by Thrift Compiler (0.9.3)
+ *
+ * DO NOT EDIT UNLESS YOU ARE SURE THAT YOU KNOW WHAT YOU ARE DOING
+ * @generated
+ */
+package org.apache.sentry.api.service.thrift;
+
+import org.apache.thrift.scheme.IScheme;
+import org.apache.thrift.scheme.SchemeFactory;
+import org.apache.thrift.scheme.StandardScheme;
+
+import org.apache.thrift.scheme.TupleScheme;
+import org.apache.thrift.protocol.TTupleProtocol;
+import org.apache.thrift.protocol.TProtocolException;
+import org.apache.thrift.EncodingUtils;
+import org.apache.thrift.TException;
+import org.apache.thrift.async.AsyncMethodCallback;
+import org.apache.thrift.server.AbstractNonblockingServer.*;
+import java.util.List;
+import java.util.ArrayList;
+import java.util.Map;
+import java.util.HashMap;
+import java.util.EnumMap;
+import java.util.Set;
+import java.util.HashSet;
+import java.util.EnumSet;
+import java.util.Collections;
+import java.util.BitSet;
+import java.nio.ByteBuffer;
+import java.util.Arrays;
+import javax.annotation.Generated;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+@SuppressWarnings({"cast", "rawtypes", "serial", "unchecked"})
+@Generated(value = "Autogenerated by Thrift Compiler (0.9.3)")
+public class TListSentryPrivilegesByAuthUserRequest implements org.apache.thrift.TBase<TListSentryPrivilegesByAuthUserRequest, TListSentryPrivilegesByAuthUserRequest._Fields>, java.io.Serializable, Cloneable, Comparable<TListSentryPrivilegesByAuthUserRequest> {
+ private static final org.apache.thrift.protocol.TStruct STRUCT_DESC = new org.apache.thrift.protocol.TStruct("TListSentryPrivilegesByAuthUserRequest");
+
+ private static final org.apache.thrift.protocol.TField PROTOCOL_VERSION_FIELD_DESC = new org.apache.thrift.protocol.TField("protocol_version", org.apache.thrift.protocol.TType.I32, (short)1);
+ private static final org.apache.thrift.protocol.TField REQUESTOR_USER_NAME_FIELD_DESC = new org.apache.thrift.protocol.TField("requestorUserName", org.apache.thrift.protocol.TType.STRING, (short)2);
+ private static final org.apache.thrift.protocol.TField AUTHORIZABLE_SET_FIELD_DESC = new org.apache.thrift.protocol.TField("authorizableSet", org.apache.thrift.protocol.TType.SET, (short)3);
+ private static final org.apache.thrift.protocol.TField USER_FIELD_DESC = new org.apache.thrift.protocol.TField("user", org.apache.thrift.protocol.TType.STRING, (short)4);
+
+ private static final Map<Class<? extends IScheme>, SchemeFactory> schemes = new HashMap<Class<? extends IScheme>, SchemeFactory>();
+ static {
+ schemes.put(StandardScheme.class, new TListSentryPrivilegesByAuthUserRequestStandardSchemeFactory());
+ schemes.put(TupleScheme.class, new TListSentryPrivilegesByAuthUserRequestTupleSchemeFactory());
+ }
+
+ private int protocol_version; // required
+ private String requestorUserName; // required
+ private Set<TSentryAuthorizable> authorizableSet; // required
+ private String user; // required
+
+ /** The set of fields this struct contains, along with convenience methods for finding and manipulating them. */
+ public enum _Fields implements org.apache.thrift.TFieldIdEnum {
+ PROTOCOL_VERSION((short)1, "protocol_version"),
+ REQUESTOR_USER_NAME((short)2, "requestorUserName"),
+ AUTHORIZABLE_SET((short)3, "authorizableSet"),
+ USER((short)4, "user");
+
+ private static final Map<String, _Fields> byName = new HashMap<String, _Fields>();
+
+ static {
+ for (_Fields field : EnumSet.allOf(_Fields.class)) {
+ byName.put(field.getFieldName(), field);
+ }
+ }
+
+ /**
+ * Find the _Fields constant that matches fieldId, or null if its not found.
+ */
+ public static _Fields findByThriftId(int fieldId) {
+ switch(fieldId) {
+ case 1: // PROTOCOL_VERSION
+ return PROTOCOL_VERSION;
+ case 2: // REQUESTOR_USER_NAME
+ return REQUESTOR_USER_NAME;
+ case 3: // AUTHORIZABLE_SET
+ return AUTHORIZABLE_SET;
+ case 4: // USER
+ return USER;
+ default:
+ return null;
+ }
+ }
+
+ /**
+ * Find the _Fields constant that matches fieldId, throwing an exception
+ * if it is not found.
+ */
+ public static _Fields findByThriftIdOrThrow(int fieldId) {
+ _Fields fields = findByThriftId(fieldId);
+ if (fields == null) throw new IllegalArgumentException("Field " + fieldId + " doesn't exist!");
+ return fields;
+ }
+
+ /**
+ * Find the _Fields constant that matches name, or null if its not found.
+ */
+ public static _Fields findByName(String name) {
+ return byName.get(name);
+ }
+
+ private final short _thriftId;
+ private final String _fieldName;
+
+ _Fields(short thriftId, String fieldName) {
+ _thriftId = thriftId;
+ _fieldName = fieldName;
+ }
+
+ public short getThriftFieldId() {
+ return _thriftId;
+ }
+
+ public String getFieldName() {
+ return _fieldName;
+ }
+ }
+
+ // isset id assignments
+ private static final int __PROTOCOL_VERSION_ISSET_ID = 0;
+ private byte __isset_bitfield = 0;
+ public static final Map<_Fields, org.apache.thrift.meta_data.FieldMetaData> metaDataMap;
+ static {
+ Map<_Fields, org.apache.thrift.meta_data.FieldMetaData> tmpMap = new EnumMap<_Fields, org.apache.thrift.meta_data.FieldMetaData>(_Fields.class);
+ tmpMap.put(_Fields.PROTOCOL_VERSION, new org.apache.thrift.meta_data.FieldMetaData("protocol_version", org.apache.thrift.TFieldRequirementType.REQUIRED,
+ new org.apache.thrift.meta_data.FieldValueMetaData(org.apache.thrift.protocol.TType.I32)));
+ tmpMap.put(_Fields.REQUESTOR_USER_NAME, new org.apache.thrift.meta_data.FieldMetaData("requestorUserName", org.apache.thrift.TFieldRequirementType.REQUIRED,
+ new org.apache.thrift.meta_data.FieldValueMetaData(org.apache.thrift.protocol.TType.STRING)));
+ tmpMap.put(_Fields.AUTHORIZABLE_SET, new org.apache.thrift.meta_data.FieldMetaData("authorizableSet", org.apache.thrift.TFieldRequirementType.REQUIRED,
+ new org.apache.thrift.meta_data.SetMetaData(org.apache.thrift.protocol.TType.SET,
+ new org.apache.thrift.meta_data.StructMetaData(org.apache.thrift.protocol.TType.STRUCT, TSentryAuthorizable.class))));
+ tmpMap.put(_Fields.USER, new org.apache.thrift.meta_data.FieldMetaData("user", org.apache.thrift.TFieldRequirementType.REQUIRED,
+ new org.apache.thrift.meta_data.FieldValueMetaData(org.apache.thrift.protocol.TType.STRING)));
+ metaDataMap = Collections.unmodifiableMap(tmpMap);
+ org.apache.thrift.meta_data.FieldMetaData.addStructMetaDataMap(TListSentryPrivilegesByAuthUserRequest.class, metaDataMap);
+ }
+
+ public TListSentryPrivilegesByAuthUserRequest() {
+ this.protocol_version = 2;
+
+ }
+
+ public TListSentryPrivilegesByAuthUserRequest(
+ int protocol_version,
+ String requestorUserName,
+ Set<TSentryAuthorizable> authorizableSet,
+ String user)
+ {
+ this();
+ this.protocol_version = protocol_version;
+ setProtocol_versionIsSet(true);
+ this.requestorUserName = requestorUserName;
+ this.authorizableSet = authorizableSet;
+ this.user = user;
+ }
+
+ /**
+ * Performs a deep copy on <i>other</i>.
+ */
+ public TListSentryPrivilegesByAuthUserRequest(TListSentryPrivilegesByAuthUserRequest other) {
+ __isset_bitfield = other.__isset_bitfield;
+ this.protocol_version = other.protocol_version;
+ if (other.isSetRequestorUserName()) {
+ this.requestorUserName = other.requestorUserName;
+ }
+ if (other.isSetAuthorizableSet()) {
+ Set<TSentryAuthorizable> __this__authorizableSet = new HashSet<TSentryAuthorizable>(other.authorizableSet.size());
+ for (TSentryAuthorizable other_element : other.authorizableSet) {
+ __this__authorizableSet.add(new TSentryAuthorizable(other_element));
+ }
+ this.authorizableSet = __this__authorizableSet;
+ }
+ if (other.isSetUser()) {
+ this.user = other.user;
+ }
+ }
+
+ public TListSentryPrivilegesByAuthUserRequest deepCopy() {
+ return new TListSentryPrivilegesByAuthUserRequest(this);
+ }
+
+ @Override
+ public void clear() {
+ this.protocol_version = 2;
+
+ this.requestorUserName = null;
+ this.authorizableSet = null;
+ this.user = null;
+ }
+
+ public int getProtocol_version() {
+ return this.protocol_version;
+ }
+
+ public void setProtocol_version(int protocol_version) {
+ this.protocol_version = protocol_version;
+ setProtocol_versionIsSet(true);
+ }
+
+ public void unsetProtocol_version() {
+ __isset_bitfield = EncodingUtils.clearBit(__isset_bitfield, __PROTOCOL_VERSION_ISSET_ID);
+ }
+
+ /** Returns true if field protocol_version is set (has been assigned a value) and false otherwise */
+ public boolean isSetProtocol_version() {
+ return EncodingUtils.testBit(__isset_bitfield, __PROTOCOL_VERSION_ISSET_ID);
+ }
+
+ public void setProtocol_versionIsSet(boolean value) {
+ __isset_bitfield = EncodingUtils.setBit(__isset_bitfield, __PROTOCOL_VERSION_ISSET_ID, value);
+ }
+
+ public String getRequestorUserName() {
+ return this.requestorUserName;
+ }
+
+ public void setRequestorUserName(String requestorUserName) {
+ this.requestorUserName = requestorUserName;
+ }
+
+ public void unsetRequestorUserName() {
+ this.requestorUserName = null;
+ }
+
+ /** Returns true if field requestorUserName is set (has been assigned a value) and false otherwise */
+ public boolean isSetRequestorUserName() {
+ return this.requestorUserName != null;
+ }
+
+ public void setRequestorUserNameIsSet(boolean value) {
+ if (!value) {
+ this.requestorUserName = null;
+ }
+ }
+
+ public int getAuthorizableSetSize() {
+ return (this.authorizableSet == null) ? 0 : this.authorizableSet.size();
+ }
+
+ public java.util.Iterator<TSentryAuthorizable> getAuthorizableSetIterator() {
+ return (this.authorizableSet == null) ? null : this.authorizableSet.iterator();
+ }
+
+ public void addToAuthorizableSet(TSentryAuthorizable elem) {
+ if (this.authorizableSet == null) {
+ this.authorizableSet = new HashSet<TSentryAuthorizable>();
+ }
+ this.authorizableSet.add(elem);
+ }
+
+ public Set<TSentryAuthorizable> getAuthorizableSet() {
+ return this.authorizableSet;
+ }
+
+ public void setAuthorizableSet(Set<TSentryAuthorizable> authorizableSet) {
+ this.authorizableSet = authorizableSet;
+ }
+
+ public void unsetAuthorizableSet() {
+ this.authorizableSet = null;
+ }
+
+ /** Returns true if field authorizableSet is set (has been assigned a value) and false otherwise */
+ public boolean isSetAuthorizableSet() {
+ return this.authorizableSet != null;
+ }
+
+ public void setAuthorizableSetIsSet(boolean value) {
+ if (!value) {
+ this.authorizableSet = null;
+ }
+ }
+
+ public String getUser() {
+ return this.user;
+ }
+
+ public void setUser(String user) {
+ this.user = user;
+ }
+
+ public void unsetUser() {
+ this.user = null;
+ }
+
+ /** Returns true if field user is set (has been assigned a value) and false otherwise */
+ public boolean isSetUser() {
+ return this.user != null;
+ }
+
+ public void setUserIsSet(boolean value) {
+ if (!value) {
+ this.user = null;
+ }
+ }
+
+ public void setFieldValue(_Fields field, Object value) {
+ switch (field) {
+ case PROTOCOL_VERSION:
+ if (value == null) {
+ unsetProtocol_version();
+ } else {
+ setProtocol_version((Integer)value);
+ }
+ break;
+
+ case REQUESTOR_USER_NAME:
+ if (value == null) {
+ unsetRequestorUserName();
+ } else {
+ setRequestorUserName((String)value);
+ }
+ break;
+
+ case AUTHORIZABLE_SET:
+ if (value == null) {
+ unsetAuthorizableSet();
+ } else {
+ setAuthorizableSet((Set<TSentryAuthorizable>)value);
+ }
+ break;
+
+ case USER:
+ if (value == null) {
+ unsetUser();
+ } else {
+ setUser((String)value);
+ }
+ break;
+
+ }
+ }
+
+ public Object getFieldValue(_Fields field) {
+ switch (field) {
+ case PROTOCOL_VERSION:
+ return getProtocol_version();
+
+ case REQUESTOR_USER_NAME:
+ return getRequestorUserName();
+
+ case AUTHORIZABLE_SET:
+ return getAuthorizableSet();
+
+ case USER:
+ return getUser();
+
+ }
+ throw new IllegalStateException();
+ }
+
+ /** Returns true if field corresponding to fieldID is set (has been assigned a value) and false otherwise */
+ public boolean isSet(_Fields field) {
+ if (field == null) {
+ throw new IllegalArgumentException();
+ }
+
+ switch (field) {
+ case PROTOCOL_VERSION:
+ return isSetProtocol_version();
+ case REQUESTOR_USER_NAME:
+ return isSetRequestorUserName();
+ case AUTHORIZABLE_SET:
+ return isSetAuthorizableSet();
+ case USER:
+ return isSetUser();
+ }
+ throw new IllegalStateException();
+ }
+
+ @Override
+ public boolean equals(Object that) {
+ if (that == null)
+ return false;
+ if (that instanceof TListSentryPrivilegesByAuthUserRequest)
+ return this.equals((TListSentryPrivilegesByAuthUserRequest)that);
+ return false;
+ }
+
+ public boolean equals(TListSentryPrivilegesByAuthUserRequest that) {
+ if (that == null)
+ return false;
+
+ boolean this_present_protocol_version = true;
+ boolean that_present_protocol_version = true;
+ if (this_present_protocol_version || that_present_protocol_version) {
+ if (!(this_present_protocol_version && that_present_protocol_version))
+ return false;
+ if (this.protocol_version != that.protocol_version)
+ return false;
+ }
+
+ boolean this_present_requestorUserName = true && this.isSetRequestorUserName();
+ boolean that_present_requestorUserName = true && that.isSetRequestorUserName();
+ if (this_present_requestorUserName || that_present_requestorUserName) {
+ if (!(this_present_requestorUserName && that_present_requestorUserName))
+ return false;
+ if (!this.requestorUserName.equals(that.requestorUserName))
+ return false;
+ }
+
+ boolean this_present_authorizableSet = true && this.isSetAuthorizableSet();
+ boolean that_present_authorizableSet = true && that.isSetAuthorizableSet();
+ if (this_present_authorizableSet || that_present_authorizableSet) {
+ if (!(this_present_authorizableSet && that_present_authorizableSet))
+ return false;
+ if (!this.authorizableSet.equals(that.authorizableSet))
+ return false;
+ }
+
+ boolean this_present_user = true && this.isSetUser();
+ boolean that_present_user = true && that.isSetUser();
+ if (this_present_user || that_present_user) {
+ if (!(this_present_user && that_present_user))
+ return false;
+ if (!this.user.equals(that.user))
+ return false;
+ }
+
+ return true;
+ }
+
+ @Override
+ public int hashCode() {
+ List<Object> list = new ArrayList<Object>();
+
+ boolean present_protocol_version = true;
+ list.add(present_protocol_version);
+ if (present_protocol_version)
+ list.add(protocol_version);
+
+ boolean present_requestorUserName = true && (isSetRequestorUserName());
+ list.add(present_requestorUserName);
+ if (present_requestorUserName)
+ list.add(requestorUserName);
+
+ boolean present_authorizableSet = true && (isSetAuthorizableSet());
+ list.add(present_authorizableSet);
+ if (present_authorizableSet)
+ list.add(authorizableSet);
+
+ boolean present_user = true && (isSetUser());
+ list.add(present_user);
+ if (present_user)
+ list.add(user);
+
+ return list.hashCode();
+ }
+
+ @Override
+ public int compareTo(TListSentryPrivilegesByAuthUserRequest other) {
+ if (!getClass().equals(other.getClass())) {
+ return getClass().getName().compareTo(other.getClass().getName());
+ }
+
+ int lastComparison = 0;
+
+ lastComparison = Boolean.valueOf(isSetProtocol_version()).compareTo(other.isSetProtocol_version());
+ if (lastComparison != 0) {
+ return lastComparison;
+ }
+ if (isSetProtocol_version()) {
+ lastComparison = org.apache.thrift.TBaseHelper.compareTo(this.protocol_version, other.protocol_version);
+ if (lastComparison != 0) {
+ return lastComparison;
+ }
+ }
+ lastComparison = Boolean.valueOf(isSetRequestorUserName()).compareTo(other.isSetRequestorUserName());
+ if (lastComparison != 0) {
+ return lastComparison;
+ }
+ if (isSetRequestorUserName()) {
+ lastComparison = org.apache.thrift.TBaseHelper.compareTo(this.requestorUserName, other.requestorUserName);
+ if (lastComparison != 0) {
+ return lastComparison;
+ }
+ }
+ lastComparison = Boolean.valueOf(isSetAuthorizableSet()).compareTo(other.isSetAuthorizableSet());
+ if (lastComparison != 0) {
+ return lastComparison;
+ }
+ if (isSetAuthorizableSet()) {
+ lastComparison = org.apache.thrift.TBaseHelper.compareTo(this.authorizableSet, other.authorizableSet);
+ if (lastComparison != 0) {
+ return lastComparison;
+ }
+ }
+ lastComparison = Boolean.valueOf(isSetUser()).compareTo(other.isSetUser());
+ if (lastComparison != 0) {
+ return lastComparison;
+ }
+ if (isSetUser()) {
+ lastComparison = org.apache.thrift.TBaseHelper.compareTo(this.user, other.user);
+ if (lastComparison != 0) {
+ return lastComparison;
+ }
+ }
+ return 0;
+ }
+
+ public _Fields fieldForId(int fieldId) {
+ return _Fields.findByThriftId(fieldId);
+ }
+
+ public void read(org.apache.thrift.protocol.TProtocol iprot) throws org.apache.thrift.TException {
+ schemes.get(iprot.getScheme()).getScheme().read(iprot, this);
+ }
+
+ public void write(org.apache.thrift.protocol.TProtocol oprot) throws org.apache.thrift.TException {
+ schemes.get(oprot.getScheme()).getScheme().write(oprot, this);
+ }
+
+ @Override
+ public String toString() {
+ StringBuilder sb = new StringBuilder("TListSentryPrivilegesByAuthUserRequest(");
+ boolean first = true;
+
+ sb.append("protocol_version:");
+ sb.append(this.protocol_version);
+ first = false;
+ if (!first) sb.append(", ");
+ sb.append("requestorUserName:");
+ if (this.requestorUserName == null) {
+ sb.append("null");
+ } else {
+ sb.append(this.requestorUserName);
+ }
+ first = false;
+ if (!first) sb.append(", ");
+ sb.append("authorizableSet:");
+ if (this.authorizableSet == null) {
+ sb.append("null");
+ } else {
+ sb.append(this.authorizableSet);
+ }
+ first = false;
+ if (!first) sb.append(", ");
+ sb.append("user:");
+ if (this.user == null) {
+ sb.append("null");
+ } else {
+ sb.append(this.user);
+ }
+ first = false;
+ sb.append(")");
+ return sb.toString();
+ }
+
+ public void validate() throws org.apache.thrift.TException {
+ // check for required fields
+ if (!isSetProtocol_version()) {
+ throw new org.apache.thrift.protocol.TProtocolException("Required field 'protocol_version' is unset! Struct:" + toString());
+ }
+
+ if (!isSetRequestorUserName()) {
+ throw new org.apache.thrift.protocol.TProtocolException("Required field 'requestorUserName' is unset! Struct:" + toString());
+ }
+
+ if (!isSetAuthorizableSet()) {
+ throw new org.apache.thrift.protocol.TProtocolException("Required field 'authorizableSet' is unset! Struct:" + toString());
+ }
+
+ if (!isSetUser()) {
+ throw new org.apache.thrift.protocol.TProtocolException("Required field 'user' is unset! Struct:" + toString());
+ }
+
+ // check for sub-struct validity
+ }
+
+ private void writeObject(java.io.ObjectOutputStream out) throws java.io.IOException {
+ try {
+ write(new org.apache.thrift.protocol.TCompactProtocol(new org.apache.thrift.transport.TIOStreamTransport(out)));
+ } catch (org.apache.thrift.TException te) {
+ throw new java.io.IOException(te);
+ }
+ }
+
+ private void readObject(java.io.ObjectInputStream in) throws java.io.IOException, ClassNotFoundException {
+ try {
+ // it doesn't seem like you should have to do this, but java serialization is wacky, and doesn't call the default constructor.
+ __isset_bitfield = 0;
+ read(new org.apache.thrift.protocol.TCompactProtocol(new org.apache.thrift.transport.TIOStreamTransport(in)));
+ } catch (org.apache.thrift.TException te) {
+ throw new java.io.IOException(te);
+ }
+ }
+
+ private static class TListSentryPrivilegesByAuthUserRequestStandardSchemeFactory implements SchemeFactory {
+ public TListSentryPrivilegesByAuthUserRequestStandardScheme getScheme() {
+ return new TListSentryPrivilegesByAuthUserRequestStandardScheme();
+ }
+ }
+
+ private static class TListSentryPrivilegesByAuthUserRequestStandardScheme extends StandardScheme<TListSentryPrivilegesByAuthUserRequest> {
+
+ public void read(org.apache.thrift.protocol.TProtocol iprot, TListSentryPrivilegesByAuthUserRequest struct) throws org.apache.thrift.TException {
+ org.apache.thrift.protocol.TField schemeField;
+ iprot.readStructBegin();
+ while (true)
+ {
+ schemeField = iprot.readFieldBegin();
+ if (schemeField.type == org.apache.thrift.protocol.TType.STOP) {
+ break;
+ }
+ switch (schemeField.id) {
+ case 1: // PROTOCOL_VERSION
+ if (schemeField.type == org.apache.thrift.protocol.TType.I32) {
+ struct.protocol_version = iprot.readI32();
+ struct.setProtocol_versionIsSet(true);
+ } else {
+ org.apache.thrift.protocol.TProtocolUtil.skip(iprot, schemeField.type);
+ }
+ break;
+ case 2: // REQUESTOR_USER_NAME
+ if (schemeField.type == org.apache.thrift.protocol.TType.STRING) {
+ struct.requestorUserName = iprot.readString();
+ struct.setRequestorUserNameIsSet(true);
+ } else {
+ org.apache.thrift.protocol.TProtocolUtil.skip(iprot, schemeField.type);
+ }
+ break;
+ case 3: // AUTHORIZABLE_SET
+ if (schemeField.type == org.apache.thrift.protocol.TType.SET) {
+ {
+ org.apache.thrift.protocol.TSet _set174 = iprot.readSetBegin();
+ struct.authorizableSet = new HashSet<TSentryAuthorizable>(2*_set174.size);
+ TSentryAuthorizable _elem175;
+ for (int _i176 = 0; _i176 < _set174.size; ++_i176)
+ {
+ _elem175 = new TSentryAuthorizable();
+ _elem175.read(iprot);
+ struct.authorizableSet.add(_elem175);
+ }
+ iprot.readSetEnd();
+ }
+ struct.setAuthorizableSetIsSet(true);
+ } else {
+ org.apache.thrift.protocol.TProtocolUtil.skip(iprot, schemeField.type);
+ }
+ break;
+ case 4: // USER
+ if (schemeField.type == org.apache.thrift.protocol.TType.STRING) {
+ struct.user = iprot.readString();
+ struct.setUserIsSet(true);
+ } else {
+ org.apache.thrift.protocol.TProtocolUtil.skip(iprot, schemeField.type);
+ }
+ break;
+ default:
+ org.apache.thrift.protocol.TProtocolUtil.skip(iprot, schemeField.type);
+ }
+ iprot.readFieldEnd();
+ }
+ iprot.readStructEnd();
+ struct.validate();
+ }
+
+ public void write(org.apache.thrift.protocol.TProtocol oprot, TListSentryPrivilegesByAuthUserRequest struct) throws org.apache.thrift.TException {
+ struct.validate();
+
+ oprot.writeStructBegin(STRUCT_DESC);
+ oprot.writeFieldBegin(PROTOCOL_VERSION_FIELD_DESC);
+ oprot.writeI32(struct.protocol_version);
+ oprot.writeFieldEnd();
+ if (struct.requestorUserName != null) {
+ oprot.writeFieldBegin(REQUESTOR_USER_NAME_FIELD_DESC);
+ oprot.writeString(struct.requestorUserName);
+ oprot.writeFieldEnd();
+ }
+ if (struct.authorizableSet != null) {
+ oprot.writeFieldBegin(AUTHORIZABLE_SET_FIELD_DESC);
+ {
+ oprot.writeSetBegin(new org.apache.thrift.protocol.TSet(org.apache.thrift.protocol.TType.STRUCT, struct.authorizableSet.size()));
+ for (TSentryAuthorizable _iter177 : struct.authorizableSet)
+ {
+ _iter177.write(oprot);
+ }
+ oprot.writeSetEnd();
+ }
+ oprot.writeFieldEnd();
+ }
+ if (struct.user != null) {
+ oprot.writeFieldBegin(USER_FIELD_DESC);
+ oprot.writeString(struct.user);
+ oprot.writeFieldEnd();
+ }
+ oprot.writeFieldStop();
+ oprot.writeStructEnd();
+ }
+
+ }
+
+ private static class TListSentryPrivilegesByAuthUserRequestTupleSchemeFactory implements SchemeFactory {
+ public TListSentryPrivilegesByAuthUserRequestTupleScheme getScheme() {
+ return new TListSentryPrivilegesByAuthUserRequestTupleScheme();
+ }
+ }
+
+ private static class TListSentryPrivilegesByAuthUserRequestTupleScheme extends TupleScheme<TListSentryPrivilegesByAuthUserRequest> {
+
+ @Override
+ public void write(org.apache.thrift.protocol.TProtocol prot, TListSentryPrivilegesByAuthUserRequest struct) throws org.apache.thrift.TException {
+ TTupleProtocol oprot = (TTupleProtocol) prot;
+ oprot.writeI32(struct.protocol_version);
+ oprot.writeString(struct.requestorUserName);
+ {
+ oprot.writeI32(struct.authorizableSet.size());
+ for (TSentryAuthorizable _iter178 : struct.authorizableSet)
+ {
+ _iter178.write(oprot);
+ }
+ }
+ oprot.writeString(struct.user);
+ }
+
+ @Override
+ public void read(org.apache.thrift.protocol.TProtocol prot, TListSentryPrivilegesByAuthUserRequest struct) throws org.apache.thrift.TException {
+ TTupleProtocol iprot = (TTupleProtocol) prot;
+ struct.protocol_version = iprot.readI32();
+ struct.setProtocol_versionIsSet(true);
+ struct.requestorUserName = iprot.readString();
+ struct.setRequestorUserNameIsSet(true);
+ {
+ org.apache.thrift.protocol.TSet _set179 = new org.apache.thrift.protocol.TSet(org.apache.thrift.protocol.TType.STRUCT, iprot.readI32());
+ struct.authorizableSet = new HashSet<TSentryAuthorizable>(2*_set179.size);
+ TSentryAuthorizable _elem180;
+ for (int _i181 = 0; _i181 < _set179.size; ++_i181)
+ {
+ _elem180 = new TSentryAuthorizable();
+ _elem180.read(iprot);
+ struct.authorizableSet.add(_elem180);
+ }
+ }
+ struct.setAuthorizableSetIsSet(true);
+ struct.user = iprot.readString();
+ struct.setUserIsSet(true);
+ }
+ }
+
+}
+
diff --git a/sentry-service/sentry-service-api/src/gen/thrift/gen-javabean/org/apache/sentry/api/service/thrift/TListSentryPrivilegesByAuthUserResponse.java b/sentry-service/sentry-service-api/src/gen/thrift/gen-javabean/org/apache/sentry/api/service/thrift/TListSentryPrivilegesByAuthUserResponse.java
new file mode 100644
index 0000000..f9f0e64
--- /dev/null
+++ b/sentry-service/sentry-service-api/src/gen/thrift/gen-javabean/org/apache/sentry/api/service/thrift/TListSentryPrivilegesByAuthUserResponse.java
@@ -0,0 +1,598 @@
+/**
+ * Autogenerated by Thrift Compiler (0.9.3)
+ *
+ * DO NOT EDIT UNLESS YOU ARE SURE THAT YOU KNOW WHAT YOU ARE DOING
+ * @generated
+ */
+package org.apache.sentry.api.service.thrift;
+
+import org.apache.thrift.scheme.IScheme;
+import org.apache.thrift.scheme.SchemeFactory;
+import org.apache.thrift.scheme.StandardScheme;
+
+import org.apache.thrift.scheme.TupleScheme;
+import org.apache.thrift.protocol.TTupleProtocol;
+import org.apache.thrift.protocol.TProtocolException;
+import org.apache.thrift.EncodingUtils;
+import org.apache.thrift.TException;
+import org.apache.thrift.async.AsyncMethodCallback;
+import org.apache.thrift.server.AbstractNonblockingServer.*;
+import java.util.List;
+import java.util.ArrayList;
+import java.util.Map;
+import java.util.HashMap;
+import java.util.EnumMap;
+import java.util.Set;
+import java.util.HashSet;
+import java.util.EnumSet;
+import java.util.Collections;
+import java.util.BitSet;
+import java.nio.ByteBuffer;
+import java.util.Arrays;
+import javax.annotation.Generated;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+@SuppressWarnings({"cast", "rawtypes", "serial", "unchecked"})
+@Generated(value = "Autogenerated by Thrift Compiler (0.9.3)")
+public class TListSentryPrivilegesByAuthUserResponse implements org.apache.thrift.TBase<TListSentryPrivilegesByAuthUserResponse, TListSentryPrivilegesByAuthUserResponse._Fields>, java.io.Serializable, Cloneable, Comparable<TListSentryPrivilegesByAuthUserResponse> {
+ private static final org.apache.thrift.protocol.TStruct STRUCT_DESC = new org.apache.thrift.protocol.TStruct("TListSentryPrivilegesByAuthUserResponse");
+
+ private static final org.apache.thrift.protocol.TField STATUS_FIELD_DESC = new org.apache.thrift.protocol.TField("status", org.apache.thrift.protocol.TType.STRUCT, (short)1);
+ private static final org.apache.thrift.protocol.TField PRIVILEGES_MAP_BY_AUTH_FIELD_DESC = new org.apache.thrift.protocol.TField("privilegesMapByAuth", org.apache.thrift.protocol.TType.MAP, (short)2);
+
+ private static final Map<Class<? extends IScheme>, SchemeFactory> schemes = new HashMap<Class<? extends IScheme>, SchemeFactory>();
+ static {
+ schemes.put(StandardScheme.class, new TListSentryPrivilegesByAuthUserResponseStandardSchemeFactory());
+ schemes.put(TupleScheme.class, new TListSentryPrivilegesByAuthUserResponseTupleSchemeFactory());
+ }
+
+ private org.apache.sentry.service.thrift.TSentryResponseStatus status; // required
+ private Map<TSentryAuthorizable,Set<TSentryPrivilege>> privilegesMapByAuth; // required
+
+ /** The set of fields this struct contains, along with convenience methods for finding and manipulating them. */
+ public enum _Fields implements org.apache.thrift.TFieldIdEnum {
+ STATUS((short)1, "status"),
+ PRIVILEGES_MAP_BY_AUTH((short)2, "privilegesMapByAuth");
+
+ private static final Map<String, _Fields> byName = new HashMap<String, _Fields>();
+
+ static {
+ for (_Fields field : EnumSet.allOf(_Fields.class)) {
+ byName.put(field.getFieldName(), field);
+ }
+ }
+
+ /**
+ * Find the _Fields constant that matches fieldId, or null if its not found.
+ */
+ public static _Fields findByThriftId(int fieldId) {
+ switch(fieldId) {
+ case 1: // STATUS
+ return STATUS;
+ case 2: // PRIVILEGES_MAP_BY_AUTH
+ return PRIVILEGES_MAP_BY_AUTH;
+ default:
+ return null;
+ }
+ }
+
+ /**
+ * Find the _Fields constant that matches fieldId, throwing an exception
+ * if it is not found.
+ */
+ public static _Fields findByThriftIdOrThrow(int fieldId) {
+ _Fields fields = findByThriftId(fieldId);
+ if (fields == null) throw new IllegalArgumentException("Field " + fieldId + " doesn't exist!");
+ return fields;
+ }
+
+ /**
+ * Find the _Fields constant that matches name, or null if its not found.
+ */
+ public static _Fields findByName(String name) {
+ return byName.get(name);
+ }
+
+ private final short _thriftId;
+ private final String _fieldName;
+
+ _Fields(short thriftId, String fieldName) {
+ _thriftId = thriftId;
+ _fieldName = fieldName;
+ }
+
+ public short getThriftFieldId() {
+ return _thriftId;
+ }
+
+ public String getFieldName() {
+ return _fieldName;
+ }
+ }
+
+ // isset id assignments
+ public static final Map<_Fields, org.apache.thrift.meta_data.FieldMetaData> metaDataMap;
+ static {
+ Map<_Fields, org.apache.thrift.meta_data.FieldMetaData> tmpMap = new EnumMap<_Fields, org.apache.thrift.meta_data.FieldMetaData>(_Fields.class);
+ tmpMap.put(_Fields.STATUS, new org.apache.thrift.meta_data.FieldMetaData("status", org.apache.thrift.TFieldRequirementType.REQUIRED,
+ new org.apache.thrift.meta_data.StructMetaData(org.apache.thrift.protocol.TType.STRUCT, org.apache.sentry.service.thrift.TSentryResponseStatus.class)));
+ tmpMap.put(_Fields.PRIVILEGES_MAP_BY_AUTH, new org.apache.thrift.meta_data.FieldMetaData("privilegesMapByAuth", org.apache.thrift.TFieldRequirementType.REQUIRED,
+ new org.apache.thrift.meta_data.MapMetaData(org.apache.thrift.protocol.TType.MAP,
+ new org.apache.thrift.meta_data.StructMetaData(org.apache.thrift.protocol.TType.STRUCT, TSentryAuthorizable.class),
+ new org.apache.thrift.meta_data.SetMetaData(org.apache.thrift.protocol.TType.SET,
+ new org.apache.thrift.meta_data.StructMetaData(org.apache.thrift.protocol.TType.STRUCT, TSentryPrivilege.class)))));
+ metaDataMap = Collections.unmodifiableMap(tmpMap);
+ org.apache.thrift.meta_data.FieldMetaData.addStructMetaDataMap(TListSentryPrivilegesByAuthUserResponse.class, metaDataMap);
+ }
+
+ public TListSentryPrivilegesByAuthUserResponse() {
+ }
+
+ public TListSentryPrivilegesByAuthUserResponse(
+ org.apache.sentry.service.thrift.TSentryResponseStatus status,
+ Map<TSentryAuthorizable,Set<TSentryPrivilege>> privilegesMapByAuth)
+ {
+ this();
+ this.status = status;
+ this.privilegesMapByAuth = privilegesMapByAuth;
+ }
+
+ /**
+ * Performs a deep copy on <i>other</i>.
+ */
+ public TListSentryPrivilegesByAuthUserResponse(TListSentryPrivilegesByAuthUserResponse other) {
+ if (other.isSetStatus()) {
+ this.status = new org.apache.sentry.service.thrift.TSentryResponseStatus(other.status);
+ }
+ if (other.isSetPrivilegesMapByAuth()) {
+ Map<TSentryAuthorizable,Set<TSentryPrivilege>> __this__privilegesMapByAuth = new HashMap<TSentryAuthorizable,Set<TSentryPrivilege>>(other.privilegesMapByAuth.size());
+ for (Map.Entry<TSentryAuthorizable, Set<TSentryPrivilege>> other_element : other.privilegesMapByAuth.entrySet()) {
+
+ TSentryAuthorizable other_element_key = other_element.getKey();
+ Set<TSentryPrivilege> other_element_value = other_element.getValue();
+
+ TSentryAuthorizable __this__privilegesMapByAuth_copy_key = new TSentryAuthorizable(other_element_key);
+
+ Set<TSentryPrivilege> __this__privilegesMapByAuth_copy_value = new HashSet<TSentryPrivilege>(other_element_value.size());
+ for (TSentryPrivilege other_element_value_element : other_element_value) {
+ __this__privilegesMapByAuth_copy_value.add(new TSentryPrivilege(other_element_value_element));
+ }
+
+ __this__privilegesMapByAuth.put(__this__privilegesMapByAuth_copy_key, __this__privilegesMapByAuth_copy_value);
+ }
+ this.privilegesMapByAuth = __this__privilegesMapByAuth;
+ }
+ }
+
+ public TListSentryPrivilegesByAuthUserResponse deepCopy() {
+ return new TListSentryPrivilegesByAuthUserResponse(this);
+ }
+
+ @Override
+ public void clear() {
+ this.status = null;
+ this.privilegesMapByAuth = null;
+ }
+
+ public org.apache.sentry.service.thrift.TSentryResponseStatus getStatus() {
+ return this.status;
+ }
+
+ public void setStatus(org.apache.sentry.service.thrift.TSentryResponseStatus status) {
+ this.status = status;
+ }
+
+ public void unsetStatus() {
+ this.status = null;
+ }
+
+ /** Returns true if field status is set (has been assigned a value) and false otherwise */
+ public boolean isSetStatus() {
+ return this.status != null;
+ }
+
+ public void setStatusIsSet(boolean value) {
+ if (!value) {
+ this.status = null;
+ }
+ }
+
+ public int getPrivilegesMapByAuthSize() {
+ return (this.privilegesMapByAuth == null) ? 0 : this.privilegesMapByAuth.size();
+ }
+
+ public void putToPrivilegesMapByAuth(TSentryAuthorizable key, Set<TSentryPrivilege> val) {
+ if (this.privilegesMapByAuth == null) {
+ this.privilegesMapByAuth = new HashMap<TSentryAuthorizable,Set<TSentryPrivilege>>();
+ }
+ this.privilegesMapByAuth.put(key, val);
+ }
+
+ public Map<TSentryAuthorizable,Set<TSentryPrivilege>> getPrivilegesMapByAuth() {
+ return this.privilegesMapByAuth;
+ }
+
+ public void setPrivilegesMapByAuth(Map<TSentryAuthorizable,Set<TSentryPrivilege>> privilegesMapByAuth) {
+ this.privilegesMapByAuth = privilegesMapByAuth;
+ }
+
+ public void unsetPrivilegesMapByAuth() {
+ this.privilegesMapByAuth = null;
+ }
+
+ /** Returns true if field privilegesMapByAuth is set (has been assigned a value) and false otherwise */
+ public boolean isSetPrivilegesMapByAuth() {
+ return this.privilegesMapByAuth != null;
+ }
+
+ public void setPrivilegesMapByAuthIsSet(boolean value) {
+ if (!value) {
+ this.privilegesMapByAuth = null;
+ }
+ }
+
+ public void setFieldValue(_Fields field, Object value) {
+ switch (field) {
+ case STATUS:
+ if (value == null) {
+ unsetStatus();
+ } else {
+ setStatus((org.apache.sentry.service.thrift.TSentryResponseStatus)value);
+ }
+ break;
+
+ case PRIVILEGES_MAP_BY_AUTH:
+ if (value == null) {
+ unsetPrivilegesMapByAuth();
+ } else {
+ setPrivilegesMapByAuth((Map<TSentryAuthorizable,Set<TSentryPrivilege>>)value);
+ }
+ break;
+
+ }
+ }
+
+ public Object getFieldValue(_Fields field) {
+ switch (field) {
+ case STATUS:
+ return getStatus();
+
+ case PRIVILEGES_MAP_BY_AUTH:
+ return getPrivilegesMapByAuth();
+
+ }
+ throw new IllegalStateException();
+ }
+
+ /** Returns true if field corresponding to fieldID is set (has been assigned a value) and false otherwise */
+ public boolean isSet(_Fields field) {
+ if (field == null) {
+ throw new IllegalArgumentException();
+ }
+
+ switch (field) {
+ case STATUS:
+ return isSetStatus();
+ case PRIVILEGES_MAP_BY_AUTH:
+ return isSetPrivilegesMapByAuth();
+ }
+ throw new IllegalStateException();
+ }
+
+ @Override
+ public boolean equals(Object that) {
+ if (that == null)
+ return false;
+ if (that instanceof TListSentryPrivilegesByAuthUserResponse)
+ return this.equals((TListSentryPrivilegesByAuthUserResponse)that);
+ return false;
+ }
+
+ public boolean equals(TListSentryPrivilegesByAuthUserResponse that) {
+ if (that == null)
+ return false;
+
+ boolean this_present_status = true && this.isSetStatus();
+ boolean that_present_status = true && that.isSetStatus();
+ if (this_present_status || that_present_status) {
+ if (!(this_present_status && that_present_status))
+ return false;
+ if (!this.status.equals(that.status))
+ return false;
+ }
+
+ boolean this_present_privilegesMapByAuth = true && this.isSetPrivilegesMapByAuth();
+ boolean that_present_privilegesMapByAuth = true && that.isSetPrivilegesMapByAuth();
+ if (this_present_privilegesMapByAuth || that_present_privilegesMapByAuth) {
+ if (!(this_present_privilegesMapByAuth && that_present_privilegesMapByAuth))
+ return false;
+ if (!this.privilegesMapByAuth.equals(that.privilegesMapByAuth))
+ return false;
+ }
+
+ return true;
+ }
+
+ @Override
+ public int hashCode() {
+ List<Object> list = new ArrayList<Object>();
+
+ boolean present_status = true && (isSetStatus());
+ list.add(present_status);
+ if (present_status)
+ list.add(status);
+
+ boolean present_privilegesMapByAuth = true && (isSetPrivilegesMapByAuth());
+ list.add(present_privilegesMapByAuth);
+ if (present_privilegesMapByAuth)
+ list.add(privilegesMapByAuth);
+
+ return list.hashCode();
+ }
+
+ @Override
+ public int compareTo(TListSentryPrivilegesByAuthUserResponse other) {
+ if (!getClass().equals(other.getClass())) {
+ return getClass().getName().compareTo(other.getClass().getName());
+ }
+
+ int lastComparison = 0;
+
+ lastComparison = Boolean.valueOf(isSetStatus()).compareTo(other.isSetStatus());
+ if (lastComparison != 0) {
+ return lastComparison;
+ }
+ if (isSetStatus()) {
+ lastComparison = org.apache.thrift.TBaseHelper.compareTo(this.status, other.status);
+ if (lastComparison != 0) {
+ return lastComparison;
+ }
+ }
+ lastComparison = Boolean.valueOf(isSetPrivilegesMapByAuth()).compareTo(other.isSetPrivilegesMapByAuth());
+ if (lastComparison != 0) {
+ return lastComparison;
+ }
+ if (isSetPrivilegesMapByAuth()) {
+ lastComparison = org.apache.thrift.TBaseHelper.compareTo(this.privilegesMapByAuth, other.privilegesMapByAuth);
+ if (lastComparison != 0) {
+ return lastComparison;
+ }
+ }
+ return 0;
+ }
+
+ public _Fields fieldForId(int fieldId) {
+ return _Fields.findByThriftId(fieldId);
+ }
+
+ public void read(org.apache.thrift.protocol.TProtocol iprot) throws org.apache.thrift.TException {
+ schemes.get(iprot.getScheme()).getScheme().read(iprot, this);
+ }
+
+ public void write(org.apache.thrift.protocol.TProtocol oprot) throws org.apache.thrift.TException {
+ schemes.get(oprot.getScheme()).getScheme().write(oprot, this);
+ }
+
+ @Override
+ public String toString() {
+ StringBuilder sb = new StringBuilder("TListSentryPrivilegesByAuthUserResponse(");
+ boolean first = true;
+
+ sb.append("status:");
+ if (this.status == null) {
+ sb.append("null");
+ } else {
+ sb.append(this.status);
+ }
+ first = false;
+ if (!first) sb.append(", ");
+ sb.append("privilegesMapByAuth:");
+ if (this.privilegesMapByAuth == null) {
+ sb.append("null");
+ } else {
+ sb.append(this.privilegesMapByAuth);
+ }
+ first = false;
+ sb.append(")");
+ return sb.toString();
+ }
+
+ public void validate() throws org.apache.thrift.TException {
+ // check for required fields
+ if (!isSetStatus()) {
+ throw new org.apache.thrift.protocol.TProtocolException("Required field 'status' is unset! Struct:" + toString());
+ }
+
+ if (!isSetPrivilegesMapByAuth()) {
+ throw new org.apache.thrift.protocol.TProtocolException("Required field 'privilegesMapByAuth' is unset! Struct:" + toString());
+ }
+
+ // check for sub-struct validity
+ if (status != null) {
+ status.validate();
+ }
+ }
+
+ private void writeObject(java.io.ObjectOutputStream out) throws java.io.IOException {
+ try {
+ write(new org.apache.thrift.protocol.TCompactProtocol(new org.apache.thrift.transport.TIOStreamTransport(out)));
+ } catch (org.apache.thrift.TException te) {
+ throw new java.io.IOException(te);
+ }
+ }
+
+ private void readObject(java.io.ObjectInputStream in) throws java.io.IOException, ClassNotFoundException {
+ try {
+ read(new org.apache.thrift.protocol.TCompactProtocol(new org.apache.thrift.transport.TIOStreamTransport(in)));
+ } catch (org.apache.thrift.TException te) {
+ throw new java.io.IOException(te);
+ }
+ }
+
+ private static class TListSentryPrivilegesByAuthUserResponseStandardSchemeFactory implements SchemeFactory {
+ public TListSentryPrivilegesByAuthUserResponseStandardScheme getScheme() {
+ return new TListSentryPrivilegesByAuthUserResponseStandardScheme();
+ }
+ }
+
+ private static class TListSentryPrivilegesByAuthUserResponseStandardScheme extends StandardScheme<TListSentryPrivilegesByAuthUserResponse> {
+
+ public void read(org.apache.thrift.protocol.TProtocol iprot, TListSentryPrivilegesByAuthUserResponse struct) throws org.apache.thrift.TException {
+ org.apache.thrift.protocol.TField schemeField;
+ iprot.readStructBegin();
+ while (true)
+ {
+ schemeField = iprot.readFieldBegin();
+ if (schemeField.type == org.apache.thrift.protocol.TType.STOP) {
+ break;
+ }
+ switch (schemeField.id) {
+ case 1: // STATUS
+ if (schemeField.type == org.apache.thrift.protocol.TType.STRUCT) {
+ struct.status = new org.apache.sentry.service.thrift.TSentryResponseStatus();
+ struct.status.read(iprot);
+ struct.setStatusIsSet(true);
+ } else {
+ org.apache.thrift.protocol.TProtocolUtil.skip(iprot, schemeField.type);
+ }
+ break;
+ case 2: // PRIVILEGES_MAP_BY_AUTH
+ if (schemeField.type == org.apache.thrift.protocol.TType.MAP) {
+ {
+ org.apache.thrift.protocol.TMap _map182 = iprot.readMapBegin();
+ struct.privilegesMapByAuth = new HashMap<TSentryAuthorizable,Set<TSentryPrivilege>>(2*_map182.size);
+ TSentryAuthorizable _key183;
+ Set<TSentryPrivilege> _val184;
+ for (int _i185 = 0; _i185 < _map182.size; ++_i185)
+ {
+ _key183 = new TSentryAuthorizable();
+ _key183.read(iprot);
+ {
+ org.apache.thrift.protocol.TSet _set186 = iprot.readSetBegin();
+ _val184 = new HashSet<TSentryPrivilege>(2*_set186.size);
+ TSentryPrivilege _elem187;
+ for (int _i188 = 0; _i188 < _set186.size; ++_i188)
+ {
+ _elem187 = new TSentryPrivilege();
+ _elem187.read(iprot);
+ _val184.add(_elem187);
+ }
+ iprot.readSetEnd();
+ }
+ struct.privilegesMapByAuth.put(_key183, _val184);
+ }
+ iprot.readMapEnd();
+ }
+ struct.setPrivilegesMapByAuthIsSet(true);
+ } else {
+ org.apache.thrift.protocol.TProtocolUtil.skip(iprot, schemeField.type);
+ }
+ break;
+ default:
+ org.apache.thrift.protocol.TProtocolUtil.skip(iprot, schemeField.type);
+ }
+ iprot.readFieldEnd();
+ }
+ iprot.readStructEnd();
+ struct.validate();
+ }
+
+ public void write(org.apache.thrift.protocol.TProtocol oprot, TListSentryPrivilegesByAuthUserResponse struct) throws org.apache.thrift.TException {
+ struct.validate();
+
+ oprot.writeStructBegin(STRUCT_DESC);
+ if (struct.status != null) {
+ oprot.writeFieldBegin(STATUS_FIELD_DESC);
+ struct.status.write(oprot);
+ oprot.writeFieldEnd();
+ }
+ if (struct.privilegesMapByAuth != null) {
+ oprot.writeFieldBegin(PRIVILEGES_MAP_BY_AUTH_FIELD_DESC);
+ {
+ oprot.writeMapBegin(new org.apache.thrift.protocol.TMap(org.apache.thrift.protocol.TType.STRUCT, org.apache.thrift.protocol.TType.SET, struct.privilegesMapByAuth.size()));
+ for (Map.Entry<TSentryAuthorizable, Set<TSentryPrivilege>> _iter189 : struct.privilegesMapByAuth.entrySet())
+ {
+ _iter189.getKey().write(oprot);
+ {
+ oprot.writeSetBegin(new org.apache.thrift.protocol.TSet(org.apache.thrift.protocol.TType.STRUCT, _iter189.getValue().size()));
+ for (TSentryPrivilege _iter190 : _iter189.getValue())
+ {
+ _iter190.write(oprot);
+ }
+ oprot.writeSetEnd();
+ }
+ }
+ oprot.writeMapEnd();
+ }
+ oprot.writeFieldEnd();
+ }
+ oprot.writeFieldStop();
+ oprot.writeStructEnd();
+ }
+
+ }
+
+ private static class TListSentryPrivilegesByAuthUserResponseTupleSchemeFactory implements SchemeFactory {
+ public TListSentryPrivilegesByAuthUserResponseTupleScheme getScheme() {
+ return new TListSentryPrivilegesByAuthUserResponseTupleScheme();
+ }
+ }
+
+ private static class TListSentryPrivilegesByAuthUserResponseTupleScheme extends TupleScheme<TListSentryPrivilegesByAuthUserResponse> {
+
+ @Override
+ public void write(org.apache.thrift.protocol.TProtocol prot, TListSentryPrivilegesByAuthUserResponse struct) throws org.apache.thrift.TException {
+ TTupleProtocol oprot = (TTupleProtocol) prot;
+ struct.status.write(oprot);
+ {
+ oprot.writeI32(struct.privilegesMapByAuth.size());
+ for (Map.Entry<TSentryAuthorizable, Set<TSentryPrivilege>> _iter191 : struct.privilegesMapByAuth.entrySet())
+ {
+ _iter191.getKey().write(oprot);
+ {
+ oprot.writeI32(_iter191.getValue().size());
+ for (TSentryPrivilege _iter192 : _iter191.getValue())
+ {
+ _iter192.write(oprot);
+ }
+ }
+ }
+ }
+ }
+
+ @Override
+ public void read(org.apache.thrift.protocol.TProtocol prot, TListSentryPrivilegesByAuthUserResponse struct) throws org.apache.thrift.TException {
+ TTupleProtocol iprot = (TTupleProtocol) prot;
+ struct.status = new org.apache.sentry.service.thrift.TSentryResponseStatus();
+ struct.status.read(iprot);
+ struct.setStatusIsSet(true);
+ {
+ org.apache.thrift.protocol.TMap _map193 = new org.apache.thrift.protocol.TMap(org.apache.thrift.protocol.TType.STRUCT, org.apache.thrift.protocol.TType.SET, iprot.readI32());
+ struct.privilegesMapByAuth = new HashMap<TSentryAuthorizable,Set<TSentryPrivilege>>(2*_map193.size);
+ TSentryAuthorizable _key194;
+ Set<TSentryPrivilege> _val195;
+ for (int _i196 = 0; _i196 < _map193.size; ++_i196)
+ {
+ _key194 = new TSentryAuthorizable();
+ _key194.read(iprot);
+ {
+ org.apache.thrift.protocol.TSet _set197 = new org.apache.thrift.protocol.TSet(org.apache.thrift.protocol.TType.STRUCT, iprot.readI32());
+ _val195 = new HashSet<TSentryPrivilege>(2*_set197.size);
+ TSentryPrivilege _elem198;
+ for (int _i199 = 0; _i199 < _set197.size; ++_i199)
+ {
+ _elem198 = new TSentryPrivilege();
+ _elem198.read(iprot);
+ _val195.add(_elem198);
+ }
+ }
+ struct.privilegesMapByAuth.put(_key194, _val195);
+ }
+ }
+ struct.setPrivilegesMapByAuthIsSet(true);
+ }
+ }
+
+}
+
diff --git a/sentry-service/sentry-service-api/src/main/resources/sentry_policy_service.thrift b/sentry-service/sentry-service-api/src/main/resources/sentry_policy_service.thrift
index 74837a8..953b96b 100644
--- a/sentry-service/sentry-service-api/src/main/resources/sentry_policy_service.thrift
+++ b/sentry-service/sentry-service-api/src/main/resources/sentry_policy_service.thrift
@@ -283,6 +283,19 @@ struct TListSentryPrivilegesByAuthResponse {
3: optional map<TSentryAuthorizable, TSentryPrivilegeMap> privilegesMapByAuthForUsers
}
+struct TListSentryPrivilegesByAuthUserRequest {
+1: required i32 protocol_version = sentry_common_service.TSENTRY_SERVICE_V2,
+2: required string requestorUserName, # user on whose behalf the request is issued
+3: required set<TSentryAuthorizable> authorizableSet,
+4: required string user
+}
+
+struct TListSentryPrivilegesByAuthUserResponse {
+1: required sentry_common_service.TSentryResponseStatus status,
+# Authorizable to set of privileges map
+2: required map<TSentryAuthorizable, set<TSentryPrivilege>> privilegesMapByAuth,
+}
+
# Obtain a config value from the Sentry service
struct TSentryConfigValueRequest {
1: required i32 protocol_version = sentry_common_service.TSENTRY_SERVICE_V2,
@@ -437,8 +450,14 @@ service SentryPolicyService
TRenamePrivilegesResponse rename_sentry_privilege(1:TRenamePrivilegesRequest request);
+ # List sentry privileges filterted based on a set of authorizables, that
+ # granted to the given user and the given role if present.
TListSentryPrivilegesByAuthResponse list_sentry_privileges_by_authorizable(1:TListSentryPrivilegesByAuthRequest request);
+ # List sentry privileges filterted based on a set of authorizables, that
+ # granted to the given user and the groups the user associated with.
+ TListSentryPrivilegesByAuthUserResponse list_sentry_privileges_by_authorizable_and_user(1:TListSentryPrivilegesByAuthUserRequest request);
+
TSentryConfigValueResponse get_sentry_config_value(1:TSentryConfigValueRequest request);
# export the mapping data in sentry
diff --git a/sentry-service/sentry-service-server/src/main/java/org/apache/sentry/api/service/thrift/SentryMetrics.java b/sentry-service/sentry-service-server/src/main/java/org/apache/sentry/api/service/thrift/SentryMetrics.java
index 7626e2c..01dcaac 100644
--- a/sentry-service/sentry-service-server/src/main/java/org/apache/sentry/api/service/thrift/SentryMetrics.java
+++ b/sentry-service/sentry-service-server/src/main/java/org/apache/sentry/api/service/thrift/SentryMetrics.java
@@ -119,6 +119,8 @@ public final class SentryMetrics {
name(SentryPolicyStoreProcessor.class, "list-privileges-for-provider"));
final Timer listPrivilegesByAuthorizableTimer = METRIC_REGISTRY.timer(
name(SentryPolicyStoreProcessor.class, "list-privileges-by-authorizable"));
+ final Timer listPrivilegesByAuthorizableAndUserTimer = METRIC_REGISTRY.timer(
+ name(SentryPolicyStoreProcessor.class, "list-privileges-by-authorizable-and-user"));
final Timer listRolesPrivilegesTimer = METRIC_REGISTRY.timer(
name(SentryPolicyStoreProcessor.class, "list-roles-privileges"));
final Timer listUsersPrivilegesTimer = METRIC_REGISTRY.timer(
diff --git a/sentry-service/sentry-service-server/src/main/java/org/apache/sentry/api/service/thrift/SentryPolicyStoreProcessor.java b/sentry-service/sentry-service-server/src/main/java/org/apache/sentry/api/service/thrift/SentryPolicyStoreProcessor.java
index b2731b1..b808a55 100644
--- a/sentry-service/sentry-service-server/src/main/java/org/apache/sentry/api/service/thrift/SentryPolicyStoreProcessor.java
+++ b/sentry-service/sentry-service-server/src/main/java/org/apache/sentry/api/service/thrift/SentryPolicyStoreProcessor.java
@@ -1295,6 +1295,100 @@ public class SentryPolicyStoreProcessor implements SentryPolicyService.Iface {
return response;
}
+ @Override
+ public TListSentryPrivilegesByAuthUserResponse list_sentry_privileges_by_authorizable_and_user(
+ TListSentryPrivilegesByAuthUserRequest request) throws TException {
+ final Timer.Context timerContext =
+ sentryMetrics.listPrivilegesByAuthorizableAndUserTimer.time();
+ TListSentryPrivilegesByAuthUserResponse response =
+ new TListSentryPrivilegesByAuthUserResponse();
+
+ // Sanity validation of the required fields.
+ String requestor = request.getRequestorUserName();
+ String principalName = request.getUser();
+ TSentryResponseStatus status =
+ checkRequiredParameter(requestor, "requestor parameter must not be null");
+ status = status != null ?
+ status : checkRequiredParameter(principalName, "user parameter must not be null");
+ if (status != null) {
+ response.setStatus(status);
+ return response;
+ }
+ principalName = principalName.trim();
+ Map<TSentryAuthorizable, Set<TSentryPrivilege>> authMap = Maps.newHashMap();
+
+ try {
+ validateClientVersion(request.getProtocol_version());
+
+ // To allow listing the privileges, the requestor user must be part of
+ // the admins group, or the requestor user must be the same user requesting
+ // privileges for.
+ Set<String> requestorGroups = getRequestorGroups(requestor);
+ Boolean admin = inAdminGroups(requestorGroups);
+ if(!admin && !principalName.equalsIgnoreCase(requestor)) {
+ throw new SentryAccessDeniedException("Access denied to " + requestor);
+ }
+
+ // Get the groups the user is associated with.
+ Set<String> principalGroups;
+ if (principalName.equals(requestor)) {
+ principalGroups = requestorGroups;
+ } else {
+ principalGroups = getRequestorGroups(principalName);
+ }
+ Set<String> principalUsers = new HashSet<>();
+ principalUsers.add(principalName);
+
+ // Return the privileges found that granted to the given user and the groups the
+ // user associated with per authorizable object.
+ for (TSentryAuthorizable authorizable : request.getAuthorizableSet()) {
+ Set<TSentryPrivilege> privileges = new HashSet();
+
+ // Search for privileges granted to the groups the user associated with.
+ TSentryPrivilegeMap groupMap = sentryStore.listSentryPrivilegesByAuthorizable(
+ principalGroups, null, authorizable, false);
+ if (groupMap.getPrivilegeMap() != null) {
+ for (Set<TSentryPrivilege> groupPrivilege : groupMap.getPrivilegeMap().values()) {
+ privileges.addAll(groupPrivilege);
+ }
+ }
+
+ // Search for privileges granted to the user.
+ TSentryPrivilegeMap userMap = sentryStore.listSentryPrivilegesByAuthorizableForUser(
+ principalUsers, authorizable, false);
+ if (userMap.getPrivilegeMap() != null) {
+ for (Set<TSentryPrivilege> userPrivilege : userMap.getPrivilegeMap().values()) {
+ privileges.addAll(userPrivilege);
+ }
+ }
+
+ authMap.put(authorizable, privileges);
+ }
+ response.setPrivilegesMapByAuth(authMap);
+ response.setStatus(Status.OK());
+ } catch (SentryAccessDeniedException e) {
+ LOGGER.error(e.getMessage(), e);
+ response.setStatus(Status.AccessDenied(e.getMessage(), e));
+ } catch (SentryGroupNotFoundException e) {
+ LOGGER.error(e.getMessage(), e);
+ response.setStatus(Status.AccessDenied(e.getMessage(), e));
+ } catch (SentryThriftAPIMismatchException e) {
+ LOGGER.error(e.getMessage(), e);
+ response.setStatus(Status.THRIFT_VERSION_MISMATCH(e.getMessage(), e));
+ } catch (SentryInvalidInputException e) {
+ LOGGER.error(e.getMessage(), e);
+ response.setStatus(Status.InvalidInput(e.getMessage(), e));
+ } catch (Exception e) {
+ String msg = "Unknown error for request: " + request + ", message: "
+ + e.getMessage();
+ LOGGER.error(msg, e);
+ response.setStatus(Status.RuntimeError(msg, e));
+ } finally {
+ timerContext.stop();
+ }
+ return response;
+ }
+
/**
* Respond to a request for a config value in the sentry server. The client
* can request any config value that starts with "sentry." and doesn't contain
diff --git a/sentry-service/sentry-service-server/src/test/java/org/apache/sentry/api/service/thrift/TestSentryPolicyStoreProcessor.java b/sentry-service/sentry-service-server/src/test/java/org/apache/sentry/api/service/thrift/TestSentryPolicyStoreProcessor.java
index 6f90fb4..e593870 100644
--- a/sentry-service/sentry-service-server/src/test/java/org/apache/sentry/api/service/thrift/TestSentryPolicyStoreProcessor.java
+++ b/sentry-service/sentry-service-server/src/test/java/org/apache/sentry/api/service/thrift/TestSentryPolicyStoreProcessor.java
@@ -25,9 +25,11 @@ import static org.junit.Assert.assertTrue;
import com.codahale.metrics.Gauge;
import com.google.common.collect.ImmutableMap;
+import com.google.common.collect.Maps;
import com.google.common.collect.Sets;
-import java.util.Collections;
-import java.util.Set;
+
+import java.util.*;
+
import org.apache.hadoop.hive.metastore.messaging.EventMessage;
import org.apache.hadoop.hive.metastore.messaging.EventMessage.EventType;
import org.apache.sentry.api.common.ApiConstants;
@@ -342,6 +344,127 @@ public class TestSentryPolicyStoreProcessor {
returnedResp.getPrivileges().contains(newSentryPrivilege("database", "db1", "t1", "*")));
}
+ @Test
+ public void testListPrivilegesByAuthorizableAndUser() throws Exception {
+ MockGroupMappingService.addUserGroupMapping("admin", Sets.newHashSet("admin"));
+ String user1 = "user1";
+ String g1 = "g1";
+ MockGroupMappingService.addUserGroupMapping(user1, Sets.newHashSet(g1));
+
+ Configuration conf = new Configuration();
+ conf.set(ServerConfig.SENTRY_STORE_GROUP_MAPPING,
+ "org.apache.sentry.api.service.thrift.MockGroupMappingService");
+ conf.set(ServerConfig.ADMIN_GROUPS, "admin");
+
+ SentryPolicyStoreProcessor policyStoreProcessor = new SentryPolicyStoreProcessor(
+ ApiConstants.SentryPolicyServiceConstants.SENTRY_POLICY_SERVICE_NAME,
+ conf, sentryStore);
+ TListSentryPrivilegesByAuthUserResponse returnedResp;
+ TListSentryPrivilegesByAuthUserResponse expectedResp;
+
+ // Request privileges when user is null must throw an exception that
+ // user must not be null.
+ returnedResp = policyStoreProcessor.list_sentry_privileges_by_authorizable_and_user(
+ newAuthRequest("admin", null, null));
+ expectedResp = new TListSentryPrivilegesByAuthUserResponse();
+ expectedResp.setStatus(Status.InvalidInput("user parameter must not be null",
+ new SentryInvalidInputException("user parameter must not be null")));
+ Assert.assertEquals(expectedResp.getStatus().getValue(),
+ returnedResp.getStatus().getValue());
+
+ // Prepare request for getting privileges for user1 based on the given authorizables
+ TSentryAuthorizable requestedAuthorizable = new TSentryAuthorizable();
+ requestedAuthorizable.setServer("server1");
+ requestedAuthorizable.setDb("db1");
+ Set<TSentryAuthorizable> requestedAuthorizables = new HashSet<>();
+ requestedAuthorizables.add(requestedAuthorizable);
+
+ Set<String> users = new HashSet<>();
+ users.add(user1);
+ Set<String> groups = new HashSet<>();
+ groups.add(g1);
+
+ Set<TSentryPrivilege> user1Privileges = Sets.newHashSet(
+ newSentryPrivilege("database", "db1", "t1", "*"),
+ newSentryPrivilege("database", "db1", "t2", "*"));
+ Map<String, Set<TSentryPrivilege>> user1PrivilegesMap = Maps.newTreeMap();
+ user1PrivilegesMap.put(user1, user1Privileges);
+
+ Mockito.when(sentryStore.listSentryPrivilegesByAuthorizableForUser(
+ users, requestedAuthorizable, false)).thenReturn(
+ new TSentryPrivilegeMap(user1PrivilegesMap));
+
+ Mockito.when(sentryStore.listSentryPrivilegesByAuthorizable(
+ groups, null, requestedAuthorizable, false)).thenReturn(
+ new TSentryPrivilegeMap());
+
+ // Request privileges of a user as admin
+ returnedResp = policyStoreProcessor.list_sentry_privileges_by_authorizable_and_user(
+ newAuthRequest("admin", requestedAuthorizables, user1));
+ Assert.assertEquals(1, returnedResp.getPrivilegesMapByAuthSize());
+ Assert.assertEquals(2, returnedResp.getPrivilegesMapByAuth().get(requestedAuthorizable).size());
+ Assert.assertEquals(Status.OK(), returnedResp.getStatus());
+ assertTrue("User1 should have ALL privileges in db1.t1",
+ returnedResp.getPrivilegesMapByAuth().get(requestedAuthorizable).contains(
+ newSentryPrivilege("database", "db1", "t1", "*")));
+ assertTrue("User1 should have ALL privileges in db1.t2",
+ returnedResp.getPrivilegesMapByAuth().get(requestedAuthorizable).contains(
+ newSentryPrivilege("database", "db1", "t2", "*")));
+
+ // Request privileges of a user as the same user
+ returnedResp = policyStoreProcessor.list_sentry_privileges_by_authorizable_and_user(
+ newAuthRequest(user1, requestedAuthorizables, user1));
+ Assert.assertEquals(1, returnedResp.getPrivilegesMapByAuthSize());
+ Assert.assertEquals(2, returnedResp.getPrivilegesMapByAuth().get(requestedAuthorizable).size());
+ Assert.assertEquals(Status.OK(), returnedResp.getStatus());
+ assertTrue("User1 should have ALL privileges in db1.t1",
+ returnedResp.getPrivilegesMapByAuth().get(requestedAuthorizable).contains(
+ newSentryPrivilege("database", "db1", "t1", "*")));
+ assertTrue("User1 should have ALL privileges in db1.t2",
+ returnedResp.getPrivilegesMapByAuth().get(requestedAuthorizable).contains(
+ newSentryPrivilege("database", "db1", "t2", "*")));
+
+ // Request privileges of a user as an unauthorized user
+ returnedResp = policyStoreProcessor.list_sentry_privileges_by_authorizable_and_user(
+ newAuthRequest("bad_user", requestedAuthorizables, user1));
+ Assert.assertEquals(Status.ACCESS_DENIED.getCode(), returnedResp.getStatus().getValue());
+ assertNull(returnedResp.getPrivilegesMapByAuth());
+
+ // Assign new privileges for g1 based on the given authorizables
+ Set<TSentryPrivilege> g1Privileges = Sets.newHashSet(
+ newSentryPrivilege("database", "db1", "t3", "*"));
+ Map<String, Set<TSentryPrivilege>> g1PrivilegesMap = Maps.newTreeMap();
+ g1PrivilegesMap.put(g1, g1Privileges);
+
+ Mockito.when(sentryStore.listSentryPrivilegesByAuthorizable(
+ groups, null, requestedAuthorizable, false)).thenReturn(
+ new TSentryPrivilegeMap(g1PrivilegesMap));
+ returnedResp = policyStoreProcessor.list_sentry_privileges_by_authorizable_and_user(
+ newAuthRequest(user1, requestedAuthorizables, user1));
+ Assert.assertEquals(1, returnedResp.getPrivilegesMapByAuthSize());
+ Assert.assertEquals(3, returnedResp.getPrivilegesMapByAuth().get(requestedAuthorizable).size());
+ Assert.assertEquals(Status.OK(), returnedResp.getStatus());
+ assertTrue("User1 should have ALL privileges in db1.t1",
+ returnedResp.getPrivilegesMapByAuth().get(requestedAuthorizable).contains(
+ newSentryPrivilege("database", "db1", "t1", "*")));
+ assertTrue("User1 should have ALL privileges in db1.t2",
+ returnedResp.getPrivilegesMapByAuth().get(requestedAuthorizable).contains(
+ newSentryPrivilege("database", "db1", "t2", "*")));
+ assertTrue("User1 should have ALL privileges in db1.t3",
+ returnedResp.getPrivilegesMapByAuth().get(requestedAuthorizable).contains(
+ newSentryPrivilege("database", "db1", "t3", "*")));
+ }
+
+ private TListSentryPrivilegesByAuthUserRequest newAuthRequest(
+ String requestorUser, Set<TSentryAuthorizable> authorizables, String user) {
+ TListSentryPrivilegesByAuthUserRequest request =
+ new TListSentryPrivilegesByAuthUserRequest();
+ request.setRequestorUserName(requestorUser);
+ request.setAuthorizableSet(authorizables);
+ request.setUser(user);
+ return request;
+ }
+
private TListSentryPrivilegesRequest newPrivilegesRequest(String requestorUser, String principalName, TSentryAuthorizable authorizable) {
TListSentryPrivilegesRequest request = new TListSentryPrivilegesRequest();
request.setRequestorUserName(requestorUser);