You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@sentry.apache.org by co...@apache.org on 2016/07/21 05:55:15 UTC
[21/51] [partial] sentry git commit: SENTRY-1205: Refactor the code
for sentry-provider-db and create sentry-service module(Colin Ma,
reviewed by Dapeng Sun)
http://git-wip-us.apache.org/repos/asf/sentry/blob/f1332300/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/persistent/SentryStoreSchemaInfo.java
----------------------------------------------------------------------
diff --git a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/persistent/SentryStoreSchemaInfo.java b/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/persistent/SentryStoreSchemaInfo.java
deleted file mode 100644
index 223cc87..0000000
--- a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/persistent/SentryStoreSchemaInfo.java
+++ /dev/null
@@ -1,143 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-package org.apache.sentry.provider.db.service.persistent;
-
-import java.io.BufferedReader;
-import java.io.File;
-import java.io.FileNotFoundException;
-import java.io.FileReader;
-import java.io.IOException;
-import java.util.ArrayList;
-import java.util.List;
-
-import org.apache.sentry.core.common.exception.SentryUserException;
-
-public class SentryStoreSchemaInfo {
- private static final String SQL_FILE_EXTENSION = ".sql";
- private static final String UPGRADE_FILE_PREFIX = "upgrade-";
- private static final String INIT_FILE_PREFIX = "sentry-";
- private static final String VERSION_UPGRADE_LIST = "upgrade.order";
- private final String dbType;
- private final String sentrySchemaVersions[];
- private final String sentryScriptDir;
-
- private static final String SENTRY_VERSION = "1.8.0";
-
- public SentryStoreSchemaInfo(String sentryScriptDir, String dbType)
- throws SentryUserException {
- this.sentryScriptDir = sentryScriptDir;
- this.dbType = dbType;
- // load upgrade order for the given dbType
- List<String> upgradeOrderList = new ArrayList<String>();
- String upgradeListFile = getSentryStoreScriptDir() + File.separator
- + VERSION_UPGRADE_LIST + "." + dbType;
- try (BufferedReader bfReader = new BufferedReader(new FileReader(upgradeListFile))) {
- String currSchemaVersion;
- while ((currSchemaVersion = bfReader.readLine()) != null) {
- upgradeOrderList.add(currSchemaVersion.trim());
- }
- } catch (FileNotFoundException e) {
- throw new SentryUserException("File " + upgradeListFile + " not found ", e);
- } catch (IOException e) {
- throw new SentryUserException("Error reading " + upgradeListFile, e);
- }
- sentrySchemaVersions = upgradeOrderList.toArray(new String[0]);
- }
-
- public String getSentrySchemaVersion() {
- return SENTRY_VERSION;
- }
-
- public List<String> getUpgradeScripts(String fromSchemaVer)
- throws SentryUserException {
- List<String> upgradeScriptList = new ArrayList<String>();
-
- // check if we are already at current schema level
- if (getSentryVersion().equals(fromSchemaVer)) {
- return upgradeScriptList;
- }
-
- // Find the list of scripts to execute for this upgrade
- int firstScript = sentrySchemaVersions.length;
- for (int i = 0; i < sentrySchemaVersions.length; i++) {
- String fromVersion = sentrySchemaVersions[i].split("-to-")[0];
- if (fromVersion.equals(fromSchemaVer)) {
- firstScript = i;
- break;
- }
- }
- if (firstScript == sentrySchemaVersions.length) {
- throw new SentryUserException("Unknown version specified for upgrade "
- + fromSchemaVer + " Metastore schema may be too old or newer");
- }
-
- for (int i = firstScript; i < sentrySchemaVersions.length; i++) {
- String scriptFile = generateUpgradeFileName(sentrySchemaVersions[i]);
- upgradeScriptList.add(scriptFile);
- }
- return upgradeScriptList;
- }
-
- /***
- * Get the name of the script to initialize the schema for given version
- *
- * @param toVersion
- * Target version. If it's null, then the current server version is
- * used
- * @return
- * @throws SentryUserException
- */
- public String generateInitFileName(String toVersion)
- throws SentryUserException {
- String version = toVersion;
- if (version == null) {
- version = getSentryVersion();
- }
- String initScriptName = INIT_FILE_PREFIX + dbType + "-" + version
- + SQL_FILE_EXTENSION;
- // check if the file exists
- if (!(new File(getSentryStoreScriptDir() + File.separatorChar
- + initScriptName).exists())) {
- throw new SentryUserException(
- "Unknown version specified for initialization: " + version);
- }
- return initScriptName;
- }
-
- /**
- * Find the directory of sentry store scripts
- *
- * @return
- */
- public String getSentryStoreScriptDir() {
- return sentryScriptDir;
- }
-
- // format the upgrade script name eg upgrade-x-y-dbType.sql
- private String generateUpgradeFileName(String fileVersion) {
- return INIT_FILE_PREFIX + UPGRADE_FILE_PREFIX + dbType + "-"
- + fileVersion + SQL_FILE_EXTENSION;
- }
-
- // Current hive version, in majorVersion.minorVersion.changeVersion format
- // TODO: store the version using the build script
- public static String getSentryVersion() {
- return SENTRY_VERSION;
- }
-}
http://git-wip-us.apache.org/repos/asf/sentry/blob/f1332300/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/persistent/ServiceManager.java
----------------------------------------------------------------------
diff --git a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/persistent/ServiceManager.java b/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/persistent/ServiceManager.java
deleted file mode 100644
index 9f921d4..0000000
--- a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/persistent/ServiceManager.java
+++ /dev/null
@@ -1,97 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-package org.apache.sentry.provider.db.service.persistent;
-
-import java.io.IOException;
-import java.net.InetSocketAddress;
-
-import org.apache.curator.x.discovery.ServiceDiscovery;
-import org.apache.curator.x.discovery.ServiceDiscoveryBuilder;
-import org.apache.curator.x.discovery.ServiceInstance;
-import org.apache.curator.x.discovery.ServiceProvider;
-import org.apache.curator.x.discovery.details.InstanceSerializer;
-import org.apache.hadoop.net.NetUtils;
-import org.slf4j.Logger;
-import org.slf4j.LoggerFactory;
-
-/***
- * ServerManager handles registration of the Sentry service for Curator service
- * discovery. Each server registers with ZK and add its host:port details which
- * is used by the clients to discover available servers
- */
-public class ServiceManager {
- private static final Logger LOGGER = LoggerFactory
- .getLogger(ServiceManager.class);
- private HAContext haContext;
- private ServiceProvider<Void> serviceProvider;
- private ServiceDiscovery<Void> serviceDiscovery;
-
- public ServiceManager(HAContext haContext) throws IOException {
- this.haContext = haContext;
- init();
- }
-
- private void init() throws IOException {
- try {
- haContext.startCuratorFramework();
- InstanceSerializer<Void> instanceSerializer = new FixedJsonInstanceSerializer<Void>(Void.class);
- serviceDiscovery = ServiceDiscoveryBuilder.<Void>builder(Void.class)
- .basePath(HAContext.SENTRY_SERVICE_REGISTER_NAMESPACE)
- .serializer(instanceSerializer)
- .client(haContext.getCuratorFramework())
- .build();
- serviceDiscovery.start();
- serviceProvider = serviceDiscovery
- .serviceProviderBuilder()
- .serviceName(HAContext.SENTRY_SERVICE_REGISTER_NAMESPACE)
- .build();
- serviceProvider.start();
- } catch (Exception e) {
- throw new IOException(e);
- }
- }
-
- public ServiceInstance<Void> getServiceInstance() throws IOException {
- ServiceInstance<Void> service;
- try {
- service = serviceProvider.getInstance();
- return service;
- } catch (Exception e) {
- throw new IOException(e);
- }
- }
-
- public void reportError(ServiceInstance<Void> instance) {
- serviceProvider.noteError(instance);
- }
-
- public static InetSocketAddress convertServiceInstance(ServiceInstance<?> service) {
- return NetUtils.createSocketAddr(service.getAddress(),service.getPort());
- }
-
- public void close() {
- try {
- serviceProvider.close();
- serviceDiscovery.close();
- LOGGER.debug("Closed ZK resources");
- } catch (IOException e) {
- LOGGER.warn("Error closing the service manager", e);
- }
- }
-}
http://git-wip-us.apache.org/repos/asf/sentry/blob/f1332300/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/persistent/ServiceRegister.java
----------------------------------------------------------------------
diff --git a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/persistent/ServiceRegister.java b/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/persistent/ServiceRegister.java
deleted file mode 100644
index 79dfe48..0000000
--- a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/persistent/ServiceRegister.java
+++ /dev/null
@@ -1,52 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-package org.apache.sentry.provider.db.service.persistent;
-
-import org.apache.curator.x.discovery.ServiceDiscoveryBuilder;
-import org.apache.curator.x.discovery.ServiceInstance;
-import org.apache.curator.x.discovery.details.InstanceSerializer;
-
-public class ServiceRegister {
-
- private HAContext haContext;
-
- public ServiceRegister(HAContext haContext) {
- this.haContext = haContext;
- }
-
- public void regService(String host, int port) throws Exception {
-
- haContext.startCuratorFramework();
- ServiceInstance<Void> serviceInstance = ServiceInstance.<Void>builder()
- .address(host)
- .port(port)
- .name(HAContext.SENTRY_SERVICE_REGISTER_NAMESPACE)
- .build();
-
- InstanceSerializer<Void> instanceSerializer = new FixedJsonInstanceSerializer<Void>(Void.class);
- ServiceDiscoveryBuilder.builder(Void.class)
- .basePath(HAContext.SENTRY_SERVICE_REGISTER_NAMESPACE)
- .client(haContext.getCuratorFramework())
- .serializer(instanceSerializer)
- .thisInstance(serviceInstance)
- .build()
- .start();
- }
-
-}
http://git-wip-us.apache.org/repos/asf/sentry/blob/f1332300/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/thrift/ConfServlet.java
----------------------------------------------------------------------
diff --git a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/thrift/ConfServlet.java b/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/thrift/ConfServlet.java
deleted file mode 100644
index 9e7fca8..0000000
--- a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/thrift/ConfServlet.java
+++ /dev/null
@@ -1,69 +0,0 @@
-package org.apache.sentry.provider.db.service.thrift;
-
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-import java.io.IOException;
-import java.io.Writer;
-
-import javax.servlet.ServletException;
-import javax.servlet.http.HttpServlet;
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
-
-import org.apache.hadoop.conf.Configuration;
-
-/**
- * Servlet to print out all sentry configuration.
- */
-public class ConfServlet extends HttpServlet {
- public static final String CONF_CONTEXT_ATTRIBUTE = "sentry.conf";
- public static final String FORMAT_JSON = "json";
- public static final String FORMAT_XML = "xml";
- public static final String FORMAT_PARAM = "format";
- private static final long serialVersionUID = 1L;
-
- @Override
- public void doGet(HttpServletRequest request, HttpServletResponse response)
- throws ServletException, IOException {
- String format = request.getParameter(FORMAT_PARAM);
- if (format == null) {
- format = FORMAT_XML;
- }
-
- if (FORMAT_XML.equals(format)) {
- response.setContentType("text/xml; charset=utf-8");
- } else if (FORMAT_JSON.equals(format)) {
- response.setContentType("application/json; charset=utf-8");
- }
-
- Configuration conf = (Configuration)getServletContext().getAttribute(
- CONF_CONTEXT_ATTRIBUTE);
- assert conf != null;
-
- Writer out = response.getWriter();
- if (FORMAT_JSON.equals(format)) {
- Configuration.dumpConfiguration(conf, out);
- } else if (FORMAT_XML.equals(format)) {
- conf.writeXml(out);
- } else {
- response.sendError(HttpServletResponse.SC_BAD_REQUEST, "Bad format: " + format);
- }
- out.close();
- }
-}
http://git-wip-us.apache.org/repos/asf/sentry/blob/f1332300/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/thrift/NotificationHandler.java
----------------------------------------------------------------------
diff --git a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/thrift/NotificationHandler.java b/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/thrift/NotificationHandler.java
deleted file mode 100644
index b1a4b7f..0000000
--- a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/thrift/NotificationHandler.java
+++ /dev/null
@@ -1,79 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-package org.apache.sentry.provider.db.service.thrift;
-
-import org.apache.hadoop.conf.Configuration;
-import org.apache.sentry.provider.db.service.persistent.CommitContext;
-
-/**
- * Users wishing to be notified when a metadata changing event occurs
- * should extend this abstract class. All methods which modify the underlying
- * metadata in SentryPolicyStoreProcessor will have a corresponding method
- * on this class. Each method will contain a copy of the request and response
- * object. Therefore any change to the request or response object will be ignored.
- * Additionally each method will be passed a CommitContext.
- *
- * Sub-classes should be thread-safe.
- */
-public abstract class NotificationHandler {
-
- private final Configuration config;
-
- public NotificationHandler(Configuration config) throws Exception {
- this.config = config;
- }
-
- protected Configuration getConf() {
- return config;
- }
-
- public void create_sentry_role(CommitContext context,
- TCreateSentryRoleRequest request, TCreateSentryRoleResponse response) {
- }
-
- public void drop_sentry_role(CommitContext context, TDropSentryRoleRequest request,
- TDropSentryRoleResponse response) {
- }
-
- public void alter_sentry_role_grant_privilege(CommitContext context, TAlterSentryRoleGrantPrivilegeRequest request,
- TAlterSentryRoleGrantPrivilegeResponse response) {
- }
-
- public void alter_sentry_role_revoke_privilege(CommitContext context, TAlterSentryRoleRevokePrivilegeRequest request,
- TAlterSentryRoleRevokePrivilegeResponse response) {
- }
-
- public void alter_sentry_role_add_groups(CommitContext context,
- TAlterSentryRoleAddGroupsRequest request,
- TAlterSentryRoleAddGroupsResponse response) {
- }
-
- public void alter_sentry_role_delete_groups(
- CommitContext context, TAlterSentryRoleDeleteGroupsRequest request,
- TAlterSentryRoleDeleteGroupsResponse response) {
- }
-
- public void alter_sentry_role_add_users(CommitContext context,
- TAlterSentryRoleAddUsersRequest request, TAlterSentryRoleAddUsersResponse response) {
- }
-
- public void alter_sentry_role_delete_users(CommitContext context,
- TAlterSentryRoleDeleteUsersRequest request, TAlterSentryRoleDeleteUsersResponse response) {
- }
-}
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/sentry/blob/f1332300/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/thrift/NotificationHandlerInvoker.java
----------------------------------------------------------------------
diff --git a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/thrift/NotificationHandlerInvoker.java b/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/thrift/NotificationHandlerInvoker.java
deleted file mode 100644
index 856ef9a..0000000
--- a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/thrift/NotificationHandlerInvoker.java
+++ /dev/null
@@ -1,176 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-package org.apache.sentry.provider.db.service.thrift;
-
-import java.util.List;
-
-import org.apache.hadoop.conf.Configuration;
-import org.apache.sentry.provider.db.service.persistent.CommitContext;
-import org.slf4j.Logger;
-import org.slf4j.LoggerFactory;
-
-import com.google.common.collect.ImmutableList;
-
-/**
- * Invokes configured instances of NotificationHandler. Importantly
- * NotificationHandler's each receive a copy of the request and
- * response thrift objects from each successful request.
- */
-public class NotificationHandlerInvoker extends NotificationHandler {
- private static final Logger LOGGER = LoggerFactory.getLogger(NotificationHandlerInvoker.class);
-
- private final ImmutableList<NotificationHandler> handlers;
-
- public NotificationHandlerInvoker(Configuration conf, NotificationHandler handler)
- throws Exception {
- this(conf, ImmutableList.of(handler));
- }
-
- public NotificationHandlerInvoker(Configuration conf, List<NotificationHandler> handlers)
- throws Exception {
- super(conf);
- this.handlers = ImmutableList.copyOf(handlers);
- }
-
- @Override
- public void create_sentry_role(CommitContext context,
- TCreateSentryRoleRequest request, TCreateSentryRoleResponse response) {
- for (NotificationHandler handler : handlers) {
- try {
- LOGGER.debug("Calling " + handler);
- handler.create_sentry_role(context, new TCreateSentryRoleRequest(request),
- new TCreateSentryRoleResponse(response));
- } catch (Exception ex) {
- LOGGER.error("Unexpected error in " + handler + ". Request: "
- + request + ", Response: " + response, ex);
- }
- }
- }
-
- @Override
- public void drop_sentry_role(CommitContext context, TDropSentryRoleRequest request,
- TDropSentryRoleResponse response) {
- for (NotificationHandler handler : handlers) {
- try {
- LOGGER.debug("Calling " + handler);
- handler.drop_sentry_role(context, new TDropSentryRoleRequest(request),
- new TDropSentryRoleResponse(response));
- } catch (Exception ex) {
- LOGGER.error("Unexpected error in " + handler + ". Request: "
- + request + ", Response: " + response, ex);
- }
- }
- }
-
- @Override
- public void alter_sentry_role_grant_privilege(CommitContext context,
- TAlterSentryRoleGrantPrivilegeRequest request,
- TAlterSentryRoleGrantPrivilegeResponse response) {
- for (NotificationHandler handler : handlers) {
- try {
- LOGGER.debug("Calling " + handler);
- handler.alter_sentry_role_grant_privilege(context,
- new TAlterSentryRoleGrantPrivilegeRequest(request),
- new TAlterSentryRoleGrantPrivilegeResponse(response));
- } catch (Exception ex) {
- LOGGER.error("Unexpected error in " + handler + ". Request: "
- + request + ", Response: " + response, ex);
- }
- }
- }
-
- @Override
- public void alter_sentry_role_revoke_privilege(CommitContext context,
- TAlterSentryRoleRevokePrivilegeRequest request,
- TAlterSentryRoleRevokePrivilegeResponse response) {
- for (NotificationHandler handler : handlers) {
- try {
- LOGGER.debug("Calling " + handler);
- handler.alter_sentry_role_revoke_privilege(context,
- new TAlterSentryRoleRevokePrivilegeRequest(request),
- new TAlterSentryRoleRevokePrivilegeResponse(response));
- } catch (Exception ex) {
- LOGGER.error("Unexpected error in " + handler + ". Request: "
- + request + ", Response: " + response, ex);
- }
- }
- }
-
- @Override
- public void alter_sentry_role_add_groups(CommitContext context,
- TAlterSentryRoleAddGroupsRequest request,
- TAlterSentryRoleAddGroupsResponse response) {
- for (NotificationHandler handler : handlers) {
- try {
- LOGGER.debug("Calling " + handler);
- handler.alter_sentry_role_add_groups(context, new TAlterSentryRoleAddGroupsRequest(request),
- new TAlterSentryRoleAddGroupsResponse(response));
- } catch (Exception ex) {
- LOGGER.error("Unexpected error in " + handler + ". Request: "
- + request + ", Response: " + response, ex);
- }
- }
- }
-
- @Override
- public void alter_sentry_role_delete_groups(
- CommitContext context, TAlterSentryRoleDeleteGroupsRequest request,
- TAlterSentryRoleDeleteGroupsResponse response) {
- for (NotificationHandler handler : handlers) {
- try {
- LOGGER.debug("Calling " + handler);
- handler.alter_sentry_role_delete_groups(context, new TAlterSentryRoleDeleteGroupsRequest(request),
- new TAlterSentryRoleDeleteGroupsResponse(response));
- } catch (Exception ex) {
- LOGGER.error("Unexpected error in " + handler + ". Request: "
- + request + ", Response: " + response, ex);
- }
- }
- }
-
- @Override
- public void alter_sentry_role_add_users(CommitContext context,
- TAlterSentryRoleAddUsersRequest request, TAlterSentryRoleAddUsersResponse response) {
- for (NotificationHandler handler : handlers) {
- try {
- LOGGER.debug("Calling " + handler);
- handler.alter_sentry_role_add_users(context, new TAlterSentryRoleAddUsersRequest(request),
- new TAlterSentryRoleAddUsersResponse(response));
- } catch (Exception ex) {
- LOGGER.error("Unexpected error in " + handler + ". Request: " + request + ", Response: "
- + response, ex);
- }
- }
- }
-
- @Override
- public void alter_sentry_role_delete_users(CommitContext context,
- TAlterSentryRoleDeleteUsersRequest request, TAlterSentryRoleDeleteUsersResponse response) {
- for (NotificationHandler handler : handlers) {
- try {
- LOGGER.debug("Calling " + handler);
- handler.alter_sentry_role_delete_users(context, new TAlterSentryRoleDeleteUsersRequest(
- request), new TAlterSentryRoleDeleteUsersResponse(response));
- } catch (Exception ex) {
- LOGGER.error("Unexpected error in " + handler + ". Request: " + request + ", Response: "
- + response, ex);
- }
- }
- }
-}
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/sentry/blob/f1332300/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/thrift/PolicyStoreConstants.java
----------------------------------------------------------------------
diff --git a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/thrift/PolicyStoreConstants.java b/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/thrift/PolicyStoreConstants.java
deleted file mode 100644
index 8cf1c1a..0000000
--- a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/thrift/PolicyStoreConstants.java
+++ /dev/null
@@ -1,32 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package org.apache.sentry.provider.db.service.thrift;
-
-public final class PolicyStoreConstants {
- public static final String SENTRY_GENERIC_POLICY_NOTIFICATION = "sentry.generic.policy.notification";
- public static final String SENTRY_GENERIC_POLICY_STORE = "sentry.generic.policy.store";
- public static final String SENTRY_GENERIC_POLICY_STORE_DEFAULT =
- "org.apache.sentry.provider.db.generic.service.persistent.DelegateSentryStore";
- public static class PolicyStoreServerConfig {
- public static final String NOTIFICATION_HANDLERS = "sentry.policy.store.notification.handlers";
- }
-
- private PolicyStoreConstants() {
- // Make constructor private to avoid instantiation
- }
-}
http://git-wip-us.apache.org/repos/asf/sentry/blob/f1332300/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/thrift/SentryAuthFilter.java
----------------------------------------------------------------------
diff --git a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/thrift/SentryAuthFilter.java b/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/thrift/SentryAuthFilter.java
deleted file mode 100644
index c1cfc1b..0000000
--- a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/thrift/SentryAuthFilter.java
+++ /dev/null
@@ -1,92 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package org.apache.sentry.provider.db.service.thrift;
-
-import java.io.IOException;
-import java.util.Enumeration;
-import java.util.Properties;
-import java.util.Set;
-
-import javax.servlet.FilterChain;
-import javax.servlet.FilterConfig;
-import javax.servlet.ServletException;
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
-
-import org.apache.hadoop.security.authentication.server.AuthenticationFilter;
-import org.apache.hadoop.util.StringUtils;
-import org.apache.sentry.service.thrift.ServiceConstants.ServerConfig;
-import org.slf4j.Logger;
-import org.slf4j.LoggerFactory;
-
-import com.google.common.collect.Sets;
-
-/**
- * SentryAuthFilter is a subclass of AuthenticationFilter,
- * add authorization: Only allowed users could connect the web server.
- */
-public class SentryAuthFilter extends AuthenticationFilter {
-
- private static final Logger LOG = LoggerFactory.getLogger(SentryAuthFilter.class);
-
- public static final String ALLOW_WEB_CONNECT_USERS = ServerConfig.SENTRY_WEB_SECURITY_ALLOW_CONNECT_USERS;
-
- private Set<String> allowUsers;
-
- @Override
- protected void doFilter(FilterChain filterChain, HttpServletRequest request,
- HttpServletResponse response) throws IOException, ServletException {
- String userName = request.getRemoteUser();
- LOG.debug("Authenticating user: " + userName + " from request.");
- if (!allowUsers.contains(userName)) {
- response.sendError(HttpServletResponse.SC_FORBIDDEN,
- "Unauthorized user status code: " + HttpServletResponse.SC_FORBIDDEN);
- throw new ServletException(userName + " is unauthorized. status code: " + HttpServletResponse.SC_FORBIDDEN);
- }
- super.doFilter(filterChain, request, response);
- }
-
- /**
- * Override <code>getConfiguration<code> to get <code>ALLOW_WEB_CONNECT_USERS<code>.
- */
- @Override
- protected Properties getConfiguration(String configPrefix, FilterConfig filterConfig) throws ServletException {
- Properties props = new Properties();
- Enumeration<?> names = filterConfig.getInitParameterNames();
- while (names.hasMoreElements()) {
- String name = (String) names.nextElement();
- if (name.startsWith(configPrefix)) {
- String value = filterConfig.getInitParameter(name);
- if (ALLOW_WEB_CONNECT_USERS.equals(name)) {
- allowUsers = parseConnectUsersFromConf(value);
- } else {
- props.put(name.substring(configPrefix.length()), value);
- }
- }
- }
- return props;
- }
-
- private static Set<String> parseConnectUsersFromConf(String value) {
- String lcValue = value;
- if (lcValue != null) {
- lcValue = lcValue.toLowerCase();
- }
- return Sets.newHashSet(StringUtils.getStrings(lcValue));
- }
-}
http://git-wip-us.apache.org/repos/asf/sentry/blob/f1332300/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/thrift/SentryHealthCheckServletContextListener.java
----------------------------------------------------------------------
diff --git a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/thrift/SentryHealthCheckServletContextListener.java b/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/thrift/SentryHealthCheckServletContextListener.java
deleted file mode 100644
index 8822c2e..0000000
--- a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/thrift/SentryHealthCheckServletContextListener.java
+++ /dev/null
@@ -1,35 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package org.apache.sentry.provider.db.service.thrift;
-
-import com.codahale.metrics.health.HealthCheckRegistry;
-import com.codahale.metrics.servlets.HealthCheckServlet;
-
-/**
- * Use this class's registry to register health checks: Can be some tests which make sure Sentry service is healthy
- */
-public class SentryHealthCheckServletContextListener extends HealthCheckServlet.ContextListener {
-
- //This is just a place holder for health check registry, with out this AdminServlet throws out an error
- public static final HealthCheckRegistry HEALTH_CHECK_REGISTRY = new HealthCheckRegistry();
-
- @Override
- protected HealthCheckRegistry getHealthCheckRegistry() {
- return HEALTH_CHECK_REGISTRY;
- }
-}
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/sentry/blob/f1332300/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/thrift/SentryMetrics.java
----------------------------------------------------------------------
diff --git a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/thrift/SentryMetrics.java b/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/thrift/SentryMetrics.java
deleted file mode 100644
index c6d4d02..0000000
--- a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/thrift/SentryMetrics.java
+++ /dev/null
@@ -1,162 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package org.apache.sentry.provider.db.service.thrift;
-
-import com.codahale.metrics.ConsoleReporter;
-import com.codahale.metrics.Counter;
-import com.codahale.metrics.Gauge;
-import com.codahale.metrics.Histogram;
-import com.codahale.metrics.JmxReporter;
-import com.codahale.metrics.Metric;
-import com.codahale.metrics.MetricRegistry;
-import com.codahale.metrics.MetricSet;
-import com.codahale.metrics.Timer;
-import com.codahale.metrics.jvm.BufferPoolMetricSet;
-import com.codahale.metrics.jvm.GarbageCollectorMetricSet;
-import com.codahale.metrics.jvm.MemoryUsageGaugeSet;
-import com.codahale.metrics.jvm.ThreadStatesGaugeSet;
-import org.apache.sentry.provider.db.service.persistent.SentryStore;
-
-import java.lang.management.ManagementFactory;
-import java.util.Map;
-import java.util.concurrent.TimeUnit;
-
-/**
- * A singleton class which holds metrics related utility functions as well as the list of metrics
- */
-public final class SentryMetrics {
- private static SentryMetrics sentryMetrics = null;
- private boolean reportingInitialized = false;
- private boolean gaugesAdded = false;
-
- public final Timer createRoleTimer = SentryMetricsServletContextListener.METRIC_REGISTRY.timer(
- MetricRegistry.name(SentryPolicyStoreProcessor.class, "create-role"));
- public final Timer dropRoleTimer = SentryMetricsServletContextListener.METRIC_REGISTRY.timer(
- MetricRegistry.name(SentryPolicyStoreProcessor.class, "drop-role"));
- public final Timer grantRoleTimer = SentryMetricsServletContextListener.METRIC_REGISTRY.timer(
- MetricRegistry.name(SentryPolicyStoreProcessor.class, "grant-role"));
- public final Timer revokeRoleTimer = SentryMetricsServletContextListener.METRIC_REGISTRY.timer(
- MetricRegistry.name(SentryPolicyStoreProcessor.class, "revoke-role"));
- public final Timer grantTimer = SentryMetricsServletContextListener.METRIC_REGISTRY.timer(
- MetricRegistry.name(SentryPolicyStoreProcessor.class, "grant-privilege"));
- public final Timer revokeTimer = SentryMetricsServletContextListener.METRIC_REGISTRY.timer(
- MetricRegistry.name(SentryPolicyStoreProcessor.class, "revoke-privilege"));
-
- public final Timer dropPrivilegeTimer = SentryMetricsServletContextListener.METRIC_REGISTRY.timer(
- MetricRegistry.name(SentryPolicyStoreProcessor.class, "drop-privilege"));
- public final Timer renamePrivilegeTimer = SentryMetricsServletContextListener.METRIC_REGISTRY.timer(
- MetricRegistry.name(SentryPolicyStoreProcessor.class, "rename-privilege"));
-
- public final Timer listRolesByGroupTimer = SentryMetricsServletContextListener.METRIC_REGISTRY.timer(
- MetricRegistry.name(SentryPolicyStoreProcessor.class, "list-roles-by-group"));
- public final Timer listPrivilegesByRoleTimer = SentryMetricsServletContextListener.METRIC_REGISTRY.timer(
- MetricRegistry.name(SentryPolicyStoreProcessor.class, "list-privileges-by-role"));
- public final Timer listPrivilegesForProviderTimer = SentryMetricsServletContextListener.METRIC_REGISTRY.timer(
- MetricRegistry.name(SentryPolicyStoreProcessor.class, "list-privileges-for-provider"));
- public final Timer listPrivilegesByAuthorizableTimer = SentryMetricsServletContextListener.METRIC_REGISTRY.timer(
- MetricRegistry.name(SentryPolicyStoreProcessor.class, "list-privileges-by-authorizable"));
-
- /**
- * Return a Timer with name.
- */
- public Timer getTimer(String name) {
- return SentryMetricsServletContextListener.METRIC_REGISTRY.timer(name);
- }
-
- /**
- * Return a Histogram with name.
- */
- public Histogram getHistogram(String name) {
- return SentryMetricsServletContextListener.METRIC_REGISTRY.histogram(name);
- }
-
- /**
- * Return a Counter with name.
- */
- public Counter getCounter(String name) {
- return SentryMetricsServletContextListener.METRIC_REGISTRY.counter(name);
- }
-
- private SentryMetrics() {
- registerMetricSet("gc", new GarbageCollectorMetricSet(), SentryMetricsServletContextListener.METRIC_REGISTRY);
- registerMetricSet("buffers", new BufferPoolMetricSet(ManagementFactory.getPlatformMBeanServer()),
- SentryMetricsServletContextListener.METRIC_REGISTRY);
- registerMetricSet("memory", new MemoryUsageGaugeSet(), SentryMetricsServletContextListener.METRIC_REGISTRY);
- registerMetricSet("threads", new ThreadStatesGaugeSet(), SentryMetricsServletContextListener.METRIC_REGISTRY);
- }
-
- public static synchronized SentryMetrics getInstance() {
- if (sentryMetrics == null) {
- sentryMetrics = new SentryMetrics();
- }
- return sentryMetrics;
- }
-
- public void addSentryStoreGauges(SentryStore sentryStore) {
- if(!gaugesAdded) {
- addGauge(SentryStore.class, "role_count", sentryStore.getRoleCountGauge());
- addGauge(SentryStore.class, "privilege_count", sentryStore.getPrivilegeCountGauge());
- addGauge(SentryStore.class, "group_count", sentryStore.getGroupCountGauge());
- gaugesAdded = true;
- }
- }
-
-
- /* Should be only called once to initialize the reporters
- */
- public synchronized void initReporting(Reporting reporting) {
- if(!reportingInitialized) {
- switch(reporting) {
- case CONSOLE:
- final ConsoleReporter consoleReporter = ConsoleReporter.forRegistry(SentryMetricsServletContextListener.METRIC_REGISTRY)
- .convertRatesTo(TimeUnit.SECONDS)
- .convertDurationsTo(TimeUnit.MILLISECONDS)
- .build();
- consoleReporter.start(1, TimeUnit.SECONDS);
- break;
- case JMX:
- final JmxReporter jmxReporter = JmxReporter.forRegistry(SentryMetricsServletContextListener.METRIC_REGISTRY)
- .convertRatesTo(TimeUnit.SECONDS)
- .convertDurationsTo(TimeUnit.MILLISECONDS)
- .build();
- jmxReporter.start();
- break;
- }
- }
- }
-
- private <T, V> void addGauge(Class<T> tClass, String gaugeName, Gauge<V> gauge) {
- SentryMetricsServletContextListener.METRIC_REGISTRY.register(
- MetricRegistry.name(tClass, gaugeName), gauge);
- }
-
- private void registerMetricSet(String prefix, MetricSet metricSet, MetricRegistry registry) {
- for (Map.Entry<String, Metric> entry : metricSet.getMetrics().entrySet()) {
- if (entry.getValue() instanceof MetricSet) {
- registerMetricSet(prefix + "." + entry.getKey(), (MetricSet) entry.getValue(), registry);
- } else {
- registry.register(prefix + "." + entry.getKey(), entry.getValue());
- }
- }
- }
-
- public enum Reporting {
- JMX,
- CONSOLE;
- }
-}
http://git-wip-us.apache.org/repos/asf/sentry/blob/f1332300/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/thrift/SentryMetricsServletContextListener.java
----------------------------------------------------------------------
diff --git a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/thrift/SentryMetricsServletContextListener.java b/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/thrift/SentryMetricsServletContextListener.java
deleted file mode 100644
index 6692197..0000000
--- a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/thrift/SentryMetricsServletContextListener.java
+++ /dev/null
@@ -1,32 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package org.apache.sentry.provider.db.service.thrift;
-
-import com.codahale.metrics.MetricRegistry;
-import com.codahale.metrics.servlets.MetricsServlet;
-
-public class SentryMetricsServletContextListener extends MetricsServlet.ContextListener {
-
- public static final MetricRegistry METRIC_REGISTRY = new MetricRegistry();
-
- @Override
- protected MetricRegistry getMetricRegistry() {
- return METRIC_REGISTRY;
- }
-
-}
http://git-wip-us.apache.org/repos/asf/sentry/blob/f1332300/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/thrift/SentryPolicyServiceClient.java
----------------------------------------------------------------------
diff --git a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/thrift/SentryPolicyServiceClient.java b/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/thrift/SentryPolicyServiceClient.java
deleted file mode 100644
index c2b03e5..0000000
--- a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/thrift/SentryPolicyServiceClient.java
+++ /dev/null
@@ -1,220 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-package org.apache.sentry.provider.db.service.thrift;
-
-import java.util.List;
-import java.util.Map;
-import java.util.Set;
-
-import org.apache.sentry.core.common.exception.SentryUserException;
-import org.apache.sentry.core.common.ActiveRoleSet;
-import org.apache.sentry.core.common.Authorizable;
-
-public interface SentryPolicyServiceClient {
-
- void createRole(String requestorUserName, String roleName) throws SentryUserException;
-
- void dropRole(String requestorUserName, String roleName) throws SentryUserException;
-
- void dropRoleIfExists(String requestorUserName, String roleName)
- throws SentryUserException;
-
- Set<TSentryRole> listRolesByUserName(String requestorUserName, String userName)
- throws SentryUserException;
-
- Set<TSentryRole> listRolesByGroupName(String requestorUserName, String groupName)
- throws SentryUserException;
-
- Set<TSentryPrivilege> listAllPrivilegesByRoleName(String requestorUserName, String roleName)
- throws SentryUserException;
-
- /**
- * Gets sentry privilege objects for a given roleName using the Sentry service
- *
- * @param requestorUserName : user on whose behalf the request is issued
- * @param roleName : roleName to look up
- * @param authorizable : authorizable Hierarchy (server->db->table etc)
- * @return Set of thrift sentry privilege objects
- * @throws SentryUserException
- */
- Set<TSentryPrivilege> listPrivilegesByRoleName(String requestorUserName, String roleName,
- List<? extends Authorizable> authorizable) throws SentryUserException;
-
- Set<TSentryRole> listRoles(String requestorUserName) throws SentryUserException;
-
- Set<TSentryRole> listUserRoles(String requestorUserName) throws SentryUserException;
-
- TSentryPrivilege grantURIPrivilege(String requestorUserName, String roleName,
- String server, String uri) throws SentryUserException;
-
- TSentryPrivilege grantURIPrivilege(String requestorUserName, String roleName,
- String server, String uri, Boolean grantOption) throws SentryUserException;
-
- void grantServerPrivilege(String requestorUserName, String roleName, String server,
- String action) throws SentryUserException;
-
- TSentryPrivilege grantServerPrivilege(String requestorUserName, String roleName,
- String server, Boolean grantOption) throws SentryUserException;
-
- TSentryPrivilege grantServerPrivilege(String requestorUserName, String roleName,
- String server, String action, Boolean grantOption) throws SentryUserException;
-
- TSentryPrivilege grantDatabasePrivilege(String requestorUserName, String roleName,
- String server, String db, String action) throws SentryUserException;
-
- TSentryPrivilege grantDatabasePrivilege(String requestorUserName, String roleName,
- String server, String db, String action, Boolean grantOption) throws SentryUserException;
-
- TSentryPrivilege grantTablePrivilege(String requestorUserName, String roleName,
- String server, String db, String table, String action) throws SentryUserException;
-
- TSentryPrivilege grantTablePrivilege(String requestorUserName, String roleName,
- String server, String db, String table, String action, Boolean grantOption)
- throws SentryUserException;
-
- TSentryPrivilege grantColumnPrivilege(String requestorUserName, String roleName,
- String server, String db, String table, String columnName, String action)
- throws SentryUserException;
-
- TSentryPrivilege grantColumnPrivilege(String requestorUserName, String roleName,
- String server, String db, String table, String columnName, String action, Boolean grantOption)
- throws SentryUserException;
-
- Set<TSentryPrivilege> grantColumnsPrivileges(String requestorUserName, String roleName,
- String server, String db, String table, List<String> columnNames, String action)
- throws SentryUserException;
-
- Set<TSentryPrivilege> grantColumnsPrivileges(String requestorUserName, String roleName,
- String server, String db, String table, List<String> columnNames, String action,
- Boolean grantOption) throws SentryUserException;
-
- Set<TSentryPrivilege> grantPrivileges(String requestorUserName, String
- roleName, Set<TSentryPrivilege> privileges) throws SentryUserException;
-
- TSentryPrivilege grantPrivilege(String requestorUserName, String roleName,
- TSentryPrivilege privilege) throws
- SentryUserException;
-
- void revokeURIPrivilege(String requestorUserName, String roleName, String server,
- String uri) throws SentryUserException;
-
- void revokeURIPrivilege(String requestorUserName, String roleName, String server,
- String uri, Boolean grantOption) throws SentryUserException;
-
- void revokeServerPrivilege(String requestorUserName, String roleName, String server,
- String action) throws SentryUserException;
-
- void revokeServerPrivilege(String requestorUserName, String roleName, String server,
- String action, Boolean grantOption) throws SentryUserException;
-
- void revokeServerPrivilege(String requestorUserName, String roleName, String server,
- boolean grantOption) throws SentryUserException;
-
- void revokeDatabasePrivilege(String requestorUserName, String roleName, String server,
- String db, String action) throws SentryUserException;
-
- void revokeDatabasePrivilege(String requestorUserName, String roleName, String server,
- String db, String action, Boolean grantOption) throws SentryUserException;
-
- void revokeTablePrivilege(String requestorUserName, String roleName, String server,
- String db, String table, String action) throws SentryUserException;
-
- void revokeTablePrivilege(String requestorUserName, String roleName, String server,
- String db, String table, String action, Boolean grantOption) throws SentryUserException;
-
- void revokeColumnPrivilege(String requestorUserName, String roleName, String server,
- String db, String table, String columnName, String action) throws SentryUserException;
-
- void revokeColumnPrivilege(String requestorUserName, String roleName, String server,
- String db, String table, String columnName, String action, Boolean grantOption)
- throws SentryUserException;
-
- void revokeColumnsPrivilege(String requestorUserName, String roleName, String server,
- String db, String table, List<String> columns, String action) throws SentryUserException;
-
- void revokeColumnsPrivilege(String requestorUserName, String roleName, String server,
- String db, String table, List<String> columns, String action, Boolean grantOption)
- throws SentryUserException;
-
- void revokePrivileges(String requestorUserName, String roleName, Set<TSentryPrivilege> privileges)
- throws SentryUserException;
-
- void revokePrivilege(String requestorUserName, String roleName, TSentryPrivilege privilege)
- throws SentryUserException;
-
- Set<String> listPrivilegesForProvider(Set<String> groups, Set<String> users,
- ActiveRoleSet roleSet, Authorizable... authorizable) throws SentryUserException;
-
- void grantRoleToGroup(String requestorUserName, String groupName, String roleName)
- throws SentryUserException;
-
- void revokeRoleFromGroup(String requestorUserName, String groupName, String roleName)
- throws SentryUserException;
-
- void grantRoleToGroups(String requestorUserName, String roleName, Set<String> groups)
- throws SentryUserException;
-
- void revokeRoleFromGroups(String requestorUserName, String roleName, Set<String> groups)
- throws SentryUserException;
-
- void grantRoleToUser(String requestorUserName, String userName, String roleName)
- throws SentryUserException;
-
- void revokeRoleFromUser(String requestorUserName, String userName, String roleName)
- throws SentryUserException;
-
- void grantRoleToUsers(String requestorUserName, String roleName, Set<String> users)
- throws SentryUserException;
-
- void revokeRoleFromUsers(String requestorUserName, String roleName, Set<String> users)
- throws SentryUserException;
-
- void dropPrivileges(String requestorUserName,
- List<? extends Authorizable> authorizableObjects) throws SentryUserException;
-
- void renamePrivileges(String requestorUserName,
- List<? extends Authorizable> oldAuthorizables, List<? extends Authorizable> newAuthorizables)
- throws SentryUserException;
-
- Map<TSentryAuthorizable, TSentryPrivilegeMap> listPrivilegsbyAuthorizable(
- String requestorUserName, Set<List<? extends Authorizable>> authorizables,
- Set<String> groups, ActiveRoleSet roleSet) throws SentryUserException;
-
- /**
- * Returns the configuration value in the sentry server associated with propertyName, or if
- * propertyName does not exist, the defaultValue. There is no "requestorUserName" because this is
- * regarded as an internal interface.
- *
- * @param propertyName Config attribute to search for
- * @param defaultValue String to return if not found
- * @return The value of the propertyName
- * @throws SentryUserException
- */
- String getConfigValue(String propertyName, String defaultValue) throws SentryUserException;
-
- void close();
-
- // Import the sentry mapping data with map structure
- void importPolicy(Map<String, Map<String, Set<String>>> policyFileMappingData,
- String requestorUserName, boolean isOverwriteRole) throws SentryUserException;
-
- // export the sentry mapping data with map structure
- Map<String, Map<String, Set<String>>> exportPolicy(String requestorUserName, String objectPath)
- throws SentryUserException;
-}