You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@sentry.apache.org by pr...@apache.org on 2014/09/17 08:03:41 UTC
[1/3] SENTRY-380: Clean up some grantorPrincipal semantics (Sravya
Tirukkovalur via Prasad Mujumdar)
Repository: incubator-sentry
Updated Branches:
refs/heads/master fd704487d -> b8f0622ff
http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/dbcdb6d6/sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/dbprovider/TestDatabaseProvider.java
----------------------------------------------------------------------
diff --git a/sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/dbprovider/TestDatabaseProvider.java b/sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/dbprovider/TestDatabaseProvider.java
index 2865a6f..38fa69e 100644
--- a/sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/dbprovider/TestDatabaseProvider.java
+++ b/sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/dbprovider/TestDatabaseProvider.java
@@ -985,7 +985,7 @@ public class TestDatabaseProvider extends AbstractTestWithStaticConfiguration {
assertThat(resultSet.getBoolean(8), is(new Boolean("False")));//grantOption
//Create time is not tested
//assertThat(resultSet.getLong(9), is(new Long(0)));
- assertThat(resultSet.getString(10), equalToIgnoringCase(ADMIN1));//grantor
+ assertThat(resultSet.getString(10), equalToIgnoringCase("--"));//grantor
}
statement.execute("REVOKE ALL ON SERVER server1 from role role1");
@@ -1007,7 +1007,7 @@ public class TestDatabaseProvider extends AbstractTestWithStaticConfiguration {
assertThat(resultSet.getBoolean(8), is(new Boolean("False")));//grantOption
//Create time is not tested
//assertThat(resultSet.getLong(9), is(new Long(0)));
- assertThat(resultSet.getString(10), equalToIgnoringCase(ADMIN1));//grantor
+ assertThat(resultSet.getString(10), equalToIgnoringCase("--"));//grantor
}
statement.execute("REVOKE ALL ON DATABASE default from role role1");
@@ -1029,7 +1029,7 @@ public class TestDatabaseProvider extends AbstractTestWithStaticConfiguration {
assertThat(resultSet.getBoolean(8), is(new Boolean("False")));//grantOption
//Create time is not tested
//assertThat(resultSet.getLong(9), is(new Long(0)));
- assertThat(resultSet.getString(10), equalToIgnoringCase(ADMIN1));//grantor
+ assertThat(resultSet.getString(10), equalToIgnoringCase("--"));//grantor
}
statement.execute("REVOKE ALL ON URI 'file:///path' from role role1");
resultSet = statement.executeQuery("SHOW GRANT ROLE role1");
@@ -1050,7 +1050,7 @@ public class TestDatabaseProvider extends AbstractTestWithStaticConfiguration {
assertThat(resultSet.getBoolean(8), is(new Boolean("False")));//grantOption
//Create time is not tested
//assertThat(resultSet.getLong(9), is(new Long(0)));
- assertThat(resultSet.getString(10), equalToIgnoringCase(ADMIN1));//grantor
+ assertThat(resultSet.getString(10), equalToIgnoringCase("--"));//grantor
}
statement.execute("REVOKE ALL ON TABLE tab1 from role role1");
@@ -1072,7 +1072,7 @@ public class TestDatabaseProvider extends AbstractTestWithStaticConfiguration {
assertThat(resultSet.getBoolean(8), is(new Boolean("False")));//grantOption
//Create time is not tested
//assertThat(resultSet.getLong(9), is(new Long(0)));
- assertThat(resultSet.getString(10), equalToIgnoringCase(ADMIN1));//grantor
+ assertThat(resultSet.getString(10), equalToIgnoringCase("--"));//grantor
}
statement.execute("REVOKE INSERT ON TABLE tab1 from role role1");
@@ -1094,7 +1094,7 @@ public class TestDatabaseProvider extends AbstractTestWithStaticConfiguration {
assertThat(resultSet.getBoolean(8), is(new Boolean("False")));//grantOption
//Create time is not tested
//assertThat(resultSet.getLong(9), is(new Long(0)));
- assertThat(resultSet.getString(10), equalToIgnoringCase(ADMIN1));//grantor
+ assertThat(resultSet.getString(10), equalToIgnoringCase("--"));//grantor
}
statement.execute("REVOKE SELECT ON TABLE tab1 from role role1");
@@ -1119,7 +1119,7 @@ public class TestDatabaseProvider extends AbstractTestWithStaticConfiguration {
assertThat(resultSet.getBoolean(8), is(new Boolean("False")));//grantOption
//Create time is not tested
//assertThat(resultSet.getLong(9), is(new Long(0)));
- assertThat(resultSet.getString(10), equalToIgnoringCase(ADMIN1));//grantor
+ assertThat(resultSet.getString(10), equalToIgnoringCase("--"));//grantor
}
//Revoke Partial privilege on table by admin
@@ -1140,7 +1140,7 @@ public class TestDatabaseProvider extends AbstractTestWithStaticConfiguration {
assertThat(resultSet.getBoolean(8), is(new Boolean("False")));//grantOption
//Create time is not tested
//assertThat(resultSet.getLong(9), is(new Long(0)));
- assertThat(resultSet.getString(10), equalToIgnoringCase(ADMIN1));//grantor
+ assertThat(resultSet.getString(10), equalToIgnoringCase("--"));//grantor
}
statement.close();
@@ -1363,7 +1363,7 @@ public class TestDatabaseProvider extends AbstractTestWithStaticConfiguration {
assertThat(resultSet.getBoolean(2), is(new Boolean("False")));
//Create time is not tested
//assertThat(resultSet.getLong(3), is(new Long(0)));
- assertThat(resultSet.getString(4), equalToIgnoringCase(ADMIN1));
+ assertThat(resultSet.getString(4), equalToIgnoringCase("--"));
}
statement.close();
connection.close();
@@ -1479,7 +1479,7 @@ public class TestDatabaseProvider extends AbstractTestWithStaticConfiguration {
assertThat(resultSet.getBoolean(8), is(new Boolean("False")));//grantOption
//Create time is not tested
//assertThat(resultSet.getLong(9), is(new Long(0)));
- assertThat(resultSet.getString(10), equalToIgnoringCase(ADMIN1));//grantor
+ assertThat(resultSet.getString(10), equalToIgnoringCase("--"));//grantor
}
statement.close();
connection.close();
@@ -1520,7 +1520,7 @@ public class TestDatabaseProvider extends AbstractTestWithStaticConfiguration {
assertThat(resultSet.getBoolean(8), is(new Boolean("False")));//grantOption
//Create time is not tested
//assertThat(resultSet.getLong(9), is(new Long(0)));
- assertThat(resultSet.getString(10), equalToIgnoringCase(ADMIN1));//grantor
+ assertThat(resultSet.getString(10), equalToIgnoringCase("--"));//grantor
}
assertThat(rowCount, is(1));
//On table - negative
@@ -1560,7 +1560,7 @@ public class TestDatabaseProvider extends AbstractTestWithStaticConfiguration {
assertThat(resultSet.getBoolean(8), is(new Boolean("False")));//grantOption
//Create time is not tested
//assertThat(resultSet.getLong(9), is(new Long(0)));
- assertThat(resultSet.getString(10), equalToIgnoringCase(ADMIN1));//grantor
+ assertThat(resultSet.getString(10), equalToIgnoringCase("--"));//grantor
}
//On Database - positive
@@ -1576,7 +1576,7 @@ public class TestDatabaseProvider extends AbstractTestWithStaticConfiguration {
assertThat(resultSet.getBoolean(8), is(new Boolean("False")));//grantOption
//Create time is not tested
//assertThat(resultSet.getLong(9), is(new Long(0)));
- assertThat(resultSet.getString(10), equalToIgnoringCase(ADMIN1));//grantor
+ assertThat(resultSet.getString(10), equalToIgnoringCase("--"));//grantor
}
//On Database - negative
@@ -1614,7 +1614,7 @@ public class TestDatabaseProvider extends AbstractTestWithStaticConfiguration {
assertThat(resultSet.getBoolean(8), is(new Boolean("False")));//grantOption
//Create time is not tested
//assertThat(resultSet.getLong(9), is(new Long(0)));
- assertThat(resultSet.getString(10), equalToIgnoringCase(ADMIN1));//grantor
+ assertThat(resultSet.getString(10), equalToIgnoringCase("--"));//grantor
}
//On Database - postive
@@ -1630,7 +1630,7 @@ public class TestDatabaseProvider extends AbstractTestWithStaticConfiguration {
assertThat(resultSet.getBoolean(8), is(new Boolean("False")));//grantOption
//Create time is not tested
//assertThat(resultSet.getLong(9), is(new Long(0)));
- assertThat(resultSet.getString(10), equalToIgnoringCase(ADMIN1));//grantor
+ assertThat(resultSet.getString(10), equalToIgnoringCase("--"));//grantor
}
statement.close();
@@ -1662,7 +1662,7 @@ public class TestDatabaseProvider extends AbstractTestWithStaticConfiguration {
assertThat(resultSet.getBoolean(8), is(new Boolean("False")));//grantOption
//Create time is not tested
//assertThat(resultSet.getLong(9), is(new Long(0)));
- assertThat(resultSet.getString(10), equalToIgnoringCase(ADMIN1));//grantor
+ assertThat(resultSet.getString(10), equalToIgnoringCase("--"));//grantor
}
statement.close();
connection.close();
@@ -1796,7 +1796,7 @@ public class TestDatabaseProvider extends AbstractTestWithStaticConfiguration {
assertThat(resultSet.getBoolean(8), is(new Boolean("False")));//grantOption
//Create time is not tested
//assertThat(resultSet.getLong(9), is(new Long(0)));
- assertThat(resultSet.getString(10), equalToIgnoringCase(ADMIN1));//grantor
+ assertThat(resultSet.getString(10), equalToIgnoringCase("--"));//grantor
}
statement.close();
connection.close();
http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/dbcdb6d6/sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/hive/TestMovingToProduction.java
----------------------------------------------------------------------
diff --git a/sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/hive/TestMovingToProduction.java b/sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/hive/TestMovingToProduction.java
index 6fad40d..a6edf03 100644
--- a/sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/hive/TestMovingToProduction.java
+++ b/sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/hive/TestMovingToProduction.java
@@ -38,7 +38,7 @@ public class TestMovingToProduction extends AbstractTestWithStaticConfiguration
@Before
- public void setUp() throws Exception {
+ public void setup() throws Exception {
File dataFile = new File(dataDir, SINGLE_TYPE_DATA_FILE_NAME);
FileOutputStream to = new FileOutputStream(dataFile);
Resources.copy(Resources.getResource(SINGLE_TYPE_DATA_FILE_NAME), to);
http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/dbcdb6d6/sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/hive/TestPolicyImport.java
----------------------------------------------------------------------
diff --git a/sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/hive/TestPolicyImport.java b/sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/hive/TestPolicyImport.java
index c238361..a67556b 100644
--- a/sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/hive/TestPolicyImport.java
+++ b/sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/hive/TestPolicyImport.java
@@ -126,7 +126,6 @@ public class TestPolicyImport extends AbstractTestWithStaticConfiguration {
Set<TSentryPrivilege> actualPrivileges = client.listAllPrivilegesByRoleName("hive", role);
for (TSentryPrivilege privilege : actualPrivileges) {
privilege.unsetCreateTime();
- privilege.unsetGrantorPrincipal();
}
assertEquals("Expected privileges don't match.", expectedPrivileges, actualPrivileges);
[3/3] git commit: SENTRY-443: Show roles regressed after Sentry-417.
(Sravya Tirukkovalur via Prasad Mujumdar)
Posted by pr...@apache.org.
SENTRY-443: Show roles regressed after Sentry-417. (Sravya Tirukkovalur via Prasad Mujumdar)
Project: http://git-wip-us.apache.org/repos/asf/incubator-sentry/repo
Commit: http://git-wip-us.apache.org/repos/asf/incubator-sentry/commit/b8f0622f
Tree: http://git-wip-us.apache.org/repos/asf/incubator-sentry/tree/b8f0622f
Diff: http://git-wip-us.apache.org/repos/asf/incubator-sentry/diff/b8f0622f
Branch: refs/heads/master
Commit: b8f0622ff6a73af2b4764f43165e105442965d3b
Parents: dbcdb6d
Author: Prasad Mujumdar <pr...@cloudera.com>
Authored: Tue Sep 16 23:03:24 2014 -0700
Committer: Prasad Mujumdar <pr...@cloudera.com>
Committed: Tue Sep 16 23:03:24 2014 -0700
----------------------------------------------------------------------
.../db/service/thrift/SentryPolicyStoreProcessor.java | 13 ++++++++-----
1 file changed, 8 insertions(+), 5 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/b8f0622f/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/thrift/SentryPolicyStoreProcessor.java
----------------------------------------------------------------------
diff --git a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/thrift/SentryPolicyStoreProcessor.java b/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/thrift/SentryPolicyStoreProcessor.java
index 5b829a8..b05d71b 100644
--- a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/thrift/SentryPolicyStoreProcessor.java
+++ b/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/thrift/SentryPolicyStoreProcessor.java
@@ -344,11 +344,14 @@ public class SentryPolicyStoreProcessor implements SentryPolicyService.Iface {
if (AccessConstants.ALL.equalsIgnoreCase(request.getGroupName())) {
checkAllGroups = true;
} else {
- if (!inAdminGroups(groups)) {
- // non-admin can only list roles for their own group
- if (!groups.contains(request.getGroupName())) {
- throw new SentryAccessDeniedException("Access denied to " + subject);
- }
+ boolean admin = inAdminGroups(groups);
+ //Only admin users can list all roles in the system ( groupname = null)
+ //Non admin users are only allowed to list only groups which they belong to
+ if(!admin && (request.getGroupName() == null || !groups.contains(request.getGroupName()))) {
+ throw new SentryAccessDeniedException("Access denied to " + subject);
+ }else {
+ groups.clear();
+ groups.add(request.getGroupName());
}
}
roleSet = sentryStore.getTSentryRolesByGroupName(groups, checkAllGroups);
[2/3] git commit: SENTRY-380: Clean up some grantorPrincipal
semantics (Sravya Tirukkovalur via Prasad Mujumdar)
Posted by pr...@apache.org.
SENTRY-380: Clean up some grantorPrincipal semantics (Sravya Tirukkovalur via Prasad Mujumdar)
Project: http://git-wip-us.apache.org/repos/asf/incubator-sentry/repo
Commit: http://git-wip-us.apache.org/repos/asf/incubator-sentry/commit/dbcdb6d6
Tree: http://git-wip-us.apache.org/repos/asf/incubator-sentry/tree/dbcdb6d6
Diff: http://git-wip-us.apache.org/repos/asf/incubator-sentry/diff/dbcdb6d6
Branch: refs/heads/master
Commit: dbcdb6d6430fd5cde17df1cf3bd0f805795da2d7
Parents: fd70448
Author: Prasad Mujumdar <pr...@cloudera.com>
Authored: Tue Sep 16 23:00:33 2014 -0700
Committer: Prasad Mujumdar <pr...@cloudera.com>
Committed: Tue Sep 16 23:00:33 2014 -0700
----------------------------------------------------------------------
.../hive/ql/exec/SentryGrantRevokeTask.java | 4 +-
.../db/service/thrift/TSentryPrivilege.java | 122 +--------------
.../provider/db/service/thrift/TSentryRole.java | 105 +------------
.../provider/db/service/model/MSentryGroup.java | 16 +-
.../db/service/model/MSentryPrivilege.java | 11 +-
.../provider/db/service/model/MSentryRole.java | 15 +-
.../provider/db/service/model/package.jdo | 11 +-
.../db/service/persistent/SentryStore.java | 44 ++----
.../thrift/SentryPolicyServiceClient.java | 2 -
.../thrift/SentryPolicyStoreProcessor.java | 13 +-
.../src/main/resources/sentry-db2-1.5.0.sql | 9 +-
.../src/main/resources/sentry-derby-1.5.0.sql | 9 +-
.../src/main/resources/sentry-mysql-1.5.0.sql | 15 +-
.../src/main/resources/sentry-oracle-1.5.0.sql | 13 +-
.../main/resources/sentry-postgres-1.5.0.sql | 13 +-
.../main/resources/sentry_policy_service.thrift | 5 +-
.../db/service/persistent/TestSentryStore.java | 155 ++++++++-----------
.../e2e/dbprovider/TestDatabaseProvider.java | 34 ++--
.../tests/e2e/hive/TestMovingToProduction.java | 2 +-
.../sentry/tests/e2e/hive/TestPolicyImport.java | 1 -
20 files changed, 151 insertions(+), 448 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/dbcdb6d6/sentry-binding/sentry-binding-hive/src/main/java/org/apache/hadoop/hive/ql/exec/SentryGrantRevokeTask.java
----------------------------------------------------------------------
diff --git a/sentry-binding/sentry-binding-hive/src/main/java/org/apache/hadoop/hive/ql/exec/SentryGrantRevokeTask.java b/sentry-binding/sentry-binding-hive/src/main/java/org/apache/hadoop/hive/ql/exec/SentryGrantRevokeTask.java
index 4f34de6..4126341 100644
--- a/sentry-binding/sentry-binding-hive/src/main/java/org/apache/hadoop/hive/ql/exec/SentryGrantRevokeTask.java
+++ b/sentry-binding/sentry-binding-hive/src/main/java/org/apache/hadoop/hive/ql/exec/SentryGrantRevokeTask.java
@@ -425,7 +425,7 @@ public class SentryGrantRevokeTask extends Task<DDLWork> implements Serializable
appendNonNull(builder, privilege.getAction());
appendNonNull(builder, false);//isGrantOption()
appendNonNull(builder, privilege.getCreateTime() * 1000L);
- appendNonNull(builder, privilege.getGrantorPrincipal());
+ appendNonNull(builder, "--");
}
LOG.info("builder.toString(): " + builder.toString());
return builder.toString();
@@ -440,7 +440,7 @@ public class SentryGrantRevokeTask extends Task<DDLWork> implements Serializable
appendNonNull(builder, roleGrant.getRoleName(), true);
appendNonNull(builder, false);//isGrantOption()
appendNonNull(builder, null);//roleGrant.getGrantTime() * 1000L
- appendNonNull(builder, roleGrant.getGrantorPrincipal());
+ appendNonNull(builder, "--");
}
return builder.toString();
}
http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/dbcdb6d6/sentry-provider/sentry-provider-db/src/gen/thrift/gen-javabean/org/apache/sentry/provider/db/service/thrift/TSentryPrivilege.java
----------------------------------------------------------------------
diff --git a/sentry-provider/sentry-provider-db/src/gen/thrift/gen-javabean/org/apache/sentry/provider/db/service/thrift/TSentryPrivilege.java b/sentry-provider/sentry-provider-db/src/gen/thrift/gen-javabean/org/apache/sentry/provider/db/service/thrift/TSentryPrivilege.java
index 54b6204..dbe96ff 100644
--- a/sentry-provider/sentry-provider-db/src/gen/thrift/gen-javabean/org/apache/sentry/provider/db/service/thrift/TSentryPrivilege.java
+++ b/sentry-provider/sentry-provider-db/src/gen/thrift/gen-javabean/org/apache/sentry/provider/db/service/thrift/TSentryPrivilege.java
@@ -41,8 +41,7 @@ public class TSentryPrivilege implements org.apache.thrift.TBase<TSentryPrivileg
private static final org.apache.thrift.protocol.TField URI_FIELD_DESC = new org.apache.thrift.protocol.TField("URI", org.apache.thrift.protocol.TType.STRING, (short)6);
private static final org.apache.thrift.protocol.TField ACTION_FIELD_DESC = new org.apache.thrift.protocol.TField("action", org.apache.thrift.protocol.TType.STRING, (short)7);
private static final org.apache.thrift.protocol.TField CREATE_TIME_FIELD_DESC = new org.apache.thrift.protocol.TField("createTime", org.apache.thrift.protocol.TType.I64, (short)8);
- private static final org.apache.thrift.protocol.TField GRANTOR_PRINCIPAL_FIELD_DESC = new org.apache.thrift.protocol.TField("grantorPrincipal", org.apache.thrift.protocol.TType.STRING, (short)9);
- private static final org.apache.thrift.protocol.TField GRANT_OPTION_FIELD_DESC = new org.apache.thrift.protocol.TField("grantOption", org.apache.thrift.protocol.TType.I32, (short)10);
+ private static final org.apache.thrift.protocol.TField GRANT_OPTION_FIELD_DESC = new org.apache.thrift.protocol.TField("grantOption", org.apache.thrift.protocol.TType.I32, (short)9);
private static final Map<Class<? extends IScheme>, SchemeFactory> schemes = new HashMap<Class<? extends IScheme>, SchemeFactory>();
static {
@@ -57,7 +56,6 @@ public class TSentryPrivilege implements org.apache.thrift.TBase<TSentryPrivileg
private String URI; // optional
private String action; // required
private long createTime; // optional
- private String grantorPrincipal; // optional
private TSentryGrantOption grantOption; // optional
/** The set of fields this struct contains, along with convenience methods for finding and manipulating them. */
@@ -69,12 +67,11 @@ public class TSentryPrivilege implements org.apache.thrift.TBase<TSentryPrivileg
URI((short)6, "URI"),
ACTION((short)7, "action"),
CREATE_TIME((short)8, "createTime"),
- GRANTOR_PRINCIPAL((short)9, "grantorPrincipal"),
/**
*
* @see TSentryGrantOption
*/
- GRANT_OPTION((short)10, "grantOption");
+ GRANT_OPTION((short)9, "grantOption");
private static final Map<String, _Fields> byName = new HashMap<String, _Fields>();
@@ -103,9 +100,7 @@ public class TSentryPrivilege implements org.apache.thrift.TBase<TSentryPrivileg
return ACTION;
case 8: // CREATE_TIME
return CREATE_TIME;
- case 9: // GRANTOR_PRINCIPAL
- return GRANTOR_PRINCIPAL;
- case 10: // GRANT_OPTION
+ case 9: // GRANT_OPTION
return GRANT_OPTION;
default:
return null;
@@ -149,7 +144,7 @@ public class TSentryPrivilege implements org.apache.thrift.TBase<TSentryPrivileg
// isset id assignments
private static final int __CREATETIME_ISSET_ID = 0;
private byte __isset_bitfield = 0;
- private _Fields optionals[] = {_Fields.DB_NAME,_Fields.TABLE_NAME,_Fields.URI,_Fields.CREATE_TIME,_Fields.GRANTOR_PRINCIPAL,_Fields.GRANT_OPTION};
+ private _Fields optionals[] = {_Fields.DB_NAME,_Fields.TABLE_NAME,_Fields.URI,_Fields.CREATE_TIME,_Fields.GRANT_OPTION};
public static final Map<_Fields, org.apache.thrift.meta_data.FieldMetaData> metaDataMap;
static {
Map<_Fields, org.apache.thrift.meta_data.FieldMetaData> tmpMap = new EnumMap<_Fields, org.apache.thrift.meta_data.FieldMetaData>(_Fields.class);
@@ -167,8 +162,6 @@ public class TSentryPrivilege implements org.apache.thrift.TBase<TSentryPrivileg
new org.apache.thrift.meta_data.FieldValueMetaData(org.apache.thrift.protocol.TType.STRING)));
tmpMap.put(_Fields.CREATE_TIME, new org.apache.thrift.meta_data.FieldMetaData("createTime", org.apache.thrift.TFieldRequirementType.OPTIONAL,
new org.apache.thrift.meta_data.FieldValueMetaData(org.apache.thrift.protocol.TType.I64)));
- tmpMap.put(_Fields.GRANTOR_PRINCIPAL, new org.apache.thrift.meta_data.FieldMetaData("grantorPrincipal", org.apache.thrift.TFieldRequirementType.OPTIONAL,
- new org.apache.thrift.meta_data.FieldValueMetaData(org.apache.thrift.protocol.TType.STRING)));
tmpMap.put(_Fields.GRANT_OPTION, new org.apache.thrift.meta_data.FieldMetaData("grantOption", org.apache.thrift.TFieldRequirementType.OPTIONAL,
new org.apache.thrift.meta_data.EnumMetaData(org.apache.thrift.protocol.TType.ENUM, TSentryGrantOption.class)));
metaDataMap = Collections.unmodifiableMap(tmpMap);
@@ -223,9 +216,6 @@ public class TSentryPrivilege implements org.apache.thrift.TBase<TSentryPrivileg
this.action = other.action;
}
this.createTime = other.createTime;
- if (other.isSetGrantorPrincipal()) {
- this.grantorPrincipal = other.grantorPrincipal;
- }
if (other.isSetGrantOption()) {
this.grantOption = other.grantOption;
}
@@ -249,7 +239,6 @@ public class TSentryPrivilege implements org.apache.thrift.TBase<TSentryPrivileg
setCreateTimeIsSet(false);
this.createTime = 0;
- this.grantorPrincipal = null;
this.grantOption = org.apache.sentry.provider.db.service.thrift.TSentryGrantOption.FALSE;
}
@@ -414,29 +403,6 @@ public class TSentryPrivilege implements org.apache.thrift.TBase<TSentryPrivileg
__isset_bitfield = EncodingUtils.setBit(__isset_bitfield, __CREATETIME_ISSET_ID, value);
}
- public String getGrantorPrincipal() {
- return this.grantorPrincipal;
- }
-
- public void setGrantorPrincipal(String grantorPrincipal) {
- this.grantorPrincipal = grantorPrincipal;
- }
-
- public void unsetGrantorPrincipal() {
- this.grantorPrincipal = null;
- }
-
- /** Returns true if field grantorPrincipal is set (has been assigned a value) and false otherwise */
- public boolean isSetGrantorPrincipal() {
- return this.grantorPrincipal != null;
- }
-
- public void setGrantorPrincipalIsSet(boolean value) {
- if (!value) {
- this.grantorPrincipal = null;
- }
- }
-
/**
*
* @see TSentryGrantOption
@@ -526,14 +492,6 @@ public class TSentryPrivilege implements org.apache.thrift.TBase<TSentryPrivileg
}
break;
- case GRANTOR_PRINCIPAL:
- if (value == null) {
- unsetGrantorPrincipal();
- } else {
- setGrantorPrincipal((String)value);
- }
- break;
-
case GRANT_OPTION:
if (value == null) {
unsetGrantOption();
@@ -568,9 +526,6 @@ public class TSentryPrivilege implements org.apache.thrift.TBase<TSentryPrivileg
case CREATE_TIME:
return Long.valueOf(getCreateTime());
- case GRANTOR_PRINCIPAL:
- return getGrantorPrincipal();
-
case GRANT_OPTION:
return getGrantOption();
@@ -599,8 +554,6 @@ public class TSentryPrivilege implements org.apache.thrift.TBase<TSentryPrivileg
return isSetAction();
case CREATE_TIME:
return isSetCreateTime();
- case GRANTOR_PRINCIPAL:
- return isSetGrantorPrincipal();
case GRANT_OPTION:
return isSetGrantOption();
}
@@ -683,15 +636,6 @@ public class TSentryPrivilege implements org.apache.thrift.TBase<TSentryPrivileg
return false;
}
- boolean this_present_grantorPrincipal = true && this.isSetGrantorPrincipal();
- boolean that_present_grantorPrincipal = true && that.isSetGrantorPrincipal();
- if (this_present_grantorPrincipal || that_present_grantorPrincipal) {
- if (!(this_present_grantorPrincipal && that_present_grantorPrincipal))
- return false;
- if (!this.grantorPrincipal.equals(that.grantorPrincipal))
- return false;
- }
-
boolean this_present_grantOption = true && this.isSetGrantOption();
boolean that_present_grantOption = true && that.isSetGrantOption();
if (this_present_grantOption || that_present_grantOption) {
@@ -743,11 +687,6 @@ public class TSentryPrivilege implements org.apache.thrift.TBase<TSentryPrivileg
if (present_createTime)
builder.append(createTime);
- boolean present_grantorPrincipal = true && (isSetGrantorPrincipal());
- builder.append(present_grantorPrincipal);
- if (present_grantorPrincipal)
- builder.append(grantorPrincipal);
-
boolean present_grantOption = true && (isSetGrantOption());
builder.append(present_grantOption);
if (present_grantOption)
@@ -834,16 +773,6 @@ public class TSentryPrivilege implements org.apache.thrift.TBase<TSentryPrivileg
return lastComparison;
}
}
- lastComparison = Boolean.valueOf(isSetGrantorPrincipal()).compareTo(typedOther.isSetGrantorPrincipal());
- if (lastComparison != 0) {
- return lastComparison;
- }
- if (isSetGrantorPrincipal()) {
- lastComparison = org.apache.thrift.TBaseHelper.compareTo(this.grantorPrincipal, typedOther.grantorPrincipal);
- if (lastComparison != 0) {
- return lastComparison;
- }
- }
lastComparison = Boolean.valueOf(isSetGrantOption()).compareTo(typedOther.isSetGrantOption());
if (lastComparison != 0) {
return lastComparison;
@@ -933,16 +862,6 @@ public class TSentryPrivilege implements org.apache.thrift.TBase<TSentryPrivileg
sb.append(this.createTime);
first = false;
}
- if (isSetGrantorPrincipal()) {
- if (!first) sb.append(", ");
- sb.append("grantorPrincipal:");
- if (this.grantorPrincipal == null) {
- sb.append("null");
- } else {
- sb.append(this.grantorPrincipal);
- }
- first = false;
- }
if (isSetGrantOption()) {
if (!first) sb.append(", ");
sb.append("grantOption:");
@@ -1066,15 +985,7 @@ public class TSentryPrivilege implements org.apache.thrift.TBase<TSentryPrivileg
org.apache.thrift.protocol.TProtocolUtil.skip(iprot, schemeField.type);
}
break;
- case 9: // GRANTOR_PRINCIPAL
- if (schemeField.type == org.apache.thrift.protocol.TType.STRING) {
- struct.grantorPrincipal = iprot.readString();
- struct.setGrantorPrincipalIsSet(true);
- } else {
- org.apache.thrift.protocol.TProtocolUtil.skip(iprot, schemeField.type);
- }
- break;
- case 10: // GRANT_OPTION
+ case 9: // GRANT_OPTION
if (schemeField.type == org.apache.thrift.protocol.TType.I32) {
struct.grantOption = TSentryGrantOption.findByValue(iprot.readI32());
struct.setGrantOptionIsSet(true);
@@ -1136,13 +1047,6 @@ public class TSentryPrivilege implements org.apache.thrift.TBase<TSentryPrivileg
oprot.writeI64(struct.createTime);
oprot.writeFieldEnd();
}
- if (struct.grantorPrincipal != null) {
- if (struct.isSetGrantorPrincipal()) {
- oprot.writeFieldBegin(GRANTOR_PRINCIPAL_FIELD_DESC);
- oprot.writeString(struct.grantorPrincipal);
- oprot.writeFieldEnd();
- }
- }
if (struct.grantOption != null) {
if (struct.isSetGrantOption()) {
oprot.writeFieldBegin(GRANT_OPTION_FIELD_DESC);
@@ -1183,13 +1087,10 @@ public class TSentryPrivilege implements org.apache.thrift.TBase<TSentryPrivileg
if (struct.isSetCreateTime()) {
optionals.set(3);
}
- if (struct.isSetGrantorPrincipal()) {
- optionals.set(4);
- }
if (struct.isSetGrantOption()) {
- optionals.set(5);
+ optionals.set(4);
}
- oprot.writeBitSet(optionals, 6);
+ oprot.writeBitSet(optionals, 5);
if (struct.isSetDbName()) {
oprot.writeString(struct.dbName);
}
@@ -1202,9 +1103,6 @@ public class TSentryPrivilege implements org.apache.thrift.TBase<TSentryPrivileg
if (struct.isSetCreateTime()) {
oprot.writeI64(struct.createTime);
}
- if (struct.isSetGrantorPrincipal()) {
- oprot.writeString(struct.grantorPrincipal);
- }
if (struct.isSetGrantOption()) {
oprot.writeI32(struct.grantOption.getValue());
}
@@ -1219,7 +1117,7 @@ public class TSentryPrivilege implements org.apache.thrift.TBase<TSentryPrivileg
struct.setServerNameIsSet(true);
struct.action = iprot.readString();
struct.setActionIsSet(true);
- BitSet incoming = iprot.readBitSet(6);
+ BitSet incoming = iprot.readBitSet(5);
if (incoming.get(0)) {
struct.dbName = iprot.readString();
struct.setDbNameIsSet(true);
@@ -1237,10 +1135,6 @@ public class TSentryPrivilege implements org.apache.thrift.TBase<TSentryPrivileg
struct.setCreateTimeIsSet(true);
}
if (incoming.get(4)) {
- struct.grantorPrincipal = iprot.readString();
- struct.setGrantorPrincipalIsSet(true);
- }
- if (incoming.get(5)) {
struct.grantOption = TSentryGrantOption.findByValue(iprot.readI32());
struct.setGrantOptionIsSet(true);
}
http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/dbcdb6d6/sentry-provider/sentry-provider-db/src/gen/thrift/gen-javabean/org/apache/sentry/provider/db/service/thrift/TSentryRole.java
----------------------------------------------------------------------
diff --git a/sentry-provider/sentry-provider-db/src/gen/thrift/gen-javabean/org/apache/sentry/provider/db/service/thrift/TSentryRole.java b/sentry-provider/sentry-provider-db/src/gen/thrift/gen-javabean/org/apache/sentry/provider/db/service/thrift/TSentryRole.java
index f43a6d5..cc7973f 100644
--- a/sentry-provider/sentry-provider-db/src/gen/thrift/gen-javabean/org/apache/sentry/provider/db/service/thrift/TSentryRole.java
+++ b/sentry-provider/sentry-provider-db/src/gen/thrift/gen-javabean/org/apache/sentry/provider/db/service/thrift/TSentryRole.java
@@ -36,7 +36,6 @@ public class TSentryRole implements org.apache.thrift.TBase<TSentryRole, TSentry
private static final org.apache.thrift.protocol.TField ROLE_NAME_FIELD_DESC = new org.apache.thrift.protocol.TField("roleName", org.apache.thrift.protocol.TType.STRING, (short)1);
private static final org.apache.thrift.protocol.TField GROUPS_FIELD_DESC = new org.apache.thrift.protocol.TField("groups", org.apache.thrift.protocol.TType.SET, (short)2);
- private static final org.apache.thrift.protocol.TField GRANTOR_PRINCIPAL_FIELD_DESC = new org.apache.thrift.protocol.TField("grantorPrincipal", org.apache.thrift.protocol.TType.STRING, (short)3);
private static final Map<Class<? extends IScheme>, SchemeFactory> schemes = new HashMap<Class<? extends IScheme>, SchemeFactory>();
static {
@@ -46,13 +45,11 @@ public class TSentryRole implements org.apache.thrift.TBase<TSentryRole, TSentry
private String roleName; // required
private Set<TSentryGroup> groups; // required
- private String grantorPrincipal; // required
/** The set of fields this struct contains, along with convenience methods for finding and manipulating them. */
public enum _Fields implements org.apache.thrift.TFieldIdEnum {
ROLE_NAME((short)1, "roleName"),
- GROUPS((short)2, "groups"),
- GRANTOR_PRINCIPAL((short)3, "grantorPrincipal");
+ GROUPS((short)2, "groups");
private static final Map<String, _Fields> byName = new HashMap<String, _Fields>();
@@ -71,8 +68,6 @@ public class TSentryRole implements org.apache.thrift.TBase<TSentryRole, TSentry
return ROLE_NAME;
case 2: // GROUPS
return GROUPS;
- case 3: // GRANTOR_PRINCIPAL
- return GRANTOR_PRINCIPAL;
default:
return null;
}
@@ -121,8 +116,6 @@ public class TSentryRole implements org.apache.thrift.TBase<TSentryRole, TSentry
tmpMap.put(_Fields.GROUPS, new org.apache.thrift.meta_data.FieldMetaData("groups", org.apache.thrift.TFieldRequirementType.REQUIRED,
new org.apache.thrift.meta_data.SetMetaData(org.apache.thrift.protocol.TType.SET,
new org.apache.thrift.meta_data.StructMetaData(org.apache.thrift.protocol.TType.STRUCT, TSentryGroup.class))));
- tmpMap.put(_Fields.GRANTOR_PRINCIPAL, new org.apache.thrift.meta_data.FieldMetaData("grantorPrincipal", org.apache.thrift.TFieldRequirementType.REQUIRED,
- new org.apache.thrift.meta_data.FieldValueMetaData(org.apache.thrift.protocol.TType.STRING)));
metaDataMap = Collections.unmodifiableMap(tmpMap);
org.apache.thrift.meta_data.FieldMetaData.addStructMetaDataMap(TSentryRole.class, metaDataMap);
}
@@ -132,13 +125,11 @@ public class TSentryRole implements org.apache.thrift.TBase<TSentryRole, TSentry
public TSentryRole(
String roleName,
- Set<TSentryGroup> groups,
- String grantorPrincipal)
+ Set<TSentryGroup> groups)
{
this();
this.roleName = roleName;
this.groups = groups;
- this.grantorPrincipal = grantorPrincipal;
}
/**
@@ -155,9 +146,6 @@ public class TSentryRole implements org.apache.thrift.TBase<TSentryRole, TSentry
}
this.groups = __this__groups;
}
- if (other.isSetGrantorPrincipal()) {
- this.grantorPrincipal = other.grantorPrincipal;
- }
}
public TSentryRole deepCopy() {
@@ -168,7 +156,6 @@ public class TSentryRole implements org.apache.thrift.TBase<TSentryRole, TSentry
public void clear() {
this.roleName = null;
this.groups = null;
- this.grantorPrincipal = null;
}
public String getRoleName() {
@@ -232,29 +219,6 @@ public class TSentryRole implements org.apache.thrift.TBase<TSentryRole, TSentry
}
}
- public String getGrantorPrincipal() {
- return this.grantorPrincipal;
- }
-
- public void setGrantorPrincipal(String grantorPrincipal) {
- this.grantorPrincipal = grantorPrincipal;
- }
-
- public void unsetGrantorPrincipal() {
- this.grantorPrincipal = null;
- }
-
- /** Returns true if field grantorPrincipal is set (has been assigned a value) and false otherwise */
- public boolean isSetGrantorPrincipal() {
- return this.grantorPrincipal != null;
- }
-
- public void setGrantorPrincipalIsSet(boolean value) {
- if (!value) {
- this.grantorPrincipal = null;
- }
- }
-
public void setFieldValue(_Fields field, Object value) {
switch (field) {
case ROLE_NAME:
@@ -273,14 +237,6 @@ public class TSentryRole implements org.apache.thrift.TBase<TSentryRole, TSentry
}
break;
- case GRANTOR_PRINCIPAL:
- if (value == null) {
- unsetGrantorPrincipal();
- } else {
- setGrantorPrincipal((String)value);
- }
- break;
-
}
}
@@ -292,9 +248,6 @@ public class TSentryRole implements org.apache.thrift.TBase<TSentryRole, TSentry
case GROUPS:
return getGroups();
- case GRANTOR_PRINCIPAL:
- return getGrantorPrincipal();
-
}
throw new IllegalStateException();
}
@@ -310,8 +263,6 @@ public class TSentryRole implements org.apache.thrift.TBase<TSentryRole, TSentry
return isSetRoleName();
case GROUPS:
return isSetGroups();
- case GRANTOR_PRINCIPAL:
- return isSetGrantorPrincipal();
}
throw new IllegalStateException();
}
@@ -347,15 +298,6 @@ public class TSentryRole implements org.apache.thrift.TBase<TSentryRole, TSentry
return false;
}
- boolean this_present_grantorPrincipal = true && this.isSetGrantorPrincipal();
- boolean that_present_grantorPrincipal = true && that.isSetGrantorPrincipal();
- if (this_present_grantorPrincipal || that_present_grantorPrincipal) {
- if (!(this_present_grantorPrincipal && that_present_grantorPrincipal))
- return false;
- if (!this.grantorPrincipal.equals(that.grantorPrincipal))
- return false;
- }
-
return true;
}
@@ -373,11 +315,6 @@ public class TSentryRole implements org.apache.thrift.TBase<TSentryRole, TSentry
if (present_groups)
builder.append(groups);
- boolean present_grantorPrincipal = true && (isSetGrantorPrincipal());
- builder.append(present_grantorPrincipal);
- if (present_grantorPrincipal)
- builder.append(grantorPrincipal);
-
return builder.toHashCode();
}
@@ -409,16 +346,6 @@ public class TSentryRole implements org.apache.thrift.TBase<TSentryRole, TSentry
return lastComparison;
}
}
- lastComparison = Boolean.valueOf(isSetGrantorPrincipal()).compareTo(typedOther.isSetGrantorPrincipal());
- if (lastComparison != 0) {
- return lastComparison;
- }
- if (isSetGrantorPrincipal()) {
- lastComparison = org.apache.thrift.TBaseHelper.compareTo(this.grantorPrincipal, typedOther.grantorPrincipal);
- if (lastComparison != 0) {
- return lastComparison;
- }
- }
return 0;
}
@@ -454,14 +381,6 @@ public class TSentryRole implements org.apache.thrift.TBase<TSentryRole, TSentry
sb.append(this.groups);
}
first = false;
- if (!first) sb.append(", ");
- sb.append("grantorPrincipal:");
- if (this.grantorPrincipal == null) {
- sb.append("null");
- } else {
- sb.append(this.grantorPrincipal);
- }
- first = false;
sb.append(")");
return sb.toString();
}
@@ -476,10 +395,6 @@ public class TSentryRole implements org.apache.thrift.TBase<TSentryRole, TSentry
throw new org.apache.thrift.protocol.TProtocolException("Required field 'groups' is unset! Struct:" + toString());
}
- if (!isSetGrantorPrincipal()) {
- throw new org.apache.thrift.protocol.TProtocolException("Required field 'grantorPrincipal' is unset! Struct:" + toString());
- }
-
// check for sub-struct validity
}
@@ -544,14 +459,6 @@ public class TSentryRole implements org.apache.thrift.TBase<TSentryRole, TSentry
org.apache.thrift.protocol.TProtocolUtil.skip(iprot, schemeField.type);
}
break;
- case 3: // GRANTOR_PRINCIPAL
- if (schemeField.type == org.apache.thrift.protocol.TType.STRING) {
- struct.grantorPrincipal = iprot.readString();
- struct.setGrantorPrincipalIsSet(true);
- } else {
- org.apache.thrift.protocol.TProtocolUtil.skip(iprot, schemeField.type);
- }
- break;
default:
org.apache.thrift.protocol.TProtocolUtil.skip(iprot, schemeField.type);
}
@@ -582,11 +489,6 @@ public class TSentryRole implements org.apache.thrift.TBase<TSentryRole, TSentry
}
oprot.writeFieldEnd();
}
- if (struct.grantorPrincipal != null) {
- oprot.writeFieldBegin(GRANTOR_PRINCIPAL_FIELD_DESC);
- oprot.writeString(struct.grantorPrincipal);
- oprot.writeFieldEnd();
- }
oprot.writeFieldStop();
oprot.writeStructEnd();
}
@@ -612,7 +514,6 @@ public class TSentryRole implements org.apache.thrift.TBase<TSentryRole, TSentry
_iter20.write(oprot);
}
}
- oprot.writeString(struct.grantorPrincipal);
}
@Override
@@ -632,8 +533,6 @@ public class TSentryRole implements org.apache.thrift.TBase<TSentryRole, TSentry
}
}
struct.setGroupsIsSet(true);
- struct.grantorPrincipal = iprot.readString();
- struct.setGrantorPrincipalIsSet(true);
}
}
http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/dbcdb6d6/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/model/MSentryGroup.java
----------------------------------------------------------------------
diff --git a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/model/MSentryGroup.java b/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/model/MSentryGroup.java
index 3f68f0d..32dbafc 100644
--- a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/model/MSentryGroup.java
+++ b/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/model/MSentryGroup.java
@@ -36,13 +36,10 @@ public class MSentryGroup {
// set of roles granted to this group
private Set<MSentryRole> roles;
private long createTime;
- private String grantorPrincipal;
- public MSentryGroup(String groupName, long createTime, String grantorPrincipal,
- Set<MSentryRole> roles) {
+ public MSentryGroup(String groupName, long createTime, Set<MSentryRole> roles) {
this.setGroupName(groupName);
this.createTime = createTime;
- this.grantorPrincipal = grantorPrincipal;
this.roles = roles;
}
@@ -54,14 +51,6 @@ public class MSentryGroup {
this.createTime = createTime;
}
- public String getGrantorPrincipal() {
- return grantorPrincipal;
- }
-
- public void setGrantorPrincipal(String grantorPrincipal) {
- this.grantorPrincipal = grantorPrincipal;
- }
-
public Set<MSentryRole> getRoles() {
return roles;
}
@@ -89,8 +78,7 @@ public class MSentryGroup {
@Override
public String toString() {
return "MSentryGroup [groupName=" + groupName + ", roles=[...]"
- + ", createTime=" + createTime + ", grantorPrincipal="
- + grantorPrincipal + "]";
+ + ", createTime=" + createTime + "]";
}
@Override
http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/dbcdb6d6/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/model/MSentryPrivilege.java
----------------------------------------------------------------------
diff --git a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/model/MSentryPrivilege.java b/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/model/MSentryPrivilege.java
index 5328fff..0667cb5 100644
--- a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/model/MSentryPrivilege.java
+++ b/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/model/MSentryPrivilege.java
@@ -46,7 +46,6 @@ public class MSentryPrivilege {
// roles this privilege is a part of
private Set<MSentryRole> roles;
private long createTime;
- private String grantorPrincipal;
public MSentryPrivilege() {
this.roles = new HashSet<MSentryRole>();
@@ -134,14 +133,6 @@ public class MSentryPrivilege {
this.createTime = createTime;
}
- public String getGrantorPrincipal() {
- return grantorPrincipal;
- }
-
- public void setGrantorPrincipal(String grantorPrincipal) {
- this.grantorPrincipal = grantorPrincipal;
- }
-
public String getPrivilegeScope() {
return privilegeScope;
}
@@ -177,7 +168,7 @@ public class MSentryPrivilege {
+ ", serverName=" + serverName + ", dbName=" + dbName
+ ", tableName=" + tableName + ", URI=" + URI
+ ", action=" + action + ", roles=[...]" + ", createTime="
- + createTime + ", grantorPrincipal=" + grantorPrincipal
+ + createTime
+ ", grantOption=" + grantOption +"]";
}
http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/dbcdb6d6/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/model/MSentryRole.java
----------------------------------------------------------------------
diff --git a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/model/MSentryRole.java b/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/model/MSentryRole.java
index 912ed95..bca9fb9 100644
--- a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/model/MSentryRole.java
+++ b/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/model/MSentryRole.java
@@ -39,12 +39,10 @@ public class MSentryRole {
// set of groups this role belongs to
private Set<MSentryGroup> groups;
private long createTime;
- private String grantorPrincipal;
- public MSentryRole(String roleName, long createTime, String grantorPrincipal) {
+ public MSentryRole(String roleName, long createTime) {
this.roleName = roleName;
this.createTime = createTime;
- this.grantorPrincipal = grantorPrincipal;
privileges = new HashSet<MSentryPrivilege>();
groups = new HashSet<MSentryGroup>();
}
@@ -57,14 +55,6 @@ public class MSentryRole {
this.createTime = createTime;
}
- public String getGrantorPrincipal() {
- return grantorPrincipal;
- }
-
- public void setGrantorPrincipal(String grantorPrincipal) {
- this.grantorPrincipal = grantorPrincipal;
- }
-
public String getRoleName() {
return roleName;
}
@@ -132,8 +122,7 @@ public class MSentryRole {
@Override
public String toString() {
return "MSentryRole [roleName=" + roleName + ", privileges=[..]"
- + ", groups=[...]" + ", createTime=" + createTime
- + ", grantorPrincipal=" + grantorPrincipal + "]";
+ + ", groups=[...]" + ", createTime=" + createTime + "]";
}
@Override
http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/dbcdb6d6/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/model/package.jdo
----------------------------------------------------------------------
diff --git a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/model/package.jdo b/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/model/package.jdo
index b39cb18..9abaab8 100644
--- a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/model/package.jdo
+++ b/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/model/package.jdo
@@ -38,10 +38,7 @@
<field name = "createTime">
<column name = "CREATE_TIME" jdbc-type="BIGINT"/>
</field>
- <field name="grantorPrincipal">
- <column name="GRANTOR_PRINCIPAL" length="4000" jdbc-type="VARCHAR"/>
- </field>
-
+
<field name="roles" mapped-by="groups">
<collection element-type="org.apache.sentry.provider.db.service.model.MSentryRole"/>
</field>
@@ -59,9 +56,6 @@
<field name = "createTime">
<column name = "CREATE_TIME" jdbc-type="BIGINT"/>
</field>
- <field name="grantorPrincipal">
- <column name="GRANTOR_PRINCIPAL" length="4000" jdbc-type="VARCHAR"/>
- </field>
<field name = "privileges" table="SENTRY_ROLE_DB_PRIVILEGE_MAP" default-fetch-group="true">
<collection element-type="org.apache.sentry.provider.db.service.model.MSentryPrivilege"/>
<join>
@@ -116,9 +110,6 @@
<field name = "createTime">
<column name = "CREATE_TIME" jdbc-type="BIGINT"/>
</field>
- <field name="grantorPrincipal">
- <column name="GRANTOR_PRINCIPAL" length="4000" jdbc-type="VARCHAR"/>
- </field>
<field name="grantOption">
<column name="WITH_GRANT_OPTION" length="1" jdbc-type="CHAR"/>
</field>
http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/dbcdb6d6/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/persistent/SentryStore.java
----------------------------------------------------------------------
diff --git a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/persistent/SentryStore.java b/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/persistent/SentryStore.java
index 718306d..869b8e3 100644
--- a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/persistent/SentryStore.java
+++ b/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/persistent/SentryStore.java
@@ -243,11 +243,10 @@ public class SentryStore {
/**
* Create a sentry role and persist it.
* @param roleName: Name of the role being persisted
- * @param grantorPrincipal: TODO: Currently not used
* @returns commit context used for notification handlers
* @throws SentryAlreadyExistsException
*/
- public CommitContext createSentryRole(String roleName, String grantorPrincipal)
+ public CommitContext createSentryRole(String roleName)
throws SentryAlreadyExistsException {
roleName = trimAndLower(roleName);
boolean rollbackTransaction = true;
@@ -256,7 +255,7 @@ public class SentryStore {
pm = openTransaction();
MSentryRole mSentryRole = getMSentryRole(pm, roleName);
if (mSentryRole == null) {
- MSentryRole mRole = new MSentryRole(roleName, System.currentTimeMillis(), grantorPrincipal);
+ MSentryRole mRole = new MSentryRole(roleName, System.currentTimeMillis());
pm.makePersistent(mRole);
CommitContext commit = commitUpdateTransaction(pm);
rollbackTransaction = false;
@@ -271,7 +270,8 @@ public class SentryStore {
}
}
- public CommitContext alterSentryRoleGrantPrivilege(String roleName, TSentryPrivilege privilege)
+ public CommitContext alterSentryRoleGrantPrivilege(String grantorPrincipal,
+ String roleName, TSentryPrivilege privilege)
throws SentryUserException {
boolean rollbackTransaction = true;
PersistenceManager pm = null;
@@ -279,7 +279,7 @@ public class SentryStore {
try {
pm = openTransaction();
// first do grant check
- grantOptionCheck(pm, privilege);
+ grantOptionCheck(pm, grantorPrincipal, privilege);
alterSentryRoleGrantPrivilegeCore(pm, roleName, privilege);
CommitContext commit = commitUpdateTransaction(pm);
@@ -340,7 +340,7 @@ public class SentryStore {
return;
}
- public CommitContext alterSentryRoleRevokePrivilege(String roleName,
+ public CommitContext alterSentryRoleRevokePrivilege(String grantorPrincipal, String roleName,
TSentryPrivilege tPrivilege) throws SentryUserException {
boolean rollbackTransaction = true;
PersistenceManager pm = null;
@@ -348,7 +348,7 @@ public class SentryStore {
try {
pm = openTransaction();
// first do revoke check
- grantOptionCheck(pm, tPrivilege);
+ grantOptionCheck(pm, grantorPrincipal, tPrivilege);
alterSentryRoleRevokePrivilegeCore(pm, roleName, tPrivilege);
@@ -497,7 +497,7 @@ public class SentryStore {
query.setFilter(filters.toString());
query
- .setResult("privilegeScope, serverName, dbName, tableName, URI, action, grantorPrincipal, grantOption");
+ .setResult("privilegeScope, serverName, dbName, tableName, URI, action, grantOption");
Set<MSentryPrivilege> privileges = new HashSet<MSentryPrivilege>();
for (Object[] privObj : (List<Object[]>) query.execute()) {
MSentryPrivilege priv = new MSentryPrivilege();
@@ -507,8 +507,7 @@ public class SentryStore {
priv.setTableName((String) privObj[3]);
priv.setURI((String) privObj[4]);
priv.setAction((String) privObj[5]);
- priv.setGrantorPrincipal((String) privObj[6]);
- priv.setGrantOption((Boolean) privObj[7]);
+ priv.setGrantOption((Boolean) privObj[6]);
privileges.add(priv);
}
rollbackTransaction = false;
@@ -573,8 +572,8 @@ public class SentryStore {
}
}
- public CommitContext alterSentryRoleAddGroups(String grantorPrincipal,
- String roleName, Set<TSentryGroup> groupNames)
+ public CommitContext alterSentryRoleAddGroups( String grantorPrincipal, String roleName,
+ Set<TSentryGroup> groupNames)
throws SentryNoSuchObjectException {
boolean rollbackTransaction = true;
PersistenceManager pm = null;
@@ -599,7 +598,7 @@ public class SentryStore {
MSentryGroup group = (MSentryGroup) query.execute(groupName);
if (group == null) {
group = new MSentryGroup(groupName, System.currentTimeMillis(),
- grantorPrincipal, Sets.newHashSet(role));
+ Sets.newHashSet(role));
}
group.appendRole(role);
groups.add(group);
@@ -1000,7 +999,6 @@ public class SentryStore {
private TSentryRole convertToTSentryRole(MSentryRole mSentryRole) {
TSentryRole role = new TSentryRole();
role.setRoleName(mSentryRole.getRoleName());
- role.setGrantorPrincipal(mSentryRole.getGrantorPrincipal());
Set<TSentryGroup> sentryGroups = new HashSet<TSentryGroup>();
for(MSentryGroup mSentryGroup:mSentryRole.getGroups()) {
TSentryGroup group = convertToTSentryGroup(mSentryGroup);
@@ -1026,7 +1024,6 @@ public class SentryStore {
privilege.setDbName(fromNULLCol(mSentryPrivilege.getDbName()));
privilege.setTableName(fromNULLCol(mSentryPrivilege.getTableName()));
privilege.setURI(fromNULLCol(mSentryPrivilege.getURI()));
- privilege.setGrantorPrincipal(mSentryPrivilege.getGrantorPrincipal());
if (mSentryPrivilege.getGrantOption() != null) {
privilege.setGrantOption(TSentryGrantOption.valueOf(mSentryPrivilege.getGrantOption().toString().toUpperCase()));
} else {
@@ -1049,7 +1046,6 @@ public class SentryStore {
mSentryPrivilege.setPrivilegeScope(safeTrim(privilege.getPrivilegeScope()));
mSentryPrivilege.setAction(toNULLCol(safeTrimLower(privilege.getAction())));
mSentryPrivilege.setCreateTime(System.currentTimeMillis());
- mSentryPrivilege.setGrantorPrincipal(safeTrim(privilege.getGrantorPrincipal()));
mSentryPrivilege.setURI(toNULLCol(safeTrim(privilege.getURI())));
if ( !privilege.getGrantOption().equals(TSentryGrantOption.UNSET) ) {
mSentryPrivilege.setGrantOption(Boolean.valueOf(privilege.getGrantOption().toString()));
@@ -1183,14 +1179,14 @@ public class SentryStore {
* @throws SentryInvalidInputException
*/
public void renamePrivilege(TSentryAuthorizable tAuthorizable,
- TSentryAuthorizable newTAuthorizable, String grantorPrincipal)
+ TSentryAuthorizable newTAuthorizable)
throws SentryNoSuchObjectException, SentryInvalidInputException {
PersistenceManager pm = null;
boolean rollbackTransaction = true;
TSentryPrivilege tPrivilege = toSentryPrivilege(tAuthorizable);
- TSentryPrivilege newPrivilege = toSentryPrivilege(newTAuthorizable,
- grantorPrincipal);
+ TSentryPrivilege newPrivilege = toSentryPrivilege(newTAuthorizable);
+
try {
pm = openTransaction();
// In case of tables or DBs, check all actions
@@ -1266,20 +1262,13 @@ public class SentryStore {
}
}
- // convert TSentryAuthorizable to TSentryPrivilege
private TSentryPrivilege toSentryPrivilege(TSentryAuthorizable tAuthorizable)
throws SentryInvalidInputException {
- return toSentryPrivilege(tAuthorizable, null);
- }
-
- private TSentryPrivilege toSentryPrivilege(TSentryAuthorizable tAuthorizable,
- String grantorPrincipal) throws SentryInvalidInputException {
TSentryPrivilege tSentryPrivilege = new TSentryPrivilege();
tSentryPrivilege.setDbName(fromNULLCol(tAuthorizable.getDb()));
tSentryPrivilege.setServerName(fromNULLCol(tAuthorizable.getServer()));
tSentryPrivilege.setTableName(fromNULLCol(tAuthorizable.getTable()));
tSentryPrivilege.setURI(fromNULLCol(tAuthorizable.getUri()));
- tSentryPrivilege.setGrantorPrincipal(grantorPrincipal);
PrivilegeScope scope;
if (!isNULL(tSentryPrivilege.getTableName())) {
scope = PrivilegeScope.TABLE;
@@ -1313,10 +1302,9 @@ public class SentryStore {
* @param privilege
* @throws SentryUserException
*/
- private void grantOptionCheck(PersistenceManager pm, TSentryPrivilege privilege)
+ private void grantOptionCheck(PersistenceManager pm, String grantorPrincipal, TSentryPrivilege privilege)
throws SentryUserException {
MSentryPrivilege mPrivilege = convertToMSentryPrivilege(privilege);
- String grantorPrincipal = mPrivilege.getGrantorPrincipal();
if (grantorPrincipal == null) {
throw new SentryInvalidInputException("grantorPrincipal should not be null");
}
http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/dbcdb6d6/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/thrift/SentryPolicyServiceClient.java
----------------------------------------------------------------------
diff --git a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/thrift/SentryPolicyServiceClient.java b/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/thrift/SentryPolicyServiceClient.java
index 6358289..5d97dc1 100644
--- a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/thrift/SentryPolicyServiceClient.java
+++ b/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/thrift/SentryPolicyServiceClient.java
@@ -376,7 +376,6 @@ public class SentryPolicyServiceClient {
privilege.setDbName(db);
privilege.setTableName(table);
privilege.setAction(action);
- privilege.setGrantorPrincipal(requestorUserName);
privilege.setCreateTime(System.currentTimeMillis());
privilege.setGrantOption(convertTSentryGrantOption(grantOption));
request.setPrivilege(privilege);
@@ -466,7 +465,6 @@ public class SentryPolicyServiceClient {
privilege.setDbName(db);
privilege.setTableName(table);
privilege.setAction(action);
- privilege.setGrantorPrincipal(requestorUserName);
privilege.setCreateTime(System.currentTimeMillis());
privilege.setGrantOption(convertTSentryGrantOption(grantOption));
request.setPrivilege(privilege);
http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/dbcdb6d6/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/thrift/SentryPolicyStoreProcessor.java
----------------------------------------------------------------------
diff --git a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/thrift/SentryPolicyStoreProcessor.java b/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/thrift/SentryPolicyStoreProcessor.java
index ad66838..5b829a8 100644
--- a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/thrift/SentryPolicyStoreProcessor.java
+++ b/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/thrift/SentryPolicyStoreProcessor.java
@@ -149,8 +149,7 @@ public class SentryPolicyStoreProcessor implements SentryPolicyService.Iface {
try {
authorize(request.getRequestorUserName(),
getRequestorGroups(request.getRequestorUserName()));
- CommitContext commitContext = sentryStore.createSentryRole(request.getRoleName(),
- request.getRequestorUserName());
+ CommitContext commitContext = sentryStore.createSentryRole(request.getRoleName());
response.setStatus(Status.OK());
notificationHandlerInvoker.create_sentry_role(commitContext,
request, response);
@@ -178,8 +177,8 @@ public class SentryPolicyStoreProcessor implements SentryPolicyService.Iface {
TAlterSentryRoleGrantPrivilegeResponse response = new TAlterSentryRoleGrantPrivilegeResponse();
try {
- CommitContext commitContext = sentryStore.alterSentryRoleGrantPrivilege(request.getRoleName(),
- request.getPrivilege());
+ CommitContext commitContext = sentryStore.alterSentryRoleGrantPrivilege(request.getRequestorUserName(),
+ request.getRoleName(), request.getPrivilege());
response.setStatus(Status.OK());
notificationHandlerInvoker.alter_sentry_role_grant_privilege(commitContext,
request, response);
@@ -210,8 +209,8 @@ public class SentryPolicyStoreProcessor implements SentryPolicyService.Iface {
(TAlterSentryRoleRevokePrivilegeRequest request) throws TException {
TAlterSentryRoleRevokePrivilegeResponse response = new TAlterSentryRoleRevokePrivilegeResponse();
try {
- CommitContext commitContext = sentryStore.alterSentryRoleRevokePrivilege(request.getRoleName(),
- request.getPrivilege());
+ CommitContext commitContext = sentryStore.alterSentryRoleRevokePrivilege(request.getRequestorUserName(),
+ request.getRoleName(), request.getPrivilege());
response.setStatus(Status.OK());
notificationHandlerInvoker.alter_sentry_role_revoke_privilege(commitContext,
request, response);
@@ -513,7 +512,7 @@ public class SentryPolicyStoreProcessor implements SentryPolicyService.Iface {
try {
authorize(request.getRequestorUserName(), adminGroups);
sentryStore.renamePrivilege(request.getOldAuthorizable(),
- request.getNewAuthorizable(), request.getRequestorUserName());
+ request.getNewAuthorizable());
response.setStatus(Status.OK());
} catch (SentryAccessDeniedException e) {
LOGGER.error(e.getMessage(), e);
http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/dbcdb6d6/sentry-provider/sentry-provider-db/src/main/resources/sentry-db2-1.5.0.sql
----------------------------------------------------------------------
diff --git a/sentry-provider/sentry-provider-db/src/main/resources/sentry-db2-1.5.0.sql b/sentry-provider/sentry-provider-db/src/main/resources/sentry-db2-1.5.0.sql
index 785c885..4c5ae39 100644
--- a/sentry-provider/sentry-provider-db/src/main/resources/sentry-db2-1.5.0.sql
+++ b/sentry-provider/sentry-provider-db/src/main/resources/sentry-db2-1.5.0.sql
@@ -21,7 +21,6 @@ CREATE TABLE SENTRY_DB_PRIVILEGE
"ACTION" VARCHAR(40),
CREATE_TIME BIGINT NOT NULL,
DB_NAME VARCHAR(4000),
- GRANTOR_PRINCIPAL VARCHAR(4000),
PRIVILEGE_SCOPE VARCHAR(40),
"SERVER_NAME" VARCHAR(4000),
"TABLE_NAME" VARCHAR(4000),
@@ -35,7 +34,6 @@ CREATE TABLE SENTRY_ROLE
(
ROLE_ID BIGINT NOT NULL generated always as identity (start with 1),
CREATE_TIME BIGINT NOT NULL,
- GRANTOR_PRINCIPAL VARCHAR(4000),
ROLE_NAME VARCHAR(128)
);
@@ -46,7 +44,6 @@ CREATE TABLE SENTRY_GROUP
(
GROUP_ID BIGINT NOT NULL generated always as identity (start with 1),
CREATE_TIME BIGINT NOT NULL,
- GRANTOR_PRINCIPAL VARCHAR(4000),
GROUP_NAME VARCHAR(128)
);
@@ -56,7 +53,8 @@ ALTER TABLE SENTRY_GROUP ADD CONSTRAINT SENTRY_GROUP_PK PRIMARY KEY (GROUP_ID);
CREATE TABLE SENTRY_ROLE_GROUP_MAP
(
GROUP_ID BIGINT NOT NULL,
- ROLE_ID BIGINT NOT NULL
+ ROLE_ID BIGINT NOT NULL,
+ GRANTOR_PRINCIPAL VARCHAR(128)
);
ALTER TABLE SENTRY_ROLE_GROUP_MAP ADD CONSTRAINT SENTRY_ROLE_GROUP_MAP_PK PRIMARY KEY (GROUP_ID,ROLE_ID);
@@ -65,7 +63,8 @@ ALTER TABLE SENTRY_ROLE_GROUP_MAP ADD CONSTRAINT SENTRY_ROLE_GROUP_MAP_PK PRIMAR
CREATE TABLE SENTRY_ROLE_DB_PRIVILEGE_MAP
(
ROLE_ID BIGINT NOT NULL,
- DB_PRIVILEGE_ID BIGINT NOT NULL
+ DB_PRIVILEGE_ID BIGINT NOT NULL,
+ GRANTOR_PRINCIPAL VARCHAR(128)
);
ALTER TABLE SENTRY_ROLE_DB_PRIVILEGE_MAP ADD CONSTRAINT SENTRY_ROLE_DB_PRIVILEGE_MAP_PK PRIMARY KEY (ROLE_ID,DB_PRIVILEGE_ID);
http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/dbcdb6d6/sentry-provider/sentry-provider-db/src/main/resources/sentry-derby-1.5.0.sql
----------------------------------------------------------------------
diff --git a/sentry-provider/sentry-provider-db/src/main/resources/sentry-derby-1.5.0.sql b/sentry-provider/sentry-provider-db/src/main/resources/sentry-derby-1.5.0.sql
index 785c885..4c5ae39 100644
--- a/sentry-provider/sentry-provider-db/src/main/resources/sentry-derby-1.5.0.sql
+++ b/sentry-provider/sentry-provider-db/src/main/resources/sentry-derby-1.5.0.sql
@@ -21,7 +21,6 @@ CREATE TABLE SENTRY_DB_PRIVILEGE
"ACTION" VARCHAR(40),
CREATE_TIME BIGINT NOT NULL,
DB_NAME VARCHAR(4000),
- GRANTOR_PRINCIPAL VARCHAR(4000),
PRIVILEGE_SCOPE VARCHAR(40),
"SERVER_NAME" VARCHAR(4000),
"TABLE_NAME" VARCHAR(4000),
@@ -35,7 +34,6 @@ CREATE TABLE SENTRY_ROLE
(
ROLE_ID BIGINT NOT NULL generated always as identity (start with 1),
CREATE_TIME BIGINT NOT NULL,
- GRANTOR_PRINCIPAL VARCHAR(4000),
ROLE_NAME VARCHAR(128)
);
@@ -46,7 +44,6 @@ CREATE TABLE SENTRY_GROUP
(
GROUP_ID BIGINT NOT NULL generated always as identity (start with 1),
CREATE_TIME BIGINT NOT NULL,
- GRANTOR_PRINCIPAL VARCHAR(4000),
GROUP_NAME VARCHAR(128)
);
@@ -56,7 +53,8 @@ ALTER TABLE SENTRY_GROUP ADD CONSTRAINT SENTRY_GROUP_PK PRIMARY KEY (GROUP_ID);
CREATE TABLE SENTRY_ROLE_GROUP_MAP
(
GROUP_ID BIGINT NOT NULL,
- ROLE_ID BIGINT NOT NULL
+ ROLE_ID BIGINT NOT NULL,
+ GRANTOR_PRINCIPAL VARCHAR(128)
);
ALTER TABLE SENTRY_ROLE_GROUP_MAP ADD CONSTRAINT SENTRY_ROLE_GROUP_MAP_PK PRIMARY KEY (GROUP_ID,ROLE_ID);
@@ -65,7 +63,8 @@ ALTER TABLE SENTRY_ROLE_GROUP_MAP ADD CONSTRAINT SENTRY_ROLE_GROUP_MAP_PK PRIMAR
CREATE TABLE SENTRY_ROLE_DB_PRIVILEGE_MAP
(
ROLE_ID BIGINT NOT NULL,
- DB_PRIVILEGE_ID BIGINT NOT NULL
+ DB_PRIVILEGE_ID BIGINT NOT NULL,
+ GRANTOR_PRINCIPAL VARCHAR(128)
);
ALTER TABLE SENTRY_ROLE_DB_PRIVILEGE_MAP ADD CONSTRAINT SENTRY_ROLE_DB_PRIVILEGE_MAP_PK PRIMARY KEY (ROLE_ID,DB_PRIVILEGE_ID);
http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/dbcdb6d6/sentry-provider/sentry-provider-db/src/main/resources/sentry-mysql-1.5.0.sql
----------------------------------------------------------------------
diff --git a/sentry-provider/sentry-provider-db/src/main/resources/sentry-mysql-1.5.0.sql b/sentry-provider/sentry-provider-db/src/main/resources/sentry-mysql-1.5.0.sql
index f94f6bd..803b6a8 100644
--- a/sentry-provider/sentry-provider-db/src/main/resources/sentry-mysql-1.5.0.sql
+++ b/sentry-provider/sentry-provider-db/src/main/resources/sentry-mysql-1.5.0.sql
@@ -33,33 +33,32 @@ CREATE TABLE `SENTRY_DB_PRIVILEGE` (
`TABLE_NAME` VARCHAR(128) CHARACTER SET utf8 COLLATE utf8_bin DEFAULT NULL,
`URI` VARCHAR(4000) CHARACTER SET utf8 COLLATE utf8_bin DEFAULT NULL,
`ACTION` VARCHAR(128) CHARACTER SET utf8 COLLATE utf8_bin NOT NULL,
- `CREATE_TIME` BIGINT NOT NULL,
- `GRANTOR_PRINCIPAL` VARCHAR(128) CHARACTER SET utf8 COLLATE utf8_bin NOT NULL,
+ `CREATE_TIME` BIGINT NOT NULL
`WITH_GRANT_OPTION` CHAR(1) NOT NULL
) ENGINE=InnoDB DEFAULT CHARSET=utf8;
CREATE TABLE `SENTRY_ROLE` (
`ROLE_ID` BIGINT NOT NULL,
`ROLE_NAME` VARCHAR(128) CHARACTER SET utf8 COLLATE utf8_bin NOT NULL,
- `CREATE_TIME` BIGINT NOT NULL,
- `GRANTOR_PRINCIPAL` VARCHAR(128) CHARACTER SET utf8 COLLATE utf8_bin NOT NULL
+ `CREATE_TIME` BIGINT NOT NULL
) ENGINE=InnoDB DEFAULT CHARSET=utf8;
CREATE TABLE `SENTRY_GROUP` (
`GROUP_ID` BIGINT NOT NULL,
`GROUP_NAME` VARCHAR(128) CHARACTER SET utf8 COLLATE utf8_bin NOT NULL,
- `CREATE_TIME` BIGINT NOT NULL,
- `GRANTOR_PRINCIPAL` VARCHAR(128) CHARACTER SET utf8 COLLATE utf8_bin NOT NULL
+ `CREATE_TIME` BIGINT NOT NULL
) ENGINE=InnoDB DEFAULT CHARSET=utf8;
CREATE TABLE `SENTRY_ROLE_DB_PRIVILEGE_MAP` (
`ROLE_ID` BIGINT NOT NULL,
- `DB_PRIVILEGE_ID` BIGINT NOT NULL
+ `DB_PRIVILEGE_ID` BIGINT NOT NULL,
+ `GRANTOR_PRINCIPAL` VARCHAR(128) CHARACTER SET utf8 COLLATE utf8_bin
) ENGINE=InnoDB DEFAULT CHARSET=utf8;
CREATE TABLE `SENTRY_ROLE_GROUP_MAP` (
`ROLE_ID` BIGINT NOT NULL,
- `GROUP_ID` BIGINT NOT NULL
+ `GROUP_ID` BIGINT NOT NULL,
+ `GRANTOR_PRINCIPAL` VARCHAR(128) CHARACTER SET utf8 COLLATE utf8_bin
) ENGINE=InnoDB DEFAULT CHARSET=utf8;
CREATE TABLE IF NOT EXISTS `SENTRY_VERSION` (
http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/dbcdb6d6/sentry-provider/sentry-provider-db/src/main/resources/sentry-oracle-1.5.0.sql
----------------------------------------------------------------------
diff --git a/sentry-provider/sentry-provider-db/src/main/resources/sentry-oracle-1.5.0.sql b/sentry-provider/sentry-provider-db/src/main/resources/sentry-oracle-1.5.0.sql
index 35dbc5b..5d8336c 100644
--- a/sentry-provider/sentry-provider-db/src/main/resources/sentry-oracle-1.5.0.sql
+++ b/sentry-provider/sentry-provider-db/src/main/resources/sentry-oracle-1.5.0.sql
@@ -22,32 +22,31 @@ CREATE TABLE "SENTRY_DB_PRIVILEGE" (
"URI" VARCHAR2(4000) NULL,
"ACTION" VARCHAR2(128) NOT NULL,
"CREATE_TIME" NUMBER NOT NULL,
- "GRANTOR_PRINCIPAL" VARCHAR(128) NOT NULL,
"WITH_GRANT_OPTION" CHAR(1) NOT NULL
);
CREATE TABLE "SENTRY_ROLE" (
"ROLE_ID" NUMBER NOT NULL,
"ROLE_NAME" VARCHAR2(128) NOT NULL,
- "CREATE_TIME" NUMBER NOT NULL,
- "GRANTOR_PRINCIPAL" VARCHAR2(128) NOT NULL
+ "CREATE_TIME" NUMBER NOT NULL
);
CREATE TABLE "SENTRY_GROUP" (
"GROUP_ID" NUMBER NOT NULL,
"GROUP_NAME" VARCHAR2(128) NOT NULL,
- "CREATE_TIME" NUMBER NOT NULL,
- "GRANTOR_PRINCIPAL" VARCHAR2(128) NOT NULL
+ "CREATE_TIME" NUMBER NOT NULL
);
CREATE TABLE "SENTRY_ROLE_DB_PRIVILEGE_MAP" (
"ROLE_ID" NUMBER NOT NULL,
- "DB_PRIVILEGE_ID" NUMBER NOT NULL
+ "DB_PRIVILEGE_ID" NUMBER NOT NULL,
+ "GRANTOR_PRINCIPAL" VARCHAR2(128)
);
CREATE TABLE "SENTRY_ROLE_GROUP_MAP" (
"ROLE_ID" NUMBER NOT NULL,
- "GROUP_ID" NUMBER NOT NULL
+ "GROUP_ID" NUMBER NOT NULL,
+ "GRANTOR_PRINCIPAL" VARCHAR2(128)
);
CREATE TABLE "SENTRY_VERSION" (
http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/dbcdb6d6/sentry-provider/sentry-provider-db/src/main/resources/sentry-postgres-1.5.0.sql
----------------------------------------------------------------------
diff --git a/sentry-provider/sentry-provider-db/src/main/resources/sentry-postgres-1.5.0.sql b/sentry-provider/sentry-provider-db/src/main/resources/sentry-postgres-1.5.0.sql
index 1d6036f..24cac98 100644
--- a/sentry-provider/sentry-provider-db/src/main/resources/sentry-postgres-1.5.0.sql
+++ b/sentry-provider/sentry-provider-db/src/main/resources/sentry-postgres-1.5.0.sql
@@ -34,32 +34,31 @@ CREATE TABLE "SENTRY_DB_PRIVILEGE" (
"URI" character varying(4000) DEFAULT NULL::character varying,
"ACTION" character varying(128) NOT NULL,
"CREATE_TIME" BIGINT NOT NULL,
- "GRANTOR_PRINCIPAL" VARCHAR(128) NOT NULL,
"WITH_GRANT_OPTION" CHAR(1) NOT NULL
);
CREATE TABLE "SENTRY_ROLE" (
"ROLE_ID" BIGINT NOT NULL,
"ROLE_NAME" character varying(128) NOT NULL,
- "CREATE_TIME" BIGINT NOT NULL,
- "GRANTOR_PRINCIPAL" character varying(128) NOT NULL
+ "CREATE_TIME" BIGINT NOT NULL
);
CREATE TABLE "SENTRY_GROUP" (
"GROUP_ID" BIGINT NOT NULL,
"GROUP_NAME" character varying(128) NOT NULL,
- "CREATE_TIME" BIGINT NOT NULL,
- "GRANTOR_PRINCIPAL" character varying(128) NOT NULL
+ "CREATE_TIME" BIGINT NOT NULL
);
CREATE TABLE "SENTRY_ROLE_DB_PRIVILEGE_MAP" (
"ROLE_ID" BIGINT NOT NULL,
- "DB_PRIVILEGE_ID" BIGINT NOT NULL
+ "DB_PRIVILEGE_ID" BIGINT NOT NULL,
+ "GRANTOR_PRINCIPAL" character varying(128)
);
CREATE TABLE "SENTRY_ROLE_GROUP_MAP" (
"ROLE_ID" BIGINT NOT NULL,
- "GROUP_ID" BIGINT NOT NULL
+ "GROUP_ID" BIGINT NOT NULL,
+ "GRANTOR_PRINCIPAL" character varying(128)
);
CREATE TABLE "SENTRY_VERSION" (
http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/dbcdb6d6/sentry-provider/sentry-provider-db/src/main/resources/sentry_policy_service.thrift
----------------------------------------------------------------------
diff --git a/sentry-provider/sentry-provider-db/src/main/resources/sentry_policy_service.thrift b/sentry-provider/sentry-provider-db/src/main/resources/sentry_policy_service.thrift
index b14616b..d215ffe 100644
--- a/sentry-provider/sentry-provider-db/src/main/resources/sentry_policy_service.thrift
+++ b/sentry-provider/sentry-provider-db/src/main/resources/sentry_policy_service.thrift
@@ -48,8 +48,7 @@ struct TSentryPrivilege {
6: optional string URI = "",
7: required string action = "",
8: optional i64 createTime, # Set on server side
-9: optional string grantorPrincipal, # Set on server side
-10: optional TSentryGrantOption grantOption = TSentryGrantOption.FALSE
+9: optional TSentryGrantOption grantOption = TSentryGrantOption.FALSE
}
# TODO can this be deleted? it's not adding value to TAlterSentryRoleAddGroupsRequest
@@ -132,7 +131,7 @@ struct TListSentryRolesRequest {
struct TSentryRole {
1: required string roleName,
2: required set<TSentryGroup> groups,
-3: required string grantorPrincipal
+3: required string grantorPrincipal #Deprecated
}
struct TListSentryRolesResponse {
1: required sentry_common_service.TSentryResponseStatus status
http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/dbcdb6d6/sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/provider/db/service/persistent/TestSentryStore.java
----------------------------------------------------------------------
diff --git a/sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/provider/db/service/persistent/TestSentryStore.java b/sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/provider/db/service/persistent/TestSentryStore.java
index 985a73d..befecf4 100644
--- a/sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/provider/db/service/persistent/TestSentryStore.java
+++ b/sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/provider/db/service/persistent/TestSentryStore.java
@@ -105,25 +105,23 @@ public class TestSentryStore {
privilege.setDbName("default");
privilege.setTableName("table1");
privilege.setAction(AccessConstants.ALL);
- privilege.setGrantorPrincipal(grantor);
privilege.setCreateTime(System.currentTimeMillis());
- long seqId = sentryStore.createSentryRole(roleName, grantor).getSequenceId();
+ long seqId = sentryStore.createSentryRole(roleName).getSequenceId();
assertEquals(seqId + 1, sentryStore.alterSentryRoleAddGroups(grantor, roleName, groups).getSequenceId());
assertEquals(seqId + 2, sentryStore.alterSentryRoleDeleteGroups(roleName, groups).getSequenceId());
- assertEquals(seqId + 3, sentryStore.alterSentryRoleGrantPrivilege(roleName, privilege).getSequenceId());
- assertEquals(seqId + 4, sentryStore.alterSentryRoleRevokePrivilege(roleName, privilege).getSequenceId());
+ assertEquals(seqId + 3, sentryStore.alterSentryRoleGrantPrivilege(grantor, roleName, privilege).getSequenceId());
+ assertEquals(seqId + 4, sentryStore.alterSentryRoleRevokePrivilege(grantor, roleName, privilege).getSequenceId());
}
@Test
public void testURI() throws Exception {
String roleName = "test-dup-role";
String grantor = "g1";
String uri = "file:///var/folders/dt/9zm44z9s6bjfxbrm4v36lzdc0000gp/T/1401860678102-0/data/kv1.dat";
- sentryStore.createSentryRole(roleName, grantor);
+ sentryStore.createSentryRole(roleName);
TSentryPrivilege tSentryPrivilege = new TSentryPrivilege("URI", "server1", "ALL");
tSentryPrivilege.setURI(uri);
- tSentryPrivilege.setGrantorPrincipal(grantor);
- sentryStore.alterSentryRoleGrantPrivilege(roleName, tSentryPrivilege);
+ sentryStore.alterSentryRoleGrantPrivilege(grantor, roleName, tSentryPrivilege);
TSentryAuthorizable tSentryAuthorizable = new TSentryAuthorizable();
tSentryAuthorizable.setUri(uri);
@@ -151,9 +149,9 @@ public class TestSentryStore {
public void testCreateDuplicateRole() throws Exception {
String roleName = "test-dup-role";
String grantor = "g1";
- sentryStore.createSentryRole(roleName, grantor);
+ sentryStore.createSentryRole(roleName);
try {
- sentryStore.createSentryRole(roleName, grantor);
+ sentryStore.createSentryRole(roleName);
fail("Expected SentryAlreadyExistsException");
} catch(SentryAlreadyExistsException e) {
// expected
@@ -163,17 +161,16 @@ public class TestSentryStore {
public void testCaseSensitiveScope() throws Exception {
String roleName = "role1";
String grantor = "g1";
- long seqId = sentryStore.createSentryRole(roleName, grantor).getSequenceId();
+ long seqId = sentryStore.createSentryRole(roleName).getSequenceId();
TSentryPrivilege sentryPrivilege = new TSentryPrivilege("Database", "server1", "all");
sentryPrivilege.setDbName("db1");
- sentryPrivilege.setGrantorPrincipal(grantor);
- assertEquals(seqId + 1, sentryStore.alterSentryRoleGrantPrivilege(roleName, sentryPrivilege).getSequenceId());
+ assertEquals(seqId + 1, sentryStore.alterSentryRoleGrantPrivilege(grantor, roleName, sentryPrivilege).getSequenceId());
}
@Test
public void testCreateDropRole() throws Exception {
String roleName = "test-drop-role";
String grantor = "g1";
- long seqId = sentryStore.createSentryRole(roleName, grantor).getSequenceId();
+ long seqId = sentryStore.createSentryRole(roleName).getSequenceId();
assertEquals(seqId + 1, sentryStore.dropSentryRole(roleName).getSequenceId());
}
@@ -190,7 +187,7 @@ public class TestSentryStore {
public void testAddDeleteGroups() throws Exception {
String roleName = "test-groups";
String grantor = "g1";
- long seqId = sentryStore.createSentryRole(roleName, grantor).getSequenceId();
+ long seqId = sentryStore.createSentryRole(roleName).getSequenceId();
Set<TSentryGroup> groups = Sets.newHashSet();
TSentryGroup group = new TSentryGroup();
group.setGroupName("test-groups-g1");
@@ -213,22 +210,21 @@ public class TestSentryStore {
String server = "server1";
String db = "db1";
String table = "tbl1";
- long seqId = sentryStore.createSentryRole(roleName, grantor).getSequenceId();
+ long seqId = sentryStore.createSentryRole(roleName).getSequenceId();
TSentryPrivilege privilege = new TSentryPrivilege();
privilege.setPrivilegeScope("TABLE");
privilege.setServerName(server);
privilege.setDbName(db);
privilege.setTableName(table);
privilege.setAction(AccessConstants.ALL);
- privilege.setGrantorPrincipal(grantor);
privilege.setCreateTime(System.currentTimeMillis());
- assertEquals(seqId + 1, sentryStore.alterSentryRoleGrantPrivilege(roleName, privilege)
+ assertEquals(seqId + 1, sentryStore.alterSentryRoleGrantPrivilege(grantor, roleName, privilege)
.getSequenceId());
MSentryRole role = sentryStore.getMSentryRoleByName(roleName);
Set<MSentryPrivilege> privileges = role.getPrivileges();
assertEquals(privileges.toString(), 1, privileges.size());
privilege.setAction(AccessConstants.SELECT);
- assertEquals(seqId + 2, sentryStore.alterSentryRoleRevokePrivilege(roleName, privilege)
+ assertEquals(seqId + 2, sentryStore.alterSentryRoleRevokePrivilege(grantor, roleName, privilege)
.getSequenceId());
// after having ALL and revoking SELECT, we should have INSERT
role = sentryStore.getMSentryRoleByName(roleName);
@@ -250,47 +246,45 @@ public class TestSentryStore {
String db = "db1";
String table = "tbl1";
TSentryGrantOption grantOption = TSentryGrantOption.TRUE;
- long seqId = sentryStore.createSentryRole(roleName, grantor).getSequenceId();
+ long seqId = sentryStore.createSentryRole(roleName).getSequenceId();
TSentryPrivilege privilege = new TSentryPrivilege();
privilege.setPrivilegeScope("TABLE");
privilege.setServerName(server);
privilege.setDbName(db);
privilege.setTableName(table);
privilege.setAction(AccessConstants.ALL);
- privilege.setGrantorPrincipal(grantor);
privilege.setCreateTime(System.currentTimeMillis());
privilege.setGrantOption(grantOption);
- assertEquals(seqId + 1, sentryStore.alterSentryRoleGrantPrivilege(roleName, privilege)
+ assertEquals(seqId + 1, sentryStore.alterSentryRoleGrantPrivilege(grantor, roleName, privilege)
.getSequenceId());
MSentryRole role = sentryStore.getMSentryRoleByName(roleName);
Set<MSentryPrivilege> privileges = role.getPrivileges();
assertEquals(privileges.toString(), 1, privileges.size());
assertEquals(Boolean.valueOf(privilege.getGrantOption().toString()), Iterables.get(privileges, 0).getGrantOption());
- assertEquals(seqId + 2, sentryStore.alterSentryRoleRevokePrivilege(roleName, privilege)
+ assertEquals(seqId + 2, sentryStore.alterSentryRoleRevokePrivilege(grantor, roleName, privilege)
.getSequenceId());
role = sentryStore.getMSentryRoleByName(roleName);
privileges = role.getPrivileges();
assertEquals(0, privileges.size());
roleName = "test-grantOption-db";
- sentryStore.createSentryRole(roleName, grantor);
+ sentryStore.createSentryRole(roleName);
privilege = new TSentryPrivilege();
privilege.setPrivilegeScope("DATABASE");
privilege.setServerName(server);
privilege.setDbName(db);
privilege.setAction(AccessConstants.ALL);
- privilege.setGrantorPrincipal(grantor);
privilege.setGrantOption(TSentryGrantOption.TRUE);
privilege.setCreateTime(System.currentTimeMillis());
privilege.setGrantOption(grantOption);
- sentryStore.alterSentryRoleGrantPrivilege(roleName, privilege);
+ sentryStore.alterSentryRoleGrantPrivilege(grantor, roleName, privilege);
role = sentryStore.getMSentryRoleByName(roleName);
privileges = role.getPrivileges();
assertEquals(privileges.toString(), 1, privileges.size());
privilege.setAction(AccessConstants.SELECT);
privilege.setGrantOption(TSentryGrantOption.UNSET);
- sentryStore.alterSentryRoleRevokePrivilege(roleName, privilege);
+ sentryStore.alterSentryRoleRevokePrivilege(grantor, roleName, privilege);
// after having ALL and revoking SELECT, we should have INSERT
role = sentryStore.getMSentryRoleByName(roleName);
privileges = role.getPrivileges();
@@ -315,7 +309,7 @@ public class TestSentryStore {
String[] groups = {"group0","group1","group2","group3","group4"};
for (int i = 0; i < users.length; i++) {
addGroupsToUser(users[i], groups[i]);
- sentryStore.createSentryRole(roles[i], grantor);
+ sentryStore.createSentryRole(roles[i]);
Set<TSentryGroup> tGroups = Sets.newHashSet();
TSentryGroup tGroup = new TSentryGroup(groups[i]);
tGroups.add(tGroup);
@@ -334,10 +328,9 @@ public class TestSentryStore {
privilege1.setServerName(server);
privilege1.setDbName(db);
privilege1.setAction(AccessConstants.ALL);
- privilege1.setGrantorPrincipal(grantor);
privilege1.setCreateTime(System.currentTimeMillis());
privilege1.setGrantOption(TSentryGrantOption.TRUE);
- sentryStore.alterSentryRoleGrantPrivilege(roleName, privilege1);
+ sentryStore.alterSentryRoleGrantPrivilege(grantor, roleName, privilege1);
MSentryRole role = sentryStore.getMSentryRoleByName(roleName);
Set<MSentryPrivilege> privileges = role.getPrivileges();
assertEquals(privileges.toString(), 1, privileges.size());
@@ -350,10 +343,9 @@ public class TestSentryStore {
privilege2.setServerName(server);
privilege2.setDbName(db);
privilege2.setAction(AccessConstants.SELECT);
- privilege2.setGrantorPrincipal(grantor);
privilege2.setCreateTime(System.currentTimeMillis());
privilege2.setGrantOption(TSentryGrantOption.TRUE);
- sentryStore.alterSentryRoleGrantPrivilege(roleName, privilege2);
+ sentryStore.alterSentryRoleGrantPrivilege(grantor, roleName, privilege2);
// 4. user0 grant all on table tb1 to role2, no grant option
roleName = roles[2];
@@ -364,10 +356,9 @@ public class TestSentryStore {
privilege3.setDbName(db);
privilege3.setTableName(table);
privilege3.setAction(AccessConstants.ALL);
- privilege3.setGrantorPrincipal(grantor);
privilege3.setCreateTime(System.currentTimeMillis());
privilege3.setGrantOption(TSentryGrantOption.FALSE);
- sentryStore.alterSentryRoleGrantPrivilege(roleName, privilege3);
+ sentryStore.alterSentryRoleGrantPrivilege(grantor, roleName, privilege3);
// 5. user1 has role1, no insert privilege,
// grant insert to role3, will throw no grant exception
@@ -378,12 +369,11 @@ public class TestSentryStore {
privilege4.setServerName(server);
privilege4.setDbName(db);
privilege4.setAction(AccessConstants.INSERT);
- privilege4.setGrantorPrincipal(grantor);
privilege4.setCreateTime(System.currentTimeMillis());
privilege4.setGrantOption(TSentryGrantOption.FALSE);
boolean isGrantOptionException = false;
try {
- sentryStore.alterSentryRoleGrantPrivilege(roleName, privilege4);
+ sentryStore.alterSentryRoleGrantPrivilege(grantor, roleName, privilege4);
} catch (SentryGrantDeniedException e) {
isGrantOptionException = true;
System.err.println(e.getMessage());
@@ -400,12 +390,11 @@ public class TestSentryStore {
privilege5.setDbName(db);
privilege5.setTableName(table);
privilege5.setAction(AccessConstants.INSERT);
- privilege5.setGrantorPrincipal(grantor);
privilege5.setCreateTime(System.currentTimeMillis());
privilege5.setGrantOption(TSentryGrantOption.FALSE);
isGrantOptionException = false;
try {
- sentryStore.alterSentryRoleGrantPrivilege(roleName, privilege5);
+ sentryStore.alterSentryRoleGrantPrivilege(grantor, roleName, privilege5);
} catch (SentryGrantDeniedException e) {
isGrantOptionException = true;
System.err.println(e.getMessage());
@@ -425,7 +414,7 @@ public class TestSentryStore {
String[] groups = {"group0","group1","group2"};
for (int i = 0; i < users.length; i++) {
addGroupsToUser(users[i], groups[i]);
- sentryStore.createSentryRole(roles[i], grantor);
+ sentryStore.createSentryRole(roles[i]);
Set<TSentryGroup> tGroups = Sets.newHashSet();
TSentryGroup tGroup = new TSentryGroup(groups[i]);
tGroups.add(tGroup);
@@ -444,10 +433,9 @@ public class TestSentryStore {
privilege1.setServerName(server);
privilege1.setDbName(db);
privilege1.setAction(AccessConstants.SELECT);
- privilege1.setGrantorPrincipal(grantor);
privilege1.setCreateTime(System.currentTimeMillis());
privilege1.setGrantOption(TSentryGrantOption.TRUE);
- sentryStore.alterSentryRoleGrantPrivilege(roleName, privilege1);
+ sentryStore.alterSentryRoleGrantPrivilege(grantor, roleName, privilege1);
MSentryRole role = sentryStore.getMSentryRoleByName(roleName);
Set<MSentryPrivilege> privileges = role.getPrivileges();
assertEquals(privileges.toString(), 1, privileges.size());
@@ -461,10 +449,9 @@ public class TestSentryStore {
privilege2.setDbName(db);
privilege2.setTableName(table);
privilege2.setAction(AccessConstants.ALL);
- privilege2.setGrantorPrincipal(grantor);
privilege2.setCreateTime(System.currentTimeMillis());
privilege2.setGrantOption(TSentryGrantOption.FALSE);
- sentryStore.alterSentryRoleGrantPrivilege(roleName, privilege2);
+ sentryStore.alterSentryRoleGrantPrivilege(grantor, roleName, privilege2);
// 4. g1 grant select on table tb1 to role2, no grant option
roleName = roles[2];
@@ -475,19 +462,17 @@ public class TestSentryStore {
privilege3.setDbName(db);
privilege3.setTableName(table);
privilege3.setAction(AccessConstants.SELECT);
- privilege3.setGrantorPrincipal(grantor);
privilege3.setCreateTime(System.currentTimeMillis());
privilege3.setGrantOption(TSentryGrantOption.FALSE);
- sentryStore.alterSentryRoleGrantPrivilege(roleName, privilege3);
+ sentryStore.alterSentryRoleGrantPrivilege(grantor, roleName, privilege3);
// 5. user1 has role1, no grant option,
// revoke from role2 will throw no grant exception
roleName = roles[2];
grantor = users[1];
- privilege3.setGrantorPrincipal(grantor);
boolean isGrantOptionException = false;
try {
- sentryStore.alterSentryRoleRevokePrivilege(roleName, privilege3);
+ sentryStore.alterSentryRoleRevokePrivilege(grantor, roleName, privilege3);
} catch (SentryGrantDeniedException e) {
isGrantOptionException = true;
System.err.println(e.getMessage());
@@ -498,9 +483,8 @@ public class TestSentryStore {
// revoke all from role1 will throw no grant exception
roleName = roles[1];
grantor = users[0];
- privilege2.setGrantorPrincipal(grantor);
try {
- sentryStore.alterSentryRoleRevokePrivilege(roleName, privilege2);
+ sentryStore.alterSentryRoleRevokePrivilege(grantor, roleName, privilege2);
} catch (SentryGrantDeniedException e) {
isGrantOptionException = true;
System.err.println(e.getMessage());
@@ -511,8 +495,7 @@ public class TestSentryStore {
// revoke select from role2
roleName = roles[2];
grantor = users[0];
- privilege3.setGrantorPrincipal(grantor);
- sentryStore.alterSentryRoleRevokePrivilege(roleName, privilege3);
+ sentryStore.alterSentryRoleRevokePrivilege(grantor, roleName, privilege3);
role = sentryStore.getMSentryRoleByName(roleName);
privileges = role.getPrivileges();
assertEquals(0, privileges.size());
@@ -528,7 +511,7 @@ public class TestSentryStore {
String[] groups = {"group0"};
for (int i = 0; i < users.length; i++) {
addGroupsToUser(users[i], groups[i]);
- sentryStore.createSentryRole(roles[i], grantor);
+ sentryStore.createSentryRole(roles[i]);
Set<TSentryGroup> tGroups = Sets.newHashSet();
TSentryGroup tGroup = new TSentryGroup(groups[i]);
tGroups.add(tGroup);
@@ -548,22 +531,21 @@ public class TestSentryStore {
privilege.setDbName(db);
privilege.setTableName(table);
privilege.setAction(AccessConstants.SELECT);
- privilege.setGrantorPrincipal(grantor);
privilege.setCreateTime(System.currentTimeMillis());
privilege.setGrantOption(TSentryGrantOption.TRUE);
- sentryStore.alterSentryRoleGrantPrivilege(roleName, privilege);
+ sentryStore.alterSentryRoleGrantPrivilege(grantor, roleName, privilege);
// 3. g1 grant select on table tb1 to role0, no grant option
roleName = roles[0];
grantor = "g1";
privilege.setGrantOption(TSentryGrantOption.FALSE);
- sentryStore.alterSentryRoleGrantPrivilege(roleName, privilege);
+ sentryStore.alterSentryRoleGrantPrivilege(grantor, roleName, privilege);
// 4. g1 revoke all privilege from role0
roleName = roles[0];
grantor = "g1";
privilege.setGrantOption(TSentryGrantOption.UNSET);
- sentryStore.alterSentryRoleRevokePrivilege(roleName, privilege);
+ sentryStore.alterSentryRoleRevokePrivilege(grantor, roleName, privilege);
MSentryRole role = sentryStore.getMSentryRoleByName(roleName);
Set<MSentryPrivilege> privileges = role.getPrivileges();
assertEquals(privileges.toString(), 0, privileges.size());
@@ -574,26 +556,24 @@ public class TestSentryStore {
String roleName1 = "list-privs-r1", roleName2 = "list-privs-r2";
String groupName1 = "list-privs-g1", groupName2 = "list-privs-g2";
String grantor = "g1";
- long seqId = sentryStore.createSentryRole(roleName1, grantor).getSequenceId();
- assertEquals(seqId + 1, sentryStore.createSentryRole(roleName2, grantor).getSequenceId());
+ long seqId = sentryStore.createSentryRole(roleName1).getSequenceId();
+ assertEquals(seqId + 1, sentryStore.createSentryRole(roleName2).getSequenceId());
TSentryPrivilege privilege1 = new TSentryPrivilege();
privilege1.setPrivilegeScope("TABLE");
privilege1.setServerName("server1");
privilege1.setDbName("db1");
privilege1.setTableName("tbl1");
privilege1.setAction("SELECT");
- privilege1.setGrantorPrincipal(grantor);
privilege1.setCreateTime(System.currentTimeMillis());
- assertEquals(seqId + 2, sentryStore.alterSentryRoleGrantPrivilege(roleName1, privilege1)
+ assertEquals(seqId + 2, sentryStore.alterSentryRoleGrantPrivilege(grantor, roleName1, privilege1)
.getSequenceId());
- assertEquals(seqId + 3, sentryStore.alterSentryRoleGrantPrivilege(roleName2, privilege1)
+ assertEquals(seqId + 3, sentryStore.alterSentryRoleGrantPrivilege(grantor, roleName2, privilege1)
.getSequenceId());
TSentryPrivilege privilege2 = new TSentryPrivilege();
privilege2.setPrivilegeScope("SERVER");
privilege2.setServerName("server1");
- privilege2.setGrantorPrincipal(grantor);
privilege2.setCreateTime(System.currentTimeMillis());
- assertEquals(seqId + 4, sentryStore.alterSentryRoleGrantPrivilege(roleName2, privilege2)
+ assertEquals(seqId + 4, sentryStore.alterSentryRoleGrantPrivilege(grantor, roleName2, privilege2)
.getSequenceId());
Set<TSentryGroup> groups = Sets.newHashSet();
TSentryGroup group = new TSentryGroup();
@@ -681,9 +661,9 @@ public class TestSentryStore {
String group1 = "group1", group2 = "group2";
String grantor = "g1";
- sentryStore.createSentryRole(roleName1, grantor);
- sentryStore.createSentryRole(roleName2, grantor);
- sentryStore.createSentryRole(roleName3, grantor);
+ sentryStore.createSentryRole(roleName1);
+ sentryStore.createSentryRole(roleName2);
+ sentryStore.createSentryRole(roleName3);
sentryStore.alterSentryRoleAddGroups(grantor, roleName1, Sets.newHashSet(new TSentryGroup(group1)));
sentryStore.alterSentryRoleAddGroups(grantor, roleName2, Sets.newHashSet(new TSentryGroup(group2)));
@@ -707,16 +687,15 @@ public class TestSentryStore {
public void testDropDbObject() throws Exception {
String roleName1 = "list-privs-r1", roleName2 = "list-privs-r2", roleName3 = "list-privs-r3";
String grantor = "g1";
- sentryStore.createSentryRole(roleName1, grantor);
- sentryStore.createSentryRole(roleName2, grantor);
- sentryStore.createSentryRole(roleName3, grantor);
+ sentryStore.createSentryRole(roleName1);
+ sentryStore.createSentryRole(roleName2);
+ sentryStore.createSentryRole(roleName3);
TSentryPrivilege privilege_tbl1 = new TSentryPrivilege();
privilege_tbl1.setPrivilegeScope("TABLE");
privilege_tbl1.setServerName("server1");
privilege_tbl1.setDbName("db1");
privilege_tbl1.setTableName("tbl1");
- privilege_tbl1.setGrantorPrincipal(grantor);
privilege_tbl1.setCreateTime(System.currentTimeMillis());
TSentryPrivilege privilege1 = new TSentryPrivilege(privilege_tbl1);
@@ -730,7 +709,6 @@ public class TestSentryStore {
TSentryPrivilege privilege_server = new TSentryPrivilege();
privilege_server.setPrivilegeScope("SERVER");
privilege_server.setServerName("server1");
- privilege_server.setGrantorPrincipal(grantor);
privilege_server.setCreateTime(System.currentTimeMillis());
TSentryPrivilege privilege_tbl2 = new TSentryPrivilege();
@@ -738,7 +716,6 @@ public class TestSentryStore {
privilege_tbl2.setServerName("server1");
privilege_tbl2.setDbName("db1");
privilege_tbl2.setTableName("tbl2");
- privilege_tbl2.setGrantorPrincipal(grantor);
privilege_tbl2.setCreateTime(System.currentTimeMillis());
TSentryPrivilege privilege2_3 = new TSentryPrivilege(privilege_tbl2);
@@ -747,14 +724,14 @@ public class TestSentryStore {
TSentryPrivilege privilege3_2 = new TSentryPrivilege(privilege_tbl2);
privilege3_2.setAction("INSERT");
- sentryStore.alterSentryRoleGrantPrivilege(roleName1, privilege1);
+ sentryStore.alterSentryRoleGrantPrivilege(grantor, roleName1, privilege1);
- sentryStore.alterSentryRoleGrantPrivilege(roleName2, privilege2_1);
- sentryStore.alterSentryRoleGrantPrivilege(roleName2, privilege_server);
- sentryStore.alterSentryRoleGrantPrivilege(roleName2, privilege2_3);
+ sentryStore.alterSentryRoleGrantPrivilege(grantor, roleName2, privilege2_1);
+ sentryStore.alterSentryRoleGrantPrivilege(grantor, roleName2, privilege_server);
+ sentryStore.alterSentryRoleGrantPrivilege(grantor, roleName2, privilege2_3);
- sentryStore.alterSentryRoleGrantPrivilege(roleName3, privilege3_1);
- sentryStore.alterSentryRoleGrantPrivilege(roleName3, privilege3_2);
+ sentryStore.alterSentryRoleGrantPrivilege(grantor, roleName3, privilege3_1);
+ sentryStore.alterSentryRoleGrantPrivilege(grantor, roleName3, privilege3_2);
sentryStore.dropPrivilege(toTSentryAuthorizable(privilege_tbl1));
assertEquals(0, sentryStore.getAllTSentryPrivilegesByRoleName(roleName1)
@@ -777,14 +754,13 @@ public class TestSentryStore {
public void testDropOverlappedPrivileges() throws Exception {
String roleName1 = "list-privs-r1";
String grantor = "g1";
- sentryStore.createSentryRole(roleName1, grantor);
+ sentryStore.createSentryRole(roleName1);
TSentryPrivilege privilege_tbl1 = new TSentryPrivilege();
privilege_tbl1.setPrivilegeScope("TABLE");
privilege_tbl1.setServerName("server1");
privilege_tbl1.setDbName("db1");
privilege_tbl1.setTableName("tbl1");
- privilege_tbl1.setGrantorPrincipal(grantor);
privilege_tbl1.setCreateTime(System.currentTimeMillis());
TSentryPrivilege privilege_tbl1_insert = new TSentryPrivilege(
@@ -794,8 +770,8 @@ public class TestSentryStore {
TSentryPrivilege privilege_tbl1_all = new TSentryPrivilege(privilege_tbl1);
privilege_tbl1_all.setAction("*");
- sentryStore.alterSentryRoleGrantPrivilege(roleName1, privilege_tbl1_insert);
- sentryStore.alterSentryRoleGrantPrivilege(roleName1, privilege_tbl1_all);
+ sentryStore.alterSentryRoleGrantPrivilege(grantor, roleName1, privilege_tbl1_insert);
+ sentryStore.alterSentryRoleGrantPrivilege(grantor, roleName1, privilege_tbl1_all);
sentryStore.dropPrivilege(toTSentryAuthorizable(privilege_tbl1));
assertEquals(0, sentryStore.getAllTSentryPrivilegesByRoleName(roleName1)
@@ -823,16 +799,15 @@ public class TestSentryStore {
String grantor = "g1";
String table1 = "tbl1", table2 = "tbl2";
- sentryStore.createSentryRole(roleName1, grantor);
- sentryStore.createSentryRole(roleName2, grantor);
- sentryStore.createSentryRole(roleName3, grantor);
+ sentryStore.createSentryRole(roleName1);
+ sentryStore.createSentryRole(roleName2);
+ sentryStore.createSentryRole(roleName3);
TSentryPrivilege privilege_tbl1 = new TSentryPrivilege();
privilege_tbl1.setPrivilegeScope("TABLE");
privilege_tbl1.setServerName("server1");
privilege_tbl1.setDbName("db1");
privilege_tbl1.setTableName(table1);
- privilege_tbl1.setGrantorPrincipal(grantor);
privilege_tbl1.setCreateTime(System.currentTimeMillis());
TSentryPrivilege privilege_tbl1_insert = new TSentryPrivilege(
@@ -846,14 +821,14 @@ public class TestSentryStore {
TSentryPrivilege privilege_tbl1_all = new TSentryPrivilege(privilege_tbl1);
privilege_tbl1_all.setAction(AccessConstants.ALL);
- sentryStore.alterSentryRoleGrantPrivilege(roleName1, privilege_tbl1_insert);
- sentryStore.alterSentryRoleGrantPrivilege(roleName2, privilege_tbl1_select);
- sentryStore.alterSentryRoleGrantPrivilege(roleName3, privilege_tbl1_all);
+ sentryStore.alterSentryRoleGrantPrivilege(grantor, roleName1, privilege_tbl1_insert);
+ sentryStore.alterSentryRoleGrantPrivilege(grantor, roleName2, privilege_tbl1_select);
+ sentryStore.alterSentryRoleGrantPrivilege(grantor, roleName3, privilege_tbl1_all);
TSentryAuthorizable oldTable = toTSentryAuthorizable(privilege_tbl1);
TSentryAuthorizable newTable = toTSentryAuthorizable(privilege_tbl1);
newTable.setTable(table2);
- sentryStore.renamePrivilege(oldTable, newTable, System.getProperty("user.name"));
+ sentryStore.renamePrivilege(oldTable, newTable);
for (String roleName : Sets.newHashSet(roleName1, roleName2, roleName3)) {
Set<TSentryPrivilege> privilegeSet = sentryStore
@@ -861,8 +836,6 @@ public class TestSentryStore {
assertEquals(1, privilegeSet.size());
for (TSentryPrivilege privilege : privilegeSet) {
assertTrue(table2.equalsIgnoreCase(privilege.getTableName()));
- assertEquals(System.getProperty("user.name"),
- privilege.getGrantorPrincipal());
}
}
}