You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@sentry.apache.org by co...@apache.org on 2016/07/21 05:55:17 UTC
[23/51] [partial] sentry git commit: SENTRY-1205: Refactor the code
for sentry-provider-db and create sentry-service module(Colin Ma,
reviewed by Dapeng Sun)
http://git-wip-us.apache.org/repos/asf/sentry/blob/f1332300/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/model/MSentryGMPrivilege.java
----------------------------------------------------------------------
diff --git a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/model/MSentryGMPrivilege.java b/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/model/MSentryGMPrivilege.java
deleted file mode 100644
index 55b61ac..0000000
--- a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/model/MSentryGMPrivilege.java
+++ /dev/null
@@ -1,497 +0,0 @@
-/**
-vim * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package org.apache.sentry.provider.db.service.model;
-
-import static org.apache.sentry.core.common.utils.SentryConstants.AUTHORIZABLE_JOINER;
-import static org.apache.sentry.core.common.utils.SentryConstants.KV_JOINER;
-
-import java.lang.reflect.Field;
-import java.util.HashSet;
-import java.util.Iterator;
-import java.util.List;
-import java.util.Set;
-
-import javax.jdo.annotations.PersistenceCapable;
-import org.apache.sentry.core.common.Authorizable;
-import org.apache.sentry.core.model.db.AccessConstants;
-
-import com.google.common.base.Strings;
-import com.google.common.collect.Lists;
-
-/**
- * Database backed Sentry Generic Privilege for new authorization Model
- * Any changes to this object
- * require re-running the maven build so DN an re-enhance.
- */
-@PersistenceCapable
-public class MSentryGMPrivilege {
- private static final String PREFIX_RESOURCE_NAME = "resourceName";
- private static final String PREFIX_RESOURCE_TYPE = "resourceType";
- private static final String NULL_COL = "__NULL__";
- private static final String SERVICE_SCOPE = "Server";
- private static final int AUTHORIZABLE_LEVEL = 4;
- /**
- * The authorizable List has been stored into resourceName and resourceField columns
- * We assume that the generic model privilege for any component(hive/impala or solr) doesn't exceed four level.
- * This generic model privilege currently can support maximum 4 level.
- **/
- private String resourceName0 = NULL_COL; //NOPMD
- private String resourceType0 = NULL_COL; //NOPMD
- private String resourceName1 = NULL_COL; //NOPMD
- private String resourceType1 = NULL_COL; //NOPMD
- private String resourceName2 = NULL_COL; //NOPMD
- private String resourceType2 = NULL_COL; //NOPMD
- private String resourceName3 = NULL_COL; //NOPMD
- private String resourceType3 = NULL_COL; //NOPMD
-
-
- private String serviceName;
- private String componentName;
- private String action;
- private String scope;
-
- private Boolean grantOption = false;
- // roles this privilege is a part of
- private Set<MSentryRole> roles;
- private long createTime;
-
- public MSentryGMPrivilege() {
- this.roles = new HashSet<MSentryRole>();
- }
-
- public MSentryGMPrivilege(String componentName, String serviceName,
- List<? extends Authorizable> authorizables,
- String action, Boolean grantOption) {
- this.componentName = componentName;
- this.serviceName = serviceName;
- this.action = action;
- this.grantOption = grantOption;
- this.roles = new HashSet<MSentryRole>();
- this.createTime = System.currentTimeMillis();
- setAuthorizables(authorizables);
- }
-
- public MSentryGMPrivilege(MSentryGMPrivilege copy) {
- this.action = copy.action;
- this.componentName = copy.componentName;
- this.serviceName = copy.serviceName;
- this.grantOption = copy.grantOption;
- this.scope = copy.scope;
- this.createTime = copy.createTime;
- setAuthorizables(copy.getAuthorizables());
- this.roles = new HashSet<MSentryRole>();
- for (MSentryRole role : copy.roles) {
- roles.add(role);
- }
- }
-
- public String getServiceName() {
- return serviceName;
- }
-
- public void setServiceName(String serviceName) {
- this.serviceName = serviceName;
- }
-
- public String getComponentName() {
- return componentName;
- }
-
- public void setComponentName(String componentName) {
- this.componentName = componentName;
- }
-
- public String getAction() {
- return action;
- }
-
- public void setAction(String action) {
- this.action = action;
- }
-
- public Boolean getGrantOption() {
- return grantOption;
- }
-
- public void setGrantOption(Boolean grantOption) {
- this.grantOption = grantOption;
- }
-
- public Set<MSentryRole> getRoles() {
- return roles;
- }
-
- public void setRoles(Set<MSentryRole> roles) {
- this.roles = roles;
- }
-
- public long getCreateTime() {
- return createTime;
- }
-
- public void setCreateTime(long createTime) {
- this.createTime = createTime;
- }
-
- public String getScope() {
- return scope;
- }
-
- public List<? extends Authorizable> getAuthorizables() {
- List<Authorizable> authorizables = Lists.newArrayList();
- //construct atuhorizable lists
- for (int i = 0; i < AUTHORIZABLE_LEVEL; i++) {
- final String resourceName = (String) getField(this, PREFIX_RESOURCE_NAME + String.valueOf(i));
- final String resourceTYpe = (String) getField(this, PREFIX_RESOURCE_TYPE + String.valueOf(i));
-
- if (notNULL(resourceName) && notNULL(resourceTYpe)) {
- authorizables.add(new Authorizable() {
- @Override
- public String getTypeName() {
- return resourceTYpe;
- }
- @Override
- public String getName() {
- return resourceName;
- }
- });
- }
- }
- return authorizables;
- }
-
- /**
- * Only allow strict hierarchies. That is, can level =1 be not null when level = 0 is null
- * @param authorizables
- */
- public void setAuthorizables(List<? extends Authorizable> authorizables) {
- if (authorizables == null || authorizables.isEmpty()) {
- //service scope
- scope = SERVICE_SCOPE;
- return;
- }
- if (authorizables.size() > AUTHORIZABLE_LEVEL) {
- throw new IllegalStateException("This generic privilege model only supports maximum 4 level.");
- }
-
- for (int i = 0; i < authorizables.size(); i++) {
- Authorizable authorizable = authorizables.get(i);
- if (authorizable == null) {
- String msg = String.format("The authorizable can't be null. Please check authorizables[%d]:", i);
- throw new IllegalStateException(msg);
- }
- String resourceName = authorizable.getName();
- String resourceTYpe = authorizable.getTypeName();
- if (isNULL(resourceName) || isNULL(resourceTYpe)) {
- String msg = String.format("The name and type of authorizable can't be empty or null.Please check authorizables[%d]", i);
- throw new IllegalStateException(msg);
- }
- setField(this, PREFIX_RESOURCE_NAME + String.valueOf(i), toNULLCol(resourceName));
- setField(this, PREFIX_RESOURCE_TYPE + String.valueOf(i), toNULLCol(resourceTYpe));
- scope = resourceTYpe;
- }
- }
-
- public void appendRole(MSentryRole role) {
- if (roles.add(role)) {
- role.appendGMPrivilege(this);
- }
- }
-
- public void removeRole(MSentryRole role) {
- if(roles.remove(role)) {
- role.removeGMPrivilege(this);
- }
- }
-
- @Override
- public int hashCode() {
- final int prime = 31;
- int result = 1;
- result = prime * result + ((action == null) ? 0 : action.hashCode());
- result = prime * result + ((componentName == null) ? 0 : componentName.hashCode());
- result = prime * result + ((serviceName == null) ? 0 : serviceName.hashCode());
- result = prime * result + ((grantOption == null) ? 0 : grantOption.hashCode());
- result = prime * result + ((scope == null) ? 0 : scope.hashCode());
-
- for (Authorizable authorizable : getAuthorizables()) {
- result = prime * result + authorizable.getName().hashCode();
- result = prime * result + authorizable.getTypeName().hashCode();
- }
-
- return result;
- }
-
- @Override
- public String toString() {
- List<String> unifiedNames = Lists.newArrayList();
- for (Authorizable auth : getAuthorizables()) {
- unifiedNames.add(KV_JOINER.join(auth.getTypeName(),auth.getName()));
- }
-
- return "MSentryGMPrivilege ["
- + "serverName=" + serviceName + ", componentName=" + componentName
- + ", authorizables=" + AUTHORIZABLE_JOINER.join(unifiedNames)+ ", scope=" + scope
- + ", action=" + action + ", roles=[...]" + ", createTime="
- + createTime + ", grantOption=" + grantOption +"]";
- }
-
- @Override
- public boolean equals(Object obj) {
- if (this == obj) {
- return true;
- }
- if (obj == null) {
- return false;
- }
- if (getClass() != obj.getClass()) {
- return false;
- }
- MSentryGMPrivilege other = (MSentryGMPrivilege) obj;
- if (action == null) {
- if (other.action != null) {
- return false;
- }
- } else if (!action.equalsIgnoreCase(other.action)) {
- return false;
- }
- if (scope == null) {
- if (other.scope != null) {
- return false;
- }
- } else if (!scope.equals(other.scope)) {
- return false;
- }
- if (serviceName == null) {
- if (other.serviceName != null) {
- return false;
- }
- } else if (!serviceName.equals(other.serviceName)) {
- return false;
- }
- if (componentName == null) {
- if (other.componentName != null) {
- return false;
- }
- } else if (!componentName.equals(other.componentName)) {
- return false;
- }
- if (grantOption == null) {
- if (other.grantOption != null) {
- return false;
- }
- } else if (!grantOption.equals(other.grantOption)) {
- return false;
- }
-
- List<? extends Authorizable> authorizables = getAuthorizables();
- List<? extends Authorizable> otherAuthorizables = other.getAuthorizables();
-
- if (authorizables.size() != otherAuthorizables.size()) {
- return false;
- }
- for (int i = 0; i < authorizables.size(); i++) {
- String o1 = KV_JOINER.join(authorizables.get(i).getTypeName(),
- authorizables.get(i).getName());
- String o2 = KV_JOINER.join(otherAuthorizables.get(i).getTypeName(),
- otherAuthorizables.get(i).getName());
- if (!o1.equals(o2)) {
- return false;
- }
- }
- return true;
- }
-
- /**
- * Return true if this privilege implies request privilege
- * Otherwise, return false
- * @param other, other privilege
- */
- public boolean implies(MSentryGMPrivilege request) {
- //component check
- if (!componentName.equals(request.getComponentName())) {
- return false;
- }
- //service check
- if (!serviceName.equals(request.getServiceName())) {
- return false;
- }
- // check action implies
- if (!action.equalsIgnoreCase(AccessConstants.ALL)
- && !action.equalsIgnoreCase(request.getAction())
- && !action.equalsIgnoreCase(AccessConstants.ACTION_ALL)) {
- return false;
- }
- //check authorizable list implies
- Iterator<? extends Authorizable> existIterator = getAuthorizables().iterator();
- Iterator<? extends Authorizable> requestIterator = request.getAuthorizables().iterator();
- while (existIterator.hasNext() && requestIterator.hasNext()) {
- Authorizable existAuth = existIterator.next();
- Authorizable requestAuth = requestIterator.next();
- //check authorizable type
- if (!existAuth.getTypeName().equals(requestAuth.getTypeName())) {
- return false;
- }
- //check authorizable name
- if (!existAuth.getName().equals(requestAuth.getName())) {
- /**The persistent authorizable isn't equal the request authorizable
- * but the following situations are pass check
- * The name of persistent authorizable is ALL or "*"
- */
- if (existAuth.getName().equalsIgnoreCase(AccessConstants.ACTION_ALL)
- || existAuth.getName().equalsIgnoreCase(AccessConstants.ALL)) {
- continue;
- } else {
- return false;
- }
- }
- }
-
- if ( !existIterator.hasNext() && !requestIterator.hasNext() ){
- /**
- * The persistent privilege has the same authorizables size as the requested privilege
- * The check is pass
- */
- return true;
-
- } else if (existIterator.hasNext()) {
- /**
- * The persistent privilege has much more authorizables than request privilege,so its scope is less
- * than the requested privilege.
- * There is a situation that the check is pass, the name of the exceeding authorizables is ALL or "*".
- * Take the Solr for example,the exist privilege is collection=c1->field=*->action=query
- * the request privilege is collection=c1->action=query, the check is pass
- */
- while (existIterator.hasNext()) {
- Authorizable existAuthorizable = existIterator.next();
- if (existAuthorizable.getName().equalsIgnoreCase(AccessConstants.ALL)
- || existAuthorizable.getName().equalsIgnoreCase(AccessConstants.ACTION_ALL)) {
- continue;
- } else {
- return false;
- }
- }
- } else {
- /**
- * The requested privilege has much more authorizables than persistent privilege, so its scope is less
- * than the persistent privilege
- * The check is pass
- */
- return true;
- }
-
- return true;
- }
-
- public static String toNULLCol(String col) {
- return Strings.isNullOrEmpty(col) ? NULL_COL : col;
- }
-
- public static boolean notNULL(String s) {
- return !(Strings.isNullOrEmpty(s) || NULL_COL.equals(s));
- }
-
- public static boolean isNULL(String s) {
- return !notNULL(s);
- }
-
- public static <T> void setField(Object obj, String fieldName, T fieldValue) {
- try {
- Class<?> clazz = obj.getClass();
- Field field=clazz.getDeclaredField(fieldName);
- field.setAccessible(true);
- field.set(obj, fieldValue);
- } catch (Exception e) {
- throw new RuntimeException("setField error: " + e.getMessage(), e);
- }
- }
-
- @SuppressWarnings("unchecked")
- public static <T> T getField(Object obj, String fieldName) {
- try {
- Class<?> clazz = obj.getClass();
- Field field=clazz.getDeclaredField(fieldName);
- field.setAccessible(true);
- return (T)field.get(obj);
- } catch (Exception e) {
- throw new RuntimeException("getField error: " + e.getMessage(), e);
- }
- }
-
- /**
- * return the query to execute in JDO for search the given privilege
- * @param privilege
- * @return query
- */
- public static String toQuery(MSentryGMPrivilege privilege) {
- StringBuilder query = new StringBuilder();
- query.append("serviceName == \"" + toNULLCol(privilege.getServiceName()) + "\" ");
- query.append("&& componentName == \"" + toNULLCol(privilege.getComponentName()) + "\" ");
- query.append("&& scope == \"" + toNULLCol(privilege.getScope()) + "\" ");
- query.append("&& action == \"" + toNULLCol(privilege.getAction()) + "\"");
- if (privilege.getGrantOption() == null) {
- query.append("&& this.grantOption == null ");
- } else if (privilege.getGrantOption()) {
- query.append("&& grantOption ");
- } else {
- query.append("&& !grantOption ");
- }
- List<? extends Authorizable> authorizables = privilege.getAuthorizables();
- for (int i = 0; i < AUTHORIZABLE_LEVEL; i++) {
- String resourceName = PREFIX_RESOURCE_NAME + String.valueOf(i);
- String resourceType = PREFIX_RESOURCE_TYPE + String.valueOf(i);
-
- if (i >= authorizables.size()) {
- query.append("&& " + resourceName + " == \"" + NULL_COL + "\" ");
- query.append("&& " + resourceType + " == \"" + NULL_COL + "\" ");
- } else {
- query.append("&& " + resourceName + " == \"" + authorizables.get(i).getName() + "\" ");
- query.append("&& " + resourceType + " == \"" + authorizables.get(i).getTypeName() + "\" ");
- }
- }
- return query.toString();
- }
-
- /**
- * Get the query to execute in the JDO deducing privileges include the scope of according to the given privilege
- * The query was used in three privilege operations:
- * 1.revoking privilege
- * 2.renaming privilege
- * 3.dropping privilege
- * Take the Solr for example, if there exists three privileges such as p1:Collection=c1->action=query,
- * p2:Collection=c1->Field=f1->action=query and p3:Collection=c1->Field=f2->action=query.
- * When the revoking operation happens, the request privilege is p4:Collection=c1->action=query.
- * The result is that not only p1 should be revoked, but also p2 and p3 should be revoked together.
- * So the populateIncludePrivilegesQuery should be Collection=c1
- * @param privilege
- * @return query
- */
- public static String populateIncludePrivilegesQuery(MSentryGMPrivilege privilege) {
- StringBuilder query = new StringBuilder();
- query.append("serviceName == \"" + toNULLCol(privilege.getServiceName()) + "\" ");
- query.append("&& componentName == \"" + toNULLCol(privilege.getComponentName()) + "\" ");
- List<? extends Authorizable> authorizables = privilege.getAuthorizables();
- for (int i= 0 ; i < authorizables.size(); i++) {
- String resourceName = PREFIX_RESOURCE_NAME + String.valueOf(i);
- String resourceType = PREFIX_RESOURCE_TYPE + String.valueOf(i);
- query.append("&& " + resourceName + " == \"" + authorizables.get(i).getName() + "\" ");
- query.append("&& " + resourceType + " == \"" + authorizables.get(i).getTypeName() + "\" ");
- }
- return query.toString();
- }
-}
http://git-wip-us.apache.org/repos/asf/sentry/blob/f1332300/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/model/MSentryGroup.java
----------------------------------------------------------------------
diff --git a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/model/MSentryGroup.java b/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/model/MSentryGroup.java
deleted file mode 100644
index 7e41c93..0000000
--- a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/model/MSentryGroup.java
+++ /dev/null
@@ -1,116 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-package org.apache.sentry.provider.db.service.model;
-
-import java.util.Set;
-
-import javax.jdo.annotations.PersistenceCapable;
-
-/**
- * Database backed Sentry Group. Any changes to this object
- * require re-running the maven build so DN an re-enhance.
- */
-@PersistenceCapable
-public class MSentryGroup {
-
- /**
- * Group name is unique
- */
- private String groupName;
- // set of roles granted to this group
- private Set<MSentryRole> roles;
- private long createTime;
-
- public MSentryGroup(String groupName, long createTime, Set<MSentryRole> roles) {
- this.setGroupName(groupName);
- this.createTime = createTime;
- this.roles = roles;
- }
-
- public long getCreateTime() {
- return createTime;
- }
-
- public void setCreateTime(long createTime) {
- this.createTime = createTime;
- }
-
- public Set<MSentryRole> getRoles() {
- return roles;
- }
-
- public String getGroupName() {
- return groupName;
- }
-
- public void setGroupName(String groupName) {
- this.groupName = groupName;
- }
-
- public void appendRole(MSentryRole role) {
- if (roles.add(role)) {
- role.appendGroup(this);
- }
- }
-
- public void removeRole(MSentryRole role) {
- if (roles.remove(role)) {
- role.removeGroup(this);
- }
- }
-
- @Override
- public String toString() {
- return "MSentryGroup [groupName=" + groupName + ", roles=[...]"
- + ", createTime=" + createTime + "]";
- }
-
- @Override
- public int hashCode() {
- final int prime = 31;
- int result = 1;
- result = prime * result + ((groupName == null) ? 0 : groupName.hashCode());
- return result;
- }
-
- @Override
- public boolean equals(Object obj) {
- if (this == obj) {
- return true;
- }
- if (obj == null) {
- return false;
- }
- if (getClass() != obj.getClass()) {
- return false;
- }
- MSentryGroup other = (MSentryGroup) obj;
- if (createTime != other.createTime) {
- return false;
- }
- if (groupName == null) {
- if (other.groupName != null) {
- return false;
- }
- } else if (!groupName.equals(other.groupName)) {
- return false;
- }
- return true;
- }
-}
http://git-wip-us.apache.org/repos/asf/sentry/blob/f1332300/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/model/MSentryPrivilege.java
----------------------------------------------------------------------
diff --git a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/model/MSentryPrivilege.java b/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/model/MSentryPrivilege.java
deleted file mode 100644
index 4c3af79..0000000
--- a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/model/MSentryPrivilege.java
+++ /dev/null
@@ -1,332 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-package org.apache.sentry.provider.db.service.model;
-
-import java.util.HashSet;
-import java.util.Set;
-
-import javax.jdo.annotations.PersistenceCapable;
-
-import org.apache.sentry.core.common.utils.PathUtils;
-import org.apache.sentry.core.model.db.AccessConstants;
-import org.apache.sentry.provider.db.service.persistent.SentryStore;
-
-/**
- * Database backed Sentry Privilege. Any changes to this object
- * require re-running the maven build so DN an re-enhance.
- */
-@PersistenceCapable
-public class MSentryPrivilege {
-
- private String privilegeScope;
- /**
- * Privilege name is unique
- */
- private String serverName = "";
- private String dbName = "";
- private String tableName = "";
- private String columnName = "";
- private String URI = "";
- private String action = "";
- private Boolean grantOption = false;
- // roles this privilege is a part of
- private Set<MSentryRole> roles;
- private long createTime;
-
- public MSentryPrivilege() {
- this.roles = new HashSet<MSentryRole>();
- }
-
- public MSentryPrivilege(String privilegeScope,
- String serverName, String dbName, String tableName, String columnName,
- String URI, String action, Boolean grantOption) {
- this.privilegeScope = privilegeScope;
- this.serverName = serverName;
- this.dbName = SentryStore.toNULLCol(dbName);
- this.tableName = SentryStore.toNULLCol(tableName);
- this.columnName = SentryStore.toNULLCol(columnName);
- this.URI = SentryStore.toNULLCol(URI);
- this.action = SentryStore.toNULLCol(action);
- this.grantOption = grantOption;
- this.roles = new HashSet<MSentryRole>();
- }
-
- public MSentryPrivilege(String privilegeScope,
- String serverName, String dbName, String tableName, String columnName,
- String URI, String action) {
- this(privilegeScope, serverName, dbName, tableName,
- columnName, URI, action, false);
- }
-
- public MSentryPrivilege(MSentryPrivilege other) {
- this.privilegeScope = other.privilegeScope;
- this.serverName = other.serverName;
- this.dbName = SentryStore.toNULLCol(other.dbName);
- this.tableName = SentryStore.toNULLCol(other.tableName);
- this.columnName = SentryStore.toNULLCol(other.columnName);
- this.URI = SentryStore.toNULLCol(other.URI);
- this.action = SentryStore.toNULLCol(other.action);
- this.grantOption = other.grantOption;
- this.roles = new HashSet<MSentryRole>();
- for (MSentryRole role : other.roles) {
- roles.add(role);
- }
- }
-
- public String getServerName() {
- return serverName;
- }
-
- public void setServerName(String serverName) {
- this.serverName = (serverName == null) ? "" : serverName;
- }
-
- public String getDbName() {
- return dbName;
- }
-
- public void setDbName(String dbName) {
- this.dbName = (dbName == null) ? "" : dbName;
- }
-
- public String getTableName() {
- return tableName;
- }
-
- public void setTableName(String tableName) {
- this.tableName = (tableName == null) ? "" : tableName;
- }
-
- public String getColumnName() {
- return columnName;
- }
-
- public void setColumnName(String columnName) {
- this.columnName = (columnName == null) ? "" : columnName;
- }
-
- public String getURI() {
- return URI;
- }
-
- public void setURI(String uRI) {
- URI = (uRI == null) ? "" : uRI;
- }
-
- public String getAction() {
- return action;
- }
-
- public void setAction(String action) {
- this.action = (action == null) ? "" : action;
- }
-
- public long getCreateTime() {
- return createTime;
- }
-
- public void setCreateTime(long createTime) {
- this.createTime = createTime;
- }
-
- public String getPrivilegeScope() {
- return privilegeScope;
- }
-
- public void setPrivilegeScope(String privilegeScope) {
- this.privilegeScope = privilegeScope;
- }
-
- public Boolean getGrantOption() {
- return grantOption;
- }
-
- public void setGrantOption(Boolean grantOption) {
- this.grantOption = grantOption;
- }
-
- public void appendRole(MSentryRole role) {
- roles.add(role);
- }
-
- public Set<MSentryRole> getRoles() {
- return roles;
- }
-
- public void removeRole(MSentryRole role) {
- roles.remove(role);
- role.removePrivilege(this);
- }
-
- @Override
- public String toString() {
- return "MSentryPrivilege [privilegeScope=" + privilegeScope
- + ", serverName=" + serverName + ", dbName=" + dbName
- + ", tableName=" + tableName + ", columnName=" + columnName
- + ", URI=" + URI + ", action=" + action + ", roles=[...]"
- + ", createTime=" + createTime + ", grantOption=" + grantOption +"]";
- }
-
- @Override
- public int hashCode() {
- final int prime = 31;
- int result = 1;
- result = prime * result + ((URI == null) ? 0 : URI.hashCode());
- result = prime * result + ((action == null) ? 0 : action.hashCode());
- result = prime * result + ((dbName == null) ? 0 : dbName.hashCode());
- result = prime * result
- + ((serverName == null) ? 0 : serverName.hashCode());
- result = prime * result + ((tableName == null) ? 0 : tableName.hashCode());
- result = prime * result
- + ((columnName == null) ? 0 : columnName.hashCode());
- result = prime * result
- + ((grantOption == null) ? 0 : grantOption.hashCode());
- return result;
- }
-
- @Override
- public boolean equals(Object obj) {
- if (this == obj) {
- return true;
- }
- if (obj == null) {
- return false;
- }
- if (getClass() != obj.getClass()) {
- return false;
- }
- MSentryPrivilege other = (MSentryPrivilege) obj;
- if (URI == null) {
- if (other.URI != null) {
- return false;
- }
- } else if (!URI.equals(other.URI)) {
- return false;
- }
- if (action == null) {
- if (other.action != null) {
- return false;
- }
- } else if (!action.equals(other.action)) {
- return false;
- }
- if (dbName == null) {
- if (other.dbName != null) {
- return false;
- }
- } else if (!dbName.equals(other.dbName)) {
- return false;
- }
- if (serverName == null) {
- if (other.serverName != null) {
- return false;
- }
- } else if (!serverName.equals(other.serverName)) {
- return false;
- }
- if (tableName == null) {
- if (other.tableName != null) {
- return false;
- }
- } else if (!tableName.equals(other.tableName)) {
- return false;
- }
- if (columnName == null) {
- if (other.columnName != null) {
- return false;
- }
- } else if (!columnName.equals(other.columnName)) {
- return false;
- }
- if (grantOption == null) {
- if (other.grantOption != null) {
- return false;
- }
- } else if (!grantOption.equals(other.grantOption)) {
- return false;
- }
- return true;
- }
-
- /**
- * Return true if this privilege implies other privilege
- * Otherwise, return false
- * @param other, other privilege
- */
- public boolean implies(MSentryPrivilege other) {
- // serverName never be null
- if (isNULL(serverName) || isNULL(other.serverName)) {
- return false;
- } else if (!serverName.equals(other.serverName)) {
- return false;
- }
-
- // check URI implies
- if (!isNULL(URI) && !isNULL(other.URI)) {
- if (!PathUtils.impliesURI(URI, other.URI)) {
- return false;
- }
- // if URI is NULL, check dbName and tableName
- } else if (isNULL(URI) && isNULL(other.URI)) {
- if (!isNULL(dbName)) {
- if (isNULL(other.dbName)) {
- return false;
- } else if (!dbName.equals(other.dbName)) {
- return false;
- }
- }
- if (!isNULL(tableName)) {
- if (isNULL(other.tableName)) {
- return false;
- } else if (!tableName.equals(other.tableName)) {
- return false;
- }
- }
- if (!isNULL(columnName)) {
- if (isNULL(other.columnName)) {
- return false;
- } else if (!columnName.equals(other.columnName)) {
- return false;
- }
- }
- // if URI is not NULL, but other's URI is NULL, return false
- } else if (!isNULL(URI) && isNULL(other.URI)){
- return false;
- }
-
- // check action implies
- if (!action.equalsIgnoreCase(AccessConstants.ALL)
- && !action.equalsIgnoreCase(other.action)
- && !action.equalsIgnoreCase(AccessConstants.ACTION_ALL)) {
- return false;
- }
-
- return true;
- }
-
- private boolean isNULL(String s) {
- return SentryStore.isNULL(s);
- }
-
- public boolean isActionALL() {
- return AccessConstants.ACTION_ALL.equalsIgnoreCase(action)
- || AccessConstants.ALL.equals(action);
- }
-
-}
http://git-wip-us.apache.org/repos/asf/sentry/blob/f1332300/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/model/MSentryRole.java
----------------------------------------------------------------------
diff --git a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/model/MSentryRole.java b/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/model/MSentryRole.java
deleted file mode 100644
index 0484eaa..0000000
--- a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/model/MSentryRole.java
+++ /dev/null
@@ -1,216 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-package org.apache.sentry.provider.db.service.model;
-
-import java.util.HashSet;
-import java.util.Set;
-
-import javax.jdo.annotations.PersistenceCapable;
-
-import com.google.common.base.Preconditions;
-import com.google.common.collect.ImmutableSet;
-
-/**
- * Database backed Sentry Role. Any changes to this object
- * require re-running the maven build so DN an re-enhance.
- */
-@PersistenceCapable
-public class MSentryRole {
-
- private String roleName;
- // set of privileges granted to this role
- private Set<MSentryPrivilege> privileges;
- // set of generic model privileges grant ro this role
- private Set<MSentryGMPrivilege> gmPrivileges;
-
- // set of groups this role belongs to
- private Set<MSentryGroup> groups;
- // set of users this role belongs to
- private Set<MSentryUser> users;
- private long createTime;
-
- public MSentryRole(String roleName, long createTime) {
- this.roleName = roleName;
- this.createTime = createTime;
- privileges = new HashSet<MSentryPrivilege>();
- gmPrivileges = new HashSet<MSentryGMPrivilege>();
- groups = new HashSet<MSentryGroup>();
- users = new HashSet<MSentryUser>();
- }
-
- public long getCreateTime() {
- return createTime;
- }
-
- public void setCreateTime(long createTime) {
- this.createTime = createTime;
- }
-
- public String getRoleName() {
- return roleName;
- }
-
- public void setRoleName(String roleName) {
- this.roleName = roleName;
- }
-
- public void setPrivileges(Set<MSentryPrivilege> privileges) {
- this.privileges = privileges;
- }
-
- public Set<MSentryPrivilege> getPrivileges() {
- return privileges;
- }
-
- public Set<MSentryGMPrivilege> getGmPrivileges() {
- return gmPrivileges;
- }
-
- public void setGmPrivileges(Set<MSentryGMPrivilege> gmPrivileges) {
- this.gmPrivileges = gmPrivileges;
- }
-
- public void setGroups(Set<MSentryGroup> groups) {
- this.groups = groups;
- }
-
- public Set<MSentryGroup> getGroups() {
- return groups;
- }
-
- public Set<MSentryUser> getUsers() {
- return users;
- }
-
- public void setUsers(Set<MSentryUser> users) {
- this.users = users;
- }
-
- public void removePrivilege(MSentryPrivilege privilege) {
- if (privileges.remove(privilege)) {
- privilege.removeRole(this);
- }
- }
-
- public void appendPrivileges(Set<MSentryPrivilege> privileges) {
- this.privileges.addAll(privileges);
- }
-
- public void appendPrivilege(MSentryPrivilege privilege) {
- if (privileges.add(privilege)) {
- privilege.appendRole(this);
- }
- }
-
- public void removeGMPrivilege(MSentryGMPrivilege gmPrivilege) {
- if (gmPrivileges.remove(gmPrivilege)) {
- gmPrivilege.removeRole(this);
- }
- }
-
- public void appendGMPrivilege(MSentryGMPrivilege gmPrivilege) {
- if (gmPrivileges.add(gmPrivilege)) {
- gmPrivilege.appendRole(this);
- }
- }
-
- public void removeGMPrivileges() {
- for (MSentryGMPrivilege privilege : ImmutableSet.copyOf(gmPrivileges)) {
- privilege.removeRole(this);
- }
- Preconditions.checkState(gmPrivileges.isEmpty(), "gmPrivileges should be empty: " + gmPrivileges);
- }
-
- public void appendGroups(Set<MSentryGroup> groups) {
- this.groups.addAll(groups);
- }
-
- public void appendGroup(MSentryGroup group) {
- if (groups.add(group)) {
- group.appendRole(this);
- }
- }
-
- public void removeGroup(MSentryGroup group) {
- if (groups.remove(group)) {
- group.removeRole(this);
- }
- }
-
- public void appendUsers(Set<MSentryUser> users) {
- this.users.addAll(users);
- }
-
- public void appendUser(MSentryUser user) {
- if (users.add(user)) {
- user.appendRole(this);
- }
- }
-
- public void removeUser(MSentryUser user) {
- if (users.remove(user)) {
- user.removeRole(this);
- }
- }
-
- public void removePrivileges() {
- // copy is required since privilege.removeRole will call remotePrivilege
- for (MSentryPrivilege privilege : ImmutableSet.copyOf(privileges)) {
- privilege.removeRole(this);
- }
- Preconditions.checkState(privileges.isEmpty(), "Privileges should be empty: " + privileges);
- }
-
- @Override
- public String toString() {
- return "MSentryRole [roleName=" + roleName + ", privileges=[..]" + ", gmPrivileges=[..]"
- + ", groups=[...]" + ", users=[...]" + ", createTime=" + createTime + "]";
- }
-
- @Override
- public int hashCode() {
- final int prime = 31;
- int result = 1;
- result = prime * result + ((roleName == null) ? 0 : roleName.hashCode());
- return result;
- }
-
- @Override
- public boolean equals(Object obj) {
- if (this == obj) {
- return true;
- }
- if (obj == null) {
- return false;
- }
- if (getClass() != obj.getClass()) {
- return false;
- }
- MSentryRole other = (MSentryRole) obj;
- if (roleName == null) {
- if (other.roleName != null) {
- return false;
- }
- } else if (!roleName.equals(other.roleName)) {
- return false;
- }
- return true;
- }
-
-}
http://git-wip-us.apache.org/repos/asf/sentry/blob/f1332300/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/model/MSentryUser.java
----------------------------------------------------------------------
diff --git a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/model/MSentryUser.java b/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/model/MSentryUser.java
deleted file mode 100644
index ff57249..0000000
--- a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/model/MSentryUser.java
+++ /dev/null
@@ -1,116 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-package org.apache.sentry.provider.db.service.model;
-
-import java.util.Set;
-
-import javax.jdo.annotations.PersistenceCapable;
-
-/**
- * Database backed Sentry User. Any changes to this object
- * require re-running the maven build so DN an re-enhance.
- */
-@PersistenceCapable
-public class MSentryUser {
-
- /**
- * User name is unique
- */
- private String userName;
- // set of roles granted to this user
- private Set<MSentryRole> roles;
- private long createTime;
-
- public MSentryUser(String userName, long createTime, Set<MSentryRole> roles) {
- this.setUserName(userName);
- this.createTime = createTime;
- this.roles = roles;
- }
-
- public long getCreateTime() {
- return createTime;
- }
-
- public void setCreateTime(long createTime) {
- this.createTime = createTime;
- }
-
- public Set<MSentryRole> getRoles() {
- return roles;
- }
-
- public String getUserName() {
- return userName;
- }
-
- public void setUserName(String userName) {
- this.userName = userName;
- }
-
- public void appendRole(MSentryRole role) {
- if (roles.add(role)) {
- role.appendUser(this);
- }
- }
-
- public void removeRole(MSentryRole role) {
- if (roles.remove(role)) {
- role.removeUser(this);
- }
- }
-
- @Override
- public String toString() {
- return "MSentryUser [userName=" + userName + ", roles=[...]" + ", createTime=" + createTime
- + "]";
- }
-
- @Override
- public int hashCode() {
- final int prime = 31;
- int result = 1;
- result = prime * result + ((userName == null) ? 0 : userName.hashCode());
- return result;
- }
-
- @Override
- public boolean equals(Object obj) {
- if (this == obj) {
- return true;
- }
- if (obj == null) {
- return false;
- }
- if (getClass() != obj.getClass()) {
- return false;
- }
- MSentryUser other = (MSentryUser) obj;
- if (createTime != other.createTime) {
- return false;
- }
- if (userName == null) {
- if (other.userName != null) {
- return false;
- }
- } else if (!userName.equals(other.userName)) {
- return false;
- }
- return true;
- }
-}
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/sentry/blob/f1332300/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/model/MSentryVersion.java
----------------------------------------------------------------------
diff --git a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/model/MSentryVersion.java b/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/model/MSentryVersion.java
deleted file mode 100644
index ff8830f..0000000
--- a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/model/MSentryVersion.java
+++ /dev/null
@@ -1,66 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-package org.apache.sentry.provider.db.service.model;
-
-import javax.jdo.annotations.PersistenceCapable;
-
-@PersistenceCapable
-public class MSentryVersion {
- private String schemaVersion;
- private String versionComment;
-
- public MSentryVersion() {
- }
-
- public MSentryVersion(String schemaVersion, String versionComment) {
- this.schemaVersion = schemaVersion;
- this.versionComment = versionComment;
- }
-
- /**
- * @return the versionComment
- */
- public String getVersionComment() {
- return versionComment;
- }
-
- /**
- * @param versionComment
- * the versionComment to set
- */
- public void setVersionComment(String versionComment) {
- this.versionComment = versionComment;
- }
-
- /**
- * @return the schemaVersion
- */
- public String getSchemaVersion() {
- return schemaVersion;
- }
-
- /**
- * @param schemaVersion
- * the schemaVersion to set
- */
- public void setSchemaVersion(String schemaVersion) {
- this.schemaVersion = schemaVersion;
- }
-
-}
http://git-wip-us.apache.org/repos/asf/sentry/blob/f1332300/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/model/package.jdo
----------------------------------------------------------------------
diff --git a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/model/package.jdo b/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/model/package.jdo
deleted file mode 100644
index b3b9494..0000000
--- a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/model/package.jdo
+++ /dev/null
@@ -1,242 +0,0 @@
-<?xml version="1.0"?>
-<!--
- Licensed to the Apache Software Foundation (ASF) under one
- or more contributor license agreements. See the NOTICE file
- distributed with this work for additional information
- regarding copyright ownership. The ASF licenses this file
- to you under the Apache License, Version 2.0 (the
- "License"); you may not use this file except in compliance
- with the License. You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
- Unless required by applicable law or agreed to in writing, software
- distributed under the License is distributed on an "AS IS" BASIS,
- WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- See the License for the specific language governing permissions and
- limitations under the License.
--->
-<!DOCTYPE jdo PUBLIC "-//Sun Microsystems, Inc.//DTD Java Data Objects Metadata 2.0//EN"
- "http://java.sun.com/dtd/jdo_2_0.dtd">
-<!--
- Size Limitations:
-
- Indexed VARCHAR: 767 bytes (MySQL running on InnoDB Engine http://bugs.mysql.com/bug.php?id=13315)
- Non-indexed VARCHAR: 4000 bytes (max length on Oracle 9i/10g/11g)
-
--->
-<jdo>
- <package name="org.apache.sentry.provider.db.service.model">
- <class name="MSentryGroup" identity-type="datastore" table="SENTRY_GROUP" detachable="true">
- <datastore-identity>
- <column name="GROUP_ID"/>
- </datastore-identity>
- <field name="groupName">
- <column name="GROUP_NAME" length="128" jdbc-type="VARCHAR"/>
- <index name="SentryGroupName" unique="true"/>
- </field>
- <field name = "createTime">
- <column name = "CREATE_TIME" jdbc-type="BIGINT"/>
- </field>
-
- <field name="roles" mapped-by="groups">
- <collection element-type="org.apache.sentry.provider.db.service.model.MSentryRole"/>
- </field>
-
- </class>
-
- <class name="MSentryUser" identity-type="datastore" table="SENTRY_USER" detachable="true">
- <datastore-identity>
- <column name="USER_ID"/>
- </datastore-identity>
- <field name="userName">
- <column name="USER_NAME" length="128" jdbc-type="VARCHAR"/>
- <index name="SentryUserName" unique="true"/>
- </field>
- <field name = "createTime">
- <column name = "CREATE_TIME" jdbc-type="BIGINT"/>
- </field>
-
- <field name="roles" mapped-by="users">
- <collection element-type="org.apache.sentry.provider.db.service.model.MSentryRole"/>
- </field>
-
- </class>
-
- <class name="MSentryRole" identity-type="datastore" table="SENTRY_ROLE" detachable="true">
- <datastore-identity>
- <column name="ROLE_ID"/>
- </datastore-identity>
- <field name="roleName">
- <column name="ROLE_NAME" length="128" jdbc-type="VARCHAR"/>
- <index name="SentryRoleName" unique="true"/>
- </field>
- <field name = "createTime">
- <column name = "CREATE_TIME" jdbc-type="BIGINT"/>
- </field>
- <field name = "privileges" table="SENTRY_ROLE_DB_PRIVILEGE_MAP" default-fetch-group="true">
- <collection element-type="org.apache.sentry.provider.db.service.model.MSentryPrivilege"/>
- <join>
- <column name="ROLE_ID"/>
- </join>
- <element>
- <column name="DB_PRIVILEGE_ID"/>
- </element>
- </field>
-
- <field name = "gmPrivileges" table="SENTRY_ROLE_GM_PRIVILEGE_MAP" default-fetch-group="true">
- <collection element-type="org.apache.sentry.provider.db.service.model.MSentryGMPrivilege"/>
- <join>
- <column name="ROLE_ID"/>
- </join>
- <element>
- <column name="GM_PRIVILEGE_ID"/>
- </element>
- </field>
-
- <field name = "groups" table="SENTRY_ROLE_GROUP_MAP" default-fetch-group="true">
- <collection element-type="org.apache.sentry.provider.db.service.model.MSentryGroup"/>
- <join>
- <column name="ROLE_ID"/>
- </join>
- <element>
- <column name="GROUP_ID"/>
- </element>
- </field>
-
- <field name = "users" table="SENTRY_ROLE_USER_MAP" default-fetch-group="true">
- <collection element-type="org.apache.sentry.provider.db.service.model.MSentryUser"/>
- <join>
- <column name="ROLE_ID"/>
- </join>
- <element>
- <column name="USER_ID"/>
- </element>
- </field>
- </class>
-
- <class name="MSentryPrivilege" identity-type="datastore" table="SENTRY_DB_PRIVILEGE" detachable="true">
- <datastore-identity>
- <column name="DB_PRIVILEGE_ID"/>
- </datastore-identity>
- <index name="PRIVILEGE_INDEX" unique="true">
- <field name="serverName"/>
- <field name="dbName"/>
- <field name="tableName"/>
- <field name="columnName"/>
- <field name="URI"/>
- <field name="action"/>
- <field name="grantOption"/>
- </index>
- <field name="privilegeScope">
- <column name="PRIVILEGE_SCOPE" length="40" jdbc-type="VARCHAR"/>
- </field>
- <field name="serverName">
- <column name="SERVER_NAME" length="4000" jdbc-type="VARCHAR"/>
- </field>
- <field name="dbName">
- <column name="DB_NAME" length="4000" jdbc-type="VARCHAR"/>
- </field>
- <field name="tableName">
- <column name="TABLE_NAME" length="4000" jdbc-type="VARCHAR"/>
- </field>
- <field name="columnName">
- <column name="COLUMN_NAME" length="4000" jdbc-type="VARCHAR"/>
- </field>
- <field name="URI">
- <column name="URI" length="4000" jdbc-type="VARCHAR"/>
- </field>
- <field name="action">
- <column name="ACTION" length="40" jdbc-type="VARCHAR"/>
- </field>
- <field name = "createTime">
- <column name = "CREATE_TIME" jdbc-type="BIGINT"/>
- </field>
- <field name="grantOption">
- <column name="WITH_GRANT_OPTION" length="1" jdbc-type="CHAR"/>
- </field>
- <field name="roles" mapped-by="privileges">
- <collection element-type="org.apache.sentry.provider.db.service.model.MSentryRole"/>
- </field>
- </class>
-
- <class name="MSentryGMPrivilege" identity-type="datastore" table="SENTRY_GM_PRIVILEGE" detachable="true">
- <datastore-identity>
- <column name="GM_PRIVILEGE_ID"/>
- </datastore-identity>
- <index name="GM_PRIVILEGE_INDEX" unique="true">
- <field name="componentName"/>
- <field name="serviceName"/>
- <field name="resourceName0"/>
- <field name="resourceType0"/>
- <field name="resourceName1"/>
- <field name="resourceType1"/>
- <field name="resourceName2"/>
- <field name="resourceType2"/>
- <field name="resourceName3"/>
- <field name="resourceType3"/>
- <field name="action"/>
- <field name="grantOption"/>
- </index>
- <field name="componentName">
- <column name="COMPONENT_NAME" length="100" jdbc-type="VARCHAR"/>
- </field>
- <field name="serviceName">
- <column name="SERVICE_NAME" length="100" jdbc-type="VARCHAR"/>
- </field>
- <field name="resourceName0">
- <column name="RESOURCE_NAME_0" length="100" jdbc-type="VARCHAR"/>
- </field>
- <field name="resourceType0">
- <column name="RESOURCE_TYPE_0" length="100" jdbc-type="VARCHAR"/>
- </field>
- <field name="resourceName1">
- <column name="RESOURCE_NAME_1" length="100" jdbc-type="VARCHAR"/>
- </field>
- <field name="resourceType1">
- <column name="RESOURCE_TYPE_1" length="100" jdbc-type="VARCHAR"/>
- </field>
- <field name="resourceName2">
- <column name="RESOURCE_NAME_2" length="100" jdbc-type="VARCHAR"/>
- </field>
- <field name="resourceType2">
- <column name="RESOURCE_TYPE_2" length="100" jdbc-type="VARCHAR"/>
- </field>
- <field name="resourceName3">
- <column name="RESOURCE_NAME_3" length="100" jdbc-type="VARCHAR"/>
- </field>
- <field name="resourceType3">
- <column name="RESOURCE_TYPE_3" length="100" jdbc-type="VARCHAR"/>
- </field>
- <field name="action">
- <column name="ACTION" length="100" jdbc-type="VARCHAR"/>
- </field>
- <field name="scope">
- <column name="SCOPE" length="100" jdbc-type="VARCHAR"/>
- </field>
- <field name = "createTime">
- <column name = "CREATE_TIME" jdbc-type="BIGINT"/>
- </field>
- <field name="grantOption">
- <column name="WITH_GRANT_OPTION" length="1" jdbc-type="CHAR"/>
- </field>
- <field name="roles" mapped-by="gmPrivileges">
- <collection element-type="org.apache.sentry.provider.db.service.model.MSentryRole"/>
- </field>
- </class>
-
- <class name="MSentryVersion" table="SENTRY_VERSION" identity-type="datastore" detachable="true">
- <datastore-identity>
- <column name="VER_ID"/>
- </datastore-identity>
- <field name ="schemaVersion">
- <column name="SCHEMA_VERSION" length="127" jdbc-type="VARCHAR" allows-null="false"/>
- </field>
- <field name ="versionComment">
- <column name="VERSION_COMMENT" length="255" jdbc-type="VARCHAR" allows-null="false"/>
- </field>
- </class>
-
- </package>
-</jdo>
-
http://git-wip-us.apache.org/repos/asf/sentry/blob/f1332300/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/persistent/CommitContext.java
----------------------------------------------------------------------
diff --git a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/persistent/CommitContext.java b/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/persistent/CommitContext.java
deleted file mode 100644
index c74dbf3..0000000
--- a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/persistent/CommitContext.java
+++ /dev/null
@@ -1,42 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-package org.apache.sentry.provider.db.service.persistent;
-
-import java.util.UUID;
-
-/**
- * Stores the UUID associated with the server who processed
- * a commit and a commit order sequence id.
- */
-public class CommitContext {
-
- private final String serverUUID;
- private final long sequenceId;
-
- public CommitContext(UUID serverUUID, long sequenceId) {
- this.serverUUID = serverUUID.toString();
- this.sequenceId = sequenceId;
- }
- public String getServerUUID() {
- return serverUUID;
- }
- public long getSequenceId() {
- return sequenceId;
- }
-}
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/sentry/blob/f1332300/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/persistent/FixedJsonInstanceSerializer.java
----------------------------------------------------------------------
diff --git a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/persistent/FixedJsonInstanceSerializer.java b/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/persistent/FixedJsonInstanceSerializer.java
deleted file mode 100644
index 476bf6a..0000000
--- a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/persistent/FixedJsonInstanceSerializer.java
+++ /dev/null
@@ -1,163 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-package org.apache.sentry.provider.db.service.persistent;
-
-import java.io.ByteArrayInputStream;
-import java.io.ByteArrayOutputStream;
-import java.io.IOException;
-
-import org.codehaus.jackson.JsonNode;
-import org.codehaus.jackson.JsonParseException;
-import org.codehaus.jackson.map.DeserializationConfig;
-import org.codehaus.jackson.map.JsonMappingException;
-import org.codehaus.jackson.map.ObjectMapper;
-
-import com.google.common.base.Preconditions;
-import org.apache.curator.x.discovery.ServiceInstance;
-import org.apache.curator.x.discovery.ServiceInstanceBuilder;
-import org.apache.curator.x.discovery.ServiceType;
-import org.apache.curator.x.discovery.UriSpec;
-import org.apache.curator.x.discovery.details.InstanceSerializer;
-
-// TODO: Workaround for CURATOR-5 (https://issues.apache.org/jira/browse/CURATOR-5)
-// Remove this class (code from pull request listed on JIRA) and use regular JsonInstanceSerializer once fixed
-// (Otherwise we can't properly serialize objects for the ZK Service Discovery)
-public class FixedJsonInstanceSerializer<T> implements InstanceSerializer<T>
-{
-
- private final ObjectMapper mMapper;
- private final Class<T> mPayloadClass;
-
- /**
- * @param payloadClass
- * used to validate payloads when deserializing
- */
- public FixedJsonInstanceSerializer(final Class<T> payloadClass) {
- this(payloadClass, new ObjectMapper());
- }
-
- public FixedJsonInstanceSerializer(final Class<T> pPayloadClass, final ObjectMapper pMapper) {
- mPayloadClass = pPayloadClass;
- mMapper = pMapper;
- mMapper.configure(DeserializationConfig.Feature.FAIL_ON_UNKNOWN_PROPERTIES, false);
- }
-
- @Override
- public byte[] serialize(final ServiceInstance<T> pInstance) throws Exception {
- final ByteArrayOutputStream out = new ByteArrayOutputStream();
- mMapper.writeValue(out, pInstance);
- return out.toByteArray();
-
- }
-
- private String getTextField(final JsonNode pNode, final String pFieldName) {
- Preconditions.checkNotNull(pNode);
- Preconditions.checkNotNull(pFieldName);
- return pNode.get(pFieldName) != null ? pNode.get(pFieldName).getTextValue() : null;
- }
-
- private Integer getIntegerField(final JsonNode pNode, final String pFieldName) {
- Preconditions.checkNotNull(pNode);
- Preconditions.checkNotNull(pFieldName);
- return pNode.get(pFieldName) != null && pNode.get(pFieldName).isNumber() ? pNode.get(pFieldName)
- .getIntValue() : null;
- }
-
- private Long getLongField(final JsonNode pNode, final String pFieldName) {
- Preconditions.checkNotNull(pNode);
- Preconditions.checkNotNull(pFieldName);
- return pNode.get(pFieldName) != null && pNode.get(pFieldName).isLong() ? pNode.get(pFieldName).getLongValue()
- : null;
- }
-
- private <O> O getObject(final JsonNode pNode, final String pFieldName, final Class<O> pObjectClass)
- throws JsonParseException, JsonMappingException, IOException {
- Preconditions.checkNotNull(pNode);
- Preconditions.checkNotNull(pFieldName);
- Preconditions.checkNotNull(pObjectClass);
- if (pNode.get(pFieldName) != null && pNode.get(pFieldName).isObject()) {
- return mMapper.readValue(pNode.get(pFieldName), pObjectClass);
- } else {
- return null;
- }
- }
-
- @Override
- public ServiceInstance<T> deserialize(final byte[] pBytes) throws Exception {
- final ByteArrayInputStream bais = new ByteArrayInputStream(pBytes);
- final JsonNode rootNode = mMapper.readTree(bais);
- final ServiceInstanceBuilder<T> builder = ServiceInstance.builder();
- {
- final String address = getTextField(rootNode, "address");
- if (address != null) {
- builder.address(address);
- }
- }
- {
- final String id = getTextField(rootNode, "id");
- if (id != null) {
- builder.id(id);
- }
- }
- {
- final String name = getTextField(rootNode, "name");
- if (name != null) {
- builder.name(name);
- }
- }
- {
- final Integer port = getIntegerField(rootNode, "port");
- if (port != null) {
- builder.port(port);
- }
- }
- {
- final Integer sslPort = getIntegerField(rootNode, "sslPort");
- if (sslPort != null) {
- builder.sslPort(sslPort);
- }
- }
- {
- final Long registrationTimeUTC = getLongField(rootNode, "registrationTimeUTC");
- if (registrationTimeUTC != null) {
- builder.registrationTimeUTC(registrationTimeUTC);
- }
- }
- {
- final T payload = getObject(rootNode, "payload", mPayloadClass);
- if (payload != null) {
- builder.payload(payload);
- }
- }
- {
- final ServiceType serviceType = getObject(rootNode, "serviceType", ServiceType.class);
- if (serviceType != null) {
- builder.serviceType(serviceType);
- }
- }
- {
- final UriSpec uriSpec = getObject(rootNode, "uriSpec", UriSpec.class);
- if (uriSpec != null) {
- builder.uriSpec(uriSpec);
- }
- }
- return builder.build();
- }
-
-}
http://git-wip-us.apache.org/repos/asf/sentry/blob/f1332300/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/persistent/HAContext.java
----------------------------------------------------------------------
diff --git a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/persistent/HAContext.java b/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/persistent/HAContext.java
deleted file mode 100644
index cacc29f..0000000
--- a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/persistent/HAContext.java
+++ /dev/null
@@ -1,262 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-package org.apache.sentry.provider.db.service.persistent;
-
-import java.io.IOException;
-import java.util.Arrays;
-import java.util.List;
-
-import org.apache.curator.RetryPolicy;
-import org.apache.curator.framework.CuratorFramework;
-import org.apache.curator.framework.CuratorFrameworkFactory;
-import org.apache.curator.framework.api.ACLProvider;
-import org.apache.curator.framework.imps.CuratorFrameworkState;
-import org.apache.curator.framework.imps.DefaultACLProvider;
-import org.apache.curator.retry.RetryNTimes;
-import org.apache.hadoop.conf.Configuration;
-import org.apache.hadoop.security.SecurityUtil;
-import org.apache.sentry.service.thrift.JaasConfiguration;
-import org.apache.sentry.service.thrift.ServiceConstants.ServerConfig;
-import org.apache.zookeeper.ZooDefs.Perms;
-import org.apache.zookeeper.client.ZooKeeperSaslClient;
-import org.apache.zookeeper.data.ACL;
-import org.apache.zookeeper.data.Id;
-import org.apache.zookeeper.data.Stat;
-import org.slf4j.Logger;
-import org.slf4j.LoggerFactory;
-
-import com.google.common.annotations.VisibleForTesting;
-import com.google.common.base.Preconditions;
-import com.google.common.base.Strings;
-import com.google.common.collect.Lists;
-
-/**
- * Stores the HA related context
- */
-public class HAContext {
-
- private static final Logger LOGGER = LoggerFactory.getLogger(HAContext.class);
- private static volatile HAContext serverHAContext = null;
- private static boolean aclChecked = false;
-
- public final static String SENTRY_SERVICE_REGISTER_NAMESPACE = "sentry-service";
- public static final String SENTRY_ZK_JAAS_NAME = "SentryClient";
- private final String zookeeperQuorum;
- private final int retriesMaxCount;
- private final int sleepMsBetweenRetries;
- private final String namespace;
-
- private final boolean zkSecure;
- private List<ACL> saslACL;
-
- private final CuratorFramework curatorFramework;
- private final RetryPolicy retryPolicy;
-
- protected HAContext(Configuration conf) throws Exception {
- this.zookeeperQuorum = conf.get(ServerConfig.SENTRY_HA_ZOOKEEPER_QUORUM,
- ServerConfig.SENTRY_HA_ZOOKEEPER_QUORUM_DEFAULT);
- this.retriesMaxCount = conf.getInt(ServerConfig.SENTRY_HA_ZOOKEEPER_RETRIES_MAX_COUNT,
- ServerConfig.SENTRY_HA_ZOOKEEPER_RETRIES_MAX_COUNT_DEFAULT);
- this.sleepMsBetweenRetries = conf.getInt(ServerConfig.SENTRY_HA_ZOOKEEPER_SLEEP_BETWEEN_RETRIES_MS,
- ServerConfig.SENTRY_HA_ZOOKEEPER_SLEEP_BETWEEN_RETRIES_MS_DEFAULT);
- this.namespace = conf.get(ServerConfig.SENTRY_HA_ZOOKEEPER_NAMESPACE,
- ServerConfig.SENTRY_HA_ZOOKEEPER_NAMESPACE_DEFAULT);
- this.zkSecure = conf.getBoolean(ServerConfig.SENTRY_HA_ZOOKEEPER_SECURITY,
- ServerConfig.SENTRY_HA_ZOOKEEPER_SECURITY_DEFAULT);
- ACLProvider aclProvider;
- validateConf();
- if (zkSecure) {
- LOGGER.info("Connecting to ZooKeeper with SASL/Kerberos and using 'sasl' ACLs");
- setJaasConfiguration(conf);
- System.setProperty(ZooKeeperSaslClient.LOGIN_CONTEXT_NAME_KEY,
- SENTRY_ZK_JAAS_NAME);
- saslACL = Lists.newArrayList();
- saslACL.add(new ACL(Perms.ALL, new Id("sasl", getServicePrincipal(conf,
- ServerConfig.PRINCIPAL))));
- saslACL.add(new ACL(Perms.ALL, new Id("sasl", getServicePrincipal(conf,
- ServerConfig.SERVER_HA_ZOOKEEPER_CLIENT_PRINCIPAL))));
- aclProvider = new SASLOwnerACLProvider();
- String allowConnect = conf.get(ServerConfig.ALLOW_CONNECT);
-
- if (!Strings.isNullOrEmpty(allowConnect)) {
- for (String principal : Arrays.asList(allowConnect.split("\\s*,\\s*"))) {
- LOGGER.info("Adding acls for " + principal);
- saslACL.add(new ACL(Perms.ALL, new Id("sasl", principal)));
- }
- }
- } else {
- LOGGER.info("Connecting to ZooKeeper without authentication");
- aclProvider = new DefaultACLProvider();
- }
-
- retryPolicy = new RetryNTimes(retriesMaxCount, sleepMsBetweenRetries);
- this.curatorFramework = CuratorFrameworkFactory.builder()
- .namespace(this.namespace)
- .connectString(this.zookeeperQuorum)
- .retryPolicy(retryPolicy)
- .aclProvider(aclProvider)
- .build();
- startCuratorFramework();
- }
-
- /**
- * Use common HAContext (ie curator framework connection to ZK)
- *
- * @param conf
- * @throws Exception
- */
- public static HAContext getHAContext(Configuration conf) throws Exception {
- if (serverHAContext == null) {
- serverHAContext = new HAContext(conf);
- Runtime.getRuntime().addShutdownHook(new Thread() {
- @Override
- public void run() {
- LOGGER.info("ShutdownHook closing curator framework");
- try {
- clearServerContext();
- } catch (Throwable t) {
- LOGGER.error("Error stopping SentryService", t);
- }
- }
- });
-
- }
- return serverHAContext;
- }
-
- // HA context for server which verifies the ZK ACLs on namespace
- public static HAContext getHAServerContext(Configuration conf) throws Exception {
- HAContext serverContext = getHAContext(conf);
- serverContext.checkAndSetACLs();
- return serverContext;
- }
-
- @VisibleForTesting
- public static synchronized void clearServerContext() {
- if (serverHAContext != null) {
- serverHAContext.getCuratorFramework().close();
- serverHAContext = null;
- }
- }
-
- public void startCuratorFramework() {
- if (curatorFramework.getState() != CuratorFrameworkState.STARTED) {
- curatorFramework.start();
- }
- }
-
- public CuratorFramework getCuratorFramework() {
- return this.curatorFramework;
- }
-
- public String getZookeeperQuorum() {
- return zookeeperQuorum;
- }
-
- public static boolean isHaEnabled(Configuration conf) {
- return conf.getBoolean(ServerConfig.SENTRY_HA_ENABLED, ServerConfig.SENTRY_HA_ENABLED_DEFAULT);
- }
-
- public String getNamespace() {
- return namespace;
- }
-
- public RetryPolicy getRetryPolicy() {
- return retryPolicy;
- }
-
- private void validateConf() {
- Preconditions.checkNotNull(zookeeperQuorum, "Zookeeper Quorum should not be null.");
- Preconditions.checkNotNull(namespace, "Zookeeper namespace should not be null.");
- }
-
- protected String getServicePrincipal(Configuration conf, String confProperty)
- throws IOException {
- String principal = conf.get(confProperty);
- Preconditions.checkNotNull(principal);
- Preconditions.checkArgument(principal.length() != 0, "Server principal is not right.");
- return principal.split("[/@]")[0];
- }
-
- private void checkAndSetACLs() throws Exception {
- if (zkSecure && !aclChecked) {
- // If znodes were previously created without security enabled, and now it is, we need to go through all existing znodes
- // and set the ACLs for them. This is done just once at the startup
- // We can't get the namespace znode through curator; have to go through zk client
- startCuratorFramework();
- String newNamespace = "/" + curatorFramework.getNamespace();
- if (curatorFramework.getZookeeperClient().getZooKeeper().exists(newNamespace, null) != null) {
- List<ACL> acls = curatorFramework.getZookeeperClient().getZooKeeper().getACL(newNamespace, new Stat());
- if (acls.isEmpty() || !acls.get(0).getId().getScheme().equals("sasl")) {
- LOGGER.info("'sasl' ACLs not set; setting...");
- List<String> children = curatorFramework.getZookeeperClient().getZooKeeper().getChildren(newNamespace, null);
- for (String child : children) {
- checkAndSetACLs("/" + child);
- }
- curatorFramework.getZookeeperClient().getZooKeeper().setACL(newNamespace, saslACL, -1);
- }
- }
- aclChecked = true;
-
- }
- }
-
- private void checkAndSetACLs(String path) throws Exception {
- LOGGER.info("Setting acls on " + path);
- List<String> children = curatorFramework.getChildren().forPath(path);
- for (String child : children) {
- checkAndSetACLs(path + "/" + child);
- }
- curatorFramework.setACL().withACL(saslACL).forPath(path);
- }
-
- // This gets ignored during most tests, see ZKXTestCaseWithSecurity#setupZKServer()
- private void setJaasConfiguration(Configuration conf) throws IOException {
- if ("false".equalsIgnoreCase(conf.get(
- ServerConfig.SERVER_HA_ZOOKEEPER_CLIENT_TICKET_CACHE,
- ServerConfig.SERVER_HA_ZOOKEEPER_CLIENT_TICKET_CACHE_DEFAULT))) {
- String keytabFile = conf.get(ServerConfig.SERVER_HA_ZOOKEEPER_CLIENT_KEYTAB);
- Preconditions.checkArgument(keytabFile.length() != 0, "Keytab File is not right.");
- String principal = conf.get(ServerConfig.SERVER_HA_ZOOKEEPER_CLIENT_PRINCIPAL);
- principal = SecurityUtil.getServerPrincipal(principal,
- conf.get(ServerConfig.RPC_ADDRESS, ServerConfig.RPC_ADDRESS_DEFAULT));
- Preconditions.checkArgument(principal.length() != 0, "Kerberos principal is not right.");
-
- // This is equivalent to writing a jaas.conf file and setting the system property, "java.security.auth.login.config", to
- // point to it (but this way we don't have to write a file, and it works better for the tests)
- JaasConfiguration.addEntryForKeytab(SENTRY_ZK_JAAS_NAME, principal, keytabFile);
- } else {
- // Create jaas conf for ticket cache
- JaasConfiguration.addEntryForTicketCache(SENTRY_ZK_JAAS_NAME);
- }
- javax.security.auth.login.Configuration.setConfiguration(JaasConfiguration.getInstance());
- }
-
- public class SASLOwnerACLProvider implements ACLProvider {
- @Override
- public List<ACL> getDefaultAcl() {
- return saslACL;
- }
-
- @Override
- public List<ACL> getAclForPath(String path) {
- return saslACL;
- }
- }
-}