You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@sentry.apache.org by sr...@apache.org on 2014/07/29 00:01:19 UTC
git commit: SENTRY-339: Remove PrivilegeName column and
constructPrivilegeName() function (Arun Suresh via Sravya Tirukkovalur)
Repository: incubator-sentry
Updated Branches:
refs/heads/master 5c5b87ce1 -> d6b1eb6e8
SENTRY-339: Remove PrivilegeName column and constructPrivilegeName() function (Arun Suresh via Sravya Tirukkovalur)
Project: http://git-wip-us.apache.org/repos/asf/incubator-sentry/repo
Commit: http://git-wip-us.apache.org/repos/asf/incubator-sentry/commit/d6b1eb6e
Tree: http://git-wip-us.apache.org/repos/asf/incubator-sentry/tree/d6b1eb6e
Diff: http://git-wip-us.apache.org/repos/asf/incubator-sentry/diff/d6b1eb6e
Branch: refs/heads/master
Commit: d6b1eb6e8f74b95e3a1098c1a0e6e17b049fb102
Parents: 5c5b87c
Author: Sravya Tirukkovalur <sr...@clouera.com>
Authored: Mon Jul 28 15:00:46 2014 -0700
Committer: Sravya Tirukkovalur <sr...@clouera.com>
Committed: Mon Jul 28 15:00:46 2014 -0700
----------------------------------------------------------------------
.../db/service/thrift/TSentryPrivilege.java | 150 +++-----------
.../db/service/model/MSentryPrivilege.java | 120 ++++++-----
.../provider/db/service/model/package.jdo | 11 +-
.../db/service/persistent/SentryStore.java | 197 ++++++-------------
.../thrift/SentryPolicyStoreProcessor.java | 6 +-
.../src/main/resources/sentry-db2-1.4.0.sql | 3 +-
.../src/main/resources/sentry-derby-1.4.0.sql | 3 +-
.../src/main/resources/sentry-mysql-1.4.0.sql | 3 +-
.../src/main/resources/sentry-oracle-1.4.0.sql | 3 +-
.../main/resources/sentry-postgres-1.4.0.sql | 3 +-
.../main/resources/sentry_policy_service.thrift | 9 +-
.../db/service/persistent/TestSentryStore.java | 30 +--
.../thrift/TestSentryServerWithoutKerberos.java | 4 +-
.../thrift/TestSentryServiceIntegration.java | 4 -
.../sentry/tests/e2e/hive/TestPolicyImport.java | 1 -
15 files changed, 184 insertions(+), 363 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/d6b1eb6e/sentry-provider/sentry-provider-db/src/gen/thrift/gen-javabean/org/apache/sentry/provider/db/service/thrift/TSentryPrivilege.java
----------------------------------------------------------------------
diff --git a/sentry-provider/sentry-provider-db/src/gen/thrift/gen-javabean/org/apache/sentry/provider/db/service/thrift/TSentryPrivilege.java b/sentry-provider/sentry-provider-db/src/gen/thrift/gen-javabean/org/apache/sentry/provider/db/service/thrift/TSentryPrivilege.java
index 9e8ac4c..c48e8cc 100644
--- a/sentry-provider/sentry-provider-db/src/gen/thrift/gen-javabean/org/apache/sentry/provider/db/service/thrift/TSentryPrivilege.java
+++ b/sentry-provider/sentry-provider-db/src/gen/thrift/gen-javabean/org/apache/sentry/provider/db/service/thrift/TSentryPrivilege.java
@@ -35,7 +35,6 @@ public class TSentryPrivilege implements org.apache.thrift.TBase<TSentryPrivileg
private static final org.apache.thrift.protocol.TStruct STRUCT_DESC = new org.apache.thrift.protocol.TStruct("TSentryPrivilege");
private static final org.apache.thrift.protocol.TField PRIVILEGE_SCOPE_FIELD_DESC = new org.apache.thrift.protocol.TField("privilegeScope", org.apache.thrift.protocol.TType.STRING, (short)1);
- private static final org.apache.thrift.protocol.TField PRIVILEGE_NAME_FIELD_DESC = new org.apache.thrift.protocol.TField("privilegeName", org.apache.thrift.protocol.TType.STRING, (short)2);
private static final org.apache.thrift.protocol.TField SERVER_NAME_FIELD_DESC = new org.apache.thrift.protocol.TField("serverName", org.apache.thrift.protocol.TType.STRING, (short)3);
private static final org.apache.thrift.protocol.TField DB_NAME_FIELD_DESC = new org.apache.thrift.protocol.TField("dbName", org.apache.thrift.protocol.TType.STRING, (short)4);
private static final org.apache.thrift.protocol.TField TABLE_NAME_FIELD_DESC = new org.apache.thrift.protocol.TField("tableName", org.apache.thrift.protocol.TType.STRING, (short)5);
@@ -51,7 +50,6 @@ public class TSentryPrivilege implements org.apache.thrift.TBase<TSentryPrivileg
}
private String privilegeScope; // required
- private String privilegeName; // optional
private String serverName; // required
private String dbName; // optional
private String tableName; // optional
@@ -63,7 +61,6 @@ public class TSentryPrivilege implements org.apache.thrift.TBase<TSentryPrivileg
/** The set of fields this struct contains, along with convenience methods for finding and manipulating them. */
public enum _Fields implements org.apache.thrift.TFieldIdEnum {
PRIVILEGE_SCOPE((short)1, "privilegeScope"),
- PRIVILEGE_NAME((short)2, "privilegeName"),
SERVER_NAME((short)3, "serverName"),
DB_NAME((short)4, "dbName"),
TABLE_NAME((short)5, "tableName"),
@@ -87,8 +84,6 @@ public class TSentryPrivilege implements org.apache.thrift.TBase<TSentryPrivileg
switch(fieldId) {
case 1: // PRIVILEGE_SCOPE
return PRIVILEGE_SCOPE;
- case 2: // PRIVILEGE_NAME
- return PRIVILEGE_NAME;
case 3: // SERVER_NAME
return SERVER_NAME;
case 4: // DB_NAME
@@ -145,14 +140,12 @@ public class TSentryPrivilege implements org.apache.thrift.TBase<TSentryPrivileg
// isset id assignments
private static final int __CREATETIME_ISSET_ID = 0;
private byte __isset_bitfield = 0;
- private _Fields optionals[] = {_Fields.PRIVILEGE_NAME,_Fields.DB_NAME,_Fields.TABLE_NAME,_Fields.URI,_Fields.CREATE_TIME,_Fields.GRANTOR_PRINCIPAL};
+ private _Fields optionals[] = {_Fields.DB_NAME,_Fields.TABLE_NAME,_Fields.URI,_Fields.CREATE_TIME,_Fields.GRANTOR_PRINCIPAL};
public static final Map<_Fields, org.apache.thrift.meta_data.FieldMetaData> metaDataMap;
static {
Map<_Fields, org.apache.thrift.meta_data.FieldMetaData> tmpMap = new EnumMap<_Fields, org.apache.thrift.meta_data.FieldMetaData>(_Fields.class);
tmpMap.put(_Fields.PRIVILEGE_SCOPE, new org.apache.thrift.meta_data.FieldMetaData("privilegeScope", org.apache.thrift.TFieldRequirementType.REQUIRED,
new org.apache.thrift.meta_data.FieldValueMetaData(org.apache.thrift.protocol.TType.STRING)));
- tmpMap.put(_Fields.PRIVILEGE_NAME, new org.apache.thrift.meta_data.FieldMetaData("privilegeName", org.apache.thrift.TFieldRequirementType.OPTIONAL,
- new org.apache.thrift.meta_data.FieldValueMetaData(org.apache.thrift.protocol.TType.STRING)));
tmpMap.put(_Fields.SERVER_NAME, new org.apache.thrift.meta_data.FieldMetaData("serverName", org.apache.thrift.TFieldRequirementType.REQUIRED,
new org.apache.thrift.meta_data.FieldValueMetaData(org.apache.thrift.protocol.TType.STRING)));
tmpMap.put(_Fields.DB_NAME, new org.apache.thrift.meta_data.FieldMetaData("dbName", org.apache.thrift.TFieldRequirementType.OPTIONAL,
@@ -172,6 +165,14 @@ public class TSentryPrivilege implements org.apache.thrift.TBase<TSentryPrivileg
}
public TSentryPrivilege() {
+ this.dbName = "";
+
+ this.tableName = "";
+
+ this.URI = "";
+
+ this.action = "";
+
}
public TSentryPrivilege(
@@ -193,9 +194,6 @@ public class TSentryPrivilege implements org.apache.thrift.TBase<TSentryPrivileg
if (other.isSetPrivilegeScope()) {
this.privilegeScope = other.privilegeScope;
}
- if (other.isSetPrivilegeName()) {
- this.privilegeName = other.privilegeName;
- }
if (other.isSetServerName()) {
this.serverName = other.serverName;
}
@@ -224,12 +222,15 @@ public class TSentryPrivilege implements org.apache.thrift.TBase<TSentryPrivileg
@Override
public void clear() {
this.privilegeScope = null;
- this.privilegeName = null;
this.serverName = null;
- this.dbName = null;
- this.tableName = null;
- this.URI = null;
- this.action = null;
+ this.dbName = "";
+
+ this.tableName = "";
+
+ this.URI = "";
+
+ this.action = "";
+
setCreateTimeIsSet(false);
this.createTime = 0;
this.grantorPrincipal = null;
@@ -258,29 +259,6 @@ public class TSentryPrivilege implements org.apache.thrift.TBase<TSentryPrivileg
}
}
- public String getPrivilegeName() {
- return this.privilegeName;
- }
-
- public void setPrivilegeName(String privilegeName) {
- this.privilegeName = privilegeName;
- }
-
- public void unsetPrivilegeName() {
- this.privilegeName = null;
- }
-
- /** Returns true if field privilegeName is set (has been assigned a value) and false otherwise */
- public boolean isSetPrivilegeName() {
- return this.privilegeName != null;
- }
-
- public void setPrivilegeNameIsSet(boolean value) {
- if (!value) {
- this.privilegeName = null;
- }
- }
-
public String getServerName() {
return this.serverName;
}
@@ -451,14 +429,6 @@ public class TSentryPrivilege implements org.apache.thrift.TBase<TSentryPrivileg
}
break;
- case PRIVILEGE_NAME:
- if (value == null) {
- unsetPrivilegeName();
- } else {
- setPrivilegeName((String)value);
- }
- break;
-
case SERVER_NAME:
if (value == null) {
unsetServerName();
@@ -523,9 +493,6 @@ public class TSentryPrivilege implements org.apache.thrift.TBase<TSentryPrivileg
case PRIVILEGE_SCOPE:
return getPrivilegeScope();
- case PRIVILEGE_NAME:
- return getPrivilegeName();
-
case SERVER_NAME:
return getServerName();
@@ -560,8 +527,6 @@ public class TSentryPrivilege implements org.apache.thrift.TBase<TSentryPrivileg
switch (field) {
case PRIVILEGE_SCOPE:
return isSetPrivilegeScope();
- case PRIVILEGE_NAME:
- return isSetPrivilegeName();
case SERVER_NAME:
return isSetServerName();
case DB_NAME:
@@ -602,15 +567,6 @@ public class TSentryPrivilege implements org.apache.thrift.TBase<TSentryPrivileg
return false;
}
- boolean this_present_privilegeName = true && this.isSetPrivilegeName();
- boolean that_present_privilegeName = true && that.isSetPrivilegeName();
- if (this_present_privilegeName || that_present_privilegeName) {
- if (!(this_present_privilegeName && that_present_privilegeName))
- return false;
- if (!this.privilegeName.equals(that.privilegeName))
- return false;
- }
-
boolean this_present_serverName = true && this.isSetServerName();
boolean that_present_serverName = true && that.isSetServerName();
if (this_present_serverName || that_present_serverName) {
@@ -686,11 +642,6 @@ public class TSentryPrivilege implements org.apache.thrift.TBase<TSentryPrivileg
if (present_privilegeScope)
builder.append(privilegeScope);
- boolean present_privilegeName = true && (isSetPrivilegeName());
- builder.append(present_privilegeName);
- if (present_privilegeName)
- builder.append(privilegeName);
-
boolean present_serverName = true && (isSetServerName());
builder.append(present_serverName);
if (present_serverName)
@@ -747,16 +698,6 @@ public class TSentryPrivilege implements org.apache.thrift.TBase<TSentryPrivileg
return lastComparison;
}
}
- lastComparison = Boolean.valueOf(isSetPrivilegeName()).compareTo(typedOther.isSetPrivilegeName());
- if (lastComparison != 0) {
- return lastComparison;
- }
- if (isSetPrivilegeName()) {
- lastComparison = org.apache.thrift.TBaseHelper.compareTo(this.privilegeName, typedOther.privilegeName);
- if (lastComparison != 0) {
- return lastComparison;
- }
- }
lastComparison = Boolean.valueOf(isSetServerName()).compareTo(typedOther.isSetServerName());
if (lastComparison != 0) {
return lastComparison;
@@ -854,16 +795,6 @@ public class TSentryPrivilege implements org.apache.thrift.TBase<TSentryPrivileg
sb.append(this.privilegeScope);
}
first = false;
- if (isSetPrivilegeName()) {
- if (!first) sb.append(", ");
- sb.append("privilegeName:");
- if (this.privilegeName == null) {
- sb.append("null");
- } else {
- sb.append(this.privilegeName);
- }
- first = false;
- }
if (!first) sb.append(", ");
sb.append("serverName:");
if (this.serverName == null) {
@@ -991,14 +922,6 @@ public class TSentryPrivilege implements org.apache.thrift.TBase<TSentryPrivileg
org.apache.thrift.protocol.TProtocolUtil.skip(iprot, schemeField.type);
}
break;
- case 2: // PRIVILEGE_NAME
- if (schemeField.type == org.apache.thrift.protocol.TType.STRING) {
- struct.privilegeName = iprot.readString();
- struct.setPrivilegeNameIsSet(true);
- } else {
- org.apache.thrift.protocol.TProtocolUtil.skip(iprot, schemeField.type);
- }
- break;
case 3: // SERVER_NAME
if (schemeField.type == org.apache.thrift.protocol.TType.STRING) {
struct.serverName = iprot.readString();
@@ -1073,13 +996,6 @@ public class TSentryPrivilege implements org.apache.thrift.TBase<TSentryPrivileg
oprot.writeString(struct.privilegeScope);
oprot.writeFieldEnd();
}
- if (struct.privilegeName != null) {
- if (struct.isSetPrivilegeName()) {
- oprot.writeFieldBegin(PRIVILEGE_NAME_FIELD_DESC);
- oprot.writeString(struct.privilegeName);
- oprot.writeFieldEnd();
- }
- }
if (struct.serverName != null) {
oprot.writeFieldBegin(SERVER_NAME_FIELD_DESC);
oprot.writeString(struct.serverName);
@@ -1144,28 +1060,22 @@ public class TSentryPrivilege implements org.apache.thrift.TBase<TSentryPrivileg
oprot.writeString(struct.serverName);
oprot.writeString(struct.action);
BitSet optionals = new BitSet();
- if (struct.isSetPrivilegeName()) {
- optionals.set(0);
- }
if (struct.isSetDbName()) {
- optionals.set(1);
+ optionals.set(0);
}
if (struct.isSetTableName()) {
- optionals.set(2);
+ optionals.set(1);
}
if (struct.isSetURI()) {
- optionals.set(3);
+ optionals.set(2);
}
if (struct.isSetCreateTime()) {
- optionals.set(4);
+ optionals.set(3);
}
if (struct.isSetGrantorPrincipal()) {
- optionals.set(5);
- }
- oprot.writeBitSet(optionals, 6);
- if (struct.isSetPrivilegeName()) {
- oprot.writeString(struct.privilegeName);
+ optionals.set(4);
}
+ oprot.writeBitSet(optionals, 5);
if (struct.isSetDbName()) {
oprot.writeString(struct.dbName);
}
@@ -1192,28 +1102,24 @@ public class TSentryPrivilege implements org.apache.thrift.TBase<TSentryPrivileg
struct.setServerNameIsSet(true);
struct.action = iprot.readString();
struct.setActionIsSet(true);
- BitSet incoming = iprot.readBitSet(6);
+ BitSet incoming = iprot.readBitSet(5);
if (incoming.get(0)) {
- struct.privilegeName = iprot.readString();
- struct.setPrivilegeNameIsSet(true);
- }
- if (incoming.get(1)) {
struct.dbName = iprot.readString();
struct.setDbNameIsSet(true);
}
- if (incoming.get(2)) {
+ if (incoming.get(1)) {
struct.tableName = iprot.readString();
struct.setTableNameIsSet(true);
}
- if (incoming.get(3)) {
+ if (incoming.get(2)) {
struct.URI = iprot.readString();
struct.setURIIsSet(true);
}
- if (incoming.get(4)) {
+ if (incoming.get(3)) {
struct.createTime = iprot.readI64();
struct.setCreateTimeIsSet(true);
}
- if (incoming.get(5)) {
+ if (incoming.get(4)) {
struct.grantorPrincipal = iprot.readString();
struct.setGrantorPrincipalIsSet(true);
}
http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/d6b1eb6e/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/model/MSentryPrivilege.java
----------------------------------------------------------------------
diff --git a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/model/MSentryPrivilege.java b/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/model/MSentryPrivilege.java
index f8491db..d359abc 100644
--- a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/model/MSentryPrivilege.java
+++ b/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/model/MSentryPrivilege.java
@@ -23,6 +23,10 @@ import java.util.Set;
import javax.jdo.annotations.PersistenceCapable;
+import org.apache.sentry.provider.db.service.persistent.SentryStore;
+
+import com.google.common.base.Strings;
+
/**
* Database backed Sentry Privilege. Any changes to this object
* require re-running the maven build so DN an re-enhance.
@@ -34,12 +38,11 @@ public class MSentryPrivilege {
/**
* Privilege name is unique
*/
- private String privilegeName;
- private String serverName;
- private String dbName;
- private String tableName;
- private String URI;
- private String action;
+ private String serverName = "";
+ private String dbName = "";
+ private String tableName = "";
+ private String URI = "";
+ private String action = "";
// roles this privilege is a part of
private Set<MSentryRole> roles;
private long createTime;
@@ -52,13 +55,12 @@ public class MSentryPrivilege {
public MSentryPrivilege(String privilegeName, String privilegeScope,
String serverName, String dbName, String tableName, String URI,
String action) {
- this.privilegeName = privilegeName;
this.privilegeScope = privilegeScope;
this.serverName = serverName;
- this.dbName = dbName;
- this.tableName = tableName;
- this.URI = URI;
- this.action = action;
+ this.dbName = SentryStore.toNULLCol(dbName);
+ this.tableName = SentryStore.toNULLCol(tableName);
+ this.URI = SentryStore.toNULLCol(URI);
+ this.action = SentryStore.toNULLCol(action);
this.roles = new HashSet<MSentryRole>();
}
@@ -67,7 +69,7 @@ public class MSentryPrivilege {
}
public void setServerName(String serverName) {
- this.serverName = serverName;
+ this.serverName = (serverName == null) ? "" : serverName;
}
public String getDbName() {
@@ -75,7 +77,7 @@ public class MSentryPrivilege {
}
public void setDbName(String dbName) {
- this.dbName = dbName;
+ this.dbName = (dbName == null) ? "" : dbName;
}
public String getTableName() {
@@ -83,7 +85,7 @@ public class MSentryPrivilege {
}
public void setTableName(String tableName) {
- this.tableName = tableName;
+ this.tableName = (tableName == null) ? "" : tableName;
}
public String getURI() {
@@ -91,7 +93,7 @@ public class MSentryPrivilege {
}
public void setURI(String uRI) {
- URI = uRI;
+ URI = (uRI == null) ? "" : uRI;
}
public String getAction() {
@@ -99,7 +101,7 @@ public class MSentryPrivilege {
}
public void setAction(String action) {
- this.action = action;
+ this.action = (action == null) ? "" : action;
}
public long getCreateTime() {
@@ -126,14 +128,6 @@ public class MSentryPrivilege {
this.privilegeScope = privilegeScope;
}
- public String getPrivilegeName() {
- return privilegeName;
- }
-
- public void setPrivilegeName(String privilegeName) {
- this.privilegeName = privilegeName;
- }
-
public void appendRole(MSentryRole role) {
roles.add(role);
}
@@ -150,35 +144,61 @@ public class MSentryPrivilege {
@Override
public String toString() {
return "MSentryPrivilege [privilegeScope=" + privilegeScope
- + ", privilegeName=" + privilegeName + ", serverName=" + serverName
- + ", dbName=" + dbName + ", tableName=" + tableName + ", URI=" + URI
+ + ", serverName=" + serverName + ", dbName=" + dbName
+ + ", tableName=" + tableName + ", URI=" + URI
+ ", action=" + action + ", roles=[...]" + ", createTime="
+ createTime + ", grantorPrincipal=" + grantorPrincipal + "]";
}
- @Override
- public int hashCode() {
- final int prime = 31;
- int result = 1;
- result = prime * result
- + ((privilegeName == null) ? 0 : privilegeName.hashCode());
- return result;
- }
+@Override
+public int hashCode() {
+ final int prime = 31;
+ int result = 1;
+ result = prime * result + ((URI == null) ? 0 : URI.hashCode());
+ result = prime * result + ((action == null) ? 0 : action.hashCode());
+ result = prime * result + ((dbName == null) ? 0 : dbName.hashCode());
+ result = prime * result
+ + ((serverName == null) ? 0 : serverName.hashCode());
+ result = prime * result + ((tableName == null) ? 0 : tableName.hashCode());
+ return result;
+}
+
+@Override
+public boolean equals(Object obj) {
+ if (this == obj)
+ return true;
+ if (obj == null)
+ return false;
+ if (getClass() != obj.getClass())
+ return false;
+ MSentryPrivilege other = (MSentryPrivilege) obj;
+ if (URI == null) {
+ if (other.URI != null)
+ return false;
+ } else if (!URI.equals(other.URI))
+ return false;
+ if (action == null) {
+ if (other.action != null)
+ return false;
+ } else if (!action.equals(other.action))
+ return false;
+ if (dbName == null) {
+ if (other.dbName != null)
+ return false;
+ } else if (!dbName.equals(other.dbName))
+ return false;
+ if (serverName == null) {
+ if (other.serverName != null)
+ return false;
+ } else if (!serverName.equals(other.serverName))
+ return false;
+ if (tableName == null) {
+ if (other.tableName != null)
+ return false;
+ } else if (!tableName.equals(other.tableName))
+ return false;
+ return true;
+}
+
- @Override
- public boolean equals(Object obj) {
- if (this == obj)
- return true;
- if (obj == null)
- return false;
- if (getClass() != obj.getClass())
- return false;
- MSentryPrivilege other = (MSentryPrivilege) obj;
- if (privilegeName == null) {
- if (other.privilegeName != null)
- return false;
- } else if (!privilegeName.equals(other.privilegeName))
- return false;
- return true;
- }
}
http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/d6b1eb6e/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/model/package.jdo
----------------------------------------------------------------------
diff --git a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/model/package.jdo b/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/model/package.jdo
index 945227e..e3f1372 100644
--- a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/model/package.jdo
+++ b/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/model/package.jdo
@@ -87,10 +87,13 @@
<datastore-identity>
<column name="DB_PRIVILEGE_ID"/>
</datastore-identity>
- <field name="privilegeName">
- <column name="PRIVILEGE_NAME" length="4000" jdbc-type="VARCHAR"/>
- <index name="SentryPrivilegeName" unique="true"/>
- </field>
+ <index name="PRIVILEGE_INDEX" unique="true">
+ <field name="serverName"/>
+ <field name="dbName"/>
+ <field name="tableName"/>
+ <field name="URI"/>
+ <field name="action"/>
+ </index>
<field name="privilegeScope">
<column name="PRIVILEGE_SCOPE" length="40" jdbc-type="VARCHAR"/>
</field>
http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/d6b1eb6e/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/persistent/SentryStore.java
----------------------------------------------------------------------
diff --git a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/persistent/SentryStore.java b/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/persistent/SentryStore.java
index ff8acdc..a9fe01e 100644
--- a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/persistent/SentryStore.java
+++ b/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/persistent/SentryStore.java
@@ -77,6 +77,8 @@ import com.google.common.collect.Sets;
*/
public class SentryStore {
private static final UUID SERVER_UUID = UUID.randomUUID();
+
+ public static String NULL_COL = "__NULL__";
static final String DEFAULT_DATA_DIR = "sentry_policy_db";
/**
* Commit order sequence id. This is used by notification handlers
@@ -289,17 +291,15 @@ public class SentryStore {
throw new SentryNoSuchObjectException("Role: " + roleName);
} else {
- if ((privilege.getTableName() != null) || (privilege.getDbName() != null)) {
+ if ((!isNULL(privilege.getTableName())) || (!isNULL(privilege.getDbName()))) {
// If Grant is for ALL and Either INSERT/SELECT already exists..
// need to remove it and GRANT ALL..
if (privilege.getAction().equalsIgnoreCase("*")) {
TSentryPrivilege tNotAll = new TSentryPrivilege(privilege);
tNotAll.setAction(AccessConstants.SELECT);
- MSentryPrivilege mSelect = getMSentryPrivilege(
- constructPrivilegeName(tNotAll), pm);
+ MSentryPrivilege mSelect = getMSentryPrivilege(tNotAll, pm);
tNotAll.setAction(AccessConstants.INSERT);
- MSentryPrivilege mInsert = getMSentryPrivilege(
- constructPrivilegeName(tNotAll), pm);
+ MSentryPrivilege mInsert = getMSentryPrivilege(tNotAll, pm);
if ((mSelect != null) && (mRole.getPrivileges().contains(mSelect))) {
mSelect.removeRole(mRole);
pm.makePersistent(mSelect);
@@ -313,16 +313,14 @@ public class SentryStore {
// do nothing..
TSentryPrivilege tAll = new TSentryPrivilege(privilege);
tAll.setAction(AccessConstants.ALL);
- MSentryPrivilege mAll = getMSentryPrivilege(
- constructPrivilegeName(tAll), pm);
+ MSentryPrivilege mAll = getMSentryPrivilege(tAll, pm);
if ((mAll != null) && (mRole.getPrivileges().contains(mAll))) {
return;
}
}
}
- MSentryPrivilege mPrivilege = getMSentryPrivilege(
- constructPrivilegeName(privilege), pm);
+ MSentryPrivilege mPrivilege = getMSentryPrivilege(privilege, pm);
if (mPrivilege == null) {
mPrivilege = convertToMSentryPrivilege(privilege);
}
@@ -364,8 +362,7 @@ public class SentryStore {
throw new SentryNoSuchObjectException("Role: " + roleName);
} else {
query = pm.newQuery(MSentryPrivilege.class);
- MSentryPrivilege mPrivilege = getMSentryPrivilege(
- constructPrivilegeName(tPrivilege), pm);
+ MSentryPrivilege mPrivilege = getMSentryPrivilege(tPrivilege, pm);
if (mPrivilege == null) {
mPrivilege = convertToMSentryPrivilege(tPrivilege);
} else {
@@ -390,7 +387,7 @@ public class SentryStore {
private void revokePartial(PersistenceManager pm,
TSentryPrivilege requestedPrivToRevoke, MSentryRole mRole,
MSentryPrivilege currentPrivilege) throws SentryInvalidInputException {
- MSentryPrivilege persistedPriv = getMSentryPrivilege(constructPrivilegeName(convertToTSentryPrivilege(currentPrivilege)), pm);
+ MSentryPrivilege persistedPriv = getMSentryPrivilege(convertToTSentryPrivilege(currentPrivilege), pm);
if (persistedPriv == null) {
persistedPriv = convertToMSentryPrivilege(convertToTSentryPrivilege(currentPrivilege));
}
@@ -415,13 +412,13 @@ public class SentryStore {
pm.makePersistent(persistedPriv);
currentPrivilege.setAction(AccessConstants.ALL);
- persistedPriv = getMSentryPrivilege(constructPrivilegeName(convertToTSentryPrivilege(currentPrivilege)), pm);
+ persistedPriv = getMSentryPrivilege(convertToTSentryPrivilege(currentPrivilege), pm);
if ((persistedPriv != null)&&(mRole.getPrivileges().contains(persistedPriv))) {
persistedPriv.removeRole(mRole);
pm.makePersistent(persistedPriv);
currentPrivilege.setAction(addAction);
- persistedPriv = getMSentryPrivilege(constructPrivilegeName(convertToTSentryPrivilege(currentPrivilege)), pm);
+ persistedPriv = getMSentryPrivilege(convertToTSentryPrivilege(currentPrivilege), pm);
if (persistedPriv == null) {
persistedPriv = convertToMSentryPrivilege(convertToTSentryPrivilege(currentPrivilege));
mRole.appendPrivilege(persistedPriv);
@@ -438,12 +435,12 @@ public class SentryStore {
*/
private void populateChildren(Set<String> roleNames, MSentryPrivilege priv,
Set<MSentryPrivilege> children) throws SentryInvalidInputException {
- if ((priv.getServerName() != null) || (priv.getDbName() != null)) {
+ if ((!isNULL(priv.getServerName())) || (!isNULL(priv.getDbName()))) {
// Get all DBLevel Privs
Set<MSentryPrivilege> childPrivs = getChildPrivileges(roleNames, priv);
for (MSentryPrivilege childPriv : childPrivs) {
// Only recurse for db level privs..
- if ((childPriv.getDbName() != null) && (childPriv.getTableName() == null)) {
+ if ((!isNULL(childPriv.getDbName())) && (!isNULL(childPriv.getTableName()))) {
populateChildren(roleNames, childPriv, children);
}
children.add(childPriv);
@@ -454,7 +451,7 @@ public class SentryStore {
private Set<MSentryPrivilege> getChildPrivileges(Set<String> roleNames,
MSentryPrivilege parent) throws SentryInvalidInputException {
// Table and URI do not have children
- if ((parent.getTableName() != null)||(parent.getURI() != null)) return new HashSet<MSentryPrivilege>();
+ if ((!isNULL(parent.getTableName()))||(!isNULL(parent.getURI()))) return new HashSet<MSentryPrivilege>();
boolean rollbackTransaction = true;
PersistenceManager pm = null;
try {
@@ -469,11 +466,11 @@ public class SentryStore {
StringBuilder filters = new StringBuilder("roles.contains(role) "
+ "&& (" + Joiner.on(" || ").join(rolesFiler) + ")");
filters.append(" && serverName == \"" + parent.getServerName() + "\"");
- if (parent.getDbName() != null) {
+ if (!isNULL(parent.getDbName())) {
filters.append(" && dbName == \"" + parent.getDbName() + "\"");
- filters.append(" && tableName != null");
+ filters.append(" && tableName != \"__NULL__\"");
} else {
- filters.append(" && (dbName != null || URI != null)");
+ filters.append(" && (dbName != \"__NULL__\" || URI != \"__NULL__\")");
}
query.setFilter(filters.toString());
query
@@ -488,7 +485,6 @@ public class SentryStore {
priv.setURI((String) privObj[4]);
priv.setAction((String) privObj[5]);
priv.setGrantorPrincipal((String) privObj[6]);
- priv.setPrivilegeName(constructPrivilegeName(convertToTSentryPrivilege(priv)));
privileges.add(priv);
}
rollbackTransaction = false;
@@ -501,97 +497,20 @@ public class SentryStore {
}
}
- private MSentryPrivilege getMSentryPrivilege(String privilegeName, PersistenceManager pm) {
- Query query = pm.newQuery(MSentryPrivilege.class);
- query.setFilter("this.privilegeName == t");
- query.declareParameters("java.lang.String t");
+ private MSentryPrivilege getMSentryPrivilege(TSentryPrivilege tPriv, PersistenceManager pm) {
+ Query query = pm.newQuery(MSentryPrivilege.class);
+ query.setFilter("this.serverName == \"" + toNULLCol(tPriv.getServerName()) + "\" "
+ + "&& this.dbName == \"" + toNULLCol(tPriv.getDbName()) + "\" "
+ + "&& this.tableName == \"" + toNULLCol(tPriv.getTableName()) + "\" "
+ + "&& this.URI == \"" + toNULLCol(tPriv.getURI()) + "\" "
+ + "&& this.action == \"" + toNULLCol(tPriv.getAction().toLowerCase()) + "\"");
query.setUnique(true);
- Object obj = query.execute(privilegeName);
+ Object obj = query.execute();
if (obj != null)
return (MSentryPrivilege) obj;
return null;
}
- //TODO:Validate privilege scope?
- @VisibleForTesting
- public static String constructPrivilegeName(TSentryPrivilege privilege) throws SentryInvalidInputException {
- StringBuilder privilegeName = new StringBuilder();
- String serverName = safeTrimLower(privilege.getServerName());
- String dbName = safeTrimLower(privilege.getDbName());
- String tableName = safeTrimLower(privilege.getTableName());
- String uri = privilege.getURI();
- String action = safeTrimLower(privilege.getAction());
- PrivilegeScope scope;
-
- if (serverName == null) {
- throw new SentryInvalidInputException("Server name is null");
- }
-
- if (AccessConstants.SELECT.equalsIgnoreCase(action) ||
- AccessConstants.INSERT.equalsIgnoreCase(action)) {
- if (Strings.nullToEmpty(tableName).trim().isEmpty()
- &&Strings.nullToEmpty(dbName).trim().isEmpty()) {
- throw new SentryInvalidInputException("Either Table name or Db name must be NON-NULL for SELECT/INSERT privilege");
- }
- }
- if (action == null) {
- action = AccessConstants.ALL;
- }
-
- // Validate privilege scope
- try {
- scope = Enum.valueOf(PrivilegeScope.class, privilege.getPrivilegeScope().toUpperCase());
- } catch (IllegalArgumentException e) {
- throw new SentryInvalidInputException("Invalid Privilege scope: " +
- privilege.getPrivilegeScope());
- }
- if (PrivilegeScope.SERVER.equals(scope)) {
- if (StringUtils.isNotEmpty(dbName) || StringUtils.isNotEmpty(tableName)) {
- throw new SentryInvalidInputException("DB and TABLE names should not be "
- + "set for SERVER scope");
- }
- } else if (PrivilegeScope.DATABASE.equals(scope)) {
- if (StringUtils.isEmpty(dbName)) {
- throw new SentryInvalidInputException("DB name not set for DB scope");
- }
- if (StringUtils.isNotEmpty(tableName)) {
- StringUtils.isNotEmpty("TABLE names should not be set for DB scope");
- }
- } else if (PrivilegeScope.TABLE.equals(scope)) {
- if (StringUtils.isEmpty(dbName) || StringUtils.isEmpty(tableName)) {
- throw new SentryInvalidInputException("TABLE or DB name not set for TABLE scope");
- }
- } else if (PrivilegeScope.URI.equals(scope)){
- if (StringUtils.isEmpty(uri)) {
- throw new SentryInvalidInputException("URI path not set for URI scope");
- }
- if (StringUtils.isNotEmpty(tableName)) {
- throw new SentryInvalidInputException("TABLE should not be set for URI scope");
- }
- } else {
- throw new SentryInvalidInputException("Unsupported operation scope: " + scope);
- }
-
- if (uri == null || uri.equals("")) {
- privilegeName.append(serverName);
- privilegeName.append("+");
- privilegeName.append(dbName);
-
- if (tableName != null && !tableName.equals("")) {
- privilegeName.append("+");
- privilegeName.append(tableName);
- }
- privilegeName.append("+");
- privilegeName.append(action);
- } else {
- privilegeName.append(serverName);
- privilegeName.append("+");
- privilegeName.append(uri);
- }
- return privilegeName.toString();
- }
-
-
public CommitContext dropSentryRole(String roleName)
throws SentryNoSuchObjectException {
boolean rollbackTransaction = true;
@@ -781,15 +700,15 @@ public class SentryStore {
if ((authHierarchy != null) && (authHierarchy.getServer() != null)) {
filters.append("&& serverName == \"" + authHierarchy.getServer().toLowerCase() + "\"");
if (authHierarchy.getDb() != null) {
- filters.append(" && ((dbName == \"" + authHierarchy.getDb().toLowerCase() + "\") || (dbName == null)) && (URI == null)");
+ filters.append(" && ((dbName == \"" + authHierarchy.getDb().toLowerCase() + "\") || (dbName == \"__NULL__\")) && (URI == \"__NULL__\")");
if ((authHierarchy.getTable() != null)
&& !AccessConstants.ALL
.equalsIgnoreCase(authHierarchy.getTable())) {
- filters.append(" && ((tableName == \"" + authHierarchy.getTable().toLowerCase() + "\") || (tableName == null)) && (URI == null)");
+ filters.append(" && ((tableName == \"" + authHierarchy.getTable().toLowerCase() + "\") || (tableName == \"__NULL__\")) && (URI == \"__NULL__\")");
}
}
if (authHierarchy.getUri() != null) {
- filters.append(" && ((\"" + authHierarchy.getUri() + "\".startsWith(URI)) || (URI == null)) && (dbName == null)");
+ filters.append(" && ((URI != \"__NULL__\") && (\"" + authHierarchy.getUri() + "\".startsWith(URI)) || (URI == \"__NULL__\")) && (dbName == \"__NULL__\")");
}
}
query.setFilter(filters.toString());
@@ -1008,11 +927,11 @@ public class SentryStore {
List<String> authorizable = new ArrayList<String>(4);
authorizable.add(KV_JOINER.join(AuthorizableType.Server.name().toLowerCase(),
privilege.getServerName()));
- if (Strings.nullToEmpty(privilege.getURI()).isEmpty()) {
- if (!Strings.nullToEmpty(privilege.getDbName()).isEmpty()) {
+ if (isNULL(privilege.getURI())) {
+ if (!isNULL(privilege.getDbName())) {
authorizable.add(KV_JOINER.join(AuthorizableType.Db.name().toLowerCase(),
privilege.getDbName()));
- if (!Strings.nullToEmpty(privilege.getTableName()).isEmpty()) {
+ if (!isNULL(privilege.getTableName())) {
authorizable.add(KV_JOINER.join(AuthorizableType.Table.name().toLowerCase(),
privilege.getTableName()));
}
@@ -1021,7 +940,7 @@ public class SentryStore {
authorizable.add(KV_JOINER.join(AuthorizableType.URI.name().toLowerCase(),
privilege.getURI()));
}
- if (!Strings.nullToEmpty(privilege.getAction()).isEmpty()
+ if (!isNULL(privilege.getAction())
&& !privilege.getAction().equalsIgnoreCase(AccessConstants.ALL)) {
authorizable
.add(KV_JOINER.join(ProviderConstants.PRIVILEGE_NAME.toLowerCase(),
@@ -1087,13 +1006,12 @@ public class SentryStore {
private TSentryPrivilege convertToTSentryPrivilege(MSentryPrivilege mSentryPrivilege) {
TSentryPrivilege privilege = new TSentryPrivilege();
privilege.setCreateTime(mSentryPrivilege.getCreateTime());
- privilege.setPrivilegeName(mSentryPrivilege.getPrivilegeName());
- privilege.setAction(mSentryPrivilege.getAction());
+ privilege.setAction(fromNULLCol(mSentryPrivilege.getAction()));
privilege.setPrivilegeScope(mSentryPrivilege.getPrivilegeScope());
- privilege.setServerName(mSentryPrivilege.getServerName());
- privilege.setDbName(mSentryPrivilege.getDbName());
- privilege.setTableName(mSentryPrivilege.getTableName());
- privilege.setURI(mSentryPrivilege.getURI());
+ privilege.setServerName(fromNULLCol(mSentryPrivilege.getServerName()));
+ privilege.setDbName(fromNULLCol(mSentryPrivilege.getDbName()));
+ privilege.setTableName(fromNULLCol(mSentryPrivilege.getTableName()));
+ privilege.setURI(fromNULLCol(mSentryPrivilege.getURI()));
privilege.setGrantorPrincipal(mSentryPrivilege.getGrantorPrincipal());
return privilege;
}
@@ -1106,15 +1024,14 @@ public class SentryStore {
private MSentryPrivilege convertToMSentryPrivilege(TSentryPrivilege privilege)
throws SentryInvalidInputException {
MSentryPrivilege mSentryPrivilege = new MSentryPrivilege();
- mSentryPrivilege.setServerName(safeTrimLower(privilege.getServerName()));
- mSentryPrivilege.setDbName(safeTrimLower(privilege.getDbName()));
- mSentryPrivilege.setTableName(safeTrimLower(privilege.getTableName()));
+ mSentryPrivilege.setServerName(toNULLCol(safeTrimLower(privilege.getServerName())));
+ mSentryPrivilege.setDbName(toNULLCol(safeTrimLower(privilege.getDbName())));
+ mSentryPrivilege.setTableName(toNULLCol(safeTrimLower(privilege.getTableName())));
mSentryPrivilege.setPrivilegeScope(safeTrim(privilege.getPrivilegeScope()));
- mSentryPrivilege.setAction(safeTrim(privilege.getAction()));
+ mSentryPrivilege.setAction(toNULLCol(safeTrimLower(privilege.getAction())));
mSentryPrivilege.setCreateTime(System.currentTimeMillis());
mSentryPrivilege.setGrantorPrincipal(safeTrim(privilege.getGrantorPrincipal()));
- mSentryPrivilege.setURI(safeTrim(privilege.getURI()));
- mSentryPrivilege.setPrivilegeName(constructPrivilegeName(privilege));
+ mSentryPrivilege.setURI(toNULLCol(safeTrim(privilege.getURI())));
return mSentryPrivilege;
}
private static String safeTrim(String s) {
@@ -1312,10 +1229,8 @@ public class SentryStore {
TSentryPrivilege newTPrivilege) throws SentryNoSuchObjectException,
SentryInvalidInputException {
HashSet<MSentryRole> roleSet = Sets.newHashSet();
- tPrivilege.setPrivilegeName(constructPrivilegeName(tPrivilege));
- MSentryPrivilege mPrivilege = getMSentryPrivilege(
- tPrivilege.getPrivilegeName(), pm);
+ MSentryPrivilege mPrivilege = getMSentryPrivilege(tPrivilege, pm);
if (mPrivilege != null) {
roleSet.addAll(ImmutableSet.copyOf((mPrivilege.getRoles())));
}
@@ -1336,17 +1251,17 @@ public class SentryStore {
private TSentryPrivilege toSentryPrivilege(TSentryAuthorizable tAuthorizable,
String grantorPrincipal) throws SentryInvalidInputException {
TSentryPrivilege tSentryPrivilege = new TSentryPrivilege();
- tSentryPrivilege.setDbName(tAuthorizable.getDb());
- tSentryPrivilege.setServerName(tAuthorizable.getServer());
- tSentryPrivilege.setTableName(tAuthorizable.getTable());
- tSentryPrivilege.setURI(tAuthorizable.getUri());
+ tSentryPrivilege.setDbName(fromNULLCol(tAuthorizable.getDb()));
+ tSentryPrivilege.setServerName(fromNULLCol(tAuthorizable.getServer()));
+ tSentryPrivilege.setTableName(fromNULLCol(tAuthorizable.getTable()));
+ tSentryPrivilege.setURI(fromNULLCol(tAuthorizable.getUri()));
tSentryPrivilege.setGrantorPrincipal(grantorPrincipal);
PrivilegeScope scope;
- if (tSentryPrivilege.getTableName() != null) {
+ if (!isNULL(tSentryPrivilege.getTableName())) {
scope = PrivilegeScope.TABLE;
- } else if (tSentryPrivilege.getDbName() != null) {
+ } else if (!isNULL(tSentryPrivilege.getDbName())) {
scope = PrivilegeScope.DATABASE;
- } else if (tSentryPrivilege.getURI() != null) {
+ } else if (!isNULL(tSentryPrivilege.getURI())) {
scope = PrivilegeScope.URI;
} else {
scope = PrivilegeScope.SERVER;
@@ -1355,4 +1270,16 @@ public class SentryStore {
tSentryPrivilege.setAction(AccessConstants.ALL);
return tSentryPrivilege;
}
+
+ public static String toNULLCol(String s) {
+ return Strings.isNullOrEmpty(s) ? NULL_COL : s;
+ }
+
+ public static String fromNULLCol(String s) {
+ return isNULL(s) ? "" : s;
+ }
+
+ public static boolean isNULL(String s) {
+ return Strings.isNullOrEmpty(s) || s.equals(NULL_COL);
+ }
}
http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/d6b1eb6e/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/thrift/SentryPolicyStoreProcessor.java
----------------------------------------------------------------------
diff --git a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/thrift/SentryPolicyStoreProcessor.java b/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/thrift/SentryPolicyStoreProcessor.java
index 3bb7285..1b05db3 100644
--- a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/thrift/SentryPolicyStoreProcessor.java
+++ b/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/thrift/SentryPolicyStoreProcessor.java
@@ -207,7 +207,11 @@ public class SentryPolicyStoreProcessor implements SentryPolicyService.Iface {
notificationHandlerInvoker.alter_sentry_role_revoke_privilege(commitContext,
request, response);
} catch (SentryNoSuchObjectException e) {
- String msg = "Privilege: " + request.getPrivilege().getPrivilegeName() + " doesn't exist.";
+ String msg = "Privilege: [server=" + request.getPrivilege().getServerName() +
+ ",db=" + request.getPrivilege().getDbName() +
+ ",table=" + request.getPrivilege().getTableName() +
+ ",URI=" + request.getPrivilege().getURI() +
+ ",action=" + request.getPrivilege().getAction() + "] doesn't exist.";
LOGGER.error(msg, e);
response.setStatus(Status.NoSuchObject(msg, e));
} catch (SentryInvalidInputException e) {
http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/d6b1eb6e/sentry-provider/sentry-provider-db/src/main/resources/sentry-db2-1.4.0.sql
----------------------------------------------------------------------
diff --git a/sentry-provider/sentry-provider-db/src/main/resources/sentry-db2-1.4.0.sql b/sentry-provider/sentry-provider-db/src/main/resources/sentry-db2-1.4.0.sql
index f2a62d2..3886d29 100644
--- a/sentry-provider/sentry-provider-db/src/main/resources/sentry-db2-1.4.0.sql
+++ b/sentry-provider/sentry-provider-db/src/main/resources/sentry-db2-1.4.0.sql
@@ -22,7 +22,6 @@ CREATE TABLE SENTRY_DB_PRIVILEGE
CREATE_TIME BIGINT NOT NULL,
DB_NAME VARCHAR(4000),
GRANTOR_PRINCIPAL VARCHAR(4000),
- PRIVILEGE_NAME VARCHAR(4000),
PRIVILEGE_SCOPE VARCHAR(40),
"SERVER_NAME" VARCHAR(4000),
"TABLE_NAME" VARCHAR(4000)
@@ -79,7 +78,7 @@ CREATE TABLE "SENTRY_VERSION" (
ALTER TABLE SENTRY_VERSION ADD CONSTRAINT SENTRY_VERSION_PK PRIMARY KEY (VER_ID);
-- Constraints for table SENTRY_DB_PRIVILEGE for class(es) [org.apache.sentry.provider.db.service.model.MSentryPrivilege]
-CREATE UNIQUE INDEX SENTRYPRIVILEGENAME ON SENTRY_DB_PRIVILEGE (PRIVILEGE_NAME);
+CREATE UNIQUE INDEX SENTRYPRIVILEGENAME ON SENTRY_DB_PRIVILEGE ("SERVER_NAME",DB_NAME,"TABLE_NAME",URI,"ACTION");
-- Constraints for table SENTRY_ROLE for class(es) [org.apache.sentry.provider.db.service.model.MSentryRole]
http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/d6b1eb6e/sentry-provider/sentry-provider-db/src/main/resources/sentry-derby-1.4.0.sql
----------------------------------------------------------------------
diff --git a/sentry-provider/sentry-provider-db/src/main/resources/sentry-derby-1.4.0.sql b/sentry-provider/sentry-provider-db/src/main/resources/sentry-derby-1.4.0.sql
index f2a62d2..3886d29 100644
--- a/sentry-provider/sentry-provider-db/src/main/resources/sentry-derby-1.4.0.sql
+++ b/sentry-provider/sentry-provider-db/src/main/resources/sentry-derby-1.4.0.sql
@@ -22,7 +22,6 @@ CREATE TABLE SENTRY_DB_PRIVILEGE
CREATE_TIME BIGINT NOT NULL,
DB_NAME VARCHAR(4000),
GRANTOR_PRINCIPAL VARCHAR(4000),
- PRIVILEGE_NAME VARCHAR(4000),
PRIVILEGE_SCOPE VARCHAR(40),
"SERVER_NAME" VARCHAR(4000),
"TABLE_NAME" VARCHAR(4000)
@@ -79,7 +78,7 @@ CREATE TABLE "SENTRY_VERSION" (
ALTER TABLE SENTRY_VERSION ADD CONSTRAINT SENTRY_VERSION_PK PRIMARY KEY (VER_ID);
-- Constraints for table SENTRY_DB_PRIVILEGE for class(es) [org.apache.sentry.provider.db.service.model.MSentryPrivilege]
-CREATE UNIQUE INDEX SENTRYPRIVILEGENAME ON SENTRY_DB_PRIVILEGE (PRIVILEGE_NAME);
+CREATE UNIQUE INDEX SENTRYPRIVILEGENAME ON SENTRY_DB_PRIVILEGE ("SERVER_NAME",DB_NAME,"TABLE_NAME",URI,"ACTION");
-- Constraints for table SENTRY_ROLE for class(es) [org.apache.sentry.provider.db.service.model.MSentryRole]
http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/d6b1eb6e/sentry-provider/sentry-provider-db/src/main/resources/sentry-mysql-1.4.0.sql
----------------------------------------------------------------------
diff --git a/sentry-provider/sentry-provider-db/src/main/resources/sentry-mysql-1.4.0.sql b/sentry-provider/sentry-provider-db/src/main/resources/sentry-mysql-1.4.0.sql
index 70f4dbb..fee5028 100644
--- a/sentry-provider/sentry-provider-db/src/main/resources/sentry-mysql-1.4.0.sql
+++ b/sentry-provider/sentry-provider-db/src/main/resources/sentry-mysql-1.4.0.sql
@@ -27,7 +27,6 @@
CREATE TABLE `SENTRY_DB_PRIVILEGE` (
`DB_PRIVILEGE_ID` BIGINT NOT NULL,
- `PRIVILEGE_NAME` VARCHAR(4000) CHARACTER SET utf8 COLLATE utf8_bin NOT NULL,
`PRIVILEGE_SCOPE` VARCHAR(32) CHARACTER SET utf8 COLLATE utf8_bin NOT NULL,
`SERVER_NAME` VARCHAR(128) CHARACTER SET utf8 COLLATE utf8_bin NOT NULL,
`DB_NAME` VARCHAR(128) CHARACTER SET utf8 COLLATE utf8_bin DEFAULT NULL,
@@ -81,7 +80,7 @@ ALTER TABLE `SENTRY_VERSION`
ADD CONSTRAINT `SENTRY_VERSION` PRIMARY KEY (`VER_ID`);
ALTER TABLE `SENTRY_DB_PRIVILEGE`
- ADD INDEX `SENTRY_DB_PRIV_PRIV_NAME_UNIQ` (`PRIVILEGE_NAME`(250));
+ ADD UNIQUE `SENTRY_DB_PRIV_PRIV_NAME_UNIQ` (`SERVER_NAME`,`DB_NAME`,`TABLE_NAME`,`URI`(250),`ACTION`);
ALTER TABLE `SENTRY_DB_PRIVILEGE`
ADD INDEX `SENTRY_PRIV_SERV_IDX` (`SERVER_NAME`);
http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/d6b1eb6e/sentry-provider/sentry-provider-db/src/main/resources/sentry-oracle-1.4.0.sql
----------------------------------------------------------------------
diff --git a/sentry-provider/sentry-provider-db/src/main/resources/sentry-oracle-1.4.0.sql b/sentry-provider/sentry-provider-db/src/main/resources/sentry-oracle-1.4.0.sql
index 363590e..cbdd337 100644
--- a/sentry-provider/sentry-provider-db/src/main/resources/sentry-oracle-1.4.0.sql
+++ b/sentry-provider/sentry-provider-db/src/main/resources/sentry-oracle-1.4.0.sql
@@ -15,7 +15,6 @@
CREATE TABLE "SENTRY_DB_PRIVILEGE" (
"DB_PRIVILEGE_ID" NUMBER NOT NULL,
- "PRIVILEGE_NAME" VARCHAR2(4000) NOT NULL,
"PRIVILEGE_SCOPE" VARCHAR2(32) NOT NULL,
"SERVER_NAME" VARCHAR2(128) NOT NULL,
"DB_NAME" VARCHAR2(128) NULL,
@@ -68,7 +67,7 @@ ALTER TABLE "SENTRY_GROUP"
ALTER TABLE "SENTRY_VERSION" ADD CONSTRAINT "SENTRY_VERSION_PK" PRIMARY KEY ("VER_ID");
ALTER TABLE "SENTRY_DB_PRIVILEGE"
- ADD CONSTRAINT "SENTRY_DB_PRIV_PRIV_NAME_UNIQ" UNIQUE ("PRIVILEGE_NAME");
+ ADD CONSTRAINT "SENTRY_DB_PRIV_PRIV_NAME_UNIQ" UNIQUE ("SERVER_NAME","DB_NAME","TABLE_NAME","URI","ACTION");
CREATE INDEX "SENTRY_SERV_PRIV_IDX" ON "SENTRY_DB_PRIVILEGE" ("SERVER_NAME");
http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/d6b1eb6e/sentry-provider/sentry-provider-db/src/main/resources/sentry-postgres-1.4.0.sql
----------------------------------------------------------------------
diff --git a/sentry-provider/sentry-provider-db/src/main/resources/sentry-postgres-1.4.0.sql b/sentry-provider/sentry-provider-db/src/main/resources/sentry-postgres-1.4.0.sql
index 5dfae03..5a30aa7 100644
--- a/sentry-provider/sentry-provider-db/src/main/resources/sentry-postgres-1.4.0.sql
+++ b/sentry-provider/sentry-provider-db/src/main/resources/sentry-postgres-1.4.0.sql
@@ -27,7 +27,6 @@ SET default_with_oids = false;
CREATE TABLE "SENTRY_DB_PRIVILEGE" (
"DB_PRIVILEGE_ID" BIGINT NOT NULL,
- "PRIVILEGE_NAME" character varying(4000) NOT NULL,
"PRIVILEGE_SCOPE" character varying(32) NOT NULL,
"SERVER_NAME" character varying(128) NOT NULL,
"DB_NAME" character varying(128) DEFAULT NULL::character varying,
@@ -81,7 +80,7 @@ ALTER TABLE ONLY "SENTRY_GROUP"
ALTER TABLE ONLY "SENTRY_VERSION" ADD CONSTRAINT "SENTRY_VERSION_PK" PRIMARY KEY ("VER_ID");
ALTER TABLE ONLY "SENTRY_DB_PRIVILEGE"
- ADD CONSTRAINT "SENTRY_DB_PRIV_PRIV_NAME_UNIQ" UNIQUE ("PRIVILEGE_NAME");
+ ADD CONSTRAINT "SENTRY_DB_PRIV_PRIV_NAME_UNIQ" UNIQUE ("SERVER_NAME","DB_NAME","TABLE_NAME","URI", "ACTION");
CREATE INDEX "SENTRY_PRIV_SERV_IDX" ON "SENTRY_DB_PRIVILEGE" USING btree ("SERVER_NAME");
http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/d6b1eb6e/sentry-provider/sentry-provider-db/src/main/resources/sentry_policy_service.thrift
----------------------------------------------------------------------
diff --git a/sentry-provider/sentry-provider-db/src/main/resources/sentry_policy_service.thrift b/sentry-provider/sentry-provider-db/src/main/resources/sentry_policy_service.thrift
index fdc7b9c..eb3e73e 100644
--- a/sentry-provider/sentry-provider-db/src/main/resources/sentry_policy_service.thrift
+++ b/sentry-provider/sentry-provider-db/src/main/resources/sentry_policy_service.thrift
@@ -33,12 +33,11 @@ namespace cpp Apache.Sentry.Provider.Db.Service.Thrift
# Represents a Privilege in transport from the client to the server
struct TSentryPrivilege {
1: required string privilegeScope, # Valid values are SERVER, DATABASE, TABLE
-2: optional string privilegeName, # Generated on server side
3: required string serverName,
-4: optional string dbName,
-5: optional string tableName,
-6: optional string URI,
-7: required string action,
+4: optional string dbName = "",
+5: optional string tableName = "",
+6: optional string URI = "",
+7: required string action = "",
8: optional i64 createTime, # Set on server side
9: optional string grantorPrincipal # Set on server side
}
http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/d6b1eb6e/sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/provider/db/service/persistent/TestSentryStore.java
----------------------------------------------------------------------
diff --git a/sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/provider/db/service/persistent/TestSentryStore.java b/sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/provider/db/service/persistent/TestSentryStore.java
index 7637376..7e1ae58 100644
--- a/sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/provider/db/service/persistent/TestSentryStore.java
+++ b/sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/provider/db/service/persistent/TestSentryStore.java
@@ -89,7 +89,6 @@ public class TestSentryStore {
privilege.setAction(AccessConstants.ALL);
privilege.setGrantorPrincipal(grantor);
privilege.setCreateTime(System.currentTimeMillis());
- privilege.setPrivilegeName(SentryStore.constructPrivilegeName(privilege));
long seqId = sentryStore.createSentryRole(roleName, grantor).getSequenceId();
assertEquals(seqId + 1, sentryStore.alterSentryRoleAddGroups(grantor, roleName, groups).getSequenceId());
@@ -105,7 +104,6 @@ public class TestSentryStore {
sentryStore.createSentryRole(roleName, grantor);
TSentryPrivilege tSentryPrivilege = new TSentryPrivilege("URI", "server1", "ALL");
tSentryPrivilege.setURI(uri);
- tSentryPrivilege.setPrivilegeName(SentryStore.constructPrivilegeName(tSentryPrivilege));
sentryStore.alterSentryRoleGrantPrivilege(roleName, tSentryPrivilege);
TSentryAuthorizable tSentryAuthorizable = new TSentryAuthorizable();
@@ -128,7 +126,7 @@ public class TestSentryStore {
sentryStore.listSentryPrivilegesForProvider(new HashSet<String>(Arrays.asList("group1")), thriftRoleSet, tSentryAuthorizable);
assertTrue(privs.size()==1);
- assertTrue(privs.contains("server=server1->uri=" + uri + "->action=ALL"));
+ assertTrue(privs.contains("server=server1->uri=" + uri + "->action=all"));
}
@Test
@@ -205,13 +203,11 @@ public class TestSentryStore {
privilege.setAction(AccessConstants.ALL);
privilege.setGrantorPrincipal(grantor);
privilege.setCreateTime(System.currentTimeMillis());
- privilege.setPrivilegeName(SentryStore.constructPrivilegeName(privilege));
assertEquals(seqId + 1, sentryStore.alterSentryRoleGrantPrivilege(roleName, privilege)
.getSequenceId());
MSentryRole role = sentryStore.getMSentryRoleByName(roleName);
Set<MSentryPrivilege> privileges = role.getPrivileges();
assertEquals(privileges.toString(), 1, privileges.size());
- assertEquals(privilege.getPrivilegeName(), Iterables.get(privileges, 0).getPrivilegeName());
privilege.setAction(AccessConstants.SELECT);
assertEquals(seqId + 2, sentryStore.alterSentryRoleRevokePrivilege(roleName, privilege)
.getSequenceId());
@@ -241,7 +237,6 @@ public class TestSentryStore {
privilege1.setAction("SELECT");
privilege1.setGrantorPrincipal(grantor);
privilege1.setCreateTime(System.currentTimeMillis());
- privilege1.setPrivilegeName(SentryStore.constructPrivilegeName(privilege1));
assertEquals(seqId + 2, sentryStore.alterSentryRoleGrantPrivilege(roleName1, privilege1)
.getSequenceId());
assertEquals(seqId + 3, sentryStore.alterSentryRoleGrantPrivilege(roleName2, privilege1)
@@ -251,7 +246,6 @@ public class TestSentryStore {
privilege2.setServerName("server1");
privilege2.setGrantorPrincipal(grantor);
privilege2.setCreateTime(System.currentTimeMillis());
- privilege2.setPrivilegeName(SentryStore.constructPrivilegeName(privilege2));
assertEquals(seqId + 4, sentryStore.alterSentryRoleGrantPrivilege(roleName2, privilege2)
.getSequenceId());
Set<TSentryGroup> groups = Sets.newHashSet();
@@ -377,25 +371,20 @@ public class TestSentryStore {
privilege_tbl1.setTableName("tbl1");
privilege_tbl1.setGrantorPrincipal(grantor);
privilege_tbl1.setCreateTime(System.currentTimeMillis());
- privilege_tbl1.setPrivilegeName(SentryStore.constructPrivilegeName(privilege_tbl1));
TSentryPrivilege privilege1 = new TSentryPrivilege(privilege_tbl1);
privilege1.setAction("SELECT");
- privilege1.setPrivilegeName(SentryStore.constructPrivilegeName(privilege1));
TSentryPrivilege privilege2_1 = new TSentryPrivilege(privilege_tbl1);
privilege2_1.setAction("INSERT");
- privilege2_1.setPrivilegeName(SentryStore.constructPrivilegeName(privilege2_1));
TSentryPrivilege privilege3_1 = new TSentryPrivilege(privilege_tbl1);
privilege3_1.setAction("*");
- privilege3_1.setPrivilegeName(SentryStore.constructPrivilegeName(privilege3_1));
TSentryPrivilege privilege_server = new TSentryPrivilege();
privilege_server.setPrivilegeScope("SERVER");
privilege_server.setServerName("server1");
privilege_server.setGrantorPrincipal(grantor);
privilege_server.setCreateTime(System.currentTimeMillis());
- privilege_server.setPrivilegeName(SentryStore.constructPrivilegeName(privilege_server));
TSentryPrivilege privilege_tbl2 = new TSentryPrivilege();
privilege_tbl2.setPrivilegeScope("TABLE");
@@ -407,12 +396,9 @@ public class TestSentryStore {
TSentryPrivilege privilege2_3 = new TSentryPrivilege(privilege_tbl2);
privilege2_3.setAction("SELECT");
- privilege2_3.setPrivilegeName(SentryStore
- .constructPrivilegeName(privilege2_3));
TSentryPrivilege privilege3_2 = new TSentryPrivilege(privilege_tbl2);
privilege3_2.setAction("INSERT");
- privilege2_3.setPrivilegeName(SentryStore.constructPrivilegeName(privilege2_3));
sentryStore.alterSentryRoleGrantPrivilege(roleName1, privilege1);
@@ -453,19 +439,13 @@ public class TestSentryStore {
privilege_tbl1.setTableName("tbl1");
privilege_tbl1.setGrantorPrincipal(grantor);
privilege_tbl1.setCreateTime(System.currentTimeMillis());
- privilege_tbl1.setPrivilegeName(SentryStore
- .constructPrivilegeName(privilege_tbl1));
TSentryPrivilege privilege_tbl1_insert = new TSentryPrivilege(
privilege_tbl1);
privilege_tbl1_insert.setAction("INSERT");
- privilege_tbl1_insert.setPrivilegeName(SentryStore
- .constructPrivilegeName(privilege_tbl1_insert));
TSentryPrivilege privilege_tbl1_all = new TSentryPrivilege(privilege_tbl1);
privilege_tbl1_all.setAction("*");
- privilege_tbl1_all.setPrivilegeName(SentryStore
- .constructPrivilegeName(privilege_tbl1_all));
sentryStore.alterSentryRoleGrantPrivilege(roleName1, privilege_tbl1_insert);
sentryStore.alterSentryRoleGrantPrivilege(roleName1, privilege_tbl1_all);
@@ -507,25 +487,17 @@ public class TestSentryStore {
privilege_tbl1.setTableName(table1);
privilege_tbl1.setGrantorPrincipal(grantor);
privilege_tbl1.setCreateTime(System.currentTimeMillis());
- privilege_tbl1.setPrivilegeName(SentryStore
- .constructPrivilegeName(privilege_tbl1));
TSentryPrivilege privilege_tbl1_insert = new TSentryPrivilege(
privilege_tbl1);
privilege_tbl1_insert.setAction(AccessConstants.INSERT);
- privilege_tbl1_insert.setPrivilegeName(SentryStore
- .constructPrivilegeName(privilege_tbl1_insert));
TSentryPrivilege privilege_tbl1_select = new TSentryPrivilege(
privilege_tbl1);
privilege_tbl1_select.setAction(AccessConstants.SELECT);
- privilege_tbl1_select.setPrivilegeName(SentryStore
- .constructPrivilegeName(privilege_tbl1_select));
TSentryPrivilege privilege_tbl1_all = new TSentryPrivilege(privilege_tbl1);
privilege_tbl1_all.setAction(AccessConstants.ALL);
- privilege_tbl1_all.setPrivilegeName(SentryStore
- .constructPrivilegeName(privilege_tbl1_all));
sentryStore.alterSentryRoleGrantPrivilege(roleName1, privilege_tbl1_insert);
sentryStore.alterSentryRoleGrantPrivilege(roleName2, privilege_tbl1_select);
http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/d6b1eb6e/sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/provider/db/service/thrift/TestSentryServerWithoutKerberos.java
----------------------------------------------------------------------
diff --git a/sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/provider/db/service/thrift/TestSentryServerWithoutKerberos.java b/sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/provider/db/service/thrift/TestSentryServerWithoutKerberos.java
index 79579c6..e5238a6 100644
--- a/sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/provider/db/service/thrift/TestSentryServerWithoutKerberos.java
+++ b/sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/provider/db/service/thrift/TestSentryServerWithoutKerberos.java
@@ -103,11 +103,11 @@ public class TestSentryServerWithoutKerberos extends SentryServiceIntegrationBas
Set<String> listPrivilegesForProvider = client.listPrivilegesForProvider(Sets.newHashSet(group1, group2), ActiveRoleSet.ALL, new Server("server"), new Database("db2"));
Assert.assertEquals("Privilege not correctly assigned to roles !!",
- Sets.newHashSet("server=server->db=db2->table=table4->action=ALL", "server=server->db=db2->table=table3->action=ALL"),
+ Sets.newHashSet("server=server->db=db2->table=table4->action=all", "server=server->db=db2->table=table3->action=all"),
listPrivilegesForProvider);
listPrivilegesForProvider = client.listPrivilegesForProvider(Sets.newHashSet(group1, group2), ActiveRoleSet.ALL, new Server("server"), new Database("db3"));
- Assert.assertEquals("Privilege not correctly assigned to roles !!", Sets.newHashSet("server=server->db=db3->table=table5->action=ALL"), listPrivilegesForProvider);
+ Assert.assertEquals("Privilege not correctly assigned to roles !!", Sets.newHashSet("server=server->db=db3->table=table5->action=all"), listPrivilegesForProvider);
listPrivilegesForProvider = client.listPrivilegesForProvider(Sets.newHashSet(group1, group2), new ActiveRoleSet(Sets.newHashSet(roleName1)), new Server("server"), new Database("db3"));
Assert.assertEquals("Privilege not correctly assigned to roles !!", Sets.newHashSet("server=+"), listPrivilegesForProvider);
http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/d6b1eb6e/sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/provider/db/service/thrift/TestSentryServiceIntegration.java
----------------------------------------------------------------------
diff --git a/sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/provider/db/service/thrift/TestSentryServiceIntegration.java b/sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/provider/db/service/thrift/TestSentryServiceIntegration.java
index a4ae291..e2f0a8d 100644
--- a/sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/provider/db/service/thrift/TestSentryServiceIntegration.java
+++ b/sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/provider/db/service/thrift/TestSentryServiceIntegration.java
@@ -186,10 +186,6 @@ public class TestSentryServiceIntegration extends SentryServiceIntegrationBase {
client.grantDatabasePrivilege(requestorUserName, roleName, server, db, AccessConstants.ALL);
Set<TSentryPrivilege> privileges = client.listAllPrivilegesByRoleName(requestorUserName, roleName);
assertTrue(privileges.size() == 1);
- for (TSentryPrivilege privilege:privileges) {
- assertTrue(privilege.getPrivilegeName(),
- privilege.getPrivilegeName().equalsIgnoreCase(SentryStore.constructPrivilegeName(privilege)));
- }
client.revokeDatabasePrivilege(requestorUserName, roleName, server, db, AccessConstants.ALL);
client.dropRole(requestorUserName, roleName);
http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/d6b1eb6e/sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/hive/TestPolicyImport.java
----------------------------------------------------------------------
diff --git a/sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/hive/TestPolicyImport.java b/sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/hive/TestPolicyImport.java
index 948b0c4..c238361 100644
--- a/sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/hive/TestPolicyImport.java
+++ b/sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/hive/TestPolicyImport.java
@@ -127,7 +127,6 @@ public class TestPolicyImport extends AbstractTestWithStaticConfiguration {
for (TSentryPrivilege privilege : actualPrivileges) {
privilege.unsetCreateTime();
privilege.unsetGrantorPrincipal();
- privilege.unsetPrivilegeName();
}
assertEquals("Expected privileges don't match.", expectedPrivileges, actualPrivileges);