You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@sentry.apache.org by co...@apache.org on 2016/07/21 05:55:11 UTC
[17/51] [partial] sentry git commit: SENTRY-1205: Refactor the code
for sentry-provider-db and create sentry-service module(Colin Ma,
reviewed by Dapeng Sun)
http://git-wip-us.apache.org/repos/asf/sentry/blob/f1332300/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/service/thrift/PoolClientInvocationHandler.java
----------------------------------------------------------------------
diff --git a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/service/thrift/PoolClientInvocationHandler.java b/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/service/thrift/PoolClientInvocationHandler.java
deleted file mode 100644
index a35bf1d..0000000
--- a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/service/thrift/PoolClientInvocationHandler.java
+++ /dev/null
@@ -1,154 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package org.apache.sentry.service.thrift;
-
-import java.lang.reflect.InvocationTargetException;
-import java.lang.reflect.Method;
-
-import org.apache.commons.pool2.PooledObjectFactory;
-import org.apache.commons.pool2.impl.AbandonedConfig;
-import org.apache.commons.pool2.impl.GenericObjectPool;
-import org.apache.commons.pool2.impl.GenericObjectPoolConfig;
-import org.apache.hadoop.conf.Configuration;
-import org.apache.sentry.core.common.exception.SentryUserException;
-import org.apache.sentry.provider.db.service.thrift.SentryPolicyServiceClient;
-import org.apache.sentry.service.thrift.ServiceConstants.ClientConfig;
-import org.apache.thrift.transport.TTransportException;
-import org.slf4j.Logger;
-import org.slf4j.LoggerFactory;
-
-/**
- * The PoolClientInvocationHandler is a proxy class for handling thrift call. For every thrift call,
- * get the instance of SentryPolicyServiceBaseClient from the commons-pool, and return the instance
- * to the commons-pool after complete the call. For any exception with the call, discard the
- * instance and create a new one added to the commons-pool. Then, get the instance and do the call
- * again. For the thread safe, the commons-pool will manage the connection pool, and every thread
- * can get the connection by borrowObject() and return the connection to the pool by returnObject().
- */
-
-public class PoolClientInvocationHandler extends SentryClientInvocationHandler {
-
- private static final Logger LOGGER = LoggerFactory.getLogger(PoolClientInvocationHandler.class);
-
- private final Configuration conf;
- private PooledObjectFactory<SentryPolicyServiceClient> poolFactory;
- private GenericObjectPool<SentryPolicyServiceClient> pool;
- private GenericObjectPoolConfig poolConfig;
- private int connectionRetryTotal;
-
- private static final String POOL_EXCEPTION_MESSAGE = "Pool exception occured ";
-
- public PoolClientInvocationHandler(Configuration conf) throws Exception {
- this.conf = conf;
- readConfiguration();
- poolFactory = new SentryServiceClientPoolFactory(conf);
- pool = new GenericObjectPool<SentryPolicyServiceClient>(poolFactory, poolConfig, new AbandonedConfig());
- }
-
- @Override
- public Object invokeImpl(Object proxy, Method method, Object[] args) throws Exception {
- int retryCount = 0;
- Object result = null;
- while (retryCount < connectionRetryTotal) {
- try {
- // The wapper here is for the retry of thrift call, the default retry number is 3.
- result = invokeFromPool(method, args);
- break;
- } catch (TTransportException e) {
- // TTransportException means there has connection problem, create a new connection and try
- // again. Get the lock of pool and add new connection.
- synchronized (pool) {
- // If there has room, create new instance and add it to the commons-pool, this instance
- // will be back first from the commons-pool because the configuration is LIFO.
- if (pool.getNumIdle() + pool.getNumActive() < pool.getMaxTotal()) {
- pool.addObject();
- }
- }
- // Increase the retry num, and throw the exception if can't retry again.
- retryCount++;
- if (retryCount == connectionRetryTotal) {
- throw new SentryUserException(e.getMessage(), e);
- }
- }
- }
- return result;
- }
-
- private Object invokeFromPool(Method method, Object[] args) throws Exception {
- Object result = null;
- SentryPolicyServiceClient client;
- try {
- // get the connection from the pool, don't know if the connection is broken.
- client = pool.borrowObject();
- } catch (Exception e) {
- LOGGER.debug(POOL_EXCEPTION_MESSAGE, e);
- throw new SentryUserException(e.getMessage(), e);
- }
- try {
- // do the thrift call
- result = method.invoke(client, args);
- } catch (InvocationTargetException e) {
- // Get the target exception, check if SentryUserException or TTransportException is wrapped.
- // TTransportException means there has connection problem with the pool.
- Throwable targetException = e.getCause();
- if (targetException instanceof SentryUserException) {
- Throwable sentryTargetException = targetException.getCause();
- // If there has connection problem, eg, invalid connection if the service restarted,
- // sentryTargetException instanceof TTransportException = true.
- if (sentryTargetException instanceof TTransportException) {
- // If the exception is caused by connection problem, destroy the instance and
- // remove it from the commons-pool. Throw the TTransportException for reconnect.
- pool.invalidateObject(client);
- throw new TTransportException(sentryTargetException);
- }
- // The exception is thrown by thrift call, eg, SentryAccessDeniedException.
- throw (SentryUserException) targetException;
- }
- throw e;
- } finally{
- try {
- // return the instance to commons-pool
- pool.returnObject(client);
- } catch (Exception e) {
- LOGGER.error(POOL_EXCEPTION_MESSAGE, e);
- throw e;
- }
- }
- return result;
- }
-
- @Override
- public void close() {
- try {
- pool.close();
- } catch (Exception e) {
- LOGGER.debug(POOL_EXCEPTION_MESSAGE, e);
- }
- }
-
- private void readConfiguration() {
- poolConfig = new GenericObjectPoolConfig();
- // config the pool size for commons-pool
- poolConfig.setMaxTotal(conf.getInt(ClientConfig.SENTRY_POOL_MAX_TOTAL, ClientConfig.SENTRY_POOL_MAX_TOTAL_DEFAULT));
- poolConfig.setMinIdle(conf.getInt(ClientConfig.SENTRY_POOL_MIN_IDLE, ClientConfig.SENTRY_POOL_MIN_IDLE_DEFAULT));
- poolConfig.setMaxIdle(conf.getInt(ClientConfig.SENTRY_POOL_MAX_IDLE, ClientConfig.SENTRY_POOL_MAX_IDLE_DEFAULT));
- // get the retry number for reconnecting service
- connectionRetryTotal = conf.getInt(ClientConfig.SENTRY_POOL_RETRY_TOTAL,
- ClientConfig.SENTRY_POOL_RETRY_TOTAL_DEFAULT);
- }
-}
http://git-wip-us.apache.org/repos/asf/sentry/blob/f1332300/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/service/thrift/ProcessorFactory.java
----------------------------------------------------------------------
diff --git a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/service/thrift/ProcessorFactory.java b/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/service/thrift/ProcessorFactory.java
deleted file mode 100644
index a3bb6ab..0000000
--- a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/service/thrift/ProcessorFactory.java
+++ /dev/null
@@ -1,31 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package org.apache.sentry.service.thrift;
-
-import org.apache.hadoop.conf.Configuration;
-import org.apache.thrift.TMultiplexedProcessor;
-
-public abstract class ProcessorFactory {
- protected final Configuration conf;
-
- public ProcessorFactory(Configuration conf) {
- this.conf = conf;
- }
-
- public abstract boolean register(TMultiplexedProcessor processor) throws Exception;
-}
http://git-wip-us.apache.org/repos/asf/sentry/blob/f1332300/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/service/thrift/SentryClientInvocationHandler.java
----------------------------------------------------------------------
diff --git a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/service/thrift/SentryClientInvocationHandler.java b/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/service/thrift/SentryClientInvocationHandler.java
deleted file mode 100644
index a41be7f..0000000
--- a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/service/thrift/SentryClientInvocationHandler.java
+++ /dev/null
@@ -1,54 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package org.apache.sentry.service.thrift;
-
-import java.lang.reflect.InvocationHandler;
-import java.lang.reflect.Method;
-
-/**
- * SentryClientInvocationHandler is the base interface for all the InvocationHandler in SENTRY
- */
-public abstract class SentryClientInvocationHandler implements InvocationHandler {
-
- /**
- * Close the InvocationHandler: An InvocationHandler may create some contexts,
- * these contexts should be close when the method "close()" of client be called.
- */
- @Override
- public final Object invoke(Object proxy, Method method, Object[] args) throws Exception {
- // close() doesn't throw exception we supress that in case of connection
- // loss. Changing SentryPolicyServiceClient#close() to throw an
- // exception would be a backward incompatible change for Sentry clients.
- if ("close".equals(method.getName()) && null == args) {
- close();
- return null;
- }
- return invokeImpl(proxy, method, args);
- }
-
- /**
- * Subclass should implement this method for special function
- */
- public abstract Object invokeImpl(Object proxy, Method method, Object[] args) throws Exception;
-
- /**
- * An abstract method "close", an invocationHandler should close its contexts at here.
- */
- public abstract void close();
-
-}
http://git-wip-us.apache.org/repos/asf/sentry/blob/f1332300/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/service/thrift/SentryKerberosContext.java
----------------------------------------------------------------------
diff --git a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/service/thrift/SentryKerberosContext.java b/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/service/thrift/SentryKerberosContext.java
deleted file mode 100644
index f54f161..0000000
--- a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/service/thrift/SentryKerberosContext.java
+++ /dev/null
@@ -1,157 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-package org.apache.sentry.service.thrift;
-
-import java.io.File;
-import java.util.HashSet;
-import java.util.Set;
-
-import javax.security.auth.Subject;
-import javax.security.auth.kerberos.KerberosPrincipal;
-import javax.security.auth.kerberos.KerberosTicket;
-import javax.security.auth.login.LoginContext;
-import javax.security.auth.login.LoginException;
-
-import org.slf4j.Logger;
-import org.slf4j.LoggerFactory;
-
-import com.google.common.collect.Sets;
-
-public class SentryKerberosContext implements Runnable {
- private static final float TICKET_RENEW_WINDOW = 0.80f;
- private static final Logger LOGGER = LoggerFactory
- .getLogger(SentryKerberosContext.class);
- private LoginContext loginContext;
- private Subject subject;
- private final javax.security.auth.login.Configuration kerberosConfig;
- @Deprecated
- private Thread renewerThread;
- @Deprecated
- private boolean shutDownRenewer = false;
-
- public SentryKerberosContext(String principal, String keyTab, boolean autoRenewTicket)
- throws LoginException {
- subject = new Subject(false, Sets.newHashSet(new KerberosPrincipal(principal)),
- new HashSet<Object>(), new HashSet<Object>());
- kerberosConfig = KerberosConfiguration.createClientConfig(principal, new File(keyTab));
- loginWithNewContext();
- if (autoRenewTicket) {
- startRenewerThread();
- }
- }
-
- private void loginWithNewContext() throws LoginException {
- LOGGER.info("Logging in with new Context");
- logoutSubject();
- loginContext = new LoginContext("", subject, null, kerberosConfig);
- loginContext.login();
- subject = loginContext.getSubject();
- }
-
- private void logoutSubject() {
- if (loginContext != null) {
- try {
- loginContext.logout();
- } catch (LoginException e) {
- LOGGER.warn("Error logging out the subject", e);
- }
- }
- loginContext = null;
- }
-
- public Subject getSubject() {
- return subject;
- }
-
- /**
- * Get the Kerberos TGT
- * @return the user's TGT or null if none was found
- */
- @Deprecated
- private KerberosTicket getTGT() {
- Set<KerberosTicket> tickets = subject.getPrivateCredentials(KerberosTicket.class);
- for(KerberosTicket ticket: tickets) {
- KerberosPrincipal server = ticket.getServer();
- if (server.getName().equals("krbtgt/" + server.getRealm() +
- "@" + server.getRealm())) {
- return ticket;
- }
- }
- return null;
- }
-
- @Deprecated
- private long getRefreshTime(KerberosTicket tgt) {
- long start = tgt.getStartTime().getTime();
- long end = tgt.getEndTime().getTime();
- LOGGER.debug("Ticket start time: " + start);
- LOGGER.debug("Ticket End time: " + end);
- return start + (long) ((end - start) * TICKET_RENEW_WINDOW);
- }
-
- /***
- * Ticket renewer thread
- * wait till 80% time interval left on the ticket and then renew it
- */
- @Deprecated
- @Override
- public void run() {
- try {
- LOGGER.info("Sentry Ticket renewer thread started");
- while (!shutDownRenewer) {
- KerberosTicket tgt = getTGT();
- if (tgt == null) {
- LOGGER.warn("No ticket found in the cache");
- return;
- }
- long nextRefresh = getRefreshTime(tgt);
- while (System.currentTimeMillis() < nextRefresh) {
- Thread.sleep(1000);
- if (shutDownRenewer) {
- return;
- }
- }
- loginWithNewContext();
- LOGGER.debug("Renewed ticket");
- }
- } catch (InterruptedException e1) {
- LOGGER.warn("Sentry Ticket renewer thread interrupted", e1);
- return;
- } catch (LoginException e) {
- LOGGER.warn("Failed to renew ticket", e);
- } finally {
- logoutSubject();
- LOGGER.info("Sentry Ticket renewer thread finished");
- }
- }
-
- @Deprecated
- public void startRenewerThread() {
- renewerThread = new Thread(this);
- renewerThread.start();
- }
-
- public void shutDown() throws LoginException {
- if (renewerThread != null) {
- shutDownRenewer = true;
- } else {
- logoutSubject();
- }
- }
-}
http://git-wip-us.apache.org/repos/asf/sentry/blob/f1332300/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/service/thrift/SentryService.java
----------------------------------------------------------------------
diff --git a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/service/thrift/SentryService.java b/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/service/thrift/SentryService.java
deleted file mode 100644
index 5783649..0000000
--- a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/service/thrift/SentryService.java
+++ /dev/null
@@ -1,426 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-package org.apache.sentry.service.thrift;
-
-import java.io.File;
-import java.io.IOException;
-import java.lang.reflect.Constructor;
-import java.net.InetSocketAddress;
-import java.net.MalformedURLException;
-import java.net.ServerSocket;
-import java.security.PrivilegedExceptionAction;
-import java.util.ArrayList;
-import java.util.EventListener;
-import java.util.List;
-import java.util.concurrent.Callable;
-import java.util.concurrent.ExecutionException;
-import java.util.concurrent.ExecutorService;
-import java.util.concurrent.Executors;
-import java.util.concurrent.Future;
-import java.util.concurrent.ThreadFactory;
-
-import javax.security.auth.Subject;
-
-import org.apache.commons.cli.CommandLine;
-import org.apache.commons.cli.CommandLineParser;
-import org.apache.commons.cli.GnuParser;
-import org.apache.commons.cli.HelpFormatter;
-import org.apache.commons.cli.Options;
-import org.apache.hadoop.conf.Configuration;
-import org.apache.hadoop.net.NetUtils;
-import org.apache.hadoop.security.SaslRpcServer;
-import org.apache.hadoop.security.SaslRpcServer.AuthMethod;
-import org.apache.hadoop.security.SecurityUtil;
-import org.apache.sentry.Command;
-import org.apache.sentry.provider.db.service.thrift.SentryHealthCheckServletContextListener;
-import org.apache.sentry.provider.db.service.thrift.SentryMetricsServletContextListener;
-import org.apache.sentry.provider.db.service.thrift.SentryWebServer;
-import org.apache.sentry.service.thrift.ServiceConstants.ConfUtilties;
-import org.apache.sentry.service.thrift.ServiceConstants.ServerConfig;
-import org.apache.thrift.TMultiplexedProcessor;
-import org.apache.thrift.protocol.TBinaryProtocol;
-import org.apache.thrift.server.TServer;
-import org.apache.thrift.server.TServerEventHandler;
-import org.apache.thrift.server.TThreadPoolServer;
-import org.apache.thrift.transport.TSaslServerTransport;
-import org.apache.thrift.transport.TServerSocket;
-import org.apache.thrift.transport.TServerTransport;
-import org.apache.thrift.transport.TTransportFactory;
-import org.eclipse.jetty.util.MultiException;
-import org.slf4j.Logger;
-import org.slf4j.LoggerFactory;
-
-import com.google.common.base.Preconditions;
-
-public class SentryService implements Callable {
-
- private static final Logger LOGGER = LoggerFactory
- .getLogger(SentryService.class);
-
- private static enum Status {
- NOT_STARTED(), STARTED();
- }
-
- private final Configuration conf;
- private final InetSocketAddress address;
- private final int maxThreads;
- private final int minThreads;
- private boolean kerberos;
- private final String principal;
- private final String[] principalParts;
- private final String keytab;
- private final ExecutorService serviceExecutor;
- private Future serviceStatus;
- private TServer thriftServer;
- private Status status;
- private int webServerPort;
- private SentryWebServer sentryWebServer;
- private long maxMessageSize;
-
- public SentryService(Configuration conf) {
- this.conf = conf;
- int port = conf
- .getInt(ServerConfig.RPC_PORT, ServerConfig.RPC_PORT_DEFAULT);
- if (port == 0) {
- port = findFreePort();
- conf.setInt(ServerConfig.RPC_PORT, port);
- }
- this.address = NetUtils.createSocketAddr(
- conf.get(ServerConfig.RPC_ADDRESS, ServerConfig.RPC_ADDRESS_DEFAULT),
- port);
- LOGGER.info("Configured on address " + address);
- kerberos = ServerConfig.SECURITY_MODE_KERBEROS.equalsIgnoreCase(
- conf.get(ServerConfig.SECURITY_MODE, ServerConfig.SECURITY_MODE_KERBEROS).trim());
- maxThreads = conf.getInt(ServerConfig.RPC_MAX_THREADS,
- ServerConfig.RPC_MAX_THREADS_DEFAULT);
- minThreads = conf.getInt(ServerConfig.RPC_MIN_THREADS,
- ServerConfig.RPC_MIN_THREADS_DEFAULT);
- maxMessageSize = conf.getLong(ServerConfig.SENTRY_POLICY_SERVER_THRIFT_MAX_MESSAGE_SIZE,
- ServerConfig.SENTRY_POLICY_SERVER_THRIFT_MAX_MESSAGE_SIZE_DEFAULT);
- if (kerberos) {
- // Use Hadoop libraries to translate the _HOST placeholder with actual hostname
- try {
- String rawPrincipal = Preconditions.checkNotNull(conf.get(ServerConfig.PRINCIPAL), ServerConfig.PRINCIPAL + " is required");
- principal = SecurityUtil.getServerPrincipal(rawPrincipal, address.getAddress());
- } catch(IOException io) {
- throw new RuntimeException("Can't translate kerberos principal'", io);
- }
- LOGGER.info("Using kerberos principal: " + principal);
-
- principalParts = SaslRpcServer.splitKerberosName(principal);
- Preconditions.checkArgument(principalParts.length == 3,
- "Kerberos principal should have 3 parts: " + principal);
- keytab = Preconditions.checkNotNull(conf.get(ServerConfig.KEY_TAB),
- ServerConfig.KEY_TAB + " is required");
- File keytabFile = new File(keytab);
- Preconditions.checkState(keytabFile.isFile() && keytabFile.canRead(),
- "Keytab " + keytab + " does not exist or is not readable.");
- } else {
- principal = null;
- principalParts = null;
- keytab = null;
- }
- serviceExecutor = Executors.newSingleThreadExecutor(new ThreadFactory() {
- private int count = 0;
-
- @Override
- public Thread newThread(Runnable r) {
- return new Thread(r, SentryService.class.getSimpleName() + "-"
- + (count++));
- }
- });
- webServerPort = conf.getInt(ServerConfig.SENTRY_WEB_PORT, ServerConfig.SENTRY_WEB_PORT_DEFAULT);
- status = Status.NOT_STARTED;
- }
-
- @Override
- public String call() throws Exception {
- SentryKerberosContext kerberosContext = null;
- try {
- status = Status.STARTED;
- if (kerberos) {
- Boolean autoRenewTicket = conf.getBoolean(ServerConfig.SENTRY_KERBEROS_TGT_AUTORENEW, ServerConfig.SENTRY_KERBEROS_TGT_AUTORENEW_DEFAULT);
- kerberosContext = new SentryKerberosContext(principal, keytab, autoRenewTicket);
- Subject.doAs(kerberosContext.getSubject(), new PrivilegedExceptionAction<Void>() {
- @Override
- public Void run() throws Exception {
- runServer();
- return null;
- }
- });
- } else {
- runServer();
- }
- } catch (Exception t) {
- LOGGER.error("Error starting server", t);
- throw new Exception("Error starting server", t);
- } finally {
- if (kerberosContext != null) {
- kerberosContext.shutDown();
- }
- status = Status.NOT_STARTED;
- }
- return null;
- }
-
- private void runServer() throws Exception {
- Iterable<String> processorFactories = ConfUtilties.CLASS_SPLITTER
- .split(conf.get(ServerConfig.PROCESSOR_FACTORIES,
- ServerConfig.PROCESSOR_FACTORIES_DEFAULT).trim());
- TMultiplexedProcessor processor = new TMultiplexedProcessor();
- boolean registeredProcessor = false;
- for (String processorFactory : processorFactories) {
- Class<?> clazz = conf.getClassByName(processorFactory);
- if (!ProcessorFactory.class.isAssignableFrom(clazz)) {
- throw new IllegalArgumentException("Processor Factory "
- + processorFactory + " is not a "
- + ProcessorFactory.class.getName());
- }
- try {
- Constructor<?> constructor = clazz
- .getConstructor(Configuration.class);
- LOGGER.info("ProcessorFactory being used: " + clazz.getCanonicalName());
- ProcessorFactory factory = (ProcessorFactory) constructor
- .newInstance(conf);
- boolean registerStatus = factory.register(processor);
- if (!registerStatus) {
- LOGGER.error("Failed to register " + clazz.getCanonicalName());
- }
- registeredProcessor = registerStatus || registeredProcessor;
- } catch (Exception e) {
- throw new IllegalStateException("Could not create "
- + processorFactory, e);
- }
- }
- if (!registeredProcessor) {
- throw new IllegalStateException(
- "Failed to register any processors from " + processorFactories);
- }
- TServerTransport serverTransport = new TServerSocket(address);
- TTransportFactory transportFactory = null;
- if (kerberos) {
- TSaslServerTransport.Factory saslTransportFactory = new TSaslServerTransport.Factory();
- saslTransportFactory.addServerDefinition(AuthMethod.KERBEROS
- .getMechanismName(), principalParts[0], principalParts[1],
- ServerConfig.SASL_PROPERTIES, new GSSCallback(conf));
- transportFactory = saslTransportFactory;
- } else {
- transportFactory = new TTransportFactory();
- }
- TThreadPoolServer.Args args = new TThreadPoolServer.Args(
- serverTransport).processor(processor)
- .transportFactory(transportFactory)
- .protocolFactory(new TBinaryProtocol.Factory(true, true, maxMessageSize, maxMessageSize))
- .minWorkerThreads(minThreads).maxWorkerThreads(maxThreads);
- thriftServer = new TThreadPoolServer(args);
- LOGGER.info("Serving on " + address);
- startSentryWebServer();
- thriftServer.serve();
- }
-
- private void startSentryWebServer() throws Exception{
- Boolean sentryReportingEnable = conf.getBoolean(ServerConfig.SENTRY_WEB_ENABLE,
- ServerConfig.SENTRY_WEB_ENABLE_DEFAULT);
- if(sentryReportingEnable) {
- List<EventListener> listenerList = new ArrayList<EventListener>();
- listenerList.add(new SentryHealthCheckServletContextListener());
- listenerList.add(new SentryMetricsServletContextListener());
- sentryWebServer = new SentryWebServer(listenerList, webServerPort, conf);
- sentryWebServer.start();
- }
-
- }
-
- private void stopSentryWebServer() throws Exception{
- if( sentryWebServer != null) {
- sentryWebServer.stop();
- sentryWebServer = null;
- }
- }
-
- public InetSocketAddress getAddress() {
- return address;
- }
-
- public synchronized boolean isRunning() {
- return status == Status.STARTED && thriftServer != null
- && thriftServer.isServing();
- }
-
- public synchronized void start() throws Exception{
- if (status != Status.NOT_STARTED) {
- throw new IllegalStateException("Cannot start when " + status);
- }
- LOGGER.info("Attempting to start...");
- serviceStatus = serviceExecutor.submit(this);
- }
-
- public synchronized void stop() throws Exception{
- MultiException exception = null;
- LOGGER.info("Attempting to stop...");
- if (isRunning()) {
- LOGGER.info("Attempting to stop sentry thrift service...");
- try {
- thriftServer.stop();
- thriftServer = null;
- status = Status.NOT_STARTED;
- } catch (Exception e) {
- LOGGER.error("Error while stopping sentry thrift service", e);
- exception = addMultiException(exception,e);
- }
- } else {
- thriftServer = null;
- status = Status.NOT_STARTED;
- LOGGER.info("Sentry thrift service is already stopped...");
- }
- if (isWebServerRunning()) {
- try {
- LOGGER.info("Attempting to stop sentry web service...");
- stopSentryWebServer();
- } catch (Exception e) {
- LOGGER.error("Error while stopping sentry web service", e);
- exception = addMultiException(exception,e);
- }
- } else {
- LOGGER.info("Sentry web service is already stopped...");
- }
- if (exception != null) {
- exception.ifExceptionThrow();
- }
- LOGGER.info("Stopped...");
- }
-
- // wait for the service thread to finish execution
- public synchronized void waitOnFuture() throws ExecutionException, InterruptedException {
- LOGGER.info("Waiting on future.get()");
- serviceStatus.get();
- }
-
- private MultiException addMultiException(MultiException exception, Exception e) {
- MultiException newException = exception;
- if (newException == null) {
- newException = new MultiException();
- }
- newException.add(e);
- return newException;
- }
-
- private boolean isWebServerRunning() {
- return sentryWebServer != null
- && sentryWebServer.isAlive();
- }
-
- private static int findFreePort() {
- int attempts = 0;
- while (attempts++ <= 1000) {
- try {
- ServerSocket s = new ServerSocket(0);
- int port = s.getLocalPort();
- s.close();
- return port;
- } catch (IOException e) {
- // ignore and retry
- }
- }
- throw new IllegalStateException("Unable to find a port after 1000 attempts");
- }
-
- public static Configuration loadConfig(String configFileName)
- throws MalformedURLException {
- File configFile = null;
- if (configFileName == null) {
- throw new IllegalArgumentException("Usage: "
- + ServiceConstants.ServiceArgs.CONFIG_FILE_LONG
- + " path/to/sentry-service.xml");
- } else if (!((configFile = new File(configFileName)).isFile() && configFile
- .canRead())) {
- throw new IllegalArgumentException("Cannot read configuration file "
- + configFile);
- }
- Configuration conf = new Configuration(false);
- conf.addResource(configFile.toURI().toURL());
- return conf;
- }
-
- public static class CommandImpl implements Command {
- @Override
- public void run(String[] args) throws Exception {
- CommandLineParser parser = new GnuParser();
- Options options = new Options();
- options.addOption(ServiceConstants.ServiceArgs.CONFIG_FILE_SHORT,
- ServiceConstants.ServiceArgs.CONFIG_FILE_LONG,
- true, "Sentry Service configuration file");
- CommandLine commandLine = parser.parse(options, args);
- String configFileName = commandLine.getOptionValue(ServiceConstants.
- ServiceArgs.CONFIG_FILE_LONG);
- File configFile = null;
- if (configFileName == null || commandLine.hasOption("h") || commandLine.hasOption("help")) {
- // print usage
- HelpFormatter formatter = new HelpFormatter();
- formatter.printHelp("sentry --command service", options);
- System.exit(-1);
- } else if(!((configFile = new File(configFileName)).isFile() && configFile.canRead())) {
- throw new IllegalArgumentException("Cannot read configuration file " + configFile);
- }
- Configuration serverConf = loadConfig(configFileName);
- final SentryService server = new SentryService(serverConf);
- server.start();
- Runtime.getRuntime().addShutdownHook(new Thread() {
- @Override
- public void run() {
- LOGGER.info("ShutdownHook shutting down server");
- try {
- server.stop();
- } catch (Throwable t) {
- LOGGER.error("Error stopping SentryService", t);
- }
- }
- });
-
- // Let's wait on the service to stop
- try {
- server.waitOnFuture();
- } finally {
- server.serviceExecutor.shutdown();
- }
- }
- }
-
- public Configuration getConf() {
- return conf;
- }
-
- /**
- * Add Thrift event handler to underlying thrift threadpool server
- * @param eventHandler
- */
- public void setThriftEventHandler(TServerEventHandler eventHandler) throws IllegalStateException {
- if (thriftServer == null) {
- throw new IllegalStateException("Server is not initialized or stopped");
- }
- thriftServer.setServerEventHandler(eventHandler);
- }
-
- public TServerEventHandler getThriftEventHandler() throws IllegalStateException {
- if (thriftServer == null) {
- throw new IllegalStateException("Server is not initialized or stopped");
- }
- return thriftServer.getEventHandler();
- }
-}
http://git-wip-us.apache.org/repos/asf/sentry/blob/f1332300/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/service/thrift/SentryServiceClientFactory.java
----------------------------------------------------------------------
diff --git a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/service/thrift/SentryServiceClientFactory.java b/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/service/thrift/SentryServiceClientFactory.java
deleted file mode 100644
index 48ee66a..0000000
--- a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/service/thrift/SentryServiceClientFactory.java
+++ /dev/null
@@ -1,52 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-package org.apache.sentry.service.thrift;
-
-import java.lang.reflect.Proxy;
-
-import org.apache.hadoop.conf.Configuration;
-
-import org.apache.sentry.provider.db.service.thrift.SentryPolicyServiceClient;
-import org.apache.sentry.provider.db.service.thrift.SentryPolicyServiceClientDefaultImpl;
-import org.apache.sentry.service.thrift.ServiceConstants.ClientConfig;
-
-public final class SentryServiceClientFactory {
-
- private SentryServiceClientFactory() {
- }
-
- public static SentryPolicyServiceClient create(Configuration conf) throws Exception {
- boolean haEnabled = conf.getBoolean(ClientConfig.SERVER_HA_ENABLED, false);
- boolean pooled = conf.getBoolean(ClientConfig.SENTRY_POOL_ENABLED, false);
- if (pooled) {
- return (SentryPolicyServiceClient) Proxy
- .newProxyInstance(SentryPolicyServiceClientDefaultImpl.class.getClassLoader(),
- SentryPolicyServiceClientDefaultImpl.class.getInterfaces(),
- new PoolClientInvocationHandler(conf));
- } else if (haEnabled) {
- return (SentryPolicyServiceClient) Proxy
- .newProxyInstance(SentryPolicyServiceClientDefaultImpl.class.getClassLoader(),
- SentryPolicyServiceClientDefaultImpl.class.getInterfaces(),
- new HAClientInvocationHandler(conf));
- } else {
- return new SentryPolicyServiceClientDefaultImpl(conf);
- }
- }
-
-}
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/sentry/blob/f1332300/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/service/thrift/SentryServiceClientPoolFactory.java
----------------------------------------------------------------------
diff --git a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/service/thrift/SentryServiceClientPoolFactory.java b/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/service/thrift/SentryServiceClientPoolFactory.java
deleted file mode 100644
index 3a38b24..0000000
--- a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/service/thrift/SentryServiceClientPoolFactory.java
+++ /dev/null
@@ -1,78 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-package org.apache.sentry.service.thrift;
-
-import java.lang.reflect.Proxy;
-
-import org.apache.commons.pool2.BasePooledObjectFactory;
-import org.apache.commons.pool2.PooledObject;
-import org.apache.commons.pool2.impl.DefaultPooledObject;
-import org.apache.hadoop.conf.Configuration;
-import org.apache.sentry.provider.db.service.thrift.SentryPolicyServiceClient;
-import org.apache.sentry.provider.db.service.thrift.SentryPolicyServiceClientDefaultImpl;
-import org.apache.sentry.service.thrift.ServiceConstants.ClientConfig;
-import org.slf4j.Logger;
-import org.slf4j.LoggerFactory;
-
-/**
- * SentryServiceClientPoolFactory is for connection pool to manage the object. Implement the related
- * method to create object, destroy object and wrap object.
- */
-
-public class SentryServiceClientPoolFactory extends BasePooledObjectFactory<SentryPolicyServiceClient> {
-
- private static final Logger LOGGER = LoggerFactory.getLogger(SentryServiceClientPoolFactory.class);
-
- private Configuration conf;
-
- public SentryServiceClientPoolFactory(Configuration conf) {
- this.conf = conf;
- }
-
- @Override
- public SentryPolicyServiceClient create() throws Exception {
- LOGGER.debug("Creating Sentry Service Client...");
- boolean haEnabled = conf.getBoolean(ClientConfig.SERVER_HA_ENABLED, false);
- if (haEnabled) {
- return (SentryPolicyServiceClient) Proxy
- .newProxyInstance(SentryPolicyServiceClientDefaultImpl.class.getClassLoader(),
- SentryPolicyServiceClientDefaultImpl.class.getInterfaces(),
- new HAClientInvocationHandler(conf));
- } else {
- return new SentryPolicyServiceClientDefaultImpl(conf);
- }
- }
-
- @Override
- public PooledObject<SentryPolicyServiceClient> wrap(SentryPolicyServiceClient client) {
- return new DefaultPooledObject<SentryPolicyServiceClient>(client);
- }
-
- @Override
- public void destroyObject(PooledObject<SentryPolicyServiceClient> pooledObject) {
- SentryPolicyServiceClient client = pooledObject.getObject();
- LOGGER.debug("Destroying Sentry Service Client: " + client);
- if (client != null) {
- // The close() of TSocket or TSaslClientTransport is called actually, and there has no
- // exception even there has some problems, eg, the client is closed already.
- // The close here is just try to close the socket and the client will be destroyed soon.
- client.close();
- }
- }
-}
http://git-wip-us.apache.org/repos/asf/sentry/blob/f1332300/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/service/thrift/SentryServiceFactory.java
----------------------------------------------------------------------
diff --git a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/service/thrift/SentryServiceFactory.java b/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/service/thrift/SentryServiceFactory.java
deleted file mode 100644
index 1685702..0000000
--- a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/service/thrift/SentryServiceFactory.java
+++ /dev/null
@@ -1,28 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-package org.apache.sentry.service.thrift;
-import org.apache.hadoop.conf.Configuration;
-
-public class SentryServiceFactory {
-
- public SentryService create(Configuration conf) throws Exception {
- return new SentryService(conf);
- }
-
-}
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/sentry/blob/f1332300/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/service/thrift/SentryServiceUtil.java
----------------------------------------------------------------------
diff --git a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/service/thrift/SentryServiceUtil.java b/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/service/thrift/SentryServiceUtil.java
deleted file mode 100644
index ce73358..0000000
--- a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/service/thrift/SentryServiceUtil.java
+++ /dev/null
@@ -1,158 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-package org.apache.sentry.service.thrift;
-
-import java.util.HashMap;
-import java.util.List;
-import java.util.Map;
-
-import org.apache.commons.lang.StringUtils;
-import org.apache.sentry.core.common.utils.SentryConstants;
-import org.apache.sentry.core.common.utils.KeyValue;
-import org.apache.sentry.core.common.utils.PolicyFileConstants;
-import org.apache.sentry.provider.db.service.thrift.TSentryGrantOption;
-import org.apache.sentry.provider.db.service.thrift.TSentryPrivilege;
-import org.apache.sentry.service.thrift.ServiceConstants.PrivilegeScope;
-
-import com.google.common.collect.Lists;
-
-public final class SentryServiceUtil {
-
- // parse the privilege in String and get the TSentryPrivilege as result
- public static TSentryPrivilege convertToTSentryPrivilege(String privilegeStr) {
- TSentryPrivilege tSentryPrivilege = new TSentryPrivilege();
- for (String authorizable : SentryConstants.AUTHORIZABLE_SPLITTER.split(privilegeStr)) {
- KeyValue tempKV = new KeyValue(authorizable);
- String key = tempKV.getKey();
- String value = tempKV.getValue();
-
- if (PolicyFileConstants.PRIVILEGE_SERVER_NAME.equalsIgnoreCase(key)) {
- tSentryPrivilege.setServerName(value);
- } else if (PolicyFileConstants.PRIVILEGE_DATABASE_NAME.equalsIgnoreCase(key)) {
- tSentryPrivilege.setDbName(value);
- } else if (PolicyFileConstants.PRIVILEGE_TABLE_NAME.equalsIgnoreCase(key)) {
- tSentryPrivilege.setTableName(value);
- } else if (PolicyFileConstants.PRIVILEGE_COLUMN_NAME.equalsIgnoreCase(key)) {
- tSentryPrivilege.setColumnName(value);
- } else if (PolicyFileConstants.PRIVILEGE_URI_NAME.equalsIgnoreCase(key)) {
- tSentryPrivilege.setURI(value);
- } else if (PolicyFileConstants.PRIVILEGE_ACTION_NAME.equalsIgnoreCase(key)) {
- tSentryPrivilege.setAction(value);
- } else if (PolicyFileConstants.PRIVILEGE_GRANT_OPTION_NAME.equalsIgnoreCase(key)) {
- TSentryGrantOption grantOption = "true".equalsIgnoreCase(value) ? TSentryGrantOption.TRUE
- : TSentryGrantOption.FALSE;
- tSentryPrivilege.setGrantOption(grantOption);
- }
- }
- tSentryPrivilege.setPrivilegeScope(getPrivilegeScope(tSentryPrivilege));
- return tSentryPrivilege;
- }
-
- /**
- * Parse the object path from string to map.
- * @param objectPath the string format as db=db1->table=tbl1
- * @return Map
- */
- public static Map<String, String> parseObjectPath(String objectPath) {
- Map<String, String> objectMap = new HashMap<String, String>();
- if (StringUtils.isEmpty(objectPath)) {
- return objectMap;
- }
- for (String kvStr : SentryConstants.AUTHORIZABLE_SPLITTER.split(objectPath)) {
- KeyValue kv = new KeyValue(kvStr);
- String key = kv.getKey();
- String value = kv.getValue();
-
- if (PolicyFileConstants.PRIVILEGE_DATABASE_NAME.equalsIgnoreCase(key)) {
- objectMap.put(PolicyFileConstants.PRIVILEGE_DATABASE_NAME, value);
- } else if (PolicyFileConstants.PRIVILEGE_TABLE_NAME.equalsIgnoreCase(key)) {
- objectMap.put(PolicyFileConstants.PRIVILEGE_TABLE_NAME, value);
- }
- }
- return objectMap;
- }
-
- // for the different hierarchy for hive:
- // 1: server->url
- // 2: server->database->table->column
- // if both of them are found in the privilege string, the privilege scope will be set as
- // PrivilegeScope.URI
- public static String getPrivilegeScope(TSentryPrivilege tSentryPrivilege) {
- PrivilegeScope privilegeScope = PrivilegeScope.SERVER;
- if (!StringUtils.isEmpty(tSentryPrivilege.getURI())) {
- privilegeScope = PrivilegeScope.URI;
- } else if (!StringUtils.isEmpty(tSentryPrivilege.getColumnName())) {
- privilegeScope = PrivilegeScope.COLUMN;
- } else if (!StringUtils.isEmpty(tSentryPrivilege.getTableName())) {
- privilegeScope = PrivilegeScope.TABLE;
- } else if (!StringUtils.isEmpty(tSentryPrivilege.getDbName())) {
- privilegeScope = PrivilegeScope.DATABASE;
- }
- return privilegeScope.toString();
- }
-
- // convert TSentryPrivilege to privilege in string
- public static String convertTSentryPrivilegeToStr(TSentryPrivilege tSentryPrivilege) {
- List<String> privileges = Lists.newArrayList();
- if (tSentryPrivilege != null) {
- String serverName = tSentryPrivilege.getServerName();
- String dbName = tSentryPrivilege.getDbName();
- String tableName = tSentryPrivilege.getTableName();
- String columnName = tSentryPrivilege.getColumnName();
- String uri = tSentryPrivilege.getURI();
- String action = tSentryPrivilege.getAction();
- String grantOption = (tSentryPrivilege.getGrantOption() == TSentryGrantOption.TRUE ? "true"
- : "false");
- if (!StringUtils.isEmpty(serverName)) {
- privileges.add(SentryConstants.KV_JOINER.join(PolicyFileConstants.PRIVILEGE_SERVER_NAME,
- serverName));
- if (!StringUtils.isEmpty(uri)) {
- privileges.add(SentryConstants.KV_JOINER.join(PolicyFileConstants.PRIVILEGE_URI_NAME,
- uri));
- } else if (!StringUtils.isEmpty(dbName)) {
- privileges.add(SentryConstants.KV_JOINER.join(
- PolicyFileConstants.PRIVILEGE_DATABASE_NAME, dbName));
- if (!StringUtils.isEmpty(tableName)) {
- privileges.add(SentryConstants.KV_JOINER.join(
- PolicyFileConstants.PRIVILEGE_TABLE_NAME, tableName));
- if (!StringUtils.isEmpty(columnName)) {
- privileges.add(SentryConstants.KV_JOINER.join(
- PolicyFileConstants.PRIVILEGE_COLUMN_NAME, columnName));
- }
- }
- }
- if (!StringUtils.isEmpty(action)) {
- privileges.add(SentryConstants.KV_JOINER.join(
- PolicyFileConstants.PRIVILEGE_ACTION_NAME, action));
- }
- }
- // only append the grant option to privilege string if it's true
- if ("true".equals(grantOption)) {
- privileges.add(SentryConstants.KV_JOINER.join(
- PolicyFileConstants.PRIVILEGE_GRANT_OPTION_NAME, grantOption));
- }
- }
- return SentryConstants.AUTHORIZABLE_JOINER.join(privileges);
- }
-
- private SentryServiceUtil() {
- // Make constructor private to avoid instantiation
- }
-
-}
http://git-wip-us.apache.org/repos/asf/sentry/blob/f1332300/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/service/thrift/ServiceConstants.java
----------------------------------------------------------------------
diff --git a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/service/thrift/ServiceConstants.java b/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/service/thrift/ServiceConstants.java
deleted file mode 100644
index 32a4044..0000000
--- a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/service/thrift/ServiceConstants.java
+++ /dev/null
@@ -1,261 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package org.apache.sentry.service.thrift;
-
-import java.util.HashMap;
-import java.util.Map;
-
-import javax.security.sasl.Sasl;
-
-import org.apache.sentry.provider.db.service.thrift.SentryMetrics;
-
-import com.google.common.base.Splitter;
-import com.google.common.collect.ImmutableMap;
-
-public class ServiceConstants {
-
- private static final ImmutableMap<String, String> SASL_PROPERTIES;
-
- static {
- Map<String, String> saslProps = new HashMap<String, String>();
- saslProps.put(Sasl.SERVER_AUTH, "true");
- saslProps.put(Sasl.QOP, "auth-conf");
- SASL_PROPERTIES = ImmutableMap.copyOf(saslProps);
- }
-
- public static class ConfUtilties {
- public static final Splitter CLASS_SPLITTER = Splitter.onPattern("[\\s,]")
- .trimResults().omitEmptyStrings();
- }
- public static class ServiceArgs {
- public static final String CONFIG_FILE_SHORT = "c";
- public static final String CONFIG_FILE_LONG = "conffile";
- }
-
- public static class ServerConfig {
- public static final ImmutableMap<String, String> SASL_PROPERTIES = ServiceConstants.SASL_PROPERTIES;
- /**
- * This configuration parameter is only meant to be used for testing purposes.
- */
- public static final String SECURITY_MODE = "sentry.service.security.mode";
- public static final String SECURITY_MODE_KERBEROS = "kerberos";
- public static final String SECURITY_MODE_NONE = "none";
- public static final String SECURITY_USE_UGI_TRANSPORT = "sentry.service.security.use.ugi";
- public static final String ADMIN_GROUPS = "sentry.service.admin.group";
- public static final String PRINCIPAL = "sentry.service.server.principal";
- public static final String KEY_TAB = "sentry.service.server.keytab";
- public static final String RPC_PORT = "sentry.service.server.rpc-port";
- public static final int RPC_PORT_DEFAULT = 8038;
- public static final String RPC_ADDRESS = "sentry.service.server.rpc-address";
- public static final String RPC_ADDRESS_DEFAULT = "0.0.0.0"; //NOPMD
- public static final String RPC_MAX_THREADS = "sentry.service.server-max-threads";
- public static final int RPC_MAX_THREADS_DEFAULT = 500;
- public static final String RPC_MIN_THREADS = "sentry.service.server-min-threads";
- public static final int RPC_MIN_THREADS_DEFAULT = 10;
- public static final String ALLOW_CONNECT = "sentry.service.allow.connect";
-
- public static final String SENTRY_POLICY_STORE_PLUGINS = "sentry.policy.store.plugins";
- public static final String SENTRY_POLICY_STORE_PLUGINS_DEFAULT = "";
-
- public static final String SENTRY_METASTORE_PLUGINS = "sentry.metastore.plugins";
- public static final String SENTRY_METASTORE_PLUGINS_DEFAULT = "";
-
- public static final String PROCESSOR_FACTORIES = "sentry.service.processor.factories";
- public static final String PROCESSOR_FACTORIES_DEFAULT =
- "org.apache.sentry.provider.db.service.thrift.SentryPolicyStoreProcessorFactory" +
- ",org.apache.sentry.provider.db.generic.service.thrift.SentryGenericPolicyProcessorFactory";
- public static final String SENTRY_STORE_JDBC_URL = "sentry.store.jdbc.url";
- public static final String SENTRY_STORE_JDBC_USER = "sentry.store.jdbc.user";
- public static final String SENTRY_STORE_JDBC_USER_DEFAULT = "Sentry";
- public static final String SENTRY_STORE_JDBC_PASS = "sentry.store.jdbc.password";
- public static final String SENTRY_STORE_JDBC_DRIVER = "sentry.store.jdbc.driver";
- public static final String SENTRY_STORE_JDBC_DRIVER_DEFAULT = "org.apache.derby.jdbc.EmbeddedDriver";
-
- public static final String JAVAX_JDO_URL = "javax.jdo.option.ConnectionURL";
- public static final String JAVAX_JDO_USER = "javax.jdo.option.ConnectionUserName";
- public static final String JAVAX_JDO_PASS = "javax.jdo.option.ConnectionPassword";
- public static final String JAVAX_JDO_DRIVER_NAME = "javax.jdo.option.ConnectionDriverName";
-
- public static final String SENTRY_DB_PROPERTY_PREFIX = "sentry.";
- public static final String SENTRY_JAVAX_JDO_PROPERTY_PREFIX = SENTRY_DB_PROPERTY_PREFIX + "javax.jdo";
- public static final String SENTRY_DATANUCLEUS_PROPERTY_PREFIX = SENTRY_DB_PROPERTY_PREFIX + "datanucleus";
-
- public static final String SENTRY_VERIFY_SCHEM_VERSION = "sentry.verify.schema.version";
- public static final String SENTRY_VERIFY_SCHEM_VERSION_DEFAULT = "true";
-
- public static final String SENTRY_SERVICE_NAME = "sentry.service.name";
- public static final String SENTRY_SERVICE_NAME_DEFAULT = "Sentry-Service";
-
- public static final String SENTRY_STORE_GROUP_MAPPING = "sentry.store.group.mapping";
- public static final String SENTRY_STORE_GROUP_MAPPING_RESOURCE = "sentry.store.group.mapping.resource";
- public static final String SENTRY_STORE_HADOOP_GROUP_MAPPING = "org.apache.sentry.provider.common.HadoopGroupMappingService";
- public static final String SENTRY_STORE_LOCAL_GROUP_MAPPING = "org.apache.sentry.provider.file.LocalGroupMappingService";
- public static final String SENTRY_STORE_GROUP_MAPPING_DEFAULT = SENTRY_STORE_HADOOP_GROUP_MAPPING;
-
- public static final String SENTRY_STORE_ORPHANED_PRIVILEGE_REMOVAL = "sentry.store.orphaned.privilege.removal";
- public static final String SENTRY_STORE_ORPHANED_PRIVILEGE_REMOVAL_DEFAULT = "false";
- public static final String SENTRY_HA_ENABLED = "sentry.ha.enabled";
- public static final boolean SENTRY_HA_ENABLED_DEFAULT = false;
- public static final String SENTRY_HA_ZK_PROPERTY_PREFIX = "sentry.ha.zookeeper.";
- public static final String SENTRY_HA_ZOOKEEPER_SECURITY = SENTRY_HA_ZK_PROPERTY_PREFIX + "security";
- public static final boolean SENTRY_HA_ZOOKEEPER_SECURITY_DEFAULT = false;
- public static final String SENTRY_HA_ZOOKEEPER_QUORUM = SENTRY_HA_ZK_PROPERTY_PREFIX + "quorum";
- public static final String SENTRY_HA_ZOOKEEPER_QUORUM_DEFAULT = "localhost:2181";
- public static final String SENTRY_HA_ZOOKEEPER_RETRIES_MAX_COUNT = SENTRY_HA_ZK_PROPERTY_PREFIX + "session.retries.max.count";
- public static final int SENTRY_HA_ZOOKEEPER_RETRIES_MAX_COUNT_DEFAULT = 3;
- public static final String SENTRY_HA_ZOOKEEPER_SLEEP_BETWEEN_RETRIES_MS = SENTRY_HA_ZK_PROPERTY_PREFIX + "session.sleep.between.retries.ms";
- public static final int SENTRY_HA_ZOOKEEPER_SLEEP_BETWEEN_RETRIES_MS_DEFAULT = 100;
- public static final String SENTRY_HA_ZOOKEEPER_NAMESPACE = SENTRY_HA_ZK_PROPERTY_PREFIX + "namespace";
- public static final String SENTRY_HA_ZOOKEEPER_NAMESPACE_DEFAULT = "sentry";
- // principal and keytab for client to be able to connect to secure ZK. Needed for Sentry HA with secure ZK
- public static final String SERVER_HA_ZOOKEEPER_CLIENT_PRINCIPAL = "sentry.zookeeper.client.principal";
- public static final String SERVER_HA_ZOOKEEPER_CLIENT_KEYTAB = "sentry.zookeeper.client.keytab";
- public static final String SERVER_HA_ZOOKEEPER_CLIENT_TICKET_CACHE = "sentry.zookeeper.client.ticketcache";
- public static final String SERVER_HA_ZOOKEEPER_CLIENT_TICKET_CACHE_DEFAULT = "false";
- public static final ImmutableMap<String, String> SENTRY_STORE_DEFAULTS =
- ImmutableMap.<String, String>builder()
- .put("datanucleus.connectionPoolingType", "BoneCP")
- .put("datanucleus.validateTables", "false")
- .put("datanucleus.validateColumns", "false")
- .put("datanucleus.validateConstraints", "false")
- .put("datanucleus.storeManagerType", "rdbms")
- .put("datanucleus.schema.autoCreateAll", "true")
- .put("datanucleus.autoCreateSchema", "false")
- .put("datanucleus.fixedDatastore", "true")
- .put("datanucleus.autoStartMechanismMode", "checked")
- .put("datanucleus.transactionIsolation", "read-committed")
- .put("datanucleus.cache.level2", "false")
- .put("datanucleus.cache.level2.type", "none")
- .put("datanucleus.identifierFactory", "datanucleus1")
- .put("datanucleus.rdbms.useLegacyNativeValueStrategy", "true")
- .put("datanucleus.plugin.pluginRegistryBundleCheck", "LOG")
- .put("javax.jdo.PersistenceManagerFactoryClass",
- "org.datanucleus.api.jdo.JDOPersistenceManagerFactory")
- .put("javax.jdo.option.DetachAllOnCommit", "true")
- .put("javax.jdo.option.NonTransactionalRead", "false")
- .put("javax.jdo.option.NonTransactionalWrite", "false")
- .put("javax.jdo.option.Multithreaded", "true")
- .build();
-
- public static final String SENTRY_WEB_ENABLE = "sentry.service.web.enable";
- public static final Boolean SENTRY_WEB_ENABLE_DEFAULT = false;
- public static final String SENTRY_WEB_PORT = "sentry.service.web.port";
- public static final int SENTRY_WEB_PORT_DEFAULT = 29000;
- public static final String SENTRY_REPORTER = "sentry.service.reporter";
- public static final String SENTRY_REPORTER_JMX = SentryMetrics.Reporting.JMX.name(); //case insensitive
- public static final String SENTRY_REPORTER_CONSOLE = SentryMetrics.Reporting.CONSOLE.name();//case insensitive
-
- // Web SSL
- public static final String SENTRY_WEB_USE_SSL = "sentry.web.use.ssl";
- public static final String SENTRY_WEB_SSL_KEYSTORE_PATH = "sentry.web.ssl.keystore.path";
- public static final String SENTRY_WEB_SSL_KEYSTORE_PASSWORD = "sentry.web.ssl.keystore.password";
- public static final String SENTRY_SSL_PROTOCOL_BLACKLIST = "sentry.ssl.protocol.blacklist";
- // Blacklist SSL protocols that are not secure (e.g., POODLE vulnerability)
- public static final String[] SENTRY_SSL_PROTOCOL_BLACKLIST_DEFAULT = {"SSLv2", "SSLv2Hello", "SSLv3"};
-
- // Web Security
- public static final String SENTRY_WEB_SECURITY_PREFIX = "sentry.service.web.authentication";
- public static final String SENTRY_WEB_SECURITY_TYPE = SENTRY_WEB_SECURITY_PREFIX + ".type";
- public static final String SENTRY_WEB_SECURITY_TYPE_NONE = "NONE";
- public static final String SENTRY_WEB_SECURITY_TYPE_KERBEROS = "KERBEROS";
- public static final String SENTRY_WEB_SECURITY_PRINCIPAL = SENTRY_WEB_SECURITY_PREFIX + ".kerberos.principal";
- public static final String SENTRY_WEB_SECURITY_KEYTAB = SENTRY_WEB_SECURITY_PREFIX + ".kerberos.keytab";
- public static final String SENTRY_WEB_SECURITY_ALLOW_CONNECT_USERS = SENTRY_WEB_SECURITY_PREFIX + ".allow.connect.users";
-
- // max message size for thrift messages
- public static final String SENTRY_POLICY_SERVER_THRIFT_MAX_MESSAGE_SIZE = "sentry.policy.server.thrift.max.message.size";
- public static final long SENTRY_POLICY_SERVER_THRIFT_MAX_MESSAGE_SIZE_DEFAULT = 100 * 1024 * 1024;
-
- // action factories for external components
- public static final String SENTRY_COMPONENT_ACTION_FACTORY_FORMAT = "sentry.%s.action.factory";
-
- // Sentry is never a client to other Kerberos Services, it should not be required to renew the TGT
- @Deprecated
- public static final String SENTRY_KERBEROS_TGT_AUTORENEW = "sentry.service.kerberos.tgt.autorenew";
- @Deprecated
- public static final Boolean SENTRY_KERBEROS_TGT_AUTORENEW_DEFAULT = false;
- }
-
- public static class ClientConfig {
- public static final ImmutableMap<String, String> SASL_PROPERTIES = ServiceConstants.SASL_PROPERTIES;
- public static final String SERVER_RPC_PORT = "sentry.service.client.server.rpc-port";
- public static final int SERVER_RPC_PORT_DEFAULT = ServerConfig.RPC_PORT_DEFAULT;
- public static final String SERVER_RPC_ADDRESS = "sentry.service.client.server.rpc-address";
- public static final String SERVER_RPC_CONN_TIMEOUT = "sentry.service.client.server.rpc-connection-timeout";
- public static final int SERVER_RPC_CONN_TIMEOUT_DEFAULT = 200000;
-
- // HA configuration
- public static final String SERVER_HA_ENABLED = "sentry.ha.enabled";
- public static final boolean SERVER_HA_ENABLED_DEFAULT = ServerConfig.SENTRY_HA_ENABLED_DEFAULT;
- public static final String SENTRY_HA_ZOOKEEPER_QUORUM = ServerConfig.SENTRY_HA_ZOOKEEPER_QUORUM;
- public static final String SERVER_HA_ZOOKEEPER_QUORUM_DEFAULT = ServerConfig.SENTRY_HA_ZOOKEEPER_QUORUM_DEFAULT;
- public static final String SENTRY_HA_ZOOKEEPER_NAMESPACE = ServerConfig.SENTRY_HA_ZOOKEEPER_NAMESPACE;
- public static final String SERVER_HA_ZOOKEEPER_NAMESPACE_DEFAULT = ServerConfig.SENTRY_HA_ZOOKEEPER_NAMESPACE_DEFAULT;
-
- // connection pool configuration
- public static final String SENTRY_POOL_ENABLED = "sentry.service.client.connection.pool.enabled";
- public static final boolean SENTRY_POOL_ENABLED_DEFAULT = false;
-
- // commons-pool configuration for pool size
- public static final String SENTRY_POOL_MAX_TOTAL = "sentry.service.client.connection.pool.max-total";
- public static final int SENTRY_POOL_MAX_TOTAL_DEFAULT = 8;
- public static final String SENTRY_POOL_MAX_IDLE = "sentry.service.client.connection.pool.max-idle";
- public static final int SENTRY_POOL_MAX_IDLE_DEFAULT = 8;
- public static final String SENTRY_POOL_MIN_IDLE = "sentry.service.client.connection.pool.min-idle";
- public static final int SENTRY_POOL_MIN_IDLE_DEFAULT = 0;
-
- // retry num for getting the connection from connection pool
- public static final String SENTRY_POOL_RETRY_TOTAL = "sentry.service.client.connection.pool.retry-total";
- public static final int SENTRY_POOL_RETRY_TOTAL_DEFAULT = 3;
-
- // max message size for thrift messages
- public static final String SENTRY_POLICY_CLIENT_THRIFT_MAX_MESSAGE_SIZE = "sentry.policy.client.thrift.max.message.size";
- public static final long SENTRY_POLICY_CLIENT_THRIFT_MAX_MESSAGE_SIZE_DEFAULT = 100 * 1024 * 1024;
-
- // client retry settings
- public static final String RETRY_COUNT_CONF = "sentry.provider.backend.db.retry.count";
- public static final int RETRY_COUNT_DEFAULT = 3;
- public static final String RETRY_INTERVAL_SEC_CONF = "sentry.provider.backend.db.retry.interval.seconds";
- public static final int RETRY_INTERVAL_SEC_DEFAULT = 30;
-
- // provider backend cache settings
- public static final String ENABLE_CACHING = "sentry.provider.backend.generic.cache.enabled";
- public static final boolean ENABLE_CACHING_DEFAULT = false;
- public static final String CACHE_TTL_MS = "sentry.provider.backend.generic.cache.ttl.ms";
- public static final long CACHING_TTL_MS_DEFAULT = 30000;
- public static final String CACHE_UPDATE_FAILURES_BEFORE_PRIV_REVOKE = "sentry.provider.backend.generic.cache.update.failures.count";
- public static final int CACHE_UPDATE_FAILURES_BEFORE_PRIV_REVOKE_DEFAULT = 3;
- public static final String PRIVILEGE_CONVERTER = "sentry.provider.backend.generic.privilege.converter";
- }
-
- /**
- * Thrift generates terrible constant class names
- */
- public static class ThriftConstants extends org.apache.sentry.service.thrift.sentry_common_serviceConstants {
- public static final int TSENTRY_SERVICE_VERSION_CURRENT = TSENTRY_SERVICE_V2;
- }
-
- /* Privilege operation scope */
- public static enum PrivilegeScope {
- SERVER,
- URI,
- DATABASE,
- TABLE,
- COLUMN
- }
-}
http://git-wip-us.apache.org/repos/asf/sentry/blob/f1332300/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/service/thrift/Status.java
----------------------------------------------------------------------
diff --git a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/service/thrift/Status.java b/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/service/thrift/Status.java
deleted file mode 100644
index e9cc411..0000000
--- a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/service/thrift/Status.java
+++ /dev/null
@@ -1,132 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package org.apache.sentry.service.thrift;
-
-import java.io.PrintWriter;
-import java.io.StringWriter;
-
-import javax.annotation.Nullable;
-
-import org.apache.sentry.core.common.exception.SentryUserException;
-import org.apache.sentry.core.common.exception.SentryAccessDeniedException;
-import org.apache.sentry.core.common.exception.SentryAlreadyExistsException;
-import org.apache.sentry.core.common.exception.SentryInvalidInputException;
-import org.apache.sentry.core.common.exception.SentryNoSuchObjectException;
-import org.apache.sentry.core.common.exception.SentryThriftAPIMismatchException;
-import org.apache.sentry.service.thrift.ServiceConstants.ThriftConstants;
-
-/**
- * Simple factory to make returning TSentryStatus objects easy
- */
-public enum Status {
- OK(ThriftConstants.TSENTRY_STATUS_OK),
- ALREADY_EXISTS(ThriftConstants.TSENTRY_STATUS_ALREADY_EXISTS),
- NO_SUCH_OBJECT(ThriftConstants.TSENTRY_STATUS_NO_SUCH_OBJECT),
- RUNTIME_ERROR(ThriftConstants.TSENTRY_STATUS_RUNTIME_ERROR),
- INVALID_INPUT(ThriftConstants.TSENTRY_STATUS_INVALID_INPUT),
- ACCESS_DENIED(ThriftConstants.TSENTRY_STATUS_ACCESS_DENIED),
- THRIFT_VERSION_MISMATCH(ThriftConstants.TSENTRY_STATUS_THRIFT_VERSION_MISMATCH),
- UNKNOWN(-1)
- ;
- private int code;
- private Status(int code) {
- this.code = code;
- }
- public int getCode() {
- return code;
- }
- public static Status fromCode(int code) {
- for (Status status : Status.values()) {
- if (status.getCode() == code) {
- return status;
- }
- }
- return Status.UNKNOWN;
- }
- public static TSentryResponseStatus OK() {
- return Create(Status.OK, "");
- }
- public static TSentryResponseStatus AccessDenied(String message, Throwable t) {
- return Create(Status.ACCESS_DENIED, message, t);
- }
- public static TSentryResponseStatus AlreadyExists(String message, Throwable t) {
- return Create(Status.ALREADY_EXISTS, message, t);
- }
- public static TSentryResponseStatus NoSuchObject(String message, Throwable t) {
- return Create(Status.NO_SUCH_OBJECT, message, t);
- }
- public static TSentryResponseStatus RuntimeError(String message, Throwable t) {
- return Create(Status.RUNTIME_ERROR, message, t);
- }
- public static TSentryResponseStatus Create(Status value, String message) {
- return Create(value, message, null);
- }
- public static TSentryResponseStatus InvalidInput(String message, Throwable t) {
- return Create(Status.INVALID_INPUT, message, t);
- }
- public static TSentryResponseStatus THRIFT_VERSION_MISMATCH(String message, Throwable t) {
- return Create(Status.THRIFT_VERSION_MISMATCH, message, t);
- }
- public static TSentryResponseStatus Create(Status value, String message, @Nullable Throwable t) {
- TSentryResponseStatus status = new TSentryResponseStatus();
- status.setValue(value.getCode());
- status.setMessage(message);
- if (t != null) {
- StringWriter stringWriter = new StringWriter();
- PrintWriter printWriter = new PrintWriter(stringWriter);
- t.printStackTrace(printWriter);
- printWriter.close();
- status.setStack(stringWriter.toString());
- }
- return status;
- }
- public static void throwIfNotOk(TSentryResponseStatus thriftStatus)
- throws SentryUserException {
- Status status = Status.fromCode(thriftStatus.getValue());
- switch(status) {
- case OK:
- break;
- case ALREADY_EXISTS:
- throw new SentryAlreadyExistsException(serverErrorToString(thriftStatus), thriftStatus.getMessage());
- case NO_SUCH_OBJECT:
- throw new SentryNoSuchObjectException(serverErrorToString(thriftStatus), thriftStatus.getMessage());
- case RUNTIME_ERROR:
- throw new RuntimeException(serverErrorToString(thriftStatus));
- case INVALID_INPUT:
- throw new SentryInvalidInputException(serverErrorToString(thriftStatus), thriftStatus.getMessage());
- case ACCESS_DENIED:
- throw new SentryAccessDeniedException(serverErrorToString(thriftStatus), thriftStatus.getMessage());
- case THRIFT_VERSION_MISMATCH:
- throw new SentryThriftAPIMismatchException(serverErrorToString(thriftStatus), thriftStatus.getMessage());
- case UNKNOWN:
- throw new AssertionError(serverErrorToString(thriftStatus));
- default:
- throw new AssertionError("Unknown status code: " + status + ". Msg: " +
- serverErrorToString(thriftStatus));
- }
- }
-
- private static String serverErrorToString(TSentryResponseStatus thriftStatus) {
- String msg = thriftStatus.getMessage();
- String stack = thriftStatus.getStack();
- if (stack == null) {
- return msg;
- }
- return msg + ". Server Stacktrace: " + stack;
- }
-}
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/sentry/blob/f1332300/sentry-provider/sentry-provider-db/src/main/resources/001-SENTRY-327.derby.sql
----------------------------------------------------------------------
diff --git a/sentry-provider/sentry-provider-db/src/main/resources/001-SENTRY-327.derby.sql b/sentry-provider/sentry-provider-db/src/main/resources/001-SENTRY-327.derby.sql
deleted file mode 100644
index 04353d1..0000000
--- a/sentry-provider/sentry-provider-db/src/main/resources/001-SENTRY-327.derby.sql
+++ /dev/null
@@ -1,2 +0,0 @@
--- SENTRY-327
-ALTER TABLE SENTRY_DB_PRIVILEGE ADD COLUMN WITH_GRANT_OPTION CHAR(1) NOT NULL DEFAULT 'N';
http://git-wip-us.apache.org/repos/asf/sentry/blob/f1332300/sentry-provider/sentry-provider-db/src/main/resources/001-SENTRY-327.mysql.sql
----------------------------------------------------------------------
diff --git a/sentry-provider/sentry-provider-db/src/main/resources/001-SENTRY-327.mysql.sql b/sentry-provider/sentry-provider-db/src/main/resources/001-SENTRY-327.mysql.sql
deleted file mode 100644
index 7d96bc0..0000000
--- a/sentry-provider/sentry-provider-db/src/main/resources/001-SENTRY-327.mysql.sql
+++ /dev/null
@@ -1,2 +0,0 @@
--- SENTRY-327
-ALTER TABLE `SENTRY_DB_PRIVILEGE` ADD `WITH_GRANT_OPTION` CHAR(1) NOT NULL DEFAULT 'N';
http://git-wip-us.apache.org/repos/asf/sentry/blob/f1332300/sentry-provider/sentry-provider-db/src/main/resources/001-SENTRY-327.oracle.sql
----------------------------------------------------------------------
diff --git a/sentry-provider/sentry-provider-db/src/main/resources/001-SENTRY-327.oracle.sql b/sentry-provider/sentry-provider-db/src/main/resources/001-SENTRY-327.oracle.sql
deleted file mode 100644
index f42ccdf..0000000
--- a/sentry-provider/sentry-provider-db/src/main/resources/001-SENTRY-327.oracle.sql
+++ /dev/null
@@ -1,2 +0,0 @@
--- SENTRY-327
-ALTER TABLE SENTRY_DB_PRIVILEGE ADD WITH_GRANT_OPTION CHAR(1) DEFAULT 'N' NOT NULL;
http://git-wip-us.apache.org/repos/asf/sentry/blob/f1332300/sentry-provider/sentry-provider-db/src/main/resources/001-SENTRY-327.postgres.sql
----------------------------------------------------------------------
diff --git a/sentry-provider/sentry-provider-db/src/main/resources/001-SENTRY-327.postgres.sql b/sentry-provider/sentry-provider-db/src/main/resources/001-SENTRY-327.postgres.sql
deleted file mode 100644
index 1b670ec..0000000
--- a/sentry-provider/sentry-provider-db/src/main/resources/001-SENTRY-327.postgres.sql
+++ /dev/null
@@ -1,2 +0,0 @@
--- SENTRY-327
-ALTER TABLE "SENTRY_DB_PRIVILEGE" ADD COLUMN "WITH_GRANT_OPTION" CHAR(1) NOT NULL DEFAULT 'N';
http://git-wip-us.apache.org/repos/asf/sentry/blob/f1332300/sentry-provider/sentry-provider-db/src/main/resources/002-SENTRY-339.derby.sql
----------------------------------------------------------------------
diff --git a/sentry-provider/sentry-provider-db/src/main/resources/002-SENTRY-339.derby.sql b/sentry-provider/sentry-provider-db/src/main/resources/002-SENTRY-339.derby.sql
deleted file mode 100644
index 647e9e2..0000000
--- a/sentry-provider/sentry-provider-db/src/main/resources/002-SENTRY-339.derby.sql
+++ /dev/null
@@ -1,13 +0,0 @@
--- SENTRY-339
-DROP INDEX SENTRYPRIVILEGENAME;
-CREATE UNIQUE INDEX SENTRYPRIVILEGENAME ON SENTRY_DB_PRIVILEGE ("SERVER_NAME",DB_NAME,"TABLE_NAME",URI,"ACTION",WITH_GRANT_OPTION);
-
-ALTER TABLE SENTRY_DB_PRIVILEGE DROP COLUMN PRIVILEGE_NAME;
-
-ALTER TABLE SENTRY_DB_PRIVILEGE ALTER COLUMN DB_NAME SET DEFAULT '__NULL__';
-ALTER TABLE SENTRY_DB_PRIVILEGE ALTER COLUMN TABLE_NAME SET DEFAULT '__NULL__';
-ALTER TABLE SENTRY_DB_PRIVILEGE ALTER COLUMN URI SET DEFAULT '__NULL__';
-
-UPDATE SENTRY_DB_PRIVILEGE SET DB_NAME = DEFAULT WHERE DB_NAME is null;
-UPDATE SENTRY_DB_PRIVILEGE SET TABLE_NAME = DEFAULT WHERE TABLE_NAME is null;
-UPDATE SENTRY_DB_PRIVILEGE SET URI = DEFAULT WHERE URI is null;
http://git-wip-us.apache.org/repos/asf/sentry/blob/f1332300/sentry-provider/sentry-provider-db/src/main/resources/002-SENTRY-339.mysql.sql
----------------------------------------------------------------------
diff --git a/sentry-provider/sentry-provider-db/src/main/resources/002-SENTRY-339.mysql.sql b/sentry-provider/sentry-provider-db/src/main/resources/002-SENTRY-339.mysql.sql
deleted file mode 100644
index cd4ec7c..0000000
--- a/sentry-provider/sentry-provider-db/src/main/resources/002-SENTRY-339.mysql.sql
+++ /dev/null
@@ -1,13 +0,0 @@
--- SENTRY-339
-ALTER TABLE `SENTRY_DB_PRIVILEGE` DROP INDEX `SENTRY_DB_PRIV_PRIV_NAME_UNIQ`;
-ALTER TABLE `SENTRY_DB_PRIVILEGE` ADD UNIQUE `SENTRY_DB_PRIV_PRIV_NAME_UNIQ` (`SERVER_NAME`,`DB_NAME`,`TABLE_NAME`,`URI`(250),`ACTION`,`WITH_GRANT_OPTION`);
-ALTER TABLE `SENTRY_DB_PRIVILEGE` DROP `PRIVILEGE_NAME`;
-
-ALTER TABLE SENTRY_DB_PRIVILEGE ALTER COLUMN DB_NAME SET DEFAULT '__NULL__';
-ALTER TABLE SENTRY_DB_PRIVILEGE ALTER COLUMN TABLE_NAME SET DEFAULT '__NULL__';
-ALTER TABLE SENTRY_DB_PRIVILEGE ALTER COLUMN URI SET DEFAULT '__NULL__';
-
-UPDATE SENTRY_DB_PRIVILEGE SET DB_NAME = DEFAULT WHERE DB_NAME is null;
-UPDATE SENTRY_DB_PRIVILEGE SET TABLE_NAME = DEFAULT WHERE TABLE_NAME is null;
-UPDATE SENTRY_DB_PRIVILEGE SET URI = DEFAULT WHERE URI is null;
-
http://git-wip-us.apache.org/repos/asf/sentry/blob/f1332300/sentry-provider/sentry-provider-db/src/main/resources/002-SENTRY-339.oracle.sql
----------------------------------------------------------------------
diff --git a/sentry-provider/sentry-provider-db/src/main/resources/002-SENTRY-339.oracle.sql b/sentry-provider/sentry-provider-db/src/main/resources/002-SENTRY-339.oracle.sql
deleted file mode 100644
index f5f596d..0000000
--- a/sentry-provider/sentry-provider-db/src/main/resources/002-SENTRY-339.oracle.sql
+++ /dev/null
@@ -1,13 +0,0 @@
--- SENTRY-339
-ALTER TABLE SENTRY_DB_PRIVILEGE DROP CONSTRAINT "SENTRY_DB_PRIV_PRIV_NAME_UNIQ" DROP INDEX;
-ALTER TABLE SENTRY_DB_PRIVILEGE ADD CONSTRAINT "SENTRY_DB_PRIV_PRIV_NAME_UNIQ" UNIQUE ("SERVER_NAME","DB_NAME","TABLE_NAME","URI","ACTION","WITH_GRANT_OPTION");
-ALTER TABLE SENTRY_DB_PRIVILEGE DROP COLUMN PRIVILEGE_NAME;
-
-ALTER TABLE SENTRY_DB_PRIVILEGE MODIFY DB_NAME DEFAULT '__NULL__';
-ALTER TABLE SENTRY_DB_PRIVILEGE MODIFY TABLE_NAME DEFAULT '__NULL__';
-ALTER TABLE SENTRY_DB_PRIVILEGE MODIFY URI DEFAULT '__NULL__';
-
-UPDATE SENTRY_DB_PRIVILEGE SET DB_NAME = DEFAULT WHERE DB_NAME is null;
-UPDATE SENTRY_DB_PRIVILEGE SET TABLE_NAME = DEFAULT WHERE TABLE_NAME is null;
-UPDATE SENTRY_DB_PRIVILEGE SET URI = DEFAULT WHERE URI is null;
-
http://git-wip-us.apache.org/repos/asf/sentry/blob/f1332300/sentry-provider/sentry-provider-db/src/main/resources/002-SENTRY-339.postgres.sql
----------------------------------------------------------------------
diff --git a/sentry-provider/sentry-provider-db/src/main/resources/002-SENTRY-339.postgres.sql b/sentry-provider/sentry-provider-db/src/main/resources/002-SENTRY-339.postgres.sql
deleted file mode 100644
index 458e447..0000000
--- a/sentry-provider/sentry-provider-db/src/main/resources/002-SENTRY-339.postgres.sql
+++ /dev/null
@@ -1,13 +0,0 @@
--- SENTRY-339
-ALTER TABLE "SENTRY_DB_PRIVILEGE" DROP CONSTRAINT "SENTRY_DB_PRIV_PRIV_NAME_UNIQ";
-ALTER TABLE "SENTRY_DB_PRIVILEGE" ADD CONSTRAINT "SENTRY_DB_PRIV_PRIV_NAME_UNIQ" UNIQUE ("SERVER_NAME","DB_NAME","TABLE_NAME","URI", "ACTION","WITH_GRANT_OPTION");
-ALTER TABLE "SENTRY_DB_PRIVILEGE" DROP COLUMN "PRIVILEGE_NAME";
-
-ALTER TABLE "SENTRY_DB_PRIVILEGE" ALTER COLUMN "DB_NAME" SET DEFAULT '__NULL__';
-AlTER TABLE "SENTRY_DB_PRIVILEGE" ALTER COLUMN "TABLE_NAME" SET DEFAULT '__NULL__';
-ALTER TABLE "SENTRY_DB_PRIVILEGE" ALTER COLUMN "URI" SET DEFAULT '__NULL__';
-
-UPDATE "SENTRY_DB_PRIVILEGE" SET "DB_NAME" = DEFAULT where "DB_NAME" is null;
-UPDATE "SENTRY_DB_PRIVILEGE" SET "TABLE_NAME" = DEFAULT where "TABLE_NAME" is null;
-UPDATE "SENTRY_DB_PRIVILEGE" SET "URI" = DEFAULT where "URI" is null;
-
http://git-wip-us.apache.org/repos/asf/sentry/blob/f1332300/sentry-provider/sentry-provider-db/src/main/resources/003-SENTRY-380.derby.sql
----------------------------------------------------------------------
diff --git a/sentry-provider/sentry-provider-db/src/main/resources/003-SENTRY-380.derby.sql b/sentry-provider/sentry-provider-db/src/main/resources/003-SENTRY-380.derby.sql
deleted file mode 100644
index f27b358..0000000
--- a/sentry-provider/sentry-provider-db/src/main/resources/003-SENTRY-380.derby.sql
+++ /dev/null
@@ -1,7 +0,0 @@
--- SENTRY-380
-ALTER TABLE SENTRY_DB_PRIVILEGE DROP GRANTOR_PRINCIPAL;
-ALTER TABLE SENTRY_ROLE DROP GRANTOR_PRINCIPAL;
-ALTER TABLE SENTRY_GROUP DROP GRANTOR_PRINCIPAL;
-
-ALTER TABLE SENTRY_ROLE_DB_PRIVILEGE_MAP ADD GRANTOR_PRINCIPAL VARCHAR(128);
-ALTER TABLE SENTRY_ROLE_GROUP_MAP ADD GRANTOR_PRINCIPAL VARCHAR(128);
http://git-wip-us.apache.org/repos/asf/sentry/blob/f1332300/sentry-provider/sentry-provider-db/src/main/resources/003-SENTRY-380.mysql.sql
----------------------------------------------------------------------
diff --git a/sentry-provider/sentry-provider-db/src/main/resources/003-SENTRY-380.mysql.sql b/sentry-provider/sentry-provider-db/src/main/resources/003-SENTRY-380.mysql.sql
deleted file mode 100644
index 8e0a633..0000000
--- a/sentry-provider/sentry-provider-db/src/main/resources/003-SENTRY-380.mysql.sql
+++ /dev/null
@@ -1,7 +0,0 @@
--- SENTRY-380
-ALTER TABLE `SENTRY_DB_PRIVILEGE` DROP `GRANTOR_PRINCIPAL`;
-ALTER TABLE `SENTRY_ROLE` DROP `GRANTOR_PRINCIPAL`;
-ALTER TABLE `SENTRY_GROUP` DROP `GRANTOR_PRINCIPAL`;
-
-ALTER TABLE `SENTRY_ROLE_DB_PRIVILEGE_MAP` ADD `GRANTOR_PRINCIPAL` VARCHAR(128) CHARACTER SET utf8 COLLATE utf8_bin;
-ALTER TABLE `SENTRY_ROLE_GROUP_MAP` ADD `GRANTOR_PRINCIPAL` VARCHAR(128) CHARACTER SET utf8 COLLATE utf8_bin;
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/sentry/blob/f1332300/sentry-provider/sentry-provider-db/src/main/resources/003-SENTRY-380.oracle.sql
----------------------------------------------------------------------
diff --git a/sentry-provider/sentry-provider-db/src/main/resources/003-SENTRY-380.oracle.sql b/sentry-provider/sentry-provider-db/src/main/resources/003-SENTRY-380.oracle.sql
deleted file mode 100644
index d07d20e..0000000
--- a/sentry-provider/sentry-provider-db/src/main/resources/003-SENTRY-380.oracle.sql
+++ /dev/null
@@ -1,7 +0,0 @@
--- SENTRY-380
-ALTER TABLE "SENTRY_DB_PRIVILEGE" DROP COLUMN "GRANTOR_PRINCIPAL";
-ALTER TABLE "SENTRY_ROLE" DROP COLUMN "GRANTOR_PRINCIPAL";
-ALTER TABLE "SENTRY_GROUP" DROP COLUMN "GRANTOR_PRINCIPAL";
-
-ALTER TABLE "SENTRY_ROLE_DB_PRIVILEGE_MAP" ADD "GRANTOR_PRINCIPAL" VARCHAR2(128);
-ALTER TABLE "SENTRY_ROLE_GROUP_MAP" ADD "GRANTOR_PRINCIPAL" VARCHAR2(128);
http://git-wip-us.apache.org/repos/asf/sentry/blob/f1332300/sentry-provider/sentry-provider-db/src/main/resources/003-SENTRY-380.postgres.sql
----------------------------------------------------------------------
diff --git a/sentry-provider/sentry-provider-db/src/main/resources/003-SENTRY-380.postgres.sql b/sentry-provider/sentry-provider-db/src/main/resources/003-SENTRY-380.postgres.sql
deleted file mode 100644
index 95a2ef1..0000000
--- a/sentry-provider/sentry-provider-db/src/main/resources/003-SENTRY-380.postgres.sql
+++ /dev/null
@@ -1,7 +0,0 @@
--- SENTRY-380
-ALTER TABLE "SENTRY_DB_PRIVILEGE" DROP "GRANTOR_PRINCIPAL";
-ALTER TABLE "SENTRY_ROLE" DROP "GRANTOR_PRINCIPAL";
-ALTER TABLE "SENTRY_GROUP" DROP "GRANTOR_PRINCIPAL";
-
-ALTER TABLE "SENTRY_ROLE_DB_PRIVILEGE_MAP" ADD "GRANTOR_PRINCIPAL" character varying(128);
-ALTER TABLE "SENTRY_ROLE_GROUP_MAP" ADD "GRANTOR_PRINCIPAL" character varying(128);
http://git-wip-us.apache.org/repos/asf/sentry/blob/f1332300/sentry-provider/sentry-provider-db/src/main/resources/004-SENTRY-74.derby.sql
----------------------------------------------------------------------
diff --git a/sentry-provider/sentry-provider-db/src/main/resources/004-SENTRY-74.derby.sql b/sentry-provider/sentry-provider-db/src/main/resources/004-SENTRY-74.derby.sql
deleted file mode 100644
index da1f4d6..0000000
--- a/sentry-provider/sentry-provider-db/src/main/resources/004-SENTRY-74.derby.sql
+++ /dev/null
@@ -1,4 +0,0 @@
--- SENTRY-74
-ALTER TABLE SENTRY_DB_PRIVILEGE ADD COLUMN COLUMN_NAME VARCHAR(4000) DEFAULT '__NULL__';
-DROP INDEX SENTRYPRIVILEGENAME;
-CREATE UNIQUE INDEX SENTRYPRIVILEGENAME ON SENTRY_DB_PRIVILEGE ("SERVER_NAME",DB_NAME,"TABLE_NAME","COLUMN_NAME",URI,"ACTION",WITH_GRANT_OPTION);
http://git-wip-us.apache.org/repos/asf/sentry/blob/f1332300/sentry-provider/sentry-provider-db/src/main/resources/004-SENTRY-74.mysql.sql
----------------------------------------------------------------------
diff --git a/sentry-provider/sentry-provider-db/src/main/resources/004-SENTRY-74.mysql.sql b/sentry-provider/sentry-provider-db/src/main/resources/004-SENTRY-74.mysql.sql
deleted file mode 100644
index 1419ca3..0000000
--- a/sentry-provider/sentry-provider-db/src/main/resources/004-SENTRY-74.mysql.sql
+++ /dev/null
@@ -1,4 +0,0 @@
--- SENTRY-74
-ALTER TABLE `SENTRY_DB_PRIVILEGE` ADD `COLUMN_NAME` VARCHAR(128) DEFAULT '__NULL__';
-ALTER TABLE `SENTRY_DB_PRIVILEGE` DROP INDEX `SENTRY_DB_PRIV_PRIV_NAME_UNIQ`;
-ALTER TABLE `SENTRY_DB_PRIVILEGE` ADD UNIQUE `SENTRY_DB_PRIV_PRIV_NAME_UNIQ` (`SERVER_NAME`,`DB_NAME`,`TABLE_NAME`,`COLUMN_NAME`,`URI`(250),`ACTION`,`WITH_GRANT_OPTION`);
http://git-wip-us.apache.org/repos/asf/sentry/blob/f1332300/sentry-provider/sentry-provider-db/src/main/resources/004-SENTRY-74.oracle.sql
----------------------------------------------------------------------
diff --git a/sentry-provider/sentry-provider-db/src/main/resources/004-SENTRY-74.oracle.sql b/sentry-provider/sentry-provider-db/src/main/resources/004-SENTRY-74.oracle.sql
deleted file mode 100644
index a70ae0a..0000000
--- a/sentry-provider/sentry-provider-db/src/main/resources/004-SENTRY-74.oracle.sql
+++ /dev/null
@@ -1,4 +0,0 @@
--- SENTRY-74
-ALTER TABLE SENTRY_DB_PRIVILEGE ADD COLUMN_NAME VARCHAR2(128) DEFAULT '__NULL__';
-ALTER TABLE SENTRY_DB_PRIVILEGE DROP CONSTRAINT "SENTRY_DB_PRIV_PRIV_NAME_UNIQ" DROP INDEX;
-ALTER TABLE SENTRY_DB_PRIVILEGE ADD CONSTRAINT "SENTRY_DB_PRIV_PRIV_NAME_UNIQ" UNIQUE ("SERVER_NAME","DB_NAME","TABLE_NAME","COLUMN_NAME","URI","ACTION","WITH_GRANT_OPTION");
http://git-wip-us.apache.org/repos/asf/sentry/blob/f1332300/sentry-provider/sentry-provider-db/src/main/resources/004-SENTRY-74.postgres.sql
----------------------------------------------------------------------
diff --git a/sentry-provider/sentry-provider-db/src/main/resources/004-SENTRY-74.postgres.sql b/sentry-provider/sentry-provider-db/src/main/resources/004-SENTRY-74.postgres.sql
deleted file mode 100644
index 81bdfa3..0000000
--- a/sentry-provider/sentry-provider-db/src/main/resources/004-SENTRY-74.postgres.sql
+++ /dev/null
@@ -1,4 +0,0 @@
--- SENTRY-74
-ALTER TABLE "SENTRY_DB_PRIVILEGE" ADD COLUMN "COLUMN_NAME" character varying(128) DEFAULT '__NULL__';
-ALTER TABLE "SENTRY_DB_PRIVILEGE" DROP CONSTRAINT "SENTRY_DB_PRIV_PRIV_NAME_UNIQ";
-ALTER TABLE "SENTRY_DB_PRIVILEGE" ADD CONSTRAINT "SENTRY_DB_PRIV_PRIV_NAME_UNIQ" UNIQUE ("SERVER_NAME","DB_NAME","TABLE_NAME","COLUMN_NAME","URI", "ACTION","WITH_GRANT_OPTION");