You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@sentry.apache.org by sh...@apache.org on 2014/03/13 22:21:16 UTC
[01/13] SENTRY-143: Merge db_policy_store branch into master (Brock
Noland via Shreepadma Venugopalan)
Repository: incubator-sentry
Updated Branches:
refs/heads/master 0341d51b9 -> 644e8be34
http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/644e8be3/sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/service/thrift/SentryServiceIntegrationBase.java
----------------------------------------------------------------------
diff --git a/sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/service/thrift/SentryServiceIntegrationBase.java b/sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/service/thrift/SentryServiceIntegrationBase.java
new file mode 100644
index 0000000..db76aa8
--- /dev/null
+++ b/sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/service/thrift/SentryServiceIntegrationBase.java
@@ -0,0 +1,172 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.sentry.service.thrift;
+import java.io.File;
+import java.security.PrivilegedExceptionAction;
+import java.util.HashSet;
+import java.util.concurrent.TimeoutException;
+
+import javax.security.auth.Subject;
+import javax.security.auth.kerberos.KerberosPrincipal;
+import javax.security.auth.login.LoginContext;
+
+import org.apache.hadoop.conf.Configuration;
+import org.apache.hadoop.minikdc.KerberosSecurityTestcase;
+import org.apache.hadoop.minikdc.MiniKdc;
+import org.apache.sentry.provider.db.service.thrift.SentryPolicyServiceClient;
+import org.apache.sentry.service.thrift.ServiceConstants.ClientConfig;
+import org.apache.sentry.service.thrift.ServiceConstants.ServerConfig;
+import org.junit.After;
+import org.junit.Assert;
+import org.junit.Before;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+import com.google.common.base.Strings;
+import com.google.common.collect.Sets;
+
+public abstract class SentryServiceIntegrationBase extends KerberosSecurityTestcase {
+ private static final Logger LOGGER = LoggerFactory.getLogger(SentryServiceIntegrationBase.class);
+
+ static {
+ if (System.getProperty("sun.security.krb5.debug", "").trim().isEmpty()) {
+ System.setProperty("sun.security.krb5.debug", String.valueOf("true"));
+ }
+ }
+
+ protected static final String SERVER_HOST = "localhost";
+ protected static final String REALM = "EXAMPLE.COM";
+ protected static final String SERVER_PRINCIPAL = "sentry/" + SERVER_HOST;
+ protected static final String SERVER_KERBEROS_NAME = "sentry/" + SERVER_HOST + "@" + REALM;
+ protected static final String CLIENT_PRINCIPAL = "hive/" + SERVER_HOST;
+ protected static final String CLIENT_KERBEROS_NAME = "hive/" + SERVER_HOST + "@" + REALM;
+
+ protected SentryService server;
+ protected SentryPolicyServiceClient client;
+ protected MiniKdc kdc;
+ protected File kdcWorkDir;
+ protected File serverKeytab;
+ protected File clientKeytab;
+ protected Subject clientSubject;
+ protected LoginContext clientLoginContext;
+ protected final Configuration conf = new Configuration(false);
+
+ @Before
+ public void setup() throws Exception {
+ beforeSetup();
+ setupConf();
+ startSentryService();
+ connectToSentryService();
+ afterSetup();
+ }
+
+ public void startSentryService() throws Exception {
+ server.start();
+ final long start = System.currentTimeMillis();
+ while(!server.isRunning()) {
+ Thread.sleep(1000);
+ if(System.currentTimeMillis() - start > 60000L) {
+ throw new TimeoutException("Server did not start after 60 seconds");
+ }
+ }
+ }
+
+ public void setupConf() throws Exception {
+ kdc = getKdc();
+ kdcWorkDir = getWorkDir();
+ serverKeytab = new File(kdcWorkDir, "server.keytab");
+ clientKeytab = new File(kdcWorkDir, "client.keytab");
+ kdc.createPrincipal(serverKeytab, SERVER_PRINCIPAL);
+ kdc.createPrincipal(clientKeytab, CLIENT_PRINCIPAL);
+
+ conf.set(ServerConfig.PRINCIPAL, SERVER_KERBEROS_NAME);
+ conf.set(ServerConfig.KEY_TAB, serverKeytab.getPath());
+ conf.set(ServerConfig.RPC_ADDRESS, SERVER_HOST);
+ conf.set(ServerConfig.RPC_PORT, String.valueOf(0));
+ conf.set(ServerConfig.ALLOW_CONNECT, CLIENT_KERBEROS_NAME);
+ server = new SentryServiceFactory().create(conf);
+ conf.set(ClientConfig.SERVER_RPC_ADDRESS, server.getAddress().getHostString());
+ conf.set(ClientConfig.SERVER_RPC_PORT, String.valueOf(server.getAddress().getPort()));
+ }
+
+ public void connectToSentryService() throws Exception {
+ // The client should already be logged in when running in hive/impala/solr
+ // therefore we must manually login in the integration tests
+ clientSubject = new Subject(false, Sets.newHashSet(
+ new KerberosPrincipal(CLIENT_KERBEROS_NAME)), new HashSet<Object>(),
+ new HashSet<Object>());
+ clientLoginContext = new LoginContext("", clientSubject, null,
+ KerberosConfiguration.createClientConfig(CLIENT_KERBEROS_NAME, clientKeytab));
+ clientLoginContext.login();
+ clientSubject = clientLoginContext.getSubject();
+ client = Subject.doAs(clientSubject, new PrivilegedExceptionAction<SentryPolicyServiceClient>() {
+ @Override
+ public SentryPolicyServiceClient run() throws Exception {
+ return new SentryServiceClientFactory().create(conf);
+ }
+ });
+ }
+
+ @After
+ public void tearDown() throws Exception {
+ beforeTeardown();
+ if(client != null) {
+ client.close();
+ }
+ if(clientLoginContext != null) {
+ try {
+ clientLoginContext.logout();
+ } catch (Exception e) {
+ LOGGER.warn("Error logging client out", e);
+ }
+ }
+ if(server != null) {
+ server.stop();
+ }
+ afterTeardown();
+ }
+
+ public void beforeSetup() throws Exception {
+
+ }
+ public void afterSetup() throws Exception {
+
+ }
+ public void beforeTeardown() throws Exception {
+
+ }
+ public void afterTeardown() throws Exception {
+
+ }
+ protected static void assertOK(TSentryResponseStatus resp) {
+ assertStatus(Status.OK, resp);
+ }
+
+ protected static void assertStatus(Status status, TSentryResponseStatus resp) {
+ if (resp.getValue() != status.getCode()) {
+ String message = "Expected: " + status + ", Response: " + Status.fromCode(resp.getValue())
+ + ", Code: " + resp.getValue() + ", Message: " + resp.getMessage();
+ String stackTrace = Strings.nullToEmpty(resp.getStack()).trim();
+ if (!stackTrace.isEmpty()) {
+ message += ", StackTrace: " + stackTrace;
+ }
+ Assert.fail(message);
+ }
+ }
+}
http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/644e8be3/sentry-provider/sentry-provider-db/src/test/resources/log4j.properties
----------------------------------------------------------------------
diff --git a/sentry-provider/sentry-provider-db/src/test/resources/log4j.properties b/sentry-provider/sentry-provider-db/src/test/resources/log4j.properties
new file mode 100644
index 0000000..9766758
--- /dev/null
+++ b/sentry-provider/sentry-provider-db/src/test/resources/log4j.properties
@@ -0,0 +1,34 @@
+#
+# Licensed to the Apache Software Foundation (ASF) under one
+# or more contributor license agreements. See the NOTICE file
+# distributed with this work for additional information
+# regarding copyright ownership. The ASF licenses this file
+# to you under the Apache License, Version 2.0 (the
+# "License"); you may not use this file except in compliance
+# with the License. You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing,
+# software distributed under the License is distributed on an
+# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+# KIND, either express or implied. See the License for the
+# specific language governing permissions and limitations
+# under the License.
+#
+
+# Define some default values that can be overridden by system properties.
+#
+# For testing, it may also be convenient to specify
+
+log4j.rootLogger=DEBUG,console
+
+log4j.appender.console=org.apache.log4j.ConsoleAppender
+log4j.appender.console.target=System.err
+log4j.appender.console.layout=org.apache.log4j.PatternLayout
+log4j.appender.console.layout.ConversionPattern=%d (%t) [%p - %l] %m%n
+
+log4j.logger.org.apache.hadoop.conf.Configuration=INFO
+log4j.logger.org.apache.hadoop.metrics2=INFO
+log4j.logger.org.apache.directory=INFO
+log4j.logger.org.apache.directory.api.ldap.model.entry.AbstractValue=WARN
http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/644e8be3/sentry-provider/sentry-provider-file/src/main/java/org/apache/sentry/provider/file/HadoopGroupMappingService.java
----------------------------------------------------------------------
diff --git a/sentry-provider/sentry-provider-file/src/main/java/org/apache/sentry/provider/file/HadoopGroupMappingService.java b/sentry-provider/sentry-provider-file/src/main/java/org/apache/sentry/provider/file/HadoopGroupMappingService.java
index 4db465d..f2bb39c 100644
--- a/sentry-provider/sentry-provider-file/src/main/java/org/apache/sentry/provider/file/HadoopGroupMappingService.java
+++ b/sentry-provider/sentry-provider-file/src/main/java/org/apache/sentry/provider/file/HadoopGroupMappingService.java
@@ -18,7 +18,8 @@ package org.apache.sentry.provider.file;
import java.io.IOException;
import java.util.Collections;
-import java.util.List;
+import java.util.HashSet;
+import java.util.Set;
import org.apache.hadoop.security.Groups;
import org.apache.sentry.provider.common.GroupMappingService;
@@ -36,12 +37,12 @@ public class HadoopGroupMappingService implements GroupMappingService {
}
@Override
- public List<String> getGroups(String user) {
+ public Set<String> getGroups(String user) {
try {
- return groups.getGroups(user);
+ return new HashSet<String>(groups.getGroups(user));
} catch (IOException e) {
LOGGER.warn("Unable to obtain groups for " + user, e);
}
- return Collections.emptyList();
+ return Collections.emptySet();
}
}
http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/644e8be3/sentry-provider/sentry-provider-file/src/main/java/org/apache/sentry/provider/file/HadoopGroupResourceAuthorizationProvider.java
----------------------------------------------------------------------
diff --git a/sentry-provider/sentry-provider-file/src/main/java/org/apache/sentry/provider/file/HadoopGroupResourceAuthorizationProvider.java b/sentry-provider/sentry-provider-file/src/main/java/org/apache/sentry/provider/file/HadoopGroupResourceAuthorizationProvider.java
index ff3adf1..b2e4196 100644
--- a/sentry-provider/sentry-provider-file/src/main/java/org/apache/sentry/provider/file/HadoopGroupResourceAuthorizationProvider.java
+++ b/sentry-provider/sentry-provider-file/src/main/java/org/apache/sentry/provider/file/HadoopGroupResourceAuthorizationProvider.java
@@ -21,11 +21,8 @@ import java.io.IOException;
import org.apache.hadoop.conf.Configuration;
import org.apache.hadoop.security.Groups;
-import org.apache.sentry.policy.common.RoleValidator;
import org.apache.sentry.policy.common.PolicyEngine;
import org.apache.sentry.provider.common.GroupMappingService;
-import org.apache.sentry.provider.file.HadoopGroupMappingService;
-import org.apache.sentry.provider.file.ResourceAuthorizationProvider;
import com.google.common.annotations.VisibleForTesting;
http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/644e8be3/sentry-provider/sentry-provider-file/src/main/java/org/apache/sentry/provider/file/LocalGroupMappingService.java
----------------------------------------------------------------------
diff --git a/sentry-provider/sentry-provider-file/src/main/java/org/apache/sentry/provider/file/LocalGroupMappingService.java b/sentry-provider/sentry-provider-file/src/main/java/org/apache/sentry/provider/file/LocalGroupMappingService.java
index c399117..a4d9cba 100644
--- a/sentry-provider/sentry-provider-file/src/main/java/org/apache/sentry/provider/file/LocalGroupMappingService.java
+++ b/sentry-provider/sentry-provider-file/src/main/java/org/apache/sentry/provider/file/LocalGroupMappingService.java
@@ -20,9 +20,9 @@ package org.apache.sentry.provider.file;
import java.io.IOException;
import java.util.Collections;
import java.util.HashMap;
-import java.util.List;
import java.util.Map;
import java.util.Map.Entry;
+import java.util.Set;
import org.apache.hadoop.conf.Configuration;
import org.apache.hadoop.fs.FileSystem;
@@ -35,7 +35,7 @@ import org.slf4j.LoggerFactory;
import com.google.common.annotations.VisibleForTesting;
import com.google.common.base.Strings;
-import com.google.common.collect.Lists;
+import com.google.common.collect.Sets;
/**
* Mapping users to groups
@@ -62,8 +62,8 @@ public class LocalGroupMappingService implements GroupMappingService {
private static final Logger LOGGER = LoggerFactory
.getLogger(LocalGroupMappingService.class);
- private final Map <String, List<String>> groupMap =
- new HashMap <String, List<String>> ();
+ private final Map <String, Set<String>> groupMap =
+ new HashMap <String, Set<String>> ();
public LocalGroupMappingService(Path resourcePath) throws IOException {
this(new Configuration(), resourcePath);
@@ -75,11 +75,11 @@ public class LocalGroupMappingService implements GroupMappingService {
}
@Override
- public List<String> getGroups(String user) {
+ public Set<String> getGroups(String user) {
if (groupMap.containsKey(user)) {
return groupMap.get(user);
} else {
- return Collections.emptyList();
+ return Collections.emptySet();
}
}
@@ -102,7 +102,7 @@ public class LocalGroupMappingService implements GroupMappingService {
" in the " + resourcePath);
continue;
}
- List<String> groupList = Lists.newArrayList(
+ Set<String> groupList = Sets.newHashSet(
PolicyFileConstants.ROLE_SPLITTER.trimResults().split(groupNames));
LOGGER.debug("Got user mapping: " + userName + ", Groups: " + groupNames);
groupMap.put(userName, groupList);
http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/644e8be3/sentry-provider/sentry-provider-file/src/main/java/org/apache/sentry/provider/file/LocalGroupResourceAuthorizationProvider.java
----------------------------------------------------------------------
diff --git a/sentry-provider/sentry-provider-file/src/main/java/org/apache/sentry/provider/file/LocalGroupResourceAuthorizationProvider.java b/sentry-provider/sentry-provider-file/src/main/java/org/apache/sentry/provider/file/LocalGroupResourceAuthorizationProvider.java
index 374e989..e8293f6 100644
--- a/sentry-provider/sentry-provider-file/src/main/java/org/apache/sentry/provider/file/LocalGroupResourceAuthorizationProvider.java
+++ b/sentry-provider/sentry-provider-file/src/main/java/org/apache/sentry/provider/file/LocalGroupResourceAuthorizationProvider.java
@@ -17,12 +17,10 @@
package org.apache.sentry.provider.file;
-import org.apache.sentry.policy.common.PolicyEngine;
-import org.apache.sentry.provider.file.LocalGroupMappingService;
-import org.apache.sentry.provider.file.ResourceAuthorizationProvider;
import java.io.IOException;
import org.apache.hadoop.fs.Path;
+import org.apache.sentry.policy.common.PolicyEngine;
public class LocalGroupResourceAuthorizationProvider extends
http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/644e8be3/sentry-provider/sentry-provider-file/src/main/java/org/apache/sentry/provider/file/PolicyFile.java
----------------------------------------------------------------------
diff --git a/sentry-provider/sentry-provider-file/src/main/java/org/apache/sentry/provider/file/PolicyFile.java b/sentry-provider/sentry-provider-file/src/main/java/org/apache/sentry/provider/file/PolicyFile.java
index bed3202..0189f85 100644
--- a/sentry-provider/sentry-provider-file/src/main/java/org/apache/sentry/provider/file/PolicyFile.java
+++ b/sentry-provider/sentry-provider-file/src/main/java/org/apache/sentry/provider/file/PolicyFile.java
@@ -17,27 +17,29 @@
package org.apache.sentry.provider.file;
+import static org.apache.sentry.provider.file.PolicyFileConstants.DATABASES;
+import static org.apache.sentry.provider.file.PolicyFileConstants.GROUPS;
+import static org.apache.sentry.provider.file.PolicyFileConstants.ROLES;
+import static org.apache.sentry.provider.file.PolicyFileConstants.USERS;
+
import java.io.File;
-import java.io.IOException;
import java.util.Collection;
import java.util.List;
import java.util.Map;
-import com.google.common.base.Preconditions;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import com.google.common.annotations.VisibleForTesting;
import com.google.common.base.Charsets;
import com.google.common.base.Joiner;
+import com.google.common.base.Preconditions;
import com.google.common.collect.ArrayListMultimap;
import com.google.common.collect.Lists;
import com.google.common.collect.Maps;
import com.google.common.collect.Multimap;
import com.google.common.io.Files;
-import static org.apache.sentry.provider.file.PolicyFileConstants.*;
-
/**
* PolicyFile creator. Written specifically to be used with tests. Specifically
* due to the fact that methods that would typically return true or false to
http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/644e8be3/sentry-provider/sentry-provider-file/src/main/java/org/apache/sentry/provider/file/PolicyFiles.java
----------------------------------------------------------------------
diff --git a/sentry-provider/sentry-provider-file/src/main/java/org/apache/sentry/provider/file/PolicyFiles.java b/sentry-provider/sentry-provider-file/src/main/java/org/apache/sentry/provider/file/PolicyFiles.java
index 295ce78..a908ec3 100644
--- a/sentry-provider/sentry-provider-file/src/main/java/org/apache/sentry/provider/file/PolicyFiles.java
+++ b/sentry-provider/sentry-provider-file/src/main/java/org/apache/sentry/provider/file/PolicyFiles.java
@@ -63,7 +63,7 @@ public class PolicyFiles {
throws IOException {
InputStream input = new FileInputStream(inputFile.getPath());
FSDataOutputStream out = fs.create(new Path(dest, inputFile.getName()));
- long bytes = ByteStreams.copy(input, out);
+ ByteStreams.copy(input, out);
input.close();
out.hflush();
out.close();
http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/644e8be3/sentry-provider/sentry-provider-file/src/main/java/org/apache/sentry/provider/file/ResourceAuthorizationProvider.java
----------------------------------------------------------------------
diff --git a/sentry-provider/sentry-provider-file/src/main/java/org/apache/sentry/provider/file/ResourceAuthorizationProvider.java b/sentry-provider/sentry-provider-file/src/main/java/org/apache/sentry/provider/file/ResourceAuthorizationProvider.java
index 0743604..448d7c1 100644
--- a/sentry-provider/sentry-provider-file/src/main/java/org/apache/sentry/provider/file/ResourceAuthorizationProvider.java
+++ b/sentry-provider/sentry-provider-file/src/main/java/org/apache/sentry/provider/file/ResourceAuthorizationProvider.java
@@ -21,40 +21,47 @@ import static org.apache.sentry.provider.file.PolicyFileConstants.KV_JOINER;
import static org.apache.sentry.provider.file.PolicyFileConstants.PRIVILEGE_NAME;
import java.util.ArrayList;
-import java.util.EnumSet;
+import java.util.HashSet;
import java.util.List;
import java.util.Set;
import org.apache.sentry.core.common.Action;
+import org.apache.sentry.core.common.ActiveRoleSet;
import org.apache.sentry.core.common.Authorizable;
import org.apache.sentry.core.common.SentryConfigurationException;
import org.apache.sentry.core.common.Subject;
-import org.apache.sentry.policy.common.PermissionFactory;
+import org.apache.sentry.policy.common.Privilege;
+import org.apache.sentry.policy.common.PrivilegeFactory;
import org.apache.sentry.policy.common.PolicyEngine;
import org.apache.sentry.provider.common.AuthorizationProvider;
import org.apache.sentry.provider.common.GroupMappingService;
-import org.apache.shiro.authz.Permission;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import com.google.common.base.Function;
import com.google.common.base.Preconditions;
import com.google.common.collect.Iterables;
-import com.google.common.collect.Lists;
+import com.google.common.collect.Sets;
public abstract class ResourceAuthorizationProvider implements AuthorizationProvider {
private static final Logger LOGGER = LoggerFactory
.getLogger(ResourceAuthorizationProvider.class);
private final GroupMappingService groupService;
private final PolicyEngine policy;
- private final PermissionFactory permissionFactory;
- private final List<String> lastFailedPermissions = new ArrayList<String>();
+ private final PrivilegeFactory privilegeFactory;
+ private final ThreadLocal<List<String>> lastFailedPrivileges;
public ResourceAuthorizationProvider(PolicyEngine policy,
GroupMappingService groupService) {
this.policy = policy;
this.groupService = groupService;
- this.permissionFactory = policy.getPermissionFactory();
+ this.privilegeFactory = policy.getPrivilegeFactory();
+ this.lastFailedPrivileges = new ThreadLocal<List<String>>() {
+ @Override
+ protected List<String> initialValue() {
+ return new ArrayList<String>();
+ }
+ };
}
/***
@@ -68,7 +75,7 @@ public abstract class ResourceAuthorizationProvider implements AuthorizationProv
*/
@Override
public boolean hasAccess(Subject subject, List<? extends Authorizable> authorizableHierarchy,
- Set<? extends Action> actions) {
+ Set<? extends Action> actions, ActiveRoleSet roleSet) {
if(LOGGER.isDebugEnabled()) {
LOGGER.debug("Authorization Request for " + subject + " " +
authorizableHierarchy + " and " + actions);
@@ -78,45 +85,47 @@ public abstract class ResourceAuthorizationProvider implements AuthorizationProv
Preconditions.checkArgument(!authorizableHierarchy.isEmpty(), "Authorizable cannot be empty");
Preconditions.checkNotNull(actions, "Actions cannot be null");
Preconditions.checkArgument(!actions.isEmpty(), "Actions cannot be empty");
- return doHasAccess(subject, authorizableHierarchy, actions);
+ Preconditions.checkNotNull(roleSet, "ActiveRoleSet cannot be null");
+ return doHasAccess(subject, authorizableHierarchy, actions, roleSet);
}
private boolean doHasAccess(Subject subject,
- List<? extends Authorizable> authorizables, Set<? extends Action> actions) {
- List<String> groups = getGroups(subject);
- List<String> hierarchy = new ArrayList<String>();
+ List<? extends Authorizable> authorizables, Set<? extends Action> actions,
+ ActiveRoleSet roleSet) {
+ Set<String> groups = getGroups(subject);
+ Set<String> hierarchy = new HashSet<String>();
for (Authorizable authorizable : authorizables) {
hierarchy.add(KV_JOINER.join(authorizable.getTypeName(), authorizable.getName()));
}
- Iterable<Permission> permissions = getPermissions(authorizables, groups);
- List<String> requestPermissions = buildPermissions(authorizables, actions);
- lastFailedPermissions.clear();
+ Iterable<Privilege> privileges = getPrivileges(groups, roleSet);
+ List<String> requestPrivileges = buildPermissions(authorizables, actions);
+ lastFailedPrivileges.get().clear();
- for (String requestPermission : requestPermissions) {
- for (Permission permission : permissions) {
+ for (String requestPrivilege : requestPrivileges) {
+ for (Privilege permission : privileges) {
/*
* Does the permission granted in the policy file imply the requested action?
*/
- boolean result = permission.implies(permissionFactory.createPermission(requestPermission));
+ boolean result = permission.implies(privilegeFactory.createPrivilege(requestPrivilege));
if(LOGGER.isDebugEnabled()) {
- LOGGER.debug("FilePermission {}, RequestPermission {}, result {}",
- new Object[]{ permission, requestPermission, result});
+ LOGGER.debug("ProviderPrivilege {}, RequestPrivilege {}, RoleSet, {}, Result {}",
+ new Object[]{ permission, requestPrivilege, roleSet, result});
}
if (result) {
return true;
}
}
}
- lastFailedPermissions.addAll(requestPermissions);
+ lastFailedPrivileges.get().addAll(requestPrivileges);
return false;
}
- private Iterable<Permission> getPermissions(List<? extends Authorizable> authorizables, List<String> groups) {
- return Iterables.transform(policy.getPermissions(authorizables, groups).values(),
- new Function<String, Permission>() {
+ private Iterable<Privilege> getPrivileges(Set<String> groups, ActiveRoleSet roleSet) {
+ return Iterables.transform(policy.getPrivileges(groups, roleSet),
+ new Function<String, Privilege>() {
@Override
- public Permission apply(String permission) {
- return permissionFactory.createPermission(permission);
+ public Privilege apply(String privilege) {
+ return privilegeFactory.createPrivilege(privilege);
}
});
}
@@ -126,7 +135,7 @@ public abstract class ResourceAuthorizationProvider implements AuthorizationProv
return groupService;
}
- private List<String> getGroups(Subject subject) {
+ private Set<String> getGroups(Subject subject) {
return groupService.getGroups(subject.getName());
}
@@ -136,18 +145,18 @@ public abstract class ResourceAuthorizationProvider implements AuthorizationProv
}
@Override
- public Set<String> listPermissionsForSubject(Subject subject) throws SentryConfigurationException {
- return policy.listPermissions(getGroups(subject));
+ public Set<String> listPrivilegesForSubject(Subject subject) throws SentryConfigurationException {
+ return policy.getPrivileges(getGroups(subject), ActiveRoleSet.ALL);
}
@Override
- public Set<String> listPermissionsForGroup(String groupName) throws SentryConfigurationException {
- return policy.listPermissions(groupName);
+ public Set<String> listPrivilegesForGroup(String groupName) throws SentryConfigurationException {
+ return policy.getPrivileges(Sets.newHashSet(groupName), ActiveRoleSet.ALL);
}
@Override
- public List<String> getLastFailedPermissions() {
- return lastFailedPermissions;
+ public List<String> getLastFailedPrivileges() {
+ return lastFailedPrivileges.get();
}
private List<String> buildPermissions(List<? extends Authorizable> authorizables,
@@ -167,5 +176,4 @@ public abstract class ResourceAuthorizationProvider implements AuthorizationProv
}
return requestedPermissions;
}
-
}
http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/644e8be3/sentry-provider/sentry-provider-file/src/main/java/org/apache/sentry/provider/file/SimpleFileProviderBackend.java
----------------------------------------------------------------------
diff --git a/sentry-provider/sentry-provider-file/src/main/java/org/apache/sentry/provider/file/SimpleFileProviderBackend.java b/sentry-provider/sentry-provider-file/src/main/java/org/apache/sentry/provider/file/SimpleFileProviderBackend.java
index 9eabb53..89a2d31 100644
--- a/sentry-provider/sentry-provider-file/src/main/java/org/apache/sentry/provider/file/SimpleFileProviderBackend.java
+++ b/sentry-provider/sentry-provider-file/src/main/java/org/apache/sentry/provider/file/SimpleFileProviderBackend.java
@@ -22,11 +22,9 @@ import static org.apache.sentry.provider.file.PolicyFileConstants.ROLES;
import static org.apache.sentry.provider.file.PolicyFileConstants.ROLE_SPLITTER;
import static org.apache.sentry.provider.file.PolicyFileConstants.USERS;
-import java.io.FileNotFoundException;
import java.io.IOException;
import java.net.URI;
-import java.util.ArrayList;
-import java.util.Collection;
+import java.util.HashSet;
import java.util.List;
import java.util.Map;
import java.util.Set;
@@ -36,74 +34,157 @@ import javax.annotation.Nullable;
import org.apache.hadoop.conf.Configuration;
import org.apache.hadoop.fs.FileSystem;
import org.apache.hadoop.fs.Path;
-import org.apache.sentry.core.common.Authorizable;
+import org.apache.sentry.core.common.ActiveRoleSet;
import org.apache.sentry.core.common.SentryConfigurationException;
-import org.apache.sentry.policy.common.RoleValidator;
+import org.apache.sentry.policy.common.PrivilegeUtils;
+import org.apache.sentry.policy.common.PrivilegeValidator;
+import org.apache.sentry.policy.common.PrivilegeValidatorContext;
import org.apache.sentry.provider.common.ProviderBackend;
-import org.apache.sentry.provider.common.Roles;
-import org.apache.shiro.config.ConfigurationException;
+import org.apache.sentry.provider.common.ProviderBackendContext;
import org.apache.shiro.config.Ini;
-import org.apache.shiro.util.PermissionUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
-import com.google.common.annotations.VisibleForTesting;
import com.google.common.base.Splitter;
import com.google.common.base.Strings;
+import com.google.common.collect.HashBasedTable;
import com.google.common.collect.HashMultimap;
-import com.google.common.collect.ImmutableMap;
+import com.google.common.collect.ImmutableList;
import com.google.common.collect.ImmutableSet;
-import com.google.common.collect.ImmutableSetMultimap;
+import com.google.common.collect.Interner;
+import com.google.common.collect.Interners;
import com.google.common.collect.Lists;
-import com.google.common.collect.Maps;
import com.google.common.collect.Multimap;
import com.google.common.collect.Sets;
+import com.google.common.collect.Table;
+import com.google.common.collect.Table.Cell;
public class SimpleFileProviderBackend implements ProviderBackend {
private static final Logger LOGGER = LoggerFactory
.getLogger(SimpleFileProviderBackend.class);
-
-
private final FileSystem fileSystem;
private final Path resourcePath;
- private final List<Path> perDbResources = Lists.newArrayList();
- private Roles rolesStorage;
private final Configuration conf;
- private boolean processed;
- private final List<String> configErrors = new ArrayList<String>();
- private final List<String> configWarnings = new ArrayList<String>();
+ private final List<String> configErrors;
+ private final List<String> configWarnings;
+
+ /**
+ * Sparse table where group is the row key and role is the cell.
+ * The value is the set of privileges located in the cell. For example,
+ * the following table would be generated for a policy where Group 1
+ * has Role 1 and Role 2 while Group 2 has only Role 2.
+ * <table border="1">
+ * <tbody>
+ * <tr>
+ * <td><!-- empty --></td>
+ * <td>Role 1</td>
+ * <td>Role 2</td>
+ * </tr>
+ * <tr>
+ * <td>Group 1</td>
+ * <td>Priv 1</td>
+ * <td>Priv 2, Priv 3</td>
+ * </tr>
+ * <tr>
+ * <td>Group 2</td>
+ * <td><!-- empty --></td>
+ * <td>Priv 2, Priv 3</td>
+ * </tr>
+ * </tbody>
+ * </table>
+ */
+ private final Table<String, String, Set<String>> groupRolePrivilegeTable;
+ /**
+ * Each group, role, and privilege in groupRolePrivilegeTable is
+ * interned using a weak interner so that we only store each string
+ * once.
+ */
+ private final Interner<String> stringInterner;
+
+ private ImmutableList<PrivilegeValidator> validators;
+ private boolean allowPerDatabaseSection;
+ private volatile boolean initialized;
public SimpleFileProviderBackend(String resourcePath) throws IOException {
- this(new Configuration(), resourcePath);
+ this(new Configuration(), new Path(resourcePath));
}
public SimpleFileProviderBackend(Configuration conf, String resourcePath) throws IOException {
this(conf, new Path(resourcePath));
}
- @VisibleForTesting
public SimpleFileProviderBackend(Configuration conf, Path resourcePath) throws IOException {
this.resourcePath = resourcePath;
this.fileSystem = resourcePath.getFileSystem(conf);
- this.rolesStorage = new Roles();
+ this.groupRolePrivilegeTable = HashBasedTable.create();
this.conf = conf;
- this.processed = false;
+ this.configErrors = Lists.newArrayList();
+ this.configWarnings = Lists.newArrayList();
+ this.validators = ImmutableList.of();
+ this.allowPerDatabaseSection = true;
+ this.initialized = false;
+ this.stringInterner = Interners.newWeakInterner();
+ }
+
+ /**
+ * {@inheritDoc}
+ */
+ @Override
+ public void initialize(ProviderBackendContext context) {
+ if (initialized) {
+ throw new IllegalStateException("Backend has already been initialized, cannot be initialized twice");
+ }
+ this.validators = context.getValidators();
+ this.allowPerDatabaseSection = context.isAllowPerDatabase();
+ parse();
+ this.initialized = true;
}
/**
* {@inheritDoc}
*/
- public void process(List<? extends RoleValidator> validators) {
+ @Override
+ public ImmutableSet<String> getPrivileges(Set<String> groups, ActiveRoleSet roleSet) {
+ if (!initialized) {
+ throw new IllegalStateException("Backend has not been properly initialized");
+ }
+ ImmutableSet.Builder<String> resultBuilder = ImmutableSet.builder();
+ for (String groupName : groups) {
+ for (Map.Entry<String, Set<String>> row : groupRolePrivilegeTable.row(groupName)
+ .entrySet()) {
+ if (roleSet.containsRole(row.getKey())) {
+ resultBuilder.addAll(row.getValue());
+ }
+ }
+ }
+ return resultBuilder.build();
+ }
+
+ @Override
+ public void validatePolicy(boolean strictValidation) throws SentryConfigurationException {
+ if (!initialized) {
+ throw new IllegalStateException("Backend has not been properly initialized");
+ }
+ List<String> localConfigErrors = Lists.newArrayList(configErrors);
+ List<String> localConfigWarnings = Lists.newArrayList(configWarnings);
+ if ((strictValidation && !localConfigWarnings.isEmpty()) || !localConfigErrors.isEmpty()) {
+ localConfigErrors.add("Failed to process global policy file " + resourcePath);
+ SentryConfigurationException e = new SentryConfigurationException("");
+ e.setConfigErrors(localConfigErrors);
+ e.setConfigWarnings(localConfigWarnings);
+ throw e;
+ }
+ }
+
+ private void parse() {
configErrors.clear();
- perDbResources.clear();
+ configWarnings.clear();
+ Table<String, String, Set<String>> groupRolePrivilegeTableTemp = HashBasedTable.create();
Ini ini;
-
LOGGER.info("Parsing " + resourcePath);
- Roles roles = new Roles();
try {
- perDbResources.clear();
try {
ini = PolicyFiles.loadFromPath(fileSystem, resourcePath);
} catch (IOException e) {
@@ -126,12 +207,15 @@ public class SimpleFileProviderBackend implements ProviderBackend {
}
}
}
- ImmutableSetMultimap<String, String> globalRoles;
- Map<String, ImmutableSetMultimap<String, String>> perDatabaseRoles = Maps.newHashMap();
- globalRoles = parseIni(null, ini, validators, resourcePath);
+ parseIni(null, ini, validators, resourcePath, groupRolePrivilegeTableTemp);
+ mergeResult(groupRolePrivilegeTableTemp);
+ groupRolePrivilegeTableTemp.clear();
Ini.Section filesSection = ini.getSection(DATABASES);
if(filesSection == null) {
LOGGER.info("Section " + DATABASES + " needs no further processing");
+ } else if (!allowPerDatabaseSection) {
+ String msg = "Per-db policy file is not expected in this configuration.";
+ throw new SentryConfigurationException(msg);
} else {
for(Map.Entry<String, String> entry : filesSection.entrySet()) {
String database = Strings.nullToEmpty(entry.getKey()).trim().toLowerCase();
@@ -144,16 +228,14 @@ public class SimpleFileProviderBackend implements ProviderBackend {
Ini perDbIni = PolicyFiles.loadFromPath(perDbPolicy.getFileSystem(conf), perDbPolicy);
if(perDbIni.containsKey(USERS)) {
configErrors.add("Per-db policy file cannot contain " + USERS + " section in " + perDbPolicy);
- throw new ConfigurationException("Per-db policy files cannot contain " + USERS + " section");
+ throw new SentryConfigurationException("Per-db policy files cannot contain " + USERS + " section");
}
if(perDbIni.containsKey(DATABASES)) {
configErrors.add("Per-db policy files cannot contain " + DATABASES
+ " section in " + perDbPolicy);
- throw new ConfigurationException("Per-db policy files cannot contain " + DATABASES + " section");
+ throw new SentryConfigurationException("Per-db policy files cannot contain " + DATABASES + " section");
}
- ImmutableSetMultimap<String, String> currentDbRoles = parseIni(database, perDbIni, validators, perDbPolicy);
- perDatabaseRoles.put(database, currentDbRoles);
- perDbResources.add(perDbPolicy);
+ parseIni(database, perDbIni, validators, perDbPolicy, groupRolePrivilegeTableTemp);
} catch (Exception e) {
configErrors.add("Failed to read per-DB policy file " + perDbPolicy +
" Error: " + e.getMessage());
@@ -161,14 +243,14 @@ public class SimpleFileProviderBackend implements ProviderBackend {
}
}
}
- roles = new Roles(globalRoles, ImmutableMap.copyOf(perDatabaseRoles));
+ mergeResult(groupRolePrivilegeTableTemp);
+ groupRolePrivilegeTableTemp.clear();
} catch (Exception e) {
configErrors.add("Error processing file " + resourcePath + e.getMessage());
LOGGER.error("Error processing file, ignoring " + resourcePath, e);
}
- rolesStorage = roles;
- this.processed = true;
}
+
/**
* Relative for our purposes is no scheme, no authority
* and a non-absolute path portion.
@@ -178,22 +260,22 @@ public class SimpleFileProviderBackend implements ProviderBackend {
return uri.getAuthority() == null && uri.getScheme() == null && !path.isUriPathAbsolute();
}
- protected long getModificationTime() throws IOException {
- // if resource path has been deleted, throw all exceptions
- long result = fileSystem.getFileStatus(resourcePath).getModificationTime();
- for(Path perDbPolicy : perDbResources) {
- try {
- result = Math.max(result, fileSystem.getFileStatus(perDbPolicy).getModificationTime());
- } catch (FileNotFoundException e) {
- // if a per-db file has been deleted, wait until the main
- // policy file has been updated before refreshing
+ private void mergeResult(Table<String, String, Set<String>> groupRolePrivilegeTableTemp) {
+ for (Cell<String, String, Set<String>> cell : groupRolePrivilegeTableTemp.cellSet()) {
+ String groupName = cell.getRowKey();
+ String roleName = cell.getColumnKey();
+ Set<String> privileges = groupRolePrivilegeTable.get(groupName, roleName);
+ if (privileges == null) {
+ privileges = new HashSet<>();
+ groupRolePrivilegeTable.put(groupName, roleName, privileges);
}
+ privileges.addAll(cell.getValue());
}
- return result;
}
- private ImmutableSetMultimap<String, String> parseIni(String database, Ini ini, List<? extends RoleValidator> validators,
- Path policyPath) {
+ private void parseIni(String database, Ini ini,
+ List<? extends PrivilegeValidator> validators, Path policyPath,
+ Table<String, String, Set<String>> groupRolePrivilegeTable) {
Ini.Section privilegesSection = ini.getSection(ROLES);
boolean invalidConfiguration = false;
if (privilegesSection == null) {
@@ -210,19 +292,18 @@ public class SimpleFileProviderBackend implements ProviderBackend {
invalidConfiguration = true;
}
if (!invalidConfiguration) {
- return parsePermissions(database, privilegesSection, groupsSection, validators, policyPath);
+ parsePrivileges(database, privilegesSection, groupsSection, validators, policyPath,
+ groupRolePrivilegeTable);
}
- return ImmutableSetMultimap.of();
}
- private ImmutableSetMultimap<String, String> parsePermissions(@Nullable String database,
- Ini.Section rolesSection, Ini.Section groupsSection, List<? extends RoleValidator> validators,
- Path policyPath) {
- ImmutableSetMultimap.Builder<String, String> resultBuilder = ImmutableSetMultimap.builder();
+ private void parsePrivileges(@Nullable String database, Ini.Section rolesSection,
+ Ini.Section groupsSection, List<? extends PrivilegeValidator> validators, Path policyPath,
+ Table<String, String, Set<String>> groupRolePrivilegeTable) {
Multimap<String, String> roleNameToPrivilegeMap = HashMultimap
.create();
for (Map.Entry<String, String> entry : rolesSection.entrySet()) {
- String roleName = Strings.nullToEmpty(entry.getKey()).trim();
+ String roleName = stringInterner.intern(Strings.nullToEmpty(entry.getKey()).trim());
String roleValue = Strings.nullToEmpty(entry.getValue()).trim();
boolean invalidConfiguration = false;
if (roleName.isEmpty()) {
@@ -242,26 +323,31 @@ public class SimpleFileProviderBackend implements ProviderBackend {
LOGGER.warn(warnMsg);
configWarnings.add(warnMsg);
}
- Set<String> roles = PermissionUtils
- .toPermissionStrings(roleValue);
- if (!invalidConfiguration && roles != null) {
- for(String role : roles) {
- for(RoleValidator validator : validators) {
- validator.validate(database, role.trim());
+ Set<String> privileges = PrivilegeUtils.toPrivilegeStrings(roleValue);
+ if (!invalidConfiguration && privileges != null) {
+ Set<String> internedPrivileges = Sets.newHashSet();
+ for(String privilege : privileges) {
+ for(PrivilegeValidator validator : validators) {
+ validator.validate(new PrivilegeValidatorContext(database, privilege.trim()));
}
+ internedPrivileges.add(stringInterner.intern(privilege));
}
- roleNameToPrivilegeMap.putAll(roleName, roles);
+ roleNameToPrivilegeMap.putAll(roleName, internedPrivileges);
}
}
Splitter roleSplitter = ROLE_SPLITTER.omitEmptyStrings().trimResults();
for (Map.Entry<String, String> entry : groupsSection.entrySet()) {
- String groupName = Strings.nullToEmpty(entry.getKey()).trim();
+ String groupName = stringInterner.intern(Strings.nullToEmpty(entry.getKey()).trim());
String groupPrivileges = Strings.nullToEmpty(entry.getValue()).trim();
- Collection<String> resolvedGroupPrivileges = Sets.newHashSet();
for (String roleName : roleSplitter.split(groupPrivileges)) {
+ roleName = stringInterner.intern(roleName);
if (roleNameToPrivilegeMap.containsKey(roleName)) {
- resolvedGroupPrivileges.addAll(roleNameToPrivilegeMap
- .get(roleName));
+ Set<String> privileges = groupRolePrivilegeTable.get(groupName, roleName);
+ if (privileges == null) {
+ privileges = new HashSet<>();
+ groupRolePrivilegeTable.put(groupName, roleName, privileges);
+ }
+ privileges.addAll(roleNameToPrivilegeMap.get(roleName));
} else {
String warnMsg = String.format("Role %s for group %s does not exist in privileges section in %s",
roleName, groupName, policyPath);
@@ -269,30 +355,6 @@ public class SimpleFileProviderBackend implements ProviderBackend {
configWarnings.add(warnMsg);
}
}
- resultBuilder.putAll(groupName, resolvedGroupPrivileges);
}
- return resultBuilder.build();
}
-
- /*
- * {@inheritDoc}
- */
- public Roles getRoles() {
- if (!processed) throw new UnsupportedOperationException("Process has not been called");
-
- return rolesStorage;
- }
-
- @Override
- public void validatePolicy(List<? extends RoleValidator> validators, boolean strictValidation)
- throws SentryConfigurationException {
- if ((strictValidation && !configWarnings.isEmpty()) || !configErrors.isEmpty()) {
- configErrors.add("Failed to process global policy file " + resourcePath);
- SentryConfigurationException e = new SentryConfigurationException("");
- e.setConfigErrors(configErrors);
- e.setConfigWarnings(configWarnings);
- throw e;
- }
- }
-
}
http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/644e8be3/sentry-provider/sentry-provider-file/src/test/java/org/apache/sentry/provider/file/TestGetGroupMapping.java
----------------------------------------------------------------------
diff --git a/sentry-provider/sentry-provider-file/src/test/java/org/apache/sentry/provider/file/TestGetGroupMapping.java b/sentry-provider/sentry-provider-file/src/test/java/org/apache/sentry/provider/file/TestGetGroupMapping.java
index a50bd24..d3127d7 100644
--- a/sentry-provider/sentry-provider-file/src/test/java/org/apache/sentry/provider/file/TestGetGroupMapping.java
+++ b/sentry-provider/sentry-provider-file/src/test/java/org/apache/sentry/provider/file/TestGetGroupMapping.java
@@ -16,21 +16,19 @@
*/
package org.apache.sentry.provider.file;
-import java.util.Arrays;
-import java.util.List;
+import static org.junit.Assert.assertSame;
+
+import java.util.Set;
-import org.apache.sentry.core.common.Authorizable;
import org.apache.sentry.core.common.SentryConfigurationException;
-import org.apache.sentry.policy.common.PermissionFactory;
+import org.apache.sentry.core.common.ActiveRoleSet;
+import org.apache.sentry.policy.common.PrivilegeFactory;
import org.apache.sentry.policy.common.PolicyEngine;
import org.apache.sentry.provider.common.GroupMappingService;
-
-import com.google.common.collect.ImmutableSet;
-import com.google.common.collect.ImmutableSetMultimap;
-
import org.junit.Test;
-import static org.junit.Assert.assertSame;
+import com.google.common.collect.ImmutableSet;
+import com.google.common.collect.Sets;
public class TestGetGroupMapping {
@@ -43,23 +41,15 @@ public class TestGetGroupMapping {
@Test
public void testResourceAuthorizationProvider() {
- final List<String> list = Arrays.asList("a", "b", "c");
+ final Set<String> set = Sets.newHashSet("a", "b", "c");
GroupMappingService mappingService = new GroupMappingService() {
- public List<String> getGroups(String user) { return list; }
+ public Set<String> getGroups(String user) { return set; }
};
PolicyEngine policyEngine = new PolicyEngine() {
- public PermissionFactory getPermissionFactory() { return null; }
-
- public ImmutableSetMultimap<String, String> getPermissions(List<? extends Authorizable> authorizables, List<String> groups) { return null; }
-
- public ImmutableSet<String> listPermissions(String groupName)
- throws SentryConfigurationException {
- return null;
- }
+ public PrivilegeFactory getPrivilegeFactory() { return null; }
- public ImmutableSet<String> listPermissions(List<String> groupName)
- throws SentryConfigurationException {
- return null;
+ public ImmutableSet<String> getPrivileges(Set<String> groups, ActiveRoleSet roleSet) {
+ return ImmutableSet.of();
}
public void validatePolicy(boolean strictValidation)
http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/644e8be3/sentry-provider/sentry-provider-file/src/test/java/org/apache/sentry/provider/file/TestKeyValue.java
----------------------------------------------------------------------
diff --git a/sentry-provider/sentry-provider-file/src/test/java/org/apache/sentry/provider/file/TestKeyValue.java b/sentry-provider/sentry-provider-file/src/test/java/org/apache/sentry/provider/file/TestKeyValue.java
index 1fd64f1..1d8c9ae 100644
--- a/sentry-provider/sentry-provider-file/src/test/java/org/apache/sentry/provider/file/TestKeyValue.java
+++ b/sentry-provider/sentry-provider-file/src/test/java/org/apache/sentry/provider/file/TestKeyValue.java
@@ -21,7 +21,6 @@ import static junit.framework.Assert.assertEquals;
import static junit.framework.Assert.assertFalse;
import static org.apache.sentry.provider.file.PolicyFileConstants.KV_JOINER;
-import org.apache.sentry.provider.file.KeyValue;
import org.junit.Test;
public class TestKeyValue {
http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/644e8be3/sentry-provider/sentry-provider-file/src/test/java/org/apache/sentry/provider/file/TestLocalGroupMapping.java
----------------------------------------------------------------------
diff --git a/sentry-provider/sentry-provider-file/src/test/java/org/apache/sentry/provider/file/TestLocalGroupMapping.java b/sentry-provider/sentry-provider-file/src/test/java/org/apache/sentry/provider/file/TestLocalGroupMapping.java
index f1d8192..c436009 100644
--- a/sentry-provider/sentry-provider-file/src/test/java/org/apache/sentry/provider/file/TestLocalGroupMapping.java
+++ b/sentry-provider/sentry-provider-file/src/test/java/org/apache/sentry/provider/file/TestLocalGroupMapping.java
@@ -19,25 +19,25 @@ package org.apache.sentry.provider.file;
import java.io.File;
import java.io.IOException;
-import java.util.List;
+import java.util.Set;
import org.apache.commons.io.FileUtils;
import org.apache.hadoop.fs.Path;
-import org.apache.sentry.provider.file.LocalGroupMappingService;
-import org.apache.sentry.provider.file.PolicyFiles;
import org.junit.After;
import org.junit.Assert;
import org.junit.Before;
import org.junit.Test;
+import com.google.common.collect.Sets;
import com.google.common.io.Files;
public class TestLocalGroupMapping {
- private String resourcePath = "test-authz-provider-local-group-mapping.ini";
+ private static final String resourcePath = "test-authz-provider-local-group-mapping.ini";
+ private static final Set<String> fooGroups = Sets.newHashSet("admin", "analyst");
+ private static final Set<String> barGroups = Sets.newHashSet("jranalyst");
+
private LocalGroupMappingService localGroupMapping;
- private String[] fooGroups = new String[] {"admin", "analyst" };
- private String[] barGroups = new String[] {"jranalyst"};
private File baseDir;
@@ -57,13 +57,13 @@ public class TestLocalGroupMapping {
@Test
public void testGroupMapping() {
- List <String> fooGroupsFromResource = localGroupMapping.getGroups("foo");
- Assert.assertArrayEquals(fooGroupsFromResource.toArray(), fooGroups);
+ Set<String> fooGroupsFromResource = localGroupMapping.getGroups("foo");
+ Assert.assertEquals(fooGroupsFromResource, fooGroups);
- List <String> barGroupsFromResource = localGroupMapping.getGroups("bar");
- Assert.assertArrayEquals(barGroupsFromResource.toArray(), barGroups);
+ Set<String> barGroupsFromResource = localGroupMapping.getGroups("bar");
+ Assert.assertEquals(barGroupsFromResource, barGroups);
- List <String> unknownGroupsFromResource = localGroupMapping.getGroups("unknown");
+ Set<String> unknownGroupsFromResource = localGroupMapping.getGroups("unknown");
Assert.assertTrue("List not empty " + unknownGroupsFromResource, unknownGroupsFromResource.isEmpty());
}
}
http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/644e8be3/sentry-provider/sentry-provider-file/src/test/java/org/apache/sentry/provider/file/TestSimpleFileProvderBackend.java
----------------------------------------------------------------------
diff --git a/sentry-provider/sentry-provider-file/src/test/java/org/apache/sentry/provider/file/TestSimpleFileProvderBackend.java b/sentry-provider/sentry-provider-file/src/test/java/org/apache/sentry/provider/file/TestSimpleFileProvderBackend.java
new file mode 100644
index 0000000..df5acdc
--- /dev/null
+++ b/sentry-provider/sentry-provider-file/src/test/java/org/apache/sentry/provider/file/TestSimpleFileProvderBackend.java
@@ -0,0 +1,120 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.sentry.provider.file;
+import static junit.framework.Assert.assertEquals;
+import static junit.framework.Assert.fail;
+
+import java.io.File;
+import java.io.IOException;
+import java.util.HashSet;
+
+import org.apache.commons.io.FileUtils;
+import org.apache.sentry.core.common.ActiveRoleSet;
+import org.apache.sentry.provider.common.ProviderBackendContext;
+import org.junit.After;
+import org.junit.Before;
+import org.junit.Test;
+
+import com.google.common.collect.Sets;
+import com.google.common.io.Files;
+
+public class TestSimpleFileProvderBackend {
+
+ private static final String resourcePath = "test-authz-provider-local-group-mapping.ini";
+
+ private SimpleFileProviderBackend backend;
+ private ProviderBackendContext context;
+ private File baseDir;
+
+ @Before
+ public void setup() throws IOException {
+ baseDir = Files.createTempDir();
+ PolicyFiles.copyToDir(baseDir, resourcePath);
+ backend = new SimpleFileProviderBackend(new File(baseDir, resourcePath).toString());
+ context = new ProviderBackendContext();
+ }
+
+ @After
+ public void teardown() {
+ if(baseDir != null) {
+ FileUtils.deleteQuietly(baseDir);
+ }
+ }
+
+ @Test
+ public void testInitializeTwice() {
+ backend.initialize(context);
+ try {
+ backend.initialize(context);
+ fail("Expected IllegalStateException on second initialze");
+ } catch (IllegalStateException e) {
+ // expected
+ }
+ }
+
+ @Test(expected = IllegalStateException.class)
+ public void testUninitializeGetPrivileges() {
+ backend.getPrivileges(new HashSet<String>(), ActiveRoleSet.ALL);
+ }
+
+ @Test(expected = IllegalStateException.class)
+ public void testUninitializeValidatePolicy() {
+ backend.validatePolicy(true);
+ }
+
+ @Test
+ public void testRoleSetAll() {
+ backend.initialize(context);
+ assertEquals(Sets.newHashSet("server=server1->db=customers->table=purchases->select",
+ "server=server1->db=analyst1", "server=server1->db=jranalyst1->table=*->select",
+ "server=server1->db=jranalyst1", "server=server1->functions"),
+ backend.getPrivileges(Sets.newHashSet("manager"), ActiveRoleSet.ALL));
+ }
+
+ @Test
+ public void testRoleSetAllUnknownGroup() {
+ backend.initialize(context);
+ assertEquals(Sets.newHashSet(), backend.getPrivileges(Sets.newHashSet("not-a-group"),
+ ActiveRoleSet.ALL));
+ }
+
+ @Test
+ public void testRoleSetNone() {
+ backend.initialize(context);
+ assertEquals(Sets.newHashSet(), backend.getPrivileges(Sets.newHashSet("manager"),
+ new ActiveRoleSet(new HashSet<String>())));
+ }
+
+ @Test
+ public void testRoleSetOne() {
+ backend.initialize(context);
+ assertEquals(Sets.newHashSet("server=server1->functions"),
+ backend.getPrivileges(Sets.newHashSet("manager"),
+ new ActiveRoleSet(Sets.newHashSet("functions"))));
+ }
+
+ @Test
+ public void testRoleSetTwo() {
+ backend.initialize(context);
+ assertEquals(Sets.newHashSet("server=server1->db=jranalyst1",
+ "server=server1->functions"),
+ backend.getPrivileges(Sets.newHashSet("manager"),
+ new ActiveRoleSet(Sets.newHashSet("junior_analyst_role", "functions"))));
+ }
+}
http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/644e8be3/sentry-tests/sentry-tests-hive/.gitignore
----------------------------------------------------------------------
diff --git a/sentry-tests/sentry-tests-hive/.gitignore b/sentry-tests/sentry-tests-hive/.gitignore
index 1f01ed7..a3e474e 100644
--- a/sentry-tests/sentry-tests-hive/.gitignore
+++ b/sentry-tests/sentry-tests-hive/.gitignore
@@ -1,3 +1,4 @@
derby.log
TempStatsStore/**
thirdparty/*
+sentry_policy_db
http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/644e8be3/sentry-tests/sentry-tests-hive/pom.xml
----------------------------------------------------------------------
diff --git a/sentry-tests/sentry-tests-hive/pom.xml b/sentry-tests/sentry-tests-hive/pom.xml
index 030b9b1..2b00d16 100644
--- a/sentry-tests/sentry-tests-hive/pom.xml
+++ b/sentry-tests/sentry-tests-hive/pom.xml
@@ -260,8 +260,8 @@ limitations under the License.
mv $BASE_DIR/${finalName}* $BASE_DIR/$finalName
}
mkdir -p $DOWNLOAD_DIR
- download "http://archive.cloudera.com/cdh5/cdh/5/hadoop-latest.tar.gz" hadoop.tar.gz hadoop
- download "http://archive.cloudera.com/cdh5/cdh/5/hive-latest.tar.gz" hive.tar.gz hive
+ download "http://repos.jenkins.cloudera.com/cdh5-nightly/cdh/5/hadoop-latest.tar.gz" hadoop.tar.gz hadoop
+ download "http://repos.jenkins.cloudera.com/cdh5-nightly/cdh/5/hive-latest.tar.gz" hive.tar.gz hive
</echo>
<exec executable="bash" dir="${basedir}" failonerror="true">
<arg line="target/download.sh"/>
@@ -272,6 +272,35 @@ limitations under the License.
</executions>
</plugin>
</plugins>
+ <pluginManagement>
+ <plugins>
+ <!--This plugin's configuration is used to store Eclipse m2e settings only. It has no influence on the Maven build itself.-->
+ <plugin>
+ <groupId>org.eclipse.m2e</groupId>
+ <artifactId>lifecycle-mapping</artifactId>
+ <version>1.0.0</version>
+ <configuration>
+ <lifecycleMappingMetadata>
+ <pluginExecutions>
+ <pluginExecution>
+ <pluginExecutionFilter>
+ <groupId>org.apache.maven.plugins</groupId>
+ <artifactId>maven-antrun-plugin</artifactId>
+ <versionRange>[1.7,)</versionRange>
+ <goals>
+ <goal>run</goal>
+ </goals>
+ </pluginExecutionFilter>
+ <action>
+ <ignore></ignore>
+ </action>
+ </pluginExecution>
+ </pluginExecutions>
+ </lifecycleMappingMetadata>
+ </configuration>
+ </plugin>
+ </plugins>
+ </pluginManagement>
</build>
<profiles>
<profile>
http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/644e8be3/sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/hive/AbstractTestWithStaticConfiguration.java
----------------------------------------------------------------------
diff --git a/sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/hive/AbstractTestWithStaticConfiguration.java b/sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/hive/AbstractTestWithStaticConfiguration.java
index 6ae3776..6444407 100644
--- a/sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/hive/AbstractTestWithStaticConfiguration.java
+++ b/sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/hive/AbstractTestWithStaticConfiguration.java
@@ -26,8 +26,8 @@ import junit.framework.Assert;
import org.apache.commons.io.FileUtils;
import org.apache.hadoop.fs.FileSystem;
-import org.apache.sentry.tests.e2e.hive.fs.DFSFactory;
import org.apache.sentry.tests.e2e.hive.fs.DFS;
+import org.apache.sentry.tests.e2e.hive.fs.DFSFactory;
import org.apache.sentry.tests.e2e.hive.hiveserver.HiveServer;
import org.apache.sentry.tests.e2e.hive.hiveserver.HiveServerFactory;
import org.junit.AfterClass;
@@ -173,8 +173,12 @@ public abstract class AbstractTestWithStaticConfiguration {
}
baseDir = null;
}
- if(dfs!=null) {
- dfs.tearDown();
+ if(dfs != null) {
+ try {
+ dfs.tearDown();
+ } catch (Exception e) {
+ LOGGER.info("Exception shutting down dfs", e);
+ }
}
}
}
http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/644e8be3/sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/hive/Context.java
----------------------------------------------------------------------
diff --git a/sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/hive/Context.java b/sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/hive/Context.java
index 2f83678..4f7dd2d 100644
--- a/sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/hive/Context.java
+++ b/sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/hive/Context.java
@@ -27,7 +27,6 @@ import java.io.IOException;
import java.io.PrintWriter;
import java.net.URI;
import java.sql.Connection;
-import java.sql.DriverManager;
import java.sql.SQLException;
import java.sql.Statement;
import java.util.Set;
http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/644e8be3/sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/hive/TestConfigTool.java
----------------------------------------------------------------------
diff --git a/sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/hive/TestConfigTool.java b/sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/hive/TestConfigTool.java
index 6968cc0..bb7bec2 100644
--- a/sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/hive/TestConfigTool.java
+++ b/sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/hive/TestConfigTool.java
@@ -17,36 +17,25 @@
package org.apache.sentry.tests.e2e.hive;
-import static org.junit.Assert.*;
+import static org.junit.Assert.assertTrue;
+import static org.junit.Assert.fail;
-import org.junit.After;
-import org.junit.Before;
-import org.junit.Test;
-
-import java.io.BufferedInputStream;
-import java.io.BufferedOutputStream;
import java.io.ByteArrayOutputStream;
import java.io.File;
-import java.io.FileOutputStream;
import java.io.PrintStream;
import java.sql.Connection;
-import java.sql.ResultSet;
-import java.sql.ResultSetMetaData;
import java.sql.SQLException;
import java.sql.Statement;
-import java.util.ArrayList;
-import java.util.List;
import java.util.Set;
-import junit.framework.Assert;
-
import org.apache.sentry.binding.hive.authz.SentryConfigTool;
import org.apache.sentry.binding.hive.conf.HiveAuthzConf;
import org.apache.sentry.core.common.SentryConfigurationException;
import org.apache.sentry.core.common.Subject;
import org.apache.sentry.provider.file.PolicyFile;
-
-import com.google.common.io.Resources;
+import org.junit.After;
+import org.junit.Before;
+import org.junit.Test;
public class TestConfigTool extends AbstractTestWithStaticConfiguration {
private static final String DB2_POLICY_FILE = "db2-policy-file.ini";
@@ -188,18 +177,18 @@ public class TestConfigTool extends AbstractTestWithStaticConfiguration {
configTool.validatePolicy();
Set<String> permList = configTool.getSentryProvider()
- .listPermissionsForSubject(new Subject(USER1_1));
+ .listPrivilegesForSubject(new Subject(USER1_1));
assertTrue(permList
.contains("server=server1->db=db1->table=tab1->action=select"));
assertTrue(permList
.contains("server=server1->db=db1->table=tab2->action=insert"));
- permList = configTool.getSentryProvider().listPermissionsForSubject(
+ permList = configTool.getSentryProvider().listPrivilegesForSubject(
new Subject(USER2_1));
assertTrue(permList
.contains("server=server1->db=db1->table=tab3->action=select"));
- permList = configTool.getSentryProvider().listPermissionsForSubject(
+ permList = configTool.getSentryProvider().listPrivilegesForSubject(
new Subject(ADMIN1));
assertTrue(permList.contains("server=server1"));
}
http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/644e8be3/sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/hive/TestPerDBConfiguration.java
----------------------------------------------------------------------
diff --git a/sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/hive/TestPerDBConfiguration.java b/sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/hive/TestPerDBConfiguration.java
index 80912a3..f782613 100644
--- a/sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/hive/TestPerDBConfiguration.java
+++ b/sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/hive/TestPerDBConfiguration.java
@@ -26,8 +26,8 @@ import java.sql.ResultSet;
import java.sql.SQLException;
import java.sql.Statement;
-import org.apache.sentry.provider.file.PolicyFile;
import org.apache.sentry.policy.db.SimpleDBPolicyEngine;
+import org.apache.sentry.provider.file.PolicyFile;
import org.junit.After;
import org.junit.Before;
import org.junit.Test;
@@ -71,6 +71,8 @@ public class TestPerDBConfiguration extends AbstractTestWithStaticConfiguration
@After
public void teardown() throws Exception {
+ // one test turns this on so let's disable it in the teardown method
+ System.setProperty(SimpleDBPolicyEngine.ACCESS_ALLOW_URI_PER_DB_POLICYFILE, "false");
if (context != null) {
context.close();
}
@@ -336,6 +338,13 @@ public class TestPerDBConfiguration extends AbstractTestWithStaticConfiguration
context.assertAuthzException(statement, "SELECT COUNT(*) FROM db1.tbl1");
context.assertAuthzException(statement, "USE db1");
+ // once we disable this property all queries should fail
+ System.setProperty(SimpleDBPolicyEngine.ACCESS_ALLOW_URI_PER_DB_POLICYFILE, "false");
+ context.assertAuthzException(statement, "USE db2");
+
+ // re-enable for clean
+ System.setProperty(SimpleDBPolicyEngine.ACCESS_ALLOW_URI_PER_DB_POLICYFILE, "true");
+
statement.close();
connection.close();
@@ -346,7 +355,6 @@ public class TestPerDBConfiguration extends AbstractTestWithStaticConfiguration
statement.execute("DROP DATABASE db2 CASCADE");
statement.close();
connection.close();
- System.setProperty(SimpleDBPolicyEngine.ACCESS_ALLOW_URI_PER_DB_POLICYFILE, "false");
}
/**
http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/644e8be3/sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/hive/TestPrivilegesAtTableScope.java
----------------------------------------------------------------------
diff --git a/sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/hive/TestPrivilegesAtTableScope.java b/sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/hive/TestPrivilegesAtTableScope.java
index c267ea6..56ed06a 100644
--- a/sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/hive/TestPrivilegesAtTableScope.java
+++ b/sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/hive/TestPrivilegesAtTableScope.java
@@ -17,8 +17,8 @@
package org.apache.sentry.tests.e2e.hive;
-import static org.junit.Assert.*;
-import static org.junit.Assert.assertEquals;
+import static org.junit.Assert.assertFalse;
+import static org.junit.Assert.assertNotNull;
import static org.junit.Assert.assertTrue;
import java.io.File;
http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/644e8be3/sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/hive/TestSentryOnFailureHookLoading.java
----------------------------------------------------------------------
diff --git a/sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/hive/TestSentryOnFailureHookLoading.java b/sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/hive/TestSentryOnFailureHookLoading.java
index 8222590..cae270b 100644
--- a/sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/hive/TestSentryOnFailureHookLoading.java
+++ b/sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/hive/TestSentryOnFailureHookLoading.java
@@ -17,13 +17,9 @@
package org.apache.sentry.tests.e2e.hive;
-import com.google.common.io.Resources;
-import org.apache.sentry.binding.hive.conf.HiveAuthzConf;
-import org.apache.sentry.provider.file.PolicyFile;
-import org.apache.sentry.tests.e2e.hive.hiveserver.HiveServerFactory;
-import org.junit.After;
-import org.junit.Before;
-import org.junit.Test;
+import static org.junit.Assert.assertFalse;
+import static org.junit.Assert.assertTrue;
+
import java.io.File;
import java.io.FileOutputStream;
import java.sql.Connection;
@@ -31,10 +27,17 @@ import java.sql.SQLException;
import java.sql.Statement;
import java.util.HashMap;
import java.util.Map;
+
import junit.framework.Assert;
-import static org.junit.Assert.assertTrue;
-import static org.junit.Assert.assertFalse;
+import org.apache.sentry.binding.hive.conf.HiveAuthzConf;
+import org.apache.sentry.provider.file.PolicyFile;
+import org.apache.sentry.tests.e2e.hive.hiveserver.HiveServerFactory;
+import org.junit.After;
+import org.junit.Before;
+import org.junit.Test;
+
+import com.google.common.io.Resources;
public class TestSentryOnFailureHookLoading extends AbstractTestWithHiveServer {
http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/644e8be3/sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/hive/fs/AbstractDFS.java
----------------------------------------------------------------------
diff --git a/sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/hive/fs/AbstractDFS.java b/sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/hive/fs/AbstractDFS.java
index 1068dbe..145584d 100644
--- a/sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/hive/fs/AbstractDFS.java
+++ b/sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/hive/fs/AbstractDFS.java
@@ -16,12 +16,13 @@
*/
package org.apache.sentry.tests.e2e.hive.fs;
+import java.io.IOException;
+
import junit.framework.Assert;
+
import org.apache.hadoop.fs.FileSystem;
import org.apache.hadoop.fs.Path;
-import java.io.IOException;
-
public abstract class AbstractDFS implements DFS{
protected static FileSystem fileSystem;
protected static Path dfsBaseDir;
http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/644e8be3/sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/hive/fs/ClusterDFS.java
----------------------------------------------------------------------
diff --git a/sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/hive/fs/ClusterDFS.java b/sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/hive/fs/ClusterDFS.java
index 1e2c01e..d5db811 100644
--- a/sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/hive/fs/ClusterDFS.java
+++ b/sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/hive/fs/ClusterDFS.java
@@ -16,17 +16,16 @@
*/
package org.apache.sentry.tests.e2e.hive.fs;
+import java.security.PrivilegedExceptionAction;
+import java.util.Random;
+
import org.apache.hadoop.conf.Configuration;
import org.apache.hadoop.fs.FileSystem;
import org.apache.hadoop.fs.Path;
-import org.apache.hadoop.mapred.JobClient;
import org.apache.hadoop.security.UserGroupInformation;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
-import java.security.PrivilegedExceptionAction;
-import java.util.Random;
-
public class ClusterDFS extends AbstractDFS{
private static final Logger LOGGER = LoggerFactory
.getLogger(ClusterDFS.class);
http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/644e8be3/sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/hive/fs/DFS.java
----------------------------------------------------------------------
diff --git a/sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/hive/fs/DFS.java b/sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/hive/fs/DFS.java
index b9764bc..9e9bb27 100644
--- a/sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/hive/fs/DFS.java
+++ b/sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/hive/fs/DFS.java
@@ -19,8 +19,6 @@ package org.apache.sentry.tests.e2e.hive.fs;
import org.apache.hadoop.fs.FileSystem;
import org.apache.hadoop.fs.Path;
-import java.io.IOException;
-
public interface DFS {
public FileSystem getFileSystem();
public void tearDown() throws Exception;
http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/644e8be3/sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/hive/fs/DFSFactory.java
----------------------------------------------------------------------
diff --git a/sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/hive/fs/DFSFactory.java b/sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/hive/fs/DFSFactory.java
index c3e5bf3..c897b49 100644
--- a/sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/hive/fs/DFSFactory.java
+++ b/sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/hive/fs/DFSFactory.java
@@ -16,10 +16,10 @@
*/
package org.apache.sentry.tests.e2e.hive.fs;
-import com.google.common.annotations.VisibleForTesting;
-
import java.io.File;
+import com.google.common.annotations.VisibleForTesting;
+
public class DFSFactory {
public static final String FS_TYPE = "sentry.e2etest.DFSType";
http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/644e8be3/sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/hive/fs/MiniDFS.java
----------------------------------------------------------------------
diff --git a/sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/hive/fs/MiniDFS.java b/sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/hive/fs/MiniDFS.java
index dba2a54..de684a9 100644
--- a/sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/hive/fs/MiniDFS.java
+++ b/sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/hive/fs/MiniDFS.java
@@ -16,14 +16,14 @@
*/
package org.apache.sentry.tests.e2e.hive.fs;
+import java.io.File;
+
import junit.framework.Assert;
+
import org.apache.hadoop.conf.Configuration;
import org.apache.hadoop.fs.Path;
import org.apache.hadoop.hdfs.MiniDFSCluster;
-import java.io.File;
-import java.io.IOException;
-
public class MiniDFS extends AbstractDFS {
private static MiniDFSCluster dfsCluster;
http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/644e8be3/sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/hive/hiveserver/EmbeddedHiveServer.java
----------------------------------------------------------------------
diff --git a/sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/hive/hiveserver/EmbeddedHiveServer.java b/sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/hive/hiveserver/EmbeddedHiveServer.java
index ce3b97c..52ba09e 100644
--- a/sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/hive/hiveserver/EmbeddedHiveServer.java
+++ b/sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/hive/hiveserver/EmbeddedHiveServer.java
@@ -17,12 +17,12 @@
package org.apache.sentry.tests.e2e.hive.hiveserver;
-import org.apache.hadoop.hive.metastore.HiveMetaStore;
-import org.fest.reflect.core.Reflection;
-
import java.sql.Connection;
import java.sql.DriverManager;
+import org.apache.hadoop.hive.metastore.HiveMetaStore;
+import org.fest.reflect.core.Reflection;
+
public class EmbeddedHiveServer implements HiveServer {
@Override
http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/644e8be3/sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/hive/hiveserver/HiveServerFactory.java
----------------------------------------------------------------------
diff --git a/sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/hive/hiveserver/HiveServerFactory.java b/sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/hive/hiveserver/HiveServerFactory.java
index 0751e91..8af3f45 100644
--- a/sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/hive/hiveserver/HiveServerFactory.java
+++ b/sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/hive/hiveserver/HiveServerFactory.java
@@ -24,7 +24,6 @@ import java.net.ServerSocket;
import java.net.URL;
import java.util.Map;
-import com.google.common.annotations.VisibleForTesting;
import org.apache.hadoop.fs.FileSystem;
import org.apache.hadoop.hdfs.DistributedFileSystem;
import org.apache.hadoop.hive.conf.HiveConf;
@@ -36,6 +35,7 @@ import org.junit.Assert;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
+import com.google.common.annotations.VisibleForTesting;
import com.google.common.io.Resources;
public class HiveServerFactory {
http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/644e8be3/sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/hive/hiveserver/InternalHiveServer.java
----------------------------------------------------------------------
diff --git a/sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/hive/hiveserver/InternalHiveServer.java b/sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/hive/hiveserver/InternalHiveServer.java
index 3a257bf..02d8024 100644
--- a/sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/hive/hiveserver/InternalHiveServer.java
+++ b/sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/hive/hiveserver/InternalHiveServer.java
@@ -18,6 +18,7 @@
package org.apache.sentry.tests.e2e.hive.hiveserver;
import java.io.IOException;
+
import org.apache.hadoop.hive.conf.HiveConf;
import org.apache.hadoop.hive.metastore.HiveMetaStore;
import org.apache.hive.service.server.HiveServer2;
http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/644e8be3/sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/hive/hiveserver/UnmanagedHiveServer.java
----------------------------------------------------------------------
diff --git a/sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/hive/hiveserver/UnmanagedHiveServer.java b/sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/hive/hiveserver/UnmanagedHiveServer.java
index 4425efa..42a274f 100644
--- a/sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/hive/hiveserver/UnmanagedHiveServer.java
+++ b/sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/hive/hiveserver/UnmanagedHiveServer.java
@@ -16,16 +16,16 @@
*/
package org.apache.sentry.tests.e2e.hive.hiveserver;
-import org.slf4j.Logger;
-import org.slf4j.LoggerFactory;
+import java.sql.Connection;
+import java.sql.DriverManager;
+import java.util.Properties;
-import com.google.common.base.Preconditions;
import org.apache.hadoop.hive.conf.HiveConf;
import org.apache.hadoop.security.UserGroupInformation;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
-import java.sql.Connection;
-import java.sql.DriverManager;
-import java.util.Properties;
+import com.google.common.base.Preconditions;
public class UnmanagedHiveServer implements HiveServer {
private static final Logger LOGGER = LoggerFactory.getLogger(UnmanagedHiveServer.class);
http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/644e8be3/sentry-tests/sentry-tests-solr/src/test/java/org/apache/sentry/tests/e2e/solr/AbstractSolrSentryTestBase.java
----------------------------------------------------------------------
diff --git a/sentry-tests/sentry-tests-solr/src/test/java/org/apache/sentry/tests/e2e/solr/AbstractSolrSentryTestBase.java b/sentry-tests/sentry-tests-solr/src/test/java/org/apache/sentry/tests/e2e/solr/AbstractSolrSentryTestBase.java
index b730de6..bc36967 100644
--- a/sentry-tests/sentry-tests-solr/src/test/java/org/apache/sentry/tests/e2e/solr/AbstractSolrSentryTestBase.java
+++ b/sentry-tests/sentry-tests-solr/src/test/java/org/apache/sentry/tests/e2e/solr/AbstractSolrSentryTestBase.java
@@ -19,7 +19,6 @@ package org.apache.sentry.tests.e2e.solr;
import java.io.File;
import java.io.IOException;
import java.net.MalformedURLException;
-import java.util.Collections;
import java.util.Comparator;
import java.util.Random;
import java.util.SortedMap;
@@ -47,12 +46,10 @@ import org.apache.solr.common.params.CoreAdminParams;
import org.apache.solr.common.params.ModifiableSolrParams;
import org.apache.solr.common.util.NamedList;
import org.apache.solr.servlet.SolrDispatchFilter;
-
import org.junit.After;
import org.junit.AfterClass;
import org.junit.Before;
import org.junit.BeforeClass;
-
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/644e8be3/sentry-tests/sentry-tests-solr/src/test/java/org/apache/sentry/tests/e2e/solr/HdfsTestUtil.java
----------------------------------------------------------------------
diff --git a/sentry-tests/sentry-tests-solr/src/test/java/org/apache/sentry/tests/e2e/solr/HdfsTestUtil.java b/sentry-tests/sentry-tests-solr/src/test/java/org/apache/sentry/tests/e2e/solr/HdfsTestUtil.java
index f68fd28..bb566bb 100644
--- a/sentry-tests/sentry-tests-solr/src/test/java/org/apache/sentry/tests/e2e/solr/HdfsTestUtil.java
+++ b/sentry-tests/sentry-tests-solr/src/test/java/org/apache/sentry/tests/e2e/solr/HdfsTestUtil.java
@@ -9,7 +9,6 @@ import org.apache.hadoop.conf.Configuration;
import org.apache.hadoop.hdfs.MiniDFSCluster;
import org.apache.lucene.util.LuceneTestCase;
import org.apache.solr.SolrTestCaseJ4;
-import org.junit.Assert;
/*
* Licensed to the Apache Software Foundation (ASF) under one or more
http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/644e8be3/sentry-tests/sentry-tests-solr/src/test/java/org/apache/sentry/tests/e2e/solr/ModifiableUserAuthenticationFilter.java
----------------------------------------------------------------------
diff --git a/sentry-tests/sentry-tests-solr/src/test/java/org/apache/sentry/tests/e2e/solr/ModifiableUserAuthenticationFilter.java b/sentry-tests/sentry-tests-solr/src/test/java/org/apache/sentry/tests/e2e/solr/ModifiableUserAuthenticationFilter.java
index b61ee25..533858b 100644
--- a/sentry-tests/sentry-tests-solr/src/test/java/org/apache/sentry/tests/e2e/solr/ModifiableUserAuthenticationFilter.java
+++ b/sentry-tests/sentry-tests-solr/src/test/java/org/apache/sentry/tests/e2e/solr/ModifiableUserAuthenticationFilter.java
@@ -27,7 +27,6 @@ import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import org.apache.solr.servlet.SolrRequestParsers;
-
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/644e8be3/sentry-tests/sentry-tests-solr/src/test/java/org/apache/sentry/tests/e2e/solr/TestCollAdminCoreOperations.java
----------------------------------------------------------------------
diff --git a/sentry-tests/sentry-tests-solr/src/test/java/org/apache/sentry/tests/e2e/solr/TestCollAdminCoreOperations.java b/sentry-tests/sentry-tests-solr/src/test/java/org/apache/sentry/tests/e2e/solr/TestCollAdminCoreOperations.java
index 6990444..8509497 100644
--- a/sentry-tests/sentry-tests-solr/src/test/java/org/apache/sentry/tests/e2e/solr/TestCollAdminCoreOperations.java
+++ b/sentry-tests/sentry-tests-solr/src/test/java/org/apache/sentry/tests/e2e/solr/TestCollAdminCoreOperations.java
@@ -16,12 +16,6 @@
*/
package org.apache.sentry.tests.e2e.solr;
-import org.slf4j.Logger;
-import org.slf4j.LoggerFactory;
-
-import com.carrotsearch.randomizedtesting.annotations.ThreadLeakScope;
-import com.carrotsearch.randomizedtesting.annotations.ThreadLeakScope.Scope;
-
import java.io.File;
import java.io.PrintWriter;
import java.io.StringWriter;
@@ -29,10 +23,14 @@ import java.util.ArrayList;
import java.util.Arrays;
import java.util.HashSet;
import java.util.List;
-import java.util.Properties;
import java.util.Random;
import org.apache.solr.common.params.CollectionParams.CollectionAction;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+import com.carrotsearch.randomizedtesting.annotations.ThreadLeakScope;
+import com.carrotsearch.randomizedtesting.annotations.ThreadLeakScope.Scope;
@ThreadLeakScope(Scope.NONE) // hdfs client currently leaks thread(s)
public class TestCollAdminCoreOperations extends AbstractSolrSentryTestBase {
http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/644e8be3/sentry-tests/sentry-tests-solr/src/test/java/org/apache/sentry/tests/e2e/solr/TestQueryOperations.java
----------------------------------------------------------------------
diff --git a/sentry-tests/sentry-tests-solr/src/test/java/org/apache/sentry/tests/e2e/solr/TestQueryOperations.java b/sentry-tests/sentry-tests-solr/src/test/java/org/apache/sentry/tests/e2e/solr/TestQueryOperations.java
index 8699849..6658560 100644
--- a/sentry-tests/sentry-tests-solr/src/test/java/org/apache/sentry/tests/e2e/solr/TestQueryOperations.java
+++ b/sentry-tests/sentry-tests-solr/src/test/java/org/apache/sentry/tests/e2e/solr/TestQueryOperations.java
@@ -16,12 +16,6 @@
*/
package org.apache.sentry.tests.e2e.solr;
-import org.slf4j.Logger;
-import org.slf4j.LoggerFactory;
-
-import com.carrotsearch.randomizedtesting.annotations.ThreadLeakScope;
-import com.carrotsearch.randomizedtesting.annotations.ThreadLeakScope.Scope;
-
import java.io.File;
import java.io.PrintWriter;
import java.io.StringWriter;
@@ -30,6 +24,11 @@ import java.util.Arrays;
import java.util.List;
import org.apache.solr.common.SolrInputDocument;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+import com.carrotsearch.randomizedtesting.annotations.ThreadLeakScope;
+import com.carrotsearch.randomizedtesting.annotations.ThreadLeakScope.Scope;
@ThreadLeakScope(Scope.NONE) // hdfs client currently leaks thread(s)
public class TestQueryOperations extends AbstractSolrSentryTestBase {
http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/644e8be3/sentry-tests/sentry-tests-solr/src/test/java/org/apache/sentry/tests/e2e/solr/TestUpdateOperations.java
----------------------------------------------------------------------
diff --git a/sentry-tests/sentry-tests-solr/src/test/java/org/apache/sentry/tests/e2e/solr/TestUpdateOperations.java b/sentry-tests/sentry-tests-solr/src/test/java/org/apache/sentry/tests/e2e/solr/TestUpdateOperations.java
index e7ad2c2..d4855da 100644
--- a/sentry-tests/sentry-tests-solr/src/test/java/org/apache/sentry/tests/e2e/solr/TestUpdateOperations.java
+++ b/sentry-tests/sentry-tests-solr/src/test/java/org/apache/sentry/tests/e2e/solr/TestUpdateOperations.java
@@ -16,12 +16,6 @@
*/
package org.apache.sentry.tests.e2e.solr;
-import org.slf4j.Logger;
-import org.slf4j.LoggerFactory;
-
-import com.carrotsearch.randomizedtesting.annotations.ThreadLeakScope;
-import com.carrotsearch.randomizedtesting.annotations.ThreadLeakScope.Scope;
-
import java.io.File;
import java.io.PrintWriter;
import java.io.StringWriter;
@@ -30,6 +24,11 @@ import java.util.Arrays;
import java.util.List;
import org.apache.solr.common.SolrInputDocument;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+import com.carrotsearch.randomizedtesting.annotations.ThreadLeakScope;
+import com.carrotsearch.randomizedtesting.annotations.ThreadLeakScope.Scope;
@ThreadLeakScope(Scope.NONE) // hdfs client currently leaks thread(s)
public class TestUpdateOperations extends AbstractSolrSentryTestBase {
[12/13] SENTRY-143: Merge db_policy_store branch into master (Brock
Noland via Shreepadma Venugopalan)
Posted by sh...@apache.org.
http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/644e8be3/sentry-policy/sentry-policy-common/src/main/java/org/apache/sentry/policy/common/PrivilegeValidatorContext.java
----------------------------------------------------------------------
diff --git a/sentry-policy/sentry-policy-common/src/main/java/org/apache/sentry/policy/common/PrivilegeValidatorContext.java b/sentry-policy/sentry-policy-common/src/main/java/org/apache/sentry/policy/common/PrivilegeValidatorContext.java
new file mode 100644
index 0000000..2b7fd1a
--- /dev/null
+++ b/sentry-policy/sentry-policy-common/src/main/java/org/apache/sentry/policy/common/PrivilegeValidatorContext.java
@@ -0,0 +1,38 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.sentry.policy.common;
+
+import javax.annotation.Nullable;
+
+public class PrivilegeValidatorContext {
+ private final String database;
+ private final String privilege;
+ public PrivilegeValidatorContext(String privilege) {
+ this(null, privilege);
+ }
+ public PrivilegeValidatorContext(@Nullable String database, String privilege) {
+ super();
+ this.database = database;
+ this.privilege = privilege;
+ }
+ public @Nullable String getDatabase() {
+ return database;
+ }
+ public String getPrivilege() {
+ return privilege;
+ }
+}
http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/644e8be3/sentry-policy/sentry-policy-common/src/main/java/org/apache/sentry/policy/common/RoleValidator.java
----------------------------------------------------------------------
diff --git a/sentry-policy/sentry-policy-common/src/main/java/org/apache/sentry/policy/common/RoleValidator.java b/sentry-policy/sentry-policy-common/src/main/java/org/apache/sentry/policy/common/RoleValidator.java
deleted file mode 100644
index 8390364..0000000
--- a/sentry-policy/sentry-policy-common/src/main/java/org/apache/sentry/policy/common/RoleValidator.java
+++ /dev/null
@@ -1,26 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one or more
- * contributor license agreements. See the NOTICE file distributed with
- * this work for additional information regarding copyright ownership.
- * The ASF licenses this file to You under the Apache License, Version 2.0
- * (the "License"); you may not use this file except in compliance with
- * the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package org.apache.sentry.policy.common;
-
-import javax.annotation.Nullable;
-
-import org.apache.shiro.config.ConfigurationException;
-
-public interface RoleValidator {
-
- public void validate(@Nullable String database, String role) throws ConfigurationException;
-}
http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/644e8be3/sentry-policy/sentry-policy-db/src/main/java/org/apache/sentry/policy/db/AbstractDBPrivilegeValidator.java
----------------------------------------------------------------------
diff --git a/sentry-policy/sentry-policy-db/src/main/java/org/apache/sentry/policy/db/AbstractDBPrivilegeValidator.java b/sentry-policy/sentry-policy-db/src/main/java/org/apache/sentry/policy/db/AbstractDBPrivilegeValidator.java
new file mode 100644
index 0000000..1b774ee
--- /dev/null
+++ b/sentry-policy/sentry-policy-db/src/main/java/org/apache/sentry/policy/db/AbstractDBPrivilegeValidator.java
@@ -0,0 +1,50 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.sentry.policy.db;
+
+import static org.apache.sentry.provider.file.PolicyFileConstants.AUTHORIZABLE_SPLITTER;
+import static org.apache.sentry.provider.file.PolicyFileConstants.PRIVILEGE_PREFIX;
+
+import java.util.List;
+
+import org.apache.sentry.core.model.db.DBModelAuthorizable;
+import org.apache.sentry.policy.common.PrivilegeValidator;
+import org.apache.shiro.config.ConfigurationException;
+
+import com.google.common.annotations.VisibleForTesting;
+import com.google.common.collect.Lists;
+
+public abstract class AbstractDBPrivilegeValidator implements PrivilegeValidator {
+
+ @VisibleForTesting
+ public static Iterable<DBModelAuthorizable> parsePrivilege(String string) {
+ List<DBModelAuthorizable> result = Lists.newArrayList();
+ for(String section : AUTHORIZABLE_SPLITTER.split(string)) {
+ // XXX this ugly hack is because action is not an authorizeable
+ if(!section.toLowerCase().startsWith(PRIVILEGE_PREFIX)) {
+ DBModelAuthorizable authorizable = DBModelAuthorizables.from(section);
+ if(authorizable == null) {
+ String msg = "No authorizable found for " + section;
+ throw new ConfigurationException(msg);
+ }
+ result.add(authorizable);
+ }
+ }
+ return result;
+ }
+
+}
http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/644e8be3/sentry-policy/sentry-policy-db/src/main/java/org/apache/sentry/policy/db/AbstractDBRoleValidator.java
----------------------------------------------------------------------
diff --git a/sentry-policy/sentry-policy-db/src/main/java/org/apache/sentry/policy/db/AbstractDBRoleValidator.java b/sentry-policy/sentry-policy-db/src/main/java/org/apache/sentry/policy/db/AbstractDBRoleValidator.java
deleted file mode 100644
index 722a4be..0000000
--- a/sentry-policy/sentry-policy-db/src/main/java/org/apache/sentry/policy/db/AbstractDBRoleValidator.java
+++ /dev/null
@@ -1,50 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one or more
- * contributor license agreements. See the NOTICE file distributed with
- * this work for additional information regarding copyright ownership.
- * The ASF licenses this file to You under the Apache License, Version 2.0
- * (the "License"); you may not use this file except in compliance with
- * the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package org.apache.sentry.policy.db;
-
-import static org.apache.sentry.provider.file.PolicyFileConstants.AUTHORIZABLE_SPLITTER;
-import static org.apache.sentry.provider.file.PolicyFileConstants.PRIVILEGE_PREFIX;
-
-import java.util.List;
-
-import org.apache.sentry.policy.common.RoleValidator;
-import org.apache.sentry.core.model.db.DBModelAuthorizable;
-import org.apache.shiro.config.ConfigurationException;
-
-import com.google.common.annotations.VisibleForTesting;
-import com.google.common.collect.Lists;
-
-public abstract class AbstractDBRoleValidator implements RoleValidator {
-
- @VisibleForTesting
- public static Iterable<DBModelAuthorizable> parseRole(String string) {
- List<DBModelAuthorizable> result = Lists.newArrayList();
- for(String section : AUTHORIZABLE_SPLITTER.split(string)) {
- // XXX this ugly hack is because action is not an authorizeable
- if(!section.toLowerCase().startsWith(PRIVILEGE_PREFIX)) {
- DBModelAuthorizable authorizable = DBModelAuthorizables.from(section);
- if(authorizable == null) {
- String msg = "No authorizable found for " + section;
- throw new ConfigurationException(msg);
- }
- result.add(authorizable);
- }
- }
- return result;
- }
-
-}
http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/644e8be3/sentry-policy/sentry-policy-db/src/main/java/org/apache/sentry/policy/db/DBWildcardPermission.java
----------------------------------------------------------------------
diff --git a/sentry-policy/sentry-policy-db/src/main/java/org/apache/sentry/policy/db/DBWildcardPermission.java b/sentry-policy/sentry-policy-db/src/main/java/org/apache/sentry/policy/db/DBWildcardPermission.java
deleted file mode 100644
index 01981d1..0000000
--- a/sentry-policy/sentry-policy-db/src/main/java/org/apache/sentry/policy/db/DBWildcardPermission.java
+++ /dev/null
@@ -1,181 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-
-// copied from apache shiro
-
-package org.apache.sentry.policy.db;
-
-import static org.apache.sentry.provider.file.PolicyFileConstants.AUTHORIZABLE_JOINER;
-import static org.apache.sentry.provider.file.PolicyFileConstants.AUTHORIZABLE_SPLITTER;
-
-import java.io.Serializable;
-import java.net.URI;
-import java.net.URISyntaxException;
-import java.util.List;
-
-import org.apache.commons.lang.text.StrSubstitutor;
-import org.apache.sentry.core.common.utils.PathUtils;
-import org.apache.sentry.core.model.db.AccessConstants;
-import org.apache.sentry.core.model.db.DBModelAuthorizable.AuthorizableType;
-import org.apache.sentry.policy.common.PermissionFactory;
-import org.apache.sentry.provider.file.KeyValue;
-import org.apache.sentry.provider.file.PolicyFileConstants;
-import org.apache.shiro.authz.Permission;
-import org.slf4j.Logger;
-import org.slf4j.LoggerFactory;
-
-import com.google.common.annotations.VisibleForTesting;
-import com.google.common.base.Preconditions;
-import com.google.common.base.Strings;
-import com.google.common.collect.ImmutableList;
-import com.google.common.collect.Lists;
-
-// XXX this class is made ugly by the fact that Action is not a Authorizable.
-public class DBWildcardPermission implements Permission, Serializable {
- private static final Logger LOGGER = LoggerFactory
- .getLogger(DBWildcardPermission.class);
- private static final long serialVersionUID = -6785051263922740818L;
-
- private final ImmutableList<KeyValue> parts;
-
- public DBWildcardPermission(String wildcardString) {
- wildcardString = Strings.nullToEmpty(wildcardString).trim();
- if (wildcardString.isEmpty()) {
- throw new IllegalArgumentException("Wildcard string cannot be null or empty.");
- }
- List<KeyValue>parts = Lists.newArrayList();
- for (String authorizable : AUTHORIZABLE_SPLITTER.trimResults().split(wildcardString)) {
- if (authorizable.isEmpty()) {
- throw new IllegalArgumentException("Privilege '" + wildcardString + "' has an empty section");
- }
- parts.add(new KeyValue(authorizable));
- }
- if (parts.isEmpty()) {
- throw new AssertionError("Should never occur: " + wildcardString);
- }
- this.parts = ImmutableList.copyOf(parts);
- }
-
-
- @Override
- public boolean implies(Permission p) {
- // By default only supports comparisons with other DBWildcardPermissions
- if (!(p instanceof DBWildcardPermission)) {
- return false;
- }
-
- DBWildcardPermission wp = (DBWildcardPermission) p;
-
- List<KeyValue> otherParts = wp.parts;
- if(equals(wp)) {
- return true;
- }
- int index = 0;
- for (KeyValue otherPart : otherParts) {
- // If this permission has less parts than the other permission, everything
- // after the number of parts contained
- // in this permission is automatically implied, so return true
- if (parts.size() - 1 < index) {
- return true;
- } else {
- KeyValue part = parts.get(index);
- // are the keys even equal
- if(!part.getKey().equalsIgnoreCase(otherPart.getKey())) {
- return false;
- }
- if (!impliesKeyValue(part, otherPart)) {
- return false;
- }
- index++;
- }
- }
- // If this permission has more parts than
- // the other parts, only imply it if
- // all of the other parts are wildcards
- for (; index < parts.size(); index++) {
- KeyValue part = parts.get(index);
- if (!part.getValue().equals(AccessConstants.ALL)) {
- return false;
- }
- }
-
- return true;
- }
-
- private boolean impliesKeyValue(KeyValue policyPart, KeyValue requestPart) {
- Preconditions.checkState(policyPart.getKey().equalsIgnoreCase(requestPart.getKey()),
- "Please report, this method should not be called with two different keys");
- if(policyPart.getValue().equals(AccessConstants.ALL) || policyPart.equals(requestPart)) {
- return true;
- } else if (!PolicyFileConstants.PRIVILEGE_NAME.equalsIgnoreCase(policyPart.getKey())
- && AccessConstants.ALL.equalsIgnoreCase(requestPart.getValue())) {
- /* permission request is to match with any object of given type */
- return true;
- } else if(policyPart.getKey().equalsIgnoreCase(AuthorizableType.URI.name())) {
- return impliesURI(policyPart.getValue(), requestPart.getValue());
- }
- return false;
- }
-
- @VisibleForTesting
- protected static boolean impliesURI(String privilege, String request) {
- try {
- URI privilegeURI = new URI(new StrSubstitutor(System.getProperties()).replace(privilege));
- URI requestURI = new URI(request);
- if(privilegeURI.getScheme() == null || privilegeURI.getPath() == null) {
- LOGGER.warn("Privilege URI " + request + " is not valid. Either no scheme or no path.");
- return false;
- }
- if(requestURI.getScheme() == null || requestURI.getPath() == null) {
- LOGGER.warn("Request URI " + request + " is not valid. Either no scheme or no path.");
- return false;
- }
- return PathUtils.impliesURI(privilegeURI, requestURI);
- } catch (URISyntaxException e) {
- LOGGER.warn("Request URI " + request + " is not a URI", e);
- return false;
- }
- }
-
- @Override
- public String toString() {
- return AUTHORIZABLE_JOINER.join(parts);
- }
-
- @Override
- public boolean equals(Object o) {
- if (o instanceof DBWildcardPermission) {
- DBWildcardPermission wp = (DBWildcardPermission) o;
- return parts.equals(wp.parts);
- }
- return false;
- }
-
- @Override
- public int hashCode() {
- return parts.hashCode();
- }
-
- public static class DBWildcardPermissionFactory implements PermissionFactory {
- @Override
- public Permission createPermission(String permission) {
- return new DBWildcardPermission(permission);
- }
- }
-}
http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/644e8be3/sentry-policy/sentry-policy-db/src/main/java/org/apache/sentry/policy/db/DBWildcardPrivilege.java
----------------------------------------------------------------------
diff --git a/sentry-policy/sentry-policy-db/src/main/java/org/apache/sentry/policy/db/DBWildcardPrivilege.java b/sentry-policy/sentry-policy-db/src/main/java/org/apache/sentry/policy/db/DBWildcardPrivilege.java
new file mode 100644
index 0000000..cab1234
--- /dev/null
+++ b/sentry-policy/sentry-policy-db/src/main/java/org/apache/sentry/policy/db/DBWildcardPrivilege.java
@@ -0,0 +1,179 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+// copied from apache shiro
+
+package org.apache.sentry.policy.db;
+
+import static org.apache.sentry.provider.file.PolicyFileConstants.AUTHORIZABLE_JOINER;
+import static org.apache.sentry.provider.file.PolicyFileConstants.AUTHORIZABLE_SPLITTER;
+
+import java.net.URI;
+import java.net.URISyntaxException;
+import java.util.List;
+
+import org.apache.commons.lang.text.StrSubstitutor;
+import org.apache.sentry.core.common.utils.PathUtils;
+import org.apache.sentry.core.model.db.AccessConstants;
+import org.apache.sentry.core.model.db.DBModelAuthorizable.AuthorizableType;
+import org.apache.sentry.policy.common.PrivilegeFactory;
+import org.apache.sentry.policy.common.Privilege;
+import org.apache.sentry.provider.file.KeyValue;
+import org.apache.sentry.provider.file.PolicyFileConstants;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+import com.google.common.annotations.VisibleForTesting;
+import com.google.common.base.Preconditions;
+import com.google.common.base.Strings;
+import com.google.common.collect.ImmutableList;
+import com.google.common.collect.Lists;
+
+// XXX this class is made ugly by the fact that Action is not a Authorizable.
+public class DBWildcardPrivilege implements Privilege {
+ private static final Logger LOGGER = LoggerFactory
+ .getLogger(DBWildcardPrivilege.class);
+
+ private final ImmutableList<KeyValue> parts;
+
+ public DBWildcardPrivilege(String wildcardString) {
+ wildcardString = Strings.nullToEmpty(wildcardString).trim();
+ if (wildcardString.isEmpty()) {
+ throw new IllegalArgumentException("Wildcard string cannot be null or empty.");
+ }
+ List<KeyValue>parts = Lists.newArrayList();
+ for (String authorizable : AUTHORIZABLE_SPLITTER.trimResults().split(wildcardString)) {
+ if (authorizable.isEmpty()) {
+ throw new IllegalArgumentException("Privilege '" + wildcardString + "' has an empty section");
+ }
+ parts.add(new KeyValue(authorizable));
+ }
+ if (parts.isEmpty()) {
+ throw new AssertionError("Should never occur: " + wildcardString);
+ }
+ this.parts = ImmutableList.copyOf(parts);
+ }
+
+
+ @Override
+ public boolean implies(Privilege p) {
+ // By default only supports comparisons with other DBWildcardPermissions
+ if (!(p instanceof DBWildcardPrivilege)) {
+ return false;
+ }
+
+ DBWildcardPrivilege wp = (DBWildcardPrivilege) p;
+
+ List<KeyValue> otherParts = wp.parts;
+ if(equals(wp)) {
+ return true;
+ }
+ int index = 0;
+ for (KeyValue otherPart : otherParts) {
+ // If this privilege has less parts than the other privilege, everything
+ // after the number of parts contained
+ // in this privilege is automatically implied, so return true
+ if (parts.size() - 1 < index) {
+ return true;
+ } else {
+ KeyValue part = parts.get(index);
+ // are the keys even equal
+ if(!part.getKey().equalsIgnoreCase(otherPart.getKey())) {
+ return false;
+ }
+ if (!impliesKeyValue(part, otherPart)) {
+ return false;
+ }
+ index++;
+ }
+ }
+ // If this privilege has more parts than
+ // the other parts, only imply it if
+ // all of the other parts are wildcards
+ for (; index < parts.size(); index++) {
+ KeyValue part = parts.get(index);
+ if (!part.getValue().equals(AccessConstants.ALL)) {
+ return false;
+ }
+ }
+
+ return true;
+ }
+
+ private boolean impliesKeyValue(KeyValue policyPart, KeyValue requestPart) {
+ Preconditions.checkState(policyPart.getKey().equalsIgnoreCase(requestPart.getKey()),
+ "Please report, this method should not be called with two different keys");
+ if(policyPart.getValue().equals(AccessConstants.ALL) || policyPart.equals(requestPart)) {
+ return true;
+ } else if (!PolicyFileConstants.PRIVILEGE_NAME.equalsIgnoreCase(policyPart.getKey())
+ && AccessConstants.ALL.equalsIgnoreCase(requestPart.getValue())) {
+ /* privilege request is to match with any object of given type */
+ return true;
+ } else if(policyPart.getKey().equalsIgnoreCase(AuthorizableType.URI.name())) {
+ return impliesURI(policyPart.getValue(), requestPart.getValue());
+ }
+ return false;
+ }
+
+ @VisibleForTesting
+ protected static boolean impliesURI(String privilege, String request) {
+ try {
+ URI privilegeURI = new URI(new StrSubstitutor(System.getProperties()).replace(privilege));
+ URI requestURI = new URI(request);
+ if(privilegeURI.getScheme() == null || privilegeURI.getPath() == null) {
+ LOGGER.warn("Privilege URI " + request + " is not valid. Either no scheme or no path.");
+ return false;
+ }
+ if(requestURI.getScheme() == null || requestURI.getPath() == null) {
+ LOGGER.warn("Request URI " + request + " is not valid. Either no scheme or no path.");
+ return false;
+ }
+ return PathUtils.impliesURI(privilegeURI, requestURI);
+ } catch (URISyntaxException e) {
+ LOGGER.warn("Request URI " + request + " is not a URI", e);
+ return false;
+ }
+ }
+
+ @Override
+ public String toString() {
+ return AUTHORIZABLE_JOINER.join(parts);
+ }
+
+ @Override
+ public boolean equals(Object o) {
+ if (o instanceof DBWildcardPrivilege) {
+ DBWildcardPrivilege wp = (DBWildcardPrivilege) o;
+ return parts.equals(wp.parts);
+ }
+ return false;
+ }
+
+ @Override
+ public int hashCode() {
+ return parts.hashCode();
+ }
+
+ public static class DBWildcardPrivilegeFactory implements PrivilegeFactory {
+ @Override
+ public Privilege createPrivilege(String privilege) {
+ return new DBWildcardPrivilege(privilege);
+ }
+ }
+}
http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/644e8be3/sentry-policy/sentry-policy-db/src/main/java/org/apache/sentry/policy/db/DatabaseMustMatch.java
----------------------------------------------------------------------
diff --git a/sentry-policy/sentry-policy-db/src/main/java/org/apache/sentry/policy/db/DatabaseMustMatch.java b/sentry-policy/sentry-policy-db/src/main/java/org/apache/sentry/policy/db/DatabaseMustMatch.java
index a7c2091..d280c41 100644
--- a/sentry-policy/sentry-policy-db/src/main/java/org/apache/sentry/policy/db/DatabaseMustMatch.java
+++ b/sentry-policy/sentry-policy-db/src/main/java/org/apache/sentry/policy/db/DatabaseMustMatch.java
@@ -18,21 +18,24 @@ package org.apache.sentry.policy.db;
import org.apache.sentry.core.model.db.DBModelAuthorizable;
import org.apache.sentry.core.model.db.Database;
+import org.apache.sentry.policy.common.PrivilegeValidatorContext;
import org.apache.shiro.config.ConfigurationException;
-public class DatabaseMustMatch extends AbstractDBRoleValidator {
+public class DatabaseMustMatch extends AbstractDBPrivilegeValidator {
@Override
- public void validate(String database, String role) throws ConfigurationException {
+ public void validate(PrivilegeValidatorContext context) throws ConfigurationException {
+ String database = context.getDatabase();
+ String privilege = context.getPrivilege();
/*
* Rule only applies to rules in per database policy file
*/
if(database != null) {
- Iterable<DBModelAuthorizable> authorizables = parseRole(role);
+ Iterable<DBModelAuthorizable> authorizables = parsePrivilege(privilege);
for(DBModelAuthorizable authorizable : authorizables) {
if(authorizable instanceof Database &&
!database.equalsIgnoreCase(authorizable.getName())) {
- String msg = "Role " + role + " references db " +
+ String msg = "Privilege " + privilege + " references db " +
authorizable.getName() + ", but is only allowed to reference "
+ database;
throw new ConfigurationException(msg);
http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/644e8be3/sentry-policy/sentry-policy-db/src/main/java/org/apache/sentry/policy/db/DatabaseRequiredInPrivilege.java
----------------------------------------------------------------------
diff --git a/sentry-policy/sentry-policy-db/src/main/java/org/apache/sentry/policy/db/DatabaseRequiredInPrivilege.java b/sentry-policy/sentry-policy-db/src/main/java/org/apache/sentry/policy/db/DatabaseRequiredInPrivilege.java
new file mode 100644
index 0000000..e89aa16
--- /dev/null
+++ b/sentry-policy/sentry-policy-db/src/main/java/org/apache/sentry/policy/db/DatabaseRequiredInPrivilege.java
@@ -0,0 +1,71 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.sentry.policy.db;
+
+import org.apache.sentry.core.model.db.AccessURI;
+import org.apache.sentry.core.model.db.DBModelAuthorizable;
+import org.apache.sentry.core.model.db.Database;
+import org.apache.sentry.policy.common.PrivilegeValidatorContext;
+import org.apache.shiro.config.ConfigurationException;
+
+public class DatabaseRequiredInPrivilege extends AbstractDBPrivilegeValidator {
+
+ @Override
+ public void validate(PrivilegeValidatorContext context) throws ConfigurationException {
+ String database = context.getDatabase();
+ String privilege = context.getPrivilege();
+ /*
+ * Rule only applies to rules in per database policy file
+ */
+ if(database != null) {
+ Iterable<DBModelAuthorizable> authorizables = parsePrivilege(privilege);
+ /*
+ * Each permission in a non-global file must have a database
+ * object except for URIs.
+ *
+ * We allow URIs to be specified in the per DB policy file for
+ * ease of mangeability. URIs will contain to remain server scope
+ * objects.
+ */
+ boolean foundDatabaseInAuthorizables = false;
+ boolean foundURIInAuthorizables = false;
+ boolean allowURIInAuthorizables = false;
+
+ if ("true".equalsIgnoreCase(
+ System.getProperty(SimpleDBPolicyEngine.ACCESS_ALLOW_URI_PER_DB_POLICYFILE))) {
+ allowURIInAuthorizables = true;
+ }
+
+ for(DBModelAuthorizable authorizable : authorizables) {
+ if(authorizable instanceof Database) {
+ foundDatabaseInAuthorizables = true;
+ }
+ if (authorizable instanceof AccessURI) {
+ if (foundDatabaseInAuthorizables) {
+ String msg = "URI object is specified at DB scope in " + privilege;
+ throw new ConfigurationException(msg);
+ }
+ foundURIInAuthorizables = true;
+ }
+ }
+ if(!foundDatabaseInAuthorizables && !(foundURIInAuthorizables && allowURIInAuthorizables)) {
+ String msg = "Missing database object in " + privilege;
+ throw new ConfigurationException(msg);
+ }
+ }
+ }
+}
http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/644e8be3/sentry-policy/sentry-policy-db/src/main/java/org/apache/sentry/policy/db/DatabaseRequiredInRole.java
----------------------------------------------------------------------
diff --git a/sentry-policy/sentry-policy-db/src/main/java/org/apache/sentry/policy/db/DatabaseRequiredInRole.java b/sentry-policy/sentry-policy-db/src/main/java/org/apache/sentry/policy/db/DatabaseRequiredInRole.java
deleted file mode 100644
index 48b36a6..0000000
--- a/sentry-policy/sentry-policy-db/src/main/java/org/apache/sentry/policy/db/DatabaseRequiredInRole.java
+++ /dev/null
@@ -1,70 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one or more
- * contributor license agreements. See the NOTICE file distributed with
- * this work for additional information regarding copyright ownership.
- * The ASF licenses this file to You under the Apache License, Version 2.0
- * (the "License"); you may not use this file except in compliance with
- * the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package org.apache.sentry.policy.db;
-
-import javax.annotation.Nullable;
-
-import org.apache.sentry.core.model.db.AccessURI;
-import org.apache.sentry.core.model.db.Database;
-import org.apache.sentry.core.model.db.DBModelAuthorizable;
-import org.apache.shiro.config.ConfigurationException;
-
-public class DatabaseRequiredInRole extends AbstractDBRoleValidator {
-
- @Override
- public void validate(@Nullable String database, String role) throws ConfigurationException {
- /*
- * Rule only applies to rules in per database policy file
- */
- if(database != null) {
- Iterable<DBModelAuthorizable> authorizables = parseRole(role);
- /*
- * Each permission in a non-global file must have a database
- * object except for URIs.
- *
- * We allow URIs to be specified in the per DB policy file for
- * ease of mangeability. URIs will contain to remain server scope
- * objects.
- */
- boolean foundDatabaseInAuthorizables = false;
- boolean foundURIInAuthorizables = false;
- boolean allowURIInAuthorizables = false;
-
- if ("true".equalsIgnoreCase(
- System.getProperty(SimpleDBPolicyEngine.ACCESS_ALLOW_URI_PER_DB_POLICYFILE))) {
- allowURIInAuthorizables = true;
- }
-
- for(DBModelAuthorizable authorizable : authorizables) {
- if(authorizable instanceof Database) {
- foundDatabaseInAuthorizables = true;
- }
- if (authorizable instanceof AccessURI) {
- if (foundDatabaseInAuthorizables) {
- String msg = "URI object is specified at DB scope in " + role;
- throw new ConfigurationException(msg);
- }
- foundURIInAuthorizables = true;
- }
- }
- if(!foundDatabaseInAuthorizables && !(foundURIInAuthorizables && allowURIInAuthorizables)) {
- String msg = "Missing database object in " + role;
- throw new ConfigurationException(msg);
- }
- }
- }
-}
http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/644e8be3/sentry-policy/sentry-policy-db/src/main/java/org/apache/sentry/policy/db/ServerNameMustMatch.java
----------------------------------------------------------------------
diff --git a/sentry-policy/sentry-policy-db/src/main/java/org/apache/sentry/policy/db/ServerNameMustMatch.java b/sentry-policy/sentry-policy-db/src/main/java/org/apache/sentry/policy/db/ServerNameMustMatch.java
index 8ddf1dd..1848a32 100644
--- a/sentry-policy/sentry-policy-db/src/main/java/org/apache/sentry/policy/db/ServerNameMustMatch.java
+++ b/sentry-policy/sentry-policy-db/src/main/java/org/apache/sentry/policy/db/ServerNameMustMatch.java
@@ -16,25 +16,25 @@
*/
package org.apache.sentry.policy.db;
-import javax.annotation.Nullable;
-
import org.apache.sentry.core.model.db.DBModelAuthorizable;
import org.apache.sentry.core.model.db.Server;
+import org.apache.sentry.policy.common.PrivilegeValidatorContext;
import org.apache.shiro.config.ConfigurationException;
-public class ServerNameMustMatch extends AbstractDBRoleValidator {
+public class ServerNameMustMatch extends AbstractDBPrivilegeValidator {
private final String serverName;
public ServerNameMustMatch(String serverName) {
this.serverName = serverName;
}
@Override
- public void validate(@Nullable String database, String role) throws ConfigurationException {
- Iterable<DBModelAuthorizable> authorizables = parseRole(role);
+ public void validate(PrivilegeValidatorContext context) throws ConfigurationException {
+ String privilege = context.getPrivilege();
+ Iterable<DBModelAuthorizable> authorizables = parsePrivilege(privilege);
for(DBModelAuthorizable authorizable : authorizables) {
if(authorizable instanceof Server && !serverName.equalsIgnoreCase(authorizable.getName())) {
String msg = "Server name " + authorizable.getName() + " in "
- + role + " is invalid. Expected " + serverName;
+ + privilege + " is invalid. Expected " + serverName;
throw new ConfigurationException(msg);
}
}
http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/644e8be3/sentry-policy/sentry-policy-db/src/main/java/org/apache/sentry/policy/db/ServersAllIsInvalid.java
----------------------------------------------------------------------
diff --git a/sentry-policy/sentry-policy-db/src/main/java/org/apache/sentry/policy/db/ServersAllIsInvalid.java b/sentry-policy/sentry-policy-db/src/main/java/org/apache/sentry/policy/db/ServersAllIsInvalid.java
index 9445b0b..b729ec3 100644
--- a/sentry-policy/sentry-policy-db/src/main/java/org/apache/sentry/policy/db/ServersAllIsInvalid.java
+++ b/sentry-policy/sentry-policy-db/src/main/java/org/apache/sentry/policy/db/ServersAllIsInvalid.java
@@ -16,21 +16,21 @@
*/
package org.apache.sentry.policy.db;
-import javax.annotation.Nullable;
-
import org.apache.sentry.core.model.db.DBModelAuthorizable;
import org.apache.sentry.core.model.db.Server;
+import org.apache.sentry.policy.common.PrivilegeValidatorContext;
import org.apache.shiro.config.ConfigurationException;
-public class ServersAllIsInvalid extends AbstractDBRoleValidator {
+public class ServersAllIsInvalid extends AbstractDBPrivilegeValidator {
@Override
- public void validate(@Nullable String database, String role) throws ConfigurationException {
- Iterable<DBModelAuthorizable> authorizables = parseRole(role);
+ public void validate(PrivilegeValidatorContext context) throws ConfigurationException {
+ String privilege = context.getPrivilege();
+ Iterable<DBModelAuthorizable> authorizables = parsePrivilege(privilege);
for(DBModelAuthorizable authorizable : authorizables) {
if(authorizable instanceof Server &&
authorizable.getName().equals(Server.ALL.getName())) {
- String msg = "Invalid value for " + authorizable.getAuthzType() + " in " + role;
+ String msg = "Invalid value for " + authorizable.getAuthzType() + " in " + privilege;
throw new ConfigurationException(msg);
}
}
http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/644e8be3/sentry-policy/sentry-policy-db/src/main/java/org/apache/sentry/policy/db/SimpleDBPolicyEngine.java
----------------------------------------------------------------------
diff --git a/sentry-policy/sentry-policy-db/src/main/java/org/apache/sentry/policy/db/SimpleDBPolicyEngine.java b/sentry-policy/sentry-policy-db/src/main/java/org/apache/sentry/policy/db/SimpleDBPolicyEngine.java
index 1d01b47..e67daf4 100644
--- a/sentry-policy/sentry-policy-db/src/main/java/org/apache/sentry/policy/db/SimpleDBPolicyEngine.java
+++ b/sentry-policy/sentry-policy-db/src/main/java/org/apache/sentry/policy/db/SimpleDBPolicyEngine.java
@@ -16,33 +16,20 @@
*/
package org.apache.sentry.policy.db;
-import javax.annotation.Nullable;
+import java.util.Set;
-import java.io.IOException;
-import java.util.ArrayList;
-import java.util.List;
-import java.util.Map.Entry;
-
-import org.apache.hadoop.conf.Configuration;
-import org.apache.hadoop.fs.Path;
-import org.apache.sentry.core.common.Authorizable;
+import org.apache.sentry.core.common.ActiveRoleSet;
import org.apache.sentry.core.common.SentryConfigurationException;
-import org.apache.sentry.core.model.db.AccessURI;
-import org.apache.sentry.core.model.db.Database;
-import org.apache.sentry.policy.common.PermissionFactory;
+import org.apache.sentry.policy.common.PrivilegeFactory;
import org.apache.sentry.policy.common.PolicyEngine;
-import org.apache.sentry.policy.common.RoleValidator;
+import org.apache.sentry.policy.common.PrivilegeValidator;
import org.apache.sentry.provider.common.ProviderBackend;
-import org.apache.sentry.provider.common.Roles;
-import org.apache.sentry.provider.file.SimpleFileProviderBackend;
+import org.apache.sentry.provider.common.ProviderBackendContext;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
-import com.google.common.annotations.VisibleForTesting;
-import com.google.common.collect.ImmutableMap;
+import com.google.common.collect.ImmutableList;
import com.google.common.collect.ImmutableSet;
-import com.google.common.collect.ImmutableSetMultimap;
-import com.google.common.collect.Lists;
public class SimpleDBPolicyEngine implements PolicyEngine {
@@ -51,119 +38,47 @@ public class SimpleDBPolicyEngine implements PolicyEngine {
public final static String ACCESS_ALLOW_URI_PER_DB_POLICYFILE = "sentry.allow.uri.db.policyfile";
- private ProviderBackend providerBackend;
- private String serverName;
- private List<? extends RoleValidator> validators;
+ private final ProviderBackend providerBackend;
public SimpleDBPolicyEngine(String serverName, ProviderBackend providerBackend) {
- validators = Lists.newArrayList(new ServersAllIsInvalid(), new DatabaseMustMatch(),
- new DatabaseRequiredInRole(), new ServerNameMustMatch(serverName));
this.providerBackend = providerBackend;
- this.providerBackend.process(validators);
- this.serverName = serverName;
+ ProviderBackendContext context = new ProviderBackendContext();
+ context.setAllowPerDatabase(true);
+ context.setValidators(createPrivilegeValidators(serverName));
+ this.providerBackend.initialize(context);
}
/**
* {@inheritDoc}
*/
@Override
- public PermissionFactory getPermissionFactory() {
- return new DBWildcardPermission.DBWildcardPermissionFactory();
+ public PrivilegeFactory getPrivilegeFactory() {
+ return new DBWildcardPrivilege.DBWildcardPrivilegeFactory();
}
/**
* {@inheritDoc}
*/
@Override
- public ImmutableSetMultimap<String, String> getPermissions(
- List<? extends Authorizable> authorizables, List<String> groups)
+ public ImmutableSet<String> getPrivileges(Set<String> groups, ActiveRoleSet roleSet)
throws SentryConfigurationException {
- String database = null;
- Boolean isURI = false;
- for(Authorizable authorizable : authorizables) {
- if(authorizable instanceof Database) {
- database = authorizable.getName();
- }
- if (authorizable instanceof AccessURI) {
- isURI = true;
- }
- }
-
if(LOGGER.isDebugEnabled()) {
- LOGGER.debug("Getting permissions for {} via {}", groups, database);
+ LOGGER.debug("Getting permissions for {}", groups);
}
- ImmutableSetMultimap.Builder<String, String> resultBuilder = ImmutableSetMultimap.builder();
- for(String group : groups) {
- resultBuilder.putAll(group, getDBRoles(database, group, isURI, providerBackend.getRoles()));
- }
- ImmutableSetMultimap<String, String> result = resultBuilder.build();
+ ImmutableSet<String> result = providerBackend.getPrivileges(groups, roleSet);
if(LOGGER.isDebugEnabled()) {
LOGGER.debug("result = " + result);
}
return result;
}
- private ImmutableSet<String> getDBRoles(@Nullable String database,
- String group, Boolean isURI, Roles roles) {
- ImmutableSetMultimap<String, String> globalRoles = roles.getGlobalRoles();
- ImmutableMap<String, ImmutableSetMultimap<String, String>> perDatabaseRoles = roles.getPerDatabaseRoles();
- ImmutableSet.Builder<String> resultBuilder = ImmutableSet.builder();
- String allowURIPerDbFile =
- System.getProperty(SimpleDBPolicyEngine.ACCESS_ALLOW_URI_PER_DB_POLICYFILE);
- Boolean consultPerDbRolesForURI = isURI && ("true".equalsIgnoreCase(allowURIPerDbFile));
-
- // handle Database.ALL
- if (Database.ALL.getName().equals(database)) {
- for(Entry<String, ImmutableSetMultimap<String, String>> dbListEntry : perDatabaseRoles.entrySet()) {
- if (dbListEntry.getValue().containsKey(group)) {
- resultBuilder.addAll(dbListEntry.getValue().get(group));
- }
- }
- } else if(database != null) {
- ImmutableSetMultimap<String, String> dbPolicies = perDatabaseRoles.get(database);
- if(dbPolicies != null && dbPolicies.containsKey(group)) {
- resultBuilder.addAll(dbPolicies.get(group));
- }
- }
-
- if (consultPerDbRolesForURI) {
- for(String db : perDatabaseRoles.keySet()) {
- ImmutableSetMultimap<String, String> dbPolicies = perDatabaseRoles.get(db);
- if(dbPolicies != null && dbPolicies.containsKey(group)) {
- resultBuilder.addAll(dbPolicies.get(group));
- }
- }
- }
-
- if(globalRoles.containsKey(group)) {
- resultBuilder.addAll(globalRoles.get(group));
- }
- ImmutableSet<String> result = resultBuilder.build();
- if(LOGGER.isDebugEnabled()) {
- LOGGER.debug("Database {}, Group {}, Result {}",
- new Object[]{ database, group, result});
- }
- return result;
- }
-
@Override
public void validatePolicy(boolean strictValidation) throws SentryConfigurationException {
- this.providerBackend.validatePolicy(validators, strictValidation);
+ this.providerBackend.validatePolicy(strictValidation);
}
- @Override
- public ImmutableSet<String> listPermissions(String groupName) throws SentryConfigurationException {
- return getDBRoles(Database.ALL.getName(), groupName, true, providerBackend.getRoles());
+ public static ImmutableList<PrivilegeValidator> createPrivilegeValidators(String serverName) {
+ return ImmutableList.<PrivilegeValidator>of(new ServersAllIsInvalid(), new DatabaseMustMatch(),
+ new DatabaseRequiredInPrivilege(), new ServerNameMustMatch(serverName));
}
-
- @Override
- public ImmutableSet<String> listPermissions(List<String> groupNames)
- throws SentryConfigurationException {
- ImmutableSet.Builder<String> resultBuilder = ImmutableSet.builder();
- for (String groupName : groupNames) {
- resultBuilder.addAll(listPermissions(groupName));
- }
- return resultBuilder.build();
- }
-
}
http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/644e8be3/sentry-policy/sentry-policy-db/src/test/java/org/apache/sentry/policy/db/AbstractTestSimplePolicyEngine.java
----------------------------------------------------------------------
diff --git a/sentry-policy/sentry-policy-db/src/test/java/org/apache/sentry/policy/db/AbstractTestSimplePolicyEngine.java b/sentry-policy/sentry-policy-db/src/test/java/org/apache/sentry/policy/db/AbstractTestSimplePolicyEngine.java
index 89ca737..4625d6f 100644
--- a/sentry-policy/sentry-policy-db/src/test/java/org/apache/sentry/policy/db/AbstractTestSimplePolicyEngine.java
+++ b/sentry-policy/sentry-policy-db/src/test/java/org/apache/sentry/policy/db/AbstractTestSimplePolicyEngine.java
@@ -18,15 +18,13 @@ package org.apache.sentry.policy.db;
import java.io.File;
import java.io.IOException;
-import java.util.List;
import java.util.Set;
import java.util.TreeSet;
import junit.framework.Assert;
import org.apache.commons.io.FileUtils;
-import org.apache.sentry.core.common.Authorizable;
-import org.apache.sentry.core.model.db.Database;
+import org.apache.sentry.core.common.ActiveRoleSet;
import org.apache.sentry.policy.common.PolicyEngine;
import org.junit.After;
import org.junit.AfterClass;
@@ -34,7 +32,6 @@ import org.junit.Before;
import org.junit.BeforeClass;
import org.junit.Test;
-import com.google.common.collect.Lists;
import com.google.common.collect.Sets;
import com.google.common.io.Files;
@@ -49,7 +46,6 @@ public abstract class AbstractTestSimplePolicyEngine {
private static final String PERM_SERVER1_ADMIN = "server=server1";
private PolicyEngine policy;
private static File baseDir;
- private List<Authorizable> authorizables = Lists.newArrayList();
@BeforeClass
public static void setupClazz() throws IOException {
@@ -93,7 +89,7 @@ public abstract class AbstractTestSimplePolicyEngine {
PERM_SERVER1_CUSTOMERS_DB_CUSTOMERS_PARTIAL_SELECT
));
Assert.assertEquals(expected.toString(),
- new TreeSet<String>(policy.getPermissions(authorizables, list("manager")).values())
+ new TreeSet<String>(policy.getPrivileges(set("manager"), ActiveRoleSet.ALL))
.toString());
}
@@ -103,7 +99,7 @@ public abstract class AbstractTestSimplePolicyEngine {
PERM_SERVER1_CUSTOMERS_SELECT, PERM_SERVER1_ANALYST_ALL,
PERM_SERVER1_JUNIOR_ANALYST_READ));
Assert.assertEquals(expected.toString(),
- new TreeSet<String>(policy.getPermissions(authorizables, list("analyst")).values())
+ new TreeSet<String>(policy.getPrivileges(set("analyst"), ActiveRoleSet.ALL))
.toString());
}
@@ -113,7 +109,7 @@ public abstract class AbstractTestSimplePolicyEngine {
.newHashSet(PERM_SERVER1_JUNIOR_ANALYST_ALL,
PERM_SERVER1_CUSTOMERS_DB_CUSTOMERS_PARTIAL_SELECT));
Assert.assertEquals(expected.toString(),
- new TreeSet<String>(policy.getPermissions(authorizables, list("jranalyst")).values())
+ new TreeSet<String>(policy.getPrivileges(set("jranalyst"), ActiveRoleSet.ALL))
.toString());
}
@@ -121,43 +117,40 @@ public abstract class AbstractTestSimplePolicyEngine {
public void testAdmin() throws Exception {
Set<String> expected = Sets.newTreeSet(Sets.newHashSet(PERM_SERVER1_ADMIN));
Assert.assertEquals(expected.toString(),
- new TreeSet<String>(policy.getPermissions(authorizables, list("admin")).values())
+ new TreeSet<String>(policy.getPrivileges(set("admin"), ActiveRoleSet.ALL))
.toString());
}
@Test
public void testOtherGroup() throws Exception {
- authorizables.add(new Database("other_group_db"));
Set<String> expected = Sets.newTreeSet(Sets.newHashSet(
PERM_SERVER1_OTHER_GROUP_DB_CUSTOMERS_SELECT));
Assert.assertEquals(expected.toString(),
- new TreeSet<String>(policy.getPermissions(authorizables, list("other_group")).values())
+ new TreeSet<String>(policy.getPrivileges(set("other_group"), ActiveRoleSet.ALL))
.toString());
}
@Test
public void testDbAll() throws Exception {
- authorizables.add(new Database(Database.ALL.getName()));
Set<String> expected = Sets.newTreeSet(Sets
.newHashSet(PERM_SERVER1_JUNIOR_ANALYST_ALL,
PERM_SERVER1_CUSTOMERS_DB_CUSTOMERS_PARTIAL_SELECT));
Assert.assertEquals(expected.toString(),
- new TreeSet<String>(policy.getPermissions(authorizables, list("jranalyst")).values())
+ new TreeSet<String>(policy.getPrivileges(set("jranalyst"), ActiveRoleSet.ALL))
.toString());
}
@Test
public void testDbAllforOtherGroup() throws Exception {
- authorizables.add(new Database(Database.ALL.getName()));
Set<String> expected = Sets.newTreeSet(Sets.newHashSet(
PERM_SERVER1_OTHER_GROUP_DB_CUSTOMERS_SELECT));
Assert.assertEquals(expected.toString(),
- new TreeSet<String>(policy.getPermissions(authorizables, list("other_group")).values())
+ new TreeSet<String>(policy.getPrivileges(set("other_group"), ActiveRoleSet.ALL))
.toString());
}
- private static List<String> list(String... values) {
- return Lists.newArrayList(values);
+ private static Set<String> set(String... values) {
+ return Sets.newHashSet(values);
}
}
http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/644e8be3/sentry-policy/sentry-policy-db/src/test/java/org/apache/sentry/policy/db/DBPolicyFileBackend.java
----------------------------------------------------------------------
diff --git a/sentry-policy/sentry-policy-db/src/test/java/org/apache/sentry/policy/db/DBPolicyFileBackend.java b/sentry-policy/sentry-policy-db/src/test/java/org/apache/sentry/policy/db/DBPolicyFileBackend.java
index d8d68b7..661deff 100644
--- a/sentry-policy/sentry-policy-db/src/test/java/org/apache/sentry/policy/db/DBPolicyFileBackend.java
+++ b/sentry-policy/sentry-policy-db/src/test/java/org/apache/sentry/policy/db/DBPolicyFileBackend.java
@@ -17,10 +17,11 @@
package org.apache.sentry.policy.db;
import java.io.IOException;
+
import org.apache.sentry.provider.file.SimpleFileProviderBackend;
public class DBPolicyFileBackend extends SimpleDBPolicyEngine {
- public DBPolicyFileBackend(String resource, String server) throws IOException{
+ public DBPolicyFileBackend(String server, String resource) throws IOException{
super(server, new SimpleFileProviderBackend(resource));
}
}
http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/644e8be3/sentry-policy/sentry-policy-db/src/test/java/org/apache/sentry/policy/db/TestDBModelAuthorizables.java
----------------------------------------------------------------------
diff --git a/sentry-policy/sentry-policy-db/src/test/java/org/apache/sentry/policy/db/TestDBModelAuthorizables.java b/sentry-policy/sentry-policy-db/src/test/java/org/apache/sentry/policy/db/TestDBModelAuthorizables.java
index 23b03d4..70f5e79 100644
--- a/sentry-policy/sentry-policy-db/src/test/java/org/apache/sentry/policy/db/TestDBModelAuthorizables.java
+++ b/sentry-policy/sentry-policy-db/src/test/java/org/apache/sentry/policy/db/TestDBModelAuthorizables.java
@@ -20,13 +20,11 @@ package org.apache.sentry.policy.db;
import static junit.framework.Assert.assertEquals;
import static junit.framework.Assert.assertNull;
-
import org.apache.sentry.core.model.db.AccessURI;
import org.apache.sentry.core.model.db.Database;
import org.apache.sentry.core.model.db.Server;
import org.apache.sentry.core.model.db.Table;
import org.apache.sentry.core.model.db.View;
-import org.apache.sentry.policy.db.DBModelAuthorizables;
import org.junit.Test;
public class TestDBModelAuthorizables {
http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/644e8be3/sentry-policy/sentry-policy-db/src/test/java/org/apache/sentry/policy/db/TestDBWildcardPermission.java
----------------------------------------------------------------------
diff --git a/sentry-policy/sentry-policy-db/src/test/java/org/apache/sentry/policy/db/TestDBWildcardPermission.java b/sentry-policy/sentry-policy-db/src/test/java/org/apache/sentry/policy/db/TestDBWildcardPermission.java
deleted file mode 100644
index 2024cd8..0000000
--- a/sentry-policy/sentry-policy-db/src/test/java/org/apache/sentry/policy/db/TestDBWildcardPermission.java
+++ /dev/null
@@ -1,286 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-package org.apache.sentry.policy.db;
-import static junit.framework.Assert.assertEquals;
-import static junit.framework.Assert.assertFalse;
-import static junit.framework.Assert.assertTrue;
-import static org.apache.sentry.provider.file.PolicyFileConstants.AUTHORIZABLE_JOINER;
-import static org.apache.sentry.provider.file.PolicyFileConstants.KV_JOINER;
-import static org.apache.sentry.provider.file.PolicyFileConstants.KV_SEPARATOR;
-
-import org.apache.sentry.core.model.db.AccessConstants;
-import org.apache.sentry.provider.file.KeyValue;
-import org.apache.shiro.authz.Permission;
-import org.junit.Test;
-
-public class TestDBWildcardPermission {
-
- private static final String ALL = AccessConstants.ALL;
-
- private static final Permission ROLE_SERVER_SERVER1_DB_ALL =
- create(new KeyValue("server", "server1"), new KeyValue("db", ALL));
- private static final Permission ROLE_SERVER_SERVER1_DB_DB1 =
- create(new KeyValue("server", "server1"), new KeyValue("db", "db1"));
- private static final Permission ROLE_SERVER_SERVER2_DB_ALL =
- create(new KeyValue("server", "server2"), new KeyValue("db", ALL));
- private static final Permission ROLE_SERVER_SERVER2_DB_DB1 =
- create(new KeyValue("server", "server2"), new KeyValue("db", "db1"));
- private static final Permission ROLE_SERVER_ALL_DB_ALL =
- create(new KeyValue("server", ALL), new KeyValue("db", ALL));
- private static final Permission ROLE_SERVER_ALL_DB_DB1 =
- create(new KeyValue("server", ALL), new KeyValue("db", "db1"));
-
- private static final Permission ROLE_SERVER_SERVER1_URI_URI1 =
- create(new KeyValue("server", "server1"), new KeyValue("uri",
- "hdfs://namenode:8020/path/to/uri1"));
- private static final Permission ROLE_SERVER_SERVER1_URI_URI2 =
- create(new KeyValue("server", "server1"), new KeyValue("uri",
- "hdfs://namenode:8020/path/to/uri2/"));
- private static final Permission ROLE_SERVER_SERVER1_URI_ALL =
- create(new KeyValue("server", "server1"), new KeyValue("uri", ALL));
-
-
- private static final Permission ROLE_SERVER_SERVER1 =
- create(new KeyValue("server", "server1"));
-
-
- private static final Permission REQUEST_SERVER1_DB1 =
- create(new KeyValue("server", "server1"), new KeyValue("db", "db1"));
- private static final Permission REQUEST_SERVER2_DB1 =
- create(new KeyValue("server", "server2"), new KeyValue("db", "db1"));
- private static final Permission REQUEST_SERVER1_DB2 =
- create(new KeyValue("server", "server1"), new KeyValue("db", "db2"));
- private static final Permission REQUEST_SERVER2_DB2 =
- create(new KeyValue("server", "server2"), new KeyValue("db", "db2"));
-
- private static final Permission REQUEST_SERVER1_URI1 =
- create(new KeyValue("server", "server1"), new KeyValue("uri",
- "hdfs://namenode:8020/path/to/uri1/some/file"));
- private static final Permission REQUEST_SERVER1_URI2 =
- create(new KeyValue("server", "server1"), new KeyValue("uri",
- "hdfs://namenode:8020/path/to/uri2/some/other/file"));
-
- private static final Permission REQUEST_SERVER1_OTHER =
- create(new KeyValue("server", "server2"), new KeyValue("other", "thing"));
-
- private static final Permission REQUEST_SERVER1 =
- create(new KeyValue("server", "server2"));
-
- @Test
- public void testOther() throws Exception {
- assertFalse(ROLE_SERVER_ALL_DB_ALL.implies(REQUEST_SERVER1_OTHER));
- assertFalse(REQUEST_SERVER1_OTHER.implies(ROLE_SERVER_ALL_DB_ALL));
- }
- @Test
- public void testRoleShorterThanRequest() throws Exception {
- assertTrue(ROLE_SERVER_SERVER1.implies(REQUEST_SERVER1_DB1));
- assertTrue(ROLE_SERVER_SERVER1.implies(REQUEST_SERVER1_DB2));
- assertFalse(ROLE_SERVER_SERVER1.implies(REQUEST_SERVER2_DB1));
- assertFalse(ROLE_SERVER_SERVER1.implies(REQUEST_SERVER2_DB2));
-
- assertTrue(ROLE_SERVER_ALL_DB_ALL.implies(REQUEST_SERVER1));
- assertFalse(ROLE_SERVER_ALL_DB_DB1.implies(REQUEST_SERVER1));
- }
- @Test
- public void testRolesAndRequests() throws Exception {
- // ROLE_SERVER_SERVER1_DB_ALL
- assertTrue(ROLE_SERVER_SERVER1_DB_ALL.implies(REQUEST_SERVER1_DB1));
- assertFalse(ROLE_SERVER_SERVER1_DB_ALL.implies(REQUEST_SERVER2_DB1));
- assertTrue(ROLE_SERVER_SERVER1_DB_ALL.implies(REQUEST_SERVER1_DB2));
- assertFalse(ROLE_SERVER_SERVER1_DB_ALL.implies(REQUEST_SERVER2_DB2));
-
- // test inverse
- assertTrue(REQUEST_SERVER1_DB1.implies(ROLE_SERVER_SERVER1_DB_ALL));
- assertFalse(REQUEST_SERVER2_DB1.implies(ROLE_SERVER_SERVER1_DB_ALL));
- assertTrue(REQUEST_SERVER1_DB2.implies(ROLE_SERVER_SERVER1_DB_ALL));
- assertFalse(REQUEST_SERVER2_DB2.implies(ROLE_SERVER_SERVER1_DB_ALL));
-
- // ROLE_SERVER_SERVER1_DB_DB1
- assertTrue(ROLE_SERVER_SERVER1_DB_DB1.implies(REQUEST_SERVER1_DB1));
- assertFalse(ROLE_SERVER_SERVER1_DB_DB1.implies(REQUEST_SERVER2_DB1));
- assertFalse(ROLE_SERVER_SERVER1_DB_DB1.implies(REQUEST_SERVER1_DB2));
- assertFalse(ROLE_SERVER_SERVER1_DB_DB1.implies(REQUEST_SERVER2_DB2));
-
- // test inverse
- assertTrue(REQUEST_SERVER1_DB1.implies(ROLE_SERVER_SERVER1_DB_DB1));
- assertFalse(REQUEST_SERVER2_DB1.implies(ROLE_SERVER_SERVER1_DB_DB1));
- assertFalse(REQUEST_SERVER1_DB2.implies(ROLE_SERVER_SERVER1_DB_DB1));
- assertFalse(REQUEST_SERVER2_DB2.implies(ROLE_SERVER_SERVER1_DB_DB1));
-
- // ROLE_SERVER_SERVER2_DB_ALL
- assertFalse(ROLE_SERVER_SERVER2_DB_ALL.implies(REQUEST_SERVER1_DB1));
- assertTrue(ROLE_SERVER_SERVER2_DB_ALL.implies(REQUEST_SERVER2_DB1));
- assertFalse(ROLE_SERVER_SERVER2_DB_ALL.implies(REQUEST_SERVER1_DB2));
- assertTrue(ROLE_SERVER_SERVER2_DB_ALL.implies(REQUEST_SERVER2_DB2));
-
- // test inverse
- assertFalse(REQUEST_SERVER1_DB1.implies(ROLE_SERVER_SERVER2_DB_ALL));
- assertTrue(REQUEST_SERVER2_DB1.implies(ROLE_SERVER_SERVER2_DB_ALL));
- assertFalse(REQUEST_SERVER1_DB2.implies(ROLE_SERVER_SERVER2_DB_ALL));
- assertTrue(REQUEST_SERVER2_DB2.implies(ROLE_SERVER_SERVER2_DB_ALL));
-
- // ROLE_SERVER_SERVER2_DB_DB1
- assertFalse(ROLE_SERVER_SERVER2_DB_DB1.implies(REQUEST_SERVER1_DB1));
- assertTrue(ROLE_SERVER_SERVER2_DB_DB1.implies(REQUEST_SERVER2_DB1));
- assertFalse(ROLE_SERVER_SERVER2_DB_DB1.implies(REQUEST_SERVER1_DB2));
- assertFalse(ROLE_SERVER_SERVER2_DB_DB1.implies(REQUEST_SERVER2_DB2));
-
- assertFalse(REQUEST_SERVER1_DB1.implies(ROLE_SERVER_SERVER2_DB_DB1));
- assertTrue(REQUEST_SERVER2_DB1.implies(ROLE_SERVER_SERVER2_DB_DB1));
- assertFalse(REQUEST_SERVER1_DB2.implies(ROLE_SERVER_SERVER2_DB_DB1));
- assertFalse(REQUEST_SERVER2_DB2.implies(ROLE_SERVER_SERVER2_DB_DB1));
-
- // ROLE_SERVER_ALL_DB_ALL
- assertTrue(ROLE_SERVER_ALL_DB_ALL.implies(REQUEST_SERVER1_DB1));
- assertTrue(ROLE_SERVER_ALL_DB_ALL.implies(REQUEST_SERVER2_DB1));
- assertTrue(ROLE_SERVER_ALL_DB_ALL.implies(REQUEST_SERVER1_DB2));
- assertTrue(ROLE_SERVER_ALL_DB_ALL.implies(REQUEST_SERVER2_DB2));
-
- // test inverse
- assertTrue(REQUEST_SERVER1_DB1.implies(ROLE_SERVER_ALL_DB_ALL));
- assertTrue(REQUEST_SERVER2_DB1.implies(ROLE_SERVER_ALL_DB_ALL));
- assertTrue(REQUEST_SERVER1_DB2.implies(ROLE_SERVER_ALL_DB_ALL));
- assertTrue(REQUEST_SERVER2_DB2.implies(ROLE_SERVER_ALL_DB_ALL));
-
- // ROLE_SERVER_ALL_DB_DB1
- assertTrue(ROLE_SERVER_ALL_DB_DB1.implies(REQUEST_SERVER1_DB1));
- assertTrue(ROLE_SERVER_ALL_DB_DB1.implies(REQUEST_SERVER2_DB1));
- assertFalse(ROLE_SERVER_ALL_DB_DB1.implies(REQUEST_SERVER1_DB2));
- assertFalse(ROLE_SERVER_ALL_DB_DB1.implies(REQUEST_SERVER2_DB2));
-
- // test inverse
- assertTrue(REQUEST_SERVER1_DB1.implies(ROLE_SERVER_ALL_DB_DB1));
- assertTrue(REQUEST_SERVER2_DB1.implies(ROLE_SERVER_ALL_DB_DB1));
- assertFalse(REQUEST_SERVER1_DB2.implies(ROLE_SERVER_ALL_DB_DB1));
- assertFalse(REQUEST_SERVER2_DB2.implies(ROLE_SERVER_ALL_DB_DB1));
-
- // uri
- assertTrue(ROLE_SERVER_SERVER1.implies(REQUEST_SERVER1_URI1));
- assertTrue(ROLE_SERVER_SERVER1.implies(REQUEST_SERVER1_URI2));
- assertTrue(ROLE_SERVER_SERVER1.implies(REQUEST_SERVER1_URI2));
- assertTrue(ROLE_SERVER_SERVER1_URI_ALL.implies(REQUEST_SERVER1_URI1));
- assertTrue(ROLE_SERVER_SERVER1_URI_ALL.implies(REQUEST_SERVER1_URI2));
- assertTrue(ROLE_SERVER_SERVER1.implies(REQUEST_SERVER1_URI2));
- assertTrue(ROLE_SERVER_SERVER1_URI_URI1.implies(REQUEST_SERVER1_URI1));
- assertFalse(ROLE_SERVER_SERVER1_URI_URI1.implies(REQUEST_SERVER1_URI2));
- assertTrue(ROLE_SERVER_SERVER1_URI_URI2.implies(REQUEST_SERVER1_URI2));
- assertFalse(ROLE_SERVER_SERVER1_URI_URI2.implies(REQUEST_SERVER1_URI1));
- assertFalse(REQUEST_SERVER2_DB2.implies(REQUEST_SERVER1_URI1));
- assertFalse(ROLE_SERVER_ALL_DB_DB1.implies(REQUEST_SERVER1_URI1));
- // test inverse
- assertTrue(REQUEST_SERVER1_URI1.implies(ROLE_SERVER_SERVER1_URI_ALL));
- assertTrue(REQUEST_SERVER1_URI2.implies(ROLE_SERVER_SERVER1_URI_ALL));
- assertFalse(REQUEST_SERVER1_URI1.implies(ROLE_SERVER_SERVER1));
- assertFalse(REQUEST_SERVER1_URI1.implies(ROLE_SERVER_SERVER1_URI_URI1));
- assertFalse(REQUEST_SERVER1_URI2.implies(ROLE_SERVER_SERVER1_URI_URI1));
- assertFalse(REQUEST_SERVER1_URI2.implies(ROLE_SERVER_SERVER1_URI_URI2));
- assertFalse(REQUEST_SERVER1_URI1.implies(ROLE_SERVER_SERVER1_URI_URI2));
- };
- @Test
- public void testUnexpected() throws Exception {
- Permission p = new Permission() {
- @Override
- public boolean implies(Permission p) {
- return false;
- }
- };
- assertFalse(ROLE_SERVER_SERVER1_DB_ALL.implies(null));
- assertFalse(ROLE_SERVER_SERVER1_DB_ALL.implies(p));
- assertFalse(ROLE_SERVER_SERVER1_DB_ALL.equals(null));
- assertFalse(ROLE_SERVER_SERVER1_DB_ALL.equals(p));
-
- assertEquals(ROLE_SERVER_SERVER1_DB_ALL.hashCode(),
- create(ROLE_SERVER_SERVER1_DB_ALL.toString()).hashCode());
- }
- @Test(expected=IllegalArgumentException.class)
- public void testNullString() throws Exception {
- System.out.println(create((String)null));
- }
- @Test(expected=IllegalArgumentException.class)
- public void testEmptyString() throws Exception {
- System.out.println(create(""));
- }
- @Test(expected=IllegalArgumentException.class)
- public void testEmptyKey() throws Exception {
- System.out.println(create(KV_JOINER.join("", "db1")));
- }
- @Test(expected=IllegalArgumentException.class)
- public void testEmptyValue() throws Exception {
- System.out.println(create(KV_JOINER.join("db", "")));
- }
- @Test(expected=IllegalArgumentException.class)
- public void testEmptyPart() throws Exception {
- System.out.println(create(AUTHORIZABLE_JOINER.
- join(KV_JOINER.join("server", "server1"), "")));
- }
- @Test(expected=IllegalArgumentException.class)
- public void testOnlySeperators() throws Exception {
- System.out.println(create(AUTHORIZABLE_JOINER.
- join(KV_SEPARATOR, KV_SEPARATOR, KV_SEPARATOR)));
- }
- @Test
- public void testImpliesURIPositive() throws Exception {
- assertTrue(DBWildcardPermission.impliesURI("hdfs://namenode:8020/path",
- "hdfs://namenode:8020/path/to/some/dir"));
- assertTrue(DBWildcardPermission.impliesURI("hdfs://namenode:8020/path",
- "hdfs://namenode:8020/path"));
- assertTrue(DBWildcardPermission.impliesURI("file:///path",
- "file:///path/to/some/dir"));
- assertTrue(DBWildcardPermission.impliesURI("file:///path",
- "file:///path"));
- }
- @Test
- public void testImpliesURINegative() throws Exception {
- // relative path
- assertFalse(DBWildcardPermission.impliesURI("hdfs://namenode:8020/path",
- "hdfs://namenode:8020/path/to/../../other"));
- assertFalse(DBWildcardPermission.impliesURI("file:///path",
- "file:///path/to/../../other"));
- // bad policy
- assertFalse(DBWildcardPermission.impliesURI("blah",
- "hdfs://namenode:8020/path/to/some/dir"));
- // bad request
- assertFalse(DBWildcardPermission.impliesURI("hdfs://namenode:8020/path",
- "blah"));
- // scheme
- assertFalse(DBWildcardPermission.impliesURI("hdfs://namenode:8020/path",
- "file:///path/to/some/dir"));
- assertFalse(DBWildcardPermission.impliesURI("hdfs://namenode:8020/path",
- "file://namenode:8020/path/to/some/dir"));
- // hostname
- assertFalse(DBWildcardPermission.impliesURI("hdfs://namenode1:8020/path",
- "hdfs://namenode2:8020/path/to/some/dir"));
- // port
- assertFalse(DBWildcardPermission.impliesURI("hdfs://namenode:8020/path",
- "hdfs://namenode:8021/path/to/some/dir"));
- // mangled path
- assertFalse(DBWildcardPermission.impliesURI("hdfs://namenode:8020/path",
- "hdfs://namenode:8020/pathFooBar"));
- // ends in /
- assertTrue(DBWildcardPermission.impliesURI("hdfs://namenode:8020/path/",
- "hdfs://namenode:8020/path/FooBar"));
- }
- static DBWildcardPermission create(KeyValue... keyValues) {
- return create(AUTHORIZABLE_JOINER.join(keyValues));
-
- }
- static DBWildcardPermission create(String s) {
- return new DBWildcardPermission(s);
- }
-}
http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/644e8be3/sentry-policy/sentry-policy-db/src/test/java/org/apache/sentry/policy/db/TestDBWildcardPrivilege.java
----------------------------------------------------------------------
diff --git a/sentry-policy/sentry-policy-db/src/test/java/org/apache/sentry/policy/db/TestDBWildcardPrivilege.java b/sentry-policy/sentry-policy-db/src/test/java/org/apache/sentry/policy/db/TestDBWildcardPrivilege.java
new file mode 100644
index 0000000..f4862e0
--- /dev/null
+++ b/sentry-policy/sentry-policy-db/src/test/java/org/apache/sentry/policy/db/TestDBWildcardPrivilege.java
@@ -0,0 +1,286 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.sentry.policy.db;
+import static junit.framework.Assert.assertEquals;
+import static junit.framework.Assert.assertFalse;
+import static junit.framework.Assert.assertTrue;
+import static org.apache.sentry.provider.file.PolicyFileConstants.AUTHORIZABLE_JOINER;
+import static org.apache.sentry.provider.file.PolicyFileConstants.KV_JOINER;
+import static org.apache.sentry.provider.file.PolicyFileConstants.KV_SEPARATOR;
+
+import org.apache.sentry.core.model.db.AccessConstants;
+import org.apache.sentry.policy.common.Privilege;
+import org.apache.sentry.provider.file.KeyValue;
+import org.junit.Test;
+
+public class TestDBWildcardPrivilege {
+
+ private static final String ALL = AccessConstants.ALL;
+
+ private static final Privilege ROLE_SERVER_SERVER1_DB_ALL =
+ create(new KeyValue("server", "server1"), new KeyValue("db", ALL));
+ private static final Privilege ROLE_SERVER_SERVER1_DB_DB1 =
+ create(new KeyValue("server", "server1"), new KeyValue("db", "db1"));
+ private static final Privilege ROLE_SERVER_SERVER2_DB_ALL =
+ create(new KeyValue("server", "server2"), new KeyValue("db", ALL));
+ private static final Privilege ROLE_SERVER_SERVER2_DB_DB1 =
+ create(new KeyValue("server", "server2"), new KeyValue("db", "db1"));
+ private static final Privilege ROLE_SERVER_ALL_DB_ALL =
+ create(new KeyValue("server", ALL), new KeyValue("db", ALL));
+ private static final Privilege ROLE_SERVER_ALL_DB_DB1 =
+ create(new KeyValue("server", ALL), new KeyValue("db", "db1"));
+
+ private static final Privilege ROLE_SERVER_SERVER1_URI_URI1 =
+ create(new KeyValue("server", "server1"), new KeyValue("uri",
+ "hdfs://namenode:8020/path/to/uri1"));
+ private static final Privilege ROLE_SERVER_SERVER1_URI_URI2 =
+ create(new KeyValue("server", "server1"), new KeyValue("uri",
+ "hdfs://namenode:8020/path/to/uri2/"));
+ private static final Privilege ROLE_SERVER_SERVER1_URI_ALL =
+ create(new KeyValue("server", "server1"), new KeyValue("uri", ALL));
+
+
+ private static final Privilege ROLE_SERVER_SERVER1 =
+ create(new KeyValue("server", "server1"));
+
+
+ private static final Privilege REQUEST_SERVER1_DB1 =
+ create(new KeyValue("server", "server1"), new KeyValue("db", "db1"));
+ private static final Privilege REQUEST_SERVER2_DB1 =
+ create(new KeyValue("server", "server2"), new KeyValue("db", "db1"));
+ private static final Privilege REQUEST_SERVER1_DB2 =
+ create(new KeyValue("server", "server1"), new KeyValue("db", "db2"));
+ private static final Privilege REQUEST_SERVER2_DB2 =
+ create(new KeyValue("server", "server2"), new KeyValue("db", "db2"));
+
+ private static final Privilege REQUEST_SERVER1_URI1 =
+ create(new KeyValue("server", "server1"), new KeyValue("uri",
+ "hdfs://namenode:8020/path/to/uri1/some/file"));
+ private static final Privilege REQUEST_SERVER1_URI2 =
+ create(new KeyValue("server", "server1"), new KeyValue("uri",
+ "hdfs://namenode:8020/path/to/uri2/some/other/file"));
+
+ private static final Privilege REQUEST_SERVER1_OTHER =
+ create(new KeyValue("server", "server2"), new KeyValue("other", "thing"));
+
+ private static final Privilege REQUEST_SERVER1 =
+ create(new KeyValue("server", "server2"));
+
+ @Test
+ public void testOther() throws Exception {
+ assertFalse(ROLE_SERVER_ALL_DB_ALL.implies(REQUEST_SERVER1_OTHER));
+ assertFalse(REQUEST_SERVER1_OTHER.implies(ROLE_SERVER_ALL_DB_ALL));
+ }
+ @Test
+ public void testRoleShorterThanRequest() throws Exception {
+ assertTrue(ROLE_SERVER_SERVER1.implies(REQUEST_SERVER1_DB1));
+ assertTrue(ROLE_SERVER_SERVER1.implies(REQUEST_SERVER1_DB2));
+ assertFalse(ROLE_SERVER_SERVER1.implies(REQUEST_SERVER2_DB1));
+ assertFalse(ROLE_SERVER_SERVER1.implies(REQUEST_SERVER2_DB2));
+
+ assertTrue(ROLE_SERVER_ALL_DB_ALL.implies(REQUEST_SERVER1));
+ assertFalse(ROLE_SERVER_ALL_DB_DB1.implies(REQUEST_SERVER1));
+ }
+ @Test
+ public void testRolesAndRequests() throws Exception {
+ // ROLE_SERVER_SERVER1_DB_ALL
+ assertTrue(ROLE_SERVER_SERVER1_DB_ALL.implies(REQUEST_SERVER1_DB1));
+ assertFalse(ROLE_SERVER_SERVER1_DB_ALL.implies(REQUEST_SERVER2_DB1));
+ assertTrue(ROLE_SERVER_SERVER1_DB_ALL.implies(REQUEST_SERVER1_DB2));
+ assertFalse(ROLE_SERVER_SERVER1_DB_ALL.implies(REQUEST_SERVER2_DB2));
+
+ // test inverse
+ assertTrue(REQUEST_SERVER1_DB1.implies(ROLE_SERVER_SERVER1_DB_ALL));
+ assertFalse(REQUEST_SERVER2_DB1.implies(ROLE_SERVER_SERVER1_DB_ALL));
+ assertTrue(REQUEST_SERVER1_DB2.implies(ROLE_SERVER_SERVER1_DB_ALL));
+ assertFalse(REQUEST_SERVER2_DB2.implies(ROLE_SERVER_SERVER1_DB_ALL));
+
+ // ROLE_SERVER_SERVER1_DB_DB1
+ assertTrue(ROLE_SERVER_SERVER1_DB_DB1.implies(REQUEST_SERVER1_DB1));
+ assertFalse(ROLE_SERVER_SERVER1_DB_DB1.implies(REQUEST_SERVER2_DB1));
+ assertFalse(ROLE_SERVER_SERVER1_DB_DB1.implies(REQUEST_SERVER1_DB2));
+ assertFalse(ROLE_SERVER_SERVER1_DB_DB1.implies(REQUEST_SERVER2_DB2));
+
+ // test inverse
+ assertTrue(REQUEST_SERVER1_DB1.implies(ROLE_SERVER_SERVER1_DB_DB1));
+ assertFalse(REQUEST_SERVER2_DB1.implies(ROLE_SERVER_SERVER1_DB_DB1));
+ assertFalse(REQUEST_SERVER1_DB2.implies(ROLE_SERVER_SERVER1_DB_DB1));
+ assertFalse(REQUEST_SERVER2_DB2.implies(ROLE_SERVER_SERVER1_DB_DB1));
+
+ // ROLE_SERVER_SERVER2_DB_ALL
+ assertFalse(ROLE_SERVER_SERVER2_DB_ALL.implies(REQUEST_SERVER1_DB1));
+ assertTrue(ROLE_SERVER_SERVER2_DB_ALL.implies(REQUEST_SERVER2_DB1));
+ assertFalse(ROLE_SERVER_SERVER2_DB_ALL.implies(REQUEST_SERVER1_DB2));
+ assertTrue(ROLE_SERVER_SERVER2_DB_ALL.implies(REQUEST_SERVER2_DB2));
+
+ // test inverse
+ assertFalse(REQUEST_SERVER1_DB1.implies(ROLE_SERVER_SERVER2_DB_ALL));
+ assertTrue(REQUEST_SERVER2_DB1.implies(ROLE_SERVER_SERVER2_DB_ALL));
+ assertFalse(REQUEST_SERVER1_DB2.implies(ROLE_SERVER_SERVER2_DB_ALL));
+ assertTrue(REQUEST_SERVER2_DB2.implies(ROLE_SERVER_SERVER2_DB_ALL));
+
+ // ROLE_SERVER_SERVER2_DB_DB1
+ assertFalse(ROLE_SERVER_SERVER2_DB_DB1.implies(REQUEST_SERVER1_DB1));
+ assertTrue(ROLE_SERVER_SERVER2_DB_DB1.implies(REQUEST_SERVER2_DB1));
+ assertFalse(ROLE_SERVER_SERVER2_DB_DB1.implies(REQUEST_SERVER1_DB2));
+ assertFalse(ROLE_SERVER_SERVER2_DB_DB1.implies(REQUEST_SERVER2_DB2));
+
+ assertFalse(REQUEST_SERVER1_DB1.implies(ROLE_SERVER_SERVER2_DB_DB1));
+ assertTrue(REQUEST_SERVER2_DB1.implies(ROLE_SERVER_SERVER2_DB_DB1));
+ assertFalse(REQUEST_SERVER1_DB2.implies(ROLE_SERVER_SERVER2_DB_DB1));
+ assertFalse(REQUEST_SERVER2_DB2.implies(ROLE_SERVER_SERVER2_DB_DB1));
+
+ // ROLE_SERVER_ALL_DB_ALL
+ assertTrue(ROLE_SERVER_ALL_DB_ALL.implies(REQUEST_SERVER1_DB1));
+ assertTrue(ROLE_SERVER_ALL_DB_ALL.implies(REQUEST_SERVER2_DB1));
+ assertTrue(ROLE_SERVER_ALL_DB_ALL.implies(REQUEST_SERVER1_DB2));
+ assertTrue(ROLE_SERVER_ALL_DB_ALL.implies(REQUEST_SERVER2_DB2));
+
+ // test inverse
+ assertTrue(REQUEST_SERVER1_DB1.implies(ROLE_SERVER_ALL_DB_ALL));
+ assertTrue(REQUEST_SERVER2_DB1.implies(ROLE_SERVER_ALL_DB_ALL));
+ assertTrue(REQUEST_SERVER1_DB2.implies(ROLE_SERVER_ALL_DB_ALL));
+ assertTrue(REQUEST_SERVER2_DB2.implies(ROLE_SERVER_ALL_DB_ALL));
+
+ // ROLE_SERVER_ALL_DB_DB1
+ assertTrue(ROLE_SERVER_ALL_DB_DB1.implies(REQUEST_SERVER1_DB1));
+ assertTrue(ROLE_SERVER_ALL_DB_DB1.implies(REQUEST_SERVER2_DB1));
+ assertFalse(ROLE_SERVER_ALL_DB_DB1.implies(REQUEST_SERVER1_DB2));
+ assertFalse(ROLE_SERVER_ALL_DB_DB1.implies(REQUEST_SERVER2_DB2));
+
+ // test inverse
+ assertTrue(REQUEST_SERVER1_DB1.implies(ROLE_SERVER_ALL_DB_DB1));
+ assertTrue(REQUEST_SERVER2_DB1.implies(ROLE_SERVER_ALL_DB_DB1));
+ assertFalse(REQUEST_SERVER1_DB2.implies(ROLE_SERVER_ALL_DB_DB1));
+ assertFalse(REQUEST_SERVER2_DB2.implies(ROLE_SERVER_ALL_DB_DB1));
+
+ // uri
+ assertTrue(ROLE_SERVER_SERVER1.implies(REQUEST_SERVER1_URI1));
+ assertTrue(ROLE_SERVER_SERVER1.implies(REQUEST_SERVER1_URI2));
+ assertTrue(ROLE_SERVER_SERVER1.implies(REQUEST_SERVER1_URI2));
+ assertTrue(ROLE_SERVER_SERVER1_URI_ALL.implies(REQUEST_SERVER1_URI1));
+ assertTrue(ROLE_SERVER_SERVER1_URI_ALL.implies(REQUEST_SERVER1_URI2));
+ assertTrue(ROLE_SERVER_SERVER1.implies(REQUEST_SERVER1_URI2));
+ assertTrue(ROLE_SERVER_SERVER1_URI_URI1.implies(REQUEST_SERVER1_URI1));
+ assertFalse(ROLE_SERVER_SERVER1_URI_URI1.implies(REQUEST_SERVER1_URI2));
+ assertTrue(ROLE_SERVER_SERVER1_URI_URI2.implies(REQUEST_SERVER1_URI2));
+ assertFalse(ROLE_SERVER_SERVER1_URI_URI2.implies(REQUEST_SERVER1_URI1));
+ assertFalse(REQUEST_SERVER2_DB2.implies(REQUEST_SERVER1_URI1));
+ assertFalse(ROLE_SERVER_ALL_DB_DB1.implies(REQUEST_SERVER1_URI1));
+ // test inverse
+ assertTrue(REQUEST_SERVER1_URI1.implies(ROLE_SERVER_SERVER1_URI_ALL));
+ assertTrue(REQUEST_SERVER1_URI2.implies(ROLE_SERVER_SERVER1_URI_ALL));
+ assertFalse(REQUEST_SERVER1_URI1.implies(ROLE_SERVER_SERVER1));
+ assertFalse(REQUEST_SERVER1_URI1.implies(ROLE_SERVER_SERVER1_URI_URI1));
+ assertFalse(REQUEST_SERVER1_URI2.implies(ROLE_SERVER_SERVER1_URI_URI1));
+ assertFalse(REQUEST_SERVER1_URI2.implies(ROLE_SERVER_SERVER1_URI_URI2));
+ assertFalse(REQUEST_SERVER1_URI1.implies(ROLE_SERVER_SERVER1_URI_URI2));
+ };
+ @Test
+ public void testUnexpected() throws Exception {
+ Privilege p = new Privilege() {
+ @Override
+ public boolean implies(Privilege p) {
+ return false;
+ }
+ };
+ assertFalse(ROLE_SERVER_SERVER1_DB_ALL.implies(null));
+ assertFalse(ROLE_SERVER_SERVER1_DB_ALL.implies(p));
+ assertFalse(ROLE_SERVER_SERVER1_DB_ALL.equals(null));
+ assertFalse(ROLE_SERVER_SERVER1_DB_ALL.equals(p));
+
+ assertEquals(ROLE_SERVER_SERVER1_DB_ALL.hashCode(),
+ create(ROLE_SERVER_SERVER1_DB_ALL.toString()).hashCode());
+ }
+ @Test(expected=IllegalArgumentException.class)
+ public void testNullString() throws Exception {
+ System.out.println(create((String)null));
+ }
+ @Test(expected=IllegalArgumentException.class)
+ public void testEmptyString() throws Exception {
+ System.out.println(create(""));
+ }
+ @Test(expected=IllegalArgumentException.class)
+ public void testEmptyKey() throws Exception {
+ System.out.println(create(KV_JOINER.join("", "db1")));
+ }
+ @Test(expected=IllegalArgumentException.class)
+ public void testEmptyValue() throws Exception {
+ System.out.println(create(KV_JOINER.join("db", "")));
+ }
+ @Test(expected=IllegalArgumentException.class)
+ public void testEmptyPart() throws Exception {
+ System.out.println(create(AUTHORIZABLE_JOINER.
+ join(KV_JOINER.join("server", "server1"), "")));
+ }
+ @Test(expected=IllegalArgumentException.class)
+ public void testOnlySeperators() throws Exception {
+ System.out.println(create(AUTHORIZABLE_JOINER.
+ join(KV_SEPARATOR, KV_SEPARATOR, KV_SEPARATOR)));
+ }
+ @Test
+ public void testImpliesURIPositive() throws Exception {
+ assertTrue(DBWildcardPrivilege.impliesURI("hdfs://namenode:8020/path",
+ "hdfs://namenode:8020/path/to/some/dir"));
+ assertTrue(DBWildcardPrivilege.impliesURI("hdfs://namenode:8020/path",
+ "hdfs://namenode:8020/path"));
+ assertTrue(DBWildcardPrivilege.impliesURI("file:///path",
+ "file:///path/to/some/dir"));
+ assertTrue(DBWildcardPrivilege.impliesURI("file:///path",
+ "file:///path"));
+ }
+ @Test
+ public void testImpliesURINegative() throws Exception {
+ // relative path
+ assertFalse(DBWildcardPrivilege.impliesURI("hdfs://namenode:8020/path",
+ "hdfs://namenode:8020/path/to/../../other"));
+ assertFalse(DBWildcardPrivilege.impliesURI("file:///path",
+ "file:///path/to/../../other"));
+ // bad policy
+ assertFalse(DBWildcardPrivilege.impliesURI("blah",
+ "hdfs://namenode:8020/path/to/some/dir"));
+ // bad request
+ assertFalse(DBWildcardPrivilege.impliesURI("hdfs://namenode:8020/path",
+ "blah"));
+ // scheme
+ assertFalse(DBWildcardPrivilege.impliesURI("hdfs://namenode:8020/path",
+ "file:///path/to/some/dir"));
+ assertFalse(DBWildcardPrivilege.impliesURI("hdfs://namenode:8020/path",
+ "file://namenode:8020/path/to/some/dir"));
+ // hostname
+ assertFalse(DBWildcardPrivilege.impliesURI("hdfs://namenode1:8020/path",
+ "hdfs://namenode2:8020/path/to/some/dir"));
+ // port
+ assertFalse(DBWildcardPrivilege.impliesURI("hdfs://namenode:8020/path",
+ "hdfs://namenode:8021/path/to/some/dir"));
+ // mangled path
+ assertFalse(DBWildcardPrivilege.impliesURI("hdfs://namenode:8020/path",
+ "hdfs://namenode:8020/pathFooBar"));
+ // ends in /
+ assertTrue(DBWildcardPrivilege.impliesURI("hdfs://namenode:8020/path/",
+ "hdfs://namenode:8020/path/FooBar"));
+ }
+ static DBWildcardPrivilege create(KeyValue... keyValues) {
+ return create(AUTHORIZABLE_JOINER.join(keyValues));
+
+ }
+ static DBWildcardPrivilege create(String s) {
+ return new DBWildcardPrivilege(s);
+ }
+}
http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/644e8be3/sentry-policy/sentry-policy-db/src/test/java/org/apache/sentry/policy/db/TestDatabaseRequiredInRole.java
----------------------------------------------------------------------
diff --git a/sentry-policy/sentry-policy-db/src/test/java/org/apache/sentry/policy/db/TestDatabaseRequiredInRole.java b/sentry-policy/sentry-policy-db/src/test/java/org/apache/sentry/policy/db/TestDatabaseRequiredInRole.java
index 948b7ac..f9b00b4 100644
--- a/sentry-policy/sentry-policy-db/src/test/java/org/apache/sentry/policy/db/TestDatabaseRequiredInRole.java
+++ b/sentry-policy/sentry-policy-db/src/test/java/org/apache/sentry/policy/db/TestDatabaseRequiredInRole.java
@@ -20,6 +20,7 @@ package org.apache.sentry.policy.db;
import junit.framework.Assert;
+import org.apache.sentry.policy.common.PrivilegeValidatorContext;
import org.apache.shiro.config.ConfigurationException;
import org.junit.Test;
@@ -27,19 +28,19 @@ public class TestDatabaseRequiredInRole {
@Test
public void testURIInPerDbPolicyFile() throws Exception {
- DatabaseRequiredInRole dbRequiredInRole = new DatabaseRequiredInRole();
+ DatabaseRequiredInPrivilege dbRequiredInRole = new DatabaseRequiredInPrivilege();
System.setProperty("sentry.allow.uri.db.policyfile", "true");
- dbRequiredInRole.validate("db1",
- "server=server1->URI=file:///user/db/warehouse/tab1");
+ dbRequiredInRole.validate(new PrivilegeValidatorContext("db1",
+ "server=server1->URI=file:///user/db/warehouse/tab1"));
System.setProperty("sentry.allow.uri.db.policyfile", "false");
}
@Test
public void testURIWithDBInPerDbPolicyFile() throws Exception {
- DatabaseRequiredInRole dbRequiredInRole = new DatabaseRequiredInRole();
+ DatabaseRequiredInPrivilege dbRequiredInRole = new DatabaseRequiredInPrivilege();
try {
- dbRequiredInRole.validate("db1",
- "server=server1->db=db1->URI=file:///user/db/warehouse/tab1");
+ dbRequiredInRole.validate(new PrivilegeValidatorContext("db1",
+ "server=server1->db=db1->URI=file:///user/db/warehouse/tab1"));
Assert.fail("Expected ConfigurationException");
} catch (ConfigurationException e) {
;
[02/13] SENTRY-143: Merge db_policy_store branch into master (Brock
Noland via Shreepadma Venugopalan)
Posted by sh...@apache.org.
http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/644e8be3/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/service/thrift/ConnectionDeniedException.java
----------------------------------------------------------------------
diff --git a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/service/thrift/ConnectionDeniedException.java b/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/service/thrift/ConnectionDeniedException.java
new file mode 100644
index 0000000..02c5eb3
--- /dev/null
+++ b/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/service/thrift/ConnectionDeniedException.java
@@ -0,0 +1,36 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.sentry.service.thrift;
+
+import javax.security.auth.callback.Callback;
+import javax.security.auth.callback.UnsupportedCallbackException;
+
+public class ConnectionDeniedException extends UnsupportedCallbackException {
+
+ private static final long serialVersionUID = 653174214903923178L;
+ private String connectionPrincipal;
+
+ public ConnectionDeniedException(Callback callback, String message, String connectionPrincipal) {
+ super(callback, message);
+ this.connectionPrincipal = connectionPrincipal;
+ }
+
+ public String getConnectionPrincipal() {
+ return connectionPrincipal;
+ }
+}
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/644e8be3/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/service/thrift/GSSCallback.java
----------------------------------------------------------------------
diff --git a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/service/thrift/GSSCallback.java b/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/service/thrift/GSSCallback.java
new file mode 100644
index 0000000..c4a0fd4
--- /dev/null
+++ b/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/service/thrift/GSSCallback.java
@@ -0,0 +1,102 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.sentry.service.thrift;
+
+import java.util.Arrays;
+import java.util.List;
+
+import javax.security.auth.callback.Callback;
+import javax.security.auth.callback.UnsupportedCallbackException;
+import javax.security.sasl.AuthorizeCallback;
+
+import org.apache.hadoop.conf.Configuration;
+import org.apache.hadoop.security.SaslRpcServer;
+
+public class GSSCallback extends SaslRpcServer.SaslGssCallbackHandler {
+
+ private final Configuration conf;
+ public GSSCallback(Configuration conf) {
+ super();
+ this.conf = conf;
+ }
+
+ boolean comparePrincipals(String principal1, String principal2) {
+ String[] principalParts1 = SaslRpcServer.splitKerberosName(principal1);
+ String[] principalParts2 = SaslRpcServer.splitKerberosName(principal2);
+ if (principalParts1.length == 0 || principalParts2.length == 0) {
+ return false;
+ }
+ if (principalParts1.length == principalParts2.length) {
+ for (int i=0; i < principalParts1.length; i++) {
+ if (!principalParts1[i].equals(principalParts2[i])) {
+ return false;
+ }
+ }
+ return true;
+ } else {
+ return false;
+ }
+ }
+
+ boolean allowConnect(String principal) {
+ String allowedPrincipals = conf.get("sentry.service.allow.connect");
+ if (allowedPrincipals == null) {
+ return false;
+ }
+ List<String> items = Arrays.asList(allowedPrincipals.split("\\s*,\\s*"));
+ for (String item:items) {
+ if(comparePrincipals(item, principal)) {
+ return true;
+ }
+ }
+ return false;
+ }
+
+ @Override
+ public void handle(Callback[] callbacks)
+ throws UnsupportedCallbackException, ConnectionDeniedException {
+ AuthorizeCallback ac = null;
+ for (Callback callback : callbacks) {
+ if (callback instanceof AuthorizeCallback) {
+ ac = (AuthorizeCallback) callback;
+ } else {
+ throw new UnsupportedCallbackException(callback,
+ "Unrecognized SASL GSSAPI Callback");
+ }
+ }
+ if (ac != null) {
+ String authid = ac.getAuthenticationID();
+ String authzid = ac.getAuthorizationID();
+
+ if (allowConnect(authid)) {
+ if (authid.equals(authzid)) {
+ ac.setAuthorized(true);
+ } else {
+ ac.setAuthorized(false);
+ }
+ if (ac.isAuthorized()) {
+ ac.setAuthorizedID(authzid);
+ }
+ } else {
+ throw new ConnectionDeniedException(ac,
+ "Connection to sentry service denied due to lack of client credentials",
+ authid);
+ }
+ }
+ }
+}
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/644e8be3/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/service/thrift/KerberosConfiguration.java
----------------------------------------------------------------------
diff --git a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/service/thrift/KerberosConfiguration.java b/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/service/thrift/KerberosConfiguration.java
new file mode 100644
index 0000000..3022f67
--- /dev/null
+++ b/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/service/thrift/KerberosConfiguration.java
@@ -0,0 +1,78 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.sentry.service.thrift;
+
+import java.io.File;
+import java.util.HashMap;
+import java.util.Map;
+
+import javax.security.auth.login.AppConfigurationEntry;
+
+public class KerberosConfiguration extends javax.security.auth.login.Configuration {
+ private String principal;
+ private String keytab;
+ private boolean isInitiator;
+
+ private KerberosConfiguration(String principal, File keytab,
+ boolean client) {
+ this.principal = principal;
+ this.keytab = keytab.getAbsolutePath();
+ this.isInitiator = client;
+ }
+
+ public static javax.security.auth.login.Configuration createClientConfig(String principal,
+ File keytab) {
+ return new KerberosConfiguration(principal, keytab, true);
+ }
+
+ public static javax.security.auth.login.Configuration createServerConfig(String principal,
+ File keytab) {
+ return new KerberosConfiguration(principal, keytab, false);
+ }
+
+ private static String getKrb5LoginModuleName() {
+ return System.getProperty("java.vendor").contains("IBM")
+ ? "com.ibm.security.auth.module.Krb5LoginModule"
+ : "com.sun.security.auth.module.Krb5LoginModule";
+ }
+
+ @Override
+ public AppConfigurationEntry[] getAppConfigurationEntry(String name) {
+ Map<String, String> options = new HashMap<String, String>();
+ options.put("keyTab", keytab);
+ options.put("principal", principal);
+ options.put("useKeyTab", "true");
+ options.put("storeKey", "true");
+ options.put("doNotPrompt", "true");
+ options.put("useTicketCache", "true");
+ options.put("renewTGT", "true");
+ options.put("refreshKrb5Config", "true");
+ options.put("isInitiator", Boolean.toString(isInitiator));
+ String ticketCache = System.getenv("KRB5CCNAME");
+ if (ticketCache != null) {
+ options.put("ticketCache", ticketCache);
+ }
+ options.put("debug", "true");
+
+ return new AppConfigurationEntry[]{
+ new AppConfigurationEntry(getKrb5LoginModuleName(),
+ AppConfigurationEntry.LoginModuleControlFlag.REQUIRED,
+ options)};
+ }
+}
+
http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/644e8be3/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/service/thrift/ProcessorFactory.java
----------------------------------------------------------------------
diff --git a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/service/thrift/ProcessorFactory.java b/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/service/thrift/ProcessorFactory.java
new file mode 100644
index 0000000..07b3472
--- /dev/null
+++ b/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/service/thrift/ProcessorFactory.java
@@ -0,0 +1,30 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.sentry.service.thrift;
+
+import org.apache.hadoop.conf.Configuration;
+import org.apache.thrift.TMultiplexedProcessor;
+
+public abstract class ProcessorFactory {
+ protected final Configuration conf;
+ public ProcessorFactory(Configuration conf) {
+ this.conf = conf;
+ }
+
+ public abstract boolean register(TMultiplexedProcessor processor) throws Exception;
+}
http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/644e8be3/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/service/thrift/SentryService.java
----------------------------------------------------------------------
diff --git a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/service/thrift/SentryService.java b/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/service/thrift/SentryService.java
new file mode 100644
index 0000000..fbb0eef
--- /dev/null
+++ b/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/service/thrift/SentryService.java
@@ -0,0 +1,272 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.sentry.service.thrift;
+
+import java.io.File;
+import java.io.IOException;
+import java.lang.reflect.Constructor;
+import java.net.InetSocketAddress;
+import java.net.ServerSocket;
+import java.security.PrivilegedExceptionAction;
+import java.util.HashSet;
+import java.util.concurrent.ExecutorService;
+import java.util.concurrent.Executors;
+import java.util.concurrent.ThreadFactory;
+
+import javax.security.auth.Subject;
+import javax.security.auth.kerberos.KerberosPrincipal;
+import javax.security.auth.login.LoginContext;
+import javax.security.auth.login.LoginException;
+
+import org.apache.commons.cli.CommandLine;
+import org.apache.commons.cli.CommandLineParser;
+import org.apache.commons.cli.GnuParser;
+import org.apache.commons.cli.Options;
+import org.apache.hadoop.conf.Configuration;
+import org.apache.hadoop.net.NetUtils;
+import org.apache.hadoop.security.SaslRpcServer;
+import org.apache.hadoop.security.SaslRpcServer.AuthMethod;
+import org.apache.sentry.Command;
+import org.apache.sentry.service.thrift.ServiceConstants.ConfUtilties;
+import org.apache.sentry.service.thrift.ServiceConstants.ServerConfig;
+import org.apache.thrift.TMultiplexedProcessor;
+import org.apache.thrift.protocol.TBinaryProtocol;
+import org.apache.thrift.server.TServer;
+import org.apache.thrift.server.TThreadPoolServer;
+import org.apache.thrift.transport.TSaslServerTransport;
+import org.apache.thrift.transport.TServerSocket;
+import org.apache.thrift.transport.TServerTransport;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+import com.google.common.base.Preconditions;
+import com.google.common.collect.Sets;
+
+public class SentryService implements Runnable {
+
+ private static final Logger LOGGER = LoggerFactory
+ .getLogger(SentryService.class);
+
+ private static enum Status {
+ NOT_STARTED(), STARTED();
+ }
+
+ private final Configuration conf;
+ private final InetSocketAddress address;
+ private final int maxThreads;
+ private final int minThreads;
+ private final String principal;
+ private final String[] principalParts;
+ private final String keytab;
+ private final ExecutorService serviceExecutor;
+
+ private TServer thriftServer;
+ private Status status;
+
+ public SentryService(Configuration conf) {
+ this.conf = conf;
+ int port = conf
+ .getInt(ServerConfig.RPC_PORT, ServerConfig.RPC_PORT_DEFAULT);
+ if (port == 0) {
+ port = findFreePort();
+ }
+ this.address = NetUtils.createSocketAddr(
+ conf.get(ServerConfig.RPC_ADDRESS, ServerConfig.RPC_ADDRESS_DEFAULT),
+ port);
+ LOGGER.info("Configured on address " + address);
+ maxThreads = conf.getInt(ServerConfig.RPC_MAX_THREADS,
+ ServerConfig.RPC_MAX_THREADS_DEFAULT);
+ minThreads = conf.getInt(ServerConfig.RPC_MIN_THREADS,
+ ServerConfig.RPC_MIN_THREADS_DEFAULT);
+ principal = Preconditions.checkNotNull(conf.get(ServerConfig.PRINCIPAL),
+ ServerConfig.PRINCIPAL + " is required");
+ principalParts = SaslRpcServer.splitKerberosName(principal);
+ Preconditions.checkArgument(principalParts.length == 3,
+ "Kerberos principal should have 3 parts: " + principal);
+ keytab = Preconditions.checkNotNull(conf.get(ServerConfig.KEY_TAB),
+ ServerConfig.KEY_TAB + " is required");
+ File keytabFile = new File(keytab);
+ Preconditions.checkState(keytabFile.isFile() && keytabFile.canRead(),
+ "Keytab " + keytab + " does not exist or is not readable.");
+ serviceExecutor = Executors.newSingleThreadExecutor(new ThreadFactory() {
+ private int count = 0;
+
+ @Override
+ public Thread newThread(Runnable r) {
+ return new Thread(r, SentryService.class.getSimpleName() + "-"
+ + (count++));
+ }
+ });
+ status = Status.NOT_STARTED;
+ }
+
+ @Override
+ public void run() {
+ LoginContext loginContext = null;
+ try {
+ Subject subject = new Subject(false,
+ Sets.newHashSet(new KerberosPrincipal(principal)),
+ new HashSet<Object>(), new HashSet<Object>());
+ loginContext = new LoginContext("", subject, null,
+ KerberosConfiguration.createClientConfig(principal, new File(keytab)));
+ loginContext.login();
+ subject = loginContext.getSubject();
+ Subject.doAs(subject, new PrivilegedExceptionAction<Void>() {
+ @Override
+ public Void run() throws Exception {
+ Iterable<String> processorFactories = ConfUtilties.CLASS_SPLITTER
+ .split(conf.get(ServerConfig.PROCESSOR_FACTORIES,
+ ServerConfig.PROCESSOR_FACTORIES_DEFAULT).trim());
+ TMultiplexedProcessor processor = new TMultiplexedProcessor();
+ boolean registeredProcessor = false;
+ for (String processorFactory : processorFactories) {
+ Class<?> clazz = conf.getClassByName(processorFactory);
+ if (!ProcessorFactory.class.isAssignableFrom(clazz)) {
+ throw new IllegalArgumentException("Processor Factory "
+ + processorFactory + " is not a "
+ + ProcessorFactory.class.getName());
+ }
+ try {
+ Constructor<?> constructor = clazz
+ .getConstructor(Configuration.class);
+ ProcessorFactory factory = (ProcessorFactory) constructor
+ .newInstance(conf);
+ registeredProcessor = registeredProcessor
+ || factory.register(processor);
+ } catch (Exception e) {
+ throw new IllegalStateException("Could not create "
+ + processorFactory, e);
+ }
+ }
+ if (!registeredProcessor) {
+ throw new IllegalStateException(
+ "Failed to register any processors from " + processorFactories);
+ }
+ TServerTransport serverTransport = new TServerSocket(address);
+ TSaslServerTransport.Factory saslTransportFactory = new TSaslServerTransport.Factory();
+ saslTransportFactory.addServerDefinition(AuthMethod.KERBEROS
+ .getMechanismName(), principalParts[0], principalParts[1],
+ ServerConfig.SASL_PROPERTIES, new GSSCallback(conf));
+ TThreadPoolServer.Args args = new TThreadPoolServer.Args(
+ serverTransport).processor(processor)
+ .transportFactory(saslTransportFactory)
+ .protocolFactory(new TBinaryProtocol.Factory())
+ .minWorkerThreads(minThreads).maxWorkerThreads(maxThreads);
+ thriftServer = new TThreadPoolServer(args);
+ LOGGER.info("Serving on " + address);
+ thriftServer.serve();
+ return null;
+ }
+ });
+ } catch (Throwable t) {
+ LOGGER.error("Error starting server", t);
+ } finally {
+ status = Status.NOT_STARTED;
+ if (loginContext != null) {
+ try {
+ loginContext.logout();
+ } catch (LoginException e) {
+ LOGGER.error("Error logging out", e);
+ }
+ }
+ }
+ }
+
+ public InetSocketAddress getAddress() {
+ return address;
+ }
+
+ public synchronized boolean isRunning() {
+ return status == Status.STARTED && thriftServer != null
+ && thriftServer.isServing();
+ }
+
+ public synchronized void start() {
+ if (status != Status.NOT_STARTED) {
+ throw new IllegalStateException("Cannot start when " + status);
+ }
+ LOGGER.info("Attempting to start...");
+ status = Status.STARTED;
+ serviceExecutor.submit(this);
+ }
+
+ public synchronized void stop() {
+ if (status == Status.NOT_STARTED) {
+ return;
+ }
+ LOGGER.info("Attempting to stop...");
+
+ if (thriftServer.isServing()) {
+ thriftServer.stop();
+ }
+ thriftServer = null;
+ status = Status.NOT_STARTED;
+ LOGGER.info("Stopped...");
+ }
+
+ private static int findFreePort() {
+ int attempts = 0;
+ while (attempts++ <= 1000) {
+ try {
+ ServerSocket s = new ServerSocket(0);
+ int port = s.getLocalPort();
+ s.close();
+ return port;
+ } catch (IOException e) {
+ // ignore and retry
+ }
+ }
+ throw new IllegalStateException("Unable to find a port after 1000 attempts");
+ }
+ public static class CommandImpl implements Command {
+ @Override
+ @SuppressWarnings("deprecation")
+ public void run(String[] args) throws Exception {
+ CommandLineParser parser = new GnuParser();
+ Options options = new Options();
+ options.addOption(null, ServiceConstants.ServiceArgs.CONFIG_FILE,
+ true, "Sentry Service configuration file");
+ CommandLine commandLine = parser.parse(options, args);
+ String configFileName = commandLine.getOptionValue(ServiceConstants.
+ ServiceArgs.CONFIG_FILE);
+ File configFile = null;
+ if (configFileName == null) {
+ throw new IllegalArgumentException("Usage: " + ServiceConstants.ServiceArgs.CONFIG_FILE +
+ " path/to/sentry-service.xml");
+ } else if(!((configFile = new File(configFileName)).isFile() && configFile.canRead())) {
+ throw new IllegalArgumentException("Cannot read configuration file " + configFile);
+ }
+ Configuration conf = new Configuration(false);
+ conf.addResource(configFile.toURL());
+ final SentryService server = new SentryService(conf);
+ server.start();
+ Runtime.getRuntime().addShutdownHook(new Thread() {
+ @Override
+ public void run() {
+ LOGGER.info("ShutdownHook shutting down server");
+ try {
+ server.stop();
+ } catch (Throwable t) {
+ LOGGER.error("Error stopping SentryService", t);
+ }
+ }
+ });
+ }
+ }
+}
http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/644e8be3/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/service/thrift/SentryServiceClientFactory.java
----------------------------------------------------------------------
diff --git a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/service/thrift/SentryServiceClientFactory.java b/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/service/thrift/SentryServiceClientFactory.java
new file mode 100644
index 0000000..11545a5
--- /dev/null
+++ b/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/service/thrift/SentryServiceClientFactory.java
@@ -0,0 +1,30 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.sentry.service.thrift;
+import org.apache.hadoop.conf.Configuration;
+import org.apache.sentry.provider.db.service.thrift.SentryPolicyServiceClient;
+
+public class SentryServiceClientFactory {
+
+ public SentryPolicyServiceClient create(Configuration conf) throws Exception {
+ SentryPolicyServiceClient client = new SentryPolicyServiceClient(conf);
+ return client;
+ }
+
+}
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/644e8be3/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/service/thrift/SentryServiceFactory.java
----------------------------------------------------------------------
diff --git a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/service/thrift/SentryServiceFactory.java b/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/service/thrift/SentryServiceFactory.java
new file mode 100644
index 0000000..bd7e447
--- /dev/null
+++ b/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/service/thrift/SentryServiceFactory.java
@@ -0,0 +1,29 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.sentry.service.thrift;
+import org.apache.hadoop.conf.Configuration;
+
+public class SentryServiceFactory {
+
+ public SentryService create(Configuration conf) throws Exception {
+ SentryService server = new SentryService(conf);
+ return server;
+ }
+
+}
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/644e8be3/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/service/thrift/ServiceConstants.java
----------------------------------------------------------------------
diff --git a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/service/thrift/ServiceConstants.java b/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/service/thrift/ServiceConstants.java
new file mode 100644
index 0000000..253f88e
--- /dev/null
+++ b/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/service/thrift/ServiceConstants.java
@@ -0,0 +1,78 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.sentry.service.thrift;
+
+import java.util.HashMap;
+import java.util.Map;
+
+import javax.security.sasl.Sasl;
+
+import com.google.common.base.Splitter;
+import com.google.common.collect.ImmutableMap;
+
+public class ServiceConstants {
+
+ private static final ImmutableMap<String, String> SASL_PROPERTIES;
+
+ static {
+ Map<String, String> saslProps = new HashMap<String, String>();
+ saslProps.put(Sasl.SERVER_AUTH, "true");
+ saslProps.put(Sasl.QOP, "auth-conf");
+ SASL_PROPERTIES = ImmutableMap.copyOf(saslProps);
+ }
+
+ public static class ConfUtilties {
+ public static final Splitter CLASS_SPLITTER = Splitter.onPattern("[\\s,]")
+ .trimResults().omitEmptyStrings();
+ }
+ public static class ServiceArgs {
+ public static final String CONFIG_FILE = "--conf-file";
+ }
+ public static class ServerConfig {
+ public static final ImmutableMap<String, String> SASL_PROPERTIES = ServiceConstants.SASL_PROPERTIES;
+ public static final String PRINCIPAL = "sentry.service.server.principal";
+ public static final String KEY_TAB = "sentry.service.server.keytab";
+ public static final String RPC_PORT = "sentry.service.server.rpc-port";
+ public static final int RPC_PORT_DEFAULT = 8038;
+ public static final String RPC_ADDRESS = "sentry.service.server.rpc-address";
+ public static final String RPC_ADDRESS_DEFAULT = "0.0.0.0";
+ public static final String RPC_MAX_THREADS = "sentry.service.server-max-threads";
+ public static final int RPC_MAX_THREADS_DEFAULT = 500;
+ public static final String RPC_MIN_THREADS = "sentry.service.server-min-threads";
+ public static final int RPC_MIN_THREADS_DEFAULT = 10;
+ public static final String ALLOW_CONNECT = "sentry.service.allow.connect";
+ public static final String PROCESSOR_FACTORIES = "sentry.service.processor.factories";
+ public static final String PROCESSOR_FACTORIES_DEFAULT =
+ "org.apache.sentry.provider.db.service.thrift.SentryPolicyStoreProcessorFactory";
+ }
+ public static class ClientConfig {
+ public static final ImmutableMap<String, String> SASL_PROPERTIES = ServiceConstants.SASL_PROPERTIES;
+ public static final String SERVER_RPC_PORT = "sentry.service.client.server.rpc-port";
+ public static final int SERVER_RPC_PORT_DEFAULT = ServerConfig.RPC_PORT_DEFAULT;
+ public static final String SERVER_RPC_ADDRESS = "sentry.service.client.server.rpc-address";
+ public static final String SERVER_RPC_CONN_TIMEOUT = "sentry.service.client.server.rpc-connection-timeout";
+ public static final int SERVER_RPC_CONN_TIMEOUT_DEFAULT = 200000;
+ }
+
+ /**
+ * Thrift generates terrible constant class names
+ */
+ public static class ThriftConstants extends org.apache.sentry.service.thrift.sentry_common_serviceConstants {
+ public static final int TSENTRY_SERVICE_VERSION_CURRENT = TSENTRY_SERVICE_V1;
+ }
+}
http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/644e8be3/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/service/thrift/Status.java
----------------------------------------------------------------------
diff --git a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/service/thrift/Status.java b/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/service/thrift/Status.java
new file mode 100644
index 0000000..1686780
--- /dev/null
+++ b/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/service/thrift/Status.java
@@ -0,0 +1,84 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.sentry.service.thrift;
+
+import java.io.PrintWriter;
+import java.io.StringWriter;
+
+import javax.annotation.Nullable;
+
+import org.apache.sentry.service.thrift.ServiceConstants.ThriftConstants;
+
+/**
+ * Simple factory to make returning TSentryStatus objects easy
+ */
+public enum Status {
+ OK(ThriftConstants.TSENTRY_STATUS_OK),
+ ALREADY_EXISTS(ThriftConstants.TSENTRY_STATUS_ALREADY_EXISTS),
+ NO_SUCH_OBJECT(ThriftConstants.TSENTRY_STATUS_NO_SUCH_OBJECT),
+ RUNTIME_ERROR(ThriftConstants.TSENTRY_STATUS_RUNTIME_ERROR),
+ INVALID_INPUT(ThriftConstants.TSENTRY_STATUS_INVALID_INPUT),
+ UNKNOWN(-1)
+ ;
+ private int code;
+ private Status(int code) {
+ this.code = code;
+ }
+ public int getCode() {
+ return code;
+ }
+ public static Status fromCode(int code) {
+ for (Status status : Status.values()) {
+ if (status.getCode() == code) {
+ return status;
+ }
+ }
+ return Status.UNKNOWN;
+ }
+ public static TSentryResponseStatus OK() {
+ return Create(Status.OK, "");
+ }
+ public static TSentryResponseStatus AlreadyExists(String message, Throwable t) {
+ return Create(Status.ALREADY_EXISTS, message, t);
+ }
+ public static TSentryResponseStatus NoSuchObject(String message, Throwable t) {
+ return Create(Status.NO_SUCH_OBJECT, message, t);
+ }
+ public static TSentryResponseStatus RuntimeError(String message, Throwable t) {
+ return Create(Status.RUNTIME_ERROR, message, t);
+ }
+ public static TSentryResponseStatus Create(Status value, String message) {
+ return Create(value, message, null);
+ }
+ public static TSentryResponseStatus InvalidInput(String message, Throwable t) {
+ return Create(Status.INVALID_INPUT, message, t);
+ }
+ public static TSentryResponseStatus Create(Status value, String message, @Nullable Throwable t) {
+ TSentryResponseStatus status = new TSentryResponseStatus();
+ status.setValue(value.getCode());
+ status.setMessage(message);
+ if (t != null) {
+ StringWriter stringWriter = new StringWriter();
+ PrintWriter printWriter = new PrintWriter(stringWriter);
+ t.printStackTrace(printWriter);
+ printWriter.close();
+ status.setStack(stringWriter.toString());
+ }
+ return status;
+ }
+}
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/644e8be3/sentry-provider/sentry-provider-db/src/main/resources/sentry-mysql-1.4.0.sql
----------------------------------------------------------------------
diff --git a/sentry-provider/sentry-provider-db/src/main/resources/sentry-mysql-1.4.0.sql b/sentry-provider/sentry-provider-db/src/main/resources/sentry-mysql-1.4.0.sql
new file mode 100644
index 0000000..85d5085
--- /dev/null
+++ b/sentry-provider/sentry-provider-db/src/main/resources/sentry-mysql-1.4.0.sql
@@ -0,0 +1,113 @@
+--Licensed to the Apache Software Foundation (ASF) under one or more
+--contributor license agreements. See the NOTICE file distributed with
+--this work for additional information regarding copyright ownership.
+--The ASF licenses this file to You under the Apache License, Version 2.0
+--(the "License"); you may not use this file except in compliance with
+--the License. You may obtain a copy of the License at
+--
+-- http://www.apache.org/licenses/LICENSE-2.0
+--
+--Unless required by applicable law or agreed to in writing, software
+--distributed under the License is distributed on an "AS IS" BASIS,
+--WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+--See the License for the specific language governing permissions and
+--limitations under the License.
+
+
+/*!40101 SET @OLD_CHARACTER_SET_CLIENT=@@CHARACTER_SET_CLIENT */;
+/*!40101 SET @OLD_CHARACTER_SET_RESULTS=@@CHARACTER_SET_RESULTS */;
+/*!40101 SET @OLD_COLLATION_CONNECTION=@@COLLATION_CONNECTION */;
+/*!40101 SET NAMES utf8 */;
+/*!40103 SET @OLD_TIME_ZONE=@@TIME_ZONE */;
+/*!40103 SET TIME_ZONE='+00:00' */;
+/*!40014 SET @OLD_UNIQUE_CHECKS=@@UNIQUE_CHECKS, UNIQUE_CHECKS=0 */;
+/*!40014 SET @OLD_FOREIGN_KEY_CHECKS=@@FOREIGN_KEY_CHECKS, FOREIGN_KEY_CHECKS=0 */;
+/*!40101 SET @OLD_SQL_MODE=@@SQL_MODE, SQL_MODE='NO_AUTO_VALUE_ON_ZERO' */;
+/*!40111 SET @OLD_SQL_NOTES=@@SQL_NOTES, SQL_NOTES=0 */;
+
+CREATE TABLE `SENTRY_DB_PRIVILEGE` (
+ `DB_PRIVILEGE_ID` BIGINT NOT NULL,
+ `PRIVILEGE_NAME` VARCHAR(128) CHARACTER SET utf8 COLLATE utf8_bin NOT NULL, -- Name of the privilege
+ `PRIVILEGE_SCOPE` VARCHAR(32) CHARACTER SET utf8 COLLATE utf8_bin NOT NULL, -- Scope. Valid values are Server, Database, Table
+ `SERVER_NAME` VARCHAR(128) CHARACTER SET utf8 COLLATE utf8_bin NOT NULL,
+ `DATABASE_NAME` VARCHAR(128) CHARACTER SET utf8 COLLATE utf8_bin DEFAULT NULL,
+ `TABLE_NAME` VARCHAR(128) CHARACTER SET utf8 COLLATE utf8_bin DEFAULT NULL,
+ `URI` VARCHAR(4000) CHARACTER SET utf8 COLLATE utf8_bin DEFAULT NULL,
+ `PRIVILEGE` VARCHAR(128) CHARACTER SET utf8 COLLATE utf8_bin NOT NULL, -- Allowed action. Valid values are ALL, INSERT, SELECT
+ `CREATE_TIME` BIGINT NOT NULL,
+ `GRANTOR_PRINCIPAL` VARCHAR(128) CHARACTER SET utf8 COLLATE utf8_bin NOT NULL -- principal of the creator
+) ENGINE=InnoDB DEFAULT CHARSET=utf8;
+
+CREATE TABLE `SENTRY_ROLE` (
+ `ROLE_ID` BIGINT NOT NULL,
+ `ROLE_NAME` VARCHAR(128) CHARACTER SET utf8 COLLATE utf8_bin NOT NULL,
+ `CREATE_TIME` BIGINT NOT NULL,
+ `ROLE_OWNER` VARCHAR(128) CHARACTER SET utf8 COLLATE utf8_bin NOT NULL
+) ENGINE=InnoDB DEFAULT CHARSET=utf8;
+
+CREATE TABLE `SENTRY_GROUP` (
+ `GROUP_ID` BIGINT NOT NULL,
+ `GROUP_NAME` VARCHAR(128) CHARACTER SET utf8 COLLATE utf8_bin NOT NULL,
+ `CREATE_TIME` BIGINT NOT NULL,
+ `GRANTOR_PRINCIPAL` VARCHAR(128) CHARACTER SET utf8 COLLATE utf8_bin NOT NULL
+) ENGINE=InnoDB DEFAULT CHARSET=utf8;
+
+CREATE TABLE `SENTRY_ROLE_DB_PRIVILEGE_MAP` (
+ `ROLE_PRIVILEGE_MAP_ID` BIGINT NOT NULL,
+ `ROLE_ID` BIGINT NOT NULL, -- FK to SENTRY_ROLE.ROLE_ID
+ `DB_PRIVILEGE_ID` BIGINT NOT NULL -- FK to SENTRY_DB_PRIVILEGE.DB_PRIVILEGE_ID
+) ENGINE=InnoDB DEFAULT CHARSET=utf8;
+
+CREATE TABLE `SENTRY_ROLE_GROUP_MAP` (
+ `ROLE_GROUP_MAP_ID` BIGINT NOT NULL,
+ `ROLE_ID` BIGINT NOT NULL, -- FK to SENTRY_ROLE.ROLE_ID
+ `GROUP_ID` BIGINT NOT NULL -- FK to SENTRY_GROUP.GROUP_ID
+) ENGINE=InnoDB DEFAULT CHARSET=utf8;
+
+CREATE TABLE IF NOT EXISTS `SENTRY_VERSION` (
+ `VER_ID` BIGINT NOT NULL,
+ `SCHEMA_VERSION` VARCHAR(127) NOT NULL,
+ `VERSION_COMMENT` VARCHAR(255) NOT NULL
+) ENGINE=InnoDB DEFAULT CHARSET=utf8;
+
+ALTER TABLE `SENTRY_DB_PRIVILEGE`
+ ADD CONSTRAINT `SENTRY_DB_PRIV_PK` PRIMARY KEY (`DB_PRIVILEGE_ID`);
+
+ALTER TABLE `SENTRY_ROLE`
+ ADD CONSTRAINT `SENTRY_ROLE_PK` PRIMARY KEY (`ROLE_ID`);
+
+ALTER TABLE `SENTRY_GROUP`
+ ADD CONSTRAINT `SENTRY_GROUP_PK` PRIMARY KEY (`GROUP_ID`);
+
+ALTER TABLE `SENTRY_ROLE_DB_PRIVILEGE_MAP`
+ ADD CONSTRAINT `SENTRY_ROLE_DB_PRIV_MAP_PK` PRIMARY KEY (`ROLE_PRIVILEGE_MAP_ID`);
+
+ALTER TABLE `SENTRY_ROLE_GROUP_MAP`
+ ADD CONSTRAINT `SENTRY_ROLE_GROUP_MAP_PK` PRIMARY KEY (`ROLE_GROUP_MAP_ID`);
+
+ALTER TABLE `SENTRY_VERSION`
+ ADD CONSTRAINT `SENTRY_VERSION` PRIMARY KEY (`VER_ID`);
+
+ALTER TABLE `SENTRY_DB_PRIVILEGE`
+ ADD CONSTRAINT `SENTRY_DB_PRIV_PRIV_NAME_UNIQ` UNIQUE (`PRIVILEGE_NAME`);
+
+ALTER TABLE `SENTRY_ROLE`
+ ADD CONSTRAINT `SENTRY_ROLE_ROLE_NAME_UNIQUE` UNIQUE (`ROLE_NAME`);
+
+ALTER TABLE `SENTRY_ROLE_DB_PRIVILEGE_MAP`
+ ADD CONSTRAINT `SEN_RLE_DB_PRV_MAP_SN_RLE_FK`
+ FOREIGN KEY (`ROLE_ID`) REFERENCES `SENTRY_ROLE`(`ROLE_ID`);
+
+ALTER TABLE `SENTRY_ROLE_DB_PRIVILEGE_MAP`
+ ADD CONSTRAINT `SEN_RL_DB_PRV_MAP_SN_DB_PRV_FK`
+ FOREIGN KEY (`DB_PRIVILEGE_ID`) REFERENCES `SENTRY_DB_PRIVILEGE`(`DB_PRIVILEGE_ID`);
+
+ALTER TABLE `SENTRY_ROLE_GROUP_MAP`
+ ADD CONSTRAINT `SEN_ROLE_GROUP_MAP_SEN_ROLE_FK`
+ FOREIGN KEY (`ROLE_ID`) REFERENCES `SENTRY_ROLE`(`ROLE_ID`);
+
+ALTER TABLE `SENTRY_ROLE_GROUP_MAP`
+ ADD CONSTRAINT `SEN_ROLE_GROUP_MAP_SEN_GRP_FK`
+ FOREIGN KEY (`GROUP_ID`) REFERENCES `SENTRY_GROUP`(`GROUP_ID`);
+
+INSERT INTO SENTRY_VERSION (VER_ID, SCHEMA_VERSION, VERSION_COMMENT) VALUES (1, '1.4.0', 'Sentry release version 1.4.0');
http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/644e8be3/sentry-provider/sentry-provider-db/src/main/resources/sentry-oracle-1.4.0.sql
----------------------------------------------------------------------
diff --git a/sentry-provider/sentry-provider-db/src/main/resources/sentry-oracle-1.4.0.sql b/sentry-provider/sentry-provider-db/src/main/resources/sentry-oracle-1.4.0.sql
new file mode 100644
index 0000000..0508d45
--- /dev/null
+++ b/sentry-provider/sentry-provider-db/src/main/resources/sentry-oracle-1.4.0.sql
@@ -0,0 +1,101 @@
+--Licensed to the Apache Software Foundation (ASF) under one or more
+--contributor license agreements. See the NOTICE file distributed with
+--this work for additional information regarding copyright ownership.
+--The ASF licenses this file to You under the Apache License, Version 2.0
+--(the "License"); you may not use this file except in compliance with
+--the License. You may obtain a copy of the License at
+--
+-- http://www.apache.org/licenses/LICENSE-2.0
+--
+--Unless required by applicable law or agreed to in writing, software
+--distributed under the License is distributed on an "AS IS" BASIS,
+--WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+--See the License for the specific language governing permissions and
+--limitations under the License.
+
+CREATE TABLE "SENTRY_DB_PRIVILEGE" (
+ "DB_PRIVILEGE_ID" NUMBER NOT NULL,
+ "PRIVILEGE_NAME" VARCHAR2(128) NOT NULL, -- Name of the privilege
+ "PRIVILEGE_SCOPE" VARCHAR2(32) NOT NULL, -- Scope. Valid values are Server, Database, Table
+ "SERVER_NAME" VARCHAR2(128) NOT NULL,
+ "DATABASE_NAME" VARCHAR2(128) NULL,
+ "TABLE_NAME" VARCHAR2(128) NULL,
+ "URI" VARCHAR2(4000) NULL,
+ "PRIVILEGE" VARCHAR2(128) NOT NULL, -- Allowed action. Valid values are ALL, INSERT, SELECT
+ "CREATE_TIME" NUMBER NOT NULL,
+ "GRANTOR_PRINCIPAL" VARCHAR(128) NOT NULL -- principal of the creator
+);
+
+CREATE TABLE "SENTRY_ROLE" (
+ "ROLE_ID" NUMBER NOT NULL,
+ "ROLE_NAME" VARCHAR2(128) NOT NULL,
+ "CREATE_TIME" NUMBER NOT NULL,
+ "ROLE_OWNER" VARCHAR2(128) NOT NULL
+);
+
+CREATE TABLE "SENTRY_GROUP" (
+ "GROUP_ID" NUMBER NOT NULL,
+ "GROUP_NAME" VARCHAR2(128) NOT NULL,
+ "CREATE_TIME" NUMBER NOT NULL,
+ "GRANTOR_PRINCIPAL" VARCHAR2(128) NOT NULL
+);
+
+CREATE TABLE "SENTRY_ROLE_DB_PRIVILEGE_MAP" (
+ "ROLE_PRIVILEGE_MAP_ID" NUMBER NOT NULL,
+ "ROLE_ID" NUMBER NOT NULL, -- FK to SENTRY_ROLE.ROLE_ID
+ "DB_PRIVILEGE_ID" NUMBER NOT NULL -- FK to SENTRY_DB_PRIVILEGE.DB_PRIVILEGE_ID
+);
+
+CREATE TABLE "SENTRY_ROLE_GROUP_MAP" (
+ "ROLE_GROUP_MAP_ID" NUMBER NOT NULL,
+ "ROLE_ID" NUMBER NOT NULL, -- FK to SENTRY_ROLE.ROLE_ID
+ "GROUP_ID" NUMBER NOT NULL -- FK to SENTRY_GROUP.GROUP_ID
+);
+
+CREATE TABLE "SENTRY_VERSION" (
+ "VER_ID" NUMBER NOT NULL,
+ "SCHEMA_VERSION" VARCHAR(127) NOT NULL,
+ "VERSION_COMMENT" VARCHAR(255) NOT NULL
+);
+
+ALTER TABLE "SENTRY_DB_PRIVILEGE"
+ ADD CONSTRAINT "SENTRY_DB_PRIV_PK" PRIMARY KEY ("DB_PRIVILEGE_ID");
+
+ALTER TABLE "SENTRY_ROLE"
+ ADD CONSTRAINT "SENTRY_ROLE_PK" PRIMARY KEY ("ROLE_ID");
+
+ALTER TABLE "SENTRY_GROUP"
+ ADD CONSTRAINT "SENTRY_GROUP_PK" PRIMARY KEY ("GROUP_ID");
+
+ALTER TABLE "SENTRY_ROLE_DB_PRIVILEGE_MAP"
+ ADD CONSTRAINT "SENTRY_ROLE_DB_PRIV_MAP_PK" PRIMARY KEY ("ROLE_PRIVILEGE_MAP_ID");
+
+ALTER TABLE "SENTRY_ROLE_GROUP_MAP"
+ ADD CONSTRAINT "SENTRY_ROLE_GROUP_MAP_PK" PRIMARY KEY ("ROLE_GROUP_MAP_ID");
+
+ALTER TABLE "SENTRY_VERSION" ADD CONSTRAINT "SENTRY_VERSION_PK" PRIMARY KEY ("VER_ID");
+
+ALTER TABLE "SENTRY_DB_PRIVILEGE"
+ ADD CONSTRAINT "SENTRY_DB_PRIV_PRIV_NAME_UNIQ" UNIQUE ("PRIVILEGE_NAME");
+
+ALTER TABLE "SENTRY_ROLE"
+ ADD CONSTRAINT "SENTRY_ROLE_ROLE_NAME_UNIQUE" UNIQUE ("ROLE_NAME");
+
+ALTER TABLE "SENTRY_ROLE_DB_PRIVILEGE_MAP"
+ ADD CONSTRAINT "SEN_RLE_DB_PRV_MAP_SN_RLE_FK"
+ FOREIGN KEY ("ROLE_ID") REFERENCES "SENTRY_ROLE"("ROLE_ID") INITIALLY DEFERRED;
+
+ALTER TABLE "SENTRY_ROLE_DB_PRIVILEGE_MAP"
+ ADD CONSTRAINT "SEN_RL_DB_PRV_MAP_SN_DB_PRV_FK"
+ FOREIGN KEY ("DB_PRIVILEGE_ID") REFERENCES "SENTRY_DB_PRIVILEGE"("DB_PRIVILEGE_ID") INITIALLY DEFERRED;
+
+ALTER TABLE "SENTRY_ROLE_GROUP_MAP"
+ ADD CONSTRAINT "SEN_ROLE_GROUP_MAP_SEN_ROLE_FK"
+ FOREIGN KEY ("ROLE_ID") REFERENCES "SENTRY_ROLE"("ROLE_ID") INITIALLY DEFERRED;
+
+ALTER TABLE "SENTRY_ROLE_GROUP_MAP"
+ ADD CONSTRAINT "SEN_ROLE_GROUP_MAP_SEN_GRP_FK"
+ FOREIGN KEY ("GROUP_ID") REFERENCES "SENTRY_GROUP"("GROUP_ID") INITIALLY DEFERRED;
+
+INSERT INTO VERSION (VER_ID, SCHEMA_VERSION, VERSION_COMMENT) VALUES (1, '1.4.0', 'Sentry release version 1.4.0');
+
http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/644e8be3/sentry-provider/sentry-provider-db/src/main/resources/sentry-postgres-1.4.0.sql
----------------------------------------------------------------------
diff --git a/sentry-provider/sentry-provider-db/src/main/resources/sentry-postgres-1.4.0.sql b/sentry-provider/sentry-provider-db/src/main/resources/sentry-postgres-1.4.0.sql
new file mode 100644
index 0000000..7298923
--- /dev/null
+++ b/sentry-provider/sentry-provider-db/src/main/resources/sentry-postgres-1.4.0.sql
@@ -0,0 +1,115 @@
+--Licensed to the Apache Software Foundation (ASF) under one or more
+--contributor license agreements. See the NOTICE file distributed with
+--this work for additional information regarding copyright ownership.
+--The ASF licenses this file to You under the Apache License, Version 2.0
+--(the "License"); you may not use this file except in compliance with
+--the License. You may obtain a copy of the License at
+--
+-- http://www.apache.org/licenses/LICENSE-2.0
+--
+--Unless required by applicable law or agreed to in writing, software
+--distributed under the License is distributed on an "AS IS" BASIS,
+--WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+--See the License for the specific language governing permissions and
+--limitations under the License.
+
+START TRANSACTION;
+
+SET statement_timeout = 0;
+SET client_encoding = 'UTF8';
+SET standard_conforming_strings = off;
+SET check_function_bodies = false;
+SET client_min_messages = warning;
+SET escape_string_warning = off;
+SET search_path = public, pg_catalog;
+SET default_tablespace = '';
+SET default_with_oids = false;
+
+CREATE TABLE "SENTRY_DB_PRIVILEGE" (
+ "DB_PRIVILEGE_ID" BIGINT NOT NULL,
+ "PRIVILEGE_NAME" character varying(128) NOT NULL, -- Name of the privilege
+ "PRIVILEGE_SCOPE" character varying(32) NOT NULL, -- Scope. Valid values are Server, Database, Table
+ "SERVER_NAME" character varying(128) NOT NULL,
+ "DATABASE_NAME" character varying(128) DEFAULT NULL::character varying,
+ "TABLE_NAME" character varying(128) DEFAULT NULL::character varying,
+ "URI" character varying(4000) DEFAULT NULL::character varying,
+ "PRIVILEGE" character varying(128) NOT NULL, -- Allowed action. Valid values are ALL, INSERT, SELECT
+ "CREATE_TIME" BIGINT NOT NULL,
+ "GRANTOR_PRINCIPAL" VARCHAR(128) NOT NULL -- principal of the creator
+);
+
+CREATE TABLE "SENTRY_ROLE" (
+ "ROLE_ID" BIGINT NOT NULL,
+ "ROLE_NAME" character varying(128) NOT NULL,
+ "CREATE_TIME" BIGINT NOT NULL,
+ "ROLE_OWNER" character varying(128) NOT NULL
+);
+
+CREATE TABLE "SENTRY_GROUP" (
+ "GROUP_ID" BIGINT NOT NULL,
+ "GROUP_NAME" character varying(128) NOT NULL,
+ "CREATE_TIME" BIGINT NOT NULL,
+ "GRANTOR_PRINCIPAL" character varying(128) NOT NULL
+);
+
+CREATE TABLE "SENTRY_ROLE_DB_PRIVILEGE_MAP" (
+ "ROLE_PRIVILEGE_MAP_ID" BIGINT NOT NULL,
+ "ROLE_ID" BIGINT NOT NULL, -- FK to SENTRY_ROLE.ROLE_ID
+ "DB_PRIVILEGE_ID" BIGINT NOT NULL -- FK to SENTRY_DB_PRIVILEGE.DB_PRIVILEGE_ID
+);
+
+CREATE TABLE "SENTRY_ROLE_GROUP_MAP" (
+ "ROLE_GROUP_MAP_ID" BIGINT NOT NULL,
+ "ROLE_ID" BIGINT NOT NULL, -- FK to SENTRY_ROLE.ROLE_ID
+ "GROUP_ID" BIGINT NOT NULL -- FK to SENTRY_GROUP.GROUP_ID
+);
+
+CREATE TABLE "SENTRY_VERSION" (
+ "VER_ID" bigint,
+ "SCHEMA_VERSION" character varying(127) NOT NULL,
+ "VERSION_COMMENT" character varying(255) NOT NULL
+);
+
+
+ALTER TABLE ONLY "SENTRY_DB_PRIVILEGE"
+ ADD CONSTRAINT "SENTRY_DB_PRIV_PK" PRIMARY KEY ("DB_PRIVILEGE_ID");
+
+ALTER TABLE ONLY "SENTRY_ROLE"
+ ADD CONSTRAINT "SENTRY_ROLE_PK" PRIMARY KEY ("ROLE_ID");
+
+ALTER TABLE ONLY "SENTRY_GROUP"
+ ADD CONSTRAINT "SENTRY_GROUP_PK" PRIMARY KEY ("GROUP_ID");
+
+ALTER TABLE ONLY "SENTRY_ROLE_DB_PRIVILEGE_MAP"
+ ADD CONSTRAINT "SENTRY_ROLE_DB_PRIV_MAP_PK" PRIMARY KEY ("ROLE_PRIVILEGE_MAP_ID");
+
+ALTER TABLE ONLY "SENTRY_ROLE_GROUP_MAP"
+ ADD CONSTRAINT "SENTRY_ROLE_GROUP_MAP_PK" PRIMARY KEY ("ROLE_GROUP_MAP_ID");
+
+ALTER TABLE ONLY "SENTRY_VERSION" ADD CONSTRAINT "SENTRY_VERSION_PK" PRIMARY KEY ("VER_ID");
+
+ALTER TABLE ONLY "SENTRY_DB_PRIVILEGE"
+ ADD CONSTRAINT "SENTRY_DB_PRIV_PRIV_NAME_UNIQ" UNIQUE ("PRIVILEGE_NAME");
+
+ALTER TABLE ONLY "SENTRY_ROLE"
+ ADD CONSTRAINT "SENTRY_ROLE_ROLE_NAME_UNIQUE" UNIQUE ("ROLE_NAME");
+
+ALTER TABLE ONLY "SENTRY_ROLE_DB_PRIVILEGE_MAP"
+ ADD CONSTRAINT "SEN_RLE_DB_PRV_MAP_SN_RLE_FK"
+ FOREIGN KEY ("ROLE_ID") REFERENCES "SENTRY_ROLE"("ROLE_ID") DEFERRABLE;
+
+ALTER TABLE ONLY "SENTRY_ROLE_DB_PRIVILEGE_MAP"
+ ADD CONSTRAINT "SEN_RL_DB_PRV_MAP_SN_DB_PRV_FK"
+ FOREIGN KEY ("DB_PRIVILEGE_ID") REFERENCES "SENTRY_DB_PRIVILEGE"("DB_PRIVILEGE_ID") DEFERRABLE;
+
+ALTER TABLE ONLY "SENTRY_ROLE_GROUP_MAP"
+ ADD CONSTRAINT "SEN_ROLE_GROUP_MAP_SEN_ROLE_FK"
+ FOREIGN KEY ("ROLE_ID") REFERENCES "SENTRY_ROLE"("ROLE_ID") DEFERRABLE;
+
+ALTER TABLE ONLY "SENTRY_ROLE_GROUP_MAP"
+ ADD CONSTRAINT "SEN_ROLE_GROUP_MAP_SEN_GRP_FK"
+ FOREIGN KEY ("GROUP_ID") REFERENCES "SENTRY_GROUP"("GROUP_ID") DEFERRABLE;
+
+INSERT INTO "SENTRY_VERSION" ("VER_ID", "SCHEMA_VERSION", "VERSION_COMMENT") VALUES (1, '1.4.0', 'Sentry release version 1.4.0');
+
+COMMIT;
http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/644e8be3/sentry-provider/sentry-provider-db/src/main/resources/sentry_common_service.thrift
----------------------------------------------------------------------
diff --git a/sentry-provider/sentry-provider-db/src/main/resources/sentry_common_service.thrift b/sentry-provider/sentry-provider-db/src/main/resources/sentry_common_service.thrift
new file mode 100644
index 0000000..7a545be
--- /dev/null
+++ b/sentry-provider/sentry-provider-db/src/main/resources/sentry_common_service.thrift
@@ -0,0 +1,41 @@
+#!/usr/local/bin/thrift -java
+
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+include "share/fb303/if/fb303.thrift"
+
+namespace java org.apache.sentry.service.thrift
+namespace php sentry.service.thrift
+namespace cpp Apache.Sentry.Service.Thrift
+
+const i32 TSENTRY_SERVICE_V1 = 1;
+
+const i32 TSENTRY_STATUS_OK = 0;
+const i32 TSENTRY_STATUS_ALREADY_EXISTS = 1;
+const i32 TSENTRY_STATUS_NO_SUCH_OBJECT = 2;
+const i32 TSENTRY_STATUS_RUNTIME_ERROR = 3;
+const i32 TSENTRY_STATUS_INVALID_INPUT = 4;
+
+struct TSentryResponseStatus {
+1: required i32 value,
+// message will be set to empty string when status is OK
+2: required string message
+3: optional string stack
+}
+
http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/644e8be3/sentry-provider/sentry-provider-db/src/main/resources/sentry_policy_service.thrift
----------------------------------------------------------------------
diff --git a/sentry-provider/sentry-provider-db/src/main/resources/sentry_policy_service.thrift b/sentry-provider/sentry-provider-db/src/main/resources/sentry_policy_service.thrift
new file mode 100644
index 0000000..b3f7d6e
--- /dev/null
+++ b/sentry-provider/sentry-provider-db/src/main/resources/sentry_policy_service.thrift
@@ -0,0 +1,150 @@
+#!/usr/local/bin/thrift -java
+
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#
+# Thrift Service that the MetaStore is built on
+#
+
+include "share/fb303/if/fb303.thrift"
+include "sentry_common_service.thrift"
+
+namespace java org.apache.sentry.provider.db.service.thrift
+namespace php sentry.provider.db.service.thrift
+namespace cpp Apache.Sentry.Provider.Db.Service.Thrift
+
+struct TSentryPrivilege {
+1: required string privilegeScope, # Valid values are SERVER, DATABASE, TABLE
+2: optional string privilegeName, # Generated on server side
+3: required string serverName,
+4: optional string dbName,
+5: optional string tableName,
+6: optional string URI,
+7: required string action,
+8: optional i64 createTime, # Set on server side
+9: optional string grantorPrincipal # Set on server side
+}
+
+struct TSentryRole {
+1: required string roleName,
+# TODO privs should not be part of Sentry role as
+# they are created when a grant is executed
+# They need to be returned as part of the list role API, else
+# there would be another round trip
+2: required set<TSentryPrivilege> privileges,
+3: required i64 createTime,
+4: required string grantorPrincipal
+}
+
+// TODO fill out
+struct TSentryGroup {
+1: required string groupName
+}
+
+struct TCreateSentryRoleRequest {
+1: required i32 protocol_version = sentry_common_service.TSENTRY_SERVICE_V1,
+2: required string requestorUserName,
+3: required TSentryRole role,
+4: required set<string> requestorGroupName
+}
+struct TCreateSentryRoleResponse {
+1: required sentry_common_service.TSentryResponseStatus status
+}
+
+struct TListSentryRolesRequest {
+1: required i32 protocol_version = sentry_common_service.TSENTRY_SERVICE_V1,
+2: required string requestorUserName, # user on whose behalf the request is issued
+3: optional string rolerequestorGroupName, # list roles for this group
+4: required string roleName,
+5: required set<string> requestorGroupName # groups the requesting user belongs to
+}
+struct TListSentryRolesResponse {
+1: required sentry_common_service.TSentryResponseStatus status
+2: required set<TSentryRole> roles
+}
+
+struct TDropSentryRoleRequest {
+1: required i32 protocol_version = sentry_common_service.TSENTRY_SERVICE_V1,
+2: required string requestorUserName,
+3: required string roleName,
+4: required set<string> requestorGroupName
+}
+struct TDropSentryRoleResponse {
+1: required sentry_common_service.TSentryResponseStatus status
+}
+
+struct TAlterSentryRoleAddGroupsRequest {
+1: required i32 protocol_version = sentry_common_service.TSENTRY_SERVICE_V1,
+2: required string requestorUserName,
+3: required string roleName,
+4: required set<string> requestorGroupName,
+5: required set<TSentryGroup> groups
+}
+
+struct TAlterSentryRoleAddGroupsResponse {
+1: required sentry_common_service.TSentryResponseStatus status
+}
+
+struct TAlterSentryRoleDeleteGroupsRequest {
+1: required i32 protocol_version = sentry_common_service.TSENTRY_SERVICE_V1,
+2: required string requestorUserName,
+3: required set<string> requestorGroupName
+}
+struct TAlterSentryRoleDeleteGroupsResponse {
+1: required sentry_common_service.TSentryResponseStatus status
+}
+
+struct TAlterSentryRoleGrantPrivilegeRequest {
+1: required i32 protocol_version = sentry_common_service.TSENTRY_SERVICE_V1,
+2: required string requestorUserName,
+3: required string roleName,
+4: required set<string> requestorGroupName,
+5: required TSentryPrivilege privilege
+}
+
+struct TAlterSentryRoleGrantPrivilegeResponse {
+1: required sentry_common_service.TSentryResponseStatus status
+}
+
+struct TAlterSentryRoleRevokePrivilegeRequest {
+1: required i32 protocol_version = sentry_common_service.TSENTRY_SERVICE_V1,
+2: required string requestorUserName,
+3: required string roleName,
+4: required set<string> requestorGroupName,
+5: required TSentryPrivilege privilege
+}
+
+struct TAlterSentryRoleRevokePrivilegeResponse {
+1: required sentry_common_service.TSentryResponseStatus status
+}
+
+service SentryPolicyService
+{
+ TCreateSentryRoleResponse create_sentry_role(1:TCreateSentryRoleRequest request)
+ TDropSentryRoleResponse drop_sentry_role(1:TDropSentryRoleRequest request)
+
+ TAlterSentryRoleGrantPrivilegeResponse alter_sentry_role_grant_privilege(1:TAlterSentryRoleGrantPrivilegeRequest request)
+ TAlterSentryRoleRevokePrivilegeResponse alter_sentry_role_revoke_privilege(1:TAlterSentryRoleRevokePrivilegeRequest request)
+
+ TAlterSentryRoleAddGroupsResponse alter_sentry_role_add_groups(1:TAlterSentryRoleAddGroupsRequest request)
+ TAlterSentryRoleDeleteGroupsResponse alter_sentry_role_delete_groups(1:TAlterSentryRoleDeleteGroupsRequest request)
+
+ TListSentryRolesResponse list_sentry_roles_by_group(1:TListSentryRolesRequest request)
+ TListSentryRolesResponse list_sentry_roles_by_role_name(1:TListSentryRolesRequest request)
+}
http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/644e8be3/sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/provider/db/service/persistent/TestSentryStore.java
----------------------------------------------------------------------
diff --git a/sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/provider/db/service/persistent/TestSentryStore.java b/sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/provider/db/service/persistent/TestSentryStore.java
new file mode 100644
index 0000000..be3d078
--- /dev/null
+++ b/sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/provider/db/service/persistent/TestSentryStore.java
@@ -0,0 +1,145 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.sentry.provider.db.service.persistent;
+
+import static junit.framework.Assert.assertEquals;
+import static junit.framework.Assert.fail;
+
+import java.io.File;
+import java.util.Collections;
+import java.util.Set;
+
+import org.apache.commons.io.FileUtils;
+import org.apache.sentry.provider.db.service.model.MSentryPrivilege;
+import org.apache.sentry.provider.db.service.model.MSentryRole;
+import org.apache.sentry.provider.db.service.thrift.SentryPolicyStoreProcessor;
+import org.apache.sentry.provider.db.service.thrift.TSentryGroup;
+import org.apache.sentry.provider.db.service.thrift.TSentryPrivilege;
+import org.apache.sentry.provider.db.service.thrift.TSentryRole;
+import org.junit.AfterClass;
+import org.junit.BeforeClass;
+import org.junit.Test;
+
+import com.google.common.collect.Iterables;
+import com.google.common.collect.Sets;
+import com.google.common.io.Files;
+
+public class TestSentryStore {
+
+ private static File dataDir;
+ private static SentryStore sentryStore;
+
+ @BeforeClass
+ public static void setup() throws Exception {
+ dataDir = new File(Files.createTempDir(), SentryStore.DEFAULT_DATA_DIR);
+ sentryStore = new SentryStore(dataDir.getPath());
+ }
+
+ @AfterClass
+ public static void teardown() {
+ if (sentryStore != null) {
+ sentryStore.stop();
+ }
+ if (dataDir != null) {
+ FileUtils.deleteQuietly(dataDir);
+ }
+ }
+
+ private static CommitContext createRole(String r, String g) throws Exception {
+ TSentryRole role = new TSentryRole();
+ role.setGrantorPrincipal(g);
+ role.setRoleName(r);
+ return sentryStore.createSentryRole(role);
+ }
+
+
+ @Test
+ public void testCreateDuplicateRole() throws Exception {
+ String roleName = "test-dup-role";
+ String grantor = "g1";
+ createRole(roleName, grantor);
+ try {
+ createRole(roleName, grantor);
+ fail("Expected SentryAlreadyExistsException");
+ } catch(SentryAlreadyExistsException e) {
+ // expected
+ }
+ }
+
+ @Test
+ public void testCreateDropRole() throws Exception {
+ String roleName = "test-drop-role";
+ String grantor = "g1";
+ long seqId = createRole(roleName, grantor).getSequenceId();
+ assertEquals(seqId + 1, sentryStore.dropSentryRole(roleName).getSequenceId());
+ }
+
+ @Test(expected = SentryNoSuchObjectException.class)
+ public void testAddDeleteGroupsNonExistantRole()
+ throws Exception {
+ String roleName = "non-existant-role";
+ String grantor = "g1";
+ Set<TSentryGroup> groups = Sets.newHashSet();
+ sentryStore.alterSentryRoleAddGroups(grantor, roleName, groups);
+ }
+
+ @Test
+ public void testAddDeleteGroups() throws Exception {
+ String roleName = "test-groups";
+ String grantor = "g1";
+ long seqId = createRole(roleName, grantor).getSequenceId();
+ Set<TSentryGroup> groups = Sets.newHashSet();
+ TSentryGroup group = new TSentryGroup();
+ group.setGroupName("test-groups-g1");
+ groups.add(group);
+ group = new TSentryGroup();
+ group.setGroupName("test-groups-g2");
+ groups.add(group);
+ assertEquals(seqId + 1, sentryStore.alterSentryRoleAddGroups(grantor,
+ roleName, groups).getSequenceId());
+ assertEquals(seqId + 2, sentryStore.alterSentryRoleDeleteGroups(roleName, groups)
+ .getSequenceId());
+ MSentryRole role = sentryStore.getMSentryRoleByName(roleName);
+ assertEquals(Collections.emptySet(), role.getGroups());
+ }
+
+ @Test
+ public void testGrantRevokePrivilege() throws Exception {
+ String roleName = "test-privilege";
+ String grantor = "g1";
+ long seqId = createRole(roleName, grantor).getSequenceId();
+ TSentryPrivilege privilege = new TSentryPrivilege();
+ privilege.setPrivilegeScope("TABLE");
+ privilege.setServerName("server1");
+ privilege.setDbName("db1");
+ privilege.setTableName("tbl1");
+ privilege.setAction("SELECT");
+ privilege.setGrantorPrincipal(grantor);
+ privilege.setCreateTime(System.currentTimeMillis());
+ privilege.setPrivilegeName(SentryPolicyStoreProcessor.constructPrivilegeName(privilege));
+ assertEquals(seqId + 1, sentryStore.alterSentryRoleGrantPrivilege(roleName, privilege)
+ .getSequenceId());
+ MSentryRole role = sentryStore.getMSentryRoleByName(roleName);
+ Set<MSentryPrivilege> privileges = role.getPrivileges();
+ assertEquals(privileges.toString(), 1, privileges.size());
+ assertEquals(privilege.getPrivilegeName(), Iterables.get(privileges, 0).getPrivilegeName());
+ assertEquals(seqId + 2, sentryStore.alterSentryRoleRevokePrivilege(roleName, privilege.getPrivilegeName())
+ .getSequenceId());
+ }
+}
http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/644e8be3/sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/provider/db/service/thrift/TestNotificationHandlerInvoker.java
----------------------------------------------------------------------
diff --git a/sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/provider/db/service/thrift/TestNotificationHandlerInvoker.java b/sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/provider/db/service/thrift/TestNotificationHandlerInvoker.java
new file mode 100644
index 0000000..6a2f48f
--- /dev/null
+++ b/sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/provider/db/service/thrift/TestNotificationHandlerInvoker.java
@@ -0,0 +1,112 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.sentry.provider.db.service.thrift;
+
+import java.util.UUID;
+
+import org.apache.hadoop.conf.Configuration;
+import org.apache.sentry.provider.db.service.persistent.CommitContext;
+import org.junit.Before;
+import org.junit.Test;
+import org.mockito.Mockito;
+
+import com.google.common.collect.Lists;
+
+public class TestNotificationHandlerInvoker {
+
+ private Configuration conf;
+ private CommitContext commitContext;
+ private NotificationHandler handler;
+ private NotificationHandlerInvoker invoker;
+
+ @Before
+ public void setup() throws Exception {
+ conf = new Configuration(false);
+ commitContext = new CommitContext(UUID.randomUUID(), 1L);
+ handler = Mockito.spy(new NotificationHandler(conf) {});
+ invoker = new NotificationHandlerInvoker(conf,
+ Lists.newArrayList(new ThrowingNotificationHandler(conf), handler));
+ }
+
+ @Test
+ public void testCreateSentryRole() throws Exception {
+ TCreateSentryRoleRequest request = new TCreateSentryRoleRequest();
+ TCreateSentryRoleResponse response = new TCreateSentryRoleResponse();
+ invoker.create_sentry_role(commitContext, request, response);
+ Mockito.verify(handler).create_sentry_role(commitContext,
+ request, response);
+ }
+
+ @Test
+ public void testDropSentryRole() throws Exception {
+ TDropSentryRoleRequest request = new TDropSentryRoleRequest();
+ TDropSentryRoleResponse response = new TDropSentryRoleResponse();
+ invoker.drop_sentry_role(commitContext, request, response);
+ Mockito.verify(handler).drop_sentry_role(commitContext,
+ request, response);
+ }
+
+
+
+ @Test
+ public void testAlterSentryRoleAddGroups() throws Exception {
+ TAlterSentryRoleAddGroupsRequest request = new TAlterSentryRoleAddGroupsRequest();
+ TAlterSentryRoleAddGroupsResponse response = new TAlterSentryRoleAddGroupsResponse();
+ invoker.alter_sentry_role_add_groups(commitContext, request, response);
+ Mockito.verify(handler).alter_sentry_role_add_groups(commitContext,
+ request, response);
+ }
+
+ @Test
+ public void testAlterSentryRoleDeleteGroups() throws Exception {
+ TAlterSentryRoleDeleteGroupsRequest request = new TAlterSentryRoleDeleteGroupsRequest();
+ TAlterSentryRoleDeleteGroupsResponse response = new TAlterSentryRoleDeleteGroupsResponse();
+ invoker.alter_sentry_role_delete_groups(commitContext, request, response);
+ Mockito.verify(handler).alter_sentry_role_delete_groups(commitContext,
+ request, response);
+ }
+
+ public static class ThrowingNotificationHandler extends NotificationHandler {
+ public ThrowingNotificationHandler(Configuration config) throws Exception {
+ super(config);
+ }
+ @Override
+ public void create_sentry_role(CommitContext args,
+ TCreateSentryRoleRequest request, TCreateSentryRoleResponse response) {
+ throw new RuntimeException();
+ }
+ public void drop_sentry_role(CommitContext context,
+ TDropSentryRoleRequest request,
+ TDropSentryRoleResponse response) {
+ throw new RuntimeException();
+ }
+ @Override
+ public void alter_sentry_role_add_groups(CommitContext args,
+ TAlterSentryRoleAddGroupsRequest request,
+ TAlterSentryRoleAddGroupsResponse response) {
+ throw new RuntimeException();
+ }
+ @Override
+ public void alter_sentry_role_delete_groups(
+ CommitContext args, TAlterSentryRoleDeleteGroupsRequest request,
+ TAlterSentryRoleDeleteGroupsResponse response) {
+ throw new RuntimeException();
+ }
+ }
+}
http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/644e8be3/sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/provider/db/service/thrift/TestSentryPolicyStoreProcessor.java
----------------------------------------------------------------------
diff --git a/sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/provider/db/service/thrift/TestSentryPolicyStoreProcessor.java b/sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/provider/db/service/thrift/TestSentryPolicyStoreProcessor.java
new file mode 100644
index 0000000..46f8fb8
--- /dev/null
+++ b/sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/provider/db/service/thrift/TestSentryPolicyStoreProcessor.java
@@ -0,0 +1,70 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.sentry.provider.db.service.thrift;
+
+import junit.framework.Assert;
+
+import org.apache.hadoop.conf.Configuration;
+import org.apache.sentry.provider.db.service.thrift.PolicyStoreConstants.PolicyStoreServerConfig;
+import org.junit.Before;
+import org.junit.Test;
+
+public class TestSentryPolicyStoreProcessor {
+
+ private Configuration conf;
+
+ @Before
+ public void setup() {
+ conf = new Configuration(false);
+ }
+ @Test(expected=SentryConfigurationException.class)
+ public void testConfigNotNotificationHandler() throws Exception {
+ conf.set(PolicyStoreServerConfig.NOTIFICATION_HANDLERS, Object.class.getName());
+ SentryPolicyStoreProcessor.createHandlers(conf);
+ }
+ @Test(expected=SentryConfigurationException.class)
+ public void testConfigCannotCreateNotificationHandler() throws Exception {
+ conf.set(PolicyStoreServerConfig.NOTIFICATION_HANDLERS,
+ ExceptionInConstructorNotificationHandler.class.getName());
+ SentryPolicyStoreProcessor.createHandlers(conf);
+ }
+ @Test(expected=SentryConfigurationException.class)
+ public void testConfigNotAClassNotificationHandler() throws Exception {
+ conf.set(PolicyStoreServerConfig.NOTIFICATION_HANDLERS, "junk");
+ SentryPolicyStoreProcessor.createHandlers(conf);
+ }
+ @Test
+ public void testConfigMultipleNotificationHandlers() throws Exception {
+ conf.set(PolicyStoreServerConfig.NOTIFICATION_HANDLERS,
+ NoopNotificationHandler.class.getName() + "," +
+ NoopNotificationHandler.class.getName() + " " +
+ NoopNotificationHandler.class.getName());
+ Assert.assertEquals(3, SentryPolicyStoreProcessor.createHandlers(conf).size());
+ }
+ public static class ExceptionInConstructorNotificationHandler extends NotificationHandler {
+ public ExceptionInConstructorNotificationHandler(Configuration config) throws Exception {
+ super(config);
+ throw new Exception();
+ }
+ }
+ public static class NoopNotificationHandler extends NotificationHandler {
+ public NoopNotificationHandler(Configuration config) throws Exception {
+ super(config);
+ }
+ }
+}
http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/644e8be3/sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/provider/db/service/thrift/TestSentryServiceFailureCase.java
----------------------------------------------------------------------
diff --git a/sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/provider/db/service/thrift/TestSentryServiceFailureCase.java b/sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/provider/db/service/thrift/TestSentryServiceFailureCase.java
new file mode 100644
index 0000000..a4643bf
--- /dev/null
+++ b/sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/provider/db/service/thrift/TestSentryServiceFailureCase.java
@@ -0,0 +1,45 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.sentry.provider.db.service.thrift;
+
+import java.security.PrivilegedActionException;
+
+import org.apache.sentry.service.thrift.SentryServiceIntegrationBase;
+import org.apache.sentry.service.thrift.ServiceConstants.ServerConfig;
+import org.junit.Assert;
+import org.junit.Before;
+import org.junit.Test;
+
+public class TestSentryServiceFailureCase extends SentryServiceIntegrationBase {
+
+ @Before @Override
+ public void setup() throws Exception {
+ beforeSetup();
+ setupConf();
+ conf.set(ServerConfig.ALLOW_CONNECT, "");
+ startSentryService();
+ afterSetup();
+ }
+
+ @Test(expected = PrivilegedActionException.class)
+ public void testClientServerConnectionFailure() throws Exception {
+ connectToSentryService();
+ Assert.fail("Failed to receive Exception");
+ }
+}
http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/644e8be3/sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/provider/db/service/thrift/TestSentryServiceIntegration.java
----------------------------------------------------------------------
diff --git a/sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/provider/db/service/thrift/TestSentryServiceIntegration.java b/sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/provider/db/service/thrift/TestSentryServiceIntegration.java
new file mode 100644
index 0000000..d073d8b
--- /dev/null
+++ b/sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/provider/db/service/thrift/TestSentryServiceIntegration.java
@@ -0,0 +1,170 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless createRequired by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.sentry.provider.db.service.thrift;
+import java.util.HashSet;
+import java.util.Set;
+
+import org.apache.sentry.service.thrift.SentryServiceIntegrationBase;
+import org.apache.sentry.service.thrift.ServiceConstants.ThriftConstants;
+import org.apache.sentry.service.thrift.Status;
+import org.junit.Test;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+import com.google.common.base.Preconditions;
+
+public class TestSentryServiceIntegration extends SentryServiceIntegrationBase {
+ private static final Logger LOGGER = LoggerFactory.getLogger(TestSentryServiceIntegration.class);
+
+ @Test
+ public void testCreateRole() throws Exception {
+ Set<String> groupSet = new HashSet<String>();
+ TDropSentryRoleRequest dropReq = new TDropSentryRoleRequest();
+ dropReq.setProtocol_version(ThriftConstants.TSENTRY_SERVICE_VERSION_CURRENT);
+ dropReq.setRoleName("admin_r");
+ dropReq.setRequestorUserName("user_1");
+ groupSet.add("admin");
+ dropReq.setRequestorGroupName(groupSet);
+ TDropSentryRoleResponse dropResp = client.dropRole(dropReq);
+ assertStatus(Status.NO_SUCH_OBJECT, dropResp.getStatus());
+ LOGGER.info("Successfully dropped role: admin_r");
+ groupSet.clear();
+
+ TCreateSentryRoleRequest createReq = new TCreateSentryRoleRequest();
+ createReq.setProtocol_version(ThriftConstants.TSENTRY_SERVICE_VERSION_CURRENT);
+ createReq.setRequestorUserName("user_1");
+ groupSet.add("admin");
+ createReq.setRequestorGroupName(groupSet);
+ TSentryRole role = new TSentryRole();
+ role.setRoleName("admin_r");
+ role.setCreateTime(System.currentTimeMillis());
+ role.setGrantorPrincipal("test");
+ role.setPrivileges(new HashSet<TSentryPrivilege>());
+ createReq.setRole(role);
+ TCreateSentryRoleResponse createResp = client.createRole(createReq);
+ assertOK(createResp.getStatus());
+ LOGGER.info("Successfully create role: admin_r");
+ groupSet.clear();
+
+ TListSentryRolesRequest listReq = new TListSentryRolesRequest();
+ listReq.setProtocol_version(ThriftConstants.TSENTRY_SERVICE_VERSION_CURRENT);
+ listReq.setRoleName("admin_r");
+ listReq.setRequestorUserName("user_1");
+ groupSet.add("admin");
+ listReq.setRequestorGroupName(groupSet);
+ TListSentryRolesResponse listResp = client.listRoleByName(listReq);
+ Set<TSentryRole> roles = listResp.getRoles();
+ Preconditions.checkArgument(roles.size() == 1, "Incorrect number of roles");
+ groupSet.clear();
+
+ dropReq.setProtocol_version(ThriftConstants.TSENTRY_SERVICE_VERSION_CURRENT);
+ dropReq.setRoleName("admin_r");
+ dropReq.setRequestorUserName("user_1");
+ groupSet.add("admin");
+ dropReq.setRequestorGroupName(groupSet);
+ dropResp = client.dropRole(dropReq);
+ assertOK(dropResp.getStatus());
+ LOGGER.info("Successfully dropped role: admin_r");
+ groupSet.clear();
+ }
+
+ @Test
+ public void testGrantRevokePrivilege() throws Exception {
+ Set<String> groupSet = new HashSet<String>();
+ TDropSentryRoleRequest dropReq = new TDropSentryRoleRequest();
+ dropReq.setProtocol_version(ThriftConstants.TSENTRY_SERVICE_VERSION_CURRENT);
+ dropReq.setRoleName("admin_testdb");
+ dropReq.setRequestorUserName("server_admin");
+ groupSet.add("admin");
+ dropReq.setRequestorGroupName(groupSet);
+ TDropSentryRoleResponse dropResp = client.dropRole(dropReq);
+ assertStatus(Status.NO_SUCH_OBJECT, dropResp.getStatus());
+ LOGGER.info("Successfully dropped role: admin_testdb");
+ groupSet.clear();
+
+ TCreateSentryRoleRequest createReq = new TCreateSentryRoleRequest();
+ createReq.setProtocol_version(ThriftConstants.TSENTRY_SERVICE_VERSION_CURRENT);
+ createReq.setRequestorUserName("server_admin");
+ groupSet.add("admin");
+ createReq.setRequestorGroupName(groupSet);
+ TSentryRole role = new TSentryRole();
+ role.setRoleName("admin_testdb");
+ role.setCreateTime(System.currentTimeMillis());
+ role.setGrantorPrincipal("server_admin");
+ role.setPrivileges(new HashSet<TSentryPrivilege>());
+ createReq.setRole(role);
+ TCreateSentryRoleResponse createResp = client.createRole(createReq);
+ assertOK(createResp.getStatus());
+ LOGGER.info("Successfully create role: admin_testdb");
+ groupSet.clear();
+
+ TListSentryRolesRequest listReq = new TListSentryRolesRequest();
+ listReq.setProtocol_version(ThriftConstants.TSENTRY_SERVICE_VERSION_CURRENT);
+ listReq.setRoleName("admin_testdb");
+ listReq.setRequestorUserName("server_admin");
+ groupSet.add("admin");
+ listReq.setRequestorGroupName(groupSet);
+ TListSentryRolesResponse listResp = client.listRoleByName(listReq);
+ Set<TSentryRole> roles = listResp.getRoles();
+ Preconditions.checkArgument(roles.size() == 1, "Incorrect number of roles");
+ groupSet.clear();
+
+ TAlterSentryRoleGrantPrivilegeRequest grantReq = new TAlterSentryRoleGrantPrivilegeRequest();
+ grantReq.setProtocol_version(ThriftConstants.TSENTRY_SERVICE_VERSION_CURRENT);
+ grantReq.setRoleName("admin_testdb");
+ grantReq.setRequestorUserName("server_admin");
+ groupSet.add("admin");
+ grantReq.setRequestorGroupName(groupSet);
+ TSentryPrivilege privilege = new TSentryPrivilege();
+ privilege.setPrivilegeScope("DB");
+ privilege.setServerName("server1");
+ privilege.setDbName("testDB");
+ privilege.setAction("ALL");
+ privilege.setGrantorPrincipal("server_admin");
+ privilege.setCreateTime(System.currentTimeMillis());
+ grantReq.setPrivilege(privilege);
+ TAlterSentryRoleGrantPrivilegeResponse grantResp = client.grantPrivilege(grantReq);
+ assertOK(grantResp.getStatus());
+ LOGGER.info("Successfully granted privilege: " + privilege.toString());
+ groupSet.clear();
+
+ TAlterSentryRoleRevokePrivilegeRequest revokeReq = new TAlterSentryRoleRevokePrivilegeRequest();
+ revokeReq.setProtocol_version(ThriftConstants.TSENTRY_SERVICE_VERSION_CURRENT);
+ revokeReq.setRoleName("admin_testdb");
+ revokeReq.setRequestorUserName("server_admin");
+ groupSet.add("admin");
+ revokeReq.setRequestorGroupName(groupSet);
+ revokeReq.setPrivilege(privilege);
+ TAlterSentryRoleRevokePrivilegeResponse revokeResp = client.revokePrivilege(revokeReq);
+ assertOK(revokeResp.getStatus());
+ LOGGER.info("Successfully revoked privilege: " + privilege.toString());
+ groupSet.clear();
+
+ dropReq.setProtocol_version(ThriftConstants.TSENTRY_SERVICE_VERSION_CURRENT);
+ dropReq.setRoleName("admin_testdb");
+ dropReq.setRequestorUserName("server_admin");
+ groupSet.add("admin");
+ dropReq.setRequestorGroupName(groupSet);
+ dropResp = client.dropRole(dropReq);
+ assertOK(dropResp.getStatus());
+ LOGGER.info("Successfully dropped role: admin_testdb");
+ groupSet.clear();
+ }
+
+}
[07/13] SENTRY-143: Merge db_policy_store branch into master (Brock
Noland via Shreepadma Venugopalan)
Posted by sh...@apache.org.
http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/644e8be3/sentry-provider/sentry-provider-db/src/gen/thrift/gen-javabean/org/apache/sentry/provider/db/service/thrift/TAlterSentryRoleGrantPrivilegeRequest.java
----------------------------------------------------------------------
diff --git a/sentry-provider/sentry-provider-db/src/gen/thrift/gen-javabean/org/apache/sentry/provider/db/service/thrift/TAlterSentryRoleGrantPrivilegeRequest.java b/sentry-provider/sentry-provider-db/src/gen/thrift/gen-javabean/org/apache/sentry/provider/db/service/thrift/TAlterSentryRoleGrantPrivilegeRequest.java
new file mode 100644
index 0000000..71e950c
--- /dev/null
+++ b/sentry-provider/sentry-provider-db/src/gen/thrift/gen-javabean/org/apache/sentry/provider/db/service/thrift/TAlterSentryRoleGrantPrivilegeRequest.java
@@ -0,0 +1,846 @@
+/**
+ * Autogenerated by Thrift Compiler (0.9.0)
+ *
+ * DO NOT EDIT UNLESS YOU ARE SURE THAT YOU KNOW WHAT YOU ARE DOING
+ * @generated
+ */
+package org.apache.sentry.provider.db.service.thrift;
+
+import org.apache.commons.lang.builder.HashCodeBuilder;
+import org.apache.thrift.scheme.IScheme;
+import org.apache.thrift.scheme.SchemeFactory;
+import org.apache.thrift.scheme.StandardScheme;
+
+import org.apache.thrift.scheme.TupleScheme;
+import org.apache.thrift.protocol.TTupleProtocol;
+import org.apache.thrift.protocol.TProtocolException;
+import org.apache.thrift.EncodingUtils;
+import org.apache.thrift.TException;
+import java.util.List;
+import java.util.ArrayList;
+import java.util.Map;
+import java.util.HashMap;
+import java.util.EnumMap;
+import java.util.Set;
+import java.util.HashSet;
+import java.util.EnumSet;
+import java.util.Collections;
+import java.util.BitSet;
+import java.nio.ByteBuffer;
+import java.util.Arrays;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+public class TAlterSentryRoleGrantPrivilegeRequest implements org.apache.thrift.TBase<TAlterSentryRoleGrantPrivilegeRequest, TAlterSentryRoleGrantPrivilegeRequest._Fields>, java.io.Serializable, Cloneable {
+ private static final org.apache.thrift.protocol.TStruct STRUCT_DESC = new org.apache.thrift.protocol.TStruct("TAlterSentryRoleGrantPrivilegeRequest");
+
+ private static final org.apache.thrift.protocol.TField PROTOCOL_VERSION_FIELD_DESC = new org.apache.thrift.protocol.TField("protocol_version", org.apache.thrift.protocol.TType.I32, (short)1);
+ private static final org.apache.thrift.protocol.TField REQUESTOR_USER_NAME_FIELD_DESC = new org.apache.thrift.protocol.TField("requestorUserName", org.apache.thrift.protocol.TType.STRING, (short)2);
+ private static final org.apache.thrift.protocol.TField ROLE_NAME_FIELD_DESC = new org.apache.thrift.protocol.TField("roleName", org.apache.thrift.protocol.TType.STRING, (short)3);
+ private static final org.apache.thrift.protocol.TField REQUESTOR_GROUP_NAME_FIELD_DESC = new org.apache.thrift.protocol.TField("requestorGroupName", org.apache.thrift.protocol.TType.SET, (short)4);
+ private static final org.apache.thrift.protocol.TField PRIVILEGE_FIELD_DESC = new org.apache.thrift.protocol.TField("privilege", org.apache.thrift.protocol.TType.STRUCT, (short)5);
+
+ private static final Map<Class<? extends IScheme>, SchemeFactory> schemes = new HashMap<Class<? extends IScheme>, SchemeFactory>();
+ static {
+ schemes.put(StandardScheme.class, new TAlterSentryRoleGrantPrivilegeRequestStandardSchemeFactory());
+ schemes.put(TupleScheme.class, new TAlterSentryRoleGrantPrivilegeRequestTupleSchemeFactory());
+ }
+
+ private int protocol_version; // required
+ private String requestorUserName; // required
+ private String roleName; // required
+ private Set<String> requestorGroupName; // required
+ private TSentryPrivilege privilege; // required
+
+ /** The set of fields this struct contains, along with convenience methods for finding and manipulating them. */
+ public enum _Fields implements org.apache.thrift.TFieldIdEnum {
+ PROTOCOL_VERSION((short)1, "protocol_version"),
+ REQUESTOR_USER_NAME((short)2, "requestorUserName"),
+ ROLE_NAME((short)3, "roleName"),
+ REQUESTOR_GROUP_NAME((short)4, "requestorGroupName"),
+ PRIVILEGE((short)5, "privilege");
+
+ private static final Map<String, _Fields> byName = new HashMap<String, _Fields>();
+
+ static {
+ for (_Fields field : EnumSet.allOf(_Fields.class)) {
+ byName.put(field.getFieldName(), field);
+ }
+ }
+
+ /**
+ * Find the _Fields constant that matches fieldId, or null if its not found.
+ */
+ public static _Fields findByThriftId(int fieldId) {
+ switch(fieldId) {
+ case 1: // PROTOCOL_VERSION
+ return PROTOCOL_VERSION;
+ case 2: // REQUESTOR_USER_NAME
+ return REQUESTOR_USER_NAME;
+ case 3: // ROLE_NAME
+ return ROLE_NAME;
+ case 4: // REQUESTOR_GROUP_NAME
+ return REQUESTOR_GROUP_NAME;
+ case 5: // PRIVILEGE
+ return PRIVILEGE;
+ default:
+ return null;
+ }
+ }
+
+ /**
+ * Find the _Fields constant that matches fieldId, throwing an exception
+ * if it is not found.
+ */
+ public static _Fields findByThriftIdOrThrow(int fieldId) {
+ _Fields fields = findByThriftId(fieldId);
+ if (fields == null) throw new IllegalArgumentException("Field " + fieldId + " doesn't exist!");
+ return fields;
+ }
+
+ /**
+ * Find the _Fields constant that matches name, or null if its not found.
+ */
+ public static _Fields findByName(String name) {
+ return byName.get(name);
+ }
+
+ private final short _thriftId;
+ private final String _fieldName;
+
+ _Fields(short thriftId, String fieldName) {
+ _thriftId = thriftId;
+ _fieldName = fieldName;
+ }
+
+ public short getThriftFieldId() {
+ return _thriftId;
+ }
+
+ public String getFieldName() {
+ return _fieldName;
+ }
+ }
+
+ // isset id assignments
+ private static final int __PROTOCOL_VERSION_ISSET_ID = 0;
+ private byte __isset_bitfield = 0;
+ public static final Map<_Fields, org.apache.thrift.meta_data.FieldMetaData> metaDataMap;
+ static {
+ Map<_Fields, org.apache.thrift.meta_data.FieldMetaData> tmpMap = new EnumMap<_Fields, org.apache.thrift.meta_data.FieldMetaData>(_Fields.class);
+ tmpMap.put(_Fields.PROTOCOL_VERSION, new org.apache.thrift.meta_data.FieldMetaData("protocol_version", org.apache.thrift.TFieldRequirementType.REQUIRED,
+ new org.apache.thrift.meta_data.FieldValueMetaData(org.apache.thrift.protocol.TType.I32)));
+ tmpMap.put(_Fields.REQUESTOR_USER_NAME, new org.apache.thrift.meta_data.FieldMetaData("requestorUserName", org.apache.thrift.TFieldRequirementType.REQUIRED,
+ new org.apache.thrift.meta_data.FieldValueMetaData(org.apache.thrift.protocol.TType.STRING)));
+ tmpMap.put(_Fields.ROLE_NAME, new org.apache.thrift.meta_data.FieldMetaData("roleName", org.apache.thrift.TFieldRequirementType.REQUIRED,
+ new org.apache.thrift.meta_data.FieldValueMetaData(org.apache.thrift.protocol.TType.STRING)));
+ tmpMap.put(_Fields.REQUESTOR_GROUP_NAME, new org.apache.thrift.meta_data.FieldMetaData("requestorGroupName", org.apache.thrift.TFieldRequirementType.REQUIRED,
+ new org.apache.thrift.meta_data.SetMetaData(org.apache.thrift.protocol.TType.SET,
+ new org.apache.thrift.meta_data.FieldValueMetaData(org.apache.thrift.protocol.TType.STRING))));
+ tmpMap.put(_Fields.PRIVILEGE, new org.apache.thrift.meta_data.FieldMetaData("privilege", org.apache.thrift.TFieldRequirementType.REQUIRED,
+ new org.apache.thrift.meta_data.StructMetaData(org.apache.thrift.protocol.TType.STRUCT, TSentryPrivilege.class)));
+ metaDataMap = Collections.unmodifiableMap(tmpMap);
+ org.apache.thrift.meta_data.FieldMetaData.addStructMetaDataMap(TAlterSentryRoleGrantPrivilegeRequest.class, metaDataMap);
+ }
+
+ public TAlterSentryRoleGrantPrivilegeRequest() {
+ this.protocol_version = 1;
+
+ }
+
+ public TAlterSentryRoleGrantPrivilegeRequest(
+ int protocol_version,
+ String requestorUserName,
+ String roleName,
+ Set<String> requestorGroupName,
+ TSentryPrivilege privilege)
+ {
+ this();
+ this.protocol_version = protocol_version;
+ setProtocol_versionIsSet(true);
+ this.requestorUserName = requestorUserName;
+ this.roleName = roleName;
+ this.requestorGroupName = requestorGroupName;
+ this.privilege = privilege;
+ }
+
+ /**
+ * Performs a deep copy on <i>other</i>.
+ */
+ public TAlterSentryRoleGrantPrivilegeRequest(TAlterSentryRoleGrantPrivilegeRequest other) {
+ __isset_bitfield = other.__isset_bitfield;
+ this.protocol_version = other.protocol_version;
+ if (other.isSetRequestorUserName()) {
+ this.requestorUserName = other.requestorUserName;
+ }
+ if (other.isSetRoleName()) {
+ this.roleName = other.roleName;
+ }
+ if (other.isSetRequestorGroupName()) {
+ Set<String> __this__requestorGroupName = new HashSet<String>();
+ for (String other_element : other.requestorGroupName) {
+ __this__requestorGroupName.add(other_element);
+ }
+ this.requestorGroupName = __this__requestorGroupName;
+ }
+ if (other.isSetPrivilege()) {
+ this.privilege = new TSentryPrivilege(other.privilege);
+ }
+ }
+
+ public TAlterSentryRoleGrantPrivilegeRequest deepCopy() {
+ return new TAlterSentryRoleGrantPrivilegeRequest(this);
+ }
+
+ @Override
+ public void clear() {
+ this.protocol_version = 1;
+
+ this.requestorUserName = null;
+ this.roleName = null;
+ this.requestorGroupName = null;
+ this.privilege = null;
+ }
+
+ public int getProtocol_version() {
+ return this.protocol_version;
+ }
+
+ public void setProtocol_version(int protocol_version) {
+ this.protocol_version = protocol_version;
+ setProtocol_versionIsSet(true);
+ }
+
+ public void unsetProtocol_version() {
+ __isset_bitfield = EncodingUtils.clearBit(__isset_bitfield, __PROTOCOL_VERSION_ISSET_ID);
+ }
+
+ /** Returns true if field protocol_version is set (has been assigned a value) and false otherwise */
+ public boolean isSetProtocol_version() {
+ return EncodingUtils.testBit(__isset_bitfield, __PROTOCOL_VERSION_ISSET_ID);
+ }
+
+ public void setProtocol_versionIsSet(boolean value) {
+ __isset_bitfield = EncodingUtils.setBit(__isset_bitfield, __PROTOCOL_VERSION_ISSET_ID, value);
+ }
+
+ public String getRequestorUserName() {
+ return this.requestorUserName;
+ }
+
+ public void setRequestorUserName(String requestorUserName) {
+ this.requestorUserName = requestorUserName;
+ }
+
+ public void unsetRequestorUserName() {
+ this.requestorUserName = null;
+ }
+
+ /** Returns true if field requestorUserName is set (has been assigned a value) and false otherwise */
+ public boolean isSetRequestorUserName() {
+ return this.requestorUserName != null;
+ }
+
+ public void setRequestorUserNameIsSet(boolean value) {
+ if (!value) {
+ this.requestorUserName = null;
+ }
+ }
+
+ public String getRoleName() {
+ return this.roleName;
+ }
+
+ public void setRoleName(String roleName) {
+ this.roleName = roleName;
+ }
+
+ public void unsetRoleName() {
+ this.roleName = null;
+ }
+
+ /** Returns true if field roleName is set (has been assigned a value) and false otherwise */
+ public boolean isSetRoleName() {
+ return this.roleName != null;
+ }
+
+ public void setRoleNameIsSet(boolean value) {
+ if (!value) {
+ this.roleName = null;
+ }
+ }
+
+ public int getRequestorGroupNameSize() {
+ return (this.requestorGroupName == null) ? 0 : this.requestorGroupName.size();
+ }
+
+ public java.util.Iterator<String> getRequestorGroupNameIterator() {
+ return (this.requestorGroupName == null) ? null : this.requestorGroupName.iterator();
+ }
+
+ public void addToRequestorGroupName(String elem) {
+ if (this.requestorGroupName == null) {
+ this.requestorGroupName = new HashSet<String>();
+ }
+ this.requestorGroupName.add(elem);
+ }
+
+ public Set<String> getRequestorGroupName() {
+ return this.requestorGroupName;
+ }
+
+ public void setRequestorGroupName(Set<String> requestorGroupName) {
+ this.requestorGroupName = requestorGroupName;
+ }
+
+ public void unsetRequestorGroupName() {
+ this.requestorGroupName = null;
+ }
+
+ /** Returns true if field requestorGroupName is set (has been assigned a value) and false otherwise */
+ public boolean isSetRequestorGroupName() {
+ return this.requestorGroupName != null;
+ }
+
+ public void setRequestorGroupNameIsSet(boolean value) {
+ if (!value) {
+ this.requestorGroupName = null;
+ }
+ }
+
+ public TSentryPrivilege getPrivilege() {
+ return this.privilege;
+ }
+
+ public void setPrivilege(TSentryPrivilege privilege) {
+ this.privilege = privilege;
+ }
+
+ public void unsetPrivilege() {
+ this.privilege = null;
+ }
+
+ /** Returns true if field privilege is set (has been assigned a value) and false otherwise */
+ public boolean isSetPrivilege() {
+ return this.privilege != null;
+ }
+
+ public void setPrivilegeIsSet(boolean value) {
+ if (!value) {
+ this.privilege = null;
+ }
+ }
+
+ public void setFieldValue(_Fields field, Object value) {
+ switch (field) {
+ case PROTOCOL_VERSION:
+ if (value == null) {
+ unsetProtocol_version();
+ } else {
+ setProtocol_version((Integer)value);
+ }
+ break;
+
+ case REQUESTOR_USER_NAME:
+ if (value == null) {
+ unsetRequestorUserName();
+ } else {
+ setRequestorUserName((String)value);
+ }
+ break;
+
+ case ROLE_NAME:
+ if (value == null) {
+ unsetRoleName();
+ } else {
+ setRoleName((String)value);
+ }
+ break;
+
+ case REQUESTOR_GROUP_NAME:
+ if (value == null) {
+ unsetRequestorGroupName();
+ } else {
+ setRequestorGroupName((Set<String>)value);
+ }
+ break;
+
+ case PRIVILEGE:
+ if (value == null) {
+ unsetPrivilege();
+ } else {
+ setPrivilege((TSentryPrivilege)value);
+ }
+ break;
+
+ }
+ }
+
+ public Object getFieldValue(_Fields field) {
+ switch (field) {
+ case PROTOCOL_VERSION:
+ return Integer.valueOf(getProtocol_version());
+
+ case REQUESTOR_USER_NAME:
+ return getRequestorUserName();
+
+ case ROLE_NAME:
+ return getRoleName();
+
+ case REQUESTOR_GROUP_NAME:
+ return getRequestorGroupName();
+
+ case PRIVILEGE:
+ return getPrivilege();
+
+ }
+ throw new IllegalStateException();
+ }
+
+ /** Returns true if field corresponding to fieldID is set (has been assigned a value) and false otherwise */
+ public boolean isSet(_Fields field) {
+ if (field == null) {
+ throw new IllegalArgumentException();
+ }
+
+ switch (field) {
+ case PROTOCOL_VERSION:
+ return isSetProtocol_version();
+ case REQUESTOR_USER_NAME:
+ return isSetRequestorUserName();
+ case ROLE_NAME:
+ return isSetRoleName();
+ case REQUESTOR_GROUP_NAME:
+ return isSetRequestorGroupName();
+ case PRIVILEGE:
+ return isSetPrivilege();
+ }
+ throw new IllegalStateException();
+ }
+
+ @Override
+ public boolean equals(Object that) {
+ if (that == null)
+ return false;
+ if (that instanceof TAlterSentryRoleGrantPrivilegeRequest)
+ return this.equals((TAlterSentryRoleGrantPrivilegeRequest)that);
+ return false;
+ }
+
+ public boolean equals(TAlterSentryRoleGrantPrivilegeRequest that) {
+ if (that == null)
+ return false;
+
+ boolean this_present_protocol_version = true;
+ boolean that_present_protocol_version = true;
+ if (this_present_protocol_version || that_present_protocol_version) {
+ if (!(this_present_protocol_version && that_present_protocol_version))
+ return false;
+ if (this.protocol_version != that.protocol_version)
+ return false;
+ }
+
+ boolean this_present_requestorUserName = true && this.isSetRequestorUserName();
+ boolean that_present_requestorUserName = true && that.isSetRequestorUserName();
+ if (this_present_requestorUserName || that_present_requestorUserName) {
+ if (!(this_present_requestorUserName && that_present_requestorUserName))
+ return false;
+ if (!this.requestorUserName.equals(that.requestorUserName))
+ return false;
+ }
+
+ boolean this_present_roleName = true && this.isSetRoleName();
+ boolean that_present_roleName = true && that.isSetRoleName();
+ if (this_present_roleName || that_present_roleName) {
+ if (!(this_present_roleName && that_present_roleName))
+ return false;
+ if (!this.roleName.equals(that.roleName))
+ return false;
+ }
+
+ boolean this_present_requestorGroupName = true && this.isSetRequestorGroupName();
+ boolean that_present_requestorGroupName = true && that.isSetRequestorGroupName();
+ if (this_present_requestorGroupName || that_present_requestorGroupName) {
+ if (!(this_present_requestorGroupName && that_present_requestorGroupName))
+ return false;
+ if (!this.requestorGroupName.equals(that.requestorGroupName))
+ return false;
+ }
+
+ boolean this_present_privilege = true && this.isSetPrivilege();
+ boolean that_present_privilege = true && that.isSetPrivilege();
+ if (this_present_privilege || that_present_privilege) {
+ if (!(this_present_privilege && that_present_privilege))
+ return false;
+ if (!this.privilege.equals(that.privilege))
+ return false;
+ }
+
+ return true;
+ }
+
+ @Override
+ public int hashCode() {
+ HashCodeBuilder builder = new HashCodeBuilder();
+
+ boolean present_protocol_version = true;
+ builder.append(present_protocol_version);
+ if (present_protocol_version)
+ builder.append(protocol_version);
+
+ boolean present_requestorUserName = true && (isSetRequestorUserName());
+ builder.append(present_requestorUserName);
+ if (present_requestorUserName)
+ builder.append(requestorUserName);
+
+ boolean present_roleName = true && (isSetRoleName());
+ builder.append(present_roleName);
+ if (present_roleName)
+ builder.append(roleName);
+
+ boolean present_requestorGroupName = true && (isSetRequestorGroupName());
+ builder.append(present_requestorGroupName);
+ if (present_requestorGroupName)
+ builder.append(requestorGroupName);
+
+ boolean present_privilege = true && (isSetPrivilege());
+ builder.append(present_privilege);
+ if (present_privilege)
+ builder.append(privilege);
+
+ return builder.toHashCode();
+ }
+
+ public int compareTo(TAlterSentryRoleGrantPrivilegeRequest other) {
+ if (!getClass().equals(other.getClass())) {
+ return getClass().getName().compareTo(other.getClass().getName());
+ }
+
+ int lastComparison = 0;
+ TAlterSentryRoleGrantPrivilegeRequest typedOther = (TAlterSentryRoleGrantPrivilegeRequest)other;
+
+ lastComparison = Boolean.valueOf(isSetProtocol_version()).compareTo(typedOther.isSetProtocol_version());
+ if (lastComparison != 0) {
+ return lastComparison;
+ }
+ if (isSetProtocol_version()) {
+ lastComparison = org.apache.thrift.TBaseHelper.compareTo(this.protocol_version, typedOther.protocol_version);
+ if (lastComparison != 0) {
+ return lastComparison;
+ }
+ }
+ lastComparison = Boolean.valueOf(isSetRequestorUserName()).compareTo(typedOther.isSetRequestorUserName());
+ if (lastComparison != 0) {
+ return lastComparison;
+ }
+ if (isSetRequestorUserName()) {
+ lastComparison = org.apache.thrift.TBaseHelper.compareTo(this.requestorUserName, typedOther.requestorUserName);
+ if (lastComparison != 0) {
+ return lastComparison;
+ }
+ }
+ lastComparison = Boolean.valueOf(isSetRoleName()).compareTo(typedOther.isSetRoleName());
+ if (lastComparison != 0) {
+ return lastComparison;
+ }
+ if (isSetRoleName()) {
+ lastComparison = org.apache.thrift.TBaseHelper.compareTo(this.roleName, typedOther.roleName);
+ if (lastComparison != 0) {
+ return lastComparison;
+ }
+ }
+ lastComparison = Boolean.valueOf(isSetRequestorGroupName()).compareTo(typedOther.isSetRequestorGroupName());
+ if (lastComparison != 0) {
+ return lastComparison;
+ }
+ if (isSetRequestorGroupName()) {
+ lastComparison = org.apache.thrift.TBaseHelper.compareTo(this.requestorGroupName, typedOther.requestorGroupName);
+ if (lastComparison != 0) {
+ return lastComparison;
+ }
+ }
+ lastComparison = Boolean.valueOf(isSetPrivilege()).compareTo(typedOther.isSetPrivilege());
+ if (lastComparison != 0) {
+ return lastComparison;
+ }
+ if (isSetPrivilege()) {
+ lastComparison = org.apache.thrift.TBaseHelper.compareTo(this.privilege, typedOther.privilege);
+ if (lastComparison != 0) {
+ return lastComparison;
+ }
+ }
+ return 0;
+ }
+
+ public _Fields fieldForId(int fieldId) {
+ return _Fields.findByThriftId(fieldId);
+ }
+
+ public void read(org.apache.thrift.protocol.TProtocol iprot) throws org.apache.thrift.TException {
+ schemes.get(iprot.getScheme()).getScheme().read(iprot, this);
+ }
+
+ public void write(org.apache.thrift.protocol.TProtocol oprot) throws org.apache.thrift.TException {
+ schemes.get(oprot.getScheme()).getScheme().write(oprot, this);
+ }
+
+ @Override
+ public String toString() {
+ StringBuilder sb = new StringBuilder("TAlterSentryRoleGrantPrivilegeRequest(");
+ boolean first = true;
+
+ sb.append("protocol_version:");
+ sb.append(this.protocol_version);
+ first = false;
+ if (!first) sb.append(", ");
+ sb.append("requestorUserName:");
+ if (this.requestorUserName == null) {
+ sb.append("null");
+ } else {
+ sb.append(this.requestorUserName);
+ }
+ first = false;
+ if (!first) sb.append(", ");
+ sb.append("roleName:");
+ if (this.roleName == null) {
+ sb.append("null");
+ } else {
+ sb.append(this.roleName);
+ }
+ first = false;
+ if (!first) sb.append(", ");
+ sb.append("requestorGroupName:");
+ if (this.requestorGroupName == null) {
+ sb.append("null");
+ } else {
+ sb.append(this.requestorGroupName);
+ }
+ first = false;
+ if (!first) sb.append(", ");
+ sb.append("privilege:");
+ if (this.privilege == null) {
+ sb.append("null");
+ } else {
+ sb.append(this.privilege);
+ }
+ first = false;
+ sb.append(")");
+ return sb.toString();
+ }
+
+ public void validate() throws org.apache.thrift.TException {
+ // check for required fields
+ if (!isSetProtocol_version()) {
+ throw new org.apache.thrift.protocol.TProtocolException("Required field 'protocol_version' is unset! Struct:" + toString());
+ }
+
+ if (!isSetRequestorUserName()) {
+ throw new org.apache.thrift.protocol.TProtocolException("Required field 'requestorUserName' is unset! Struct:" + toString());
+ }
+
+ if (!isSetRoleName()) {
+ throw new org.apache.thrift.protocol.TProtocolException("Required field 'roleName' is unset! Struct:" + toString());
+ }
+
+ if (!isSetRequestorGroupName()) {
+ throw new org.apache.thrift.protocol.TProtocolException("Required field 'requestorGroupName' is unset! Struct:" + toString());
+ }
+
+ if (!isSetPrivilege()) {
+ throw new org.apache.thrift.protocol.TProtocolException("Required field 'privilege' is unset! Struct:" + toString());
+ }
+
+ // check for sub-struct validity
+ if (privilege != null) {
+ privilege.validate();
+ }
+ }
+
+ private void writeObject(java.io.ObjectOutputStream out) throws java.io.IOException {
+ try {
+ write(new org.apache.thrift.protocol.TCompactProtocol(new org.apache.thrift.transport.TIOStreamTransport(out)));
+ } catch (org.apache.thrift.TException te) {
+ throw new java.io.IOException(te);
+ }
+ }
+
+ private void readObject(java.io.ObjectInputStream in) throws java.io.IOException, ClassNotFoundException {
+ try {
+ // it doesn't seem like you should have to do this, but java serialization is wacky, and doesn't call the default constructor.
+ __isset_bitfield = 0;
+ read(new org.apache.thrift.protocol.TCompactProtocol(new org.apache.thrift.transport.TIOStreamTransport(in)));
+ } catch (org.apache.thrift.TException te) {
+ throw new java.io.IOException(te);
+ }
+ }
+
+ private static class TAlterSentryRoleGrantPrivilegeRequestStandardSchemeFactory implements SchemeFactory {
+ public TAlterSentryRoleGrantPrivilegeRequestStandardScheme getScheme() {
+ return new TAlterSentryRoleGrantPrivilegeRequestStandardScheme();
+ }
+ }
+
+ private static class TAlterSentryRoleGrantPrivilegeRequestStandardScheme extends StandardScheme<TAlterSentryRoleGrantPrivilegeRequest> {
+
+ public void read(org.apache.thrift.protocol.TProtocol iprot, TAlterSentryRoleGrantPrivilegeRequest struct) throws org.apache.thrift.TException {
+ org.apache.thrift.protocol.TField schemeField;
+ iprot.readStructBegin();
+ while (true)
+ {
+ schemeField = iprot.readFieldBegin();
+ if (schemeField.type == org.apache.thrift.protocol.TType.STOP) {
+ break;
+ }
+ switch (schemeField.id) {
+ case 1: // PROTOCOL_VERSION
+ if (schemeField.type == org.apache.thrift.protocol.TType.I32) {
+ struct.protocol_version = iprot.readI32();
+ struct.setProtocol_versionIsSet(true);
+ } else {
+ org.apache.thrift.protocol.TProtocolUtil.skip(iprot, schemeField.type);
+ }
+ break;
+ case 2: // REQUESTOR_USER_NAME
+ if (schemeField.type == org.apache.thrift.protocol.TType.STRING) {
+ struct.requestorUserName = iprot.readString();
+ struct.setRequestorUserNameIsSet(true);
+ } else {
+ org.apache.thrift.protocol.TProtocolUtil.skip(iprot, schemeField.type);
+ }
+ break;
+ case 3: // ROLE_NAME
+ if (schemeField.type == org.apache.thrift.protocol.TType.STRING) {
+ struct.roleName = iprot.readString();
+ struct.setRoleNameIsSet(true);
+ } else {
+ org.apache.thrift.protocol.TProtocolUtil.skip(iprot, schemeField.type);
+ }
+ break;
+ case 4: // REQUESTOR_GROUP_NAME
+ if (schemeField.type == org.apache.thrift.protocol.TType.SET) {
+ {
+ org.apache.thrift.protocol.TSet _set64 = iprot.readSetBegin();
+ struct.requestorGroupName = new HashSet<String>(2*_set64.size);
+ for (int _i65 = 0; _i65 < _set64.size; ++_i65)
+ {
+ String _elem66; // required
+ _elem66 = iprot.readString();
+ struct.requestorGroupName.add(_elem66);
+ }
+ iprot.readSetEnd();
+ }
+ struct.setRequestorGroupNameIsSet(true);
+ } else {
+ org.apache.thrift.protocol.TProtocolUtil.skip(iprot, schemeField.type);
+ }
+ break;
+ case 5: // PRIVILEGE
+ if (schemeField.type == org.apache.thrift.protocol.TType.STRUCT) {
+ struct.privilege = new TSentryPrivilege();
+ struct.privilege.read(iprot);
+ struct.setPrivilegeIsSet(true);
+ } else {
+ org.apache.thrift.protocol.TProtocolUtil.skip(iprot, schemeField.type);
+ }
+ break;
+ default:
+ org.apache.thrift.protocol.TProtocolUtil.skip(iprot, schemeField.type);
+ }
+ iprot.readFieldEnd();
+ }
+ iprot.readStructEnd();
+ struct.validate();
+ }
+
+ public void write(org.apache.thrift.protocol.TProtocol oprot, TAlterSentryRoleGrantPrivilegeRequest struct) throws org.apache.thrift.TException {
+ struct.validate();
+
+ oprot.writeStructBegin(STRUCT_DESC);
+ oprot.writeFieldBegin(PROTOCOL_VERSION_FIELD_DESC);
+ oprot.writeI32(struct.protocol_version);
+ oprot.writeFieldEnd();
+ if (struct.requestorUserName != null) {
+ oprot.writeFieldBegin(REQUESTOR_USER_NAME_FIELD_DESC);
+ oprot.writeString(struct.requestorUserName);
+ oprot.writeFieldEnd();
+ }
+ if (struct.roleName != null) {
+ oprot.writeFieldBegin(ROLE_NAME_FIELD_DESC);
+ oprot.writeString(struct.roleName);
+ oprot.writeFieldEnd();
+ }
+ if (struct.requestorGroupName != null) {
+ oprot.writeFieldBegin(REQUESTOR_GROUP_NAME_FIELD_DESC);
+ {
+ oprot.writeSetBegin(new org.apache.thrift.protocol.TSet(org.apache.thrift.protocol.TType.STRING, struct.requestorGroupName.size()));
+ for (String _iter67 : struct.requestorGroupName)
+ {
+ oprot.writeString(_iter67);
+ }
+ oprot.writeSetEnd();
+ }
+ oprot.writeFieldEnd();
+ }
+ if (struct.privilege != null) {
+ oprot.writeFieldBegin(PRIVILEGE_FIELD_DESC);
+ struct.privilege.write(oprot);
+ oprot.writeFieldEnd();
+ }
+ oprot.writeFieldStop();
+ oprot.writeStructEnd();
+ }
+
+ }
+
+ private static class TAlterSentryRoleGrantPrivilegeRequestTupleSchemeFactory implements SchemeFactory {
+ public TAlterSentryRoleGrantPrivilegeRequestTupleScheme getScheme() {
+ return new TAlterSentryRoleGrantPrivilegeRequestTupleScheme();
+ }
+ }
+
+ private static class TAlterSentryRoleGrantPrivilegeRequestTupleScheme extends TupleScheme<TAlterSentryRoleGrantPrivilegeRequest> {
+
+ @Override
+ public void write(org.apache.thrift.protocol.TProtocol prot, TAlterSentryRoleGrantPrivilegeRequest struct) throws org.apache.thrift.TException {
+ TTupleProtocol oprot = (TTupleProtocol) prot;
+ oprot.writeI32(struct.protocol_version);
+ oprot.writeString(struct.requestorUserName);
+ oprot.writeString(struct.roleName);
+ {
+ oprot.writeI32(struct.requestorGroupName.size());
+ for (String _iter68 : struct.requestorGroupName)
+ {
+ oprot.writeString(_iter68);
+ }
+ }
+ struct.privilege.write(oprot);
+ }
+
+ @Override
+ public void read(org.apache.thrift.protocol.TProtocol prot, TAlterSentryRoleGrantPrivilegeRequest struct) throws org.apache.thrift.TException {
+ TTupleProtocol iprot = (TTupleProtocol) prot;
+ struct.protocol_version = iprot.readI32();
+ struct.setProtocol_versionIsSet(true);
+ struct.requestorUserName = iprot.readString();
+ struct.setRequestorUserNameIsSet(true);
+ struct.roleName = iprot.readString();
+ struct.setRoleNameIsSet(true);
+ {
+ org.apache.thrift.protocol.TSet _set69 = new org.apache.thrift.protocol.TSet(org.apache.thrift.protocol.TType.STRING, iprot.readI32());
+ struct.requestorGroupName = new HashSet<String>(2*_set69.size);
+ for (int _i70 = 0; _i70 < _set69.size; ++_i70)
+ {
+ String _elem71; // required
+ _elem71 = iprot.readString();
+ struct.requestorGroupName.add(_elem71);
+ }
+ }
+ struct.setRequestorGroupNameIsSet(true);
+ struct.privilege = new TSentryPrivilege();
+ struct.privilege.read(iprot);
+ struct.setPrivilegeIsSet(true);
+ }
+ }
+
+}
+
http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/644e8be3/sentry-provider/sentry-provider-db/src/gen/thrift/gen-javabean/org/apache/sentry/provider/db/service/thrift/TAlterSentryRoleGrantPrivilegeResponse.java
----------------------------------------------------------------------
diff --git a/sentry-provider/sentry-provider-db/src/gen/thrift/gen-javabean/org/apache/sentry/provider/db/service/thrift/TAlterSentryRoleGrantPrivilegeResponse.java b/sentry-provider/sentry-provider-db/src/gen/thrift/gen-javabean/org/apache/sentry/provider/db/service/thrift/TAlterSentryRoleGrantPrivilegeResponse.java
new file mode 100644
index 0000000..05e9f95
--- /dev/null
+++ b/sentry-provider/sentry-provider-db/src/gen/thrift/gen-javabean/org/apache/sentry/provider/db/service/thrift/TAlterSentryRoleGrantPrivilegeResponse.java
@@ -0,0 +1,390 @@
+/**
+ * Autogenerated by Thrift Compiler (0.9.0)
+ *
+ * DO NOT EDIT UNLESS YOU ARE SURE THAT YOU KNOW WHAT YOU ARE DOING
+ * @generated
+ */
+package org.apache.sentry.provider.db.service.thrift;
+
+import org.apache.commons.lang.builder.HashCodeBuilder;
+import org.apache.thrift.scheme.IScheme;
+import org.apache.thrift.scheme.SchemeFactory;
+import org.apache.thrift.scheme.StandardScheme;
+
+import org.apache.thrift.scheme.TupleScheme;
+import org.apache.thrift.protocol.TTupleProtocol;
+import org.apache.thrift.protocol.TProtocolException;
+import org.apache.thrift.EncodingUtils;
+import org.apache.thrift.TException;
+import java.util.List;
+import java.util.ArrayList;
+import java.util.Map;
+import java.util.HashMap;
+import java.util.EnumMap;
+import java.util.Set;
+import java.util.HashSet;
+import java.util.EnumSet;
+import java.util.Collections;
+import java.util.BitSet;
+import java.nio.ByteBuffer;
+import java.util.Arrays;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+public class TAlterSentryRoleGrantPrivilegeResponse implements org.apache.thrift.TBase<TAlterSentryRoleGrantPrivilegeResponse, TAlterSentryRoleGrantPrivilegeResponse._Fields>, java.io.Serializable, Cloneable {
+ private static final org.apache.thrift.protocol.TStruct STRUCT_DESC = new org.apache.thrift.protocol.TStruct("TAlterSentryRoleGrantPrivilegeResponse");
+
+ private static final org.apache.thrift.protocol.TField STATUS_FIELD_DESC = new org.apache.thrift.protocol.TField("status", org.apache.thrift.protocol.TType.STRUCT, (short)1);
+
+ private static final Map<Class<? extends IScheme>, SchemeFactory> schemes = new HashMap<Class<? extends IScheme>, SchemeFactory>();
+ static {
+ schemes.put(StandardScheme.class, new TAlterSentryRoleGrantPrivilegeResponseStandardSchemeFactory());
+ schemes.put(TupleScheme.class, new TAlterSentryRoleGrantPrivilegeResponseTupleSchemeFactory());
+ }
+
+ private org.apache.sentry.service.thrift.TSentryResponseStatus status; // required
+
+ /** The set of fields this struct contains, along with convenience methods for finding and manipulating them. */
+ public enum _Fields implements org.apache.thrift.TFieldIdEnum {
+ STATUS((short)1, "status");
+
+ private static final Map<String, _Fields> byName = new HashMap<String, _Fields>();
+
+ static {
+ for (_Fields field : EnumSet.allOf(_Fields.class)) {
+ byName.put(field.getFieldName(), field);
+ }
+ }
+
+ /**
+ * Find the _Fields constant that matches fieldId, or null if its not found.
+ */
+ public static _Fields findByThriftId(int fieldId) {
+ switch(fieldId) {
+ case 1: // STATUS
+ return STATUS;
+ default:
+ return null;
+ }
+ }
+
+ /**
+ * Find the _Fields constant that matches fieldId, throwing an exception
+ * if it is not found.
+ */
+ public static _Fields findByThriftIdOrThrow(int fieldId) {
+ _Fields fields = findByThriftId(fieldId);
+ if (fields == null) throw new IllegalArgumentException("Field " + fieldId + " doesn't exist!");
+ return fields;
+ }
+
+ /**
+ * Find the _Fields constant that matches name, or null if its not found.
+ */
+ public static _Fields findByName(String name) {
+ return byName.get(name);
+ }
+
+ private final short _thriftId;
+ private final String _fieldName;
+
+ _Fields(short thriftId, String fieldName) {
+ _thriftId = thriftId;
+ _fieldName = fieldName;
+ }
+
+ public short getThriftFieldId() {
+ return _thriftId;
+ }
+
+ public String getFieldName() {
+ return _fieldName;
+ }
+ }
+
+ // isset id assignments
+ public static final Map<_Fields, org.apache.thrift.meta_data.FieldMetaData> metaDataMap;
+ static {
+ Map<_Fields, org.apache.thrift.meta_data.FieldMetaData> tmpMap = new EnumMap<_Fields, org.apache.thrift.meta_data.FieldMetaData>(_Fields.class);
+ tmpMap.put(_Fields.STATUS, new org.apache.thrift.meta_data.FieldMetaData("status", org.apache.thrift.TFieldRequirementType.REQUIRED,
+ new org.apache.thrift.meta_data.StructMetaData(org.apache.thrift.protocol.TType.STRUCT, org.apache.sentry.service.thrift.TSentryResponseStatus.class)));
+ metaDataMap = Collections.unmodifiableMap(tmpMap);
+ org.apache.thrift.meta_data.FieldMetaData.addStructMetaDataMap(TAlterSentryRoleGrantPrivilegeResponse.class, metaDataMap);
+ }
+
+ public TAlterSentryRoleGrantPrivilegeResponse() {
+ }
+
+ public TAlterSentryRoleGrantPrivilegeResponse(
+ org.apache.sentry.service.thrift.TSentryResponseStatus status)
+ {
+ this();
+ this.status = status;
+ }
+
+ /**
+ * Performs a deep copy on <i>other</i>.
+ */
+ public TAlterSentryRoleGrantPrivilegeResponse(TAlterSentryRoleGrantPrivilegeResponse other) {
+ if (other.isSetStatus()) {
+ this.status = new org.apache.sentry.service.thrift.TSentryResponseStatus(other.status);
+ }
+ }
+
+ public TAlterSentryRoleGrantPrivilegeResponse deepCopy() {
+ return new TAlterSentryRoleGrantPrivilegeResponse(this);
+ }
+
+ @Override
+ public void clear() {
+ this.status = null;
+ }
+
+ public org.apache.sentry.service.thrift.TSentryResponseStatus getStatus() {
+ return this.status;
+ }
+
+ public void setStatus(org.apache.sentry.service.thrift.TSentryResponseStatus status) {
+ this.status = status;
+ }
+
+ public void unsetStatus() {
+ this.status = null;
+ }
+
+ /** Returns true if field status is set (has been assigned a value) and false otherwise */
+ public boolean isSetStatus() {
+ return this.status != null;
+ }
+
+ public void setStatusIsSet(boolean value) {
+ if (!value) {
+ this.status = null;
+ }
+ }
+
+ public void setFieldValue(_Fields field, Object value) {
+ switch (field) {
+ case STATUS:
+ if (value == null) {
+ unsetStatus();
+ } else {
+ setStatus((org.apache.sentry.service.thrift.TSentryResponseStatus)value);
+ }
+ break;
+
+ }
+ }
+
+ public Object getFieldValue(_Fields field) {
+ switch (field) {
+ case STATUS:
+ return getStatus();
+
+ }
+ throw new IllegalStateException();
+ }
+
+ /** Returns true if field corresponding to fieldID is set (has been assigned a value) and false otherwise */
+ public boolean isSet(_Fields field) {
+ if (field == null) {
+ throw new IllegalArgumentException();
+ }
+
+ switch (field) {
+ case STATUS:
+ return isSetStatus();
+ }
+ throw new IllegalStateException();
+ }
+
+ @Override
+ public boolean equals(Object that) {
+ if (that == null)
+ return false;
+ if (that instanceof TAlterSentryRoleGrantPrivilegeResponse)
+ return this.equals((TAlterSentryRoleGrantPrivilegeResponse)that);
+ return false;
+ }
+
+ public boolean equals(TAlterSentryRoleGrantPrivilegeResponse that) {
+ if (that == null)
+ return false;
+
+ boolean this_present_status = true && this.isSetStatus();
+ boolean that_present_status = true && that.isSetStatus();
+ if (this_present_status || that_present_status) {
+ if (!(this_present_status && that_present_status))
+ return false;
+ if (!this.status.equals(that.status))
+ return false;
+ }
+
+ return true;
+ }
+
+ @Override
+ public int hashCode() {
+ HashCodeBuilder builder = new HashCodeBuilder();
+
+ boolean present_status = true && (isSetStatus());
+ builder.append(present_status);
+ if (present_status)
+ builder.append(status);
+
+ return builder.toHashCode();
+ }
+
+ public int compareTo(TAlterSentryRoleGrantPrivilegeResponse other) {
+ if (!getClass().equals(other.getClass())) {
+ return getClass().getName().compareTo(other.getClass().getName());
+ }
+
+ int lastComparison = 0;
+ TAlterSentryRoleGrantPrivilegeResponse typedOther = (TAlterSentryRoleGrantPrivilegeResponse)other;
+
+ lastComparison = Boolean.valueOf(isSetStatus()).compareTo(typedOther.isSetStatus());
+ if (lastComparison != 0) {
+ return lastComparison;
+ }
+ if (isSetStatus()) {
+ lastComparison = org.apache.thrift.TBaseHelper.compareTo(this.status, typedOther.status);
+ if (lastComparison != 0) {
+ return lastComparison;
+ }
+ }
+ return 0;
+ }
+
+ public _Fields fieldForId(int fieldId) {
+ return _Fields.findByThriftId(fieldId);
+ }
+
+ public void read(org.apache.thrift.protocol.TProtocol iprot) throws org.apache.thrift.TException {
+ schemes.get(iprot.getScheme()).getScheme().read(iprot, this);
+ }
+
+ public void write(org.apache.thrift.protocol.TProtocol oprot) throws org.apache.thrift.TException {
+ schemes.get(oprot.getScheme()).getScheme().write(oprot, this);
+ }
+
+ @Override
+ public String toString() {
+ StringBuilder sb = new StringBuilder("TAlterSentryRoleGrantPrivilegeResponse(");
+ boolean first = true;
+
+ sb.append("status:");
+ if (this.status == null) {
+ sb.append("null");
+ } else {
+ sb.append(this.status);
+ }
+ first = false;
+ sb.append(")");
+ return sb.toString();
+ }
+
+ public void validate() throws org.apache.thrift.TException {
+ // check for required fields
+ if (!isSetStatus()) {
+ throw new org.apache.thrift.protocol.TProtocolException("Required field 'status' is unset! Struct:" + toString());
+ }
+
+ // check for sub-struct validity
+ if (status != null) {
+ status.validate();
+ }
+ }
+
+ private void writeObject(java.io.ObjectOutputStream out) throws java.io.IOException {
+ try {
+ write(new org.apache.thrift.protocol.TCompactProtocol(new org.apache.thrift.transport.TIOStreamTransport(out)));
+ } catch (org.apache.thrift.TException te) {
+ throw new java.io.IOException(te);
+ }
+ }
+
+ private void readObject(java.io.ObjectInputStream in) throws java.io.IOException, ClassNotFoundException {
+ try {
+ read(new org.apache.thrift.protocol.TCompactProtocol(new org.apache.thrift.transport.TIOStreamTransport(in)));
+ } catch (org.apache.thrift.TException te) {
+ throw new java.io.IOException(te);
+ }
+ }
+
+ private static class TAlterSentryRoleGrantPrivilegeResponseStandardSchemeFactory implements SchemeFactory {
+ public TAlterSentryRoleGrantPrivilegeResponseStandardScheme getScheme() {
+ return new TAlterSentryRoleGrantPrivilegeResponseStandardScheme();
+ }
+ }
+
+ private static class TAlterSentryRoleGrantPrivilegeResponseStandardScheme extends StandardScheme<TAlterSentryRoleGrantPrivilegeResponse> {
+
+ public void read(org.apache.thrift.protocol.TProtocol iprot, TAlterSentryRoleGrantPrivilegeResponse struct) throws org.apache.thrift.TException {
+ org.apache.thrift.protocol.TField schemeField;
+ iprot.readStructBegin();
+ while (true)
+ {
+ schemeField = iprot.readFieldBegin();
+ if (schemeField.type == org.apache.thrift.protocol.TType.STOP) {
+ break;
+ }
+ switch (schemeField.id) {
+ case 1: // STATUS
+ if (schemeField.type == org.apache.thrift.protocol.TType.STRUCT) {
+ struct.status = new org.apache.sentry.service.thrift.TSentryResponseStatus();
+ struct.status.read(iprot);
+ struct.setStatusIsSet(true);
+ } else {
+ org.apache.thrift.protocol.TProtocolUtil.skip(iprot, schemeField.type);
+ }
+ break;
+ default:
+ org.apache.thrift.protocol.TProtocolUtil.skip(iprot, schemeField.type);
+ }
+ iprot.readFieldEnd();
+ }
+ iprot.readStructEnd();
+ struct.validate();
+ }
+
+ public void write(org.apache.thrift.protocol.TProtocol oprot, TAlterSentryRoleGrantPrivilegeResponse struct) throws org.apache.thrift.TException {
+ struct.validate();
+
+ oprot.writeStructBegin(STRUCT_DESC);
+ if (struct.status != null) {
+ oprot.writeFieldBegin(STATUS_FIELD_DESC);
+ struct.status.write(oprot);
+ oprot.writeFieldEnd();
+ }
+ oprot.writeFieldStop();
+ oprot.writeStructEnd();
+ }
+
+ }
+
+ private static class TAlterSentryRoleGrantPrivilegeResponseTupleSchemeFactory implements SchemeFactory {
+ public TAlterSentryRoleGrantPrivilegeResponseTupleScheme getScheme() {
+ return new TAlterSentryRoleGrantPrivilegeResponseTupleScheme();
+ }
+ }
+
+ private static class TAlterSentryRoleGrantPrivilegeResponseTupleScheme extends TupleScheme<TAlterSentryRoleGrantPrivilegeResponse> {
+
+ @Override
+ public void write(org.apache.thrift.protocol.TProtocol prot, TAlterSentryRoleGrantPrivilegeResponse struct) throws org.apache.thrift.TException {
+ TTupleProtocol oprot = (TTupleProtocol) prot;
+ struct.status.write(oprot);
+ }
+
+ @Override
+ public void read(org.apache.thrift.protocol.TProtocol prot, TAlterSentryRoleGrantPrivilegeResponse struct) throws org.apache.thrift.TException {
+ TTupleProtocol iprot = (TTupleProtocol) prot;
+ struct.status = new org.apache.sentry.service.thrift.TSentryResponseStatus();
+ struct.status.read(iprot);
+ struct.setStatusIsSet(true);
+ }
+ }
+
+}
+
http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/644e8be3/sentry-provider/sentry-provider-db/src/gen/thrift/gen-javabean/org/apache/sentry/provider/db/service/thrift/TAlterSentryRoleRevokePrivilegeRequest.java
----------------------------------------------------------------------
diff --git a/sentry-provider/sentry-provider-db/src/gen/thrift/gen-javabean/org/apache/sentry/provider/db/service/thrift/TAlterSentryRoleRevokePrivilegeRequest.java b/sentry-provider/sentry-provider-db/src/gen/thrift/gen-javabean/org/apache/sentry/provider/db/service/thrift/TAlterSentryRoleRevokePrivilegeRequest.java
new file mode 100644
index 0000000..dea8fa8
--- /dev/null
+++ b/sentry-provider/sentry-provider-db/src/gen/thrift/gen-javabean/org/apache/sentry/provider/db/service/thrift/TAlterSentryRoleRevokePrivilegeRequest.java
@@ -0,0 +1,846 @@
+/**
+ * Autogenerated by Thrift Compiler (0.9.0)
+ *
+ * DO NOT EDIT UNLESS YOU ARE SURE THAT YOU KNOW WHAT YOU ARE DOING
+ * @generated
+ */
+package org.apache.sentry.provider.db.service.thrift;
+
+import org.apache.commons.lang.builder.HashCodeBuilder;
+import org.apache.thrift.scheme.IScheme;
+import org.apache.thrift.scheme.SchemeFactory;
+import org.apache.thrift.scheme.StandardScheme;
+
+import org.apache.thrift.scheme.TupleScheme;
+import org.apache.thrift.protocol.TTupleProtocol;
+import org.apache.thrift.protocol.TProtocolException;
+import org.apache.thrift.EncodingUtils;
+import org.apache.thrift.TException;
+import java.util.List;
+import java.util.ArrayList;
+import java.util.Map;
+import java.util.HashMap;
+import java.util.EnumMap;
+import java.util.Set;
+import java.util.HashSet;
+import java.util.EnumSet;
+import java.util.Collections;
+import java.util.BitSet;
+import java.nio.ByteBuffer;
+import java.util.Arrays;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+public class TAlterSentryRoleRevokePrivilegeRequest implements org.apache.thrift.TBase<TAlterSentryRoleRevokePrivilegeRequest, TAlterSentryRoleRevokePrivilegeRequest._Fields>, java.io.Serializable, Cloneable {
+ private static final org.apache.thrift.protocol.TStruct STRUCT_DESC = new org.apache.thrift.protocol.TStruct("TAlterSentryRoleRevokePrivilegeRequest");
+
+ private static final org.apache.thrift.protocol.TField PROTOCOL_VERSION_FIELD_DESC = new org.apache.thrift.protocol.TField("protocol_version", org.apache.thrift.protocol.TType.I32, (short)1);
+ private static final org.apache.thrift.protocol.TField REQUESTOR_USER_NAME_FIELD_DESC = new org.apache.thrift.protocol.TField("requestorUserName", org.apache.thrift.protocol.TType.STRING, (short)2);
+ private static final org.apache.thrift.protocol.TField ROLE_NAME_FIELD_DESC = new org.apache.thrift.protocol.TField("roleName", org.apache.thrift.protocol.TType.STRING, (short)3);
+ private static final org.apache.thrift.protocol.TField REQUESTOR_GROUP_NAME_FIELD_DESC = new org.apache.thrift.protocol.TField("requestorGroupName", org.apache.thrift.protocol.TType.SET, (short)4);
+ private static final org.apache.thrift.protocol.TField PRIVILEGE_FIELD_DESC = new org.apache.thrift.protocol.TField("privilege", org.apache.thrift.protocol.TType.STRUCT, (short)5);
+
+ private static final Map<Class<? extends IScheme>, SchemeFactory> schemes = new HashMap<Class<? extends IScheme>, SchemeFactory>();
+ static {
+ schemes.put(StandardScheme.class, new TAlterSentryRoleRevokePrivilegeRequestStandardSchemeFactory());
+ schemes.put(TupleScheme.class, new TAlterSentryRoleRevokePrivilegeRequestTupleSchemeFactory());
+ }
+
+ private int protocol_version; // required
+ private String requestorUserName; // required
+ private String roleName; // required
+ private Set<String> requestorGroupName; // required
+ private TSentryPrivilege privilege; // required
+
+ /** The set of fields this struct contains, along with convenience methods for finding and manipulating them. */
+ public enum _Fields implements org.apache.thrift.TFieldIdEnum {
+ PROTOCOL_VERSION((short)1, "protocol_version"),
+ REQUESTOR_USER_NAME((short)2, "requestorUserName"),
+ ROLE_NAME((short)3, "roleName"),
+ REQUESTOR_GROUP_NAME((short)4, "requestorGroupName"),
+ PRIVILEGE((short)5, "privilege");
+
+ private static final Map<String, _Fields> byName = new HashMap<String, _Fields>();
+
+ static {
+ for (_Fields field : EnumSet.allOf(_Fields.class)) {
+ byName.put(field.getFieldName(), field);
+ }
+ }
+
+ /**
+ * Find the _Fields constant that matches fieldId, or null if its not found.
+ */
+ public static _Fields findByThriftId(int fieldId) {
+ switch(fieldId) {
+ case 1: // PROTOCOL_VERSION
+ return PROTOCOL_VERSION;
+ case 2: // REQUESTOR_USER_NAME
+ return REQUESTOR_USER_NAME;
+ case 3: // ROLE_NAME
+ return ROLE_NAME;
+ case 4: // REQUESTOR_GROUP_NAME
+ return REQUESTOR_GROUP_NAME;
+ case 5: // PRIVILEGE
+ return PRIVILEGE;
+ default:
+ return null;
+ }
+ }
+
+ /**
+ * Find the _Fields constant that matches fieldId, throwing an exception
+ * if it is not found.
+ */
+ public static _Fields findByThriftIdOrThrow(int fieldId) {
+ _Fields fields = findByThriftId(fieldId);
+ if (fields == null) throw new IllegalArgumentException("Field " + fieldId + " doesn't exist!");
+ return fields;
+ }
+
+ /**
+ * Find the _Fields constant that matches name, or null if its not found.
+ */
+ public static _Fields findByName(String name) {
+ return byName.get(name);
+ }
+
+ private final short _thriftId;
+ private final String _fieldName;
+
+ _Fields(short thriftId, String fieldName) {
+ _thriftId = thriftId;
+ _fieldName = fieldName;
+ }
+
+ public short getThriftFieldId() {
+ return _thriftId;
+ }
+
+ public String getFieldName() {
+ return _fieldName;
+ }
+ }
+
+ // isset id assignments
+ private static final int __PROTOCOL_VERSION_ISSET_ID = 0;
+ private byte __isset_bitfield = 0;
+ public static final Map<_Fields, org.apache.thrift.meta_data.FieldMetaData> metaDataMap;
+ static {
+ Map<_Fields, org.apache.thrift.meta_data.FieldMetaData> tmpMap = new EnumMap<_Fields, org.apache.thrift.meta_data.FieldMetaData>(_Fields.class);
+ tmpMap.put(_Fields.PROTOCOL_VERSION, new org.apache.thrift.meta_data.FieldMetaData("protocol_version", org.apache.thrift.TFieldRequirementType.REQUIRED,
+ new org.apache.thrift.meta_data.FieldValueMetaData(org.apache.thrift.protocol.TType.I32)));
+ tmpMap.put(_Fields.REQUESTOR_USER_NAME, new org.apache.thrift.meta_data.FieldMetaData("requestorUserName", org.apache.thrift.TFieldRequirementType.REQUIRED,
+ new org.apache.thrift.meta_data.FieldValueMetaData(org.apache.thrift.protocol.TType.STRING)));
+ tmpMap.put(_Fields.ROLE_NAME, new org.apache.thrift.meta_data.FieldMetaData("roleName", org.apache.thrift.TFieldRequirementType.REQUIRED,
+ new org.apache.thrift.meta_data.FieldValueMetaData(org.apache.thrift.protocol.TType.STRING)));
+ tmpMap.put(_Fields.REQUESTOR_GROUP_NAME, new org.apache.thrift.meta_data.FieldMetaData("requestorGroupName", org.apache.thrift.TFieldRequirementType.REQUIRED,
+ new org.apache.thrift.meta_data.SetMetaData(org.apache.thrift.protocol.TType.SET,
+ new org.apache.thrift.meta_data.FieldValueMetaData(org.apache.thrift.protocol.TType.STRING))));
+ tmpMap.put(_Fields.PRIVILEGE, new org.apache.thrift.meta_data.FieldMetaData("privilege", org.apache.thrift.TFieldRequirementType.REQUIRED,
+ new org.apache.thrift.meta_data.StructMetaData(org.apache.thrift.protocol.TType.STRUCT, TSentryPrivilege.class)));
+ metaDataMap = Collections.unmodifiableMap(tmpMap);
+ org.apache.thrift.meta_data.FieldMetaData.addStructMetaDataMap(TAlterSentryRoleRevokePrivilegeRequest.class, metaDataMap);
+ }
+
+ public TAlterSentryRoleRevokePrivilegeRequest() {
+ this.protocol_version = 1;
+
+ }
+
+ public TAlterSentryRoleRevokePrivilegeRequest(
+ int protocol_version,
+ String requestorUserName,
+ String roleName,
+ Set<String> requestorGroupName,
+ TSentryPrivilege privilege)
+ {
+ this();
+ this.protocol_version = protocol_version;
+ setProtocol_versionIsSet(true);
+ this.requestorUserName = requestorUserName;
+ this.roleName = roleName;
+ this.requestorGroupName = requestorGroupName;
+ this.privilege = privilege;
+ }
+
+ /**
+ * Performs a deep copy on <i>other</i>.
+ */
+ public TAlterSentryRoleRevokePrivilegeRequest(TAlterSentryRoleRevokePrivilegeRequest other) {
+ __isset_bitfield = other.__isset_bitfield;
+ this.protocol_version = other.protocol_version;
+ if (other.isSetRequestorUserName()) {
+ this.requestorUserName = other.requestorUserName;
+ }
+ if (other.isSetRoleName()) {
+ this.roleName = other.roleName;
+ }
+ if (other.isSetRequestorGroupName()) {
+ Set<String> __this__requestorGroupName = new HashSet<String>();
+ for (String other_element : other.requestorGroupName) {
+ __this__requestorGroupName.add(other_element);
+ }
+ this.requestorGroupName = __this__requestorGroupName;
+ }
+ if (other.isSetPrivilege()) {
+ this.privilege = new TSentryPrivilege(other.privilege);
+ }
+ }
+
+ public TAlterSentryRoleRevokePrivilegeRequest deepCopy() {
+ return new TAlterSentryRoleRevokePrivilegeRequest(this);
+ }
+
+ @Override
+ public void clear() {
+ this.protocol_version = 1;
+
+ this.requestorUserName = null;
+ this.roleName = null;
+ this.requestorGroupName = null;
+ this.privilege = null;
+ }
+
+ public int getProtocol_version() {
+ return this.protocol_version;
+ }
+
+ public void setProtocol_version(int protocol_version) {
+ this.protocol_version = protocol_version;
+ setProtocol_versionIsSet(true);
+ }
+
+ public void unsetProtocol_version() {
+ __isset_bitfield = EncodingUtils.clearBit(__isset_bitfield, __PROTOCOL_VERSION_ISSET_ID);
+ }
+
+ /** Returns true if field protocol_version is set (has been assigned a value) and false otherwise */
+ public boolean isSetProtocol_version() {
+ return EncodingUtils.testBit(__isset_bitfield, __PROTOCOL_VERSION_ISSET_ID);
+ }
+
+ public void setProtocol_versionIsSet(boolean value) {
+ __isset_bitfield = EncodingUtils.setBit(__isset_bitfield, __PROTOCOL_VERSION_ISSET_ID, value);
+ }
+
+ public String getRequestorUserName() {
+ return this.requestorUserName;
+ }
+
+ public void setRequestorUserName(String requestorUserName) {
+ this.requestorUserName = requestorUserName;
+ }
+
+ public void unsetRequestorUserName() {
+ this.requestorUserName = null;
+ }
+
+ /** Returns true if field requestorUserName is set (has been assigned a value) and false otherwise */
+ public boolean isSetRequestorUserName() {
+ return this.requestorUserName != null;
+ }
+
+ public void setRequestorUserNameIsSet(boolean value) {
+ if (!value) {
+ this.requestorUserName = null;
+ }
+ }
+
+ public String getRoleName() {
+ return this.roleName;
+ }
+
+ public void setRoleName(String roleName) {
+ this.roleName = roleName;
+ }
+
+ public void unsetRoleName() {
+ this.roleName = null;
+ }
+
+ /** Returns true if field roleName is set (has been assigned a value) and false otherwise */
+ public boolean isSetRoleName() {
+ return this.roleName != null;
+ }
+
+ public void setRoleNameIsSet(boolean value) {
+ if (!value) {
+ this.roleName = null;
+ }
+ }
+
+ public int getRequestorGroupNameSize() {
+ return (this.requestorGroupName == null) ? 0 : this.requestorGroupName.size();
+ }
+
+ public java.util.Iterator<String> getRequestorGroupNameIterator() {
+ return (this.requestorGroupName == null) ? null : this.requestorGroupName.iterator();
+ }
+
+ public void addToRequestorGroupName(String elem) {
+ if (this.requestorGroupName == null) {
+ this.requestorGroupName = new HashSet<String>();
+ }
+ this.requestorGroupName.add(elem);
+ }
+
+ public Set<String> getRequestorGroupName() {
+ return this.requestorGroupName;
+ }
+
+ public void setRequestorGroupName(Set<String> requestorGroupName) {
+ this.requestorGroupName = requestorGroupName;
+ }
+
+ public void unsetRequestorGroupName() {
+ this.requestorGroupName = null;
+ }
+
+ /** Returns true if field requestorGroupName is set (has been assigned a value) and false otherwise */
+ public boolean isSetRequestorGroupName() {
+ return this.requestorGroupName != null;
+ }
+
+ public void setRequestorGroupNameIsSet(boolean value) {
+ if (!value) {
+ this.requestorGroupName = null;
+ }
+ }
+
+ public TSentryPrivilege getPrivilege() {
+ return this.privilege;
+ }
+
+ public void setPrivilege(TSentryPrivilege privilege) {
+ this.privilege = privilege;
+ }
+
+ public void unsetPrivilege() {
+ this.privilege = null;
+ }
+
+ /** Returns true if field privilege is set (has been assigned a value) and false otherwise */
+ public boolean isSetPrivilege() {
+ return this.privilege != null;
+ }
+
+ public void setPrivilegeIsSet(boolean value) {
+ if (!value) {
+ this.privilege = null;
+ }
+ }
+
+ public void setFieldValue(_Fields field, Object value) {
+ switch (field) {
+ case PROTOCOL_VERSION:
+ if (value == null) {
+ unsetProtocol_version();
+ } else {
+ setProtocol_version((Integer)value);
+ }
+ break;
+
+ case REQUESTOR_USER_NAME:
+ if (value == null) {
+ unsetRequestorUserName();
+ } else {
+ setRequestorUserName((String)value);
+ }
+ break;
+
+ case ROLE_NAME:
+ if (value == null) {
+ unsetRoleName();
+ } else {
+ setRoleName((String)value);
+ }
+ break;
+
+ case REQUESTOR_GROUP_NAME:
+ if (value == null) {
+ unsetRequestorGroupName();
+ } else {
+ setRequestorGroupName((Set<String>)value);
+ }
+ break;
+
+ case PRIVILEGE:
+ if (value == null) {
+ unsetPrivilege();
+ } else {
+ setPrivilege((TSentryPrivilege)value);
+ }
+ break;
+
+ }
+ }
+
+ public Object getFieldValue(_Fields field) {
+ switch (field) {
+ case PROTOCOL_VERSION:
+ return Integer.valueOf(getProtocol_version());
+
+ case REQUESTOR_USER_NAME:
+ return getRequestorUserName();
+
+ case ROLE_NAME:
+ return getRoleName();
+
+ case REQUESTOR_GROUP_NAME:
+ return getRequestorGroupName();
+
+ case PRIVILEGE:
+ return getPrivilege();
+
+ }
+ throw new IllegalStateException();
+ }
+
+ /** Returns true if field corresponding to fieldID is set (has been assigned a value) and false otherwise */
+ public boolean isSet(_Fields field) {
+ if (field == null) {
+ throw new IllegalArgumentException();
+ }
+
+ switch (field) {
+ case PROTOCOL_VERSION:
+ return isSetProtocol_version();
+ case REQUESTOR_USER_NAME:
+ return isSetRequestorUserName();
+ case ROLE_NAME:
+ return isSetRoleName();
+ case REQUESTOR_GROUP_NAME:
+ return isSetRequestorGroupName();
+ case PRIVILEGE:
+ return isSetPrivilege();
+ }
+ throw new IllegalStateException();
+ }
+
+ @Override
+ public boolean equals(Object that) {
+ if (that == null)
+ return false;
+ if (that instanceof TAlterSentryRoleRevokePrivilegeRequest)
+ return this.equals((TAlterSentryRoleRevokePrivilegeRequest)that);
+ return false;
+ }
+
+ public boolean equals(TAlterSentryRoleRevokePrivilegeRequest that) {
+ if (that == null)
+ return false;
+
+ boolean this_present_protocol_version = true;
+ boolean that_present_protocol_version = true;
+ if (this_present_protocol_version || that_present_protocol_version) {
+ if (!(this_present_protocol_version && that_present_protocol_version))
+ return false;
+ if (this.protocol_version != that.protocol_version)
+ return false;
+ }
+
+ boolean this_present_requestorUserName = true && this.isSetRequestorUserName();
+ boolean that_present_requestorUserName = true && that.isSetRequestorUserName();
+ if (this_present_requestorUserName || that_present_requestorUserName) {
+ if (!(this_present_requestorUserName && that_present_requestorUserName))
+ return false;
+ if (!this.requestorUserName.equals(that.requestorUserName))
+ return false;
+ }
+
+ boolean this_present_roleName = true && this.isSetRoleName();
+ boolean that_present_roleName = true && that.isSetRoleName();
+ if (this_present_roleName || that_present_roleName) {
+ if (!(this_present_roleName && that_present_roleName))
+ return false;
+ if (!this.roleName.equals(that.roleName))
+ return false;
+ }
+
+ boolean this_present_requestorGroupName = true && this.isSetRequestorGroupName();
+ boolean that_present_requestorGroupName = true && that.isSetRequestorGroupName();
+ if (this_present_requestorGroupName || that_present_requestorGroupName) {
+ if (!(this_present_requestorGroupName && that_present_requestorGroupName))
+ return false;
+ if (!this.requestorGroupName.equals(that.requestorGroupName))
+ return false;
+ }
+
+ boolean this_present_privilege = true && this.isSetPrivilege();
+ boolean that_present_privilege = true && that.isSetPrivilege();
+ if (this_present_privilege || that_present_privilege) {
+ if (!(this_present_privilege && that_present_privilege))
+ return false;
+ if (!this.privilege.equals(that.privilege))
+ return false;
+ }
+
+ return true;
+ }
+
+ @Override
+ public int hashCode() {
+ HashCodeBuilder builder = new HashCodeBuilder();
+
+ boolean present_protocol_version = true;
+ builder.append(present_protocol_version);
+ if (present_protocol_version)
+ builder.append(protocol_version);
+
+ boolean present_requestorUserName = true && (isSetRequestorUserName());
+ builder.append(present_requestorUserName);
+ if (present_requestorUserName)
+ builder.append(requestorUserName);
+
+ boolean present_roleName = true && (isSetRoleName());
+ builder.append(present_roleName);
+ if (present_roleName)
+ builder.append(roleName);
+
+ boolean present_requestorGroupName = true && (isSetRequestorGroupName());
+ builder.append(present_requestorGroupName);
+ if (present_requestorGroupName)
+ builder.append(requestorGroupName);
+
+ boolean present_privilege = true && (isSetPrivilege());
+ builder.append(present_privilege);
+ if (present_privilege)
+ builder.append(privilege);
+
+ return builder.toHashCode();
+ }
+
+ public int compareTo(TAlterSentryRoleRevokePrivilegeRequest other) {
+ if (!getClass().equals(other.getClass())) {
+ return getClass().getName().compareTo(other.getClass().getName());
+ }
+
+ int lastComparison = 0;
+ TAlterSentryRoleRevokePrivilegeRequest typedOther = (TAlterSentryRoleRevokePrivilegeRequest)other;
+
+ lastComparison = Boolean.valueOf(isSetProtocol_version()).compareTo(typedOther.isSetProtocol_version());
+ if (lastComparison != 0) {
+ return lastComparison;
+ }
+ if (isSetProtocol_version()) {
+ lastComparison = org.apache.thrift.TBaseHelper.compareTo(this.protocol_version, typedOther.protocol_version);
+ if (lastComparison != 0) {
+ return lastComparison;
+ }
+ }
+ lastComparison = Boolean.valueOf(isSetRequestorUserName()).compareTo(typedOther.isSetRequestorUserName());
+ if (lastComparison != 0) {
+ return lastComparison;
+ }
+ if (isSetRequestorUserName()) {
+ lastComparison = org.apache.thrift.TBaseHelper.compareTo(this.requestorUserName, typedOther.requestorUserName);
+ if (lastComparison != 0) {
+ return lastComparison;
+ }
+ }
+ lastComparison = Boolean.valueOf(isSetRoleName()).compareTo(typedOther.isSetRoleName());
+ if (lastComparison != 0) {
+ return lastComparison;
+ }
+ if (isSetRoleName()) {
+ lastComparison = org.apache.thrift.TBaseHelper.compareTo(this.roleName, typedOther.roleName);
+ if (lastComparison != 0) {
+ return lastComparison;
+ }
+ }
+ lastComparison = Boolean.valueOf(isSetRequestorGroupName()).compareTo(typedOther.isSetRequestorGroupName());
+ if (lastComparison != 0) {
+ return lastComparison;
+ }
+ if (isSetRequestorGroupName()) {
+ lastComparison = org.apache.thrift.TBaseHelper.compareTo(this.requestorGroupName, typedOther.requestorGroupName);
+ if (lastComparison != 0) {
+ return lastComparison;
+ }
+ }
+ lastComparison = Boolean.valueOf(isSetPrivilege()).compareTo(typedOther.isSetPrivilege());
+ if (lastComparison != 0) {
+ return lastComparison;
+ }
+ if (isSetPrivilege()) {
+ lastComparison = org.apache.thrift.TBaseHelper.compareTo(this.privilege, typedOther.privilege);
+ if (lastComparison != 0) {
+ return lastComparison;
+ }
+ }
+ return 0;
+ }
+
+ public _Fields fieldForId(int fieldId) {
+ return _Fields.findByThriftId(fieldId);
+ }
+
+ public void read(org.apache.thrift.protocol.TProtocol iprot) throws org.apache.thrift.TException {
+ schemes.get(iprot.getScheme()).getScheme().read(iprot, this);
+ }
+
+ public void write(org.apache.thrift.protocol.TProtocol oprot) throws org.apache.thrift.TException {
+ schemes.get(oprot.getScheme()).getScheme().write(oprot, this);
+ }
+
+ @Override
+ public String toString() {
+ StringBuilder sb = new StringBuilder("TAlterSentryRoleRevokePrivilegeRequest(");
+ boolean first = true;
+
+ sb.append("protocol_version:");
+ sb.append(this.protocol_version);
+ first = false;
+ if (!first) sb.append(", ");
+ sb.append("requestorUserName:");
+ if (this.requestorUserName == null) {
+ sb.append("null");
+ } else {
+ sb.append(this.requestorUserName);
+ }
+ first = false;
+ if (!first) sb.append(", ");
+ sb.append("roleName:");
+ if (this.roleName == null) {
+ sb.append("null");
+ } else {
+ sb.append(this.roleName);
+ }
+ first = false;
+ if (!first) sb.append(", ");
+ sb.append("requestorGroupName:");
+ if (this.requestorGroupName == null) {
+ sb.append("null");
+ } else {
+ sb.append(this.requestorGroupName);
+ }
+ first = false;
+ if (!first) sb.append(", ");
+ sb.append("privilege:");
+ if (this.privilege == null) {
+ sb.append("null");
+ } else {
+ sb.append(this.privilege);
+ }
+ first = false;
+ sb.append(")");
+ return sb.toString();
+ }
+
+ public void validate() throws org.apache.thrift.TException {
+ // check for required fields
+ if (!isSetProtocol_version()) {
+ throw new org.apache.thrift.protocol.TProtocolException("Required field 'protocol_version' is unset! Struct:" + toString());
+ }
+
+ if (!isSetRequestorUserName()) {
+ throw new org.apache.thrift.protocol.TProtocolException("Required field 'requestorUserName' is unset! Struct:" + toString());
+ }
+
+ if (!isSetRoleName()) {
+ throw new org.apache.thrift.protocol.TProtocolException("Required field 'roleName' is unset! Struct:" + toString());
+ }
+
+ if (!isSetRequestorGroupName()) {
+ throw new org.apache.thrift.protocol.TProtocolException("Required field 'requestorGroupName' is unset! Struct:" + toString());
+ }
+
+ if (!isSetPrivilege()) {
+ throw new org.apache.thrift.protocol.TProtocolException("Required field 'privilege' is unset! Struct:" + toString());
+ }
+
+ // check for sub-struct validity
+ if (privilege != null) {
+ privilege.validate();
+ }
+ }
+
+ private void writeObject(java.io.ObjectOutputStream out) throws java.io.IOException {
+ try {
+ write(new org.apache.thrift.protocol.TCompactProtocol(new org.apache.thrift.transport.TIOStreamTransport(out)));
+ } catch (org.apache.thrift.TException te) {
+ throw new java.io.IOException(te);
+ }
+ }
+
+ private void readObject(java.io.ObjectInputStream in) throws java.io.IOException, ClassNotFoundException {
+ try {
+ // it doesn't seem like you should have to do this, but java serialization is wacky, and doesn't call the default constructor.
+ __isset_bitfield = 0;
+ read(new org.apache.thrift.protocol.TCompactProtocol(new org.apache.thrift.transport.TIOStreamTransport(in)));
+ } catch (org.apache.thrift.TException te) {
+ throw new java.io.IOException(te);
+ }
+ }
+
+ private static class TAlterSentryRoleRevokePrivilegeRequestStandardSchemeFactory implements SchemeFactory {
+ public TAlterSentryRoleRevokePrivilegeRequestStandardScheme getScheme() {
+ return new TAlterSentryRoleRevokePrivilegeRequestStandardScheme();
+ }
+ }
+
+ private static class TAlterSentryRoleRevokePrivilegeRequestStandardScheme extends StandardScheme<TAlterSentryRoleRevokePrivilegeRequest> {
+
+ public void read(org.apache.thrift.protocol.TProtocol iprot, TAlterSentryRoleRevokePrivilegeRequest struct) throws org.apache.thrift.TException {
+ org.apache.thrift.protocol.TField schemeField;
+ iprot.readStructBegin();
+ while (true)
+ {
+ schemeField = iprot.readFieldBegin();
+ if (schemeField.type == org.apache.thrift.protocol.TType.STOP) {
+ break;
+ }
+ switch (schemeField.id) {
+ case 1: // PROTOCOL_VERSION
+ if (schemeField.type == org.apache.thrift.protocol.TType.I32) {
+ struct.protocol_version = iprot.readI32();
+ struct.setProtocol_versionIsSet(true);
+ } else {
+ org.apache.thrift.protocol.TProtocolUtil.skip(iprot, schemeField.type);
+ }
+ break;
+ case 2: // REQUESTOR_USER_NAME
+ if (schemeField.type == org.apache.thrift.protocol.TType.STRING) {
+ struct.requestorUserName = iprot.readString();
+ struct.setRequestorUserNameIsSet(true);
+ } else {
+ org.apache.thrift.protocol.TProtocolUtil.skip(iprot, schemeField.type);
+ }
+ break;
+ case 3: // ROLE_NAME
+ if (schemeField.type == org.apache.thrift.protocol.TType.STRING) {
+ struct.roleName = iprot.readString();
+ struct.setRoleNameIsSet(true);
+ } else {
+ org.apache.thrift.protocol.TProtocolUtil.skip(iprot, schemeField.type);
+ }
+ break;
+ case 4: // REQUESTOR_GROUP_NAME
+ if (schemeField.type == org.apache.thrift.protocol.TType.SET) {
+ {
+ org.apache.thrift.protocol.TSet _set72 = iprot.readSetBegin();
+ struct.requestorGroupName = new HashSet<String>(2*_set72.size);
+ for (int _i73 = 0; _i73 < _set72.size; ++_i73)
+ {
+ String _elem74; // required
+ _elem74 = iprot.readString();
+ struct.requestorGroupName.add(_elem74);
+ }
+ iprot.readSetEnd();
+ }
+ struct.setRequestorGroupNameIsSet(true);
+ } else {
+ org.apache.thrift.protocol.TProtocolUtil.skip(iprot, schemeField.type);
+ }
+ break;
+ case 5: // PRIVILEGE
+ if (schemeField.type == org.apache.thrift.protocol.TType.STRUCT) {
+ struct.privilege = new TSentryPrivilege();
+ struct.privilege.read(iprot);
+ struct.setPrivilegeIsSet(true);
+ } else {
+ org.apache.thrift.protocol.TProtocolUtil.skip(iprot, schemeField.type);
+ }
+ break;
+ default:
+ org.apache.thrift.protocol.TProtocolUtil.skip(iprot, schemeField.type);
+ }
+ iprot.readFieldEnd();
+ }
+ iprot.readStructEnd();
+ struct.validate();
+ }
+
+ public void write(org.apache.thrift.protocol.TProtocol oprot, TAlterSentryRoleRevokePrivilegeRequest struct) throws org.apache.thrift.TException {
+ struct.validate();
+
+ oprot.writeStructBegin(STRUCT_DESC);
+ oprot.writeFieldBegin(PROTOCOL_VERSION_FIELD_DESC);
+ oprot.writeI32(struct.protocol_version);
+ oprot.writeFieldEnd();
+ if (struct.requestorUserName != null) {
+ oprot.writeFieldBegin(REQUESTOR_USER_NAME_FIELD_DESC);
+ oprot.writeString(struct.requestorUserName);
+ oprot.writeFieldEnd();
+ }
+ if (struct.roleName != null) {
+ oprot.writeFieldBegin(ROLE_NAME_FIELD_DESC);
+ oprot.writeString(struct.roleName);
+ oprot.writeFieldEnd();
+ }
+ if (struct.requestorGroupName != null) {
+ oprot.writeFieldBegin(REQUESTOR_GROUP_NAME_FIELD_DESC);
+ {
+ oprot.writeSetBegin(new org.apache.thrift.protocol.TSet(org.apache.thrift.protocol.TType.STRING, struct.requestorGroupName.size()));
+ for (String _iter75 : struct.requestorGroupName)
+ {
+ oprot.writeString(_iter75);
+ }
+ oprot.writeSetEnd();
+ }
+ oprot.writeFieldEnd();
+ }
+ if (struct.privilege != null) {
+ oprot.writeFieldBegin(PRIVILEGE_FIELD_DESC);
+ struct.privilege.write(oprot);
+ oprot.writeFieldEnd();
+ }
+ oprot.writeFieldStop();
+ oprot.writeStructEnd();
+ }
+
+ }
+
+ private static class TAlterSentryRoleRevokePrivilegeRequestTupleSchemeFactory implements SchemeFactory {
+ public TAlterSentryRoleRevokePrivilegeRequestTupleScheme getScheme() {
+ return new TAlterSentryRoleRevokePrivilegeRequestTupleScheme();
+ }
+ }
+
+ private static class TAlterSentryRoleRevokePrivilegeRequestTupleScheme extends TupleScheme<TAlterSentryRoleRevokePrivilegeRequest> {
+
+ @Override
+ public void write(org.apache.thrift.protocol.TProtocol prot, TAlterSentryRoleRevokePrivilegeRequest struct) throws org.apache.thrift.TException {
+ TTupleProtocol oprot = (TTupleProtocol) prot;
+ oprot.writeI32(struct.protocol_version);
+ oprot.writeString(struct.requestorUserName);
+ oprot.writeString(struct.roleName);
+ {
+ oprot.writeI32(struct.requestorGroupName.size());
+ for (String _iter76 : struct.requestorGroupName)
+ {
+ oprot.writeString(_iter76);
+ }
+ }
+ struct.privilege.write(oprot);
+ }
+
+ @Override
+ public void read(org.apache.thrift.protocol.TProtocol prot, TAlterSentryRoleRevokePrivilegeRequest struct) throws org.apache.thrift.TException {
+ TTupleProtocol iprot = (TTupleProtocol) prot;
+ struct.protocol_version = iprot.readI32();
+ struct.setProtocol_versionIsSet(true);
+ struct.requestorUserName = iprot.readString();
+ struct.setRequestorUserNameIsSet(true);
+ struct.roleName = iprot.readString();
+ struct.setRoleNameIsSet(true);
+ {
+ org.apache.thrift.protocol.TSet _set77 = new org.apache.thrift.protocol.TSet(org.apache.thrift.protocol.TType.STRING, iprot.readI32());
+ struct.requestorGroupName = new HashSet<String>(2*_set77.size);
+ for (int _i78 = 0; _i78 < _set77.size; ++_i78)
+ {
+ String _elem79; // required
+ _elem79 = iprot.readString();
+ struct.requestorGroupName.add(_elem79);
+ }
+ }
+ struct.setRequestorGroupNameIsSet(true);
+ struct.privilege = new TSentryPrivilege();
+ struct.privilege.read(iprot);
+ struct.setPrivilegeIsSet(true);
+ }
+ }
+
+}
+
[09/13] SENTRY-143: Merge db_policy_store branch into master (Brock
Noland via Shreepadma Venugopalan)
Posted by sh...@apache.org.
http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/644e8be3/sentry-provider/sentry-provider-db/src/gen/thrift/gen-javabean/org/apache/sentry/provider/db/service/thrift/SentryPolicyService.java
----------------------------------------------------------------------
diff --git a/sentry-provider/sentry-provider-db/src/gen/thrift/gen-javabean/org/apache/sentry/provider/db/service/thrift/SentryPolicyService.java b/sentry-provider/sentry-provider-db/src/gen/thrift/gen-javabean/org/apache/sentry/provider/db/service/thrift/SentryPolicyService.java
new file mode 100644
index 0000000..6f02595
--- /dev/null
+++ b/sentry-provider/sentry-provider-db/src/gen/thrift/gen-javabean/org/apache/sentry/provider/db/service/thrift/SentryPolicyService.java
@@ -0,0 +1,6548 @@
+/**
+ * Autogenerated by Thrift Compiler (0.9.0)
+ *
+ * DO NOT EDIT UNLESS YOU ARE SURE THAT YOU KNOW WHAT YOU ARE DOING
+ * @generated
+ */
+package org.apache.sentry.provider.db.service.thrift;
+
+import org.apache.commons.lang.builder.HashCodeBuilder;
+import org.apache.thrift.scheme.IScheme;
+import org.apache.thrift.scheme.SchemeFactory;
+import org.apache.thrift.scheme.StandardScheme;
+
+import org.apache.thrift.scheme.TupleScheme;
+import org.apache.thrift.protocol.TTupleProtocol;
+import org.apache.thrift.protocol.TProtocolException;
+import org.apache.thrift.EncodingUtils;
+import org.apache.thrift.TException;
+import java.util.List;
+import java.util.ArrayList;
+import java.util.Map;
+import java.util.HashMap;
+import java.util.EnumMap;
+import java.util.Set;
+import java.util.HashSet;
+import java.util.EnumSet;
+import java.util.Collections;
+import java.util.BitSet;
+import java.nio.ByteBuffer;
+import java.util.Arrays;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+public class SentryPolicyService {
+
+ public interface Iface {
+
+ public TCreateSentryRoleResponse create_sentry_role(TCreateSentryRoleRequest request) throws org.apache.thrift.TException;
+
+ public TDropSentryRoleResponse drop_sentry_role(TDropSentryRoleRequest request) throws org.apache.thrift.TException;
+
+ public TAlterSentryRoleGrantPrivilegeResponse alter_sentry_role_grant_privilege(TAlterSentryRoleGrantPrivilegeRequest request) throws org.apache.thrift.TException;
+
+ public TAlterSentryRoleRevokePrivilegeResponse alter_sentry_role_revoke_privilege(TAlterSentryRoleRevokePrivilegeRequest request) throws org.apache.thrift.TException;
+
+ public TAlterSentryRoleAddGroupsResponse alter_sentry_role_add_groups(TAlterSentryRoleAddGroupsRequest request) throws org.apache.thrift.TException;
+
+ public TAlterSentryRoleDeleteGroupsResponse alter_sentry_role_delete_groups(TAlterSentryRoleDeleteGroupsRequest request) throws org.apache.thrift.TException;
+
+ public TListSentryRolesResponse list_sentry_roles_by_group(TListSentryRolesRequest request) throws org.apache.thrift.TException;
+
+ public TListSentryRolesResponse list_sentry_roles_by_role_name(TListSentryRolesRequest request) throws org.apache.thrift.TException;
+
+ }
+
+ public interface AsyncIface {
+
+ public void create_sentry_role(TCreateSentryRoleRequest request, org.apache.thrift.async.AsyncMethodCallback<AsyncClient.create_sentry_role_call> resultHandler) throws org.apache.thrift.TException;
+
+ public void drop_sentry_role(TDropSentryRoleRequest request, org.apache.thrift.async.AsyncMethodCallback<AsyncClient.drop_sentry_role_call> resultHandler) throws org.apache.thrift.TException;
+
+ public void alter_sentry_role_grant_privilege(TAlterSentryRoleGrantPrivilegeRequest request, org.apache.thrift.async.AsyncMethodCallback<AsyncClient.alter_sentry_role_grant_privilege_call> resultHandler) throws org.apache.thrift.TException;
+
+ public void alter_sentry_role_revoke_privilege(TAlterSentryRoleRevokePrivilegeRequest request, org.apache.thrift.async.AsyncMethodCallback<AsyncClient.alter_sentry_role_revoke_privilege_call> resultHandler) throws org.apache.thrift.TException;
+
+ public void alter_sentry_role_add_groups(TAlterSentryRoleAddGroupsRequest request, org.apache.thrift.async.AsyncMethodCallback<AsyncClient.alter_sentry_role_add_groups_call> resultHandler) throws org.apache.thrift.TException;
+
+ public void alter_sentry_role_delete_groups(TAlterSentryRoleDeleteGroupsRequest request, org.apache.thrift.async.AsyncMethodCallback<AsyncClient.alter_sentry_role_delete_groups_call> resultHandler) throws org.apache.thrift.TException;
+
+ public void list_sentry_roles_by_group(TListSentryRolesRequest request, org.apache.thrift.async.AsyncMethodCallback<AsyncClient.list_sentry_roles_by_group_call> resultHandler) throws org.apache.thrift.TException;
+
+ public void list_sentry_roles_by_role_name(TListSentryRolesRequest request, org.apache.thrift.async.AsyncMethodCallback<AsyncClient.list_sentry_roles_by_role_name_call> resultHandler) throws org.apache.thrift.TException;
+
+ }
+
+ public static class Client extends org.apache.thrift.TServiceClient implements Iface {
+ public static class Factory implements org.apache.thrift.TServiceClientFactory<Client> {
+ public Factory() {}
+ public Client getClient(org.apache.thrift.protocol.TProtocol prot) {
+ return new Client(prot);
+ }
+ public Client getClient(org.apache.thrift.protocol.TProtocol iprot, org.apache.thrift.protocol.TProtocol oprot) {
+ return new Client(iprot, oprot);
+ }
+ }
+
+ public Client(org.apache.thrift.protocol.TProtocol prot)
+ {
+ super(prot, prot);
+ }
+
+ public Client(org.apache.thrift.protocol.TProtocol iprot, org.apache.thrift.protocol.TProtocol oprot) {
+ super(iprot, oprot);
+ }
+
+ public TCreateSentryRoleResponse create_sentry_role(TCreateSentryRoleRequest request) throws org.apache.thrift.TException
+ {
+ send_create_sentry_role(request);
+ return recv_create_sentry_role();
+ }
+
+ public void send_create_sentry_role(TCreateSentryRoleRequest request) throws org.apache.thrift.TException
+ {
+ create_sentry_role_args args = new create_sentry_role_args();
+ args.setRequest(request);
+ sendBase("create_sentry_role", args);
+ }
+
+ public TCreateSentryRoleResponse recv_create_sentry_role() throws org.apache.thrift.TException
+ {
+ create_sentry_role_result result = new create_sentry_role_result();
+ receiveBase(result, "create_sentry_role");
+ if (result.isSetSuccess()) {
+ return result.success;
+ }
+ throw new org.apache.thrift.TApplicationException(org.apache.thrift.TApplicationException.MISSING_RESULT, "create_sentry_role failed: unknown result");
+ }
+
+ public TDropSentryRoleResponse drop_sentry_role(TDropSentryRoleRequest request) throws org.apache.thrift.TException
+ {
+ send_drop_sentry_role(request);
+ return recv_drop_sentry_role();
+ }
+
+ public void send_drop_sentry_role(TDropSentryRoleRequest request) throws org.apache.thrift.TException
+ {
+ drop_sentry_role_args args = new drop_sentry_role_args();
+ args.setRequest(request);
+ sendBase("drop_sentry_role", args);
+ }
+
+ public TDropSentryRoleResponse recv_drop_sentry_role() throws org.apache.thrift.TException
+ {
+ drop_sentry_role_result result = new drop_sentry_role_result();
+ receiveBase(result, "drop_sentry_role");
+ if (result.isSetSuccess()) {
+ return result.success;
+ }
+ throw new org.apache.thrift.TApplicationException(org.apache.thrift.TApplicationException.MISSING_RESULT, "drop_sentry_role failed: unknown result");
+ }
+
+ public TAlterSentryRoleGrantPrivilegeResponse alter_sentry_role_grant_privilege(TAlterSentryRoleGrantPrivilegeRequest request) throws org.apache.thrift.TException
+ {
+ send_alter_sentry_role_grant_privilege(request);
+ return recv_alter_sentry_role_grant_privilege();
+ }
+
+ public void send_alter_sentry_role_grant_privilege(TAlterSentryRoleGrantPrivilegeRequest request) throws org.apache.thrift.TException
+ {
+ alter_sentry_role_grant_privilege_args args = new alter_sentry_role_grant_privilege_args();
+ args.setRequest(request);
+ sendBase("alter_sentry_role_grant_privilege", args);
+ }
+
+ public TAlterSentryRoleGrantPrivilegeResponse recv_alter_sentry_role_grant_privilege() throws org.apache.thrift.TException
+ {
+ alter_sentry_role_grant_privilege_result result = new alter_sentry_role_grant_privilege_result();
+ receiveBase(result, "alter_sentry_role_grant_privilege");
+ if (result.isSetSuccess()) {
+ return result.success;
+ }
+ throw new org.apache.thrift.TApplicationException(org.apache.thrift.TApplicationException.MISSING_RESULT, "alter_sentry_role_grant_privilege failed: unknown result");
+ }
+
+ public TAlterSentryRoleRevokePrivilegeResponse alter_sentry_role_revoke_privilege(TAlterSentryRoleRevokePrivilegeRequest request) throws org.apache.thrift.TException
+ {
+ send_alter_sentry_role_revoke_privilege(request);
+ return recv_alter_sentry_role_revoke_privilege();
+ }
+
+ public void send_alter_sentry_role_revoke_privilege(TAlterSentryRoleRevokePrivilegeRequest request) throws org.apache.thrift.TException
+ {
+ alter_sentry_role_revoke_privilege_args args = new alter_sentry_role_revoke_privilege_args();
+ args.setRequest(request);
+ sendBase("alter_sentry_role_revoke_privilege", args);
+ }
+
+ public TAlterSentryRoleRevokePrivilegeResponse recv_alter_sentry_role_revoke_privilege() throws org.apache.thrift.TException
+ {
+ alter_sentry_role_revoke_privilege_result result = new alter_sentry_role_revoke_privilege_result();
+ receiveBase(result, "alter_sentry_role_revoke_privilege");
+ if (result.isSetSuccess()) {
+ return result.success;
+ }
+ throw new org.apache.thrift.TApplicationException(org.apache.thrift.TApplicationException.MISSING_RESULT, "alter_sentry_role_revoke_privilege failed: unknown result");
+ }
+
+ public TAlterSentryRoleAddGroupsResponse alter_sentry_role_add_groups(TAlterSentryRoleAddGroupsRequest request) throws org.apache.thrift.TException
+ {
+ send_alter_sentry_role_add_groups(request);
+ return recv_alter_sentry_role_add_groups();
+ }
+
+ public void send_alter_sentry_role_add_groups(TAlterSentryRoleAddGroupsRequest request) throws org.apache.thrift.TException
+ {
+ alter_sentry_role_add_groups_args args = new alter_sentry_role_add_groups_args();
+ args.setRequest(request);
+ sendBase("alter_sentry_role_add_groups", args);
+ }
+
+ public TAlterSentryRoleAddGroupsResponse recv_alter_sentry_role_add_groups() throws org.apache.thrift.TException
+ {
+ alter_sentry_role_add_groups_result result = new alter_sentry_role_add_groups_result();
+ receiveBase(result, "alter_sentry_role_add_groups");
+ if (result.isSetSuccess()) {
+ return result.success;
+ }
+ throw new org.apache.thrift.TApplicationException(org.apache.thrift.TApplicationException.MISSING_RESULT, "alter_sentry_role_add_groups failed: unknown result");
+ }
+
+ public TAlterSentryRoleDeleteGroupsResponse alter_sentry_role_delete_groups(TAlterSentryRoleDeleteGroupsRequest request) throws org.apache.thrift.TException
+ {
+ send_alter_sentry_role_delete_groups(request);
+ return recv_alter_sentry_role_delete_groups();
+ }
+
+ public void send_alter_sentry_role_delete_groups(TAlterSentryRoleDeleteGroupsRequest request) throws org.apache.thrift.TException
+ {
+ alter_sentry_role_delete_groups_args args = new alter_sentry_role_delete_groups_args();
+ args.setRequest(request);
+ sendBase("alter_sentry_role_delete_groups", args);
+ }
+
+ public TAlterSentryRoleDeleteGroupsResponse recv_alter_sentry_role_delete_groups() throws org.apache.thrift.TException
+ {
+ alter_sentry_role_delete_groups_result result = new alter_sentry_role_delete_groups_result();
+ receiveBase(result, "alter_sentry_role_delete_groups");
+ if (result.isSetSuccess()) {
+ return result.success;
+ }
+ throw new org.apache.thrift.TApplicationException(org.apache.thrift.TApplicationException.MISSING_RESULT, "alter_sentry_role_delete_groups failed: unknown result");
+ }
+
+ public TListSentryRolesResponse list_sentry_roles_by_group(TListSentryRolesRequest request) throws org.apache.thrift.TException
+ {
+ send_list_sentry_roles_by_group(request);
+ return recv_list_sentry_roles_by_group();
+ }
+
+ public void send_list_sentry_roles_by_group(TListSentryRolesRequest request) throws org.apache.thrift.TException
+ {
+ list_sentry_roles_by_group_args args = new list_sentry_roles_by_group_args();
+ args.setRequest(request);
+ sendBase("list_sentry_roles_by_group", args);
+ }
+
+ public TListSentryRolesResponse recv_list_sentry_roles_by_group() throws org.apache.thrift.TException
+ {
+ list_sentry_roles_by_group_result result = new list_sentry_roles_by_group_result();
+ receiveBase(result, "list_sentry_roles_by_group");
+ if (result.isSetSuccess()) {
+ return result.success;
+ }
+ throw new org.apache.thrift.TApplicationException(org.apache.thrift.TApplicationException.MISSING_RESULT, "list_sentry_roles_by_group failed: unknown result");
+ }
+
+ public TListSentryRolesResponse list_sentry_roles_by_role_name(TListSentryRolesRequest request) throws org.apache.thrift.TException
+ {
+ send_list_sentry_roles_by_role_name(request);
+ return recv_list_sentry_roles_by_role_name();
+ }
+
+ public void send_list_sentry_roles_by_role_name(TListSentryRolesRequest request) throws org.apache.thrift.TException
+ {
+ list_sentry_roles_by_role_name_args args = new list_sentry_roles_by_role_name_args();
+ args.setRequest(request);
+ sendBase("list_sentry_roles_by_role_name", args);
+ }
+
+ public TListSentryRolesResponse recv_list_sentry_roles_by_role_name() throws org.apache.thrift.TException
+ {
+ list_sentry_roles_by_role_name_result result = new list_sentry_roles_by_role_name_result();
+ receiveBase(result, "list_sentry_roles_by_role_name");
+ if (result.isSetSuccess()) {
+ return result.success;
+ }
+ throw new org.apache.thrift.TApplicationException(org.apache.thrift.TApplicationException.MISSING_RESULT, "list_sentry_roles_by_role_name failed: unknown result");
+ }
+
+ }
+ public static class AsyncClient extends org.apache.thrift.async.TAsyncClient implements AsyncIface {
+ public static class Factory implements org.apache.thrift.async.TAsyncClientFactory<AsyncClient> {
+ private org.apache.thrift.async.TAsyncClientManager clientManager;
+ private org.apache.thrift.protocol.TProtocolFactory protocolFactory;
+ public Factory(org.apache.thrift.async.TAsyncClientManager clientManager, org.apache.thrift.protocol.TProtocolFactory protocolFactory) {
+ this.clientManager = clientManager;
+ this.protocolFactory = protocolFactory;
+ }
+ public AsyncClient getAsyncClient(org.apache.thrift.transport.TNonblockingTransport transport) {
+ return new AsyncClient(protocolFactory, clientManager, transport);
+ }
+ }
+
+ public AsyncClient(org.apache.thrift.protocol.TProtocolFactory protocolFactory, org.apache.thrift.async.TAsyncClientManager clientManager, org.apache.thrift.transport.TNonblockingTransport transport) {
+ super(protocolFactory, clientManager, transport);
+ }
+
+ public void create_sentry_role(TCreateSentryRoleRequest request, org.apache.thrift.async.AsyncMethodCallback<create_sentry_role_call> resultHandler) throws org.apache.thrift.TException {
+ checkReady();
+ create_sentry_role_call method_call = new create_sentry_role_call(request, resultHandler, this, ___protocolFactory, ___transport);
+ this.___currentMethod = method_call;
+ ___manager.call(method_call);
+ }
+
+ public static class create_sentry_role_call extends org.apache.thrift.async.TAsyncMethodCall {
+ private TCreateSentryRoleRequest request;
+ public create_sentry_role_call(TCreateSentryRoleRequest request, org.apache.thrift.async.AsyncMethodCallback<create_sentry_role_call> resultHandler, org.apache.thrift.async.TAsyncClient client, org.apache.thrift.protocol.TProtocolFactory protocolFactory, org.apache.thrift.transport.TNonblockingTransport transport) throws org.apache.thrift.TException {
+ super(client, protocolFactory, transport, resultHandler, false);
+ this.request = request;
+ }
+
+ public void write_args(org.apache.thrift.protocol.TProtocol prot) throws org.apache.thrift.TException {
+ prot.writeMessageBegin(new org.apache.thrift.protocol.TMessage("create_sentry_role", org.apache.thrift.protocol.TMessageType.CALL, 0));
+ create_sentry_role_args args = new create_sentry_role_args();
+ args.setRequest(request);
+ args.write(prot);
+ prot.writeMessageEnd();
+ }
+
+ public TCreateSentryRoleResponse getResult() throws org.apache.thrift.TException {
+ if (getState() != org.apache.thrift.async.TAsyncMethodCall.State.RESPONSE_READ) {
+ throw new IllegalStateException("Method call not finished!");
+ }
+ org.apache.thrift.transport.TMemoryInputTransport memoryTransport = new org.apache.thrift.transport.TMemoryInputTransport(getFrameBuffer().array());
+ org.apache.thrift.protocol.TProtocol prot = client.getProtocolFactory().getProtocol(memoryTransport);
+ return (new Client(prot)).recv_create_sentry_role();
+ }
+ }
+
+ public void drop_sentry_role(TDropSentryRoleRequest request, org.apache.thrift.async.AsyncMethodCallback<drop_sentry_role_call> resultHandler) throws org.apache.thrift.TException {
+ checkReady();
+ drop_sentry_role_call method_call = new drop_sentry_role_call(request, resultHandler, this, ___protocolFactory, ___transport);
+ this.___currentMethod = method_call;
+ ___manager.call(method_call);
+ }
+
+ public static class drop_sentry_role_call extends org.apache.thrift.async.TAsyncMethodCall {
+ private TDropSentryRoleRequest request;
+ public drop_sentry_role_call(TDropSentryRoleRequest request, org.apache.thrift.async.AsyncMethodCallback<drop_sentry_role_call> resultHandler, org.apache.thrift.async.TAsyncClient client, org.apache.thrift.protocol.TProtocolFactory protocolFactory, org.apache.thrift.transport.TNonblockingTransport transport) throws org.apache.thrift.TException {
+ super(client, protocolFactory, transport, resultHandler, false);
+ this.request = request;
+ }
+
+ public void write_args(org.apache.thrift.protocol.TProtocol prot) throws org.apache.thrift.TException {
+ prot.writeMessageBegin(new org.apache.thrift.protocol.TMessage("drop_sentry_role", org.apache.thrift.protocol.TMessageType.CALL, 0));
+ drop_sentry_role_args args = new drop_sentry_role_args();
+ args.setRequest(request);
+ args.write(prot);
+ prot.writeMessageEnd();
+ }
+
+ public TDropSentryRoleResponse getResult() throws org.apache.thrift.TException {
+ if (getState() != org.apache.thrift.async.TAsyncMethodCall.State.RESPONSE_READ) {
+ throw new IllegalStateException("Method call not finished!");
+ }
+ org.apache.thrift.transport.TMemoryInputTransport memoryTransport = new org.apache.thrift.transport.TMemoryInputTransport(getFrameBuffer().array());
+ org.apache.thrift.protocol.TProtocol prot = client.getProtocolFactory().getProtocol(memoryTransport);
+ return (new Client(prot)).recv_drop_sentry_role();
+ }
+ }
+
+ public void alter_sentry_role_grant_privilege(TAlterSentryRoleGrantPrivilegeRequest request, org.apache.thrift.async.AsyncMethodCallback<alter_sentry_role_grant_privilege_call> resultHandler) throws org.apache.thrift.TException {
+ checkReady();
+ alter_sentry_role_grant_privilege_call method_call = new alter_sentry_role_grant_privilege_call(request, resultHandler, this, ___protocolFactory, ___transport);
+ this.___currentMethod = method_call;
+ ___manager.call(method_call);
+ }
+
+ public static class alter_sentry_role_grant_privilege_call extends org.apache.thrift.async.TAsyncMethodCall {
+ private TAlterSentryRoleGrantPrivilegeRequest request;
+ public alter_sentry_role_grant_privilege_call(TAlterSentryRoleGrantPrivilegeRequest request, org.apache.thrift.async.AsyncMethodCallback<alter_sentry_role_grant_privilege_call> resultHandler, org.apache.thrift.async.TAsyncClient client, org.apache.thrift.protocol.TProtocolFactory protocolFactory, org.apache.thrift.transport.TNonblockingTransport transport) throws org.apache.thrift.TException {
+ super(client, protocolFactory, transport, resultHandler, false);
+ this.request = request;
+ }
+
+ public void write_args(org.apache.thrift.protocol.TProtocol prot) throws org.apache.thrift.TException {
+ prot.writeMessageBegin(new org.apache.thrift.protocol.TMessage("alter_sentry_role_grant_privilege", org.apache.thrift.protocol.TMessageType.CALL, 0));
+ alter_sentry_role_grant_privilege_args args = new alter_sentry_role_grant_privilege_args();
+ args.setRequest(request);
+ args.write(prot);
+ prot.writeMessageEnd();
+ }
+
+ public TAlterSentryRoleGrantPrivilegeResponse getResult() throws org.apache.thrift.TException {
+ if (getState() != org.apache.thrift.async.TAsyncMethodCall.State.RESPONSE_READ) {
+ throw new IllegalStateException("Method call not finished!");
+ }
+ org.apache.thrift.transport.TMemoryInputTransport memoryTransport = new org.apache.thrift.transport.TMemoryInputTransport(getFrameBuffer().array());
+ org.apache.thrift.protocol.TProtocol prot = client.getProtocolFactory().getProtocol(memoryTransport);
+ return (new Client(prot)).recv_alter_sentry_role_grant_privilege();
+ }
+ }
+
+ public void alter_sentry_role_revoke_privilege(TAlterSentryRoleRevokePrivilegeRequest request, org.apache.thrift.async.AsyncMethodCallback<alter_sentry_role_revoke_privilege_call> resultHandler) throws org.apache.thrift.TException {
+ checkReady();
+ alter_sentry_role_revoke_privilege_call method_call = new alter_sentry_role_revoke_privilege_call(request, resultHandler, this, ___protocolFactory, ___transport);
+ this.___currentMethod = method_call;
+ ___manager.call(method_call);
+ }
+
+ public static class alter_sentry_role_revoke_privilege_call extends org.apache.thrift.async.TAsyncMethodCall {
+ private TAlterSentryRoleRevokePrivilegeRequest request;
+ public alter_sentry_role_revoke_privilege_call(TAlterSentryRoleRevokePrivilegeRequest request, org.apache.thrift.async.AsyncMethodCallback<alter_sentry_role_revoke_privilege_call> resultHandler, org.apache.thrift.async.TAsyncClient client, org.apache.thrift.protocol.TProtocolFactory protocolFactory, org.apache.thrift.transport.TNonblockingTransport transport) throws org.apache.thrift.TException {
+ super(client, protocolFactory, transport, resultHandler, false);
+ this.request = request;
+ }
+
+ public void write_args(org.apache.thrift.protocol.TProtocol prot) throws org.apache.thrift.TException {
+ prot.writeMessageBegin(new org.apache.thrift.protocol.TMessage("alter_sentry_role_revoke_privilege", org.apache.thrift.protocol.TMessageType.CALL, 0));
+ alter_sentry_role_revoke_privilege_args args = new alter_sentry_role_revoke_privilege_args();
+ args.setRequest(request);
+ args.write(prot);
+ prot.writeMessageEnd();
+ }
+
+ public TAlterSentryRoleRevokePrivilegeResponse getResult() throws org.apache.thrift.TException {
+ if (getState() != org.apache.thrift.async.TAsyncMethodCall.State.RESPONSE_READ) {
+ throw new IllegalStateException("Method call not finished!");
+ }
+ org.apache.thrift.transport.TMemoryInputTransport memoryTransport = new org.apache.thrift.transport.TMemoryInputTransport(getFrameBuffer().array());
+ org.apache.thrift.protocol.TProtocol prot = client.getProtocolFactory().getProtocol(memoryTransport);
+ return (new Client(prot)).recv_alter_sentry_role_revoke_privilege();
+ }
+ }
+
+ public void alter_sentry_role_add_groups(TAlterSentryRoleAddGroupsRequest request, org.apache.thrift.async.AsyncMethodCallback<alter_sentry_role_add_groups_call> resultHandler) throws org.apache.thrift.TException {
+ checkReady();
+ alter_sentry_role_add_groups_call method_call = new alter_sentry_role_add_groups_call(request, resultHandler, this, ___protocolFactory, ___transport);
+ this.___currentMethod = method_call;
+ ___manager.call(method_call);
+ }
+
+ public static class alter_sentry_role_add_groups_call extends org.apache.thrift.async.TAsyncMethodCall {
+ private TAlterSentryRoleAddGroupsRequest request;
+ public alter_sentry_role_add_groups_call(TAlterSentryRoleAddGroupsRequest request, org.apache.thrift.async.AsyncMethodCallback<alter_sentry_role_add_groups_call> resultHandler, org.apache.thrift.async.TAsyncClient client, org.apache.thrift.protocol.TProtocolFactory protocolFactory, org.apache.thrift.transport.TNonblockingTransport transport) throws org.apache.thrift.TException {
+ super(client, protocolFactory, transport, resultHandler, false);
+ this.request = request;
+ }
+
+ public void write_args(org.apache.thrift.protocol.TProtocol prot) throws org.apache.thrift.TException {
+ prot.writeMessageBegin(new org.apache.thrift.protocol.TMessage("alter_sentry_role_add_groups", org.apache.thrift.protocol.TMessageType.CALL, 0));
+ alter_sentry_role_add_groups_args args = new alter_sentry_role_add_groups_args();
+ args.setRequest(request);
+ args.write(prot);
+ prot.writeMessageEnd();
+ }
+
+ public TAlterSentryRoleAddGroupsResponse getResult() throws org.apache.thrift.TException {
+ if (getState() != org.apache.thrift.async.TAsyncMethodCall.State.RESPONSE_READ) {
+ throw new IllegalStateException("Method call not finished!");
+ }
+ org.apache.thrift.transport.TMemoryInputTransport memoryTransport = new org.apache.thrift.transport.TMemoryInputTransport(getFrameBuffer().array());
+ org.apache.thrift.protocol.TProtocol prot = client.getProtocolFactory().getProtocol(memoryTransport);
+ return (new Client(prot)).recv_alter_sentry_role_add_groups();
+ }
+ }
+
+ public void alter_sentry_role_delete_groups(TAlterSentryRoleDeleteGroupsRequest request, org.apache.thrift.async.AsyncMethodCallback<alter_sentry_role_delete_groups_call> resultHandler) throws org.apache.thrift.TException {
+ checkReady();
+ alter_sentry_role_delete_groups_call method_call = new alter_sentry_role_delete_groups_call(request, resultHandler, this, ___protocolFactory, ___transport);
+ this.___currentMethod = method_call;
+ ___manager.call(method_call);
+ }
+
+ public static class alter_sentry_role_delete_groups_call extends org.apache.thrift.async.TAsyncMethodCall {
+ private TAlterSentryRoleDeleteGroupsRequest request;
+ public alter_sentry_role_delete_groups_call(TAlterSentryRoleDeleteGroupsRequest request, org.apache.thrift.async.AsyncMethodCallback<alter_sentry_role_delete_groups_call> resultHandler, org.apache.thrift.async.TAsyncClient client, org.apache.thrift.protocol.TProtocolFactory protocolFactory, org.apache.thrift.transport.TNonblockingTransport transport) throws org.apache.thrift.TException {
+ super(client, protocolFactory, transport, resultHandler, false);
+ this.request = request;
+ }
+
+ public void write_args(org.apache.thrift.protocol.TProtocol prot) throws org.apache.thrift.TException {
+ prot.writeMessageBegin(new org.apache.thrift.protocol.TMessage("alter_sentry_role_delete_groups", org.apache.thrift.protocol.TMessageType.CALL, 0));
+ alter_sentry_role_delete_groups_args args = new alter_sentry_role_delete_groups_args();
+ args.setRequest(request);
+ args.write(prot);
+ prot.writeMessageEnd();
+ }
+
+ public TAlterSentryRoleDeleteGroupsResponse getResult() throws org.apache.thrift.TException {
+ if (getState() != org.apache.thrift.async.TAsyncMethodCall.State.RESPONSE_READ) {
+ throw new IllegalStateException("Method call not finished!");
+ }
+ org.apache.thrift.transport.TMemoryInputTransport memoryTransport = new org.apache.thrift.transport.TMemoryInputTransport(getFrameBuffer().array());
+ org.apache.thrift.protocol.TProtocol prot = client.getProtocolFactory().getProtocol(memoryTransport);
+ return (new Client(prot)).recv_alter_sentry_role_delete_groups();
+ }
+ }
+
+ public void list_sentry_roles_by_group(TListSentryRolesRequest request, org.apache.thrift.async.AsyncMethodCallback<list_sentry_roles_by_group_call> resultHandler) throws org.apache.thrift.TException {
+ checkReady();
+ list_sentry_roles_by_group_call method_call = new list_sentry_roles_by_group_call(request, resultHandler, this, ___protocolFactory, ___transport);
+ this.___currentMethod = method_call;
+ ___manager.call(method_call);
+ }
+
+ public static class list_sentry_roles_by_group_call extends org.apache.thrift.async.TAsyncMethodCall {
+ private TListSentryRolesRequest request;
+ public list_sentry_roles_by_group_call(TListSentryRolesRequest request, org.apache.thrift.async.AsyncMethodCallback<list_sentry_roles_by_group_call> resultHandler, org.apache.thrift.async.TAsyncClient client, org.apache.thrift.protocol.TProtocolFactory protocolFactory, org.apache.thrift.transport.TNonblockingTransport transport) throws org.apache.thrift.TException {
+ super(client, protocolFactory, transport, resultHandler, false);
+ this.request = request;
+ }
+
+ public void write_args(org.apache.thrift.protocol.TProtocol prot) throws org.apache.thrift.TException {
+ prot.writeMessageBegin(new org.apache.thrift.protocol.TMessage("list_sentry_roles_by_group", org.apache.thrift.protocol.TMessageType.CALL, 0));
+ list_sentry_roles_by_group_args args = new list_sentry_roles_by_group_args();
+ args.setRequest(request);
+ args.write(prot);
+ prot.writeMessageEnd();
+ }
+
+ public TListSentryRolesResponse getResult() throws org.apache.thrift.TException {
+ if (getState() != org.apache.thrift.async.TAsyncMethodCall.State.RESPONSE_READ) {
+ throw new IllegalStateException("Method call not finished!");
+ }
+ org.apache.thrift.transport.TMemoryInputTransport memoryTransport = new org.apache.thrift.transport.TMemoryInputTransport(getFrameBuffer().array());
+ org.apache.thrift.protocol.TProtocol prot = client.getProtocolFactory().getProtocol(memoryTransport);
+ return (new Client(prot)).recv_list_sentry_roles_by_group();
+ }
+ }
+
+ public void list_sentry_roles_by_role_name(TListSentryRolesRequest request, org.apache.thrift.async.AsyncMethodCallback<list_sentry_roles_by_role_name_call> resultHandler) throws org.apache.thrift.TException {
+ checkReady();
+ list_sentry_roles_by_role_name_call method_call = new list_sentry_roles_by_role_name_call(request, resultHandler, this, ___protocolFactory, ___transport);
+ this.___currentMethod = method_call;
+ ___manager.call(method_call);
+ }
+
+ public static class list_sentry_roles_by_role_name_call extends org.apache.thrift.async.TAsyncMethodCall {
+ private TListSentryRolesRequest request;
+ public list_sentry_roles_by_role_name_call(TListSentryRolesRequest request, org.apache.thrift.async.AsyncMethodCallback<list_sentry_roles_by_role_name_call> resultHandler, org.apache.thrift.async.TAsyncClient client, org.apache.thrift.protocol.TProtocolFactory protocolFactory, org.apache.thrift.transport.TNonblockingTransport transport) throws org.apache.thrift.TException {
+ super(client, protocolFactory, transport, resultHandler, false);
+ this.request = request;
+ }
+
+ public void write_args(org.apache.thrift.protocol.TProtocol prot) throws org.apache.thrift.TException {
+ prot.writeMessageBegin(new org.apache.thrift.protocol.TMessage("list_sentry_roles_by_role_name", org.apache.thrift.protocol.TMessageType.CALL, 0));
+ list_sentry_roles_by_role_name_args args = new list_sentry_roles_by_role_name_args();
+ args.setRequest(request);
+ args.write(prot);
+ prot.writeMessageEnd();
+ }
+
+ public TListSentryRolesResponse getResult() throws org.apache.thrift.TException {
+ if (getState() != org.apache.thrift.async.TAsyncMethodCall.State.RESPONSE_READ) {
+ throw new IllegalStateException("Method call not finished!");
+ }
+ org.apache.thrift.transport.TMemoryInputTransport memoryTransport = new org.apache.thrift.transport.TMemoryInputTransport(getFrameBuffer().array());
+ org.apache.thrift.protocol.TProtocol prot = client.getProtocolFactory().getProtocol(memoryTransport);
+ return (new Client(prot)).recv_list_sentry_roles_by_role_name();
+ }
+ }
+
+ }
+
+ public static class Processor<I extends Iface> extends org.apache.thrift.TBaseProcessor<I> implements org.apache.thrift.TProcessor {
+ private static final Logger LOGGER = LoggerFactory.getLogger(Processor.class.getName());
+ public Processor(I iface) {
+ super(iface, getProcessMap(new HashMap<String, org.apache.thrift.ProcessFunction<I, ? extends org.apache.thrift.TBase>>()));
+ }
+
+ protected Processor(I iface, Map<String, org.apache.thrift.ProcessFunction<I, ? extends org.apache.thrift.TBase>> processMap) {
+ super(iface, getProcessMap(processMap));
+ }
+
+ private static <I extends Iface> Map<String, org.apache.thrift.ProcessFunction<I, ? extends org.apache.thrift.TBase>> getProcessMap(Map<String, org.apache.thrift.ProcessFunction<I, ? extends org.apache.thrift.TBase>> processMap) {
+ processMap.put("create_sentry_role", new create_sentry_role());
+ processMap.put("drop_sentry_role", new drop_sentry_role());
+ processMap.put("alter_sentry_role_grant_privilege", new alter_sentry_role_grant_privilege());
+ processMap.put("alter_sentry_role_revoke_privilege", new alter_sentry_role_revoke_privilege());
+ processMap.put("alter_sentry_role_add_groups", new alter_sentry_role_add_groups());
+ processMap.put("alter_sentry_role_delete_groups", new alter_sentry_role_delete_groups());
+ processMap.put("list_sentry_roles_by_group", new list_sentry_roles_by_group());
+ processMap.put("list_sentry_roles_by_role_name", new list_sentry_roles_by_role_name());
+ return processMap;
+ }
+
+ public static class create_sentry_role<I extends Iface> extends org.apache.thrift.ProcessFunction<I, create_sentry_role_args> {
+ public create_sentry_role() {
+ super("create_sentry_role");
+ }
+
+ public create_sentry_role_args getEmptyArgsInstance() {
+ return new create_sentry_role_args();
+ }
+
+ protected boolean isOneway() {
+ return false;
+ }
+
+ public create_sentry_role_result getResult(I iface, create_sentry_role_args args) throws org.apache.thrift.TException {
+ create_sentry_role_result result = new create_sentry_role_result();
+ result.success = iface.create_sentry_role(args.request);
+ return result;
+ }
+ }
+
+ public static class drop_sentry_role<I extends Iface> extends org.apache.thrift.ProcessFunction<I, drop_sentry_role_args> {
+ public drop_sentry_role() {
+ super("drop_sentry_role");
+ }
+
+ public drop_sentry_role_args getEmptyArgsInstance() {
+ return new drop_sentry_role_args();
+ }
+
+ protected boolean isOneway() {
+ return false;
+ }
+
+ public drop_sentry_role_result getResult(I iface, drop_sentry_role_args args) throws org.apache.thrift.TException {
+ drop_sentry_role_result result = new drop_sentry_role_result();
+ result.success = iface.drop_sentry_role(args.request);
+ return result;
+ }
+ }
+
+ public static class alter_sentry_role_grant_privilege<I extends Iface> extends org.apache.thrift.ProcessFunction<I, alter_sentry_role_grant_privilege_args> {
+ public alter_sentry_role_grant_privilege() {
+ super("alter_sentry_role_grant_privilege");
+ }
+
+ public alter_sentry_role_grant_privilege_args getEmptyArgsInstance() {
+ return new alter_sentry_role_grant_privilege_args();
+ }
+
+ protected boolean isOneway() {
+ return false;
+ }
+
+ public alter_sentry_role_grant_privilege_result getResult(I iface, alter_sentry_role_grant_privilege_args args) throws org.apache.thrift.TException {
+ alter_sentry_role_grant_privilege_result result = new alter_sentry_role_grant_privilege_result();
+ result.success = iface.alter_sentry_role_grant_privilege(args.request);
+ return result;
+ }
+ }
+
+ public static class alter_sentry_role_revoke_privilege<I extends Iface> extends org.apache.thrift.ProcessFunction<I, alter_sentry_role_revoke_privilege_args> {
+ public alter_sentry_role_revoke_privilege() {
+ super("alter_sentry_role_revoke_privilege");
+ }
+
+ public alter_sentry_role_revoke_privilege_args getEmptyArgsInstance() {
+ return new alter_sentry_role_revoke_privilege_args();
+ }
+
+ protected boolean isOneway() {
+ return false;
+ }
+
+ public alter_sentry_role_revoke_privilege_result getResult(I iface, alter_sentry_role_revoke_privilege_args args) throws org.apache.thrift.TException {
+ alter_sentry_role_revoke_privilege_result result = new alter_sentry_role_revoke_privilege_result();
+ result.success = iface.alter_sentry_role_revoke_privilege(args.request);
+ return result;
+ }
+ }
+
+ public static class alter_sentry_role_add_groups<I extends Iface> extends org.apache.thrift.ProcessFunction<I, alter_sentry_role_add_groups_args> {
+ public alter_sentry_role_add_groups() {
+ super("alter_sentry_role_add_groups");
+ }
+
+ public alter_sentry_role_add_groups_args getEmptyArgsInstance() {
+ return new alter_sentry_role_add_groups_args();
+ }
+
+ protected boolean isOneway() {
+ return false;
+ }
+
+ public alter_sentry_role_add_groups_result getResult(I iface, alter_sentry_role_add_groups_args args) throws org.apache.thrift.TException {
+ alter_sentry_role_add_groups_result result = new alter_sentry_role_add_groups_result();
+ result.success = iface.alter_sentry_role_add_groups(args.request);
+ return result;
+ }
+ }
+
+ public static class alter_sentry_role_delete_groups<I extends Iface> extends org.apache.thrift.ProcessFunction<I, alter_sentry_role_delete_groups_args> {
+ public alter_sentry_role_delete_groups() {
+ super("alter_sentry_role_delete_groups");
+ }
+
+ public alter_sentry_role_delete_groups_args getEmptyArgsInstance() {
+ return new alter_sentry_role_delete_groups_args();
+ }
+
+ protected boolean isOneway() {
+ return false;
+ }
+
+ public alter_sentry_role_delete_groups_result getResult(I iface, alter_sentry_role_delete_groups_args args) throws org.apache.thrift.TException {
+ alter_sentry_role_delete_groups_result result = new alter_sentry_role_delete_groups_result();
+ result.success = iface.alter_sentry_role_delete_groups(args.request);
+ return result;
+ }
+ }
+
+ public static class list_sentry_roles_by_group<I extends Iface> extends org.apache.thrift.ProcessFunction<I, list_sentry_roles_by_group_args> {
+ public list_sentry_roles_by_group() {
+ super("list_sentry_roles_by_group");
+ }
+
+ public list_sentry_roles_by_group_args getEmptyArgsInstance() {
+ return new list_sentry_roles_by_group_args();
+ }
+
+ protected boolean isOneway() {
+ return false;
+ }
+
+ public list_sentry_roles_by_group_result getResult(I iface, list_sentry_roles_by_group_args args) throws org.apache.thrift.TException {
+ list_sentry_roles_by_group_result result = new list_sentry_roles_by_group_result();
+ result.success = iface.list_sentry_roles_by_group(args.request);
+ return result;
+ }
+ }
+
+ public static class list_sentry_roles_by_role_name<I extends Iface> extends org.apache.thrift.ProcessFunction<I, list_sentry_roles_by_role_name_args> {
+ public list_sentry_roles_by_role_name() {
+ super("list_sentry_roles_by_role_name");
+ }
+
+ public list_sentry_roles_by_role_name_args getEmptyArgsInstance() {
+ return new list_sentry_roles_by_role_name_args();
+ }
+
+ protected boolean isOneway() {
+ return false;
+ }
+
+ public list_sentry_roles_by_role_name_result getResult(I iface, list_sentry_roles_by_role_name_args args) throws org.apache.thrift.TException {
+ list_sentry_roles_by_role_name_result result = new list_sentry_roles_by_role_name_result();
+ result.success = iface.list_sentry_roles_by_role_name(args.request);
+ return result;
+ }
+ }
+
+ }
+
+ public static class create_sentry_role_args implements org.apache.thrift.TBase<create_sentry_role_args, create_sentry_role_args._Fields>, java.io.Serializable, Cloneable {
+ private static final org.apache.thrift.protocol.TStruct STRUCT_DESC = new org.apache.thrift.protocol.TStruct("create_sentry_role_args");
+
+ private static final org.apache.thrift.protocol.TField REQUEST_FIELD_DESC = new org.apache.thrift.protocol.TField("request", org.apache.thrift.protocol.TType.STRUCT, (short)1);
+
+ private static final Map<Class<? extends IScheme>, SchemeFactory> schemes = new HashMap<Class<? extends IScheme>, SchemeFactory>();
+ static {
+ schemes.put(StandardScheme.class, new create_sentry_role_argsStandardSchemeFactory());
+ schemes.put(TupleScheme.class, new create_sentry_role_argsTupleSchemeFactory());
+ }
+
+ private TCreateSentryRoleRequest request; // required
+
+ /** The set of fields this struct contains, along with convenience methods for finding and manipulating them. */
+ public enum _Fields implements org.apache.thrift.TFieldIdEnum {
+ REQUEST((short)1, "request");
+
+ private static final Map<String, _Fields> byName = new HashMap<String, _Fields>();
+
+ static {
+ for (_Fields field : EnumSet.allOf(_Fields.class)) {
+ byName.put(field.getFieldName(), field);
+ }
+ }
+
+ /**
+ * Find the _Fields constant that matches fieldId, or null if its not found.
+ */
+ public static _Fields findByThriftId(int fieldId) {
+ switch(fieldId) {
+ case 1: // REQUEST
+ return REQUEST;
+ default:
+ return null;
+ }
+ }
+
+ /**
+ * Find the _Fields constant that matches fieldId, throwing an exception
+ * if it is not found.
+ */
+ public static _Fields findByThriftIdOrThrow(int fieldId) {
+ _Fields fields = findByThriftId(fieldId);
+ if (fields == null) throw new IllegalArgumentException("Field " + fieldId + " doesn't exist!");
+ return fields;
+ }
+
+ /**
+ * Find the _Fields constant that matches name, or null if its not found.
+ */
+ public static _Fields findByName(String name) {
+ return byName.get(name);
+ }
+
+ private final short _thriftId;
+ private final String _fieldName;
+
+ _Fields(short thriftId, String fieldName) {
+ _thriftId = thriftId;
+ _fieldName = fieldName;
+ }
+
+ public short getThriftFieldId() {
+ return _thriftId;
+ }
+
+ public String getFieldName() {
+ return _fieldName;
+ }
+ }
+
+ // isset id assignments
+ public static final Map<_Fields, org.apache.thrift.meta_data.FieldMetaData> metaDataMap;
+ static {
+ Map<_Fields, org.apache.thrift.meta_data.FieldMetaData> tmpMap = new EnumMap<_Fields, org.apache.thrift.meta_data.FieldMetaData>(_Fields.class);
+ tmpMap.put(_Fields.REQUEST, new org.apache.thrift.meta_data.FieldMetaData("request", org.apache.thrift.TFieldRequirementType.DEFAULT,
+ new org.apache.thrift.meta_data.StructMetaData(org.apache.thrift.protocol.TType.STRUCT, TCreateSentryRoleRequest.class)));
+ metaDataMap = Collections.unmodifiableMap(tmpMap);
+ org.apache.thrift.meta_data.FieldMetaData.addStructMetaDataMap(create_sentry_role_args.class, metaDataMap);
+ }
+
+ public create_sentry_role_args() {
+ }
+
+ public create_sentry_role_args(
+ TCreateSentryRoleRequest request)
+ {
+ this();
+ this.request = request;
+ }
+
+ /**
+ * Performs a deep copy on <i>other</i>.
+ */
+ public create_sentry_role_args(create_sentry_role_args other) {
+ if (other.isSetRequest()) {
+ this.request = new TCreateSentryRoleRequest(other.request);
+ }
+ }
+
+ public create_sentry_role_args deepCopy() {
+ return new create_sentry_role_args(this);
+ }
+
+ @Override
+ public void clear() {
+ this.request = null;
+ }
+
+ public TCreateSentryRoleRequest getRequest() {
+ return this.request;
+ }
+
+ public void setRequest(TCreateSentryRoleRequest request) {
+ this.request = request;
+ }
+
+ public void unsetRequest() {
+ this.request = null;
+ }
+
+ /** Returns true if field request is set (has been assigned a value) and false otherwise */
+ public boolean isSetRequest() {
+ return this.request != null;
+ }
+
+ public void setRequestIsSet(boolean value) {
+ if (!value) {
+ this.request = null;
+ }
+ }
+
+ public void setFieldValue(_Fields field, Object value) {
+ switch (field) {
+ case REQUEST:
+ if (value == null) {
+ unsetRequest();
+ } else {
+ setRequest((TCreateSentryRoleRequest)value);
+ }
+ break;
+
+ }
+ }
+
+ public Object getFieldValue(_Fields field) {
+ switch (field) {
+ case REQUEST:
+ return getRequest();
+
+ }
+ throw new IllegalStateException();
+ }
+
+ /** Returns true if field corresponding to fieldID is set (has been assigned a value) and false otherwise */
+ public boolean isSet(_Fields field) {
+ if (field == null) {
+ throw new IllegalArgumentException();
+ }
+
+ switch (field) {
+ case REQUEST:
+ return isSetRequest();
+ }
+ throw new IllegalStateException();
+ }
+
+ @Override
+ public boolean equals(Object that) {
+ if (that == null)
+ return false;
+ if (that instanceof create_sentry_role_args)
+ return this.equals((create_sentry_role_args)that);
+ return false;
+ }
+
+ public boolean equals(create_sentry_role_args that) {
+ if (that == null)
+ return false;
+
+ boolean this_present_request = true && this.isSetRequest();
+ boolean that_present_request = true && that.isSetRequest();
+ if (this_present_request || that_present_request) {
+ if (!(this_present_request && that_present_request))
+ return false;
+ if (!this.request.equals(that.request))
+ return false;
+ }
+
+ return true;
+ }
+
+ @Override
+ public int hashCode() {
+ HashCodeBuilder builder = new HashCodeBuilder();
+
+ boolean present_request = true && (isSetRequest());
+ builder.append(present_request);
+ if (present_request)
+ builder.append(request);
+
+ return builder.toHashCode();
+ }
+
+ public int compareTo(create_sentry_role_args other) {
+ if (!getClass().equals(other.getClass())) {
+ return getClass().getName().compareTo(other.getClass().getName());
+ }
+
+ int lastComparison = 0;
+ create_sentry_role_args typedOther = (create_sentry_role_args)other;
+
+ lastComparison = Boolean.valueOf(isSetRequest()).compareTo(typedOther.isSetRequest());
+ if (lastComparison != 0) {
+ return lastComparison;
+ }
+ if (isSetRequest()) {
+ lastComparison = org.apache.thrift.TBaseHelper.compareTo(this.request, typedOther.request);
+ if (lastComparison != 0) {
+ return lastComparison;
+ }
+ }
+ return 0;
+ }
+
+ public _Fields fieldForId(int fieldId) {
+ return _Fields.findByThriftId(fieldId);
+ }
+
+ public void read(org.apache.thrift.protocol.TProtocol iprot) throws org.apache.thrift.TException {
+ schemes.get(iprot.getScheme()).getScheme().read(iprot, this);
+ }
+
+ public void write(org.apache.thrift.protocol.TProtocol oprot) throws org.apache.thrift.TException {
+ schemes.get(oprot.getScheme()).getScheme().write(oprot, this);
+ }
+
+ @Override
+ public String toString() {
+ StringBuilder sb = new StringBuilder("create_sentry_role_args(");
+ boolean first = true;
+
+ sb.append("request:");
+ if (this.request == null) {
+ sb.append("null");
+ } else {
+ sb.append(this.request);
+ }
+ first = false;
+ sb.append(")");
+ return sb.toString();
+ }
+
+ public void validate() throws org.apache.thrift.TException {
+ // check for required fields
+ // check for sub-struct validity
+ if (request != null) {
+ request.validate();
+ }
+ }
+
+ private void writeObject(java.io.ObjectOutputStream out) throws java.io.IOException {
+ try {
+ write(new org.apache.thrift.protocol.TCompactProtocol(new org.apache.thrift.transport.TIOStreamTransport(out)));
+ } catch (org.apache.thrift.TException te) {
+ throw new java.io.IOException(te);
+ }
+ }
+
+ private void readObject(java.io.ObjectInputStream in) throws java.io.IOException, ClassNotFoundException {
+ try {
+ read(new org.apache.thrift.protocol.TCompactProtocol(new org.apache.thrift.transport.TIOStreamTransport(in)));
+ } catch (org.apache.thrift.TException te) {
+ throw new java.io.IOException(te);
+ }
+ }
+
+ private static class create_sentry_role_argsStandardSchemeFactory implements SchemeFactory {
+ public create_sentry_role_argsStandardScheme getScheme() {
+ return new create_sentry_role_argsStandardScheme();
+ }
+ }
+
+ private static class create_sentry_role_argsStandardScheme extends StandardScheme<create_sentry_role_args> {
+
+ public void read(org.apache.thrift.protocol.TProtocol iprot, create_sentry_role_args struct) throws org.apache.thrift.TException {
+ org.apache.thrift.protocol.TField schemeField;
+ iprot.readStructBegin();
+ while (true)
+ {
+ schemeField = iprot.readFieldBegin();
+ if (schemeField.type == org.apache.thrift.protocol.TType.STOP) {
+ break;
+ }
+ switch (schemeField.id) {
+ case 1: // REQUEST
+ if (schemeField.type == org.apache.thrift.protocol.TType.STRUCT) {
+ struct.request = new TCreateSentryRoleRequest();
+ struct.request.read(iprot);
+ struct.setRequestIsSet(true);
+ } else {
+ org.apache.thrift.protocol.TProtocolUtil.skip(iprot, schemeField.type);
+ }
+ break;
+ default:
+ org.apache.thrift.protocol.TProtocolUtil.skip(iprot, schemeField.type);
+ }
+ iprot.readFieldEnd();
+ }
+ iprot.readStructEnd();
+ struct.validate();
+ }
+
+ public void write(org.apache.thrift.protocol.TProtocol oprot, create_sentry_role_args struct) throws org.apache.thrift.TException {
+ struct.validate();
+
+ oprot.writeStructBegin(STRUCT_DESC);
+ if (struct.request != null) {
+ oprot.writeFieldBegin(REQUEST_FIELD_DESC);
+ struct.request.write(oprot);
+ oprot.writeFieldEnd();
+ }
+ oprot.writeFieldStop();
+ oprot.writeStructEnd();
+ }
+
+ }
+
+ private static class create_sentry_role_argsTupleSchemeFactory implements SchemeFactory {
+ public create_sentry_role_argsTupleScheme getScheme() {
+ return new create_sentry_role_argsTupleScheme();
+ }
+ }
+
+ private static class create_sentry_role_argsTupleScheme extends TupleScheme<create_sentry_role_args> {
+
+ @Override
+ public void write(org.apache.thrift.protocol.TProtocol prot, create_sentry_role_args struct) throws org.apache.thrift.TException {
+ TTupleProtocol oprot = (TTupleProtocol) prot;
+ BitSet optionals = new BitSet();
+ if (struct.isSetRequest()) {
+ optionals.set(0);
+ }
+ oprot.writeBitSet(optionals, 1);
+ if (struct.isSetRequest()) {
+ struct.request.write(oprot);
+ }
+ }
+
+ @Override
+ public void read(org.apache.thrift.protocol.TProtocol prot, create_sentry_role_args struct) throws org.apache.thrift.TException {
+ TTupleProtocol iprot = (TTupleProtocol) prot;
+ BitSet incoming = iprot.readBitSet(1);
+ if (incoming.get(0)) {
+ struct.request = new TCreateSentryRoleRequest();
+ struct.request.read(iprot);
+ struct.setRequestIsSet(true);
+ }
+ }
+ }
+
+ }
+
+ public static class create_sentry_role_result implements org.apache.thrift.TBase<create_sentry_role_result, create_sentry_role_result._Fields>, java.io.Serializable, Cloneable {
+ private static final org.apache.thrift.protocol.TStruct STRUCT_DESC = new org.apache.thrift.protocol.TStruct("create_sentry_role_result");
+
+ private static final org.apache.thrift.protocol.TField SUCCESS_FIELD_DESC = new org.apache.thrift.protocol.TField("success", org.apache.thrift.protocol.TType.STRUCT, (short)0);
+
+ private static final Map<Class<? extends IScheme>, SchemeFactory> schemes = new HashMap<Class<? extends IScheme>, SchemeFactory>();
+ static {
+ schemes.put(StandardScheme.class, new create_sentry_role_resultStandardSchemeFactory());
+ schemes.put(TupleScheme.class, new create_sentry_role_resultTupleSchemeFactory());
+ }
+
+ private TCreateSentryRoleResponse success; // required
+
+ /** The set of fields this struct contains, along with convenience methods for finding and manipulating them. */
+ public enum _Fields implements org.apache.thrift.TFieldIdEnum {
+ SUCCESS((short)0, "success");
+
+ private static final Map<String, _Fields> byName = new HashMap<String, _Fields>();
+
+ static {
+ for (_Fields field : EnumSet.allOf(_Fields.class)) {
+ byName.put(field.getFieldName(), field);
+ }
+ }
+
+ /**
+ * Find the _Fields constant that matches fieldId, or null if its not found.
+ */
+ public static _Fields findByThriftId(int fieldId) {
+ switch(fieldId) {
+ case 0: // SUCCESS
+ return SUCCESS;
+ default:
+ return null;
+ }
+ }
+
+ /**
+ * Find the _Fields constant that matches fieldId, throwing an exception
+ * if it is not found.
+ */
+ public static _Fields findByThriftIdOrThrow(int fieldId) {
+ _Fields fields = findByThriftId(fieldId);
+ if (fields == null) throw new IllegalArgumentException("Field " + fieldId + " doesn't exist!");
+ return fields;
+ }
+
+ /**
+ * Find the _Fields constant that matches name, or null if its not found.
+ */
+ public static _Fields findByName(String name) {
+ return byName.get(name);
+ }
+
+ private final short _thriftId;
+ private final String _fieldName;
+
+ _Fields(short thriftId, String fieldName) {
+ _thriftId = thriftId;
+ _fieldName = fieldName;
+ }
+
+ public short getThriftFieldId() {
+ return _thriftId;
+ }
+
+ public String getFieldName() {
+ return _fieldName;
+ }
+ }
+
+ // isset id assignments
+ public static final Map<_Fields, org.apache.thrift.meta_data.FieldMetaData> metaDataMap;
+ static {
+ Map<_Fields, org.apache.thrift.meta_data.FieldMetaData> tmpMap = new EnumMap<_Fields, org.apache.thrift.meta_data.FieldMetaData>(_Fields.class);
+ tmpMap.put(_Fields.SUCCESS, new org.apache.thrift.meta_data.FieldMetaData("success", org.apache.thrift.TFieldRequirementType.DEFAULT,
+ new org.apache.thrift.meta_data.StructMetaData(org.apache.thrift.protocol.TType.STRUCT, TCreateSentryRoleResponse.class)));
+ metaDataMap = Collections.unmodifiableMap(tmpMap);
+ org.apache.thrift.meta_data.FieldMetaData.addStructMetaDataMap(create_sentry_role_result.class, metaDataMap);
+ }
+
+ public create_sentry_role_result() {
+ }
+
+ public create_sentry_role_result(
+ TCreateSentryRoleResponse success)
+ {
+ this();
+ this.success = success;
+ }
+
+ /**
+ * Performs a deep copy on <i>other</i>.
+ */
+ public create_sentry_role_result(create_sentry_role_result other) {
+ if (other.isSetSuccess()) {
+ this.success = new TCreateSentryRoleResponse(other.success);
+ }
+ }
+
+ public create_sentry_role_result deepCopy() {
+ return new create_sentry_role_result(this);
+ }
+
+ @Override
+ public void clear() {
+ this.success = null;
+ }
+
+ public TCreateSentryRoleResponse getSuccess() {
+ return this.success;
+ }
+
+ public void setSuccess(TCreateSentryRoleResponse success) {
+ this.success = success;
+ }
+
+ public void unsetSuccess() {
+ this.success = null;
+ }
+
+ /** Returns true if field success is set (has been assigned a value) and false otherwise */
+ public boolean isSetSuccess() {
+ return this.success != null;
+ }
+
+ public void setSuccessIsSet(boolean value) {
+ if (!value) {
+ this.success = null;
+ }
+ }
+
+ public void setFieldValue(_Fields field, Object value) {
+ switch (field) {
+ case SUCCESS:
+ if (value == null) {
+ unsetSuccess();
+ } else {
+ setSuccess((TCreateSentryRoleResponse)value);
+ }
+ break;
+
+ }
+ }
+
+ public Object getFieldValue(_Fields field) {
+ switch (field) {
+ case SUCCESS:
+ return getSuccess();
+
+ }
+ throw new IllegalStateException();
+ }
+
+ /** Returns true if field corresponding to fieldID is set (has been assigned a value) and false otherwise */
+ public boolean isSet(_Fields field) {
+ if (field == null) {
+ throw new IllegalArgumentException();
+ }
+
+ switch (field) {
+ case SUCCESS:
+ return isSetSuccess();
+ }
+ throw new IllegalStateException();
+ }
+
+ @Override
+ public boolean equals(Object that) {
+ if (that == null)
+ return false;
+ if (that instanceof create_sentry_role_result)
+ return this.equals((create_sentry_role_result)that);
+ return false;
+ }
+
+ public boolean equals(create_sentry_role_result that) {
+ if (that == null)
+ return false;
+
+ boolean this_present_success = true && this.isSetSuccess();
+ boolean that_present_success = true && that.isSetSuccess();
+ if (this_present_success || that_present_success) {
+ if (!(this_present_success && that_present_success))
+ return false;
+ if (!this.success.equals(that.success))
+ return false;
+ }
+
+ return true;
+ }
+
+ @Override
+ public int hashCode() {
+ HashCodeBuilder builder = new HashCodeBuilder();
+
+ boolean present_success = true && (isSetSuccess());
+ builder.append(present_success);
+ if (present_success)
+ builder.append(success);
+
+ return builder.toHashCode();
+ }
+
+ public int compareTo(create_sentry_role_result other) {
+ if (!getClass().equals(other.getClass())) {
+ return getClass().getName().compareTo(other.getClass().getName());
+ }
+
+ int lastComparison = 0;
+ create_sentry_role_result typedOther = (create_sentry_role_result)other;
+
+ lastComparison = Boolean.valueOf(isSetSuccess()).compareTo(typedOther.isSetSuccess());
+ if (lastComparison != 0) {
+ return lastComparison;
+ }
+ if (isSetSuccess()) {
+ lastComparison = org.apache.thrift.TBaseHelper.compareTo(this.success, typedOther.success);
+ if (lastComparison != 0) {
+ return lastComparison;
+ }
+ }
+ return 0;
+ }
+
+ public _Fields fieldForId(int fieldId) {
+ return _Fields.findByThriftId(fieldId);
+ }
+
+ public void read(org.apache.thrift.protocol.TProtocol iprot) throws org.apache.thrift.TException {
+ schemes.get(iprot.getScheme()).getScheme().read(iprot, this);
+ }
+
+ public void write(org.apache.thrift.protocol.TProtocol oprot) throws org.apache.thrift.TException {
+ schemes.get(oprot.getScheme()).getScheme().write(oprot, this);
+ }
+
+ @Override
+ public String toString() {
+ StringBuilder sb = new StringBuilder("create_sentry_role_result(");
+ boolean first = true;
+
+ sb.append("success:");
+ if (this.success == null) {
+ sb.append("null");
+ } else {
+ sb.append(this.success);
+ }
+ first = false;
+ sb.append(")");
+ return sb.toString();
+ }
+
+ public void validate() throws org.apache.thrift.TException {
+ // check for required fields
+ // check for sub-struct validity
+ if (success != null) {
+ success.validate();
+ }
+ }
+
+ private void writeObject(java.io.ObjectOutputStream out) throws java.io.IOException {
+ try {
+ write(new org.apache.thrift.protocol.TCompactProtocol(new org.apache.thrift.transport.TIOStreamTransport(out)));
+ } catch (org.apache.thrift.TException te) {
+ throw new java.io.IOException(te);
+ }
+ }
+
+ private void readObject(java.io.ObjectInputStream in) throws java.io.IOException, ClassNotFoundException {
+ try {
+ read(new org.apache.thrift.protocol.TCompactProtocol(new org.apache.thrift.transport.TIOStreamTransport(in)));
+ } catch (org.apache.thrift.TException te) {
+ throw new java.io.IOException(te);
+ }
+ }
+
+ private static class create_sentry_role_resultStandardSchemeFactory implements SchemeFactory {
+ public create_sentry_role_resultStandardScheme getScheme() {
+ return new create_sentry_role_resultStandardScheme();
+ }
+ }
+
+ private static class create_sentry_role_resultStandardScheme extends StandardScheme<create_sentry_role_result> {
+
+ public void read(org.apache.thrift.protocol.TProtocol iprot, create_sentry_role_result struct) throws org.apache.thrift.TException {
+ org.apache.thrift.protocol.TField schemeField;
+ iprot.readStructBegin();
+ while (true)
+ {
+ schemeField = iprot.readFieldBegin();
+ if (schemeField.type == org.apache.thrift.protocol.TType.STOP) {
+ break;
+ }
+ switch (schemeField.id) {
+ case 0: // SUCCESS
+ if (schemeField.type == org.apache.thrift.protocol.TType.STRUCT) {
+ struct.success = new TCreateSentryRoleResponse();
+ struct.success.read(iprot);
+ struct.setSuccessIsSet(true);
+ } else {
+ org.apache.thrift.protocol.TProtocolUtil.skip(iprot, schemeField.type);
+ }
+ break;
+ default:
+ org.apache.thrift.protocol.TProtocolUtil.skip(iprot, schemeField.type);
+ }
+ iprot.readFieldEnd();
+ }
+ iprot.readStructEnd();
+ struct.validate();
+ }
+
+ public void write(org.apache.thrift.protocol.TProtocol oprot, create_sentry_role_result struct) throws org.apache.thrift.TException {
+ struct.validate();
+
+ oprot.writeStructBegin(STRUCT_DESC);
+ if (struct.success != null) {
+ oprot.writeFieldBegin(SUCCESS_FIELD_DESC);
+ struct.success.write(oprot);
+ oprot.writeFieldEnd();
+ }
+ oprot.writeFieldStop();
+ oprot.writeStructEnd();
+ }
+
+ }
+
+ private static class create_sentry_role_resultTupleSchemeFactory implements SchemeFactory {
+ public create_sentry_role_resultTupleScheme getScheme() {
+ return new create_sentry_role_resultTupleScheme();
+ }
+ }
+
+ private static class create_sentry_role_resultTupleScheme extends TupleScheme<create_sentry_role_result> {
+
+ @Override
+ public void write(org.apache.thrift.protocol.TProtocol prot, create_sentry_role_result struct) throws org.apache.thrift.TException {
+ TTupleProtocol oprot = (TTupleProtocol) prot;
+ BitSet optionals = new BitSet();
+ if (struct.isSetSuccess()) {
+ optionals.set(0);
+ }
+ oprot.writeBitSet(optionals, 1);
+ if (struct.isSetSuccess()) {
+ struct.success.write(oprot);
+ }
+ }
+
+ @Override
+ public void read(org.apache.thrift.protocol.TProtocol prot, create_sentry_role_result struct) throws org.apache.thrift.TException {
+ TTupleProtocol iprot = (TTupleProtocol) prot;
+ BitSet incoming = iprot.readBitSet(1);
+ if (incoming.get(0)) {
+ struct.success = new TCreateSentryRoleResponse();
+ struct.success.read(iprot);
+ struct.setSuccessIsSet(true);
+ }
+ }
+ }
+
+ }
+
+ public static class drop_sentry_role_args implements org.apache.thrift.TBase<drop_sentry_role_args, drop_sentry_role_args._Fields>, java.io.Serializable, Cloneable {
+ private static final org.apache.thrift.protocol.TStruct STRUCT_DESC = new org.apache.thrift.protocol.TStruct("drop_sentry_role_args");
+
+ private static final org.apache.thrift.protocol.TField REQUEST_FIELD_DESC = new org.apache.thrift.protocol.TField("request", org.apache.thrift.protocol.TType.STRUCT, (short)1);
+
+ private static final Map<Class<? extends IScheme>, SchemeFactory> schemes = new HashMap<Class<? extends IScheme>, SchemeFactory>();
+ static {
+ schemes.put(StandardScheme.class, new drop_sentry_role_argsStandardSchemeFactory());
+ schemes.put(TupleScheme.class, new drop_sentry_role_argsTupleSchemeFactory());
+ }
+
+ private TDropSentryRoleRequest request; // required
+
+ /** The set of fields this struct contains, along with convenience methods for finding and manipulating them. */
+ public enum _Fields implements org.apache.thrift.TFieldIdEnum {
+ REQUEST((short)1, "request");
+
+ private static final Map<String, _Fields> byName = new HashMap<String, _Fields>();
+
+ static {
+ for (_Fields field : EnumSet.allOf(_Fields.class)) {
+ byName.put(field.getFieldName(), field);
+ }
+ }
+
+ /**
+ * Find the _Fields constant that matches fieldId, or null if its not found.
+ */
+ public static _Fields findByThriftId(int fieldId) {
+ switch(fieldId) {
+ case 1: // REQUEST
+ return REQUEST;
+ default:
+ return null;
+ }
+ }
+
+ /**
+ * Find the _Fields constant that matches fieldId, throwing an exception
+ * if it is not found.
+ */
+ public static _Fields findByThriftIdOrThrow(int fieldId) {
+ _Fields fields = findByThriftId(fieldId);
+ if (fields == null) throw new IllegalArgumentException("Field " + fieldId + " doesn't exist!");
+ return fields;
+ }
+
+ /**
+ * Find the _Fields constant that matches name, or null if its not found.
+ */
+ public static _Fields findByName(String name) {
+ return byName.get(name);
+ }
+
+ private final short _thriftId;
+ private final String _fieldName;
+
+ _Fields(short thriftId, String fieldName) {
+ _thriftId = thriftId;
+ _fieldName = fieldName;
+ }
+
+ public short getThriftFieldId() {
+ return _thriftId;
+ }
+
+ public String getFieldName() {
+ return _fieldName;
+ }
+ }
+
+ // isset id assignments
+ public static final Map<_Fields, org.apache.thrift.meta_data.FieldMetaData> metaDataMap;
+ static {
+ Map<_Fields, org.apache.thrift.meta_data.FieldMetaData> tmpMap = new EnumMap<_Fields, org.apache.thrift.meta_data.FieldMetaData>(_Fields.class);
+ tmpMap.put(_Fields.REQUEST, new org.apache.thrift.meta_data.FieldMetaData("request", org.apache.thrift.TFieldRequirementType.DEFAULT,
+ new org.apache.thrift.meta_data.StructMetaData(org.apache.thrift.protocol.TType.STRUCT, TDropSentryRoleRequest.class)));
+ metaDataMap = Collections.unmodifiableMap(tmpMap);
+ org.apache.thrift.meta_data.FieldMetaData.addStructMetaDataMap(drop_sentry_role_args.class, metaDataMap);
+ }
+
+ public drop_sentry_role_args() {
+ }
+
+ public drop_sentry_role_args(
+ TDropSentryRoleRequest request)
+ {
+ this();
+ this.request = request;
+ }
+
+ /**
+ * Performs a deep copy on <i>other</i>.
+ */
+ public drop_sentry_role_args(drop_sentry_role_args other) {
+ if (other.isSetRequest()) {
+ this.request = new TDropSentryRoleRequest(other.request);
+ }
+ }
+
+ public drop_sentry_role_args deepCopy() {
+ return new drop_sentry_role_args(this);
+ }
+
+ @Override
+ public void clear() {
+ this.request = null;
+ }
+
+ public TDropSentryRoleRequest getRequest() {
+ return this.request;
+ }
+
+ public void setRequest(TDropSentryRoleRequest request) {
+ this.request = request;
+ }
+
+ public void unsetRequest() {
+ this.request = null;
+ }
+
+ /** Returns true if field request is set (has been assigned a value) and false otherwise */
+ public boolean isSetRequest() {
+ return this.request != null;
+ }
+
+ public void setRequestIsSet(boolean value) {
+ if (!value) {
+ this.request = null;
+ }
+ }
+
+ public void setFieldValue(_Fields field, Object value) {
+ switch (field) {
+ case REQUEST:
+ if (value == null) {
+ unsetRequest();
+ } else {
+ setRequest((TDropSentryRoleRequest)value);
+ }
+ break;
+
+ }
+ }
+
+ public Object getFieldValue(_Fields field) {
+ switch (field) {
+ case REQUEST:
+ return getRequest();
+
+ }
+ throw new IllegalStateException();
+ }
+
+ /** Returns true if field corresponding to fieldID is set (has been assigned a value) and false otherwise */
+ public boolean isSet(_Fields field) {
+ if (field == null) {
+ throw new IllegalArgumentException();
+ }
+
+ switch (field) {
+ case REQUEST:
+ return isSetRequest();
+ }
+ throw new IllegalStateException();
+ }
+
+ @Override
+ public boolean equals(Object that) {
+ if (that == null)
+ return false;
+ if (that instanceof drop_sentry_role_args)
+ return this.equals((drop_sentry_role_args)that);
+ return false;
+ }
+
+ public boolean equals(drop_sentry_role_args that) {
+ if (that == null)
+ return false;
+
+ boolean this_present_request = true && this.isSetRequest();
+ boolean that_present_request = true && that.isSetRequest();
+ if (this_present_request || that_present_request) {
+ if (!(this_present_request && that_present_request))
+ return false;
+ if (!this.request.equals(that.request))
+ return false;
+ }
+
+ return true;
+ }
+
+ @Override
+ public int hashCode() {
+ HashCodeBuilder builder = new HashCodeBuilder();
+
+ boolean present_request = true && (isSetRequest());
+ builder.append(present_request);
+ if (present_request)
+ builder.append(request);
+
+ return builder.toHashCode();
+ }
+
+ public int compareTo(drop_sentry_role_args other) {
+ if (!getClass().equals(other.getClass())) {
+ return getClass().getName().compareTo(other.getClass().getName());
+ }
+
+ int lastComparison = 0;
+ drop_sentry_role_args typedOther = (drop_sentry_role_args)other;
+
+ lastComparison = Boolean.valueOf(isSetRequest()).compareTo(typedOther.isSetRequest());
+ if (lastComparison != 0) {
+ return lastComparison;
+ }
+ if (isSetRequest()) {
+ lastComparison = org.apache.thrift.TBaseHelper.compareTo(this.request, typedOther.request);
+ if (lastComparison != 0) {
+ return lastComparison;
+ }
+ }
+ return 0;
+ }
+
+ public _Fields fieldForId(int fieldId) {
+ return _Fields.findByThriftId(fieldId);
+ }
+
+ public void read(org.apache.thrift.protocol.TProtocol iprot) throws org.apache.thrift.TException {
+ schemes.get(iprot.getScheme()).getScheme().read(iprot, this);
+ }
+
+ public void write(org.apache.thrift.protocol.TProtocol oprot) throws org.apache.thrift.TException {
+ schemes.get(oprot.getScheme()).getScheme().write(oprot, this);
+ }
+
+ @Override
+ public String toString() {
+ StringBuilder sb = new StringBuilder("drop_sentry_role_args(");
+ boolean first = true;
+
+ sb.append("request:");
+ if (this.request == null) {
+ sb.append("null");
+ } else {
+ sb.append(this.request);
+ }
+ first = false;
+ sb.append(")");
+ return sb.toString();
+ }
+
+ public void validate() throws org.apache.thrift.TException {
+ // check for required fields
+ // check for sub-struct validity
+ if (request != null) {
+ request.validate();
+ }
+ }
+
+ private void writeObject(java.io.ObjectOutputStream out) throws java.io.IOException {
+ try {
+ write(new org.apache.thrift.protocol.TCompactProtocol(new org.apache.thrift.transport.TIOStreamTransport(out)));
+ } catch (org.apache.thrift.TException te) {
+ throw new java.io.IOException(te);
+ }
+ }
+
+ private void readObject(java.io.ObjectInputStream in) throws java.io.IOException, ClassNotFoundException {
+ try {
+ read(new org.apache.thrift.protocol.TCompactProtocol(new org.apache.thrift.transport.TIOStreamTransport(in)));
+ } catch (org.apache.thrift.TException te) {
+ throw new java.io.IOException(te);
+ }
+ }
+
+ private static class drop_sentry_role_argsStandardSchemeFactory implements SchemeFactory {
+ public drop_sentry_role_argsStandardScheme getScheme() {
+ return new drop_sentry_role_argsStandardScheme();
+ }
+ }
+
+ private static class drop_sentry_role_argsStandardScheme extends StandardScheme<drop_sentry_role_args> {
+
+ public void read(org.apache.thrift.protocol.TProtocol iprot, drop_sentry_role_args struct) throws org.apache.thrift.TException {
+ org.apache.thrift.protocol.TField schemeField;
+ iprot.readStructBegin();
+ while (true)
+ {
+ schemeField = iprot.readFieldBegin();
+ if (schemeField.type == org.apache.thrift.protocol.TType.STOP) {
+ break;
+ }
+ switch (schemeField.id) {
+ case 1: // REQUEST
+ if (schemeField.type == org.apache.thrift.protocol.TType.STRUCT) {
+ struct.request = new TDropSentryRoleRequest();
+ struct.request.read(iprot);
+ struct.setRequestIsSet(true);
+ } else {
+ org.apache.thrift.protocol.TProtocolUtil.skip(iprot, schemeField.type);
+ }
+ break;
+ default:
+ org.apache.thrift.protocol.TProtocolUtil.skip(iprot, schemeField.type);
+ }
+ iprot.readFieldEnd();
+ }
+ iprot.readStructEnd();
+ struct.validate();
+ }
+
+ public void write(org.apache.thrift.protocol.TProtocol oprot, drop_sentry_role_args struct) throws org.apache.thrift.TException {
+ struct.validate();
+
+ oprot.writeStructBegin(STRUCT_DESC);
+ if (struct.request != null) {
+ oprot.writeFieldBegin(REQUEST_FIELD_DESC);
+ struct.request.write(oprot);
+ oprot.writeFieldEnd();
+ }
+ oprot.writeFieldStop();
+ oprot.writeStructEnd();
+ }
+
+ }
+
+ private static class drop_sentry_role_argsTupleSchemeFactory implements SchemeFactory {
+ public drop_sentry_role_argsTupleScheme getScheme() {
+ return new drop_sentry_role_argsTupleScheme();
+ }
+ }
+
+ private static class drop_sentry_role_argsTupleScheme extends TupleScheme<drop_sentry_role_args> {
+
+ @Override
+ public void write(org.apache.thrift.protocol.TProtocol prot, drop_sentry_role_args struct) throws org.apache.thrift.TException {
+ TTupleProtocol oprot = (TTupleProtocol) prot;
+ BitSet optionals = new BitSet();
+ if (struct.isSetRequest()) {
+ optionals.set(0);
+ }
+ oprot.writeBitSet(optionals, 1);
+ if (struct.isSetRequest()) {
+ struct.request.write(oprot);
+ }
+ }
+
+ @Override
+ public void read(org.apache.thrift.protocol.TProtocol prot, drop_sentry_role_args struct) throws org.apache.thrift.TException {
+ TTupleProtocol iprot = (TTupleProtocol) prot;
+ BitSet incoming = iprot.readBitSet(1);
+ if (incoming.get(0)) {
+ struct.request = new TDropSentryRoleRequest();
+ struct.request.read(iprot);
+ struct.setRequestIsSet(true);
+ }
+ }
+ }
+
+ }
+
+ public static class drop_sentry_role_result implements org.apache.thrift.TBase<drop_sentry_role_result, drop_sentry_role_result._Fields>, java.io.Serializable, Cloneable {
+ private static final org.apache.thrift.protocol.TStruct STRUCT_DESC = new org.apache.thrift.protocol.TStruct("drop_sentry_role_result");
+
+ private static final org.apache.thrift.protocol.TField SUCCESS_FIELD_DESC = new org.apache.thrift.protocol.TField("success", org.apache.thrift.protocol.TType.STRUCT, (short)0);
+
+ private static final Map<Class<? extends IScheme>, SchemeFactory> schemes = new HashMap<Class<? extends IScheme>, SchemeFactory>();
+ static {
+ schemes.put(StandardScheme.class, new drop_sentry_role_resultStandardSchemeFactory());
+ schemes.put(TupleScheme.class, new drop_sentry_role_resultTupleSchemeFactory());
+ }
+
+ private TDropSentryRoleResponse success; // required
+
+ /** The set of fields this struct contains, along with convenience methods for finding and manipulating them. */
+ public enum _Fields implements org.apache.thrift.TFieldIdEnum {
+ SUCCESS((short)0, "success");
+
+ private static final Map<String, _Fields> byName = new HashMap<String, _Fields>();
+
+ static {
+ for (_Fields field : EnumSet.allOf(_Fields.class)) {
+ byName.put(field.getFieldName(), field);
+ }
+ }
+
+ /**
+ * Find the _Fields constant that matches fieldId, or null if its not found.
+ */
+ public static _Fields findByThriftId(int fieldId) {
+ switch(fieldId) {
+ case 0: // SUCCESS
+ return SUCCESS;
+ default:
+ return null;
+ }
+ }
+
+ /**
+ * Find the _Fields constant that matches fieldId, throwing an exception
+ * if it is not found.
+ */
+ public static _Fields findByThriftIdOrThrow(int fieldId) {
+ _Fields fields = findByThriftId(fieldId);
+ if (fields == null) throw new IllegalArgumentException("Field " + fieldId + " doesn't exist!");
+ return fields;
+ }
+
+ /**
+ * Find the _Fields constant that matches name, or null if its not found.
+ */
+ public static _Fields findByName(String name) {
+ return byName.get(name);
+ }
+
+ private final short _thriftId;
+ private final String _fieldName;
+
+ _Fields(short thriftId, String fieldName) {
+ _thriftId = thriftId;
+ _fieldName = fieldName;
+ }
+
+ public short getThriftFieldId() {
+ return _thriftId;
+ }
+
+ public String getFieldName() {
+ return _fieldName;
+ }
+ }
+
+ // isset id assignments
+ public static final Map<_Fields, org.apache.thrift.meta_data.FieldMetaData> metaDataMap;
+ static {
+ Map<_Fields, org.apache.thrift.meta_data.FieldMetaData> tmpMap = new EnumMap<_Fields, org.apache.thrift.meta_data.FieldMetaData>(_Fields.class);
+ tmpMap.put(_Fields.SUCCESS, new org.apache.thrift.meta_data.FieldMetaData("success", org.apache.thrift.TFieldRequirementType.DEFAULT,
+ new org.apache.thrift.meta_data.StructMetaData(org.apache.thrift.protocol.TType.STRUCT, TDropSentryRoleResponse.class)));
+ metaDataMap = Collections.unmodifiableMap(tmpMap);
+ org.apache.thrift.meta_data.FieldMetaData.addStructMetaDataMap(drop_sentry_role_result.class, metaDataMap);
+ }
+
+ public drop_sentry_role_result() {
+ }
+
+ public drop_sentry_role_result(
+ TDropSentryRoleResponse success)
+ {
+ this();
+ this.success = success;
+ }
+
+ /**
+ * Performs a deep copy on <i>other</i>.
+ */
+ public drop_sentry_role_result(drop_sentry_role_result other) {
+ if (other.isSetSuccess()) {
+ this.success = new TDropSentryRoleResponse(other.success);
+ }
+ }
+
+ public drop_sentry_role_result deepCopy() {
+ return new drop_sentry_role_result(this);
+ }
+
+ @Override
+ public void clear() {
+ this.success = null;
+ }
+
+ public TDropSentryRoleResponse getSuccess() {
+ return this.success;
+ }
+
+ public void setSuccess(TDropSentryRoleResponse success) {
+ this.success = success;
+ }
+
+ public void unsetSuccess() {
+ this.success = null;
+ }
+
+ /** Returns true if field success is set (has been assigned a value) and false otherwise */
+ public boolean isSetSuccess() {
+ return this.success != null;
+ }
+
+ public void setSuccessIsSet(boolean value) {
+ if (!value) {
+ this.success = null;
+ }
+ }
+
+ public void setFieldValue(_Fields field, Object value) {
+ switch (field) {
+ case SUCCESS:
+ if (value == null) {
+ unsetSuccess();
+ } else {
+ setSuccess((TDropSentryRoleResponse)value);
+ }
+ break;
+
+ }
+ }
+
+ public Object getFieldValue(_Fields field) {
+ switch (field) {
+ case SUCCESS:
+ return getSuccess();
+
+ }
+ throw new IllegalStateException();
+ }
+
+ /** Returns true if field corresponding to fieldID is set (has been assigned a value) and false otherwise */
+ public boolean isSet(_Fields field) {
+ if (field == null) {
+ throw new IllegalArgumentException();
+ }
+
+ switch (field) {
+ case SUCCESS:
+ return isSetSuccess();
+ }
+ throw new IllegalStateException();
+ }
+
+ @Override
+ public boolean equals(Object that) {
+ if (that == null)
+ return false;
+ if (that instanceof drop_sentry_role_result)
+ return this.equals((drop_sentry_role_result)that);
+ return false;
+ }
+
+ public boolean equals(drop_sentry_role_result that) {
+ if (that == null)
+ return false;
+
+ boolean this_present_success = true && this.isSetSuccess();
+ boolean that_present_success = true && that.isSetSuccess();
+ if (this_present_success || that_present_success) {
+ if (!(this_present_success && that_present_success))
+ return false;
+ if (!this.success.equals(that.success))
+ return false;
+ }
+
+ return true;
+ }
+
+ @Override
+ public int hashCode() {
+ HashCodeBuilder builder = new HashCodeBuilder();
+
+ boolean present_success = true && (isSetSuccess());
+ builder.append(present_success);
+ if (present_success)
+ builder.append(success);
+
+ return builder.toHashCode();
+ }
+
+ public int compareTo(drop_sentry_role_result other) {
+ if (!getClass().equals(other.getClass())) {
+ return getClass().getName().compareTo(other.getClass().getName());
+ }
+
+ int lastComparison = 0;
+ drop_sentry_role_result typedOther = (drop_sentry_role_result)other;
+
+ lastComparison = Boolean.valueOf(isSetSuccess()).compareTo(typedOther.isSetSuccess());
+ if (lastComparison != 0) {
+ return lastComparison;
+ }
+ if (isSetSuccess()) {
+ lastComparison = org.apache.thrift.TBaseHelper.compareTo(this.success, typedOther.success);
+ if (lastComparison != 0) {
+ return lastComparison;
+ }
+ }
+ return 0;
+ }
+
+ public _Fields fieldForId(int fieldId) {
+ return _Fields.findByThriftId(fieldId);
+ }
+
+ public void read(org.apache.thrift.protocol.TProtocol iprot) throws org.apache.thrift.TException {
+ schemes.get(iprot.getScheme()).getScheme().read(iprot, this);
+ }
+
+ public void write(org.apache.thrift.protocol.TProtocol oprot) throws org.apache.thrift.TException {
+ schemes.get(oprot.getScheme()).getScheme().write(oprot, this);
+ }
+
+ @Override
+ public String toString() {
+ StringBuilder sb = new StringBuilder("drop_sentry_role_result(");
+ boolean first = true;
+
+ sb.append("success:");
+ if (this.success == null) {
+ sb.append("null");
+ } else {
+ sb.append(this.success);
+ }
+ first = false;
+ sb.append(")");
+ return sb.toString();
+ }
+
+ public void validate() throws org.apache.thrift.TException {
+ // check for required fields
+ // check for sub-struct validity
+ if (success != null) {
+ success.validate();
+ }
+ }
+
+ private void writeObject(java.io.ObjectOutputStream out) throws java.io.IOException {
+ try {
+ write(new org.apache.thrift.protocol.TCompactProtocol(new org.apache.thrift.transport.TIOStreamTransport(out)));
+ } catch (org.apache.thrift.TException te) {
+ throw new java.io.IOException(te);
+ }
+ }
+
+ private void readObject(java.io.ObjectInputStream in) throws java.io.IOException, ClassNotFoundException {
+ try {
+ read(new org.apache.thrift.protocol.TCompactProtocol(new org.apache.thrift.transport.TIOStreamTransport(in)));
+ } catch (org.apache.thrift.TException te) {
+ throw new java.io.IOException(te);
+ }
+ }
+
+ private static class drop_sentry_role_resultStandardSchemeFactory implements SchemeFactory {
+ public drop_sentry_role_resultStandardScheme getScheme() {
+ return new drop_sentry_role_resultStandardScheme();
+ }
+ }
+
+ private static class drop_sentry_role_resultStandardScheme extends StandardScheme<drop_sentry_role_result> {
+
+ public void read(org.apache.thrift.protocol.TProtocol iprot, drop_sentry_role_result struct) throws org.apache.thrift.TException {
+ org.apache.thrift.protocol.TField schemeField;
+ iprot.readStructBegin();
+ while (true)
+ {
+ schemeField = iprot.readFieldBegin();
+ if (schemeField.type == org.apache.thrift.protocol.TType.STOP) {
+ break;
+ }
+ switch (schemeField.id) {
+ case 0: // SUCCESS
+ if (schemeField.type == org.apache.thrift.protocol.TType.STRUCT) {
+ struct.success = new TDropSentryRoleResponse();
+ struct.success.read(iprot);
+ struct.setSuccessIsSet(true);
+ } else {
+ org.apache.thrift.protocol.TProtocolUtil.skip(iprot, schemeField.type);
+ }
+ break;
+ default:
+ org.apache.thrift.protocol.TProtocolUtil.skip(iprot, schemeField.type);
+ }
+ iprot.readFieldEnd();
+ }
+ iprot.readStructEnd();
+ struct.validate();
+ }
+
+ public void write(org.apache.thrift.protocol.TProtocol oprot, drop_sentry_role_result struct) throws org.apache.thrift.TException {
+ struct.validate();
+
+ oprot.writeStructBegin(STRUCT_DESC);
+ if (struct.success != null) {
+ oprot.writeFieldBegin(SUCCESS_FIELD_DESC);
+ struct.success.write(oprot);
+ oprot.writeFieldEnd();
+ }
+ oprot.writeFieldStop();
+ oprot.writeStructEnd();
+ }
+
+ }
+
+ private static class drop_sentry_role_resultTupleSchemeFactory implements SchemeFactory {
+ public drop_sentry_role_resultTupleScheme getScheme() {
+
<TRUNCATED>
[05/13] SENTRY-143: Merge db_policy_store branch into master (Brock
Noland via Shreepadma Venugopalan)
Posted by sh...@apache.org.
http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/644e8be3/sentry-provider/sentry-provider-db/src/gen/thrift/gen-javabean/org/apache/sentry/provider/db/service/thrift/TDropSentryRoleResponse.java
----------------------------------------------------------------------
diff --git a/sentry-provider/sentry-provider-db/src/gen/thrift/gen-javabean/org/apache/sentry/provider/db/service/thrift/TDropSentryRoleResponse.java b/sentry-provider/sentry-provider-db/src/gen/thrift/gen-javabean/org/apache/sentry/provider/db/service/thrift/TDropSentryRoleResponse.java
new file mode 100644
index 0000000..efcf96d
--- /dev/null
+++ b/sentry-provider/sentry-provider-db/src/gen/thrift/gen-javabean/org/apache/sentry/provider/db/service/thrift/TDropSentryRoleResponse.java
@@ -0,0 +1,390 @@
+/**
+ * Autogenerated by Thrift Compiler (0.9.0)
+ *
+ * DO NOT EDIT UNLESS YOU ARE SURE THAT YOU KNOW WHAT YOU ARE DOING
+ * @generated
+ */
+package org.apache.sentry.provider.db.service.thrift;
+
+import org.apache.commons.lang.builder.HashCodeBuilder;
+import org.apache.thrift.scheme.IScheme;
+import org.apache.thrift.scheme.SchemeFactory;
+import org.apache.thrift.scheme.StandardScheme;
+
+import org.apache.thrift.scheme.TupleScheme;
+import org.apache.thrift.protocol.TTupleProtocol;
+import org.apache.thrift.protocol.TProtocolException;
+import org.apache.thrift.EncodingUtils;
+import org.apache.thrift.TException;
+import java.util.List;
+import java.util.ArrayList;
+import java.util.Map;
+import java.util.HashMap;
+import java.util.EnumMap;
+import java.util.Set;
+import java.util.HashSet;
+import java.util.EnumSet;
+import java.util.Collections;
+import java.util.BitSet;
+import java.nio.ByteBuffer;
+import java.util.Arrays;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+public class TDropSentryRoleResponse implements org.apache.thrift.TBase<TDropSentryRoleResponse, TDropSentryRoleResponse._Fields>, java.io.Serializable, Cloneable {
+ private static final org.apache.thrift.protocol.TStruct STRUCT_DESC = new org.apache.thrift.protocol.TStruct("TDropSentryRoleResponse");
+
+ private static final org.apache.thrift.protocol.TField STATUS_FIELD_DESC = new org.apache.thrift.protocol.TField("status", org.apache.thrift.protocol.TType.STRUCT, (short)1);
+
+ private static final Map<Class<? extends IScheme>, SchemeFactory> schemes = new HashMap<Class<? extends IScheme>, SchemeFactory>();
+ static {
+ schemes.put(StandardScheme.class, new TDropSentryRoleResponseStandardSchemeFactory());
+ schemes.put(TupleScheme.class, new TDropSentryRoleResponseTupleSchemeFactory());
+ }
+
+ private org.apache.sentry.service.thrift.TSentryResponseStatus status; // required
+
+ /** The set of fields this struct contains, along with convenience methods for finding and manipulating them. */
+ public enum _Fields implements org.apache.thrift.TFieldIdEnum {
+ STATUS((short)1, "status");
+
+ private static final Map<String, _Fields> byName = new HashMap<String, _Fields>();
+
+ static {
+ for (_Fields field : EnumSet.allOf(_Fields.class)) {
+ byName.put(field.getFieldName(), field);
+ }
+ }
+
+ /**
+ * Find the _Fields constant that matches fieldId, or null if its not found.
+ */
+ public static _Fields findByThriftId(int fieldId) {
+ switch(fieldId) {
+ case 1: // STATUS
+ return STATUS;
+ default:
+ return null;
+ }
+ }
+
+ /**
+ * Find the _Fields constant that matches fieldId, throwing an exception
+ * if it is not found.
+ */
+ public static _Fields findByThriftIdOrThrow(int fieldId) {
+ _Fields fields = findByThriftId(fieldId);
+ if (fields == null) throw new IllegalArgumentException("Field " + fieldId + " doesn't exist!");
+ return fields;
+ }
+
+ /**
+ * Find the _Fields constant that matches name, or null if its not found.
+ */
+ public static _Fields findByName(String name) {
+ return byName.get(name);
+ }
+
+ private final short _thriftId;
+ private final String _fieldName;
+
+ _Fields(short thriftId, String fieldName) {
+ _thriftId = thriftId;
+ _fieldName = fieldName;
+ }
+
+ public short getThriftFieldId() {
+ return _thriftId;
+ }
+
+ public String getFieldName() {
+ return _fieldName;
+ }
+ }
+
+ // isset id assignments
+ public static final Map<_Fields, org.apache.thrift.meta_data.FieldMetaData> metaDataMap;
+ static {
+ Map<_Fields, org.apache.thrift.meta_data.FieldMetaData> tmpMap = new EnumMap<_Fields, org.apache.thrift.meta_data.FieldMetaData>(_Fields.class);
+ tmpMap.put(_Fields.STATUS, new org.apache.thrift.meta_data.FieldMetaData("status", org.apache.thrift.TFieldRequirementType.REQUIRED,
+ new org.apache.thrift.meta_data.StructMetaData(org.apache.thrift.protocol.TType.STRUCT, org.apache.sentry.service.thrift.TSentryResponseStatus.class)));
+ metaDataMap = Collections.unmodifiableMap(tmpMap);
+ org.apache.thrift.meta_data.FieldMetaData.addStructMetaDataMap(TDropSentryRoleResponse.class, metaDataMap);
+ }
+
+ public TDropSentryRoleResponse() {
+ }
+
+ public TDropSentryRoleResponse(
+ org.apache.sentry.service.thrift.TSentryResponseStatus status)
+ {
+ this();
+ this.status = status;
+ }
+
+ /**
+ * Performs a deep copy on <i>other</i>.
+ */
+ public TDropSentryRoleResponse(TDropSentryRoleResponse other) {
+ if (other.isSetStatus()) {
+ this.status = new org.apache.sentry.service.thrift.TSentryResponseStatus(other.status);
+ }
+ }
+
+ public TDropSentryRoleResponse deepCopy() {
+ return new TDropSentryRoleResponse(this);
+ }
+
+ @Override
+ public void clear() {
+ this.status = null;
+ }
+
+ public org.apache.sentry.service.thrift.TSentryResponseStatus getStatus() {
+ return this.status;
+ }
+
+ public void setStatus(org.apache.sentry.service.thrift.TSentryResponseStatus status) {
+ this.status = status;
+ }
+
+ public void unsetStatus() {
+ this.status = null;
+ }
+
+ /** Returns true if field status is set (has been assigned a value) and false otherwise */
+ public boolean isSetStatus() {
+ return this.status != null;
+ }
+
+ public void setStatusIsSet(boolean value) {
+ if (!value) {
+ this.status = null;
+ }
+ }
+
+ public void setFieldValue(_Fields field, Object value) {
+ switch (field) {
+ case STATUS:
+ if (value == null) {
+ unsetStatus();
+ } else {
+ setStatus((org.apache.sentry.service.thrift.TSentryResponseStatus)value);
+ }
+ break;
+
+ }
+ }
+
+ public Object getFieldValue(_Fields field) {
+ switch (field) {
+ case STATUS:
+ return getStatus();
+
+ }
+ throw new IllegalStateException();
+ }
+
+ /** Returns true if field corresponding to fieldID is set (has been assigned a value) and false otherwise */
+ public boolean isSet(_Fields field) {
+ if (field == null) {
+ throw new IllegalArgumentException();
+ }
+
+ switch (field) {
+ case STATUS:
+ return isSetStatus();
+ }
+ throw new IllegalStateException();
+ }
+
+ @Override
+ public boolean equals(Object that) {
+ if (that == null)
+ return false;
+ if (that instanceof TDropSentryRoleResponse)
+ return this.equals((TDropSentryRoleResponse)that);
+ return false;
+ }
+
+ public boolean equals(TDropSentryRoleResponse that) {
+ if (that == null)
+ return false;
+
+ boolean this_present_status = true && this.isSetStatus();
+ boolean that_present_status = true && that.isSetStatus();
+ if (this_present_status || that_present_status) {
+ if (!(this_present_status && that_present_status))
+ return false;
+ if (!this.status.equals(that.status))
+ return false;
+ }
+
+ return true;
+ }
+
+ @Override
+ public int hashCode() {
+ HashCodeBuilder builder = new HashCodeBuilder();
+
+ boolean present_status = true && (isSetStatus());
+ builder.append(present_status);
+ if (present_status)
+ builder.append(status);
+
+ return builder.toHashCode();
+ }
+
+ public int compareTo(TDropSentryRoleResponse other) {
+ if (!getClass().equals(other.getClass())) {
+ return getClass().getName().compareTo(other.getClass().getName());
+ }
+
+ int lastComparison = 0;
+ TDropSentryRoleResponse typedOther = (TDropSentryRoleResponse)other;
+
+ lastComparison = Boolean.valueOf(isSetStatus()).compareTo(typedOther.isSetStatus());
+ if (lastComparison != 0) {
+ return lastComparison;
+ }
+ if (isSetStatus()) {
+ lastComparison = org.apache.thrift.TBaseHelper.compareTo(this.status, typedOther.status);
+ if (lastComparison != 0) {
+ return lastComparison;
+ }
+ }
+ return 0;
+ }
+
+ public _Fields fieldForId(int fieldId) {
+ return _Fields.findByThriftId(fieldId);
+ }
+
+ public void read(org.apache.thrift.protocol.TProtocol iprot) throws org.apache.thrift.TException {
+ schemes.get(iprot.getScheme()).getScheme().read(iprot, this);
+ }
+
+ public void write(org.apache.thrift.protocol.TProtocol oprot) throws org.apache.thrift.TException {
+ schemes.get(oprot.getScheme()).getScheme().write(oprot, this);
+ }
+
+ @Override
+ public String toString() {
+ StringBuilder sb = new StringBuilder("TDropSentryRoleResponse(");
+ boolean first = true;
+
+ sb.append("status:");
+ if (this.status == null) {
+ sb.append("null");
+ } else {
+ sb.append(this.status);
+ }
+ first = false;
+ sb.append(")");
+ return sb.toString();
+ }
+
+ public void validate() throws org.apache.thrift.TException {
+ // check for required fields
+ if (!isSetStatus()) {
+ throw new org.apache.thrift.protocol.TProtocolException("Required field 'status' is unset! Struct:" + toString());
+ }
+
+ // check for sub-struct validity
+ if (status != null) {
+ status.validate();
+ }
+ }
+
+ private void writeObject(java.io.ObjectOutputStream out) throws java.io.IOException {
+ try {
+ write(new org.apache.thrift.protocol.TCompactProtocol(new org.apache.thrift.transport.TIOStreamTransport(out)));
+ } catch (org.apache.thrift.TException te) {
+ throw new java.io.IOException(te);
+ }
+ }
+
+ private void readObject(java.io.ObjectInputStream in) throws java.io.IOException, ClassNotFoundException {
+ try {
+ read(new org.apache.thrift.protocol.TCompactProtocol(new org.apache.thrift.transport.TIOStreamTransport(in)));
+ } catch (org.apache.thrift.TException te) {
+ throw new java.io.IOException(te);
+ }
+ }
+
+ private static class TDropSentryRoleResponseStandardSchemeFactory implements SchemeFactory {
+ public TDropSentryRoleResponseStandardScheme getScheme() {
+ return new TDropSentryRoleResponseStandardScheme();
+ }
+ }
+
+ private static class TDropSentryRoleResponseStandardScheme extends StandardScheme<TDropSentryRoleResponse> {
+
+ public void read(org.apache.thrift.protocol.TProtocol iprot, TDropSentryRoleResponse struct) throws org.apache.thrift.TException {
+ org.apache.thrift.protocol.TField schemeField;
+ iprot.readStructBegin();
+ while (true)
+ {
+ schemeField = iprot.readFieldBegin();
+ if (schemeField.type == org.apache.thrift.protocol.TType.STOP) {
+ break;
+ }
+ switch (schemeField.id) {
+ case 1: // STATUS
+ if (schemeField.type == org.apache.thrift.protocol.TType.STRUCT) {
+ struct.status = new org.apache.sentry.service.thrift.TSentryResponseStatus();
+ struct.status.read(iprot);
+ struct.setStatusIsSet(true);
+ } else {
+ org.apache.thrift.protocol.TProtocolUtil.skip(iprot, schemeField.type);
+ }
+ break;
+ default:
+ org.apache.thrift.protocol.TProtocolUtil.skip(iprot, schemeField.type);
+ }
+ iprot.readFieldEnd();
+ }
+ iprot.readStructEnd();
+ struct.validate();
+ }
+
+ public void write(org.apache.thrift.protocol.TProtocol oprot, TDropSentryRoleResponse struct) throws org.apache.thrift.TException {
+ struct.validate();
+
+ oprot.writeStructBegin(STRUCT_DESC);
+ if (struct.status != null) {
+ oprot.writeFieldBegin(STATUS_FIELD_DESC);
+ struct.status.write(oprot);
+ oprot.writeFieldEnd();
+ }
+ oprot.writeFieldStop();
+ oprot.writeStructEnd();
+ }
+
+ }
+
+ private static class TDropSentryRoleResponseTupleSchemeFactory implements SchemeFactory {
+ public TDropSentryRoleResponseTupleScheme getScheme() {
+ return new TDropSentryRoleResponseTupleScheme();
+ }
+ }
+
+ private static class TDropSentryRoleResponseTupleScheme extends TupleScheme<TDropSentryRoleResponse> {
+
+ @Override
+ public void write(org.apache.thrift.protocol.TProtocol prot, TDropSentryRoleResponse struct) throws org.apache.thrift.TException {
+ TTupleProtocol oprot = (TTupleProtocol) prot;
+ struct.status.write(oprot);
+ }
+
+ @Override
+ public void read(org.apache.thrift.protocol.TProtocol prot, TDropSentryRoleResponse struct) throws org.apache.thrift.TException {
+ TTupleProtocol iprot = (TTupleProtocol) prot;
+ struct.status = new org.apache.sentry.service.thrift.TSentryResponseStatus();
+ struct.status.read(iprot);
+ struct.setStatusIsSet(true);
+ }
+ }
+
+}
+
http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/644e8be3/sentry-provider/sentry-provider-db/src/gen/thrift/gen-javabean/org/apache/sentry/provider/db/service/thrift/TListSentryRolesRequest.java
----------------------------------------------------------------------
diff --git a/sentry-provider/sentry-provider-db/src/gen/thrift/gen-javabean/org/apache/sentry/provider/db/service/thrift/TListSentryRolesRequest.java b/sentry-provider/sentry-provider-db/src/gen/thrift/gen-javabean/org/apache/sentry/provider/db/service/thrift/TListSentryRolesRequest.java
new file mode 100644
index 0000000..e144ac9
--- /dev/null
+++ b/sentry-provider/sentry-provider-db/src/gen/thrift/gen-javabean/org/apache/sentry/provider/db/service/thrift/TListSentryRolesRequest.java
@@ -0,0 +1,850 @@
+/**
+ * Autogenerated by Thrift Compiler (0.9.0)
+ *
+ * DO NOT EDIT UNLESS YOU ARE SURE THAT YOU KNOW WHAT YOU ARE DOING
+ * @generated
+ */
+package org.apache.sentry.provider.db.service.thrift;
+
+import org.apache.commons.lang.builder.HashCodeBuilder;
+import org.apache.thrift.scheme.IScheme;
+import org.apache.thrift.scheme.SchemeFactory;
+import org.apache.thrift.scheme.StandardScheme;
+
+import org.apache.thrift.scheme.TupleScheme;
+import org.apache.thrift.protocol.TTupleProtocol;
+import org.apache.thrift.protocol.TProtocolException;
+import org.apache.thrift.EncodingUtils;
+import org.apache.thrift.TException;
+import java.util.List;
+import java.util.ArrayList;
+import java.util.Map;
+import java.util.HashMap;
+import java.util.EnumMap;
+import java.util.Set;
+import java.util.HashSet;
+import java.util.EnumSet;
+import java.util.Collections;
+import java.util.BitSet;
+import java.nio.ByteBuffer;
+import java.util.Arrays;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+public class TListSentryRolesRequest implements org.apache.thrift.TBase<TListSentryRolesRequest, TListSentryRolesRequest._Fields>, java.io.Serializable, Cloneable {
+ private static final org.apache.thrift.protocol.TStruct STRUCT_DESC = new org.apache.thrift.protocol.TStruct("TListSentryRolesRequest");
+
+ private static final org.apache.thrift.protocol.TField PROTOCOL_VERSION_FIELD_DESC = new org.apache.thrift.protocol.TField("protocol_version", org.apache.thrift.protocol.TType.I32, (short)1);
+ private static final org.apache.thrift.protocol.TField REQUESTOR_USER_NAME_FIELD_DESC = new org.apache.thrift.protocol.TField("requestorUserName", org.apache.thrift.protocol.TType.STRING, (short)2);
+ private static final org.apache.thrift.protocol.TField ROLEREQUESTOR_GROUP_NAME_FIELD_DESC = new org.apache.thrift.protocol.TField("rolerequestorGroupName", org.apache.thrift.protocol.TType.STRING, (short)3);
+ private static final org.apache.thrift.protocol.TField ROLE_NAME_FIELD_DESC = new org.apache.thrift.protocol.TField("roleName", org.apache.thrift.protocol.TType.STRING, (short)4);
+ private static final org.apache.thrift.protocol.TField REQUESTOR_GROUP_NAME_FIELD_DESC = new org.apache.thrift.protocol.TField("requestorGroupName", org.apache.thrift.protocol.TType.SET, (short)5);
+
+ private static final Map<Class<? extends IScheme>, SchemeFactory> schemes = new HashMap<Class<? extends IScheme>, SchemeFactory>();
+ static {
+ schemes.put(StandardScheme.class, new TListSentryRolesRequestStandardSchemeFactory());
+ schemes.put(TupleScheme.class, new TListSentryRolesRequestTupleSchemeFactory());
+ }
+
+ private int protocol_version; // required
+ private String requestorUserName; // required
+ private String rolerequestorGroupName; // optional
+ private String roleName; // required
+ private Set<String> requestorGroupName; // required
+
+ /** The set of fields this struct contains, along with convenience methods for finding and manipulating them. */
+ public enum _Fields implements org.apache.thrift.TFieldIdEnum {
+ PROTOCOL_VERSION((short)1, "protocol_version"),
+ REQUESTOR_USER_NAME((short)2, "requestorUserName"),
+ ROLEREQUESTOR_GROUP_NAME((short)3, "rolerequestorGroupName"),
+ ROLE_NAME((short)4, "roleName"),
+ REQUESTOR_GROUP_NAME((short)5, "requestorGroupName");
+
+ private static final Map<String, _Fields> byName = new HashMap<String, _Fields>();
+
+ static {
+ for (_Fields field : EnumSet.allOf(_Fields.class)) {
+ byName.put(field.getFieldName(), field);
+ }
+ }
+
+ /**
+ * Find the _Fields constant that matches fieldId, or null if its not found.
+ */
+ public static _Fields findByThriftId(int fieldId) {
+ switch(fieldId) {
+ case 1: // PROTOCOL_VERSION
+ return PROTOCOL_VERSION;
+ case 2: // REQUESTOR_USER_NAME
+ return REQUESTOR_USER_NAME;
+ case 3: // ROLEREQUESTOR_GROUP_NAME
+ return ROLEREQUESTOR_GROUP_NAME;
+ case 4: // ROLE_NAME
+ return ROLE_NAME;
+ case 5: // REQUESTOR_GROUP_NAME
+ return REQUESTOR_GROUP_NAME;
+ default:
+ return null;
+ }
+ }
+
+ /**
+ * Find the _Fields constant that matches fieldId, throwing an exception
+ * if it is not found.
+ */
+ public static _Fields findByThriftIdOrThrow(int fieldId) {
+ _Fields fields = findByThriftId(fieldId);
+ if (fields == null) throw new IllegalArgumentException("Field " + fieldId + " doesn't exist!");
+ return fields;
+ }
+
+ /**
+ * Find the _Fields constant that matches name, or null if its not found.
+ */
+ public static _Fields findByName(String name) {
+ return byName.get(name);
+ }
+
+ private final short _thriftId;
+ private final String _fieldName;
+
+ _Fields(short thriftId, String fieldName) {
+ _thriftId = thriftId;
+ _fieldName = fieldName;
+ }
+
+ public short getThriftFieldId() {
+ return _thriftId;
+ }
+
+ public String getFieldName() {
+ return _fieldName;
+ }
+ }
+
+ // isset id assignments
+ private static final int __PROTOCOL_VERSION_ISSET_ID = 0;
+ private byte __isset_bitfield = 0;
+ private _Fields optionals[] = {_Fields.ROLEREQUESTOR_GROUP_NAME};
+ public static final Map<_Fields, org.apache.thrift.meta_data.FieldMetaData> metaDataMap;
+ static {
+ Map<_Fields, org.apache.thrift.meta_data.FieldMetaData> tmpMap = new EnumMap<_Fields, org.apache.thrift.meta_data.FieldMetaData>(_Fields.class);
+ tmpMap.put(_Fields.PROTOCOL_VERSION, new org.apache.thrift.meta_data.FieldMetaData("protocol_version", org.apache.thrift.TFieldRequirementType.REQUIRED,
+ new org.apache.thrift.meta_data.FieldValueMetaData(org.apache.thrift.protocol.TType.I32)));
+ tmpMap.put(_Fields.REQUESTOR_USER_NAME, new org.apache.thrift.meta_data.FieldMetaData("requestorUserName", org.apache.thrift.TFieldRequirementType.REQUIRED,
+ new org.apache.thrift.meta_data.FieldValueMetaData(org.apache.thrift.protocol.TType.STRING)));
+ tmpMap.put(_Fields.ROLEREQUESTOR_GROUP_NAME, new org.apache.thrift.meta_data.FieldMetaData("rolerequestorGroupName", org.apache.thrift.TFieldRequirementType.OPTIONAL,
+ new org.apache.thrift.meta_data.FieldValueMetaData(org.apache.thrift.protocol.TType.STRING)));
+ tmpMap.put(_Fields.ROLE_NAME, new org.apache.thrift.meta_data.FieldMetaData("roleName", org.apache.thrift.TFieldRequirementType.REQUIRED,
+ new org.apache.thrift.meta_data.FieldValueMetaData(org.apache.thrift.protocol.TType.STRING)));
+ tmpMap.put(_Fields.REQUESTOR_GROUP_NAME, new org.apache.thrift.meta_data.FieldMetaData("requestorGroupName", org.apache.thrift.TFieldRequirementType.REQUIRED,
+ new org.apache.thrift.meta_data.SetMetaData(org.apache.thrift.protocol.TType.SET,
+ new org.apache.thrift.meta_data.FieldValueMetaData(org.apache.thrift.protocol.TType.STRING))));
+ metaDataMap = Collections.unmodifiableMap(tmpMap);
+ org.apache.thrift.meta_data.FieldMetaData.addStructMetaDataMap(TListSentryRolesRequest.class, metaDataMap);
+ }
+
+ public TListSentryRolesRequest() {
+ this.protocol_version = 1;
+
+ }
+
+ public TListSentryRolesRequest(
+ int protocol_version,
+ String requestorUserName,
+ String roleName,
+ Set<String> requestorGroupName)
+ {
+ this();
+ this.protocol_version = protocol_version;
+ setProtocol_versionIsSet(true);
+ this.requestorUserName = requestorUserName;
+ this.roleName = roleName;
+ this.requestorGroupName = requestorGroupName;
+ }
+
+ /**
+ * Performs a deep copy on <i>other</i>.
+ */
+ public TListSentryRolesRequest(TListSentryRolesRequest other) {
+ __isset_bitfield = other.__isset_bitfield;
+ this.protocol_version = other.protocol_version;
+ if (other.isSetRequestorUserName()) {
+ this.requestorUserName = other.requestorUserName;
+ }
+ if (other.isSetRolerequestorGroupName()) {
+ this.rolerequestorGroupName = other.rolerequestorGroupName;
+ }
+ if (other.isSetRoleName()) {
+ this.roleName = other.roleName;
+ }
+ if (other.isSetRequestorGroupName()) {
+ Set<String> __this__requestorGroupName = new HashSet<String>();
+ for (String other_element : other.requestorGroupName) {
+ __this__requestorGroupName.add(other_element);
+ }
+ this.requestorGroupName = __this__requestorGroupName;
+ }
+ }
+
+ public TListSentryRolesRequest deepCopy() {
+ return new TListSentryRolesRequest(this);
+ }
+
+ @Override
+ public void clear() {
+ this.protocol_version = 1;
+
+ this.requestorUserName = null;
+ this.rolerequestorGroupName = null;
+ this.roleName = null;
+ this.requestorGroupName = null;
+ }
+
+ public int getProtocol_version() {
+ return this.protocol_version;
+ }
+
+ public void setProtocol_version(int protocol_version) {
+ this.protocol_version = protocol_version;
+ setProtocol_versionIsSet(true);
+ }
+
+ public void unsetProtocol_version() {
+ __isset_bitfield = EncodingUtils.clearBit(__isset_bitfield, __PROTOCOL_VERSION_ISSET_ID);
+ }
+
+ /** Returns true if field protocol_version is set (has been assigned a value) and false otherwise */
+ public boolean isSetProtocol_version() {
+ return EncodingUtils.testBit(__isset_bitfield, __PROTOCOL_VERSION_ISSET_ID);
+ }
+
+ public void setProtocol_versionIsSet(boolean value) {
+ __isset_bitfield = EncodingUtils.setBit(__isset_bitfield, __PROTOCOL_VERSION_ISSET_ID, value);
+ }
+
+ public String getRequestorUserName() {
+ return this.requestorUserName;
+ }
+
+ public void setRequestorUserName(String requestorUserName) {
+ this.requestorUserName = requestorUserName;
+ }
+
+ public void unsetRequestorUserName() {
+ this.requestorUserName = null;
+ }
+
+ /** Returns true if field requestorUserName is set (has been assigned a value) and false otherwise */
+ public boolean isSetRequestorUserName() {
+ return this.requestorUserName != null;
+ }
+
+ public void setRequestorUserNameIsSet(boolean value) {
+ if (!value) {
+ this.requestorUserName = null;
+ }
+ }
+
+ public String getRolerequestorGroupName() {
+ return this.rolerequestorGroupName;
+ }
+
+ public void setRolerequestorGroupName(String rolerequestorGroupName) {
+ this.rolerequestorGroupName = rolerequestorGroupName;
+ }
+
+ public void unsetRolerequestorGroupName() {
+ this.rolerequestorGroupName = null;
+ }
+
+ /** Returns true if field rolerequestorGroupName is set (has been assigned a value) and false otherwise */
+ public boolean isSetRolerequestorGroupName() {
+ return this.rolerequestorGroupName != null;
+ }
+
+ public void setRolerequestorGroupNameIsSet(boolean value) {
+ if (!value) {
+ this.rolerequestorGroupName = null;
+ }
+ }
+
+ public String getRoleName() {
+ return this.roleName;
+ }
+
+ public void setRoleName(String roleName) {
+ this.roleName = roleName;
+ }
+
+ public void unsetRoleName() {
+ this.roleName = null;
+ }
+
+ /** Returns true if field roleName is set (has been assigned a value) and false otherwise */
+ public boolean isSetRoleName() {
+ return this.roleName != null;
+ }
+
+ public void setRoleNameIsSet(boolean value) {
+ if (!value) {
+ this.roleName = null;
+ }
+ }
+
+ public int getRequestorGroupNameSize() {
+ return (this.requestorGroupName == null) ? 0 : this.requestorGroupName.size();
+ }
+
+ public java.util.Iterator<String> getRequestorGroupNameIterator() {
+ return (this.requestorGroupName == null) ? null : this.requestorGroupName.iterator();
+ }
+
+ public void addToRequestorGroupName(String elem) {
+ if (this.requestorGroupName == null) {
+ this.requestorGroupName = new HashSet<String>();
+ }
+ this.requestorGroupName.add(elem);
+ }
+
+ public Set<String> getRequestorGroupName() {
+ return this.requestorGroupName;
+ }
+
+ public void setRequestorGroupName(Set<String> requestorGroupName) {
+ this.requestorGroupName = requestorGroupName;
+ }
+
+ public void unsetRequestorGroupName() {
+ this.requestorGroupName = null;
+ }
+
+ /** Returns true if field requestorGroupName is set (has been assigned a value) and false otherwise */
+ public boolean isSetRequestorGroupName() {
+ return this.requestorGroupName != null;
+ }
+
+ public void setRequestorGroupNameIsSet(boolean value) {
+ if (!value) {
+ this.requestorGroupName = null;
+ }
+ }
+
+ public void setFieldValue(_Fields field, Object value) {
+ switch (field) {
+ case PROTOCOL_VERSION:
+ if (value == null) {
+ unsetProtocol_version();
+ } else {
+ setProtocol_version((Integer)value);
+ }
+ break;
+
+ case REQUESTOR_USER_NAME:
+ if (value == null) {
+ unsetRequestorUserName();
+ } else {
+ setRequestorUserName((String)value);
+ }
+ break;
+
+ case ROLEREQUESTOR_GROUP_NAME:
+ if (value == null) {
+ unsetRolerequestorGroupName();
+ } else {
+ setRolerequestorGroupName((String)value);
+ }
+ break;
+
+ case ROLE_NAME:
+ if (value == null) {
+ unsetRoleName();
+ } else {
+ setRoleName((String)value);
+ }
+ break;
+
+ case REQUESTOR_GROUP_NAME:
+ if (value == null) {
+ unsetRequestorGroupName();
+ } else {
+ setRequestorGroupName((Set<String>)value);
+ }
+ break;
+
+ }
+ }
+
+ public Object getFieldValue(_Fields field) {
+ switch (field) {
+ case PROTOCOL_VERSION:
+ return Integer.valueOf(getProtocol_version());
+
+ case REQUESTOR_USER_NAME:
+ return getRequestorUserName();
+
+ case ROLEREQUESTOR_GROUP_NAME:
+ return getRolerequestorGroupName();
+
+ case ROLE_NAME:
+ return getRoleName();
+
+ case REQUESTOR_GROUP_NAME:
+ return getRequestorGroupName();
+
+ }
+ throw new IllegalStateException();
+ }
+
+ /** Returns true if field corresponding to fieldID is set (has been assigned a value) and false otherwise */
+ public boolean isSet(_Fields field) {
+ if (field == null) {
+ throw new IllegalArgumentException();
+ }
+
+ switch (field) {
+ case PROTOCOL_VERSION:
+ return isSetProtocol_version();
+ case REQUESTOR_USER_NAME:
+ return isSetRequestorUserName();
+ case ROLEREQUESTOR_GROUP_NAME:
+ return isSetRolerequestorGroupName();
+ case ROLE_NAME:
+ return isSetRoleName();
+ case REQUESTOR_GROUP_NAME:
+ return isSetRequestorGroupName();
+ }
+ throw new IllegalStateException();
+ }
+
+ @Override
+ public boolean equals(Object that) {
+ if (that == null)
+ return false;
+ if (that instanceof TListSentryRolesRequest)
+ return this.equals((TListSentryRolesRequest)that);
+ return false;
+ }
+
+ public boolean equals(TListSentryRolesRequest that) {
+ if (that == null)
+ return false;
+
+ boolean this_present_protocol_version = true;
+ boolean that_present_protocol_version = true;
+ if (this_present_protocol_version || that_present_protocol_version) {
+ if (!(this_present_protocol_version && that_present_protocol_version))
+ return false;
+ if (this.protocol_version != that.protocol_version)
+ return false;
+ }
+
+ boolean this_present_requestorUserName = true && this.isSetRequestorUserName();
+ boolean that_present_requestorUserName = true && that.isSetRequestorUserName();
+ if (this_present_requestorUserName || that_present_requestorUserName) {
+ if (!(this_present_requestorUserName && that_present_requestorUserName))
+ return false;
+ if (!this.requestorUserName.equals(that.requestorUserName))
+ return false;
+ }
+
+ boolean this_present_rolerequestorGroupName = true && this.isSetRolerequestorGroupName();
+ boolean that_present_rolerequestorGroupName = true && that.isSetRolerequestorGroupName();
+ if (this_present_rolerequestorGroupName || that_present_rolerequestorGroupName) {
+ if (!(this_present_rolerequestorGroupName && that_present_rolerequestorGroupName))
+ return false;
+ if (!this.rolerequestorGroupName.equals(that.rolerequestorGroupName))
+ return false;
+ }
+
+ boolean this_present_roleName = true && this.isSetRoleName();
+ boolean that_present_roleName = true && that.isSetRoleName();
+ if (this_present_roleName || that_present_roleName) {
+ if (!(this_present_roleName && that_present_roleName))
+ return false;
+ if (!this.roleName.equals(that.roleName))
+ return false;
+ }
+
+ boolean this_present_requestorGroupName = true && this.isSetRequestorGroupName();
+ boolean that_present_requestorGroupName = true && that.isSetRequestorGroupName();
+ if (this_present_requestorGroupName || that_present_requestorGroupName) {
+ if (!(this_present_requestorGroupName && that_present_requestorGroupName))
+ return false;
+ if (!this.requestorGroupName.equals(that.requestorGroupName))
+ return false;
+ }
+
+ return true;
+ }
+
+ @Override
+ public int hashCode() {
+ HashCodeBuilder builder = new HashCodeBuilder();
+
+ boolean present_protocol_version = true;
+ builder.append(present_protocol_version);
+ if (present_protocol_version)
+ builder.append(protocol_version);
+
+ boolean present_requestorUserName = true && (isSetRequestorUserName());
+ builder.append(present_requestorUserName);
+ if (present_requestorUserName)
+ builder.append(requestorUserName);
+
+ boolean present_rolerequestorGroupName = true && (isSetRolerequestorGroupName());
+ builder.append(present_rolerequestorGroupName);
+ if (present_rolerequestorGroupName)
+ builder.append(rolerequestorGroupName);
+
+ boolean present_roleName = true && (isSetRoleName());
+ builder.append(present_roleName);
+ if (present_roleName)
+ builder.append(roleName);
+
+ boolean present_requestorGroupName = true && (isSetRequestorGroupName());
+ builder.append(present_requestorGroupName);
+ if (present_requestorGroupName)
+ builder.append(requestorGroupName);
+
+ return builder.toHashCode();
+ }
+
+ public int compareTo(TListSentryRolesRequest other) {
+ if (!getClass().equals(other.getClass())) {
+ return getClass().getName().compareTo(other.getClass().getName());
+ }
+
+ int lastComparison = 0;
+ TListSentryRolesRequest typedOther = (TListSentryRolesRequest)other;
+
+ lastComparison = Boolean.valueOf(isSetProtocol_version()).compareTo(typedOther.isSetProtocol_version());
+ if (lastComparison != 0) {
+ return lastComparison;
+ }
+ if (isSetProtocol_version()) {
+ lastComparison = org.apache.thrift.TBaseHelper.compareTo(this.protocol_version, typedOther.protocol_version);
+ if (lastComparison != 0) {
+ return lastComparison;
+ }
+ }
+ lastComparison = Boolean.valueOf(isSetRequestorUserName()).compareTo(typedOther.isSetRequestorUserName());
+ if (lastComparison != 0) {
+ return lastComparison;
+ }
+ if (isSetRequestorUserName()) {
+ lastComparison = org.apache.thrift.TBaseHelper.compareTo(this.requestorUserName, typedOther.requestorUserName);
+ if (lastComparison != 0) {
+ return lastComparison;
+ }
+ }
+ lastComparison = Boolean.valueOf(isSetRolerequestorGroupName()).compareTo(typedOther.isSetRolerequestorGroupName());
+ if (lastComparison != 0) {
+ return lastComparison;
+ }
+ if (isSetRolerequestorGroupName()) {
+ lastComparison = org.apache.thrift.TBaseHelper.compareTo(this.rolerequestorGroupName, typedOther.rolerequestorGroupName);
+ if (lastComparison != 0) {
+ return lastComparison;
+ }
+ }
+ lastComparison = Boolean.valueOf(isSetRoleName()).compareTo(typedOther.isSetRoleName());
+ if (lastComparison != 0) {
+ return lastComparison;
+ }
+ if (isSetRoleName()) {
+ lastComparison = org.apache.thrift.TBaseHelper.compareTo(this.roleName, typedOther.roleName);
+ if (lastComparison != 0) {
+ return lastComparison;
+ }
+ }
+ lastComparison = Boolean.valueOf(isSetRequestorGroupName()).compareTo(typedOther.isSetRequestorGroupName());
+ if (lastComparison != 0) {
+ return lastComparison;
+ }
+ if (isSetRequestorGroupName()) {
+ lastComparison = org.apache.thrift.TBaseHelper.compareTo(this.requestorGroupName, typedOther.requestorGroupName);
+ if (lastComparison != 0) {
+ return lastComparison;
+ }
+ }
+ return 0;
+ }
+
+ public _Fields fieldForId(int fieldId) {
+ return _Fields.findByThriftId(fieldId);
+ }
+
+ public void read(org.apache.thrift.protocol.TProtocol iprot) throws org.apache.thrift.TException {
+ schemes.get(iprot.getScheme()).getScheme().read(iprot, this);
+ }
+
+ public void write(org.apache.thrift.protocol.TProtocol oprot) throws org.apache.thrift.TException {
+ schemes.get(oprot.getScheme()).getScheme().write(oprot, this);
+ }
+
+ @Override
+ public String toString() {
+ StringBuilder sb = new StringBuilder("TListSentryRolesRequest(");
+ boolean first = true;
+
+ sb.append("protocol_version:");
+ sb.append(this.protocol_version);
+ first = false;
+ if (!first) sb.append(", ");
+ sb.append("requestorUserName:");
+ if (this.requestorUserName == null) {
+ sb.append("null");
+ } else {
+ sb.append(this.requestorUserName);
+ }
+ first = false;
+ if (isSetRolerequestorGroupName()) {
+ if (!first) sb.append(", ");
+ sb.append("rolerequestorGroupName:");
+ if (this.rolerequestorGroupName == null) {
+ sb.append("null");
+ } else {
+ sb.append(this.rolerequestorGroupName);
+ }
+ first = false;
+ }
+ if (!first) sb.append(", ");
+ sb.append("roleName:");
+ if (this.roleName == null) {
+ sb.append("null");
+ } else {
+ sb.append(this.roleName);
+ }
+ first = false;
+ if (!first) sb.append(", ");
+ sb.append("requestorGroupName:");
+ if (this.requestorGroupName == null) {
+ sb.append("null");
+ } else {
+ sb.append(this.requestorGroupName);
+ }
+ first = false;
+ sb.append(")");
+ return sb.toString();
+ }
+
+ public void validate() throws org.apache.thrift.TException {
+ // check for required fields
+ if (!isSetProtocol_version()) {
+ throw new org.apache.thrift.protocol.TProtocolException("Required field 'protocol_version' is unset! Struct:" + toString());
+ }
+
+ if (!isSetRequestorUserName()) {
+ throw new org.apache.thrift.protocol.TProtocolException("Required field 'requestorUserName' is unset! Struct:" + toString());
+ }
+
+ if (!isSetRoleName()) {
+ throw new org.apache.thrift.protocol.TProtocolException("Required field 'roleName' is unset! Struct:" + toString());
+ }
+
+ if (!isSetRequestorGroupName()) {
+ throw new org.apache.thrift.protocol.TProtocolException("Required field 'requestorGroupName' is unset! Struct:" + toString());
+ }
+
+ // check for sub-struct validity
+ }
+
+ private void writeObject(java.io.ObjectOutputStream out) throws java.io.IOException {
+ try {
+ write(new org.apache.thrift.protocol.TCompactProtocol(new org.apache.thrift.transport.TIOStreamTransport(out)));
+ } catch (org.apache.thrift.TException te) {
+ throw new java.io.IOException(te);
+ }
+ }
+
+ private void readObject(java.io.ObjectInputStream in) throws java.io.IOException, ClassNotFoundException {
+ try {
+ // it doesn't seem like you should have to do this, but java serialization is wacky, and doesn't call the default constructor.
+ __isset_bitfield = 0;
+ read(new org.apache.thrift.protocol.TCompactProtocol(new org.apache.thrift.transport.TIOStreamTransport(in)));
+ } catch (org.apache.thrift.TException te) {
+ throw new java.io.IOException(te);
+ }
+ }
+
+ private static class TListSentryRolesRequestStandardSchemeFactory implements SchemeFactory {
+ public TListSentryRolesRequestStandardScheme getScheme() {
+ return new TListSentryRolesRequestStandardScheme();
+ }
+ }
+
+ private static class TListSentryRolesRequestStandardScheme extends StandardScheme<TListSentryRolesRequest> {
+
+ public void read(org.apache.thrift.protocol.TProtocol iprot, TListSentryRolesRequest struct) throws org.apache.thrift.TException {
+ org.apache.thrift.protocol.TField schemeField;
+ iprot.readStructBegin();
+ while (true)
+ {
+ schemeField = iprot.readFieldBegin();
+ if (schemeField.type == org.apache.thrift.protocol.TType.STOP) {
+ break;
+ }
+ switch (schemeField.id) {
+ case 1: // PROTOCOL_VERSION
+ if (schemeField.type == org.apache.thrift.protocol.TType.I32) {
+ struct.protocol_version = iprot.readI32();
+ struct.setProtocol_versionIsSet(true);
+ } else {
+ org.apache.thrift.protocol.TProtocolUtil.skip(iprot, schemeField.type);
+ }
+ break;
+ case 2: // REQUESTOR_USER_NAME
+ if (schemeField.type == org.apache.thrift.protocol.TType.STRING) {
+ struct.requestorUserName = iprot.readString();
+ struct.setRequestorUserNameIsSet(true);
+ } else {
+ org.apache.thrift.protocol.TProtocolUtil.skip(iprot, schemeField.type);
+ }
+ break;
+ case 3: // ROLEREQUESTOR_GROUP_NAME
+ if (schemeField.type == org.apache.thrift.protocol.TType.STRING) {
+ struct.rolerequestorGroupName = iprot.readString();
+ struct.setRolerequestorGroupNameIsSet(true);
+ } else {
+ org.apache.thrift.protocol.TProtocolUtil.skip(iprot, schemeField.type);
+ }
+ break;
+ case 4: // ROLE_NAME
+ if (schemeField.type == org.apache.thrift.protocol.TType.STRING) {
+ struct.roleName = iprot.readString();
+ struct.setRoleNameIsSet(true);
+ } else {
+ org.apache.thrift.protocol.TProtocolUtil.skip(iprot, schemeField.type);
+ }
+ break;
+ case 5: // REQUESTOR_GROUP_NAME
+ if (schemeField.type == org.apache.thrift.protocol.TType.SET) {
+ {
+ org.apache.thrift.protocol.TSet _set16 = iprot.readSetBegin();
+ struct.requestorGroupName = new HashSet<String>(2*_set16.size);
+ for (int _i17 = 0; _i17 < _set16.size; ++_i17)
+ {
+ String _elem18; // required
+ _elem18 = iprot.readString();
+ struct.requestorGroupName.add(_elem18);
+ }
+ iprot.readSetEnd();
+ }
+ struct.setRequestorGroupNameIsSet(true);
+ } else {
+ org.apache.thrift.protocol.TProtocolUtil.skip(iprot, schemeField.type);
+ }
+ break;
+ default:
+ org.apache.thrift.protocol.TProtocolUtil.skip(iprot, schemeField.type);
+ }
+ iprot.readFieldEnd();
+ }
+ iprot.readStructEnd();
+ struct.validate();
+ }
+
+ public void write(org.apache.thrift.protocol.TProtocol oprot, TListSentryRolesRequest struct) throws org.apache.thrift.TException {
+ struct.validate();
+
+ oprot.writeStructBegin(STRUCT_DESC);
+ oprot.writeFieldBegin(PROTOCOL_VERSION_FIELD_DESC);
+ oprot.writeI32(struct.protocol_version);
+ oprot.writeFieldEnd();
+ if (struct.requestorUserName != null) {
+ oprot.writeFieldBegin(REQUESTOR_USER_NAME_FIELD_DESC);
+ oprot.writeString(struct.requestorUserName);
+ oprot.writeFieldEnd();
+ }
+ if (struct.rolerequestorGroupName != null) {
+ if (struct.isSetRolerequestorGroupName()) {
+ oprot.writeFieldBegin(ROLEREQUESTOR_GROUP_NAME_FIELD_DESC);
+ oprot.writeString(struct.rolerequestorGroupName);
+ oprot.writeFieldEnd();
+ }
+ }
+ if (struct.roleName != null) {
+ oprot.writeFieldBegin(ROLE_NAME_FIELD_DESC);
+ oprot.writeString(struct.roleName);
+ oprot.writeFieldEnd();
+ }
+ if (struct.requestorGroupName != null) {
+ oprot.writeFieldBegin(REQUESTOR_GROUP_NAME_FIELD_DESC);
+ {
+ oprot.writeSetBegin(new org.apache.thrift.protocol.TSet(org.apache.thrift.protocol.TType.STRING, struct.requestorGroupName.size()));
+ for (String _iter19 : struct.requestorGroupName)
+ {
+ oprot.writeString(_iter19);
+ }
+ oprot.writeSetEnd();
+ }
+ oprot.writeFieldEnd();
+ }
+ oprot.writeFieldStop();
+ oprot.writeStructEnd();
+ }
+
+ }
+
+ private static class TListSentryRolesRequestTupleSchemeFactory implements SchemeFactory {
+ public TListSentryRolesRequestTupleScheme getScheme() {
+ return new TListSentryRolesRequestTupleScheme();
+ }
+ }
+
+ private static class TListSentryRolesRequestTupleScheme extends TupleScheme<TListSentryRolesRequest> {
+
+ @Override
+ public void write(org.apache.thrift.protocol.TProtocol prot, TListSentryRolesRequest struct) throws org.apache.thrift.TException {
+ TTupleProtocol oprot = (TTupleProtocol) prot;
+ oprot.writeI32(struct.protocol_version);
+ oprot.writeString(struct.requestorUserName);
+ oprot.writeString(struct.roleName);
+ {
+ oprot.writeI32(struct.requestorGroupName.size());
+ for (String _iter20 : struct.requestorGroupName)
+ {
+ oprot.writeString(_iter20);
+ }
+ }
+ BitSet optionals = new BitSet();
+ if (struct.isSetRolerequestorGroupName()) {
+ optionals.set(0);
+ }
+ oprot.writeBitSet(optionals, 1);
+ if (struct.isSetRolerequestorGroupName()) {
+ oprot.writeString(struct.rolerequestorGroupName);
+ }
+ }
+
+ @Override
+ public void read(org.apache.thrift.protocol.TProtocol prot, TListSentryRolesRequest struct) throws org.apache.thrift.TException {
+ TTupleProtocol iprot = (TTupleProtocol) prot;
+ struct.protocol_version = iprot.readI32();
+ struct.setProtocol_versionIsSet(true);
+ struct.requestorUserName = iprot.readString();
+ struct.setRequestorUserNameIsSet(true);
+ struct.roleName = iprot.readString();
+ struct.setRoleNameIsSet(true);
+ {
+ org.apache.thrift.protocol.TSet _set21 = new org.apache.thrift.protocol.TSet(org.apache.thrift.protocol.TType.STRING, iprot.readI32());
+ struct.requestorGroupName = new HashSet<String>(2*_set21.size);
+ for (int _i22 = 0; _i22 < _set21.size; ++_i22)
+ {
+ String _elem23; // required
+ _elem23 = iprot.readString();
+ struct.requestorGroupName.add(_elem23);
+ }
+ }
+ struct.setRequestorGroupNameIsSet(true);
+ BitSet incoming = iprot.readBitSet(1);
+ if (incoming.get(0)) {
+ struct.rolerequestorGroupName = iprot.readString();
+ struct.setRolerequestorGroupNameIsSet(true);
+ }
+ }
+ }
+
+}
+
http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/644e8be3/sentry-provider/sentry-provider-db/src/gen/thrift/gen-javabean/org/apache/sentry/provider/db/service/thrift/TListSentryRolesResponse.java
----------------------------------------------------------------------
diff --git a/sentry-provider/sentry-provider-db/src/gen/thrift/gen-javabean/org/apache/sentry/provider/db/service/thrift/TListSentryRolesResponse.java b/sentry-provider/sentry-provider-db/src/gen/thrift/gen-javabean/org/apache/sentry/provider/db/service/thrift/TListSentryRolesResponse.java
new file mode 100644
index 0000000..f3dfac2
--- /dev/null
+++ b/sentry-provider/sentry-provider-db/src/gen/thrift/gen-javabean/org/apache/sentry/provider/db/service/thrift/TListSentryRolesResponse.java
@@ -0,0 +1,545 @@
+/**
+ * Autogenerated by Thrift Compiler (0.9.0)
+ *
+ * DO NOT EDIT UNLESS YOU ARE SURE THAT YOU KNOW WHAT YOU ARE DOING
+ * @generated
+ */
+package org.apache.sentry.provider.db.service.thrift;
+
+import org.apache.commons.lang.builder.HashCodeBuilder;
+import org.apache.thrift.scheme.IScheme;
+import org.apache.thrift.scheme.SchemeFactory;
+import org.apache.thrift.scheme.StandardScheme;
+
+import org.apache.thrift.scheme.TupleScheme;
+import org.apache.thrift.protocol.TTupleProtocol;
+import org.apache.thrift.protocol.TProtocolException;
+import org.apache.thrift.EncodingUtils;
+import org.apache.thrift.TException;
+import java.util.List;
+import java.util.ArrayList;
+import java.util.Map;
+import java.util.HashMap;
+import java.util.EnumMap;
+import java.util.Set;
+import java.util.HashSet;
+import java.util.EnumSet;
+import java.util.Collections;
+import java.util.BitSet;
+import java.nio.ByteBuffer;
+import java.util.Arrays;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+public class TListSentryRolesResponse implements org.apache.thrift.TBase<TListSentryRolesResponse, TListSentryRolesResponse._Fields>, java.io.Serializable, Cloneable {
+ private static final org.apache.thrift.protocol.TStruct STRUCT_DESC = new org.apache.thrift.protocol.TStruct("TListSentryRolesResponse");
+
+ private static final org.apache.thrift.protocol.TField STATUS_FIELD_DESC = new org.apache.thrift.protocol.TField("status", org.apache.thrift.protocol.TType.STRUCT, (short)1);
+ private static final org.apache.thrift.protocol.TField ROLES_FIELD_DESC = new org.apache.thrift.protocol.TField("roles", org.apache.thrift.protocol.TType.SET, (short)2);
+
+ private static final Map<Class<? extends IScheme>, SchemeFactory> schemes = new HashMap<Class<? extends IScheme>, SchemeFactory>();
+ static {
+ schemes.put(StandardScheme.class, new TListSentryRolesResponseStandardSchemeFactory());
+ schemes.put(TupleScheme.class, new TListSentryRolesResponseTupleSchemeFactory());
+ }
+
+ private org.apache.sentry.service.thrift.TSentryResponseStatus status; // required
+ private Set<TSentryRole> roles; // required
+
+ /** The set of fields this struct contains, along with convenience methods for finding and manipulating them. */
+ public enum _Fields implements org.apache.thrift.TFieldIdEnum {
+ STATUS((short)1, "status"),
+ ROLES((short)2, "roles");
+
+ private static final Map<String, _Fields> byName = new HashMap<String, _Fields>();
+
+ static {
+ for (_Fields field : EnumSet.allOf(_Fields.class)) {
+ byName.put(field.getFieldName(), field);
+ }
+ }
+
+ /**
+ * Find the _Fields constant that matches fieldId, or null if its not found.
+ */
+ public static _Fields findByThriftId(int fieldId) {
+ switch(fieldId) {
+ case 1: // STATUS
+ return STATUS;
+ case 2: // ROLES
+ return ROLES;
+ default:
+ return null;
+ }
+ }
+
+ /**
+ * Find the _Fields constant that matches fieldId, throwing an exception
+ * if it is not found.
+ */
+ public static _Fields findByThriftIdOrThrow(int fieldId) {
+ _Fields fields = findByThriftId(fieldId);
+ if (fields == null) throw new IllegalArgumentException("Field " + fieldId + " doesn't exist!");
+ return fields;
+ }
+
+ /**
+ * Find the _Fields constant that matches name, or null if its not found.
+ */
+ public static _Fields findByName(String name) {
+ return byName.get(name);
+ }
+
+ private final short _thriftId;
+ private final String _fieldName;
+
+ _Fields(short thriftId, String fieldName) {
+ _thriftId = thriftId;
+ _fieldName = fieldName;
+ }
+
+ public short getThriftFieldId() {
+ return _thriftId;
+ }
+
+ public String getFieldName() {
+ return _fieldName;
+ }
+ }
+
+ // isset id assignments
+ public static final Map<_Fields, org.apache.thrift.meta_data.FieldMetaData> metaDataMap;
+ static {
+ Map<_Fields, org.apache.thrift.meta_data.FieldMetaData> tmpMap = new EnumMap<_Fields, org.apache.thrift.meta_data.FieldMetaData>(_Fields.class);
+ tmpMap.put(_Fields.STATUS, new org.apache.thrift.meta_data.FieldMetaData("status", org.apache.thrift.TFieldRequirementType.REQUIRED,
+ new org.apache.thrift.meta_data.StructMetaData(org.apache.thrift.protocol.TType.STRUCT, org.apache.sentry.service.thrift.TSentryResponseStatus.class)));
+ tmpMap.put(_Fields.ROLES, new org.apache.thrift.meta_data.FieldMetaData("roles", org.apache.thrift.TFieldRequirementType.REQUIRED,
+ new org.apache.thrift.meta_data.SetMetaData(org.apache.thrift.protocol.TType.SET,
+ new org.apache.thrift.meta_data.StructMetaData(org.apache.thrift.protocol.TType.STRUCT, TSentryRole.class))));
+ metaDataMap = Collections.unmodifiableMap(tmpMap);
+ org.apache.thrift.meta_data.FieldMetaData.addStructMetaDataMap(TListSentryRolesResponse.class, metaDataMap);
+ }
+
+ public TListSentryRolesResponse() {
+ }
+
+ public TListSentryRolesResponse(
+ org.apache.sentry.service.thrift.TSentryResponseStatus status,
+ Set<TSentryRole> roles)
+ {
+ this();
+ this.status = status;
+ this.roles = roles;
+ }
+
+ /**
+ * Performs a deep copy on <i>other</i>.
+ */
+ public TListSentryRolesResponse(TListSentryRolesResponse other) {
+ if (other.isSetStatus()) {
+ this.status = new org.apache.sentry.service.thrift.TSentryResponseStatus(other.status);
+ }
+ if (other.isSetRoles()) {
+ Set<TSentryRole> __this__roles = new HashSet<TSentryRole>();
+ for (TSentryRole other_element : other.roles) {
+ __this__roles.add(new TSentryRole(other_element));
+ }
+ this.roles = __this__roles;
+ }
+ }
+
+ public TListSentryRolesResponse deepCopy() {
+ return new TListSentryRolesResponse(this);
+ }
+
+ @Override
+ public void clear() {
+ this.status = null;
+ this.roles = null;
+ }
+
+ public org.apache.sentry.service.thrift.TSentryResponseStatus getStatus() {
+ return this.status;
+ }
+
+ public void setStatus(org.apache.sentry.service.thrift.TSentryResponseStatus status) {
+ this.status = status;
+ }
+
+ public void unsetStatus() {
+ this.status = null;
+ }
+
+ /** Returns true if field status is set (has been assigned a value) and false otherwise */
+ public boolean isSetStatus() {
+ return this.status != null;
+ }
+
+ public void setStatusIsSet(boolean value) {
+ if (!value) {
+ this.status = null;
+ }
+ }
+
+ public int getRolesSize() {
+ return (this.roles == null) ? 0 : this.roles.size();
+ }
+
+ public java.util.Iterator<TSentryRole> getRolesIterator() {
+ return (this.roles == null) ? null : this.roles.iterator();
+ }
+
+ public void addToRoles(TSentryRole elem) {
+ if (this.roles == null) {
+ this.roles = new HashSet<TSentryRole>();
+ }
+ this.roles.add(elem);
+ }
+
+ public Set<TSentryRole> getRoles() {
+ return this.roles;
+ }
+
+ public void setRoles(Set<TSentryRole> roles) {
+ this.roles = roles;
+ }
+
+ public void unsetRoles() {
+ this.roles = null;
+ }
+
+ /** Returns true if field roles is set (has been assigned a value) and false otherwise */
+ public boolean isSetRoles() {
+ return this.roles != null;
+ }
+
+ public void setRolesIsSet(boolean value) {
+ if (!value) {
+ this.roles = null;
+ }
+ }
+
+ public void setFieldValue(_Fields field, Object value) {
+ switch (field) {
+ case STATUS:
+ if (value == null) {
+ unsetStatus();
+ } else {
+ setStatus((org.apache.sentry.service.thrift.TSentryResponseStatus)value);
+ }
+ break;
+
+ case ROLES:
+ if (value == null) {
+ unsetRoles();
+ } else {
+ setRoles((Set<TSentryRole>)value);
+ }
+ break;
+
+ }
+ }
+
+ public Object getFieldValue(_Fields field) {
+ switch (field) {
+ case STATUS:
+ return getStatus();
+
+ case ROLES:
+ return getRoles();
+
+ }
+ throw new IllegalStateException();
+ }
+
+ /** Returns true if field corresponding to fieldID is set (has been assigned a value) and false otherwise */
+ public boolean isSet(_Fields field) {
+ if (field == null) {
+ throw new IllegalArgumentException();
+ }
+
+ switch (field) {
+ case STATUS:
+ return isSetStatus();
+ case ROLES:
+ return isSetRoles();
+ }
+ throw new IllegalStateException();
+ }
+
+ @Override
+ public boolean equals(Object that) {
+ if (that == null)
+ return false;
+ if (that instanceof TListSentryRolesResponse)
+ return this.equals((TListSentryRolesResponse)that);
+ return false;
+ }
+
+ public boolean equals(TListSentryRolesResponse that) {
+ if (that == null)
+ return false;
+
+ boolean this_present_status = true && this.isSetStatus();
+ boolean that_present_status = true && that.isSetStatus();
+ if (this_present_status || that_present_status) {
+ if (!(this_present_status && that_present_status))
+ return false;
+ if (!this.status.equals(that.status))
+ return false;
+ }
+
+ boolean this_present_roles = true && this.isSetRoles();
+ boolean that_present_roles = true && that.isSetRoles();
+ if (this_present_roles || that_present_roles) {
+ if (!(this_present_roles && that_present_roles))
+ return false;
+ if (!this.roles.equals(that.roles))
+ return false;
+ }
+
+ return true;
+ }
+
+ @Override
+ public int hashCode() {
+ HashCodeBuilder builder = new HashCodeBuilder();
+
+ boolean present_status = true && (isSetStatus());
+ builder.append(present_status);
+ if (present_status)
+ builder.append(status);
+
+ boolean present_roles = true && (isSetRoles());
+ builder.append(present_roles);
+ if (present_roles)
+ builder.append(roles);
+
+ return builder.toHashCode();
+ }
+
+ public int compareTo(TListSentryRolesResponse other) {
+ if (!getClass().equals(other.getClass())) {
+ return getClass().getName().compareTo(other.getClass().getName());
+ }
+
+ int lastComparison = 0;
+ TListSentryRolesResponse typedOther = (TListSentryRolesResponse)other;
+
+ lastComparison = Boolean.valueOf(isSetStatus()).compareTo(typedOther.isSetStatus());
+ if (lastComparison != 0) {
+ return lastComparison;
+ }
+ if (isSetStatus()) {
+ lastComparison = org.apache.thrift.TBaseHelper.compareTo(this.status, typedOther.status);
+ if (lastComparison != 0) {
+ return lastComparison;
+ }
+ }
+ lastComparison = Boolean.valueOf(isSetRoles()).compareTo(typedOther.isSetRoles());
+ if (lastComparison != 0) {
+ return lastComparison;
+ }
+ if (isSetRoles()) {
+ lastComparison = org.apache.thrift.TBaseHelper.compareTo(this.roles, typedOther.roles);
+ if (lastComparison != 0) {
+ return lastComparison;
+ }
+ }
+ return 0;
+ }
+
+ public _Fields fieldForId(int fieldId) {
+ return _Fields.findByThriftId(fieldId);
+ }
+
+ public void read(org.apache.thrift.protocol.TProtocol iprot) throws org.apache.thrift.TException {
+ schemes.get(iprot.getScheme()).getScheme().read(iprot, this);
+ }
+
+ public void write(org.apache.thrift.protocol.TProtocol oprot) throws org.apache.thrift.TException {
+ schemes.get(oprot.getScheme()).getScheme().write(oprot, this);
+ }
+
+ @Override
+ public String toString() {
+ StringBuilder sb = new StringBuilder("TListSentryRolesResponse(");
+ boolean first = true;
+
+ sb.append("status:");
+ if (this.status == null) {
+ sb.append("null");
+ } else {
+ sb.append(this.status);
+ }
+ first = false;
+ if (!first) sb.append(", ");
+ sb.append("roles:");
+ if (this.roles == null) {
+ sb.append("null");
+ } else {
+ sb.append(this.roles);
+ }
+ first = false;
+ sb.append(")");
+ return sb.toString();
+ }
+
+ public void validate() throws org.apache.thrift.TException {
+ // check for required fields
+ if (!isSetStatus()) {
+ throw new org.apache.thrift.protocol.TProtocolException("Required field 'status' is unset! Struct:" + toString());
+ }
+
+ if (!isSetRoles()) {
+ throw new org.apache.thrift.protocol.TProtocolException("Required field 'roles' is unset! Struct:" + toString());
+ }
+
+ // check for sub-struct validity
+ if (status != null) {
+ status.validate();
+ }
+ }
+
+ private void writeObject(java.io.ObjectOutputStream out) throws java.io.IOException {
+ try {
+ write(new org.apache.thrift.protocol.TCompactProtocol(new org.apache.thrift.transport.TIOStreamTransport(out)));
+ } catch (org.apache.thrift.TException te) {
+ throw new java.io.IOException(te);
+ }
+ }
+
+ private void readObject(java.io.ObjectInputStream in) throws java.io.IOException, ClassNotFoundException {
+ try {
+ read(new org.apache.thrift.protocol.TCompactProtocol(new org.apache.thrift.transport.TIOStreamTransport(in)));
+ } catch (org.apache.thrift.TException te) {
+ throw new java.io.IOException(te);
+ }
+ }
+
+ private static class TListSentryRolesResponseStandardSchemeFactory implements SchemeFactory {
+ public TListSentryRolesResponseStandardScheme getScheme() {
+ return new TListSentryRolesResponseStandardScheme();
+ }
+ }
+
+ private static class TListSentryRolesResponseStandardScheme extends StandardScheme<TListSentryRolesResponse> {
+
+ public void read(org.apache.thrift.protocol.TProtocol iprot, TListSentryRolesResponse struct) throws org.apache.thrift.TException {
+ org.apache.thrift.protocol.TField schemeField;
+ iprot.readStructBegin();
+ while (true)
+ {
+ schemeField = iprot.readFieldBegin();
+ if (schemeField.type == org.apache.thrift.protocol.TType.STOP) {
+ break;
+ }
+ switch (schemeField.id) {
+ case 1: // STATUS
+ if (schemeField.type == org.apache.thrift.protocol.TType.STRUCT) {
+ struct.status = new org.apache.sentry.service.thrift.TSentryResponseStatus();
+ struct.status.read(iprot);
+ struct.setStatusIsSet(true);
+ } else {
+ org.apache.thrift.protocol.TProtocolUtil.skip(iprot, schemeField.type);
+ }
+ break;
+ case 2: // ROLES
+ if (schemeField.type == org.apache.thrift.protocol.TType.SET) {
+ {
+ org.apache.thrift.protocol.TSet _set24 = iprot.readSetBegin();
+ struct.roles = new HashSet<TSentryRole>(2*_set24.size);
+ for (int _i25 = 0; _i25 < _set24.size; ++_i25)
+ {
+ TSentryRole _elem26; // required
+ _elem26 = new TSentryRole();
+ _elem26.read(iprot);
+ struct.roles.add(_elem26);
+ }
+ iprot.readSetEnd();
+ }
+ struct.setRolesIsSet(true);
+ } else {
+ org.apache.thrift.protocol.TProtocolUtil.skip(iprot, schemeField.type);
+ }
+ break;
+ default:
+ org.apache.thrift.protocol.TProtocolUtil.skip(iprot, schemeField.type);
+ }
+ iprot.readFieldEnd();
+ }
+ iprot.readStructEnd();
+ struct.validate();
+ }
+
+ public void write(org.apache.thrift.protocol.TProtocol oprot, TListSentryRolesResponse struct) throws org.apache.thrift.TException {
+ struct.validate();
+
+ oprot.writeStructBegin(STRUCT_DESC);
+ if (struct.status != null) {
+ oprot.writeFieldBegin(STATUS_FIELD_DESC);
+ struct.status.write(oprot);
+ oprot.writeFieldEnd();
+ }
+ if (struct.roles != null) {
+ oprot.writeFieldBegin(ROLES_FIELD_DESC);
+ {
+ oprot.writeSetBegin(new org.apache.thrift.protocol.TSet(org.apache.thrift.protocol.TType.STRUCT, struct.roles.size()));
+ for (TSentryRole _iter27 : struct.roles)
+ {
+ _iter27.write(oprot);
+ }
+ oprot.writeSetEnd();
+ }
+ oprot.writeFieldEnd();
+ }
+ oprot.writeFieldStop();
+ oprot.writeStructEnd();
+ }
+
+ }
+
+ private static class TListSentryRolesResponseTupleSchemeFactory implements SchemeFactory {
+ public TListSentryRolesResponseTupleScheme getScheme() {
+ return new TListSentryRolesResponseTupleScheme();
+ }
+ }
+
+ private static class TListSentryRolesResponseTupleScheme extends TupleScheme<TListSentryRolesResponse> {
+
+ @Override
+ public void write(org.apache.thrift.protocol.TProtocol prot, TListSentryRolesResponse struct) throws org.apache.thrift.TException {
+ TTupleProtocol oprot = (TTupleProtocol) prot;
+ struct.status.write(oprot);
+ {
+ oprot.writeI32(struct.roles.size());
+ for (TSentryRole _iter28 : struct.roles)
+ {
+ _iter28.write(oprot);
+ }
+ }
+ }
+
+ @Override
+ public void read(org.apache.thrift.protocol.TProtocol prot, TListSentryRolesResponse struct) throws org.apache.thrift.TException {
+ TTupleProtocol iprot = (TTupleProtocol) prot;
+ struct.status = new org.apache.sentry.service.thrift.TSentryResponseStatus();
+ struct.status.read(iprot);
+ struct.setStatusIsSet(true);
+ {
+ org.apache.thrift.protocol.TSet _set29 = new org.apache.thrift.protocol.TSet(org.apache.thrift.protocol.TType.STRUCT, iprot.readI32());
+ struct.roles = new HashSet<TSentryRole>(2*_set29.size);
+ for (int _i30 = 0; _i30 < _set29.size; ++_i30)
+ {
+ TSentryRole _elem31; // required
+ _elem31 = new TSentryRole();
+ _elem31.read(iprot);
+ struct.roles.add(_elem31);
+ }
+ }
+ struct.setRolesIsSet(true);
+ }
+ }
+
+}
+
http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/644e8be3/sentry-provider/sentry-provider-db/src/gen/thrift/gen-javabean/org/apache/sentry/provider/db/service/thrift/TSentryGroup.java
----------------------------------------------------------------------
diff --git a/sentry-provider/sentry-provider-db/src/gen/thrift/gen-javabean/org/apache/sentry/provider/db/service/thrift/TSentryGroup.java b/sentry-provider/sentry-provider-db/src/gen/thrift/gen-javabean/org/apache/sentry/provider/db/service/thrift/TSentryGroup.java
new file mode 100644
index 0000000..4aadd22
--- /dev/null
+++ b/sentry-provider/sentry-provider-db/src/gen/thrift/gen-javabean/org/apache/sentry/provider/db/service/thrift/TSentryGroup.java
@@ -0,0 +1,385 @@
+/**
+ * Autogenerated by Thrift Compiler (0.9.0)
+ *
+ * DO NOT EDIT UNLESS YOU ARE SURE THAT YOU KNOW WHAT YOU ARE DOING
+ * @generated
+ */
+package org.apache.sentry.provider.db.service.thrift;
+
+import org.apache.commons.lang.builder.HashCodeBuilder;
+import org.apache.thrift.scheme.IScheme;
+import org.apache.thrift.scheme.SchemeFactory;
+import org.apache.thrift.scheme.StandardScheme;
+
+import org.apache.thrift.scheme.TupleScheme;
+import org.apache.thrift.protocol.TTupleProtocol;
+import org.apache.thrift.protocol.TProtocolException;
+import org.apache.thrift.EncodingUtils;
+import org.apache.thrift.TException;
+import java.util.List;
+import java.util.ArrayList;
+import java.util.Map;
+import java.util.HashMap;
+import java.util.EnumMap;
+import java.util.Set;
+import java.util.HashSet;
+import java.util.EnumSet;
+import java.util.Collections;
+import java.util.BitSet;
+import java.nio.ByteBuffer;
+import java.util.Arrays;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+public class TSentryGroup implements org.apache.thrift.TBase<TSentryGroup, TSentryGroup._Fields>, java.io.Serializable, Cloneable {
+ private static final org.apache.thrift.protocol.TStruct STRUCT_DESC = new org.apache.thrift.protocol.TStruct("TSentryGroup");
+
+ private static final org.apache.thrift.protocol.TField GROUP_NAME_FIELD_DESC = new org.apache.thrift.protocol.TField("groupName", org.apache.thrift.protocol.TType.STRING, (short)1);
+
+ private static final Map<Class<? extends IScheme>, SchemeFactory> schemes = new HashMap<Class<? extends IScheme>, SchemeFactory>();
+ static {
+ schemes.put(StandardScheme.class, new TSentryGroupStandardSchemeFactory());
+ schemes.put(TupleScheme.class, new TSentryGroupTupleSchemeFactory());
+ }
+
+ private String groupName; // required
+
+ /** The set of fields this struct contains, along with convenience methods for finding and manipulating them. */
+ public enum _Fields implements org.apache.thrift.TFieldIdEnum {
+ GROUP_NAME((short)1, "groupName");
+
+ private static final Map<String, _Fields> byName = new HashMap<String, _Fields>();
+
+ static {
+ for (_Fields field : EnumSet.allOf(_Fields.class)) {
+ byName.put(field.getFieldName(), field);
+ }
+ }
+
+ /**
+ * Find the _Fields constant that matches fieldId, or null if its not found.
+ */
+ public static _Fields findByThriftId(int fieldId) {
+ switch(fieldId) {
+ case 1: // GROUP_NAME
+ return GROUP_NAME;
+ default:
+ return null;
+ }
+ }
+
+ /**
+ * Find the _Fields constant that matches fieldId, throwing an exception
+ * if it is not found.
+ */
+ public static _Fields findByThriftIdOrThrow(int fieldId) {
+ _Fields fields = findByThriftId(fieldId);
+ if (fields == null) throw new IllegalArgumentException("Field " + fieldId + " doesn't exist!");
+ return fields;
+ }
+
+ /**
+ * Find the _Fields constant that matches name, or null if its not found.
+ */
+ public static _Fields findByName(String name) {
+ return byName.get(name);
+ }
+
+ private final short _thriftId;
+ private final String _fieldName;
+
+ _Fields(short thriftId, String fieldName) {
+ _thriftId = thriftId;
+ _fieldName = fieldName;
+ }
+
+ public short getThriftFieldId() {
+ return _thriftId;
+ }
+
+ public String getFieldName() {
+ return _fieldName;
+ }
+ }
+
+ // isset id assignments
+ public static final Map<_Fields, org.apache.thrift.meta_data.FieldMetaData> metaDataMap;
+ static {
+ Map<_Fields, org.apache.thrift.meta_data.FieldMetaData> tmpMap = new EnumMap<_Fields, org.apache.thrift.meta_data.FieldMetaData>(_Fields.class);
+ tmpMap.put(_Fields.GROUP_NAME, new org.apache.thrift.meta_data.FieldMetaData("groupName", org.apache.thrift.TFieldRequirementType.REQUIRED,
+ new org.apache.thrift.meta_data.FieldValueMetaData(org.apache.thrift.protocol.TType.STRING)));
+ metaDataMap = Collections.unmodifiableMap(tmpMap);
+ org.apache.thrift.meta_data.FieldMetaData.addStructMetaDataMap(TSentryGroup.class, metaDataMap);
+ }
+
+ public TSentryGroup() {
+ }
+
+ public TSentryGroup(
+ String groupName)
+ {
+ this();
+ this.groupName = groupName;
+ }
+
+ /**
+ * Performs a deep copy on <i>other</i>.
+ */
+ public TSentryGroup(TSentryGroup other) {
+ if (other.isSetGroupName()) {
+ this.groupName = other.groupName;
+ }
+ }
+
+ public TSentryGroup deepCopy() {
+ return new TSentryGroup(this);
+ }
+
+ @Override
+ public void clear() {
+ this.groupName = null;
+ }
+
+ public String getGroupName() {
+ return this.groupName;
+ }
+
+ public void setGroupName(String groupName) {
+ this.groupName = groupName;
+ }
+
+ public void unsetGroupName() {
+ this.groupName = null;
+ }
+
+ /** Returns true if field groupName is set (has been assigned a value) and false otherwise */
+ public boolean isSetGroupName() {
+ return this.groupName != null;
+ }
+
+ public void setGroupNameIsSet(boolean value) {
+ if (!value) {
+ this.groupName = null;
+ }
+ }
+
+ public void setFieldValue(_Fields field, Object value) {
+ switch (field) {
+ case GROUP_NAME:
+ if (value == null) {
+ unsetGroupName();
+ } else {
+ setGroupName((String)value);
+ }
+ break;
+
+ }
+ }
+
+ public Object getFieldValue(_Fields field) {
+ switch (field) {
+ case GROUP_NAME:
+ return getGroupName();
+
+ }
+ throw new IllegalStateException();
+ }
+
+ /** Returns true if field corresponding to fieldID is set (has been assigned a value) and false otherwise */
+ public boolean isSet(_Fields field) {
+ if (field == null) {
+ throw new IllegalArgumentException();
+ }
+
+ switch (field) {
+ case GROUP_NAME:
+ return isSetGroupName();
+ }
+ throw new IllegalStateException();
+ }
+
+ @Override
+ public boolean equals(Object that) {
+ if (that == null)
+ return false;
+ if (that instanceof TSentryGroup)
+ return this.equals((TSentryGroup)that);
+ return false;
+ }
+
+ public boolean equals(TSentryGroup that) {
+ if (that == null)
+ return false;
+
+ boolean this_present_groupName = true && this.isSetGroupName();
+ boolean that_present_groupName = true && that.isSetGroupName();
+ if (this_present_groupName || that_present_groupName) {
+ if (!(this_present_groupName && that_present_groupName))
+ return false;
+ if (!this.groupName.equals(that.groupName))
+ return false;
+ }
+
+ return true;
+ }
+
+ @Override
+ public int hashCode() {
+ HashCodeBuilder builder = new HashCodeBuilder();
+
+ boolean present_groupName = true && (isSetGroupName());
+ builder.append(present_groupName);
+ if (present_groupName)
+ builder.append(groupName);
+
+ return builder.toHashCode();
+ }
+
+ public int compareTo(TSentryGroup other) {
+ if (!getClass().equals(other.getClass())) {
+ return getClass().getName().compareTo(other.getClass().getName());
+ }
+
+ int lastComparison = 0;
+ TSentryGroup typedOther = (TSentryGroup)other;
+
+ lastComparison = Boolean.valueOf(isSetGroupName()).compareTo(typedOther.isSetGroupName());
+ if (lastComparison != 0) {
+ return lastComparison;
+ }
+ if (isSetGroupName()) {
+ lastComparison = org.apache.thrift.TBaseHelper.compareTo(this.groupName, typedOther.groupName);
+ if (lastComparison != 0) {
+ return lastComparison;
+ }
+ }
+ return 0;
+ }
+
+ public _Fields fieldForId(int fieldId) {
+ return _Fields.findByThriftId(fieldId);
+ }
+
+ public void read(org.apache.thrift.protocol.TProtocol iprot) throws org.apache.thrift.TException {
+ schemes.get(iprot.getScheme()).getScheme().read(iprot, this);
+ }
+
+ public void write(org.apache.thrift.protocol.TProtocol oprot) throws org.apache.thrift.TException {
+ schemes.get(oprot.getScheme()).getScheme().write(oprot, this);
+ }
+
+ @Override
+ public String toString() {
+ StringBuilder sb = new StringBuilder("TSentryGroup(");
+ boolean first = true;
+
+ sb.append("groupName:");
+ if (this.groupName == null) {
+ sb.append("null");
+ } else {
+ sb.append(this.groupName);
+ }
+ first = false;
+ sb.append(")");
+ return sb.toString();
+ }
+
+ public void validate() throws org.apache.thrift.TException {
+ // check for required fields
+ if (!isSetGroupName()) {
+ throw new org.apache.thrift.protocol.TProtocolException("Required field 'groupName' is unset! Struct:" + toString());
+ }
+
+ // check for sub-struct validity
+ }
+
+ private void writeObject(java.io.ObjectOutputStream out) throws java.io.IOException {
+ try {
+ write(new org.apache.thrift.protocol.TCompactProtocol(new org.apache.thrift.transport.TIOStreamTransport(out)));
+ } catch (org.apache.thrift.TException te) {
+ throw new java.io.IOException(te);
+ }
+ }
+
+ private void readObject(java.io.ObjectInputStream in) throws java.io.IOException, ClassNotFoundException {
+ try {
+ read(new org.apache.thrift.protocol.TCompactProtocol(new org.apache.thrift.transport.TIOStreamTransport(in)));
+ } catch (org.apache.thrift.TException te) {
+ throw new java.io.IOException(te);
+ }
+ }
+
+ private static class TSentryGroupStandardSchemeFactory implements SchemeFactory {
+ public TSentryGroupStandardScheme getScheme() {
+ return new TSentryGroupStandardScheme();
+ }
+ }
+
+ private static class TSentryGroupStandardScheme extends StandardScheme<TSentryGroup> {
+
+ public void read(org.apache.thrift.protocol.TProtocol iprot, TSentryGroup struct) throws org.apache.thrift.TException {
+ org.apache.thrift.protocol.TField schemeField;
+ iprot.readStructBegin();
+ while (true)
+ {
+ schemeField = iprot.readFieldBegin();
+ if (schemeField.type == org.apache.thrift.protocol.TType.STOP) {
+ break;
+ }
+ switch (schemeField.id) {
+ case 1: // GROUP_NAME
+ if (schemeField.type == org.apache.thrift.protocol.TType.STRING) {
+ struct.groupName = iprot.readString();
+ struct.setGroupNameIsSet(true);
+ } else {
+ org.apache.thrift.protocol.TProtocolUtil.skip(iprot, schemeField.type);
+ }
+ break;
+ default:
+ org.apache.thrift.protocol.TProtocolUtil.skip(iprot, schemeField.type);
+ }
+ iprot.readFieldEnd();
+ }
+ iprot.readStructEnd();
+ struct.validate();
+ }
+
+ public void write(org.apache.thrift.protocol.TProtocol oprot, TSentryGroup struct) throws org.apache.thrift.TException {
+ struct.validate();
+
+ oprot.writeStructBegin(STRUCT_DESC);
+ if (struct.groupName != null) {
+ oprot.writeFieldBegin(GROUP_NAME_FIELD_DESC);
+ oprot.writeString(struct.groupName);
+ oprot.writeFieldEnd();
+ }
+ oprot.writeFieldStop();
+ oprot.writeStructEnd();
+ }
+
+ }
+
+ private static class TSentryGroupTupleSchemeFactory implements SchemeFactory {
+ public TSentryGroupTupleScheme getScheme() {
+ return new TSentryGroupTupleScheme();
+ }
+ }
+
+ private static class TSentryGroupTupleScheme extends TupleScheme<TSentryGroup> {
+
+ @Override
+ public void write(org.apache.thrift.protocol.TProtocol prot, TSentryGroup struct) throws org.apache.thrift.TException {
+ TTupleProtocol oprot = (TTupleProtocol) prot;
+ oprot.writeString(struct.groupName);
+ }
+
+ @Override
+ public void read(org.apache.thrift.protocol.TProtocol prot, TSentryGroup struct) throws org.apache.thrift.TException {
+ TTupleProtocol iprot = (TTupleProtocol) prot;
+ struct.groupName = iprot.readString();
+ struct.setGroupNameIsSet(true);
+ }
+ }
+
+}
+
[10/13] SENTRY-143: Merge db_policy_store branch into master (Brock
Noland via Shreepadma Venugopalan)
Posted by sh...@apache.org.
http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/644e8be3/sentry-provider/sentry-provider-common/src/main/java/org/apache/sentry/provider/common/AuthorizationProvider.java
----------------------------------------------------------------------
diff --git a/sentry-provider/sentry-provider-common/src/main/java/org/apache/sentry/provider/common/AuthorizationProvider.java b/sentry-provider/sentry-provider-common/src/main/java/org/apache/sentry/provider/common/AuthorizationProvider.java
index 4887678..cd6f8a1 100644
--- a/sentry-provider/sentry-provider-common/src/main/java/org/apache/sentry/provider/common/AuthorizationProvider.java
+++ b/sentry-provider/sentry-provider-common/src/main/java/org/apache/sentry/provider/common/AuthorizationProvider.java
@@ -19,25 +19,34 @@ package org.apache.sentry.provider.common;
import java.util.List;
import java.util.Set;
+import javax.annotation.concurrent.ThreadSafe;
+
import org.apache.sentry.core.common.Action;
+import org.apache.sentry.core.common.ActiveRoleSet;
import org.apache.sentry.core.common.Authorizable;
import org.apache.sentry.core.common.SentryConfigurationException;
import org.apache.sentry.core.common.Subject;
+/**
+ * Implementations of AuthorizationProvider must be threadsafe.
+ */
+@ThreadSafe
public interface AuthorizationProvider {
/***
* Returns validate subject privileges on given Authorizable object
*
* @param subject: UserID to validate privileges
- * @param authorizableHierarchy : List of object accroding to namespace hierarchy.
+ * @param authorizableHierarchy : List of object according to namespace hierarchy.
* eg. Server->Db->Table or Server->Function
* The privileges will be validated from the higher to lower scope
* @param actions : Privileges to validate
+ * @param roleSet : Roles which should be used when obtaining privileges
* @return
* True if the subject is authorized to perform requested action on the given object
*/
- public boolean hasAccess(Subject subject, List<? extends Authorizable> authorizableHierarchy, Set<? extends Action> actions);
+ public boolean hasAccess(Subject subject, List<? extends Authorizable> authorizableHierarchy,
+ Set<? extends Action> actions, ActiveRoleSet roleSet);
/***
* Get the GroupMappingService used by the AuthorizationProvider
@@ -59,7 +68,7 @@ public interface AuthorizationProvider {
* @return
* @throws SentryConfigurationException
*/
- public Set<String> listPermissionsForSubject(Subject subject) throws SentryConfigurationException;
+ public Set<String> listPrivilegesForSubject(Subject subject) throws SentryConfigurationException;
/**
* Returns the list privileges for the given group
@@ -67,11 +76,11 @@ public interface AuthorizationProvider {
* @return
* @throws SentryConfigurationException
*/
- public Set<String> listPermissionsForGroup(String groupName) throws SentryConfigurationException;
+ public Set<String> listPrivilegesForGroup(String groupName) throws SentryConfigurationException;
/***
* Returns the list of missing privileges of the last access request
* @return
*/
- public List<String> getLastFailedPermissions();
+ public List<String> getLastFailedPrivileges();
}
http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/644e8be3/sentry-provider/sentry-provider-common/src/main/java/org/apache/sentry/provider/common/GroupMappingService.java
----------------------------------------------------------------------
diff --git a/sentry-provider/sentry-provider-common/src/main/java/org/apache/sentry/provider/common/GroupMappingService.java b/sentry-provider/sentry-provider-common/src/main/java/org/apache/sentry/provider/common/GroupMappingService.java
index 226cc88..22371d1 100644
--- a/sentry-provider/sentry-provider-common/src/main/java/org/apache/sentry/provider/common/GroupMappingService.java
+++ b/sentry-provider/sentry-provider-common/src/main/java/org/apache/sentry/provider/common/GroupMappingService.java
@@ -16,15 +16,20 @@
*/
package org.apache.sentry.provider.common;
-import java.util.List;
+import java.util.Set;
+
+import javax.annotation.concurrent.ThreadSafe;
/**
* Interface so the Groups class is easier to unit test with.
+ * Implementations of this class are expected to be thread safe
+ * after construction.
*/
+@ThreadSafe
public interface GroupMappingService {
/**
* @return non-null list of groups for user
*/
- public List<String> getGroups(String user);
+ public Set<String> getGroups(String user);
}
http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/644e8be3/sentry-provider/sentry-provider-common/src/main/java/org/apache/sentry/provider/common/NoAuthorizationProvider.java
----------------------------------------------------------------------
diff --git a/sentry-provider/sentry-provider-common/src/main/java/org/apache/sentry/provider/common/NoAuthorizationProvider.java b/sentry-provider/sentry-provider-common/src/main/java/org/apache/sentry/provider/common/NoAuthorizationProvider.java
index 8f18926..ed32224 100644
--- a/sentry-provider/sentry-provider-common/src/main/java/org/apache/sentry/provider/common/NoAuthorizationProvider.java
+++ b/sentry-provider/sentry-provider-common/src/main/java/org/apache/sentry/provider/common/NoAuthorizationProvider.java
@@ -22,6 +22,7 @@ import java.util.List;
import java.util.Set;
import org.apache.sentry.core.common.Action;
+import org.apache.sentry.core.common.ActiveRoleSet;
import org.apache.sentry.core.common.Authorizable;
import org.apache.sentry.core.common.SentryConfigurationException;
import org.apache.sentry.core.common.Subject;
@@ -31,7 +32,7 @@ public class NoAuthorizationProvider implements AuthorizationProvider {
@Override
public boolean hasAccess(Subject subject, List<? extends Authorizable> authorizableHierarchy,
- Set<? extends Action> actions) {
+ Set<? extends Action> actions, ActiveRoleSet roleSet) {
return false;
}
@@ -46,19 +47,19 @@ public class NoAuthorizationProvider implements AuthorizationProvider {
}
@Override
- public Set<String> listPermissionsForSubject(Subject subject)
+ public Set<String> listPrivilegesForSubject(Subject subject)
throws SentryConfigurationException {
return new HashSet<String>();
}
@Override
- public Set<String> listPermissionsForGroup(String groupName)
+ public Set<String> listPrivilegesForGroup(String groupName)
throws SentryConfigurationException {
return new HashSet<String>();
}
@Override
- public List<String> getLastFailedPermissions() {
+ public List<String> getLastFailedPrivileges() {
return new ArrayList<String>();
}
http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/644e8be3/sentry-provider/sentry-provider-common/src/main/java/org/apache/sentry/provider/common/NoGroupMappingService.java
----------------------------------------------------------------------
diff --git a/sentry-provider/sentry-provider-common/src/main/java/org/apache/sentry/provider/common/NoGroupMappingService.java b/sentry-provider/sentry-provider-common/src/main/java/org/apache/sentry/provider/common/NoGroupMappingService.java
index e1bc6d2..e44cbc4 100644
--- a/sentry-provider/sentry-provider-common/src/main/java/org/apache/sentry/provider/common/NoGroupMappingService.java
+++ b/sentry-provider/sentry-provider-common/src/main/java/org/apache/sentry/provider/common/NoGroupMappingService.java
@@ -16,8 +16,8 @@
*/
package org.apache.sentry.provider.common;
-import java.util.LinkedList;
-import java.util.List;
+import java.util.HashSet;
+import java.util.Set;
/**
* GroupMappingService that always returns an empty list of groups
@@ -27,7 +27,7 @@ public class NoGroupMappingService implements GroupMappingService {
/**
* @return empty list of groups for every user
*/
- public List<String> getGroups(String user) {
- return new LinkedList<String>();
+ public Set<String> getGroups(String user) {
+ return new HashSet<String>();
}
}
http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/644e8be3/sentry-provider/sentry-provider-common/src/main/java/org/apache/sentry/provider/common/ProviderBackend.java
----------------------------------------------------------------------
diff --git a/sentry-provider/sentry-provider-common/src/main/java/org/apache/sentry/provider/common/ProviderBackend.java b/sentry-provider/sentry-provider-common/src/main/java/org/apache/sentry/provider/common/ProviderBackend.java
index 327a3a5..6d6da25 100644
--- a/sentry-provider/sentry-provider-common/src/main/java/org/apache/sentry/provider/common/ProviderBackend.java
+++ b/sentry-provider/sentry-provider-common/src/main/java/org/apache/sentry/provider/common/ProviderBackend.java
@@ -16,31 +16,44 @@
*/
package org.apache.sentry.provider.common;
-import javax.annotation.Nullable;
+import java.util.Set;
-import java.util.List;
+import javax.annotation.concurrent.ThreadSafe;
+import org.apache.sentry.core.common.ActiveRoleSet;
import org.apache.sentry.core.common.SentryConfigurationException;
-import org.apache.sentry.policy.common.RoleValidator;
import com.google.common.collect.ImmutableSet;
/**
- * Interface for getting roles from a specific provider backend.
+ * Interface for getting roles from a specific provider backend. Implementations
+ * are expected to be thread safe after initialize() has
+ * been called.
*/
+@ThreadSafe
public interface ProviderBackend {
+
/**
- * Process roles from the backend. Checks the validity of each role
- * by running it through each validator passed via validators.
+ * Set the privilege validators to be used on the backend. This is required
+ * because the Backend must be created before the policy engine and only the
+ * policy engine knows the validators. Ideally we could change but since
+ * both the policy engine and backend are exposed via configuration properties
+ * that would be backwards incompatible.
+ * @param validators
*/
- public void process(List<? extends RoleValidator> validators);
+ public void initialize(ProviderBackendContext context);
/**
- * Get the roles from the backend. Requires that process(...) is invoked at
- * least once prior.
+ * Get the privileges from the backend.
*/
- public Roles getRoles();
+ public ImmutableSet<String> getPrivileges(Set<String> groups, ActiveRoleSet roleSet);
- public void validatePolicy(List<? extends RoleValidator> validators, boolean strictValidation)
- throws SentryConfigurationException;
+ /**
+ * If strictValidation is true then an error is thrown for warnings
+ * as well as errors.
+ *
+ * @param strictValidation
+ * @throws SentryConfigurationException
+ */
+ public void validatePolicy(boolean strictValidation) throws SentryConfigurationException;
}
http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/644e8be3/sentry-provider/sentry-provider-common/src/main/java/org/apache/sentry/provider/common/ProviderBackendContext.java
----------------------------------------------------------------------
diff --git a/sentry-provider/sentry-provider-common/src/main/java/org/apache/sentry/provider/common/ProviderBackendContext.java b/sentry-provider/sentry-provider-common/src/main/java/org/apache/sentry/provider/common/ProviderBackendContext.java
new file mode 100644
index 0000000..f45d23d
--- /dev/null
+++ b/sentry-provider/sentry-provider-common/src/main/java/org/apache/sentry/provider/common/ProviderBackendContext.java
@@ -0,0 +1,50 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.sentry.provider.common;
+
+import org.apache.sentry.policy.common.PrivilegeValidator;
+
+import com.google.common.collect.ImmutableList;
+
+public class ProviderBackendContext {
+
+ private boolean allowPerDatabase;
+ private ImmutableList<PrivilegeValidator> validators;
+
+ public ProviderBackendContext() {
+ validators = ImmutableList.of();
+ }
+
+ public boolean isAllowPerDatabase() {
+ return allowPerDatabase;
+ }
+
+ public void setAllowPerDatabase(boolean allowPerDatabase) {
+ this.allowPerDatabase = allowPerDatabase;
+ }
+
+ public ImmutableList<PrivilegeValidator> getValidators() {
+ return validators;
+ }
+
+ public void setValidators(ImmutableList<PrivilegeValidator> validators) {
+ if (validators == null) {
+ validators = ImmutableList.of();
+ }
+ this.validators = validators;
+ }
+}
http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/644e8be3/sentry-provider/sentry-provider-common/src/main/java/org/apache/sentry/provider/common/Roles.java
----------------------------------------------------------------------
diff --git a/sentry-provider/sentry-provider-common/src/main/java/org/apache/sentry/provider/common/Roles.java b/sentry-provider/sentry-provider-common/src/main/java/org/apache/sentry/provider/common/Roles.java
deleted file mode 100644
index a8f36a3..0000000
--- a/sentry-provider/sentry-provider-common/src/main/java/org/apache/sentry/provider/common/Roles.java
+++ /dev/null
@@ -1,50 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one or more
- * contributor license agreements. See the NOTICE file distributed with
- * this work for additional information regarding copyright ownership.
- * The ASF licenses this file to You under the Apache License, Version 2.0
- * (the "License"); you may not use this file except in compliance with
- * the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package org.apache.sentry.provider.common;
-
-import javax.annotation.Nullable;
-
-import com.google.common.collect.ImmutableMap;
-import com.google.common.collect.ImmutableSet;
-import com.google.common.collect.ImmutableSetMultimap;
-
-/**
- * Class providing storage of roles
- */
-public class Roles {
- private final ImmutableSetMultimap<String, String> globalRoles;
- private final ImmutableMap<String, ImmutableSetMultimap<String, String>> perDatabaseRoles;
-
- public Roles() {
- this(ImmutableSetMultimap.<String, String>of(),
- ImmutableMap.<String, ImmutableSetMultimap<String, String>>of());
- }
-
- public Roles(ImmutableSetMultimap<String, String> globalRoles,
- ImmutableMap<String, ImmutableSetMultimap<String, String>> perDatabaseRoles) {
- this.globalRoles = globalRoles;
- this.perDatabaseRoles = perDatabaseRoles;
- }
-
- public ImmutableSetMultimap<String, String> getGlobalRoles() {
- return globalRoles;
- }
-
- public ImmutableMap<String, ImmutableSetMultimap<String, String>> getPerDatabaseRoles() {
- return perDatabaseRoles;
- }
-}
http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/644e8be3/sentry-provider/sentry-provider-common/src/test/java/org/apache/sentry/provider/common/MockGroupMappingServiceProvider.java
----------------------------------------------------------------------
diff --git a/sentry-provider/sentry-provider-common/src/test/java/org/apache/sentry/provider/common/MockGroupMappingServiceProvider.java b/sentry-provider/sentry-provider-common/src/test/java/org/apache/sentry/provider/common/MockGroupMappingServiceProvider.java
index 806b42e..1e885f4 100644
--- a/sentry-provider/sentry-provider-common/src/test/java/org/apache/sentry/provider/common/MockGroupMappingServiceProvider.java
+++ b/sentry-provider/sentry-provider-common/src/test/java/org/apache/sentry/provider/common/MockGroupMappingServiceProvider.java
@@ -17,14 +17,13 @@
package org.apache.sentry.provider.common;
import java.util.Collection;
-import java.util.List;
+import java.util.Set;
-import org.apache.sentry.provider.common.GroupMappingService;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
-import com.google.common.collect.Lists;
import com.google.common.collect.Multimap;
+import com.google.common.collect.Sets;
public class MockGroupMappingServiceProvider implements GroupMappingService {
private static final Logger LOGGER = LoggerFactory
@@ -36,10 +35,10 @@ public class MockGroupMappingServiceProvider implements GroupMappingService {
}
@Override
- public List<String> getGroups(String user) {
+ public Set<String> getGroups(String user) {
Collection<String> groups = userToGroupMap.get(user);
LOGGER.info("Mapping " + user + " to " + groups);
- return Lists.newArrayList(groups);
+ return Sets.newHashSet(groups);
}
}
http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/644e8be3/sentry-provider/sentry-provider-common/src/test/java/org/apache/sentry/provider/common/TestNoAuthorizationProvider.java
----------------------------------------------------------------------
diff --git a/sentry-provider/sentry-provider-common/src/test/java/org/apache/sentry/provider/common/TestNoAuthorizationProvider.java b/sentry-provider/sentry-provider-common/src/test/java/org/apache/sentry/provider/common/TestNoAuthorizationProvider.java
index 3f48f49..fe01b06 100644
--- a/sentry-provider/sentry-provider-common/src/test/java/org/apache/sentry/provider/common/TestNoAuthorizationProvider.java
+++ b/sentry-provider/sentry-provider-common/src/test/java/org/apache/sentry/provider/common/TestNoAuthorizationProvider.java
@@ -16,11 +16,11 @@
*/
package org.apache.sentry.provider.common;
-import org.junit.Test;
-
import static org.junit.Assert.assertEquals;
import static org.junit.Assert.assertFalse;
+import org.junit.Test;
+
/**
* Tests around the NoAuthorizationProvider
*/
@@ -29,7 +29,7 @@ public class TestNoAuthorizationProvider {
@Test
public void testNoAuthorizationProvider() {
NoAuthorizationProvider nap = new NoAuthorizationProvider();
- assertFalse(nap.hasAccess(null, null, null));
+ assertFalse(nap.hasAccess(null, null, null, null));
GroupMappingService gms = nap.getGroupMapping();
assertEquals(gms.getGroups(null).size(), 0);
http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/644e8be3/sentry-provider/sentry-provider-db/.gitignore
----------------------------------------------------------------------
diff --git a/sentry-provider/sentry-provider-db/.gitignore b/sentry-provider/sentry-provider-db/.gitignore
new file mode 100644
index 0000000..55b8677
--- /dev/null
+++ b/sentry-provider/sentry-provider-db/.gitignore
@@ -0,0 +1 @@
+sentry_policy_db
http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/644e8be3/sentry-provider/sentry-provider-db/pom.xml
----------------------------------------------------------------------
diff --git a/sentry-provider/sentry-provider-db/pom.xml b/sentry-provider/sentry-provider-db/pom.xml
new file mode 100644
index 0000000..aa511c8
--- /dev/null
+++ b/sentry-provider/sentry-provider-db/pom.xml
@@ -0,0 +1,243 @@
+<?xml version="1.0"?>
+<!--
+Licensed to the Apache Software Foundation (ASF) under one or more
+contributor license agreements. See the NOTICE file distributed with
+this work for additional information regarding copyright ownership.
+The ASF licenses this file to You under the Apache License, Version 2.0
+(the "License"); you may not use this file except in compliance with
+the License. You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+-->
+<project xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd" xmlns="http://maven.apache.org/POM/4.0.0"
+ xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
+ <modelVersion>4.0.0</modelVersion>
+ <parent>
+ <groupId>org.apache.sentry</groupId>
+ <artifactId>sentry-provider</artifactId>
+ <version>1.3.0-incubating-SNAPSHOT</version>
+ </parent>
+
+ <artifactId>sentry-provider-db</artifactId>
+ <name>Sentry Provider DB</name>
+
+ <dependencies>
+ <dependency>
+ <groupId>commons-cli</groupId>
+ <artifactId>commons-cli</artifactId>
+ </dependency>
+ <dependency>
+ <groupId>org.apache.hadoop</groupId>
+ <artifactId>hadoop-common</artifactId>
+ </dependency>
+ <dependency>
+ <groupId>junit</groupId>
+ <artifactId>junit</artifactId>
+ <scope>test</scope>
+ </dependency>
+ <dependency>
+ <groupId>org.apache.derby</groupId>
+ <artifactId>derby</artifactId>
+ </dependency>
+ <dependency>
+ <groupId>log4j</groupId>
+ <artifactId>log4j</artifactId>
+ </dependency>
+ <dependency>
+ <groupId>org.apache.shiro</groupId>
+ <artifactId>shiro-core</artifactId>
+ </dependency>
+ <dependency>
+ <groupId>com.google.guava</groupId>
+ <artifactId>guava</artifactId>
+ </dependency>
+ <dependency>
+ <groupId>org.slf4j</groupId>
+ <artifactId>slf4j-api</artifactId>
+ </dependency>
+ <dependency>
+ <groupId>org.slf4j</groupId>
+ <artifactId>slf4j-log4j12</artifactId>
+ </dependency>
+ <dependency>
+ <groupId>org.apache.sentry</groupId>
+ <artifactId>sentry-core-common</artifactId>
+ </dependency>
+ <dependency>
+ <groupId>org.apache.sentry</groupId>
+ <artifactId>sentry-provider-common</artifactId>
+ </dependency>
+ <dependency>
+ <groupId>org.apache.hive</groupId>
+ <artifactId>hive-metastore</artifactId>
+ <scope>provided</scope>
+ </dependency>
+ <dependency>
+ <groupId>org.apache.hive</groupId>
+ <artifactId>hive-shims</artifactId>
+ <scope>provided</scope>
+ </dependency>
+ <dependency>
+ <groupId>org.apache.thrift</groupId>
+ <artifactId>libfb303</artifactId>
+ </dependency>
+ <dependency>
+ <groupId>org.apache.thrift</groupId>
+ <artifactId>libthrift</artifactId>
+ </dependency>
+ <dependency>
+ <groupId>ant-contrib</groupId>
+ <artifactId>ant-contrib</artifactId>
+ </dependency>
+ <dependency>
+ <groupId>org.apache.hadoop</groupId>
+ <artifactId>hadoop-minikdc</artifactId>
+ <scope>test</scope>
+ </dependency>
+ <dependency>
+ <groupId>com.google.guava</groupId>
+ <artifactId>guava</artifactId>
+ </dependency>
+ <dependency>
+ <groupId>javax.jdo</groupId>
+ <artifactId>jdo-api</artifactId>
+ </dependency>
+ <dependency>
+ <groupId>org.datanucleus</groupId>
+ <artifactId>datanucleus-core</artifactId>
+ </dependency>
+ <dependency>
+ <groupId>org.datanucleus</groupId>
+ <artifactId>datanucleus-api-jdo</artifactId>
+ </dependency>
+ <dependency>
+ <groupId>org.datanucleus</groupId>
+ <artifactId>datanucleus-rdbms</artifactId>
+ </dependency>
+ <dependency>
+ <groupId>org.mockito</groupId>
+ <artifactId>mockito-all</artifactId>
+ <scope>test</scope>
+ </dependency>
+ </dependencies>
+
+ <build>
+ <sourceDirectory>${basedir}/src/main/java</sourceDirectory>
+ <testSourceDirectory>${basedir}/src/test/java</testSourceDirectory>
+ <resources>
+ <resource>
+ <directory>${basedir}/src/main/java/org/apache/sentry/provider/db/service/model</directory>
+ <includes>
+ <include>package.jdo</include>
+ </includes>
+ </resource>
+ </resources>
+ <plugins>
+ <plugin>
+ <groupId>org.codehaus.mojo</groupId>
+ <artifactId>build-helper-maven-plugin</artifactId>
+ <executions>
+ <execution>
+ <id>add-source</id>
+ <phase>generate-sources</phase>
+ <goals>
+ <goal>add-source</goal>
+ </goals>
+ <configuration>
+ <sources>
+ <source>src/gen/thrift/gen-javabean</source>
+ </sources>
+ </configuration>
+ </execution>
+ </executions>
+ </plugin>
+ <plugin>
+ <groupId>org.datanucleus</groupId>
+ <artifactId>datanucleus-maven-plugin</artifactId>
+ <configuration>
+ <api>JDO</api>
+ <metadataIncludes>**/*.jdo</metadataIncludes>
+ <verbose>true</verbose>
+ </configuration>
+ <executions>
+ <execution>
+ <phase>process-classes</phase>
+ <goals>
+ <goal>enhance</goal>
+ </goals>
+ </execution>
+ </executions>
+ </plugin>
+ </plugins>
+ </build>
+ <profiles>
+ <profile>
+ <id>thriftif</id>
+ <build>
+ <plugins>
+ <plugin>
+ <groupId>org.apache.maven.plugins</groupId>
+ <artifactId>maven-antrun-plugin</artifactId>
+ <executions>
+ <execution>
+ <id>generate-thrift-sources</id>
+ <phase>generate-sources</phase>
+ <configuration>
+ <target>
+ <taskdef name="for" classname="net.sf.antcontrib.logic.ForTask"
+ classpathref="maven.plugin.classpath" />
+ <property name="thrift.args" value="-I ${thrift.home} --gen java:beans,hashcode"/>
+ <property name="thrift.gen.dir" value="${basedir}/src/gen/thrift"/>
+ <delete dir="${thrift.gen.dir}"/>
+ <mkdir dir="${thrift.gen.dir}"/>
+ <for param="thrift.file">
+ <path>
+ <fileset dir="${basedir}/src/main/resources/" includes="**/*.thrift" />
+ </path>
+ <sequential>
+ <echo message="Generating Thrift code for @{thrift.file}"/>
+ <exec executable="${thrift.home}/bin/thrift" failonerror="true" dir=".">
+ <arg line="${thrift.args} -I ${basedir}/src/main/resources/ -o ${thrift.gen.dir} @{thrift.file} " />
+ </exec>
+ </sequential>
+ </for>
+ </target>
+ </configuration>
+ <goals>
+ <goal>run</goal>
+ </goals>
+ </execution>
+ </executions>
+ </plugin>
+ <plugin>
+ <groupId>org.apache.maven.plugins</groupId>
+ <artifactId>maven-enforcer-plugin</artifactId>
+ <executions>
+ <execution>
+ <id>enforce-property</id>
+ <goals>
+ <goal>enforce</goal>
+ </goals>
+ <configuration>
+ <rules>
+ <requireProperty>
+ <property>thrift.home</property>
+ </requireProperty>
+ </rules>
+ <fail>true</fail>
+ </configuration>
+ </execution>
+ </executions>
+ </plugin>
+ </plugins>
+ </build>
+ </profile>
+ </profiles>
+
+</project>
[03/13] SENTRY-143: Merge db_policy_store branch into master (Brock
Noland via Shreepadma Venugopalan)
Posted by sh...@apache.org.
http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/644e8be3/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/model/MSentryGroup.java
----------------------------------------------------------------------
diff --git a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/model/MSentryGroup.java b/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/model/MSentryGroup.java
new file mode 100644
index 0000000..b5de36e
--- /dev/null
+++ b/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/model/MSentryGroup.java
@@ -0,0 +1,131 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.sentry.provider.db.service.model;
+
+import java.util.Set;
+
+import javax.jdo.annotations.PersistenceCapable;
+
+/**
+ * Database backed Sentry Group. Any changes to this object
+ * require re-running the maven build so DN an re-enhance.
+ */
+@PersistenceCapable
+public class MSentryGroup {
+
+ private String groupName;
+ // set of roles granted to this group
+ private Set<MSentryRole> roles;
+ private long createTime;
+ private String grantorPrincipal;
+
+ public MSentryGroup(String groupName, long createTime, String grantorPrincipal,
+ Set<MSentryRole> roles) {
+ this.setGroupName(groupName);
+ this.createTime = createTime;
+ this.grantorPrincipal = grantorPrincipal;
+ this.setRoles(roles);
+ }
+
+ public long getCreateTime() {
+ return createTime;
+ }
+
+ public void setCreateTime(long createTime) {
+ this.createTime = createTime;
+ }
+
+ public String getGrantorPrincipal() {
+ return grantorPrincipal;
+ }
+
+ public void setGrantorPrincipal(String grantorPrincipal) {
+ this.grantorPrincipal = grantorPrincipal;
+ }
+
+ public Set<MSentryRole> getRoles() {
+ return roles;
+ }
+
+ public void setRoles(Set<MSentryRole> roles) {
+ this.roles = roles;
+ }
+
+ public String getGroupName() {
+ return groupName;
+ }
+
+ public void setGroupName(String groupName) {
+ this.groupName = groupName;
+ }
+
+ public void appendRole(MSentryRole role) {
+ if (roles.add(role)) {
+ role.appendGroup(this);
+ }
+ }
+
+ public void removeRole(MSentryRole role) {
+ if (roles.remove(role)) {
+ role.removeGroup(this);
+ }
+ }
+
+ @Override
+ public String toString() {
+ return "MSentryGroup [groupName=" + groupName + ", roles=[...]"
+ + ", createTime=" + createTime + ", grantorPrincipal="
+ + grantorPrincipal + "]";
+ }
+
+ @Override
+ public int hashCode() {
+ final int prime = 31;
+ int result = 1;
+ result = prime * result + (int) (createTime ^ (createTime >>> 32));
+ result = prime * result
+ + ((grantorPrincipal == null) ? 0 : grantorPrincipal.hashCode());
+ result = prime * result + ((groupName == null) ? 0 : groupName.hashCode());
+ return result;
+ }
+
+ @Override
+ public boolean equals(Object obj) {
+ if (this == obj)
+ return true;
+ if (obj == null)
+ return false;
+ if (getClass() != obj.getClass())
+ return false;
+ MSentryGroup other = (MSentryGroup) obj;
+ if (createTime != other.createTime)
+ return false;
+ if (grantorPrincipal == null) {
+ if (other.grantorPrincipal != null)
+ return false;
+ } else if (!grantorPrincipal.equals(other.grantorPrincipal))
+ return false;
+ if (groupName == null) {
+ if (other.groupName != null)
+ return false;
+ } else if (!groupName.equals(other.groupName))
+ return false;
+ return true;
+ }
+}
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/644e8be3/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/model/MSentryPrivilege.java
----------------------------------------------------------------------
diff --git a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/model/MSentryPrivilege.java b/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/model/MSentryPrivilege.java
new file mode 100644
index 0000000..7215435
--- /dev/null
+++ b/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/model/MSentryPrivilege.java
@@ -0,0 +1,247 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.sentry.provider.db.service.model;
+
+import java.util.HashSet;
+import java.util.Iterator;
+import java.util.Set;
+
+import javax.jdo.annotations.PersistenceCapable;
+
+/**
+ * Database backed Sentry Privilege. Any changes to this object
+ * require re-running the maven build so DN an re-enhance.
+ */
+@PersistenceCapable
+public class MSentryPrivilege {
+
+ private String privilegeScope;
+ private String privilegeName;
+ private String serverName;
+ private String dbName;
+ private String tableName;
+ private String URI;
+ private String action;
+ // roles this privilege is a part of
+ private Set<MSentryRole> roles;
+ private long createTime;
+ private String grantorPrincipal;
+
+ public MSentryPrivilege() {
+ this.roles = new HashSet<MSentryRole>();
+ }
+
+ public MSentryPrivilege(String privilegeName, String privilegeScope,
+ String serverName, String dbName, String tableName, String URI,
+ String action) {
+ this.privilegeName = privilegeName;
+ this.privilegeScope = privilegeScope;
+ this.serverName = serverName;
+ this.dbName = dbName;
+ this.tableName = tableName;
+ this.URI = URI;
+ this.action = action;
+ this.roles = new HashSet<MSentryRole>();
+ }
+
+ public String getServerName() {
+ return serverName;
+ }
+
+ public void setServerName(String serverName) {
+ this.serverName = serverName;
+ }
+
+ public String getDbName() {
+ return dbName;
+ }
+
+ public void setDbName(String dbName) {
+ this.dbName = dbName;
+ }
+
+ public String getTableName() {
+ return tableName;
+ }
+
+ public void setTableName(String tableName) {
+ this.tableName = tableName;
+ }
+
+ public String getURI() {
+ return URI;
+ }
+
+ public void setURI(String uRI) {
+ URI = uRI;
+ }
+
+ public String getAction() {
+ return action;
+ }
+
+ public void setAction(String action) {
+ this.action = action;
+ }
+
+ public long getCreateTime() {
+ return createTime;
+ }
+
+ public void setCreateTime(long createTime) {
+ this.createTime = createTime;
+ }
+
+ public String getGrantorPrincipal() {
+ return grantorPrincipal;
+ }
+
+ public void setGrantorPrincipal(String grantorPrincipal) {
+ this.grantorPrincipal = grantorPrincipal;
+ }
+
+ public String getPrivilegeScope() {
+ return privilegeScope;
+ }
+
+ public void setPrivilegeScope(String privilegeScope) {
+ this.privilegeScope = privilegeScope;
+ }
+
+ public String getPrivilegeName() {
+ return privilegeName;
+ }
+
+ public void setPrivilegeName(String privilegeName) {
+ this.privilegeName = privilegeName;
+ }
+
+ public void appendRoles(Set<MSentryRole> roles) {
+ this.roles.addAll(roles);
+ }
+
+ public void appendRole(MSentryRole role) {
+ if (!roles.contains(role)) {
+ roles.add(role);
+ role.appendPrivilege(this);
+ }
+ }
+
+ public void removeRole(MSentryRole role) {
+ for (Iterator<MSentryRole> iter = roles.iterator(); iter.hasNext();) {
+ if (iter.next().getRoleName().equalsIgnoreCase(role.getRoleName())) {
+ iter.remove();
+ role.removePrivilege(this);
+ return;
+ }
+ }
+ }
+
+ public void removeRole(String roleName) {
+ for (MSentryRole role: roles) {
+ if (role.getRoleName().equalsIgnoreCase(roleName)) {
+ roles.remove(role);
+ return;
+ }
+ }
+ }
+
+ @Override
+ public String toString() {
+ return "MSentryPrivilege [privilegeScope=" + privilegeScope
+ + ", privilegeName=" + privilegeName + ", serverName=" + serverName
+ + ", dbName=" + dbName + ", tableName=" + tableName + ", URI=" + URI
+ + ", action=" + action + ", roles=[...]" + ", createTime="
+ + createTime + ", grantorPrincipal=" + grantorPrincipal + "]";
+ }
+
+ @Override
+ public int hashCode() {
+ final int prime = 31;
+ int result = 1;
+ result = prime * result + ((URI == null) ? 0 : URI.hashCode());
+ result = prime * result + ((action == null) ? 0 : action.hashCode());
+ result = prime * result + (int) (createTime ^ (createTime >>> 32));
+ result = prime * result + ((dbName == null) ? 0 : dbName.hashCode());
+ result = prime * result
+ + ((grantorPrincipal == null) ? 0 : grantorPrincipal.hashCode());
+ result = prime * result
+ + ((privilegeName == null) ? 0 : privilegeName.hashCode());
+ result = prime * result
+ + ((privilegeScope == null) ? 0 : privilegeScope.hashCode());
+ result = prime * result
+ + ((serverName == null) ? 0 : serverName.hashCode());
+ result = prime * result + ((tableName == null) ? 0 : tableName.hashCode());
+ return result;
+ }
+
+ @Override
+ public boolean equals(Object obj) {
+ if (this == obj)
+ return true;
+ if (obj == null)
+ return false;
+ if (getClass() != obj.getClass())
+ return false;
+ MSentryPrivilege other = (MSentryPrivilege) obj;
+ if (URI == null) {
+ if (other.URI != null)
+ return false;
+ } else if (!URI.equals(other.URI))
+ return false;
+ if (action == null) {
+ if (other.action != null)
+ return false;
+ } else if (!action.equals(other.action))
+ return false;
+ if (createTime != other.createTime)
+ return false;
+ if (dbName == null) {
+ if (other.dbName != null)
+ return false;
+ } else if (!dbName.equals(other.dbName))
+ return false;
+ if (grantorPrincipal == null) {
+ if (other.grantorPrincipal != null)
+ return false;
+ } else if (!grantorPrincipal.equals(other.grantorPrincipal))
+ return false;
+ if (privilegeName == null) {
+ if (other.privilegeName != null)
+ return false;
+ } else if (!privilegeName.equals(other.privilegeName))
+ return false;
+ if (privilegeScope == null) {
+ if (other.privilegeScope != null)
+ return false;
+ } else if (!privilegeScope.equals(other.privilegeScope))
+ return false;
+ if (serverName == null) {
+ if (other.serverName != null)
+ return false;
+ } else if (!serverName.equals(other.serverName))
+ return false;
+ if (tableName == null) {
+ if (other.tableName != null)
+ return false;
+ } else if (!tableName.equals(other.tableName))
+ return false;
+ return true;
+ }
+}
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/644e8be3/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/model/MSentryRole.java
----------------------------------------------------------------------
diff --git a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/model/MSentryRole.java b/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/model/MSentryRole.java
new file mode 100644
index 0000000..16be80b
--- /dev/null
+++ b/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/model/MSentryRole.java
@@ -0,0 +1,179 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.sentry.provider.db.service.model;
+
+import java.util.HashSet;
+import java.util.Iterator;
+import java.util.Set;
+
+import javax.jdo.annotations.PersistenceCapable;
+
+import org.apache.sentry.provider.db.service.persistent.SentryNoSuchObjectException;
+
+/**
+ * Database backed Sentry Role. Any changes to this object
+ * require re-running the maven build so DN an re-enhance.
+ */
+@PersistenceCapable
+public class MSentryRole {
+
+ private String roleName;
+ // set of privileges granted to this role
+ private Set<MSentryPrivilege> privileges;
+ // set of groups this role belongs to
+ private Set<MSentryGroup> groups;
+ private long createTime;
+ private String grantorPrincipal;
+
+ public MSentryRole() {
+ privileges = new HashSet<MSentryPrivilege>();
+ }
+
+ MSentryRole(String roleName, long createTime, String grantorPrincipal,
+ Set<MSentryPrivilege> privileges, Set<MSentryGroup> groups) {
+ this.roleName = roleName;
+ this.createTime = createTime;
+ this.grantorPrincipal = grantorPrincipal;
+ this.privileges = privileges;
+ this.groups = groups;
+ }
+
+ public long getCreateTime() {
+ return createTime;
+ }
+
+ public void setCreateTime(long createTime) {
+ this.createTime = createTime;
+ }
+
+ public String getGrantorPrincipal() {
+ return grantorPrincipal;
+ }
+
+ public void setGrantorPrincipal(String grantorPrincipal) {
+ this.grantorPrincipal = grantorPrincipal;
+ }
+
+ public String getRoleName() {
+ return roleName;
+ }
+
+ public void setRoleName(String roleName) {
+ this.roleName = roleName;
+ }
+
+ public void setPrivileges(Set<MSentryPrivilege> privileges) {
+ this.privileges = privileges;
+ }
+
+ public Set<MSentryPrivilege> getPrivileges() {
+ return privileges;
+ }
+
+ public void setGroups(Set<MSentryGroup> groups) {
+ this.groups = groups;
+ }
+
+ public Set<MSentryGroup> getGroups() {
+ return groups;
+ }
+
+ public void removePrivilege(MSentryPrivilege privilege) {
+ for (Iterator<MSentryPrivilege> iter = privileges.iterator(); iter.hasNext();) {
+ if (iter.next().getPrivilegeName().equalsIgnoreCase(privilege.getPrivilegeName())) {
+ iter.remove();
+ privilege.removeRole(this);
+ return;
+ }
+ }
+ }
+
+ public void appendPrivileges(Set<MSentryPrivilege> privileges) {
+ this.privileges.addAll(privileges);
+ }
+
+ public void appendPrivilege(MSentryPrivilege privilege) {
+ if (!privileges.contains(privilege)) {
+ privileges.add(privilege);
+ privilege.appendRole(this);
+ }
+ }
+
+ public void appendGroups(Set<MSentryGroup> groups) {
+ this.groups.addAll(groups);
+ }
+
+ public void appendGroup(MSentryGroup group) {
+ if (groups.add(group)) {
+ group.appendRole(this);
+ }
+ }
+
+ public void removeGroup(MSentryGroup group) {
+ if (groups.remove(group)) {
+ group.removeRole(this);
+ }
+ }
+
+ public void removePrivileges() {
+ this.privileges.clear();
+ }
+
+ @Override
+ public String toString() {
+ return "MSentryRole [roleName=" + roleName + ", privileges=[..]"
+ + ", groups=[...]" + ", createTime=" + createTime
+ + ", grantorPrincipal=" + grantorPrincipal + "]";
+ }
+
+ @Override
+ public int hashCode() {
+ final int prime = 31;
+ int result = 1;
+ result = prime * result + (int) (createTime ^ (createTime >>> 32));
+ result = prime * result
+ + ((grantorPrincipal == null) ? 0 : grantorPrincipal.hashCode());
+ result = prime * result + ((roleName == null) ? 0 : roleName.hashCode());
+ return result;
+ }
+
+ @Override
+ public boolean equals(Object obj) {
+ if (this == obj)
+ return true;
+ if (obj == null)
+ return false;
+ if (getClass() != obj.getClass())
+ return false;
+ MSentryRole other = (MSentryRole) obj;
+ if (createTime != other.createTime)
+ return false;
+ if (grantorPrincipal == null) {
+ if (other.grantorPrincipal != null)
+ return false;
+ } else if (!grantorPrincipal.equals(other.grantorPrincipal))
+ return false;
+ if (roleName == null) {
+ if (other.roleName != null)
+ return false;
+ } else if (!roleName.equals(other.roleName))
+ return false;
+ return true;
+ }
+}
http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/644e8be3/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/model/package.jdo
----------------------------------------------------------------------
diff --git a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/model/package.jdo b/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/model/package.jdo
new file mode 100644
index 0000000..03f7549
--- /dev/null
+++ b/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/model/package.jdo
@@ -0,0 +1,125 @@
+<?xml version="1.0"?>
+<!--
+ Licensed to the Apache Software Foundation (ASF) under one
+ or more contributor license agreements. See the NOTICE file
+ distributed with this work for additional information
+ regarding copyright ownership. The ASF licenses this file
+ to you under the Apache License, Version 2.0 (the
+ "License"); you may not use this file except in compliance
+ with the License. You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+-->
+<!DOCTYPE jdo PUBLIC "-//Sun Microsystems, Inc.//DTD Java Data Objects Metadata 2.0//EN"
+ "http://java.sun.com/dtd/jdo_2_0.dtd">
+<!--
+ Size Limitations:
+
+ Indexed VARCHAR: 767 bytes (MySQL running on InnoDB Engine http://bugs.mysql.com/bug.php?id=13315)
+ Non-indexed VARCHAR: 4000 bytes (max length on Oracle 9i/10g/11g)
+
+-->
+<jdo>
+ <package name="org.apache.sentry.provider.db.service.model">
+ <class name="MSentryGroup" identity-type="datastore" table="SENTRY_GROUPS" detachable="true">
+ <datastore-identity>
+ <column name="GROUP_ID"/>
+ </datastore-identity>
+ <field name="groupName">
+ <column name="GROUP_NAME" length="128" jdbc-type="VARCHAR"/>
+ <index name="SentryGroupName" unique="true"/>
+ </field>
+ <field name = "createTime">
+ <column name = "CREATE_TIME" jdbc-type="BIGINT"/>
+ </field>
+ <field name="grantorPrincipal">
+ <column name="GRANTOR_PRINCIPAL" length="4000" jdbc-type="VARCHAR"/>
+ </field>
+
+ <field name="roles" mapped-by="groups">
+ <collection element-type="org.apache.sentry.provider.db.service.model.MSentryRole"/>
+ </field>
+
+ </class>
+
+ <class name="MSentryRole" identity-type="datastore" table="SENTRY_ROLES" detachable="true">
+ <datastore-identity>
+ <column name="ROLE_ID"/>
+ </datastore-identity>
+ <field name="roleName">
+ <column name="ROLE_NAME" length="128" jdbc-type="VARCHAR"/>
+ <index name="SentryRoleNaME" unique="true"/>
+ </field>
+ <field name = "createTime">
+ <column name = "CREATE_TIME" jdbc-type="BIGINT"/>
+ </field>
+ <field name="grantorPrincipal">
+ <column name="GRANTOR_PRINCIPAL" length="4000" jdbc-type="VARCHAR"/>
+ </field>
+ <field name = "privileges" table="ROLES_PRIVILEGES" >
+ <collection element-type="org.apache.sentry.provider.db.service.model.MSentryPrivilege"/>
+ <join>
+ <column name="ROLE_ID"/>
+ </join>
+ <element>
+ <column name="PRIVILEGE_ID"/>
+ </element>
+ </field>
+
+ <field name = "groups" table="ROLES_GROUPS" >
+ <collection element-type="org.apache.sentry.provider.db.service.model.MSentryGroup"/>
+ <join>
+ <column name="ROLE_ID"/>
+ </join>
+ <element>
+ <column name="GROUP_ID"/>
+ </element>
+ </field>
+ </class>
+
+ <class name="MSentryPrivilege" identity-type="datastore" table="SENTRY_PRIVILEGES" detachable="true">
+ <datastore-identity>
+ <column name="PRIVILEGE_ID"/>
+ </datastore-identity>
+ <field name="privilegeName">
+ <column name="PRIVILEGE_NAME" length="128" jdbc-type="VARCHAR"/>
+ <index name="SentryPrivilegeName" unique="true"/>
+ </field>
+ <field name="privilegeScope">
+ <column name="PRIVILEGE_SCOPE" length="40" jdbc-type="VARCHAR"/>
+ </field>
+ <field name="serverName">
+ <column name="SERVER_NAME" length="4000" jdbc-type="VARCHAR"/>
+ </field>
+ <field name="dbName">
+ <column name="DB_NAME" length="4000" jdbc-type="VARCHAR"/>
+ </field>
+ <field name="tableName">
+ <column name="TABLE_NAME" length="4000" jdbc-type="VARCHAR"/>
+ </field>
+ <field name="URI">
+ <column name="URI" length="4000" jdbc-type="VARCHAR"/>
+ </field>
+ <field name="action">
+ <column name="ACTION" length="40" jdbc-type="VARCHAR"/>
+ </field>
+ <field name = "createTime">
+ <column name = "CREATE_TIME" jdbc-type="BIGINT"/>
+ </field>
+ <field name="grantorPrincipal">
+ <column name="GRANTOR_PRINCIPAL" length="4000" jdbc-type="VARCHAR"/>
+ </field>
+ <field name="roles" mapped-by="privileges">
+ <collection element-type="org.apache.sentry.provider.db.service.model.MSentryRole"/>
+ </field>
+ </class>
+
+ </package>
+</jdo>
+
http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/644e8be3/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/persistent/CommitContext.java
----------------------------------------------------------------------
diff --git a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/persistent/CommitContext.java b/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/persistent/CommitContext.java
new file mode 100644
index 0000000..c74dbf3
--- /dev/null
+++ b/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/persistent/CommitContext.java
@@ -0,0 +1,42 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.sentry.provider.db.service.persistent;
+
+import java.util.UUID;
+
+/**
+ * Stores the UUID associated with the server who processed
+ * a commit and a commit order sequence id.
+ */
+public class CommitContext {
+
+ private final String serverUUID;
+ private final long sequenceId;
+
+ public CommitContext(UUID serverUUID, long sequenceId) {
+ this.serverUUID = serverUUID.toString();
+ this.sequenceId = sequenceId;
+ }
+ public String getServerUUID() {
+ return serverUUID;
+ }
+ public long getSequenceId() {
+ return sequenceId;
+ }
+}
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/644e8be3/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/persistent/SentryAlreadyExistsException.java
----------------------------------------------------------------------
diff --git a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/persistent/SentryAlreadyExistsException.java b/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/persistent/SentryAlreadyExistsException.java
new file mode 100644
index 0000000..965e64c
--- /dev/null
+++ b/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/persistent/SentryAlreadyExistsException.java
@@ -0,0 +1,27 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.sentry.provider.db.service.persistent;
+
+import org.apache.sentry.SentryUserException;
+
+public class SentryAlreadyExistsException extends SentryUserException {
+ private static final long serialVersionUID = 1298632655835L;
+ public SentryAlreadyExistsException(String msg) {
+ super(msg);
+ }
+}
http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/644e8be3/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/persistent/SentryInvalidInputException.java
----------------------------------------------------------------------
diff --git a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/persistent/SentryInvalidInputException.java b/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/persistent/SentryInvalidInputException.java
new file mode 100644
index 0000000..6ac9942
--- /dev/null
+++ b/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/persistent/SentryInvalidInputException.java
@@ -0,0 +1,27 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.sentry.provider.db.service.persistent;
+
+import org.apache.sentry.SentryUserException;
+
+public class SentryInvalidInputException extends SentryUserException {
+ private static final long serialVersionUID = 2962080655835L;
+ public SentryInvalidInputException(String msg) {
+ super(msg);
+ }
+}
http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/644e8be3/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/persistent/SentryNoSuchObjectException.java
----------------------------------------------------------------------
diff --git a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/persistent/SentryNoSuchObjectException.java b/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/persistent/SentryNoSuchObjectException.java
new file mode 100644
index 0000000..a976880
--- /dev/null
+++ b/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/persistent/SentryNoSuchObjectException.java
@@ -0,0 +1,27 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.sentry.provider.db.service.persistent;
+
+import org.apache.sentry.SentryUserException;
+
+public class SentryNoSuchObjectException extends SentryUserException {
+ private static final long serialVersionUID = 2962080655835L;
+ public SentryNoSuchObjectException(String msg) {
+ super(msg);
+ }
+}
http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/644e8be3/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/persistent/SentryStore.java
----------------------------------------------------------------------
diff --git a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/persistent/SentryStore.java b/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/persistent/SentryStore.java
new file mode 100644
index 0000000..f1e502a
--- /dev/null
+++ b/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/persistent/SentryStore.java
@@ -0,0 +1,461 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.sentry.provider.db.service.persistent;
+
+import java.util.HashSet;
+import java.util.List;
+import java.util.Properties;
+import java.util.Set;
+import java.util.UUID;
+
+import javax.jdo.JDOHelper;
+import javax.jdo.PersistenceManager;
+import javax.jdo.PersistenceManagerFactory;
+import javax.jdo.Query;
+import javax.jdo.Transaction;
+
+import org.apache.sentry.provider.db.service.model.MSentryGroup;
+import org.apache.sentry.provider.db.service.model.MSentryPrivilege;
+import org.apache.sentry.provider.db.service.model.MSentryRole;
+import org.apache.sentry.provider.db.service.thrift.TSentryGroup;
+import org.apache.sentry.provider.db.service.thrift.TSentryPrivilege;
+import org.apache.sentry.provider.db.service.thrift.TSentryRole;
+
+import com.google.common.annotations.VisibleForTesting;
+import com.google.common.base.Preconditions;
+import com.google.common.collect.Lists;
+import com.google.common.collect.Sets;
+
+public class SentryStore {
+ private static final UUID SERVER_UUID = UUID.randomUUID();
+ static final String DEFAULT_DATA_DIR = "sentry_policy_db";
+ /**
+ * Commit order sequence id. This is used by notification handlers
+ * to know the order in which events where committed to the database.
+ * This instance variable is incremented in incrementGetSequenceId
+ * and read in commitUpdateTransaction. Synchronization on this
+ * is required to read commitSequenceId.
+ */
+ private long commitSequenceId;
+ private final Properties prop;
+ private final PersistenceManagerFactory pmf;
+ private final String databaseName;
+
+ public SentryStore(String dataDir) {
+ commitSequenceId = 0;
+ databaseName = (dataDir = dataDir.trim()).isEmpty() ? DEFAULT_DATA_DIR : dataDir;
+ prop = getDataSourceProperties();
+ pmf = JDOHelper.getPersistenceManagerFactory(prop);
+ }
+
+ public SentryStore() {
+ this("");
+ }
+
+ public synchronized void stop() {
+ if (pmf != null) {
+ pmf.close();
+ }
+ }
+
+ private Properties getDataSourceProperties() {
+ Properties prop = new Properties();
+ // FIXME: Read from configuration, override the default
+ //prop.setProperty("datanucleus.connectionPoolingType", "BONECP");
+ prop.setProperty("datanucleus.validateTables", "false");
+ prop.setProperty("datanucleus.validateColumns", "false");
+ prop.setProperty("datanucleus.validateConstraints", "false");
+ prop.setProperty("datanucleus.storeManagerType", "rdbms");
+ prop.setProperty("datanucleus.autoCreateSchema", "true");
+ prop.setProperty("datanucleus.fixedDatastore", "false");
+ prop.setProperty("datanucleus.autoStartMechanismMode", "checked");
+ prop.setProperty("datanucleus.transactionIsolation", "read-committed");
+ prop.setProperty("datanucleus.cache.level2", "false");
+ prop.setProperty("datanucleus.cache.level2.type", "none");
+ prop.setProperty("datanucleus.identifierFactory", "datanucleus1");
+ prop.setProperty("datanucleus.rdbms.useLegacyNativeValueStrategy", "true");
+ prop.setProperty("datanucleus.plugin.pluginRegistryBundleCheck", "LOG");
+ prop.setProperty("javax.jdo.option.ConnectionDriverName",
+ "org.apache.derby.jdbc.EmbeddedDriver");
+ prop.setProperty("javax.jdo.PersistenceManagerFactoryClass",
+ "org.datanucleus.api.jdo.JDOPersistenceManagerFactory");
+ prop.setProperty("javax.jdo.option.DetachAllOnCommit", "true");
+ prop.setProperty("javax.jdo.option.NonTransactionalRead", "false");
+ prop.setProperty("javax.jdo.option.NonTransactionalWrite", "false");
+ prop.setProperty("javax.jdo.option.ConnectionUserName", "Sentry");
+ prop.setProperty("javax.jdo.option.ConnectionPassword", "Sentry");
+ prop.setProperty("javax.jdo.option.Multithreaded", "true");
+ prop.setProperty("javax.jdo.option.ConnectionURL",
+ "jdbc:derby:;databaseName=" + databaseName + ";create=true");
+ return prop;
+ }
+
+ /**
+ * PersistenceManager object and Transaction object have a one to one
+ * correspondence. Each PersistenceManager object is associated with a
+ * transaction object and vice versa. Hence we create a persistence manager
+ * instance when we create a new transaction. We create a new transaction
+ * for every store API since we want that unit of work to behave as a
+ * transaction.
+ *
+ * Note that there's only one instance of PersistenceManagerFactory object
+ * for the service.
+ *
+ * Synchronized because we obtain persistence manager
+ */
+ private synchronized PersistenceManager openTransaction() {
+ PersistenceManager pm = pmf.getPersistenceManager();
+ Transaction currentTransaction = pm.currentTransaction();
+ currentTransaction.begin();
+ return pm;
+ }
+
+ /**
+ * Synchronized due to sequence id generation
+ */
+ private synchronized CommitContext commitUpdateTransaction(PersistenceManager pm) {
+ commitTransaction(pm);
+ return new CommitContext(SERVER_UUID, incrementGetSequenceId());
+ }
+
+ /**
+ * Increments commitSequenceId which should not be modified outside
+ * this method.
+ *
+ * @return sequence id
+ */
+ private synchronized long incrementGetSequenceId() {
+ return ++commitSequenceId;
+ }
+
+ private void commitTransaction(PersistenceManager pm) {
+ Transaction currentTransaction = pm.currentTransaction();
+ try {
+ Preconditions.checkState(currentTransaction.isActive(), "Transaction is not active");
+ currentTransaction.commit();
+ } finally {
+ pm.close();
+ }
+ }
+
+ private void rollbackTransaction(PersistenceManager pm) {
+ if (pm == null || pm.isClosed()) {
+ return;
+ }
+ Transaction currentTransaction = pm.currentTransaction();
+ if (currentTransaction.isActive()) {
+ try {
+ currentTransaction.rollback();
+ } finally {
+ pm.close();
+ }
+ }
+ }
+
+ public CommitContext createSentryRole(TSentryRole role)
+ throws SentryAlreadyExistsException {
+ boolean rollbackTransaction = true;
+ PersistenceManager pm = null;
+ try {
+ pm = openTransaction();
+ Query query = pm.newQuery(MSentryRole.class);
+ query.setFilter("this.roleName == t");
+ query.declareParameters("java.lang.String t");
+ query.setUnique(true);
+ MSentryRole sentryRole = (MSentryRole) query.execute(role.getRoleName());
+ if (sentryRole == null) {
+ MSentryRole mRole = convertToMSentryRole(role);
+ pm.makePersistent(mRole);
+ CommitContext commit = commitUpdateTransaction(pm);
+ rollbackTransaction = false;
+ return commit;
+ } else {
+ throw new SentryAlreadyExistsException("Role: " + role.getRoleName());
+ }
+ } finally {
+ if (rollbackTransaction) {
+ rollbackTransaction(pm);
+ }
+ }
+ }
+
+ //TODO: handle case where a) privilege already exists, b) role to privilege mapping already exists
+ public CommitContext alterSentryRoleGrantPrivilege(String roleName,
+ TSentryPrivilege privilege) throws SentryNoSuchObjectException {
+ boolean rollbackTransaction = true;
+ PersistenceManager pm = null;
+ try {
+ pm = openTransaction();
+ Query query = pm.newQuery(MSentryRole.class);
+ query.setFilter("this.roleName == t");
+ query.declareParameters("java.lang.String t");
+ query.setUnique(true);
+ MSentryRole mRole = (MSentryRole) query.execute(roleName);
+ if (mRole == null) {
+ throw new SentryNoSuchObjectException("Role: " + roleName);
+ } else {
+ MSentryPrivilege mPrivilege = convertToMSentryPrivilege(privilege);
+ // add privilege and role objects to each other. needed by datanucleus to model
+ // m:n relationships correctly through a join table.
+ mPrivilege.appendRole(mRole);
+ mRole.appendPrivilege(mPrivilege);
+ pm.makePersistent(mRole);
+ pm.makePersistent(mPrivilege);
+ CommitContext commit = commitUpdateTransaction(pm);
+ rollbackTransaction = false;
+ return commit;
+ }
+ } finally {
+ if (rollbackTransaction) {
+ rollbackTransaction(pm);
+ }
+ }
+ }
+
+ public CommitContext alterSentryRoleRevokePrivilege(String roleName,
+ String privilegeName) throws SentryNoSuchObjectException {
+ boolean rollbackTransaction = true;
+ PersistenceManager pm = null;
+ try {
+ pm = openTransaction();
+ Query query = pm.newQuery(MSentryRole.class);
+ query.setFilter("this.roleName == t");
+ query.declareParameters("java.lang.String t");
+ query.setUnique(true);
+ MSentryRole mRole = (MSentryRole) query.execute(roleName);
+ if (mRole == null) {
+ throw new SentryNoSuchObjectException("Role: " + roleName);
+ } else {
+ query = pm.newQuery(MSentryPrivilege.class);
+ query.setFilter("this.privilegeName == t");
+ query.declareParameters("java.lang.String t");
+ query.setUnique(true);
+ MSentryPrivilege mPrivilege = (MSentryPrivilege) query.execute(privilegeName);
+ if (mPrivilege == null) {
+ throw new SentryNoSuchObjectException("Privilege: " + privilegeName);
+ } else {
+ // remove privilege and role objects from each other's set. needed by datanucleus to model
+ // m:n relationships correctly through a join table.
+ mRole.removePrivilege(mPrivilege);
+ CommitContext commit = commitUpdateTransaction(pm);
+ rollbackTransaction = false;
+ return commit;
+ }
+ }
+ } finally {
+ if (rollbackTransaction) {
+ rollbackTransaction(pm);
+ }
+ }
+ }
+
+ public CommitContext dropSentryRole(String roleName)
+ throws SentryNoSuchObjectException {
+ boolean rollbackTransaction = true;
+ PersistenceManager pm = null;
+ roleName = roleName.trim();
+ try {
+ pm = openTransaction();
+ Query query = pm.newQuery(MSentryRole.class);
+ query.setFilter("this.roleName == t");
+ query.declareParameters("java.lang.String t");
+ query.setUnique(true);
+ MSentryRole sentryRole = (MSentryRole) query.execute(roleName);
+ if (sentryRole == null) {
+ throw new SentryNoSuchObjectException("Role " + roleName);
+ } else {
+ pm.retrieve(sentryRole);
+ sentryRole.removePrivileges();
+ pm.deletePersistent(sentryRole);
+ }
+ CommitContext commit = commitUpdateTransaction(pm);
+ rollbackTransaction = false;
+ return commit;
+ } finally {
+ if (rollbackTransaction) {
+ rollbackTransaction(pm);
+ }
+ }
+ }
+
+ public CommitContext alterSentryRoleAddGroups(String grantorPrincipal,
+ String roleName, Set<TSentryGroup> groupNames)
+ throws SentryNoSuchObjectException {
+ boolean rollbackTransaction = true;
+ PersistenceManager pm = null;
+ try {
+ pm = openTransaction();
+ Query query = pm.newQuery(MSentryRole.class);
+ query.setFilter("this.roleName == t");
+ query.declareParameters("java.lang.String t");
+ query.setUnique(true);
+ MSentryRole role = (MSentryRole) query.execute(roleName);
+ if (role == null) {
+ throw new SentryNoSuchObjectException("Role: " + roleName);
+ } else {
+ query = pm.newQuery(MSentryGroup.class);
+ query.setFilter("this.groupName == t");
+ query.declareParameters("java.lang.String t");
+ query.setUnique(true);
+ List<MSentryGroup> groups = Lists.newArrayList();
+ for (TSentryGroup tGroup : groupNames) {
+ MSentryGroup group = (MSentryGroup) query.execute(tGroup.getGroupName());
+ if (group == null) {
+ group = new MSentryGroup(tGroup.getGroupName(), System.currentTimeMillis(),
+ grantorPrincipal, Sets.newHashSet(role));
+ }
+ group.appendRole(role);
+ groups.add(group);
+ }
+ pm.makePersistentAll(groups);
+ CommitContext commit = commitUpdateTransaction(pm);
+ rollbackTransaction = false;
+ return commit;
+ }
+ } finally {
+ if (rollbackTransaction) {
+ rollbackTransaction(pm);
+ }
+ }
+ }
+
+ public CommitContext alterSentryRoleDeleteGroups(String roleName,
+ Set<TSentryGroup> groupNames)
+ throws SentryNoSuchObjectException {
+ boolean rollbackTransaction = true;
+ PersistenceManager pm = null;
+ try {
+ pm = openTransaction();
+ Query query = pm.newQuery(MSentryRole.class);
+ query.setFilter("this.roleName == t");
+ query.declareParameters("java.lang.String t");
+ query.setUnique(true);
+ MSentryRole role = (MSentryRole) query.execute(roleName);
+ if (role == null) {
+ throw new SentryNoSuchObjectException("Role: " + roleName);
+ } else {
+ query = pm.newQuery(MSentryGroup.class);
+ query.setFilter("this.groupName == t");
+ query.declareParameters("java.lang.String t");
+ query.setUnique(true);
+ List<MSentryGroup> groups = Lists.newArrayList();
+ for (TSentryGroup tGroup : groupNames) {
+ MSentryGroup group = (MSentryGroup) query.execute(tGroup.getGroupName());
+ if (group != null) {
+ group.removeRole(role);
+ groups.add(group);
+ }
+ }
+ pm.makePersistentAll(groups);
+ CommitContext commit = commitUpdateTransaction(pm);
+ rollbackTransaction = false;
+ return commit;
+ }
+ } finally {
+ if (rollbackTransaction) {
+ rollbackTransaction(pm);
+ }
+ }
+ }
+
+ @VisibleForTesting
+ MSentryRole getMSentryRoleByName(String roleName)
+ throws SentryNoSuchObjectException {
+ boolean rollbackTransaction = true;
+ PersistenceManager pm = null;
+ roleName = roleName.trim();
+ try {
+ pm = openTransaction();
+ Query query = pm.newQuery(MSentryRole.class);
+ query.setFilter("this.roleName == t");
+ query.declareParameters("java.lang.String t");
+ query.setUnique(true);
+ MSentryRole sentryRole = (MSentryRole) query.execute(roleName);
+ if (sentryRole == null) {
+ throw new SentryNoSuchObjectException("Role " + roleName);
+ } else {
+ pm.retrieve(sentryRole);
+ }
+ rollbackTransaction = false;
+ commitTransaction(pm);
+ return sentryRole;
+ } finally {
+ if (rollbackTransaction) {
+ rollbackTransaction(pm);
+ }
+ }
+ }
+
+ public TSentryRole getSentryRoleByName(String roleName)
+ throws SentryNoSuchObjectException {
+ return convertToSentryRole(getMSentryRoleByName(roleName));
+ }
+
+ private MSentryRole convertToMSentryRole(TSentryRole role) {
+ MSentryRole mRole = new MSentryRole();
+ mRole.setCreateTime(role.getCreateTime());
+ mRole.setRoleName(role.getRoleName());
+ mRole.setGrantorPrincipal(role.getGrantorPrincipal());
+ return mRole;
+ }
+
+ private TSentryRole convertToSentryRole(MSentryRole mSentryRole) {
+ TSentryRole role = new TSentryRole();
+ role.setCreateTime(mSentryRole.getCreateTime());
+ role.setRoleName(mSentryRole.getRoleName());
+ role.setGrantorPrincipal(mSentryRole.getGrantorPrincipal());
+
+ Set<TSentryPrivilege> sentryPrivileges = new HashSet<TSentryPrivilege>();
+ for(MSentryPrivilege mSentryPrivilege:mSentryRole.getPrivileges()) {
+ TSentryPrivilege privilege = convertToSentryPrivilege(mSentryPrivilege);
+ sentryPrivileges.add(privilege);
+ }
+
+ role.setPrivileges(sentryPrivileges);
+ return role;
+ }
+
+ private TSentryPrivilege convertToSentryPrivilege(MSentryPrivilege mSentryPrivilege) {
+ TSentryPrivilege privilege = new TSentryPrivilege();
+ privilege.setCreateTime(mSentryPrivilege.getCreateTime());
+ privilege.setPrivilegeName(mSentryPrivilege.getPrivilegeName());
+ privilege.setAction(mSentryPrivilege.getAction());
+ privilege.setPrivilegeScope(mSentryPrivilege.getPrivilegeScope());
+ privilege.setServerName(mSentryPrivilege.getServerName());
+ privilege.setDbName(mSentryPrivilege.getDbName());
+ privilege.setTableName(mSentryPrivilege.getTableName());
+ privilege.setURI(mSentryPrivilege.getURI());
+ privilege.setGrantorPrincipal(mSentryPrivilege.getGrantorPrincipal());
+ return privilege;
+ }
+
+ private MSentryPrivilege convertToMSentryPrivilege(TSentryPrivilege privilege) {
+ MSentryPrivilege mSentryPrivilege = new MSentryPrivilege();
+ mSentryPrivilege.setServerName(privilege.getServerName());
+ mSentryPrivilege.setDbName(privilege.getDbName());
+ mSentryPrivilege.setTableName(privilege.getTableName());
+ mSentryPrivilege.setPrivilegeScope(privilege.getPrivilegeScope());
+ mSentryPrivilege.setAction(privilege.getAction());
+ mSentryPrivilege.setCreateTime(privilege.getCreateTime());
+ mSentryPrivilege.setGrantorPrincipal(privilege.getGrantorPrincipal());
+ mSentryPrivilege.setURI(privilege.getURI());
+ mSentryPrivilege.setPrivilegeName(privilege.getPrivilegeName());
+ return mSentryPrivilege;
+ }
+}
http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/644e8be3/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/thrift/NotificationHandler.java
----------------------------------------------------------------------
diff --git a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/thrift/NotificationHandler.java b/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/thrift/NotificationHandler.java
new file mode 100644
index 0000000..506d433
--- /dev/null
+++ b/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/thrift/NotificationHandler.java
@@ -0,0 +1,71 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.sentry.provider.db.service.thrift;
+
+import org.apache.hadoop.conf.Configuration;
+import org.apache.sentry.provider.db.service.persistent.CommitContext;
+
+/**
+ * Users wishing to be notified when a metadata changing event occurs
+ * should extend this abstract class. All methods which modify the underlying
+ * metadata in SentryPolicyStoreProcessor will have a corresponding method
+ * on this class. Each method will contain a copy of the request and response
+ * object. Therefore any change to the request or response object will be ignored.
+ * Additionally each method will be passed a CommitContext.
+ *
+ * Sub-classes should be thread-safe.
+ */
+public abstract class NotificationHandler {
+
+ private final Configuration config;
+
+ public NotificationHandler(Configuration config) throws Exception {
+ this.config = config;
+ }
+
+ protected Configuration getConf() {
+ return config;
+ }
+
+ public void create_sentry_role(CommitContext context,
+ TCreateSentryRoleRequest request, TCreateSentryRoleResponse response) {
+ }
+
+ public void drop_sentry_role(CommitContext context, TDropSentryRoleRequest request,
+ TDropSentryRoleResponse response) {
+ }
+
+ public void alter_sentry_role_grant_privilege(CommitContext context, TAlterSentryRoleGrantPrivilegeRequest request,
+ TAlterSentryRoleGrantPrivilegeResponse response) {
+ }
+
+ public void alter_sentry_role_revoke_privilege(CommitContext context, TAlterSentryRoleRevokePrivilegeRequest request,
+ TAlterSentryRoleRevokePrivilegeResponse response) {
+ }
+
+ public void alter_sentry_role_add_groups(CommitContext context,
+ TAlterSentryRoleAddGroupsRequest request,
+ TAlterSentryRoleAddGroupsResponse response) {
+ }
+
+ public void alter_sentry_role_delete_groups(
+ CommitContext context, TAlterSentryRoleDeleteGroupsRequest request,
+ TAlterSentryRoleDeleteGroupsResponse response) {
+ }
+}
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/644e8be3/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/thrift/NotificationHandlerInvoker.java
----------------------------------------------------------------------
diff --git a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/thrift/NotificationHandlerInvoker.java b/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/thrift/NotificationHandlerInvoker.java
new file mode 100644
index 0000000..9d9e867
--- /dev/null
+++ b/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/thrift/NotificationHandlerInvoker.java
@@ -0,0 +1,146 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.sentry.provider.db.service.thrift;
+
+import java.util.List;
+
+import org.apache.hadoop.conf.Configuration;
+import org.apache.sentry.provider.db.service.persistent.CommitContext;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+import com.google.common.collect.ImmutableList;
+
+/**
+ * Invokes configured instances of NotificationHandler. Importantly
+ * NotificationHandler's each receive a copy of the request and
+ * response thrift objects from each successful request.
+ */
+public class NotificationHandlerInvoker extends NotificationHandler {
+ private static final Logger LOGGER = LoggerFactory.getLogger(NotificationHandlerInvoker.class);
+
+ private final ImmutableList<NotificationHandler> handlers;
+
+ public NotificationHandlerInvoker(Configuration conf, NotificationHandler handler)
+ throws Exception {
+ this(conf, ImmutableList.of(handler));
+ }
+
+ public NotificationHandlerInvoker(Configuration conf, List<NotificationHandler> handlers)
+ throws Exception {
+ super(conf);
+ this.handlers = ImmutableList.copyOf(handlers);
+ }
+
+ @Override
+ public void create_sentry_role(CommitContext context,
+ TCreateSentryRoleRequest request, TCreateSentryRoleResponse response) {
+ for (NotificationHandler handler : handlers) {
+ try {
+ LOGGER.debug("Calling " + handler);
+ handler.create_sentry_role(context, new TCreateSentryRoleRequest(request),
+ new TCreateSentryRoleResponse(response));
+ } catch (Exception ex) {
+ LOGGER.error("Unexpected error in " + handler + ". Request: "
+ + request + ", Response: " + response, ex);
+ }
+ }
+ }
+
+ @Override
+ public void drop_sentry_role(CommitContext context, TDropSentryRoleRequest request,
+ TDropSentryRoleResponse response) {
+ for (NotificationHandler handler : handlers) {
+ try {
+ LOGGER.debug("Calling " + handler);
+ handler.drop_sentry_role(context, new TDropSentryRoleRequest(request),
+ new TDropSentryRoleResponse(response));
+ } catch (Exception ex) {
+ LOGGER.error("Unexpected error in " + handler + ". Request: "
+ + request + ", Response: " + response, ex);
+ }
+ }
+ }
+
+ @Override
+ public void alter_sentry_role_grant_privilege(CommitContext context,
+ TAlterSentryRoleGrantPrivilegeRequest request,
+ TAlterSentryRoleGrantPrivilegeResponse response) {
+ for (NotificationHandler handler : handlers) {
+ try {
+ LOGGER.debug("Calling " + handler);
+ handler.alter_sentry_role_grant_privilege(context,
+ new TAlterSentryRoleGrantPrivilegeRequest(request),
+ new TAlterSentryRoleGrantPrivilegeResponse(response));
+ } catch (Exception ex) {
+ LOGGER.error("Unexpected error in " + handler + ". Request: "
+ + request + ", Response: " + response, ex);
+ }
+ }
+ }
+
+ @Override
+ public void alter_sentry_role_revoke_privilege(CommitContext context,
+ TAlterSentryRoleRevokePrivilegeRequest request,
+ TAlterSentryRoleRevokePrivilegeResponse response) {
+ for (NotificationHandler handler : handlers) {
+ try {
+ LOGGER.debug("Calling " + handler);
+ handler.alter_sentry_role_revoke_privilege(context,
+ new TAlterSentryRoleRevokePrivilegeRequest(request),
+ new TAlterSentryRoleRevokePrivilegeResponse(response));
+ } catch (Exception ex) {
+ LOGGER.error("Unexpected error in " + handler + ". Request: "
+ + request + ", Response: " + response, ex);
+ }
+ }
+ }
+
+ @Override
+ public void alter_sentry_role_add_groups(CommitContext context,
+ TAlterSentryRoleAddGroupsRequest request,
+ TAlterSentryRoleAddGroupsResponse response) {
+ for (NotificationHandler handler : handlers) {
+ try {
+ LOGGER.debug("Calling " + handler);
+ handler.alter_sentry_role_add_groups(context, new TAlterSentryRoleAddGroupsRequest(request),
+ new TAlterSentryRoleAddGroupsResponse(response));
+ } catch (Exception ex) {
+ LOGGER.error("Unexpected error in " + handler + ". Request: "
+ + request + ", Response: " + response, ex);
+ }
+ }
+ }
+
+ @Override
+ public void alter_sentry_role_delete_groups(
+ CommitContext context, TAlterSentryRoleDeleteGroupsRequest request,
+ TAlterSentryRoleDeleteGroupsResponse response) {
+ for (NotificationHandler handler : handlers) {
+ try {
+ LOGGER.debug("Calling " + handler);
+ handler.alter_sentry_role_delete_groups(context, new TAlterSentryRoleDeleteGroupsRequest(request),
+ new TAlterSentryRoleDeleteGroupsResponse(response));
+ } catch (Exception ex) {
+ LOGGER.error("Unexpected error in " + handler + ". Request: "
+ + request + ", Response: " + response, ex);
+ }
+ }
+ }
+}
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/644e8be3/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/thrift/PolicyStoreConstants.java
----------------------------------------------------------------------
diff --git a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/thrift/PolicyStoreConstants.java b/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/thrift/PolicyStoreConstants.java
new file mode 100644
index 0000000..34bec93
--- /dev/null
+++ b/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/thrift/PolicyStoreConstants.java
@@ -0,0 +1,25 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.sentry.provider.db.service.thrift;
+
+public class PolicyStoreConstants {
+
+ public static class PolicyStoreServerConfig {
+ public static final String NOTIFICATION_HANDLERS = "sentry.policy.store.notification.handlers";
+ }
+}
http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/644e8be3/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/thrift/SentryConfigurationException.java
----------------------------------------------------------------------
diff --git a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/thrift/SentryConfigurationException.java b/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/thrift/SentryConfigurationException.java
new file mode 100644
index 0000000..0e5ad32
--- /dev/null
+++ b/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/thrift/SentryConfigurationException.java
@@ -0,0 +1,30 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.sentry.provider.db.service.thrift;
+
+import org.apache.sentry.SentryUserException;
+
+public class SentryConfigurationException extends SentryUserException {
+ private static final long serialVersionUID = 1298632655835L;
+ public SentryConfigurationException(String msg) {
+ super(msg);
+ }
+ public SentryConfigurationException(String msg, Throwable t) {
+ super(msg, t);
+ }
+}
http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/644e8be3/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/thrift/SentryPolicyServiceClient.java
----------------------------------------------------------------------
diff --git a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/thrift/SentryPolicyServiceClient.java b/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/thrift/SentryPolicyServiceClient.java
new file mode 100644
index 0000000..a4487ee
--- /dev/null
+++ b/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/thrift/SentryPolicyServiceClient.java
@@ -0,0 +1,110 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.sentry.provider.db.service.thrift;
+
+import java.net.InetSocketAddress;
+
+import org.apache.hadoop.conf.Configuration;
+import org.apache.hadoop.net.NetUtils;
+import org.apache.hadoop.security.SaslRpcServer;
+import org.apache.hadoop.security.SaslRpcServer.AuthMethod;
+import org.apache.sentry.service.thrift.ServiceConstants.ClientConfig;
+import org.apache.sentry.service.thrift.ServiceConstants.ServerConfig;
+import org.apache.thrift.TException;
+import org.apache.thrift.protocol.TBinaryProtocol;
+import org.apache.thrift.protocol.TMultiplexedProtocol;
+import org.apache.thrift.transport.TSaslClientTransport;
+import org.apache.thrift.transport.TSocket;
+import org.apache.thrift.transport.TTransport;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+import com.google.common.base.Preconditions;
+
+public class SentryPolicyServiceClient {
+
+ @SuppressWarnings("unused")
+ private final Configuration conf;
+ private final InetSocketAddress serverAddress;
+ private final String[] serverPrincipalParts;
+ private SentryPolicyService.Client client;
+ private TTransport transport;
+ private int connectionTimeout;
+ private static final Logger LOGGER = LoggerFactory
+ .getLogger(SentryPolicyServiceClient.class);
+
+ public SentryPolicyServiceClient(Configuration conf) throws Exception {
+ this.conf = conf;
+ this.serverAddress = NetUtils.createSocketAddr(Preconditions.checkNotNull(
+ conf.get(ClientConfig.SERVER_RPC_ADDRESS), "Config key "
+ + ClientConfig.SERVER_RPC_ADDRESS + " is required"), conf.getInt(
+ ClientConfig.SERVER_RPC_PORT, ClientConfig.SERVER_RPC_PORT_DEFAULT));
+ this.connectionTimeout = conf.getInt(ClientConfig.SERVER_RPC_CONN_TIMEOUT,
+ ClientConfig.SERVER_RPC_CONN_TIMEOUT_DEFAULT);
+ String serverPrincipal = Preconditions.checkNotNull(
+ conf.get(ServerConfig.PRINCIPAL), ServerConfig.PRINCIPAL
+ + " is required");
+ serverPrincipalParts = SaslRpcServer.splitKerberosName(serverPrincipal);
+ Preconditions.checkArgument(serverPrincipalParts.length == 3,
+ "Kerberos principal should have 3 parts: " + serverPrincipal);
+ transport = new TSocket(serverAddress.getHostString(),
+ serverAddress.getPort(), connectionTimeout);
+ TTransport saslTransport = new TSaslClientTransport(
+ AuthMethod.KERBEROS.getMechanismName(), null, serverPrincipalParts[0],
+ serverPrincipalParts[1], ClientConfig.SASL_PROPERTIES, null, transport);
+ saslTransport.open();
+ LOGGER.info("Successfully opened transport");
+ TMultiplexedProtocol protocol = new TMultiplexedProtocol(
+ new TBinaryProtocol(saslTransport),
+ SentryPolicyStoreProcessor.SENTRY_POLICY_SERVICE_NAME);
+ client = new SentryPolicyService.Client(protocol);
+ LOGGER.info("Successfully created client");
+ }
+
+ public TCreateSentryRoleResponse createRole(TCreateSentryRoleRequest req)
+ throws TException {
+ return client.create_sentry_role(req);
+ }
+
+ public TListSentryRolesResponse listRoleByName(TListSentryRolesRequest req)
+ throws TException {
+ return client.list_sentry_roles_by_role_name(req);
+ }
+
+ public TDropSentryRoleResponse dropRole(TDropSentryRoleRequest req)
+ throws TException {
+ return client.drop_sentry_role(req);
+ }
+
+ public TAlterSentryRoleGrantPrivilegeResponse grantPrivilege(TAlterSentryRoleGrantPrivilegeRequest req)
+ throws TException {
+ return client.alter_sentry_role_grant_privilege(req);
+ }
+
+ public TAlterSentryRoleRevokePrivilegeResponse revokePrivilege(TAlterSentryRoleRevokePrivilegeRequest req)
+ throws TException {
+ return client.alter_sentry_role_revoke_privilege(req);
+ }
+
+ public void close() {
+ if (transport != null) {
+ transport.close();
+ }
+ }
+}
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/644e8be3/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/thrift/SentryPolicyStoreProcessor.java
----------------------------------------------------------------------
diff --git a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/thrift/SentryPolicyStoreProcessor.java b/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/thrift/SentryPolicyStoreProcessor.java
new file mode 100644
index 0000000..3fe47dc
--- /dev/null
+++ b/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/thrift/SentryPolicyStoreProcessor.java
@@ -0,0 +1,344 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.sentry.provider.db.service.thrift;
+
+import java.lang.reflect.Constructor;
+import java.util.HashSet;
+import java.util.List;
+import java.util.Set;
+
+import org.apache.hadoop.conf.Configuration;
+import org.apache.sentry.provider.db.service.persistent.CommitContext;
+import org.apache.sentry.provider.db.service.persistent.SentryAlreadyExistsException;
+import org.apache.sentry.provider.db.service.persistent.SentryInvalidInputException;
+import org.apache.sentry.provider.db.service.persistent.SentryNoSuchObjectException;
+import org.apache.sentry.provider.db.service.persistent.SentryStore;
+import org.apache.sentry.provider.db.service.thrift.PolicyStoreConstants.PolicyStoreServerConfig;
+import org.apache.sentry.service.thrift.Status;
+import org.apache.sentry.service.thrift.TSentryResponseStatus;
+import org.apache.thrift.TException;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+import com.google.common.annotations.VisibleForTesting;
+import com.google.common.base.Preconditions;
+import com.google.common.base.Splitter;
+import com.google.common.collect.Lists;
+import com.google.common.collect.Sets;
+
+@SuppressWarnings("unused")
+public class SentryPolicyStoreProcessor implements SentryPolicyService.Iface {
+ private static final Logger LOGGER = LoggerFactory.getLogger(SentryPolicyStoreProcessor.class);
+
+ public static final String SENTRY_POLICY_SERVICE_NAME = "SentryPolicyService";
+
+ private final String name;
+ private final Configuration conf;
+ private final SentryStore sentryStore;
+ private final NotificationHandlerInvoker notificationHandlerInvoker;
+ private boolean isReady;
+
+ public SentryPolicyStoreProcessor(String name, Configuration conf) throws Exception {
+ super();
+ this.name = name;
+ this.conf = conf;
+ this.notificationHandlerInvoker = new NotificationHandlerInvoker(conf,
+ createHandlers(conf));
+ isReady = false;
+ sentryStore = new SentryStore();
+ isReady = true;
+ }
+
+ public void stop() {
+ if (isReady) {
+ sentryStore.stop();
+ }
+ }
+
+ @VisibleForTesting
+ static List<NotificationHandler> createHandlers(Configuration conf)
+ throws SentryConfigurationException {
+ List<NotificationHandler> handlers = Lists.newArrayList();
+ Iterable<String> notificationHandlers = Splitter.onPattern("[\\s,]").trimResults()
+ .omitEmptyStrings().split(conf.get(PolicyStoreServerConfig.NOTIFICATION_HANDLERS, ""));
+ for (String notificationHandler : notificationHandlers) {
+ Class<?> clazz = null;
+ try {
+ clazz = Class.forName(notificationHandler);
+ if (!NotificationHandler.class.isAssignableFrom(clazz)) {
+ throw new SentryConfigurationException("Class " + notificationHandler + " is not a " +
+ NotificationHandler.class.getName());
+ }
+ } catch (ClassNotFoundException e) {
+ throw new SentryConfigurationException("Value " + notificationHandler +
+ " is not a class", e);
+ }
+ Preconditions.checkNotNull(clazz, "Error class cannot be null");
+ try {
+ Constructor<?> constructor = clazz.getConstructor(Configuration.class);
+ handlers.add((NotificationHandler)constructor.newInstance(conf));
+ } catch (Exception e) {
+ throw new SentryConfigurationException("Error attempting to create " + notificationHandler, e);
+ }
+ }
+ return handlers;
+ }
+
+ //TODO:Validate privilege scope?
+ @VisibleForTesting
+ public static String constructPrivilegeName(TSentryPrivilege privilege) throws SentryInvalidInputException {
+ StringBuilder privilegeName = new StringBuilder();
+ String serverName = privilege.getServerName();
+ String dbName = privilege.getDbName();
+ String tableName = privilege.getTableName();
+ String uri = privilege.getURI();
+ String action = privilege.getAction();
+
+ if (serverName == null) {
+ throw new SentryInvalidInputException("Server name is null");
+ }
+
+ if (action.equalsIgnoreCase("SELECT") || action.equalsIgnoreCase("INSERT")) {
+ if (tableName == null || tableName.equals("")) {
+ throw new SentryInvalidInputException("Table name can't be null for SELECT/INSERT privilege");
+ }
+ }
+
+ if (dbName == null || dbName.equals("")) {
+ if (tableName != null && !tableName.equals("")) {
+ throw new SentryInvalidInputException("Db name can't be null");
+ }
+ }
+
+ if (uri == null || uri.equals("")) {
+ privilegeName.append(serverName);
+ privilegeName.append("+");
+ privilegeName.append(dbName);
+
+ if (tableName != null && !tableName.equals("")) {
+ privilegeName.append("+");
+ privilegeName.append(tableName);
+ }
+ privilegeName.append("+");
+ privilegeName.append(action);
+ } else {
+ privilegeName.append(serverName);
+ privilegeName.append("+");
+ privilegeName.append(uri);
+ }
+ return privilegeName.toString();
+ }
+
+ @Override
+ public TCreateSentryRoleResponse create_sentry_role(
+ TCreateSentryRoleRequest request) throws TException {
+ TCreateSentryRoleResponse response = new TCreateSentryRoleResponse();
+ try {
+ CommitContext commitContext = sentryStore.createSentryRole(request.getRole());
+ response.setStatus(Status.OK());
+ notificationHandlerInvoker.create_sentry_role(commitContext,
+ request, response);
+ } catch (SentryAlreadyExistsException e) {
+ String msg = "Role: " + request + " already exists.";
+ LOGGER.error(msg, e);
+ response.setStatus(Status.AlreadyExists(msg, e));
+ } catch (Exception e) {
+ String msg = "Unknown error for request: " + request + ", message: " + e.getMessage();
+ LOGGER.error(msg, e);
+ response.setStatus(Status.RuntimeError(msg, e));
+ }
+ return response;
+ }
+
+ @Override
+ public TAlterSentryRoleGrantPrivilegeResponse alter_sentry_role_grant_privilege
+ (TAlterSentryRoleGrantPrivilegeRequest request) throws TException {
+
+ TAlterSentryRoleGrantPrivilegeResponse response = new TAlterSentryRoleGrantPrivilegeResponse();
+ try {
+ String privilegeName = constructPrivilegeName(request.getPrivilege());
+ request.getPrivilege().setPrivilegeName(privilegeName);
+ CommitContext commitContext = sentryStore.alterSentryRoleGrantPrivilege(request.getRoleName(),
+ request.getPrivilege());
+ response.setStatus(Status.OK());
+ notificationHandlerInvoker.alter_sentry_role_grant_privilege(commitContext,
+ request, response);
+ } catch (SentryNoSuchObjectException e) {
+ String msg = "Role: " + request.getRoleName() + " doesn't exist.";
+ LOGGER.error(msg, e);
+ response.setStatus(Status.NoSuchObject(msg, e));
+ } catch (SentryInvalidInputException e) {
+ String msg = "Invalid input privilege object";
+ LOGGER.error(msg, e);
+ response.setStatus(Status.InvalidInput(msg, e));
+ } catch (Exception e) {
+ String msg = "Unknown error for request: " + request + ", message: " + e.getMessage();
+ LOGGER.error(msg, e);
+ response.setStatus(Status.RuntimeError(msg, e));
+ }
+
+ return response;
+ }
+
+ @Override
+ public TAlterSentryRoleRevokePrivilegeResponse alter_sentry_role_revoke_privilege
+ (TAlterSentryRoleRevokePrivilegeRequest request) throws TException {
+ TAlterSentryRoleRevokePrivilegeResponse response = new TAlterSentryRoleRevokePrivilegeResponse();
+ try {
+ String privilegeName = constructPrivilegeName(request.getPrivilege());
+ request.getPrivilege().setPrivilegeName(privilegeName);
+ CommitContext commitContext = sentryStore.alterSentryRoleRevokePrivilege(request.getRoleName(),
+ request.getPrivilege().getPrivilegeName());
+ response.setStatus(Status.OK());
+ notificationHandlerInvoker.alter_sentry_role_revoke_privilege(commitContext,
+ request, response);
+ } catch (SentryNoSuchObjectException e) {
+ String msg = "Privilege: " + request.getPrivilege().getPrivilegeName() + " doesn't exist.";
+ LOGGER.error(msg, e);
+ response.setStatus(Status.NoSuchObject(msg, e));
+ } catch (SentryInvalidInputException e) {
+ String msg = "Invalid input privilege object";
+ LOGGER.error(msg, e);
+ response.setStatus(Status.InvalidInput(msg, e));
+ } catch (Exception e) {
+ String msg = "Unknown error for request: " + request + ", message: " + e.getMessage();
+ LOGGER.error(msg, e);
+ response.setStatus(Status.RuntimeError(msg, e));
+ }
+
+ return response;
+ }
+
+ @Override
+ public TDropSentryRoleResponse drop_sentry_role(
+ TDropSentryRoleRequest request) throws TException {
+ TDropSentryRoleResponse response = new TDropSentryRoleResponse();
+ TSentryResponseStatus status;
+ try {
+ CommitContext commitContext = sentryStore.dropSentryRole(request.getRoleName());
+ response.setStatus(Status.OK());
+ notificationHandlerInvoker.drop_sentry_role(commitContext,
+ request, response);
+ } catch (SentryNoSuchObjectException e) {
+ String msg = "Role :" + request + " does not exist.";
+ LOGGER.error(msg, e);
+ response.setStatus(Status.NoSuchObject(msg, e));
+ } catch (Exception e) {
+ String msg = "Unknown error for request: " + request + ", message: " + e.getMessage();
+ LOGGER.error(msg, e);
+ response.setStatus(Status.RuntimeError(msg, e));
+ }
+ return response;
+ }
+
+ @Override
+ public TAlterSentryRoleAddGroupsResponse alter_sentry_role_add_groups(
+ TAlterSentryRoleAddGroupsRequest request) throws TException {
+ TAlterSentryRoleAddGroupsResponse response = new TAlterSentryRoleAddGroupsResponse();
+ try {
+ CommitContext commitContext = sentryStore.alterSentryRoleAddGroups(request.getRequestorUserName(),
+ request.getRoleName(), request.getGroups());
+ response.setStatus(Status.OK());
+ notificationHandlerInvoker.alter_sentry_role_add_groups(commitContext,
+ request, response);
+ } catch (SentryNoSuchObjectException e) {
+ String msg = "Role: " + request + " does not exist.";
+ LOGGER.error(msg, e);
+ response.setStatus(Status.NoSuchObject(msg, e));
+ } catch (Exception e) {
+ String msg = "Unknown error for request: " + request + ", message: " + e.getMessage();
+ LOGGER.error(msg, e);
+ response.setStatus(Status.RuntimeError(msg, e));
+ }
+ return response;
+ }
+
+ @Override
+ public TAlterSentryRoleDeleteGroupsResponse alter_sentry_role_delete_groups(
+ TAlterSentryRoleDeleteGroupsRequest request) throws TException {
+ // TODO implement
+ TAlterSentryRoleDeleteGroupsResponse response = new TAlterSentryRoleDeleteGroupsResponse();
+ try {
+ CommitContext commitContext = sentryStore.alterSentryRoleDeleteGroups(null, null);
+ response.setStatus(Status.OK());
+ notificationHandlerInvoker.alter_sentry_role_delete_groups(commitContext,
+ request, response);
+ } catch (SentryNoSuchObjectException e) {
+ String msg = "Role: " + request + " does not exist.";
+ LOGGER.error(msg, e);
+ response.setStatus(Status.NoSuchObject(msg, e));
+ } catch (Exception e) {
+ String msg = "Unknown error adding groups to role: " + request;
+ LOGGER.error(msg, e);
+ response.setStatus(Status.RuntimeError(msg, e));
+ }
+ return response;
+ }
+
+ @Override
+ public TListSentryRolesResponse list_sentry_roles_by_group(
+ TListSentryRolesRequest request) throws TException {
+ TListSentryRolesResponse response = new TListSentryRolesResponse();
+ TSentryResponseStatus status;
+ TSentryRole role = null;
+ Set<TSentryRole> roleSet = new HashSet<TSentryRole>();
+ try {
+ // TODO implement
+ role = sentryStore.getSentryRoleByName(request.getRoleName());
+ roleSet.add(role);
+ response.setRoles(roleSet);
+ response.setStatus(Status.OK());
+ } catch (SentryNoSuchObjectException e) {
+ response.setRoles(roleSet);
+ String msg = "Role: " + request + " couldn't be retrieved.";
+ LOGGER.error(msg, e);
+ response.setStatus(Status.NoSuchObject(msg, e));
+ } catch (Exception e) {
+ String msg = "Unknown error for request: " + request + ", message: " + e.getMessage();
+ LOGGER.error(msg, e);
+ response.setStatus(Status.RuntimeError(msg, e));
+ }
+ return response;
+ }
+
+ @Override
+ public TListSentryRolesResponse list_sentry_roles_by_role_name(
+ TListSentryRolesRequest request) throws TException {
+ TListSentryRolesResponse response = new TListSentryRolesResponse();
+ TSentryResponseStatus status;
+ TSentryRole role = null;
+ Set<TSentryRole> roleSet = new HashSet<TSentryRole>();
+ try {
+ role = sentryStore.getSentryRoleByName(request.getRoleName());
+ roleSet.add(role);
+ response.setRoles(roleSet);
+ response.setStatus(Status.OK());
+ } catch (SentryNoSuchObjectException e) {
+ response.setRoles(roleSet);
+ String msg = "Role: " + request + " couldn't be retrieved.";
+ LOGGER.error(msg, e);
+ response.setStatus(Status.NoSuchObject(msg, e));
+ } catch (Exception e) {
+ String msg = "Unknown error for request: " + request + ", message: " + e.getMessage();
+ LOGGER.error(msg, e);
+ response.setStatus(Status.RuntimeError(msg, e));
+ }
+ return response;
+ }
+}
http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/644e8be3/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/thrift/SentryPolicyStoreProcessorFactory.java
----------------------------------------------------------------------
diff --git a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/thrift/SentryPolicyStoreProcessorFactory.java b/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/thrift/SentryPolicyStoreProcessorFactory.java
new file mode 100644
index 0000000..b37db2b
--- /dev/null
+++ b/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/thrift/SentryPolicyStoreProcessorFactory.java
@@ -0,0 +1,39 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.sentry.provider.db.service.thrift;
+
+import org.apache.hadoop.conf.Configuration;
+import org.apache.sentry.service.thrift.ProcessorFactory;
+import org.apache.thrift.TMultiplexedProcessor;
+import org.apache.thrift.TProcessor;
+
+public class SentryPolicyStoreProcessorFactory extends ProcessorFactory {
+ public SentryPolicyStoreProcessorFactory(Configuration conf) {
+ super(conf);
+ }
+
+ public boolean register(TMultiplexedProcessor multiplexedProcessor) throws Exception {
+ SentryPolicyStoreProcessor sentryServiceHandler =
+ new SentryPolicyStoreProcessor(SentryPolicyStoreProcessor.SENTRY_POLICY_SERVICE_NAME,
+ conf);
+ TProcessor processor =
+ new SentryPolicyService.Processor<SentryPolicyService.Iface>(sentryServiceHandler);
+ multiplexedProcessor.registerProcessor(SentryPolicyStoreProcessor.SENTRY_POLICY_SERVICE_NAME, processor);
+ return true;
+ }
+}
[06/13] SENTRY-143: Merge db_policy_store branch into master (Brock
Noland via Shreepadma Venugopalan)
Posted by sh...@apache.org.
http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/644e8be3/sentry-provider/sentry-provider-db/src/gen/thrift/gen-javabean/org/apache/sentry/provider/db/service/thrift/TAlterSentryRoleRevokePrivilegeResponse.java
----------------------------------------------------------------------
diff --git a/sentry-provider/sentry-provider-db/src/gen/thrift/gen-javabean/org/apache/sentry/provider/db/service/thrift/TAlterSentryRoleRevokePrivilegeResponse.java b/sentry-provider/sentry-provider-db/src/gen/thrift/gen-javabean/org/apache/sentry/provider/db/service/thrift/TAlterSentryRoleRevokePrivilegeResponse.java
new file mode 100644
index 0000000..d431e37
--- /dev/null
+++ b/sentry-provider/sentry-provider-db/src/gen/thrift/gen-javabean/org/apache/sentry/provider/db/service/thrift/TAlterSentryRoleRevokePrivilegeResponse.java
@@ -0,0 +1,390 @@
+/**
+ * Autogenerated by Thrift Compiler (0.9.0)
+ *
+ * DO NOT EDIT UNLESS YOU ARE SURE THAT YOU KNOW WHAT YOU ARE DOING
+ * @generated
+ */
+package org.apache.sentry.provider.db.service.thrift;
+
+import org.apache.commons.lang.builder.HashCodeBuilder;
+import org.apache.thrift.scheme.IScheme;
+import org.apache.thrift.scheme.SchemeFactory;
+import org.apache.thrift.scheme.StandardScheme;
+
+import org.apache.thrift.scheme.TupleScheme;
+import org.apache.thrift.protocol.TTupleProtocol;
+import org.apache.thrift.protocol.TProtocolException;
+import org.apache.thrift.EncodingUtils;
+import org.apache.thrift.TException;
+import java.util.List;
+import java.util.ArrayList;
+import java.util.Map;
+import java.util.HashMap;
+import java.util.EnumMap;
+import java.util.Set;
+import java.util.HashSet;
+import java.util.EnumSet;
+import java.util.Collections;
+import java.util.BitSet;
+import java.nio.ByteBuffer;
+import java.util.Arrays;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+public class TAlterSentryRoleRevokePrivilegeResponse implements org.apache.thrift.TBase<TAlterSentryRoleRevokePrivilegeResponse, TAlterSentryRoleRevokePrivilegeResponse._Fields>, java.io.Serializable, Cloneable {
+ private static final org.apache.thrift.protocol.TStruct STRUCT_DESC = new org.apache.thrift.protocol.TStruct("TAlterSentryRoleRevokePrivilegeResponse");
+
+ private static final org.apache.thrift.protocol.TField STATUS_FIELD_DESC = new org.apache.thrift.protocol.TField("status", org.apache.thrift.protocol.TType.STRUCT, (short)1);
+
+ private static final Map<Class<? extends IScheme>, SchemeFactory> schemes = new HashMap<Class<? extends IScheme>, SchemeFactory>();
+ static {
+ schemes.put(StandardScheme.class, new TAlterSentryRoleRevokePrivilegeResponseStandardSchemeFactory());
+ schemes.put(TupleScheme.class, new TAlterSentryRoleRevokePrivilegeResponseTupleSchemeFactory());
+ }
+
+ private org.apache.sentry.service.thrift.TSentryResponseStatus status; // required
+
+ /** The set of fields this struct contains, along with convenience methods for finding and manipulating them. */
+ public enum _Fields implements org.apache.thrift.TFieldIdEnum {
+ STATUS((short)1, "status");
+
+ private static final Map<String, _Fields> byName = new HashMap<String, _Fields>();
+
+ static {
+ for (_Fields field : EnumSet.allOf(_Fields.class)) {
+ byName.put(field.getFieldName(), field);
+ }
+ }
+
+ /**
+ * Find the _Fields constant that matches fieldId, or null if its not found.
+ */
+ public static _Fields findByThriftId(int fieldId) {
+ switch(fieldId) {
+ case 1: // STATUS
+ return STATUS;
+ default:
+ return null;
+ }
+ }
+
+ /**
+ * Find the _Fields constant that matches fieldId, throwing an exception
+ * if it is not found.
+ */
+ public static _Fields findByThriftIdOrThrow(int fieldId) {
+ _Fields fields = findByThriftId(fieldId);
+ if (fields == null) throw new IllegalArgumentException("Field " + fieldId + " doesn't exist!");
+ return fields;
+ }
+
+ /**
+ * Find the _Fields constant that matches name, or null if its not found.
+ */
+ public static _Fields findByName(String name) {
+ return byName.get(name);
+ }
+
+ private final short _thriftId;
+ private final String _fieldName;
+
+ _Fields(short thriftId, String fieldName) {
+ _thriftId = thriftId;
+ _fieldName = fieldName;
+ }
+
+ public short getThriftFieldId() {
+ return _thriftId;
+ }
+
+ public String getFieldName() {
+ return _fieldName;
+ }
+ }
+
+ // isset id assignments
+ public static final Map<_Fields, org.apache.thrift.meta_data.FieldMetaData> metaDataMap;
+ static {
+ Map<_Fields, org.apache.thrift.meta_data.FieldMetaData> tmpMap = new EnumMap<_Fields, org.apache.thrift.meta_data.FieldMetaData>(_Fields.class);
+ tmpMap.put(_Fields.STATUS, new org.apache.thrift.meta_data.FieldMetaData("status", org.apache.thrift.TFieldRequirementType.REQUIRED,
+ new org.apache.thrift.meta_data.StructMetaData(org.apache.thrift.protocol.TType.STRUCT, org.apache.sentry.service.thrift.TSentryResponseStatus.class)));
+ metaDataMap = Collections.unmodifiableMap(tmpMap);
+ org.apache.thrift.meta_data.FieldMetaData.addStructMetaDataMap(TAlterSentryRoleRevokePrivilegeResponse.class, metaDataMap);
+ }
+
+ public TAlterSentryRoleRevokePrivilegeResponse() {
+ }
+
+ public TAlterSentryRoleRevokePrivilegeResponse(
+ org.apache.sentry.service.thrift.TSentryResponseStatus status)
+ {
+ this();
+ this.status = status;
+ }
+
+ /**
+ * Performs a deep copy on <i>other</i>.
+ */
+ public TAlterSentryRoleRevokePrivilegeResponse(TAlterSentryRoleRevokePrivilegeResponse other) {
+ if (other.isSetStatus()) {
+ this.status = new org.apache.sentry.service.thrift.TSentryResponseStatus(other.status);
+ }
+ }
+
+ public TAlterSentryRoleRevokePrivilegeResponse deepCopy() {
+ return new TAlterSentryRoleRevokePrivilegeResponse(this);
+ }
+
+ @Override
+ public void clear() {
+ this.status = null;
+ }
+
+ public org.apache.sentry.service.thrift.TSentryResponseStatus getStatus() {
+ return this.status;
+ }
+
+ public void setStatus(org.apache.sentry.service.thrift.TSentryResponseStatus status) {
+ this.status = status;
+ }
+
+ public void unsetStatus() {
+ this.status = null;
+ }
+
+ /** Returns true if field status is set (has been assigned a value) and false otherwise */
+ public boolean isSetStatus() {
+ return this.status != null;
+ }
+
+ public void setStatusIsSet(boolean value) {
+ if (!value) {
+ this.status = null;
+ }
+ }
+
+ public void setFieldValue(_Fields field, Object value) {
+ switch (field) {
+ case STATUS:
+ if (value == null) {
+ unsetStatus();
+ } else {
+ setStatus((org.apache.sentry.service.thrift.TSentryResponseStatus)value);
+ }
+ break;
+
+ }
+ }
+
+ public Object getFieldValue(_Fields field) {
+ switch (field) {
+ case STATUS:
+ return getStatus();
+
+ }
+ throw new IllegalStateException();
+ }
+
+ /** Returns true if field corresponding to fieldID is set (has been assigned a value) and false otherwise */
+ public boolean isSet(_Fields field) {
+ if (field == null) {
+ throw new IllegalArgumentException();
+ }
+
+ switch (field) {
+ case STATUS:
+ return isSetStatus();
+ }
+ throw new IllegalStateException();
+ }
+
+ @Override
+ public boolean equals(Object that) {
+ if (that == null)
+ return false;
+ if (that instanceof TAlterSentryRoleRevokePrivilegeResponse)
+ return this.equals((TAlterSentryRoleRevokePrivilegeResponse)that);
+ return false;
+ }
+
+ public boolean equals(TAlterSentryRoleRevokePrivilegeResponse that) {
+ if (that == null)
+ return false;
+
+ boolean this_present_status = true && this.isSetStatus();
+ boolean that_present_status = true && that.isSetStatus();
+ if (this_present_status || that_present_status) {
+ if (!(this_present_status && that_present_status))
+ return false;
+ if (!this.status.equals(that.status))
+ return false;
+ }
+
+ return true;
+ }
+
+ @Override
+ public int hashCode() {
+ HashCodeBuilder builder = new HashCodeBuilder();
+
+ boolean present_status = true && (isSetStatus());
+ builder.append(present_status);
+ if (present_status)
+ builder.append(status);
+
+ return builder.toHashCode();
+ }
+
+ public int compareTo(TAlterSentryRoleRevokePrivilegeResponse other) {
+ if (!getClass().equals(other.getClass())) {
+ return getClass().getName().compareTo(other.getClass().getName());
+ }
+
+ int lastComparison = 0;
+ TAlterSentryRoleRevokePrivilegeResponse typedOther = (TAlterSentryRoleRevokePrivilegeResponse)other;
+
+ lastComparison = Boolean.valueOf(isSetStatus()).compareTo(typedOther.isSetStatus());
+ if (lastComparison != 0) {
+ return lastComparison;
+ }
+ if (isSetStatus()) {
+ lastComparison = org.apache.thrift.TBaseHelper.compareTo(this.status, typedOther.status);
+ if (lastComparison != 0) {
+ return lastComparison;
+ }
+ }
+ return 0;
+ }
+
+ public _Fields fieldForId(int fieldId) {
+ return _Fields.findByThriftId(fieldId);
+ }
+
+ public void read(org.apache.thrift.protocol.TProtocol iprot) throws org.apache.thrift.TException {
+ schemes.get(iprot.getScheme()).getScheme().read(iprot, this);
+ }
+
+ public void write(org.apache.thrift.protocol.TProtocol oprot) throws org.apache.thrift.TException {
+ schemes.get(oprot.getScheme()).getScheme().write(oprot, this);
+ }
+
+ @Override
+ public String toString() {
+ StringBuilder sb = new StringBuilder("TAlterSentryRoleRevokePrivilegeResponse(");
+ boolean first = true;
+
+ sb.append("status:");
+ if (this.status == null) {
+ sb.append("null");
+ } else {
+ sb.append(this.status);
+ }
+ first = false;
+ sb.append(")");
+ return sb.toString();
+ }
+
+ public void validate() throws org.apache.thrift.TException {
+ // check for required fields
+ if (!isSetStatus()) {
+ throw new org.apache.thrift.protocol.TProtocolException("Required field 'status' is unset! Struct:" + toString());
+ }
+
+ // check for sub-struct validity
+ if (status != null) {
+ status.validate();
+ }
+ }
+
+ private void writeObject(java.io.ObjectOutputStream out) throws java.io.IOException {
+ try {
+ write(new org.apache.thrift.protocol.TCompactProtocol(new org.apache.thrift.transport.TIOStreamTransport(out)));
+ } catch (org.apache.thrift.TException te) {
+ throw new java.io.IOException(te);
+ }
+ }
+
+ private void readObject(java.io.ObjectInputStream in) throws java.io.IOException, ClassNotFoundException {
+ try {
+ read(new org.apache.thrift.protocol.TCompactProtocol(new org.apache.thrift.transport.TIOStreamTransport(in)));
+ } catch (org.apache.thrift.TException te) {
+ throw new java.io.IOException(te);
+ }
+ }
+
+ private static class TAlterSentryRoleRevokePrivilegeResponseStandardSchemeFactory implements SchemeFactory {
+ public TAlterSentryRoleRevokePrivilegeResponseStandardScheme getScheme() {
+ return new TAlterSentryRoleRevokePrivilegeResponseStandardScheme();
+ }
+ }
+
+ private static class TAlterSentryRoleRevokePrivilegeResponseStandardScheme extends StandardScheme<TAlterSentryRoleRevokePrivilegeResponse> {
+
+ public void read(org.apache.thrift.protocol.TProtocol iprot, TAlterSentryRoleRevokePrivilegeResponse struct) throws org.apache.thrift.TException {
+ org.apache.thrift.protocol.TField schemeField;
+ iprot.readStructBegin();
+ while (true)
+ {
+ schemeField = iprot.readFieldBegin();
+ if (schemeField.type == org.apache.thrift.protocol.TType.STOP) {
+ break;
+ }
+ switch (schemeField.id) {
+ case 1: // STATUS
+ if (schemeField.type == org.apache.thrift.protocol.TType.STRUCT) {
+ struct.status = new org.apache.sentry.service.thrift.TSentryResponseStatus();
+ struct.status.read(iprot);
+ struct.setStatusIsSet(true);
+ } else {
+ org.apache.thrift.protocol.TProtocolUtil.skip(iprot, schemeField.type);
+ }
+ break;
+ default:
+ org.apache.thrift.protocol.TProtocolUtil.skip(iprot, schemeField.type);
+ }
+ iprot.readFieldEnd();
+ }
+ iprot.readStructEnd();
+ struct.validate();
+ }
+
+ public void write(org.apache.thrift.protocol.TProtocol oprot, TAlterSentryRoleRevokePrivilegeResponse struct) throws org.apache.thrift.TException {
+ struct.validate();
+
+ oprot.writeStructBegin(STRUCT_DESC);
+ if (struct.status != null) {
+ oprot.writeFieldBegin(STATUS_FIELD_DESC);
+ struct.status.write(oprot);
+ oprot.writeFieldEnd();
+ }
+ oprot.writeFieldStop();
+ oprot.writeStructEnd();
+ }
+
+ }
+
+ private static class TAlterSentryRoleRevokePrivilegeResponseTupleSchemeFactory implements SchemeFactory {
+ public TAlterSentryRoleRevokePrivilegeResponseTupleScheme getScheme() {
+ return new TAlterSentryRoleRevokePrivilegeResponseTupleScheme();
+ }
+ }
+
+ private static class TAlterSentryRoleRevokePrivilegeResponseTupleScheme extends TupleScheme<TAlterSentryRoleRevokePrivilegeResponse> {
+
+ @Override
+ public void write(org.apache.thrift.protocol.TProtocol prot, TAlterSentryRoleRevokePrivilegeResponse struct) throws org.apache.thrift.TException {
+ TTupleProtocol oprot = (TTupleProtocol) prot;
+ struct.status.write(oprot);
+ }
+
+ @Override
+ public void read(org.apache.thrift.protocol.TProtocol prot, TAlterSentryRoleRevokePrivilegeResponse struct) throws org.apache.thrift.TException {
+ TTupleProtocol iprot = (TTupleProtocol) prot;
+ struct.status = new org.apache.sentry.service.thrift.TSentryResponseStatus();
+ struct.status.read(iprot);
+ struct.setStatusIsSet(true);
+ }
+ }
+
+}
+
http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/644e8be3/sentry-provider/sentry-provider-db/src/gen/thrift/gen-javabean/org/apache/sentry/provider/db/service/thrift/TCreateSentryRoleRequest.java
----------------------------------------------------------------------
diff --git a/sentry-provider/sentry-provider-db/src/gen/thrift/gen-javabean/org/apache/sentry/provider/db/service/thrift/TCreateSentryRoleRequest.java b/sentry-provider/sentry-provider-db/src/gen/thrift/gen-javabean/org/apache/sentry/provider/db/service/thrift/TCreateSentryRoleRequest.java
new file mode 100644
index 0000000..1f9eace
--- /dev/null
+++ b/sentry-provider/sentry-provider-db/src/gen/thrift/gen-javabean/org/apache/sentry/provider/db/service/thrift/TCreateSentryRoleRequest.java
@@ -0,0 +1,745 @@
+/**
+ * Autogenerated by Thrift Compiler (0.9.0)
+ *
+ * DO NOT EDIT UNLESS YOU ARE SURE THAT YOU KNOW WHAT YOU ARE DOING
+ * @generated
+ */
+package org.apache.sentry.provider.db.service.thrift;
+
+import org.apache.commons.lang.builder.HashCodeBuilder;
+import org.apache.thrift.scheme.IScheme;
+import org.apache.thrift.scheme.SchemeFactory;
+import org.apache.thrift.scheme.StandardScheme;
+
+import org.apache.thrift.scheme.TupleScheme;
+import org.apache.thrift.protocol.TTupleProtocol;
+import org.apache.thrift.protocol.TProtocolException;
+import org.apache.thrift.EncodingUtils;
+import org.apache.thrift.TException;
+import java.util.List;
+import java.util.ArrayList;
+import java.util.Map;
+import java.util.HashMap;
+import java.util.EnumMap;
+import java.util.Set;
+import java.util.HashSet;
+import java.util.EnumSet;
+import java.util.Collections;
+import java.util.BitSet;
+import java.nio.ByteBuffer;
+import java.util.Arrays;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+public class TCreateSentryRoleRequest implements org.apache.thrift.TBase<TCreateSentryRoleRequest, TCreateSentryRoleRequest._Fields>, java.io.Serializable, Cloneable {
+ private static final org.apache.thrift.protocol.TStruct STRUCT_DESC = new org.apache.thrift.protocol.TStruct("TCreateSentryRoleRequest");
+
+ private static final org.apache.thrift.protocol.TField PROTOCOL_VERSION_FIELD_DESC = new org.apache.thrift.protocol.TField("protocol_version", org.apache.thrift.protocol.TType.I32, (short)1);
+ private static final org.apache.thrift.protocol.TField REQUESTOR_USER_NAME_FIELD_DESC = new org.apache.thrift.protocol.TField("requestorUserName", org.apache.thrift.protocol.TType.STRING, (short)2);
+ private static final org.apache.thrift.protocol.TField ROLE_FIELD_DESC = new org.apache.thrift.protocol.TField("role", org.apache.thrift.protocol.TType.STRUCT, (short)3);
+ private static final org.apache.thrift.protocol.TField REQUESTOR_GROUP_NAME_FIELD_DESC = new org.apache.thrift.protocol.TField("requestorGroupName", org.apache.thrift.protocol.TType.SET, (short)4);
+
+ private static final Map<Class<? extends IScheme>, SchemeFactory> schemes = new HashMap<Class<? extends IScheme>, SchemeFactory>();
+ static {
+ schemes.put(StandardScheme.class, new TCreateSentryRoleRequestStandardSchemeFactory());
+ schemes.put(TupleScheme.class, new TCreateSentryRoleRequestTupleSchemeFactory());
+ }
+
+ private int protocol_version; // required
+ private String requestorUserName; // required
+ private TSentryRole role; // required
+ private Set<String> requestorGroupName; // required
+
+ /** The set of fields this struct contains, along with convenience methods for finding and manipulating them. */
+ public enum _Fields implements org.apache.thrift.TFieldIdEnum {
+ PROTOCOL_VERSION((short)1, "protocol_version"),
+ REQUESTOR_USER_NAME((short)2, "requestorUserName"),
+ ROLE((short)3, "role"),
+ REQUESTOR_GROUP_NAME((short)4, "requestorGroupName");
+
+ private static final Map<String, _Fields> byName = new HashMap<String, _Fields>();
+
+ static {
+ for (_Fields field : EnumSet.allOf(_Fields.class)) {
+ byName.put(field.getFieldName(), field);
+ }
+ }
+
+ /**
+ * Find the _Fields constant that matches fieldId, or null if its not found.
+ */
+ public static _Fields findByThriftId(int fieldId) {
+ switch(fieldId) {
+ case 1: // PROTOCOL_VERSION
+ return PROTOCOL_VERSION;
+ case 2: // REQUESTOR_USER_NAME
+ return REQUESTOR_USER_NAME;
+ case 3: // ROLE
+ return ROLE;
+ case 4: // REQUESTOR_GROUP_NAME
+ return REQUESTOR_GROUP_NAME;
+ default:
+ return null;
+ }
+ }
+
+ /**
+ * Find the _Fields constant that matches fieldId, throwing an exception
+ * if it is not found.
+ */
+ public static _Fields findByThriftIdOrThrow(int fieldId) {
+ _Fields fields = findByThriftId(fieldId);
+ if (fields == null) throw new IllegalArgumentException("Field " + fieldId + " doesn't exist!");
+ return fields;
+ }
+
+ /**
+ * Find the _Fields constant that matches name, or null if its not found.
+ */
+ public static _Fields findByName(String name) {
+ return byName.get(name);
+ }
+
+ private final short _thriftId;
+ private final String _fieldName;
+
+ _Fields(short thriftId, String fieldName) {
+ _thriftId = thriftId;
+ _fieldName = fieldName;
+ }
+
+ public short getThriftFieldId() {
+ return _thriftId;
+ }
+
+ public String getFieldName() {
+ return _fieldName;
+ }
+ }
+
+ // isset id assignments
+ private static final int __PROTOCOL_VERSION_ISSET_ID = 0;
+ private byte __isset_bitfield = 0;
+ public static final Map<_Fields, org.apache.thrift.meta_data.FieldMetaData> metaDataMap;
+ static {
+ Map<_Fields, org.apache.thrift.meta_data.FieldMetaData> tmpMap = new EnumMap<_Fields, org.apache.thrift.meta_data.FieldMetaData>(_Fields.class);
+ tmpMap.put(_Fields.PROTOCOL_VERSION, new org.apache.thrift.meta_data.FieldMetaData("protocol_version", org.apache.thrift.TFieldRequirementType.REQUIRED,
+ new org.apache.thrift.meta_data.FieldValueMetaData(org.apache.thrift.protocol.TType.I32)));
+ tmpMap.put(_Fields.REQUESTOR_USER_NAME, new org.apache.thrift.meta_data.FieldMetaData("requestorUserName", org.apache.thrift.TFieldRequirementType.REQUIRED,
+ new org.apache.thrift.meta_data.FieldValueMetaData(org.apache.thrift.protocol.TType.STRING)));
+ tmpMap.put(_Fields.ROLE, new org.apache.thrift.meta_data.FieldMetaData("role", org.apache.thrift.TFieldRequirementType.REQUIRED,
+ new org.apache.thrift.meta_data.StructMetaData(org.apache.thrift.protocol.TType.STRUCT, TSentryRole.class)));
+ tmpMap.put(_Fields.REQUESTOR_GROUP_NAME, new org.apache.thrift.meta_data.FieldMetaData("requestorGroupName", org.apache.thrift.TFieldRequirementType.REQUIRED,
+ new org.apache.thrift.meta_data.SetMetaData(org.apache.thrift.protocol.TType.SET,
+ new org.apache.thrift.meta_data.FieldValueMetaData(org.apache.thrift.protocol.TType.STRING))));
+ metaDataMap = Collections.unmodifiableMap(tmpMap);
+ org.apache.thrift.meta_data.FieldMetaData.addStructMetaDataMap(TCreateSentryRoleRequest.class, metaDataMap);
+ }
+
+ public TCreateSentryRoleRequest() {
+ this.protocol_version = 1;
+
+ }
+
+ public TCreateSentryRoleRequest(
+ int protocol_version,
+ String requestorUserName,
+ TSentryRole role,
+ Set<String> requestorGroupName)
+ {
+ this();
+ this.protocol_version = protocol_version;
+ setProtocol_versionIsSet(true);
+ this.requestorUserName = requestorUserName;
+ this.role = role;
+ this.requestorGroupName = requestorGroupName;
+ }
+
+ /**
+ * Performs a deep copy on <i>other</i>.
+ */
+ public TCreateSentryRoleRequest(TCreateSentryRoleRequest other) {
+ __isset_bitfield = other.__isset_bitfield;
+ this.protocol_version = other.protocol_version;
+ if (other.isSetRequestorUserName()) {
+ this.requestorUserName = other.requestorUserName;
+ }
+ if (other.isSetRole()) {
+ this.role = new TSentryRole(other.role);
+ }
+ if (other.isSetRequestorGroupName()) {
+ Set<String> __this__requestorGroupName = new HashSet<String>();
+ for (String other_element : other.requestorGroupName) {
+ __this__requestorGroupName.add(other_element);
+ }
+ this.requestorGroupName = __this__requestorGroupName;
+ }
+ }
+
+ public TCreateSentryRoleRequest deepCopy() {
+ return new TCreateSentryRoleRequest(this);
+ }
+
+ @Override
+ public void clear() {
+ this.protocol_version = 1;
+
+ this.requestorUserName = null;
+ this.role = null;
+ this.requestorGroupName = null;
+ }
+
+ public int getProtocol_version() {
+ return this.protocol_version;
+ }
+
+ public void setProtocol_version(int protocol_version) {
+ this.protocol_version = protocol_version;
+ setProtocol_versionIsSet(true);
+ }
+
+ public void unsetProtocol_version() {
+ __isset_bitfield = EncodingUtils.clearBit(__isset_bitfield, __PROTOCOL_VERSION_ISSET_ID);
+ }
+
+ /** Returns true if field protocol_version is set (has been assigned a value) and false otherwise */
+ public boolean isSetProtocol_version() {
+ return EncodingUtils.testBit(__isset_bitfield, __PROTOCOL_VERSION_ISSET_ID);
+ }
+
+ public void setProtocol_versionIsSet(boolean value) {
+ __isset_bitfield = EncodingUtils.setBit(__isset_bitfield, __PROTOCOL_VERSION_ISSET_ID, value);
+ }
+
+ public String getRequestorUserName() {
+ return this.requestorUserName;
+ }
+
+ public void setRequestorUserName(String requestorUserName) {
+ this.requestorUserName = requestorUserName;
+ }
+
+ public void unsetRequestorUserName() {
+ this.requestorUserName = null;
+ }
+
+ /** Returns true if field requestorUserName is set (has been assigned a value) and false otherwise */
+ public boolean isSetRequestorUserName() {
+ return this.requestorUserName != null;
+ }
+
+ public void setRequestorUserNameIsSet(boolean value) {
+ if (!value) {
+ this.requestorUserName = null;
+ }
+ }
+
+ public TSentryRole getRole() {
+ return this.role;
+ }
+
+ public void setRole(TSentryRole role) {
+ this.role = role;
+ }
+
+ public void unsetRole() {
+ this.role = null;
+ }
+
+ /** Returns true if field role is set (has been assigned a value) and false otherwise */
+ public boolean isSetRole() {
+ return this.role != null;
+ }
+
+ public void setRoleIsSet(boolean value) {
+ if (!value) {
+ this.role = null;
+ }
+ }
+
+ public int getRequestorGroupNameSize() {
+ return (this.requestorGroupName == null) ? 0 : this.requestorGroupName.size();
+ }
+
+ public java.util.Iterator<String> getRequestorGroupNameIterator() {
+ return (this.requestorGroupName == null) ? null : this.requestorGroupName.iterator();
+ }
+
+ public void addToRequestorGroupName(String elem) {
+ if (this.requestorGroupName == null) {
+ this.requestorGroupName = new HashSet<String>();
+ }
+ this.requestorGroupName.add(elem);
+ }
+
+ public Set<String> getRequestorGroupName() {
+ return this.requestorGroupName;
+ }
+
+ public void setRequestorGroupName(Set<String> requestorGroupName) {
+ this.requestorGroupName = requestorGroupName;
+ }
+
+ public void unsetRequestorGroupName() {
+ this.requestorGroupName = null;
+ }
+
+ /** Returns true if field requestorGroupName is set (has been assigned a value) and false otherwise */
+ public boolean isSetRequestorGroupName() {
+ return this.requestorGroupName != null;
+ }
+
+ public void setRequestorGroupNameIsSet(boolean value) {
+ if (!value) {
+ this.requestorGroupName = null;
+ }
+ }
+
+ public void setFieldValue(_Fields field, Object value) {
+ switch (field) {
+ case PROTOCOL_VERSION:
+ if (value == null) {
+ unsetProtocol_version();
+ } else {
+ setProtocol_version((Integer)value);
+ }
+ break;
+
+ case REQUESTOR_USER_NAME:
+ if (value == null) {
+ unsetRequestorUserName();
+ } else {
+ setRequestorUserName((String)value);
+ }
+ break;
+
+ case ROLE:
+ if (value == null) {
+ unsetRole();
+ } else {
+ setRole((TSentryRole)value);
+ }
+ break;
+
+ case REQUESTOR_GROUP_NAME:
+ if (value == null) {
+ unsetRequestorGroupName();
+ } else {
+ setRequestorGroupName((Set<String>)value);
+ }
+ break;
+
+ }
+ }
+
+ public Object getFieldValue(_Fields field) {
+ switch (field) {
+ case PROTOCOL_VERSION:
+ return Integer.valueOf(getProtocol_version());
+
+ case REQUESTOR_USER_NAME:
+ return getRequestorUserName();
+
+ case ROLE:
+ return getRole();
+
+ case REQUESTOR_GROUP_NAME:
+ return getRequestorGroupName();
+
+ }
+ throw new IllegalStateException();
+ }
+
+ /** Returns true if field corresponding to fieldID is set (has been assigned a value) and false otherwise */
+ public boolean isSet(_Fields field) {
+ if (field == null) {
+ throw new IllegalArgumentException();
+ }
+
+ switch (field) {
+ case PROTOCOL_VERSION:
+ return isSetProtocol_version();
+ case REQUESTOR_USER_NAME:
+ return isSetRequestorUserName();
+ case ROLE:
+ return isSetRole();
+ case REQUESTOR_GROUP_NAME:
+ return isSetRequestorGroupName();
+ }
+ throw new IllegalStateException();
+ }
+
+ @Override
+ public boolean equals(Object that) {
+ if (that == null)
+ return false;
+ if (that instanceof TCreateSentryRoleRequest)
+ return this.equals((TCreateSentryRoleRequest)that);
+ return false;
+ }
+
+ public boolean equals(TCreateSentryRoleRequest that) {
+ if (that == null)
+ return false;
+
+ boolean this_present_protocol_version = true;
+ boolean that_present_protocol_version = true;
+ if (this_present_protocol_version || that_present_protocol_version) {
+ if (!(this_present_protocol_version && that_present_protocol_version))
+ return false;
+ if (this.protocol_version != that.protocol_version)
+ return false;
+ }
+
+ boolean this_present_requestorUserName = true && this.isSetRequestorUserName();
+ boolean that_present_requestorUserName = true && that.isSetRequestorUserName();
+ if (this_present_requestorUserName || that_present_requestorUserName) {
+ if (!(this_present_requestorUserName && that_present_requestorUserName))
+ return false;
+ if (!this.requestorUserName.equals(that.requestorUserName))
+ return false;
+ }
+
+ boolean this_present_role = true && this.isSetRole();
+ boolean that_present_role = true && that.isSetRole();
+ if (this_present_role || that_present_role) {
+ if (!(this_present_role && that_present_role))
+ return false;
+ if (!this.role.equals(that.role))
+ return false;
+ }
+
+ boolean this_present_requestorGroupName = true && this.isSetRequestorGroupName();
+ boolean that_present_requestorGroupName = true && that.isSetRequestorGroupName();
+ if (this_present_requestorGroupName || that_present_requestorGroupName) {
+ if (!(this_present_requestorGroupName && that_present_requestorGroupName))
+ return false;
+ if (!this.requestorGroupName.equals(that.requestorGroupName))
+ return false;
+ }
+
+ return true;
+ }
+
+ @Override
+ public int hashCode() {
+ HashCodeBuilder builder = new HashCodeBuilder();
+
+ boolean present_protocol_version = true;
+ builder.append(present_protocol_version);
+ if (present_protocol_version)
+ builder.append(protocol_version);
+
+ boolean present_requestorUserName = true && (isSetRequestorUserName());
+ builder.append(present_requestorUserName);
+ if (present_requestorUserName)
+ builder.append(requestorUserName);
+
+ boolean present_role = true && (isSetRole());
+ builder.append(present_role);
+ if (present_role)
+ builder.append(role);
+
+ boolean present_requestorGroupName = true && (isSetRequestorGroupName());
+ builder.append(present_requestorGroupName);
+ if (present_requestorGroupName)
+ builder.append(requestorGroupName);
+
+ return builder.toHashCode();
+ }
+
+ public int compareTo(TCreateSentryRoleRequest other) {
+ if (!getClass().equals(other.getClass())) {
+ return getClass().getName().compareTo(other.getClass().getName());
+ }
+
+ int lastComparison = 0;
+ TCreateSentryRoleRequest typedOther = (TCreateSentryRoleRequest)other;
+
+ lastComparison = Boolean.valueOf(isSetProtocol_version()).compareTo(typedOther.isSetProtocol_version());
+ if (lastComparison != 0) {
+ return lastComparison;
+ }
+ if (isSetProtocol_version()) {
+ lastComparison = org.apache.thrift.TBaseHelper.compareTo(this.protocol_version, typedOther.protocol_version);
+ if (lastComparison != 0) {
+ return lastComparison;
+ }
+ }
+ lastComparison = Boolean.valueOf(isSetRequestorUserName()).compareTo(typedOther.isSetRequestorUserName());
+ if (lastComparison != 0) {
+ return lastComparison;
+ }
+ if (isSetRequestorUserName()) {
+ lastComparison = org.apache.thrift.TBaseHelper.compareTo(this.requestorUserName, typedOther.requestorUserName);
+ if (lastComparison != 0) {
+ return lastComparison;
+ }
+ }
+ lastComparison = Boolean.valueOf(isSetRole()).compareTo(typedOther.isSetRole());
+ if (lastComparison != 0) {
+ return lastComparison;
+ }
+ if (isSetRole()) {
+ lastComparison = org.apache.thrift.TBaseHelper.compareTo(this.role, typedOther.role);
+ if (lastComparison != 0) {
+ return lastComparison;
+ }
+ }
+ lastComparison = Boolean.valueOf(isSetRequestorGroupName()).compareTo(typedOther.isSetRequestorGroupName());
+ if (lastComparison != 0) {
+ return lastComparison;
+ }
+ if (isSetRequestorGroupName()) {
+ lastComparison = org.apache.thrift.TBaseHelper.compareTo(this.requestorGroupName, typedOther.requestorGroupName);
+ if (lastComparison != 0) {
+ return lastComparison;
+ }
+ }
+ return 0;
+ }
+
+ public _Fields fieldForId(int fieldId) {
+ return _Fields.findByThriftId(fieldId);
+ }
+
+ public void read(org.apache.thrift.protocol.TProtocol iprot) throws org.apache.thrift.TException {
+ schemes.get(iprot.getScheme()).getScheme().read(iprot, this);
+ }
+
+ public void write(org.apache.thrift.protocol.TProtocol oprot) throws org.apache.thrift.TException {
+ schemes.get(oprot.getScheme()).getScheme().write(oprot, this);
+ }
+
+ @Override
+ public String toString() {
+ StringBuilder sb = new StringBuilder("TCreateSentryRoleRequest(");
+ boolean first = true;
+
+ sb.append("protocol_version:");
+ sb.append(this.protocol_version);
+ first = false;
+ if (!first) sb.append(", ");
+ sb.append("requestorUserName:");
+ if (this.requestorUserName == null) {
+ sb.append("null");
+ } else {
+ sb.append(this.requestorUserName);
+ }
+ first = false;
+ if (!first) sb.append(", ");
+ sb.append("role:");
+ if (this.role == null) {
+ sb.append("null");
+ } else {
+ sb.append(this.role);
+ }
+ first = false;
+ if (!first) sb.append(", ");
+ sb.append("requestorGroupName:");
+ if (this.requestorGroupName == null) {
+ sb.append("null");
+ } else {
+ sb.append(this.requestorGroupName);
+ }
+ first = false;
+ sb.append(")");
+ return sb.toString();
+ }
+
+ public void validate() throws org.apache.thrift.TException {
+ // check for required fields
+ if (!isSetProtocol_version()) {
+ throw new org.apache.thrift.protocol.TProtocolException("Required field 'protocol_version' is unset! Struct:" + toString());
+ }
+
+ if (!isSetRequestorUserName()) {
+ throw new org.apache.thrift.protocol.TProtocolException("Required field 'requestorUserName' is unset! Struct:" + toString());
+ }
+
+ if (!isSetRole()) {
+ throw new org.apache.thrift.protocol.TProtocolException("Required field 'role' is unset! Struct:" + toString());
+ }
+
+ if (!isSetRequestorGroupName()) {
+ throw new org.apache.thrift.protocol.TProtocolException("Required field 'requestorGroupName' is unset! Struct:" + toString());
+ }
+
+ // check for sub-struct validity
+ if (role != null) {
+ role.validate();
+ }
+ }
+
+ private void writeObject(java.io.ObjectOutputStream out) throws java.io.IOException {
+ try {
+ write(new org.apache.thrift.protocol.TCompactProtocol(new org.apache.thrift.transport.TIOStreamTransport(out)));
+ } catch (org.apache.thrift.TException te) {
+ throw new java.io.IOException(te);
+ }
+ }
+
+ private void readObject(java.io.ObjectInputStream in) throws java.io.IOException, ClassNotFoundException {
+ try {
+ // it doesn't seem like you should have to do this, but java serialization is wacky, and doesn't call the default constructor.
+ __isset_bitfield = 0;
+ read(new org.apache.thrift.protocol.TCompactProtocol(new org.apache.thrift.transport.TIOStreamTransport(in)));
+ } catch (org.apache.thrift.TException te) {
+ throw new java.io.IOException(te);
+ }
+ }
+
+ private static class TCreateSentryRoleRequestStandardSchemeFactory implements SchemeFactory {
+ public TCreateSentryRoleRequestStandardScheme getScheme() {
+ return new TCreateSentryRoleRequestStandardScheme();
+ }
+ }
+
+ private static class TCreateSentryRoleRequestStandardScheme extends StandardScheme<TCreateSentryRoleRequest> {
+
+ public void read(org.apache.thrift.protocol.TProtocol iprot, TCreateSentryRoleRequest struct) throws org.apache.thrift.TException {
+ org.apache.thrift.protocol.TField schemeField;
+ iprot.readStructBegin();
+ while (true)
+ {
+ schemeField = iprot.readFieldBegin();
+ if (schemeField.type == org.apache.thrift.protocol.TType.STOP) {
+ break;
+ }
+ switch (schemeField.id) {
+ case 1: // PROTOCOL_VERSION
+ if (schemeField.type == org.apache.thrift.protocol.TType.I32) {
+ struct.protocol_version = iprot.readI32();
+ struct.setProtocol_versionIsSet(true);
+ } else {
+ org.apache.thrift.protocol.TProtocolUtil.skip(iprot, schemeField.type);
+ }
+ break;
+ case 2: // REQUESTOR_USER_NAME
+ if (schemeField.type == org.apache.thrift.protocol.TType.STRING) {
+ struct.requestorUserName = iprot.readString();
+ struct.setRequestorUserNameIsSet(true);
+ } else {
+ org.apache.thrift.protocol.TProtocolUtil.skip(iprot, schemeField.type);
+ }
+ break;
+ case 3: // ROLE
+ if (schemeField.type == org.apache.thrift.protocol.TType.STRUCT) {
+ struct.role = new TSentryRole();
+ struct.role.read(iprot);
+ struct.setRoleIsSet(true);
+ } else {
+ org.apache.thrift.protocol.TProtocolUtil.skip(iprot, schemeField.type);
+ }
+ break;
+ case 4: // REQUESTOR_GROUP_NAME
+ if (schemeField.type == org.apache.thrift.protocol.TType.SET) {
+ {
+ org.apache.thrift.protocol.TSet _set8 = iprot.readSetBegin();
+ struct.requestorGroupName = new HashSet<String>(2*_set8.size);
+ for (int _i9 = 0; _i9 < _set8.size; ++_i9)
+ {
+ String _elem10; // required
+ _elem10 = iprot.readString();
+ struct.requestorGroupName.add(_elem10);
+ }
+ iprot.readSetEnd();
+ }
+ struct.setRequestorGroupNameIsSet(true);
+ } else {
+ org.apache.thrift.protocol.TProtocolUtil.skip(iprot, schemeField.type);
+ }
+ break;
+ default:
+ org.apache.thrift.protocol.TProtocolUtil.skip(iprot, schemeField.type);
+ }
+ iprot.readFieldEnd();
+ }
+ iprot.readStructEnd();
+ struct.validate();
+ }
+
+ public void write(org.apache.thrift.protocol.TProtocol oprot, TCreateSentryRoleRequest struct) throws org.apache.thrift.TException {
+ struct.validate();
+
+ oprot.writeStructBegin(STRUCT_DESC);
+ oprot.writeFieldBegin(PROTOCOL_VERSION_FIELD_DESC);
+ oprot.writeI32(struct.protocol_version);
+ oprot.writeFieldEnd();
+ if (struct.requestorUserName != null) {
+ oprot.writeFieldBegin(REQUESTOR_USER_NAME_FIELD_DESC);
+ oprot.writeString(struct.requestorUserName);
+ oprot.writeFieldEnd();
+ }
+ if (struct.role != null) {
+ oprot.writeFieldBegin(ROLE_FIELD_DESC);
+ struct.role.write(oprot);
+ oprot.writeFieldEnd();
+ }
+ if (struct.requestorGroupName != null) {
+ oprot.writeFieldBegin(REQUESTOR_GROUP_NAME_FIELD_DESC);
+ {
+ oprot.writeSetBegin(new org.apache.thrift.protocol.TSet(org.apache.thrift.protocol.TType.STRING, struct.requestorGroupName.size()));
+ for (String _iter11 : struct.requestorGroupName)
+ {
+ oprot.writeString(_iter11);
+ }
+ oprot.writeSetEnd();
+ }
+ oprot.writeFieldEnd();
+ }
+ oprot.writeFieldStop();
+ oprot.writeStructEnd();
+ }
+
+ }
+
+ private static class TCreateSentryRoleRequestTupleSchemeFactory implements SchemeFactory {
+ public TCreateSentryRoleRequestTupleScheme getScheme() {
+ return new TCreateSentryRoleRequestTupleScheme();
+ }
+ }
+
+ private static class TCreateSentryRoleRequestTupleScheme extends TupleScheme<TCreateSentryRoleRequest> {
+
+ @Override
+ public void write(org.apache.thrift.protocol.TProtocol prot, TCreateSentryRoleRequest struct) throws org.apache.thrift.TException {
+ TTupleProtocol oprot = (TTupleProtocol) prot;
+ oprot.writeI32(struct.protocol_version);
+ oprot.writeString(struct.requestorUserName);
+ struct.role.write(oprot);
+ {
+ oprot.writeI32(struct.requestorGroupName.size());
+ for (String _iter12 : struct.requestorGroupName)
+ {
+ oprot.writeString(_iter12);
+ }
+ }
+ }
+
+ @Override
+ public void read(org.apache.thrift.protocol.TProtocol prot, TCreateSentryRoleRequest struct) throws org.apache.thrift.TException {
+ TTupleProtocol iprot = (TTupleProtocol) prot;
+ struct.protocol_version = iprot.readI32();
+ struct.setProtocol_versionIsSet(true);
+ struct.requestorUserName = iprot.readString();
+ struct.setRequestorUserNameIsSet(true);
+ struct.role = new TSentryRole();
+ struct.role.read(iprot);
+ struct.setRoleIsSet(true);
+ {
+ org.apache.thrift.protocol.TSet _set13 = new org.apache.thrift.protocol.TSet(org.apache.thrift.protocol.TType.STRING, iprot.readI32());
+ struct.requestorGroupName = new HashSet<String>(2*_set13.size);
+ for (int _i14 = 0; _i14 < _set13.size; ++_i14)
+ {
+ String _elem15; // required
+ _elem15 = iprot.readString();
+ struct.requestorGroupName.add(_elem15);
+ }
+ }
+ struct.setRequestorGroupNameIsSet(true);
+ }
+ }
+
+}
+
http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/644e8be3/sentry-provider/sentry-provider-db/src/gen/thrift/gen-javabean/org/apache/sentry/provider/db/service/thrift/TCreateSentryRoleResponse.java
----------------------------------------------------------------------
diff --git a/sentry-provider/sentry-provider-db/src/gen/thrift/gen-javabean/org/apache/sentry/provider/db/service/thrift/TCreateSentryRoleResponse.java b/sentry-provider/sentry-provider-db/src/gen/thrift/gen-javabean/org/apache/sentry/provider/db/service/thrift/TCreateSentryRoleResponse.java
new file mode 100644
index 0000000..fcb3f41
--- /dev/null
+++ b/sentry-provider/sentry-provider-db/src/gen/thrift/gen-javabean/org/apache/sentry/provider/db/service/thrift/TCreateSentryRoleResponse.java
@@ -0,0 +1,390 @@
+/**
+ * Autogenerated by Thrift Compiler (0.9.0)
+ *
+ * DO NOT EDIT UNLESS YOU ARE SURE THAT YOU KNOW WHAT YOU ARE DOING
+ * @generated
+ */
+package org.apache.sentry.provider.db.service.thrift;
+
+import org.apache.commons.lang.builder.HashCodeBuilder;
+import org.apache.thrift.scheme.IScheme;
+import org.apache.thrift.scheme.SchemeFactory;
+import org.apache.thrift.scheme.StandardScheme;
+
+import org.apache.thrift.scheme.TupleScheme;
+import org.apache.thrift.protocol.TTupleProtocol;
+import org.apache.thrift.protocol.TProtocolException;
+import org.apache.thrift.EncodingUtils;
+import org.apache.thrift.TException;
+import java.util.List;
+import java.util.ArrayList;
+import java.util.Map;
+import java.util.HashMap;
+import java.util.EnumMap;
+import java.util.Set;
+import java.util.HashSet;
+import java.util.EnumSet;
+import java.util.Collections;
+import java.util.BitSet;
+import java.nio.ByteBuffer;
+import java.util.Arrays;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+public class TCreateSentryRoleResponse implements org.apache.thrift.TBase<TCreateSentryRoleResponse, TCreateSentryRoleResponse._Fields>, java.io.Serializable, Cloneable {
+ private static final org.apache.thrift.protocol.TStruct STRUCT_DESC = new org.apache.thrift.protocol.TStruct("TCreateSentryRoleResponse");
+
+ private static final org.apache.thrift.protocol.TField STATUS_FIELD_DESC = new org.apache.thrift.protocol.TField("status", org.apache.thrift.protocol.TType.STRUCT, (short)1);
+
+ private static final Map<Class<? extends IScheme>, SchemeFactory> schemes = new HashMap<Class<? extends IScheme>, SchemeFactory>();
+ static {
+ schemes.put(StandardScheme.class, new TCreateSentryRoleResponseStandardSchemeFactory());
+ schemes.put(TupleScheme.class, new TCreateSentryRoleResponseTupleSchemeFactory());
+ }
+
+ private org.apache.sentry.service.thrift.TSentryResponseStatus status; // required
+
+ /** The set of fields this struct contains, along with convenience methods for finding and manipulating them. */
+ public enum _Fields implements org.apache.thrift.TFieldIdEnum {
+ STATUS((short)1, "status");
+
+ private static final Map<String, _Fields> byName = new HashMap<String, _Fields>();
+
+ static {
+ for (_Fields field : EnumSet.allOf(_Fields.class)) {
+ byName.put(field.getFieldName(), field);
+ }
+ }
+
+ /**
+ * Find the _Fields constant that matches fieldId, or null if its not found.
+ */
+ public static _Fields findByThriftId(int fieldId) {
+ switch(fieldId) {
+ case 1: // STATUS
+ return STATUS;
+ default:
+ return null;
+ }
+ }
+
+ /**
+ * Find the _Fields constant that matches fieldId, throwing an exception
+ * if it is not found.
+ */
+ public static _Fields findByThriftIdOrThrow(int fieldId) {
+ _Fields fields = findByThriftId(fieldId);
+ if (fields == null) throw new IllegalArgumentException("Field " + fieldId + " doesn't exist!");
+ return fields;
+ }
+
+ /**
+ * Find the _Fields constant that matches name, or null if its not found.
+ */
+ public static _Fields findByName(String name) {
+ return byName.get(name);
+ }
+
+ private final short _thriftId;
+ private final String _fieldName;
+
+ _Fields(short thriftId, String fieldName) {
+ _thriftId = thriftId;
+ _fieldName = fieldName;
+ }
+
+ public short getThriftFieldId() {
+ return _thriftId;
+ }
+
+ public String getFieldName() {
+ return _fieldName;
+ }
+ }
+
+ // isset id assignments
+ public static final Map<_Fields, org.apache.thrift.meta_data.FieldMetaData> metaDataMap;
+ static {
+ Map<_Fields, org.apache.thrift.meta_data.FieldMetaData> tmpMap = new EnumMap<_Fields, org.apache.thrift.meta_data.FieldMetaData>(_Fields.class);
+ tmpMap.put(_Fields.STATUS, new org.apache.thrift.meta_data.FieldMetaData("status", org.apache.thrift.TFieldRequirementType.REQUIRED,
+ new org.apache.thrift.meta_data.StructMetaData(org.apache.thrift.protocol.TType.STRUCT, org.apache.sentry.service.thrift.TSentryResponseStatus.class)));
+ metaDataMap = Collections.unmodifiableMap(tmpMap);
+ org.apache.thrift.meta_data.FieldMetaData.addStructMetaDataMap(TCreateSentryRoleResponse.class, metaDataMap);
+ }
+
+ public TCreateSentryRoleResponse() {
+ }
+
+ public TCreateSentryRoleResponse(
+ org.apache.sentry.service.thrift.TSentryResponseStatus status)
+ {
+ this();
+ this.status = status;
+ }
+
+ /**
+ * Performs a deep copy on <i>other</i>.
+ */
+ public TCreateSentryRoleResponse(TCreateSentryRoleResponse other) {
+ if (other.isSetStatus()) {
+ this.status = new org.apache.sentry.service.thrift.TSentryResponseStatus(other.status);
+ }
+ }
+
+ public TCreateSentryRoleResponse deepCopy() {
+ return new TCreateSentryRoleResponse(this);
+ }
+
+ @Override
+ public void clear() {
+ this.status = null;
+ }
+
+ public org.apache.sentry.service.thrift.TSentryResponseStatus getStatus() {
+ return this.status;
+ }
+
+ public void setStatus(org.apache.sentry.service.thrift.TSentryResponseStatus status) {
+ this.status = status;
+ }
+
+ public void unsetStatus() {
+ this.status = null;
+ }
+
+ /** Returns true if field status is set (has been assigned a value) and false otherwise */
+ public boolean isSetStatus() {
+ return this.status != null;
+ }
+
+ public void setStatusIsSet(boolean value) {
+ if (!value) {
+ this.status = null;
+ }
+ }
+
+ public void setFieldValue(_Fields field, Object value) {
+ switch (field) {
+ case STATUS:
+ if (value == null) {
+ unsetStatus();
+ } else {
+ setStatus((org.apache.sentry.service.thrift.TSentryResponseStatus)value);
+ }
+ break;
+
+ }
+ }
+
+ public Object getFieldValue(_Fields field) {
+ switch (field) {
+ case STATUS:
+ return getStatus();
+
+ }
+ throw new IllegalStateException();
+ }
+
+ /** Returns true if field corresponding to fieldID is set (has been assigned a value) and false otherwise */
+ public boolean isSet(_Fields field) {
+ if (field == null) {
+ throw new IllegalArgumentException();
+ }
+
+ switch (field) {
+ case STATUS:
+ return isSetStatus();
+ }
+ throw new IllegalStateException();
+ }
+
+ @Override
+ public boolean equals(Object that) {
+ if (that == null)
+ return false;
+ if (that instanceof TCreateSentryRoleResponse)
+ return this.equals((TCreateSentryRoleResponse)that);
+ return false;
+ }
+
+ public boolean equals(TCreateSentryRoleResponse that) {
+ if (that == null)
+ return false;
+
+ boolean this_present_status = true && this.isSetStatus();
+ boolean that_present_status = true && that.isSetStatus();
+ if (this_present_status || that_present_status) {
+ if (!(this_present_status && that_present_status))
+ return false;
+ if (!this.status.equals(that.status))
+ return false;
+ }
+
+ return true;
+ }
+
+ @Override
+ public int hashCode() {
+ HashCodeBuilder builder = new HashCodeBuilder();
+
+ boolean present_status = true && (isSetStatus());
+ builder.append(present_status);
+ if (present_status)
+ builder.append(status);
+
+ return builder.toHashCode();
+ }
+
+ public int compareTo(TCreateSentryRoleResponse other) {
+ if (!getClass().equals(other.getClass())) {
+ return getClass().getName().compareTo(other.getClass().getName());
+ }
+
+ int lastComparison = 0;
+ TCreateSentryRoleResponse typedOther = (TCreateSentryRoleResponse)other;
+
+ lastComparison = Boolean.valueOf(isSetStatus()).compareTo(typedOther.isSetStatus());
+ if (lastComparison != 0) {
+ return lastComparison;
+ }
+ if (isSetStatus()) {
+ lastComparison = org.apache.thrift.TBaseHelper.compareTo(this.status, typedOther.status);
+ if (lastComparison != 0) {
+ return lastComparison;
+ }
+ }
+ return 0;
+ }
+
+ public _Fields fieldForId(int fieldId) {
+ return _Fields.findByThriftId(fieldId);
+ }
+
+ public void read(org.apache.thrift.protocol.TProtocol iprot) throws org.apache.thrift.TException {
+ schemes.get(iprot.getScheme()).getScheme().read(iprot, this);
+ }
+
+ public void write(org.apache.thrift.protocol.TProtocol oprot) throws org.apache.thrift.TException {
+ schemes.get(oprot.getScheme()).getScheme().write(oprot, this);
+ }
+
+ @Override
+ public String toString() {
+ StringBuilder sb = new StringBuilder("TCreateSentryRoleResponse(");
+ boolean first = true;
+
+ sb.append("status:");
+ if (this.status == null) {
+ sb.append("null");
+ } else {
+ sb.append(this.status);
+ }
+ first = false;
+ sb.append(")");
+ return sb.toString();
+ }
+
+ public void validate() throws org.apache.thrift.TException {
+ // check for required fields
+ if (!isSetStatus()) {
+ throw new org.apache.thrift.protocol.TProtocolException("Required field 'status' is unset! Struct:" + toString());
+ }
+
+ // check for sub-struct validity
+ if (status != null) {
+ status.validate();
+ }
+ }
+
+ private void writeObject(java.io.ObjectOutputStream out) throws java.io.IOException {
+ try {
+ write(new org.apache.thrift.protocol.TCompactProtocol(new org.apache.thrift.transport.TIOStreamTransport(out)));
+ } catch (org.apache.thrift.TException te) {
+ throw new java.io.IOException(te);
+ }
+ }
+
+ private void readObject(java.io.ObjectInputStream in) throws java.io.IOException, ClassNotFoundException {
+ try {
+ read(new org.apache.thrift.protocol.TCompactProtocol(new org.apache.thrift.transport.TIOStreamTransport(in)));
+ } catch (org.apache.thrift.TException te) {
+ throw new java.io.IOException(te);
+ }
+ }
+
+ private static class TCreateSentryRoleResponseStandardSchemeFactory implements SchemeFactory {
+ public TCreateSentryRoleResponseStandardScheme getScheme() {
+ return new TCreateSentryRoleResponseStandardScheme();
+ }
+ }
+
+ private static class TCreateSentryRoleResponseStandardScheme extends StandardScheme<TCreateSentryRoleResponse> {
+
+ public void read(org.apache.thrift.protocol.TProtocol iprot, TCreateSentryRoleResponse struct) throws org.apache.thrift.TException {
+ org.apache.thrift.protocol.TField schemeField;
+ iprot.readStructBegin();
+ while (true)
+ {
+ schemeField = iprot.readFieldBegin();
+ if (schemeField.type == org.apache.thrift.protocol.TType.STOP) {
+ break;
+ }
+ switch (schemeField.id) {
+ case 1: // STATUS
+ if (schemeField.type == org.apache.thrift.protocol.TType.STRUCT) {
+ struct.status = new org.apache.sentry.service.thrift.TSentryResponseStatus();
+ struct.status.read(iprot);
+ struct.setStatusIsSet(true);
+ } else {
+ org.apache.thrift.protocol.TProtocolUtil.skip(iprot, schemeField.type);
+ }
+ break;
+ default:
+ org.apache.thrift.protocol.TProtocolUtil.skip(iprot, schemeField.type);
+ }
+ iprot.readFieldEnd();
+ }
+ iprot.readStructEnd();
+ struct.validate();
+ }
+
+ public void write(org.apache.thrift.protocol.TProtocol oprot, TCreateSentryRoleResponse struct) throws org.apache.thrift.TException {
+ struct.validate();
+
+ oprot.writeStructBegin(STRUCT_DESC);
+ if (struct.status != null) {
+ oprot.writeFieldBegin(STATUS_FIELD_DESC);
+ struct.status.write(oprot);
+ oprot.writeFieldEnd();
+ }
+ oprot.writeFieldStop();
+ oprot.writeStructEnd();
+ }
+
+ }
+
+ private static class TCreateSentryRoleResponseTupleSchemeFactory implements SchemeFactory {
+ public TCreateSentryRoleResponseTupleScheme getScheme() {
+ return new TCreateSentryRoleResponseTupleScheme();
+ }
+ }
+
+ private static class TCreateSentryRoleResponseTupleScheme extends TupleScheme<TCreateSentryRoleResponse> {
+
+ @Override
+ public void write(org.apache.thrift.protocol.TProtocol prot, TCreateSentryRoleResponse struct) throws org.apache.thrift.TException {
+ TTupleProtocol oprot = (TTupleProtocol) prot;
+ struct.status.write(oprot);
+ }
+
+ @Override
+ public void read(org.apache.thrift.protocol.TProtocol prot, TCreateSentryRoleResponse struct) throws org.apache.thrift.TException {
+ TTupleProtocol iprot = (TTupleProtocol) prot;
+ struct.status = new org.apache.sentry.service.thrift.TSentryResponseStatus();
+ struct.status.read(iprot);
+ struct.setStatusIsSet(true);
+ }
+ }
+
+}
+
http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/644e8be3/sentry-provider/sentry-provider-db/src/gen/thrift/gen-javabean/org/apache/sentry/provider/db/service/thrift/TDropSentryRoleRequest.java
----------------------------------------------------------------------
diff --git a/sentry-provider/sentry-provider-db/src/gen/thrift/gen-javabean/org/apache/sentry/provider/db/service/thrift/TDropSentryRoleRequest.java b/sentry-provider/sentry-provider-db/src/gen/thrift/gen-javabean/org/apache/sentry/provider/db/service/thrift/TDropSentryRoleRequest.java
new file mode 100644
index 0000000..353a82f
--- /dev/null
+++ b/sentry-provider/sentry-provider-db/src/gen/thrift/gen-javabean/org/apache/sentry/provider/db/service/thrift/TDropSentryRoleRequest.java
@@ -0,0 +1,740 @@
+/**
+ * Autogenerated by Thrift Compiler (0.9.0)
+ *
+ * DO NOT EDIT UNLESS YOU ARE SURE THAT YOU KNOW WHAT YOU ARE DOING
+ * @generated
+ */
+package org.apache.sentry.provider.db.service.thrift;
+
+import org.apache.commons.lang.builder.HashCodeBuilder;
+import org.apache.thrift.scheme.IScheme;
+import org.apache.thrift.scheme.SchemeFactory;
+import org.apache.thrift.scheme.StandardScheme;
+
+import org.apache.thrift.scheme.TupleScheme;
+import org.apache.thrift.protocol.TTupleProtocol;
+import org.apache.thrift.protocol.TProtocolException;
+import org.apache.thrift.EncodingUtils;
+import org.apache.thrift.TException;
+import java.util.List;
+import java.util.ArrayList;
+import java.util.Map;
+import java.util.HashMap;
+import java.util.EnumMap;
+import java.util.Set;
+import java.util.HashSet;
+import java.util.EnumSet;
+import java.util.Collections;
+import java.util.BitSet;
+import java.nio.ByteBuffer;
+import java.util.Arrays;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+public class TDropSentryRoleRequest implements org.apache.thrift.TBase<TDropSentryRoleRequest, TDropSentryRoleRequest._Fields>, java.io.Serializable, Cloneable {
+ private static final org.apache.thrift.protocol.TStruct STRUCT_DESC = new org.apache.thrift.protocol.TStruct("TDropSentryRoleRequest");
+
+ private static final org.apache.thrift.protocol.TField PROTOCOL_VERSION_FIELD_DESC = new org.apache.thrift.protocol.TField("protocol_version", org.apache.thrift.protocol.TType.I32, (short)1);
+ private static final org.apache.thrift.protocol.TField REQUESTOR_USER_NAME_FIELD_DESC = new org.apache.thrift.protocol.TField("requestorUserName", org.apache.thrift.protocol.TType.STRING, (short)2);
+ private static final org.apache.thrift.protocol.TField ROLE_NAME_FIELD_DESC = new org.apache.thrift.protocol.TField("roleName", org.apache.thrift.protocol.TType.STRING, (short)3);
+ private static final org.apache.thrift.protocol.TField REQUESTOR_GROUP_NAME_FIELD_DESC = new org.apache.thrift.protocol.TField("requestorGroupName", org.apache.thrift.protocol.TType.SET, (short)4);
+
+ private static final Map<Class<? extends IScheme>, SchemeFactory> schemes = new HashMap<Class<? extends IScheme>, SchemeFactory>();
+ static {
+ schemes.put(StandardScheme.class, new TDropSentryRoleRequestStandardSchemeFactory());
+ schemes.put(TupleScheme.class, new TDropSentryRoleRequestTupleSchemeFactory());
+ }
+
+ private int protocol_version; // required
+ private String requestorUserName; // required
+ private String roleName; // required
+ private Set<String> requestorGroupName; // required
+
+ /** The set of fields this struct contains, along with convenience methods for finding and manipulating them. */
+ public enum _Fields implements org.apache.thrift.TFieldIdEnum {
+ PROTOCOL_VERSION((short)1, "protocol_version"),
+ REQUESTOR_USER_NAME((short)2, "requestorUserName"),
+ ROLE_NAME((short)3, "roleName"),
+ REQUESTOR_GROUP_NAME((short)4, "requestorGroupName");
+
+ private static final Map<String, _Fields> byName = new HashMap<String, _Fields>();
+
+ static {
+ for (_Fields field : EnumSet.allOf(_Fields.class)) {
+ byName.put(field.getFieldName(), field);
+ }
+ }
+
+ /**
+ * Find the _Fields constant that matches fieldId, or null if its not found.
+ */
+ public static _Fields findByThriftId(int fieldId) {
+ switch(fieldId) {
+ case 1: // PROTOCOL_VERSION
+ return PROTOCOL_VERSION;
+ case 2: // REQUESTOR_USER_NAME
+ return REQUESTOR_USER_NAME;
+ case 3: // ROLE_NAME
+ return ROLE_NAME;
+ case 4: // REQUESTOR_GROUP_NAME
+ return REQUESTOR_GROUP_NAME;
+ default:
+ return null;
+ }
+ }
+
+ /**
+ * Find the _Fields constant that matches fieldId, throwing an exception
+ * if it is not found.
+ */
+ public static _Fields findByThriftIdOrThrow(int fieldId) {
+ _Fields fields = findByThriftId(fieldId);
+ if (fields == null) throw new IllegalArgumentException("Field " + fieldId + " doesn't exist!");
+ return fields;
+ }
+
+ /**
+ * Find the _Fields constant that matches name, or null if its not found.
+ */
+ public static _Fields findByName(String name) {
+ return byName.get(name);
+ }
+
+ private final short _thriftId;
+ private final String _fieldName;
+
+ _Fields(short thriftId, String fieldName) {
+ _thriftId = thriftId;
+ _fieldName = fieldName;
+ }
+
+ public short getThriftFieldId() {
+ return _thriftId;
+ }
+
+ public String getFieldName() {
+ return _fieldName;
+ }
+ }
+
+ // isset id assignments
+ private static final int __PROTOCOL_VERSION_ISSET_ID = 0;
+ private byte __isset_bitfield = 0;
+ public static final Map<_Fields, org.apache.thrift.meta_data.FieldMetaData> metaDataMap;
+ static {
+ Map<_Fields, org.apache.thrift.meta_data.FieldMetaData> tmpMap = new EnumMap<_Fields, org.apache.thrift.meta_data.FieldMetaData>(_Fields.class);
+ tmpMap.put(_Fields.PROTOCOL_VERSION, new org.apache.thrift.meta_data.FieldMetaData("protocol_version", org.apache.thrift.TFieldRequirementType.REQUIRED,
+ new org.apache.thrift.meta_data.FieldValueMetaData(org.apache.thrift.protocol.TType.I32)));
+ tmpMap.put(_Fields.REQUESTOR_USER_NAME, new org.apache.thrift.meta_data.FieldMetaData("requestorUserName", org.apache.thrift.TFieldRequirementType.REQUIRED,
+ new org.apache.thrift.meta_data.FieldValueMetaData(org.apache.thrift.protocol.TType.STRING)));
+ tmpMap.put(_Fields.ROLE_NAME, new org.apache.thrift.meta_data.FieldMetaData("roleName", org.apache.thrift.TFieldRequirementType.REQUIRED,
+ new org.apache.thrift.meta_data.FieldValueMetaData(org.apache.thrift.protocol.TType.STRING)));
+ tmpMap.put(_Fields.REQUESTOR_GROUP_NAME, new org.apache.thrift.meta_data.FieldMetaData("requestorGroupName", org.apache.thrift.TFieldRequirementType.REQUIRED,
+ new org.apache.thrift.meta_data.SetMetaData(org.apache.thrift.protocol.TType.SET,
+ new org.apache.thrift.meta_data.FieldValueMetaData(org.apache.thrift.protocol.TType.STRING))));
+ metaDataMap = Collections.unmodifiableMap(tmpMap);
+ org.apache.thrift.meta_data.FieldMetaData.addStructMetaDataMap(TDropSentryRoleRequest.class, metaDataMap);
+ }
+
+ public TDropSentryRoleRequest() {
+ this.protocol_version = 1;
+
+ }
+
+ public TDropSentryRoleRequest(
+ int protocol_version,
+ String requestorUserName,
+ String roleName,
+ Set<String> requestorGroupName)
+ {
+ this();
+ this.protocol_version = protocol_version;
+ setProtocol_versionIsSet(true);
+ this.requestorUserName = requestorUserName;
+ this.roleName = roleName;
+ this.requestorGroupName = requestorGroupName;
+ }
+
+ /**
+ * Performs a deep copy on <i>other</i>.
+ */
+ public TDropSentryRoleRequest(TDropSentryRoleRequest other) {
+ __isset_bitfield = other.__isset_bitfield;
+ this.protocol_version = other.protocol_version;
+ if (other.isSetRequestorUserName()) {
+ this.requestorUserName = other.requestorUserName;
+ }
+ if (other.isSetRoleName()) {
+ this.roleName = other.roleName;
+ }
+ if (other.isSetRequestorGroupName()) {
+ Set<String> __this__requestorGroupName = new HashSet<String>();
+ for (String other_element : other.requestorGroupName) {
+ __this__requestorGroupName.add(other_element);
+ }
+ this.requestorGroupName = __this__requestorGroupName;
+ }
+ }
+
+ public TDropSentryRoleRequest deepCopy() {
+ return new TDropSentryRoleRequest(this);
+ }
+
+ @Override
+ public void clear() {
+ this.protocol_version = 1;
+
+ this.requestorUserName = null;
+ this.roleName = null;
+ this.requestorGroupName = null;
+ }
+
+ public int getProtocol_version() {
+ return this.protocol_version;
+ }
+
+ public void setProtocol_version(int protocol_version) {
+ this.protocol_version = protocol_version;
+ setProtocol_versionIsSet(true);
+ }
+
+ public void unsetProtocol_version() {
+ __isset_bitfield = EncodingUtils.clearBit(__isset_bitfield, __PROTOCOL_VERSION_ISSET_ID);
+ }
+
+ /** Returns true if field protocol_version is set (has been assigned a value) and false otherwise */
+ public boolean isSetProtocol_version() {
+ return EncodingUtils.testBit(__isset_bitfield, __PROTOCOL_VERSION_ISSET_ID);
+ }
+
+ public void setProtocol_versionIsSet(boolean value) {
+ __isset_bitfield = EncodingUtils.setBit(__isset_bitfield, __PROTOCOL_VERSION_ISSET_ID, value);
+ }
+
+ public String getRequestorUserName() {
+ return this.requestorUserName;
+ }
+
+ public void setRequestorUserName(String requestorUserName) {
+ this.requestorUserName = requestorUserName;
+ }
+
+ public void unsetRequestorUserName() {
+ this.requestorUserName = null;
+ }
+
+ /** Returns true if field requestorUserName is set (has been assigned a value) and false otherwise */
+ public boolean isSetRequestorUserName() {
+ return this.requestorUserName != null;
+ }
+
+ public void setRequestorUserNameIsSet(boolean value) {
+ if (!value) {
+ this.requestorUserName = null;
+ }
+ }
+
+ public String getRoleName() {
+ return this.roleName;
+ }
+
+ public void setRoleName(String roleName) {
+ this.roleName = roleName;
+ }
+
+ public void unsetRoleName() {
+ this.roleName = null;
+ }
+
+ /** Returns true if field roleName is set (has been assigned a value) and false otherwise */
+ public boolean isSetRoleName() {
+ return this.roleName != null;
+ }
+
+ public void setRoleNameIsSet(boolean value) {
+ if (!value) {
+ this.roleName = null;
+ }
+ }
+
+ public int getRequestorGroupNameSize() {
+ return (this.requestorGroupName == null) ? 0 : this.requestorGroupName.size();
+ }
+
+ public java.util.Iterator<String> getRequestorGroupNameIterator() {
+ return (this.requestorGroupName == null) ? null : this.requestorGroupName.iterator();
+ }
+
+ public void addToRequestorGroupName(String elem) {
+ if (this.requestorGroupName == null) {
+ this.requestorGroupName = new HashSet<String>();
+ }
+ this.requestorGroupName.add(elem);
+ }
+
+ public Set<String> getRequestorGroupName() {
+ return this.requestorGroupName;
+ }
+
+ public void setRequestorGroupName(Set<String> requestorGroupName) {
+ this.requestorGroupName = requestorGroupName;
+ }
+
+ public void unsetRequestorGroupName() {
+ this.requestorGroupName = null;
+ }
+
+ /** Returns true if field requestorGroupName is set (has been assigned a value) and false otherwise */
+ public boolean isSetRequestorGroupName() {
+ return this.requestorGroupName != null;
+ }
+
+ public void setRequestorGroupNameIsSet(boolean value) {
+ if (!value) {
+ this.requestorGroupName = null;
+ }
+ }
+
+ public void setFieldValue(_Fields field, Object value) {
+ switch (field) {
+ case PROTOCOL_VERSION:
+ if (value == null) {
+ unsetProtocol_version();
+ } else {
+ setProtocol_version((Integer)value);
+ }
+ break;
+
+ case REQUESTOR_USER_NAME:
+ if (value == null) {
+ unsetRequestorUserName();
+ } else {
+ setRequestorUserName((String)value);
+ }
+ break;
+
+ case ROLE_NAME:
+ if (value == null) {
+ unsetRoleName();
+ } else {
+ setRoleName((String)value);
+ }
+ break;
+
+ case REQUESTOR_GROUP_NAME:
+ if (value == null) {
+ unsetRequestorGroupName();
+ } else {
+ setRequestorGroupName((Set<String>)value);
+ }
+ break;
+
+ }
+ }
+
+ public Object getFieldValue(_Fields field) {
+ switch (field) {
+ case PROTOCOL_VERSION:
+ return Integer.valueOf(getProtocol_version());
+
+ case REQUESTOR_USER_NAME:
+ return getRequestorUserName();
+
+ case ROLE_NAME:
+ return getRoleName();
+
+ case REQUESTOR_GROUP_NAME:
+ return getRequestorGroupName();
+
+ }
+ throw new IllegalStateException();
+ }
+
+ /** Returns true if field corresponding to fieldID is set (has been assigned a value) and false otherwise */
+ public boolean isSet(_Fields field) {
+ if (field == null) {
+ throw new IllegalArgumentException();
+ }
+
+ switch (field) {
+ case PROTOCOL_VERSION:
+ return isSetProtocol_version();
+ case REQUESTOR_USER_NAME:
+ return isSetRequestorUserName();
+ case ROLE_NAME:
+ return isSetRoleName();
+ case REQUESTOR_GROUP_NAME:
+ return isSetRequestorGroupName();
+ }
+ throw new IllegalStateException();
+ }
+
+ @Override
+ public boolean equals(Object that) {
+ if (that == null)
+ return false;
+ if (that instanceof TDropSentryRoleRequest)
+ return this.equals((TDropSentryRoleRequest)that);
+ return false;
+ }
+
+ public boolean equals(TDropSentryRoleRequest that) {
+ if (that == null)
+ return false;
+
+ boolean this_present_protocol_version = true;
+ boolean that_present_protocol_version = true;
+ if (this_present_protocol_version || that_present_protocol_version) {
+ if (!(this_present_protocol_version && that_present_protocol_version))
+ return false;
+ if (this.protocol_version != that.protocol_version)
+ return false;
+ }
+
+ boolean this_present_requestorUserName = true && this.isSetRequestorUserName();
+ boolean that_present_requestorUserName = true && that.isSetRequestorUserName();
+ if (this_present_requestorUserName || that_present_requestorUserName) {
+ if (!(this_present_requestorUserName && that_present_requestorUserName))
+ return false;
+ if (!this.requestorUserName.equals(that.requestorUserName))
+ return false;
+ }
+
+ boolean this_present_roleName = true && this.isSetRoleName();
+ boolean that_present_roleName = true && that.isSetRoleName();
+ if (this_present_roleName || that_present_roleName) {
+ if (!(this_present_roleName && that_present_roleName))
+ return false;
+ if (!this.roleName.equals(that.roleName))
+ return false;
+ }
+
+ boolean this_present_requestorGroupName = true && this.isSetRequestorGroupName();
+ boolean that_present_requestorGroupName = true && that.isSetRequestorGroupName();
+ if (this_present_requestorGroupName || that_present_requestorGroupName) {
+ if (!(this_present_requestorGroupName && that_present_requestorGroupName))
+ return false;
+ if (!this.requestorGroupName.equals(that.requestorGroupName))
+ return false;
+ }
+
+ return true;
+ }
+
+ @Override
+ public int hashCode() {
+ HashCodeBuilder builder = new HashCodeBuilder();
+
+ boolean present_protocol_version = true;
+ builder.append(present_protocol_version);
+ if (present_protocol_version)
+ builder.append(protocol_version);
+
+ boolean present_requestorUserName = true && (isSetRequestorUserName());
+ builder.append(present_requestorUserName);
+ if (present_requestorUserName)
+ builder.append(requestorUserName);
+
+ boolean present_roleName = true && (isSetRoleName());
+ builder.append(present_roleName);
+ if (present_roleName)
+ builder.append(roleName);
+
+ boolean present_requestorGroupName = true && (isSetRequestorGroupName());
+ builder.append(present_requestorGroupName);
+ if (present_requestorGroupName)
+ builder.append(requestorGroupName);
+
+ return builder.toHashCode();
+ }
+
+ public int compareTo(TDropSentryRoleRequest other) {
+ if (!getClass().equals(other.getClass())) {
+ return getClass().getName().compareTo(other.getClass().getName());
+ }
+
+ int lastComparison = 0;
+ TDropSentryRoleRequest typedOther = (TDropSentryRoleRequest)other;
+
+ lastComparison = Boolean.valueOf(isSetProtocol_version()).compareTo(typedOther.isSetProtocol_version());
+ if (lastComparison != 0) {
+ return lastComparison;
+ }
+ if (isSetProtocol_version()) {
+ lastComparison = org.apache.thrift.TBaseHelper.compareTo(this.protocol_version, typedOther.protocol_version);
+ if (lastComparison != 0) {
+ return lastComparison;
+ }
+ }
+ lastComparison = Boolean.valueOf(isSetRequestorUserName()).compareTo(typedOther.isSetRequestorUserName());
+ if (lastComparison != 0) {
+ return lastComparison;
+ }
+ if (isSetRequestorUserName()) {
+ lastComparison = org.apache.thrift.TBaseHelper.compareTo(this.requestorUserName, typedOther.requestorUserName);
+ if (lastComparison != 0) {
+ return lastComparison;
+ }
+ }
+ lastComparison = Boolean.valueOf(isSetRoleName()).compareTo(typedOther.isSetRoleName());
+ if (lastComparison != 0) {
+ return lastComparison;
+ }
+ if (isSetRoleName()) {
+ lastComparison = org.apache.thrift.TBaseHelper.compareTo(this.roleName, typedOther.roleName);
+ if (lastComparison != 0) {
+ return lastComparison;
+ }
+ }
+ lastComparison = Boolean.valueOf(isSetRequestorGroupName()).compareTo(typedOther.isSetRequestorGroupName());
+ if (lastComparison != 0) {
+ return lastComparison;
+ }
+ if (isSetRequestorGroupName()) {
+ lastComparison = org.apache.thrift.TBaseHelper.compareTo(this.requestorGroupName, typedOther.requestorGroupName);
+ if (lastComparison != 0) {
+ return lastComparison;
+ }
+ }
+ return 0;
+ }
+
+ public _Fields fieldForId(int fieldId) {
+ return _Fields.findByThriftId(fieldId);
+ }
+
+ public void read(org.apache.thrift.protocol.TProtocol iprot) throws org.apache.thrift.TException {
+ schemes.get(iprot.getScheme()).getScheme().read(iprot, this);
+ }
+
+ public void write(org.apache.thrift.protocol.TProtocol oprot) throws org.apache.thrift.TException {
+ schemes.get(oprot.getScheme()).getScheme().write(oprot, this);
+ }
+
+ @Override
+ public String toString() {
+ StringBuilder sb = new StringBuilder("TDropSentryRoleRequest(");
+ boolean first = true;
+
+ sb.append("protocol_version:");
+ sb.append(this.protocol_version);
+ first = false;
+ if (!first) sb.append(", ");
+ sb.append("requestorUserName:");
+ if (this.requestorUserName == null) {
+ sb.append("null");
+ } else {
+ sb.append(this.requestorUserName);
+ }
+ first = false;
+ if (!first) sb.append(", ");
+ sb.append("roleName:");
+ if (this.roleName == null) {
+ sb.append("null");
+ } else {
+ sb.append(this.roleName);
+ }
+ first = false;
+ if (!first) sb.append(", ");
+ sb.append("requestorGroupName:");
+ if (this.requestorGroupName == null) {
+ sb.append("null");
+ } else {
+ sb.append(this.requestorGroupName);
+ }
+ first = false;
+ sb.append(")");
+ return sb.toString();
+ }
+
+ public void validate() throws org.apache.thrift.TException {
+ // check for required fields
+ if (!isSetProtocol_version()) {
+ throw new org.apache.thrift.protocol.TProtocolException("Required field 'protocol_version' is unset! Struct:" + toString());
+ }
+
+ if (!isSetRequestorUserName()) {
+ throw new org.apache.thrift.protocol.TProtocolException("Required field 'requestorUserName' is unset! Struct:" + toString());
+ }
+
+ if (!isSetRoleName()) {
+ throw new org.apache.thrift.protocol.TProtocolException("Required field 'roleName' is unset! Struct:" + toString());
+ }
+
+ if (!isSetRequestorGroupName()) {
+ throw new org.apache.thrift.protocol.TProtocolException("Required field 'requestorGroupName' is unset! Struct:" + toString());
+ }
+
+ // check for sub-struct validity
+ }
+
+ private void writeObject(java.io.ObjectOutputStream out) throws java.io.IOException {
+ try {
+ write(new org.apache.thrift.protocol.TCompactProtocol(new org.apache.thrift.transport.TIOStreamTransport(out)));
+ } catch (org.apache.thrift.TException te) {
+ throw new java.io.IOException(te);
+ }
+ }
+
+ private void readObject(java.io.ObjectInputStream in) throws java.io.IOException, ClassNotFoundException {
+ try {
+ // it doesn't seem like you should have to do this, but java serialization is wacky, and doesn't call the default constructor.
+ __isset_bitfield = 0;
+ read(new org.apache.thrift.protocol.TCompactProtocol(new org.apache.thrift.transport.TIOStreamTransport(in)));
+ } catch (org.apache.thrift.TException te) {
+ throw new java.io.IOException(te);
+ }
+ }
+
+ private static class TDropSentryRoleRequestStandardSchemeFactory implements SchemeFactory {
+ public TDropSentryRoleRequestStandardScheme getScheme() {
+ return new TDropSentryRoleRequestStandardScheme();
+ }
+ }
+
+ private static class TDropSentryRoleRequestStandardScheme extends StandardScheme<TDropSentryRoleRequest> {
+
+ public void read(org.apache.thrift.protocol.TProtocol iprot, TDropSentryRoleRequest struct) throws org.apache.thrift.TException {
+ org.apache.thrift.protocol.TField schemeField;
+ iprot.readStructBegin();
+ while (true)
+ {
+ schemeField = iprot.readFieldBegin();
+ if (schemeField.type == org.apache.thrift.protocol.TType.STOP) {
+ break;
+ }
+ switch (schemeField.id) {
+ case 1: // PROTOCOL_VERSION
+ if (schemeField.type == org.apache.thrift.protocol.TType.I32) {
+ struct.protocol_version = iprot.readI32();
+ struct.setProtocol_versionIsSet(true);
+ } else {
+ org.apache.thrift.protocol.TProtocolUtil.skip(iprot, schemeField.type);
+ }
+ break;
+ case 2: // REQUESTOR_USER_NAME
+ if (schemeField.type == org.apache.thrift.protocol.TType.STRING) {
+ struct.requestorUserName = iprot.readString();
+ struct.setRequestorUserNameIsSet(true);
+ } else {
+ org.apache.thrift.protocol.TProtocolUtil.skip(iprot, schemeField.type);
+ }
+ break;
+ case 3: // ROLE_NAME
+ if (schemeField.type == org.apache.thrift.protocol.TType.STRING) {
+ struct.roleName = iprot.readString();
+ struct.setRoleNameIsSet(true);
+ } else {
+ org.apache.thrift.protocol.TProtocolUtil.skip(iprot, schemeField.type);
+ }
+ break;
+ case 4: // REQUESTOR_GROUP_NAME
+ if (schemeField.type == org.apache.thrift.protocol.TType.SET) {
+ {
+ org.apache.thrift.protocol.TSet _set32 = iprot.readSetBegin();
+ struct.requestorGroupName = new HashSet<String>(2*_set32.size);
+ for (int _i33 = 0; _i33 < _set32.size; ++_i33)
+ {
+ String _elem34; // required
+ _elem34 = iprot.readString();
+ struct.requestorGroupName.add(_elem34);
+ }
+ iprot.readSetEnd();
+ }
+ struct.setRequestorGroupNameIsSet(true);
+ } else {
+ org.apache.thrift.protocol.TProtocolUtil.skip(iprot, schemeField.type);
+ }
+ break;
+ default:
+ org.apache.thrift.protocol.TProtocolUtil.skip(iprot, schemeField.type);
+ }
+ iprot.readFieldEnd();
+ }
+ iprot.readStructEnd();
+ struct.validate();
+ }
+
+ public void write(org.apache.thrift.protocol.TProtocol oprot, TDropSentryRoleRequest struct) throws org.apache.thrift.TException {
+ struct.validate();
+
+ oprot.writeStructBegin(STRUCT_DESC);
+ oprot.writeFieldBegin(PROTOCOL_VERSION_FIELD_DESC);
+ oprot.writeI32(struct.protocol_version);
+ oprot.writeFieldEnd();
+ if (struct.requestorUserName != null) {
+ oprot.writeFieldBegin(REQUESTOR_USER_NAME_FIELD_DESC);
+ oprot.writeString(struct.requestorUserName);
+ oprot.writeFieldEnd();
+ }
+ if (struct.roleName != null) {
+ oprot.writeFieldBegin(ROLE_NAME_FIELD_DESC);
+ oprot.writeString(struct.roleName);
+ oprot.writeFieldEnd();
+ }
+ if (struct.requestorGroupName != null) {
+ oprot.writeFieldBegin(REQUESTOR_GROUP_NAME_FIELD_DESC);
+ {
+ oprot.writeSetBegin(new org.apache.thrift.protocol.TSet(org.apache.thrift.protocol.TType.STRING, struct.requestorGroupName.size()));
+ for (String _iter35 : struct.requestorGroupName)
+ {
+ oprot.writeString(_iter35);
+ }
+ oprot.writeSetEnd();
+ }
+ oprot.writeFieldEnd();
+ }
+ oprot.writeFieldStop();
+ oprot.writeStructEnd();
+ }
+
+ }
+
+ private static class TDropSentryRoleRequestTupleSchemeFactory implements SchemeFactory {
+ public TDropSentryRoleRequestTupleScheme getScheme() {
+ return new TDropSentryRoleRequestTupleScheme();
+ }
+ }
+
+ private static class TDropSentryRoleRequestTupleScheme extends TupleScheme<TDropSentryRoleRequest> {
+
+ @Override
+ public void write(org.apache.thrift.protocol.TProtocol prot, TDropSentryRoleRequest struct) throws org.apache.thrift.TException {
+ TTupleProtocol oprot = (TTupleProtocol) prot;
+ oprot.writeI32(struct.protocol_version);
+ oprot.writeString(struct.requestorUserName);
+ oprot.writeString(struct.roleName);
+ {
+ oprot.writeI32(struct.requestorGroupName.size());
+ for (String _iter36 : struct.requestorGroupName)
+ {
+ oprot.writeString(_iter36);
+ }
+ }
+ }
+
+ @Override
+ public void read(org.apache.thrift.protocol.TProtocol prot, TDropSentryRoleRequest struct) throws org.apache.thrift.TException {
+ TTupleProtocol iprot = (TTupleProtocol) prot;
+ struct.protocol_version = iprot.readI32();
+ struct.setProtocol_versionIsSet(true);
+ struct.requestorUserName = iprot.readString();
+ struct.setRequestorUserNameIsSet(true);
+ struct.roleName = iprot.readString();
+ struct.setRoleNameIsSet(true);
+ {
+ org.apache.thrift.protocol.TSet _set37 = new org.apache.thrift.protocol.TSet(org.apache.thrift.protocol.TType.STRING, iprot.readI32());
+ struct.requestorGroupName = new HashSet<String>(2*_set37.size);
+ for (int _i38 = 0; _i38 < _set37.size; ++_i38)
+ {
+ String _elem39; // required
+ _elem39 = iprot.readString();
+ struct.requestorGroupName.add(_elem39);
+ }
+ }
+ struct.setRequestorGroupNameIsSet(true);
+ }
+ }
+
+}
+
[13/13] git commit: SENTRY-143: Merge db_policy_store branch into
master (Brock Noland via Shreepadma Venugopalan)
Posted by sh...@apache.org.
SENTRY-143: Merge db_policy_store branch into master (Brock Noland via Shreepadma Venugopalan)
Project: http://git-wip-us.apache.org/repos/asf/incubator-sentry/repo
Commit: http://git-wip-us.apache.org/repos/asf/incubator-sentry/commit/644e8be3
Tree: http://git-wip-us.apache.org/repos/asf/incubator-sentry/tree/644e8be3
Diff: http://git-wip-us.apache.org/repos/asf/incubator-sentry/diff/644e8be3
Branch: refs/heads/master
Commit: 644e8be346a152e43fa435b9adbb47ce6b3e3e91
Parents: 0341d51
Author: Shreepadma Venugopalan <sh...@apache.org>
Authored: Thu Mar 13 14:20:19 2014 -0700
Committer: Shreepadma Venugopalan <sh...@apache.org>
Committed: Thu Mar 13 14:20:19 2014 -0700
----------------------------------------------------------------------
.gitignore | 3 +-
bin/config-tool.sh | 25 -
bin/sentry | 59 +-
pom.xml | 123 +-
.../binding/hive/HiveAuthzBindingHook.java | 28 +-
.../hive/HiveAuthzBindingPreExecHook.java | 2 +-
.../hive/SentryOnFailureHookContext.java | 13 +-
.../hive/SentryOnFailureHookContextImpl.java | 13 +-
.../binding/hive/authz/HiveAuthzBinding.java | 40 +-
.../hive/authz/HiveAuthzPrivilegesMap.java | 1 -
.../binding/hive/authz/SentryConfigTool.java | 107 +-
.../binding/hive/MockUserToGroupMapping.java | 8 +-
.../sentry/binding/hive/TestHiveAuthzConf.java | 1 +
.../org/apache/sentry/binding/hive/TestURI.java | 1 -
.../authz/SentrySolrAuthorizationException.java | 2 +
.../binding/solr/authz/SolrAuthzBinding.java | 12 +-
.../sentry/binding/solr/conf/SolrAuthzConf.java | 4 -
.../binding/solr/TestSolrAuthzBinding.java | 39 +-
sentry-core/sentry-core-common/pom.xml | 4 +
.../main/java/org/apache/sentry/Command.java | 23 +
.../main/java/org/apache/sentry/SentryMain.java | 73 +
.../org/apache/sentry/SentryUserException.java | 28 +
.../sentry/core/common/ActiveRoleSet.java | 71 +
.../common/SentryConfigurationException.java | 1 +
.../sentry/core/common/utils/PathUtils.java | 4 +-
.../sentry/core/common/utils/TestPathUtils.java | 1 +
.../sentry/core/search/TestCollection.java | 3 +-
sentry-dist/pom.xml | 4 +
sentry-dist/src/main/assembly/src.xml | 1 -
.../sentry/policy/common/PermissionFactory.java | 26 -
.../sentry/policy/common/PolicyEngine.java | 39 +-
.../apache/sentry/policy/common/Privilege.java | 21 +
.../sentry/policy/common/PrivilegeFactory.java | 24 +
.../sentry/policy/common/PrivilegeUtils.java | 27 +
.../policy/common/PrivilegeValidator.java | 24 +
.../common/PrivilegeValidatorContext.java | 38 +
.../sentry/policy/common/RoleValidator.java | 26 -
.../policy/db/AbstractDBPrivilegeValidator.java | 50 +
.../policy/db/AbstractDBRoleValidator.java | 50 -
.../sentry/policy/db/DBWildcardPermission.java | 181 -
.../sentry/policy/db/DBWildcardPrivilege.java | 179 +
.../sentry/policy/db/DatabaseMustMatch.java | 11 +-
.../policy/db/DatabaseRequiredInPrivilege.java | 71 +
.../policy/db/DatabaseRequiredInRole.java | 70 -
.../sentry/policy/db/ServerNameMustMatch.java | 12 +-
.../sentry/policy/db/ServersAllIsInvalid.java | 12 +-
.../sentry/policy/db/SimpleDBPolicyEngine.java | 125 +-
.../db/AbstractTestSimplePolicyEngine.java | 27 +-
.../sentry/policy/db/DBPolicyFileBackend.java | 3 +-
.../policy/db/TestDBModelAuthorizables.java | 2 -
.../policy/db/TestDBWildcardPermission.java | 286 -
.../policy/db/TestDBWildcardPrivilege.java | 286 +
.../policy/db/TestDatabaseRequiredInRole.java | 13 +-
.../policy/db/TestPolicyParsingNegative.java | 94 +-
...sourceAuthorizationProviderGeneralCases.java | 8 +-
...sourceAuthorizationProviderSpecialCases.java | 19 +-
.../policy/db/TestSimpleDBPolicyEngineDFS.java | 24 +-
.../db/TestSimpleDBPolicyEngineLocalFS.java | 3 +-
.../AbstractSearchPrivilegeValidator.java | 51 +
.../search/AbstractSearchRoleValidator.java | 50 -
.../search/CollectionRequiredInPrivilege.java | 43 +
.../policy/search/CollectionRequiredInRole.java | 44 -
.../policy/search/SearchWildcardPermission.java | 152 -
.../policy/search/SearchWildcardPrivilege.java | 146 +
.../policy/search/SimpleSearchPolicyEngine.java | 88 +-
.../search/AbstractTestSearchPolicyEngine.java | 18 +-
.../policy/search/SearchPolicyFileBackend.java | 1 +
.../search/TestCollectionRequiredInRole.java | 19 +-
...SearchAuthorizationProviderGeneralCases.java | 6 +-
...SearchAuthorizationProviderSpecialCases.java | 5 +-
.../search/TestSearchModelAuthorizables.java | 2 -
.../search/TestSearchPolicyEngineDFS.java | 11 +-
.../policy/search/TestSearchPolicyNegative.java | 34 +-
.../search/TestSearchWildcardPermission.java | 206 -
.../search/TestSearchWildcardPrivilege.java | 205 +
sentry-provider/pom.xml | 1 +
.../provider/common/AuthorizationProvider.java | 19 +-
.../provider/common/GroupMappingService.java | 9 +-
.../common/NoAuthorizationProvider.java | 9 +-
.../provider/common/NoGroupMappingService.java | 8 +-
.../sentry/provider/common/ProviderBackend.java | 37 +-
.../provider/common/ProviderBackendContext.java | 50 +
.../apache/sentry/provider/common/Roles.java | 50 -
.../common/MockGroupMappingServiceProvider.java | 9 +-
.../common/TestNoAuthorizationProvider.java | 6 +-
sentry-provider/sentry-provider-db/.gitignore | 1 +
sentry-provider/sentry-provider-db/pom.xml | 243 +
.../db/service/thrift/SentryPolicyService.java | 6548 ++++++++++++++++++
.../TAlterSentryRoleAddGroupsRequest.java | 895 +++
.../TAlterSentryRoleAddGroupsResponse.java | 390 ++
.../TAlterSentryRoleDeleteGroupsRequest.java | 639 ++
.../TAlterSentryRoleDeleteGroupsResponse.java | 390 ++
.../TAlterSentryRoleGrantPrivilegeRequest.java | 846 +++
.../TAlterSentryRoleGrantPrivilegeResponse.java | 390 ++
.../TAlterSentryRoleRevokePrivilegeRequest.java | 846 +++
...TAlterSentryRoleRevokePrivilegeResponse.java | 390 ++
.../thrift/TCreateSentryRoleRequest.java | 745 ++
.../thrift/TCreateSentryRoleResponse.java | 390 ++
.../service/thrift/TDropSentryRoleRequest.java | 740 ++
.../service/thrift/TDropSentryRoleResponse.java | 390 ++
.../service/thrift/TListSentryRolesRequest.java | 850 +++
.../thrift/TListSentryRolesResponse.java | 545 ++
.../db/service/thrift/TSentryGroup.java | 385 +
.../db/service/thrift/TSentryPrivilege.java | 1224 ++++
.../provider/db/service/thrift/TSentryRole.java | 740 ++
.../service/thrift/TSentryResponseStatus.java | 594 ++
.../thrift/sentry_common_serviceConstants.java | 48 +
.../provider/db/service/model/MSentryGroup.java | 131 +
.../db/service/model/MSentryPrivilege.java | 247 +
.../provider/db/service/model/MSentryRole.java | 179 +
.../provider/db/service/model/package.jdo | 125 +
.../db/service/persistent/CommitContext.java | 42 +
.../SentryAlreadyExistsException.java | 27 +
.../persistent/SentryInvalidInputException.java | 27 +
.../persistent/SentryNoSuchObjectException.java | 27 +
.../db/service/persistent/SentryStore.java | 461 ++
.../db/service/thrift/NotificationHandler.java | 71 +
.../thrift/NotificationHandlerInvoker.java | 146 +
.../db/service/thrift/PolicyStoreConstants.java | 25 +
.../thrift/SentryConfigurationException.java | 30 +
.../thrift/SentryPolicyServiceClient.java | 110 +
.../thrift/SentryPolicyStoreProcessor.java | 344 +
.../SentryPolicyStoreProcessorFactory.java | 39 +
.../thrift/ConnectionDeniedException.java | 36 +
.../sentry/service/thrift/GSSCallback.java | 102 +
.../service/thrift/KerberosConfiguration.java | 78 +
.../sentry/service/thrift/ProcessorFactory.java | 30 +
.../sentry/service/thrift/SentryService.java | 272 +
.../thrift/SentryServiceClientFactory.java | 30 +
.../service/thrift/SentryServiceFactory.java | 29 +
.../sentry/service/thrift/ServiceConstants.java | 78 +
.../apache/sentry/service/thrift/Status.java | 84 +
.../src/main/resources/sentry-mysql-1.4.0.sql | 113 +
.../src/main/resources/sentry-oracle-1.4.0.sql | 101 +
.../main/resources/sentry-postgres-1.4.0.sql | 115 +
.../main/resources/sentry_common_service.thrift | 41 +
.../main/resources/sentry_policy_service.thrift | 150 +
.../db/service/persistent/TestSentryStore.java | 145 +
.../thrift/TestNotificationHandlerInvoker.java | 112 +
.../thrift/TestSentryPolicyStoreProcessor.java | 70 +
.../thrift/TestSentryServiceFailureCase.java | 45 +
.../thrift/TestSentryServiceIntegration.java | 170 +
.../thrift/SentryServiceIntegrationBase.java | 172 +
.../src/test/resources/log4j.properties | 34 +
.../file/HadoopGroupMappingService.java | 9 +-
...adoopGroupResourceAuthorizationProvider.java | 3 -
.../provider/file/LocalGroupMappingService.java | 14 +-
...LocalGroupResourceAuthorizationProvider.java | 4 +-
.../apache/sentry/provider/file/PolicyFile.java | 10 +-
.../sentry/provider/file/PolicyFiles.java | 2 +-
.../file/ResourceAuthorizationProvider.java | 76 +-
.../file/SimpleFileProviderBackend.java | 248 +-
.../provider/file/TestGetGroupMapping.java | 34 +-
.../sentry/provider/file/TestKeyValue.java | 1 -
.../provider/file/TestLocalGroupMapping.java | 22 +-
.../file/TestSimpleFileProvderBackend.java | 120 +
sentry-tests/sentry-tests-hive/.gitignore | 1 +
sentry-tests/sentry-tests-hive/pom.xml | 33 +-
.../AbstractTestWithStaticConfiguration.java | 10 +-
.../apache/sentry/tests/e2e/hive/Context.java | 1 -
.../sentry/tests/e2e/hive/TestConfigTool.java | 27 +-
.../tests/e2e/hive/TestPerDBConfiguration.java | 12 +-
.../e2e/hive/TestPrivilegesAtTableScope.java | 4 +-
.../hive/TestSentryOnFailureHookLoading.java | 21 +-
.../sentry/tests/e2e/hive/fs/AbstractDFS.java | 5 +-
.../sentry/tests/e2e/hive/fs/ClusterDFS.java | 7 +-
.../apache/sentry/tests/e2e/hive/fs/DFS.java | 2 -
.../sentry/tests/e2e/hive/fs/DFSFactory.java | 4 +-
.../sentry/tests/e2e/hive/fs/MiniDFS.java | 6 +-
.../e2e/hive/hiveserver/EmbeddedHiveServer.java | 6 +-
.../e2e/hive/hiveserver/HiveServerFactory.java | 2 +-
.../e2e/hive/hiveserver/InternalHiveServer.java | 1 +
.../hive/hiveserver/UnmanagedHiveServer.java | 12 +-
.../e2e/solr/AbstractSolrSentryTestBase.java | 3 -
.../sentry/tests/e2e/solr/HdfsTestUtil.java | 1 -
.../ModifiableUserAuthenticationFilter.java | 1 -
.../e2e/solr/TestCollAdminCoreOperations.java | 12 +-
.../tests/e2e/solr/TestQueryOperations.java | 11 +-
.../tests/e2e/solr/TestUpdateOperations.java | 11 +-
179 files changed, 24669 insertions(+), 2058 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/644e8be3/.gitignore
----------------------------------------------------------------------
diff --git a/.gitignore b/.gitignore
index 06f9ff4..6a39d39 100644
--- a/.gitignore
+++ b/.gitignore
@@ -6,7 +6,8 @@ target/
.metadata
.idea/
*.iml
-**/derby.log
+derby.log
+datanucleus.log
**/TempStatsStore/
# Package Files #
*.jar
http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/644e8be3/bin/config-tool.sh
----------------------------------------------------------------------
diff --git a/bin/config-tool.sh b/bin/config-tool.sh
deleted file mode 100755
index b286421..0000000
--- a/bin/config-tool.sh
+++ /dev/null
@@ -1,25 +0,0 @@
-#!/usr/bin/env bash
-
-# Licensed to the Apache Software Foundation (ASF) under one or more
-# contributor license agreements. See the NOTICE file distributed with
-# this work for additional information regarding copyright ownership.
-# The ASF licenses this file to You under the Apache License, Version 2.0
-# (the "License"); you may not use this file except in compliance with
-# the License. You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-_CMD_JAR=sentry-binding-hive-*.jar
-_HIVE_CMD=${HIVE_HOME}/bin/hive
-for f in ${SENTRY_HOME}/lib/*.jar; do
- HADOOP_CLASSPATH=${HADOOP_CLASSPATH}:${f}
-done
-
-${_HIVE_CMD} --service jar ${SENTRY_HOME}/lib/${_CMD_JAR} org.apache.sentry.binding.hive.authz.SentryConfigTool "$@"
-
http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/644e8be3/bin/sentry
----------------------------------------------------------------------
diff --git a/bin/sentry b/bin/sentry
index 812fa12..81b4382 100755
--- a/bin/sentry
+++ b/bin/sentry
@@ -25,41 +25,40 @@ fi
_HIVE_CMD=hive
#check to see if the hive conf dir is given as an optional argument
+args=()
while [ $# -gt 0 ]; do # Until you run out of parameters . . .
case "$1" in
--hive-config)
- shift
- confdir=$1
- shift
- export HIVE_CONF_DIR=$confdir
- echo Using hive-conf-dir $HIVE_CONF_DIR
- ;;
+ shift
+ confdir=$1
+ shift
+ export HIVE_CONF_DIR=$confdir
+ echo Using hive-conf-dir $HIVE_CONF_DIR
+ ;;
--hive-home)
- shift
- homedir=$1
- shift
- export HIVE_HOME=$homedir
- echo Using hive-home $HIVE_HOME
- ;;
- --command)
- shift
- case "$1" in
- config-tool)
- shift
- $myhome/bin/config-tool.sh "$@"
- ;;
- *)
- echo Unknown option $1
- echo "Usage sentry --command <config-tool [config-tool-options]>"
- break
- ;;
- esac
- break
- ;;
+ shift
+ homedir=$1
+ shift
+ export HIVE_HOME=$homedir
+ echo Using hive-home $HIVE_HOME
+ ;;
*)
- echo "Usage sentry --command <config-tool [config-tool-options]>"
- break
- ;;
+ args+=($1)
+ shift
+ ;;
esac
done
+if [[ -z "$HIVE_HOME" ]]
+then
+ echo "HIVE_HOME must be defined either as an env variable or by the --hive-home argument"
+ exit 1
+fi
+
+_CMD_JAR=sentry-core-common-*.jar
+_HIVE_CMD=${HIVE_HOME}/bin/hive
+for f in ${SENTRY_HOME}/lib/*.jar; do
+ HADOOP_CLASSPATH=${HADOOP_CLASSPATH}:${f}
+done
+export HADOOP_CLASSPATH
+${_HIVE_CMD} --service jar ${SENTRY_HOME}/lib/${_CMD_JAR} org.apache.sentry.SentryMain "${args[@]}"
http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/644e8be3/pom.xml
----------------------------------------------------------------------
diff --git a/pom.xml b/pom.xml
index 5a8c32b..9725102 100644
--- a/pom.xml
+++ b/pom.xml
@@ -50,8 +50,8 @@ limitations under the License.
<properties>
<project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
- <maven.compile.source>1.6</maven.compile.source>
- <maven.compile.target>1.6</maven.compile.target>
+ <maven.compile.source>1.7</maven.compile.source>
+ <maven.compile.target>1.7</maven.compile.target>
<!-- versions are in alphabetical order -->
<ant.contrib.version>1.0b3</ant.contrib.version>
<maven.antrun.plugin.version>1.7</maven.antrun.plugin.version>
@@ -63,7 +63,9 @@ limitations under the License.
<datanucleus-api-jdo.version>3.2.1</datanucleus-api-jdo.version>
<datanucleus-core.version>3.2.2</datanucleus-core.version>
<datanucleus-rdbms.version>3.2.1</datanucleus-rdbms.version>
+ <jdo-api.version>3.0.1</jdo-api.version>
<derby.version>10.4.2.0</derby.version>
+ <commons-cli.version>1.2</commons-cli.version>
<hive.version>0.12.0-cdh5.0.0-beta-2-SNAPSHOT</hive.version>
<hadoop.version>2.2.0-cdh5.0.0-beta-2-SNAPSHOT</hadoop.version>
<fest.reflect.version>1.4.1</fest.reflect.version>
@@ -72,6 +74,7 @@ limitations under the License.
<libthrift.version>0.9.0-cdh4-1</libthrift.version>
<libfb303.version>0.9.0</libfb303.version>
<log4j.version>1.2.16</log4j.version>
+ <mockito.version>1.8.5</mockito.version>
<shiro.version>1.2.1</shiro.version>
<slf4j.version>1.6.1</slf4j.version>
<solr.version>4.7.0</solr.version>
@@ -82,6 +85,16 @@ limitations under the License.
<dependencyManagement>
<dependencies>
<dependency>
+ <groupId>ant-contrib</groupId>
+ <artifactId>ant-contrib</artifactId>
+ <version>1.0b3</version>
+ </dependency>
+ <dependency>
+ <groupId>commons-cli</groupId>
+ <artifactId>commons-cli</artifactId>
+ <version>${commons-cli.version}</version>
+ </dependency>
+ <dependency>
<groupId>commons-lang</groupId>
<artifactId>commons-lang</artifactId>
<version>${commons.lang.version}</version>
@@ -264,6 +277,11 @@ limitations under the License.
</dependency>
<dependency>
<groupId>org.apache.sentry</groupId>
+ <artifactId>sentry-provider-db</artifactId>
+ <version>${project.version}</version>
+ </dependency>
+ <dependency>
+ <groupId>org.apache.sentry</groupId>
<artifactId>sentry-policy-common</artifactId>
<version>${project.version}</version>
</dependency>
@@ -282,6 +300,31 @@ limitations under the License.
<artifactId>sentry-dist</artifactId>
<version>${project.version}</version>
</dependency>
+ <dependency>
+ <groupId>javax.jdo</groupId>
+ <artifactId>jdo-api</artifactId>
+ <version>${jdo-api.version}</version>
+ </dependency>
+ <dependency>
+ <groupId>org.datanucleus</groupId>
+ <artifactId>datanucleus-core</artifactId>
+ <version>${datanucleus-core.version}</version>
+ </dependency>
+ <dependency>
+ <groupId>org.datanucleus</groupId>
+ <artifactId>datanucleus-api-jdo</artifactId>
+ <version>${datanucleus-api-jdo.version}</version>
+ </dependency>
+ <dependency>
+ <groupId>org.datanucleus</groupId>
+ <artifactId>datanucleus-rdbms</artifactId>
+ <version>${datanucleus-rdbms.version}</version>
+ </dependency>
+ <dependency>
+ <groupId>org.mockito</groupId>
+ <artifactId>mockito-all</artifactId>
+ <version>${mockito.version}</version>
+ </dependency>
</dependencies>
</dependencyManagement>
@@ -328,6 +371,24 @@ limitations under the License.
</plugin>
<plugin>
<groupId>org.apache.maven.plugins</groupId>
+ <artifactId>maven-antrun-plugin</artifactId>
+ <version>${maven.antrun.plugin.version}</version>
+ <dependencies>
+ <dependency>
+ <groupId>ant-contrib</groupId>
+ <artifactId>ant-contrib</artifactId>
+ <version>${ant.contrib.version}</version>
+ <exclusions>
+ <exclusion>
+ <groupId>ant</groupId>
+ <artifactId>ant</artifactId>
+ </exclusion>
+ </exclusions>
+ </dependency>
+ </dependencies>
+ </plugin>
+ <plugin>
+ <groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-compiler-plugin</artifactId>
<version>2.5.1</version>
<configuration>
@@ -336,6 +397,30 @@ limitations under the License.
</configuration>
</plugin>
<plugin>
+ <groupId>org.apache.maven.plugins</groupId>
+ <artifactId>maven-enforcer-plugin</artifactId>
+ <version>${maven.enforcer.plugin.version}</version>
+ </plugin>
+ <plugin>
+ <groupId>org.apache.maven.plugins</groupId>
+ <artifactId>maven-jar-plugin</artifactId>
+ <version>2.4</version>
+ </plugin>
+ <plugin>
+ <groupId>org.apache.maven.plugins</groupId>
+ <artifactId>maven-surefire-plugin</artifactId>
+ <version>2.16</version>
+ <configuration>
+ <forkMode>always</forkMode>
+ <environmentVariables>
+ <HADOOP_CLIENT_OPTS>-Xmx1000m -Dhive.log.dir=./target/</HADOOP_CLIENT_OPTS>
+ </environmentVariables>
+ <forkedProcessTimeoutInSeconds>900</forkedProcessTimeoutInSeconds>
+ <redirectTestOutputToFile>true</redirectTestOutputToFile>
+ <argLine>-Xms256m -Xmx1g</argLine>
+ </configuration>
+ </plugin>
+ <plugin>
<groupId>org.apache.rat</groupId>
<artifactId>apache-rat-plugin</artifactId>
<version>0.10</version>
@@ -368,31 +453,29 @@ limitations under the License.
<exclude>**/*.lck</exclude>
<!-- exclude generated solr config files -->
<exclude>**/solr/collection1/conf/**</exclude>
+ <!-- exclude generated thrift files -->
+ <exclude>**/gen/**</exclude>
</excludes>
</configuration>
</execution>
</executions>
</plugin>
-
<plugin>
- <groupId>org.apache.maven.plugins</groupId>
- <artifactId>maven-jar-plugin</artifactId>
- <version>2.4</version>
+ <groupId>org.codehaus.mojo</groupId>
+ <artifactId>build-helper-maven-plugin</artifactId>
+ <version>${build.helper.maven.plugin.version}</version>
</plugin>
-
- <plugin>
- <groupId>org.apache.maven.plugins</groupId>
- <artifactId>maven-surefire-plugin</artifactId>
- <version>2.16</version>
- <configuration>
- <forkMode>always</forkMode>
- <environmentVariables>
- <HADOOP_CLIENT_OPTS>-Xmx1000m -Dhive.log.dir=./target/</HADOOP_CLIENT_OPTS>
- </environmentVariables>
- <forkedProcessTimeoutInSeconds>900</forkedProcessTimeoutInSeconds>
- <redirectTestOutputToFile>true</redirectTestOutputToFile>
- <argLine>-Xms256m -Xmx1g</argLine>
- </configuration>
+ <plugin>
+ <groupId>org.datanucleus</groupId>
+ <artifactId>datanucleus-maven-plugin</artifactId>
+ <version>${datanucleus.maven.plugin.version}</version>
+ <dependencies>
+ <dependency>
+ <groupId>org.datanucleus</groupId>
+ <artifactId>datanucleus-core</artifactId>
+ <version>${datanucleus-core.version}</version>
+ </dependency>
+ </dependencies>
</plugin>
</plugins>
</pluginManagement>
http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/644e8be3/sentry-binding/sentry-binding-hive/src/main/java/org/apache/sentry/binding/hive/HiveAuthzBindingHook.java
----------------------------------------------------------------------
diff --git a/sentry-binding/sentry-binding-hive/src/main/java/org/apache/sentry/binding/hive/HiveAuthzBindingHook.java b/sentry-binding/sentry-binding-hive/src/main/java/org/apache/sentry/binding/hive/HiveAuthzBindingHook.java
index c719905..5ff7764 100644
--- a/sentry-binding/sentry-binding-hive/src/main/java/org/apache/sentry/binding/hive/HiveAuthzBindingHook.java
+++ b/sentry-binding/sentry-binding-hive/src/main/java/org/apache/sentry/binding/hive/HiveAuthzBindingHook.java
@@ -18,11 +18,9 @@ package org.apache.sentry.binding.hive;
import static org.apache.hadoop.hive.metastore.MetaStoreUtils.DEFAULT_DATABASE_NAME;
-import java.io.File;
import java.io.Serializable;
import java.net.MalformedURLException;
import java.net.URI;
-import java.net.URISyntaxException;
import java.net.URL;
import java.security.CodeSource;
import java.util.ArrayList;
@@ -44,8 +42,6 @@ import org.apache.hadoop.hive.ql.hooks.Hook;
import org.apache.hadoop.hive.ql.hooks.ReadEntity;
import org.apache.hadoop.hive.ql.hooks.WriteEntity;
import org.apache.hadoop.hive.ql.metadata.AuthorizationException;
-import org.apache.hadoop.hive.ql.metadata.Hive;
-import org.apache.hadoop.hive.ql.metadata.HiveException;
import org.apache.hadoop.hive.ql.parse.ASTNode;
import org.apache.hadoop.hive.ql.parse.AbstractSemanticAnalyzerHook;
import org.apache.hadoop.hive.ql.parse.BaseSemanticAnalyzer;
@@ -60,14 +56,13 @@ import org.apache.sentry.binding.hive.authz.HiveAuthzPrivileges.HiveOperationSco
import org.apache.sentry.binding.hive.authz.HiveAuthzPrivileges.HiveOperationType;
import org.apache.sentry.binding.hive.authz.HiveAuthzPrivilegesMap;
import org.apache.sentry.binding.hive.conf.HiveAuthzConf;
-import org.apache.sentry.core.common.Action;
import org.apache.sentry.core.common.Subject;
import org.apache.sentry.core.common.utils.PathUtils;
import org.apache.sentry.core.model.db.AccessURI;
-import org.apache.sentry.core.model.db.Database;
import org.apache.sentry.core.model.db.DBModelAction;
import org.apache.sentry.core.model.db.DBModelAuthorizable;
import org.apache.sentry.core.model.db.DBModelAuthorizable.AuthorizableType;
+import org.apache.sentry.core.model.db.Database;
import org.apache.sentry.core.model.db.Table;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
@@ -284,7 +279,7 @@ implements HiveDriverFilterHook {
} catch (AuthorizationException e) {
executeOnFailureHooks(context, stmtOperation, e);
String permsRequired = "";
- for (String perm : hiveAuthzBinding.getLastQueryPermissionErrors()) {
+ for (String perm : hiveAuthzBinding.getLastQueryPrivilegeErrors()) {
permsRequired += perm + ";";
}
context.getConf().set(HiveAuthzConf.HIVE_SENTRY_AUTH_ERRORS, permsRequired);
@@ -530,11 +525,13 @@ implements HiveDriverFilterHook {
conf.getVar(HiveConf.ConfVars.SCRATCHDIR)));
URI requestURI = new URI(PathUtils.parseDFSURI(warehouseDir,
writeEntity.getLocation().getPath()));
+ LOG.debug("scratchURI = " + scratchURI + ", requestURI = " + requestURI);
if (PathUtils.impliesURI(scratchURI, requestURI)) {
return true;
}
URI localScratchURI = new URI(PathUtils.parseLocalURI(conf.getVar(HiveConf.ConfVars.LOCALSCRATCHDIR)));
URI localRequestURI = new URI(PathUtils.parseLocalURI(writeEntity.getLocation().getPath()));
+ LOG.debug("localScratchURI = " + localScratchURI + ", localRequestURI = " + localRequestURI);
if (PathUtils.impliesURI(localScratchURI, localRequestURI)) {
return true;
}
@@ -711,22 +708,15 @@ implements HiveDriverFilterHook {
throws Exception {
List<T> hooks = new ArrayList<T>();
- String csHooks = authzConf.get(hookConfVar.getVar(), "");
- if (csHooks == null) {
+ String csHooks = authzConf.get(hookConfVar.getVar(), "").trim();
+ if (csHooks.isEmpty()) {
return hooks;
}
-
- csHooks = csHooks.trim();
- if (csHooks.equals("")) {
- return hooks;
- }
-
- String[] hookClasses = csHooks.split(",");
-
- for (String hookClass : hookClasses) {
+ for (String hookClass : Splitter.on(",").omitEmptyStrings().trimResults().split(csHooks)) {
try {
+ @SuppressWarnings("unchecked")
T hook =
- (T) Class.forName(hookClass.trim(), true, JavaUtils.getClassLoader()).newInstance();
+ (T) Class.forName(hookClass, true, JavaUtils.getClassLoader()).newInstance();
hooks.add(hook);
} catch (ClassNotFoundException e) {
LOG.error(hookConfVar.getVar() + " Class not found:" + e.getMessage());
http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/644e8be3/sentry-binding/sentry-binding-hive/src/main/java/org/apache/sentry/binding/hive/HiveAuthzBindingPreExecHook.java
----------------------------------------------------------------------
diff --git a/sentry-binding/sentry-binding-hive/src/main/java/org/apache/sentry/binding/hive/HiveAuthzBindingPreExecHook.java b/sentry-binding/sentry-binding-hive/src/main/java/org/apache/sentry/binding/hive/HiveAuthzBindingPreExecHook.java
index f120c77..bed7917 100644
--- a/sentry-binding/sentry-binding-hive/src/main/java/org/apache/sentry/binding/hive/HiveAuthzBindingPreExecHook.java
+++ b/sentry-binding/sentry-binding-hive/src/main/java/org/apache/sentry/binding/hive/HiveAuthzBindingPreExecHook.java
@@ -24,8 +24,8 @@ import org.apache.hadoop.hive.ql.hooks.ExecuteWithHookContext;
import org.apache.hadoop.hive.ql.hooks.HookContext;
import org.apache.hadoop.hive.ql.plan.HiveOperation;
import org.apache.sentry.binding.hive.authz.HiveAuthzBinding;
-import org.apache.sentry.binding.hive.authz.HiveAuthzPrivilegesMap;
import org.apache.sentry.binding.hive.authz.HiveAuthzPrivileges.HiveExtendedOperation;
+import org.apache.sentry.binding.hive.authz.HiveAuthzPrivilegesMap;
import org.apache.sentry.core.common.Subject;
import org.apache.sentry.core.model.db.DBModelAuthorizable;
import org.slf4j.Logger;
http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/644e8be3/sentry-binding/sentry-binding-hive/src/main/java/org/apache/sentry/binding/hive/SentryOnFailureHookContext.java
----------------------------------------------------------------------
diff --git a/sentry-binding/sentry-binding-hive/src/main/java/org/apache/sentry/binding/hive/SentryOnFailureHookContext.java b/sentry-binding/sentry-binding-hive/src/main/java/org/apache/sentry/binding/hive/SentryOnFailureHookContext.java
index 2beacd0..a380651 100644
--- a/sentry-binding/sentry-binding-hive/src/main/java/org/apache/sentry/binding/hive/SentryOnFailureHookContext.java
+++ b/sentry-binding/sentry-binding-hive/src/main/java/org/apache/sentry/binding/hive/SentryOnFailureHookContext.java
@@ -18,19 +18,16 @@
package org.apache.sentry.binding.hive;
+import java.util.Set;
+
import org.apache.hadoop.conf.Configuration;
+import org.apache.hadoop.hive.ql.hooks.ReadEntity;
+import org.apache.hadoop.hive.ql.hooks.WriteEntity;
+import org.apache.hadoop.hive.ql.metadata.AuthorizationException;
import org.apache.hadoop.hive.ql.plan.HiveOperation;
import org.apache.sentry.core.model.db.AccessURI;
import org.apache.sentry.core.model.db.Database;
import org.apache.sentry.core.model.db.Table;
-import org.apache.hadoop.hive.ql.exec.Task;
-import org.apache.hadoop.hive.ql.hooks.ReadEntity;
-import org.apache.hadoop.hive.ql.hooks.WriteEntity;
-import org.apache.hadoop.hive.ql.metadata.AuthorizationException;
-
-import java.io.Serializable;
-import java.util.List;
-import java.util.Set;
/**
* Context information provided by Access to implementations
http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/644e8be3/sentry-binding/sentry-binding-hive/src/main/java/org/apache/sentry/binding/hive/SentryOnFailureHookContextImpl.java
----------------------------------------------------------------------
diff --git a/sentry-binding/sentry-binding-hive/src/main/java/org/apache/sentry/binding/hive/SentryOnFailureHookContextImpl.java b/sentry-binding/sentry-binding-hive/src/main/java/org/apache/sentry/binding/hive/SentryOnFailureHookContextImpl.java
index d8ffe23..f97d7f3 100644
--- a/sentry-binding/sentry-binding-hive/src/main/java/org/apache/sentry/binding/hive/SentryOnFailureHookContextImpl.java
+++ b/sentry-binding/sentry-binding-hive/src/main/java/org/apache/sentry/binding/hive/SentryOnFailureHookContextImpl.java
@@ -18,19 +18,16 @@
package org.apache.sentry.binding.hive;
+import java.util.Set;
+
import org.apache.hadoop.conf.Configuration;
+import org.apache.hadoop.hive.ql.hooks.ReadEntity;
+import org.apache.hadoop.hive.ql.hooks.WriteEntity;
+import org.apache.hadoop.hive.ql.metadata.AuthorizationException;
import org.apache.hadoop.hive.ql.plan.HiveOperation;
import org.apache.sentry.core.model.db.AccessURI;
import org.apache.sentry.core.model.db.Database;
import org.apache.sentry.core.model.db.Table;
-import org.apache.hadoop.hive.ql.exec.Task;
-import org.apache.hadoop.hive.ql.hooks.ReadEntity;
-import org.apache.hadoop.hive.ql.hooks.WriteEntity;
-import org.apache.hadoop.hive.ql.metadata.AuthorizationException;
-
-import java.io.Serializable;
-import java.util.List;
-import java.util.Set;
public class SentryOnFailureHookContextImpl implements SentryOnFailureHookContext {
http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/644e8be3/sentry-binding/sentry-binding-hive/src/main/java/org/apache/sentry/binding/hive/authz/HiveAuthzBinding.java
----------------------------------------------------------------------
diff --git a/sentry-binding/sentry-binding-hive/src/main/java/org/apache/sentry/binding/hive/authz/HiveAuthzBinding.java b/sentry-binding/sentry-binding-hive/src/main/java/org/apache/sentry/binding/hive/authz/HiveAuthzBinding.java
index f6a1ecc..65854c3 100644
--- a/sentry-binding/sentry-binding-hive/src/main/java/org/apache/sentry/binding/hive/authz/HiveAuthzBinding.java
+++ b/sentry-binding/sentry-binding-hive/src/main/java/org/apache/sentry/binding/hive/authz/HiveAuthzBinding.java
@@ -32,7 +32,8 @@ import org.apache.hadoop.hive.ql.plan.HiveOperation;
import org.apache.hadoop.hive.ql.session.SessionState;
import org.apache.sentry.binding.hive.conf.HiveAuthzConf;
import org.apache.sentry.binding.hive.conf.HiveAuthzConf.AuthzConfVars;
-import org.apache.sentry.core.common.Action;
+import org.apache.sentry.binding.hive.conf.InvalidConfigurationException;
+import org.apache.sentry.core.common.ActiveRoleSet;
import org.apache.sentry.core.common.Subject;
import org.apache.sentry.core.model.db.DBModelAction;
import org.apache.sentry.core.model.db.DBModelAuthorizable;
@@ -44,7 +45,6 @@ import org.apache.sentry.provider.common.NoAuthorizationProvider;
import org.apache.sentry.provider.common.ProviderBackend;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
-import org.apache.sentry.binding.hive.conf.InvalidConfigurationException;
import com.google.common.base.Strings;
@@ -56,12 +56,10 @@ public class HiveAuthzBinding {
private static final AtomicInteger queryID = new AtomicInteger();
public static final String HIVE_BINDING_TAG = "hive.authz.bindings.tag";
- private final HiveAuthzConf authzConf;
private final Server authServer;
private final AuthorizationProvider authProvider;
public HiveAuthzBinding (HiveConf hiveConf, HiveAuthzConf authzConf) throws Exception {
- this.authzConf = authzConf;
this.authServer = new Server(authzConf.get(AuthzConfVars.AUTHZ_SERVER_NAME.getVar()));
this.authProvider = getAuthProvider(hiveConf, authzConf, authServer.getName());
}
@@ -130,27 +128,25 @@ public class HiveAuthzBinding {
String authProviderName = authzConf.get(AuthzConfVars.AUTHZ_PROVIDER.getVar());
String resourceName =
authzConf.get(AuthzConfVars.AUTHZ_PROVIDER_RESOURCE.getVar());
- String providerBackendName =
- authzConf.get(AuthzConfVars.AUTHZ_PROVIDER_BACKEND.getVar());
- String policyEngineName =
- authzConf.get(AuthzConfVars.AUTHZ_POLICY_ENGINE.getVar());
+ String providerBackendName = authzConf.get(AuthzConfVars.AUTHZ_PROVIDER_BACKEND.getVar());
+ String policyEngineName = authzConf.get(AuthzConfVars.AUTHZ_POLICY_ENGINE.getVar());
LOG.debug("Using authorization provider " + authProviderName +
- " with resource " + resourceName + ", policy engine "
- + policyEngineName + ", provider backend " + providerBackendName);
- // load the provider backend class
- Constructor<?> providerBackendConstructor =
- Class.forName(providerBackendName).getDeclaredConstructor(String.class);
- providerBackendConstructor.setAccessible(true);
- ProviderBackend providerBackend =
- (ProviderBackend) providerBackendConstructor.newInstance(new Object[] {resourceName});
+ " with resource " + resourceName + ", policy engine "
+ + policyEngineName + ", provider backend " + providerBackendName);
+ // load the provider backend class
+ Constructor<?> providerBackendConstructor =
+ Class.forName(providerBackendName).getDeclaredConstructor(String.class);
+ providerBackendConstructor.setAccessible(true);
+ ProviderBackend providerBackend = (ProviderBackend) providerBackendConstructor.
+ newInstance(new Object[] {resourceName});
// load the policy engine class
Constructor<?> policyConstructor =
Class.forName(policyEngineName).getDeclaredConstructor(String.class, ProviderBackend.class);
policyConstructor.setAccessible(true);
- PolicyEngine policyEngine =
- (PolicyEngine) policyConstructor.newInstance(new Object[] {serverName, providerBackend});
+ PolicyEngine policyEngine = (PolicyEngine) policyConstructor.
+ newInstance(new Object[] {serverName, providerBackend});
// load the authz provider class
@@ -200,7 +196,7 @@ public class HiveAuthzBinding {
if (requiredInputPrivileges.containsKey(getAuthzType(inputHierarchy))) {
EnumSet<DBModelAction> inputPrivSet =
requiredInputPrivileges.get(getAuthzType(inputHierarchy));
- if (!authProvider.hasAccess(subject, inputHierarchy, inputPrivSet)) {
+ if (!authProvider.hasAccess(subject, inputHierarchy, inputPrivSet, ActiveRoleSet.ALL)) {
throw new AuthorizationException("User " + subject.getName() +
" does not have privileges for " + hiveOp.name());
}
@@ -218,7 +214,7 @@ public class HiveAuthzBinding {
if (requiredOutputPrivileges.containsKey(getAuthzType(outputHierarchy))) {
EnumSet<DBModelAction> outputPrivSet =
requiredOutputPrivileges.get(getAuthzType(outputHierarchy));
- if (!authProvider.hasAccess(subject, outputHierarchy, outputPrivSet)) {
+ if (!authProvider.hasAccess(subject, outputHierarchy, outputPrivSet, ActiveRoleSet.ALL)) {
throw new AuthorizationException("User " + subject.getName() +
" does not have priviliedges for " + hiveOp.name());
}
@@ -234,7 +230,7 @@ public class HiveAuthzBinding {
return hierarchy.get(hierarchy.size() -1).getAuthzType();
}
- public List<String> getLastQueryPermissionErrors() {
- return authProvider.getLastFailedPermissions();
+ public List<String> getLastQueryPrivilegeErrors() {
+ return authProvider.getLastFailedPrivileges();
}
}
http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/644e8be3/sentry-binding/sentry-binding-hive/src/main/java/org/apache/sentry/binding/hive/authz/HiveAuthzPrivilegesMap.java
----------------------------------------------------------------------
diff --git a/sentry-binding/sentry-binding-hive/src/main/java/org/apache/sentry/binding/hive/authz/HiveAuthzPrivilegesMap.java b/sentry-binding/sentry-binding-hive/src/main/java/org/apache/sentry/binding/hive/authz/HiveAuthzPrivilegesMap.java
index b20ec34..7d241d0 100644
--- a/sentry-binding/sentry-binding-hive/src/main/java/org/apache/sentry/binding/hive/authz/HiveAuthzPrivilegesMap.java
+++ b/sentry-binding/sentry-binding-hive/src/main/java/org/apache/sentry/binding/hive/authz/HiveAuthzPrivilegesMap.java
@@ -24,7 +24,6 @@ import org.apache.hadoop.hive.ql.plan.HiveOperation;
import org.apache.sentry.binding.hive.authz.HiveAuthzPrivileges.HiveExtendedOperation;
import org.apache.sentry.binding.hive.authz.HiveAuthzPrivileges.HiveOperationScope;
import org.apache.sentry.binding.hive.authz.HiveAuthzPrivileges.HiveOperationType;
-import org.apache.sentry.core.common.Action;
import org.apache.sentry.core.model.db.DBModelAction;
import org.apache.sentry.core.model.db.DBModelAuthorizable.AuthorizableType;
http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/644e8be3/sentry-binding/sentry-binding-hive/src/main/java/org/apache/sentry/binding/hive/authz/SentryConfigTool.java
----------------------------------------------------------------------
diff --git a/sentry-binding/sentry-binding-hive/src/main/java/org/apache/sentry/binding/hive/authz/SentryConfigTool.java b/sentry-binding/sentry-binding-hive/src/main/java/org/apache/sentry/binding/hive/authz/SentryConfigTool.java
index d7a518d..bc739ad 100644
--- a/sentry-binding/sentry-binding-hive/src/main/java/org/apache/sentry/binding/hive/authz/SentryConfigTool.java
+++ b/sentry-binding/sentry-binding-hive/src/main/java/org/apache/sentry/binding/hive/authz/SentryConfigTool.java
@@ -25,7 +25,6 @@ import java.sql.SQLException;
import java.sql.Statement;
import java.util.Set;
-import org.apache.sentry.binding.hive.HiveAuthzBindingSessionHook;
import org.apache.commons.cli.CommandLine;
import org.apache.commons.cli.GnuParser;
import org.apache.commons.cli.HelpFormatter;
@@ -42,13 +41,15 @@ import org.apache.hadoop.hive.ql.processors.CommandProcessorResponse;
import org.apache.hadoop.hive.ql.session.SessionState;
import org.apache.log4j.Level;
import org.apache.log4j.LogManager;
+import org.apache.sentry.Command;
import org.apache.sentry.binding.hive.HiveAuthzBindingHook;
+import org.apache.sentry.binding.hive.HiveAuthzBindingSessionHook;
import org.apache.sentry.binding.hive.conf.HiveAuthzConf;
import org.apache.sentry.binding.hive.conf.HiveAuthzConf.AuthzConfVars;
-import org.apache.sentry.provider.common.AuthorizationProvider;
import org.apache.sentry.core.common.SentryConfigurationException;
-import org.apache.sentry.core.model.db.Server;
import org.apache.sentry.core.common.Subject;
+import org.apache.sentry.core.model.db.Server;
+import org.apache.sentry.provider.common.AuthorizationProvider;
public class SentryConfigTool {
private String sentrySiteFile = null;
@@ -57,7 +58,7 @@ public class SentryConfigTool {
private String jdbcURL = null;
private String user = null;
private String passWord = null;
- private boolean listPerms = false;
+ private boolean listPrivs = false;
private boolean validate = false;
private HiveConf hiveConf = null;
private HiveAuthzConf authzConf = null;
@@ -147,12 +148,12 @@ public class SentryConfigTool {
this.passWord = passWord;
}
- public boolean isListPerms() {
- return listPerms;
+ public boolean isListPrivs() {
+ return listPrivs;
}
- public void setListPerms(boolean listPerms) {
- this.listPerms = listPerms;
+ public void setListPrivs(boolean listPrivs) {
+ this.listPrivs = listPrivs;
}
/**
@@ -229,10 +230,10 @@ public class SentryConfigTool {
}
// list permissions for given user
- public void listPerms() throws Exception {
+ public void listPrivs() throws Exception {
getSentryProvider().validateResource(true);
System.out.println("Available privileges for user " + getUser() + ":");
- Set<String> permList = getSentryProvider().listPermissionsForSubject(
+ Set<String> permList = getSentryProvider().listPrivilegesForSubject(
new Subject(getUser()));
for (String perms : permList) {
System.out.println("\t" + perms);
@@ -359,17 +360,18 @@ public class SentryConfigTool {
/**
* parse arguments
- *
- * -d,--debug enable debug output
- * -e,--query <arg> Query privilege verification, requires -u
- * -h,--help Print usage
- * -i,--policyIni <arg> Policy file path
- * -j,--jdbcURL <arg> JDBC URL
- * -l,--listPerms list permissions for given user, requires -u
- * -p,--password <arg> Password
- * -s,--sentry-site <arg> sentry-site file path
- * -u,--user <arg> user name
- * -v,--validate Validate policy file
+ * <pre>
+ * -d,--debug Enable debug output
+ * -e,--query <arg> Query privilege verification, requires -u
+ * -h,--help Print usage
+ * -i,--policyIni <arg> Policy file path
+ * -j,--jdbcURL <arg> JDBC URL
+ * -l,--listPrivs,--listPerms List privilges for given user, requires -u
+ * -p,--password <arg> Password
+ * -s,--sentry-site <arg> sentry-site file path
+ * -u,--user <arg> user name
+ * -v,--validate Validate policy file
+ * </pre>
* @param args
*/
private void parseArgs(String[] args) {
@@ -391,6 +393,9 @@ public class SentryConfigTool {
Option listPermsOpt = new Option("l", "listPerms", false,
"list permissions for given user, requires -u");
listPermsOpt.setRequired(false);
+ Option listPrivsOpt = new Option("listPrivs", false,
+ "list privileges for given user, requires -u");
+ listPrivsOpt.setRequired(false);
// required args
OptionGroup sentryOptGroup = new OptionGroup();
@@ -398,6 +403,7 @@ public class SentryConfigTool {
sentryOptGroup.addOption(validateOpt);
sentryOptGroup.addOption(queryOpt);
sentryOptGroup.addOption(listPermsOpt);
+ sentryOptGroup.addOption(listPrivsOpt);
sentryOptGroup.setRequired(true);
sentryOptions.addOptionGroup(sentryOptGroup);
@@ -445,8 +451,8 @@ public class SentryConfigTool {
setUser(opt.getValue());
} else if (opt.getOpt().equals("p")) {
setPassWord(opt.getValue());
- } else if (opt.getOpt().equals("l")) {
- setListPerms(true);
+ } else if (opt.getOpt().equals("l") || opt.getOpt().equals("listPrivs")) {
+ setListPrivs(true);
} else if (opt.getOpt().equals("v")) {
setValidate(true);
} else if (opt.getOpt().equals("h")) {
@@ -456,7 +462,7 @@ public class SentryConfigTool {
}
}
- if (isListPerms() && (getUser() == null)) {
+ if (isListPrivs() && (getUser() == null)) {
throw new ParseException("Can't use -l without -u ");
}
if ((getQuery() != null) && (getUser() == null)) {
@@ -473,38 +479,41 @@ public class SentryConfigTool {
}
}
- public static void main(String args[]) throws Exception {
- SentryConfigTool sentryTool = new SentryConfigTool();
+ public static class CommandImpl implements Command {
+ @Override
+ public void run(String[] args) throws Exception {
+ SentryConfigTool sentryTool = new SentryConfigTool();
- try {
- // parse arguments
- sentryTool.parseArgs(args);
+ try {
+ // parse arguments
+ sentryTool.parseArgs(args);
- // load configuration
- sentryTool.setupConfig();
+ // load configuration
+ sentryTool.setupConfig();
- // validate configuration
- if (sentryTool.isValidate()) {
- sentryTool.validatePolicy();
- }
+ // validate configuration
+ if (sentryTool.isValidate()) {
+ sentryTool.validatePolicy();
+ }
- // list permissions for give user
- if (sentryTool.isListPerms()) {
- sentryTool.listPerms();
- }
+ // list permissions for give user
+ if (sentryTool.isListPrivs()) {
+ sentryTool.listPrivs();
+ }
- // verify given query
- if (sentryTool.getQuery() != null) {
- if (sentryTool.getJdbcURL() != null) {
- sentryTool.verifyRemoteQuery(sentryTool.getQuery());
- } else {
- sentryTool.verifyLocalQuery(sentryTool.getQuery());
+ // verify given query
+ if (sentryTool.getQuery() != null) {
+ if (sentryTool.getJdbcURL() != null) {
+ sentryTool.verifyRemoteQuery(sentryTool.getQuery());
+ } else {
+ sentryTool.verifyLocalQuery(sentryTool.getQuery());
+ }
}
+ } catch (Exception e) {
+ System.out.println("Sentry tool reported Errors: " + e.getMessage());
+ e.printStackTrace(System.out);
+ System.exit(1);
}
- } catch (Exception e) {
- System.out.println("Sentry tool reported Errors: " + e.getMessage());
- System.exit(1);
}
-
}
}
http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/644e8be3/sentry-binding/sentry-binding-hive/src/test/java/org/apache/sentry/binding/hive/MockUserToGroupMapping.java
----------------------------------------------------------------------
diff --git a/sentry-binding/sentry-binding-hive/src/test/java/org/apache/sentry/binding/hive/MockUserToGroupMapping.java b/sentry-binding/sentry-binding-hive/src/test/java/org/apache/sentry/binding/hive/MockUserToGroupMapping.java
index 83432ca..c095603 100644
--- a/sentry-binding/sentry-binding-hive/src/test/java/org/apache/sentry/binding/hive/MockUserToGroupMapping.java
+++ b/sentry-binding/sentry-binding-hive/src/test/java/org/apache/sentry/binding/hive/MockUserToGroupMapping.java
@@ -17,18 +17,18 @@
package org.apache.sentry.binding.hive;
-import java.util.List;
+import java.util.Set;
import org.apache.sentry.provider.common.GroupMappingService;
-import com.google.common.collect.Lists;
+import com.google.common.collect.Sets;
public class MockUserToGroupMapping implements GroupMappingService {
// User to group 1-to-1 map
@Override
- public List<String> getGroups(String user) {
- return Lists.newArrayList(user);
+ public Set<String> getGroups(String user) {
+ return Sets.newHashSet(user);
}
}
http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/644e8be3/sentry-binding/sentry-binding-hive/src/test/java/org/apache/sentry/binding/hive/TestHiveAuthzConf.java
----------------------------------------------------------------------
diff --git a/sentry-binding/sentry-binding-hive/src/test/java/org/apache/sentry/binding/hive/TestHiveAuthzConf.java b/sentry-binding/sentry-binding-hive/src/test/java/org/apache/sentry/binding/hive/TestHiveAuthzConf.java
index ea2c7ea..1942e03 100644
--- a/sentry-binding/sentry-binding-hive/src/test/java/org/apache/sentry/binding/hive/TestHiveAuthzConf.java
+++ b/sentry-binding/sentry-binding-hive/src/test/java/org/apache/sentry/binding/hive/TestHiveAuthzConf.java
@@ -18,6 +18,7 @@ package org.apache.sentry.binding.hive;
import java.util.Arrays;
import java.util.List;
+
import org.apache.sentry.binding.hive.conf.HiveAuthzConf;
import org.apache.sentry.binding.hive.conf.HiveAuthzConf.AuthzConfVars;
import org.junit.Assert;
http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/644e8be3/sentry-binding/sentry-binding-hive/src/test/java/org/apache/sentry/binding/hive/TestURI.java
----------------------------------------------------------------------
diff --git a/sentry-binding/sentry-binding-hive/src/test/java/org/apache/sentry/binding/hive/TestURI.java b/sentry-binding/sentry-binding-hive/src/test/java/org/apache/sentry/binding/hive/TestURI.java
index 1853559..e99d37f 100644
--- a/sentry-binding/sentry-binding-hive/src/test/java/org/apache/sentry/binding/hive/TestURI.java
+++ b/sentry-binding/sentry-binding-hive/src/test/java/org/apache/sentry/binding/hive/TestURI.java
@@ -20,7 +20,6 @@ import org.apache.hadoop.hive.conf.HiveConf;
import org.apache.hadoop.hive.conf.HiveConf.ConfVars;
import org.apache.hadoop.hive.ql.parse.SemanticException;
import org.apache.hadoop.hive.ql.session.SessionState;
-import org.apache.sentry.binding.hive.HiveAuthzBindingHook;
import org.junit.Assert;
import org.junit.BeforeClass;
import org.junit.Test;
http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/644e8be3/sentry-binding/sentry-binding-solr/src/main/java/org/apache/sentry/binding/solr/authz/SentrySolrAuthorizationException.java
----------------------------------------------------------------------
diff --git a/sentry-binding/sentry-binding-solr/src/main/java/org/apache/sentry/binding/solr/authz/SentrySolrAuthorizationException.java b/sentry-binding/sentry-binding-solr/src/main/java/org/apache/sentry/binding/solr/authz/SentrySolrAuthorizationException.java
index 134eaeb..938dbfd 100644
--- a/sentry-binding/sentry-binding-solr/src/main/java/org/apache/sentry/binding/solr/authz/SentrySolrAuthorizationException.java
+++ b/sentry-binding/sentry-binding-solr/src/main/java/org/apache/sentry/binding/solr/authz/SentrySolrAuthorizationException.java
@@ -17,6 +17,8 @@
package org.apache.sentry.binding.solr.authz;
public class SentrySolrAuthorizationException extends Exception {
+ private static final long serialVersionUID = -263787088321897523L;
+
public SentrySolrAuthorizationException(String message) {
super(message);
}
http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/644e8be3/sentry-binding/sentry-binding-solr/src/main/java/org/apache/sentry/binding/solr/authz/SolrAuthzBinding.java
----------------------------------------------------------------------
diff --git a/sentry-binding/sentry-binding-solr/src/main/java/org/apache/sentry/binding/solr/authz/SolrAuthzBinding.java b/sentry-binding/sentry-binding-solr/src/main/java/org/apache/sentry/binding/solr/authz/SolrAuthzBinding.java
index c6ce53e..9a6e623 100644
--- a/sentry-binding/sentry-binding-solr/src/main/java/org/apache/sentry/binding/solr/authz/SolrAuthzBinding.java
+++ b/sentry-binding/sentry-binding-solr/src/main/java/org/apache/sentry/binding/solr/authz/SolrAuthzBinding.java
@@ -20,22 +20,21 @@ import java.io.File;
import java.io.IOException;
import java.lang.reflect.Constructor;
import java.util.Arrays;
-import java.util.List;
import java.util.Set;
import org.apache.hadoop.conf.Configuration;
import org.apache.hadoop.fs.Path;
import org.apache.hadoop.security.UserGroupInformation;
+import org.apache.sentry.binding.solr.conf.SolrAuthzConf;
+import org.apache.sentry.binding.solr.conf.SolrAuthzConf.AuthzConfVars;
+import org.apache.sentry.core.common.ActiveRoleSet;
import org.apache.sentry.core.common.Subject;
import org.apache.sentry.core.model.search.Collection;
import org.apache.sentry.core.model.search.SearchModelAction;
-import org.apache.sentry.binding.solr.conf.SolrAuthzConf;
-import org.apache.sentry.binding.solr.conf.SolrAuthzConf.AuthzConfVars;
import org.apache.sentry.policy.common.PolicyEngine;
import org.apache.sentry.provider.common.AuthorizationProvider;
import org.apache.sentry.provider.common.GroupMappingService;
import org.apache.sentry.provider.common.ProviderBackend;
-
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
@@ -120,7 +119,8 @@ public class SolrAuthzBinding {
LOG.debug("Actions: " + actions);
}
- if (!authProvider.hasAccess(subject, Arrays.asList(new Collection[] {collection}), actions)) {
+ if (!authProvider.hasAccess(subject, Arrays.asList(new Collection[] {collection}), actions,
+ ActiveRoleSet.ALL)) {
throw new SentrySolrAuthorizationException("User " + subject.getName() +
" does not have privileges for " + collection.getName());
}
@@ -131,7 +131,7 @@ public class SolrAuthzBinding {
* @param user
* @return list of groups the user belongs to
*/
- public List<String> getGroups(String user) {
+ public Set<String> getGroups(String user) {
return groupMapping.getGroups(user);
}
http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/644e8be3/sentry-binding/sentry-binding-solr/src/main/java/org/apache/sentry/binding/solr/conf/SolrAuthzConf.java
----------------------------------------------------------------------
diff --git a/sentry-binding/sentry-binding-solr/src/main/java/org/apache/sentry/binding/solr/conf/SolrAuthzConf.java b/sentry-binding/sentry-binding-solr/src/main/java/org/apache/sentry/binding/solr/conf/SolrAuthzConf.java
index c9ee8ba..70983c4 100644
--- a/sentry-binding/sentry-binding-solr/src/main/java/org/apache/sentry/binding/solr/conf/SolrAuthzConf.java
+++ b/sentry-binding/sentry-binding-solr/src/main/java/org/apache/sentry/binding/solr/conf/SolrAuthzConf.java
@@ -17,12 +17,8 @@
package org.apache.sentry.binding.solr.conf;
import java.net.URL;
-import java.util.HashMap;
-import java.util.Map;
-import java.util.Map.Entry;
import org.apache.hadoop.conf.Configuration;
-import org.mortbay.log.Log;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/644e8be3/sentry-binding/sentry-binding-solr/src/test/java/org/apache/sentry/binding/solr/TestSolrAuthzBinding.java
----------------------------------------------------------------------
diff --git a/sentry-binding/sentry-binding-solr/src/test/java/org/apache/sentry/binding/solr/TestSolrAuthzBinding.java b/sentry-binding/sentry-binding-solr/src/test/java/org/apache/sentry/binding/solr/TestSolrAuthzBinding.java
index b061eec..e2e3403 100644
--- a/sentry-binding/sentry-binding-solr/src/test/java/org/apache/sentry/binding/solr/TestSolrAuthzBinding.java
+++ b/sentry-binding/sentry-binding-solr/src/test/java/org/apache/sentry/binding/solr/TestSolrAuthzBinding.java
@@ -16,31 +16,32 @@
*/
package org.apache.sentry.binding.solr;
+import static junit.framework.Assert.assertEquals;
+import static junit.framework.Assert.assertTrue;
+
import java.io.File;
import java.io.FileNotFoundException;
-import java.util.ArrayList;
-import java.util.Arrays;
-import java.util.EnumSet;
-import java.util.List;
import java.lang.reflect.InvocationTargetException;
+import java.util.Collections;
+import java.util.EnumSet;
+import java.util.Set;
import junit.framework.Assert;
-import static junit.framework.Assert.assertEquals;
-import static junit.framework.Assert.assertTrue;
import org.apache.commons.io.FileUtils;
+import org.apache.sentry.binding.solr.authz.SentrySolrAuthorizationException;
+import org.apache.sentry.binding.solr.authz.SolrAuthzBinding;
+import org.apache.sentry.binding.solr.conf.SolrAuthzConf;
+import org.apache.sentry.binding.solr.conf.SolrAuthzConf.AuthzConfVars;
import org.apache.sentry.core.common.Subject;
import org.apache.sentry.core.model.search.Collection;
import org.apache.sentry.core.model.search.SearchModelAction;
import org.apache.sentry.provider.file.PolicyFiles;
-import org.apache.sentry.binding.solr.authz.SolrAuthzBinding;
-import org.apache.sentry.binding.solr.conf.SolrAuthzConf;
-import org.apache.sentry.binding.solr.conf.SolrAuthzConf.AuthzConfVars;
-import org.apache.sentry.binding.solr.authz.SentrySolrAuthorizationException;
import org.junit.After;
import org.junit.Before;
import org.junit.Test;
+import com.google.common.collect.Sets;
import com.google.common.io.Files;
import com.google.common.io.Resources;
@@ -59,11 +60,11 @@ public class TestSolrAuthzBinding {
private Subject sergeant1 = new Subject("sergeant1");
private Subject general1 = new Subject("general1");
- private EnumSet querySet = EnumSet.of(SearchModelAction.QUERY);
- private EnumSet updateSet = EnumSet.of(SearchModelAction.UPDATE);
- private EnumSet allSet = EnumSet.of(SearchModelAction.ALL);
- private EnumSet allOfSet = EnumSet.allOf(SearchModelAction.class);
- private EnumSet emptySet = EnumSet.noneOf(SearchModelAction.class);
+ private EnumSet<SearchModelAction> querySet = EnumSet.of(SearchModelAction.QUERY);
+ private EnumSet<SearchModelAction> updateSet = EnumSet.of(SearchModelAction.UPDATE);
+ private EnumSet<SearchModelAction> allSet = EnumSet.of(SearchModelAction.ALL);
+ private EnumSet<SearchModelAction> allOfSet = EnumSet.allOf(SearchModelAction.class);
+ private EnumSet<SearchModelAction> emptySet = EnumSet.noneOf(SearchModelAction.class);
@Before
public void setUp() throws Exception {
@@ -170,7 +171,7 @@ public class TestSolrAuthzBinding {
new SolrAuthzConf(Resources.getResource("sentry-site.xml"));
setUsableAuthzConf(solrAuthzConf);
SolrAuthzBinding binding = new SolrAuthzBinding(solrAuthzConf);
- List<String> emptyList = Arrays.asList();
+ Set<String> emptyList = Collections.emptySet();
// check non-existant users
assertEquals(binding.getGroups(null), emptyList);
@@ -183,9 +184,9 @@ public class TestSolrAuthzBinding {
assertEquals(binding.getGroups("othergeneralgroup"), emptyList);
// check valid group names
- assertEquals(binding.getGroups("corporal1"), Arrays.asList("corporal"));
- assertEquals(binding.getGroups("sergeant1"), Arrays.asList("sergeant"));
- assertEquals(binding.getGroups("general1"), Arrays.asList("general", "othergeneralgroup"));
+ assertEquals(binding.getGroups("corporal1"), Sets.newHashSet("corporal"));
+ assertEquals(binding.getGroups("sergeant1"), Sets.newHashSet("sergeant"));
+ assertEquals(binding.getGroups("general1"), Sets.newHashSet("general", "othergeneralgroup"));
}
/**
http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/644e8be3/sentry-core/sentry-core-common/pom.xml
----------------------------------------------------------------------
diff --git a/sentry-core/sentry-core-common/pom.xml b/sentry-core/sentry-core-common/pom.xml
index d50963e..84ab359 100644
--- a/sentry-core/sentry-core-common/pom.xml
+++ b/sentry-core/sentry-core-common/pom.xml
@@ -29,6 +29,10 @@ limitations under the License.
<dependencies>
<dependency>
+ <groupId>commons-cli</groupId>
+ <artifactId>commons-cli</artifactId>
+ </dependency>
+ <dependency>
<groupId>com.google.guava</groupId>
<artifactId>guava</artifactId>
</dependency>
http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/644e8be3/sentry-core/sentry-core-common/src/main/java/org/apache/sentry/Command.java
----------------------------------------------------------------------
diff --git a/sentry-core/sentry-core-common/src/main/java/org/apache/sentry/Command.java b/sentry-core/sentry-core-common/src/main/java/org/apache/sentry/Command.java
new file mode 100644
index 0000000..528f7d7
--- /dev/null
+++ b/sentry-core/sentry-core-common/src/main/java/org/apache/sentry/Command.java
@@ -0,0 +1,23 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.sentry;
+
+
+public interface Command {
+ public void run(String[] args) throws Exception;
+}
http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/644e8be3/sentry-core/sentry-core-common/src/main/java/org/apache/sentry/SentryMain.java
----------------------------------------------------------------------
diff --git a/sentry-core/sentry-core-common/src/main/java/org/apache/sentry/SentryMain.java b/sentry-core/sentry-core-common/src/main/java/org/apache/sentry/SentryMain.java
new file mode 100644
index 0000000..eb3482b
--- /dev/null
+++ b/sentry-core/sentry-core-common/src/main/java/org/apache/sentry/SentryMain.java
@@ -0,0 +1,73 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.sentry;
+
+import org.apache.commons.cli.CommandLine;
+import org.apache.commons.cli.CommandLineParser;
+import org.apache.commons.cli.GnuParser;
+import org.apache.commons.cli.HelpFormatter;
+import org.apache.commons.cli.Options;
+
+import com.google.common.collect.ImmutableMap;
+
+public class SentryMain {
+ private static final String HELP_SHORT = "h";
+ private static final String HELP_LONG = "help";
+ private static final String COMMAND = "command";
+ private static final ImmutableMap<String, String> COMMANDS = ImmutableMap
+ .<String, String>builder()
+ .put("service", "org.apache.sentry.service.thrift.SentryService$CommandImpl")
+ .put("config-tool", "org.apache.sentry.binding.hive.authz.SentryConfigTool$CommandImpl")
+ .build();
+ public static void main(String[] args)
+ throws Exception {
+ CommandLineParser parser = new GnuParser();
+ Options options = new Options();
+ options.addOption(HELP_SHORT, HELP_LONG, false, "Print this help text");
+ options.addOption(null, COMMAND, true, "Command to run. Options: " + COMMANDS.keySet());
+ CommandLine commandLine = parser.parse(options, args);
+ String commandName = commandLine.getOptionValue(COMMAND);
+ if (commandName == null || commandLine.hasOption(HELP_SHORT) ||
+ commandLine.hasOption(HELP_LONG)) {
+ printHelp(options);
+ }
+ String commandClazz = COMMANDS.get(commandName);
+ if (commandClazz == null) {
+ String msg = "Unknown command '" + commandName + "', options are: " + COMMANDS.keySet();
+ throw new IllegalArgumentException(msg);
+ }
+ Object command;
+ try {
+ command = Class.forName(commandClazz.trim()).newInstance();
+ } catch (Exception e) {
+ String msg = "Could not create instance of " + commandClazz + " for command " + commandName;
+ throw new IllegalStateException(msg, e);
+ }
+ if (!(command instanceof Command)) {
+ String msg = "Command " + command.getClass().getName() + " is not an instance of "
+ + Command.class.getName();
+ throw new IllegalStateException(msg);
+ }
+ ((Command)command).run(commandLine.getArgs());
+ }
+ private static void printHelp(Options options) {
+ (new HelpFormatter()).printHelp("sentry --" + COMMAND + "=" + COMMANDS.keySet(),
+ options);
+ System.exit(1);
+ }
+}
http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/644e8be3/sentry-core/sentry-core-common/src/main/java/org/apache/sentry/SentryUserException.java
----------------------------------------------------------------------
diff --git a/sentry-core/sentry-core-common/src/main/java/org/apache/sentry/SentryUserException.java b/sentry-core/sentry-core-common/src/main/java/org/apache/sentry/SentryUserException.java
new file mode 100644
index 0000000..2b24703
--- /dev/null
+++ b/sentry-core/sentry-core-common/src/main/java/org/apache/sentry/SentryUserException.java
@@ -0,0 +1,28 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.sentry;
+
+public class SentryUserException extends Exception{
+ private static final long serialVersionUID = 2329620558380655835L;
+ public SentryUserException(String msg) {
+ super(msg);
+ }
+ public SentryUserException(String msg, Throwable t) {
+ super(msg, t);
+ }
+}
http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/644e8be3/sentry-core/sentry-core-common/src/main/java/org/apache/sentry/core/common/ActiveRoleSet.java
----------------------------------------------------------------------
diff --git a/sentry-core/sentry-core-common/src/main/java/org/apache/sentry/core/common/ActiveRoleSet.java b/sentry-core/sentry-core-common/src/main/java/org/apache/sentry/core/common/ActiveRoleSet.java
new file mode 100644
index 0000000..c1f1f66
--- /dev/null
+++ b/sentry-core/sentry-core-common/src/main/java/org/apache/sentry/core/common/ActiveRoleSet.java
@@ -0,0 +1,71 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.sentry.core.common;
+
+import java.util.HashSet;
+import java.util.Set;
+
+import com.google.common.collect.ImmutableSet;
+
+/**
+ * Some authorization schemes allow users to select a particular
+ * set of roles they want active at any give time. For example,
+ * SQL systems often all ALL, NONE, or a subset of roles.
+ */
+public class ActiveRoleSet {
+ public static final ActiveRoleSet ALL = new ActiveRoleSet(true);
+ private final boolean allRoles;
+ private final ImmutableSet<String> roles;
+
+ public ActiveRoleSet(boolean allRoles) {
+ this(allRoles, new HashSet<String>());
+ }
+
+ public ActiveRoleSet(Set<String> roles) {
+ this(false, ImmutableSet.copyOf(roles));
+ }
+
+ private ActiveRoleSet(boolean allRoles, Set<String> roles) {
+ this.allRoles = allRoles;
+ ImmutableSet.Builder<String> setBuilder = ImmutableSet.builder();
+ for (String role : roles) {
+ setBuilder.add(role.toLowerCase());
+ }
+ this.roles = setBuilder.build();
+ }
+
+ /**
+ * Returns true if this active role set contains role. This can be the result
+ * of either this role set implying all roles or containing role.
+ * @param role
+ * @return true if this active role set contains role
+ */
+ public boolean containsRole(String role) {
+ return allRoles || roles.contains(role.toLowerCase());
+ }
+
+ @Override
+ public String toString() {
+ StringBuilder builder = new StringBuilder("ActiveRoleSet = [ roles = ");
+ if (allRoles) {
+ builder.append("ALL");
+ } else {
+ builder.append(roles);
+ }
+ return builder.append(" ").toString();
+ }
+}
http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/644e8be3/sentry-core/sentry-core-common/src/main/java/org/apache/sentry/core/common/SentryConfigurationException.java
----------------------------------------------------------------------
diff --git a/sentry-core/sentry-core-common/src/main/java/org/apache/sentry/core/common/SentryConfigurationException.java b/sentry-core/sentry-core-common/src/main/java/org/apache/sentry/core/common/SentryConfigurationException.java
index 516b2da..10d66f5 100644
--- a/sentry-core/sentry-core-common/src/main/java/org/apache/sentry/core/common/SentryConfigurationException.java
+++ b/sentry-core/sentry-core-common/src/main/java/org/apache/sentry/core/common/SentryConfigurationException.java
@@ -22,6 +22,7 @@ import java.util.List;
import org.apache.shiro.config.ConfigurationException;
public class SentryConfigurationException extends ConfigurationException {
+ private static final long serialVersionUID = -116202866086371884L;
private List<String> configErrors = new ArrayList<String>();
private List<String> configWarnings = new ArrayList<String>();
http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/644e8be3/sentry-core/sentry-core-common/src/main/java/org/apache/sentry/core/common/utils/PathUtils.java
----------------------------------------------------------------------
diff --git a/sentry-core/sentry-core-common/src/main/java/org/apache/sentry/core/common/utils/PathUtils.java b/sentry-core/sentry-core-common/src/main/java/org/apache/sentry/core/common/utils/PathUtils.java
index 1659450..962179f 100644
--- a/sentry-core/sentry-core-common/src/main/java/org/apache/sentry/core/common/utils/PathUtils.java
+++ b/sentry-core/sentry-core-common/src/main/java/org/apache/sentry/core/common/utils/PathUtils.java
@@ -43,8 +43,8 @@ public class PathUtils {
// request path does not contain relative parts /a/../b &&
// request path starts with privilege path &&
// authorities (nullable) are equal
- String requestPath = ensureEndsWithSeparator(requestURI.getPath());
- String privilegePath = ensureEndsWithSeparator(privilegeURI.getPath());
+ String requestPath = ensureEndsWithSeparator(requestURI.getPath()).replace("//", "/");
+ String privilegePath = ensureEndsWithSeparator(privilegeURI.getPath()).replace("//", "/");
if (requestURI.getPath().equals(requestURI.normalize().getPath()) &&
requestPath.startsWith(privilegePath) &&
Strings.nullToEmpty(privilegeURI.getAuthority()).equals(Strings.nullToEmpty(requestURI.getAuthority()))) {
http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/644e8be3/sentry-core/sentry-core-common/src/test/java/org/apache/sentry/core/common/utils/TestPathUtils.java
----------------------------------------------------------------------
diff --git a/sentry-core/sentry-core-common/src/test/java/org/apache/sentry/core/common/utils/TestPathUtils.java b/sentry-core/sentry-core-common/src/test/java/org/apache/sentry/core/common/utils/TestPathUtils.java
index 28818ba..d30305b 100644
--- a/sentry-core/sentry-core-common/src/test/java/org/apache/sentry/core/common/utils/TestPathUtils.java
+++ b/sentry-core/sentry-core-common/src/test/java/org/apache/sentry/core/common/utils/TestPathUtils.java
@@ -21,6 +21,7 @@ import static junit.framework.Assert.assertFalse;
import static junit.framework.Assert.assertTrue;
import java.net.URI;
+
import org.junit.Test;
public class TestPathUtils {
http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/644e8be3/sentry-core/sentry-core-model-search/src/test/java/org/apache/sentry/core/search/TestCollection.java
----------------------------------------------------------------------
diff --git a/sentry-core/sentry-core-model-search/src/test/java/org/apache/sentry/core/search/TestCollection.java b/sentry-core/sentry-core-model-search/src/test/java/org/apache/sentry/core/search/TestCollection.java
index bc00b62..1bf7069 100644
--- a/sentry-core/sentry-core-model-search/src/test/java/org/apache/sentry/core/search/TestCollection.java
+++ b/sentry-core/sentry-core-model-search/src/test/java/org/apache/sentry/core/search/TestCollection.java
@@ -16,9 +16,10 @@ package org.apache.sentry.core.search;
* limitations under the License.
*/
+import junit.framework.Assert;
+
import org.apache.sentry.core.model.search.Collection;
import org.junit.Test;
-import junit.framework.Assert;
public class TestCollection {
http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/644e8be3/sentry-dist/pom.xml
----------------------------------------------------------------------
diff --git a/sentry-dist/pom.xml b/sentry-dist/pom.xml
index e43bb7c..edac341 100644
--- a/sentry-dist/pom.xml
+++ b/sentry-dist/pom.xml
@@ -56,6 +56,10 @@ limitations under the License.
</dependency>
<dependency>
<groupId>org.apache.sentry</groupId>
+ <artifactId>sentry-provider-db</artifactId>
+ </dependency>
+ <dependency>
+ <groupId>org.apache.sentry</groupId>
<artifactId>sentry-policy-common</artifactId>
</dependency>
<dependency>
http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/644e8be3/sentry-dist/src/main/assembly/src.xml
----------------------------------------------------------------------
diff --git a/sentry-dist/src/main/assembly/src.xml b/sentry-dist/src/main/assembly/src.xml
index fefe182..a06e521 100644
--- a/sentry-dist/src/main/assembly/src.xml
+++ b/sentry-dist/src/main/assembly/src.xml
@@ -65,4 +65,3 @@
</fileSets>
</assembly>
-
http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/644e8be3/sentry-policy/sentry-policy-common/src/main/java/org/apache/sentry/policy/common/PermissionFactory.java
----------------------------------------------------------------------
diff --git a/sentry-policy/sentry-policy-common/src/main/java/org/apache/sentry/policy/common/PermissionFactory.java b/sentry-policy/sentry-policy-common/src/main/java/org/apache/sentry/policy/common/PermissionFactory.java
deleted file mode 100644
index 45fd7bd..0000000
--- a/sentry-policy/sentry-policy-common/src/main/java/org/apache/sentry/policy/common/PermissionFactory.java
+++ /dev/null
@@ -1,26 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one or more
- * contributor license agreements. See the NOTICE file distributed with
- * this work for additional information regarding copyright ownership.
- * The ASF licenses this file to You under the Apache License, Version 2.0
- * (the "License"); you may not use this file except in compliance with
- * the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package org.apache.sentry.policy.common;
-
-import org.apache.shiro.authz.Permission;
-
-/**
- * Factory for creating Shiro permissions
- */
-public interface PermissionFactory {
- Permission createPermission(String permission);
-}
http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/644e8be3/sentry-policy/sentry-policy-common/src/main/java/org/apache/sentry/policy/common/PolicyEngine.java
----------------------------------------------------------------------
diff --git a/sentry-policy/sentry-policy-common/src/main/java/org/apache/sentry/policy/common/PolicyEngine.java b/sentry-policy/sentry-policy-common/src/main/java/org/apache/sentry/policy/common/PolicyEngine.java
index c08d082..512e28e 100644
--- a/sentry-policy/sentry-policy-common/src/main/java/org/apache/sentry/policy/common/PolicyEngine.java
+++ b/sentry-policy/sentry-policy-common/src/main/java/org/apache/sentry/policy/common/PolicyEngine.java
@@ -17,41 +17,38 @@
package org.apache.sentry.policy.common;
-import java.util.List;
+import java.util.Set;
-import org.apache.sentry.core.common.Authorizable;
+import javax.annotation.concurrent.ThreadSafe;
+
+import org.apache.sentry.core.common.ActiveRoleSet;
import org.apache.sentry.core.common.SentryConfigurationException;
import com.google.common.collect.ImmutableSet;
-import com.google.common.collect.ImmutableSetMultimap;
-
+/**
+ * Implementations of this interface are expected to be thread safe
+ * after construction.
+ */
+@ThreadSafe
public interface PolicyEngine {
/**
- * The permission factory to use in order to compare permissions in {@link getPermission}.
- * This is typically a factory that returns a permission used to evaluate wildcards.
- * @return the permission factory
+ * The privilege factory to use in order to compare privileges in {@link getPermission}.
+ * This is typically a factory that returns a privilege used to evaluate wildcards.
+ * @return the privilege factory
*/
- public PermissionFactory getPermissionFactory();
+ public PrivilegeFactory getPrivilegeFactory();
/**
- * Get permissions associated with a group. Returns Strings which can be resolved
+ * Get privileges associated with a group. Returns Strings which can be resolved
* by the caller. Strings are returned to separate the PolicyFile class from the
- * type of permissions used in a policy file. Additionally it is possible further
- * processing of the permissions is needed before resolving to a permission object.
- * @param authorizeable object
+ * type of privileges used in a policy file. Additionally it is possible further
+ * processing of the privileges is needed before resolving to a privilege object.
* @param group name
- * @return non-null immutable set of permissions
+ * @return non-null immutable set of privileges
*/
- public ImmutableSetMultimap<String, String> getPermissions(
- List<? extends Authorizable> authorizables, List<String> groups)
+ public ImmutableSet<String> getPrivileges(Set<String> groups, ActiveRoleSet roleSet)
throws SentryConfigurationException;
- public ImmutableSet<String> listPermissions(String groupName)
- throws SentryConfigurationException;
-
- public ImmutableSet<String> listPermissions(List<String> groupName)
- throws SentryConfigurationException;
-
public void validatePolicy(boolean strictValidation) throws SentryConfigurationException;
}
http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/644e8be3/sentry-policy/sentry-policy-common/src/main/java/org/apache/sentry/policy/common/Privilege.java
----------------------------------------------------------------------
diff --git a/sentry-policy/sentry-policy-common/src/main/java/org/apache/sentry/policy/common/Privilege.java b/sentry-policy/sentry-policy-common/src/main/java/org/apache/sentry/policy/common/Privilege.java
new file mode 100644
index 0000000..c7e1734
--- /dev/null
+++ b/sentry-policy/sentry-policy-common/src/main/java/org/apache/sentry/policy/common/Privilege.java
@@ -0,0 +1,21 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.sentry.policy.common;
+
+public interface Privilege {
+ public boolean implies(Privilege p);
+}
http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/644e8be3/sentry-policy/sentry-policy-common/src/main/java/org/apache/sentry/policy/common/PrivilegeFactory.java
----------------------------------------------------------------------
diff --git a/sentry-policy/sentry-policy-common/src/main/java/org/apache/sentry/policy/common/PrivilegeFactory.java b/sentry-policy/sentry-policy-common/src/main/java/org/apache/sentry/policy/common/PrivilegeFactory.java
new file mode 100644
index 0000000..2f8296b
--- /dev/null
+++ b/sentry-policy/sentry-policy-common/src/main/java/org/apache/sentry/policy/common/PrivilegeFactory.java
@@ -0,0 +1,24 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.sentry.policy.common;
+
+/**
+ * Factory for creating Privilege
+ */
+public interface PrivilegeFactory {
+ Privilege createPrivilege(String permission);
+}
http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/644e8be3/sentry-policy/sentry-policy-common/src/main/java/org/apache/sentry/policy/common/PrivilegeUtils.java
----------------------------------------------------------------------
diff --git a/sentry-policy/sentry-policy-common/src/main/java/org/apache/sentry/policy/common/PrivilegeUtils.java b/sentry-policy/sentry-policy-common/src/main/java/org/apache/sentry/policy/common/PrivilegeUtils.java
new file mode 100644
index 0000000..7387ad0
--- /dev/null
+++ b/sentry-policy/sentry-policy-common/src/main/java/org/apache/sentry/policy/common/PrivilegeUtils.java
@@ -0,0 +1,27 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.sentry.policy.common;
+
+import java.util.Set;
+
+import org.apache.shiro.util.PermissionUtils;
+
+public class PrivilegeUtils {
+ public static Set<String> toPrivilegeStrings(String s) {
+ return PermissionUtils.toPermissionStrings(s);
+ }
+}
http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/644e8be3/sentry-policy/sentry-policy-common/src/main/java/org/apache/sentry/policy/common/PrivilegeValidator.java
----------------------------------------------------------------------
diff --git a/sentry-policy/sentry-policy-common/src/main/java/org/apache/sentry/policy/common/PrivilegeValidator.java b/sentry-policy/sentry-policy-common/src/main/java/org/apache/sentry/policy/common/PrivilegeValidator.java
new file mode 100644
index 0000000..5548f04
--- /dev/null
+++ b/sentry-policy/sentry-policy-common/src/main/java/org/apache/sentry/policy/common/PrivilegeValidator.java
@@ -0,0 +1,24 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.sentry.policy.common;
+
+import org.apache.shiro.config.ConfigurationException;
+
+public interface PrivilegeValidator {
+
+ public void validate(PrivilegeValidatorContext context) throws ConfigurationException;
+}
[08/13] SENTRY-143: Merge db_policy_store branch into master (Brock
Noland via Shreepadma Venugopalan)
Posted by sh...@apache.org.
http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/644e8be3/sentry-provider/sentry-provider-db/src/gen/thrift/gen-javabean/org/apache/sentry/provider/db/service/thrift/TAlterSentryRoleAddGroupsRequest.java
----------------------------------------------------------------------
diff --git a/sentry-provider/sentry-provider-db/src/gen/thrift/gen-javabean/org/apache/sentry/provider/db/service/thrift/TAlterSentryRoleAddGroupsRequest.java b/sentry-provider/sentry-provider-db/src/gen/thrift/gen-javabean/org/apache/sentry/provider/db/service/thrift/TAlterSentryRoleAddGroupsRequest.java
new file mode 100644
index 0000000..de4985d
--- /dev/null
+++ b/sentry-provider/sentry-provider-db/src/gen/thrift/gen-javabean/org/apache/sentry/provider/db/service/thrift/TAlterSentryRoleAddGroupsRequest.java
@@ -0,0 +1,895 @@
+/**
+ * Autogenerated by Thrift Compiler (0.9.0)
+ *
+ * DO NOT EDIT UNLESS YOU ARE SURE THAT YOU KNOW WHAT YOU ARE DOING
+ * @generated
+ */
+package org.apache.sentry.provider.db.service.thrift;
+
+import org.apache.commons.lang.builder.HashCodeBuilder;
+import org.apache.thrift.scheme.IScheme;
+import org.apache.thrift.scheme.SchemeFactory;
+import org.apache.thrift.scheme.StandardScheme;
+
+import org.apache.thrift.scheme.TupleScheme;
+import org.apache.thrift.protocol.TTupleProtocol;
+import org.apache.thrift.protocol.TProtocolException;
+import org.apache.thrift.EncodingUtils;
+import org.apache.thrift.TException;
+import java.util.List;
+import java.util.ArrayList;
+import java.util.Map;
+import java.util.HashMap;
+import java.util.EnumMap;
+import java.util.Set;
+import java.util.HashSet;
+import java.util.EnumSet;
+import java.util.Collections;
+import java.util.BitSet;
+import java.nio.ByteBuffer;
+import java.util.Arrays;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+public class TAlterSentryRoleAddGroupsRequest implements org.apache.thrift.TBase<TAlterSentryRoleAddGroupsRequest, TAlterSentryRoleAddGroupsRequest._Fields>, java.io.Serializable, Cloneable {
+ private static final org.apache.thrift.protocol.TStruct STRUCT_DESC = new org.apache.thrift.protocol.TStruct("TAlterSentryRoleAddGroupsRequest");
+
+ private static final org.apache.thrift.protocol.TField PROTOCOL_VERSION_FIELD_DESC = new org.apache.thrift.protocol.TField("protocol_version", org.apache.thrift.protocol.TType.I32, (short)1);
+ private static final org.apache.thrift.protocol.TField REQUESTOR_USER_NAME_FIELD_DESC = new org.apache.thrift.protocol.TField("requestorUserName", org.apache.thrift.protocol.TType.STRING, (short)2);
+ private static final org.apache.thrift.protocol.TField ROLE_NAME_FIELD_DESC = new org.apache.thrift.protocol.TField("roleName", org.apache.thrift.protocol.TType.STRING, (short)3);
+ private static final org.apache.thrift.protocol.TField REQUESTOR_GROUP_NAME_FIELD_DESC = new org.apache.thrift.protocol.TField("requestorGroupName", org.apache.thrift.protocol.TType.SET, (short)4);
+ private static final org.apache.thrift.protocol.TField GROUPS_FIELD_DESC = new org.apache.thrift.protocol.TField("groups", org.apache.thrift.protocol.TType.SET, (short)5);
+
+ private static final Map<Class<? extends IScheme>, SchemeFactory> schemes = new HashMap<Class<? extends IScheme>, SchemeFactory>();
+ static {
+ schemes.put(StandardScheme.class, new TAlterSentryRoleAddGroupsRequestStandardSchemeFactory());
+ schemes.put(TupleScheme.class, new TAlterSentryRoleAddGroupsRequestTupleSchemeFactory());
+ }
+
+ private int protocol_version; // required
+ private String requestorUserName; // required
+ private String roleName; // required
+ private Set<String> requestorGroupName; // required
+ private Set<TSentryGroup> groups; // required
+
+ /** The set of fields this struct contains, along with convenience methods for finding and manipulating them. */
+ public enum _Fields implements org.apache.thrift.TFieldIdEnum {
+ PROTOCOL_VERSION((short)1, "protocol_version"),
+ REQUESTOR_USER_NAME((short)2, "requestorUserName"),
+ ROLE_NAME((short)3, "roleName"),
+ REQUESTOR_GROUP_NAME((short)4, "requestorGroupName"),
+ GROUPS((short)5, "groups");
+
+ private static final Map<String, _Fields> byName = new HashMap<String, _Fields>();
+
+ static {
+ for (_Fields field : EnumSet.allOf(_Fields.class)) {
+ byName.put(field.getFieldName(), field);
+ }
+ }
+
+ /**
+ * Find the _Fields constant that matches fieldId, or null if its not found.
+ */
+ public static _Fields findByThriftId(int fieldId) {
+ switch(fieldId) {
+ case 1: // PROTOCOL_VERSION
+ return PROTOCOL_VERSION;
+ case 2: // REQUESTOR_USER_NAME
+ return REQUESTOR_USER_NAME;
+ case 3: // ROLE_NAME
+ return ROLE_NAME;
+ case 4: // REQUESTOR_GROUP_NAME
+ return REQUESTOR_GROUP_NAME;
+ case 5: // GROUPS
+ return GROUPS;
+ default:
+ return null;
+ }
+ }
+
+ /**
+ * Find the _Fields constant that matches fieldId, throwing an exception
+ * if it is not found.
+ */
+ public static _Fields findByThriftIdOrThrow(int fieldId) {
+ _Fields fields = findByThriftId(fieldId);
+ if (fields == null) throw new IllegalArgumentException("Field " + fieldId + " doesn't exist!");
+ return fields;
+ }
+
+ /**
+ * Find the _Fields constant that matches name, or null if its not found.
+ */
+ public static _Fields findByName(String name) {
+ return byName.get(name);
+ }
+
+ private final short _thriftId;
+ private final String _fieldName;
+
+ _Fields(short thriftId, String fieldName) {
+ _thriftId = thriftId;
+ _fieldName = fieldName;
+ }
+
+ public short getThriftFieldId() {
+ return _thriftId;
+ }
+
+ public String getFieldName() {
+ return _fieldName;
+ }
+ }
+
+ // isset id assignments
+ private static final int __PROTOCOL_VERSION_ISSET_ID = 0;
+ private byte __isset_bitfield = 0;
+ public static final Map<_Fields, org.apache.thrift.meta_data.FieldMetaData> metaDataMap;
+ static {
+ Map<_Fields, org.apache.thrift.meta_data.FieldMetaData> tmpMap = new EnumMap<_Fields, org.apache.thrift.meta_data.FieldMetaData>(_Fields.class);
+ tmpMap.put(_Fields.PROTOCOL_VERSION, new org.apache.thrift.meta_data.FieldMetaData("protocol_version", org.apache.thrift.TFieldRequirementType.REQUIRED,
+ new org.apache.thrift.meta_data.FieldValueMetaData(org.apache.thrift.protocol.TType.I32)));
+ tmpMap.put(_Fields.REQUESTOR_USER_NAME, new org.apache.thrift.meta_data.FieldMetaData("requestorUserName", org.apache.thrift.TFieldRequirementType.REQUIRED,
+ new org.apache.thrift.meta_data.FieldValueMetaData(org.apache.thrift.protocol.TType.STRING)));
+ tmpMap.put(_Fields.ROLE_NAME, new org.apache.thrift.meta_data.FieldMetaData("roleName", org.apache.thrift.TFieldRequirementType.REQUIRED,
+ new org.apache.thrift.meta_data.FieldValueMetaData(org.apache.thrift.protocol.TType.STRING)));
+ tmpMap.put(_Fields.REQUESTOR_GROUP_NAME, new org.apache.thrift.meta_data.FieldMetaData("requestorGroupName", org.apache.thrift.TFieldRequirementType.REQUIRED,
+ new org.apache.thrift.meta_data.SetMetaData(org.apache.thrift.protocol.TType.SET,
+ new org.apache.thrift.meta_data.FieldValueMetaData(org.apache.thrift.protocol.TType.STRING))));
+ tmpMap.put(_Fields.GROUPS, new org.apache.thrift.meta_data.FieldMetaData("groups", org.apache.thrift.TFieldRequirementType.REQUIRED,
+ new org.apache.thrift.meta_data.SetMetaData(org.apache.thrift.protocol.TType.SET,
+ new org.apache.thrift.meta_data.StructMetaData(org.apache.thrift.protocol.TType.STRUCT, TSentryGroup.class))));
+ metaDataMap = Collections.unmodifiableMap(tmpMap);
+ org.apache.thrift.meta_data.FieldMetaData.addStructMetaDataMap(TAlterSentryRoleAddGroupsRequest.class, metaDataMap);
+ }
+
+ public TAlterSentryRoleAddGroupsRequest() {
+ this.protocol_version = 1;
+
+ }
+
+ public TAlterSentryRoleAddGroupsRequest(
+ int protocol_version,
+ String requestorUserName,
+ String roleName,
+ Set<String> requestorGroupName,
+ Set<TSentryGroup> groups)
+ {
+ this();
+ this.protocol_version = protocol_version;
+ setProtocol_versionIsSet(true);
+ this.requestorUserName = requestorUserName;
+ this.roleName = roleName;
+ this.requestorGroupName = requestorGroupName;
+ this.groups = groups;
+ }
+
+ /**
+ * Performs a deep copy on <i>other</i>.
+ */
+ public TAlterSentryRoleAddGroupsRequest(TAlterSentryRoleAddGroupsRequest other) {
+ __isset_bitfield = other.__isset_bitfield;
+ this.protocol_version = other.protocol_version;
+ if (other.isSetRequestorUserName()) {
+ this.requestorUserName = other.requestorUserName;
+ }
+ if (other.isSetRoleName()) {
+ this.roleName = other.roleName;
+ }
+ if (other.isSetRequestorGroupName()) {
+ Set<String> __this__requestorGroupName = new HashSet<String>();
+ for (String other_element : other.requestorGroupName) {
+ __this__requestorGroupName.add(other_element);
+ }
+ this.requestorGroupName = __this__requestorGroupName;
+ }
+ if (other.isSetGroups()) {
+ Set<TSentryGroup> __this__groups = new HashSet<TSentryGroup>();
+ for (TSentryGroup other_element : other.groups) {
+ __this__groups.add(new TSentryGroup(other_element));
+ }
+ this.groups = __this__groups;
+ }
+ }
+
+ public TAlterSentryRoleAddGroupsRequest deepCopy() {
+ return new TAlterSentryRoleAddGroupsRequest(this);
+ }
+
+ @Override
+ public void clear() {
+ this.protocol_version = 1;
+
+ this.requestorUserName = null;
+ this.roleName = null;
+ this.requestorGroupName = null;
+ this.groups = null;
+ }
+
+ public int getProtocol_version() {
+ return this.protocol_version;
+ }
+
+ public void setProtocol_version(int protocol_version) {
+ this.protocol_version = protocol_version;
+ setProtocol_versionIsSet(true);
+ }
+
+ public void unsetProtocol_version() {
+ __isset_bitfield = EncodingUtils.clearBit(__isset_bitfield, __PROTOCOL_VERSION_ISSET_ID);
+ }
+
+ /** Returns true if field protocol_version is set (has been assigned a value) and false otherwise */
+ public boolean isSetProtocol_version() {
+ return EncodingUtils.testBit(__isset_bitfield, __PROTOCOL_VERSION_ISSET_ID);
+ }
+
+ public void setProtocol_versionIsSet(boolean value) {
+ __isset_bitfield = EncodingUtils.setBit(__isset_bitfield, __PROTOCOL_VERSION_ISSET_ID, value);
+ }
+
+ public String getRequestorUserName() {
+ return this.requestorUserName;
+ }
+
+ public void setRequestorUserName(String requestorUserName) {
+ this.requestorUserName = requestorUserName;
+ }
+
+ public void unsetRequestorUserName() {
+ this.requestorUserName = null;
+ }
+
+ /** Returns true if field requestorUserName is set (has been assigned a value) and false otherwise */
+ public boolean isSetRequestorUserName() {
+ return this.requestorUserName != null;
+ }
+
+ public void setRequestorUserNameIsSet(boolean value) {
+ if (!value) {
+ this.requestorUserName = null;
+ }
+ }
+
+ public String getRoleName() {
+ return this.roleName;
+ }
+
+ public void setRoleName(String roleName) {
+ this.roleName = roleName;
+ }
+
+ public void unsetRoleName() {
+ this.roleName = null;
+ }
+
+ /** Returns true if field roleName is set (has been assigned a value) and false otherwise */
+ public boolean isSetRoleName() {
+ return this.roleName != null;
+ }
+
+ public void setRoleNameIsSet(boolean value) {
+ if (!value) {
+ this.roleName = null;
+ }
+ }
+
+ public int getRequestorGroupNameSize() {
+ return (this.requestorGroupName == null) ? 0 : this.requestorGroupName.size();
+ }
+
+ public java.util.Iterator<String> getRequestorGroupNameIterator() {
+ return (this.requestorGroupName == null) ? null : this.requestorGroupName.iterator();
+ }
+
+ public void addToRequestorGroupName(String elem) {
+ if (this.requestorGroupName == null) {
+ this.requestorGroupName = new HashSet<String>();
+ }
+ this.requestorGroupName.add(elem);
+ }
+
+ public Set<String> getRequestorGroupName() {
+ return this.requestorGroupName;
+ }
+
+ public void setRequestorGroupName(Set<String> requestorGroupName) {
+ this.requestorGroupName = requestorGroupName;
+ }
+
+ public void unsetRequestorGroupName() {
+ this.requestorGroupName = null;
+ }
+
+ /** Returns true if field requestorGroupName is set (has been assigned a value) and false otherwise */
+ public boolean isSetRequestorGroupName() {
+ return this.requestorGroupName != null;
+ }
+
+ public void setRequestorGroupNameIsSet(boolean value) {
+ if (!value) {
+ this.requestorGroupName = null;
+ }
+ }
+
+ public int getGroupsSize() {
+ return (this.groups == null) ? 0 : this.groups.size();
+ }
+
+ public java.util.Iterator<TSentryGroup> getGroupsIterator() {
+ return (this.groups == null) ? null : this.groups.iterator();
+ }
+
+ public void addToGroups(TSentryGroup elem) {
+ if (this.groups == null) {
+ this.groups = new HashSet<TSentryGroup>();
+ }
+ this.groups.add(elem);
+ }
+
+ public Set<TSentryGroup> getGroups() {
+ return this.groups;
+ }
+
+ public void setGroups(Set<TSentryGroup> groups) {
+ this.groups = groups;
+ }
+
+ public void unsetGroups() {
+ this.groups = null;
+ }
+
+ /** Returns true if field groups is set (has been assigned a value) and false otherwise */
+ public boolean isSetGroups() {
+ return this.groups != null;
+ }
+
+ public void setGroupsIsSet(boolean value) {
+ if (!value) {
+ this.groups = null;
+ }
+ }
+
+ public void setFieldValue(_Fields field, Object value) {
+ switch (field) {
+ case PROTOCOL_VERSION:
+ if (value == null) {
+ unsetProtocol_version();
+ } else {
+ setProtocol_version((Integer)value);
+ }
+ break;
+
+ case REQUESTOR_USER_NAME:
+ if (value == null) {
+ unsetRequestorUserName();
+ } else {
+ setRequestorUserName((String)value);
+ }
+ break;
+
+ case ROLE_NAME:
+ if (value == null) {
+ unsetRoleName();
+ } else {
+ setRoleName((String)value);
+ }
+ break;
+
+ case REQUESTOR_GROUP_NAME:
+ if (value == null) {
+ unsetRequestorGroupName();
+ } else {
+ setRequestorGroupName((Set<String>)value);
+ }
+ break;
+
+ case GROUPS:
+ if (value == null) {
+ unsetGroups();
+ } else {
+ setGroups((Set<TSentryGroup>)value);
+ }
+ break;
+
+ }
+ }
+
+ public Object getFieldValue(_Fields field) {
+ switch (field) {
+ case PROTOCOL_VERSION:
+ return Integer.valueOf(getProtocol_version());
+
+ case REQUESTOR_USER_NAME:
+ return getRequestorUserName();
+
+ case ROLE_NAME:
+ return getRoleName();
+
+ case REQUESTOR_GROUP_NAME:
+ return getRequestorGroupName();
+
+ case GROUPS:
+ return getGroups();
+
+ }
+ throw new IllegalStateException();
+ }
+
+ /** Returns true if field corresponding to fieldID is set (has been assigned a value) and false otherwise */
+ public boolean isSet(_Fields field) {
+ if (field == null) {
+ throw new IllegalArgumentException();
+ }
+
+ switch (field) {
+ case PROTOCOL_VERSION:
+ return isSetProtocol_version();
+ case REQUESTOR_USER_NAME:
+ return isSetRequestorUserName();
+ case ROLE_NAME:
+ return isSetRoleName();
+ case REQUESTOR_GROUP_NAME:
+ return isSetRequestorGroupName();
+ case GROUPS:
+ return isSetGroups();
+ }
+ throw new IllegalStateException();
+ }
+
+ @Override
+ public boolean equals(Object that) {
+ if (that == null)
+ return false;
+ if (that instanceof TAlterSentryRoleAddGroupsRequest)
+ return this.equals((TAlterSentryRoleAddGroupsRequest)that);
+ return false;
+ }
+
+ public boolean equals(TAlterSentryRoleAddGroupsRequest that) {
+ if (that == null)
+ return false;
+
+ boolean this_present_protocol_version = true;
+ boolean that_present_protocol_version = true;
+ if (this_present_protocol_version || that_present_protocol_version) {
+ if (!(this_present_protocol_version && that_present_protocol_version))
+ return false;
+ if (this.protocol_version != that.protocol_version)
+ return false;
+ }
+
+ boolean this_present_requestorUserName = true && this.isSetRequestorUserName();
+ boolean that_present_requestorUserName = true && that.isSetRequestorUserName();
+ if (this_present_requestorUserName || that_present_requestorUserName) {
+ if (!(this_present_requestorUserName && that_present_requestorUserName))
+ return false;
+ if (!this.requestorUserName.equals(that.requestorUserName))
+ return false;
+ }
+
+ boolean this_present_roleName = true && this.isSetRoleName();
+ boolean that_present_roleName = true && that.isSetRoleName();
+ if (this_present_roleName || that_present_roleName) {
+ if (!(this_present_roleName && that_present_roleName))
+ return false;
+ if (!this.roleName.equals(that.roleName))
+ return false;
+ }
+
+ boolean this_present_requestorGroupName = true && this.isSetRequestorGroupName();
+ boolean that_present_requestorGroupName = true && that.isSetRequestorGroupName();
+ if (this_present_requestorGroupName || that_present_requestorGroupName) {
+ if (!(this_present_requestorGroupName && that_present_requestorGroupName))
+ return false;
+ if (!this.requestorGroupName.equals(that.requestorGroupName))
+ return false;
+ }
+
+ boolean this_present_groups = true && this.isSetGroups();
+ boolean that_present_groups = true && that.isSetGroups();
+ if (this_present_groups || that_present_groups) {
+ if (!(this_present_groups && that_present_groups))
+ return false;
+ if (!this.groups.equals(that.groups))
+ return false;
+ }
+
+ return true;
+ }
+
+ @Override
+ public int hashCode() {
+ HashCodeBuilder builder = new HashCodeBuilder();
+
+ boolean present_protocol_version = true;
+ builder.append(present_protocol_version);
+ if (present_protocol_version)
+ builder.append(protocol_version);
+
+ boolean present_requestorUserName = true && (isSetRequestorUserName());
+ builder.append(present_requestorUserName);
+ if (present_requestorUserName)
+ builder.append(requestorUserName);
+
+ boolean present_roleName = true && (isSetRoleName());
+ builder.append(present_roleName);
+ if (present_roleName)
+ builder.append(roleName);
+
+ boolean present_requestorGroupName = true && (isSetRequestorGroupName());
+ builder.append(present_requestorGroupName);
+ if (present_requestorGroupName)
+ builder.append(requestorGroupName);
+
+ boolean present_groups = true && (isSetGroups());
+ builder.append(present_groups);
+ if (present_groups)
+ builder.append(groups);
+
+ return builder.toHashCode();
+ }
+
+ public int compareTo(TAlterSentryRoleAddGroupsRequest other) {
+ if (!getClass().equals(other.getClass())) {
+ return getClass().getName().compareTo(other.getClass().getName());
+ }
+
+ int lastComparison = 0;
+ TAlterSentryRoleAddGroupsRequest typedOther = (TAlterSentryRoleAddGroupsRequest)other;
+
+ lastComparison = Boolean.valueOf(isSetProtocol_version()).compareTo(typedOther.isSetProtocol_version());
+ if (lastComparison != 0) {
+ return lastComparison;
+ }
+ if (isSetProtocol_version()) {
+ lastComparison = org.apache.thrift.TBaseHelper.compareTo(this.protocol_version, typedOther.protocol_version);
+ if (lastComparison != 0) {
+ return lastComparison;
+ }
+ }
+ lastComparison = Boolean.valueOf(isSetRequestorUserName()).compareTo(typedOther.isSetRequestorUserName());
+ if (lastComparison != 0) {
+ return lastComparison;
+ }
+ if (isSetRequestorUserName()) {
+ lastComparison = org.apache.thrift.TBaseHelper.compareTo(this.requestorUserName, typedOther.requestorUserName);
+ if (lastComparison != 0) {
+ return lastComparison;
+ }
+ }
+ lastComparison = Boolean.valueOf(isSetRoleName()).compareTo(typedOther.isSetRoleName());
+ if (lastComparison != 0) {
+ return lastComparison;
+ }
+ if (isSetRoleName()) {
+ lastComparison = org.apache.thrift.TBaseHelper.compareTo(this.roleName, typedOther.roleName);
+ if (lastComparison != 0) {
+ return lastComparison;
+ }
+ }
+ lastComparison = Boolean.valueOf(isSetRequestorGroupName()).compareTo(typedOther.isSetRequestorGroupName());
+ if (lastComparison != 0) {
+ return lastComparison;
+ }
+ if (isSetRequestorGroupName()) {
+ lastComparison = org.apache.thrift.TBaseHelper.compareTo(this.requestorGroupName, typedOther.requestorGroupName);
+ if (lastComparison != 0) {
+ return lastComparison;
+ }
+ }
+ lastComparison = Boolean.valueOf(isSetGroups()).compareTo(typedOther.isSetGroups());
+ if (lastComparison != 0) {
+ return lastComparison;
+ }
+ if (isSetGroups()) {
+ lastComparison = org.apache.thrift.TBaseHelper.compareTo(this.groups, typedOther.groups);
+ if (lastComparison != 0) {
+ return lastComparison;
+ }
+ }
+ return 0;
+ }
+
+ public _Fields fieldForId(int fieldId) {
+ return _Fields.findByThriftId(fieldId);
+ }
+
+ public void read(org.apache.thrift.protocol.TProtocol iprot) throws org.apache.thrift.TException {
+ schemes.get(iprot.getScheme()).getScheme().read(iprot, this);
+ }
+
+ public void write(org.apache.thrift.protocol.TProtocol oprot) throws org.apache.thrift.TException {
+ schemes.get(oprot.getScheme()).getScheme().write(oprot, this);
+ }
+
+ @Override
+ public String toString() {
+ StringBuilder sb = new StringBuilder("TAlterSentryRoleAddGroupsRequest(");
+ boolean first = true;
+
+ sb.append("protocol_version:");
+ sb.append(this.protocol_version);
+ first = false;
+ if (!first) sb.append(", ");
+ sb.append("requestorUserName:");
+ if (this.requestorUserName == null) {
+ sb.append("null");
+ } else {
+ sb.append(this.requestorUserName);
+ }
+ first = false;
+ if (!first) sb.append(", ");
+ sb.append("roleName:");
+ if (this.roleName == null) {
+ sb.append("null");
+ } else {
+ sb.append(this.roleName);
+ }
+ first = false;
+ if (!first) sb.append(", ");
+ sb.append("requestorGroupName:");
+ if (this.requestorGroupName == null) {
+ sb.append("null");
+ } else {
+ sb.append(this.requestorGroupName);
+ }
+ first = false;
+ if (!first) sb.append(", ");
+ sb.append("groups:");
+ if (this.groups == null) {
+ sb.append("null");
+ } else {
+ sb.append(this.groups);
+ }
+ first = false;
+ sb.append(")");
+ return sb.toString();
+ }
+
+ public void validate() throws org.apache.thrift.TException {
+ // check for required fields
+ if (!isSetProtocol_version()) {
+ throw new org.apache.thrift.protocol.TProtocolException("Required field 'protocol_version' is unset! Struct:" + toString());
+ }
+
+ if (!isSetRequestorUserName()) {
+ throw new org.apache.thrift.protocol.TProtocolException("Required field 'requestorUserName' is unset! Struct:" + toString());
+ }
+
+ if (!isSetRoleName()) {
+ throw new org.apache.thrift.protocol.TProtocolException("Required field 'roleName' is unset! Struct:" + toString());
+ }
+
+ if (!isSetRequestorGroupName()) {
+ throw new org.apache.thrift.protocol.TProtocolException("Required field 'requestorGroupName' is unset! Struct:" + toString());
+ }
+
+ if (!isSetGroups()) {
+ throw new org.apache.thrift.protocol.TProtocolException("Required field 'groups' is unset! Struct:" + toString());
+ }
+
+ // check for sub-struct validity
+ }
+
+ private void writeObject(java.io.ObjectOutputStream out) throws java.io.IOException {
+ try {
+ write(new org.apache.thrift.protocol.TCompactProtocol(new org.apache.thrift.transport.TIOStreamTransport(out)));
+ } catch (org.apache.thrift.TException te) {
+ throw new java.io.IOException(te);
+ }
+ }
+
+ private void readObject(java.io.ObjectInputStream in) throws java.io.IOException, ClassNotFoundException {
+ try {
+ // it doesn't seem like you should have to do this, but java serialization is wacky, and doesn't call the default constructor.
+ __isset_bitfield = 0;
+ read(new org.apache.thrift.protocol.TCompactProtocol(new org.apache.thrift.transport.TIOStreamTransport(in)));
+ } catch (org.apache.thrift.TException te) {
+ throw new java.io.IOException(te);
+ }
+ }
+
+ private static class TAlterSentryRoleAddGroupsRequestStandardSchemeFactory implements SchemeFactory {
+ public TAlterSentryRoleAddGroupsRequestStandardScheme getScheme() {
+ return new TAlterSentryRoleAddGroupsRequestStandardScheme();
+ }
+ }
+
+ private static class TAlterSentryRoleAddGroupsRequestStandardScheme extends StandardScheme<TAlterSentryRoleAddGroupsRequest> {
+
+ public void read(org.apache.thrift.protocol.TProtocol iprot, TAlterSentryRoleAddGroupsRequest struct) throws org.apache.thrift.TException {
+ org.apache.thrift.protocol.TField schemeField;
+ iprot.readStructBegin();
+ while (true)
+ {
+ schemeField = iprot.readFieldBegin();
+ if (schemeField.type == org.apache.thrift.protocol.TType.STOP) {
+ break;
+ }
+ switch (schemeField.id) {
+ case 1: // PROTOCOL_VERSION
+ if (schemeField.type == org.apache.thrift.protocol.TType.I32) {
+ struct.protocol_version = iprot.readI32();
+ struct.setProtocol_versionIsSet(true);
+ } else {
+ org.apache.thrift.protocol.TProtocolUtil.skip(iprot, schemeField.type);
+ }
+ break;
+ case 2: // REQUESTOR_USER_NAME
+ if (schemeField.type == org.apache.thrift.protocol.TType.STRING) {
+ struct.requestorUserName = iprot.readString();
+ struct.setRequestorUserNameIsSet(true);
+ } else {
+ org.apache.thrift.protocol.TProtocolUtil.skip(iprot, schemeField.type);
+ }
+ break;
+ case 3: // ROLE_NAME
+ if (schemeField.type == org.apache.thrift.protocol.TType.STRING) {
+ struct.roleName = iprot.readString();
+ struct.setRoleNameIsSet(true);
+ } else {
+ org.apache.thrift.protocol.TProtocolUtil.skip(iprot, schemeField.type);
+ }
+ break;
+ case 4: // REQUESTOR_GROUP_NAME
+ if (schemeField.type == org.apache.thrift.protocol.TType.SET) {
+ {
+ org.apache.thrift.protocol.TSet _set40 = iprot.readSetBegin();
+ struct.requestorGroupName = new HashSet<String>(2*_set40.size);
+ for (int _i41 = 0; _i41 < _set40.size; ++_i41)
+ {
+ String _elem42; // required
+ _elem42 = iprot.readString();
+ struct.requestorGroupName.add(_elem42);
+ }
+ iprot.readSetEnd();
+ }
+ struct.setRequestorGroupNameIsSet(true);
+ } else {
+ org.apache.thrift.protocol.TProtocolUtil.skip(iprot, schemeField.type);
+ }
+ break;
+ case 5: // GROUPS
+ if (schemeField.type == org.apache.thrift.protocol.TType.SET) {
+ {
+ org.apache.thrift.protocol.TSet _set43 = iprot.readSetBegin();
+ struct.groups = new HashSet<TSentryGroup>(2*_set43.size);
+ for (int _i44 = 0; _i44 < _set43.size; ++_i44)
+ {
+ TSentryGroup _elem45; // required
+ _elem45 = new TSentryGroup();
+ _elem45.read(iprot);
+ struct.groups.add(_elem45);
+ }
+ iprot.readSetEnd();
+ }
+ struct.setGroupsIsSet(true);
+ } else {
+ org.apache.thrift.protocol.TProtocolUtil.skip(iprot, schemeField.type);
+ }
+ break;
+ default:
+ org.apache.thrift.protocol.TProtocolUtil.skip(iprot, schemeField.type);
+ }
+ iprot.readFieldEnd();
+ }
+ iprot.readStructEnd();
+ struct.validate();
+ }
+
+ public void write(org.apache.thrift.protocol.TProtocol oprot, TAlterSentryRoleAddGroupsRequest struct) throws org.apache.thrift.TException {
+ struct.validate();
+
+ oprot.writeStructBegin(STRUCT_DESC);
+ oprot.writeFieldBegin(PROTOCOL_VERSION_FIELD_DESC);
+ oprot.writeI32(struct.protocol_version);
+ oprot.writeFieldEnd();
+ if (struct.requestorUserName != null) {
+ oprot.writeFieldBegin(REQUESTOR_USER_NAME_FIELD_DESC);
+ oprot.writeString(struct.requestorUserName);
+ oprot.writeFieldEnd();
+ }
+ if (struct.roleName != null) {
+ oprot.writeFieldBegin(ROLE_NAME_FIELD_DESC);
+ oprot.writeString(struct.roleName);
+ oprot.writeFieldEnd();
+ }
+ if (struct.requestorGroupName != null) {
+ oprot.writeFieldBegin(REQUESTOR_GROUP_NAME_FIELD_DESC);
+ {
+ oprot.writeSetBegin(new org.apache.thrift.protocol.TSet(org.apache.thrift.protocol.TType.STRING, struct.requestorGroupName.size()));
+ for (String _iter46 : struct.requestorGroupName)
+ {
+ oprot.writeString(_iter46);
+ }
+ oprot.writeSetEnd();
+ }
+ oprot.writeFieldEnd();
+ }
+ if (struct.groups != null) {
+ oprot.writeFieldBegin(GROUPS_FIELD_DESC);
+ {
+ oprot.writeSetBegin(new org.apache.thrift.protocol.TSet(org.apache.thrift.protocol.TType.STRUCT, struct.groups.size()));
+ for (TSentryGroup _iter47 : struct.groups)
+ {
+ _iter47.write(oprot);
+ }
+ oprot.writeSetEnd();
+ }
+ oprot.writeFieldEnd();
+ }
+ oprot.writeFieldStop();
+ oprot.writeStructEnd();
+ }
+
+ }
+
+ private static class TAlterSentryRoleAddGroupsRequestTupleSchemeFactory implements SchemeFactory {
+ public TAlterSentryRoleAddGroupsRequestTupleScheme getScheme() {
+ return new TAlterSentryRoleAddGroupsRequestTupleScheme();
+ }
+ }
+
+ private static class TAlterSentryRoleAddGroupsRequestTupleScheme extends TupleScheme<TAlterSentryRoleAddGroupsRequest> {
+
+ @Override
+ public void write(org.apache.thrift.protocol.TProtocol prot, TAlterSentryRoleAddGroupsRequest struct) throws org.apache.thrift.TException {
+ TTupleProtocol oprot = (TTupleProtocol) prot;
+ oprot.writeI32(struct.protocol_version);
+ oprot.writeString(struct.requestorUserName);
+ oprot.writeString(struct.roleName);
+ {
+ oprot.writeI32(struct.requestorGroupName.size());
+ for (String _iter48 : struct.requestorGroupName)
+ {
+ oprot.writeString(_iter48);
+ }
+ }
+ {
+ oprot.writeI32(struct.groups.size());
+ for (TSentryGroup _iter49 : struct.groups)
+ {
+ _iter49.write(oprot);
+ }
+ }
+ }
+
+ @Override
+ public void read(org.apache.thrift.protocol.TProtocol prot, TAlterSentryRoleAddGroupsRequest struct) throws org.apache.thrift.TException {
+ TTupleProtocol iprot = (TTupleProtocol) prot;
+ struct.protocol_version = iprot.readI32();
+ struct.setProtocol_versionIsSet(true);
+ struct.requestorUserName = iprot.readString();
+ struct.setRequestorUserNameIsSet(true);
+ struct.roleName = iprot.readString();
+ struct.setRoleNameIsSet(true);
+ {
+ org.apache.thrift.protocol.TSet _set50 = new org.apache.thrift.protocol.TSet(org.apache.thrift.protocol.TType.STRING, iprot.readI32());
+ struct.requestorGroupName = new HashSet<String>(2*_set50.size);
+ for (int _i51 = 0; _i51 < _set50.size; ++_i51)
+ {
+ String _elem52; // required
+ _elem52 = iprot.readString();
+ struct.requestorGroupName.add(_elem52);
+ }
+ }
+ struct.setRequestorGroupNameIsSet(true);
+ {
+ org.apache.thrift.protocol.TSet _set53 = new org.apache.thrift.protocol.TSet(org.apache.thrift.protocol.TType.STRUCT, iprot.readI32());
+ struct.groups = new HashSet<TSentryGroup>(2*_set53.size);
+ for (int _i54 = 0; _i54 < _set53.size; ++_i54)
+ {
+ TSentryGroup _elem55; // required
+ _elem55 = new TSentryGroup();
+ _elem55.read(iprot);
+ struct.groups.add(_elem55);
+ }
+ }
+ struct.setGroupsIsSet(true);
+ }
+ }
+
+}
+
http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/644e8be3/sentry-provider/sentry-provider-db/src/gen/thrift/gen-javabean/org/apache/sentry/provider/db/service/thrift/TAlterSentryRoleAddGroupsResponse.java
----------------------------------------------------------------------
diff --git a/sentry-provider/sentry-provider-db/src/gen/thrift/gen-javabean/org/apache/sentry/provider/db/service/thrift/TAlterSentryRoleAddGroupsResponse.java b/sentry-provider/sentry-provider-db/src/gen/thrift/gen-javabean/org/apache/sentry/provider/db/service/thrift/TAlterSentryRoleAddGroupsResponse.java
new file mode 100644
index 0000000..15b014e
--- /dev/null
+++ b/sentry-provider/sentry-provider-db/src/gen/thrift/gen-javabean/org/apache/sentry/provider/db/service/thrift/TAlterSentryRoleAddGroupsResponse.java
@@ -0,0 +1,390 @@
+/**
+ * Autogenerated by Thrift Compiler (0.9.0)
+ *
+ * DO NOT EDIT UNLESS YOU ARE SURE THAT YOU KNOW WHAT YOU ARE DOING
+ * @generated
+ */
+package org.apache.sentry.provider.db.service.thrift;
+
+import org.apache.commons.lang.builder.HashCodeBuilder;
+import org.apache.thrift.scheme.IScheme;
+import org.apache.thrift.scheme.SchemeFactory;
+import org.apache.thrift.scheme.StandardScheme;
+
+import org.apache.thrift.scheme.TupleScheme;
+import org.apache.thrift.protocol.TTupleProtocol;
+import org.apache.thrift.protocol.TProtocolException;
+import org.apache.thrift.EncodingUtils;
+import org.apache.thrift.TException;
+import java.util.List;
+import java.util.ArrayList;
+import java.util.Map;
+import java.util.HashMap;
+import java.util.EnumMap;
+import java.util.Set;
+import java.util.HashSet;
+import java.util.EnumSet;
+import java.util.Collections;
+import java.util.BitSet;
+import java.nio.ByteBuffer;
+import java.util.Arrays;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+public class TAlterSentryRoleAddGroupsResponse implements org.apache.thrift.TBase<TAlterSentryRoleAddGroupsResponse, TAlterSentryRoleAddGroupsResponse._Fields>, java.io.Serializable, Cloneable {
+ private static final org.apache.thrift.protocol.TStruct STRUCT_DESC = new org.apache.thrift.protocol.TStruct("TAlterSentryRoleAddGroupsResponse");
+
+ private static final org.apache.thrift.protocol.TField STATUS_FIELD_DESC = new org.apache.thrift.protocol.TField("status", org.apache.thrift.protocol.TType.STRUCT, (short)1);
+
+ private static final Map<Class<? extends IScheme>, SchemeFactory> schemes = new HashMap<Class<? extends IScheme>, SchemeFactory>();
+ static {
+ schemes.put(StandardScheme.class, new TAlterSentryRoleAddGroupsResponseStandardSchemeFactory());
+ schemes.put(TupleScheme.class, new TAlterSentryRoleAddGroupsResponseTupleSchemeFactory());
+ }
+
+ private org.apache.sentry.service.thrift.TSentryResponseStatus status; // required
+
+ /** The set of fields this struct contains, along with convenience methods for finding and manipulating them. */
+ public enum _Fields implements org.apache.thrift.TFieldIdEnum {
+ STATUS((short)1, "status");
+
+ private static final Map<String, _Fields> byName = new HashMap<String, _Fields>();
+
+ static {
+ for (_Fields field : EnumSet.allOf(_Fields.class)) {
+ byName.put(field.getFieldName(), field);
+ }
+ }
+
+ /**
+ * Find the _Fields constant that matches fieldId, or null if its not found.
+ */
+ public static _Fields findByThriftId(int fieldId) {
+ switch(fieldId) {
+ case 1: // STATUS
+ return STATUS;
+ default:
+ return null;
+ }
+ }
+
+ /**
+ * Find the _Fields constant that matches fieldId, throwing an exception
+ * if it is not found.
+ */
+ public static _Fields findByThriftIdOrThrow(int fieldId) {
+ _Fields fields = findByThriftId(fieldId);
+ if (fields == null) throw new IllegalArgumentException("Field " + fieldId + " doesn't exist!");
+ return fields;
+ }
+
+ /**
+ * Find the _Fields constant that matches name, or null if its not found.
+ */
+ public static _Fields findByName(String name) {
+ return byName.get(name);
+ }
+
+ private final short _thriftId;
+ private final String _fieldName;
+
+ _Fields(short thriftId, String fieldName) {
+ _thriftId = thriftId;
+ _fieldName = fieldName;
+ }
+
+ public short getThriftFieldId() {
+ return _thriftId;
+ }
+
+ public String getFieldName() {
+ return _fieldName;
+ }
+ }
+
+ // isset id assignments
+ public static final Map<_Fields, org.apache.thrift.meta_data.FieldMetaData> metaDataMap;
+ static {
+ Map<_Fields, org.apache.thrift.meta_data.FieldMetaData> tmpMap = new EnumMap<_Fields, org.apache.thrift.meta_data.FieldMetaData>(_Fields.class);
+ tmpMap.put(_Fields.STATUS, new org.apache.thrift.meta_data.FieldMetaData("status", org.apache.thrift.TFieldRequirementType.REQUIRED,
+ new org.apache.thrift.meta_data.StructMetaData(org.apache.thrift.protocol.TType.STRUCT, org.apache.sentry.service.thrift.TSentryResponseStatus.class)));
+ metaDataMap = Collections.unmodifiableMap(tmpMap);
+ org.apache.thrift.meta_data.FieldMetaData.addStructMetaDataMap(TAlterSentryRoleAddGroupsResponse.class, metaDataMap);
+ }
+
+ public TAlterSentryRoleAddGroupsResponse() {
+ }
+
+ public TAlterSentryRoleAddGroupsResponse(
+ org.apache.sentry.service.thrift.TSentryResponseStatus status)
+ {
+ this();
+ this.status = status;
+ }
+
+ /**
+ * Performs a deep copy on <i>other</i>.
+ */
+ public TAlterSentryRoleAddGroupsResponse(TAlterSentryRoleAddGroupsResponse other) {
+ if (other.isSetStatus()) {
+ this.status = new org.apache.sentry.service.thrift.TSentryResponseStatus(other.status);
+ }
+ }
+
+ public TAlterSentryRoleAddGroupsResponse deepCopy() {
+ return new TAlterSentryRoleAddGroupsResponse(this);
+ }
+
+ @Override
+ public void clear() {
+ this.status = null;
+ }
+
+ public org.apache.sentry.service.thrift.TSentryResponseStatus getStatus() {
+ return this.status;
+ }
+
+ public void setStatus(org.apache.sentry.service.thrift.TSentryResponseStatus status) {
+ this.status = status;
+ }
+
+ public void unsetStatus() {
+ this.status = null;
+ }
+
+ /** Returns true if field status is set (has been assigned a value) and false otherwise */
+ public boolean isSetStatus() {
+ return this.status != null;
+ }
+
+ public void setStatusIsSet(boolean value) {
+ if (!value) {
+ this.status = null;
+ }
+ }
+
+ public void setFieldValue(_Fields field, Object value) {
+ switch (field) {
+ case STATUS:
+ if (value == null) {
+ unsetStatus();
+ } else {
+ setStatus((org.apache.sentry.service.thrift.TSentryResponseStatus)value);
+ }
+ break;
+
+ }
+ }
+
+ public Object getFieldValue(_Fields field) {
+ switch (field) {
+ case STATUS:
+ return getStatus();
+
+ }
+ throw new IllegalStateException();
+ }
+
+ /** Returns true if field corresponding to fieldID is set (has been assigned a value) and false otherwise */
+ public boolean isSet(_Fields field) {
+ if (field == null) {
+ throw new IllegalArgumentException();
+ }
+
+ switch (field) {
+ case STATUS:
+ return isSetStatus();
+ }
+ throw new IllegalStateException();
+ }
+
+ @Override
+ public boolean equals(Object that) {
+ if (that == null)
+ return false;
+ if (that instanceof TAlterSentryRoleAddGroupsResponse)
+ return this.equals((TAlterSentryRoleAddGroupsResponse)that);
+ return false;
+ }
+
+ public boolean equals(TAlterSentryRoleAddGroupsResponse that) {
+ if (that == null)
+ return false;
+
+ boolean this_present_status = true && this.isSetStatus();
+ boolean that_present_status = true && that.isSetStatus();
+ if (this_present_status || that_present_status) {
+ if (!(this_present_status && that_present_status))
+ return false;
+ if (!this.status.equals(that.status))
+ return false;
+ }
+
+ return true;
+ }
+
+ @Override
+ public int hashCode() {
+ HashCodeBuilder builder = new HashCodeBuilder();
+
+ boolean present_status = true && (isSetStatus());
+ builder.append(present_status);
+ if (present_status)
+ builder.append(status);
+
+ return builder.toHashCode();
+ }
+
+ public int compareTo(TAlterSentryRoleAddGroupsResponse other) {
+ if (!getClass().equals(other.getClass())) {
+ return getClass().getName().compareTo(other.getClass().getName());
+ }
+
+ int lastComparison = 0;
+ TAlterSentryRoleAddGroupsResponse typedOther = (TAlterSentryRoleAddGroupsResponse)other;
+
+ lastComparison = Boolean.valueOf(isSetStatus()).compareTo(typedOther.isSetStatus());
+ if (lastComparison != 0) {
+ return lastComparison;
+ }
+ if (isSetStatus()) {
+ lastComparison = org.apache.thrift.TBaseHelper.compareTo(this.status, typedOther.status);
+ if (lastComparison != 0) {
+ return lastComparison;
+ }
+ }
+ return 0;
+ }
+
+ public _Fields fieldForId(int fieldId) {
+ return _Fields.findByThriftId(fieldId);
+ }
+
+ public void read(org.apache.thrift.protocol.TProtocol iprot) throws org.apache.thrift.TException {
+ schemes.get(iprot.getScheme()).getScheme().read(iprot, this);
+ }
+
+ public void write(org.apache.thrift.protocol.TProtocol oprot) throws org.apache.thrift.TException {
+ schemes.get(oprot.getScheme()).getScheme().write(oprot, this);
+ }
+
+ @Override
+ public String toString() {
+ StringBuilder sb = new StringBuilder("TAlterSentryRoleAddGroupsResponse(");
+ boolean first = true;
+
+ sb.append("status:");
+ if (this.status == null) {
+ sb.append("null");
+ } else {
+ sb.append(this.status);
+ }
+ first = false;
+ sb.append(")");
+ return sb.toString();
+ }
+
+ public void validate() throws org.apache.thrift.TException {
+ // check for required fields
+ if (!isSetStatus()) {
+ throw new org.apache.thrift.protocol.TProtocolException("Required field 'status' is unset! Struct:" + toString());
+ }
+
+ // check for sub-struct validity
+ if (status != null) {
+ status.validate();
+ }
+ }
+
+ private void writeObject(java.io.ObjectOutputStream out) throws java.io.IOException {
+ try {
+ write(new org.apache.thrift.protocol.TCompactProtocol(new org.apache.thrift.transport.TIOStreamTransport(out)));
+ } catch (org.apache.thrift.TException te) {
+ throw new java.io.IOException(te);
+ }
+ }
+
+ private void readObject(java.io.ObjectInputStream in) throws java.io.IOException, ClassNotFoundException {
+ try {
+ read(new org.apache.thrift.protocol.TCompactProtocol(new org.apache.thrift.transport.TIOStreamTransport(in)));
+ } catch (org.apache.thrift.TException te) {
+ throw new java.io.IOException(te);
+ }
+ }
+
+ private static class TAlterSentryRoleAddGroupsResponseStandardSchemeFactory implements SchemeFactory {
+ public TAlterSentryRoleAddGroupsResponseStandardScheme getScheme() {
+ return new TAlterSentryRoleAddGroupsResponseStandardScheme();
+ }
+ }
+
+ private static class TAlterSentryRoleAddGroupsResponseStandardScheme extends StandardScheme<TAlterSentryRoleAddGroupsResponse> {
+
+ public void read(org.apache.thrift.protocol.TProtocol iprot, TAlterSentryRoleAddGroupsResponse struct) throws org.apache.thrift.TException {
+ org.apache.thrift.protocol.TField schemeField;
+ iprot.readStructBegin();
+ while (true)
+ {
+ schemeField = iprot.readFieldBegin();
+ if (schemeField.type == org.apache.thrift.protocol.TType.STOP) {
+ break;
+ }
+ switch (schemeField.id) {
+ case 1: // STATUS
+ if (schemeField.type == org.apache.thrift.protocol.TType.STRUCT) {
+ struct.status = new org.apache.sentry.service.thrift.TSentryResponseStatus();
+ struct.status.read(iprot);
+ struct.setStatusIsSet(true);
+ } else {
+ org.apache.thrift.protocol.TProtocolUtil.skip(iprot, schemeField.type);
+ }
+ break;
+ default:
+ org.apache.thrift.protocol.TProtocolUtil.skip(iprot, schemeField.type);
+ }
+ iprot.readFieldEnd();
+ }
+ iprot.readStructEnd();
+ struct.validate();
+ }
+
+ public void write(org.apache.thrift.protocol.TProtocol oprot, TAlterSentryRoleAddGroupsResponse struct) throws org.apache.thrift.TException {
+ struct.validate();
+
+ oprot.writeStructBegin(STRUCT_DESC);
+ if (struct.status != null) {
+ oprot.writeFieldBegin(STATUS_FIELD_DESC);
+ struct.status.write(oprot);
+ oprot.writeFieldEnd();
+ }
+ oprot.writeFieldStop();
+ oprot.writeStructEnd();
+ }
+
+ }
+
+ private static class TAlterSentryRoleAddGroupsResponseTupleSchemeFactory implements SchemeFactory {
+ public TAlterSentryRoleAddGroupsResponseTupleScheme getScheme() {
+ return new TAlterSentryRoleAddGroupsResponseTupleScheme();
+ }
+ }
+
+ private static class TAlterSentryRoleAddGroupsResponseTupleScheme extends TupleScheme<TAlterSentryRoleAddGroupsResponse> {
+
+ @Override
+ public void write(org.apache.thrift.protocol.TProtocol prot, TAlterSentryRoleAddGroupsResponse struct) throws org.apache.thrift.TException {
+ TTupleProtocol oprot = (TTupleProtocol) prot;
+ struct.status.write(oprot);
+ }
+
+ @Override
+ public void read(org.apache.thrift.protocol.TProtocol prot, TAlterSentryRoleAddGroupsResponse struct) throws org.apache.thrift.TException {
+ TTupleProtocol iprot = (TTupleProtocol) prot;
+ struct.status = new org.apache.sentry.service.thrift.TSentryResponseStatus();
+ struct.status.read(iprot);
+ struct.setStatusIsSet(true);
+ }
+ }
+
+}
+
http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/644e8be3/sentry-provider/sentry-provider-db/src/gen/thrift/gen-javabean/org/apache/sentry/provider/db/service/thrift/TAlterSentryRoleDeleteGroupsRequest.java
----------------------------------------------------------------------
diff --git a/sentry-provider/sentry-provider-db/src/gen/thrift/gen-javabean/org/apache/sentry/provider/db/service/thrift/TAlterSentryRoleDeleteGroupsRequest.java b/sentry-provider/sentry-provider-db/src/gen/thrift/gen-javabean/org/apache/sentry/provider/db/service/thrift/TAlterSentryRoleDeleteGroupsRequest.java
new file mode 100644
index 0000000..acfa5f5
--- /dev/null
+++ b/sentry-provider/sentry-provider-db/src/gen/thrift/gen-javabean/org/apache/sentry/provider/db/service/thrift/TAlterSentryRoleDeleteGroupsRequest.java
@@ -0,0 +1,639 @@
+/**
+ * Autogenerated by Thrift Compiler (0.9.0)
+ *
+ * DO NOT EDIT UNLESS YOU ARE SURE THAT YOU KNOW WHAT YOU ARE DOING
+ * @generated
+ */
+package org.apache.sentry.provider.db.service.thrift;
+
+import org.apache.commons.lang.builder.HashCodeBuilder;
+import org.apache.thrift.scheme.IScheme;
+import org.apache.thrift.scheme.SchemeFactory;
+import org.apache.thrift.scheme.StandardScheme;
+
+import org.apache.thrift.scheme.TupleScheme;
+import org.apache.thrift.protocol.TTupleProtocol;
+import org.apache.thrift.protocol.TProtocolException;
+import org.apache.thrift.EncodingUtils;
+import org.apache.thrift.TException;
+import java.util.List;
+import java.util.ArrayList;
+import java.util.Map;
+import java.util.HashMap;
+import java.util.EnumMap;
+import java.util.Set;
+import java.util.HashSet;
+import java.util.EnumSet;
+import java.util.Collections;
+import java.util.BitSet;
+import java.nio.ByteBuffer;
+import java.util.Arrays;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+public class TAlterSentryRoleDeleteGroupsRequest implements org.apache.thrift.TBase<TAlterSentryRoleDeleteGroupsRequest, TAlterSentryRoleDeleteGroupsRequest._Fields>, java.io.Serializable, Cloneable {
+ private static final org.apache.thrift.protocol.TStruct STRUCT_DESC = new org.apache.thrift.protocol.TStruct("TAlterSentryRoleDeleteGroupsRequest");
+
+ private static final org.apache.thrift.protocol.TField PROTOCOL_VERSION_FIELD_DESC = new org.apache.thrift.protocol.TField("protocol_version", org.apache.thrift.protocol.TType.I32, (short)1);
+ private static final org.apache.thrift.protocol.TField REQUESTOR_USER_NAME_FIELD_DESC = new org.apache.thrift.protocol.TField("requestorUserName", org.apache.thrift.protocol.TType.STRING, (short)2);
+ private static final org.apache.thrift.protocol.TField REQUESTOR_GROUP_NAME_FIELD_DESC = new org.apache.thrift.protocol.TField("requestorGroupName", org.apache.thrift.protocol.TType.SET, (short)3);
+
+ private static final Map<Class<? extends IScheme>, SchemeFactory> schemes = new HashMap<Class<? extends IScheme>, SchemeFactory>();
+ static {
+ schemes.put(StandardScheme.class, new TAlterSentryRoleDeleteGroupsRequestStandardSchemeFactory());
+ schemes.put(TupleScheme.class, new TAlterSentryRoleDeleteGroupsRequestTupleSchemeFactory());
+ }
+
+ private int protocol_version; // required
+ private String requestorUserName; // required
+ private Set<String> requestorGroupName; // required
+
+ /** The set of fields this struct contains, along with convenience methods for finding and manipulating them. */
+ public enum _Fields implements org.apache.thrift.TFieldIdEnum {
+ PROTOCOL_VERSION((short)1, "protocol_version"),
+ REQUESTOR_USER_NAME((short)2, "requestorUserName"),
+ REQUESTOR_GROUP_NAME((short)3, "requestorGroupName");
+
+ private static final Map<String, _Fields> byName = new HashMap<String, _Fields>();
+
+ static {
+ for (_Fields field : EnumSet.allOf(_Fields.class)) {
+ byName.put(field.getFieldName(), field);
+ }
+ }
+
+ /**
+ * Find the _Fields constant that matches fieldId, or null if its not found.
+ */
+ public static _Fields findByThriftId(int fieldId) {
+ switch(fieldId) {
+ case 1: // PROTOCOL_VERSION
+ return PROTOCOL_VERSION;
+ case 2: // REQUESTOR_USER_NAME
+ return REQUESTOR_USER_NAME;
+ case 3: // REQUESTOR_GROUP_NAME
+ return REQUESTOR_GROUP_NAME;
+ default:
+ return null;
+ }
+ }
+
+ /**
+ * Find the _Fields constant that matches fieldId, throwing an exception
+ * if it is not found.
+ */
+ public static _Fields findByThriftIdOrThrow(int fieldId) {
+ _Fields fields = findByThriftId(fieldId);
+ if (fields == null) throw new IllegalArgumentException("Field " + fieldId + " doesn't exist!");
+ return fields;
+ }
+
+ /**
+ * Find the _Fields constant that matches name, or null if its not found.
+ */
+ public static _Fields findByName(String name) {
+ return byName.get(name);
+ }
+
+ private final short _thriftId;
+ private final String _fieldName;
+
+ _Fields(short thriftId, String fieldName) {
+ _thriftId = thriftId;
+ _fieldName = fieldName;
+ }
+
+ public short getThriftFieldId() {
+ return _thriftId;
+ }
+
+ public String getFieldName() {
+ return _fieldName;
+ }
+ }
+
+ // isset id assignments
+ private static final int __PROTOCOL_VERSION_ISSET_ID = 0;
+ private byte __isset_bitfield = 0;
+ public static final Map<_Fields, org.apache.thrift.meta_data.FieldMetaData> metaDataMap;
+ static {
+ Map<_Fields, org.apache.thrift.meta_data.FieldMetaData> tmpMap = new EnumMap<_Fields, org.apache.thrift.meta_data.FieldMetaData>(_Fields.class);
+ tmpMap.put(_Fields.PROTOCOL_VERSION, new org.apache.thrift.meta_data.FieldMetaData("protocol_version", org.apache.thrift.TFieldRequirementType.REQUIRED,
+ new org.apache.thrift.meta_data.FieldValueMetaData(org.apache.thrift.protocol.TType.I32)));
+ tmpMap.put(_Fields.REQUESTOR_USER_NAME, new org.apache.thrift.meta_data.FieldMetaData("requestorUserName", org.apache.thrift.TFieldRequirementType.REQUIRED,
+ new org.apache.thrift.meta_data.FieldValueMetaData(org.apache.thrift.protocol.TType.STRING)));
+ tmpMap.put(_Fields.REQUESTOR_GROUP_NAME, new org.apache.thrift.meta_data.FieldMetaData("requestorGroupName", org.apache.thrift.TFieldRequirementType.REQUIRED,
+ new org.apache.thrift.meta_data.SetMetaData(org.apache.thrift.protocol.TType.SET,
+ new org.apache.thrift.meta_data.FieldValueMetaData(org.apache.thrift.protocol.TType.STRING))));
+ metaDataMap = Collections.unmodifiableMap(tmpMap);
+ org.apache.thrift.meta_data.FieldMetaData.addStructMetaDataMap(TAlterSentryRoleDeleteGroupsRequest.class, metaDataMap);
+ }
+
+ public TAlterSentryRoleDeleteGroupsRequest() {
+ this.protocol_version = 1;
+
+ }
+
+ public TAlterSentryRoleDeleteGroupsRequest(
+ int protocol_version,
+ String requestorUserName,
+ Set<String> requestorGroupName)
+ {
+ this();
+ this.protocol_version = protocol_version;
+ setProtocol_versionIsSet(true);
+ this.requestorUserName = requestorUserName;
+ this.requestorGroupName = requestorGroupName;
+ }
+
+ /**
+ * Performs a deep copy on <i>other</i>.
+ */
+ public TAlterSentryRoleDeleteGroupsRequest(TAlterSentryRoleDeleteGroupsRequest other) {
+ __isset_bitfield = other.__isset_bitfield;
+ this.protocol_version = other.protocol_version;
+ if (other.isSetRequestorUserName()) {
+ this.requestorUserName = other.requestorUserName;
+ }
+ if (other.isSetRequestorGroupName()) {
+ Set<String> __this__requestorGroupName = new HashSet<String>();
+ for (String other_element : other.requestorGroupName) {
+ __this__requestorGroupName.add(other_element);
+ }
+ this.requestorGroupName = __this__requestorGroupName;
+ }
+ }
+
+ public TAlterSentryRoleDeleteGroupsRequest deepCopy() {
+ return new TAlterSentryRoleDeleteGroupsRequest(this);
+ }
+
+ @Override
+ public void clear() {
+ this.protocol_version = 1;
+
+ this.requestorUserName = null;
+ this.requestorGroupName = null;
+ }
+
+ public int getProtocol_version() {
+ return this.protocol_version;
+ }
+
+ public void setProtocol_version(int protocol_version) {
+ this.protocol_version = protocol_version;
+ setProtocol_versionIsSet(true);
+ }
+
+ public void unsetProtocol_version() {
+ __isset_bitfield = EncodingUtils.clearBit(__isset_bitfield, __PROTOCOL_VERSION_ISSET_ID);
+ }
+
+ /** Returns true if field protocol_version is set (has been assigned a value) and false otherwise */
+ public boolean isSetProtocol_version() {
+ return EncodingUtils.testBit(__isset_bitfield, __PROTOCOL_VERSION_ISSET_ID);
+ }
+
+ public void setProtocol_versionIsSet(boolean value) {
+ __isset_bitfield = EncodingUtils.setBit(__isset_bitfield, __PROTOCOL_VERSION_ISSET_ID, value);
+ }
+
+ public String getRequestorUserName() {
+ return this.requestorUserName;
+ }
+
+ public void setRequestorUserName(String requestorUserName) {
+ this.requestorUserName = requestorUserName;
+ }
+
+ public void unsetRequestorUserName() {
+ this.requestorUserName = null;
+ }
+
+ /** Returns true if field requestorUserName is set (has been assigned a value) and false otherwise */
+ public boolean isSetRequestorUserName() {
+ return this.requestorUserName != null;
+ }
+
+ public void setRequestorUserNameIsSet(boolean value) {
+ if (!value) {
+ this.requestorUserName = null;
+ }
+ }
+
+ public int getRequestorGroupNameSize() {
+ return (this.requestorGroupName == null) ? 0 : this.requestorGroupName.size();
+ }
+
+ public java.util.Iterator<String> getRequestorGroupNameIterator() {
+ return (this.requestorGroupName == null) ? null : this.requestorGroupName.iterator();
+ }
+
+ public void addToRequestorGroupName(String elem) {
+ if (this.requestorGroupName == null) {
+ this.requestorGroupName = new HashSet<String>();
+ }
+ this.requestorGroupName.add(elem);
+ }
+
+ public Set<String> getRequestorGroupName() {
+ return this.requestorGroupName;
+ }
+
+ public void setRequestorGroupName(Set<String> requestorGroupName) {
+ this.requestorGroupName = requestorGroupName;
+ }
+
+ public void unsetRequestorGroupName() {
+ this.requestorGroupName = null;
+ }
+
+ /** Returns true if field requestorGroupName is set (has been assigned a value) and false otherwise */
+ public boolean isSetRequestorGroupName() {
+ return this.requestorGroupName != null;
+ }
+
+ public void setRequestorGroupNameIsSet(boolean value) {
+ if (!value) {
+ this.requestorGroupName = null;
+ }
+ }
+
+ public void setFieldValue(_Fields field, Object value) {
+ switch (field) {
+ case PROTOCOL_VERSION:
+ if (value == null) {
+ unsetProtocol_version();
+ } else {
+ setProtocol_version((Integer)value);
+ }
+ break;
+
+ case REQUESTOR_USER_NAME:
+ if (value == null) {
+ unsetRequestorUserName();
+ } else {
+ setRequestorUserName((String)value);
+ }
+ break;
+
+ case REQUESTOR_GROUP_NAME:
+ if (value == null) {
+ unsetRequestorGroupName();
+ } else {
+ setRequestorGroupName((Set<String>)value);
+ }
+ break;
+
+ }
+ }
+
+ public Object getFieldValue(_Fields field) {
+ switch (field) {
+ case PROTOCOL_VERSION:
+ return Integer.valueOf(getProtocol_version());
+
+ case REQUESTOR_USER_NAME:
+ return getRequestorUserName();
+
+ case REQUESTOR_GROUP_NAME:
+ return getRequestorGroupName();
+
+ }
+ throw new IllegalStateException();
+ }
+
+ /** Returns true if field corresponding to fieldID is set (has been assigned a value) and false otherwise */
+ public boolean isSet(_Fields field) {
+ if (field == null) {
+ throw new IllegalArgumentException();
+ }
+
+ switch (field) {
+ case PROTOCOL_VERSION:
+ return isSetProtocol_version();
+ case REQUESTOR_USER_NAME:
+ return isSetRequestorUserName();
+ case REQUESTOR_GROUP_NAME:
+ return isSetRequestorGroupName();
+ }
+ throw new IllegalStateException();
+ }
+
+ @Override
+ public boolean equals(Object that) {
+ if (that == null)
+ return false;
+ if (that instanceof TAlterSentryRoleDeleteGroupsRequest)
+ return this.equals((TAlterSentryRoleDeleteGroupsRequest)that);
+ return false;
+ }
+
+ public boolean equals(TAlterSentryRoleDeleteGroupsRequest that) {
+ if (that == null)
+ return false;
+
+ boolean this_present_protocol_version = true;
+ boolean that_present_protocol_version = true;
+ if (this_present_protocol_version || that_present_protocol_version) {
+ if (!(this_present_protocol_version && that_present_protocol_version))
+ return false;
+ if (this.protocol_version != that.protocol_version)
+ return false;
+ }
+
+ boolean this_present_requestorUserName = true && this.isSetRequestorUserName();
+ boolean that_present_requestorUserName = true && that.isSetRequestorUserName();
+ if (this_present_requestorUserName || that_present_requestorUserName) {
+ if (!(this_present_requestorUserName && that_present_requestorUserName))
+ return false;
+ if (!this.requestorUserName.equals(that.requestorUserName))
+ return false;
+ }
+
+ boolean this_present_requestorGroupName = true && this.isSetRequestorGroupName();
+ boolean that_present_requestorGroupName = true && that.isSetRequestorGroupName();
+ if (this_present_requestorGroupName || that_present_requestorGroupName) {
+ if (!(this_present_requestorGroupName && that_present_requestorGroupName))
+ return false;
+ if (!this.requestorGroupName.equals(that.requestorGroupName))
+ return false;
+ }
+
+ return true;
+ }
+
+ @Override
+ public int hashCode() {
+ HashCodeBuilder builder = new HashCodeBuilder();
+
+ boolean present_protocol_version = true;
+ builder.append(present_protocol_version);
+ if (present_protocol_version)
+ builder.append(protocol_version);
+
+ boolean present_requestorUserName = true && (isSetRequestorUserName());
+ builder.append(present_requestorUserName);
+ if (present_requestorUserName)
+ builder.append(requestorUserName);
+
+ boolean present_requestorGroupName = true && (isSetRequestorGroupName());
+ builder.append(present_requestorGroupName);
+ if (present_requestorGroupName)
+ builder.append(requestorGroupName);
+
+ return builder.toHashCode();
+ }
+
+ public int compareTo(TAlterSentryRoleDeleteGroupsRequest other) {
+ if (!getClass().equals(other.getClass())) {
+ return getClass().getName().compareTo(other.getClass().getName());
+ }
+
+ int lastComparison = 0;
+ TAlterSentryRoleDeleteGroupsRequest typedOther = (TAlterSentryRoleDeleteGroupsRequest)other;
+
+ lastComparison = Boolean.valueOf(isSetProtocol_version()).compareTo(typedOther.isSetProtocol_version());
+ if (lastComparison != 0) {
+ return lastComparison;
+ }
+ if (isSetProtocol_version()) {
+ lastComparison = org.apache.thrift.TBaseHelper.compareTo(this.protocol_version, typedOther.protocol_version);
+ if (lastComparison != 0) {
+ return lastComparison;
+ }
+ }
+ lastComparison = Boolean.valueOf(isSetRequestorUserName()).compareTo(typedOther.isSetRequestorUserName());
+ if (lastComparison != 0) {
+ return lastComparison;
+ }
+ if (isSetRequestorUserName()) {
+ lastComparison = org.apache.thrift.TBaseHelper.compareTo(this.requestorUserName, typedOther.requestorUserName);
+ if (lastComparison != 0) {
+ return lastComparison;
+ }
+ }
+ lastComparison = Boolean.valueOf(isSetRequestorGroupName()).compareTo(typedOther.isSetRequestorGroupName());
+ if (lastComparison != 0) {
+ return lastComparison;
+ }
+ if (isSetRequestorGroupName()) {
+ lastComparison = org.apache.thrift.TBaseHelper.compareTo(this.requestorGroupName, typedOther.requestorGroupName);
+ if (lastComparison != 0) {
+ return lastComparison;
+ }
+ }
+ return 0;
+ }
+
+ public _Fields fieldForId(int fieldId) {
+ return _Fields.findByThriftId(fieldId);
+ }
+
+ public void read(org.apache.thrift.protocol.TProtocol iprot) throws org.apache.thrift.TException {
+ schemes.get(iprot.getScheme()).getScheme().read(iprot, this);
+ }
+
+ public void write(org.apache.thrift.protocol.TProtocol oprot) throws org.apache.thrift.TException {
+ schemes.get(oprot.getScheme()).getScheme().write(oprot, this);
+ }
+
+ @Override
+ public String toString() {
+ StringBuilder sb = new StringBuilder("TAlterSentryRoleDeleteGroupsRequest(");
+ boolean first = true;
+
+ sb.append("protocol_version:");
+ sb.append(this.protocol_version);
+ first = false;
+ if (!first) sb.append(", ");
+ sb.append("requestorUserName:");
+ if (this.requestorUserName == null) {
+ sb.append("null");
+ } else {
+ sb.append(this.requestorUserName);
+ }
+ first = false;
+ if (!first) sb.append(", ");
+ sb.append("requestorGroupName:");
+ if (this.requestorGroupName == null) {
+ sb.append("null");
+ } else {
+ sb.append(this.requestorGroupName);
+ }
+ first = false;
+ sb.append(")");
+ return sb.toString();
+ }
+
+ public void validate() throws org.apache.thrift.TException {
+ // check for required fields
+ if (!isSetProtocol_version()) {
+ throw new org.apache.thrift.protocol.TProtocolException("Required field 'protocol_version' is unset! Struct:" + toString());
+ }
+
+ if (!isSetRequestorUserName()) {
+ throw new org.apache.thrift.protocol.TProtocolException("Required field 'requestorUserName' is unset! Struct:" + toString());
+ }
+
+ if (!isSetRequestorGroupName()) {
+ throw new org.apache.thrift.protocol.TProtocolException("Required field 'requestorGroupName' is unset! Struct:" + toString());
+ }
+
+ // check for sub-struct validity
+ }
+
+ private void writeObject(java.io.ObjectOutputStream out) throws java.io.IOException {
+ try {
+ write(new org.apache.thrift.protocol.TCompactProtocol(new org.apache.thrift.transport.TIOStreamTransport(out)));
+ } catch (org.apache.thrift.TException te) {
+ throw new java.io.IOException(te);
+ }
+ }
+
+ private void readObject(java.io.ObjectInputStream in) throws java.io.IOException, ClassNotFoundException {
+ try {
+ // it doesn't seem like you should have to do this, but java serialization is wacky, and doesn't call the default constructor.
+ __isset_bitfield = 0;
+ read(new org.apache.thrift.protocol.TCompactProtocol(new org.apache.thrift.transport.TIOStreamTransport(in)));
+ } catch (org.apache.thrift.TException te) {
+ throw new java.io.IOException(te);
+ }
+ }
+
+ private static class TAlterSentryRoleDeleteGroupsRequestStandardSchemeFactory implements SchemeFactory {
+ public TAlterSentryRoleDeleteGroupsRequestStandardScheme getScheme() {
+ return new TAlterSentryRoleDeleteGroupsRequestStandardScheme();
+ }
+ }
+
+ private static class TAlterSentryRoleDeleteGroupsRequestStandardScheme extends StandardScheme<TAlterSentryRoleDeleteGroupsRequest> {
+
+ public void read(org.apache.thrift.protocol.TProtocol iprot, TAlterSentryRoleDeleteGroupsRequest struct) throws org.apache.thrift.TException {
+ org.apache.thrift.protocol.TField schemeField;
+ iprot.readStructBegin();
+ while (true)
+ {
+ schemeField = iprot.readFieldBegin();
+ if (schemeField.type == org.apache.thrift.protocol.TType.STOP) {
+ break;
+ }
+ switch (schemeField.id) {
+ case 1: // PROTOCOL_VERSION
+ if (schemeField.type == org.apache.thrift.protocol.TType.I32) {
+ struct.protocol_version = iprot.readI32();
+ struct.setProtocol_versionIsSet(true);
+ } else {
+ org.apache.thrift.protocol.TProtocolUtil.skip(iprot, schemeField.type);
+ }
+ break;
+ case 2: // REQUESTOR_USER_NAME
+ if (schemeField.type == org.apache.thrift.protocol.TType.STRING) {
+ struct.requestorUserName = iprot.readString();
+ struct.setRequestorUserNameIsSet(true);
+ } else {
+ org.apache.thrift.protocol.TProtocolUtil.skip(iprot, schemeField.type);
+ }
+ break;
+ case 3: // REQUESTOR_GROUP_NAME
+ if (schemeField.type == org.apache.thrift.protocol.TType.SET) {
+ {
+ org.apache.thrift.protocol.TSet _set56 = iprot.readSetBegin();
+ struct.requestorGroupName = new HashSet<String>(2*_set56.size);
+ for (int _i57 = 0; _i57 < _set56.size; ++_i57)
+ {
+ String _elem58; // required
+ _elem58 = iprot.readString();
+ struct.requestorGroupName.add(_elem58);
+ }
+ iprot.readSetEnd();
+ }
+ struct.setRequestorGroupNameIsSet(true);
+ } else {
+ org.apache.thrift.protocol.TProtocolUtil.skip(iprot, schemeField.type);
+ }
+ break;
+ default:
+ org.apache.thrift.protocol.TProtocolUtil.skip(iprot, schemeField.type);
+ }
+ iprot.readFieldEnd();
+ }
+ iprot.readStructEnd();
+ struct.validate();
+ }
+
+ public void write(org.apache.thrift.protocol.TProtocol oprot, TAlterSentryRoleDeleteGroupsRequest struct) throws org.apache.thrift.TException {
+ struct.validate();
+
+ oprot.writeStructBegin(STRUCT_DESC);
+ oprot.writeFieldBegin(PROTOCOL_VERSION_FIELD_DESC);
+ oprot.writeI32(struct.protocol_version);
+ oprot.writeFieldEnd();
+ if (struct.requestorUserName != null) {
+ oprot.writeFieldBegin(REQUESTOR_USER_NAME_FIELD_DESC);
+ oprot.writeString(struct.requestorUserName);
+ oprot.writeFieldEnd();
+ }
+ if (struct.requestorGroupName != null) {
+ oprot.writeFieldBegin(REQUESTOR_GROUP_NAME_FIELD_DESC);
+ {
+ oprot.writeSetBegin(new org.apache.thrift.protocol.TSet(org.apache.thrift.protocol.TType.STRING, struct.requestorGroupName.size()));
+ for (String _iter59 : struct.requestorGroupName)
+ {
+ oprot.writeString(_iter59);
+ }
+ oprot.writeSetEnd();
+ }
+ oprot.writeFieldEnd();
+ }
+ oprot.writeFieldStop();
+ oprot.writeStructEnd();
+ }
+
+ }
+
+ private static class TAlterSentryRoleDeleteGroupsRequestTupleSchemeFactory implements SchemeFactory {
+ public TAlterSentryRoleDeleteGroupsRequestTupleScheme getScheme() {
+ return new TAlterSentryRoleDeleteGroupsRequestTupleScheme();
+ }
+ }
+
+ private static class TAlterSentryRoleDeleteGroupsRequestTupleScheme extends TupleScheme<TAlterSentryRoleDeleteGroupsRequest> {
+
+ @Override
+ public void write(org.apache.thrift.protocol.TProtocol prot, TAlterSentryRoleDeleteGroupsRequest struct) throws org.apache.thrift.TException {
+ TTupleProtocol oprot = (TTupleProtocol) prot;
+ oprot.writeI32(struct.protocol_version);
+ oprot.writeString(struct.requestorUserName);
+ {
+ oprot.writeI32(struct.requestorGroupName.size());
+ for (String _iter60 : struct.requestorGroupName)
+ {
+ oprot.writeString(_iter60);
+ }
+ }
+ }
+
+ @Override
+ public void read(org.apache.thrift.protocol.TProtocol prot, TAlterSentryRoleDeleteGroupsRequest struct) throws org.apache.thrift.TException {
+ TTupleProtocol iprot = (TTupleProtocol) prot;
+ struct.protocol_version = iprot.readI32();
+ struct.setProtocol_versionIsSet(true);
+ struct.requestorUserName = iprot.readString();
+ struct.setRequestorUserNameIsSet(true);
+ {
+ org.apache.thrift.protocol.TSet _set61 = new org.apache.thrift.protocol.TSet(org.apache.thrift.protocol.TType.STRING, iprot.readI32());
+ struct.requestorGroupName = new HashSet<String>(2*_set61.size);
+ for (int _i62 = 0; _i62 < _set61.size; ++_i62)
+ {
+ String _elem63; // required
+ _elem63 = iprot.readString();
+ struct.requestorGroupName.add(_elem63);
+ }
+ }
+ struct.setRequestorGroupNameIsSet(true);
+ }
+ }
+
+}
+
http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/644e8be3/sentry-provider/sentry-provider-db/src/gen/thrift/gen-javabean/org/apache/sentry/provider/db/service/thrift/TAlterSentryRoleDeleteGroupsResponse.java
----------------------------------------------------------------------
diff --git a/sentry-provider/sentry-provider-db/src/gen/thrift/gen-javabean/org/apache/sentry/provider/db/service/thrift/TAlterSentryRoleDeleteGroupsResponse.java b/sentry-provider/sentry-provider-db/src/gen/thrift/gen-javabean/org/apache/sentry/provider/db/service/thrift/TAlterSentryRoleDeleteGroupsResponse.java
new file mode 100644
index 0000000..0efa544
--- /dev/null
+++ b/sentry-provider/sentry-provider-db/src/gen/thrift/gen-javabean/org/apache/sentry/provider/db/service/thrift/TAlterSentryRoleDeleteGroupsResponse.java
@@ -0,0 +1,390 @@
+/**
+ * Autogenerated by Thrift Compiler (0.9.0)
+ *
+ * DO NOT EDIT UNLESS YOU ARE SURE THAT YOU KNOW WHAT YOU ARE DOING
+ * @generated
+ */
+package org.apache.sentry.provider.db.service.thrift;
+
+import org.apache.commons.lang.builder.HashCodeBuilder;
+import org.apache.thrift.scheme.IScheme;
+import org.apache.thrift.scheme.SchemeFactory;
+import org.apache.thrift.scheme.StandardScheme;
+
+import org.apache.thrift.scheme.TupleScheme;
+import org.apache.thrift.protocol.TTupleProtocol;
+import org.apache.thrift.protocol.TProtocolException;
+import org.apache.thrift.EncodingUtils;
+import org.apache.thrift.TException;
+import java.util.List;
+import java.util.ArrayList;
+import java.util.Map;
+import java.util.HashMap;
+import java.util.EnumMap;
+import java.util.Set;
+import java.util.HashSet;
+import java.util.EnumSet;
+import java.util.Collections;
+import java.util.BitSet;
+import java.nio.ByteBuffer;
+import java.util.Arrays;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+public class TAlterSentryRoleDeleteGroupsResponse implements org.apache.thrift.TBase<TAlterSentryRoleDeleteGroupsResponse, TAlterSentryRoleDeleteGroupsResponse._Fields>, java.io.Serializable, Cloneable {
+ private static final org.apache.thrift.protocol.TStruct STRUCT_DESC = new org.apache.thrift.protocol.TStruct("TAlterSentryRoleDeleteGroupsResponse");
+
+ private static final org.apache.thrift.protocol.TField STATUS_FIELD_DESC = new org.apache.thrift.protocol.TField("status", org.apache.thrift.protocol.TType.STRUCT, (short)1);
+
+ private static final Map<Class<? extends IScheme>, SchemeFactory> schemes = new HashMap<Class<? extends IScheme>, SchemeFactory>();
+ static {
+ schemes.put(StandardScheme.class, new TAlterSentryRoleDeleteGroupsResponseStandardSchemeFactory());
+ schemes.put(TupleScheme.class, new TAlterSentryRoleDeleteGroupsResponseTupleSchemeFactory());
+ }
+
+ private org.apache.sentry.service.thrift.TSentryResponseStatus status; // required
+
+ /** The set of fields this struct contains, along with convenience methods for finding and manipulating them. */
+ public enum _Fields implements org.apache.thrift.TFieldIdEnum {
+ STATUS((short)1, "status");
+
+ private static final Map<String, _Fields> byName = new HashMap<String, _Fields>();
+
+ static {
+ for (_Fields field : EnumSet.allOf(_Fields.class)) {
+ byName.put(field.getFieldName(), field);
+ }
+ }
+
+ /**
+ * Find the _Fields constant that matches fieldId, or null if its not found.
+ */
+ public static _Fields findByThriftId(int fieldId) {
+ switch(fieldId) {
+ case 1: // STATUS
+ return STATUS;
+ default:
+ return null;
+ }
+ }
+
+ /**
+ * Find the _Fields constant that matches fieldId, throwing an exception
+ * if it is not found.
+ */
+ public static _Fields findByThriftIdOrThrow(int fieldId) {
+ _Fields fields = findByThriftId(fieldId);
+ if (fields == null) throw new IllegalArgumentException("Field " + fieldId + " doesn't exist!");
+ return fields;
+ }
+
+ /**
+ * Find the _Fields constant that matches name, or null if its not found.
+ */
+ public static _Fields findByName(String name) {
+ return byName.get(name);
+ }
+
+ private final short _thriftId;
+ private final String _fieldName;
+
+ _Fields(short thriftId, String fieldName) {
+ _thriftId = thriftId;
+ _fieldName = fieldName;
+ }
+
+ public short getThriftFieldId() {
+ return _thriftId;
+ }
+
+ public String getFieldName() {
+ return _fieldName;
+ }
+ }
+
+ // isset id assignments
+ public static final Map<_Fields, org.apache.thrift.meta_data.FieldMetaData> metaDataMap;
+ static {
+ Map<_Fields, org.apache.thrift.meta_data.FieldMetaData> tmpMap = new EnumMap<_Fields, org.apache.thrift.meta_data.FieldMetaData>(_Fields.class);
+ tmpMap.put(_Fields.STATUS, new org.apache.thrift.meta_data.FieldMetaData("status", org.apache.thrift.TFieldRequirementType.REQUIRED,
+ new org.apache.thrift.meta_data.StructMetaData(org.apache.thrift.protocol.TType.STRUCT, org.apache.sentry.service.thrift.TSentryResponseStatus.class)));
+ metaDataMap = Collections.unmodifiableMap(tmpMap);
+ org.apache.thrift.meta_data.FieldMetaData.addStructMetaDataMap(TAlterSentryRoleDeleteGroupsResponse.class, metaDataMap);
+ }
+
+ public TAlterSentryRoleDeleteGroupsResponse() {
+ }
+
+ public TAlterSentryRoleDeleteGroupsResponse(
+ org.apache.sentry.service.thrift.TSentryResponseStatus status)
+ {
+ this();
+ this.status = status;
+ }
+
+ /**
+ * Performs a deep copy on <i>other</i>.
+ */
+ public TAlterSentryRoleDeleteGroupsResponse(TAlterSentryRoleDeleteGroupsResponse other) {
+ if (other.isSetStatus()) {
+ this.status = new org.apache.sentry.service.thrift.TSentryResponseStatus(other.status);
+ }
+ }
+
+ public TAlterSentryRoleDeleteGroupsResponse deepCopy() {
+ return new TAlterSentryRoleDeleteGroupsResponse(this);
+ }
+
+ @Override
+ public void clear() {
+ this.status = null;
+ }
+
+ public org.apache.sentry.service.thrift.TSentryResponseStatus getStatus() {
+ return this.status;
+ }
+
+ public void setStatus(org.apache.sentry.service.thrift.TSentryResponseStatus status) {
+ this.status = status;
+ }
+
+ public void unsetStatus() {
+ this.status = null;
+ }
+
+ /** Returns true if field status is set (has been assigned a value) and false otherwise */
+ public boolean isSetStatus() {
+ return this.status != null;
+ }
+
+ public void setStatusIsSet(boolean value) {
+ if (!value) {
+ this.status = null;
+ }
+ }
+
+ public void setFieldValue(_Fields field, Object value) {
+ switch (field) {
+ case STATUS:
+ if (value == null) {
+ unsetStatus();
+ } else {
+ setStatus((org.apache.sentry.service.thrift.TSentryResponseStatus)value);
+ }
+ break;
+
+ }
+ }
+
+ public Object getFieldValue(_Fields field) {
+ switch (field) {
+ case STATUS:
+ return getStatus();
+
+ }
+ throw new IllegalStateException();
+ }
+
+ /** Returns true if field corresponding to fieldID is set (has been assigned a value) and false otherwise */
+ public boolean isSet(_Fields field) {
+ if (field == null) {
+ throw new IllegalArgumentException();
+ }
+
+ switch (field) {
+ case STATUS:
+ return isSetStatus();
+ }
+ throw new IllegalStateException();
+ }
+
+ @Override
+ public boolean equals(Object that) {
+ if (that == null)
+ return false;
+ if (that instanceof TAlterSentryRoleDeleteGroupsResponse)
+ return this.equals((TAlterSentryRoleDeleteGroupsResponse)that);
+ return false;
+ }
+
+ public boolean equals(TAlterSentryRoleDeleteGroupsResponse that) {
+ if (that == null)
+ return false;
+
+ boolean this_present_status = true && this.isSetStatus();
+ boolean that_present_status = true && that.isSetStatus();
+ if (this_present_status || that_present_status) {
+ if (!(this_present_status && that_present_status))
+ return false;
+ if (!this.status.equals(that.status))
+ return false;
+ }
+
+ return true;
+ }
+
+ @Override
+ public int hashCode() {
+ HashCodeBuilder builder = new HashCodeBuilder();
+
+ boolean present_status = true && (isSetStatus());
+ builder.append(present_status);
+ if (present_status)
+ builder.append(status);
+
+ return builder.toHashCode();
+ }
+
+ public int compareTo(TAlterSentryRoleDeleteGroupsResponse other) {
+ if (!getClass().equals(other.getClass())) {
+ return getClass().getName().compareTo(other.getClass().getName());
+ }
+
+ int lastComparison = 0;
+ TAlterSentryRoleDeleteGroupsResponse typedOther = (TAlterSentryRoleDeleteGroupsResponse)other;
+
+ lastComparison = Boolean.valueOf(isSetStatus()).compareTo(typedOther.isSetStatus());
+ if (lastComparison != 0) {
+ return lastComparison;
+ }
+ if (isSetStatus()) {
+ lastComparison = org.apache.thrift.TBaseHelper.compareTo(this.status, typedOther.status);
+ if (lastComparison != 0) {
+ return lastComparison;
+ }
+ }
+ return 0;
+ }
+
+ public _Fields fieldForId(int fieldId) {
+ return _Fields.findByThriftId(fieldId);
+ }
+
+ public void read(org.apache.thrift.protocol.TProtocol iprot) throws org.apache.thrift.TException {
+ schemes.get(iprot.getScheme()).getScheme().read(iprot, this);
+ }
+
+ public void write(org.apache.thrift.protocol.TProtocol oprot) throws org.apache.thrift.TException {
+ schemes.get(oprot.getScheme()).getScheme().write(oprot, this);
+ }
+
+ @Override
+ public String toString() {
+ StringBuilder sb = new StringBuilder("TAlterSentryRoleDeleteGroupsResponse(");
+ boolean first = true;
+
+ sb.append("status:");
+ if (this.status == null) {
+ sb.append("null");
+ } else {
+ sb.append(this.status);
+ }
+ first = false;
+ sb.append(")");
+ return sb.toString();
+ }
+
+ public void validate() throws org.apache.thrift.TException {
+ // check for required fields
+ if (!isSetStatus()) {
+ throw new org.apache.thrift.protocol.TProtocolException("Required field 'status' is unset! Struct:" + toString());
+ }
+
+ // check for sub-struct validity
+ if (status != null) {
+ status.validate();
+ }
+ }
+
+ private void writeObject(java.io.ObjectOutputStream out) throws java.io.IOException {
+ try {
+ write(new org.apache.thrift.protocol.TCompactProtocol(new org.apache.thrift.transport.TIOStreamTransport(out)));
+ } catch (org.apache.thrift.TException te) {
+ throw new java.io.IOException(te);
+ }
+ }
+
+ private void readObject(java.io.ObjectInputStream in) throws java.io.IOException, ClassNotFoundException {
+ try {
+ read(new org.apache.thrift.protocol.TCompactProtocol(new org.apache.thrift.transport.TIOStreamTransport(in)));
+ } catch (org.apache.thrift.TException te) {
+ throw new java.io.IOException(te);
+ }
+ }
+
+ private static class TAlterSentryRoleDeleteGroupsResponseStandardSchemeFactory implements SchemeFactory {
+ public TAlterSentryRoleDeleteGroupsResponseStandardScheme getScheme() {
+ return new TAlterSentryRoleDeleteGroupsResponseStandardScheme();
+ }
+ }
+
+ private static class TAlterSentryRoleDeleteGroupsResponseStandardScheme extends StandardScheme<TAlterSentryRoleDeleteGroupsResponse> {
+
+ public void read(org.apache.thrift.protocol.TProtocol iprot, TAlterSentryRoleDeleteGroupsResponse struct) throws org.apache.thrift.TException {
+ org.apache.thrift.protocol.TField schemeField;
+ iprot.readStructBegin();
+ while (true)
+ {
+ schemeField = iprot.readFieldBegin();
+ if (schemeField.type == org.apache.thrift.protocol.TType.STOP) {
+ break;
+ }
+ switch (schemeField.id) {
+ case 1: // STATUS
+ if (schemeField.type == org.apache.thrift.protocol.TType.STRUCT) {
+ struct.status = new org.apache.sentry.service.thrift.TSentryResponseStatus();
+ struct.status.read(iprot);
+ struct.setStatusIsSet(true);
+ } else {
+ org.apache.thrift.protocol.TProtocolUtil.skip(iprot, schemeField.type);
+ }
+ break;
+ default:
+ org.apache.thrift.protocol.TProtocolUtil.skip(iprot, schemeField.type);
+ }
+ iprot.readFieldEnd();
+ }
+ iprot.readStructEnd();
+ struct.validate();
+ }
+
+ public void write(org.apache.thrift.protocol.TProtocol oprot, TAlterSentryRoleDeleteGroupsResponse struct) throws org.apache.thrift.TException {
+ struct.validate();
+
+ oprot.writeStructBegin(STRUCT_DESC);
+ if (struct.status != null) {
+ oprot.writeFieldBegin(STATUS_FIELD_DESC);
+ struct.status.write(oprot);
+ oprot.writeFieldEnd();
+ }
+ oprot.writeFieldStop();
+ oprot.writeStructEnd();
+ }
+
+ }
+
+ private static class TAlterSentryRoleDeleteGroupsResponseTupleSchemeFactory implements SchemeFactory {
+ public TAlterSentryRoleDeleteGroupsResponseTupleScheme getScheme() {
+ return new TAlterSentryRoleDeleteGroupsResponseTupleScheme();
+ }
+ }
+
+ private static class TAlterSentryRoleDeleteGroupsResponseTupleScheme extends TupleScheme<TAlterSentryRoleDeleteGroupsResponse> {
+
+ @Override
+ public void write(org.apache.thrift.protocol.TProtocol prot, TAlterSentryRoleDeleteGroupsResponse struct) throws org.apache.thrift.TException {
+ TTupleProtocol oprot = (TTupleProtocol) prot;
+ struct.status.write(oprot);
+ }
+
+ @Override
+ public void read(org.apache.thrift.protocol.TProtocol prot, TAlterSentryRoleDeleteGroupsResponse struct) throws org.apache.thrift.TException {
+ TTupleProtocol iprot = (TTupleProtocol) prot;
+ struct.status = new org.apache.sentry.service.thrift.TSentryResponseStatus();
+ struct.status.read(iprot);
+ struct.setStatusIsSet(true);
+ }
+ }
+
+}
+
[04/13] SENTRY-143: Merge db_policy_store branch into master (Brock
Noland via Shreepadma Venugopalan)
Posted by sh...@apache.org.
http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/644e8be3/sentry-provider/sentry-provider-db/src/gen/thrift/gen-javabean/org/apache/sentry/provider/db/service/thrift/TSentryPrivilege.java
----------------------------------------------------------------------
diff --git a/sentry-provider/sentry-provider-db/src/gen/thrift/gen-javabean/org/apache/sentry/provider/db/service/thrift/TSentryPrivilege.java b/sentry-provider/sentry-provider-db/src/gen/thrift/gen-javabean/org/apache/sentry/provider/db/service/thrift/TSentryPrivilege.java
new file mode 100644
index 0000000..9e8ac4c
--- /dev/null
+++ b/sentry-provider/sentry-provider-db/src/gen/thrift/gen-javabean/org/apache/sentry/provider/db/service/thrift/TSentryPrivilege.java
@@ -0,0 +1,1224 @@
+/**
+ * Autogenerated by Thrift Compiler (0.9.0)
+ *
+ * DO NOT EDIT UNLESS YOU ARE SURE THAT YOU KNOW WHAT YOU ARE DOING
+ * @generated
+ */
+package org.apache.sentry.provider.db.service.thrift;
+
+import org.apache.commons.lang.builder.HashCodeBuilder;
+import org.apache.thrift.scheme.IScheme;
+import org.apache.thrift.scheme.SchemeFactory;
+import org.apache.thrift.scheme.StandardScheme;
+
+import org.apache.thrift.scheme.TupleScheme;
+import org.apache.thrift.protocol.TTupleProtocol;
+import org.apache.thrift.protocol.TProtocolException;
+import org.apache.thrift.EncodingUtils;
+import org.apache.thrift.TException;
+import java.util.List;
+import java.util.ArrayList;
+import java.util.Map;
+import java.util.HashMap;
+import java.util.EnumMap;
+import java.util.Set;
+import java.util.HashSet;
+import java.util.EnumSet;
+import java.util.Collections;
+import java.util.BitSet;
+import java.nio.ByteBuffer;
+import java.util.Arrays;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+public class TSentryPrivilege implements org.apache.thrift.TBase<TSentryPrivilege, TSentryPrivilege._Fields>, java.io.Serializable, Cloneable {
+ private static final org.apache.thrift.protocol.TStruct STRUCT_DESC = new org.apache.thrift.protocol.TStruct("TSentryPrivilege");
+
+ private static final org.apache.thrift.protocol.TField PRIVILEGE_SCOPE_FIELD_DESC = new org.apache.thrift.protocol.TField("privilegeScope", org.apache.thrift.protocol.TType.STRING, (short)1);
+ private static final org.apache.thrift.protocol.TField PRIVILEGE_NAME_FIELD_DESC = new org.apache.thrift.protocol.TField("privilegeName", org.apache.thrift.protocol.TType.STRING, (short)2);
+ private static final org.apache.thrift.protocol.TField SERVER_NAME_FIELD_DESC = new org.apache.thrift.protocol.TField("serverName", org.apache.thrift.protocol.TType.STRING, (short)3);
+ private static final org.apache.thrift.protocol.TField DB_NAME_FIELD_DESC = new org.apache.thrift.protocol.TField("dbName", org.apache.thrift.protocol.TType.STRING, (short)4);
+ private static final org.apache.thrift.protocol.TField TABLE_NAME_FIELD_DESC = new org.apache.thrift.protocol.TField("tableName", org.apache.thrift.protocol.TType.STRING, (short)5);
+ private static final org.apache.thrift.protocol.TField URI_FIELD_DESC = new org.apache.thrift.protocol.TField("URI", org.apache.thrift.protocol.TType.STRING, (short)6);
+ private static final org.apache.thrift.protocol.TField ACTION_FIELD_DESC = new org.apache.thrift.protocol.TField("action", org.apache.thrift.protocol.TType.STRING, (short)7);
+ private static final org.apache.thrift.protocol.TField CREATE_TIME_FIELD_DESC = new org.apache.thrift.protocol.TField("createTime", org.apache.thrift.protocol.TType.I64, (short)8);
+ private static final org.apache.thrift.protocol.TField GRANTOR_PRINCIPAL_FIELD_DESC = new org.apache.thrift.protocol.TField("grantorPrincipal", org.apache.thrift.protocol.TType.STRING, (short)9);
+
+ private static final Map<Class<? extends IScheme>, SchemeFactory> schemes = new HashMap<Class<? extends IScheme>, SchemeFactory>();
+ static {
+ schemes.put(StandardScheme.class, new TSentryPrivilegeStandardSchemeFactory());
+ schemes.put(TupleScheme.class, new TSentryPrivilegeTupleSchemeFactory());
+ }
+
+ private String privilegeScope; // required
+ private String privilegeName; // optional
+ private String serverName; // required
+ private String dbName; // optional
+ private String tableName; // optional
+ private String URI; // optional
+ private String action; // required
+ private long createTime; // optional
+ private String grantorPrincipal; // optional
+
+ /** The set of fields this struct contains, along with convenience methods for finding and manipulating them. */
+ public enum _Fields implements org.apache.thrift.TFieldIdEnum {
+ PRIVILEGE_SCOPE((short)1, "privilegeScope"),
+ PRIVILEGE_NAME((short)2, "privilegeName"),
+ SERVER_NAME((short)3, "serverName"),
+ DB_NAME((short)4, "dbName"),
+ TABLE_NAME((short)5, "tableName"),
+ URI((short)6, "URI"),
+ ACTION((short)7, "action"),
+ CREATE_TIME((short)8, "createTime"),
+ GRANTOR_PRINCIPAL((short)9, "grantorPrincipal");
+
+ private static final Map<String, _Fields> byName = new HashMap<String, _Fields>();
+
+ static {
+ for (_Fields field : EnumSet.allOf(_Fields.class)) {
+ byName.put(field.getFieldName(), field);
+ }
+ }
+
+ /**
+ * Find the _Fields constant that matches fieldId, or null if its not found.
+ */
+ public static _Fields findByThriftId(int fieldId) {
+ switch(fieldId) {
+ case 1: // PRIVILEGE_SCOPE
+ return PRIVILEGE_SCOPE;
+ case 2: // PRIVILEGE_NAME
+ return PRIVILEGE_NAME;
+ case 3: // SERVER_NAME
+ return SERVER_NAME;
+ case 4: // DB_NAME
+ return DB_NAME;
+ case 5: // TABLE_NAME
+ return TABLE_NAME;
+ case 6: // URI
+ return URI;
+ case 7: // ACTION
+ return ACTION;
+ case 8: // CREATE_TIME
+ return CREATE_TIME;
+ case 9: // GRANTOR_PRINCIPAL
+ return GRANTOR_PRINCIPAL;
+ default:
+ return null;
+ }
+ }
+
+ /**
+ * Find the _Fields constant that matches fieldId, throwing an exception
+ * if it is not found.
+ */
+ public static _Fields findByThriftIdOrThrow(int fieldId) {
+ _Fields fields = findByThriftId(fieldId);
+ if (fields == null) throw new IllegalArgumentException("Field " + fieldId + " doesn't exist!");
+ return fields;
+ }
+
+ /**
+ * Find the _Fields constant that matches name, or null if its not found.
+ */
+ public static _Fields findByName(String name) {
+ return byName.get(name);
+ }
+
+ private final short _thriftId;
+ private final String _fieldName;
+
+ _Fields(short thriftId, String fieldName) {
+ _thriftId = thriftId;
+ _fieldName = fieldName;
+ }
+
+ public short getThriftFieldId() {
+ return _thriftId;
+ }
+
+ public String getFieldName() {
+ return _fieldName;
+ }
+ }
+
+ // isset id assignments
+ private static final int __CREATETIME_ISSET_ID = 0;
+ private byte __isset_bitfield = 0;
+ private _Fields optionals[] = {_Fields.PRIVILEGE_NAME,_Fields.DB_NAME,_Fields.TABLE_NAME,_Fields.URI,_Fields.CREATE_TIME,_Fields.GRANTOR_PRINCIPAL};
+ public static final Map<_Fields, org.apache.thrift.meta_data.FieldMetaData> metaDataMap;
+ static {
+ Map<_Fields, org.apache.thrift.meta_data.FieldMetaData> tmpMap = new EnumMap<_Fields, org.apache.thrift.meta_data.FieldMetaData>(_Fields.class);
+ tmpMap.put(_Fields.PRIVILEGE_SCOPE, new org.apache.thrift.meta_data.FieldMetaData("privilegeScope", org.apache.thrift.TFieldRequirementType.REQUIRED,
+ new org.apache.thrift.meta_data.FieldValueMetaData(org.apache.thrift.protocol.TType.STRING)));
+ tmpMap.put(_Fields.PRIVILEGE_NAME, new org.apache.thrift.meta_data.FieldMetaData("privilegeName", org.apache.thrift.TFieldRequirementType.OPTIONAL,
+ new org.apache.thrift.meta_data.FieldValueMetaData(org.apache.thrift.protocol.TType.STRING)));
+ tmpMap.put(_Fields.SERVER_NAME, new org.apache.thrift.meta_data.FieldMetaData("serverName", org.apache.thrift.TFieldRequirementType.REQUIRED,
+ new org.apache.thrift.meta_data.FieldValueMetaData(org.apache.thrift.protocol.TType.STRING)));
+ tmpMap.put(_Fields.DB_NAME, new org.apache.thrift.meta_data.FieldMetaData("dbName", org.apache.thrift.TFieldRequirementType.OPTIONAL,
+ new org.apache.thrift.meta_data.FieldValueMetaData(org.apache.thrift.protocol.TType.STRING)));
+ tmpMap.put(_Fields.TABLE_NAME, new org.apache.thrift.meta_data.FieldMetaData("tableName", org.apache.thrift.TFieldRequirementType.OPTIONAL,
+ new org.apache.thrift.meta_data.FieldValueMetaData(org.apache.thrift.protocol.TType.STRING)));
+ tmpMap.put(_Fields.URI, new org.apache.thrift.meta_data.FieldMetaData("URI", org.apache.thrift.TFieldRequirementType.OPTIONAL,
+ new org.apache.thrift.meta_data.FieldValueMetaData(org.apache.thrift.protocol.TType.STRING)));
+ tmpMap.put(_Fields.ACTION, new org.apache.thrift.meta_data.FieldMetaData("action", org.apache.thrift.TFieldRequirementType.REQUIRED,
+ new org.apache.thrift.meta_data.FieldValueMetaData(org.apache.thrift.protocol.TType.STRING)));
+ tmpMap.put(_Fields.CREATE_TIME, new org.apache.thrift.meta_data.FieldMetaData("createTime", org.apache.thrift.TFieldRequirementType.OPTIONAL,
+ new org.apache.thrift.meta_data.FieldValueMetaData(org.apache.thrift.protocol.TType.I64)));
+ tmpMap.put(_Fields.GRANTOR_PRINCIPAL, new org.apache.thrift.meta_data.FieldMetaData("grantorPrincipal", org.apache.thrift.TFieldRequirementType.OPTIONAL,
+ new org.apache.thrift.meta_data.FieldValueMetaData(org.apache.thrift.protocol.TType.STRING)));
+ metaDataMap = Collections.unmodifiableMap(tmpMap);
+ org.apache.thrift.meta_data.FieldMetaData.addStructMetaDataMap(TSentryPrivilege.class, metaDataMap);
+ }
+
+ public TSentryPrivilege() {
+ }
+
+ public TSentryPrivilege(
+ String privilegeScope,
+ String serverName,
+ String action)
+ {
+ this();
+ this.privilegeScope = privilegeScope;
+ this.serverName = serverName;
+ this.action = action;
+ }
+
+ /**
+ * Performs a deep copy on <i>other</i>.
+ */
+ public TSentryPrivilege(TSentryPrivilege other) {
+ __isset_bitfield = other.__isset_bitfield;
+ if (other.isSetPrivilegeScope()) {
+ this.privilegeScope = other.privilegeScope;
+ }
+ if (other.isSetPrivilegeName()) {
+ this.privilegeName = other.privilegeName;
+ }
+ if (other.isSetServerName()) {
+ this.serverName = other.serverName;
+ }
+ if (other.isSetDbName()) {
+ this.dbName = other.dbName;
+ }
+ if (other.isSetTableName()) {
+ this.tableName = other.tableName;
+ }
+ if (other.isSetURI()) {
+ this.URI = other.URI;
+ }
+ if (other.isSetAction()) {
+ this.action = other.action;
+ }
+ this.createTime = other.createTime;
+ if (other.isSetGrantorPrincipal()) {
+ this.grantorPrincipal = other.grantorPrincipal;
+ }
+ }
+
+ public TSentryPrivilege deepCopy() {
+ return new TSentryPrivilege(this);
+ }
+
+ @Override
+ public void clear() {
+ this.privilegeScope = null;
+ this.privilegeName = null;
+ this.serverName = null;
+ this.dbName = null;
+ this.tableName = null;
+ this.URI = null;
+ this.action = null;
+ setCreateTimeIsSet(false);
+ this.createTime = 0;
+ this.grantorPrincipal = null;
+ }
+
+ public String getPrivilegeScope() {
+ return this.privilegeScope;
+ }
+
+ public void setPrivilegeScope(String privilegeScope) {
+ this.privilegeScope = privilegeScope;
+ }
+
+ public void unsetPrivilegeScope() {
+ this.privilegeScope = null;
+ }
+
+ /** Returns true if field privilegeScope is set (has been assigned a value) and false otherwise */
+ public boolean isSetPrivilegeScope() {
+ return this.privilegeScope != null;
+ }
+
+ public void setPrivilegeScopeIsSet(boolean value) {
+ if (!value) {
+ this.privilegeScope = null;
+ }
+ }
+
+ public String getPrivilegeName() {
+ return this.privilegeName;
+ }
+
+ public void setPrivilegeName(String privilegeName) {
+ this.privilegeName = privilegeName;
+ }
+
+ public void unsetPrivilegeName() {
+ this.privilegeName = null;
+ }
+
+ /** Returns true if field privilegeName is set (has been assigned a value) and false otherwise */
+ public boolean isSetPrivilegeName() {
+ return this.privilegeName != null;
+ }
+
+ public void setPrivilegeNameIsSet(boolean value) {
+ if (!value) {
+ this.privilegeName = null;
+ }
+ }
+
+ public String getServerName() {
+ return this.serverName;
+ }
+
+ public void setServerName(String serverName) {
+ this.serverName = serverName;
+ }
+
+ public void unsetServerName() {
+ this.serverName = null;
+ }
+
+ /** Returns true if field serverName is set (has been assigned a value) and false otherwise */
+ public boolean isSetServerName() {
+ return this.serverName != null;
+ }
+
+ public void setServerNameIsSet(boolean value) {
+ if (!value) {
+ this.serverName = null;
+ }
+ }
+
+ public String getDbName() {
+ return this.dbName;
+ }
+
+ public void setDbName(String dbName) {
+ this.dbName = dbName;
+ }
+
+ public void unsetDbName() {
+ this.dbName = null;
+ }
+
+ /** Returns true if field dbName is set (has been assigned a value) and false otherwise */
+ public boolean isSetDbName() {
+ return this.dbName != null;
+ }
+
+ public void setDbNameIsSet(boolean value) {
+ if (!value) {
+ this.dbName = null;
+ }
+ }
+
+ public String getTableName() {
+ return this.tableName;
+ }
+
+ public void setTableName(String tableName) {
+ this.tableName = tableName;
+ }
+
+ public void unsetTableName() {
+ this.tableName = null;
+ }
+
+ /** Returns true if field tableName is set (has been assigned a value) and false otherwise */
+ public boolean isSetTableName() {
+ return this.tableName != null;
+ }
+
+ public void setTableNameIsSet(boolean value) {
+ if (!value) {
+ this.tableName = null;
+ }
+ }
+
+ public String getURI() {
+ return this.URI;
+ }
+
+ public void setURI(String URI) {
+ this.URI = URI;
+ }
+
+ public void unsetURI() {
+ this.URI = null;
+ }
+
+ /** Returns true if field URI is set (has been assigned a value) and false otherwise */
+ public boolean isSetURI() {
+ return this.URI != null;
+ }
+
+ public void setURIIsSet(boolean value) {
+ if (!value) {
+ this.URI = null;
+ }
+ }
+
+ public String getAction() {
+ return this.action;
+ }
+
+ public void setAction(String action) {
+ this.action = action;
+ }
+
+ public void unsetAction() {
+ this.action = null;
+ }
+
+ /** Returns true if field action is set (has been assigned a value) and false otherwise */
+ public boolean isSetAction() {
+ return this.action != null;
+ }
+
+ public void setActionIsSet(boolean value) {
+ if (!value) {
+ this.action = null;
+ }
+ }
+
+ public long getCreateTime() {
+ return this.createTime;
+ }
+
+ public void setCreateTime(long createTime) {
+ this.createTime = createTime;
+ setCreateTimeIsSet(true);
+ }
+
+ public void unsetCreateTime() {
+ __isset_bitfield = EncodingUtils.clearBit(__isset_bitfield, __CREATETIME_ISSET_ID);
+ }
+
+ /** Returns true if field createTime is set (has been assigned a value) and false otherwise */
+ public boolean isSetCreateTime() {
+ return EncodingUtils.testBit(__isset_bitfield, __CREATETIME_ISSET_ID);
+ }
+
+ public void setCreateTimeIsSet(boolean value) {
+ __isset_bitfield = EncodingUtils.setBit(__isset_bitfield, __CREATETIME_ISSET_ID, value);
+ }
+
+ public String getGrantorPrincipal() {
+ return this.grantorPrincipal;
+ }
+
+ public void setGrantorPrincipal(String grantorPrincipal) {
+ this.grantorPrincipal = grantorPrincipal;
+ }
+
+ public void unsetGrantorPrincipal() {
+ this.grantorPrincipal = null;
+ }
+
+ /** Returns true if field grantorPrincipal is set (has been assigned a value) and false otherwise */
+ public boolean isSetGrantorPrincipal() {
+ return this.grantorPrincipal != null;
+ }
+
+ public void setGrantorPrincipalIsSet(boolean value) {
+ if (!value) {
+ this.grantorPrincipal = null;
+ }
+ }
+
+ public void setFieldValue(_Fields field, Object value) {
+ switch (field) {
+ case PRIVILEGE_SCOPE:
+ if (value == null) {
+ unsetPrivilegeScope();
+ } else {
+ setPrivilegeScope((String)value);
+ }
+ break;
+
+ case PRIVILEGE_NAME:
+ if (value == null) {
+ unsetPrivilegeName();
+ } else {
+ setPrivilegeName((String)value);
+ }
+ break;
+
+ case SERVER_NAME:
+ if (value == null) {
+ unsetServerName();
+ } else {
+ setServerName((String)value);
+ }
+ break;
+
+ case DB_NAME:
+ if (value == null) {
+ unsetDbName();
+ } else {
+ setDbName((String)value);
+ }
+ break;
+
+ case TABLE_NAME:
+ if (value == null) {
+ unsetTableName();
+ } else {
+ setTableName((String)value);
+ }
+ break;
+
+ case URI:
+ if (value == null) {
+ unsetURI();
+ } else {
+ setURI((String)value);
+ }
+ break;
+
+ case ACTION:
+ if (value == null) {
+ unsetAction();
+ } else {
+ setAction((String)value);
+ }
+ break;
+
+ case CREATE_TIME:
+ if (value == null) {
+ unsetCreateTime();
+ } else {
+ setCreateTime((Long)value);
+ }
+ break;
+
+ case GRANTOR_PRINCIPAL:
+ if (value == null) {
+ unsetGrantorPrincipal();
+ } else {
+ setGrantorPrincipal((String)value);
+ }
+ break;
+
+ }
+ }
+
+ public Object getFieldValue(_Fields field) {
+ switch (field) {
+ case PRIVILEGE_SCOPE:
+ return getPrivilegeScope();
+
+ case PRIVILEGE_NAME:
+ return getPrivilegeName();
+
+ case SERVER_NAME:
+ return getServerName();
+
+ case DB_NAME:
+ return getDbName();
+
+ case TABLE_NAME:
+ return getTableName();
+
+ case URI:
+ return getURI();
+
+ case ACTION:
+ return getAction();
+
+ case CREATE_TIME:
+ return Long.valueOf(getCreateTime());
+
+ case GRANTOR_PRINCIPAL:
+ return getGrantorPrincipal();
+
+ }
+ throw new IllegalStateException();
+ }
+
+ /** Returns true if field corresponding to fieldID is set (has been assigned a value) and false otherwise */
+ public boolean isSet(_Fields field) {
+ if (field == null) {
+ throw new IllegalArgumentException();
+ }
+
+ switch (field) {
+ case PRIVILEGE_SCOPE:
+ return isSetPrivilegeScope();
+ case PRIVILEGE_NAME:
+ return isSetPrivilegeName();
+ case SERVER_NAME:
+ return isSetServerName();
+ case DB_NAME:
+ return isSetDbName();
+ case TABLE_NAME:
+ return isSetTableName();
+ case URI:
+ return isSetURI();
+ case ACTION:
+ return isSetAction();
+ case CREATE_TIME:
+ return isSetCreateTime();
+ case GRANTOR_PRINCIPAL:
+ return isSetGrantorPrincipal();
+ }
+ throw new IllegalStateException();
+ }
+
+ @Override
+ public boolean equals(Object that) {
+ if (that == null)
+ return false;
+ if (that instanceof TSentryPrivilege)
+ return this.equals((TSentryPrivilege)that);
+ return false;
+ }
+
+ public boolean equals(TSentryPrivilege that) {
+ if (that == null)
+ return false;
+
+ boolean this_present_privilegeScope = true && this.isSetPrivilegeScope();
+ boolean that_present_privilegeScope = true && that.isSetPrivilegeScope();
+ if (this_present_privilegeScope || that_present_privilegeScope) {
+ if (!(this_present_privilegeScope && that_present_privilegeScope))
+ return false;
+ if (!this.privilegeScope.equals(that.privilegeScope))
+ return false;
+ }
+
+ boolean this_present_privilegeName = true && this.isSetPrivilegeName();
+ boolean that_present_privilegeName = true && that.isSetPrivilegeName();
+ if (this_present_privilegeName || that_present_privilegeName) {
+ if (!(this_present_privilegeName && that_present_privilegeName))
+ return false;
+ if (!this.privilegeName.equals(that.privilegeName))
+ return false;
+ }
+
+ boolean this_present_serverName = true && this.isSetServerName();
+ boolean that_present_serverName = true && that.isSetServerName();
+ if (this_present_serverName || that_present_serverName) {
+ if (!(this_present_serverName && that_present_serverName))
+ return false;
+ if (!this.serverName.equals(that.serverName))
+ return false;
+ }
+
+ boolean this_present_dbName = true && this.isSetDbName();
+ boolean that_present_dbName = true && that.isSetDbName();
+ if (this_present_dbName || that_present_dbName) {
+ if (!(this_present_dbName && that_present_dbName))
+ return false;
+ if (!this.dbName.equals(that.dbName))
+ return false;
+ }
+
+ boolean this_present_tableName = true && this.isSetTableName();
+ boolean that_present_tableName = true && that.isSetTableName();
+ if (this_present_tableName || that_present_tableName) {
+ if (!(this_present_tableName && that_present_tableName))
+ return false;
+ if (!this.tableName.equals(that.tableName))
+ return false;
+ }
+
+ boolean this_present_URI = true && this.isSetURI();
+ boolean that_present_URI = true && that.isSetURI();
+ if (this_present_URI || that_present_URI) {
+ if (!(this_present_URI && that_present_URI))
+ return false;
+ if (!this.URI.equals(that.URI))
+ return false;
+ }
+
+ boolean this_present_action = true && this.isSetAction();
+ boolean that_present_action = true && that.isSetAction();
+ if (this_present_action || that_present_action) {
+ if (!(this_present_action && that_present_action))
+ return false;
+ if (!this.action.equals(that.action))
+ return false;
+ }
+
+ boolean this_present_createTime = true && this.isSetCreateTime();
+ boolean that_present_createTime = true && that.isSetCreateTime();
+ if (this_present_createTime || that_present_createTime) {
+ if (!(this_present_createTime && that_present_createTime))
+ return false;
+ if (this.createTime != that.createTime)
+ return false;
+ }
+
+ boolean this_present_grantorPrincipal = true && this.isSetGrantorPrincipal();
+ boolean that_present_grantorPrincipal = true && that.isSetGrantorPrincipal();
+ if (this_present_grantorPrincipal || that_present_grantorPrincipal) {
+ if (!(this_present_grantorPrincipal && that_present_grantorPrincipal))
+ return false;
+ if (!this.grantorPrincipal.equals(that.grantorPrincipal))
+ return false;
+ }
+
+ return true;
+ }
+
+ @Override
+ public int hashCode() {
+ HashCodeBuilder builder = new HashCodeBuilder();
+
+ boolean present_privilegeScope = true && (isSetPrivilegeScope());
+ builder.append(present_privilegeScope);
+ if (present_privilegeScope)
+ builder.append(privilegeScope);
+
+ boolean present_privilegeName = true && (isSetPrivilegeName());
+ builder.append(present_privilegeName);
+ if (present_privilegeName)
+ builder.append(privilegeName);
+
+ boolean present_serverName = true && (isSetServerName());
+ builder.append(present_serverName);
+ if (present_serverName)
+ builder.append(serverName);
+
+ boolean present_dbName = true && (isSetDbName());
+ builder.append(present_dbName);
+ if (present_dbName)
+ builder.append(dbName);
+
+ boolean present_tableName = true && (isSetTableName());
+ builder.append(present_tableName);
+ if (present_tableName)
+ builder.append(tableName);
+
+ boolean present_URI = true && (isSetURI());
+ builder.append(present_URI);
+ if (present_URI)
+ builder.append(URI);
+
+ boolean present_action = true && (isSetAction());
+ builder.append(present_action);
+ if (present_action)
+ builder.append(action);
+
+ boolean present_createTime = true && (isSetCreateTime());
+ builder.append(present_createTime);
+ if (present_createTime)
+ builder.append(createTime);
+
+ boolean present_grantorPrincipal = true && (isSetGrantorPrincipal());
+ builder.append(present_grantorPrincipal);
+ if (present_grantorPrincipal)
+ builder.append(grantorPrincipal);
+
+ return builder.toHashCode();
+ }
+
+ public int compareTo(TSentryPrivilege other) {
+ if (!getClass().equals(other.getClass())) {
+ return getClass().getName().compareTo(other.getClass().getName());
+ }
+
+ int lastComparison = 0;
+ TSentryPrivilege typedOther = (TSentryPrivilege)other;
+
+ lastComparison = Boolean.valueOf(isSetPrivilegeScope()).compareTo(typedOther.isSetPrivilegeScope());
+ if (lastComparison != 0) {
+ return lastComparison;
+ }
+ if (isSetPrivilegeScope()) {
+ lastComparison = org.apache.thrift.TBaseHelper.compareTo(this.privilegeScope, typedOther.privilegeScope);
+ if (lastComparison != 0) {
+ return lastComparison;
+ }
+ }
+ lastComparison = Boolean.valueOf(isSetPrivilegeName()).compareTo(typedOther.isSetPrivilegeName());
+ if (lastComparison != 0) {
+ return lastComparison;
+ }
+ if (isSetPrivilegeName()) {
+ lastComparison = org.apache.thrift.TBaseHelper.compareTo(this.privilegeName, typedOther.privilegeName);
+ if (lastComparison != 0) {
+ return lastComparison;
+ }
+ }
+ lastComparison = Boolean.valueOf(isSetServerName()).compareTo(typedOther.isSetServerName());
+ if (lastComparison != 0) {
+ return lastComparison;
+ }
+ if (isSetServerName()) {
+ lastComparison = org.apache.thrift.TBaseHelper.compareTo(this.serverName, typedOther.serverName);
+ if (lastComparison != 0) {
+ return lastComparison;
+ }
+ }
+ lastComparison = Boolean.valueOf(isSetDbName()).compareTo(typedOther.isSetDbName());
+ if (lastComparison != 0) {
+ return lastComparison;
+ }
+ if (isSetDbName()) {
+ lastComparison = org.apache.thrift.TBaseHelper.compareTo(this.dbName, typedOther.dbName);
+ if (lastComparison != 0) {
+ return lastComparison;
+ }
+ }
+ lastComparison = Boolean.valueOf(isSetTableName()).compareTo(typedOther.isSetTableName());
+ if (lastComparison != 0) {
+ return lastComparison;
+ }
+ if (isSetTableName()) {
+ lastComparison = org.apache.thrift.TBaseHelper.compareTo(this.tableName, typedOther.tableName);
+ if (lastComparison != 0) {
+ return lastComparison;
+ }
+ }
+ lastComparison = Boolean.valueOf(isSetURI()).compareTo(typedOther.isSetURI());
+ if (lastComparison != 0) {
+ return lastComparison;
+ }
+ if (isSetURI()) {
+ lastComparison = org.apache.thrift.TBaseHelper.compareTo(this.URI, typedOther.URI);
+ if (lastComparison != 0) {
+ return lastComparison;
+ }
+ }
+ lastComparison = Boolean.valueOf(isSetAction()).compareTo(typedOther.isSetAction());
+ if (lastComparison != 0) {
+ return lastComparison;
+ }
+ if (isSetAction()) {
+ lastComparison = org.apache.thrift.TBaseHelper.compareTo(this.action, typedOther.action);
+ if (lastComparison != 0) {
+ return lastComparison;
+ }
+ }
+ lastComparison = Boolean.valueOf(isSetCreateTime()).compareTo(typedOther.isSetCreateTime());
+ if (lastComparison != 0) {
+ return lastComparison;
+ }
+ if (isSetCreateTime()) {
+ lastComparison = org.apache.thrift.TBaseHelper.compareTo(this.createTime, typedOther.createTime);
+ if (lastComparison != 0) {
+ return lastComparison;
+ }
+ }
+ lastComparison = Boolean.valueOf(isSetGrantorPrincipal()).compareTo(typedOther.isSetGrantorPrincipal());
+ if (lastComparison != 0) {
+ return lastComparison;
+ }
+ if (isSetGrantorPrincipal()) {
+ lastComparison = org.apache.thrift.TBaseHelper.compareTo(this.grantorPrincipal, typedOther.grantorPrincipal);
+ if (lastComparison != 0) {
+ return lastComparison;
+ }
+ }
+ return 0;
+ }
+
+ public _Fields fieldForId(int fieldId) {
+ return _Fields.findByThriftId(fieldId);
+ }
+
+ public void read(org.apache.thrift.protocol.TProtocol iprot) throws org.apache.thrift.TException {
+ schemes.get(iprot.getScheme()).getScheme().read(iprot, this);
+ }
+
+ public void write(org.apache.thrift.protocol.TProtocol oprot) throws org.apache.thrift.TException {
+ schemes.get(oprot.getScheme()).getScheme().write(oprot, this);
+ }
+
+ @Override
+ public String toString() {
+ StringBuilder sb = new StringBuilder("TSentryPrivilege(");
+ boolean first = true;
+
+ sb.append("privilegeScope:");
+ if (this.privilegeScope == null) {
+ sb.append("null");
+ } else {
+ sb.append(this.privilegeScope);
+ }
+ first = false;
+ if (isSetPrivilegeName()) {
+ if (!first) sb.append(", ");
+ sb.append("privilegeName:");
+ if (this.privilegeName == null) {
+ sb.append("null");
+ } else {
+ sb.append(this.privilegeName);
+ }
+ first = false;
+ }
+ if (!first) sb.append(", ");
+ sb.append("serverName:");
+ if (this.serverName == null) {
+ sb.append("null");
+ } else {
+ sb.append(this.serverName);
+ }
+ first = false;
+ if (isSetDbName()) {
+ if (!first) sb.append(", ");
+ sb.append("dbName:");
+ if (this.dbName == null) {
+ sb.append("null");
+ } else {
+ sb.append(this.dbName);
+ }
+ first = false;
+ }
+ if (isSetTableName()) {
+ if (!first) sb.append(", ");
+ sb.append("tableName:");
+ if (this.tableName == null) {
+ sb.append("null");
+ } else {
+ sb.append(this.tableName);
+ }
+ first = false;
+ }
+ if (isSetURI()) {
+ if (!first) sb.append(", ");
+ sb.append("URI:");
+ if (this.URI == null) {
+ sb.append("null");
+ } else {
+ sb.append(this.URI);
+ }
+ first = false;
+ }
+ if (!first) sb.append(", ");
+ sb.append("action:");
+ if (this.action == null) {
+ sb.append("null");
+ } else {
+ sb.append(this.action);
+ }
+ first = false;
+ if (isSetCreateTime()) {
+ if (!first) sb.append(", ");
+ sb.append("createTime:");
+ sb.append(this.createTime);
+ first = false;
+ }
+ if (isSetGrantorPrincipal()) {
+ if (!first) sb.append(", ");
+ sb.append("grantorPrincipal:");
+ if (this.grantorPrincipal == null) {
+ sb.append("null");
+ } else {
+ sb.append(this.grantorPrincipal);
+ }
+ first = false;
+ }
+ sb.append(")");
+ return sb.toString();
+ }
+
+ public void validate() throws org.apache.thrift.TException {
+ // check for required fields
+ if (!isSetPrivilegeScope()) {
+ throw new org.apache.thrift.protocol.TProtocolException("Required field 'privilegeScope' is unset! Struct:" + toString());
+ }
+
+ if (!isSetServerName()) {
+ throw new org.apache.thrift.protocol.TProtocolException("Required field 'serverName' is unset! Struct:" + toString());
+ }
+
+ if (!isSetAction()) {
+ throw new org.apache.thrift.protocol.TProtocolException("Required field 'action' is unset! Struct:" + toString());
+ }
+
+ // check for sub-struct validity
+ }
+
+ private void writeObject(java.io.ObjectOutputStream out) throws java.io.IOException {
+ try {
+ write(new org.apache.thrift.protocol.TCompactProtocol(new org.apache.thrift.transport.TIOStreamTransport(out)));
+ } catch (org.apache.thrift.TException te) {
+ throw new java.io.IOException(te);
+ }
+ }
+
+ private void readObject(java.io.ObjectInputStream in) throws java.io.IOException, ClassNotFoundException {
+ try {
+ // it doesn't seem like you should have to do this, but java serialization is wacky, and doesn't call the default constructor.
+ __isset_bitfield = 0;
+ read(new org.apache.thrift.protocol.TCompactProtocol(new org.apache.thrift.transport.TIOStreamTransport(in)));
+ } catch (org.apache.thrift.TException te) {
+ throw new java.io.IOException(te);
+ }
+ }
+
+ private static class TSentryPrivilegeStandardSchemeFactory implements SchemeFactory {
+ public TSentryPrivilegeStandardScheme getScheme() {
+ return new TSentryPrivilegeStandardScheme();
+ }
+ }
+
+ private static class TSentryPrivilegeStandardScheme extends StandardScheme<TSentryPrivilege> {
+
+ public void read(org.apache.thrift.protocol.TProtocol iprot, TSentryPrivilege struct) throws org.apache.thrift.TException {
+ org.apache.thrift.protocol.TField schemeField;
+ iprot.readStructBegin();
+ while (true)
+ {
+ schemeField = iprot.readFieldBegin();
+ if (schemeField.type == org.apache.thrift.protocol.TType.STOP) {
+ break;
+ }
+ switch (schemeField.id) {
+ case 1: // PRIVILEGE_SCOPE
+ if (schemeField.type == org.apache.thrift.protocol.TType.STRING) {
+ struct.privilegeScope = iprot.readString();
+ struct.setPrivilegeScopeIsSet(true);
+ } else {
+ org.apache.thrift.protocol.TProtocolUtil.skip(iprot, schemeField.type);
+ }
+ break;
+ case 2: // PRIVILEGE_NAME
+ if (schemeField.type == org.apache.thrift.protocol.TType.STRING) {
+ struct.privilegeName = iprot.readString();
+ struct.setPrivilegeNameIsSet(true);
+ } else {
+ org.apache.thrift.protocol.TProtocolUtil.skip(iprot, schemeField.type);
+ }
+ break;
+ case 3: // SERVER_NAME
+ if (schemeField.type == org.apache.thrift.protocol.TType.STRING) {
+ struct.serverName = iprot.readString();
+ struct.setServerNameIsSet(true);
+ } else {
+ org.apache.thrift.protocol.TProtocolUtil.skip(iprot, schemeField.type);
+ }
+ break;
+ case 4: // DB_NAME
+ if (schemeField.type == org.apache.thrift.protocol.TType.STRING) {
+ struct.dbName = iprot.readString();
+ struct.setDbNameIsSet(true);
+ } else {
+ org.apache.thrift.protocol.TProtocolUtil.skip(iprot, schemeField.type);
+ }
+ break;
+ case 5: // TABLE_NAME
+ if (schemeField.type == org.apache.thrift.protocol.TType.STRING) {
+ struct.tableName = iprot.readString();
+ struct.setTableNameIsSet(true);
+ } else {
+ org.apache.thrift.protocol.TProtocolUtil.skip(iprot, schemeField.type);
+ }
+ break;
+ case 6: // URI
+ if (schemeField.type == org.apache.thrift.protocol.TType.STRING) {
+ struct.URI = iprot.readString();
+ struct.setURIIsSet(true);
+ } else {
+ org.apache.thrift.protocol.TProtocolUtil.skip(iprot, schemeField.type);
+ }
+ break;
+ case 7: // ACTION
+ if (schemeField.type == org.apache.thrift.protocol.TType.STRING) {
+ struct.action = iprot.readString();
+ struct.setActionIsSet(true);
+ } else {
+ org.apache.thrift.protocol.TProtocolUtil.skip(iprot, schemeField.type);
+ }
+ break;
+ case 8: // CREATE_TIME
+ if (schemeField.type == org.apache.thrift.protocol.TType.I64) {
+ struct.createTime = iprot.readI64();
+ struct.setCreateTimeIsSet(true);
+ } else {
+ org.apache.thrift.protocol.TProtocolUtil.skip(iprot, schemeField.type);
+ }
+ break;
+ case 9: // GRANTOR_PRINCIPAL
+ if (schemeField.type == org.apache.thrift.protocol.TType.STRING) {
+ struct.grantorPrincipal = iprot.readString();
+ struct.setGrantorPrincipalIsSet(true);
+ } else {
+ org.apache.thrift.protocol.TProtocolUtil.skip(iprot, schemeField.type);
+ }
+ break;
+ default:
+ org.apache.thrift.protocol.TProtocolUtil.skip(iprot, schemeField.type);
+ }
+ iprot.readFieldEnd();
+ }
+ iprot.readStructEnd();
+ struct.validate();
+ }
+
+ public void write(org.apache.thrift.protocol.TProtocol oprot, TSentryPrivilege struct) throws org.apache.thrift.TException {
+ struct.validate();
+
+ oprot.writeStructBegin(STRUCT_DESC);
+ if (struct.privilegeScope != null) {
+ oprot.writeFieldBegin(PRIVILEGE_SCOPE_FIELD_DESC);
+ oprot.writeString(struct.privilegeScope);
+ oprot.writeFieldEnd();
+ }
+ if (struct.privilegeName != null) {
+ if (struct.isSetPrivilegeName()) {
+ oprot.writeFieldBegin(PRIVILEGE_NAME_FIELD_DESC);
+ oprot.writeString(struct.privilegeName);
+ oprot.writeFieldEnd();
+ }
+ }
+ if (struct.serverName != null) {
+ oprot.writeFieldBegin(SERVER_NAME_FIELD_DESC);
+ oprot.writeString(struct.serverName);
+ oprot.writeFieldEnd();
+ }
+ if (struct.dbName != null) {
+ if (struct.isSetDbName()) {
+ oprot.writeFieldBegin(DB_NAME_FIELD_DESC);
+ oprot.writeString(struct.dbName);
+ oprot.writeFieldEnd();
+ }
+ }
+ if (struct.tableName != null) {
+ if (struct.isSetTableName()) {
+ oprot.writeFieldBegin(TABLE_NAME_FIELD_DESC);
+ oprot.writeString(struct.tableName);
+ oprot.writeFieldEnd();
+ }
+ }
+ if (struct.URI != null) {
+ if (struct.isSetURI()) {
+ oprot.writeFieldBegin(URI_FIELD_DESC);
+ oprot.writeString(struct.URI);
+ oprot.writeFieldEnd();
+ }
+ }
+ if (struct.action != null) {
+ oprot.writeFieldBegin(ACTION_FIELD_DESC);
+ oprot.writeString(struct.action);
+ oprot.writeFieldEnd();
+ }
+ if (struct.isSetCreateTime()) {
+ oprot.writeFieldBegin(CREATE_TIME_FIELD_DESC);
+ oprot.writeI64(struct.createTime);
+ oprot.writeFieldEnd();
+ }
+ if (struct.grantorPrincipal != null) {
+ if (struct.isSetGrantorPrincipal()) {
+ oprot.writeFieldBegin(GRANTOR_PRINCIPAL_FIELD_DESC);
+ oprot.writeString(struct.grantorPrincipal);
+ oprot.writeFieldEnd();
+ }
+ }
+ oprot.writeFieldStop();
+ oprot.writeStructEnd();
+ }
+
+ }
+
+ private static class TSentryPrivilegeTupleSchemeFactory implements SchemeFactory {
+ public TSentryPrivilegeTupleScheme getScheme() {
+ return new TSentryPrivilegeTupleScheme();
+ }
+ }
+
+ private static class TSentryPrivilegeTupleScheme extends TupleScheme<TSentryPrivilege> {
+
+ @Override
+ public void write(org.apache.thrift.protocol.TProtocol prot, TSentryPrivilege struct) throws org.apache.thrift.TException {
+ TTupleProtocol oprot = (TTupleProtocol) prot;
+ oprot.writeString(struct.privilegeScope);
+ oprot.writeString(struct.serverName);
+ oprot.writeString(struct.action);
+ BitSet optionals = new BitSet();
+ if (struct.isSetPrivilegeName()) {
+ optionals.set(0);
+ }
+ if (struct.isSetDbName()) {
+ optionals.set(1);
+ }
+ if (struct.isSetTableName()) {
+ optionals.set(2);
+ }
+ if (struct.isSetURI()) {
+ optionals.set(3);
+ }
+ if (struct.isSetCreateTime()) {
+ optionals.set(4);
+ }
+ if (struct.isSetGrantorPrincipal()) {
+ optionals.set(5);
+ }
+ oprot.writeBitSet(optionals, 6);
+ if (struct.isSetPrivilegeName()) {
+ oprot.writeString(struct.privilegeName);
+ }
+ if (struct.isSetDbName()) {
+ oprot.writeString(struct.dbName);
+ }
+ if (struct.isSetTableName()) {
+ oprot.writeString(struct.tableName);
+ }
+ if (struct.isSetURI()) {
+ oprot.writeString(struct.URI);
+ }
+ if (struct.isSetCreateTime()) {
+ oprot.writeI64(struct.createTime);
+ }
+ if (struct.isSetGrantorPrincipal()) {
+ oprot.writeString(struct.grantorPrincipal);
+ }
+ }
+
+ @Override
+ public void read(org.apache.thrift.protocol.TProtocol prot, TSentryPrivilege struct) throws org.apache.thrift.TException {
+ TTupleProtocol iprot = (TTupleProtocol) prot;
+ struct.privilegeScope = iprot.readString();
+ struct.setPrivilegeScopeIsSet(true);
+ struct.serverName = iprot.readString();
+ struct.setServerNameIsSet(true);
+ struct.action = iprot.readString();
+ struct.setActionIsSet(true);
+ BitSet incoming = iprot.readBitSet(6);
+ if (incoming.get(0)) {
+ struct.privilegeName = iprot.readString();
+ struct.setPrivilegeNameIsSet(true);
+ }
+ if (incoming.get(1)) {
+ struct.dbName = iprot.readString();
+ struct.setDbNameIsSet(true);
+ }
+ if (incoming.get(2)) {
+ struct.tableName = iprot.readString();
+ struct.setTableNameIsSet(true);
+ }
+ if (incoming.get(3)) {
+ struct.URI = iprot.readString();
+ struct.setURIIsSet(true);
+ }
+ if (incoming.get(4)) {
+ struct.createTime = iprot.readI64();
+ struct.setCreateTimeIsSet(true);
+ }
+ if (incoming.get(5)) {
+ struct.grantorPrincipal = iprot.readString();
+ struct.setGrantorPrincipalIsSet(true);
+ }
+ }
+ }
+
+}
+
http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/644e8be3/sentry-provider/sentry-provider-db/src/gen/thrift/gen-javabean/org/apache/sentry/provider/db/service/thrift/TSentryRole.java
----------------------------------------------------------------------
diff --git a/sentry-provider/sentry-provider-db/src/gen/thrift/gen-javabean/org/apache/sentry/provider/db/service/thrift/TSentryRole.java b/sentry-provider/sentry-provider-db/src/gen/thrift/gen-javabean/org/apache/sentry/provider/db/service/thrift/TSentryRole.java
new file mode 100644
index 0000000..71f7479
--- /dev/null
+++ b/sentry-provider/sentry-provider-db/src/gen/thrift/gen-javabean/org/apache/sentry/provider/db/service/thrift/TSentryRole.java
@@ -0,0 +1,740 @@
+/**
+ * Autogenerated by Thrift Compiler (0.9.0)
+ *
+ * DO NOT EDIT UNLESS YOU ARE SURE THAT YOU KNOW WHAT YOU ARE DOING
+ * @generated
+ */
+package org.apache.sentry.provider.db.service.thrift;
+
+import org.apache.commons.lang.builder.HashCodeBuilder;
+import org.apache.thrift.scheme.IScheme;
+import org.apache.thrift.scheme.SchemeFactory;
+import org.apache.thrift.scheme.StandardScheme;
+
+import org.apache.thrift.scheme.TupleScheme;
+import org.apache.thrift.protocol.TTupleProtocol;
+import org.apache.thrift.protocol.TProtocolException;
+import org.apache.thrift.EncodingUtils;
+import org.apache.thrift.TException;
+import java.util.List;
+import java.util.ArrayList;
+import java.util.Map;
+import java.util.HashMap;
+import java.util.EnumMap;
+import java.util.Set;
+import java.util.HashSet;
+import java.util.EnumSet;
+import java.util.Collections;
+import java.util.BitSet;
+import java.nio.ByteBuffer;
+import java.util.Arrays;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+public class TSentryRole implements org.apache.thrift.TBase<TSentryRole, TSentryRole._Fields>, java.io.Serializable, Cloneable {
+ private static final org.apache.thrift.protocol.TStruct STRUCT_DESC = new org.apache.thrift.protocol.TStruct("TSentryRole");
+
+ private static final org.apache.thrift.protocol.TField ROLE_NAME_FIELD_DESC = new org.apache.thrift.protocol.TField("roleName", org.apache.thrift.protocol.TType.STRING, (short)1);
+ private static final org.apache.thrift.protocol.TField PRIVILEGES_FIELD_DESC = new org.apache.thrift.protocol.TField("privileges", org.apache.thrift.protocol.TType.SET, (short)2);
+ private static final org.apache.thrift.protocol.TField CREATE_TIME_FIELD_DESC = new org.apache.thrift.protocol.TField("createTime", org.apache.thrift.protocol.TType.I64, (short)3);
+ private static final org.apache.thrift.protocol.TField GRANTOR_PRINCIPAL_FIELD_DESC = new org.apache.thrift.protocol.TField("grantorPrincipal", org.apache.thrift.protocol.TType.STRING, (short)4);
+
+ private static final Map<Class<? extends IScheme>, SchemeFactory> schemes = new HashMap<Class<? extends IScheme>, SchemeFactory>();
+ static {
+ schemes.put(StandardScheme.class, new TSentryRoleStandardSchemeFactory());
+ schemes.put(TupleScheme.class, new TSentryRoleTupleSchemeFactory());
+ }
+
+ private String roleName; // required
+ private Set<TSentryPrivilege> privileges; // required
+ private long createTime; // required
+ private String grantorPrincipal; // required
+
+ /** The set of fields this struct contains, along with convenience methods for finding and manipulating them. */
+ public enum _Fields implements org.apache.thrift.TFieldIdEnum {
+ ROLE_NAME((short)1, "roleName"),
+ PRIVILEGES((short)2, "privileges"),
+ CREATE_TIME((short)3, "createTime"),
+ GRANTOR_PRINCIPAL((short)4, "grantorPrincipal");
+
+ private static final Map<String, _Fields> byName = new HashMap<String, _Fields>();
+
+ static {
+ for (_Fields field : EnumSet.allOf(_Fields.class)) {
+ byName.put(field.getFieldName(), field);
+ }
+ }
+
+ /**
+ * Find the _Fields constant that matches fieldId, or null if its not found.
+ */
+ public static _Fields findByThriftId(int fieldId) {
+ switch(fieldId) {
+ case 1: // ROLE_NAME
+ return ROLE_NAME;
+ case 2: // PRIVILEGES
+ return PRIVILEGES;
+ case 3: // CREATE_TIME
+ return CREATE_TIME;
+ case 4: // GRANTOR_PRINCIPAL
+ return GRANTOR_PRINCIPAL;
+ default:
+ return null;
+ }
+ }
+
+ /**
+ * Find the _Fields constant that matches fieldId, throwing an exception
+ * if it is not found.
+ */
+ public static _Fields findByThriftIdOrThrow(int fieldId) {
+ _Fields fields = findByThriftId(fieldId);
+ if (fields == null) throw new IllegalArgumentException("Field " + fieldId + " doesn't exist!");
+ return fields;
+ }
+
+ /**
+ * Find the _Fields constant that matches name, or null if its not found.
+ */
+ public static _Fields findByName(String name) {
+ return byName.get(name);
+ }
+
+ private final short _thriftId;
+ private final String _fieldName;
+
+ _Fields(short thriftId, String fieldName) {
+ _thriftId = thriftId;
+ _fieldName = fieldName;
+ }
+
+ public short getThriftFieldId() {
+ return _thriftId;
+ }
+
+ public String getFieldName() {
+ return _fieldName;
+ }
+ }
+
+ // isset id assignments
+ private static final int __CREATETIME_ISSET_ID = 0;
+ private byte __isset_bitfield = 0;
+ public static final Map<_Fields, org.apache.thrift.meta_data.FieldMetaData> metaDataMap;
+ static {
+ Map<_Fields, org.apache.thrift.meta_data.FieldMetaData> tmpMap = new EnumMap<_Fields, org.apache.thrift.meta_data.FieldMetaData>(_Fields.class);
+ tmpMap.put(_Fields.ROLE_NAME, new org.apache.thrift.meta_data.FieldMetaData("roleName", org.apache.thrift.TFieldRequirementType.REQUIRED,
+ new org.apache.thrift.meta_data.FieldValueMetaData(org.apache.thrift.protocol.TType.STRING)));
+ tmpMap.put(_Fields.PRIVILEGES, new org.apache.thrift.meta_data.FieldMetaData("privileges", org.apache.thrift.TFieldRequirementType.REQUIRED,
+ new org.apache.thrift.meta_data.SetMetaData(org.apache.thrift.protocol.TType.SET,
+ new org.apache.thrift.meta_data.StructMetaData(org.apache.thrift.protocol.TType.STRUCT, TSentryPrivilege.class))));
+ tmpMap.put(_Fields.CREATE_TIME, new org.apache.thrift.meta_data.FieldMetaData("createTime", org.apache.thrift.TFieldRequirementType.REQUIRED,
+ new org.apache.thrift.meta_data.FieldValueMetaData(org.apache.thrift.protocol.TType.I64)));
+ tmpMap.put(_Fields.GRANTOR_PRINCIPAL, new org.apache.thrift.meta_data.FieldMetaData("grantorPrincipal", org.apache.thrift.TFieldRequirementType.REQUIRED,
+ new org.apache.thrift.meta_data.FieldValueMetaData(org.apache.thrift.protocol.TType.STRING)));
+ metaDataMap = Collections.unmodifiableMap(tmpMap);
+ org.apache.thrift.meta_data.FieldMetaData.addStructMetaDataMap(TSentryRole.class, metaDataMap);
+ }
+
+ public TSentryRole() {
+ }
+
+ public TSentryRole(
+ String roleName,
+ Set<TSentryPrivilege> privileges,
+ long createTime,
+ String grantorPrincipal)
+ {
+ this();
+ this.roleName = roleName;
+ this.privileges = privileges;
+ this.createTime = createTime;
+ setCreateTimeIsSet(true);
+ this.grantorPrincipal = grantorPrincipal;
+ }
+
+ /**
+ * Performs a deep copy on <i>other</i>.
+ */
+ public TSentryRole(TSentryRole other) {
+ __isset_bitfield = other.__isset_bitfield;
+ if (other.isSetRoleName()) {
+ this.roleName = other.roleName;
+ }
+ if (other.isSetPrivileges()) {
+ Set<TSentryPrivilege> __this__privileges = new HashSet<TSentryPrivilege>();
+ for (TSentryPrivilege other_element : other.privileges) {
+ __this__privileges.add(new TSentryPrivilege(other_element));
+ }
+ this.privileges = __this__privileges;
+ }
+ this.createTime = other.createTime;
+ if (other.isSetGrantorPrincipal()) {
+ this.grantorPrincipal = other.grantorPrincipal;
+ }
+ }
+
+ public TSentryRole deepCopy() {
+ return new TSentryRole(this);
+ }
+
+ @Override
+ public void clear() {
+ this.roleName = null;
+ this.privileges = null;
+ setCreateTimeIsSet(false);
+ this.createTime = 0;
+ this.grantorPrincipal = null;
+ }
+
+ public String getRoleName() {
+ return this.roleName;
+ }
+
+ public void setRoleName(String roleName) {
+ this.roleName = roleName;
+ }
+
+ public void unsetRoleName() {
+ this.roleName = null;
+ }
+
+ /** Returns true if field roleName is set (has been assigned a value) and false otherwise */
+ public boolean isSetRoleName() {
+ return this.roleName != null;
+ }
+
+ public void setRoleNameIsSet(boolean value) {
+ if (!value) {
+ this.roleName = null;
+ }
+ }
+
+ public int getPrivilegesSize() {
+ return (this.privileges == null) ? 0 : this.privileges.size();
+ }
+
+ public java.util.Iterator<TSentryPrivilege> getPrivilegesIterator() {
+ return (this.privileges == null) ? null : this.privileges.iterator();
+ }
+
+ public void addToPrivileges(TSentryPrivilege elem) {
+ if (this.privileges == null) {
+ this.privileges = new HashSet<TSentryPrivilege>();
+ }
+ this.privileges.add(elem);
+ }
+
+ public Set<TSentryPrivilege> getPrivileges() {
+ return this.privileges;
+ }
+
+ public void setPrivileges(Set<TSentryPrivilege> privileges) {
+ this.privileges = privileges;
+ }
+
+ public void unsetPrivileges() {
+ this.privileges = null;
+ }
+
+ /** Returns true if field privileges is set (has been assigned a value) and false otherwise */
+ public boolean isSetPrivileges() {
+ return this.privileges != null;
+ }
+
+ public void setPrivilegesIsSet(boolean value) {
+ if (!value) {
+ this.privileges = null;
+ }
+ }
+
+ public long getCreateTime() {
+ return this.createTime;
+ }
+
+ public void setCreateTime(long createTime) {
+ this.createTime = createTime;
+ setCreateTimeIsSet(true);
+ }
+
+ public void unsetCreateTime() {
+ __isset_bitfield = EncodingUtils.clearBit(__isset_bitfield, __CREATETIME_ISSET_ID);
+ }
+
+ /** Returns true if field createTime is set (has been assigned a value) and false otherwise */
+ public boolean isSetCreateTime() {
+ return EncodingUtils.testBit(__isset_bitfield, __CREATETIME_ISSET_ID);
+ }
+
+ public void setCreateTimeIsSet(boolean value) {
+ __isset_bitfield = EncodingUtils.setBit(__isset_bitfield, __CREATETIME_ISSET_ID, value);
+ }
+
+ public String getGrantorPrincipal() {
+ return this.grantorPrincipal;
+ }
+
+ public void setGrantorPrincipal(String grantorPrincipal) {
+ this.grantorPrincipal = grantorPrincipal;
+ }
+
+ public void unsetGrantorPrincipal() {
+ this.grantorPrincipal = null;
+ }
+
+ /** Returns true if field grantorPrincipal is set (has been assigned a value) and false otherwise */
+ public boolean isSetGrantorPrincipal() {
+ return this.grantorPrincipal != null;
+ }
+
+ public void setGrantorPrincipalIsSet(boolean value) {
+ if (!value) {
+ this.grantorPrincipal = null;
+ }
+ }
+
+ public void setFieldValue(_Fields field, Object value) {
+ switch (field) {
+ case ROLE_NAME:
+ if (value == null) {
+ unsetRoleName();
+ } else {
+ setRoleName((String)value);
+ }
+ break;
+
+ case PRIVILEGES:
+ if (value == null) {
+ unsetPrivileges();
+ } else {
+ setPrivileges((Set<TSentryPrivilege>)value);
+ }
+ break;
+
+ case CREATE_TIME:
+ if (value == null) {
+ unsetCreateTime();
+ } else {
+ setCreateTime((Long)value);
+ }
+ break;
+
+ case GRANTOR_PRINCIPAL:
+ if (value == null) {
+ unsetGrantorPrincipal();
+ } else {
+ setGrantorPrincipal((String)value);
+ }
+ break;
+
+ }
+ }
+
+ public Object getFieldValue(_Fields field) {
+ switch (field) {
+ case ROLE_NAME:
+ return getRoleName();
+
+ case PRIVILEGES:
+ return getPrivileges();
+
+ case CREATE_TIME:
+ return Long.valueOf(getCreateTime());
+
+ case GRANTOR_PRINCIPAL:
+ return getGrantorPrincipal();
+
+ }
+ throw new IllegalStateException();
+ }
+
+ /** Returns true if field corresponding to fieldID is set (has been assigned a value) and false otherwise */
+ public boolean isSet(_Fields field) {
+ if (field == null) {
+ throw new IllegalArgumentException();
+ }
+
+ switch (field) {
+ case ROLE_NAME:
+ return isSetRoleName();
+ case PRIVILEGES:
+ return isSetPrivileges();
+ case CREATE_TIME:
+ return isSetCreateTime();
+ case GRANTOR_PRINCIPAL:
+ return isSetGrantorPrincipal();
+ }
+ throw new IllegalStateException();
+ }
+
+ @Override
+ public boolean equals(Object that) {
+ if (that == null)
+ return false;
+ if (that instanceof TSentryRole)
+ return this.equals((TSentryRole)that);
+ return false;
+ }
+
+ public boolean equals(TSentryRole that) {
+ if (that == null)
+ return false;
+
+ boolean this_present_roleName = true && this.isSetRoleName();
+ boolean that_present_roleName = true && that.isSetRoleName();
+ if (this_present_roleName || that_present_roleName) {
+ if (!(this_present_roleName && that_present_roleName))
+ return false;
+ if (!this.roleName.equals(that.roleName))
+ return false;
+ }
+
+ boolean this_present_privileges = true && this.isSetPrivileges();
+ boolean that_present_privileges = true && that.isSetPrivileges();
+ if (this_present_privileges || that_present_privileges) {
+ if (!(this_present_privileges && that_present_privileges))
+ return false;
+ if (!this.privileges.equals(that.privileges))
+ return false;
+ }
+
+ boolean this_present_createTime = true;
+ boolean that_present_createTime = true;
+ if (this_present_createTime || that_present_createTime) {
+ if (!(this_present_createTime && that_present_createTime))
+ return false;
+ if (this.createTime != that.createTime)
+ return false;
+ }
+
+ boolean this_present_grantorPrincipal = true && this.isSetGrantorPrincipal();
+ boolean that_present_grantorPrincipal = true && that.isSetGrantorPrincipal();
+ if (this_present_grantorPrincipal || that_present_grantorPrincipal) {
+ if (!(this_present_grantorPrincipal && that_present_grantorPrincipal))
+ return false;
+ if (!this.grantorPrincipal.equals(that.grantorPrincipal))
+ return false;
+ }
+
+ return true;
+ }
+
+ @Override
+ public int hashCode() {
+ HashCodeBuilder builder = new HashCodeBuilder();
+
+ boolean present_roleName = true && (isSetRoleName());
+ builder.append(present_roleName);
+ if (present_roleName)
+ builder.append(roleName);
+
+ boolean present_privileges = true && (isSetPrivileges());
+ builder.append(present_privileges);
+ if (present_privileges)
+ builder.append(privileges);
+
+ boolean present_createTime = true;
+ builder.append(present_createTime);
+ if (present_createTime)
+ builder.append(createTime);
+
+ boolean present_grantorPrincipal = true && (isSetGrantorPrincipal());
+ builder.append(present_grantorPrincipal);
+ if (present_grantorPrincipal)
+ builder.append(grantorPrincipal);
+
+ return builder.toHashCode();
+ }
+
+ public int compareTo(TSentryRole other) {
+ if (!getClass().equals(other.getClass())) {
+ return getClass().getName().compareTo(other.getClass().getName());
+ }
+
+ int lastComparison = 0;
+ TSentryRole typedOther = (TSentryRole)other;
+
+ lastComparison = Boolean.valueOf(isSetRoleName()).compareTo(typedOther.isSetRoleName());
+ if (lastComparison != 0) {
+ return lastComparison;
+ }
+ if (isSetRoleName()) {
+ lastComparison = org.apache.thrift.TBaseHelper.compareTo(this.roleName, typedOther.roleName);
+ if (lastComparison != 0) {
+ return lastComparison;
+ }
+ }
+ lastComparison = Boolean.valueOf(isSetPrivileges()).compareTo(typedOther.isSetPrivileges());
+ if (lastComparison != 0) {
+ return lastComparison;
+ }
+ if (isSetPrivileges()) {
+ lastComparison = org.apache.thrift.TBaseHelper.compareTo(this.privileges, typedOther.privileges);
+ if (lastComparison != 0) {
+ return lastComparison;
+ }
+ }
+ lastComparison = Boolean.valueOf(isSetCreateTime()).compareTo(typedOther.isSetCreateTime());
+ if (lastComparison != 0) {
+ return lastComparison;
+ }
+ if (isSetCreateTime()) {
+ lastComparison = org.apache.thrift.TBaseHelper.compareTo(this.createTime, typedOther.createTime);
+ if (lastComparison != 0) {
+ return lastComparison;
+ }
+ }
+ lastComparison = Boolean.valueOf(isSetGrantorPrincipal()).compareTo(typedOther.isSetGrantorPrincipal());
+ if (lastComparison != 0) {
+ return lastComparison;
+ }
+ if (isSetGrantorPrincipal()) {
+ lastComparison = org.apache.thrift.TBaseHelper.compareTo(this.grantorPrincipal, typedOther.grantorPrincipal);
+ if (lastComparison != 0) {
+ return lastComparison;
+ }
+ }
+ return 0;
+ }
+
+ public _Fields fieldForId(int fieldId) {
+ return _Fields.findByThriftId(fieldId);
+ }
+
+ public void read(org.apache.thrift.protocol.TProtocol iprot) throws org.apache.thrift.TException {
+ schemes.get(iprot.getScheme()).getScheme().read(iprot, this);
+ }
+
+ public void write(org.apache.thrift.protocol.TProtocol oprot) throws org.apache.thrift.TException {
+ schemes.get(oprot.getScheme()).getScheme().write(oprot, this);
+ }
+
+ @Override
+ public String toString() {
+ StringBuilder sb = new StringBuilder("TSentryRole(");
+ boolean first = true;
+
+ sb.append("roleName:");
+ if (this.roleName == null) {
+ sb.append("null");
+ } else {
+ sb.append(this.roleName);
+ }
+ first = false;
+ if (!first) sb.append(", ");
+ sb.append("privileges:");
+ if (this.privileges == null) {
+ sb.append("null");
+ } else {
+ sb.append(this.privileges);
+ }
+ first = false;
+ if (!first) sb.append(", ");
+ sb.append("createTime:");
+ sb.append(this.createTime);
+ first = false;
+ if (!first) sb.append(", ");
+ sb.append("grantorPrincipal:");
+ if (this.grantorPrincipal == null) {
+ sb.append("null");
+ } else {
+ sb.append(this.grantorPrincipal);
+ }
+ first = false;
+ sb.append(")");
+ return sb.toString();
+ }
+
+ public void validate() throws org.apache.thrift.TException {
+ // check for required fields
+ if (!isSetRoleName()) {
+ throw new org.apache.thrift.protocol.TProtocolException("Required field 'roleName' is unset! Struct:" + toString());
+ }
+
+ if (!isSetPrivileges()) {
+ throw new org.apache.thrift.protocol.TProtocolException("Required field 'privileges' is unset! Struct:" + toString());
+ }
+
+ if (!isSetCreateTime()) {
+ throw new org.apache.thrift.protocol.TProtocolException("Required field 'createTime' is unset! Struct:" + toString());
+ }
+
+ if (!isSetGrantorPrincipal()) {
+ throw new org.apache.thrift.protocol.TProtocolException("Required field 'grantorPrincipal' is unset! Struct:" + toString());
+ }
+
+ // check for sub-struct validity
+ }
+
+ private void writeObject(java.io.ObjectOutputStream out) throws java.io.IOException {
+ try {
+ write(new org.apache.thrift.protocol.TCompactProtocol(new org.apache.thrift.transport.TIOStreamTransport(out)));
+ } catch (org.apache.thrift.TException te) {
+ throw new java.io.IOException(te);
+ }
+ }
+
+ private void readObject(java.io.ObjectInputStream in) throws java.io.IOException, ClassNotFoundException {
+ try {
+ // it doesn't seem like you should have to do this, but java serialization is wacky, and doesn't call the default constructor.
+ __isset_bitfield = 0;
+ read(new org.apache.thrift.protocol.TCompactProtocol(new org.apache.thrift.transport.TIOStreamTransport(in)));
+ } catch (org.apache.thrift.TException te) {
+ throw new java.io.IOException(te);
+ }
+ }
+
+ private static class TSentryRoleStandardSchemeFactory implements SchemeFactory {
+ public TSentryRoleStandardScheme getScheme() {
+ return new TSentryRoleStandardScheme();
+ }
+ }
+
+ private static class TSentryRoleStandardScheme extends StandardScheme<TSentryRole> {
+
+ public void read(org.apache.thrift.protocol.TProtocol iprot, TSentryRole struct) throws org.apache.thrift.TException {
+ org.apache.thrift.protocol.TField schemeField;
+ iprot.readStructBegin();
+ while (true)
+ {
+ schemeField = iprot.readFieldBegin();
+ if (schemeField.type == org.apache.thrift.protocol.TType.STOP) {
+ break;
+ }
+ switch (schemeField.id) {
+ case 1: // ROLE_NAME
+ if (schemeField.type == org.apache.thrift.protocol.TType.STRING) {
+ struct.roleName = iprot.readString();
+ struct.setRoleNameIsSet(true);
+ } else {
+ org.apache.thrift.protocol.TProtocolUtil.skip(iprot, schemeField.type);
+ }
+ break;
+ case 2: // PRIVILEGES
+ if (schemeField.type == org.apache.thrift.protocol.TType.SET) {
+ {
+ org.apache.thrift.protocol.TSet _set0 = iprot.readSetBegin();
+ struct.privileges = new HashSet<TSentryPrivilege>(2*_set0.size);
+ for (int _i1 = 0; _i1 < _set0.size; ++_i1)
+ {
+ TSentryPrivilege _elem2; // required
+ _elem2 = new TSentryPrivilege();
+ _elem2.read(iprot);
+ struct.privileges.add(_elem2);
+ }
+ iprot.readSetEnd();
+ }
+ struct.setPrivilegesIsSet(true);
+ } else {
+ org.apache.thrift.protocol.TProtocolUtil.skip(iprot, schemeField.type);
+ }
+ break;
+ case 3: // CREATE_TIME
+ if (schemeField.type == org.apache.thrift.protocol.TType.I64) {
+ struct.createTime = iprot.readI64();
+ struct.setCreateTimeIsSet(true);
+ } else {
+ org.apache.thrift.protocol.TProtocolUtil.skip(iprot, schemeField.type);
+ }
+ break;
+ case 4: // GRANTOR_PRINCIPAL
+ if (schemeField.type == org.apache.thrift.protocol.TType.STRING) {
+ struct.grantorPrincipal = iprot.readString();
+ struct.setGrantorPrincipalIsSet(true);
+ } else {
+ org.apache.thrift.protocol.TProtocolUtil.skip(iprot, schemeField.type);
+ }
+ break;
+ default:
+ org.apache.thrift.protocol.TProtocolUtil.skip(iprot, schemeField.type);
+ }
+ iprot.readFieldEnd();
+ }
+ iprot.readStructEnd();
+ struct.validate();
+ }
+
+ public void write(org.apache.thrift.protocol.TProtocol oprot, TSentryRole struct) throws org.apache.thrift.TException {
+ struct.validate();
+
+ oprot.writeStructBegin(STRUCT_DESC);
+ if (struct.roleName != null) {
+ oprot.writeFieldBegin(ROLE_NAME_FIELD_DESC);
+ oprot.writeString(struct.roleName);
+ oprot.writeFieldEnd();
+ }
+ if (struct.privileges != null) {
+ oprot.writeFieldBegin(PRIVILEGES_FIELD_DESC);
+ {
+ oprot.writeSetBegin(new org.apache.thrift.protocol.TSet(org.apache.thrift.protocol.TType.STRUCT, struct.privileges.size()));
+ for (TSentryPrivilege _iter3 : struct.privileges)
+ {
+ _iter3.write(oprot);
+ }
+ oprot.writeSetEnd();
+ }
+ oprot.writeFieldEnd();
+ }
+ oprot.writeFieldBegin(CREATE_TIME_FIELD_DESC);
+ oprot.writeI64(struct.createTime);
+ oprot.writeFieldEnd();
+ if (struct.grantorPrincipal != null) {
+ oprot.writeFieldBegin(GRANTOR_PRINCIPAL_FIELD_DESC);
+ oprot.writeString(struct.grantorPrincipal);
+ oprot.writeFieldEnd();
+ }
+ oprot.writeFieldStop();
+ oprot.writeStructEnd();
+ }
+
+ }
+
+ private static class TSentryRoleTupleSchemeFactory implements SchemeFactory {
+ public TSentryRoleTupleScheme getScheme() {
+ return new TSentryRoleTupleScheme();
+ }
+ }
+
+ private static class TSentryRoleTupleScheme extends TupleScheme<TSentryRole> {
+
+ @Override
+ public void write(org.apache.thrift.protocol.TProtocol prot, TSentryRole struct) throws org.apache.thrift.TException {
+ TTupleProtocol oprot = (TTupleProtocol) prot;
+ oprot.writeString(struct.roleName);
+ {
+ oprot.writeI32(struct.privileges.size());
+ for (TSentryPrivilege _iter4 : struct.privileges)
+ {
+ _iter4.write(oprot);
+ }
+ }
+ oprot.writeI64(struct.createTime);
+ oprot.writeString(struct.grantorPrincipal);
+ }
+
+ @Override
+ public void read(org.apache.thrift.protocol.TProtocol prot, TSentryRole struct) throws org.apache.thrift.TException {
+ TTupleProtocol iprot = (TTupleProtocol) prot;
+ struct.roleName = iprot.readString();
+ struct.setRoleNameIsSet(true);
+ {
+ org.apache.thrift.protocol.TSet _set5 = new org.apache.thrift.protocol.TSet(org.apache.thrift.protocol.TType.STRUCT, iprot.readI32());
+ struct.privileges = new HashSet<TSentryPrivilege>(2*_set5.size);
+ for (int _i6 = 0; _i6 < _set5.size; ++_i6)
+ {
+ TSentryPrivilege _elem7; // required
+ _elem7 = new TSentryPrivilege();
+ _elem7.read(iprot);
+ struct.privileges.add(_elem7);
+ }
+ }
+ struct.setPrivilegesIsSet(true);
+ struct.createTime = iprot.readI64();
+ struct.setCreateTimeIsSet(true);
+ struct.grantorPrincipal = iprot.readString();
+ struct.setGrantorPrincipalIsSet(true);
+ }
+ }
+
+}
+
http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/644e8be3/sentry-provider/sentry-provider-db/src/gen/thrift/gen-javabean/org/apache/sentry/service/thrift/TSentryResponseStatus.java
----------------------------------------------------------------------
diff --git a/sentry-provider/sentry-provider-db/src/gen/thrift/gen-javabean/org/apache/sentry/service/thrift/TSentryResponseStatus.java b/sentry-provider/sentry-provider-db/src/gen/thrift/gen-javabean/org/apache/sentry/service/thrift/TSentryResponseStatus.java
new file mode 100644
index 0000000..81abd90
--- /dev/null
+++ b/sentry-provider/sentry-provider-db/src/gen/thrift/gen-javabean/org/apache/sentry/service/thrift/TSentryResponseStatus.java
@@ -0,0 +1,594 @@
+/**
+ * Autogenerated by Thrift Compiler (0.9.0)
+ *
+ * DO NOT EDIT UNLESS YOU ARE SURE THAT YOU KNOW WHAT YOU ARE DOING
+ * @generated
+ */
+package org.apache.sentry.service.thrift;
+
+import org.apache.commons.lang.builder.HashCodeBuilder;
+import org.apache.thrift.scheme.IScheme;
+import org.apache.thrift.scheme.SchemeFactory;
+import org.apache.thrift.scheme.StandardScheme;
+
+import org.apache.thrift.scheme.TupleScheme;
+import org.apache.thrift.protocol.TTupleProtocol;
+import org.apache.thrift.protocol.TProtocolException;
+import org.apache.thrift.EncodingUtils;
+import org.apache.thrift.TException;
+import java.util.List;
+import java.util.ArrayList;
+import java.util.Map;
+import java.util.HashMap;
+import java.util.EnumMap;
+import java.util.Set;
+import java.util.HashSet;
+import java.util.EnumSet;
+import java.util.Collections;
+import java.util.BitSet;
+import java.nio.ByteBuffer;
+import java.util.Arrays;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+public class TSentryResponseStatus implements org.apache.thrift.TBase<TSentryResponseStatus, TSentryResponseStatus._Fields>, java.io.Serializable, Cloneable {
+ private static final org.apache.thrift.protocol.TStruct STRUCT_DESC = new org.apache.thrift.protocol.TStruct("TSentryResponseStatus");
+
+ private static final org.apache.thrift.protocol.TField VALUE_FIELD_DESC = new org.apache.thrift.protocol.TField("value", org.apache.thrift.protocol.TType.I32, (short)1);
+ private static final org.apache.thrift.protocol.TField MESSAGE_FIELD_DESC = new org.apache.thrift.protocol.TField("message", org.apache.thrift.protocol.TType.STRING, (short)2);
+ private static final org.apache.thrift.protocol.TField STACK_FIELD_DESC = new org.apache.thrift.protocol.TField("stack", org.apache.thrift.protocol.TType.STRING, (short)3);
+
+ private static final Map<Class<? extends IScheme>, SchemeFactory> schemes = new HashMap<Class<? extends IScheme>, SchemeFactory>();
+ static {
+ schemes.put(StandardScheme.class, new TSentryResponseStatusStandardSchemeFactory());
+ schemes.put(TupleScheme.class, new TSentryResponseStatusTupleSchemeFactory());
+ }
+
+ private int value; // required
+ private String message; // required
+ private String stack; // optional
+
+ /** The set of fields this struct contains, along with convenience methods for finding and manipulating them. */
+ public enum _Fields implements org.apache.thrift.TFieldIdEnum {
+ VALUE((short)1, "value"),
+ MESSAGE((short)2, "message"),
+ STACK((short)3, "stack");
+
+ private static final Map<String, _Fields> byName = new HashMap<String, _Fields>();
+
+ static {
+ for (_Fields field : EnumSet.allOf(_Fields.class)) {
+ byName.put(field.getFieldName(), field);
+ }
+ }
+
+ /**
+ * Find the _Fields constant that matches fieldId, or null if its not found.
+ */
+ public static _Fields findByThriftId(int fieldId) {
+ switch(fieldId) {
+ case 1: // VALUE
+ return VALUE;
+ case 2: // MESSAGE
+ return MESSAGE;
+ case 3: // STACK
+ return STACK;
+ default:
+ return null;
+ }
+ }
+
+ /**
+ * Find the _Fields constant that matches fieldId, throwing an exception
+ * if it is not found.
+ */
+ public static _Fields findByThriftIdOrThrow(int fieldId) {
+ _Fields fields = findByThriftId(fieldId);
+ if (fields == null) throw new IllegalArgumentException("Field " + fieldId + " doesn't exist!");
+ return fields;
+ }
+
+ /**
+ * Find the _Fields constant that matches name, or null if its not found.
+ */
+ public static _Fields findByName(String name) {
+ return byName.get(name);
+ }
+
+ private final short _thriftId;
+ private final String _fieldName;
+
+ _Fields(short thriftId, String fieldName) {
+ _thriftId = thriftId;
+ _fieldName = fieldName;
+ }
+
+ public short getThriftFieldId() {
+ return _thriftId;
+ }
+
+ public String getFieldName() {
+ return _fieldName;
+ }
+ }
+
+ // isset id assignments
+ private static final int __VALUE_ISSET_ID = 0;
+ private byte __isset_bitfield = 0;
+ private _Fields optionals[] = {_Fields.STACK};
+ public static final Map<_Fields, org.apache.thrift.meta_data.FieldMetaData> metaDataMap;
+ static {
+ Map<_Fields, org.apache.thrift.meta_data.FieldMetaData> tmpMap = new EnumMap<_Fields, org.apache.thrift.meta_data.FieldMetaData>(_Fields.class);
+ tmpMap.put(_Fields.VALUE, new org.apache.thrift.meta_data.FieldMetaData("value", org.apache.thrift.TFieldRequirementType.REQUIRED,
+ new org.apache.thrift.meta_data.FieldValueMetaData(org.apache.thrift.protocol.TType.I32)));
+ tmpMap.put(_Fields.MESSAGE, new org.apache.thrift.meta_data.FieldMetaData("message", org.apache.thrift.TFieldRequirementType.REQUIRED,
+ new org.apache.thrift.meta_data.FieldValueMetaData(org.apache.thrift.protocol.TType.STRING)));
+ tmpMap.put(_Fields.STACK, new org.apache.thrift.meta_data.FieldMetaData("stack", org.apache.thrift.TFieldRequirementType.OPTIONAL,
+ new org.apache.thrift.meta_data.FieldValueMetaData(org.apache.thrift.protocol.TType.STRING)));
+ metaDataMap = Collections.unmodifiableMap(tmpMap);
+ org.apache.thrift.meta_data.FieldMetaData.addStructMetaDataMap(TSentryResponseStatus.class, metaDataMap);
+ }
+
+ public TSentryResponseStatus() {
+ }
+
+ public TSentryResponseStatus(
+ int value,
+ String message)
+ {
+ this();
+ this.value = value;
+ setValueIsSet(true);
+ this.message = message;
+ }
+
+ /**
+ * Performs a deep copy on <i>other</i>.
+ */
+ public TSentryResponseStatus(TSentryResponseStatus other) {
+ __isset_bitfield = other.__isset_bitfield;
+ this.value = other.value;
+ if (other.isSetMessage()) {
+ this.message = other.message;
+ }
+ if (other.isSetStack()) {
+ this.stack = other.stack;
+ }
+ }
+
+ public TSentryResponseStatus deepCopy() {
+ return new TSentryResponseStatus(this);
+ }
+
+ @Override
+ public void clear() {
+ setValueIsSet(false);
+ this.value = 0;
+ this.message = null;
+ this.stack = null;
+ }
+
+ public int getValue() {
+ return this.value;
+ }
+
+ public void setValue(int value) {
+ this.value = value;
+ setValueIsSet(true);
+ }
+
+ public void unsetValue() {
+ __isset_bitfield = EncodingUtils.clearBit(__isset_bitfield, __VALUE_ISSET_ID);
+ }
+
+ /** Returns true if field value is set (has been assigned a value) and false otherwise */
+ public boolean isSetValue() {
+ return EncodingUtils.testBit(__isset_bitfield, __VALUE_ISSET_ID);
+ }
+
+ public void setValueIsSet(boolean value) {
+ __isset_bitfield = EncodingUtils.setBit(__isset_bitfield, __VALUE_ISSET_ID, value);
+ }
+
+ public String getMessage() {
+ return this.message;
+ }
+
+ public void setMessage(String message) {
+ this.message = message;
+ }
+
+ public void unsetMessage() {
+ this.message = null;
+ }
+
+ /** Returns true if field message is set (has been assigned a value) and false otherwise */
+ public boolean isSetMessage() {
+ return this.message != null;
+ }
+
+ public void setMessageIsSet(boolean value) {
+ if (!value) {
+ this.message = null;
+ }
+ }
+
+ public String getStack() {
+ return this.stack;
+ }
+
+ public void setStack(String stack) {
+ this.stack = stack;
+ }
+
+ public void unsetStack() {
+ this.stack = null;
+ }
+
+ /** Returns true if field stack is set (has been assigned a value) and false otherwise */
+ public boolean isSetStack() {
+ return this.stack != null;
+ }
+
+ public void setStackIsSet(boolean value) {
+ if (!value) {
+ this.stack = null;
+ }
+ }
+
+ public void setFieldValue(_Fields field, Object value) {
+ switch (field) {
+ case VALUE:
+ if (value == null) {
+ unsetValue();
+ } else {
+ setValue((Integer)value);
+ }
+ break;
+
+ case MESSAGE:
+ if (value == null) {
+ unsetMessage();
+ } else {
+ setMessage((String)value);
+ }
+ break;
+
+ case STACK:
+ if (value == null) {
+ unsetStack();
+ } else {
+ setStack((String)value);
+ }
+ break;
+
+ }
+ }
+
+ public Object getFieldValue(_Fields field) {
+ switch (field) {
+ case VALUE:
+ return Integer.valueOf(getValue());
+
+ case MESSAGE:
+ return getMessage();
+
+ case STACK:
+ return getStack();
+
+ }
+ throw new IllegalStateException();
+ }
+
+ /** Returns true if field corresponding to fieldID is set (has been assigned a value) and false otherwise */
+ public boolean isSet(_Fields field) {
+ if (field == null) {
+ throw new IllegalArgumentException();
+ }
+
+ switch (field) {
+ case VALUE:
+ return isSetValue();
+ case MESSAGE:
+ return isSetMessage();
+ case STACK:
+ return isSetStack();
+ }
+ throw new IllegalStateException();
+ }
+
+ @Override
+ public boolean equals(Object that) {
+ if (that == null)
+ return false;
+ if (that instanceof TSentryResponseStatus)
+ return this.equals((TSentryResponseStatus)that);
+ return false;
+ }
+
+ public boolean equals(TSentryResponseStatus that) {
+ if (that == null)
+ return false;
+
+ boolean this_present_value = true;
+ boolean that_present_value = true;
+ if (this_present_value || that_present_value) {
+ if (!(this_present_value && that_present_value))
+ return false;
+ if (this.value != that.value)
+ return false;
+ }
+
+ boolean this_present_message = true && this.isSetMessage();
+ boolean that_present_message = true && that.isSetMessage();
+ if (this_present_message || that_present_message) {
+ if (!(this_present_message && that_present_message))
+ return false;
+ if (!this.message.equals(that.message))
+ return false;
+ }
+
+ boolean this_present_stack = true && this.isSetStack();
+ boolean that_present_stack = true && that.isSetStack();
+ if (this_present_stack || that_present_stack) {
+ if (!(this_present_stack && that_present_stack))
+ return false;
+ if (!this.stack.equals(that.stack))
+ return false;
+ }
+
+ return true;
+ }
+
+ @Override
+ public int hashCode() {
+ HashCodeBuilder builder = new HashCodeBuilder();
+
+ boolean present_value = true;
+ builder.append(present_value);
+ if (present_value)
+ builder.append(value);
+
+ boolean present_message = true && (isSetMessage());
+ builder.append(present_message);
+ if (present_message)
+ builder.append(message);
+
+ boolean present_stack = true && (isSetStack());
+ builder.append(present_stack);
+ if (present_stack)
+ builder.append(stack);
+
+ return builder.toHashCode();
+ }
+
+ public int compareTo(TSentryResponseStatus other) {
+ if (!getClass().equals(other.getClass())) {
+ return getClass().getName().compareTo(other.getClass().getName());
+ }
+
+ int lastComparison = 0;
+ TSentryResponseStatus typedOther = (TSentryResponseStatus)other;
+
+ lastComparison = Boolean.valueOf(isSetValue()).compareTo(typedOther.isSetValue());
+ if (lastComparison != 0) {
+ return lastComparison;
+ }
+ if (isSetValue()) {
+ lastComparison = org.apache.thrift.TBaseHelper.compareTo(this.value, typedOther.value);
+ if (lastComparison != 0) {
+ return lastComparison;
+ }
+ }
+ lastComparison = Boolean.valueOf(isSetMessage()).compareTo(typedOther.isSetMessage());
+ if (lastComparison != 0) {
+ return lastComparison;
+ }
+ if (isSetMessage()) {
+ lastComparison = org.apache.thrift.TBaseHelper.compareTo(this.message, typedOther.message);
+ if (lastComparison != 0) {
+ return lastComparison;
+ }
+ }
+ lastComparison = Boolean.valueOf(isSetStack()).compareTo(typedOther.isSetStack());
+ if (lastComparison != 0) {
+ return lastComparison;
+ }
+ if (isSetStack()) {
+ lastComparison = org.apache.thrift.TBaseHelper.compareTo(this.stack, typedOther.stack);
+ if (lastComparison != 0) {
+ return lastComparison;
+ }
+ }
+ return 0;
+ }
+
+ public _Fields fieldForId(int fieldId) {
+ return _Fields.findByThriftId(fieldId);
+ }
+
+ public void read(org.apache.thrift.protocol.TProtocol iprot) throws org.apache.thrift.TException {
+ schemes.get(iprot.getScheme()).getScheme().read(iprot, this);
+ }
+
+ public void write(org.apache.thrift.protocol.TProtocol oprot) throws org.apache.thrift.TException {
+ schemes.get(oprot.getScheme()).getScheme().write(oprot, this);
+ }
+
+ @Override
+ public String toString() {
+ StringBuilder sb = new StringBuilder("TSentryResponseStatus(");
+ boolean first = true;
+
+ sb.append("value:");
+ sb.append(this.value);
+ first = false;
+ if (!first) sb.append(", ");
+ sb.append("message:");
+ if (this.message == null) {
+ sb.append("null");
+ } else {
+ sb.append(this.message);
+ }
+ first = false;
+ if (isSetStack()) {
+ if (!first) sb.append(", ");
+ sb.append("stack:");
+ if (this.stack == null) {
+ sb.append("null");
+ } else {
+ sb.append(this.stack);
+ }
+ first = false;
+ }
+ sb.append(")");
+ return sb.toString();
+ }
+
+ public void validate() throws org.apache.thrift.TException {
+ // check for required fields
+ if (!isSetValue()) {
+ throw new org.apache.thrift.protocol.TProtocolException("Required field 'value' is unset! Struct:" + toString());
+ }
+
+ if (!isSetMessage()) {
+ throw new org.apache.thrift.protocol.TProtocolException("Required field 'message' is unset! Struct:" + toString());
+ }
+
+ // check for sub-struct validity
+ }
+
+ private void writeObject(java.io.ObjectOutputStream out) throws java.io.IOException {
+ try {
+ write(new org.apache.thrift.protocol.TCompactProtocol(new org.apache.thrift.transport.TIOStreamTransport(out)));
+ } catch (org.apache.thrift.TException te) {
+ throw new java.io.IOException(te);
+ }
+ }
+
+ private void readObject(java.io.ObjectInputStream in) throws java.io.IOException, ClassNotFoundException {
+ try {
+ // it doesn't seem like you should have to do this, but java serialization is wacky, and doesn't call the default constructor.
+ __isset_bitfield = 0;
+ read(new org.apache.thrift.protocol.TCompactProtocol(new org.apache.thrift.transport.TIOStreamTransport(in)));
+ } catch (org.apache.thrift.TException te) {
+ throw new java.io.IOException(te);
+ }
+ }
+
+ private static class TSentryResponseStatusStandardSchemeFactory implements SchemeFactory {
+ public TSentryResponseStatusStandardScheme getScheme() {
+ return new TSentryResponseStatusStandardScheme();
+ }
+ }
+
+ private static class TSentryResponseStatusStandardScheme extends StandardScheme<TSentryResponseStatus> {
+
+ public void read(org.apache.thrift.protocol.TProtocol iprot, TSentryResponseStatus struct) throws org.apache.thrift.TException {
+ org.apache.thrift.protocol.TField schemeField;
+ iprot.readStructBegin();
+ while (true)
+ {
+ schemeField = iprot.readFieldBegin();
+ if (schemeField.type == org.apache.thrift.protocol.TType.STOP) {
+ break;
+ }
+ switch (schemeField.id) {
+ case 1: // VALUE
+ if (schemeField.type == org.apache.thrift.protocol.TType.I32) {
+ struct.value = iprot.readI32();
+ struct.setValueIsSet(true);
+ } else {
+ org.apache.thrift.protocol.TProtocolUtil.skip(iprot, schemeField.type);
+ }
+ break;
+ case 2: // MESSAGE
+ if (schemeField.type == org.apache.thrift.protocol.TType.STRING) {
+ struct.message = iprot.readString();
+ struct.setMessageIsSet(true);
+ } else {
+ org.apache.thrift.protocol.TProtocolUtil.skip(iprot, schemeField.type);
+ }
+ break;
+ case 3: // STACK
+ if (schemeField.type == org.apache.thrift.protocol.TType.STRING) {
+ struct.stack = iprot.readString();
+ struct.setStackIsSet(true);
+ } else {
+ org.apache.thrift.protocol.TProtocolUtil.skip(iprot, schemeField.type);
+ }
+ break;
+ default:
+ org.apache.thrift.protocol.TProtocolUtil.skip(iprot, schemeField.type);
+ }
+ iprot.readFieldEnd();
+ }
+ iprot.readStructEnd();
+ struct.validate();
+ }
+
+ public void write(org.apache.thrift.protocol.TProtocol oprot, TSentryResponseStatus struct) throws org.apache.thrift.TException {
+ struct.validate();
+
+ oprot.writeStructBegin(STRUCT_DESC);
+ oprot.writeFieldBegin(VALUE_FIELD_DESC);
+ oprot.writeI32(struct.value);
+ oprot.writeFieldEnd();
+ if (struct.message != null) {
+ oprot.writeFieldBegin(MESSAGE_FIELD_DESC);
+ oprot.writeString(struct.message);
+ oprot.writeFieldEnd();
+ }
+ if (struct.stack != null) {
+ if (struct.isSetStack()) {
+ oprot.writeFieldBegin(STACK_FIELD_DESC);
+ oprot.writeString(struct.stack);
+ oprot.writeFieldEnd();
+ }
+ }
+ oprot.writeFieldStop();
+ oprot.writeStructEnd();
+ }
+
+ }
+
+ private static class TSentryResponseStatusTupleSchemeFactory implements SchemeFactory {
+ public TSentryResponseStatusTupleScheme getScheme() {
+ return new TSentryResponseStatusTupleScheme();
+ }
+ }
+
+ private static class TSentryResponseStatusTupleScheme extends TupleScheme<TSentryResponseStatus> {
+
+ @Override
+ public void write(org.apache.thrift.protocol.TProtocol prot, TSentryResponseStatus struct) throws org.apache.thrift.TException {
+ TTupleProtocol oprot = (TTupleProtocol) prot;
+ oprot.writeI32(struct.value);
+ oprot.writeString(struct.message);
+ BitSet optionals = new BitSet();
+ if (struct.isSetStack()) {
+ optionals.set(0);
+ }
+ oprot.writeBitSet(optionals, 1);
+ if (struct.isSetStack()) {
+ oprot.writeString(struct.stack);
+ }
+ }
+
+ @Override
+ public void read(org.apache.thrift.protocol.TProtocol prot, TSentryResponseStatus struct) throws org.apache.thrift.TException {
+ TTupleProtocol iprot = (TTupleProtocol) prot;
+ struct.value = iprot.readI32();
+ struct.setValueIsSet(true);
+ struct.message = iprot.readString();
+ struct.setMessageIsSet(true);
+ BitSet incoming = iprot.readBitSet(1);
+ if (incoming.get(0)) {
+ struct.stack = iprot.readString();
+ struct.setStackIsSet(true);
+ }
+ }
+ }
+
+}
+
http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/644e8be3/sentry-provider/sentry-provider-db/src/gen/thrift/gen-javabean/org/apache/sentry/service/thrift/sentry_common_serviceConstants.java
----------------------------------------------------------------------
diff --git a/sentry-provider/sentry-provider-db/src/gen/thrift/gen-javabean/org/apache/sentry/service/thrift/sentry_common_serviceConstants.java b/sentry-provider/sentry-provider-db/src/gen/thrift/gen-javabean/org/apache/sentry/service/thrift/sentry_common_serviceConstants.java
new file mode 100644
index 0000000..c465737
--- /dev/null
+++ b/sentry-provider/sentry-provider-db/src/gen/thrift/gen-javabean/org/apache/sentry/service/thrift/sentry_common_serviceConstants.java
@@ -0,0 +1,48 @@
+/**
+ * Autogenerated by Thrift Compiler (0.9.0)
+ *
+ * DO NOT EDIT UNLESS YOU ARE SURE THAT YOU KNOW WHAT YOU ARE DOING
+ * @generated
+ */
+package org.apache.sentry.service.thrift;
+
+import org.apache.commons.lang.builder.HashCodeBuilder;
+import org.apache.thrift.scheme.IScheme;
+import org.apache.thrift.scheme.SchemeFactory;
+import org.apache.thrift.scheme.StandardScheme;
+
+import org.apache.thrift.scheme.TupleScheme;
+import org.apache.thrift.protocol.TTupleProtocol;
+import org.apache.thrift.protocol.TProtocolException;
+import org.apache.thrift.EncodingUtils;
+import org.apache.thrift.TException;
+import java.util.List;
+import java.util.ArrayList;
+import java.util.Map;
+import java.util.HashMap;
+import java.util.EnumMap;
+import java.util.Set;
+import java.util.HashSet;
+import java.util.EnumSet;
+import java.util.Collections;
+import java.util.BitSet;
+import java.nio.ByteBuffer;
+import java.util.Arrays;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+public class sentry_common_serviceConstants {
+
+ public static final int TSENTRY_SERVICE_V1 = 1;
+
+ public static final int TSENTRY_STATUS_OK = 0;
+
+ public static final int TSENTRY_STATUS_ALREADY_EXISTS = 1;
+
+ public static final int TSENTRY_STATUS_NO_SUCH_OBJECT = 2;
+
+ public static final int TSENTRY_STATUS_RUNTIME_ERROR = 3;
+
+ public static final int TSENTRY_STATUS_INVALID_INPUT = 4;
+
+}
[11/13] SENTRY-143: Merge db_policy_store branch into master (Brock
Noland via Shreepadma Venugopalan)
Posted by sh...@apache.org.
http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/644e8be3/sentry-policy/sentry-policy-db/src/test/java/org/apache/sentry/policy/db/TestPolicyParsingNegative.java
----------------------------------------------------------------------
diff --git a/sentry-policy/sentry-policy-db/src/test/java/org/apache/sentry/policy/db/TestPolicyParsingNegative.java b/sentry-policy/sentry-policy-db/src/test/java/org/apache/sentry/policy/db/TestPolicyParsingNegative.java
index f348e0e..e88ae32 100644
--- a/sentry-policy/sentry-policy-db/src/test/java/org/apache/sentry/policy/db/TestPolicyParsingNegative.java
+++ b/sentry-policy/sentry-policy-db/src/test/java/org/apache/sentry/policy/db/TestPolicyParsingNegative.java
@@ -18,14 +18,11 @@ package org.apache.sentry.policy.db;
import java.io.File;
import java.io.IOException;
-import java.util.Arrays;
import junit.framework.Assert;
import org.apache.commons.io.FileUtils;
-import org.apache.sentry.core.common.Authorizable;
-import org.apache.sentry.core.model.db.Database;
-import org.apache.sentry.core.model.db.Server;
+import org.apache.sentry.core.common.ActiveRoleSet;
import org.apache.sentry.policy.common.PolicyEngine;
import org.apache.sentry.provider.file.PolicyFile;
import org.junit.After;
@@ -36,7 +33,7 @@ import org.slf4j.LoggerFactory;
import com.google.common.base.Charsets;
import com.google.common.collect.ImmutableSet;
-import com.google.common.collect.Lists;
+import com.google.common.collect.Sets;
import com.google.common.io.Files;
public class TestPolicyParsingNegative {
@@ -75,12 +72,8 @@ public class TestPolicyParsingNegative {
append("other_group = malicious_role", otherPolicyFile);
append("[roles]", otherPolicyFile);
append("malicious_role = server=server1->db=customers->table=purchases->action=select", otherPolicyFile);
- PolicyEngine policy = new DBPolicyFileBackend(globalPolicyFile.getPath(), "server1");
- ImmutableSet<String> permissions = policy.getPermissions(
- Arrays.asList(new Authorizable[] {
- new Server("server1"),
- new Database("other_group_db")
- }), Lists.newArrayList("other_group")).get("other_group");
+ PolicyEngine policy = new DBPolicyFileBackend("server1", globalPolicyFile.getPath());
+ ImmutableSet<String> permissions = policy.getPrivileges(Sets.newHashSet("other_group"), ActiveRoleSet.ALL);
Assert.assertTrue(permissions.toString(), permissions.isEmpty());
}
@Test
@@ -93,33 +86,25 @@ public class TestPolicyParsingNegative {
policyFile.addGroupsToUser("admin1", "admin");
policyFile.write(globalPolicyFile);
policyFile.write(otherPolicyFile);
- policy = new DBPolicyFileBackend(globalPolicyFile.getPath(), "server1");
- permissions = policy.getPermissions(
- Arrays.asList(new Authorizable[] {
- new Server("server1")
- }), Lists.newArrayList("admin")).get("admin");
+ policy = new DBPolicyFileBackend("server1", globalPolicyFile.getPath());
+ permissions = policy.getPrivileges(Sets.newHashSet("admin"), ActiveRoleSet.ALL);
Assert.assertEquals(permissions.toString(), "[server=server1]");
// test to ensure [users] fails parsing of per-db file
policyFile.addDatabase("other", otherPolicyFile.getPath());
policyFile.write(globalPolicyFile);
policyFile.write(otherPolicyFile);
- policy = new DBPolicyFileBackend(globalPolicyFile.getPath(), "server1");
- permissions = policy.getPermissions(
- Arrays.asList(new Authorizable[] {
- new Server("server1")
- }), Lists.newArrayList("admin")).get("admin");
+ policy = new DBPolicyFileBackend("server1", globalPolicyFile.getPath());
+ permissions = policy.getPrivileges(Sets.newHashSet("admin"), ActiveRoleSet.ALL);
Assert.assertEquals(permissions.toString(), "[server=server1]");
// test to ensure [databases] fails parsing of per-db file
// by removing the user mapping from the per-db policy file
policyFile.removeGroupsFromUser("admin1", "admin")
.write(otherPolicyFile);
- policy = new DBPolicyFileBackend(globalPolicyFile.getPath(), "server1");
- permissions = policy.getPermissions(
- Arrays.asList(new Authorizable[] {
- new Server("server1")
- }), Lists.newArrayList("admin")).get("admin");
+ policy = new DBPolicyFileBackend("server1", globalPolicyFile.getPath());
+ permissions = policy.getPrivileges(Sets.newHashSet("admin"), ActiveRoleSet.ALL);
Assert.assertEquals(permissions.toString(), "[server=server1]");
}
+
@Test
public void testDatabaseRequiredInRole() throws Exception {
append("[databases]", globalPolicyFile);
@@ -128,40 +113,30 @@ public class TestPolicyParsingNegative {
append("other_group = malicious_role", otherPolicyFile);
append("[roles]", otherPolicyFile);
append("malicious_role = server=server1", otherPolicyFile);
- PolicyEngine policy = new DBPolicyFileBackend(globalPolicyFile.getPath(), "server1");
- ImmutableSet<String> permissions = policy.getPermissions(
- Arrays.asList(new Authorizable[] {
- new Server("server1"),
- new Database("other_group_db")
- }), Lists.newArrayList("other_group")).get("other_group");
+ PolicyEngine policy = new DBPolicyFileBackend("server1", globalPolicyFile.getPath());
+ ImmutableSet<String> permissions = policy.getPrivileges(Sets.newHashSet("other_group"), ActiveRoleSet.ALL);
Assert.assertTrue(permissions.toString(), permissions.isEmpty());
}
+
@Test
public void testServerAll() throws Exception {
append("[groups]", globalPolicyFile);
append("group = malicious_role", globalPolicyFile);
append("[roles]", globalPolicyFile);
append("malicious_role = server=*", globalPolicyFile);
- PolicyEngine policy = new DBPolicyFileBackend(globalPolicyFile.getPath(), "server1");
- ImmutableSet<String> permissions = policy.getPermissions(
- Arrays.asList(new Authorizable[] {
- Server.ALL,
- new Database("some_db")
- }), Lists.newArrayList("group")).get("group");
+ PolicyEngine policy = new DBPolicyFileBackend("server1", globalPolicyFile.getPath());
+ ImmutableSet<String> permissions = policy.getPrivileges(Sets.newHashSet("group"), ActiveRoleSet.ALL);
Assert.assertTrue(permissions.toString(), permissions.isEmpty());
}
+
@Test
public void testServerIncorrect() throws Exception {
append("[groups]", globalPolicyFile);
append("group = malicious_role", globalPolicyFile);
append("[roles]", globalPolicyFile);
append("malicious_role = server=server2", globalPolicyFile);
- PolicyEngine policy = new DBPolicyFileBackend(globalPolicyFile.getPath(), "server1");
- ImmutableSet<String> permissions = policy.getPermissions(
- Arrays.asList(new Authorizable[] {
- Server.ALL,
- new Database("some_db")
- }), Lists.newArrayList("group")).get("group");
+ PolicyEngine policy = new DBPolicyFileBackend("server1", globalPolicyFile.getPath());
+ ImmutableSet<String> permissions = policy.getPrivileges(Sets.newHashSet("group"), ActiveRoleSet.ALL);
Assert.assertTrue(permissions.toString(), permissions.isEmpty());
}
@@ -171,12 +146,8 @@ public class TestPolicyParsingNegative {
append("group = malicious_role", globalPolicyFile);
append("[roles]", globalPolicyFile);
append("malicious_role = *", globalPolicyFile);
- PolicyEngine policy = new DBPolicyFileBackend(globalPolicyFile.getPath(), "server1");
- ImmutableSet<String> permissions = policy.getPermissions(
- Arrays.asList(new Authorizable[] {
- Server.ALL,
- new Database("some_db")
- }), Lists.newArrayList("group")).get("group");
+ PolicyEngine policy = new DBPolicyFileBackend("server1", globalPolicyFile.getPath());
+ ImmutableSet<String> permissions = policy.getPrivileges(Sets.newHashSet("group"), ActiveRoleSet.ALL);
Assert.assertTrue(permissions.toString(), permissions.isEmpty());
}
@@ -211,30 +182,13 @@ public class TestPolicyParsingNegative {
append("[roles]", db2PolicyFile);
append("db2_rule = server=server1->db=db2->table=purchases->action=select", db2PolicyFile);
- PolicyEngine policy = new DBPolicyFileBackend(globalPolicyFile.getPath(), "server1");
+ PolicyEngine policy = new DBPolicyFileBackend("server1", globalPolicyFile.getPath());
// verify that the db1 rule is empty
- ImmutableSet<String> permissions = policy.getPermissions(
- Arrays.asList(new Authorizable[] {
- new Server("server1"),
- new Database("db1")
- }), Lists.newArrayList("db1_group")).get("db1_group");
+ ImmutableSet<String> permissions = policy.getPrivileges(Sets.newHashSet("db1_group"), ActiveRoleSet.ALL);
Assert.assertTrue(permissions.toString(), permissions.isEmpty());
- permissions = policy.getPermissions(
- Arrays.asList(new Authorizable[] {
- new Server("server1"),
- new Database("db2")
- }), Lists.newArrayList("db2_group")).get("db2_group");
+ permissions = policy.getPrivileges(Sets.newHashSet("db2_group"), ActiveRoleSet.ALL);
Assert.assertEquals(permissions.toString(), 1, permissions.size());
-
- permissions = policy.getPermissions(
- Arrays.asList(new Authorizable[] {
- new Server("server1"),
- new Database("db2")
- }), Lists.newArrayList("db2_group")).get("db2_group");
- Assert.assertEquals(permissions.toString(), 1, permissions.size());
-
}
-
}
http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/644e8be3/sentry-policy/sentry-policy-db/src/test/java/org/apache/sentry/policy/db/TestResourceAuthorizationProviderGeneralCases.java
----------------------------------------------------------------------
diff --git a/sentry-policy/sentry-policy-db/src/test/java/org/apache/sentry/policy/db/TestResourceAuthorizationProviderGeneralCases.java b/sentry-policy/sentry-policy-db/src/test/java/org/apache/sentry/policy/db/TestResourceAuthorizationProviderGeneralCases.java
index 2f4c20e..469be14 100644
--- a/sentry-policy/sentry-policy-db/src/test/java/org/apache/sentry/policy/db/TestResourceAuthorizationProviderGeneralCases.java
+++ b/sentry-policy/sentry-policy-db/src/test/java/org/apache/sentry/policy/db/TestResourceAuthorizationProviderGeneralCases.java
@@ -27,6 +27,7 @@ import junit.framework.Assert;
import org.apache.commons.io.FileUtils;
import org.apache.sentry.core.common.Action;
+import org.apache.sentry.core.common.ActiveRoleSet;
import org.apache.sentry.core.common.Authorizable;
import org.apache.sentry.core.common.Subject;
import org.apache.sentry.core.model.db.AccessConstants;
@@ -90,7 +91,8 @@ public class TestResourceAuthorizationProviderGeneralCases {
baseDir = Files.createTempDir();
PolicyFiles.copyToDir(baseDir, "test-authz-provider.ini", "test-authz-provider-other-group.ini");
authzProvider = new HadoopGroupResourceAuthorizationProvider(
- new DBPolicyFileBackend(new File(baseDir, "test-authz-provider.ini").getPath(), "server1"),
+ new DBPolicyFileBackend("server1",
+ new File(baseDir, "test-authz-provider.ini").getPath()),
new MockGroupMappingServiceProvider(USER_TO_GROUP_MAP));
}
@@ -110,7 +112,7 @@ public class TestResourceAuthorizationProviderGeneralCases {
helper.add("authorizables", authzHierarchy).add("Privileges", privileges);
LOGGER.info("Running with " + helper.toString());
Assert.assertEquals(helper.toString(), expected,
- authzProvider.hasAccess(subject, authzHierarchy, privileges));
+ authzProvider.hasAccess(subject, authzHierarchy, privileges, ActiveRoleSet.ALL));
LOGGER.info("Passed " + helper.toString());
}
@@ -125,7 +127,7 @@ public class TestResourceAuthorizationProviderGeneralCases {
.add("Table", table).add("Privileges", privileges).add("authzHierarchy", authzHierarchy);
LOGGER.info("Running with " + helper.toString());
Assert.assertEquals(helper.toString(), expected,
- authzProvider.hasAccess(subject, authzHierarchy, privileges));
+ authzProvider.hasAccess(subject, authzHierarchy, privileges, ActiveRoleSet.ALL));
LOGGER.info("Passed " + helper.toString());
}
http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/644e8be3/sentry-policy/sentry-policy-db/src/test/java/org/apache/sentry/policy/db/TestResourceAuthorizationProviderSpecialCases.java
----------------------------------------------------------------------
diff --git a/sentry-policy/sentry-policy-db/src/test/java/org/apache/sentry/policy/db/TestResourceAuthorizationProviderSpecialCases.java b/sentry-policy/sentry-policy-db/src/test/java/org/apache/sentry/policy/db/TestResourceAuthorizationProviderSpecialCases.java
index 688b845..3ae901e 100644
--- a/sentry-policy/sentry-policy-db/src/test/java/org/apache/sentry/policy/db/TestResourceAuthorizationProviderSpecialCases.java
+++ b/sentry-policy/sentry-policy-db/src/test/java/org/apache/sentry/policy/db/TestResourceAuthorizationProviderSpecialCases.java
@@ -25,8 +25,9 @@ import java.util.Set;
import junit.framework.Assert;
import org.apache.commons.io.FileUtils;
-import org.apache.sentry.core.common.Authorizable;
import org.apache.sentry.core.common.Action;
+import org.apache.sentry.core.common.ActiveRoleSet;
+import org.apache.sentry.core.common.Authorizable;
import org.apache.sentry.core.common.Subject;
import org.apache.sentry.core.model.db.AccessURI;
import org.apache.sentry.core.model.db.DBModelAction;
@@ -73,11 +74,11 @@ public class TestResourceAuthorizationProviderSpecialCases {
.addPermissionsToRole("role1", true, "server=" + server1.getName() + "->uri=" + uri.getName(),
"server=" + server1.getName() + "->uri=" + uri.getName());
policyFile.write(iniFile);
- DBPolicyFileBackend policy = new DBPolicyFileBackend(initResource, server1.getName());
+ DBPolicyFileBackend policy = new DBPolicyFileBackend(server1.getName(), initResource);
authzProvider = new LocalGroupResourceAuthorizationProvider(initResource, policy);
List<? extends Authorizable> authorizableHierarchy = ImmutableList.of(server1, uri);
Assert.assertTrue(authorizableHierarchy.toString(),
- authzProvider.hasAccess(user1, authorizableHierarchy, actions));
+ authzProvider.hasAccess(user1, authorizableHierarchy, actions, ActiveRoleSet.ALL));
}
@Test
public void testNonAbolutePath() throws Exception {
@@ -89,30 +90,30 @@ public class TestResourceAuthorizationProviderSpecialCases {
.addRolesToGroup("group1", "role1")
.addPermissionsToRole("role1", "server=" + server1.getName() + "->uri=" + uri.getName());
policyFile.write(iniFile);
- DBPolicyFileBackend policy = new DBPolicyFileBackend(initResource, server1.getName());
+ DBPolicyFileBackend policy = new DBPolicyFileBackend(server1.getName(), initResource);
authzProvider = new LocalGroupResourceAuthorizationProvider(initResource, policy);
// positive test
List<? extends Authorizable> authorizableHierarchy = ImmutableList.of(server1, uri);
Assert.assertTrue(authorizableHierarchy.toString(),
- authzProvider.hasAccess(user1, authorizableHierarchy, actions));
+ authzProvider.hasAccess(user1, authorizableHierarchy, actions, ActiveRoleSet.ALL));
// negative tests
// TODO we should support the case of /path/to/./ but let's to that later
uri = new AccessURI("file:///path/to/./");
authorizableHierarchy = ImmutableList.of(server1, uri);
Assert.assertFalse(authorizableHierarchy.toString(),
- authzProvider.hasAccess(user1, authorizableHierarchy, actions));
+ authzProvider.hasAccess(user1, authorizableHierarchy, actions, ActiveRoleSet.ALL));
uri = new AccessURI("file:///path/to/../");
authorizableHierarchy = ImmutableList.of(server1, uri);
Assert.assertFalse(authorizableHierarchy.toString(),
- authzProvider.hasAccess(user1, authorizableHierarchy, actions));
+ authzProvider.hasAccess(user1, authorizableHierarchy, actions, ActiveRoleSet.ALL));
uri = new AccessURI("file:///path/to/../../");
authorizableHierarchy = ImmutableList.of(server1, uri);
Assert.assertFalse(authorizableHierarchy.toString(),
- authzProvider.hasAccess(user1, authorizableHierarchy, actions));
+ authzProvider.hasAccess(user1, authorizableHierarchy, actions, ActiveRoleSet.ALL));
uri = new AccessURI("file:///path/to/dir/../../");
authorizableHierarchy = ImmutableList.of(server1, uri);
Assert.assertFalse(authorizableHierarchy.toString(),
- authzProvider.hasAccess(user1, authorizableHierarchy, actions));
+ authzProvider.hasAccess(user1, authorizableHierarchy, actions, ActiveRoleSet.ALL));
}
@Test(expected=IllegalArgumentException.class)
public void testInvalidPath() throws Exception {
http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/644e8be3/sentry-policy/sentry-policy-db/src/test/java/org/apache/sentry/policy/db/TestSimpleDBPolicyEngineDFS.java
----------------------------------------------------------------------
diff --git a/sentry-policy/sentry-policy-db/src/test/java/org/apache/sentry/policy/db/TestSimpleDBPolicyEngineDFS.java b/sentry-policy/sentry-policy-db/src/test/java/org/apache/sentry/policy/db/TestSimpleDBPolicyEngineDFS.java
index c093dde..08f84a3 100644
--- a/sentry-policy/sentry-policy-db/src/test/java/org/apache/sentry/policy/db/TestSimpleDBPolicyEngineDFS.java
+++ b/sentry-policy/sentry-policy-db/src/test/java/org/apache/sentry/policy/db/TestSimpleDBPolicyEngineDFS.java
@@ -18,7 +18,7 @@ package org.apache.sentry.policy.db;
import java.io.File;
import java.io.IOException;
-import java.util.List;
+import java.util.Set;
import junit.framework.Assert;
@@ -26,17 +26,15 @@ import org.apache.hadoop.conf.Configuration;
import org.apache.hadoop.fs.FileSystem;
import org.apache.hadoop.fs.Path;
import org.apache.hadoop.hdfs.MiniDFSCluster;
-import org.apache.sentry.core.common.Authorizable;
-import org.apache.sentry.core.model.db.Database;
-import org.apache.sentry.core.model.db.Server;
+import org.apache.sentry.core.common.ActiveRoleSet;
import org.apache.sentry.provider.file.PolicyFile;
import org.apache.sentry.provider.file.PolicyFiles;
import org.junit.AfterClass;
import org.junit.BeforeClass;
import org.junit.Test;
-import com.google.common.collect.ImmutableSetMultimap;
-import com.google.common.collect.Lists;
+import com.google.common.collect.ImmutableSet;
+import com.google.common.collect.Sets;
import com.google.common.io.Files;
public class TestSimpleDBPolicyEngineDFS extends AbstractTestSimplePolicyEngine {
@@ -72,7 +70,8 @@ public class TestSimpleDBPolicyEngineDFS extends AbstractTestSimplePolicyEngine
fileSystem.delete(etc, true);
fileSystem.mkdirs(etc);
PolicyFiles.copyToDir(fileSystem, etc, "test-authz-provider.ini", "test-authz-provider-other-group.ini");
- setPolicy(new DBPolicyFileBackend(new Path(etc, "test-authz-provider.ini").toString(), "server1"));
+ setPolicy(new DBPolicyFileBackend("server1",
+ new Path(etc, "test-authz-provider.ini").toString()));
}
@Override
protected void beforeTeardown() throws IOException {
@@ -104,15 +103,12 @@ public class TestSimpleDBPolicyEngineDFS extends AbstractTestSimplePolicyEngine
PolicyFiles.copyFilesToDir(fileSystem, etc, globalPolicyFile);
PolicyFiles.copyFilesToDir(fileSystem, etc, dbPolicyFile);
DBPolicyFileBackend multiFSEngine =
- new DBPolicyFileBackend(globalPolicyFile.getPath(), "server1");
+ new DBPolicyFileBackend("server1", globalPolicyFile.getPath());
- List<Authorizable> dbAuthorizables = Lists.newArrayList();
- dbAuthorizables.add(new Server("server1"));
- dbAuthorizables.add(new Database("db11"));
- List<String> dbGroups = Lists.newArrayList();
+ Set<String> dbGroups = Sets.newHashSet();
dbGroups.add("group1");
- ImmutableSetMultimap <String, String> dbPerms =
- multiFSEngine.getPermissions(dbAuthorizables, dbGroups);
+ ImmutableSet<String> dbPerms =
+ multiFSEngine.getPrivileges(dbGroups, ActiveRoleSet.ALL);
Assert.assertEquals("No DB permissions found", 1, dbPerms.size());
}
}
http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/644e8be3/sentry-policy/sentry-policy-db/src/test/java/org/apache/sentry/policy/db/TestSimpleDBPolicyEngineLocalFS.java
----------------------------------------------------------------------
diff --git a/sentry-policy/sentry-policy-db/src/test/java/org/apache/sentry/policy/db/TestSimpleDBPolicyEngineLocalFS.java b/sentry-policy/sentry-policy-db/src/test/java/org/apache/sentry/policy/db/TestSimpleDBPolicyEngineLocalFS.java
index 86ec2fa..cb4e1a2 100644
--- a/sentry-policy/sentry-policy-db/src/test/java/org/apache/sentry/policy/db/TestSimpleDBPolicyEngineLocalFS.java
+++ b/sentry-policy/sentry-policy-db/src/test/java/org/apache/sentry/policy/db/TestSimpleDBPolicyEngineLocalFS.java
@@ -32,7 +32,8 @@ public class TestSimpleDBPolicyEngineLocalFS extends AbstractTestSimplePolicyEng
Assert.assertNotNull(baseDir);
Assert.assertTrue(baseDir.isDirectory() || baseDir.mkdirs());
PolicyFiles.copyToDir(baseDir, "test-authz-provider.ini", "test-authz-provider-other-group.ini");
- setPolicy(new DBPolicyFileBackend(new File(baseDir, "test-authz-provider.ini").getPath(), "server1"));
+ setPolicy(new DBPolicyFileBackend("server1",
+ new File(baseDir, "test-authz-provider.ini").getPath()));
}
@Override
protected void beforeTeardown() throws IOException {
http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/644e8be3/sentry-policy/sentry-policy-search/src/main/java/org/apache/sentry/policy/search/AbstractSearchPrivilegeValidator.java
----------------------------------------------------------------------
diff --git a/sentry-policy/sentry-policy-search/src/main/java/org/apache/sentry/policy/search/AbstractSearchPrivilegeValidator.java b/sentry-policy/sentry-policy-search/src/main/java/org/apache/sentry/policy/search/AbstractSearchPrivilegeValidator.java
new file mode 100644
index 0000000..a4e611c
--- /dev/null
+++ b/sentry-policy/sentry-policy-search/src/main/java/org/apache/sentry/policy/search/AbstractSearchPrivilegeValidator.java
@@ -0,0 +1,51 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.sentry.policy.search;
+
+import static org.apache.sentry.provider.file.PolicyFileConstants.AUTHORIZABLE_SPLITTER;
+import static org.apache.sentry.provider.file.PolicyFileConstants.PRIVILEGE_PREFIX;
+
+import java.util.List;
+
+import org.apache.sentry.core.model.search.SearchModelAuthorizable;
+import org.apache.sentry.policy.common.PrivilegeValidator;
+import org.apache.shiro.config.ConfigurationException;
+
+import com.google.common.annotations.VisibleForTesting;
+import com.google.common.collect.Lists;
+
+public abstract class AbstractSearchPrivilegeValidator implements PrivilegeValidator {
+
+ @VisibleForTesting
+ public static Iterable<SearchModelAuthorizable> parsePrivilege(String string) {
+ List<SearchModelAuthorizable> result = Lists.newArrayList();
+ System.err.println("privilege = " + string);
+ for(String section : AUTHORIZABLE_SPLITTER.split(string)) {
+ // XXX this ugly hack is because action is not an authorizable
+ if(!section.toLowerCase().startsWith(PRIVILEGE_PREFIX)) {
+ SearchModelAuthorizable authorizable = SearchModelAuthorizables.from(section);
+ if(authorizable == null) {
+ String msg = "No authorizable found for " + section;
+ throw new ConfigurationException(msg);
+ }
+ result.add(authorizable);
+ }
+ }
+ return result;
+ }
+
+}
http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/644e8be3/sentry-policy/sentry-policy-search/src/main/java/org/apache/sentry/policy/search/AbstractSearchRoleValidator.java
----------------------------------------------------------------------
diff --git a/sentry-policy/sentry-policy-search/src/main/java/org/apache/sentry/policy/search/AbstractSearchRoleValidator.java b/sentry-policy/sentry-policy-search/src/main/java/org/apache/sentry/policy/search/AbstractSearchRoleValidator.java
deleted file mode 100644
index 8e7c19f..0000000
--- a/sentry-policy/sentry-policy-search/src/main/java/org/apache/sentry/policy/search/AbstractSearchRoleValidator.java
+++ /dev/null
@@ -1,50 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one or more
- * contributor license agreements. See the NOTICE file distributed with
- * this work for additional information regarding copyright ownership.
- * The ASF licenses this file to You under the Apache License, Version 2.0
- * (the "License"); you may not use this file except in compliance with
- * the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package org.apache.sentry.policy.search;
-
-import static org.apache.sentry.provider.file.PolicyFileConstants.AUTHORIZABLE_SPLITTER;
-import static org.apache.sentry.provider.file.PolicyFileConstants.PRIVILEGE_PREFIX;
-
-import java.util.List;
-
-import org.apache.sentry.policy.common.RoleValidator;
-import org.apache.sentry.core.model.search.SearchModelAuthorizable;
-import org.apache.shiro.config.ConfigurationException;
-
-import com.google.common.annotations.VisibleForTesting;
-import com.google.common.collect.Lists;
-
-public abstract class AbstractSearchRoleValidator implements RoleValidator {
-
- @VisibleForTesting
- public static Iterable<SearchModelAuthorizable> parseRole(String string) {
- List<SearchModelAuthorizable> result = Lists.newArrayList();
- for(String section : AUTHORIZABLE_SPLITTER.split(string)) {
- // XXX this ugly hack is because action is not an authorizeable
- if(!section.toLowerCase().startsWith(PRIVILEGE_PREFIX)) {
- SearchModelAuthorizable authorizable = SearchModelAuthorizables.from(section);
- if(authorizable == null) {
- String msg = "No authorizable found for " + section;
- throw new ConfigurationException(msg);
- }
- result.add(authorizable);
- }
- }
- return result;
- }
-
-}
http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/644e8be3/sentry-policy/sentry-policy-search/src/main/java/org/apache/sentry/policy/search/CollectionRequiredInPrivilege.java
----------------------------------------------------------------------
diff --git a/sentry-policy/sentry-policy-search/src/main/java/org/apache/sentry/policy/search/CollectionRequiredInPrivilege.java b/sentry-policy/sentry-policy-search/src/main/java/org/apache/sentry/policy/search/CollectionRequiredInPrivilege.java
new file mode 100644
index 0000000..81ff67f
--- /dev/null
+++ b/sentry-policy/sentry-policy-search/src/main/java/org/apache/sentry/policy/search/CollectionRequiredInPrivilege.java
@@ -0,0 +1,43 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.sentry.policy.search;
+
+import org.apache.sentry.core.common.SentryConfigurationException;
+import org.apache.sentry.core.model.search.Collection;
+import org.apache.sentry.core.model.search.SearchModelAuthorizable;
+import org.apache.sentry.policy.common.PrivilegeValidatorContext;
+
+public class CollectionRequiredInPrivilege extends AbstractSearchPrivilegeValidator {
+
+ @Override
+ public void validate(PrivilegeValidatorContext context) throws SentryConfigurationException {
+ String privilege = context.getPrivilege();
+ Iterable<SearchModelAuthorizable> authorizables = parsePrivilege(privilege);
+ boolean foundCollectionInAuthorizables = false;
+
+ for(SearchModelAuthorizable authorizable : authorizables) {
+ if(authorizable instanceof Collection) {
+ foundCollectionInAuthorizables = true;
+ break;
+ }
+ }
+ if(!foundCollectionInAuthorizables) {
+ String msg = "Missing collection object in " + privilege;
+ throw new SentryConfigurationException(msg);
+ }
+ }
+}
http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/644e8be3/sentry-policy/sentry-policy-search/src/main/java/org/apache/sentry/policy/search/CollectionRequiredInRole.java
----------------------------------------------------------------------
diff --git a/sentry-policy/sentry-policy-search/src/main/java/org/apache/sentry/policy/search/CollectionRequiredInRole.java b/sentry-policy/sentry-policy-search/src/main/java/org/apache/sentry/policy/search/CollectionRequiredInRole.java
deleted file mode 100644
index 7f152d9..0000000
--- a/sentry-policy/sentry-policy-search/src/main/java/org/apache/sentry/policy/search/CollectionRequiredInRole.java
+++ /dev/null
@@ -1,44 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one or more
- * contributor license agreements. See the NOTICE file distributed with
- * this work for additional information regarding copyright ownership.
- * The ASF licenses this file to You under the Apache License, Version 2.0
- * (the "License"); you may not use this file except in compliance with
- * the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package org.apache.sentry.policy.search;
-
-import javax.annotation.Nullable;
-
-import org.apache.sentry.core.model.search.Collection;
-import org.apache.sentry.core.model.search.SearchModelAuthorizable;
-import org.apache.shiro.config.ConfigurationException;
-
-public class CollectionRequiredInRole extends AbstractSearchRoleValidator {
-
- @Override
- public void validate(@Nullable String database, String role) throws ConfigurationException {
- Iterable<SearchModelAuthorizable> authorizables = parseRole(role);
- boolean foundCollectionInAuthorizables = false;
-
- for(SearchModelAuthorizable authorizable : authorizables) {
- if(authorizable instanceof Collection) {
- foundCollectionInAuthorizables = true;
- break;
- }
- }
-
- if(!foundCollectionInAuthorizables) {
- String msg = "Missing collection object in " + role;
- throw new ConfigurationException(msg);
- }
- }
-}
http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/644e8be3/sentry-policy/sentry-policy-search/src/main/java/org/apache/sentry/policy/search/SearchWildcardPermission.java
----------------------------------------------------------------------
diff --git a/sentry-policy/sentry-policy-search/src/main/java/org/apache/sentry/policy/search/SearchWildcardPermission.java b/sentry-policy/sentry-policy-search/src/main/java/org/apache/sentry/policy/search/SearchWildcardPermission.java
deleted file mode 100644
index 2d2e0bb..0000000
--- a/sentry-policy/sentry-policy-search/src/main/java/org/apache/sentry/policy/search/SearchWildcardPermission.java
+++ /dev/null
@@ -1,152 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-
-// copied from apache shiro
-
-package org.apache.sentry.policy.search;
-
-import static org.apache.sentry.provider.file.PolicyFileConstants.AUTHORIZABLE_JOINER;
-import static org.apache.sentry.provider.file.PolicyFileConstants.AUTHORIZABLE_SPLITTER;
-
-import java.io.Serializable;
-import java.util.List;
-
-import org.apache.sentry.core.model.search.SearchConstants;
-import org.apache.sentry.policy.common.PermissionFactory;
-import org.apache.sentry.provider.file.KeyValue;
-import org.apache.sentry.provider.file.PolicyFileConstants;
-import org.apache.shiro.authz.Permission;
-import org.slf4j.Logger;
-import org.slf4j.LoggerFactory;
-
-import com.google.common.base.Preconditions;
-import com.google.common.base.Strings;
-import com.google.common.collect.ImmutableList;
-import com.google.common.collect.Lists;
-
-public class SearchWildcardPermission implements Permission, Serializable {
- private static final Logger LOGGER = LoggerFactory
- .getLogger(SearchWildcardPermission.class);
- private static final long serialVersionUID = -6785051263922740819L;
-
- private final ImmutableList<KeyValue> parts;
-
- public SearchWildcardPermission(String wildcardString) {
- wildcardString = Strings.nullToEmpty(wildcardString).trim();
- if (wildcardString.isEmpty()) {
- throw new IllegalArgumentException("Wildcard string cannot be null or empty.");
- }
- List<KeyValue>parts = Lists.newArrayList();
- for (String authorizable : AUTHORIZABLE_SPLITTER.trimResults().split(wildcardString)) {
- if (authorizable.isEmpty()) {
- throw new IllegalArgumentException("Privilege '" + wildcardString + "' has an empty section");
- }
- parts.add(new KeyValue(authorizable));
- }
- if (parts.isEmpty()) {
- throw new AssertionError("Should never occur: " + wildcardString);
- }
- this.parts = ImmutableList.copyOf(parts);
- }
-
-
- @Override
- public boolean implies(Permission p) {
- // By default only supports comparisons with other SearchWildcardPermissions
- if (!(p instanceof SearchWildcardPermission)) {
- return false;
- }
-
- SearchWildcardPermission wp = (SearchWildcardPermission) p;
-
- List<KeyValue> otherParts = wp.parts;
- if(equals(wp)) {
- return true;
- }
- int index = 0;
- for (KeyValue otherPart : otherParts) {
- // If this permission has less parts than the other permission, everything
- // after the number of parts contained
- // in this permission is automatically implied, so return true
- if (parts.size() - 1 < index) {
- return true;
- } else {
- KeyValue part = parts.get(index);
- // are the keys even equal
- if(!part.getKey().equalsIgnoreCase(otherPart.getKey())) {
- return false;
- }
- if (!impliesKeyValue(part, otherPart)) {
- return false;
- }
- index++;
- }
- }
- // If this permission has more parts than
- // the other parts, only imply it if
- // all of the other parts are wildcards
- for (; index < parts.size(); index++) {
- KeyValue part = parts.get(index);
- if (!part.getValue().equals(SearchConstants.ALL)) {
- return false;
- }
- }
-
- return true;
- }
-
- private boolean impliesKeyValue(KeyValue policyPart, KeyValue requestPart) {
- Preconditions.checkState(policyPart.getKey().equalsIgnoreCase(requestPart.getKey()),
- "Please report, this method should not be called with two different keys");
- if(policyPart.getValue().equals(SearchConstants.ALL) || policyPart.equals(requestPart)) {
- return true;
- } else if (!PolicyFileConstants.PRIVILEGE_NAME.equalsIgnoreCase(policyPart.getKey())
- && SearchConstants.ALL.equalsIgnoreCase(requestPart.getValue())) {
- /* permission request is to match with any object of given type */
- return true;
- }
- return false;
- }
-
- @Override
- public String toString() {
- return AUTHORIZABLE_JOINER.join(parts);
- }
-
- @Override
- public boolean equals(Object o) {
- if (o instanceof SearchWildcardPermission) {
- SearchWildcardPermission wp = (SearchWildcardPermission) o;
- return parts.equals(wp.parts);
- }
- return false;
- }
-
- @Override
- public int hashCode() {
- return parts.hashCode();
- }
-
- public static class SearchWildcardPermissionFactory implements PermissionFactory {
- @Override
- public Permission createPermission(String permission) {
- return new SearchWildcardPermission(permission);
- }
- }
-}
http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/644e8be3/sentry-policy/sentry-policy-search/src/main/java/org/apache/sentry/policy/search/SearchWildcardPrivilege.java
----------------------------------------------------------------------
diff --git a/sentry-policy/sentry-policy-search/src/main/java/org/apache/sentry/policy/search/SearchWildcardPrivilege.java b/sentry-policy/sentry-policy-search/src/main/java/org/apache/sentry/policy/search/SearchWildcardPrivilege.java
new file mode 100644
index 0000000..9a33fcf
--- /dev/null
+++ b/sentry-policy/sentry-policy-search/src/main/java/org/apache/sentry/policy/search/SearchWildcardPrivilege.java
@@ -0,0 +1,146 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+// copied from apache shiro
+
+package org.apache.sentry.policy.search;
+
+import static org.apache.sentry.provider.file.PolicyFileConstants.AUTHORIZABLE_JOINER;
+import static org.apache.sentry.provider.file.PolicyFileConstants.AUTHORIZABLE_SPLITTER;
+
+import java.util.List;
+
+import org.apache.sentry.core.model.search.SearchConstants;
+import org.apache.sentry.policy.common.Privilege;
+import org.apache.sentry.policy.common.PrivilegeFactory;
+import org.apache.sentry.provider.file.KeyValue;
+import org.apache.sentry.provider.file.PolicyFileConstants;
+
+import com.google.common.base.Preconditions;
+import com.google.common.base.Strings;
+import com.google.common.collect.ImmutableList;
+import com.google.common.collect.Lists;
+
+public class SearchWildcardPrivilege implements Privilege {
+
+ private final ImmutableList<KeyValue> parts;
+
+ public SearchWildcardPrivilege(String wildcardString) {
+ wildcardString = Strings.nullToEmpty(wildcardString).trim();
+ if (wildcardString.isEmpty()) {
+ throw new IllegalArgumentException("Wildcard string cannot be null or empty.");
+ }
+ List<KeyValue>parts = Lists.newArrayList();
+ for (String authorizable : AUTHORIZABLE_SPLITTER.trimResults().split(wildcardString)) {
+ if (authorizable.isEmpty()) {
+ throw new IllegalArgumentException("Privilege '" + wildcardString + "' has an empty section");
+ }
+ parts.add(new KeyValue(authorizable));
+ }
+ if (parts.isEmpty()) {
+ throw new AssertionError("Should never occur: " + wildcardString);
+ }
+ this.parts = ImmutableList.copyOf(parts);
+ }
+
+
+ @Override
+ public boolean implies(Privilege p) {
+ // By default only supports comparisons with other SearchWildcardPermissions
+ if (!(p instanceof SearchWildcardPrivilege)) {
+ return false;
+ }
+
+ SearchWildcardPrivilege wp = (SearchWildcardPrivilege) p;
+
+ List<KeyValue> otherParts = wp.parts;
+ if(equals(wp)) {
+ return true;
+ }
+ int index = 0;
+ for (KeyValue otherPart : otherParts) {
+ // If this privilege has less parts than the other privilege, everything
+ // after the number of parts contained
+ // in this privilege is automatically implied, so return true
+ if (parts.size() - 1 < index) {
+ return true;
+ } else {
+ KeyValue part = parts.get(index);
+ // are the keys even equal
+ if(!part.getKey().equalsIgnoreCase(otherPart.getKey())) {
+ return false;
+ }
+ if (!impliesKeyValue(part, otherPart)) {
+ return false;
+ }
+ index++;
+ }
+ }
+ // If this privilege has more parts than
+ // the other parts, only imply it if
+ // all of the other parts are wildcards
+ for (; index < parts.size(); index++) {
+ KeyValue part = parts.get(index);
+ if (!part.getValue().equals(SearchConstants.ALL)) {
+ return false;
+ }
+ }
+
+ return true;
+ }
+
+ private boolean impliesKeyValue(KeyValue policyPart, KeyValue requestPart) {
+ Preconditions.checkState(policyPart.getKey().equalsIgnoreCase(requestPart.getKey()),
+ "Please report, this method should not be called with two different keys");
+ if(policyPart.getValue().equals(SearchConstants.ALL) || policyPart.equals(requestPart)) {
+ return true;
+ } else if (!PolicyFileConstants.PRIVILEGE_NAME.equalsIgnoreCase(policyPart.getKey())
+ && SearchConstants.ALL.equalsIgnoreCase(requestPart.getValue())) {
+ /* privilege request is to match with any object of given type */
+ return true;
+ }
+ return false;
+ }
+
+ @Override
+ public String toString() {
+ return AUTHORIZABLE_JOINER.join(parts);
+ }
+
+ @Override
+ public boolean equals(Object o) {
+ if (o instanceof SearchWildcardPrivilege) {
+ SearchWildcardPrivilege wp = (SearchWildcardPrivilege) o;
+ return parts.equals(wp.parts);
+ }
+ return false;
+ }
+
+ @Override
+ public int hashCode() {
+ return parts.hashCode();
+ }
+
+ public static class SearchWildcardPrivilegeFactory implements PrivilegeFactory {
+ @Override
+ public Privilege createPrivilege(String privilege) {
+ return new SearchWildcardPrivilege(privilege);
+ }
+ }
+}
http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/644e8be3/sentry-policy/sentry-policy-search/src/main/java/org/apache/sentry/policy/search/SimpleSearchPolicyEngine.java
----------------------------------------------------------------------
diff --git a/sentry-policy/sentry-policy-search/src/main/java/org/apache/sentry/policy/search/SimpleSearchPolicyEngine.java b/sentry-policy/sentry-policy-search/src/main/java/org/apache/sentry/policy/search/SimpleSearchPolicyEngine.java
index 51ab35d..728e356 100644
--- a/sentry-policy/sentry-policy-search/src/main/java/org/apache/sentry/policy/search/SimpleSearchPolicyEngine.java
+++ b/sentry-policy/sentry-policy-search/src/main/java/org/apache/sentry/policy/search/SimpleSearchPolicyEngine.java
@@ -16,29 +16,20 @@
*/
package org.apache.sentry.policy.search;
-import javax.annotation.Nullable;
+import java.util.Set;
-import java.io.IOException;
-import java.util.List;
-import java.util.Map.Entry;
-
-import org.apache.shiro.config.ConfigurationException;
-import org.apache.sentry.core.common.Authorizable;
+import org.apache.sentry.core.common.ActiveRoleSet;
import org.apache.sentry.core.common.SentryConfigurationException;
-import org.apache.sentry.policy.common.PermissionFactory;
+import org.apache.sentry.policy.common.PrivilegeFactory;
import org.apache.sentry.policy.common.PolicyEngine;
-import org.apache.sentry.policy.common.RoleValidator;
+import org.apache.sentry.policy.common.PrivilegeValidator;
import org.apache.sentry.provider.common.ProviderBackend;
-import org.apache.sentry.provider.common.Roles;
-import org.apache.sentry.provider.file.SimpleFileProviderBackend;
+import org.apache.sentry.provider.common.ProviderBackendContext;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
-import com.google.common.annotations.VisibleForTesting;
-import com.google.common.collect.ImmutableMap;
+import com.google.common.collect.ImmutableList;
import com.google.common.collect.ImmutableSet;
-import com.google.common.collect.ImmutableSetMultimap;
-import com.google.common.collect.Lists;
/**
* A PolicyEngine for a search service.
@@ -48,87 +39,46 @@ public class SimpleSearchPolicyEngine implements PolicyEngine {
private static final Logger LOGGER = LoggerFactory
.getLogger(SimpleSearchPolicyEngine.class);
- private ProviderBackend providerBackend;
+ private final ProviderBackend providerBackend;
public SimpleSearchPolicyEngine(ProviderBackend providerBackend) {
- List<? extends RoleValidator> validators =
- Lists.newArrayList(new CollectionRequiredInRole());
this.providerBackend = providerBackend;
- this.providerBackend.process(validators);
-
- if (!this.providerBackend.getRoles().getPerDatabaseRoles().isEmpty()) {
- throw new ConfigurationException(
- "SimpleSearchPolicyEngine does not support per-database roles, " +
- "but per-database roles were specified. Ignoring.");
- }
- }
-
- /*
- * Note: finalize is final because constructor throws exception, see:
- * OBJ11-J.
- */
- public final void finalize() {
- // do nothing
+ ProviderBackendContext context = new ProviderBackendContext();
+ context.setAllowPerDatabase(false);
+ context.setValidators(createPrivilegeValidators());
+ this.providerBackend.initialize(context);
}
/**
* {@inheritDoc}
*/
@Override
- public PermissionFactory getPermissionFactory() {
- return new SearchWildcardPermission.SearchWildcardPermissionFactory();
+ public PrivilegeFactory getPrivilegeFactory() {
+ return new SearchWildcardPrivilege.SearchWildcardPrivilegeFactory();
}
/**
* {@inheritDoc}
*/
@Override
- public ImmutableSetMultimap<String, String> getPermissions(List<? extends Authorizable> authorizables, List<String> groups) {
+ public ImmutableSet<String> getPrivileges(Set<String> groups, ActiveRoleSet roleSet) {
if(LOGGER.isDebugEnabled()) {
LOGGER.debug("Getting permissions for {}", groups);
}
- ImmutableSetMultimap.Builder<String, String> resultBuilder = ImmutableSetMultimap.builder();
- for(String group : groups) {
- resultBuilder.putAll(group, getSearchRoles(group,providerBackend.getRoles()));
- }
- ImmutableSetMultimap<String, String> result = resultBuilder.build();
+ ImmutableSet<String> result = providerBackend.getPrivileges(groups, roleSet);
if(LOGGER.isDebugEnabled()) {
LOGGER.debug("result = " + result);
}
return result;
}
- private ImmutableSet<String> getSearchRoles(String group, Roles roles) {
- ImmutableSetMultimap<String, String> globalRoles = roles.getGlobalRoles();
- ImmutableSet.Builder<String> resultBuilder = ImmutableSet.builder();
-
- if(globalRoles.containsKey(group)) {
- resultBuilder.addAll(globalRoles.get(group));
- }
- ImmutableSet<String> result = resultBuilder.build();
- if(LOGGER.isDebugEnabled()) {
- LOGGER.debug("Group {}, Result {}",
- new Object[]{ group, result});
- }
- return result;
- }
-
- @Override
- public ImmutableSet<String> listPermissions(String groupName)
- throws SentryConfigurationException {
- // TODO: not supported yet
- throw new SentryConfigurationException("Not implemented yet");
- }
-
@Override
- public ImmutableSet<String> listPermissions(List<String> groupName)
+ public void validatePolicy(boolean strictValidation)
throws SentryConfigurationException {
throw new SentryConfigurationException("Not implemented yet");
}
- @Override
- public void validatePolicy(boolean strictValidation)
- throws SentryConfigurationException {
- throw new SentryConfigurationException("Not implemented yet");
+ public static ImmutableList<PrivilegeValidator> createPrivilegeValidators() {
+ return ImmutableList.<PrivilegeValidator>of(new CollectionRequiredInPrivilege());
}
-}
+}
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/644e8be3/sentry-policy/sentry-policy-search/src/test/java/org/apache/sentry/policy/search/AbstractTestSearchPolicyEngine.java
----------------------------------------------------------------------
diff --git a/sentry-policy/sentry-policy-search/src/test/java/org/apache/sentry/policy/search/AbstractTestSearchPolicyEngine.java b/sentry-policy/sentry-policy-search/src/test/java/org/apache/sentry/policy/search/AbstractTestSearchPolicyEngine.java
index 24e9521..d1c415b 100644
--- a/sentry-policy/sentry-policy-search/src/test/java/org/apache/sentry/policy/search/AbstractTestSearchPolicyEngine.java
+++ b/sentry-policy/sentry-policy-search/src/test/java/org/apache/sentry/policy/search/AbstractTestSearchPolicyEngine.java
@@ -18,15 +18,13 @@ package org.apache.sentry.policy.search;
import java.io.File;
import java.io.IOException;
-import java.util.List;
import java.util.Set;
import java.util.TreeSet;
import junit.framework.Assert;
import org.apache.commons.io.FileUtils;
-import org.apache.sentry.core.common.Authorizable;
-import org.apache.sentry.core.model.search.Collection;
+import org.apache.sentry.core.common.ActiveRoleSet;
import org.apache.sentry.policy.common.PolicyEngine;
import org.junit.After;
import org.junit.AfterClass;
@@ -34,7 +32,6 @@ import org.junit.Before;
import org.junit.BeforeClass;
import org.junit.Test;
-import com.google.common.collect.Lists;
import com.google.common.collect.Sets;
import com.google.common.io.Files;
@@ -50,7 +47,6 @@ public abstract class AbstractTestSearchPolicyEngine {
private PolicyEngine policy;
private static File baseDir;
- private List<Authorizable> authorizables = Lists.newArrayList();
@BeforeClass
public static void setupClazz() throws IOException {
@@ -94,7 +90,7 @@ public abstract class AbstractTestSearchPolicyEngine {
ANALYST_TMPCOLLECTION_QUERY, JRANALYST_JRANALYST1_ALL,
JRANALYST_PURCHASES_PARTIAL_QUERY));
Assert.assertEquals(expected.toString(),
- new TreeSet<String>(policy.getPermissions(authorizables, list("manager")).values())
+ new TreeSet<String>(policy.getPrivileges(set("manager"), ActiveRoleSet.ALL))
.toString());
}
@@ -105,7 +101,7 @@ public abstract class AbstractTestSearchPolicyEngine {
ANALYST_JRANALYST1_ACTION_ALL, ANALYST_TMPCOLLECTION_UPDATE,
ANALYST_TMPCOLLECTION_QUERY));
Assert.assertEquals(expected.toString(),
- new TreeSet<String>(policy.getPermissions(authorizables, list("analyst")).values())
+ new TreeSet<String>(policy.getPrivileges(set("analyst"), ActiveRoleSet.ALL))
.toString());
}
@@ -115,7 +111,7 @@ public abstract class AbstractTestSearchPolicyEngine {
.newHashSet(JRANALYST_JRANALYST1_ALL,
JRANALYST_PURCHASES_PARTIAL_QUERY));
Assert.assertEquals(expected.toString(),
- new TreeSet<String>(policy.getPermissions(authorizables, list("jranalyst")).values())
+ new TreeSet<String>(policy.getPrivileges(set("jranalyst"), ActiveRoleSet.ALL))
.toString());
}
@@ -123,11 +119,11 @@ public abstract class AbstractTestSearchPolicyEngine {
public void testAdmin() throws Exception {
Set<String> expected = Sets.newTreeSet(Sets.newHashSet(ADMIN_COLLECTION_ALL));
Assert.assertEquals(expected.toString(),
- new TreeSet<String>(policy.getPermissions(authorizables, list("admin")).values())
+ new TreeSet<String>(policy.getPrivileges(set("admin"), ActiveRoleSet.ALL))
.toString());
}
- private static List<String> list(String... values) {
- return Lists.newArrayList(values);
+ private static Set<String> set(String... values) {
+ return Sets.newHashSet(values);
}
}
http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/644e8be3/sentry-policy/sentry-policy-search/src/test/java/org/apache/sentry/policy/search/SearchPolicyFileBackend.java
----------------------------------------------------------------------
diff --git a/sentry-policy/sentry-policy-search/src/test/java/org/apache/sentry/policy/search/SearchPolicyFileBackend.java b/sentry-policy/sentry-policy-search/src/test/java/org/apache/sentry/policy/search/SearchPolicyFileBackend.java
index 874f2db..fd8af78 100644
--- a/sentry-policy/sentry-policy-search/src/test/java/org/apache/sentry/policy/search/SearchPolicyFileBackend.java
+++ b/sentry-policy/sentry-policy-search/src/test/java/org/apache/sentry/policy/search/SearchPolicyFileBackend.java
@@ -17,6 +17,7 @@
package org.apache.sentry.policy.search;
import java.io.IOException;
+
import org.apache.sentry.provider.file.SimpleFileProviderBackend;
public class SearchPolicyFileBackend extends SimpleSearchPolicyEngine {
http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/644e8be3/sentry-policy/sentry-policy-search/src/test/java/org/apache/sentry/policy/search/TestCollectionRequiredInRole.java
----------------------------------------------------------------------
diff --git a/sentry-policy/sentry-policy-search/src/test/java/org/apache/sentry/policy/search/TestCollectionRequiredInRole.java b/sentry-policy/sentry-policy-search/src/test/java/org/apache/sentry/policy/search/TestCollectionRequiredInRole.java
index a56aabd..b626f1a 100644
--- a/sentry-policy/sentry-policy-search/src/test/java/org/apache/sentry/policy/search/TestCollectionRequiredInRole.java
+++ b/sentry-policy/sentry-policy-search/src/test/java/org/apache/sentry/policy/search/TestCollectionRequiredInRole.java
@@ -20,6 +20,7 @@ package org.apache.sentry.policy.search;
import junit.framework.Assert;
+import org.apache.sentry.policy.common.PrivilegeValidatorContext;
import org.apache.shiro.config.ConfigurationException;
import org.junit.Test;
@@ -27,11 +28,11 @@ public class TestCollectionRequiredInRole {
@Test
public void testEmptyRole() throws Exception {
- CollectionRequiredInRole collRequiredInRole = new CollectionRequiredInRole();
+ CollectionRequiredInPrivilege collRequiredInRole = new CollectionRequiredInPrivilege();
// check no db
try {
- collRequiredInRole.validate(null,"index=index1");
+ collRequiredInRole.validate(new PrivilegeValidatorContext("index=index1"));
Assert.fail("Expected ConfigurationException");
} catch (ConfigurationException e) {
;
@@ -39,7 +40,7 @@ public class TestCollectionRequiredInRole {
// check with db
try {
- collRequiredInRole.validate("db1","index=index2");
+ collRequiredInRole.validate(new PrivilegeValidatorContext("db1","index=index2"));
Assert.fail("Expected ConfigurationException");
} catch (ConfigurationException e) {
;
@@ -48,15 +49,15 @@ public class TestCollectionRequiredInRole {
@Test
public void testCollectionWithoutAction() throws Exception {
- CollectionRequiredInRole collRequiredInRole = new CollectionRequiredInRole();
- collRequiredInRole.validate(null,"collection=nodb");
- collRequiredInRole.validate("db2","collection=db");
+ CollectionRequiredInPrivilege collRequiredInRole = new CollectionRequiredInPrivilege();
+ collRequiredInRole.validate(new PrivilegeValidatorContext("collection=nodb"));
+ collRequiredInRole.validate(new PrivilegeValidatorContext("db2","collection=db"));
}
@Test
public void testCollectionWithAction() throws Exception {
- CollectionRequiredInRole collRequiredInRole = new CollectionRequiredInRole();
- collRequiredInRole.validate(null,"collection=nodb->action=query");
- collRequiredInRole.validate("db2","collection=db->action=update");
+ CollectionRequiredInPrivilege collRequiredInRole = new CollectionRequiredInPrivilege();
+ collRequiredInRole.validate(new PrivilegeValidatorContext(null,"collection=nodb->action=query"));
+ collRequiredInRole.validate(new PrivilegeValidatorContext("db2","collection=db->action=update"));
}
}
http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/644e8be3/sentry-policy/sentry-policy-search/src/test/java/org/apache/sentry/policy/search/TestSearchAuthorizationProviderGeneralCases.java
----------------------------------------------------------------------
diff --git a/sentry-policy/sentry-policy-search/src/test/java/org/apache/sentry/policy/search/TestSearchAuthorizationProviderGeneralCases.java b/sentry-policy/sentry-policy-search/src/test/java/org/apache/sentry/policy/search/TestSearchAuthorizationProviderGeneralCases.java
index 4bbaf3a..6f36243 100644
--- a/sentry-policy/sentry-policy-search/src/test/java/org/apache/sentry/policy/search/TestSearchAuthorizationProviderGeneralCases.java
+++ b/sentry-policy/sentry-policy-search/src/test/java/org/apache/sentry/policy/search/TestSearchAuthorizationProviderGeneralCases.java
@@ -27,11 +27,11 @@ import junit.framework.Assert;
import org.apache.commons.io.FileUtils;
import org.apache.sentry.core.common.Action;
+import org.apache.sentry.core.common.ActiveRoleSet;
import org.apache.sentry.core.common.Authorizable;
import org.apache.sentry.core.common.Subject;
-import org.apache.sentry.core.model.search.SearchConstants;
-import org.apache.sentry.core.model.search.SearchModelAction;
import org.apache.sentry.core.model.search.Collection;
+import org.apache.sentry.core.model.search.SearchModelAction;
import org.apache.sentry.provider.common.MockGroupMappingServiceProvider;
import org.apache.sentry.provider.file.HadoopGroupResourceAuthorizationProvider;
import org.apache.sentry.provider.file.PolicyFiles;
@@ -117,7 +117,7 @@ public class TestSearchAuthorizationProviderGeneralCases {
.add("Privileges", privileges).add("authzHierarchy", authzHierarchy);
LOGGER.info("Running with " + helper.toString());
Assert.assertEquals(helper.toString(), expected,
- authzProvider.hasAccess(subject, authzHierarchy, privileges));
+ authzProvider.hasAccess(subject, authzHierarchy, privileges, ActiveRoleSet.ALL));
LOGGER.info("Passed " + helper.toString());
}
http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/644e8be3/sentry-policy/sentry-policy-search/src/test/java/org/apache/sentry/policy/search/TestSearchAuthorizationProviderSpecialCases.java
----------------------------------------------------------------------
diff --git a/sentry-policy/sentry-policy-search/src/test/java/org/apache/sentry/policy/search/TestSearchAuthorizationProviderSpecialCases.java b/sentry-policy/sentry-policy-search/src/test/java/org/apache/sentry/policy/search/TestSearchAuthorizationProviderSpecialCases.java
index 2a7872d..801a702 100644
--- a/sentry-policy/sentry-policy-search/src/test/java/org/apache/sentry/policy/search/TestSearchAuthorizationProviderSpecialCases.java
+++ b/sentry-policy/sentry-policy-search/src/test/java/org/apache/sentry/policy/search/TestSearchAuthorizationProviderSpecialCases.java
@@ -25,8 +25,9 @@ import java.util.Set;
import junit.framework.Assert;
import org.apache.commons.io.FileUtils;
-import org.apache.sentry.core.common.Authorizable;
import org.apache.sentry.core.common.Action;
+import org.apache.sentry.core.common.ActiveRoleSet;
+import org.apache.sentry.core.common.Authorizable;
import org.apache.sentry.core.common.Subject;
import org.apache.sentry.core.model.search.Collection;
import org.apache.sentry.core.model.search.SearchModelAction;
@@ -75,7 +76,7 @@ public class TestSearchAuthorizationProviderSpecialCases {
authzProvider = new LocalGroupResourceAuthorizationProvider(initResource, policy);
List<? extends Authorizable> authorizableHierarchy = ImmutableList.of(collection1);
Assert.assertTrue(authorizableHierarchy.toString(),
- authzProvider.hasAccess(user1, authorizableHierarchy, actions));
+ authzProvider.hasAccess(user1, authorizableHierarchy, actions, ActiveRoleSet.ALL));
}
}
http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/644e8be3/sentry-policy/sentry-policy-search/src/test/java/org/apache/sentry/policy/search/TestSearchModelAuthorizables.java
----------------------------------------------------------------------
diff --git a/sentry-policy/sentry-policy-search/src/test/java/org/apache/sentry/policy/search/TestSearchModelAuthorizables.java b/sentry-policy/sentry-policy-search/src/test/java/org/apache/sentry/policy/search/TestSearchModelAuthorizables.java
index bd06b7e..c68cd75 100644
--- a/sentry-policy/sentry-policy-search/src/test/java/org/apache/sentry/policy/search/TestSearchModelAuthorizables.java
+++ b/sentry-policy/sentry-policy-search/src/test/java/org/apache/sentry/policy/search/TestSearchModelAuthorizables.java
@@ -20,9 +20,7 @@ package org.apache.sentry.policy.search;
import static junit.framework.Assert.assertEquals;
import static junit.framework.Assert.assertNull;
-
import org.apache.sentry.core.model.search.Collection;
-import org.apache.sentry.policy.search.SearchModelAuthorizables;
import org.junit.Test;
public class TestSearchModelAuthorizables {
http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/644e8be3/sentry-policy/sentry-policy-search/src/test/java/org/apache/sentry/policy/search/TestSearchPolicyEngineDFS.java
----------------------------------------------------------------------
diff --git a/sentry-policy/sentry-policy-search/src/test/java/org/apache/sentry/policy/search/TestSearchPolicyEngineDFS.java b/sentry-policy/sentry-policy-search/src/test/java/org/apache/sentry/policy/search/TestSearchPolicyEngineDFS.java
index 1683eec..735935e 100644
--- a/sentry-policy/sentry-policy-search/src/test/java/org/apache/sentry/policy/search/TestSearchPolicyEngineDFS.java
+++ b/sentry-policy/sentry-policy-search/src/test/java/org/apache/sentry/policy/search/TestSearchPolicyEngineDFS.java
@@ -18,7 +18,6 @@ package org.apache.sentry.policy.search;
import java.io.File;
import java.io.IOException;
-import java.util.List;
import junit.framework.Assert;
@@ -26,16 +25,9 @@ import org.apache.hadoop.conf.Configuration;
import org.apache.hadoop.fs.FileSystem;
import org.apache.hadoop.fs.Path;
import org.apache.hadoop.hdfs.MiniDFSCluster;
-import org.apache.sentry.core.common.Authorizable;
-import org.apache.sentry.provider.file.PolicyFile;
import org.apache.sentry.provider.file.PolicyFiles;
import org.junit.AfterClass;
import org.junit.BeforeClass;
-import org.junit.Test;
-
-import com.google.common.collect.ImmutableSetMultimap;
-import com.google.common.collect.Lists;
-import com.google.common.io.Files;
public class TestSearchPolicyEngineDFS extends AbstractTestSearchPolicyEngine {
@@ -71,7 +63,8 @@ public class TestSearchPolicyEngineDFS extends AbstractTestSearchPolicyEngine {
fileSystem.delete(etc, true);
fileSystem.mkdirs(etc);
PolicyFiles.copyToDir(fileSystem, etc, "test-authz-provider.ini");
- setPolicy(new SearchPolicyFileBackend(new Path(etc, "test-authz-provider.ini").toString()));
+ setPolicy(new SearchPolicyFileBackend(new Path(etc,
+ "test-authz-provider.ini").toString()));
}
@Override
http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/644e8be3/sentry-policy/sentry-policy-search/src/test/java/org/apache/sentry/policy/search/TestSearchPolicyNegative.java
----------------------------------------------------------------------
diff --git a/sentry-policy/sentry-policy-search/src/test/java/org/apache/sentry/policy/search/TestSearchPolicyNegative.java b/sentry-policy/sentry-policy-search/src/test/java/org/apache/sentry/policy/search/TestSearchPolicyNegative.java
index 0770aa8..2abe8f2 100644
--- a/sentry-policy/sentry-policy-search/src/test/java/org/apache/sentry/policy/search/TestSearchPolicyNegative.java
+++ b/sentry-policy/sentry-policy-search/src/test/java/org/apache/sentry/policy/search/TestSearchPolicyNegative.java
@@ -18,16 +18,13 @@ package org.apache.sentry.policy.search;
import java.io.File;
import java.io.IOException;
-import java.util.Arrays;
+import java.util.Collections;
import junit.framework.Assert;
import org.apache.commons.io.FileUtils;
-import org.apache.shiro.config.ConfigurationException;
-import org.apache.sentry.core.common.Authorizable;
-import org.apache.sentry.core.model.search.Collection;
+import org.apache.sentry.core.common.ActiveRoleSet;
import org.apache.sentry.policy.common.PolicyEngine;
-import org.apache.sentry.provider.file.PolicyFile;
import org.junit.After;
import org.junit.Before;
import org.junit.Test;
@@ -36,7 +33,7 @@ import org.slf4j.LoggerFactory;
import com.google.common.base.Charsets;
import com.google.common.collect.ImmutableSet;
-import com.google.common.collect.Lists;
+import com.google.common.collect.Sets;
import com.google.common.io.Files;
public class TestSearchPolicyNegative {
@@ -72,26 +69,22 @@ public class TestSearchPolicyNegative {
append("[databases]", globalPolicyFile);
append("other_group_db = " + otherPolicyFile.getPath(), globalPolicyFile);
append("[groups]", otherPolicyFile);
- append("other_group = malicious_role", otherPolicyFile);
+ append("other_group = some_role", otherPolicyFile);
append("[roles]", otherPolicyFile);
- append("malicious_role = collection=*", otherPolicyFile);
- try {
- PolicyEngine policy = new SearchPolicyFileBackend(globalPolicyFile.getPath());
- Assert.fail("Excepted ConfigurationException");
- } catch (ConfigurationException ce) {}
+ append("some_role = collection=c1", otherPolicyFile);
+ SearchPolicyFileBackend policy = new SearchPolicyFileBackend(globalPolicyFile.getPath());
+ Assert.assertEquals(Collections.emptySet(),
+ policy.getPrivileges(Sets.newHashSet("other_group"), ActiveRoleSet.ALL));
}
@Test
public void testCollectionRequiredInRole() throws Exception {
append("[groups]", globalPolicyFile);
- append("group = malicious_role", globalPolicyFile);
+ append("group = some_role", globalPolicyFile);
append("[roles]", globalPolicyFile);
- append("malicious_role = action=query", globalPolicyFile);
+ append("some_role = action=query", globalPolicyFile);
PolicyEngine policy = new SearchPolicyFileBackend(globalPolicyFile.getPath());
- ImmutableSet<String> permissions = policy.getPermissions(
- Arrays.asList(new Authorizable[] {
- new Collection("collection1"),
- }), Lists.newArrayList("group")).get("group");
+ ImmutableSet<String> permissions = policy.getPrivileges(Sets.newHashSet("group"), ActiveRoleSet.ALL);
Assert.assertTrue(permissions.toString(), permissions.isEmpty());
}
@@ -102,10 +95,7 @@ public class TestSearchPolicyNegative {
append("[roles]", globalPolicyFile);
append("malicious_role = collection=*", globalPolicyFile);
PolicyEngine policy = new SearchPolicyFileBackend(globalPolicyFile.getPath());
- ImmutableSet<String> permissions = policy.getPermissions(
- Arrays.asList(new Authorizable[] {
- Collection.ALL
- }), Lists.newArrayList("incorrectGroup")).get("incorrectGroup");
+ ImmutableSet<String> permissions = policy.getPrivileges(Sets.newHashSet("incorrectGroup"), ActiveRoleSet.ALL);
Assert.assertTrue(permissions.toString(), permissions.isEmpty());
}
}
http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/644e8be3/sentry-policy/sentry-policy-search/src/test/java/org/apache/sentry/policy/search/TestSearchWildcardPermission.java
----------------------------------------------------------------------
diff --git a/sentry-policy/sentry-policy-search/src/test/java/org/apache/sentry/policy/search/TestSearchWildcardPermission.java b/sentry-policy/sentry-policy-search/src/test/java/org/apache/sentry/policy/search/TestSearchWildcardPermission.java
deleted file mode 100644
index b20595d..0000000
--- a/sentry-policy/sentry-policy-search/src/test/java/org/apache/sentry/policy/search/TestSearchWildcardPermission.java
+++ /dev/null
@@ -1,206 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-package org.apache.sentry.policy.search;
-import static junit.framework.Assert.assertEquals;
-import static junit.framework.Assert.assertFalse;
-import static junit.framework.Assert.assertTrue;
-import static org.apache.sentry.provider.file.PolicyFileConstants.AUTHORIZABLE_JOINER;
-import static org.apache.sentry.provider.file.PolicyFileConstants.KV_JOINER;
-import static org.apache.sentry.provider.file.PolicyFileConstants.KV_SEPARATOR;
-
-import org.apache.sentry.core.model.search.SearchConstants;
-import org.apache.sentry.provider.file.KeyValue;
-import org.apache.shiro.authz.Permission;
-import org.junit.Test;
-
-public class TestSearchWildcardPermission {
-
- private static final String ALL = SearchConstants.ALL;
-
- @Test
- public void testSimpleNoAction() throws Exception {
- Permission collection1 = create(new KeyValue("collection", "coll1"));
- Permission collection2 = create(new KeyValue("collection", "coll2"));
- Permission collection1Case = create(new KeyValue("colleCtIon", "coLl1"));
-
- assertTrue(collection1.implies(collection1));
- assertTrue(collection2.implies(collection2));
- assertTrue(collection1.implies(collection1Case));
- assertTrue(collection1Case.implies(collection1));
-
- assertFalse(collection1.implies(collection2));
- assertFalse(collection1Case.implies(collection2));
- assertFalse(collection2.implies(collection1));
- assertFalse(collection2.implies(collection1Case));
- }
-
- @Test
- public void testSimpleAction() throws Exception {
- Permission query =
- create(new KeyValue("collection", "coll1"), new KeyValue("action", "query"));
- Permission update =
- create(new KeyValue("collection", "coll1"), new KeyValue("action", "update"));
- Permission queryCase =
- create(new KeyValue("colleCtIon", "coLl1"), new KeyValue("AcTiOn", "QuERy"));
-
- assertTrue(query.implies(query));
- assertTrue(update.implies(update));
- assertTrue(query.implies(queryCase));
- assertTrue(queryCase.implies(query));
-
- assertFalse(query.implies(update));
- assertFalse(queryCase.implies(update));
- assertFalse(update.implies(query));
- assertFalse(update.implies(queryCase));
- }
-
- @Test
- public void testRoleShorterThanRequest() throws Exception {
- Permission collection1 = create(new KeyValue("collection", "coll1"));
- Permission query =
- create(new KeyValue("collection", "coll1"), new KeyValue("action", "query"));
- Permission update =
- create(new KeyValue("collection", "coll1"), new KeyValue("action", "update"));
- Permission all =
- create(new KeyValue("collection", "coll1"), new KeyValue("action", ALL));
-
- assertTrue(collection1.implies(query));
- assertTrue(collection1.implies(update));
- assertTrue(collection1.implies(all));
-
- assertFalse(query.implies(collection1));
- assertFalse(update.implies(collection1));
- assertTrue(all.implies(collection1));
- }
-
- @Test
- public void testCollectionAll() throws Exception {
- Permission collectionAll = create(new KeyValue("collection", ALL));
- Permission collection1 = create(new KeyValue("collection", "coll1"));
- assertTrue(collectionAll.implies(collection1));
- assertTrue(collection1.implies(collectionAll));
-
- Permission allUpdate =
- create(new KeyValue("collection", ALL), new KeyValue("action", "update"));
- Permission allQuery =
- create(new KeyValue("collection", ALL), new KeyValue("action", "query"));
- Permission coll1Update =
- create(new KeyValue("collection", "coll1"), new KeyValue("action", "update"));
- Permission coll1Query =
- create(new KeyValue("collection", "coll1"), new KeyValue("action", "query"));
- assertTrue(allUpdate.implies(coll1Update));
- assertTrue(allQuery.implies(coll1Query));
- assertTrue(coll1Update.implies(allUpdate));
- assertTrue(coll1Query.implies(allQuery));
- assertFalse(allUpdate.implies(coll1Query));
- assertFalse(coll1Update.implies(coll1Query));
- assertFalse(allQuery.implies(coll1Update));
- assertFalse(coll1Query.implies(allUpdate));
- assertFalse(allUpdate.implies(allQuery));
- assertFalse(allQuery.implies(allUpdate));
- assertFalse(coll1Update.implies(coll1Query));
- assertFalse(coll1Query.implies(coll1Update));
-
- // test different length paths
- assertTrue(collectionAll.implies(allUpdate));
- assertTrue(collectionAll.implies(allQuery));
- assertTrue(collectionAll.implies(coll1Update));
- assertTrue(collectionAll.implies(coll1Query));
- assertFalse(allUpdate.implies(collectionAll));
- assertFalse(allQuery.implies(collectionAll));
- assertFalse(coll1Update.implies(collectionAll));
- assertFalse(coll1Query.implies(collectionAll));
- }
-
- @Test
- public void testActionAll() throws Exception {
- Permission coll1All =
- create(new KeyValue("collection", "coll1"), new KeyValue("action", ALL));
- Permission coll1Update =
- create(new KeyValue("collection", "coll1"), new KeyValue("action", "update"));
- Permission coll1Query =
- create(new KeyValue("collection", "coll1"), new KeyValue("action", "query"));
- assertTrue(coll1All.implies(coll1All));
- assertTrue(coll1All.implies(coll1Update));
- assertTrue(coll1All.implies(coll1Query));
- assertFalse(coll1Update.implies(coll1All));
- assertFalse(coll1Query.implies(coll1All));
-
- // test different lengths
- Permission coll1 =
- create(new KeyValue("collection", "coll1"));
- assertTrue(coll1All.implies(coll1));
- assertTrue(coll1.implies(coll1All));
- }
-
- @Test
- public void testUnexpected() throws Exception {
- Permission p = new Permission() {
- @Override
- public boolean implies(Permission p) {
- return false;
- }
- };
- Permission collection1 = create(new KeyValue("collection", "coll1"));
- assertFalse(collection1.implies(null));
- assertFalse(collection1.implies(p));
- assertFalse(collection1.equals(null));
- assertFalse(collection1.equals(p));
- }
-
- @Test(expected=IllegalArgumentException.class)
- public void testNullString() throws Exception {
- System.out.println(create((String)null));
- }
-
- @Test(expected=IllegalArgumentException.class)
- public void testEmptyString() throws Exception {
- System.out.println(create(""));
- }
-
- @Test(expected=IllegalArgumentException.class)
- public void testEmptyKey() throws Exception {
- System.out.println(create(KV_JOINER.join("collection", "")));
- }
-
- @Test(expected=IllegalArgumentException.class)
- public void testEmptyValue() throws Exception {
- System.out.println(create(KV_JOINER.join("", "coll1")));
- }
-
- @Test(expected=IllegalArgumentException.class)
- public void testEmptyPart() throws Exception {
- System.out.println(create(AUTHORIZABLE_JOINER.
- join(KV_JOINER.join("collection1", "coll1"), "")));
- }
-
- @Test(expected=IllegalArgumentException.class)
- public void testOnlySeperators() throws Exception {
- System.out.println(create(AUTHORIZABLE_JOINER.
- join(KV_SEPARATOR, KV_SEPARATOR, KV_SEPARATOR)));
- }
-
- static SearchWildcardPermission create(KeyValue... keyValues) {
- return create(AUTHORIZABLE_JOINER.join(keyValues));
-
- }
- static SearchWildcardPermission create(String s) {
- return new SearchWildcardPermission(s);
- }
-}
http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/644e8be3/sentry-policy/sentry-policy-search/src/test/java/org/apache/sentry/policy/search/TestSearchWildcardPrivilege.java
----------------------------------------------------------------------
diff --git a/sentry-policy/sentry-policy-search/src/test/java/org/apache/sentry/policy/search/TestSearchWildcardPrivilege.java b/sentry-policy/sentry-policy-search/src/test/java/org/apache/sentry/policy/search/TestSearchWildcardPrivilege.java
new file mode 100644
index 0000000..cb5531f
--- /dev/null
+++ b/sentry-policy/sentry-policy-search/src/test/java/org/apache/sentry/policy/search/TestSearchWildcardPrivilege.java
@@ -0,0 +1,205 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.sentry.policy.search;
+import static junit.framework.Assert.assertFalse;
+import static junit.framework.Assert.assertTrue;
+import static org.apache.sentry.provider.file.PolicyFileConstants.AUTHORIZABLE_JOINER;
+import static org.apache.sentry.provider.file.PolicyFileConstants.KV_JOINER;
+import static org.apache.sentry.provider.file.PolicyFileConstants.KV_SEPARATOR;
+
+import org.apache.sentry.core.model.search.SearchConstants;
+import org.apache.sentry.policy.common.Privilege;
+import org.apache.sentry.provider.file.KeyValue;
+import org.junit.Test;
+
+public class TestSearchWildcardPrivilege {
+
+ private static final String ALL = SearchConstants.ALL;
+
+ @Test
+ public void testSimpleNoAction() throws Exception {
+ Privilege collection1 = create(new KeyValue("collection", "coll1"));
+ Privilege collection2 = create(new KeyValue("collection", "coll2"));
+ Privilege collection1Case = create(new KeyValue("colleCtIon", "coLl1"));
+
+ assertTrue(collection1.implies(collection1));
+ assertTrue(collection2.implies(collection2));
+ assertTrue(collection1.implies(collection1Case));
+ assertTrue(collection1Case.implies(collection1));
+
+ assertFalse(collection1.implies(collection2));
+ assertFalse(collection1Case.implies(collection2));
+ assertFalse(collection2.implies(collection1));
+ assertFalse(collection2.implies(collection1Case));
+ }
+
+ @Test
+ public void testSimpleAction() throws Exception {
+ Privilege query =
+ create(new KeyValue("collection", "coll1"), new KeyValue("action", "query"));
+ Privilege update =
+ create(new KeyValue("collection", "coll1"), new KeyValue("action", "update"));
+ Privilege queryCase =
+ create(new KeyValue("colleCtIon", "coLl1"), new KeyValue("AcTiOn", "QuERy"));
+
+ assertTrue(query.implies(query));
+ assertTrue(update.implies(update));
+ assertTrue(query.implies(queryCase));
+ assertTrue(queryCase.implies(query));
+
+ assertFalse(query.implies(update));
+ assertFalse(queryCase.implies(update));
+ assertFalse(update.implies(query));
+ assertFalse(update.implies(queryCase));
+ }
+
+ @Test
+ public void testRoleShorterThanRequest() throws Exception {
+ Privilege collection1 = create(new KeyValue("collection", "coll1"));
+ Privilege query =
+ create(new KeyValue("collection", "coll1"), new KeyValue("action", "query"));
+ Privilege update =
+ create(new KeyValue("collection", "coll1"), new KeyValue("action", "update"));
+ Privilege all =
+ create(new KeyValue("collection", "coll1"), new KeyValue("action", ALL));
+
+ assertTrue(collection1.implies(query));
+ assertTrue(collection1.implies(update));
+ assertTrue(collection1.implies(all));
+
+ assertFalse(query.implies(collection1));
+ assertFalse(update.implies(collection1));
+ assertTrue(all.implies(collection1));
+ }
+
+ @Test
+ public void testCollectionAll() throws Exception {
+ Privilege collectionAll = create(new KeyValue("collection", ALL));
+ Privilege collection1 = create(new KeyValue("collection", "coll1"));
+ assertTrue(collectionAll.implies(collection1));
+ assertTrue(collection1.implies(collectionAll));
+
+ Privilege allUpdate =
+ create(new KeyValue("collection", ALL), new KeyValue("action", "update"));
+ Privilege allQuery =
+ create(new KeyValue("collection", ALL), new KeyValue("action", "query"));
+ Privilege coll1Update =
+ create(new KeyValue("collection", "coll1"), new KeyValue("action", "update"));
+ Privilege coll1Query =
+ create(new KeyValue("collection", "coll1"), new KeyValue("action", "query"));
+ assertTrue(allUpdate.implies(coll1Update));
+ assertTrue(allQuery.implies(coll1Query));
+ assertTrue(coll1Update.implies(allUpdate));
+ assertTrue(coll1Query.implies(allQuery));
+ assertFalse(allUpdate.implies(coll1Query));
+ assertFalse(coll1Update.implies(coll1Query));
+ assertFalse(allQuery.implies(coll1Update));
+ assertFalse(coll1Query.implies(allUpdate));
+ assertFalse(allUpdate.implies(allQuery));
+ assertFalse(allQuery.implies(allUpdate));
+ assertFalse(coll1Update.implies(coll1Query));
+ assertFalse(coll1Query.implies(coll1Update));
+
+ // test different length paths
+ assertTrue(collectionAll.implies(allUpdate));
+ assertTrue(collectionAll.implies(allQuery));
+ assertTrue(collectionAll.implies(coll1Update));
+ assertTrue(collectionAll.implies(coll1Query));
+ assertFalse(allUpdate.implies(collectionAll));
+ assertFalse(allQuery.implies(collectionAll));
+ assertFalse(coll1Update.implies(collectionAll));
+ assertFalse(coll1Query.implies(collectionAll));
+ }
+
+ @Test
+ public void testActionAll() throws Exception {
+ Privilege coll1All =
+ create(new KeyValue("collection", "coll1"), new KeyValue("action", ALL));
+ Privilege coll1Update =
+ create(new KeyValue("collection", "coll1"), new KeyValue("action", "update"));
+ Privilege coll1Query =
+ create(new KeyValue("collection", "coll1"), new KeyValue("action", "query"));
+ assertTrue(coll1All.implies(coll1All));
+ assertTrue(coll1All.implies(coll1Update));
+ assertTrue(coll1All.implies(coll1Query));
+ assertFalse(coll1Update.implies(coll1All));
+ assertFalse(coll1Query.implies(coll1All));
+
+ // test different lengths
+ Privilege coll1 =
+ create(new KeyValue("collection", "coll1"));
+ assertTrue(coll1All.implies(coll1));
+ assertTrue(coll1.implies(coll1All));
+ }
+
+ @Test
+ public void testUnexpected() throws Exception {
+ Privilege p = new Privilege() {
+ @Override
+ public boolean implies(Privilege p) {
+ return false;
+ }
+ };
+ Privilege collection1 = create(new KeyValue("collection", "coll1"));
+ assertFalse(collection1.implies(null));
+ assertFalse(collection1.implies(p));
+ assertFalse(collection1.equals(null));
+ assertFalse(collection1.equals(p));
+ }
+
+ @Test(expected=IllegalArgumentException.class)
+ public void testNullString() throws Exception {
+ System.out.println(create((String)null));
+ }
+
+ @Test(expected=IllegalArgumentException.class)
+ public void testEmptyString() throws Exception {
+ System.out.println(create(""));
+ }
+
+ @Test(expected=IllegalArgumentException.class)
+ public void testEmptyKey() throws Exception {
+ System.out.println(create(KV_JOINER.join("collection", "")));
+ }
+
+ @Test(expected=IllegalArgumentException.class)
+ public void testEmptyValue() throws Exception {
+ System.out.println(create(KV_JOINER.join("", "coll1")));
+ }
+
+ @Test(expected=IllegalArgumentException.class)
+ public void testEmptyPart() throws Exception {
+ System.out.println(create(AUTHORIZABLE_JOINER.
+ join(KV_JOINER.join("collection1", "coll1"), "")));
+ }
+
+ @Test(expected=IllegalArgumentException.class)
+ public void testOnlySeperators() throws Exception {
+ System.out.println(create(AUTHORIZABLE_JOINER.
+ join(KV_SEPARATOR, KV_SEPARATOR, KV_SEPARATOR)));
+ }
+
+ static SearchWildcardPrivilege create(KeyValue... keyValues) {
+ return create(AUTHORIZABLE_JOINER.join(keyValues));
+
+ }
+ static SearchWildcardPrivilege create(String s) {
+ return new SearchWildcardPrivilege(s);
+ }
+}
http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/644e8be3/sentry-provider/pom.xml
----------------------------------------------------------------------
diff --git a/sentry-provider/pom.xml b/sentry-provider/pom.xml
index b1594cf..9bec058 100644
--- a/sentry-provider/pom.xml
+++ b/sentry-provider/pom.xml
@@ -32,6 +32,7 @@ limitations under the License.
<modules>
<module>sentry-provider-common</module>
<module>sentry-provider-file</module>
+ <module>sentry-provider-db</module>
</modules>
</project>