You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@sentry.apache.org by va...@apache.org on 2017/06/14 00:56:43 UTC
[05/52] [abbrv] sentry git commit: SENTRY-1734: Create/Alter/Drop
database/table should check corresponding property before drop privileges
(Alex Kolbasov, reviewed by: Hao Hao)
SENTRY-1734: Create/Alter/Drop database/table should check corresponding property before drop privileges (Alex Kolbasov, reviewed by: Hao Hao)
Change-Id: Id0f6655b68f844e47e281b907b93f3442d33ccfe
Reviewed-on: http://gerrit.sjc.cloudera.com:8080/22205
Tested-by: Jenkins User
Reviewed-by: Alexander Kolbasov <ak...@cloudera.com>
Project: http://git-wip-us.apache.org/repos/asf/sentry/repo
Commit: http://git-wip-us.apache.org/repos/asf/sentry/commit/ae2589d6
Tree: http://git-wip-us.apache.org/repos/asf/sentry/tree/ae2589d6
Diff: http://git-wip-us.apache.org/repos/asf/sentry/diff/ae2589d6
Branch: refs/for/cdh5-1.5.1_ha
Commit: ae2589d67f1a745fcdeb9841589395534e3c1450
Parents: d419afe
Author: Alexander Kolbasov <ak...@cloudera.com>
Authored: Sun Apr 30 18:56:32 2017 -0700
Committer: Alexander Kolbasov <ak...@cloudera.com>
Committed: Sun Apr 30 20:15:54 2017 -0700
----------------------------------------------------------------------
.../sentry/service/thrift/HMSFollower.java | 107 +++++++++++--------
1 file changed, 60 insertions(+), 47 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/sentry/blob/ae2589d6/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/service/thrift/HMSFollower.java
----------------------------------------------------------------------
diff --git a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/service/thrift/HMSFollower.java b/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/service/thrift/HMSFollower.java
index fb35baf..122da84 100644
--- a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/service/thrift/HMSFollower.java
+++ b/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/service/thrift/HMSFollower.java
@@ -32,12 +32,12 @@ import org.apache.hadoop.security.SaslRpcServer;
import org.apache.hadoop.security.SecurityUtil;
import org.apache.hive.hcatalog.messaging.HCatEventMessage;
import org.apache.sentry.binding.hive.conf.HiveAuthzConf;
-import org.apache.sentry.core.common.exception.*;
-import org.apache.sentry.provider.db.SentryInvalidInputException;
-import org.apache.sentry.provider.db.SentryNoSuchObjectException;
+import org.apache.sentry.core.common.exception.SentryInvalidHMSEventException;
import org.apache.sentry.hdfs.PermissionsUpdate;
import org.apache.sentry.hdfs.FullUpdateInitializer;
import org.apache.sentry.hdfs.service.thrift.TPrivilegeChanges;
+import org.apache.sentry.provider.db.SentryInvalidInputException;
+import org.apache.sentry.provider.db.SentryNoSuchObjectException;
import org.apache.sentry.provider.db.SentryPolicyStorePlugin;
import org.apache.sentry.provider.db.service.persistent.SentryStore;
import org.apache.sentry.provider.db.service.thrift.TSentryAuthorizable;
@@ -177,7 +177,7 @@ public class HMSFollower implements Runnable {
throw e;
} finally {
// Shutdown kerberos context if HMS connection failed to setup to avoid thread leaks.
- if (kerberosContext != null && client == null) {
+ if ((kerberosContext != null) && (client == null)) {
kerberosContext.shutDown();
kerberosContext = null;
}
@@ -285,7 +285,7 @@ public class HMSFollower implements Runnable {
} else {
LOGGER.error("ThriftException occured fetching Notification entries, will try", e);
}
- } catch (SentryInvalidInputException|SentryInvalidHMSEventException e) {
+ } catch (SentryInvalidInputException |SentryInvalidHMSEventException e) {
LOGGER.error("Encounter SentryInvalidInputException|SentryInvalidHMSEventException " +
"while processing notification log", e);
} catch (Throwable t) {
@@ -359,7 +359,11 @@ public class HMSFollower implements Runnable {
final CounterWait counterWait = sentryStore.getCounterWait();
for (NotificationEvent event : events) {
- String dbName, tableName, oldLocation, newLocation, location;
+ String dbName;
+ String tableName;
+ String oldLocation;
+ String newLocation;
+ String location;
List<String> locations;
NotificationProcessor notificationProcessor = new NotificationProcessor(sentryStore, LOGGER);
switch (HCatEventMessage.EventType.valueOf(event.getEventType())) {
@@ -367,13 +371,15 @@ public class HMSFollower implements Runnable {
SentryJSONCreateDatabaseMessage message = deserializer.getCreateDatabaseMessage(event.getMessage());
dbName = message.getDB();
location = message.getLocation();
- if (dbName == null || location == null) {
+ if ((dbName == null) || (location == null)) {
throw new SentryInvalidHMSEventException(String.format("Create database event " +
"has incomplete information. dbName = %s location = %s",
StringUtils.defaultIfBlank(dbName, "null"),
StringUtils.defaultIfBlank(location, "null")));
}
- dropSentryDbPrivileges(dbName, event);
+ if (syncWithPolicyStore(AUTHZ_SYNC_CREATE_WITH_POLICY_STORE)) {
+ dropSentryDbPrivileges(dbName, event);
+ }
notificationProcessor.processCreateDatabase(dbName,location, event.getEventId());
break;
case DROP_DATABASE:
@@ -382,11 +388,12 @@ public class HMSFollower implements Runnable {
dbName = dropDatabaseMessage.getDB();
location = dropDatabaseMessage.getLocation();
if (dbName == null) {
- throw new SentryInvalidHMSEventException(String.format("Drop database event " +
- "has incomplete information. dbName = %s",
- StringUtils.defaultIfBlank(dbName, "null")));
+ throw new SentryInvalidHMSEventException(
+ "Drop database event has incomplete information: dbName = null");
+ }
+ if (syncWithPolicyStore(AUTHZ_SYNC_DROP_WITH_POLICY_STORE)) {
+ dropSentryDbPrivileges(dbName, event);
}
- dropSentryDbPrivileges(dbName, event);
notificationProcessor.processDropDatabase(dbName, location, event.getEventId());
break;
case CREATE_TABLE:
@@ -394,27 +401,31 @@ public class HMSFollower implements Runnable {
dbName = createTableMessage.getDB();
tableName = createTableMessage.getTable();
location = createTableMessage.getLocation();
- if (dbName == null || tableName == null || location == null) {
+ if ((dbName == null) || (tableName == null) || (location == null)) {
throw new SentryInvalidHMSEventException(String.format("Create table event " +
"has incomplete information. dbName = %s, tableName = %s, location = %s",
StringUtils.defaultIfBlank(dbName, "null"),
StringUtils.defaultIfBlank(tableName, "null"),
StringUtils.defaultIfBlank(location, "null")));
}
- dropSentryTablePrivileges(dbName, tableName, event);
+ if (syncWithPolicyStore(AUTHZ_SYNC_CREATE_WITH_POLICY_STORE)) {
+ dropSentryTablePrivileges(dbName, tableName, event);
+ }
notificationProcessor.processCreateTable(dbName, tableName, location, event.getEventId());
break;
case DROP_TABLE:
SentryJSONDropTableMessage dropTableMessage = deserializer.getDropTableMessage(event.getMessage());
dbName = dropTableMessage.getDB();
tableName = dropTableMessage.getTable();
- if (dbName == null || tableName == null) {
+ if ((dbName == null) || (tableName == null)) {
throw new SentryInvalidHMSEventException(String.format("Drop table event " +
"has incomplete information. dbName = %s, tableName = %s",
StringUtils.defaultIfBlank(dbName, "null"),
StringUtils.defaultIfBlank(tableName, "null")));
}
- dropSentryTablePrivileges(dbName, tableName, event);
+ if (syncWithPolicyStore(AUTHZ_SYNC_DROP_WITH_POLICY_STORE)) {
+ dropSentryTablePrivileges(dbName, tableName, event);
+ }
notificationProcessor.processDropTable(dbName, tableName, event.getEventId());
break;
case ALTER_TABLE:
@@ -427,8 +438,12 @@ public class HMSFollower implements Runnable {
oldLocation = alterTableMessage.getOldLocation();
newLocation = alterTableMessage.getNewLocation();
- if (oldDbName == null || oldTableName == null || newDbName == null || newTableName == null ||
- oldLocation == null || newLocation == null) {
+ if ((oldDbName == null) ||
+ (oldTableName == null) ||
+ (newDbName == null) ||
+ (newTableName == null) ||
+ (oldLocation == null) ||
+ (newLocation == null)) {
throw new SentryInvalidHMSEventException(String.format("Alter table event " +
"has incomplete information. oldDbName = %s, oldTableName = %s, oldLocation = %s, " +
"newDbName = %s, newTableName = %s, newLocation = %s",
@@ -460,7 +475,7 @@ public class HMSFollower implements Runnable {
dbName = addPartitionMessage.getDB();
tableName = addPartitionMessage.getTable();
locations = addPartitionMessage.getLocations();
- if (dbName == null || tableName == null || locations == null) {
+ if ((dbName == null) || (tableName == null) || (locations == null)) {
LOGGER.error(String.format("Create table event has incomplete information. " +
"dbName = %s, tableName = %s, locations = %s",
StringUtils.defaultIfBlank(dbName, "null"),
@@ -476,7 +491,7 @@ public class HMSFollower implements Runnable {
dbName = dropPartitionMessage.getDB();
tableName = dropPartitionMessage.getTable();
locations = dropPartitionMessage.getLocations();
- if (dbName == null || tableName == null || locations == null) {
+ if ((dbName == null) || (tableName == null) || (locations == null)) {
throw new SentryInvalidHMSEventException(String.format("Drop partition event " +
"has incomplete information. dbName = %s, tableName = %s, location = %s",
StringUtils.defaultIfBlank(dbName, "null"),
@@ -494,7 +509,10 @@ public class HMSFollower implements Runnable {
oldLocation = alterPartitionMessage.getOldLocation();
newLocation = alterPartitionMessage.getNewLocation();
- if (dbName == null || tableName == null || oldLocation == null || newLocation == null) {
+ if ((dbName == null) ||
+ (tableName == null) ||
+ (oldLocation == null) ||
+ (newLocation == null)) {
throw new SentryInvalidHMSEventException(String.format("Alter partition event " +
"has incomplete information. dbName = %s, tableName = %s, " +
"oldLocation = %s, newLocation = %s",
@@ -507,6 +525,9 @@ public class HMSFollower implements Runnable {
notificationProcessor.processAlterPartition(dbName, tableName, oldLocation,
newLocation, event.getEventId());
break;
+ case INSERT:
+ // TODO DO we need to do anything here?
+ break;
}
currentEventID = event.getEventId();
// Wake up any HMS waiters that are waiting for this ID.
@@ -519,36 +540,28 @@ public class HMSFollower implements Runnable {
}
private void dropSentryDbPrivileges(String dbName, NotificationEvent event) throws Exception {
- if (!syncWithPolicyStore(AUTHZ_SYNC_DROP_WITH_POLICY_STORE)) {
- return;
- } else {
- try {
- TSentryAuthorizable authorizable = new TSentryAuthorizable(hiveInstance);
- authorizable.setDb(dbName);
- sentryStore.dropPrivilege(authorizable, onDropSentryPrivilege(authorizable));
- } catch (SentryNoSuchObjectException e) {
- LOGGER.info("Drop Sentry privilege ignored as there are no privileges on the database: %s", dbName);
- } catch (Exception e) {
- throw new SentryInvalidInputException("Could not process Drop database event." +
- "Event: " + event.toString(), e);
- }
+ try {
+ TSentryAuthorizable authorizable = new TSentryAuthorizable(hiveInstance);
+ authorizable.setDb(dbName);
+ sentryStore.dropPrivilege(authorizable, onDropSentryPrivilege(authorizable));
+ } catch (SentryNoSuchObjectException e) {
+ LOGGER.info("Drop Sentry privilege ignored as there are no privileges on the database: %s", dbName);
+ } catch (Exception e) {
+ throw new SentryInvalidInputException("Could not process Drop database event." +
+ "Event: " + event.toString(), e);
}
}
private void dropSentryTablePrivileges(String dbName, String tableName, NotificationEvent event) throws Exception {
- if (!syncWithPolicyStore(AUTHZ_SYNC_CREATE_WITH_POLICY_STORE)) {
- return;
- } else {
- try {
- TSentryAuthorizable authorizable = new TSentryAuthorizable(hiveInstance);
- authorizable.setDb(dbName);
- authorizable.setTable(tableName);
- sentryStore.dropPrivilege(authorizable, onDropSentryPrivilege(authorizable));
- } catch (SentryNoSuchObjectException e) {
- LOGGER.info("Drop Sentry privilege ignored as there are no privileges on the table: %s.%s", dbName, tableName);
- } catch (Exception e) {
- throw new SentryInvalidInputException("Could not process Create table event. Event: " + event.toString(), e);
- }
+ try {
+ TSentryAuthorizable authorizable = new TSentryAuthorizable(hiveInstance);
+ authorizable.setDb(dbName);
+ authorizable.setTable(tableName);
+ sentryStore.dropPrivilege(authorizable, onDropSentryPrivilege(authorizable));
+ } catch (SentryNoSuchObjectException e) {
+ LOGGER.info("Drop Sentry privilege ignored as there are no privileges on the table: %s.%s", dbName, tableName);
+ } catch (Exception e) {
+ throw new SentryInvalidInputException("Could not process Create table event. Event: " + event.toString(), e);
}
}