You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@sentry.apache.org by co...@apache.org on 2016/10/27 05:11:36 UTC
[3/3] sentry git commit: SENTRY-1422: JDO deadlocks while processing
grant while a background thread processes Notificationlogs (Colin Ma,
Reviewed by Alexander Kolbasov, Hao Hao)
SENTRY-1422: JDO deadlocks while processing grant while a background thread processes Notificationlogs (Colin Ma, Reviewed by Alexander Kolbasov, Hao Hao)
Project: http://git-wip-us.apache.org/repos/asf/sentry/repo
Commit: http://git-wip-us.apache.org/repos/asf/sentry/commit/13c3305d
Tree: http://git-wip-us.apache.org/repos/asf/sentry/tree/13c3305d
Diff: http://git-wip-us.apache.org/repos/asf/sentry/diff/13c3305d
Branch: refs/heads/sentry-ha-redesign
Commit: 13c3305de5d13d02fda9cfb149843697280518f9
Parents: 049308d
Author: Colin Ma <co...@apache.org>
Authored: Thu Oct 27 13:41:15 2016 +0800
Committer: Colin Ma <co...@apache.org>
Committed: Thu Oct 27 13:41:15 2016 +0800
----------------------------------------------------------------------
.../service/persistent/DelegateSentryStore.java | 499 +++---
.../service/persistent/SentryStoreLayer.java | 55 +-
.../db/service/persistent/SentryStore.java | 1578 ++++++++----------
.../db/service/persistent/TransactionBlock.java | 37 +
.../service/persistent/TransactionManager.java | 134 ++
.../sentry/service/thrift/HMSFollower.java | 23 +-
.../sentry/service/thrift/ServiceConstants.java | 9 +
.../persistent/SentryStoreIntegrationBase.java | 2 +-
.../TestPrivilegeOperatePersistence.java | 9 +-
9 files changed, 1141 insertions(+), 1205 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/sentry/blob/13c3305d/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/generic/service/persistent/DelegateSentryStore.java
----------------------------------------------------------------------
diff --git a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/generic/service/persistent/DelegateSentryStore.java b/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/generic/service/persistent/DelegateSentryStore.java
index bac479f..5e8bc06 100644
--- a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/generic/service/persistent/DelegateSentryStore.java
+++ b/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/generic/service/persistent/DelegateSentryStore.java
@@ -17,12 +17,12 @@
*/
package org.apache.sentry.provider.db.generic.service.persistent;
-import java.io.IOException;
import java.util.Arrays;
import java.util.HashSet;
import java.util.LinkedList;
import java.util.List;
import java.util.Set;
+import java.util.UUID;
import javax.jdo.PersistenceManager;
import javax.jdo.Query;
@@ -31,16 +31,15 @@ import org.apache.hadoop.conf.Configuration;
import org.apache.sentry.core.common.exception.SentryUserException;
import org.apache.sentry.core.common.Authorizable;
import org.apache.sentry.core.common.exception.SentryAccessDeniedException;
-import org.apache.sentry.core.common.exception.SentryAlreadyExistsException;
import org.apache.sentry.core.common.exception.SentryGrantDeniedException;
import org.apache.sentry.core.common.exception.SentryInvalidInputException;
import org.apache.sentry.core.common.exception.SentryNoSuchObjectException;
-import org.apache.sentry.core.common.exception.SentrySiteConfigurationException;
import org.apache.sentry.provider.db.service.model.MSentryGMPrivilege;
import org.apache.sentry.provider.db.service.model.MSentryGroup;
import org.apache.sentry.provider.db.service.model.MSentryRole;
import org.apache.sentry.provider.db.service.persistent.CommitContext;
import org.apache.sentry.provider.db.service.persistent.SentryStore;
+import org.apache.sentry.provider.db.service.persistent.TransactionBlock;
import org.apache.sentry.provider.db.service.thrift.SentryPolicyStoreProcessor;
import org.apache.sentry.provider.db.service.thrift.TSentryGroup;
import org.apache.sentry.provider.db.service.thrift.TSentryRole;
@@ -61,13 +60,13 @@ import com.google.common.collect.Sets;
* resourceName2=cl1,resourceType2=COLUMN ) of generic privilege table
*/
public class DelegateSentryStore implements SentryStoreLayer {
+ private static final UUID SERVER_UUID = UUID.randomUUID();
private final SentryStore delegate;
private final Configuration conf;
private final Set<String> adminGroups;
private final PrivilegeOperatePersistence privilegeOperator;
- public DelegateSentryStore(Configuration conf) throws SentryNoSuchObjectException,
- SentryAccessDeniedException, SentrySiteConfigurationException, IOException {
+ public DelegateSentryStore(Configuration conf) throws Exception {
this.privilegeOperator = new PrivilegeOperatePersistence(conf);
// The generic model doesn't turn on the thread that cleans hive privileges
conf.set(ServerConfig.SENTRY_STORE_ORPHANED_PRIVILEGE_REMOVAL,"false");
@@ -78,29 +77,13 @@ public class DelegateSentryStore implements SentryStoreLayer {
ServerConfig.ADMIN_GROUPS, new String[]{}))));
}
- private PersistenceManager openTransaction() {
- return delegate.openTransaction();
- }
-
- private CommitContext commitUpdateTransaction(PersistenceManager pm) {
- return delegate.commitUpdateTransaction(pm);
- }
-
- private void rollbackTransaction(PersistenceManager pm) {
- delegate.rollbackTransaction(pm);
- }
-
- private void commitTransaction(PersistenceManager pm) {
- delegate.commitTransaction(pm);
- }
-
private MSentryRole getRole(String roleName, PersistenceManager pm) {
return delegate.getMSentryRole(pm, roleName);
}
@Override
public CommitContext createRole(String component, String role,
- String requestor) throws SentryAlreadyExistsException {
+ String requestor) throws Exception {
return delegate.createSentryRole(role);
}
@@ -109,34 +92,28 @@ public class DelegateSentryStore implements SentryStoreLayer {
* privileges, so delete role will remove all privileges related to it.
*/
@Override
- public CommitContext dropRole(String component, String role, String requestor)
- throws SentryNoSuchObjectException {
- boolean rollbackTransaction = true;
- PersistenceManager pm = null;
- String trimmedRole = toTrimmedLower(role);
- try {
- pm = openTransaction();
- Query query = pm.newQuery(MSentryRole.class);
- query.setFilter("this.roleName == t");
- query.declareParameters("java.lang.String t");
- query.setUnique(true);
- MSentryRole sentryRole = (MSentryRole) query.execute(trimmedRole);
- if (sentryRole == null) {
- throw new SentryNoSuchObjectException("Role: " + trimmedRole + " doesn't exist");
- } else {
- pm.retrieve(sentryRole);
- sentryRole.removeGMPrivileges();
- sentryRole.removePrivileges();
- pm.deletePersistent(sentryRole);
- }
- CommitContext commit = commitUpdateTransaction(pm);
- rollbackTransaction = false;
- return commit;
- } finally {
- if (rollbackTransaction) {
- rollbackTransaction(pm);
- }
- }
+ public CommitContext dropRole(final String component, final String role, final String requestor)
+ throws Exception {
+ return (CommitContext)delegate.getTransactionManager().executeTransactionWithRetry(
+ new TransactionBlock() {
+ public Object execute(PersistenceManager pm) throws Exception {
+ String trimmedRole = toTrimmedLower(role);
+ Query query = pm.newQuery(MSentryRole.class);
+ query.setFilter("this.roleName == t");
+ query.declareParameters("java.lang.String t");
+ query.setUnique(true);
+ MSentryRole sentryRole = (MSentryRole) query.execute(trimmedRole);
+ if (sentryRole == null) {
+ throw new SentryNoSuchObjectException("Role: " + trimmedRole + " doesn't exist");
+ } else {
+ pm.retrieve(sentryRole);
+ sentryRole.removeGMPrivileges();
+ sentryRole.removePrivileges();
+ pm.deletePersistent(sentryRole);
+ }
+ return new CommitContext(SERVER_UUID, 0l);
+ }
+ });
}
@Override
@@ -146,84 +123,67 @@ public class DelegateSentryStore implements SentryStoreLayer {
@Override
public CommitContext alterRoleAddGroups(String component, String role,
- Set<String> groups, String requestor) throws SentryNoSuchObjectException {
+ Set<String> groups, String requestor) throws Exception {
return delegate.alterSentryRoleAddGroups(requestor, role, toTSentryGroups(groups));
}
@Override
public CommitContext alterRoleDeleteGroups(String component, String role,
- Set<String> groups, String requestor) throws SentryNoSuchObjectException {
+ Set<String> groups, String requestor) throws Exception {
//called to old sentryStore
return delegate.alterSentryRoleDeleteGroups(role, toTSentryGroups(groups));
}
@Override
- public CommitContext alterRoleGrantPrivilege(String component, String role,
- PrivilegeObject privilege, String grantorPrincipal)
- throws SentryUserException {
- String trimmedRole = toTrimmedLower(role);
- PersistenceManager pm = null;
- boolean rollbackTransaction = true;
- try{
- pm = openTransaction();
- MSentryRole mRole = getRole(trimmedRole, pm);
- if (mRole == null) {
- throw new SentryNoSuchObjectException("Role: " + trimmedRole + " doesn't exist");
- }
- /**
- * check with grant option
- */
- grantOptionCheck(privilege, grantorPrincipal, pm);
-
- privilegeOperator.grantPrivilege(privilege, mRole, pm);
-
- CommitContext commitContext = delegate.commitUpdateTransaction(pm);
- rollbackTransaction = false;
- return commitContext;
-
- } finally {
- if (rollbackTransaction) {
- rollbackTransaction(pm);
- }
- }
+ public CommitContext alterRoleGrantPrivilege(final String component, final String role,
+ final PrivilegeObject privilege, final String grantorPrincipal) throws Exception {
+ return (CommitContext)delegate.getTransactionManager().executeTransactionWithRetry(
+ new TransactionBlock() {
+ public Object execute(PersistenceManager pm) throws Exception {
+ String trimmedRole = toTrimmedLower(role);
+ MSentryRole mRole = getRole(trimmedRole, pm);
+ if (mRole == null) {
+ throw new SentryNoSuchObjectException("Role: " + trimmedRole + " doesn't exist");
+ }
+ /**
+ * check with grant option
+ */
+ grantOptionCheck(privilege, grantorPrincipal, pm);
+
+ privilegeOperator.grantPrivilege(privilege, mRole, pm);
+ return new CommitContext(SERVER_UUID, 0l);
+ }
+ });
}
@Override
- public CommitContext alterRoleRevokePrivilege(String component,
- String role, PrivilegeObject privilege, String grantorPrincipal)
- throws SentryUserException {
- String trimmedRole = toTrimmedLower(role);
- PersistenceManager pm = null;
- boolean rollbackTransaction = true;
- try{
- pm = openTransaction();
- MSentryRole mRole = getRole(trimmedRole, pm);
- if (mRole == null) {
- throw new SentryNoSuchObjectException("Role: " + trimmedRole + " doesn't exist");
- }
- /**
- * check with grant option
- */
- grantOptionCheck(privilege, grantorPrincipal, pm);
-
- privilegeOperator.revokePrivilege(privilege, mRole, pm);
-
- CommitContext commitContext = commitUpdateTransaction(pm);
- rollbackTransaction = false;
- return commitContext;
-
- } finally {
- if (rollbackTransaction) {
- rollbackTransaction(pm);
- }
- }
+ public CommitContext alterRoleRevokePrivilege(final String component,
+ final String role, final PrivilegeObject privilege, final String grantorPrincipal)
+ throws Exception {
+ return (CommitContext)delegate.getTransactionManager().executeTransactionWithRetry(
+ new TransactionBlock() {
+ public Object execute(PersistenceManager pm) throws Exception {
+ String trimmedRole = toTrimmedLower(role);
+ MSentryRole mRole = getRole(trimmedRole, pm);
+ if (mRole == null) {
+ throw new SentryNoSuchObjectException("Role: " + trimmedRole + " doesn't exist");
+ }
+ /**
+ * check with grant option
+ */
+ grantOptionCheck(privilege, grantorPrincipal, pm);
+
+ privilegeOperator.revokePrivilege(privilege, mRole, pm);
+ return new CommitContext(SERVER_UUID, 0l);
+ }
+ });
}
@Override
- public CommitContext renamePrivilege(String component, String service,
- List<? extends Authorizable> oldAuthorizables,
- List<? extends Authorizable> newAuthorizables, String requestor)
- throws SentryUserException {
+ public CommitContext renamePrivilege(final String component, final String service,
+ final List<? extends Authorizable> oldAuthorizables,
+ final List<? extends Authorizable> newAuthorizables, final String requestor)
+ throws Exception {
Preconditions.checkNotNull(component);
Preconditions.checkNotNull(service);
Preconditions.checkNotNull(oldAuthorizables);
@@ -236,44 +196,27 @@ public class DelegateSentryStore implements SentryStoreLayer {
+ "newAuthorizables:" + Arrays.toString(newAuthorizables.toArray()));
}
- PersistenceManager pm = null;
- boolean rollbackTransaction = true;
- try {
- pm = openTransaction();
-
- privilegeOperator.renamePrivilege(toTrimmedLower(component), toTrimmedLower(service),
- oldAuthorizables, newAuthorizables, requestor, pm);
-
- CommitContext commitContext = commitUpdateTransaction(pm);
- rollbackTransaction = false;
- return commitContext;
- } finally {
- if (rollbackTransaction) {
- rollbackTransaction(pm);
- }
- }
+ return (CommitContext)delegate.getTransactionManager().executeTransactionWithRetry(
+ new TransactionBlock() {
+ public Object execute(PersistenceManager pm) throws Exception {
+ privilegeOperator.renamePrivilege(toTrimmedLower(component), toTrimmedLower(service),
+ oldAuthorizables, newAuthorizables, requestor, pm);
+ return new CommitContext(SERVER_UUID, 0l);
+ }
+ });
}
@Override
- public CommitContext dropPrivilege(String component,
- PrivilegeObject privilege, String requestor) throws SentryUserException {
+ public CommitContext dropPrivilege(final String component,
+ final PrivilegeObject privilege, final String requestor) throws Exception {
Preconditions.checkNotNull(requestor);
-
- PersistenceManager pm = null;
- boolean rollbackTransaction = true;
- try {
- pm = openTransaction();
-
- privilegeOperator.dropPrivilege(privilege, pm);
-
- CommitContext commitContext = commitUpdateTransaction(pm);
- rollbackTransaction = false;
- return commitContext;
- } finally {
- if (rollbackTransaction) {
- rollbackTransaction(pm);
- }
- }
+ return (CommitContext)delegate.getTransactionManager().executeTransactionWithRetry(
+ new TransactionBlock() {
+ public Object execute(PersistenceManager pm) throws Exception {
+ privilegeOperator.dropPrivilege(privilege, pm);
+ return new CommitContext(SERVER_UUID, 0l);
+ }
+ });
}
/**
@@ -308,8 +251,7 @@ public class DelegateSentryStore implements SentryStoreLayer {
}
@Override
- public Set<String> getRolesByGroups(String component, Set<String> groups)
- throws SentryUserException {
+ public Set<String> getRolesByGroups(String component, Set<String> groups) throws Exception {
Set<String> roles = Sets.newHashSet();
if (groups == null) {
return roles;
@@ -321,158 +263,148 @@ public class DelegateSentryStore implements SentryStoreLayer {
}
@Override
- public Set<String> getGroupsByRoles(String component, Set<String> roles)
- throws SentryUserException {
- Set<String> trimmedRoles = toTrimmedLower(roles);
- Set<String> groupNames = Sets.newHashSet();
+ public Set<String> getGroupsByRoles(final String component, final Set<String> roles)
+ throws Exception {
+ final Set<String> trimmedRoles = toTrimmedLower(roles);
+ final Set<String> groupNames = Sets.newHashSet();
if (trimmedRoles.size() == 0) {
return groupNames;
}
- PersistenceManager pm = null;
- try{
- pm = openTransaction();
- //get groups by roles
- Query query = pm.newQuery(MSentryGroup.class);
- StringBuilder filters = new StringBuilder();
- query.declareVariables("org.apache.sentry.provider.db.service.model.MSentryRole role");
- List<String> rolesFiler = new LinkedList<String>();
- for (String role : trimmedRoles) {
- rolesFiler.add("role.roleName == \"" + role + "\" ");
- }
- filters.append("roles.contains(role) " + "&& (" + Joiner.on(" || ").join(rolesFiler) + ")");
- query.setFilter(filters.toString());
-
- List<MSentryGroup> groups = (List<MSentryGroup>)query.execute();
- if (groups == null) {
- return groupNames;
- }
- for (MSentryGroup group : groups) {
- groupNames.add(group.getGroupName());
- }
- return groupNames;
- } finally {
- if (pm != null) {
- commitTransaction(pm);
- }
- }
+ return (Set<String>) delegate.getTransactionManager().executeTransaction(
+ new TransactionBlock() {
+ public Object execute(PersistenceManager pm) throws Exception {
+ //get groups by roles
+ Query query = pm.newQuery(MSentryGroup.class);
+ StringBuilder filters = new StringBuilder();
+ query.declareVariables("org.apache.sentry.provider.db.service.model.MSentryRole role");
+ List<String> rolesFiler = new LinkedList<String>();
+ for (String role : trimmedRoles) {
+ rolesFiler.add("role.roleName == \"" + role + "\" ");
+ }
+ filters.append("roles.contains(role) " + "&& (" + Joiner.on(" || ").join(rolesFiler) + ")");
+ query.setFilter(filters.toString());
+
+ List<MSentryGroup> groups = (List<MSentryGroup>)query.execute();
+ if (groups == null) {
+ return groupNames;
+ }
+ for (MSentryGroup group : groups) {
+ groupNames.add(group.getGroupName());
+ }
+ return groupNames;
+ }
+ });
}
@Override
- public Set<PrivilegeObject> getPrivilegesByRole(String component,
- Set<String> roles) throws SentryUserException {
+ public Set<PrivilegeObject> getPrivilegesByRole(final String component,
+ final Set<String> roles) throws Exception {
Preconditions.checkNotNull(roles);
- Set<PrivilegeObject> privileges = Sets.newHashSet();
+ final Set<PrivilegeObject> privileges = Sets.newHashSet();
if (roles.isEmpty()) {
return privileges;
}
- PersistenceManager pm = null;
- try {
- pm = openTransaction();
- Set<MSentryRole> mRoles = Sets.newHashSet();
- for (String role : roles) {
- MSentryRole mRole = getRole(toTrimmedLower(role), pm);
- if (mRole != null) {
- mRoles.add(mRole);
- }
- }
- privileges.addAll(privilegeOperator.getPrivilegesByRole(mRoles, pm));
- } finally {
- if (pm != null) {
- commitTransaction(pm);
- }
- }
- return privileges;
+ return (Set<PrivilegeObject>) delegate.getTransactionManager().executeTransaction(
+ new TransactionBlock() {
+ public Object execute(PersistenceManager pm) throws Exception {
+ Set<MSentryRole> mRoles = Sets.newHashSet();
+ for (String role : roles) {
+ MSentryRole mRole = getRole(toTrimmedLower(role), pm);
+ if (mRole != null) {
+ mRoles.add(mRole);
+ }
+ }
+ privileges.addAll(privilegeOperator.getPrivilegesByRole(mRoles, pm));
+ return privileges;
+ }
+ });
}
@Override
- public Set<PrivilegeObject> getPrivilegesByProvider(String component,
- String service, Set<String> roles, Set<String> groups,
- List<? extends Authorizable> authorizables) throws SentryUserException {
+ public Set<PrivilegeObject> getPrivilegesByProvider(final String component,
+ final String service, final Set<String> roles, final Set<String> groups,
+ final List<? extends Authorizable> authorizables) throws Exception {
Preconditions.checkNotNull(component);
Preconditions.checkNotNull(service);
- String trimmedComponent = toTrimmedLower(component);
- String trimmedService = toTrimmedLower(service);
-
- Set<PrivilegeObject> privileges = Sets.newHashSet();
- PersistenceManager pm = null;
- try {
- pm = openTransaction();
- //CaseInsensitive roleNames
- Set<String> trimmedRoles = toTrimmedLower(roles);
-
- if (groups != null) {
- trimmedRoles.addAll(delegate.getRoleNamesForGroups(groups));
- }
-
- if (trimmedRoles.size() == 0) {
- return privileges;
- }
-
- Set<MSentryRole> mRoles = Sets.newHashSet();
- for (String role : trimmedRoles) {
- MSentryRole mRole = getRole(role, pm);
- if (mRole != null) {
- mRoles.add(mRole);
- }
- }
- //get the privileges
- privileges.addAll(privilegeOperator.getPrivilegesByProvider(trimmedComponent, trimmedService, mRoles, authorizables, pm));
- } finally {
- if (pm != null) {
- commitTransaction(pm);
- }
- }
- return privileges;
+ return (Set<PrivilegeObject>) delegate.getTransactionManager().executeTransaction(
+ new TransactionBlock() {
+ public Object execute(PersistenceManager pm) throws Exception {
+ String trimmedComponent = toTrimmedLower(component);
+ String trimmedService = toTrimmedLower(service);
+ Set<PrivilegeObject> privileges = Sets.newHashSet();
+ //CaseInsensitive roleNames
+ Set<String> trimmedRoles = toTrimmedLower(roles);
+
+ if (groups != null) {
+ trimmedRoles.addAll(delegate.getRoleNamesForGroups(groups));
+ }
+
+ if (trimmedRoles.size() == 0) {
+ return privileges;
+ }
+
+ Set<MSentryRole> mRoles = Sets.newHashSet();
+ for (String role : trimmedRoles) {
+ MSentryRole mRole = getRole(role, pm);
+ if (mRole != null) {
+ mRoles.add(mRole);
+ }
+ }
+ //get the privileges
+ privileges.addAll(privilegeOperator.getPrivilegesByProvider(trimmedComponent,
+ trimmedService, mRoles, authorizables, pm));
+
+ return privileges;
+ }
+ });
}
@Override
- public Set<MSentryGMPrivilege> getPrivilegesByAuthorizable(String component, String service,
- Set<String> validActiveRoles, List<? extends Authorizable> authorizables)
- throws SentryUserException {
-
+ public Set<MSentryGMPrivilege> getPrivilegesByAuthorizable(final String component,
+ final String service, final Set<String> validActiveRoles,
+ final List<? extends Authorizable> authorizables) throws Exception {
Preconditions.checkNotNull(component);
Preconditions.checkNotNull(service);
- component = toTrimmedLower(component);
- service = toTrimmedLower(service);
-
- Set<MSentryGMPrivilege> privileges = Sets.newHashSet();
+ final Set<MSentryGMPrivilege> privileges = Sets.newHashSet();
if (validActiveRoles == null || validActiveRoles.isEmpty()) {
return privileges;
}
- PersistenceManager pm = null;
- try {
- pm = openTransaction();
-
- Set<MSentryRole> mRoles = Sets.newHashSet();
- for (String role : validActiveRoles) {
- MSentryRole mRole = getRole(role, pm);
- if (mRole != null) {
- mRoles.add(mRole);
- }
- }
-
- //get the privileges
- Set<MSentryGMPrivilege> mSentryGMPrivileges = privilegeOperator.getPrivilegesByAuthorizable(component, service, mRoles, authorizables, pm);
-
- for (MSentryGMPrivilege mSentryGMPrivilege : mSentryGMPrivileges) {
- /**
- * force to load all roles related this privilege
- * avoid the lazy-loading
- */
- pm.retrieve(mSentryGMPrivilege);
- privileges.add(mSentryGMPrivilege);
- }
-
- } finally {
- commitTransaction(pm);
- }
- return privileges;
+ return (Set<MSentryGMPrivilege>) delegate.getTransactionManager().executeTransaction(
+ new TransactionBlock() {
+ public Object execute(PersistenceManager pm) throws Exception {
+ String lComponent = toTrimmedLower(component);
+ String lService = toTrimmedLower(service);
+
+ Set<MSentryRole> mRoles = Sets.newHashSet();
+ for (String role : validActiveRoles) {
+ MSentryRole mRole = getRole(role, pm);
+ if (mRole != null) {
+ mRoles.add(mRole);
+ }
+ }
+
+ //get the privileges
+ Set<MSentryGMPrivilege> mSentryGMPrivileges =
+ privilegeOperator.getPrivilegesByAuthorizable(lComponent, lService, mRoles, authorizables, pm);
+
+ for (MSentryGMPrivilege mSentryGMPrivilege : mSentryGMPrivileges) {
+ /**
+ * force to load all roles related this privilege
+ * avoid the lazy-loading
+ */
+ pm.retrieve(mSentryGMPrivilege);
+ privileges.add(mSentryGMPrivilege);
+ }
+
+ return privileges;
+ }
+ });
}
@Override
@@ -523,20 +455,15 @@ public class DelegateSentryStore implements SentryStoreLayer {
}
@VisibleForTesting
- void clearAllTables() {
- boolean rollbackTransaction = true;
- PersistenceManager pm = null;
- try {
- pm = openTransaction();
- pm.newQuery(MSentryRole.class).deletePersistentAll();
- pm.newQuery(MSentryGroup.class).deletePersistentAll();
- pm.newQuery(MSentryGMPrivilege.class).deletePersistentAll();
- commitUpdateTransaction(pm);
- rollbackTransaction = false;
- } finally {
- if (rollbackTransaction) {
- rollbackTransaction(pm);
- }
- }
+ void clearAllTables() throws Exception {
+ delegate.getTransactionManager().executeTransaction(
+ new TransactionBlock() {
+ public Object execute(PersistenceManager pm) throws Exception {
+ pm.newQuery(MSentryRole.class).deletePersistentAll();
+ pm.newQuery(MSentryGroup.class).deletePersistentAll();
+ pm.newQuery(MSentryGMPrivilege.class).deletePersistentAll();
+ return null;
+ }
+ });
}
}
http://git-wip-us.apache.org/repos/asf/sentry/blob/13c3305d/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/generic/service/persistent/SentryStoreLayer.java
----------------------------------------------------------------------
diff --git a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/generic/service/persistent/SentryStoreLayer.java b/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/generic/service/persistent/SentryStoreLayer.java
index c003965..687a7e0 100644
--- a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/generic/service/persistent/SentryStoreLayer.java
+++ b/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/generic/service/persistent/SentryStoreLayer.java
@@ -20,10 +20,7 @@ package org.apache.sentry.provider.db.generic.service.persistent;
import java.util.List;
import java.util.Set;
-import org.apache.sentry.core.common.exception.SentryUserException;
import org.apache.sentry.core.common.Authorizable;
-import org.apache.sentry.core.common.exception.SentryAlreadyExistsException;
-import org.apache.sentry.core.common.exception.SentryNoSuchObjectException;
import org.apache.sentry.provider.db.service.model.MSentryGMPrivilege;
import org.apache.sentry.provider.db.service.persistent.CommitContext;
@@ -37,10 +34,10 @@ public interface SentryStoreLayer {
* @param role: The name of role
* @param requestor: User on whose behalf the request is launched
* @returns commit context used for notification handlers
- * @throws SentryAlreadyExistsException
+ * @throws Exception
*/
CommitContext createRole(String component, String role,
- String requestor) throws SentryAlreadyExistsException;
+ String requestor) throws Exception;
/**
* Drop a role
@@ -48,10 +45,10 @@ public interface SentryStoreLayer {
* @param role: The name of role
* @param requestor: user on whose behalf the request is launched
* @returns commit context used for notification handlers
- * @throws SentryNoSuchObjectException
+ * @throws Exception
*/
CommitContext dropRole(String component, String role,
- String requestor) throws SentryNoSuchObjectException;
+ String requestor) throws Exception;
/**
* Add a role to groups.
@@ -60,10 +57,10 @@ public interface SentryStoreLayer {
* @param groups: The name of groups
* @param requestor: User on whose behalf the request is issued
* @returns commit context used for notification handlers
- * @throws SentryNoSuchObjectException
+ * @throws Exception
*/
CommitContext alterRoleAddGroups(String component, String role,
- Set<String> groups, String requestor) throws SentryNoSuchObjectException;
+ Set<String> groups, String requestor) throws Exception;
/**
* Delete a role from groups.
@@ -72,10 +69,10 @@ public interface SentryStoreLayer {
* @param groups: The name of groups
* @param requestor: User on whose behalf the request is launched
* @returns commit context used for notification handlers
- * @throws SentryNoSuchObjectException
+ * @throws Exception
*/
CommitContext alterRoleDeleteGroups(String component, String role,
- Set<String> groups, String requestor) throws SentryNoSuchObjectException;
+ Set<String> groups, String requestor) throws Exception;
/**
* Grant a privilege to role.
@@ -84,10 +81,10 @@ public interface SentryStoreLayer {
* @param privilege: The privilege object will be granted
* @param grantorPrincipal: User on whose behalf the request is launched
* @returns commit context Used for notification handlers
- * @throws SentryUserException
+ * @throws Exception
*/
CommitContext alterRoleGrantPrivilege(String component, String role,
- PrivilegeObject privilege, String grantorPrincipal) throws SentryUserException;
+ PrivilegeObject privilege, String grantorPrincipal) throws Exception;
/**
* Revoke a privilege from role.
@@ -96,10 +93,10 @@ public interface SentryStoreLayer {
* @param privilege: The privilege object will revoked
* @param grantorPrincipal: User on whose behalf the request is launched
* @returns commit context used for notification handlers
- * @throws SentryUserException
+ * @throws Exception
*/
CommitContext alterRoleRevokePrivilege(String component, String role,
- PrivilegeObject privilege, String grantorPrincipal) throws SentryUserException;
+ PrivilegeObject privilege, String grantorPrincipal) throws Exception;
/**
* Rename privilege
@@ -110,11 +107,11 @@ public interface SentryStoreLayer {
* @param newAuthorizables: The new list of authorize objects
* @param requestor: User on whose behalf the request is launched
* @returns commit context used for notification handlers
- * @throws SentryUserException
+ * @throws Exception
*/
CommitContext renamePrivilege(
String component, String service, List<? extends Authorizable> oldAuthorizables,
- List<? extends Authorizable> newAuthorizables, String requestor) throws SentryUserException;
+ List<? extends Authorizable> newAuthorizables, String requestor) throws Exception;
/**
* Drop privilege
@@ -122,37 +119,37 @@ public interface SentryStoreLayer {
* @param privilege: The privilege will be dropped
* @param requestor: User on whose behalf the request is launched
* @returns commit context used for notification handlers
- * @throws SentryUserException
+ * @throws Exception
*/
CommitContext dropPrivilege(String component, PrivilegeObject privilege,
- String requestor) throws SentryUserException;
+ String requestor) throws Exception;
/**
* Get roles
* @param component: The request respond to which component
* @param groups: The name of groups
* @returns the set of roles
- * @throws SentryUserException
+ * @throws Exception
*/
- Set<String> getRolesByGroups(String component, Set<String> groups) throws SentryUserException;
+ Set<String> getRolesByGroups(String component, Set<String> groups) throws Exception;
/**
* Get groups
* @param component: The request respond to which component
* @param roles: The name of roles
* @returns the set of groups
- * @throws SentryUserException
+ * @throws Exception
*/
- Set<String> getGroupsByRoles(String component, Set<String> roles) throws SentryUserException;
+ Set<String> getGroupsByRoles(String component, Set<String> roles) throws Exception;
/**
* Get privileges
* @param component: The request respond to which component
* @param roles: The name of roles
* @returns the set of privileges
- * @throws SentryUserException
+ * @throws Exception
*/
- Set<PrivilegeObject> getPrivilegesByRole(String component, Set<String> roles) throws SentryUserException;
+ Set<PrivilegeObject> getPrivilegesByRole(String component, Set<String> roles) throws Exception;
/**
* get sentry privileges from provider as followings:
@@ -162,12 +159,12 @@ public interface SentryStoreLayer {
* @param groups: The name of groups
* @param authorizables: The list of authorize objects
* @returns the set of privileges
- * @throws SentryUserException
+ * @throws Exception
*/
Set<PrivilegeObject> getPrivilegesByProvider(String component, String service, Set<String> roles,
Set<String> groups, List<? extends Authorizable> authorizables)
- throws SentryUserException;
+ throws Exception;
/**
* Get all roles name.
@@ -184,11 +181,11 @@ public interface SentryStoreLayer {
* @param validActiveRoles: The valid active roles
* @param authorizables: The list of authorize objects
* @returns The set of MSentryGMPrivilege
- * @throws SentryUserException
+ * @throws Exception
*/
Set<MSentryGMPrivilege> getPrivilegesByAuthorizable(String component, String service,
Set<String> validActiveRoles, List<? extends Authorizable> authorizables)
- throws SentryUserException;
+ throws Exception;
/**
* close sentryStore