You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@sentry.apache.org by ka...@apache.org on 2018/05/04 20:22:26 UTC
sentry git commit: SENTRY-2170: Update the Sentry-HDFS thrift for
user level privileges. (Kalyan Kumar kalvagadda,
reviewed-by Na Li and Sergio Pena)
Repository: sentry
Updated Branches:
refs/heads/master 6e78a486f -> 912b1dbe8
SENTRY-2170: Update the Sentry-HDFS thrift for user level privileges. (Kalyan Kumar kalvagadda, reviewed-by Na Li and Sergio Pena)
Project: http://git-wip-us.apache.org/repos/asf/sentry/repo
Commit: http://git-wip-us.apache.org/repos/asf/sentry/commit/912b1dbe
Tree: http://git-wip-us.apache.org/repos/asf/sentry/tree/912b1dbe
Diff: http://git-wip-us.apache.org/repos/asf/sentry/diff/912b1dbe
Branch: refs/heads/master
Commit: 912b1dbe85fba5bbe7f7fa5c8eb9befc7a081c44
Parents: 6e78a48
Author: Kalyan Kumar Kalvagadda <kk...@cloudera.com>
Authored: Fri May 4 15:15:57 2018 -0500
Committer: Kalyan Kumar Kalvagadda <kk...@cloudera.com>
Committed: Fri May 4 15:15:57 2018 -0500
----------------------------------------------------------------------
.../hdfs/service/thrift/TPrivilegeChanges.java | 110 ++--
.../hdfs/service/thrift/TPrivilegeEntity.java | 502 +++++++++++++++++++
.../service/thrift/TPrivilegeEntityType.java | 48 ++
.../apache/sentry/hdfs/PermissionsUpdate.java | 3 +-
.../main/resources/sentry_hdfs_service.thrift | 19 +-
.../sentry/hdfs/TestPermissionUpdate.java | 6 +-
.../sentry/hdfs/UpdateableAuthzPermissions.java | 39 +-
.../apache/sentry/hdfs/PermImageRetriever.java | 11 +-
.../org/apache/sentry/hdfs/SentryPlugin.java | 19 +-
.../hdfs/TestSentryHDFSServiceProcessor.java | 5 +-
.../persistent/NotificationProcessor.java | 9 +-
.../db/service/persistent/PermissionsImage.java | 12 +-
.../db/service/persistent/SentryStore.java | 16 +-
.../db/service/persistent/TestSentryStore.java | 19 +-
14 files changed, 723 insertions(+), 95 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/sentry/blob/912b1dbe/sentry-hdfs/sentry-hdfs-common/src/gen/thrift/gen-javabean/org/apache/sentry/hdfs/service/thrift/TPrivilegeChanges.java
----------------------------------------------------------------------
diff --git a/sentry-hdfs/sentry-hdfs-common/src/gen/thrift/gen-javabean/org/apache/sentry/hdfs/service/thrift/TPrivilegeChanges.java b/sentry-hdfs/sentry-hdfs-common/src/gen/thrift/gen-javabean/org/apache/sentry/hdfs/service/thrift/TPrivilegeChanges.java
index dea21fa..abcf3ca 100644
--- a/sentry-hdfs/sentry-hdfs-common/src/gen/thrift/gen-javabean/org/apache/sentry/hdfs/service/thrift/TPrivilegeChanges.java
+++ b/sentry-hdfs/sentry-hdfs-common/src/gen/thrift/gen-javabean/org/apache/sentry/hdfs/service/thrift/TPrivilegeChanges.java
@@ -49,8 +49,8 @@ public class TPrivilegeChanges implements org.apache.thrift.TBase<TPrivilegeChan
}
private String authzObj; // required
- private Map<String,String> addPrivileges; // required
- private Map<String,String> delPrivileges; // required
+ private Map<TPrivilegeEntity,String> addPrivileges; // required
+ private Map<TPrivilegeEntity,String> delPrivileges; // required
/** The set of fields this struct contains, along with convenience methods for finding and manipulating them. */
public enum _Fields implements org.apache.thrift.TFieldIdEnum {
@@ -124,11 +124,11 @@ public class TPrivilegeChanges implements org.apache.thrift.TBase<TPrivilegeChan
new org.apache.thrift.meta_data.FieldValueMetaData(org.apache.thrift.protocol.TType.STRING)));
tmpMap.put(_Fields.ADD_PRIVILEGES, new org.apache.thrift.meta_data.FieldMetaData("addPrivileges", org.apache.thrift.TFieldRequirementType.REQUIRED,
new org.apache.thrift.meta_data.MapMetaData(org.apache.thrift.protocol.TType.MAP,
- new org.apache.thrift.meta_data.FieldValueMetaData(org.apache.thrift.protocol.TType.STRING),
+ new org.apache.thrift.meta_data.StructMetaData(org.apache.thrift.protocol.TType.STRUCT, TPrivilegeEntity.class),
new org.apache.thrift.meta_data.FieldValueMetaData(org.apache.thrift.protocol.TType.STRING))));
tmpMap.put(_Fields.DEL_PRIVILEGES, new org.apache.thrift.meta_data.FieldMetaData("delPrivileges", org.apache.thrift.TFieldRequirementType.REQUIRED,
new org.apache.thrift.meta_data.MapMetaData(org.apache.thrift.protocol.TType.MAP,
- new org.apache.thrift.meta_data.FieldValueMetaData(org.apache.thrift.protocol.TType.STRING),
+ new org.apache.thrift.meta_data.StructMetaData(org.apache.thrift.protocol.TType.STRUCT, TPrivilegeEntity.class),
new org.apache.thrift.meta_data.FieldValueMetaData(org.apache.thrift.protocol.TType.STRING))));
metaDataMap = Collections.unmodifiableMap(tmpMap);
org.apache.thrift.meta_data.FieldMetaData.addStructMetaDataMap(TPrivilegeChanges.class, metaDataMap);
@@ -139,8 +139,8 @@ public class TPrivilegeChanges implements org.apache.thrift.TBase<TPrivilegeChan
public TPrivilegeChanges(
String authzObj,
- Map<String,String> addPrivileges,
- Map<String,String> delPrivileges)
+ Map<TPrivilegeEntity,String> addPrivileges,
+ Map<TPrivilegeEntity,String> delPrivileges)
{
this();
this.authzObj = authzObj;
@@ -156,11 +156,33 @@ public class TPrivilegeChanges implements org.apache.thrift.TBase<TPrivilegeChan
this.authzObj = other.authzObj;
}
if (other.isSetAddPrivileges()) {
- Map<String,String> __this__addPrivileges = new HashMap<String,String>(other.addPrivileges);
+ Map<TPrivilegeEntity,String> __this__addPrivileges = new HashMap<TPrivilegeEntity,String>(other.addPrivileges.size());
+ for (Map.Entry<TPrivilegeEntity, String> other_element : other.addPrivileges.entrySet()) {
+
+ TPrivilegeEntity other_element_key = other_element.getKey();
+ String other_element_value = other_element.getValue();
+
+ TPrivilegeEntity __this__addPrivileges_copy_key = new TPrivilegeEntity(other_element_key);
+
+ String __this__addPrivileges_copy_value = other_element_value;
+
+ __this__addPrivileges.put(__this__addPrivileges_copy_key, __this__addPrivileges_copy_value);
+ }
this.addPrivileges = __this__addPrivileges;
}
if (other.isSetDelPrivileges()) {
- Map<String,String> __this__delPrivileges = new HashMap<String,String>(other.delPrivileges);
+ Map<TPrivilegeEntity,String> __this__delPrivileges = new HashMap<TPrivilegeEntity,String>(other.delPrivileges.size());
+ for (Map.Entry<TPrivilegeEntity, String> other_element : other.delPrivileges.entrySet()) {
+
+ TPrivilegeEntity other_element_key = other_element.getKey();
+ String other_element_value = other_element.getValue();
+
+ TPrivilegeEntity __this__delPrivileges_copy_key = new TPrivilegeEntity(other_element_key);
+
+ String __this__delPrivileges_copy_value = other_element_value;
+
+ __this__delPrivileges.put(__this__delPrivileges_copy_key, __this__delPrivileges_copy_value);
+ }
this.delPrivileges = __this__delPrivileges;
}
}
@@ -203,18 +225,18 @@ public class TPrivilegeChanges implements org.apache.thrift.TBase<TPrivilegeChan
return (this.addPrivileges == null) ? 0 : this.addPrivileges.size();
}
- public void putToAddPrivileges(String key, String val) {
+ public void putToAddPrivileges(TPrivilegeEntity key, String val) {
if (this.addPrivileges == null) {
- this.addPrivileges = new HashMap<String,String>();
+ this.addPrivileges = new HashMap<TPrivilegeEntity,String>();
}
this.addPrivileges.put(key, val);
}
- public Map<String,String> getAddPrivileges() {
+ public Map<TPrivilegeEntity,String> getAddPrivileges() {
return this.addPrivileges;
}
- public void setAddPrivileges(Map<String,String> addPrivileges) {
+ public void setAddPrivileges(Map<TPrivilegeEntity,String> addPrivileges) {
this.addPrivileges = addPrivileges;
}
@@ -237,18 +259,18 @@ public class TPrivilegeChanges implements org.apache.thrift.TBase<TPrivilegeChan
return (this.delPrivileges == null) ? 0 : this.delPrivileges.size();
}
- public void putToDelPrivileges(String key, String val) {
+ public void putToDelPrivileges(TPrivilegeEntity key, String val) {
if (this.delPrivileges == null) {
- this.delPrivileges = new HashMap<String,String>();
+ this.delPrivileges = new HashMap<TPrivilegeEntity,String>();
}
this.delPrivileges.put(key, val);
}
- public Map<String,String> getDelPrivileges() {
+ public Map<TPrivilegeEntity,String> getDelPrivileges() {
return this.delPrivileges;
}
- public void setDelPrivileges(Map<String,String> delPrivileges) {
+ public void setDelPrivileges(Map<TPrivilegeEntity,String> delPrivileges) {
this.delPrivileges = delPrivileges;
}
@@ -281,7 +303,7 @@ public class TPrivilegeChanges implements org.apache.thrift.TBase<TPrivilegeChan
if (value == null) {
unsetAddPrivileges();
} else {
- setAddPrivileges((Map<String,String>)value);
+ setAddPrivileges((Map<TPrivilegeEntity,String>)value);
}
break;
@@ -289,7 +311,7 @@ public class TPrivilegeChanges implements org.apache.thrift.TBase<TPrivilegeChan
if (value == null) {
unsetDelPrivileges();
} else {
- setDelPrivileges((Map<String,String>)value);
+ setDelPrivileges((Map<TPrivilegeEntity,String>)value);
}
break;
@@ -541,12 +563,13 @@ public class TPrivilegeChanges implements org.apache.thrift.TBase<TPrivilegeChan
if (schemeField.type == org.apache.thrift.protocol.TType.MAP) {
{
org.apache.thrift.protocol.TMap _map74 = iprot.readMapBegin();
- struct.addPrivileges = new HashMap<String,String>(2*_map74.size);
- String _key75;
+ struct.addPrivileges = new HashMap<TPrivilegeEntity,String>(2*_map74.size);
+ TPrivilegeEntity _key75;
String _val76;
for (int _i77 = 0; _i77 < _map74.size; ++_i77)
{
- _key75 = iprot.readString();
+ _key75 = new TPrivilegeEntity();
+ _key75.read(iprot);
_val76 = iprot.readString();
struct.addPrivileges.put(_key75, _val76);
}
@@ -561,12 +584,13 @@ public class TPrivilegeChanges implements org.apache.thrift.TBase<TPrivilegeChan
if (schemeField.type == org.apache.thrift.protocol.TType.MAP) {
{
org.apache.thrift.protocol.TMap _map78 = iprot.readMapBegin();
- struct.delPrivileges = new HashMap<String,String>(2*_map78.size);
- String _key79;
+ struct.delPrivileges = new HashMap<TPrivilegeEntity,String>(2*_map78.size);
+ TPrivilegeEntity _key79;
String _val80;
for (int _i81 = 0; _i81 < _map78.size; ++_i81)
{
- _key79 = iprot.readString();
+ _key79 = new TPrivilegeEntity();
+ _key79.read(iprot);
_val80 = iprot.readString();
struct.delPrivileges.put(_key79, _val80);
}
@@ -598,10 +622,10 @@ public class TPrivilegeChanges implements org.apache.thrift.TBase<TPrivilegeChan
if (struct.addPrivileges != null) {
oprot.writeFieldBegin(ADD_PRIVILEGES_FIELD_DESC);
{
- oprot.writeMapBegin(new org.apache.thrift.protocol.TMap(org.apache.thrift.protocol.TType.STRING, org.apache.thrift.protocol.TType.STRING, struct.addPrivileges.size()));
- for (Map.Entry<String, String> _iter82 : struct.addPrivileges.entrySet())
+ oprot.writeMapBegin(new org.apache.thrift.protocol.TMap(org.apache.thrift.protocol.TType.STRUCT, org.apache.thrift.protocol.TType.STRING, struct.addPrivileges.size()));
+ for (Map.Entry<TPrivilegeEntity, String> _iter82 : struct.addPrivileges.entrySet())
{
- oprot.writeString(_iter82.getKey());
+ _iter82.getKey().write(oprot);
oprot.writeString(_iter82.getValue());
}
oprot.writeMapEnd();
@@ -611,10 +635,10 @@ public class TPrivilegeChanges implements org.apache.thrift.TBase<TPrivilegeChan
if (struct.delPrivileges != null) {
oprot.writeFieldBegin(DEL_PRIVILEGES_FIELD_DESC);
{
- oprot.writeMapBegin(new org.apache.thrift.protocol.TMap(org.apache.thrift.protocol.TType.STRING, org.apache.thrift.protocol.TType.STRING, struct.delPrivileges.size()));
- for (Map.Entry<String, String> _iter83 : struct.delPrivileges.entrySet())
+ oprot.writeMapBegin(new org.apache.thrift.protocol.TMap(org.apache.thrift.protocol.TType.STRUCT, org.apache.thrift.protocol.TType.STRING, struct.delPrivileges.size()));
+ for (Map.Entry<TPrivilegeEntity, String> _iter83 : struct.delPrivileges.entrySet())
{
- oprot.writeString(_iter83.getKey());
+ _iter83.getKey().write(oprot);
oprot.writeString(_iter83.getValue());
}
oprot.writeMapEnd();
@@ -641,17 +665,17 @@ public class TPrivilegeChanges implements org.apache.thrift.TBase<TPrivilegeChan
oprot.writeString(struct.authzObj);
{
oprot.writeI32(struct.addPrivileges.size());
- for (Map.Entry<String, String> _iter84 : struct.addPrivileges.entrySet())
+ for (Map.Entry<TPrivilegeEntity, String> _iter84 : struct.addPrivileges.entrySet())
{
- oprot.writeString(_iter84.getKey());
+ _iter84.getKey().write(oprot);
oprot.writeString(_iter84.getValue());
}
}
{
oprot.writeI32(struct.delPrivileges.size());
- for (Map.Entry<String, String> _iter85 : struct.delPrivileges.entrySet())
+ for (Map.Entry<TPrivilegeEntity, String> _iter85 : struct.delPrivileges.entrySet())
{
- oprot.writeString(_iter85.getKey());
+ _iter85.getKey().write(oprot);
oprot.writeString(_iter85.getValue());
}
}
@@ -663,26 +687,28 @@ public class TPrivilegeChanges implements org.apache.thrift.TBase<TPrivilegeChan
struct.authzObj = iprot.readString();
struct.setAuthzObjIsSet(true);
{
- org.apache.thrift.protocol.TMap _map86 = new org.apache.thrift.protocol.TMap(org.apache.thrift.protocol.TType.STRING, org.apache.thrift.protocol.TType.STRING, iprot.readI32());
- struct.addPrivileges = new HashMap<String,String>(2*_map86.size);
- String _key87;
+ org.apache.thrift.protocol.TMap _map86 = new org.apache.thrift.protocol.TMap(org.apache.thrift.protocol.TType.STRUCT, org.apache.thrift.protocol.TType.STRING, iprot.readI32());
+ struct.addPrivileges = new HashMap<TPrivilegeEntity,String>(2*_map86.size);
+ TPrivilegeEntity _key87;
String _val88;
for (int _i89 = 0; _i89 < _map86.size; ++_i89)
{
- _key87 = iprot.readString();
+ _key87 = new TPrivilegeEntity();
+ _key87.read(iprot);
_val88 = iprot.readString();
struct.addPrivileges.put(_key87, _val88);
}
}
struct.setAddPrivilegesIsSet(true);
{
- org.apache.thrift.protocol.TMap _map90 = new org.apache.thrift.protocol.TMap(org.apache.thrift.protocol.TType.STRING, org.apache.thrift.protocol.TType.STRING, iprot.readI32());
- struct.delPrivileges = new HashMap<String,String>(2*_map90.size);
- String _key91;
+ org.apache.thrift.protocol.TMap _map90 = new org.apache.thrift.protocol.TMap(org.apache.thrift.protocol.TType.STRUCT, org.apache.thrift.protocol.TType.STRING, iprot.readI32());
+ struct.delPrivileges = new HashMap<TPrivilegeEntity,String>(2*_map90.size);
+ TPrivilegeEntity _key91;
String _val92;
for (int _i93 = 0; _i93 < _map90.size; ++_i93)
{
- _key91 = iprot.readString();
+ _key91 = new TPrivilegeEntity();
+ _key91.read(iprot);
_val92 = iprot.readString();
struct.delPrivileges.put(_key91, _val92);
}
http://git-wip-us.apache.org/repos/asf/sentry/blob/912b1dbe/sentry-hdfs/sentry-hdfs-common/src/gen/thrift/gen-javabean/org/apache/sentry/hdfs/service/thrift/TPrivilegeEntity.java
----------------------------------------------------------------------
diff --git a/sentry-hdfs/sentry-hdfs-common/src/gen/thrift/gen-javabean/org/apache/sentry/hdfs/service/thrift/TPrivilegeEntity.java b/sentry-hdfs/sentry-hdfs-common/src/gen/thrift/gen-javabean/org/apache/sentry/hdfs/service/thrift/TPrivilegeEntity.java
new file mode 100644
index 0000000..85f8147
--- /dev/null
+++ b/sentry-hdfs/sentry-hdfs-common/src/gen/thrift/gen-javabean/org/apache/sentry/hdfs/service/thrift/TPrivilegeEntity.java
@@ -0,0 +1,502 @@
+/**
+ * Autogenerated by Thrift Compiler (0.9.3)
+ *
+ * DO NOT EDIT UNLESS YOU ARE SURE THAT YOU KNOW WHAT YOU ARE DOING
+ * @generated
+ */
+package org.apache.sentry.hdfs.service.thrift;
+
+import org.apache.thrift.scheme.IScheme;
+import org.apache.thrift.scheme.SchemeFactory;
+import org.apache.thrift.scheme.StandardScheme;
+
+import org.apache.thrift.scheme.TupleScheme;
+import org.apache.thrift.protocol.TTupleProtocol;
+import org.apache.thrift.protocol.TProtocolException;
+import org.apache.thrift.EncodingUtils;
+import org.apache.thrift.TException;
+import org.apache.thrift.async.AsyncMethodCallback;
+import org.apache.thrift.server.AbstractNonblockingServer.*;
+import java.util.List;
+import java.util.ArrayList;
+import java.util.Map;
+import java.util.HashMap;
+import java.util.EnumMap;
+import java.util.Set;
+import java.util.HashSet;
+import java.util.EnumSet;
+import java.util.Collections;
+import java.util.BitSet;
+import java.nio.ByteBuffer;
+import java.util.Arrays;
+import javax.annotation.Generated;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+@SuppressWarnings({"cast", "rawtypes", "serial", "unchecked"})
+@Generated(value = "Autogenerated by Thrift Compiler (0.9.3)")
+public class TPrivilegeEntity implements org.apache.thrift.TBase<TPrivilegeEntity, TPrivilegeEntity._Fields>, java.io.Serializable, Cloneable, Comparable<TPrivilegeEntity> {
+ private static final org.apache.thrift.protocol.TStruct STRUCT_DESC = new org.apache.thrift.protocol.TStruct("TPrivilegeEntity");
+
+ private static final org.apache.thrift.protocol.TField TYPE_FIELD_DESC = new org.apache.thrift.protocol.TField("type", org.apache.thrift.protocol.TType.I32, (short)1);
+ private static final org.apache.thrift.protocol.TField VALUE_FIELD_DESC = new org.apache.thrift.protocol.TField("value", org.apache.thrift.protocol.TType.STRING, (short)2);
+
+ private static final Map<Class<? extends IScheme>, SchemeFactory> schemes = new HashMap<Class<? extends IScheme>, SchemeFactory>();
+ static {
+ schemes.put(StandardScheme.class, new TPrivilegeEntityStandardSchemeFactory());
+ schemes.put(TupleScheme.class, new TPrivilegeEntityTupleSchemeFactory());
+ }
+
+ private TPrivilegeEntityType type; // required
+ private String value; // required
+
+ /** The set of fields this struct contains, along with convenience methods for finding and manipulating them. */
+ public enum _Fields implements org.apache.thrift.TFieldIdEnum {
+ /**
+ *
+ * @see TPrivilegeEntityType
+ */
+ TYPE((short)1, "type"),
+ VALUE((short)2, "value");
+
+ private static final Map<String, _Fields> byName = new HashMap<String, _Fields>();
+
+ static {
+ for (_Fields field : EnumSet.allOf(_Fields.class)) {
+ byName.put(field.getFieldName(), field);
+ }
+ }
+
+ /**
+ * Find the _Fields constant that matches fieldId, or null if its not found.
+ */
+ public static _Fields findByThriftId(int fieldId) {
+ switch(fieldId) {
+ case 1: // TYPE
+ return TYPE;
+ case 2: // VALUE
+ return VALUE;
+ default:
+ return null;
+ }
+ }
+
+ /**
+ * Find the _Fields constant that matches fieldId, throwing an exception
+ * if it is not found.
+ */
+ public static _Fields findByThriftIdOrThrow(int fieldId) {
+ _Fields fields = findByThriftId(fieldId);
+ if (fields == null) throw new IllegalArgumentException("Field " + fieldId + " doesn't exist!");
+ return fields;
+ }
+
+ /**
+ * Find the _Fields constant that matches name, or null if its not found.
+ */
+ public static _Fields findByName(String name) {
+ return byName.get(name);
+ }
+
+ private final short _thriftId;
+ private final String _fieldName;
+
+ _Fields(short thriftId, String fieldName) {
+ _thriftId = thriftId;
+ _fieldName = fieldName;
+ }
+
+ public short getThriftFieldId() {
+ return _thriftId;
+ }
+
+ public String getFieldName() {
+ return _fieldName;
+ }
+ }
+
+ // isset id assignments
+ public static final Map<_Fields, org.apache.thrift.meta_data.FieldMetaData> metaDataMap;
+ static {
+ Map<_Fields, org.apache.thrift.meta_data.FieldMetaData> tmpMap = new EnumMap<_Fields, org.apache.thrift.meta_data.FieldMetaData>(_Fields.class);
+ tmpMap.put(_Fields.TYPE, new org.apache.thrift.meta_data.FieldMetaData("type", org.apache.thrift.TFieldRequirementType.REQUIRED,
+ new org.apache.thrift.meta_data.EnumMetaData(org.apache.thrift.protocol.TType.ENUM, TPrivilegeEntityType.class)));
+ tmpMap.put(_Fields.VALUE, new org.apache.thrift.meta_data.FieldMetaData("value", org.apache.thrift.TFieldRequirementType.REQUIRED,
+ new org.apache.thrift.meta_data.FieldValueMetaData(org.apache.thrift.protocol.TType.STRING)));
+ metaDataMap = Collections.unmodifiableMap(tmpMap);
+ org.apache.thrift.meta_data.FieldMetaData.addStructMetaDataMap(TPrivilegeEntity.class, metaDataMap);
+ }
+
+ public TPrivilegeEntity() {
+ }
+
+ public TPrivilegeEntity(
+ TPrivilegeEntityType type,
+ String value)
+ {
+ this();
+ this.type = type;
+ this.value = value;
+ }
+
+ /**
+ * Performs a deep copy on <i>other</i>.
+ */
+ public TPrivilegeEntity(TPrivilegeEntity other) {
+ if (other.isSetType()) {
+ this.type = other.type;
+ }
+ if (other.isSetValue()) {
+ this.value = other.value;
+ }
+ }
+
+ public TPrivilegeEntity deepCopy() {
+ return new TPrivilegeEntity(this);
+ }
+
+ @Override
+ public void clear() {
+ this.type = null;
+ this.value = null;
+ }
+
+ /**
+ *
+ * @see TPrivilegeEntityType
+ */
+ public TPrivilegeEntityType getType() {
+ return this.type;
+ }
+
+ /**
+ *
+ * @see TPrivilegeEntityType
+ */
+ public void setType(TPrivilegeEntityType type) {
+ this.type = type;
+ }
+
+ public void unsetType() {
+ this.type = null;
+ }
+
+ /** Returns true if field type is set (has been assigned a value) and false otherwise */
+ public boolean isSetType() {
+ return this.type != null;
+ }
+
+ public void setTypeIsSet(boolean value) {
+ if (!value) {
+ this.type = null;
+ }
+ }
+
+ public String getValue() {
+ return this.value;
+ }
+
+ public void setValue(String value) {
+ this.value = value;
+ }
+
+ public void unsetValue() {
+ this.value = null;
+ }
+
+ /** Returns true if field value is set (has been assigned a value) and false otherwise */
+ public boolean isSetValue() {
+ return this.value != null;
+ }
+
+ public void setValueIsSet(boolean value) {
+ if (!value) {
+ this.value = null;
+ }
+ }
+
+ public void setFieldValue(_Fields field, Object value) {
+ switch (field) {
+ case TYPE:
+ if (value == null) {
+ unsetType();
+ } else {
+ setType((TPrivilegeEntityType)value);
+ }
+ break;
+
+ case VALUE:
+ if (value == null) {
+ unsetValue();
+ } else {
+ setValue((String)value);
+ }
+ break;
+
+ }
+ }
+
+ public Object getFieldValue(_Fields field) {
+ switch (field) {
+ case TYPE:
+ return getType();
+
+ case VALUE:
+ return getValue();
+
+ }
+ throw new IllegalStateException();
+ }
+
+ /** Returns true if field corresponding to fieldID is set (has been assigned a value) and false otherwise */
+ public boolean isSet(_Fields field) {
+ if (field == null) {
+ throw new IllegalArgumentException();
+ }
+
+ switch (field) {
+ case TYPE:
+ return isSetType();
+ case VALUE:
+ return isSetValue();
+ }
+ throw new IllegalStateException();
+ }
+
+ @Override
+ public boolean equals(Object that) {
+ if (that == null)
+ return false;
+ if (that instanceof TPrivilegeEntity)
+ return this.equals((TPrivilegeEntity)that);
+ return false;
+ }
+
+ public boolean equals(TPrivilegeEntity that) {
+ if (that == null)
+ return false;
+
+ boolean this_present_type = true && this.isSetType();
+ boolean that_present_type = true && that.isSetType();
+ if (this_present_type || that_present_type) {
+ if (!(this_present_type && that_present_type))
+ return false;
+ if (!this.type.equals(that.type))
+ return false;
+ }
+
+ boolean this_present_value = true && this.isSetValue();
+ boolean that_present_value = true && that.isSetValue();
+ if (this_present_value || that_present_value) {
+ if (!(this_present_value && that_present_value))
+ return false;
+ if (!this.value.equals(that.value))
+ return false;
+ }
+
+ return true;
+ }
+
+ @Override
+ public int hashCode() {
+ List<Object> list = new ArrayList<Object>();
+
+ boolean present_type = true && (isSetType());
+ list.add(present_type);
+ if (present_type)
+ list.add(type.getValue());
+
+ boolean present_value = true && (isSetValue());
+ list.add(present_value);
+ if (present_value)
+ list.add(value);
+
+ return list.hashCode();
+ }
+
+ @Override
+ public int compareTo(TPrivilegeEntity other) {
+ if (!getClass().equals(other.getClass())) {
+ return getClass().getName().compareTo(other.getClass().getName());
+ }
+
+ int lastComparison = 0;
+
+ lastComparison = Boolean.valueOf(isSetType()).compareTo(other.isSetType());
+ if (lastComparison != 0) {
+ return lastComparison;
+ }
+ if (isSetType()) {
+ lastComparison = org.apache.thrift.TBaseHelper.compareTo(this.type, other.type);
+ if (lastComparison != 0) {
+ return lastComparison;
+ }
+ }
+ lastComparison = Boolean.valueOf(isSetValue()).compareTo(other.isSetValue());
+ if (lastComparison != 0) {
+ return lastComparison;
+ }
+ if (isSetValue()) {
+ lastComparison = org.apache.thrift.TBaseHelper.compareTo(this.value, other.value);
+ if (lastComparison != 0) {
+ return lastComparison;
+ }
+ }
+ return 0;
+ }
+
+ public _Fields fieldForId(int fieldId) {
+ return _Fields.findByThriftId(fieldId);
+ }
+
+ public void read(org.apache.thrift.protocol.TProtocol iprot) throws org.apache.thrift.TException {
+ schemes.get(iprot.getScheme()).getScheme().read(iprot, this);
+ }
+
+ public void write(org.apache.thrift.protocol.TProtocol oprot) throws org.apache.thrift.TException {
+ schemes.get(oprot.getScheme()).getScheme().write(oprot, this);
+ }
+
+ @Override
+ public String toString() {
+ StringBuilder sb = new StringBuilder("TPrivilegeEntity(");
+ boolean first = true;
+
+ sb.append("type:");
+ if (this.type == null) {
+ sb.append("null");
+ } else {
+ sb.append(this.type);
+ }
+ first = false;
+ if (!first) sb.append(", ");
+ sb.append("value:");
+ if (this.value == null) {
+ sb.append("null");
+ } else {
+ sb.append(this.value);
+ }
+ first = false;
+ sb.append(")");
+ return sb.toString();
+ }
+
+ public void validate() throws org.apache.thrift.TException {
+ // check for required fields
+ if (!isSetType()) {
+ throw new org.apache.thrift.protocol.TProtocolException("Required field 'type' is unset! Struct:" + toString());
+ }
+
+ if (!isSetValue()) {
+ throw new org.apache.thrift.protocol.TProtocolException("Required field 'value' is unset! Struct:" + toString());
+ }
+
+ // check for sub-struct validity
+ }
+
+ private void writeObject(java.io.ObjectOutputStream out) throws java.io.IOException {
+ try {
+ write(new org.apache.thrift.protocol.TCompactProtocol(new org.apache.thrift.transport.TIOStreamTransport(out)));
+ } catch (org.apache.thrift.TException te) {
+ throw new java.io.IOException(te);
+ }
+ }
+
+ private void readObject(java.io.ObjectInputStream in) throws java.io.IOException, ClassNotFoundException {
+ try {
+ read(new org.apache.thrift.protocol.TCompactProtocol(new org.apache.thrift.transport.TIOStreamTransport(in)));
+ } catch (org.apache.thrift.TException te) {
+ throw new java.io.IOException(te);
+ }
+ }
+
+ private static class TPrivilegeEntityStandardSchemeFactory implements SchemeFactory {
+ public TPrivilegeEntityStandardScheme getScheme() {
+ return new TPrivilegeEntityStandardScheme();
+ }
+ }
+
+ private static class TPrivilegeEntityStandardScheme extends StandardScheme<TPrivilegeEntity> {
+
+ public void read(org.apache.thrift.protocol.TProtocol iprot, TPrivilegeEntity struct) throws org.apache.thrift.TException {
+ org.apache.thrift.protocol.TField schemeField;
+ iprot.readStructBegin();
+ while (true)
+ {
+ schemeField = iprot.readFieldBegin();
+ if (schemeField.type == org.apache.thrift.protocol.TType.STOP) {
+ break;
+ }
+ switch (schemeField.id) {
+ case 1: // TYPE
+ if (schemeField.type == org.apache.thrift.protocol.TType.I32) {
+ struct.type = org.apache.sentry.hdfs.service.thrift.TPrivilegeEntityType.findByValue(iprot.readI32());
+ struct.setTypeIsSet(true);
+ } else {
+ org.apache.thrift.protocol.TProtocolUtil.skip(iprot, schemeField.type);
+ }
+ break;
+ case 2: // VALUE
+ if (schemeField.type == org.apache.thrift.protocol.TType.STRING) {
+ struct.value = iprot.readString();
+ struct.setValueIsSet(true);
+ } else {
+ org.apache.thrift.protocol.TProtocolUtil.skip(iprot, schemeField.type);
+ }
+ break;
+ default:
+ org.apache.thrift.protocol.TProtocolUtil.skip(iprot, schemeField.type);
+ }
+ iprot.readFieldEnd();
+ }
+ iprot.readStructEnd();
+ struct.validate();
+ }
+
+ public void write(org.apache.thrift.protocol.TProtocol oprot, TPrivilegeEntity struct) throws org.apache.thrift.TException {
+ struct.validate();
+
+ oprot.writeStructBegin(STRUCT_DESC);
+ if (struct.type != null) {
+ oprot.writeFieldBegin(TYPE_FIELD_DESC);
+ oprot.writeI32(struct.type.getValue());
+ oprot.writeFieldEnd();
+ }
+ if (struct.value != null) {
+ oprot.writeFieldBegin(VALUE_FIELD_DESC);
+ oprot.writeString(struct.value);
+ oprot.writeFieldEnd();
+ }
+ oprot.writeFieldStop();
+ oprot.writeStructEnd();
+ }
+
+ }
+
+ private static class TPrivilegeEntityTupleSchemeFactory implements SchemeFactory {
+ public TPrivilegeEntityTupleScheme getScheme() {
+ return new TPrivilegeEntityTupleScheme();
+ }
+ }
+
+ private static class TPrivilegeEntityTupleScheme extends TupleScheme<TPrivilegeEntity> {
+
+ @Override
+ public void write(org.apache.thrift.protocol.TProtocol prot, TPrivilegeEntity struct) throws org.apache.thrift.TException {
+ TTupleProtocol oprot = (TTupleProtocol) prot;
+ oprot.writeI32(struct.type.getValue());
+ oprot.writeString(struct.value);
+ }
+
+ @Override
+ public void read(org.apache.thrift.protocol.TProtocol prot, TPrivilegeEntity struct) throws org.apache.thrift.TException {
+ TTupleProtocol iprot = (TTupleProtocol) prot;
+ struct.type = org.apache.sentry.hdfs.service.thrift.TPrivilegeEntityType.findByValue(iprot.readI32());
+ struct.setTypeIsSet(true);
+ struct.value = iprot.readString();
+ struct.setValueIsSet(true);
+ }
+ }
+
+}
+
http://git-wip-us.apache.org/repos/asf/sentry/blob/912b1dbe/sentry-hdfs/sentry-hdfs-common/src/gen/thrift/gen-javabean/org/apache/sentry/hdfs/service/thrift/TPrivilegeEntityType.java
----------------------------------------------------------------------
diff --git a/sentry-hdfs/sentry-hdfs-common/src/gen/thrift/gen-javabean/org/apache/sentry/hdfs/service/thrift/TPrivilegeEntityType.java b/sentry-hdfs/sentry-hdfs-common/src/gen/thrift/gen-javabean/org/apache/sentry/hdfs/service/thrift/TPrivilegeEntityType.java
new file mode 100644
index 0000000..ac44c1f
--- /dev/null
+++ b/sentry-hdfs/sentry-hdfs-common/src/gen/thrift/gen-javabean/org/apache/sentry/hdfs/service/thrift/TPrivilegeEntityType.java
@@ -0,0 +1,48 @@
+/**
+ * Autogenerated by Thrift Compiler (0.9.3)
+ *
+ * DO NOT EDIT UNLESS YOU ARE SURE THAT YOU KNOW WHAT YOU ARE DOING
+ * @generated
+ */
+package org.apache.sentry.hdfs.service.thrift;
+
+
+import java.util.Map;
+import java.util.HashMap;
+import org.apache.thrift.TEnum;
+
+public enum TPrivilegeEntityType implements org.apache.thrift.TEnum {
+ ROLE(0),
+ USER(1),
+ AUTHZ_OBJ(2);
+
+ private final int value;
+
+ private TPrivilegeEntityType(int value) {
+ this.value = value;
+ }
+
+ /**
+ * Get the integer value of this enum value, as defined in the Thrift IDL.
+ */
+ public int getValue() {
+ return value;
+ }
+
+ /**
+ * Find a the enum type by its integer value, as defined in the Thrift IDL.
+ * @return null if the value is not found.
+ */
+ public static TPrivilegeEntityType findByValue(int value) {
+ switch (value) {
+ case 0:
+ return ROLE;
+ case 1:
+ return USER;
+ case 2:
+ return AUTHZ_OBJ;
+ default:
+ return null;
+ }
+ }
+}
http://git-wip-us.apache.org/repos/asf/sentry/blob/912b1dbe/sentry-hdfs/sentry-hdfs-common/src/main/java/org/apache/sentry/hdfs/PermissionsUpdate.java
----------------------------------------------------------------------
diff --git a/sentry-hdfs/sentry-hdfs-common/src/main/java/org/apache/sentry/hdfs/PermissionsUpdate.java b/sentry-hdfs/sentry-hdfs-common/src/main/java/org/apache/sentry/hdfs/PermissionsUpdate.java
index 0272396..5691933 100644
--- a/sentry-hdfs/sentry-hdfs-common/src/main/java/org/apache/sentry/hdfs/PermissionsUpdate.java
+++ b/sentry-hdfs/sentry-hdfs-common/src/main/java/org/apache/sentry/hdfs/PermissionsUpdate.java
@@ -22,6 +22,7 @@ import java.util.ArrayList;
import java.util.Collection;
import java.util.HashMap;
+import org.apache.sentry.hdfs.service.thrift.TPrivilegeEntity;
import org.apache.sentry.hdfs.service.thrift.TPermissionsUpdate;
import org.apache.sentry.hdfs.service.thrift.TPrivilegeChanges;
import org.apache.sentry.hdfs.service.thrift.TRoleChanges;
@@ -82,7 +83,7 @@ public class PermissionsUpdate implements Updateable.Update {
return tPermUpdate.getPrivilegeChanges().get(authzObj);
}
TPrivilegeChanges privUpdate = new TPrivilegeChanges(authzObj,
- new HashMap<String, String>(), new HashMap<String, String>());
+ new HashMap<TPrivilegeEntity, String>(), new HashMap<TPrivilegeEntity, String>());
tPermUpdate.getPrivilegeChanges().put(authzObj, privUpdate);
return privUpdate;
}
http://git-wip-us.apache.org/repos/asf/sentry/blob/912b1dbe/sentry-hdfs/sentry-hdfs-common/src/main/resources/sentry_hdfs_service.thrift
----------------------------------------------------------------------
diff --git a/sentry-hdfs/sentry-hdfs-common/src/main/resources/sentry_hdfs_service.thrift b/sentry-hdfs/sentry-hdfs-common/src/main/resources/sentry_hdfs_service.thrift
index 465b421..61582cd 100644
--- a/sentry-hdfs/sentry-hdfs-common/src/main/resources/sentry_hdfs_service.thrift
+++ b/sentry-hdfs/sentry-hdfs-common/src/main/resources/sentry_hdfs_service.thrift
@@ -26,6 +26,21 @@ namespace java org.apache.sentry.hdfs.service.thrift
namespace php sentry.hdfs.thrift
namespace cpp Apache.Sentry.HDFS.Thrift
+enum TPrivilegeEntityType {
+ ROLE,
+ USER,
+ AUTHZ_OBJ
+}
+
+struct TPrivilegeEntity {
+
+# Type of the privilege entity
+1: required TPrivilegeEntityType type;
+
+# Value of entity
+2: required string value;
+}
+
struct TPathChanges {
# The authorizable object that needs to be updated.
@@ -79,11 +94,11 @@ struct TPrivilegeChanges {
# The privileges that needs to be added to
# the authorizable object.
-2: required map<string, string> addPrivileges;
+2: required map<TPrivilegeEntity, string> addPrivileges;
# The privileges that needs to be deleted to
# the authorizable object.
-3: required map<string, string> delPrivileges;
+3: required map<TPrivilegeEntity, string> delPrivileges;
}
struct TRoleChanges {
http://git-wip-us.apache.org/repos/asf/sentry/blob/912b1dbe/sentry-hdfs/sentry-hdfs-common/src/test/java/org/apache/sentry/hdfs/TestPermissionUpdate.java
----------------------------------------------------------------------
diff --git a/sentry-hdfs/sentry-hdfs-common/src/test/java/org/apache/sentry/hdfs/TestPermissionUpdate.java b/sentry-hdfs/sentry-hdfs-common/src/test/java/org/apache/sentry/hdfs/TestPermissionUpdate.java
index 11d3a2a..8bd9d43 100644
--- a/sentry-hdfs/sentry-hdfs-common/src/test/java/org/apache/sentry/hdfs/TestPermissionUpdate.java
+++ b/sentry-hdfs/sentry-hdfs-common/src/test/java/org/apache/sentry/hdfs/TestPermissionUpdate.java
@@ -21,6 +21,8 @@ package org.apache.sentry.hdfs;
import junit.framework.Assert;
import org.apache.sentry.hdfs.service.thrift.TPermissionsUpdate;
import org.apache.sentry.hdfs.service.thrift.TPrivilegeChanges;
+import org.apache.sentry.hdfs.service.thrift.TPrivilegeEntity;
+import org.apache.sentry.hdfs.service.thrift.TPrivilegeEntityType;
import org.apache.thrift.TException;
import org.junit.Test;
@@ -30,8 +32,8 @@ public class TestPermissionUpdate {
public void testSerializeDeserializeInJSON() throws TException {
PermissionsUpdate update = new PermissionsUpdate(0, false);
TPrivilegeChanges privUpdate = update.addPrivilegeUpdate(PermissionsUpdate.RENAME_PRIVS);
- privUpdate.putToAddPrivileges("newAuthz", "newAuthz");
- privUpdate.putToDelPrivileges("oldAuthz", "oldAuthz");
+ privUpdate.putToAddPrivileges(new TPrivilegeEntity(TPrivilegeEntityType.ROLE, "newAuthz"), "newAuthz");
+ privUpdate.putToDelPrivileges(new TPrivilegeEntity(TPrivilegeEntityType.ROLE, "oldAuthz"), "oldAuthz");
// Serialize and deserialize the PermssionUpdate object should equals to the original one.
TPermissionsUpdate before = update.toThrift();
http://git-wip-us.apache.org/repos/asf/sentry/blob/912b1dbe/sentry-hdfs/sentry-hdfs-namenode-plugin/src/main/java/org/apache/sentry/hdfs/UpdateableAuthzPermissions.java
----------------------------------------------------------------------
diff --git a/sentry-hdfs/sentry-hdfs-namenode-plugin/src/main/java/org/apache/sentry/hdfs/UpdateableAuthzPermissions.java b/sentry-hdfs/sentry-hdfs-namenode-plugin/src/main/java/org/apache/sentry/hdfs/UpdateableAuthzPermissions.java
index 1505513..2ad7440 100644
--- a/sentry-hdfs/sentry-hdfs-namenode-plugin/src/main/java/org/apache/sentry/hdfs/UpdateableAuthzPermissions.java
+++ b/sentry-hdfs/sentry-hdfs-namenode-plugin/src/main/java/org/apache/sentry/hdfs/UpdateableAuthzPermissions.java
@@ -29,6 +29,8 @@ import org.apache.hadoop.fs.permission.AclEntry;
import org.apache.hadoop.fs.permission.FsAction;
import org.apache.sentry.hdfs.SentryPermissions.PrivilegeInfo;
import org.apache.sentry.hdfs.SentryPermissions.RoleInfo;
+import org.apache.sentry.hdfs.service.thrift.TPrivilegeEntity;
+import org.apache.sentry.hdfs.service.thrift.TPrivilegeEntityType;
import org.apache.sentry.hdfs.service.thrift.TPrivilegeChanges;
import org.apache.sentry.hdfs.service.thrift.TRoleChanges;
import org.apache.sentry.hdfs.service.thrift.sentry_hdfs_serviceConstants;
@@ -122,10 +124,20 @@ public class UpdateableAuthzPermissions implements AuthzPermissions, Updateable<
}
private void applyPrivilegeUpdates(PermissionsUpdate update) {
+ TPrivilegeEntity addPrivEntity, delPrivEntity;
for (TPrivilegeChanges pUpdate : update.getPrivilegeUpdates()) {
if (pUpdate.getAuthzObj().equals(PermissionsUpdate.RENAME_PRIVS)) {
- String newAuthzObj = pUpdate.getAddPrivileges().keySet().iterator().next();
- String oldAuthzObj = pUpdate.getDelPrivileges().keySet().iterator().next();
+ addPrivEntity = pUpdate.getAddPrivileges().keySet().iterator().next();
+ delPrivEntity = pUpdate.getDelPrivileges().keySet().iterator().next();
+ if(addPrivEntity.getType() != TPrivilegeEntityType.AUTHZ_OBJ ||
+ delPrivEntity.getType() != TPrivilegeEntityType.AUTHZ_OBJ) {
+ LOG.warn("Invalid Permission Update, Received Rename update with wrong data, (Add) Type: {}, Value:{} " +
+ "(Del) Type: {}, Value:{}", addPrivEntity.getType(), addPrivEntity.getValue(),
+ delPrivEntity.getType(), delPrivEntity.getValue());
+ continue;
+ }
+ String newAuthzObj = addPrivEntity.getValue();
+ String oldAuthzObj = delPrivEntity.getValue();
PrivilegeInfo privilegeInfo = perms.getPrivilegeInfo(oldAuthzObj);
// The privilegeInfo object can be null if no explicit Privileges
// have been granted on the object. For eg. If grants have been applied on
@@ -146,30 +158,30 @@ public class UpdateableAuthzPermissions implements AuthzPermissions, Updateable<
}
if (pUpdate.getAuthzObj().equals(PermissionsUpdate.ALL_AUTHZ_OBJ)) {
// Request to remove role from all Privileges
- String roleToRemove = pUpdate.getDelPrivileges().keySet().iterator()
- .next();
+ delPrivEntity = pUpdate.getDelPrivileges().keySet().iterator().next();
+ String roleToRemove = delPrivEntity.getValue();
for (PrivilegeInfo pInfo : perms.getAllPrivileges()) {
pInfo.removePermission(roleToRemove);
}
}
PrivilegeInfo pInfo = perms.getPrivilegeInfo(pUpdate.getAuthzObj());
- for (Map.Entry<String, String> aMap : pUpdate.getAddPrivileges().entrySet()) {
+ for (Map.Entry<TPrivilegeEntity, String> aMap : pUpdate.getAddPrivileges().entrySet()) {
if (pInfo == null) {
pInfo = new PrivilegeInfo(pUpdate.getAuthzObj());
}
- FsAction fsAction = pInfo.getPermission(aMap.getKey());
+ FsAction fsAction = pInfo.getPermission(aMap.getKey().getValue());
if (fsAction == null) {
fsAction = getFAction(aMap.getValue());
} else {
fsAction = fsAction.or(getFAction(aMap.getValue()));
}
- pInfo.setPermission(aMap.getKey(), fsAction);
+ pInfo.setPermission(aMap.getKey().getValue(), fsAction);
}
if (pInfo != null) {
perms.addPrivilegeInfo(pInfo);
perms.addParentChildMappings(pUpdate.getAuthzObj());
- for (Map.Entry<String, String> dMap : pUpdate.getDelPrivileges().entrySet()) {
- if (dMap.getKey().equals(PermissionsUpdate.ALL_ROLES)) {
+ for (Map.Entry<TPrivilegeEntity, String> dMap : pUpdate.getDelPrivileges().entrySet()) {
+ if (dMap.getKey().getValue().equals(PermissionsUpdate.ALL_ROLES)) {
// Remove all privileges
perms.delPrivilegeInfo(pUpdate.getAuthzObj());
perms.removeParentChildMappings(pUpdate.getAuthzObj());
@@ -185,13 +197,13 @@ public class UpdateableAuthzPermissions implements AuthzPermissions, Updateable<
}
// recursive revoke
for (PrivilegeInfo pInfo2 : parentAndChild) {
- FsAction fsAction = pInfo2.getPermission(dMap.getKey());
+ FsAction fsAction = pInfo2.getPermission(dMap.getKey().getValue());
if (fsAction != null) {
fsAction = fsAction.and(getFAction(dMap.getValue()).not());
if (FsAction.NONE == fsAction) {
- pInfo2.removePermission(dMap.getKey());
+ pInfo2.removePermission(dMap.getKey().getValue());
} else {
- pInfo2.setPermission(dMap.getKey(), fsAction);
+ pInfo2.setPermission(dMap.getKey().getValue(), fsAction);
}
}
}
@@ -233,7 +245,8 @@ public class UpdateableAuthzPermissions implements AuthzPermissions, Updateable<
for (PrivilegeInfo pInfo : perms.getAllPrivileges()) {
TPrivilegeChanges pUpdate = retVal.addPrivilegeUpdate(pInfo.getAuthzObj());
for (Map.Entry<String, FsAction> ent : pInfo.getAllPermissions().entrySet()) {
- pUpdate.putToAddPrivileges(ent.getKey(), ent.getValue().SYMBOL);
+ pUpdate.putToAddPrivileges(new TPrivilegeEntity(TPrivilegeEntityType.ROLE, ent.getKey()),
+ ent.getValue().SYMBOL);
}
}
for (RoleInfo rInfo : perms.getAllRoles()) {
http://git-wip-us.apache.org/repos/asf/sentry/blob/912b1dbe/sentry-hdfs/sentry-hdfs-service/src/main/java/org/apache/sentry/hdfs/PermImageRetriever.java
----------------------------------------------------------------------
diff --git a/sentry-hdfs/sentry-hdfs-service/src/main/java/org/apache/sentry/hdfs/PermImageRetriever.java b/sentry-hdfs/sentry-hdfs-service/src/main/java/org/apache/sentry/hdfs/PermImageRetriever.java
index 53ce34f..10d52b4 100644
--- a/sentry-hdfs/sentry-hdfs-service/src/main/java/org/apache/sentry/hdfs/PermImageRetriever.java
+++ b/sentry-hdfs/sentry-hdfs-service/src/main/java/org/apache/sentry/hdfs/PermImageRetriever.java
@@ -18,6 +18,7 @@
package org.apache.sentry.hdfs;
import com.codahale.metrics.Timer.Context;
+import org.apache.sentry.hdfs.service.thrift.TPrivilegeEntity;
import org.apache.sentry.hdfs.service.thrift.TPermissionsUpdate;
import org.apache.sentry.hdfs.service.thrift.TPrivilegeChanges;
import org.apache.sentry.hdfs.service.thrift.TRoleChanges;
@@ -56,13 +57,13 @@ public class PermImageRetriever implements ImageRetriever<PermissionsUpdate> {
// with a corresponding delta change sequence number.
PermissionsImage permImage = sentryStore.retrieveFullPermssionsImage();
long curSeqNum = permImage.getCurSeqNum();
- Map<String, Map<String, String>> privilegeImage =
+ Map<String, Map<TPrivilegeEntity, String>> privilegeImage =
permImage.getPrivilegeImage();
Map<String, List<String>> roleImage =
permImage.getRoleImage();
// Translates the complete Sentry permission snapshot into a PermissionsUpdate.
- // Adds the <hiveObj, <role, privileges>> mapping and the <role, groups> mapping
+ // Adds permission mapping for user/roles <role, groups> mapping
// to be included in the permission update.
// And label it with the latest delta change sequence number for consumer
// to be aware of the next delta change it should continue with.
@@ -70,11 +71,11 @@ public class PermImageRetriever implements ImageRetriever<PermissionsUpdate> {
new HashMap<String, TPrivilegeChanges>(),
new HashMap<String, TRoleChanges>());
- for (Map.Entry<String, Map<String, String>> privEnt : privilegeImage.entrySet()) {
+ for (Map.Entry<String, Map<TPrivilegeEntity, String>> privEnt : privilegeImage.entrySet()) {
String authzObj = privEnt.getKey();
- Map<String,String> privs = privEnt.getValue();
+ Map<TPrivilegeEntity,String> privs = privEnt.getValue();
tPermUpdate.putToPrivilegeChanges(authzObj, new TPrivilegeChanges(
- authzObj, privs, new HashMap<String, String>()));
+ authzObj, privs, new HashMap<TPrivilegeEntity, String>()));
}
for (Map.Entry<String, List<String>> privEnt : roleImage.entrySet()) {
http://git-wip-us.apache.org/repos/asf/sentry/blob/912b1dbe/sentry-hdfs/sentry-hdfs-service/src/main/java/org/apache/sentry/hdfs/SentryPlugin.java
----------------------------------------------------------------------
diff --git a/sentry-hdfs/sentry-hdfs-service/src/main/java/org/apache/sentry/hdfs/SentryPlugin.java b/sentry-hdfs/sentry-hdfs-service/src/main/java/org/apache/sentry/hdfs/SentryPlugin.java
index 8485ca3..50853c9 100644
--- a/sentry-hdfs/sentry-hdfs-service/src/main/java/org/apache/sentry/hdfs/SentryPlugin.java
+++ b/sentry-hdfs/sentry-hdfs-service/src/main/java/org/apache/sentry/hdfs/SentryPlugin.java
@@ -28,6 +28,8 @@ import org.apache.sentry.core.common.utils.PubSub;
import org.apache.sentry.core.common.utils.SigUtils;
import org.apache.sentry.hdfs.ServiceConstants.ServerConfig;
import org.apache.sentry.hdfs.service.thrift.TPrivilegeChanges;
+import org.apache.sentry.hdfs.service.thrift.TPrivilegeEntity;
+import org.apache.sentry.hdfs.service.thrift.TPrivilegeEntityType;
import org.apache.sentry.hdfs.service.thrift.TRoleChanges;
import org.apache.sentry.provider.db.SentryPolicyStorePlugin;
import org.apache.sentry.provider.db.service.persistent.SentryStore;
@@ -280,8 +282,8 @@ public class SentryPlugin implements SentryPolicyStorePlugin, SigUtils.SigListen
}
PermissionsUpdate update = new PermissionsUpdate();
- update.addPrivilegeUpdate(authzObj).putToAddPrivileges(
- roleName, privilege.getAction().toUpperCase());
+ update.addPrivilegeUpdate(authzObj).putToAddPrivileges( new TPrivilegeEntity(TPrivilegeEntityType.ROLE, roleName),
+ privilege.getAction().toUpperCase());
LOGGER.debug(String.format("onAlterSentryRoleGrantPrivilegeCore, Authz Perm preUpdate [ %s ]",
authzObj));
@@ -306,8 +308,8 @@ public class SentryPlugin implements SentryPolicyStorePlugin, SigUtils.SigListen
}
PermissionsUpdate update = new PermissionsUpdate();
TPrivilegeChanges privUpdate = update.addPrivilegeUpdate(PermissionsUpdate.RENAME_PRIVS);
- privUpdate.putToAddPrivileges(newAuthz, newAuthz);
- privUpdate.putToDelPrivileges(oldAuthz, oldAuthz);
+ privUpdate.putToAddPrivileges(new TPrivilegeEntity(TPrivilegeEntityType.AUTHZ_OBJ, newAuthz), newAuthz);
+ privUpdate.putToDelPrivileges(new TPrivilegeEntity(TPrivilegeEntityType.AUTHZ_OBJ,oldAuthz), oldAuthz);
LOGGER.debug("onRenameSentryPrivilege, Authz Perm preUpdate [ {} ]", oldAuthz);
if (LOGGER.isTraceEnabled()) {
@@ -352,7 +354,8 @@ public class SentryPlugin implements SentryPolicyStorePlugin, SigUtils.SigListen
PermissionsUpdate update = new PermissionsUpdate();
update.addPrivilegeUpdate(authzObj).putToDelPrivileges(
- roleName, privilege.getAction().toUpperCase());
+ new TPrivilegeEntity(TPrivilegeEntityType.ROLE,roleName),
+ privilege.getAction().toUpperCase());
LOGGER.debug("onAlterSentryRoleRevokePrivilegeCore, Authz Perm preUpdate [ {} ]", authzObj);
return update;
@@ -367,7 +370,8 @@ public class SentryPlugin implements SentryPolicyStorePlugin, SigUtils.SigListen
}
PermissionsUpdate update = new PermissionsUpdate();
update.addPrivilegeUpdate(PermissionsUpdate.ALL_AUTHZ_OBJ).putToDelPrivileges(
- request.getRoleName(), PermissionsUpdate.ALL_AUTHZ_OBJ);
+ new TPrivilegeEntity(TPrivilegeEntityType.ROLE, request.getRoleName()),
+ PermissionsUpdate.ALL_AUTHZ_OBJ);
update.addRoleUpdate(request.getRoleName()).addToDelGroups(PermissionsUpdate.ALL_GROUPS);
LOGGER.debug("onDropSentryRole, Authz Perm preUpdate [ {} ]", request.getRoleName());
@@ -395,7 +399,8 @@ public class SentryPlugin implements SentryPolicyStorePlugin, SigUtils.SigListen
throw new SentryPluginException(failure.getMessage(), failure);
}
update.addPrivilegeUpdate(authzObj).putToDelPrivileges(
- PermissionsUpdate.ALL_ROLES, PermissionsUpdate.ALL_ROLES);
+ new TPrivilegeEntity(TPrivilegeEntityType.ROLE,PermissionsUpdate.ALL_ROLES),
+ PermissionsUpdate.ALL_ROLES);
LOGGER.debug("onDropSentryPrivilege, Authz Perm preUpdate [ {} ]", authzObj);
if (LOGGER.isTraceEnabled()) {
http://git-wip-us.apache.org/repos/asf/sentry/blob/912b1dbe/sentry-hdfs/sentry-hdfs-service/src/test/java/org/apache/sentry/hdfs/TestSentryHDFSServiceProcessor.java
----------------------------------------------------------------------
diff --git a/sentry-hdfs/sentry-hdfs-service/src/test/java/org/apache/sentry/hdfs/TestSentryHDFSServiceProcessor.java b/sentry-hdfs/sentry-hdfs-service/src/test/java/org/apache/sentry/hdfs/TestSentryHDFSServiceProcessor.java
index 578757e..845c137 100644
--- a/sentry-hdfs/sentry-hdfs-service/src/test/java/org/apache/sentry/hdfs/TestSentryHDFSServiceProcessor.java
+++ b/sentry-hdfs/sentry-hdfs-service/src/test/java/org/apache/sentry/hdfs/TestSentryHDFSServiceProcessor.java
@@ -22,6 +22,7 @@ import org.apache.sentry.core.common.utils.PubSub;
import org.apache.sentry.hdfs.ServiceConstants.ServerConfig;
import org.apache.sentry.hdfs.service.thrift.TAuthzUpdateRequest;
import org.apache.sentry.hdfs.service.thrift.TAuthzUpdateResponse;
+import org.apache.sentry.hdfs.service.thrift.TPrivilegeEntity;
import org.apache.sentry.provider.db.SentryPolicyStorePlugin;
import org.apache.sentry.provider.db.service.model.MSentryPathChange;
import org.apache.sentry.provider.db.service.model.MSentryPermChange;
@@ -64,7 +65,7 @@ public class TestSentryHDFSServiceProcessor {
Mockito.when(sentryStoreMock.getLastProcessedPermChangeID())
.thenReturn(1L);
Mockito.when(sentryStoreMock.retrieveFullPermssionsImage())
- .thenReturn(new PermissionsImage(new HashMap<String, List<String>>(), new HashMap<String, Map<String, String>>(), 1));
+ .thenReturn(new PermissionsImage(new HashMap<String, List<String>>(), new HashMap<String, Map<TPrivilegeEntity, String>>(), 1));
TAuthzUpdateRequest updateRequest = new TAuthzUpdateRequest(1, 1, 0);
TAuthzUpdateResponse sentryUpdates= serviceProcessor.get_authz_updates(updateRequest);
@@ -91,7 +92,7 @@ public class TestSentryHDFSServiceProcessor {
Mockito.when(sentryStoreMock.getLastProcessedPermChangeID())
.thenReturn(3L);
Mockito.when(sentryStoreMock.retrieveFullPermssionsImage())
- .thenReturn(new PermissionsImage(new HashMap<String, List<String>>(), new HashMap<String, Map<String, String>>(), 3));
+ .thenReturn(new PermissionsImage(new HashMap<String, List<String>>(), new HashMap<String, Map<TPrivilegeEntity, String>>(), 3));
TAuthzUpdateRequest updateRequest = new TAuthzUpdateRequest(2, 2, 1);
TAuthzUpdateResponse sentryUpdates= serviceProcessor.get_authz_updates(updateRequest);
http://git-wip-us.apache.org/repos/asf/sentry/blob/912b1dbe/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/persistent/NotificationProcessor.java
----------------------------------------------------------------------
diff --git a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/persistent/NotificationProcessor.java b/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/persistent/NotificationProcessor.java
index 96fe413..6134778 100644
--- a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/persistent/NotificationProcessor.java
+++ b/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/persistent/NotificationProcessor.java
@@ -45,8 +45,10 @@ import org.apache.sentry.hdfs.SentryMalformedPathException;
import org.apache.sentry.hdfs.UniquePathsUpdate;
import org.apache.sentry.hdfs.Updateable.Update;
import org.apache.sentry.hdfs.service.thrift.TPrivilegeChanges;
+import org.apache.sentry.hdfs.service.thrift.TPrivilegeEntityType;
import org.apache.sentry.provider.db.service.thrift.SentryMetrics;
import org.apache.sentry.provider.db.service.thrift.TSentryAuthorizable;
+import org.apache.sentry.hdfs.service.thrift.TPrivilegeEntity;
import org.apache.sentry.service.thrift.SentryServiceUtil;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
@@ -129,7 +131,8 @@ final class NotificationProcessor {
PermissionsUpdate update = new PermissionsUpdate(SentryStore.INIT_CHANGE_ID, false);
String authzObj = SentryServiceUtil.getAuthzObj(authorizable);
update.addPrivilegeUpdate(authzObj)
- .putToDelPrivileges(PermissionsUpdate.ALL_ROLES, PermissionsUpdate.ALL_ROLES);
+ .putToDelPrivileges(new TPrivilegeEntity(TPrivilegeEntityType.ROLE, PermissionsUpdate.ALL_ROLES),
+ PermissionsUpdate.ALL_ROLES);
return update;
}
@@ -155,8 +158,8 @@ final class NotificationProcessor {
String newAuthz = SentryServiceUtil.getAuthzObj(newAuthorizable);
PermissionsUpdate update = new PermissionsUpdate(SentryStore.INIT_CHANGE_ID, false);
TPrivilegeChanges privUpdate = update.addPrivilegeUpdate(PermissionsUpdate.RENAME_PRIVS);
- privUpdate.putToAddPrivileges(newAuthz, newAuthz);
- privUpdate.putToDelPrivileges(oldAuthz, oldAuthz);
+ privUpdate.putToAddPrivileges(new TPrivilegeEntity(TPrivilegeEntityType.AUTHZ_OBJ, newAuthz), newAuthz);
+ privUpdate.putToDelPrivileges(new TPrivilegeEntity(TPrivilegeEntityType.AUTHZ_OBJ, oldAuthz), oldAuthz);
return update;
}
http://git-wip-us.apache.org/repos/asf/sentry/blob/912b1dbe/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/persistent/PermissionsImage.java
----------------------------------------------------------------------
diff --git a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/persistent/PermissionsImage.java b/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/persistent/PermissionsImage.java
index 6c74e19..4a02db2 100644
--- a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/persistent/PermissionsImage.java
+++ b/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/persistent/PermissionsImage.java
@@ -18,13 +18,15 @@
package org.apache.sentry.provider.db.service.persistent;
+import org.apache.sentry.hdfs.service.thrift.TPrivilegeEntity;
+
import java.util.List;
import java.util.Map;
/**
* A container for complete sentry permission snapshot.
* <p>
- * It is composed by a role to groups mapping, and hiveObj to < role, privileges > mapping.
+ * It is composed by a role to groups mapping, and hiveObj to < role/user, privileges > mapping.
* It also has the sequence number/change ID of latest delta change that the snapshot maps to.
*/
public class PermissionsImage {
@@ -32,12 +34,12 @@ public class PermissionsImage {
// A full snapshot of sentry role to groups mapping.
private final Map<String, List<String>> roleImage;
- // A full snapshot of hiveObj to <role, privileges> mapping.
- private final Map<String, Map<String, String>> privilegeImage;
+ // A full snapshot of hiveObj to <role/user, privileges> mapping.
+ private final Map<String, Map<TPrivilegeEntity, String>> privilegeImage;
private final long curSeqNum;
public PermissionsImage(Map<String, List<String>> roleImage,
- Map<String, Map<String, String>> privilegeImage, long curSeqNum) {
+ Map<String, Map<TPrivilegeEntity, String>> privilegeImage, long curSeqNum) {
this.roleImage = roleImage;
this.privilegeImage = privilegeImage;
this.curSeqNum = curSeqNum;
@@ -47,7 +49,7 @@ public class PermissionsImage {
return curSeqNum;
}
- public Map<String, Map<String, String>> getPrivilegeImage() {
+ public Map<String, Map<TPrivilegeEntity, String>> getPrivilegeImage() {
return privilegeImage;
}
http://git-wip-us.apache.org/repos/asf/sentry/blob/912b1dbe/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/persistent/SentryStore.java
----------------------------------------------------------------------
diff --git a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/persistent/SentryStore.java b/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/persistent/SentryStore.java
index 8ac3c0d..ac5316c 100644
--- a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/persistent/SentryStore.java
+++ b/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/persistent/SentryStore.java
@@ -56,6 +56,7 @@ import org.apache.sentry.core.model.db.DBModelAuthorizable.AuthorizableType;
import org.apache.sentry.hdfs.PathsUpdate;
import org.apache.sentry.hdfs.UniquePathsUpdate;
import org.apache.sentry.hdfs.UpdateableAuthzPaths;
+import org.apache.sentry.hdfs.service.thrift.TPrivilegeEntityType;
import org.apache.sentry.provider.db.service.model.MAuthzPathsMapping;
import org.apache.sentry.provider.db.service.model.MAuthzPathsSnapshotId;
import org.apache.sentry.provider.db.service.model.MSentryChange;
@@ -78,6 +79,7 @@ import org.apache.sentry.provider.db.service.thrift.TSentryMappingData;
import org.apache.sentry.provider.db.service.thrift.TSentryPrivilege;
import org.apache.sentry.provider.db.service.thrift.TSentryPrivilegeMap;
import org.apache.sentry.provider.db.service.thrift.TSentryRole;
+import org.apache.sentry.hdfs.service.thrift.TPrivilegeEntity;
import org.apache.sentry.service.thrift.ServiceConstants.PrivilegeScope;
import org.apache.sentry.service.thrift.ServiceConstants.ServerConfig;
import org.datanucleus.store.rdbms.exceptions.MissingTableException;
@@ -2471,7 +2473,7 @@ public class SentryStore {
// enable SentryPlugin(HDFS Sync feature).
long curChangeID = getLastProcessedChangeIDCore(pm, MSentryPermChange.class);
Map<String, List<String>> roleImage = retrieveFullRoleImageCore(pm);
- Map<String, Map<String, String>> privilegeMap = retrieveFullPrivilegeImageCore(pm);
+ Map<String, Map<TPrivilegeEntity, String>> privilegeMap = retrieveFullPrivilegeImageCore(pm);
return new PermissionsImage(roleImage, privilegeMap, curChangeID);
});
@@ -2485,11 +2487,11 @@ public class SentryStore {
* @return a mapping of hiveObj to < role, privileges >
* @throws Exception
*/
- private Map<String, Map<String, String>> retrieveFullPrivilegeImageCore(PersistenceManager pm)
+ private Map<String, Map<TPrivilegeEntity, String>> retrieveFullPrivilegeImageCore(PersistenceManager pm)
throws Exception {
pm.setDetachAllOnCommit(false); // No need to detach objects
- Map<String, Map<String, String>> retVal = new HashMap<>();
+ Map<String, Map<TPrivilegeEntity, String>> retVal = new HashMap<>();
Query query = pm.newQuery(MSentryPrivilege.class);
query.addExtension(LOAD_RESULTS_AT_COMMIT, "false");
@@ -2508,7 +2510,7 @@ public class SentryStore {
if (!isNULL(mPriv.getTableName())) {
authzObj = authzObj + "." + mPriv.getTableName();
}
- Map<String, String> pUpdate = retVal.get(authzObj);
+ Map<TPrivilegeEntity, String> pUpdate = retVal.get(authzObj);
if (pUpdate == null) {
pUpdate = new HashMap<>();
retVal.put(authzObj, pUpdate);
@@ -2516,9 +2518,11 @@ public class SentryStore {
for (MSentryRole mRole : mPriv.getRoles()) {
String existingPriv = pUpdate.get(mRole.getRoleName());
if (existingPriv == null) {
- pUpdate.put(mRole.getRoleName(), mPriv.getAction().toUpperCase());
+ pUpdate.put(new TPrivilegeEntity(TPrivilegeEntityType.ROLE, mRole.getRoleName()),
+ mPriv.getAction().toUpperCase());
} else {
- pUpdate.put(mRole.getRoleName(), existingPriv + "," + mPriv.getAction().toUpperCase());
+ pUpdate.put(new TPrivilegeEntity(TPrivilegeEntityType.ROLE, mRole.getRoleName()), existingPriv + "," +
+ mPriv.getAction().toUpperCase());
}
}
}
http://git-wip-us.apache.org/repos/asf/sentry/blob/912b1dbe/sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/provider/db/service/persistent/TestSentryStore.java
----------------------------------------------------------------------
diff --git a/sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/provider/db/service/persistent/TestSentryStore.java b/sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/provider/db/service/persistent/TestSentryStore.java
index b410027..f5a777d 100644
--- a/sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/provider/db/service/persistent/TestSentryStore.java
+++ b/sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/provider/db/service/persistent/TestSentryStore.java
@@ -56,6 +56,8 @@ import org.apache.sentry.hdfs.service.thrift.TPathEntry;
import org.apache.sentry.hdfs.service.thrift.TPathsDump;
import org.apache.sentry.hdfs.service.thrift.TPathsUpdate;
import org.apache.sentry.hdfs.service.thrift.TPrivilegeChanges;
+import org.apache.sentry.hdfs.service.thrift.TPrivilegeEntity;
+import org.apache.sentry.hdfs.service.thrift.TPrivilegeEntityType;
import org.apache.sentry.hdfs.service.thrift.TRoleChanges;
import org.apache.sentry.provider.db.service.model.MSentryPermChange;
import org.apache.sentry.provider.db.service.model.MSentryPathChange;
@@ -2440,7 +2442,7 @@ public class TestSentryStore extends org.junit.Assert {
sentryStore.alterSentryRoleAddGroups(grantor, roleName2, groups);
PermissionsImage permImage = sentryStore.retrieveFullPermssionsImage();
- Map<String, Map<String, String>> privs = permImage.getPrivilegeImage();
+ Map<String, Map<TPrivilegeEntity, String>> privs = permImage.getPrivilegeImage();
Map<String, List<String>> roles = permImage.getRoleImage();
assertEquals(2, privs.get("db1.tbl1").size());
assertEquals(2, roles.size());
@@ -3084,7 +3086,7 @@ public class TestSentryStore extends org.junit.Assert {
// Generate the permission add update authzObj "db1.tbl1"
PermissionsUpdate addUpdate = new PermissionsUpdate(0, false);
addUpdate.addPrivilegeUpdate(authzObj).putToAddPrivileges(
- roleName, privilege.getAction().toUpperCase());
+ new TPrivilegeEntity(TPrivilegeEntityType.ROLE, roleName), privilege.getAction().toUpperCase());
// Grant the privilege to role test-privilege and verify it has been persisted.
Map<TSentryPrivilege, Updateable.Update> addPrivilegesUpdateMap = Maps.newHashMap();
@@ -3103,7 +3105,8 @@ public class TestSentryStore extends org.junit.Assert {
// Generate the permission delete update authzObj "db1.tbl1"
PermissionsUpdate delUpdate = new PermissionsUpdate(0, false);
delUpdate.addPrivilegeUpdate(authzObj).putToDelPrivileges(
- roleName, privilege.getAction().toUpperCase());
+ new TPrivilegeEntity(TPrivilegeEntityType.ROLE, roleName),
+ privilege.getAction().toUpperCase());
// Revoke the same privilege and verify it has been removed.
Map<TSentryPrivilege, Updateable.Update> delPrivilegesUpdateMap = Maps.newHashMap();
@@ -3184,7 +3187,8 @@ public class TestSentryStore extends org.junit.Assert {
// Generate the permission del update for dropping role "test-drop-role"
PermissionsUpdate delUpdate = new PermissionsUpdate(0, false);
delUpdate.addPrivilegeUpdate(PermissionsUpdate.ALL_AUTHZ_OBJ).putToDelPrivileges(
- roleName, PermissionsUpdate.ALL_AUTHZ_OBJ);
+ new TPrivilegeEntity(TPrivilegeEntityType.ROLE, roleName),
+ PermissionsUpdate.ALL_AUTHZ_OBJ);
delUpdate.addRoleUpdate(roleName).addToDelGroups(PermissionsUpdate.ALL_GROUPS);
// Drop the role and verify.
@@ -3217,7 +3221,8 @@ public class TestSentryStore extends org.junit.Assert {
// Generate the permission drop update for dropping privilege for "db1.tbl1"
PermissionsUpdate dropUpdate = new PermissionsUpdate(0, false);
- dropUpdate.addPrivilegeUpdate(authzObj).putToDelPrivileges(PermissionsUpdate.ALL_ROLES,
+ dropUpdate.addPrivilegeUpdate(authzObj).putToDelPrivileges(new TPrivilegeEntity(TPrivilegeEntityType.ROLE,
+ PermissionsUpdate.ALL_ROLES),
PermissionsUpdate.ALL_ROLES);
// Drop the privilege and verify.
@@ -3254,8 +3259,8 @@ public class TestSentryStore extends org.junit.Assert {
String newAuthz = "db1.tbl2";
PermissionsUpdate renameUpdate = new PermissionsUpdate(0, false);
TPrivilegeChanges privUpdate = renameUpdate.addPrivilegeUpdate(PermissionsUpdate.RENAME_PRIVS);
- privUpdate.putToAddPrivileges(newAuthz, newAuthz);
- privUpdate.putToDelPrivileges(oldAuthz, oldAuthz);
+ privUpdate.putToAddPrivileges(new TPrivilegeEntity(TPrivilegeEntityType.AUTHZ_OBJ, newAuthz), newAuthz);
+ privUpdate.putToDelPrivileges(new TPrivilegeEntity(TPrivilegeEntityType.AUTHZ_OBJ, oldAuthz), oldAuthz);
// Rename the privilege and verify.
TSentryAuthorizable oldTable = toTSentryAuthorizable(privilege_tbl1);