You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@sentry.apache.org by sp...@apache.org on 2018/05/29 18:07:02 UTC
[43/43] sentry git commit: SENTRY-2208: Refactor out Sentry service
into own module from sentry-provider-db (Anthony Young-Garner,
reviewed by Sergio Pena, Steve Moist, Na Li)
SENTRY-2208: Refactor out Sentry service into own module from sentry-provider-db (Anthony Young-Garner, reviewed by Sergio Pena, Steve Moist, Na Li)
Change-Id: I78a047b5c1900e4c6f4de693ad80b9d5b781e9ea
Project: http://git-wip-us.apache.org/repos/asf/sentry/repo
Commit: http://git-wip-us.apache.org/repos/asf/sentry/commit/b97f5c7a
Tree: http://git-wip-us.apache.org/repos/asf/sentry/tree/b97f5c7a
Diff: http://git-wip-us.apache.org/repos/asf/sentry/diff/b97f5c7a
Branch: refs/heads/master
Commit: b97f5c7aa89d3c9061dd1b6655fc0702caa93f1f
Parents: 97f6663
Author: Sergio Pena <se...@cloudera.com>
Authored: Tue May 29 13:05:25 2018 -0500
Committer: Sergio Pena <se...@cloudera.com>
Committed: Tue May 29 13:05:25 2018 -0500
----------------------------------------------------------------------
sentry-hdfs/sentry-hdfs-service/pom.xml | 6 +-
sentry-provider/sentry-provider-db/pom.xml | 64 +-
.../thrift/SentryGenericPolicyProcessor.java | 829 ---
.../SentryGenericPolicyProcessorFactory.java | 44 -
.../sentry/api/service/thrift/ConfServlet.java | 71 -
.../api/service/thrift/LogLevelServlet.java | 122 -
.../api/service/thrift/PubSubServlet.java | 128 -
.../api/service/thrift/SentryAdminServlet.java | 132 -
.../api/service/thrift/SentryAuthFilter.java | 89 -
...SentryHealthCheckServletContextListener.java | 35 -
.../api/service/thrift/SentryMetrics.java | 413 --
.../SentryMetricsServletContextListener.java | 32 -
.../thrift/SentryPolicyStoreProcessor.java | 1239 -----
.../SentryPolicyStoreProcessorFactory.java | 43 -
.../api/service/thrift/SentryWebServer.java | 240 -
.../provider/db/SentryPolicyStorePlugin.java | 97 -
.../service/persistent/DelegateSentryStore.java | 422 --
.../service/persistent/PrivilegeObject.java | 231 -
.../persistent/PrivilegeOperatePersistence.java | 568 ---
.../service/persistent/SentryStoreLayer.java | 186 -
.../tools/GenericPrivilegeConverter.java | 191 -
.../tools/TSentryPrivilegeConverter.java | 35 -
.../log/appender/AuditLoggerTestAppender.java | 52 -
.../RollingFileWithoutDeleteAppender.java | 175 -
.../db/log/entity/AuditMetadataLogEntity.java | 155 -
.../db/log/entity/DBAuditMetadataLogEntity.java | 124 -
.../db/log/entity/GMAuditMetadataLogEntity.java | 97 -
.../provider/db/log/entity/JsonLogEntity.java | 25 -
.../db/log/entity/JsonLogEntityFactory.java | 351 --
.../provider/db/log/util/CommandUtil.java | 233 -
.../sentry/provider/db/log/util/Constants.java | 116 -
.../db/service/model/MAuthzPathsMapping.java | 147 -
.../db/service/model/MAuthzPathsSnapshotId.java | 63 -
.../sentry/provider/db/service/model/MPath.java | 69 -
.../db/service/model/MSentryChange.java | 25 -
.../db/service/model/MSentryGMPrivilege.java | 436 --
.../provider/db/service/model/MSentryGroup.java | 112 -
.../service/model/MSentryHmsNotification.java | 79 -
.../db/service/model/MSentryPathChange.java | 157 -
.../db/service/model/MSentryPermChange.java | 130 -
.../db/service/model/MSentryPrivilege.java | 347 --
.../provider/db/service/model/MSentryRole.java | 224 -
.../provider/db/service/model/MSentryUser.java | 154 -
.../provider/db/service/model/MSentryUtil.java | 89 -
.../db/service/model/MSentryVersion.java | 66 -
.../provider/db/service/model/package.jdo | 341 --
.../db/service/persistent/CounterWait.java | 341 --
.../persistent/DeltaTransactionBlock.java | 103 -
.../persistent/FixedJsonInstanceSerializer.java | 163 -
.../db/service/persistent/HAContext.java | 300 --
.../db/service/persistent/HMSFollower.java | 530 --
.../service/persistent/LeaderStatusMonitor.java | 286 --
.../persistent/NotificationProcessor.java | 777 ---
.../db/service/persistent/PathsImage.java | 54 -
.../db/service/persistent/PermissionsImage.java | 59 -
.../service/persistent/QueryParamBuilder.java | 429 --
.../db/service/persistent/SentryStore.java | 4797 ------------------
.../persistent/SentryStoreSchemaInfo.java | 143 -
.../db/service/persistent/TransactionBlock.java | 39 -
.../service/persistent/TransactionManager.java | 260 -
.../service/thrift/FullUpdateInitializer.java | 524 --
.../service/thrift/FullUpdateModifier.java | 606 ---
.../sentry/service/thrift/GSSCallback.java | 110 -
.../apache/sentry/service/thrift/HMSClient.java | 56 -
.../sentry/service/thrift/HMSFollowerState.java | 43 -
.../service/thrift/HiveConnectionFactory.java | 35 -
.../service/thrift/HiveNotificationFetcher.java | 211 -
.../thrift/HiveSimpleConnectionFactory.java | 129 -
.../service/thrift/JaasConfiguration.java | 133 -
.../service/thrift/KerberosConfiguration.java | 107 -
.../sentry/service/thrift/ProcessorFactory.java | 40 -
.../sentry/service/thrift/SentryHMSClient.java | 250 -
.../service/thrift/SentryKerberosContext.java | 162 -
.../sentry/service/thrift/SentryService.java | 658 ---
.../thrift/SentryServiceClientFactory.java | 111 -
.../service/thrift/SentryServiceFactory.java | 27 -
.../service/thrift/SentryServiceState.java | 44 -
.../sentry/service/thrift/SentryState.java | 27 -
.../sentry/service/thrift/SentryStateBank.java | 159 -
.../src/main/webapp/SentryService.html | 61 -
.../src/main/webapp/css/bootstrap-theme.min.css | 10 -
.../src/main/webapp/css/bootstrap.min.css | 9 -
.../src/main/webapp/css/sentry.css | 52 -
.../src/main/webapp/sentry.png | Bin 3223 -> 0 bytes
.../SentryGenericServiceIntegrationBase.java | 73 -
.../TestAuditLogForSentryGenericService.java | 296 --
.../TestSentryGenericPolicyProcessor.java | 364 --
.../thrift/TestSentryGenericServiceClient.java | 61 -
.../TestSentryGenericServiceIntegration.java | 503 --
.../service/thrift/SentryMiniKdcTestcase.java | 68 -
.../TestAuthorizingDDLAuditLogWithKerberos.java | 295 --
.../thrift/TestConnectionWithTicketTimeout.java | 57 -
.../thrift/TestNotificationHandlerInvoker.java | 102 -
.../thrift/TestSentryPolicyServiceClient.java | 64 -
.../thrift/TestSentryPolicyStoreProcessor.java | 81 -
.../TestSentryServerForPoolWithoutKerberos.java | 35 -
.../thrift/TestSentryServerLogLevel.java | 100 -
.../service/thrift/TestSentryServerPubSub.java | 181 -
.../thrift/TestSentryServerWithoutKerberos.java | 214 -
.../thrift/TestSentryServiceClientPool.java | 111 -
.../thrift/TestSentryServiceFailureCase.java | 75 -
.../TestSentryServiceForPoolWithKerberos.java | 35 -
.../thrift/TestSentryServiceImportExport.java | 751 ---
.../thrift/TestSentryServiceIntegration.java | 1102 ----
.../thrift/TestSentryServiceMetrics.java | 86 -
.../TestSentryServiceWithInvalidMsgSize.java | 122 -
.../thrift/TestSentryServiceWithKerberos.java | 58 -
.../thrift/TestSentryWebServerWithKerberos.java | 175 -
.../thrift/TestSentryWebServerWithSSL.java | 64 -
.../TestSentryWebServerWithoutSecurity.java | 95 -
.../persistent/SentryStoreIntegrationBase.java | 91 -
.../persistent/TestDelegateSentryStore.java | 182 -
.../TestPrivilegeOperatePersistence.java | 1138 -----
.../persistent/TestSentryGMPrivilege.java | 207 -
.../service/persistent/TestSentryRole.java | 542 --
.../TestRollingFileWithoutDeleteAppender.java | 106 -
.../entity/TestDbAuditMetadataLogEntity.java | 69 -
.../entity/TestGMAuditMetadataLogEntity.java | 74 -
.../db/log/entity/TestJsonLogEntityFactory.java | 272 -
.../log/entity/TestJsonLogEntityFactoryGM.java | 259 -
.../provider/db/log/util/TestCommandUtil.java | 416 --
.../db/service/model/TestMSentryUtil.java | 106 -
.../db/service/persistent/TestCounterWait.java | 107 -
.../db/service/persistent/TestHMSFollower.java | 1296 -----
.../TestHMSFollowerSentryStoreIntegration.java | 256 -
.../persistent/TestLeaderStatusMonitor.java | 200 -
.../persistent/TestNotificationProcessor.java | 488 --
.../service/persistent/TestSentryPrivilege.java | 245 -
.../db/service/persistent/TestSentryStore.java | 4036 ---------------
.../persistent/TestSentryStoreImportExport.java | 1167 -----
.../TestSentryStoreToAuthorizable.java | 86 -
.../service/persistent/TestSentryVersion.java | 91 -
.../thrift/SentryServiceIntegrationBase.java | 309 --
.../thrift/SentryStateBankTestHelper.java | 29 -
.../service/thrift/SentryWebMetricParser.java | 86 -
.../thrift/TestFullUpdateInitializer.java | 346 --
.../service/thrift/TestFullUpdateModifier.java | 482 --
.../thrift/TestHiveNotificationFetcher.java | 163 -
.../service/thrift/TestSentryHMSClient.java | 344 --
.../service/thrift/TestSentryStateBank.java | 84 -
sentry-service/pom.xml | 2 +
sentry-service/sentry-service-client/pom.xml | 69 +
.../thrift/SentryServiceClientFactory.java | 111 +
sentry-service/sentry-service-server/pom.xml | 321 ++
.../thrift/SentryGenericPolicyProcessor.java | 829 +++
.../SentryGenericPolicyProcessorFactory.java | 44 +
.../sentry/api/service/thrift/ConfServlet.java | 71 +
.../api/service/thrift/LogLevelServlet.java | 122 +
.../api/service/thrift/PubSubServlet.java | 128 +
.../api/service/thrift/SentryAdminServlet.java | 132 +
.../api/service/thrift/SentryAuthFilter.java | 89 +
...SentryHealthCheckServletContextListener.java | 35 +
.../api/service/thrift/SentryMetrics.java | 413 ++
.../SentryMetricsServletContextListener.java | 32 +
.../thrift/SentryPolicyStoreProcessor.java | 1239 +++++
.../SentryPolicyStoreProcessorFactory.java | 43 +
.../api/service/thrift/SentryWebServer.java | 240 +
.../provider/db/SentryPolicyStorePlugin.java | 97 +
.../service/persistent/DelegateSentryStore.java | 422 ++
.../service/persistent/PrivilegeObject.java | 231 +
.../persistent/PrivilegeOperatePersistence.java | 566 +++
.../service/persistent/SentryStoreLayer.java | 186 +
.../tools/GenericPrivilegeConverter.java | 191 +
.../tools/TSentryPrivilegeConverter.java | 35 +
.../log/appender/AuditLoggerTestAppender.java | 52 +
.../RollingFileWithoutDeleteAppender.java | 175 +
.../db/log/entity/AuditMetadataLogEntity.java | 155 +
.../db/log/entity/DBAuditMetadataLogEntity.java | 124 +
.../db/log/entity/GMAuditMetadataLogEntity.java | 97 +
.../provider/db/log/entity/JsonLogEntity.java | 25 +
.../db/log/entity/JsonLogEntityFactory.java | 351 ++
.../provider/db/log/util/CommandUtil.java | 233 +
.../sentry/provider/db/log/util/Constants.java | 116 +
.../db/service/model/MAuthzPathsMapping.java | 147 +
.../db/service/model/MAuthzPathsSnapshotId.java | 63 +
.../sentry/provider/db/service/model/MPath.java | 69 +
.../db/service/model/MSentryChange.java | 25 +
.../db/service/model/MSentryGMPrivilege.java | 436 ++
.../provider/db/service/model/MSentryGroup.java | 112 +
.../service/model/MSentryHmsNotification.java | 79 +
.../db/service/model/MSentryPathChange.java | 157 +
.../db/service/model/MSentryPermChange.java | 130 +
.../db/service/model/MSentryPrivilege.java | 347 ++
.../provider/db/service/model/MSentryRole.java | 224 +
.../provider/db/service/model/MSentryUser.java | 154 +
.../provider/db/service/model/MSentryUtil.java | 89 +
.../db/service/model/MSentryVersion.java | 66 +
.../provider/db/service/model/package.jdo | 341 ++
.../db/service/persistent/CounterWait.java | 341 ++
.../persistent/DeltaTransactionBlock.java | 103 +
.../persistent/FixedJsonInstanceSerializer.java | 163 +
.../db/service/persistent/HAContext.java | 300 ++
.../db/service/persistent/HMSFollower.java | 530 ++
.../service/persistent/LeaderStatusMonitor.java | 286 ++
.../persistent/NotificationProcessor.java | 777 +++
.../db/service/persistent/PathsImage.java | 54 +
.../db/service/persistent/PermissionsImage.java | 59 +
.../service/persistent/QueryParamBuilder.java | 429 ++
.../db/service/persistent/SentryStore.java | 4796 +++++++++++++++++
.../persistent/SentryStoreSchemaInfo.java | 143 +
.../db/service/persistent/TransactionBlock.java | 39 +
.../service/persistent/TransactionManager.java | 260 +
.../service/thrift/FullUpdateInitializer.java | 524 ++
.../service/thrift/FullUpdateModifier.java | 606 +++
.../sentry/service/thrift/GSSCallback.java | 110 +
.../apache/sentry/service/thrift/HMSClient.java | 56 +
.../sentry/service/thrift/HMSFollowerState.java | 43 +
.../service/thrift/HiveConnectionFactory.java | 35 +
.../service/thrift/HiveNotificationFetcher.java | 211 +
.../thrift/HiveSimpleConnectionFactory.java | 129 +
.../service/thrift/JaasConfiguration.java | 133 +
.../service/thrift/KerberosConfiguration.java | 107 +
.../sentry/service/thrift/ProcessorFactory.java | 40 +
.../sentry/service/thrift/SentryHMSClient.java | 250 +
.../service/thrift/SentryKerberosContext.java | 162 +
.../sentry/service/thrift/SentryService.java | 658 +++
.../service/thrift/SentryServiceFactory.java | 27 +
.../service/thrift/SentryServiceState.java | 44 +
.../sentry/service/thrift/SentryState.java | 27 +
.../sentry/service/thrift/SentryStateBank.java | 159 +
.../src/main/webapp/SentryService.html | 61 +
.../src/main/webapp/css/bootstrap-theme.min.css | 10 +
.../src/main/webapp/css/bootstrap.min.css | 9 +
.../src/main/webapp/css/sentry.css | 52 +
.../src/main/webapp/sentry.png | Bin 0 -> 3223 bytes
.../SentryGenericServiceIntegrationBase.java | 73 +
.../TestAuditLogForSentryGenericService.java | 296 ++
.../TestSentryGenericPolicyProcessor.java | 364 ++
.../thrift/TestSentryGenericServiceClient.java | 62 +
.../TestSentryGenericServiceIntegration.java | 503 ++
.../service/thrift/SentryMiniKdcTestcase.java | 68 +
.../TestAuthorizingDDLAuditLogWithKerberos.java | 295 ++
.../thrift/TestConnectionWithTicketTimeout.java | 57 +
.../thrift/TestNotificationHandlerInvoker.java | 102 +
.../thrift/TestSentryPolicyServiceClient.java | 64 +
.../thrift/TestSentryPolicyStoreProcessor.java | 81 +
.../TestSentryServerForPoolWithoutKerberos.java | 35 +
.../thrift/TestSentryServerLogLevel.java | 100 +
.../service/thrift/TestSentryServerPubSub.java | 181 +
.../thrift/TestSentryServerWithoutKerberos.java | 214 +
.../thrift/TestSentryServiceClientPool.java | 111 +
.../thrift/TestSentryServiceFailureCase.java | 75 +
.../TestSentryServiceForPoolWithKerberos.java | 35 +
.../thrift/TestSentryServiceImportExport.java | 751 +++
.../thrift/TestSentryServiceIntegration.java | 1102 ++++
.../thrift/TestSentryServiceMetrics.java | 86 +
.../TestSentryServiceWithInvalidMsgSize.java | 122 +
.../thrift/TestSentryServiceWithKerberos.java | 58 +
.../thrift/TestSentryWebServerWithKerberos.java | 175 +
.../thrift/TestSentryWebServerWithSSL.java | 64 +
.../TestSentryWebServerWithoutSecurity.java | 95 +
.../TestSentryWebServiceForAuthTypeNone.java | 64 +
.../persistent/SentryStoreIntegrationBase.java | 91 +
.../persistent/TestDelegateSentryStore.java | 182 +
.../TestPrivilegeOperatePersistence.java | 1138 +++++
.../persistent/TestSentryGMPrivilege.java | 207 +
.../service/persistent/TestSentryRole.java | 542 ++
.../TestRollingFileWithoutDeleteAppender.java | 106 +
.../entity/TestDbAuditMetadataLogEntity.java | 69 +
.../entity/TestGMAuditMetadataLogEntity.java | 74 +
.../db/log/entity/TestJsonLogEntityFactory.java | 272 +
.../log/entity/TestJsonLogEntityFactoryGM.java | 259 +
.../provider/db/log/util/TestCommandUtil.java | 416 ++
.../db/service/model/TestMSentryUtil.java | 106 +
.../db/service/persistent/TestCounterWait.java | 107 +
.../db/service/persistent/TestHMSFollower.java | 1296 +++++
.../TestHMSFollowerSentryStoreIntegration.java | 256 +
.../persistent/TestLeaderStatusMonitor.java | 200 +
.../persistent/TestNotificationProcessor.java | 488 ++
.../service/persistent/TestSentryPrivilege.java | 245 +
.../db/service/persistent/TestSentryStore.java | 4036 +++++++++++++++
.../persistent/TestSentryStoreImportExport.java | 1167 +++++
.../TestSentryStoreToAuthorizable.java | 86 +
.../service/persistent/TestSentryVersion.java | 91 +
.../TestSentryWebServiceForAuthTypeNone.java | 64 -
.../thrift/SentryServiceIntegrationBase.java | 309 ++
.../thrift/SentryStateBankTestHelper.java | 29 +
.../service/thrift/SentryWebMetricParser.java | 86 +
.../thrift/TestFullUpdateInitializer.java | 346 ++
.../service/thrift/TestFullUpdateModifier.java | 482 ++
.../thrift/TestHiveNotificationFetcher.java | 163 +
.../service/thrift/TestSentryHMSClient.java | 344 ++
.../service/thrift/TestSentryStateBank.java | 84 +
.../src/test/resources/cacerts.jks | 0
.../src/test/resources/keystore.jks | 0
.../src/test/resources/log4j.properties | 34 +
sentry-tests/sentry-tests-hive/pom.xml | 3 +-
sentry-tests/sentry-tests-kafka/pom.xml | 3 +-
sentry-tests/sentry-tests-solr/pom.xml | 53 +-
sentry-tests/sentry-tests-sqoop/pom.xml | 3 +-
sentry-tools/pom.xml | 7 +-
291 files changed, 39762 insertions(+), 39337 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/sentry/blob/b97f5c7a/sentry-hdfs/sentry-hdfs-service/pom.xml
----------------------------------------------------------------------
diff --git a/sentry-hdfs/sentry-hdfs-service/pom.xml b/sentry-hdfs/sentry-hdfs-service/pom.xml
index 50a451d..888f61e 100644
--- a/sentry-hdfs/sentry-hdfs-service/pom.xml
+++ b/sentry-hdfs/sentry-hdfs-service/pom.xml
@@ -73,7 +73,8 @@ limitations under the License.
</dependency>
<dependency>
<groupId>org.apache.sentry</groupId>
- <artifactId>sentry-provider-db</artifactId>
+ <artifactId>sentry-service-server</artifactId>
+ <version>${project.version}</version>
</dependency>
<dependency>
<groupId>org.apache.hive</groupId>
@@ -105,7 +106,8 @@ limitations under the License.
</dependency>
<dependency>
<groupId>org.apache.sentry</groupId>
- <artifactId>sentry-provider-db</artifactId>
+ <artifactId>sentry-service-server</artifactId>
+ <version>${project.version}</version>
<type>test-jar</type>
<scope>test</scope>
</dependency>
http://git-wip-us.apache.org/repos/asf/sentry/blob/b97f5c7a/sentry-provider/sentry-provider-db/pom.xml
----------------------------------------------------------------------
diff --git a/sentry-provider/sentry-provider-db/pom.xml b/sentry-provider/sentry-provider-db/pom.xml
index 48a187a..a8a15bf 100644
--- a/sentry-provider/sentry-provider-db/pom.xml
+++ b/sentry-provider/sentry-provider-db/pom.xml
@@ -154,6 +154,11 @@ limitations under the License.
<version>${project.version}</version>
</dependency>
<dependency>
+ <groupId>org.apache.sentry</groupId>
+ <artifactId>sentry-service-client</artifactId>
+ <version>${project.version}</version>
+ </dependency>
+ <dependency>
<groupId>org.apache.hive</groupId>
<artifactId>hive-shims</artifactId>
<scope>provided</scope>
@@ -287,65 +292,6 @@ limitations under the License.
</resources>
<plugins>
<plugin>
- <groupId>com.google.code.maven-replacer-plugin</groupId>
- <artifactId>replacer</artifactId>
- <version>1.5.2</version>
- <executions>
- <execution>
- <id>replaceTokens</id>
- <phase>clean</phase>
- <goals>
- <goal>replace</goal>
- </goals>
- </execution>
- </executions>
- <configuration>
- <file>${basedir}/src/main/webapp/SentryService.html</file>
- <replacements>
- <replacement>
- <token>%PROJECT_VERSION%</token>
- <value>${project.version}</value>
- </replacement>
- </replacements>
- </configuration>
- </plugin>
- <plugin>
- <groupId>org.datanucleus</groupId>
- <artifactId>datanucleus-maven-plugin</artifactId>
- <version>${datanucleus.maven.plugin.version}</version>
- <configuration>
- <api>JDO</api>
- <metadataIncludes>**/*.jdo</metadataIncludes>
- <verbose>true</verbose>
- </configuration>
- <executions>
- <execution>
- <phase>process-classes</phase>
- <goals>
- <goal>enhance</goal>
- </goals>
- </execution>
- </executions>
- <dependencies>
- <dependency>
- <groupId>org.datanucleus</groupId>
- <artifactId>datanucleus-core</artifactId>
- <version>${datanucleus-core.version}</version>
- </dependency>
- </dependencies>
- </plugin>
- <plugin>
- <groupId>org.apache.maven.plugins</groupId>
- <artifactId>maven-jar-plugin</artifactId>
- <executions>
- <execution>
- <goals>
- <goal>test-jar</goal>
- </goals>
- </execution>
- </executions>
- </plugin>
- <plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-surefire-plugin</artifactId>
<configuration>
http://git-wip-us.apache.org/repos/asf/sentry/blob/b97f5c7a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/api/generic/thrift/SentryGenericPolicyProcessor.java
----------------------------------------------------------------------
diff --git a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/api/generic/thrift/SentryGenericPolicyProcessor.java b/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/api/generic/thrift/SentryGenericPolicyProcessor.java
deleted file mode 100644
index 1cc4b1b..0000000
--- a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/api/generic/thrift/SentryGenericPolicyProcessor.java
+++ /dev/null
@@ -1,829 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package org.apache.sentry.api.generic.thrift;
-
-import static org.apache.sentry.core.common.utils.SentryConstants.AUTHORIZABLE_JOINER;
-import static org.apache.sentry.core.common.utils.SentryConstants.KV_JOINER;
-
-import java.lang.reflect.Constructor;
-import java.util.Collections;
-import java.util.HashSet;
-import java.util.List;
-import java.util.Map;
-import java.util.Set;
-
-import org.apache.hadoop.conf.Configuration;
-import org.apache.sentry.api.common.ThriftConstants;
-import org.apache.sentry.core.common.exception.SentryUserException;
-import org.apache.sentry.core.common.Authorizable;
-import org.apache.sentry.core.common.utils.SentryConstants;
-import org.apache.sentry.core.common.exception.SentrySiteConfigurationException;
-import org.apache.sentry.core.model.db.AccessConstants;
-import org.apache.sentry.core.common.utils.KeyValue;
-import org.apache.sentry.provider.common.AuthorizationComponent;
-import org.apache.sentry.core.common.exception.SentryAccessDeniedException;
-import org.apache.sentry.core.common.exception.SentryAlreadyExistsException;
-import org.apache.sentry.core.common.exception.SentryInvalidInputException;
-import org.apache.sentry.core.common.exception.SentryNoSuchObjectException;
-import org.apache.sentry.core.common.exception.SentryThriftAPIMismatchException;
-import org.apache.sentry.provider.db.generic.service.persistent.DelegateSentryStore;
-import org.apache.sentry.provider.db.generic.service.persistent.PrivilegeObject;
-import org.apache.sentry.provider.db.generic.service.persistent.PrivilegeObject.Builder;
-import org.apache.sentry.provider.db.generic.service.persistent.SentryStoreLayer;
-import org.apache.sentry.provider.db.log.entity.JsonLogEntityFactory;
-import org.apache.sentry.provider.db.log.util.Constants;
-import org.apache.sentry.provider.db.service.model.MSentryGMPrivilege;
-import org.apache.sentry.provider.db.service.model.MSentryRole;
-import org.apache.sentry.core.common.utils.PolicyStoreConstants;
-import org.apache.sentry.api.service.thrift.SentryPolicyStoreProcessor;
-import org.apache.sentry.service.common.ServiceConstants.ServerConfig;
-import org.apache.sentry.api.common.Status;
-import org.apache.sentry.service.thrift.TSentryResponseStatus;
-import org.apache.thrift.TException;
-import org.slf4j.Logger;
-import org.slf4j.LoggerFactory;
-
-import com.google.common.annotations.VisibleForTesting;
-import com.google.common.base.Splitter;
-import com.google.common.base.Strings;
-import com.google.common.collect.ImmutableSet;
-import com.google.common.collect.Lists;
-import com.google.common.collect.Maps;
-import com.google.common.collect.Sets;
-
-public class SentryGenericPolicyProcessor implements SentryGenericPolicyService.Iface {
- private static final Logger LOGGER = LoggerFactory.getLogger(SentryGenericPolicyProcessor.class);
- private static final Logger AUDIT_LOGGER = LoggerFactory
- .getLogger(Constants.AUDIT_LOGGER_NAME_GENERIC);
- private final Configuration conf;
- private final ImmutableSet<String> adminGroups;
- private final SentryStoreLayer store;
- private final NotificationHandlerInvoker handerInvoker;
-
- private static final String ACCESS_DENIAL_MESSAGE = "Access denied to ";
-
- SentryGenericPolicyProcessor(Configuration conf) throws Exception {
- this.store = new DelegateSentryStore(conf);
- this.handerInvoker = new NotificationHandlerInvoker(createHandlers(conf));
- this.conf = conf;
- adminGroups = ImmutableSet.copyOf((Sets.newHashSet(conf.getStrings(
- ServerConfig.ADMIN_GROUPS, new String[]{}))));
- }
-
- @VisibleForTesting
- SentryGenericPolicyProcessor(Configuration conf, SentryStoreLayer store) throws Exception {
- this.store = store;
- this.handerInvoker = new NotificationHandlerInvoker(createHandlers(conf));
- this.conf = conf;
- adminGroups = ImmutableSet.copyOf(toTrimmed(Sets.newHashSet(conf.getStrings(
- ServerConfig.ADMIN_GROUPS, new String[]{}))));
- }
-
- private void authorize(String requestorUser, Set<String> requestorGroups)
- throws SentryAccessDeniedException {
- if (!inAdminGroups(requestorGroups)) {
- String msg = "User: " + requestorUser + " is part of " + requestorGroups +
- " which does not, intersect admin groups " + adminGroups;
- LOGGER.warn(msg);
- throw new SentryAccessDeniedException(ACCESS_DENIAL_MESSAGE + requestorUser);
- }
- }
-
- private Set<String> toTrimmedLower(Set<String> s) {
- if (s == null) {
- return Collections.emptySet();
- }
- Set<String> result = new HashSet<>(s.size());
- for (String v : s) {
- result.add(v.trim().toLowerCase());
- }
- return result;
- }
-
- private Set<String> toTrimmed(Set<String> s) {
- if (s == null) {
- return Collections.emptySet();
- }
- Set<String> result = new HashSet<>(s.size());
- for (String v : s) {
- result.add(v.trim());
- }
- return result;
- }
-
- private String toTrimmedLower(String s) {
- if (Strings.isNullOrEmpty(s)){
- return "";
- }
- return s.trim().toLowerCase();
- }
-
- private static Set<String> getRequestorGroups(Configuration conf, String userName) throws SentryUserException {
- return SentryPolicyStoreProcessor.getGroupsFromUserName(conf, userName);
- }
-
- private boolean inAdminGroups(Set<String> requestorGroups) {
- return !Sets.intersection(adminGroups, requestorGroups).isEmpty();
- }
-
- static List<NotificationHandler> createHandlers(Configuration conf) throws SentrySiteConfigurationException {
-
- List<NotificationHandler> handlers = Lists.newArrayList();
- Iterable<String> notificationHandlers = Splitter.onPattern("[\\s,]").trimResults()
- .omitEmptyStrings().split(conf.get(PolicyStoreConstants.SENTRY_GENERIC_POLICY_NOTIFICATION, ""));
- try {
- for (String notificationHandler : notificationHandlers) {
- handlers.add(createInstance(notificationHandler, conf, NotificationHandler.class));
- }
- } catch (Exception e) {
- throw new SentrySiteConfigurationException("Create notificationHandlers error: " + e.getMessage(), e);
- }
- return handlers;
- }
-
- @SuppressWarnings("unchecked")
- private static <T> T createInstance(String className, Configuration conf, Class<T> iface) throws Exception {
- T result;
- try {
- Class<?> clazz = Class.forName(className);
- if (!iface.isAssignableFrom(clazz)) {
- throw new IllegalArgumentException("Class " + clazz + " is not a " +
- iface.getName());
- }
- Constructor<T> meth = (Constructor<T>)clazz.getDeclaredConstructor(Configuration.class);
- meth.setAccessible(true);
- result = meth.newInstance(new Object[]{conf});
- } catch (Exception e) {
- throw new RuntimeException(e);
- }
- return result;
- }
-
- private <T> Response<T> requestHandle(RequestHandler<T> handler) {
- Response<T> response = new Response<T>();
- try {
- response = handler.handle();
- } catch (SentryAccessDeniedException e) {
- String msg = "Sentry access denied: " + e.getMessage();
- LOGGER.error(msg, e);
- response.status = Status.AccessDenied(e.getMessage(), e);
- } catch (SentryAlreadyExistsException e) {
- String msg = "Sentry object already exists: " + e.getMessage();
- LOGGER.error(msg, e);
- response.status = Status.AlreadyExists(e.getMessage(), e);
- } catch (SentryNoSuchObjectException e) {
- String msg = "Sentry object doesn't exist: " + e.getMessage();
- LOGGER.error(msg, e);
- response.status = Status.NoSuchObject(e.getMessage(), e);
- } catch (SentryInvalidInputException e) {
- String msg = "Invalid input privilege object: " + e.getMessage();
- LOGGER.error(msg, e);
- response.status = Status.InvalidInput(msg, e);
- } catch (SentryThriftAPIMismatchException e) {
- String msg = "Sentry thrift API mismatch error: " + e.getMessage();
- LOGGER.error(msg, e);
- response.status = Status.THRIFT_VERSION_MISMATCH(e.getMessage(), e);
- } catch (Exception e) {
- String msg = "Unknown error:" + e.getMessage();
- LOGGER.error(msg, e);
- response.status = Status.RuntimeError(msg, e);
- }
- return response;
- }
-
- private PrivilegeObject toPrivilegeObject(TSentryPrivilege tSentryPrivilege) {
- Boolean grantOption;
- if (tSentryPrivilege.getGrantOption().equals(TSentryGrantOption.TRUE)) {
- grantOption = true;
- } else if (tSentryPrivilege.getGrantOption().equals(TSentryGrantOption.FALSE)) {
- grantOption = false;
- } else {
- grantOption = null;
- }
- return new Builder().setComponent(tSentryPrivilege.getComponent())
- .setService(tSentryPrivilege.getServiceName())
- .setAuthorizables(toAuthorizables(tSentryPrivilege.getAuthorizables()))
- .setAction(tSentryPrivilege.getAction())
- .withGrantOption(grantOption)
- .build();
- }
-
- private TSentryPrivilege fromPrivilegeObject(PrivilegeObject privilege) {
-
- TSentryPrivilege tPrivilege = new TSentryPrivilege(privilege.getComponent(), privilege.getService(),
- fromAuthorizable(privilege.getAuthorizables()),
- privilege.getAction());
- if (privilege.getGrantOption() == null) {
- tPrivilege.setGrantOption(TSentryGrantOption.UNSET);
- } else if (privilege.getGrantOption()) {
- tPrivilege.setGrantOption(TSentryGrantOption.TRUE);
- } else {
- tPrivilege.setGrantOption(TSentryGrantOption.FALSE);
- }
- return tPrivilege;
- }
-
- private List<TAuthorizable> fromAuthorizable(List<? extends Authorizable> authorizables) {
- List<TAuthorizable> tAuthorizables = Lists.newArrayList();
- for (Authorizable authorizable : authorizables) {
- tAuthorizables.add(new TAuthorizable(authorizable.getTypeName(), authorizable.getName()));
- }
- return tAuthorizables;
- }
-
- private String fromAuthorizableToStr(List<? extends Authorizable> authorizables) {
- if (authorizables != null && !authorizables.isEmpty()) {
- List<String> privileges = Lists.newArrayList();
-
- for (Authorizable authorizable : authorizables) {
-
- privileges.add(SentryConstants.KV_JOINER.join(authorizable.getTypeName(),
- authorizable.getName()));
- }
-
- return SentryConstants.AUTHORIZABLE_JOINER.join(privileges);
- } else {
- return "";
- }
- }
-
- private List<? extends Authorizable> toAuthorizables(List<TAuthorizable> tAuthorizables) {
- List<Authorizable> authorizables = Lists.newArrayList();
- if (tAuthorizables == null) {
- return authorizables;
- }
- for (final TAuthorizable tAuthorizable : tAuthorizables) {
- authorizables.add(new Authorizable() {
- @Override
- public String getTypeName() {
- return tAuthorizable.getType();
- }
- @Override
- public String getName() {
- return tAuthorizable.getName();
- }
- });
- }
- return authorizables;
- }
-
- private List<? extends Authorizable> toAuthorizables(String privilegeStr) {
- List<Authorizable> authorizables = Lists.newArrayList();
- if (privilegeStr == null) {
- return authorizables;
- }
-
- for (String authorizable : SentryConstants.AUTHORIZABLE_SPLITTER.split(privilegeStr)) {
- KeyValue tempKV = new KeyValue(authorizable);
- final String key = tempKV.getKey();
- final String value = tempKV.getValue();
-
- authorizables.add(new Authorizable() {
- @Override
- public String getTypeName() {
- return key;
- }
-
- @Override
- public String getName() {
- return value;
- }
- });
- }
-
- return authorizables;
- }
-
- // Construct the role to set of privileges mapping based on the
- // MSentryGMPrivilege information.
- private TSentryPrivilegeMap toTSentryPrivilegeMap(Set<MSentryGMPrivilege> mPrivileges) {
-
- // Mapping of <Role, Set<Privilege>>.
- Map<String, Set<TSentryPrivilege>> tPrivilegeMap = Maps.newTreeMap();
-
- for (MSentryGMPrivilege mPrivilege : mPrivileges) {
- for (MSentryRole role : mPrivilege.getRoles()) {
-
- TSentryPrivilege tPrivilege = toTSentryPrivilege(mPrivilege);
-
- if (tPrivilegeMap.containsKey(role.getRoleName())) {
- tPrivilegeMap.get(role.getRoleName()).add(tPrivilege);
- } else {
- Set<TSentryPrivilege> tPrivilegeSet = Sets.newTreeSet();
- tPrivilegeSet.add(tPrivilege);
- tPrivilegeMap.put(role.getRoleName(), tPrivilegeSet);
- }
- }
- }
-
- return new TSentryPrivilegeMap(tPrivilegeMap);
- }
-
- // Construct TSentryPrivilege based on MSentryGMPrivilege information.
- private TSentryPrivilege toTSentryPrivilege(MSentryGMPrivilege mPrivilege) {
-
- TSentryPrivilege tPrivilege = new TSentryPrivilege(mPrivilege.getComponentName(),
- mPrivilege.getServiceName(), fromAuthorizable(mPrivilege.getAuthorizables()), mPrivilege.getAction());
-
- if (mPrivilege.getGrantOption() == null) {
- tPrivilege.setGrantOption(TSentryGrantOption.UNSET);
- } else if (mPrivilege.getGrantOption()) {
- tPrivilege.setGrantOption(TSentryGrantOption.TRUE);
- } else {
- tPrivilege.setGrantOption(TSentryGrantOption.FALSE);
- }
-
- return tPrivilege;
- }
-
- private Set<String> buildPermissions(Set<PrivilegeObject> privileges) {
- Set<String> permissions = Sets.newHashSet();
- for (PrivilegeObject privilege : privileges) {
- List<String> hierarchy = Lists.newArrayList();
- if (hasComponentServerPrivilege(privilege.getComponent())) {
- hierarchy.add(KV_JOINER.join("server", privilege.getService()));
- }
- for (Authorizable authorizable : privilege.getAuthorizables()) {
- hierarchy.add(KV_JOINER.join(authorizable.getTypeName(),authorizable.getName()));
- }
- hierarchy.add(KV_JOINER.join("action", privilege.getAction()));
- permissions.add(AUTHORIZABLE_JOINER.join(hierarchy));
- }
- return permissions;
- }
-
- private boolean hasComponentServerPrivilege(String component) {
- //judge the component whether has the server privilege, for example: sqoop has the privilege on the server
- return AuthorizationComponent.SQOOP.equalsIgnoreCase(component);
- }
-
- @Override
- public TCreateSentryRoleResponse create_sentry_role(
- final TCreateSentryRoleRequest request) throws TException {
- Response<Void> respose = requestHandle(new RequestHandler<Void>() {
- @Override
- public Response<Void> handle() throws Exception {
- validateClientVersion(request.getProtocol_version());
- authorize(request.getRequestorUserName(),
- getRequestorGroups(conf, request.getRequestorUserName()));
- store.createRole(request.getComponent(), request.getRoleName(),
- request.getRequestorUserName());
- return new Response<Void>(Status.OK());
- }
- });
-
- TCreateSentryRoleResponse tResponse = new TCreateSentryRoleResponse(respose.status);
- if (Status.OK.getCode() == respose.status.getValue()) {
- handerInvoker.create_sentry_role(request, tResponse);
- }
-
- try {
- AUDIT_LOGGER.info(JsonLogEntityFactory.getInstance()
- .createJsonLogEntity(request, tResponse, conf).toJsonFormatLog());
- } catch (Exception e) {
- // if any exception, log the exception.
- String msg = "Error in creating audit log for create role: " + e.getMessage();
- LOGGER.error(msg, e);
- }
- return tResponse;
- }
-
- @Override
- public TDropSentryRoleResponse drop_sentry_role(final TDropSentryRoleRequest request)
- throws TException {
- Response<Void> respose = requestHandle(new RequestHandler<Void>() {
- @Override
- public Response<Void> handle() throws Exception {
- validateClientVersion(request.getProtocol_version());
- authorize(request.getRequestorUserName(),
- getRequestorGroups(conf, request.getRequestorUserName()));
- store.dropRole(request.getComponent(), request.getRoleName(),
- request.getRequestorUserName());
- return new Response<Void>(Status.OK());
- }
- });
-
- TDropSentryRoleResponse tResponse = new TDropSentryRoleResponse(respose.status);
- if (Status.OK.getCode() == respose.status.getValue()) {
- handerInvoker.drop_sentry_role(request, tResponse);
- }
-
- try {
- AUDIT_LOGGER.info(JsonLogEntityFactory.getInstance()
- .createJsonLogEntity(request, tResponse, conf).toJsonFormatLog());
- } catch (Exception e) {
- // if any exception, log the exception.
- String msg = "Error in creating audit log for drop role: " + e.getMessage();
- LOGGER.error(msg, e);
- }
- return tResponse;
- }
-
- @Override
- public TAlterSentryRoleGrantPrivilegeResponse alter_sentry_role_grant_privilege(
- final TAlterSentryRoleGrantPrivilegeRequest request) throws TException {
- Response<Void> respose = requestHandle(new RequestHandler<Void>() {
- @Override
- public Response<Void> handle() throws Exception {
- validateClientVersion(request.getProtocol_version());
- store.alterRoleGrantPrivilege(request.getComponent(),
- request.getRoleName(),
- toPrivilegeObject(request.getPrivilege()),
- request.getRequestorUserName());
- return new Response<Void>(Status.OK());
- }
- });
-
- TAlterSentryRoleGrantPrivilegeResponse tResponse = new TAlterSentryRoleGrantPrivilegeResponse(respose.status);
- if (Status.OK.getCode() == respose.status.getValue()) {
- handerInvoker.alter_sentry_role_grant_privilege(request, tResponse);
- }
-
- try {
- AUDIT_LOGGER.info(JsonLogEntityFactory.getInstance()
- .createJsonLogEntity(request, tResponse, conf).toJsonFormatLog());
- } catch (Exception e) {
- // if any exception, log the exception.
- String msg = "Error in creating audit log for grant privilege to role: " + e.getMessage();
- LOGGER.error(msg, e);
- }
- return tResponse;
- }
-
- @Override
- public TAlterSentryRoleRevokePrivilegeResponse alter_sentry_role_revoke_privilege(
- final TAlterSentryRoleRevokePrivilegeRequest request) throws TException {
- Response<Void> respose = requestHandle(new RequestHandler<Void>() {
- @Override
- public Response<Void> handle() throws Exception {
- validateClientVersion(request.getProtocol_version());
- store.alterRoleRevokePrivilege(request.getComponent(),
- request.getRoleName(),
- toPrivilegeObject(request.getPrivilege()),
- request.getRequestorUserName());
- return new Response<Void>(Status.OK());
- }
- });
-
- TAlterSentryRoleRevokePrivilegeResponse tResponse =
- new TAlterSentryRoleRevokePrivilegeResponse(respose.status);
- if (Status.OK.getCode() == respose.status.getValue()) {
- handerInvoker.alter_sentry_role_revoke_privilege(request, tResponse);
- }
-
- try {
- AUDIT_LOGGER.info(JsonLogEntityFactory.getInstance()
- .createJsonLogEntity(request, tResponse, conf).toJsonFormatLog());
- } catch (Exception e) {
- // if any exception, log the exception.
- String msg = "Error in creating audit log for revoke privilege from role: " + e.getMessage();
- LOGGER.error(msg, e);
- }
- return tResponse;
- }
-
- @Override
- public TAlterSentryRoleAddGroupsResponse alter_sentry_role_add_groups(
- final TAlterSentryRoleAddGroupsRequest request) throws TException {
- Response<Void> respose = requestHandle(new RequestHandler<Void>() {
- @Override
- public Response<Void> handle() throws Exception {
- validateClientVersion(request.getProtocol_version());
- authorize(request.getRequestorUserName(),
- getRequestorGroups(conf, request.getRequestorUserName()));
- store.alterRoleAddGroups(request.getComponent(),
- request.getRoleName(),
- request.getGroups(),
- request.getRequestorUserName());
- return new Response<Void>(Status.OK());
- }
- });
-
- TAlterSentryRoleAddGroupsResponse tResponse =
- new TAlterSentryRoleAddGroupsResponse(respose.status);
- if (Status.OK.getCode() == respose.status.getValue()) {
- handerInvoker.alter_sentry_role_add_groups(request, tResponse);
- }
-
- try {
- AUDIT_LOGGER.info(JsonLogEntityFactory.getInstance()
- .createJsonLogEntity(request, tResponse, conf).toJsonFormatLog());
- } catch (Exception e) {
- // if any exception, log the exception.
- String msg = "Error in creating audit log for add role to group: " + e.getMessage();
- LOGGER.error(msg, e);
- }
- return tResponse;
- }
-
- @Override
- public TAlterSentryRoleDeleteGroupsResponse alter_sentry_role_delete_groups(
- final TAlterSentryRoleDeleteGroupsRequest request) throws TException {
- Response<Void> respose = requestHandle(new RequestHandler<Void>() {
- @Override
- public Response<Void> handle() throws Exception {
- validateClientVersion(request.getProtocol_version());
- authorize(request.getRequestorUserName(),
- getRequestorGroups(conf, request.getRequestorUserName()));
- store.alterRoleDeleteGroups(request.getComponent(),
- request.getRoleName(),
- request.getGroups(),
- request.getRequestorUserName());
- return new Response<Void>(Status.OK());
- }
- });
-
- TAlterSentryRoleDeleteGroupsResponse tResponse =
- new TAlterSentryRoleDeleteGroupsResponse(respose.status);
- if (Status.OK.getCode() == respose.status.getValue()) {
- handerInvoker.alter_sentry_role_delete_groups(request, tResponse);
- }
-
- try {
- AUDIT_LOGGER.info(JsonLogEntityFactory.getInstance()
- .createJsonLogEntity(request, tResponse, conf).toJsonFormatLog());
- } catch (Exception e) {
- // if any exception, log the exception.
- String msg = "Error in creating audit log for delete role from group: " +
- e.getMessage();
- LOGGER.error(msg, e);
- }
- return tResponse;
- }
-
- @Override
- public TListSentryRolesResponse list_sentry_roles_by_group(
- final TListSentryRolesRequest request) throws TException {
- Response<Set<TSentryRole>> respose = requestHandle(new RequestHandler<Set<TSentryRole>>() {
- @Override
- public Response<Set<TSentryRole>> handle() throws Exception {
- validateClientVersion(request.getProtocol_version());
- Set<String> groups = getRequestorGroups(conf, request.getRequestorUserName());
- if (!AccessConstants.ALL.equalsIgnoreCase(request.getGroupName())) {
- boolean admin = inAdminGroups(groups);
- //Only admin users can list all roles in the system ( groupname = null)
- //Non admin users are only allowed to list only groups which they belong to
- if(!admin && (request.getGroupName() == null || !groups.contains(request.getGroupName()))) {
- throw new SentryAccessDeniedException(ACCESS_DENIAL_MESSAGE + request.getRequestorUserName());
- }
- groups.clear();
- groups.add(request.getGroupName());
- }
-
- Set<String> roleNames = store.getRolesByGroups(request.getComponent(), groups);
- Set<TSentryRole> tSentryRoles = Sets.newHashSet();
- for (String roleName : roleNames) {
- Set<String> groupsForRoleName = store.getGroupsByRoles(request.getComponent(), Sets.newHashSet(roleName));
- tSentryRoles.add(new TSentryRole(roleName, groupsForRoleName));
- }
- return new Response<Set<TSentryRole>>(Status.OK(), tSentryRoles);
- }
- });
- TListSentryRolesResponse tResponse = new TListSentryRolesResponse();
- tResponse.setStatus(respose.status);
- tResponse.setRoles(respose.content);
- return tResponse;
- }
-
- @Override
- public TListSentryPrivilegesResponse list_sentry_privileges_by_role(
- final TListSentryPrivilegesRequest request) throws TException {
- Response<Set<TSentryPrivilege>> respose = requestHandle(new RequestHandler<Set<TSentryPrivilege>>() {
- @Override
- public Response<Set<TSentryPrivilege>> handle() throws Exception {
- validateClientVersion(request.getProtocol_version());
- Set<String> groups = getRequestorGroups(conf, request.getRequestorUserName());
- if (!inAdminGroups(groups)) {
- Set<String> roleNamesForGroups = toTrimmedLower(store.getRolesByGroups(request.getComponent(), groups));
- if (!roleNamesForGroups.contains(toTrimmedLower(request.getRoleName()))) {
- throw new SentryAccessDeniedException(ACCESS_DENIAL_MESSAGE + request.getRequestorUserName());
- }
- }
- Set<PrivilegeObject> privileges = store.getPrivilegesByProvider(request.getComponent(),
- request.getServiceName(),
- Sets.newHashSet(request.getRoleName()),
- null, toAuthorizables(request.getAuthorizables()));
- Set<TSentryPrivilege> tSentryPrivileges = Sets.newHashSet();
- for (PrivilegeObject privilege : privileges) {
- tSentryPrivileges.add(fromPrivilegeObject(privilege));
- }
- return new Response<Set<TSentryPrivilege>>(Status.OK(), tSentryPrivileges);
- }
- });
- TListSentryPrivilegesResponse tResponse = new TListSentryPrivilegesResponse();
- tResponse.setStatus(respose.status);
- tResponse.setPrivileges(respose.content);
- return tResponse;
- }
-
- @Override
- public TListSentryPrivilegesForProviderResponse list_sentry_privileges_for_provider(
- final TListSentryPrivilegesForProviderRequest request) throws TException {
- Response<Set<String>> respose = requestHandle(new RequestHandler<Set<String>>() {
- @Override
- public Response<Set<String>> handle() throws Exception {
- validateClientVersion(request.getProtocol_version());
- Set<String> activeRoleNames = toTrimmedLower(request.getRoleSet().getRoles());
- Set<String> roleNamesForGroups = store.getRolesByGroups(request.getComponent(), request.getGroups());
- Set<String> rolesToQuery = request.getRoleSet().isAll() ? roleNamesForGroups : Sets.intersection(activeRoleNames, roleNamesForGroups);
- Set<PrivilegeObject> privileges = store.getPrivilegesByProvider(request.getComponent(),
- request.getServiceName(),
- rolesToQuery, null,
- toAuthorizables(request.getAuthorizables()));
- return new Response<Set<String>>(Status.OK(), buildPermissions(privileges));
- }
- });
- TListSentryPrivilegesForProviderResponse tResponse = new TListSentryPrivilegesForProviderResponse();
- tResponse.setStatus(respose.status);
- tResponse.setPrivileges(respose.content);
- return tResponse;
- }
-
- @Override
- public TListSentryPrivilegesByAuthResponse list_sentry_privileges_by_authorizable(TListSentryPrivilegesByAuthRequest request) throws TException {
-
- TListSentryPrivilegesByAuthResponse response = new TListSentryPrivilegesByAuthResponse();
- Map<String, TSentryPrivilegeMap> authRoleMap = Maps.newHashMap();
-
- // Group names are case sensitive.
- Set<String> requestedGroups = request.getGroups();
- String subject = request.getRequestorUserName();
- TSentryActiveRoleSet activeRoleSet = request.getRoleSet();
- Set<String> validActiveRoles = Sets.newHashSet();
-
- try {
- validateClientVersion(request.getProtocol_version());
- Set<String> memberGroups = getRequestorGroups(conf, subject);
-
- // Disallow non-admin users to lookup groups that
- // they are not part of.
- if(!inAdminGroups(memberGroups)) {
-
- if (requestedGroups != null && !requestedGroups.isEmpty()) {
- for (String requestedGroup : requestedGroups) {
-
- // If user doesn't belong to one of the requested groups,
- // then raise security exception.
- if (!memberGroups.contains(requestedGroup)) {
- throw new SentryAccessDeniedException(ACCESS_DENIAL_MESSAGE + subject);
- }
- }
- } else {
- // Non-admin's search is limited to its own groups.
- requestedGroups = memberGroups;
- }
-
- Set<String> grantedRoles = toTrimmedLower(store.getRolesByGroups(request.getComponent(), requestedGroups));
-
- // If activeRoleSet is not null, disallow non-admin to lookup roles that they are not part of.
- if (activeRoleSet != null && !activeRoleSet.isAll()) {
-
- Set<String> activeRoleNames = toTrimmedLower(activeRoleSet.getRoles());
- for (String activeRole : activeRoleNames) {
- if (!grantedRoles.contains(activeRole)) {
- throw new SentryAccessDeniedException(ACCESS_DENIAL_MESSAGE
- + subject);
- }
- }
-
- // For non-admin, valid active roles are intersection of active roles and granted roles.
- validActiveRoles.addAll(activeRoleSet.isAll() ? grantedRoles : Sets.intersection(activeRoleNames, grantedRoles));
- } else {
- // For non-admin, if activeRoleSet is null, valid active roles would be the granted roles.
- validActiveRoles.addAll(grantedRoles);
- }
- } else {
- // For admin, if requestedGroups are empty, requested roles will be all roles.
- Set<String> requestedRoles = toTrimmedLower(store.getAllRoleNames());
- if (requestedGroups != null && !requestedGroups.isEmpty()) {
- requestedRoles = toTrimmedLower(store.getRolesByGroups(request.getComponent(), requestedGroups));
- }
-
- // If activeRoleSet (which is optional) is not null, valid active role will be intersection
- // of active roles and requested roles. Otherwise, valid active roles are the requested roles.
- if (activeRoleSet != null && !activeRoleSet.isAll()) {
- validActiveRoles.addAll(Sets.intersection(toTrimmedLower(activeRoleSet.getRoles()), requestedRoles));
- } else {
- validActiveRoles.addAll(requestedRoles);
- }
- }
-
- // If user is not part of any group.. return empty response
- if (request.getAuthorizablesSet() != null) {
- for (String authorizablesStr : request.getAuthorizablesSet()) {
-
- List<? extends Authorizable> authorizables = toAuthorizables(authorizablesStr);
- Set<MSentryGMPrivilege> sentryPrivileges = store.getPrivilegesByAuthorizable(request.getComponent(), request.getServiceName(), validActiveRoles, authorizables);
- authRoleMap.put(fromAuthorizableToStr(authorizables), toTSentryPrivilegeMap(sentryPrivileges));
- }
- }
-
- response.setPrivilegesMapByAuth(authRoleMap);
- response.setStatus(Status.OK());
- } catch (SentryAccessDeniedException e) {
- LOGGER.error(e.getMessage(), e);
- response.setStatus(Status.AccessDenied(e.getMessage(), e));
- } catch (SentryThriftAPIMismatchException e) {
- LOGGER.error(e.getMessage(), e);
- response.setStatus(Status.THRIFT_VERSION_MISMATCH(e.getMessage(), e));
- } catch (Exception e) {
- String msg = "Unknown error for request: " + request + ", message: "
- + e.getMessage();
- LOGGER.error(msg, e);
- response.setStatus(Status.RuntimeError(msg, e));
- }
-
- return response;
- }
-
- @Override
- public TDropPrivilegesResponse drop_sentry_privilege(
- final TDropPrivilegesRequest request) throws TException {
- Response<Void> respose = requestHandle(new RequestHandler<Void>() {
- @Override
- public Response<Void> handle() throws Exception {
- validateClientVersion(request.getProtocol_version());
- authorize(request.getRequestorUserName(),
- getRequestorGroups(conf, request.getRequestorUserName()));
- store.dropPrivilege(request.getComponent(),
- toPrivilegeObject(request.getPrivilege()),
- request.getRequestorUserName());
- return new Response<Void>(Status.OK());
- }
- });
-
- TDropPrivilegesResponse tResponse = new TDropPrivilegesResponse(respose.status);
- if (Status.OK.getCode() == respose.status.getValue()) {
- handerInvoker.drop_sentry_privilege(request, tResponse);
- }
- return tResponse;
- }
-
- @Override
- public TRenamePrivilegesResponse rename_sentry_privilege(
- final TRenamePrivilegesRequest request) throws TException {
- Response<Void> respose = requestHandle(new RequestHandler<Void>() {
- @Override
- public Response<Void> handle() throws Exception {
- validateClientVersion(request.getProtocol_version());
- authorize(request.getRequestorUserName(),
- getRequestorGroups(conf, request.getRequestorUserName()));
- store.renamePrivilege(request.getComponent(), request.getServiceName(),
- toAuthorizables(request.getOldAuthorizables()),
- toAuthorizables(request.getNewAuthorizables()),
- request.getRequestorUserName());
- return new Response<Void>(Status.OK());
- }
- });
-
- TRenamePrivilegesResponse tResponse = new TRenamePrivilegesResponse(respose.status);
- if (Status.OK.getCode() == respose.status.getValue()) {
- handerInvoker.rename_sentry_privilege(request, tResponse);
- }
- return tResponse;
- }
-
- private static class Response<T> {
- private TSentryResponseStatus status;
- private T content;
-
- Response() {
- }
-
- Response(TSentryResponseStatus status) {
- this(status, null);
- }
-
- Response(TSentryResponseStatus status, T content) {
- this.status = status;
- this.content = content;
- }
- }
- private interface RequestHandler <T>{
- Response<T> handle() throws Exception ;
- }
-
- private static void validateClientVersion(int protocolVersion) throws SentryThriftAPIMismatchException {
- if (ThriftConstants.TSENTRY_SERVICE_VERSION_CURRENT != protocolVersion) {
- String msg = "Sentry thrift API protocol version mismatch: Client thrift version " +
- "is: " + protocolVersion + " , server thrift version " +
- "is " + ThriftConstants.TSENTRY_SERVICE_VERSION_CURRENT;
- throw new SentryThriftAPIMismatchException(msg);
- }
- }
-}
http://git-wip-us.apache.org/repos/asf/sentry/blob/b97f5c7a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/api/generic/thrift/SentryGenericPolicyProcessorFactory.java
----------------------------------------------------------------------
diff --git a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/api/generic/thrift/SentryGenericPolicyProcessorFactory.java b/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/api/generic/thrift/SentryGenericPolicyProcessorFactory.java
deleted file mode 100644
index 311b020..0000000
--- a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/api/generic/thrift/SentryGenericPolicyProcessorFactory.java
+++ /dev/null
@@ -1,44 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package org.apache.sentry.api.generic.thrift;
-
-import org.apache.hadoop.conf.Configuration;
-import org.apache.sentry.api.common.ApiConstants.SentryPolicyServiceConstants;
-import org.apache.sentry.provider.db.service.persistent.SentryStore;
-import org.apache.sentry.service.thrift.ProcessorFactory;
-import org.apache.thrift.TMultiplexedProcessor;
-import org.apache.thrift.TProcessor;
-
-public class SentryGenericPolicyProcessorFactory extends ProcessorFactory {
-
- public SentryGenericPolicyProcessorFactory(Configuration conf) {
- super(conf);
- }
-
- @Override
- public boolean register(TMultiplexedProcessor multiplexedProcessor,
- SentryStore _) throws Exception {
- SentryGenericPolicyProcessor processHandler = new SentryGenericPolicyProcessor(conf);
- TProcessor processor = new SentryGenericPolicyProcessorWrapper<SentryGenericPolicyService.Iface>(
- processHandler);
- multiplexedProcessor.registerProcessor(
- SentryPolicyServiceConstants.SENTRY_GENERIC_SERVICE_NAME, processor);
- return true;
- }
-
-}
http://git-wip-us.apache.org/repos/asf/sentry/blob/b97f5c7a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/api/service/thrift/ConfServlet.java
----------------------------------------------------------------------
diff --git a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/api/service/thrift/ConfServlet.java b/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/api/service/thrift/ConfServlet.java
deleted file mode 100644
index 8625487..0000000
--- a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/api/service/thrift/ConfServlet.java
+++ /dev/null
@@ -1,71 +0,0 @@
-package org.apache.sentry.api.service.thrift;
-
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-import java.io.IOException;
-import java.io.Writer;
-
-import javax.servlet.ServletException;
-import javax.servlet.http.HttpServlet;
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
-
-import org.apache.hadoop.conf.Configuration;
-
-import static org.apache.commons.lang.StringEscapeUtils.escapeHtml;
-
-/**
- * Servlet to print out all sentry configuration.
- */
-public class ConfServlet extends HttpServlet {
- public static final String CONF_CONTEXT_ATTRIBUTE = "sentry.conf";
- public static final String FORMAT_JSON = "json";
- public static final String FORMAT_XML = "xml";
- public static final String FORMAT_PARAM = "format";
- private static final long serialVersionUID = 1L;
-
- @Override
- public void doGet(HttpServletRequest request, HttpServletResponse response)
- throws ServletException, IOException {
- String format = request.getParameter(FORMAT_PARAM);
- if (format == null) {
- format = FORMAT_XML;
- }
-
- if (FORMAT_XML.equals(format)) {
- response.setContentType("text/xml; charset=utf-8");
- } else if (FORMAT_JSON.equals(format)) {
- response.setContentType("application/json; charset=utf-8");
- }
-
- Configuration conf = (Configuration)getServletContext().getAttribute(
- CONF_CONTEXT_ATTRIBUTE);
- assert conf != null;
-
- Writer out = response.getWriter();
- if (FORMAT_JSON.equals(format)) {
- Configuration.dumpConfiguration(conf, out);
- } else if (FORMAT_XML.equals(format)) {
- conf.writeXml(out);
- } else {
- response.sendError(HttpServletResponse.SC_BAD_REQUEST, "Bad format: " + escapeHtml(format));
- }
- out.close();
- }
-}
http://git-wip-us.apache.org/repos/asf/sentry/blob/b97f5c7a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/api/service/thrift/LogLevelServlet.java
----------------------------------------------------------------------
diff --git a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/api/service/thrift/LogLevelServlet.java b/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/api/service/thrift/LogLevelServlet.java
deleted file mode 100644
index af81d6f..0000000
--- a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/api/service/thrift/LogLevelServlet.java
+++ /dev/null
@@ -1,122 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- * <p>
- * http://www.apache.org/licenses/LICENSE-2.0
- * <p>
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package org.apache.sentry.api.service.thrift;
-
-import org.apache.log4j.Level;
-import org.apache.log4j.LogManager;
-import org.apache.log4j.Logger;
-
-import javax.servlet.ServletException;
-import javax.servlet.ServletRequest;
-import javax.servlet.http.HttpServlet;
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
-import java.io.IOException;
-import java.io.PrintWriter;
-
-import static org.apache.commons.lang.StringEscapeUtils.escapeHtml;
-
-public class LogLevelServlet extends HttpServlet {
- private static final String LF = "\n";
- private static final String BR = "<br />";
- private static final String B_BR = "<b>%s</b><br />";
- private static final String FORMS_HEAD =
- "<h1>" + "Log Level" + "</h1>"
- + LF + BR + "<hr /><h3>Results</h3>"
- + LF + " Submitted Log Name: " + B_BR;
- private static final String FORMS_CONTENT_GET =
- LF + " Effective level: " + B_BR;
- private static final String FORMS_CONTENT_SET =
- LF + " Submitted Level: " + B_BR
- + LF + " Setting Level to %s" + BR
- + LF + " Effective level: " + B_BR;
- private static final String FORMS_END =
- LF + BR + "<hr /><h3>Get / Set</h3>"
- + LF + "<form>Log: <input type='text' size='50' name='log' /> "
- + "<input type='submit' value='Get Log Level' />" + "</form>"
- + LF + "<form>Log: <input type='text' size='50' name='log' /> "
- + "Level: <input type='text' name='level' /> "
- + "<input type='submit' value='Set Log Level' />" + "</form>";
- private static final String FORMS_GET = FORMS_HEAD + FORMS_CONTENT_GET;
- private static final String FORMS_SET = FORMS_HEAD + FORMS_CONTENT_SET;
-
- /**
- * Return parameter on servlet request for the given name
- *
- * @param request: Servlet request
- * @param name: Name of parameter in servlet request
- * @return Parameter in servlet request for the given name, return null if can't find parameter.
- */
- private String getParameter(ServletRequest request, String name) {
- String s = request.getParameter(name);
- if (s == null) {
- return null;
- }
- s = s.trim();
- return s.length() == 0 ? null : s;
- }
-
- /**
- * Check the validity of the log level.
- * @param level: The log level to be checked
- * @return
- * true: The log level is valid
- * false: The log level is invalid
- */
- private boolean isLogLevelValid(String level) {
- return level.equals(Level.toLevel(level).toString());
- }
-
- /**
- * Parse the class name and log level in the http servlet request.
- * If the request contains only class name, return the log level in the response message.
- * If the request contains both class name and level, set the log level to the requested level
- * and return the setting result in the response message.
- */
- @Override
- public void doGet(HttpServletRequest request, HttpServletResponse response)
- throws ServletException, IOException {
- String logName = getParameter(request, "log");
- String level = getParameter(request, "level");
- response.setContentType("text/html;charset=utf-8");
- response.setStatus(HttpServletResponse.SC_OK);
- PrintWriter out = response.getWriter();
-
- if (logName != null) {
- Logger logInstance = LogManager.getLogger(logName);
- if (level == null) {
- out.write(String.format(FORMS_GET,
- escapeHtml(logName),
- logInstance.getEffectiveLevel().toString()));
- } else if (isLogLevelValid(level)) {
- logInstance.setLevel(Level.toLevel(level));
- out.write(String.format(FORMS_SET,
- escapeHtml(logName),
- escapeHtml(level),
- escapeHtml(level),
- logInstance.getEffectiveLevel().toString()));
- } else {
- response.sendError(HttpServletResponse.SC_BAD_REQUEST, "Invalid log level: " + escapeHtml(level));
- return;
- }
- }
- out.write(FORMS_END);
- out.close();
- response.flushBuffer();
- }
-}
http://git-wip-us.apache.org/repos/asf/sentry/blob/b97f5c7a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/api/service/thrift/PubSubServlet.java
----------------------------------------------------------------------
diff --git a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/api/service/thrift/PubSubServlet.java b/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/api/service/thrift/PubSubServlet.java
deleted file mode 100644
index 8da35f1..0000000
--- a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/api/service/thrift/PubSubServlet.java
+++ /dev/null
@@ -1,128 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- * <p>
- * http://www.apache.org/licenses/LICENSE-2.0
- * <p>
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package org.apache.sentry.api.service.thrift;
-
-import org.apache.sentry.core.common.utils.PubSub;
-
-import org.slf4j.Logger;
-import org.slf4j.LoggerFactory;
-
-import javax.servlet.ServletException;
-import javax.servlet.ServletRequest;
-import javax.servlet.http.HttpServlet;
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
-import java.io.IOException;
-import java.io.PrintWriter;
-
-import static org.apache.commons.lang.StringEscapeUtils.escapeHtml;
-
-/**
- * This servlet facilitates sending {topic, message } tuples to Servlet components
- * subscribed to specific topics.
- * <p>
- * It uses publish-subscribe mechanism implemented by PubSub class.
- * The form generated by this servlet consists of the following elements:
- * <p>
- * a) Topic: pull-down menu of existing topics, i.e. the topics registered with
- * PubSub by calling PubSub.subscribe() API. This prevents entering invalid topic.
- * <p>
- * b) Message: text field for entering a message
- * <p>
- * c) Submit: button to submit (topic, message) tuple
- * <p>
- * d) Status: text area printing status of the request or help information.
- */
-public class PubSubServlet extends HttpServlet {
-
- private static final Logger LOGGER = LoggerFactory.getLogger(PubSubServlet.class);
-
- private static final String FORM_GET =
- "<!DOCTYPE html>" +
- "<html>" +
- "<body>" +
- "<form>" +
- "<br><br><b>Topic:</b><br><br>" +
- "<select name='topic'/>%s</select>" +
- "<br><br><b>Message:</b><br><br>" +
- "<input type='text' size='50' name='message'/>" +
- "<br><br>" +
- "<input type='submit' value='Submit'/>" +
- "</form>" +
- "<br><br><b>Status:</b><br><br>" +
- "<textarea rows='4' cols='50'>%s</textarea>" +
- "</body>" +
- "</html>";
-
- /**
- * Return parameter on servlet request for the given name
- *
- * @param request: Servlet request
- * @param name: Name of parameter in servlet request
- * @return Parameter in servlet request for the given name, return null if can't find parameter.
- */
- private static String getParameter(ServletRequest request, String name) {
- String s = request.getParameter(name);
- if (s == null) {
- return null;
- }
- s = s.trim();
- return s.isEmpty() ? null : s;
- }
-
- /**
- * Parse the topic and message values and submit them via PubSub.submit() API.
- * Reject request for unknown topic, i.e. topic no one is subscribed to.
- */
- @Override
- public void doGet(HttpServletRequest request, HttpServletResponse response)
- throws ServletException, IOException {
- String topic = getParameter(request, "topic");
- String message = getParameter(request, "message");
- response.setContentType("text/html;charset=utf-8");
- response.setStatus(HttpServletResponse.SC_OK);
- PrintWriter out = response.getWriter();
-
- String msg = "Topic is required, Message is optional.\nValid topics: " + PubSub.getInstance().getTopics();
- if (topic != null) {
- LOGGER.info("Submitting topic " + topic + ", message " + message);
- try {
- PubSub.getInstance().publish(PubSub.Topic.fromString(topic), message);
- msg = "Submitted topic " + topic + ", message " + message;
- } catch (Exception e) {
- msg = "Failed to submit topic " + topic + ", message " + message + " - " + e.getMessage();
- LOGGER.error(msg);
- response.sendError(HttpServletResponse.SC_BAD_REQUEST, msg);
- return;
- }
- }
-
- StringBuilder topics = new StringBuilder();
- for (PubSub.Topic t : PubSub.getInstance().getTopics()) {
- topics.append("<option>").append(t.getName()).append("</option>");
- }
-
- String output = String.format(FORM_GET, topics.toString(), escapeHtml(msg));
- if (LOGGER.isDebugEnabled()) {
- LOGGER.debug("HTML Page: " + output);
- }
- out.write(output);
- out.close();
- response.flushBuffer();
- }
-}
http://git-wip-us.apache.org/repos/asf/sentry/blob/b97f5c7a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/api/service/thrift/SentryAdminServlet.java
----------------------------------------------------------------------
diff --git a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/api/service/thrift/SentryAdminServlet.java b/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/api/service/thrift/SentryAdminServlet.java
deleted file mode 100644
index 5dc6cd6..0000000
--- a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/api/service/thrift/SentryAdminServlet.java
+++ /dev/null
@@ -1,132 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package org.apache.sentry.api.service.thrift;
-
-import com.google.gson.Gson;
-import org.apache.hadoop.conf.Configuration;
-import org.apache.sentry.provider.db.service.persistent.SentryStore;
-
-import javax.servlet.ServletException;
-import javax.servlet.http.HttpServlet;
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
-import java.io.IOException;
-import java.io.PrintWriter;
-import java.io.Writer;
-import java.util.HashMap;
-import java.util.Map;
-import java.util.Set;
-
-/**
- * Admin Servlet is only used when SENTRY_WEB_ADMIN_SERVLET_ENABLED is true.
- */
-public class SentryAdminServlet extends HttpServlet {
- private static final String SHOW_ALL = "/showAll";
- // Here we use the same way as in com.codahale.metrics.servlets.AdminServlet, and just
- // use the TEMPLATE as a static html with some links referenced to other debug pages.
- private static final String TEMPLATE = "<!DOCTYPE HTML>\n"+
- "<html lang=\"en\">\n"+
- "<head>\n"+
- " <meta charset=\"utf-8\">\n"+
- " <title>Sentry Service Admin</title>\n"+
- " <meta name=\"viewport\" content=\"width=device-width, initial-scale=1.0\">\n"+
- " <meta name=\"description\" content=\"\">\n"+
- " <link href=\"css/bootstrap.min.css\" rel=\"stylesheet\">\n"+
- " <link href=\"css/bootstrap-theme.min.css\" rel=\"stylesheet\">\n"+
- " <link href=\"css/sentry.css\" rel=\"stylesheet\">\n"+
- "</head>\n"+
- "<body>\n"+
- "<nav class=\"navbar navbar-default navbar-fixed-top\">\n"+
- " <div class=\"container\">\n"+
- " <div class=\"navbar-header\">\n"+
- " <a class=\"navbar-brand\" href=\"#\"><img src=\"sentry.png\" alt=\"Sentry Logo\"/></a>\n"+
- " </div>\n"+
- " <div class=\"collapse navbar-collapse\">\n"+
- " <ul class=\"nav navbar-nav\">\n"+
- " <li class=\"active\"><a href=\"#\">Admin</a></li>\n"+
- " <li><a href=\"/metrics?pretty=true\">Metrics</a></li>\n"+
- " <li><a href=\"/threads\">Threads</a></li>\n"+
- " <li><a href=\"/conf\">Configuration</a></li>\n"+
- " <li><a href=\"/admin/showAll\">ShowAllRoles</a></li>\n"+
- " </ul>\n"+
- " </div>\n"+
- " </div>\n"+
- "</nav>\n"+
- "<div class=\"container\">\n"+
- " <ul>\n"+
- " <li><a href=\"/metrics?pretty=true\">Metrics</a></li>\n"+
- " <li><a href=\"/threads\">Threads</a></li>\n"+
- " <li><a href=\"/conf\">Configuration</a></li>\n"+
- " <li><a href=\"/admin/showAll\">ShowAllRoles</a></li>\n"+
- " </ul>\n"+
- "</div>\n"+
- "</body>\n"+
- "</html>";
-
- @Override
- public void doGet(HttpServletRequest request, HttpServletResponse response)
- throws ServletException, IOException {
- String uri = request.getPathInfo();
- if(uri != null && !uri.equals("/")) {
- if (uri.equals(SHOW_ALL)) {
- showAll(response);
- } else {
- response.sendError(404);
- }
- } else {
- response.setStatus(200);
- response.setHeader("Cache-Control", "must-revalidate,no-cache,no-store");
- response.setHeader("Pragma", "no-cache");
- response.setDateHeader("Expires", 0);
- response.setContentType("text/html");
- PrintWriter writer = response.getWriter();
- try {
- writer.println(TEMPLATE);
- } finally {
- writer.close();
- }
- }
- }
-
- /**
- * Print out all the roles and privileges information as json format.
- */
- private void showAll(HttpServletResponse response)
- throws ServletException, IOException {
- Configuration conf = (Configuration)getServletContext().getAttribute(
- ConfServlet.CONF_CONTEXT_ATTRIBUTE);
- assert conf != null;
-
- Writer out = response.getWriter();
- try {
- SentryStore sentrystore = new SentryStore(conf);
- Map<String, Set<TSentryPrivilege>> roleMap = new HashMap<>();
- Set<String> roleSet = sentrystore.getAllRoleNames();
- for (String roleName: roleSet) {
- roleMap.put(roleName, sentrystore.getAllTSentryPrivilegesByRoleName(roleName));
- }
- String json = new Gson().toJson(roleMap);
- response.setContentType("application/json");
- response.setCharacterEncoding("UTF-8");
- out.write(json);
- } catch (Exception e) {
- response.sendError(HttpServletResponse.SC_BAD_REQUEST, e.getMessage());
- }
- out.close();
- }
-}
http://git-wip-us.apache.org/repos/asf/sentry/blob/b97f5c7a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/api/service/thrift/SentryAuthFilter.java
----------------------------------------------------------------------
diff --git a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/api/service/thrift/SentryAuthFilter.java b/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/api/service/thrift/SentryAuthFilter.java
deleted file mode 100644
index 23121ec..0000000
--- a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/api/service/thrift/SentryAuthFilter.java
+++ /dev/null
@@ -1,89 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package org.apache.sentry.api.service.thrift;
-
-import java.io.IOException;
-import java.util.Enumeration;
-import java.util.Properties;
-import java.util.Set;
-
-import javax.servlet.FilterChain;
-import javax.servlet.FilterConfig;
-import javax.servlet.ServletException;
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
-
-import org.apache.hadoop.security.authentication.server.AuthenticationFilter;
-import org.apache.hadoop.util.StringUtils;
-import org.apache.sentry.service.common.ServiceConstants.ServerConfig;
-import org.slf4j.Logger;
-import org.slf4j.LoggerFactory;
-
-import com.google.common.collect.Sets;
-
-/**
- * SentryAuthFilter is a subclass of AuthenticationFilter,
- * add authorization: Only allowed users could connect the web server.
- */
-public class SentryAuthFilter extends AuthenticationFilter {
-
- private static final Logger LOG = LoggerFactory.getLogger(SentryAuthFilter.class);
-
- public static final String ALLOW_WEB_CONNECT_USERS = ServerConfig.SENTRY_WEB_SECURITY_ALLOW_CONNECT_USERS;
-
- private Set<String> allowUsers;
-
- @Override
- protected void doFilter(FilterChain filterChain, HttpServletRequest request,
- HttpServletResponse response) throws IOException, ServletException {
- String userName = request.getRemoteUser();
- LOG.debug("Authenticating user: " + userName + " from request.");
- if (!allowUsers.contains(userName)) {
- response.sendError(HttpServletResponse.SC_FORBIDDEN,
- "Unauthorized user status code: " + HttpServletResponse.SC_FORBIDDEN);
- throw new ServletException(userName + " is unauthorized. status code: " + HttpServletResponse.SC_FORBIDDEN);
- }
- super.doFilter(filterChain, request, response);
- }
-
- /**
- * Override <code>getConfiguration<code> to get <code>ALLOW_WEB_CONNECT_USERS<code>.
- */
- @Override
- protected Properties getConfiguration(String configPrefix, FilterConfig filterConfig) throws ServletException {
- Properties props = new Properties();
- Enumeration<?> names = filterConfig.getInitParameterNames();
- while (names.hasMoreElements()) {
- String name = (String) names.nextElement();
- if (name.startsWith(configPrefix)) {
- String value = filterConfig.getInitParameter(name);
- if (ALLOW_WEB_CONNECT_USERS.equals(name)) {
- allowUsers = parseConnectUsersFromConf(value);
- } else {
- props.put(name.substring(configPrefix.length()), value);
- }
- }
- }
- return props;
- }
-
- private static Set<String> parseConnectUsersFromConf(String value) {
- //Removed the logic to convert the allowed users to lower case, as user names need to be case sensitive
- return Sets.newHashSet(StringUtils.getStrings(value));
- }
-}
http://git-wip-us.apache.org/repos/asf/sentry/blob/b97f5c7a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/api/service/thrift/SentryHealthCheckServletContextListener.java
----------------------------------------------------------------------
diff --git a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/api/service/thrift/SentryHealthCheckServletContextListener.java b/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/api/service/thrift/SentryHealthCheckServletContextListener.java
deleted file mode 100644
index eb11c19..0000000
--- a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/api/service/thrift/SentryHealthCheckServletContextListener.java
+++ /dev/null
@@ -1,35 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package org.apache.sentry.api.service.thrift;
-
-import com.codahale.metrics.health.HealthCheckRegistry;
-import com.codahale.metrics.servlets.HealthCheckServlet;
-
-/**
- * Use this class's registry to register health checks: Can be some tests which make sure Sentry service is healthy
- */
-public class SentryHealthCheckServletContextListener extends HealthCheckServlet.ContextListener {
-
- //This is just a place holder for health check registry, with out this AdminServlet throws out an error
- public static final HealthCheckRegistry HEALTH_CHECK_REGISTRY = new HealthCheckRegistry();
-
- @Override
- protected HealthCheckRegistry getHealthCheckRegistry() {
- return HEALTH_CHECK_REGISTRY;
- }
-}
\ No newline at end of file