You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@sentry.apache.org by sp...@apache.org on 2018/05/10 00:14:31 UTC
[22/51] [partial] sentry git commit: SENTRY-2206: Refactor out sentry
api from sentry-provider-db to own module (Steve Moist,
reviewed by Sergio Pena)
http://git-wip-us.apache.org/repos/asf/sentry/blob/af8ea0ac/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/thrift/SentryAdminServlet.java
----------------------------------------------------------------------
diff --git a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/thrift/SentryAdminServlet.java b/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/thrift/SentryAdminServlet.java
deleted file mode 100644
index 8a8bbd3..0000000
--- a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/thrift/SentryAdminServlet.java
+++ /dev/null
@@ -1,132 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package org.apache.sentry.provider.db.service.thrift;
-
-import com.google.gson.Gson;
-import org.apache.hadoop.conf.Configuration;
-import org.apache.sentry.provider.db.service.persistent.SentryStore;
-
-import javax.servlet.ServletException;
-import javax.servlet.http.HttpServlet;
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
-import java.io.IOException;
-import java.io.PrintWriter;
-import java.io.Writer;
-import java.util.HashMap;
-import java.util.Map;
-import java.util.Set;
-
-/**
- * Admin Servlet is only used when SENTRY_WEB_ADMIN_SERVLET_ENABLED is true.
- */
-public class SentryAdminServlet extends HttpServlet {
- private static final String SHOW_ALL = "/showAll";
- // Here we use the same way as in com.codahale.metrics.servlets.AdminServlet, and just
- // use the TEMPLATE as a static html with some links referenced to other debug pages.
- private static final String TEMPLATE = "<!DOCTYPE HTML>\n"+
- "<html lang=\"en\">\n"+
- "<head>\n"+
- " <meta charset=\"utf-8\">\n"+
- " <title>Sentry Service Admin</title>\n"+
- " <meta name=\"viewport\" content=\"width=device-width, initial-scale=1.0\">\n"+
- " <meta name=\"description\" content=\"\">\n"+
- " <link href=\"css/bootstrap.min.css\" rel=\"stylesheet\">\n"+
- " <link href=\"css/bootstrap-theme.min.css\" rel=\"stylesheet\">\n"+
- " <link href=\"css/sentry.css\" rel=\"stylesheet\">\n"+
- "</head>\n"+
- "<body>\n"+
- "<nav class=\"navbar navbar-default navbar-fixed-top\">\n"+
- " <div class=\"container\">\n"+
- " <div class=\"navbar-header\">\n"+
- " <a class=\"navbar-brand\" href=\"#\"><img src=\"sentry.png\" alt=\"Sentry Logo\"/></a>\n"+
- " </div>\n"+
- " <div class=\"collapse navbar-collapse\">\n"+
- " <ul class=\"nav navbar-nav\">\n"+
- " <li class=\"active\"><a href=\"#\">Admin</a></li>\n"+
- " <li><a href=\"/metrics?pretty=true\">Metrics</a></li>\n"+
- " <li><a href=\"/threads\">Threads</a></li>\n"+
- " <li><a href=\"/conf\">Configuration</a></li>\n"+
- " <li><a href=\"/admin/showAll\">ShowAllRoles</a></li>\n"+
- " </ul>\n"+
- " </div>\n"+
- " </div>\n"+
- "</nav>\n"+
- "<div class=\"container\">\n"+
- " <ul>\n"+
- " <li><a href=\"/metrics?pretty=true\">Metrics</a></li>\n"+
- " <li><a href=\"/threads\">Threads</a></li>\n"+
- " <li><a href=\"/conf\">Configuration</a></li>\n"+
- " <li><a href=\"/admin/showAll\">ShowAllRoles</a></li>\n"+
- " </ul>\n"+
- "</div>\n"+
- "</body>\n"+
- "</html>";
-
- @Override
- public void doGet(HttpServletRequest request, HttpServletResponse response)
- throws ServletException, IOException {
- String uri = request.getPathInfo();
- if(uri != null && !uri.equals("/")) {
- if (uri.equals(SHOW_ALL)) {
- showAll(response);
- } else {
- response.sendError(404);
- }
- } else {
- response.setStatus(200);
- response.setHeader("Cache-Control", "must-revalidate,no-cache,no-store");
- response.setHeader("Pragma", "no-cache");
- response.setDateHeader("Expires", 0);
- response.setContentType("text/html");
- PrintWriter writer = response.getWriter();
- try {
- writer.println(TEMPLATE);
- } finally {
- writer.close();
- }
- }
- }
-
- /**
- * Print out all the roles and privileges information as json format.
- */
- private void showAll(HttpServletResponse response)
- throws ServletException, IOException {
- Configuration conf = (Configuration)getServletContext().getAttribute(
- ConfServlet.CONF_CONTEXT_ATTRIBUTE);
- assert conf != null;
-
- Writer out = response.getWriter();
- try {
- SentryStore sentrystore = new SentryStore(conf);
- Map<String, Set<TSentryPrivilege>> roleMap = new HashMap<>();
- Set<String> roleSet = sentrystore.getAllRoleNames();
- for (String roleName: roleSet) {
- roleMap.put(roleName, sentrystore.getAllTSentryPrivilegesByRoleName(roleName));
- }
- String json = new Gson().toJson(roleMap);
- response.setContentType("application/json");
- response.setCharacterEncoding("UTF-8");
- out.write(json);
- } catch (Exception e) {
- response.sendError(HttpServletResponse.SC_BAD_REQUEST, e.getMessage());
- }
- out.close();
- }
-}
http://git-wip-us.apache.org/repos/asf/sentry/blob/af8ea0ac/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/thrift/SentryAuthFilter.java
----------------------------------------------------------------------
diff --git a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/thrift/SentryAuthFilter.java b/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/thrift/SentryAuthFilter.java
deleted file mode 100644
index b67d6df..0000000
--- a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/thrift/SentryAuthFilter.java
+++ /dev/null
@@ -1,89 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package org.apache.sentry.provider.db.service.thrift;
-
-import java.io.IOException;
-import java.util.Enumeration;
-import java.util.Properties;
-import java.util.Set;
-
-import javax.servlet.FilterChain;
-import javax.servlet.FilterConfig;
-import javax.servlet.ServletException;
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
-
-import org.apache.hadoop.security.authentication.server.AuthenticationFilter;
-import org.apache.hadoop.util.StringUtils;
-import org.apache.sentry.service.thrift.ServiceConstants.ServerConfig;
-import org.slf4j.Logger;
-import org.slf4j.LoggerFactory;
-
-import com.google.common.collect.Sets;
-
-/**
- * SentryAuthFilter is a subclass of AuthenticationFilter,
- * add authorization: Only allowed users could connect the web server.
- */
-public class SentryAuthFilter extends AuthenticationFilter {
-
- private static final Logger LOG = LoggerFactory.getLogger(SentryAuthFilter.class);
-
- public static final String ALLOW_WEB_CONNECT_USERS = ServerConfig.SENTRY_WEB_SECURITY_ALLOW_CONNECT_USERS;
-
- private Set<String> allowUsers;
-
- @Override
- protected void doFilter(FilterChain filterChain, HttpServletRequest request,
- HttpServletResponse response) throws IOException, ServletException {
- String userName = request.getRemoteUser();
- LOG.debug("Authenticating user: " + userName + " from request.");
- if (!allowUsers.contains(userName)) {
- response.sendError(HttpServletResponse.SC_FORBIDDEN,
- "Unauthorized user status code: " + HttpServletResponse.SC_FORBIDDEN);
- throw new ServletException(userName + " is unauthorized. status code: " + HttpServletResponse.SC_FORBIDDEN);
- }
- super.doFilter(filterChain, request, response);
- }
-
- /**
- * Override <code>getConfiguration<code> to get <code>ALLOW_WEB_CONNECT_USERS<code>.
- */
- @Override
- protected Properties getConfiguration(String configPrefix, FilterConfig filterConfig) throws ServletException {
- Properties props = new Properties();
- Enumeration<?> names = filterConfig.getInitParameterNames();
- while (names.hasMoreElements()) {
- String name = (String) names.nextElement();
- if (name.startsWith(configPrefix)) {
- String value = filterConfig.getInitParameter(name);
- if (ALLOW_WEB_CONNECT_USERS.equals(name)) {
- allowUsers = parseConnectUsersFromConf(value);
- } else {
- props.put(name.substring(configPrefix.length()), value);
- }
- }
- }
- return props;
- }
-
- private static Set<String> parseConnectUsersFromConf(String value) {
- //Removed the logic to convert the allowed users to lower case, as user names need to be case sensitive
- return Sets.newHashSet(StringUtils.getStrings(value));
- }
-}
http://git-wip-us.apache.org/repos/asf/sentry/blob/af8ea0ac/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/thrift/SentryHealthCheckServletContextListener.java
----------------------------------------------------------------------
diff --git a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/thrift/SentryHealthCheckServletContextListener.java b/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/thrift/SentryHealthCheckServletContextListener.java
deleted file mode 100644
index 8822c2e..0000000
--- a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/thrift/SentryHealthCheckServletContextListener.java
+++ /dev/null
@@ -1,35 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package org.apache.sentry.provider.db.service.thrift;
-
-import com.codahale.metrics.health.HealthCheckRegistry;
-import com.codahale.metrics.servlets.HealthCheckServlet;
-
-/**
- * Use this class's registry to register health checks: Can be some tests which make sure Sentry service is healthy
- */
-public class SentryHealthCheckServletContextListener extends HealthCheckServlet.ContextListener {
-
- //This is just a place holder for health check registry, with out this AdminServlet throws out an error
- public static final HealthCheckRegistry HEALTH_CHECK_REGISTRY = new HealthCheckRegistry();
-
- @Override
- protected HealthCheckRegistry getHealthCheckRegistry() {
- return HEALTH_CHECK_REGISTRY;
- }
-}
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/sentry/blob/af8ea0ac/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/thrift/SentryMetrics.java
----------------------------------------------------------------------
diff --git a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/thrift/SentryMetrics.java b/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/thrift/SentryMetrics.java
deleted file mode 100644
index 1056fa7..0000000
--- a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/thrift/SentryMetrics.java
+++ /dev/null
@@ -1,413 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package org.apache.sentry.provider.db.service.thrift;
-
-import com.codahale.metrics.ConsoleReporter;
-import com.codahale.metrics.Counter;
-import com.codahale.metrics.Gauge;
-import com.codahale.metrics.Histogram;
-import com.codahale.metrics.JmxReporter;
-import com.codahale.metrics.Metric;
-import com.codahale.metrics.MetricRegistry;
-import com.codahale.metrics.MetricSet;
-import com.codahale.metrics.Slf4jReporter;
-import com.codahale.metrics.Timer;
-import com.codahale.metrics.json.MetricsModule;
-import com.codahale.metrics.jvm.BufferPoolMetricSet;
-import com.codahale.metrics.jvm.GarbageCollectorMetricSet;
-import com.codahale.metrics.jvm.MemoryUsageGaugeSet;
-import com.codahale.metrics.jvm.ThreadStatesGaugeSet;
-import com.fasterxml.jackson.core.JsonProcessingException;
-import com.fasterxml.jackson.databind.ObjectMapper;
-import com.google.common.util.concurrent.ThreadFactoryBuilder;
-import org.apache.hadoop.conf.Configuration;
-import org.apache.sentry.provider.db.service.persistent.SentryStore;
-import org.apache.sentry.service.thrift.SentryService;
-import org.apache.sentry.service.thrift.SentryServiceUtil;
-import org.slf4j.Logger;
-import org.slf4j.LoggerFactory;
-
-import java.io.BufferedWriter;
-import java.io.FileWriter;
-import java.io.IOException;
-import java.lang.management.ManagementFactory;
-import java.nio.file.Files;
-import java.nio.file.Path;
-import java.nio.file.Paths;
-import java.nio.file.StandardCopyOption;
-import java.nio.file.attribute.FileAttribute;
-import java.nio.file.attribute.PosixFilePermission;
-import java.nio.file.attribute.PosixFilePermissions;
-import java.util.HashSet;
-import java.util.Map;
-import java.util.Set;
-import java.util.concurrent.Executors;
-import java.util.concurrent.ScheduledExecutorService;
-import java.util.concurrent.TimeUnit;
-import java.util.concurrent.atomic.AtomicBoolean;
-
-import static com.codahale.metrics.MetricRegistry.name;
-import static org.apache.sentry.provider.db.service.thrift.SentryMetricsServletContextListener.METRIC_REGISTRY;
-import static org.apache.sentry.service.thrift.ServiceConstants.ServerConfig;
-
-/**
- * A singleton class which holds metrics related utility functions as well as the list of metrics.
- */
-public final class SentryMetrics {
- public enum Reporting {
- JMX,
- CONSOLE,
- LOG,
- JSON,
- }
-
- private static final Logger LOGGER = LoggerFactory
- .getLogger(SentryMetrics.class);
-
- private static SentryMetrics sentryMetrics = null;
- private final AtomicBoolean reportingInitialized = new AtomicBoolean();
- private boolean gaugesAdded = false;
- private boolean sentryServiceGaugesAdded = false;
-
- final Timer createRoleTimer = METRIC_REGISTRY.timer(
- name(SentryPolicyStoreProcessor.class, "create-role"));
- final Timer dropRoleTimer = METRIC_REGISTRY.timer(
- name(SentryPolicyStoreProcessor.class, "drop-role"));
- final Timer grantRoleTimer = METRIC_REGISTRY.timer(
- name(SentryPolicyStoreProcessor.class, "grant-role"));
- final Timer revokeRoleTimer = METRIC_REGISTRY.timer(
- name(SentryPolicyStoreProcessor.class, "revoke-role"));
- final Timer grantTimer = METRIC_REGISTRY.timer(
- name(SentryPolicyStoreProcessor.class, "grant-privilege"));
- final Timer revokeTimer = METRIC_REGISTRY.timer(
- name(SentryPolicyStoreProcessor.class, "revoke-privilege"));
-
- final Timer dropPrivilegeTimer = METRIC_REGISTRY.timer(
- name(SentryPolicyStoreProcessor.class, "drop-privilege"));
- final Timer renamePrivilegeTimer = METRIC_REGISTRY.timer(
- name(SentryPolicyStoreProcessor.class, "rename-privilege"));
-
- final Timer listRolesByGroupTimer = METRIC_REGISTRY.timer(
- name(SentryPolicyStoreProcessor.class, "list-roles-by-group"));
- final Timer listPrivilegesByRoleTimer = METRIC_REGISTRY.timer(
- name(SentryPolicyStoreProcessor.class, "list-privileges-by-role"));
- final Timer listPrivilegesForProviderTimer = METRIC_REGISTRY.timer(
- name(SentryPolicyStoreProcessor.class, "list-privileges-for-provider"));
- final Timer listPrivilegesByAuthorizableTimer = METRIC_REGISTRY.timer(
- name(SentryPolicyStoreProcessor.class, "list-privileges-by-authorizable"));
-
- /**
- * Return a Timer with name.
- */
- public Timer getTimer(String name) {
- return METRIC_REGISTRY.timer(name);
- }
-
- /**
- * Return a Histogram with name.
- */
- public Histogram getHistogram(String name) {
- return METRIC_REGISTRY.histogram(name);
- }
-
- /**
- * Return a Counter with name.
- */
- public Counter getCounter(String name) {
- return METRIC_REGISTRY.counter(name);
- }
-
- private SentryMetrics() {
- registerMetricSet("gc", new GarbageCollectorMetricSet(), METRIC_REGISTRY);
- registerMetricSet("buffers",
- new BufferPoolMetricSet(ManagementFactory.getPlatformMBeanServer()),
- METRIC_REGISTRY);
- registerMetricSet("memory", new MemoryUsageGaugeSet(), METRIC_REGISTRY);
- registerMetricSet("threads", new ThreadStatesGaugeSet(), METRIC_REGISTRY);
- }
-
- /**
- * Get singleton instance.
- */
- public static synchronized SentryMetrics getInstance() {
- if (sentryMetrics == null) {
- sentryMetrics = new SentryMetrics();
- }
- return sentryMetrics;
- }
-
- void addSentryStoreGauges(SentryStore sentryStore) {
- if (!gaugesAdded) {
- addGauge(SentryStore.class, "role_count", sentryStore.getRoleCountGauge());
- addGauge(SentryStore.class, "privilege_count",
- sentryStore.getPrivilegeCountGauge());
- addGauge(SentryStore.class, "group_count", sentryStore.getGroupCountGauge());
- addGauge(SentryStore.class, "hms.waiters", sentryStore.getHMSWaitersCountGauge());
- addGauge(SentryStore.class, "hms.notification.id",
- sentryStore.getLastNotificationIdGauge());
- addGauge(SentryStore.class, "hms.snapshot.paths.id",
- sentryStore.getLastPathsSnapshotIdGauge());
- addGauge(SentryStore.class, "hms.perm.change.id",
- sentryStore.getPermChangeIdGauge());
- addGauge(SentryStore.class, "hms.psth.change.id",
- sentryStore.getPathChangeIdGauge());
- gaugesAdded = true;
- }
- }
-
- /**
- * Add gauges for the SentryService class.
- * @param sentryservice
- */
- public void addSentryServiceGauges(SentryService sentryservice) {
- if (!sentryServiceGaugesAdded) {
- addGauge(SentryService.class, "is_active", sentryservice.getIsActiveGauge());
- addGauge(SentryService.class, "activated", sentryservice.getBecomeActiveCount());
- sentryServiceGaugesAdded = true;
- }
- }
-
- /**
- * Initialize reporters. Only initializes once.<p>
- *
- * Available reporters:
- * <ul>
- * <li>console</li>
- * <li>log</li>
- * <li>jmx</li>
- * </ul>
- *
- * <p><For console reporter configre it to report every
- * <em>SENTRY_REPORTER_INTERVAL_SEC</em> seconds.
- *
- * <p>Method is thread safe.
- */
- @SuppressWarnings("squid:S2095")
- void initReporting(Configuration conf) {
- final String reporter = conf.get(ServerConfig.SENTRY_REPORTER);
- if ((reporter == null) || reporter.isEmpty() || reportingInitialized.getAndSet(true)) {
- // Nothing to do, just return
- return;
- }
-
- final int reportInterval =
- conf.getInt(ServerConfig.SENTRY_REPORTER_INTERVAL_SEC,
- ServerConfig.SENTRY_REPORTER_INTERVAL_DEFAULT);
-
- // Get list of configured reporters
- Set<String> reporters = new HashSet<>();
- for (String r: reporter.split(",")) {
- reporters.add(r.trim().toUpperCase());
- }
-
- // In case there are no reporters, configure JSON reporter
- if (reporters.isEmpty()) {
- reporters.add(Reporting.JSON.toString());
- }
-
- // Configure all reporters
- for (String r: reporters) {
- switch (SentryMetrics.Reporting.valueOf(r)) {
- case CONSOLE:
- LOGGER.info("Enabled console metrics reporter with {} seconds interval",
- reportInterval);
- final ConsoleReporter consoleReporter =
- ConsoleReporter.forRegistry(METRIC_REGISTRY)
- .convertRatesTo(TimeUnit.SECONDS)
- .convertDurationsTo(TimeUnit.MILLISECONDS)
- .build();
- consoleReporter.start(reportInterval, TimeUnit.SECONDS);
- break;
- case JMX:
- LOGGER.info("Enabled JMX metrics reporter");
- final JmxReporter jmxReporter = JmxReporter.forRegistry(METRIC_REGISTRY)
- .convertRatesTo(TimeUnit.SECONDS)
- .convertDurationsTo(TimeUnit.MILLISECONDS)
- .build();
- jmxReporter.start();
- break;
- case LOG:
- LOGGER.info("Enabled Log4J metrics reporter with {} seconds interval",
- reportInterval);
- final Slf4jReporter logReporter = Slf4jReporter.forRegistry(METRIC_REGISTRY)
- .outputTo(LOGGER)
- .convertRatesTo(TimeUnit.SECONDS)
- .convertDurationsTo(TimeUnit.MILLISECONDS)
- .build();
- logReporter.start(reportInterval, TimeUnit.SECONDS);
- break;
- case JSON:
- LOGGER.info("Enabled JSON metrics reporter with {} seconds interval", reportInterval);
- JsonFileReporter jsonReporter = new JsonFileReporter(conf,
- reportInterval, TimeUnit.SECONDS);
- jsonReporter.start();
- break;
- default:
- LOGGER.warn("Invalid metrics reporter {}", reporter);
- break;
- }
- }
- }
-
- private <T, V> void addGauge(Class<T> tClass, String gaugeName, Gauge<V> gauge) {
- METRIC_REGISTRY.register(
- name(tClass, gaugeName), gauge);
- }
-
- private void registerMetricSet(String prefix, MetricSet metricSet, MetricRegistry registry) {
- for (Map.Entry<String, Metric> entry : metricSet.getMetrics().entrySet()) {
- if (entry.getValue() instanceof MetricSet) {
- registerMetricSet(prefix + "." + entry.getKey(), (MetricSet) entry.getValue(), registry);
- } else {
- registry.register(prefix + "." + entry.getKey(), entry.getValue());
- }
- }
- }
-
- /**
- * Custom reporter that writes metrics as a JSON file.
- * This class originated from Apache Hive JSON reporter.
- */
- private static class JsonFileReporter implements AutoCloseable, Runnable {
- //
- // Implementation notes.
- //
- // 1. Since only local file systems are supported, there is no need to use Hadoop
- // version of Path class.
- // 2. java.nio package provides modern implementation of file and directory operations
- // which is better then the traditional java.io, so we are using it here.
- // In particular, it supports atomic creation of temporary files with specified
- // permissions in the specified directory. This also avoids various attacks possible
- // when temp file name is generated first, followed by file creation.
- // See http://www.oracle.com/technetwork/articles/javase/nio-139333.html for
- // the description of NIO API and
- // http://docs.oracle.com/javase/tutorial/essential/io/legacy.html for the
- // description of interoperability between legacy IO api vs NIO API.
- // 3. To avoid race conditions with readers of the metrics file, the implementation
- // dumps metrics to a temporary file in the same directory as the actual metrics
- // file and then renames it to the destination. Since both are located on the same
- // filesystem, this rename is likely to be atomic (as long as the underlying OS
- // support atomic renames.
- //
-
- // Permissions for the metrics file
- private static final FileAttribute<Set<PosixFilePermission>> FILE_ATTRS =
- PosixFilePermissions.asFileAttribute(PosixFilePermissions.fromString("rw-r--r--"));
- private static final String JSON_REPORTER_THREAD_NAME = "json-reporter";
-
- private ScheduledExecutorService executor = null;
- private final ObjectMapper jsonMapper =
- new ObjectMapper().registerModule(new MetricsModule(TimeUnit.SECONDS,
- TimeUnit.MILLISECONDS,
- false));
- private final Configuration conf;
- /** Destination file name. */
- // Location of JSON file
- private final Path path;
- // tmpdir is the dirname(path)
- private final Path tmpDir;
- private final long interval;
- private final TimeUnit unit;
-
- JsonFileReporter(Configuration conf, long interval, TimeUnit unit) {
- this.conf = conf;
- String pathString = conf.get(ServerConfig.SENTRY_JSON_REPORTER_FILE,
- ServerConfig.SENTRY_JSON_REPORTER_FILE_DEFAULT);
- path = Paths.get(pathString).toAbsolutePath();
- LOGGER.info("Reporting metrics to {}", path);
- // We want to use tmpDir i the same directory as the destination file to support atomic
- // move of temp file to the destination metrics file
- tmpDir = path.getParent();
- this.interval = interval;
- this.unit = unit;
- }
-
- private void start() {
- executor = Executors.newScheduledThreadPool(1,
- new ThreadFactoryBuilder().setNameFormat(JSON_REPORTER_THREAD_NAME).build());
- executor.scheduleAtFixedRate(this, 0, interval, unit);
- }
-
- @Override
- public void run() {
- Path tmpFile = null;
- try {
- String json = null;
- try {
- json = jsonMapper.writerWithDefaultPrettyPrinter().writeValueAsString(METRIC_REGISTRY);
- } catch (JsonProcessingException e) {
- LOGGER.error("Error converting metrics to JSON", e);
- return;
- }
- // Metrics are first dumped to a temp file which is then renamed to the destination
- try {
- tmpFile = Files.createTempFile(tmpDir, "smetrics", "json", FILE_ATTRS);
- } catch (IOException e) {
- LOGGER.error("failed to create temp file for JSON metrics", e);
- return;
- } catch (SecurityException e) {
- // This shouldn't ever happen
- LOGGER.error("failed to create temp file for JSON metrics: no permissions", e);
- return;
- } catch (UnsupportedOperationException e) {
- // This shouldn't ever happen
- LOGGER.error("failed to create temp file for JSON metrics: operartion not supported", e);
- return;
- }
-
- try (BufferedWriter bw = new BufferedWriter(new FileWriter(tmpFile.toFile()))) {
- bw.write(json);
- }
-
- // Move temp file to the destination file
- try {
- Files.move(tmpFile, path, StandardCopyOption.ATOMIC_MOVE);
- } catch (Exception e) {
- LOGGER.error("Failed to move temp metrics file to {}: {}", path, e.getMessage());
- }
- } catch (Throwable t) {
- // catch all errors (throwable and execptions to prevent subsequent tasks from being suppressed)
- LOGGER.error("Error executing scheduled task ", t);
- } finally {
- // If something happened and we were not able to rename the temp file, attempt to remove it
- if (tmpFile != null && tmpFile.toFile().exists()) {
- // Attempt to delete temp file, if this fails, not much can be done about it.
- try {
- Files.delete(tmpFile);
- } catch (Exception e) {
- LOGGER.error("failed to delete yemporary metrics file {}", tmpFile, e);
- }
- }
- }
- }
-
- @Override
- public void close() {
- if (executor != null) {
- SentryServiceUtil.shutdownAndAwaitTermination(executor,
- JSON_REPORTER_THREAD_NAME, 1, TimeUnit.MINUTES, LOGGER);
- executor = null;
- }
- try {
- Files.delete(path);
- } catch (IOException e) {
- LOGGER.error("Unable to delete {}", path, e);
- }
- }
- }
-}
http://git-wip-us.apache.org/repos/asf/sentry/blob/af8ea0ac/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/thrift/SentryMetricsServletContextListener.java
----------------------------------------------------------------------
diff --git a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/thrift/SentryMetricsServletContextListener.java b/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/thrift/SentryMetricsServletContextListener.java
deleted file mode 100644
index 6692197..0000000
--- a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/thrift/SentryMetricsServletContextListener.java
+++ /dev/null
@@ -1,32 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package org.apache.sentry.provider.db.service.thrift;
-
-import com.codahale.metrics.MetricRegistry;
-import com.codahale.metrics.servlets.MetricsServlet;
-
-public class SentryMetricsServletContextListener extends MetricsServlet.ContextListener {
-
- public static final MetricRegistry METRIC_REGISTRY = new MetricRegistry();
-
- @Override
- protected MetricRegistry getMetricRegistry() {
- return METRIC_REGISTRY;
- }
-
-}
http://git-wip-us.apache.org/repos/asf/sentry/blob/af8ea0ac/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/thrift/SentryPolicyServiceClient.java
----------------------------------------------------------------------
diff --git a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/thrift/SentryPolicyServiceClient.java b/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/thrift/SentryPolicyServiceClient.java
deleted file mode 100644
index f69a8cd..0000000
--- a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/thrift/SentryPolicyServiceClient.java
+++ /dev/null
@@ -1,227 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-package org.apache.sentry.provider.db.service.thrift;
-
-import java.util.List;
-import java.util.Map;
-import java.util.Set;
-
-import org.apache.sentry.core.common.exception.SentryUserException;
-import org.apache.sentry.core.common.ActiveRoleSet;
-import org.apache.sentry.core.common.Authorizable;
-
-public interface SentryPolicyServiceClient extends AutoCloseable {
-
- void createRole(String requestorUserName, String roleName) throws SentryUserException;
-
- void dropRole(String requestorUserName, String roleName) throws SentryUserException;
-
- void dropRoleIfExists(String requestorUserName, String roleName)
- throws SentryUserException;
-
- Set<TSentryRole> listRolesByUserName(String requestorUserName, String userName)
- throws SentryUserException;
-
- Set<TSentryRole> listRolesByGroupName(String requestorUserName, String groupName)
- throws SentryUserException;
-
- Set<TSentryPrivilege> listAllPrivilegesByRoleName(String requestorUserName, String roleName)
- throws SentryUserException;
-
- /**
- * Gets sentry privilege objects for a given roleName using the Sentry service
- *
- * @param requestorUserName : user on whose behalf the request is issued
- * @param roleName : roleName to look up
- * @param authorizable : authorizable Hierarchy (server->db->table etc)
- * @return Set of thrift sentry privilege objects
- * @throws SentryUserException
- */
- Set<TSentryPrivilege> listPrivilegesByRoleName(String requestorUserName, String roleName,
- List<? extends Authorizable> authorizable) throws SentryUserException;
-
- Set<TSentryRole> listAllRoles(String requestorUserName) throws SentryUserException;
-
- Set<TSentryRole> listUserRoles(String requestorUserName) throws SentryUserException;
-
- TSentryPrivilege grantURIPrivilege(String requestorUserName, String roleName,
- String server, String uri) throws SentryUserException;
-
- TSentryPrivilege grantURIPrivilege(String requestorUserName, String roleName,
- String server, String uri, Boolean grantOption) throws SentryUserException;
-
- void grantServerPrivilege(String requestorUserName, String roleName, String server,
- String action) throws SentryUserException;
-
- TSentryPrivilege grantServerPrivilege(String requestorUserName, String roleName,
- String server, Boolean grantOption) throws SentryUserException;
-
- TSentryPrivilege grantServerPrivilege(String requestorUserName, String roleName,
- String server, String action, Boolean grantOption) throws SentryUserException;
-
- TSentryPrivilege grantDatabasePrivilege(String requestorUserName, String roleName,
- String server, String db, String action) throws SentryUserException;
-
- TSentryPrivilege grantDatabasePrivilege(String requestorUserName, String roleName,
- String server, String db, String action, Boolean grantOption) throws SentryUserException;
-
- TSentryPrivilege grantTablePrivilege(String requestorUserName, String roleName,
- String server, String db, String table, String action) throws SentryUserException;
-
- TSentryPrivilege grantTablePrivilege(String requestorUserName, String roleName,
- String server, String db, String table, String action, Boolean grantOption)
- throws SentryUserException;
-
- TSentryPrivilege grantColumnPrivilege(String requestorUserName, String roleName,
- String server, String db, String table, String columnName, String action)
- throws SentryUserException;
-
- TSentryPrivilege grantColumnPrivilege(String requestorUserName, String roleName,
- String server, String db, String table, String columnName, String action, Boolean grantOption)
- throws SentryUserException;
-
- Set<TSentryPrivilege> grantColumnsPrivileges(String requestorUserName, String roleName,
- String server, String db, String table, List<String> columnNames, String action)
- throws SentryUserException;
-
- Set<TSentryPrivilege> grantColumnsPrivileges(String requestorUserName, String roleName,
- String server, String db, String table, List<String> columnNames, String action,
- Boolean grantOption) throws SentryUserException;
-
- Set<TSentryPrivilege> grantPrivileges(String requestorUserName, String
- roleName, Set<TSentryPrivilege> privileges) throws SentryUserException;
-
- TSentryPrivilege grantPrivilege(String requestorUserName, String roleName,
- TSentryPrivilege privilege) throws
- SentryUserException;
-
- void revokeURIPrivilege(String requestorUserName, String roleName, String server,
- String uri) throws SentryUserException;
-
- void revokeURIPrivilege(String requestorUserName, String roleName, String server,
- String uri, Boolean grantOption) throws SentryUserException;
-
- void revokeServerPrivilege(String requestorUserName, String roleName, String server,
- String action) throws SentryUserException;
-
- void revokeServerPrivilege(String requestorUserName, String roleName, String server,
- String action, Boolean grantOption) throws SentryUserException;
-
- void revokeServerPrivilege(String requestorUserName, String roleName, String server,
- boolean grantOption) throws SentryUserException;
-
- void revokeDatabasePrivilege(String requestorUserName, String roleName, String server,
- String db, String action) throws SentryUserException;
-
- void revokeDatabasePrivilege(String requestorUserName, String roleName, String server,
- String db, String action, Boolean grantOption) throws SentryUserException;
-
- void revokeTablePrivilege(String requestorUserName, String roleName, String server,
- String db, String table, String action) throws SentryUserException;
-
- void revokeTablePrivilege(String requestorUserName, String roleName, String server,
- String db, String table, String action, Boolean grantOption) throws SentryUserException;
-
- void revokeColumnPrivilege(String requestorUserName, String roleName, String server,
- String db, String table, String columnName, String action) throws SentryUserException;
-
- void revokeColumnPrivilege(String requestorUserName, String roleName, String server,
- String db, String table, String columnName, String action, Boolean grantOption)
- throws SentryUserException;
-
- void revokeColumnsPrivilege(String requestorUserName, String roleName, String server,
- String db, String table, List<String> columns, String action) throws SentryUserException;
-
- void revokeColumnsPrivilege(String requestorUserName, String roleName, String server,
- String db, String table, List<String> columns, String action, Boolean grantOption)
- throws SentryUserException;
-
- void revokePrivileges(String requestorUserName, String roleName, Set<TSentryPrivilege> privileges)
- throws SentryUserException;
-
- void revokePrivilege(String requestorUserName, String roleName, TSentryPrivilege privilege)
- throws SentryUserException;
-
- Set<String> listPrivilegesForProvider(Set<String> groups, Set<String> users,
- ActiveRoleSet roleSet, Authorizable... authorizable) throws SentryUserException;
-
- void grantRoleToGroup(String requestorUserName, String groupName, String roleName)
- throws SentryUserException;
-
- void revokeRoleFromGroup(String requestorUserName, String groupName, String roleName)
- throws SentryUserException;
-
- void grantRoleToGroups(String requestorUserName, String roleName, Set<String> groups)
- throws SentryUserException;
-
- void revokeRoleFromGroups(String requestorUserName, String roleName, Set<String> groups)
- throws SentryUserException;
-
- void grantRoleToUser(String requestorUserName, String userName, String roleName)
- throws SentryUserException;
-
- void revokeRoleFromUser(String requestorUserName, String userName, String roleName)
- throws SentryUserException;
-
- void grantRoleToUsers(String requestorUserName, String roleName, Set<String> users)
- throws SentryUserException;
-
- void revokeRoleFromUsers(String requestorUserName, String roleName, Set<String> users)
- throws SentryUserException;
-
- void dropPrivileges(String requestorUserName,
- List<? extends Authorizable> authorizableObjects) throws SentryUserException;
-
- void renamePrivileges(String requestorUserName,
- List<? extends Authorizable> oldAuthorizables, List<? extends Authorizable> newAuthorizables)
- throws SentryUserException;
-
- Map<TSentryAuthorizable, TSentryPrivilegeMap> listPrivilegsbyAuthorizable(
- String requestorUserName, Set<List<? extends Authorizable>> authorizables,
- Set<String> groups, ActiveRoleSet roleSet) throws SentryUserException;
-
- /**
- * Returns the configuration value in the sentry server associated with propertyName, or if
- * propertyName does not exist, the defaultValue. There is no "requestorUserName" because this is
- * regarded as an internal interface.
- *
- * @param propertyName Config attribute to search for
- * @param defaultValue String to return if not found
- * @return The value of the propertyName
- * @throws SentryUserException
- */
- String getConfigValue(String propertyName, String defaultValue) throws SentryUserException;
-
- // Import the sentry mapping data with map structure
- void importPolicy(Map<String, Map<String, Set<String>>> policyFileMappingData,
- String requestorUserName, boolean isOverwriteRole) throws SentryUserException;
-
- // export the sentry mapping data with map structure
- Map<String, Map<String, Set<String>>> exportPolicy(String requestorUserName, String objectPath)
- throws SentryUserException;
-
- /**
- * Requests the sentry server to synchronize all HMS notification events up to the specified id.
- * The sentry server will return once it have processed the id specified..
- *
- * @param id Requested HMS notification ID.
- * @return The most recent processed notification ID.
- */
- long syncNotifications(long id) throws SentryUserException;
-}