You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@sentry.apache.org by co...@apache.org on 2016/06/27 01:27:26 UTC
[4/6] sentry git commit: SENTRY-1288: Create sentry-service-client
module(Colin Ma, reviewed by Dapeng Sun)
http://git-wip-us.apache.org/repos/asf/sentry/blob/01875092/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/tools/SentryShellCommon.java
----------------------------------------------------------------------
diff --git a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/tools/SentryShellCommon.java b/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/tools/SentryShellCommon.java
deleted file mode 100644
index 6ddc1de..0000000
--- a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/tools/SentryShellCommon.java
+++ /dev/null
@@ -1,247 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-package org.apache.sentry.provider.db.tools;
-
-import com.google.common.annotations.VisibleForTesting;
-
-import org.apache.commons.cli.CommandLine;
-import org.apache.commons.cli.GnuParser;
-import org.apache.commons.cli.HelpFormatter;
-import org.apache.commons.cli.Option;
-import org.apache.commons.cli.OptionGroup;
-import org.apache.commons.cli.Options;
-import org.apache.commons.cli.ParseException;
-import org.apache.commons.cli.Parser;
-import org.apache.commons.lang.StringUtils;
-
-/**
- * SentryShellCommon provides the function for parsing the argument.
- * For hive model and generic model, child class should be implemented as a sentry admin tool.
- */
-abstract public class SentryShellCommon {
-
- protected String roleName;
- protected String groupName;
- protected String privilegeStr;
- protected String confPath;
- // flag for the command
- protected boolean isCreateRole = false;
- protected boolean isDropRole = false;
- protected boolean isAddRoleGroup = false;
- protected boolean isDeleteRoleGroup = false;
- protected boolean isGrantPrivilegeRole = false;
- protected boolean isRevokePrivilegeRole = false;
- protected boolean isListRole = false;
- protected boolean isListPrivilege = false;
- protected boolean isPrintHelp = false;
- // flag for the parameter check
- protected boolean roleNameRequired = false;
- protected boolean groupNameRequired = false;
- protected boolean privilegeStrRequired = false;
-
- public final static String OPTION_DESC_HELP = "Shell usage";
- public final static String OPTION_DESC_CONF = "sentry-site file path";
- public final static String OPTION_DESC_ROLE_NAME = "Role name";
- public final static String OPTION_DESC_GROUP_NAME = "Group name";
- public final static String OPTION_DESC_PRIVILEGE = "Privilege string";
- public final static String PREFIX_MESSAGE_MISSING_OPTION = "Missing required option: ";
-
- public final static String GROUP_SPLIT_CHAR = ",";
-
- /**
- * parse arguments
- *
- * <pre>
- * -conf,--sentry_conf <filepath> sentry config file path
- * -cr,--create_role -r <rolename> create role
- * -dr,--drop_role -r <rolename> drop role
- * -arg,--add_role_group -r <rolename> -g <groupname> add role to group
- * -drg,--delete_role_group -r <rolename> -g <groupname> delete role from group
- * -gpr,--grant_privilege_role -r <rolename> -p <privilege> grant privilege to role
- * -rpr,--revoke_privilege_role -r <rolename> -p <privilege> revoke privilege from role
- * -lr,--list_role -g <groupname> list roles for group
- * -lp,--list_privilege -r <rolename> list privilege for role
- * -t,--type <typeame> the shell for hive model or generic model
- * </pre>
- *
- * @param args
- */
- protected boolean parseArgs(String[] args) {
- Options simpleShellOptions = new Options();
-
- Option crOpt = new Option("cr", "create_role", false, "Create role");
- crOpt.setRequired(false);
-
- Option drOpt = new Option("dr", "drop_role", false, "Drop role");
- drOpt.setRequired(false);
-
- Option argOpt = new Option("arg", "add_role_group", false, "Add role to group");
- argOpt.setRequired(false);
-
- Option drgOpt = new Option("drg", "delete_role_group", false, "Delete role from group");
- drgOpt.setRequired(false);
-
- Option gprOpt = new Option("gpr", "grant_privilege_role", false, "Grant privilege to role");
- gprOpt.setRequired(false);
-
- Option rprOpt = new Option("rpr", "revoke_privilege_role", false, "Revoke privilege from role");
- rprOpt.setRequired(false);
-
- Option lrOpt = new Option("lr", "list_role", false, "List role");
- lrOpt.setRequired(false);
-
- Option lpOpt = new Option("lp", "list_privilege", false, "List privilege");
- lpOpt.setRequired(false);
-
- // required args group
- OptionGroup simpleShellOptGroup = new OptionGroup();
- simpleShellOptGroup.addOption(crOpt);
- simpleShellOptGroup.addOption(drOpt);
- simpleShellOptGroup.addOption(argOpt);
- simpleShellOptGroup.addOption(drgOpt);
- simpleShellOptGroup.addOption(gprOpt);
- simpleShellOptGroup.addOption(rprOpt);
- simpleShellOptGroup.addOption(lrOpt);
- simpleShellOptGroup.addOption(lpOpt);
- simpleShellOptGroup.setRequired(true);
- simpleShellOptions.addOptionGroup(simpleShellOptGroup);
-
- // optional args
- Option pOpt = new Option("p", "privilege", true, OPTION_DESC_PRIVILEGE);
- pOpt.setRequired(false);
- simpleShellOptions.addOption(pOpt);
-
- Option gOpt = new Option("g", "groupname", true, OPTION_DESC_GROUP_NAME);
- gOpt.setRequired(false);
- simpleShellOptions.addOption(gOpt);
-
- Option rOpt = new Option("r", "rolename", true, OPTION_DESC_ROLE_NAME);
- rOpt.setRequired(false);
- simpleShellOptions.addOption(rOpt);
-
- // this argument should be parsed in the bin/sentryShell
- Option tOpt = new Option("t", "type", true, "[hive|solr|sqoop|.....]");
- tOpt.setRequired(false);
- simpleShellOptions.addOption(tOpt);
-
- // file path of sentry-site
- Option sentrySitePathOpt = new Option("conf", "sentry_conf", true, OPTION_DESC_CONF);
- sentrySitePathOpt.setRequired(true);
- simpleShellOptions.addOption(sentrySitePathOpt);
-
- // help option
- Option helpOpt = new Option("h", "help", false, OPTION_DESC_HELP);
- helpOpt.setRequired(false);
- simpleShellOptions.addOption(helpOpt);
-
- // this Options is parsed first for help option
- Options helpOptions = new Options();
- helpOptions.addOption(helpOpt);
-
- try {
- Parser parser = new GnuParser();
-
- // parse help option first
- CommandLine cmd = parser.parse(helpOptions, args, true);
- for (Option opt : cmd.getOptions()) {
- if (opt.getOpt().equals("h")) {
- // get the help option, print the usage and exit
- usage(simpleShellOptions);
- return false;
- }
- }
-
- // without help option
- cmd = parser.parse(simpleShellOptions, args);
-
- for (Option opt : cmd.getOptions()) {
- if (opt.getOpt().equals("p")) {
- privilegeStr = opt.getValue();
- } else if (opt.getOpt().equals("g")) {
- groupName = opt.getValue();
- } else if (opt.getOpt().equals("r")) {
- roleName = opt.getValue();
- } else if (opt.getOpt().equals("cr")) {
- isCreateRole = true;
- roleNameRequired = true;
- } else if (opt.getOpt().equals("dr")) {
- isDropRole = true;
- roleNameRequired = true;
- } else if (opt.getOpt().equals("arg")) {
- isAddRoleGroup = true;
- roleNameRequired = true;
- groupNameRequired = true;
- } else if (opt.getOpt().equals("drg")) {
- isDeleteRoleGroup = true;
- roleNameRequired = true;
- groupNameRequired = true;
- } else if (opt.getOpt().equals("gpr")) {
- isGrantPrivilegeRole = true;
- roleNameRequired = true;
- privilegeStrRequired = true;
- } else if (opt.getOpt().equals("rpr")) {
- isRevokePrivilegeRole = true;
- roleNameRequired = true;
- privilegeStrRequired = true;
- } else if (opt.getOpt().equals("lr")) {
- isListRole = true;
- } else if (opt.getOpt().equals("lp")) {
- isListPrivilege = true;
- roleNameRequired = true;
- } else if (opt.getOpt().equals("conf")) {
- confPath = opt.getValue();
- }
- }
- checkRequiredParameter(roleNameRequired, roleName, OPTION_DESC_ROLE_NAME);
- checkRequiredParameter(groupNameRequired, groupName, OPTION_DESC_GROUP_NAME);
- checkRequiredParameter(privilegeStrRequired, privilegeStr, OPTION_DESC_PRIVILEGE);
- } catch (ParseException pe) {
- System.out.println(pe.getMessage());
- usage(simpleShellOptions);
- return false;
- }
- return true;
- }
-
- private void checkRequiredParameter(boolean isRequired, String paramValue, String paramName) throws ParseException {
- if (isRequired && StringUtils.isEmpty(paramValue)) {
- throw new ParseException(PREFIX_MESSAGE_MISSING_OPTION + paramName);
- }
- }
-
- // print usage
- private void usage(Options sentryOptions) {
- HelpFormatter formatter = new HelpFormatter();
- formatter.printHelp("sentryShell", sentryOptions);
- }
-
- // hive model and generic model should implement this method
- public abstract void run() throws Exception;
-
- @VisibleForTesting
- public boolean executeShell(String[] args) throws Exception {
- boolean result = true;
- if (parseArgs(args)) {
- run();
- } else {
- result = false;
- }
- return result;
- }
-}
http://git-wip-us.apache.org/repos/asf/sentry/blob/01875092/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/tools/SentryShellHive.java
----------------------------------------------------------------------
diff --git a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/tools/SentryShellHive.java b/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/tools/SentryShellHive.java
deleted file mode 100644
index dc7f829..0000000
--- a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/tools/SentryShellHive.java
+++ /dev/null
@@ -1,98 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-package org.apache.sentry.provider.db.tools;
-
-import org.apache.commons.lang.StringUtils;
-import org.apache.hadoop.conf.Configuration;
-import org.apache.hadoop.fs.Path;
-import org.apache.hadoop.security.UserGroupInformation;
-import org.apache.sentry.provider.db.service.thrift.SentryPolicyServiceClient;
-import org.apache.sentry.provider.db.tools.command.hive.*;
-import org.apache.sentry.service.thrift.SentryServiceClientFactory;
-import org.slf4j.Logger;
-import org.slf4j.LoggerFactory;
-
-/**
- * SentryShellHive is an admin tool, and responsible for the management of repository.
- * The following function are supported:
- * create role, drop role, add group to role, delete group from role, grant privilege to role,
- * revoke privilege from role, list roles for group, list privilege for role.
- */
-public class SentryShellHive extends SentryShellCommon {
-
- private static final Logger LOGGER = LoggerFactory.getLogger(SentryShellHive.class);
-
- public void run() throws Exception {
- Command command = null;
- SentryPolicyServiceClient client = SentryServiceClientFactory.create(getSentryConf());
- UserGroupInformation ugi = UserGroupInformation.getLoginUser();
- String requestorName = ugi.getShortUserName();
-
- if (isCreateRole) {
- command = new CreateRoleCmd(roleName);
- } else if (isDropRole) {
- command = new DropRoleCmd(roleName);
- } else if (isAddRoleGroup) {
- command = new GrantRoleToGroupsCmd(roleName, groupName);
- } else if (isDeleteRoleGroup) {
- command = new RevokeRoleFromGroupsCmd(roleName, groupName);
- } else if (isGrantPrivilegeRole) {
- command = new GrantPrivilegeToRoleCmd(roleName, privilegeStr);
- } else if (isRevokePrivilegeRole) {
- command = new RevokePrivilegeFromRoleCmd(roleName, privilegeStr);
- } else if (isListRole) {
- command = new ListRolesCmd(groupName);
- } else if (isListPrivilege) {
- command = new ListPrivilegesCmd(roleName);
- }
-
- // check the requestor name
- if (StringUtils.isEmpty(requestorName)) {
- // The exception message will be recoreded in log file.
- throw new Exception("The requestor name is empty.");
- }
-
- if (command != null) {
- command.execute(client, requestorName);
- }
- }
-
- private Configuration getSentryConf() {
- Configuration conf = new Configuration();
- conf.addResource(new Path(confPath));
- return conf;
- }
-
- public static void main(String[] args) throws Exception {
- SentryShellHive sentryShell = new SentryShellHive();
- try {
- sentryShell.executeShell(args);
- } catch (Exception e) {
- LOGGER.error(e.getMessage(), e);
- Throwable current = e;
- // find the first printable message;
- while (current != null && current.getMessage() == null) {
- current = current.getCause();
- }
- System.out.println("The operation failed." +
- (current.getMessage() == null ? "" : " Message: " + current.getMessage()));
- }
- }
-
-}
http://git-wip-us.apache.org/repos/asf/sentry/blob/01875092/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/tools/command/hive/Command.java
----------------------------------------------------------------------
diff --git a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/tools/command/hive/Command.java b/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/tools/command/hive/Command.java
deleted file mode 100644
index 79aed49..0000000
--- a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/tools/command/hive/Command.java
+++ /dev/null
@@ -1,27 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package org.apache.sentry.provider.db.tools.command.hive;
-
-import org.apache.sentry.provider.db.service.thrift.SentryPolicyServiceClient;
-
-/**
- * The interface for all admin commands, eg, CreateRoleCmd.
- */
-public interface Command {
- void execute(SentryPolicyServiceClient client, String requestorName) throws Exception;
-}
http://git-wip-us.apache.org/repos/asf/sentry/blob/01875092/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/tools/command/hive/CommandUtil.java
----------------------------------------------------------------------
diff --git a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/tools/command/hive/CommandUtil.java b/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/tools/command/hive/CommandUtil.java
deleted file mode 100644
index 2d2dcb5..0000000
--- a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/tools/command/hive/CommandUtil.java
+++ /dev/null
@@ -1,117 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package org.apache.sentry.provider.db.tools.command.hive;
-
-import org.apache.commons.lang.StringUtils;
-import org.apache.sentry.core.common.utils.SentryConstants;
-import org.apache.sentry.core.common.utils.KeyValue;
-import org.apache.sentry.core.common.utils.PolicyFileConstants;
-import org.apache.sentry.provider.db.service.thrift.TSentryGrantOption;
-import org.apache.sentry.provider.db.service.thrift.TSentryPrivilege;
-import org.apache.sentry.service.thrift.ServiceConstants;
-
-public final class CommandUtil {
-
- public static final String SPLIT_CHAR = ",";
-
- private CommandUtil() {
- // Make constructor private to avoid instantiation
- }
-
- // parse the privilege in String and get the TSentryPrivilege as result
- public static TSentryPrivilege convertToTSentryPrivilege(String privilegeStr) throws Exception {
- TSentryPrivilege tSentryPrivilege = new TSentryPrivilege();
- for (String authorizable : SentryConstants.AUTHORIZABLE_SPLITTER.split(privilegeStr)) {
- KeyValue tempKV = new KeyValue(authorizable);
- String key = tempKV.getKey();
- String value = tempKV.getValue();
-
- if (PolicyFileConstants.PRIVILEGE_SERVER_NAME.equalsIgnoreCase(key)) {
- tSentryPrivilege.setServerName(value);
- } else if (PolicyFileConstants.PRIVILEGE_DATABASE_NAME.equalsIgnoreCase(key)) {
- tSentryPrivilege.setDbName(value);
- } else if (PolicyFileConstants.PRIVILEGE_TABLE_NAME.equalsIgnoreCase(key)) {
- tSentryPrivilege.setTableName(value);
- } else if (PolicyFileConstants.PRIVILEGE_COLUMN_NAME.equalsIgnoreCase(key)) {
- tSentryPrivilege.setColumnName(value);
- } else if (PolicyFileConstants.PRIVILEGE_URI_NAME.equalsIgnoreCase(key)) {
- tSentryPrivilege.setURI(value);
- } else if (PolicyFileConstants.PRIVILEGE_ACTION_NAME.equalsIgnoreCase(key)) {
- tSentryPrivilege.setAction(value);
- } else if (PolicyFileConstants.PRIVILEGE_GRANT_OPTION_NAME.equalsIgnoreCase(key)) {
- TSentryGrantOption grantOption = "true".equalsIgnoreCase(value) ? TSentryGrantOption.TRUE
- : TSentryGrantOption.FALSE;
- tSentryPrivilege.setGrantOption(grantOption);
- }
- }
- tSentryPrivilege.setPrivilegeScope(getPrivilegeScope(tSentryPrivilege));
- validatePrivilegeHierarchy(tSentryPrivilege);
- return tSentryPrivilege;
- }
-
- // for the different hierarchy for hive:
- // 1: server->url
- // 2: server->database->table->column
- // if both of them are found in the privilege string, the privilege scope will be set as
- // PrivilegeScope.URI
- private static String getPrivilegeScope(TSentryPrivilege tSentryPrivilege) {
- ServiceConstants.PrivilegeScope privilegeScope = ServiceConstants.PrivilegeScope.SERVER;
- if (!StringUtils.isEmpty(tSentryPrivilege.getURI())) {
- privilegeScope = ServiceConstants.PrivilegeScope.URI;
- } else if (!StringUtils.isEmpty(tSentryPrivilege.getColumnName())) {
- privilegeScope = ServiceConstants.PrivilegeScope.COLUMN;
- } else if (!StringUtils.isEmpty(tSentryPrivilege.getTableName())) {
- privilegeScope = ServiceConstants.PrivilegeScope.TABLE;
- } else if (!StringUtils.isEmpty(tSentryPrivilege.getDbName())) {
- privilegeScope = ServiceConstants.PrivilegeScope.DATABASE;
- }
- return privilegeScope.toString();
- }
-
- // check the privilege value for the specific privilege scope
- // eg, for the table scope, server and database can't be empty
- private static void validatePrivilegeHierarchy(TSentryPrivilege tSentryPrivilege) throws Exception {
- String serverName = tSentryPrivilege.getServerName();
- String dbName = tSentryPrivilege.getDbName();
- String tableName = tSentryPrivilege.getTableName();
- String columnName = tSentryPrivilege.getColumnName();
- String uri = tSentryPrivilege.getURI();
- if (ServiceConstants.PrivilegeScope.SERVER.toString().equals(tSentryPrivilege.getPrivilegeScope())) {
- if (StringUtils.isEmpty(serverName)) {
- throw new IllegalArgumentException("The hierarchy of privilege is not correct.");
- }
- } else if (ServiceConstants.PrivilegeScope.URI.toString().equals(tSentryPrivilege.getPrivilegeScope())) {
- if (StringUtils.isEmpty(serverName) || StringUtils.isEmpty(uri)) {
- throw new IllegalArgumentException("The hierarchy of privilege is not correct.");
- }
- } else if (ServiceConstants.PrivilegeScope.DATABASE.toString().equals(tSentryPrivilege.getPrivilegeScope())) {
- if (StringUtils.isEmpty(serverName) || StringUtils.isEmpty(dbName)) {
- throw new IllegalArgumentException("The hierarchy of privilege is not correct.");
- }
- } else if (ServiceConstants.PrivilegeScope.TABLE.toString().equals(tSentryPrivilege.getPrivilegeScope())) {
- if (StringUtils.isEmpty(serverName) || StringUtils.isEmpty(dbName)
- || StringUtils.isEmpty(tableName)) {
- throw new IllegalArgumentException("The hierarchy of privilege is not correct.");
- }
- } else if (ServiceConstants.PrivilegeScope.COLUMN.toString().equals(tSentryPrivilege.getPrivilegeScope())
- && (StringUtils.isEmpty(serverName) || StringUtils.isEmpty(dbName)
- || StringUtils.isEmpty(tableName) || StringUtils.isEmpty(columnName))) {
- throw new IllegalArgumentException("The hierarchy of privilege is not correct.");
- }
- }
-}
http://git-wip-us.apache.org/repos/asf/sentry/blob/01875092/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/tools/command/hive/CreateRoleCmd.java
----------------------------------------------------------------------
diff --git a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/tools/command/hive/CreateRoleCmd.java b/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/tools/command/hive/CreateRoleCmd.java
deleted file mode 100644
index 5a4834a..0000000
--- a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/tools/command/hive/CreateRoleCmd.java
+++ /dev/null
@@ -1,37 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package org.apache.sentry.provider.db.tools.command.hive;
-
-import org.apache.sentry.provider.db.service.thrift.SentryPolicyServiceClient;
-
-/**
- * The class for admin command to create role.
- */
-public class CreateRoleCmd implements Command {
-
- private String roleName;
-
- public CreateRoleCmd(String roleName) {
- this.roleName = roleName;
- }
-
- @Override
- public void execute(SentryPolicyServiceClient client, String requestorName) throws Exception {
- client.createRole(requestorName, roleName);
- }
-}
http://git-wip-us.apache.org/repos/asf/sentry/blob/01875092/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/tools/command/hive/DropRoleCmd.java
----------------------------------------------------------------------
diff --git a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/tools/command/hive/DropRoleCmd.java b/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/tools/command/hive/DropRoleCmd.java
deleted file mode 100644
index facec0e..0000000
--- a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/tools/command/hive/DropRoleCmd.java
+++ /dev/null
@@ -1,37 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package org.apache.sentry.provider.db.tools.command.hive;
-
-import org.apache.sentry.provider.db.service.thrift.SentryPolicyServiceClient;
-
-/**
- * The class for admin command to drop role.
- */
-public class DropRoleCmd implements Command {
-
- private String roleName;
-
- public DropRoleCmd(String roleName) {
- this.roleName = roleName;
- }
-
- @Override
- public void execute(SentryPolicyServiceClient client, String requestorName) throws Exception {
- client.dropRole(requestorName, roleName);
- }
-}
http://git-wip-us.apache.org/repos/asf/sentry/blob/01875092/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/tools/command/hive/GrantPrivilegeToRoleCmd.java
----------------------------------------------------------------------
diff --git a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/tools/command/hive/GrantPrivilegeToRoleCmd.java b/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/tools/command/hive/GrantPrivilegeToRoleCmd.java
deleted file mode 100644
index a1ef2f9..0000000
--- a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/tools/command/hive/GrantPrivilegeToRoleCmd.java
+++ /dev/null
@@ -1,61 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package org.apache.sentry.provider.db.tools.command.hive;
-
-import org.apache.sentry.provider.db.service.thrift.SentryPolicyServiceClient;
-import org.apache.sentry.provider.db.service.thrift.TSentryGrantOption;
-import org.apache.sentry.provider.db.service.thrift.TSentryPrivilege;
-import org.apache.sentry.service.thrift.ServiceConstants;
-
-/**
- * The class for admin command to grant privilege to role.
- */
-public class GrantPrivilegeToRoleCmd implements Command {
-
- private String roleName;
- private String privilegeStr;
-
- public GrantPrivilegeToRoleCmd(String roleName, String privilegeStr) {
- this.roleName = roleName;
- this.privilegeStr = privilegeStr;
- }
-
- @Override
- public void execute(SentryPolicyServiceClient client, String requestorName) throws Exception {
- TSentryPrivilege tSentryPrivilege = CommandUtil.convertToTSentryPrivilege(privilegeStr);
- boolean grantOption = tSentryPrivilege.getGrantOption().equals(TSentryGrantOption.TRUE) ? true : false;
- if (ServiceConstants.PrivilegeScope.SERVER.toString().equals(tSentryPrivilege.getPrivilegeScope())) {
- client.grantServerPrivilege(requestorName, roleName, tSentryPrivilege.getServerName(),
- tSentryPrivilege.getAction(), grantOption);
- } else if (ServiceConstants.PrivilegeScope.DATABASE.toString().equals(tSentryPrivilege.getPrivilegeScope())) {
- client.grantDatabasePrivilege(requestorName, roleName, tSentryPrivilege.getServerName(),
- tSentryPrivilege.getDbName(), tSentryPrivilege.getAction(), grantOption);
- } else if (ServiceConstants.PrivilegeScope.TABLE.toString().equals(tSentryPrivilege.getPrivilegeScope())) {
- client.grantTablePrivilege(requestorName, roleName, tSentryPrivilege.getServerName(),
- tSentryPrivilege.getDbName(), tSentryPrivilege.getTableName(),
- tSentryPrivilege.getAction(), grantOption);
- } else if (ServiceConstants.PrivilegeScope.COLUMN.toString().equals(tSentryPrivilege.getPrivilegeScope())) {
- client.grantColumnPrivilege(requestorName, roleName, tSentryPrivilege.getServerName(),
- tSentryPrivilege.getDbName(), tSentryPrivilege.getTableName(),
- tSentryPrivilege.getColumnName(), tSentryPrivilege.getAction(), grantOption);
- } else if (ServiceConstants.PrivilegeScope.URI.toString().equals(tSentryPrivilege.getPrivilegeScope())) {
- client.grantURIPrivilege(requestorName, roleName, tSentryPrivilege.getServerName(),
- tSentryPrivilege.getURI(), grantOption);
- }
- }
-}
http://git-wip-us.apache.org/repos/asf/sentry/blob/01875092/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/tools/command/hive/GrantRoleToGroupsCmd.java
----------------------------------------------------------------------
diff --git a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/tools/command/hive/GrantRoleToGroupsCmd.java b/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/tools/command/hive/GrantRoleToGroupsCmd.java
deleted file mode 100644
index 07a3de4..0000000
--- a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/tools/command/hive/GrantRoleToGroupsCmd.java
+++ /dev/null
@@ -1,44 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package org.apache.sentry.provider.db.tools.command.hive;
-
-import com.google.common.collect.Sets;
-import org.apache.sentry.provider.db.service.thrift.SentryPolicyServiceClient;
-import org.apache.sentry.provider.db.tools.SentryShellCommon;
-
-import java.util.Set;
-
-/**
- * The class for admin command to grant role to group.
- */
-public class GrantRoleToGroupsCmd implements Command {
-
- private String roleName;
- private String groupNamesStr;
-
- public GrantRoleToGroupsCmd(String roleName, String groupNamesStr) {
- this.roleName = roleName;
- this.groupNamesStr = groupNamesStr;
- }
-
- @Override
- public void execute(SentryPolicyServiceClient client, String requestorName) throws Exception {
- Set<String> groups = Sets.newHashSet(groupNamesStr.split(SentryShellCommon.GROUP_SPLIT_CHAR));
- client.grantRoleToGroups(requestorName, roleName, groups);
- }
-}
http://git-wip-us.apache.org/repos/asf/sentry/blob/01875092/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/tools/command/hive/ListPrivilegesCmd.java
----------------------------------------------------------------------
diff --git a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/tools/command/hive/ListPrivilegesCmd.java b/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/tools/command/hive/ListPrivilegesCmd.java
deleted file mode 100644
index 5f3e9fb..0000000
--- a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/tools/command/hive/ListPrivilegesCmd.java
+++ /dev/null
@@ -1,97 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package org.apache.sentry.provider.db.tools.command.hive;
-
-import com.google.common.collect.Lists;
-import org.apache.commons.lang.StringUtils;
-import org.apache.sentry.core.common.utils.SentryConstants;
-import org.apache.sentry.core.common.utils.PolicyFileConstants;
-import org.apache.sentry.provider.db.service.thrift.SentryPolicyServiceClient;
-import org.apache.sentry.provider.db.service.thrift.TSentryGrantOption;
-import org.apache.sentry.provider.db.service.thrift.TSentryPrivilege;
-
-import java.util.List;
-import java.util.Set;
-
-/**
- * The class for admin command to list privileges.
- */
-public class ListPrivilegesCmd implements Command {
-
- private String roleName;
-
- public ListPrivilegesCmd(String roleName) {
- this.roleName = roleName;
- }
-
- @Override
- public void execute(SentryPolicyServiceClient client, String requestorName) throws Exception {
- Set<TSentryPrivilege> privileges = client
- .listAllPrivilegesByRoleName(requestorName, roleName);
- if (privileges != null) {
- for (TSentryPrivilege privilege : privileges) {
- String privilegeStr = convertToPrivilegeStr(privilege);
- System.out.println(privilegeStr);
- }
- }
- }
-
- // convert TSentryPrivilege to privilege in string
- private String convertToPrivilegeStr(TSentryPrivilege tSentryPrivilege) {
- List<String> privileges = Lists.newArrayList();
- if (tSentryPrivilege != null) {
- String serverName = tSentryPrivilege.getServerName();
- String dbName = tSentryPrivilege.getDbName();
- String tableName = tSentryPrivilege.getTableName();
- String columnName = tSentryPrivilege.getColumnName();
- String uri = tSentryPrivilege.getURI();
- String action = tSentryPrivilege.getAction();
- String grantOption = (tSentryPrivilege.getGrantOption() == TSentryGrantOption.TRUE ? "true"
- : "false");
- if (!StringUtils.isEmpty(serverName)) {
- privileges.add(SentryConstants.KV_JOINER.join(PolicyFileConstants.PRIVILEGE_SERVER_NAME,
- serverName));
- if (!StringUtils.isEmpty(uri)) {
- privileges.add(SentryConstants.KV_JOINER.join(PolicyFileConstants.PRIVILEGE_URI_NAME,
- uri));
- } else if (!StringUtils.isEmpty(dbName)) {
- privileges.add(SentryConstants.KV_JOINER.join(
- PolicyFileConstants.PRIVILEGE_DATABASE_NAME, dbName));
- if (!StringUtils.isEmpty(tableName)) {
- privileges.add(SentryConstants.KV_JOINER.join(
- PolicyFileConstants.PRIVILEGE_TABLE_NAME, tableName));
- if (!StringUtils.isEmpty(columnName)) {
- privileges.add(SentryConstants.KV_JOINER.join(
- PolicyFileConstants.PRIVILEGE_COLUMN_NAME, columnName));
- }
- }
- }
- if (!StringUtils.isEmpty(action)) {
- privileges.add(SentryConstants.KV_JOINER.join(
- PolicyFileConstants.PRIVILEGE_ACTION_NAME, action));
- }
- }
- // only append the grant option to privilege string if it's true
- if ("true".equals(grantOption)) {
- privileges.add(SentryConstants.KV_JOINER.join(
- PolicyFileConstants.PRIVILEGE_GRANT_OPTION_NAME, grantOption));
- }
- }
- return SentryConstants.AUTHORIZABLE_JOINER.join(privileges);
- }
-}
http://git-wip-us.apache.org/repos/asf/sentry/blob/01875092/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/tools/command/hive/ListRolesCmd.java
----------------------------------------------------------------------
diff --git a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/tools/command/hive/ListRolesCmd.java b/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/tools/command/hive/ListRolesCmd.java
deleted file mode 100644
index 283f2c0..0000000
--- a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/tools/command/hive/ListRolesCmd.java
+++ /dev/null
@@ -1,51 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package org.apache.sentry.provider.db.tools.command.hive;
-
-import org.apache.commons.lang.StringUtils;
-import org.apache.sentry.provider.db.service.thrift.SentryPolicyServiceClient;
-import org.apache.sentry.provider.db.service.thrift.TSentryRole;
-
-import java.util.Set;
-
-/**
- * The class for admin command to list roles.
- */
-public class ListRolesCmd implements Command {
-
- private String groupName;
-
- public ListRolesCmd(String groupName) {
- this.groupName = groupName;
- }
-
- @Override
- public void execute(SentryPolicyServiceClient client, String requestorName) throws Exception {
- Set<TSentryRole> roles;
- if (StringUtils.isEmpty(groupName)) {
- roles = client.listRoles(requestorName);
- } else {
- roles = client.listRolesByGroupName(requestorName, groupName);
- }
- if (roles != null) {
- for (TSentryRole role : roles) {
- System.out.println(role.getRoleName());
- }
- }
- }
-}
http://git-wip-us.apache.org/repos/asf/sentry/blob/01875092/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/tools/command/hive/RevokePrivilegeFromRoleCmd.java
----------------------------------------------------------------------
diff --git a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/tools/command/hive/RevokePrivilegeFromRoleCmd.java b/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/tools/command/hive/RevokePrivilegeFromRoleCmd.java
deleted file mode 100644
index f3da6c4..0000000
--- a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/tools/command/hive/RevokePrivilegeFromRoleCmd.java
+++ /dev/null
@@ -1,62 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package org.apache.sentry.provider.db.tools.command.hive;
-
-import org.apache.sentry.provider.db.service.thrift.SentryPolicyServiceClient;
-import org.apache.sentry.provider.db.service.thrift.TSentryGrantOption;
-import org.apache.sentry.provider.db.service.thrift.TSentryPrivilege;
-import org.apache.sentry.service.thrift.ServiceConstants;
-
-/**
- * The class for admin command to revoke privileges from role.
- */
-public class RevokePrivilegeFromRoleCmd implements Command {
-
- private String roleName;
- private String privilegeStr;
-
- public RevokePrivilegeFromRoleCmd(String roleName, String privilegeStr) {
- this.roleName = roleName;
- this.privilegeStr = privilegeStr;
- }
-
- @Override
- public void execute(SentryPolicyServiceClient client, String requestorName) throws Exception {
- TSentryPrivilege tSentryPrivilege = CommandUtil.convertToTSentryPrivilege(privilegeStr);
- boolean grantOption = tSentryPrivilege.getGrantOption().equals(TSentryGrantOption.TRUE) ? true : false;
- if (ServiceConstants.PrivilegeScope.SERVER.toString().equals(tSentryPrivilege.getPrivilegeScope())) {
- client.revokeServerPrivilege(requestorName, roleName, tSentryPrivilege.getServerName(),
- grantOption);
- } else if (ServiceConstants.PrivilegeScope.DATABASE.toString().equals(tSentryPrivilege.getPrivilegeScope())) {
- client.revokeDatabasePrivilege(requestorName, roleName, tSentryPrivilege.getServerName(),
- tSentryPrivilege.getDbName(), tSentryPrivilege.getAction(), grantOption);
- } else if (ServiceConstants.PrivilegeScope.TABLE.toString().equals(tSentryPrivilege.getPrivilegeScope())) {
- client.revokeTablePrivilege(requestorName, roleName, tSentryPrivilege.getServerName(),
- tSentryPrivilege.getDbName(), tSentryPrivilege.getTableName(),
- tSentryPrivilege.getAction(), grantOption);
- } else if (ServiceConstants.PrivilegeScope.COLUMN.toString().equals(tSentryPrivilege.getPrivilegeScope())) {
- client.revokeColumnPrivilege(requestorName, roleName, tSentryPrivilege.getServerName(),
- tSentryPrivilege.getDbName(), tSentryPrivilege.getTableName(),
- tSentryPrivilege.getColumnName(), tSentryPrivilege.getAction(), grantOption);
- } else if (ServiceConstants.PrivilegeScope.URI.toString().equals(tSentryPrivilege.getPrivilegeScope())) {
- client.revokeURIPrivilege(requestorName, roleName, tSentryPrivilege.getServerName(),
- tSentryPrivilege.getURI(), grantOption);
- }
- }
-
-}
http://git-wip-us.apache.org/repos/asf/sentry/blob/01875092/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/tools/command/hive/RevokeRoleFromGroupsCmd.java
----------------------------------------------------------------------
diff --git a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/tools/command/hive/RevokeRoleFromGroupsCmd.java b/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/tools/command/hive/RevokeRoleFromGroupsCmd.java
deleted file mode 100644
index 86773ca..0000000
--- a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/tools/command/hive/RevokeRoleFromGroupsCmd.java
+++ /dev/null
@@ -1,43 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package org.apache.sentry.provider.db.tools.command.hive;
-
-import com.google.common.collect.Sets;
-import org.apache.sentry.provider.db.service.thrift.SentryPolicyServiceClient;
-
-import java.util.Set;
-
-/**
- * The class for admin command to revoke role from group.
- */
-public class RevokeRoleFromGroupsCmd implements Command {
-
- private String roleName;
- private String groupNamesStr;
-
- public RevokeRoleFromGroupsCmd(String roleName, String groupNamesStr) {
- this.roleName = roleName;
- this.groupNamesStr = groupNamesStr;
- }
-
- @Override
- public void execute(SentryPolicyServiceClient client, String requestorName) throws Exception {
- Set<String> groups = Sets.newHashSet(groupNamesStr.split(CommandUtil.SPLIT_CHAR));
- client.revokeRoleFromGroups(requestorName, roleName, groups);
- }
-}
http://git-wip-us.apache.org/repos/asf/sentry/blob/01875092/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/service/thrift/HAClientInvocationHandler.java
----------------------------------------------------------------------
diff --git a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/service/thrift/HAClientInvocationHandler.java b/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/service/thrift/HAClientInvocationHandler.java
deleted file mode 100644
index d97a07e..0000000
--- a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/service/thrift/HAClientInvocationHandler.java
+++ /dev/null
@@ -1,139 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package org.apache.sentry.service.thrift;
-
-import java.io.IOException;
-import java.lang.reflect.InvocationTargetException;
-import java.lang.reflect.Method;
-import java.net.InetSocketAddress;
-
-import org.apache.hadoop.conf.Configuration;
-import org.apache.hadoop.security.SecurityUtil;
-import org.apache.curator.x.discovery.ServiceInstance;
-import org.apache.sentry.core.common.exception.SentryUserException;
-import org.apache.sentry.provider.db.service.persistent.HAContext;
-import org.apache.sentry.provider.db.service.persistent.ServiceManager;
-import org.apache.sentry.provider.db.service.thrift.SentryPolicyServiceClient;
-import org.apache.sentry.provider.db.service.thrift.SentryPolicyServiceClientDefaultImpl;
-import org.apache.sentry.service.thrift.ServiceConstants.ServerConfig;
-import org.slf4j.Logger;
-import org.slf4j.LoggerFactory;
-
-import com.google.common.base.Preconditions;
-
-public class HAClientInvocationHandler extends SentryClientInvocationHandler {
-
- private static final Logger LOGGER = LoggerFactory.getLogger(HAClientInvocationHandler.class);
-
- private final Configuration conf;
- private ServiceManager manager;
- private ServiceInstance<Void> currentServiceInstance;
- private SentryPolicyServiceClient client = null;
-
- private static final String THRIFT_EXCEPTION_MESSAGE = "Thrift exception occured ";
- public static final String SENTRY_HA_ERROR_MESSAGE = "No Sentry server available. Please ensure that at least one Sentry server is online";
-
- public HAClientInvocationHandler(Configuration conf) throws Exception {
- this.conf = conf;
- checkClientConf();
- }
-
- @Override
- public Object invokeImpl(Object proxy, Method method, Object[] args) throws
- SentryUserException {
- Object result = null;
- try {
- if (!method.isAccessible()) {
- method.setAccessible(true);
- }
- // The client is initialized in the first call instead of constructor.
- // This way we can propagate the connection exception to caller cleanly
- if (client == null) {
- renewSentryClient();
- }
- result = method.invoke(client, args);
- } catch (IllegalAccessException e) {
- throw new SentryUserException(e.getMessage(), e.getCause());
- } catch (InvocationTargetException e) {
- if (e.getTargetException() instanceof SentryUserException) {
- throw (SentryUserException)e.getTargetException();
- } else {
- LOGGER.warn(THRIFT_EXCEPTION_MESSAGE + ": Error in connect current" +
- " service, will retry other service.", e);
- if (client != null) {
- client.close();
- client = null;
- }
- }
- } catch (IOException e1) {
- throw new SentryUserException("Error connecting to sentry service "
- + e1.getMessage(), e1);
- }
- return result;
- }
-
- // Retrieve the new connection endpoint from ZK and connect to new server
- private void renewSentryClient() throws IOException {
- try {
- manager = new ServiceManager(HAContext.getHAContext(conf));
- } catch (Exception e1) {
- throw new IOException("Failed to extract Sentry node info from zookeeper", e1);
- }
-
- try {
- while (true) {
- currentServiceInstance = manager.getServiceInstance();
- if (currentServiceInstance == null) {
- throw new IOException(SENTRY_HA_ERROR_MESSAGE);
- }
- InetSocketAddress serverAddress =
- ServiceManager.convertServiceInstance(currentServiceInstance);
- conf.set(ServiceConstants.ClientConfig.SERVER_RPC_ADDRESS, serverAddress.getHostName());
- conf.setInt(ServiceConstants.ClientConfig.SERVER_RPC_PORT, serverAddress.getPort());
- try {
- client = new SentryPolicyServiceClientDefaultImpl(conf);
- LOGGER.info("Sentry Client using server " + serverAddress.getHostName() +
- ":" + serverAddress.getPort());
- break;
- } catch (IOException e) {
- manager.reportError(currentServiceInstance);
- LOGGER.info("Transport exception while opening transport:", e, e.getMessage());
- }
- }
- } finally {
- manager.close();
- }
- }
-
- private void checkClientConf() {
- if (conf.getBoolean(ServerConfig.SENTRY_HA_ZOOKEEPER_SECURITY,
- ServerConfig.SENTRY_HA_ZOOKEEPER_SECURITY_DEFAULT)) {
- String serverPrincipal = Preconditions.checkNotNull(conf.get(ServerConfig.PRINCIPAL),
- ServerConfig.PRINCIPAL + " is required");
- Preconditions.checkArgument(serverPrincipal.contains(SecurityUtil.HOSTNAME_PATTERN),
- ServerConfig.PRINCIPAL + " : " + serverPrincipal + " should contain " + SecurityUtil.HOSTNAME_PATTERN);
- }
- }
-
- @Override
- public void close() {
- if (client != null) {
- client.close();
- }
- }
-}
http://git-wip-us.apache.org/repos/asf/sentry/blob/01875092/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/service/thrift/PoolClientInvocationHandler.java
----------------------------------------------------------------------
diff --git a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/service/thrift/PoolClientInvocationHandler.java b/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/service/thrift/PoolClientInvocationHandler.java
deleted file mode 100644
index a35bf1d..0000000
--- a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/service/thrift/PoolClientInvocationHandler.java
+++ /dev/null
@@ -1,154 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package org.apache.sentry.service.thrift;
-
-import java.lang.reflect.InvocationTargetException;
-import java.lang.reflect.Method;
-
-import org.apache.commons.pool2.PooledObjectFactory;
-import org.apache.commons.pool2.impl.AbandonedConfig;
-import org.apache.commons.pool2.impl.GenericObjectPool;
-import org.apache.commons.pool2.impl.GenericObjectPoolConfig;
-import org.apache.hadoop.conf.Configuration;
-import org.apache.sentry.core.common.exception.SentryUserException;
-import org.apache.sentry.provider.db.service.thrift.SentryPolicyServiceClient;
-import org.apache.sentry.service.thrift.ServiceConstants.ClientConfig;
-import org.apache.thrift.transport.TTransportException;
-import org.slf4j.Logger;
-import org.slf4j.LoggerFactory;
-
-/**
- * The PoolClientInvocationHandler is a proxy class for handling thrift call. For every thrift call,
- * get the instance of SentryPolicyServiceBaseClient from the commons-pool, and return the instance
- * to the commons-pool after complete the call. For any exception with the call, discard the
- * instance and create a new one added to the commons-pool. Then, get the instance and do the call
- * again. For the thread safe, the commons-pool will manage the connection pool, and every thread
- * can get the connection by borrowObject() and return the connection to the pool by returnObject().
- */
-
-public class PoolClientInvocationHandler extends SentryClientInvocationHandler {
-
- private static final Logger LOGGER = LoggerFactory.getLogger(PoolClientInvocationHandler.class);
-
- private final Configuration conf;
- private PooledObjectFactory<SentryPolicyServiceClient> poolFactory;
- private GenericObjectPool<SentryPolicyServiceClient> pool;
- private GenericObjectPoolConfig poolConfig;
- private int connectionRetryTotal;
-
- private static final String POOL_EXCEPTION_MESSAGE = "Pool exception occured ";
-
- public PoolClientInvocationHandler(Configuration conf) throws Exception {
- this.conf = conf;
- readConfiguration();
- poolFactory = new SentryServiceClientPoolFactory(conf);
- pool = new GenericObjectPool<SentryPolicyServiceClient>(poolFactory, poolConfig, new AbandonedConfig());
- }
-
- @Override
- public Object invokeImpl(Object proxy, Method method, Object[] args) throws Exception {
- int retryCount = 0;
- Object result = null;
- while (retryCount < connectionRetryTotal) {
- try {
- // The wapper here is for the retry of thrift call, the default retry number is 3.
- result = invokeFromPool(method, args);
- break;
- } catch (TTransportException e) {
- // TTransportException means there has connection problem, create a new connection and try
- // again. Get the lock of pool and add new connection.
- synchronized (pool) {
- // If there has room, create new instance and add it to the commons-pool, this instance
- // will be back first from the commons-pool because the configuration is LIFO.
- if (pool.getNumIdle() + pool.getNumActive() < pool.getMaxTotal()) {
- pool.addObject();
- }
- }
- // Increase the retry num, and throw the exception if can't retry again.
- retryCount++;
- if (retryCount == connectionRetryTotal) {
- throw new SentryUserException(e.getMessage(), e);
- }
- }
- }
- return result;
- }
-
- private Object invokeFromPool(Method method, Object[] args) throws Exception {
- Object result = null;
- SentryPolicyServiceClient client;
- try {
- // get the connection from the pool, don't know if the connection is broken.
- client = pool.borrowObject();
- } catch (Exception e) {
- LOGGER.debug(POOL_EXCEPTION_MESSAGE, e);
- throw new SentryUserException(e.getMessage(), e);
- }
- try {
- // do the thrift call
- result = method.invoke(client, args);
- } catch (InvocationTargetException e) {
- // Get the target exception, check if SentryUserException or TTransportException is wrapped.
- // TTransportException means there has connection problem with the pool.
- Throwable targetException = e.getCause();
- if (targetException instanceof SentryUserException) {
- Throwable sentryTargetException = targetException.getCause();
- // If there has connection problem, eg, invalid connection if the service restarted,
- // sentryTargetException instanceof TTransportException = true.
- if (sentryTargetException instanceof TTransportException) {
- // If the exception is caused by connection problem, destroy the instance and
- // remove it from the commons-pool. Throw the TTransportException for reconnect.
- pool.invalidateObject(client);
- throw new TTransportException(sentryTargetException);
- }
- // The exception is thrown by thrift call, eg, SentryAccessDeniedException.
- throw (SentryUserException) targetException;
- }
- throw e;
- } finally{
- try {
- // return the instance to commons-pool
- pool.returnObject(client);
- } catch (Exception e) {
- LOGGER.error(POOL_EXCEPTION_MESSAGE, e);
- throw e;
- }
- }
- return result;
- }
-
- @Override
- public void close() {
- try {
- pool.close();
- } catch (Exception e) {
- LOGGER.debug(POOL_EXCEPTION_MESSAGE, e);
- }
- }
-
- private void readConfiguration() {
- poolConfig = new GenericObjectPoolConfig();
- // config the pool size for commons-pool
- poolConfig.setMaxTotal(conf.getInt(ClientConfig.SENTRY_POOL_MAX_TOTAL, ClientConfig.SENTRY_POOL_MAX_TOTAL_DEFAULT));
- poolConfig.setMinIdle(conf.getInt(ClientConfig.SENTRY_POOL_MIN_IDLE, ClientConfig.SENTRY_POOL_MIN_IDLE_DEFAULT));
- poolConfig.setMaxIdle(conf.getInt(ClientConfig.SENTRY_POOL_MAX_IDLE, ClientConfig.SENTRY_POOL_MAX_IDLE_DEFAULT));
- // get the retry number for reconnecting service
- connectionRetryTotal = conf.getInt(ClientConfig.SENTRY_POOL_RETRY_TOTAL,
- ClientConfig.SENTRY_POOL_RETRY_TOTAL_DEFAULT);
- }
-}
http://git-wip-us.apache.org/repos/asf/sentry/blob/01875092/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/service/thrift/SentryClientInvocationHandler.java
----------------------------------------------------------------------
diff --git a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/service/thrift/SentryClientInvocationHandler.java b/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/service/thrift/SentryClientInvocationHandler.java
deleted file mode 100644
index a41be7f..0000000
--- a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/service/thrift/SentryClientInvocationHandler.java
+++ /dev/null
@@ -1,54 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package org.apache.sentry.service.thrift;
-
-import java.lang.reflect.InvocationHandler;
-import java.lang.reflect.Method;
-
-/**
- * SentryClientInvocationHandler is the base interface for all the InvocationHandler in SENTRY
- */
-public abstract class SentryClientInvocationHandler implements InvocationHandler {
-
- /**
- * Close the InvocationHandler: An InvocationHandler may create some contexts,
- * these contexts should be close when the method "close()" of client be called.
- */
- @Override
- public final Object invoke(Object proxy, Method method, Object[] args) throws Exception {
- // close() doesn't throw exception we supress that in case of connection
- // loss. Changing SentryPolicyServiceClient#close() to throw an
- // exception would be a backward incompatible change for Sentry clients.
- if ("close".equals(method.getName()) && null == args) {
- close();
- return null;
- }
- return invokeImpl(proxy, method, args);
- }
-
- /**
- * Subclass should implement this method for special function
- */
- public abstract Object invokeImpl(Object proxy, Method method, Object[] args) throws Exception;
-
- /**
- * An abstract method "close", an invocationHandler should close its contexts at here.
- */
- public abstract void close();
-
-}
http://git-wip-us.apache.org/repos/asf/sentry/blob/01875092/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/service/thrift/SentryServiceClientFactory.java
----------------------------------------------------------------------
diff --git a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/service/thrift/SentryServiceClientFactory.java b/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/service/thrift/SentryServiceClientFactory.java
deleted file mode 100644
index 48ee66a..0000000
--- a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/service/thrift/SentryServiceClientFactory.java
+++ /dev/null
@@ -1,52 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-package org.apache.sentry.service.thrift;
-
-import java.lang.reflect.Proxy;
-
-import org.apache.hadoop.conf.Configuration;
-
-import org.apache.sentry.provider.db.service.thrift.SentryPolicyServiceClient;
-import org.apache.sentry.provider.db.service.thrift.SentryPolicyServiceClientDefaultImpl;
-import org.apache.sentry.service.thrift.ServiceConstants.ClientConfig;
-
-public final class SentryServiceClientFactory {
-
- private SentryServiceClientFactory() {
- }
-
- public static SentryPolicyServiceClient create(Configuration conf) throws Exception {
- boolean haEnabled = conf.getBoolean(ClientConfig.SERVER_HA_ENABLED, false);
- boolean pooled = conf.getBoolean(ClientConfig.SENTRY_POOL_ENABLED, false);
- if (pooled) {
- return (SentryPolicyServiceClient) Proxy
- .newProxyInstance(SentryPolicyServiceClientDefaultImpl.class.getClassLoader(),
- SentryPolicyServiceClientDefaultImpl.class.getInterfaces(),
- new PoolClientInvocationHandler(conf));
- } else if (haEnabled) {
- return (SentryPolicyServiceClient) Proxy
- .newProxyInstance(SentryPolicyServiceClientDefaultImpl.class.getClassLoader(),
- SentryPolicyServiceClientDefaultImpl.class.getInterfaces(),
- new HAClientInvocationHandler(conf));
- } else {
- return new SentryPolicyServiceClientDefaultImpl(conf);
- }
- }
-
-}
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/sentry/blob/01875092/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/service/thrift/SentryServiceClientPoolFactory.java
----------------------------------------------------------------------
diff --git a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/service/thrift/SentryServiceClientPoolFactory.java b/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/service/thrift/SentryServiceClientPoolFactory.java
deleted file mode 100644
index 3a38b24..0000000
--- a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/service/thrift/SentryServiceClientPoolFactory.java
+++ /dev/null
@@ -1,78 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-package org.apache.sentry.service.thrift;
-
-import java.lang.reflect.Proxy;
-
-import org.apache.commons.pool2.BasePooledObjectFactory;
-import org.apache.commons.pool2.PooledObject;
-import org.apache.commons.pool2.impl.DefaultPooledObject;
-import org.apache.hadoop.conf.Configuration;
-import org.apache.sentry.provider.db.service.thrift.SentryPolicyServiceClient;
-import org.apache.sentry.provider.db.service.thrift.SentryPolicyServiceClientDefaultImpl;
-import org.apache.sentry.service.thrift.ServiceConstants.ClientConfig;
-import org.slf4j.Logger;
-import org.slf4j.LoggerFactory;
-
-/**
- * SentryServiceClientPoolFactory is for connection pool to manage the object. Implement the related
- * method to create object, destroy object and wrap object.
- */
-
-public class SentryServiceClientPoolFactory extends BasePooledObjectFactory<SentryPolicyServiceClient> {
-
- private static final Logger LOGGER = LoggerFactory.getLogger(SentryServiceClientPoolFactory.class);
-
- private Configuration conf;
-
- public SentryServiceClientPoolFactory(Configuration conf) {
- this.conf = conf;
- }
-
- @Override
- public SentryPolicyServiceClient create() throws Exception {
- LOGGER.debug("Creating Sentry Service Client...");
- boolean haEnabled = conf.getBoolean(ClientConfig.SERVER_HA_ENABLED, false);
- if (haEnabled) {
- return (SentryPolicyServiceClient) Proxy
- .newProxyInstance(SentryPolicyServiceClientDefaultImpl.class.getClassLoader(),
- SentryPolicyServiceClientDefaultImpl.class.getInterfaces(),
- new HAClientInvocationHandler(conf));
- } else {
- return new SentryPolicyServiceClientDefaultImpl(conf);
- }
- }
-
- @Override
- public PooledObject<SentryPolicyServiceClient> wrap(SentryPolicyServiceClient client) {
- return new DefaultPooledObject<SentryPolicyServiceClient>(client);
- }
-
- @Override
- public void destroyObject(PooledObject<SentryPolicyServiceClient> pooledObject) {
- SentryPolicyServiceClient client = pooledObject.getObject();
- LOGGER.debug("Destroying Sentry Service Client: " + client);
- if (client != null) {
- // The close() of TSocket or TSaslClientTransport is called actually, and there has no
- // exception even there has some problems, eg, the client is closed already.
- // The close here is just try to close the socket and the client will be destroyed soon.
- client.close();
- }
- }
-}
http://git-wip-us.apache.org/repos/asf/sentry/blob/01875092/sentry-service/pom.xml
----------------------------------------------------------------------
diff --git a/sentry-service/pom.xml b/sentry-service/pom.xml
index ae42d0f..4bcb7f1 100644
--- a/sentry-service/pom.xml
+++ b/sentry-service/pom.xml
@@ -32,6 +32,7 @@ limitations under the License.
<modules>
<module>sentry-service-common</module>
<module>sentry-service-server</module>
+ <module>sentry-service-client</module>
</modules>
</project>
http://git-wip-us.apache.org/repos/asf/sentry/blob/01875092/sentry-service/sentry-service-client/pom.xml
----------------------------------------------------------------------
diff --git a/sentry-service/sentry-service-client/pom.xml b/sentry-service/sentry-service-client/pom.xml
new file mode 100644
index 0000000..614f0d3
--- /dev/null
+++ b/sentry-service/sentry-service-client/pom.xml
@@ -0,0 +1,61 @@
+<?xml version="1.0"?>
+<!--
+Licensed to the Apache Software Foundation (ASF) under one or more
+contributor license agreements. See the NOTICE file distributed with
+this work for additional information regarding copyright ownership.
+The ASF licenses this file to You under the Apache License, Version 2.0
+(the "License"); you may not use this file except in compliance with
+the License. You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+-->
+<project xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd" xmlns="http://maven.apache.org/POM/4.0.0"
+ xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
+ <modelVersion>4.0.0</modelVersion>
+ <parent>
+ <groupId>org.apache.sentry</groupId>
+ <artifactId>sentry-service</artifactId>
+ <version>1.8.0-SNAPSHOT</version>
+ </parent>
+
+ <artifactId>sentry-service-client</artifactId>
+ <name>Sentry Service Client</name>
+
+ <dependencies>
+ <dependency>
+ <groupId>org.apache.sentry</groupId>
+ <artifactId>sentry-service-common</artifactId>
+ </dependency>
+ <dependency>
+ <groupId>org.apache.hadoop</groupId>
+ <artifactId>hadoop-common</artifactId>
+ </dependency>
+ <dependency>
+ <groupId>org.apache.sentry</groupId>
+ <artifactId>sentry-core-model-kafka</artifactId>
+ </dependency>
+ <dependency>
+ <groupId>org.apache.sentry</groupId>
+ <artifactId>sentry-core-model-db</artifactId>
+ </dependency>
+ <dependency>
+ <groupId>org.apache.sentry</groupId>
+ <artifactId>sentry-core-model-search</artifactId>
+ </dependency>
+ <dependency>
+ <groupId>org.apache.sentry</groupId>
+ <artifactId>sentry-provider-file</artifactId>
+ </dependency>
+ <dependency>
+ <groupId>org.apache.commons</groupId>
+ <artifactId>commons-pool2</artifactId>
+ </dependency>
+ </dependencies>
+
+</project>
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/sentry/blob/01875092/sentry-service/sentry-service-client/src/main/java/org/apache/sentry/provider/db/generic/service/thrift/SentryGenericServiceClient.java
----------------------------------------------------------------------
diff --git a/sentry-service/sentry-service-client/src/main/java/org/apache/sentry/provider/db/generic/service/thrift/SentryGenericServiceClient.java b/sentry-service/sentry-service-client/src/main/java/org/apache/sentry/provider/db/generic/service/thrift/SentryGenericServiceClient.java
new file mode 100644
index 0000000..11cdee7
--- /dev/null
+++ b/sentry-service/sentry-service-client/src/main/java/org/apache/sentry/provider/db/generic/service/thrift/SentryGenericServiceClient.java
@@ -0,0 +1,196 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.sentry.provider.db.generic.service.thrift;
+
+import java.util.List;
+import java.util.Map;
+import java.util.Set;
+
+import org.apache.sentry.core.common.exception.SentryUserException;
+import org.apache.sentry.core.common.ActiveRoleSet;
+import org.apache.sentry.core.common.Authorizable;
+
+public interface SentryGenericServiceClient {
+
+ /**
+ * Create a sentry role
+ * @param requestorUserName: user on whose behalf the request is issued
+ * @param roleName: Name of the role
+ * @param component: The request is issued to which component
+ * @throws SentryUserException
+ */
+ void createRole(String requestorUserName, String roleName,
+ String component) throws SentryUserException;
+
+ void createRoleIfNotExist(String requestorUserName,
+ String roleName, String component) throws SentryUserException;
+
+ /**
+ * Drop a sentry role
+ * @param requestorUserName: user on whose behalf the request is issued
+ * @param roleName: Name of the role
+ * @param component: The request is issued to which component
+ * @throws SentryUserException
+ */
+ void dropRole(String requestorUserName, String roleName,
+ String component) throws SentryUserException;
+
+ void dropRoleIfExists(String requestorUserName, String roleName,
+ String component) throws SentryUserException;
+
+ /**
+ * add a sentry role to groups.
+ * @param requestorUserName: user on whose behalf the request is issued
+ * @param roleName: Name of the role
+ * @param component: The request is issued to which component
+ * @param groups: The name of groups
+ * @throws SentryUserException
+ */
+ void addRoleToGroups(String requestorUserName, String roleName,
+ String component, Set<String> groups) throws SentryUserException;
+
+ /**
+ * delete a sentry role from groups.
+ * @param requestorUserName: user on whose behalf the request is issued
+ * @param roleName: Name of the role
+ * @param component: The request is issued to which component
+ * @param groups: The name of groups
+ * @throws SentryUserException
+ */
+ void deleteRoleToGroups(String requestorUserName, String roleName,
+ String component, Set<String> groups) throws SentryUserException;
+
+ /**
+ * grant privilege
+ * @param requestorUserName: user on whose behalf the request is issued
+ * @param roleName: Name of the role
+ * @param component: The request is issued to which component
+ * @param privilege
+ * @throws SentryUserException
+ */
+ void grantPrivilege(String requestorUserName, String roleName,
+ String component, TSentryPrivilege privilege) throws SentryUserException;
+
+ /**
+ * revoke privilege
+ * @param requestorUserName: user on whose behalf the request is issued
+ * @param roleName: Name of the role
+ * @param component: The request is issued to which component
+ * @param privilege
+ * @throws SentryUserException
+ */
+ void revokePrivilege(String requestorUserName, String roleName,
+ String component, TSentryPrivilege privilege) throws SentryUserException;
+
+ /**
+ * drop privilege
+ * @param requestorUserName: user on whose behalf the request is issued
+ * @param component: The request is issued to which component
+ * @param privilege
+ * @throws SentryUserException
+ */
+ void dropPrivilege(String requestorUserName,String component,
+ TSentryPrivilege privilege) throws SentryUserException;
+
+ /**
+ * rename privilege
+ * @param requestorUserName: user on whose behalf the request is issued
+ * @param component: The request is issued to which component
+ * @param serviceName: The Authorizable belongs to which service
+ * @param oldAuthorizables
+ * @param newAuthorizables
+ * @throws SentryUserException
+ */
+ void renamePrivilege(String requestorUserName, String component,
+ String serviceName, List<? extends Authorizable> oldAuthorizables,
+ List<? extends Authorizable> newAuthorizables) throws SentryUserException;
+
+ /**
+ * Gets sentry role objects for a given groupName using the Sentry service
+ * @param requestorUserName : user on whose behalf the request is issued
+ * @param groupName : groupName to look up ( if null returns all roles for groups related to requestorUserName)
+ * @param component: The request is issued to which component
+ * @return Set of thrift sentry role objects
+ * @throws SentryUserException
+ */
+ Set<TSentryRole> listRolesByGroupName(
+ String requestorUserName,
+ String groupName,
+ String component)
+ throws SentryUserException;
+
+ Set<TSentryRole> listUserRoles(String requestorUserName, String component)
+ throws SentryUserException;
+
+ Set<TSentryRole> listAllRoles(String requestorUserName, String component)
+ throws SentryUserException;
+
+ /**
+ * Gets sentry privileges for a given roleName and Authorizable Hierarchy using the Sentry service
+ * @param requestorUserName: user on whose behalf the request is issued
+ * @param roleName:
+ * @param component: The request is issued to which component
+ * @param serviceName
+ * @param authorizables
+ * @return
+ * @throws SentryUserException
+ */
+ Set<TSentryPrivilege> listPrivilegesByRoleName(
+ String requestorUserName, String roleName, String component,
+ String serviceName, List<? extends Authorizable> authorizables)
+ throws SentryUserException;
+
+ Set<TSentryPrivilege> listPrivilegesByRoleName(
+ String requestorUserName, String roleName, String component,
+ String serviceName) throws SentryUserException;
+
+ /**
+ * get sentry permissions from provider as followings:
+ * @param: component: The request is issued to which component
+ * @param: serviceName: The privilege belongs to which service
+ * @param: roleSet
+ * @param: groupNames
+ * @param: the authorizables
+ * @returns the set of permissions
+ * @throws SentryUserException
+ */
+ Set<String> listPrivilegesForProvider(String component,
+ String serviceName, ActiveRoleSet roleSet, Set<String> groups,
+ List<? extends Authorizable> authorizables) throws SentryUserException;
+
+ /**
+ * Get sentry privileges based on valid active roles and the authorize objects. Note that
+ * it is client responsibility to ensure the requestor username, etc. is not impersonated.
+ *
+ * @param component: The request respond to which component.
+ * @param serviceName: The name of service.
+ * @param requestorUserName: The requestor user name.
+ * @param authorizablesSet: The set of authorize objects. One authorize object is represented
+ * as a string. e.g resourceType1=resourceName1->resourceType2=resourceName2->resourceType3=resourceName3.
+ * @param groups: The requested groups.
+ * @param roleSet: The active roles set.
+ *
+ * @returns The mapping of authorize objects and TSentryPrivilegeMap(<role, set<privileges>).
+ * @throws SentryUserException
+ */
+ Map<String, TSentryPrivilegeMap> listPrivilegsbyAuthorizable(String component,
+ String serviceName, String requestorUserName, Set<String> authorizablesSet,
+ Set<String> groups, ActiveRoleSet roleSet) throws SentryUserException;
+
+ void close();
+}