SENTRY-1168 - Fix some "major" issues identified by Sonarqube Colm O hEigeartaigh (Reviewed by: Anne Yu)
Project: http://git-wip-us.apache.org/repos/asf/sentry/repo Commit: http://git-wip-us.apache.org/repos/asf/sentry/commit/36cb81a8 Tree: http://git-wip-us.apache.org/repos/asf/sentry/tree/36cb81a8 Diff: http://git-wip-us.apache.org/repos/asf/sentry/diff/36cb81a8 Branch: refs/heads/master Commit: 36cb81a8e83b0d9e0e6a2e5e2b242bce6a41f880 Parents: eceaaf8 Author: Colm O hEigeartaigh <[email protected]> Authored: Mon May 16 17:21:23 2016 +0100 Committer: Colm O hEigeartaigh <[email protected]> Committed: Mon May 16 17:21:23 2016 +0100 ---------------------------------------------------------------------- .../apache/hadoop/hive/SentryHiveConstants.java | 6 +- .../hive/ql/exec/SentryFilterDDLTask.java | 10 ++- .../hive/SentryPolicyFileFormatFactory.java | 4 + .../binding/hive/authz/HiveAuthzBinding.java | 5 +- .../binding/hive/authz/SentryConfigTool.java | 22 +++--- .../hive/ql/exec/SentryGrantRevokeTask.java | 2 +- .../SentryHiveAuthorizationTaskFactoryImpl.java | 8 +- .../hive/authz/HiveAuthzPrivilegesMap.java | 4 + .../metastore/AuthorizingObjectStore.java | 4 +- .../metastore/MetastoreAuthzBinding.java | 4 +- .../apache/sentry/sqoop/SentrySqoopError.java | 6 +- .../binding/SqoopAuthBindingSingleton.java | 12 +-- .../main/java/org/apache/sentry/SentryMain.java | 5 ++ .../org/apache/sentry/SentryUserException.java | 2 +- .../org/apache/sentry/SentryVersionInfo.java | 4 + .../sentry/core/common/utils/PathUtils.java | 8 +- .../core/common/utils/PolicyFileConstants.java | 4 + .../sentry/core/model/db/AccessConstants.java | 6 +- .../core/model/db/DBModelAuthorizables.java | 4 + .../core/model/indexer/IndexerConstants.java | 5 +- .../indexer/IndexerModelAuthorizables.java | 4 + .../core/model/search/SearchConstants.java | 6 +- .../model/search/SearchModelAuthorizables.java | 4 + .../org/apache/sentry/core/model/sqoop/Job.java | 2 +- .../apache/sentry/core/model/sqoop/Link.java | 2 +- .../apache/sentry/core/model/sqoop/Server.java | 2 +- .../core/model/sqoop/SqoopActionConstant.java | 6 +- .../model/sqoop/SqoopModelAuthorizables.java | 5 ++ .../java/org/apache/sentry/hdfs/HMSPaths.java | 21 +++--- .../org/apache/sentry/hdfs/HMSPathsDumper.java | 14 ++-- .../org/apache/sentry/hdfs/PathsUpdate.java | 2 +- .../apache/sentry/hdfs/PermissionsUpdate.java | 10 +-- .../hdfs/SentryHDFSServiceClientFactory.java | 5 ++ .../apache/sentry/hdfs/ServiceConstants.java | 12 +-- .../apache/sentry/hdfs/ThriftSerializer.java | 3 + .../sentry/hdfs/UpdateableAuthzPaths.java | 3 +- .../server/namenode/AuthorizationProvider.java | 2 +- .../hdfs/SentryAuthorizationConstants.java | 6 +- .../sentry/hdfs/SentryAuthorizationInfo.java | 31 ++++---- .../hdfs/SentryAuthorizationProvider.java | 44 ++++++----- .../org/apache/sentry/hdfs/SentryUpdater.java | 2 +- .../sentry/hdfs/UpdateableAuthzPermissions.java | 6 +- .../sentry/hdfs/MetastoreCacheInitializer.java | 4 +- .../org/apache/sentry/hdfs/MetastorePlugin.java | 22 +++--- .../sentry/hdfs/SentryHdfsMetricsUtil.java | 4 + .../sentry/policy/common/PrivilegeUtils.java | 4 + .../provider/common/AuthorizationComponent.java | 4 + .../provider/common/ProviderBackendContext.java | 5 +- .../service/persistent/DelegateSentryStore.java | 38 +++++----- .../service/persistent/PrivilegeObject.java | 2 +- .../thrift/NotificationHandlerInvoker.java | 2 +- .../thrift/SentryGenericPolicyProcessor.java | 20 ++--- .../SentryGenericServiceClientFactory.java | 2 +- .../log/appender/AuditLoggerTestAppender.java | 2 +- .../db/log/entity/AuditMetadataLogEntity.java | 20 ++--- .../db/log/entity/DBAuditMetadataLogEntity.java | 18 ++--- .../db/log/entity/GMAuditMetadataLogEntity.java | 20 ++--- .../db/log/entity/JsonLogEntityFactory.java | 4 +- .../provider/db/log/util/CommandUtil.java | 6 +- .../sentry/provider/db/log/util/Constants.java | 7 +- .../db/service/model/MSentryGMPrivilege.java | 8 +- .../db/service/persistent/HAContext.java | 10 +-- .../db/service/persistent/SentryStore.java | 77 ++++++++++---------- .../persistent/SentryStoreSchemaInfo.java | 17 +++-- .../db/service/thrift/PolicyStoreConstants.java | 6 +- .../db/service/thrift/SentryAuthFilter.java | 9 ++- .../db/service/thrift/SentryMetrics.java | 10 +-- .../thrift/SentryPolicyStoreProcessor.java | 14 ++-- .../db/service/thrift/SentryWebServer.java | 4 +- .../provider/db/service/thrift/ThriftUtil.java | 6 +- .../provider/db/tools/SentrySchemaHelper.java | 26 +++---- .../provider/db/tools/SentrySchemaTool.java | 53 +++++++------- .../db/tools/command/hive/CommandUtil.java | 6 +- .../hive/RevokePrivilegeFromRoleCmd.java | 2 +- .../service/thrift/JaasConfiguration.java | 2 +- .../thrift/PoolClientInvocationHandler.java | 4 +- .../sentry/service/thrift/SentryService.java | 18 ++--- .../thrift/SentryServiceClientFactory.java | 2 +- .../service/thrift/SentryServiceFactory.java | 3 +- .../service/thrift/SentryServiceUtil.java | 7 +- .../sentry/service/thrift/ServiceConstants.java | 8 +- .../apache/sentry/provider/file/PolicyFile.java | 8 +- .../sentry/provider/file/PolicyFiles.java | 5 +- .../SentryIndexAuthorizationSingleton.java | 27 +++---- .../solr/handler/admin/SecureAdminHandlers.java | 4 +- .../QueryDocAuthorizationComponent.java | 16 ++-- .../component/SecureRealTimeGetComponent.java | 10 +-- .../metastore/SentryPolicyProviderForDb.java | 4 +- 88 files changed, 489 insertions(+), 378 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/sentry/blob/36cb81a8/sentry-binding/sentry-binding-hive-common/src/main/java/org/apache/hadoop/hive/SentryHiveConstants.java ---------------------------------------------------------------------- diff --git a/sentry-binding/sentry-binding-hive-common/src/main/java/org/apache/hadoop/hive/SentryHiveConstants.java b/sentry-binding/sentry-binding-hive-common/src/main/java/org/apache/hadoop/hive/SentryHiveConstants.java index 5238414..38d1f46 100644 --- a/sentry-binding/sentry-binding-hive-common/src/main/java/org/apache/hadoop/hive/SentryHiveConstants.java +++ b/sentry-binding/sentry-binding-hive-common/src/main/java/org/apache/hadoop/hive/SentryHiveConstants.java @@ -21,11 +21,15 @@ import java.util.EnumSet; import org.apache.hadoop.hive.ql.security.authorization.PrivilegeType; -public class SentryHiveConstants { +public final class SentryHiveConstants { public static final EnumSet<PrivilegeType> ALLOWED_PRIVS = EnumSet.allOf(PrivilegeType.class); public static final String PRIVILEGE_NOT_SUPPORTED = "Sentry does not support privilege: "; public static final String PARTITION_PRIVS_NOT_SUPPORTED = "Sentry does not support partition level authorization"; public static final String GRANT_REVOKE_NOT_SUPPORTED_ON_OBJECT = "Sentry does not allow grant/revoke on: "; public static final String GRANT_REVOKE_NOT_SUPPORTED_FOR_PRINCIPAL = "Sentry does not allow privileges to be granted/revoked to/from: "; + + private SentryHiveConstants() { + // Make constructor private to avoid instantiation + } } http://git-wip-us.apache.org/repos/asf/sentry/blob/36cb81a8/sentry-binding/sentry-binding-hive-common/src/main/java/org/apache/hadoop/hive/ql/exec/SentryFilterDDLTask.java ---------------------------------------------------------------------- diff --git a/sentry-binding/sentry-binding-hive-common/src/main/java/org/apache/hadoop/hive/ql/exec/SentryFilterDDLTask.java b/sentry-binding/sentry-binding-hive-common/src/main/java/org/apache/hadoop/hive/ql/exec/SentryFilterDDLTask.java index f3799ca..e257360 100644 --- a/sentry-binding/sentry-binding-hive-common/src/main/java/org/apache/hadoop/hive/ql/exec/SentryFilterDDLTask.java +++ b/sentry-binding/sentry-binding-hive-common/src/main/java/org/apache/hadoop/hive/ql/exec/SentryFilterDDLTask.java @@ -91,11 +91,13 @@ public class SentryFilterDDLTask extends DDLTask { } private void failed(Throwable e) { - while (e.getCause() != null && e.getClass() == RuntimeException.class) { - e = e.getCause(); + // Get the cause of the exception if available + Throwable error = e; + while (error.getCause() != null && error.getClass() == RuntimeException.class) { + error = error.getCause(); } - setException(e); - LOG.error(stringifyException(e)); + setException(error); + LOG.error(stringifyException(error)); } /** http://git-wip-us.apache.org/repos/asf/sentry/blob/36cb81a8/sentry-binding/sentry-binding-hive-common/src/main/java/org/apache/sentry/binding/hive/SentryPolicyFileFormatFactory.java ---------------------------------------------------------------------- diff --git a/sentry-binding/sentry-binding-hive-common/src/main/java/org/apache/sentry/binding/hive/SentryPolicyFileFormatFactory.java b/sentry-binding/sentry-binding-hive-common/src/main/java/org/apache/sentry/binding/hive/SentryPolicyFileFormatFactory.java index d2c6072..7f279ed 100644 --- a/sentry-binding/sentry-binding-hive-common/src/main/java/org/apache/sentry/binding/hive/SentryPolicyFileFormatFactory.java +++ b/sentry-binding/sentry-binding-hive-common/src/main/java/org/apache/sentry/binding/hive/SentryPolicyFileFormatFactory.java @@ -41,4 +41,8 @@ public class SentryPolicyFileFormatFactory { .newInstance(); return sentryPolicyFileFormatter; } + + private SentryPolicyFileFormatFactory() { + // Make constructor private to avoid instantiation + } } http://git-wip-us.apache.org/repos/asf/sentry/blob/36cb81a8/sentry-binding/sentry-binding-hive-common/src/main/java/org/apache/sentry/binding/hive/authz/HiveAuthzBinding.java ---------------------------------------------------------------------- diff --git a/sentry-binding/sentry-binding-hive-common/src/main/java/org/apache/sentry/binding/hive/authz/HiveAuthzBinding.java b/sentry-binding/sentry-binding-hive-common/src/main/java/org/apache/sentry/binding/hive/authz/HiveAuthzBinding.java index 775a1f5..b2b3be8 100644 --- a/sentry-binding/sentry-binding-hive-common/src/main/java/org/apache/sentry/binding/hive/authz/HiveAuthzBinding.java +++ b/sentry-binding/sentry-binding-hive-common/src/main/java/org/apache/sentry/binding/hive/authz/HiveAuthzBinding.java @@ -357,11 +357,12 @@ public class HiveAuthzBinding { found = false; } - for(AuthorizableType key: requiredOutputPrivileges.keySet()) { + for (Map.Entry<AuthorizableType, EnumSet<DBModelAction>> entry : requiredOutputPrivileges.entrySet()) { + AuthorizableType key = entry.getKey(); for (List<DBModelAuthorizable> outputHierarchy : outputHierarchyList) { if (getAuthzType(outputHierarchy).equals(key)) { found = true; - if (!authProvider.hasAccess(subject, outputHierarchy, requiredOutputPrivileges.get(key), activeRoleSet)) { + if (!authProvider.hasAccess(subject, outputHierarchy, entry.getValue(), activeRoleSet)) { throw new AuthorizationException("User " + subject.getName() + " does not have privileges for " + hiveOp.name()); } http://git-wip-us.apache.org/repos/asf/sentry/blob/36cb81a8/sentry-binding/sentry-binding-hive-common/src/main/java/org/apache/sentry/binding/hive/authz/SentryConfigTool.java ---------------------------------------------------------------------- diff --git a/sentry-binding/sentry-binding-hive-common/src/main/java/org/apache/sentry/binding/hive/authz/SentryConfigTool.java b/sentry-binding/sentry-binding-hive-common/src/main/java/org/apache/sentry/binding/hive/authz/SentryConfigTool.java index 4ef86e6..694974e 100644 --- a/sentry-binding/sentry-binding-hive-common/src/main/java/org/apache/sentry/binding/hive/authz/SentryConfigTool.java +++ b/sentry-binding/sentry-binding-hive-common/src/main/java/org/apache/sentry/binding/hive/authz/SentryConfigTool.java @@ -259,16 +259,15 @@ public class SentryConfigTool { String serverName = new Server(getAuthzConf().get( AuthzConfVars.AUTHZ_SERVER_NAME.getVar())).getName(); // get the configured sentry provider - AuthorizationProvider sentryProvider = null; try { - sentryProvider = HiveAuthzBinding.getAuthProvider(getHiveConf(), + return HiveAuthzBinding.getAuthProvider(getHiveConf(), authzConf, serverName); } catch (SentryConfigurationException eC) { printConfigErrors(eC); + throw eC; } catch (Exception e) { throw new IllegalStateException("Couldn't load sentry provider ", e); } - return sentryProvider; } // validate policy files @@ -277,6 +276,7 @@ public class SentryConfigTool { getSentryProvider().validateResource(true); } catch (SentryConfigurationException e) { printConfigErrors(e); + throw e; } System.out.println("No errors found in the policy file"); } @@ -395,14 +395,15 @@ public class SentryConfigTool { // read a config value using 'set' statement private String readConfig(Statement stmt, String configKey) throws SQLException { - ResultSet res = stmt.executeQuery("set " + configKey); - if (!res.next()) { - return null; + try (ResultSet res = stmt.executeQuery("set " + configKey)) { + if (!res.next()) { + return null; + } + // parse key=value result format + String result = res.getString(1); + res.close(); + return result.substring(result.indexOf("=") + 1); } - // parse key=value result format - String result = res.getString(1); - res.close(); - return result.substring(result.indexOf("=") + 1); } // print configuration/policy file errors and warnings @@ -415,7 +416,6 @@ public class SentryConfigTool { for (String warnMsg : configException.getConfigWarnings()) { System.out.println("Warning: " + warnMsg); } - throw configException; } // extract the authorization errors from config property and print http://git-wip-us.apache.org/repos/asf/sentry/blob/36cb81a8/sentry-binding/sentry-binding-hive/src/main/java/org/apache/hadoop/hive/ql/exec/SentryGrantRevokeTask.java ---------------------------------------------------------------------- diff --git a/sentry-binding/sentry-binding-hive/src/main/java/org/apache/hadoop/hive/ql/exec/SentryGrantRevokeTask.java b/sentry-binding/sentry-binding-hive/src/main/java/org/apache/hadoop/hive/ql/exec/SentryGrantRevokeTask.java index 217b7b3..dacf839 100644 --- a/sentry-binding/sentry-binding-hive/src/main/java/org/apache/hadoop/hive/ql/exec/SentryGrantRevokeTask.java +++ b/sentry-binding/sentry-binding-hive/src/main/java/org/apache/hadoop/hive/ql/exec/SentryGrantRevokeTask.java @@ -360,7 +360,7 @@ public class SentryGrantRevokeTask extends Task<DDLWork> implements Serializable try { authorizableHeirarchy.add(new AccessURI(PathUtils.parseDFSURI(warehouseDir, uriPath))); } catch(URISyntaxException e) { - throw new HiveException(e.getMessage()); + throw new HiveException(e.getMessage(), e); } } else { dbName = privSubjectDesc.getObject(); http://git-wip-us.apache.org/repos/asf/sentry/blob/36cb81a8/sentry-binding/sentry-binding-hive/src/main/java/org/apache/sentry/binding/hive/SentryHiveAuthorizationTaskFactoryImpl.java ---------------------------------------------------------------------- diff --git a/sentry-binding/sentry-binding-hive/src/main/java/org/apache/sentry/binding/hive/SentryHiveAuthorizationTaskFactoryImpl.java b/sentry-binding/sentry-binding-hive/src/main/java/org/apache/sentry/binding/hive/SentryHiveAuthorizationTaskFactoryImpl.java index 0d1db89..25531af 100644 --- a/sentry-binding/sentry-binding-hive/src/main/java/org/apache/sentry/binding/hive/SentryHiveAuthorizationTaskFactoryImpl.java +++ b/sentry-binding/sentry-binding-hive/src/main/java/org/apache/sentry/binding/hive/SentryHiveAuthorizationTaskFactoryImpl.java @@ -90,7 +90,7 @@ public class SentryHiveAuthorizationTaskFactoryImpl implements HiveAuthorization public Task<? extends Serializable> createShowRoleGrantTask(ASTNode ast, Path resultFile, HashSet<ReadEntity> inputs, HashSet<WriteEntity> outputs) throws SemanticException { ASTNode child = (ASTNode) ast.getChild(0); - PrincipalType principalType = PrincipalType.USER; + PrincipalType principalType = null; switch (child.getType()) { case HiveParser.TOK_USER: principalType = PrincipalType.USER; @@ -101,6 +101,8 @@ public class SentryHiveAuthorizationTaskFactoryImpl implements HiveAuthorization case HiveParser.TOK_ROLE: principalType = PrincipalType.ROLE; break; + default: + principalType = PrincipalType.USER; } if (principalType != PrincipalType.GROUP && principalType != PrincipalType.USER) { String msg = SentryHiveConstants.GRANT_REVOKE_NOT_SUPPORTED_FOR_PRINCIPAL + principalType; @@ -186,7 +188,7 @@ public class SentryHiveAuthorizationTaskFactoryImpl implements HiveAuthorization SentryHivePrivilegeObjectDesc privHiveObj = null; ASTNode principal = (ASTNode) ast.getChild(0); - PrincipalType type = PrincipalType.USER; + PrincipalType type = null; switch (principal.getType()) { case HiveParser.TOK_USER: type = PrincipalType.USER; @@ -197,6 +199,8 @@ public class SentryHiveAuthorizationTaskFactoryImpl implements HiveAuthorization case HiveParser.TOK_ROLE: type = PrincipalType.ROLE; break; + default: + type = PrincipalType.USER; } if (type != PrincipalType.ROLE) { String msg = SentryHiveConstants.GRANT_REVOKE_NOT_SUPPORTED_FOR_PRINCIPAL + type; http://git-wip-us.apache.org/repos/asf/sentry/blob/36cb81a8/sentry-binding/sentry-binding-hive/src/main/java/org/apache/sentry/binding/hive/authz/HiveAuthzPrivilegesMap.java ---------------------------------------------------------------------- diff --git a/sentry-binding/sentry-binding-hive/src/main/java/org/apache/sentry/binding/hive/authz/HiveAuthzPrivilegesMap.java b/sentry-binding/sentry-binding-hive/src/main/java/org/apache/sentry/binding/hive/authz/HiveAuthzPrivilegesMap.java index 8e70492..fe6f18e 100644 --- a/sentry-binding/sentry-binding-hive/src/main/java/org/apache/sentry/binding/hive/authz/HiveAuthzPrivilegesMap.java +++ b/sentry-binding/sentry-binding-hive/src/main/java/org/apache/sentry/binding/hive/authz/HiveAuthzPrivilegesMap.java @@ -301,4 +301,8 @@ public class HiveAuthzPrivilegesMap { public static HiveAuthzPrivileges getHiveAuthzPrivileges(HiveOperation hiveStmtOp) { return hiveAuthzStmtPrivMap.get(hiveStmtOp); } + + private HiveAuthzPrivilegesMap() { + // Make constructor private to avoid instantiation + } } http://git-wip-us.apache.org/repos/asf/sentry/blob/36cb81a8/sentry-binding/sentry-binding-hive/src/main/java/org/apache/sentry/binding/metastore/AuthorizingObjectStore.java ---------------------------------------------------------------------- diff --git a/sentry-binding/sentry-binding-hive/src/main/java/org/apache/sentry/binding/metastore/AuthorizingObjectStore.java b/sentry-binding/sentry-binding-hive/src/main/java/org/apache/sentry/binding/metastore/AuthorizingObjectStore.java index 9e08571..b2377d8 100644 --- a/sentry-binding/sentry-binding-hive/src/main/java/org/apache/sentry/binding/metastore/AuthorizingObjectStore.java +++ b/sentry-binding/sentry-binding-hive/src/main/java/org/apache/sentry/binding/metastore/AuthorizingObjectStore.java @@ -65,8 +65,8 @@ public class AuthorizingObjectStore extends ObjectStore { private static HiveConf hiveConf; private static HiveAuthzConf authzConf; private static HiveAuthzBinding hiveAuthzBinding; - private static String NO_ACCESS_MESSAGE_TABLE = "Table does not exist or insufficient privileges to access: "; - private static String NO_ACCESS_MESSAGE_DATABASE = "Database does not exist or insufficient privileges to access: "; + private static final String NO_ACCESS_MESSAGE_TABLE = "Table does not exist or insufficient privileges to access: "; + private static final String NO_ACCESS_MESSAGE_DATABASE = "Database does not exist or insufficient privileges to access: "; @Override public List<String> getDatabases(String pattern) throws MetaException { http://git-wip-us.apache.org/repos/asf/sentry/blob/36cb81a8/sentry-binding/sentry-binding-hive/src/main/java/org/apache/sentry/binding/metastore/MetastoreAuthzBinding.java ---------------------------------------------------------------------- diff --git a/sentry-binding/sentry-binding-hive/src/main/java/org/apache/sentry/binding/metastore/MetastoreAuthzBinding.java b/sentry-binding/sentry-binding-hive/src/main/java/org/apache/sentry/binding/metastore/MetastoreAuthzBinding.java index d741c44..9805635 100644 --- a/sentry-binding/sentry-binding-hive/src/main/java/org/apache/sentry/binding/metastore/MetastoreAuthzBinding.java +++ b/sentry-binding/sentry-binding-hive/src/main/java/org/apache/sentry/binding/metastore/MetastoreAuthzBinding.java @@ -27,7 +27,6 @@ import org.apache.hadoop.hive.metastore.api.InvalidOperationException; import org.apache.hadoop.hive.ql.metadata.AuthorizationException; import org.apache.hadoop.hive.ql.plan.HiveOperation; import org.apache.sentry.SentryUserException; -import org.apache.sentry.binding.hive.authz.HiveAuthzBinding; import org.apache.sentry.binding.hive.authz.HiveAuthzPrivilegesMap; import org.apache.sentry.core.common.Subject; import org.apache.sentry.core.model.db.DBModelAuthorizable; @@ -56,8 +55,7 @@ public class MetastoreAuthzBinding extends MetastoreAuthzBindingBase { "Metastore/Sentry cache is out of sync")); } try { - HiveAuthzBinding hiveAuthzBinding = getHiveAuthzBinding(); - hiveAuthzBinding.authorize(hiveOp, HiveAuthzPrivilegesMap + getHiveAuthzBinding().authorize(hiveOp, HiveAuthzPrivilegesMap .getHiveAuthzPrivileges(hiveOp), new Subject(getUserName()), inputHierarchy, outputHierarchy); } catch (AuthorizationException e1) { http://git-wip-us.apache.org/repos/asf/sentry/blob/36cb81a8/sentry-binding/sentry-binding-sqoop/src/main/java/org/apache/sentry/sqoop/SentrySqoopError.java ---------------------------------------------------------------------- diff --git a/sentry-binding/sentry-binding-sqoop/src/main/java/org/apache/sentry/sqoop/SentrySqoopError.java b/sentry-binding/sentry-binding-sqoop/src/main/java/org/apache/sentry/sqoop/SentrySqoopError.java index b86c59f..41bd6fc 100644 --- a/sentry-binding/sentry-binding-sqoop/src/main/java/org/apache/sentry/sqoop/SentrySqoopError.java +++ b/sentry-binding/sentry-binding-sqoop/src/main/java/org/apache/sentry/sqoop/SentrySqoopError.java @@ -16,7 +16,7 @@ */ package org.apache.sentry.sqoop; -public class SentrySqoopError { +public final class SentrySqoopError { public static final String SHOW_GRANT_NOT_SUPPORTED_FOR_PRINCIPAL = "Sentry does only support show roles on group, not supported on "; public static final String AUTHORIZE_CHECK_NOT_SUPPORT_FOR_PRINCIPAL = @@ -29,4 +29,8 @@ public class SentrySqoopError { "Sentry does only support grant/revoke role to/from group, not supported on "; public static final String NOT_IMPLEMENT_YET = "Sentry does not implement yet "; + + private SentrySqoopError() { + // Make constructor private to avoid instantiation + } } http://git-wip-us.apache.org/repos/asf/sentry/blob/36cb81a8/sentry-binding/sentry-binding-sqoop/src/main/java/org/apache/sentry/sqoop/binding/SqoopAuthBindingSingleton.java ---------------------------------------------------------------------- diff --git a/sentry-binding/sentry-binding-sqoop/src/main/java/org/apache/sentry/sqoop/binding/SqoopAuthBindingSingleton.java b/sentry-binding/sentry-binding-sqoop/src/main/java/org/apache/sentry/sqoop/binding/SqoopAuthBindingSingleton.java index 39e001f..eae85ce 100644 --- a/sentry-binding/sentry-binding-sqoop/src/main/java/org/apache/sentry/sqoop/binding/SqoopAuthBindingSingleton.java +++ b/sentry-binding/sentry-binding-sqoop/src/main/java/org/apache/sentry/sqoop/binding/SqoopAuthBindingSingleton.java @@ -28,7 +28,7 @@ import org.slf4j.LoggerFactory; import com.google.common.base.Strings; -public class SqoopAuthBindingSingleton { +public final class SqoopAuthBindingSingleton { private static Logger log = LoggerFactory.getLogger(SqoopAuthBindingSingleton.class); // Lazy init holder class idiom to avoid DTL @@ -57,19 +57,19 @@ public class SqoopAuthBindingSingleton { } private SqoopAuthConf loadAuthzConf() { - String sentry_site = SqoopConfiguration.getInstance().getContext() + String sentrySite = SqoopConfiguration.getInstance().getContext() .getString(SqoopAuthConf.SENTRY_SQOOP_SITE_URL); - if (Strings.isNullOrEmpty(sentry_site)) { + if (Strings.isNullOrEmpty(sentrySite)) { throw new IllegalArgumentException("Configuration key " + SqoopAuthConf.SENTRY_SQOOP_SITE_URL - + " value '" + sentry_site + "' is invalid."); + + " value '" + sentrySite + "' is invalid."); } SqoopAuthConf sqoopAuthConf = null; try { - sqoopAuthConf = new SqoopAuthConf(new URL(sentry_site)); + sqoopAuthConf = new SqoopAuthConf(new URL(sentrySite)); } catch (MalformedURLException e) { throw new IllegalArgumentException("Configuration key " + SqoopAuthConf.SENTRY_SQOOP_SITE_URL - + " specifies a malformed URL '" + sentry_site + "'", e); + + " specifies a malformed URL '" + sentrySite + "'", e); } return sqoopAuthConf; } http://git-wip-us.apache.org/repos/asf/sentry/blob/36cb81a8/sentry-core/sentry-core-common/src/main/java/org/apache/sentry/SentryMain.java ---------------------------------------------------------------------- diff --git a/sentry-core/sentry-core-common/src/main/java/org/apache/sentry/SentryMain.java b/sentry-core/sentry-core-common/src/main/java/org/apache/sentry/SentryMain.java index 1ccf7de..d321531 100644 --- a/sentry-core/sentry-core-common/src/main/java/org/apache/sentry/SentryMain.java +++ b/sentry-core/sentry-core-common/src/main/java/org/apache/sentry/SentryMain.java @@ -45,6 +45,11 @@ public class SentryMain { .put("schema-tool", "org.apache.sentry.provider.db.tools.SentrySchemaTool$CommandImpl") .build(); + + private SentryMain() { + // Make constructor private to avoid instantiation + } + public static void main(String[] args) throws Exception { CommandLineParser parser = new GnuParser(); http://git-wip-us.apache.org/repos/asf/sentry/blob/36cb81a8/sentry-core/sentry-core-common/src/main/java/org/apache/sentry/SentryUserException.java ---------------------------------------------------------------------- diff --git a/sentry-core/sentry-core-common/src/main/java/org/apache/sentry/SentryUserException.java b/sentry-core/sentry-core-common/src/main/java/org/apache/sentry/SentryUserException.java index 9a8f85d..3745f11 100644 --- a/sentry-core/sentry-core-common/src/main/java/org/apache/sentry/SentryUserException.java +++ b/sentry-core/sentry-core-common/src/main/java/org/apache/sentry/SentryUserException.java @@ -19,7 +19,7 @@ package org.apache.sentry; public class SentryUserException extends Exception{ private static final long serialVersionUID = 2329620558380655835L; - protected String reason; + private String reason; public SentryUserException(String msg) { super(msg); } http://git-wip-us.apache.org/repos/asf/sentry/blob/36cb81a8/sentry-core/sentry-core-common/src/main/java/org/apache/sentry/SentryVersionInfo.java ---------------------------------------------------------------------- diff --git a/sentry-core/sentry-core-common/src/main/java/org/apache/sentry/SentryVersionInfo.java b/sentry-core/sentry-core-common/src/main/java/org/apache/sentry/SentryVersionInfo.java index 53fe3af..de77dc3 100644 --- a/sentry-core/sentry-core-common/src/main/java/org/apache/sentry/SentryVersionInfo.java +++ b/sentry-core/sentry-core-common/src/main/java/org/apache/sentry/SentryVersionInfo.java @@ -106,4 +106,8 @@ public class SentryVersionInfo { System.out.println("Compiled by " + getUser() + " on " + getDate()); System.out.println("From source with checksum " + getSrcChecksum()); } + + private SentryVersionInfo() { + // Make constructor private to avoid instantiation + } } http://git-wip-us.apache.org/repos/asf/sentry/blob/36cb81a8/sentry-core/sentry-core-common/src/main/java/org/apache/sentry/core/common/utils/PathUtils.java ---------------------------------------------------------------------- diff --git a/sentry-core/sentry-core-common/src/main/java/org/apache/sentry/core/common/utils/PathUtils.java b/sentry-core/sentry-core-common/src/main/java/org/apache/sentry/core/common/utils/PathUtils.java index d024032..3b9336c 100644 --- a/sentry-core/sentry-core-common/src/main/java/org/apache/sentry/core/common/utils/PathUtils.java +++ b/sentry-core/sentry-core-common/src/main/java/org/apache/sentry/core/common/utils/PathUtils.java @@ -34,10 +34,14 @@ import com.google.common.base.Strings; public class PathUtils { private static final Logger LOGGER = LoggerFactory.getLogger(PathUtils.class); - private static String LOCAL_FILE_SCHEMA = "file"; - private static String AUTHORITY_PREFIX = "://"; + private static final String LOCAL_FILE_SCHEMA = "file"; + private static final String AUTHORITY_PREFIX = "://"; private static final Configuration CONF = new Configuration(); + private PathUtils() { + // Make constructor private to avoid instantiation + } + @VisibleForTesting public static Configuration getConfiguration() { return CONF; http://git-wip-us.apache.org/repos/asf/sentry/blob/36cb81a8/sentry-core/sentry-core-common/src/main/java/org/apache/sentry/core/common/utils/PolicyFileConstants.java ---------------------------------------------------------------------- diff --git a/sentry-core/sentry-core-common/src/main/java/org/apache/sentry/core/common/utils/PolicyFileConstants.java b/sentry-core/sentry-core-common/src/main/java/org/apache/sentry/core/common/utils/PolicyFileConstants.java index 1a5f60e..6b625ff 100644 --- a/sentry-core/sentry-core-common/src/main/java/org/apache/sentry/core/common/utils/PolicyFileConstants.java +++ b/sentry-core/sentry-core-common/src/main/java/org/apache/sentry/core/common/utils/PolicyFileConstants.java @@ -29,4 +29,8 @@ public class PolicyFileConstants { public static final String PRIVILEGE_URI_NAME = "uri"; public static final String PRIVILEGE_ACTION_NAME = "action"; public static final String PRIVILEGE_GRANT_OPTION_NAME = "grantoption"; + + private PolicyFileConstants() { + // Make constructor private to avoid instantiation + } } http://git-wip-us.apache.org/repos/asf/sentry/blob/36cb81a8/sentry-core/sentry-core-model-db/src/main/java/org/apache/sentry/core/model/db/AccessConstants.java ---------------------------------------------------------------------- diff --git a/sentry-core/sentry-core-model-db/src/main/java/org/apache/sentry/core/model/db/AccessConstants.java b/sentry-core/sentry-core-model-db/src/main/java/org/apache/sentry/core/model/db/AccessConstants.java index 99cefb7..a8e8bb1 100644 --- a/sentry-core/sentry-core-model-db/src/main/java/org/apache/sentry/core/model/db/AccessConstants.java +++ b/sentry-core/sentry-core-model-db/src/main/java/org/apache/sentry/core/model/db/AccessConstants.java @@ -18,7 +18,7 @@ package org.apache.sentry.core.model.db; import com.google.common.collect.ImmutableSet; -public class AccessConstants { +public final class AccessConstants { /** * Used as the "name" for a Server, Database, Table object which @@ -41,4 +41,8 @@ public class AccessConstants { SUPERUSER_ROLE = "SUPERUSER", PUBLIC_ROLE = "PUBLIC"; public static final ImmutableSet<String> RESERVED_ROLE_NAMES = ImmutableSet.of(ALL_ROLE, DEFAULT_ROLE, NONE_ROLE, SUPERUSER_ROLE, PUBLIC_ROLE); + + private AccessConstants() { + // Make constructor private to avoid instantiation + } } http://git-wip-us.apache.org/repos/asf/sentry/blob/36cb81a8/sentry-core/sentry-core-model-db/src/main/java/org/apache/sentry/core/model/db/DBModelAuthorizables.java ---------------------------------------------------------------------- diff --git a/sentry-core/sentry-core-model-db/src/main/java/org/apache/sentry/core/model/db/DBModelAuthorizables.java b/sentry-core/sentry-core-model-db/src/main/java/org/apache/sentry/core/model/db/DBModelAuthorizables.java index 3a05a3b..7bc94c9 100644 --- a/sentry-core/sentry-core-model-db/src/main/java/org/apache/sentry/core/model/db/DBModelAuthorizables.java +++ b/sentry-core/sentry-core-model-db/src/main/java/org/apache/sentry/core/model/db/DBModelAuthorizables.java @@ -21,6 +21,10 @@ import org.apache.sentry.core.common.utils.KeyValue; public class DBModelAuthorizables { + private DBModelAuthorizables() { + // Make constructor private to avoid instantiation + } + public static DBModelAuthorizable from(KeyValue keyValue) { String prefix = keyValue.getKey().toLowerCase(); String name = keyValue.getValue(); http://git-wip-us.apache.org/repos/asf/sentry/blob/36cb81a8/sentry-core/sentry-core-model-indexer/src/main/java/org/apache/sentry/core/model/indexer/IndexerConstants.java ---------------------------------------------------------------------- diff --git a/sentry-core/sentry-core-model-indexer/src/main/java/org/apache/sentry/core/model/indexer/IndexerConstants.java b/sentry-core/sentry-core-model-indexer/src/main/java/org/apache/sentry/core/model/indexer/IndexerConstants.java index 2182525..7a9ec3f 100644 --- a/sentry-core/sentry-core-model-indexer/src/main/java/org/apache/sentry/core/model/indexer/IndexerConstants.java +++ b/sentry-core/sentry-core-model-indexer/src/main/java/org/apache/sentry/core/model/indexer/IndexerConstants.java @@ -16,10 +16,13 @@ */ package org.apache.sentry.core.model.indexer; -public class IndexerConstants { +public final class IndexerConstants { public static final String ALL = "*"; public static final String READ = "read"; public static final String WRITE = "write"; + private IndexerConstants() { + // Make constructor private to avoid instantiation + } } http://git-wip-us.apache.org/repos/asf/sentry/blob/36cb81a8/sentry-core/sentry-core-model-indexer/src/main/java/org/apache/sentry/core/model/indexer/IndexerModelAuthorizables.java ---------------------------------------------------------------------- diff --git a/sentry-core/sentry-core-model-indexer/src/main/java/org/apache/sentry/core/model/indexer/IndexerModelAuthorizables.java b/sentry-core/sentry-core-model-indexer/src/main/java/org/apache/sentry/core/model/indexer/IndexerModelAuthorizables.java index d15e911..414df68 100644 --- a/sentry-core/sentry-core-model-indexer/src/main/java/org/apache/sentry/core/model/indexer/IndexerModelAuthorizables.java +++ b/sentry-core/sentry-core-model-indexer/src/main/java/org/apache/sentry/core/model/indexer/IndexerModelAuthorizables.java @@ -21,6 +21,10 @@ import org.apache.sentry.core.common.utils.KeyValue; public class IndexerModelAuthorizables { + private IndexerModelAuthorizables() { + // Make constructor private to avoid instantiation + } + public static IndexerModelAuthorizable from(KeyValue keyValue) { String prefix = keyValue.getKey().toLowerCase(); String name = keyValue.getValue().toLowerCase(); http://git-wip-us.apache.org/repos/asf/sentry/blob/36cb81a8/sentry-core/sentry-core-model-search/src/main/java/org/apache/sentry/core/model/search/SearchConstants.java ---------------------------------------------------------------------- diff --git a/sentry-core/sentry-core-model-search/src/main/java/org/apache/sentry/core/model/search/SearchConstants.java b/sentry-core/sentry-core-model-search/src/main/java/org/apache/sentry/core/model/search/SearchConstants.java index 9f76bda..a2b17fc 100644 --- a/sentry-core/sentry-core-model-search/src/main/java/org/apache/sentry/core/model/search/SearchConstants.java +++ b/sentry-core/sentry-core-model-search/src/main/java/org/apache/sentry/core/model/search/SearchConstants.java @@ -16,7 +16,7 @@ */ package org.apache.sentry.core.model.search; -public class SearchConstants { +public final class SearchConstants { public static final String ALL = "*"; public static final String QUERY = "query"; @@ -28,4 +28,8 @@ public class SearchConstants { */ public static final String SENTRY_SEARCH_SERVICE_KEY = "sentry.search.service"; public static final String SENTRY_SEARCH_SERVICE_DEFAULT = "service1"; + + private SearchConstants() { + // Make constructor private to avoid instantiation + } } http://git-wip-us.apache.org/repos/asf/sentry/blob/36cb81a8/sentry-core/sentry-core-model-search/src/main/java/org/apache/sentry/core/model/search/SearchModelAuthorizables.java ---------------------------------------------------------------------- diff --git a/sentry-core/sentry-core-model-search/src/main/java/org/apache/sentry/core/model/search/SearchModelAuthorizables.java b/sentry-core/sentry-core-model-search/src/main/java/org/apache/sentry/core/model/search/SearchModelAuthorizables.java index c3292c7..2b190e5 100644 --- a/sentry-core/sentry-core-model-search/src/main/java/org/apache/sentry/core/model/search/SearchModelAuthorizables.java +++ b/sentry-core/sentry-core-model-search/src/main/java/org/apache/sentry/core/model/search/SearchModelAuthorizables.java @@ -21,6 +21,10 @@ import org.apache.sentry.core.common.utils.KeyValue; public class SearchModelAuthorizables { + private SearchModelAuthorizables() { + // Make constructor private to avoid instantiation + } + public static SearchModelAuthorizable from(KeyValue keyValue) { String prefix = keyValue.getKey().toLowerCase(); String name = keyValue.getValue().toLowerCase(); http://git-wip-us.apache.org/repos/asf/sentry/blob/36cb81a8/sentry-core/sentry-core-model-sqoop/src/main/java/org/apache/sentry/core/model/sqoop/Job.java ---------------------------------------------------------------------- diff --git a/sentry-core/sentry-core-model-sqoop/src/main/java/org/apache/sentry/core/model/sqoop/Job.java b/sentry-core/sentry-core-model-sqoop/src/main/java/org/apache/sentry/core/model/sqoop/Job.java index e7f43ef..8f6bb20 100644 --- a/sentry-core/sentry-core-model-sqoop/src/main/java/org/apache/sentry/core/model/sqoop/Job.java +++ b/sentry-core/sentry-core-model-sqoop/src/main/java/org/apache/sentry/core/model/sqoop/Job.java @@ -22,7 +22,7 @@ public class Job implements SqoopAuthorizable { /** * Represents all jobs */ - public static Job ALL = new Job(SqoopAuthorizable.ALL); + public static final Job ALL = new Job(SqoopAuthorizable.ALL); private String name; public Job(String name) { http://git-wip-us.apache.org/repos/asf/sentry/blob/36cb81a8/sentry-core/sentry-core-model-sqoop/src/main/java/org/apache/sentry/core/model/sqoop/Link.java ---------------------------------------------------------------------- diff --git a/sentry-core/sentry-core-model-sqoop/src/main/java/org/apache/sentry/core/model/sqoop/Link.java b/sentry-core/sentry-core-model-sqoop/src/main/java/org/apache/sentry/core/model/sqoop/Link.java index 53194ea..acd2980 100644 --- a/sentry-core/sentry-core-model-sqoop/src/main/java/org/apache/sentry/core/model/sqoop/Link.java +++ b/sentry-core/sentry-core-model-sqoop/src/main/java/org/apache/sentry/core/model/sqoop/Link.java @@ -22,7 +22,7 @@ public class Link implements SqoopAuthorizable { /** * Represents all links */ - public static Link ALL = new Link(SqoopAuthorizable.ALL); + public static final Link ALL = new Link(SqoopAuthorizable.ALL); private String name; public Link(String name) { http://git-wip-us.apache.org/repos/asf/sentry/blob/36cb81a8/sentry-core/sentry-core-model-sqoop/src/main/java/org/apache/sentry/core/model/sqoop/Server.java ---------------------------------------------------------------------- diff --git a/sentry-core/sentry-core-model-sqoop/src/main/java/org/apache/sentry/core/model/sqoop/Server.java b/sentry-core/sentry-core-model-sqoop/src/main/java/org/apache/sentry/core/model/sqoop/Server.java index 8d86a38..19dd139 100644 --- a/sentry-core/sentry-core-model-sqoop/src/main/java/org/apache/sentry/core/model/sqoop/Server.java +++ b/sentry-core/sentry-core-model-sqoop/src/main/java/org/apache/sentry/core/model/sqoop/Server.java @@ -22,7 +22,7 @@ public class Server implements SqoopAuthorizable { /** * Represents all servers */ - public static Server ALL = new Server(SqoopAuthorizable.ALL); + public static final Server ALL = new Server(SqoopAuthorizable.ALL); private String name; public Server(String name) { http://git-wip-us.apache.org/repos/asf/sentry/blob/36cb81a8/sentry-core/sentry-core-model-sqoop/src/main/java/org/apache/sentry/core/model/sqoop/SqoopActionConstant.java ---------------------------------------------------------------------- diff --git a/sentry-core/sentry-core-model-sqoop/src/main/java/org/apache/sentry/core/model/sqoop/SqoopActionConstant.java b/sentry-core/sentry-core-model-sqoop/src/main/java/org/apache/sentry/core/model/sqoop/SqoopActionConstant.java index 2b867fa..38f24cf 100644 --- a/sentry-core/sentry-core-model-sqoop/src/main/java/org/apache/sentry/core/model/sqoop/SqoopActionConstant.java +++ b/sentry-core/sentry-core-model-sqoop/src/main/java/org/apache/sentry/core/model/sqoop/SqoopActionConstant.java @@ -16,10 +16,14 @@ */ package org.apache.sentry.core.model.sqoop; -public class SqoopActionConstant { +public final class SqoopActionConstant { public static final String ALL = "*"; public static final String ALL_NAME = "ALL"; public static final String READ = "read"; public static final String WRITE = "write"; public static final String NAME = "action"; + + private SqoopActionConstant() { + // Make constructor private to avoid instantiation + } } http://git-wip-us.apache.org/repos/asf/sentry/blob/36cb81a8/sentry-core/sentry-core-model-sqoop/src/main/java/org/apache/sentry/core/model/sqoop/SqoopModelAuthorizables.java ---------------------------------------------------------------------- diff --git a/sentry-core/sentry-core-model-sqoop/src/main/java/org/apache/sentry/core/model/sqoop/SqoopModelAuthorizables.java b/sentry-core/sentry-core-model-sqoop/src/main/java/org/apache/sentry/core/model/sqoop/SqoopModelAuthorizables.java index 11ce7ec..3bb9a19 100644 --- a/sentry-core/sentry-core-model-sqoop/src/main/java/org/apache/sentry/core/model/sqoop/SqoopModelAuthorizables.java +++ b/sentry-core/sentry-core-model-sqoop/src/main/java/org/apache/sentry/core/model/sqoop/SqoopModelAuthorizables.java @@ -20,6 +20,11 @@ import org.apache.sentry.core.model.sqoop.SqoopAuthorizable.AuthorizableType; import org.apache.sentry.core.common.utils.KeyValue; public class SqoopModelAuthorizables { + + private SqoopModelAuthorizables() { + // Make constructor private to avoid instantiation + } + public static SqoopAuthorizable from(KeyValue keyValue) { String prefix = keyValue.getKey().toLowerCase(); String name = keyValue.getValue().toLowerCase(); http://git-wip-us.apache.org/repos/asf/sentry/blob/36cb81a8/sentry-hdfs/sentry-hdfs-common/src/main/java/org/apache/sentry/hdfs/HMSPaths.java ---------------------------------------------------------------------- diff --git a/sentry-hdfs/sentry-hdfs-common/src/main/java/org/apache/sentry/hdfs/HMSPaths.java b/sentry-hdfs/sentry-hdfs-common/src/main/java/org/apache/sentry/hdfs/HMSPaths.java index 80a25aa..6d2ab23 100644 --- a/sentry-hdfs/sentry-hdfs-common/src/main/java/org/apache/sentry/hdfs/HMSPaths.java +++ b/sentry-hdfs/sentry-hdfs-common/src/main/java/org/apache/sentry/hdfs/HMSPaths.java @@ -36,27 +36,27 @@ import org.slf4j.LoggerFactory; */ public class HMSPaths implements AuthzPaths { - private static Logger LOG = LoggerFactory.getLogger(HMSPaths.class); + private static final Logger LOG = LoggerFactory.getLogger(HMSPaths.class); @VisibleForTesting static List<String> getPathElements(String path) { - path = path.trim(); - if (path.charAt(0) != Path.SEPARATOR_CHAR) { - throw new IllegalArgumentException("It must be an absolute path: " + - path); + String trimmedPath = path.trim(); + if (trimmedPath.charAt(0) != Path.SEPARATOR_CHAR) { + throw new IllegalArgumentException("It must be an absolute path: " + + trimmedPath); } List<String> list = new ArrayList<String>(32); int idx = 0; - int found = path.indexOf(Path.SEPARATOR_CHAR, idx); + int found = trimmedPath.indexOf(Path.SEPARATOR_CHAR, idx); while (found > -1) { if (found > idx) { - list.add(path.substring(idx, found)); + list.add(trimmedPath.substring(idx, found)); } idx = found + 1; - found = path.indexOf(Path.SEPARATOR_CHAR, idx); + found = trimmedPath.indexOf(Path.SEPARATOR_CHAR, idx); } - if (idx < path.length()) { - list.add(path.substring(idx)); + if (idx < trimmedPath.length()) { + list.add(trimmedPath.substring(idx)); } return list; } @@ -197,7 +197,6 @@ public class HMSPaths implements AuthzPaths { // Creates the entry based on the path elements (if not found) until reaches its // direct parent. for (int i = 0; i < pathElements.size() - 1; i++) { - String pathElement = pathElements.get(i); Entry child = entryParent.getChildren().get(pathElement); http://git-wip-us.apache.org/repos/asf/sentry/blob/36cb81a8/sentry-hdfs/sentry-hdfs-common/src/main/java/org/apache/sentry/hdfs/HMSPathsDumper.java ---------------------------------------------------------------------- diff --git a/sentry-hdfs/sentry-hdfs-common/src/main/java/org/apache/sentry/hdfs/HMSPathsDumper.java b/sentry-hdfs/sentry-hdfs-common/src/main/java/org/apache/sentry/hdfs/HMSPathsDumper.java index 3203ecd..e759ff1 100644 --- a/sentry-hdfs/sentry-hdfs-common/src/main/java/org/apache/sentry/hdfs/HMSPathsDumper.java +++ b/sentry-hdfs/sentry-hdfs-common/src/main/java/org/apache/sentry/hdfs/HMSPathsDumper.java @@ -33,8 +33,8 @@ public class HMSPathsDumper implements AuthzPathsDumper<HMSPaths> { private final HMSPaths hmsPaths; static class Tuple { - final TPathEntry entry; - final int id; + private final TPathEntry entry; + private final int id; Tuple(TPathEntry entry, int id) { this.entry = entry; this.id = id; @@ -79,16 +79,16 @@ public class HMSPathsDumper implements AuthzPathsDumper<HMSPaths> { @Override public HMSPaths initializeFromDump(TPathsDump pathDump) { - HMSPaths hmsPaths = new HMSPaths(this.hmsPaths.getPrefixes()); + HMSPaths newHmsPaths = new HMSPaths(this.hmsPaths.getPrefixes()); TPathEntry tRootEntry = pathDump.getNodeMap().get(pathDump.getRootId()); - Entry rootEntry = hmsPaths.getRootEntry(); + Entry rootEntry = newHmsPaths.getRootEntry(); Map<String, Set<Entry>> authzObjToPath = new HashMap<String, Set<Entry>>(); cloneToEntry(tRootEntry, rootEntry, pathDump.getNodeMap(), authzObjToPath, rootEntry.getType() == EntryType.PREFIX); - hmsPaths.setRootEntry(rootEntry); - hmsPaths.setAuthzObjToPathMapping(authzObjToPath); + newHmsPaths.setRootEntry(rootEntry); + newHmsPaths.setAuthzObjToPathMapping(authzObjToPath); - return hmsPaths; + return newHmsPaths; } private void cloneToEntry(TPathEntry tParent, Entry parent, http://git-wip-us.apache.org/repos/asf/sentry/blob/36cb81a8/sentry-hdfs/sentry-hdfs-common/src/main/java/org/apache/sentry/hdfs/PathsUpdate.java ---------------------------------------------------------------------- diff --git a/sentry-hdfs/sentry-hdfs-common/src/main/java/org/apache/sentry/hdfs/PathsUpdate.java b/sentry-hdfs/sentry-hdfs-common/src/main/java/org/apache/sentry/hdfs/PathsUpdate.java index a091f71..5985756 100644 --- a/sentry-hdfs/sentry-hdfs-common/src/main/java/org/apache/sentry/hdfs/PathsUpdate.java +++ b/sentry-hdfs/sentry-hdfs-common/src/main/java/org/apache/sentry/hdfs/PathsUpdate.java @@ -46,7 +46,7 @@ public class PathsUpdate implements Updateable.Update { private static final Logger LOGGER = LoggerFactory.getLogger(PathsUpdate.class); - public static String ALL_PATHS = "__ALL_PATHS__"; + public static final String ALL_PATHS = "__ALL_PATHS__"; private static final Configuration CONF = new Configuration(); private final TPathsUpdate tPathsUpdate; http://git-wip-us.apache.org/repos/asf/sentry/blob/36cb81a8/sentry-hdfs/sentry-hdfs-common/src/main/java/org/apache/sentry/hdfs/PermissionsUpdate.java ---------------------------------------------------------------------- diff --git a/sentry-hdfs/sentry-hdfs-common/src/main/java/org/apache/sentry/hdfs/PermissionsUpdate.java b/sentry-hdfs/sentry-hdfs-common/src/main/java/org/apache/sentry/hdfs/PermissionsUpdate.java index c791ab3..9834923 100644 --- a/sentry-hdfs/sentry-hdfs-common/src/main/java/org/apache/sentry/hdfs/PermissionsUpdate.java +++ b/sentry-hdfs/sentry-hdfs-common/src/main/java/org/apache/sentry/hdfs/PermissionsUpdate.java @@ -28,11 +28,11 @@ import org.apache.sentry.hdfs.service.thrift.TRoleChanges; public class PermissionsUpdate implements Updateable.Update { - public static String RENAME_PRIVS = "__RENAME_PRIV__"; - public static String ALL_AUTHZ_OBJ = "__ALL_AUTHZ_OBJ__"; - public static String ALL_PRIVS = "__ALL_PRIVS__"; - public static String ALL_ROLES = "__ALL_ROLES__"; - public static String ALL_GROUPS = "__ALL_GROUPS__"; + public static final String RENAME_PRIVS = "__RENAME_PRIV__"; + public static final String ALL_AUTHZ_OBJ = "__ALL_AUTHZ_OBJ__"; + public static final String ALL_PRIVS = "__ALL_PRIVS__"; + public static final String ALL_ROLES = "__ALL_ROLES__"; + public static final String ALL_GROUPS = "__ALL_GROUPS__"; private final TPermissionsUpdate tPermUpdate; http://git-wip-us.apache.org/repos/asf/sentry/blob/36cb81a8/sentry-hdfs/sentry-hdfs-common/src/main/java/org/apache/sentry/hdfs/SentryHDFSServiceClientFactory.java ---------------------------------------------------------------------- diff --git a/sentry-hdfs/sentry-hdfs-common/src/main/java/org/apache/sentry/hdfs/SentryHDFSServiceClientFactory.java b/sentry-hdfs/sentry-hdfs-common/src/main/java/org/apache/sentry/hdfs/SentryHDFSServiceClientFactory.java index 58aa10d..6c9c8bb 100644 --- a/sentry-hdfs/sentry-hdfs-common/src/main/java/org/apache/sentry/hdfs/SentryHDFSServiceClientFactory.java +++ b/sentry-hdfs/sentry-hdfs-common/src/main/java/org/apache/sentry/hdfs/SentryHDFSServiceClientFactory.java @@ -27,6 +27,11 @@ import org.apache.sentry.service.thrift.ServiceConstants.ServerConfig; * Client factory to create normal client or proxy with HA invocation handler */ public class SentryHDFSServiceClientFactory { + + private SentryHDFSServiceClientFactory() { + // Make constructor private to avoid instantiation + } + public static SentryHDFSServiceClient create(Configuration conf) throws Exception { boolean haEnabled = conf.getBoolean(ServerConfig.SENTRY_HA_ENABLED, false); http://git-wip-us.apache.org/repos/asf/sentry/blob/36cb81a8/sentry-hdfs/sentry-hdfs-common/src/main/java/org/apache/sentry/hdfs/ServiceConstants.java ---------------------------------------------------------------------- diff --git a/sentry-hdfs/sentry-hdfs-common/src/main/java/org/apache/sentry/hdfs/ServiceConstants.java b/sentry-hdfs/sentry-hdfs-common/src/main/java/org/apache/sentry/hdfs/ServiceConstants.java index 1fdf418..2c0ae82 100644 --- a/sentry-hdfs/sentry-hdfs-common/src/main/java/org/apache/sentry/hdfs/ServiceConstants.java +++ b/sentry-hdfs/sentry-hdfs-common/src/main/java/org/apache/sentry/hdfs/ServiceConstants.java @@ -62,10 +62,10 @@ public class ServiceConstants { public static final String SENTRY_HDFS_SYNC_METASTORE_CACHE_ASYNC_INIT_ENABLE = "sentry.hdfs.sync.metastore.cache.async-init.enable"; public static final boolean SENTRY_HDFS_SYNC_METASTORE_CACHE_ASYNC_INIT_ENABLE_DEFAULT = false; - public static String SENTRY_HDFS_SYNC_METASTORE_CACHE_MAX_PART_PER_RPC = "sentry.hdfs.sync.metastore.cache.max-partitions-per-rpc"; - public static int SENTRY_HDFS_SYNC_METASTORE_CACHE_MAX_PART_PER_RPC_DEFAULT = 100; - public static String SENTRY_HDFS_SYNC_METASTORE_CACHE_MAX_TABLES_PER_RPC = "sentry.hdfs.sync.metastore.cache.max-tables-per-rpc"; - public static int SENTRY_HDFS_SYNC_METASTORE_CACHE_MAX_TABLES_PER_RPC_DEFAULT = 100; + public static final String SENTRY_HDFS_SYNC_METASTORE_CACHE_MAX_PART_PER_RPC = "sentry.hdfs.sync.metastore.cache.max-partitions-per-rpc"; + public static final int SENTRY_HDFS_SYNC_METASTORE_CACHE_MAX_PART_PER_RPC_DEFAULT = 100; + public static final String SENTRY_HDFS_SYNC_METASTORE_CACHE_MAX_TABLES_PER_RPC = "sentry.hdfs.sync.metastore.cache.max-tables-per-rpc"; + public static final int SENTRY_HDFS_SYNC_METASTORE_CACHE_MAX_TABLES_PER_RPC_DEFAULT = 100; } public static class ClientConfig { @@ -88,8 +88,8 @@ public class ServiceConstants { public static final boolean USE_COMPACT_TRANSPORT_DEFAULT = false; // max message size for thrift messages - public static String SENTRY_HDFS_THRIFT_MAX_MESSAGE_SIZE = "sentry.hdfs.thrift.max.message.size"; - public static long SENTRY_HDFS_THRIFT_MAX_MESSAGE_SIZE_DEFAULT = 100 * 1024 * 1024; + public static final String SENTRY_HDFS_THRIFT_MAX_MESSAGE_SIZE = "sentry.hdfs.thrift.max.message.size"; + public static final long SENTRY_HDFS_THRIFT_MAX_MESSAGE_SIZE_DEFAULT = 100 * 1024 * 1024; } } http://git-wip-us.apache.org/repos/asf/sentry/blob/36cb81a8/sentry-hdfs/sentry-hdfs-common/src/main/java/org/apache/sentry/hdfs/ThriftSerializer.java ---------------------------------------------------------------------- diff --git a/sentry-hdfs/sentry-hdfs-common/src/main/java/org/apache/sentry/hdfs/ThriftSerializer.java b/sentry-hdfs/sentry-hdfs-common/src/main/java/org/apache/sentry/hdfs/ThriftSerializer.java index 782367a..b66f70b 100644 --- a/sentry-hdfs/sentry-hdfs-common/src/main/java/org/apache/sentry/hdfs/ThriftSerializer.java +++ b/sentry-hdfs/sentry-hdfs-common/src/main/java/org/apache/sentry/hdfs/ThriftSerializer.java @@ -57,4 +57,7 @@ public class ThriftSerializer { return baseObject; } + private ThriftSerializer() { + // Make constructor private to avoid instantiation + } } http://git-wip-us.apache.org/repos/asf/sentry/blob/36cb81a8/sentry-hdfs/sentry-hdfs-common/src/main/java/org/apache/sentry/hdfs/UpdateableAuthzPaths.java ---------------------------------------------------------------------- diff --git a/sentry-hdfs/sentry-hdfs-common/src/main/java/org/apache/sentry/hdfs/UpdateableAuthzPaths.java b/sentry-hdfs/sentry-hdfs-common/src/main/java/org/apache/sentry/hdfs/UpdateableAuthzPaths.java index 5ff7294..4264a21 100644 --- a/sentry-hdfs/sentry-hdfs-common/src/main/java/org/apache/sentry/hdfs/UpdateableAuthzPaths.java +++ b/sentry-hdfs/sentry-hdfs-common/src/main/java/org/apache/sentry/hdfs/UpdateableAuthzPaths.java @@ -30,11 +30,10 @@ import org.slf4j.LoggerFactory; public class UpdateableAuthzPaths implements AuthzPaths, Updateable<PathsUpdate> { private static final int MAX_UPDATES_PER_LOCK_USE = 99; private static final String UPDATABLE_TYPE_NAME = "path_update"; + private static final Logger LOG = LoggerFactory.getLogger(UpdateableAuthzPaths.class); private volatile HMSPaths paths; private final AtomicLong seqNum = new AtomicLong(0); - private static Logger LOG = LoggerFactory.getLogger(UpdateableAuthzPaths.class); - public UpdateableAuthzPaths(String[] pathPrefixes) { this.paths = new HMSPaths(pathPrefixes); } http://git-wip-us.apache.org/repos/asf/sentry/blob/36cb81a8/sentry-hdfs/sentry-hdfs-namenode-plugin/src/main/java/org/apache/hadoop/hdfs/server/namenode/AuthorizationProvider.java ---------------------------------------------------------------------- diff --git a/sentry-hdfs/sentry-hdfs-namenode-plugin/src/main/java/org/apache/hadoop/hdfs/server/namenode/AuthorizationProvider.java b/sentry-hdfs/sentry-hdfs-namenode-plugin/src/main/java/org/apache/hadoop/hdfs/server/namenode/AuthorizationProvider.java index 114dbb0..383d64d 100644 --- a/sentry-hdfs/sentry-hdfs-namenode-plugin/src/main/java/org/apache/hadoop/hdfs/server/namenode/AuthorizationProvider.java +++ b/sentry-hdfs/sentry-hdfs-namenode-plugin/src/main/java/org/apache/hadoop/hdfs/server/namenode/AuthorizationProvider.java @@ -186,7 +186,7 @@ public abstract class AuthorizationProvider { * done as part of a client operation, <code>FALSE</code> otherwise. */ protected final boolean isClientOp() { - return CLIENT_OP_TL.get() == Boolean.TRUE; + return Boolean.TRUE.equals(CLIENT_OP_TL.get()); } /** http://git-wip-us.apache.org/repos/asf/sentry/blob/36cb81a8/sentry-hdfs/sentry-hdfs-namenode-plugin/src/main/java/org/apache/sentry/hdfs/SentryAuthorizationConstants.java ---------------------------------------------------------------------- diff --git a/sentry-hdfs/sentry-hdfs-namenode-plugin/src/main/java/org/apache/sentry/hdfs/SentryAuthorizationConstants.java b/sentry-hdfs/sentry-hdfs-namenode-plugin/src/main/java/org/apache/sentry/hdfs/SentryAuthorizationConstants.java index ea1514c..8836801 100644 --- a/sentry-hdfs/sentry-hdfs-namenode-plugin/src/main/java/org/apache/sentry/hdfs/SentryAuthorizationConstants.java +++ b/sentry-hdfs/sentry-hdfs-namenode-plugin/src/main/java/org/apache/sentry/hdfs/SentryAuthorizationConstants.java @@ -17,7 +17,7 @@ */ package org.apache.sentry.hdfs; -public class SentryAuthorizationConstants { +public final class SentryAuthorizationConstants { public static final String CONFIG_FILE = "hdfs-sentry.xml"; @@ -52,4 +52,8 @@ public class SentryAuthorizationConstants { public static final String INCLUDE_HDFS_AUTHZ_AS_ACL_KEY = CONFIG_PREFIX + "include-hdfs-authz-as-acl"; public static final boolean INCLUDE_HDFS_AUTHZ_AS_ACL_DEFAULT = false; + + private SentryAuthorizationConstants() { + // Make constructor private to avoid instantiation + } } http://git-wip-us.apache.org/repos/asf/sentry/blob/36cb81a8/sentry-hdfs/sentry-hdfs-namenode-plugin/src/main/java/org/apache/sentry/hdfs/SentryAuthorizationInfo.java ---------------------------------------------------------------------- diff --git a/sentry-hdfs/sentry-hdfs-namenode-plugin/src/main/java/org/apache/sentry/hdfs/SentryAuthorizationInfo.java b/sentry-hdfs/sentry-hdfs-namenode-plugin/src/main/java/org/apache/sentry/hdfs/SentryAuthorizationInfo.java index c2416c1..90ba721 100644 --- a/sentry-hdfs/sentry-hdfs-namenode-plugin/src/main/java/org/apache/sentry/hdfs/SentryAuthorizationInfo.java +++ b/sentry-hdfs/sentry-hdfs-namenode-plugin/src/main/java/org/apache/sentry/hdfs/SentryAuthorizationInfo.java @@ -37,7 +37,7 @@ import com.google.common.annotations.VisibleForTesting; import com.google.common.base.Preconditions; public class SentryAuthorizationInfo implements Runnable { - private static Logger LOG = + private static final Logger LOG = LoggerFactory.getLogger(SentryAuthorizationInfo.class); private SentryUpdater updater; @@ -65,10 +65,10 @@ public class SentryAuthorizationInfo implements Runnable { } public SentryAuthorizationInfo(Configuration conf) throws Exception { - String[] pathPrefixes = conf.getTrimmedStrings( + String[] newPathPrefixes = conf.getTrimmedStrings( SentryAuthorizationConstants.HDFS_PATH_PREFIXES_KEY, SentryAuthorizationConstants.HDFS_PATH_PREFIXES_DEFAULT); - if (pathPrefixes.length == 0) { + if (newPathPrefixes.length == 0) { LOG.warn("There are not HDFS path prefixes configured in [{}], " + "Sentry authorization won't be enforced on any HDFS location", SentryAuthorizationConstants.HDFS_PATH_PREFIXES_KEY); @@ -84,13 +84,13 @@ public class SentryAuthorizationInfo implements Runnable { SentryAuthorizationConstants.CACHE_REFRESH_RETRY_WAIT_DEFAULT); LOG.debug("Sentry authorization will enforced in the following HDFS " + - "locations: [{}]", StringUtils.arrayToString(pathPrefixes)); - setPrefixPaths(pathPrefixes); + "locations: [{}]", StringUtils.arrayToString(newPathPrefixes)); + setPrefixPaths(newPathPrefixes); LOG.debug("Refresh interval [{}]ms, retry wait [{}], stale threshold " + "[{}]ms", new Object[] {refreshIntervalMillisec, retryWaitMillisec, staleThresholdMillisec}); - authzPaths = new UpdateableAuthzPaths(pathPrefixes); + authzPaths = new UpdateableAuthzPaths(newPathPrefixes); authzPermissions = new UpdateableAuthzPermissions(); waitUntil = System.currentTimeMillis(); lastStaleReport = 0; @@ -157,26 +157,27 @@ public class SentryAuthorizationInfo implements Runnable { V updateable) { // In a list of Updates, if there is a full Update, it will be the first // one in the List.. all the remaining will be partial updates - if (updates.size() > 0) { + V newUpdateable = updateable; + if (!updates.isEmpty()) { if (updates.get(0).hasFullImage()) { LOG.debug("Process Update : FULL IMAGE " - + "[" + updateable.getClass() + "]" + + "[" + newUpdateable.getClass() + "]" + "[" + updates.get(0).getSeqNum() + "]"); - updateable = (V)updateable.updateFull(updates.remove(0)); + newUpdateable = (V)newUpdateable.updateFull(updates.remove(0)); } // Any more elements ? if (!updates.isEmpty()) { LOG.debug("Process Update : More updates.. " - + "[" + updateable.getClass() + "]" - + "[" + updateable.getLastUpdatedSeqNum() + "]" + + "[" + newUpdateable.getClass() + "]" + + "[" + newUpdateable.getLastUpdatedSeqNum() + "]" + "[" + updates.size() + "]"); - updateable.updatePartial(updates, lock); + newUpdateable.updatePartial(updates, lock); } LOG.debug("Process Update : Finished updates.. " - + "[" + updateable.getClass() + "]" - + "[" + updateable.getLastUpdatedSeqNum() + "]"); + + "[" + newUpdateable.getClass() + "]" + + "[" + newUpdateable.getLastUpdatedSeqNum() + "]"); } - return updateable; + return newUpdateable; } public void run() { http://git-wip-us.apache.org/repos/asf/sentry/blob/36cb81a8/sentry-hdfs/sentry-hdfs-namenode-plugin/src/main/java/org/apache/sentry/hdfs/SentryAuthorizationProvider.java ---------------------------------------------------------------------- diff --git a/sentry-hdfs/sentry-hdfs-namenode-plugin/src/main/java/org/apache/sentry/hdfs/SentryAuthorizationProvider.java b/sentry-hdfs/sentry-hdfs-namenode-plugin/src/main/java/org/apache/sentry/hdfs/SentryAuthorizationProvider.java index c701723..f639f5f 100644 --- a/sentry-hdfs/sentry-hdfs-namenode-plugin/src/main/java/org/apache/sentry/hdfs/SentryAuthorizationProvider.java +++ b/sentry-hdfs/sentry-hdfs-namenode-plugin/src/main/java/org/apache/sentry/hdfs/SentryAuthorizationProvider.java @@ -54,8 +54,10 @@ public class SentryAuthorizationProvider } } - private static Logger LOG = + private static final Logger LOG = LoggerFactory.getLogger(SentryAuthorizationProvider.class); + private static final String WARN_VISIBILITY = + " The result won't be visible when the path is managed by Sentry"; private boolean started; private Configuration conf; @@ -66,9 +68,6 @@ public class SentryAuthorizationProvider private boolean originalAuthzAsAcl; private SentryAuthorizationInfo authzInfo; - private static String WARN_VISIBILITY = - " The result won't be visible when the path is managed by Sentry"; - public SentryAuthorizationProvider() { this(null); } @@ -103,17 +102,17 @@ public class SentryAuthorizationProvider defaultAuthzProvider.start(); // Configuration is read from hdfs-sentry.xml and NN configuration, in // that order of precedence. - Configuration conf = new Configuration(this.conf); - conf.addResource(SentryAuthorizationConstants.CONFIG_FILE); - user = conf.get(SentryAuthorizationConstants.HDFS_USER_KEY, + Configuration newConf = new Configuration(this.conf); + newConf.addResource(SentryAuthorizationConstants.CONFIG_FILE); + user = newConf.get(SentryAuthorizationConstants.HDFS_USER_KEY, SentryAuthorizationConstants.HDFS_USER_DEFAULT); - group = conf.get(SentryAuthorizationConstants.HDFS_GROUP_KEY, + group = newConf.get(SentryAuthorizationConstants.HDFS_GROUP_KEY, SentryAuthorizationConstants.HDFS_GROUP_DEFAULT); permission = FsPermission.createImmutable( - (short) conf.getLong(SentryAuthorizationConstants.HDFS_PERMISSION_KEY, + (short) newConf.getLong(SentryAuthorizationConstants.HDFS_PERMISSION_KEY, SentryAuthorizationConstants.HDFS_PERMISSION_DEFAULT) ); - originalAuthzAsAcl = conf.getBoolean( + originalAuthzAsAcl = newConf.getBoolean( SentryAuthorizationConstants.INCLUDE_HDFS_AUTHZ_AS_ACL_KEY, SentryAuthorizationConstants.INCLUDE_HDFS_AUTHZ_AS_ACL_DEFAULT); @@ -123,7 +122,7 @@ public class SentryAuthorizationProvider {user, group, permission, originalAuthzAsAcl}); if (authzInfo == null) { - authzInfo = new SentryAuthorizationInfo(conf); + authzInfo = new SentryAuthorizationInfo(newConf); } authzInfo.start(); } catch (Exception ex) { @@ -256,12 +255,12 @@ public class SentryAuthorizationProvider @Override public FsPermission getFsPermission( INodeAuthorizationInfo node, int snapshotId) { - FsPermission permission; + FsPermission returnPerm; String[] pathElements = getPathElements(node); if (!isSentryManaged(pathElements)) { - permission = defaultAuthzProvider.getFsPermission(node, snapshotId); + returnPerm = defaultAuthzProvider.getFsPermission(node, snapshotId); } else { - FsPermission returnPerm = this.permission; + returnPerm = this.permission; // Handle case when prefix directory is itself associated with an // authorizable object (default db directory in hive) // An executable permission needs to be set on the the prefix directory @@ -273,9 +272,8 @@ public class SentryAuthorizationProvider break; } } - permission = returnPerm; } - return permission; + return returnPerm; } private List<AclEntry> createAclEntries(String user, String group, @@ -325,10 +323,10 @@ public class SentryAuthorizationProvider hasAuthzObj = true; aclMap = new HashMap<String, AclEntry>(); if (originalAuthzAsAcl) { - String user = defaultAuthzProvider.getUser(node, snapshotId); - String group = getDefaultProviderGroup(node, snapshotId); + String newUser = defaultAuthzProvider.getUser(node, snapshotId); + String newGroup = getDefaultProviderGroup(node, snapshotId); FsPermission perm = defaultAuthzProvider.getFsPermission(node, snapshotId); - addToACLMap(aclMap, createAclEntries(user, group, perm)); + addToACLMap(aclMap, createAclEntries(newUser, newGroup, perm)); } else { addToACLMap(aclMap, createAclEntries(this.user, this.group, this.permission)); @@ -376,13 +374,13 @@ public class SentryAuthorizationProvider private String getDefaultProviderGroup(INodeAuthorizationInfo node, int snapshotId) { - String group = defaultAuthzProvider.getGroup(node, snapshotId); + String newGroup = defaultAuthzProvider.getGroup(node, snapshotId); INodeAuthorizationInfo pNode = node.getParent(); - while (group == null && pNode != null) { - group = defaultAuthzProvider.getGroup(pNode, snapshotId); + while (newGroup == null && pNode != null) { + newGroup = defaultAuthzProvider.getGroup(pNode, snapshotId); pNode = pNode.getParent(); } - return group; + return newGroup; } /* http://git-wip-us.apache.org/repos/asf/sentry/blob/36cb81a8/sentry-hdfs/sentry-hdfs-namenode-plugin/src/main/java/org/apache/sentry/hdfs/SentryUpdater.java ---------------------------------------------------------------------- diff --git a/sentry-hdfs/sentry-hdfs-namenode-plugin/src/main/java/org/apache/sentry/hdfs/SentryUpdater.java b/sentry-hdfs/sentry-hdfs-namenode-plugin/src/main/java/org/apache/sentry/hdfs/SentryUpdater.java index 88be3f5..0b85f0a 100644 --- a/sentry-hdfs/sentry-hdfs-namenode-plugin/src/main/java/org/apache/sentry/hdfs/SentryUpdater.java +++ b/sentry-hdfs/sentry-hdfs-namenode-plugin/src/main/java/org/apache/sentry/hdfs/SentryUpdater.java @@ -27,7 +27,7 @@ public class SentryUpdater { private final Configuration conf; private final SentryAuthorizationInfo authzInfo; - private static Logger LOG = LoggerFactory.getLogger(SentryUpdater.class); + private static final Logger LOG = LoggerFactory.getLogger(SentryUpdater.class); public SentryUpdater(Configuration conf, SentryAuthorizationInfo authzInfo) throws Exception { this.conf = conf; http://git-wip-us.apache.org/repos/asf/sentry/blob/36cb81a8/sentry-hdfs/sentry-hdfs-namenode-plugin/src/main/java/org/apache/sentry/hdfs/UpdateableAuthzPermissions.java ---------------------------------------------------------------------- diff --git a/sentry-hdfs/sentry-hdfs-namenode-plugin/src/main/java/org/apache/sentry/hdfs/UpdateableAuthzPermissions.java b/sentry-hdfs/sentry-hdfs-namenode-plugin/src/main/java/org/apache/sentry/hdfs/UpdateableAuthzPermissions.java index 33581b7..2472928 100644 --- a/sentry-hdfs/sentry-hdfs-namenode-plugin/src/main/java/org/apache/sentry/hdfs/UpdateableAuthzPermissions.java +++ b/sentry-hdfs/sentry-hdfs-namenode-plugin/src/main/java/org/apache/sentry/hdfs/UpdateableAuthzPermissions.java @@ -35,14 +35,14 @@ import org.slf4j.Logger; import org.slf4j.LoggerFactory; public class UpdateableAuthzPermissions implements AuthzPermissions, Updateable<PermissionsUpdate> { + public static final Map<String, FsAction> ACTION_MAPPING = new HashMap<String, FsAction>(); + private static final int MAX_UPDATES_PER_LOCK_USE = 99; private static final String UPDATABLE_TYPE_NAME = "perm_authz_update"; + private static final Logger LOG = LoggerFactory.getLogger(UpdateableAuthzPermissions.class); private volatile SentryPermissions perms = new SentryPermissions(); private final AtomicLong seqNum = new AtomicLong(0); - private static Logger LOG = LoggerFactory.getLogger(UpdateableAuthzPermissions.class); - - public static Map<String, FsAction> ACTION_MAPPING = new HashMap<String, FsAction>(); static { ACTION_MAPPING.put("ALL", FsAction.ALL); ACTION_MAPPING.put("*", FsAction.ALL); http://git-wip-us.apache.org/repos/asf/sentry/blob/36cb81a8/sentry-hdfs/sentry-hdfs-service/src/main/java/org/apache/sentry/hdfs/MetastoreCacheInitializer.java ---------------------------------------------------------------------- diff --git a/sentry-hdfs/sentry-hdfs-service/src/main/java/org/apache/sentry/hdfs/MetastoreCacheInitializer.java b/sentry-hdfs/sentry-hdfs-service/src/main/java/org/apache/sentry/hdfs/MetastoreCacheInitializer.java index 7a19594..807e4e0 100644 --- a/sentry-hdfs/sentry-hdfs-service/src/main/java/org/apache/sentry/hdfs/MetastoreCacheInitializer.java +++ b/sentry-hdfs/sentry-hdfs-service/src/main/java/org/apache/sentry/hdfs/MetastoreCacheInitializer.java @@ -64,7 +64,7 @@ class MetastoreCacheInitializer implements Closeable { /** * Class represents retry strategy for BaseTask. */ - private class RetryStrategy { + private final class RetryStrategy { private int retryStrategyMaxRetries = 0; private int retryStrategyWaitDurationMillis; private int retries; @@ -327,7 +327,7 @@ class MetastoreCacheInitializer implements Closeable { // Fail the HMS startup if tasks are not all successful and // fail on partial updates flag is set in the config. - if (callResult.getSuccessStatus() == false && failOnRetry) { + if (!callResult.getSuccessStatus() && failOnRetry) { throw new RuntimeException(callResult.getFailure()); } } http://git-wip-us.apache.org/repos/asf/sentry/blob/36cb81a8/sentry-hdfs/sentry-hdfs-service/src/main/java/org/apache/sentry/hdfs/MetastorePlugin.java ---------------------------------------------------------------------- diff --git a/sentry-hdfs/sentry-hdfs-service/src/main/java/org/apache/sentry/hdfs/MetastorePlugin.java b/sentry-hdfs/sentry-hdfs-service/src/main/java/org/apache/sentry/hdfs/MetastorePlugin.java index 570cf23..f37596d 100644 --- a/sentry-hdfs/sentry-hdfs-service/src/main/java/org/apache/sentry/hdfs/MetastorePlugin.java +++ b/sentry-hdfs/sentry-hdfs-service/src/main/java/org/apache/sentry/hdfs/MetastorePlugin.java @@ -181,15 +181,15 @@ public class MetastorePlugin extends SentryMetastoreListenerPlugin { sentryClient = null; LOGGER.error("Could not connect to Sentry HDFS Service !!", e); } - ScheduledExecutorService threadPool = Executors.newScheduledThreadPool(1); - threadPool.scheduleWithFixedDelay(new SyncTask(), + ScheduledExecutorService newThreadPool = Executors.newScheduledThreadPool(1); + newThreadPool.scheduleWithFixedDelay(new SyncTask(), this.conf.getLong(ServerConfig .SENTRY_HDFS_INIT_UPDATE_RETRY_DELAY_MS, ServerConfig.SENTRY_HDFS_INIT_UPDATE_RETRY_DELAY_DEFAULT), this.conf.getLong(ServerConfig.SENTRY_HDFS_SYNC_CHECKER_PERIOD_MS, ServerConfig.SENTRY_HDFS_SYNC_CHECKER_PERIOD_DEFAULT), TimeUnit.MILLISECONDS); - this.threadPool = threadPool; + this.threadPool = newThreadPool; } @Override @@ -247,26 +247,22 @@ public class MetastorePlugin extends SentryMetastoreListenerPlugin { @Override public void renameAuthzObject(String oldName, String oldPath, String newName, String newPath) { - if (oldName != null) { - oldName = oldName.toLowerCase(); - } - if (newName != null) { - newName = newName.toLowerCase(); - } + String oldNameLC = oldName != null ? oldName.toLowerCase() : null; + String newNameLC = newName != null ? newName.toLowerCase() : null; PathsUpdate update = createHMSUpdate(); LOGGER.debug("#### HMS Path Update [" + "OP : renameAuthzObject, " - + "oldName : " + oldName + "," + + "oldName : " + oldNameLC + "," + "oldPath : " + oldPath + "," - + "newName : " + newName + "," + + "newName : " + newNameLC + "," + "newPath : " + newPath + "]"); List<String> newPathTree = PathsUpdate.parsePath(newPath); if( newPathTree != null ) { - update.newPathChange(newName).addToAddPaths(newPathTree); + update.newPathChange(newNameLC).addToAddPaths(newPathTree); } List<String> oldPathTree = PathsUpdate.parsePath(oldPath); if( oldPathTree != null ) { - update.newPathChange(oldName).addToDelPaths(oldPathTree); + update.newPathChange(oldNameLC).addToDelPaths(oldPathTree); } notifySentryAndApplyLocal(update); } http://git-wip-us.apache.org/repos/asf/sentry/blob/36cb81a8/sentry-hdfs/sentry-hdfs-service/src/main/java/org/apache/sentry/hdfs/SentryHdfsMetricsUtil.java ---------------------------------------------------------------------- diff --git a/sentry-hdfs/sentry-hdfs-service/src/main/java/org/apache/sentry/hdfs/SentryHdfsMetricsUtil.java b/sentry-hdfs/sentry-hdfs-service/src/main/java/org/apache/sentry/hdfs/SentryHdfsMetricsUtil.java index b67c94a..5bf2f6e 100644 --- a/sentry-hdfs/sentry-hdfs-service/src/main/java/org/apache/sentry/hdfs/SentryHdfsMetricsUtil.java +++ b/sentry-hdfs/sentry-hdfs-service/src/main/java/org/apache/sentry/hdfs/SentryHdfsMetricsUtil.java @@ -98,4 +98,8 @@ public class SentryHdfsMetricsUtil { // The number of failed handleCacheUpdate public static final Counter getFailedCacheSyncToZK = sentryMetrics.getCounter( MetricRegistry.name(PluginCacheSyncUtil.class, "cache-sync-to-zk", "failed-num")); + + private SentryHdfsMetricsUtil() { + // Make constructor private to avoid instantiation + } } http://git-wip-us.apache.org/repos/asf/sentry/blob/36cb81a8/sentry-policy/sentry-policy-common/src/main/java/org/apache/sentry/policy/common/PrivilegeUtils.java ---------------------------------------------------------------------- diff --git a/sentry-policy/sentry-policy-common/src/main/java/org/apache/sentry/policy/common/PrivilegeUtils.java b/sentry-policy/sentry-policy-common/src/main/java/org/apache/sentry/policy/common/PrivilegeUtils.java index 7387ad0..6628a2f 100644 --- a/sentry-policy/sentry-policy-common/src/main/java/org/apache/sentry/policy/common/PrivilegeUtils.java +++ b/sentry-policy/sentry-policy-common/src/main/java/org/apache/sentry/policy/common/PrivilegeUtils.java @@ -24,4 +24,8 @@ public class PrivilegeUtils { public static Set<String> toPrivilegeStrings(String s) { return PermissionUtils.toPermissionStrings(s); } + + private PrivilegeUtils() { + // Make constructor private to avoid instantiation + } } http://git-wip-us.apache.org/repos/asf/sentry/blob/36cb81a8/sentry-provider/sentry-provider-common/src/main/java/org/apache/sentry/provider/common/AuthorizationComponent.java ---------------------------------------------------------------------- diff --git a/sentry-provider/sentry-provider-common/src/main/java/org/apache/sentry/provider/common/AuthorizationComponent.java b/sentry-provider/sentry-provider-common/src/main/java/org/apache/sentry/provider/common/AuthorizationComponent.java index c74641a..5dc2b55 100644 --- a/sentry-provider/sentry-provider-common/src/main/java/org/apache/sentry/provider/common/AuthorizationComponent.java +++ b/sentry-provider/sentry-provider-common/src/main/java/org/apache/sentry/provider/common/AuthorizationComponent.java @@ -23,4 +23,8 @@ public class AuthorizationComponent{ public static final String Search = "solr"; public static final String SQOOP = "sqoop"; public static final String KAFKA = "kafka"; + + private AuthorizationComponent() { + // Make constructor private to avoid instantiation + } } http://git-wip-us.apache.org/repos/asf/sentry/blob/36cb81a8/sentry-provider/sentry-provider-common/src/main/java/org/apache/sentry/provider/common/ProviderBackendContext.java ---------------------------------------------------------------------- diff --git a/sentry-provider/sentry-provider-common/src/main/java/org/apache/sentry/provider/common/ProviderBackendContext.java b/sentry-provider/sentry-provider-common/src/main/java/org/apache/sentry/provider/common/ProviderBackendContext.java index 4cf629b..a4d36bf 100644 --- a/sentry-provider/sentry-provider-common/src/main/java/org/apache/sentry/provider/common/ProviderBackendContext.java +++ b/sentry-provider/sentry-provider-common/src/main/java/org/apache/sentry/provider/common/ProviderBackendContext.java @@ -44,9 +44,10 @@ public class ProviderBackendContext { public void setValidators(ImmutableList<PrivilegeValidator> validators) { if (validators == null) { - validators = ImmutableList.of(); + this.validators = ImmutableList.of(); + } else { + this.validators = validators; } - this.validators = validators; } public Object getBindingHandle() { http://git-wip-us.apache.org/repos/asf/sentry/blob/36cb81a8/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/generic/service/persistent/DelegateSentryStore.java ---------------------------------------------------------------------- diff --git a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/generic/service/persistent/DelegateSentryStore.java b/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/generic/service/persistent/DelegateSentryStore.java index 23f6a2d..e1737c2 100644 --- a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/generic/service/persistent/DelegateSentryStore.java +++ b/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/generic/service/persistent/DelegateSentryStore.java @@ -113,16 +113,16 @@ public class DelegateSentryStore implements SentryStoreLayer { throws SentryNoSuchObjectException { boolean rollbackTransaction = true; PersistenceManager pm = null; - role = toTrimmedLower(role); + String trimmedRole = toTrimmedLower(role); try { pm = openTransaction(); Query query = pm.newQuery(MSentryRole.class); query.setFilter("this.roleName == t"); query.declareParameters("java.lang.String t"); query.setUnique(true); - MSentryRole sentryRole = (MSentryRole) query.execute(role); + MSentryRole sentryRole = (MSentryRole) query.execute(trimmedRole); if (sentryRole == null) { - throw new SentryNoSuchObjectException("Role: " + role + " doesn't exist"); + throw new SentryNoSuchObjectException("Role: " + trimmedRole + " doesn't exist"); } else { pm.retrieve(sentryRole); sentryRole.removeGMPrivileges(); @@ -161,14 +161,14 @@ public class DelegateSentryStore implements SentryStoreLayer { public CommitContext alterRoleGrantPrivilege(String component, String role, PrivilegeObject privilege, String grantorPrincipal) throws SentryUserException { - role = toTrimmedLower(role); + String trimmedRole = toTrimmedLower(role); PersistenceManager pm = null; boolean rollbackTransaction = true; try{ pm = openTransaction(); - MSentryRole mRole = getRole(role, pm); + MSentryRole mRole = getRole(trimmedRole, pm); if (mRole == null) { - throw new SentryNoSuchObjectException("Role: " + role + " doesn't exist"); + throw new SentryNoSuchObjectException("Role: " + trimmedRole + " doesn't exist"); } /** * check with grant option @@ -192,14 +192,14 @@ public class DelegateSentryStore implements SentryStoreLayer { public CommitContext alterRoleRevokePrivilege(String component, String role, PrivilegeObject privilege, String grantorPrincipal) throws SentryUserException { - role = toTrimmedLower(role); + String trimmedRole = toTrimmedLower(role); PersistenceManager pm = null; boolean rollbackTransaction = true; try{ pm = openTransaction(); - MSentryRole mRole = getRole(role, pm); + MSentryRole mRole = getRole(trimmedRole, pm); if (mRole == null) { - throw new SentryNoSuchObjectException("Role: " + role + " doesn't exist"); + throw new SentryNoSuchObjectException("Role: " + trimmedRole + " doesn't exist"); } /** * check with grant option @@ -323,9 +323,9 @@ public class DelegateSentryStore implements SentryStoreLayer { @Override public Set<String> getGroupsByRoles(String component, Set<String> roles) throws SentryUserException { - roles = toTrimmedLower(roles); + Set<String> trimmedRoles = toTrimmedLower(roles); Set<String> groupNames = Sets.newHashSet(); - if (roles.size() == 0) { + if (trimmedRoles.size() == 0) { return groupNames; } @@ -337,7 +337,7 @@ public class DelegateSentryStore implements SentryStoreLayer { StringBuilder filters = new StringBuilder(); query.declareVariables("org.apache.sentry.provider.db.service.model.MSentryRole role"); List<String> rolesFiler = new LinkedList<String>(); - for (String role : roles) { + for (String role : trimmedRoles) { rolesFiler.add("role.roleName == \"" + role + "\" "); } filters.append("roles.contains(role) " + "&& (" + Joiner.on(" || ").join(rolesFiler) + ")"); @@ -393,33 +393,33 @@ public class DelegateSentryStore implements SentryStoreLayer { Preconditions.checkNotNull(component); Preconditions.checkNotNull(service); - component = toTrimmedLower(component); - service = toTrimmedLower(service); + String trimmedComponent = toTrimmedLower(component); + String trimmedService = toTrimmedLower(service); Set<PrivilegeObject> privileges = Sets.newHashSet(); PersistenceManager pm = null; try { pm = openTransaction(); //CaseInsensitive roleNames - roles = toTrimmedLower(roles); + Set<String> trimmedRoles = toTrimmedLower(roles); if (groups != null) { - roles.addAll(delegate.getRoleNamesForGroups(groups)); + trimmedRoles.addAll(delegate.getRoleNamesForGroups(groups)); } - if (roles.size() == 0) { + if (trimmedRoles.size() == 0) { return privileges; } Set<MSentryRole> mRoles = Sets.newHashSet(); - for (String role : roles) { + for (String role : trimmedRoles) { MSentryRole mRole = getRole(role, pm); if (mRole != null) { mRoles.add(mRole); } } //get the privileges - privileges.addAll(privilegeOperator.getPrivilegesByProvider(component, service, mRoles, authorizables, pm)); + privileges.addAll(privilegeOperator.getPrivilegesByProvider(trimmedComponent, trimmedService, mRoles, authorizables, pm)); } finally { if (pm != null) { commitTransaction(pm); http://git-wip-us.apache.org/repos/asf/sentry/blob/36cb81a8/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/generic/service/persistent/PrivilegeObject.java ---------------------------------------------------------------------- diff --git a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/generic/service/persistent/PrivilegeObject.java b/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/generic/service/persistent/PrivilegeObject.java index 05958fc..feab1e9 100644 --- a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/generic/service/persistent/PrivilegeObject.java +++ b/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/generic/service/persistent/PrivilegeObject.java @@ -25,7 +25,7 @@ import org.apache.sentry.core.common.Authorizable; import com.google.common.base.Preconditions; import com.google.common.collect.Lists; -public class PrivilegeObject { +public final class PrivilegeObject { private final String component; private final String service; private final String action; http://git-wip-us.apache.org/repos/asf/sentry/blob/36cb81a8/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/generic/service/thrift/NotificationHandlerInvoker.java ---------------------------------------------------------------------- diff --git a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/generic/service/thrift/NotificationHandlerInvoker.java b/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/generic/service/thrift/NotificationHandlerInvoker.java index 11b5456..1d9c246 100644 --- a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/generic/service/thrift/NotificationHandlerInvoker.java +++ b/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/generic/service/thrift/NotificationHandlerInvoker.java @@ -32,7 +32,7 @@ import com.google.common.collect.Lists; */ public class NotificationHandlerInvoker implements NotificationHandler { private static final Logger LOGGER = LoggerFactory.getLogger(NotificationHandlerInvoker.class); - List<? extends NotificationHandler> handlers = Lists.newArrayList(); + private List<? extends NotificationHandler> handlers = Lists.newArrayList(); public NotificationHandlerInvoker(List<? extends NotificationHandler> handlers) { this.handlers = handlers;
