http://git-wip-us.apache.org/repos/asf/sentry/blob/e72e6eac/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/tools/SentrySchemaTool.java ---------------------------------------------------------------------- diff --git a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/tools/SentrySchemaTool.java b/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/tools/SentrySchemaTool.java deleted file mode 100644 index d75e24b..0000000 --- a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/tools/SentrySchemaTool.java +++ /dev/null @@ -1,595 +0,0 @@ -/** - * Licensed to the Apache Software Foundation (ASF) under one - * or more contributor license agreements. See the NOTICE file - * distributed with this work for additional information - * regarding copyright ownership. The ASF licenses this file - * to you under the Apache License, Version 2.0 (the - * "License"); you may not use this file except in compliance - * with the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ -package org.apache.sentry.provider.db.tools; - -import java.io.BufferedReader; -import java.io.BufferedWriter; -import java.io.File; -import java.io.FileReader; -import java.io.FileWriter; -import java.io.IOException; -import java.io.PrintStream; -import java.net.MalformedURLException; -import java.sql.Connection; -import java.sql.DriverManager; -import java.sql.ResultSet; -import java.sql.SQLException; -import java.sql.Statement; -import java.util.ArrayList; -import java.util.IllegalFormatException; -import java.util.List; - -import org.apache.commons.cli.CommandLine; -import org.apache.commons.cli.CommandLineParser; -import org.apache.commons.cli.GnuParser; -import org.apache.commons.cli.HelpFormatter; -import org.apache.commons.cli.Option; -import org.apache.commons.cli.OptionBuilder; -import org.apache.commons.cli.OptionGroup; -import org.apache.commons.cli.Options; -import org.apache.commons.cli.ParseException; -import org.apache.commons.io.output.NullOutputStream; -import org.apache.hadoop.conf.Configuration; -import org.apache.hive.beeline.BeeLine; -import org.apache.sentry.Command; -import org.apache.sentry.core.common.exception.SentryUserException; -import org.apache.sentry.core.common.exception.SentrySiteConfigurationException; -import org.apache.sentry.provider.db.service.persistent.SentryStoreSchemaInfo; -import org.apache.sentry.provider.db.tools.SentrySchemaHelper.NestedScriptParser; -import org.apache.sentry.service.thrift.SentryService; -import org.apache.sentry.service.thrift.ServiceConstants; - -public class SentrySchemaTool { - private static final String SENTRY_SCRIP_DIR = File.separatorChar + "scripts" - + File.separatorChar + "sentrystore" + File.separatorChar + "upgrade"; - private String userName = null; - private String passWord = null; - private String connectionURL = null; - private String driver = null; - private boolean dryRun = false; - private String dbOpts = null; - private boolean verbose = false; - private final Configuration sentryConf; - private final String dbType; - private final SentryStoreSchemaInfo sentryStoreSchemaInfo; - - public SentrySchemaTool(Configuration sentryConf, String dbType) - throws SentryUserException, IOException { - this(System.getenv("SENTRY_HOME") + SENTRY_SCRIP_DIR, sentryConf, dbType); - } - - public SentrySchemaTool(String sentryScripPath, Configuration sentryConf, - String dbType) throws SentryUserException, IOException { - if (sentryScripPath == null || sentryScripPath.isEmpty()) { - throw new SentryUserException("No Sentry script dir provided"); - } - this.sentryConf = sentryConf; - this.dbType = dbType; - this.sentryStoreSchemaInfo = new SentryStoreSchemaInfo(sentryScripPath, - dbType); - userName = sentryConf.get(ServiceConstants.ServerConfig.SENTRY_STORE_JDBC_USER, - ServiceConstants.ServerConfig.SENTRY_STORE_JDBC_USER_DEFAULT); - //Password will be read from Credential provider specified using property - // CREDENTIAL_PROVIDER_PATH("hadoop.security.credential.provider.path" in sentry-site.xml - // it falls back to reading directly from sentry-site.xml - char[] passTmp = sentryConf.getPassword(ServiceConstants.ServerConfig.SENTRY_STORE_JDBC_PASS); - if(passTmp != null) { - passWord = new String(passTmp); - } else { - throw new SentrySiteConfigurationException("Error reading " + ServiceConstants.ServerConfig.SENTRY_STORE_JDBC_PASS); - } - - try { - connectionURL = getValidConfVar(ServiceConstants.ServerConfig.SENTRY_STORE_JDBC_URL); - if(dbType.equalsIgnoreCase(SentrySchemaHelper.DB_DERBY)) { - driver = sentryConf.get(ServiceConstants.ServerConfig.SENTRY_STORE_JDBC_DRIVER, - ServiceConstants.ServerConfig.SENTRY_STORE_JDBC_DRIVER_DEFAULT); - } else { - driver = getValidConfVar(ServiceConstants.ServerConfig.SENTRY_STORE_JDBC_DRIVER); - } - // load required JDBC driver - Class.forName(driver); - } catch (IOException e) { - throw new SentryUserException("Missing property: " + e.getMessage()); - } catch (ClassNotFoundException e) { - throw new SentryUserException("Failed to load driver", e); - } - } - - public Configuration getConfiguration() { - return sentryConf; - } - - public void setUserName(String userName) { - this.userName = userName; - } - - public void setPassWord(String passWord) { - this.passWord = passWord; - } - - public void setDryRun(boolean dryRun) { - this.dryRun = dryRun; - } - - public void setVerbose(boolean verbose) { - this.verbose = verbose; - } - - public String getDbOpts() { - return dbOpts; - } - - public void setDbOpts(String dbOpts) { - this.dbOpts = dbOpts; - } - - private static void printAndExit(Options cmdLineOptions) { - HelpFormatter formatter = new HelpFormatter(); - formatter.printHelp("schemaTool", cmdLineOptions); - System.exit(1); - } - - /*** - * Print Hive version and schema version - * @throws SentryUserException - */ - public void showInfo() throws SentryUserException { - Connection sentryStoreConn = getConnectionToMetastore(true); - System.out.println("Sentry distribution version:\t " - + SentryStoreSchemaInfo.getSentryVersion()); - System.out.println("SentryStore schema version:\t " - + getMetaStoreSchemaVersion(sentryStoreConn)); - } - - // read schema version from sentry store - private String getMetaStoreSchemaVersion(Connection sentryStoreConn) - throws SentryUserException { - String versionQuery; - if (SentrySchemaHelper.getDbCommandParser(dbType).needsQuotedIdentifier()) { - versionQuery = "select t.\"SCHEMA_VERSION\" from \"SENTRY_VERSION\" t"; - } else { - versionQuery = "select t.SCHEMA_VERSION from SENTRY_VERSION t"; - } - try (Statement stmt = sentryStoreConn.createStatement(); - ResultSet res = stmt.executeQuery(versionQuery)) { - if (!res.next()) { - throw new SentryUserException("Didn't find version data in sentry store"); - } - String currentSchemaVersion = res.getString(1); - sentryStoreConn.close(); - return currentSchemaVersion; - } catch (SQLException e) { - throw new SentryUserException("Failed to get schema version.", e); - } - } - - // test the connection sentry store using the config property - private void testConnectionToMetastore() throws SentryUserException { - try (Connection conn = getConnectionToMetastore(true)) { - conn.close(); - } catch (SQLException e) { - throw new SentryUserException("Failed to close sentry store connection", e); - } - } - - /*** - * get JDBC connection to sentry store db - * - * @param printInfo print connection parameters - * @return - * @throws SentryUserException - */ - private Connection getConnectionToMetastore(boolean printInfo) - throws SentryUserException { - if (printInfo) { - System.out.println("Sentry store connection URL:\t " + connectionURL); - System.out.println("Sentry store Connection Driver :\t " + driver); - System.out.println("Sentry store connection User:\t " + userName); - } - if (userName == null || userName.isEmpty()) { - throw new SentryUserException("UserName empty "); - } - try { - // Connect using the JDBC URL and user/pass from conf - return DriverManager.getConnection(connectionURL, userName, passWord); - } catch (SQLException e) { - throw new SentryUserException("Failed to make connection to Sentry store.", e); - } - } - - /** - * check if the current schema version in sentry store matches the Hive version - * @throws SentryUserException - */ - public void verifySchemaVersion() throws SentryUserException { - // don't check version if its a dry run - if (dryRun) { - return; - } - String newSchemaVersion = - getMetaStoreSchemaVersion(getConnectionToMetastore(false)); - // verify that the new version is added to schema - if (!sentryStoreSchemaInfo.getSentrySchemaVersion().equalsIgnoreCase( - newSchemaVersion)) { - throw new SentryUserException("Found unexpected schema version " - + newSchemaVersion); - } - } - - /** - * Perform sentry store schema upgrade. extract the current schema version from sentry store - * @throws SentryUserException - */ - public void doUpgrade() throws SentryUserException { - String fromVersion = getMetaStoreSchemaVersion(getConnectionToMetastore(false)); - if (fromVersion == null || fromVersion.isEmpty()) { - throw new SentryUserException( - "Schema version not stored in the sentry store. " - + - "Metastore schema is too old or corrupt. Try specifying the version manually"); - } - doUpgrade(fromVersion); - } - - /** - * Perform sentry store schema upgrade - * - * @param fromSchemaVer - * Existing version of the sentry store. If null, then read from the sentry store - * @throws SentryUserException - */ - public void doUpgrade(String fromSchemaVer) throws SentryUserException { - if (sentryStoreSchemaInfo.getSentrySchemaVersion().equals(fromSchemaVer)) { - System.out.println("No schema upgrade required from version " + fromSchemaVer); - return; - } - // Find the list of scripts to execute for this upgrade - List<String> upgradeScripts = - sentryStoreSchemaInfo.getUpgradeScripts(fromSchemaVer); - testConnectionToMetastore(); - System.out.println("Starting upgrade sentry store schema from version " + - fromSchemaVer + " to " - + sentryStoreSchemaInfo.getSentrySchemaVersion()); - String scriptDir = sentryStoreSchemaInfo.getSentryStoreScriptDir(); - try { - for (String scriptFile : upgradeScripts) { - System.out.println("Upgrade script " + scriptFile); - if (!dryRun) { - runBeeLine(scriptDir, scriptFile); - System.out.println("Completed " + scriptFile); - } - } - } catch (IOException eIO) { - throw new SentryUserException( - "Upgrade FAILED! Metastore state would be inconsistent !!", eIO); - } - - // Revalidated the new version after upgrade - verifySchemaVersion(); - } - - /** - * Initialize the sentry store schema to current version - * - * @throws SentryUserException - */ - public void doInit() throws SentryUserException { - doInit(sentryStoreSchemaInfo.getSentrySchemaVersion()); - - // Revalidated the new version after upgrade - verifySchemaVersion(); - } - - /** - * Initialize the sentry store schema - * - * @param toVersion - * If null then current hive version is used - * @throws SentryUserException - */ - public void doInit(String toVersion) throws SentryUserException { - testConnectionToMetastore(); - System.out.println("Starting sentry store schema initialization to " + toVersion); - - String initScriptDir = sentryStoreSchemaInfo.getSentryStoreScriptDir(); - String initScriptFile = sentryStoreSchemaInfo.generateInitFileName(toVersion); - - try { - System.out.println("Initialization script " + initScriptFile); - if (!dryRun) { - runBeeLine(initScriptDir, initScriptFile); - System.out.println("Initialization script completed"); - } - } catch (IOException e) { - throw new SentryUserException("Schema initialization FAILED!" - + " Metastore state would be inconsistent !!", e); - } - } - - // Flatten the nested upgrade script into a buffer - public static String buildCommand(NestedScriptParser dbCommandParser, - String scriptDir, String scriptFile) throws IllegalFormatException, IOException { - - BufferedReader bfReader = - new BufferedReader(new FileReader(scriptDir + File.separatorChar + scriptFile)); - String currLine; - StringBuilder sb = new StringBuilder(); - String currentCommand = null; - while ((currLine = bfReader.readLine()) != null) { - currLine = currLine.trim(); - if (currLine.isEmpty()) { - continue; // skip empty lines - } - - if (currentCommand == null) { - currentCommand = currLine; - } else { - currentCommand = currentCommand + " " + currLine; - } - if (dbCommandParser.isPartialCommand(currLine)) { - // if its a partial line, continue collecting the pieces - continue; - } - - // if this is a valid executable command then add it to the buffer - if (!dbCommandParser.isNonExecCommand(currentCommand)) { - currentCommand = dbCommandParser.cleanseCommand(currentCommand); - - if (dbCommandParser.isNestedScript(currentCommand)) { - // if this is a nested sql script then flatten it - String currScript = dbCommandParser.getScriptName(currentCommand); - sb.append(buildCommand(dbCommandParser, scriptDir, currScript)); - } else { - // Now we have a complete statement, process it - // write the line to buffer - sb.append(currentCommand); - sb.append(System.getProperty("line.separator")); - } - } - currentCommand = null; - } - bfReader.close(); - return sb.toString(); - } - - // run beeline on the given sentry store scrip, flatten the nested scripts into single file - private void runBeeLine(String scriptDir, String scriptFile) throws IOException { - NestedScriptParser dbCommandParser = - SentrySchemaHelper.getDbCommandParser(dbType); - dbCommandParser.setDbOpts(getDbOpts()); - // expand the nested script - String sqlCommands = buildCommand(dbCommandParser, scriptDir, scriptFile); - File tmpFile = File.createTempFile("schematool", ".sql"); - tmpFile.deleteOnExit(); - - // write out the buffer into a file. Add beeline commands for autocommit and close - try (FileWriter fstream = new FileWriter(tmpFile.getPath()); - BufferedWriter out = new BufferedWriter(fstream)) { - - out.write("!set Silent " + verbose + System.getProperty("line.separator")); - out.write("!autocommit on" + System.getProperty("line.separator")); - out.write("!set Isolation TRANSACTION_READ_COMMITTED" - + System.getProperty("line.separator")); - out.write("!set AllowMultiLineCommand false" - + System.getProperty("line.separator")); - out.write(sqlCommands); - out.write("!closeall" + System.getProperty("line.separator")); - out.close(); - } - runBeeLine(tmpFile.getPath()); - } - - // Generate the beeline args per hive conf and execute the given script - public void runBeeLine(String sqlScriptFile) throws IOException { - List<String> argList = new ArrayList<String>(); - argList.add("-u"); - argList.add(connectionURL); - argList.add("-d"); - argList - .add(driver); - argList.add("-n"); - argList.add(userName); - argList.add("-p"); - argList.add(passWord); - argList.add("-f"); - argList.add(sqlScriptFile); - - BeeLine beeLine = new BeeLine(); - if (!verbose) { - beeLine.setOutputStream(new PrintStream(new NullOutputStream())); - // beeLine.getOpts().setSilent(true); - } - // beeLine.getOpts().setAllowMultiLineCommand(false); - // beeLine.getOpts().setIsolation("TRANSACTION_READ_COMMITTED"); - int status = beeLine.begin(argList.toArray(new String[0]), null); - if (status != 0) { - throw new IOException("Schema script failed, errorcode " + status); - } - } - - private String getValidConfVar(String confVar) throws IOException { - String confVarKey = confVar; - String confVarValue = sentryConf.get(confVarKey); - if (confVarValue == null || confVarValue.isEmpty()) { - throw new IOException("Empty " + confVar); - } - return confVarValue; - } - - // Create the required command line options - @SuppressWarnings("static-access") - private static void initOptions(Options cmdLineOptions) { - Option help = new Option("help", "print this message"); - Option upgradeOpt = new Option("upgradeSchema", "Schema upgrade"); - Option upgradeFromOpt = OptionBuilder.withArgName("upgradeFrom").hasArg(). - withDescription("Schema upgrade from a version"). - create("upgradeSchemaFrom"); - Option initOpt = new Option("initSchema", "Schema initialization"); - Option initToOpt = OptionBuilder.withArgName("initTo").hasArg(). - withDescription("Schema initialization to a version"). - create("initSchemaTo"); - Option infoOpt = new Option("info", "Show config and schema details"); - - OptionGroup optGroup = new OptionGroup(); - optGroup.addOption(upgradeOpt).addOption(initOpt). - addOption(help).addOption(upgradeFromOpt). - addOption(initToOpt).addOption(infoOpt); - optGroup.setRequired(true); - - Option userNameOpt = OptionBuilder.withArgName("user") - .hasArg() - .withDescription("Override config file user name") - .create("userName"); - Option passwdOpt = OptionBuilder.withArgName("password") - .hasArg() - .withDescription("Override config file password") - .create("passWord"); - Option dbTypeOpt = OptionBuilder.withArgName("databaseType") - .hasArg().withDescription("Metastore database type [" + - SentrySchemaHelper.DB_DERBY + "," + - SentrySchemaHelper.DB_MYSQL + "," + - SentrySchemaHelper.DB_ORACLE + "," + - SentrySchemaHelper.DB_POSTGRACE + "," + - SentrySchemaHelper.DB_DB2 + "]") - .create("dbType"); - Option dbOpts = OptionBuilder.withArgName("databaseOpts") - .hasArgs().withDescription("Backend DB specific options") - .create("dbOpts"); - - Option dryRunOpt = new Option("dryRun", "list SQL scripts (no execute)"); - Option verboseOpt = new Option("verbose", "only print SQL statements"); - - Option configOpt = OptionBuilder.withArgName("confName").hasArgs() - .withDescription("Sentry Service configuration file").isRequired(true) - .create(ServiceConstants.ServiceArgs.CONFIG_FILE_LONG); - - cmdLineOptions.addOption(help); - cmdLineOptions.addOption(dryRunOpt); - cmdLineOptions.addOption(userNameOpt); - cmdLineOptions.addOption(passwdOpt); - cmdLineOptions.addOption(dbTypeOpt); - cmdLineOptions.addOption(verboseOpt); - cmdLineOptions.addOption(dbOpts); - cmdLineOptions.addOption(configOpt); - cmdLineOptions.addOptionGroup(optGroup); - } - - public static class CommandImpl implements Command { - @Override - public void run(String[] args) throws Exception { - CommandLineParser parser = new GnuParser(); - CommandLine line = null; - String dbType = null; - String schemaVer = null; - Options cmdLineOptions = new Options(); - String configFileName = null; - - // Argument handling - initOptions(cmdLineOptions); - try { - line = parser.parse(cmdLineOptions, args); - } catch (ParseException e) { - System.err.println("SentrySchemaTool:Parsing failed. Reason: " - + e.getLocalizedMessage()); - printAndExit(cmdLineOptions); - } - - if (line.hasOption("help")) { - HelpFormatter formatter = new HelpFormatter(); - formatter.printHelp("schemaTool", cmdLineOptions); - return; - } - - if (line.hasOption("dbType")) { - dbType = line.getOptionValue("dbType"); - if (!dbType.equalsIgnoreCase(SentrySchemaHelper.DB_DERBY) - && !dbType.equalsIgnoreCase(SentrySchemaHelper.DB_MYSQL) - && !dbType.equalsIgnoreCase(SentrySchemaHelper.DB_POSTGRACE) - && !dbType.equalsIgnoreCase(SentrySchemaHelper.DB_ORACLE) - && !dbType.equalsIgnoreCase(SentrySchemaHelper.DB_DB2)) { - System.err.println("Unsupported dbType " + dbType); - printAndExit(cmdLineOptions); - } - } else { - System.err.println("no dbType supplied"); - printAndExit(cmdLineOptions); - } - if (line.hasOption(ServiceConstants.ServiceArgs.CONFIG_FILE_LONG)) { - configFileName = line - .getOptionValue(ServiceConstants.ServiceArgs.CONFIG_FILE_LONG); - } else { - System.err.println("no config file specified"); - printAndExit(cmdLineOptions); - } - try { - SentrySchemaTool schemaTool = new SentrySchemaTool( - SentryService.loadConfig(configFileName), dbType); - - if (line.hasOption("userName")) { - schemaTool.setUserName(line.getOptionValue("userName")); - } - if (line.hasOption("passWord")) { - schemaTool.setPassWord(line.getOptionValue("passWord")); - } - if (line.hasOption("dryRun")) { - schemaTool.setDryRun(true); - } - if (line.hasOption("verbose")) { - schemaTool.setVerbose(true); - } - if (line.hasOption("dbOpts")) { - schemaTool.setDbOpts(line.getOptionValue("dbOpts")); - } - - if (line.hasOption("info")) { - schemaTool.showInfo(); - } else if (line.hasOption("upgradeSchema")) { - schemaTool.doUpgrade(); - } else if (line.hasOption("upgradeSchemaFrom")) { - schemaVer = line.getOptionValue("upgradeSchemaFrom"); - schemaTool.doUpgrade(schemaVer); - } else if (line.hasOption("initSchema")) { - schemaTool.doInit(); - } else if (line.hasOption("initSchemaTo")) { - schemaVer = line.getOptionValue("initSchemaTo"); - schemaTool.doInit(schemaVer); - } else { - System.err.println("no valid option supplied"); - printAndExit(cmdLineOptions); - } - } catch (SentryUserException e) { - System.err.println(e); - if (line.hasOption("verbose")) { - e.printStackTrace(); - } - System.err.println("*** Sentry schemaTool failed ***"); - System.exit(1); - } catch (MalformedURLException e) { - System.err.println(e); - if (line.hasOption("verbose")) { - e.printStackTrace(); - } - System.err.println("*** Sentry schemaTool failed ***"); - System.exit(1); - } - System.out.println("Sentry schemaTool completed"); - } - } - -}
http://git-wip-us.apache.org/repos/asf/sentry/blob/e72e6eac/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/service/thrift/GSSCallback.java ---------------------------------------------------------------------- diff --git a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/service/thrift/GSSCallback.java b/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/service/thrift/GSSCallback.java deleted file mode 100644 index b668b95..0000000 --- a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/service/thrift/GSSCallback.java +++ /dev/null @@ -1,110 +0,0 @@ -/** - * Licensed to the Apache Software Foundation (ASF) under one - * or more contributor license agreements. See the NOTICE file - * distributed with this work for additional information - * regarding copyright ownership. The ASF licenses this file - * to you under the Apache License, Version 2.0 (the - * "License"); you may not use this file except in compliance - * with the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ -package org.apache.sentry.service.thrift; - -import java.util.Arrays; -import java.util.List; - -import javax.security.auth.callback.Callback; -import javax.security.auth.callback.UnsupportedCallbackException; -import javax.security.sasl.AuthorizeCallback; - -import org.apache.hadoop.conf.Configuration; -import org.apache.hadoop.security.SaslRpcServer; -import org.apache.sentry.core.common.exception.ConnectionDeniedException; -import org.apache.sentry.service.thrift.ServiceConstants.ServerConfig; - -public class GSSCallback extends SaslRpcServer.SaslGssCallbackHandler { - - private final Configuration conf; - public GSSCallback(Configuration conf) { - super(); - this.conf = conf; - } - - boolean comparePrincipals(String principal1, String principal2) { - String[] principalParts1 = SaslRpcServer.splitKerberosName(principal1); - String[] principalParts2 = SaslRpcServer.splitKerberosName(principal2); - if (principalParts1.length == 0 || principalParts2.length == 0) { - return false; - } - if (principalParts1.length == principalParts2.length) { - for (int i=0; i < principalParts1.length; i++) { - if (!principalParts1[i].equals(principalParts2[i])) { - return false; - } - } - return true; - } else { - return false; - } - } - - boolean allowConnect(String principal) { - String allowedPrincipals = conf.get(ServerConfig.ALLOW_CONNECT); - if (allowedPrincipals == null) { - return false; - } - String principalShortName = getShortName(principal); - List<String> items = Arrays.asList(allowedPrincipals.split("\\s*,\\s*")); - for (String item : items) { - if (comparePrincipals(item, principalShortName)) { - return true; - } - } - return false; - } - - private String getShortName(String principal) { - String parts[] = SaslRpcServer.splitKerberosName(principal); - return parts[0]; - } - - @Override - public void handle(Callback[] callbacks) - throws UnsupportedCallbackException, ConnectionDeniedException { - AuthorizeCallback ac = null; - for (Callback callback : callbacks) { - if (callback instanceof AuthorizeCallback) { - ac = (AuthorizeCallback) callback; - } else { - throw new UnsupportedCallbackException(callback, - "Unrecognized SASL GSSAPI Callback"); - } - } - if (ac != null) { - String authid = ac.getAuthenticationID(); - String authzid = ac.getAuthorizationID(); - - if (allowConnect(authid)) { - if (authid.equals(authzid)) { - ac.setAuthorized(true); - } else { - ac.setAuthorized(false); - } - if (ac.isAuthorized()) { - ac.setAuthorizedID(authzid); - } - } else { - throw new ConnectionDeniedException(ac, - "Connection to sentry service denied due to lack of client credentials", - authid); - } - } - } -} \ No newline at end of file http://git-wip-us.apache.org/repos/asf/sentry/blob/e72e6eac/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/service/thrift/KerberosConfiguration.java ---------------------------------------------------------------------- diff --git a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/service/thrift/KerberosConfiguration.java b/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/service/thrift/KerberosConfiguration.java deleted file mode 100644 index 41e4fe4..0000000 --- a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/service/thrift/KerberosConfiguration.java +++ /dev/null @@ -1,107 +0,0 @@ -/** - * Licensed to the Apache Software Foundation (ASF) under one - * or more contributor license agreements. See the NOTICE file - * distributed with this work for additional information - * regarding copyright ownership. The ASF licenses this file - * to you under the Apache License, Version 2.0 (the - * "License"); you may not use this file except in compliance - * with the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ -package org.apache.sentry.service.thrift; - -import java.io.File; -import java.util.HashMap; -import java.util.Map; - -import javax.security.auth.login.AppConfigurationEntry; - -public class KerberosConfiguration extends javax.security.auth.login.Configuration { - private String principal; - private String keytab; - private boolean isInitiator; - private static final boolean IBM_JAVA = System.getProperty("java.vendor").contains("IBM"); - - private KerberosConfiguration(String principal, File keytab, - boolean client) { - this.principal = principal; - this.keytab = keytab.getAbsolutePath(); - this.isInitiator = client; - } - - public static javax.security.auth.login.Configuration createClientConfig(String principal, - File keytab) { - return new KerberosConfiguration(principal, keytab, true); - } - - public static javax.security.auth.login.Configuration createServerConfig(String principal, - File keytab) { - return new KerberosConfiguration(principal, keytab, false); - } - - private static String getKrb5LoginModuleName() { - return (IBM_JAVA ? "com.ibm.security.auth.module.Krb5LoginModule" - : "com.sun.security.auth.module.Krb5LoginModule"); - } - - @Override - public AppConfigurationEntry[] getAppConfigurationEntry(String name) { - Map<String, String> options = new HashMap<String, String>(); - - if (IBM_JAVA) { - // IBM JAVA's UseKeytab covers both keyTab and useKeyTab options - options.put("useKeytab",keytab.startsWith("file://") ? keytab : "file://" + keytab); - - options.put("principal", principal); - options.put("refreshKrb5Config", "true"); - - // Both "initiator" and "acceptor" - options.put("credsType", "both"); - } else { - options.put("keyTab", keytab); - options.put("principal", principal); - options.put("useKeyTab", "true"); - options.put("storeKey", "true"); - options.put("doNotPrompt", "true"); - options.put("useTicketCache", "true"); - options.put("renewTGT", "true"); - options.put("refreshKrb5Config", "true"); - options.put("isInitiator", Boolean.toString(isInitiator)); - } - - String ticketCache = System.getenv("KRB5CCNAME"); - if (IBM_JAVA) { - // If cache is specified via env variable, it takes priority - if (ticketCache != null) { - // IBM JAVA only respects system property so copy ticket cache to system property - // The first value searched when "useDefaultCcache" is true. - System.setProperty("KRB5CCNAME", ticketCache); - } else { - ticketCache = System.getProperty("KRB5CCNAME"); - } - - if (ticketCache != null) { - options.put("useDefaultCcache", "true"); - options.put("renewTGT", "true"); - } - } else { - if (ticketCache != null) { - options.put("ticketCache", ticketCache); - } - } - options.put("debug", "true"); - - return new AppConfigurationEntry[]{ - new AppConfigurationEntry(getKrb5LoginModuleName(), - AppConfigurationEntry.LoginModuleControlFlag.REQUIRED, - options)}; - } -} - http://git-wip-us.apache.org/repos/asf/sentry/blob/e72e6eac/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/service/thrift/ProcessorFactory.java ---------------------------------------------------------------------- diff --git a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/service/thrift/ProcessorFactory.java b/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/service/thrift/ProcessorFactory.java deleted file mode 100644 index a3bb6ab..0000000 --- a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/service/thrift/ProcessorFactory.java +++ /dev/null @@ -1,31 +0,0 @@ -/** - * Licensed to the Apache Software Foundation (ASF) under one - * or more contributor license agreements. See the NOTICE file - * distributed with this work for additional information - * regarding copyright ownership. The ASF licenses this file - * to you under the Apache License, Version 2.0 (the - * "License"); you may not use this file except in compliance - * with the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ -package org.apache.sentry.service.thrift; - -import org.apache.hadoop.conf.Configuration; -import org.apache.thrift.TMultiplexedProcessor; - -public abstract class ProcessorFactory { - protected final Configuration conf; - - public ProcessorFactory(Configuration conf) { - this.conf = conf; - } - - public abstract boolean register(TMultiplexedProcessor processor) throws Exception; -} http://git-wip-us.apache.org/repos/asf/sentry/blob/e72e6eac/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/service/thrift/SentryKerberosContext.java ---------------------------------------------------------------------- diff --git a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/service/thrift/SentryKerberosContext.java b/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/service/thrift/SentryKerberosContext.java deleted file mode 100644 index f54f161..0000000 --- a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/service/thrift/SentryKerberosContext.java +++ /dev/null @@ -1,157 +0,0 @@ -/** - * Licensed to the Apache Software Foundation (ASF) under one - * or more contributor license agreements. See the NOTICE file - * distributed with this work for additional information - * regarding copyright ownership. The ASF licenses this file - * to you under the Apache License, Version 2.0 (the - * "License"); you may not use this file except in compliance - * with the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -package org.apache.sentry.service.thrift; - -import java.io.File; -import java.util.HashSet; -import java.util.Set; - -import javax.security.auth.Subject; -import javax.security.auth.kerberos.KerberosPrincipal; -import javax.security.auth.kerberos.KerberosTicket; -import javax.security.auth.login.LoginContext; -import javax.security.auth.login.LoginException; - -import org.slf4j.Logger; -import org.slf4j.LoggerFactory; - -import com.google.common.collect.Sets; - -public class SentryKerberosContext implements Runnable { - private static final float TICKET_RENEW_WINDOW = 0.80f; - private static final Logger LOGGER = LoggerFactory - .getLogger(SentryKerberosContext.class); - private LoginContext loginContext; - private Subject subject; - private final javax.security.auth.login.Configuration kerberosConfig; - @Deprecated - private Thread renewerThread; - @Deprecated - private boolean shutDownRenewer = false; - - public SentryKerberosContext(String principal, String keyTab, boolean autoRenewTicket) - throws LoginException { - subject = new Subject(false, Sets.newHashSet(new KerberosPrincipal(principal)), - new HashSet<Object>(), new HashSet<Object>()); - kerberosConfig = KerberosConfiguration.createClientConfig(principal, new File(keyTab)); - loginWithNewContext(); - if (autoRenewTicket) { - startRenewerThread(); - } - } - - private void loginWithNewContext() throws LoginException { - LOGGER.info("Logging in with new Context"); - logoutSubject(); - loginContext = new LoginContext("", subject, null, kerberosConfig); - loginContext.login(); - subject = loginContext.getSubject(); - } - - private void logoutSubject() { - if (loginContext != null) { - try { - loginContext.logout(); - } catch (LoginException e) { - LOGGER.warn("Error logging out the subject", e); - } - } - loginContext = null; - } - - public Subject getSubject() { - return subject; - } - - /** - * Get the Kerberos TGT - * @return the user's TGT or null if none was found - */ - @Deprecated - private KerberosTicket getTGT() { - Set<KerberosTicket> tickets = subject.getPrivateCredentials(KerberosTicket.class); - for(KerberosTicket ticket: tickets) { - KerberosPrincipal server = ticket.getServer(); - if (server.getName().equals("krbtgt/" + server.getRealm() + - "@" + server.getRealm())) { - return ticket; - } - } - return null; - } - - @Deprecated - private long getRefreshTime(KerberosTicket tgt) { - long start = tgt.getStartTime().getTime(); - long end = tgt.getEndTime().getTime(); - LOGGER.debug("Ticket start time: " + start); - LOGGER.debug("Ticket End time: " + end); - return start + (long) ((end - start) * TICKET_RENEW_WINDOW); - } - - /*** - * Ticket renewer thread - * wait till 80% time interval left on the ticket and then renew it - */ - @Deprecated - @Override - public void run() { - try { - LOGGER.info("Sentry Ticket renewer thread started"); - while (!shutDownRenewer) { - KerberosTicket tgt = getTGT(); - if (tgt == null) { - LOGGER.warn("No ticket found in the cache"); - return; - } - long nextRefresh = getRefreshTime(tgt); - while (System.currentTimeMillis() < nextRefresh) { - Thread.sleep(1000); - if (shutDownRenewer) { - return; - } - } - loginWithNewContext(); - LOGGER.debug("Renewed ticket"); - } - } catch (InterruptedException e1) { - LOGGER.warn("Sentry Ticket renewer thread interrupted", e1); - return; - } catch (LoginException e) { - LOGGER.warn("Failed to renew ticket", e); - } finally { - logoutSubject(); - LOGGER.info("Sentry Ticket renewer thread finished"); - } - } - - @Deprecated - public void startRenewerThread() { - renewerThread = new Thread(this); - renewerThread.start(); - } - - public void shutDown() throws LoginException { - if (renewerThread != null) { - shutDownRenewer = true; - } else { - logoutSubject(); - } - } -} http://git-wip-us.apache.org/repos/asf/sentry/blob/e72e6eac/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/service/thrift/SentryService.java ---------------------------------------------------------------------- diff --git a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/service/thrift/SentryService.java b/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/service/thrift/SentryService.java deleted file mode 100644 index 5783649..0000000 --- a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/service/thrift/SentryService.java +++ /dev/null @@ -1,426 +0,0 @@ -/** - * Licensed to the Apache Software Foundation (ASF) under one - * or more contributor license agreements. See the NOTICE file - * distributed with this work for additional information - * regarding copyright ownership. The ASF licenses this file - * to you under the Apache License, Version 2.0 (the - * "License"); you may not use this file except in compliance - * with the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -package org.apache.sentry.service.thrift; - -import java.io.File; -import java.io.IOException; -import java.lang.reflect.Constructor; -import java.net.InetSocketAddress; -import java.net.MalformedURLException; -import java.net.ServerSocket; -import java.security.PrivilegedExceptionAction; -import java.util.ArrayList; -import java.util.EventListener; -import java.util.List; -import java.util.concurrent.Callable; -import java.util.concurrent.ExecutionException; -import java.util.concurrent.ExecutorService; -import java.util.concurrent.Executors; -import java.util.concurrent.Future; -import java.util.concurrent.ThreadFactory; - -import javax.security.auth.Subject; - -import org.apache.commons.cli.CommandLine; -import org.apache.commons.cli.CommandLineParser; -import org.apache.commons.cli.GnuParser; -import org.apache.commons.cli.HelpFormatter; -import org.apache.commons.cli.Options; -import org.apache.hadoop.conf.Configuration; -import org.apache.hadoop.net.NetUtils; -import org.apache.hadoop.security.SaslRpcServer; -import org.apache.hadoop.security.SaslRpcServer.AuthMethod; -import org.apache.hadoop.security.SecurityUtil; -import org.apache.sentry.Command; -import org.apache.sentry.provider.db.service.thrift.SentryHealthCheckServletContextListener; -import org.apache.sentry.provider.db.service.thrift.SentryMetricsServletContextListener; -import org.apache.sentry.provider.db.service.thrift.SentryWebServer; -import org.apache.sentry.service.thrift.ServiceConstants.ConfUtilties; -import org.apache.sentry.service.thrift.ServiceConstants.ServerConfig; -import org.apache.thrift.TMultiplexedProcessor; -import org.apache.thrift.protocol.TBinaryProtocol; -import org.apache.thrift.server.TServer; -import org.apache.thrift.server.TServerEventHandler; -import org.apache.thrift.server.TThreadPoolServer; -import org.apache.thrift.transport.TSaslServerTransport; -import org.apache.thrift.transport.TServerSocket; -import org.apache.thrift.transport.TServerTransport; -import org.apache.thrift.transport.TTransportFactory; -import org.eclipse.jetty.util.MultiException; -import org.slf4j.Logger; -import org.slf4j.LoggerFactory; - -import com.google.common.base.Preconditions; - -public class SentryService implements Callable { - - private static final Logger LOGGER = LoggerFactory - .getLogger(SentryService.class); - - private static enum Status { - NOT_STARTED(), STARTED(); - } - - private final Configuration conf; - private final InetSocketAddress address; - private final int maxThreads; - private final int minThreads; - private boolean kerberos; - private final String principal; - private final String[] principalParts; - private final String keytab; - private final ExecutorService serviceExecutor; - private Future serviceStatus; - private TServer thriftServer; - private Status status; - private int webServerPort; - private SentryWebServer sentryWebServer; - private long maxMessageSize; - - public SentryService(Configuration conf) { - this.conf = conf; - int port = conf - .getInt(ServerConfig.RPC_PORT, ServerConfig.RPC_PORT_DEFAULT); - if (port == 0) { - port = findFreePort(); - conf.setInt(ServerConfig.RPC_PORT, port); - } - this.address = NetUtils.createSocketAddr( - conf.get(ServerConfig.RPC_ADDRESS, ServerConfig.RPC_ADDRESS_DEFAULT), - port); - LOGGER.info("Configured on address " + address); - kerberos = ServerConfig.SECURITY_MODE_KERBEROS.equalsIgnoreCase( - conf.get(ServerConfig.SECURITY_MODE, ServerConfig.SECURITY_MODE_KERBEROS).trim()); - maxThreads = conf.getInt(ServerConfig.RPC_MAX_THREADS, - ServerConfig.RPC_MAX_THREADS_DEFAULT); - minThreads = conf.getInt(ServerConfig.RPC_MIN_THREADS, - ServerConfig.RPC_MIN_THREADS_DEFAULT); - maxMessageSize = conf.getLong(ServerConfig.SENTRY_POLICY_SERVER_THRIFT_MAX_MESSAGE_SIZE, - ServerConfig.SENTRY_POLICY_SERVER_THRIFT_MAX_MESSAGE_SIZE_DEFAULT); - if (kerberos) { - // Use Hadoop libraries to translate the _HOST placeholder with actual hostname - try { - String rawPrincipal = Preconditions.checkNotNull(conf.get(ServerConfig.PRINCIPAL), ServerConfig.PRINCIPAL + " is required"); - principal = SecurityUtil.getServerPrincipal(rawPrincipal, address.getAddress()); - } catch(IOException io) { - throw new RuntimeException("Can't translate kerberos principal'", io); - } - LOGGER.info("Using kerberos principal: " + principal); - - principalParts = SaslRpcServer.splitKerberosName(principal); - Preconditions.checkArgument(principalParts.length == 3, - "Kerberos principal should have 3 parts: " + principal); - keytab = Preconditions.checkNotNull(conf.get(ServerConfig.KEY_TAB), - ServerConfig.KEY_TAB + " is required"); - File keytabFile = new File(keytab); - Preconditions.checkState(keytabFile.isFile() && keytabFile.canRead(), - "Keytab " + keytab + " does not exist or is not readable."); - } else { - principal = null; - principalParts = null; - keytab = null; - } - serviceExecutor = Executors.newSingleThreadExecutor(new ThreadFactory() { - private int count = 0; - - @Override - public Thread newThread(Runnable r) { - return new Thread(r, SentryService.class.getSimpleName() + "-" - + (count++)); - } - }); - webServerPort = conf.getInt(ServerConfig.SENTRY_WEB_PORT, ServerConfig.SENTRY_WEB_PORT_DEFAULT); - status = Status.NOT_STARTED; - } - - @Override - public String call() throws Exception { - SentryKerberosContext kerberosContext = null; - try { - status = Status.STARTED; - if (kerberos) { - Boolean autoRenewTicket = conf.getBoolean(ServerConfig.SENTRY_KERBEROS_TGT_AUTORENEW, ServerConfig.SENTRY_KERBEROS_TGT_AUTORENEW_DEFAULT); - kerberosContext = new SentryKerberosContext(principal, keytab, autoRenewTicket); - Subject.doAs(kerberosContext.getSubject(), new PrivilegedExceptionAction<Void>() { - @Override - public Void run() throws Exception { - runServer(); - return null; - } - }); - } else { - runServer(); - } - } catch (Exception t) { - LOGGER.error("Error starting server", t); - throw new Exception("Error starting server", t); - } finally { - if (kerberosContext != null) { - kerberosContext.shutDown(); - } - status = Status.NOT_STARTED; - } - return null; - } - - private void runServer() throws Exception { - Iterable<String> processorFactories = ConfUtilties.CLASS_SPLITTER - .split(conf.get(ServerConfig.PROCESSOR_FACTORIES, - ServerConfig.PROCESSOR_FACTORIES_DEFAULT).trim()); - TMultiplexedProcessor processor = new TMultiplexedProcessor(); - boolean registeredProcessor = false; - for (String processorFactory : processorFactories) { - Class<?> clazz = conf.getClassByName(processorFactory); - if (!ProcessorFactory.class.isAssignableFrom(clazz)) { - throw new IllegalArgumentException("Processor Factory " - + processorFactory + " is not a " - + ProcessorFactory.class.getName()); - } - try { - Constructor<?> constructor = clazz - .getConstructor(Configuration.class); - LOGGER.info("ProcessorFactory being used: " + clazz.getCanonicalName()); - ProcessorFactory factory = (ProcessorFactory) constructor - .newInstance(conf); - boolean registerStatus = factory.register(processor); - if (!registerStatus) { - LOGGER.error("Failed to register " + clazz.getCanonicalName()); - } - registeredProcessor = registerStatus || registeredProcessor; - } catch (Exception e) { - throw new IllegalStateException("Could not create " - + processorFactory, e); - } - } - if (!registeredProcessor) { - throw new IllegalStateException( - "Failed to register any processors from " + processorFactories); - } - TServerTransport serverTransport = new TServerSocket(address); - TTransportFactory transportFactory = null; - if (kerberos) { - TSaslServerTransport.Factory saslTransportFactory = new TSaslServerTransport.Factory(); - saslTransportFactory.addServerDefinition(AuthMethod.KERBEROS - .getMechanismName(), principalParts[0], principalParts[1], - ServerConfig.SASL_PROPERTIES, new GSSCallback(conf)); - transportFactory = saslTransportFactory; - } else { - transportFactory = new TTransportFactory(); - } - TThreadPoolServer.Args args = new TThreadPoolServer.Args( - serverTransport).processor(processor) - .transportFactory(transportFactory) - .protocolFactory(new TBinaryProtocol.Factory(true, true, maxMessageSize, maxMessageSize)) - .minWorkerThreads(minThreads).maxWorkerThreads(maxThreads); - thriftServer = new TThreadPoolServer(args); - LOGGER.info("Serving on " + address); - startSentryWebServer(); - thriftServer.serve(); - } - - private void startSentryWebServer() throws Exception{ - Boolean sentryReportingEnable = conf.getBoolean(ServerConfig.SENTRY_WEB_ENABLE, - ServerConfig.SENTRY_WEB_ENABLE_DEFAULT); - if(sentryReportingEnable) { - List<EventListener> listenerList = new ArrayList<EventListener>(); - listenerList.add(new SentryHealthCheckServletContextListener()); - listenerList.add(new SentryMetricsServletContextListener()); - sentryWebServer = new SentryWebServer(listenerList, webServerPort, conf); - sentryWebServer.start(); - } - - } - - private void stopSentryWebServer() throws Exception{ - if( sentryWebServer != null) { - sentryWebServer.stop(); - sentryWebServer = null; - } - } - - public InetSocketAddress getAddress() { - return address; - } - - public synchronized boolean isRunning() { - return status == Status.STARTED && thriftServer != null - && thriftServer.isServing(); - } - - public synchronized void start() throws Exception{ - if (status != Status.NOT_STARTED) { - throw new IllegalStateException("Cannot start when " + status); - } - LOGGER.info("Attempting to start..."); - serviceStatus = serviceExecutor.submit(this); - } - - public synchronized void stop() throws Exception{ - MultiException exception = null; - LOGGER.info("Attempting to stop..."); - if (isRunning()) { - LOGGER.info("Attempting to stop sentry thrift service..."); - try { - thriftServer.stop(); - thriftServer = null; - status = Status.NOT_STARTED; - } catch (Exception e) { - LOGGER.error("Error while stopping sentry thrift service", e); - exception = addMultiException(exception,e); - } - } else { - thriftServer = null; - status = Status.NOT_STARTED; - LOGGER.info("Sentry thrift service is already stopped..."); - } - if (isWebServerRunning()) { - try { - LOGGER.info("Attempting to stop sentry web service..."); - stopSentryWebServer(); - } catch (Exception e) { - LOGGER.error("Error while stopping sentry web service", e); - exception = addMultiException(exception,e); - } - } else { - LOGGER.info("Sentry web service is already stopped..."); - } - if (exception != null) { - exception.ifExceptionThrow(); - } - LOGGER.info("Stopped..."); - } - - // wait for the service thread to finish execution - public synchronized void waitOnFuture() throws ExecutionException, InterruptedException { - LOGGER.info("Waiting on future.get()"); - serviceStatus.get(); - } - - private MultiException addMultiException(MultiException exception, Exception e) { - MultiException newException = exception; - if (newException == null) { - newException = new MultiException(); - } - newException.add(e); - return newException; - } - - private boolean isWebServerRunning() { - return sentryWebServer != null - && sentryWebServer.isAlive(); - } - - private static int findFreePort() { - int attempts = 0; - while (attempts++ <= 1000) { - try { - ServerSocket s = new ServerSocket(0); - int port = s.getLocalPort(); - s.close(); - return port; - } catch (IOException e) { - // ignore and retry - } - } - throw new IllegalStateException("Unable to find a port after 1000 attempts"); - } - - public static Configuration loadConfig(String configFileName) - throws MalformedURLException { - File configFile = null; - if (configFileName == null) { - throw new IllegalArgumentException("Usage: " - + ServiceConstants.ServiceArgs.CONFIG_FILE_LONG - + " path/to/sentry-service.xml"); - } else if (!((configFile = new File(configFileName)).isFile() && configFile - .canRead())) { - throw new IllegalArgumentException("Cannot read configuration file " - + configFile); - } - Configuration conf = new Configuration(false); - conf.addResource(configFile.toURI().toURL()); - return conf; - } - - public static class CommandImpl implements Command { - @Override - public void run(String[] args) throws Exception { - CommandLineParser parser = new GnuParser(); - Options options = new Options(); - options.addOption(ServiceConstants.ServiceArgs.CONFIG_FILE_SHORT, - ServiceConstants.ServiceArgs.CONFIG_FILE_LONG, - true, "Sentry Service configuration file"); - CommandLine commandLine = parser.parse(options, args); - String configFileName = commandLine.getOptionValue(ServiceConstants. - ServiceArgs.CONFIG_FILE_LONG); - File configFile = null; - if (configFileName == null || commandLine.hasOption("h") || commandLine.hasOption("help")) { - // print usage - HelpFormatter formatter = new HelpFormatter(); - formatter.printHelp("sentry --command service", options); - System.exit(-1); - } else if(!((configFile = new File(configFileName)).isFile() && configFile.canRead())) { - throw new IllegalArgumentException("Cannot read configuration file " + configFile); - } - Configuration serverConf = loadConfig(configFileName); - final SentryService server = new SentryService(serverConf); - server.start(); - Runtime.getRuntime().addShutdownHook(new Thread() { - @Override - public void run() { - LOGGER.info("ShutdownHook shutting down server"); - try { - server.stop(); - } catch (Throwable t) { - LOGGER.error("Error stopping SentryService", t); - } - } - }); - - // Let's wait on the service to stop - try { - server.waitOnFuture(); - } finally { - server.serviceExecutor.shutdown(); - } - } - } - - public Configuration getConf() { - return conf; - } - - /** - * Add Thrift event handler to underlying thrift threadpool server - * @param eventHandler - */ - public void setThriftEventHandler(TServerEventHandler eventHandler) throws IllegalStateException { - if (thriftServer == null) { - throw new IllegalStateException("Server is not initialized or stopped"); - } - thriftServer.setServerEventHandler(eventHandler); - } - - public TServerEventHandler getThriftEventHandler() throws IllegalStateException { - if (thriftServer == null) { - throw new IllegalStateException("Server is not initialized or stopped"); - } - return thriftServer.getEventHandler(); - } -} http://git-wip-us.apache.org/repos/asf/sentry/blob/e72e6eac/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/service/thrift/SentryServiceFactory.java ---------------------------------------------------------------------- diff --git a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/service/thrift/SentryServiceFactory.java b/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/service/thrift/SentryServiceFactory.java deleted file mode 100644 index 1685702..0000000 --- a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/service/thrift/SentryServiceFactory.java +++ /dev/null @@ -1,28 +0,0 @@ -/** - * Licensed to the Apache Software Foundation (ASF) under one - * or more contributor license agreements. See the NOTICE file - * distributed with this work for additional information - * regarding copyright ownership. The ASF licenses this file - * to you under the Apache License, Version 2.0 (the - * "License"); you may not use this file except in compliance - * with the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -package org.apache.sentry.service.thrift; -import org.apache.hadoop.conf.Configuration; - -public class SentryServiceFactory { - - public SentryService create(Configuration conf) throws Exception { - return new SentryService(conf); - } - -} \ No newline at end of file http://git-wip-us.apache.org/repos/asf/sentry/blob/e72e6eac/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/service/thrift/SentryServiceUtil.java ---------------------------------------------------------------------- diff --git a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/service/thrift/SentryServiceUtil.java b/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/service/thrift/SentryServiceUtil.java deleted file mode 100644 index ce73358..0000000 --- a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/service/thrift/SentryServiceUtil.java +++ /dev/null @@ -1,158 +0,0 @@ -/** - * Licensed to the Apache Software Foundation (ASF) under one - * or more contributor license agreements. See the NOTICE file - * distributed with this work for additional information - * regarding copyright ownership. The ASF licenses this file - * to you under the Apache License, Version 2.0 (the - * "License"); you may not use this file except in compliance - * with the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -package org.apache.sentry.service.thrift; - -import java.util.HashMap; -import java.util.List; -import java.util.Map; - -import org.apache.commons.lang.StringUtils; -import org.apache.sentry.core.common.utils.SentryConstants; -import org.apache.sentry.core.common.utils.KeyValue; -import org.apache.sentry.core.common.utils.PolicyFileConstants; -import org.apache.sentry.provider.db.service.thrift.TSentryGrantOption; -import org.apache.sentry.provider.db.service.thrift.TSentryPrivilege; -import org.apache.sentry.service.thrift.ServiceConstants.PrivilegeScope; - -import com.google.common.collect.Lists; - -public final class SentryServiceUtil { - - // parse the privilege in String and get the TSentryPrivilege as result - public static TSentryPrivilege convertToTSentryPrivilege(String privilegeStr) { - TSentryPrivilege tSentryPrivilege = new TSentryPrivilege(); - for (String authorizable : SentryConstants.AUTHORIZABLE_SPLITTER.split(privilegeStr)) { - KeyValue tempKV = new KeyValue(authorizable); - String key = tempKV.getKey(); - String value = tempKV.getValue(); - - if (PolicyFileConstants.PRIVILEGE_SERVER_NAME.equalsIgnoreCase(key)) { - tSentryPrivilege.setServerName(value); - } else if (PolicyFileConstants.PRIVILEGE_DATABASE_NAME.equalsIgnoreCase(key)) { - tSentryPrivilege.setDbName(value); - } else if (PolicyFileConstants.PRIVILEGE_TABLE_NAME.equalsIgnoreCase(key)) { - tSentryPrivilege.setTableName(value); - } else if (PolicyFileConstants.PRIVILEGE_COLUMN_NAME.equalsIgnoreCase(key)) { - tSentryPrivilege.setColumnName(value); - } else if (PolicyFileConstants.PRIVILEGE_URI_NAME.equalsIgnoreCase(key)) { - tSentryPrivilege.setURI(value); - } else if (PolicyFileConstants.PRIVILEGE_ACTION_NAME.equalsIgnoreCase(key)) { - tSentryPrivilege.setAction(value); - } else if (PolicyFileConstants.PRIVILEGE_GRANT_OPTION_NAME.equalsIgnoreCase(key)) { - TSentryGrantOption grantOption = "true".equalsIgnoreCase(value) ? TSentryGrantOption.TRUE - : TSentryGrantOption.FALSE; - tSentryPrivilege.setGrantOption(grantOption); - } - } - tSentryPrivilege.setPrivilegeScope(getPrivilegeScope(tSentryPrivilege)); - return tSentryPrivilege; - } - - /** - * Parse the object path from string to map. - * @param objectPath the string format as db=db1->table=tbl1 - * @return Map - */ - public static Map<String, String> parseObjectPath(String objectPath) { - Map<String, String> objectMap = new HashMap<String, String>(); - if (StringUtils.isEmpty(objectPath)) { - return objectMap; - } - for (String kvStr : SentryConstants.AUTHORIZABLE_SPLITTER.split(objectPath)) { - KeyValue kv = new KeyValue(kvStr); - String key = kv.getKey(); - String value = kv.getValue(); - - if (PolicyFileConstants.PRIVILEGE_DATABASE_NAME.equalsIgnoreCase(key)) { - objectMap.put(PolicyFileConstants.PRIVILEGE_DATABASE_NAME, value); - } else if (PolicyFileConstants.PRIVILEGE_TABLE_NAME.equalsIgnoreCase(key)) { - objectMap.put(PolicyFileConstants.PRIVILEGE_TABLE_NAME, value); - } - } - return objectMap; - } - - // for the different hierarchy for hive: - // 1: server->url - // 2: server->database->table->column - // if both of them are found in the privilege string, the privilege scope will be set as - // PrivilegeScope.URI - public static String getPrivilegeScope(TSentryPrivilege tSentryPrivilege) { - PrivilegeScope privilegeScope = PrivilegeScope.SERVER; - if (!StringUtils.isEmpty(tSentryPrivilege.getURI())) { - privilegeScope = PrivilegeScope.URI; - } else if (!StringUtils.isEmpty(tSentryPrivilege.getColumnName())) { - privilegeScope = PrivilegeScope.COLUMN; - } else if (!StringUtils.isEmpty(tSentryPrivilege.getTableName())) { - privilegeScope = PrivilegeScope.TABLE; - } else if (!StringUtils.isEmpty(tSentryPrivilege.getDbName())) { - privilegeScope = PrivilegeScope.DATABASE; - } - return privilegeScope.toString(); - } - - // convert TSentryPrivilege to privilege in string - public static String convertTSentryPrivilegeToStr(TSentryPrivilege tSentryPrivilege) { - List<String> privileges = Lists.newArrayList(); - if (tSentryPrivilege != null) { - String serverName = tSentryPrivilege.getServerName(); - String dbName = tSentryPrivilege.getDbName(); - String tableName = tSentryPrivilege.getTableName(); - String columnName = tSentryPrivilege.getColumnName(); - String uri = tSentryPrivilege.getURI(); - String action = tSentryPrivilege.getAction(); - String grantOption = (tSentryPrivilege.getGrantOption() == TSentryGrantOption.TRUE ? "true" - : "false"); - if (!StringUtils.isEmpty(serverName)) { - privileges.add(SentryConstants.KV_JOINER.join(PolicyFileConstants.PRIVILEGE_SERVER_NAME, - serverName)); - if (!StringUtils.isEmpty(uri)) { - privileges.add(SentryConstants.KV_JOINER.join(PolicyFileConstants.PRIVILEGE_URI_NAME, - uri)); - } else if (!StringUtils.isEmpty(dbName)) { - privileges.add(SentryConstants.KV_JOINER.join( - PolicyFileConstants.PRIVILEGE_DATABASE_NAME, dbName)); - if (!StringUtils.isEmpty(tableName)) { - privileges.add(SentryConstants.KV_JOINER.join( - PolicyFileConstants.PRIVILEGE_TABLE_NAME, tableName)); - if (!StringUtils.isEmpty(columnName)) { - privileges.add(SentryConstants.KV_JOINER.join( - PolicyFileConstants.PRIVILEGE_COLUMN_NAME, columnName)); - } - } - } - if (!StringUtils.isEmpty(action)) { - privileges.add(SentryConstants.KV_JOINER.join( - PolicyFileConstants.PRIVILEGE_ACTION_NAME, action)); - } - } - // only append the grant option to privilege string if it's true - if ("true".equals(grantOption)) { - privileges.add(SentryConstants.KV_JOINER.join( - PolicyFileConstants.PRIVILEGE_GRANT_OPTION_NAME, grantOption)); - } - } - return SentryConstants.AUTHORIZABLE_JOINER.join(privileges); - } - - private SentryServiceUtil() { - // Make constructor private to avoid instantiation - } - -} http://git-wip-us.apache.org/repos/asf/sentry/blob/e72e6eac/sentry-provider/sentry-provider-db/src/main/resources/001-SENTRY-327.derby.sql ---------------------------------------------------------------------- diff --git a/sentry-provider/sentry-provider-db/src/main/resources/001-SENTRY-327.derby.sql b/sentry-provider/sentry-provider-db/src/main/resources/001-SENTRY-327.derby.sql deleted file mode 100644 index 04353d1..0000000 --- a/sentry-provider/sentry-provider-db/src/main/resources/001-SENTRY-327.derby.sql +++ /dev/null @@ -1,2 +0,0 @@ --- SENTRY-327 -ALTER TABLE SENTRY_DB_PRIVILEGE ADD COLUMN WITH_GRANT_OPTION CHAR(1) NOT NULL DEFAULT 'N'; http://git-wip-us.apache.org/repos/asf/sentry/blob/e72e6eac/sentry-provider/sentry-provider-db/src/main/resources/001-SENTRY-327.mysql.sql ---------------------------------------------------------------------- diff --git a/sentry-provider/sentry-provider-db/src/main/resources/001-SENTRY-327.mysql.sql b/sentry-provider/sentry-provider-db/src/main/resources/001-SENTRY-327.mysql.sql deleted file mode 100644 index 7d96bc0..0000000 --- a/sentry-provider/sentry-provider-db/src/main/resources/001-SENTRY-327.mysql.sql +++ /dev/null @@ -1,2 +0,0 @@ --- SENTRY-327 -ALTER TABLE `SENTRY_DB_PRIVILEGE` ADD `WITH_GRANT_OPTION` CHAR(1) NOT NULL DEFAULT 'N'; http://git-wip-us.apache.org/repos/asf/sentry/blob/e72e6eac/sentry-provider/sentry-provider-db/src/main/resources/001-SENTRY-327.oracle.sql ---------------------------------------------------------------------- diff --git a/sentry-provider/sentry-provider-db/src/main/resources/001-SENTRY-327.oracle.sql b/sentry-provider/sentry-provider-db/src/main/resources/001-SENTRY-327.oracle.sql deleted file mode 100644 index f42ccdf..0000000 --- a/sentry-provider/sentry-provider-db/src/main/resources/001-SENTRY-327.oracle.sql +++ /dev/null @@ -1,2 +0,0 @@ --- SENTRY-327 -ALTER TABLE SENTRY_DB_PRIVILEGE ADD WITH_GRANT_OPTION CHAR(1) DEFAULT 'N' NOT NULL; http://git-wip-us.apache.org/repos/asf/sentry/blob/e72e6eac/sentry-provider/sentry-provider-db/src/main/resources/001-SENTRY-327.postgres.sql ---------------------------------------------------------------------- diff --git a/sentry-provider/sentry-provider-db/src/main/resources/001-SENTRY-327.postgres.sql b/sentry-provider/sentry-provider-db/src/main/resources/001-SENTRY-327.postgres.sql deleted file mode 100644 index 1b670ec..0000000 --- a/sentry-provider/sentry-provider-db/src/main/resources/001-SENTRY-327.postgres.sql +++ /dev/null @@ -1,2 +0,0 @@ --- SENTRY-327 -ALTER TABLE "SENTRY_DB_PRIVILEGE" ADD COLUMN "WITH_GRANT_OPTION" CHAR(1) NOT NULL DEFAULT 'N'; http://git-wip-us.apache.org/repos/asf/sentry/blob/e72e6eac/sentry-provider/sentry-provider-db/src/main/resources/002-SENTRY-339.derby.sql ---------------------------------------------------------------------- diff --git a/sentry-provider/sentry-provider-db/src/main/resources/002-SENTRY-339.derby.sql b/sentry-provider/sentry-provider-db/src/main/resources/002-SENTRY-339.derby.sql deleted file mode 100644 index 647e9e2..0000000 --- a/sentry-provider/sentry-provider-db/src/main/resources/002-SENTRY-339.derby.sql +++ /dev/null @@ -1,13 +0,0 @@ --- SENTRY-339 -DROP INDEX SENTRYPRIVILEGENAME; -CREATE UNIQUE INDEX SENTRYPRIVILEGENAME ON SENTRY_DB_PRIVILEGE ("SERVER_NAME",DB_NAME,"TABLE_NAME",URI,"ACTION",WITH_GRANT_OPTION); - -ALTER TABLE SENTRY_DB_PRIVILEGE DROP COLUMN PRIVILEGE_NAME; - -ALTER TABLE SENTRY_DB_PRIVILEGE ALTER COLUMN DB_NAME SET DEFAULT '__NULL__'; -ALTER TABLE SENTRY_DB_PRIVILEGE ALTER COLUMN TABLE_NAME SET DEFAULT '__NULL__'; -ALTER TABLE SENTRY_DB_PRIVILEGE ALTER COLUMN URI SET DEFAULT '__NULL__'; - -UPDATE SENTRY_DB_PRIVILEGE SET DB_NAME = DEFAULT WHERE DB_NAME is null; -UPDATE SENTRY_DB_PRIVILEGE SET TABLE_NAME = DEFAULT WHERE TABLE_NAME is null; -UPDATE SENTRY_DB_PRIVILEGE SET URI = DEFAULT WHERE URI is null; http://git-wip-us.apache.org/repos/asf/sentry/blob/e72e6eac/sentry-provider/sentry-provider-db/src/main/resources/002-SENTRY-339.mysql.sql ---------------------------------------------------------------------- diff --git a/sentry-provider/sentry-provider-db/src/main/resources/002-SENTRY-339.mysql.sql b/sentry-provider/sentry-provider-db/src/main/resources/002-SENTRY-339.mysql.sql deleted file mode 100644 index cd4ec7c..0000000 --- a/sentry-provider/sentry-provider-db/src/main/resources/002-SENTRY-339.mysql.sql +++ /dev/null @@ -1,13 +0,0 @@ --- SENTRY-339 -ALTER TABLE `SENTRY_DB_PRIVILEGE` DROP INDEX `SENTRY_DB_PRIV_PRIV_NAME_UNIQ`; -ALTER TABLE `SENTRY_DB_PRIVILEGE` ADD UNIQUE `SENTRY_DB_PRIV_PRIV_NAME_UNIQ` (`SERVER_NAME`,`DB_NAME`,`TABLE_NAME`,`URI`(250),`ACTION`,`WITH_GRANT_OPTION`); -ALTER TABLE `SENTRY_DB_PRIVILEGE` DROP `PRIVILEGE_NAME`; - -ALTER TABLE SENTRY_DB_PRIVILEGE ALTER COLUMN DB_NAME SET DEFAULT '__NULL__'; -ALTER TABLE SENTRY_DB_PRIVILEGE ALTER COLUMN TABLE_NAME SET DEFAULT '__NULL__'; -ALTER TABLE SENTRY_DB_PRIVILEGE ALTER COLUMN URI SET DEFAULT '__NULL__'; - -UPDATE SENTRY_DB_PRIVILEGE SET DB_NAME = DEFAULT WHERE DB_NAME is null; -UPDATE SENTRY_DB_PRIVILEGE SET TABLE_NAME = DEFAULT WHERE TABLE_NAME is null; -UPDATE SENTRY_DB_PRIVILEGE SET URI = DEFAULT WHERE URI is null; - http://git-wip-us.apache.org/repos/asf/sentry/blob/e72e6eac/sentry-provider/sentry-provider-db/src/main/resources/002-SENTRY-339.oracle.sql ---------------------------------------------------------------------- diff --git a/sentry-provider/sentry-provider-db/src/main/resources/002-SENTRY-339.oracle.sql b/sentry-provider/sentry-provider-db/src/main/resources/002-SENTRY-339.oracle.sql deleted file mode 100644 index f5f596d..0000000 --- a/sentry-provider/sentry-provider-db/src/main/resources/002-SENTRY-339.oracle.sql +++ /dev/null @@ -1,13 +0,0 @@ --- SENTRY-339 -ALTER TABLE SENTRY_DB_PRIVILEGE DROP CONSTRAINT "SENTRY_DB_PRIV_PRIV_NAME_UNIQ" DROP INDEX; -ALTER TABLE SENTRY_DB_PRIVILEGE ADD CONSTRAINT "SENTRY_DB_PRIV_PRIV_NAME_UNIQ" UNIQUE ("SERVER_NAME","DB_NAME","TABLE_NAME","URI","ACTION","WITH_GRANT_OPTION"); -ALTER TABLE SENTRY_DB_PRIVILEGE DROP COLUMN PRIVILEGE_NAME; - -ALTER TABLE SENTRY_DB_PRIVILEGE MODIFY DB_NAME DEFAULT '__NULL__'; -ALTER TABLE SENTRY_DB_PRIVILEGE MODIFY TABLE_NAME DEFAULT '__NULL__'; -ALTER TABLE SENTRY_DB_PRIVILEGE MODIFY URI DEFAULT '__NULL__'; - -UPDATE SENTRY_DB_PRIVILEGE SET DB_NAME = DEFAULT WHERE DB_NAME is null; -UPDATE SENTRY_DB_PRIVILEGE SET TABLE_NAME = DEFAULT WHERE TABLE_NAME is null; -UPDATE SENTRY_DB_PRIVILEGE SET URI = DEFAULT WHERE URI is null; - http://git-wip-us.apache.org/repos/asf/sentry/blob/e72e6eac/sentry-provider/sentry-provider-db/src/main/resources/002-SENTRY-339.postgres.sql ---------------------------------------------------------------------- diff --git a/sentry-provider/sentry-provider-db/src/main/resources/002-SENTRY-339.postgres.sql b/sentry-provider/sentry-provider-db/src/main/resources/002-SENTRY-339.postgres.sql deleted file mode 100644 index 458e447..0000000 --- a/sentry-provider/sentry-provider-db/src/main/resources/002-SENTRY-339.postgres.sql +++ /dev/null @@ -1,13 +0,0 @@ --- SENTRY-339 -ALTER TABLE "SENTRY_DB_PRIVILEGE" DROP CONSTRAINT "SENTRY_DB_PRIV_PRIV_NAME_UNIQ"; -ALTER TABLE "SENTRY_DB_PRIVILEGE" ADD CONSTRAINT "SENTRY_DB_PRIV_PRIV_NAME_UNIQ" UNIQUE ("SERVER_NAME","DB_NAME","TABLE_NAME","URI", "ACTION","WITH_GRANT_OPTION"); -ALTER TABLE "SENTRY_DB_PRIVILEGE" DROP COLUMN "PRIVILEGE_NAME"; - -ALTER TABLE "SENTRY_DB_PRIVILEGE" ALTER COLUMN "DB_NAME" SET DEFAULT '__NULL__'; -AlTER TABLE "SENTRY_DB_PRIVILEGE" ALTER COLUMN "TABLE_NAME" SET DEFAULT '__NULL__'; -ALTER TABLE "SENTRY_DB_PRIVILEGE" ALTER COLUMN "URI" SET DEFAULT '__NULL__'; - -UPDATE "SENTRY_DB_PRIVILEGE" SET "DB_NAME" = DEFAULT where "DB_NAME" is null; -UPDATE "SENTRY_DB_PRIVILEGE" SET "TABLE_NAME" = DEFAULT where "TABLE_NAME" is null; -UPDATE "SENTRY_DB_PRIVILEGE" SET "URI" = DEFAULT where "URI" is null; - http://git-wip-us.apache.org/repos/asf/sentry/blob/e72e6eac/sentry-provider/sentry-provider-db/src/main/resources/003-SENTRY-380.derby.sql ---------------------------------------------------------------------- diff --git a/sentry-provider/sentry-provider-db/src/main/resources/003-SENTRY-380.derby.sql b/sentry-provider/sentry-provider-db/src/main/resources/003-SENTRY-380.derby.sql deleted file mode 100644 index f27b358..0000000 --- a/sentry-provider/sentry-provider-db/src/main/resources/003-SENTRY-380.derby.sql +++ /dev/null @@ -1,7 +0,0 @@ --- SENTRY-380 -ALTER TABLE SENTRY_DB_PRIVILEGE DROP GRANTOR_PRINCIPAL; -ALTER TABLE SENTRY_ROLE DROP GRANTOR_PRINCIPAL; -ALTER TABLE SENTRY_GROUP DROP GRANTOR_PRINCIPAL; - -ALTER TABLE SENTRY_ROLE_DB_PRIVILEGE_MAP ADD GRANTOR_PRINCIPAL VARCHAR(128); -ALTER TABLE SENTRY_ROLE_GROUP_MAP ADD GRANTOR_PRINCIPAL VARCHAR(128); http://git-wip-us.apache.org/repos/asf/sentry/blob/e72e6eac/sentry-provider/sentry-provider-db/src/main/resources/003-SENTRY-380.mysql.sql ---------------------------------------------------------------------- diff --git a/sentry-provider/sentry-provider-db/src/main/resources/003-SENTRY-380.mysql.sql b/sentry-provider/sentry-provider-db/src/main/resources/003-SENTRY-380.mysql.sql deleted file mode 100644 index 8e0a633..0000000 --- a/sentry-provider/sentry-provider-db/src/main/resources/003-SENTRY-380.mysql.sql +++ /dev/null @@ -1,7 +0,0 @@ --- SENTRY-380 -ALTER TABLE `SENTRY_DB_PRIVILEGE` DROP `GRANTOR_PRINCIPAL`; -ALTER TABLE `SENTRY_ROLE` DROP `GRANTOR_PRINCIPAL`; -ALTER TABLE `SENTRY_GROUP` DROP `GRANTOR_PRINCIPAL`; - -ALTER TABLE `SENTRY_ROLE_DB_PRIVILEGE_MAP` ADD `GRANTOR_PRINCIPAL` VARCHAR(128) CHARACTER SET utf8 COLLATE utf8_bin; -ALTER TABLE `SENTRY_ROLE_GROUP_MAP` ADD `GRANTOR_PRINCIPAL` VARCHAR(128) CHARACTER SET utf8 COLLATE utf8_bin; \ No newline at end of file http://git-wip-us.apache.org/repos/asf/sentry/blob/e72e6eac/sentry-provider/sentry-provider-db/src/main/resources/003-SENTRY-380.oracle.sql ---------------------------------------------------------------------- diff --git a/sentry-provider/sentry-provider-db/src/main/resources/003-SENTRY-380.oracle.sql b/sentry-provider/sentry-provider-db/src/main/resources/003-SENTRY-380.oracle.sql deleted file mode 100644 index d07d20e..0000000 --- a/sentry-provider/sentry-provider-db/src/main/resources/003-SENTRY-380.oracle.sql +++ /dev/null @@ -1,7 +0,0 @@ --- SENTRY-380 -ALTER TABLE "SENTRY_DB_PRIVILEGE" DROP COLUMN "GRANTOR_PRINCIPAL"; -ALTER TABLE "SENTRY_ROLE" DROP COLUMN "GRANTOR_PRINCIPAL"; -ALTER TABLE "SENTRY_GROUP" DROP COLUMN "GRANTOR_PRINCIPAL"; - -ALTER TABLE "SENTRY_ROLE_DB_PRIVILEGE_MAP" ADD "GRANTOR_PRINCIPAL" VARCHAR2(128); -ALTER TABLE "SENTRY_ROLE_GROUP_MAP" ADD "GRANTOR_PRINCIPAL" VARCHAR2(128); http://git-wip-us.apache.org/repos/asf/sentry/blob/e72e6eac/sentry-provider/sentry-provider-db/src/main/resources/003-SENTRY-380.postgres.sql ---------------------------------------------------------------------- diff --git a/sentry-provider/sentry-provider-db/src/main/resources/003-SENTRY-380.postgres.sql b/sentry-provider/sentry-provider-db/src/main/resources/003-SENTRY-380.postgres.sql deleted file mode 100644 index 95a2ef1..0000000 --- a/sentry-provider/sentry-provider-db/src/main/resources/003-SENTRY-380.postgres.sql +++ /dev/null @@ -1,7 +0,0 @@ --- SENTRY-380 -ALTER TABLE "SENTRY_DB_PRIVILEGE" DROP "GRANTOR_PRINCIPAL"; -ALTER TABLE "SENTRY_ROLE" DROP "GRANTOR_PRINCIPAL"; -ALTER TABLE "SENTRY_GROUP" DROP "GRANTOR_PRINCIPAL"; - -ALTER TABLE "SENTRY_ROLE_DB_PRIVILEGE_MAP" ADD "GRANTOR_PRINCIPAL" character varying(128); -ALTER TABLE "SENTRY_ROLE_GROUP_MAP" ADD "GRANTOR_PRINCIPAL" character varying(128); http://git-wip-us.apache.org/repos/asf/sentry/blob/e72e6eac/sentry-provider/sentry-provider-db/src/main/resources/004-SENTRY-74.derby.sql ---------------------------------------------------------------------- diff --git a/sentry-provider/sentry-provider-db/src/main/resources/004-SENTRY-74.derby.sql b/sentry-provider/sentry-provider-db/src/main/resources/004-SENTRY-74.derby.sql deleted file mode 100644 index da1f4d6..0000000 --- a/sentry-provider/sentry-provider-db/src/main/resources/004-SENTRY-74.derby.sql +++ /dev/null @@ -1,4 +0,0 @@ --- SENTRY-74 -ALTER TABLE SENTRY_DB_PRIVILEGE ADD COLUMN COLUMN_NAME VARCHAR(4000) DEFAULT '__NULL__'; -DROP INDEX SENTRYPRIVILEGENAME; -CREATE UNIQUE INDEX SENTRYPRIVILEGENAME ON SENTRY_DB_PRIVILEGE ("SERVER_NAME",DB_NAME,"TABLE_NAME","COLUMN_NAME",URI,"ACTION",WITH_GRANT_OPTION); http://git-wip-us.apache.org/repos/asf/sentry/blob/e72e6eac/sentry-provider/sentry-provider-db/src/main/resources/004-SENTRY-74.mysql.sql ---------------------------------------------------------------------- diff --git a/sentry-provider/sentry-provider-db/src/main/resources/004-SENTRY-74.mysql.sql b/sentry-provider/sentry-provider-db/src/main/resources/004-SENTRY-74.mysql.sql deleted file mode 100644 index 1419ca3..0000000 --- a/sentry-provider/sentry-provider-db/src/main/resources/004-SENTRY-74.mysql.sql +++ /dev/null @@ -1,4 +0,0 @@ --- SENTRY-74 -ALTER TABLE `SENTRY_DB_PRIVILEGE` ADD `COLUMN_NAME` VARCHAR(128) DEFAULT '__NULL__'; -ALTER TABLE `SENTRY_DB_PRIVILEGE` DROP INDEX `SENTRY_DB_PRIV_PRIV_NAME_UNIQ`; -ALTER TABLE `SENTRY_DB_PRIVILEGE` ADD UNIQUE `SENTRY_DB_PRIV_PRIV_NAME_UNIQ` (`SERVER_NAME`,`DB_NAME`,`TABLE_NAME`,`COLUMN_NAME`,`URI`(250),`ACTION`,`WITH_GRANT_OPTION`); http://git-wip-us.apache.org/repos/asf/sentry/blob/e72e6eac/sentry-provider/sentry-provider-db/src/main/resources/004-SENTRY-74.oracle.sql ---------------------------------------------------------------------- diff --git a/sentry-provider/sentry-provider-db/src/main/resources/004-SENTRY-74.oracle.sql b/sentry-provider/sentry-provider-db/src/main/resources/004-SENTRY-74.oracle.sql deleted file mode 100644 index a70ae0a..0000000 --- a/sentry-provider/sentry-provider-db/src/main/resources/004-SENTRY-74.oracle.sql +++ /dev/null @@ -1,4 +0,0 @@ --- SENTRY-74 -ALTER TABLE SENTRY_DB_PRIVILEGE ADD COLUMN_NAME VARCHAR2(128) DEFAULT '__NULL__'; -ALTER TABLE SENTRY_DB_PRIVILEGE DROP CONSTRAINT "SENTRY_DB_PRIV_PRIV_NAME_UNIQ" DROP INDEX; -ALTER TABLE SENTRY_DB_PRIVILEGE ADD CONSTRAINT "SENTRY_DB_PRIV_PRIV_NAME_UNIQ" UNIQUE ("SERVER_NAME","DB_NAME","TABLE_NAME","COLUMN_NAME","URI","ACTION","WITH_GRANT_OPTION"); http://git-wip-us.apache.org/repos/asf/sentry/blob/e72e6eac/sentry-provider/sentry-provider-db/src/main/resources/004-SENTRY-74.postgres.sql ---------------------------------------------------------------------- diff --git a/sentry-provider/sentry-provider-db/src/main/resources/004-SENTRY-74.postgres.sql b/sentry-provider/sentry-provider-db/src/main/resources/004-SENTRY-74.postgres.sql deleted file mode 100644 index 81bdfa3..0000000 --- a/sentry-provider/sentry-provider-db/src/main/resources/004-SENTRY-74.postgres.sql +++ /dev/null @@ -1,4 +0,0 @@ --- SENTRY-74 -ALTER TABLE "SENTRY_DB_PRIVILEGE" ADD COLUMN "COLUMN_NAME" character varying(128) DEFAULT '__NULL__'; -ALTER TABLE "SENTRY_DB_PRIVILEGE" DROP CONSTRAINT "SENTRY_DB_PRIV_PRIV_NAME_UNIQ"; -ALTER TABLE "SENTRY_DB_PRIVILEGE" ADD CONSTRAINT "SENTRY_DB_PRIV_PRIV_NAME_UNIQ" UNIQUE ("SERVER_NAME","DB_NAME","TABLE_NAME","COLUMN_NAME","URI", "ACTION","WITH_GRANT_OPTION"); http://git-wip-us.apache.org/repos/asf/sentry/blob/e72e6eac/sentry-provider/sentry-provider-db/src/main/resources/005-SENTRY-398.derby.sql ---------------------------------------------------------------------- diff --git a/sentry-provider/sentry-provider-db/src/main/resources/005-SENTRY-398.derby.sql b/sentry-provider/sentry-provider-db/src/main/resources/005-SENTRY-398.derby.sql deleted file mode 100644 index c038b81..0000000 --- a/sentry-provider/sentry-provider-db/src/main/resources/005-SENTRY-398.derby.sql +++ /dev/null @@ -1,43 +0,0 @@ --- Table SENTRY_GM_PRIVILEGE for classes [org.apache.sentry.provider.db.service.model.MSentryGMPrivilege] -CREATE TABLE SENTRY_GM_PRIVILEGE -( - GM_PRIVILEGE_ID BIGINT NOT NULL, - "ACTION" VARCHAR(40), - COMPONENT_NAME VARCHAR(400), - CREATE_TIME BIGINT NOT NULL, - WITH_GRANT_OPTION CHAR(1) NOT NULL DEFAULT 'N', - RESOURCE_NAME_0 VARCHAR(400) DEFAULT '__NULL__', - RESOURCE_NAME_1 VARCHAR(400) DEFAULT '__NULL__', - RESOURCE_NAME_2 VARCHAR(400) DEFAULT '__NULL__', - RESOURCE_NAME_3 VARCHAR(400) DEFAULT '__NULL__', - RESOURCE_TYPE_0 VARCHAR(400) DEFAULT '__NULL__', - RESOURCE_TYPE_1 VARCHAR(400) DEFAULT '__NULL__', - RESOURCE_TYPE_2 VARCHAR(400) DEFAULT '__NULL__', - RESOURCE_TYPE_3 VARCHAR(400) DEFAULT '__NULL__', - "SCOPE" VARCHAR(40), - SERVICE_NAME VARCHAR(400) -); --- Primary key(GM_PRIVILEGE_ID) -ALTER TABLE SENTRY_GM_PRIVILEGE ADD CONSTRAINT SENTRY_GM_PRIVILEGE_PK PRIMARY KEY (GM_PRIVILEGE_ID); - --- Constraints for table SENTRY_GM_PRIVILEGE for class(es) [org.apache.sentry.provider.db.service.model.MSentryGMPrivilege] -CREATE UNIQUE INDEX GM_PRIVILEGE_INDEX ON SENTRY_GM_PRIVILEGE (COMPONENT_NAME,SERVICE_NAME,RESOURCE_NAME_0,RESOURCE_TYPE_0,RESOURCE_NAME_1,RESOURCE_TYPE_1,RESOURCE_NAME_2,RESOURCE_TYPE_2,RESOURCE_NAME_3,RESOURCE_TYPE_3,"ACTION",WITH_GRANT_OPTION); - --- Table SENTRY_ROLE_GM_PRIVILEGE_MAP for join relationship -CREATE TABLE SENTRY_ROLE_GM_PRIVILEGE_MAP -( - ROLE_ID BIGINT NOT NULL, - GM_PRIVILEGE_ID BIGINT NOT NULL -); -ALTER TABLE SENTRY_ROLE_GM_PRIVILEGE_MAP ADD CONSTRAINT SENTRY_ROLE_GM_PRIVILEGE_MAP_PK PRIMARY KEY (ROLE_ID,GM_PRIVILEGE_ID); - --- Constraints for table SENTRY_ROLE_GM_PRIVILEGE_MAP -CREATE INDEX SENTRY_ROLE_GM_PRIVILEGE_MAP_N50 ON SENTRY_ROLE_GM_PRIVILEGE_MAP (ROLE_ID); - -CREATE INDEX SENTRY_ROLE_GM_PRIVILEGE_MAP_N49 ON SENTRY_ROLE_GM_PRIVILEGE_MAP (GM_PRIVILEGE_ID); - -ALTER TABLE SENTRY_ROLE_GM_PRIVILEGE_MAP ADD CONSTRAINT SENTRY_ROLE_GM_PRIVILEGE_MAP_FK2 FOREIGN KEY (GM_PRIVILEGE_ID) REFERENCES SENTRY_GM_PRIVILEGE (GM_PRIVILEGE_ID); - -ALTER TABLE SENTRY_ROLE_GM_PRIVILEGE_MAP ADD CONSTRAINT SENTRY_ROLE_GM_PRIVILEGE_MAP_FK1 FOREIGN KEY (ROLE_ID) REFERENCES SENTRY_ROLE (ROLE_ID); - - http://git-wip-us.apache.org/repos/asf/sentry/blob/e72e6eac/sentry-provider/sentry-provider-db/src/main/resources/005-SENTRY-398.mysql.sql ---------------------------------------------------------------------- diff --git a/sentry-provider/sentry-provider-db/src/main/resources/005-SENTRY-398.mysql.sql b/sentry-provider/sentry-provider-db/src/main/resources/005-SENTRY-398.mysql.sql deleted file mode 100644 index 920737f..0000000 --- a/sentry-provider/sentry-provider-db/src/main/resources/005-SENTRY-398.mysql.sql +++ /dev/null @@ -1,62 +0,0 @@ --- Table SENTRY_GM_PRIVILEGE for classes [org.apache.sentry.provider.db.service.model.MSentryGMPrivilege] -CREATE TABLE `SENTRY_GM_PRIVILEGE` -( - `GM_PRIVILEGE_ID` BIGINT NOT NULL, - `ACTION` VARCHAR(32) CHARACTER SET utf8 COLLATE utf8_bin NOT NULL, - `COMPONENT_NAME` VARCHAR(32) CHARACTER SET utf8 COLLATE utf8_bin NOT NULL, - `CREATE_TIME` BIGINT NOT NULL, - `WITH_GRANT_OPTION` CHAR(1) NOT NULL DEFAULT 'N', - `RESOURCE_NAME_0` VARCHAR(64) CHARACTER SET utf8 COLLATE utf8_bin DEFAULT '__NULL__', - `RESOURCE_NAME_1` VARCHAR(64) CHARACTER SET utf8 COLLATE utf8_bin DEFAULT '__NULL__', - `RESOURCE_NAME_2` VARCHAR(64) CHARACTER SET utf8 COLLATE utf8_bin DEFAULT '__NULL__', - `RESOURCE_NAME_3` VARCHAR(64) CHARACTER SET utf8 COLLATE utf8_bin DEFAULT '__NULL__', - `RESOURCE_TYPE_0` VARCHAR(64) CHARACTER SET utf8 COLLATE utf8_bin DEFAULT '__NULL__', - `RESOURCE_TYPE_1` VARCHAR(64) CHARACTER SET utf8 COLLATE utf8_bin DEFAULT '__NULL__', - `RESOURCE_TYPE_2` VARCHAR(64) CHARACTER SET utf8 COLLATE utf8_bin DEFAULT '__NULL__', - `RESOURCE_TYPE_3` VARCHAR(64) CHARACTER SET utf8 COLLATE utf8_bin DEFAULT '__NULL__', - `SCOPE` VARCHAR(128) CHARACTER SET utf8 COLLATE utf8_bin NOT NULL, - `SERVICE_NAME` VARCHAR(64) BINARY CHARACTER SET utf8 COLLATE utf8_bin NOT NULL -) ENGINE=INNODB DEFAULT CHARSET=utf8; - -ALTER TABLE `SENTRY_GM_PRIVILEGE` - ADD CONSTRAINT `SENTRY_GM_PRIVILEGE_PK` PRIMARY KEY (`GM_PRIVILEGE_ID`); --- Constraints for table SENTRY_GM_PRIVILEGE for class(es) [org.apache.sentry.provider.db.service.model.MSentryGMPrivilege] -ALTER TABLE `SENTRY_GM_PRIVILEGE` - ADD UNIQUE `GM_PRIVILEGE_UNIQUE` (`COMPONENT_NAME`,`SERVICE_NAME`,`RESOURCE_NAME_0`,`RESOURCE_TYPE_0`,`RESOURCE_NAME_1`,`RESOURCE_TYPE_1`,`RESOURCE_NAME_2`,`RESOURCE_TYPE_2`,`RESOURCE_NAME_3`,`RESOURCE_TYPE_3`,`ACTION`,`WITH_GRANT_OPTION`); - -ALTER TABLE `SENTRY_GM_PRIVILEGE` - ADD INDEX `SENTRY_GM_PRIV_COMP_IDX` (`COMPONENT_NAME`); - -ALTER TABLE `SENTRY_GM_PRIVILEGE` - ADD INDEX `SENTRY_GM_PRIV_SERV_IDX` (`SERVICE_NAME`); - -ALTER TABLE `SENTRY_GM_PRIVILEGE` - ADD INDEX `SENTRY_GM_PRIV_RES0_IDX` (`RESOURCE_NAME_0`,`RESOURCE_TYPE_0`); - -ALTER TABLE `SENTRY_GM_PRIVILEGE` - ADD INDEX `SENTRY_GM_PRIV_RES1_IDX` (`RESOURCE_NAME_1`,`RESOURCE_TYPE_1`); - -ALTER TABLE `SENTRY_GM_PRIVILEGE` - ADD INDEX `SENTRY_GM_PRIV_RES2_IDX` (`RESOURCE_NAME_2`,`RESOURCE_TYPE_2`); - -ALTER TABLE `SENTRY_GM_PRIVILEGE` - ADD INDEX `SENTRY_GM_PRIV_RES3_IDX` (`RESOURCE_NAME_3`,`RESOURCE_TYPE_3`); - --- Table SENTRY_ROLE_GM_PRIVILEGE_MAP for join relationship -CREATE TABLE `SENTRY_ROLE_GM_PRIVILEGE_MAP` -( - `ROLE_ID` BIGINT NOT NULL, - `GM_PRIVILEGE_ID` BIGINT NOT NULL -) ENGINE=INNODB DEFAULT CHARSET=utf8; - -ALTER TABLE `SENTRY_ROLE_GM_PRIVILEGE_MAP` - ADD CONSTRAINT `SENTRY_ROLE_GM_PRIVILEGE_MAP_PK` PRIMARY KEY (`ROLE_ID`,`GM_PRIVILEGE_ID`); - --- Constraints for table SENTRY_ROLE_GM_PRIVILEGE_MAP -ALTER TABLE `SENTRY_ROLE_GM_PRIVILEGE_MAP` - ADD CONSTRAINT `SEN_RLE_GM_PRV_MAP_SN_RLE_FK` - FOREIGN KEY (`ROLE_ID`) REFERENCES `SENTRY_ROLE`(`ROLE_ID`); - -ALTER TABLE `SENTRY_ROLE_GM_PRIVILEGE_MAP` - ADD CONSTRAINT `SEN_RL_GM_PRV_MAP_SN_DB_PRV_FK` - FOREIGN KEY (`GM_PRIVILEGE_ID`) REFERENCES `SENTRY_GM_PRIVILEGE`(`GM_PRIVILEGE_ID`);
