SENTRY-1205: Refactor the code for sentry-provider-db and create sentry-service module(Colin Ma, reviewed by Dapeng Sun)
Project: http://git-wip-us.apache.org/repos/asf/sentry/repo Commit: http://git-wip-us.apache.org/repos/asf/sentry/commit/f1332300 Tree: http://git-wip-us.apache.org/repos/asf/sentry/tree/f1332300 Diff: http://git-wip-us.apache.org/repos/asf/sentry/diff/f1332300 Branch: refs/heads/master Commit: f13323008c46283796952fe8b71bc40ed4dc6523 Parents: 170c2a1 Author: Colin Ma <[email protected]> Authored: Thu Jul 21 13:55:58 2016 +0800 Committer: Colin Ma <[email protected]> Committed: Thu Jul 21 13:55:58 2016 +0800 ---------------------------------------------------------------------- pom.xml | 30 +- .../sentry-binding-hive-common/pom.xml | 12 +- sentry-binding/sentry-binding-hive-v2/pom.xml | 20 - .../v2/metastore/MetastoreAuthzBindingV2.java | 2 +- sentry-binding/sentry-binding-hive/pom.xml | 29 - .../binding/hive/MockUserToGroupMapping.java | 2 +- .../policy/hive/TestPolicyParsingNegative.java | 2 +- ...sourceAuthorizationProviderGeneralCases.java | 2 +- ...sourceAuthorizationProviderSpecialCases.java | 2 +- .../hive/TestSimpleDBPolicyEngineDFS.java | 2 +- sentry-binding/sentry-binding-kafka/pom.xml | 14 +- .../sentry/kafka/binding/KafkaAuthBinding.java | 2 +- .../kafka/MockGroupMappingServiceProvider.java | 2 +- ...tKafkaAuthorizationProviderSpecialCases.java | 2 +- sentry-binding/sentry-binding-solr/pom.xml | 12 +- .../binding/solr/authz/SolrAuthzBinding.java | 4 +- ...SearchAuthorizationProviderGeneralCases.java | 2 +- ...SearchAuthorizationProviderSpecialCases.java | 2 +- sentry-binding/sentry-binding-sqoop/pom.xml | 10 +- .../sentry/sqoop/binding/SqoopAuthBinding.java | 2 +- ...tSqoopAuthorizationProviderGeneralCases.java | 2 +- ...tSqoopAuthorizationProviderSpecialCases.java | 2 +- .../common/service/GroupMappingService.java | 35 + .../service/HadoopGroupMappingService.java | 69 + .../MockGroupMappingServiceProvider.java | 44 + .../common/service/NoGroupMappingService.java | 33 + .../common/utils/AuthorizationComponent.java | 30 + .../sentry/core/common/utils/PolicyFile.java | 202 + sentry-dist/pom.xml | 12 + sentry-dist/src/main/assembly/bin.xml | 5 +- sentry-dist/src/main/assembly/src.xml | 1 + sentry-hdfs/sentry-hdfs-common/pom.xml | 19 +- ...ndexerAuthorizationProviderGeneralCases.java | 2 +- ...ndexerAuthorizationProviderSpecialCases.java | 2 +- sentry-provider/sentry-provider-cache/pom.xml | 4 - sentry-provider/sentry-provider-common/pom.xml | 5 - .../provider/common/AuthorizationComponent.java | 30 - .../provider/common/AuthorizationProvider.java | 1 + .../provider/common/GroupMappingService.java | 35 - .../common/HadoopGroupMappingService.java | 69 - ...adoopGroupResourceAuthorizationProvider.java | 2 + .../common/NoAuthorizationProvider.java | 2 + .../provider/common/NoGroupMappingService.java | 33 - .../common/ResourceAuthorizationProvider.java | 1 + ...adoopGroupResourceAuthorizationProvider.java | 2 +- .../common/MockGroupMappingServiceProvider.java | 44 - .../provider/common/TestGetGroupMapping.java | 1 + .../common/TestNoAuthorizationProvider.java | 1 + sentry-provider/sentry-provider-db/pom.xml | 354 +- .../thrift/SentryGenericPolicyService.java | 10416 ----------- .../TAlterSentryRoleAddGroupsRequest.java | 842 - .../TAlterSentryRoleAddGroupsResponse.java | 391 - .../TAlterSentryRoleDeleteGroupsRequest.java | 842 - .../TAlterSentryRoleDeleteGroupsResponse.java | 391 - .../TAlterSentryRoleGrantPrivilegeRequest.java | 798 - .../TAlterSentryRoleGrantPrivilegeResponse.java | 391 - .../TAlterSentryRoleRevokePrivilegeRequest.java | 798 - ...TAlterSentryRoleRevokePrivilegeResponse.java | 391 - .../generic/service/thrift/TAuthorizable.java | 490 - .../thrift/TCreateSentryRoleRequest.java | 692 - .../thrift/TCreateSentryRoleResponse.java | 391 - .../service/thrift/TDropPrivilegesRequest.java | 697 - .../service/thrift/TDropPrivilegesResponse.java | 391 - .../service/thrift/TDropSentryRoleRequest.java | 692 - .../service/thrift/TDropSentryRoleResponse.java | 391 - .../TListSentryPrivilegesByAuthRequest.java | 1112 -- .../TListSentryPrivilegesByAuthResponse.java | 569 - ...TListSentryPrivilegesForProviderRequest.java | 1011 -- ...ListSentryPrivilegesForProviderResponse.java | 541 - .../thrift/TListSentryPrivilegesRequest.java | 957 - .../thrift/TListSentryPrivilegesResponse.java | 555 - .../service/thrift/TListSentryRolesRequest.java | 701 - .../thrift/TListSentryRolesResponse.java | 555 - .../thrift/TRenamePrivilegesRequest.java | 1002 -- .../thrift/TRenamePrivilegesResponse.java | 391 - .../service/thrift/TSentryActiveRoleSet.java | 537 - .../service/thrift/TSentryGrantOption.java | 48 - .../service/thrift/TSentryPrivilege.java | 1080 -- .../service/thrift/TSentryPrivilegeMap.java | 490 - .../db/generic/service/thrift/TSentryRole.java | 539 - .../db/service/thrift/SentryPolicyService.java | 15564 ----------------- .../TAlterSentryRoleAddGroupsRequest.java | 746 - .../TAlterSentryRoleAddGroupsResponse.java | 394 - .../thrift/TAlterSentryRoleAddUsersRequest.java | 741 - .../TAlterSentryRoleAddUsersResponse.java | 394 - .../TAlterSentryRoleDeleteGroupsRequest.java | 746 - .../TAlterSentryRoleDeleteGroupsResponse.java | 394 - .../TAlterSentryRoleDeleteUsersRequest.java | 741 - .../TAlterSentryRoleDeleteUsersResponse.java | 394 - .../TAlterSentryRoleGrantPrivilegeRequest.java | 866 - .../TAlterSentryRoleGrantPrivilegeResponse.java | 669 - .../TAlterSentryRoleRevokePrivilegeRequest.java | 866 - ...TAlterSentryRoleRevokePrivilegeResponse.java | 394 - .../thrift/TCreateSentryRoleRequest.java | 591 - .../thrift/TCreateSentryRoleResponse.java | 394 - .../service/thrift/TDropPrivilegesRequest.java | 596 - .../service/thrift/TDropPrivilegesResponse.java | 394 - .../service/thrift/TDropSentryRoleRequest.java | 591 - .../service/thrift/TDropSentryRoleResponse.java | 394 - .../TListSentryPrivilegesByAuthRequest.java | 915 - .../TListSentryPrivilegesByAuthResponse.java | 571 - ...TListSentryPrivilegesForProviderRequest.java | 915 - ...ListSentryPrivilegesForProviderResponse.java | 544 - .../thrift/TListSentryPrivilegesRequest.java | 706 - .../thrift/TListSentryPrivilegesResponse.java | 558 - .../thrift/TListSentryRolesForUserRequest.java | 591 - .../service/thrift/TListSentryRolesRequest.java | 600 - .../thrift/TListSentryRolesResponse.java | 558 - .../thrift/TRenamePrivilegesRequest.java | 702 - .../thrift/TRenamePrivilegesResponse.java | 394 - .../db/service/thrift/TSentryActiveRoleSet.java | 537 - .../db/service/thrift/TSentryAuthorizable.java | 817 - .../thrift/TSentryConfigValueRequest.java | 600 - .../thrift/TSentryConfigValueResponse.java | 504 - .../thrift/TSentryExportMappingDataRequest.java | 600 - .../TSentryExportMappingDataResponse.java | 500 - .../db/service/thrift/TSentryGrantOption.java | 48 - .../db/service/thrift/TSentryGroup.java | 389 - .../thrift/TSentryImportMappingDataRequest.java | 693 - .../TSentryImportMappingDataResponse.java | 394 - .../db/service/thrift/TSentryMappingData.java | 898 - .../db/service/thrift/TSentryPrivilege.java | 1258 -- .../db/service/thrift/TSentryPrivilegeMap.java | 490 - .../provider/db/service/thrift/TSentryRole.java | 645 - .../service/thrift/TSentryResponseStatus.java | 598 - .../thrift/sentry_common_serviceConstants.java | 57 - .../provider/db/SentryPolicyStorePlugin.java | 60 - .../service/persistent/DelegateSentryStore.java | 542 - .../service/persistent/PrivilegeObject.java | 231 - .../persistent/PrivilegeOperatePersistence.java | 485 - .../service/persistent/SentryStoreLayer.java | 198 - .../service/thrift/NotificationHandler.java | 47 - .../thrift/NotificationHandlerInvoker.java | 164 - .../thrift/SentryGenericPolicyProcessor.java | 836 - .../SentryGenericPolicyProcessorFactory.java | 40 - .../SentryGenericPolicyProcessorWrapper.java | 39 - .../thrift/SentryGenericServiceClient.java | 196 - .../SentryGenericServiceClientDefaultImpl.java | 591 - .../SentryGenericServiceClientFactory.java | 34 - .../tools/KafkaTSentryPrivilegeConverter.java | 118 - .../generic/tools/SentryConfigToolCommon.java | 152 - .../db/generic/tools/SentryConfigToolSolr.java | 262 - .../db/generic/tools/SentryShellKafka.java | 113 - .../db/generic/tools/SentryShellSolr.java | 112 - .../tools/SolrTSentryPrivilegeConverter.java | 137 - .../tools/command/AddRoleToGroupCmd.java | 46 - .../db/generic/tools/command/Command.java | 27 - .../db/generic/tools/command/CreateRoleCmd.java | 39 - .../tools/command/DeleteRoleFromGroupCmd.java | 46 - .../db/generic/tools/command/DropRoleCmd.java | 39 - .../tools/command/GrantPrivilegeToRoleCmd.java | 47 - .../tools/command/ListPrivilegesByRoleCmd.java | 54 - .../db/generic/tools/command/ListRolesCmd.java | 53 - .../command/RevokePrivilegeFromRoleCmd.java | 47 - .../command/TSentryPrivilegeConverter.java | 33 - .../log/appender/AuditLoggerTestAppender.java | 52 - .../RollingFileWithoutDeleteAppender.java | 175 - .../db/log/entity/AuditMetadataLogEntity.java | 155 - .../db/log/entity/DBAuditMetadataLogEntity.java | 124 - .../db/log/entity/GMAuditMetadataLogEntity.java | 97 - .../provider/db/log/entity/JsonLogEntity.java | 25 - .../db/log/entity/JsonLogEntityFactory.java | 351 - .../provider/db/log/util/CommandUtil.java | 233 - .../sentry/provider/db/log/util/Constants.java | 162 - .../db/service/model/MSentryGMPrivilege.java | 497 - .../provider/db/service/model/MSentryGroup.java | 116 - .../db/service/model/MSentryPrivilege.java | 332 - .../provider/db/service/model/MSentryRole.java | 216 - .../provider/db/service/model/MSentryUser.java | 116 - .../db/service/model/MSentryVersion.java | 66 - .../provider/db/service/model/package.jdo | 242 - .../db/service/persistent/CommitContext.java | 42 - .../persistent/FixedJsonInstanceSerializer.java | 163 - .../db/service/persistent/HAContext.java | 262 - .../db/service/persistent/SentryStore.java | 2672 --- .../persistent/SentryStoreSchemaInfo.java | 143 - .../db/service/persistent/ServiceManager.java | 97 - .../db/service/persistent/ServiceRegister.java | 52 - .../provider/db/service/thrift/ConfServlet.java | 69 - .../db/service/thrift/NotificationHandler.java | 79 - .../thrift/NotificationHandlerInvoker.java | 176 - .../db/service/thrift/PolicyStoreConstants.java | 32 - .../db/service/thrift/SentryAuthFilter.java | 92 - ...SentryHealthCheckServletContextListener.java | 35 - .../db/service/thrift/SentryMetrics.java | 162 - .../SentryMetricsServletContextListener.java | 32 - .../thrift/SentryPolicyServiceClient.java | 220 - .../SentryPolicyServiceClientDefaultImpl.java | 1084 -- .../thrift/SentryPolicyStoreProcessor.java | 1113 -- .../SentryPolicyStoreProcessorFactory.java | 39 - .../service/thrift/SentryProcessorWrapper.java | 37 - .../db/service/thrift/SentryWebServer.java | 184 - .../provider/db/service/thrift/ThriftUtil.java | 112 - .../provider/db/tools/SentrySchemaHelper.java | 315 - .../provider/db/tools/SentrySchemaTool.java | 595 - .../provider/db/tools/SentryShellCommon.java | 247 - .../provider/db/tools/SentryShellHive.java | 98 - .../provider/db/tools/command/hive/Command.java | 27 - .../db/tools/command/hive/CommandUtil.java | 119 - .../db/tools/command/hive/CreateRoleCmd.java | 37 - .../db/tools/command/hive/DropRoleCmd.java | 37 - .../command/hive/GrantPrivilegeToRoleCmd.java | 41 - .../command/hive/GrantRoleToGroupsCmd.java | 44 - .../tools/command/hive/ListPrivilegesCmd.java | 97 - .../db/tools/command/hive/ListRolesCmd.java | 51 - .../hive/RevokePrivilegeFromRoleCmd.java | 42 - .../command/hive/RevokeRoleFromGroupsCmd.java | 43 - .../sentry/service/thrift/GSSCallback.java | 110 - .../thrift/HAClientInvocationHandler.java | 139 - .../service/thrift/JaasConfiguration.java | 133 - .../service/thrift/KerberosConfiguration.java | 107 - .../thrift/PoolClientInvocationHandler.java | 154 - .../sentry/service/thrift/ProcessorFactory.java | 31 - .../thrift/SentryClientInvocationHandler.java | 54 - .../service/thrift/SentryKerberosContext.java | 157 - .../sentry/service/thrift/SentryService.java | 426 - .../thrift/SentryServiceClientFactory.java | 52 - .../thrift/SentryServiceClientPoolFactory.java | 78 - .../service/thrift/SentryServiceFactory.java | 28 - .../service/thrift/SentryServiceUtil.java | 158 - .../sentry/service/thrift/ServiceConstants.java | 261 - .../apache/sentry/service/thrift/Status.java | 132 - .../src/main/resources/001-SENTRY-327.derby.sql | 2 - .../src/main/resources/001-SENTRY-327.mysql.sql | 2 - .../main/resources/001-SENTRY-327.oracle.sql | 2 - .../main/resources/001-SENTRY-327.postgres.sql | 2 - .../src/main/resources/002-SENTRY-339.derby.sql | 13 - .../src/main/resources/002-SENTRY-339.mysql.sql | 13 - .../main/resources/002-SENTRY-339.oracle.sql | 13 - .../main/resources/002-SENTRY-339.postgres.sql | 13 - .../src/main/resources/003-SENTRY-380.derby.sql | 7 - .../src/main/resources/003-SENTRY-380.mysql.sql | 7 - .../main/resources/003-SENTRY-380.oracle.sql | 7 - .../main/resources/003-SENTRY-380.postgres.sql | 7 - .../src/main/resources/004-SENTRY-74.derby.sql | 4 - .../src/main/resources/004-SENTRY-74.mysql.sql | 4 - .../src/main/resources/004-SENTRY-74.oracle.sql | 4 - .../main/resources/004-SENTRY-74.postgres.sql | 4 - .../src/main/resources/005-SENTRY-398.derby.sql | 43 - .../src/main/resources/005-SENTRY-398.mysql.sql | 62 - .../main/resources/005-SENTRY-398.oracle.sql | 55 - .../main/resources/005-SENTRY-398.postgres.sql | 54 - .../src/main/resources/006-SENTRY-711.derby.sql | 27 - .../src/main/resources/006-SENTRY-711.mysql.sql | 28 - .../main/resources/006-SENTRY-711.oracle.sql | 28 - .../main/resources/006-SENTRY-711.postgres.sql | 28 - .../src/main/resources/sentry-db2-1.4.0.sql | 112 - .../src/main/resources/sentry-db2-1.5.0.sql | 155 - .../src/main/resources/sentry-db2-1.6.0.sql | 155 - .../src/main/resources/sentry-db2-1.7.0.sql | 155 - .../src/main/resources/sentry-db2-1.8.0.sql | 183 - .../src/main/resources/sentry-derby-1.4.0.sql | 112 - .../src/main/resources/sentry-derby-1.5.0.sql | 155 - .../src/main/resources/sentry-derby-1.6.0.sql | 155 - .../src/main/resources/sentry-derby-1.7.0.sql | 155 - .../src/main/resources/sentry-derby-1.8.0.sql | 184 - .../src/main/resources/sentry-mysql-1.4.0.sql | 126 - .../src/main/resources/sentry-mysql-1.5.0.sql | 192 - .../src/main/resources/sentry-mysql-1.6.0.sql | 193 - .../src/main/resources/sentry-mysql-1.7.0.sql | 193 - .../src/main/resources/sentry-mysql-1.8.0.sql | 223 - .../src/main/resources/sentry-oracle-1.4.0.sql | 110 - .../src/main/resources/sentry-oracle-1.5.0.sql | 168 - .../src/main/resources/sentry-oracle-1.6.0.sql | 168 - .../src/main/resources/sentry-oracle-1.7.0.sql | 168 - .../src/main/resources/sentry-oracle-1.8.0.sql | 197 - .../main/resources/sentry-postgres-1.4.0.sql | 124 - .../main/resources/sentry-postgres-1.5.0.sql | 182 - .../main/resources/sentry-postgres-1.6.0.sql | 182 - .../main/resources/sentry-postgres-1.7.0.sql | 182 - .../main/resources/sentry-postgres-1.8.0.sql | 211 - .../sentry-upgrade-db2-1.4.0-to-1.5.0.sql | 61 - .../sentry-upgrade-db2-1.5.0-to-1.6.0.sql | 2 - .../sentry-upgrade-db2-1.6.0-to-1.7.0.sql | 2 - .../sentry-upgrade-db2-1.7.0-to-1.8.0.sql | 31 - .../sentry-upgrade-derby-1.4.0-to-1.5.0.sql | 8 - .../sentry-upgrade-derby-1.5.0-to-1.6.0.sql | 2 - .../sentry-upgrade-derby-1.6.0-to-1.7.0.sql | 2 - .../sentry-upgrade-derby-1.7.0-to-1.8.0.sql | 4 - .../sentry-upgrade-mysql-1.4.0-to-1.5.0.sql | 10 - .../sentry-upgrade-mysql-1.5.0-to-1.6.0.sql | 5 - .../sentry-upgrade-mysql-1.6.0-to-1.7.0.sql | 5 - .../sentry-upgrade-mysql-1.7.0-to-1.8.0.sql | 6 - .../sentry-upgrade-oracle-1.4.0-to-1.5.0.sql | 9 - .../sentry-upgrade-oracle-1.5.0-to-1.6.0.sql | 5 - .../sentry-upgrade-oracle-1.6.0-to-1.7.0.sql | 5 - .../sentry-upgrade-oracle-1.7.0-to-1.8.0.sql | 6 - .../sentry-upgrade-postgres-1.4.0-to-1.5.0.sql | 9 - .../sentry-upgrade-postgres-1.5.0-to-1.6.0.sql | 5 - .../sentry-upgrade-postgres-1.6.0-to-1.7.0.sql | 5 - .../sentry-upgrade-postgres-1.7.0-to-1.8.0.sql | 6 - .../main/resources/sentry_common_service.thrift | 46 - .../sentry_generic_policy_service.thrift | 279 - .../main/resources/sentry_policy_service.thrift | 330 - .../src/main/resources/upgrade.order.db2 | 4 - .../src/main/resources/upgrade.order.derby | 4 - .../src/main/resources/upgrade.order.mysql | 4 - .../src/main/resources/upgrade.order.oracle | 4 - .../src/main/resources/upgrade.order.postgres | 4 - .../src/main/webapp/SentryService.html | 61 - .../src/main/webapp/css/bootstrap-theme.min.css | 10 - .../src/main/webapp/css/bootstrap.min.css | 9 - .../src/main/webapp/css/sentry.css | 52 - .../src/main/webapp/sentry.png | Bin 3223 -> 0 bytes .../persistent/SentryStoreIntegrationBase.java | 91 - .../persistent/TestDelegateSentryStore.java | 182 - .../TestPrivilegeOperatePersistence.java | 1139 -- .../persistent/TestSentryGMPrivilege.java | 207 - .../service/persistent/TestSentryRole.java | 372 - .../SentryGenericServiceIntegrationBase.java | 73 - .../TestAuditLogForSentryGenericService.java | 296 - .../TestSentryGenericPolicyProcessor.java | 353 - .../TestSentryGenericServiceIntegration.java | 503 - .../generic/tools/TestSentryConfigToolSolr.java | 261 - .../db/generic/tools/TestSentryShellKafka.java | 542 - .../db/generic/tools/TestSentryShellSolr.java | 525 - .../TestRollingFileWithoutDeleteAppender.java | 106 - .../entity/TestDbAuditMetadataLogEntity.java | 69 - .../entity/TestGMAuditMetadataLogEntity.java | 74 - .../db/log/entity/TestJsonLogEntityFactory.java | 272 - .../log/entity/TestJsonLogEntityFactoryGM.java | 259 - .../provider/db/log/util/TestCommandUtil.java | 416 - .../service/persistent/TestSentryPrivilege.java | 245 - .../persistent/TestSentryServiceDiscovery.java | 123 - .../db/service/persistent/TestSentryStore.java | 2090 --- .../persistent/TestSentryStoreImportExport.java | 1164 -- .../TestSentryStoreToAuthorizable.java | 86 - .../service/persistent/TestSentryVersion.java | 85 - .../service/thrift/SentryMiniKdcTestcase.java | 68 - .../TestAuthorizingDDLAuditLogWithKerberos.java | 295 - .../thrift/TestConnectionWithTicketTimeout.java | 57 - .../thrift/TestNotificationHandlerInvoker.java | 112 - .../thrift/TestSentryPolicyStoreProcessor.java | 81 - .../TestSentryServerForHaWithoutKerberos.java | 219 - ...estSentryServerForPoolHAWithoutKerberos.java | 36 - .../TestSentryServerForPoolWithoutKerberos.java | 36 - .../thrift/TestSentryServerWithoutKerberos.java | 214 - .../thrift/TestSentryServiceClientPool.java | 111 - .../thrift/TestSentryServiceFailureCase.java | 74 - .../TestSentryServiceForHAWithKerberos.java | 75 - .../TestSentryServiceForPoolHAWithKerberos.java | 36 - .../TestSentryServiceForPoolWithKerberos.java | 36 - .../thrift/TestSentryServiceImportExport.java | 751 - .../thrift/TestSentryServiceIntegration.java | 1102 -- .../TestSentryServiceWithInvalidMsgSize.java | 119 - .../thrift/TestSentryServiceWithKerberos.java | 58 - .../thrift/TestSentryWebServerWithKerberos.java | 136 - .../thrift/TestSentryWebServerWithSSL.java | 52 - .../TestSentryWebServerWithoutSecurity.java | 87 - .../provider/db/tools/TestSentrySchemaTool.java | 94 - .../provider/db/tools/TestSentryShellHive.java | 608 - .../thrift/SentryServiceIntegrationBase.java | 355 - .../src/test/resources/cacerts.jks | Bin 954 -> 0 bytes .../src/test/resources/keystore.jks | Bin 2245 -> 0 bytes .../src/test/resources/log4j.properties | 34 - .../src/test/resources/solr_case.ini | 26 - .../test/resources/solr_config_import_tool.ini | 29 - .../src/test/resources/solr_invalid.ini | 21 - sentry-provider/sentry-provider-file/pom.xml | 17 - .../provider/file/LocalGroupMappingService.java | 2 +- .../apache/sentry/provider/file/PolicyFile.java | 202 - sentry-service/pom.xml | 38 + sentry-service/sentry-service-client/pom.xml | 57 + .../thrift/SentryGenericServiceClient.java | 196 + .../SentryGenericServiceClientDefaultImpl.java | 591 + .../SentryGenericServiceClientFactory.java | 34 + .../tools/KafkaTSentryPrivilegeConverter.java | 118 + .../generic/tools/SentryConfigToolCommon.java | 152 + .../db/generic/tools/SentryConfigToolSolr.java | 262 + .../db/generic/tools/SentryShellKafka.java | 113 + .../db/generic/tools/SentryShellSolr.java | 112 + .../tools/SolrTSentryPrivilegeConverter.java | 137 + .../tools/command/AddRoleToGroupCmd.java | 46 + .../db/generic/tools/command/Command.java | 27 + .../db/generic/tools/command/CreateRoleCmd.java | 39 + .../tools/command/DeleteRoleFromGroupCmd.java | 46 + .../db/generic/tools/command/DropRoleCmd.java | 39 + .../tools/command/GrantPrivilegeToRoleCmd.java | 47 + .../tools/command/ListPrivilegesByRoleCmd.java | 54 + .../db/generic/tools/command/ListRolesCmd.java | 53 + .../command/RevokePrivilegeFromRoleCmd.java | 47 + .../command/TSentryPrivilegeConverter.java | 33 + .../db/service/persistent/ServiceManager.java | 97 + .../thrift/SentryPolicyServiceClient.java | 220 + .../SentryPolicyServiceClientDefaultImpl.java | 1087 ++ .../provider/db/tools/SentryShellCommon.java | 247 + .../provider/db/tools/SentryShellHive.java | 98 + .../provider/db/tools/command/hive/Command.java | 27 + .../db/tools/command/hive/CommandUtil.java | 119 + .../db/tools/command/hive/CreateRoleCmd.java | 37 + .../db/tools/command/hive/DropRoleCmd.java | 37 + .../command/hive/GrantPrivilegeToRoleCmd.java | 41 + .../command/hive/GrantRoleToGroupsCmd.java | 44 + .../tools/command/hive/ListPrivilegesCmd.java | 97 + .../db/tools/command/hive/ListRolesCmd.java | 51 + .../hive/RevokePrivilegeFromRoleCmd.java | 42 + .../command/hive/RevokeRoleFromGroupsCmd.java | 43 + .../thrift/HAClientInvocationHandler.java | 139 + .../thrift/PoolClientInvocationHandler.java | 154 + .../thrift/SentryClientInvocationHandler.java | 54 + .../thrift/SentryServiceClientFactory.java | 52 + .../thrift/SentryServiceClientPoolFactory.java | 78 + sentry-service/sentry-service-common/pom.xml | 159 + .../thrift/SentryGenericPolicyService.java | 10416 +++++++++++ .../TAlterSentryRoleAddGroupsRequest.java | 842 + .../TAlterSentryRoleAddGroupsResponse.java | 391 + .../TAlterSentryRoleDeleteGroupsRequest.java | 842 + .../TAlterSentryRoleDeleteGroupsResponse.java | 391 + .../TAlterSentryRoleGrantPrivilegeRequest.java | 798 + .../TAlterSentryRoleGrantPrivilegeResponse.java | 391 + .../TAlterSentryRoleRevokePrivilegeRequest.java | 798 + ...TAlterSentryRoleRevokePrivilegeResponse.java | 391 + .../generic/service/thrift/TAuthorizable.java | 490 + .../thrift/TCreateSentryRoleRequest.java | 692 + .../thrift/TCreateSentryRoleResponse.java | 391 + .../service/thrift/TDropPrivilegesRequest.java | 697 + .../service/thrift/TDropPrivilegesResponse.java | 391 + .../service/thrift/TDropSentryRoleRequest.java | 692 + .../service/thrift/TDropSentryRoleResponse.java | 391 + .../TListSentryPrivilegesByAuthRequest.java | 1112 ++ .../TListSentryPrivilegesByAuthResponse.java | 569 + ...TListSentryPrivilegesForProviderRequest.java | 1011 ++ ...ListSentryPrivilegesForProviderResponse.java | 541 + .../thrift/TListSentryPrivilegesRequest.java | 957 + .../thrift/TListSentryPrivilegesResponse.java | 555 + .../service/thrift/TListSentryRolesRequest.java | 701 + .../thrift/TListSentryRolesResponse.java | 555 + .../thrift/TRenamePrivilegesRequest.java | 1002 ++ .../thrift/TRenamePrivilegesResponse.java | 391 + .../service/thrift/TSentryActiveRoleSet.java | 537 + .../service/thrift/TSentryGrantOption.java | 48 + .../service/thrift/TSentryPrivilege.java | 1080 ++ .../service/thrift/TSentryPrivilegeMap.java | 490 + .../db/generic/service/thrift/TSentryRole.java | 539 + .../db/service/thrift/SentryPolicyService.java | 15564 +++++++++++++++++ .../TAlterSentryRoleAddGroupsRequest.java | 746 + .../TAlterSentryRoleAddGroupsResponse.java | 394 + .../thrift/TAlterSentryRoleAddUsersRequest.java | 741 + .../TAlterSentryRoleAddUsersResponse.java | 394 + .../TAlterSentryRoleDeleteGroupsRequest.java | 746 + .../TAlterSentryRoleDeleteGroupsResponse.java | 394 + .../TAlterSentryRoleDeleteUsersRequest.java | 741 + .../TAlterSentryRoleDeleteUsersResponse.java | 394 + .../TAlterSentryRoleGrantPrivilegeRequest.java | 866 + .../TAlterSentryRoleGrantPrivilegeResponse.java | 669 + .../TAlterSentryRoleRevokePrivilegeRequest.java | 866 + ...TAlterSentryRoleRevokePrivilegeResponse.java | 394 + .../thrift/TCreateSentryRoleRequest.java | 591 + .../thrift/TCreateSentryRoleResponse.java | 394 + .../service/thrift/TDropPrivilegesRequest.java | 596 + .../service/thrift/TDropPrivilegesResponse.java | 394 + .../service/thrift/TDropSentryRoleRequest.java | 591 + .../service/thrift/TDropSentryRoleResponse.java | 394 + .../TListSentryPrivilegesByAuthRequest.java | 915 + .../TListSentryPrivilegesByAuthResponse.java | 571 + ...TListSentryPrivilegesForProviderRequest.java | 915 + ...ListSentryPrivilegesForProviderResponse.java | 544 + .../thrift/TListSentryPrivilegesRequest.java | 706 + .../thrift/TListSentryPrivilegesResponse.java | 558 + .../thrift/TListSentryRolesForUserRequest.java | 591 + .../service/thrift/TListSentryRolesRequest.java | 600 + .../thrift/TListSentryRolesResponse.java | 558 + .../thrift/TRenamePrivilegesRequest.java | 702 + .../thrift/TRenamePrivilegesResponse.java | 394 + .../db/service/thrift/TSentryActiveRoleSet.java | 537 + .../db/service/thrift/TSentryAuthorizable.java | 817 + .../thrift/TSentryConfigValueRequest.java | 600 + .../thrift/TSentryConfigValueResponse.java | 504 + .../thrift/TSentryExportMappingDataRequest.java | 600 + .../TSentryExportMappingDataResponse.java | 500 + .../db/service/thrift/TSentryGrantOption.java | 48 + .../db/service/thrift/TSentryGroup.java | 389 + .../thrift/TSentryImportMappingDataRequest.java | 693 + .../TSentryImportMappingDataResponse.java | 394 + .../db/service/thrift/TSentryMappingData.java | 898 + .../db/service/thrift/TSentryPrivilege.java | 1258 ++ .../db/service/thrift/TSentryPrivilegeMap.java | 490 + .../provider/db/service/thrift/TSentryRole.java | 645 + .../service/thrift/TSentryResponseStatus.java | 598 + .../thrift/sentry_common_serviceConstants.java | 57 + .../persistent/FixedJsonInstanceSerializer.java | 163 + .../db/service/persistent/HAContext.java | 262 + .../service/thrift/JaasConfiguration.java | 133 + .../service/thrift/SentryServiceUtil.java | 158 + .../sentry/service/thrift/ServiceConstants.java | 259 + .../apache/sentry/service/thrift/Status.java | 132 + .../main/resources/sentry_common_service.thrift | 46 + .../sentry_generic_policy_service.thrift | 279 + .../main/resources/sentry_policy_service.thrift | 330 + sentry-service/sentry-service-server/pom.xml | 279 + .../provider/db/SentryPolicyStorePlugin.java | 60 + .../service/persistent/DelegateSentryStore.java | 542 + .../service/persistent/PrivilegeObject.java | 231 + .../persistent/PrivilegeOperatePersistence.java | 485 + .../service/persistent/SentryStoreLayer.java | 198 + .../service/thrift/NotificationHandler.java | 47 + .../thrift/NotificationHandlerInvoker.java | 164 + .../thrift/SentryGenericPolicyProcessor.java | 835 + .../SentryGenericPolicyProcessorFactory.java | 41 + .../SentryGenericPolicyProcessorWrapper.java | 39 + .../log/appender/AuditLoggerTestAppender.java | 52 + .../RollingFileWithoutDeleteAppender.java | 175 + .../db/log/entity/AuditMetadataLogEntity.java | 155 + .../db/log/entity/DBAuditMetadataLogEntity.java | 124 + .../db/log/entity/GMAuditMetadataLogEntity.java | 97 + .../provider/db/log/entity/JsonLogEntity.java | 25 + .../db/log/entity/JsonLogEntityFactory.java | 351 + .../provider/db/log/util/CommandUtil.java | 233 + .../sentry/provider/db/log/util/Constants.java | 162 + .../db/service/model/MSentryGMPrivilege.java | 497 + .../provider/db/service/model/MSentryGroup.java | 116 + .../db/service/model/MSentryPrivilege.java | 332 + .../provider/db/service/model/MSentryRole.java | 216 + .../provider/db/service/model/MSentryUser.java | 116 + .../db/service/model/MSentryVersion.java | 66 + .../provider/db/service/model/package.jdo | 242 + .../db/service/persistent/CommitContext.java | 42 + .../db/service/persistent/SentryStore.java | 2672 +++ .../persistent/SentryStoreSchemaInfo.java | 143 + .../db/service/persistent/ServiceRegister.java | 52 + .../provider/db/service/thrift/ConfServlet.java | 69 + .../db/service/thrift/NotificationHandler.java | 79 + .../thrift/NotificationHandlerInvoker.java | 176 + .../db/service/thrift/PolicyStoreConstants.java | 32 + .../db/service/thrift/SentryAuthFilter.java | 92 + ...SentryHealthCheckServletContextListener.java | 35 + .../db/service/thrift/SentryMetrics.java | 162 + .../SentryMetricsServletContextListener.java | 32 + .../thrift/SentryPolicyStoreProcessor.java | 1111 ++ .../SentryPolicyStoreProcessorFactory.java | 40 + .../service/thrift/SentryProcessorWrapper.java | 37 + .../db/service/thrift/SentryWebServer.java | 184 + .../provider/db/service/thrift/ThriftUtil.java | 112 + .../provider/db/tools/SentrySchemaHelper.java | 315 + .../provider/db/tools/SentrySchemaTool.java | 595 + .../sentry/service/thrift/GSSCallback.java | 110 + .../service/thrift/KerberosConfiguration.java | 107 + .../sentry/service/thrift/ProcessorFactory.java | 31 + .../service/thrift/SentryKerberosContext.java | 157 + .../sentry/service/thrift/SentryService.java | 426 + .../service/thrift/SentryServiceFactory.java | 28 + .../src/main/resources/001-SENTRY-327.derby.sql | 2 + .../src/main/resources/001-SENTRY-327.mysql.sql | 2 + .../main/resources/001-SENTRY-327.oracle.sql | 2 + .../main/resources/001-SENTRY-327.postgres.sql | 2 + .../src/main/resources/002-SENTRY-339.derby.sql | 13 + .../src/main/resources/002-SENTRY-339.mysql.sql | 13 + .../main/resources/002-SENTRY-339.oracle.sql | 13 + .../main/resources/002-SENTRY-339.postgres.sql | 13 + .../src/main/resources/003-SENTRY-380.derby.sql | 7 + .../src/main/resources/003-SENTRY-380.mysql.sql | 7 + .../main/resources/003-SENTRY-380.oracle.sql | 7 + .../main/resources/003-SENTRY-380.postgres.sql | 7 + .../src/main/resources/004-SENTRY-74.derby.sql | 4 + .../src/main/resources/004-SENTRY-74.mysql.sql | 4 + .../src/main/resources/004-SENTRY-74.oracle.sql | 4 + .../main/resources/004-SENTRY-74.postgres.sql | 4 + .../src/main/resources/005-SENTRY-398.derby.sql | 43 + .../src/main/resources/005-SENTRY-398.mysql.sql | 62 + .../main/resources/005-SENTRY-398.oracle.sql | 55 + .../main/resources/005-SENTRY-398.postgres.sql | 54 + .../src/main/resources/006-SENTRY-711.derby.sql | 27 + .../src/main/resources/006-SENTRY-711.mysql.sql | 28 + .../main/resources/006-SENTRY-711.oracle.sql | 28 + .../main/resources/006-SENTRY-711.postgres.sql | 28 + .../src/main/resources/sentry-db2-1.4.0.sql | 112 + .../src/main/resources/sentry-db2-1.5.0.sql | 155 + .../src/main/resources/sentry-db2-1.6.0.sql | 155 + .../src/main/resources/sentry-db2-1.7.0.sql | 155 + .../src/main/resources/sentry-db2-1.8.0.sql | 183 + .../src/main/resources/sentry-derby-1.4.0.sql | 112 + .../src/main/resources/sentry-derby-1.5.0.sql | 155 + .../src/main/resources/sentry-derby-1.6.0.sql | 155 + .../src/main/resources/sentry-derby-1.7.0.sql | 155 + .../src/main/resources/sentry-derby-1.8.0.sql | 184 + .../src/main/resources/sentry-mysql-1.4.0.sql | 126 + .../src/main/resources/sentry-mysql-1.5.0.sql | 192 + .../src/main/resources/sentry-mysql-1.6.0.sql | 193 + .../src/main/resources/sentry-mysql-1.7.0.sql | 193 + .../src/main/resources/sentry-mysql-1.8.0.sql | 223 + .../src/main/resources/sentry-oracle-1.4.0.sql | 110 + .../src/main/resources/sentry-oracle-1.5.0.sql | 168 + .../src/main/resources/sentry-oracle-1.6.0.sql | 168 + .../src/main/resources/sentry-oracle-1.7.0.sql | 168 + .../src/main/resources/sentry-oracle-1.8.0.sql | 197 + .../main/resources/sentry-postgres-1.4.0.sql | 124 + .../main/resources/sentry-postgres-1.5.0.sql | 182 + .../main/resources/sentry-postgres-1.6.0.sql | 182 + .../main/resources/sentry-postgres-1.7.0.sql | 182 + .../main/resources/sentry-postgres-1.8.0.sql | 211 + .../sentry-upgrade-db2-1.4.0-to-1.5.0.sql | 61 + .../sentry-upgrade-db2-1.5.0-to-1.6.0.sql | 2 + .../sentry-upgrade-db2-1.6.0-to-1.7.0.sql | 2 + .../sentry-upgrade-db2-1.7.0-to-1.8.0.sql | 31 + .../sentry-upgrade-derby-1.4.0-to-1.5.0.sql | 8 + .../sentry-upgrade-derby-1.5.0-to-1.6.0.sql | 2 + .../sentry-upgrade-derby-1.6.0-to-1.7.0.sql | 2 + .../sentry-upgrade-derby-1.7.0-to-1.8.0.sql | 4 + .../sentry-upgrade-mysql-1.4.0-to-1.5.0.sql | 10 + .../sentry-upgrade-mysql-1.5.0-to-1.6.0.sql | 5 + .../sentry-upgrade-mysql-1.6.0-to-1.7.0.sql | 5 + .../sentry-upgrade-mysql-1.7.0-to-1.8.0.sql | 6 + .../sentry-upgrade-oracle-1.4.0-to-1.5.0.sql | 9 + .../sentry-upgrade-oracle-1.5.0-to-1.6.0.sql | 5 + .../sentry-upgrade-oracle-1.6.0-to-1.7.0.sql | 5 + .../sentry-upgrade-oracle-1.7.0-to-1.8.0.sql | 6 + .../sentry-upgrade-postgres-1.4.0-to-1.5.0.sql | 9 + .../sentry-upgrade-postgres-1.5.0-to-1.6.0.sql | 5 + .../sentry-upgrade-postgres-1.6.0-to-1.7.0.sql | 5 + .../sentry-upgrade-postgres-1.7.0-to-1.8.0.sql | 6 + .../src/main/resources/upgrade.order.db2 | 4 + .../src/main/resources/upgrade.order.derby | 4 + .../src/main/resources/upgrade.order.mysql | 4 + .../src/main/resources/upgrade.order.oracle | 4 + .../src/main/resources/upgrade.order.postgres | 4 + .../src/main/webapp/SentryService.html | 61 + .../src/main/webapp/css/bootstrap-theme.min.css | 10 + .../src/main/webapp/css/bootstrap.min.css | 9 + .../src/main/webapp/css/sentry.css | 52 + .../src/main/webapp/sentry.png | Bin 0 -> 3223 bytes .../persistent/SentryStoreIntegrationBase.java | 91 + .../persistent/TestDelegateSentryStore.java | 182 + .../TestPrivilegeOperatePersistence.java | 1139 ++ .../persistent/TestSentryGMPrivilege.java | 207 + .../service/persistent/TestSentryRole.java | 372 + .../SentryGenericServiceIntegrationBase.java | 73 + .../TestAuditLogForSentryGenericService.java | 296 + .../TestSentryGenericPolicyProcessor.java | 349 + .../TestSentryGenericServiceIntegration.java | 503 + .../generic/tools/TestSentryConfigToolSolr.java | 261 + .../db/generic/tools/TestSentryShellKafka.java | 542 + .../db/generic/tools/TestSentryShellSolr.java | 525 + .../TestRollingFileWithoutDeleteAppender.java | 103 + .../entity/TestDbAuditMetadataLogEntity.java | 67 + .../entity/TestGMAuditMetadataLogEntity.java | 72 + .../db/log/entity/TestJsonLogEntityFactory.java | 272 + .../log/entity/TestJsonLogEntityFactoryGM.java | 259 + .../provider/db/log/util/TestCommandUtil.java | 416 + .../service/persistent/TestSentryPrivilege.java | 245 + .../persistent/TestSentryServiceDiscovery.java | 123 + .../db/service/persistent/TestSentryStore.java | 2090 +++ .../persistent/TestSentryStoreImportExport.java | 1164 ++ .../TestSentryStoreToAuthorizable.java | 86 + .../service/persistent/TestSentryVersion.java | 84 + .../service/thrift/SentryMiniKdcTestcase.java | 68 + .../TestAuthorizingDDLAuditLogWithKerberos.java | 295 + .../thrift/TestConnectionWithTicketTimeout.java | 57 + .../thrift/TestNotificationHandlerInvoker.java | 112 + .../thrift/TestSentryPolicyStoreProcessor.java | 81 + .../TestSentryServerForHaWithoutKerberos.java | 219 + ...estSentryServerForPoolHAWithoutKerberos.java | 36 + .../TestSentryServerForPoolWithoutKerberos.java | 37 + .../thrift/TestSentryServerWithoutKerberos.java | 214 + .../thrift/TestSentryServiceClientPool.java | 111 + .../thrift/TestSentryServiceFailureCase.java | 74 + .../TestSentryServiceForHAWithKerberos.java | 75 + .../TestSentryServiceForPoolHAWithKerberos.java | 39 + .../TestSentryServiceForPoolWithKerberos.java | 37 + .../thrift/TestSentryServiceImportExport.java | 751 + .../thrift/TestSentryServiceIntegration.java | 1102 ++ .../TestSentryServiceWithInvalidMsgSize.java | 119 + .../thrift/TestSentryServiceWithKerberos.java | 58 + .../thrift/TestSentryWebServerWithKerberos.java | 136 + .../thrift/TestSentryWebServerWithSSL.java | 52 + .../TestSentryWebServerWithoutSecurity.java | 87 + .../provider/db/tools/TestSentrySchemaTool.java | 94 + .../provider/db/tools/TestSentryShellHive.java | 608 + .../thrift/SentryServiceIntegrationBase.java | 355 + .../src/test/resources/cacerts.jks | Bin 0 -> 954 bytes .../src/test/resources/keystore.jks | Bin 0 -> 2245 bytes .../src/test/resources/log4j.properties | 34 + .../src/test/resources/solr_case.ini | 26 + .../test/resources/solr_config_import_tool.ini | 29 + .../src/test/resources/solr_invalid.ini | 21 + sentry-solr/solr-sentry-core/pom.xml | 4 - sentry-solr/solr-sentry-handlers/pom.xml | 4 - .../dbprovider/AbstractTestWithDbProvider.java | 2 +- .../e2e/dbprovider/TestConcurrentClients.java | 2 +- .../tests/e2e/dbprovider/TestDbComplexView.java | 2 +- .../tests/e2e/dbprovider/TestDbConnections.java | 2 +- .../tests/e2e/dbprovider/TestDbEndToEnd.java | 2 +- .../TestDbSentryOnFailureHookLoading.java | 4 +- .../TestPrivilegeWithGrantOption.java | 3 +- .../TestPrivilegeWithHAGrantOption.java | 3 +- .../sentry/tests/e2e/ha/TestHaEnd2End.java | 2 +- .../tests/e2e/hdfs/TestHDFSIntegration.java | 5 +- .../AbstractTestWithStaticConfiguration.java | 3 +- .../sentry/tests/e2e/hive/TestConfigTool.java | 2 +- .../sentry/tests/e2e/hive/TestCrossDbOps.java | 2 +- .../e2e/hive/TestCustomSerdePrivileges.java | 2 +- .../sentry/tests/e2e/hive/TestEndToEnd.java | 2 +- .../e2e/hive/TestExportImportPrivileges.java | 2 +- .../tests/e2e/hive/TestJDBCInterface.java | 2 +- .../tests/e2e/hive/TestLockPrivileges.java | 2 +- .../e2e/hive/TestMetadataObjectRetrieval.java | 2 +- .../tests/e2e/hive/TestMetadataPermissions.java | 2 +- .../tests/e2e/hive/TestMovingToProduction.java | 2 +- .../sentry/tests/e2e/hive/TestOperations.java | 2 +- .../tests/e2e/hive/TestPerDBConfiguration.java | 2 +- .../e2e/hive/TestPerDatabasePolicyFile.java | 2 +- .../e2e/hive/TestPrivilegeAtTransform.java | 2 +- .../e2e/hive/TestPrivilegesAtColumnScope.java | 2 +- .../e2e/hive/TestPrivilegesAtDatabaseScope.java | 2 +- .../e2e/hive/TestPrivilegesAtFunctionScope.java | 2 +- .../e2e/hive/TestPrivilegesAtTableScope.java | 2 +- .../tests/e2e/hive/TestReloadPrivileges.java | 2 +- .../e2e/hive/TestRuntimeMetadataRetrieval.java | 2 +- .../sentry/tests/e2e/hive/TestSandboxOps.java | 2 +- .../hive/TestSentryOnFailureHookLoading.java | 2 +- .../tests/e2e/hive/TestServerConfiguration.java | 2 +- .../tests/e2e/hive/TestUriPermissions.java | 2 +- .../tests/e2e/hive/TestUserManagement.java | 2 +- .../tests/e2e/hive/TestViewPrivileges.java | 2 +- ...actMetastoreTestWithStaticConfiguration.java | 2 +- .../metastore/SentryPolicyProviderForDb.java | 2 +- .../metastore/TestAuthorizingObjectStore.java | 2 +- .../e2e/metastore/TestMetaStoreWithPigHCat.java | 2 +- .../e2e/metastore/TestMetastoreEndToEnd.java | 2 +- sentry-tests/sentry-tests-hive/pom.xml | 2 +- .../dbprovider/AbstractTestWithDbProvider.java | 2 +- .../e2e/dbprovider/TestConcurrentClients.java | 2 +- .../tests/e2e/dbprovider/TestDbComplexView.java | 2 +- .../tests/e2e/dbprovider/TestDbConnections.java | 2 +- .../tests/e2e/dbprovider/TestDbEndToEnd.java | 2 +- .../sentry/tests/e2e/ha/TestHaEnd2End.java | 2 +- .../tests/e2e/hdfs/TestHDFSIntegration.java | 2 +- .../AbstractTestWithStaticConfiguration.java | 2 +- .../sentry/tests/e2e/hive/TestConfigTool.java | 2 +- .../sentry/tests/e2e/hive/TestCrossDbOps.java | 2 +- .../e2e/hive/TestCustomSerdePrivileges.java | 2 +- .../sentry/tests/e2e/hive/TestEndToEnd.java | 2 +- .../e2e/hive/TestExportImportPrivileges.java | 2 +- .../tests/e2e/hive/TestJDBCInterface.java | 2 +- .../tests/e2e/hive/TestLockPrivileges.java | 2 +- .../e2e/hive/TestMetadataObjectRetrieval.java | 2 +- .../tests/e2e/hive/TestMetadataPermissions.java | 2 +- .../tests/e2e/hive/TestMovingToProduction.java | 2 +- .../tests/e2e/hive/TestOperationsPart1.java | 2 +- .../tests/e2e/hive/TestOperationsPart2.java | 2 +- .../tests/e2e/hive/TestPerDBConfiguration.java | 2 +- .../e2e/hive/TestPerDatabasePolicyFile.java | 2 +- .../e2e/hive/TestPrivilegeAtTransform.java | 2 +- .../e2e/hive/TestPrivilegesAtColumnScope.java | 2 +- .../e2e/hive/TestPrivilegesAtDatabaseScope.java | 2 +- .../e2e/hive/TestPrivilegesAtFunctionScope.java | 2 +- .../hive/TestPrivilegesAtTableScopePart1.java | 2 +- .../hive/TestPrivilegesAtTableScopePart2.java | 2 +- .../tests/e2e/hive/TestReloadPrivileges.java | 2 +- .../e2e/hive/TestRuntimeMetadataRetrieval.java | 2 +- .../sentry/tests/e2e/hive/TestSandboxOps.java | 2 +- .../hive/TestSentryOnFailureHookLoading.java | 2 +- .../tests/e2e/hive/TestServerConfiguration.java | 2 +- .../tests/e2e/hive/TestUriPermissions.java | 2 +- .../tests/e2e/hive/TestUserManagement.java | 2 +- .../tests/e2e/hive/TestViewPrivileges.java | 2 +- ...actMetastoreTestWithStaticConfiguration.java | 2 +- .../metastore/SentryPolicyProviderForDb.java | 2 +- .../metastore/TestAuthorizingObjectStore.java | 2 +- .../e2e/metastore/TestMetaStoreWithPigHCat.java | 2 +- .../e2e/metastore/TestMetastoreEndToEnd.java | 2 +- .../tests/e2e/metastore/TestURIMetastore.java | 2 +- sentry-tests/sentry-tests-kafka/pom.xml | 3 +- .../e2e/kafka/AbstractKafkaSentryTestBase.java | 2 +- sentry-tests/sentry-tests-solr/pom.xml | 2 +- .../AbstractSolrSentryTestWithDbProvider.java | 2 +- sentry-tests/sentry-tests-sqoop/pom.xml | 2 +- .../e2e/sqoop/AbstractSqoopSentryTestBase.java | 2 +- 767 files changed, 110640 insertions(+), 110541 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/sentry/blob/f1332300/pom.xml ---------------------------------------------------------------------- diff --git a/pom.xml b/pom.xml index 2ea4735..a4f2bcc 100644 --- a/pom.xml +++ b/pom.xml @@ -55,7 +55,6 @@ limitations under the License. <maven.compile.target>1.7</maven.compile.target> <!-- versions are in alphabetical order --> <ant.contrib.version>1.0b3</ant.contrib.version> - <bonecp.version>0.7.1.RELEASE</bonecp.version> <build.helper.maven.plugin.version>1.8</build.helper.maven.plugin.version> <cglib.version>2.2</cglib.version> <commons-cli.version>1.2</commons-cli.version> @@ -75,6 +74,7 @@ limitations under the License. <jackson.version>1.8.8</jackson.version> <jdo-api.version>3.0.1</jdo-api.version> <jettyVersion>8.1.19.v20160209</jettyVersion> + <jetty.aggregate>7.6.0.v20120127</jetty.aggregate> <joda-time.version>2.5</joda-time.version> <junit.version>4.10</junit.version> <libfb303.version>0.9.3</libfb303.version> @@ -121,11 +121,6 @@ limitations under the License. <version>${commons.logging.version}</version> </dependency> <dependency> - <groupId>com.jolbox</groupId> - <artifactId>bonecp</artifactId> - <version>${bonecp.version}</version> - </dependency> - <dependency> <groupId>org.apache.derby</groupId> <artifactId>derby</artifactId> <version>${derby.version}</version> @@ -425,6 +420,21 @@ limitations under the License. </dependency> <dependency> <groupId>org.apache.sentry</groupId> + <artifactId>sentry-service-common</artifactId> + <version>${project.version}</version> + </dependency> + <dependency> + <groupId>org.apache.sentry</groupId> + <artifactId>sentry-service-server</artifactId> + <version>${project.version}</version> + </dependency> + <dependency> + <groupId>org.apache.sentry</groupId> + <artifactId>sentry-service-client</artifactId> + <version>${project.version}</version> + </dependency> + <dependency> + <groupId>org.apache.sentry</groupId> <artifactId>sentry-provider-common</artifactId> <version>${project.version}</version> </dependency> @@ -465,7 +475,7 @@ limitations under the License. </dependency> <dependency> <groupId>org.apache.sentry</groupId> - <artifactId>sentry-provider-db</artifactId> + <artifactId>sentry-service-server</artifactId> <version>${project.version}</version> <type>test-jar</type> </dependency> @@ -615,11 +625,17 @@ limitations under the License. <artifactId>jetty-servlet</artifactId> <version>${jettyVersion}</version> </dependency> + <dependency> + <groupId>org.eclipse.jetty.aggregate</groupId> + <artifactId>jetty-all</artifactId> + <version>${jetty.aggregate}</version> + </dependency> </dependencies> </dependencyManagement> <modules> <module>sentry-core</module> + <module>sentry-service</module> <module>sentry-binding</module> <module>sentry-provider</module> <module>sentry-policy</module> http://git-wip-us.apache.org/repos/asf/sentry/blob/f1332300/sentry-binding/sentry-binding-hive-common/pom.xml ---------------------------------------------------------------------- diff --git a/sentry-binding/sentry-binding-hive-common/pom.xml b/sentry-binding/sentry-binding-hive-common/pom.xml index 18b422d..685df0c 100644 --- a/sentry-binding/sentry-binding-hive-common/pom.xml +++ b/sentry-binding/sentry-binding-hive-common/pom.xml @@ -54,23 +54,19 @@ limitations under the License. </dependency> <dependency> <groupId>org.apache.sentry</groupId> - <artifactId>sentry-core-common</artifactId> + <artifactId>sentry-core-model-db</artifactId> </dependency> <dependency> <groupId>org.apache.sentry</groupId> - <artifactId>sentry-core-model-db</artifactId> + <artifactId>sentry-service-client</artifactId> </dependency> <dependency> <groupId>org.apache.sentry</groupId> - <artifactId>sentry-provider-common</artifactId> + <artifactId>sentry-policy-engine</artifactId> </dependency> <dependency> <groupId>org.apache.sentry</groupId> - <artifactId>sentry-provider-file</artifactId> - </dependency> - <dependency> - <groupId>org.apache.sentry</groupId> - <artifactId>sentry-provider-cache</artifactId> + <artifactId>sentry-provider-cache</artifactId> </dependency> <dependency> <groupId>org.apache.hadoop</groupId> http://git-wip-us.apache.org/repos/asf/sentry/blob/f1332300/sentry-binding/sentry-binding-hive-v2/pom.xml ---------------------------------------------------------------------- diff --git a/sentry-binding/sentry-binding-hive-v2/pom.xml b/sentry-binding/sentry-binding-hive-v2/pom.xml index cb1b026..e6df18a 100644 --- a/sentry-binding/sentry-binding-hive-v2/pom.xml +++ b/sentry-binding/sentry-binding-hive-v2/pom.xml @@ -110,26 +110,6 @@ limitations under the License. <scope>provided</scope> </dependency> <dependency> - <groupId>org.apache.sentry</groupId> - <artifactId>sentry-core-common</artifactId> - </dependency> - <dependency> - <groupId>org.apache.sentry</groupId> - <artifactId>sentry-core-model-db</artifactId> - </dependency> - <dependency> - <groupId>org.apache.sentry</groupId> - <artifactId>sentry-provider-common</artifactId> - </dependency> - <dependency> - <groupId>org.apache.sentry</groupId> - <artifactId>sentry-provider-file</artifactId> - </dependency> - <dependency> - <groupId>org.apache.sentry</groupId> - <artifactId>sentry-policy-engine</artifactId> - </dependency> - <dependency> <groupId>org.apache.hadoop</groupId> <artifactId>hadoop-common</artifactId> <scope>provided</scope> http://git-wip-us.apache.org/repos/asf/sentry/blob/f1332300/sentry-binding/sentry-binding-hive-v2/src/main/java/org/apache/sentry/binding/hive/v2/metastore/MetastoreAuthzBindingV2.java ---------------------------------------------------------------------- diff --git a/sentry-binding/sentry-binding-hive-v2/src/main/java/org/apache/sentry/binding/hive/v2/metastore/MetastoreAuthzBindingV2.java b/sentry-binding/sentry-binding-hive-v2/src/main/java/org/apache/sentry/binding/hive/v2/metastore/MetastoreAuthzBindingV2.java index cfef1a7..7c1de14 100644 --- a/sentry-binding/sentry-binding-hive-v2/src/main/java/org/apache/sentry/binding/hive/v2/metastore/MetastoreAuthzBindingV2.java +++ b/sentry-binding/sentry-binding-hive-v2/src/main/java/org/apache/sentry/binding/hive/v2/metastore/MetastoreAuthzBindingV2.java @@ -28,11 +28,11 @@ import org.apache.hadoop.hive.metastore.api.MetaException; import org.apache.hadoop.hive.metastore.events.PreDropPartitionEvent; import org.apache.hadoop.hive.ql.metadata.AuthorizationException; import org.apache.hadoop.hive.ql.plan.HiveOperation; +import org.apache.sentry.core.common.exception.SentryUserException; import org.apache.sentry.binding.hive.authz.HiveAuthzBinding; import org.apache.sentry.binding.hive.v2.HiveAuthzPrivilegesMapV2; import org.apache.sentry.binding.metastore.MetastoreAuthzBindingBase; import org.apache.sentry.core.common.Subject; -import org.apache.sentry.core.common.exception.SentryUserException; import org.apache.sentry.core.model.db.DBModelAuthorizable; /** http://git-wip-us.apache.org/repos/asf/sentry/blob/f1332300/sentry-binding/sentry-binding-hive/pom.xml ---------------------------------------------------------------------- diff --git a/sentry-binding/sentry-binding-hive/pom.xml b/sentry-binding/sentry-binding-hive/pom.xml index 07aaae3..fa1c44c 100644 --- a/sentry-binding/sentry-binding-hive/pom.xml +++ b/sentry-binding/sentry-binding-hive/pom.xml @@ -70,31 +70,6 @@ limitations under the License. <artifactId>sentry-binding-hive-common</artifactId> </dependency> <dependency> - <groupId>org.apache.sentry</groupId> - <artifactId>sentry-core-common</artifactId> - </dependency> - <dependency> - <groupId>org.apache.sentry</groupId> - <artifactId>sentry-core-model-db</artifactId> - </dependency> - <dependency> - <groupId>org.apache.sentry</groupId> - <artifactId>sentry-provider-common</artifactId> - </dependency> - <!-- required for SentryGrantRevokeTask --> - <dependency> - <groupId>org.apache.sentry</groupId> - <artifactId>sentry-provider-db</artifactId> - </dependency> - <dependency> - <groupId>org.apache.sentry</groupId> - <artifactId>sentry-provider-file</artifactId> - </dependency> - <dependency> - <groupId>org.apache.sentry</groupId> - <artifactId>sentry-provider-cache</artifactId> - </dependency> - <dependency> <groupId>org.apache.hadoop</groupId> <artifactId>hadoop-common</artifactId> <scope>provided</scope> @@ -112,10 +87,6 @@ limitations under the License. </dependency> <!-- required for SentryGrantRevokeTask --> <dependency> - <groupId>org.apache.sentry</groupId> - <artifactId>sentry-provider-db</artifactId> - </dependency> - <dependency> <groupId>org.apache.hadoop</groupId> <artifactId>hadoop-minicluster</artifactId> <scope>test</scope> http://git-wip-us.apache.org/repos/asf/sentry/blob/f1332300/sentry-binding/sentry-binding-hive/src/test/java/org/apache/sentry/binding/hive/MockUserToGroupMapping.java ---------------------------------------------------------------------- diff --git a/sentry-binding/sentry-binding-hive/src/test/java/org/apache/sentry/binding/hive/MockUserToGroupMapping.java b/sentry-binding/sentry-binding-hive/src/test/java/org/apache/sentry/binding/hive/MockUserToGroupMapping.java index c095603..8ea8e1b 100644 --- a/sentry-binding/sentry-binding-hive/src/test/java/org/apache/sentry/binding/hive/MockUserToGroupMapping.java +++ b/sentry-binding/sentry-binding-hive/src/test/java/org/apache/sentry/binding/hive/MockUserToGroupMapping.java @@ -19,7 +19,7 @@ package org.apache.sentry.binding.hive; import java.util.Set; -import org.apache.sentry.provider.common.GroupMappingService; +import org.apache.sentry.core.common.service.GroupMappingService; import com.google.common.collect.Sets; http://git-wip-us.apache.org/repos/asf/sentry/blob/f1332300/sentry-binding/sentry-binding-hive/src/test/java/org/apache/sentry/policy/hive/TestPolicyParsingNegative.java ---------------------------------------------------------------------- diff --git a/sentry-binding/sentry-binding-hive/src/test/java/org/apache/sentry/policy/hive/TestPolicyParsingNegative.java b/sentry-binding/sentry-binding-hive/src/test/java/org/apache/sentry/policy/hive/TestPolicyParsingNegative.java index 4dc8812..0a53088 100644 --- a/sentry-binding/sentry-binding-hive/src/test/java/org/apache/sentry/policy/hive/TestPolicyParsingNegative.java +++ b/sentry-binding/sentry-binding-hive/src/test/java/org/apache/sentry/policy/hive/TestPolicyParsingNegative.java @@ -24,7 +24,7 @@ import org.junit.Assert; import org.apache.commons.io.FileUtils; import org.apache.sentry.core.common.ActiveRoleSet; import org.apache.sentry.policy.common.PolicyEngine; -import org.apache.sentry.provider.file.PolicyFile; +import org.apache.sentry.core.common.utils.PolicyFile; import org.junit.After; import org.junit.Before; import org.junit.Test; http://git-wip-us.apache.org/repos/asf/sentry/blob/f1332300/sentry-binding/sentry-binding-hive/src/test/java/org/apache/sentry/policy/hive/TestResourceAuthorizationProviderGeneralCases.java ---------------------------------------------------------------------- diff --git a/sentry-binding/sentry-binding-hive/src/test/java/org/apache/sentry/policy/hive/TestResourceAuthorizationProviderGeneralCases.java b/sentry-binding/sentry-binding-hive/src/test/java/org/apache/sentry/policy/hive/TestResourceAuthorizationProviderGeneralCases.java index 403eb6a..2ace656 100644 --- a/sentry-binding/sentry-binding-hive/src/test/java/org/apache/sentry/policy/hive/TestResourceAuthorizationProviderGeneralCases.java +++ b/sentry-binding/sentry-binding-hive/src/test/java/org/apache/sentry/policy/hive/TestResourceAuthorizationProviderGeneralCases.java @@ -37,7 +37,7 @@ import org.apache.sentry.core.model.db.Database; import org.apache.sentry.core.model.db.HivePrivilegeModel; import org.apache.sentry.core.model.db.Server; import org.apache.sentry.core.model.db.Table; -import org.apache.sentry.provider.common.GroupMappingService; +import org.apache.sentry.core.common.service.GroupMappingService; import org.apache.sentry.provider.common.ResourceAuthorizationProvider; import org.apache.sentry.provider.file.HadoopGroupResourceAuthorizationProvider; import org.apache.sentry.provider.file.PolicyFiles; http://git-wip-us.apache.org/repos/asf/sentry/blob/f1332300/sentry-binding/sentry-binding-hive/src/test/java/org/apache/sentry/policy/hive/TestResourceAuthorizationProviderSpecialCases.java ---------------------------------------------------------------------- diff --git a/sentry-binding/sentry-binding-hive/src/test/java/org/apache/sentry/policy/hive/TestResourceAuthorizationProviderSpecialCases.java b/sentry-binding/sentry-binding-hive/src/test/java/org/apache/sentry/policy/hive/TestResourceAuthorizationProviderSpecialCases.java index 6fe9e6b..040f467 100644 --- a/sentry-binding/sentry-binding-hive/src/test/java/org/apache/sentry/policy/hive/TestResourceAuthorizationProviderSpecialCases.java +++ b/sentry-binding/sentry-binding-hive/src/test/java/org/apache/sentry/policy/hive/TestResourceAuthorizationProviderSpecialCases.java @@ -36,7 +36,7 @@ import org.apache.sentry.core.model.db.Server; import org.apache.sentry.policy.common.PolicyEngine; import org.apache.sentry.provider.common.AuthorizationProvider; import org.apache.sentry.provider.file.LocalGroupResourceAuthorizationProvider; -import org.apache.sentry.provider.file.PolicyFile; +import org.apache.sentry.core.common.utils.PolicyFile; import org.junit.After; import org.junit.Before; import org.junit.Test; http://git-wip-us.apache.org/repos/asf/sentry/blob/f1332300/sentry-binding/sentry-binding-hive/src/test/java/org/apache/sentry/policy/hive/TestSimpleDBPolicyEngineDFS.java ---------------------------------------------------------------------- diff --git a/sentry-binding/sentry-binding-hive/src/test/java/org/apache/sentry/policy/hive/TestSimpleDBPolicyEngineDFS.java b/sentry-binding/sentry-binding-hive/src/test/java/org/apache/sentry/policy/hive/TestSimpleDBPolicyEngineDFS.java index 97cf615..f86516f 100644 --- a/sentry-binding/sentry-binding-hive/src/test/java/org/apache/sentry/policy/hive/TestSimpleDBPolicyEngineDFS.java +++ b/sentry-binding/sentry-binding-hive/src/test/java/org/apache/sentry/policy/hive/TestSimpleDBPolicyEngineDFS.java @@ -28,7 +28,7 @@ import org.apache.hadoop.fs.Path; import org.apache.hadoop.hdfs.MiniDFSCluster; import org.apache.sentry.core.common.ActiveRoleSet; import org.apache.sentry.policy.common.PolicyEngine; -import org.apache.sentry.provider.file.PolicyFile; +import org.apache.sentry.core.common.utils.PolicyFile; import org.apache.sentry.provider.file.PolicyFiles; import org.junit.AfterClass; import org.junit.BeforeClass; http://git-wip-us.apache.org/repos/asf/sentry/blob/f1332300/sentry-binding/sentry-binding-kafka/pom.xml ---------------------------------------------------------------------- diff --git a/sentry-binding/sentry-binding-kafka/pom.xml b/sentry-binding/sentry-binding-kafka/pom.xml index f6f212b..f868786 100644 --- a/sentry-binding/sentry-binding-kafka/pom.xml +++ b/sentry-binding/sentry-binding-kafka/pom.xml @@ -37,27 +37,15 @@ limitations under the License. </dependency> <dependency> <groupId>org.apache.sentry</groupId> - <artifactId>sentry-core-common</artifactId> - </dependency> - <dependency> - <groupId>org.apache.sentry</groupId> <artifactId>sentry-core-model-kafka</artifactId> </dependency> <dependency> <groupId>org.apache.sentry</groupId> - <artifactId>sentry-provider-common</artifactId> - </dependency> - <dependency> - <groupId>org.apache.sentry</groupId> - <artifactId>sentry-provider-file</artifactId> - </dependency> - <dependency> - <groupId>org.apache.sentry</groupId> <artifactId>sentry-provider-db</artifactId> </dependency> <dependency> <groupId>org.apache.sentry</groupId> - <artifactId>sentry-policy-common</artifactId> + <artifactId>sentry-policy-engine</artifactId> </dependency> <dependency> <groupId>org.apache.hadoop</groupId> http://git-wip-us.apache.org/repos/asf/sentry/blob/f1332300/sentry-binding/sentry-binding-kafka/src/main/java/org/apache/sentry/kafka/binding/KafkaAuthBinding.java ---------------------------------------------------------------------- diff --git a/sentry-binding/sentry-binding-kafka/src/main/java/org/apache/sentry/kafka/binding/KafkaAuthBinding.java b/sentry-binding/sentry-binding-kafka/src/main/java/org/apache/sentry/kafka/binding/KafkaAuthBinding.java index cc5194b..53e7a3c 100644 --- a/sentry-binding/sentry-binding-kafka/src/main/java/org/apache/sentry/kafka/binding/KafkaAuthBinding.java +++ b/sentry-binding/sentry-binding-kafka/src/main/java/org/apache/sentry/kafka/binding/KafkaAuthBinding.java @@ -51,7 +51,7 @@ import org.apache.sentry.core.model.kafka.KafkaPrivilegeModel; import org.apache.sentry.kafka.ConvertUtil; import org.apache.sentry.kafka.conf.KafkaAuthConf.AuthzConfVars; import org.apache.sentry.policy.common.PolicyEngine; -import org.apache.sentry.provider.common.AuthorizationComponent; +import org.apache.sentry.core.common.utils.AuthorizationComponent; import org.apache.sentry.provider.common.AuthorizationProvider; import org.apache.sentry.provider.common.ProviderBackend; import org.apache.sentry.provider.common.ProviderBackendContext; http://git-wip-us.apache.org/repos/asf/sentry/blob/f1332300/sentry-binding/sentry-binding-kafka/src/test/java/org/apache/sentry/policy/kafka/MockGroupMappingServiceProvider.java ---------------------------------------------------------------------- diff --git a/sentry-binding/sentry-binding-kafka/src/test/java/org/apache/sentry/policy/kafka/MockGroupMappingServiceProvider.java b/sentry-binding/sentry-binding-kafka/src/test/java/org/apache/sentry/policy/kafka/MockGroupMappingServiceProvider.java index 572c74d..1329520 100644 --- a/sentry-binding/sentry-binding-kafka/src/test/java/org/apache/sentry/policy/kafka/MockGroupMappingServiceProvider.java +++ b/sentry-binding/sentry-binding-kafka/src/test/java/org/apache/sentry/policy/kafka/MockGroupMappingServiceProvider.java @@ -20,7 +20,7 @@ package org.apache.sentry.policy.kafka; import java.util.Set; -import org.apache.sentry.provider.common.GroupMappingService; +import org.apache.sentry.core.common.service.GroupMappingService; import com.google.common.collect.Multimap; import com.google.common.collect.Sets; http://git-wip-us.apache.org/repos/asf/sentry/blob/f1332300/sentry-binding/sentry-binding-kafka/src/test/java/org/apache/sentry/policy/kafka/TestKafkaAuthorizationProviderSpecialCases.java ---------------------------------------------------------------------- diff --git a/sentry-binding/sentry-binding-kafka/src/test/java/org/apache/sentry/policy/kafka/TestKafkaAuthorizationProviderSpecialCases.java b/sentry-binding/sentry-binding-kafka/src/test/java/org/apache/sentry/policy/kafka/TestKafkaAuthorizationProviderSpecialCases.java index 63d2f30..6109059 100644 --- a/sentry-binding/sentry-binding-kafka/src/test/java/org/apache/sentry/policy/kafka/TestKafkaAuthorizationProviderSpecialCases.java +++ b/sentry-binding/sentry-binding-kafka/src/test/java/org/apache/sentry/policy/kafka/TestKafkaAuthorizationProviderSpecialCases.java @@ -38,7 +38,7 @@ import org.apache.sentry.core.model.kafka.Topic; import org.apache.sentry.policy.common.PolicyEngine; import org.apache.sentry.provider.common.AuthorizationProvider; import org.apache.sentry.provider.file.LocalGroupResourceAuthorizationProvider; -import org.apache.sentry.provider.file.PolicyFile; +import org.apache.sentry.core.common.utils.PolicyFile; import org.junit.After; import org.junit.Before; import org.junit.Test; http://git-wip-us.apache.org/repos/asf/sentry/blob/f1332300/sentry-binding/sentry-binding-solr/pom.xml ---------------------------------------------------------------------- diff --git a/sentry-binding/sentry-binding-solr/pom.xml b/sentry-binding/sentry-binding-solr/pom.xml index a63a600..8b94c87 100644 --- a/sentry-binding/sentry-binding-solr/pom.xml +++ b/sentry-binding/sentry-binding-solr/pom.xml @@ -36,18 +36,10 @@ limitations under the License. </dependency> <dependency> <groupId>org.apache.sentry</groupId> - <artifactId>sentry-core-common</artifactId> - </dependency> - <dependency> - <groupId>org.apache.sentry</groupId> <artifactId>sentry-core-model-search</artifactId> </dependency> <dependency> <groupId>org.apache.sentry</groupId> - <artifactId>sentry-provider-common</artifactId> - </dependency> - <dependency> - <groupId>org.apache.sentry</groupId> <artifactId>sentry-provider-db</artifactId> </dependency> <dependency> @@ -56,6 +48,10 @@ limitations under the License. <scope>test</scope> </dependency> <dependency> + <groupId>org.apache.sentry</groupId> + <artifactId>sentry-policy-engine</artifactId> + </dependency> + <dependency> <groupId>org.apache.hadoop</groupId> <artifactId>hadoop-common</artifactId> <scope>provided</scope> http://git-wip-us.apache.org/repos/asf/sentry/blob/f1332300/sentry-binding/sentry-binding-solr/src/main/java/org/apache/sentry/binding/solr/authz/SolrAuthzBinding.java ---------------------------------------------------------------------- diff --git a/sentry-binding/sentry-binding-solr/src/main/java/org/apache/sentry/binding/solr/authz/SolrAuthzBinding.java b/sentry-binding/sentry-binding-solr/src/main/java/org/apache/sentry/binding/solr/authz/SolrAuthzBinding.java index 2400673..3bc5b82 100644 --- a/sentry-binding/sentry-binding-solr/src/main/java/org/apache/sentry/binding/solr/authz/SolrAuthzBinding.java +++ b/sentry-binding/sentry-binding-solr/src/main/java/org/apache/sentry/binding/solr/authz/SolrAuthzBinding.java @@ -42,9 +42,9 @@ import org.apache.sentry.core.model.search.Collection; import org.apache.sentry.core.model.search.SearchModelAction; import org.apache.sentry.core.model.search.SearchPrivilegeModel; import org.apache.sentry.policy.common.PolicyEngine; -import org.apache.sentry.provider.common.AuthorizationComponent; +import org.apache.sentry.core.common.utils.AuthorizationComponent; import org.apache.sentry.provider.common.AuthorizationProvider; -import org.apache.sentry.provider.common.GroupMappingService; +import org.apache.sentry.core.common.service.GroupMappingService; import org.apache.sentry.provider.common.HadoopGroupResourceAuthorizationProvider; import org.apache.sentry.provider.common.ProviderBackend; import org.apache.sentry.provider.common.ProviderBackendContext; http://git-wip-us.apache.org/repos/asf/sentry/blob/f1332300/sentry-binding/sentry-binding-solr/src/test/java/org/apache/sentry/policy/solr/TestSearchAuthorizationProviderGeneralCases.java ---------------------------------------------------------------------- diff --git a/sentry-binding/sentry-binding-solr/src/test/java/org/apache/sentry/policy/solr/TestSearchAuthorizationProviderGeneralCases.java b/sentry-binding/sentry-binding-solr/src/test/java/org/apache/sentry/policy/solr/TestSearchAuthorizationProviderGeneralCases.java index 6f7f07a..2c82dc7 100644 --- a/sentry-binding/sentry-binding-solr/src/test/java/org/apache/sentry/policy/solr/TestSearchAuthorizationProviderGeneralCases.java +++ b/sentry-binding/sentry-binding-solr/src/test/java/org/apache/sentry/policy/solr/TestSearchAuthorizationProviderGeneralCases.java @@ -34,7 +34,7 @@ import org.apache.sentry.core.common.Subject; import org.apache.sentry.core.model.search.Collection; import org.apache.sentry.core.model.search.SearchModelAction; import org.apache.sentry.core.model.search.SearchPrivilegeModel; -import org.apache.sentry.provider.common.GroupMappingService; +import org.apache.sentry.core.common.service.GroupMappingService; import org.apache.sentry.provider.common.ResourceAuthorizationProvider; import org.apache.sentry.provider.file.HadoopGroupResourceAuthorizationProvider; import org.apache.sentry.provider.file.PolicyFiles; http://git-wip-us.apache.org/repos/asf/sentry/blob/f1332300/sentry-binding/sentry-binding-solr/src/test/java/org/apache/sentry/policy/solr/TestSearchAuthorizationProviderSpecialCases.java ---------------------------------------------------------------------- diff --git a/sentry-binding/sentry-binding-solr/src/test/java/org/apache/sentry/policy/solr/TestSearchAuthorizationProviderSpecialCases.java b/sentry-binding/sentry-binding-solr/src/test/java/org/apache/sentry/policy/solr/TestSearchAuthorizationProviderSpecialCases.java index 371f361..80e3f4a 100644 --- a/sentry-binding/sentry-binding-solr/src/test/java/org/apache/sentry/policy/solr/TestSearchAuthorizationProviderSpecialCases.java +++ b/sentry-binding/sentry-binding-solr/src/test/java/org/apache/sentry/policy/solr/TestSearchAuthorizationProviderSpecialCases.java @@ -35,7 +35,7 @@ import org.apache.sentry.core.model.search.SearchPrivilegeModel; import org.apache.sentry.policy.common.PolicyEngine; import org.apache.sentry.provider.common.AuthorizationProvider; import org.apache.sentry.provider.file.LocalGroupResourceAuthorizationProvider; -import org.apache.sentry.provider.file.PolicyFile; +import org.apache.sentry.core.common.utils.PolicyFile; import org.junit.After; import org.junit.Before; import org.junit.Test; http://git-wip-us.apache.org/repos/asf/sentry/blob/f1332300/sentry-binding/sentry-binding-sqoop/pom.xml ---------------------------------------------------------------------- diff --git a/sentry-binding/sentry-binding-sqoop/pom.xml b/sentry-binding/sentry-binding-sqoop/pom.xml index 732da26..e96802f 100644 --- a/sentry-binding/sentry-binding-sqoop/pom.xml +++ b/sentry-binding/sentry-binding-sqoop/pom.xml @@ -36,18 +36,10 @@ limitations under the License. </dependency> <dependency> <groupId>org.apache.sentry</groupId> - <artifactId>sentry-core-common</artifactId> - </dependency> - <dependency> - <groupId>org.apache.sentry</groupId> <artifactId>sentry-core-model-sqoop</artifactId> </dependency> <dependency> <groupId>org.apache.sentry</groupId> - <artifactId>sentry-provider-common</artifactId> - </dependency> - <dependency> - <groupId>org.apache.sentry</groupId> <artifactId>sentry-provider-file</artifactId> </dependency> <dependency> @@ -56,7 +48,7 @@ limitations under the License. </dependency> <dependency> <groupId>org.apache.sentry</groupId> - <artifactId>sentry-policy-common</artifactId> + <artifactId>sentry-policy-engine</artifactId> </dependency> <dependency> <groupId>org.apache.hadoop</groupId> http://git-wip-us.apache.org/repos/asf/sentry/blob/f1332300/sentry-binding/sentry-binding-sqoop/src/main/java/org/apache/sentry/sqoop/binding/SqoopAuthBinding.java ---------------------------------------------------------------------- diff --git a/sentry-binding/sentry-binding-sqoop/src/main/java/org/apache/sentry/sqoop/binding/SqoopAuthBinding.java b/sentry-binding/sentry-binding-sqoop/src/main/java/org/apache/sentry/sqoop/binding/SqoopAuthBinding.java index 84a61cc..0a2e0b5 100644 --- a/sentry-binding/sentry-binding-sqoop/src/main/java/org/apache/sentry/sqoop/binding/SqoopAuthBinding.java +++ b/sentry-binding/sentry-binding-sqoop/src/main/java/org/apache/sentry/sqoop/binding/SqoopAuthBinding.java @@ -32,7 +32,7 @@ import org.apache.sentry.core.model.sqoop.SqoopActionConstant; import org.apache.sentry.core.model.sqoop.SqoopActionFactory; import org.apache.sentry.core.model.sqoop.SqoopPrivilegeModel; import org.apache.sentry.policy.common.PolicyEngine; -import org.apache.sentry.provider.common.AuthorizationComponent; +import org.apache.sentry.core.common.utils.AuthorizationComponent; import org.apache.sentry.provider.common.AuthorizationProvider; import org.apache.sentry.provider.common.ProviderBackend; import org.apache.sentry.provider.common.ProviderBackendContext; http://git-wip-us.apache.org/repos/asf/sentry/blob/f1332300/sentry-binding/sentry-binding-sqoop/src/test/java/org/apache/sentry/policy/sqoop/TestSqoopAuthorizationProviderGeneralCases.java ---------------------------------------------------------------------- diff --git a/sentry-binding/sentry-binding-sqoop/src/test/java/org/apache/sentry/policy/sqoop/TestSqoopAuthorizationProviderGeneralCases.java b/sentry-binding/sentry-binding-sqoop/src/test/java/org/apache/sentry/policy/sqoop/TestSqoopAuthorizationProviderGeneralCases.java index 7ce8881..a3d96fe 100644 --- a/sentry-binding/sentry-binding-sqoop/src/test/java/org/apache/sentry/policy/sqoop/TestSqoopAuthorizationProviderGeneralCases.java +++ b/sentry-binding/sentry-binding-sqoop/src/test/java/org/apache/sentry/policy/sqoop/TestSqoopAuthorizationProviderGeneralCases.java @@ -38,7 +38,7 @@ import org.apache.sentry.core.model.sqoop.Server; import org.apache.sentry.core.model.sqoop.SqoopActionConstant; import org.apache.sentry.core.model.sqoop.SqoopActionFactory.SqoopAction; import org.apache.sentry.core.model.sqoop.SqoopPrivilegeModel; -import org.apache.sentry.provider.common.GroupMappingService; +import org.apache.sentry.core.common.service.GroupMappingService; import org.apache.sentry.provider.common.ResourceAuthorizationProvider; import org.apache.sentry.provider.common.HadoopGroupResourceAuthorizationProvider; import org.apache.sentry.provider.file.PolicyFiles; http://git-wip-us.apache.org/repos/asf/sentry/blob/f1332300/sentry-binding/sentry-binding-sqoop/src/test/java/org/apache/sentry/policy/sqoop/TestSqoopAuthorizationProviderSpecialCases.java ---------------------------------------------------------------------- diff --git a/sentry-binding/sentry-binding-sqoop/src/test/java/org/apache/sentry/policy/sqoop/TestSqoopAuthorizationProviderSpecialCases.java b/sentry-binding/sentry-binding-sqoop/src/test/java/org/apache/sentry/policy/sqoop/TestSqoopAuthorizationProviderSpecialCases.java index 8d69402..4bcf3b1 100644 --- a/sentry-binding/sentry-binding-sqoop/src/test/java/org/apache/sentry/policy/sqoop/TestSqoopAuthorizationProviderSpecialCases.java +++ b/sentry-binding/sentry-binding-sqoop/src/test/java/org/apache/sentry/policy/sqoop/TestSqoopAuthorizationProviderSpecialCases.java @@ -38,7 +38,7 @@ import org.apache.sentry.core.model.sqoop.SqoopPrivilegeModel; import org.apache.sentry.policy.common.PolicyEngine; import org.apache.sentry.provider.common.AuthorizationProvider; import org.apache.sentry.provider.file.LocalGroupResourceAuthorizationProvider; -import org.apache.sentry.provider.file.PolicyFile; +import org.apache.sentry.core.common.utils.PolicyFile; import org.junit.After; import org.junit.Before; import org.junit.Test; http://git-wip-us.apache.org/repos/asf/sentry/blob/f1332300/sentry-core/sentry-core-common/src/main/java/org/apache/sentry/core/common/service/GroupMappingService.java ---------------------------------------------------------------------- diff --git a/sentry-core/sentry-core-common/src/main/java/org/apache/sentry/core/common/service/GroupMappingService.java b/sentry-core/sentry-core-common/src/main/java/org/apache/sentry/core/common/service/GroupMappingService.java new file mode 100644 index 0000000..6af6ac5 --- /dev/null +++ b/sentry-core/sentry-core-common/src/main/java/org/apache/sentry/core/common/service/GroupMappingService.java @@ -0,0 +1,35 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright ownership. + * The ASF licenses this file to You under the Apache License, Version 2.0 + * (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package org.apache.sentry.core.common.service; + +import java.util.Set; + +import javax.annotation.concurrent.ThreadSafe; + +/** + * Interface so the Groups class is easier to unit test with. + * Implementations of this class are expected to be thread safe + * after construction. + */ +@ThreadSafe +public interface GroupMappingService { + + /** + * @return non-null list of groups for user + */ + Set<String> getGroups(String user); +} http://git-wip-us.apache.org/repos/asf/sentry/blob/f1332300/sentry-core/sentry-core-common/src/main/java/org/apache/sentry/core/common/service/HadoopGroupMappingService.java ---------------------------------------------------------------------- diff --git a/sentry-core/sentry-core-common/src/main/java/org/apache/sentry/core/common/service/HadoopGroupMappingService.java b/sentry-core/sentry-core-common/src/main/java/org/apache/sentry/core/common/service/HadoopGroupMappingService.java new file mode 100644 index 0000000..2b10ae1 --- /dev/null +++ b/sentry-core/sentry-core-common/src/main/java/org/apache/sentry/core/common/service/HadoopGroupMappingService.java @@ -0,0 +1,69 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright ownership. + * The ASF licenses this file to You under the Apache License, Version 2.0 + * (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package org.apache.sentry.core.common.service; + +import java.io.IOException; +import java.util.HashSet; +import java.util.List; +import java.util.Set; + +import org.apache.commons.lang.StringUtils; +import org.apache.hadoop.conf.Configuration; +import org.apache.hadoop.security.Groups; + +import com.google.common.collect.Lists; +import org.apache.sentry.core.common.exception.SentryGroupNotFoundException; + +public class HadoopGroupMappingService implements GroupMappingService { + + private static Configuration hadoopConf; + private final Groups groups; + + public HadoopGroupMappingService(Groups groups) { + this.groups = groups; + } + + public HadoopGroupMappingService(Configuration conf, String resource) { + if (hadoopConf == null) { + synchronized (HadoopGroupMappingService.class) { + if (hadoopConf == null) { + // clone the current config and add resource path + hadoopConf = new Configuration(); + hadoopConf.addResource(conf); + if (!StringUtils.isEmpty(resource)) { + hadoopConf.addResource(resource); + } + } + } + } + this.groups = Groups.getUserToGroupsMappingService(hadoopConf); + } + + @Override + public Set<String> getGroups(String user) { + List<String> groupList = Lists.newArrayList(); + try { + groupList = groups.getGroups(user); + } catch (IOException e) { + throw new SentryGroupNotFoundException("Unable to obtain groups for " + user, e); + } + if (groupList == null || groupList.isEmpty()) { + throw new SentryGroupNotFoundException("Unable to obtain groups for " + user); + } + return new HashSet<String>(groupList); + } +} http://git-wip-us.apache.org/repos/asf/sentry/blob/f1332300/sentry-core/sentry-core-common/src/main/java/org/apache/sentry/core/common/service/MockGroupMappingServiceProvider.java ---------------------------------------------------------------------- diff --git a/sentry-core/sentry-core-common/src/main/java/org/apache/sentry/core/common/service/MockGroupMappingServiceProvider.java b/sentry-core/sentry-core-common/src/main/java/org/apache/sentry/core/common/service/MockGroupMappingServiceProvider.java new file mode 100644 index 0000000..55010de --- /dev/null +++ b/sentry-core/sentry-core-common/src/main/java/org/apache/sentry/core/common/service/MockGroupMappingServiceProvider.java @@ -0,0 +1,44 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright ownership. + * The ASF licenses this file to You under the Apache License, Version 2.0 + * (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package org.apache.sentry.core.common.service; + +import java.util.Collection; +import java.util.Set; + +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; + +import com.google.common.collect.Multimap; +import com.google.common.collect.Sets; + +public class MockGroupMappingServiceProvider implements GroupMappingService { + private static final Logger LOGGER = LoggerFactory + .getLogger(MockGroupMappingServiceProvider.class); + private final Multimap<String, String> userToGroupMap; + + public MockGroupMappingServiceProvider(Multimap<String, String> userToGroupMap) { + this.userToGroupMap = userToGroupMap; + } + + @Override + public Set<String> getGroups(String user) { + Collection<String> groups = userToGroupMap.get(user); + LOGGER.info("Mapping " + user + " to " + groups); + return Sets.newHashSet(groups); + } + +} http://git-wip-us.apache.org/repos/asf/sentry/blob/f1332300/sentry-core/sentry-core-common/src/main/java/org/apache/sentry/core/common/service/NoGroupMappingService.java ---------------------------------------------------------------------- diff --git a/sentry-core/sentry-core-common/src/main/java/org/apache/sentry/core/common/service/NoGroupMappingService.java b/sentry-core/sentry-core-common/src/main/java/org/apache/sentry/core/common/service/NoGroupMappingService.java new file mode 100644 index 0000000..db48788 --- /dev/null +++ b/sentry-core/sentry-core-common/src/main/java/org/apache/sentry/core/common/service/NoGroupMappingService.java @@ -0,0 +1,33 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright ownership. + * The ASF licenses this file to You under the Apache License, Version 2.0 + * (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package org.apache.sentry.core.common.service; + +import java.util.HashSet; +import java.util.Set; + +/** + * GroupMappingService that always returns an empty list of groups + */ +public class NoGroupMappingService implements GroupMappingService { + + /** + * @return empty list of groups for every user + */ + public Set<String> getGroups(String user) { + return new HashSet<String>(); + } +} http://git-wip-us.apache.org/repos/asf/sentry/blob/f1332300/sentry-core/sentry-core-common/src/main/java/org/apache/sentry/core/common/utils/AuthorizationComponent.java ---------------------------------------------------------------------- diff --git a/sentry-core/sentry-core-common/src/main/java/org/apache/sentry/core/common/utils/AuthorizationComponent.java b/sentry-core/sentry-core-common/src/main/java/org/apache/sentry/core/common/utils/AuthorizationComponent.java new file mode 100644 index 0000000..e3f1f15 --- /dev/null +++ b/sentry-core/sentry-core-common/src/main/java/org/apache/sentry/core/common/utils/AuthorizationComponent.java @@ -0,0 +1,30 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright ownership. + * The ASF licenses this file to You under the Apache License, Version 2.0 + * (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package org.apache.sentry.core.common.utils; +/** + * Represent which component being authorized by Sentry + * using generic model + */ +public class AuthorizationComponent{ + public static final String Search = "solr"; + public static final String SQOOP = "sqoop"; + public static final String KAFKA = "kafka"; + + private AuthorizationComponent() { + // Make constructor private to avoid instantiation + } +}
