http://git-wip-us.apache.org/repos/asf/sentry/blob/f1332300/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/service/thrift/PoolClientInvocationHandler.java ---------------------------------------------------------------------- diff --git a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/service/thrift/PoolClientInvocationHandler.java b/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/service/thrift/PoolClientInvocationHandler.java deleted file mode 100644 index a35bf1d..0000000 --- a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/service/thrift/PoolClientInvocationHandler.java +++ /dev/null @@ -1,154 +0,0 @@ -/** - * Licensed to the Apache Software Foundation (ASF) under one - * or more contributor license agreements. See the NOTICE file - * distributed with this work for additional information - * regarding copyright ownership. The ASF licenses this file - * to you under the Apache License, Version 2.0 (the - * "License"); you may not use this file except in compliance - * with the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ -package org.apache.sentry.service.thrift; - -import java.lang.reflect.InvocationTargetException; -import java.lang.reflect.Method; - -import org.apache.commons.pool2.PooledObjectFactory; -import org.apache.commons.pool2.impl.AbandonedConfig; -import org.apache.commons.pool2.impl.GenericObjectPool; -import org.apache.commons.pool2.impl.GenericObjectPoolConfig; -import org.apache.hadoop.conf.Configuration; -import org.apache.sentry.core.common.exception.SentryUserException; -import org.apache.sentry.provider.db.service.thrift.SentryPolicyServiceClient; -import org.apache.sentry.service.thrift.ServiceConstants.ClientConfig; -import org.apache.thrift.transport.TTransportException; -import org.slf4j.Logger; -import org.slf4j.LoggerFactory; - -/** - * The PoolClientInvocationHandler is a proxy class for handling thrift call. For every thrift call, - * get the instance of SentryPolicyServiceBaseClient from the commons-pool, and return the instance - * to the commons-pool after complete the call. For any exception with the call, discard the - * instance and create a new one added to the commons-pool. Then, get the instance and do the call - * again. For the thread safe, the commons-pool will manage the connection pool, and every thread - * can get the connection by borrowObject() and return the connection to the pool by returnObject(). - */ - -public class PoolClientInvocationHandler extends SentryClientInvocationHandler { - - private static final Logger LOGGER = LoggerFactory.getLogger(PoolClientInvocationHandler.class); - - private final Configuration conf; - private PooledObjectFactory<SentryPolicyServiceClient> poolFactory; - private GenericObjectPool<SentryPolicyServiceClient> pool; - private GenericObjectPoolConfig poolConfig; - private int connectionRetryTotal; - - private static final String POOL_EXCEPTION_MESSAGE = "Pool exception occured "; - - public PoolClientInvocationHandler(Configuration conf) throws Exception { - this.conf = conf; - readConfiguration(); - poolFactory = new SentryServiceClientPoolFactory(conf); - pool = new GenericObjectPool<SentryPolicyServiceClient>(poolFactory, poolConfig, new AbandonedConfig()); - } - - @Override - public Object invokeImpl(Object proxy, Method method, Object[] args) throws Exception { - int retryCount = 0; - Object result = null; - while (retryCount < connectionRetryTotal) { - try { - // The wapper here is for the retry of thrift call, the default retry number is 3. - result = invokeFromPool(method, args); - break; - } catch (TTransportException e) { - // TTransportException means there has connection problem, create a new connection and try - // again. Get the lock of pool and add new connection. - synchronized (pool) { - // If there has room, create new instance and add it to the commons-pool, this instance - // will be back first from the commons-pool because the configuration is LIFO. - if (pool.getNumIdle() + pool.getNumActive() < pool.getMaxTotal()) { - pool.addObject(); - } - } - // Increase the retry num, and throw the exception if can't retry again. - retryCount++; - if (retryCount == connectionRetryTotal) { - throw new SentryUserException(e.getMessage(), e); - } - } - } - return result; - } - - private Object invokeFromPool(Method method, Object[] args) throws Exception { - Object result = null; - SentryPolicyServiceClient client; - try { - // get the connection from the pool, don't know if the connection is broken. - client = pool.borrowObject(); - } catch (Exception e) { - LOGGER.debug(POOL_EXCEPTION_MESSAGE, e); - throw new SentryUserException(e.getMessage(), e); - } - try { - // do the thrift call - result = method.invoke(client, args); - } catch (InvocationTargetException e) { - // Get the target exception, check if SentryUserException or TTransportException is wrapped. - // TTransportException means there has connection problem with the pool. - Throwable targetException = e.getCause(); - if (targetException instanceof SentryUserException) { - Throwable sentryTargetException = targetException.getCause(); - // If there has connection problem, eg, invalid connection if the service restarted, - // sentryTargetException instanceof TTransportException = true. - if (sentryTargetException instanceof TTransportException) { - // If the exception is caused by connection problem, destroy the instance and - // remove it from the commons-pool. Throw the TTransportException for reconnect. - pool.invalidateObject(client); - throw new TTransportException(sentryTargetException); - } - // The exception is thrown by thrift call, eg, SentryAccessDeniedException. - throw (SentryUserException) targetException; - } - throw e; - } finally{ - try { - // return the instance to commons-pool - pool.returnObject(client); - } catch (Exception e) { - LOGGER.error(POOL_EXCEPTION_MESSAGE, e); - throw e; - } - } - return result; - } - - @Override - public void close() { - try { - pool.close(); - } catch (Exception e) { - LOGGER.debug(POOL_EXCEPTION_MESSAGE, e); - } - } - - private void readConfiguration() { - poolConfig = new GenericObjectPoolConfig(); - // config the pool size for commons-pool - poolConfig.setMaxTotal(conf.getInt(ClientConfig.SENTRY_POOL_MAX_TOTAL, ClientConfig.SENTRY_POOL_MAX_TOTAL_DEFAULT)); - poolConfig.setMinIdle(conf.getInt(ClientConfig.SENTRY_POOL_MIN_IDLE, ClientConfig.SENTRY_POOL_MIN_IDLE_DEFAULT)); - poolConfig.setMaxIdle(conf.getInt(ClientConfig.SENTRY_POOL_MAX_IDLE, ClientConfig.SENTRY_POOL_MAX_IDLE_DEFAULT)); - // get the retry number for reconnecting service - connectionRetryTotal = conf.getInt(ClientConfig.SENTRY_POOL_RETRY_TOTAL, - ClientConfig.SENTRY_POOL_RETRY_TOTAL_DEFAULT); - } -}
http://git-wip-us.apache.org/repos/asf/sentry/blob/f1332300/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/service/thrift/ProcessorFactory.java ---------------------------------------------------------------------- diff --git a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/service/thrift/ProcessorFactory.java b/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/service/thrift/ProcessorFactory.java deleted file mode 100644 index a3bb6ab..0000000 --- a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/service/thrift/ProcessorFactory.java +++ /dev/null @@ -1,31 +0,0 @@ -/** - * Licensed to the Apache Software Foundation (ASF) under one - * or more contributor license agreements. See the NOTICE file - * distributed with this work for additional information - * regarding copyright ownership. The ASF licenses this file - * to you under the Apache License, Version 2.0 (the - * "License"); you may not use this file except in compliance - * with the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ -package org.apache.sentry.service.thrift; - -import org.apache.hadoop.conf.Configuration; -import org.apache.thrift.TMultiplexedProcessor; - -public abstract class ProcessorFactory { - protected final Configuration conf; - - public ProcessorFactory(Configuration conf) { - this.conf = conf; - } - - public abstract boolean register(TMultiplexedProcessor processor) throws Exception; -} http://git-wip-us.apache.org/repos/asf/sentry/blob/f1332300/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/service/thrift/SentryClientInvocationHandler.java ---------------------------------------------------------------------- diff --git a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/service/thrift/SentryClientInvocationHandler.java b/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/service/thrift/SentryClientInvocationHandler.java deleted file mode 100644 index a41be7f..0000000 --- a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/service/thrift/SentryClientInvocationHandler.java +++ /dev/null @@ -1,54 +0,0 @@ -/** - * Licensed to the Apache Software Foundation (ASF) under one - * or more contributor license agreements. See the NOTICE file - * distributed with this work for additional information - * regarding copyright ownership. The ASF licenses this file - * to you under the Apache License, Version 2.0 (the - * "License"); you may not use this file except in compliance - * with the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ -package org.apache.sentry.service.thrift; - -import java.lang.reflect.InvocationHandler; -import java.lang.reflect.Method; - -/** - * SentryClientInvocationHandler is the base interface for all the InvocationHandler in SENTRY - */ -public abstract class SentryClientInvocationHandler implements InvocationHandler { - - /** - * Close the InvocationHandler: An InvocationHandler may create some contexts, - * these contexts should be close when the method "close()" of client be called. - */ - @Override - public final Object invoke(Object proxy, Method method, Object[] args) throws Exception { - // close() doesn't throw exception we supress that in case of connection - // loss. Changing SentryPolicyServiceClient#close() to throw an - // exception would be a backward incompatible change for Sentry clients. - if ("close".equals(method.getName()) && null == args) { - close(); - return null; - } - return invokeImpl(proxy, method, args); - } - - /** - * Subclass should implement this method for special function - */ - public abstract Object invokeImpl(Object proxy, Method method, Object[] args) throws Exception; - - /** - * An abstract method "close", an invocationHandler should close its contexts at here. - */ - public abstract void close(); - -} http://git-wip-us.apache.org/repos/asf/sentry/blob/f1332300/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/service/thrift/SentryKerberosContext.java ---------------------------------------------------------------------- diff --git a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/service/thrift/SentryKerberosContext.java b/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/service/thrift/SentryKerberosContext.java deleted file mode 100644 index f54f161..0000000 --- a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/service/thrift/SentryKerberosContext.java +++ /dev/null @@ -1,157 +0,0 @@ -/** - * Licensed to the Apache Software Foundation (ASF) under one - * or more contributor license agreements. See the NOTICE file - * distributed with this work for additional information - * regarding copyright ownership. The ASF licenses this file - * to you under the Apache License, Version 2.0 (the - * "License"); you may not use this file except in compliance - * with the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -package org.apache.sentry.service.thrift; - -import java.io.File; -import java.util.HashSet; -import java.util.Set; - -import javax.security.auth.Subject; -import javax.security.auth.kerberos.KerberosPrincipal; -import javax.security.auth.kerberos.KerberosTicket; -import javax.security.auth.login.LoginContext; -import javax.security.auth.login.LoginException; - -import org.slf4j.Logger; -import org.slf4j.LoggerFactory; - -import com.google.common.collect.Sets; - -public class SentryKerberosContext implements Runnable { - private static final float TICKET_RENEW_WINDOW = 0.80f; - private static final Logger LOGGER = LoggerFactory - .getLogger(SentryKerberosContext.class); - private LoginContext loginContext; - private Subject subject; - private final javax.security.auth.login.Configuration kerberosConfig; - @Deprecated - private Thread renewerThread; - @Deprecated - private boolean shutDownRenewer = false; - - public SentryKerberosContext(String principal, String keyTab, boolean autoRenewTicket) - throws LoginException { - subject = new Subject(false, Sets.newHashSet(new KerberosPrincipal(principal)), - new HashSet<Object>(), new HashSet<Object>()); - kerberosConfig = KerberosConfiguration.createClientConfig(principal, new File(keyTab)); - loginWithNewContext(); - if (autoRenewTicket) { - startRenewerThread(); - } - } - - private void loginWithNewContext() throws LoginException { - LOGGER.info("Logging in with new Context"); - logoutSubject(); - loginContext = new LoginContext("", subject, null, kerberosConfig); - loginContext.login(); - subject = loginContext.getSubject(); - } - - private void logoutSubject() { - if (loginContext != null) { - try { - loginContext.logout(); - } catch (LoginException e) { - LOGGER.warn("Error logging out the subject", e); - } - } - loginContext = null; - } - - public Subject getSubject() { - return subject; - } - - /** - * Get the Kerberos TGT - * @return the user's TGT or null if none was found - */ - @Deprecated - private KerberosTicket getTGT() { - Set<KerberosTicket> tickets = subject.getPrivateCredentials(KerberosTicket.class); - for(KerberosTicket ticket: tickets) { - KerberosPrincipal server = ticket.getServer(); - if (server.getName().equals("krbtgt/" + server.getRealm() + - "@" + server.getRealm())) { - return ticket; - } - } - return null; - } - - @Deprecated - private long getRefreshTime(KerberosTicket tgt) { - long start = tgt.getStartTime().getTime(); - long end = tgt.getEndTime().getTime(); - LOGGER.debug("Ticket start time: " + start); - LOGGER.debug("Ticket End time: " + end); - return start + (long) ((end - start) * TICKET_RENEW_WINDOW); - } - - /*** - * Ticket renewer thread - * wait till 80% time interval left on the ticket and then renew it - */ - @Deprecated - @Override - public void run() { - try { - LOGGER.info("Sentry Ticket renewer thread started"); - while (!shutDownRenewer) { - KerberosTicket tgt = getTGT(); - if (tgt == null) { - LOGGER.warn("No ticket found in the cache"); - return; - } - long nextRefresh = getRefreshTime(tgt); - while (System.currentTimeMillis() < nextRefresh) { - Thread.sleep(1000); - if (shutDownRenewer) { - return; - } - } - loginWithNewContext(); - LOGGER.debug("Renewed ticket"); - } - } catch (InterruptedException e1) { - LOGGER.warn("Sentry Ticket renewer thread interrupted", e1); - return; - } catch (LoginException e) { - LOGGER.warn("Failed to renew ticket", e); - } finally { - logoutSubject(); - LOGGER.info("Sentry Ticket renewer thread finished"); - } - } - - @Deprecated - public void startRenewerThread() { - renewerThread = new Thread(this); - renewerThread.start(); - } - - public void shutDown() throws LoginException { - if (renewerThread != null) { - shutDownRenewer = true; - } else { - logoutSubject(); - } - } -} http://git-wip-us.apache.org/repos/asf/sentry/blob/f1332300/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/service/thrift/SentryService.java ---------------------------------------------------------------------- diff --git a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/service/thrift/SentryService.java b/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/service/thrift/SentryService.java deleted file mode 100644 index 5783649..0000000 --- a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/service/thrift/SentryService.java +++ /dev/null @@ -1,426 +0,0 @@ -/** - * Licensed to the Apache Software Foundation (ASF) under one - * or more contributor license agreements. See the NOTICE file - * distributed with this work for additional information - * regarding copyright ownership. The ASF licenses this file - * to you under the Apache License, Version 2.0 (the - * "License"); you may not use this file except in compliance - * with the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -package org.apache.sentry.service.thrift; - -import java.io.File; -import java.io.IOException; -import java.lang.reflect.Constructor; -import java.net.InetSocketAddress; -import java.net.MalformedURLException; -import java.net.ServerSocket; -import java.security.PrivilegedExceptionAction; -import java.util.ArrayList; -import java.util.EventListener; -import java.util.List; -import java.util.concurrent.Callable; -import java.util.concurrent.ExecutionException; -import java.util.concurrent.ExecutorService; -import java.util.concurrent.Executors; -import java.util.concurrent.Future; -import java.util.concurrent.ThreadFactory; - -import javax.security.auth.Subject; - -import org.apache.commons.cli.CommandLine; -import org.apache.commons.cli.CommandLineParser; -import org.apache.commons.cli.GnuParser; -import org.apache.commons.cli.HelpFormatter; -import org.apache.commons.cli.Options; -import org.apache.hadoop.conf.Configuration; -import org.apache.hadoop.net.NetUtils; -import org.apache.hadoop.security.SaslRpcServer; -import org.apache.hadoop.security.SaslRpcServer.AuthMethod; -import org.apache.hadoop.security.SecurityUtil; -import org.apache.sentry.Command; -import org.apache.sentry.provider.db.service.thrift.SentryHealthCheckServletContextListener; -import org.apache.sentry.provider.db.service.thrift.SentryMetricsServletContextListener; -import org.apache.sentry.provider.db.service.thrift.SentryWebServer; -import org.apache.sentry.service.thrift.ServiceConstants.ConfUtilties; -import org.apache.sentry.service.thrift.ServiceConstants.ServerConfig; -import org.apache.thrift.TMultiplexedProcessor; -import org.apache.thrift.protocol.TBinaryProtocol; -import org.apache.thrift.server.TServer; -import org.apache.thrift.server.TServerEventHandler; -import org.apache.thrift.server.TThreadPoolServer; -import org.apache.thrift.transport.TSaslServerTransport; -import org.apache.thrift.transport.TServerSocket; -import org.apache.thrift.transport.TServerTransport; -import org.apache.thrift.transport.TTransportFactory; -import org.eclipse.jetty.util.MultiException; -import org.slf4j.Logger; -import org.slf4j.LoggerFactory; - -import com.google.common.base.Preconditions; - -public class SentryService implements Callable { - - private static final Logger LOGGER = LoggerFactory - .getLogger(SentryService.class); - - private static enum Status { - NOT_STARTED(), STARTED(); - } - - private final Configuration conf; - private final InetSocketAddress address; - private final int maxThreads; - private final int minThreads; - private boolean kerberos; - private final String principal; - private final String[] principalParts; - private final String keytab; - private final ExecutorService serviceExecutor; - private Future serviceStatus; - private TServer thriftServer; - private Status status; - private int webServerPort; - private SentryWebServer sentryWebServer; - private long maxMessageSize; - - public SentryService(Configuration conf) { - this.conf = conf; - int port = conf - .getInt(ServerConfig.RPC_PORT, ServerConfig.RPC_PORT_DEFAULT); - if (port == 0) { - port = findFreePort(); - conf.setInt(ServerConfig.RPC_PORT, port); - } - this.address = NetUtils.createSocketAddr( - conf.get(ServerConfig.RPC_ADDRESS, ServerConfig.RPC_ADDRESS_DEFAULT), - port); - LOGGER.info("Configured on address " + address); - kerberos = ServerConfig.SECURITY_MODE_KERBEROS.equalsIgnoreCase( - conf.get(ServerConfig.SECURITY_MODE, ServerConfig.SECURITY_MODE_KERBEROS).trim()); - maxThreads = conf.getInt(ServerConfig.RPC_MAX_THREADS, - ServerConfig.RPC_MAX_THREADS_DEFAULT); - minThreads = conf.getInt(ServerConfig.RPC_MIN_THREADS, - ServerConfig.RPC_MIN_THREADS_DEFAULT); - maxMessageSize = conf.getLong(ServerConfig.SENTRY_POLICY_SERVER_THRIFT_MAX_MESSAGE_SIZE, - ServerConfig.SENTRY_POLICY_SERVER_THRIFT_MAX_MESSAGE_SIZE_DEFAULT); - if (kerberos) { - // Use Hadoop libraries to translate the _HOST placeholder with actual hostname - try { - String rawPrincipal = Preconditions.checkNotNull(conf.get(ServerConfig.PRINCIPAL), ServerConfig.PRINCIPAL + " is required"); - principal = SecurityUtil.getServerPrincipal(rawPrincipal, address.getAddress()); - } catch(IOException io) { - throw new RuntimeException("Can't translate kerberos principal'", io); - } - LOGGER.info("Using kerberos principal: " + principal); - - principalParts = SaslRpcServer.splitKerberosName(principal); - Preconditions.checkArgument(principalParts.length == 3, - "Kerberos principal should have 3 parts: " + principal); - keytab = Preconditions.checkNotNull(conf.get(ServerConfig.KEY_TAB), - ServerConfig.KEY_TAB + " is required"); - File keytabFile = new File(keytab); - Preconditions.checkState(keytabFile.isFile() && keytabFile.canRead(), - "Keytab " + keytab + " does not exist or is not readable."); - } else { - principal = null; - principalParts = null; - keytab = null; - } - serviceExecutor = Executors.newSingleThreadExecutor(new ThreadFactory() { - private int count = 0; - - @Override - public Thread newThread(Runnable r) { - return new Thread(r, SentryService.class.getSimpleName() + "-" - + (count++)); - } - }); - webServerPort = conf.getInt(ServerConfig.SENTRY_WEB_PORT, ServerConfig.SENTRY_WEB_PORT_DEFAULT); - status = Status.NOT_STARTED; - } - - @Override - public String call() throws Exception { - SentryKerberosContext kerberosContext = null; - try { - status = Status.STARTED; - if (kerberos) { - Boolean autoRenewTicket = conf.getBoolean(ServerConfig.SENTRY_KERBEROS_TGT_AUTORENEW, ServerConfig.SENTRY_KERBEROS_TGT_AUTORENEW_DEFAULT); - kerberosContext = new SentryKerberosContext(principal, keytab, autoRenewTicket); - Subject.doAs(kerberosContext.getSubject(), new PrivilegedExceptionAction<Void>() { - @Override - public Void run() throws Exception { - runServer(); - return null; - } - }); - } else { - runServer(); - } - } catch (Exception t) { - LOGGER.error("Error starting server", t); - throw new Exception("Error starting server", t); - } finally { - if (kerberosContext != null) { - kerberosContext.shutDown(); - } - status = Status.NOT_STARTED; - } - return null; - } - - private void runServer() throws Exception { - Iterable<String> processorFactories = ConfUtilties.CLASS_SPLITTER - .split(conf.get(ServerConfig.PROCESSOR_FACTORIES, - ServerConfig.PROCESSOR_FACTORIES_DEFAULT).trim()); - TMultiplexedProcessor processor = new TMultiplexedProcessor(); - boolean registeredProcessor = false; - for (String processorFactory : processorFactories) { - Class<?> clazz = conf.getClassByName(processorFactory); - if (!ProcessorFactory.class.isAssignableFrom(clazz)) { - throw new IllegalArgumentException("Processor Factory " - + processorFactory + " is not a " - + ProcessorFactory.class.getName()); - } - try { - Constructor<?> constructor = clazz - .getConstructor(Configuration.class); - LOGGER.info("ProcessorFactory being used: " + clazz.getCanonicalName()); - ProcessorFactory factory = (ProcessorFactory) constructor - .newInstance(conf); - boolean registerStatus = factory.register(processor); - if (!registerStatus) { - LOGGER.error("Failed to register " + clazz.getCanonicalName()); - } - registeredProcessor = registerStatus || registeredProcessor; - } catch (Exception e) { - throw new IllegalStateException("Could not create " - + processorFactory, e); - } - } - if (!registeredProcessor) { - throw new IllegalStateException( - "Failed to register any processors from " + processorFactories); - } - TServerTransport serverTransport = new TServerSocket(address); - TTransportFactory transportFactory = null; - if (kerberos) { - TSaslServerTransport.Factory saslTransportFactory = new TSaslServerTransport.Factory(); - saslTransportFactory.addServerDefinition(AuthMethod.KERBEROS - .getMechanismName(), principalParts[0], principalParts[1], - ServerConfig.SASL_PROPERTIES, new GSSCallback(conf)); - transportFactory = saslTransportFactory; - } else { - transportFactory = new TTransportFactory(); - } - TThreadPoolServer.Args args = new TThreadPoolServer.Args( - serverTransport).processor(processor) - .transportFactory(transportFactory) - .protocolFactory(new TBinaryProtocol.Factory(true, true, maxMessageSize, maxMessageSize)) - .minWorkerThreads(minThreads).maxWorkerThreads(maxThreads); - thriftServer = new TThreadPoolServer(args); - LOGGER.info("Serving on " + address); - startSentryWebServer(); - thriftServer.serve(); - } - - private void startSentryWebServer() throws Exception{ - Boolean sentryReportingEnable = conf.getBoolean(ServerConfig.SENTRY_WEB_ENABLE, - ServerConfig.SENTRY_WEB_ENABLE_DEFAULT); - if(sentryReportingEnable) { - List<EventListener> listenerList = new ArrayList<EventListener>(); - listenerList.add(new SentryHealthCheckServletContextListener()); - listenerList.add(new SentryMetricsServletContextListener()); - sentryWebServer = new SentryWebServer(listenerList, webServerPort, conf); - sentryWebServer.start(); - } - - } - - private void stopSentryWebServer() throws Exception{ - if( sentryWebServer != null) { - sentryWebServer.stop(); - sentryWebServer = null; - } - } - - public InetSocketAddress getAddress() { - return address; - } - - public synchronized boolean isRunning() { - return status == Status.STARTED && thriftServer != null - && thriftServer.isServing(); - } - - public synchronized void start() throws Exception{ - if (status != Status.NOT_STARTED) { - throw new IllegalStateException("Cannot start when " + status); - } - LOGGER.info("Attempting to start..."); - serviceStatus = serviceExecutor.submit(this); - } - - public synchronized void stop() throws Exception{ - MultiException exception = null; - LOGGER.info("Attempting to stop..."); - if (isRunning()) { - LOGGER.info("Attempting to stop sentry thrift service..."); - try { - thriftServer.stop(); - thriftServer = null; - status = Status.NOT_STARTED; - } catch (Exception e) { - LOGGER.error("Error while stopping sentry thrift service", e); - exception = addMultiException(exception,e); - } - } else { - thriftServer = null; - status = Status.NOT_STARTED; - LOGGER.info("Sentry thrift service is already stopped..."); - } - if (isWebServerRunning()) { - try { - LOGGER.info("Attempting to stop sentry web service..."); - stopSentryWebServer(); - } catch (Exception e) { - LOGGER.error("Error while stopping sentry web service", e); - exception = addMultiException(exception,e); - } - } else { - LOGGER.info("Sentry web service is already stopped..."); - } - if (exception != null) { - exception.ifExceptionThrow(); - } - LOGGER.info("Stopped..."); - } - - // wait for the service thread to finish execution - public synchronized void waitOnFuture() throws ExecutionException, InterruptedException { - LOGGER.info("Waiting on future.get()"); - serviceStatus.get(); - } - - private MultiException addMultiException(MultiException exception, Exception e) { - MultiException newException = exception; - if (newException == null) { - newException = new MultiException(); - } - newException.add(e); - return newException; - } - - private boolean isWebServerRunning() { - return sentryWebServer != null - && sentryWebServer.isAlive(); - } - - private static int findFreePort() { - int attempts = 0; - while (attempts++ <= 1000) { - try { - ServerSocket s = new ServerSocket(0); - int port = s.getLocalPort(); - s.close(); - return port; - } catch (IOException e) { - // ignore and retry - } - } - throw new IllegalStateException("Unable to find a port after 1000 attempts"); - } - - public static Configuration loadConfig(String configFileName) - throws MalformedURLException { - File configFile = null; - if (configFileName == null) { - throw new IllegalArgumentException("Usage: " - + ServiceConstants.ServiceArgs.CONFIG_FILE_LONG - + " path/to/sentry-service.xml"); - } else if (!((configFile = new File(configFileName)).isFile() && configFile - .canRead())) { - throw new IllegalArgumentException("Cannot read configuration file " - + configFile); - } - Configuration conf = new Configuration(false); - conf.addResource(configFile.toURI().toURL()); - return conf; - } - - public static class CommandImpl implements Command { - @Override - public void run(String[] args) throws Exception { - CommandLineParser parser = new GnuParser(); - Options options = new Options(); - options.addOption(ServiceConstants.ServiceArgs.CONFIG_FILE_SHORT, - ServiceConstants.ServiceArgs.CONFIG_FILE_LONG, - true, "Sentry Service configuration file"); - CommandLine commandLine = parser.parse(options, args); - String configFileName = commandLine.getOptionValue(ServiceConstants. - ServiceArgs.CONFIG_FILE_LONG); - File configFile = null; - if (configFileName == null || commandLine.hasOption("h") || commandLine.hasOption("help")) { - // print usage - HelpFormatter formatter = new HelpFormatter(); - formatter.printHelp("sentry --command service", options); - System.exit(-1); - } else if(!((configFile = new File(configFileName)).isFile() && configFile.canRead())) { - throw new IllegalArgumentException("Cannot read configuration file " + configFile); - } - Configuration serverConf = loadConfig(configFileName); - final SentryService server = new SentryService(serverConf); - server.start(); - Runtime.getRuntime().addShutdownHook(new Thread() { - @Override - public void run() { - LOGGER.info("ShutdownHook shutting down server"); - try { - server.stop(); - } catch (Throwable t) { - LOGGER.error("Error stopping SentryService", t); - } - } - }); - - // Let's wait on the service to stop - try { - server.waitOnFuture(); - } finally { - server.serviceExecutor.shutdown(); - } - } - } - - public Configuration getConf() { - return conf; - } - - /** - * Add Thrift event handler to underlying thrift threadpool server - * @param eventHandler - */ - public void setThriftEventHandler(TServerEventHandler eventHandler) throws IllegalStateException { - if (thriftServer == null) { - throw new IllegalStateException("Server is not initialized or stopped"); - } - thriftServer.setServerEventHandler(eventHandler); - } - - public TServerEventHandler getThriftEventHandler() throws IllegalStateException { - if (thriftServer == null) { - throw new IllegalStateException("Server is not initialized or stopped"); - } - return thriftServer.getEventHandler(); - } -} http://git-wip-us.apache.org/repos/asf/sentry/blob/f1332300/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/service/thrift/SentryServiceClientFactory.java ---------------------------------------------------------------------- diff --git a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/service/thrift/SentryServiceClientFactory.java b/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/service/thrift/SentryServiceClientFactory.java deleted file mode 100644 index 48ee66a..0000000 --- a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/service/thrift/SentryServiceClientFactory.java +++ /dev/null @@ -1,52 +0,0 @@ -/** - * Licensed to the Apache Software Foundation (ASF) under one - * or more contributor license agreements. See the NOTICE file - * distributed with this work for additional information - * regarding copyright ownership. The ASF licenses this file - * to you under the Apache License, Version 2.0 (the - * "License"); you may not use this file except in compliance - * with the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -package org.apache.sentry.service.thrift; - -import java.lang.reflect.Proxy; - -import org.apache.hadoop.conf.Configuration; - -import org.apache.sentry.provider.db.service.thrift.SentryPolicyServiceClient; -import org.apache.sentry.provider.db.service.thrift.SentryPolicyServiceClientDefaultImpl; -import org.apache.sentry.service.thrift.ServiceConstants.ClientConfig; - -public final class SentryServiceClientFactory { - - private SentryServiceClientFactory() { - } - - public static SentryPolicyServiceClient create(Configuration conf) throws Exception { - boolean haEnabled = conf.getBoolean(ClientConfig.SERVER_HA_ENABLED, false); - boolean pooled = conf.getBoolean(ClientConfig.SENTRY_POOL_ENABLED, false); - if (pooled) { - return (SentryPolicyServiceClient) Proxy - .newProxyInstance(SentryPolicyServiceClientDefaultImpl.class.getClassLoader(), - SentryPolicyServiceClientDefaultImpl.class.getInterfaces(), - new PoolClientInvocationHandler(conf)); - } else if (haEnabled) { - return (SentryPolicyServiceClient) Proxy - .newProxyInstance(SentryPolicyServiceClientDefaultImpl.class.getClassLoader(), - SentryPolicyServiceClientDefaultImpl.class.getInterfaces(), - new HAClientInvocationHandler(conf)); - } else { - return new SentryPolicyServiceClientDefaultImpl(conf); - } - } - -} \ No newline at end of file http://git-wip-us.apache.org/repos/asf/sentry/blob/f1332300/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/service/thrift/SentryServiceClientPoolFactory.java ---------------------------------------------------------------------- diff --git a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/service/thrift/SentryServiceClientPoolFactory.java b/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/service/thrift/SentryServiceClientPoolFactory.java deleted file mode 100644 index 3a38b24..0000000 --- a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/service/thrift/SentryServiceClientPoolFactory.java +++ /dev/null @@ -1,78 +0,0 @@ -/** - * Licensed to the Apache Software Foundation (ASF) under one - * or more contributor license agreements. See the NOTICE file - * distributed with this work for additional information - * regarding copyright ownership. The ASF licenses this file - * to you under the Apache License, Version 2.0 (the - * "License"); you may not use this file except in compliance - * with the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -package org.apache.sentry.service.thrift; - -import java.lang.reflect.Proxy; - -import org.apache.commons.pool2.BasePooledObjectFactory; -import org.apache.commons.pool2.PooledObject; -import org.apache.commons.pool2.impl.DefaultPooledObject; -import org.apache.hadoop.conf.Configuration; -import org.apache.sentry.provider.db.service.thrift.SentryPolicyServiceClient; -import org.apache.sentry.provider.db.service.thrift.SentryPolicyServiceClientDefaultImpl; -import org.apache.sentry.service.thrift.ServiceConstants.ClientConfig; -import org.slf4j.Logger; -import org.slf4j.LoggerFactory; - -/** - * SentryServiceClientPoolFactory is for connection pool to manage the object. Implement the related - * method to create object, destroy object and wrap object. - */ - -public class SentryServiceClientPoolFactory extends BasePooledObjectFactory<SentryPolicyServiceClient> { - - private static final Logger LOGGER = LoggerFactory.getLogger(SentryServiceClientPoolFactory.class); - - private Configuration conf; - - public SentryServiceClientPoolFactory(Configuration conf) { - this.conf = conf; - } - - @Override - public SentryPolicyServiceClient create() throws Exception { - LOGGER.debug("Creating Sentry Service Client..."); - boolean haEnabled = conf.getBoolean(ClientConfig.SERVER_HA_ENABLED, false); - if (haEnabled) { - return (SentryPolicyServiceClient) Proxy - .newProxyInstance(SentryPolicyServiceClientDefaultImpl.class.getClassLoader(), - SentryPolicyServiceClientDefaultImpl.class.getInterfaces(), - new HAClientInvocationHandler(conf)); - } else { - return new SentryPolicyServiceClientDefaultImpl(conf); - } - } - - @Override - public PooledObject<SentryPolicyServiceClient> wrap(SentryPolicyServiceClient client) { - return new DefaultPooledObject<SentryPolicyServiceClient>(client); - } - - @Override - public void destroyObject(PooledObject<SentryPolicyServiceClient> pooledObject) { - SentryPolicyServiceClient client = pooledObject.getObject(); - LOGGER.debug("Destroying Sentry Service Client: " + client); - if (client != null) { - // The close() of TSocket or TSaslClientTransport is called actually, and there has no - // exception even there has some problems, eg, the client is closed already. - // The close here is just try to close the socket and the client will be destroyed soon. - client.close(); - } - } -} http://git-wip-us.apache.org/repos/asf/sentry/blob/f1332300/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/service/thrift/SentryServiceFactory.java ---------------------------------------------------------------------- diff --git a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/service/thrift/SentryServiceFactory.java b/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/service/thrift/SentryServiceFactory.java deleted file mode 100644 index 1685702..0000000 --- a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/service/thrift/SentryServiceFactory.java +++ /dev/null @@ -1,28 +0,0 @@ -/** - * Licensed to the Apache Software Foundation (ASF) under one - * or more contributor license agreements. See the NOTICE file - * distributed with this work for additional information - * regarding copyright ownership. The ASF licenses this file - * to you under the Apache License, Version 2.0 (the - * "License"); you may not use this file except in compliance - * with the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -package org.apache.sentry.service.thrift; -import org.apache.hadoop.conf.Configuration; - -public class SentryServiceFactory { - - public SentryService create(Configuration conf) throws Exception { - return new SentryService(conf); - } - -} \ No newline at end of file http://git-wip-us.apache.org/repos/asf/sentry/blob/f1332300/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/service/thrift/SentryServiceUtil.java ---------------------------------------------------------------------- diff --git a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/service/thrift/SentryServiceUtil.java b/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/service/thrift/SentryServiceUtil.java deleted file mode 100644 index ce73358..0000000 --- a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/service/thrift/SentryServiceUtil.java +++ /dev/null @@ -1,158 +0,0 @@ -/** - * Licensed to the Apache Software Foundation (ASF) under one - * or more contributor license agreements. See the NOTICE file - * distributed with this work for additional information - * regarding copyright ownership. The ASF licenses this file - * to you under the Apache License, Version 2.0 (the - * "License"); you may not use this file except in compliance - * with the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -package org.apache.sentry.service.thrift; - -import java.util.HashMap; -import java.util.List; -import java.util.Map; - -import org.apache.commons.lang.StringUtils; -import org.apache.sentry.core.common.utils.SentryConstants; -import org.apache.sentry.core.common.utils.KeyValue; -import org.apache.sentry.core.common.utils.PolicyFileConstants; -import org.apache.sentry.provider.db.service.thrift.TSentryGrantOption; -import org.apache.sentry.provider.db.service.thrift.TSentryPrivilege; -import org.apache.sentry.service.thrift.ServiceConstants.PrivilegeScope; - -import com.google.common.collect.Lists; - -public final class SentryServiceUtil { - - // parse the privilege in String and get the TSentryPrivilege as result - public static TSentryPrivilege convertToTSentryPrivilege(String privilegeStr) { - TSentryPrivilege tSentryPrivilege = new TSentryPrivilege(); - for (String authorizable : SentryConstants.AUTHORIZABLE_SPLITTER.split(privilegeStr)) { - KeyValue tempKV = new KeyValue(authorizable); - String key = tempKV.getKey(); - String value = tempKV.getValue(); - - if (PolicyFileConstants.PRIVILEGE_SERVER_NAME.equalsIgnoreCase(key)) { - tSentryPrivilege.setServerName(value); - } else if (PolicyFileConstants.PRIVILEGE_DATABASE_NAME.equalsIgnoreCase(key)) { - tSentryPrivilege.setDbName(value); - } else if (PolicyFileConstants.PRIVILEGE_TABLE_NAME.equalsIgnoreCase(key)) { - tSentryPrivilege.setTableName(value); - } else if (PolicyFileConstants.PRIVILEGE_COLUMN_NAME.equalsIgnoreCase(key)) { - tSentryPrivilege.setColumnName(value); - } else if (PolicyFileConstants.PRIVILEGE_URI_NAME.equalsIgnoreCase(key)) { - tSentryPrivilege.setURI(value); - } else if (PolicyFileConstants.PRIVILEGE_ACTION_NAME.equalsIgnoreCase(key)) { - tSentryPrivilege.setAction(value); - } else if (PolicyFileConstants.PRIVILEGE_GRANT_OPTION_NAME.equalsIgnoreCase(key)) { - TSentryGrantOption grantOption = "true".equalsIgnoreCase(value) ? TSentryGrantOption.TRUE - : TSentryGrantOption.FALSE; - tSentryPrivilege.setGrantOption(grantOption); - } - } - tSentryPrivilege.setPrivilegeScope(getPrivilegeScope(tSentryPrivilege)); - return tSentryPrivilege; - } - - /** - * Parse the object path from string to map. - * @param objectPath the string format as db=db1->table=tbl1 - * @return Map - */ - public static Map<String, String> parseObjectPath(String objectPath) { - Map<String, String> objectMap = new HashMap<String, String>(); - if (StringUtils.isEmpty(objectPath)) { - return objectMap; - } - for (String kvStr : SentryConstants.AUTHORIZABLE_SPLITTER.split(objectPath)) { - KeyValue kv = new KeyValue(kvStr); - String key = kv.getKey(); - String value = kv.getValue(); - - if (PolicyFileConstants.PRIVILEGE_DATABASE_NAME.equalsIgnoreCase(key)) { - objectMap.put(PolicyFileConstants.PRIVILEGE_DATABASE_NAME, value); - } else if (PolicyFileConstants.PRIVILEGE_TABLE_NAME.equalsIgnoreCase(key)) { - objectMap.put(PolicyFileConstants.PRIVILEGE_TABLE_NAME, value); - } - } - return objectMap; - } - - // for the different hierarchy for hive: - // 1: server->url - // 2: server->database->table->column - // if both of them are found in the privilege string, the privilege scope will be set as - // PrivilegeScope.URI - public static String getPrivilegeScope(TSentryPrivilege tSentryPrivilege) { - PrivilegeScope privilegeScope = PrivilegeScope.SERVER; - if (!StringUtils.isEmpty(tSentryPrivilege.getURI())) { - privilegeScope = PrivilegeScope.URI; - } else if (!StringUtils.isEmpty(tSentryPrivilege.getColumnName())) { - privilegeScope = PrivilegeScope.COLUMN; - } else if (!StringUtils.isEmpty(tSentryPrivilege.getTableName())) { - privilegeScope = PrivilegeScope.TABLE; - } else if (!StringUtils.isEmpty(tSentryPrivilege.getDbName())) { - privilegeScope = PrivilegeScope.DATABASE; - } - return privilegeScope.toString(); - } - - // convert TSentryPrivilege to privilege in string - public static String convertTSentryPrivilegeToStr(TSentryPrivilege tSentryPrivilege) { - List<String> privileges = Lists.newArrayList(); - if (tSentryPrivilege != null) { - String serverName = tSentryPrivilege.getServerName(); - String dbName = tSentryPrivilege.getDbName(); - String tableName = tSentryPrivilege.getTableName(); - String columnName = tSentryPrivilege.getColumnName(); - String uri = tSentryPrivilege.getURI(); - String action = tSentryPrivilege.getAction(); - String grantOption = (tSentryPrivilege.getGrantOption() == TSentryGrantOption.TRUE ? "true" - : "false"); - if (!StringUtils.isEmpty(serverName)) { - privileges.add(SentryConstants.KV_JOINER.join(PolicyFileConstants.PRIVILEGE_SERVER_NAME, - serverName)); - if (!StringUtils.isEmpty(uri)) { - privileges.add(SentryConstants.KV_JOINER.join(PolicyFileConstants.PRIVILEGE_URI_NAME, - uri)); - } else if (!StringUtils.isEmpty(dbName)) { - privileges.add(SentryConstants.KV_JOINER.join( - PolicyFileConstants.PRIVILEGE_DATABASE_NAME, dbName)); - if (!StringUtils.isEmpty(tableName)) { - privileges.add(SentryConstants.KV_JOINER.join( - PolicyFileConstants.PRIVILEGE_TABLE_NAME, tableName)); - if (!StringUtils.isEmpty(columnName)) { - privileges.add(SentryConstants.KV_JOINER.join( - PolicyFileConstants.PRIVILEGE_COLUMN_NAME, columnName)); - } - } - } - if (!StringUtils.isEmpty(action)) { - privileges.add(SentryConstants.KV_JOINER.join( - PolicyFileConstants.PRIVILEGE_ACTION_NAME, action)); - } - } - // only append the grant option to privilege string if it's true - if ("true".equals(grantOption)) { - privileges.add(SentryConstants.KV_JOINER.join( - PolicyFileConstants.PRIVILEGE_GRANT_OPTION_NAME, grantOption)); - } - } - return SentryConstants.AUTHORIZABLE_JOINER.join(privileges); - } - - private SentryServiceUtil() { - // Make constructor private to avoid instantiation - } - -} http://git-wip-us.apache.org/repos/asf/sentry/blob/f1332300/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/service/thrift/ServiceConstants.java ---------------------------------------------------------------------- diff --git a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/service/thrift/ServiceConstants.java b/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/service/thrift/ServiceConstants.java deleted file mode 100644 index 32a4044..0000000 --- a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/service/thrift/ServiceConstants.java +++ /dev/null @@ -1,261 +0,0 @@ -/** - * Licensed to the Apache Software Foundation (ASF) under one - * or more contributor license agreements. See the NOTICE file - * distributed with this work for additional information - * regarding copyright ownership. The ASF licenses this file - * to you under the Apache License, Version 2.0 (the - * "License"); you may not use this file except in compliance - * with the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ -package org.apache.sentry.service.thrift; - -import java.util.HashMap; -import java.util.Map; - -import javax.security.sasl.Sasl; - -import org.apache.sentry.provider.db.service.thrift.SentryMetrics; - -import com.google.common.base.Splitter; -import com.google.common.collect.ImmutableMap; - -public class ServiceConstants { - - private static final ImmutableMap<String, String> SASL_PROPERTIES; - - static { - Map<String, String> saslProps = new HashMap<String, String>(); - saslProps.put(Sasl.SERVER_AUTH, "true"); - saslProps.put(Sasl.QOP, "auth-conf"); - SASL_PROPERTIES = ImmutableMap.copyOf(saslProps); - } - - public static class ConfUtilties { - public static final Splitter CLASS_SPLITTER = Splitter.onPattern("[\\s,]") - .trimResults().omitEmptyStrings(); - } - public static class ServiceArgs { - public static final String CONFIG_FILE_SHORT = "c"; - public static final String CONFIG_FILE_LONG = "conffile"; - } - - public static class ServerConfig { - public static final ImmutableMap<String, String> SASL_PROPERTIES = ServiceConstants.SASL_PROPERTIES; - /** - * This configuration parameter is only meant to be used for testing purposes. - */ - public static final String SECURITY_MODE = "sentry.service.security.mode"; - public static final String SECURITY_MODE_KERBEROS = "kerberos"; - public static final String SECURITY_MODE_NONE = "none"; - public static final String SECURITY_USE_UGI_TRANSPORT = "sentry.service.security.use.ugi"; - public static final String ADMIN_GROUPS = "sentry.service.admin.group"; - public static final String PRINCIPAL = "sentry.service.server.principal"; - public static final String KEY_TAB = "sentry.service.server.keytab"; - public static final String RPC_PORT = "sentry.service.server.rpc-port"; - public static final int RPC_PORT_DEFAULT = 8038; - public static final String RPC_ADDRESS = "sentry.service.server.rpc-address"; - public static final String RPC_ADDRESS_DEFAULT = "0.0.0.0"; //NOPMD - public static final String RPC_MAX_THREADS = "sentry.service.server-max-threads"; - public static final int RPC_MAX_THREADS_DEFAULT = 500; - public static final String RPC_MIN_THREADS = "sentry.service.server-min-threads"; - public static final int RPC_MIN_THREADS_DEFAULT = 10; - public static final String ALLOW_CONNECT = "sentry.service.allow.connect"; - - public static final String SENTRY_POLICY_STORE_PLUGINS = "sentry.policy.store.plugins"; - public static final String SENTRY_POLICY_STORE_PLUGINS_DEFAULT = ""; - - public static final String SENTRY_METASTORE_PLUGINS = "sentry.metastore.plugins"; - public static final String SENTRY_METASTORE_PLUGINS_DEFAULT = ""; - - public static final String PROCESSOR_FACTORIES = "sentry.service.processor.factories"; - public static final String PROCESSOR_FACTORIES_DEFAULT = - "org.apache.sentry.provider.db.service.thrift.SentryPolicyStoreProcessorFactory" + - ",org.apache.sentry.provider.db.generic.service.thrift.SentryGenericPolicyProcessorFactory"; - public static final String SENTRY_STORE_JDBC_URL = "sentry.store.jdbc.url"; - public static final String SENTRY_STORE_JDBC_USER = "sentry.store.jdbc.user"; - public static final String SENTRY_STORE_JDBC_USER_DEFAULT = "Sentry"; - public static final String SENTRY_STORE_JDBC_PASS = "sentry.store.jdbc.password"; - public static final String SENTRY_STORE_JDBC_DRIVER = "sentry.store.jdbc.driver"; - public static final String SENTRY_STORE_JDBC_DRIVER_DEFAULT = "org.apache.derby.jdbc.EmbeddedDriver"; - - public static final String JAVAX_JDO_URL = "javax.jdo.option.ConnectionURL"; - public static final String JAVAX_JDO_USER = "javax.jdo.option.ConnectionUserName"; - public static final String JAVAX_JDO_PASS = "javax.jdo.option.ConnectionPassword"; - public static final String JAVAX_JDO_DRIVER_NAME = "javax.jdo.option.ConnectionDriverName"; - - public static final String SENTRY_DB_PROPERTY_PREFIX = "sentry."; - public static final String SENTRY_JAVAX_JDO_PROPERTY_PREFIX = SENTRY_DB_PROPERTY_PREFIX + "javax.jdo"; - public static final String SENTRY_DATANUCLEUS_PROPERTY_PREFIX = SENTRY_DB_PROPERTY_PREFIX + "datanucleus"; - - public static final String SENTRY_VERIFY_SCHEM_VERSION = "sentry.verify.schema.version"; - public static final String SENTRY_VERIFY_SCHEM_VERSION_DEFAULT = "true"; - - public static final String SENTRY_SERVICE_NAME = "sentry.service.name"; - public static final String SENTRY_SERVICE_NAME_DEFAULT = "Sentry-Service"; - - public static final String SENTRY_STORE_GROUP_MAPPING = "sentry.store.group.mapping"; - public static final String SENTRY_STORE_GROUP_MAPPING_RESOURCE = "sentry.store.group.mapping.resource"; - public static final String SENTRY_STORE_HADOOP_GROUP_MAPPING = "org.apache.sentry.provider.common.HadoopGroupMappingService"; - public static final String SENTRY_STORE_LOCAL_GROUP_MAPPING = "org.apache.sentry.provider.file.LocalGroupMappingService"; - public static final String SENTRY_STORE_GROUP_MAPPING_DEFAULT = SENTRY_STORE_HADOOP_GROUP_MAPPING; - - public static final String SENTRY_STORE_ORPHANED_PRIVILEGE_REMOVAL = "sentry.store.orphaned.privilege.removal"; - public static final String SENTRY_STORE_ORPHANED_PRIVILEGE_REMOVAL_DEFAULT = "false"; - public static final String SENTRY_HA_ENABLED = "sentry.ha.enabled"; - public static final boolean SENTRY_HA_ENABLED_DEFAULT = false; - public static final String SENTRY_HA_ZK_PROPERTY_PREFIX = "sentry.ha.zookeeper."; - public static final String SENTRY_HA_ZOOKEEPER_SECURITY = SENTRY_HA_ZK_PROPERTY_PREFIX + "security"; - public static final boolean SENTRY_HA_ZOOKEEPER_SECURITY_DEFAULT = false; - public static final String SENTRY_HA_ZOOKEEPER_QUORUM = SENTRY_HA_ZK_PROPERTY_PREFIX + "quorum"; - public static final String SENTRY_HA_ZOOKEEPER_QUORUM_DEFAULT = "localhost:2181"; - public static final String SENTRY_HA_ZOOKEEPER_RETRIES_MAX_COUNT = SENTRY_HA_ZK_PROPERTY_PREFIX + "session.retries.max.count"; - public static final int SENTRY_HA_ZOOKEEPER_RETRIES_MAX_COUNT_DEFAULT = 3; - public static final String SENTRY_HA_ZOOKEEPER_SLEEP_BETWEEN_RETRIES_MS = SENTRY_HA_ZK_PROPERTY_PREFIX + "session.sleep.between.retries.ms"; - public static final int SENTRY_HA_ZOOKEEPER_SLEEP_BETWEEN_RETRIES_MS_DEFAULT = 100; - public static final String SENTRY_HA_ZOOKEEPER_NAMESPACE = SENTRY_HA_ZK_PROPERTY_PREFIX + "namespace"; - public static final String SENTRY_HA_ZOOKEEPER_NAMESPACE_DEFAULT = "sentry"; - // principal and keytab for client to be able to connect to secure ZK. Needed for Sentry HA with secure ZK - public static final String SERVER_HA_ZOOKEEPER_CLIENT_PRINCIPAL = "sentry.zookeeper.client.principal"; - public static final String SERVER_HA_ZOOKEEPER_CLIENT_KEYTAB = "sentry.zookeeper.client.keytab"; - public static final String SERVER_HA_ZOOKEEPER_CLIENT_TICKET_CACHE = "sentry.zookeeper.client.ticketcache"; - public static final String SERVER_HA_ZOOKEEPER_CLIENT_TICKET_CACHE_DEFAULT = "false"; - public static final ImmutableMap<String, String> SENTRY_STORE_DEFAULTS = - ImmutableMap.<String, String>builder() - .put("datanucleus.connectionPoolingType", "BoneCP") - .put("datanucleus.validateTables", "false") - .put("datanucleus.validateColumns", "false") - .put("datanucleus.validateConstraints", "false") - .put("datanucleus.storeManagerType", "rdbms") - .put("datanucleus.schema.autoCreateAll", "true") - .put("datanucleus.autoCreateSchema", "false") - .put("datanucleus.fixedDatastore", "true") - .put("datanucleus.autoStartMechanismMode", "checked") - .put("datanucleus.transactionIsolation", "read-committed") - .put("datanucleus.cache.level2", "false") - .put("datanucleus.cache.level2.type", "none") - .put("datanucleus.identifierFactory", "datanucleus1") - .put("datanucleus.rdbms.useLegacyNativeValueStrategy", "true") - .put("datanucleus.plugin.pluginRegistryBundleCheck", "LOG") - .put("javax.jdo.PersistenceManagerFactoryClass", - "org.datanucleus.api.jdo.JDOPersistenceManagerFactory") - .put("javax.jdo.option.DetachAllOnCommit", "true") - .put("javax.jdo.option.NonTransactionalRead", "false") - .put("javax.jdo.option.NonTransactionalWrite", "false") - .put("javax.jdo.option.Multithreaded", "true") - .build(); - - public static final String SENTRY_WEB_ENABLE = "sentry.service.web.enable"; - public static final Boolean SENTRY_WEB_ENABLE_DEFAULT = false; - public static final String SENTRY_WEB_PORT = "sentry.service.web.port"; - public static final int SENTRY_WEB_PORT_DEFAULT = 29000; - public static final String SENTRY_REPORTER = "sentry.service.reporter"; - public static final String SENTRY_REPORTER_JMX = SentryMetrics.Reporting.JMX.name(); //case insensitive - public static final String SENTRY_REPORTER_CONSOLE = SentryMetrics.Reporting.CONSOLE.name();//case insensitive - - // Web SSL - public static final String SENTRY_WEB_USE_SSL = "sentry.web.use.ssl"; - public static final String SENTRY_WEB_SSL_KEYSTORE_PATH = "sentry.web.ssl.keystore.path"; - public static final String SENTRY_WEB_SSL_KEYSTORE_PASSWORD = "sentry.web.ssl.keystore.password"; - public static final String SENTRY_SSL_PROTOCOL_BLACKLIST = "sentry.ssl.protocol.blacklist"; - // Blacklist SSL protocols that are not secure (e.g., POODLE vulnerability) - public static final String[] SENTRY_SSL_PROTOCOL_BLACKLIST_DEFAULT = {"SSLv2", "SSLv2Hello", "SSLv3"}; - - // Web Security - public static final String SENTRY_WEB_SECURITY_PREFIX = "sentry.service.web.authentication"; - public static final String SENTRY_WEB_SECURITY_TYPE = SENTRY_WEB_SECURITY_PREFIX + ".type"; - public static final String SENTRY_WEB_SECURITY_TYPE_NONE = "NONE"; - public static final String SENTRY_WEB_SECURITY_TYPE_KERBEROS = "KERBEROS"; - public static final String SENTRY_WEB_SECURITY_PRINCIPAL = SENTRY_WEB_SECURITY_PREFIX + ".kerberos.principal"; - public static final String SENTRY_WEB_SECURITY_KEYTAB = SENTRY_WEB_SECURITY_PREFIX + ".kerberos.keytab"; - public static final String SENTRY_WEB_SECURITY_ALLOW_CONNECT_USERS = SENTRY_WEB_SECURITY_PREFIX + ".allow.connect.users"; - - // max message size for thrift messages - public static final String SENTRY_POLICY_SERVER_THRIFT_MAX_MESSAGE_SIZE = "sentry.policy.server.thrift.max.message.size"; - public static final long SENTRY_POLICY_SERVER_THRIFT_MAX_MESSAGE_SIZE_DEFAULT = 100 * 1024 * 1024; - - // action factories for external components - public static final String SENTRY_COMPONENT_ACTION_FACTORY_FORMAT = "sentry.%s.action.factory"; - - // Sentry is never a client to other Kerberos Services, it should not be required to renew the TGT - @Deprecated - public static final String SENTRY_KERBEROS_TGT_AUTORENEW = "sentry.service.kerberos.tgt.autorenew"; - @Deprecated - public static final Boolean SENTRY_KERBEROS_TGT_AUTORENEW_DEFAULT = false; - } - - public static class ClientConfig { - public static final ImmutableMap<String, String> SASL_PROPERTIES = ServiceConstants.SASL_PROPERTIES; - public static final String SERVER_RPC_PORT = "sentry.service.client.server.rpc-port"; - public static final int SERVER_RPC_PORT_DEFAULT = ServerConfig.RPC_PORT_DEFAULT; - public static final String SERVER_RPC_ADDRESS = "sentry.service.client.server.rpc-address"; - public static final String SERVER_RPC_CONN_TIMEOUT = "sentry.service.client.server.rpc-connection-timeout"; - public static final int SERVER_RPC_CONN_TIMEOUT_DEFAULT = 200000; - - // HA configuration - public static final String SERVER_HA_ENABLED = "sentry.ha.enabled"; - public static final boolean SERVER_HA_ENABLED_DEFAULT = ServerConfig.SENTRY_HA_ENABLED_DEFAULT; - public static final String SENTRY_HA_ZOOKEEPER_QUORUM = ServerConfig.SENTRY_HA_ZOOKEEPER_QUORUM; - public static final String SERVER_HA_ZOOKEEPER_QUORUM_DEFAULT = ServerConfig.SENTRY_HA_ZOOKEEPER_QUORUM_DEFAULT; - public static final String SENTRY_HA_ZOOKEEPER_NAMESPACE = ServerConfig.SENTRY_HA_ZOOKEEPER_NAMESPACE; - public static final String SERVER_HA_ZOOKEEPER_NAMESPACE_DEFAULT = ServerConfig.SENTRY_HA_ZOOKEEPER_NAMESPACE_DEFAULT; - - // connection pool configuration - public static final String SENTRY_POOL_ENABLED = "sentry.service.client.connection.pool.enabled"; - public static final boolean SENTRY_POOL_ENABLED_DEFAULT = false; - - // commons-pool configuration for pool size - public static final String SENTRY_POOL_MAX_TOTAL = "sentry.service.client.connection.pool.max-total"; - public static final int SENTRY_POOL_MAX_TOTAL_DEFAULT = 8; - public static final String SENTRY_POOL_MAX_IDLE = "sentry.service.client.connection.pool.max-idle"; - public static final int SENTRY_POOL_MAX_IDLE_DEFAULT = 8; - public static final String SENTRY_POOL_MIN_IDLE = "sentry.service.client.connection.pool.min-idle"; - public static final int SENTRY_POOL_MIN_IDLE_DEFAULT = 0; - - // retry num for getting the connection from connection pool - public static final String SENTRY_POOL_RETRY_TOTAL = "sentry.service.client.connection.pool.retry-total"; - public static final int SENTRY_POOL_RETRY_TOTAL_DEFAULT = 3; - - // max message size for thrift messages - public static final String SENTRY_POLICY_CLIENT_THRIFT_MAX_MESSAGE_SIZE = "sentry.policy.client.thrift.max.message.size"; - public static final long SENTRY_POLICY_CLIENT_THRIFT_MAX_MESSAGE_SIZE_DEFAULT = 100 * 1024 * 1024; - - // client retry settings - public static final String RETRY_COUNT_CONF = "sentry.provider.backend.db.retry.count"; - public static final int RETRY_COUNT_DEFAULT = 3; - public static final String RETRY_INTERVAL_SEC_CONF = "sentry.provider.backend.db.retry.interval.seconds"; - public static final int RETRY_INTERVAL_SEC_DEFAULT = 30; - - // provider backend cache settings - public static final String ENABLE_CACHING = "sentry.provider.backend.generic.cache.enabled"; - public static final boolean ENABLE_CACHING_DEFAULT = false; - public static final String CACHE_TTL_MS = "sentry.provider.backend.generic.cache.ttl.ms"; - public static final long CACHING_TTL_MS_DEFAULT = 30000; - public static final String CACHE_UPDATE_FAILURES_BEFORE_PRIV_REVOKE = "sentry.provider.backend.generic.cache.update.failures.count"; - public static final int CACHE_UPDATE_FAILURES_BEFORE_PRIV_REVOKE_DEFAULT = 3; - public static final String PRIVILEGE_CONVERTER = "sentry.provider.backend.generic.privilege.converter"; - } - - /** - * Thrift generates terrible constant class names - */ - public static class ThriftConstants extends org.apache.sentry.service.thrift.sentry_common_serviceConstants { - public static final int TSENTRY_SERVICE_VERSION_CURRENT = TSENTRY_SERVICE_V2; - } - - /* Privilege operation scope */ - public static enum PrivilegeScope { - SERVER, - URI, - DATABASE, - TABLE, - COLUMN - } -} http://git-wip-us.apache.org/repos/asf/sentry/blob/f1332300/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/service/thrift/Status.java ---------------------------------------------------------------------- diff --git a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/service/thrift/Status.java b/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/service/thrift/Status.java deleted file mode 100644 index e9cc411..0000000 --- a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/service/thrift/Status.java +++ /dev/null @@ -1,132 +0,0 @@ -/** - * Licensed to the Apache Software Foundation (ASF) under one - * or more contributor license agreements. See the NOTICE file - * distributed with this work for additional information - * regarding copyright ownership. The ASF licenses this file - * to you under the Apache License, Version 2.0 (the - * "License"); you may not use this file except in compliance - * with the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ -package org.apache.sentry.service.thrift; - -import java.io.PrintWriter; -import java.io.StringWriter; - -import javax.annotation.Nullable; - -import org.apache.sentry.core.common.exception.SentryUserException; -import org.apache.sentry.core.common.exception.SentryAccessDeniedException; -import org.apache.sentry.core.common.exception.SentryAlreadyExistsException; -import org.apache.sentry.core.common.exception.SentryInvalidInputException; -import org.apache.sentry.core.common.exception.SentryNoSuchObjectException; -import org.apache.sentry.core.common.exception.SentryThriftAPIMismatchException; -import org.apache.sentry.service.thrift.ServiceConstants.ThriftConstants; - -/** - * Simple factory to make returning TSentryStatus objects easy - */ -public enum Status { - OK(ThriftConstants.TSENTRY_STATUS_OK), - ALREADY_EXISTS(ThriftConstants.TSENTRY_STATUS_ALREADY_EXISTS), - NO_SUCH_OBJECT(ThriftConstants.TSENTRY_STATUS_NO_SUCH_OBJECT), - RUNTIME_ERROR(ThriftConstants.TSENTRY_STATUS_RUNTIME_ERROR), - INVALID_INPUT(ThriftConstants.TSENTRY_STATUS_INVALID_INPUT), - ACCESS_DENIED(ThriftConstants.TSENTRY_STATUS_ACCESS_DENIED), - THRIFT_VERSION_MISMATCH(ThriftConstants.TSENTRY_STATUS_THRIFT_VERSION_MISMATCH), - UNKNOWN(-1) - ; - private int code; - private Status(int code) { - this.code = code; - } - public int getCode() { - return code; - } - public static Status fromCode(int code) { - for (Status status : Status.values()) { - if (status.getCode() == code) { - return status; - } - } - return Status.UNKNOWN; - } - public static TSentryResponseStatus OK() { - return Create(Status.OK, ""); - } - public static TSentryResponseStatus AccessDenied(String message, Throwable t) { - return Create(Status.ACCESS_DENIED, message, t); - } - public static TSentryResponseStatus AlreadyExists(String message, Throwable t) { - return Create(Status.ALREADY_EXISTS, message, t); - } - public static TSentryResponseStatus NoSuchObject(String message, Throwable t) { - return Create(Status.NO_SUCH_OBJECT, message, t); - } - public static TSentryResponseStatus RuntimeError(String message, Throwable t) { - return Create(Status.RUNTIME_ERROR, message, t); - } - public static TSentryResponseStatus Create(Status value, String message) { - return Create(value, message, null); - } - public static TSentryResponseStatus InvalidInput(String message, Throwable t) { - return Create(Status.INVALID_INPUT, message, t); - } - public static TSentryResponseStatus THRIFT_VERSION_MISMATCH(String message, Throwable t) { - return Create(Status.THRIFT_VERSION_MISMATCH, message, t); - } - public static TSentryResponseStatus Create(Status value, String message, @Nullable Throwable t) { - TSentryResponseStatus status = new TSentryResponseStatus(); - status.setValue(value.getCode()); - status.setMessage(message); - if (t != null) { - StringWriter stringWriter = new StringWriter(); - PrintWriter printWriter = new PrintWriter(stringWriter); - t.printStackTrace(printWriter); - printWriter.close(); - status.setStack(stringWriter.toString()); - } - return status; - } - public static void throwIfNotOk(TSentryResponseStatus thriftStatus) - throws SentryUserException { - Status status = Status.fromCode(thriftStatus.getValue()); - switch(status) { - case OK: - break; - case ALREADY_EXISTS: - throw new SentryAlreadyExistsException(serverErrorToString(thriftStatus), thriftStatus.getMessage()); - case NO_SUCH_OBJECT: - throw new SentryNoSuchObjectException(serverErrorToString(thriftStatus), thriftStatus.getMessage()); - case RUNTIME_ERROR: - throw new RuntimeException(serverErrorToString(thriftStatus)); - case INVALID_INPUT: - throw new SentryInvalidInputException(serverErrorToString(thriftStatus), thriftStatus.getMessage()); - case ACCESS_DENIED: - throw new SentryAccessDeniedException(serverErrorToString(thriftStatus), thriftStatus.getMessage()); - case THRIFT_VERSION_MISMATCH: - throw new SentryThriftAPIMismatchException(serverErrorToString(thriftStatus), thriftStatus.getMessage()); - case UNKNOWN: - throw new AssertionError(serverErrorToString(thriftStatus)); - default: - throw new AssertionError("Unknown status code: " + status + ". Msg: " + - serverErrorToString(thriftStatus)); - } - } - - private static String serverErrorToString(TSentryResponseStatus thriftStatus) { - String msg = thriftStatus.getMessage(); - String stack = thriftStatus.getStack(); - if (stack == null) { - return msg; - } - return msg + ". Server Stacktrace: " + stack; - } -} \ No newline at end of file http://git-wip-us.apache.org/repos/asf/sentry/blob/f1332300/sentry-provider/sentry-provider-db/src/main/resources/001-SENTRY-327.derby.sql ---------------------------------------------------------------------- diff --git a/sentry-provider/sentry-provider-db/src/main/resources/001-SENTRY-327.derby.sql b/sentry-provider/sentry-provider-db/src/main/resources/001-SENTRY-327.derby.sql deleted file mode 100644 index 04353d1..0000000 --- a/sentry-provider/sentry-provider-db/src/main/resources/001-SENTRY-327.derby.sql +++ /dev/null @@ -1,2 +0,0 @@ --- SENTRY-327 -ALTER TABLE SENTRY_DB_PRIVILEGE ADD COLUMN WITH_GRANT_OPTION CHAR(1) NOT NULL DEFAULT 'N'; http://git-wip-us.apache.org/repos/asf/sentry/blob/f1332300/sentry-provider/sentry-provider-db/src/main/resources/001-SENTRY-327.mysql.sql ---------------------------------------------------------------------- diff --git a/sentry-provider/sentry-provider-db/src/main/resources/001-SENTRY-327.mysql.sql b/sentry-provider/sentry-provider-db/src/main/resources/001-SENTRY-327.mysql.sql deleted file mode 100644 index 7d96bc0..0000000 --- a/sentry-provider/sentry-provider-db/src/main/resources/001-SENTRY-327.mysql.sql +++ /dev/null @@ -1,2 +0,0 @@ --- SENTRY-327 -ALTER TABLE `SENTRY_DB_PRIVILEGE` ADD `WITH_GRANT_OPTION` CHAR(1) NOT NULL DEFAULT 'N'; http://git-wip-us.apache.org/repos/asf/sentry/blob/f1332300/sentry-provider/sentry-provider-db/src/main/resources/001-SENTRY-327.oracle.sql ---------------------------------------------------------------------- diff --git a/sentry-provider/sentry-provider-db/src/main/resources/001-SENTRY-327.oracle.sql b/sentry-provider/sentry-provider-db/src/main/resources/001-SENTRY-327.oracle.sql deleted file mode 100644 index f42ccdf..0000000 --- a/sentry-provider/sentry-provider-db/src/main/resources/001-SENTRY-327.oracle.sql +++ /dev/null @@ -1,2 +0,0 @@ --- SENTRY-327 -ALTER TABLE SENTRY_DB_PRIVILEGE ADD WITH_GRANT_OPTION CHAR(1) DEFAULT 'N' NOT NULL; http://git-wip-us.apache.org/repos/asf/sentry/blob/f1332300/sentry-provider/sentry-provider-db/src/main/resources/001-SENTRY-327.postgres.sql ---------------------------------------------------------------------- diff --git a/sentry-provider/sentry-provider-db/src/main/resources/001-SENTRY-327.postgres.sql b/sentry-provider/sentry-provider-db/src/main/resources/001-SENTRY-327.postgres.sql deleted file mode 100644 index 1b670ec..0000000 --- a/sentry-provider/sentry-provider-db/src/main/resources/001-SENTRY-327.postgres.sql +++ /dev/null @@ -1,2 +0,0 @@ --- SENTRY-327 -ALTER TABLE "SENTRY_DB_PRIVILEGE" ADD COLUMN "WITH_GRANT_OPTION" CHAR(1) NOT NULL DEFAULT 'N'; http://git-wip-us.apache.org/repos/asf/sentry/blob/f1332300/sentry-provider/sentry-provider-db/src/main/resources/002-SENTRY-339.derby.sql ---------------------------------------------------------------------- diff --git a/sentry-provider/sentry-provider-db/src/main/resources/002-SENTRY-339.derby.sql b/sentry-provider/sentry-provider-db/src/main/resources/002-SENTRY-339.derby.sql deleted file mode 100644 index 647e9e2..0000000 --- a/sentry-provider/sentry-provider-db/src/main/resources/002-SENTRY-339.derby.sql +++ /dev/null @@ -1,13 +0,0 @@ --- SENTRY-339 -DROP INDEX SENTRYPRIVILEGENAME; -CREATE UNIQUE INDEX SENTRYPRIVILEGENAME ON SENTRY_DB_PRIVILEGE ("SERVER_NAME",DB_NAME,"TABLE_NAME",URI,"ACTION",WITH_GRANT_OPTION); - -ALTER TABLE SENTRY_DB_PRIVILEGE DROP COLUMN PRIVILEGE_NAME; - -ALTER TABLE SENTRY_DB_PRIVILEGE ALTER COLUMN DB_NAME SET DEFAULT '__NULL__'; -ALTER TABLE SENTRY_DB_PRIVILEGE ALTER COLUMN TABLE_NAME SET DEFAULT '__NULL__'; -ALTER TABLE SENTRY_DB_PRIVILEGE ALTER COLUMN URI SET DEFAULT '__NULL__'; - -UPDATE SENTRY_DB_PRIVILEGE SET DB_NAME = DEFAULT WHERE DB_NAME is null; -UPDATE SENTRY_DB_PRIVILEGE SET TABLE_NAME = DEFAULT WHERE TABLE_NAME is null; -UPDATE SENTRY_DB_PRIVILEGE SET URI = DEFAULT WHERE URI is null; http://git-wip-us.apache.org/repos/asf/sentry/blob/f1332300/sentry-provider/sentry-provider-db/src/main/resources/002-SENTRY-339.mysql.sql ---------------------------------------------------------------------- diff --git a/sentry-provider/sentry-provider-db/src/main/resources/002-SENTRY-339.mysql.sql b/sentry-provider/sentry-provider-db/src/main/resources/002-SENTRY-339.mysql.sql deleted file mode 100644 index cd4ec7c..0000000 --- a/sentry-provider/sentry-provider-db/src/main/resources/002-SENTRY-339.mysql.sql +++ /dev/null @@ -1,13 +0,0 @@ --- SENTRY-339 -ALTER TABLE `SENTRY_DB_PRIVILEGE` DROP INDEX `SENTRY_DB_PRIV_PRIV_NAME_UNIQ`; -ALTER TABLE `SENTRY_DB_PRIVILEGE` ADD UNIQUE `SENTRY_DB_PRIV_PRIV_NAME_UNIQ` (`SERVER_NAME`,`DB_NAME`,`TABLE_NAME`,`URI`(250),`ACTION`,`WITH_GRANT_OPTION`); -ALTER TABLE `SENTRY_DB_PRIVILEGE` DROP `PRIVILEGE_NAME`; - -ALTER TABLE SENTRY_DB_PRIVILEGE ALTER COLUMN DB_NAME SET DEFAULT '__NULL__'; -ALTER TABLE SENTRY_DB_PRIVILEGE ALTER COLUMN TABLE_NAME SET DEFAULT '__NULL__'; -ALTER TABLE SENTRY_DB_PRIVILEGE ALTER COLUMN URI SET DEFAULT '__NULL__'; - -UPDATE SENTRY_DB_PRIVILEGE SET DB_NAME = DEFAULT WHERE DB_NAME is null; -UPDATE SENTRY_DB_PRIVILEGE SET TABLE_NAME = DEFAULT WHERE TABLE_NAME is null; -UPDATE SENTRY_DB_PRIVILEGE SET URI = DEFAULT WHERE URI is null; - http://git-wip-us.apache.org/repos/asf/sentry/blob/f1332300/sentry-provider/sentry-provider-db/src/main/resources/002-SENTRY-339.oracle.sql ---------------------------------------------------------------------- diff --git a/sentry-provider/sentry-provider-db/src/main/resources/002-SENTRY-339.oracle.sql b/sentry-provider/sentry-provider-db/src/main/resources/002-SENTRY-339.oracle.sql deleted file mode 100644 index f5f596d..0000000 --- a/sentry-provider/sentry-provider-db/src/main/resources/002-SENTRY-339.oracle.sql +++ /dev/null @@ -1,13 +0,0 @@ --- SENTRY-339 -ALTER TABLE SENTRY_DB_PRIVILEGE DROP CONSTRAINT "SENTRY_DB_PRIV_PRIV_NAME_UNIQ" DROP INDEX; -ALTER TABLE SENTRY_DB_PRIVILEGE ADD CONSTRAINT "SENTRY_DB_PRIV_PRIV_NAME_UNIQ" UNIQUE ("SERVER_NAME","DB_NAME","TABLE_NAME","URI","ACTION","WITH_GRANT_OPTION"); -ALTER TABLE SENTRY_DB_PRIVILEGE DROP COLUMN PRIVILEGE_NAME; - -ALTER TABLE SENTRY_DB_PRIVILEGE MODIFY DB_NAME DEFAULT '__NULL__'; -ALTER TABLE SENTRY_DB_PRIVILEGE MODIFY TABLE_NAME DEFAULT '__NULL__'; -ALTER TABLE SENTRY_DB_PRIVILEGE MODIFY URI DEFAULT '__NULL__'; - -UPDATE SENTRY_DB_PRIVILEGE SET DB_NAME = DEFAULT WHERE DB_NAME is null; -UPDATE SENTRY_DB_PRIVILEGE SET TABLE_NAME = DEFAULT WHERE TABLE_NAME is null; -UPDATE SENTRY_DB_PRIVILEGE SET URI = DEFAULT WHERE URI is null; - http://git-wip-us.apache.org/repos/asf/sentry/blob/f1332300/sentry-provider/sentry-provider-db/src/main/resources/002-SENTRY-339.postgres.sql ---------------------------------------------------------------------- diff --git a/sentry-provider/sentry-provider-db/src/main/resources/002-SENTRY-339.postgres.sql b/sentry-provider/sentry-provider-db/src/main/resources/002-SENTRY-339.postgres.sql deleted file mode 100644 index 458e447..0000000 --- a/sentry-provider/sentry-provider-db/src/main/resources/002-SENTRY-339.postgres.sql +++ /dev/null @@ -1,13 +0,0 @@ --- SENTRY-339 -ALTER TABLE "SENTRY_DB_PRIVILEGE" DROP CONSTRAINT "SENTRY_DB_PRIV_PRIV_NAME_UNIQ"; -ALTER TABLE "SENTRY_DB_PRIVILEGE" ADD CONSTRAINT "SENTRY_DB_PRIV_PRIV_NAME_UNIQ" UNIQUE ("SERVER_NAME","DB_NAME","TABLE_NAME","URI", "ACTION","WITH_GRANT_OPTION"); -ALTER TABLE "SENTRY_DB_PRIVILEGE" DROP COLUMN "PRIVILEGE_NAME"; - -ALTER TABLE "SENTRY_DB_PRIVILEGE" ALTER COLUMN "DB_NAME" SET DEFAULT '__NULL__'; -AlTER TABLE "SENTRY_DB_PRIVILEGE" ALTER COLUMN "TABLE_NAME" SET DEFAULT '__NULL__'; -ALTER TABLE "SENTRY_DB_PRIVILEGE" ALTER COLUMN "URI" SET DEFAULT '__NULL__'; - -UPDATE "SENTRY_DB_PRIVILEGE" SET "DB_NAME" = DEFAULT where "DB_NAME" is null; -UPDATE "SENTRY_DB_PRIVILEGE" SET "TABLE_NAME" = DEFAULT where "TABLE_NAME" is null; -UPDATE "SENTRY_DB_PRIVILEGE" SET "URI" = DEFAULT where "URI" is null; - http://git-wip-us.apache.org/repos/asf/sentry/blob/f1332300/sentry-provider/sentry-provider-db/src/main/resources/003-SENTRY-380.derby.sql ---------------------------------------------------------------------- diff --git a/sentry-provider/sentry-provider-db/src/main/resources/003-SENTRY-380.derby.sql b/sentry-provider/sentry-provider-db/src/main/resources/003-SENTRY-380.derby.sql deleted file mode 100644 index f27b358..0000000 --- a/sentry-provider/sentry-provider-db/src/main/resources/003-SENTRY-380.derby.sql +++ /dev/null @@ -1,7 +0,0 @@ --- SENTRY-380 -ALTER TABLE SENTRY_DB_PRIVILEGE DROP GRANTOR_PRINCIPAL; -ALTER TABLE SENTRY_ROLE DROP GRANTOR_PRINCIPAL; -ALTER TABLE SENTRY_GROUP DROP GRANTOR_PRINCIPAL; - -ALTER TABLE SENTRY_ROLE_DB_PRIVILEGE_MAP ADD GRANTOR_PRINCIPAL VARCHAR(128); -ALTER TABLE SENTRY_ROLE_GROUP_MAP ADD GRANTOR_PRINCIPAL VARCHAR(128); http://git-wip-us.apache.org/repos/asf/sentry/blob/f1332300/sentry-provider/sentry-provider-db/src/main/resources/003-SENTRY-380.mysql.sql ---------------------------------------------------------------------- diff --git a/sentry-provider/sentry-provider-db/src/main/resources/003-SENTRY-380.mysql.sql b/sentry-provider/sentry-provider-db/src/main/resources/003-SENTRY-380.mysql.sql deleted file mode 100644 index 8e0a633..0000000 --- a/sentry-provider/sentry-provider-db/src/main/resources/003-SENTRY-380.mysql.sql +++ /dev/null @@ -1,7 +0,0 @@ --- SENTRY-380 -ALTER TABLE `SENTRY_DB_PRIVILEGE` DROP `GRANTOR_PRINCIPAL`; -ALTER TABLE `SENTRY_ROLE` DROP `GRANTOR_PRINCIPAL`; -ALTER TABLE `SENTRY_GROUP` DROP `GRANTOR_PRINCIPAL`; - -ALTER TABLE `SENTRY_ROLE_DB_PRIVILEGE_MAP` ADD `GRANTOR_PRINCIPAL` VARCHAR(128) CHARACTER SET utf8 COLLATE utf8_bin; -ALTER TABLE `SENTRY_ROLE_GROUP_MAP` ADD `GRANTOR_PRINCIPAL` VARCHAR(128) CHARACTER SET utf8 COLLATE utf8_bin; \ No newline at end of file http://git-wip-us.apache.org/repos/asf/sentry/blob/f1332300/sentry-provider/sentry-provider-db/src/main/resources/003-SENTRY-380.oracle.sql ---------------------------------------------------------------------- diff --git a/sentry-provider/sentry-provider-db/src/main/resources/003-SENTRY-380.oracle.sql b/sentry-provider/sentry-provider-db/src/main/resources/003-SENTRY-380.oracle.sql deleted file mode 100644 index d07d20e..0000000 --- a/sentry-provider/sentry-provider-db/src/main/resources/003-SENTRY-380.oracle.sql +++ /dev/null @@ -1,7 +0,0 @@ --- SENTRY-380 -ALTER TABLE "SENTRY_DB_PRIVILEGE" DROP COLUMN "GRANTOR_PRINCIPAL"; -ALTER TABLE "SENTRY_ROLE" DROP COLUMN "GRANTOR_PRINCIPAL"; -ALTER TABLE "SENTRY_GROUP" DROP COLUMN "GRANTOR_PRINCIPAL"; - -ALTER TABLE "SENTRY_ROLE_DB_PRIVILEGE_MAP" ADD "GRANTOR_PRINCIPAL" VARCHAR2(128); -ALTER TABLE "SENTRY_ROLE_GROUP_MAP" ADD "GRANTOR_PRINCIPAL" VARCHAR2(128); http://git-wip-us.apache.org/repos/asf/sentry/blob/f1332300/sentry-provider/sentry-provider-db/src/main/resources/003-SENTRY-380.postgres.sql ---------------------------------------------------------------------- diff --git a/sentry-provider/sentry-provider-db/src/main/resources/003-SENTRY-380.postgres.sql b/sentry-provider/sentry-provider-db/src/main/resources/003-SENTRY-380.postgres.sql deleted file mode 100644 index 95a2ef1..0000000 --- a/sentry-provider/sentry-provider-db/src/main/resources/003-SENTRY-380.postgres.sql +++ /dev/null @@ -1,7 +0,0 @@ --- SENTRY-380 -ALTER TABLE "SENTRY_DB_PRIVILEGE" DROP "GRANTOR_PRINCIPAL"; -ALTER TABLE "SENTRY_ROLE" DROP "GRANTOR_PRINCIPAL"; -ALTER TABLE "SENTRY_GROUP" DROP "GRANTOR_PRINCIPAL"; - -ALTER TABLE "SENTRY_ROLE_DB_PRIVILEGE_MAP" ADD "GRANTOR_PRINCIPAL" character varying(128); -ALTER TABLE "SENTRY_ROLE_GROUP_MAP" ADD "GRANTOR_PRINCIPAL" character varying(128); http://git-wip-us.apache.org/repos/asf/sentry/blob/f1332300/sentry-provider/sentry-provider-db/src/main/resources/004-SENTRY-74.derby.sql ---------------------------------------------------------------------- diff --git a/sentry-provider/sentry-provider-db/src/main/resources/004-SENTRY-74.derby.sql b/sentry-provider/sentry-provider-db/src/main/resources/004-SENTRY-74.derby.sql deleted file mode 100644 index da1f4d6..0000000 --- a/sentry-provider/sentry-provider-db/src/main/resources/004-SENTRY-74.derby.sql +++ /dev/null @@ -1,4 +0,0 @@ --- SENTRY-74 -ALTER TABLE SENTRY_DB_PRIVILEGE ADD COLUMN COLUMN_NAME VARCHAR(4000) DEFAULT '__NULL__'; -DROP INDEX SENTRYPRIVILEGENAME; -CREATE UNIQUE INDEX SENTRYPRIVILEGENAME ON SENTRY_DB_PRIVILEGE ("SERVER_NAME",DB_NAME,"TABLE_NAME","COLUMN_NAME",URI,"ACTION",WITH_GRANT_OPTION); http://git-wip-us.apache.org/repos/asf/sentry/blob/f1332300/sentry-provider/sentry-provider-db/src/main/resources/004-SENTRY-74.mysql.sql ---------------------------------------------------------------------- diff --git a/sentry-provider/sentry-provider-db/src/main/resources/004-SENTRY-74.mysql.sql b/sentry-provider/sentry-provider-db/src/main/resources/004-SENTRY-74.mysql.sql deleted file mode 100644 index 1419ca3..0000000 --- a/sentry-provider/sentry-provider-db/src/main/resources/004-SENTRY-74.mysql.sql +++ /dev/null @@ -1,4 +0,0 @@ --- SENTRY-74 -ALTER TABLE `SENTRY_DB_PRIVILEGE` ADD `COLUMN_NAME` VARCHAR(128) DEFAULT '__NULL__'; -ALTER TABLE `SENTRY_DB_PRIVILEGE` DROP INDEX `SENTRY_DB_PRIV_PRIV_NAME_UNIQ`; -ALTER TABLE `SENTRY_DB_PRIVILEGE` ADD UNIQUE `SENTRY_DB_PRIV_PRIV_NAME_UNIQ` (`SERVER_NAME`,`DB_NAME`,`TABLE_NAME`,`COLUMN_NAME`,`URI`(250),`ACTION`,`WITH_GRANT_OPTION`); http://git-wip-us.apache.org/repos/asf/sentry/blob/f1332300/sentry-provider/sentry-provider-db/src/main/resources/004-SENTRY-74.oracle.sql ---------------------------------------------------------------------- diff --git a/sentry-provider/sentry-provider-db/src/main/resources/004-SENTRY-74.oracle.sql b/sentry-provider/sentry-provider-db/src/main/resources/004-SENTRY-74.oracle.sql deleted file mode 100644 index a70ae0a..0000000 --- a/sentry-provider/sentry-provider-db/src/main/resources/004-SENTRY-74.oracle.sql +++ /dev/null @@ -1,4 +0,0 @@ --- SENTRY-74 -ALTER TABLE SENTRY_DB_PRIVILEGE ADD COLUMN_NAME VARCHAR2(128) DEFAULT '__NULL__'; -ALTER TABLE SENTRY_DB_PRIVILEGE DROP CONSTRAINT "SENTRY_DB_PRIV_PRIV_NAME_UNIQ" DROP INDEX; -ALTER TABLE SENTRY_DB_PRIVILEGE ADD CONSTRAINT "SENTRY_DB_PRIV_PRIV_NAME_UNIQ" UNIQUE ("SERVER_NAME","DB_NAME","TABLE_NAME","COLUMN_NAME","URI","ACTION","WITH_GRANT_OPTION"); http://git-wip-us.apache.org/repos/asf/sentry/blob/f1332300/sentry-provider/sentry-provider-db/src/main/resources/004-SENTRY-74.postgres.sql ---------------------------------------------------------------------- diff --git a/sentry-provider/sentry-provider-db/src/main/resources/004-SENTRY-74.postgres.sql b/sentry-provider/sentry-provider-db/src/main/resources/004-SENTRY-74.postgres.sql deleted file mode 100644 index 81bdfa3..0000000 --- a/sentry-provider/sentry-provider-db/src/main/resources/004-SENTRY-74.postgres.sql +++ /dev/null @@ -1,4 +0,0 @@ --- SENTRY-74 -ALTER TABLE "SENTRY_DB_PRIVILEGE" ADD COLUMN "COLUMN_NAME" character varying(128) DEFAULT '__NULL__'; -ALTER TABLE "SENTRY_DB_PRIVILEGE" DROP CONSTRAINT "SENTRY_DB_PRIV_PRIV_NAME_UNIQ"; -ALTER TABLE "SENTRY_DB_PRIVILEGE" ADD CONSTRAINT "SENTRY_DB_PRIV_PRIV_NAME_UNIQ" UNIQUE ("SERVER_NAME","DB_NAME","TABLE_NAME","COLUMN_NAME","URI", "ACTION","WITH_GRANT_OPTION");
