Repository: sentry Updated Branches: refs/heads/master 1a238c0ec -> 854934cb2
SENTRY-1515: Cleanup exception handling in SentryStore (Alexander Kolbasov via Vamsee Yarlagadda, Reviewed by: Mat Crocker, Hao Hao, Vamsee Yarlagadda, Vadim Spector, Kalyan Kalvagadda) Project: http://git-wip-us.apache.org/repos/asf/sentry/repo Commit: http://git-wip-us.apache.org/repos/asf/sentry/commit/854934cb Tree: http://git-wip-us.apache.org/repos/asf/sentry/tree/854934cb Diff: http://git-wip-us.apache.org/repos/asf/sentry/diff/854934cb Branch: refs/heads/master Commit: 854934cb218cf113bd089f51ca4fdfe72ecef0ee Parents: 1a238c0 Author: Vamsee Yarlagadda <[email protected]> Authored: Mon Jan 9 19:39:36 2017 -0800 Committer: Vamsee Yarlagadda <[email protected]> Committed: Mon Jan 9 19:42:19 2017 -0800 ---------------------------------------------------------------------- .../java/org/apache/sentry/hdfs/Updateable.java | 2 +- .../org/apache/sentry/hdfs/SentryPlugin.java | 61 +-- .../org/apache/sentry/hdfs/UpdateForwarder.java | 31 +- .../sentry/hdfs/UpdateablePermissions.java | 2 +- .../service/persistent/DelegateSentryStore.java | 2 +- .../service/persistent/SentryStoreLayer.java | 2 +- .../db/service/persistent/SentryStore.java | 517 ++++++++----------- 7 files changed, 272 insertions(+), 345 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/sentry/blob/854934cb/sentry-hdfs/sentry-hdfs-common/src/main/java/org/apache/sentry/hdfs/Updateable.java ---------------------------------------------------------------------- diff --git a/sentry-hdfs/sentry-hdfs-common/src/main/java/org/apache/sentry/hdfs/Updateable.java b/sentry-hdfs/sentry-hdfs-common/src/main/java/org/apache/sentry/hdfs/Updateable.java index 4dc3a0c..8391b85 100644 --- a/sentry-hdfs/sentry-hdfs-common/src/main/java/org/apache/sentry/hdfs/Updateable.java +++ b/sentry-hdfs/sentry-hdfs-common/src/main/java/org/apache/sentry/hdfs/Updateable.java @@ -66,7 +66,7 @@ public interface Updateable<K extends Updateable.Update> { * @param currSeqNum * @return */ - K createFullImageUpdate(long currSeqNum); + K createFullImageUpdate(long currSeqNum) throws Exception; String getUpdateableTypeName(); http://git-wip-us.apache.org/repos/asf/sentry/blob/854934cb/sentry-hdfs/sentry-hdfs-service/src/main/java/org/apache/sentry/hdfs/SentryPlugin.java ---------------------------------------------------------------------- diff --git a/sentry-hdfs/sentry-hdfs-service/src/main/java/org/apache/sentry/hdfs/SentryPlugin.java b/sentry-hdfs/sentry-hdfs-service/src/main/java/org/apache/sentry/hdfs/SentryPlugin.java index 3695709..47c9f9d 100644 --- a/sentry-hdfs/sentry-hdfs-service/src/main/java/org/apache/sentry/hdfs/SentryPlugin.java +++ b/sentry-hdfs/sentry-hdfs-service/src/main/java/org/apache/sentry/hdfs/SentryPlugin.java @@ -127,36 +127,37 @@ public class SentryPlugin implements SentryPolicyStorePlugin, SigUtils.SigListen } @Override - public PermissionsUpdate retrieveFullImage(long currSeqNum) { - final Timer.Context timerContext = - SentryHdfsMetricsUtil.getRetrieveFullImageTimer.time(); - Map<String, HashMap<String, String>> privilegeImage = sentryStore.retrieveFullPrivilegeImage(); - Map<String, LinkedList<String>> roleImage = sentryStore.retrieveFullRoleImage(); - - TPermissionsUpdate tPermUpdate = new TPermissionsUpdate(true, currSeqNum, - new HashMap<String, TPrivilegeChanges>(), - new HashMap<String, TRoleChanges>()); - for (Map.Entry<String, HashMap<String, String>> privEnt : privilegeImage.entrySet()) { - String authzObj = privEnt.getKey(); - HashMap<String,String> privs = privEnt.getValue(); - tPermUpdate.putToPrivilegeChanges(authzObj, new TPrivilegeChanges( - authzObj, privs, new HashMap<String, String>())); - } - for (Map.Entry<String, LinkedList<String>> privEnt : roleImage.entrySet()) { - String role = privEnt.getKey(); - LinkedList<String> groups = privEnt.getValue(); - tPermUpdate.putToRoleChanges(role, new TRoleChanges(role, groups, new LinkedList<String>())); + public PermissionsUpdate retrieveFullImage(long currSeqNum) throws Exception { + try(Timer.Context timerContext = + SentryHdfsMetricsUtil.getRetrieveFullImageTimer.time()) { + + SentryHdfsMetricsUtil.getRetrieveFullImageTimer.time(); + Map<String, HashMap<String, String>> privilegeImage = sentryStore.retrieveFullPrivilegeImage(); + Map<String, LinkedList<String>> roleImage = sentryStore.retrieveFullRoleImage(); + + TPermissionsUpdate tPermUpdate = new TPermissionsUpdate(true, currSeqNum, + new HashMap<String, TPrivilegeChanges>(), + new HashMap<String, TRoleChanges>()); + for (Map.Entry<String, HashMap<String, String>> privEnt : privilegeImage.entrySet()) { + String authzObj = privEnt.getKey(); + HashMap<String,String> privs = privEnt.getValue(); + tPermUpdate.putToPrivilegeChanges(authzObj, new TPrivilegeChanges( + authzObj, privs, new HashMap<String, String>())); + } + for (Map.Entry<String, LinkedList<String>> privEnt : roleImage.entrySet()) { + String role = privEnt.getKey(); + LinkedList<String> groups = privEnt.getValue(); + tPermUpdate.putToRoleChanges(role, new TRoleChanges(role, groups, new LinkedList<String>())); + } + PermissionsUpdate permissionsUpdate = new PermissionsUpdate(tPermUpdate); + permissionsUpdate.setSeqNum(currSeqNum); + SentryHdfsMetricsUtil.getPrivilegeChangesHistogram.update( + tPermUpdate.getPrivilegeChangesSize()); + SentryHdfsMetricsUtil.getRoleChangesHistogram.update( + tPermUpdate.getRoleChangesSize()); + return permissionsUpdate; } - PermissionsUpdate permissionsUpdate = new PermissionsUpdate(tPermUpdate); - permissionsUpdate.setSeqNum(currSeqNum); - timerContext.stop(); - SentryHdfsMetricsUtil.getPrivilegeChangesHistogram.update( - tPermUpdate.getPrivilegeChangesSize()); - SentryHdfsMetricsUtil.getRoleChangesHistogram.update( - tPermUpdate.getRoleChangesSize()); - return permissionsUpdate; } - } private UpdateForwarder<PathsUpdate> pathsUpdater; @@ -221,7 +222,7 @@ public class SentryPlugin implements SentryPolicyStorePlugin, SigUtils.SigListen * Request for update from NameNode. * Full update to NameNode should happen only after full update from HMS. */ - public List<PathsUpdate> getAllPathsUpdatesFrom(long pathSeqNum) { + public List<PathsUpdate> getAllPathsUpdatesFrom(long pathSeqNum) throws Exception { if (!fullUpdateNN.get()) { // Most common case - Sentry is NOT handling a full update. return pathsUpdater.getAllUpdatesFrom(pathSeqNum); @@ -266,7 +267,7 @@ public class SentryPlugin implements SentryPolicyStorePlugin, SigUtils.SigListen } } - public List<PermissionsUpdate> getAllPermsUpdatesFrom(long permSeqNum) { + public List<PermissionsUpdate> getAllPermsUpdatesFrom(long permSeqNum) throws Exception { return permsUpdater.getAllUpdatesFrom(permSeqNum); } http://git-wip-us.apache.org/repos/asf/sentry/blob/854934cb/sentry-hdfs/sentry-hdfs-service/src/main/java/org/apache/sentry/hdfs/UpdateForwarder.java ---------------------------------------------------------------------- diff --git a/sentry-hdfs/sentry-hdfs-service/src/main/java/org/apache/sentry/hdfs/UpdateForwarder.java b/sentry-hdfs/sentry-hdfs-service/src/main/java/org/apache/sentry/hdfs/UpdateForwarder.java index 7387281..65b32e8 100644 --- a/sentry-hdfs/sentry-hdfs-service/src/main/java/org/apache/sentry/hdfs/UpdateForwarder.java +++ b/sentry-hdfs/sentry-hdfs-service/src/main/java/org/apache/sentry/hdfs/UpdateForwarder.java @@ -40,7 +40,7 @@ public class UpdateForwarder<K extends Updateable.Update> implements interface ExternalImageRetriever<K> { - K retrieveFullImage(long currSeqNum); + K retrieveFullImage(long currSeqNum) throws Exception; } @@ -76,7 +76,8 @@ public class UpdateForwarder<K extends Updateable.Update> implements ExternalImageRetriever<K> imageRetreiver, int maxUpdateLogSize) { this(conf, updateable, imageRetreiver, maxUpdateLogSize, INIT_UPDATE_RETRY_DELAY); } - public UpdateForwarder(Configuration conf, Updateable<K> updateable, //NOPMD + + protected UpdateForwarder(Configuration conf, Updateable<K> updateable, //NOPMD ExternalImageRetriever<K> imageRetreiver, int maxUpdateLogSize, int initUpdateRetryDelay) { this.maxUpdateLogSize = maxUpdateLogSize; @@ -143,7 +144,11 @@ public class UpdateForwarder<K extends Updateable.Update> implements initUpdater.start(); } if (firstFullImage != null) { - appendToUpdateLog(firstFullImage); + try { + appendToUpdateLog(firstFullImage); + } catch (Exception e) { + LOGGER.warn("failed to update append log: ", e); + } this.updateable = updateable.updateFull(firstFullImage); } } @@ -180,19 +185,27 @@ public class UpdateForwarder<K extends Updateable.Update> implements } else { // Retrieve full update from External Source and if (imageRetreiver != null) { - toUpdate = imageRetreiver - .retrieveFullImage(update.getSeqNum()); + try { + toUpdate = imageRetreiver + .retrieveFullImage(update.getSeqNum()); + } catch (Exception e) { + LOGGER.warn("failed to retrieve full image: ", e); + } updateable = updateable.updateFull(toUpdate); } } } - appendToUpdateLog(toUpdate); + try { + appendToUpdateLog(toUpdate); + } catch (Exception e) { + LOGGER.warn("failed to append to update log", e); + } } }; updateHandler.execute(task); } - protected void appendToUpdateLog(K update) { + protected void appendToUpdateLog(K update) throws Exception { synchronized (getUpdateLog()) { boolean logCompacted = false; if (getMaxUpdateLogSize() > 0) { @@ -222,7 +235,7 @@ public class UpdateForwarder<K extends Updateable.Update> implements * @param seqNum * @return */ - public List<K> getAllUpdatesFrom(long seqNum) { + public List<K> getAllUpdatesFrom(long seqNum) throws Exception { List<K> retVal = new LinkedList<K>(); synchronized (getUpdateLog()) { long currSeqNum = lastCommittedSeqNum.get(); @@ -310,7 +323,7 @@ public class UpdateForwarder<K extends Updateable.Update> implements } @Override - public K createFullImageUpdate(long currSeqNum) { + public K createFullImageUpdate(long currSeqNum) throws Exception { return (updateable != null) ? updateable.createFullImageUpdate(currSeqNum) : null; } http://git-wip-us.apache.org/repos/asf/sentry/blob/854934cb/sentry-hdfs/sentry-hdfs-service/src/main/java/org/apache/sentry/hdfs/UpdateablePermissions.java ---------------------------------------------------------------------- diff --git a/sentry-hdfs/sentry-hdfs-service/src/main/java/org/apache/sentry/hdfs/UpdateablePermissions.java b/sentry-hdfs/sentry-hdfs-service/src/main/java/org/apache/sentry/hdfs/UpdateablePermissions.java index 3d756c9..fe2baa6 100644 --- a/sentry-hdfs/sentry-hdfs-service/src/main/java/org/apache/sentry/hdfs/UpdateablePermissions.java +++ b/sentry-hdfs/sentry-hdfs-service/src/main/java/org/apache/sentry/hdfs/UpdateablePermissions.java @@ -34,7 +34,7 @@ public class UpdateablePermissions implements Updateable<PermissionsUpdate>{ } @Override - public PermissionsUpdate createFullImageUpdate(long currSeqNum) { + public PermissionsUpdate createFullImageUpdate(long currSeqNum) throws Exception { return imageRetreiver.retrieveFullImage(currSeqNum); } http://git-wip-us.apache.org/repos/asf/sentry/blob/854934cb/sentry-service/sentry-service-server/src/main/java/org/apache/sentry/provider/db/generic/service/persistent/DelegateSentryStore.java ---------------------------------------------------------------------- diff --git a/sentry-service/sentry-service-server/src/main/java/org/apache/sentry/provider/db/generic/service/persistent/DelegateSentryStore.java b/sentry-service/sentry-service-server/src/main/java/org/apache/sentry/provider/db/generic/service/persistent/DelegateSentryStore.java index 2ee06f9..57b6eff 100644 --- a/sentry-service/sentry-service-server/src/main/java/org/apache/sentry/provider/db/generic/service/persistent/DelegateSentryStore.java +++ b/sentry-service/sentry-service-server/src/main/java/org/apache/sentry/provider/db/generic/service/persistent/DelegateSentryStore.java @@ -97,7 +97,7 @@ public class DelegateSentryStore implements SentryStoreLayer { } @Override - public Set<String> getAllRoleNames() { + public Set<String> getAllRoleNames() throws Exception { return delegate.getAllRoleNames(); } http://git-wip-us.apache.org/repos/asf/sentry/blob/854934cb/sentry-service/sentry-service-server/src/main/java/org/apache/sentry/provider/db/generic/service/persistent/SentryStoreLayer.java ---------------------------------------------------------------------- diff --git a/sentry-service/sentry-service-server/src/main/java/org/apache/sentry/provider/db/generic/service/persistent/SentryStoreLayer.java b/sentry-service/sentry-service-server/src/main/java/org/apache/sentry/provider/db/generic/service/persistent/SentryStoreLayer.java index f717f38..eec2757 100644 --- a/sentry-service/sentry-service-server/src/main/java/org/apache/sentry/provider/db/generic/service/persistent/SentryStoreLayer.java +++ b/sentry-service/sentry-service-server/src/main/java/org/apache/sentry/provider/db/generic/service/persistent/SentryStoreLayer.java @@ -162,7 +162,7 @@ public interface SentryStoreLayer { * * @returns The set of roles name, */ - Set<String> getAllRoleNames(); + Set<String> getAllRoleNames() throws Exception; /** * Get sentry privileges based on valid active roles and the authorize objects. http://git-wip-us.apache.org/repos/asf/sentry/blob/854934cb/sentry-service/sentry-service-server/src/main/java/org/apache/sentry/provider/db/service/persistent/SentryStore.java ---------------------------------------------------------------------- diff --git a/sentry-service/sentry-service-server/src/main/java/org/apache/sentry/provider/db/service/persistent/SentryStore.java b/sentry-service/sentry-service-server/src/main/java/org/apache/sentry/provider/db/service/persistent/SentryStore.java index 0a4b3e1..b7ae634 100644 --- a/sentry-service/sentry-service-server/src/main/java/org/apache/sentry/provider/db/service/persistent/SentryStore.java +++ b/sentry-service/sentry-service-server/src/main/java/org/apache/sentry/provider/db/service/persistent/SentryStore.java @@ -960,145 +960,128 @@ public class SentryStore { }); } - private boolean hasAnyServerPrivileges(final Set<String> roleNames, final String serverName) { + private boolean hasAnyServerPrivileges(final Set<String> roleNames, final String serverName) throws Exception { if (roleNames == null || roleNames.isEmpty()) { return false; } - boolean result = false; - try { - result = (Boolean) tm.executeTransaction( - new TransactionBlock() { - public Object execute(PersistenceManager pm) throws Exception { - Query query = pm.newQuery(MSentryPrivilege.class); - QueryParamBuilder paramBuilder = addRolesFilter(query,null, roleNames); - paramBuilder.add(SERVER_NAME, serverName); - query.setFilter(paramBuilder.toString()); - query.setResult("count(this)"); - Long numPrivs = (Long) query.executeWithMap(paramBuilder.getArguments()); - return numPrivs > 0; - } - }); - } catch (Exception e) { - LOGGER.error(e.getMessage(), e); - } - return result; + return (Boolean) tm.executeTransaction( + new TransactionBlock() { + public Object execute(PersistenceManager pm) throws Exception { + Query query = pm.newQuery(MSentryPrivilege.class); + QueryParamBuilder paramBuilder = addRolesFilter(query,null, roleNames); + paramBuilder.add(SERVER_NAME, serverName); + query.setFilter(paramBuilder.toString()); + query.setResult("count(this)"); + Long numPrivs = (Long) query.executeWithMap(paramBuilder.getArguments()); + return numPrivs > 0; + } + }); } @SuppressWarnings("unchecked") private List<MSentryPrivilege> getMSentryPrivileges(final Set<String> roleNames, - final TSentryAuthorizable authHierarchy) { - List<MSentryPrivilege> result = new ArrayList<>(); + final TSentryAuthorizable authHierarchy) throws Exception { + List<MSentryPrivilege> result = new ArrayList<MSentryPrivilege>(); if (roleNames == null || roleNames.isEmpty()) { return result; } - try { - result = (List<MSentryPrivilege>) tm.executeTransaction( - new TransactionBlock() { - public Object execute(PersistenceManager pm) throws Exception { - Query query = pm.newQuery(MSentryPrivilege.class); - QueryParamBuilder paramBuilder = addRolesFilter(query, null, roleNames); - - if (authHierarchy != null && authHierarchy.getServer() != null) { - paramBuilder.add(SERVER_NAME, authHierarchy.getServer()); - if (authHierarchy.getDb() != null) { - paramBuilder.addNull(URI) - .newChild() - .add(DB_NAME, authHierarchy.getDb()) - .addNull(DB_NAME); - if (authHierarchy.getTable() != null - && !AccessConstants.ALL.equalsIgnoreCase(authHierarchy.getTable())) { - if (!AccessConstants.SOME.equalsIgnoreCase(authHierarchy.getTable())) { - paramBuilder.addNull(URI) - .newChild() - .add(TABLE_NAME, authHierarchy.getTable()) - .addNull(TABLE_NAME); - } - if (authHierarchy.getColumn() != null - && !AccessConstants.ALL.equalsIgnoreCase(authHierarchy.getColumn()) - && !AccessConstants.SOME.equalsIgnoreCase(authHierarchy.getColumn())) { - paramBuilder.addNull(URI) - .newChild() - .add(COLUMN_NAME, authHierarchy.getColumn()) - .addNull(COLUMN_NAME); - } + return (List<MSentryPrivilege>) tm.executeTransaction( + new TransactionBlock() { + public Object execute(PersistenceManager pm) throws Exception { + Query query = pm.newQuery(MSentryPrivilege.class); + QueryParamBuilder paramBuilder = addRolesFilter(query, null, roleNames); + + if (authHierarchy != null && authHierarchy.getServer() != null) { + paramBuilder.add(SERVER_NAME, authHierarchy.getServer()); + if (authHierarchy.getDb() != null) { + paramBuilder.addNull(URI) + .newChild() + .add(DB_NAME, authHierarchy.getDb()) + .addNull(DB_NAME); + if (authHierarchy.getTable() != null + && !AccessConstants.ALL.equalsIgnoreCase(authHierarchy.getTable())) { + if (!AccessConstants.SOME.equalsIgnoreCase(authHierarchy.getTable())) { + paramBuilder.addNull(URI) + .newChild() + .add(TABLE_NAME, authHierarchy.getTable()) + .addNull(TABLE_NAME); } - } - if (authHierarchy.getUri() != null) { - paramBuilder.addNull(DB_NAME) - .newChild() - .addNull(URI) + if (authHierarchy.getColumn() != null + && !AccessConstants.ALL.equalsIgnoreCase(authHierarchy.getColumn()) + && !AccessConstants.SOME.equalsIgnoreCase(authHierarchy.getColumn())) { + paramBuilder.addNull(URI) .newChild() - .addNotNull(URI) - .addCustomParam("\"" + authHierarchy.getUri() + - "\".startsWith(:URI)", URI, authHierarchy.getUri()); + .add(COLUMN_NAME, authHierarchy.getColumn()) + .addNull(COLUMN_NAME); + } } } - LOGGER.debug("getMSentryPrivileges1() Query: " + paramBuilder.toString()); - query.setFilter(paramBuilder.toString()); - return query.executeWithMap(paramBuilder.getArguments()); + if (authHierarchy.getUri() != null) { + paramBuilder.addNull(DB_NAME) + .newChild() + .addNull(URI) + .newChild() + .addNotNull(URI) + .addCustomParam("\"" + authHierarchy.getUri() + + "\".startsWith(:URI)", URI, authHierarchy.getUri()); + } } - }); - } catch (Exception e) { - LOGGER.error(e.getMessage(), e); - } - return result; + LOGGER.debug("getMSentryPrivileges1() Query: " + paramBuilder.toString()); + query.setFilter(paramBuilder.toString()); + return query.executeWithMap(paramBuilder.getArguments()); + } + }); } @SuppressWarnings("unchecked") List<MSentryPrivilege> getMSentryPrivilegesByAuth(final Set<String> roleNames, - final TSentryAuthorizable authHierarchy) { - List<MSentryPrivilege> result = new ArrayList<MSentryPrivilege>(); - try { - result = (List<MSentryPrivilege>) tm.executeTransaction( - new TransactionBlock() { - public Object execute(PersistenceManager pm) throws Exception { - Query query = pm.newQuery(MSentryPrivilege.class); - QueryParamBuilder paramBuilder = new QueryParamBuilder(); - if (roleNames == null || roleNames.isEmpty()) { - paramBuilder.addString("!roles.isEmpty()"); - } else { - addRolesFilter(query, paramBuilder, roleNames); - } - if (authHierarchy.getServer() != null) { - paramBuilder.add(SERVER_NAME, authHierarchy.getServer()); - if (authHierarchy.getDb() != null) { - paramBuilder.add(DB_NAME, authHierarchy.getDb()).addNull(URI); - if (authHierarchy.getTable() != null) { - paramBuilder.add(TABLE_NAME, authHierarchy.getTable()); - } else { - paramBuilder.addNull(TABLE_NAME); - } - } else if (authHierarchy.getUri() != null) { - paramBuilder.addNotNull(URI) - .addNull(DB_NAME) - .addCustomParam("(:authURI.startsWith(URI))", "authURI", authHierarchy.getUri()); + final TSentryAuthorizable authHierarchy) throws Exception { + return (List<MSentryPrivilege>) tm.executeTransaction( + new TransactionBlock() { + public Object execute(PersistenceManager pm) throws Exception { + Query query = pm.newQuery(MSentryPrivilege.class); + QueryParamBuilder paramBuilder = new QueryParamBuilder(); + if (roleNames == null || roleNames.isEmpty()) { + paramBuilder.addString("!roles.isEmpty()"); + } else { + addRolesFilter(query, paramBuilder, roleNames); + } + if (authHierarchy.getServer() != null) { + paramBuilder.add(SERVER_NAME, authHierarchy.getServer()); + if (authHierarchy.getDb() != null) { + paramBuilder.add(DB_NAME, authHierarchy.getDb()).addNull(URI); + if (authHierarchy.getTable() != null) { + paramBuilder.add(TABLE_NAME, authHierarchy.getTable()); } else { - paramBuilder.addNull(DB_NAME) - .addNull(URI); + paramBuilder.addNull(TABLE_NAME); } + } else if (authHierarchy.getUri() != null) { + paramBuilder.addNotNull(URI) + .addNull(DB_NAME) + .addCustomParam("(:authURI.startsWith(URI))", "authURI", authHierarchy.getUri()); } else { - // if no server, then return empty resultset - return new ArrayList<MSentryPrivilege>(); + paramBuilder.addNull(DB_NAME) + .addNull(URI); } - FetchGroup grp = pm.getFetchGroup(MSentryPrivilege.class, "fetchRole"); - grp.addMember("roles"); - pm.getFetchPlan().addGroup("fetchRole"); - // LOGGER.debug("XXX: " + paramBuilder.toString()); - query.setFilter(paramBuilder.toString()); - return query.executeWithMap(paramBuilder.getArguments()); + } else { + // if no server, then return empty resultset + return new ArrayList<MSentryPrivilege>(); } - }); - } catch (Exception e) { - LOGGER.error(e.getMessage(), e); - } - return result; + FetchGroup grp = pm.getFetchGroup(MSentryPrivilege.class, "fetchRole"); + grp.addMember("roles"); + pm.getFetchPlan().addGroup("fetchRole"); + // LOGGER.debug("XXX: " + paramBuilder.toString()); + query.setFilter(paramBuilder.toString()); + return query.executeWithMap(paramBuilder.getArguments()); + } + }); } public TSentryPrivilegeMap listSentryPrivilegesByAuthorizable(Set<String> groups, TSentryActiveRoleSet activeRoles, TSentryAuthorizable authHierarchy, boolean isAdmin) - throws SentryInvalidInputException { + throws Exception { Map<String, Set<TSentryPrivilege>> resultPrivilegeMap = Maps.newTreeMap(); Set<String> roles = getRolesToQuery(groups, null, new TSentryActiveRoleSet(true, null)); @@ -1159,7 +1142,7 @@ public class SentryStore { public Set<TSentryPrivilege> getTSentryPrivileges(Set<String> roleNames, TSentryAuthorizable authHierarchy) - throws SentryInvalidInputException { + throws Exception { if (authHierarchy.getServer() == null) { throw new SentryInvalidInputException("serverName cannot be null !!"); } @@ -1225,23 +1208,17 @@ public class SentryStore { } @SuppressWarnings("unchecked") - public Set<String> getRoleNamesForGroups(final Set<String> groups) { + public Set<String> getRoleNamesForGroups(final Set<String> groups) throws Exception { if (groups == null || groups.isEmpty()) { return ImmutableSet.of(); } - Set<String> result = new HashSet<>(); - try { - result = (Set<String>) tm.executeTransaction( - new TransactionBlock() { - public Object execute(PersistenceManager pm) throws Exception { - return getRoleNamesForGroupsCore(pm, groups); - } - }); - } catch (Exception e) { - LOGGER.error(e.getMessage(), e); - } - return result; + return (Set<String>) tm.executeTransaction( + new TransactionBlock() { + public Object execute(PersistenceManager pm) throws Exception { + return getRoleNamesForGroupsCore(pm, groups); + } + }); } private Set<String> getRoleNamesForGroupsCore(PersistenceManager pm, Set<String> groups) { @@ -1249,23 +1226,17 @@ public class SentryStore { } @SuppressWarnings("unchecked") - public Set<String> getRoleNamesForUsers(final Set<String> users) { + public Set<String> getRoleNamesForUsers(final Set<String> users) throws Exception { if (users == null || users.isEmpty()) { return ImmutableSet.of(); } - Set<String> result = new HashSet<>(); - try { - result = (Set<String>) tm.executeTransaction( + return (Set<String>) tm.executeTransaction( new TransactionBlock() { public Object execute(PersistenceManager pm) throws Exception { return getRoleNamesForUsersCore(pm,users); } }); - } catch (Exception e) { - LOGGER.error(e.getMessage(), e); - } - return result; } private Set<String> getRoleNamesForUsersCore(PersistenceManager pm, Set<String> users) { @@ -1273,23 +1244,16 @@ public class SentryStore { } @SuppressWarnings("unchecked") - public Set<TSentryRole> getTSentryRolesByUserNames(final Set<String> users) { - Set<TSentryRole> result = new HashSet<>(); - - try { - result = (Set<TSentryRole>) tm.executeTransaction( - new TransactionBlock() { - public Object execute(PersistenceManager pm) throws Exception { - Set<MSentryRole> mSentryRoles = getRolesForUsers(pm, users); - // Since {@link MSentryRole#getGroups()} is lazy-loading, the converting should be call - // before transaction committed. - return convertToTSentryRoles(mSentryRoles); + public Set<TSentryRole> getTSentryRolesByUserNames(final Set<String> users) throws Exception { + return (Set<TSentryRole>) tm.executeTransaction( + new TransactionBlock() { + public Object execute(PersistenceManager pm) throws Exception { + Set<MSentryRole> mSentryRoles = getRolesForUsers(pm, users); + // Since {@link MSentryRole#getGroups()} is lazy-loading, the converting should be call + // before transaction committed. + return convertToTSentryRoles(mSentryRoles); } }); - } catch (Exception e) { - LOGGER.error(e.getMessage(), e); - } - return result; } public Set<MSentryRole> getRolesForGroups(PersistenceManager pm, Set<String> groups) { @@ -1323,13 +1287,13 @@ public class SentryStore { } Set<String> listAllSentryPrivilegesForProvider(Set<String> groups, Set<String> users, - TSentryActiveRoleSet roleSet) throws SentryInvalidInputException { + TSentryActiveRoleSet roleSet) throws Exception { return listSentryPrivilegesForProvider(groups, users, roleSet, null); } public Set<String> listSentryPrivilegesForProvider(Set<String> groups, Set<String> users, - TSentryActiveRoleSet roleSet, TSentryAuthorizable authHierarchy) throws SentryInvalidInputException { + TSentryActiveRoleSet roleSet, TSentryAuthorizable authHierarchy) throws Exception { Set<String> result = Sets.newHashSet(); Set<String> rolesToQuery = getRolesToQuery(groups, users, roleSet); List<MSentryPrivilege> mSentryPrivileges = getMSentryPrivileges(rolesToQuery, authHierarchy); @@ -1341,17 +1305,15 @@ public class SentryStore { } public boolean hasAnyServerPrivileges(Set<String> groups, Set<String> users, - TSentryActiveRoleSet roleSet, String server) { + TSentryActiveRoleSet roleSet, String server) throws Exception { Set<String> rolesToQuery = getRolesToQuery(groups, users, roleSet); return hasAnyServerPrivileges(rolesToQuery, server); } @SuppressWarnings("unchecked") private Set<String> getRolesToQuery(final Set<String> groups, final Set<String> users, - final TSentryActiveRoleSet roleSet) { - Set<String> result = new HashSet<>(); - try { - result = (Set<String>) tm.executeTransaction( + final TSentryActiveRoleSet roleSet) throws Exception { + return (Set<String>) tm.executeTransaction( new TransactionBlock() { public Object execute(PersistenceManager pm) throws Exception { Set<String> activeRoleNames = toTrimedLower(roleSet.getRoles()); @@ -1363,10 +1325,6 @@ public class SentryStore { roleNames); } }); - } catch (Exception e) { - LOGGER.error(e.getMessage(), e); - } - return result; } @VisibleForTesting @@ -1859,83 +1817,73 @@ public class SentryStore { } @SuppressWarnings("unchecked") - public Map<String, HashMap<String, String>> retrieveFullPrivilegeImage() { + public Map<String, HashMap<String, String>> retrieveFullPrivilegeImage() throws Exception { Map<String, HashMap<String, String>> result = new HashMap<>(); - try { - result = (Map<String, HashMap<String, String>>) tm.executeTransaction( - new TransactionBlock() { - public Object execute(PersistenceManager pm) throws Exception { - Map<String, HashMap<String, String>> retVal = new HashMap<>(); - Query query = pm.newQuery(MSentryPrivilege.class); - QueryParamBuilder paramBuilder = new QueryParamBuilder(); - paramBuilder - .addNotNull(SERVER_NAME) - .addNotNull(DB_NAME) - .addNull(URI); - - query.setFilter(paramBuilder.toString()); - query.setOrdering("serverName ascending, dbName ascending, tableName ascending"); - List<MSentryPrivilege> privileges = - (List<MSentryPrivilege>) query.executeWithMap(paramBuilder.getArguments()); - for (MSentryPrivilege mPriv : privileges) { - String authzObj = mPriv.getDbName(); - if (!isNULL(mPriv.getTableName())) { - authzObj = authzObj + "." + mPriv.getTableName(); - } - HashMap<String, String> pUpdate = retVal.get(authzObj); - if (pUpdate == null) { - pUpdate = new HashMap<String, String>(); - retVal.put(authzObj, pUpdate); - } - for (MSentryRole mRole : mPriv.getRoles()) { - String existingPriv = pUpdate.get(mRole.getRoleName()); - if (existingPriv == null) { - pUpdate.put(mRole.getRoleName(), mPriv.getAction().toUpperCase()); - } else { - pUpdate.put(mRole.getRoleName(), existingPriv + "," - + mPriv.getAction().toUpperCase()); - } - } - } - return retVal; - } - }); - } catch (Exception e) { - LOGGER.error(e.getMessage(), e); - } - return result; + return (Map<String, HashMap<String, String>>) tm.executeTransaction( + new TransactionBlock() { + public Object execute(PersistenceManager pm) throws Exception { + Map<String, HashMap<String, String>> retVal = new HashMap<>(); + Query query = pm.newQuery(MSentryPrivilege.class); + QueryParamBuilder paramBuilder = new QueryParamBuilder(); + paramBuilder + .addNotNull(SERVER_NAME) + .addNotNull(DB_NAME) + .addNull(URI); + + query.setFilter(paramBuilder.toString()); + query.setOrdering("serverName ascending, dbName ascending, tableName ascending"); + List<MSentryPrivilege> privileges = + (List<MSentryPrivilege>) query.executeWithMap(paramBuilder.getArguments()); + for (MSentryPrivilege mPriv : privileges) { + String authzObj = mPriv.getDbName(); + if (!isNULL(mPriv.getTableName())) { + authzObj = authzObj + "." + mPriv.getTableName(); + } + HashMap<String, String> pUpdate = retVal.get(authzObj); + if (pUpdate == null) { + pUpdate = new HashMap<String, String>(); + retVal.put(authzObj, pUpdate); + } + for (MSentryRole mRole : mPriv.getRoles()) { + String existingPriv = pUpdate.get(mRole.getRoleName()); + if (existingPriv == null) { + pUpdate.put(mRole.getRoleName(), mPriv.getAction().toUpperCase()); + } else { + pUpdate.put(mRole.getRoleName(), existingPriv + "," + + mPriv.getAction().toUpperCase()); + } + } + } + return retVal; + } + }); } /** * @return Mapping of Role -> [Groups] */ @SuppressWarnings("unchecked") - public Map<String, LinkedList<String>> retrieveFullRoleImage() { + public Map<String, LinkedList<String>> retrieveFullRoleImage() throws Exception { Map<String, LinkedList<String>> result = new HashMap<>(); - try { - result = (Map<String, LinkedList<String>>) tm.executeTransaction( - new TransactionBlock() { - public Object execute(PersistenceManager pm) throws Exception { - Map<String, LinkedList<String>> retVal = new HashMap<>(); - Query query = pm.newQuery(MSentryGroup.class); - List<MSentryGroup> groups = (List<MSentryGroup>) query.execute(); - for (MSentryGroup mGroup : groups) { - for (MSentryRole role : mGroup.getRoles()) { - LinkedList<String> rUpdate = retVal.get(role.getRoleName()); - if (rUpdate == null) { - rUpdate = new LinkedList<String>(); - retVal.put(role.getRoleName(), rUpdate); - } - rUpdate.add(mGroup.getGroupName()); + return (Map<String, LinkedList<String>>) tm.executeTransaction( + new TransactionBlock() { + public Object execute(PersistenceManager pm) throws Exception { + Map<String, LinkedList<String>> retVal = new HashMap<>(); + Query query = pm.newQuery(MSentryGroup.class); + List<MSentryGroup> groups = (List<MSentryGroup>) query.execute(); + for (MSentryGroup mGroup : groups) { + for (MSentryRole role : mGroup.getRoles()) { + LinkedList<String> rUpdate = retVal.get(role.getRoleName()); + if (rUpdate == null) { + rUpdate = new LinkedList<String>(); + retVal.put(role.getRoleName(), rUpdate); } + rUpdate.add(mGroup.getGroupName()); } - return retVal; } - }); - } catch (Exception e) { - LOGGER.error(e.getMessage(), e); - } - return result; + return retVal; + } + }); } /** @@ -2132,10 +2080,9 @@ public class SentryStore { // get mapping datas for [group,role], [user,role] with the specific roles @SuppressWarnings("unchecked") - public List<Map<String, Set<String>>> getGroupUserRoleMapList(final Set<String> roleNames) { + public List<Map<String, Set<String>>> getGroupUserRoleMapList(final Set<String> roleNames) throws Exception { List<Map<String, Set<String>>> result = new ArrayList<>(); - try { - result = (List<Map<String, Set<String>>>) tm.executeTransaction( + return (List<Map<String, Set<String>>>) tm.executeTransaction( new TransactionBlock() { public Object execute(PersistenceManager pm) throws Exception { Query query = pm.newQuery(MSentryRole.class); @@ -2157,10 +2104,6 @@ public class SentryStore { return mapsList; } }); - } catch (Exception e) { - LOGGER.error(e.getMessage(), e); - } - return result; } private Map<String, Set<String>> getGroupRolesMap(List<MSentryRole> mSentryRoles) { @@ -2262,19 +2205,13 @@ public class SentryStore { * @return Set of all role names, or an empty set if no roles are defined */ @SuppressWarnings("unchecked") - public Set<String> getAllRoleNames() { - Set<String> result = new HashSet<>(); - try { - return (Set<String>) tm.executeTransaction( - new TransactionBlock() { - public Object execute(PersistenceManager pm) throws Exception { - return getAllRoleNamesCore(pm); - } - }); - } catch (Exception e) { - LOGGER.error(e.getMessage(), e); - return new HashSet<>(); - } + public Set<String> getAllRoleNames() throws Exception { + return (Set<String>) tm.executeTransaction( + new TransactionBlock() { + public Object execute(PersistenceManager pm) throws Exception { + return getAllRoleNamesCore(pm); + } + }); } /** @@ -2350,79 +2287,55 @@ public class SentryStore { @VisibleForTesting @SuppressWarnings("unchecked") - protected Map<String, MSentryRole> getRolesMap() { - Map<String, MSentryRole> result = new HashMap<>(); - try { - result = (Map<String, MSentryRole>) tm.executeTransaction( - new TransactionBlock() { - public Object execute(PersistenceManager pm) throws Exception { - List<MSentryRole> mSentryRoles = getAllRoles(pm); - Map<String, MSentryRole> existRolesMap = Maps.newHashMap(); - if (mSentryRoles != null) { - // change the List<MSentryRole> -> Map<roleName, Set<MSentryRole>> - for (MSentryRole mSentryRole : mSentryRoles) { - existRolesMap.put(mSentryRole.getRoleName(), mSentryRole); - } + protected Map<String, MSentryRole> getRolesMap() throws Exception { + return (Map<String, MSentryRole>) tm.executeTransaction( + new TransactionBlock() { + public Object execute(PersistenceManager pm) throws Exception { + List<MSentryRole> mSentryRoles = getAllRoles(pm); + Map<String, MSentryRole> existRolesMap = Maps.newHashMap(); + if (mSentryRoles != null) { + // change the List<MSentryRole> -> Map<roleName, Set<MSentryRole>> + for (MSentryRole mSentryRole : mSentryRoles) { + existRolesMap.put(mSentryRole.getRoleName(), mSentryRole); } - - return existRolesMap; } - }); - } catch (Exception e) { - LOGGER.error(e.getMessage(), e); - } - return result; + + return existRolesMap; + } + }); } @VisibleForTesting @SuppressWarnings("unchecked") - protected Map<String, MSentryGroup> getGroupNameToGroupMap() { - Map<String, MSentryGroup>result = new HashMap<>(); - try { - result = (Map<String, MSentryGroup>) tm.executeTransaction( - new TransactionBlock() { - public Object execute(PersistenceManager pm) throws Exception { - return getGroupNameTGroupMap(pm); - } - }); - } catch (Exception e) { - LOGGER.error(e.getMessage(), e); - } - return result; + protected Map<String, MSentryGroup> getGroupNameToGroupMap() throws Exception { + return (Map<String, MSentryGroup>) tm.executeTransaction( + new TransactionBlock() { + public Object execute(PersistenceManager pm) throws Exception { + return getGroupNameTGroupMap(pm); + } + }); } @VisibleForTesting @SuppressWarnings("unchecked") - protected Map<String, MSentryUser> getUserNameToUserMap() { - Map<String, MSentryUser> result = new HashMap<>(); - try { - result = (Map<String, MSentryUser>) tm.executeTransaction( - new TransactionBlock() { - public Object execute(PersistenceManager pm) throws Exception { - return getUserNameToUserMap(pm); - } - }); - } catch (Exception e) { - LOGGER.error(e.getMessage(), e); - } - return result; + protected Map<String, MSentryUser> getUserNameToUserMap() throws Exception { + return (Map<String, MSentryUser>) tm.executeTransaction( + new TransactionBlock() { + public Object execute(PersistenceManager pm) throws Exception { + return getUserNameToUserMap(pm); + } + }); } @VisibleForTesting @SuppressWarnings("unchecked") - protected List<MSentryPrivilege> getPrivilegesList() { - List<MSentryPrivilege> result = new ArrayList<>(); - try { - result = (List<MSentryPrivilege>) tm.executeTransaction( - new TransactionBlock() { - public Object execute(PersistenceManager pm) throws Exception { - return getPrivilegesList(pm); - } - }); - } catch (Exception e) { - LOGGER.error(e.getMessage(), e); - } - return result; + protected List<MSentryPrivilege> getPrivilegesList() throws Exception { + return (List<MSentryPrivilege>) tm.executeTransaction( + new TransactionBlock() { + public Object execute(PersistenceManager pm) throws Exception { + return getPrivilegesList(pm); + } + }); } /**
