http://git-wip-us.apache.org/repos/asf/sentry/blob/e3d859a9/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/thrift/SentryPolicyServiceClientDefaultImpl.java ---------------------------------------------------------------------- diff --git a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/thrift/SentryPolicyServiceClientDefaultImpl.java b/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/thrift/SentryPolicyServiceClientDefaultImpl.java index 4284b53..b4c1a5f 100644 --- a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/thrift/SentryPolicyServiceClientDefaultImpl.java +++ b/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/thrift/SentryPolicyServiceClientDefaultImpl.java @@ -6,9 +6,9 @@ * to you under the Apache License, Version 2.0 (the * "License"); you may not use this file except in compliance * with the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * + * <p> + * http://www.apache.org/licenses/LICENSE-2.0 + * <p> * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. @@ -20,25 +20,14 @@ package org.apache.sentry.provider.db.service.thrift; import java.io.IOException; import java.net.InetSocketAddress; -import java.security.PrivilegedExceptionAction; -import java.util.ArrayList; -import java.util.Collections; import java.util.List; import java.util.Map; import java.util.Set; +import java.util.Collections; -import javax.security.auth.callback.CallbackHandler; -import javax.security.sasl.Sasl; - -import com.google.common.collect.ImmutableMap; -import com.google.common.net.HostAndPort; import org.apache.commons.lang.StringUtils; import org.apache.hadoop.conf.Configuration; -import org.apache.hadoop.net.NetUtils; -import org.apache.hadoop.security.SaslRpcServer; -import org.apache.hadoop.security.SecurityUtil; -import org.apache.hadoop.security.UserGroupInformation; -import org.apache.sentry.core.common.exception.MissingConfigurationException; + import org.apache.sentry.core.common.exception.SentryUserException; import org.apache.sentry.core.common.ActiveRoleSet; import org.apache.sentry.core.common.Authorizable; @@ -53,16 +42,11 @@ import org.apache.sentry.service.thrift.Status; import org.apache.thrift.TException; import org.apache.thrift.protocol.TBinaryProtocol; import org.apache.thrift.protocol.TMultiplexedProtocol; -import org.apache.thrift.transport.TSaslClientTransport; -import org.apache.thrift.transport.TSocket; -import org.apache.thrift.transport.TTransport; -import org.apache.thrift.transport.TTransportException; -import org.apache.sentry.core.common.transport.SentryPolicyClientTransportConfig; +import org.apache.sentry.core.common.transport.SentryServiceClientTransportDefaultImpl; import org.slf4j.Logger; import org.slf4j.LoggerFactory; import com.google.common.annotations.VisibleForTesting; -import com.google.common.base.Preconditions; import com.google.common.collect.ImmutableList; import com.google.common.collect.ImmutableSet; import com.google.common.collect.Lists; @@ -70,211 +54,58 @@ import com.google.common.collect.Maps; import com.google.common.collect.Sets; /* + Sentry Policy Service Client + + The public implementation of SentryPolicyServiceClient. A Sentry Client in which all the operations are synchronized for thread safety Note: When using this client, if there is an exception in RPC, socket can get into an inconsistent state. - So it is important to recreate the client, which uses a new socket. - */ -public class SentryPolicyServiceClientDefaultImpl implements SentryPolicyServiceClient { + So it is important to close and re-open the transport so that new socket is used. + + When an class is instantiated, there will be transport created connecting with first available + server this is configured. +*/ + +public class SentryPolicyServiceClientDefaultImpl extends SentryServiceClientTransportDefaultImpl implements SentryPolicyServiceClient { - private final Configuration conf; - private final boolean kerberos; - private String[] serverPrincipalParts; private SentryPolicyService.Client client; - private TTransport transport; - private int connectionTimeout; private static final Logger LOGGER = LoggerFactory - .getLogger(SentryPolicyServiceClient.class); + .getLogger(SentryPolicyServiceClient.class); private static final String THRIFT_EXCEPTION_MESSAGE = "Thrift exception occurred "; - // configs for connection retry - private int connectionFullRetryTotal; - private List<InetSocketAddress> endpoints; - final SentryPolicyClientTransportConfig transportConfig = new SentryPolicyClientTransportConfig(); - private static final ImmutableMap<String, String> SASL_PROPERTIES = - ImmutableMap.of(Sasl.SERVER_AUTH, "true", Sasl.QOP, "auth-conf"); - - /** - * This transport wraps the Sasl transports to set up the right UGI context for open(). - */ - public static class UgiSaslClientTransport extends TSaslClientTransport { - protected UserGroupInformation ugi = null; - - public UgiSaslClientTransport(String mechanism, String authorizationId, - String protocol, String serverName, Map<String, String> props, - CallbackHandler cbh, TTransport transport, boolean wrapUgi) - throws IOException { - super(mechanism, authorizationId, protocol, serverName, props, cbh, - transport); - if (wrapUgi) { - ugi = UserGroupInformation.getLoginUser(); - } - } - - // open the SASL transport with using the current UserGroupInformation - // This is needed to get the current login context stored - @Override - public synchronized void open() throws TTransportException { - if (ugi == null) { - baseOpen(); - } else { - try { - if (ugi.isFromKeytab()) { - ugi.checkTGTAndReloginFromKeytab(); - } - ugi.doAs(new PrivilegedExceptionAction<Void>() { - public Void run() throws TTransportException { - baseOpen(); - return null; - } - }); - } catch (IOException e) { - throw new TTransportException("Failed to open SASL transport", e); - } catch (InterruptedException e) { - throw new TTransportException( - "Interrupted while opening underlying transport", e); - } - } - } - - private void baseOpen() throws TTransportException { - super.open(); - } - } /** * Initialize the sentry configurations. */ public SentryPolicyServiceClientDefaultImpl(Configuration conf) - throws IOException { - this.conf = conf; - Preconditions.checkNotNull(this.conf, "Configuration object cannot be null"); - try { - String hostsAndPortsStr; - this.connectionTimeout = transportConfig.getServerRpcConnTimeoutInMs(conf); - this.connectionFullRetryTotal = transportConfig.getSentryFullRetryTotal(conf); - - this.kerberos = transportConfig.isKerberosEnabled(conf); - hostsAndPortsStr = transportConfig.getSentryServerRpcAddress(conf); - - int serverPort = transportConfig.getServerRpcPort(conf); - - String[] hostsAndPortsStrArr = hostsAndPortsStr.split(","); - HostAndPort[] hostsAndPorts = ThriftUtil.parseHostPortStrings(hostsAndPortsStrArr, serverPort); - this.endpoints = new ArrayList(hostsAndPortsStrArr.length); - for (int i = hostsAndPortsStrArr.length - 1; i >= 0; i--) { - this.endpoints.add( - new InetSocketAddress(hostsAndPorts[i].getHostText(), hostsAndPorts[i].getPort())); - LOGGER.debug("Added server endpoint: " + hostsAndPorts[i].toString()); - } - } catch (MissingConfigurationException e) { - throw new RuntimeException("Client Creation Failed: " + e.getMessage(), e); - } + throws IOException { + super(conf, sentryClientType.POLICY_CLIENT); } public SentryPolicyServiceClientDefaultImpl(String addr, int port, Configuration conf) throws IOException { - this.conf = conf; - Preconditions.checkNotNull(this.conf, "Configuration object cannot be null"); - try { - InetSocketAddress serverAddress = NetUtils.createSocketAddr(addr, port); - this.connectionTimeout = transportConfig.getServerRpcConnTimeoutInMs(conf); - this.kerberos = transportConfig.isKerberosEnabled(conf); - connect(serverAddress); - } catch (MissingConfigurationException e) { - throw new RuntimeException("Client Creation Failed: " + e.getMessage(), e); - } - + super(addr, port, conf, sentryClientType.POLICY_CLIENT); } /** - * This is a no-op when already connected. - * When there is a connection error, it will retry with another sentry server. It will - * first cycle through all the available sentry servers, and then retry the whole server - * list no more than connectionFullRetryTotal times. In this case, it won't introduce - * more latency when some server fails. Also to prevent all clients connecting to the - * same server, it will reorder the endpoints randomly after a full retry. - * <p> - * TODO: Have a small random sleep after a full retry to prevent all clients connecting to the same server. - * <p> - * TODO: Add metrics for the number of successful connects and errors per client, and total number of retries. - * @throws Exception if client fails to connect to all servers for a configured - * number of times - */ - public synchronized void connectWithRetry() throws Exception { - if (isConnected()) { - return; - } - Exception currentException = null; - // Here for each full connectWithRetry it will cycle through all available sentry - // servers. Before each full connectWithRetry, it will shuffle the server list. - for (int retryCount = 0; retryCount < connectionFullRetryTotal; retryCount++) { - // Reorder endpoints randomly to prevent all clients connecting to the same endpoint - // at the same time after a node failure. - Collections.shuffle(endpoints); - for (InetSocketAddress addr : endpoints) { - try { - connect(addr); - LOGGER.info(String.format("Connected to SentryServer: %s", addr.toString())); - return; - } catch (Exception e) { - LOGGER.debug(String.format("Failed connection to %s: %s", - addr.toString(), e.getMessage()), e); - currentException = e; - } - } - } - - // Throw exception as reaching the max full connectWithRetry number. - LOGGER.error( - String.format("Reach the max connection retry num %d ", connectionFullRetryTotal), - currentException); - throw currentException; - } - - /** - * Connect to the specified socket address and throw Exception if failed. + * Connect to the specified socket address and then use the new socket + * to construct new thrift client. + * + * @param serverAddress: socket address to which the client should connect. + * @throws IOException */ - private void connect(InetSocketAddress serverAddress) throws IOException { - transport = new TSocket(serverAddress.getHostName(), - serverAddress.getPort(), connectionTimeout); - try { - if (kerberos) { - String serverPrincipal = transportConfig.getSentryPrincipal(conf); - - // Resolve server host in the same way as we are doing on server side - serverPrincipal = - SecurityUtil.getServerPrincipal(serverPrincipal, serverAddress.getAddress()); - LOGGER.debug("Using server kerberos principal: " + serverPrincipal); - - serverPrincipalParts = SaslRpcServer.splitKerberosName(serverPrincipal); - Preconditions.checkArgument(serverPrincipalParts.length == 3, - "Kerberos principal should have 3 parts: " + serverPrincipal); - boolean wrapUgi = transportConfig.useUserGroupInformation(conf); - transport = new SentryPolicyServiceClientDefaultImpl.UgiSaslClientTransport( - SaslRpcServer.AuthMethod.KERBEROS.getMechanismName(), - null, serverPrincipalParts[0], serverPrincipalParts[1], - SASL_PROPERTIES, null, transport, wrapUgi); - } else { - serverPrincipalParts = null; - } - - transport.open(); - } catch (TTransportException e) { - throw new IOException("Transport exception while opening transport: " + e.getMessage(), e); - } - - LOGGER.debug("Successfully opened transport: " + transport + " to " + serverAddress); + public void connect(InetSocketAddress serverAddress) throws IOException { + super.connect(serverAddress); long maxMessageSize = conf.getLong( - ServiceConstants.ClientConfig.SENTRY_POLICY_CLIENT_THRIFT_MAX_MESSAGE_SIZE, - ServiceConstants.ClientConfig.SENTRY_POLICY_CLIENT_THRIFT_MAX_MESSAGE_SIZE_DEFAULT); + ServiceConstants.ClientConfig.SENTRY_POLICY_CLIENT_THRIFT_MAX_MESSAGE_SIZE, + ServiceConstants.ClientConfig.SENTRY_POLICY_CLIENT_THRIFT_MAX_MESSAGE_SIZE_DEFAULT); TMultiplexedProtocol protocol = new TMultiplexedProtocol( - new TBinaryProtocol(transport, maxMessageSize, maxMessageSize, true, true), - SentryPolicyStoreProcessor.SENTRY_POLICY_SERVICE_NAME); + new TBinaryProtocol(transport, maxMessageSize, maxMessageSize, true, true), + SentryPolicyStoreProcessor.SENTRY_POLICY_SERVICE_NAME); client = new SentryPolicyService.Client(protocol); LOGGER.debug("Successfully created client"); } public synchronized void createRole(String requestorUserName, String roleName) - throws SentryUserException { + throws SentryUserException { TCreateSentryRoleRequest request = new TCreateSentryRoleRequest(); request.setProtocol_version(ThriftConstants.TSENTRY_SERVICE_VERSION_CURRENT); request.setRequestorUserName(requestorUserName); @@ -288,20 +119,20 @@ public class SentryPolicyServiceClientDefaultImpl implements SentryPolicyService } public synchronized void dropRole(String requestorUserName, - String roleName) - throws SentryUserException { + String roleName) + throws SentryUserException { dropRole(requestorUserName, roleName, false); } public synchronized void dropRoleIfExists(String requestorUserName, - String roleName) - throws SentryUserException { + String roleName) + throws SentryUserException { dropRole(requestorUserName, roleName, true); } private synchronized void dropRole(String requestorUserName, - String roleName, boolean ifExists) - throws SentryUserException { + String roleName, boolean ifExists) + throws SentryUserException { TDropSentryRoleRequest request = new TDropSentryRoleRequest(); request.setProtocol_version(ThriftConstants.TSENTRY_SERVICE_VERSION_CURRENT); request.setRequestorUserName(requestorUserName); @@ -320,15 +151,16 @@ public class SentryPolicyServiceClientDefaultImpl implements SentryPolicyService /** * Gets sentry role objects for a given groupName using the Sentry service + * * @param requestorUserName : user on whose behalf the request is issued - * @param groupName : groupName to look up ( if null returns all roles for all groups) + * @param groupName : groupName to look up ( if null returns all roles for all groups) * @return Set of thrift sentry role objects * @throws SentryUserException */ public synchronized Set<TSentryRole> listRolesByGroupName( - String requestorUserName, - String groupName) - throws SentryUserException { + String requestorUserName, + String groupName) + throws SentryUserException { TListSentryRolesRequest request = new TListSentryRolesRequest(); request.setProtocol_version(ThriftConstants.TSENTRY_SERVICE_VERSION_CURRENT); request.setRequestorUserName(requestorUserName); @@ -350,15 +182,13 @@ public class SentryPolicyServiceClientDefaultImpl implements SentryPolicyService /** * Gets sentry role objects for a given userName using the Sentry service * - * @param requestorUserName - * : user on whose behalf the request is issued - * @param userName - * : userName to look up (can't be empty) + * @param requestorUserName : user on whose behalf the request is issued + * @param userName : userName to look up (can't be empty) * @return Set of thrift sentry role objects * @throws SentryUserException */ public Set<TSentryRole> listRolesByUserName(String requestorUserName, String userName) - throws SentryUserException { + throws SentryUserException { TListSentryRolesForUserRequest request = new TListSentryRolesForUserRequest(); request.setProtocol_version(ThriftConstants.TSENTRY_SERVICE_VERSION_CURRENT); request.setRequestorUserName(requestorUserName); @@ -374,22 +204,23 @@ public class SentryPolicyServiceClientDefaultImpl implements SentryPolicyService } public synchronized Set<TSentryPrivilege> listAllPrivilegesByRoleName(String requestorUserName, - String roleName) - throws SentryUserException { + String roleName) + throws SentryUserException { return listPrivilegesByRoleName(requestorUserName, roleName, null); } /** * Gets sentry privilege objects for a given roleName using the Sentry service + * * @param requestorUserName : user on whose behalf the request is issued - * @param roleName : roleName to look up - * @param authorizable : authorizable Hierarchy (server->db->table etc) + * @param roleName : roleName to look up + * @param authorizable : authorizable Hierarchy (server->db->table etc) * @return Set of thrift sentry privilege objects * @throws SentryUserException */ public synchronized Set<TSentryPrivilege> listPrivilegesByRoleName(String requestorUserName, - String roleName, List<? extends Authorizable> authorizable) - throws SentryUserException { + String roleName, List<? extends Authorizable> authorizable) + throws SentryUserException { TListSentryPrivilegesRequest request = new TListSentryPrivilegesRequest(); request.setProtocol_version(ThriftConstants.TSENTRY_SERVICE_VERSION_CURRENT); request.setRequestorUserName(requestorUserName); @@ -409,12 +240,12 @@ public class SentryPolicyServiceClientDefaultImpl implements SentryPolicyService } public synchronized Set<TSentryRole> listRoles(String requestorUserName) - throws SentryUserException { + throws SentryUserException { return listRolesByGroupName(requestorUserName, null); } public synchronized Set<TSentryRole> listUserRoles(String requestorUserName) - throws SentryUserException { + throws SentryUserException { Set<TSentryRole> tSentryRoles = Sets.newHashSet(); tSentryRoles.addAll(listRolesByGroupName(requestorUserName, AccessConstants.ALL)); tSentryRoles.addAll(listRolesByUserName(requestorUserName, requestorUserName)); @@ -422,22 +253,22 @@ public class SentryPolicyServiceClientDefaultImpl implements SentryPolicyService } public synchronized TSentryPrivilege grantURIPrivilege(String requestorUserName, - String roleName, String server, String uri) - throws SentryUserException { + String roleName, String server, String uri) + throws SentryUserException { return grantPrivilege(requestorUserName, roleName, - PrivilegeScope.URI, server, uri, null, null, null, AccessConstants.ALL); + PrivilegeScope.URI, server, uri, null, null, null, AccessConstants.ALL); } public synchronized TSentryPrivilege grantURIPrivilege(String requestorUserName, - String roleName, String server, String uri, Boolean grantOption) - throws SentryUserException { + String roleName, String server, String uri, Boolean grantOption) + throws SentryUserException { return grantPrivilege(requestorUserName, roleName, - PrivilegeScope.URI, server, uri, null, null, null, AccessConstants.ALL, grantOption); + PrivilegeScope.URI, server, uri, null, null, null, AccessConstants.ALL, grantOption); } public synchronized void grantServerPrivilege(String requestorUserName, - String roleName, String server, String action) - throws SentryUserException { + String roleName, String server, String action) + throws SentryUserException { // "ALL" and "*" should be synonyms for action and need to be unified with grantServerPrivilege without // action explicitly specified. @@ -446,7 +277,7 @@ public class SentryPolicyServiceClientDefaultImpl implements SentryPolicyService } grantPrivilege(requestorUserName, roleName, - PrivilegeScope.SERVER, server, null, null, null, null, action); + PrivilegeScope.SERVER, server, null, null, null, null, action); } @Deprecated @@ -455,14 +286,14 @@ public class SentryPolicyServiceClientDefaultImpl implements SentryPolicyService * String roleName, String server, String action, Boolean grantOption) */ public synchronized TSentryPrivilege grantServerPrivilege(String requestorUserName, - String roleName, String server, Boolean grantOption) throws SentryUserException { + String roleName, String server, Boolean grantOption) throws SentryUserException { return grantServerPrivilege(requestorUserName, roleName, server, - AccessConstants.ALL, grantOption); + AccessConstants.ALL, grantOption); } public synchronized TSentryPrivilege grantServerPrivilege(String requestorUserName, - String roleName, String server, String action, Boolean grantOption) - throws SentryUserException { + String roleName, String server, String action, Boolean grantOption) + throws SentryUserException { // "ALL" and "*" should be synonyms for action and need to be unified with grantServerPrivilege without // action explicitly specified. @@ -471,72 +302,72 @@ public class SentryPolicyServiceClientDefaultImpl implements SentryPolicyService } return grantPrivilege(requestorUserName, roleName, - PrivilegeScope.SERVER, server, null, null, null, null, action, grantOption); + PrivilegeScope.SERVER, server, null, null, null, null, action, grantOption); } public synchronized TSentryPrivilege grantDatabasePrivilege(String requestorUserName, - String roleName, String server, String db, String action) - throws SentryUserException { + String roleName, String server, String db, String action) + throws SentryUserException { return grantPrivilege(requestorUserName, roleName, - PrivilegeScope.DATABASE, server, null, db, null, null, action); + PrivilegeScope.DATABASE, server, null, db, null, null, action); } public synchronized TSentryPrivilege grantDatabasePrivilege(String requestorUserName, - String roleName, String server, String db, String action, Boolean grantOption) - throws SentryUserException { + String roleName, String server, String db, String action, Boolean grantOption) + throws SentryUserException { return grantPrivilege(requestorUserName, roleName, - PrivilegeScope.DATABASE, server, null, db, null, null, action, grantOption); + PrivilegeScope.DATABASE, server, null, db, null, null, action, grantOption); } public synchronized TSentryPrivilege grantTablePrivilege(String requestorUserName, - String roleName, String server, String db, String table, String action) - throws SentryUserException { + String roleName, String server, String db, String table, String action) + throws SentryUserException { return grantPrivilege(requestorUserName, roleName, PrivilegeScope.TABLE, server, - null, - db, table, null, action); + null, + db, table, null, action); } public synchronized TSentryPrivilege grantTablePrivilege(String requestorUserName, - String roleName, String server, String db, String table, String action, Boolean grantOption) - throws SentryUserException { + String roleName, String server, String db, String table, String action, Boolean grantOption) + throws SentryUserException { return grantPrivilege(requestorUserName, roleName, PrivilegeScope.TABLE, server, - null, db, table, null, action, grantOption); + null, db, table, null, action, grantOption); } public synchronized TSentryPrivilege grantColumnPrivilege(String requestorUserName, - String roleName, String server, String db, String table, String columnName, String action) - throws SentryUserException { + String roleName, String server, String db, String table, String columnName, String action) + throws SentryUserException { return grantPrivilege(requestorUserName, roleName, PrivilegeScope.COLUMN, server, - null, - db, table, columnName, action); + null, + db, table, columnName, action); } public synchronized TSentryPrivilege grantColumnPrivilege(String requestorUserName, - String roleName, String server, String db, String table, String columnName, String action, Boolean grantOption) - throws SentryUserException { + String roleName, String server, String db, String table, String columnName, String action, Boolean grantOption) + throws SentryUserException { return grantPrivilege(requestorUserName, roleName, PrivilegeScope.COLUMN, server, - null, db, table, columnName, action, grantOption); + null, db, table, columnName, action, grantOption); } public synchronized Set<TSentryPrivilege> grantColumnsPrivileges(String requestorUserName, - String roleName, String server, String db, String table, List<String> columnNames, String action) - throws SentryUserException { + String roleName, String server, String db, String table, List<String> columnNames, String action) + throws SentryUserException { return grantPrivileges(requestorUserName, roleName, PrivilegeScope.COLUMN, server, null, db, table, columnNames, action); } public synchronized Set<TSentryPrivilege> grantColumnsPrivileges(String requestorUserName, - String roleName, String server, String db, String table, List<String> columnNames, String action, Boolean grantOption) - throws SentryUserException { + String roleName, String server, String db, String table, List<String> columnNames, String action, Boolean grantOption) + throws SentryUserException { return grantPrivileges(requestorUserName, roleName, PrivilegeScope.COLUMN, - server, - null, db, table, columnNames, action, grantOption); + server, + null, db, table, columnNames, action, grantOption); } public synchronized Set<TSentryPrivilege> grantPrivileges( - String requestorUserName, String roleName, - Set<TSentryPrivilege> privileges) throws SentryUserException { + String requestorUserName, String roleName, + Set<TSentryPrivilege> privileges) throws SentryUserException { return grantPrivilegesCore(requestorUserName, roleName, privileges); } @@ -548,7 +379,7 @@ public class SentryPolicyServiceClientDefaultImpl implements SentryPolicyService private TSentryPrivilege grantPrivilegeCore(String requestorUserName, String roleName, TSentryPrivilege privilege) throws SentryUserException { Set<TSentryPrivilege> results = - grantPrivilegesCore(requestorUserName, roleName, ImmutableSet.of(privilege)); + grantPrivilegesCore(requestorUserName, roleName, ImmutableSet.of(privilege)); if (results != null && results.size() > 0) { return results.iterator().next(); } else { @@ -565,7 +396,7 @@ public class SentryPolicyServiceClientDefaultImpl implements SentryPolicyService request.setPrivileges(privileges); try { TAlterSentryRoleGrantPrivilegeResponse response = - client.alter_sentry_role_grant_privilege(request); + client.alter_sentry_role_grant_privilege(request); Status.throwIfNotOk(response.getStatus()); return response.getPrivileges(); } catch (TException e) { @@ -575,24 +406,24 @@ public class SentryPolicyServiceClientDefaultImpl implements SentryPolicyService @VisibleForTesting public static TSentryAuthorizable setupSentryAuthorizable( - List<? extends Authorizable> authorizable) { + List<? extends Authorizable> authorizable) { TSentryAuthorizable tSentryAuthorizable = new TSentryAuthorizable(); for (Authorizable authzble : authorizable) { if (authzble.getTypeName().equalsIgnoreCase( - DBModelAuthorizable.AuthorizableType.Server.toString())) { + DBModelAuthorizable.AuthorizableType.Server.toString())) { tSentryAuthorizable.setServer(authzble.getName()); } else if (authzble.getTypeName().equalsIgnoreCase( - DBModelAuthorizable.AuthorizableType.URI.toString())) { + DBModelAuthorizable.AuthorizableType.URI.toString())) { tSentryAuthorizable.setUri(authzble.getName()); } else if (authzble.getTypeName().equalsIgnoreCase( - DBModelAuthorizable.AuthorizableType.Db.toString())) { + DBModelAuthorizable.AuthorizableType.Db.toString())) { tSentryAuthorizable.setDb(authzble.getName()); } else if (authzble.getTypeName().equalsIgnoreCase( - DBModelAuthorizable.AuthorizableType.Table.toString())) { + DBModelAuthorizable.AuthorizableType.Table.toString())) { tSentryAuthorizable.setTable(authzble.getName()); } else if (authzble.getTypeName().equalsIgnoreCase( - DBModelAuthorizable.AuthorizableType.Column.toString())) { + DBModelAuthorizable.AuthorizableType.Column.toString())) { tSentryAuthorizable.setColumn(authzble.getName()); } } @@ -600,44 +431,46 @@ public class SentryPolicyServiceClientDefaultImpl implements SentryPolicyService } private TSentryPrivilege grantPrivilege(String requestorUserName, - String roleName, - PrivilegeScope scope, String serverName, String uri, String db, - String table, String column, String action) throws SentryUserException { + String roleName, + PrivilegeScope scope, String serverName, String uri, String db, + String table, String column, String action) throws SentryUserException { return grantPrivilege(requestorUserName, roleName, scope, serverName, uri, - db, table, column, action, false); + db, table, column, action, false); } private TSentryPrivilege grantPrivilege(String requestorUserName, - String roleName, PrivilegeScope scope, String serverName, String uri, String db, String table, - String column, String action, Boolean grantOption) - throws SentryUserException { + + String roleName, PrivilegeScope scope, String serverName, String uri, String db, String table, + String column, String action, Boolean grantOption) + throws SentryUserException { TSentryPrivilege privilege = - convertToTSentryPrivilege(scope, serverName, uri, db, table, column, action, grantOption); + convertToTSentryPrivilege(scope, serverName, uri, db, table, column, action, grantOption); return grantPrivilegeCore(requestorUserName, roleName, privilege); } private Set<TSentryPrivilege> grantPrivileges(String requestorUserName, - String roleName, - PrivilegeScope scope, String serverName, String uri, String db, - String table, List<String> columns, String action) throws SentryUserException { + String roleName, + PrivilegeScope scope, String serverName, String uri, String db, + String table, List<String> columns, String action) throws SentryUserException { return grantPrivileges(requestorUserName, roleName, scope, serverName, uri, - db, table, columns, action, false); + db, table, columns, action, false); } private Set<TSentryPrivilege> grantPrivileges(String requestorUserName, - String roleName, PrivilegeScope scope, String serverName, String uri, String db, String table, - List<String> columns, String action, Boolean grantOption) - throws SentryUserException { + String roleName, PrivilegeScope scope, String serverName, String uri, String db, String + table, + List<String> columns, String action, Boolean grantOption) + throws SentryUserException { Set<TSentryPrivilege> privileges = convertColumnPrivileges(scope, - serverName, uri, db, table, columns, action, grantOption); + serverName, uri, db, table, columns, action, grantOption); return grantPrivilegesCore(requestorUserName, roleName, privileges); } - public synchronized void revokePrivileges(String requestorUserName, String roleName, Set<TSentryPrivilege> privileges) throws SentryUserException { + public synchronized void revokePrivileges(String requestorUserName, String roleName, Set<TSentryPrivilege> privileges) throws SentryUserException { this.revokePrivilegesCore(requestorUserName, roleName, privileges); } - public synchronized void revokePrivilege(String requestorUserName, String roleName, TSentryPrivilege privilege) throws SentryUserException { + public synchronized void revokePrivilege(String requestorUserName, String roleName, TSentryPrivilege privilege) throws SentryUserException { this.revokePrivilegeCore(requestorUserName, roleName, privilege); } @@ -654,7 +487,7 @@ public class SentryPolicyServiceClientDefaultImpl implements SentryPolicyService request.setPrivileges(privileges); try { TAlterSentryRoleRevokePrivilegeResponse response = client.alter_sentry_role_revoke_privilege( - request); + request); Status.throwIfNotOk(response.getStatus()); } catch (TException e) { throw new SentryUserException(THRIFT_EXCEPTION_MESSAGE, e); @@ -662,22 +495,22 @@ public class SentryPolicyServiceClientDefaultImpl implements SentryPolicyService } public synchronized void revokeURIPrivilege(String requestorUserName, - String roleName, String server, String uri) - throws SentryUserException { + String roleName, String server, String uri) + throws SentryUserException { revokePrivilege(requestorUserName, roleName, - PrivilegeScope.URI, server, uri, null, null, null, AccessConstants.ALL); + PrivilegeScope.URI, server, uri, null, null, null, AccessConstants.ALL); } public synchronized void revokeURIPrivilege(String requestorUserName, - String roleName, String server, String uri, Boolean grantOption) - throws SentryUserException { + String roleName, String server, String uri, Boolean grantOption) + throws SentryUserException { revokePrivilege(requestorUserName, roleName, - PrivilegeScope.URI, server, uri, null, null, null, AccessConstants.ALL, grantOption); + PrivilegeScope.URI, server, uri, null, null, null, AccessConstants.ALL, grantOption); } public synchronized void revokeServerPrivilege(String requestorUserName, - String roleName, String server, String action) - throws SentryUserException { + String roleName, String server, String action) + throws SentryUserException { // "ALL" and "*" should be synonyms for action and need to be unified with revokeServerPrivilege without // action explicitly specified. @@ -686,12 +519,12 @@ public class SentryPolicyServiceClientDefaultImpl implements SentryPolicyService } revokePrivilege(requestorUserName, roleName, - PrivilegeScope.SERVER, server, null, null, null, null, action); + PrivilegeScope.SERVER, server, null, null, null, null, action); } public synchronized void revokeServerPrivilege(String requestorUserName, - String roleName, String server, String action, Boolean grantOption) - throws SentryUserException { + String roleName, String server, String action, Boolean grantOption) + throws SentryUserException { // "ALL" and "*" should be synonyms for action and need to be unified with revokeServerPrivilege without // action explicitly specified. @@ -700,7 +533,7 @@ public class SentryPolicyServiceClientDefaultImpl implements SentryPolicyService } revokePrivilege(requestorUserName, roleName, - PrivilegeScope.SERVER, server, null, null, null, null, action, grantOption); + PrivilegeScope.SERVER, server, null, null, null, null, action, grantOption); } @Deprecated @@ -709,97 +542,98 @@ public class SentryPolicyServiceClientDefaultImpl implements SentryPolicyService * String roleName, String server, String action, Boolean grantOption) */ public synchronized void revokeServerPrivilege(String requestorUserName, - String roleName, String server, boolean grantOption) - throws SentryUserException { + String roleName, String server, boolean grantOption) + throws SentryUserException { revokePrivilege(requestorUserName, roleName, - PrivilegeScope.SERVER, server, null, null, null, null, AccessConstants.ALL, grantOption); + PrivilegeScope.SERVER, server, null, null, null, null, AccessConstants.ALL, grantOption); } public synchronized void revokeDatabasePrivilege(String requestorUserName, - String roleName, String server, String db, String action) - throws SentryUserException { + String roleName, String server, String db, String action) + throws SentryUserException { revokePrivilege(requestorUserName, roleName, - PrivilegeScope.DATABASE, server, null, db, null, null, action); + PrivilegeScope.DATABASE, server, null, db, null, null, action); } public synchronized void revokeDatabasePrivilege(String requestorUserName, - String roleName, String server, String db, String action, Boolean grantOption) - throws SentryUserException { + String roleName, String server, String db, String action, Boolean grantOption) + throws SentryUserException { revokePrivilege(requestorUserName, roleName, - PrivilegeScope.DATABASE, server, null, db, null, null, action, grantOption); + PrivilegeScope.DATABASE, server, null, db, null, null, action, grantOption); } public synchronized void revokeTablePrivilege(String requestorUserName, - String roleName, String server, String db, String table, String action) - throws SentryUserException { + String roleName, String server, String db, String table, String action) + throws SentryUserException { revokePrivilege(requestorUserName, roleName, - PrivilegeScope.TABLE, server, null, - db, table, null, action); + PrivilegeScope.TABLE, server, null, + db, table, null, action); } public synchronized void revokeTablePrivilege(String requestorUserName, - String roleName, String server, String db, String table, String action, Boolean grantOption) - throws SentryUserException { + String roleName, String server, String db, String table, String action, Boolean grantOption) + throws SentryUserException { revokePrivilege(requestorUserName, roleName, - PrivilegeScope.TABLE, server, null, - db, table, null, action, grantOption); + PrivilegeScope.TABLE, server, null, + db, table, null, action, grantOption); } public synchronized void revokeColumnPrivilege(String requestorUserName, String roleName, - String server, String db, String table, String columnName, String action) - throws SentryUserException { + String server, String db, String table, String columnName, String action) + throws SentryUserException { ImmutableList.Builder<String> listBuilder = ImmutableList.builder(); listBuilder.add(columnName); revokePrivilege(requestorUserName, roleName, - PrivilegeScope.COLUMN, server, null, - db, table, listBuilder.build(), action); + PrivilegeScope.COLUMN, server, null, + db, table, listBuilder.build(), action); } public synchronized void revokeColumnPrivilege(String requestorUserName, String roleName, - String server, String db, String table, String columnName, String action, Boolean grantOption) - throws SentryUserException { + String server, String db, String table, String columnName, String action, Boolean grantOption) + throws SentryUserException { ImmutableList.Builder<String> listBuilder = ImmutableList.builder(); listBuilder.add(columnName); revokePrivilege(requestorUserName, roleName, - PrivilegeScope.COLUMN, server, null, - db, table, listBuilder.build(), action, grantOption); + PrivilegeScope.COLUMN, server, null, + db, table, listBuilder.build(), action, grantOption); } public synchronized void revokeColumnsPrivilege(String requestorUserName, String roleName, - String server, String db, String table, List<String> columns, String action) - throws SentryUserException { + String server, String db, String table, List<String> columns, String action) + throws SentryUserException { revokePrivilege(requestorUserName, roleName, - PrivilegeScope.COLUMN, server, null, - db, table, columns, action); + PrivilegeScope.COLUMN, server, null, + db, table, columns, action); } public synchronized void revokeColumnsPrivilege(String requestorUserName, String roleName, - String server, String db, String table, List<String> columns, String action, Boolean grantOption) - throws SentryUserException { + String server, String db, String table, List<String> columns, String action, Boolean grantOption) + throws SentryUserException { revokePrivilege(requestorUserName, roleName, - PrivilegeScope.COLUMN, server, null, - db, table, columns, action, grantOption); + PrivilegeScope.COLUMN, server, null, + db, table, columns, action, grantOption); } private void revokePrivilege(String requestorUserName, - String roleName, PrivilegeScope scope, String serverName, String uri, - String db, String table, List<String> columns, String action) - throws SentryUserException { + String roleName, PrivilegeScope scope, String serverName, String uri, + String db, String table, List<String> columns, String action) + throws SentryUserException { this.revokePrivilege(requestorUserName, roleName, scope, serverName, uri, db, table, columns, action, false); } private void revokePrivilege(String requestorUserName, String roleName, - PrivilegeScope scope, String serverName, String uri, String db, String table, List<String> columns, - String action, Boolean grantOption) - throws SentryUserException { + PrivilegeScope scope, String serverName, String uri, String db, String table, List<String> columns, + String action, Boolean grantOption) + throws SentryUserException { Set<TSentryPrivilege> privileges = convertColumnPrivileges(scope, - serverName, uri, db, table, columns, action, grantOption); + serverName, uri, db, table, columns, action, grantOption); this.revokePrivilegesCore(requestorUserName, roleName, privileges); } private Set<TSentryPrivilege> convertColumnPrivileges( - PrivilegeScope scope, String serverName, String uri, String db, String table, List<String> columns, - String action, Boolean grantOption) { + PrivilegeScope scope, String serverName, String uri, String db, String + table, List<String> columns, + String action, Boolean grantOption) { ImmutableSet.Builder<TSentryPrivilege> setBuilder = ImmutableSet.builder(); if (columns == null || columns.isEmpty()) { TSentryPrivilege privilege = new TSentryPrivilege(); @@ -832,8 +666,9 @@ public class SentryPolicyServiceClientDefaultImpl implements SentryPolicyService } private TSentryPrivilege convertToTSentryPrivilege( - PrivilegeScope scope, String serverName, String uri, String db, String table, String column, - String action, Boolean grantOption) { + PrivilegeScope scope, String serverName, String uri, String db, String table, String + column, + String action, Boolean grantOption) { TSentryPrivilege privilege = new TSentryPrivilege(); privilege.setPrivilegeScope(scope.toString()); privilege.setServerName(serverName); @@ -858,15 +693,16 @@ public class SentryPolicyServiceClientDefaultImpl implements SentryPolicyService return TSentryGrantOption.FALSE; } - public synchronized Set<String> listPrivilegesForProvider(Set<String> groups, Set<String> users, - ActiveRoleSet roleSet, Authorizable... authorizable) throws SentryUserException { + public synchronized Set<String> listPrivilegesForProvider + (Set<String> groups, Set<String> users, + ActiveRoleSet roleSet, Authorizable... authorizable) throws SentryUserException { TSentryActiveRoleSet thriftRoleSet = new TSentryActiveRoleSet(roleSet.isAll(), roleSet.getRoles()); TListSentryPrivilegesForProviderRequest request = - new TListSentryPrivilegesForProviderRequest(ThriftConstants. - TSENTRY_SERVICE_VERSION_CURRENT, groups, thriftRoleSet); + new TListSentryPrivilegesForProviderRequest(ThriftConstants. + TSENTRY_SERVICE_VERSION_CURRENT, groups, thriftRoleSet); if (authorizable != null && authorizable.length > 0) { TSentryAuthorizable tSentryAuthorizable = setupSentryAuthorizable(Lists - .newArrayList(authorizable)); + .newArrayList(authorizable)); request.setAuthorizableHierarchy(tSentryAuthorizable); } if (users != null) { @@ -883,25 +719,25 @@ public class SentryPolicyServiceClientDefaultImpl implements SentryPolicyService @Override public synchronized void grantRoleToGroup(String requestorUserName, - String groupName, String roleName) - throws SentryUserException { + String groupName, String roleName) + throws SentryUserException { grantRoleToGroups(requestorUserName, roleName, Sets.newHashSet(groupName)); } @Override public synchronized void revokeRoleFromGroup(String requestorUserName, - String groupName, String roleName) - throws SentryUserException { + String groupName, String roleName) + throws SentryUserException { revokeRoleFromGroups(requestorUserName, roleName, Sets.newHashSet(groupName)); } @Override public synchronized void grantRoleToGroups(String requestorUserName, - String roleName, Set<String> groups) - throws SentryUserException { + String roleName, Set<String> groups) + throws SentryUserException { TAlterSentryRoleAddGroupsRequest request = new TAlterSentryRoleAddGroupsRequest( - ThriftConstants.TSENTRY_SERVICE_VERSION_CURRENT, requestorUserName, - roleName, convert2TGroups(groups)); + ThriftConstants.TSENTRY_SERVICE_VERSION_CURRENT, requestorUserName, + roleName, convert2TGroups(groups)); try { TAlterSentryRoleAddGroupsResponse response = client.alter_sentry_role_add_groups(request); Status.throwIfNotOk(response.getStatus()); @@ -912,11 +748,11 @@ public class SentryPolicyServiceClientDefaultImpl implements SentryPolicyService @Override public synchronized void revokeRoleFromGroups(String requestorUserName, - String roleName, Set<String> groups) - throws SentryUserException { + String roleName, Set<String> groups) + throws SentryUserException { TAlterSentryRoleDeleteGroupsRequest request = new TAlterSentryRoleDeleteGroupsRequest( - ThriftConstants.TSENTRY_SERVICE_VERSION_CURRENT, requestorUserName, - roleName, convert2TGroups(groups)); + ThriftConstants.TSENTRY_SERVICE_VERSION_CURRENT, requestorUserName, + roleName, convert2TGroups(groups)); try { TAlterSentryRoleDeleteGroupsResponse response = client.alter_sentry_role_delete_groups(request); Status.throwIfNotOk(response.getStatus()); @@ -927,21 +763,21 @@ public class SentryPolicyServiceClientDefaultImpl implements SentryPolicyService @Override public synchronized void grantRoleToUser(String requestorUserName, String userName, - String roleName) throws SentryUserException { + String roleName) throws SentryUserException { grantRoleToUsers(requestorUserName, roleName, Sets.newHashSet(userName)); } @Override public synchronized void revokeRoleFromUser(String requestorUserName, String userName, - String roleName) throws SentryUserException { + String roleName) throws SentryUserException { revokeRoleFromUsers(requestorUserName, roleName, Sets.newHashSet(userName)); } @Override public synchronized void grantRoleToUsers(String requestorUserName, String roleName, - Set<String> users) throws SentryUserException { + Set<String> users) throws SentryUserException { TAlterSentryRoleAddUsersRequest request = new TAlterSentryRoleAddUsersRequest( - ThriftConstants.TSENTRY_SERVICE_VERSION_CURRENT, requestorUserName, roleName, users); + ThriftConstants.TSENTRY_SERVICE_VERSION_CURRENT, requestorUserName, roleName, users); try { TAlterSentryRoleAddUsersResponse response = client.alter_sentry_role_add_users(request); Status.throwIfNotOk(response.getStatus()); @@ -952,9 +788,9 @@ public class SentryPolicyServiceClientDefaultImpl implements SentryPolicyService @Override public synchronized void revokeRoleFromUsers(String requestorUserName, String roleName, - Set<String> users) throws SentryUserException { + Set<String> users) throws SentryUserException { TAlterSentryRoleDeleteUsersRequest request = new TAlterSentryRoleDeleteUsersRequest( - ThriftConstants.TSENTRY_SERVICE_VERSION_CURRENT, requestorUserName, roleName, users); + ThriftConstants.TSENTRY_SERVICE_VERSION_CURRENT, requestorUserName, roleName, users); try { TAlterSentryRoleDeleteUsersResponse response = client.alter_sentry_role_delete_users(request); Status.throwIfNotOk(response.getStatus()); @@ -974,13 +810,13 @@ public class SentryPolicyServiceClientDefaultImpl implements SentryPolicyService } public synchronized void dropPrivileges(String requestorUserName, - List<? extends Authorizable> authorizableObjects) - throws SentryUserException { + List<? extends Authorizable> authorizableObjects) + throws SentryUserException { TSentryAuthorizable tSentryAuthorizable = setupSentryAuthorizable(authorizableObjects); TDropPrivilegesRequest request = new TDropPrivilegesRequest( - ThriftConstants.TSENTRY_SERVICE_VERSION_CURRENT, requestorUserName, - tSentryAuthorizable); + ThriftConstants.TSENTRY_SERVICE_VERSION_CURRENT, requestorUserName, + tSentryAuthorizable); try { TDropPrivilegesResponse response = client.drop_sentry_privilege(request); Status.throwIfNotOk(response.getStatus()); @@ -990,35 +826,36 @@ public class SentryPolicyServiceClientDefaultImpl implements SentryPolicyService } public synchronized void renamePrivileges(String requestorUserName, - List<? extends Authorizable> oldAuthorizables, - List<? extends Authorizable> newAuthorizables) throws SentryUserException { + List<? extends Authorizable> oldAuthorizables, + List<? extends Authorizable> newAuthorizables) throws SentryUserException { TSentryAuthorizable tOldSentryAuthorizable = setupSentryAuthorizable(oldAuthorizables); TSentryAuthorizable tNewSentryAuthorizable = setupSentryAuthorizable(newAuthorizables); TRenamePrivilegesRequest request = new TRenamePrivilegesRequest( - ThriftConstants.TSENTRY_SERVICE_VERSION_CURRENT, requestorUserName, - tOldSentryAuthorizable, tNewSentryAuthorizable); + ThriftConstants.TSENTRY_SERVICE_VERSION_CURRENT, requestorUserName, + tOldSentryAuthorizable, tNewSentryAuthorizable); try { TRenamePrivilegesResponse response = client - .rename_sentry_privilege(request); + .rename_sentry_privilege(request); Status.throwIfNotOk(response.getStatus()); } catch (TException e) { throw new SentryUserException(THRIFT_EXCEPTION_MESSAGE, e); } } - public synchronized Map<TSentryAuthorizable, TSentryPrivilegeMap> listPrivilegsbyAuthorizable( - String requestorUserName, - Set<List<? extends Authorizable>> authorizables, Set<String> groups, - ActiveRoleSet roleSet) throws SentryUserException { + public synchronized Map<TSentryAuthorizable, TSentryPrivilegeMap> listPrivilegsbyAuthorizable + ( + String requestorUserName, + Set<List<? extends Authorizable>> authorizables, Set<String> groups, + ActiveRoleSet roleSet) throws SentryUserException { Set<TSentryAuthorizable> authSet = Sets.newTreeSet(); for (List<? extends Authorizable> authorizableHierarchy : authorizables) { authSet.add(setupSentryAuthorizable(authorizableHierarchy)); } TListSentryPrivilegesByAuthRequest request = new TListSentryPrivilegesByAuthRequest( - ThriftConstants.TSENTRY_SERVICE_VERSION_CURRENT, requestorUserName, - authSet); + ThriftConstants.TSENTRY_SERVICE_VERSION_CURRENT, requestorUserName, + authSet); if (groups != null) { request.setGroups(groups); } @@ -1028,7 +865,7 @@ public class SentryPolicyServiceClientDefaultImpl implements SentryPolicyService try { TListSentryPrivilegesByAuthResponse response = client - .list_sentry_privileges_by_authorizable(request); + .list_sentry_privileges_by_authorizable(request); Status.throwIfNotOk(response.getStatus()); return response.getPrivilegesMapByAuth(); } catch (TException e) { @@ -1041,6 +878,7 @@ public class SentryPolicyServiceClientDefaultImpl implements SentryPolicyService * propertyName, or if propertyName does not exist, the defaultValue. * There is no "requestorUserName" because this is regarded as an * internal interface. + * * @param propertyName Config attribute to search for * @param defaultValue String to return if not found * @return The value of the propertyName @@ -1062,44 +900,33 @@ public class SentryPolicyServiceClientDefaultImpl implements SentryPolicyService } } - public synchronized void close() { - if (isConnected()) { - transport.close(); - } - } - - private boolean isConnected() { - return transport != null && transport.isOpen(); - } - /** * Import the sentry mapping data, convert the mapping data from map structure to * TSentryMappingData, and call the import API. - * - * @param policyFileMappingData - * Include 2 maps to save the mapping data, the following is the example of the data - * structure: - * for the following mapping data: - * group1=role1,role2 - * group2=role2,role3 - * role1=server=server1->db=db1 - * role2=server=server1->db=db1->table=tbl1,server=server1->db=db1->table=tbl2 - * role3=server=server1->url=hdfs://localhost/path - * - * The policyFileMappingData will be inputed as: - * { - * groups={[group1={role1, role2}], group2=[role2, role3]}, - * roles={role1=[server=server1->db=db1], - * role2=[server=server1->db=db1->table=tbl1,server=server1->db=db1->table=tbl2], - * role3=[server=server1->url=hdfs://localhost/path] - * } - * } - * @param requestorUserName - * The name of the request user + * + * @param policyFileMappingData Include 2 maps to save the mapping data, the following is the example of the data + * structure: + * for the following mapping data: + * group1=role1,role2 + * group2=role2,role3 + * role1=server=server1->db=db1 + * role2=server=server1->db=db1->table=tbl1,server=server1->db=db1->table=tbl2 + * role3=server=server1->url=hdfs://localhost/path + * <p> + * The policyFileMappingData will be inputed as: + * { + * groups={[group1={role1, role2}], group2=[role2, role3]}, + * roles={role1=[server=server1->db=db1], + * role2=[server=server1->db=db1->table=tbl1,server=server1->db=db1->table=tbl2], + * role3=[server=server1->url=hdfs://localhost/path] + * } + * } + * @param requestorUserName The name of the request user */ - public synchronized void importPolicy(Map<String, Map<String, Set<String>>> policyFileMappingData, - String requestorUserName, boolean isOverwriteRole) - throws SentryUserException { + public synchronized void importPolicy + (Map<String, Map<String, Set<String>>> policyFileMappingData, + String requestorUserName, boolean isOverwriteRole) + throws SentryUserException { try { TSentryMappingData tSentryMappingData = new TSentryMappingData(); // convert the mapping data for [group,role] from map structure to @@ -1109,11 +936,11 @@ public class SentryPolicyServiceClientDefaultImpl implements SentryPolicyService // convert the mapping data for [role,privilege] from map structure to // TSentryMappingData.RolePrivilegesMap tSentryMappingData - .setRolePrivilegesMap(convertRolePrivilegesMapForSentryDB(policyFileMappingData - .get(PolicyFileConstants.ROLES))); + .setRolePrivilegesMap(convertRolePrivilegesMapForSentryDB(policyFileMappingData + .get(PolicyFileConstants.ROLES))); TSentryImportMappingDataRequest request = new TSentryImportMappingDataRequest( - ThriftConstants.TSENTRY_SERVICE_VERSION_CURRENT, requestorUserName, isOverwriteRole, - tSentryMappingData); + ThriftConstants.TSENTRY_SERVICE_VERSION_CURRENT, requestorUserName, isOverwriteRole, + tSentryMappingData); TSentryImportMappingDataResponse response = client.import_sentry_mapping_data(request); Status.throwIfNotOk(response.getStatus()); } catch (TException e) { @@ -1124,7 +951,7 @@ public class SentryPolicyServiceClientDefaultImpl implements SentryPolicyService // convert the mapping data for [role,privilege] from map structure to // TSentryMappingData.RolePrivilegesMap private Map<String, Set<TSentryPrivilege>> convertRolePrivilegesMapForSentryDB( - Map<String, Set<String>> rolePrivilegesMap) { + Map<String, Set<String>> rolePrivilegesMap) { Map<String, Set<TSentryPrivilege>> rolePrivilegesMapResult = Maps.newHashMap(); if (rolePrivilegesMap != null) { for (Map.Entry<String, Set<String>> entry : rolePrivilegesMap.entrySet()) { @@ -1140,10 +967,11 @@ public class SentryPolicyServiceClientDefaultImpl implements SentryPolicyService } // export the sentry mapping data with map structure - public synchronized Map<String, Map<String, Set<String>>> exportPolicy(String requestorUserName, - String objectPath) throws SentryUserException { + public synchronized Map<String, Map<String, Set<String>>> exportPolicy(String + requestorUserName, + String objectPath) throws SentryUserException { TSentryExportMappingDataRequest request = new TSentryExportMappingDataRequest( - ThriftConstants.TSENTRY_SERVICE_VERSION_CURRENT, requestorUserName); + ThriftConstants.TSENTRY_SERVICE_VERSION_CURRENT, requestorUserName); request.setObjectPath(objectPath); try { TSentryExportMappingDataResponse response = client.export_sentry_mapping_data(request); @@ -1162,7 +990,7 @@ public class SentryPolicyServiceClientDefaultImpl implements SentryPolicyService // convert the mapping data for [roleName,privilege] from TSentryMappingData.RolePrivilegesMap to // map structure private Map<String, Set<String>> convertRolePrivilegesMapForPolicyFile( - Map<String, Set<TSentryPrivilege>> rolePrivilegesMap) { + Map<String, Set<TSentryPrivilege>> rolePrivilegesMap) { Map<String, Set<String>> rolePrivilegesMapForFile = Maps.newHashMap(); if (rolePrivilegesMap != null) { for (Map.Entry<String, Set<TSentryPrivilege>> entry : rolePrivilegesMap.entrySet()) {
http://git-wip-us.apache.org/repos/asf/sentry/blob/e3d859a9/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/thrift/SentryPolicyStoreProcessor.java ---------------------------------------------------------------------- diff --git a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/thrift/SentryPolicyStoreProcessor.java b/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/thrift/SentryPolicyStoreProcessor.java index ee2a466..20ebb2c 100644 --- a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/thrift/SentryPolicyStoreProcessor.java +++ b/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/thrift/SentryPolicyStoreProcessor.java @@ -47,7 +47,7 @@ import org.apache.sentry.provider.db.log.entity.JsonLogEntity; import org.apache.sentry.provider.db.log.entity.JsonLogEntityFactory; import org.apache.sentry.provider.db.log.util.Constants; import org.apache.sentry.provider.db.service.persistent.SentryStore; -import org.apache.sentry.provider.db.service.thrift.PolicyStoreConstants.PolicyStoreServerConfig; +import org.apache.sentry.core.common.utils.PolicyStoreConstants.PolicyStoreServerConfig; import org.apache.sentry.service.thrift.SentryServiceUtil; import org.apache.sentry.service.thrift.ServiceConstants; import org.apache.sentry.service.thrift.ServiceConstants.ConfUtilties; http://git-wip-us.apache.org/repos/asf/sentry/blob/e3d859a9/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/thrift/SentryProcessorWrapper.java ---------------------------------------------------------------------- diff --git a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/thrift/SentryProcessorWrapper.java b/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/thrift/SentryProcessorWrapper.java index a5f11a9..5e26486 100644 --- a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/thrift/SentryProcessorWrapper.java +++ b/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/thrift/SentryProcessorWrapper.java @@ -18,6 +18,7 @@ package org.apache.sentry.provider.db.service.thrift; +import org.apache.sentry.core.common.utils.ThriftUtil; import org.apache.thrift.TException; import org.apache.thrift.protocol.TProtocol; http://git-wip-us.apache.org/repos/asf/sentry/blob/e3d859a9/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/thrift/ThriftUtil.java ---------------------------------------------------------------------- diff --git a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/thrift/ThriftUtil.java b/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/thrift/ThriftUtil.java deleted file mode 100644 index 5fed04a..0000000 --- a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/thrift/ThriftUtil.java +++ /dev/null @@ -1,127 +0,0 @@ -/** - * Licensed to the Apache Software Foundation (ASF) under one - * or more contributor license agreements. See the NOTICE file - * distributed with this work for additional information - * regarding copyright ownership. The ASF licenses this file - * to you under the Apache License, Version 2.0 (the - * "License"); you may not use this file except in compliance - * with the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -package org.apache.sentry.provider.db.service.thrift; - -import com.google.common.net.HostAndPort; -import org.apache.thrift.protocol.TProtocol; -import org.apache.thrift.transport.TSaslClientTransport; -import org.apache.thrift.transport.TSaslServerTransport; -import org.apache.thrift.transport.TSocket; -import org.apache.thrift.transport.TTransport; -import org.slf4j.Logger; -import org.slf4j.LoggerFactory; - -import com.google.common.base.Preconditions; - -public final class ThriftUtil { - - private static final Logger LOGGER = LoggerFactory.getLogger(ThriftUtil.class); - - public static void setImpersonator(final TProtocol in) { - try { - TTransport transport = in.getTransport(); - if (transport instanceof TSaslServerTransport) { - String impersonator = ((TSaslServerTransport) transport).getSaslServer() - .getAuthorizationID(); - setImpersonator(impersonator); - } - } catch (Exception e) { - // If there has exception when get impersonator info, log the error information. - LOGGER.warn("There is an error when get the impersonator:" + e.getMessage()); - } - } - - public static void setIpAddress(final TProtocol in) { - try { - TTransport transport = in.getTransport(); - TSocket tSocket = getUnderlyingSocketFromTransport(transport); - if (tSocket != null) { - setIpAddress(tSocket.getSocket().getInetAddress().toString()); - } else { - LOGGER.warn("Unknown Transport, cannot determine ipAddress"); - } - } catch (Exception e) { - // If there has exception when get impersonator info, log the error information. - LOGGER.warn("There is an error when get the client's ip address:" + e.getMessage()); - } - } - - /** - * Returns the underlying TSocket from the transport, or null of the transport type is unknown. - */ - private static TSocket getUnderlyingSocketFromTransport(TTransport transport) { - Preconditions.checkNotNull(transport); - if (transport instanceof TSaslServerTransport) { - return (TSocket) ((TSaslServerTransport) transport).getUnderlyingTransport(); - } else if (transport instanceof TSaslClientTransport) { - return (TSocket) ((TSaslClientTransport) transport).getUnderlyingTransport(); - } else if (transport instanceof TSocket) { - return (TSocket) transport; - } - return null; - } - - private static ThreadLocal<String> threadLocalIpAddress = new ThreadLocal<String>() { - @Override - protected synchronized String initialValue() { - return ""; - } - }; - - public static void setIpAddress(String ipAddress) { - threadLocalIpAddress.set(ipAddress); - } - - public static String getIpAddress() { - return threadLocalIpAddress.get(); - } - - private static ThreadLocal<String> threadLocalImpersonator = new ThreadLocal<String>() { - @Override - protected synchronized String initialValue() { - return ""; - } - }; - - public static void setImpersonator(String impersonator) { - threadLocalImpersonator.set(impersonator); - } - - public static String getImpersonator() { - return threadLocalImpersonator.get(); - } - - private ThriftUtil() { - // Make constructor private to avoid instantiation - } - - /** - * Utility function for parsing host and port strings. Expected form should be - * (host:port). The hostname could be in ipv6 style. If port is not specified, - * defaultPort will be used. - */ - public static HostAndPort[] parseHostPortStrings(String[] hostsAndPortsArr, int defaultPort) { - HostAndPort[] hostsAndPorts = new HostAndPort[hostsAndPortsArr.length]; - for (int i = 0; i < hostsAndPorts.length; i++) { - hostsAndPorts[i] = - HostAndPort.fromString(hostsAndPortsArr[i]).withDefaultPort(defaultPort); - } - return hostsAndPorts; - } -} \ No newline at end of file http://git-wip-us.apache.org/repos/asf/sentry/blob/e3d859a9/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/service/thrift/PoolClientInvocationHandler.java ---------------------------------------------------------------------- diff --git a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/service/thrift/PoolClientInvocationHandler.java b/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/service/thrift/PoolClientInvocationHandler.java index d5f4fcb..acf9b05 100644 --- a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/service/thrift/PoolClientInvocationHandler.java +++ b/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/service/thrift/PoolClientInvocationHandler.java @@ -28,8 +28,9 @@ import org.apache.commons.pool2.impl.GenericObjectPool; import org.apache.commons.pool2.impl.GenericObjectPoolConfig; import org.apache.hadoop.conf.Configuration; import org.apache.sentry.core.common.exception.SentryUserException; +import org.apache.sentry.core.common.transport.SentryClientInvocationHandler; import org.apache.sentry.provider.db.service.thrift.SentryPolicyServiceClient; -import org.apache.sentry.provider.db.service.thrift.ThriftUtil; +import org.apache.sentry.core.common.utils.ThriftUtil; import org.apache.sentry.service.thrift.ServiceConstants.ClientConfig; import org.apache.thrift.transport.TTransportException; import org.slf4j.Logger; http://git-wip-us.apache.org/repos/asf/sentry/blob/e3d859a9/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/service/thrift/RetryClientInvocationHandler.java ---------------------------------------------------------------------- diff --git a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/service/thrift/RetryClientInvocationHandler.java b/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/service/thrift/RetryClientInvocationHandler.java deleted file mode 100644 index 2f38198..0000000 --- a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/service/thrift/RetryClientInvocationHandler.java +++ /dev/null @@ -1,146 +0,0 @@ -/** - * Licensed to the Apache Software Foundation (ASF) under one - * or more contributor license agreements. See the NOTICE file - * distributed with this work for additional information - * regarding copyright ownership. The ASF licenses this file - * to you under the Apache License, Version 2.0 (the - * "License"); you may not use this file except in compliance - * with the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ -package org.apache.sentry.service.thrift; - -import com.google.common.base.Preconditions; -import org.apache.hadoop.conf.Configuration; -import org.apache.sentry.core.common.exception.SentryUserException; -import org.apache.sentry.provider.db.service.thrift.SentryPolicyServiceClientDefaultImpl; -import org.apache.thrift.transport.TTransportException; -import org.slf4j.Logger; -import org.slf4j.LoggerFactory; - -import java.io.IOException; -import java.lang.reflect.InvocationTargetException; -import java.lang.reflect.Method; - -/** - * The RetryClientInvocationHandler is a proxy class for handling thrift calls for non-pool - * model. Currently only one client connection is allowed, and it's using lazy connection. - * The client is not connected to the sentry server until there is any rpc call. - * <p> - * For every rpc call, if the client is not connected, it will first connect to a sentry - * server, and then do the thrift call to the connected sentry server, which will execute - * the requested method and return back the response. If it is failed with connection - * problem, it will close the current connection and retry (reconnect and resend the - * thrift call) no more than rpcRetryTotal times. If the client is already connected, it - * will reuse the existing connection, and do the thrift call. - * <p> - * During reconnection, it will first cycle through all the available sentry servers, and - * then retry the whole server list no more than connectionFullRetryTotal times. In this - * case, it won't introduce more latency when some server fails. Also to prevent all - * clients connecting to the same server, it will reorder the endpoints randomly after a - * full retry. - * <p> - * TODO: allow multiple client connections - */ -class RetryClientInvocationHandler extends SentryClientInvocationHandler{ - private static final Logger LOGGER = - LoggerFactory.getLogger(RetryClientInvocationHandler.class); - private final Configuration conf; - private SentryPolicyServiceClientDefaultImpl client = null; - private final int rpcRetryTotal; - - /** - * Initialize the sentry configurations, including rpc retry count and client connection - * configs for SentryPolicyServiceClientDefaultImpl - */ - RetryClientInvocationHandler(Configuration conf) throws Exception { - this.conf = conf; - Preconditions.checkNotNull(this.conf, "Configuration object cannot be null"); - this.rpcRetryTotal = conf.getInt(ServiceConstants.ClientConfig.SENTRY_RPC_RETRY_TOTAL, - ServiceConstants.ClientConfig.SENTRY_RPC_RETRY_TOTAL_DEFAULT); - client = new SentryPolicyServiceClientDefaultImpl(conf); - } - - /** - * For every rpc call, if the client is not connected, it will first connect to a sentry - * server, and then do the thrift call to the connected sentry server, which will - * execute the requested method and return back the response. If it is failed with - * connection problem, it will close the current connection, and retry (reconnect and - * resend the thrift call) no more than rpcRetryTotal times. Throw SentryUserException - * if failed retry after rpcRetryTotal times. - * if it is failed with other exception, method would just re-throw the exception. - * Synchronized it for thread safety. - */ - @Override - synchronized Object invokeImpl(Object proxy, Method method, Object[] args) throws Exception { - int retryCount = 0; - Exception lastExc = null; - - while (retryCount < rpcRetryTotal) { - // Connect to a sentry server if not connected yet. - try { - client.connectWithRetry(); - } catch (IOException e) { - // Increase the retry num - // Retry when the exception is caused by connection problem. - retryCount++; - lastExc = e; - close(); - continue; - } catch (Exception e) { - close(); - throw e; - } - - // do the thrift call - try { - return method.invoke(client, args); - } catch (InvocationTargetException e) { - // Get the target exception, check if SentryUserException or TTransportException is wrapped. - // TTransportException means there has connection problem with the pool. - Throwable targetException = e.getCause(); - if (targetException instanceof SentryUserException) { - Throwable sentryTargetException = targetException.getCause(); - // If there has connection problem, eg, invalid connection if the service restarted, - // sentryTargetException instanceof TTransportException = true. - if (sentryTargetException instanceof TTransportException) { - // Retry when the exception is caused by connection problem. - lastExc = new TTransportException(sentryTargetException); - LOGGER.debug("Got TTransportException when do the thrift call ", lastExc); - } else { - // The exception is thrown by thrift call, eg, SentryAccessDeniedException. - // Do not need to reconnect to the sentry server. - throw (SentryUserException) targetException; - } - } else { - throw e; - } - } - - // Increase the retry num - retryCount++; - - // For connection problem, it will close the current connection, and reconnect to - // an available sentry server and redo the thrift call. - close(); - } - // Throw the exception as reaching the max rpc retry num. - LOGGER.error(String.format("failed after %d retries ", rpcRetryTotal), lastExc); - throw new SentryUserException( - String.format("failed after %d retries ", rpcRetryTotal), lastExc); - } - - @Override - public void close() { - client.close(); - LOGGER.debug("Close the current client connection"); - } - -} http://git-wip-us.apache.org/repos/asf/sentry/blob/e3d859a9/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/service/thrift/SentryClientInvocationHandler.java ---------------------------------------------------------------------- diff --git a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/service/thrift/SentryClientInvocationHandler.java b/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/service/thrift/SentryClientInvocationHandler.java deleted file mode 100644 index b8c7f23..0000000 --- a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/service/thrift/SentryClientInvocationHandler.java +++ /dev/null @@ -1,54 +0,0 @@ -/** - * Licensed to the Apache Software Foundation (ASF) under one - * or more contributor license agreements. See the NOTICE file - * distributed with this work for additional information - * regarding copyright ownership. The ASF licenses this file - * to you under the Apache License, Version 2.0 (the - * "License"); you may not use this file except in compliance - * with the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ -package org.apache.sentry.service.thrift; - -import java.lang.reflect.InvocationHandler; -import java.lang.reflect.Method; - -/** - * SentryClientInvocationHandler is the base interface for all the InvocationHandler in SENTRY - */ -public abstract class SentryClientInvocationHandler implements InvocationHandler { - - /** - * Close the InvocationHandler: An InvocationHandler may create some contexts, - * these contexts should be close when the method "close()" of client be called. - */ - @Override - public final Object invoke(Object proxy, Method method, Object[] args) throws Exception { - // close() doesn't throw exception we supress that in case of connection - // loss. Changing SentryPolicyServiceClient#close() to throw an - // exception would be a backward incompatible change for Sentry clients. - if ("close".equals(method.getName()) && null == args) { - close(); - return null; - } - return invokeImpl(proxy, method, args); - } - - /** - * Subclass should implement this method for special function - */ - abstract Object invokeImpl(Object proxy, Method method, Object[] args) throws Exception; - - /** - * An abstract method "close", an invocationHandler should close its contexts at here. - */ - public abstract void close(); - -} http://git-wip-us.apache.org/repos/asf/sentry/blob/e3d859a9/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/service/thrift/SentryServiceClientFactory.java ---------------------------------------------------------------------- diff --git a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/service/thrift/SentryServiceClientFactory.java b/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/service/thrift/SentryServiceClientFactory.java index f822497..745dc4c 100644 --- a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/service/thrift/SentryServiceClientFactory.java +++ b/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/service/thrift/SentryServiceClientFactory.java @@ -22,6 +22,7 @@ import java.lang.reflect.Proxy; import org.apache.hadoop.conf.Configuration; +import org.apache.sentry.core.common.transport.RetryClientInvocationHandler; import org.apache.sentry.provider.db.service.thrift.SentryPolicyServiceClient; import org.apache.sentry.provider.db.service.thrift.SentryPolicyServiceClientDefaultImpl; import org.apache.sentry.service.thrift.ServiceConstants.ClientConfig; @@ -43,7 +44,8 @@ public final class SentryServiceClientFactory { return (SentryPolicyServiceClient) Proxy .newProxyInstance(SentryPolicyServiceClientDefaultImpl.class.getClassLoader(), SentryPolicyServiceClientDefaultImpl.class.getInterfaces(), - new RetryClientInvocationHandler(conf)); + new RetryClientInvocationHandler(conf, + new SentryPolicyServiceClientDefaultImpl(conf))); } } } http://git-wip-us.apache.org/repos/asf/sentry/blob/e3d859a9/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/service/thrift/ServiceConstants.java ---------------------------------------------------------------------- diff --git a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/service/thrift/ServiceConstants.java b/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/service/thrift/ServiceConstants.java index d3a68c9..834ed41 100644 --- a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/service/thrift/ServiceConstants.java +++ b/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/service/thrift/ServiceConstants.java @@ -25,7 +25,6 @@ import javax.security.sasl.Sasl; import com.google.common.base.Splitter; import com.google.common.collect.ImmutableMap; import org.apache.sentry.provider.db.service.thrift.SentryMetrics; -import org.apache.sentry.provider.db.service.thrift.SentryPolicyServiceClientDefaultImpl; public class ServiceConstants { @@ -227,12 +226,10 @@ public class ServiceConstants { } public static class ClientConfig { - public static final ImmutableMap<String, String> SASL_PROPERTIES = ServiceConstants.SASL_PROPERTIES; public static final String SERVER_RPC_PORT = "sentry.service.client.server.rpc-port"; public static final int SERVER_RPC_PORT_DEFAULT = ServerConfig.RPC_PORT_DEFAULT; public static final String SERVER_RPC_ADDRESS = "sentry.service.client.server.rpc-address"; public static final String SERVER_RPC_CONN_TIMEOUT = "sentry.service.client.server.rpc-connection-timeout"; - public static final int SERVER_RPC_CONN_TIMEOUT_DEFAULT = 200000; // HA configuration public static final String SENTRY_HA_ENABLED = "sentry.ha.enabled"; @@ -256,20 +253,6 @@ public class ServiceConstants { public static final String SENTRY_POOL_RETRY_TOTAL = "sentry.service.client.connection.pool.retry-total"; public static final int SENTRY_POOL_RETRY_TOTAL_DEFAULT = 3; - /** - * full retry num for getting the connection in non-pool model - * In a full retry, it will cycle through all available sentry servers - * {@link SentryPolicyServiceClientDefaultImpl#connectWithRetry()} - */ - public static final String SENTRY_FULL_RETRY_TOTAL = "sentry.service.client.connection.full.retry-total"; - public static final int SENTRY_FULL_RETRY_TOTAL_DEFAULT = 2; - /** - * max retry num for client rpc - * {@link RetryClientInvocationHandler#invokeImpl(Object, Method, Object[])} - */ - public static final String SENTRY_RPC_RETRY_TOTAL = "sentry.service.client.rpc.retry-total"; - public static final int SENTRY_RPC_RETRY_TOTAL_DEFAULT = 3; - // max message size for thrift messages public static final String SENTRY_POLICY_CLIENT_THRIFT_MAX_MESSAGE_SIZE = "sentry.policy.client.thrift.max.message.size"; public static final long SENTRY_POLICY_CLIENT_THRIFT_MAX_MESSAGE_SIZE_DEFAULT = 100 * 1024 * 1024; http://git-wip-us.apache.org/repos/asf/sentry/blob/e3d859a9/sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/provider/db/generic/service/thrift/TestSentryGenericPolicyProcessor.java ---------------------------------------------------------------------- diff --git a/sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/provider/db/generic/service/thrift/TestSentryGenericPolicyProcessor.java b/sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/provider/db/generic/service/thrift/TestSentryGenericPolicyProcessor.java index d4bf435..ac93e25 100644 --- a/sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/provider/db/generic/service/thrift/TestSentryGenericPolicyProcessor.java +++ b/sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/provider/db/generic/service/thrift/TestSentryGenericPolicyProcessor.java @@ -40,7 +40,7 @@ import org.apache.sentry.provider.db.generic.service.persistent.SentryStoreLayer import org.apache.sentry.provider.db.generic.service.persistent.PrivilegeObject.Builder; import org.apache.sentry.provider.db.service.model.MSentryGMPrivilege; import org.apache.sentry.provider.db.service.model.MSentryRole; -import org.apache.sentry.provider.db.service.thrift.PolicyStoreConstants; +import org.apache.sentry.core.common.utils.PolicyStoreConstants; import org.apache.sentry.service.thrift.ServiceConstants.ServerConfig; import org.apache.sentry.service.thrift.Status; import org.apache.sentry.service.thrift.TSentryResponseStatus;
