http://git-wip-us.apache.org/repos/asf/sentry/blob/14b3b904/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/thrift/SentryPolicyServiceClientDefaultImpl.java ---------------------------------------------------------------------- diff --git a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/thrift/SentryPolicyServiceClientDefaultImpl.java b/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/thrift/SentryPolicyServiceClientDefaultImpl.java index 4284b53..d1a4d99 100644 --- a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/thrift/SentryPolicyServiceClientDefaultImpl.java +++ b/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/thrift/SentryPolicyServiceClientDefaultImpl.java @@ -6,9 +6,9 @@ * to you under the Apache License, Version 2.0 (the * "License"); you may not use this file except in compliance * with the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * + * <p> + * http://www.apache.org/licenses/LICENSE-2.0 + * <p> * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. @@ -19,29 +19,18 @@ package org.apache.sentry.provider.db.service.thrift; import java.io.IOException; -import java.net.InetSocketAddress; -import java.security.PrivilegedExceptionAction; -import java.util.ArrayList; -import java.util.Collections; import java.util.List; import java.util.Map; import java.util.Set; +import java.util.Collections; -import javax.security.auth.callback.CallbackHandler; -import javax.security.sasl.Sasl; - -import com.google.common.collect.ImmutableMap; -import com.google.common.net.HostAndPort; import org.apache.commons.lang.StringUtils; import org.apache.hadoop.conf.Configuration; -import org.apache.hadoop.net.NetUtils; -import org.apache.hadoop.security.SaslRpcServer; -import org.apache.hadoop.security.SecurityUtil; -import org.apache.hadoop.security.UserGroupInformation; -import org.apache.sentry.core.common.exception.MissingConfigurationException; + import org.apache.sentry.core.common.exception.SentryUserException; import org.apache.sentry.core.common.ActiveRoleSet; import org.apache.sentry.core.common.Authorizable; +import org.apache.sentry.core.common.transport.SentryTransportFactory; import org.apache.sentry.core.model.db.AccessConstants; import org.apache.sentry.core.model.db.DBModelAuthorizable; import org.apache.sentry.core.common.utils.PolicyFileConstants; @@ -53,228 +42,81 @@ import org.apache.sentry.service.thrift.Status; import org.apache.thrift.TException; import org.apache.thrift.protocol.TBinaryProtocol; import org.apache.thrift.protocol.TMultiplexedProtocol; -import org.apache.thrift.transport.TSaslClientTransport; -import org.apache.thrift.transport.TSocket; -import org.apache.thrift.transport.TTransport; -import org.apache.thrift.transport.TTransportException; +import org.apache.sentry.core.common.transport.SentryServiceClient; import org.apache.sentry.core.common.transport.SentryPolicyClientTransportConfig; +import org.apache.thrift.transport.TTransport; import org.slf4j.Logger; import org.slf4j.LoggerFactory; import com.google.common.annotations.VisibleForTesting; -import com.google.common.base.Preconditions; import com.google.common.collect.ImmutableList; import com.google.common.collect.ImmutableSet; import com.google.common.collect.Lists; import com.google.common.collect.Maps; import com.google.common.collect.Sets; -/* - A Sentry Client in which all the operations are synchronized for thread safety - Note: When using this client, if there is an exception in RPC, socket can get into an inconsistent state. - So it is important to recreate the client, which uses a new socket. +/** + * Sentry Policy Service Client + * <p> + * The public implementation of SentryPolicyServiceClient. + * Note: When using this client, if there is an exception in RPC, socket can get into an inconsistent state + * So it is important to close and re-open the transportFactory so that new socket is used. + * When an class is instantiated, there will be transportFactory created connecting with first available + * server this is configured. */ -public class SentryPolicyServiceClientDefaultImpl implements SentryPolicyServiceClient { +public class SentryPolicyServiceClientDefaultImpl implements SentryPolicyServiceClient, SentryServiceClient { - private final Configuration conf; - private final boolean kerberos; - private String[] serverPrincipalParts; private SentryPolicyService.Client client; + private SentryTransportFactory transportFactory; private TTransport transport; - private int connectionTimeout; + private Configuration conf; + private static final Logger LOGGER = LoggerFactory - .getLogger(SentryPolicyServiceClient.class); + .getLogger(SentryPolicyServiceClient.class); private static final String THRIFT_EXCEPTION_MESSAGE = "Thrift exception occurred "; - // configs for connection retry - private int connectionFullRetryTotal; - private List<InetSocketAddress> endpoints; - final SentryPolicyClientTransportConfig transportConfig = new SentryPolicyClientTransportConfig(); - private static final ImmutableMap<String, String> SASL_PROPERTIES = - ImmutableMap.of(Sasl.SERVER_AUTH, "true", Sasl.QOP, "auth-conf"); - - /** - * This transport wraps the Sasl transports to set up the right UGI context for open(). - */ - public static class UgiSaslClientTransport extends TSaslClientTransport { - protected UserGroupInformation ugi = null; - - public UgiSaslClientTransport(String mechanism, String authorizationId, - String protocol, String serverName, Map<String, String> props, - CallbackHandler cbh, TTransport transport, boolean wrapUgi) - throws IOException { - super(mechanism, authorizationId, protocol, serverName, props, cbh, - transport); - if (wrapUgi) { - ugi = UserGroupInformation.getLoginUser(); - } - } - - // open the SASL transport with using the current UserGroupInformation - // This is needed to get the current login context stored - @Override - public synchronized void open() throws TTransportException { - if (ugi == null) { - baseOpen(); - } else { - try { - if (ugi.isFromKeytab()) { - ugi.checkTGTAndReloginFromKeytab(); - } - ugi.doAs(new PrivilegedExceptionAction<Void>() { - public Void run() throws TTransportException { - baseOpen(); - return null; - } - }); - } catch (IOException e) { - throw new TTransportException("Failed to open SASL transport", e); - } catch (InterruptedException e) { - throw new TTransportException( - "Interrupted while opening underlying transport", e); - } - } - } - - private void baseOpen() throws TTransportException { - super.open(); - } - } /** * Initialize the sentry configurations. */ - public SentryPolicyServiceClientDefaultImpl(Configuration conf) + public SentryPolicyServiceClientDefaultImpl(Configuration conf, SentryPolicyClientTransportConfig transportConfig) throws IOException { + transportFactory = new SentryTransportFactory(conf, transportConfig); this.conf = conf; - Preconditions.checkNotNull(this.conf, "Configuration object cannot be null"); - try { - String hostsAndPortsStr; - this.connectionTimeout = transportConfig.getServerRpcConnTimeoutInMs(conf); - this.connectionFullRetryTotal = transportConfig.getSentryFullRetryTotal(conf); - - this.kerberos = transportConfig.isKerberosEnabled(conf); - hostsAndPortsStr = transportConfig.getSentryServerRpcAddress(conf); - - int serverPort = transportConfig.getServerRpcPort(conf); - - String[] hostsAndPortsStrArr = hostsAndPortsStr.split(","); - HostAndPort[] hostsAndPorts = ThriftUtil.parseHostPortStrings(hostsAndPortsStrArr, serverPort); - this.endpoints = new ArrayList(hostsAndPortsStrArr.length); - for (int i = hostsAndPortsStrArr.length - 1; i >= 0; i--) { - this.endpoints.add( - new InetSocketAddress(hostsAndPorts[i].getHostText(), hostsAndPorts[i].getPort())); - LOGGER.debug("Added server endpoint: " + hostsAndPorts[i].toString()); - } - } catch (MissingConfigurationException e) { - throw new RuntimeException("Client Creation Failed: " + e.getMessage(), e); - } } public SentryPolicyServiceClientDefaultImpl(String addr, int port, Configuration conf) throws IOException { + transportFactory = new SentryTransportFactory(addr, port, conf, + new SentryPolicyClientTransportConfig()); this.conf = conf; - Preconditions.checkNotNull(this.conf, "Configuration object cannot be null"); - try { - InetSocketAddress serverAddress = NetUtils.createSocketAddr(addr, port); - this.connectionTimeout = transportConfig.getServerRpcConnTimeoutInMs(conf); - this.kerberos = transportConfig.isKerberosEnabled(conf); - connect(serverAddress); - } catch (MissingConfigurationException e) { - throw new RuntimeException("Client Creation Failed: " + e.getMessage(), e); - } - + connect(); } /** - * This is a no-op when already connected. - * When there is a connection error, it will retry with another sentry server. It will - * first cycle through all the available sentry servers, and then retry the whole server - * list no more than connectionFullRetryTotal times. In this case, it won't introduce - * more latency when some server fails. Also to prevent all clients connecting to the - * same server, it will reorder the endpoints randomly after a full retry. - * <p> - * TODO: Have a small random sleep after a full retry to prevent all clients connecting to the same server. - * <p> - * TODO: Add metrics for the number of successful connects and errors per client, and total number of retries. - * @throws Exception if client fails to connect to all servers for a configured - * number of times + * Connect to the sentry server + * + * @throws IOException */ - public synchronized void connectWithRetry() throws Exception { - if (isConnected()) { + @Override + public synchronized void connect() throws IOException { + if (transport != null && transport.isOpen()) { return; } - Exception currentException = null; - // Here for each full connectWithRetry it will cycle through all available sentry - // servers. Before each full connectWithRetry, it will shuffle the server list. - for (int retryCount = 0; retryCount < connectionFullRetryTotal; retryCount++) { - // Reorder endpoints randomly to prevent all clients connecting to the same endpoint - // at the same time after a node failure. - Collections.shuffle(endpoints); - for (InetSocketAddress addr : endpoints) { - try { - connect(addr); - LOGGER.info(String.format("Connected to SentryServer: %s", addr.toString())); - return; - } catch (Exception e) { - LOGGER.debug(String.format("Failed connection to %s: %s", - addr.toString(), e.getMessage()), e); - currentException = e; - } - } - } - - // Throw exception as reaching the max full connectWithRetry number. - LOGGER.error( - String.format("Reach the max connection retry num %d ", connectionFullRetryTotal), - currentException); - throw currentException; - } - - /** - * Connect to the specified socket address and throw Exception if failed. - */ - private void connect(InetSocketAddress serverAddress) throws IOException { - transport = new TSocket(serverAddress.getHostName(), - serverAddress.getPort(), connectionTimeout); - try { - if (kerberos) { - String serverPrincipal = transportConfig.getSentryPrincipal(conf); - - // Resolve server host in the same way as we are doing on server side - serverPrincipal = - SecurityUtil.getServerPrincipal(serverPrincipal, serverAddress.getAddress()); - LOGGER.debug("Using server kerberos principal: " + serverPrincipal); - - serverPrincipalParts = SaslRpcServer.splitKerberosName(serverPrincipal); - Preconditions.checkArgument(serverPrincipalParts.length == 3, - "Kerberos principal should have 3 parts: " + serverPrincipal); - boolean wrapUgi = transportConfig.useUserGroupInformation(conf); - transport = new SentryPolicyServiceClientDefaultImpl.UgiSaslClientTransport( - SaslRpcServer.AuthMethod.KERBEROS.getMechanismName(), - null, serverPrincipalParts[0], serverPrincipalParts[1], - SASL_PROPERTIES, null, transport, wrapUgi); - } else { - serverPrincipalParts = null; - } - - transport.open(); - } catch (TTransportException e) { - throw new IOException("Transport exception while opening transport: " + e.getMessage(), e); - } - LOGGER.debug("Successfully opened transport: " + transport + " to " + serverAddress); + transport = transportFactory.getTransport(); long maxMessageSize = conf.getLong( - ServiceConstants.ClientConfig.SENTRY_POLICY_CLIENT_THRIFT_MAX_MESSAGE_SIZE, - ServiceConstants.ClientConfig.SENTRY_POLICY_CLIENT_THRIFT_MAX_MESSAGE_SIZE_DEFAULT); + ServiceConstants.ClientConfig.SENTRY_POLICY_CLIENT_THRIFT_MAX_MESSAGE_SIZE, + ServiceConstants.ClientConfig.SENTRY_POLICY_CLIENT_THRIFT_MAX_MESSAGE_SIZE_DEFAULT); TMultiplexedProtocol protocol = new TMultiplexedProtocol( - new TBinaryProtocol(transport, maxMessageSize, maxMessageSize, true, true), - SentryPolicyStoreProcessor.SENTRY_POLICY_SERVICE_NAME); + new TBinaryProtocol(transport, maxMessageSize, maxMessageSize, true, true), + SentryPolicyStoreProcessor.SENTRY_POLICY_SERVICE_NAME); client = new SentryPolicyService.Client(protocol); LOGGER.debug("Successfully created client"); } + @Override public synchronized void createRole(String requestorUserName, String roleName) - throws SentryUserException { + throws SentryUserException { TCreateSentryRoleRequest request = new TCreateSentryRoleRequest(); request.setProtocol_version(ThriftConstants.TSENTRY_SERVICE_VERSION_CURRENT); request.setRequestorUserName(requestorUserName); @@ -287,21 +129,23 @@ public class SentryPolicyServiceClientDefaultImpl implements SentryPolicyService } } + @Override public synchronized void dropRole(String requestorUserName, - String roleName) - throws SentryUserException { + String roleName) + throws SentryUserException { dropRole(requestorUserName, roleName, false); } + @Override public synchronized void dropRoleIfExists(String requestorUserName, - String roleName) - throws SentryUserException { + String roleName) + throws SentryUserException { dropRole(requestorUserName, roleName, true); } private synchronized void dropRole(String requestorUserName, - String roleName, boolean ifExists) - throws SentryUserException { + String roleName, boolean ifExists) + throws SentryUserException { TDropSentryRoleRequest request = new TDropSentryRoleRequest(); request.setProtocol_version(ThriftConstants.TSENTRY_SERVICE_VERSION_CURRENT); request.setRequestorUserName(requestorUserName); @@ -320,15 +164,17 @@ public class SentryPolicyServiceClientDefaultImpl implements SentryPolicyService /** * Gets sentry role objects for a given groupName using the Sentry service + * * @param requestorUserName : user on whose behalf the request is issued - * @param groupName : groupName to look up ( if null returns all roles for all groups) + * @param groupName : groupName to look up ( if null returns all roles for all groups) * @return Set of thrift sentry role objects * @throws SentryUserException */ + @Override public synchronized Set<TSentryRole> listRolesByGroupName( - String requestorUserName, - String groupName) - throws SentryUserException { + String requestorUserName, + String groupName) + throws SentryUserException { TListSentryRolesRequest request = new TListSentryRolesRequest(); request.setProtocol_version(ThriftConstants.TSENTRY_SERVICE_VERSION_CURRENT); request.setRequestorUserName(requestorUserName); @@ -350,15 +196,14 @@ public class SentryPolicyServiceClientDefaultImpl implements SentryPolicyService /** * Gets sentry role objects for a given userName using the Sentry service * - * @param requestorUserName - * : user on whose behalf the request is issued - * @param userName - * : userName to look up (can't be empty) + * @param requestorUserName : user on whose behalf the request is issued + * @param userName : userName to look up (can't be empty) * @return Set of thrift sentry role objects * @throws SentryUserException */ + @Override public Set<TSentryRole> listRolesByUserName(String requestorUserName, String userName) - throws SentryUserException { + throws SentryUserException { TListSentryRolesForUserRequest request = new TListSentryRolesForUserRequest(); request.setProtocol_version(ThriftConstants.TSENTRY_SERVICE_VERSION_CURRENT); request.setRequestorUserName(requestorUserName); @@ -373,23 +218,26 @@ public class SentryPolicyServiceClientDefaultImpl implements SentryPolicyService } } + @Override public synchronized Set<TSentryPrivilege> listAllPrivilegesByRoleName(String requestorUserName, - String roleName) - throws SentryUserException { + String roleName) + throws SentryUserException { return listPrivilegesByRoleName(requestorUserName, roleName, null); } /** * Gets sentry privilege objects for a given roleName using the Sentry service + * * @param requestorUserName : user on whose behalf the request is issued - * @param roleName : roleName to look up - * @param authorizable : authorizable Hierarchy (server->db->table etc) + * @param roleName : roleName to look up + * @param authorizable : authorizable Hierarchy (server->db->table etc) * @return Set of thrift sentry privilege objects * @throws SentryUserException */ + @Override public synchronized Set<TSentryPrivilege> listPrivilegesByRoleName(String requestorUserName, - String roleName, List<? extends Authorizable> authorizable) - throws SentryUserException { + String roleName, List<? extends Authorizable> authorizable) + throws SentryUserException { TListSentryPrivilegesRequest request = new TListSentryPrivilegesRequest(); request.setProtocol_version(ThriftConstants.TSENTRY_SERVICE_VERSION_CURRENT); request.setRequestorUserName(requestorUserName); @@ -408,36 +256,41 @@ public class SentryPolicyServiceClientDefaultImpl implements SentryPolicyService } } + @Override public synchronized Set<TSentryRole> listRoles(String requestorUserName) - throws SentryUserException { + throws SentryUserException { return listRolesByGroupName(requestorUserName, null); } + @Override public synchronized Set<TSentryRole> listUserRoles(String requestorUserName) - throws SentryUserException { + throws SentryUserException { Set<TSentryRole> tSentryRoles = Sets.newHashSet(); tSentryRoles.addAll(listRolesByGroupName(requestorUserName, AccessConstants.ALL)); tSentryRoles.addAll(listRolesByUserName(requestorUserName, requestorUserName)); return tSentryRoles; } + @Override public synchronized TSentryPrivilege grantURIPrivilege(String requestorUserName, - String roleName, String server, String uri) - throws SentryUserException { + String roleName, String server, String uri) + throws SentryUserException { return grantPrivilege(requestorUserName, roleName, - PrivilegeScope.URI, server, uri, null, null, null, AccessConstants.ALL); + PrivilegeScope.URI, server, uri, null, null, null, AccessConstants.ALL); } + @Override public synchronized TSentryPrivilege grantURIPrivilege(String requestorUserName, - String roleName, String server, String uri, Boolean grantOption) - throws SentryUserException { + String roleName, String server, String uri, Boolean grantOption) + throws SentryUserException { return grantPrivilege(requestorUserName, roleName, - PrivilegeScope.URI, server, uri, null, null, null, AccessConstants.ALL, grantOption); + PrivilegeScope.URI, server, uri, null, null, null, AccessConstants.ALL, grantOption); } + @Override public synchronized void grantServerPrivilege(String requestorUserName, - String roleName, String server, String action) - throws SentryUserException { + String roleName, String server, String action) + throws SentryUserException { // "ALL" and "*" should be synonyms for action and need to be unified with grantServerPrivilege without // action explicitly specified. @@ -446,7 +299,7 @@ public class SentryPolicyServiceClientDefaultImpl implements SentryPolicyService } grantPrivilege(requestorUserName, roleName, - PrivilegeScope.SERVER, server, null, null, null, null, action); + PrivilegeScope.SERVER, server, null, null, null, null, action); } @Deprecated @@ -455,14 +308,15 @@ public class SentryPolicyServiceClientDefaultImpl implements SentryPolicyService * String roleName, String server, String action, Boolean grantOption) */ public synchronized TSentryPrivilege grantServerPrivilege(String requestorUserName, - String roleName, String server, Boolean grantOption) throws SentryUserException { + String roleName, String server, Boolean grantOption) throws SentryUserException { return grantServerPrivilege(requestorUserName, roleName, server, - AccessConstants.ALL, grantOption); + AccessConstants.ALL, grantOption); } + @Override public synchronized TSentryPrivilege grantServerPrivilege(String requestorUserName, - String roleName, String server, String action, Boolean grantOption) - throws SentryUserException { + String roleName, String server, String action, Boolean grantOption) + throws SentryUserException { // "ALL" and "*" should be synonyms for action and need to be unified with grantServerPrivilege without // action explicitly specified. @@ -471,75 +325,85 @@ public class SentryPolicyServiceClientDefaultImpl implements SentryPolicyService } return grantPrivilege(requestorUserName, roleName, - PrivilegeScope.SERVER, server, null, null, null, null, action, grantOption); + PrivilegeScope.SERVER, server, null, null, null, null, action, grantOption); } + @Override public synchronized TSentryPrivilege grantDatabasePrivilege(String requestorUserName, - String roleName, String server, String db, String action) - throws SentryUserException { + String roleName, String server, String db, String action) + throws SentryUserException { return grantPrivilege(requestorUserName, roleName, - PrivilegeScope.DATABASE, server, null, db, null, null, action); + PrivilegeScope.DATABASE, server, null, db, null, null, action); } + @Override public synchronized TSentryPrivilege grantDatabasePrivilege(String requestorUserName, - String roleName, String server, String db, String action, Boolean grantOption) - throws SentryUserException { + String roleName, String server, String db, String action, Boolean grantOption) + throws SentryUserException { return grantPrivilege(requestorUserName, roleName, - PrivilegeScope.DATABASE, server, null, db, null, null, action, grantOption); + PrivilegeScope.DATABASE, server, null, db, null, null, action, grantOption); } + @Override public synchronized TSentryPrivilege grantTablePrivilege(String requestorUserName, - String roleName, String server, String db, String table, String action) - throws SentryUserException { + String roleName, String server, String db, String table, String action) + throws SentryUserException { return grantPrivilege(requestorUserName, roleName, PrivilegeScope.TABLE, server, - null, - db, table, null, action); + null, + db, table, null, action); } + @Override public synchronized TSentryPrivilege grantTablePrivilege(String requestorUserName, - String roleName, String server, String db, String table, String action, Boolean grantOption) - throws SentryUserException { + String roleName, String server, String db, String table, String action, Boolean grantOption) + throws SentryUserException { return grantPrivilege(requestorUserName, roleName, PrivilegeScope.TABLE, server, - null, db, table, null, action, grantOption); + null, db, table, null, action, grantOption); } + @Override public synchronized TSentryPrivilege grantColumnPrivilege(String requestorUserName, - String roleName, String server, String db, String table, String columnName, String action) - throws SentryUserException { + String roleName, String server, String db, String table, String columnName, String action) + throws SentryUserException { return grantPrivilege(requestorUserName, roleName, PrivilegeScope.COLUMN, server, - null, - db, table, columnName, action); + null, + db, table, columnName, action); } + @Override public synchronized TSentryPrivilege grantColumnPrivilege(String requestorUserName, - String roleName, String server, String db, String table, String columnName, String action, Boolean grantOption) - throws SentryUserException { + String roleName, String server, String db, String table, String columnName, String action, Boolean grantOption) + throws SentryUserException { return grantPrivilege(requestorUserName, roleName, PrivilegeScope.COLUMN, server, - null, db, table, columnName, action, grantOption); + null, db, table, columnName, action, grantOption); } + @Override public synchronized Set<TSentryPrivilege> grantColumnsPrivileges(String requestorUserName, - String roleName, String server, String db, String table, List<String> columnNames, String action) - throws SentryUserException { + String roleName, String server, String db, String table, List<String> columnNames, String action) + throws SentryUserException { return grantPrivileges(requestorUserName, roleName, PrivilegeScope.COLUMN, server, - null, - db, table, columnNames, action); + null, + db, table, columnNames, action); } + @Override public synchronized Set<TSentryPrivilege> grantColumnsPrivileges(String requestorUserName, - String roleName, String server, String db, String table, List<String> columnNames, String action, Boolean grantOption) - throws SentryUserException { + String roleName, String server, String db, String table, List<String> columnNames, String action, Boolean grantOption) + throws SentryUserException { return grantPrivileges(requestorUserName, roleName, PrivilegeScope.COLUMN, - server, - null, db, table, columnNames, action, grantOption); + server, + null, db, table, columnNames, action, grantOption); } + @Override public synchronized Set<TSentryPrivilege> grantPrivileges( - String requestorUserName, String roleName, - Set<TSentryPrivilege> privileges) throws SentryUserException { + String requestorUserName, String roleName, + Set<TSentryPrivilege> privileges) throws SentryUserException { return grantPrivilegesCore(requestorUserName, roleName, privileges); } + @Override public synchronized TSentryPrivilege grantPrivilege(String requestorUserName, String roleName, TSentryPrivilege privilege) throws SentryUserException { return grantPrivilegeCore(requestorUserName, roleName, privilege); @@ -548,7 +412,7 @@ public class SentryPolicyServiceClientDefaultImpl implements SentryPolicyService private TSentryPrivilege grantPrivilegeCore(String requestorUserName, String roleName, TSentryPrivilege privilege) throws SentryUserException { Set<TSentryPrivilege> results = - grantPrivilegesCore(requestorUserName, roleName, ImmutableSet.of(privilege)); + grantPrivilegesCore(requestorUserName, roleName, ImmutableSet.of(privilege)); if (results != null && results.size() > 0) { return results.iterator().next(); } else { @@ -565,7 +429,7 @@ public class SentryPolicyServiceClientDefaultImpl implements SentryPolicyService request.setPrivileges(privileges); try { TAlterSentryRoleGrantPrivilegeResponse response = - client.alter_sentry_role_grant_privilege(request); + client.alter_sentry_role_grant_privilege(request); Status.throwIfNotOk(response.getStatus()); return response.getPrivileges(); } catch (TException e) { @@ -575,24 +439,24 @@ public class SentryPolicyServiceClientDefaultImpl implements SentryPolicyService @VisibleForTesting public static TSentryAuthorizable setupSentryAuthorizable( - List<? extends Authorizable> authorizable) { + List<? extends Authorizable> authorizable) { TSentryAuthorizable tSentryAuthorizable = new TSentryAuthorizable(); for (Authorizable authzble : authorizable) { if (authzble.getTypeName().equalsIgnoreCase( - DBModelAuthorizable.AuthorizableType.Server.toString())) { + DBModelAuthorizable.AuthorizableType.Server.toString())) { tSentryAuthorizable.setServer(authzble.getName()); } else if (authzble.getTypeName().equalsIgnoreCase( - DBModelAuthorizable.AuthorizableType.URI.toString())) { + DBModelAuthorizable.AuthorizableType.URI.toString())) { tSentryAuthorizable.setUri(authzble.getName()); } else if (authzble.getTypeName().equalsIgnoreCase( - DBModelAuthorizable.AuthorizableType.Db.toString())) { + DBModelAuthorizable.AuthorizableType.Db.toString())) { tSentryAuthorizable.setDb(authzble.getName()); } else if (authzble.getTypeName().equalsIgnoreCase( - DBModelAuthorizable.AuthorizableType.Table.toString())) { + DBModelAuthorizable.AuthorizableType.Table.toString())) { tSentryAuthorizable.setTable(authzble.getName()); } else if (authzble.getTypeName().equalsIgnoreCase( - DBModelAuthorizable.AuthorizableType.Column.toString())) { + DBModelAuthorizable.AuthorizableType.Column.toString())) { tSentryAuthorizable.setColumn(authzble.getName()); } } @@ -600,44 +464,48 @@ public class SentryPolicyServiceClientDefaultImpl implements SentryPolicyService } private TSentryPrivilege grantPrivilege(String requestorUserName, - String roleName, - PrivilegeScope scope, String serverName, String uri, String db, - String table, String column, String action) throws SentryUserException { + String roleName, + PrivilegeScope scope, String serverName, String uri, String db, + String table, String column, String action) throws SentryUserException { return grantPrivilege(requestorUserName, roleName, scope, serverName, uri, - db, table, column, action, false); + db, table, column, action, false); } private TSentryPrivilege grantPrivilege(String requestorUserName, - String roleName, PrivilegeScope scope, String serverName, String uri, String db, String table, - String column, String action, Boolean grantOption) - throws SentryUserException { + + String roleName, PrivilegeScope scope, String serverName, String uri, String db, String table, + String column, String action, Boolean grantOption) + throws SentryUserException { TSentryPrivilege privilege = - convertToTSentryPrivilege(scope, serverName, uri, db, table, column, action, grantOption); + convertToTSentryPrivilege(scope, serverName, uri, db, table, column, action, grantOption); return grantPrivilegeCore(requestorUserName, roleName, privilege); } private Set<TSentryPrivilege> grantPrivileges(String requestorUserName, - String roleName, - PrivilegeScope scope, String serverName, String uri, String db, - String table, List<String> columns, String action) throws SentryUserException { + String roleName, + PrivilegeScope scope, String serverName, String uri, String db, + String table, List<String> columns, String action) throws SentryUserException { return grantPrivileges(requestorUserName, roleName, scope, serverName, uri, - db, table, columns, action, false); + db, table, columns, action, false); } private Set<TSentryPrivilege> grantPrivileges(String requestorUserName, - String roleName, PrivilegeScope scope, String serverName, String uri, String db, String table, - List<String> columns, String action, Boolean grantOption) - throws SentryUserException { + String roleName, PrivilegeScope scope, String serverName, String uri, String db, String + table, + List<String> columns, String action, Boolean grantOption) + throws SentryUserException { Set<TSentryPrivilege> privileges = convertColumnPrivileges(scope, - serverName, uri, db, table, columns, action, grantOption); + serverName, uri, db, table, columns, action, grantOption); return grantPrivilegesCore(requestorUserName, roleName, privileges); } - public synchronized void revokePrivileges(String requestorUserName, String roleName, Set<TSentryPrivilege> privileges) throws SentryUserException { + @Override + public synchronized void revokePrivileges(String requestorUserName, String roleName, Set<TSentryPrivilege> privileges) throws SentryUserException { this.revokePrivilegesCore(requestorUserName, roleName, privileges); } - public synchronized void revokePrivilege(String requestorUserName, String roleName, TSentryPrivilege privilege) throws SentryUserException { + @Override + public synchronized void revokePrivilege(String requestorUserName, String roleName, TSentryPrivilege privilege) throws SentryUserException { this.revokePrivilegeCore(requestorUserName, roleName, privilege); } @@ -654,30 +522,33 @@ public class SentryPolicyServiceClientDefaultImpl implements SentryPolicyService request.setPrivileges(privileges); try { TAlterSentryRoleRevokePrivilegeResponse response = client.alter_sentry_role_revoke_privilege( - request); + request); Status.throwIfNotOk(response.getStatus()); } catch (TException e) { throw new SentryUserException(THRIFT_EXCEPTION_MESSAGE, e); } } + @Override public synchronized void revokeURIPrivilege(String requestorUserName, - String roleName, String server, String uri) - throws SentryUserException { + String roleName, String server, String uri) + throws SentryUserException { revokePrivilege(requestorUserName, roleName, - PrivilegeScope.URI, server, uri, null, null, null, AccessConstants.ALL); + PrivilegeScope.URI, server, uri, null, null, null, AccessConstants.ALL); } + @Override public synchronized void revokeURIPrivilege(String requestorUserName, - String roleName, String server, String uri, Boolean grantOption) - throws SentryUserException { + String roleName, String server, String uri, Boolean grantOption) + throws SentryUserException { revokePrivilege(requestorUserName, roleName, - PrivilegeScope.URI, server, uri, null, null, null, AccessConstants.ALL, grantOption); + PrivilegeScope.URI, server, uri, null, null, null, AccessConstants.ALL, grantOption); } + @Override public synchronized void revokeServerPrivilege(String requestorUserName, - String roleName, String server, String action) - throws SentryUserException { + String roleName, String server, String action) + throws SentryUserException { // "ALL" and "*" should be synonyms for action and need to be unified with revokeServerPrivilege without // action explicitly specified. @@ -686,12 +557,12 @@ public class SentryPolicyServiceClientDefaultImpl implements SentryPolicyService } revokePrivilege(requestorUserName, roleName, - PrivilegeScope.SERVER, server, null, null, null, null, action); + PrivilegeScope.SERVER, server, null, null, null, null, action); } public synchronized void revokeServerPrivilege(String requestorUserName, - String roleName, String server, String action, Boolean grantOption) - throws SentryUserException { + String roleName, String server, String action, Boolean grantOption) + throws SentryUserException { // "ALL" and "*" should be synonyms for action and need to be unified with revokeServerPrivilege without // action explicitly specified. @@ -700,7 +571,7 @@ public class SentryPolicyServiceClientDefaultImpl implements SentryPolicyService } revokePrivilege(requestorUserName, roleName, - PrivilegeScope.SERVER, server, null, null, null, null, action, grantOption); + PrivilegeScope.SERVER, server, null, null, null, null, action, grantOption); } @Deprecated @@ -708,98 +579,108 @@ public class SentryPolicyServiceClientDefaultImpl implements SentryPolicyService * Should use revokeServerPrivilege(String requestorUserName, * String roleName, String server, String action, Boolean grantOption) */ + @Override public synchronized void revokeServerPrivilege(String requestorUserName, - String roleName, String server, boolean grantOption) - throws SentryUserException { + String roleName, String server, boolean grantOption) + throws SentryUserException { revokePrivilege(requestorUserName, roleName, PrivilegeScope.SERVER, server, null, null, null, null, AccessConstants.ALL, grantOption); } + @Override public synchronized void revokeDatabasePrivilege(String requestorUserName, - String roleName, String server, String db, String action) - throws SentryUserException { + String roleName, String server, String db, String action) + throws SentryUserException { revokePrivilege(requestorUserName, roleName, - PrivilegeScope.DATABASE, server, null, db, null, null, action); + PrivilegeScope.DATABASE, server, null, db, null, null, action); } + @Override public synchronized void revokeDatabasePrivilege(String requestorUserName, - String roleName, String server, String db, String action, Boolean grantOption) - throws SentryUserException { + String roleName, String server, String db, String action, Boolean grantOption) + throws SentryUserException { revokePrivilege(requestorUserName, roleName, - PrivilegeScope.DATABASE, server, null, db, null, null, action, grantOption); + PrivilegeScope.DATABASE, server, null, db, null, null, action, grantOption); } + @Override public synchronized void revokeTablePrivilege(String requestorUserName, - String roleName, String server, String db, String table, String action) - throws SentryUserException { + String roleName, String server, String db, String table, String action) + throws SentryUserException { revokePrivilege(requestorUserName, roleName, - PrivilegeScope.TABLE, server, null, - db, table, null, action); + PrivilegeScope.TABLE, server, null, + db, table, null, action); } + @Override public synchronized void revokeTablePrivilege(String requestorUserName, - String roleName, String server, String db, String table, String action, Boolean grantOption) - throws SentryUserException { + String roleName, String server, String db, String table, String action, Boolean grantOption) + throws SentryUserException { revokePrivilege(requestorUserName, roleName, - PrivilegeScope.TABLE, server, null, - db, table, null, action, grantOption); + PrivilegeScope.TABLE, server, null, + db, table, null, action, grantOption); } + @Override public synchronized void revokeColumnPrivilege(String requestorUserName, String roleName, - String server, String db, String table, String columnName, String action) - throws SentryUserException { + String server, String db, String table, String columnName, String action) + throws SentryUserException { ImmutableList.Builder<String> listBuilder = ImmutableList.builder(); listBuilder.add(columnName); revokePrivilege(requestorUserName, roleName, - PrivilegeScope.COLUMN, server, null, - db, table, listBuilder.build(), action); + PrivilegeScope.COLUMN, server, null, + db, table, listBuilder.build(), action); } + @Override public synchronized void revokeColumnPrivilege(String requestorUserName, String roleName, - String server, String db, String table, String columnName, String action, Boolean grantOption) - throws SentryUserException { + String server, String db, String table, String columnName, String action, Boolean grantOption) + throws SentryUserException { ImmutableList.Builder<String> listBuilder = ImmutableList.builder(); listBuilder.add(columnName); revokePrivilege(requestorUserName, roleName, - PrivilegeScope.COLUMN, server, null, - db, table, listBuilder.build(), action, grantOption); + PrivilegeScope.COLUMN, server, null, + db, table, listBuilder.build(), action, grantOption); } + @Override public synchronized void revokeColumnsPrivilege(String requestorUserName, String roleName, - String server, String db, String table, List<String> columns, String action) - throws SentryUserException { + String server, String db, String table, List<String> columns, String action) + throws SentryUserException { revokePrivilege(requestorUserName, roleName, - PrivilegeScope.COLUMN, server, null, - db, table, columns, action); + PrivilegeScope.COLUMN, server, null, + db, table, columns, action); } + @Override public synchronized void revokeColumnsPrivilege(String requestorUserName, String roleName, - String server, String db, String table, List<String> columns, String action, Boolean grantOption) - throws SentryUserException { + String server, String db, String table, List<String> columns, String action, Boolean grantOption) + throws SentryUserException { revokePrivilege(requestorUserName, roleName, - PrivilegeScope.COLUMN, server, null, - db, table, columns, action, grantOption); + PrivilegeScope.COLUMN, server, null, + db, table, columns, action, grantOption); } private void revokePrivilege(String requestorUserName, - String roleName, PrivilegeScope scope, String serverName, String uri, - String db, String table, List<String> columns, String action) - throws SentryUserException { + String roleName, PrivilegeScope scope, String serverName, String uri, + String db, String table, List<String> columns, String action) + throws SentryUserException { this.revokePrivilege(requestorUserName, roleName, scope, serverName, uri, db, table, columns, action, false); } private void revokePrivilege(String requestorUserName, String roleName, - PrivilegeScope scope, String serverName, String uri, String db, String table, List<String> columns, - String action, Boolean grantOption) - throws SentryUserException { + PrivilegeScope scope, String serverName, String uri, String db, String table, List<String> columns, + String action, Boolean grantOption) + throws SentryUserException { Set<TSentryPrivilege> privileges = convertColumnPrivileges(scope, - serverName, uri, db, table, columns, action, grantOption); + serverName, uri, db, table, columns, action, grantOption); this.revokePrivilegesCore(requestorUserName, roleName, privileges); } private Set<TSentryPrivilege> convertColumnPrivileges( - PrivilegeScope scope, String serverName, String uri, String db, String table, List<String> columns, - String action, Boolean grantOption) { + PrivilegeScope scope, String serverName, String uri, String db, String + table, List<String> columns, + String action, Boolean grantOption) { ImmutableSet.Builder<TSentryPrivilege> setBuilder = ImmutableSet.builder(); if (columns == null || columns.isEmpty()) { TSentryPrivilege privilege = new TSentryPrivilege(); @@ -832,8 +713,9 @@ public class SentryPolicyServiceClientDefaultImpl implements SentryPolicyService } private TSentryPrivilege convertToTSentryPrivilege( - PrivilegeScope scope, String serverName, String uri, String db, String table, String column, - String action, Boolean grantOption) { + PrivilegeScope scope, String serverName, String uri, String db, String table, String + column, + String action, Boolean grantOption) { TSentryPrivilege privilege = new TSentryPrivilege(); privilege.setPrivilegeScope(scope.toString()); privilege.setServerName(serverName); @@ -858,15 +740,17 @@ public class SentryPolicyServiceClientDefaultImpl implements SentryPolicyService return TSentryGrantOption.FALSE; } - public synchronized Set<String> listPrivilegesForProvider(Set<String> groups, Set<String> users, - ActiveRoleSet roleSet, Authorizable... authorizable) throws SentryUserException { + @Override + public synchronized Set<String> listPrivilegesForProvider + (Set<String> groups, Set<String> users, + ActiveRoleSet roleSet, Authorizable... authorizable) throws SentryUserException { TSentryActiveRoleSet thriftRoleSet = new TSentryActiveRoleSet(roleSet.isAll(), roleSet.getRoles()); TListSentryPrivilegesForProviderRequest request = - new TListSentryPrivilegesForProviderRequest(ThriftConstants. - TSENTRY_SERVICE_VERSION_CURRENT, groups, thriftRoleSet); + new TListSentryPrivilegesForProviderRequest(ThriftConstants. + TSENTRY_SERVICE_VERSION_CURRENT, groups, thriftRoleSet); if (authorizable != null && authorizable.length > 0) { TSentryAuthorizable tSentryAuthorizable = setupSentryAuthorizable(Lists - .newArrayList(authorizable)); + .newArrayList(authorizable)); request.setAuthorizableHierarchy(tSentryAuthorizable); } if (users != null) { @@ -883,25 +767,25 @@ public class SentryPolicyServiceClientDefaultImpl implements SentryPolicyService @Override public synchronized void grantRoleToGroup(String requestorUserName, - String groupName, String roleName) - throws SentryUserException { + String groupName, String roleName) + throws SentryUserException { grantRoleToGroups(requestorUserName, roleName, Sets.newHashSet(groupName)); } @Override public synchronized void revokeRoleFromGroup(String requestorUserName, - String groupName, String roleName) - throws SentryUserException { + String groupName, String roleName) + throws SentryUserException { revokeRoleFromGroups(requestorUserName, roleName, Sets.newHashSet(groupName)); } @Override public synchronized void grantRoleToGroups(String requestorUserName, - String roleName, Set<String> groups) - throws SentryUserException { + String roleName, Set<String> groups) + throws SentryUserException { TAlterSentryRoleAddGroupsRequest request = new TAlterSentryRoleAddGroupsRequest( - ThriftConstants.TSENTRY_SERVICE_VERSION_CURRENT, requestorUserName, - roleName, convert2TGroups(groups)); + ThriftConstants.TSENTRY_SERVICE_VERSION_CURRENT, requestorUserName, + roleName, convert2TGroups(groups)); try { TAlterSentryRoleAddGroupsResponse response = client.alter_sentry_role_add_groups(request); Status.throwIfNotOk(response.getStatus()); @@ -912,11 +796,11 @@ public class SentryPolicyServiceClientDefaultImpl implements SentryPolicyService @Override public synchronized void revokeRoleFromGroups(String requestorUserName, - String roleName, Set<String> groups) - throws SentryUserException { + String roleName, Set<String> groups) + throws SentryUserException { TAlterSentryRoleDeleteGroupsRequest request = new TAlterSentryRoleDeleteGroupsRequest( - ThriftConstants.TSENTRY_SERVICE_VERSION_CURRENT, requestorUserName, - roleName, convert2TGroups(groups)); + ThriftConstants.TSENTRY_SERVICE_VERSION_CURRENT, requestorUserName, + roleName, convert2TGroups(groups)); try { TAlterSentryRoleDeleteGroupsResponse response = client.alter_sentry_role_delete_groups(request); Status.throwIfNotOk(response.getStatus()); @@ -927,21 +811,21 @@ public class SentryPolicyServiceClientDefaultImpl implements SentryPolicyService @Override public synchronized void grantRoleToUser(String requestorUserName, String userName, - String roleName) throws SentryUserException { + String roleName) throws SentryUserException { grantRoleToUsers(requestorUserName, roleName, Sets.newHashSet(userName)); } @Override public synchronized void revokeRoleFromUser(String requestorUserName, String userName, - String roleName) throws SentryUserException { + String roleName) throws SentryUserException { revokeRoleFromUsers(requestorUserName, roleName, Sets.newHashSet(userName)); } @Override public synchronized void grantRoleToUsers(String requestorUserName, String roleName, - Set<String> users) throws SentryUserException { + Set<String> users) throws SentryUserException { TAlterSentryRoleAddUsersRequest request = new TAlterSentryRoleAddUsersRequest( - ThriftConstants.TSENTRY_SERVICE_VERSION_CURRENT, requestorUserName, roleName, users); + ThriftConstants.TSENTRY_SERVICE_VERSION_CURRENT, requestorUserName, roleName, users); try { TAlterSentryRoleAddUsersResponse response = client.alter_sentry_role_add_users(request); Status.throwIfNotOk(response.getStatus()); @@ -952,9 +836,9 @@ public class SentryPolicyServiceClientDefaultImpl implements SentryPolicyService @Override public synchronized void revokeRoleFromUsers(String requestorUserName, String roleName, - Set<String> users) throws SentryUserException { + Set<String> users) throws SentryUserException { TAlterSentryRoleDeleteUsersRequest request = new TAlterSentryRoleDeleteUsersRequest( - ThriftConstants.TSENTRY_SERVICE_VERSION_CURRENT, requestorUserName, roleName, users); + ThriftConstants.TSENTRY_SERVICE_VERSION_CURRENT, requestorUserName, roleName, users); try { TAlterSentryRoleDeleteUsersResponse response = client.alter_sentry_role_delete_users(request); Status.throwIfNotOk(response.getStatus()); @@ -973,14 +857,15 @@ public class SentryPolicyServiceClientDefaultImpl implements SentryPolicyService return tGroups; } + @Override public synchronized void dropPrivileges(String requestorUserName, - List<? extends Authorizable> authorizableObjects) - throws SentryUserException { + List<? extends Authorizable> authorizableObjects) + throws SentryUserException { TSentryAuthorizable tSentryAuthorizable = setupSentryAuthorizable(authorizableObjects); TDropPrivilegesRequest request = new TDropPrivilegesRequest( - ThriftConstants.TSENTRY_SERVICE_VERSION_CURRENT, requestorUserName, - tSentryAuthorizable); + ThriftConstants.TSENTRY_SERVICE_VERSION_CURRENT, requestorUserName, + tSentryAuthorizable); try { TDropPrivilegesResponse response = client.drop_sentry_privilege(request); Status.throwIfNotOk(response.getStatus()); @@ -989,25 +874,28 @@ public class SentryPolicyServiceClientDefaultImpl implements SentryPolicyService } } + @Override public synchronized void renamePrivileges(String requestorUserName, - List<? extends Authorizable> oldAuthorizables, - List<? extends Authorizable> newAuthorizables) throws SentryUserException { + List<? extends Authorizable> oldAuthorizables, + List<? extends Authorizable> newAuthorizables) throws SentryUserException { TSentryAuthorizable tOldSentryAuthorizable = setupSentryAuthorizable(oldAuthorizables); TSentryAuthorizable tNewSentryAuthorizable = setupSentryAuthorizable(newAuthorizables); TRenamePrivilegesRequest request = new TRenamePrivilegesRequest( - ThriftConstants.TSENTRY_SERVICE_VERSION_CURRENT, requestorUserName, - tOldSentryAuthorizable, tNewSentryAuthorizable); + ThriftConstants.TSENTRY_SERVICE_VERSION_CURRENT, requestorUserName, + tOldSentryAuthorizable, tNewSentryAuthorizable); try { TRenamePrivilegesResponse response = client - .rename_sentry_privilege(request); + .rename_sentry_privilege(request); Status.throwIfNotOk(response.getStatus()); } catch (TException e) { throw new SentryUserException(THRIFT_EXCEPTION_MESSAGE, e); } } - public synchronized Map<TSentryAuthorizable, TSentryPrivilegeMap> listPrivilegsbyAuthorizable( + @Override + public synchronized Map<TSentryAuthorizable, TSentryPrivilegeMap> listPrivilegsbyAuthorizable + ( String requestorUserName, Set<List<? extends Authorizable>> authorizables, Set<String> groups, ActiveRoleSet roleSet) throws SentryUserException { @@ -1017,8 +905,8 @@ public class SentryPolicyServiceClientDefaultImpl implements SentryPolicyService authSet.add(setupSentryAuthorizable(authorizableHierarchy)); } TListSentryPrivilegesByAuthRequest request = new TListSentryPrivilegesByAuthRequest( - ThriftConstants.TSENTRY_SERVICE_VERSION_CURRENT, requestorUserName, - authSet); + ThriftConstants.TSENTRY_SERVICE_VERSION_CURRENT, requestorUserName, + authSet); if (groups != null) { request.setGroups(groups); } @@ -1028,7 +916,7 @@ public class SentryPolicyServiceClientDefaultImpl implements SentryPolicyService try { TListSentryPrivilegesByAuthResponse response = client - .list_sentry_privileges_by_authorizable(request); + .list_sentry_privileges_by_authorizable(request); Status.throwIfNotOk(response.getStatus()); return response.getPrivilegesMapByAuth(); } catch (TException e) { @@ -1041,15 +929,18 @@ public class SentryPolicyServiceClientDefaultImpl implements SentryPolicyService * propertyName, or if propertyName does not exist, the defaultValue. * There is no "requestorUserName" because this is regarded as an * internal interface. + * * @param propertyName Config attribute to search for * @param defaultValue String to return if not found * @return The value of the propertyName * @throws SentryUserException */ + + @Override public synchronized String getConfigValue(String propertyName, String defaultValue) - throws SentryUserException { + throws SentryUserException { TSentryConfigValueRequest request = new TSentryConfigValueRequest( - ThriftConstants.TSENTRY_SERVICE_VERSION_CURRENT, propertyName); + ThriftConstants.TSENTRY_SERVICE_VERSION_CURRENT, propertyName); if (defaultValue != null) { request.setDefaultValue(defaultValue); } @@ -1062,44 +953,34 @@ public class SentryPolicyServiceClientDefaultImpl implements SentryPolicyService } } - public synchronized void close() { - if (isConnected()) { - transport.close(); - } - } - - private boolean isConnected() { - return transport != null && transport.isOpen(); - } - /** * Import the sentry mapping data, convert the mapping data from map structure to * TSentryMappingData, and call the import API. - * - * @param policyFileMappingData - * Include 2 maps to save the mapping data, the following is the example of the data - * structure: - * for the following mapping data: - * group1=role1,role2 - * group2=role2,role3 - * role1=server=server1->db=db1 - * role2=server=server1->db=db1->table=tbl1,server=server1->db=db1->table=tbl2 - * role3=server=server1->url=hdfs://localhost/path - * - * The policyFileMappingData will be inputed as: - * { - * groups={[group1={role1, role2}], group2=[role2, role3]}, - * roles={role1=[server=server1->db=db1], - * role2=[server=server1->db=db1->table=tbl1,server=server1->db=db1->table=tbl2], - * role3=[server=server1->url=hdfs://localhost/path] - * } - * } - * @param requestorUserName - * The name of the request user + * + * @param policyFileMappingData Include 2 maps to save the mapping data, the following is the example of the data + * structure: + * for the following mapping data: + * group1=role1,role2 + * group2=role2,role3 + * role1=server=server1->db=db1 + * role2=server=server1->db=db1->table=tbl1,server=server1->db=db1->table=tbl2 + * role3=server=server1->url=hdfs://localhost/path + * <p> + * The policyFileMappingData will be inputed as: + * { + * groups={[group1={role1, role2}], group2=[role2, role3]}, + * roles={role1=[server=server1->db=db1], + * role2=[server=server1->db=db1->table=tbl1,server=server1->db=db1->table=tbl2], + * role3=[server=server1->url=hdfs://localhost/path] + * } + * } + * @param requestorUserName The name of the request user */ - public synchronized void importPolicy(Map<String, Map<String, Set<String>>> policyFileMappingData, - String requestorUserName, boolean isOverwriteRole) - throws SentryUserException { + @Override + public synchronized void importPolicy + (Map<String, Map<String, Set<String>>> policyFileMappingData, + String requestorUserName, boolean isOverwriteRole) + throws SentryUserException { try { TSentryMappingData tSentryMappingData = new TSentryMappingData(); // convert the mapping data for [group,role] from map structure to @@ -1109,11 +990,11 @@ public class SentryPolicyServiceClientDefaultImpl implements SentryPolicyService // convert the mapping data for [role,privilege] from map structure to // TSentryMappingData.RolePrivilegesMap tSentryMappingData - .setRolePrivilegesMap(convertRolePrivilegesMapForSentryDB(policyFileMappingData - .get(PolicyFileConstants.ROLES))); + .setRolePrivilegesMap(convertRolePrivilegesMapForSentryDB(policyFileMappingData + .get(PolicyFileConstants.ROLES))); TSentryImportMappingDataRequest request = new TSentryImportMappingDataRequest( - ThriftConstants.TSENTRY_SERVICE_VERSION_CURRENT, requestorUserName, isOverwriteRole, - tSentryMappingData); + ThriftConstants.TSENTRY_SERVICE_VERSION_CURRENT, requestorUserName, isOverwriteRole, + tSentryMappingData); TSentryImportMappingDataResponse response = client.import_sentry_mapping_data(request); Status.throwIfNotOk(response.getStatus()); } catch (TException e) { @@ -1124,7 +1005,7 @@ public class SentryPolicyServiceClientDefaultImpl implements SentryPolicyService // convert the mapping data for [role,privilege] from map structure to // TSentryMappingData.RolePrivilegesMap private Map<String, Set<TSentryPrivilege>> convertRolePrivilegesMapForSentryDB( - Map<String, Set<String>> rolePrivilegesMap) { + Map<String, Set<String>> rolePrivilegesMap) { Map<String, Set<TSentryPrivilege>> rolePrivilegesMapResult = Maps.newHashMap(); if (rolePrivilegesMap != null) { for (Map.Entry<String, Set<String>> entry : rolePrivilegesMap.entrySet()) { @@ -1140,10 +1021,12 @@ public class SentryPolicyServiceClientDefaultImpl implements SentryPolicyService } // export the sentry mapping data with map structure - public synchronized Map<String, Map<String, Set<String>>> exportPolicy(String requestorUserName, - String objectPath) throws SentryUserException { + @Override + public synchronized Map<String, Map<String, Set<String>>> exportPolicy(String + requestorUserName, + String objectPath) throws SentryUserException { TSentryExportMappingDataRequest request = new TSentryExportMappingDataRequest( - ThriftConstants.TSENTRY_SERVICE_VERSION_CURRENT, requestorUserName); + ThriftConstants.TSENTRY_SERVICE_VERSION_CURRENT, requestorUserName); request.setObjectPath(objectPath); try { TSentryExportMappingDataResponse response = client.export_sentry_mapping_data(request); @@ -1162,7 +1045,7 @@ public class SentryPolicyServiceClientDefaultImpl implements SentryPolicyService // convert the mapping data for [roleName,privilege] from TSentryMappingData.RolePrivilegesMap to // map structure private Map<String, Set<String>> convertRolePrivilegesMapForPolicyFile( - Map<String, Set<TSentryPrivilege>> rolePrivilegesMap) { + Map<String, Set<TSentryPrivilege>> rolePrivilegesMap) { Map<String, Set<String>> rolePrivilegesMapForFile = Maps.newHashMap(); if (rolePrivilegesMap != null) { for (Map.Entry<String, Set<TSentryPrivilege>> entry : rolePrivilegesMap.entrySet()) { @@ -1180,4 +1063,14 @@ public class SentryPolicyServiceClientDefaultImpl implements SentryPolicyService } return rolePrivilegesMapForFile; } + + @Override + public synchronized void close() { + transportFactory.close(); + } + + @Override + public void disconnect() { + transportFactory.releaseTransport(); + } } \ No newline at end of file
http://git-wip-us.apache.org/repos/asf/sentry/blob/14b3b904/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/thrift/SentryPolicyStoreProcessor.java ---------------------------------------------------------------------- diff --git a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/thrift/SentryPolicyStoreProcessor.java b/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/thrift/SentryPolicyStoreProcessor.java index 456dabc..d38b1eb 100644 --- a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/thrift/SentryPolicyStoreProcessor.java +++ b/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/thrift/SentryPolicyStoreProcessor.java @@ -47,7 +47,7 @@ import org.apache.sentry.provider.db.log.entity.JsonLogEntity; import org.apache.sentry.provider.db.log.entity.JsonLogEntityFactory; import org.apache.sentry.provider.db.log.util.Constants; import org.apache.sentry.provider.db.service.persistent.SentryStore; -import org.apache.sentry.provider.db.service.thrift.PolicyStoreConstants.PolicyStoreServerConfig; +import org.apache.sentry.core.common.utils.PolicyStoreConstants.PolicyStoreServerConfig; import org.apache.sentry.provider.db.service.thrift.validator.GrantPrivilegeRequestValidator; import org.apache.sentry.provider.db.service.thrift.validator.RevokePrivilegeRequestValidator; import org.apache.sentry.service.thrift.SentryServiceUtil; http://git-wip-us.apache.org/repos/asf/sentry/blob/14b3b904/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/thrift/SentryProcessorWrapper.java ---------------------------------------------------------------------- diff --git a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/thrift/SentryProcessorWrapper.java b/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/thrift/SentryProcessorWrapper.java index a5f11a9..5e26486 100644 --- a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/thrift/SentryProcessorWrapper.java +++ b/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/thrift/SentryProcessorWrapper.java @@ -18,6 +18,7 @@ package org.apache.sentry.provider.db.service.thrift; +import org.apache.sentry.core.common.utils.ThriftUtil; import org.apache.thrift.TException; import org.apache.thrift.protocol.TProtocol; http://git-wip-us.apache.org/repos/asf/sentry/blob/14b3b904/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/thrift/ThriftUtil.java ---------------------------------------------------------------------- diff --git a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/thrift/ThriftUtil.java b/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/thrift/ThriftUtil.java deleted file mode 100644 index 5fed04a..0000000 --- a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/thrift/ThriftUtil.java +++ /dev/null @@ -1,127 +0,0 @@ -/** - * Licensed to the Apache Software Foundation (ASF) under one - * or more contributor license agreements. See the NOTICE file - * distributed with this work for additional information - * regarding copyright ownership. The ASF licenses this file - * to you under the Apache License, Version 2.0 (the - * "License"); you may not use this file except in compliance - * with the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -package org.apache.sentry.provider.db.service.thrift; - -import com.google.common.net.HostAndPort; -import org.apache.thrift.protocol.TProtocol; -import org.apache.thrift.transport.TSaslClientTransport; -import org.apache.thrift.transport.TSaslServerTransport; -import org.apache.thrift.transport.TSocket; -import org.apache.thrift.transport.TTransport; -import org.slf4j.Logger; -import org.slf4j.LoggerFactory; - -import com.google.common.base.Preconditions; - -public final class ThriftUtil { - - private static final Logger LOGGER = LoggerFactory.getLogger(ThriftUtil.class); - - public static void setImpersonator(final TProtocol in) { - try { - TTransport transport = in.getTransport(); - if (transport instanceof TSaslServerTransport) { - String impersonator = ((TSaslServerTransport) transport).getSaslServer() - .getAuthorizationID(); - setImpersonator(impersonator); - } - } catch (Exception e) { - // If there has exception when get impersonator info, log the error information. - LOGGER.warn("There is an error when get the impersonator:" + e.getMessage()); - } - } - - public static void setIpAddress(final TProtocol in) { - try { - TTransport transport = in.getTransport(); - TSocket tSocket = getUnderlyingSocketFromTransport(transport); - if (tSocket != null) { - setIpAddress(tSocket.getSocket().getInetAddress().toString()); - } else { - LOGGER.warn("Unknown Transport, cannot determine ipAddress"); - } - } catch (Exception e) { - // If there has exception when get impersonator info, log the error information. - LOGGER.warn("There is an error when get the client's ip address:" + e.getMessage()); - } - } - - /** - * Returns the underlying TSocket from the transport, or null of the transport type is unknown. - */ - private static TSocket getUnderlyingSocketFromTransport(TTransport transport) { - Preconditions.checkNotNull(transport); - if (transport instanceof TSaslServerTransport) { - return (TSocket) ((TSaslServerTransport) transport).getUnderlyingTransport(); - } else if (transport instanceof TSaslClientTransport) { - return (TSocket) ((TSaslClientTransport) transport).getUnderlyingTransport(); - } else if (transport instanceof TSocket) { - return (TSocket) transport; - } - return null; - } - - private static ThreadLocal<String> threadLocalIpAddress = new ThreadLocal<String>() { - @Override - protected synchronized String initialValue() { - return ""; - } - }; - - public static void setIpAddress(String ipAddress) { - threadLocalIpAddress.set(ipAddress); - } - - public static String getIpAddress() { - return threadLocalIpAddress.get(); - } - - private static ThreadLocal<String> threadLocalImpersonator = new ThreadLocal<String>() { - @Override - protected synchronized String initialValue() { - return ""; - } - }; - - public static void setImpersonator(String impersonator) { - threadLocalImpersonator.set(impersonator); - } - - public static String getImpersonator() { - return threadLocalImpersonator.get(); - } - - private ThriftUtil() { - // Make constructor private to avoid instantiation - } - - /** - * Utility function for parsing host and port strings. Expected form should be - * (host:port). The hostname could be in ipv6 style. If port is not specified, - * defaultPort will be used. - */ - public static HostAndPort[] parseHostPortStrings(String[] hostsAndPortsArr, int defaultPort) { - HostAndPort[] hostsAndPorts = new HostAndPort[hostsAndPortsArr.length]; - for (int i = 0; i < hostsAndPorts.length; i++) { - hostsAndPorts[i] = - HostAndPort.fromString(hostsAndPortsArr[i]).withDefaultPort(defaultPort); - } - return hostsAndPorts; - } -} \ No newline at end of file http://git-wip-us.apache.org/repos/asf/sentry/blob/14b3b904/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/service/thrift/PoolClientInvocationHandler.java ---------------------------------------------------------------------- diff --git a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/service/thrift/PoolClientInvocationHandler.java b/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/service/thrift/PoolClientInvocationHandler.java index d5f4fcb..acf9b05 100644 --- a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/service/thrift/PoolClientInvocationHandler.java +++ b/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/service/thrift/PoolClientInvocationHandler.java @@ -28,8 +28,9 @@ import org.apache.commons.pool2.impl.GenericObjectPool; import org.apache.commons.pool2.impl.GenericObjectPoolConfig; import org.apache.hadoop.conf.Configuration; import org.apache.sentry.core.common.exception.SentryUserException; +import org.apache.sentry.core.common.transport.SentryClientInvocationHandler; import org.apache.sentry.provider.db.service.thrift.SentryPolicyServiceClient; -import org.apache.sentry.provider.db.service.thrift.ThriftUtil; +import org.apache.sentry.core.common.utils.ThriftUtil; import org.apache.sentry.service.thrift.ServiceConstants.ClientConfig; import org.apache.thrift.transport.TTransportException; import org.slf4j.Logger; http://git-wip-us.apache.org/repos/asf/sentry/blob/14b3b904/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/service/thrift/RetryClientInvocationHandler.java ---------------------------------------------------------------------- diff --git a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/service/thrift/RetryClientInvocationHandler.java b/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/service/thrift/RetryClientInvocationHandler.java deleted file mode 100644 index 2f38198..0000000 --- a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/service/thrift/RetryClientInvocationHandler.java +++ /dev/null @@ -1,146 +0,0 @@ -/** - * Licensed to the Apache Software Foundation (ASF) under one - * or more contributor license agreements. See the NOTICE file - * distributed with this work for additional information - * regarding copyright ownership. The ASF licenses this file - * to you under the Apache License, Version 2.0 (the - * "License"); you may not use this file except in compliance - * with the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ -package org.apache.sentry.service.thrift; - -import com.google.common.base.Preconditions; -import org.apache.hadoop.conf.Configuration; -import org.apache.sentry.core.common.exception.SentryUserException; -import org.apache.sentry.provider.db.service.thrift.SentryPolicyServiceClientDefaultImpl; -import org.apache.thrift.transport.TTransportException; -import org.slf4j.Logger; -import org.slf4j.LoggerFactory; - -import java.io.IOException; -import java.lang.reflect.InvocationTargetException; -import java.lang.reflect.Method; - -/** - * The RetryClientInvocationHandler is a proxy class for handling thrift calls for non-pool - * model. Currently only one client connection is allowed, and it's using lazy connection. - * The client is not connected to the sentry server until there is any rpc call. - * <p> - * For every rpc call, if the client is not connected, it will first connect to a sentry - * server, and then do the thrift call to the connected sentry server, which will execute - * the requested method and return back the response. If it is failed with connection - * problem, it will close the current connection and retry (reconnect and resend the - * thrift call) no more than rpcRetryTotal times. If the client is already connected, it - * will reuse the existing connection, and do the thrift call. - * <p> - * During reconnection, it will first cycle through all the available sentry servers, and - * then retry the whole server list no more than connectionFullRetryTotal times. In this - * case, it won't introduce more latency when some server fails. Also to prevent all - * clients connecting to the same server, it will reorder the endpoints randomly after a - * full retry. - * <p> - * TODO: allow multiple client connections - */ -class RetryClientInvocationHandler extends SentryClientInvocationHandler{ - private static final Logger LOGGER = - LoggerFactory.getLogger(RetryClientInvocationHandler.class); - private final Configuration conf; - private SentryPolicyServiceClientDefaultImpl client = null; - private final int rpcRetryTotal; - - /** - * Initialize the sentry configurations, including rpc retry count and client connection - * configs for SentryPolicyServiceClientDefaultImpl - */ - RetryClientInvocationHandler(Configuration conf) throws Exception { - this.conf = conf; - Preconditions.checkNotNull(this.conf, "Configuration object cannot be null"); - this.rpcRetryTotal = conf.getInt(ServiceConstants.ClientConfig.SENTRY_RPC_RETRY_TOTAL, - ServiceConstants.ClientConfig.SENTRY_RPC_RETRY_TOTAL_DEFAULT); - client = new SentryPolicyServiceClientDefaultImpl(conf); - } - - /** - * For every rpc call, if the client is not connected, it will first connect to a sentry - * server, and then do the thrift call to the connected sentry server, which will - * execute the requested method and return back the response. If it is failed with - * connection problem, it will close the current connection, and retry (reconnect and - * resend the thrift call) no more than rpcRetryTotal times. Throw SentryUserException - * if failed retry after rpcRetryTotal times. - * if it is failed with other exception, method would just re-throw the exception. - * Synchronized it for thread safety. - */ - @Override - synchronized Object invokeImpl(Object proxy, Method method, Object[] args) throws Exception { - int retryCount = 0; - Exception lastExc = null; - - while (retryCount < rpcRetryTotal) { - // Connect to a sentry server if not connected yet. - try { - client.connectWithRetry(); - } catch (IOException e) { - // Increase the retry num - // Retry when the exception is caused by connection problem. - retryCount++; - lastExc = e; - close(); - continue; - } catch (Exception e) { - close(); - throw e; - } - - // do the thrift call - try { - return method.invoke(client, args); - } catch (InvocationTargetException e) { - // Get the target exception, check if SentryUserException or TTransportException is wrapped. - // TTransportException means there has connection problem with the pool. - Throwable targetException = e.getCause(); - if (targetException instanceof SentryUserException) { - Throwable sentryTargetException = targetException.getCause(); - // If there has connection problem, eg, invalid connection if the service restarted, - // sentryTargetException instanceof TTransportException = true. - if (sentryTargetException instanceof TTransportException) { - // Retry when the exception is caused by connection problem. - lastExc = new TTransportException(sentryTargetException); - LOGGER.debug("Got TTransportException when do the thrift call ", lastExc); - } else { - // The exception is thrown by thrift call, eg, SentryAccessDeniedException. - // Do not need to reconnect to the sentry server. - throw (SentryUserException) targetException; - } - } else { - throw e; - } - } - - // Increase the retry num - retryCount++; - - // For connection problem, it will close the current connection, and reconnect to - // an available sentry server and redo the thrift call. - close(); - } - // Throw the exception as reaching the max rpc retry num. - LOGGER.error(String.format("failed after %d retries ", rpcRetryTotal), lastExc); - throw new SentryUserException( - String.format("failed after %d retries ", rpcRetryTotal), lastExc); - } - - @Override - public void close() { - client.close(); - LOGGER.debug("Close the current client connection"); - } - -} http://git-wip-us.apache.org/repos/asf/sentry/blob/14b3b904/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/service/thrift/SentryClientInvocationHandler.java ---------------------------------------------------------------------- diff --git a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/service/thrift/SentryClientInvocationHandler.java b/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/service/thrift/SentryClientInvocationHandler.java deleted file mode 100644 index b8c7f23..0000000 --- a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/service/thrift/SentryClientInvocationHandler.java +++ /dev/null @@ -1,54 +0,0 @@ -/** - * Licensed to the Apache Software Foundation (ASF) under one - * or more contributor license agreements. See the NOTICE file - * distributed with this work for additional information - * regarding copyright ownership. The ASF licenses this file - * to you under the Apache License, Version 2.0 (the - * "License"); you may not use this file except in compliance - * with the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ -package org.apache.sentry.service.thrift; - -import java.lang.reflect.InvocationHandler; -import java.lang.reflect.Method; - -/** - * SentryClientInvocationHandler is the base interface for all the InvocationHandler in SENTRY - */ -public abstract class SentryClientInvocationHandler implements InvocationHandler { - - /** - * Close the InvocationHandler: An InvocationHandler may create some contexts, - * these contexts should be close when the method "close()" of client be called. - */ - @Override - public final Object invoke(Object proxy, Method method, Object[] args) throws Exception { - // close() doesn't throw exception we supress that in case of connection - // loss. Changing SentryPolicyServiceClient#close() to throw an - // exception would be a backward incompatible change for Sentry clients. - if ("close".equals(method.getName()) && null == args) { - close(); - return null; - } - return invokeImpl(proxy, method, args); - } - - /** - * Subclass should implement this method for special function - */ - abstract Object invokeImpl(Object proxy, Method method, Object[] args) throws Exception; - - /** - * An abstract method "close", an invocationHandler should close its contexts at here. - */ - public abstract void close(); - -} http://git-wip-us.apache.org/repos/asf/sentry/blob/14b3b904/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/service/thrift/SentryServiceClientFactory.java ---------------------------------------------------------------------- diff --git a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/service/thrift/SentryServiceClientFactory.java b/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/service/thrift/SentryServiceClientFactory.java index f822497..7db9310 100644 --- a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/service/thrift/SentryServiceClientFactory.java +++ b/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/service/thrift/SentryServiceClientFactory.java @@ -6,9 +6,9 @@ * to you under the Apache License, Version 2.0 (the * "License"); you may not use this file except in compliance * with the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * + * <p> + * http://www.apache.org/licenses/LICENSE-2.0 + * <p> * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. @@ -22,28 +22,33 @@ import java.lang.reflect.Proxy; import org.apache.hadoop.conf.Configuration; +import org.apache.sentry.core.common.transport.RetryClientInvocationHandler; +import org.apache.sentry.core.common.transport.SentryPolicyClientTransportConfig; import org.apache.sentry.provider.db.service.thrift.SentryPolicyServiceClient; import org.apache.sentry.provider.db.service.thrift.SentryPolicyServiceClientDefaultImpl; import org.apache.sentry.service.thrift.ServiceConstants.ClientConfig; public final class SentryServiceClientFactory { + private static final SentryPolicyClientTransportConfig transportConfig = + new SentryPolicyClientTransportConfig(); private SentryServiceClientFactory() { } public static SentryPolicyServiceClient create(Configuration conf) throws Exception { boolean pooled = conf.getBoolean( - ClientConfig.SENTRY_POOL_ENABLED, ClientConfig.SENTRY_POOL_ENABLED_DEFAULT); + ClientConfig.SENTRY_POOL_ENABLED, ClientConfig.SENTRY_POOL_ENABLED_DEFAULT); if (pooled) { return (SentryPolicyServiceClient) Proxy - .newProxyInstance(SentryPolicyServiceClientDefaultImpl.class.getClassLoader(), - SentryPolicyServiceClientDefaultImpl.class.getInterfaces(), - new PoolClientInvocationHandler(conf)); + .newProxyInstance(SentryPolicyServiceClientDefaultImpl.class.getClassLoader(), + SentryPolicyServiceClientDefaultImpl.class.getInterfaces(), + new PoolClientInvocationHandler(conf)); } else { return (SentryPolicyServiceClient) Proxy - .newProxyInstance(SentryPolicyServiceClientDefaultImpl.class.getClassLoader(), - SentryPolicyServiceClientDefaultImpl.class.getInterfaces(), - new RetryClientInvocationHandler(conf)); + .newProxyInstance(SentryPolicyServiceClientDefaultImpl.class.getClassLoader(), + SentryPolicyServiceClientDefaultImpl.class.getInterfaces(), + new RetryClientInvocationHandler(conf, + new SentryPolicyServiceClientDefaultImpl(conf,transportConfig), transportConfig)); } } }
