http://git-wip-us.apache.org/repos/asf/sentry/blob/14b3b904/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/generic/service/thrift/SentryGenericServiceClientDefaultImpl.java ---------------------------------------------------------------------- diff --git a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/generic/service/thrift/SentryGenericServiceClientDefaultImpl.java b/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/generic/service/thrift/SentryGenericServiceClientDefaultImpl.java index 075983e..b7ac640 100644 --- a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/generic/service/thrift/SentryGenericServiceClientDefaultImpl.java +++ b/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/generic/service/thrift/SentryGenericServiceClientDefaultImpl.java @@ -6,9 +6,9 @@ * to you under the Apache License, Version 2.0 (the * "License"); you may not use this file except in compliance * with the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * + * <p> + * http://www.apache.org/licenses/LICENSE-2.0 + * <p> * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. @@ -18,27 +18,18 @@ package org.apache.sentry.provider.db.generic.service.thrift; import java.io.IOException; -import java.net.InetSocketAddress; -import java.security.PrivilegedExceptionAction; import java.util.*; -import javax.security.auth.callback.CallbackHandler; -import javax.security.sasl.Sasl; - -import com.google.common.collect.ImmutableMap; import org.apache.hadoop.conf.Configuration; -import static org.apache.hadoop.fs.CommonConfigurationKeysPublic.HADOOP_SECURITY_AUTHENTICATION; -import org.apache.hadoop.net.NetUtils; -import org.apache.hadoop.security.SaslRpcServer; -import org.apache.hadoop.security.SaslRpcServer.AuthMethod; -import org.apache.hadoop.security.SecurityUtil; -import org.apache.hadoop.security.UserGroupInformation; -import org.apache.sentry.core.common.exception.MissingConfigurationException; + +//import static org.apache.hadoop.fs.CommonConfigurationKeysPublic.HADOOP_SECURITY_AUTHENTICATION; + import org.apache.sentry.core.common.exception.SentryUserException; import org.apache.sentry.core.common.ActiveRoleSet; import org.apache.sentry.core.common.Authorizable; import org.apache.sentry.core.common.transport.SentryPolicyClientTransportConfig; -import org.apache.sentry.core.common.utils.SentryConstants; +import org.apache.sentry.core.common.transport.SentryServiceClient; +import org.apache.sentry.core.common.transport.SentryTransportFactory; import org.apache.sentry.core.model.db.AccessConstants; import org.apache.sentry.service.thrift.ServiceConstants; import org.apache.sentry.service.thrift.Status; @@ -46,146 +37,76 @@ import org.apache.sentry.service.thrift.sentry_common_serviceConstants; import org.apache.thrift.TException; import org.apache.thrift.protocol.TBinaryProtocol; import org.apache.thrift.protocol.TMultiplexedProtocol; -import org.apache.thrift.transport.TSaslClientTransport; -import org.apache.thrift.transport.TSocket; + import org.apache.thrift.transport.TTransport; -import org.apache.thrift.transport.TTransportException; import org.slf4j.Logger; import org.slf4j.LoggerFactory; -import com.google.common.base.Preconditions; import com.google.common.collect.Lists; -public class SentryGenericServiceClientDefaultImpl implements SentryGenericServiceClient { - private final Configuration conf; - private final InetSocketAddress serverAddress; - private final boolean kerberos; - private final String[] serverPrincipalParts; +/** + * Sentry Generic Service Client + * <p> + * The public implementation of SentryGenericServiceClient. + * TODO(kalyan) A Sentry Client in which all the operations are synchronized for thread safety + * Note: When using this client, if there is an exception in RPC, socket can get into an inconsistent state. + * So it is important to close and re-open the transportFactory so that new socket is used. + */ + +public class SentryGenericServiceClientDefaultImpl implements SentryGenericServiceClient, SentryServiceClient { private SentryGenericPolicyService.Client client; + private SentryTransportFactory transportFactory; private TTransport transport; - private int connectionTimeout; + private Configuration conf; private static final Logger LOGGER = LoggerFactory - .getLogger(SentryGenericServiceClientDefaultImpl.class); + .getLogger(SentryGenericServiceClientDefaultImpl.class); private static final String THRIFT_EXCEPTION_MESSAGE = "Thrift exception occured "; - private final SentryPolicyClientTransportConfig transportConfig = new SentryPolicyClientTransportConfig(); - - private static final ImmutableMap<String, String> SASL_PROPERTIES = - ImmutableMap.of(Sasl.SERVER_AUTH, "true", Sasl.QOP, "auth-conf"); - /** - * This transport wraps the Sasl transports to set up the right UGI context for open(). - */ - public static class UgiSaslClientTransport extends TSaslClientTransport { - protected UserGroupInformation ugi = null; - - public UgiSaslClientTransport(String mechanism, String authorizationId, - String protocol, String serverName, Map<String, String> props, - CallbackHandler cbh, TTransport transport, boolean wrapUgi, Configuration conf) - throws IOException { - super(mechanism, authorizationId, protocol, serverName, props, cbh, - transport); - if (wrapUgi) { - // If we don't set the configuration, the UGI will be created based on - // what's on the classpath, which may lack the kerberos changes we require - UserGroupInformation.setConfiguration(conf); - ugi = UserGroupInformation.getLoginUser(); - } - } + public SentryGenericServiceClientDefaultImpl(Configuration conf, SentryPolicyClientTransportConfig transportConfig) throws IOException { - // open the SASL transport with using the current UserGroupInformation - // This is needed to get the current login context stored - @Override - public void open() throws TTransportException { - if (ugi == null) { - baseOpen(); - } else { - try { - if (ugi.isFromKeytab()) { - ugi.checkTGTAndReloginFromKeytab(); - } - ugi.doAs(new PrivilegedExceptionAction<Void>() { - public Void run() throws TTransportException { - baseOpen(); - return null; - } - }); - } catch (IOException e) { - throw new TTransportException("Failed to open SASL transport: " + e.getMessage(), e); - } catch (InterruptedException e) { - throw new TTransportException( - "Interrupted while opening underlying transport: " + e.getMessage(), e); - } - } - } - - private void baseOpen() throws TTransportException { - super.open(); - } + //TODO(kalyan) need to find appropriate place to add it + // if (kerberos) { + // // since the client uses hadoop-auth, we need to set kerberos in + // // hadoop-auth if we plan to use kerberos + // conf.set(HADOOP_SECURITY_AUTHENTICATION, SentryConstants.KERBEROS_MoODE); + // } + this.conf = conf; + transportFactory = new SentryTransportFactory(conf, transportConfig); } - public SentryGenericServiceClientDefaultImpl(Configuration conf) throws Exception { - // copy the configuration because we may make modifications to it. - this.conf = new Configuration(conf); - - Preconditions.checkNotNull(this.conf, "Configuration object cannot be null"); - try { - this.serverAddress = NetUtils.createSocketAddr( - transportConfig.getSentryServerRpcAddress(conf), - transportConfig.getServerRpcPort(conf)); - - - this.connectionTimeout = transportConfig.getServerRpcConnTimeoutInMs(conf); - kerberos = transportConfig.isKerberosEnabled(conf); - transport = new TSocket(serverAddress.getHostName(), - serverAddress.getPort(), connectionTimeout); - if (kerberos) { - String serverPrincipal = transportConfig.getSentryPrincipal(conf); - // since the client uses hadoop-auth, we need to set kerberos in - // hadoop-auth if we plan to use kerberos - conf.set(HADOOP_SECURITY_AUTHENTICATION, SentryConstants.KERBEROS_MODE); - - // Resolve server host in the same way as we are doing on server side - serverPrincipal = SecurityUtil.getServerPrincipal(serverPrincipal, serverAddress.getAddress()); - LOGGER.debug("Using server kerberos principal: " + serverPrincipal); - - serverPrincipalParts = SaslRpcServer.splitKerberosName(serverPrincipal); - Preconditions.checkArgument(serverPrincipalParts.length == 3, - "Kerberos principal should have 3 parts: " + serverPrincipal); - boolean wrapUgi = transportConfig.useUserGroupInformation(conf); - transport = new UgiSaslClientTransport(AuthMethod.KERBEROS.getMechanismName(), - null, serverPrincipalParts[0], serverPrincipalParts[1], - SASL_PROPERTIES, null, transport, wrapUgi, conf); - } else { - serverPrincipalParts = null; - } - transport.open(); - } catch (TTransportException e) { - throw new IOException("Transport exception while opening transport: " + e.getMessage(), e); - } catch (MissingConfigurationException e) { - throw new RuntimeException("Client Creation Failed: " + e.getMessage(), e); + /** + * Connect to the specified server configured + * + * @throws IOException + */ + @Override + public synchronized void connect() throws IOException { + if (transport != null && transport.isOpen()) { + return; } - LOGGER.debug("Successfully opened transport: " + transport + " to " + serverAddress); + transport = transportFactory.getTransport(); + TMultiplexedProtocol protocol = null; long maxMessageSize = conf.getLong(ServiceConstants.ClientConfig.SENTRY_POLICY_CLIENT_THRIFT_MAX_MESSAGE_SIZE, - ServiceConstants.ClientConfig.SENTRY_POLICY_CLIENT_THRIFT_MAX_MESSAGE_SIZE_DEFAULT); - TMultiplexedProtocol protocol = new TMultiplexedProtocol( - new TBinaryProtocol(transport, maxMessageSize, maxMessageSize, true, true), - SentryGenericPolicyProcessor.SENTRY_GENERIC_SERVICE_NAME); + ServiceConstants.ClientConfig.SENTRY_POLICY_CLIENT_THRIFT_MAX_MESSAGE_SIZE_DEFAULT); + protocol = new TMultiplexedProtocol( + new TBinaryProtocol(transport, maxMessageSize, maxMessageSize, true, true), + SentryGenericPolicyProcessor.SENTRY_GENERIC_SERVICE_NAME); client = new SentryGenericPolicyService.Client(protocol); LOGGER.debug("Successfully created client"); } - - /** * Create a sentry role + * * @param requestorUserName: user on whose behalf the request is issued - * @param roleName: Name of the role - * @param component: The request is issued to which component + * @param roleName: Name of the role + * @param component: The request is issued to which component * @throws SentryUserException */ + @Override public synchronized void createRole(String requestorUserName, String roleName, String component) - throws SentryUserException { + throws SentryUserException { TCreateSentryRoleRequest request = new TCreateSentryRoleRequest(); request.setProtocol_version(sentry_common_serviceConstants.TSENTRY_SERVICE_V2); request.setRequestorUserName(requestorUserName); @@ -199,6 +120,7 @@ public class SentryGenericServiceClientDefaultImpl implements SentryGenericServi } } + @Override public void createRoleIfNotExist(String requestorUserName, String roleName, String component) throws SentryUserException { TCreateSentryRoleRequest request = new TCreateSentryRoleRequest(); request.setProtocol_version(sentry_common_serviceConstants.TSENTRY_SERVICE_V2); @@ -219,26 +141,29 @@ public class SentryGenericServiceClientDefaultImpl implements SentryGenericServi /** * Drop a sentry role + * * @param requestorUserName: user on whose behalf the request is issued - * @param roleName: Name of the role - * @param component: The request is issued to which component + * @param roleName: Name of the role + * @param component: The request is issued to which component * @throws SentryUserException */ + @Override public void dropRole(String requestorUserName, - String roleName, String component) - throws SentryUserException { + String roleName, String component) + throws SentryUserException { dropRole(requestorUserName, roleName, component, false); } + @Override public void dropRoleIfExists(String requestorUserName, - String roleName, String component) - throws SentryUserException { + String roleName, String component) + throws SentryUserException { dropRole(requestorUserName, roleName, component, true); } private void dropRole(String requestorUserName, - String roleName, String component , boolean ifExists) - throws SentryUserException { + String roleName, String component, boolean ifExists) + throws SentryUserException { TDropSentryRoleRequest request = new TDropSentryRoleRequest(); request.setProtocol_version(sentry_common_serviceConstants.TSENTRY_SERVICE_V2); request.setRequestorUserName(requestorUserName); @@ -258,14 +183,16 @@ public class SentryGenericServiceClientDefaultImpl implements SentryGenericServi /** * add a sentry role to groups. + * * @param requestorUserName: user on whose behalf the request is issued - * @param roleName: Name of the role - * @param component: The request is issued to which component - * @param groups: The name of groups + * @param roleName: Name of the role + * @param component: The request is issued to which component + * @param groups: The name of groups * @throws SentryUserException */ + @Override public void addRoleToGroups(String requestorUserName, String roleName, - String component, Set<String> groups) throws SentryUserException { + String component, Set<String> groups) throws SentryUserException { TAlterSentryRoleAddGroupsRequest request = new TAlterSentryRoleAddGroupsRequest(); request.setProtocol_version(sentry_common_serviceConstants.TSENTRY_SERVICE_V2); request.setRequestorUserName(requestorUserName); @@ -283,14 +210,16 @@ public class SentryGenericServiceClientDefaultImpl implements SentryGenericServi /** * delete a sentry role from groups. + * * @param requestorUserName: user on whose behalf the request is issued - * @param roleName: Name of the role - * @param component: The request is issued to which component - * @param groups: The name of groups + * @param roleName: Name of the role + * @param component: The request is issued to which component + * @param groups: The name of groups * @throws SentryUserException */ + @Override public void deleteRoleToGroups(String requestorUserName, String roleName, - String component, Set<String> groups) throws SentryUserException { + String component, Set<String> groups) throws SentryUserException { TAlterSentryRoleDeleteGroupsRequest request = new TAlterSentryRoleDeleteGroupsRequest(); request.setProtocol_version(sentry_common_serviceConstants.TSENTRY_SERVICE_V2); request.setRequestorUserName(requestorUserName); @@ -308,14 +237,16 @@ public class SentryGenericServiceClientDefaultImpl implements SentryGenericServi /** * grant privilege + * * @param requestorUserName: user on whose behalf the request is issued - * @param roleName: Name of the role - * @param component: The request is issued to which component + * @param roleName: Name of the role + * @param component: The request is issued to which component * @param privilege * @throws SentryUserException */ + @Override public void grantPrivilege(String requestorUserName, String roleName, - String component, TSentryPrivilege privilege) throws SentryUserException { + String component, TSentryPrivilege privilege) throws SentryUserException { TAlterSentryRoleGrantPrivilegeRequest request = new TAlterSentryRoleGrantPrivilegeRequest(); request.setProtocol_version(sentry_common_serviceConstants.TSENTRY_SERVICE_V2); request.setComponent(component); @@ -333,14 +264,16 @@ public class SentryGenericServiceClientDefaultImpl implements SentryGenericServi /** * revoke privilege + * * @param requestorUserName: user on whose behalf the request is issued - * @param roleName: Name of the role - * @param component: The request is issued to which component + * @param roleName: Name of the role + * @param component: The request is issued to which component * @param privilege * @throws SentryUserException */ + @Override public void revokePrivilege(String requestorUserName, String roleName, - String component, TSentryPrivilege privilege) throws SentryUserException { + String component, TSentryPrivilege privilege) throws SentryUserException { TAlterSentryRoleRevokePrivilegeRequest request = new TAlterSentryRoleRevokePrivilegeRequest(); request.setProtocol_version(sentry_common_serviceConstants.TSENTRY_SERVICE_V2); request.setComponent(component); @@ -358,13 +291,15 @@ public class SentryGenericServiceClientDefaultImpl implements SentryGenericServi /** * drop privilege + * * @param requestorUserName: user on whose behalf the request is issued - * @param component: The request is issued to which component + * @param component: The request is issued to which component * @param privilege * @throws SentryUserException */ - public void dropPrivilege(String requestorUserName,String component, - TSentryPrivilege privilege) throws SentryUserException { + @Override + public void dropPrivilege(String requestorUserName, String component, + TSentryPrivilege privilege) throws SentryUserException { TDropPrivilegesRequest request = new TDropPrivilegesRequest(); request.setProtocol_version(sentry_common_serviceConstants.TSENTRY_SERVICE_V2); request.setComponent(component); @@ -381,18 +316,20 @@ public class SentryGenericServiceClientDefaultImpl implements SentryGenericServi /** * rename privilege + * * @param requestorUserName: user on whose behalf the request is issued - * @param component: The request is issued to which component - * @param serviceName: The Authorizable belongs to which service + * @param component: The request is issued to which component + * @param serviceName: The Authorizable belongs to which service * @param oldAuthorizables * @param newAuthorizables * @throws SentryUserException */ + @Override public void renamePrivilege(String requestorUserName, String component, - String serviceName, List<? extends Authorizable> oldAuthorizables, - List<? extends Authorizable> newAuthorizables) throws SentryUserException { + String serviceName, List<? extends Authorizable> oldAuthorizables, + List<? extends Authorizable> newAuthorizables) throws SentryUserException { if (oldAuthorizables == null || oldAuthorizables.isEmpty() - || newAuthorizables == null || newAuthorizables.isEmpty()) { + || newAuthorizables == null || newAuthorizables.isEmpty()) { throw new SentryUserException("oldAuthorizables or newAuthorizables can not be null or empty"); } @@ -423,17 +360,19 @@ public class SentryGenericServiceClientDefaultImpl implements SentryGenericServi /** * Gets sentry role objects for a given groupName using the Sentry service + * * @param requestorUserName : user on whose behalf the request is issued - * @param groupName : groupName to look up ( if null returns all roles for groups related to requestorUserName) - * @param component: The request is issued to which component + * @param groupName : groupName to look up ( if null returns all roles for groups related to requestorUserName) + * @param component: The request is issued to which component * @return Set of thrift sentry role objects * @throws SentryUserException */ + @Override public synchronized Set<TSentryRole> listRolesByGroupName( - String requestorUserName, - String groupName, - String component) - throws SentryUserException { + String requestorUserName, + String groupName, + String component) + throws SentryUserException { TListSentryRolesRequest request = new TListSentryRolesRequest(); request.setProtocol_version(sentry_common_serviceConstants.TSENTRY_SERVICE_V2); request.setRequestorUserName(requestorUserName); @@ -449,30 +388,34 @@ public class SentryGenericServiceClientDefaultImpl implements SentryGenericServi } } + @Override public Set<TSentryRole> listUserRoles(String requestorUserName, String component) - throws SentryUserException { + throws SentryUserException { return listRolesByGroupName(requestorUserName, AccessConstants.ALL, component); } + @Override public Set<TSentryRole> listAllRoles(String requestorUserName, String component) - throws SentryUserException { + throws SentryUserException { return listRolesByGroupName(requestorUserName, null, component); } /** * Gets sentry privileges for a given roleName and Authorizable Hirerchys using the Sentry service + * * @param requestorUserName: user on whose behalf the request is issued * @param roleName: - * @param component: The request is issued to which component + * @param component: The request is issued to which component * @param serviceName * @param authorizables * @return * @throws SentryUserException */ + @Override public Set<TSentryPrivilege> listPrivilegesByRoleName( - String requestorUserName, String roleName, String component, - String serviceName, List<? extends Authorizable> authorizables) - throws SentryUserException { + String requestorUserName, String roleName, String component, + String serviceName, List<? extends Authorizable> authorizables) + throws SentryUserException { TListSentryPrivilegesRequest request = new TListSentryPrivilegesRequest(); request.setProtocol_version(sentry_common_serviceConstants.TSENTRY_SERVICE_V2); request.setComponent(component); @@ -497,25 +440,28 @@ public class SentryGenericServiceClientDefaultImpl implements SentryGenericServi return response.getPrivileges(); } + @Override public Set<TSentryPrivilege> listPrivilegesByRoleName( - String requestorUserName, String roleName, String component, - String serviceName) throws SentryUserException { + String requestorUserName, String roleName, String component, + String serviceName) throws SentryUserException { return listPrivilegesByRoleName(requestorUserName, roleName, component, serviceName, null); } /** * get sentry permissions from provider as followings: + * + * @throws SentryUserException * @param: component: The request is issued to which component * @param: serviceName: The privilege belongs to which service * @param: roleSet * @param: groupNames * @param: the authorizables * @returns the set of permissions - * @throws SentryUserException */ + @Override public Set<String> listPrivilegesForProvider(String component, - String serviceName, ActiveRoleSet roleSet, Set<String> groups, - List<? extends Authorizable> authorizables) throws SentryUserException { + String serviceName, ActiveRoleSet roleSet, Set<String> groups, + List<? extends Authorizable> authorizables) throws SentryUserException { TSentryActiveRoleSet thriftRoleSet = new TSentryActiveRoleSet(roleSet.isAll(), roleSet.getRoles()); TListSentryPrivilegesForProviderRequest request = new TListSentryPrivilegesForProviderRequest(); request.setProtocol_version(sentry_common_serviceConstants.TSENTRY_SERVICE_V2); @@ -548,20 +494,20 @@ public class SentryGenericServiceClientDefaultImpl implements SentryGenericServi * Get sentry privileges based on valid active roles and the authorize objects. Note that * it is client responsibility to ensure the requestor username, etc. is not impersonated. * - * @param component: The request respond to which component. - * @param serviceName: The name of service. + * @param component: The request respond to which component. + * @param serviceName: The name of service. * @param requestorUserName: The requestor user name. - * @param authorizablesSet: The set of authorize objects. One authorize object is represented - * as a string. e.g resourceType1=resourceName1->resourceType2=resourceName2->resourceType3=resourceName3. - * @param groups: The requested groups. - * @param roleSet: The active roles set. - * - * @returns The mapping of authorize objects and TSentryPrivilegeMap(<role, set<privileges>). + * @param authorizablesSet: The set of authorize objects. One authorize object is represented + * as a string. e.g resourceType1=resourceName1->resourceType2=resourceName2->resourceType3=resourceName3. + * @param groups: The requested groups. + * @param roleSet: The active roles set. * @throws SentryUserException + * @returns The mapping of authorize objects and TSentryPrivilegeMap(<role, set<privileges>). */ + @Override public Map<String, TSentryPrivilegeMap> listPrivilegsbyAuthorizable(String component, - String serviceName, String requestorUserName, Set<String> authorizablesSet, - Set<String> groups, ActiveRoleSet roleSet) throws SentryUserException { + String serviceName, String requestorUserName, Set<String> authorizablesSet, + Set<String> groups, ActiveRoleSet roleSet) throws SentryUserException { TListSentryPrivilegesByAuthRequest request = new TListSentryPrivilegesByAuthRequest(); @@ -591,10 +537,12 @@ public class SentryGenericServiceClientDefaultImpl implements SentryGenericServi } @Override - public void close() { - if (transport != null) { - transport.close(); - } + public synchronized void close() { + transportFactory.close(); } + @Override + public void disconnect() { + transportFactory.releaseTransport(); + } }
http://git-wip-us.apache.org/repos/asf/sentry/blob/14b3b904/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/generic/service/thrift/SentryGenericServiceClientFactory.java ---------------------------------------------------------------------- diff --git a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/generic/service/thrift/SentryGenericServiceClientFactory.java b/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/generic/service/thrift/SentryGenericServiceClientFactory.java index 980d930..46ac4a3 100644 --- a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/generic/service/thrift/SentryGenericServiceClientFactory.java +++ b/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/generic/service/thrift/SentryGenericServiceClientFactory.java @@ -6,9 +6,9 @@ * to you under the Apache License, Version 2.0 (the * "License"); you may not use this file except in compliance * with the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * + * <p> + * http://www.apache.org/licenses/LICENSE-2.0 + * <p> * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. @@ -18,17 +18,27 @@ package org.apache.sentry.provider.db.generic.service.thrift; import org.apache.hadoop.conf.Configuration; +import org.apache.sentry.core.common.transport.RetryClientInvocationHandler; +import org.apache.sentry.core.common.transport.SentryPolicyClientTransportConfig; + +import java.lang.reflect.Proxy; /** * SentryGenericServiceClientFactory is a public class for the components which using Generic Model to create sentry client. */ public final class SentryGenericServiceClientFactory { + private static final SentryPolicyClientTransportConfig transportConfig = + new SentryPolicyClientTransportConfig(); private SentryGenericServiceClientFactory() { } public static SentryGenericServiceClient create(Configuration conf) throws Exception { - return new SentryGenericServiceClientDefaultImpl(conf); + return (SentryGenericServiceClient) Proxy + .newProxyInstance(SentryGenericServiceClientDefaultImpl.class.getClassLoader(), + SentryGenericServiceClientDefaultImpl.class.getInterfaces(), + new RetryClientInvocationHandler(conf, + new SentryGenericServiceClientDefaultImpl(conf, transportConfig), transportConfig)); } - + } http://git-wip-us.apache.org/repos/asf/sentry/blob/14b3b904/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/log/entity/JsonLogEntityFactory.java ---------------------------------------------------------------------- diff --git a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/log/entity/JsonLogEntityFactory.java b/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/log/entity/JsonLogEntityFactory.java index f6bb8a5..09f7d13 100644 --- a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/log/entity/JsonLogEntityFactory.java +++ b/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/log/entity/JsonLogEntityFactory.java @@ -46,7 +46,7 @@ import org.apache.sentry.provider.db.service.thrift.TDropSentryRoleRequest; import org.apache.sentry.provider.db.service.thrift.TDropSentryRoleResponse; import org.apache.sentry.provider.db.service.thrift.TSentryGroup; import org.apache.sentry.provider.db.service.thrift.TSentryPrivilege; -import org.apache.sentry.provider.db.service.thrift.ThriftUtil; +import org.apache.sentry.core.common.utils.ThriftUtil; import org.apache.sentry.service.thrift.ServiceConstants.ServerConfig; import org.apache.sentry.service.thrift.Status; import org.apache.sentry.service.thrift.TSentryResponseStatus; http://git-wip-us.apache.org/repos/asf/sentry/blob/14b3b904/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/persistent/TransactionManager.java ---------------------------------------------------------------------- diff --git a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/persistent/TransactionManager.java b/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/persistent/TransactionManager.java index d11d34f..795e2b0 100644 --- a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/persistent/TransactionManager.java +++ b/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/persistent/TransactionManager.java @@ -185,7 +185,7 @@ public class TransactionManager { } catch (Exception e) { retryNum++; if (retryNum >= transactionRetryMax) { - String message = "The transaction has reached max retry numbe, r" + String message = "The transaction has reached max retry number" + e.getMessage(); LOGGER.error(message, e); throw new Exception(message, e); http://git-wip-us.apache.org/repos/asf/sentry/blob/14b3b904/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/thrift/PolicyStoreConstants.java ---------------------------------------------------------------------- diff --git a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/thrift/PolicyStoreConstants.java b/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/thrift/PolicyStoreConstants.java deleted file mode 100644 index 8cf1c1a..0000000 --- a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/thrift/PolicyStoreConstants.java +++ /dev/null @@ -1,32 +0,0 @@ -/** - * Licensed to the Apache Software Foundation (ASF) under one - * or more contributor license agreements. See the NOTICE file - * distributed with this work for additional information - * regarding copyright ownership. The ASF licenses this file - * to you under the Apache License, Version 2.0 (the - * "License"); you may not use this file except in compliance - * with the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ -package org.apache.sentry.provider.db.service.thrift; - -public final class PolicyStoreConstants { - public static final String SENTRY_GENERIC_POLICY_NOTIFICATION = "sentry.generic.policy.notification"; - public static final String SENTRY_GENERIC_POLICY_STORE = "sentry.generic.policy.store"; - public static final String SENTRY_GENERIC_POLICY_STORE_DEFAULT = - "org.apache.sentry.provider.db.generic.service.persistent.DelegateSentryStore"; - public static class PolicyStoreServerConfig { - public static final String NOTIFICATION_HANDLERS = "sentry.policy.store.notification.handlers"; - } - - private PolicyStoreConstants() { - // Make constructor private to avoid instantiation - } -}
