http://git-wip-us.apache.org/repos/asf/sentry/blob/48422f4c/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/thrift/SentryAdminServlet.java ---------------------------------------------------------------------- diff --git a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/thrift/SentryAdminServlet.java b/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/thrift/SentryAdminServlet.java deleted file mode 100644 index 8a8bbd3..0000000 --- a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/thrift/SentryAdminServlet.java +++ /dev/null @@ -1,132 +0,0 @@ -/** - * Licensed to the Apache Software Foundation (ASF) under one - * or more contributor license agreements. See the NOTICE file - * distributed with this work for additional information - * regarding copyright ownership. The ASF licenses this file - * to you under the Apache License, Version 2.0 (the - * "License"); you may not use this file except in compliance - * with the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ -package org.apache.sentry.provider.db.service.thrift; - -import com.google.gson.Gson; -import org.apache.hadoop.conf.Configuration; -import org.apache.sentry.provider.db.service.persistent.SentryStore; - -import javax.servlet.ServletException; -import javax.servlet.http.HttpServlet; -import javax.servlet.http.HttpServletRequest; -import javax.servlet.http.HttpServletResponse; -import java.io.IOException; -import java.io.PrintWriter; -import java.io.Writer; -import java.util.HashMap; -import java.util.Map; -import java.util.Set; - -/** - * Admin Servlet is only used when SENTRY_WEB_ADMIN_SERVLET_ENABLED is true. - */ -public class SentryAdminServlet extends HttpServlet { - private static final String SHOW_ALL = "/showAll"; - // Here we use the same way as in com.codahale.metrics.servlets.AdminServlet, and just - // use the TEMPLATE as a static html with some links referenced to other debug pages. - private static final String TEMPLATE = "<!DOCTYPE HTML>\n"+ - "<html lang=\"en\">\n"+ - "<head>\n"+ - " <meta charset=\"utf-8\">\n"+ - " <title>Sentry Service Admin</title>\n"+ - " <meta name=\"viewport\" content=\"width=device-width, initial-scale=1.0\">\n"+ - " <meta name=\"description\" content=\"\">\n"+ - " <link href=\"css/bootstrap.min.css\" rel=\"stylesheet\">\n"+ - " <link href=\"css/bootstrap-theme.min.css\" rel=\"stylesheet\">\n"+ - " <link href=\"css/sentry.css\" rel=\"stylesheet\">\n"+ - "</head>\n"+ - "<body>\n"+ - "<nav class=\"navbar navbar-default navbar-fixed-top\">\n"+ - " <div class=\"container\">\n"+ - " <div class=\"navbar-header\">\n"+ - " <a class=\"navbar-brand\" href=\"#\"><img src=\"sentry.png\" alt=\"Sentry Logo\"/></a>\n"+ - " </div>\n"+ - " <div class=\"collapse navbar-collapse\">\n"+ - " <ul class=\"nav navbar-nav\">\n"+ - " <li class=\"active\"><a href=\"#\">Admin</a></li>\n"+ - " <li><a href=\"/metrics?pretty=true\">Metrics</a></li>\n"+ - " <li><a href=\"/threads\">Threads</a></li>\n"+ - " <li><a href=\"/conf\">Configuration</a></li>\n"+ - " <li><a href=\"/admin/showAll\">ShowAllRoles</a></li>\n"+ - " </ul>\n"+ - " </div>\n"+ - " </div>\n"+ - "</nav>\n"+ - "<div class=\"container\">\n"+ - " <ul>\n"+ - " <li><a href=\"/metrics?pretty=true\">Metrics</a></li>\n"+ - " <li><a href=\"/threads\">Threads</a></li>\n"+ - " <li><a href=\"/conf\">Configuration</a></li>\n"+ - " <li><a href=\"/admin/showAll\">ShowAllRoles</a></li>\n"+ - " </ul>\n"+ - "</div>\n"+ - "</body>\n"+ - "</html>"; - - @Override - public void doGet(HttpServletRequest request, HttpServletResponse response) - throws ServletException, IOException { - String uri = request.getPathInfo(); - if(uri != null && !uri.equals("/")) { - if (uri.equals(SHOW_ALL)) { - showAll(response); - } else { - response.sendError(404); - } - } else { - response.setStatus(200); - response.setHeader("Cache-Control", "must-revalidate,no-cache,no-store"); - response.setHeader("Pragma", "no-cache"); - response.setDateHeader("Expires", 0); - response.setContentType("text/html"); - PrintWriter writer = response.getWriter(); - try { - writer.println(TEMPLATE); - } finally { - writer.close(); - } - } - } - - /** - * Print out all the roles and privileges information as json format. - */ - private void showAll(HttpServletResponse response) - throws ServletException, IOException { - Configuration conf = (Configuration)getServletContext().getAttribute( - ConfServlet.CONF_CONTEXT_ATTRIBUTE); - assert conf != null; - - Writer out = response.getWriter(); - try { - SentryStore sentrystore = new SentryStore(conf); - Map<String, Set<TSentryPrivilege>> roleMap = new HashMap<>(); - Set<String> roleSet = sentrystore.getAllRoleNames(); - for (String roleName: roleSet) { - roleMap.put(roleName, sentrystore.getAllTSentryPrivilegesByRoleName(roleName)); - } - String json = new Gson().toJson(roleMap); - response.setContentType("application/json"); - response.setCharacterEncoding("UTF-8"); - out.write(json); - } catch (Exception e) { - response.sendError(HttpServletResponse.SC_BAD_REQUEST, e.getMessage()); - } - out.close(); - } -}
http://git-wip-us.apache.org/repos/asf/sentry/blob/48422f4c/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/thrift/SentryAuthFilter.java ---------------------------------------------------------------------- diff --git a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/thrift/SentryAuthFilter.java b/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/thrift/SentryAuthFilter.java deleted file mode 100644 index b67d6df..0000000 --- a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/thrift/SentryAuthFilter.java +++ /dev/null @@ -1,89 +0,0 @@ -/** - * Licensed to the Apache Software Foundation (ASF) under one - * or more contributor license agreements. See the NOTICE file - * distributed with this work for additional information - * regarding copyright ownership. The ASF licenses this file - * to you under the Apache License, Version 2.0 (the - * "License"); you may not use this file except in compliance - * with the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ -package org.apache.sentry.provider.db.service.thrift; - -import java.io.IOException; -import java.util.Enumeration; -import java.util.Properties; -import java.util.Set; - -import javax.servlet.FilterChain; -import javax.servlet.FilterConfig; -import javax.servlet.ServletException; -import javax.servlet.http.HttpServletRequest; -import javax.servlet.http.HttpServletResponse; - -import org.apache.hadoop.security.authentication.server.AuthenticationFilter; -import org.apache.hadoop.util.StringUtils; -import org.apache.sentry.service.thrift.ServiceConstants.ServerConfig; -import org.slf4j.Logger; -import org.slf4j.LoggerFactory; - -import com.google.common.collect.Sets; - -/** - * SentryAuthFilter is a subclass of AuthenticationFilter, - * add authorization: Only allowed users could connect the web server. - */ -public class SentryAuthFilter extends AuthenticationFilter { - - private static final Logger LOG = LoggerFactory.getLogger(SentryAuthFilter.class); - - public static final String ALLOW_WEB_CONNECT_USERS = ServerConfig.SENTRY_WEB_SECURITY_ALLOW_CONNECT_USERS; - - private Set<String> allowUsers; - - @Override - protected void doFilter(FilterChain filterChain, HttpServletRequest request, - HttpServletResponse response) throws IOException, ServletException { - String userName = request.getRemoteUser(); - LOG.debug("Authenticating user: " + userName + " from request."); - if (!allowUsers.contains(userName)) { - response.sendError(HttpServletResponse.SC_FORBIDDEN, - "Unauthorized user status code: " + HttpServletResponse.SC_FORBIDDEN); - throw new ServletException(userName + " is unauthorized. status code: " + HttpServletResponse.SC_FORBIDDEN); - } - super.doFilter(filterChain, request, response); - } - - /** - * Override <code>getConfiguration<code> to get <code>ALLOW_WEB_CONNECT_USERS<code>. - */ - @Override - protected Properties getConfiguration(String configPrefix, FilterConfig filterConfig) throws ServletException { - Properties props = new Properties(); - Enumeration<?> names = filterConfig.getInitParameterNames(); - while (names.hasMoreElements()) { - String name = (String) names.nextElement(); - if (name.startsWith(configPrefix)) { - String value = filterConfig.getInitParameter(name); - if (ALLOW_WEB_CONNECT_USERS.equals(name)) { - allowUsers = parseConnectUsersFromConf(value); - } else { - props.put(name.substring(configPrefix.length()), value); - } - } - } - return props; - } - - private static Set<String> parseConnectUsersFromConf(String value) { - //Removed the logic to convert the allowed users to lower case, as user names need to be case sensitive - return Sets.newHashSet(StringUtils.getStrings(value)); - } -} http://git-wip-us.apache.org/repos/asf/sentry/blob/48422f4c/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/thrift/SentryHealthCheckServletContextListener.java ---------------------------------------------------------------------- diff --git a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/thrift/SentryHealthCheckServletContextListener.java b/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/thrift/SentryHealthCheckServletContextListener.java deleted file mode 100644 index 8822c2e..0000000 --- a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/thrift/SentryHealthCheckServletContextListener.java +++ /dev/null @@ -1,35 +0,0 @@ -/** - * Licensed to the Apache Software Foundation (ASF) under one - * or more contributor license agreements. See the NOTICE file - * distributed with this work for additional information - * regarding copyright ownership. The ASF licenses this file - * to you under the Apache License, Version 2.0 (the - * "License"); you may not use this file except in compliance - * with the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ -package org.apache.sentry.provider.db.service.thrift; - -import com.codahale.metrics.health.HealthCheckRegistry; -import com.codahale.metrics.servlets.HealthCheckServlet; - -/** - * Use this class's registry to register health checks: Can be some tests which make sure Sentry service is healthy - */ -public class SentryHealthCheckServletContextListener extends HealthCheckServlet.ContextListener { - - //This is just a place holder for health check registry, with out this AdminServlet throws out an error - public static final HealthCheckRegistry HEALTH_CHECK_REGISTRY = new HealthCheckRegistry(); - - @Override - protected HealthCheckRegistry getHealthCheckRegistry() { - return HEALTH_CHECK_REGISTRY; - } -} \ No newline at end of file http://git-wip-us.apache.org/repos/asf/sentry/blob/48422f4c/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/thrift/SentryMetrics.java ---------------------------------------------------------------------- diff --git a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/thrift/SentryMetrics.java b/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/thrift/SentryMetrics.java deleted file mode 100644 index 1056fa7..0000000 --- a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/thrift/SentryMetrics.java +++ /dev/null @@ -1,413 +0,0 @@ -/* - * Licensed to the Apache Software Foundation (ASF) under one - * or more contributor license agreements. See the NOTICE file - * distributed with this work for additional information - * regarding copyright ownership. The ASF licenses this file - * to you under the Apache License, Version 2.0 (the - * "License"); you may not use this file except in compliance - * with the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ -package org.apache.sentry.provider.db.service.thrift; - -import com.codahale.metrics.ConsoleReporter; -import com.codahale.metrics.Counter; -import com.codahale.metrics.Gauge; -import com.codahale.metrics.Histogram; -import com.codahale.metrics.JmxReporter; -import com.codahale.metrics.Metric; -import com.codahale.metrics.MetricRegistry; -import com.codahale.metrics.MetricSet; -import com.codahale.metrics.Slf4jReporter; -import com.codahale.metrics.Timer; -import com.codahale.metrics.json.MetricsModule; -import com.codahale.metrics.jvm.BufferPoolMetricSet; -import com.codahale.metrics.jvm.GarbageCollectorMetricSet; -import com.codahale.metrics.jvm.MemoryUsageGaugeSet; -import com.codahale.metrics.jvm.ThreadStatesGaugeSet; -import com.fasterxml.jackson.core.JsonProcessingException; -import com.fasterxml.jackson.databind.ObjectMapper; -import com.google.common.util.concurrent.ThreadFactoryBuilder; -import org.apache.hadoop.conf.Configuration; -import org.apache.sentry.provider.db.service.persistent.SentryStore; -import org.apache.sentry.service.thrift.SentryService; -import org.apache.sentry.service.thrift.SentryServiceUtil; -import org.slf4j.Logger; -import org.slf4j.LoggerFactory; - -import java.io.BufferedWriter; -import java.io.FileWriter; -import java.io.IOException; -import java.lang.management.ManagementFactory; -import java.nio.file.Files; -import java.nio.file.Path; -import java.nio.file.Paths; -import java.nio.file.StandardCopyOption; -import java.nio.file.attribute.FileAttribute; -import java.nio.file.attribute.PosixFilePermission; -import java.nio.file.attribute.PosixFilePermissions; -import java.util.HashSet; -import java.util.Map; -import java.util.Set; -import java.util.concurrent.Executors; -import java.util.concurrent.ScheduledExecutorService; -import java.util.concurrent.TimeUnit; -import java.util.concurrent.atomic.AtomicBoolean; - -import static com.codahale.metrics.MetricRegistry.name; -import static org.apache.sentry.provider.db.service.thrift.SentryMetricsServletContextListener.METRIC_REGISTRY; -import static org.apache.sentry.service.thrift.ServiceConstants.ServerConfig; - -/** - * A singleton class which holds metrics related utility functions as well as the list of metrics. - */ -public final class SentryMetrics { - public enum Reporting { - JMX, - CONSOLE, - LOG, - JSON, - } - - private static final Logger LOGGER = LoggerFactory - .getLogger(SentryMetrics.class); - - private static SentryMetrics sentryMetrics = null; - private final AtomicBoolean reportingInitialized = new AtomicBoolean(); - private boolean gaugesAdded = false; - private boolean sentryServiceGaugesAdded = false; - - final Timer createRoleTimer = METRIC_REGISTRY.timer( - name(SentryPolicyStoreProcessor.class, "create-role")); - final Timer dropRoleTimer = METRIC_REGISTRY.timer( - name(SentryPolicyStoreProcessor.class, "drop-role")); - final Timer grantRoleTimer = METRIC_REGISTRY.timer( - name(SentryPolicyStoreProcessor.class, "grant-role")); - final Timer revokeRoleTimer = METRIC_REGISTRY.timer( - name(SentryPolicyStoreProcessor.class, "revoke-role")); - final Timer grantTimer = METRIC_REGISTRY.timer( - name(SentryPolicyStoreProcessor.class, "grant-privilege")); - final Timer revokeTimer = METRIC_REGISTRY.timer( - name(SentryPolicyStoreProcessor.class, "revoke-privilege")); - - final Timer dropPrivilegeTimer = METRIC_REGISTRY.timer( - name(SentryPolicyStoreProcessor.class, "drop-privilege")); - final Timer renamePrivilegeTimer = METRIC_REGISTRY.timer( - name(SentryPolicyStoreProcessor.class, "rename-privilege")); - - final Timer listRolesByGroupTimer = METRIC_REGISTRY.timer( - name(SentryPolicyStoreProcessor.class, "list-roles-by-group")); - final Timer listPrivilegesByRoleTimer = METRIC_REGISTRY.timer( - name(SentryPolicyStoreProcessor.class, "list-privileges-by-role")); - final Timer listPrivilegesForProviderTimer = METRIC_REGISTRY.timer( - name(SentryPolicyStoreProcessor.class, "list-privileges-for-provider")); - final Timer listPrivilegesByAuthorizableTimer = METRIC_REGISTRY.timer( - name(SentryPolicyStoreProcessor.class, "list-privileges-by-authorizable")); - - /** - * Return a Timer with name. - */ - public Timer getTimer(String name) { - return METRIC_REGISTRY.timer(name); - } - - /** - * Return a Histogram with name. - */ - public Histogram getHistogram(String name) { - return METRIC_REGISTRY.histogram(name); - } - - /** - * Return a Counter with name. - */ - public Counter getCounter(String name) { - return METRIC_REGISTRY.counter(name); - } - - private SentryMetrics() { - registerMetricSet("gc", new GarbageCollectorMetricSet(), METRIC_REGISTRY); - registerMetricSet("buffers", - new BufferPoolMetricSet(ManagementFactory.getPlatformMBeanServer()), - METRIC_REGISTRY); - registerMetricSet("memory", new MemoryUsageGaugeSet(), METRIC_REGISTRY); - registerMetricSet("threads", new ThreadStatesGaugeSet(), METRIC_REGISTRY); - } - - /** - * Get singleton instance. - */ - public static synchronized SentryMetrics getInstance() { - if (sentryMetrics == null) { - sentryMetrics = new SentryMetrics(); - } - return sentryMetrics; - } - - void addSentryStoreGauges(SentryStore sentryStore) { - if (!gaugesAdded) { - addGauge(SentryStore.class, "role_count", sentryStore.getRoleCountGauge()); - addGauge(SentryStore.class, "privilege_count", - sentryStore.getPrivilegeCountGauge()); - addGauge(SentryStore.class, "group_count", sentryStore.getGroupCountGauge()); - addGauge(SentryStore.class, "hms.waiters", sentryStore.getHMSWaitersCountGauge()); - addGauge(SentryStore.class, "hms.notification.id", - sentryStore.getLastNotificationIdGauge()); - addGauge(SentryStore.class, "hms.snapshot.paths.id", - sentryStore.getLastPathsSnapshotIdGauge()); - addGauge(SentryStore.class, "hms.perm.change.id", - sentryStore.getPermChangeIdGauge()); - addGauge(SentryStore.class, "hms.psth.change.id", - sentryStore.getPathChangeIdGauge()); - gaugesAdded = true; - } - } - - /** - * Add gauges for the SentryService class. - * @param sentryservice - */ - public void addSentryServiceGauges(SentryService sentryservice) { - if (!sentryServiceGaugesAdded) { - addGauge(SentryService.class, "is_active", sentryservice.getIsActiveGauge()); - addGauge(SentryService.class, "activated", sentryservice.getBecomeActiveCount()); - sentryServiceGaugesAdded = true; - } - } - - /** - * Initialize reporters. Only initializes once.<p> - * - * Available reporters: - * <ul> - * <li>console</li> - * <li>log</li> - * <li>jmx</li> - * </ul> - * - * <p><For console reporter configre it to report every - * <em>SENTRY_REPORTER_INTERVAL_SEC</em> seconds. - * - * <p>Method is thread safe. - */ - @SuppressWarnings("squid:S2095") - void initReporting(Configuration conf) { - final String reporter = conf.get(ServerConfig.SENTRY_REPORTER); - if ((reporter == null) || reporter.isEmpty() || reportingInitialized.getAndSet(true)) { - // Nothing to do, just return - return; - } - - final int reportInterval = - conf.getInt(ServerConfig.SENTRY_REPORTER_INTERVAL_SEC, - ServerConfig.SENTRY_REPORTER_INTERVAL_DEFAULT); - - // Get list of configured reporters - Set<String> reporters = new HashSet<>(); - for (String r: reporter.split(",")) { - reporters.add(r.trim().toUpperCase()); - } - - // In case there are no reporters, configure JSON reporter - if (reporters.isEmpty()) { - reporters.add(Reporting.JSON.toString()); - } - - // Configure all reporters - for (String r: reporters) { - switch (SentryMetrics.Reporting.valueOf(r)) { - case CONSOLE: - LOGGER.info("Enabled console metrics reporter with {} seconds interval", - reportInterval); - final ConsoleReporter consoleReporter = - ConsoleReporter.forRegistry(METRIC_REGISTRY) - .convertRatesTo(TimeUnit.SECONDS) - .convertDurationsTo(TimeUnit.MILLISECONDS) - .build(); - consoleReporter.start(reportInterval, TimeUnit.SECONDS); - break; - case JMX: - LOGGER.info("Enabled JMX metrics reporter"); - final JmxReporter jmxReporter = JmxReporter.forRegistry(METRIC_REGISTRY) - .convertRatesTo(TimeUnit.SECONDS) - .convertDurationsTo(TimeUnit.MILLISECONDS) - .build(); - jmxReporter.start(); - break; - case LOG: - LOGGER.info("Enabled Log4J metrics reporter with {} seconds interval", - reportInterval); - final Slf4jReporter logReporter = Slf4jReporter.forRegistry(METRIC_REGISTRY) - .outputTo(LOGGER) - .convertRatesTo(TimeUnit.SECONDS) - .convertDurationsTo(TimeUnit.MILLISECONDS) - .build(); - logReporter.start(reportInterval, TimeUnit.SECONDS); - break; - case JSON: - LOGGER.info("Enabled JSON metrics reporter with {} seconds interval", reportInterval); - JsonFileReporter jsonReporter = new JsonFileReporter(conf, - reportInterval, TimeUnit.SECONDS); - jsonReporter.start(); - break; - default: - LOGGER.warn("Invalid metrics reporter {}", reporter); - break; - } - } - } - - private <T, V> void addGauge(Class<T> tClass, String gaugeName, Gauge<V> gauge) { - METRIC_REGISTRY.register( - name(tClass, gaugeName), gauge); - } - - private void registerMetricSet(String prefix, MetricSet metricSet, MetricRegistry registry) { - for (Map.Entry<String, Metric> entry : metricSet.getMetrics().entrySet()) { - if (entry.getValue() instanceof MetricSet) { - registerMetricSet(prefix + "." + entry.getKey(), (MetricSet) entry.getValue(), registry); - } else { - registry.register(prefix + "." + entry.getKey(), entry.getValue()); - } - } - } - - /** - * Custom reporter that writes metrics as a JSON file. - * This class originated from Apache Hive JSON reporter. - */ - private static class JsonFileReporter implements AutoCloseable, Runnable { - // - // Implementation notes. - // - // 1. Since only local file systems are supported, there is no need to use Hadoop - // version of Path class. - // 2. java.nio package provides modern implementation of file and directory operations - // which is better then the traditional java.io, so we are using it here. - // In particular, it supports atomic creation of temporary files with specified - // permissions in the specified directory. This also avoids various attacks possible - // when temp file name is generated first, followed by file creation. - // See http://www.oracle.com/technetwork/articles/javase/nio-139333.html for - // the description of NIO API and - // http://docs.oracle.com/javase/tutorial/essential/io/legacy.html for the - // description of interoperability between legacy IO api vs NIO API. - // 3. To avoid race conditions with readers of the metrics file, the implementation - // dumps metrics to a temporary file in the same directory as the actual metrics - // file and then renames it to the destination. Since both are located on the same - // filesystem, this rename is likely to be atomic (as long as the underlying OS - // support atomic renames. - // - - // Permissions for the metrics file - private static final FileAttribute<Set<PosixFilePermission>> FILE_ATTRS = - PosixFilePermissions.asFileAttribute(PosixFilePermissions.fromString("rw-r--r--")); - private static final String JSON_REPORTER_THREAD_NAME = "json-reporter"; - - private ScheduledExecutorService executor = null; - private final ObjectMapper jsonMapper = - new ObjectMapper().registerModule(new MetricsModule(TimeUnit.SECONDS, - TimeUnit.MILLISECONDS, - false)); - private final Configuration conf; - /** Destination file name. */ - // Location of JSON file - private final Path path; - // tmpdir is the dirname(path) - private final Path tmpDir; - private final long interval; - private final TimeUnit unit; - - JsonFileReporter(Configuration conf, long interval, TimeUnit unit) { - this.conf = conf; - String pathString = conf.get(ServerConfig.SENTRY_JSON_REPORTER_FILE, - ServerConfig.SENTRY_JSON_REPORTER_FILE_DEFAULT); - path = Paths.get(pathString).toAbsolutePath(); - LOGGER.info("Reporting metrics to {}", path); - // We want to use tmpDir i the same directory as the destination file to support atomic - // move of temp file to the destination metrics file - tmpDir = path.getParent(); - this.interval = interval; - this.unit = unit; - } - - private void start() { - executor = Executors.newScheduledThreadPool(1, - new ThreadFactoryBuilder().setNameFormat(JSON_REPORTER_THREAD_NAME).build()); - executor.scheduleAtFixedRate(this, 0, interval, unit); - } - - @Override - public void run() { - Path tmpFile = null; - try { - String json = null; - try { - json = jsonMapper.writerWithDefaultPrettyPrinter().writeValueAsString(METRIC_REGISTRY); - } catch (JsonProcessingException e) { - LOGGER.error("Error converting metrics to JSON", e); - return; - } - // Metrics are first dumped to a temp file which is then renamed to the destination - try { - tmpFile = Files.createTempFile(tmpDir, "smetrics", "json", FILE_ATTRS); - } catch (IOException e) { - LOGGER.error("failed to create temp file for JSON metrics", e); - return; - } catch (SecurityException e) { - // This shouldn't ever happen - LOGGER.error("failed to create temp file for JSON metrics: no permissions", e); - return; - } catch (UnsupportedOperationException e) { - // This shouldn't ever happen - LOGGER.error("failed to create temp file for JSON metrics: operartion not supported", e); - return; - } - - try (BufferedWriter bw = new BufferedWriter(new FileWriter(tmpFile.toFile()))) { - bw.write(json); - } - - // Move temp file to the destination file - try { - Files.move(tmpFile, path, StandardCopyOption.ATOMIC_MOVE); - } catch (Exception e) { - LOGGER.error("Failed to move temp metrics file to {}: {}", path, e.getMessage()); - } - } catch (Throwable t) { - // catch all errors (throwable and execptions to prevent subsequent tasks from being suppressed) - LOGGER.error("Error executing scheduled task ", t); - } finally { - // If something happened and we were not able to rename the temp file, attempt to remove it - if (tmpFile != null && tmpFile.toFile().exists()) { - // Attempt to delete temp file, if this fails, not much can be done about it. - try { - Files.delete(tmpFile); - } catch (Exception e) { - LOGGER.error("failed to delete yemporary metrics file {}", tmpFile, e); - } - } - } - } - - @Override - public void close() { - if (executor != null) { - SentryServiceUtil.shutdownAndAwaitTermination(executor, - JSON_REPORTER_THREAD_NAME, 1, TimeUnit.MINUTES, LOGGER); - executor = null; - } - try { - Files.delete(path); - } catch (IOException e) { - LOGGER.error("Unable to delete {}", path, e); - } - } - } -} http://git-wip-us.apache.org/repos/asf/sentry/blob/48422f4c/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/thrift/SentryMetricsServletContextListener.java ---------------------------------------------------------------------- diff --git a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/thrift/SentryMetricsServletContextListener.java b/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/thrift/SentryMetricsServletContextListener.java deleted file mode 100644 index 6692197..0000000 --- a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/thrift/SentryMetricsServletContextListener.java +++ /dev/null @@ -1,32 +0,0 @@ -/** - * Licensed to the Apache Software Foundation (ASF) under one - * or more contributor license agreements. See the NOTICE file - * distributed with this work for additional information - * regarding copyright ownership. The ASF licenses this file - * to you under the Apache License, Version 2.0 (the - * "License"); you may not use this file except in compliance - * with the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ -package org.apache.sentry.provider.db.service.thrift; - -import com.codahale.metrics.MetricRegistry; -import com.codahale.metrics.servlets.MetricsServlet; - -public class SentryMetricsServletContextListener extends MetricsServlet.ContextListener { - - public static final MetricRegistry METRIC_REGISTRY = new MetricRegistry(); - - @Override - protected MetricRegistry getMetricRegistry() { - return METRIC_REGISTRY; - } - -} http://git-wip-us.apache.org/repos/asf/sentry/blob/48422f4c/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/thrift/SentryPolicyServiceClient.java ---------------------------------------------------------------------- diff --git a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/thrift/SentryPolicyServiceClient.java b/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/thrift/SentryPolicyServiceClient.java deleted file mode 100644 index f69a8cd..0000000 --- a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/thrift/SentryPolicyServiceClient.java +++ /dev/null @@ -1,227 +0,0 @@ -/** - * Licensed to the Apache Software Foundation (ASF) under one - * or more contributor license agreements. See the NOTICE file - * distributed with this work for additional information - * regarding copyright ownership. The ASF licenses this file - * to you under the Apache License, Version 2.0 (the - * "License"); you may not use this file except in compliance - * with the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -package org.apache.sentry.provider.db.service.thrift; - -import java.util.List; -import java.util.Map; -import java.util.Set; - -import org.apache.sentry.core.common.exception.SentryUserException; -import org.apache.sentry.core.common.ActiveRoleSet; -import org.apache.sentry.core.common.Authorizable; - -public interface SentryPolicyServiceClient extends AutoCloseable { - - void createRole(String requestorUserName, String roleName) throws SentryUserException; - - void dropRole(String requestorUserName, String roleName) throws SentryUserException; - - void dropRoleIfExists(String requestorUserName, String roleName) - throws SentryUserException; - - Set<TSentryRole> listRolesByUserName(String requestorUserName, String userName) - throws SentryUserException; - - Set<TSentryRole> listRolesByGroupName(String requestorUserName, String groupName) - throws SentryUserException; - - Set<TSentryPrivilege> listAllPrivilegesByRoleName(String requestorUserName, String roleName) - throws SentryUserException; - - /** - * Gets sentry privilege objects for a given roleName using the Sentry service - * - * @param requestorUserName : user on whose behalf the request is issued - * @param roleName : roleName to look up - * @param authorizable : authorizable Hierarchy (server->db->table etc) - * @return Set of thrift sentry privilege objects - * @throws SentryUserException - */ - Set<TSentryPrivilege> listPrivilegesByRoleName(String requestorUserName, String roleName, - List<? extends Authorizable> authorizable) throws SentryUserException; - - Set<TSentryRole> listAllRoles(String requestorUserName) throws SentryUserException; - - Set<TSentryRole> listUserRoles(String requestorUserName) throws SentryUserException; - - TSentryPrivilege grantURIPrivilege(String requestorUserName, String roleName, - String server, String uri) throws SentryUserException; - - TSentryPrivilege grantURIPrivilege(String requestorUserName, String roleName, - String server, String uri, Boolean grantOption) throws SentryUserException; - - void grantServerPrivilege(String requestorUserName, String roleName, String server, - String action) throws SentryUserException; - - TSentryPrivilege grantServerPrivilege(String requestorUserName, String roleName, - String server, Boolean grantOption) throws SentryUserException; - - TSentryPrivilege grantServerPrivilege(String requestorUserName, String roleName, - String server, String action, Boolean grantOption) throws SentryUserException; - - TSentryPrivilege grantDatabasePrivilege(String requestorUserName, String roleName, - String server, String db, String action) throws SentryUserException; - - TSentryPrivilege grantDatabasePrivilege(String requestorUserName, String roleName, - String server, String db, String action, Boolean grantOption) throws SentryUserException; - - TSentryPrivilege grantTablePrivilege(String requestorUserName, String roleName, - String server, String db, String table, String action) throws SentryUserException; - - TSentryPrivilege grantTablePrivilege(String requestorUserName, String roleName, - String server, String db, String table, String action, Boolean grantOption) - throws SentryUserException; - - TSentryPrivilege grantColumnPrivilege(String requestorUserName, String roleName, - String server, String db, String table, String columnName, String action) - throws SentryUserException; - - TSentryPrivilege grantColumnPrivilege(String requestorUserName, String roleName, - String server, String db, String table, String columnName, String action, Boolean grantOption) - throws SentryUserException; - - Set<TSentryPrivilege> grantColumnsPrivileges(String requestorUserName, String roleName, - String server, String db, String table, List<String> columnNames, String action) - throws SentryUserException; - - Set<TSentryPrivilege> grantColumnsPrivileges(String requestorUserName, String roleName, - String server, String db, String table, List<String> columnNames, String action, - Boolean grantOption) throws SentryUserException; - - Set<TSentryPrivilege> grantPrivileges(String requestorUserName, String - roleName, Set<TSentryPrivilege> privileges) throws SentryUserException; - - TSentryPrivilege grantPrivilege(String requestorUserName, String roleName, - TSentryPrivilege privilege) throws - SentryUserException; - - void revokeURIPrivilege(String requestorUserName, String roleName, String server, - String uri) throws SentryUserException; - - void revokeURIPrivilege(String requestorUserName, String roleName, String server, - String uri, Boolean grantOption) throws SentryUserException; - - void revokeServerPrivilege(String requestorUserName, String roleName, String server, - String action) throws SentryUserException; - - void revokeServerPrivilege(String requestorUserName, String roleName, String server, - String action, Boolean grantOption) throws SentryUserException; - - void revokeServerPrivilege(String requestorUserName, String roleName, String server, - boolean grantOption) throws SentryUserException; - - void revokeDatabasePrivilege(String requestorUserName, String roleName, String server, - String db, String action) throws SentryUserException; - - void revokeDatabasePrivilege(String requestorUserName, String roleName, String server, - String db, String action, Boolean grantOption) throws SentryUserException; - - void revokeTablePrivilege(String requestorUserName, String roleName, String server, - String db, String table, String action) throws SentryUserException; - - void revokeTablePrivilege(String requestorUserName, String roleName, String server, - String db, String table, String action, Boolean grantOption) throws SentryUserException; - - void revokeColumnPrivilege(String requestorUserName, String roleName, String server, - String db, String table, String columnName, String action) throws SentryUserException; - - void revokeColumnPrivilege(String requestorUserName, String roleName, String server, - String db, String table, String columnName, String action, Boolean grantOption) - throws SentryUserException; - - void revokeColumnsPrivilege(String requestorUserName, String roleName, String server, - String db, String table, List<String> columns, String action) throws SentryUserException; - - void revokeColumnsPrivilege(String requestorUserName, String roleName, String server, - String db, String table, List<String> columns, String action, Boolean grantOption) - throws SentryUserException; - - void revokePrivileges(String requestorUserName, String roleName, Set<TSentryPrivilege> privileges) - throws SentryUserException; - - void revokePrivilege(String requestorUserName, String roleName, TSentryPrivilege privilege) - throws SentryUserException; - - Set<String> listPrivilegesForProvider(Set<String> groups, Set<String> users, - ActiveRoleSet roleSet, Authorizable... authorizable) throws SentryUserException; - - void grantRoleToGroup(String requestorUserName, String groupName, String roleName) - throws SentryUserException; - - void revokeRoleFromGroup(String requestorUserName, String groupName, String roleName) - throws SentryUserException; - - void grantRoleToGroups(String requestorUserName, String roleName, Set<String> groups) - throws SentryUserException; - - void revokeRoleFromGroups(String requestorUserName, String roleName, Set<String> groups) - throws SentryUserException; - - void grantRoleToUser(String requestorUserName, String userName, String roleName) - throws SentryUserException; - - void revokeRoleFromUser(String requestorUserName, String userName, String roleName) - throws SentryUserException; - - void grantRoleToUsers(String requestorUserName, String roleName, Set<String> users) - throws SentryUserException; - - void revokeRoleFromUsers(String requestorUserName, String roleName, Set<String> users) - throws SentryUserException; - - void dropPrivileges(String requestorUserName, - List<? extends Authorizable> authorizableObjects) throws SentryUserException; - - void renamePrivileges(String requestorUserName, - List<? extends Authorizable> oldAuthorizables, List<? extends Authorizable> newAuthorizables) - throws SentryUserException; - - Map<TSentryAuthorizable, TSentryPrivilegeMap> listPrivilegsbyAuthorizable( - String requestorUserName, Set<List<? extends Authorizable>> authorizables, - Set<String> groups, ActiveRoleSet roleSet) throws SentryUserException; - - /** - * Returns the configuration value in the sentry server associated with propertyName, or if - * propertyName does not exist, the defaultValue. There is no "requestorUserName" because this is - * regarded as an internal interface. - * - * @param propertyName Config attribute to search for - * @param defaultValue String to return if not found - * @return The value of the propertyName - * @throws SentryUserException - */ - String getConfigValue(String propertyName, String defaultValue) throws SentryUserException; - - // Import the sentry mapping data with map structure - void importPolicy(Map<String, Map<String, Set<String>>> policyFileMappingData, - String requestorUserName, boolean isOverwriteRole) throws SentryUserException; - - // export the sentry mapping data with map structure - Map<String, Map<String, Set<String>>> exportPolicy(String requestorUserName, String objectPath) - throws SentryUserException; - - /** - * Requests the sentry server to synchronize all HMS notification events up to the specified id. - * The sentry server will return once it have processed the id specified.. - * - * @param id Requested HMS notification ID. - * @return The most recent processed notification ID. - */ - long syncNotifications(long id) throws SentryUserException; -}
