SENTRY-2206: Refactor out sentry api from sentry-provider-db to own module (Steve Moist, reviewed by Sergio Pena)
I had to revert this patch previously in order to remove some files that were removed after I committed this patch before. Change-Id: I75de264e145653d18b75c0be9619f8967102c49f Project: http://git-wip-us.apache.org/repos/asf/sentry/repo Commit: http://git-wip-us.apache.org/repos/asf/sentry/commit/48422f4c Tree: http://git-wip-us.apache.org/repos/asf/sentry/tree/48422f4c Diff: http://git-wip-us.apache.org/repos/asf/sentry/diff/48422f4c Branch: refs/heads/master Commit: 48422f4cc0995d5e0fd0d9705fba7cc3f8e13a40 Parents: edd8a7a Author: Sergio Pena <[email protected]> Authored: Tue May 15 16:39:29 2018 -0500 Committer: Sergio Pena <[email protected]> Committed: Tue May 15 16:39:29 2018 -0500 ---------------------------------------------------------------------- pom.xml | 5 +- .../authz/HBaseIndexerAuthzBinding.java | 4 +- .../binding/hive/authz/HiveAuthzBinding.java | 2 +- .../binding/hive/authz/SentryConfigTool.java | 2 +- .../DefaultSentryAccessController.java | 6 +- .../SentryMetastorePostEventListenerBaseV2.java | 2 +- .../hive/v2/util/SentryAuthorizerUtil.java | 6 +- .../authz/DefaultSentryAccessController.java | 6 +- .../binding/hive/authz/SentryConfigTool.java | 2 +- ...rySyncHMSNotificationsPostEventListener.java | 2 +- .../binding/util/SentryAuthorizerUtil.java | 12 +- ...rySyncHMSNotificationsPostEventListener.java | 2 +- .../sentry/kafka/binding/KafkaAuthBinding.java | 25 +- .../binding/solr/authz/SolrAuthzBinding.java | 12 +- .../sentry/sqoop/binding/SqoopAuthBinding.java | 20 +- .../apache/sentry/api/common/ApiConstants.java | 90 + .../sentry/service/common/ServiceConstants.java | 251 + sentry-dist/src/license/THIRD-PARTY.properties | 3 +- .../sentry/hdfs/SentryHdfsMetricsUtil.java | 2 +- .../org/apache/sentry/hdfs/SentryPlugin.java | 22 +- sentry-provider/sentry-provider-db/pom.xml | 100 +- .../thrift/SentryGenericPolicyService.java | 10416 ----------- .../TAlterSentryRoleAddGroupsRequest.java | 842 - .../TAlterSentryRoleAddGroupsResponse.java | 391 - .../TAlterSentryRoleDeleteGroupsRequest.java | 842 - .../TAlterSentryRoleDeleteGroupsResponse.java | 391 - .../TAlterSentryRoleGrantPrivilegeRequest.java | 798 - .../TAlterSentryRoleGrantPrivilegeResponse.java | 391 - .../TAlterSentryRoleRevokePrivilegeRequest.java | 798 - ...TAlterSentryRoleRevokePrivilegeResponse.java | 391 - .../generic/service/thrift/TAuthorizable.java | 490 - .../thrift/TCreateSentryRoleRequest.java | 692 - .../thrift/TCreateSentryRoleResponse.java | 391 - .../service/thrift/TDropPrivilegesRequest.java | 697 - .../service/thrift/TDropPrivilegesResponse.java | 391 - .../service/thrift/TDropSentryRoleRequest.java | 692 - .../service/thrift/TDropSentryRoleResponse.java | 391 - .../TListSentryPrivilegesByAuthRequest.java | 1112 -- .../TListSentryPrivilegesByAuthResponse.java | 569 - ...TListSentryPrivilegesForProviderRequest.java | 1011 - ...ListSentryPrivilegesForProviderResponse.java | 541 - .../thrift/TListSentryPrivilegesRequest.java | 957 - .../thrift/TListSentryPrivilegesResponse.java | 555 - .../service/thrift/TListSentryRolesRequest.java | 701 - .../thrift/TListSentryRolesResponse.java | 555 - .../thrift/TRenamePrivilegesRequest.java | 1002 - .../thrift/TRenamePrivilegesResponse.java | 391 - .../service/thrift/TSentryActiveRoleSet.java | 537 - .../service/thrift/TSentryGrantOption.java | 48 - .../service/thrift/TSentryPrivilege.java | 1080 -- .../service/thrift/TSentryPrivilegeMap.java | 490 - .../db/generic/service/thrift/TSentryRole.java | 539 - .../db/service/thrift/SentryPolicyService.java | 16422 ----------------- .../TAlterSentryRoleAddGroupsRequest.java | 746 - .../TAlterSentryRoleAddGroupsResponse.java | 394 - .../thrift/TAlterSentryRoleAddUsersRequest.java | 741 - .../TAlterSentryRoleAddUsersResponse.java | 394 - .../TAlterSentryRoleDeleteGroupsRequest.java | 746 - .../TAlterSentryRoleDeleteGroupsResponse.java | 394 - .../TAlterSentryRoleDeleteUsersRequest.java | 741 - .../TAlterSentryRoleDeleteUsersResponse.java | 394 - .../TAlterSentryRoleGrantPrivilegeRequest.java | 866 - .../TAlterSentryRoleGrantPrivilegeResponse.java | 669 - .../TAlterSentryRoleRevokePrivilegeRequest.java | 866 - ...TAlterSentryRoleRevokePrivilegeResponse.java | 394 - .../thrift/TCreateSentryRoleRequest.java | 591 - .../thrift/TCreateSentryRoleResponse.java | 394 - .../service/thrift/TDropPrivilegesRequest.java | 596 - .../service/thrift/TDropPrivilegesResponse.java | 394 - .../service/thrift/TDropSentryRoleRequest.java | 591 - .../service/thrift/TDropSentryRoleResponse.java | 394 - .../TListSentryPrivilegesByAuthRequest.java | 915 - .../TListSentryPrivilegesByAuthResponse.java | 571 - ...TListSentryPrivilegesForProviderRequest.java | 915 - ...ListSentryPrivilegesForProviderResponse.java | 544 - .../thrift/TListSentryPrivilegesRequest.java | 706 - .../thrift/TListSentryPrivilegesResponse.java | 558 - .../thrift/TListSentryRolesForUserRequest.java | 591 - .../service/thrift/TListSentryRolesRequest.java | 600 - .../thrift/TListSentryRolesResponse.java | 558 - .../thrift/TRenamePrivilegesRequest.java | 702 - .../thrift/TRenamePrivilegesResponse.java | 394 - .../db/service/thrift/TSentryActiveRoleSet.java | 537 - .../db/service/thrift/TSentryAuthorizable.java | 817 - .../thrift/TSentryConfigValueRequest.java | 600 - .../thrift/TSentryConfigValueResponse.java | 504 - .../thrift/TSentryExportMappingDataRequest.java | 600 - .../TSentryExportMappingDataResponse.java | 500 - .../db/service/thrift/TSentryGrantOption.java | 48 - .../db/service/thrift/TSentryGroup.java | 389 - .../thrift/TSentryImportMappingDataRequest.java | 693 - .../TSentryImportMappingDataResponse.java | 394 - .../db/service/thrift/TSentryMappingData.java | 898 - .../db/service/thrift/TSentryPrivilege.java | 1258 -- .../db/service/thrift/TSentryPrivilegeMap.java | 490 - .../provider/db/service/thrift/TSentryRole.java | 645 - .../db/service/thrift/TSentrySyncIDRequest.java | 484 - .../service/thrift/TSentrySyncIDResponse.java | 493 - .../service/thrift/TSentryResponseStatus.java | 598 - .../thrift/sentry_common_serviceConstants.java | 57 - .../thrift/SentryGenericPolicyProcessor.java | 829 + .../SentryGenericPolicyProcessorFactory.java | 44 + .../sentry/api/service/thrift/ConfServlet.java | 71 + .../api/service/thrift/LogLevelServlet.java | 122 + .../api/service/thrift/PubSubServlet.java | 128 + .../api/service/thrift/SentryAdminServlet.java | 132 + .../api/service/thrift/SentryAuthFilter.java | 89 + ...SentryHealthCheckServletContextListener.java | 35 + .../api/service/thrift/SentryMetrics.java | 413 + .../SentryMetricsServletContextListener.java | 32 + .../thrift/SentryPolicyStoreProcessor.java | 1236 ++ .../SentryPolicyStoreProcessorFactory.java | 43 + .../api/service/thrift/SentryWebServer.java | 240 + .../provider/db/SentryPolicyStorePlugin.java | 16 +- .../provider/db/SimpleDBProviderBackend.java | 8 +- .../generic/SentryGenericProviderBackend.java | 24 +- .../provider/db/generic/UpdatableCache.java | 10 +- .../service/persistent/DelegateSentryStore.java | 8 +- .../persistent/PrivilegeOperatePersistence.java | 2 +- .../service/thrift/NotificationHandler.java | 45 - .../thrift/NotificationHandlerInvoker.java | 163 - .../thrift/SentryGenericPolicyProcessor.java | 831 - .../SentryGenericPolicyProcessorFactory.java | 43 - .../SentryGenericPolicyProcessorWrapper.java | 39 - .../thrift/SentryGenericServiceClient.java | 194 - .../SentryGenericServiceClientDefaultImpl.java | 559 - .../SentryGenericServiceClientFactory.java | 123 - .../tools/GenericPrivilegeConverter.java | 6 +- .../tools/TSentryPrivilegeConverter.java | 2 +- .../db/log/entity/JsonLogEntityFactory.java | 66 +- .../provider/db/log/util/CommandUtil.java | 20 +- .../sentry/provider/db/log/util/Constants.java | 26 +- .../db/service/persistent/HAContext.java | 2 +- .../db/service/persistent/HMSFollower.java | 2 +- .../service/persistent/LeaderStatusMonitor.java | 2 +- .../persistent/NotificationProcessor.java | 6 +- .../db/service/persistent/SentryStore.java | 22 +- .../service/persistent/TransactionManager.java | 4 +- .../provider/db/service/thrift/ConfServlet.java | 71 - .../db/service/thrift/LogLevelServlet.java | 122 - .../db/service/thrift/NotificationHandler.java | 73 - .../thrift/NotificationHandlerInvoker.java | 164 - .../db/service/thrift/PubSubServlet.java | 128 - .../db/service/thrift/SentryAdminServlet.java | 132 - .../db/service/thrift/SentryAuthFilter.java | 89 - ...SentryHealthCheckServletContextListener.java | 35 - .../db/service/thrift/SentryMetrics.java | 413 - .../SentryMetricsServletContextListener.java | 32 - .../thrift/SentryPolicyServiceClient.java | 227 - .../SentryPolicyServiceClientDefaultImpl.java | 1081 -- .../thrift/SentryPolicyStoreProcessor.java | 1238 -- .../SentryPolicyStoreProcessorFactory.java | 42 - .../service/thrift/SentryProcessorWrapper.java | 38 - .../db/service/thrift/SentryWebServer.java | 240 - .../GrantPrivilegeRequestValidator.java | 91 - .../RevokePrivilegeRequestValidator.java | 46 - .../service/thrift/FullUpdateInitializer.java | 2 +- .../sentry/service/thrift/GSSCallback.java | 2 +- .../thrift/HiveSimpleConnectionFactory.java | 2 +- .../sentry/service/thrift/SentryHMSClient.java | 2 +- .../sentry/service/thrift/SentryService.java | 14 +- .../thrift/SentryServiceClientFactory.java | 4 +- .../service/thrift/SentryServiceUtil.java | 316 - .../sentry/service/thrift/ServiceConstants.java | 316 - .../apache/sentry/service/thrift/Status.java | 132 - .../main/resources/sentry_common_service.thrift | 44 - .../sentry_generic_policy_service.thrift | 278 - .../main/resources/sentry_policy_service.thrift | 364 - .../SentryGenericServiceIntegrationBase.java | 73 + .../TestAuditLogForSentryGenericService.java | 296 + .../TestSentryGenericPolicyProcessor.java | 364 + .../thrift/TestSentryGenericServiceClient.java | 61 + .../TestSentryGenericServiceIntegration.java | 503 + .../service/thrift/SentryMiniKdcTestcase.java | 68 + .../TestAuthorizingDDLAuditLogWithKerberos.java | 295 + .../thrift/TestConnectionWithTicketTimeout.java | 57 + .../thrift/TestNotificationHandlerInvoker.java | 102 + .../thrift/TestSentryPolicyServiceClient.java | 64 + .../thrift/TestSentryPolicyStoreProcessor.java | 81 + .../TestSentryServerForPoolWithoutKerberos.java | 35 + .../thrift/TestSentryServerLogLevel.java | 100 + .../service/thrift/TestSentryServerPubSub.java | 181 + .../thrift/TestSentryServerWithoutKerberos.java | 214 + .../thrift/TestSentryServiceClientPool.java | 111 + .../thrift/TestSentryServiceFailureCase.java | 75 + .../TestSentryServiceForPoolWithKerberos.java | 35 + .../thrift/TestSentryServiceImportExport.java | 751 + .../thrift/TestSentryServiceIntegration.java | 1102 ++ .../thrift/TestSentryServiceMetrics.java | 86 + .../TestSentryServiceWithInvalidMsgSize.java | 122 + .../thrift/TestSentryServiceWithKerberos.java | 58 + .../thrift/TestSentryWebServerWithKerberos.java | 175 + .../thrift/TestSentryWebServerWithSSL.java | 64 + .../TestSentryWebServerWithoutSecurity.java | 95 + .../TestSentryGenericProviderBackend.java | 8 +- .../persistent/SentryStoreIntegrationBase.java | 2 +- .../TestPrivilegeOperatePersistence.java | 2 +- .../service/persistent/TestSentryRole.java | 2 +- .../SentryGenericServiceIntegrationBase.java | 73 - .../TestAuditLogForSentryGenericService.java | 296 - .../TestSentryGenericPolicyProcessor.java | 364 - .../thrift/TestSentryGenericServiceClient.java | 61 - .../TestSentryGenericServiceIntegration.java | 503 - .../db/log/entity/TestJsonLogEntityFactory.java | 34 +- .../log/entity/TestJsonLogEntityFactoryGM.java | 32 +- .../provider/db/log/util/TestCommandUtil.java | 38 +- .../db/service/persistent/TestHMSFollower.java | 4 +- .../TestHMSFollowerSentryStoreIntegration.java | 4 +- .../persistent/TestLeaderStatusMonitor.java | 2 +- .../persistent/TestNotificationProcessor.java | 4 +- .../db/service/persistent/TestSentryStore.java | 18 +- .../persistent/TestSentryStoreImportExport.java | 12 +- .../service/persistent/TestSentryVersion.java | 4 +- .../service/thrift/SentryMiniKdcTestcase.java | 68 - .../TestAuthorizingDDLAuditLogWithKerberos.java | 295 - .../thrift/TestConnectionWithTicketTimeout.java | 57 - .../thrift/TestNotificationHandlerInvoker.java | 102 - .../thrift/TestSentryPolicyServiceClient.java | 64 - .../thrift/TestSentryPolicyStoreProcessor.java | 81 - .../TestSentryServerForPoolWithoutKerberos.java | 35 - .../thrift/TestSentryServerLogLevel.java | 100 - .../service/thrift/TestSentryServerPubSub.java | 181 - .../thrift/TestSentryServerWithoutKerberos.java | 214 - .../thrift/TestSentryServiceClientPool.java | 111 - .../thrift/TestSentryServiceFailureCase.java | 75 - .../TestSentryServiceForPoolWithKerberos.java | 35 - .../thrift/TestSentryServiceImportExport.java | 751 - .../thrift/TestSentryServiceIntegration.java | 1102 -- .../thrift/TestSentryServiceMetrics.java | 86 - .../TestSentryServiceWithInvalidMsgSize.java | 121 - .../thrift/TestSentryServiceWithKerberos.java | 58 - .../thrift/TestSentryWebServerWithKerberos.java | 175 - .../thrift/TestSentryWebServerWithSSL.java | 64 - .../TestSentryWebServerWithoutSecurity.java | 95 - .../thrift/SentryServiceIntegrationBase.java | 17 +- sentry-service/pom.xml | 36 + sentry-service/sentry-service-api/pom.xml | 200 + .../thrift/SentryGenericPolicyService.java | 10416 +++++++++++ .../TAlterSentryRoleAddGroupsRequest.java | 842 + .../TAlterSentryRoleAddGroupsResponse.java | 391 + .../TAlterSentryRoleDeleteGroupsRequest.java | 842 + .../TAlterSentryRoleDeleteGroupsResponse.java | 391 + .../TAlterSentryRoleGrantPrivilegeRequest.java | 798 + .../TAlterSentryRoleGrantPrivilegeResponse.java | 391 + .../TAlterSentryRoleRevokePrivilegeRequest.java | 798 + ...TAlterSentryRoleRevokePrivilegeResponse.java | 391 + .../api/generic/thrift/TAuthorizable.java | 490 + .../thrift/TCreateSentryRoleRequest.java | 692 + .../thrift/TCreateSentryRoleResponse.java | 391 + .../generic/thrift/TDropPrivilegesRequest.java | 697 + .../generic/thrift/TDropPrivilegesResponse.java | 391 + .../generic/thrift/TDropSentryRoleRequest.java | 692 + .../generic/thrift/TDropSentryRoleResponse.java | 391 + .../TListSentryPrivilegesByAuthRequest.java | 1112 ++ .../TListSentryPrivilegesByAuthResponse.java | 569 + ...TListSentryPrivilegesForProviderRequest.java | 1011 + ...ListSentryPrivilegesForProviderResponse.java | 541 + .../thrift/TListSentryPrivilegesRequest.java | 957 + .../thrift/TListSentryPrivilegesResponse.java | 555 + .../generic/thrift/TListSentryRolesRequest.java | 701 + .../thrift/TListSentryRolesResponse.java | 555 + .../thrift/TRenamePrivilegesRequest.java | 1002 + .../thrift/TRenamePrivilegesResponse.java | 391 + .../generic/thrift/TSentryActiveRoleSet.java | 537 + .../api/generic/thrift/TSentryGrantOption.java | 48 + .../api/generic/thrift/TSentryPrivilege.java | 1080 ++ .../api/generic/thrift/TSentryPrivilegeMap.java | 490 + .../sentry/api/generic/thrift/TSentryRole.java | 539 + .../api/service/thrift/SentryPolicyService.java | 16422 +++++++++++++++++ .../TAlterSentryRoleAddGroupsRequest.java | 746 + .../TAlterSentryRoleAddGroupsResponse.java | 394 + .../thrift/TAlterSentryRoleAddUsersRequest.java | 741 + .../TAlterSentryRoleAddUsersResponse.java | 394 + .../TAlterSentryRoleDeleteGroupsRequest.java | 746 + .../TAlterSentryRoleDeleteGroupsResponse.java | 394 + .../TAlterSentryRoleDeleteUsersRequest.java | 741 + .../TAlterSentryRoleDeleteUsersResponse.java | 394 + .../TAlterSentryRoleGrantPrivilegeRequest.java | 866 + .../TAlterSentryRoleGrantPrivilegeResponse.java | 669 + .../TAlterSentryRoleRevokePrivilegeRequest.java | 866 + ...TAlterSentryRoleRevokePrivilegeResponse.java | 394 + .../thrift/TCreateSentryRoleRequest.java | 591 + .../thrift/TCreateSentryRoleResponse.java | 394 + .../service/thrift/TDropPrivilegesRequest.java | 596 + .../service/thrift/TDropPrivilegesResponse.java | 394 + .../service/thrift/TDropSentryRoleRequest.java | 591 + .../service/thrift/TDropSentryRoleResponse.java | 394 + .../TListSentryPrivilegesByAuthRequest.java | 915 + .../TListSentryPrivilegesByAuthResponse.java | 571 + ...TListSentryPrivilegesForProviderRequest.java | 915 + ...ListSentryPrivilegesForProviderResponse.java | 544 + .../thrift/TListSentryPrivilegesRequest.java | 706 + .../thrift/TListSentryPrivilegesResponse.java | 558 + .../thrift/TListSentryRolesForUserRequest.java | 591 + .../service/thrift/TListSentryRolesRequest.java | 600 + .../thrift/TListSentryRolesResponse.java | 558 + .../thrift/TRenamePrivilegesRequest.java | 702 + .../thrift/TRenamePrivilegesResponse.java | 394 + .../service/thrift/TSentryActiveRoleSet.java | 537 + .../api/service/thrift/TSentryAuthorizable.java | 817 + .../thrift/TSentryConfigValueRequest.java | 600 + .../thrift/TSentryConfigValueResponse.java | 504 + .../thrift/TSentryExportMappingDataRequest.java | 600 + .../TSentryExportMappingDataResponse.java | 500 + .../api/service/thrift/TSentryGrantOption.java | 48 + .../sentry/api/service/thrift/TSentryGroup.java | 389 + .../thrift/TSentryImportMappingDataRequest.java | 693 + .../TSentryImportMappingDataResponse.java | 394 + .../api/service/thrift/TSentryMappingData.java | 898 + .../api/service/thrift/TSentryPrivilege.java | 1258 ++ .../api/service/thrift/TSentryPrivilegeMap.java | 490 + .../sentry/api/service/thrift/TSentryRole.java | 645 + .../service/thrift/TSentrySyncIDRequest.java | 484 + .../service/thrift/TSentrySyncIDResponse.java | 493 + .../service/thrift/TSentryResponseStatus.java | 598 + .../thrift/sentry_common_serviceConstants.java | 57 + .../sentry/api/common/SentryServiceUtil.java | 322 + .../org/apache/sentry/api/common/Status.java | 133 + .../sentry/api/common/ThriftConstants.java | 30 + .../api/generic/thrift/NotificationHandler.java | 45 + .../thrift/NotificationHandlerInvoker.java | 163 + .../SentryGenericPolicyProcessorWrapper.java | 39 + .../thrift/SentryGenericServiceClient.java | 194 + .../SentryGenericServiceClientDefaultImpl.java | 560 + .../SentryGenericServiceClientFactory.java | 123 + .../api/service/thrift/NotificationHandler.java | 73 + .../thrift/NotificationHandlerInvoker.java | 164 + .../thrift/SentryPolicyServiceClient.java | 227 + .../SentryPolicyServiceClientDefaultImpl.java | 1082 ++ .../service/thrift/SentryProcessorWrapper.java | 38 + .../GrantPrivilegeRequestValidator.java | 91 + .../RevokePrivilegeRequestValidator.java | 46 + .../api/tools/GenericPrivilegeConverter.java | 190 + .../api/tools/TSentryPrivilegeConverter.java | 34 + .../main/resources/sentry_common_service.thrift | 44 + .../sentry_generic_policy_service.thrift | 278 + .../main/resources/sentry_policy_service.thrift | 364 + .../TestSentryWebServiceForAuthTypeNone.java | 2 +- .../e2e/dbprovider/TestConcurrentClients.java | 2 +- .../tests/e2e/hdfs/TestHDFSIntegration.java | 2 +- .../AbstractTestWithStaticConfiguration.java | 2 +- .../metastore/SentryPolicyProviderForDb.java | 4 +- .../dbprovider/AbstractTestWithDbProvider.java | 4 +- .../e2e/dbprovider/TestConcurrentClients.java | 6 +- .../tests/e2e/hdfs/TestHDFSIntegrationBase.java | 4 +- .../hdfs/TestHDFSIntegrationTogglingConf.java | 2 +- .../AbstractTestWithStaticConfiguration.java | 6 +- .../metastore/SentryPolicyProviderForDb.java | 4 +- .../tests/e2e/minisentry/InternalSentrySrv.java | 2 +- .../e2e/kafka/AbstractKafkaSentryTestBase.java | 12 +- .../sentry/tests/e2e/kafka/TestAuthorize.java | 8 +- .../e2e/solr/SolrSentryServiceTestBase.java | 8 +- .../sentry/tests/e2e/solr/TestSentryServer.java | 12 +- .../e2e/sqoop/AbstractSqoopSentryTestBase.java | 16 +- .../tools/PermissionsMigrationToolCommon.java | 10 +- .../cli/tools/SentryConfigToolIndexer.java | 10 +- .../sentry/cli/tools/SentryConfigToolSolr.java | 6 +- .../sentry/cli/tools/SentrySchemaTool.java | 2 +- .../sentry/cli/tools/SentryShellGeneric.java | 8 +- .../sentry/cli/tools/SentryShellHive.java | 2 +- .../sentry/cli/tools/SentryShellIndexer.java | 4 +- .../cli/tools/command/GenericShellCommand.java | 8 +- .../cli/tools/command/hive/CommandUtil.java | 14 +- .../tools/command/hive/HiveShellCommand.java | 10 +- .../java/org/apache/sentry/shell/SentryCli.java | 14 +- .../org/apache/sentry/shell/TopLevelShell.java | 8 +- .../tools/TestPermissionsMigrationToolSolr.java | 11 +- .../cli/tools/TestSentryConfigToolIndexer.java | 12 +- .../cli/tools/TestSentryConfigToolSolr.java | 9 +- .../sentry/cli/tools/TestSentrySchemaTool.java | 2 +- .../sentry/cli/tools/TestSentryShellHive.java | 4 +- .../cli/tools/TestSentryShellIndexer.java | 10 +- .../sentry/cli/tools/TestSentryShellKafka.java | 6 +- .../sentry/cli/tools/TestSentryShellSolr.java | 6 +- .../sentry/cli/tools/TestSentryShellSqoop.java | 6 +- 375 files changed, 86699 insertions(+), 86260 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/sentry/blob/48422f4c/pom.xml ---------------------------------------------------------------------- diff --git a/pom.xml b/pom.xml index 262a9d8..3b80e03 100644 --- a/pom.xml +++ b/pom.xml @@ -756,6 +756,7 @@ limitations under the License. <module>sentry-tests</module> <module>sentry-hdfs</module> <module>sentry-tools</module> + <module>sentry-service</module> <module>sentry-dist</module> </modules> @@ -1045,9 +1046,9 @@ limitations under the License. <excludes combine.children="append"> <exclude>%regex[org.apache.sentry.tests.e2e.*.class]</exclude> <exclude>%regex[org.apache.sentry.binding.hive.TestURI.class]</exclude> - <exclude>%regex[org.apache.sentry.provider.db.service.thrift.*.class]</exclude> + <exclude>%regex[org.apache.sentry.api.service.thrift.*.class]</exclude> <exclude>%regex[org.apache.solr.handler.admin.*.class]</exclude> - <exclude>%regex[org.apache.sentry.provider.db.generic.service.thrift.*.class]</exclude> + <exclude>%regex[org.apache.sentry.api.generic.thrift.*.class]</exclude> <exclude>%regex[org.apache.sentry.cli.tools.*.class]</exclude> </excludes> </configuration> http://git-wip-us.apache.org/repos/asf/sentry/blob/48422f4c/sentry-binding/sentry-binding-hbase-indexer/src/main/java/org/apache/sentry/binding/hbaseindexer/authz/HBaseIndexerAuthzBinding.java ---------------------------------------------------------------------- diff --git a/sentry-binding/sentry-binding-hbase-indexer/src/main/java/org/apache/sentry/binding/hbaseindexer/authz/HBaseIndexerAuthzBinding.java b/sentry-binding/sentry-binding-hbase-indexer/src/main/java/org/apache/sentry/binding/hbaseindexer/authz/HBaseIndexerAuthzBinding.java index 71d1225..3e57cd4 100644 --- a/sentry-binding/sentry-binding-hbase-indexer/src/main/java/org/apache/sentry/binding/hbaseindexer/authz/HBaseIndexerAuthzBinding.java +++ b/sentry-binding/sentry-binding-hbase-indexer/src/main/java/org/apache/sentry/binding/hbaseindexer/authz/HBaseIndexerAuthzBinding.java @@ -33,7 +33,7 @@ import org.apache.sentry.policy.common.PolicyEngine; import org.apache.sentry.provider.common.AuthorizationProvider; import org.apache.sentry.provider.common.ProviderBackend; import org.apache.sentry.provider.common.ProviderBackendContext; -import org.apache.sentry.service.thrift.ServiceConstants; +import org.apache.sentry.api.common.ApiConstants; import org.slf4j.Logger; import org.slf4j.LoggerFactory; @@ -107,7 +107,7 @@ public class HBaseIndexerAuthzBinding { } // For SentryGenericProviderBackend - authzConf.set(ServiceConstants.ClientConfig.COMPONENT_TYPE, HBASE_INDEXER); + authzConf.set(ApiConstants.ClientConfig.COMPONENT_TYPE, HBASE_INDEXER); providerBackend = (ProviderBackend) providerBackendConstructor.newInstance(new Object[] {authzConf, resourceName}); http://git-wip-us.apache.org/repos/asf/sentry/blob/48422f4c/sentry-binding/sentry-binding-hive-common/src/main/java/org/apache/sentry/binding/hive/authz/HiveAuthzBinding.java ---------------------------------------------------------------------- diff --git a/sentry-binding/sentry-binding-hive-common/src/main/java/org/apache/sentry/binding/hive/authz/HiveAuthzBinding.java b/sentry-binding/sentry-binding-hive-common/src/main/java/org/apache/sentry/binding/hive/authz/HiveAuthzBinding.java index 7565a34..f1cbbb6 100644 --- a/sentry-binding/sentry-binding-hive-common/src/main/java/org/apache/sentry/binding/hive/authz/HiveAuthzBinding.java +++ b/sentry-binding/sentry-binding-hive-common/src/main/java/org/apache/sentry/binding/hive/authz/HiveAuthzBinding.java @@ -48,7 +48,7 @@ import org.apache.sentry.provider.cache.SimpleCacheProviderBackend; import org.apache.sentry.provider.common.AuthorizationProvider; import org.apache.sentry.provider.common.ProviderBackend; import org.apache.sentry.provider.common.ProviderBackendContext; -import org.apache.sentry.provider.db.service.thrift.TSentryRole; +import org.apache.sentry.api.service.thrift.TSentryRole; import org.slf4j.Logger; import org.slf4j.LoggerFactory; http://git-wip-us.apache.org/repos/asf/sentry/blob/48422f4c/sentry-binding/sentry-binding-hive-v2/src/main/java/org/apache/sentry/binding/hive/authz/SentryConfigTool.java ---------------------------------------------------------------------- diff --git a/sentry-binding/sentry-binding-hive-v2/src/main/java/org/apache/sentry/binding/hive/authz/SentryConfigTool.java b/sentry-binding/sentry-binding-hive-v2/src/main/java/org/apache/sentry/binding/hive/authz/SentryConfigTool.java index 1dc8f01..f6b4518 100644 --- a/sentry-binding/sentry-binding-hive-v2/src/main/java/org/apache/sentry/binding/hive/authz/SentryConfigTool.java +++ b/sentry-binding/sentry-binding-hive-v2/src/main/java/org/apache/sentry/binding/hive/authz/SentryConfigTool.java @@ -53,7 +53,7 @@ import org.apache.sentry.core.common.exception.SentryConfigurationException; import org.apache.sentry.core.common.Subject; import org.apache.sentry.core.model.db.Server; import org.apache.sentry.provider.common.AuthorizationProvider; -import org.apache.sentry.provider.db.service.thrift.SentryPolicyServiceClient; +import org.apache.sentry.api.service.thrift.SentryPolicyServiceClient; import org.apache.sentry.service.thrift.SentryServiceClientFactory; /** http://git-wip-us.apache.org/repos/asf/sentry/blob/48422f4c/sentry-binding/sentry-binding-hive-v2/src/main/java/org/apache/sentry/binding/hive/v2/authorizer/DefaultSentryAccessController.java ---------------------------------------------------------------------- diff --git a/sentry-binding/sentry-binding-hive-v2/src/main/java/org/apache/sentry/binding/hive/v2/authorizer/DefaultSentryAccessController.java b/sentry-binding/sentry-binding-hive-v2/src/main/java/org/apache/sentry/binding/hive/v2/authorizer/DefaultSentryAccessController.java index 13ee2cf..f21f920 100644 --- a/sentry-binding/sentry-binding-hive-v2/src/main/java/org/apache/sentry/binding/hive/v2/authorizer/DefaultSentryAccessController.java +++ b/sentry-binding/sentry-binding-hive-v2/src/main/java/org/apache/sentry/binding/hive/v2/authorizer/DefaultSentryAccessController.java @@ -49,9 +49,9 @@ import org.apache.sentry.core.common.exception.SentryUserException; import org.apache.sentry.core.model.db.AccessConstants; import org.apache.sentry.core.model.db.DBModelAuthorizable; import org.apache.sentry.core.model.db.Server; -import org.apache.sentry.provider.db.service.thrift.SentryPolicyServiceClient; -import org.apache.sentry.provider.db.service.thrift.TSentryPrivilege; -import org.apache.sentry.provider.db.service.thrift.TSentryRole; +import org.apache.sentry.api.service.thrift.SentryPolicyServiceClient; +import org.apache.sentry.api.service.thrift.TSentryPrivilege; +import org.apache.sentry.api.service.thrift.TSentryRole; import org.apache.sentry.service.thrift.SentryServiceClientFactory; import org.slf4j.Logger; import org.slf4j.LoggerFactory; http://git-wip-us.apache.org/repos/asf/sentry/blob/48422f4c/sentry-binding/sentry-binding-hive-v2/src/main/java/org/apache/sentry/binding/hive/v2/metastore/SentryMetastorePostEventListenerBaseV2.java ---------------------------------------------------------------------- diff --git a/sentry-binding/sentry-binding-hive-v2/src/main/java/org/apache/sentry/binding/hive/v2/metastore/SentryMetastorePostEventListenerBaseV2.java b/sentry-binding/sentry-binding-hive-v2/src/main/java/org/apache/sentry/binding/hive/v2/metastore/SentryMetastorePostEventListenerBaseV2.java index 567e9fa..642e873 100644 --- a/sentry-binding/sentry-binding-hive-v2/src/main/java/org/apache/sentry/binding/hive/v2/metastore/SentryMetastorePostEventListenerBaseV2.java +++ b/sentry-binding/sentry-binding-hive-v2/src/main/java/org/apache/sentry/binding/hive/v2/metastore/SentryMetastorePostEventListenerBaseV2.java @@ -44,7 +44,7 @@ import org.apache.sentry.core.model.db.Database; import org.apache.sentry.core.model.db.Server; import org.apache.sentry.core.model.db.Table; import org.apache.sentry.provider.db.SentryMetastoreListenerPlugin; -import org.apache.sentry.provider.db.service.thrift.SentryPolicyServiceClient; +import org.apache.sentry.api.service.thrift.SentryPolicyServiceClient; import org.apache.sentry.service.thrift.SentryServiceClientFactory; import org.apache.sentry.service.thrift.ServiceConstants.ConfUtilties; import org.apache.sentry.service.thrift.ServiceConstants.ServerConfig; http://git-wip-us.apache.org/repos/asf/sentry/blob/48422f4c/sentry-binding/sentry-binding-hive-v2/src/main/java/org/apache/sentry/binding/hive/v2/util/SentryAuthorizerUtil.java ---------------------------------------------------------------------- diff --git a/sentry-binding/sentry-binding-hive-v2/src/main/java/org/apache/sentry/binding/hive/v2/util/SentryAuthorizerUtil.java b/sentry-binding/sentry-binding-hive-v2/src/main/java/org/apache/sentry/binding/hive/v2/util/SentryAuthorizerUtil.java index 35bd68c..32479d8 100644 --- a/sentry-binding/sentry-binding-hive-v2/src/main/java/org/apache/sentry/binding/hive/v2/util/SentryAuthorizerUtil.java +++ b/sentry-binding/sentry-binding-hive-v2/src/main/java/org/apache/sentry/binding/hive/v2/util/SentryAuthorizerUtil.java @@ -49,9 +49,9 @@ import org.apache.sentry.core.model.db.DBModelAuthorizable; import org.apache.sentry.core.model.db.Database; import org.apache.sentry.core.model.db.Server; import org.apache.sentry.core.model.db.Table; -import org.apache.sentry.provider.db.service.thrift.TSentryGrantOption; -import org.apache.sentry.provider.db.service.thrift.TSentryPrivilege; -import org.apache.sentry.provider.db.service.thrift.TSentryRole; +import org.apache.sentry.api.service.thrift.TSentryGrantOption; +import org.apache.sentry.api.service.thrift.TSentryPrivilege; +import org.apache.sentry.api.service.thrift.TSentryRole; import org.apache.sentry.service.thrift.ServiceConstants.PrivilegeScope; import org.slf4j.Logger; import org.slf4j.LoggerFactory; http://git-wip-us.apache.org/repos/asf/sentry/blob/48422f4c/sentry-binding/sentry-binding-hive/src/main/java/org/apache/sentry/binding/hive/authz/DefaultSentryAccessController.java ---------------------------------------------------------------------- diff --git a/sentry-binding/sentry-binding-hive/src/main/java/org/apache/sentry/binding/hive/authz/DefaultSentryAccessController.java b/sentry-binding/sentry-binding-hive/src/main/java/org/apache/sentry/binding/hive/authz/DefaultSentryAccessController.java index 2abe37e..fc2427c 100644 --- a/sentry-binding/sentry-binding-hive/src/main/java/org/apache/sentry/binding/hive/authz/DefaultSentryAccessController.java +++ b/sentry-binding/sentry-binding-hive/src/main/java/org/apache/sentry/binding/hive/authz/DefaultSentryAccessController.java @@ -50,9 +50,9 @@ import org.apache.sentry.core.common.exception.SentryUserException; import org.apache.sentry.core.model.db.AccessConstants; import org.apache.sentry.core.model.db.DBModelAuthorizable; import org.apache.sentry.core.model.db.Server; -import org.apache.sentry.provider.db.service.thrift.SentryPolicyServiceClient; -import org.apache.sentry.provider.db.service.thrift.TSentryPrivilege; -import org.apache.sentry.provider.db.service.thrift.TSentryRole; +import org.apache.sentry.api.service.thrift.SentryPolicyServiceClient; +import org.apache.sentry.api.service.thrift.TSentryPrivilege; +import org.apache.sentry.api.service.thrift.TSentryRole; import org.apache.sentry.service.thrift.SentryServiceClientFactory; import org.slf4j.Logger; import org.slf4j.LoggerFactory; http://git-wip-us.apache.org/repos/asf/sentry/blob/48422f4c/sentry-binding/sentry-binding-hive/src/main/java/org/apache/sentry/binding/hive/authz/SentryConfigTool.java ---------------------------------------------------------------------- diff --git a/sentry-binding/sentry-binding-hive/src/main/java/org/apache/sentry/binding/hive/authz/SentryConfigTool.java b/sentry-binding/sentry-binding-hive/src/main/java/org/apache/sentry/binding/hive/authz/SentryConfigTool.java index c23547a..5f1e3e9 100644 --- a/sentry-binding/sentry-binding-hive/src/main/java/org/apache/sentry/binding/hive/authz/SentryConfigTool.java +++ b/sentry-binding/sentry-binding-hive/src/main/java/org/apache/sentry/binding/hive/authz/SentryConfigTool.java @@ -43,7 +43,7 @@ import org.apache.sentry.core.common.Subject; import org.apache.sentry.core.common.exception.SentryConfigurationException; import org.apache.sentry.core.model.db.Server; import org.apache.sentry.provider.common.AuthorizationProvider; -import org.apache.sentry.provider.db.service.thrift.SentryPolicyServiceClient; +import org.apache.sentry.api.service.thrift.SentryPolicyServiceClient; import org.apache.sentry.service.thrift.SentryServiceClientFactory; import java.security.CodeSource; http://git-wip-us.apache.org/repos/asf/sentry/blob/48422f4c/sentry-binding/sentry-binding-hive/src/main/java/org/apache/sentry/binding/metastore/SentrySyncHMSNotificationsPostEventListener.java ---------------------------------------------------------------------- diff --git a/sentry-binding/sentry-binding-hive/src/main/java/org/apache/sentry/binding/metastore/SentrySyncHMSNotificationsPostEventListener.java b/sentry-binding/sentry-binding-hive/src/main/java/org/apache/sentry/binding/metastore/SentrySyncHMSNotificationsPostEventListener.java index 24d7763..7b2d8be 100644 --- a/sentry-binding/sentry-binding-hive/src/main/java/org/apache/sentry/binding/metastore/SentrySyncHMSNotificationsPostEventListener.java +++ b/sentry-binding/sentry-binding-hive/src/main/java/org/apache/sentry/binding/metastore/SentrySyncHMSNotificationsPostEventListener.java @@ -33,7 +33,7 @@ import org.apache.hadoop.hive.metastore.events.DropPartitionEvent; import org.apache.hadoop.hive.metastore.events.DropTableEvent; import org.apache.hadoop.hive.metastore.events.ListenerEvent; import org.apache.sentry.binding.hive.conf.HiveAuthzConf; -import org.apache.sentry.provider.db.service.thrift.SentryPolicyServiceClient; +import org.apache.sentry.api.service.thrift.SentryPolicyServiceClient; import org.apache.sentry.service.thrift.SentryServiceClientFactory; import org.slf4j.Logger; import org.slf4j.LoggerFactory; http://git-wip-us.apache.org/repos/asf/sentry/blob/48422f4c/sentry-binding/sentry-binding-hive/src/main/java/org/apache/sentry/binding/util/SentryAuthorizerUtil.java ---------------------------------------------------------------------- diff --git a/sentry-binding/sentry-binding-hive/src/main/java/org/apache/sentry/binding/util/SentryAuthorizerUtil.java b/sentry-binding/sentry-binding-hive/src/main/java/org/apache/sentry/binding/util/SentryAuthorizerUtil.java index 1c41639..dd6936c 100644 --- a/sentry-binding/sentry-binding-hive/src/main/java/org/apache/sentry/binding/util/SentryAuthorizerUtil.java +++ b/sentry-binding/sentry-binding-hive/src/main/java/org/apache/sentry/binding/util/SentryAuthorizerUtil.java @@ -50,10 +50,10 @@ import org.apache.sentry.core.model.db.DBModelAuthorizable; import org.apache.sentry.core.model.db.Database; import org.apache.sentry.core.model.db.Server; import org.apache.sentry.core.model.db.Table; -import org.apache.sentry.provider.db.service.thrift.TSentryGrantOption; -import org.apache.sentry.provider.db.service.thrift.TSentryPrivilege; -import org.apache.sentry.provider.db.service.thrift.TSentryRole; -import org.apache.sentry.service.thrift.ServiceConstants.PrivilegeScope; +import org.apache.sentry.api.common.ApiConstants; +import org.apache.sentry.api.service.thrift.TSentryGrantOption; +import org.apache.sentry.api.service.thrift.TSentryPrivilege; +import org.apache.sentry.api.service.thrift.TSentryRole; import org.slf4j.Logger; import org.slf4j.LoggerFactory; @@ -239,7 +239,7 @@ public class SentryAuthorizerUtil { */ public static HivePrivilegeObject convert2HivePrivilegeObject(TSentryPrivilege tSentryPrivilege) { HivePrivilegeObject privilege = null; - switch (PrivilegeScope.valueOf(tSentryPrivilege.getPrivilegeScope())) { + switch (ApiConstants.PrivilegeScope.valueOf(tSentryPrivilege.getPrivilegeScope())) { case SERVER: privilege = new HivePrivilegeObject(HivePrivilegeObjectType.GLOBAL, "*", null); break; @@ -271,7 +271,7 @@ public class SentryAuthorizerUtil { } default: LOG.warn("Unknown PrivilegeScope: " - + PrivilegeScope.valueOf(tSentryPrivilege.getPrivilegeScope())); + + ApiConstants.PrivilegeScope.valueOf(tSentryPrivilege.getPrivilegeScope())); break; } return privilege; http://git-wip-us.apache.org/repos/asf/sentry/blob/48422f4c/sentry-binding/sentry-binding-hive/src/test/java/org/apache/sentry/binding/metastore/TestSentrySyncHMSNotificationsPostEventListener.java ---------------------------------------------------------------------- diff --git a/sentry-binding/sentry-binding-hive/src/test/java/org/apache/sentry/binding/metastore/TestSentrySyncHMSNotificationsPostEventListener.java b/sentry-binding/sentry-binding-hive/src/test/java/org/apache/sentry/binding/metastore/TestSentrySyncHMSNotificationsPostEventListener.java index cca326b..fc1c3d5 100644 --- a/sentry-binding/sentry-binding-hive/src/test/java/org/apache/sentry/binding/metastore/TestSentrySyncHMSNotificationsPostEventListener.java +++ b/sentry-binding/sentry-binding-hive/src/test/java/org/apache/sentry/binding/metastore/TestSentrySyncHMSNotificationsPostEventListener.java @@ -27,7 +27,7 @@ import org.apache.hadoop.hive.metastore.events.DropTableEvent; import org.apache.hadoop.hive.metastore.events.ListenerEvent; import org.apache.sentry.binding.hive.conf.HiveAuthzConf; import org.apache.sentry.core.common.exception.SentryUserException; -import org.apache.sentry.provider.db.service.thrift.SentryPolicyServiceClient; +import org.apache.sentry.api.service.thrift.SentryPolicyServiceClient; import org.junit.Before; import org.junit.Rule; import org.junit.Test; http://git-wip-us.apache.org/repos/asf/sentry/blob/48422f4c/sentry-binding/sentry-binding-kafka/src/main/java/org/apache/sentry/kafka/binding/KafkaAuthBinding.java ---------------------------------------------------------------------- diff --git a/sentry-binding/sentry-binding-kafka/src/main/java/org/apache/sentry/kafka/binding/KafkaAuthBinding.java b/sentry-binding/sentry-binding-kafka/src/main/java/org/apache/sentry/kafka/binding/KafkaAuthBinding.java index e4abdc7..07b21b9 100644 --- a/sentry-binding/sentry-binding-kafka/src/main/java/org/apache/sentry/kafka/binding/KafkaAuthBinding.java +++ b/sentry-binding/sentry-binding-kafka/src/main/java/org/apache/sentry/kafka/binding/KafkaAuthBinding.java @@ -56,13 +56,14 @@ import org.apache.sentry.provider.common.AuthorizationProvider; import org.apache.sentry.provider.common.ProviderBackend; import org.apache.sentry.provider.common.ProviderBackendContext; import org.apache.sentry.provider.db.generic.SentryGenericProviderBackend; -import org.apache.sentry.provider.db.generic.service.thrift.SentryGenericServiceClient; -import org.apache.sentry.provider.db.generic.service.thrift.SentryGenericServiceClientFactory; -import org.apache.sentry.provider.db.generic.service.thrift.TAuthorizable; -import org.apache.sentry.provider.db.generic.service.thrift.TSentryPrivilege; -import org.apache.sentry.provider.db.generic.service.thrift.TSentryRole; -import org.apache.sentry.provider.db.generic.tools.GenericPrivilegeConverter; -import org.apache.sentry.service.thrift.ServiceConstants; +import org.apache.sentry.api.generic.thrift.SentryGenericServiceClient; +import org.apache.sentry.api.generic.thrift.SentryGenericServiceClientFactory; +import org.apache.sentry.api.generic.thrift.TAuthorizable; +import org.apache.sentry.api.generic.thrift.TSentryPrivilege; +import org.apache.sentry.api.generic.thrift.TSentryRole; +import org.apache.sentry.api.common.ApiConstants; +import org.apache.sentry.api.tools.GenericPrivilegeConverter; +import org.apache.sentry.service.common.ServiceConstants; import org.slf4j.Logger; import org.slf4j.LoggerFactory; import scala.Option; @@ -159,23 +160,23 @@ public class KafkaAuthBinding { if (enableCachingConfig != null) { String enableCaching = enableCachingConfig.toString(); if (Boolean.parseBoolean(enableCaching)) { - authConf.set(ServiceConstants.ClientConfig.ENABLE_CACHING, enableCaching); + authConf.set(ApiConstants.ClientConfig.ENABLE_CACHING, enableCaching); final Object cacheTtlMsConfig = kafkaConfigs .get(AuthzConfVars.AUTHZ_CACHING_TTL_MS_NAME.getVar()); if (cacheTtlMsConfig != null) { - authConf.set(ServiceConstants.ClientConfig.CACHE_TTL_MS, cacheTtlMsConfig.toString()); + authConf.set(ApiConstants.ClientConfig.CACHE_TTL_MS, cacheTtlMsConfig.toString()); } final Object cacheUpdateFailuresCountConfig = kafkaConfigs .get(AuthzConfVars.AUTHZ_CACHING_UPDATE_FAILURES_COUNT_NAME.getVar()); if (cacheUpdateFailuresCountConfig != null) { - authConf.set(ServiceConstants.ClientConfig.CACHE_UPDATE_FAILURES_BEFORE_PRIV_REVOKE, + authConf.set(ApiConstants.ClientConfig.CACHE_UPDATE_FAILURES_BEFORE_PRIV_REVOKE, cacheUpdateFailuresCountConfig.toString()); } - if (authConf.get(ServiceConstants.ClientConfig.PRIVILEGE_CONVERTER) == null) { - authConf.set(ServiceConstants.ClientConfig.PRIVILEGE_CONVERTER, + if (authConf.get(ApiConstants.ClientConfig.PRIVILEGE_CONVERTER) == null) { + authConf.set(ApiConstants.ClientConfig.PRIVILEGE_CONVERTER, GenericPrivilegeConverter.class.getName()); } } http://git-wip-us.apache.org/repos/asf/sentry/blob/48422f4c/sentry-binding/sentry-binding-solr/src/main/java/org/apache/sentry/binding/solr/authz/SolrAuthzBinding.java ---------------------------------------------------------------------- diff --git a/sentry-binding/sentry-binding-solr/src/main/java/org/apache/sentry/binding/solr/authz/SolrAuthzBinding.java b/sentry-binding/sentry-binding-solr/src/main/java/org/apache/sentry/binding/solr/authz/SolrAuthzBinding.java index 5c2a301..32a1fc1 100644 --- a/sentry-binding/sentry-binding-solr/src/main/java/org/apache/sentry/binding/solr/authz/SolrAuthzBinding.java +++ b/sentry-binding/sentry-binding-solr/src/main/java/org/apache/sentry/binding/solr/authz/SolrAuthzBinding.java @@ -48,10 +48,10 @@ import org.apache.sentry.provider.common.ProviderBackend; import org.apache.sentry.provider.common.ProviderBackendContext; import org.apache.sentry.provider.common.GroupMappingService; import org.apache.sentry.provider.db.generic.SentryGenericProviderBackend; -import org.apache.sentry.provider.db.generic.service.thrift.SentryGenericServiceClient; -import org.apache.sentry.provider.db.generic.service.thrift.SentryGenericServiceClientFactory; -import org.apache.sentry.provider.db.generic.tools.GenericPrivilegeConverter; -import org.apache.sentry.service.thrift.ServiceConstants; +import org.apache.sentry.api.generic.thrift.SentryGenericServiceClient; +import org.apache.sentry.api.generic.thrift.SentryGenericServiceClientFactory; +import org.apache.sentry.api.common.ApiConstants; +import org.apache.sentry.api.tools.GenericPrivilegeConverter; import org.apache.solr.security.AuthorizationResponse; import org.slf4j.Logger; import org.slf4j.LoggerFactory; @@ -110,8 +110,8 @@ public class SolrAuthzBinding implements Closeable { + policyEngineName + ", provider backend " + providerBackendName); // for convenience, set the PrivilegeConverter. - if (authzConf.get(ServiceConstants.ClientConfig.PRIVILEGE_CONVERTER) == null) { - authzConf.set(ServiceConstants.ClientConfig.PRIVILEGE_CONVERTER, + if (authzConf.get(ApiConstants.ClientConfig.PRIVILEGE_CONVERTER) == null) { + authzConf.set(ApiConstants.ClientConfig.PRIVILEGE_CONVERTER, GenericPrivilegeConverter.class.getName()); } http://git-wip-us.apache.org/repos/asf/sentry/blob/48422f4c/sentry-binding/sentry-binding-sqoop/src/main/java/org/apache/sentry/sqoop/binding/SqoopAuthBinding.java ---------------------------------------------------------------------- diff --git a/sentry-binding/sentry-binding-sqoop/src/main/java/org/apache/sentry/sqoop/binding/SqoopAuthBinding.java b/sentry-binding/sentry-binding-sqoop/src/main/java/org/apache/sentry/sqoop/binding/SqoopAuthBinding.java index b7cbd32..539ccc1 100644 --- a/sentry-binding/sentry-binding-sqoop/src/main/java/org/apache/sentry/sqoop/binding/SqoopAuthBinding.java +++ b/sentry-binding/sentry-binding-sqoop/src/main/java/org/apache/sentry/sqoop/binding/SqoopAuthBinding.java @@ -37,14 +37,14 @@ import org.apache.sentry.provider.common.AuthorizationProvider; import org.apache.sentry.provider.common.ProviderBackend; import org.apache.sentry.provider.common.ProviderBackendContext; import org.apache.sentry.provider.db.generic.SentryGenericProviderBackend; -import org.apache.sentry.provider.db.generic.service.thrift.SentryGenericServiceClient; -import org.apache.sentry.provider.db.generic.service.thrift.SentryGenericServiceClientFactory; -import org.apache.sentry.provider.db.generic.service.thrift.TAuthorizable; -import org.apache.sentry.provider.db.generic.service.thrift.TSentryGrantOption; -import org.apache.sentry.provider.db.generic.service.thrift.TSentryPrivilege; -import org.apache.sentry.provider.db.generic.service.thrift.TSentryRole; -import org.apache.sentry.provider.db.generic.tools.GenericPrivilegeConverter; -import org.apache.sentry.service.thrift.ServiceConstants; +import org.apache.sentry.api.generic.thrift.SentryGenericServiceClient; +import org.apache.sentry.api.generic.thrift.SentryGenericServiceClientFactory; +import org.apache.sentry.api.generic.thrift.TAuthorizable; +import org.apache.sentry.api.generic.thrift.TSentryGrantOption; +import org.apache.sentry.api.generic.thrift.TSentryPrivilege; +import org.apache.sentry.api.generic.thrift.TSentryRole; +import org.apache.sentry.api.common.ApiConstants; +import org.apache.sentry.api.tools.GenericPrivilegeConverter; import org.apache.sentry.sqoop.conf.SqoopAuthConf.AuthzConfVars; import org.apache.sqoop.common.SqoopException; import org.apache.sqoop.model.MPrivilege; @@ -112,8 +112,8 @@ public class SqoopAuthBinding { } // for convenience, set the PrivilegeConverter. - if (authConf.get(ServiceConstants.ClientConfig.PRIVILEGE_CONVERTER) == null) { - authConf.set(ServiceConstants.ClientConfig.PRIVILEGE_CONVERTER, GenericPrivilegeConverter.class.getName()); + if (authConf.get(ApiConstants.ClientConfig.PRIVILEGE_CONVERTER) == null) { + authConf.set(ApiConstants.ClientConfig.PRIVILEGE_CONVERTER, GenericPrivilegeConverter.class.getName()); } //Instantiate the configured providerBackend http://git-wip-us.apache.org/repos/asf/sentry/blob/48422f4c/sentry-core/sentry-core-common/src/main/java/org/apache/sentry/api/common/ApiConstants.java ---------------------------------------------------------------------- diff --git a/sentry-core/sentry-core-common/src/main/java/org/apache/sentry/api/common/ApiConstants.java b/sentry-core/sentry-core-common/src/main/java/org/apache/sentry/api/common/ApiConstants.java new file mode 100644 index 0000000..6fcf8ab --- /dev/null +++ b/sentry-core/sentry-core-common/src/main/java/org/apache/sentry/api/common/ApiConstants.java @@ -0,0 +1,90 @@ +/* + * + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package org.apache.sentry.api.common; + + +import org.apache.sentry.service.common.ServiceConstants; + +public class ApiConstants { + + public static class SentryPolicyServiceConstants { + //from SentryPolicyStoreProcessor and SentryGenericPolicyProcessor + public static final String SENTRY_GENERIC_SERVICE_NAME = "SentryGenericPolicyService"; + public static final String SENTRY_POLICY_SERVICE_NAME = "SentryPolicyService"; + } + + public static class ClientConfig { + public static final String SERVER_RPC_PORT = "sentry.service.client.server.rpc-port"; + public static final int SERVER_RPC_PORT_DEFAULT = ServiceConstants.ServerConfig.RPC_PORT_DEFAULT; + public static final String SERVER_RPC_ADDRESS = "sentry.service.client.server.rpc-addresses"; + public static final String SERVER_RPC_CONN_TIMEOUT = "sentry.service.client.server.rpc-connection-timeout"; + + // HA configuration + public static final String SENTRY_HA_ZOOKEEPER_QUORUM = ServiceConstants.ServerConfig.SENTRY_HA_ZOOKEEPER_QUORUM; + public static final String SENTRY_HA_ZOOKEEPER_NAMESPACE = ServiceConstants.ServerConfig.SENTRY_HA_ZOOKEEPER_NAMESPACE; + public static final String SERVER_HA_ZOOKEEPER_NAMESPACE_DEFAULT = ServiceConstants.ServerConfig.SENTRY_HA_ZOOKEEPER_NAMESPACE_DEFAULT; + + // connection pool configuration + public static final String SENTRY_POOL_ENABLED = "sentry.service.client.connection.pool.enabled"; + public static final boolean SENTRY_POOL_ENABLED_DEFAULT = false; + + // commons-pool configuration for pool size + public static final String SENTRY_POOL_MAX_TOTAL = "sentry.service.client.connection.pool.max-total"; + public static final int SENTRY_POOL_MAX_TOTAL_DEFAULT = 8; + public static final String SENTRY_POOL_MAX_IDLE = "sentry.service.client.connection.pool.max-idle"; + public static final int SENTRY_POOL_MAX_IDLE_DEFAULT = 8; + public static final String SENTRY_POOL_MIN_IDLE = "sentry.service.client.connection.pool.min-idle"; + public static final int SENTRY_POOL_MIN_IDLE_DEFAULT = 0; + + // retry num for getting the connection from connection pool + public static final String SENTRY_POOL_RETRY_TOTAL = "sentry.service.client.connection.pool.retry-total"; + public static final int SENTRY_POOL_RETRY_TOTAL_DEFAULT = 3; + + // max message size for thrift messages + public static final String SENTRY_POLICY_CLIENT_THRIFT_MAX_MESSAGE_SIZE = "sentry.policy.client.thrift.max.message.size"; + public static final long SENTRY_POLICY_CLIENT_THRIFT_MAX_MESSAGE_SIZE_DEFAULT = 100 * 1024 * 1024; + + // client retry settings + public static final String RETRY_COUNT_CONF = "sentry.provider.backend.db.retry.count"; + public static final int RETRY_COUNT_DEFAULT = 3; + public static final String RETRY_INTERVAL_SEC_CONF = "sentry.provider.backend.db.retry.interval.seconds"; + public static final int RETRY_INTERVAL_SEC_DEFAULT = 30; + + // provider backend cache settings + public static final String ENABLE_CACHING = "sentry.provider.backend.generic.cache.enabled"; + public static final boolean ENABLE_CACHING_DEFAULT = false; + public static final String CACHE_TTL_MS = "sentry.provider.backend.generic.cache.ttl.ms"; + public static final long CACHING_TTL_MS_DEFAULT = 30000; + public static final String CACHE_UPDATE_FAILURES_BEFORE_PRIV_REVOKE = "sentry.provider.backend.generic.cache.update.failures.count"; + public static final int CACHE_UPDATE_FAILURES_BEFORE_PRIV_REVOKE_DEFAULT = 3; + public static final String PRIVILEGE_CONVERTER = "sentry.provider.backend.generic.privilege.converter"; + + public static final String COMPONENT_TYPE = "sentry.provider.backend.generic.component-type"; + public static final String SERVICE_NAME = "sentry.provider.backend.generic.service-name"; + } + + /* Privilege operation scope */ + public enum PrivilegeScope { + SERVER, + URI, + DATABASE, + TABLE, + COLUMN + } +} \ No newline at end of file http://git-wip-us.apache.org/repos/asf/sentry/blob/48422f4c/sentry-core/sentry-core-common/src/main/java/org/apache/sentry/service/common/ServiceConstants.java ---------------------------------------------------------------------- diff --git a/sentry-core/sentry-core-common/src/main/java/org/apache/sentry/service/common/ServiceConstants.java b/sentry-core/sentry-core-common/src/main/java/org/apache/sentry/service/common/ServiceConstants.java new file mode 100644 index 0000000..71e9585 --- /dev/null +++ b/sentry-core/sentry-core-common/src/main/java/org/apache/sentry/service/common/ServiceConstants.java @@ -0,0 +1,251 @@ +/* + * + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package org.apache.sentry.service.common; + +import java.util.HashMap; +import java.util.Map; + +import javax.security.sasl.Sasl; + +import com.google.common.base.Splitter; +import com.google.common.collect.ImmutableMap; + +public class ServiceConstants { + + private static final ImmutableMap<String, String> SASL_PROPERTIES; + + static { + Map<String, String> saslProps = new HashMap<String, String>(); + saslProps.put(Sasl.SERVER_AUTH, "true"); + saslProps.put(Sasl.QOP, "auth-conf"); + SASL_PROPERTIES = ImmutableMap.copyOf(saslProps); + } + + public static class ConfUtilties { + public static final Splitter CLASS_SPLITTER = Splitter.onPattern("[\\s,]") + .trimResults().omitEmptyStrings(); + } + public static class ServiceArgs { + public static final String CONFIG_FILE_SHORT = "c"; + public static final String CONFIG_FILE_LONG = "conffile"; + } + + public static class ServerConfig { + public static final ImmutableMap<String, String> SASL_PROPERTIES = ServiceConstants.SASL_PROPERTIES; + /** + * This configuration parameter is only meant to be used for testing purposes. + */ + public static final String SECURITY_MODE = "sentry.service.security.mode"; + public static final String SECURITY_MODE_KERBEROS = "kerberos"; + public static final String SECURITY_MODE_NONE = "none"; + public static final String SECURITY_USE_UGI_TRANSPORT = "sentry.service.security.use.ugi"; + public static final String ADMIN_GROUPS = "sentry.service.admin.group"; + public static final String PRINCIPAL = "sentry.service.server.principal"; + public static final String KEY_TAB = "sentry.service.server.keytab"; + public static final String RPC_PORT = "sentry.service.server.rpc-port"; + public static final int RPC_PORT_DEFAULT = 8038; + public static final String RPC_ADDRESS = "sentry.service.server.rpc-address"; + public static final String RPC_ADDRESS_DEFAULT = "0.0.0.0"; //NOPMD + public static final String RPC_MAX_THREADS = "sentry.service.server-max-threads"; + public static final int RPC_MAX_THREADS_DEFAULT = 500; + public static final String RPC_MIN_THREADS = "sentry.service.server-min-threads"; + public static final int RPC_MIN_THREADS_DEFAULT = 10; + public static final String ALLOW_CONNECT = "sentry.service.allow.connect"; + + public static final String SENTRY_POLICY_STORE_PLUGINS = "sentry.policy.store.plugins"; + public static final String SENTRY_POLICY_STORE_PLUGINS_DEFAULT = ""; + + public static final String SENTRY_METASTORE_PLUGINS = "sentry.metastore.plugins"; + public static final String SENTRY_METASTORE_PLUGINS_DEFAULT = ""; + + public static final String PROCESSOR_FACTORIES = "sentry.service.processor.factories"; + public static final String PROCESSOR_FACTORIES_DEFAULT = + "org.apache.sentry.api.service.thrift.SentryPolicyStoreProcessorFactory" + + ",org.apache.sentry.api.generic.thrift.SentryGenericPolicyProcessorFactory"; + public static final String SENTRY_STORE_JDBC_URL = "sentry.store.jdbc.url"; + public static final String SENTRY_STORE_JDBC_USER = "sentry.store.jdbc.user"; + public static final String SENTRY_STORE_JDBC_USER_DEFAULT = "Sentry"; + public static final String SENTRY_STORE_JDBC_PASS = "sentry.store.jdbc.password"; + public static final String SENTRY_STORE_JDBC_DRIVER = "sentry.store.jdbc.driver"; + public static final String SENTRY_STORE_JDBC_DRIVER_DEFAULT = "org.apache.derby.jdbc.EmbeddedDriver"; + // The configuration for the maximum number of retries per db transaction, + // the default value is 3 times + public static final String SENTRY_STORE_TRANSACTION_RETRY = "sentry.store.transaction.retry"; + public static final int SENTRY_STORE_TRANSACTION_RETRY_DEFAULT = 10; + // The configuration for the delay (in milliseconds) between retries, + // the default value is 500 ms + public static final String SENTRY_STORE_TRANSACTION_RETRY_WAIT_TIME_MILLIS = + "sentry.store.transaction.retry.wait.time.millis"; + public static final int SENTRY_STORE_TRANSACTION_RETRY_WAIT_TIME_MILLIS_DEFAULT = 250; + + public static final String JAVAX_JDO_URL = "javax.jdo.option.ConnectionURL"; + public static final String JAVAX_JDO_USER = "javax.jdo.option.ConnectionUserName"; + public static final String JAVAX_JDO_PASS = "javax.jdo.option.ConnectionPassword"; + public static final String JAVAX_JDO_DRIVER_NAME = "javax.jdo.option.ConnectionDriverName"; + + public static final String DATANUCLEUS_ISOLATION_LEVEL = "datanucleus.transactionIsolation"; + public static final String DATANUCLEUS_REPEATABLE_READ = "repeatable-read"; + + public static final String SENTRY_DB_PROPERTY_PREFIX = "sentry."; + public static final String SENTRY_JAVAX_JDO_PROPERTY_PREFIX = SENTRY_DB_PROPERTY_PREFIX + "javax.jdo"; + public static final String SENTRY_DATANUCLEUS_PROPERTY_PREFIX = SENTRY_DB_PROPERTY_PREFIX + "datanucleus"; + + public static final String SENTRY_VERIFY_SCHEM_VERSION = "sentry.verify.schema.version"; + public static final String SENTRY_VERIFY_SCHEM_VERSION_DEFAULT = "true"; + + public static final String SENTRY_SERVICE_NAME = "sentry.service.name"; + public static final String SENTRY_SERVICE_NAME_DEFAULT = "Sentry-Service"; + + public static final String SENTRY_STORE_GROUP_MAPPING = "sentry.store.group.mapping"; + public static final String SENTRY_STORE_GROUP_MAPPING_RESOURCE = "sentry.store.group.mapping.resource"; + public static final String SENTRY_STORE_HADOOP_GROUP_MAPPING = "org.apache.sentry.provider.common.HadoopGroupMappingService"; + public static final String SENTRY_STORE_LOCAL_GROUP_MAPPING = "org.apache.sentry.provider.file.LocalGroupMappingService"; + public static final String SENTRY_STORE_GROUP_MAPPING_DEFAULT = SENTRY_STORE_HADOOP_GROUP_MAPPING; + + public static final String SENTRY_STORE_ORPHANED_PRIVILEGE_REMOVAL = "sentry.store.orphaned.privilege.removal"; + public static final String SENTRY_STORE_ORPHANED_PRIVILEGE_REMOVAL_DEFAULT = "false"; + public static final String SENTRY_STORE_CLEAN_PERIOD_SECONDS = + "sentry.store.clean.period.seconds"; + public static final long SENTRY_STORE_CLEAN_PERIOD_SECONDS_DEFAULT = 43200; // 12 hours. + public static final String SENTRY_HA_ZK_PROPERTY_PREFIX = "sentry.ha.zookeeper."; + public static final String SENTRY_HA_ZOOKEEPER_SECURITY = SENTRY_HA_ZK_PROPERTY_PREFIX + "security"; + public static final boolean SENTRY_HA_ZOOKEEPER_SECURITY_DEFAULT = false; + public static final String SENTRY_HA_ZOOKEEPER_QUORUM = SENTRY_HA_ZK_PROPERTY_PREFIX + "quorum"; + public static final String SENTRY_HA_ZOOKEEPER_RETRIES_MAX_COUNT = SENTRY_HA_ZK_PROPERTY_PREFIX + "session.retries.max.count"; + public static final int SENTRY_HA_ZOOKEEPER_RETRIES_MAX_COUNT_DEFAULT = 3; + public static final String SENTRY_HA_ZOOKEEPER_SLEEP_BETWEEN_RETRIES_MS = SENTRY_HA_ZK_PROPERTY_PREFIX + "session.sleep.between.retries.ms"; + public static final int SENTRY_HA_ZOOKEEPER_SLEEP_BETWEEN_RETRIES_MS_DEFAULT = 100; + public static final String SENTRY_HA_ZOOKEEPER_NAMESPACE = SENTRY_HA_ZK_PROPERTY_PREFIX + "namespace"; + public static final String SENTRY_HA_ZOOKEEPER_NAMESPACE_DEFAULT = "sentry"; + // principal and keytab for client to be able to connect to secure ZK. Needed for Sentry HA with secure ZK + public static final String SERVER_HA_ZOOKEEPER_CLIENT_PRINCIPAL = "sentry.zookeeper.client.principal"; + public static final String SERVER_HA_ZOOKEEPER_CLIENT_KEYTAB = "sentry.zookeeper.client.keytab"; + public static final String SERVER_HA_ZOOKEEPER_CLIENT_TICKET_CACHE = "sentry.zookeeper.client.ticketcache"; + public static final String SERVER_HA_ZOOKEEPER_CLIENT_TICKET_CACHE_DEFAULT = "false"; + public static final String SERVER_HA_STANDBY_SIG = "sentry.ha.standby.signal"; + + // Timeout value in seconds for HMS notificationID synchronization + // Should match the value for RPC timeout in HMS client config + public static final String SENTRY_NOTIFICATION_SYNC_TIMEOUT_MS = "sentry.notification.sync.timeout.ms"; + public static final int SENTRY_NOTIFICATION_SYNC_TIMEOUT_DEFAULT = 200000; + + public static final ImmutableMap<String, String> SENTRY_STORE_DEFAULTS = + ImmutableMap.<String, String>builder() + .put("datanucleus.connectionPoolingType", "BoneCP") + .put("datanucleus.schema.validateTables", "false") + .put("datanucleus.schema.validateColumns", "false") + .put("datanucleus.schema.validateConstraints", "false") + .put("datanucleus.storeManagerType", "rdbms") + .put("datanucleus.schema.autoCreateAll", "false") + .put("datanucleus.autoStartMechanismMode", "checked") + .put(DATANUCLEUS_ISOLATION_LEVEL, DATANUCLEUS_REPEATABLE_READ) + .put("datanucleus.cache.level2", "false") + .put("datanucleus.cache.level2.type", "none") + .put("datanucleus.query.sql.allowAll", "true") + .put("datanucleus.identifierFactory", "datanucleus1") + .put("datanucleus.rdbms.useLegacyNativeValueStrategy", "true") + .put("datanucleus.plugin.pluginRegistryBundleCheck", "LOG") + .put("javax.jdo.PersistenceManagerFactoryClass", + "org.datanucleus.api.jdo.JDOPersistenceManagerFactory") + .put("javax.jdo.option.DetachAllOnCommit", "true") + .put("javax.jdo.option.NonTransactionalRead", "false") + .put("javax.jdo.option.NonTransactionalWrite", "false") + .put("javax.jdo.option.Multithreaded", "true") + .build(); + + // InitialDelay and period time for HMSFollower thread. + public static final String SENTRY_HMSFOLLOWER_INIT_DELAY_MILLS = "sentry.hmsfollower.init.delay.mills"; + public static final long SENTRY_HMSFOLLOWER_INIT_DELAY_MILLS_DEFAULT = 0; + public static final String SENTRY_HMSFOLLOWER_INTERVAL_MILLS = "sentry.hmsfollower.interval.mills"; + public static final long SENTRY_HMSFOLLOWER_INTERVAL_MILLS_DEFAULT = 500; + + public static final String SENTRY_WEB_ENABLE = "sentry.service.web.enable"; + public static final Boolean SENTRY_WEB_ENABLE_DEFAULT = false; + public static final String SENTRY_WEB_PORT = "sentry.service.web.port"; + public static final int SENTRY_WEB_PORT_DEFAULT = 29000; + // Reporter is either "console", "log" or "jmx" + public static final String SENTRY_REPORTER = "sentry.service.reporter"; +// SENTRY-2206, doesn't look like either 2 are being used. +// public static final String SENTRY_REPORTER_JMX = SentryMetrics.Reporting.JMX.name(); //case insensitive +// public static final String SENTRY_REPORTER_CONSOLE = SentryMetrics.Reporting.CONSOLE.name();//case insensitive + + // for console reporter, reporting interval in seconds + public static final String SENTRY_REPORTER_INTERVAL_SEC = + "sentry.service.reporter.interval.sec"; + public static final String SENTRY_JSON_REPORTER_FILE = "sentry.service.reporter.file"; + public static final String SENTRY_JSON_REPORTER_FILE_DEFAULT = "/tmp/sentry-metrics.json"; + + // Report every 5 minutes by default + public static final int SENTRY_REPORTER_INTERVAL_DEFAULT = 300; + + // Web SSL + public static final String SENTRY_WEB_USE_SSL = "sentry.web.use.ssl"; + public static final String SENTRY_WEB_SSL_KEYSTORE_PATH = "sentry.web.ssl.keystore.path"; + public static final String SENTRY_WEB_SSL_KEYSTORE_PASSWORD = "sentry.web.ssl.keystore.password"; + public static final String SENTRY_SSL_PROTOCOL_BLACKLIST = "sentry.ssl.protocol.blacklist"; + // Blacklist SSL protocols that are not secure (e.g., POODLE vulnerability) + public static final String[] SENTRY_SSL_PROTOCOL_BLACKLIST_DEFAULT = {"SSLv2", "SSLv2Hello", "SSLv3"}; + + // Web Security + public static final String SENTRY_WEB_SECURITY_PREFIX = "sentry.service.web.authentication"; + public static final String SENTRY_WEB_SECURITY_TYPE = SENTRY_WEB_SECURITY_PREFIX + ".type"; + public static final String SENTRY_WEB_SECURITY_TYPE_NONE = "NONE"; + public static final String SENTRY_WEB_SECURITY_TYPE_KERBEROS = "KERBEROS"; + public static final String SENTRY_WEB_SECURITY_PRINCIPAL = SENTRY_WEB_SECURITY_PREFIX + ".kerberos.principal"; + public static final String SENTRY_WEB_SECURITY_KEYTAB = SENTRY_WEB_SECURITY_PREFIX + ".kerberos.keytab"; + public static final String SENTRY_WEB_SECURITY_ALLOW_CONNECT_USERS = SENTRY_WEB_SECURITY_PREFIX + ".allow.connect.users"; + + // Flag to enable admin servlet + public static final String SENTRY_WEB_ADMIN_SERVLET_ENABLED = "sentry.web.admin.servlet.enabled"; + public static final boolean SENTRY_WEB_ADMIN_SERVLET_ENABLED_DEFAULT = false; + + public static final String SENTRY_WEB_PUBSUB_SERVLET_ENABLED = "sentry.web.pubsub.servlet.enabled"; + public static final boolean SENTRY_WEB_PUBSUB_SERVLET_ENABLED_DEFAULT = false; + + // max message size for thrift messages + public static final String SENTRY_POLICY_SERVER_THRIFT_MAX_MESSAGE_SIZE = "sentry.policy.server.thrift.max.message.size"; + public static final long SENTRY_POLICY_SERVER_THRIFT_MAX_MESSAGE_SIZE_DEFAULT = 100 * 1024 * 1024; + + // action factories for external components + public static final String SENTRY_COMPONENT_ACTION_FACTORY_FORMAT = "sentry.%s.action.factory"; + + // Sentry is never a client to other Kerberos Services, it should not be required to renew the TGT + @Deprecated + public static final String SENTRY_KERBEROS_TGT_AUTORENEW = "sentry.service.kerberos.tgt.autorenew"; + @Deprecated + public static final Boolean SENTRY_KERBEROS_TGT_AUTORENEW_DEFAULT = false; + + /** + * Number of path/priv deltas to keep around during cleaning + * The value which is too small may cause unnecessary full snapshots sent to the Name Node + * A value which is too large may cause slowdown due to too many deltas lying around in the DB. + */ + public static final String SENTRY_DELTA_KEEP_COUNT = "sentry.server.delta.keep.count"; + public static final int SENTRY_DELTA_KEEP_COUNT_DEFAULT = 200; + + /** + * Number of notification id's to keep around during cleaning + */ + public static final String SENTRY_HMS_NOTIFICATION_ID_KEEP_COUNT = "sentry.server.delta.keep.count"; + public static final int SENTRY_HMS_NOTIFICATION_ID_KEEP_COUNT_DEFAULT = 100; + } + + public static final String SENTRY_ZK_JAAS_NAME = "Sentry"; + public static final String CURRENT_INCARNATION_ID_KEY = "current.incarnation.key"; +} http://git-wip-us.apache.org/repos/asf/sentry/blob/48422f4c/sentry-dist/src/license/THIRD-PARTY.properties ---------------------------------------------------------------------- diff --git a/sentry-dist/src/license/THIRD-PARTY.properties b/sentry-dist/src/license/THIRD-PARTY.properties index 2f9f0b0..b39e1b6 100644 --- a/sentry-dist/src/license/THIRD-PARTY.properties +++ b/sentry-dist/src/license/THIRD-PARTY.properties @@ -19,6 +19,7 @@ # - MIT License # - Mozilla Public License Version 1.1 # - Public Domain +# - Revised BSD # - The Apache License, Version 2.0 # - The Apache Software License, Version 1.1 # - The Apache Software License, Version 2.0 @@ -28,7 +29,7 @@ # Please fill the missing licenses for dependencies : # # -#Wed Mar 28 16:37:41 IST 2018 +#Mon Apr 30 16:44:05 CDT 2018 ant--ant--1.5=The Apache Software License, Version 2.0 asm--asm--3.1=BSD dom4j--dom4j--1.6.1=BSD http://git-wip-us.apache.org/repos/asf/sentry/blob/48422f4c/sentry-hdfs/sentry-hdfs-service/src/main/java/org/apache/sentry/hdfs/SentryHdfsMetricsUtil.java ---------------------------------------------------------------------- diff --git a/sentry-hdfs/sentry-hdfs-service/src/main/java/org/apache/sentry/hdfs/SentryHdfsMetricsUtil.java b/sentry-hdfs/sentry-hdfs-service/src/main/java/org/apache/sentry/hdfs/SentryHdfsMetricsUtil.java index 932a5c0..03ccb44 100644 --- a/sentry-hdfs/sentry-hdfs-service/src/main/java/org/apache/sentry/hdfs/SentryHdfsMetricsUtil.java +++ b/sentry-hdfs/sentry-hdfs-service/src/main/java/org/apache/sentry/hdfs/SentryHdfsMetricsUtil.java @@ -22,7 +22,7 @@ import com.codahale.metrics.Counter; import com.codahale.metrics.Histogram; import com.codahale.metrics.MetricRegistry; import com.codahale.metrics.Timer; -import org.apache.sentry.provider.db.service.thrift.SentryMetrics; +import org.apache.sentry.api.service.thrift.SentryMetrics; /** * Util class to support metrics. http://git-wip-us.apache.org/repos/asf/sentry/blob/48422f4c/sentry-hdfs/sentry-hdfs-service/src/main/java/org/apache/sentry/hdfs/SentryPlugin.java ---------------------------------------------------------------------- diff --git a/sentry-hdfs/sentry-hdfs-service/src/main/java/org/apache/sentry/hdfs/SentryPlugin.java b/sentry-hdfs/sentry-hdfs-service/src/main/java/org/apache/sentry/hdfs/SentryPlugin.java index 420d4aa..b5e01e4 100644 --- a/sentry-hdfs/sentry-hdfs-service/src/main/java/org/apache/sentry/hdfs/SentryPlugin.java +++ b/sentry-hdfs/sentry-hdfs-service/src/main/java/org/apache/sentry/hdfs/SentryPlugin.java @@ -24,6 +24,7 @@ import java.util.Set; import java.util.concurrent.atomic.AtomicBoolean; import org.apache.hadoop.conf.Configuration; +import org.apache.sentry.api.common.ApiConstants.PrivilegeScope; import org.apache.sentry.core.common.exception.SentryInvalidInputException; import org.apache.sentry.core.common.utils.PubSub; import org.apache.sentry.core.common.utils.SigUtils; @@ -34,19 +35,18 @@ import org.apache.sentry.hdfs.service.thrift.TPrivilegeEntityType; import org.apache.sentry.hdfs.service.thrift.TRoleChanges; import org.apache.sentry.provider.db.SentryPolicyStorePlugin; import org.apache.sentry.provider.db.service.persistent.SentryStore; -import org.apache.sentry.service.thrift.SentryServiceUtil; -import org.apache.sentry.provider.db.service.thrift.TAlterSentryRoleAddGroupsRequest; -import org.apache.sentry.provider.db.service.thrift.TAlterSentryRoleDeleteGroupsRequest; -import org.apache.sentry.provider.db.service.thrift.TAlterSentryRoleGrantPrivilegeRequest; -import org.apache.sentry.provider.db.service.thrift.TAlterSentryRoleRevokePrivilegeRequest; -import org.apache.sentry.provider.db.service.thrift.TDropPrivilegesRequest; -import org.apache.sentry.provider.db.service.thrift.TDropSentryRoleRequest; -import org.apache.sentry.provider.db.service.thrift.TRenamePrivilegesRequest; -import org.apache.sentry.provider.db.service.thrift.TSentryGroup; -import org.apache.sentry.provider.db.service.thrift.TSentryPrivilege; +import org.apache.sentry.api.common.SentryServiceUtil; +import org.apache.sentry.api.service.thrift.TAlterSentryRoleAddGroupsRequest; +import org.apache.sentry.api.service.thrift.TAlterSentryRoleDeleteGroupsRequest; +import org.apache.sentry.api.service.thrift.TAlterSentryRoleGrantPrivilegeRequest; +import org.apache.sentry.api.service.thrift.TAlterSentryRoleRevokePrivilegeRequest; +import org.apache.sentry.api.service.thrift.TDropPrivilegesRequest; +import org.apache.sentry.api.service.thrift.TDropSentryRoleRequest; +import org.apache.sentry.api.service.thrift.TRenamePrivilegesRequest; +import org.apache.sentry.api.service.thrift.TSentryGroup; +import org.apache.sentry.api.service.thrift.TSentryPrivilege; import org.apache.sentry.provider.db.service.persistent.HMSFollower; import com.google.common.base.Preconditions; -import org.apache.sentry.service.thrift.ServiceConstants.PrivilegeScope; import org.slf4j.Logger; import org.slf4j.LoggerFactory; http://git-wip-us.apache.org/repos/asf/sentry/blob/48422f4c/sentry-provider/sentry-provider-db/pom.xml ---------------------------------------------------------------------- diff --git a/sentry-provider/sentry-provider-db/pom.xml b/sentry-provider/sentry-provider-db/pom.xml index 369e262..48a187a 100644 --- a/sentry-provider/sentry-provider-db/pom.xml +++ b/sentry-provider/sentry-provider-db/pom.xml @@ -149,6 +149,11 @@ limitations under the License. <artifactId>sentry-hdfs-common</artifactId> </dependency> <dependency> + <groupId>org.apache.sentry</groupId> + <artifactId>sentry-service-api</artifactId> + <version>${project.version}</version> + </dependency> + <dependency> <groupId>org.apache.hive</groupId> <artifactId>hive-shims</artifactId> <scope>provided</scope> @@ -305,24 +310,6 @@ limitations under the License. </configuration> </plugin> <plugin> - <groupId>org.codehaus.mojo</groupId> - <artifactId>build-helper-maven-plugin</artifactId> - <executions> - <execution> - <id>add-source</id> - <phase>generate-sources</phase> - <goals> - <goal>add-source</goal> - </goals> - <configuration> - <sources> - <source>src/gen/thrift/gen-javabean</source> - </sources> - </configuration> - </execution> - </executions> - </plugin> - <plugin> <groupId>org.datanucleus</groupId> <artifactId>datanucleus-maven-plugin</artifactId> <version>${datanucleus.maven.plugin.version}</version> @@ -412,82 +399,5 @@ limitations under the License. </executions> </plugin> </plugins> - <pluginManagement> - <plugins> - <plugin> - <groupId>org.apache.maven.plugins</groupId> - <artifactId>maven-javadoc-plugin</artifactId> - <configuration> - <sourcepath>${project.build.sourceDirectory}:${basedir}/src/gen/thrift/gen-javabean</sourcepath> - <sourceFileExcludes> - <exclude>${project.build.sourceDirectory}:${basedir}/src/gen/thrift/gen-javabean</exclude> - </sourceFileExcludes> - </configuration> - </plugin> - </plugins> - </pluginManagement> </build> - <profiles> - <profile> - <id>thriftif</id> - <build> - <plugins> - <plugin> - <groupId>org.apache.maven.plugins</groupId> - <artifactId>maven-antrun-plugin</artifactId> - <executions> - <execution> - <id>generate-thrift-sources</id> - <phase>generate-sources</phase> - <configuration> - <target> - <taskdef name="for" classname="net.sf.antcontrib.logic.ForTask" - classpathref="maven.plugin.classpath" /> - <property name="thrift.args" value="-I ${thrift.home} --gen java:beans,hashcode,generated_annotations=undated"/> - <property name="thrift.gen.dir" value="${basedir}/src/gen/thrift"/> - <delete dir="${thrift.gen.dir}"/> - <mkdir dir="${thrift.gen.dir}"/> - <for param="thrift.file"> - <path> - <fileset dir="${basedir}/src/main/resources/" includes="**/*.thrift" /> - </path> - <sequential> - <echo message="Generating Thrift code for @{thrift.file}"/> - <exec executable="${thrift.home}/bin/thrift" failonerror="true" dir="."> - <arg line="${thrift.args} -I ${basedir}/src/main/resources/ -o ${thrift.gen.dir} @{thrift.file} " /> - </exec> - </sequential> - </for> - </target> - </configuration> - <goals> - <goal>run</goal> - </goals> - </execution> - </executions> - </plugin> - <plugin> - <groupId>org.apache.maven.plugins</groupId> - <artifactId>maven-enforcer-plugin</artifactId> - <executions> - <execution> - <id>enforce-property</id> - <goals> - <goal>enforce</goal> - </goals> - <configuration> - <rules> - <requireProperty> - <property>thrift.home</property> - </requireProperty> - </rules> - <fail>true</fail> - </configuration> - </execution> - </executions> - </plugin> - </plugins> - </build> - </profile> - </profiles> </project>
