Repository: sentry Updated Branches: refs/heads/master 7bbcec262 -> d0536f55c
SENTRY-2280: The request received in SentryPolicyStoreProcessor.sentry_notify_hms_event is null (Na Li, reviewed by Sergio Pena, Kalyan Kumar Kalvagadda) Project: http://git-wip-us.apache.org/repos/asf/sentry/repo Commit: http://git-wip-us.apache.org/repos/asf/sentry/commit/d0536f55 Tree: http://git-wip-us.apache.org/repos/asf/sentry/tree/d0536f55 Diff: http://git-wip-us.apache.org/repos/asf/sentry/diff/d0536f55 Branch: refs/heads/master Commit: d0536f55cbb64dfb1d1f69831e4fedf14ec8447b Parents: 7bbcec2 Author: lina.li <[email protected]> Authored: Thu Jun 28 15:25:01 2018 -0500 Committer: lina.li <[email protected]> Committed: Thu Jun 28 15:25:01 2018 -0500 ---------------------------------------------------------------------- .../binding/metastore/SentryHmsEvent.java | 39 ++- ...rySyncHMSNotificationsPostEventListener.java | 23 +- ...rySyncHMSNotificationsPostEventListener.java | 21 +- .../thrift/TSentryHmsEventNotification.java | 282 ++++++++++--------- .../main/resources/sentry_policy_service.thrift | 7 +- .../thrift/SentryPolicyStoreProcessor.java | 6 + 6 files changed, 212 insertions(+), 166 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/sentry/blob/d0536f55/sentry-binding/sentry-binding-hive/src/main/java/org/apache/sentry/binding/metastore/SentryHmsEvent.java ---------------------------------------------------------------------- diff --git a/sentry-binding/sentry-binding-hive/src/main/java/org/apache/sentry/binding/metastore/SentryHmsEvent.java b/sentry-binding/sentry-binding-hive/src/main/java/org/apache/sentry/binding/metastore/SentryHmsEvent.java index 42be3c3..60f17b0 100644 --- a/sentry-binding/sentry-binding-hive/src/main/java/org/apache/sentry/binding/metastore/SentryHmsEvent.java +++ b/sentry-binding/sentry-binding-hive/src/main/java/org/apache/sentry/binding/metastore/SentryHmsEvent.java @@ -30,6 +30,7 @@ import org.apache.hadoop.hive.metastore.events.DropTableEvent; import org.apache.hadoop.hive.metastore.events.AlterTableEvent; import org.apache.hadoop.hive.metastore.events.ListenerEvent; import org.apache.hadoop.hive.metastore.messaging.EventMessage.EventType; +import org.apache.sentry.api.common.ThriftConstants; import org.apache.sentry.api.service.thrift.TSentryAuthorizable; import org.apache.sentry.api.service.thrift.TSentryHmsEventNotification; import org.apache.sentry.api.service.thrift.TSentryObjectOwnerType; @@ -72,63 +73,70 @@ class SentryHmsEvent { * Construct SentryHmsEvent from CreateTableEvent * * event, transaction, owner and authorizable info is initialized from event. + * @param inServerName name of the server associated with the event * @param event CreateTableEvent */ - public SentryHmsEvent(CreateTableEvent event) { + public SentryHmsEvent(String inServerName, CreateTableEvent event) { this(event, EventType.CREATE_TABLE); setOwnerInfo(event.getTable()); - setAuthorizable(event.getTable()); + setAuthorizable(inServerName, event.getTable()); } /** * Construct SentryHmsEvent from DropTableEvent * * event, transaction, owner and authorizable info is initialized from event. + * @param inServerName name of the server associated with the event * @param event DropTableEvent */ - public SentryHmsEvent(DropTableEvent event) { + public SentryHmsEvent(String inServerName, DropTableEvent event) { this(event, EventType.DROP_TABLE); setOwnerInfo(event.getTable()); - setAuthorizable(event.getTable()); + setAuthorizable(inServerName, event.getTable()); } /** * Construct SentryHmsEvent from AlterTableEvent * * event, transaction, owner and authorizable info is initialized from event. + * @param inServerName name of the server associated with the event * @param event AlterTableEvent */ - public SentryHmsEvent(AlterTableEvent event) { + public SentryHmsEvent(String inServerName, AlterTableEvent event) { this(event, EventType.ALTER_TABLE); if(!StringUtils.equals(event.getOldTable().getOwner(), event.getNewTable().getOwner())) { - // Owner Changed. + // Owner Changed. We don't set owner info for other cases of alter table. + // In this way, sentry server only updates owner privilege when object is created, dropped or + // owner is updated setOwnerInfo(event.getNewTable()); } - setAuthorizable(event.getNewTable()); + setAuthorizable(inServerName, event.getNewTable()); } /** * Construct SentryHmsEvent from CreateDatabaseEvent * * event, transaction, owner and authorizable info is initialized from event. + * @param inServerName name of the server associated with the event * @param event CreateDatabaseEvent */ - public SentryHmsEvent(CreateDatabaseEvent event) { + public SentryHmsEvent(String inServerName, CreateDatabaseEvent event) { this(event, EventType.CREATE_DATABASE); setOwnerInfo(event.getDatabase()); - setAuthorizable(event.getDatabase()); + setAuthorizable(inServerName, event.getDatabase()); } /** * Construct SentryHmsEvent from DropDatabaseEvent * * event, transaction, owner and authorizable info is initialized from event. + * @param inServerName name of the server associated with the event * @param event DropDatabaseEvent */ - public SentryHmsEvent(DropDatabaseEvent event) { + public SentryHmsEvent(String inServerName, DropDatabaseEvent event) { this(event, EventType.DROP_DATABASE); setOwnerInfo(event.getDatabase()); - setAuthorizable(event.getDatabase()); + setAuthorizable(inServerName, event.getDatabase()); } public EventType getEventType() { @@ -153,17 +161,17 @@ class SentryHmsEvent { getTSentryHmsObjectOwnerType(database.getOwnerType()) : null; } - private void setAuthorizable(Table table) { + private void setAuthorizable(String serverName, Table table) { if (authorizable == null) { - authorizable = new TSentryAuthorizable(); + authorizable = new TSentryAuthorizable(serverName); } authorizable.setDb((table != null) ? table.getDbName() : null); authorizable.setTable((table != null) ? table.getTableName() : null); } - private void setAuthorizable(Database database) { + private void setAuthorizable(String serverName, Database database) { if (authorizable == null) { - authorizable = new TSentryAuthorizable(); + authorizable = new TSentryAuthorizable(serverName); } authorizable.setDb((database != null) ? database.getName() : null); } @@ -183,6 +191,7 @@ class SentryHmsEvent { */ public TSentryHmsEventNotification getHmsEventNotification() { TSentryHmsEventNotification updateAndSyncIDRequest = new TSentryHmsEventNotification(); + updateAndSyncIDRequest.setProtocol_version(ThriftConstants.TSENTRY_SERVICE_VERSION_CURRENT); updateAndSyncIDRequest.setOwnerName(ownerName); updateAndSyncIDRequest.setOwnerType(ownerType); updateAndSyncIDRequest.setAuthorizable(authorizable); http://git-wip-us.apache.org/repos/asf/sentry/blob/d0536f55/sentry-binding/sentry-binding-hive/src/main/java/org/apache/sentry/binding/metastore/SentrySyncHMSNotificationsPostEventListener.java ---------------------------------------------------------------------- diff --git a/sentry-binding/sentry-binding-hive/src/main/java/org/apache/sentry/binding/metastore/SentrySyncHMSNotificationsPostEventListener.java b/sentry-binding/sentry-binding-hive/src/main/java/org/apache/sentry/binding/metastore/SentrySyncHMSNotificationsPostEventListener.java index f7d1b07..7e3419b 100644 --- a/sentry-binding/sentry-binding-hive/src/main/java/org/apache/sentry/binding/metastore/SentrySyncHMSNotificationsPostEventListener.java +++ b/sentry-binding/sentry-binding-hive/src/main/java/org/apache/sentry/binding/metastore/SentrySyncHMSNotificationsPostEventListener.java @@ -39,6 +39,7 @@ import org.apache.hadoop.hive.metastore.events.ListenerEvent; import org.apache.hadoop.hive.metastore.messaging.EventMessage.EventType; import org.apache.sentry.binding.hive.conf.HiveAuthzConf; import org.apache.sentry.api.service.thrift.SentryPolicyServiceClient; +import org.apache.sentry.binding.hive.conf.HiveAuthzConf.AuthzConfVars; import org.apache.sentry.service.thrift.SentryServiceClientFactory; import org.slf4j.Logger; import org.slf4j.LoggerFactory; @@ -53,6 +54,7 @@ public class SentrySyncHMSNotificationsPostEventListener extends MetaStoreEventL .getLogger(SentrySyncHMSNotificationsPostEventListener.class); private final HiveAuthzConf authzConf; + private final String serverName; /* * Latest processed ID by the Sentry server. May only increase. @@ -83,6 +85,7 @@ public class SentrySyncHMSNotificationsPostEventListener extends MetaStoreEventL } authzConf = HiveAuthzConf.getAuthzConf((HiveConf) config); + serverName = getServerName(); } /** @@ -97,7 +100,7 @@ public class SentrySyncHMSNotificationsPostEventListener extends MetaStoreEventL if (failedEvent(tableEvent, EventType.CREATE_TABLE)) { return; } - SentryHmsEvent event = new SentryHmsEvent(tableEvent); + SentryHmsEvent event = new SentryHmsEvent(serverName, tableEvent); notifyHmsEvent(event); } @@ -113,7 +116,7 @@ public class SentrySyncHMSNotificationsPostEventListener extends MetaStoreEventL if (failedEvent(tableEvent, EventType.DROP_TABLE)) { return; } - SentryHmsEvent event = new SentryHmsEvent(tableEvent); + SentryHmsEvent event = new SentryHmsEvent(serverName, tableEvent); notifyHmsEvent(event); } @@ -153,7 +156,7 @@ public class SentrySyncHMSNotificationsPostEventListener extends MetaStoreEventL return; } - SentryHmsEvent event = new SentryHmsEvent(tableEvent); + SentryHmsEvent event = new SentryHmsEvent(serverName, tableEvent); notifyHmsEvent(event); } @@ -184,7 +187,7 @@ public class SentrySyncHMSNotificationsPostEventListener extends MetaStoreEventL if (failedEvent(dbEvent, EventType.CREATE_DATABASE)) { return; } - SentryHmsEvent event = new SentryHmsEvent(dbEvent); + SentryHmsEvent event = new SentryHmsEvent(serverName, dbEvent); notifyHmsEvent(event); } @@ -200,7 +203,7 @@ public class SentrySyncHMSNotificationsPostEventListener extends MetaStoreEventL if (failedEvent(dbEvent, EventType.DROP_DATABASE)) { return; } - SentryHmsEvent event = new SentryHmsEvent(dbEvent); + SentryHmsEvent event = new SentryHmsEvent(serverName, dbEvent); notifyHmsEvent(event); } @@ -306,4 +309,14 @@ public class SentrySyncHMSNotificationsPostEventListener extends MetaStoreEventL } return true; } + + private String getServerName() { + String serverName = authzConf.get(AuthzConfVars.AUTHZ_SERVER_NAME.getVar()); + if (!StringUtils.isEmpty(serverName)) { + return serverName; + } + + return authzConf.get(AuthzConfVars.AUTHZ_SERVER_NAME_DEPRECATED.getVar(), + AuthzConfVars.AUTHZ_SERVER_NAME_DEPRECATED.getDefault()); + } } http://git-wip-us.apache.org/repos/asf/sentry/blob/d0536f55/sentry-binding/sentry-binding-hive/src/test/java/org/apache/sentry/binding/metastore/TestSentrySyncHMSNotificationsPostEventListener.java ---------------------------------------------------------------------- diff --git a/sentry-binding/sentry-binding-hive/src/test/java/org/apache/sentry/binding/metastore/TestSentrySyncHMSNotificationsPostEventListener.java b/sentry-binding/sentry-binding-hive/src/test/java/org/apache/sentry/binding/metastore/TestSentrySyncHMSNotificationsPostEventListener.java index 8e79cac..6a09e67 100644 --- a/sentry-binding/sentry-binding-hive/src/test/java/org/apache/sentry/binding/metastore/TestSentrySyncHMSNotificationsPostEventListener.java +++ b/sentry-binding/sentry-binding-hive/src/test/java/org/apache/sentry/binding/metastore/TestSentrySyncHMSNotificationsPostEventListener.java @@ -35,6 +35,7 @@ import org.apache.sentry.api.service.thrift.TSentryAuthorizable; import org.apache.sentry.api.service.thrift.TSentryHmsEventNotification; import org.apache.sentry.api.service.thrift.TSentryObjectOwnerType; import org.apache.sentry.binding.hive.conf.HiveAuthzConf; +import org.apache.sentry.binding.hive.conf.HiveAuthzConf.AuthzConfVars; import org.apache.sentry.core.common.exception.SentryUserException; import org.apache.sentry.api.service.thrift.SentryPolicyServiceClient; import org.junit.Before; @@ -56,6 +57,7 @@ public class TestSentrySyncHMSNotificationsPostEventListener { private static final boolean SUCCESSFUL_STATUS = true; private static final boolean EVENT_ID_SET = true; private static final boolean EVENT_ID_UNSET = false; + private static final String SERVER1 = "server1"; private static final String DBNAME = "db1"; private static final String TABLENAME = "table1"; private static final String TABLENAME_NEW = "table_new"; @@ -75,6 +77,7 @@ public class TestSentrySyncHMSNotificationsPostEventListener { HiveConf hiveConf = new HiveConf(TestSentrySyncHMSNotificationsPostEventListener.class); hiveConf.set(HiveAuthzConf.HIVE_SENTRY_CONF_URL, "file://" + sentryConfFile); + hiveConf.set(AuthzConfVars.AUTHZ_SERVER_NAME.getVar(), SERVER1); // Instead of generating an empty sentry-site.xml, we just write the same info from HiveConf. // The SentrySyncHMSNotificationsPostEventListener won't use any information from it after all. @@ -103,7 +106,7 @@ public class TestSentrySyncHMSNotificationsPostEventListener { callAllEventsThatSynchronize(EventType.CREATE_DATABASE, SUCCESSFUL_STATUS, eventId++); TSentryHmsEventNotification notification = new TSentryHmsEventNotification(); - notification.setAuthorizable(new TSentryAuthorizable()); + notification.setAuthorizable(new TSentryAuthorizable(SERVER1)); notification.setId(eventId - 1); notification.setEventType(EventType.CREATE_DATABASE.toString()); @@ -173,7 +176,7 @@ public class TestSentrySyncHMSNotificationsPostEventListener { TSentryHmsEventNotification notification = new TSentryHmsEventNotification(); - notification.setAuthorizable(new TSentryAuthorizable()); + notification.setAuthorizable(new TSentryAuthorizable(SERVER1)); notification.setId(eventId); notification.setEventType(EventMessage.EventType.CREATE_TABLE.toString()); @@ -199,7 +202,7 @@ public class TestSentrySyncHMSNotificationsPostEventListener { TSentryHmsEventNotification notification = new TSentryHmsEventNotification(); - notification.setAuthorizable(new TSentryAuthorizable()); + notification.setAuthorizable(new TSentryAuthorizable(SERVER1)); notification.setId(eventId); notification.setEventType(EventMessage.EventType.DROP_TABLE.toString()); @@ -225,7 +228,7 @@ public class TestSentrySyncHMSNotificationsPostEventListener { TSentryHmsEventNotification notification = new TSentryHmsEventNotification(); - notification.setAuthorizable(new TSentryAuthorizable()); + notification.setAuthorizable(new TSentryAuthorizable(SERVER1)); notification.setId(eventId); notification.setEventType(EventMessage.EventType.CREATE_DATABASE.toString()); @@ -250,7 +253,7 @@ public class TestSentrySyncHMSNotificationsPostEventListener { TSentryHmsEventNotification notification = new TSentryHmsEventNotification(); - notification.setAuthorizable(new TSentryAuthorizable()); + notification.setAuthorizable(new TSentryAuthorizable(SERVER1)); notification.setId(eventId); notification.setEventType(EventType.DROP_DATABASE.toString()); @@ -282,7 +285,7 @@ public class TestSentrySyncHMSNotificationsPostEventListener { TSentryHmsEventNotification notification = new TSentryHmsEventNotification(); - notification.setAuthorizable(new TSentryAuthorizable()); + notification.setAuthorizable(new TSentryAuthorizable(SERVER1)); notification.setId(eventId); notification.setEventType(EventType.ALTER_TABLE.toString()); @@ -315,7 +318,7 @@ public class TestSentrySyncHMSNotificationsPostEventListener { TSentryHmsEventNotification notification = new TSentryHmsEventNotification(); - notification.setAuthorizable(new TSentryAuthorizable()); + notification.setAuthorizable(new TSentryAuthorizable(SERVER1)); notification.setId(eventId); notification.setEventType(EventType.ALTER_TABLE.toString()); @@ -346,7 +349,7 @@ public class TestSentrySyncHMSNotificationsPostEventListener { TSentryHmsEventNotification notification = new TSentryHmsEventNotification(); - notification.setAuthorizable(new TSentryAuthorizable()); + notification.setAuthorizable(new TSentryAuthorizable(SERVER1)); notification.setId(eventId); notification.setEventType(EventType.ALTER_TABLE.toString()); @@ -412,7 +415,7 @@ public class TestSentrySyncHMSNotificationsPostEventListener { private void verifyInvocations() throws Exception { TSentryHmsEventNotification notification = new TSentryHmsEventNotification(); int i = 1; - notification.setAuthorizable(new TSentryAuthorizable()); + notification.setAuthorizable(new TSentryAuthorizable(SERVER1)); notification.setId(i); notification.setEventType(EventMessage.EventType.CREATE_DATABASE.toString()); http://git-wip-us.apache.org/repos/asf/sentry/blob/d0536f55/sentry-service/sentry-service-api/src/gen/thrift/gen-javabean/org/apache/sentry/api/service/thrift/TSentryHmsEventNotification.java ---------------------------------------------------------------------- diff --git a/sentry-service/sentry-service-api/src/gen/thrift/gen-javabean/org/apache/sentry/api/service/thrift/TSentryHmsEventNotification.java b/sentry-service/sentry-service-api/src/gen/thrift/gen-javabean/org/apache/sentry/api/service/thrift/TSentryHmsEventNotification.java index 75b2799..2252a59 100644 --- a/sentry-service/sentry-service-api/src/gen/thrift/gen-javabean/org/apache/sentry/api/service/thrift/TSentryHmsEventNotification.java +++ b/sentry-service/sentry-service-api/src/gen/thrift/gen-javabean/org/apache/sentry/api/service/thrift/TSentryHmsEventNotification.java @@ -41,9 +41,9 @@ public class TSentryHmsEventNotification implements org.apache.thrift.TBase<TSen private static final org.apache.thrift.protocol.TField PROTOCOL_VERSION_FIELD_DESC = new org.apache.thrift.protocol.TField("protocol_version", org.apache.thrift.protocol.TType.I32, (short)1); private static final org.apache.thrift.protocol.TField ID_FIELD_DESC = new org.apache.thrift.protocol.TField("id", org.apache.thrift.protocol.TType.I64, (short)2); private static final org.apache.thrift.protocol.TField EVENT_TYPE_FIELD_DESC = new org.apache.thrift.protocol.TField("eventType", org.apache.thrift.protocol.TType.STRING, (short)3); - private static final org.apache.thrift.protocol.TField OWNER_TYPE_FIELD_DESC = new org.apache.thrift.protocol.TField("ownerType", org.apache.thrift.protocol.TType.I32, (short)4); - private static final org.apache.thrift.protocol.TField OWNER_NAME_FIELD_DESC = new org.apache.thrift.protocol.TField("ownerName", org.apache.thrift.protocol.TType.STRING, (short)5); - private static final org.apache.thrift.protocol.TField AUTHORIZABLE_FIELD_DESC = new org.apache.thrift.protocol.TField("authorizable", org.apache.thrift.protocol.TType.STRUCT, (short)6); + private static final org.apache.thrift.protocol.TField AUTHORIZABLE_FIELD_DESC = new org.apache.thrift.protocol.TField("authorizable", org.apache.thrift.protocol.TType.STRUCT, (short)4); + private static final org.apache.thrift.protocol.TField OWNER_TYPE_FIELD_DESC = new org.apache.thrift.protocol.TField("ownerType", org.apache.thrift.protocol.TType.I32, (short)5); + private static final org.apache.thrift.protocol.TField OWNER_NAME_FIELD_DESC = new org.apache.thrift.protocol.TField("ownerName", org.apache.thrift.protocol.TType.STRING, (short)6); private static final Map<Class<? extends IScheme>, SchemeFactory> schemes = new HashMap<Class<? extends IScheme>, SchemeFactory>(); static { @@ -54,22 +54,22 @@ public class TSentryHmsEventNotification implements org.apache.thrift.TBase<TSen private int protocol_version; // required private long id; // required private String eventType; // required - private TSentryObjectOwnerType ownerType; // required - private String ownerName; // required private TSentryAuthorizable authorizable; // required + private TSentryObjectOwnerType ownerType; // optional + private String ownerName; // optional /** The set of fields this struct contains, along with convenience methods for finding and manipulating them. */ public enum _Fields implements org.apache.thrift.TFieldIdEnum { PROTOCOL_VERSION((short)1, "protocol_version"), ID((short)2, "id"), EVENT_TYPE((short)3, "eventType"), + AUTHORIZABLE((short)4, "authorizable"), /** * * @see TSentryObjectOwnerType */ - OWNER_TYPE((short)4, "ownerType"), - OWNER_NAME((short)5, "ownerName"), - AUTHORIZABLE((short)6, "authorizable"); + OWNER_TYPE((short)5, "ownerType"), + OWNER_NAME((short)6, "ownerName"); private static final Map<String, _Fields> byName = new HashMap<String, _Fields>(); @@ -90,12 +90,12 @@ public class TSentryHmsEventNotification implements org.apache.thrift.TBase<TSen return ID; case 3: // EVENT_TYPE return EVENT_TYPE; - case 4: // OWNER_TYPE + case 4: // AUTHORIZABLE + return AUTHORIZABLE; + case 5: // OWNER_TYPE return OWNER_TYPE; - case 5: // OWNER_NAME + case 6: // OWNER_NAME return OWNER_NAME; - case 6: // AUTHORIZABLE - return AUTHORIZABLE; default: return null; } @@ -139,6 +139,7 @@ public class TSentryHmsEventNotification implements org.apache.thrift.TBase<TSen private static final int __PROTOCOL_VERSION_ISSET_ID = 0; private static final int __ID_ISSET_ID = 1; private byte __isset_bitfield = 0; + private static final _Fields optionals[] = {_Fields.OWNER_TYPE,_Fields.OWNER_NAME}; public static final Map<_Fields, org.apache.thrift.meta_data.FieldMetaData> metaDataMap; static { Map<_Fields, org.apache.thrift.meta_data.FieldMetaData> tmpMap = new EnumMap<_Fields, org.apache.thrift.meta_data.FieldMetaData>(_Fields.class); @@ -148,12 +149,12 @@ public class TSentryHmsEventNotification implements org.apache.thrift.TBase<TSen new org.apache.thrift.meta_data.FieldValueMetaData(org.apache.thrift.protocol.TType.I64))); tmpMap.put(_Fields.EVENT_TYPE, new org.apache.thrift.meta_data.FieldMetaData("eventType", org.apache.thrift.TFieldRequirementType.REQUIRED, new org.apache.thrift.meta_data.FieldValueMetaData(org.apache.thrift.protocol.TType.STRING))); - tmpMap.put(_Fields.OWNER_TYPE, new org.apache.thrift.meta_data.FieldMetaData("ownerType", org.apache.thrift.TFieldRequirementType.REQUIRED, - new org.apache.thrift.meta_data.EnumMetaData(org.apache.thrift.protocol.TType.ENUM, TSentryObjectOwnerType.class))); - tmpMap.put(_Fields.OWNER_NAME, new org.apache.thrift.meta_data.FieldMetaData("ownerName", org.apache.thrift.TFieldRequirementType.REQUIRED, - new org.apache.thrift.meta_data.FieldValueMetaData(org.apache.thrift.protocol.TType.STRING))); tmpMap.put(_Fields.AUTHORIZABLE, new org.apache.thrift.meta_data.FieldMetaData("authorizable", org.apache.thrift.TFieldRequirementType.REQUIRED, new org.apache.thrift.meta_data.StructMetaData(org.apache.thrift.protocol.TType.STRUCT, TSentryAuthorizable.class))); + tmpMap.put(_Fields.OWNER_TYPE, new org.apache.thrift.meta_data.FieldMetaData("ownerType", org.apache.thrift.TFieldRequirementType.OPTIONAL, + new org.apache.thrift.meta_data.EnumMetaData(org.apache.thrift.protocol.TType.ENUM, TSentryObjectOwnerType.class))); + tmpMap.put(_Fields.OWNER_NAME, new org.apache.thrift.meta_data.FieldMetaData("ownerName", org.apache.thrift.TFieldRequirementType.OPTIONAL, + new org.apache.thrift.meta_data.FieldValueMetaData(org.apache.thrift.protocol.TType.STRING))); metaDataMap = Collections.unmodifiableMap(tmpMap); org.apache.thrift.meta_data.FieldMetaData.addStructMetaDataMap(TSentryHmsEventNotification.class, metaDataMap); } @@ -167,8 +168,6 @@ public class TSentryHmsEventNotification implements org.apache.thrift.TBase<TSen int protocol_version, long id, String eventType, - TSentryObjectOwnerType ownerType, - String ownerName, TSentryAuthorizable authorizable) { this(); @@ -177,8 +176,6 @@ public class TSentryHmsEventNotification implements org.apache.thrift.TBase<TSen this.id = id; setIdIsSet(true); this.eventType = eventType; - this.ownerType = ownerType; - this.ownerName = ownerName; this.authorizable = authorizable; } @@ -192,15 +189,15 @@ public class TSentryHmsEventNotification implements org.apache.thrift.TBase<TSen if (other.isSetEventType()) { this.eventType = other.eventType; } + if (other.isSetAuthorizable()) { + this.authorizable = new TSentryAuthorizable(other.authorizable); + } if (other.isSetOwnerType()) { this.ownerType = other.ownerType; } if (other.isSetOwnerName()) { this.ownerName = other.ownerName; } - if (other.isSetAuthorizable()) { - this.authorizable = new TSentryAuthorizable(other.authorizable); - } } public TSentryHmsEventNotification deepCopy() { @@ -214,9 +211,9 @@ public class TSentryHmsEventNotification implements org.apache.thrift.TBase<TSen setIdIsSet(false); this.id = 0; this.eventType = null; + this.authorizable = null; this.ownerType = null; this.ownerName = null; - this.authorizable = null; } public int getProtocol_version() { @@ -286,6 +283,29 @@ public class TSentryHmsEventNotification implements org.apache.thrift.TBase<TSen } } + public TSentryAuthorizable getAuthorizable() { + return this.authorizable; + } + + public void setAuthorizable(TSentryAuthorizable authorizable) { + this.authorizable = authorizable; + } + + public void unsetAuthorizable() { + this.authorizable = null; + } + + /** Returns true if field authorizable is set (has been assigned a value) and false otherwise */ + public boolean isSetAuthorizable() { + return this.authorizable != null; + } + + public void setAuthorizableIsSet(boolean value) { + if (!value) { + this.authorizable = null; + } + } + /** * * @see TSentryObjectOwnerType @@ -340,29 +360,6 @@ public class TSentryHmsEventNotification implements org.apache.thrift.TBase<TSen } } - public TSentryAuthorizable getAuthorizable() { - return this.authorizable; - } - - public void setAuthorizable(TSentryAuthorizable authorizable) { - this.authorizable = authorizable; - } - - public void unsetAuthorizable() { - this.authorizable = null; - } - - /** Returns true if field authorizable is set (has been assigned a value) and false otherwise */ - public boolean isSetAuthorizable() { - return this.authorizable != null; - } - - public void setAuthorizableIsSet(boolean value) { - if (!value) { - this.authorizable = null; - } - } - public void setFieldValue(_Fields field, Object value) { switch (field) { case PROTOCOL_VERSION: @@ -389,6 +386,14 @@ public class TSentryHmsEventNotification implements org.apache.thrift.TBase<TSen } break; + case AUTHORIZABLE: + if (value == null) { + unsetAuthorizable(); + } else { + setAuthorizable((TSentryAuthorizable)value); + } + break; + case OWNER_TYPE: if (value == null) { unsetOwnerType(); @@ -405,14 +410,6 @@ public class TSentryHmsEventNotification implements org.apache.thrift.TBase<TSen } break; - case AUTHORIZABLE: - if (value == null) { - unsetAuthorizable(); - } else { - setAuthorizable((TSentryAuthorizable)value); - } - break; - } } @@ -427,15 +424,15 @@ public class TSentryHmsEventNotification implements org.apache.thrift.TBase<TSen case EVENT_TYPE: return getEventType(); + case AUTHORIZABLE: + return getAuthorizable(); + case OWNER_TYPE: return getOwnerType(); case OWNER_NAME: return getOwnerName(); - case AUTHORIZABLE: - return getAuthorizable(); - } throw new IllegalStateException(); } @@ -453,12 +450,12 @@ public class TSentryHmsEventNotification implements org.apache.thrift.TBase<TSen return isSetId(); case EVENT_TYPE: return isSetEventType(); + case AUTHORIZABLE: + return isSetAuthorizable(); case OWNER_TYPE: return isSetOwnerType(); case OWNER_NAME: return isSetOwnerName(); - case AUTHORIZABLE: - return isSetAuthorizable(); } throw new IllegalStateException(); } @@ -503,6 +500,15 @@ public class TSentryHmsEventNotification implements org.apache.thrift.TBase<TSen return false; } + boolean this_present_authorizable = true && this.isSetAuthorizable(); + boolean that_present_authorizable = true && that.isSetAuthorizable(); + if (this_present_authorizable || that_present_authorizable) { + if (!(this_present_authorizable && that_present_authorizable)) + return false; + if (!this.authorizable.equals(that.authorizable)) + return false; + } + boolean this_present_ownerType = true && this.isSetOwnerType(); boolean that_present_ownerType = true && that.isSetOwnerType(); if (this_present_ownerType || that_present_ownerType) { @@ -521,15 +527,6 @@ public class TSentryHmsEventNotification implements org.apache.thrift.TBase<TSen return false; } - boolean this_present_authorizable = true && this.isSetAuthorizable(); - boolean that_present_authorizable = true && that.isSetAuthorizable(); - if (this_present_authorizable || that_present_authorizable) { - if (!(this_present_authorizable && that_present_authorizable)) - return false; - if (!this.authorizable.equals(that.authorizable)) - return false; - } - return true; } @@ -552,6 +549,11 @@ public class TSentryHmsEventNotification implements org.apache.thrift.TBase<TSen if (present_eventType) list.add(eventType); + boolean present_authorizable = true && (isSetAuthorizable()); + list.add(present_authorizable); + if (present_authorizable) + list.add(authorizable); + boolean present_ownerType = true && (isSetOwnerType()); list.add(present_ownerType); if (present_ownerType) @@ -562,11 +564,6 @@ public class TSentryHmsEventNotification implements org.apache.thrift.TBase<TSen if (present_ownerName) list.add(ownerName); - boolean present_authorizable = true && (isSetAuthorizable()); - list.add(present_authorizable); - if (present_authorizable) - list.add(authorizable); - return list.hashCode(); } @@ -608,32 +605,32 @@ public class TSentryHmsEventNotification implements org.apache.thrift.TBase<TSen return lastComparison; } } - lastComparison = Boolean.valueOf(isSetOwnerType()).compareTo(other.isSetOwnerType()); + lastComparison = Boolean.valueOf(isSetAuthorizable()).compareTo(other.isSetAuthorizable()); if (lastComparison != 0) { return lastComparison; } - if (isSetOwnerType()) { - lastComparison = org.apache.thrift.TBaseHelper.compareTo(this.ownerType, other.ownerType); + if (isSetAuthorizable()) { + lastComparison = org.apache.thrift.TBaseHelper.compareTo(this.authorizable, other.authorizable); if (lastComparison != 0) { return lastComparison; } } - lastComparison = Boolean.valueOf(isSetOwnerName()).compareTo(other.isSetOwnerName()); + lastComparison = Boolean.valueOf(isSetOwnerType()).compareTo(other.isSetOwnerType()); if (lastComparison != 0) { return lastComparison; } - if (isSetOwnerName()) { - lastComparison = org.apache.thrift.TBaseHelper.compareTo(this.ownerName, other.ownerName); + if (isSetOwnerType()) { + lastComparison = org.apache.thrift.TBaseHelper.compareTo(this.ownerType, other.ownerType); if (lastComparison != 0) { return lastComparison; } } - lastComparison = Boolean.valueOf(isSetAuthorizable()).compareTo(other.isSetAuthorizable()); + lastComparison = Boolean.valueOf(isSetOwnerName()).compareTo(other.isSetOwnerName()); if (lastComparison != 0) { return lastComparison; } - if (isSetAuthorizable()) { - lastComparison = org.apache.thrift.TBaseHelper.compareTo(this.authorizable, other.authorizable); + if (isSetOwnerName()) { + lastComparison = org.apache.thrift.TBaseHelper.compareTo(this.ownerName, other.ownerName); if (lastComparison != 0) { return lastComparison; } @@ -674,22 +671,6 @@ public class TSentryHmsEventNotification implements org.apache.thrift.TBase<TSen } first = false; if (!first) sb.append(", "); - sb.append("ownerType:"); - if (this.ownerType == null) { - sb.append("null"); - } else { - sb.append(this.ownerType); - } - first = false; - if (!first) sb.append(", "); - sb.append("ownerName:"); - if (this.ownerName == null) { - sb.append("null"); - } else { - sb.append(this.ownerName); - } - first = false; - if (!first) sb.append(", "); sb.append("authorizable:"); if (this.authorizable == null) { sb.append("null"); @@ -697,6 +678,26 @@ public class TSentryHmsEventNotification implements org.apache.thrift.TBase<TSen sb.append(this.authorizable); } first = false; + if (isSetOwnerType()) { + if (!first) sb.append(", "); + sb.append("ownerType:"); + if (this.ownerType == null) { + sb.append("null"); + } else { + sb.append(this.ownerType); + } + first = false; + } + if (isSetOwnerName()) { + if (!first) sb.append(", "); + sb.append("ownerName:"); + if (this.ownerName == null) { + sb.append("null"); + } else { + sb.append(this.ownerName); + } + first = false; + } sb.append(")"); return sb.toString(); } @@ -715,14 +716,6 @@ public class TSentryHmsEventNotification implements org.apache.thrift.TBase<TSen throw new org.apache.thrift.protocol.TProtocolException("Required field 'eventType' is unset! Struct:" + toString()); } - if (!isSetOwnerType()) { - throw new org.apache.thrift.protocol.TProtocolException("Required field 'ownerType' is unset! Struct:" + toString()); - } - - if (!isSetOwnerName()) { - throw new org.apache.thrift.protocol.TProtocolException("Required field 'ownerName' is unset! Struct:" + toString()); - } - if (!isSetAuthorizable()) { throw new org.apache.thrift.protocol.TProtocolException("Required field 'authorizable' is unset! Struct:" + toString()); } @@ -793,7 +786,16 @@ public class TSentryHmsEventNotification implements org.apache.thrift.TBase<TSen org.apache.thrift.protocol.TProtocolUtil.skip(iprot, schemeField.type); } break; - case 4: // OWNER_TYPE + case 4: // AUTHORIZABLE + if (schemeField.type == org.apache.thrift.protocol.TType.STRUCT) { + struct.authorizable = new TSentryAuthorizable(); + struct.authorizable.read(iprot); + struct.setAuthorizableIsSet(true); + } else { + org.apache.thrift.protocol.TProtocolUtil.skip(iprot, schemeField.type); + } + break; + case 5: // OWNER_TYPE if (schemeField.type == org.apache.thrift.protocol.TType.I32) { struct.ownerType = org.apache.sentry.api.service.thrift.TSentryObjectOwnerType.findByValue(iprot.readI32()); struct.setOwnerTypeIsSet(true); @@ -801,7 +803,7 @@ public class TSentryHmsEventNotification implements org.apache.thrift.TBase<TSen org.apache.thrift.protocol.TProtocolUtil.skip(iprot, schemeField.type); } break; - case 5: // OWNER_NAME + case 6: // OWNER_NAME if (schemeField.type == org.apache.thrift.protocol.TType.STRING) { struct.ownerName = iprot.readString(); struct.setOwnerNameIsSet(true); @@ -809,15 +811,6 @@ public class TSentryHmsEventNotification implements org.apache.thrift.TBase<TSen org.apache.thrift.protocol.TProtocolUtil.skip(iprot, schemeField.type); } break; - case 6: // AUTHORIZABLE - if (schemeField.type == org.apache.thrift.protocol.TType.STRUCT) { - struct.authorizable = new TSentryAuthorizable(); - struct.authorizable.read(iprot); - struct.setAuthorizableIsSet(true); - } else { - org.apache.thrift.protocol.TProtocolUtil.skip(iprot, schemeField.type); - } - break; default: org.apache.thrift.protocol.TProtocolUtil.skip(iprot, schemeField.type); } @@ -842,21 +835,25 @@ public class TSentryHmsEventNotification implements org.apache.thrift.TBase<TSen oprot.writeString(struct.eventType); oprot.writeFieldEnd(); } - if (struct.ownerType != null) { - oprot.writeFieldBegin(OWNER_TYPE_FIELD_DESC); - oprot.writeI32(struct.ownerType.getValue()); - oprot.writeFieldEnd(); - } - if (struct.ownerName != null) { - oprot.writeFieldBegin(OWNER_NAME_FIELD_DESC); - oprot.writeString(struct.ownerName); - oprot.writeFieldEnd(); - } if (struct.authorizable != null) { oprot.writeFieldBegin(AUTHORIZABLE_FIELD_DESC); struct.authorizable.write(oprot); oprot.writeFieldEnd(); } + if (struct.ownerType != null) { + if (struct.isSetOwnerType()) { + oprot.writeFieldBegin(OWNER_TYPE_FIELD_DESC); + oprot.writeI32(struct.ownerType.getValue()); + oprot.writeFieldEnd(); + } + } + if (struct.ownerName != null) { + if (struct.isSetOwnerName()) { + oprot.writeFieldBegin(OWNER_NAME_FIELD_DESC); + oprot.writeString(struct.ownerName); + oprot.writeFieldEnd(); + } + } oprot.writeFieldStop(); oprot.writeStructEnd(); } @@ -877,9 +874,21 @@ public class TSentryHmsEventNotification implements org.apache.thrift.TBase<TSen oprot.writeI32(struct.protocol_version); oprot.writeI64(struct.id); oprot.writeString(struct.eventType); - oprot.writeI32(struct.ownerType.getValue()); - oprot.writeString(struct.ownerName); struct.authorizable.write(oprot); + BitSet optionals = new BitSet(); + if (struct.isSetOwnerType()) { + optionals.set(0); + } + if (struct.isSetOwnerName()) { + optionals.set(1); + } + oprot.writeBitSet(optionals, 2); + if (struct.isSetOwnerType()) { + oprot.writeI32(struct.ownerType.getValue()); + } + if (struct.isSetOwnerName()) { + oprot.writeString(struct.ownerName); + } } @Override @@ -891,13 +900,18 @@ public class TSentryHmsEventNotification implements org.apache.thrift.TBase<TSen struct.setIdIsSet(true); struct.eventType = iprot.readString(); struct.setEventTypeIsSet(true); - struct.ownerType = org.apache.sentry.api.service.thrift.TSentryObjectOwnerType.findByValue(iprot.readI32()); - struct.setOwnerTypeIsSet(true); - struct.ownerName = iprot.readString(); - struct.setOwnerNameIsSet(true); struct.authorizable = new TSentryAuthorizable(); struct.authorizable.read(iprot); struct.setAuthorizableIsSet(true); + BitSet incoming = iprot.readBitSet(2); + if (incoming.get(0)) { + struct.ownerType = org.apache.sentry.api.service.thrift.TSentryObjectOwnerType.findByValue(iprot.readI32()); + struct.setOwnerTypeIsSet(true); + } + if (incoming.get(1)) { + struct.ownerName = iprot.readString(); + struct.setOwnerNameIsSet(true); + } } } http://git-wip-us.apache.org/repos/asf/sentry/blob/d0536f55/sentry-service/sentry-service-api/src/main/resources/sentry_policy_service.thrift ---------------------------------------------------------------------- diff --git a/sentry-service/sentry-service-api/src/main/resources/sentry_policy_service.thrift b/sentry-service/sentry-service-api/src/main/resources/sentry_policy_service.thrift index 1b0de6a..8d55f39 100644 --- a/sentry-service/sentry-service-api/src/main/resources/sentry_policy_service.thrift +++ b/sentry-service/sentry-service-api/src/main/resources/sentry_policy_service.thrift @@ -357,9 +357,10 @@ struct TSentryHmsEventNotification { 2: required i64 id, # Requested ID # Constructed from enum org.apache.hadoop.hive.metastore.messaging.EventMessage.EventType 3: required string eventType, # Type of the event which resulted in owner update request -4: required TSentryObjectOwnerType ownerType, # Type of the owner -5: required string ownerName, # owner name -6: required TSentryAuthorizable authorizable +4: required TSentryAuthorizable authorizable, # Authorizable object +5: optional TSentryObjectOwnerType ownerType, # Type of the owner +6: optional string ownerName # owner name + } struct TSentryHmsEventNotificationResponse { http://git-wip-us.apache.org/repos/asf/sentry/blob/d0536f55/sentry-service/sentry-service-server/src/main/java/org/apache/sentry/api/service/thrift/SentryPolicyStoreProcessor.java ---------------------------------------------------------------------- diff --git a/sentry-service/sentry-service-server/src/main/java/org/apache/sentry/api/service/thrift/SentryPolicyStoreProcessor.java b/sentry-service/sentry-service-server/src/main/java/org/apache/sentry/api/service/thrift/SentryPolicyStoreProcessor.java index fe6389c..e7d81ed 100644 --- a/sentry-service/sentry-service-server/src/main/java/org/apache/sentry/api/service/thrift/SentryPolicyStoreProcessor.java +++ b/sentry-service/sentry-service-server/src/main/java/org/apache/sentry/api/service/thrift/SentryPolicyStoreProcessor.java @@ -1365,6 +1365,8 @@ public class SentryPolicyStoreProcessor implements SentryPolicyService.Iface { // Wait till Sentry server processes HMS Notification Event. if(request.getId() > 0) { response.setId(syncEventId(request.getId())); + } else { + response.setId(0L); } //Grant privilege to the owner. grantOwnerPrivilege(request); @@ -1374,6 +1376,8 @@ public class SentryPolicyStoreProcessor implements SentryPolicyService.Iface { // Wait till Sentry server processes HMS Notification Event. if(request.getId() > 0) { response.setId(syncEventId(request.getId())); + } else { + response.setId(0L); } // Owner privileges for the database and tables that are dropped are cleaned-up when // sentry fetches and process the DROP_DATABASE and DROP_TABLE notifications. @@ -1387,6 +1391,8 @@ public class SentryPolicyStoreProcessor implements SentryPolicyService.Iface { // Wait till Sentry server processes HMS Notification Event. if(request.getId() > 0) { response.setId(syncEventId(request.getId())); + } else { + response.setId(0L); } // Owner is updated. There is no need to wait till Sentry processes HMS Notification Event. // Revoke owner privilege from old owners and grant one to the new owner.
