Repository: sentry Updated Branches: refs/heads/master 00274ccd6 -> 03ef821ec
SENTRY-2294: Add requestorUsername to client.notifyHmsEvent() method (Sergio Pena, reviewed by Na Li, Arjun Mishra) Project: http://git-wip-us.apache.org/repos/asf/sentry/repo Commit: http://git-wip-us.apache.org/repos/asf/sentry/commit/03ef821e Tree: http://git-wip-us.apache.org/repos/asf/sentry/tree/03ef821e Diff: http://git-wip-us.apache.org/repos/asf/sentry/diff/03ef821e Branch: refs/heads/master Commit: 03ef821ec4d2948020eb0fdf4b1bdbd5bf807a20 Parents: 00274cc Author: Sergio Pena <[email protected]> Authored: Fri Jun 29 15:56:31 2018 -0500 Committer: Sergio Pena <[email protected]> Committed: Mon Jul 2 14:20:28 2018 -0500 ---------------------------------------------------------------------- .../binding/metastore/SentryHmsEvent.java | 30 ++-- ...rySyncHMSNotificationsPostEventListener.java | 23 ++- ...rySyncHMSNotificationsPostEventListener.java | 161 ++++++------------- .../thrift/TSentryHmsEventNotification.java | 141 +++++++++++++--- .../thrift/SentryPolicyServiceClient.java | 13 +- .../SentryPolicyServiceClientDefaultImpl.java | 13 +- .../main/resources/sentry_policy_service.thrift | 11 +- .../thrift/SentryPolicyStoreProcessor.java | 6 +- 8 files changed, 235 insertions(+), 163 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/sentry/blob/03ef821e/sentry-binding/sentry-binding-hive/src/main/java/org/apache/sentry/binding/metastore/SentryHmsEvent.java ---------------------------------------------------------------------- diff --git a/sentry-binding/sentry-binding-hive/src/main/java/org/apache/sentry/binding/metastore/SentryHmsEvent.java b/sentry-binding/sentry-binding-hive/src/main/java/org/apache/sentry/binding/metastore/SentryHmsEvent.java index 60f17b0..ef63a34 100644 --- a/sentry-binding/sentry-binding-hive/src/main/java/org/apache/sentry/binding/metastore/SentryHmsEvent.java +++ b/sentry-binding/sentry-binding-hive/src/main/java/org/apache/sentry/binding/metastore/SentryHmsEvent.java @@ -30,9 +30,7 @@ import org.apache.hadoop.hive.metastore.events.DropTableEvent; import org.apache.hadoop.hive.metastore.events.AlterTableEvent; import org.apache.hadoop.hive.metastore.events.ListenerEvent; import org.apache.hadoop.hive.metastore.messaging.EventMessage.EventType; -import org.apache.sentry.api.common.ThriftConstants; import org.apache.sentry.api.service.thrift.TSentryAuthorizable; -import org.apache.sentry.api.service.thrift.TSentryHmsEventNotification; import org.apache.sentry.api.service.thrift.TSentryObjectOwnerType; import java.util.Map; @@ -147,6 +145,18 @@ class SentryHmsEvent { return eventId; } + public TSentryObjectOwnerType getOwnerType() { + return ownerType; + } + + public String getOwnerName() { + return ownerName; + } + + public TSentryAuthorizable getAuthorizable() { + return authorizable; + } + private void setOwnerInfo(Table table) { ownerName = (table != null) ? table.getOwner() : null; // Hive 2.3.2 currently support owner type. Assuming user as the type for now. @@ -185,22 +195,6 @@ class SentryHmsEvent { } /** - * Constructs notification message that is sent to sentry server. - * - * @return notification event. - */ - public TSentryHmsEventNotification getHmsEventNotification() { - TSentryHmsEventNotification updateAndSyncIDRequest = new TSentryHmsEventNotification(); - updateAndSyncIDRequest.setProtocol_version(ThriftConstants.TSENTRY_SERVICE_VERSION_CURRENT); - updateAndSyncIDRequest.setOwnerName(ownerName); - updateAndSyncIDRequest.setOwnerType(ownerType); - updateAndSyncIDRequest.setAuthorizable(authorizable); - updateAndSyncIDRequest.setId(eventId); - updateAndSyncIDRequest.setEventType(eventType.toString()); - return updateAndSyncIDRequest; - } - - /** * Converts Principle to Owner Type defined by sentry. * * @param principalType Hive Principle Type http://git-wip-us.apache.org/repos/asf/sentry/blob/03ef821e/sentry-binding/sentry-binding-hive/src/main/java/org/apache/sentry/binding/metastore/SentrySyncHMSNotificationsPostEventListener.java ---------------------------------------------------------------------- diff --git a/sentry-binding/sentry-binding-hive/src/main/java/org/apache/sentry/binding/metastore/SentrySyncHMSNotificationsPostEventListener.java b/sentry-binding/sentry-binding-hive/src/main/java/org/apache/sentry/binding/metastore/SentrySyncHMSNotificationsPostEventListener.java index 7e3419b..080eda8 100644 --- a/sentry-binding/sentry-binding-hive/src/main/java/org/apache/sentry/binding/metastore/SentrySyncHMSNotificationsPostEventListener.java +++ b/sentry-binding/sentry-binding-hive/src/main/java/org/apache/sentry/binding/metastore/SentrySyncHMSNotificationsPostEventListener.java @@ -19,8 +19,10 @@ package org.apache.sentry.binding.metastore; import com.google.common.annotations.VisibleForTesting; +import java.io.IOException; import java.util.concurrent.atomic.AtomicLong; +import javax.security.auth.login.LoginException; import org.apache.commons.lang.StringUtils; import org.apache.hadoop.conf.Configuration; import org.apache.hadoop.hive.conf.HiveConf; @@ -37,6 +39,7 @@ import org.apache.hadoop.hive.metastore.events.DropPartitionEvent; import org.apache.hadoop.hive.metastore.events.DropTableEvent; import org.apache.hadoop.hive.metastore.events.ListenerEvent; import org.apache.hadoop.hive.metastore.messaging.EventMessage.EventType; +import org.apache.hadoop.hive.shims.Utils; import org.apache.sentry.binding.hive.conf.HiveAuthzConf; import org.apache.sentry.api.service.thrift.SentryPolicyServiceClient; import org.apache.sentry.binding.hive.conf.HiveAuthzConf.AuthzConfVars; @@ -212,7 +215,7 @@ public class SentrySyncHMSNotificationsPostEventListener extends MetaStoreEventL * * @param event Sentry HMS event. */ - private void notifyHmsEvent(SentryHmsEvent event ) { + private void notifyHmsEvent(SentryHmsEvent event) { /* If the HMS is running in an active transaction, then we do not want to sync with Sentry * because the desired eventId is not available for Sentry yet, and Sentry may block the HMS * forever or until a read time-out happens. @@ -228,7 +231,13 @@ public class SentrySyncHMSNotificationsPostEventListener extends MetaStoreEventL try (SentryPolicyServiceClient sentryClient = this.getSentryServiceClient()) { LOGGER.debug("Notifying sentry about Notification for {} (id: {})", event.getEventType(), event.getEventId()); - long sentryLatestProcessedId = sentryClient.notifyHmsNotification(event.getHmsEventNotification()); + long sentryLatestProcessedId = sentryClient.notifyHmsEvent( + getUserName(), + event.getEventId(), + event.getEventType().toString(), + event.getOwnerType(), + event.getOwnerName(), + event.getAuthorizable()); LOGGER.debug("Finished Notifying sentry about Notification for {} (id: {})", event.getEventType(), event.getEventId()); LOGGER.debug("Latest processed event ID returned by the Sentry server: {}", sentryLatestProcessedId); @@ -319,4 +328,14 @@ public class SentrySyncHMSNotificationsPostEventListener extends MetaStoreEventL return authzConf.get(AuthzConfVars.AUTHZ_SERVER_NAME_DEPRECATED.getVar(), AuthzConfVars.AUTHZ_SERVER_NAME_DEPRECATED.getDefault()); } + + private String getUserName() throws MetaException { + try { + return Utils.getUGI().getShortUserName(); + } catch (LoginException e) { + throw new MetaException("Failed to get username " + e.getMessage()); + } catch (IOException e) { + throw new MetaException("Failed to get username " + e.getMessage()); + } + } } http://git-wip-us.apache.org/repos/asf/sentry/blob/03ef821e/sentry-binding/sentry-binding-hive/src/test/java/org/apache/sentry/binding/metastore/TestSentrySyncHMSNotificationsPostEventListener.java ---------------------------------------------------------------------- diff --git a/sentry-binding/sentry-binding-hive/src/test/java/org/apache/sentry/binding/metastore/TestSentrySyncHMSNotificationsPostEventListener.java b/sentry-binding/sentry-binding-hive/src/test/java/org/apache/sentry/binding/metastore/TestSentrySyncHMSNotificationsPostEventListener.java index 6a09e67..e261fc6 100644 --- a/sentry-binding/sentry-binding-hive/src/test/java/org/apache/sentry/binding/metastore/TestSentrySyncHMSNotificationsPostEventListener.java +++ b/sentry-binding/sentry-binding-hive/src/test/java/org/apache/sentry/binding/metastore/TestSentrySyncHMSNotificationsPostEventListener.java @@ -17,6 +17,11 @@ */ package org.apache.sentry.binding.metastore; +import static org.mockito.Matchers.anyLong; +import static org.mockito.Matchers.anyObject; +import static org.mockito.Matchers.anyString; +import static org.mockito.Matchers.eq; + import org.apache.hadoop.hive.conf.HiveConf; import org.apache.hadoop.hive.metastore.MetaStoreEventListenerConstants; import org.apache.hadoop.hive.metastore.api.MetaException; @@ -26,7 +31,6 @@ import org.apache.hadoop.hive.metastore.events.CreateTableEvent; import org.apache.hadoop.hive.metastore.events.DropDatabaseEvent; import org.apache.hadoop.hive.metastore.events.DropTableEvent; import org.apache.hadoop.hive.metastore.events.ListenerEvent; -import org.apache.hadoop.hive.metastore.messaging.EventMessage; import org.apache.hadoop.hive.metastore.messaging.EventMessage.EventType; import org.apache.hadoop.hive.metastore.api.PrincipalType; import org.apache.hadoop.hive.metastore.api.Table; @@ -102,40 +106,32 @@ public class TestSentrySyncHMSNotificationsPostEventListener { @Test public void testSuccessfulEventsWithAnEventIdSyncNotifications() throws Exception { - int eventId = 1; + long eventId = 1; callAllEventsThatSynchronize(EventType.CREATE_DATABASE, SUCCESSFUL_STATUS, eventId++); - TSentryHmsEventNotification notification = new TSentryHmsEventNotification(); - notification.setAuthorizable(new TSentryAuthorizable(SERVER1)); - notification.setId(eventId - 1); - notification.setEventType(EventType.CREATE_DATABASE.toString()); Mockito.verify( mockSentryClient, Mockito.times(1) - ).notifyHmsNotification(notification); + ).notifyHmsEvent(anyString(), eq(eventId-1), eq(EventType.CREATE_DATABASE.toString()), + anyObject(), anyString(), eq(new TSentryAuthorizable(SERVER1))); callAllEventsThatSynchronize(EventType.DROP_DATABASE, SUCCESSFUL_STATUS, eventId++); - notification.setId(eventId - 1); - notification.setEventType(EventType.DROP_DATABASE.toString()); Mockito.verify( mockSentryClient, Mockito.times(1) - ).notifyHmsNotification(notification); + ).notifyHmsEvent(anyString(), eq(eventId-1), eq(EventType.DROP_DATABASE.toString()), + anyObject(), anyString(), eq(new TSentryAuthorizable(SERVER1))); callAllEventsThatSynchronize(EventType.CREATE_TABLE, SUCCESSFUL_STATUS, eventId++); - notification.setId(eventId - 1); - notification.setEventType(EventType.CREATE_TABLE.toString()); - notification.setOwnerType(TSentryObjectOwnerType.USER); Mockito.verify( mockSentryClient, Mockito.times(1) - ).notifyHmsNotification(notification); + ).notifyHmsEvent(anyString(), eq(eventId-1), eq(EventType.CREATE_TABLE.toString()), + eq(TSentryObjectOwnerType.USER), anyString(), eq(new TSentryAuthorizable(SERVER1))); long latestEventId = callAllEventsThatSynchronize(EventType.DROP_TABLE, SUCCESSFUL_STATUS, eventId++); - notification.setId(eventId - 1); - notification.setEventType(EventType.DROP_TABLE.toString()); - notification.setOwnerType(TSentryObjectOwnerType.USER); Mockito.verify( mockSentryClient, Mockito.times(1) - ).notifyHmsNotification(notification); + ).notifyHmsEvent(anyString(), eq(eventId-1), eq(EventType.DROP_TABLE.toString()), + eq(TSentryObjectOwnerType.USER), anyString(), eq(new TSentryAuthorizable(SERVER1))); Mockito.verify( @@ -153,7 +149,8 @@ public class TestSentrySyncHMSNotificationsPostEventListener { TSentryHmsEventNotification notification = (TSentryHmsEventNotification) invocation.getArguments()[0]; return notification.getId() + 1; } - }).when(mockSentryClient).notifyHmsNotification(Mockito.anyObject()); + }).when(mockSentryClient).notifyHmsEvent(anyString(), anyLong(), anyString(), + anyObject(), anyString(), anyObject()); long latestEventId = callAllEventsThatSynchronize(SUCCESSFUL_STATUS, EVENT_ID_SET); verifyInvocations(); @@ -165,7 +162,7 @@ public class TestSentrySyncHMSNotificationsPostEventListener { @Test public void notificationOnTableCreate() throws Exception { - int eventId = 1; + long eventId = 1; Table tb = new Table(); tb.setDbName(DBNAME); tb.setTableName(TABLENAME); @@ -174,24 +171,15 @@ public class TestSentrySyncHMSNotificationsPostEventListener { setEventId(EVENT_ID_SET, createTableEvent, eventId); eventListener.onCreateTable(createTableEvent); - TSentryHmsEventNotification notification = new TSentryHmsEventNotification(); - - notification.setAuthorizable(new TSentryAuthorizable(SERVER1)); - - notification.setId(eventId); - notification.setEventType(EventMessage.EventType.CREATE_TABLE.toString()); - notification.setOwnerName(OWNER); - notification.setOwnerType(TSentryObjectOwnerType.USER); - notification.getAuthorizable().setDb(DBNAME); - notification.getAuthorizable().setTable(TABLENAME); Mockito.verify( mockSentryClient, Mockito.times(1) - ).notifyHmsNotification(notification); + ).notifyHmsEvent(anyString(), eq(eventId), eq(EventType.CREATE_TABLE.toString()), + eq(TSentryObjectOwnerType.USER), eq(OWNER), eq(toAuthorizable(DBNAME, TABLENAME))); } @Test public void notificationOnTableDrop() throws Exception { - int eventId = 1; + long eventId = 1; Table tb = new Table(); tb.setDbName(DBNAME); tb.setTableName(TABLENAME); @@ -200,24 +188,15 @@ public class TestSentrySyncHMSNotificationsPostEventListener { setEventId(EVENT_ID_SET, dropTableEvent, eventId); eventListener.onDropTable(dropTableEvent); - TSentryHmsEventNotification notification = new TSentryHmsEventNotification(); - - notification.setAuthorizable(new TSentryAuthorizable(SERVER1)); - - notification.setId(eventId); - notification.setEventType(EventMessage.EventType.DROP_TABLE.toString()); - notification.setOwnerName(OWNER); - notification.setOwnerType(TSentryObjectOwnerType.USER); - notification.getAuthorizable().setDb(DBNAME); - notification.getAuthorizable().setTable(TABLENAME); Mockito.verify( mockSentryClient, Mockito.times(1) - ).notifyHmsNotification(notification); + ).notifyHmsEvent(anyString(), eq(eventId), eq(EventType.DROP_TABLE.toString()), + eq(TSentryObjectOwnerType.USER), eq(OWNER), eq(toAuthorizable(DBNAME, TABLENAME))); } @Test public void notificationOnDatabaseCreate() throws Exception { - int eventId = 1; + long eventId = 1; Database db = new Database(); db.setName(DBNAME); db.setOwnerName(OWNER); @@ -226,23 +205,15 @@ public class TestSentrySyncHMSNotificationsPostEventListener { setEventId(EVENT_ID_SET, createDatabaseEvent, eventId); eventListener.onCreateDatabase(createDatabaseEvent); - TSentryHmsEventNotification notification = new TSentryHmsEventNotification(); - - notification.setAuthorizable(new TSentryAuthorizable(SERVER1)); - - notification.setId(eventId); - notification.setEventType(EventMessage.EventType.CREATE_DATABASE.toString()); - notification.setOwnerName(OWNER); - notification.setOwnerType(TSentryObjectOwnerType.USER); - notification.getAuthorizable().setDb(DBNAME); Mockito.verify( mockSentryClient, Mockito.times(1) - ).notifyHmsNotification(notification); + ).notifyHmsEvent(anyString(), eq(eventId), eq(EventType.CREATE_DATABASE.toString()), + eq(TSentryObjectOwnerType.USER), eq(OWNER), eq(toAuthorizable(DBNAME, ""))); } @Test public void notificationOnDatabaseDrop() throws Exception { - int eventId = 1; + long eventId = 1; Database db = new Database(); db.setName(DBNAME); db.setOwnerName(OWNER); @@ -251,24 +222,16 @@ public class TestSentrySyncHMSNotificationsPostEventListener { setEventId(EVENT_ID_SET, dropDatabaseEvent, eventId); eventListener.onDropDatabase(dropDatabaseEvent); - TSentryHmsEventNotification notification = new TSentryHmsEventNotification(); - - notification.setAuthorizable(new TSentryAuthorizable(SERVER1)); - - notification.setId(eventId); - notification.setEventType(EventType.DROP_DATABASE.toString()); - notification.setOwnerName(OWNER); - notification.setOwnerType(TSentryObjectOwnerType.USER); - notification.getAuthorizable().setDb(DBNAME); Mockito.verify( mockSentryClient, Mockito.times(1) - ).notifyHmsNotification(notification); + ).notifyHmsEvent(anyString(), eq(eventId), eq(EventType.DROP_DATABASE.toString()), + eq(TSentryObjectOwnerType.USER), eq(OWNER), eq(toAuthorizable(DBNAME, ""))); } @Test public void notificationOnAlterTableOwnerChange() throws Exception { - int eventId = 1; + long eventId = 1; Table old_tb = new Table(); old_tb.setDbName(DBNAME); old_tb.setTableName(TABLENAME); @@ -283,25 +246,15 @@ public class TestSentrySyncHMSNotificationsPostEventListener { setEventId(EVENT_ID_SET, alterTableEvent, eventId); eventListener.onAlterTable(alterTableEvent); - TSentryHmsEventNotification notification = new TSentryHmsEventNotification(); - - notification.setAuthorizable(new TSentryAuthorizable(SERVER1)); - - notification.setId(eventId); - notification.setEventType(EventType.ALTER_TABLE.toString()); - notification.setOwnerName(OWNER_NEW); - notification.setOwnerType(TSentryObjectOwnerType.USER); - notification.getAuthorizable().setDb(DBNAME); - notification.getAuthorizable().setTable(TABLENAME); - Mockito.verify( mockSentryClient, Mockito.times(1) - ).notifyHmsNotification(notification); + ).notifyHmsEvent(anyString(), eq(eventId), eq(EventType.ALTER_TABLE.toString()), + eq(TSentryObjectOwnerType.USER), eq(OWNER_NEW), eq(toAuthorizable(DBNAME, TABLENAME))); } @Test public void notificationOnAlterTableRename() throws Exception { - int eventId = 1; + long eventId = 1; Table old_tb = new Table(); old_tb.setDbName(DBNAME); old_tb.setTableName(TABLENAME); @@ -316,23 +269,15 @@ public class TestSentrySyncHMSNotificationsPostEventListener { setEventId(EVENT_ID_SET, alterTableEvent, eventId); eventListener.onAlterTable(alterTableEvent); - TSentryHmsEventNotification notification = new TSentryHmsEventNotification(); - - notification.setAuthorizable(new TSentryAuthorizable(SERVER1)); - - notification.setId(eventId); - notification.setEventType(EventType.ALTER_TABLE.toString()); - notification.getAuthorizable().setDb(DBNAME); - notification.getAuthorizable().setTable(TABLENAME_NEW); - Mockito.verify( mockSentryClient, Mockito.times(1) - ).notifyHmsNotification(notification); + ).notifyHmsEvent(anyString(), eq(eventId), eq(EventType.ALTER_TABLE.toString()), + anyObject(), anyString(), eq(toAuthorizable(DBNAME, TABLENAME_NEW))); } @Test public void notificationOnAlterTableNoRenameAndOwnerChange() throws Exception { - int eventId = 1; + long eventId = 1; Table old_tb = new Table(); old_tb.setDbName(DBNAME); old_tb.setTableName(TABLENAME); @@ -347,18 +292,10 @@ public class TestSentrySyncHMSNotificationsPostEventListener { setEventId(EVENT_ID_SET, alterTableEvent, eventId); eventListener.onAlterTable(alterTableEvent); - TSentryHmsEventNotification notification = new TSentryHmsEventNotification(); - - notification.setAuthorizable(new TSentryAuthorizable(SERVER1)); - - notification.setId(eventId); - notification.setEventType(EventType.ALTER_TABLE.toString()); - notification.getAuthorizable().setDb(DBNAME); - notification.getAuthorizable().setTable(TABLENAME); - Mockito.verify( mockSentryClient, Mockito.times(0) - ).notifyHmsNotification(Mockito.anyObject()); + ).notifyHmsEvent(anyString(), eq(eventId), eq(EventType.ALTER_TABLE.toString()), + anyObject(), anyString(), eq(toAuthorizable(DBNAME, TABLENAME))); } private long callAllEventsThatSynchronize(boolean status, boolean eventIdSet) throws MetaException { @@ -413,24 +350,18 @@ public class TestSentrySyncHMSNotificationsPostEventListener { } private void verifyInvocations() throws Exception { - TSentryHmsEventNotification notification = new TSentryHmsEventNotification(); - int i = 1; - notification.setAuthorizable(new TSentryAuthorizable(SERVER1)); + long i = 1; - notification.setId(i); - notification.setEventType(EventMessage.EventType.CREATE_DATABASE.toString()); Mockito.verify( mockSentryClient, Mockito.times(1) - ).notifyHmsNotification(notification); + ).notifyHmsEvent(anyString(), eq(i), eq(EventType.CREATE_DATABASE.toString()), + anyObject(), anyString(), anyObject()); i += 2; - - notification.setId(i); - notification.setEventType(EventMessage.EventType.CREATE_TABLE.toString()); - notification.setOwnerType(TSentryObjectOwnerType.USER); Mockito.verify( mockSentryClient, Mockito.times(1) - ).notifyHmsNotification(notification); + ).notifyHmsEvent(anyString(), eq(i), eq(EventType.CREATE_TABLE.toString()), + eq(TSentryObjectOwnerType.USER), anyString(), anyObject()); } private void setEventId(boolean eventIdSet, ListenerEvent eventListener, long eventId) { @@ -440,4 +371,12 @@ public class TestSentrySyncHMSNotificationsPostEventListener { } } + private TSentryAuthorizable toAuthorizable(String dbName, String tableName) { + TSentryAuthorizable authorizable = new TSentryAuthorizable(SERVER1); + authorizable.setDb(dbName); + if (!tableName.isEmpty()) { + authorizable.setTable(tableName); + } + return authorizable; + } } http://git-wip-us.apache.org/repos/asf/sentry/blob/03ef821e/sentry-service/sentry-service-api/src/gen/thrift/gen-javabean/org/apache/sentry/api/service/thrift/TSentryHmsEventNotification.java ---------------------------------------------------------------------- diff --git a/sentry-service/sentry-service-api/src/gen/thrift/gen-javabean/org/apache/sentry/api/service/thrift/TSentryHmsEventNotification.java b/sentry-service/sentry-service-api/src/gen/thrift/gen-javabean/org/apache/sentry/api/service/thrift/TSentryHmsEventNotification.java index 2252a59..fe89125 100644 --- a/sentry-service/sentry-service-api/src/gen/thrift/gen-javabean/org/apache/sentry/api/service/thrift/TSentryHmsEventNotification.java +++ b/sentry-service/sentry-service-api/src/gen/thrift/gen-javabean/org/apache/sentry/api/service/thrift/TSentryHmsEventNotification.java @@ -39,11 +39,12 @@ public class TSentryHmsEventNotification implements org.apache.thrift.TBase<TSen private static final org.apache.thrift.protocol.TStruct STRUCT_DESC = new org.apache.thrift.protocol.TStruct("TSentryHmsEventNotification"); private static final org.apache.thrift.protocol.TField PROTOCOL_VERSION_FIELD_DESC = new org.apache.thrift.protocol.TField("protocol_version", org.apache.thrift.protocol.TType.I32, (short)1); - private static final org.apache.thrift.protocol.TField ID_FIELD_DESC = new org.apache.thrift.protocol.TField("id", org.apache.thrift.protocol.TType.I64, (short)2); - private static final org.apache.thrift.protocol.TField EVENT_TYPE_FIELD_DESC = new org.apache.thrift.protocol.TField("eventType", org.apache.thrift.protocol.TType.STRING, (short)3); - private static final org.apache.thrift.protocol.TField AUTHORIZABLE_FIELD_DESC = new org.apache.thrift.protocol.TField("authorizable", org.apache.thrift.protocol.TType.STRUCT, (short)4); - private static final org.apache.thrift.protocol.TField OWNER_TYPE_FIELD_DESC = new org.apache.thrift.protocol.TField("ownerType", org.apache.thrift.protocol.TType.I32, (short)5); - private static final org.apache.thrift.protocol.TField OWNER_NAME_FIELD_DESC = new org.apache.thrift.protocol.TField("ownerName", org.apache.thrift.protocol.TType.STRING, (short)6); + private static final org.apache.thrift.protocol.TField REQUESTOR_USER_NAME_FIELD_DESC = new org.apache.thrift.protocol.TField("requestorUserName", org.apache.thrift.protocol.TType.STRING, (short)2); + private static final org.apache.thrift.protocol.TField ID_FIELD_DESC = new org.apache.thrift.protocol.TField("id", org.apache.thrift.protocol.TType.I64, (short)3); + private static final org.apache.thrift.protocol.TField EVENT_TYPE_FIELD_DESC = new org.apache.thrift.protocol.TField("eventType", org.apache.thrift.protocol.TType.STRING, (short)4); + private static final org.apache.thrift.protocol.TField AUTHORIZABLE_FIELD_DESC = new org.apache.thrift.protocol.TField("authorizable", org.apache.thrift.protocol.TType.STRUCT, (short)5); + private static final org.apache.thrift.protocol.TField OWNER_TYPE_FIELD_DESC = new org.apache.thrift.protocol.TField("ownerType", org.apache.thrift.protocol.TType.I32, (short)6); + private static final org.apache.thrift.protocol.TField OWNER_NAME_FIELD_DESC = new org.apache.thrift.protocol.TField("ownerName", org.apache.thrift.protocol.TType.STRING, (short)7); private static final Map<Class<? extends IScheme>, SchemeFactory> schemes = new HashMap<Class<? extends IScheme>, SchemeFactory>(); static { @@ -52,6 +53,7 @@ public class TSentryHmsEventNotification implements org.apache.thrift.TBase<TSen } private int protocol_version; // required + private String requestorUserName; // required private long id; // required private String eventType; // required private TSentryAuthorizable authorizable; // required @@ -61,15 +63,16 @@ public class TSentryHmsEventNotification implements org.apache.thrift.TBase<TSen /** The set of fields this struct contains, along with convenience methods for finding and manipulating them. */ public enum _Fields implements org.apache.thrift.TFieldIdEnum { PROTOCOL_VERSION((short)1, "protocol_version"), - ID((short)2, "id"), - EVENT_TYPE((short)3, "eventType"), - AUTHORIZABLE((short)4, "authorizable"), + REQUESTOR_USER_NAME((short)2, "requestorUserName"), + ID((short)3, "id"), + EVENT_TYPE((short)4, "eventType"), + AUTHORIZABLE((short)5, "authorizable"), /** * * @see TSentryObjectOwnerType */ - OWNER_TYPE((short)5, "ownerType"), - OWNER_NAME((short)6, "ownerName"); + OWNER_TYPE((short)6, "ownerType"), + OWNER_NAME((short)7, "ownerName"); private static final Map<String, _Fields> byName = new HashMap<String, _Fields>(); @@ -86,15 +89,17 @@ public class TSentryHmsEventNotification implements org.apache.thrift.TBase<TSen switch(fieldId) { case 1: // PROTOCOL_VERSION return PROTOCOL_VERSION; - case 2: // ID + case 2: // REQUESTOR_USER_NAME + return REQUESTOR_USER_NAME; + case 3: // ID return ID; - case 3: // EVENT_TYPE + case 4: // EVENT_TYPE return EVENT_TYPE; - case 4: // AUTHORIZABLE + case 5: // AUTHORIZABLE return AUTHORIZABLE; - case 5: // OWNER_TYPE + case 6: // OWNER_TYPE return OWNER_TYPE; - case 6: // OWNER_NAME + case 7: // OWNER_NAME return OWNER_NAME; default: return null; @@ -145,6 +150,8 @@ public class TSentryHmsEventNotification implements org.apache.thrift.TBase<TSen Map<_Fields, org.apache.thrift.meta_data.FieldMetaData> tmpMap = new EnumMap<_Fields, org.apache.thrift.meta_data.FieldMetaData>(_Fields.class); tmpMap.put(_Fields.PROTOCOL_VERSION, new org.apache.thrift.meta_data.FieldMetaData("protocol_version", org.apache.thrift.TFieldRequirementType.REQUIRED, new org.apache.thrift.meta_data.FieldValueMetaData(org.apache.thrift.protocol.TType.I32))); + tmpMap.put(_Fields.REQUESTOR_USER_NAME, new org.apache.thrift.meta_data.FieldMetaData("requestorUserName", org.apache.thrift.TFieldRequirementType.REQUIRED, + new org.apache.thrift.meta_data.FieldValueMetaData(org.apache.thrift.protocol.TType.STRING))); tmpMap.put(_Fields.ID, new org.apache.thrift.meta_data.FieldMetaData("id", org.apache.thrift.TFieldRequirementType.REQUIRED, new org.apache.thrift.meta_data.FieldValueMetaData(org.apache.thrift.protocol.TType.I64))); tmpMap.put(_Fields.EVENT_TYPE, new org.apache.thrift.meta_data.FieldMetaData("eventType", org.apache.thrift.TFieldRequirementType.REQUIRED, @@ -166,6 +173,7 @@ public class TSentryHmsEventNotification implements org.apache.thrift.TBase<TSen public TSentryHmsEventNotification( int protocol_version, + String requestorUserName, long id, String eventType, TSentryAuthorizable authorizable) @@ -173,6 +181,7 @@ public class TSentryHmsEventNotification implements org.apache.thrift.TBase<TSen this(); this.protocol_version = protocol_version; setProtocol_versionIsSet(true); + this.requestorUserName = requestorUserName; this.id = id; setIdIsSet(true); this.eventType = eventType; @@ -185,6 +194,9 @@ public class TSentryHmsEventNotification implements org.apache.thrift.TBase<TSen public TSentryHmsEventNotification(TSentryHmsEventNotification other) { __isset_bitfield = other.__isset_bitfield; this.protocol_version = other.protocol_version; + if (other.isSetRequestorUserName()) { + this.requestorUserName = other.requestorUserName; + } this.id = other.id; if (other.isSetEventType()) { this.eventType = other.eventType; @@ -208,6 +220,7 @@ public class TSentryHmsEventNotification implements org.apache.thrift.TBase<TSen public void clear() { this.protocol_version = 2; + this.requestorUserName = null; setIdIsSet(false); this.id = 0; this.eventType = null; @@ -238,6 +251,29 @@ public class TSentryHmsEventNotification implements org.apache.thrift.TBase<TSen __isset_bitfield = EncodingUtils.setBit(__isset_bitfield, __PROTOCOL_VERSION_ISSET_ID, value); } + public String getRequestorUserName() { + return this.requestorUserName; + } + + public void setRequestorUserName(String requestorUserName) { + this.requestorUserName = requestorUserName; + } + + public void unsetRequestorUserName() { + this.requestorUserName = null; + } + + /** Returns true if field requestorUserName is set (has been assigned a value) and false otherwise */ + public boolean isSetRequestorUserName() { + return this.requestorUserName != null; + } + + public void setRequestorUserNameIsSet(boolean value) { + if (!value) { + this.requestorUserName = null; + } + } + public long getId() { return this.id; } @@ -370,6 +406,14 @@ public class TSentryHmsEventNotification implements org.apache.thrift.TBase<TSen } break; + case REQUESTOR_USER_NAME: + if (value == null) { + unsetRequestorUserName(); + } else { + setRequestorUserName((String)value); + } + break; + case ID: if (value == null) { unsetId(); @@ -418,6 +462,9 @@ public class TSentryHmsEventNotification implements org.apache.thrift.TBase<TSen case PROTOCOL_VERSION: return getProtocol_version(); + case REQUESTOR_USER_NAME: + return getRequestorUserName(); + case ID: return getId(); @@ -446,6 +493,8 @@ public class TSentryHmsEventNotification implements org.apache.thrift.TBase<TSen switch (field) { case PROTOCOL_VERSION: return isSetProtocol_version(); + case REQUESTOR_USER_NAME: + return isSetRequestorUserName(); case ID: return isSetId(); case EVENT_TYPE: @@ -482,6 +531,15 @@ public class TSentryHmsEventNotification implements org.apache.thrift.TBase<TSen return false; } + boolean this_present_requestorUserName = true && this.isSetRequestorUserName(); + boolean that_present_requestorUserName = true && that.isSetRequestorUserName(); + if (this_present_requestorUserName || that_present_requestorUserName) { + if (!(this_present_requestorUserName && that_present_requestorUserName)) + return false; + if (!this.requestorUserName.equals(that.requestorUserName)) + return false; + } + boolean this_present_id = true; boolean that_present_id = true; if (this_present_id || that_present_id) { @@ -539,6 +597,11 @@ public class TSentryHmsEventNotification implements org.apache.thrift.TBase<TSen if (present_protocol_version) list.add(protocol_version); + boolean present_requestorUserName = true && (isSetRequestorUserName()); + list.add(present_requestorUserName); + if (present_requestorUserName) + list.add(requestorUserName); + boolean present_id = true; list.add(present_id); if (present_id) @@ -585,6 +648,16 @@ public class TSentryHmsEventNotification implements org.apache.thrift.TBase<TSen return lastComparison; } } + lastComparison = Boolean.valueOf(isSetRequestorUserName()).compareTo(other.isSetRequestorUserName()); + if (lastComparison != 0) { + return lastComparison; + } + if (isSetRequestorUserName()) { + lastComparison = org.apache.thrift.TBaseHelper.compareTo(this.requestorUserName, other.requestorUserName); + if (lastComparison != 0) { + return lastComparison; + } + } lastComparison = Boolean.valueOf(isSetId()).compareTo(other.isSetId()); if (lastComparison != 0) { return lastComparison; @@ -659,6 +732,14 @@ public class TSentryHmsEventNotification implements org.apache.thrift.TBase<TSen sb.append(this.protocol_version); first = false; if (!first) sb.append(", "); + sb.append("requestorUserName:"); + if (this.requestorUserName == null) { + sb.append("null"); + } else { + sb.append(this.requestorUserName); + } + first = false; + if (!first) sb.append(", "); sb.append("id:"); sb.append(this.id); first = false; @@ -708,6 +789,10 @@ public class TSentryHmsEventNotification implements org.apache.thrift.TBase<TSen throw new org.apache.thrift.protocol.TProtocolException("Required field 'protocol_version' is unset! Struct:" + toString()); } + if (!isSetRequestorUserName()) { + throw new org.apache.thrift.protocol.TProtocolException("Required field 'requestorUserName' is unset! Struct:" + toString()); + } + if (!isSetId()) { throw new org.apache.thrift.protocol.TProtocolException("Required field 'id' is unset! Struct:" + toString()); } @@ -770,7 +855,15 @@ public class TSentryHmsEventNotification implements org.apache.thrift.TBase<TSen org.apache.thrift.protocol.TProtocolUtil.skip(iprot, schemeField.type); } break; - case 2: // ID + case 2: // REQUESTOR_USER_NAME + if (schemeField.type == org.apache.thrift.protocol.TType.STRING) { + struct.requestorUserName = iprot.readString(); + struct.setRequestorUserNameIsSet(true); + } else { + org.apache.thrift.protocol.TProtocolUtil.skip(iprot, schemeField.type); + } + break; + case 3: // ID if (schemeField.type == org.apache.thrift.protocol.TType.I64) { struct.id = iprot.readI64(); struct.setIdIsSet(true); @@ -778,7 +871,7 @@ public class TSentryHmsEventNotification implements org.apache.thrift.TBase<TSen org.apache.thrift.protocol.TProtocolUtil.skip(iprot, schemeField.type); } break; - case 3: // EVENT_TYPE + case 4: // EVENT_TYPE if (schemeField.type == org.apache.thrift.protocol.TType.STRING) { struct.eventType = iprot.readString(); struct.setEventTypeIsSet(true); @@ -786,7 +879,7 @@ public class TSentryHmsEventNotification implements org.apache.thrift.TBase<TSen org.apache.thrift.protocol.TProtocolUtil.skip(iprot, schemeField.type); } break; - case 4: // AUTHORIZABLE + case 5: // AUTHORIZABLE if (schemeField.type == org.apache.thrift.protocol.TType.STRUCT) { struct.authorizable = new TSentryAuthorizable(); struct.authorizable.read(iprot); @@ -795,7 +888,7 @@ public class TSentryHmsEventNotification implements org.apache.thrift.TBase<TSen org.apache.thrift.protocol.TProtocolUtil.skip(iprot, schemeField.type); } break; - case 5: // OWNER_TYPE + case 6: // OWNER_TYPE if (schemeField.type == org.apache.thrift.protocol.TType.I32) { struct.ownerType = org.apache.sentry.api.service.thrift.TSentryObjectOwnerType.findByValue(iprot.readI32()); struct.setOwnerTypeIsSet(true); @@ -803,7 +896,7 @@ public class TSentryHmsEventNotification implements org.apache.thrift.TBase<TSen org.apache.thrift.protocol.TProtocolUtil.skip(iprot, schemeField.type); } break; - case 6: // OWNER_NAME + case 7: // OWNER_NAME if (schemeField.type == org.apache.thrift.protocol.TType.STRING) { struct.ownerName = iprot.readString(); struct.setOwnerNameIsSet(true); @@ -827,6 +920,11 @@ public class TSentryHmsEventNotification implements org.apache.thrift.TBase<TSen oprot.writeFieldBegin(PROTOCOL_VERSION_FIELD_DESC); oprot.writeI32(struct.protocol_version); oprot.writeFieldEnd(); + if (struct.requestorUserName != null) { + oprot.writeFieldBegin(REQUESTOR_USER_NAME_FIELD_DESC); + oprot.writeString(struct.requestorUserName); + oprot.writeFieldEnd(); + } oprot.writeFieldBegin(ID_FIELD_DESC); oprot.writeI64(struct.id); oprot.writeFieldEnd(); @@ -872,6 +970,7 @@ public class TSentryHmsEventNotification implements org.apache.thrift.TBase<TSen public void write(org.apache.thrift.protocol.TProtocol prot, TSentryHmsEventNotification struct) throws org.apache.thrift.TException { TTupleProtocol oprot = (TTupleProtocol) prot; oprot.writeI32(struct.protocol_version); + oprot.writeString(struct.requestorUserName); oprot.writeI64(struct.id); oprot.writeString(struct.eventType); struct.authorizable.write(oprot); @@ -896,6 +995,8 @@ public class TSentryHmsEventNotification implements org.apache.thrift.TBase<TSen TTupleProtocol iprot = (TTupleProtocol) prot; struct.protocol_version = iprot.readI32(); struct.setProtocol_versionIsSet(true); + struct.requestorUserName = iprot.readString(); + struct.setRequestorUserNameIsSet(true); struct.id = iprot.readI64(); struct.setIdIsSet(true); struct.eventType = iprot.readString(); http://git-wip-us.apache.org/repos/asf/sentry/blob/03ef821e/sentry-service/sentry-service-api/src/main/java/org/apache/sentry/api/service/thrift/SentryPolicyServiceClient.java ---------------------------------------------------------------------- diff --git a/sentry-service/sentry-service-api/src/main/java/org/apache/sentry/api/service/thrift/SentryPolicyServiceClient.java b/sentry-service/sentry-service-api/src/main/java/org/apache/sentry/api/service/thrift/SentryPolicyServiceClient.java index 6137fa8..1a8034b 100644 --- a/sentry-service/sentry-service-api/src/main/java/org/apache/sentry/api/service/thrift/SentryPolicyServiceClient.java +++ b/sentry-service/sentry-service-api/src/main/java/org/apache/sentry/api/service/thrift/SentryPolicyServiceClient.java @@ -295,10 +295,19 @@ public interface SentryPolicyServiceClient extends AutoCloseable { /** * Notifies sentry server with the HMS Event and related metadata. - * @param sentryHmsEventNotification Event Notification message. + * + * @param requestorUserName The user who is making the HMS event notification. + * @param eventId The unique identifier of the HMS event + * @param eventType The type of the HMS event. This is the string representation of the + * Hive EventMessage.EventType class. + * @param ownerType The owner type of the event if ownership was set or changed. + * @param ownerName The owner name of the event if ownership was set or changed. + * @param authorizable The object affected of the HMS event. * @return The most recent processed notification ID. */ - long notifyHmsNotification(TSentryHmsEventNotification sentryHmsEventNotification) throws SentryUserException; + long notifyHmsEvent(String requestorUserName, long eventId, String eventType, + TSentryObjectOwnerType ownerType, String ownerName, + TSentryAuthorizable authorizable) throws SentryUserException; /** * Lists all roles and their privileges found on the Sentry server. If a role does not have http://git-wip-us.apache.org/repos/asf/sentry/blob/03ef821e/sentry-service/sentry-service-api/src/main/java/org/apache/sentry/api/service/thrift/SentryPolicyServiceClientDefaultImpl.java ---------------------------------------------------------------------- diff --git a/sentry-service/sentry-service-api/src/main/java/org/apache/sentry/api/service/thrift/SentryPolicyServiceClientDefaultImpl.java b/sentry-service/sentry-service-api/src/main/java/org/apache/sentry/api/service/thrift/SentryPolicyServiceClientDefaultImpl.java index 74e358f..07da2ba 100644 --- a/sentry-service/sentry-service-api/src/main/java/org/apache/sentry/api/service/thrift/SentryPolicyServiceClientDefaultImpl.java +++ b/sentry-service/sentry-service-api/src/main/java/org/apache/sentry/api/service/thrift/SentryPolicyServiceClientDefaultImpl.java @@ -1168,9 +1168,20 @@ public class SentryPolicyServiceClientDefaultImpl implements SentryPolicyService } } - public long notifyHmsNotification(TSentryHmsEventNotification request) + public long notifyHmsEvent(String requestorUserName, long eventId, String eventType, + TSentryObjectOwnerType ownerType, String ownerName, TSentryAuthorizable authorizable) throws SentryUserException { + TSentryHmsEventNotification request = new TSentryHmsEventNotification(); + try { + request.setProtocol_version(ThriftConstants.TSENTRY_SERVICE_VERSION_CURRENT); + request.setRequestorUserName(requestorUserName); + request.setId(eventId); + request.setEventType(eventType); + request.setOwnerType(ownerType); + request.setOwnerName(ownerName); + request.setAuthorizable(authorizable); + TSentryHmsEventNotificationResponse response = client.sentry_notify_hms_event(request); Status.throwIfNotOk(response.getStatus()); return response.getId(); http://git-wip-us.apache.org/repos/asf/sentry/blob/03ef821e/sentry-service/sentry-service-api/src/main/resources/sentry_policy_service.thrift ---------------------------------------------------------------------- diff --git a/sentry-service/sentry-service-api/src/main/resources/sentry_policy_service.thrift b/sentry-service/sentry-service-api/src/main/resources/sentry_policy_service.thrift index 8d55f39..f238748 100644 --- a/sentry-service/sentry-service-api/src/main/resources/sentry_policy_service.thrift +++ b/sentry-service/sentry-service-api/src/main/resources/sentry_policy_service.thrift @@ -354,12 +354,13 @@ struct TSentrySyncIDResponse { struct TSentryHmsEventNotification { 1: required i32 protocol_version = sentry_common_service.TSENTRY_SERVICE_V2, -2: required i64 id, # Requested ID +2: required string requestorUserName, # user on whose behalf the request is issued +3: required i64 id, # Requested ID # Constructed from enum org.apache.hadoop.hive.metastore.messaging.EventMessage.EventType -3: required string eventType, # Type of the event which resulted in owner update request -4: required TSentryAuthorizable authorizable, # Authorizable object -5: optional TSentryObjectOwnerType ownerType, # Type of the owner -6: optional string ownerName # owner name +4: required string eventType, # Type of the event which resulted in owner update request +5: required TSentryAuthorizable authorizable, # Authorizable object +6: optional TSentryObjectOwnerType ownerType, # Type of the owner +7: optional string ownerName # owner name } http://git-wip-us.apache.org/repos/asf/sentry/blob/03ef821e/sentry-service/sentry-service-server/src/main/java/org/apache/sentry/api/service/thrift/SentryPolicyStoreProcessor.java ---------------------------------------------------------------------- diff --git a/sentry-service/sentry-service-server/src/main/java/org/apache/sentry/api/service/thrift/SentryPolicyStoreProcessor.java b/sentry-service/sentry-service-server/src/main/java/org/apache/sentry/api/service/thrift/SentryPolicyStoreProcessor.java index e7d81ed..95ae15d 100644 --- a/sentry-service/sentry-service-server/src/main/java/org/apache/sentry/api/service/thrift/SentryPolicyStoreProcessor.java +++ b/sentry-service/sentry-service-server/src/main/java/org/apache/sentry/api/service/thrift/SentryPolicyStoreProcessor.java @@ -1356,9 +1356,8 @@ public class SentryPolicyStoreProcessor implements SentryPolicyService.Iface { public TSentryHmsEventNotificationResponse sentry_notify_hms_event (TSentryHmsEventNotification request) throws TException{ TSentryHmsEventNotificationResponse response = new TSentryHmsEventNotificationResponse(); - final Timer.Context timerContext = sentryMetrics.notificationProcessTimer.time(); EventType eventType = EventType.valueOf(request.getEventType()); - try { + try (Timer.Context timerContext = sentryMetrics.notificationProcessTimer.time()) { switch (eventType) { case CREATE_DATABASE: case CREATE_TABLE: @@ -1416,9 +1415,8 @@ public class SentryPolicyStoreProcessor implements SentryPolicyService.Iface { String msg = "Unknown error for request: " + request + ", message: " + e.getMessage(); LOGGER.error(msg, e); response.setStatus(Status.RuntimeError(msg, e)); - } finally { - timerContext.stop(); } + return response; }
