http://git-wip-us.apache.org/repos/asf/sentry/blob/fb7bb7bc/sentry-hdfs/sentry-hdfs-service/src/main/java/org/apache/sentry/hdfs/SentryPlugin.java ---------------------------------------------------------------------- diff --git a/sentry-hdfs/sentry-hdfs-service/src/main/java/org/apache/sentry/hdfs/SentryPlugin.java b/sentry-hdfs/sentry-hdfs-service/src/main/java/org/apache/sentry/hdfs/SentryPlugin.java index 6cb787b..b8f5ce7 100644 --- a/sentry-hdfs/sentry-hdfs-service/src/main/java/org/apache/sentry/hdfs/SentryPlugin.java +++ b/sentry-hdfs/sentry-hdfs-service/src/main/java/org/apache/sentry/hdfs/SentryPlugin.java @@ -30,8 +30,8 @@ import org.apache.sentry.core.common.utils.PubSub; import org.apache.sentry.core.common.utils.SigUtils; import org.apache.sentry.hdfs.ServiceConstants.ServerConfig; import org.apache.sentry.hdfs.service.thrift.TPrivilegeChanges; -import org.apache.sentry.hdfs.service.thrift.TPrivilegeEntity; -import org.apache.sentry.hdfs.service.thrift.TPrivilegeEntityType; +import org.apache.sentry.hdfs.service.thrift.TPrivilegePrincipal; +import org.apache.sentry.hdfs.service.thrift.TPrivilegePrincipalType; import org.apache.sentry.hdfs.service.thrift.TRoleChanges; import org.apache.sentry.provider.db.SentryPolicyStorePlugin; import org.apache.sentry.provider.db.service.persistent.SentryStore; @@ -263,7 +263,7 @@ public class SentryPlugin implements SentryPolicyStorePlugin, SigUtils.SigListen if (privileges.size() > 0) { for (TSentryPrivilege privilege : privileges) { if(!(PrivilegeScope.COLUMN.name().equalsIgnoreCase(privilege.getPrivilegeScope()))) { - PermissionsUpdate update = onAlterSentryGrantPrivilegeCore(new TPrivilegeEntity(TPrivilegeEntityType.ROLE, + PermissionsUpdate update = onAlterSentryGrantPrivilegeCore(new TPrivilegePrincipal(TPrivilegePrincipalType.ROLE, roleName), privilege); if (update != null && privilegesUpdateMap != null) { privilegesUpdateMap.put(privilege, update); @@ -291,7 +291,7 @@ public class SentryPlugin implements SentryPolicyStorePlugin, SigUtils.SigListen if (privileges.size() > 0) { for (TSentryPrivilege privilege : privileges) { if(!(PrivilegeScope.COLUMN.name().equalsIgnoreCase(privilege.getPrivilegeScope()))) { - PermissionsUpdate update = onAlterSentryGrantPrivilegeCore(new TPrivilegeEntity(TPrivilegeEntityType.USER, + PermissionsUpdate update = onAlterSentryGrantPrivilegeCore(new TPrivilegePrincipal(TPrivilegePrincipalType.USER, userName), privilege); if (update != null && privilegesUpdateMap != null) { privilegesUpdateMap.put(privilege, update); @@ -305,7 +305,7 @@ public class SentryPlugin implements SentryPolicyStorePlugin, SigUtils.SigListen } } - private PermissionsUpdate onAlterSentryGrantPrivilegeCore(TPrivilegeEntity tPrivilegeEntity, TSentryPrivilege privilege) + private PermissionsUpdate onAlterSentryGrantPrivilegeCore(TPrivilegePrincipal TPrivilegePrincipal, TSentryPrivilege privilege) throws SentryPluginException { String authzObj = getAuthzObj(privilege); if (authzObj == null) { @@ -313,7 +313,7 @@ public class SentryPlugin implements SentryPolicyStorePlugin, SigUtils.SigListen } PermissionsUpdate update = new PermissionsUpdate(); - update.addPrivilegeUpdate(authzObj).putToAddPrivileges( tPrivilegeEntity, privilege.getAction().toUpperCase()); + update.addPrivilegeUpdate(authzObj).putToAddPrivileges( TPrivilegePrincipal, privilege.getAction().toUpperCase()); LOGGER.debug(String.format("onAlterSentryRoleGrantPrivilegeCore, Authz Perm preUpdate [ %s ]", authzObj)); @@ -338,8 +338,8 @@ public class SentryPlugin implements SentryPolicyStorePlugin, SigUtils.SigListen } PermissionsUpdate update = new PermissionsUpdate(); TPrivilegeChanges privUpdate = update.addPrivilegeUpdate(PermissionsUpdate.RENAME_PRIVS); - privUpdate.putToAddPrivileges(new TPrivilegeEntity(TPrivilegeEntityType.AUTHZ_OBJ, newAuthz), newAuthz); - privUpdate.putToDelPrivileges(new TPrivilegeEntity(TPrivilegeEntityType.AUTHZ_OBJ,oldAuthz), oldAuthz); + privUpdate.putToAddPrivileges(new TPrivilegePrincipal(TPrivilegePrincipalType.AUTHZ_OBJ, newAuthz), newAuthz); + privUpdate.putToDelPrivileges(new TPrivilegePrincipal(TPrivilegePrincipalType.AUTHZ_OBJ,oldAuthz), oldAuthz); LOGGER.debug("onRenameSentryPrivilege, Authz Perm preUpdate [ {} ]", oldAuthz); if (LOGGER.isTraceEnabled()) { @@ -363,7 +363,7 @@ public class SentryPlugin implements SentryPolicyStorePlugin, SigUtils.SigListen if (privileges.size() > 0) { for (TSentryPrivilege privilege : privileges) { if(!("COLUMN".equalsIgnoreCase(privilege.getPrivilegeScope()))) { - PermissionsUpdate update = onAlterSentryRevokePrivilegeCore(new TPrivilegeEntity(TPrivilegeEntityType.ROLE, + PermissionsUpdate update = onAlterSentryRevokePrivilegeCore(new TPrivilegePrincipal(TPrivilegePrincipalType.ROLE, roleName), privilege); if (update != null && privilegesUpdateMap != null) { privilegesUpdateMap.put(privilege, update); @@ -392,7 +392,7 @@ public class SentryPlugin implements SentryPolicyStorePlugin, SigUtils.SigListen if (privileges.size() > 0) { for (TSentryPrivilege privilege : privileges) { if(!("COLUMN".equalsIgnoreCase(privilege.getPrivilegeScope()))) { - PermissionsUpdate update = onAlterSentryRevokePrivilegeCore(new TPrivilegeEntity(TPrivilegeEntityType.USER, + PermissionsUpdate update = onAlterSentryRevokePrivilegeCore(new TPrivilegePrincipal(TPrivilegePrincipalType.USER, userName), privilege); if (update != null && privilegesUpdateMap != null) { privilegesUpdateMap.put(privilege, update); @@ -406,7 +406,7 @@ public class SentryPlugin implements SentryPolicyStorePlugin, SigUtils.SigListen } } - private PermissionsUpdate onAlterSentryRevokePrivilegeCore(TPrivilegeEntity tPrivilegeEntity, TSentryPrivilege privilege) + private PermissionsUpdate onAlterSentryRevokePrivilegeCore(TPrivilegePrincipal TPrivilegePrincipal, TSentryPrivilege privilege) throws SentryPluginException { String authzObj = getAuthzObj(privilege); if (authzObj == null) { @@ -414,7 +414,7 @@ public class SentryPlugin implements SentryPolicyStorePlugin, SigUtils.SigListen } PermissionsUpdate update = new PermissionsUpdate(); - update.addPrivilegeUpdate(authzObj).putToDelPrivileges(tPrivilegeEntity, privilege.getAction().toUpperCase()); + update.addPrivilegeUpdate(authzObj).putToDelPrivileges(TPrivilegePrincipal, privilege.getAction().toUpperCase()); LOGGER.debug("onAlterSentryRoleRevokePrivilegeCore, Authz Perm preUpdate [ {} ]", authzObj); return update; @@ -429,7 +429,7 @@ public class SentryPlugin implements SentryPolicyStorePlugin, SigUtils.SigListen } PermissionsUpdate update = new PermissionsUpdate(); update.addPrivilegeUpdate(PermissionsUpdate.ALL_AUTHZ_OBJ).putToDelPrivileges( - new TPrivilegeEntity(TPrivilegeEntityType.ROLE, request.getRoleName()), + new TPrivilegePrincipal(TPrivilegePrincipalType.ROLE, request.getRoleName()), PermissionsUpdate.ALL_AUTHZ_OBJ); update.addRoleUpdate(request.getRoleName()).addToDelGroups(PermissionsUpdate.ALL_GROUPS); @@ -458,7 +458,7 @@ public class SentryPlugin implements SentryPolicyStorePlugin, SigUtils.SigListen throw new SentryPluginException(failure.getMessage(), failure); } update.addPrivilegeUpdate(authzObj).putToDelPrivileges( - new TPrivilegeEntity(TPrivilegeEntityType.ROLE,PermissionsUpdate.ALL_ROLES), + new TPrivilegePrincipal(TPrivilegePrincipalType.ROLE,PermissionsUpdate.ALL_ROLES), PermissionsUpdate.ALL_ROLES); LOGGER.debug("onDropSentryPrivilege, Authz Perm preUpdate [ {} ]", authzObj);
http://git-wip-us.apache.org/repos/asf/sentry/blob/fb7bb7bc/sentry-hdfs/sentry-hdfs-service/src/test/java/org/apache/sentry/hdfs/TestDeltaRetriever.java ---------------------------------------------------------------------- diff --git a/sentry-hdfs/sentry-hdfs-service/src/test/java/org/apache/sentry/hdfs/TestDeltaRetriever.java b/sentry-hdfs/sentry-hdfs-service/src/test/java/org/apache/sentry/hdfs/TestDeltaRetriever.java index d7bc748..d15adce 100644 --- a/sentry-hdfs/sentry-hdfs-service/src/test/java/org/apache/sentry/hdfs/TestDeltaRetriever.java +++ b/sentry-hdfs/sentry-hdfs-service/src/test/java/org/apache/sentry/hdfs/TestDeltaRetriever.java @@ -18,8 +18,8 @@ package org.apache.sentry.hdfs; import org.apache.sentry.core.model.db.AccessConstants; -import org.apache.sentry.hdfs.service.thrift.TPrivilegeEntity; -import org.apache.sentry.hdfs.service.thrift.TPrivilegeEntityType; +import org.apache.sentry.hdfs.service.thrift.TPrivilegePrincipal; +import org.apache.sentry.hdfs.service.thrift.TPrivilegePrincipalType; import org.apache.sentry.hdfs.service.thrift.TPrivilegeChanges; import org.apache.sentry.provider.db.service.model.MSentryPathChange; import org.apache.sentry.provider.db.service.model.MSentryPermChange; @@ -95,17 +95,17 @@ public class TestDeltaRetriever { throws Throwable { List<MSentryPermChange> permChanges = new ArrayList<>(); PermissionsUpdate update = new PermissionsUpdate(); - update.addPrivilegeUpdate("obj1").putToAddPrivileges( new TPrivilegeEntity(TPrivilegeEntityType.ROLE, + update.addPrivilegeUpdate("obj1").putToAddPrivileges( new TPrivilegePrincipal(TPrivilegePrincipalType.ROLE, "role1"), AccessConstants.OWNER); MSentryPermChange perm1 = new MSentryPermChange(1,update); permChanges.add(perm1); update = new PermissionsUpdate(); - update.addPrivilegeUpdate("obj1").putToAddPrivileges( new TPrivilegeEntity(TPrivilegeEntityType.USER, + update.addPrivilegeUpdate("obj1").putToAddPrivileges( new TPrivilegePrincipal(TPrivilegePrincipalType.USER, "user1"), AccessConstants.OWNER); MSentryPermChange perm2 = new MSentryPermChange(2,update); permChanges.add(perm2); update = new PermissionsUpdate(); - update.addPrivilegeUpdate("obj1").putToDelPrivileges( new TPrivilegeEntity(TPrivilegeEntityType.ROLE, + update.addPrivilegeUpdate("obj1").putToDelPrivileges( new TPrivilegePrincipal(TPrivilegePrincipalType.ROLE, "user1"), AccessConstants.OWNER); MSentryPermChange perm3 = new MSentryPermChange(2,update); permChanges.add(perm3); @@ -120,10 +120,10 @@ public class TestDeltaRetriever { for(PermissionsUpdate update : permUpdates) { for(TPrivilegeChanges priv : update.getPrivilegeUpdates()) { - for(Map.Entry<TPrivilegeEntity,String> privEntry : priv.getAddPrivileges().entrySet()) { + for(Map.Entry<TPrivilegePrincipal,String> privEntry : priv.getAddPrivileges().entrySet()) { assertEquals(AccessConstants.ALL, privEntry.getValue()); } - for(Map.Entry<TPrivilegeEntity,String> privEntry : priv.getDelPrivileges().entrySet()) { + for(Map.Entry<TPrivilegePrincipal,String> privEntry : priv.getDelPrivileges().entrySet()) { assertEquals(AccessConstants.ALL, privEntry.getValue()); } } http://git-wip-us.apache.org/repos/asf/sentry/blob/fb7bb7bc/sentry-hdfs/sentry-hdfs-service/src/test/java/org/apache/sentry/hdfs/TestImageRetriever.java ---------------------------------------------------------------------- diff --git a/sentry-hdfs/sentry-hdfs-service/src/test/java/org/apache/sentry/hdfs/TestImageRetriever.java b/sentry-hdfs/sentry-hdfs-service/src/test/java/org/apache/sentry/hdfs/TestImageRetriever.java index b86136d..fb42b27 100644 --- a/sentry-hdfs/sentry-hdfs-service/src/test/java/org/apache/sentry/hdfs/TestImageRetriever.java +++ b/sentry-hdfs/sentry-hdfs-service/src/test/java/org/apache/sentry/hdfs/TestImageRetriever.java @@ -23,8 +23,8 @@ import org.apache.commons.lang.StringUtils; import org.apache.sentry.core.model.db.AccessConstants; import org.apache.sentry.hdfs.service.thrift.TPathChanges; import org.apache.sentry.hdfs.service.thrift.TPrivilegeChanges; -import org.apache.sentry.hdfs.service.thrift.TPrivilegeEntity; -import org.apache.sentry.hdfs.service.thrift.TPrivilegeEntityType; +import org.apache.sentry.hdfs.service.thrift.TPrivilegePrincipal; +import org.apache.sentry.hdfs.service.thrift.TPrivilegePrincipalType; import org.apache.sentry.provider.db.service.persistent.PermissionsImage; import org.apache.sentry.provider.db.service.persistent.SentryStore; import org.junit.Before; @@ -84,10 +84,10 @@ public class TestImageRetriever { @Override public PermissionsImage answer(InvocationOnMock invocation) throws Throwable { - Map<String, Map<TPrivilegeEntity, String>> privilegeMap = new HashMap<>(); - Map<TPrivilegeEntity, String> privMap = new HashMap<>(); - privMap.put(new TPrivilegeEntity(TPrivilegeEntityType.ROLE, "role1"), AccessConstants.OWNER); - privMap.put(new TPrivilegeEntity(TPrivilegeEntityType.USER, "user1"), AccessConstants.OWNER); + Map<String, Map<TPrivilegePrincipal, String>> privilegeMap = new HashMap<>(); + Map<TPrivilegePrincipal, String> privMap = new HashMap<>(); + privMap.put(new TPrivilegePrincipal(TPrivilegePrincipalType.ROLE, "role1"), AccessConstants.OWNER); + privMap.put(new TPrivilegePrincipal(TPrivilegePrincipalType.USER, "user1"), AccessConstants.OWNER); privilegeMap.put("obj1", privMap); privilegeMap.put("obj2", privMap); return new PermissionsImage(new HashMap<>(), privilegeMap, 1L); @@ -100,7 +100,7 @@ public class TestImageRetriever { assertEquals(2, permUpdate.getPrivilegeUpdates().size()); for(TPrivilegeChanges privUpdate : permUpdate.getPrivilegeUpdates()) { - for(Map.Entry<TPrivilegeEntity,String> priv : privUpdate.getAddPrivileges().entrySet()) { + for(Map.Entry<TPrivilegePrincipal,String> priv : privUpdate.getAddPrivileges().entrySet()) { assertEquals(priv.getValue(), AccessConstants.ALL); } } http://git-wip-us.apache.org/repos/asf/sentry/blob/fb7bb7bc/sentry-hdfs/sentry-hdfs-service/src/test/java/org/apache/sentry/hdfs/TestSentryHDFSServiceProcessor.java ---------------------------------------------------------------------- diff --git a/sentry-hdfs/sentry-hdfs-service/src/test/java/org/apache/sentry/hdfs/TestSentryHDFSServiceProcessor.java b/sentry-hdfs/sentry-hdfs-service/src/test/java/org/apache/sentry/hdfs/TestSentryHDFSServiceProcessor.java index 845c137..07e8591 100644 --- a/sentry-hdfs/sentry-hdfs-service/src/test/java/org/apache/sentry/hdfs/TestSentryHDFSServiceProcessor.java +++ b/sentry-hdfs/sentry-hdfs-service/src/test/java/org/apache/sentry/hdfs/TestSentryHDFSServiceProcessor.java @@ -22,7 +22,7 @@ import org.apache.sentry.core.common.utils.PubSub; import org.apache.sentry.hdfs.ServiceConstants.ServerConfig; import org.apache.sentry.hdfs.service.thrift.TAuthzUpdateRequest; import org.apache.sentry.hdfs.service.thrift.TAuthzUpdateResponse; -import org.apache.sentry.hdfs.service.thrift.TPrivilegeEntity; +import org.apache.sentry.hdfs.service.thrift.TPrivilegePrincipal; import org.apache.sentry.provider.db.SentryPolicyStorePlugin; import org.apache.sentry.provider.db.service.model.MSentryPathChange; import org.apache.sentry.provider.db.service.model.MSentryPermChange; @@ -65,7 +65,7 @@ public class TestSentryHDFSServiceProcessor { Mockito.when(sentryStoreMock.getLastProcessedPermChangeID()) .thenReturn(1L); Mockito.when(sentryStoreMock.retrieveFullPermssionsImage()) - .thenReturn(new PermissionsImage(new HashMap<String, List<String>>(), new HashMap<String, Map<TPrivilegeEntity, String>>(), 1)); + .thenReturn(new PermissionsImage(new HashMap<String, List<String>>(), new HashMap<String, Map<TPrivilegePrincipal, String>>(), 1)); TAuthzUpdateRequest updateRequest = new TAuthzUpdateRequest(1, 1, 0); TAuthzUpdateResponse sentryUpdates= serviceProcessor.get_authz_updates(updateRequest); @@ -92,7 +92,7 @@ public class TestSentryHDFSServiceProcessor { Mockito.when(sentryStoreMock.getLastProcessedPermChangeID()) .thenReturn(3L); Mockito.when(sentryStoreMock.retrieveFullPermssionsImage()) - .thenReturn(new PermissionsImage(new HashMap<String, List<String>>(), new HashMap<String, Map<TPrivilegeEntity, String>>(), 3)); + .thenReturn(new PermissionsImage(new HashMap<String, List<String>>(), new HashMap<String, Map<TPrivilegePrincipal, String>>(), 3)); TAuthzUpdateRequest updateRequest = new TAuthzUpdateRequest(2, 2, 1); TAuthzUpdateResponse sentryUpdates= serviceProcessor.get_authz_updates(updateRequest); http://git-wip-us.apache.org/repos/asf/sentry/blob/fb7bb7bc/sentry-service/sentry-service-api/src/gen/thrift/gen-javabean/org/apache/sentry/api/service/thrift/TListSentryPrivilegesRequest.java ---------------------------------------------------------------------- diff --git a/sentry-service/sentry-service-api/src/gen/thrift/gen-javabean/org/apache/sentry/api/service/thrift/TListSentryPrivilegesRequest.java b/sentry-service/sentry-service-api/src/gen/thrift/gen-javabean/org/apache/sentry/api/service/thrift/TListSentryPrivilegesRequest.java index 01e5230..3fa0867 100644 --- a/sentry-service/sentry-service-api/src/gen/thrift/gen-javabean/org/apache/sentry/api/service/thrift/TListSentryPrivilegesRequest.java +++ b/sentry-service/sentry-service-api/src/gen/thrift/gen-javabean/org/apache/sentry/api/service/thrift/TListSentryPrivilegesRequest.java @@ -42,7 +42,7 @@ public class TListSentryPrivilegesRequest implements org.apache.thrift.TBase<TLi private static final org.apache.thrift.protocol.TField REQUESTOR_USER_NAME_FIELD_DESC = new org.apache.thrift.protocol.TField("requestorUserName", org.apache.thrift.protocol.TType.STRING, (short)2); private static final org.apache.thrift.protocol.TField ROLE_NAME_FIELD_DESC = new org.apache.thrift.protocol.TField("roleName", org.apache.thrift.protocol.TType.STRING, (short)4); private static final org.apache.thrift.protocol.TField AUTHORIZABLE_HIERARCHY_FIELD_DESC = new org.apache.thrift.protocol.TField("authorizableHierarchy", org.apache.thrift.protocol.TType.STRUCT, (short)5); - private static final org.apache.thrift.protocol.TField ENTITY_NAME_FIELD_DESC = new org.apache.thrift.protocol.TField("entityName", org.apache.thrift.protocol.TType.STRING, (short)6); + private static final org.apache.thrift.protocol.TField PRINCIPAL_NAME_FIELD_DESC = new org.apache.thrift.protocol.TField("principalName", org.apache.thrift.protocol.TType.STRING, (short)6); private static final Map<Class<? extends IScheme>, SchemeFactory> schemes = new HashMap<Class<? extends IScheme>, SchemeFactory>(); static { @@ -54,7 +54,7 @@ public class TListSentryPrivilegesRequest implements org.apache.thrift.TBase<TLi private String requestorUserName; // required private String roleName; // required private TSentryAuthorizable authorizableHierarchy; // optional - private String entityName; // optional + private String principalName; // optional /** The set of fields this struct contains, along with convenience methods for finding and manipulating them. */ public enum _Fields implements org.apache.thrift.TFieldIdEnum { @@ -62,7 +62,7 @@ public class TListSentryPrivilegesRequest implements org.apache.thrift.TBase<TLi REQUESTOR_USER_NAME((short)2, "requestorUserName"), ROLE_NAME((short)4, "roleName"), AUTHORIZABLE_HIERARCHY((short)5, "authorizableHierarchy"), - ENTITY_NAME((short)6, "entityName"); + PRINCIPAL_NAME((short)6, "principalName"); private static final Map<String, _Fields> byName = new HashMap<String, _Fields>(); @@ -85,8 +85,8 @@ public class TListSentryPrivilegesRequest implements org.apache.thrift.TBase<TLi return ROLE_NAME; case 5: // AUTHORIZABLE_HIERARCHY return AUTHORIZABLE_HIERARCHY; - case 6: // ENTITY_NAME - return ENTITY_NAME; + case 6: // PRINCIPAL_NAME + return PRINCIPAL_NAME; default: return null; } @@ -129,7 +129,7 @@ public class TListSentryPrivilegesRequest implements org.apache.thrift.TBase<TLi // isset id assignments private static final int __PROTOCOL_VERSION_ISSET_ID = 0; private byte __isset_bitfield = 0; - private static final _Fields optionals[] = {_Fields.AUTHORIZABLE_HIERARCHY,_Fields.ENTITY_NAME}; + private static final _Fields optionals[] = {_Fields.AUTHORIZABLE_HIERARCHY,_Fields.PRINCIPAL_NAME}; public static final Map<_Fields, org.apache.thrift.meta_data.FieldMetaData> metaDataMap; static { Map<_Fields, org.apache.thrift.meta_data.FieldMetaData> tmpMap = new EnumMap<_Fields, org.apache.thrift.meta_data.FieldMetaData>(_Fields.class); @@ -141,7 +141,7 @@ public class TListSentryPrivilegesRequest implements org.apache.thrift.TBase<TLi new org.apache.thrift.meta_data.FieldValueMetaData(org.apache.thrift.protocol.TType.STRING))); tmpMap.put(_Fields.AUTHORIZABLE_HIERARCHY, new org.apache.thrift.meta_data.FieldMetaData("authorizableHierarchy", org.apache.thrift.TFieldRequirementType.OPTIONAL, new org.apache.thrift.meta_data.StructMetaData(org.apache.thrift.protocol.TType.STRUCT, TSentryAuthorizable.class))); - tmpMap.put(_Fields.ENTITY_NAME, new org.apache.thrift.meta_data.FieldMetaData("entityName", org.apache.thrift.TFieldRequirementType.OPTIONAL, + tmpMap.put(_Fields.PRINCIPAL_NAME, new org.apache.thrift.meta_data.FieldMetaData("principalName", org.apache.thrift.TFieldRequirementType.OPTIONAL, new org.apache.thrift.meta_data.FieldValueMetaData(org.apache.thrift.protocol.TType.STRING))); metaDataMap = Collections.unmodifiableMap(tmpMap); org.apache.thrift.meta_data.FieldMetaData.addStructMetaDataMap(TListSentryPrivilegesRequest.class, metaDataMap); @@ -179,8 +179,8 @@ public class TListSentryPrivilegesRequest implements org.apache.thrift.TBase<TLi if (other.isSetAuthorizableHierarchy()) { this.authorizableHierarchy = new TSentryAuthorizable(other.authorizableHierarchy); } - if (other.isSetEntityName()) { - this.entityName = other.entityName; + if (other.isSetPrincipalName()) { + this.principalName = other.principalName; } } @@ -195,7 +195,7 @@ public class TListSentryPrivilegesRequest implements org.apache.thrift.TBase<TLi this.requestorUserName = null; this.roleName = null; this.authorizableHierarchy = null; - this.entityName = null; + this.principalName = null; } public int getProtocol_version() { @@ -289,26 +289,26 @@ public class TListSentryPrivilegesRequest implements org.apache.thrift.TBase<TLi } } - public String getEntityName() { - return this.entityName; + public String getPrincipalName() { + return this.principalName; } - public void setEntityName(String entityName) { - this.entityName = entityName; + public void setPrincipalName(String principalName) { + this.principalName = principalName; } - public void unsetEntityName() { - this.entityName = null; + public void unsetPrincipalName() { + this.principalName = null; } - /** Returns true if field entityName is set (has been assigned a value) and false otherwise */ - public boolean isSetEntityName() { - return this.entityName != null; + /** Returns true if field principalName is set (has been assigned a value) and false otherwise */ + public boolean isSetPrincipalName() { + return this.principalName != null; } - public void setEntityNameIsSet(boolean value) { + public void setPrincipalNameIsSet(boolean value) { if (!value) { - this.entityName = null; + this.principalName = null; } } @@ -346,11 +346,11 @@ public class TListSentryPrivilegesRequest implements org.apache.thrift.TBase<TLi } break; - case ENTITY_NAME: + case PRINCIPAL_NAME: if (value == null) { - unsetEntityName(); + unsetPrincipalName(); } else { - setEntityName((String)value); + setPrincipalName((String)value); } break; @@ -371,8 +371,8 @@ public class TListSentryPrivilegesRequest implements org.apache.thrift.TBase<TLi case AUTHORIZABLE_HIERARCHY: return getAuthorizableHierarchy(); - case ENTITY_NAME: - return getEntityName(); + case PRINCIPAL_NAME: + return getPrincipalName(); } throw new IllegalStateException(); @@ -393,8 +393,8 @@ public class TListSentryPrivilegesRequest implements org.apache.thrift.TBase<TLi return isSetRoleName(); case AUTHORIZABLE_HIERARCHY: return isSetAuthorizableHierarchy(); - case ENTITY_NAME: - return isSetEntityName(); + case PRINCIPAL_NAME: + return isSetPrincipalName(); } throw new IllegalStateException(); } @@ -448,12 +448,12 @@ public class TListSentryPrivilegesRequest implements org.apache.thrift.TBase<TLi return false; } - boolean this_present_entityName = true && this.isSetEntityName(); - boolean that_present_entityName = true && that.isSetEntityName(); - if (this_present_entityName || that_present_entityName) { - if (!(this_present_entityName && that_present_entityName)) + boolean this_present_principalName = true && this.isSetPrincipalName(); + boolean that_present_principalName = true && that.isSetPrincipalName(); + if (this_present_principalName || that_present_principalName) { + if (!(this_present_principalName && that_present_principalName)) return false; - if (!this.entityName.equals(that.entityName)) + if (!this.principalName.equals(that.principalName)) return false; } @@ -484,10 +484,10 @@ public class TListSentryPrivilegesRequest implements org.apache.thrift.TBase<TLi if (present_authorizableHierarchy) list.add(authorizableHierarchy); - boolean present_entityName = true && (isSetEntityName()); - list.add(present_entityName); - if (present_entityName) - list.add(entityName); + boolean present_principalName = true && (isSetPrincipalName()); + list.add(present_principalName); + if (present_principalName) + list.add(principalName); return list.hashCode(); } @@ -540,12 +540,12 @@ public class TListSentryPrivilegesRequest implements org.apache.thrift.TBase<TLi return lastComparison; } } - lastComparison = Boolean.valueOf(isSetEntityName()).compareTo(other.isSetEntityName()); + lastComparison = Boolean.valueOf(isSetPrincipalName()).compareTo(other.isSetPrincipalName()); if (lastComparison != 0) { return lastComparison; } - if (isSetEntityName()) { - lastComparison = org.apache.thrift.TBaseHelper.compareTo(this.entityName, other.entityName); + if (isSetPrincipalName()) { + lastComparison = org.apache.thrift.TBaseHelper.compareTo(this.principalName, other.principalName); if (lastComparison != 0) { return lastComparison; } @@ -599,13 +599,13 @@ public class TListSentryPrivilegesRequest implements org.apache.thrift.TBase<TLi } first = false; } - if (isSetEntityName()) { + if (isSetPrincipalName()) { if (!first) sb.append(", "); - sb.append("entityName:"); - if (this.entityName == null) { + sb.append("principalName:"); + if (this.principalName == null) { sb.append("null"); } else { - sb.append(this.entityName); + sb.append(this.principalName); } first = false; } @@ -702,10 +702,10 @@ public class TListSentryPrivilegesRequest implements org.apache.thrift.TBase<TLi org.apache.thrift.protocol.TProtocolUtil.skip(iprot, schemeField.type); } break; - case 6: // ENTITY_NAME + case 6: // PRINCIPAL_NAME if (schemeField.type == org.apache.thrift.protocol.TType.STRING) { - struct.entityName = iprot.readString(); - struct.setEntityNameIsSet(true); + struct.principalName = iprot.readString(); + struct.setPrincipalNameIsSet(true); } else { org.apache.thrift.protocol.TProtocolUtil.skip(iprot, schemeField.type); } @@ -743,10 +743,10 @@ public class TListSentryPrivilegesRequest implements org.apache.thrift.TBase<TLi oprot.writeFieldEnd(); } } - if (struct.entityName != null) { - if (struct.isSetEntityName()) { - oprot.writeFieldBegin(ENTITY_NAME_FIELD_DESC); - oprot.writeString(struct.entityName); + if (struct.principalName != null) { + if (struct.isSetPrincipalName()) { + oprot.writeFieldBegin(PRINCIPAL_NAME_FIELD_DESC); + oprot.writeString(struct.principalName); oprot.writeFieldEnd(); } } @@ -774,15 +774,15 @@ public class TListSentryPrivilegesRequest implements org.apache.thrift.TBase<TLi if (struct.isSetAuthorizableHierarchy()) { optionals.set(0); } - if (struct.isSetEntityName()) { + if (struct.isSetPrincipalName()) { optionals.set(1); } oprot.writeBitSet(optionals, 2); if (struct.isSetAuthorizableHierarchy()) { struct.authorizableHierarchy.write(oprot); } - if (struct.isSetEntityName()) { - oprot.writeString(struct.entityName); + if (struct.isSetPrincipalName()) { + oprot.writeString(struct.principalName); } } @@ -802,8 +802,8 @@ public class TListSentryPrivilegesRequest implements org.apache.thrift.TBase<TLi struct.setAuthorizableHierarchyIsSet(true); } if (incoming.get(1)) { - struct.entityName = iprot.readString(); - struct.setEntityNameIsSet(true); + struct.principalName = iprot.readString(); + struct.setPrincipalNameIsSet(true); } } } http://git-wip-us.apache.org/repos/asf/sentry/blob/fb7bb7bc/sentry-service/sentry-service-api/src/gen/thrift/gen-javabean/org/apache/sentry/api/service/thrift/TSentryHmsEventNotification.java ---------------------------------------------------------------------- diff --git a/sentry-service/sentry-service-api/src/gen/thrift/gen-javabean/org/apache/sentry/api/service/thrift/TSentryHmsEventNotification.java b/sentry-service/sentry-service-api/src/gen/thrift/gen-javabean/org/apache/sentry/api/service/thrift/TSentryHmsEventNotification.java index fe89125..7cdf148 100644 --- a/sentry-service/sentry-service-api/src/gen/thrift/gen-javabean/org/apache/sentry/api/service/thrift/TSentryHmsEventNotification.java +++ b/sentry-service/sentry-service-api/src/gen/thrift/gen-javabean/org/apache/sentry/api/service/thrift/TSentryHmsEventNotification.java @@ -57,7 +57,7 @@ public class TSentryHmsEventNotification implements org.apache.thrift.TBase<TSen private long id; // required private String eventType; // required private TSentryAuthorizable authorizable; // required - private TSentryObjectOwnerType ownerType; // optional + private TSentryPrincipalType ownerType; // optional private String ownerName; // optional /** The set of fields this struct contains, along with convenience methods for finding and manipulating them. */ @@ -69,7 +69,7 @@ public class TSentryHmsEventNotification implements org.apache.thrift.TBase<TSen AUTHORIZABLE((short)5, "authorizable"), /** * - * @see TSentryObjectOwnerType + * @see TSentryPrincipalType */ OWNER_TYPE((short)6, "ownerType"), OWNER_NAME((short)7, "ownerName"); @@ -159,7 +159,7 @@ public class TSentryHmsEventNotification implements org.apache.thrift.TBase<TSen tmpMap.put(_Fields.AUTHORIZABLE, new org.apache.thrift.meta_data.FieldMetaData("authorizable", org.apache.thrift.TFieldRequirementType.REQUIRED, new org.apache.thrift.meta_data.StructMetaData(org.apache.thrift.protocol.TType.STRUCT, TSentryAuthorizable.class))); tmpMap.put(_Fields.OWNER_TYPE, new org.apache.thrift.meta_data.FieldMetaData("ownerType", org.apache.thrift.TFieldRequirementType.OPTIONAL, - new org.apache.thrift.meta_data.EnumMetaData(org.apache.thrift.protocol.TType.ENUM, TSentryObjectOwnerType.class))); + new org.apache.thrift.meta_data.EnumMetaData(org.apache.thrift.protocol.TType.ENUM, TSentryPrincipalType.class))); tmpMap.put(_Fields.OWNER_NAME, new org.apache.thrift.meta_data.FieldMetaData("ownerName", org.apache.thrift.TFieldRequirementType.OPTIONAL, new org.apache.thrift.meta_data.FieldValueMetaData(org.apache.thrift.protocol.TType.STRING))); metaDataMap = Collections.unmodifiableMap(tmpMap); @@ -344,17 +344,17 @@ public class TSentryHmsEventNotification implements org.apache.thrift.TBase<TSen /** * - * @see TSentryObjectOwnerType + * @see TSentryPrincipalType */ - public TSentryObjectOwnerType getOwnerType() { + public TSentryPrincipalType getOwnerType() { return this.ownerType; } /** * - * @see TSentryObjectOwnerType + * @see TSentryPrincipalType */ - public void setOwnerType(TSentryObjectOwnerType ownerType) { + public void setOwnerType(TSentryPrincipalType ownerType) { this.ownerType = ownerType; } @@ -442,7 +442,7 @@ public class TSentryHmsEventNotification implements org.apache.thrift.TBase<TSen if (value == null) { unsetOwnerType(); } else { - setOwnerType((TSentryObjectOwnerType)value); + setOwnerType((TSentryPrincipalType)value); } break; @@ -890,7 +890,7 @@ public class TSentryHmsEventNotification implements org.apache.thrift.TBase<TSen break; case 6: // OWNER_TYPE if (schemeField.type == org.apache.thrift.protocol.TType.I32) { - struct.ownerType = org.apache.sentry.api.service.thrift.TSentryObjectOwnerType.findByValue(iprot.readI32()); + struct.ownerType = org.apache.sentry.api.service.thrift.TSentryPrincipalType.findByValue(iprot.readI32()); struct.setOwnerTypeIsSet(true); } else { org.apache.thrift.protocol.TProtocolUtil.skip(iprot, schemeField.type); @@ -1006,7 +1006,7 @@ public class TSentryHmsEventNotification implements org.apache.thrift.TBase<TSen struct.setAuthorizableIsSet(true); BitSet incoming = iprot.readBitSet(2); if (incoming.get(0)) { - struct.ownerType = org.apache.sentry.api.service.thrift.TSentryObjectOwnerType.findByValue(iprot.readI32()); + struct.ownerType = org.apache.sentry.api.service.thrift.TSentryPrincipalType.findByValue(iprot.readI32()); struct.setOwnerTypeIsSet(true); } if (incoming.get(1)) { http://git-wip-us.apache.org/repos/asf/sentry/blob/fb7bb7bc/sentry-service/sentry-service-api/src/gen/thrift/gen-javabean/org/apache/sentry/api/service/thrift/TSentryObjectOwnerType.java ---------------------------------------------------------------------- diff --git a/sentry-service/sentry-service-api/src/gen/thrift/gen-javabean/org/apache/sentry/api/service/thrift/TSentryObjectOwnerType.java b/sentry-service/sentry-service-api/src/gen/thrift/gen-javabean/org/apache/sentry/api/service/thrift/TSentryObjectOwnerType.java deleted file mode 100644 index 6b540b8..0000000 --- a/sentry-service/sentry-service-api/src/gen/thrift/gen-javabean/org/apache/sentry/api/service/thrift/TSentryObjectOwnerType.java +++ /dev/null @@ -1,45 +0,0 @@ -/** - * Autogenerated by Thrift Compiler (0.9.3) - * - * DO NOT EDIT UNLESS YOU ARE SURE THAT YOU KNOW WHAT YOU ARE DOING - * @generated - */ -package org.apache.sentry.api.service.thrift; - - -import java.util.Map; -import java.util.HashMap; -import org.apache.thrift.TEnum; - -public enum TSentryObjectOwnerType implements org.apache.thrift.TEnum { - ROLE(1), - USER(2); - - private final int value; - - private TSentryObjectOwnerType(int value) { - this.value = value; - } - - /** - * Get the integer value of this enum value, as defined in the Thrift IDL. - */ - public int getValue() { - return value; - } - - /** - * Find a the enum type by its integer value, as defined in the Thrift IDL. - * @return null if the value is not found. - */ - public static TSentryObjectOwnerType findByValue(int value) { - switch (value) { - case 1: - return ROLE; - case 2: - return USER; - default: - return null; - } - } -} http://git-wip-us.apache.org/repos/asf/sentry/blob/fb7bb7bc/sentry-service/sentry-service-api/src/gen/thrift/gen-javabean/org/apache/sentry/api/service/thrift/TSentryPrincipalType.java ---------------------------------------------------------------------- diff --git a/sentry-service/sentry-service-api/src/gen/thrift/gen-javabean/org/apache/sentry/api/service/thrift/TSentryPrincipalType.java b/sentry-service/sentry-service-api/src/gen/thrift/gen-javabean/org/apache/sentry/api/service/thrift/TSentryPrincipalType.java new file mode 100644 index 0000000..95561ac --- /dev/null +++ b/sentry-service/sentry-service-api/src/gen/thrift/gen-javabean/org/apache/sentry/api/service/thrift/TSentryPrincipalType.java @@ -0,0 +1,48 @@ +/** + * Autogenerated by Thrift Compiler (0.9.3) + * + * DO NOT EDIT UNLESS YOU ARE SURE THAT YOU KNOW WHAT YOU ARE DOING + * @generated + */ +package org.apache.sentry.api.service.thrift; + + +import java.util.Map; +import java.util.HashMap; +import org.apache.thrift.TEnum; + +public enum TSentryPrincipalType implements org.apache.thrift.TEnum { + NONE(0), + ROLE(1), + USER(2); + + private final int value; + + private TSentryPrincipalType(int value) { + this.value = value; + } + + /** + * Get the integer value of this enum value, as defined in the Thrift IDL. + */ + public int getValue() { + return value; + } + + /** + * Find a the enum type by its integer value, as defined in the Thrift IDL. + * @return null if the value is not found. + */ + public static TSentryPrincipalType findByValue(int value) { + switch (value) { + case 0: + return NONE; + case 1: + return ROLE; + case 2: + return USER; + default: + return null; + } + } +} http://git-wip-us.apache.org/repos/asf/sentry/blob/fb7bb7bc/sentry-service/sentry-service-api/src/main/java/org/apache/sentry/api/service/thrift/SentryPolicyServiceClient.java ---------------------------------------------------------------------- diff --git a/sentry-service/sentry-service-api/src/main/java/org/apache/sentry/api/service/thrift/SentryPolicyServiceClient.java b/sentry-service/sentry-service-api/src/main/java/org/apache/sentry/api/service/thrift/SentryPolicyServiceClient.java index 1a8034b..3ef1624 100644 --- a/sentry-service/sentry-service-api/src/main/java/org/apache/sentry/api/service/thrift/SentryPolicyServiceClient.java +++ b/sentry-service/sentry-service-api/src/main/java/org/apache/sentry/api/service/thrift/SentryPolicyServiceClient.java @@ -306,7 +306,7 @@ public interface SentryPolicyServiceClient extends AutoCloseable { * @return The most recent processed notification ID. */ long notifyHmsEvent(String requestorUserName, long eventId, String eventType, - TSentryObjectOwnerType ownerType, String ownerName, + TSentryPrincipalType ownerType, String ownerName, TSentryAuthorizable authorizable) throws SentryUserException; /** http://git-wip-us.apache.org/repos/asf/sentry/blob/fb7bb7bc/sentry-service/sentry-service-api/src/main/java/org/apache/sentry/api/service/thrift/SentryPolicyServiceClientDefaultImpl.java ---------------------------------------------------------------------- diff --git a/sentry-service/sentry-service-api/src/main/java/org/apache/sentry/api/service/thrift/SentryPolicyServiceClientDefaultImpl.java b/sentry-service/sentry-service-api/src/main/java/org/apache/sentry/api/service/thrift/SentryPolicyServiceClientDefaultImpl.java index 07da2ba..a2213ae 100644 --- a/sentry-service/sentry-service-api/src/main/java/org/apache/sentry/api/service/thrift/SentryPolicyServiceClientDefaultImpl.java +++ b/sentry-service/sentry-service-api/src/main/java/org/apache/sentry/api/service/thrift/SentryPolicyServiceClientDefaultImpl.java @@ -233,10 +233,10 @@ public class SentryPolicyServiceClientDefaultImpl implements SentryPolicyService request.setProtocol_version(ThriftConstants.TSENTRY_SERVICE_VERSION_CURRENT); request.setRequestorUserName(requestorUserName); - // TODO: Switch from setRoleName() to setEntityName() + // TODO: Switch from setRoleName() to setPrincipalName() // The 'roleName' parameter is deprecated in Sentry 2.x, but it is still required by older // versions of Sentry 2.0. To keep compatibility when connecting to older versions of Sentry 2.x, - // then we'll use this parameter, but it will be switched for setEntityName once the roleName + // then we'll use this parameter, but it will be switched for setPrincipalName once the roleName // is removed. request.setRoleName(roleName); if (authorizable != null && !authorizable.isEmpty()) { @@ -269,7 +269,7 @@ public class SentryPolicyServiceClientDefaultImpl implements SentryPolicyService request.setRequestorUserName(requestorUserName); // TODO: Remove setRoleName() once the required field is removed request.setRoleName(""); // roleName is unused by it is required by Thrift - request.setEntityName(userName); + request.setPrincipalName(userName); if (authorizable != null && !authorizable.isEmpty()) { TSentryAuthorizable tSentryAuthorizable = setupSentryAuthorizable(authorizable); request.setAuthorizableHierarchy(tSentryAuthorizable); @@ -1169,7 +1169,7 @@ public class SentryPolicyServiceClientDefaultImpl implements SentryPolicyService } public long notifyHmsEvent(String requestorUserName, long eventId, String eventType, - TSentryObjectOwnerType ownerType, String ownerName, TSentryAuthorizable authorizable) + TSentryPrincipalType ownerType, String ownerName, TSentryAuthorizable authorizable) throws SentryUserException { TSentryHmsEventNotification request = new TSentryHmsEventNotification(); http://git-wip-us.apache.org/repos/asf/sentry/blob/fb7bb7bc/sentry-service/sentry-service-api/src/main/resources/sentry_policy_service.thrift ---------------------------------------------------------------------- diff --git a/sentry-service/sentry-service-api/src/main/resources/sentry_policy_service.thrift b/sentry-service/sentry-service-api/src/main/resources/sentry_policy_service.thrift index f238748..2e79e56 100644 --- a/sentry-service/sentry-service-api/src/main/resources/sentry_policy_service.thrift +++ b/sentry-service/sentry-service-api/src/main/resources/sentry_policy_service.thrift @@ -38,7 +38,8 @@ enum TSentryGrantOption { UNSET = -1 } -enum TSentryObjectOwnerType { +enum TSentryPrincipalType { + NONE = 0, ROLE = 1, USER = 2 } @@ -190,15 +191,15 @@ struct TListSentryPrivilegesRequest { 1: required i32 protocol_version = sentry_common_service.TSENTRY_SERVICE_V2, 2: required string requestorUserName, # user on whose behalf the request is issued -# @Deprecated Use entityName instead to set role names or user names. This parameter will be +# @Deprecated Use principalName instead to set role names or user names. This parameter will be # removed in the next major version of Sentry 3.0 4: required string roleName, # get privileges assigned for this role 5: optional TSentryAuthorizable authorizableHierarchy, # get privileges assigned for this role -# Get privileges assigned for this entity name. This entityName should be set to a a role name +# Get privileges assigned for this principal name. This principalName should be set to a a role name # or user name depending of which function you call, either list_sentry_privileges_by_role or # list_sentry_privileges_by_user -6: optional string entityName +6: optional string principalName } struct TListSentryPrivilegesResponse { @@ -359,7 +360,7 @@ struct TSentryHmsEventNotification { # Constructed from enum org.apache.hadoop.hive.metastore.messaging.EventMessage.EventType 4: required string eventType, # Type of the event which resulted in owner update request 5: required TSentryAuthorizable authorizable, # Authorizable object -6: optional TSentryObjectOwnerType ownerType, # Type of the owner +6: optional TSentryPrincipalType ownerType, # Type of the owner 7: optional string ownerName # owner name } http://git-wip-us.apache.org/repos/asf/sentry/blob/fb7bb7bc/sentry-service/sentry-service-api/src/test/java/org/apache/sentry/api/service/thrift/TestSentryPolicyServiceClientDefaultImpl.java ---------------------------------------------------------------------- diff --git a/sentry-service/sentry-service-api/src/test/java/org/apache/sentry/api/service/thrift/TestSentryPolicyServiceClientDefaultImpl.java b/sentry-service/sentry-service-api/src/test/java/org/apache/sentry/api/service/thrift/TestSentryPolicyServiceClientDefaultImpl.java index c714584..e2e1e69 100644 --- a/sentry-service/sentry-service-api/src/test/java/org/apache/sentry/api/service/thrift/TestSentryPolicyServiceClientDefaultImpl.java +++ b/sentry-service/sentry-service-api/src/test/java/org/apache/sentry/api/service/thrift/TestSentryPolicyServiceClientDefaultImpl.java @@ -133,7 +133,7 @@ public class TestSentryPolicyServiceClientDefaultImpl { return privilege; } - private static TListSentryPrivilegesRequest listSentryPrivilegesRequest(String requestorUser, String entityName, List<? extends Authorizable> authorizable) { + private static TListSentryPrivilegesRequest listSentryPrivilegesRequest(String requestorUser, String principalName, List<? extends Authorizable> authorizable) { return Mockito.argThat(new ArgumentMatcher<TListSentryPrivilegesRequest>() { @Override public boolean matches(Object o) { @@ -151,7 +151,7 @@ public class TestSentryPolicyServiceClientDefaultImpl { } return (request.getRequestorUserName().equalsIgnoreCase(requestorUser) && - request.getEntityName().equalsIgnoreCase(entityName)); + request.getPrincipalName().equalsIgnoreCase(principalName)); } }); } http://git-wip-us.apache.org/repos/asf/sentry/blob/fb7bb7bc/sentry-service/sentry-service-server/src/main/java/org/apache/sentry/api/service/thrift/SentryPolicyStoreProcessor.java ---------------------------------------------------------------------- diff --git a/sentry-service/sentry-service-server/src/main/java/org/apache/sentry/api/service/thrift/SentryPolicyStoreProcessor.java b/sentry-service/sentry-service-server/src/main/java/org/apache/sentry/api/service/thrift/SentryPolicyStoreProcessor.java index 2efc8cf..61f9168 100644 --- a/sentry-service/sentry-service-server/src/main/java/org/apache/sentry/api/service/thrift/SentryPolicyStoreProcessor.java +++ b/sentry-service/sentry-service-server/src/main/java/org/apache/sentry/api/service/thrift/SentryPolicyStoreProcessor.java @@ -60,7 +60,7 @@ import org.apache.sentry.api.service.thrift.validator.GrantPrivilegeRequestValid import org.apache.sentry.api.service.thrift.validator.RevokePrivilegeRequestValidator; import org.apache.sentry.api.common.SentryServiceUtil; import org.apache.sentry.service.common.ServiceConstants.ConfUtilties; -import org.apache.sentry.service.common.ServiceConstants.SentryEntityType; +import org.apache.sentry.service.common.ServiceConstants.SentryPrincipalType; import org.apache.sentry.service.common.ServiceConstants.ServerConfig; import org.apache.sentry.api.common.Status; import org.apache.sentry.service.thrift.TSentryResponseStatus; @@ -87,9 +87,9 @@ import static org.apache.sentry.hdfs.Updateable.Update; public class SentryPolicyStoreProcessor implements SentryPolicyService.Iface { private static final Logger LOGGER = Logger.getLogger(SentryPolicyStoreProcessor.class); private static final Logger AUDIT_LOGGER = Logger.getLogger(Constants.AUDIT_LOGGER_NAME); - private static final Map<TSentryObjectOwnerType, SentryEntityType> mapOwnerType = ImmutableMap.of( - TSentryObjectOwnerType.ROLE, SentryEntityType.ROLE, - TSentryObjectOwnerType.USER, SentryEntityType.USER + private static final Map<TSentryPrincipalType, SentryPrincipalType> mapOwnerType = ImmutableMap.of( + TSentryPrincipalType.ROLE, SentryPrincipalType.ROLE, + TSentryPrincipalType.USER, SentryPrincipalType.USER ); private final String name; @@ -807,8 +807,8 @@ public class SentryPolicyStoreProcessor implements SentryPolicyService.Iface { // The 'roleName' parameter is deprecated in Sentry 2.x. If the new 'entityName' is not // null, then use it to get the role name otherwise fall back to the old 'roleName' which // is required to be set. - String roleName = (request.getEntityName() != null) - ? request.getEntityName() : request.getRoleName(); + String roleName = (request.getPrincipalName() != null) + ? request.getPrincipalName() : request.getRoleName(); try { validateClientVersion(request.getProtocol_version()); @@ -822,7 +822,7 @@ public class SentryPolicyStoreProcessor implements SentryPolicyService.Iface { } if (request.isSetAuthorizableHierarchy()) { TSentryAuthorizable authorizableHierarchy = request.getAuthorizableHierarchy(); - privilegeSet = sentryStore.getTSentryPrivileges(SentryEntityType.ROLE, Sets.newHashSet(roleName), authorizableHierarchy); + privilegeSet = sentryStore.getTSentryPrivileges(SentryPrincipalType.ROLE, Sets.newHashSet(roleName), authorizableHierarchy); } else { privilegeSet = sentryStore.getAllTSentryPrivilegesByRoleName(roleName); } @@ -881,13 +881,13 @@ public class SentryPolicyStoreProcessor implements SentryPolicyService.Iface { // The 'entityName' parameter is made optional in thrift, so we need to check that is not // null before proceed. TSentryResponseStatus status = - checkRequiredParameter(request.getEntityName(), "entityName parameter must not be null"); + checkRequiredParameter(request.getPrincipalName(), "entityName parameter must not be null"); if (status != null) { response.setStatus(status); return response; } - String userName = request.getEntityName().trim(); + String userName = request.getPrincipalName().trim(); try { validateClientVersion(request.getProtocol_version()); @@ -902,7 +902,7 @@ public class SentryPolicyStoreProcessor implements SentryPolicyService.Iface { if (request.isSetAuthorizableHierarchy()) { TSentryAuthorizable authorizableHierarchy = request.getAuthorizableHierarchy(); - privilegeSet = sentryStore.getTSentryPrivileges(SentryEntityType.USER, Sets.newHashSet(userName), authorizableHierarchy); + privilegeSet = sentryStore.getTSentryPrivileges(SentryPrincipalType.USER, Sets.newHashSet(userName), authorizableHierarchy); } else { privilegeSet = sentryStore.getAllTSentryPrivilegesByUserName(userName); } @@ -1517,7 +1517,7 @@ public class SentryPolicyStoreProcessor implements SentryPolicyService.Iface { return; } - if(request.getOwnerType() == TSentryObjectOwnerType.USER && + if(request.getOwnerType() == TSentryPrincipalType.USER && isSentryAdminUser(request.getOwnerName())) { LOGGER.debug(String.format("%s, belongs to Sentry Admin group, Owner privilege not granted to %s", request.getOwnerName(), request.getAuthorizable().toString())); @@ -1530,7 +1530,7 @@ public class SentryPolicyStoreProcessor implements SentryPolicyService.Iface { return; } - SentryEntityType entityType = getSentryEntityType(request.getOwnerType()); + SentryPrincipalType entityType = getSentryPrincipalType(request.getOwnerType()); if (entityType == null) { String error = "Invalid owner type : " + request.getEventType(); LOGGER.error(error); @@ -1582,7 +1582,7 @@ public class SentryPolicyStoreProcessor implements SentryPolicyService.Iface { return; } - SentryEntityType entityType = getSentryEntityType(request.getOwnerType()); + SentryPrincipalType entityType = getSentryPrincipalType(request.getOwnerType()); if(entityType == null ) { String error = "Invalid owner type : " + request.getEventType(); LOGGER.error(error); @@ -1599,19 +1599,19 @@ public class SentryPolicyStoreProcessor implements SentryPolicyService.Iface { // doesn't have constraints to limit it. It is possible to have multiple owners for an authorizable (which is unlikely) // This logic makes sure of revoking all the owner privilege. for (SentryOwnerInfo ownerInfo : ownerInfoList) { - if (ownerInfo.getOwnerType() == SentryEntityType.USER) { + if (ownerInfo.getOwnerType() == SentryPrincipalType.USER) { for (SentryPolicyStorePlugin plugin : sentryPlugins) { plugin.onAlterSentryUserRevokePrivilege(ownerInfo.getOwnerName(), privSet, privilegesUpdateMap); updateList.add(privilegesUpdateMap.get(ownerPrivilege)); } - } else if (ownerInfo.getOwnerType() == SentryEntityType.ROLE) { + } else if (ownerInfo.getOwnerType() == SentryPrincipalType.ROLE) { for (SentryPolicyStorePlugin plugin : sentryPlugins) { plugin.onAlterSentryRoleRevokePrivilege(request.getOwnerName(), privSet, privilegesUpdateMap); updateList.add(privilegesUpdateMap.get(ownerPrivilege)); } } } - if(request.getOwnerType() == TSentryObjectOwnerType.USER && + if(request.getOwnerType() == TSentryPrincipalType.USER && isSentryAdminUser(request.getOwnerName())) { LOGGER.debug(String.format("%s, belongs to Sentry Admin group, Owner privilege not granted to %s", request.getOwnerName(), request.getAuthorizable().toString())); @@ -1665,10 +1665,10 @@ public class SentryPolicyStoreProcessor implements SentryPolicyService.Iface { /** * * @param ownerType - * @return SentryEntityType if input was valid, otherwise returns null + * @return SentryPrincipalType if input was valid, otherwise returns null * @throws Exception */ - private SentryEntityType getSentryEntityType(TSentryObjectOwnerType ownerType) throws Exception { + private SentryPrincipalType getSentryPrincipalType(TSentryPrincipalType ownerType) throws Exception { return mapOwnerType.get(ownerType); } http://git-wip-us.apache.org/repos/asf/sentry/blob/fb7bb7bc/sentry-service/sentry-service-server/src/main/java/org/apache/sentry/provider/db/service/model/MSentryPrivilege.java ---------------------------------------------------------------------- diff --git a/sentry-service/sentry-service-server/src/main/java/org/apache/sentry/provider/db/service/model/MSentryPrivilege.java b/sentry-service/sentry-service-server/src/main/java/org/apache/sentry/provider/db/service/model/MSentryPrivilege.java index e5eb4c4..1decef2 100644 --- a/sentry-service/sentry-service-server/src/main/java/org/apache/sentry/provider/db/service/model/MSentryPrivilege.java +++ b/sentry-service/sentry-service-server/src/main/java/org/apache/sentry/provider/db/service/model/MSentryPrivilege.java @@ -26,8 +26,8 @@ import javax.jdo.annotations.PersistenceCapable; import org.apache.sentry.core.common.utils.PathUtils; import org.apache.sentry.core.model.db.AccessConstants; import org.apache.sentry.provider.db.service.persistent.SentryStore; -import org.apache.sentry.provider.db.service.persistent.PrivilegeEntity; -import org.apache.sentry.service.common.ServiceConstants.SentryEntityType; +import org.apache.sentry.provider.db.service.persistent.PrivilegePrincipal; +import org.apache.sentry.service.common.ServiceConstants.SentryPrincipalType; /** * Database backed Sentry Privilege. Any changes to this object @@ -169,13 +169,13 @@ public class MSentryPrivilege { /** * Appends Role/User in the privilege. - * @param entity Role/User to be appended. + * @param principal Role/User to be appended. */ - public void appendEntity(PrivilegeEntity entity) { - if(entity.getType() == SentryEntityType.ROLE) { - roles.add((MSentryRole)entity); - } else if(entity.getType() == SentryEntityType.USER) { - users.add((MSentryUser)entity); + public void appendPrincipal(PrivilegePrincipal principal) { + if(principal.getPrincipalType() == SentryPrincipalType.ROLE) { + roles.add((MSentryRole)principal); + } else if(principal.getPrincipalType() == SentryPrincipalType.USER) { + users.add((MSentryUser)principal); } } @@ -187,15 +187,15 @@ public class MSentryPrivilege { /** * Removes Role/User in the privilege. - * @param entity Role/User to be removed. + * @param principal Role/User to be removed. */ - public void removeEntity(PrivilegeEntity entity) { - if(entity.getType() == SentryEntityType.ROLE && (roles != null) && (roles.size() > 0)) { - roles.remove((MSentryRole)entity); - } else if(entity.getType() == SentryEntityType.USER && (users != null) && (users.size() > 0)) { - users.remove((MSentryUser)entity); + public void removePrincipal(PrivilegePrincipal principal) { + if(principal.getPrincipalType() == SentryPrincipalType.ROLE && (roles != null) && (roles.size() > 0)) { + roles.remove((MSentryRole)principal); + } else if(principal.getPrincipalType() == SentryPrincipalType.USER && (users != null) && (users.size() > 0)) { + users.remove((MSentryUser)principal); } - entity.removePrivilege(this); + principal.removePrivilege(this); } public void removeUser(MSentryUser user) { http://git-wip-us.apache.org/repos/asf/sentry/blob/fb7bb7bc/sentry-service/sentry-service-server/src/main/java/org/apache/sentry/provider/db/service/model/MSentryRole.java ---------------------------------------------------------------------- diff --git a/sentry-service/sentry-service-server/src/main/java/org/apache/sentry/provider/db/service/model/MSentryRole.java b/sentry-service/sentry-service-server/src/main/java/org/apache/sentry/provider/db/service/model/MSentryRole.java index 74213af..8b9bd33 100644 --- a/sentry-service/sentry-service-server/src/main/java/org/apache/sentry/provider/db/service/model/MSentryRole.java +++ b/sentry-service/sentry-service-server/src/main/java/org/apache/sentry/provider/db/service/model/MSentryRole.java @@ -27,14 +27,14 @@ import com.google.common.base.Preconditions; import com.google.common.collect.ImmutableSet; import org.apache.sentry.service.common.ServiceConstants; -import org.apache.sentry.provider.db.service.persistent.PrivilegeEntity; +import org.apache.sentry.provider.db.service.persistent.PrivilegePrincipal; /** * Database backed Sentry Role. Any changes to this object * require re-running the maven build so DN an re-enhance. */ @PersistenceCapable -public class MSentryRole implements PrivilegeEntity { +public class MSentryRole implements PrivilegePrincipal { private String roleName; // set of privileges granted to this role @@ -73,12 +73,12 @@ public class MSentryRole implements PrivilegeEntity { * Get the Name of the Role. * @return roleName */ - public String getEntityName() { + public String getPrincipalName() { return roleName; } - public ServiceConstants.SentryEntityType getType() { - return ServiceConstants.SentryEntityType.ROLE; + public ServiceConstants.SentryPrincipalType getPrincipalType() { + return ServiceConstants.SentryPrincipalType.ROLE; } public String getRoleName() { @@ -123,7 +123,7 @@ public class MSentryRole implements PrivilegeEntity { public void removePrivilege(MSentryPrivilege privilege) { if (privileges.remove(privilege)) { - privilege.removeEntity(this); + privilege.removePrincipal(this); } } @@ -133,7 +133,7 @@ public class MSentryRole implements PrivilegeEntity { public void appendPrivilege(MSentryPrivilege privilege) { if (privileges.add(privilege)) { - privilege.appendEntity(this); + privilege.appendPrincipal(this); } } @@ -195,7 +195,7 @@ public class MSentryRole implements PrivilegeEntity { // the actual privilege set in MSentryRole instance. for (MSentryPrivilege privilege : ImmutableSet.copyOf(privileges)) { - privilege.removeEntity(this); + privilege.removePrincipal(this); } Preconditions.checkState(privileges.isEmpty(), "Privileges should be empty: " + privileges); } http://git-wip-us.apache.org/repos/asf/sentry/blob/fb7bb7bc/sentry-service/sentry-service-server/src/main/java/org/apache/sentry/provider/db/service/model/MSentryUser.java ---------------------------------------------------------------------- diff --git a/sentry-service/sentry-service-server/src/main/java/org/apache/sentry/provider/db/service/model/MSentryUser.java b/sentry-service/sentry-service-server/src/main/java/org/apache/sentry/provider/db/service/model/MSentryUser.java index 6e44c79..48095fb 100644 --- a/sentry-service/sentry-service-server/src/main/java/org/apache/sentry/provider/db/service/model/MSentryUser.java +++ b/sentry-service/sentry-service-server/src/main/java/org/apache/sentry/provider/db/service/model/MSentryUser.java @@ -26,14 +26,14 @@ import java.util.Set; import javax.jdo.annotations.PersistenceCapable; import org.apache.sentry.service.common.ServiceConstants; -import org.apache.sentry.provider.db.service.persistent.PrivilegeEntity; +import org.apache.sentry.provider.db.service.persistent.PrivilegePrincipal; /** * Database backed Sentry User. Any changes to this object * require re-running the maven build so DN an re-enhance. */ @PersistenceCapable -public class MSentryUser implements PrivilegeEntity { +public class MSentryUser implements PrivilegePrincipal { /** * User name is unique @@ -64,12 +64,12 @@ public class MSentryUser implements PrivilegeEntity { * Gets the User name * @return username */ - public String getEntityName() { + public String getPrincipalName() { return userName; } - public ServiceConstants.SentryEntityType getType() { - return ServiceConstants.SentryEntityType.USER; + public ServiceConstants.SentryPrincipalType getPrincipalType() { + return ServiceConstants.SentryPrincipalType.USER; } public Set<MSentryRole> getRoles() { @@ -112,7 +112,7 @@ public class MSentryUser implements PrivilegeEntity { public void appendPrivilege(MSentryPrivilege privilege) { if (privileges.add(privilege)) { - privilege.appendEntity(this); + privilege.appendPrincipal(this); } } http://git-wip-us.apache.org/repos/asf/sentry/blob/fb7bb7bc/sentry-service/sentry-service-server/src/main/java/org/apache/sentry/provider/db/service/persistent/NotificationProcessor.java ---------------------------------------------------------------------- diff --git a/sentry-service/sentry-service-server/src/main/java/org/apache/sentry/provider/db/service/persistent/NotificationProcessor.java b/sentry-service/sentry-service-server/src/main/java/org/apache/sentry/provider/db/service/persistent/NotificationProcessor.java index 01899bf..c8c1273 100644 --- a/sentry-service/sentry-service-server/src/main/java/org/apache/sentry/provider/db/service/persistent/NotificationProcessor.java +++ b/sentry-service/sentry-service-server/src/main/java/org/apache/sentry/provider/db/service/persistent/NotificationProcessor.java @@ -50,8 +50,8 @@ import org.apache.sentry.hdfs.service.thrift.TPrivilegeChanges; import org.apache.sentry.api.service.thrift.SentryMetrics; import org.apache.sentry.api.service.thrift.TSentryAuthorizable; import org.apache.sentry.api.common.SentryServiceUtil; -import org.apache.sentry.hdfs.service.thrift.TPrivilegeEntityType; -import org.apache.sentry.hdfs.service.thrift.TPrivilegeEntity; +import org.apache.sentry.hdfs.service.thrift.TPrivilegePrincipalType; +import org.apache.sentry.hdfs.service.thrift.TPrivilegePrincipal; import org.slf4j.Logger; import org.slf4j.LoggerFactory; @@ -132,7 +132,7 @@ final class NotificationProcessor { PermissionsUpdate update = new PermissionsUpdate(SentryConstants.INIT_CHANGE_ID, false); String authzObj = SentryServiceUtil.getAuthzObj(authorizable); update.addPrivilegeUpdate(authzObj) - .putToDelPrivileges(new TPrivilegeEntity(TPrivilegeEntityType.ROLE, PermissionsUpdate.ALL_ROLES), + .putToDelPrivileges(new TPrivilegePrincipal(TPrivilegePrincipalType.ROLE, PermissionsUpdate.ALL_ROLES), PermissionsUpdate.ALL_ROLES); return update; } @@ -159,8 +159,8 @@ final class NotificationProcessor { String newAuthz = SentryServiceUtil.getAuthzObj(newAuthorizable); PermissionsUpdate update = new PermissionsUpdate(SentryConstants.INIT_CHANGE_ID, false); TPrivilegeChanges privUpdate = update.addPrivilegeUpdate(PermissionsUpdate.RENAME_PRIVS); - privUpdate.putToAddPrivileges(new TPrivilegeEntity(TPrivilegeEntityType.AUTHZ_OBJ, newAuthz), newAuthz); - privUpdate.putToDelPrivileges(new TPrivilegeEntity(TPrivilegeEntityType.AUTHZ_OBJ, oldAuthz), oldAuthz); + privUpdate.putToAddPrivileges(new TPrivilegePrincipal(TPrivilegePrincipalType.AUTHZ_OBJ, newAuthz), newAuthz); + privUpdate.putToDelPrivileges(new TPrivilegePrincipal(TPrivilegePrincipalType.AUTHZ_OBJ, oldAuthz), oldAuthz); return update; } http://git-wip-us.apache.org/repos/asf/sentry/blob/fb7bb7bc/sentry-service/sentry-service-server/src/main/java/org/apache/sentry/provider/db/service/persistent/PermissionsImage.java ---------------------------------------------------------------------- diff --git a/sentry-service/sentry-service-server/src/main/java/org/apache/sentry/provider/db/service/persistent/PermissionsImage.java b/sentry-service/sentry-service-server/src/main/java/org/apache/sentry/provider/db/service/persistent/PermissionsImage.java index 4a02db2..4f68aff 100644 --- a/sentry-service/sentry-service-server/src/main/java/org/apache/sentry/provider/db/service/persistent/PermissionsImage.java +++ b/sentry-service/sentry-service-server/src/main/java/org/apache/sentry/provider/db/service/persistent/PermissionsImage.java @@ -18,7 +18,7 @@ package org.apache.sentry.provider.db.service.persistent; -import org.apache.sentry.hdfs.service.thrift.TPrivilegeEntity; +import org.apache.sentry.hdfs.service.thrift.TPrivilegePrincipal; import java.util.List; import java.util.Map; @@ -35,11 +35,11 @@ public class PermissionsImage { private final Map<String, List<String>> roleImage; // A full snapshot of hiveObj to <role/user, privileges> mapping. - private final Map<String, Map<TPrivilegeEntity, String>> privilegeImage; + private final Map<String, Map<TPrivilegePrincipal, String>> privilegeImage; private final long curSeqNum; public PermissionsImage(Map<String, List<String>> roleImage, - Map<String, Map<TPrivilegeEntity, String>> privilegeImage, long curSeqNum) { + Map<String, Map<TPrivilegePrincipal, String>> privilegeImage, long curSeqNum) { this.roleImage = roleImage; this.privilegeImage = privilegeImage; this.curSeqNum = curSeqNum; @@ -49,7 +49,7 @@ public class PermissionsImage { return curSeqNum; } - public Map<String, Map<TPrivilegeEntity, String>> getPrivilegeImage() { + public Map<String, Map<TPrivilegePrincipal, String>> getPrivilegeImage() { return privilegeImage; } http://git-wip-us.apache.org/repos/asf/sentry/blob/fb7bb7bc/sentry-service/sentry-service-server/src/main/java/org/apache/sentry/provider/db/service/persistent/PrivilegeEntity.java ---------------------------------------------------------------------- diff --git a/sentry-service/sentry-service-server/src/main/java/org/apache/sentry/provider/db/service/persistent/PrivilegeEntity.java b/sentry-service/sentry-service-server/src/main/java/org/apache/sentry/provider/db/service/persistent/PrivilegeEntity.java deleted file mode 100644 index 3f7ba97..0000000 --- a/sentry-service/sentry-service-server/src/main/java/org/apache/sentry/provider/db/service/persistent/PrivilegeEntity.java +++ /dev/null @@ -1,48 +0,0 @@ -/** - * Licensed to the Apache Software Foundation (ASF) under one - * or more contributor license agreements. See the NOTICE file - * distributed with this work for additional information - * regarding copyright ownership. The ASF licenses this file - * to you under the Apache License, Version 2.0 (the - * "License"); you may not use this file except in compliance - * with the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -package org.apache.sentry.provider.db.service.persistent; - -import org.apache.sentry.service.common.ServiceConstants.SentryEntityType; -import org.apache.sentry.provider.db.service.model.MSentryPrivilege; - - -import java.util.Set; - -/** - * All the entities to which privileges are granted should implement this interface. - */ -public interface PrivilegeEntity { - - String getEntityName(); - - SentryEntityType getType(); - - void setPrivileges(Set<MSentryPrivilege> privileges); - - Set<MSentryPrivilege> getPrivileges(); - - void removePrivilege(MSentryPrivilege privilege); - - void appendPrivileges(Set<MSentryPrivilege> privileges); - - void appendPrivilege(MSentryPrivilege privilege); - - void removePrivileges(); - -}; \ No newline at end of file http://git-wip-us.apache.org/repos/asf/sentry/blob/fb7bb7bc/sentry-service/sentry-service-server/src/main/java/org/apache/sentry/provider/db/service/persistent/PrivilegePrincipal.java ---------------------------------------------------------------------- diff --git a/sentry-service/sentry-service-server/src/main/java/org/apache/sentry/provider/db/service/persistent/PrivilegePrincipal.java b/sentry-service/sentry-service-server/src/main/java/org/apache/sentry/provider/db/service/persistent/PrivilegePrincipal.java new file mode 100644 index 0000000..607939f --- /dev/null +++ b/sentry-service/sentry-service-server/src/main/java/org/apache/sentry/provider/db/service/persistent/PrivilegePrincipal.java @@ -0,0 +1,48 @@ +/** + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package org.apache.sentry.provider.db.service.persistent; + +import org.apache.sentry.provider.db.service.model.MSentryPrivilege; +import org.apache.sentry.service.common.ServiceConstants.SentryPrincipalType; + + +import java.util.Set; + +/** + * All the entities to which privileges are granted should implement this interface. + */ +public interface PrivilegePrincipal { + + String getPrincipalName(); + + SentryPrincipalType getPrincipalType(); + + void setPrivileges(Set<MSentryPrivilege> privileges); + + Set<MSentryPrivilege> getPrivileges(); + + void removePrivilege(MSentryPrivilege privilege); + + void appendPrivileges(Set<MSentryPrivilege> privileges); + + void appendPrivilege(MSentryPrivilege privilege); + + void removePrivileges(); + +}; \ No newline at end of file
