Updated Branches: refs/heads/db_policy_store b9aa0b7a0 -> c6bec1679
http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/c6bec167/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/persistent/SentryPolicyStore.java ---------------------------------------------------------------------- diff --git a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/persistent/SentryPolicyStore.java b/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/persistent/SentryPolicyStore.java new file mode 100644 index 0000000..2d49e2d --- /dev/null +++ b/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/persistent/SentryPolicyStore.java @@ -0,0 +1,406 @@ +/** + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package org.apache.sentry.provider.db.service.persistent; + +import java.util.HashSet; +import java.util.Properties; +import java.util.Set; +import java.util.concurrent.atomic.AtomicBoolean; +import java.util.concurrent.locks.Lock; +import java.util.concurrent.locks.ReentrantLock; +import org.apache.commons.logging.Log; +import org.apache.commons.logging.LogFactory; +import org.apache.hadoop.hive.metastore.ObjectStore; +import org.apache.sentry.policystore.api.TSentryAlreadyExistsException; +import org.apache.sentry.policystore.api.TSentryNoSuchObjectException; +import org.apache.sentry.policystore.api.TSentryPrivilege; +import org.apache.sentry.policystore.api.TSentryRole; +import org.apache.sentry.provider.db.service.model.*; + +import javax.jdo.JDODataStoreException; +import javax.jdo.JDOHelper; +import javax.jdo.JDOObjectNotFoundException; +import javax.jdo.PersistenceManager; +import javax.jdo.PersistenceManagerFactory; +import javax.jdo.Query; +import javax.jdo.Transaction; +import javax.jdo.datastore.DataStoreCache; +import javax.jdo.identity.IntIdentity; +import org.apache.hadoop.hive.conf.HiveConf; + +public class SentryPolicyStore { + + private static Properties prop = null; + private static PersistenceManagerFactory pmf = null; + + private static Lock pmfPropLock = new ReentrantLock(); + private static final Log LOG = LogFactory.getLog(SentryPolicyStore.class.getName()); + + private boolean isInitialized = false; + private PersistenceManager pm = null; + int openTrasactionCalls = 0; + private Transaction currentTransaction = null; + private TXN_STATUS transactionStatus = TXN_STATUS.NO_STATE; + private final AtomicBoolean isSchemaVerified = new AtomicBoolean(false); + + private static enum TXN_STATUS { + NO_STATE, OPEN, COMMITED, ROLLBACK + } + + + public SentryPolicyStore () { + + } + + //FIXME: Cleanup this mess i.e., creating a new PM and PMF. + @SuppressWarnings("nls") + public void setConf() { + + pmfPropLock.lock(); + try { + isInitialized = false; + Properties propsFromConf = getDataSourceProps(); + + assert(!isActiveTransaction()); + shutdown(); + // Always want to re-create pm as we don't know if it were created by the + // most recent instance of the pmf + pm = null; + openTrasactionCalls = 0; + currentTransaction = null; + transactionStatus = TXN_STATUS.NO_STATE; + + initialize(propsFromConf); + + if (!isInitialized) { + throw new RuntimeException( + "Unable to create persistence manager. Check dss.log for details"); + } else { + LOG.info("Initialized ObjectStore"); + } + } finally { + pmfPropLock.unlock(); + } + } + + private ClassLoader classLoader; + { + classLoader = Thread.currentThread().getContextClassLoader(); + if (classLoader == null) { + classLoader = ObjectStore.class.getClassLoader(); + } + } + + @SuppressWarnings("nls") + private void initialize(Properties dsProps) { + LOG.info("ObjectStore, initialize called"); + prop = dsProps; + pm = getPersistenceManager(); + isInitialized = (pm != null); + } + + public PersistenceManager getPersistenceManager() { + return getPMF().getPersistenceManager(); + } + + private static synchronized PersistenceManagerFactory getPMF() { + if (pmf == null) { + pmf = JDOHelper.getPersistenceManagerFactory(prop); + DataStoreCache dsc = pmf.getDataStoreCache(); + if (dsc == null) { + LOG.warn("PersistenceManagerFactory returned null DataStoreCache object. Unable to initialize object pin types defined by hive.metastore.cache.pinobjtypes"); + } + } + return pmf; + } + + public void shutdown() { + if (pm != null) { + pm.close(); + } + } + + //FIXME: Cleanup this logic + public boolean openTransaction() { + openTrasactionCalls++; + if (openTrasactionCalls == 1) { + currentTransaction = pm.currentTransaction(); + currentTransaction.begin(); + transactionStatus = TXN_STATUS.OPEN; + } else { + // something is wrong since openTransactionCalls is greater than 1 but + // currentTransaction is not active + assert ((currentTransaction != null) && (currentTransaction.isActive())); + } + return currentTransaction.isActive(); + } + + @SuppressWarnings("nls") + public boolean commitTransaction() { + if (TXN_STATUS.ROLLBACK == transactionStatus) { + return false; + } + if (openTrasactionCalls <= 0) { + throw new RuntimeException("commitTransaction was called but openTransactionCalls = " + + openTrasactionCalls + ". This probably indicates that there are unbalanced " + + "calls to openTransaction/commitTransaction"); + } + if (!currentTransaction.isActive()) { + throw new RuntimeException( + "Commit is called, but transaction is not active. Either there are" + + " mismatching open and close calls or rollback was called in the same trasaction"); + } + openTrasactionCalls--; + if ((openTrasactionCalls == 0) && currentTransaction.isActive()) { + transactionStatus = TXN_STATUS.COMMITED; + currentTransaction.commit(); + } + return true; + } + + public boolean isActiveTransaction() { + if (currentTransaction == null) { + return false; + } + return currentTransaction.isActive(); + } + + public void rollbackTransaction() { + if (openTrasactionCalls < 1) { + return; + } + openTrasactionCalls = 0; + if (currentTransaction.isActive() + && transactionStatus != TXN_STATUS.ROLLBACK) { + transactionStatus = TXN_STATUS.ROLLBACK; + // could already be rolled back + currentTransaction.rollback(); + // remove all detached objects from the cache, since the transaction is + // being rolled back they are no longer relevant, and this prevents them + // from reattaching in future transactions + pm.evictAll(); + } + } + + private static Properties getDataSourceProps() { + Properties prop = new Properties(); + // FIXME: Read from configuration, don't hard-code everything + prop.setProperty("datanucleus.connectionPoolingType", "BONECP"); + prop.setProperty("datanucleus.validateTables", "false"); + prop.setProperty("datanucleus.validateColumns", "false"); + prop.setProperty("datanucleus.validateConstraints", "false"); + prop.setProperty("datanucleus.storeManagerType", "rdbms"); + prop.setProperty("datanucleus.autoCreateSchema", "true"); + prop.setProperty("datanucleus.fixedDatastore", "false"); + prop.setProperty("hive.metastore.schema.verification", "false"); + prop.setProperty("datanucleus.autoStartMechanismMode", "checked"); + prop.setProperty("datanucleus.transactionIsolation", "read-committed"); + prop.setProperty("datanucleus.cache.level2", "false"); + prop.setProperty("datanucleus.cache.level2.type", "none"); + prop.setProperty("datanucleus.identifierFactory", "datanucleus1"); + prop.setProperty("datanucleus.rdbms.useLegacyNativeValueStrategy", "true"); + prop.setProperty("datanucleus.plugin.pluginRegistryBundleCheck", "LOG"); + + prop.setProperty("javax.jdo.option.ConnectionDriverName", + "org.apache.derby.jdbc.EmbeddedDriver"); + prop.setProperty("javax.jdo.PersistenceManagerFactoryClass", + "org.datanucleus.api.jdo.JDOPersistenceManagerFactory"); + prop.setProperty("javax.jdo.option.DetachAllOnCommit", "true"); + prop.setProperty("javax.jdo.option.NonTransactionalRead", "true"); + prop.setProperty("javax.jdo.option.ConnectionUserName", "APP"); + + prop.setProperty("javax.jdo.option.ConnectionPassword", "mine"); + prop.setProperty("javax.jdo.option.Multithreaded", "true"); + prop.setProperty("javax.jdo.option.ConnectionURL", + "jdbc:derby:;databaseName=sentry_policy_db;create=true"); + return prop; + } + + + private MSentryRole convertToMSentryRole(TSentryRole role) { + MSentryRole mRole = new MSentryRole(); + mRole.setCreateTime(role.getCreateTime()); + mRole.setRoleName(role.getRoleName()); + mRole.setGrantorPrincipal(role.getGrantorPrincipal()); + + return mRole; + + } + + + private void writeSentryRole(MSentryRole role) throws TSentryAlreadyExistsException{ + + // TODO: verify if the role exists, if it does throw an exception + pm.makePersistent(role); + + } + + + public boolean createSentryRole(TSentryRole role) throws TSentryAlreadyExistsException { + + // TODO: add some logging + + boolean committed = false; + + try { + openTransaction(); + MSentryRole mRole = convertToMSentryRole(role); + writeSentryRole(mRole); + committed = commitTransaction(); + } finally { + if (!committed) { + rollbackTransaction(); + } + } + + return committed; + } + + private MSentryRole getMSentryRole (String roleName) throws TSentryNoSuchObjectException { + + boolean committed = false; + + try { + openTransaction(); + Query query = pm.newQuery(MSentryRole.class); + query.setFilter("roleName == t"); + query + .declareParameters("java.lang.String t"); + query.setUnique(true); + + MSentryRole mSentryRole = (MSentryRole) query.execute(roleName.trim()); + pm.retrieve(mSentryRole); + committed = commitTransaction(); + return mSentryRole; + } finally { + if (!committed) { + rollbackTransaction(); + return null; + } + } + } + + private MSentryPrivilege convertToMSentryPrivilege(TSentryPrivilege privilege) { + MSentryPrivilege mSentryPrivilege = new MSentryPrivilege(); + mSentryPrivilege.setServerName(privilege.getServerName()); + mSentryPrivilege.setDbName(privilege.getDbName()); + mSentryPrivilege.setTableName(privilege.getTableName()); + mSentryPrivilege.setPrivilegeScope(privilege.getPrivilegeScope()); + mSentryPrivilege.setAction(privilege.getAction()); + mSentryPrivilege.setCreateTime(privilege.getCreateTime()); + mSentryPrivilege.setGrantorPrincipal(privilege.getGrantorPrincipal()); + mSentryPrivilege.setURI(privilege.getURI()); + mSentryPrivilege.setPrivilegeName(privilege.getPrivilegeName()); + //MSentryRole mSentryRole = convertToMSentryRole(role); + return mSentryPrivilege; + + } + + public boolean alterSentryRole(String roleName, TSentryPrivilege privilege) throws TSentryNoSuchObjectException { + + boolean committed = false; + + try { + openTransaction(); + MSentryRole mSentryRole = getMSentryRole(roleName); + MSentryPrivilege mSentryPrivilege = convertToMSentryPrivilege(privilege); + mSentryRole.appendPrivilege(mSentryPrivilege); + mSentryPrivilege.appendRole(mSentryRole); + pm.makePersistent(mSentryPrivilege); + //pm.makePersistent(mSentryRole); + committed = commitTransaction(); + } finally { + if (!committed) { + rollbackTransaction(); + } + } + + return committed; + } + + private TSentryPrivilege convertToSentryPrivilege(MSentryPrivilege mSentryPrivilege) { + TSentryPrivilege privilege = new TSentryPrivilege(); + privilege.setCreateTime(mSentryPrivilege.getCreateTime()); + privilege.setPrivilegeName(mSentryPrivilege.getPrivilegeName()); + privilege.setAction(mSentryPrivilege.getAction()); + privilege.setPrivilegeScope(mSentryPrivilege.getPrivilegeScope()); + privilege.setServerName(mSentryPrivilege.getServerName()); + privilege.setDbName(mSentryPrivilege.getDbName()); + privilege.setTableName(mSentryPrivilege.getTableName()); + privilege.setURI(mSentryPrivilege.getURI()); + privilege.setGrantorPrincipal(mSentryPrivilege.getGrantorPrincipal()); + + return privilege; + } + + private TSentryRole convertToSentryRole(MSentryRole mSentryRole) { + TSentryRole role = new TSentryRole(); + role.setCreateTime(mSentryRole.getCreateTime()); + role.setRoleName(mSentryRole.getRoleName()); + role.setGrantorPrincipal(mSentryRole.getGrantorPrincipal()); + + Set<TSentryPrivilege> sentryPrivileges = new HashSet<TSentryPrivilege>(); + for(MSentryPrivilege mSentryPrivilege:mSentryRole.getPrivileges()) { + TSentryPrivilege privilege = convertToSentryPrivilege(mSentryPrivilege); + sentryPrivileges.add(privilege); + } + + role.setPrivileges(sentryPrivileges); + return role; + } + + public TSentryRole getSentryRole(String roleName) throws TSentryNoSuchObjectException { + TSentryRole role; + MSentryRole mSentryRole = getMSentryRole(roleName); + role = convertToSentryRole(mSentryRole); + return role; + + } + + public boolean dropSentryRole(String roleName) throws TSentryNoSuchObjectException { + + boolean committed = false; + try { + MSentryRole mSentryRole; + + openTransaction(); + Query query = pm.newQuery(MSentryRole.class); + query.setFilter("roleName == t"); + query + .declareParameters("java.lang.String t"); + query.setUnique(true); + + mSentryRole = (MSentryRole) query.execute(roleName.trim()); + pm.retrieve(mSentryRole); + + if (mSentryRole != null) { + mSentryRole.removePrivileges(); + pm.deletePersistent(mSentryRole); + } + committed = commitTransaction(); + } finally { + if (!committed) { + rollbackTransaction(); + } + } + + return committed; + + } +} http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/c6bec167/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/thrift/HiveMetaStoreSentryPolicyStoreHandler.java ---------------------------------------------------------------------- diff --git a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/thrift/HiveMetaStoreSentryPolicyStoreHandler.java b/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/thrift/HiveMetaStoreSentryPolicyStoreHandler.java new file mode 100644 index 0000000..578b218 --- /dev/null +++ b/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/thrift/HiveMetaStoreSentryPolicyStoreHandler.java @@ -0,0 +1,700 @@ +/** + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package org.apache.sentry.provider.db.service.thrift; + +import java.util.List; +import java.util.Map; + +import org.apache.hadoop.conf.Configuration; +import org.apache.hadoop.hive.conf.HiveConf; +import org.apache.hadoop.hive.metastore.HiveMetaStore; +import org.apache.hadoop.hive.metastore.IHMSHandler; +import org.apache.hadoop.hive.metastore.api.ColumnStatistics; +import org.apache.hadoop.hive.metastore.api.ConfigValSecurityException; +import org.apache.hadoop.hive.metastore.api.Database; +import org.apache.hadoop.hive.metastore.api.EnvironmentContext; +import org.apache.hadoop.hive.metastore.api.FieldSchema; +import org.apache.hadoop.hive.metastore.api.HiveObjectPrivilege; +import org.apache.hadoop.hive.metastore.api.HiveObjectRef; +import org.apache.hadoop.hive.metastore.api.Index; +import org.apache.hadoop.hive.metastore.api.InvalidInputException; +import org.apache.hadoop.hive.metastore.api.InvalidObjectException; +import org.apache.hadoop.hive.metastore.api.InvalidOperationException; +import org.apache.hadoop.hive.metastore.api.InvalidPartitionException; +import org.apache.hadoop.hive.metastore.api.MetaException; +import org.apache.hadoop.hive.metastore.api.Partition; +import org.apache.hadoop.hive.metastore.api.PartitionEventType; +import org.apache.hadoop.hive.metastore.api.PrincipalPrivilegeSet; +import org.apache.hadoop.hive.metastore.api.PrincipalType; +import org.apache.hadoop.hive.metastore.api.PrivilegeBag; +import org.apache.hadoop.hive.metastore.api.Role; +import org.apache.hadoop.hive.metastore.api.Table; +import org.apache.hadoop.hive.metastore.api.Type; +import org.apache.hadoop.hive.metastore.api.UnknownDBException; +import org.apache.hadoop.hive.metastore.api.UnknownPartitionException; +import org.apache.hadoop.hive.metastore.api.UnknownTableException; +import org.apache.sentry.policystore.api.SentryThriftPolicyService; +import org.apache.sentry.policystore.api.TAlterSentryRoleAddGroupsRequest; +import org.apache.sentry.policystore.api.TAlterSentryRoleAddGroupsResponse; +import org.apache.sentry.policystore.api.TAlterSentryRoleDeleteGroupsRequest; +import org.apache.sentry.policystore.api.TAlterSentryRoleDeleteGroupsResponse; +import org.apache.sentry.policystore.api.TCreateSentryPrivilegeRequest; +import org.apache.sentry.policystore.api.TCreateSentryPrivilegeResponse; +import org.apache.sentry.policystore.api.TCreateSentryRoleRequest; +import org.apache.sentry.policystore.api.TCreateSentryRoleResponse; +import org.apache.sentry.policystore.api.TListSentryRolesRequest; +import org.apache.sentry.policystore.api.TListSentryRolesResponse; +import org.apache.sentry.policystore.api.TSentryAlreadyExistsException; +import org.apache.sentry.policystore.api.TSentryNoSuchObjectException; +import org.apache.thrift.TException; + +import com.facebook.fb303.fb_status; + +public class HiveMetaStoreSentryPolicyStoreHandler + implements SentryThriftPolicyService.Iface, IHMSHandler { + private final String name; + private HiveConf conf; + + private final SentryPolicyStoreHandler sentryPolicyStoreHander; + private final IHMSHandler hiveMetaStoreHandler; + + public HiveMetaStoreSentryPolicyStoreHandler(String name, HiveConf conf) + throws MetaException { + super(); + this.name = name; + this.conf = conf; + sentryPolicyStoreHander = new SentryPolicyStoreHandler(name, conf); + hiveMetaStoreHandler = new HiveMetaStore.HMSHandler(name, conf); + } + + @Override + public TCreateSentryRoleResponse create_sentry_role( + TCreateSentryRoleRequest request) throws TSentryAlreadyExistsException, + TException { + return sentryPolicyStoreHander.create_sentry_role(request); + } + @Override + public TCreateSentryPrivilegeResponse create_sentry_privilege( + TCreateSentryPrivilegeRequest request) + throws TSentryAlreadyExistsException, TException { + return sentryPolicyStoreHander.create_sentry_privilege(request); + } + @Override + public TAlterSentryRoleAddGroupsResponse alter_sentry_role_add_groups( + TAlterSentryRoleAddGroupsRequest request) + throws TSentryNoSuchObjectException, TException { + return sentryPolicyStoreHander.alter_sentry_role_add_groups(request); + } + @Override + public TAlterSentryRoleDeleteGroupsResponse alter_sentry_role_delete_groups( + TAlterSentryRoleDeleteGroupsRequest request) + throws TSentryNoSuchObjectException, TException { + return sentryPolicyStoreHander.alter_sentry_role_delete_groups(request); + } + @Override + public TListSentryRolesResponse list_sentry_roles( + TListSentryRolesRequest request) throws TSentryNoSuchObjectException, + TException { + return sentryPolicyStoreHander.list_sentry_roles(request); + } + + // below is hive methods + + @Override + public Index add_index(Index arg0, Table arg1) throws InvalidObjectException, + org.apache.hadoop.hive.metastore.api.AlreadyExistsException, + MetaException, TException { + return hiveMetaStoreHandler.add_index(arg0, arg1); + } + + @Override + public Partition add_partition(Partition arg0) throws InvalidObjectException, + org.apache.hadoop.hive.metastore.api.AlreadyExistsException, + MetaException, TException { + return hiveMetaStoreHandler.add_partition(arg0); + } + + @Override + public Partition add_partition_with_environment_context(Partition arg0, + EnvironmentContext arg1) throws InvalidObjectException, + org.apache.hadoop.hive.metastore.api.AlreadyExistsException, + MetaException, TException { + return hiveMetaStoreHandler.add_partition_with_environment_context(arg0, arg1); + } + + @Override + public int add_partitions(List<Partition> arg0) + throws InvalidObjectException, + org.apache.hadoop.hive.metastore.api.AlreadyExistsException, + MetaException, TException { + return hiveMetaStoreHandler.add_partitions(arg0); + } + + @Override + public void alter_database(String arg0, Database arg1) throws MetaException, + org.apache.hadoop.hive.metastore.api.NoSuchObjectException, TException { + hiveMetaStoreHandler.alter_database(arg0, arg1); + } + + @Override + public void alter_index(String arg0, String arg1, String arg2, Index arg3) + throws InvalidOperationException, MetaException, TException { + hiveMetaStoreHandler.alter_index(arg0, arg1, arg2, arg3); + } + + @Override + public void alter_partition(String arg0, String arg1, Partition arg2) + throws InvalidOperationException, MetaException, TException { + hiveMetaStoreHandler.alter_partition(arg0, arg1, arg2); + } + + @Override + public void alter_partition_with_environment_context(String arg0, + String arg1, Partition arg2, EnvironmentContext arg3) + throws InvalidOperationException, MetaException, TException { + hiveMetaStoreHandler.alter_partition_with_environment_context(arg0, arg1, arg2, arg3); + } + + @Override + public void alter_partitions(String arg0, String arg1, List<Partition> arg2) + throws InvalidOperationException, MetaException, TException { + hiveMetaStoreHandler.alter_partitions(arg0, arg1, arg2); + } + + @Override + public void alter_table(String arg0, String arg1, Table arg2) + throws InvalidOperationException, MetaException, TException { + hiveMetaStoreHandler.alter_table(arg0, arg1, arg2); + } + + @Override + public void alter_table_with_environment_context(String arg0, String arg1, + Table arg2, EnvironmentContext arg3) throws InvalidOperationException, + MetaException, TException { + hiveMetaStoreHandler.alter_table_with_environment_context(arg0, arg1, arg2, arg3); + } + + @Override + public Partition append_partition(String arg0, String arg1, List<String> arg2) + throws InvalidObjectException, + org.apache.hadoop.hive.metastore.api.AlreadyExistsException, + MetaException, TException { + return hiveMetaStoreHandler.append_partition(arg0, arg1, arg2); + } + + @Override + public Partition append_partition_by_name(String arg0, String arg1, + String arg2) throws InvalidObjectException, + org.apache.hadoop.hive.metastore.api.AlreadyExistsException, + MetaException, TException { + return hiveMetaStoreHandler.append_partition_by_name(arg0, arg1, arg2); + } + + @Override + public void cancel_delegation_token(String arg0) throws MetaException, + TException { + hiveMetaStoreHandler.cancel_delegation_token(arg0); + } + + @Override + public void create_database(Database arg0) + throws org.apache.hadoop.hive.metastore.api.AlreadyExistsException, + InvalidObjectException, MetaException, TException { + hiveMetaStoreHandler.create_database(arg0); + } + + @Override + public boolean create_role(Role arg0) throws MetaException, TException { + return hiveMetaStoreHandler.create_role(arg0); + } + + @Override + public void create_table(Table arg0) + throws org.apache.hadoop.hive.metastore.api.AlreadyExistsException, + InvalidObjectException, MetaException, + org.apache.hadoop.hive.metastore.api.NoSuchObjectException, TException { + hiveMetaStoreHandler.create_table(arg0); + } + + @Override + public void create_table_with_environment_context(Table arg0, + EnvironmentContext arg1) + throws org.apache.hadoop.hive.metastore.api.AlreadyExistsException, + InvalidObjectException, MetaException, + org.apache.hadoop.hive.metastore.api.NoSuchObjectException, TException { + hiveMetaStoreHandler.create_table_with_environment_context(arg0, arg1); + } + + @Override + public boolean create_type(Type arg0) + throws org.apache.hadoop.hive.metastore.api.AlreadyExistsException, + InvalidObjectException, MetaException, TException { + return hiveMetaStoreHandler.create_type(arg0); + } + + @Override + public boolean delete_partition_column_statistics(String arg0, String arg1, + String arg2, String arg3) + throws org.apache.hadoop.hive.metastore.api.NoSuchObjectException, + MetaException, InvalidObjectException, InvalidInputException, TException { + return hiveMetaStoreHandler.delete_partition_column_statistics(arg0, arg1, arg2, arg3); + } + + @Override + public boolean delete_table_column_statistics(String arg0, String arg1, + String arg2) + throws org.apache.hadoop.hive.metastore.api.NoSuchObjectException, + MetaException, InvalidObjectException, InvalidInputException, TException { + return hiveMetaStoreHandler.delete_table_column_statistics(arg0, arg1, arg2); + } + + @Override + public void drop_database(String arg0, boolean arg1, boolean arg2) + throws org.apache.hadoop.hive.metastore.api.NoSuchObjectException, + InvalidOperationException, MetaException, TException { + hiveMetaStoreHandler.drop_database(arg0, arg1, arg2); + } + + @Override + public boolean drop_index_by_name(String arg0, String arg1, String arg2, + boolean arg3) + throws org.apache.hadoop.hive.metastore.api.NoSuchObjectException, + MetaException, TException { + return hiveMetaStoreHandler.drop_index_by_name(arg0, arg1, arg2, arg3); + } + + @Override + public boolean drop_partition(String arg0, String arg1, List<String> arg2, + boolean arg3) + throws org.apache.hadoop.hive.metastore.api.NoSuchObjectException, + MetaException, TException { + return hiveMetaStoreHandler.drop_partition(arg0, arg1, arg2, arg3); + } + + @Override + public boolean drop_partition_by_name(String arg0, String arg1, String arg2, + boolean arg3) + throws org.apache.hadoop.hive.metastore.api.NoSuchObjectException, + MetaException, TException { + return hiveMetaStoreHandler.drop_index_by_name(arg0, arg1, arg2, arg3); + } + + @Override + public boolean drop_role(String arg0) throws MetaException, TException { + return hiveMetaStoreHandler.drop_role(arg0); + } + + @Override + public void drop_table(String arg0, String arg1, boolean arg2) + throws org.apache.hadoop.hive.metastore.api.NoSuchObjectException, + MetaException, TException { + hiveMetaStoreHandler.drop_table(arg0, arg1, arg2); + } + + @Override + public boolean drop_type(String arg0) throws MetaException, + org.apache.hadoop.hive.metastore.api.NoSuchObjectException, TException { + return hiveMetaStoreHandler.drop_type(arg0); + } + + @Override + public List<String> get_all_databases() throws MetaException, TException { + return hiveMetaStoreHandler.get_all_databases(); + } + + @Override + public List<String> get_all_tables(String arg0) throws MetaException, + TException { + return hiveMetaStoreHandler.get_all_tables(arg0); + } + + @Override + public String get_config_value(String arg0, String arg1) + throws ConfigValSecurityException, TException { + return hiveMetaStoreHandler.get_config_value(arg0, arg1); + } + + @Override + public Database get_database(String arg0) + throws org.apache.hadoop.hive.metastore.api.NoSuchObjectException, + MetaException, TException { + return hiveMetaStoreHandler.get_database(arg0); + } + + @Override + public List<String> get_databases(String arg0) throws MetaException, + TException { + return hiveMetaStoreHandler.get_databases(arg0); + } + + @Override + public String get_delegation_token(String arg0, String arg1) + throws MetaException, TException { + return hiveMetaStoreHandler.get_delegation_token(arg0, arg1); + } + + @Override + public List<FieldSchema> get_fields(String arg0, String arg1) + throws MetaException, UnknownTableException, UnknownDBException, + TException { + return hiveMetaStoreHandler.get_fields(arg0, arg1); + } + + @Override + public Index get_index_by_name(String arg0, String arg1, String arg2) + throws MetaException, + org.apache.hadoop.hive.metastore.api.NoSuchObjectException, TException { + return hiveMetaStoreHandler.get_index_by_name(arg0, arg1, arg2); + } + + @Override + public List<String> get_index_names(String arg0, String arg1, short arg2) + throws MetaException, TException { + return hiveMetaStoreHandler.get_index_names(arg0, arg1, arg2); + } + + @Override + public List<Index> get_indexes(String arg0, String arg1, short arg2) + throws org.apache.hadoop.hive.metastore.api.NoSuchObjectException, + MetaException, TException { + return hiveMetaStoreHandler.get_indexes(arg0, arg1, arg2); + } + + @Override + public Partition get_partition(String arg0, String arg1, List<String> arg2) + throws MetaException, + org.apache.hadoop.hive.metastore.api.NoSuchObjectException, TException { + return hiveMetaStoreHandler.get_partition(arg0, arg1, arg2); + } + + @Override + public Partition get_partition_by_name(String arg0, String arg1, String arg2) + throws MetaException, + org.apache.hadoop.hive.metastore.api.NoSuchObjectException, TException { + return hiveMetaStoreHandler.get_partition_by_name(arg0, arg1, arg2); + } + + @Override + public ColumnStatistics get_partition_column_statistics(String arg0, + String arg1, String arg2, String arg3) + throws org.apache.hadoop.hive.metastore.api.NoSuchObjectException, + MetaException, InvalidInputException, InvalidObjectException, TException { + return hiveMetaStoreHandler.get_partition_column_statistics(arg0, arg1, arg2, arg3); + } + + @Override + public List<String> get_partition_names(String arg0, String arg1, short arg2) + throws MetaException, TException { + return hiveMetaStoreHandler.get_partition_names(arg0, arg1, arg2); + } + + @Override + public List<String> get_partition_names_ps(String arg0, String arg1, + List<String> arg2, short arg3) throws MetaException, + org.apache.hadoop.hive.metastore.api.NoSuchObjectException, TException { + return hiveMetaStoreHandler.get_partition_names_ps(arg0, arg1, arg2, arg3); + } + + @Override + public Partition get_partition_with_auth(String arg0, String arg1, + List<String> arg2, String arg3, List<String> arg4) throws MetaException, + org.apache.hadoop.hive.metastore.api.NoSuchObjectException, TException { + return hiveMetaStoreHandler.get_partition_with_auth(arg0, arg1, arg2, arg3, arg4); + } + + @Override + public List<Partition> get_partitions(String arg0, String arg1, short arg2) + throws org.apache.hadoop.hive.metastore.api.NoSuchObjectException, + MetaException, TException { + return hiveMetaStoreHandler.get_partitions(arg0, arg1, arg2); + } + + @Override + public List<Partition> get_partitions_by_filter(String arg0, String arg1, + String arg2, short arg3) throws MetaException, + org.apache.hadoop.hive.metastore.api.NoSuchObjectException, TException { + return hiveMetaStoreHandler.get_partitions_by_filter(arg0, arg1, arg2, arg3); + } + + @Override + public List<Partition> get_partitions_by_names(String arg0, String arg1, + List<String> arg2) throws MetaException, + org.apache.hadoop.hive.metastore.api.NoSuchObjectException, TException { + return hiveMetaStoreHandler.get_partitions_by_names(arg0, arg1, arg2); + } + + @Override + public List<Partition> get_partitions_ps(String arg0, String arg1, + List<String> arg2, short arg3) throws MetaException, + org.apache.hadoop.hive.metastore.api.NoSuchObjectException, TException { + return hiveMetaStoreHandler.get_partitions_ps(arg0, arg1, arg2, arg3); + } + + @Override + public List<Partition> get_partitions_ps_with_auth(String arg0, String arg1, + List<String> arg2, short arg3, String arg4, List<String> arg5) + throws org.apache.hadoop.hive.metastore.api.NoSuchObjectException, + MetaException, TException { + return hiveMetaStoreHandler.get_partitions_ps_with_auth(arg0, arg1, arg2, arg3, arg4, arg5); + } + + @Override + public List<Partition> get_partitions_with_auth(String arg0, String arg1, + short arg2, String arg3, List<String> arg4) + throws org.apache.hadoop.hive.metastore.api.NoSuchObjectException, + MetaException, TException { + return hiveMetaStoreHandler.get_partitions_with_auth(arg0, arg1, arg2, arg3, arg4); + } + + @Override + public PrincipalPrivilegeSet get_privilege_set(HiveObjectRef arg0, + String arg1, List<String> arg2) throws MetaException, TException { + return hiveMetaStoreHandler.get_privilege_set(arg0, arg1, arg2); + } + + @Override + public List<String> get_role_names() throws MetaException, TException { + return hiveMetaStoreHandler.get_role_names(); + } + + @Override + public List<FieldSchema> get_schema(String arg0, String arg1) + throws MetaException, UnknownTableException, UnknownDBException, + TException { + return hiveMetaStoreHandler.get_schema(arg0, arg1); + } + + @Override + public Table get_table(String arg0, String arg1) throws MetaException, + org.apache.hadoop.hive.metastore.api.NoSuchObjectException, TException { + return hiveMetaStoreHandler.get_table(arg0, arg1); + } + + @Override + public ColumnStatistics get_table_column_statistics(String arg0, String arg1, + String arg2) + throws org.apache.hadoop.hive.metastore.api.NoSuchObjectException, + MetaException, InvalidInputException, InvalidObjectException, TException { + return hiveMetaStoreHandler.get_table_column_statistics(arg0, arg1, arg2); + } + + @Override + public List<String> get_table_names_by_filter(String arg0, String arg1, + short arg2) throws MetaException, InvalidOperationException, + UnknownDBException, TException { + return hiveMetaStoreHandler.get_table_names_by_filter(arg0, arg1, arg2); + } + + @Override + public List<Table> get_table_objects_by_name(String arg0, List<String> arg1) + throws MetaException, InvalidOperationException, UnknownDBException, + TException { + return hiveMetaStoreHandler.get_table_objects_by_name(arg0, arg1); + } + + @Override + public List<String> get_tables(String arg0, String arg1) + throws MetaException, TException { + return hiveMetaStoreHandler.get_tables(arg0, arg1); + } + + @Override + public Type get_type(String arg0) throws MetaException, + org.apache.hadoop.hive.metastore.api.NoSuchObjectException, TException { + return hiveMetaStoreHandler.get_type(arg0); + } + + @Override + public Map<String, Type> get_type_all(String arg0) throws MetaException, + TException { + return hiveMetaStoreHandler.get_type_all(arg0); + } + + @Override + public boolean grant_privileges(PrivilegeBag arg0) throws MetaException, + TException { + return hiveMetaStoreHandler.grant_privileges(arg0); + } + + @Override + public boolean grant_role(String arg0, String arg1, PrincipalType arg2, + String arg3, PrincipalType arg4, boolean arg5) throws MetaException, + TException { + return hiveMetaStoreHandler.grant_role(arg0, arg1, arg2, arg3, arg4, arg5); + } + + @Override + public boolean isPartitionMarkedForEvent(String arg0, String arg1, + Map<String, String> arg2, PartitionEventType arg3) throws MetaException, + org.apache.hadoop.hive.metastore.api.NoSuchObjectException, + UnknownDBException, UnknownTableException, UnknownPartitionException, + InvalidPartitionException, TException { + return hiveMetaStoreHandler.isPartitionMarkedForEvent(arg0, arg1, arg2, arg3); + } + + @Override + public List<HiveObjectPrivilege> list_privileges(String arg0, + PrincipalType arg1, HiveObjectRef arg2) throws MetaException, TException { + return hiveMetaStoreHandler.list_privileges(arg0, arg1, arg2); + } + + @Override + public List<Role> list_roles(String arg0, PrincipalType arg1) + throws MetaException, TException { + return hiveMetaStoreHandler.list_roles(arg0, arg1); + } + + @Override + public void markPartitionForEvent(String arg0, String arg1, + Map<String, String> arg2, PartitionEventType arg3) throws MetaException, + org.apache.hadoop.hive.metastore.api.NoSuchObjectException, + UnknownDBException, UnknownTableException, UnknownPartitionException, + InvalidPartitionException, TException { + hiveMetaStoreHandler.markPartitionForEvent(arg0, arg1, arg2, arg3); + } + + @Override + public Map<String, String> partition_name_to_spec(String arg0) + throws MetaException, TException { + return hiveMetaStoreHandler.partition_name_to_spec(arg0); + } + + @Override + public List<String> partition_name_to_vals(String arg0) throws MetaException, + TException { + return hiveMetaStoreHandler.partition_name_to_vals(arg0); + } + + @Override + public void rename_partition(String arg0, String arg1, List<String> arg2, + Partition arg3) throws InvalidOperationException, MetaException, + TException { + hiveMetaStoreHandler.rename_partition(arg0, arg1, arg2, arg3); + } + + @Override + public long renew_delegation_token(String arg0) throws MetaException, + TException { + return hiveMetaStoreHandler.renew_delegation_token(arg0); + } + + @Override + public boolean revoke_privileges(PrivilegeBag arg0) throws MetaException, + TException { + return hiveMetaStoreHandler.revoke_privileges(arg0); + } + + @Override + public boolean revoke_role(String arg0, String arg1, PrincipalType arg2) + throws MetaException, TException { + return hiveMetaStoreHandler.revoke_role(arg0, arg1, arg2); + } + + @Override + public List<String> set_ugi(String arg0, List<String> arg1) + throws MetaException, TException { + return hiveMetaStoreHandler.set_ugi(arg0, arg1); + } + + @Override + public boolean update_partition_column_statistics(ColumnStatistics arg0) + throws org.apache.hadoop.hive.metastore.api.NoSuchObjectException, + InvalidObjectException, MetaException, InvalidInputException, TException { + return hiveMetaStoreHandler.update_partition_column_statistics(arg0); + } + + @Override + public boolean update_table_column_statistics(ColumnStatistics arg0) + throws org.apache.hadoop.hive.metastore.api.NoSuchObjectException, + InvalidObjectException, MetaException, InvalidInputException, TException { + return hiveMetaStoreHandler.update_table_column_statistics(arg0); + } + + @Override + public long aliveSince() throws TException { + return hiveMetaStoreHandler.aliveSince(); + } + + @Override + public long getCounter(String arg0) throws TException { + return hiveMetaStoreHandler.getCounter(arg0); + } + + @Override + public Map<String, Long> getCounters() throws TException { + return hiveMetaStoreHandler.getCounters(); + } + + @Override + public String getCpuProfile(int arg0) throws TException { + return hiveMetaStoreHandler.getCpuProfile(arg0); + } + + @Override + public String getName() throws TException { + return hiveMetaStoreHandler.getName(); + } + + @Override + public String getOption(String arg0) throws TException { + return hiveMetaStoreHandler.getOption(arg0); + } + + @Override + public Map<String, String> getOptions() throws TException { + return hiveMetaStoreHandler.getOptions(); + } + + @Override + public fb_status getStatus() throws TException { + return hiveMetaStoreHandler.getStatus(); + } + + @Override + public String getStatusDetails() throws TException { + return hiveMetaStoreHandler.getStatusDetails(); + } + + @Override + public String getVersion() throws TException { + return hiveMetaStoreHandler.getVersion(); + } + + @Override + public void reinitialize() throws TException { + hiveMetaStoreHandler.reinitialize(); + + } + + @Override + public void setOption(String arg0, String arg1) throws TException { + hiveMetaStoreHandler.setOption(arg0, arg1); + + } + + @Override + public void shutdown() throws TException { + hiveMetaStoreHandler.shutdown(); + } + + @Override + public void setConf(Configuration arg0) { + hiveMetaStoreHandler.setConf(arg0); + } +} http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/c6bec167/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/thrift/SentryPolicyStoreHandler.java ---------------------------------------------------------------------- diff --git a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/thrift/SentryPolicyStoreHandler.java b/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/thrift/SentryPolicyStoreHandler.java new file mode 100644 index 0000000..ab50580 --- /dev/null +++ b/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/thrift/SentryPolicyStoreHandler.java @@ -0,0 +1,77 @@ +/** + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package org.apache.sentry.provider.db.service.thrift; + +import org.apache.hadoop.hive.conf.HiveConf; +import org.apache.hadoop.hive.metastore.HiveMetaStore; +import org.apache.sentry.policystore.api.SentryThriftPolicyService; +import org.apache.sentry.policystore.api.TAlterSentryRoleAddGroupsRequest; +import org.apache.sentry.policystore.api.TAlterSentryRoleAddGroupsResponse; +import org.apache.sentry.policystore.api.TAlterSentryRoleDeleteGroupsRequest; +import org.apache.sentry.policystore.api.TAlterSentryRoleDeleteGroupsResponse; +import org.apache.sentry.policystore.api.TCreateSentryPrivilegeRequest; +import org.apache.sentry.policystore.api.TCreateSentryPrivilegeResponse; +import org.apache.sentry.policystore.api.TCreateSentryRoleRequest; +import org.apache.sentry.policystore.api.TCreateSentryRoleResponse; +import org.apache.sentry.policystore.api.TListSentryRolesRequest; +import org.apache.sentry.policystore.api.TListSentryRolesResponse; +import org.apache.sentry.policystore.api.TSentryAlreadyExistsException; +import org.apache.sentry.policystore.api.TSentryNoSuchObjectException; +import org.apache.thrift.TException; + +public class SentryPolicyStoreHandler implements SentryThriftPolicyService.Iface { + private final String name; + private final HiveConf conf; + public SentryPolicyStoreHandler(String name, HiveConf conf) { + super(); + this.name = name; + this.conf = conf; + } + @Override + public TCreateSentryRoleResponse create_sentry_role( + TCreateSentryRoleRequest request) throws TSentryAlreadyExistsException, + TException { + return null; + } + @Override + public TCreateSentryPrivilegeResponse create_sentry_privilege( + TCreateSentryPrivilegeRequest request) + throws TSentryAlreadyExistsException, TException { + return null; + } + @Override + public TAlterSentryRoleAddGroupsResponse alter_sentry_role_add_groups( + TAlterSentryRoleAddGroupsRequest request) + throws TSentryNoSuchObjectException, TException { + return null; + } + @Override + public TAlterSentryRoleDeleteGroupsResponse alter_sentry_role_delete_groups( + TAlterSentryRoleDeleteGroupsRequest request) + throws TSentryNoSuchObjectException, TException { + return null; + } + @Override + public TListSentryRolesResponse list_sentry_roles( + TListSentryRolesRequest request) throws TSentryNoSuchObjectException, + TException { + return null; + } + +} http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/c6bec167/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/thrift/sentry_policystore.thrift ---------------------------------------------------------------------- diff --git a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/thrift/sentry_policystore.thrift b/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/thrift/sentry_policystore.thrift new file mode 100644 index 0000000..73a5d32 --- /dev/null +++ b/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/thrift/sentry_policystore.thrift @@ -0,0 +1,134 @@ +#!/usr/local/bin/thrift -java + +/** + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +# +# Thrift Service that the MetaStore is built on +# + +include "share/fb303/if/fb303.thrift" + +namespace java org.apache.sentry.policystore.api +namespace php sentrypolicystore +namespace cpp Apache.Sentry + +enum TSentryPolicyServiceVersion { +V1 +} + +struct TSentryPrivilege { +1: required string privilegeScope, +2: required string privilegeName, +3: required string serverName, +4: optional string dbName, +5: optional string tableName, +6: optional string URI, +7: required string action, +8: required i64 createTime, +9: required string grantorPrincipal +} + +struct TSentryRole { +1: required string roleName, +2: required set<TSentryPrivilege> privileges, +3: required i64 createTime, +4: required string grantorPrincipal +} +// TODO fill out +struct TSentryGroup { +1: required string groupName +} + +struct TCreateSentryRoleRequest { +1: required TSentryPolicyServiceVersion protocol_version = TSentryPolicyServiceVersion.V1, +2: required string userName, +3: required TSentryRole role +} +struct TCreateSentryRoleResponse { +1: required bool success +} + +struct TCreateSentryPrivilegeRequest { +1: required TSentryPolicyServiceVersion protocol_version = TSentryPolicyServiceVersion.V1, +2: required string userName, +3: required TSentryPrivilege privilege +} +struct TCreateSentryPrivilegeResponse { +1: required bool success +} + +struct TCreateSentryPrivilegeRequest { +1: required TSentryPolicyServiceVersion protocol_version = TSentryPolicyServiceVersion.V1, +2: required string userName, +3: required TSentryPrivilege privilege +} +struct TCreateSentryPrivilegeResponse { +1: required bool success +} + +struct TAlterSentryRoleAddGroupsRequest { +1: required TSentryPolicyServiceVersion protocol_version = TSentryPolicyServiceVersion.V1, +2: required string userName, +3: required string roleName, +4: required set<TSentryGroup> groups +} +struct TAlterSentryRoleAddGroupsResponse { +1: required bool success +} + +struct TAlterSentryRoleDeleteGroupsRequest { +1: required TSentryPolicyServiceVersion protocol_version = TSentryPolicyServiceVersion.V1, +2: required string userName, +} +struct TAlterSentryRoleDeleteGroupsResponse { +1: required bool success +} + +struct TListSentryRolesRequest { +1: required TSentryPolicyServiceVersion protocol_version = TSentryPolicyServiceVersion.V1, +2: required string userName, +3: optional string groupName, +4: optional string roleName +} +struct TListSentryRolesResponse { +1: required bool success, +2: required set<TSentryRole> roles +} + +exception TSentryAlreadyExistsException { + 1: string message +} + +exception TSentryNoSuchObjectException { + 1: string message +} + +service SentryThriftPolicyService +{ + TCreateSentryRoleResponse create_sentry_role(1:TCreateSentryRoleRequest request) throws (1:TSentryAlreadyExistsException o1) + //TDropSentryRoleResponse drop_sentry_role(1:TDropSentryRoleRequest request) throws (1:TSentryNoSuchObjectException o1) + + TCreateSentryPrivilegeResponse create_sentry_privilege(1:TCreateSentryPrivilegeRequest request) throws (1:TSentryAlreadyExistsException o1) + //TDropSentryPrivilegeResponse drop_sentry_privilege(1:TDropSentryPrivilegeRequest request) throws (1:TSentryNoSuchObjectException o1) + + TAlterSentryRoleAddGroupsResponse alter_sentry_role_add_groups(1:TAlterSentryRoleAddGroupsRequest request) throws (1:TSentryNoSuchObjectException o1) + TAlterSentryRoleDeleteGroupsResponse alter_sentry_role_delete_groups(1:TAlterSentryRoleDeleteGroupsRequest request) throws (1:TSentryNoSuchObjectException o1) + + TListSentryRolesResponse list_sentry_roles(1:TListSentryRolesRequest request) throws (1:TSentryNoSuchObjectException o1) +}
