Repository: incubator-sentry Updated Branches: refs/heads/sentry-hdfs-plugin [created] b86a53d10
http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/b86a53d1/sentry-service-client/src/gen/thrift/gen-javabean/org/apache/sentry/service/thrift/TSentryResponseStatus.java ---------------------------------------------------------------------- diff --git a/sentry-service-client/src/gen/thrift/gen-javabean/org/apache/sentry/service/thrift/TSentryResponseStatus.java b/sentry-service-client/src/gen/thrift/gen-javabean/org/apache/sentry/service/thrift/TSentryResponseStatus.java new file mode 100644 index 0000000..81abd90 --- /dev/null +++ b/sentry-service-client/src/gen/thrift/gen-javabean/org/apache/sentry/service/thrift/TSentryResponseStatus.java @@ -0,0 +1,594 @@ +/** + * Autogenerated by Thrift Compiler (0.9.0) + * + * DO NOT EDIT UNLESS YOU ARE SURE THAT YOU KNOW WHAT YOU ARE DOING + * @generated + */ +package org.apache.sentry.service.thrift; + +import org.apache.commons.lang.builder.HashCodeBuilder; +import org.apache.thrift.scheme.IScheme; +import org.apache.thrift.scheme.SchemeFactory; +import org.apache.thrift.scheme.StandardScheme; + +import org.apache.thrift.scheme.TupleScheme; +import org.apache.thrift.protocol.TTupleProtocol; +import org.apache.thrift.protocol.TProtocolException; +import org.apache.thrift.EncodingUtils; +import org.apache.thrift.TException; +import java.util.List; +import java.util.ArrayList; +import java.util.Map; +import java.util.HashMap; +import java.util.EnumMap; +import java.util.Set; +import java.util.HashSet; +import java.util.EnumSet; +import java.util.Collections; +import java.util.BitSet; +import java.nio.ByteBuffer; +import java.util.Arrays; +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; + +public class TSentryResponseStatus implements org.apache.thrift.TBase<TSentryResponseStatus, TSentryResponseStatus._Fields>, java.io.Serializable, Cloneable { + private static final org.apache.thrift.protocol.TStruct STRUCT_DESC = new org.apache.thrift.protocol.TStruct("TSentryResponseStatus"); + + private static final org.apache.thrift.protocol.TField VALUE_FIELD_DESC = new org.apache.thrift.protocol.TField("value", org.apache.thrift.protocol.TType.I32, (short)1); + private static final org.apache.thrift.protocol.TField MESSAGE_FIELD_DESC = new org.apache.thrift.protocol.TField("message", org.apache.thrift.protocol.TType.STRING, (short)2); + private static final org.apache.thrift.protocol.TField STACK_FIELD_DESC = new org.apache.thrift.protocol.TField("stack", org.apache.thrift.protocol.TType.STRING, (short)3); + + private static final Map<Class<? extends IScheme>, SchemeFactory> schemes = new HashMap<Class<? extends IScheme>, SchemeFactory>(); + static { + schemes.put(StandardScheme.class, new TSentryResponseStatusStandardSchemeFactory()); + schemes.put(TupleScheme.class, new TSentryResponseStatusTupleSchemeFactory()); + } + + private int value; // required + private String message; // required + private String stack; // optional + + /** The set of fields this struct contains, along with convenience methods for finding and manipulating them. */ + public enum _Fields implements org.apache.thrift.TFieldIdEnum { + VALUE((short)1, "value"), + MESSAGE((short)2, "message"), + STACK((short)3, "stack"); + + private static final Map<String, _Fields> byName = new HashMap<String, _Fields>(); + + static { + for (_Fields field : EnumSet.allOf(_Fields.class)) { + byName.put(field.getFieldName(), field); + } + } + + /** + * Find the _Fields constant that matches fieldId, or null if its not found. + */ + public static _Fields findByThriftId(int fieldId) { + switch(fieldId) { + case 1: // VALUE + return VALUE; + case 2: // MESSAGE + return MESSAGE; + case 3: // STACK + return STACK; + default: + return null; + } + } + + /** + * Find the _Fields constant that matches fieldId, throwing an exception + * if it is not found. + */ + public static _Fields findByThriftIdOrThrow(int fieldId) { + _Fields fields = findByThriftId(fieldId); + if (fields == null) throw new IllegalArgumentException("Field " + fieldId + " doesn't exist!"); + return fields; + } + + /** + * Find the _Fields constant that matches name, or null if its not found. + */ + public static _Fields findByName(String name) { + return byName.get(name); + } + + private final short _thriftId; + private final String _fieldName; + + _Fields(short thriftId, String fieldName) { + _thriftId = thriftId; + _fieldName = fieldName; + } + + public short getThriftFieldId() { + return _thriftId; + } + + public String getFieldName() { + return _fieldName; + } + } + + // isset id assignments + private static final int __VALUE_ISSET_ID = 0; + private byte __isset_bitfield = 0; + private _Fields optionals[] = {_Fields.STACK}; + public static final Map<_Fields, org.apache.thrift.meta_data.FieldMetaData> metaDataMap; + static { + Map<_Fields, org.apache.thrift.meta_data.FieldMetaData> tmpMap = new EnumMap<_Fields, org.apache.thrift.meta_data.FieldMetaData>(_Fields.class); + tmpMap.put(_Fields.VALUE, new org.apache.thrift.meta_data.FieldMetaData("value", org.apache.thrift.TFieldRequirementType.REQUIRED, + new org.apache.thrift.meta_data.FieldValueMetaData(org.apache.thrift.protocol.TType.I32))); + tmpMap.put(_Fields.MESSAGE, new org.apache.thrift.meta_data.FieldMetaData("message", org.apache.thrift.TFieldRequirementType.REQUIRED, + new org.apache.thrift.meta_data.FieldValueMetaData(org.apache.thrift.protocol.TType.STRING))); + tmpMap.put(_Fields.STACK, new org.apache.thrift.meta_data.FieldMetaData("stack", org.apache.thrift.TFieldRequirementType.OPTIONAL, + new org.apache.thrift.meta_data.FieldValueMetaData(org.apache.thrift.protocol.TType.STRING))); + metaDataMap = Collections.unmodifiableMap(tmpMap); + org.apache.thrift.meta_data.FieldMetaData.addStructMetaDataMap(TSentryResponseStatus.class, metaDataMap); + } + + public TSentryResponseStatus() { + } + + public TSentryResponseStatus( + int value, + String message) + { + this(); + this.value = value; + setValueIsSet(true); + this.message = message; + } + + /** + * Performs a deep copy on <i>other</i>. + */ + public TSentryResponseStatus(TSentryResponseStatus other) { + __isset_bitfield = other.__isset_bitfield; + this.value = other.value; + if (other.isSetMessage()) { + this.message = other.message; + } + if (other.isSetStack()) { + this.stack = other.stack; + } + } + + public TSentryResponseStatus deepCopy() { + return new TSentryResponseStatus(this); + } + + @Override + public void clear() { + setValueIsSet(false); + this.value = 0; + this.message = null; + this.stack = null; + } + + public int getValue() { + return this.value; + } + + public void setValue(int value) { + this.value = value; + setValueIsSet(true); + } + + public void unsetValue() { + __isset_bitfield = EncodingUtils.clearBit(__isset_bitfield, __VALUE_ISSET_ID); + } + + /** Returns true if field value is set (has been assigned a value) and false otherwise */ + public boolean isSetValue() { + return EncodingUtils.testBit(__isset_bitfield, __VALUE_ISSET_ID); + } + + public void setValueIsSet(boolean value) { + __isset_bitfield = EncodingUtils.setBit(__isset_bitfield, __VALUE_ISSET_ID, value); + } + + public String getMessage() { + return this.message; + } + + public void setMessage(String message) { + this.message = message; + } + + public void unsetMessage() { + this.message = null; + } + + /** Returns true if field message is set (has been assigned a value) and false otherwise */ + public boolean isSetMessage() { + return this.message != null; + } + + public void setMessageIsSet(boolean value) { + if (!value) { + this.message = null; + } + } + + public String getStack() { + return this.stack; + } + + public void setStack(String stack) { + this.stack = stack; + } + + public void unsetStack() { + this.stack = null; + } + + /** Returns true if field stack is set (has been assigned a value) and false otherwise */ + public boolean isSetStack() { + return this.stack != null; + } + + public void setStackIsSet(boolean value) { + if (!value) { + this.stack = null; + } + } + + public void setFieldValue(_Fields field, Object value) { + switch (field) { + case VALUE: + if (value == null) { + unsetValue(); + } else { + setValue((Integer)value); + } + break; + + case MESSAGE: + if (value == null) { + unsetMessage(); + } else { + setMessage((String)value); + } + break; + + case STACK: + if (value == null) { + unsetStack(); + } else { + setStack((String)value); + } + break; + + } + } + + public Object getFieldValue(_Fields field) { + switch (field) { + case VALUE: + return Integer.valueOf(getValue()); + + case MESSAGE: + return getMessage(); + + case STACK: + return getStack(); + + } + throw new IllegalStateException(); + } + + /** Returns true if field corresponding to fieldID is set (has been assigned a value) and false otherwise */ + public boolean isSet(_Fields field) { + if (field == null) { + throw new IllegalArgumentException(); + } + + switch (field) { + case VALUE: + return isSetValue(); + case MESSAGE: + return isSetMessage(); + case STACK: + return isSetStack(); + } + throw new IllegalStateException(); + } + + @Override + public boolean equals(Object that) { + if (that == null) + return false; + if (that instanceof TSentryResponseStatus) + return this.equals((TSentryResponseStatus)that); + return false; + } + + public boolean equals(TSentryResponseStatus that) { + if (that == null) + return false; + + boolean this_present_value = true; + boolean that_present_value = true; + if (this_present_value || that_present_value) { + if (!(this_present_value && that_present_value)) + return false; + if (this.value != that.value) + return false; + } + + boolean this_present_message = true && this.isSetMessage(); + boolean that_present_message = true && that.isSetMessage(); + if (this_present_message || that_present_message) { + if (!(this_present_message && that_present_message)) + return false; + if (!this.message.equals(that.message)) + return false; + } + + boolean this_present_stack = true && this.isSetStack(); + boolean that_present_stack = true && that.isSetStack(); + if (this_present_stack || that_present_stack) { + if (!(this_present_stack && that_present_stack)) + return false; + if (!this.stack.equals(that.stack)) + return false; + } + + return true; + } + + @Override + public int hashCode() { + HashCodeBuilder builder = new HashCodeBuilder(); + + boolean present_value = true; + builder.append(present_value); + if (present_value) + builder.append(value); + + boolean present_message = true && (isSetMessage()); + builder.append(present_message); + if (present_message) + builder.append(message); + + boolean present_stack = true && (isSetStack()); + builder.append(present_stack); + if (present_stack) + builder.append(stack); + + return builder.toHashCode(); + } + + public int compareTo(TSentryResponseStatus other) { + if (!getClass().equals(other.getClass())) { + return getClass().getName().compareTo(other.getClass().getName()); + } + + int lastComparison = 0; + TSentryResponseStatus typedOther = (TSentryResponseStatus)other; + + lastComparison = Boolean.valueOf(isSetValue()).compareTo(typedOther.isSetValue()); + if (lastComparison != 0) { + return lastComparison; + } + if (isSetValue()) { + lastComparison = org.apache.thrift.TBaseHelper.compareTo(this.value, typedOther.value); + if (lastComparison != 0) { + return lastComparison; + } + } + lastComparison = Boolean.valueOf(isSetMessage()).compareTo(typedOther.isSetMessage()); + if (lastComparison != 0) { + return lastComparison; + } + if (isSetMessage()) { + lastComparison = org.apache.thrift.TBaseHelper.compareTo(this.message, typedOther.message); + if (lastComparison != 0) { + return lastComparison; + } + } + lastComparison = Boolean.valueOf(isSetStack()).compareTo(typedOther.isSetStack()); + if (lastComparison != 0) { + return lastComparison; + } + if (isSetStack()) { + lastComparison = org.apache.thrift.TBaseHelper.compareTo(this.stack, typedOther.stack); + if (lastComparison != 0) { + return lastComparison; + } + } + return 0; + } + + public _Fields fieldForId(int fieldId) { + return _Fields.findByThriftId(fieldId); + } + + public void read(org.apache.thrift.protocol.TProtocol iprot) throws org.apache.thrift.TException { + schemes.get(iprot.getScheme()).getScheme().read(iprot, this); + } + + public void write(org.apache.thrift.protocol.TProtocol oprot) throws org.apache.thrift.TException { + schemes.get(oprot.getScheme()).getScheme().write(oprot, this); + } + + @Override + public String toString() { + StringBuilder sb = new StringBuilder("TSentryResponseStatus("); + boolean first = true; + + sb.append("value:"); + sb.append(this.value); + first = false; + if (!first) sb.append(", "); + sb.append("message:"); + if (this.message == null) { + sb.append("null"); + } else { + sb.append(this.message); + } + first = false; + if (isSetStack()) { + if (!first) sb.append(", "); + sb.append("stack:"); + if (this.stack == null) { + sb.append("null"); + } else { + sb.append(this.stack); + } + first = false; + } + sb.append(")"); + return sb.toString(); + } + + public void validate() throws org.apache.thrift.TException { + // check for required fields + if (!isSetValue()) { + throw new org.apache.thrift.protocol.TProtocolException("Required field 'value' is unset! Struct:" + toString()); + } + + if (!isSetMessage()) { + throw new org.apache.thrift.protocol.TProtocolException("Required field 'message' is unset! Struct:" + toString()); + } + + // check for sub-struct validity + } + + private void writeObject(java.io.ObjectOutputStream out) throws java.io.IOException { + try { + write(new org.apache.thrift.protocol.TCompactProtocol(new org.apache.thrift.transport.TIOStreamTransport(out))); + } catch (org.apache.thrift.TException te) { + throw new java.io.IOException(te); + } + } + + private void readObject(java.io.ObjectInputStream in) throws java.io.IOException, ClassNotFoundException { + try { + // it doesn't seem like you should have to do this, but java serialization is wacky, and doesn't call the default constructor. + __isset_bitfield = 0; + read(new org.apache.thrift.protocol.TCompactProtocol(new org.apache.thrift.transport.TIOStreamTransport(in))); + } catch (org.apache.thrift.TException te) { + throw new java.io.IOException(te); + } + } + + private static class TSentryResponseStatusStandardSchemeFactory implements SchemeFactory { + public TSentryResponseStatusStandardScheme getScheme() { + return new TSentryResponseStatusStandardScheme(); + } + } + + private static class TSentryResponseStatusStandardScheme extends StandardScheme<TSentryResponseStatus> { + + public void read(org.apache.thrift.protocol.TProtocol iprot, TSentryResponseStatus struct) throws org.apache.thrift.TException { + org.apache.thrift.protocol.TField schemeField; + iprot.readStructBegin(); + while (true) + { + schemeField = iprot.readFieldBegin(); + if (schemeField.type == org.apache.thrift.protocol.TType.STOP) { + break; + } + switch (schemeField.id) { + case 1: // VALUE + if (schemeField.type == org.apache.thrift.protocol.TType.I32) { + struct.value = iprot.readI32(); + struct.setValueIsSet(true); + } else { + org.apache.thrift.protocol.TProtocolUtil.skip(iprot, schemeField.type); + } + break; + case 2: // MESSAGE + if (schemeField.type == org.apache.thrift.protocol.TType.STRING) { + struct.message = iprot.readString(); + struct.setMessageIsSet(true); + } else { + org.apache.thrift.protocol.TProtocolUtil.skip(iprot, schemeField.type); + } + break; + case 3: // STACK + if (schemeField.type == org.apache.thrift.protocol.TType.STRING) { + struct.stack = iprot.readString(); + struct.setStackIsSet(true); + } else { + org.apache.thrift.protocol.TProtocolUtil.skip(iprot, schemeField.type); + } + break; + default: + org.apache.thrift.protocol.TProtocolUtil.skip(iprot, schemeField.type); + } + iprot.readFieldEnd(); + } + iprot.readStructEnd(); + struct.validate(); + } + + public void write(org.apache.thrift.protocol.TProtocol oprot, TSentryResponseStatus struct) throws org.apache.thrift.TException { + struct.validate(); + + oprot.writeStructBegin(STRUCT_DESC); + oprot.writeFieldBegin(VALUE_FIELD_DESC); + oprot.writeI32(struct.value); + oprot.writeFieldEnd(); + if (struct.message != null) { + oprot.writeFieldBegin(MESSAGE_FIELD_DESC); + oprot.writeString(struct.message); + oprot.writeFieldEnd(); + } + if (struct.stack != null) { + if (struct.isSetStack()) { + oprot.writeFieldBegin(STACK_FIELD_DESC); + oprot.writeString(struct.stack); + oprot.writeFieldEnd(); + } + } + oprot.writeFieldStop(); + oprot.writeStructEnd(); + } + + } + + private static class TSentryResponseStatusTupleSchemeFactory implements SchemeFactory { + public TSentryResponseStatusTupleScheme getScheme() { + return new TSentryResponseStatusTupleScheme(); + } + } + + private static class TSentryResponseStatusTupleScheme extends TupleScheme<TSentryResponseStatus> { + + @Override + public void write(org.apache.thrift.protocol.TProtocol prot, TSentryResponseStatus struct) throws org.apache.thrift.TException { + TTupleProtocol oprot = (TTupleProtocol) prot; + oprot.writeI32(struct.value); + oprot.writeString(struct.message); + BitSet optionals = new BitSet(); + if (struct.isSetStack()) { + optionals.set(0); + } + oprot.writeBitSet(optionals, 1); + if (struct.isSetStack()) { + oprot.writeString(struct.stack); + } + } + + @Override + public void read(org.apache.thrift.protocol.TProtocol prot, TSentryResponseStatus struct) throws org.apache.thrift.TException { + TTupleProtocol iprot = (TTupleProtocol) prot; + struct.value = iprot.readI32(); + struct.setValueIsSet(true); + struct.message = iprot.readString(); + struct.setMessageIsSet(true); + BitSet incoming = iprot.readBitSet(1); + if (incoming.get(0)) { + struct.stack = iprot.readString(); + struct.setStackIsSet(true); + } + } + } + +} + http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/b86a53d1/sentry-service-client/src/gen/thrift/gen-javabean/org/apache/sentry/service/thrift/sentry_common_serviceConstants.java ---------------------------------------------------------------------- diff --git a/sentry-service-client/src/gen/thrift/gen-javabean/org/apache/sentry/service/thrift/sentry_common_serviceConstants.java b/sentry-service-client/src/gen/thrift/gen-javabean/org/apache/sentry/service/thrift/sentry_common_serviceConstants.java new file mode 100644 index 0000000..4fdeaeb --- /dev/null +++ b/sentry-service-client/src/gen/thrift/gen-javabean/org/apache/sentry/service/thrift/sentry_common_serviceConstants.java @@ -0,0 +1,50 @@ +/** + * Autogenerated by Thrift Compiler (0.9.0) + * + * DO NOT EDIT UNLESS YOU ARE SURE THAT YOU KNOW WHAT YOU ARE DOING + * @generated + */ +package org.apache.sentry.service.thrift; + +import org.apache.commons.lang.builder.HashCodeBuilder; +import org.apache.thrift.scheme.IScheme; +import org.apache.thrift.scheme.SchemeFactory; +import org.apache.thrift.scheme.StandardScheme; + +import org.apache.thrift.scheme.TupleScheme; +import org.apache.thrift.protocol.TTupleProtocol; +import org.apache.thrift.protocol.TProtocolException; +import org.apache.thrift.EncodingUtils; +import org.apache.thrift.TException; +import java.util.List; +import java.util.ArrayList; +import java.util.Map; +import java.util.HashMap; +import java.util.EnumMap; +import java.util.Set; +import java.util.HashSet; +import java.util.EnumSet; +import java.util.Collections; +import java.util.BitSet; +import java.nio.ByteBuffer; +import java.util.Arrays; +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; + +public class sentry_common_serviceConstants { + + public static final int TSENTRY_SERVICE_V1 = 1; + + public static final int TSENTRY_STATUS_OK = 0; + + public static final int TSENTRY_STATUS_ALREADY_EXISTS = 1; + + public static final int TSENTRY_STATUS_NO_SUCH_OBJECT = 2; + + public static final int TSENTRY_STATUS_RUNTIME_ERROR = 3; + + public static final int TSENTRY_STATUS_INVALID_INPUT = 4; + + public static final int TSENTRY_STATUS_ACCESS_DENIED = 5; + +} http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/b86a53d1/sentry-service-client/src/main/java/org/apache/sentry/service/thrift/ServiceConstants.java ---------------------------------------------------------------------- diff --git a/sentry-service-client/src/main/java/org/apache/sentry/service/thrift/ServiceConstants.java b/sentry-service-client/src/main/java/org/apache/sentry/service/thrift/ServiceConstants.java new file mode 100644 index 0000000..8a41a32 --- /dev/null +++ b/sentry-service-client/src/main/java/org/apache/sentry/service/thrift/ServiceConstants.java @@ -0,0 +1,160 @@ +/** + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package org.apache.sentry.service.thrift; + +import java.util.HashMap; +import java.util.Map; + +import javax.security.sasl.Sasl; + +import com.google.common.base.Splitter; +import com.google.common.collect.ImmutableMap; + +public class ServiceConstants { + + private static final ImmutableMap<String, String> SASL_PROPERTIES; + + static { + Map<String, String> saslProps = new HashMap<String, String>(); + saslProps.put(Sasl.SERVER_AUTH, "true"); + saslProps.put(Sasl.QOP, "auth-conf"); + SASL_PROPERTIES = ImmutableMap.copyOf(saslProps); + } + + public static class ConfUtilties { + public static final Splitter CLASS_SPLITTER = Splitter.onPattern("[\\s,]") + .trimResults().omitEmptyStrings(); + } + public static class ServiceArgs { + public static final String CONFIG_FILE_SHORT = "c"; + public static final String CONFIG_FILE_LONG = "conffile"; + } + + public static class ServerConfig { + public static final ImmutableMap<String, String> SASL_PROPERTIES = ServiceConstants.SASL_PROPERTIES; + /** + * This configuration parameter is only meant to be used for testing purposes. + */ + public static final String SECURITY_MODE = "sentry.service.security.mode"; + public static final String SECURITY_MODE_KERBEROS = "kerberos"; + public static final String SECURITY_MODE_NONE = "none"; + public static final String SECURITY_USE_UGI_TRANSPORT = "sentry.service.security.use.ugi"; + public static final String ADMIN_GROUPS = "sentry.service.admin.group"; + public static final String PRINCIPAL = "sentry.service.server.principal"; + public static final String KEY_TAB = "sentry.service.server.keytab"; + public static final String RPC_PORT = "sentry.service.server.rpc-port"; + public static final int RPC_PORT_DEFAULT = 8038; + public static final String RPC_ADDRESS = "sentry.service.server.rpc-address"; + public static final String RPC_ADDRESS_DEFAULT = "0.0.0.0"; + public static final String RPC_MAX_THREADS = "sentry.service.server-max-threads"; + public static final int RPC_MAX_THREADS_DEFAULT = 500; + public static final String RPC_MIN_THREADS = "sentry.service.server-min-threads"; + public static final int RPC_MIN_THREADS_DEFAULT = 10; + public static final String ALLOW_CONNECT = "sentry.service.allow.connect"; + + public static final String SENTRY_POLICY_STORE_PLUGINS = "sentry.policy.store.plugins"; + public static final String SENTRY_POLICY_STORE_PLUGINS_DEFAULT = ""; + + public static final String SENTRY_METASTORE_PLUGINS = "sentry.metastore.plugins"; + public static final String SENTRY_METASTORE_PLUGINS_DEFAULT = ""; + + public static final String PROCESSOR_FACTORIES = "sentry.service.processor.factories"; + public static final String PROCESSOR_FACTORIES_DEFAULT = + "org.apache.sentry.provider.db.service.thrift.SentryPolicyStoreProcessorFactory"; + public static final String SENTRY_STORE_JDBC_URL = "sentry.store.jdbc.url"; + public static final String SENTRY_STORE_JDBC_USER = "sentry.store.jdbc.user"; + public static final String SENTRY_STORE_JDBC_USER_DEFAULT = "Sentry"; + public static final String SENTRY_STORE_JDBC_PASS = "sentry.store.jdbc.password"; + public static final String SENTRY_STORE_JDBC_PASS_DEFAULT = "Sentry"; + public static final String SENTRY_STORE_JDBC_DRIVER = "sentry.store.jdbc.driver"; + public static final String SENTRY_STORE_JDBC_DRIVER_DEFAULT = "org.apache.derby.jdbc.EmbeddedDriver"; + + public static final String JAVAX_JDO_URL = "javax.jdo.option.ConnectionURL"; + public static final String JAVAX_JDO_USER = "javax.jdo.option.ConnectionUserName"; + public static final String JAVAX_JDO_PASS = "javax.jdo.option.ConnectionPassword"; + public static final String JAVAX_JDO_DRIVER_NAME = "javax.jdo.option.ConnectionDriverName"; + + public static final String SENTRY_DB_PROPERTY_PREFIX = "sentry."; + public static final String SENTRY_JAVAX_JDO_PROPERTY_PREFIX = SENTRY_DB_PROPERTY_PREFIX + "javax.jdo"; + public static final String SENTRY_DATANUCLEUS_PROPERTY_PREFIX = SENTRY_DB_PROPERTY_PREFIX + "datanucleus"; + + public static final String SENTRY_VERIFY_SCHEM_VERSION = "sentry.verify.schema.version"; + public static final String SENTRY_VERIFY_SCHEM_VERSION_DEFAULT = "true"; + + public static final String SENTRY_SERVICE_NAME = "sentry.service.name"; + public static final String SENTRY_SERVICE_NAME_DEFAULT = "Sentry-Service"; + + public static final String SENTRY_STORE_GROUP_MAPPING = "sentry.store.group.mapping"; + public static final String SENTRY_STORE_GROUP_MAPPING_RESOURCE = "sentry.store.group.mapping.resource"; + public static final String SENTRY_STORE_HADOOP_GROUP_MAPPING = "org.apache.sentry.provider.common.HadoopGroupMappingService"; + public static final String SENTRY_STORE_LOCAL_GROUP_MAPPING = "org.apache.sentry.provider.file.LocalGroupMappingService"; + public static final String SENTRY_STORE_GROUP_MAPPING_DEFAULT = SENTRY_STORE_HADOOP_GROUP_MAPPING; + + public static final String SENTRY_HDFS_INTEGRATION_ENABLE = "sentry.hdfs.integration.enable"; + public static final String SENTRY_HDFS_INTEGRATION_PATH_PREFIXES = "sentry.hdfs.integration.path.prefixes"; + + public static final ImmutableMap<String, String> SENTRY_STORE_DEFAULTS = + ImmutableMap.<String, String>builder() + .put("datanucleus.connectionPoolingType", "BoneCP") + .put("datanucleus.validateTables", "false") + .put("datanucleus.validateColumns", "false") + .put("datanucleus.validateConstraints", "false") + .put("datanucleus.storeManagerType", "rdbms") + .put("datanucleus.autoCreateSchema", "false") + .put("datanucleus.fixedDatastore", "true") + .put("datanucleus.autoStartMechanismMode", "checked") + .put("datanucleus.transactionIsolation", "read-committed") + .put("datanucleus.cache.level2", "false") + .put("datanucleus.cache.level2.type", "none") + .put("datanucleus.identifierFactory", "datanucleus1") + .put("datanucleus.rdbms.useLegacyNativeValueStrategy", "true") + .put("datanucleus.plugin.pluginRegistryBundleCheck", "LOG") + .put("javax.jdo.PersistenceManagerFactoryClass", + "org.datanucleus.api.jdo.JDOPersistenceManagerFactory") + .put("javax.jdo.option.DetachAllOnCommit", "true") + .put("javax.jdo.option.NonTransactionalRead", "false") + .put("javax.jdo.option.NonTransactionalWrite", "false") + .put("javax.jdo.option.Multithreaded", "true") + .build(); + + } + public static class ClientConfig { + public static final ImmutableMap<String, String> SASL_PROPERTIES = ServiceConstants.SASL_PROPERTIES; + public static final String SERVER_RPC_PORT = "sentry.service.client.server.rpc-port"; + public static final int SERVER_RPC_PORT_DEFAULT = ServerConfig.RPC_PORT_DEFAULT; + public static final String SERVER_RPC_ADDRESS = "sentry.service.client.server.rpc-address"; + public static final String SERVER_RPC_CONN_TIMEOUT = "sentry.service.client.server.rpc-connection-timeout"; + public static final int SERVER_RPC_CONN_TIMEOUT_DEFAULT = 200000; + } + + /** + * Thrift generates terrible constant class names + */ + public static class ThriftConstants extends org.apache.sentry.service.thrift.sentry_common_serviceConstants { + public static final int TSENTRY_SERVICE_VERSION_CURRENT = TSENTRY_SERVICE_V1; + } + + /* Privilege operation scope */ + public static enum PrivilegeScope { + SERVER, + URI, + DATABASE, + TABLE, + COLUMN + } +} http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/b86a53d1/sentry-service-client/src/main/resources/sentry_common_service.thrift ---------------------------------------------------------------------- diff --git a/sentry-service-client/src/main/resources/sentry_common_service.thrift b/sentry-service-client/src/main/resources/sentry_common_service.thrift new file mode 100644 index 0000000..9456274 --- /dev/null +++ b/sentry-service-client/src/main/resources/sentry_common_service.thrift @@ -0,0 +1,42 @@ +#!/usr/local/bin/thrift -java + +/** + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +include "share/fb303/if/fb303.thrift" + +namespace java org.apache.sentry.service.thrift +namespace php sentry.service.thrift +namespace cpp Apache.Sentry.Service.Thrift + +const i32 TSENTRY_SERVICE_V1 = 1; + +const i32 TSENTRY_STATUS_OK = 0; +const i32 TSENTRY_STATUS_ALREADY_EXISTS = 1; +const i32 TSENTRY_STATUS_NO_SUCH_OBJECT = 2; +const i32 TSENTRY_STATUS_RUNTIME_ERROR = 3; +const i32 TSENTRY_STATUS_INVALID_INPUT = 4; +const i32 TSENTRY_STATUS_ACCESS_DENIED = 5; + +struct TSentryResponseStatus { +1: required i32 value, +// message will be set to empty string when status is OK +2: required string message +3: optional string stack +} + http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/b86a53d1/sentry-service-client/src/main/resources/sentry_policy_service.thrift ---------------------------------------------------------------------- diff --git a/sentry-service-client/src/main/resources/sentry_policy_service.thrift b/sentry-service-client/src/main/resources/sentry_policy_service.thrift new file mode 100644 index 0000000..35a8036 --- /dev/null +++ b/sentry-service-client/src/main/resources/sentry_policy_service.thrift @@ -0,0 +1,247 @@ +#!/usr/local/bin/thrift -java + +/** + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +# +# Thrift Service that the MetaStore is built on +# + +include "share/fb303/if/fb303.thrift" +include "sentry_common_service.thrift" + +namespace java org.apache.sentry.provider.db.service.thrift +namespace php sentry.provider.db.service.thrift +namespace cpp Apache.Sentry.Provider.Db.Service.Thrift + +enum TSentryGrantOption { + TRUE = 1, + FALSE = 0, + # UNSET is used for revoke privilege, the component like 'hive' + # didn't support getting grant option, so use UNSET is stand + # for revoke both privileges with grant option and without grant + # option. + UNSET = -1 +} + +# Represents a Privilege in transport from the client to the server +struct TSentryPrivilege { +1: required string privilegeScope, # Valid values are SERVER, DATABASE, TABLE +3: required string serverName, +4: optional string dbName = "", +5: optional string tableName = "", +6: optional string URI = "", +7: required string action = "", +8: optional i64 createTime, # Set on server side +9: optional TSentryGrantOption grantOption = TSentryGrantOption.FALSE +} + +# TODO can this be deleted? it's not adding value to TAlterSentryRoleAddGroupsRequest +struct TSentryGroup { +1: required string groupName +} + +# CREATE ROLE r1 +struct TCreateSentryRoleRequest { +1: required i32 protocol_version = sentry_common_service.TSENTRY_SERVICE_V1, +2: required string requestorUserName, # user on whose behalf the request is issued +3: required string roleName, # TSentryRole is not required for this request +} +struct TCreateSentryRoleResponse { +1: required sentry_common_service.TSentryResponseStatus status +} + +# DROP ROLE r1 +struct TDropSentryRoleRequest { +1: required i32 protocol_version = sentry_common_service.TSENTRY_SERVICE_V1, +2: required string requestorUserName, # user on whose behalf the request is issued +3: required string roleName # role to drop +} +struct TDropSentryRoleResponse { +1: required sentry_common_service.TSentryResponseStatus status +} + +# GRANT ROLE r1 TO GROUP g1 +struct TAlterSentryRoleAddGroupsRequest { +1: required i32 protocol_version = sentry_common_service.TSENTRY_SERVICE_V1, +2: required string requestorUserName, # user on whose behalf the request is issued +3: required string roleName, +5: required set<TSentryGroup> groups +} + +struct TAlterSentryRoleAddGroupsResponse { +1: required sentry_common_service.TSentryResponseStatus status +} + +# REVOLE ROLE r1 FROM GROUP g1 +struct TAlterSentryRoleDeleteGroupsRequest { +1: required i32 protocol_version = sentry_common_service.TSENTRY_SERVICE_V1, +2: required string requestorUserName, # user on whose behalf the request is issued +3: required string roleName, +5: required set<TSentryGroup> groups +} +struct TAlterSentryRoleDeleteGroupsResponse { +1: required sentry_common_service.TSentryResponseStatus status +} + +# GRANT ... ON ... TO ROLE ... +struct TAlterSentryRoleGrantPrivilegeRequest { +1: required i32 protocol_version = sentry_common_service.TSENTRY_SERVICE_V1, +2: required string requestorUserName, # user on whose behalf the request is issued +3: required string roleName, +5: required TSentryPrivilege privilege +} +struct TAlterSentryRoleGrantPrivilegeResponse { +1: required sentry_common_service.TSentryResponseStatus status +2: optional TSentryPrivilege privilege +} + +# REVOKE ... ON ... FROM ROLE ... +struct TAlterSentryRoleRevokePrivilegeRequest { +1: required i32 protocol_version = sentry_common_service.TSENTRY_SERVICE_V1, +2: required string requestorUserName, # user on whose behalf the request is issued +3: required string roleName, +5: required TSentryPrivilege privilege +} +struct TAlterSentryRoleRevokePrivilegeResponse { +1: required sentry_common_service.TSentryResponseStatus status +} + +# SHOW ROLE GRANT +struct TListSentryRolesRequest { +1: required i32 protocol_version = sentry_common_service.TSENTRY_SERVICE_V1, +2: required string requestorUserName, # user on whose behalf the request is issued +3: optional string groupName # for this group, or all roles for all groups if null +} +# used only for TListSentryRolesResponse +struct TSentryRole { +1: required string roleName, +2: required set<TSentryGroup> groups, +3: required string grantorPrincipal #Deprecated +} +struct TListSentryRolesResponse { +1: required sentry_common_service.TSentryResponseStatus status +2: optional set<TSentryRole> roles +} + +struct TSentryAuthorizable { +1: required string server, +2: optional string uri, +3: optional string db, +4: optional string table, +} + +# SHOW GRANT +struct TListSentryPrivilegesRequest { +1: required i32 protocol_version = sentry_common_service.TSENTRY_SERVICE_V1, +2: required string requestorUserName, # user on whose behalf the request is issued +4: required string roleName, # get privileges assigned for this role +5: optional TSentryAuthorizable authorizableHierarchy # get privileges assigned for this role +} +struct TListSentryPrivilegesResponse { +1: required sentry_common_service.TSentryResponseStatus status +2: optional set<TSentryPrivilege> privileges +} + +# Drop privilege +struct TDropPrivilegesRequest { +1: required i32 protocol_version = sentry_common_service.TSENTRY_SERVICE_V1, +2: required string requestorUserName, # user on whose behalf the request is issued +3: required TSentryAuthorizable authorizable +} + +struct TDropPrivilegesResponse { +1: required sentry_common_service.TSentryResponseStatus status +} + +struct TRenamePrivilegesRequest { +1: required i32 protocol_version = sentry_common_service.TSENTRY_SERVICE_V1, +2: required string requestorUserName, # user on whose behalf the request is issued +3: required TSentryAuthorizable oldAuthorizable +4: required TSentryAuthorizable newAuthorizable +} + +struct TRenamePrivilegesResponse { +1: required sentry_common_service.TSentryResponseStatus status +} + +# This API was created specifically for ProviderBackend.getPrivileges +# and is not mean for general purpose privilege retrieval. +# This request/response pair are created specifically so we can +# efficiently obtain the specific privilges for a user query +struct TSentryActiveRoleSet { +1: required bool all, +2: required set<string> roles, +} +struct TListSentryPrivilegesForProviderRequest { +1: required i32 protocol_version = sentry_common_service.TSENTRY_SERVICE_V1, +2: required set<string> groups, +3: required TSentryActiveRoleSet roleSet, +4: optional TSentryAuthorizable authorizableHierarchy, +} +struct TListSentryPrivilegesForProviderResponse { +1: required sentry_common_service.TSentryResponseStatus status +2: required set<string> privileges +} + +# List role:set<privileges> for the given authorizable +# Optionally use the set of groups to filter the roles +struct TSentryPrivilegeMap { +1: required map<string, set<TSentryPrivilege>> privilegeMap +} +struct TListSentryPrivilegesByAuthRequest { +1: required i32 protocol_version = sentry_common_service.TSENTRY_SERVICE_V1, +2: required string requestorUserName, # user on whose behalf the request is issued +3: required set<TSentryAuthorizable> authorizableSet, +4: optional set<string> groups, +5: optional TSentryActiveRoleSet roleSet +} +struct TListSentryPrivilegesByAuthResponse { +1: required sentry_common_service.TSentryResponseStatus status, +2: optional map<TSentryAuthorizable, TSentryPrivilegeMap> privilegesMapByAuth # will not be set in case of an error +} + +service SentryPolicyService +{ + TCreateSentryRoleResponse create_sentry_role(1:TCreateSentryRoleRequest request) + TDropSentryRoleResponse drop_sentry_role(1:TDropSentryRoleRequest request) + + TAlterSentryRoleGrantPrivilegeResponse alter_sentry_role_grant_privilege(1:TAlterSentryRoleGrantPrivilegeRequest request) + TAlterSentryRoleRevokePrivilegeResponse alter_sentry_role_revoke_privilege(1:TAlterSentryRoleRevokePrivilegeRequest request) + + TAlterSentryRoleAddGroupsResponse alter_sentry_role_add_groups(1:TAlterSentryRoleAddGroupsRequest request) + TAlterSentryRoleDeleteGroupsResponse alter_sentry_role_delete_groups(1:TAlterSentryRoleDeleteGroupsRequest request) + + TListSentryRolesResponse list_sentry_roles_by_group(1:TListSentryRolesRequest request) + + TListSentryPrivilegesResponse list_sentry_privileges_by_role(1:TListSentryPrivilegesRequest request) + + # For use with ProviderBackend.getPrivileges only + TListSentryPrivilegesForProviderResponse list_sentry_privileges_for_provider(1:TListSentryPrivilegesForProviderRequest request) + + TDropPrivilegesResponse drop_sentry_privilege(1:TDropPrivilegesRequest request); + + TRenamePrivilegesResponse rename_sentry_privilege(1:TRenamePrivilegesRequest request); + + # HMS Path cache + void handle_hms_notification(1:TPathsUpdate pathsUpdate); + + TRenamePrivilegesResponse rename_sentry_privilege(1:TRenamePrivilegesRequest request); + + TListSentryPrivilegesByAuthResponse list_sentry_privileges_by_authorizable(1:TListSentryPrivilegesByAuthRequest request); +} http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/b86a53d1/sentry-tests/sentry-tests-hive/pom.xml ---------------------------------------------------------------------- diff --git a/sentry-tests/sentry-tests-hive/pom.xml b/sentry-tests/sentry-tests-hive/pom.xml index 10415fc..769afb5 100644 --- a/sentry-tests/sentry-tests-hive/pom.xml +++ b/sentry-tests/sentry-tests-hive/pom.xml @@ -212,6 +212,11 @@ limitations under the License. </dependency> <dependency> <groupId>org.apache.sentry</groupId> + <artifactId>sentry-service-client</artifactId> + <scope>test</scope> + </dependency> + <dependency> + <groupId>org.apache.sentry</groupId> <artifactId>sentry-provider-db</artifactId> <scope>test</scope> </dependency> http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/b86a53d1/sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/metastore/AbstractMetastoreTestWithStaticConfiguration.java ---------------------------------------------------------------------- diff --git a/sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/metastore/AbstractMetastoreTestWithStaticConfiguration.java b/sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/metastore/AbstractMetastoreTestWithStaticConfiguration.java index 45d24f9..c759620 100644 --- a/sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/metastore/AbstractMetastoreTestWithStaticConfiguration.java +++ b/sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/metastore/AbstractMetastoreTestWithStaticConfiguration.java @@ -38,7 +38,9 @@ import org.apache.hadoop.hive.serde.serdeConstants; import org.apache.hadoop.hive.shims.ShimLoader; import org.apache.hadoop.security.UserGroupInformation; import org.apache.pig.PigServer; +import org.apache.sentry.provider.db.service.thrift.SentryPolicyServiceClient; import org.apache.sentry.provider.file.PolicyFile; +import org.apache.sentry.service.thrift.SentryServiceClientFactory; import org.apache.sentry.tests.e2e.hive.AbstractTestWithStaticConfiguration; import org.apache.sentry.tests.e2e.hive.hiveserver.HiveServerFactory.HiveServer2Type; import org.junit.After; @@ -50,6 +52,7 @@ public abstract class AbstractMetastoreTestWithStaticConfiguration extends @BeforeClass public static void setupTestStaticConfiguration() throws Exception { useSentryService = true; + setMetastoreListener = true; testServerType = HiveServer2Type.InternalMetastore.name(); AbstractTestWithStaticConfiguration.setupTestStaticConfiguration(); } http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/b86a53d1/sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/metastore/TestMetastoreEndToEnd.java ---------------------------------------------------------------------- diff --git a/sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/metastore/TestMetastoreEndToEnd.java b/sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/metastore/TestMetastoreEndToEnd.java index 8ce78bc..90428cb 100644 --- a/sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/metastore/TestMetastoreEndToEnd.java +++ b/sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/metastore/TestMetastoreEndToEnd.java @@ -105,19 +105,42 @@ public class TestMetastoreEndToEnd extends * Setup admin privileges for user ADMIN1 verify user can create DB and tables * @throws Exception */ - @Test - public void testServerPrivileges() throws Exception { - String tabName = "tab1"; - HiveMetaStoreClient client = context.getMetaStoreClient(ADMIN1); - client.dropDatabase(dbName, true, true, true); - - createMetastoreDB(client, dbName); - createMetastoreTable(client, dbName, tabName, - Lists.newArrayList(new FieldSchema("col1", "int", ""))); - assertEquals(1, client.getTables(dbName, tabName).size()); - client.dropTable(dbName, tabName); - client.dropDatabase(dbName, true, true, true); - } +// @Test +// public void testServerPrivileges() throws Exception { +// String tabName = "tab1"; +// HiveMetaStoreClient client = context.getMetaStoreClient(ADMIN1); +// client.dropDatabase(dbName, true, true, true); +// +// createMetastoreDB(client, dbName); +// createMetastoreTable(client, dbName, tabName, +// Lists.newArrayList(new FieldSchema("col1", "int", ""))); +// assertEquals(1, client.getTables(dbName, tabName).size()); +// +// AuthzPathsCache authzPathCache = new AuthzPathsCache(null, new String[]{"/"}, 0); +// SentryPolicyServiceClient sentryClient = new SentryServiceClientFactory().create(sentryConf); +// waitToCommit(authzPathCache, sentryClient); +// assertEquals("/%PREFIX[data%DIR[db_1.db%AUTHZ_OBJECT#db_1[tab1%AUTHZ_OBJECT#db_1.tab1[]]]]", authzPathCache.serializeAllPaths()); +// client.dropTable(dbName, tabName); +// client.dropDatabase(dbName, true, true, true); +// waitToCommit(authzPathCache, sentryClient); +// assertEquals("/%PREFIX[]", authzPathCache.serializeAllPaths()); +// } +// +// private void waitToCommit(AuthzPathsCache authzPathCache, SentryPolicyServiceClient sentryClient) +// throws Exception { +// SentryAuthzUpdate allUpdates = sentryClient.getAllUpdatesFrom(0, 0); +// for (HMSUpdate update : allUpdates.pathUpdates) { +// authzPathCache.handleUpdateNotification(update); +// } +// int counter = 0; +// while(!authzPathCache.areAllUpdatesCommited()) { +// Thread.sleep(200); +// counter++; +// if (counter > 10000) { +// fail("Updates taking too long to commit !!"); +// } +// } +// } /** * verify non-admin user can not create or drop DB
