SENTRY-986: Apply PMD plugin to Sentry source (Colm O hEigeartaigh via Lenni Kuff)
Change-Id: Ied167f439bdf9c3bdfea7853801ed4f21d7aaede Project: http://git-wip-us.apache.org/repos/asf/incubator-sentry/repo Commit: http://git-wip-us.apache.org/repos/asf/incubator-sentry/commit/95b1e40e Tree: http://git-wip-us.apache.org/repos/asf/incubator-sentry/tree/95b1e40e Diff: http://git-wip-us.apache.org/repos/asf/incubator-sentry/diff/95b1e40e Branch: refs/heads/master Commit: 95b1e40e7062343f05e131afaea0a97bbf71ba4f Parents: 5a827f6 Author: Lenni Kuff <lsk...@cloudera.com> Authored: Wed Jan 20 22:50:42 2016 -0800 Committer: Lenni Kuff <lsk...@cloudera.com> Committed: Wed Jan 20 22:50:42 2016 -0800 ---------------------------------------------------------------------- build-tools/sentry-pmd-ruleset.xml | 39 +++++++++ pom.xml | 60 +++++++++++++ .../v2/authorizer/DefaultSentryValidator.java | 6 +- .../v2/metastore/AuthorizingObjectStoreV2.java | 1 - .../SentryMetastorePostEventListenerV2.java | 4 +- .../hive/ql/exec/SentryFilterDDLTask.java | 1 - .../hive/ql/exec/SentryGrantRevokeTask.java | 22 ++--- .../ql/exec/SentryHivePrivilegeObjectDesc.java | 3 - .../binding/hive/HiveAuthzBindingHook.java | 33 ++----- .../hive/HiveAuthzBindingSessionHook.java | 1 - .../SentryHiveAuthorizationTaskFactoryImpl.java | 7 +- .../hive/SentryOnFailureHookContext.java | 24 ++--- .../binding/hive/SentryPolicyFileFormatter.java | 4 +- .../binding/hive/authz/HiveAuthzBinding.java | 2 - .../hive/authz/HiveAuthzPrivilegesMap.java | 7 -- .../binding/hive/authz/SentryConfigTool.java | 7 +- .../sentry/binding/hive/conf/HiveAuthzConf.java | 1 - .../metastore/AuthorizingObjectStore.java | 1 - .../metastore/MetastoreAuthzBinding.java | 6 +- .../metastore/SentryHiveMetaStoreClient.java | 3 - .../metastore/SentryMetaStoreFilterHook.java | 7 +- .../SentryMetastorePostEventListener.java | 6 +- .../binding/solr/authz/SolrAuthzBinding.java | 4 +- .../authz/SentryAuthorizationValidator.java | 2 +- .../sentry/sqoop/binding/SqoopAuthBinding.java | 4 +- .../main/java/org/apache/sentry/Command.java | 2 +- .../main/java/org/apache/sentry/SentryMain.java | 7 +- .../org/apache/sentry/core/common/Action.java | 4 +- .../apache/sentry/core/common/Authorizable.java | 4 +- .../sentry/core/common/BitFieldAction.java | 2 +- .../sentry/core/common/utils/PathUtils.java | 9 +- .../core/model/db/DBModelAuthorizable.java | 2 +- .../model/indexer/IndexerModelAuthorizable.java | 2 +- .../core/indexer/TestIndexerBitFieldAction.java | 2 - .../model/search/SearchModelAuthorizable.java | 2 +- .../core/search/TestSearchBitFieldAction.java | 2 - .../core/model/sqoop/SqoopActionFactory.java | 3 +- .../core/model/sqoop/SqoopAuthorizable.java | 4 +- .../apache/sentry/hdfs/AuthzPathsDumper.java | 4 +- .../apache/sentry/hdfs/AuthzPermissions.java | 2 +- .../java/org/apache/sentry/hdfs/HMSPaths.java | 24 ++--- .../org/apache/sentry/hdfs/HMSPathsDumper.java | 4 +- .../sentry/hdfs/SentryHDFSServiceClient.java | 12 ++- .../java/org/apache/sentry/hdfs/Updateable.java | 12 +-- .../sentry/hdfs/UpdateableAuthzPaths.java | 18 ++-- .../hdfs/ha/HdfsHAClientInvocationHandler.java | 68 +++++++-------- .../sentry/hdfs/TestHMSPathsFullDump.java | 4 - .../sentry/hdfs/TestKrbConnectionTimeout.java | 9 -- .../server/namenode/AuthorizationProvider.java | 20 ++--- .../hdfs/SentryAuthorizationConstants.java | 2 +- .../sentry/hdfs/SentryAuthorizationInfo.java | 5 +- .../hdfs/SentryAuthorizationProvider.java | 2 +- .../apache/sentry/hdfs/SentryPermissions.java | 4 +- .../org/apache/sentry/hdfs/SentryUpdater.java | 1 - .../sentry/hdfs/UpdateableAuthzPermissions.java | 1 - .../sentry/hdfs/MetastoreCacheInitializer.java | 23 +++-- .../org/apache/sentry/hdfs/MetastorePlugin.java | 4 +- .../apache/sentry/hdfs/PluginCacheSyncUtil.java | 4 +- .../org/apache/sentry/hdfs/SentryPlugin.java | 5 -- .../org/apache/sentry/hdfs/UpdateForwarder.java | 17 ++-- .../sentry/hdfs/UpdateForwarderWithHA.java | 10 --- .../sentry/hdfs/UpdateablePermissions.java | 2 - .../sentry/hdfs/TestHAUpdateForwarder.java | 2 - .../sentry/policy/common/PolicyEngine.java | 11 ++- .../apache/sentry/policy/common/Privilege.java | 2 +- .../policy/common/PrivilegeValidator.java | 2 +- .../sentry/policy/db/DBWildcardPrivilege.java | 4 - .../sentry/policy/db/SimpleDBPolicyEngine.java | 3 +- ...SearchAuthorizationProviderGeneralCases.java | 1 - .../policy/sqoop/ServerNameRequiredMatch.java | 2 +- .../sentry/provider/cache/PrivilegeCache.java | 4 +- .../cache/SimpleCacheProviderBackend.java | 8 +- .../provider/common/AuthorizationProvider.java | 18 ++-- .../provider/common/GroupMappingService.java | 2 +- .../common/HadoopGroupMappingService.java | 4 - ...adoopGroupResourceAuthorizationProvider.java | 4 +- .../apache/sentry/provider/common/KeyValue.java | 21 +++-- .../common/NoAuthorizationProvider.java | 1 - .../sentry/provider/common/ProviderBackend.java | 10 +-- .../common/ResourceAuthorizationProvider.java | 27 +++--- .../provider/common/TestGetGroupMapping.java | 1 - .../provider/db/SentryPolicyStorePlugin.java | 18 ++-- .../provider/db/SimpleDBProviderBackend.java | 6 +- .../generic/SentryGenericProviderBackend.java | 2 +- .../service/persistent/DelegateSentryStore.java | 8 +- .../service/persistent/PrivilegeObject.java | 36 +++++--- .../persistent/PrivilegeOperatePersistence.java | 26 +++--- .../service/persistent/SentryStoreLayer.java | 26 +++--- .../service/thrift/NotificationHandler.java | 32 ++----- .../thrift/NotificationHandlerInvoker.java | 16 ---- .../thrift/SentryGenericPolicyProcessor.java | 13 +-- .../thrift/SentryGenericServiceClient.java | 34 ++++---- .../SentryGenericServiceClientDefaultImpl.java | 8 +- .../RollingFileWithoutDeleteAppender.java | 1 - .../provider/db/log/entity/JsonLogEntity.java | 2 +- .../db/service/model/MSentryGMPrivilege.java | 61 ++++++++----- .../provider/db/service/model/MSentryGroup.java | 20 +++-- .../db/service/model/MSentryPrivilege.java | 57 +++++++----- .../provider/db/service/model/MSentryRole.java | 15 ++-- .../persistent/FixedJsonInstanceSerializer.java | 4 +- .../db/service/persistent/HAContext.java | 5 -- .../db/service/persistent/SentryStore.java | 81 ++++++++--------- .../db/service/persistent/ServiceManager.java | 2 - .../db/service/persistent/ServiceRegister.java | 1 - .../thrift/SentryPolicyServiceClient.java | 92 ++++++++++---------- .../SentryPolicyServiceClientDefaultImpl.java | 12 +-- .../thrift/SentryPolicyStoreProcessor.java | 31 +++---- .../db/service/thrift/SentryWebServer.java | 2 +- .../provider/db/tools/SentrySchemaHelper.java | 29 +++--- .../provider/db/tools/SentrySchemaTool.java | 6 +- .../provider/db/tools/command/hive/Command.java | 2 +- .../db/tools/command/hive/CommandUtil.java | 7 +- .../thrift/HAClientInvocationHandler.java | 52 ++++++----- .../thrift/PoolClientInvocationHandler.java | 4 +- .../sentry/service/thrift/ServiceConstants.java | 2 +- .../TestSentryStoreToAuthorizable.java | 22 ++--- .../sentry/provider/file/PolicyFiles.java | 1 - .../file/SimpleFileProviderBackend.java | 31 +++---- .../RollingFileWithoutDeleteAppender.java | 1 - .../solr/sentry/SecureRequestHandlerUtil.java | 1 - .../SentryIndexAuthorizationSingleton.java | 4 +- .../solr/handler/admin/SecureAdminHandlers.java | 3 - .../handler/admin/SecureCollectionsHandler.java | 2 - .../solr/handler/admin/SecureInfoHandler.java | 3 - .../QueryDocAuthorizationComponent.java | 10 +-- .../QueryIndexAuthorizationComponent.java | 4 - .../UpdateIndexAuthorizationProcessor.java | 6 +- ...pdateIndexAuthorizationProcessorFactory.java | 1 - .../handler/TestSecureReplicationHandler.java | 1 - .../handler/admin/SecureAdminHandlersTest.java | 6 -- .../admin/SecureCoreAdminHandlerTest.java | 2 - .../handler/admin/SecureInfoHandlerTest.java | 4 - .../UpdateIndexAuthorizationProcessorTest.java | 2 +- 133 files changed, 739 insertions(+), 762 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/95b1e40e/build-tools/sentry-pmd-ruleset.xml ---------------------------------------------------------------------- diff --git a/build-tools/sentry-pmd-ruleset.xml b/build-tools/sentry-pmd-ruleset.xml new file mode 100644 index 0000000..87a761c --- /dev/null +++ b/build-tools/sentry-pmd-ruleset.xml @@ -0,0 +1,39 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!-- + Licensed to the Apache Software Foundation (ASF) under one + or more contributor license agreements. See the NOTICE file + distributed with this work for additional information + regarding copyright ownership. The ASF licenses this file + to you under the Apache License, Version 2.0 (the + "License"); you may not use this file except in compliance + with the License. You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, + software distributed under the License is distributed on an + "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + KIND, either express or implied. See the License for the + specific language governing permissions and limitations + under the License. +--> +<ruleset name="sentry-pmd" xmlns="http://pmd.sourceforge.net/ruleset/2.0.0"; + xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"; + xsi:schemaLocation="http://pmd.sourceforge.net/ruleset/2.0.0 http://pmd.sourceforge.net/ruleset_2_0_0.xsd";> + <description> + A PMD ruleset for Apache Sentry + </description> + + <rule ref="rulesets/java/basic.xml"/> + <rule ref="rulesets/java/unusedcode.xml"/> + <rule ref="rulesets/java/imports.xml"/> + <rule ref="rulesets/java/braces.xml"/> + <rule ref="rulesets/java/empty.xml"> + <exclude name="EmptyCatchBlock" /> + </rule> + <rule ref="rulesets/java/migrating.xml"/> + <rule ref="rulesets/java/unnecessary.xml"> + <exclude name="UselessParentheses" /> + </rule> + +</ruleset> http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/95b1e40e/pom.xml ---------------------------------------------------------------------- diff --git a/pom.xml b/pom.xml index 6210454..0475f69 100644 --- a/pom.xml +++ b/pom.xml @@ -50,6 +50,7 @@ limitations under the License. <properties> <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding> + <buildtools.dir>${basedir}/build-tools</buildtools.dir> <maven.compile.source>1.7</maven.compile.source> <maven.compile.target>1.7</maven.compile.target> <!-- versions are in alphabetical order --> @@ -623,6 +624,33 @@ limitations under the License. </plugin> <plugin> <groupId>org.apache.maven.plugins</groupId> + <artifactId>maven-pmd-plugin</artifactId> + <version>3.5</version> + <configuration> + <rulesets> + <ruleset>${buildtools.dir}/sentry-pmd-ruleset.xml</ruleset> + </rulesets> + <sourceEncoding>UTF-8</sourceEncoding> + <failOnViolation>true</failOnViolation> + <linkXRef>false</linkXRef> + <verbose>true</verbose> + <targetJdk>${targetJdk}</targetJdk> + <excludeRoots> + <excludeRoot>${basedir}/src/main/generated</excludeRoot> + </excludeRoots> + </configuration> + <executions> + <execution> + <id>validate</id> + <phase>validate</phase> + <goals> + <goal>check</goal> + </goals> + </execution> + </executions> + </plugin> + <plugin> + <groupId>org.apache.maven.plugins</groupId> <artifactId>maven-eclipse-plugin</artifactId> <version>${maven.eclipse.plugin.version}</version> <configuration> @@ -818,6 +846,38 @@ limitations under the License. </pluginManagement> </build> + <profiles> + <profile> + <id>nochecks</id> + <properties> + <pmd.skip>true</pmd.skip> + </properties> + </profile> + <profile> + <id>activate-buildtools-in-module</id> + <activation> + <file> + <exists>${basedir}/../build-tools/sentry-pmd-ruleset.xml</exists> + </file> + </activation> + <properties> + <buildtools.dir>${basedir}/../build-tools</buildtools.dir> + </properties> + </profile> + <profile> + <id>activate-buildtools-in-submodule</id> + <activation> + <file> + <exists>${basedir}/../../build-tools/sentry-pmd-ruleset.xml</exists> + </file> + </activation> + <properties> + <buildtools.dir>${basedir}/../../build-tools</buildtools.dir> + </properties> + </profile> + + </profiles> + <repositories> <repository> <id>apache</id> http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/95b1e40e/sentry-binding/sentry-binding-hive-v2/src/main/java/org/apache/sentry/binding/hive/v2/authorizer/DefaultSentryValidator.java ---------------------------------------------------------------------- diff --git a/sentry-binding/sentry-binding-hive-v2/src/main/java/org/apache/sentry/binding/hive/v2/authorizer/DefaultSentryValidator.java b/sentry-binding/sentry-binding-hive-v2/src/main/java/org/apache/sentry/binding/hive/v2/authorizer/DefaultSentryValidator.java index 2bc8aad..70e0720 100644 --- a/sentry-binding/sentry-binding-hive-v2/src/main/java/org/apache/sentry/binding/hive/v2/authorizer/DefaultSentryValidator.java +++ b/sentry-binding/sentry-binding-hive-v2/src/main/java/org/apache/sentry/binding/hive/v2/authorizer/DefaultSentryValidator.java @@ -338,9 +338,9 @@ public class DefaultSentryValidator extends SentryHiveAuthorizationValidator { Table currTbl = Table.ALL; Database currDB = new Database(currDatabase); Column currCol = Column.ALL; - if ((DEFAULT_DATABASE_NAME.equalsIgnoreCase(currDatabase) && "false" + if (DEFAULT_DATABASE_NAME.equalsIgnoreCase(currDatabase) && "false" .equalsIgnoreCase(authzConf.get( - HiveAuthzConf.AuthzConfVars.AUTHZ_RESTRICT_DEFAULT_DB.getVar(), "false")))) { + HiveAuthzConf.AuthzConfVars.AUTHZ_RESTRICT_DEFAULT_DB.getVar(), "false"))) { currDB = Database.ALL; currTbl = Table.SOME; } @@ -419,7 +419,6 @@ public class DefaultSentryValidator extends SentryHiveAuthorizationValidator { // squash the exception, user doesn't have privileges, so the table is // not added to // filtered list. - ; } } return filteredResult; @@ -473,7 +472,6 @@ public class DefaultSentryValidator extends SentryHiveAuthorizationValidator { // squash the exception, user doesn't have privileges, so the table is // not added to // filtered list. - ; } } return filteredResult; http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/95b1e40e/sentry-binding/sentry-binding-hive-v2/src/main/java/org/apache/sentry/binding/hive/v2/metastore/AuthorizingObjectStoreV2.java ---------------------------------------------------------------------- diff --git a/sentry-binding/sentry-binding-hive-v2/src/main/java/org/apache/sentry/binding/hive/v2/metastore/AuthorizingObjectStoreV2.java b/sentry-binding/sentry-binding-hive-v2/src/main/java/org/apache/sentry/binding/hive/v2/metastore/AuthorizingObjectStoreV2.java index ff648ff..726f5ad 100644 --- a/sentry-binding/sentry-binding-hive-v2/src/main/java/org/apache/sentry/binding/hive/v2/metastore/AuthorizingObjectStoreV2.java +++ b/sentry-binding/sentry-binding-hive-v2/src/main/java/org/apache/sentry/binding/hive/v2/metastore/AuthorizingObjectStoreV2.java @@ -39,7 +39,6 @@ import org.apache.hadoop.hive.metastore.api.Table; import org.apache.hadoop.hive.metastore.api.UnknownDBException; import org.apache.hadoop.hive.ql.parse.SemanticException; import org.apache.hadoop.hive.ql.plan.HiveOperation; -import org.apache.hadoop.hive.shims.ShimLoader; import org.apache.hadoop.hive.shims.Utils; import org.apache.sentry.binding.hive.HiveAuthzBindingHook; import org.apache.sentry.binding.hive.authz.HiveAuthzBinding; http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/95b1e40e/sentry-binding/sentry-binding-hive-v2/src/main/java/org/apache/sentry/binding/hive/v2/metastore/SentryMetastorePostEventListenerV2.java ---------------------------------------------------------------------- diff --git a/sentry-binding/sentry-binding-hive-v2/src/main/java/org/apache/sentry/binding/hive/v2/metastore/SentryMetastorePostEventListenerV2.java b/sentry-binding/sentry-binding-hive-v2/src/main/java/org/apache/sentry/binding/hive/v2/metastore/SentryMetastorePostEventListenerV2.java index a72e745..013d016 100644 --- a/sentry-binding/sentry-binding-hive-v2/src/main/java/org/apache/sentry/binding/hive/v2/metastore/SentryMetastorePostEventListenerV2.java +++ b/sentry-binding/sentry-binding-hive-v2/src/main/java/org/apache/sentry/binding/hive/v2/metastore/SentryMetastorePostEventListenerV2.java @@ -40,7 +40,7 @@ public class SentryMetastorePostEventListenerV2 extends SentryMetastorePostEvent Iterator<Partition> it = partitionEvent.getPartitionIterator(); while (it.hasNext()) { Partition part = it.next(); - if ((part.getSd() != null) && (part.getSd().getLocation() != null)) { + if (part.getSd() != null && part.getSd().getLocation() != null) { String authzObj = part.getDbName() + "." + part.getTableName(); String path = part.getSd().getLocation(); for (SentryMetastoreListenerPlugin plugin : sentryPlugins) { @@ -60,7 +60,7 @@ public class SentryMetastorePostEventListenerV2 extends SentryMetastorePostEvent Iterator<Partition> it = partitionEvent.getPartitionIterator(); while (it.hasNext()) { Partition part = it.next(); - if ((part.getSd() != null) && (part.getSd().getLocation() != null)) { + if (part.getSd() != null && part.getSd().getLocation() != null) { String path = part.getSd().getLocation(); for (SentryMetastoreListenerPlugin plugin : sentryPlugins) { plugin.removePath(authzObj, path); http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/95b1e40e/sentry-binding/sentry-binding-hive/src/main/java/org/apache/hadoop/hive/ql/exec/SentryFilterDDLTask.java ---------------------------------------------------------------------- diff --git a/sentry-binding/sentry-binding-hive/src/main/java/org/apache/hadoop/hive/ql/exec/SentryFilterDDLTask.java b/sentry-binding/sentry-binding-hive/src/main/java/org/apache/hadoop/hive/ql/exec/SentryFilterDDLTask.java index d47ca3b..8838368 100644 --- a/sentry-binding/sentry-binding-hive/src/main/java/org/apache/hadoop/hive/ql/exec/SentryFilterDDLTask.java +++ b/sentry-binding/sentry-binding-hive/src/main/java/org/apache/hadoop/hive/ql/exec/SentryFilterDDLTask.java @@ -20,7 +20,6 @@ import static org.apache.hadoop.util.StringUtils.stringifyException; import java.io.DataOutputStream; import java.io.IOException; -import java.util.ArrayList; import java.util.List; import org.apache.commons.logging.Log; http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/95b1e40e/sentry-binding/sentry-binding-hive/src/main/java/org/apache/hadoop/hive/ql/exec/SentryGrantRevokeTask.java ---------------------------------------------------------------------- diff --git a/sentry-binding/sentry-binding-hive/src/main/java/org/apache/hadoop/hive/ql/exec/SentryGrantRevokeTask.java b/sentry-binding/sentry-binding-hive/src/main/java/org/apache/hadoop/hive/ql/exec/SentryGrantRevokeTask.java index 1e2b3b9..5e2d8a1 100644 --- a/sentry-binding/sentry-binding-hive/src/main/java/org/apache/hadoop/hive/ql/exec/SentryGrantRevokeTask.java +++ b/sentry-binding/sentry-binding-hive/src/main/java/org/apache/hadoop/hive/ql/exec/SentryGrantRevokeTask.java @@ -130,23 +130,23 @@ public class SentryGrantRevokeTask extends Task<DDLWork> implements Serializable "Config " + AuthzConfVars.AUTHZ_SERVER_NAME.getVar() + " is required"); try { if (work.getRoleDDLDesc() != null) { - return processRoleDDL(conf, console, sentryClient, subject.getName(), + return processRoleDDL(console, sentryClient, subject.getName(), hiveAuthzBinding, work.getRoleDDLDesc()); } if (work.getGrantDesc() != null) { - return processGrantDDL(conf, console, sentryClient, + return processGrantDDL(console, sentryClient, subject.getName(), server, work.getGrantDesc()); } if (work.getRevokeDesc() != null) { - return processRevokeDDL(conf, console, sentryClient, + return processRevokeDDL(console, sentryClient, subject.getName(), server, work.getRevokeDesc()); } if (work.getShowGrantDesc() != null) { - return processShowGrantDDL(conf, console, sentryClient, subject.getName(), server, + return processShowGrantDDL(console, sentryClient, subject.getName(), work.getShowGrantDesc()); } if (work.getGrantRevokeRoleDDL() != null) { - return processGrantRevokeRoleDDL(conf, console, sentryClient, + return processGrantRevokeRoleDDL(console, sentryClient, subject.getName(), work.getGrantRevokeRoleDDL()); } throw new AssertionError( @@ -217,7 +217,7 @@ public class SentryGrantRevokeTask extends Task<DDLWork> implements Serializable this.stmtOperation = stmtOperation; } - private int processRoleDDL(HiveConf conf, LogHelper console, + private int processRoleDDL(LogHelper console, SentryPolicyServiceClient sentryClient, String subject, HiveAuthzBinding hiveAuthzBinding, RoleDDLDesc desc) throws SentryUserException { @@ -280,7 +280,7 @@ public class SentryGrantRevokeTask extends Task<DDLWork> implements Serializable } } - private int processGrantDDL(HiveConf conf, LogHelper console, + private int processGrantDDL(LogHelper console, SentryPolicyServiceClient sentryClient, String subject, String server, GrantDesc desc) throws SentryUserException { return processGrantRevokeDDL(console, sentryClient, subject, @@ -289,7 +289,7 @@ public class SentryGrantRevokeTask extends Task<DDLWork> implements Serializable } // For grant option, we use null to stand for revoke the privilege ignore the grant option - private int processRevokeDDL(HiveConf conf, LogHelper console, + private int processRevokeDDL(LogHelper console, SentryPolicyServiceClient sentryClient, String subject, String server, RevokeDesc desc) throws SentryUserException { return processGrantRevokeDDL(console, sentryClient, subject, @@ -297,8 +297,8 @@ public class SentryGrantRevokeTask extends Task<DDLWork> implements Serializable desc.getPrivilegeSubjectDesc(), null); } - private int processShowGrantDDL(HiveConf conf, LogHelper console, SentryPolicyServiceClient sentryClient, - String subject, String server, ShowGrantDesc desc) throws SentryUserException{ + private int processShowGrantDDL(LogHelper console, SentryPolicyServiceClient sentryClient, + String subject, ShowGrantDesc desc) throws SentryUserException{ PrincipalDesc principalDesc = desc.getPrincipalDesc(); PrivilegeObjectDesc hiveObjectDesc = desc.getHiveObj(); String principalName = principalDesc.getName(); @@ -397,7 +397,7 @@ public class SentryGrantRevokeTask extends Task<DDLWork> implements Serializable } } - private int processGrantRevokeRoleDDL(HiveConf conf, LogHelper console, + private int processGrantRevokeRoleDDL(LogHelper console, SentryPolicyServiceClient sentryClient, String subject, GrantRevokeRoleDDL desc) throws SentryUserException { try { http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/95b1e40e/sentry-binding/sentry-binding-hive/src/main/java/org/apache/hadoop/hive/ql/exec/SentryHivePrivilegeObjectDesc.java ---------------------------------------------------------------------- diff --git a/sentry-binding/sentry-binding-hive/src/main/java/org/apache/hadoop/hive/ql/exec/SentryHivePrivilegeObjectDesc.java b/sentry-binding/sentry-binding-hive/src/main/java/org/apache/hadoop/hive/ql/exec/SentryHivePrivilegeObjectDesc.java index 8929357..4fa4221 100644 --- a/sentry-binding/sentry-binding-hive/src/main/java/org/apache/hadoop/hive/ql/exec/SentryHivePrivilegeObjectDesc.java +++ b/sentry-binding/sentry-binding-hive/src/main/java/org/apache/hadoop/hive/ql/exec/SentryHivePrivilegeObjectDesc.java @@ -17,9 +17,6 @@ package org.apache.hadoop.hive.ql.exec; -import java.util.ArrayList; -import java.util.List; - import org.apache.hadoop.hive.ql.plan.PrivilegeObjectDesc; public class SentryHivePrivilegeObjectDesc extends PrivilegeObjectDesc { http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/95b1e40e/sentry-binding/sentry-binding-hive/src/main/java/org/apache/sentry/binding/hive/HiveAuthzBindingHook.java ---------------------------------------------------------------------- diff --git a/sentry-binding/sentry-binding-hive/src/main/java/org/apache/sentry/binding/hive/HiveAuthzBindingHook.java b/sentry-binding/sentry-binding-hive/src/main/java/org/apache/sentry/binding/hive/HiveAuthzBindingHook.java index 57e4689..699b6b2 100644 --- a/sentry-binding/sentry-binding-hive/src/main/java/org/apache/sentry/binding/hive/HiveAuthzBindingHook.java +++ b/sentry-binding/sentry-binding-hive/src/main/java/org/apache/sentry/binding/hive/HiveAuthzBindingHook.java @@ -295,7 +295,7 @@ public class HiveAuthzBindingHook extends AbstractSemanticAnalyzerHook { private Database extractDatabase(ASTNode ast) throws SemanticException { String tableName = BaseSemanticAnalyzer.getUnescapedName(ast); if (tableName.contains(".")) { - return new Database((tableName.split("\\."))[0]); + return new Database(tableName.split("\\.")[0]); } else { return getCanonicalDb(); } @@ -303,7 +303,7 @@ public class HiveAuthzBindingHook extends AbstractSemanticAnalyzerHook { private Table extractTable(ASTNode ast) throws SemanticException { String tableName = BaseSemanticAnalyzer.getUnescapedName(ast); if (tableName.contains(".")) { - return new Table((tableName.split("\\."))[1]); + return new Table(tableName.split("\\.")[1]); } else { return new Table(tableName); } @@ -560,9 +560,9 @@ public class HiveAuthzBindingHook extends AbstractSemanticAnalyzerHook { // by default allow connect access to default db Table currTbl = Table.ALL; Column currCol = Column.ALL; - if ((DEFAULT_DATABASE_NAME.equalsIgnoreCase(currDB.getName()) && + if (DEFAULT_DATABASE_NAME.equalsIgnoreCase(currDB.getName()) && "false".equalsIgnoreCase(authzConf. - get(HiveAuthzConf.AuthzConfVars.AUTHZ_RESTRICT_DEFAULT_DB.getVar(), "false")))) { + get(HiveAuthzConf.AuthzConfVars.AUTHZ_RESTRICT_DEFAULT_DB.getVar(), "false"))) { currDB = Database.ALL; currTbl = Table.SOME; } @@ -769,7 +769,6 @@ public class HiveAuthzBindingHook extends AbstractSemanticAnalyzerHook { // squash the exception, user doesn't have privileges, so the table is // not added to // filtered list. - ; } } return filteredResult; @@ -807,7 +806,6 @@ public class HiveAuthzBindingHook extends AbstractSemanticAnalyzerHook { // squash the exception, user doesn't have privileges, so the column is // not added to // filtered list. - ; } } return filteredResult; @@ -860,7 +858,6 @@ public class HiveAuthzBindingHook extends AbstractSemanticAnalyzerHook { // squash the exception, user doesn't have privileges, so the table is // not added to // filtered list. - ; } } @@ -880,7 +877,7 @@ public class HiveAuthzBindingHook extends AbstractSemanticAnalyzerHook { if (!readEntity.getType().equals(Type.TABLE) && !readEntity.getType().equals(Type.PARTITION)) { return false; } - if ((readEntity.getParents() != null) && (readEntity.getParents().size() > 0)) { + if (readEntity.getParents() != null && readEntity.getParents().size() > 0) { for (ReadEntity parentEntity : readEntity.getParents()) { if (!parentEntity.getType().equals(Type.TABLE)) { return false; @@ -893,31 +890,15 @@ public class HiveAuthzBindingHook extends AbstractSemanticAnalyzerHook { } /** - * Returns a set of hooks specified in a configuration variable. - * - * See getHooks(HiveAuthzConf.AuthzConfVars hookConfVar, Class<T> clazz) - * @param hookConfVar - * @return - * @throws Exception - */ - private static List<Hook> getHooks(String csHooks) throws Exception { - return getHooks(csHooks, Hook.class); - } - - /** * Returns the hooks specified in a configuration variable. The hooks are returned in a list in * the order they were specified in the configuration variable. * * @param hookConfVar The configuration variable specifying a comma separated list of the hook * class names. - * @param clazz The super type of the hooks. - * @return A list of the hooks cast as the type specified in clazz, in the order - * they are listed in the value of hookConfVar + * @return A list of the hooks, in the order they are listed in the value of hookConfVar * @throws Exception */ - private static <T extends Hook> List<T> getHooks(String csHooks, - Class<T> clazz) - throws Exception { + private static <T extends Hook> List<T> getHooks(String csHooks) throws Exception { List<T> hooks = new ArrayList<T>(); if (csHooks.isEmpty()) { http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/95b1e40e/sentry-binding/sentry-binding-hive/src/main/java/org/apache/sentry/binding/hive/HiveAuthzBindingSessionHook.java ---------------------------------------------------------------------- diff --git a/sentry-binding/sentry-binding-hive/src/main/java/org/apache/sentry/binding/hive/HiveAuthzBindingSessionHook.java b/sentry-binding/sentry-binding-hive/src/main/java/org/apache/sentry/binding/hive/HiveAuthzBindingSessionHook.java index a51653c..17b9003 100644 --- a/sentry-binding/sentry-binding-hive/src/main/java/org/apache/sentry/binding/hive/HiveAuthzBindingSessionHook.java +++ b/sentry-binding/sentry-binding-hive/src/main/java/org/apache/sentry/binding/hive/HiveAuthzBindingSessionHook.java @@ -85,7 +85,6 @@ public class HiveAuthzBindingSessionHook @Override public void applyAuthorizationConfigPolicy(HiveConf conf) { - return; } } http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/95b1e40e/sentry-binding/sentry-binding-hive/src/main/java/org/apache/sentry/binding/hive/SentryHiveAuthorizationTaskFactoryImpl.java ---------------------------------------------------------------------- diff --git a/sentry-binding/sentry-binding-hive/src/main/java/org/apache/sentry/binding/hive/SentryHiveAuthorizationTaskFactoryImpl.java b/sentry-binding/sentry-binding-hive/src/main/java/org/apache/sentry/binding/hive/SentryHiveAuthorizationTaskFactoryImpl.java index 5898b7e..617a8bc 100644 --- a/sentry-binding/sentry-binding-hive/src/main/java/org/apache/sentry/binding/hive/SentryHiveAuthorizationTaskFactoryImpl.java +++ b/sentry-binding/sentry-binding-hive/src/main/java/org/apache/sentry/binding/hive/SentryHiveAuthorizationTaskFactoryImpl.java @@ -34,7 +34,6 @@ import org.apache.hadoop.hive.ql.hooks.WriteEntity; import org.apache.hadoop.hive.ql.metadata.Hive; import org.apache.hadoop.hive.ql.parse.ASTNode; import org.apache.hadoop.hive.ql.parse.BaseSemanticAnalyzer; -import org.apache.hadoop.hive.ql.parse.DDLSemanticAnalyzer; import org.apache.hadoop.hive.ql.parse.HiveParser; import org.apache.hadoop.hive.ql.parse.SemanticException; import org.apache.hadoop.hive.ql.parse.authorization.HiveAuthorizationTaskFactory; @@ -61,7 +60,7 @@ public class SentryHiveAuthorizationTaskFactoryImpl implements HiveAuthorization private static final Logger LOG = LoggerFactory.getLogger(SentryHiveAuthorizationTaskFactoryImpl.class); - public SentryHiveAuthorizationTaskFactoryImpl(HiveConf conf, Hive db) { + public SentryHiveAuthorizationTaskFactoryImpl(HiveConf conf, Hive db) { //NOPMD } @@ -207,13 +206,11 @@ public class SentryHiveAuthorizationTaskFactoryImpl implements HiveAuthorization PrincipalDesc principalDesc = new PrincipalDesc(principalName, type); // Partition privileges are not supported by Sentry - List<String> cols = null; if (ast.getChildCount() > 1) { ASTNode child = (ASTNode) ast.getChild(1); if (child.getToken().getType() == HiveParser.TOK_PRIV_OBJECT_COL) { privHiveObj = analyzePrivilegeObject(child); - cols = privHiveObj.getColumns(); - }else { + } else { throw new SemanticException("Unrecognized Token: " + child.getToken().getType()); } } http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/95b1e40e/sentry-binding/sentry-binding-hive/src/main/java/org/apache/sentry/binding/hive/SentryOnFailureHookContext.java ---------------------------------------------------------------------- diff --git a/sentry-binding/sentry-binding-hive/src/main/java/org/apache/sentry/binding/hive/SentryOnFailureHookContext.java b/sentry-binding/sentry-binding-hive/src/main/java/org/apache/sentry/binding/hive/SentryOnFailureHookContext.java index a380651..c101a4f 100644 --- a/sentry-binding/sentry-binding-hive/src/main/java/org/apache/sentry/binding/hive/SentryOnFailureHookContext.java +++ b/sentry-binding/sentry-binding-hive/src/main/java/org/apache/sentry/binding/hive/SentryOnFailureHookContext.java @@ -38,61 +38,61 @@ public interface SentryOnFailureHookContext { /** * @return the command attempted by user */ - public String getCommand(); + String getCommand(); /** * @return the set of read entities */ - public Set<ReadEntity> getInputs(); + Set<ReadEntity> getInputs(); /** * @return the set of write entities */ - public Set<WriteEntity> getOutputs(); + Set<WriteEntity> getOutputs(); /** * @return the operation */ - public HiveOperation getHiveOp(); + HiveOperation getHiveOp(); /** * @return the user name */ - public String getUserName(); + String getUserName(); /** * @return the ip address */ - public String getIpAddress(); + String getIpAddress(); /** * @return the database object */ - public Database getDatabase(); + Database getDatabase(); /** * @return the table object */ - public Table getTable(); + Table getTable(); /** * @return the udf URI */ - public AccessURI getUdfURI(); + AccessURI getUdfURI(); /** * @return the partition URI */ - public AccessURI getPartitionURI(); + AccessURI getPartitionURI(); /** * @return the authorization failure exception */ - public AuthorizationException getException(); + AuthorizationException getException(); /** * @return the config */ - public Configuration getConf(); + Configuration getConf(); } http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/95b1e40e/sentry-binding/sentry-binding-hive/src/main/java/org/apache/sentry/binding/hive/SentryPolicyFileFormatter.java ---------------------------------------------------------------------- diff --git a/sentry-binding/sentry-binding-hive/src/main/java/org/apache/sentry/binding/hive/SentryPolicyFileFormatter.java b/sentry-binding/sentry-binding-hive/src/main/java/org/apache/sentry/binding/hive/SentryPolicyFileFormatter.java index 14437ca..4f465b3 100644 --- a/sentry-binding/sentry-binding-hive/src/main/java/org/apache/sentry/binding/hive/SentryPolicyFileFormatter.java +++ b/sentry-binding/sentry-binding-hive/src/main/java/org/apache/sentry/binding/hive/SentryPolicyFileFormatter.java @@ -29,11 +29,11 @@ import org.apache.hadoop.conf.Configuration; public interface SentryPolicyFileFormatter { // write the sentry mapping data to file - public void write(String resourcePath, Map<String, Map<String, Set<String>>> sentryMappingData) + void write(String resourcePath, Map<String, Map<String, Set<String>>> sentryMappingData) throws Exception; // parse the sentry mapping data from file - public Map<String, Map<String, Set<String>>> parse(String resourcePath, Configuration conf) + Map<String, Map<String, Set<String>>> parse(String resourcePath, Configuration conf) throws Exception; } http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/95b1e40e/sentry-binding/sentry-binding-hive/src/main/java/org/apache/sentry/binding/hive/authz/HiveAuthzBinding.java ---------------------------------------------------------------------- diff --git a/sentry-binding/sentry-binding-hive/src/main/java/org/apache/sentry/binding/hive/authz/HiveAuthzBinding.java b/sentry-binding/sentry-binding-hive/src/main/java/org/apache/sentry/binding/hive/authz/HiveAuthzBinding.java index 926c46c..6066100 100644 --- a/sentry-binding/sentry-binding-hive/src/main/java/org/apache/sentry/binding/hive/authz/HiveAuthzBinding.java +++ b/sentry-binding/sentry-binding-hive/src/main/java/org/apache/sentry/binding/hive/authz/HiveAuthzBinding.java @@ -22,7 +22,6 @@ import java.util.HashSet; import java.util.List; import java.util.Map; import java.util.Set; -import java.util.concurrent.atomic.AtomicInteger; import org.apache.hadoop.conf.Configuration; import org.apache.hadoop.fs.CommonConfigurationKeys; @@ -58,7 +57,6 @@ import com.google.common.collect.Sets; public class HiveAuthzBinding { private static final Logger LOG = LoggerFactory .getLogger(HiveAuthzBinding.class); - private static final AtomicInteger queryID = new AtomicInteger(); private static final Splitter ROLE_SET_SPLITTER = Splitter.on(",").trimResults() .omitEmptyStrings(); public static final String HIVE_BINDING_TAG = "hive.authz.bindings.tag"; http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/95b1e40e/sentry-binding/sentry-binding-hive/src/main/java/org/apache/sentry/binding/hive/authz/HiveAuthzPrivilegesMap.java ---------------------------------------------------------------------- diff --git a/sentry-binding/sentry-binding-hive/src/main/java/org/apache/sentry/binding/hive/authz/HiveAuthzPrivilegesMap.java b/sentry-binding/sentry-binding-hive/src/main/java/org/apache/sentry/binding/hive/authz/HiveAuthzPrivilegesMap.java index d35b09d..0c3bee3 100644 --- a/sentry-binding/sentry-binding-hive/src/main/java/org/apache/sentry/binding/hive/authz/HiveAuthzPrivilegesMap.java +++ b/sentry-binding/sentry-binding-hive/src/main/java/org/apache/sentry/binding/hive/authz/HiveAuthzPrivilegesMap.java @@ -23,7 +23,6 @@ import java.util.Map; import org.apache.hadoop.hive.ql.plan.HiveOperation; import org.apache.sentry.binding.hive.authz.HiveAuthzPrivileges.HiveOperationScope; import org.apache.sentry.binding.hive.authz.HiveAuthzPrivileges.HiveOperationType; -import org.apache.sentry.core.common.Authorizable; import org.apache.sentry.core.model.db.DBModelAction; import org.apache.sentry.core.model.db.DBModelAuthorizable.AuthorizableType; @@ -31,12 +30,6 @@ public class HiveAuthzPrivilegesMap { private static final Map <HiveOperation, HiveAuthzPrivileges> hiveAuthzStmtPrivMap = new HashMap<HiveOperation, HiveAuthzPrivileges>(); static { - HiveAuthzPrivileges serverPrivilege = new HiveAuthzPrivileges.AuthzPrivilegeBuilder(). - addInputObjectPriviledge(AuthorizableType.Server, EnumSet.of(DBModelAction.ALL)). - setOperationScope(HiveOperationScope.SERVER). - setOperationType(HiveOperationType.DDL). - build(); - HiveAuthzPrivileges createServerPrivilege = new HiveAuthzPrivileges.AuthzPrivilegeBuilder(). addInputObjectPriviledge(AuthorizableType.Server, EnumSet.of(DBModelAction.CREATE)). setOperationScope(HiveOperationScope.SERVER). http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/95b1e40e/sentry-binding/sentry-binding-hive/src/main/java/org/apache/sentry/binding/hive/authz/SentryConfigTool.java ---------------------------------------------------------------------- diff --git a/sentry-binding/sentry-binding-hive/src/main/java/org/apache/sentry/binding/hive/authz/SentryConfigTool.java b/sentry-binding/sentry-binding-hive/src/main/java/org/apache/sentry/binding/hive/authz/SentryConfigTool.java index 2e0f299..616d46c 100644 --- a/sentry-binding/sentry-binding-hive/src/main/java/org/apache/sentry/binding/hive/authz/SentryConfigTool.java +++ b/sentry-binding/sentry-binding-hive/src/main/java/org/apache/sentry/binding/hive/authz/SentryConfigTool.java @@ -45,7 +45,6 @@ import org.apache.log4j.Level; import org.apache.log4j.LogManager; import org.apache.sentry.Command; import org.apache.sentry.binding.hive.HiveAuthzBindingHook; -import org.apache.sentry.binding.hive.HiveAuthzBindingSessionHook; import org.apache.sentry.binding.hive.SentryPolicyFileFormatFactory; import org.apache.sentry.binding.hive.SentryPolicyFileFormatter; import org.apache.sentry.binding.hive.conf.HiveAuthzConf; @@ -221,7 +220,7 @@ public class SentryConfigTool { getHiveConf().setVar(ConfVars.SEMANTIC_ANALYZER_HOOK, HiveAuthzBindingHook.class.getName()); try { - System.out.println("Hive config: " + getHiveConf().getHiveSiteLocation()); + System.out.println("Hive config: " + HiveConf.getHiveSiteLocation()); } catch (NullPointerException e) { // Hack, hiveConf doesn't provide a reliable way check if it found a valid // hive-site @@ -559,10 +558,10 @@ public class SentryConfigTool { } } - if (isListPrivs() && (getUser() == null)) { + if (isListPrivs() && getUser() == null) { throw new ParseException("Can't use -l without -u "); } - if ((getQuery() != null) && (getUser() == null)) { + if (getQuery() != null && getUser() == null) { throw new ParseException("Must use -u with -e "); } } catch (ParseException e1) { http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/95b1e40e/sentry-binding/sentry-binding-hive/src/main/java/org/apache/sentry/binding/hive/conf/HiveAuthzConf.java ---------------------------------------------------------------------- diff --git a/sentry-binding/sentry-binding-hive/src/main/java/org/apache/sentry/binding/hive/conf/HiveAuthzConf.java b/sentry-binding/sentry-binding-hive/src/main/java/org/apache/sentry/binding/hive/conf/HiveAuthzConf.java index e76fad1..6b79dda 100644 --- a/sentry-binding/sentry-binding-hive/src/main/java/org/apache/sentry/binding/hive/conf/HiveAuthzConf.java +++ b/sentry-binding/sentry-binding-hive/src/main/java/org/apache/sentry/binding/hive/conf/HiveAuthzConf.java @@ -150,7 +150,6 @@ public class HiveAuthzConf extends Configuration { currentToDeprecatedProps.put(AuthzConfVars.AUTHZ_ONFAILURE_HOOKS.getVar(), AuthzConfVars.AUTHZ_ONFAILURE_HOOKS_DEPRECATED); }; - @SuppressWarnings("unused") private static final Logger LOG = LoggerFactory .getLogger(HiveAuthzConf.class); public static final String AUTHZ_SITE_FILE = "sentry-site.xml"; http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/95b1e40e/sentry-binding/sentry-binding-hive/src/main/java/org/apache/sentry/binding/metastore/AuthorizingObjectStore.java ---------------------------------------------------------------------- diff --git a/sentry-binding/sentry-binding-hive/src/main/java/org/apache/sentry/binding/metastore/AuthorizingObjectStore.java b/sentry-binding/sentry-binding-hive/src/main/java/org/apache/sentry/binding/metastore/AuthorizingObjectStore.java index 9938373..37781b9 100644 --- a/sentry-binding/sentry-binding-hive/src/main/java/org/apache/sentry/binding/metastore/AuthorizingObjectStore.java +++ b/sentry-binding/sentry-binding-hive/src/main/java/org/apache/sentry/binding/metastore/AuthorizingObjectStore.java @@ -39,7 +39,6 @@ import org.apache.hadoop.hive.metastore.api.Table; import org.apache.hadoop.hive.metastore.api.UnknownDBException; import org.apache.hadoop.hive.ql.parse.SemanticException; import org.apache.hadoop.hive.ql.plan.HiveOperation; -import org.apache.hadoop.hive.shims.ShimLoader; import org.apache.hadoop.hive.shims.Utils; import org.apache.sentry.binding.hive.HiveAuthzBindingHook; import org.apache.sentry.binding.hive.authz.HiveAuthzBinding; http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/95b1e40e/sentry-binding/sentry-binding-hive/src/main/java/org/apache/sentry/binding/metastore/MetastoreAuthzBinding.java ---------------------------------------------------------------------- diff --git a/sentry-binding/sentry-binding-hive/src/main/java/org/apache/sentry/binding/metastore/MetastoreAuthzBinding.java b/sentry-binding/sentry-binding-hive/src/main/java/org/apache/sentry/binding/metastore/MetastoreAuthzBinding.java index f6b9c7a..b1148d8 100644 --- a/sentry-binding/sentry-binding-hive/src/main/java/org/apache/sentry/binding/metastore/MetastoreAuthzBinding.java +++ b/sentry-binding/sentry-binding-hive/src/main/java/org/apache/sentry/binding/metastore/MetastoreAuthzBinding.java @@ -39,7 +39,6 @@ import org.apache.hadoop.hive.metastore.api.StorageDescriptor; import org.apache.hadoop.hive.metastore.events.PreAddPartitionEvent; import org.apache.hadoop.hive.metastore.events.PreAlterPartitionEvent; import org.apache.hadoop.hive.metastore.events.PreAlterTableEvent; -import org.apache.hadoop.hive.metastore.events.PreCreateDatabaseEvent; import org.apache.hadoop.hive.metastore.events.PreCreateTableEvent; import org.apache.hadoop.hive.metastore.events.PreDropDatabaseEvent; import org.apache.hadoop.hive.metastore.events.PreDropPartitionEvent; @@ -47,7 +46,6 @@ import org.apache.hadoop.hive.metastore.events.PreDropTableEvent; import org.apache.hadoop.hive.metastore.events.PreEventContext; import org.apache.hadoop.hive.ql.metadata.AuthorizationException; import org.apache.hadoop.hive.ql.plan.HiveOperation; -import org.apache.hadoop.hive.shims.ShimLoader; import org.apache.hadoop.hive.shims.Utils; import org.apache.sentry.SentryUserException; import org.apache.sentry.binding.hive.authz.HiveAuthzBinding; @@ -197,7 +195,7 @@ public class MetastoreAuthzBinding extends MetaStorePreEventListener { authorizeAlterPartition((PreAlterPartitionEvent) context); break; case CREATE_DATABASE: - authorizeCreateDatabase((PreCreateDatabaseEvent) context); + authorizeCreateDatabase(); break; case DROP_DATABASE: authorizeDropDatabase((PreDropDatabaseEvent) context); @@ -210,7 +208,7 @@ public class MetastoreAuthzBinding extends MetaStorePreEventListener { } } - private void authorizeCreateDatabase(PreCreateDatabaseEvent context) + private void authorizeCreateDatabase() throws InvalidOperationException, MetaException { authorizeMetastoreAccess(HiveOperation.CREATEDATABASE, new HierarcyBuilder().addServerToOutput(getAuthServer()).build(), http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/95b1e40e/sentry-binding/sentry-binding-hive/src/main/java/org/apache/sentry/binding/metastore/SentryHiveMetaStoreClient.java ---------------------------------------------------------------------- diff --git a/sentry-binding/sentry-binding-hive/src/main/java/org/apache/sentry/binding/metastore/SentryHiveMetaStoreClient.java b/sentry-binding/sentry-binding-hive/src/main/java/org/apache/sentry/binding/metastore/SentryHiveMetaStoreClient.java index 6a33ef9..0330db9 100644 --- a/sentry-binding/sentry-binding-hive/src/main/java/org/apache/sentry/binding/metastore/SentryHiveMetaStoreClient.java +++ b/sentry-binding/sentry-binding-hive/src/main/java/org/apache/sentry/binding/metastore/SentryHiveMetaStoreClient.java @@ -42,17 +42,14 @@ public class SentryHiveMetaStoreClient extends HiveMetaStoreClient implements private HiveAuthzBinding hiveAuthzBinding; private HiveAuthzConf authzConf; - private final HiveConf hiveConf; public SentryHiveMetaStoreClient(HiveConf conf) throws MetaException { super(conf); - this.hiveConf = conf; } public SentryHiveMetaStoreClient(HiveConf conf, HiveMetaHookLoader hookLoader) throws MetaException { super(conf, hookLoader); - this.hiveConf = conf; } @Override http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/95b1e40e/sentry-binding/sentry-binding-hive/src/main/java/org/apache/sentry/binding/metastore/SentryMetaStoreFilterHook.java ---------------------------------------------------------------------- diff --git a/sentry-binding/sentry-binding-hive/src/main/java/org/apache/sentry/binding/metastore/SentryMetaStoreFilterHook.java b/sentry-binding/sentry-binding-hive/src/main/java/org/apache/sentry/binding/metastore/SentryMetaStoreFilterHook.java index 9f33f3d..b551788 100644 --- a/sentry-binding/sentry-binding-hive/src/main/java/org/apache/sentry/binding/metastore/SentryMetaStoreFilterHook.java +++ b/sentry-binding/sentry-binding-hive/src/main/java/org/apache/sentry/binding/metastore/SentryMetaStoreFilterHook.java @@ -33,25 +33,20 @@ import org.apache.hadoop.hive.metastore.api.NoSuchObjectException; import org.apache.hadoop.hive.metastore.api.Partition; import org.apache.hadoop.hive.metastore.api.PartitionSpec; import org.apache.hadoop.hive.metastore.api.Table; -import org.apache.hadoop.hive.ql.parse.SemanticException; import org.apache.hadoop.hive.ql.plan.HiveOperation; import org.apache.hadoop.hive.ql.session.SessionState; import org.apache.sentry.binding.hive.HiveAuthzBindingHook; import org.apache.sentry.binding.hive.authz.HiveAuthzBinding; import org.apache.sentry.binding.hive.conf.HiveAuthzConf; -import com.google.common.collect.Lists; - public class SentryMetaStoreFilterHook implements MetaStoreFilterHook { static final protected Log LOG = LogFactory.getLog(SentryMetaStoreFilterHook.class); private HiveAuthzBinding hiveAuthzBinding; private HiveAuthzConf authzConf; - private final HiveConf hiveConf; - public SentryMetaStoreFilterHook(HiveConf hiveConf) { - this.hiveConf = hiveConf; + public SentryMetaStoreFilterHook(HiveConf hiveConf) { //NOPMD } @Override http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/95b1e40e/sentry-binding/sentry-binding-hive/src/main/java/org/apache/sentry/binding/metastore/SentryMetastorePostEventListener.java ---------------------------------------------------------------------- diff --git a/sentry-binding/sentry-binding-hive/src/main/java/org/apache/sentry/binding/metastore/SentryMetastorePostEventListener.java b/sentry-binding/sentry-binding-hive/src/main/java/org/apache/sentry/binding/metastore/SentryMetastorePostEventListener.java index 3c8ad1f..a45d115 100644 --- a/sentry-binding/sentry-binding-hive/src/main/java/org/apache/sentry/binding/metastore/SentryMetastorePostEventListener.java +++ b/sentry-binding/sentry-binding-hive/src/main/java/org/apache/sentry/binding/metastore/SentryMetastorePostEventListener.java @@ -212,7 +212,7 @@ public class SentryMetastorePostEventListener extends MetaStoreEventListener { newLoc = partitionEvent.getNewPartition().getSd().getLocation(); } - if ((oldLoc != null) && (newLoc != null) && (!oldLoc.equals(newLoc))) { + if (oldLoc != null && newLoc != null && !oldLoc.equals(newLoc)) { String authzObj = partitionEvent.getOldPartition().getDbName() + "." + partitionEvent.getOldPartition().getTableName(); @@ -227,7 +227,7 @@ public class SentryMetastorePostEventListener extends MetaStoreEventListener { public void onAddPartition(AddPartitionEvent partitionEvent) throws MetaException { for (Partition part : partitionEvent.getPartitions()) { - if ((part.getSd() != null) && (part.getSd().getLocation() != null)) { + if (part.getSd() != null && part.getSd().getLocation() != null) { String authzObj = part.getDbName() + "." + part.getTableName(); String path = part.getSd().getLocation(); for (SentryMetastoreListenerPlugin plugin : sentryPlugins) { @@ -349,7 +349,7 @@ public class SentryMetastorePostEventListener extends MetaStoreEventListener { private boolean syncWithPolicyStore(AuthzConfVars syncConfVar) { return "true" - .equalsIgnoreCase((authzConf.get(syncConfVar.getVar(), "true"))); + .equalsIgnoreCase(authzConf.get(syncConfVar.getVar(), "true")); } } http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/95b1e40e/sentry-binding/sentry-binding-solr/src/main/java/org/apache/sentry/binding/solr/authz/SolrAuthzBinding.java ---------------------------------------------------------------------- diff --git a/sentry-binding/sentry-binding-solr/src/main/java/org/apache/sentry/binding/solr/authz/SolrAuthzBinding.java b/sentry-binding/sentry-binding-solr/src/main/java/org/apache/sentry/binding/solr/authz/SolrAuthzBinding.java index 6980c7c..88148c4 100644 --- a/sentry-binding/sentry-binding-solr/src/main/java/org/apache/sentry/binding/solr/authz/SolrAuthzBinding.java +++ b/sentry-binding/sentry-binding-solr/src/main/java/org/apache/sentry/binding/solr/authz/SolrAuthzBinding.java @@ -228,7 +228,7 @@ public class SolrAuthzBinding { } synchronized (SolrAuthzBinding.class) { if (kerberosInit == null) { - kerberosInit = new Boolean(true); + kerberosInit = Boolean.TRUE; final String authVal = authzConf.get(HADOOP_SECURITY_AUTHENTICATION); final String kerberos = "kerberos"; if (authVal != null && !authVal.equals(kerberos)) { @@ -258,7 +258,7 @@ public class SolrAuthzBinding { * If the binding uses the searchProviderBackend, it can sync privilege with Sentry Service */ public boolean isSyncEnabled() { - return (providerBackend instanceof SentryGenericProviderBackend); + return providerBackend instanceof SentryGenericProviderBackend; } public SentryGenericServiceClient getClient() throws Exception { http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/95b1e40e/sentry-binding/sentry-binding-sqoop/src/main/java/org/apache/sentry/sqoop/authz/SentryAuthorizationValidator.java ---------------------------------------------------------------------- diff --git a/sentry-binding/sentry-binding-sqoop/src/main/java/org/apache/sentry/sqoop/authz/SentryAuthorizationValidator.java b/sentry-binding/sentry-binding-sqoop/src/main/java/org/apache/sentry/sqoop/authz/SentryAuthorizationValidator.java index 5f96767..51f3f29 100644 --- a/sentry-binding/sentry-binding-sqoop/src/main/java/org/apache/sentry/sqoop/authz/SentryAuthorizationValidator.java +++ b/sentry-binding/sentry-binding-sqoop/src/main/java/org/apache/sentry/sqoop/authz/SentryAuthorizationValidator.java @@ -42,7 +42,7 @@ public class SentryAuthorizationValidator extends AuthorizationValidator { @Override public void checkPrivileges(MPrincipal principal, List<MPrivilege> privileges) throws SqoopException { - if ((privileges == null) || privileges.isEmpty()) { + if (privileges == null || privileges.isEmpty()) { return; } PrincipalDesc principalDesc = new PrincipalDesc(principal.getName(), principal.getType()); http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/95b1e40e/sentry-binding/sentry-binding-sqoop/src/main/java/org/apache/sentry/sqoop/binding/SqoopAuthBinding.java ---------------------------------------------------------------------- diff --git a/sentry-binding/sentry-binding-sqoop/src/main/java/org/apache/sentry/sqoop/binding/SqoopAuthBinding.java b/sentry-binding/sentry-binding-sqoop/src/main/java/org/apache/sentry/sqoop/binding/SqoopAuthBinding.java index 42638f8..8456031 100644 --- a/sentry-binding/sentry-binding-sqoop/src/main/java/org/apache/sentry/sqoop/binding/SqoopAuthBinding.java +++ b/sentry-binding/sentry-binding-sqoop/src/main/java/org/apache/sentry/sqoop/binding/SqoopAuthBinding.java @@ -312,7 +312,7 @@ public class SqoopAuthBinding { } private MResource toSqoopResource(List<TAuthorizable> authorizables) { - if ((authorizables == null) || authorizables.isEmpty()) { + if (authorizables == null || authorizables.isEmpty()) { //server resource return new MResource(sqoopServer.getName(), MResource.TYPE.SERVER); } else { @@ -385,7 +385,7 @@ public class SqoopAuthBinding { * functions to execute, which centralizes connection error * handling. Command is parameterized on the return type of the function. */ - private static interface Command<T> { + private interface Command<T> { T run(SentryGenericServiceClient client) throws Exception; } http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/95b1e40e/sentry-core/sentry-core-common/src/main/java/org/apache/sentry/Command.java ---------------------------------------------------------------------- diff --git a/sentry-core/sentry-core-common/src/main/java/org/apache/sentry/Command.java b/sentry-core/sentry-core-common/src/main/java/org/apache/sentry/Command.java index 528f7d7..5af4cad 100644 --- a/sentry-core/sentry-core-common/src/main/java/org/apache/sentry/Command.java +++ b/sentry-core/sentry-core-common/src/main/java/org/apache/sentry/Command.java @@ -19,5 +19,5 @@ package org.apache.sentry; public interface Command { - public void run(String[] args) throws Exception; + void run(String[] args) throws Exception; } http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/95b1e40e/sentry-core/sentry-core-common/src/main/java/org/apache/sentry/SentryMain.java ---------------------------------------------------------------------- diff --git a/sentry-core/sentry-core-common/src/main/java/org/apache/sentry/SentryMain.java b/sentry-core/sentry-core-common/src/main/java/org/apache/sentry/SentryMain.java index e081a86..1ccf7de 100644 --- a/sentry-core/sentry-core-common/src/main/java/org/apache/sentry/SentryMain.java +++ b/sentry-core/sentry-core-common/src/main/java/org/apache/sentry/SentryMain.java @@ -59,7 +59,7 @@ public class SentryMain { CommandLine commandLine = parser.parse(options, args, true); String log4jconf = commandLine.getOptionValue(LOG4J_CONF); - if ((log4jconf != null)&&(log4jconf.length() > 0)) { + if (log4jconf != null && log4jconf.length() > 0) { Properties log4jProperties = new Properties(); // Firstly load log properties from properties file @@ -121,9 +121,10 @@ public class SentryMain { private static void printHelp(Options options, String msg) { String sentry = "sentry"; - if(msg != null) + if (msg != null) { sentry = msg + sentry; + } (new HelpFormatter()).printHelp(sentry, options); System.exit(1); } -} \ No newline at end of file +} http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/95b1e40e/sentry-core/sentry-core-common/src/main/java/org/apache/sentry/core/common/Action.java ---------------------------------------------------------------------- diff --git a/sentry-core/sentry-core-common/src/main/java/org/apache/sentry/core/common/Action.java b/sentry-core/sentry-core-common/src/main/java/org/apache/sentry/core/common/Action.java index 1479e5c..77c91d2 100644 --- a/sentry-core/sentry-core-common/src/main/java/org/apache/sentry/core/common/Action.java +++ b/sentry-core/sentry-core-common/src/main/java/org/apache/sentry/core/common/Action.java @@ -17,6 +17,6 @@ package org.apache.sentry.core.common; public interface Action { - public static final String ALL = "*"; - public String getValue(); + String ALL = "*"; + String getValue(); } http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/95b1e40e/sentry-core/sentry-core-common/src/main/java/org/apache/sentry/core/common/Authorizable.java ---------------------------------------------------------------------- diff --git a/sentry-core/sentry-core-common/src/main/java/org/apache/sentry/core/common/Authorizable.java b/sentry-core/sentry-core-common/src/main/java/org/apache/sentry/core/common/Authorizable.java index 3523237..d49a53d 100644 --- a/sentry-core/sentry-core-common/src/main/java/org/apache/sentry/core/common/Authorizable.java +++ b/sentry-core/sentry-core-common/src/main/java/org/apache/sentry/core/common/Authorizable.java @@ -17,7 +17,7 @@ package org.apache.sentry.core.common; public interface Authorizable { - public String getName(); + String getName(); - public String getTypeName(); + String getTypeName(); } http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/95b1e40e/sentry-core/sentry-core-common/src/main/java/org/apache/sentry/core/common/BitFieldAction.java ---------------------------------------------------------------------- diff --git a/sentry-core/sentry-core-common/src/main/java/org/apache/sentry/core/common/BitFieldAction.java b/sentry-core/sentry-core-common/src/main/java/org/apache/sentry/core/common/BitFieldAction.java index 5aa0f83..ce0e4fb 100644 --- a/sentry-core/sentry-core-common/src/main/java/org/apache/sentry/core/common/BitFieldAction.java +++ b/sentry-core/sentry-core-common/src/main/java/org/apache/sentry/core/common/BitFieldAction.java @@ -55,7 +55,7 @@ public abstract class BitFieldAction implements Action { return false; } BitFieldAction that = (BitFieldAction)obj; - return (code == that.code) && (name.equalsIgnoreCase(that.name)); + return code == that.code && name.equalsIgnoreCase(that.name); } @Override http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/95b1e40e/sentry-core/sentry-core-common/src/main/java/org/apache/sentry/core/common/utils/PathUtils.java ---------------------------------------------------------------------- diff --git a/sentry-core/sentry-core-common/src/main/java/org/apache/sentry/core/common/utils/PathUtils.java b/sentry-core/sentry-core-common/src/main/java/org/apache/sentry/core/common/utils/PathUtils.java index 6cb599c..c7002e0 100644 --- a/sentry-core/sentry-core-common/src/main/java/org/apache/sentry/core/common/utils/PathUtils.java +++ b/sentry-core/sentry-core-common/src/main/java/org/apache/sentry/core/common/utils/PathUtils.java @@ -42,11 +42,10 @@ public class PathUtils { return false; } // ensure that either both schemes are null or equal - if (privilegeURI.getScheme() == null) { - if (requestURI.getScheme() != null) { - return false; - } - } else if (!privilegeURI.getScheme().equals(requestURI.getScheme())) { + if (privilegeURI.getScheme() == null && requestURI.getScheme() != null) { + return false; + } + if (privilegeURI.getScheme() != null && !privilegeURI.getScheme().equals(requestURI.getScheme())) { return false; } // request path does not contain relative parts /a/../b && http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/95b1e40e/sentry-core/sentry-core-model-db/src/main/java/org/apache/sentry/core/model/db/DBModelAuthorizable.java ---------------------------------------------------------------------- diff --git a/sentry-core/sentry-core-model-db/src/main/java/org/apache/sentry/core/model/db/DBModelAuthorizable.java b/sentry-core/sentry-core-model-db/src/main/java/org/apache/sentry/core/model/db/DBModelAuthorizable.java index 4d74356..4ce01b2 100644 --- a/sentry-core/sentry-core-model-db/src/main/java/org/apache/sentry/core/model/db/DBModelAuthorizable.java +++ b/sentry-core/sentry-core-model-db/src/main/java/org/apache/sentry/core/model/db/DBModelAuthorizable.java @@ -29,5 +29,5 @@ public interface DBModelAuthorizable extends Authorizable { URI }; - public AuthorizableType getAuthzType(); + AuthorizableType getAuthzType(); } http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/95b1e40e/sentry-core/sentry-core-model-indexer/src/main/java/org/apache/sentry/core/model/indexer/IndexerModelAuthorizable.java ---------------------------------------------------------------------- diff --git a/sentry-core/sentry-core-model-indexer/src/main/java/org/apache/sentry/core/model/indexer/IndexerModelAuthorizable.java b/sentry-core/sentry-core-model-indexer/src/main/java/org/apache/sentry/core/model/indexer/IndexerModelAuthorizable.java index d92a5c8..b3a3873 100644 --- a/sentry-core/sentry-core-model-indexer/src/main/java/org/apache/sentry/core/model/indexer/IndexerModelAuthorizable.java +++ b/sentry-core/sentry-core-model-indexer/src/main/java/org/apache/sentry/core/model/indexer/IndexerModelAuthorizable.java @@ -24,5 +24,5 @@ public interface IndexerModelAuthorizable extends Authorizable { Indexer }; - public AuthorizableType getAuthzType(); + AuthorizableType getAuthzType(); } http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/95b1e40e/sentry-core/sentry-core-model-indexer/src/test/java/org/apache/sentry/core/indexer/TestIndexerBitFieldAction.java ---------------------------------------------------------------------- diff --git a/sentry-core/sentry-core-model-indexer/src/test/java/org/apache/sentry/core/indexer/TestIndexerBitFieldAction.java b/sentry-core/sentry-core-model-indexer/src/test/java/org/apache/sentry/core/indexer/TestIndexerBitFieldAction.java index a490cd8..4e2f1fa 100644 --- a/sentry-core/sentry-core-model-indexer/src/test/java/org/apache/sentry/core/indexer/TestIndexerBitFieldAction.java +++ b/sentry-core/sentry-core-model-indexer/src/test/java/org/apache/sentry/core/indexer/TestIndexerBitFieldAction.java @@ -17,8 +17,6 @@ */ package org.apache.sentry.core.indexer; -import java.util.List; - import org.apache.sentry.core.model.indexer.IndexerActionFactory; import org.apache.sentry.core.model.indexer.IndexerActionFactory.IndexerAction; import org.apache.sentry.core.model.indexer.IndexerActionFactory.IndexerBitFieldAction; http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/95b1e40e/sentry-core/sentry-core-model-search/src/main/java/org/apache/sentry/core/model/search/SearchModelAuthorizable.java ---------------------------------------------------------------------- diff --git a/sentry-core/sentry-core-model-search/src/main/java/org/apache/sentry/core/model/search/SearchModelAuthorizable.java b/sentry-core/sentry-core-model-search/src/main/java/org/apache/sentry/core/model/search/SearchModelAuthorizable.java index d6a9d54..5a55963 100644 --- a/sentry-core/sentry-core-model-search/src/main/java/org/apache/sentry/core/model/search/SearchModelAuthorizable.java +++ b/sentry-core/sentry-core-model-search/src/main/java/org/apache/sentry/core/model/search/SearchModelAuthorizable.java @@ -25,5 +25,5 @@ public interface SearchModelAuthorizable extends Authorizable { Field }; - public AuthorizableType getAuthzType(); + AuthorizableType getAuthzType(); } http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/95b1e40e/sentry-core/sentry-core-model-search/src/test/java/org/apache/sentry/core/search/TestSearchBitFieldAction.java ---------------------------------------------------------------------- diff --git a/sentry-core/sentry-core-model-search/src/test/java/org/apache/sentry/core/search/TestSearchBitFieldAction.java b/sentry-core/sentry-core-model-search/src/test/java/org/apache/sentry/core/search/TestSearchBitFieldAction.java index 0ae49d6..b490cb6 100644 --- a/sentry-core/sentry-core-model-search/src/test/java/org/apache/sentry/core/search/TestSearchBitFieldAction.java +++ b/sentry-core/sentry-core-model-search/src/test/java/org/apache/sentry/core/search/TestSearchBitFieldAction.java @@ -17,8 +17,6 @@ */ package org.apache.sentry.core.search; -import java.util.List; - import org.apache.sentry.core.model.search.SearchActionFactory; import org.apache.sentry.core.model.search.SearchActionFactory.SearchAction; import org.apache.sentry.core.model.search.SearchActionFactory.SearchBitFieldAction; http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/95b1e40e/sentry-core/sentry-core-model-sqoop/src/main/java/org/apache/sentry/core/model/sqoop/SqoopActionFactory.java ---------------------------------------------------------------------- diff --git a/sentry-core/sentry-core-model-sqoop/src/main/java/org/apache/sentry/core/model/sqoop/SqoopActionFactory.java b/sentry-core/sentry-core-model-sqoop/src/main/java/org/apache/sentry/core/model/sqoop/SqoopActionFactory.java index c1f33ec..e7ba5f1 100644 --- a/sentry-core/sentry-core-model-sqoop/src/main/java/org/apache/sentry/core/model/sqoop/SqoopActionFactory.java +++ b/sentry-core/sentry-core-model-sqoop/src/main/java/org/apache/sentry/core/model/sqoop/SqoopActionFactory.java @@ -56,8 +56,7 @@ public class SqoopActionFactory extends BitFieldActionFactory { static List<SqoopActionType> getActionByCode(int code) { List<SqoopActionType> actions = Lists.newArrayList(); for (SqoopActionType action : SqoopActionType.values()) { - if (((action.code & code) == action.code ) && - (action != SqoopActionType.ALL)) { + if ((action.code & code) == action.code && action != SqoopActionType.ALL) { //SqoopActionType.ALL action should not return in the list actions.add(action); } http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/95b1e40e/sentry-core/sentry-core-model-sqoop/src/main/java/org/apache/sentry/core/model/sqoop/SqoopAuthorizable.java ---------------------------------------------------------------------- diff --git a/sentry-core/sentry-core-model-sqoop/src/main/java/org/apache/sentry/core/model/sqoop/SqoopAuthorizable.java b/sentry-core/sentry-core-model-sqoop/src/main/java/org/apache/sentry/core/model/sqoop/SqoopAuthorizable.java index b57f4a7..934875e 100644 --- a/sentry-core/sentry-core-model-sqoop/src/main/java/org/apache/sentry/core/model/sqoop/SqoopAuthorizable.java +++ b/sentry-core/sentry-core-model-sqoop/src/main/java/org/apache/sentry/core/model/sqoop/SqoopAuthorizable.java @@ -23,7 +23,7 @@ import org.apache.sentry.core.common.Authorizable; * It used conjunction with the generic authorization model(SENTRY-398). */ public interface SqoopAuthorizable extends Authorizable { - public static final String ALL = "*"; + String ALL = "*"; public enum AuthorizableType { SERVER, CONNECTOR, @@ -31,5 +31,5 @@ public interface SqoopAuthorizable extends Authorizable { JOB }; - public AuthorizableType getAuthzType(); + AuthorizableType getAuthzType(); } http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/95b1e40e/sentry-hdfs/sentry-hdfs-common/src/main/java/org/apache/sentry/hdfs/AuthzPathsDumper.java ---------------------------------------------------------------------- diff --git a/sentry-hdfs/sentry-hdfs-common/src/main/java/org/apache/sentry/hdfs/AuthzPathsDumper.java b/sentry-hdfs/sentry-hdfs-common/src/main/java/org/apache/sentry/hdfs/AuthzPathsDumper.java index 2bd2a88..0950957 100644 --- a/sentry-hdfs/sentry-hdfs-common/src/main/java/org/apache/sentry/hdfs/AuthzPathsDumper.java +++ b/sentry-hdfs/sentry-hdfs-common/src/main/java/org/apache/sentry/hdfs/AuthzPathsDumper.java @@ -21,8 +21,8 @@ import org.apache.sentry.hdfs.service.thrift.TPathsDump; public interface AuthzPathsDumper<K extends AuthzPaths> { - public TPathsDump createPathsDump(); + TPathsDump createPathsDump(); - public K initializeFromDump(TPathsDump pathsDump); + K initializeFromDump(TPathsDump pathsDump); } http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/95b1e40e/sentry-hdfs/sentry-hdfs-common/src/main/java/org/apache/sentry/hdfs/AuthzPermissions.java ---------------------------------------------------------------------- diff --git a/sentry-hdfs/sentry-hdfs-common/src/main/java/org/apache/sentry/hdfs/AuthzPermissions.java b/sentry-hdfs/sentry-hdfs-common/src/main/java/org/apache/sentry/hdfs/AuthzPermissions.java index 1631ae5..b575e81 100644 --- a/sentry-hdfs/sentry-hdfs-common/src/main/java/org/apache/sentry/hdfs/AuthzPermissions.java +++ b/sentry-hdfs/sentry-hdfs-common/src/main/java/org/apache/sentry/hdfs/AuthzPermissions.java @@ -23,6 +23,6 @@ import java.util.List; public interface AuthzPermissions { - public List<AclEntry> getAcls(String authzObj); + List<AclEntry> getAcls(String authzObj); } http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/95b1e40e/sentry-hdfs/sentry-hdfs-common/src/main/java/org/apache/sentry/hdfs/HMSPaths.java ---------------------------------------------------------------------- diff --git a/sentry-hdfs/sentry-hdfs-common/src/main/java/org/apache/sentry/hdfs/HMSPaths.java b/sentry-hdfs/sentry-hdfs-common/src/main/java/org/apache/sentry/hdfs/HMSPaths.java index 4b38def..135ea20 100644 --- a/sentry-hdfs/sentry-hdfs-common/src/main/java/org/apache/sentry/hdfs/HMSPaths.java +++ b/sentry-hdfs/sentry-hdfs-common/src/main/java/org/apache/sentry/hdfs/HMSPaths.java @@ -232,7 +232,7 @@ public class HMSPaths implements AuthzPaths { } public static Entry createRoot(boolean asPrefix) { - return new Entry(null, "/", (asPrefix) + return new Entry(null, "/", asPrefix ? EntryType.PREFIX : EntryType.DIR, (String) null); } @@ -366,7 +366,7 @@ public class HMSPaths implements AuthzPaths { boolean isPartialMatchOk, Entry lastAuthObj) { Entry found = null; if (index == pathElements.length) { - if (isPartialMatchOk && (getAuthzObjs().size() != 0)) { + if (isPartialMatchOk && getAuthzObjs().size() != 0) { found = this; } } else { @@ -444,7 +444,7 @@ public class HMSPaths implements AuthzPaths { if (e != null) { newEntries.add(e); } else { - // LOG WARN IGNORING PATH, no prefix + LOG.warn("Ignoring path, no prefix"); } } authzObjToPath.put(authzObj, newEntries); @@ -468,7 +468,7 @@ public class HMSPaths implements AuthzPaths { if (e != null) { newEntries.add(e); } else { - // LOG WARN IGNORING PATH, no prefix + LOG.warn("Ignoring path, no prefix"); } } entries.addAll(newEntries); @@ -476,7 +476,7 @@ public class HMSPaths implements AuthzPaths { if (createNew) { addAuthzObject(authzObj, authzObjPathElements); } - // LOG WARN object does not exist + LOG.warn("Object does not exist"); } } @@ -500,12 +500,12 @@ public class HMSPaths implements AuthzPaths { entry.deleteAuthzObject(authzObj); toDelEntries.add(entry); } else { - // LOG WARN IGNORING PATH, it was not in registered + LOG.warn("Ignoring path, it was not registered"); } } entries.removeAll(toDelEntries); } else { - // LOG WARN object does not exist + LOG.warn("Object does not exist"); } } @@ -540,7 +540,9 @@ public class HMSPaths implements AuthzPaths { */ public Set<String> findAuthzObject(String[] pathElements, boolean isPartialOk) { // Handle '/' - if ((pathElements == null)||(pathElements.length == 0)) return null; + if (pathElements == null || pathElements.length == 0) { + return null; + } Entry entry = root.find(pathElements, isPartialOk); return (entry != null) ? entry.getAuthzObjs() : null; } @@ -548,10 +550,12 @@ public class HMSPaths implements AuthzPaths { boolean renameAuthzObject(String oldName, List<String> oldPathElems, String newName, List<String> newPathElems) { // Handle '/' - if ((oldPathElems == null)||(oldPathElems.size() == 0)) return false; + if (oldPathElems == null || oldPathElems.size() == 0) { + return false; + } Entry entry = root.find(oldPathElems.toArray(new String[oldPathElems.size()]), false); - if ((entry != null) && (entry.getAuthzObjs().contains(oldName))) { + if (entry != null && entry.getAuthzObjs().contains(oldName)) { // Update pathElements String[] newPath = newPathElems.toArray(new String[newPathElems.size()]); // Can't use Lists.newArrayList() because of whacky generics http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/95b1e40e/sentry-hdfs/sentry-hdfs-common/src/main/java/org/apache/sentry/hdfs/HMSPathsDumper.java ---------------------------------------------------------------------- diff --git a/sentry-hdfs/sentry-hdfs-common/src/main/java/org/apache/sentry/hdfs/HMSPathsDumper.java b/sentry-hdfs/sentry-hdfs-common/src/main/java/org/apache/sentry/hdfs/HMSPathsDumper.java index d62222b..3203ecd 100644 --- a/sentry-hdfs/sentry-hdfs-common/src/main/java/org/apache/sentry/hdfs/HMSPathsDumper.java +++ b/sentry-hdfs/sentry-hdfs-common/src/main/java/org/apache/sentry/hdfs/HMSPathsDumper.java @@ -102,7 +102,9 @@ public class HMSPathsDumper implements AuthzPathsDumper<HMSPaths> { child = parent.getChildren().get(tChild.getPathElement()); // If we havn't reached a prefix entry yet, then child should // already exists.. else it is not part of the prefix - if (child == null) continue; + if (child == null) { + continue; + } isChildPrefix = child.getType() == EntryType.PREFIX; // Handle case when prefix entry has an authzObject // For Eg (default table mapped to /user/hive/warehouse) http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/95b1e40e/sentry-hdfs/sentry-hdfs-common/src/main/java/org/apache/sentry/hdfs/SentryHDFSServiceClient.java ---------------------------------------------------------------------- diff --git a/sentry-hdfs/sentry-hdfs-common/src/main/java/org/apache/sentry/hdfs/SentryHDFSServiceClient.java b/sentry-hdfs/sentry-hdfs-common/src/main/java/org/apache/sentry/hdfs/SentryHDFSServiceClient.java index 956b855..ab12bf4 100644 --- a/sentry-hdfs/sentry-hdfs-common/src/main/java/org/apache/sentry/hdfs/SentryHDFSServiceClient.java +++ b/sentry-hdfs/sentry-hdfs-common/src/main/java/org/apache/sentry/hdfs/SentryHDFSServiceClient.java @@ -17,19 +17,17 @@ */ package org.apache.sentry.hdfs; -import java.io.IOException; - public interface SentryHDFSServiceClient { - public static final String SENTRY_HDFS_SERVICE_NAME = "SentryHDFSService"; + String SENTRY_HDFS_SERVICE_NAME = "SentryHDFSService"; - public void notifyHMSUpdate(PathsUpdate update) + void notifyHMSUpdate(PathsUpdate update) throws SentryHdfsServiceException; - public long getLastSeenHMSPathSeqNum() throws SentryHdfsServiceException; + long getLastSeenHMSPathSeqNum() throws SentryHdfsServiceException; - public SentryAuthzUpdate getAllUpdatesFrom(long permSeqNum, long pathSeqNum) + SentryAuthzUpdate getAllUpdatesFrom(long permSeqNum, long pathSeqNum) throws SentryHdfsServiceException; - public void close(); + void close(); } http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/95b1e40e/sentry-hdfs/sentry-hdfs-common/src/main/java/org/apache/sentry/hdfs/Updateable.java ---------------------------------------------------------------------- diff --git a/sentry-hdfs/sentry-hdfs-common/src/main/java/org/apache/sentry/hdfs/Updateable.java b/sentry-hdfs/sentry-hdfs-common/src/main/java/org/apache/sentry/hdfs/Updateable.java index 117fde2..4dc3a0c 100644 --- a/sentry-hdfs/sentry-hdfs-common/src/main/java/org/apache/sentry/hdfs/Updateable.java +++ b/sentry-hdfs/sentry-hdfs-common/src/main/java/org/apache/sentry/hdfs/Updateable.java @@ -28,7 +28,7 @@ public interface Updateable<K extends Updateable.Update> { * implementing this interface and containing the generated thrift class as * a work around */ - public interface Update { + interface Update { boolean hasFullImage(); @@ -47,27 +47,27 @@ public interface Updateable<K extends Updateable.Update> { * @param lock External Lock. * @return */ - public void updatePartial(Iterable<K> update, ReadWriteLock lock); + void updatePartial(Iterable<K> update, ReadWriteLock lock); /** * This returns a new object with the full update applied * @param update * @return */ - public Updateable<K> updateFull(K update); + Updateable<K> updateFull(K update); /** * Return sequence number of Last Update */ - public long getLastUpdatedSeqNum(); + long getLastUpdatedSeqNum(); /** * Create and Full image update of the local data structure * @param currSeqNum * @return */ - public K createFullImageUpdate(long currSeqNum); + K createFullImageUpdate(long currSeqNum); - public String getUpdateableTypeName(); + String getUpdateableTypeName(); } http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/95b1e40e/sentry-hdfs/sentry-hdfs-common/src/main/java/org/apache/sentry/hdfs/UpdateableAuthzPaths.java ---------------------------------------------------------------------- diff --git a/sentry-hdfs/sentry-hdfs-common/src/main/java/org/apache/sentry/hdfs/UpdateableAuthzPaths.java b/sentry-hdfs/sentry-hdfs-common/src/main/java/org/apache/sentry/hdfs/UpdateableAuthzPaths.java index 364a1f6..8fc5470 100644 --- a/sentry-hdfs/sentry-hdfs-common/src/main/java/org/apache/sentry/hdfs/UpdateableAuthzPaths.java +++ b/sentry-hdfs/sentry-hdfs-common/src/main/java/org/apache/sentry/hdfs/UpdateableAuthzPaths.java @@ -50,12 +50,12 @@ public class UpdateableAuthzPaths implements AuthzPaths, Updateable<PathsUpdate> @Override public Set<String> findAuthzObject(String[] pathElements) { - return paths.findAuthzObject(pathElements); + return paths.findAuthzObject(pathElements); } @Override public Set<String> findAuthzObjectExactMatches(String[] pathElements) { - return paths.findAuthzObjectExactMatches(pathElements); + return paths.findAuthzObjectExactMatches(pathElements); } @Override @@ -93,16 +93,16 @@ public class UpdateableAuthzPaths implements AuthzPaths, Updateable<PathsUpdate> List<TPathChanges> pathChanges = update.getPathChanges(); TPathChanges newPathInfo = null; TPathChanges oldPathInfo = null; - if ((pathChanges.get(0).getAddPathsSize() == 1) - && (pathChanges.get(1).getDelPathsSize() == 1)) { + if (pathChanges.get(0).getAddPathsSize() == 1 + && pathChanges.get(1).getDelPathsSize() == 1) { newPathInfo = pathChanges.get(0); oldPathInfo = pathChanges.get(1); - } else if ((pathChanges.get(1).getAddPathsSize() == 1) - && (pathChanges.get(0).getDelPathsSize() == 1)) { + } else if (pathChanges.get(1).getAddPathsSize() == 1 + && pathChanges.get(0).getDelPathsSize() == 1) { newPathInfo = pathChanges.get(1); oldPathInfo = pathChanges.get(0); } - if ((newPathInfo != null)&&(oldPathInfo != null)) { + if (newPathInfo != null && oldPathInfo != null) { paths.renameAuthzObject( oldPathInfo.getAuthzObj(), oldPathInfo.getDelPaths().get(0), newPathInfo.getAuthzObj(), newPathInfo.getAddPaths().get(0)); @@ -113,8 +113,8 @@ public class UpdateableAuthzPaths implements AuthzPaths, Updateable<PathsUpdate> paths.addPathsToAuthzObject(pathChanges.getAuthzObj(), pathChanges .getAddPaths(), true); List<List<String>> delPaths = pathChanges.getDelPaths(); - if ((delPaths.size() == 1) && (delPaths.get(0).size() == 1) - && (delPaths.get(0).get(0).equals(PathsUpdate.ALL_PATHS))) { + if (delPaths.size() == 1 && delPaths.get(0).size() == 1 + && delPaths.get(0).get(0).equals(PathsUpdate.ALL_PATHS)) { // Remove all paths.. eg. drop table paths.deleteAuthzObject(pathChanges.getAuthzObj()); } else { http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/95b1e40e/sentry-hdfs/sentry-hdfs-common/src/main/java/org/apache/sentry/hdfs/ha/HdfsHAClientInvocationHandler.java ---------------------------------------------------------------------- diff --git a/sentry-hdfs/sentry-hdfs-common/src/main/java/org/apache/sentry/hdfs/ha/HdfsHAClientInvocationHandler.java b/sentry-hdfs/sentry-hdfs-common/src/main/java/org/apache/sentry/hdfs/ha/HdfsHAClientInvocationHandler.java index ec66b2d..6138b8c 100644 --- a/sentry-hdfs/sentry-hdfs-common/src/main/java/org/apache/sentry/hdfs/ha/HdfsHAClientInvocationHandler.java +++ b/sentry-hdfs/sentry-hdfs-common/src/main/java/org/apache/sentry/hdfs/ha/HdfsHAClientInvocationHandler.java @@ -59,44 +59,42 @@ public class HdfsHAClientInvocationHandler implements InvocationHandler { public Object invoke(Object proxy, Method method, Object[] args) throws SentryHdfsServiceException { Object result = null; - while (true) { - try { - if (!method.isAccessible()) { - method.setAccessible(true); - } - // The client is initialized in the first call instead of constructor. - // This way we can propagate the connection exception to caller cleanly - if (client == null) { - renewSentryClient(); - } - result = method.invoke(client, args); - } catch (IllegalAccessException e) { - throw new SentryHdfsServiceException(e.getMessage(), e.getCause()); - } catch (InvocationTargetException e) { - if (!(e.getTargetException() instanceof SentryHdfsServiceException)) { - throw new SentryHdfsServiceException("Error in Sentry HDFS client", - e.getTargetException()); - } else { - LOGGER.warn(THRIFT_EXCEPTION_MESSAGE + ": Error in connect current" + - " service, will retry other service.", e); - if (client != null) { - client.close(); - client = null; - } - throw (SentryHdfsServiceException) e.getTargetException(); - } - } catch (IOException e1) { - // close() doesn't throw exception we supress that in case of connection - // loss. Changing SentryPolicyServiceClient#close() to throw an - // exception would be a backward incompatible change for Sentry clients. - if ("close".equals(method.getName())) { - return null; + try { + if (!method.isAccessible()) { + method.setAccessible(true); + } + // The client is initialized in the first call instead of constructor. + // This way we can propagate the connection exception to caller cleanly + if (client == null) { + renewSentryClient(); + } + result = method.invoke(client, args); + } catch (IllegalAccessException e) { + throw new SentryHdfsServiceException(e.getMessage(), e.getCause()); + } catch (InvocationTargetException e) { + if (!(e.getTargetException() instanceof SentryHdfsServiceException)) { + throw new SentryHdfsServiceException("Error in Sentry HDFS client", + e.getTargetException()); + } else { + LOGGER.warn(THRIFT_EXCEPTION_MESSAGE + ": Error in connect current" + + " service, will retry other service.", e); + if (client != null) { + client.close(); + client = null; } - throw new SentryHdfsServiceException( - "Error connecting to sentry service " + e1.getMessage(), e1); + throw (SentryHdfsServiceException) e.getTargetException(); + } + } catch (IOException e1) { + // close() doesn't throw exception we supress that in case of connection + // loss. Changing SentryPolicyServiceClient#close() to throw an + // exception would be a backward incompatible change for Sentry clients. + if ("close".equals(method.getName())) { + return null; } - return result; + throw new SentryHdfsServiceException( + "Error connecting to sentry service " + e1.getMessage(), e1); } + return result; } // Retrieve the new connection endpoint from ZK and connect to new server http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/95b1e40e/sentry-hdfs/sentry-hdfs-common/src/test/java/org/apache/sentry/hdfs/TestHMSPathsFullDump.java ---------------------------------------------------------------------- diff --git a/sentry-hdfs/sentry-hdfs-common/src/test/java/org/apache/sentry/hdfs/TestHMSPathsFullDump.java b/sentry-hdfs/sentry-hdfs-common/src/test/java/org/apache/sentry/hdfs/TestHMSPathsFullDump.java index b43ad0e..735b5d7 100644 --- a/sentry-hdfs/sentry-hdfs-common/src/test/java/org/apache/sentry/hdfs/TestHMSPathsFullDump.java +++ b/sentry-hdfs/sentry-hdfs-common/src/test/java/org/apache/sentry/hdfs/TestHMSPathsFullDump.java @@ -33,10 +33,6 @@ import java.util.Arrays; import java.util.HashSet; import java.io.IOException; -import static org.junit.Assert.assertEquals; -import static org.junit.Assert.assertFalse; -import static org.junit.Assert.assertNull; - public class TestHMSPathsFullDump { private static boolean useCompact = true;
