http://git-wip-us.apache.org/repos/asf/sentry/blob/fb7bb7bc/sentry-service/sentry-service-server/src/main/java/org/apache/sentry/provider/db/service/persistent/SentryStore.java ---------------------------------------------------------------------- diff --git a/sentry-service/sentry-service-server/src/main/java/org/apache/sentry/provider/db/service/persistent/SentryStore.java b/sentry-service/sentry-service-server/src/main/java/org/apache/sentry/provider/db/service/persistent/SentryStore.java index 4f7bdbd..621ce89 100644 --- a/sentry-service/sentry-service-server/src/main/java/org/apache/sentry/provider/db/service/persistent/SentryStore.java +++ b/sentry-service/sentry-service-server/src/main/java/org/apache/sentry/provider/db/service/persistent/SentryStore.java @@ -66,7 +66,7 @@ import org.apache.sentry.core.model.db.DBModelAuthorizable.AuthorizableType; import org.apache.sentry.hdfs.PathsUpdate; import org.apache.sentry.hdfs.UniquePathsUpdate; import org.apache.sentry.hdfs.UpdateableAuthzPaths; -import org.apache.sentry.hdfs.service.thrift.TPrivilegeEntityType; +import org.apache.sentry.hdfs.service.thrift.TPrivilegePrincipalType; import org.apache.sentry.provider.db.service.model.MAuthzPathsMapping; import org.apache.sentry.provider.db.service.model.MAuthzPathsSnapshotId; import org.apache.sentry.provider.db.service.model.MSentryChange; @@ -81,7 +81,7 @@ import org.apache.sentry.provider.db.service.model.MSentryUser; import org.apache.sentry.provider.db.service.model.MSentryVersion; import org.apache.sentry.provider.db.service.model.MSentryUtil; import org.apache.sentry.provider.db.service.model.MPath; -import org.apache.sentry.hdfs.service.thrift.TPrivilegeEntity; +import org.apache.sentry.hdfs.service.thrift.TPrivilegePrincipal; import org.apache.sentry.api.common.ApiConstants.PrivilegeScope; import org.apache.sentry.api.service.thrift.SentryPolicyStoreProcessor; import org.apache.sentry.api.service.thrift.TSentryActiveRoleSet; @@ -92,7 +92,7 @@ import org.apache.sentry.api.service.thrift.TSentryMappingData; import org.apache.sentry.api.service.thrift.TSentryPrivilege; import org.apache.sentry.api.service.thrift.TSentryPrivilegeMap; import org.apache.sentry.api.service.thrift.TSentryRole; -import org.apache.sentry.service.common.ServiceConstants.SentryEntityType; +import org.apache.sentry.service.common.ServiceConstants.SentryPrincipalType; import org.apache.sentry.service.common.ServiceConstants.ServerConfig; import org.datanucleus.store.rdbms.exceptions.MissingTableException; import org.slf4j.Logger; @@ -687,7 +687,7 @@ public class SentryStore implements SentryStoreInterface { public void alterSentryRoleGrantPrivileges(final String grantorPrincipal, final String roleName, final Set<TSentryPrivilege> privileges) throws Exception { for (TSentryPrivilege privilege : privileges) { - alterSentryGrantPrivilege(grantorPrincipal, SentryEntityType.ROLE, roleName, privilege, null); + alterSentryGrantPrivilege(grantorPrincipal, SentryPrincipalType.ROLE, roleName, privilege, null); } } @@ -696,14 +696,14 @@ public class SentryStore implements SentryStoreInterface { * permission change to MSentryPermChange table in a single transaction. * * @param grantorPrincipal User name - * @param type Type of entity to which privilege is granted. - * @param name the name of the entity to which privilege is granted. + * @param type Type of principal to which privilege is granted. + * @param name the name of the principal to which privilege is granted. * @param privilege the given privilege * @param update the corresponding permission delta update if any. * @throws Exception * */ - synchronized void alterSentryGrantPrivilege(final String grantorPrincipal, SentryEntityType type, + synchronized void alterSentryGrantPrivilege(final String grantorPrincipal, SentryPrincipalType type, final String name, final TSentryPrivilege privilege, final Update update) throws Exception { @@ -744,7 +744,7 @@ public class SentryStore implements SentryStoreInterface { Preconditions.checkNotNull(privilegesUpdateMap); for (TSentryPrivilege privilege : privileges) { Update update = privilegesUpdateMap.get(privilege); - alterSentryGrantPrivilege(grantorPrincipal, SentryEntityType.ROLE, roleName, privilege, + alterSentryGrantPrivilege(grantorPrincipal, SentryPrincipalType.ROLE, roleName, privilege, update); } } @@ -775,15 +775,15 @@ public class SentryStore implements SentryStoreInterface { } private MSentryPrivilege alterSentryGrantPrivilegeCore(PersistenceManager pm, - SentryEntityType type, + SentryPrincipalType type, String entityName, TSentryPrivilege privilege) throws SentryNoSuchObjectException, SentryInvalidInputException { MSentryPrivilege mPrivilege = null; - PrivilegeEntity mEntity = getEntity(pm, entityName, type); + PrivilegePrincipal mEntity = getEntity(pm, entityName, type); if (mEntity == null) { - if(type == SentryEntityType.ROLE) { + if(type == SentryPrincipalType.ROLE) { throw noSuchRole(entityName); - } else if(type == SentryEntityType.USER) { + } else if(type == SentryPrincipalType.USER) { // User might not exist. Creating one. mEntity = new MSentryUser(entityName, System.currentTimeMillis(), Sets.newHashSet()); } @@ -809,11 +809,11 @@ public class SentryStore implements SentryStoreInterface { MSentryPrivilege mInsert = findMatchPrivilege(mEntity.getPrivileges(), convertToMSentryPrivilege(tNotAll)); if (mSelect != null) { - mSelect.removeEntity(mEntity); + mSelect.removePrincipal(mEntity); persistPrivilege(pm, mSelect); } if (mInsert != null) { - mInsert.removeEntity(mEntity); + mInsert.removePrincipal(mEntity); persistPrivilege(pm, mInsert); } } else { @@ -839,7 +839,7 @@ public class SentryStore implements SentryStoreInterface { if (mPrivilege == null) { mPrivilege = convertToMSentryPrivilege(privilege); } - mPrivilege.appendEntity(mEntity); + mPrivilege.appendPrincipal(mEntity); pm.makePersistent(mPrivilege); return mPrivilege; } @@ -866,7 +866,7 @@ public class SentryStore implements SentryStoreInterface { } for (TSentryPrivilege privilege : privileges) { - alterSentryGrantPrivilege(grantorPrincipal, SentryEntityType.USER, userName, privilege, null); + alterSentryGrantPrivilege(grantorPrincipal, SentryPrincipalType.USER, userName, privilege, null); } } @@ -875,18 +875,18 @@ public class SentryStore implements SentryStoreInterface { * permission change to MSentryPermChange table in a single transaction. * Creates User, if it is not already there. * Internally calls alterSentryGrantPrivilege. - * @param entityName Entity name to which permissions should be granted. - * @param entityType Entity Type + * @param principalName principalType name to which permissions should be granted. + * @param entityType Principal Type * @param privilege Privilege to be granted * @param update DeltaTransactionBlock * @throws Exception */ - public void alterSentryGrantOwnerPrivilege(final String entityName, SentryEntityType entityType, + public void alterSentryGrantOwnerPrivilege(final String principalName, SentryPrincipalType entityType, final TSentryPrivilege privilege, final Update update) throws Exception { execute(update, pm -> { pm.setDetachAllOnCommit(false); // No need to detach objects - String trimmedEntityName = trimAndLower(entityName); + String trimmedEntityName = trimAndLower(principalName); // Alter sentry Role and grant Privilege. MSentryPrivilege mPrivilege = alterSentryGrantPrivilegeCore(pm, entityType, @@ -928,7 +928,7 @@ public class SentryStore implements SentryStoreInterface { Preconditions.checkNotNull(privilegesUpdateMap); for (TSentryPrivilege privilege : privileges) { Update update = privilegesUpdateMap.get(privilege); - alterSentryGrantPrivilege(grantorPrincipal, SentryEntityType.USER, userName, privilege, + alterSentryGrantPrivilege(grantorPrincipal, SentryPrincipalType.USER, userName, privilege, update); } } @@ -983,7 +983,7 @@ public class SentryStore implements SentryStoreInterface { public void alterSentryUserRevokePrivileges(final String grantorPrincipal, final String userName, final Set<TSentryPrivilege> tPrivileges) throws Exception { for (TSentryPrivilege tPrivilege : tPrivileges) { - alterSentryRevokePrivilege(grantorPrincipal, SentryEntityType.USER, userName, tPrivilege, null); + alterSentryRevokePrivilege(grantorPrincipal, SentryPrincipalType.USER, userName, tPrivilege, null); } } @@ -1007,7 +1007,7 @@ public class SentryStore implements SentryStoreInterface { Preconditions.checkNotNull(privilegesUpdateMap); for (TSentryPrivilege tPrivilege : tPrivileges) { Update update = privilegesUpdateMap.get(tPrivilege); - alterSentryRevokePrivilege(grantorPrincipal, SentryEntityType.USER, userName, + alterSentryRevokePrivilege(grantorPrincipal, SentryPrincipalType.USER, userName, tPrivilege, update); } } @@ -1025,7 +1025,7 @@ public class SentryStore implements SentryStoreInterface { public void alterSentryRoleRevokePrivileges(final String grantorPrincipal, final String roleName, final Set<TSentryPrivilege> tPrivileges) throws Exception { for (TSentryPrivilege tPrivilege : tPrivileges) { - alterSentryRevokePrivilege(grantorPrincipal, SentryEntityType.ROLE, roleName, tPrivilege, null); + alterSentryRevokePrivilege(grantorPrincipal, SentryPrincipalType.ROLE, roleName, tPrivilege, null); } } @@ -1034,19 +1034,19 @@ public class SentryStore implements SentryStoreInterface { * permission change to MSentryPermChange table in a single transaction. * * @param grantorPrincipal User name - * @param type Type of entity to which privilege is granted. - * @param entityName the name of the entity from which privilege is revoked. + * @param type Type of principal to which privilege is granted. + * @param principalName the name of the principal from which privilege is revoked. * @param tPrivilege the given privilege * @param update the corresponding permission delta update transaction block * @throws Exception * */ - synchronized void alterSentryRevokePrivilege(final String grantorPrincipal, SentryEntityType type, - final String entityName, final TSentryPrivilege tPrivilege, + synchronized void alterSentryRevokePrivilege(final String grantorPrincipal, SentryPrincipalType type, + final String principalName, final TSentryPrivilege tPrivilege, final Update update) throws Exception { execute(update, pm -> { pm.setDetachAllOnCommit(false); // No need to detach objects - String trimmedEntityName = safeTrimLower(entityName); + String trimmedEntityName = safeTrimLower(principalName); // first do revoke check grantOptionCheck(pm, grantorPrincipal, tPrivilege); @@ -1075,19 +1075,19 @@ public class SentryStore implements SentryStoreInterface { Preconditions.checkNotNull(privilegesUpdateMap); for (TSentryPrivilege tPrivilege : tPrivileges) { Update update = privilegesUpdateMap.get(tPrivilege); - alterSentryRevokePrivilege(grantorPrincipal, SentryEntityType.ROLE, roleName, + alterSentryRevokePrivilege(grantorPrincipal, SentryPrincipalType.ROLE, roleName, tPrivilege, update); } } - private void alterSentryRevokePrivilegeCore(PersistenceManager pm, SentryEntityType type, + private void alterSentryRevokePrivilegeCore(PersistenceManager pm, SentryPrincipalType type, String entityName, TSentryPrivilege tPrivilege) throws SentryNoSuchObjectException, SentryInvalidInputException { - PrivilegeEntity mEntity = getEntity(pm, entityName, type); + PrivilegePrincipal mEntity = getEntity(pm, entityName, type); if (mEntity == null) { - if(type == SentryEntityType.ROLE) { + if(type == SentryPrincipalType.ROLE) { throw noSuchRole(entityName); - } else if(type == SentryEntityType.USER) { + } else if(type == SentryPrincipalType.USER) { throw noSuchUser (entityName); } } @@ -1129,7 +1129,7 @@ public class SentryStore implements SentryStoreInterface { */ private void revokePartial(PersistenceManager pm, TSentryPrivilege requestedPrivToRevoke, - PrivilegeEntity mEntity, + PrivilegePrincipal mEntity, MSentryPrivilege currentPrivilege) throws SentryInvalidInputException { MSentryPrivilege persistedPriv = getMSentryPrivilege(convertToTSentryPrivilege(currentPrivilege), pm); @@ -1144,7 +1144,7 @@ public class SentryStore implements SentryStoreInterface { requestedPrivToRevoke.getAction().equalsIgnoreCase(AccessConstants.ACTION_ALL)) { if ((!persistedPriv.getRoles().isEmpty() || !persistedPriv.getUsers().isEmpty()) && mEntity != null) { - persistedPriv.removeEntity(mEntity); + persistedPriv.removePrincipal(mEntity); persistPrivilege(pm, persistedPriv); } } else { @@ -1166,18 +1166,18 @@ public class SentryStore implements SentryStoreInterface { } /** - * Persists the changes in entity + * Persists the changes in principal * @param pm persistence manager - * @param type Type of privilege entity - * @param entity privilege entity to persist + * @param type Type of privilege principal + * @param principal privilege principal to persist * */ - private void persistEntity(PersistenceManager pm, SentryEntityType type, PrivilegeEntity entity) { - if (type == SentryEntityType.USER && isUserStale((MSentryUser) entity)) { - pm.deletePersistent(entity); + private void persistEntity(PersistenceManager pm, SentryPrincipalType type, PrivilegePrincipal principal) { + if (type == SentryPrincipalType.USER && isUserStale((MSentryUser) principal)) { + pm.deletePersistent(principal); return; } - pm.makePersistent(entity); + pm.makePersistent(principal); } private boolean isUserStale(MSentryUser user) { @@ -1214,20 +1214,20 @@ public class SentryStore implements SentryStoreInterface { return false; } - private void revokePrivilegeAndGrantPartial(PersistenceManager pm, PrivilegeEntity mEntity, + private void revokePrivilegeAndGrantPartial(PersistenceManager pm, PrivilegePrincipal mEntity, MSentryPrivilege currentPrivilege, MSentryPrivilege persistedPriv, Set<String> addActions) throws SentryInvalidInputException { // If table / URI, remove ALL persistedPriv = getMSentryPrivilege(convertToTSentryPrivilege(persistedPriv), pm); if (persistedPriv != null) { - persistedPriv.removeEntity(mEntity); + persistedPriv.removePrincipal(mEntity); persistPrivilege(pm, persistedPriv); } currentPrivilege.setAction(AccessConstants.ALL); persistedPriv = getMSentryPrivilege(convertToTSentryPrivilege(currentPrivilege), pm); if (persistedPriv != null && mEntity.getPrivileges().contains(persistedPriv)) { - persistedPriv.removeEntity(mEntity); + persistedPriv.removePrincipal(mEntity); persistPrivilege(pm, persistedPriv); // add decomposed actions for (String addAction : addActions) { @@ -1239,7 +1239,7 @@ public class SentryStore implements SentryStoreInterface { } mEntity.appendPrivilege(persistedPriv); } - persistedPriv.appendEntity(mEntity); + persistedPriv.appendPrincipal(mEntity); pm.makePersistent(persistedPriv); } } @@ -1248,7 +1248,7 @@ public class SentryStore implements SentryStoreInterface { * Revoke privilege from role */ private void revokePrivilege(PersistenceManager pm, TSentryPrivilege tPrivilege, - PrivilegeEntity mEntity, MSentryPrivilege mPrivilege) + PrivilegePrincipal mEntity, MSentryPrivilege mPrivilege) throws SentryInvalidInputException { if (PARTIAL_REVOKE_ACTIONS.contains(mPrivilege.getAction())) { // if this privilege is in partial revoke actions @@ -1259,7 +1259,7 @@ public class SentryStore implements SentryStoreInterface { // we will revoke it from role directly MSentryPrivilege persistedPriv = getMSentryPrivilege(convertToTSentryPrivilege(mPrivilege), pm); if (persistedPriv != null) { - persistedPriv.removeEntity(mEntity); + persistedPriv.removePrincipal(mEntity); persistPrivilege(pm, persistedPriv); } } @@ -1269,7 +1269,7 @@ public class SentryStore implements SentryStoreInterface { * Explore Privilege graph and collect child privileges. * The responsibility to commit/rollback the transaction should be handled by the caller. */ - private void populateChildren(PersistenceManager pm, SentryEntityType entityType, Set<String> entityNames, MSentryPrivilege priv, + private void populateChildren(PersistenceManager pm, SentryPrincipalType entityType, Set<String> entityNames, MSentryPrivilege priv, Collection<MSentryPrivilege> children) throws SentryInvalidInputException { Preconditions.checkNotNull(pm); if (!isNULL(priv.getServerName()) || !isNULL(priv.getDbName()) @@ -1305,7 +1305,7 @@ public class SentryStore implements SentryStoreInterface { } } - private Set<MSentryPrivilege> getChildPrivileges(PersistenceManager pm, SentryEntityType entityType, Set<String> entityNames, + private Set<MSentryPrivilege> getChildPrivileges(PersistenceManager pm, SentryPrincipalType entityType, Set<String> entityNames, MSentryPrivilege parent) throws SentryInvalidInputException { // Column and URI do not have children if (!isNULL(parent.getColumnName()) || !isNULL(parent.getURI())) { @@ -1314,9 +1314,9 @@ public class SentryStore implements SentryStoreInterface { Query query = pm.newQuery(MSentryPrivilege.class); QueryParamBuilder paramBuilder = null; - if (entityType == SentryEntityType.ROLE) { + if (entityType == SentryPrincipalType.ROLE) { paramBuilder = QueryParamBuilder.addRolesFilter(query, null, entityNames).add(SERVER_NAME, parent.getServerName()); - } else if (entityType == SentryEntityType.USER) { + } else if (entityType == SentryPrincipalType.USER) { paramBuilder = QueryParamBuilder.addUsersFilter(query, null, entityNames).add(SERVER_NAME, parent.getServerName()); } else { throw new SentryInvalidInputException("entityType" + entityType + " is not valid"); @@ -1835,7 +1835,7 @@ public class SentryStore implements SentryStoreInterface { }); } - private List<MSentryPrivilege> getMSentryPrivileges(final SentryEntityType entityType, final Set<String> entityNames, + private List<MSentryPrivilege> getMSentryPrivileges(final SentryPrincipalType entityType, final Set<String> entityNames, final TSentryAuthorizable authHierarchy) throws Exception { if (entityNames == null || entityNames.isEmpty()) { @@ -1846,9 +1846,9 @@ public class SentryStore implements SentryStoreInterface { pm -> { Query query = pm.newQuery(MSentryPrivilege.class); QueryParamBuilder paramBuilder = null; - if (entityType == SentryEntityType.ROLE) { + if (entityType == SentryPrincipalType.ROLE) { paramBuilder = QueryParamBuilder.addRolesFilter(query, null, entityNames); - } else if (entityType == SentryEntityType.USER) { + } else if (entityType == SentryPrincipalType.USER) { paramBuilder = QueryParamBuilder.addUsersFilter(query, null, entityNames); } else { throw new SentryInvalidInputException("entityType" + entityType + " is not valid"); @@ -1899,7 +1899,7 @@ public class SentryStore implements SentryStoreInterface { } private List<MSentryPrivilege> getMSentryPrivilegesByAuth( - final SentryEntityType entityType, + final SentryPrincipalType entityType, final Set<String> entityNames, final TSentryAuthorizable authHierarchy) throws Exception { @@ -1909,17 +1909,17 @@ public class SentryStore implements SentryStoreInterface { QueryParamBuilder paramBuilder = QueryParamBuilder.newQueryParamBuilder(); if (entityNames == null || entityNames.isEmpty()) { - if (entityType == SentryEntityType.ROLE) { + if (entityType == SentryPrincipalType.ROLE) { paramBuilder.addString("!roles.isEmpty()"); - } else if (entityType == SentryEntityType.USER) { + } else if (entityType == SentryPrincipalType.USER) { paramBuilder.addString("!users.isEmpty()"); } else { throw new SentryInvalidInputException("entityType: " + entityType + " is invalid"); } } else { - if (entityType == SentryEntityType.ROLE) { + if (entityType == SentryPrincipalType.ROLE) { QueryParamBuilder.addRolesFilter(query, paramBuilder, entityNames); - } else if (entityType == SentryEntityType.USER) { + } else if (entityType == SentryPrincipalType.USER) { QueryParamBuilder.addUsersFilter(query, paramBuilder, entityNames); } else { throw new SentryInvalidInputException("entityType" + entityType + " is not valid"); @@ -1947,11 +1947,11 @@ public class SentryStore implements SentryStoreInterface { return Collections.emptyList(); } - if (entityType == SentryEntityType.ROLE) { + if (entityType == SentryPrincipalType.ROLE) { FetchGroup grp = pm.getFetchGroup(MSentryPrivilege.class, "fetchRole"); grp.addMember("roles"); pm.getFetchPlan().addGroup("fetchRole"); - } else if(entityType == SentryEntityType.USER) { + } else if(entityType == SentryPrincipalType.USER) { FetchGroup grp = pm.getFetchGroup(MSentryPrivilege.class, "fetchUser"); grp.addMember("users"); pm.getFetchPlan().addGroup("fetchUser"); @@ -2050,7 +2050,7 @@ public class SentryStore implements SentryStoreInterface { // so if not admin, don't return anything if 'roles' is empty.. if (isAdmin || !roles.isEmpty()) { List<MSentryPrivilege> mSentryPrivileges = - getMSentryPrivilegesByAuth(SentryEntityType.ROLE, roles, authHierarchy); + getMSentryPrivilegesByAuth(SentryPrincipalType.ROLE, roles, authHierarchy); for (MSentryPrivilege priv : mSentryPrivileges) { for (MSentryRole role : priv.getRoles()) { TSentryPrivilege tPriv = convertToTSentryPrivilege(priv); @@ -2081,11 +2081,11 @@ public class SentryStore implements SentryStoreInterface { List<MSentryPrivilege> mSentryPrivileges = getMSentryOwnerPrivilegesByAuth(pm, authorizable); for (MSentryPrivilege priv : mSentryPrivileges) { - for (PrivilegeEntity user : priv.getUsers()) { - ownerInfolist.add(new SentryOwnerInfo(user.getType(), user.getEntityName())); + for (PrivilegePrincipal user : priv.getUsers()) { + ownerInfolist.add(new SentryOwnerInfo(user.getPrincipalType(), user.getPrincipalName())); } - for (PrivilegeEntity role : priv.getRoles()) { - ownerInfolist.add(new SentryOwnerInfo(role.getType(), role.getEntityName())); + for (PrivilegePrincipal role : priv.getRoles()) { + ownerInfolist.add(new SentryOwnerInfo(role.getPrincipalType(), role.getPrincipalName())); } } return ownerInfolist; @@ -2109,7 +2109,7 @@ public class SentryStore implements SentryStoreInterface { // so if not admin, don't return anything if 'roles' is empty.. if (isAdmin || ((userNames != null) && (!userNames.isEmpty()))) { List<MSentryPrivilege> mSentryPrivileges = - getMSentryPrivilegesByAuth(SentryEntityType.USER, userNames, authHierarchy); + getMSentryPrivilegesByAuth(SentryPrincipalType.USER, userNames, authHierarchy); for (MSentryPrivilege priv : mSentryPrivileges) { for (MSentryUser user : priv.getUsers()) { TSentryPrivilege tPriv = convertToTSentryPrivilege(priv); @@ -2148,14 +2148,14 @@ public class SentryStore implements SentryStoreInterface { /** * Gets sentry privilege objects for criteria from the persistence layer - * @param entityType : the type of the entity (required) - * @param entityNames : entity names to look up (required) + * @param principalType : the type of the principalprincipal (required) + * @param principalNames : principal names to look up (required) * @param authHierarchy : filter push down based on auth hierarchy (optional) * @return : Set of thrift sentry privilege objects * @throws SentryInvalidInputException */ - public Set<TSentryPrivilege> getTSentryPrivileges(SentryEntityType entityType, Set<String> entityNames, + public Set<TSentryPrivilege> getTSentryPrivileges(SentryPrincipalType principalType, Set<String> principalNames, TSentryAuthorizable authHierarchy) throws Exception { if (authHierarchy.getServer() == null) { @@ -2170,7 +2170,7 @@ public class SentryStore implements SentryStoreInterface { if (authHierarchy.getUri() == null && authHierarchy.getDb() == null) { throw new SentryInvalidInputException("One of uri or dbName must not be null !!"); } - return convertToTSentryPrivileges(getMSentryPrivileges(entityType, entityNames, authHierarchy)); + return convertToTSentryPrivileges(getMSentryPrivileges(principalType, principalNames, authHierarchy)); } /** @@ -2333,12 +2333,12 @@ public class SentryStore implements SentryStoreInterface { TSentryActiveRoleSet roleSet, TSentryAuthorizable authHierarchy) throws Exception { Set<String> result = Sets.newHashSet(); Set<String> rolesToQuery = getRolesToQuery(groups, users, roleSet); - List<MSentryPrivilege> mSentryPrivileges = getMSentryPrivileges(SentryEntityType.ROLE, rolesToQuery, authHierarchy); + List<MSentryPrivilege> mSentryPrivileges = getMSentryPrivileges(SentryPrincipalType.ROLE, rolesToQuery, authHierarchy); for (MSentryPrivilege priv : mSentryPrivileges) { result.add(toAuthorizable(priv)); } - mSentryPrivileges = getMSentryPrivileges(SentryEntityType.USER, users, authHierarchy); + mSentryPrivileges = getMSentryPrivileges(SentryPrincipalType.USER, users, authHierarchy); for (MSentryPrivilege priv : mSentryPrivileges) { result.add(toAuthorizable(priv)); } @@ -2670,16 +2670,16 @@ public class SentryStore implements SentryStoreInterface { * privilege based on the arguments provided. * @param tAuthorizable Authorizable to which owner privilege should be granted. * @param ownerName - * @param entityType + * @param principalType * @param updates Delta Updates. * @throws Exception */ public synchronized void updateOwnerPrivilege(final TSentryAuthorizable tAuthorizable, - String ownerName, SentryEntityType entityType, + String ownerName, SentryPrincipalType principalType, final List<Update> updates) throws Exception { execute(updates, pm -> { - if(entityType == null) { - LOGGER.info("Invalid Entity Type"); + if(principalType == null) { + LOGGER.info("Invalid principal Type"); } pm.setDetachAllOnCommit(false); // No need to detach objects TSentryPrivilege tOwnerPrivilege = toSentryPrivilege(tAuthorizable); @@ -2692,11 +2692,11 @@ public class SentryStore implements SentryStoreInterface { tOwnerPrivilege.setGrantOption(TSentryGrantOption.TRUE); } //Granting the privilege. - alterSentryGrantPrivilegeCore(pm, entityType, ownerName, tOwnerPrivilege); + alterSentryGrantPrivilegeCore(pm, principalType, ownerName, tOwnerPrivilege); return null; } catch (JDODataStoreException e) { throw new SentryInvalidInputException("Failed to grant owner privilege on Authorizable : " + - tAuthorizable.toString() + " to " + entityType.toString() + ": " + ownerName + " " + tAuthorizable.toString() + " to " + principalType.toString() + ": " + ownerName + " " + e.getMessage()); } }); @@ -2730,7 +2730,7 @@ public class SentryStore implements SentryStoreInterface { // Making sure of removing stale users. for (MSentryUser user : users) { user.removePrivilege(mOwnerPriv); - persistEntity(pm, SentryEntityType.USER, user); + persistEntity(pm, SentryPrincipalType.USER, user); } } pm.deletePersistentAll(mOwnerPrivileges); @@ -2848,7 +2848,7 @@ public class SentryStore implements SentryStoreInterface { TSentryPrivilege tPrivilege, TSentryPrivilege newTPrivilege) throws SentryNoSuchObjectException, SentryInvalidInputException { - Collection<PrivilegeEntity> entitySet = new HashSet<>(); + Collection<PrivilegePrincipal> entitySet = new HashSet<>(); List<MSentryPrivilege> mPrivileges = getMSentryPrivileges(tPrivilege, pm); for (MSentryPrivilege mPrivilege : mPrivileges) { entitySet.addAll(ImmutableSet.copyOf(mPrivilege.getRoles())); @@ -2856,8 +2856,8 @@ public class SentryStore implements SentryStoreInterface { } // Dropping the privilege if (newTPrivilege == null) { - for (PrivilegeEntity entity : entitySet) { - alterSentryRevokePrivilegeCore(pm, entity.getType(), entity.getEntityName(), tPrivilege); + for (PrivilegePrincipal principal : entitySet) { + alterSentryRevokePrivilegeCore(pm, principal.getPrincipalType(), principal.getPrincipalName(), tPrivilege); } return; } @@ -2871,22 +2871,22 @@ public class SentryStore implements SentryStoreInterface { // dereferenced. If object has to be used even after that it should have been detached. parent = pm.detachCopy(parent); } - for (PrivilegeEntity entity : entitySet) { + for (PrivilegePrincipal principal : entitySet) { // When all the privilege associated for a user are revoked, user will be removed from the database. // JDO object should be not used when the associated database entry is removed. Application should use // a detached copy instead. - PrivilegeEntity detachedEntity = pm.detachCopy(entity); + PrivilegePrincipal detachedEntity = pm.detachCopy(principal); // 1. get privilege and child privileges Collection<MSentryPrivilege> privilegeGraph = new HashSet<>(); if (parent != null) { privilegeGraph.add(parent); - populateChildren(pm, detachedEntity.getType(), Sets.newHashSet(detachedEntity.getEntityName()), parent, privilegeGraph); + populateChildren(pm, detachedEntity.getPrincipalType(), Sets.newHashSet(detachedEntity.getPrincipalName()), parent, privilegeGraph); } else { - populateChildren(pm, detachedEntity.getType(), Sets.newHashSet(detachedEntity.getEntityName()), convertToMSentryPrivilege(tPrivilege), + populateChildren(pm, detachedEntity.getPrincipalType(), Sets.newHashSet(detachedEntity.getPrincipalName()), convertToMSentryPrivilege(tPrivilege), privilegeGraph); } // 2. revoke privilege and child privileges - alterSentryRevokePrivilegeCore(pm, detachedEntity.getType(), detachedEntity.getEntityName(), tPrivilege); + alterSentryRevokePrivilegeCore(pm, detachedEntity.getPrincipalType(), detachedEntity.getPrincipalName(), tPrivilege); // 3. add new privilege and child privileges with new tableName for (MSentryPrivilege mPriv : privilegeGraph) { TSentryPrivilege tPriv = convertToTSentryPrivilege(mPriv); @@ -2897,7 +2897,7 @@ public class SentryStore implements SentryStoreInterface { tPriv.setDbName(newTPrivilege.getDbName()); tPriv.setTableName(newTPrivilege.getTableName()); } - alterSentryGrantPrivilegeCore(pm, detachedEntity.getType(), detachedEntity.getEntityName(), tPriv); + alterSentryGrantPrivilegeCore(pm, detachedEntity.getPrincipalType(), detachedEntity.getPrincipalName(), tPriv); } } } @@ -3064,7 +3064,7 @@ public class SentryStore implements SentryStoreInterface { // enable SentryPlugin(HDFS Sync feature). long curChangeID = getLastProcessedChangeIDCore(pm, MSentryPermChange.class); Map<String, List<String>> roleImage = retrieveFullRoleImageCore(pm); - Map<String, Map<TPrivilegeEntity, String>> privilegeMap = retrieveFullPrivilegeImageCore(pm); + Map<String, Map<TPrivilegePrincipal, String>> privilegeMap = retrieveFullPrivilegeImageCore(pm); return new PermissionsImage(roleImage, privilegeMap, curChangeID); }); @@ -3078,11 +3078,11 @@ public class SentryStore implements SentryStoreInterface { * @return a mapping of hiveObj to < role, privileges > * @throws Exception */ - private Map<String, Map<TPrivilegeEntity, String>> retrieveFullPrivilegeImageCore(PersistenceManager pm) + private Map<String, Map<TPrivilegePrincipal, String>> retrieveFullPrivilegeImageCore(PersistenceManager pm) throws Exception { pm.setDetachAllOnCommit(false); // No need to detach objects - Map<String, Map<TPrivilegeEntity, String>> retVal = new HashMap<>(); + Map<String, Map<TPrivilegePrincipal, String>> retVal = new HashMap<>(); Query query = pm.newQuery(MSentryPrivilege.class); query.addExtension(LOAD_RESULTS_AT_COMMIT, "false"); @@ -3101,27 +3101,27 @@ public class SentryStore implements SentryStoreInterface { if (!isNULL(mPriv.getTableName())) { authzObj = authzObj + "." + mPriv.getTableName(); } - Map<TPrivilegeEntity, String> pUpdate = retVal.get(authzObj); + Map<TPrivilegePrincipal, String> pUpdate = retVal.get(authzObj); if (pUpdate == null) { pUpdate = new HashMap<>(); retVal.put(authzObj, pUpdate); } for (MSentryRole mRole : mPriv.getRoles()) { - pUpdate = addPrivilegeEntry (mPriv, TPrivilegeEntityType.ROLE, mRole.getRoleName(), pUpdate); + pUpdate = addPrivilegeEntry (mPriv, TPrivilegePrincipalType.ROLE, mRole.getRoleName(), pUpdate); } for (MSentryUser mUser : mPriv.getUsers()) { - pUpdate = addPrivilegeEntry (mPriv, TPrivilegeEntityType.USER, mUser.getUserName(), pUpdate); + pUpdate = addPrivilegeEntry (mPriv, TPrivilegePrincipalType.USER, mUser.getUserName(), pUpdate); } } query.closeAll(); return retVal; } - private static Map<TPrivilegeEntity, String> addPrivilegeEntry(MSentryPrivilege mPriv, TPrivilegeEntityType tEntityType, - String entity, Map<TPrivilegeEntity, String> update) { + private static Map<TPrivilegePrincipal, String> addPrivilegeEntry(MSentryPrivilege mPriv, TPrivilegePrincipalType tEntityType, + String principal, Map<TPrivilegePrincipal, String> update) { String action; String newAction; - String existingPriv = update.get(entity); + String existingPriv = update.get(principal); action = mPriv.getAction().toUpperCase(); newAction = mPriv.getAction().toUpperCase(); if(action.equals(AccessConstants.OWNER)) { @@ -3130,10 +3130,10 @@ public class SentryStore implements SentryStoreInterface { } if (existingPriv == null) { - update.put(new TPrivilegeEntity(tEntityType, entity), + update.put(new TPrivilegePrincipal(tEntityType, principal), newAction); } else { - update.put(new TPrivilegeEntity(tEntityType, entity), existingPriv + "," + + update.put(new TPrivilegePrincipal(tEntityType, principal), existingPriv + "," + newAction); } return update; @@ -4187,7 +4187,7 @@ public class SentryStore implements SentryStoreInterface { // get the privileges for the role Set<TSentryPrivilege> tSentryPrivileges = entry.getValue(); for (TSentryPrivilege tSentryPrivilege : tSentryPrivileges) { - alterSentryGrantPrivilegeCore(pm, SentryEntityType.ROLE, entry.getKey(), tSentryPrivilege); + alterSentryGrantPrivilegeCore(pm, SentryPrincipalType.ROLE, entry.getKey(), tSentryPrivilege); } } } @@ -4686,15 +4686,15 @@ public class SentryStore implements SentryStoreInterface { } /** - * Get a single entity with the given name and type inside a transaction + * Get a single principal with the given name and type inside a transaction * @param pm Persistence Manager instance * @param name Role/user name (should not be null) - * @param type Type of entity - * @return single PrivilegeEntity with the given name and type + * @param type Type of principal + * @return single PrivilegePrincipal with the given name and type */ - public PrivilegeEntity getEntity(PersistenceManager pm, String name, SentryEntityType type) { + public PrivilegePrincipal getEntity(PersistenceManager pm, String name, SentryPrincipalType type) { Query query; - if(type == SentryEntityType.ROLE) { + if(type == SentryPrincipalType.ROLE) { query = pm.newQuery(MSentryRole.class); query.addExtension(LOAD_RESULTS_AT_COMMIT, "false"); query.setFilter("this.roleName == :roleName"); @@ -4705,7 +4705,7 @@ public class SentryStore implements SentryStoreInterface { query.setFilter("this.userName == :userName"); query.setUnique(true); } - return (PrivilegeEntity) query.execute(name); + return (PrivilegePrincipal) query.execute(name); } /**
http://git-wip-us.apache.org/repos/asf/sentry/blob/fb7bb7bc/sentry-service/sentry-service-server/src/main/java/org/apache/sentry/provider/db/service/persistent/SentryStoreInterface.java ---------------------------------------------------------------------- diff --git a/sentry-service/sentry-service-server/src/main/java/org/apache/sentry/provider/db/service/persistent/SentryStoreInterface.java b/sentry-service/sentry-service-server/src/main/java/org/apache/sentry/provider/db/service/persistent/SentryStoreInterface.java index 4443148..164188b 100644 --- a/sentry-service/sentry-service-server/src/main/java/org/apache/sentry/provider/db/service/persistent/SentryStoreInterface.java +++ b/sentry-service/sentry-service-server/src/main/java/org/apache/sentry/provider/db/service/persistent/SentryStoreInterface.java @@ -45,7 +45,7 @@ import org.apache.sentry.provider.db.service.model.MSentryHmsNotification; import org.apache.sentry.provider.db.service.model.MSentryPathChange; import org.apache.sentry.provider.db.service.model.MSentryPermChange; import org.apache.sentry.provider.db.service.model.MSentryPrivilege; -import org.apache.sentry.service.common.ServiceConstants.SentryEntityType; +import org.apache.sentry.service.common.ServiceConstants.SentryPrincipalType; /** * Interface for backend sentry store. @@ -193,7 +193,7 @@ public interface SentryStoreInterface { * @return : Set of thrift sentry privilege objects * @throws SentryInvalidInputException */ - Set<TSentryPrivilege> getTSentryPrivileges(SentryEntityType entityType, + Set<TSentryPrivilege> getTSentryPrivileges(SentryPrincipalType entityType, Set<String> entityNames, TSentryAuthorizable authHierarchy) throws Exception; @@ -757,7 +757,7 @@ public interface SentryStoreInterface { * @param update DeltaTransactionBlock * @throws Exception */ - void alterSentryGrantOwnerPrivilege(final String entityName, SentryEntityType entityType, + void alterSentryGrantOwnerPrivilege(final String entityName, SentryPrincipalType entityType, final TSentryPrivilege privilege, final Update update) throws Exception; @@ -780,7 +780,7 @@ public interface SentryStoreInterface { * @throws Exception */ void updateOwnerPrivilege(final TSentryAuthorizable tAuthorizable, - String ownerName, SentryEntityType entityType, + String ownerName, SentryPrincipalType entityType, final List<Update> updates) throws Exception; /** http://git-wip-us.apache.org/repos/asf/sentry/blob/fb7bb7bc/sentry-service/sentry-service-server/src/test/java/org/apache/sentry/api/service/thrift/TestSentryPolicyStoreProcessor.java ---------------------------------------------------------------------- diff --git a/sentry-service/sentry-service-server/src/test/java/org/apache/sentry/api/service/thrift/TestSentryPolicyStoreProcessor.java b/sentry-service/sentry-service-server/src/test/java/org/apache/sentry/api/service/thrift/TestSentryPolicyStoreProcessor.java index ee9442b..e2e8c39 100644 --- a/sentry-service/sentry-service-server/src/test/java/org/apache/sentry/api/service/thrift/TestSentryPolicyStoreProcessor.java +++ b/sentry-service/sentry-service-server/src/test/java/org/apache/sentry/api/service/thrift/TestSentryPolicyStoreProcessor.java @@ -37,7 +37,7 @@ import org.apache.sentry.provider.db.service.persistent.CounterWait; import org.apache.sentry.service.common.ServiceConstants; import org.apache.sentry.core.common.exception.SentrySiteConfigurationException; import org.apache.sentry.provider.db.service.persistent.SentryStore; -import org.apache.sentry.service.common.ServiceConstants.SentryEntityType; +import org.apache.sentry.service.common.ServiceConstants.SentryPrincipalType; import org.apache.sentry.service.common.ServiceConstants.ServerConfig; import org.junit.After; import org.junit.Assert; @@ -264,11 +264,11 @@ public class TestSentryPolicyStoreProcessor { TListSentryPrivilegesResponse returnedResp; TListSentryPrivilegesResponse expectedResp; - // Request privileges when user is null must throw an exception that entityName must not be null + // Request privileges when user is null must throw an exception that principalName must not be null returnedResp = policyStoreProcessor.list_sentry_privileges_by_user(newPrivilegesRequest("admin", null, null)); expectedResp = new TListSentryPrivilegesResponse(); - expectedResp.setStatus(Status.InvalidInput("entityName parameter must not be null", - new SentryInvalidInputException("entityName parameter must not be null"))); + expectedResp.setStatus(Status.InvalidInput("principalName parameter must not be null", + new SentryInvalidInputException("principalName parameter must not be null"))); Assert.assertEquals(expectedResp.getStatus().getValue(), returnedResp.getStatus().getValue()); // Prepare privileges for user1 @@ -308,7 +308,7 @@ public class TestSentryPolicyStoreProcessor { user1Privileges = Sets.newHashSet( newSentryPrivilege("database", "db1", "t1", "*")); - Mockito.when(sentryStore.getTSentryPrivileges(SentryEntityType.USER,Sets.newHashSet("user1"), authorizable)).thenReturn(user1Privileges); + Mockito.when(sentryStore.getTSentryPrivileges(SentryPrincipalType.USER,Sets.newHashSet("user1"), authorizable)).thenReturn(user1Privileges); returnedResp = policyStoreProcessor.list_sentry_privileges_by_user(newPrivilegesRequest("user1", "user1", authorizable)); Assert.assertEquals(1, returnedResp.getPrivileges().size()); @@ -317,10 +317,10 @@ public class TestSentryPolicyStoreProcessor { returnedResp.getPrivileges().contains(newSentryPrivilege("database", "db1", "t1", "*"))); } - private TListSentryPrivilegesRequest newPrivilegesRequest(String requestorUser, String entityName, TSentryAuthorizable authorizable) { + private TListSentryPrivilegesRequest newPrivilegesRequest(String requestorUser, String principalName, TSentryAuthorizable authorizable) { TListSentryPrivilegesRequest request = new TListSentryPrivilegesRequest(); request.setRequestorUserName(requestorUser); - request.setEntityName(entityName); + request.setPrincipalName(principalName); request.setAuthorizableHierarchy(authorizable); return request; } @@ -345,7 +345,7 @@ public class TestSentryPolicyStoreProcessor { TSentryHmsEventNotification notification = new TSentryHmsEventNotification(); notification.setId(1L); - notification.setOwnerType(TSentryObjectOwnerType.ROLE); + notification.setOwnerType(TSentryPrincipalType.ROLE); notification.setOwnerName(OWNER); notification.setAuthorizable(authorizable); notification.setEventType(EventMessage.EventType.CREATE_TABLE.toString()); @@ -355,23 +355,23 @@ public class TestSentryPolicyStoreProcessor { TSentryPrivilege ownerPrivilege = sentryServiceHandler.constructOwnerPrivilege(authorizable); Mockito.verify( sentryStore, Mockito.times(1) - ).alterSentryGrantOwnerPrivilege(OWNER, SentryEntityType.ROLE, ownerPrivilege, null); + ).alterSentryGrantOwnerPrivilege(OWNER, SentryPrincipalType.ROLE, ownerPrivilege, null); - notification.setOwnerType(TSentryObjectOwnerType.USER); + notification.setOwnerType(TSentryPrincipalType.USER); sentryServiceHandler.sentry_notify_hms_event(notification); //Verify Sentry Store is invoked to grant privilege. Mockito.verify( sentryStore, Mockito.times(1) - ).alterSentryGrantOwnerPrivilege(OWNER, SentryEntityType.USER, ownerPrivilege, null); + ).alterSentryGrantOwnerPrivilege(OWNER, SentryPrincipalType.USER, ownerPrivilege, null); Mockito.reset(sentryStore); // Verify that owner privilege is not granted when owner belongs to sentry admin group. - notification.setOwnerType(TSentryObjectOwnerType.USER); + notification.setOwnerType(TSentryPrincipalType.USER); notification.setOwnerName(ADMIN_USER); sentryServiceHandler.sentry_notify_hms_event(notification); Mockito.verify( - sentryStore, Mockito.times(0)).alterSentryGrantOwnerPrivilege(OWNER, SentryEntityType.USER, + sentryStore, Mockito.times(0)).alterSentryGrantOwnerPrivilege(OWNER, SentryPrincipalType.USER, ownerPrivilege, null); } @@ -387,7 +387,7 @@ public class TestSentryPolicyStoreProcessor { TSentryHmsEventNotification notification = new TSentryHmsEventNotification(); notification.setId(1L); - notification.setOwnerType(TSentryObjectOwnerType.ROLE); + notification.setOwnerType(TSentryPrincipalType.ROLE); notification.setOwnerName(OWNER); notification.setAuthorizable(authorizable); notification.setEventType(EventType.CREATE_DATABASE.toString()); @@ -398,23 +398,23 @@ public class TestSentryPolicyStoreProcessor { TSentryPrivilege ownerPrivilege = sentryServiceHandler.constructOwnerPrivilege(authorizable); Mockito.verify( sentryStore, Mockito.times(1) - ).alterSentryGrantOwnerPrivilege(OWNER, SentryEntityType.ROLE, ownerPrivilege, null); + ).alterSentryGrantOwnerPrivilege(OWNER, SentryPrincipalType.ROLE, ownerPrivilege, null); - notification.setOwnerType(TSentryObjectOwnerType.USER); + notification.setOwnerType(TSentryPrincipalType.USER); sentryServiceHandler.sentry_notify_hms_event(notification); //Verify Sentry Store is invoked to grant privilege. Mockito.verify( sentryStore, Mockito.times(1) - ).alterSentryGrantOwnerPrivilege(OWNER, SentryEntityType.USER, ownerPrivilege, null); + ).alterSentryGrantOwnerPrivilege(OWNER, SentryPrincipalType.USER, ownerPrivilege, null); Mockito.reset(sentryStore); // Verify that owner privilege is not granted when owner belongs to sentry admin group. - notification.setOwnerType(TSentryObjectOwnerType.USER); + notification.setOwnerType(TSentryPrincipalType.USER); notification.setOwnerName(ADMIN_USER); sentryServiceHandler.sentry_notify_hms_event(notification); Mockito.verify( - sentryStore, Mockito.times(0)).alterSentryGrantOwnerPrivilege(OWNER, SentryEntityType.USER, + sentryStore, Mockito.times(0)).alterSentryGrantOwnerPrivilege(OWNER, SentryPrincipalType.USER, ownerPrivilege, null); } @@ -437,38 +437,38 @@ public class TestSentryPolicyStoreProcessor { // Verify that owner privilege is not granted when owner belongs to sentry admin group. - notification.setOwnerType(TSentryObjectOwnerType.USER); + notification.setOwnerType(TSentryPrincipalType.USER); notification.setOwnerName(ADMIN_USER); sentryServiceHandler.sentry_notify_hms_event(notification); // Verify Sentry Store API to update the privilege is not invoked when ownership is transferred to // user belonging to admin group Mockito.verify( sentryStore, Mockito.times(0) - ).updateOwnerPrivilege(Mockito.eq(authorizable), Mockito.eq(OWNER), Mockito.eq(SentryEntityType.ROLE), + ).updateOwnerPrivilege(Mockito.eq(authorizable), Mockito.eq(OWNER), Mockito.eq(SentryPrincipalType.ROLE), Mockito.anyList()); Mockito.verify( sentryStore, Mockito.times(1) ).revokeOwnerPrivileges(Mockito.eq(authorizable), Mockito.anyList()); - notification.setOwnerType(TSentryObjectOwnerType.ROLE); + notification.setOwnerType(TSentryPrincipalType.ROLE); notification.setOwnerName(OWNER); sentryServiceHandler.sentry_notify_hms_event(notification); //Verify Sentry Store is invoked to grant privilege. Mockito.verify( sentryStore, Mockito.times(1) - ).updateOwnerPrivilege(Mockito.eq(authorizable), Mockito.eq(OWNER), Mockito.eq(SentryEntityType.ROLE), + ).updateOwnerPrivilege(Mockito.eq(authorizable), Mockito.eq(OWNER), Mockito.eq(SentryPrincipalType.ROLE), Mockito.anyList()); - notification.setOwnerType(TSentryObjectOwnerType.USER); + notification.setOwnerType(TSentryPrincipalType.USER); sentryServiceHandler.sentry_notify_hms_event(notification); //Verify Sentry Store is invoked to grant privilege. Mockito.verify( sentryStore, Mockito.times(1) - ).updateOwnerPrivilege(Mockito.eq(authorizable), Mockito.eq(OWNER), Mockito.eq(SentryEntityType.ROLE), + ).updateOwnerPrivilege(Mockito.eq(authorizable), Mockito.eq(OWNER), Mockito.eq(SentryPrincipalType.ROLE), Mockito.anyList()); } http://git-wip-us.apache.org/repos/asf/sentry/blob/fb7bb7bc/sentry-service/sentry-service-server/src/test/java/org/apache/sentry/provider/db/generic/service/persistent/TestSentryRole.java ---------------------------------------------------------------------- diff --git a/sentry-service/sentry-service-server/src/test/java/org/apache/sentry/provider/db/generic/service/persistent/TestSentryRole.java b/sentry-service/sentry-service-server/src/test/java/org/apache/sentry/provider/db/generic/service/persistent/TestSentryRole.java index 3b58de3..b2b04f3 100644 --- a/sentry-service/sentry-service-server/src/test/java/org/apache/sentry/provider/db/generic/service/persistent/TestSentryRole.java +++ b/sentry-service/sentry-service-server/src/test/java/org/apache/sentry/provider/db/generic/service/persistent/TestSentryRole.java @@ -102,7 +102,7 @@ public class TestSentryRole { //add hivePrivilege to role pm = openTransaction(); MSentryRole role = getMSentryRole(pm, roleName); - hivePrivilege.appendEntity(role); + hivePrivilege.appendPrincipal(role); pm.makePersistent(hivePrivilege); commitTransaction(pm); //check hivePrivlege and solrPrivilege @@ -163,7 +163,7 @@ public class TestSentryRole { pm = openTransaction(); MSentryRole role = getMSentryRole(pm, roleName); solrPrivilege.appendRole(role); - hivePrivilege.appendEntity(role); + hivePrivilege.appendPrincipal(role); pm.makePersistent(solrPrivilege); pm.makePersistent(hivePrivilege); commitTransaction(pm); @@ -221,7 +221,7 @@ public class TestSentryRole { //grant hivePrivilege and solrPrivilege to role pm = openTransaction(); MSentryRole role = getMSentryRole(pm, roleName); - hivePrivilege.appendEntity(role); + hivePrivilege.appendPrincipal(role); solrPrivilege.appendRole(role); pm.makePersistent(hivePrivilege); pm.makePersistent(solrPrivilege); @@ -256,7 +256,7 @@ public class TestSentryRole { role = getMSentryRole(pm, roleName); pm.retrieve(role); hivePrivilege = (MSentryPrivilege)role.getPrivileges().toArray()[0]; - hivePrivilege.removeEntity(role); + hivePrivilege.removePrincipal(role); pm.makePersistent(hivePrivilege); commitTransaction(pm); @@ -300,7 +300,7 @@ public class TestSentryRole { //grant hivePrivilege and solrPrivilege to role pm = openTransaction(); MSentryRole role = getMSentryRole(pm, roleName); - hivePrivilege.appendEntity(role); + hivePrivilege.appendPrincipal(role); solrPrivilege.appendRole(role); pm.makePersistent(hivePrivilege); pm.makePersistent(solrPrivilege); @@ -379,7 +379,7 @@ public class TestSentryRole { //grant hivePrivilege and solrPrivilege to role pm = openTransaction(); MSentryRole role = getMSentryRole(pm, roleName); - hivePrivilege.appendEntity(role); + hivePrivilege.appendPrincipal(role); solrPrivilege.appendRole(role); pm.makePersistent(hivePrivilege); pm.makePersistent(solrPrivilege); @@ -465,9 +465,9 @@ public class TestSentryRole { pm = openTransaction(); MSentryRole role1 = getMSentryRole(pm, roleName1); MSentryRole role2 = getMSentryRole(pm, roleName2); - hivePrivilege.appendEntity(role1); + hivePrivilege.appendPrincipal(role1); solrPrivilege.appendRole(role1); - hivePrivilege.appendEntity(role2); + hivePrivilege.appendPrincipal(role2); solrPrivilege.appendRole(role2); pm.makePersistent(hivePrivilege); pm.makePersistent(solrPrivilege); http://git-wip-us.apache.org/repos/asf/sentry/blob/fb7bb7bc/sentry-service/sentry-service-server/src/test/java/org/apache/sentry/provider/db/service/persistent/TestHMSFollowerSentryStoreIntegration.java ---------------------------------------------------------------------- diff --git a/sentry-service/sentry-service-server/src/test/java/org/apache/sentry/provider/db/service/persistent/TestHMSFollowerSentryStoreIntegration.java b/sentry-service/sentry-service-server/src/test/java/org/apache/sentry/provider/db/service/persistent/TestHMSFollowerSentryStoreIntegration.java index 12efb2d..a886836 100644 --- a/sentry-service/sentry-service-server/src/test/java/org/apache/sentry/provider/db/service/persistent/TestHMSFollowerSentryStoreIntegration.java +++ b/sentry-service/sentry-service-server/src/test/java/org/apache/sentry/provider/db/service/persistent/TestHMSFollowerSentryStoreIntegration.java @@ -177,11 +177,11 @@ public class TestHMSFollowerSentryStoreIntegration { privilege_server.setServerName(serverName1); privilege_server.setCreateTime(System.currentTimeMillis()); - sentryStore.alterSentryGrantPrivilege(grantor, ServiceConstants.SentryEntityType.ROLE, roleName1, privilege1, null); + sentryStore.alterSentryGrantPrivilege(grantor, ServiceConstants.SentryPrincipalType.ROLE, roleName1, privilege1, null); - sentryStore.alterSentryGrantPrivilege(grantor, ServiceConstants.SentryEntityType.ROLE, roleName1, privilege1_2, null); - sentryStore.alterSentryGrantPrivilege(grantor, ServiceConstants.SentryEntityType.ROLE, roleName1, privilege_server, null); - sentryStore.alterSentryGrantPrivilege(grantor, ServiceConstants.SentryEntityType.ROLE, roleName1, privilege1_3, null); + sentryStore.alterSentryGrantPrivilege(grantor, ServiceConstants.SentryPrincipalType.ROLE, roleName1, privilege1_2, null); + sentryStore.alterSentryGrantPrivilege(grantor, ServiceConstants.SentryPrincipalType.ROLE, roleName1, privilege_server, null); + sentryStore.alterSentryGrantPrivilege(grantor, ServiceConstants.SentryPrincipalType.ROLE, roleName1, privilege1_3, null); // Create notification events to drop the table StorageDescriptor sd = new StorageDescriptor(); @@ -237,11 +237,11 @@ public class TestHMSFollowerSentryStoreIntegration { privilege_server.setServerName(serverName1); privilege_server.setCreateTime(System.currentTimeMillis()); - sentryStore.alterSentryGrantPrivilege(grantor, ServiceConstants.SentryEntityType.ROLE, roleName1, privilege1, null); + sentryStore.alterSentryGrantPrivilege(grantor, ServiceConstants.SentryPrincipalType.ROLE, roleName1, privilege1, null); - sentryStore.alterSentryGrantPrivilege(grantor, ServiceConstants.SentryEntityType.ROLE, roleName1, privilege1_2, null); - sentryStore.alterSentryGrantPrivilege(grantor, ServiceConstants.SentryEntityType.ROLE, roleName1, privilege_server, null); - sentryStore.alterSentryGrantPrivilege(grantor, ServiceConstants.SentryEntityType.ROLE, roleName1, privilege1_3, null); + sentryStore.alterSentryGrantPrivilege(grantor, ServiceConstants.SentryPrincipalType.ROLE, roleName1, privilege1_2, null); + sentryStore.alterSentryGrantPrivilege(grantor, ServiceConstants.SentryPrincipalType.ROLE, roleName1, privilege_server, null); + sentryStore.alterSentryGrantPrivilege(grantor, ServiceConstants.SentryPrincipalType.ROLE, roleName1, privilege1_3, null); // Create notification events to drop the database NotificationEvent notificationEvent = new NotificationEvent(1, 0, EventType.DROP_DATABASE.toString(),
