http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/4b33ad92/sentry-hdfs/sentry-hdfs-common/src/gen/thrift/gen-javabean/org/apache/sentry/hdfs/service/thrift/TPermissionsUpdate.java ---------------------------------------------------------------------- diff --git a/sentry-hdfs/sentry-hdfs-common/src/gen/thrift/gen-javabean/org/apache/sentry/hdfs/service/thrift/TPermissionsUpdate.java b/sentry-hdfs/sentry-hdfs-common/src/gen/thrift/gen-javabean/org/apache/sentry/hdfs/service/thrift/TPermissionsUpdate.java index 850404b..f2fefda 100644 --- a/sentry-hdfs/sentry-hdfs-common/src/gen/thrift/gen-javabean/org/apache/sentry/hdfs/service/thrift/TPermissionsUpdate.java +++ b/sentry-hdfs/sentry-hdfs-common/src/gen/thrift/gen-javabean/org/apache/sentry/hdfs/service/thrift/TPermissionsUpdate.java @@ -6,7 +6,6 @@ */ package org.apache.sentry.hdfs.service.thrift; -import org.apache.commons.lang.builder.HashCodeBuilder; import org.apache.thrift.scheme.IScheme; import org.apache.thrift.scheme.SchemeFactory; import org.apache.thrift.scheme.StandardScheme; @@ -45,10 +44,10 @@ public class TPermissionsUpdate implements org.apache.thrift.TBase<TPermissionsU schemes.put(TupleScheme.class, new TPermissionsUpdateTupleSchemeFactory()); } - private boolean hasfullImage; // required - private long seqNum; // required - private Map<String,TPrivilegeChanges> privilegeChanges; // required - private Map<String,TRoleChanges> roleChanges; // required + public boolean hasfullImage; // required + public long seqNum; // required + public Map<String,TPrivilegeChanges> privilegeChanges; // required + public Map<String,TRoleChanges> roleChanges; // required /** The set of fields this struct contains, along with convenience methods for finding and manipulating them. */ public enum _Fields implements org.apache.thrift.TFieldIdEnum { @@ -215,9 +214,10 @@ public class TPermissionsUpdate implements org.apache.thrift.TBase<TPermissionsU return this.hasfullImage; } - public void setHasfullImage(boolean hasfullImage) { + public TPermissionsUpdate setHasfullImage(boolean hasfullImage) { this.hasfullImage = hasfullImage; setHasfullImageIsSet(true); + return this; } public void unsetHasfullImage() { @@ -237,9 +237,10 @@ public class TPermissionsUpdate implements org.apache.thrift.TBase<TPermissionsU return this.seqNum; } - public void setSeqNum(long seqNum) { + public TPermissionsUpdate setSeqNum(long seqNum) { this.seqNum = seqNum; setSeqNumIsSet(true); + return this; } public void unsetSeqNum() { @@ -270,8 +271,9 @@ public class TPermissionsUpdate implements org.apache.thrift.TBase<TPermissionsU return this.privilegeChanges; } - public void setPrivilegeChanges(Map<String,TPrivilegeChanges> privilegeChanges) { + public TPermissionsUpdate setPrivilegeChanges(Map<String,TPrivilegeChanges> privilegeChanges) { this.privilegeChanges = privilegeChanges; + return this; } public void unsetPrivilegeChanges() { @@ -304,8 +306,9 @@ public class TPermissionsUpdate implements org.apache.thrift.TBase<TPermissionsU return this.roleChanges; } - public void setRoleChanges(Map<String,TRoleChanges> roleChanges) { + public TPermissionsUpdate setRoleChanges(Map<String,TRoleChanges> roleChanges) { this.roleChanges = roleChanges; + return this; } public void unsetRoleChanges() { @@ -451,29 +454,7 @@ public class TPermissionsUpdate implements org.apache.thrift.TBase<TPermissionsU @Override public int hashCode() { - HashCodeBuilder builder = new HashCodeBuilder(); - - boolean present_hasfullImage = true; - builder.append(present_hasfullImage); - if (present_hasfullImage) - builder.append(hasfullImage); - - boolean present_seqNum = true; - builder.append(present_seqNum); - if (present_seqNum) - builder.append(seqNum); - - boolean present_privilegeChanges = true && (isSetPrivilegeChanges()); - builder.append(present_privilegeChanges); - if (present_privilegeChanges) - builder.append(privilegeChanges); - - boolean present_roleChanges = true && (isSetRoleChanges()); - builder.append(present_roleChanges); - if (present_roleChanges) - builder.append(roleChanges); - - return builder.toHashCode(); + return 0; } public int compareTo(TPermissionsUpdate other) { @@ -573,22 +554,14 @@ public class TPermissionsUpdate implements org.apache.thrift.TBase<TPermissionsU public void validate() throws org.apache.thrift.TException { // check for required fields - if (!isSetHasfullImage()) { - throw new org.apache.thrift.protocol.TProtocolException("Required field 'hasfullImage' is unset! Struct:" + toString()); + // alas, we cannot check 'hasfullImage' because it's a primitive and you chose the non-beans generator. + // alas, we cannot check 'seqNum' because it's a primitive and you chose the non-beans generator. + if (privilegeChanges == null) { + throw new org.apache.thrift.protocol.TProtocolException("Required field 'privilegeChanges' was not present! Struct: " + toString()); } - - if (!isSetSeqNum()) { - throw new org.apache.thrift.protocol.TProtocolException("Required field 'seqNum' is unset! Struct:" + toString()); + if (roleChanges == null) { + throw new org.apache.thrift.protocol.TProtocolException("Required field 'roleChanges' was not present! Struct: " + toString()); } - - if (!isSetPrivilegeChanges()) { - throw new org.apache.thrift.protocol.TProtocolException("Required field 'privilegeChanges' is unset! Struct:" + toString()); - } - - if (!isSetRoleChanges()) { - throw new org.apache.thrift.protocol.TProtocolException("Required field 'roleChanges' is unset! Struct:" + toString()); - } - // check for sub-struct validity } @@ -647,16 +620,16 @@ public class TPermissionsUpdate implements org.apache.thrift.TBase<TPermissionsU case 3: // PRIVILEGE_CHANGES if (schemeField.type == org.apache.thrift.protocol.TType.MAP) { { - org.apache.thrift.protocol.TMap _map94 = iprot.readMapBegin(); - struct.privilegeChanges = new HashMap<String,TPrivilegeChanges>(2*_map94.size); - for (int _i95 = 0; _i95 < _map94.size; ++_i95) + org.apache.thrift.protocol.TMap _map102 = iprot.readMapBegin(); + struct.privilegeChanges = new HashMap<String,TPrivilegeChanges>(2*_map102.size); + for (int _i103 = 0; _i103 < _map102.size; ++_i103) { - String _key96; // required - TPrivilegeChanges _val97; // required - _key96 = iprot.readString(); - _val97 = new TPrivilegeChanges(); - _val97.read(iprot); - struct.privilegeChanges.put(_key96, _val97); + String _key104; // required + TPrivilegeChanges _val105; // required + _key104 = iprot.readString(); + _val105 = new TPrivilegeChanges(); + _val105.read(iprot); + struct.privilegeChanges.put(_key104, _val105); } iprot.readMapEnd(); } @@ -668,16 +641,16 @@ public class TPermissionsUpdate implements org.apache.thrift.TBase<TPermissionsU case 4: // ROLE_CHANGES if (schemeField.type == org.apache.thrift.protocol.TType.MAP) { { - org.apache.thrift.protocol.TMap _map98 = iprot.readMapBegin(); - struct.roleChanges = new HashMap<String,TRoleChanges>(2*_map98.size); - for (int _i99 = 0; _i99 < _map98.size; ++_i99) + org.apache.thrift.protocol.TMap _map106 = iprot.readMapBegin(); + struct.roleChanges = new HashMap<String,TRoleChanges>(2*_map106.size); + for (int _i107 = 0; _i107 < _map106.size; ++_i107) { - String _key100; // required - TRoleChanges _val101; // required - _key100 = iprot.readString(); - _val101 = new TRoleChanges(); - _val101.read(iprot); - struct.roleChanges.put(_key100, _val101); + String _key108; // required + TRoleChanges _val109; // required + _key108 = iprot.readString(); + _val109 = new TRoleChanges(); + _val109.read(iprot); + struct.roleChanges.put(_key108, _val109); } iprot.readMapEnd(); } @@ -692,6 +665,14 @@ public class TPermissionsUpdate implements org.apache.thrift.TBase<TPermissionsU iprot.readFieldEnd(); } iprot.readStructEnd(); + + // check for required fields of primitive type, which can't be checked in the validate method + if (!struct.isSetHasfullImage()) { + throw new org.apache.thrift.protocol.TProtocolException("Required field 'hasfullImage' was not found in serialized data! Struct: " + toString()); + } + if (!struct.isSetSeqNum()) { + throw new org.apache.thrift.protocol.TProtocolException("Required field 'seqNum' was not found in serialized data! Struct: " + toString()); + } struct.validate(); } @@ -709,10 +690,10 @@ public class TPermissionsUpdate implements org.apache.thrift.TBase<TPermissionsU oprot.writeFieldBegin(PRIVILEGE_CHANGES_FIELD_DESC); { oprot.writeMapBegin(new org.apache.thrift.protocol.TMap(org.apache.thrift.protocol.TType.STRING, org.apache.thrift.protocol.TType.STRUCT, struct.privilegeChanges.size())); - for (Map.Entry<String, TPrivilegeChanges> _iter102 : struct.privilegeChanges.entrySet()) + for (Map.Entry<String, TPrivilegeChanges> _iter110 : struct.privilegeChanges.entrySet()) { - oprot.writeString(_iter102.getKey()); - _iter102.getValue().write(oprot); + oprot.writeString(_iter110.getKey()); + _iter110.getValue().write(oprot); } oprot.writeMapEnd(); } @@ -722,10 +703,10 @@ public class TPermissionsUpdate implements org.apache.thrift.TBase<TPermissionsU oprot.writeFieldBegin(ROLE_CHANGES_FIELD_DESC); { oprot.writeMapBegin(new org.apache.thrift.protocol.TMap(org.apache.thrift.protocol.TType.STRING, org.apache.thrift.protocol.TType.STRUCT, struct.roleChanges.size())); - for (Map.Entry<String, TRoleChanges> _iter103 : struct.roleChanges.entrySet()) + for (Map.Entry<String, TRoleChanges> _iter111 : struct.roleChanges.entrySet()) { - oprot.writeString(_iter103.getKey()); - _iter103.getValue().write(oprot); + oprot.writeString(_iter111.getKey()); + _iter111.getValue().write(oprot); } oprot.writeMapEnd(); } @@ -752,18 +733,18 @@ public class TPermissionsUpdate implements org.apache.thrift.TBase<TPermissionsU oprot.writeI64(struct.seqNum); { oprot.writeI32(struct.privilegeChanges.size()); - for (Map.Entry<String, TPrivilegeChanges> _iter104 : struct.privilegeChanges.entrySet()) + for (Map.Entry<String, TPrivilegeChanges> _iter112 : struct.privilegeChanges.entrySet()) { - oprot.writeString(_iter104.getKey()); - _iter104.getValue().write(oprot); + oprot.writeString(_iter112.getKey()); + _iter112.getValue().write(oprot); } } { oprot.writeI32(struct.roleChanges.size()); - for (Map.Entry<String, TRoleChanges> _iter105 : struct.roleChanges.entrySet()) + for (Map.Entry<String, TRoleChanges> _iter113 : struct.roleChanges.entrySet()) { - oprot.writeString(_iter105.getKey()); - _iter105.getValue().write(oprot); + oprot.writeString(_iter113.getKey()); + _iter113.getValue().write(oprot); } } } @@ -776,30 +757,30 @@ public class TPermissionsUpdate implements org.apache.thrift.TBase<TPermissionsU struct.seqNum = iprot.readI64(); struct.setSeqNumIsSet(true); { - org.apache.thrift.protocol.TMap _map106 = new org.apache.thrift.protocol.TMap(org.apache.thrift.protocol.TType.STRING, org.apache.thrift.protocol.TType.STRUCT, iprot.readI32()); - struct.privilegeChanges = new HashMap<String,TPrivilegeChanges>(2*_map106.size); - for (int _i107 = 0; _i107 < _map106.size; ++_i107) + org.apache.thrift.protocol.TMap _map114 = new org.apache.thrift.protocol.TMap(org.apache.thrift.protocol.TType.STRING, org.apache.thrift.protocol.TType.STRUCT, iprot.readI32()); + struct.privilegeChanges = new HashMap<String,TPrivilegeChanges>(2*_map114.size); + for (int _i115 = 0; _i115 < _map114.size; ++_i115) { - String _key108; // required - TPrivilegeChanges _val109; // required - _key108 = iprot.readString(); - _val109 = new TPrivilegeChanges(); - _val109.read(iprot); - struct.privilegeChanges.put(_key108, _val109); + String _key116; // required + TPrivilegeChanges _val117; // required + _key116 = iprot.readString(); + _val117 = new TPrivilegeChanges(); + _val117.read(iprot); + struct.privilegeChanges.put(_key116, _val117); } } struct.setPrivilegeChangesIsSet(true); { - org.apache.thrift.protocol.TMap _map110 = new org.apache.thrift.protocol.TMap(org.apache.thrift.protocol.TType.STRING, org.apache.thrift.protocol.TType.STRUCT, iprot.readI32()); - struct.roleChanges = new HashMap<String,TRoleChanges>(2*_map110.size); - for (int _i111 = 0; _i111 < _map110.size; ++_i111) + org.apache.thrift.protocol.TMap _map118 = new org.apache.thrift.protocol.TMap(org.apache.thrift.protocol.TType.STRING, org.apache.thrift.protocol.TType.STRUCT, iprot.readI32()); + struct.roleChanges = new HashMap<String,TRoleChanges>(2*_map118.size); + for (int _i119 = 0; _i119 < _map118.size; ++_i119) { - String _key112; // required - TRoleChanges _val113; // required - _key112 = iprot.readString(); - _val113 = new TRoleChanges(); - _val113.read(iprot); - struct.roleChanges.put(_key112, _val113); + String _key120; // required + TRoleChanges _val121; // required + _key120 = iprot.readString(); + _val121 = new TRoleChanges(); + _val121.read(iprot); + struct.roleChanges.put(_key120, _val121); } } struct.setRoleChangesIsSet(true);
http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/4b33ad92/sentry-hdfs/sentry-hdfs-common/src/gen/thrift/gen-javabean/org/apache/sentry/hdfs/service/thrift/TPrivilegeChanges.java ---------------------------------------------------------------------- diff --git a/sentry-hdfs/sentry-hdfs-common/src/gen/thrift/gen-javabean/org/apache/sentry/hdfs/service/thrift/TPrivilegeChanges.java b/sentry-hdfs/sentry-hdfs-common/src/gen/thrift/gen-javabean/org/apache/sentry/hdfs/service/thrift/TPrivilegeChanges.java index 76720b9..8aab38c 100644 --- a/sentry-hdfs/sentry-hdfs-common/src/gen/thrift/gen-javabean/org/apache/sentry/hdfs/service/thrift/TPrivilegeChanges.java +++ b/sentry-hdfs/sentry-hdfs-common/src/gen/thrift/gen-javabean/org/apache/sentry/hdfs/service/thrift/TPrivilegeChanges.java @@ -6,7 +6,6 @@ */ package org.apache.sentry.hdfs.service.thrift; -import org.apache.commons.lang.builder.HashCodeBuilder; import org.apache.thrift.scheme.IScheme; import org.apache.thrift.scheme.SchemeFactory; import org.apache.thrift.scheme.StandardScheme; @@ -44,9 +43,9 @@ public class TPrivilegeChanges implements org.apache.thrift.TBase<TPrivilegeChan schemes.put(TupleScheme.class, new TPrivilegeChangesTupleSchemeFactory()); } - private String authzObj; // required - private Map<String,String> addPrivileges; // required - private Map<String,String> delPrivileges; // required + public String authzObj; // required + public Map<String,String> addPrivileges; // required + public Map<String,String> delPrivileges; // required /** The set of fields this struct contains, along with convenience methods for finding and manipulating them. */ public enum _Fields implements org.apache.thrift.TFieldIdEnum { @@ -198,8 +197,9 @@ public class TPrivilegeChanges implements org.apache.thrift.TBase<TPrivilegeChan return this.authzObj; } - public void setAuthzObj(String authzObj) { + public TPrivilegeChanges setAuthzObj(String authzObj) { this.authzObj = authzObj; + return this; } public void unsetAuthzObj() { @@ -232,8 +232,9 @@ public class TPrivilegeChanges implements org.apache.thrift.TBase<TPrivilegeChan return this.addPrivileges; } - public void setAddPrivileges(Map<String,String> addPrivileges) { + public TPrivilegeChanges setAddPrivileges(Map<String,String> addPrivileges) { this.addPrivileges = addPrivileges; + return this; } public void unsetAddPrivileges() { @@ -266,8 +267,9 @@ public class TPrivilegeChanges implements org.apache.thrift.TBase<TPrivilegeChan return this.delPrivileges; } - public void setDelPrivileges(Map<String,String> delPrivileges) { + public TPrivilegeChanges setDelPrivileges(Map<String,String> delPrivileges) { this.delPrivileges = delPrivileges; + return this; } public void unsetDelPrivileges() { @@ -391,24 +393,7 @@ public class TPrivilegeChanges implements org.apache.thrift.TBase<TPrivilegeChan @Override public int hashCode() { - HashCodeBuilder builder = new HashCodeBuilder(); - - boolean present_authzObj = true && (isSetAuthzObj()); - builder.append(present_authzObj); - if (present_authzObj) - builder.append(authzObj); - - boolean present_addPrivileges = true && (isSetAddPrivileges()); - builder.append(present_addPrivileges); - if (present_addPrivileges) - builder.append(addPrivileges); - - boolean present_delPrivileges = true && (isSetDelPrivileges()); - builder.append(present_delPrivileges); - if (present_delPrivileges) - builder.append(delPrivileges); - - return builder.toHashCode(); + return 0; } public int compareTo(TPrivilegeChanges other) { @@ -498,18 +483,15 @@ public class TPrivilegeChanges implements org.apache.thrift.TBase<TPrivilegeChan public void validate() throws org.apache.thrift.TException { // check for required fields - if (!isSetAuthzObj()) { - throw new org.apache.thrift.protocol.TProtocolException("Required field 'authzObj' is unset! Struct:" + toString()); + if (authzObj == null) { + throw new org.apache.thrift.protocol.TProtocolException("Required field 'authzObj' was not present! Struct: " + toString()); } - - if (!isSetAddPrivileges()) { - throw new org.apache.thrift.protocol.TProtocolException("Required field 'addPrivileges' is unset! Struct:" + toString()); + if (addPrivileges == null) { + throw new org.apache.thrift.protocol.TProtocolException("Required field 'addPrivileges' was not present! Struct: " + toString()); } - - if (!isSetDelPrivileges()) { - throw new org.apache.thrift.protocol.TProtocolException("Required field 'delPrivileges' is unset! Struct:" + toString()); + if (delPrivileges == null) { + throw new org.apache.thrift.protocol.TProtocolException("Required field 'delPrivileges' was not present! Struct: " + toString()); } - // check for sub-struct validity } @@ -558,15 +540,15 @@ public class TPrivilegeChanges implements org.apache.thrift.TBase<TPrivilegeChan case 2: // ADD_PRIVILEGES if (schemeField.type == org.apache.thrift.protocol.TType.MAP) { { - org.apache.thrift.protocol.TMap _map58 = iprot.readMapBegin(); - struct.addPrivileges = new HashMap<String,String>(2*_map58.size); - for (int _i59 = 0; _i59 < _map58.size; ++_i59) + org.apache.thrift.protocol.TMap _map66 = iprot.readMapBegin(); + struct.addPrivileges = new HashMap<String,String>(2*_map66.size); + for (int _i67 = 0; _i67 < _map66.size; ++_i67) { - String _key60; // required - String _val61; // required - _key60 = iprot.readString(); - _val61 = iprot.readString(); - struct.addPrivileges.put(_key60, _val61); + String _key68; // required + String _val69; // required + _key68 = iprot.readString(); + _val69 = iprot.readString(); + struct.addPrivileges.put(_key68, _val69); } iprot.readMapEnd(); } @@ -578,15 +560,15 @@ public class TPrivilegeChanges implements org.apache.thrift.TBase<TPrivilegeChan case 3: // DEL_PRIVILEGES if (schemeField.type == org.apache.thrift.protocol.TType.MAP) { { - org.apache.thrift.protocol.TMap _map62 = iprot.readMapBegin(); - struct.delPrivileges = new HashMap<String,String>(2*_map62.size); - for (int _i63 = 0; _i63 < _map62.size; ++_i63) + org.apache.thrift.protocol.TMap _map70 = iprot.readMapBegin(); + struct.delPrivileges = new HashMap<String,String>(2*_map70.size); + for (int _i71 = 0; _i71 < _map70.size; ++_i71) { - String _key64; // required - String _val65; // required - _key64 = iprot.readString(); - _val65 = iprot.readString(); - struct.delPrivileges.put(_key64, _val65); + String _key72; // required + String _val73; // required + _key72 = iprot.readString(); + _val73 = iprot.readString(); + struct.delPrivileges.put(_key72, _val73); } iprot.readMapEnd(); } @@ -601,6 +583,8 @@ public class TPrivilegeChanges implements org.apache.thrift.TBase<TPrivilegeChan iprot.readFieldEnd(); } iprot.readStructEnd(); + + // check for required fields of primitive type, which can't be checked in the validate method struct.validate(); } @@ -617,10 +601,10 @@ public class TPrivilegeChanges implements org.apache.thrift.TBase<TPrivilegeChan oprot.writeFieldBegin(ADD_PRIVILEGES_FIELD_DESC); { oprot.writeMapBegin(new org.apache.thrift.protocol.TMap(org.apache.thrift.protocol.TType.STRING, org.apache.thrift.protocol.TType.STRING, struct.addPrivileges.size())); - for (Map.Entry<String, String> _iter66 : struct.addPrivileges.entrySet()) + for (Map.Entry<String, String> _iter74 : struct.addPrivileges.entrySet()) { - oprot.writeString(_iter66.getKey()); - oprot.writeString(_iter66.getValue()); + oprot.writeString(_iter74.getKey()); + oprot.writeString(_iter74.getValue()); } oprot.writeMapEnd(); } @@ -630,10 +614,10 @@ public class TPrivilegeChanges implements org.apache.thrift.TBase<TPrivilegeChan oprot.writeFieldBegin(DEL_PRIVILEGES_FIELD_DESC); { oprot.writeMapBegin(new org.apache.thrift.protocol.TMap(org.apache.thrift.protocol.TType.STRING, org.apache.thrift.protocol.TType.STRING, struct.delPrivileges.size())); - for (Map.Entry<String, String> _iter67 : struct.delPrivileges.entrySet()) + for (Map.Entry<String, String> _iter75 : struct.delPrivileges.entrySet()) { - oprot.writeString(_iter67.getKey()); - oprot.writeString(_iter67.getValue()); + oprot.writeString(_iter75.getKey()); + oprot.writeString(_iter75.getValue()); } oprot.writeMapEnd(); } @@ -659,18 +643,18 @@ public class TPrivilegeChanges implements org.apache.thrift.TBase<TPrivilegeChan oprot.writeString(struct.authzObj); { oprot.writeI32(struct.addPrivileges.size()); - for (Map.Entry<String, String> _iter68 : struct.addPrivileges.entrySet()) + for (Map.Entry<String, String> _iter76 : struct.addPrivileges.entrySet()) { - oprot.writeString(_iter68.getKey()); - oprot.writeString(_iter68.getValue()); + oprot.writeString(_iter76.getKey()); + oprot.writeString(_iter76.getValue()); } } { oprot.writeI32(struct.delPrivileges.size()); - for (Map.Entry<String, String> _iter69 : struct.delPrivileges.entrySet()) + for (Map.Entry<String, String> _iter77 : struct.delPrivileges.entrySet()) { - oprot.writeString(_iter69.getKey()); - oprot.writeString(_iter69.getValue()); + oprot.writeString(_iter77.getKey()); + oprot.writeString(_iter77.getValue()); } } } @@ -681,28 +665,28 @@ public class TPrivilegeChanges implements org.apache.thrift.TBase<TPrivilegeChan struct.authzObj = iprot.readString(); struct.setAuthzObjIsSet(true); { - org.apache.thrift.protocol.TMap _map70 = new org.apache.thrift.protocol.TMap(org.apache.thrift.protocol.TType.STRING, org.apache.thrift.protocol.TType.STRING, iprot.readI32()); - struct.addPrivileges = new HashMap<String,String>(2*_map70.size); - for (int _i71 = 0; _i71 < _map70.size; ++_i71) + org.apache.thrift.protocol.TMap _map78 = new org.apache.thrift.protocol.TMap(org.apache.thrift.protocol.TType.STRING, org.apache.thrift.protocol.TType.STRING, iprot.readI32()); + struct.addPrivileges = new HashMap<String,String>(2*_map78.size); + for (int _i79 = 0; _i79 < _map78.size; ++_i79) { - String _key72; // required - String _val73; // required - _key72 = iprot.readString(); - _val73 = iprot.readString(); - struct.addPrivileges.put(_key72, _val73); + String _key80; // required + String _val81; // required + _key80 = iprot.readString(); + _val81 = iprot.readString(); + struct.addPrivileges.put(_key80, _val81); } } struct.setAddPrivilegesIsSet(true); { - org.apache.thrift.protocol.TMap _map74 = new org.apache.thrift.protocol.TMap(org.apache.thrift.protocol.TType.STRING, org.apache.thrift.protocol.TType.STRING, iprot.readI32()); - struct.delPrivileges = new HashMap<String,String>(2*_map74.size); - for (int _i75 = 0; _i75 < _map74.size; ++_i75) + org.apache.thrift.protocol.TMap _map82 = new org.apache.thrift.protocol.TMap(org.apache.thrift.protocol.TType.STRING, org.apache.thrift.protocol.TType.STRING, iprot.readI32()); + struct.delPrivileges = new HashMap<String,String>(2*_map82.size); + for (int _i83 = 0; _i83 < _map82.size; ++_i83) { - String _key76; // required - String _val77; // required - _key76 = iprot.readString(); - _val77 = iprot.readString(); - struct.delPrivileges.put(_key76, _val77); + String _key84; // required + String _val85; // required + _key84 = iprot.readString(); + _val85 = iprot.readString(); + struct.delPrivileges.put(_key84, _val85); } } struct.setDelPrivilegesIsSet(true); http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/4b33ad92/sentry-hdfs/sentry-hdfs-common/src/gen/thrift/gen-javabean/org/apache/sentry/hdfs/service/thrift/TRoleChanges.java ---------------------------------------------------------------------- diff --git a/sentry-hdfs/sentry-hdfs-common/src/gen/thrift/gen-javabean/org/apache/sentry/hdfs/service/thrift/TRoleChanges.java b/sentry-hdfs/sentry-hdfs-common/src/gen/thrift/gen-javabean/org/apache/sentry/hdfs/service/thrift/TRoleChanges.java index 87ef02d..41ede03 100644 --- a/sentry-hdfs/sentry-hdfs-common/src/gen/thrift/gen-javabean/org/apache/sentry/hdfs/service/thrift/TRoleChanges.java +++ b/sentry-hdfs/sentry-hdfs-common/src/gen/thrift/gen-javabean/org/apache/sentry/hdfs/service/thrift/TRoleChanges.java @@ -6,7 +6,6 @@ */ package org.apache.sentry.hdfs.service.thrift; -import org.apache.commons.lang.builder.HashCodeBuilder; import org.apache.thrift.scheme.IScheme; import org.apache.thrift.scheme.SchemeFactory; import org.apache.thrift.scheme.StandardScheme; @@ -44,9 +43,9 @@ public class TRoleChanges implements org.apache.thrift.TBase<TRoleChanges, TRole schemes.put(TupleScheme.class, new TRoleChangesTupleSchemeFactory()); } - private String role; // required - private List<String> addGroups; // required - private List<String> delGroups; // required + public String role; // required + public List<String> addGroups; // required + public List<String> delGroups; // required /** The set of fields this struct contains, along with convenience methods for finding and manipulating them. */ public enum _Fields implements org.apache.thrift.TFieldIdEnum { @@ -180,8 +179,9 @@ public class TRoleChanges implements org.apache.thrift.TBase<TRoleChanges, TRole return this.role; } - public void setRole(String role) { + public TRoleChanges setRole(String role) { this.role = role; + return this; } public void unsetRole() { @@ -218,8 +218,9 @@ public class TRoleChanges implements org.apache.thrift.TBase<TRoleChanges, TRole return this.addGroups; } - public void setAddGroups(List<String> addGroups) { + public TRoleChanges setAddGroups(List<String> addGroups) { this.addGroups = addGroups; + return this; } public void unsetAddGroups() { @@ -256,8 +257,9 @@ public class TRoleChanges implements org.apache.thrift.TBase<TRoleChanges, TRole return this.delGroups; } - public void setDelGroups(List<String> delGroups) { + public TRoleChanges setDelGroups(List<String> delGroups) { this.delGroups = delGroups; + return this; } public void unsetDelGroups() { @@ -381,24 +383,7 @@ public class TRoleChanges implements org.apache.thrift.TBase<TRoleChanges, TRole @Override public int hashCode() { - HashCodeBuilder builder = new HashCodeBuilder(); - - boolean present_role = true && (isSetRole()); - builder.append(present_role); - if (present_role) - builder.append(role); - - boolean present_addGroups = true && (isSetAddGroups()); - builder.append(present_addGroups); - if (present_addGroups) - builder.append(addGroups); - - boolean present_delGroups = true && (isSetDelGroups()); - builder.append(present_delGroups); - if (present_delGroups) - builder.append(delGroups); - - return builder.toHashCode(); + return 0; } public int compareTo(TRoleChanges other) { @@ -488,18 +473,15 @@ public class TRoleChanges implements org.apache.thrift.TBase<TRoleChanges, TRole public void validate() throws org.apache.thrift.TException { // check for required fields - if (!isSetRole()) { - throw new org.apache.thrift.protocol.TProtocolException("Required field 'role' is unset! Struct:" + toString()); + if (role == null) { + throw new org.apache.thrift.protocol.TProtocolException("Required field 'role' was not present! Struct: " + toString()); } - - if (!isSetAddGroups()) { - throw new org.apache.thrift.protocol.TProtocolException("Required field 'addGroups' is unset! Struct:" + toString()); + if (addGroups == null) { + throw new org.apache.thrift.protocol.TProtocolException("Required field 'addGroups' was not present! Struct: " + toString()); } - - if (!isSetDelGroups()) { - throw new org.apache.thrift.protocol.TProtocolException("Required field 'delGroups' is unset! Struct:" + toString()); + if (delGroups == null) { + throw new org.apache.thrift.protocol.TProtocolException("Required field 'delGroups' was not present! Struct: " + toString()); } - // check for sub-struct validity } @@ -548,13 +530,13 @@ public class TRoleChanges implements org.apache.thrift.TBase<TRoleChanges, TRole case 2: // ADD_GROUPS if (schemeField.type == org.apache.thrift.protocol.TType.LIST) { { - org.apache.thrift.protocol.TList _list78 = iprot.readListBegin(); - struct.addGroups = new ArrayList<String>(_list78.size); - for (int _i79 = 0; _i79 < _list78.size; ++_i79) + org.apache.thrift.protocol.TList _list86 = iprot.readListBegin(); + struct.addGroups = new ArrayList<String>(_list86.size); + for (int _i87 = 0; _i87 < _list86.size; ++_i87) { - String _elem80; // required - _elem80 = iprot.readString(); - struct.addGroups.add(_elem80); + String _elem88; // required + _elem88 = iprot.readString(); + struct.addGroups.add(_elem88); } iprot.readListEnd(); } @@ -566,13 +548,13 @@ public class TRoleChanges implements org.apache.thrift.TBase<TRoleChanges, TRole case 3: // DEL_GROUPS if (schemeField.type == org.apache.thrift.protocol.TType.LIST) { { - org.apache.thrift.protocol.TList _list81 = iprot.readListBegin(); - struct.delGroups = new ArrayList<String>(_list81.size); - for (int _i82 = 0; _i82 < _list81.size; ++_i82) + org.apache.thrift.protocol.TList _list89 = iprot.readListBegin(); + struct.delGroups = new ArrayList<String>(_list89.size); + for (int _i90 = 0; _i90 < _list89.size; ++_i90) { - String _elem83; // required - _elem83 = iprot.readString(); - struct.delGroups.add(_elem83); + String _elem91; // required + _elem91 = iprot.readString(); + struct.delGroups.add(_elem91); } iprot.readListEnd(); } @@ -587,6 +569,8 @@ public class TRoleChanges implements org.apache.thrift.TBase<TRoleChanges, TRole iprot.readFieldEnd(); } iprot.readStructEnd(); + + // check for required fields of primitive type, which can't be checked in the validate method struct.validate(); } @@ -603,9 +587,9 @@ public class TRoleChanges implements org.apache.thrift.TBase<TRoleChanges, TRole oprot.writeFieldBegin(ADD_GROUPS_FIELD_DESC); { oprot.writeListBegin(new org.apache.thrift.protocol.TList(org.apache.thrift.protocol.TType.STRING, struct.addGroups.size())); - for (String _iter84 : struct.addGroups) + for (String _iter92 : struct.addGroups) { - oprot.writeString(_iter84); + oprot.writeString(_iter92); } oprot.writeListEnd(); } @@ -615,9 +599,9 @@ public class TRoleChanges implements org.apache.thrift.TBase<TRoleChanges, TRole oprot.writeFieldBegin(DEL_GROUPS_FIELD_DESC); { oprot.writeListBegin(new org.apache.thrift.protocol.TList(org.apache.thrift.protocol.TType.STRING, struct.delGroups.size())); - for (String _iter85 : struct.delGroups) + for (String _iter93 : struct.delGroups) { - oprot.writeString(_iter85); + oprot.writeString(_iter93); } oprot.writeListEnd(); } @@ -643,16 +627,16 @@ public class TRoleChanges implements org.apache.thrift.TBase<TRoleChanges, TRole oprot.writeString(struct.role); { oprot.writeI32(struct.addGroups.size()); - for (String _iter86 : struct.addGroups) + for (String _iter94 : struct.addGroups) { - oprot.writeString(_iter86); + oprot.writeString(_iter94); } } { oprot.writeI32(struct.delGroups.size()); - for (String _iter87 : struct.delGroups) + for (String _iter95 : struct.delGroups) { - oprot.writeString(_iter87); + oprot.writeString(_iter95); } } } @@ -663,24 +647,24 @@ public class TRoleChanges implements org.apache.thrift.TBase<TRoleChanges, TRole struct.role = iprot.readString(); struct.setRoleIsSet(true); { - org.apache.thrift.protocol.TList _list88 = new org.apache.thrift.protocol.TList(org.apache.thrift.protocol.TType.STRING, iprot.readI32()); - struct.addGroups = new ArrayList<String>(_list88.size); - for (int _i89 = 0; _i89 < _list88.size; ++_i89) + org.apache.thrift.protocol.TList _list96 = new org.apache.thrift.protocol.TList(org.apache.thrift.protocol.TType.STRING, iprot.readI32()); + struct.addGroups = new ArrayList<String>(_list96.size); + for (int _i97 = 0; _i97 < _list96.size; ++_i97) { - String _elem90; // required - _elem90 = iprot.readString(); - struct.addGroups.add(_elem90); + String _elem98; // required + _elem98 = iprot.readString(); + struct.addGroups.add(_elem98); } } struct.setAddGroupsIsSet(true); { - org.apache.thrift.protocol.TList _list91 = new org.apache.thrift.protocol.TList(org.apache.thrift.protocol.TType.STRING, iprot.readI32()); - struct.delGroups = new ArrayList<String>(_list91.size); - for (int _i92 = 0; _i92 < _list91.size; ++_i92) + org.apache.thrift.protocol.TList _list99 = new org.apache.thrift.protocol.TList(org.apache.thrift.protocol.TType.STRING, iprot.readI32()); + struct.delGroups = new ArrayList<String>(_list99.size); + for (int _i100 = 0; _i100 < _list99.size; ++_i100) { - String _elem93; // required - _elem93 = iprot.readString(); - struct.delGroups.add(_elem93); + String _elem101; // required + _elem101 = iprot.readString(); + struct.delGroups.add(_elem101); } } struct.setDelGroupsIsSet(true); http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/4b33ad92/sentry-hdfs/sentry-hdfs-common/src/main/java/org/apache/sentry/hdfs/AuthzPaths.java ---------------------------------------------------------------------- diff --git a/sentry-hdfs/sentry-hdfs-common/src/main/java/org/apache/sentry/hdfs/AuthzPaths.java b/sentry-hdfs/sentry-hdfs-common/src/main/java/org/apache/sentry/hdfs/AuthzPaths.java index ba16f4a..7dda9fb 100644 --- a/sentry-hdfs/sentry-hdfs-common/src/main/java/org/apache/sentry/hdfs/AuthzPaths.java +++ b/sentry-hdfs/sentry-hdfs-common/src/main/java/org/apache/sentry/hdfs/AuthzPaths.java @@ -17,6 +17,8 @@ */ package org.apache.sentry.hdfs; +import java.util.Set; + /** * A public interface of the fundamental APIs exposed by the implementing * data structure. The primary client of this interface is the Namenode @@ -25,34 +27,39 @@ package org.apache.sentry.hdfs; public interface AuthzPaths { /** - * Check if a Path belongs to the configured prefix set - * @param pathElements : A path split into segments - * @return Is Path under configured prefix + * Check if a Path belongs to the configured prefix set. + * + * @param pathElements A path split into segments + * @return Returns if Path under configured prefix or not. */ - public boolean isUnderPrefix(String[] pathElements); + boolean isUnderPrefix(String[] pathElements); /** - * Returns the authorizable Object (database/table) associated with this path. - * Unlike {@link #findAuthzObjectExactMatch(String[])}, if not match is - * found, it will return the first ancestor that has an associated - * authorizable object. - * @param pathElements : A path split into segments - * @return A authzObject associated with this path + * Returns all authorizable Objects (database/table/partition) associated + * with this path. Unlike {@link #findAuthzObjectExactMatches(String[])}, + * if not match is found, it will return the first ancestor that has the + * associated authorizable objects. + * + * @param pathElements A path split into segments + * @return Returns a set of authzObjects authzObject associated with this path */ - public String findAuthzObject(String[] pathElements); + Set<String> findAuthzObject(String[] pathElements); /** - * Returns the authorizable Object (database/table) associated with this path. - * @param pathElements : A path split into segments - * @return A authzObject associated with this path + * Returns all authorizable Objects (database/table/partition) associated + * with this path. + * + * @param pathElements A path split into segments + * @return Returns a set of authzObjects associated with this path */ - public String findAuthzObjectExactMatch(String[] pathElements); + Set<String> findAuthzObjectExactMatches(String[] pathElements); /** * Return a Dumper that may return a more optimized over the * wire representation of the internal data-structures. - * @return + * + * @return Returns the AuthzPathsDumper. */ - public AuthzPathsDumper<? extends AuthzPaths> getPathsDump(); + AuthzPathsDumper<? extends AuthzPaths> getPathsDump(); } http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/4b33ad92/sentry-hdfs/sentry-hdfs-common/src/main/java/org/apache/sentry/hdfs/HMSPaths.java ---------------------------------------------------------------------- diff --git a/sentry-hdfs/sentry-hdfs-common/src/main/java/org/apache/sentry/hdfs/HMSPaths.java b/sentry-hdfs/sentry-hdfs-common/src/main/java/org/apache/sentry/hdfs/HMSPaths.java index d52e361..4b38def 100644 --- a/sentry-hdfs/sentry-hdfs-common/src/main/java/org/apache/sentry/hdfs/HMSPaths.java +++ b/sentry-hdfs/sentry-hdfs-common/src/main/java/org/apache/sentry/hdfs/HMSPaths.java @@ -17,19 +17,16 @@ */ package org.apache.sentry.hdfs; -import java.util.ArrayList; -import java.util.HashMap; -import java.util.HashSet; -import java.util.LinkedList; -import java.util.List; -import java.util.Map; -import java.util.Set; +import java.util.*; +import com.google.common.base.Joiner; import org.apache.hadoop.fs.Path; import com.google.common.annotations.VisibleForTesting; import com.google.common.base.Preconditions; import com.google.common.collect.Lists; +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; /** * A non thread-safe implementation of {@link AuthzPaths}. It abstracts over the @@ -39,6 +36,8 @@ import com.google.common.collect.Lists; */ public class HMSPaths implements AuthzPaths { + private static Logger LOG = LoggerFactory.getLogger(HMSPaths.class); + @VisibleForTesting static List<String> getPathElements(String path) { path = path.trim(); @@ -63,7 +62,7 @@ public class HMSPaths implements AuthzPaths { } @VisibleForTesting - static List<List<String>> gePathsElements(List<String> paths) { + static List<List<String>> getPathsElements(List<String> paths) { List<List<String>> pathsElements = new ArrayList<List<String>>(paths.size()); for (String path : paths) { pathsElements.add(getPathElements(path)); @@ -110,7 +109,13 @@ public class HMSPaths implements AuthzPaths { private Entry parent; private EntryType type; private String pathElement; - private String authzObj; + + // A set of authorizable objects associated with this entry. Authorizable + // object should be case insensitive. + private Set<String> authzObjs; + + // Path of child element to the path entry mapping. + // e.g. 'b' -> '/a/b' private final Map<String, Entry> children; Entry(Entry parent, String pathElement, EntryType type, @@ -118,12 +123,47 @@ public class HMSPaths implements AuthzPaths { this.parent = parent; this.type = type; this.pathElement = pathElement; - this.authzObj = authzObj; + this.authzObjs = new TreeSet<String>(String.CASE_INSENSITIVE_ORDER); + addAuthzObj(authzObj); + children = new HashMap<String, Entry>(); + } + + Entry(Entry parent, String pathElement, EntryType type, + Set<String> authzObjs) { + this.parent = parent; + this.type = type; + this.pathElement = pathElement; + this.authzObjs = new TreeSet<String>(String.CASE_INSENSITIVE_ORDER); + addAuthzObjs(authzObjs); children = new HashMap<String, Entry>(); } - void setAuthzObj(String authzObj) { - this.authzObj = authzObj; + // Get all the mapping of the children element to + // the path entries. + public Map<String, Entry> getChildren() { + return children; + } + + void clearAuthzObjs() { + authzObjs = new HashSet<String>(); + } + + void removeAuthzObj(String authzObj) { + authzObjs.remove(authzObj); + } + + void addAuthzObj(String authzObj) { + if (authzObj != null) { + authzObjs.add(authzObj); + } + } + + void addAuthzObjs(Set<String> authzObjs) { + if (authzObjs != null) { + for (String authObj : authzObjs) { + this.authzObjs.add(authObj); + } + } } private void setType(EntryType type) { @@ -136,42 +176,64 @@ public class HMSPaths implements AuthzPaths { public String toString() { return String.format("Entry[fullPath: %s, type: %s, authObject: %s]", - getFullPath(), type, authzObj); - } - + getFullPath(), type, Joiner.on(",").join(authzObjs)); + } + + /** + * Create a child entry based on the path, type and authzObj that + * associates with it. + * + * @param pathElements a path split into segments. + * @param type the type of the child entry. + * @param authzObj the authorizable Object associates with the entry. + * @return Returns the child entry. + */ private Entry createChild(List<String> pathElements, EntryType type, String authzObj) { + + // Parent entry is the current referring one. Entry entryParent = this; + + // Creates the entry based on the path elements (if not found) until reaches its + // direct parent. for (int i = 0; i < pathElements.size() - 1; i++) { + String pathElement = pathElements.get(i); Entry child = entryParent.getChildren().get(pathElement); + if (child == null) { - child = new Entry(entryParent, pathElement, EntryType.DIR, null); + child = new Entry(entryParent, pathElement, EntryType.DIR, (String) null); entryParent.getChildren().put(pathElement, child); } + entryParent = child; } + String lastPathElement = pathElements.get(pathElements.size() - 1); Entry child = entryParent.getChildren().get(lastPathElement); + + // Create the child entry if not found. If found and the entry is + // already a prefix or authzObj type, then only add the authzObj. + // If the entry already existed as dir, we change it to be a authzObj, + // and add the authzObj. if (child == null) { child = new Entry(entryParent, lastPathElement, type, authzObj); entryParent.getChildren().put(lastPathElement, child); } else if (type == EntryType.AUTHZ_OBJECT && - child.getType() == EntryType.PREFIX) { - // Support for default db in hive (which is usually a prefix dir) - child.setAuthzObj(authzObj); + (child.getType() == EntryType.PREFIX || child.getType() == EntryType.AUTHZ_OBJECT)) { + child.addAuthzObj(authzObj); } else if (type == EntryType.AUTHZ_OBJECT && child.getType() == EntryType.DIR) { - // if the entry already existed as dir, we change it to be a authz obj - child.setAuthzObj(authzObj); + child.addAuthzObj(authzObj); child.setType(EntryType.AUTHZ_OBJECT); } + return child; } public static Entry createRoot(boolean asPrefix) { - return new Entry(null, "/", (asPrefix) - ? EntryType.PREFIX : EntryType.DIR, null); + return new Entry(null, "/", (asPrefix) + ? EntryType.PREFIX : EntryType.DIR, (String) null); } private String toPath(List<String> arr) { @@ -202,6 +264,32 @@ public class HMSPaths implements AuthzPaths { return entry; } + public void deleteAuthzObject(String authzObj) { + if (getParent() != null) { + if (getChildren().isEmpty()) { + + // Remove the authzObj on the path entry. If the path + // entry no longer maps to any authzObj, removes the + // entry recursively. + authzObjs.remove(authzObj); + if (authzObjs.size() == 0) { + getParent().getChildren().remove(getPathElement()); + getParent().deleteIfDangling(); + parent = null; + } + } else { + + // if the entry was for an authz object and has children, we + // change it to be a dir entry. And remove the authzObj on + // the path entry. + if (getType() == EntryType.AUTHZ_OBJECT) { + setType(EntryType.DIR); + authzObjs.remove(authzObj); + } + } + } + } + public void delete() { if (getParent() != null) { if (getChildren().isEmpty()) { @@ -213,7 +301,7 @@ public class HMSPaths implements AuthzPaths { // change it to be a dir entry. if (getType() == EntryType.AUTHZ_OBJECT) { setType(EntryType.DIR); - setAuthzObj(null); + clearAuthzObjs(); } } } @@ -237,14 +325,11 @@ public class HMSPaths implements AuthzPaths { return pathElement; } - public String getAuthzObj() { - return authzObj; + public Set<String> getAuthzObjs() { + return authzObjs; } - @SuppressWarnings("unchecked") - public Map<String, Entry> getChildren() { - return children; - } + public Entry findPrefixEntry(List<String> pathElements) { Preconditions.checkArgument(pathElements != null, @@ -281,17 +366,17 @@ public class HMSPaths implements AuthzPaths { boolean isPartialMatchOk, Entry lastAuthObj) { Entry found = null; if (index == pathElements.length) { - if (isPartialMatchOk && (getAuthzObj() != null)) { + if (isPartialMatchOk && (getAuthzObjs().size() != 0)) { found = this; } } else { Entry child = getChildren().get(pathElements[index]); if (child != null) { if (index == pathElements.length - 1) { - found = (child.getAuthzObj() != null) ? child : lastAuthObj; + found = (child.getAuthzObjs().size() != 0) ? child : lastAuthObj; } else { found = child.find(pathElements, index + 1, isPartialMatchOk, - (child.getAuthzObj() != null) ? child : lastAuthObj); + (child.getAuthzObjs().size() != 0) ? child : lastAuthObj); } } else { if (isPartialMatchOk) { @@ -322,6 +407,9 @@ public class HMSPaths implements AuthzPaths { private volatile Entry root; private String[] prefixes; + + // The hive authorized objects to path entries mapping. + // One authorized object can map to a set of path entries. private Map<String, Set<Entry>> authzObjToPath; public HMSPaths(String[] pathPrefixes) { @@ -340,11 +428,12 @@ public class HMSPaths implements AuthzPaths { root.createPrefix(getPathElements(pathPrefix)); } } - authzObjToPath = new HashMap<String, Set<Entry>>(); + + authzObjToPath = new TreeMap<String, Set<Entry>>(String.CASE_INSENSITIVE_ORDER); } void _addAuthzObject(String authzObj, List<String> authzObjPaths) { - addAuthzObject(authzObj, gePathsElements(authzObjPaths)); + addAuthzObject(authzObj, getPathsElements(authzObjPaths)); } void addAuthzObject(String authzObj, List<List<String>> authzObjPathElements) { @@ -363,7 +452,7 @@ public class HMSPaths implements AuthzPaths { previousEntries.removeAll(newEntries); if (!previousEntries.isEmpty()) { for (Entry entry : previousEntries) { - entry.delete(); + entry.deleteAuthzObject(authzObj); } } } @@ -392,7 +481,7 @@ public class HMSPaths implements AuthzPaths { } void _addPathsToAuthzObject(String authzObj, List<String> authzObjPaths) { - addPathsToAuthzObject(authzObj, gePathsElements(authzObjPaths), false); + addPathsToAuthzObject(authzObj, getPathsElements(authzObjPaths), false); } void addPathsToAuthzObject(String authzObj, List<List<String>> authzObjPaths) { @@ -408,7 +497,7 @@ public class HMSPaths implements AuthzPaths { Entry entry = root.find( pathElements.toArray(new String[pathElements.size()]), false); if (entry != null) { - entry.delete(); + entry.deleteAuthzObject(authzObj); toDelEntries.add(entry); } else { // LOG WARN IGNORING PATH, it was not in registered @@ -424,30 +513,36 @@ public class HMSPaths implements AuthzPaths { Set<Entry> entries = authzObjToPath.remove(authzObj); if (entries != null) { for (Entry entry : entries) { - entry.delete(); + entry.deleteAuthzObject(authzObj); } } } @Override - public String findAuthzObject(String[] pathElements) { + public Set<String> findAuthzObject(String[] pathElements) { return findAuthzObject(pathElements, true); } @Override - public String findAuthzObjectExactMatch(String[] pathElements) { + public Set<String> findAuthzObjectExactMatches(String[] pathElements) { return findAuthzObject(pathElements, false); } - public String findAuthzObject(String[] pathElements, boolean isPartialOk) { + /** + * Based on the isPartialOk flag, returns all authorizable Objects + * (database/table/partition) associated with the path, or if no match + * is found returns the first ancestor that has the associated + * authorizable objects. + * + * @param pathElements A path split into segments. + * @param isPartialOk Flag that indicates if patial path match is Ok or not. + * @return Returns a set of authzObjects authzObject associated with this path. + */ + public Set<String> findAuthzObject(String[] pathElements, boolean isPartialOk) { // Handle '/' if ((pathElements == null)||(pathElements.length == 0)) return null; - String authzObj = null; Entry entry = root.find(pathElements, isPartialOk); - if (entry != null) { - authzObj = entry.getAuthzObj(); - } - return authzObj; + return (entry != null) ? entry.getAuthzObjs() : null; } boolean renameAuthzObject(String oldName, List<String> oldPathElems, @@ -456,7 +551,7 @@ public class HMSPaths implements AuthzPaths { if ((oldPathElems == null)||(oldPathElems.size() == 0)) return false; Entry entry = root.find(oldPathElems.toArray(new String[oldPathElems.size()]), false); - if ((entry != null)&&(entry.getAuthzObj().equals(oldName))) { + if ((entry != null) && (entry.getAuthzObjs().contains(oldName))) { // Update pathElements String[] newPath = newPathElems.toArray(new String[newPathElems.size()]); // Can't use Lists.newArrayList() because of whacky generics @@ -474,8 +569,9 @@ public class HMSPaths implements AuthzPaths { Set<Entry> eSet = authzObjToPath.get(oldName); authzObjToPath.put(newName, eSet); for (Entry e : eSet) { - if (e.getAuthzObj().equals(oldName)) { - e.setAuthzObj(newName); + if (e.getAuthzObjs().contains(oldName)) { + e.removeAuthzObj(oldName); + e.addAuthzObj(newName); } } authzObjToPath.remove(oldName); http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/4b33ad92/sentry-hdfs/sentry-hdfs-common/src/main/java/org/apache/sentry/hdfs/HMSPathsDumper.java ---------------------------------------------------------------------- diff --git a/sentry-hdfs/sentry-hdfs-common/src/main/java/org/apache/sentry/hdfs/HMSPathsDumper.java b/sentry-hdfs/sentry-hdfs-common/src/main/java/org/apache/sentry/hdfs/HMSPathsDumper.java index 8f7bb0f..d62222b 100644 --- a/sentry-hdfs/sentry-hdfs-common/src/main/java/org/apache/sentry/hdfs/HMSPathsDumper.java +++ b/sentry-hdfs/sentry-hdfs-common/src/main/java/org/apache/sentry/hdfs/HMSPathsDumper.java @@ -70,8 +70,8 @@ public class HMSPathsDumper implements AuthzPathsDumper<HMSPaths> { int myId = idCounter.incrementAndGet(); TPathEntry tEntry = new TPathEntry(entry.getType().getByte(), entry.getPathElement(), new HashSet<Integer>()); - if (entry.getAuthzObj() != null) { - tEntry.setAuthzObj(entry.getAuthzObj()); + if (entry.getAuthzObjs().size() != 0) { + tEntry.setAuthzObjs(entry.getAuthzObjs()); } idMap.put(myId, tEntry); return new Tuple(tEntry, myId); @@ -82,13 +82,12 @@ public class HMSPathsDumper implements AuthzPathsDumper<HMSPaths> { HMSPaths hmsPaths = new HMSPaths(this.hmsPaths.getPrefixes()); TPathEntry tRootEntry = pathDump.getNodeMap().get(pathDump.getRootId()); Entry rootEntry = hmsPaths.getRootEntry(); -// Entry rootEntry = new Entry(null, tRootEntry.getPathElement(), -// EntryType.fromByte(tRootEntry.getType()), tRootEntry.getAuthzObj()); Map<String, Set<Entry>> authzObjToPath = new HashMap<String, Set<Entry>>(); cloneToEntry(tRootEntry, rootEntry, pathDump.getNodeMap(), authzObjToPath, rootEntry.getType() == EntryType.PREFIX); hmsPaths.setRootEntry(rootEntry); hmsPaths.setAuthzObjToPathMapping(authzObjToPath); + return hmsPaths; } @@ -108,20 +107,21 @@ public class HMSPathsDumper implements AuthzPathsDumper<HMSPaths> { // Handle case when prefix entry has an authzObject // For Eg (default table mapped to /user/hive/warehouse) if (isChildPrefix) { - child.setAuthzObj(tChild.getAuthzObj()); + child.addAuthzObjs(tChild.getAuthzObjs()); } } if (child == null) { child = new Entry(parent, tChild.getPathElement(), - EntryType.fromByte(tChild.getType()), tChild.getAuthzObj()); + EntryType.fromByte(tChild.getType()), tChild.getAuthzObjs()); } - if (child.getAuthzObj() != null) { - Set<Entry> paths = authzObjToPath.get(child.getAuthzObj()); - if (paths == null) { - paths = new HashSet<Entry>(); - authzObjToPath.put(child.getAuthzObj(), paths); + if (child.getAuthzObjs().size() != 0) { + for (String authzObj: child.getAuthzObjs()) { + Set<Entry> paths = authzObjToPath.get(authzObj); + if (paths == null) { + paths = new HashSet<Entry>(); + } + paths.add(child); } - paths.add(child); } parent.getChildren().put(child.getPathElement(), child); cloneToEntry(tChild, child, idMap, authzObjToPath, isChildPrefix); http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/4b33ad92/sentry-hdfs/sentry-hdfs-common/src/main/java/org/apache/sentry/hdfs/PathsUpdate.java ---------------------------------------------------------------------- diff --git a/sentry-hdfs/sentry-hdfs-common/src/main/java/org/apache/sentry/hdfs/PathsUpdate.java b/sentry-hdfs/sentry-hdfs-common/src/main/java/org/apache/sentry/hdfs/PathsUpdate.java index 8c5edd7..1dcb75a 100644 --- a/sentry-hdfs/sentry-hdfs-common/src/main/java/org/apache/sentry/hdfs/PathsUpdate.java +++ b/sentry-hdfs/sentry-hdfs-common/src/main/java/org/apache/sentry/hdfs/PathsUpdate.java @@ -62,12 +62,15 @@ public class PathsUpdate implements Updateable.Update { public boolean hasFullImage() { return tPathsUpdate.isHasFullImage(); } + public TPathChanges newPathChange(String authzObject) { + TPathChanges pathChanges = new TPathChanges(authzObject, new LinkedList<List<String>>(), new LinkedList<List<String>>()); tPathsUpdate.addToPathChanges(pathChanges); return pathChanges; } + public List<TPathChanges> getPathChanges() { return tPathsUpdate.getPathChanges(); } http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/4b33ad92/sentry-hdfs/sentry-hdfs-common/src/main/java/org/apache/sentry/hdfs/Updateable.java ---------------------------------------------------------------------- diff --git a/sentry-hdfs/sentry-hdfs-common/src/main/java/org/apache/sentry/hdfs/Updateable.java b/sentry-hdfs/sentry-hdfs-common/src/main/java/org/apache/sentry/hdfs/Updateable.java index ac8459b..117fde2 100644 --- a/sentry-hdfs/sentry-hdfs-common/src/main/java/org/apache/sentry/hdfs/Updateable.java +++ b/sentry-hdfs/sentry-hdfs-common/src/main/java/org/apache/sentry/hdfs/Updateable.java @@ -23,7 +23,7 @@ import java.util.concurrent.locks.ReadWriteLock; public interface Updateable<K extends Updateable.Update> { /** - * Thrift currently does not support class inheritance.We need all update + * Thrift currently does not support class inheritance. We need all update * objects to expose a unified API. A wrapper class need to be created * implementing this interface and containing the generated thrift class as * a work around http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/4b33ad92/sentry-hdfs/sentry-hdfs-common/src/main/java/org/apache/sentry/hdfs/UpdateableAuthzPaths.java ---------------------------------------------------------------------- diff --git a/sentry-hdfs/sentry-hdfs-common/src/main/java/org/apache/sentry/hdfs/UpdateableAuthzPaths.java b/sentry-hdfs/sentry-hdfs-common/src/main/java/org/apache/sentry/hdfs/UpdateableAuthzPaths.java index b74f954..364a1f6 100644 --- a/sentry-hdfs/sentry-hdfs-common/src/main/java/org/apache/sentry/hdfs/UpdateableAuthzPaths.java +++ b/sentry-hdfs/sentry-hdfs-common/src/main/java/org/apache/sentry/hdfs/UpdateableAuthzPaths.java @@ -18,6 +18,7 @@ package org.apache.sentry.hdfs; import java.util.List; +import java.util.Set; import java.util.concurrent.atomic.AtomicLong; import java.util.concurrent.locks.ReadWriteLock; @@ -48,13 +49,13 @@ public class UpdateableAuthzPaths implements AuthzPaths, Updateable<PathsUpdate> } @Override - public String findAuthzObject(String[] pathElements) { + public Set<String> findAuthzObject(String[] pathElements) { return paths.findAuthzObject(pathElements); } @Override - public String findAuthzObjectExactMatch(String[] pathElements) { - return paths.findAuthzObjectExactMatch(pathElements); + public Set<String> findAuthzObjectExactMatches(String[] pathElements) { + return paths.findAuthzObjectExactMatches(pathElements); } @Override http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/4b33ad92/sentry-hdfs/sentry-hdfs-common/src/main/resources/sentry_hdfs_service.thrift ---------------------------------------------------------------------- diff --git a/sentry-hdfs/sentry-hdfs-common/src/main/resources/sentry_hdfs_service.thrift b/sentry-hdfs/sentry-hdfs-common/src/main/resources/sentry_hdfs_service.thrift index fb60855..5f9cf31 100644 --- a/sentry-hdfs/sentry-hdfs-common/src/main/resources/sentry_hdfs_service.thrift +++ b/sentry-hdfs/sentry-hdfs-common/src/main/resources/sentry_hdfs_service.thrift @@ -22,23 +22,39 @@ # Thrift Service that the MetaStore is built on # -include "share/fb303/if/fb303.thrift" +#include "share/fb303/if/fb303.thrift" namespace java org.apache.sentry.hdfs.service.thrift namespace php sentry.hdfs.thrift namespace cpp Apache.Sentry.HDFS.Thrift struct TPathChanges { + +# The authorizable object that needs to be updated. 1: required string authzObj; + +# The path (splits into string segments) that needs to be +# added to the authorizable object. 2: required list<list<string>> addPaths; + +# The path (splits into string segments) that needs to be +# deleted to the authorizable object. 3: required list<list<string>> delPaths; } struct TPathEntry { + +# The type of the Path Entry. 1: required byte type; + +# The path element in string. 2: required string pathElement; -3: optional string authzObj; + +# The child tuple id of the Path Entry. 4: required set<i32> children; + +# A set of authzObjs associated with the Path Entry. +5: optional set<string> authzObjs; } struct TPathsDump { @@ -54,14 +70,28 @@ struct TPathsUpdate { } struct TPrivilegeChanges { + +# The authorizable object that needs to be updated. 1: required string authzObj; + +# The privileges that needs to be added to +# the authorizable object. 2: required map<string, string> addPrivileges; + +# The privileges that needs to be deleted to +# the authorizable object. 3: required map<string, string> delPrivileges; } struct TRoleChanges { + +# The role that needs to be updated. 1: required string role; + +# The groups that needs to be added. 2: required list<string> addGroups; + +# The groups that needs to be deleted. 3: required list<string> delGroups; } @@ -69,7 +99,7 @@ struct TPermissionsUpdate { 1: required bool hasfullImage; 2: required i64 seqNum; 3: required map<string, TPrivilegeChanges> privilegeChanges; -4: required map<string, TRoleChanges> roleChanges; +4: required map<string, TRoleChanges> roleChanges; } struct TAuthzUpdateResponse { http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/4b33ad92/sentry-hdfs/sentry-hdfs-common/src/test/java/org/apache/sentry/hdfs/TestHMSPaths.java ---------------------------------------------------------------------- diff --git a/sentry-hdfs/sentry-hdfs-common/src/test/java/org/apache/sentry/hdfs/TestHMSPaths.java b/sentry-hdfs/sentry-hdfs-common/src/test/java/org/apache/sentry/hdfs/TestHMSPaths.java index 29868ae..bb74779 100644 --- a/sentry-hdfs/sentry-hdfs-common/src/test/java/org/apache/sentry/hdfs/TestHMSPaths.java +++ b/sentry-hdfs/sentry-hdfs-common/src/test/java/org/apache/sentry/hdfs/TestHMSPaths.java @@ -63,7 +63,7 @@ public class TestHMSPaths { root.toString(); Assert.assertNull(root.getParent()); Assert.assertEquals(HMSPaths.EntryType.DIR, root.getType()); - Assert.assertNull(root.getAuthzObj()); + Assert.assertTrue(root.getAuthzObjs().size() == 0); Assert.assertEquals(Path.SEPARATOR, root.getFullPath()); Assert.assertTrue(root.getChildren().isEmpty()); root.delete(); @@ -127,7 +127,7 @@ public class TestHMSPaths { Assert.assertEquals(root, entry.getParent()); Assert.assertEquals(HMSPaths.EntryType.PREFIX, entry.getType()); Assert.assertEquals("a", entry.getPathElement()); - Assert.assertNull(entry.getAuthzObj()); + Assert.assertEquals(0, entry.getAuthzObjs().size()); Assert.assertEquals(Path.SEPARATOR + "a", entry.getFullPath()); Assert.assertTrue(entry.getChildren().isEmpty()); @@ -167,13 +167,13 @@ public class TestHMSPaths { Assert.assertEquals(root, entry.getParent().getParent()); Assert.assertEquals(HMSPaths.EntryType.PREFIX, entry.getType()); - Assert.assertEquals(HMSPaths.EntryType.DIR, + Assert.assertEquals(HMSPaths.EntryType.DIR, entry.getParent().getType()); Assert.assertEquals("b", entry.getPathElement()); Assert.assertEquals("a", entry.getParent().getPathElement()); - Assert.assertNull(entry.getAuthzObj()); - Assert.assertNull(entry.getParent().getAuthzObj()); - Assert.assertEquals(Path.SEPARATOR + "a" + Path.SEPARATOR + "b", + Assert.assertTrue(entry.getAuthzObjs().size() == 0); + Assert.assertTrue(entry.getParent().getAuthzObjs().size() == 0); + Assert.assertEquals(Path.SEPARATOR + "a" + Path.SEPARATOR + "b", entry.getFullPath()); Assert.assertEquals(Path.SEPARATOR + "a", entry.getParent().getFullPath()); Assert.assertTrue(entry.getChildren().isEmpty()); @@ -212,7 +212,7 @@ public class TestHMSPaths { Assert.assertEquals(prefix, entry.getParent()); Assert.assertEquals(HMSPaths.EntryType.AUTHZ_OBJECT, entry.getType()); Assert.assertEquals("p1", entry.getPathElement()); - Assert.assertEquals("A", entry.getAuthzObj()); + Assert.assertTrue(entry.getAuthzObjs().contains("A")); Assert.assertEquals(Path.SEPARATOR + "a" + Path.SEPARATOR + "b" + Path.SEPARATOR + "p1", entry.getFullPath()); @@ -249,7 +249,7 @@ public class TestHMSPaths { Assert.assertEquals(prefix, entry.getParent().getParent()); Assert.assertEquals(HMSPaths.EntryType.AUTHZ_OBJECT, entry.getType()); Assert.assertEquals("p1", entry.getPathElement()); - Assert.assertEquals("A", entry.getAuthzObj()); + Assert.assertTrue(entry.getAuthzObjs().contains("A")); Assert.assertEquals(Path.SEPARATOR + "a" + Path.SEPARATOR + "b" + Path.SEPARATOR + "t" + Path.SEPARATOR + "p1", entry.getFullPath()); @@ -265,11 +265,11 @@ public class TestHMSPaths { Assert.assertEquals(HMSPaths.EntryType.AUTHZ_OBJECT, entry.getType()); Assert.assertEquals("p1", entry.getPathElement()); - Assert.assertEquals("A", entry.getAuthzObj()); + Assert.assertTrue(entry.getAuthzObjs().contains("A")); Assert.assertEquals(HMSPaths.EntryType.AUTHZ_OBJECT, ep2.getType()); Assert.assertEquals("p2", ep2.getPathElement()); - Assert.assertEquals("A", entry.getAuthzObj()); + Assert.assertTrue(entry.getAuthzObjs().contains("A")); Assert.assertEquals(entry, root.find(new String[]{"a", "b", "t", "p1"}, true)); @@ -296,7 +296,7 @@ public class TestHMSPaths { Assert.assertNull(root.find(new String[]{"a", "b", "t", "p1"}, true)); Assert.assertEquals(HMSPaths.EntryType.DIR, entry.getType()); - Assert.assertNull(entry.getAuthzObj()); + Assert.assertEquals(entry.getAuthzObjs().size(), 0); Assert.assertNull(root.find(new String[]{"a", "b", "t", "p1"}, false)); Assert.assertNull(root.find(new String[]{"a", "b", "t"}, false)); @@ -353,5 +353,19 @@ public class TestHMSPaths { Assert.assertEquals(prefix, root.findPrefixEntry( Lists.newArrayList("a", "b", "t", "p3"))); } + + @Test + public void testAuthzObjCaseInsensitive() { + HMSPaths.Entry root = HMSPaths.Entry.createRoot(false); + HMSPaths.Entry prefix = root.createPrefix(Lists.newArrayList("a", "b")); + + HMSPaths.Entry entry = root.createAuthzObjPath( + Lists.newArrayList("a", "b", "t", "p1"), "A"); + Assert.assertEquals(prefix, entry.getParent().getParent()); + Assert.assertEquals(HMSPaths.EntryType.AUTHZ_OBJECT, entry.getType()); + + // Authz Object is case insensitive. + Assert.assertTrue(entry.getAuthzObjs().contains("a")); + } } http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/4b33ad92/sentry-hdfs/sentry-hdfs-common/src/test/java/org/apache/sentry/hdfs/TestHMSPathsFullDump.java ---------------------------------------------------------------------- diff --git a/sentry-hdfs/sentry-hdfs-common/src/test/java/org/apache/sentry/hdfs/TestHMSPathsFullDump.java b/sentry-hdfs/sentry-hdfs-common/src/test/java/org/apache/sentry/hdfs/TestHMSPathsFullDump.java index d01f7dd..b43ad0e 100644 --- a/sentry-hdfs/sentry-hdfs-common/src/test/java/org/apache/sentry/hdfs/TestHMSPathsFullDump.java +++ b/sentry-hdfs/sentry-hdfs-common/src/test/java/org/apache/sentry/hdfs/TestHMSPathsFullDump.java @@ -29,7 +29,8 @@ import org.apache.thrift.protocol.TProtocolFactory; import org.junit.Test; import com.google.common.collect.Lists; - +import java.util.Arrays; +import java.util.HashSet; import java.io.IOException; import static org.junit.Assert.assertEquals; @@ -37,7 +38,6 @@ import static org.junit.Assert.assertFalse; import static org.junit.Assert.assertNull; public class TestHMSPathsFullDump { - private static boolean useCompact = true; @Test @@ -56,27 +56,27 @@ public class TestHMSPathsFullDump { hmsPaths._addAuthzObject("db2.tbl21", Lists.newArrayList("/user/hive/w2/db2/tbl21")); hmsPaths._addPathsToAuthzObject("db2.tbl21", Lists.newArrayList("/user/hive/w2/db2/tbl21/p1=1/p2=x")); - Assert.assertEquals("default", hmsPaths.findAuthzObject(new String[]{"user", "hive", "warehouse"}, false)); - Assert.assertEquals("db1", hmsPaths.findAuthzObject(new String[]{"user", "hive", "warehouse", "db1"}, false)); - Assert.assertEquals("db1.tbl11", hmsPaths.findAuthzObject(new String[]{"user", "hive", "warehouse", "db1", "tbl11"}, false)); - Assert.assertEquals("db1.tbl11", hmsPaths.findAuthzObject(new String[]{"user", "hive", "warehouse", "db1", "tbl11", "part111"}, false)); - Assert.assertEquals("db1.tbl11", hmsPaths.findAuthzObject(new String[]{"user", "hive", "warehouse", "db1", "tbl11", "part112"}, false)); + Assert.assertEquals(new HashSet<String>(Arrays.asList("default")), hmsPaths.findAuthzObject(new String[]{"user", "hive", "warehouse"}, false)); + Assert.assertEquals(new HashSet<String>(Arrays.asList("db1")), hmsPaths.findAuthzObject(new String[]{"user", "hive", "warehouse", "db1"}, false)); + Assert.assertEquals(new HashSet<String>(Arrays.asList("db1.tbl11")), hmsPaths.findAuthzObject(new String[]{"user", "hive", "warehouse", "db1", "tbl11"}, false)); + Assert.assertEquals(new HashSet<String>(Arrays.asList("db1.tbl11")), hmsPaths.findAuthzObject(new String[]{"user", "hive", "warehouse", "db1", "tbl11", "part111"}, false)); + Assert.assertEquals(new HashSet<String>(Arrays.asList("db1.tbl11")), hmsPaths.findAuthzObject(new String[]{"user", "hive", "warehouse", "db1", "tbl11", "part112"}, false)); - Assert.assertEquals("db1.tbl11", hmsPaths.findAuthzObject(new String[]{"user", "hive", "warehouse", "db1", "tbl11", "p1=1", "p2=x"}, false)); - Assert.assertEquals("db1.tbl11", hmsPaths.findAuthzObject(new String[]{"user", "hive", "warehouse", "db1", "tbl11", "p1=1"}, true)); - Assert.assertEquals("db2.tbl21", hmsPaths.findAuthzObject(new String[]{"user", "hive", "w2", "db2", "tbl21", "p1=1"}, true)); + Assert.assertEquals(new HashSet<String>(Arrays.asList("db1.tbl11")), hmsPaths.findAuthzObject(new String[]{"user", "hive", "warehouse", "db1", "tbl11", "p1=1", "p2=x"}, false)); + Assert.assertEquals(new HashSet<String>(Arrays.asList("db1.tbl11")), hmsPaths.findAuthzObject(new String[]{"user", "hive", "warehouse", "db1", "tbl11", "p1=1"}, true)); + Assert.assertEquals(new HashSet<String>(Arrays.asList("db2.tbl21")), hmsPaths.findAuthzObject(new String[]{"user", "hive", "w2", "db2", "tbl21", "p1=1"}, true)); HMSPathsDumper serDe = hmsPaths.getPathsDump(); TPathsDump pathsDump = serDe.createPathsDump(); HMSPaths hmsPaths2 = new HMSPaths(new String[] {"/user/hive/warehouse"}).getPathsDump().initializeFromDump(pathsDump); - Assert.assertEquals("default", hmsPaths2.findAuthzObject(new String[]{"user", "hive", "warehouse"}, false)); - Assert.assertEquals("db1", hmsPaths2.findAuthzObject(new String[]{"user", "hive", "warehouse", "db1"}, false)); - Assert.assertEquals("db1.tbl11", hmsPaths2.findAuthzObject(new String[]{"user", "hive", "warehouse", "db1", "tbl11"}, false)); - Assert.assertEquals("db1.tbl11", hmsPaths2.findAuthzObject(new String[]{"user", "hive", "warehouse", "db1", "tbl11", "part111"}, false)); - Assert.assertEquals("db1.tbl11", hmsPaths2.findAuthzObject(new String[]{"user", "hive", "warehouse", "db1", "tbl11", "part112"}, false)); + Assert.assertEquals(new HashSet<String>(Arrays.asList("default")), hmsPaths2.findAuthzObject(new String[]{"user", "hive", "warehouse"}, false)); + Assert.assertEquals(new HashSet<String>(Arrays.asList("db1")), hmsPaths2.findAuthzObject(new String[]{"user", "hive", "warehouse", "db1"}, false)); + Assert.assertEquals(new HashSet<String>(Arrays.asList("db1.tbl11")), hmsPaths2.findAuthzObject(new String[]{"user", "hive", "warehouse", "db1", "tbl11"}, false)); + Assert.assertEquals(new HashSet<String>(Arrays.asList("db1.tbl11")), hmsPaths2.findAuthzObject(new String[]{"user", "hive", "warehouse", "db1", "tbl11", "part111"}, false)); + Assert.assertEquals(new HashSet<String>(Arrays.asList("db1.tbl11")), hmsPaths2.findAuthzObject(new String[]{"user", "hive", "warehouse", "db1", "tbl11", "part112"}, false)); - // This path is not under prefix, so should not be deserialized.. + // This path is not under prefix, so should not be deserialized.. Assert.assertNull(hmsPaths2.findAuthzObject(new String[]{"user", "hive", "w2", "db2", "tbl21", "p1=1"}, true)); } @@ -101,8 +101,8 @@ public class TestHMSPathsFullDump { new TDeserializer(protoFactory).deserialize(tPathsDump, ser); HMSPaths fromDump = serDe.initializeFromDump(tPathsDump); System.out.println("Deserialization Time: " + (System.currentTimeMillis() - t1)); - Assert.assertEquals("db9.tbl999", fromDump.findAuthzObject(new String[]{"user", "hive", "warehouse", "db9", "tbl999"}, false)); - Assert.assertEquals("db9.tbl999", fromDump.findAuthzObject(new String[]{"user", "hive", "warehouse", "db9", "tbl999", "part99"}, false)); + Assert.assertEquals(new HashSet<String>(Arrays.asList("db9.tbl999")), fromDump.findAuthzObject(new String[]{"user", "hive", "warehouse", "db9", "tbl999"}, false)); + Assert.assertEquals(new HashSet<String>(Arrays.asList("db9.tbl999")), fromDump.findAuthzObject(new String[]{"user", "hive", "warehouse", "db9", "tbl999", "part99"}, false)); } /** http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/4b33ad92/sentry-hdfs/sentry-hdfs-common/src/test/java/org/apache/sentry/hdfs/TestUpdateableAuthzPaths.java ---------------------------------------------------------------------- diff --git a/sentry-hdfs/sentry-hdfs-common/src/test/java/org/apache/sentry/hdfs/TestUpdateableAuthzPaths.java b/sentry-hdfs/sentry-hdfs-common/src/test/java/org/apache/sentry/hdfs/TestUpdateableAuthzPaths.java index 4b8a058..98ab7ba 100644 --- a/sentry-hdfs/sentry-hdfs-common/src/test/java/org/apache/sentry/hdfs/TestUpdateableAuthzPaths.java +++ b/sentry-hdfs/sentry-hdfs-common/src/test/java/org/apache/sentry/hdfs/TestUpdateableAuthzPaths.java @@ -24,6 +24,7 @@ import static org.junit.Assert.assertNull; import java.util.concurrent.locks.ReentrantReadWriteLock; import org.apache.sentry.hdfs.service.thrift.TPathChanges; +import static org.junit.Assert.assertTrue; import org.junit.Test; import com.google.common.collect.Lists; @@ -33,10 +34,10 @@ public class TestUpdateableAuthzPaths { @Test public void testFullUpdate() { HMSPaths hmsPaths = createBaseHMSPaths(1, 1); - assertEquals("db1", hmsPaths.findAuthzObjectExactMatch(new String[]{"db1"})); - assertEquals("db1.tbl11", hmsPaths.findAuthzObjectExactMatch(new String[]{"db1", "tbl11"})); - assertEquals("db1.tbl11", hmsPaths.findAuthzObjectExactMatch(new String[]{"db1", "tbl11", "part111"})); - assertEquals("db1.tbl11", hmsPaths.findAuthzObjectExactMatch(new String[]{"db1", "tbl11", "part112"})); + assertTrue(hmsPaths.findAuthzObjectExactMatches(new String[]{"db1"}).contains("db1")); + assertTrue(hmsPaths.findAuthzObjectExactMatches(new String[]{"db1", "tbl11"}).contains("db1.tbl11")); + assertTrue(hmsPaths.findAuthzObjectExactMatches(new String[]{"db1", "tbl11", "part111"}).contains("db1.tbl11")); + assertTrue(hmsPaths.findAuthzObjectExactMatches(new String[]{"db1", "tbl11", "part112"}).contains("db1.tbl11")); UpdateableAuthzPaths authzPaths = new UpdateableAuthzPaths(hmsPaths); PathsUpdate update = new PathsUpdate(1, true); @@ -47,10 +48,10 @@ public class TestUpdateableAuthzPaths { assertFalse(pre == authzPaths2); authzPaths2 = pre; - assertEquals("db1", authzPaths2.findAuthzObjectExactMatch(new String[]{"db1"})); - assertEquals("db1.tbl11", authzPaths2.findAuthzObjectExactMatch(new String[]{"db1", "tbl11"})); - assertEquals("db1.tbl11", authzPaths2.findAuthzObjectExactMatch(new String[]{"db1", "tbl11", "part111"})); - assertEquals("db1.tbl11", authzPaths2.findAuthzObjectExactMatch(new String[]{"db1", "tbl11", "part112"})); + assertTrue(authzPaths2.findAuthzObjectExactMatches(new String[]{"db1"}).contains("db1")); + assertTrue(authzPaths2.findAuthzObjectExactMatches(new String[]{"db1", "tbl11"}).contains("db1.tbl11")); + assertTrue(authzPaths2.findAuthzObjectExactMatches(new String[]{"db1", "tbl11", "part111"}).contains("db1.tbl11")); + assertTrue(authzPaths2.findAuthzObjectExactMatches(new String[]{"db1", "tbl11", "part112"}).contains("db1.tbl11")); // Ensure Full Update wipes old stuff UpdateableAuthzPaths authzPaths3 = new UpdateableAuthzPaths(createBaseHMSPaths(2, 1)); @@ -60,13 +61,13 @@ public class TestUpdateableAuthzPaths { assertFalse(pre == authzPaths2); authzPaths2 = pre; - assertNull(authzPaths2.findAuthzObjectExactMatch(new String[]{"db1"})); - assertNull(authzPaths2.findAuthzObjectExactMatch(new String[]{"db1", "tbl11"})); + assertNull(authzPaths2.findAuthzObjectExactMatches(new String[]{"db1"})); + assertNull(authzPaths2.findAuthzObjectExactMatches(new String[]{"db1", "tbl11"})); - assertEquals("db2", authzPaths2.findAuthzObjectExactMatch(new String[]{"db2"})); - assertEquals("db2.tbl21", authzPaths2.findAuthzObjectExactMatch(new String[]{"db2", "tbl21"})); - assertEquals("db2.tbl21", authzPaths2.findAuthzObjectExactMatch(new String[]{"db2", "tbl21", "part211"})); - assertEquals("db2.tbl21", authzPaths2.findAuthzObjectExactMatch(new String[]{"db2", "tbl21", "part212"})); + assertTrue(authzPaths2.findAuthzObjectExactMatches(new String[]{"db2"}).contains("db2")); + assertTrue(authzPaths2.findAuthzObjectExactMatches(new String[]{"db2", "tbl21"}).contains("db2.tbl21")); + assertTrue(authzPaths2.findAuthzObjectExactMatches(new String[]{"db2", "tbl21", "part211"}).contains("db2.tbl21")); + assertTrue(authzPaths2.findAuthzObjectExactMatches(new String[]{"db2", "tbl21", "part212"}).contains("db2.tbl21")); } @Test @@ -87,14 +88,14 @@ public class TestUpdateableAuthzPaths { authzPaths.updatePartial(Lists.newArrayList(update), lock); // Ensure no change in existing Paths - assertEquals("db1", authzPaths.findAuthzObjectExactMatch(new String[]{"db1"})); - assertEquals("db1.tbl11", authzPaths.findAuthzObjectExactMatch(new String[]{"db1", "tbl11"})); - assertEquals("db1.tbl11", authzPaths.findAuthzObjectExactMatch(new String[]{"db1", "tbl11", "part111"})); - assertEquals("db1.tbl11", authzPaths.findAuthzObjectExactMatch(new String[]{"db1", "tbl11", "part112"})); + assertTrue(authzPaths.findAuthzObjectExactMatches(new String[]{"db1"}).contains("db1")); + assertTrue(authzPaths.findAuthzObjectExactMatches(new String[]{"db1", "tbl11"}).contains("db1.tbl11")); + assertTrue(authzPaths.findAuthzObjectExactMatches(new String[]{"db1", "tbl11", "part111"}).contains("db1.tbl11")); + assertTrue(authzPaths.findAuthzObjectExactMatches(new String[]{"db1", "tbl11", "part112"}).contains("db1.tbl11")); // Verify new Paths - assertEquals("db1.tbl12", authzPaths.findAuthzObjectExactMatch(new String[]{"db1", "tbl12"})); - assertEquals("db1.tbl12", authzPaths.findAuthzObjectExactMatch(new String[]{"db1", "tbl12", "part121"})); + assertTrue(authzPaths.findAuthzObjectExactMatches(new String[]{"db1", "tbl12"}).contains("db1.tbl12")); + assertTrue(authzPaths.findAuthzObjectExactMatches(new String[]{"db1", "tbl12", "part121"}).contains("db1.tbl12")); // Rename table update = new PathsUpdate(4, false); @@ -103,17 +104,17 @@ public class TestUpdateableAuthzPaths { authzPaths.updatePartial(Lists.newArrayList(update), lock); // Verify name change - assertEquals("db1", authzPaths.findAuthzObjectExactMatch(new String[]{"db1"})); - assertEquals("db1.xtbl11", authzPaths.findAuthzObjectExactMatch(new String[]{"db1", "xtbl11"})); + assertTrue(authzPaths.findAuthzObjectExactMatches(new String[]{"db1"}).contains("db1")); + assertTrue(authzPaths.findAuthzObjectExactMatches(new String[]{"db1", "xtbl11"}).contains("db1.xtbl11")); // Explicit set location has to be done on the partition else it will be associated to // the old location - assertEquals("db1.xtbl11", authzPaths.findAuthzObjectExactMatch(new String[]{"db1", "tbl11", "part111"})); - assertEquals("db1.xtbl11", authzPaths.findAuthzObjectExactMatch(new String[]{"db1", "tbl11", "part112"})); + assertTrue(authzPaths.findAuthzObjectExactMatches(new String[]{"db1", "tbl11", "part111"}).contains("db1.xtbl11")); + assertTrue(authzPaths.findAuthzObjectExactMatches(new String[]{"db1", "tbl11", "part112"}).contains("db1.xtbl11")); // Verify other tables are not touched - assertNull(authzPaths.findAuthzObjectExactMatch(new String[]{"db1", "xtbl12"})); - assertNull(authzPaths.findAuthzObjectExactMatch(new String[]{"db1", "xtbl12", "part121"})); - assertEquals("db1.tbl12", authzPaths.findAuthzObjectExactMatch(new String[]{"db1", "tbl12"})); - assertEquals("db1.tbl12", authzPaths.findAuthzObjectExactMatch(new String[]{"db1", "tbl12", "part121"})); + assertNull(authzPaths.findAuthzObjectExactMatches(new String[]{"db1", "xtbl12"})); + assertNull(authzPaths.findAuthzObjectExactMatches(new String[]{"db1", "xtbl12", "part121"})); + assertTrue(authzPaths.findAuthzObjectExactMatches(new String[]{"db1", "tbl12"}).contains("db1.tbl12")); + assertTrue(authzPaths.findAuthzObjectExactMatches(new String[]{"db1", "tbl12", "part121"}).contains("db1.tbl12")); } @@ -122,9 +123,9 @@ public class TestUpdateableAuthzPaths { HMSPaths hmsPaths = createBaseHMSPaths(1, 1); UpdateableAuthzPaths authzPaths = new UpdateableAuthzPaths(hmsPaths); ReentrantReadWriteLock lock = new ReentrantReadWriteLock(); - assertEquals("db1.tbl11", authzPaths.findAuthzObjectExactMatch(new String[]{"db1", "tbl11"})); - assertEquals("db1.tbl11", authzPaths.findAuthzObjectExactMatch(new String[]{"db1", "tbl11", "part111"})); - + assertTrue(authzPaths.findAuthzObjectExactMatches(new String[]{"db1", "tbl11"}).contains("db1.tbl11")); + assertTrue(authzPaths.findAuthzObjectExactMatches(new String[]{"db1", "tbl11", "part111"}).contains("db1.tbl11")); + // Drop partition PathsUpdate update = new PathsUpdate(2, false); TPathChanges pathChange = update.newPathChange("db1.tbl11"); @@ -132,17 +133,17 @@ public class TestUpdateableAuthzPaths { authzPaths.updatePartial(Lists.newArrayList(update), lock); // Verify Paths deleted - assertNull(authzPaths.findAuthzObjectExactMatch(new String[]{"db1", "tbl11", "part111"})); + assertNull(authzPaths.findAuthzObjectExactMatches(new String[]{"db1", "tbl11", "part111"})); // Verify rest ok - assertEquals("db1.tbl11", authzPaths.findAuthzObjectExactMatch(new String[]{"db1", "tbl11", "part112"})); + assertTrue(authzPaths.findAuthzObjectExactMatches(new String[]{"db1", "tbl11", "part112"}).contains("db1.tbl11")); } @Test public void testDefaultDbPath() { HMSPaths hmsPaths = new HMSPaths(new String[] {"/user/hive/warehouse"}); hmsPaths._addAuthzObject("default", Lists.newArrayList("/user/hive/warehouse")); - assertEquals("default", hmsPaths.findAuthzObject(new String[]{"user", "hive", "warehouse"})); + assertTrue(hmsPaths.findAuthzObject(new String[]{"user", "hive", "warehouse"}).contains("default")); } private HMSPaths createBaseHMSPaths(int dbNum, int tblNum) {
