http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/95b1e40e/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/generic/service/thrift/SentryGenericServiceClient.java ---------------------------------------------------------------------- diff --git a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/generic/service/thrift/SentryGenericServiceClient.java b/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/generic/service/thrift/SentryGenericServiceClient.java index 4b31b0b..6050289 100644 --- a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/generic/service/thrift/SentryGenericServiceClient.java +++ b/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/generic/service/thrift/SentryGenericServiceClient.java @@ -33,10 +33,10 @@ public interface SentryGenericServiceClient { * @param component: The request is issued to which component * @throws SentryUserException */ - public void createRole(String requestorUserName, String roleName, + void createRole(String requestorUserName, String roleName, String component) throws SentryUserException; - public void createRoleIfNotExist(String requestorUserName, + void createRoleIfNotExist(String requestorUserName, String roleName, String component) throws SentryUserException; /** @@ -46,10 +46,10 @@ public interface SentryGenericServiceClient { * @param component: The request is issued to which component * @throws SentryUserException */ - public void dropRole(String requestorUserName, String roleName, + void dropRole(String requestorUserName, String roleName, String component) throws SentryUserException; - public void dropRoleIfExists(String requestorUserName, String roleName, + void dropRoleIfExists(String requestorUserName, String roleName, String component) throws SentryUserException; /** @@ -60,7 +60,7 @@ public interface SentryGenericServiceClient { * @param groups: The name of groups * @throws SentryUserException */ - public void addRoleToGroups(String requestorUserName, String roleName, + void addRoleToGroups(String requestorUserName, String roleName, String component, Set<String> groups) throws SentryUserException; /** @@ -71,7 +71,7 @@ public interface SentryGenericServiceClient { * @param groups: The name of groups * @throws SentryUserException */ - public void deleteRoleToGroups(String requestorUserName, String roleName, + void deleteRoleToGroups(String requestorUserName, String roleName, String component, Set<String> groups) throws SentryUserException; /** @@ -82,7 +82,7 @@ public interface SentryGenericServiceClient { * @param privilege * @throws SentryUserException */ - public void grantPrivilege(String requestorUserName, String roleName, + void grantPrivilege(String requestorUserName, String roleName, String component, TSentryPrivilege privilege) throws SentryUserException; /** @@ -93,7 +93,7 @@ public interface SentryGenericServiceClient { * @param privilege * @throws SentryUserException */ - public void revokePrivilege(String requestorUserName, String roleName, + void revokePrivilege(String requestorUserName, String roleName, String component, TSentryPrivilege privilege) throws SentryUserException; /** @@ -104,7 +104,7 @@ public interface SentryGenericServiceClient { * @param privilege * @throws SentryUserException */ - public void dropPrivilege(String requestorUserName,String component, + void dropPrivilege(String requestorUserName,String component, TSentryPrivilege privilege) throws SentryUserException; /** @@ -116,7 +116,7 @@ public interface SentryGenericServiceClient { * @param newAuthorizables * @throws SentryUserException */ - public void renamePrivilege(String requestorUserName, String component, + void renamePrivilege(String requestorUserName, String component, String serviceName, List<? extends Authorizable> oldAuthorizables, List<? extends Authorizable> newAuthorizables) throws SentryUserException; @@ -128,16 +128,16 @@ public interface SentryGenericServiceClient { * @return Set of thrift sentry role objects * @throws SentryUserException */ - public Set<TSentryRole> listRolesByGroupName( + Set<TSentryRole> listRolesByGroupName( String requestorUserName, String groupName, String component) throws SentryUserException; - public Set<TSentryRole> listUserRoles(String requestorUserName, String component) + Set<TSentryRole> listUserRoles(String requestorUserName, String component) throws SentryUserException; - public Set<TSentryRole> listAllRoles(String requestorUserName, String component) + Set<TSentryRole> listAllRoles(String requestorUserName, String component) throws SentryUserException; /** @@ -150,12 +150,12 @@ public interface SentryGenericServiceClient { * @return * @throws SentryUserException */ - public Set<TSentryPrivilege> listPrivilegesByRoleName( + Set<TSentryPrivilege> listPrivilegesByRoleName( String requestorUserName, String roleName, String component, String serviceName, List<? extends Authorizable> authorizables) throws SentryUserException; - public Set<TSentryPrivilege> listPrivilegesByRoleName( + Set<TSentryPrivilege> listPrivilegesByRoleName( String requestorUserName, String roleName, String component, String serviceName) throws SentryUserException; @@ -169,9 +169,9 @@ public interface SentryGenericServiceClient { * @returns the set of permissions * @throws SentryUserException */ - public Set<String> listPrivilegesForProvider(String component, + Set<String> listPrivilegesForProvider(String component, String serviceName, ActiveRoleSet roleSet, Set<String> groups, List<? extends Authorizable> authorizables) throws SentryUserException; - public void close(); + void close(); }
http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/95b1e40e/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/generic/service/thrift/SentryGenericServiceClientDefaultImpl.java ---------------------------------------------------------------------- diff --git a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/generic/service/thrift/SentryGenericServiceClientDefaultImpl.java b/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/generic/service/thrift/SentryGenericServiceClientDefaultImpl.java index c1eafe4..761b0a4 100644 --- a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/generic/service/thrift/SentryGenericServiceClientDefaultImpl.java +++ b/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/generic/service/thrift/SentryGenericServiceClientDefaultImpl.java @@ -378,8 +378,8 @@ public class SentryGenericServiceClientDefaultImpl implements SentryGenericServi public void renamePrivilege(String requestorUserName, String component, String serviceName, List<? extends Authorizable> oldAuthorizables, List<? extends Authorizable> newAuthorizables) throws SentryUserException { - if ((oldAuthorizables == null) || (oldAuthorizables.size() == 0) - || (newAuthorizables == null) || (newAuthorizables.size() == 0)) { + if (oldAuthorizables == null || oldAuthorizables.isEmpty() + || newAuthorizables == null || newAuthorizables.isEmpty()) { throw new SentryUserException("oldAuthorizables and newAuthorizables can't be null or empty"); } @@ -466,7 +466,7 @@ public class SentryGenericServiceClientDefaultImpl implements SentryGenericServi request.setServiceName(serviceName); request.setRequestorUserName(requestorUserName); request.setRoleName(roleName); - if ((authorizables != null) && (authorizables.size() > 0)) { + if (authorizables != null && !authorizables.isEmpty()) { List<TAuthorizable> tAuthorizables = Lists.newArrayList(); for (Authorizable authorizable : authorizables) { tAuthorizables.add(new TAuthorizable(authorizable.getTypeName(), authorizable.getName())); @@ -515,7 +515,7 @@ public class SentryGenericServiceClientDefaultImpl implements SentryGenericServi request.setGroups(groups); } List<TAuthorizable> tAuthoriables = Lists.newArrayList(); - if ((authorizables != null) && (authorizables.size() > 0)) { + if (authorizables != null && !authorizables.isEmpty()) { for (Authorizable authorizable : authorizables) { tAuthoriables.add(new TAuthorizable(authorizable.getTypeName(), authorizable.getName())); } http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/95b1e40e/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/log/appender/RollingFileWithoutDeleteAppender.java ---------------------------------------------------------------------- diff --git a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/log/appender/RollingFileWithoutDeleteAppender.java b/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/log/appender/RollingFileWithoutDeleteAppender.java index 7ca5813..b8dafc8 100644 --- a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/log/appender/RollingFileWithoutDeleteAppender.java +++ b/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/log/appender/RollingFileWithoutDeleteAppender.java @@ -22,7 +22,6 @@ import java.io.File; import java.io.IOException; import java.io.InterruptedIOException; import java.io.Writer; -import java.nio.file.Files; import org.apache.log4j.FileAppender; import org.apache.log4j.Layout; http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/95b1e40e/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/log/entity/JsonLogEntity.java ---------------------------------------------------------------------- diff --git a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/log/entity/JsonLogEntity.java b/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/log/entity/JsonLogEntity.java index f7edeb1..913f125 100644 --- a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/log/entity/JsonLogEntity.java +++ b/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/log/entity/JsonLogEntity.java @@ -20,6 +20,6 @@ package org.apache.sentry.provider.db.log.entity; public interface JsonLogEntity { - public String toJsonFormatLog() throws Exception; + String toJsonFormatLog() throws Exception; } http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/95b1e40e/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/model/MSentryGMPrivilege.java ---------------------------------------------------------------------- diff --git a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/model/MSentryGMPrivilege.java b/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/model/MSentryGMPrivilege.java index 266f349..56bbb8f 100644 --- a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/model/MSentryGMPrivilege.java +++ b/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/model/MSentryGMPrivilege.java @@ -21,7 +21,6 @@ import static org.apache.sentry.provider.common.ProviderConstants.AUTHORIZABLE_J import static org.apache.sentry.provider.common.ProviderConstants.KV_JOINER; import java.lang.reflect.Field; -import java.util.Arrays; import java.util.HashSet; import java.util.Iterator; import java.util.List; @@ -51,14 +50,15 @@ public class MSentryGMPrivilege { * We assume that the generic model privilege for any component(hive/impala or solr) doesn't exceed four level. * This generic model privilege currently can support maximum 4 level. **/ - private String resourceName0 = NULL_COL; - private String resourceType0 = NULL_COL; - private String resourceName1 = NULL_COL; - private String resourceType1 = NULL_COL; - private String resourceName2 = NULL_COL; - private String resourceType2 = NULL_COL; - private String resourceName3 = NULL_COL; - private String resourceType3 = NULL_COL; + private String resourceName0 = NULL_COL; //NOPMD + private String resourceType0 = NULL_COL; //NOPMD + private String resourceName1 = NULL_COL; //NOPMD + private String resourceType1 = NULL_COL; //NOPMD + private String resourceName2 = NULL_COL; //NOPMD + private String resourceType2 = NULL_COL; //NOPMD + private String resourceName3 = NULL_COL; //NOPMD + private String resourceType3 = NULL_COL; //NOPMD + private String serviceName; private String componentName; @@ -180,7 +180,7 @@ public class MSentryGMPrivilege { * @param authorizables */ public void setAuthorizables(List<? extends Authorizable> authorizables) { - if ((authorizables == null) || (authorizables.isEmpty())) { + if (authorizables == null || authorizables.isEmpty()) { //service scope scope = SERVICE_SCOPE; return; @@ -253,38 +253,51 @@ public class MSentryGMPrivilege { @Override public boolean equals(Object obj) { - if (this == obj) + if (this == obj) { return true; - if (obj == null) + } + if (obj == null) { return false; - if (getClass() != obj.getClass()) + } + if (getClass() != obj.getClass()) { return false; + } MSentryGMPrivilege other = (MSentryGMPrivilege) obj; if (action == null) { - if (other.action != null) + if (other.action != null) { return false; - } else if (!action.equalsIgnoreCase(other.action)) + } + } else if (!action.equalsIgnoreCase(other.action)) { return false; + } if (scope == null) { - if (other.scope != null) + if (other.scope != null) { return false; - } else if (!scope.equals(other.scope)) + } + } else if (!scope.equals(other.scope)) { return false; + } if (serviceName == null) { - if (other.serviceName != null) + if (other.serviceName != null) { return false; - } else if (!serviceName.equals(other.serviceName)) + } + } else if (!serviceName.equals(other.serviceName)) { return false; + } if (componentName == null) { - if (other.componentName != null) + if (other.componentName != null) { return false; - } else if (!componentName.equals(other.componentName)) + } + } else if (!componentName.equals(other.componentName)) { return false; + } if (grantOption == null) { - if (other.grantOption != null) + if (other.grantOption != null) { return false; - } else if (!grantOption.equals(other.grantOption)) + } + } else if (!grantOption.equals(other.grantOption)) { return false; + } List<? extends Authorizable> authorizables = getAuthorizables(); List<? extends Authorizable> other_authorizables = other.getAuthorizables(); @@ -349,7 +362,7 @@ public class MSentryGMPrivilege { } } - if ( (!existIterator.hasNext()) && (!requestIterator.hasNext()) ){ + if ( !existIterator.hasNext() && !requestIterator.hasNext() ){ /** * The persistent privilege has the same authorizables size as the requested privilege * The check is pass http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/95b1e40e/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/model/MSentryGroup.java ---------------------------------------------------------------------- diff --git a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/model/MSentryGroup.java b/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/model/MSentryGroup.java index 32dbafc..7e41c93 100644 --- a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/model/MSentryGroup.java +++ b/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/model/MSentryGroup.java @@ -91,20 +91,26 @@ public class MSentryGroup { @Override public boolean equals(Object obj) { - if (this == obj) + if (this == obj) { return true; - if (obj == null) + } + if (obj == null) { return false; - if (getClass() != obj.getClass()) + } + if (getClass() != obj.getClass()) { return false; + } MSentryGroup other = (MSentryGroup) obj; - if (createTime != other.createTime) + if (createTime != other.createTime) { return false; + } if (groupName == null) { - if (other.groupName != null) + if (other.groupName != null) { return false; - } else if (!groupName.equals(other.groupName)) + } + } else if (!groupName.equals(other.groupName)) { return false; + } return true; } -} \ No newline at end of file +} http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/95b1e40e/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/model/MSentryPrivilege.java ---------------------------------------------------------------------- diff --git a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/model/MSentryPrivilege.java b/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/model/MSentryPrivilege.java index 1c68a0f..4c3af79 100644 --- a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/model/MSentryPrivilege.java +++ b/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/model/MSentryPrivilege.java @@ -53,7 +53,7 @@ public class MSentryPrivilege { this.roles = new HashSet<MSentryRole>(); } - public MSentryPrivilege(String privilegeName, String privilegeScope, + public MSentryPrivilege(String privilegeScope, String serverName, String dbName, String tableName, String columnName, String URI, String action, Boolean grantOption) { this.privilegeScope = privilegeScope; @@ -67,10 +67,10 @@ public class MSentryPrivilege { this.roles = new HashSet<MSentryRole>(); } - public MSentryPrivilege(String privilegeName, String privilegeScope, + public MSentryPrivilege(String privilegeScope, String serverName, String dbName, String tableName, String columnName, String URI, String action) { - this(privilegeName, privilegeScope, serverName, dbName, tableName, + this(privilegeScope, serverName, dbName, tableName, columnName, URI, action, false); } @@ -202,48 +202,65 @@ public class MSentryPrivilege { @Override public boolean equals(Object obj) { - if (this == obj) + if (this == obj) { return true; - if (obj == null) + } + if (obj == null) { return false; - if (getClass() != obj.getClass()) + } + if (getClass() != obj.getClass()) { return false; + } MSentryPrivilege other = (MSentryPrivilege) obj; if (URI == null) { - if (other.URI != null) + if (other.URI != null) { return false; - } else if (!URI.equals(other.URI)) + } + } else if (!URI.equals(other.URI)) { return false; + } if (action == null) { - if (other.action != null) + if (other.action != null) { return false; - } else if (!action.equals(other.action)) + } + } else if (!action.equals(other.action)) { return false; + } if (dbName == null) { - if (other.dbName != null) + if (other.dbName != null) { return false; - } else if (!dbName.equals(other.dbName)) + } + } else if (!dbName.equals(other.dbName)) { return false; + } if (serverName == null) { - if (other.serverName != null) + if (other.serverName != null) { return false; - } else if (!serverName.equals(other.serverName)) + } + } else if (!serverName.equals(other.serverName)) { return false; + } if (tableName == null) { - if (other.tableName != null) + if (other.tableName != null) { return false; - } else if (!tableName.equals(other.tableName)) + } + } else if (!tableName.equals(other.tableName)) { return false; + } if (columnName == null) { - if (other.columnName != null) + if (other.columnName != null) { return false; - } else if (!columnName.equals(other.columnName)) + } + } else if (!columnName.equals(other.columnName)) { return false; + } if (grantOption == null) { - if (other.grantOption != null) + if (other.grantOption != null) { return false; - } else if (!grantOption.equals(other.grantOption)) + } + } else if (!grantOption.equals(other.grantOption)) { return false; + } return true; } http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/95b1e40e/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/model/MSentryRole.java ---------------------------------------------------------------------- diff --git a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/model/MSentryRole.java b/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/model/MSentryRole.java index 0076753..24514ea 100644 --- a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/model/MSentryRole.java +++ b/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/model/MSentryRole.java @@ -166,18 +166,23 @@ public class MSentryRole { @Override public boolean equals(Object obj) { - if (this == obj) + if (this == obj) { return true; - if (obj == null) + } + if (obj == null) { return false; - if (getClass() != obj.getClass()) + } + if (getClass() != obj.getClass()) { return false; + } MSentryRole other = (MSentryRole) obj; if (roleName == null) { - if (other.roleName != null) + if (other.roleName != null) { return false; - } else if (!roleName.equals(other.roleName)) + } + } else if (!roleName.equals(other.roleName)) { return false; + } return true; } http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/95b1e40e/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/persistent/FixedJsonInstanceSerializer.java ---------------------------------------------------------------------- diff --git a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/persistent/FixedJsonInstanceSerializer.java b/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/persistent/FixedJsonInstanceSerializer.java index 6eb36a1..476bf6a 100644 --- a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/persistent/FixedJsonInstanceSerializer.java +++ b/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/persistent/FixedJsonInstanceSerializer.java @@ -75,14 +75,14 @@ public class FixedJsonInstanceSerializer<T> implements InstanceSerializer<T> private Integer getIntegerField(final JsonNode pNode, final String pFieldName) { Preconditions.checkNotNull(pNode); Preconditions.checkNotNull(pFieldName); - return (pNode.get(pFieldName) != null && pNode.get(pFieldName).isNumber()) ? pNode.get(pFieldName) + return pNode.get(pFieldName) != null && pNode.get(pFieldName).isNumber() ? pNode.get(pFieldName) .getIntValue() : null; } private Long getLongField(final JsonNode pNode, final String pFieldName) { Preconditions.checkNotNull(pNode); Preconditions.checkNotNull(pFieldName); - return (pNode.get(pFieldName) != null && pNode.get(pFieldName).isLong()) ? pNode.get(pFieldName).getLongValue() + return pNode.get(pFieldName) != null && pNode.get(pFieldName).isLong() ? pNode.get(pFieldName).getLongValue() : null; } http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/95b1e40e/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/persistent/HAContext.java ---------------------------------------------------------------------- diff --git a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/persistent/HAContext.java b/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/persistent/HAContext.java index ada6308..eac10a0 100644 --- a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/persistent/HAContext.java +++ b/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/persistent/HAContext.java @@ -20,12 +20,7 @@ package org.apache.sentry.provider.db.service.persistent; import java.io.IOException; import java.util.Arrays; -import java.util.Collections; -import java.util.HashMap; import java.util.List; -import java.util.Map; - -import javax.security.auth.login.AppConfigurationEntry; import org.apache.curator.RetryPolicy; import org.apache.curator.framework.CuratorFramework; http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/95b1e40e/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/persistent/SentryStore.java ---------------------------------------------------------------------- diff --git a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/persistent/SentryStore.java b/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/persistent/SentryStore.java index 6798f2f..530bdc7 100644 --- a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/persistent/SentryStore.java +++ b/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/persistent/SentryStore.java @@ -176,7 +176,7 @@ public class SentryStore { prop.setProperty("datanucleus.NontransactionalWrite", "false"); pmf = JDOHelper.getPersistenceManagerFactory(prop); - verifySentryStoreSchema(conf, checkSchemaVersion); + verifySentryStoreSchema(checkSchemaVersion); // Kick off the thread that cleans orphaned privileges (unless told not to) privCleaner = this.new PrivCleaner(); @@ -189,8 +189,7 @@ public class SentryStore { } // ensure that the backend DB schema is set - private void verifySentryStoreSchema(Configuration serverConf, - boolean checkVersion) + private void verifySentryStoreSchema(boolean checkVersion) throws SentryNoSuchObjectException, SentryAccessDeniedException { if (!checkVersion) { setSentryVersion(SentryStoreSchemaInfo.getSentryVersion(), @@ -337,7 +336,7 @@ public class SentryStore { private <T> Long getCount(Class<T> tClass) { PersistenceManager pm = null; - Long size = new Long(-1); + Long size = Long.valueOf(-1); try { pm = openTransaction(); Query query = pm.newQuery(); @@ -448,8 +447,8 @@ public class SentryStore { throw new SentryNoSuchObjectException("Role: " + roleName); } else { - if ((!isNULL(privilege.getColumnName())) || (!isNULL(privilege.getTableName())) - || (!isNULL(privilege.getDbName()))) { + if (!isNULL(privilege.getColumnName()) || !isNULL(privilege.getTableName()) + || !isNULL(privilege.getDbName())) { // If Grant is for ALL and Either INSERT/SELECT already exists.. // need to remove it and GRANT ALL.. if (AccessConstants.ALL.equalsIgnoreCase(privilege.getAction()) @@ -459,12 +458,12 @@ public class SentryStore { MSentryPrivilege mSelect = getMSentryPrivilege(tNotAll, pm); tNotAll.setAction(AccessConstants.INSERT); MSentryPrivilege mInsert = getMSentryPrivilege(tNotAll, pm); - if ((mSelect != null) && (mRole.getPrivileges().contains(mSelect))) { + if (mSelect != null && mRole.getPrivileges().contains(mSelect)) { mSelect.removeRole(mRole); privCleaner.incPrivRemoval(); pm.makePersistent(mSelect); } - if ((mInsert != null) && (mRole.getPrivileges().contains(mInsert))) { + if (mInsert != null && mRole.getPrivileges().contains(mInsert)) { mInsert.removeRole(mRole); privCleaner.incPrivRemoval(); pm.makePersistent(mInsert); @@ -477,10 +476,10 @@ public class SentryStore { MSentryPrivilege mAll1 = getMSentryPrivilege(tAll, pm); tAll.setAction(AccessConstants.ACTION_ALL); MSentryPrivilege mAll2 = getMSentryPrivilege(tAll, pm); - if ((mAll1 != null) && (mRole.getPrivileges().contains(mAll1))) { + if (mAll1 != null && mRole.getPrivileges().contains(mAll1)) { return null; } - if ((mAll2 != null) && (mRole.getPrivileges().contains(mAll2))) { + if (mAll2 != null && mRole.getPrivileges().contains(mAll2)) { return null; } } @@ -584,10 +583,10 @@ public class SentryStore { privCleaner.incPrivRemoval(); pm.makePersistent(persistedPriv); } else if (requestedPrivToRevoke.getAction().equalsIgnoreCase(AccessConstants.SELECT) - && (!currentPrivilege.getAction().equalsIgnoreCase(AccessConstants.INSERT))) { + && !currentPrivilege.getAction().equalsIgnoreCase(AccessConstants.INSERT)) { revokeRolePartial(pm, mRole, currentPrivilege, persistedPriv, AccessConstants.INSERT); } else if (requestedPrivToRevoke.getAction().equalsIgnoreCase(AccessConstants.INSERT) - && (!currentPrivilege.getAction().equalsIgnoreCase(AccessConstants.SELECT))) { + && !currentPrivilege.getAction().equalsIgnoreCase(AccessConstants.SELECT)) { revokeRolePartial(pm, mRole, currentPrivilege, persistedPriv, AccessConstants.SELECT); } } @@ -602,7 +601,7 @@ public class SentryStore { currentPrivilege.setAction(AccessConstants.ALL); persistedPriv = getMSentryPrivilege(convertToTSentryPrivilege(currentPrivilege), pm); - if ((persistedPriv != null)&&(mRole.getPrivileges().contains(persistedPriv))) { + if (persistedPriv != null && mRole.getPrivileges().contains(persistedPriv)) { persistedPriv.removeRole(mRole); privCleaner.incPrivRemoval(); pm.makePersistent(persistedPriv); @@ -646,14 +645,14 @@ public class SentryStore { private void populateChildren(PersistenceManager pm, Set<String> roleNames, MSentryPrivilege priv, Set<MSentryPrivilege> children) throws SentryInvalidInputException { Preconditions.checkNotNull(pm); - if ((!isNULL(priv.getServerName())) || (!isNULL(priv.getDbName())) - || (!isNULL(priv.getTableName()))) { + if (!isNULL(priv.getServerName()) || !isNULL(priv.getDbName()) + || !isNULL(priv.getTableName())) { // Get all TableLevel Privs Set<MSentryPrivilege> childPrivs = getChildPrivileges(pm, roleNames, priv); for (MSentryPrivilege childPriv : childPrivs) { // Only recurse for table level privs.. - if ((!isNULL(childPriv.getDbName())) && (!isNULL(childPriv.getTableName())) - && (!isNULL(childPriv.getColumnName()))) { + if (!isNULL(childPriv.getDbName()) && !isNULL(childPriv.getTableName()) + && !isNULL(childPriv.getColumnName())) { populateChildren(pm, roleNames, childPriv, children); } // The method getChildPrivileges() didn't do filter on "action", @@ -682,7 +681,7 @@ public class SentryStore { private Set<MSentryPrivilege> getChildPrivileges(PersistenceManager pm, Set<String> roleNames, MSentryPrivilege parent) throws SentryInvalidInputException { // Column and URI do not have children - if ((!isNULL(parent.getColumnName())) || (!isNULL(parent.getURI()))) { + if (!isNULL(parent.getColumnName()) || !isNULL(parent.getURI())) { return new HashSet<MSentryPrivilege>(); } @@ -768,8 +767,9 @@ public class SentryStore { grantOption = false; } Object obj = query.execute(grantOption); - if (obj != null) + if (obj != null) { return (MSentryPrivilege) obj; + } return null; } @@ -928,7 +928,9 @@ public class SentryStore { } private boolean hasAnyServerPrivileges(Set<String> roleNames, String serverName) { - if ((roleNames.size() == 0)||(roleNames == null)) return false; + if (roleNames == null || roleNames.isEmpty()) { + return false; + } boolean rollbackTransaction = true; PersistenceManager pm = null; try { @@ -948,7 +950,7 @@ public class SentryStore { Long numPrivs = (Long) query.execute(); rollbackTransaction = false; commitTransaction(pm); - return (numPrivs > 0); + return numPrivs > 0; } finally { if (rollbackTransaction) { rollbackTransaction(pm); @@ -957,7 +959,9 @@ public class SentryStore { } List<MSentryPrivilege> getMSentryPrivileges(Set<String> roleNames, TSentryAuthorizable authHierarchy) { - if ((roleNames.size() == 0)||(roleNames == null)) return new ArrayList<MSentryPrivilege>(); + if (roleNames == null || roleNames.isEmpty()) { + return new ArrayList<MSentryPrivilege>(); + } boolean rollbackTransaction = true; PersistenceManager pm = null; try { @@ -970,20 +974,19 @@ public class SentryStore { } StringBuilder filters = new StringBuilder("roles.contains(role) " + "&& (" + Joiner.on(" || ").join(rolesFiler) + ") "); - if ((authHierarchy != null) && (authHierarchy.getServer() != null)) { + if (authHierarchy != null && authHierarchy.getServer() != null) { filters.append("&& serverName == \"" + authHierarchy.getServer().toLowerCase() + "\""); if (authHierarchy.getDb() != null) { filters.append(" && ((dbName == \"" + authHierarchy.getDb().toLowerCase() + "\") || (dbName == \"__NULL__\")) && (URI == \"__NULL__\")"); - if ((authHierarchy.getTable() != null) + if (authHierarchy.getTable() != null && !AccessConstants.ALL.equalsIgnoreCase(authHierarchy.getTable())) { if (!AccessConstants.SOME.equalsIgnoreCase(authHierarchy.getTable())) { filters.append(" && ((tableName == \"" + authHierarchy.getTable().toLowerCase() + "\") || (tableName == \"__NULL__\")) && (URI == \"__NULL__\")"); } - if ((authHierarchy.getColumn() != null) - && !AccessConstants.ALL.equalsIgnoreCase(authHierarchy.getColumn())) { - if (!AccessConstants.SOME.equalsIgnoreCase(authHierarchy.getColumn())) { - filters.append(" && ((columnName == \"" + authHierarchy.getColumn().toLowerCase() + "\") || (columnName == \"__NULL__\")) && (URI == \"__NULL__\")"); - } + if (authHierarchy.getColumn() != null + && !AccessConstants.ALL.equalsIgnoreCase(authHierarchy.getColumn()) + && !AccessConstants.SOME.equalsIgnoreCase(authHierarchy.getColumn())) { + filters.append(" && ((columnName == \"" + authHierarchy.getColumn().toLowerCase() + "\") || (columnName == \"__NULL__\")) && (URI == \"__NULL__\")"); } } } @@ -1010,7 +1013,7 @@ public class SentryStore { pm = openTransaction(); Query query = pm.newQuery(MSentryPrivilege.class); StringBuilder filters = new StringBuilder(); - if ((roleNames.size() == 0)||(roleNames == null)) { + if (roleNames.size() == 0 || roleNames == null) { filters.append(" !roles.isEmpty() "); } else { query.declareVariables("org.apache.sentry.provider.db.service.model.MSentryRole role"); @@ -1021,7 +1024,7 @@ public class SentryStore { filters.append("roles.contains(role) " + "&& (" + Joiner.on(" || ").join(rolesFiler) + ") "); } - if ((authHierarchy.getServer() != null)) { + if (authHierarchy.getServer() != null) { filters.append("&& serverName == \"" + authHierarchy.getServer().toLowerCase() + "\""); if (authHierarchy.getDb() != null) { @@ -1043,9 +1046,7 @@ public class SentryStore { // if no server, then return empty resultset return new ArrayList<MSentryPrivilege>(); } - FetchGroup grp = pm.getFetchGroup( - org.apache.sentry.provider.db.service.model.MSentryPrivilege.class, - "fetchRole"); + FetchGroup grp = pm.getFetchGroup(MSentryPrivilege.class, "fetchRole"); grp.addMember("roles"); pm.getFetchPlan().addGroup("fetchRole"); query.setFilter(filters.toString()); @@ -1128,13 +1129,13 @@ public class SentryStore { if (authHierarchy.getServer() == null) { throw new SentryInvalidInputException("serverName cannot be null !!"); } - if ((authHierarchy.getTable() != null) && (authHierarchy.getDb() == null)) { + if (authHierarchy.getTable() != null && authHierarchy.getDb() == null) { throw new SentryInvalidInputException("dbName cannot be null when tableName is present !!"); } - if ((authHierarchy.getColumn() != null) && (authHierarchy.getTable() == null)) { + if (authHierarchy.getColumn() != null && authHierarchy.getTable() == null) { throw new SentryInvalidInputException("tableName cannot be null when columnName is present !!"); } - if ((authHierarchy.getUri() == null) && (authHierarchy.getDb() == null)) { + if (authHierarchy.getUri() == null && authHierarchy.getDb() == null) { throw new SentryInvalidInputException("One of uri or dbName must not be null !!"); } return convertToTSentryPrivileges(getMSentryPrivileges(roleNames, authHierarchy)); @@ -1314,7 +1315,9 @@ public class SentryStore { @VisibleForTesting static Set<String> toTrimedLower(Set<String> s) { - if (null == s) return new HashSet<String>(); + if (null == s) { + return new HashSet<String>(); + } Set<String> result = Sets.newHashSet(); for (String v : s) { result.add(v.trim().toLowerCase()); @@ -1609,7 +1612,7 @@ public class SentryStore { List<MSentryPrivilege> mPrivileges = getMSentryPrivileges(tPrivilege, pm); if (mPrivileges != null && !mPrivileges.isEmpty()) { for (MSentryPrivilege mPrivilege : mPrivileges) { - roleSet.addAll(ImmutableSet.copyOf((mPrivilege.getRoles()))); + roleSet.addAll(ImmutableSet.copyOf(mPrivilege.getRoles())); } } http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/95b1e40e/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/persistent/ServiceManager.java ---------------------------------------------------------------------- diff --git a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/persistent/ServiceManager.java b/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/persistent/ServiceManager.java index 0e3c0bb..9f921d4 100644 --- a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/persistent/ServiceManager.java +++ b/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/persistent/ServiceManager.java @@ -21,8 +21,6 @@ package org.apache.sentry.provider.db.service.persistent; import java.io.IOException; import java.net.InetSocketAddress; -import org.apache.curator.framework.CuratorFramework; -import org.apache.curator.framework.imps.CuratorFrameworkState; import org.apache.curator.x.discovery.ServiceDiscovery; import org.apache.curator.x.discovery.ServiceDiscoveryBuilder; import org.apache.curator.x.discovery.ServiceInstance; http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/95b1e40e/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/persistent/ServiceRegister.java ---------------------------------------------------------------------- diff --git a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/persistent/ServiceRegister.java b/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/persistent/ServiceRegister.java index 1e17f9a..79dfe48 100644 --- a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/persistent/ServiceRegister.java +++ b/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/persistent/ServiceRegister.java @@ -18,7 +18,6 @@ package org.apache.sentry.provider.db.service.persistent; -import org.apache.curator.framework.imps.CuratorFrameworkState; import org.apache.curator.x.discovery.ServiceDiscoveryBuilder; import org.apache.curator.x.discovery.ServiceInstance; import org.apache.curator.x.discovery.details.InstanceSerializer; http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/95b1e40e/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/thrift/SentryPolicyServiceClient.java ---------------------------------------------------------------------- diff --git a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/thrift/SentryPolicyServiceClient.java b/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/thrift/SentryPolicyServiceClient.java index cbc0aaf..de50adb 100644 --- a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/thrift/SentryPolicyServiceClient.java +++ b/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/thrift/SentryPolicyServiceClient.java @@ -28,17 +28,17 @@ import org.apache.sentry.core.common.Authorizable; public interface SentryPolicyServiceClient { - public void createRole(String requestorUserName, String roleName) throws SentryUserException; + void createRole(String requestorUserName, String roleName) throws SentryUserException; - public void dropRole(String requestorUserName, String roleName) throws SentryUserException; + void dropRole(String requestorUserName, String roleName) throws SentryUserException; - public void dropRoleIfExists(String requestorUserName, String roleName) + void dropRoleIfExists(String requestorUserName, String roleName) throws SentryUserException; - public Set<TSentryRole> listRolesByGroupName(String requestorUserName, String groupName) + Set<TSentryRole> listRolesByGroupName(String requestorUserName, String groupName) throws SentryUserException; - public Set<TSentryPrivilege> listAllPrivilegesByRoleName(String requestorUserName, String roleName) + Set<TSentryPrivilege> listAllPrivilegesByRoleName(String requestorUserName, String roleName) throws SentryUserException; /** @@ -50,121 +50,121 @@ public interface SentryPolicyServiceClient { * @return Set of thrift sentry privilege objects * @throws SentryUserException */ - public Set<TSentryPrivilege> listPrivilegesByRoleName(String requestorUserName, String roleName, + Set<TSentryPrivilege> listPrivilegesByRoleName(String requestorUserName, String roleName, List<? extends Authorizable> authorizable) throws SentryUserException; - public Set<TSentryRole> listRoles(String requestorUserName) throws SentryUserException; + Set<TSentryRole> listRoles(String requestorUserName) throws SentryUserException; - public Set<TSentryRole> listUserRoles(String requestorUserName) throws SentryUserException; + Set<TSentryRole> listUserRoles(String requestorUserName) throws SentryUserException; - public TSentryPrivilege grantURIPrivilege(String requestorUserName, String roleName, + TSentryPrivilege grantURIPrivilege(String requestorUserName, String roleName, String server, String uri) throws SentryUserException; - public TSentryPrivilege grantURIPrivilege(String requestorUserName, String roleName, + TSentryPrivilege grantURIPrivilege(String requestorUserName, String roleName, String server, String uri, Boolean grantOption) throws SentryUserException; - public void grantServerPrivilege(String requestorUserName, String roleName, String server, + void grantServerPrivilege(String requestorUserName, String roleName, String server, String action) throws SentryUserException; - public TSentryPrivilege grantServerPrivilege(String requestorUserName, String roleName, + TSentryPrivilege grantServerPrivilege(String requestorUserName, String roleName, String server, Boolean grantOption) throws SentryUserException; - public TSentryPrivilege grantServerPrivilege(String requestorUserName, String roleName, + TSentryPrivilege grantServerPrivilege(String requestorUserName, String roleName, String server, String action, Boolean grantOption) throws SentryUserException; - public TSentryPrivilege grantDatabasePrivilege(String requestorUserName, String roleName, + TSentryPrivilege grantDatabasePrivilege(String requestorUserName, String roleName, String server, String db, String action) throws SentryUserException; - public TSentryPrivilege grantDatabasePrivilege(String requestorUserName, String roleName, + TSentryPrivilege grantDatabasePrivilege(String requestorUserName, String roleName, String server, String db, String action, Boolean grantOption) throws SentryUserException; - public TSentryPrivilege grantTablePrivilege(String requestorUserName, String roleName, + TSentryPrivilege grantTablePrivilege(String requestorUserName, String roleName, String server, String db, String table, String action) throws SentryUserException; - public TSentryPrivilege grantTablePrivilege(String requestorUserName, String roleName, + TSentryPrivilege grantTablePrivilege(String requestorUserName, String roleName, String server, String db, String table, String action, Boolean grantOption) throws SentryUserException; - public TSentryPrivilege grantColumnPrivilege(String requestorUserName, String roleName, + TSentryPrivilege grantColumnPrivilege(String requestorUserName, String roleName, String server, String db, String table, String columnName, String action) throws SentryUserException; - public TSentryPrivilege grantColumnPrivilege(String requestorUserName, String roleName, + TSentryPrivilege grantColumnPrivilege(String requestorUserName, String roleName, String server, String db, String table, String columnName, String action, Boolean grantOption) throws SentryUserException; - public Set<TSentryPrivilege> grantColumnsPrivileges(String requestorUserName, String roleName, + Set<TSentryPrivilege> grantColumnsPrivileges(String requestorUserName, String roleName, String server, String db, String table, List<String> columnNames, String action) throws SentryUserException; - public Set<TSentryPrivilege> grantColumnsPrivileges(String requestorUserName, String roleName, + Set<TSentryPrivilege> grantColumnsPrivileges(String requestorUserName, String roleName, String server, String db, String table, List<String> columnNames, String action, Boolean grantOption) throws SentryUserException; - public void revokeURIPrivilege(String requestorUserName, String roleName, String server, + void revokeURIPrivilege(String requestorUserName, String roleName, String server, String uri) throws SentryUserException; - public void revokeURIPrivilege(String requestorUserName, String roleName, String server, + void revokeURIPrivilege(String requestorUserName, String roleName, String server, String uri, Boolean grantOption) throws SentryUserException; - public void revokeServerPrivilege(String requestorUserName, String roleName, String server, + void revokeServerPrivilege(String requestorUserName, String roleName, String server, String action) throws SentryUserException; - public void revokeServerPrivilege(String requestorUserName, String roleName, String server, + void revokeServerPrivilege(String requestorUserName, String roleName, String server, String action, Boolean grantOption) throws SentryUserException; - public void revokeServerPrivilege(String requestorUserName, String roleName, String server, + void revokeServerPrivilege(String requestorUserName, String roleName, String server, boolean grantOption) throws SentryUserException; - public void revokeDatabasePrivilege(String requestorUserName, String roleName, String server, + void revokeDatabasePrivilege(String requestorUserName, String roleName, String server, String db, String action) throws SentryUserException; - public void revokeDatabasePrivilege(String requestorUserName, String roleName, String server, + void revokeDatabasePrivilege(String requestorUserName, String roleName, String server, String db, String action, Boolean grantOption) throws SentryUserException; - public void revokeTablePrivilege(String requestorUserName, String roleName, String server, + void revokeTablePrivilege(String requestorUserName, String roleName, String server, String db, String table, String action) throws SentryUserException; - public void revokeTablePrivilege(String requestorUserName, String roleName, String server, + void revokeTablePrivilege(String requestorUserName, String roleName, String server, String db, String table, String action, Boolean grantOption) throws SentryUserException; - public void revokeColumnPrivilege(String requestorUserName, String roleName, String server, + void revokeColumnPrivilege(String requestorUserName, String roleName, String server, String db, String table, String columnName, String action) throws SentryUserException; - public void revokeColumnPrivilege(String requestorUserName, String roleName, String server, + void revokeColumnPrivilege(String requestorUserName, String roleName, String server, String db, String table, String columnName, String action, Boolean grantOption) throws SentryUserException; - public void revokeColumnsPrivilege(String requestorUserName, String roleName, String server, + void revokeColumnsPrivilege(String requestorUserName, String roleName, String server, String db, String table, List<String> columns, String action) throws SentryUserException; - public void revokeColumnsPrivilege(String requestorUserName, String roleName, String server, + void revokeColumnsPrivilege(String requestorUserName, String roleName, String server, String db, String table, List<String> columns, String action, Boolean grantOption) throws SentryUserException; - public Set<String> listPrivilegesForProvider(Set<String> groups, ActiveRoleSet roleSet, + Set<String> listPrivilegesForProvider(Set<String> groups, ActiveRoleSet roleSet, Authorizable... authorizable) throws SentryUserException; - public void grantRoleToGroup(String requestorUserName, String groupName, String roleName) + void grantRoleToGroup(String requestorUserName, String groupName, String roleName) throws SentryUserException; - public void revokeRoleFromGroup(String requestorUserName, String groupName, String roleName) + void revokeRoleFromGroup(String requestorUserName, String groupName, String roleName) throws SentryUserException; - public void grantRoleToGroups(String requestorUserName, String roleName, Set<String> groups) + void grantRoleToGroups(String requestorUserName, String roleName, Set<String> groups) throws SentryUserException; - public void revokeRoleFromGroups(String requestorUserName, String roleName, Set<String> groups) + void revokeRoleFromGroups(String requestorUserName, String roleName, Set<String> groups) throws SentryUserException; - public void dropPrivileges(String requestorUserName, + void dropPrivileges(String requestorUserName, List<? extends Authorizable> authorizableObjects) throws SentryUserException; - public void renamePrivileges(String requestorUserName, + void renamePrivileges(String requestorUserName, List<? extends Authorizable> oldAuthorizables, List<? extends Authorizable> newAuthorizables) throws SentryUserException; - public Map<TSentryAuthorizable, TSentryPrivilegeMap> listPrivilegsbyAuthorizable( + Map<TSentryAuthorizable, TSentryPrivilegeMap> listPrivilegsbyAuthorizable( String requestorUserName, Set<List<? extends Authorizable>> authorizables, Set<String> groups, ActiveRoleSet roleSet) throws SentryUserException; @@ -178,15 +178,15 @@ public interface SentryPolicyServiceClient { * @return The value of the propertyName * @throws SentryUserException */ - public String getConfigValue(String propertyName, String defaultValue) throws SentryUserException; + String getConfigValue(String propertyName, String defaultValue) throws SentryUserException; - public void close(); + void close(); // Import the sentry mapping data with map structure - public void importPolicy(Map<String, Map<String, Set<String>>> policyFileMappingData, + void importPolicy(Map<String, Map<String, Set<String>>> policyFileMappingData, String requestorUserName, boolean isOverwriteRole) throws SentryUserException; // export the sentry mapping data with map structure - public Map<String, Map<String, Set<String>>> exportPolicy(String requestorUserName) + Map<String, Map<String, Set<String>>> exportPolicy(String requestorUserName) throws SentryUserException; } http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/95b1e40e/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/thrift/SentryPolicyServiceClientDefaultImpl.java ---------------------------------------------------------------------- diff --git a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/thrift/SentryPolicyServiceClientDefaultImpl.java b/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/thrift/SentryPolicyServiceClientDefaultImpl.java index 74f379a..c40edca 100644 --- a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/thrift/SentryPolicyServiceClientDefaultImpl.java +++ b/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/thrift/SentryPolicyServiceClientDefaultImpl.java @@ -432,7 +432,7 @@ public class SentryPolicyServiceClientDefaultImpl implements SentryPolicyService request.setProtocol_version(ThriftConstants.TSENTRY_SERVICE_VERSION_CURRENT); request.setRequestorUserName(requestorUserName); request.setRoleName(roleName); - Set<TSentryPrivilege> privileges = convertColumnPrivilege(requestorUserName, scope, + Set<TSentryPrivilege> privileges = convertColumnPrivilege(scope, serverName, uri, db, table, column, action, grantOption); request.setPrivileges(privileges); try { @@ -465,7 +465,7 @@ public class SentryPolicyServiceClientDefaultImpl implements SentryPolicyService request.setProtocol_version(ThriftConstants.TSENTRY_SERVICE_VERSION_CURRENT); request.setRequestorUserName(requestorUserName); request.setRoleName(roleName); - Set<TSentryPrivilege> privileges = convertColumnPrivileges(requestorUserName, scope, + Set<TSentryPrivilege> privileges = convertColumnPrivileges(scope, serverName, uri, db, table, columns, action, grantOption); request.setPrivileges(privileges); try { @@ -593,7 +593,7 @@ public class SentryPolicyServiceClientDefaultImpl implements SentryPolicyService request.setProtocol_version(ThriftConstants.TSENTRY_SERVICE_VERSION_CURRENT); request.setRequestorUserName(requestorUserName); request.setRoleName(roleName); - Set<TSentryPrivilege> privileges = convertColumnPrivileges(requestorUserName, scope, + Set<TSentryPrivilege> privileges = convertColumnPrivileges(scope, serverName, uri, db, table, columns, action, grantOption); request.setPrivileges(privileges); try { @@ -604,7 +604,7 @@ public class SentryPolicyServiceClientDefaultImpl implements SentryPolicyService } } - private Set<TSentryPrivilege> convertColumnPrivileges(String requestorUserName, + private Set<TSentryPrivilege> convertColumnPrivileges( PrivilegeScope scope, String serverName, String uri, String db, String table, List<String> columns, String action, Boolean grantOption) { ImmutableSet.Builder<TSentryPrivilege> setBuilder = ImmutableSet.builder(); @@ -638,7 +638,7 @@ public class SentryPolicyServiceClientDefaultImpl implements SentryPolicyService return setBuilder.build(); } - private Set<TSentryPrivilege> convertColumnPrivilege(String requestorUserName, + private Set<TSentryPrivilege> convertColumnPrivilege( PrivilegeScope scope, String serverName, String uri, String db, String table, String column, String action, Boolean grantOption) { ImmutableSet.Builder<TSentryPrivilege> setBuilder = ImmutableSet.builder(); @@ -673,7 +673,7 @@ public class SentryPolicyServiceClientDefaultImpl implements SentryPolicyService TListSentryPrivilegesForProviderRequest request = new TListSentryPrivilegesForProviderRequest(ThriftConstants. TSENTRY_SERVICE_VERSION_CURRENT, groups, thriftRoleSet); - if ((authorizable != null)&&(authorizable.length > 0)) { + if (authorizable != null && authorizable.length > 0) { TSentryAuthorizable tSentryAuthorizable = setupSentryAuthorizable(Lists .newArrayList(authorizable)); request.setAuthorizableHierarchy(tSentryAuthorizable); http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/95b1e40e/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/thrift/SentryPolicyStoreProcessor.java ---------------------------------------------------------------------- diff --git a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/thrift/SentryPolicyStoreProcessor.java b/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/thrift/SentryPolicyStoreProcessor.java index 4f8c834..82bfca5 100644 --- a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/thrift/SentryPolicyStoreProcessor.java +++ b/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/thrift/SentryPolicyStoreProcessor.java @@ -130,7 +130,7 @@ public class SentryPolicyStoreProcessor implements SentryPolicyService.Iface { sentryMetrics.addSentryStoreGauges(sentryStore); String sentryReporting = conf.get(ServerConfig.SENTRY_REPORTER); - if( sentryReporting != null) { + if (sentryReporting != null) { SentryMetrics.Reporting reporting; try { reporting = SentryMetrics.Reporting.valueOf(sentryReporting.toUpperCase()); @@ -151,6 +151,7 @@ public class SentryPolicyStoreProcessor implements SentryPolicyService.Iface { try { haContext.getCuratorFramework().close(); } catch (Exception e) { + LOGGER.warn("Error in stopping processor", e); } } } @@ -206,7 +207,8 @@ public class SentryPolicyStoreProcessor implements SentryPolicyService.Iface { requestorGroups = toTrimedLower(requestorGroups); if (Sets.intersection(adminGroups, requestorGroups).isEmpty()) { return false; - } else return true; + } + return true; } private void authorize(String requestorUser, Set<String> requestorGroups) throws SentryAccessDeniedException { @@ -650,19 +652,18 @@ public class SentryPolicyStoreProcessor implements SentryPolicyService.Iface { Set<String> privilegesForProvider = sentryStore.listSentryPrivilegesForProvider( request.getGroups(), request.getRoleSet(), request.getAuthorizableHierarchy()); response.setPrivileges(privilegesForProvider); - if (((privilegesForProvider == null)||(privilegesForProvider.size() == 0))&&(request.getAuthorizableHierarchy() != null)) { - if (sentryStore.hasAnyServerPrivileges( - request.getGroups(), request.getRoleSet(), request.getAuthorizableHierarchy().getServer())) { - - // REQUIRED for ensuring 'default' Db is accessible by any user - // with privileges to atleast 1 object with the specific server as root - - // Need some way to specify that even though user has no privilege - // For the specific AuthorizableHierarchy.. he has privilege on - // atleast 1 object in the server hierarchy - HashSet<String> serverPriv = Sets.newHashSet("server=+"); - response.setPrivileges(serverPriv); - } + if (privilegesForProvider == null || privilegesForProvider.size() == 0 && request.getAuthorizableHierarchy() != null + && sentryStore.hasAnyServerPrivileges( + request.getGroups(), request.getRoleSet(), request.getAuthorizableHierarchy().getServer())) { + + // REQUIRED for ensuring 'default' Db is accessible by any user + // with privileges to atleast 1 object with the specific server as root + + // Need some way to specify that even though user has no privilege + // For the specific AuthorizableHierarchy.. he has privilege on + // atleast 1 object in the server hierarchy + HashSet<String> serverPriv = Sets.newHashSet("server=+"); + response.setPrivileges(serverPriv); } response.setStatus(Status.OK()); } catch (SentryThriftAPIMismatchException e) { http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/95b1e40e/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/thrift/SentryWebServer.java ---------------------------------------------------------------------- diff --git a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/thrift/SentryWebServer.java b/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/thrift/SentryWebServer.java index 43f28ea..fdb99ce 100644 --- a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/thrift/SentryWebServer.java +++ b/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/thrift/SentryWebServer.java @@ -116,7 +116,7 @@ public class SentryWebServer { Preconditions.checkArgument(keytabFile.length() != 0, "Keytab File is not right."); try { UserGroupInformation.setConfiguration(conf); - String hostPrincipal = SecurityUtil.getServerPrincipal(principal, "0.0.0.0"); + String hostPrincipal = SecurityUtil.getServerPrincipal(principal, ServerConfig.RPC_ADDRESS_DEFAULT); UserGroupInformation.loginUserFromKeytab(hostPrincipal, keytabFile); } catch (IOException ex) { throw new IllegalArgumentException("Can't use Kerberos authentication, principal [" http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/95b1e40e/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/tools/SentrySchemaHelper.java ---------------------------------------------------------------------- diff --git a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/tools/SentrySchemaHelper.java b/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/tools/SentrySchemaHelper.java index e3e04f1..e5768c6 100644 --- a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/tools/SentrySchemaHelper.java +++ b/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/tools/SentrySchemaHelper.java @@ -34,58 +34,58 @@ public class SentrySchemaHelper { COMMENT } - static final String DEFAUTL_DELIMITER = ";"; + String DEFAUTL_DELIMITER = ";"; /*** * Find the type of given command * @param dbCommand * @return */ - public boolean isPartialCommand(String dbCommand) throws IllegalArgumentException; + boolean isPartialCommand(String dbCommand) throws IllegalArgumentException; /** Parse the DB specific nesting format and extract the inner script name if any * @param dbCommand command from parent script * @return * @throws IllegalFormatException */ - public String getScriptName(String dbCommand) throws IllegalArgumentException; + String getScriptName(String dbCommand) throws IllegalArgumentException; /*** * Find if the given command is a nested script execution * @param dbCommand * @return */ - public boolean isNestedScript(String dbCommand); + boolean isNestedScript(String dbCommand); /*** * Find if the given command is should be passed to DB * @param dbCommand * @return */ - public boolean isNonExecCommand(String dbCommand); + boolean isNonExecCommand(String dbCommand); /*** * Get the SQL statement delimiter * @return */ - public String getDelimiter(); + String getDelimiter(); /*** * Clear any client specific tags * @return */ - public String cleanseCommand(String dbCommand); + String cleanseCommand(String dbCommand); /*** * Does the DB required table/column names quoted * @return */ - public boolean needsQuotedIdentifier(); + boolean needsQuotedIdentifier(); /*** * Set DB specific options if any * @param dbOps */ - public void setDbOpts(String dbOps); + void setDbOpts(String dbOps); } @@ -112,7 +112,7 @@ public class SentrySchemaHelper { @Override public boolean isNonExecCommand(String dbCommand) { - return (dbCommand.startsWith("--") || dbCommand.startsWith("#")); + return dbCommand.startsWith("--") || dbCommand.startsWith("#"); } @Override @@ -214,7 +214,7 @@ public class SentrySchemaHelper { @Override public boolean isNonExecCommand(String dbCommand) { return super.isNonExecCommand(dbCommand) || - (dbCommand.startsWith("/*") && dbCommand.endsWith("*/")) || + dbCommand.startsWith("/*") && dbCommand.endsWith("*/") || dbCommand.startsWith(DELIMITER_TOKEN); } @@ -255,10 +255,9 @@ public class SentrySchemaHelper { @Override public boolean isNonExecCommand(String dbCommand) { // Skip "standard_conforming_strings" command which is not supported in older postgres - if (POSTGRES_SKIP_STANDARD_STRING.equalsIgnoreCase(getDbOpts())) { - if (dbCommand.startsWith(POSTGRES_STRING_COMMAND_FILTER) || dbCommand.startsWith(POSTGRES_STRING_CLIENT_ENCODING)) { - return true; - } + if (POSTGRES_SKIP_STANDARD_STRING.equalsIgnoreCase(getDbOpts()) + && (dbCommand.startsWith(POSTGRES_STRING_COMMAND_FILTER) || dbCommand.startsWith(POSTGRES_STRING_CLIENT_ENCODING))) { + return true; } return super.isNonExecCommand(dbCommand); } http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/95b1e40e/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/tools/SentrySchemaTool.java ---------------------------------------------------------------------- diff --git a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/tools/SentrySchemaTool.java b/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/tools/SentrySchemaTool.java index 11b2ed2..d974d7b 100644 --- a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/tools/SentrySchemaTool.java +++ b/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/tools/SentrySchemaTool.java @@ -204,7 +204,7 @@ public class SentrySchemaTool { System.out.println("Sentry store Connection Driver :\t " + driver); System.out.println("Sentry store connection User:\t " + userName); } - if ((userName == null) || userName.isEmpty()) { + if (userName == null || userName.isEmpty()) { throw new SentryUserException("UserName empty "); } try { @@ -519,11 +519,11 @@ public class SentrySchemaTool { if (line.hasOption("dbType")) { dbType = line.getOptionValue("dbType"); - if ((!dbType.equalsIgnoreCase(SentrySchemaHelper.DB_DERBY) + if (!dbType.equalsIgnoreCase(SentrySchemaHelper.DB_DERBY) && !dbType.equalsIgnoreCase(SentrySchemaHelper.DB_MYSQL) && !dbType.equalsIgnoreCase(SentrySchemaHelper.DB_POSTGRACE) && !dbType.equalsIgnoreCase(SentrySchemaHelper.DB_ORACLE) - && !dbType.equalsIgnoreCase(SentrySchemaHelper.DB_DB2))) { + && !dbType.equalsIgnoreCase(SentrySchemaHelper.DB_DB2)) { System.err.println("Unsupported dbType " + dbType); printAndExit(cmdLineOptions); } http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/95b1e40e/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/tools/command/hive/Command.java ---------------------------------------------------------------------- diff --git a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/tools/command/hive/Command.java b/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/tools/command/hive/Command.java index ae9809a..79aed49 100644 --- a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/tools/command/hive/Command.java +++ b/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/tools/command/hive/Command.java @@ -23,5 +23,5 @@ import org.apache.sentry.provider.db.service.thrift.SentryPolicyServiceClient; * The interface for all admin commands, eg, CreateRoleCmd. */ public interface Command { - abstract void execute(SentryPolicyServiceClient client, String requestorName) throws Exception; + void execute(SentryPolicyServiceClient client, String requestorName) throws Exception; } http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/95b1e40e/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/tools/command/hive/CommandUtil.java ---------------------------------------------------------------------- diff --git a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/tools/command/hive/CommandUtil.java b/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/tools/command/hive/CommandUtil.java index 0a73d9f..ffccec2 100644 --- a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/tools/command/hive/CommandUtil.java +++ b/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/tools/command/hive/CommandUtil.java @@ -104,11 +104,10 @@ public class CommandUtil { || StringUtils.isEmpty(tableName)) { throw new IllegalArgumentException("The hierarchy of privilege is not correct."); } - } else if (ServiceConstants.PrivilegeScope.COLUMN.toString().equals(tSentryPrivilege.getPrivilegeScope())) { - if (StringUtils.isEmpty(serverName) || StringUtils.isEmpty(dbName) - || StringUtils.isEmpty(tableName) || StringUtils.isEmpty(columnName)) { + } else if (ServiceConstants.PrivilegeScope.COLUMN.toString().equals(tSentryPrivilege.getPrivilegeScope()) + && (StringUtils.isEmpty(serverName) || StringUtils.isEmpty(dbName) + || StringUtils.isEmpty(tableName) || StringUtils.isEmpty(columnName))) { throw new IllegalArgumentException("The hierarchy of privilege is not correct."); - } } } } http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/95b1e40e/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/service/thrift/HAClientInvocationHandler.java ---------------------------------------------------------------------- diff --git a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/service/thrift/HAClientInvocationHandler.java b/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/service/thrift/HAClientInvocationHandler.java index 377e934..a58fa41 100644 --- a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/service/thrift/HAClientInvocationHandler.java +++ b/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/service/thrift/HAClientInvocationHandler.java @@ -57,36 +57,34 @@ public class HAClientInvocationHandler extends SentryClientInvocationHandler { public Object invokeImpl(Object proxy, Method method, Object[] args) throws SentryUserException { Object result = null; - while (true) { - try { - if (!method.isAccessible()) { - method.setAccessible(true); - } - // The client is initialized in the first call instead of constructor. - // This way we can propagate the connection exception to caller cleanly - if (client == null) { - renewSentryClient(); - } - result = method.invoke(client, args); - } catch (IllegalAccessException e) { - throw new SentryUserException(e.getMessage(), e.getCause()); - } catch (InvocationTargetException e) { - if (e.getTargetException() instanceof SentryUserException) { - throw (SentryUserException)e.getTargetException(); - } else { - LOGGER.warn(THRIFT_EXCEPTION_MESSAGE + ": Error in connect current" + - " service, will retry other service.", e); - if (client != null) { - client.close(); - client = null; - } + try { + if (!method.isAccessible()) { + method.setAccessible(true); + } + // The client is initialized in the first call instead of constructor. + // This way we can propagate the connection exception to caller cleanly + if (client == null) { + renewSentryClient(); + } + result = method.invoke(client, args); + } catch (IllegalAccessException e) { + throw new SentryUserException(e.getMessage(), e.getCause()); + } catch (InvocationTargetException e) { + if (e.getTargetException() instanceof SentryUserException) { + throw (SentryUserException)e.getTargetException(); + } else { + LOGGER.warn(THRIFT_EXCEPTION_MESSAGE + ": Error in connect current" + + " service, will retry other service.", e); + if (client != null) { + client.close(); + client = null; } - } catch (IOException e1) { - throw new SentryUserException("Error connecting to sentry service " - + e1.getMessage(), e1); } - return result; + } catch (IOException e1) { + throw new SentryUserException("Error connecting to sentry service " + + e1.getMessage(), e1); } + return result; } // Retrieve the new connection endpoint from ZK and connect to new server http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/95b1e40e/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/service/thrift/PoolClientInvocationHandler.java ---------------------------------------------------------------------- diff --git a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/service/thrift/PoolClientInvocationHandler.java b/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/service/thrift/PoolClientInvocationHandler.java index 1e7a789..b4056e9 100644 --- a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/service/thrift/PoolClientInvocationHandler.java +++ b/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/service/thrift/PoolClientInvocationHandler.java @@ -67,7 +67,7 @@ public class PoolClientInvocationHandler extends SentryClientInvocationHandler { while (retryCount < connectionRetryTotal) { try { // The wapper here is for the retry of thrift call, the default retry number is 3. - result = invokeFromPool(proxy, method, args); + result = invokeFromPool(method, args); break; } catch (TTransportException e) { // TTransportException means there has connection problem, create a new connection and try @@ -89,7 +89,7 @@ public class PoolClientInvocationHandler extends SentryClientInvocationHandler { return result; } - private Object invokeFromPool(Object proxy, Method method, Object[] args) throws Exception { + private Object invokeFromPool(Method method, Object[] args) throws Exception { Object result = null; SentryPolicyServiceClient client; try { http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/95b1e40e/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/service/thrift/ServiceConstants.java ---------------------------------------------------------------------- diff --git a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/service/thrift/ServiceConstants.java b/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/service/thrift/ServiceConstants.java index 5847cb5..32d813c 100644 --- a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/service/thrift/ServiceConstants.java +++ b/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/service/thrift/ServiceConstants.java @@ -62,7 +62,7 @@ public class ServiceConstants { public static final String RPC_PORT = "sentry.service.server.rpc-port"; public static final int RPC_PORT_DEFAULT = 8038; public static final String RPC_ADDRESS = "sentry.service.server.rpc-address"; - public static final String RPC_ADDRESS_DEFAULT = "0.0.0.0"; + public static final String RPC_ADDRESS_DEFAULT = "0.0.0.0"; //NOPMD public static final String RPC_MAX_THREADS = "sentry.service.server-max-threads"; public static final int RPC_MAX_THREADS_DEFAULT = 500; public static final String RPC_MIN_THREADS = "sentry.service.server-min-threads"; http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/95b1e40e/sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/provider/db/service/persistent/TestSentryStoreToAuthorizable.java ---------------------------------------------------------------------- diff --git a/sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/provider/db/service/persistent/TestSentryStoreToAuthorizable.java b/sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/provider/db/service/persistent/TestSentryStoreToAuthorizable.java index 922cbc2..ba1d923 100644 --- a/sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/provider/db/service/persistent/TestSentryStoreToAuthorizable.java +++ b/sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/provider/db/service/persistent/TestSentryStoreToAuthorizable.java @@ -30,10 +30,10 @@ public class TestSentryStoreToAuthorizable { @Test public void testServer() { - privilege = new MSentryPrivilege(null, null, "server1", null, null, null, null, null); + privilege = new MSentryPrivilege(null, "server1", null, null, null, null, null); assertEquals("server=server1", SentryStore.toAuthorizable(privilege)); - privilege = new MSentryPrivilege(null, null, "server1", null, null, null, null, + privilege = new MSentryPrivilege(null, "server1", null, null, null, null, AccessConstants.ALL); assertEquals("server=server1", SentryStore.toAuthorizable(privilege)); @@ -41,18 +41,18 @@ public class TestSentryStoreToAuthorizable { @Test public void testTable() { - privilege = new MSentryPrivilege(null, null, "server1", "db1", "tbl1", null, null, null); + privilege = new MSentryPrivilege(null, "server1", "db1", "tbl1", null, null, null); assertEquals("server=server1->db=db1->table=tbl1", SentryStore.toAuthorizable(privilege)); - privilege = new MSentryPrivilege(null, null, "server1", "db1", "tbl1", null, null, + privilege = new MSentryPrivilege(null, "server1", "db1", "tbl1", null, null, AccessConstants.INSERT); assertEquals("server=server1->db=db1->table=tbl1->action=insert", SentryStore.toAuthorizable(privilege)); - privilege = new MSentryPrivilege(null, null, "server1", "db1", "tbl1", null, null, + privilege = new MSentryPrivilege(null, "server1", "db1", "tbl1", null, null, AccessConstants.SELECT); assertEquals("server=server1->db=db1->table=tbl1->action=select", SentryStore.toAuthorizable(privilege)); - privilege = new MSentryPrivilege(null, null, "server1", "db1", "tbl1", null, null, + privilege = new MSentryPrivilege(null, "server1", "db1", "tbl1", null, null, AccessConstants.ALL); assertEquals("server=server1->db=db1->table=tbl1", SentryStore.toAuthorizable(privilege)); @@ -60,10 +60,10 @@ public class TestSentryStoreToAuthorizable { @Test public void testDb() { - privilege = new MSentryPrivilege(null, null, "server1", "db1", null, null, null, null); + privilege = new MSentryPrivilege(null, "server1", "db1", null, null, null, null); assertEquals("server=server1->db=db1", SentryStore.toAuthorizable(privilege)); - privilege = new MSentryPrivilege(null, null, "server1", "db1", null, null, null, + privilege = new MSentryPrivilege(null, "server1", "db1", null, null, null, AccessConstants.ALL); assertEquals("server=server1->db=db1", SentryStore.toAuthorizable(privilege)); @@ -71,14 +71,14 @@ public class TestSentryStoreToAuthorizable { @Test public void testUri() { - privilege = new MSentryPrivilege(null, null, "server1", null, null, null, "file:///", null); + privilege = new MSentryPrivilege(null, "server1", null, null, null, "file:///", null); assertEquals("server=server1->uri=file:///", SentryStore.toAuthorizable(privilege)); - privilege = new MSentryPrivilege(null, null, "server1", null, null, null, "file:///", + privilege = new MSentryPrivilege(null, "server1", null, null, null, "file:///", AccessConstants.SELECT); assertEquals("server=server1->uri=file:///->action=select", SentryStore.toAuthorizable(privilege)); - privilege = new MSentryPrivilege(null, null, "server1", null, null, null, "file:///", + privilege = new MSentryPrivilege(null, "server1", null, null, null, "file:///", AccessConstants.ALL); assertEquals("server=server1->uri=file:///", SentryStore.toAuthorizable(privilege)); http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/95b1e40e/sentry-provider/sentry-provider-file/src/main/java/org/apache/sentry/provider/file/PolicyFiles.java ---------------------------------------------------------------------- diff --git a/sentry-provider/sentry-provider-file/src/main/java/org/apache/sentry/provider/file/PolicyFiles.java b/sentry-provider/sentry-provider-file/src/main/java/org/apache/sentry/provider/file/PolicyFiles.java index 4e5d4b9..d537e3b 100644 --- a/sentry-provider/sentry-provider-file/src/main/java/org/apache/sentry/provider/file/PolicyFiles.java +++ b/sentry-provider/sentry-provider-file/src/main/java/org/apache/sentry/provider/file/PolicyFiles.java @@ -74,7 +74,6 @@ public class PolicyFiles { InputStream inputStream = null; try { LOGGER.debug("Opening " + path); - String dfsUri = fileSystem.getDefaultUri(fileSystem.getConf()).toString(); inputStream = fileSystem.open(path); Ini ini = new Ini(); ini.load(inputStream);
