http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/95b1e40e/sentry-hdfs/sentry-hdfs-common/src/test/java/org/apache/sentry/hdfs/TestKrbConnectionTimeout.java ---------------------------------------------------------------------- diff --git a/sentry-hdfs/sentry-hdfs-common/src/test/java/org/apache/sentry/hdfs/TestKrbConnectionTimeout.java b/sentry-hdfs/sentry-hdfs-common/src/test/java/org/apache/sentry/hdfs/TestKrbConnectionTimeout.java index 2db72b1..968d29c 100644 --- a/sentry-hdfs/sentry-hdfs-common/src/test/java/org/apache/sentry/hdfs/TestKrbConnectionTimeout.java +++ b/sentry-hdfs/sentry-hdfs-common/src/test/java/org/apache/sentry/hdfs/TestKrbConnectionTimeout.java @@ -17,16 +17,7 @@ */ package org.apache.sentry.hdfs; -import static org.junit.Assert.*; - -import java.security.PrivilegedExceptionAction; - -import javax.security.auth.Subject; - import org.apache.hadoop.minikdc.MiniKdc; -import org.apache.hadoop.security.UserGroupInformation; -import org.apache.sentry.service.thrift.ServiceConstants.ClientConfig; -import org.apache.sentry.service.thrift.ServiceConstants.ServerConfig; import org.junit.Assume; import org.junit.Before; import org.junit.BeforeClass;
http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/95b1e40e/sentry-hdfs/sentry-hdfs-namenode-plugin/src/main/java/org/apache/hadoop/hdfs/server/namenode/AuthorizationProvider.java ---------------------------------------------------------------------- diff --git a/sentry-hdfs/sentry-hdfs-namenode-plugin/src/main/java/org/apache/hadoop/hdfs/server/namenode/AuthorizationProvider.java b/sentry-hdfs/sentry-hdfs-namenode-plugin/src/main/java/org/apache/hadoop/hdfs/server/namenode/AuthorizationProvider.java index db3d413..114dbb0 100644 --- a/sentry-hdfs/sentry-hdfs-namenode-plugin/src/main/java/org/apache/hadoop/hdfs/server/namenode/AuthorizationProvider.java +++ b/sentry-hdfs/sentry-hdfs-namenode-plugin/src/main/java/org/apache/hadoop/hdfs/server/namenode/AuthorizationProvider.java @@ -109,27 +109,27 @@ public abstract class AuthorizationProvider { * * @return the inode unique ID. */ - public long getId(); + long getId(); /** * Return the inode path element name. This value may change. * @return the inode path element name. */ - public String getLocalName(); + String getLocalName(); /** * Return the parent inode. This value may change. * * @return the parent inode. */ - public INodeAuthorizationInfo getParent(); + INodeAuthorizationInfo getParent(); /** * Return the inode full path. This value may change. * * @return the inode full path */ - public String getFullPathName(); + String getFullPathName(); /** * Return if the inode is a directory or not. @@ -137,7 +137,7 @@ public abstract class AuthorizationProvider { * @return <code>TRUE</code> if the inode is a directory, * <code>FALSE</code> otherwise. */ - public boolean isDirectory(); + boolean isDirectory(); /** * Return the inode user for the specified snapshot. @@ -146,7 +146,7 @@ public abstract class AuthorizationProvider { * value. * @return the inode user for the specified snapshot. */ - public String getUserName(int snapshotId); + String getUserName(int snapshotId); /** * Return the inode group for the specified snapshot. @@ -155,7 +155,7 @@ public abstract class AuthorizationProvider { * value. * @return the inode group for the specified snapshot. */ - public String getGroupName(int snapshotId); + String getGroupName(int snapshotId); /** * Return the inode permission for the specified snapshot. @@ -164,7 +164,7 @@ public abstract class AuthorizationProvider { * value. * @return the inode permission for the specified snapshot. */ - public FsPermission getFsPermission(int snapshotId); + FsPermission getFsPermission(int snapshotId); /** * Return the inode ACL feature for the specified snapshot. @@ -173,8 +173,8 @@ public abstract class AuthorizationProvider { * value. * @return the inode ACL feature for the specified snapshot. */ - public AclFeature getAclFeature(int snapshotId); - + AclFeature getAclFeature(int snapshotId); + } /** http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/95b1e40e/sentry-hdfs/sentry-hdfs-namenode-plugin/src/main/java/org/apache/sentry/hdfs/SentryAuthorizationConstants.java ---------------------------------------------------------------------- diff --git a/sentry-hdfs/sentry-hdfs-namenode-plugin/src/main/java/org/apache/sentry/hdfs/SentryAuthorizationConstants.java b/sentry-hdfs/sentry-hdfs-namenode-plugin/src/main/java/org/apache/sentry/hdfs/SentryAuthorizationConstants.java index 25fd71c..ea1514c 100644 --- a/sentry-hdfs/sentry-hdfs-namenode-plugin/src/main/java/org/apache/sentry/hdfs/SentryAuthorizationConstants.java +++ b/sentry-hdfs/sentry-hdfs-namenode-plugin/src/main/java/org/apache/sentry/hdfs/SentryAuthorizationConstants.java @@ -31,7 +31,7 @@ public class SentryAuthorizationConstants { public static final String HDFS_PERMISSION_KEY = CONFIG_PREFIX + "hdfs-permission"; - public static final long HDFS_PERMISSION_DEFAULT = 0771; + public static final long HDFS_PERMISSION_DEFAULT = 771; public static final String HDFS_PATH_PREFIXES_KEY = CONFIG_PREFIX + "hdfs-path-prefixes"; http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/95b1e40e/sentry-hdfs/sentry-hdfs-namenode-plugin/src/main/java/org/apache/sentry/hdfs/SentryAuthorizationInfo.java ---------------------------------------------------------------------- diff --git a/sentry-hdfs/sentry-hdfs-namenode-plugin/src/main/java/org/apache/sentry/hdfs/SentryAuthorizationInfo.java b/sentry-hdfs/sentry-hdfs-namenode-plugin/src/main/java/org/apache/sentry/hdfs/SentryAuthorizationInfo.java index def34a4..c2416c1 100644 --- a/sentry-hdfs/sentry-hdfs-namenode-plugin/src/main/java/org/apache/sentry/hdfs/SentryAuthorizationInfo.java +++ b/sentry-hdfs/sentry-hdfs-namenode-plugin/src/main/java/org/apache/sentry/hdfs/SentryAuthorizationInfo.java @@ -35,7 +35,6 @@ import org.slf4j.LoggerFactory; import com.google.common.annotations.VisibleForTesting; import com.google.common.base.Preconditions; -import com.google.common.collect.Lists; public class SentryAuthorizationInfo implements Runnable { private static Logger LOG = @@ -134,7 +133,7 @@ public class SentryAuthorizationInfo implements Runnable { updates.getPermUpdates(), authzPermissions); // If there were any FULL updates the returned instance would be // different - if ((newAuthzPaths != authzPaths)||(newAuthzPerms != authzPermissions)) { + if (newAuthzPaths != authzPaths || newAuthzPerms != authzPermissions) { lock.writeLock().lock(); try { LOG.debug("FULL Updated paths seq Num [old=" @@ -206,7 +205,7 @@ public class SentryAuthorizationInfo implements Runnable { } public void start() { - if ((authzPaths != null)||(authzPermissions != null)) { + if (authzPaths != null || authzPermissions != null) { boolean success = false; try { success = update(); http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/95b1e40e/sentry-hdfs/sentry-hdfs-namenode-plugin/src/main/java/org/apache/sentry/hdfs/SentryAuthorizationProvider.java ---------------------------------------------------------------------- diff --git a/sentry-hdfs/sentry-hdfs-namenode-plugin/src/main/java/org/apache/sentry/hdfs/SentryAuthorizationProvider.java b/sentry-hdfs/sentry-hdfs-namenode-plugin/src/main/java/org/apache/sentry/hdfs/SentryAuthorizationProvider.java index b7e94f3..4de130a 100644 --- a/sentry-hdfs/sentry-hdfs-namenode-plugin/src/main/java/org/apache/sentry/hdfs/SentryAuthorizationProvider.java +++ b/sentry-hdfs/sentry-hdfs-namenode-plugin/src/main/java/org/apache/sentry/hdfs/SentryAuthorizationProvider.java @@ -188,7 +188,7 @@ public class SentryAuthorizationProvider String[] paths; INodeAuthorizationInfo parent = node.getParent(); if (parent == null) { - paths = (idx > 0) ? new String[idx] : EMPTY_STRING_ARRAY; + paths = idx > 0 ? new String[idx] : EMPTY_STRING_ARRAY; } else { paths = getPathElements(parent, idx + 1); paths[paths.length - 1 - idx] = node.getLocalName(); http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/95b1e40e/sentry-hdfs/sentry-hdfs-namenode-plugin/src/main/java/org/apache/sentry/hdfs/SentryPermissions.java ---------------------------------------------------------------------- diff --git a/sentry-hdfs/sentry-hdfs-namenode-plugin/src/main/java/org/apache/sentry/hdfs/SentryPermissions.java b/sentry-hdfs/sentry-hdfs-namenode-plugin/src/main/java/org/apache/sentry/hdfs/SentryPermissions.java index daa87cf..c61736f 100644 --- a/sentry-hdfs/sentry-hdfs-namenode-plugin/src/main/java/org/apache/sentry/hdfs/SentryPermissions.java +++ b/sentry-hdfs/sentry-hdfs-namenode-plugin/src/main/java/org/apache/sentry/hdfs/SentryPermissions.java @@ -143,8 +143,8 @@ public class SentryPermissions implements AuthzPermissions { builder.setType(AclEntryType.GROUP); builder.setScope(AclEntryScope.ACCESS); FsAction action = groupPerm.getValue(); - if ((action == FsAction.READ) || (action == FsAction.WRITE) - || (action == FsAction.READ_WRITE)) { + if (action == FsAction.READ || action == FsAction.WRITE + || action == FsAction.READ_WRITE) { action = action.or(FsAction.EXECUTE); } builder.setPermission(action); http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/95b1e40e/sentry-hdfs/sentry-hdfs-namenode-plugin/src/main/java/org/apache/sentry/hdfs/SentryUpdater.java ---------------------------------------------------------------------- diff --git a/sentry-hdfs/sentry-hdfs-namenode-plugin/src/main/java/org/apache/sentry/hdfs/SentryUpdater.java b/sentry-hdfs/sentry-hdfs-namenode-plugin/src/main/java/org/apache/sentry/hdfs/SentryUpdater.java index 422554e..88be3f5 100644 --- a/sentry-hdfs/sentry-hdfs-namenode-plugin/src/main/java/org/apache/sentry/hdfs/SentryUpdater.java +++ b/sentry-hdfs/sentry-hdfs-namenode-plugin/src/main/java/org/apache/sentry/hdfs/SentryUpdater.java @@ -18,7 +18,6 @@ package org.apache.sentry.hdfs; import org.apache.hadoop.conf.Configuration; -import org.apache.sentry.hdfs.SentryAuthzUpdate; import org.slf4j.Logger; import org.slf4j.LoggerFactory; http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/95b1e40e/sentry-hdfs/sentry-hdfs-namenode-plugin/src/main/java/org/apache/sentry/hdfs/UpdateableAuthzPermissions.java ---------------------------------------------------------------------- diff --git a/sentry-hdfs/sentry-hdfs-namenode-plugin/src/main/java/org/apache/sentry/hdfs/UpdateableAuthzPermissions.java b/sentry-hdfs/sentry-hdfs-namenode-plugin/src/main/java/org/apache/sentry/hdfs/UpdateableAuthzPermissions.java index aa78360..33581b7 100644 --- a/sentry-hdfs/sentry-hdfs-namenode-plugin/src/main/java/org/apache/sentry/hdfs/UpdateableAuthzPermissions.java +++ b/sentry-hdfs/sentry-hdfs-namenode-plugin/src/main/java/org/apache/sentry/hdfs/UpdateableAuthzPermissions.java @@ -17,7 +17,6 @@ */ package org.apache.sentry.hdfs; -import java.util.Collection; import java.util.HashMap; import java.util.LinkedList; import java.util.List; http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/95b1e40e/sentry-hdfs/sentry-hdfs-service/src/main/java/org/apache/sentry/hdfs/MetastoreCacheInitializer.java ---------------------------------------------------------------------- diff --git a/sentry-hdfs/sentry-hdfs-service/src/main/java/org/apache/sentry/hdfs/MetastoreCacheInitializer.java b/sentry-hdfs/sentry-hdfs-service/src/main/java/org/apache/sentry/hdfs/MetastoreCacheInitializer.java index 4349c6e..cdf1c59 100644 --- a/sentry-hdfs/sentry-hdfs-service/src/main/java/org/apache/sentry/hdfs/MetastoreCacheInitializer.java +++ b/sentry-hdfs/sentry-hdfs-service/src/main/java/org/apache/sentry/hdfs/MetastoreCacheInitializer.java @@ -22,7 +22,6 @@ import com.google.common.collect.Lists; import org.apache.hadoop.conf.Configuration; import org.apache.hadoop.hive.metastore.IHMSHandler; import org.apache.hadoop.hive.metastore.api.Database; -import org.apache.hadoop.hive.metastore.api.NoSuchObjectException; import org.apache.hadoop.hive.metastore.api.Partition; import org.apache.hadoop.hive.metastore.api.Table; import org.apache.sentry.hdfs.service.thrift.TPathChanges; @@ -66,20 +65,20 @@ class MetastoreCacheInitializer implements Closeable { * Class represents retry strategy for BaseTask. */ private class RetryStrategy { - private int maxRetries = 0; - private int waitDurationMillis; + private int retryStrategyMaxRetries = 0; + private int retryStrategyWaitDurationMillis; private int retries; private Exception exception; - private RetryStrategy(int maxRetries, int waitDurationMillis) { - this.maxRetries = maxRetries; + private RetryStrategy(int retryStrategyMaxRetries, int retryStrategyWaitDurationMillis) { + this.retryStrategyMaxRetries = retryStrategyMaxRetries; retries = 0; // Assign default wait duration if negative value is provided. - if (waitDurationMillis > 0) { - this.waitDurationMillis = waitDurationMillis; + if (retryStrategyWaitDurationMillis > 0) { + this.retryStrategyWaitDurationMillis = retryStrategyWaitDurationMillis; } else { - this.waitDurationMillis = 1000; + this.retryStrategyWaitDurationMillis = 1000; } } @@ -89,7 +88,7 @@ class MetastoreCacheInitializer implements Closeable { // synchronous waiting on getting the result. // Retry the failure task until reach the max retry number. // Wait configurable duration for next retry. - for (int i = 0; i < maxRetries; i++) { + for (int i = 0; i < retryStrategyMaxRetries; i++) { try { doTask(); @@ -99,16 +98,16 @@ class MetastoreCacheInitializer implements Closeable { return new CallResult(exception, true); } catch (Exception ex) { LOGGER.debug("Failed to execute task on " + (i + 1) + " attempts." + - " Sleeping for " + waitDurationMillis + " ms. Exception: " + ex.toString(), ex); + " Sleeping for " + retryStrategyWaitDurationMillis + " ms. Exception: " + ex.toString(), ex); exception = ex; try { - Thread.sleep(waitDurationMillis); + Thread.sleep(retryStrategyWaitDurationMillis); } catch (InterruptedException exception) { // Skip the rest retries if get InterruptedException. // And set the corresponding retries number. retries = i; - i = maxRetries; + i = retryStrategyMaxRetries; } } http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/95b1e40e/sentry-hdfs/sentry-hdfs-service/src/main/java/org/apache/sentry/hdfs/MetastorePlugin.java ---------------------------------------------------------------------- diff --git a/sentry-hdfs/sentry-hdfs-service/src/main/java/org/apache/sentry/hdfs/MetastorePlugin.java b/sentry-hdfs/sentry-hdfs-service/src/main/java/org/apache/sentry/hdfs/MetastorePlugin.java index f88295d..6e14c29 100644 --- a/sentry-hdfs/sentry-hdfs-service/src/main/java/org/apache/sentry/hdfs/MetastorePlugin.java +++ b/sentry-hdfs/sentry-hdfs-service/src/main/java/org/apache/sentry/hdfs/MetastorePlugin.java @@ -103,7 +103,7 @@ public class MetastorePlugin extends SentryMetastoreListenerPlugin { private volatile Throwable initError = null; private final Queue<PathsUpdate> updateQueue = new LinkedList<PathsUpdate>(); - private final ExecutorService threadPool; + private final ExecutorService threadPool; //NOPMD private final Configuration sentryConf; static class ProxyHMSHandler extends HMSHandler { @@ -166,7 +166,7 @@ public class MetastorePlugin extends SentryMetastoreListenerPlugin { "cache initialization is completed !!"); initUpdater.start(); } else { - initUpdater.run(); + initUpdater.run(); //NOPMD } try { sentryClient = SentryHDFSServiceClientFactory.create(sentryConf); http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/95b1e40e/sentry-hdfs/sentry-hdfs-service/src/main/java/org/apache/sentry/hdfs/PluginCacheSyncUtil.java ---------------------------------------------------------------------- diff --git a/sentry-hdfs/sentry-hdfs-service/src/main/java/org/apache/sentry/hdfs/PluginCacheSyncUtil.java b/sentry-hdfs/sentry-hdfs-service/src/main/java/org/apache/sentry/hdfs/PluginCacheSyncUtil.java index 5e2f98e..4ce16c7 100644 --- a/sentry-hdfs/sentry-hdfs-service/src/main/java/org/apache/sentry/hdfs/PluginCacheSyncUtil.java +++ b/sentry-hdfs/sentry-hdfs-service/src/main/java/org/apache/sentry/hdfs/PluginCacheSyncUtil.java @@ -175,7 +175,9 @@ public class PluginCacheSyncUtil { "Error releasing ZK lock for update cache syncup" + e, e); } timerContext.stop(); - if (failed) SentryHdfsMetricsUtil.getFailedCacheSyncToZK.inc(); + if (failed) { + SentryHdfsMetricsUtil.getFailedCacheSyncToZK.inc(); + } } } http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/95b1e40e/sentry-hdfs/sentry-hdfs-service/src/main/java/org/apache/sentry/hdfs/SentryPlugin.java ---------------------------------------------------------------------- diff --git a/sentry-hdfs/sentry-hdfs-service/src/main/java/org/apache/sentry/hdfs/SentryPlugin.java b/sentry-hdfs/sentry-hdfs-service/src/main/java/org/apache/sentry/hdfs/SentryPlugin.java index 647e8fc..f3926a2 100644 --- a/sentry-hdfs/sentry-hdfs-service/src/main/java/org/apache/sentry/hdfs/SentryPlugin.java +++ b/sentry-hdfs/sentry-hdfs-service/src/main/java/org/apache/sentry/hdfs/SentryPlugin.java @@ -28,12 +28,10 @@ import com.codahale.metrics.Timer; import org.apache.hadoop.conf.Configuration; import org.apache.sentry.hdfs.ServiceConstants.ServerConfig; import org.apache.sentry.hdfs.UpdateForwarder.ExternalImageRetriever; -import org.apache.sentry.hdfs.service.thrift.TPathChanges; import org.apache.sentry.hdfs.service.thrift.TPermissionsUpdate; import org.apache.sentry.hdfs.service.thrift.TPrivilegeChanges; import org.apache.sentry.hdfs.service.thrift.TRoleChanges; import org.apache.sentry.provider.db.SentryPolicyStorePlugin; -import org.apache.sentry.provider.db.SentryPolicyStorePlugin.SentryPluginException; import org.apache.sentry.provider.db.service.persistent.SentryStore; import org.apache.sentry.provider.db.service.thrift.TAlterSentryRoleAddGroupsRequest; import org.apache.sentry.provider.db.service.thrift.TAlterSentryRoleDeleteGroupsRequest; @@ -48,9 +46,6 @@ import org.apache.sentry.provider.db.service.thrift.TSentryPrivilege; import org.slf4j.Logger; import org.slf4j.LoggerFactory; -import com.google.common.base.Strings; -import com.google.common.collect.Lists; - public class SentryPlugin implements SentryPolicyStorePlugin { private static final Logger LOGGER = LoggerFactory.getLogger(SentryPlugin.class); http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/95b1e40e/sentry-hdfs/sentry-hdfs-service/src/main/java/org/apache/sentry/hdfs/UpdateForwarder.java ---------------------------------------------------------------------- diff --git a/sentry-hdfs/sentry-hdfs-service/src/main/java/org/apache/sentry/hdfs/UpdateForwarder.java b/sentry-hdfs/sentry-hdfs-service/src/main/java/org/apache/sentry/hdfs/UpdateForwarder.java index 22a436a..7387281 100644 --- a/sentry-hdfs/sentry-hdfs-service/src/main/java/org/apache/sentry/hdfs/UpdateForwarder.java +++ b/sentry-hdfs/sentry-hdfs-service/src/main/java/org/apache/sentry/hdfs/UpdateForwarder.java @@ -19,6 +19,7 @@ package org.apache.sentry.hdfs; import java.io.Closeable; import java.io.IOException; +import java.util.Collections; import java.util.Iterator; import java.util.LinkedList; import java.util.List; @@ -34,14 +35,12 @@ import org.apache.sentry.provider.db.service.persistent.HAContext; import org.slf4j.Logger; import org.slf4j.LoggerFactory; -import com.google.common.collect.Lists; - public class UpdateForwarder<K extends Updateable.Update> implements Updateable<K>, Closeable { - public static interface ExternalImageRetriever<K> { + interface ExternalImageRetriever<K> { - public K retrieveFullImage(long currSeqNum); + K retrieveFullImage(long currSeqNum); } @@ -77,9 +76,9 @@ public class UpdateForwarder<K extends Updateable.Update> implements ExternalImageRetriever<K> imageRetreiver, int maxUpdateLogSize) { this(conf, updateable, imageRetreiver, maxUpdateLogSize, INIT_UPDATE_RETRY_DELAY); } - public UpdateForwarder(Configuration conf, Updateable<K> updateable, + public UpdateForwarder(Configuration conf, Updateable<K> updateable, //NOPMD ExternalImageRetriever<K> imageRetreiver, int maxUpdateLogSize, - int initUpdateRetryDelay) { + int initUpdateRetryDelay) { this.maxUpdateLogSize = maxUpdateLogSize; this.imageRetreiver = imageRetreiver; if (imageRetreiver != null) { @@ -177,7 +176,7 @@ public class UpdateForwarder<K extends Updateable.Update> implements } else { if (editNotMissed) { // apply partial preUpdate - updateable.updatePartial(Lists.newArrayList(update), lock); + updateable.updatePartial(Collections.singletonList(update), lock); } else { // Retrieve full update from External Source and if (imageRetreiver != null) { @@ -197,7 +196,7 @@ public class UpdateForwarder<K extends Updateable.Update> implements synchronized (getUpdateLog()) { boolean logCompacted = false; if (getMaxUpdateLogSize() > 0) { - if (update.hasFullImage() || (getUpdateLog().size() == getMaxUpdateLogSize())) { + if (update.hasFullImage() || getUpdateLog().size() == getMaxUpdateLogSize()) { // Essentially a log compaction getUpdateLog().clear(); getUpdateLog().add(update.hasFullImage() ? update @@ -227,7 +226,7 @@ public class UpdateForwarder<K extends Updateable.Update> implements List<K> retVal = new LinkedList<K>(); synchronized (getUpdateLog()) { long currSeqNum = lastCommittedSeqNum.get(); - if (LOGGER.isDebugEnabled() && (updateable != null)) { + if (LOGGER.isDebugEnabled() && updateable != null) { LOGGER.debug("#### GetAllUpdatesFrom [" + "type=" + updateable.getClass() + ", " + "reqSeqNum=" + seqNum + ", " http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/95b1e40e/sentry-hdfs/sentry-hdfs-service/src/main/java/org/apache/sentry/hdfs/UpdateForwarderWithHA.java ---------------------------------------------------------------------- diff --git a/sentry-hdfs/sentry-hdfs-service/src/main/java/org/apache/sentry/hdfs/UpdateForwarderWithHA.java b/sentry-hdfs/sentry-hdfs-service/src/main/java/org/apache/sentry/hdfs/UpdateForwarderWithHA.java index 9a4e7bb..574627c 100644 --- a/sentry-hdfs/sentry-hdfs-service/src/main/java/org/apache/sentry/hdfs/UpdateForwarderWithHA.java +++ b/sentry-hdfs/sentry-hdfs-service/src/main/java/org/apache/sentry/hdfs/UpdateForwarderWithHA.java @@ -19,26 +19,16 @@ package org.apache.sentry.hdfs; import java.io.IOException; import java.util.LinkedList; -import java.util.concurrent.TimeUnit; import org.apache.curator.framework.CuratorFramework; -import org.apache.curator.framework.recipes.atomic.DistributedAtomicLong; -import org.apache.curator.framework.recipes.cache.PathChildrenCache; import org.apache.curator.framework.recipes.cache.PathChildrenCacheEvent; import org.apache.curator.framework.recipes.cache.PathChildrenCacheListener; -import org.apache.curator.framework.recipes.locks.InterProcessSemaphoreMutex; -import org.apache.curator.utils.ZKPaths; import org.apache.hadoop.conf.Configuration; -import org.apache.sentry.SentryUserException; import org.apache.sentry.hdfs.ServiceConstants.ServerConfig; -import org.apache.sentry.hdfs.UpdateForwarder; import org.apache.sentry.provider.db.SentryPolicyStorePlugin.SentryPluginException; -import org.apache.sentry.provider.db.service.persistent.HAContext; import org.slf4j.Logger; import org.slf4j.LoggerFactory; -import com.google.common.cache.Cache; - public class UpdateForwarderWithHA<K extends Updateable.Update> extends UpdateForwarder<K> implements Updateable<K> { private static final Logger LOGGER = LoggerFactory.getLogger(UpdateForwarderWithHA.class); http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/95b1e40e/sentry-hdfs/sentry-hdfs-service/src/main/java/org/apache/sentry/hdfs/UpdateablePermissions.java ---------------------------------------------------------------------- diff --git a/sentry-hdfs/sentry-hdfs-service/src/main/java/org/apache/sentry/hdfs/UpdateablePermissions.java b/sentry-hdfs/sentry-hdfs-service/src/main/java/org/apache/sentry/hdfs/UpdateablePermissions.java index 2fe81fd..3d756c9 100644 --- a/sentry-hdfs/sentry-hdfs-service/src/main/java/org/apache/sentry/hdfs/UpdateablePermissions.java +++ b/sentry-hdfs/sentry-hdfs-service/src/main/java/org/apache/sentry/hdfs/UpdateablePermissions.java @@ -20,8 +20,6 @@ package org.apache.sentry.hdfs; import java.util.concurrent.atomic.AtomicLong; import java.util.concurrent.locks.ReadWriteLock; -import org.apache.sentry.hdfs.PermissionsUpdate; -import org.apache.sentry.hdfs.Updateable; import org.apache.sentry.hdfs.UpdateForwarder.ExternalImageRetriever; public class UpdateablePermissions implements Updateable<PermissionsUpdate>{ http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/95b1e40e/sentry-hdfs/sentry-hdfs-service/src/test/java/org/apache/sentry/hdfs/TestHAUpdateForwarder.java ---------------------------------------------------------------------- diff --git a/sentry-hdfs/sentry-hdfs-service/src/test/java/org/apache/sentry/hdfs/TestHAUpdateForwarder.java b/sentry-hdfs/sentry-hdfs-service/src/test/java/org/apache/sentry/hdfs/TestHAUpdateForwarder.java index 40af05a..5246e05 100644 --- a/sentry-hdfs/sentry-hdfs-service/src/test/java/org/apache/sentry/hdfs/TestHAUpdateForwarder.java +++ b/sentry-hdfs/sentry-hdfs-service/src/test/java/org/apache/sentry/hdfs/TestHAUpdateForwarder.java @@ -19,7 +19,6 @@ package org.apache.sentry.hdfs; import static org.junit.Assert.assertEquals; -import java.io.IOException; import java.util.List; import org.apache.curator.test.TestingServer; @@ -28,7 +27,6 @@ import org.apache.sentry.provider.db.service.persistent.HAContext; import org.apache.sentry.service.thrift.ServiceConstants.ServerConfig; import org.junit.After; import org.junit.Before; -import org.junit.BeforeClass; import org.junit.Test; import com.google.common.collect.Lists; http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/95b1e40e/sentry-policy/sentry-policy-common/src/main/java/org/apache/sentry/policy/common/PolicyEngine.java ---------------------------------------------------------------------- diff --git a/sentry-policy/sentry-policy-common/src/main/java/org/apache/sentry/policy/common/PolicyEngine.java b/sentry-policy/sentry-policy-common/src/main/java/org/apache/sentry/policy/common/PolicyEngine.java index 38a5b65..bbb009c 100644 --- a/sentry-policy/sentry-policy-common/src/main/java/org/apache/sentry/policy/common/PolicyEngine.java +++ b/sentry-policy/sentry-policy-common/src/main/java/org/apache/sentry/policy/common/PolicyEngine.java @@ -17,7 +17,6 @@ package org.apache.sentry.policy.common; -import java.util.List; import java.util.Set; import javax.annotation.concurrent.ThreadSafe; @@ -39,7 +38,7 @@ public interface PolicyEngine { * This is typically a factory that returns a privilege used to evaluate wildcards. * @return the privilege factory */ - public PrivilegeFactory getPrivilegeFactory(); + PrivilegeFactory getPrivilegeFactory(); /** * Get privileges associated with a group. Returns Strings which can be resolved @@ -50,7 +49,7 @@ public interface PolicyEngine { * @param active role-set * @return non-null immutable set of privileges */ - public ImmutableSet<String> getAllPrivileges(Set<String> groups, ActiveRoleSet roleSet) + ImmutableSet<String> getAllPrivileges(Set<String> groups, ActiveRoleSet roleSet) throws SentryConfigurationException; /** @@ -63,10 +62,10 @@ public interface PolicyEngine { * @param authorizable Hierarchy (Can be null) * @return non-null immutable set of privileges */ - public ImmutableSet<String> getPrivileges(Set<String> groups, ActiveRoleSet roleSet, Authorizable... authorizableHierarchy) + ImmutableSet<String> getPrivileges(Set<String> groups, ActiveRoleSet roleSet, Authorizable... authorizableHierarchy) throws SentryConfigurationException; - public void close(); + void close(); - public void validatePolicy(boolean strictValidation) throws SentryConfigurationException; + void validatePolicy(boolean strictValidation) throws SentryConfigurationException; } http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/95b1e40e/sentry-policy/sentry-policy-common/src/main/java/org/apache/sentry/policy/common/Privilege.java ---------------------------------------------------------------------- diff --git a/sentry-policy/sentry-policy-common/src/main/java/org/apache/sentry/policy/common/Privilege.java b/sentry-policy/sentry-policy-common/src/main/java/org/apache/sentry/policy/common/Privilege.java index c7e1734..27d5afa 100644 --- a/sentry-policy/sentry-policy-common/src/main/java/org/apache/sentry/policy/common/Privilege.java +++ b/sentry-policy/sentry-policy-common/src/main/java/org/apache/sentry/policy/common/Privilege.java @@ -17,5 +17,5 @@ package org.apache.sentry.policy.common; public interface Privilege { - public boolean implies(Privilege p); + boolean implies(Privilege p); } http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/95b1e40e/sentry-policy/sentry-policy-common/src/main/java/org/apache/sentry/policy/common/PrivilegeValidator.java ---------------------------------------------------------------------- diff --git a/sentry-policy/sentry-policy-common/src/main/java/org/apache/sentry/policy/common/PrivilegeValidator.java b/sentry-policy/sentry-policy-common/src/main/java/org/apache/sentry/policy/common/PrivilegeValidator.java index 5548f04..36abdd4 100644 --- a/sentry-policy/sentry-policy-common/src/main/java/org/apache/sentry/policy/common/PrivilegeValidator.java +++ b/sentry-policy/sentry-policy-common/src/main/java/org/apache/sentry/policy/common/PrivilegeValidator.java @@ -20,5 +20,5 @@ import org.apache.shiro.config.ConfigurationException; public interface PrivilegeValidator { - public void validate(PrivilegeValidatorContext context) throws ConfigurationException; + void validate(PrivilegeValidatorContext context) throws ConfigurationException; } http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/95b1e40e/sentry-policy/sentry-policy-db/src/main/java/org/apache/sentry/policy/db/DBWildcardPrivilege.java ---------------------------------------------------------------------- diff --git a/sentry-policy/sentry-policy-db/src/main/java/org/apache/sentry/policy/db/DBWildcardPrivilege.java b/sentry-policy/sentry-policy-db/src/main/java/org/apache/sentry/policy/db/DBWildcardPrivilege.java index eb7350e..dfc2872 100644 --- a/sentry-policy/sentry-policy-db/src/main/java/org/apache/sentry/policy/db/DBWildcardPrivilege.java +++ b/sentry-policy/sentry-policy-db/src/main/java/org/apache/sentry/policy/db/DBWildcardPrivilege.java @@ -30,8 +30,6 @@ import org.apache.sentry.policy.common.Privilege; import org.apache.sentry.policy.common.PrivilegeFactory; import org.apache.sentry.provider.common.KeyValue; import org.apache.sentry.provider.common.ProviderConstants; -import org.slf4j.Logger; -import org.slf4j.LoggerFactory; import com.google.common.annotations.VisibleForTesting; import com.google.common.base.Preconditions; @@ -41,8 +39,6 @@ import com.google.common.collect.Lists; // XXX this class is made ugly by the fact that Action is not a Authorizable. public class DBWildcardPrivilege implements Privilege { - private static final Logger LOGGER = LoggerFactory - .getLogger(DBWildcardPrivilege.class); private final ImmutableList<KeyValue> parts; http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/95b1e40e/sentry-policy/sentry-policy-db/src/main/java/org/apache/sentry/policy/db/SimpleDBPolicyEngine.java ---------------------------------------------------------------------- diff --git a/sentry-policy/sentry-policy-db/src/main/java/org/apache/sentry/policy/db/SimpleDBPolicyEngine.java b/sentry-policy/sentry-policy-db/src/main/java/org/apache/sentry/policy/db/SimpleDBPolicyEngine.java index a03794e..b5b584f 100644 --- a/sentry-policy/sentry-policy-db/src/main/java/org/apache/sentry/policy/db/SimpleDBPolicyEngine.java +++ b/sentry-policy/sentry-policy-db/src/main/java/org/apache/sentry/policy/db/SimpleDBPolicyEngine.java @@ -16,7 +16,6 @@ */ package org.apache.sentry.policy.db; -import java.util.List; import java.util.Set; import org.apache.sentry.core.common.ActiveRoleSet; @@ -63,7 +62,7 @@ public class SimpleDBPolicyEngine implements PolicyEngine { @Override public ImmutableSet<String> getAllPrivileges(Set<String> groups, ActiveRoleSet roleSet) throws SentryConfigurationException { - return getPrivileges(groups, roleSet, null); + return getPrivileges(groups, roleSet); } /** http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/95b1e40e/sentry-policy/sentry-policy-search/src/test/java/org/apache/sentry/policy/search/TestSearchAuthorizationProviderGeneralCases.java ---------------------------------------------------------------------- diff --git a/sentry-policy/sentry-policy-search/src/test/java/org/apache/sentry/policy/search/TestSearchAuthorizationProviderGeneralCases.java b/sentry-policy/sentry-policy-search/src/test/java/org/apache/sentry/policy/search/TestSearchAuthorizationProviderGeneralCases.java index bdb1c96..52a9021 100644 --- a/sentry-policy/sentry-policy-search/src/test/java/org/apache/sentry/policy/search/TestSearchAuthorizationProviderGeneralCases.java +++ b/sentry-policy/sentry-policy-search/src/test/java/org/apache/sentry/policy/search/TestSearchAuthorizationProviderGeneralCases.java @@ -66,7 +66,6 @@ public class TestSearchAuthorizationProviderGeneralCases { private static final Collection COLL_TMP = new Collection("tmpcollection"); private static final Collection COLL_PURCHASES_PARTIAL = new Collection("purchases_partial"); - private static final SearchModelAction ALL = SearchModelAction.ALL; private static final SearchModelAction QUERY = SearchModelAction.QUERY; private static final SearchModelAction UPDATE = SearchModelAction.UPDATE; http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/95b1e40e/sentry-policy/sentry-policy-sqoop/src/main/java/org/apache/sentry/policy/sqoop/ServerNameRequiredMatch.java ---------------------------------------------------------------------- diff --git a/sentry-policy/sentry-policy-sqoop/src/main/java/org/apache/sentry/policy/sqoop/ServerNameRequiredMatch.java b/sentry-policy/sentry-policy-sqoop/src/main/java/org/apache/sentry/policy/sqoop/ServerNameRequiredMatch.java index 3a57dfc..bbbcedd 100644 --- a/sentry-policy/sentry-policy-sqoop/src/main/java/org/apache/sentry/policy/sqoop/ServerNameRequiredMatch.java +++ b/sentry-policy/sentry-policy-sqoop/src/main/java/org/apache/sentry/policy/sqoop/ServerNameRequiredMatch.java @@ -40,7 +40,7 @@ public class ServerNameRequiredMatch implements PrivilegeValidator { Iterable<SqoopAuthorizable> authorizables = parsePrivilege(context.getPrivilege()); boolean match = false; for (SqoopAuthorizable authorizable : authorizables) { - if ((authorizable instanceof Server) && authorizable.getName().equalsIgnoreCase(sqoopServerName)) { + if (authorizable instanceof Server && authorizable.getName().equalsIgnoreCase(sqoopServerName)) { match = true; break; } http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/95b1e40e/sentry-provider/sentry-provider-cache/src/main/java/org/apache/sentry/provider/cache/PrivilegeCache.java ---------------------------------------------------------------------- diff --git a/sentry-provider/sentry-provider-cache/src/main/java/org/apache/sentry/provider/cache/PrivilegeCache.java b/sentry-provider/sentry-provider-cache/src/main/java/org/apache/sentry/provider/cache/PrivilegeCache.java index 29c6c5c..811b931 100644 --- a/sentry-provider/sentry-provider-cache/src/main/java/org/apache/sentry/provider/cache/PrivilegeCache.java +++ b/sentry-provider/sentry-provider-cache/src/main/java/org/apache/sentry/provider/cache/PrivilegeCache.java @@ -26,8 +26,8 @@ public interface PrivilegeCache { * Get the privileges for the give set of groups with the give active roles * from the cache */ - public Set<String> listPrivileges(Set<String> groups, + Set<String> listPrivileges(Set<String> groups, ActiveRoleSet roleSet); - public void close(); + void close(); } http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/95b1e40e/sentry-provider/sentry-provider-cache/src/main/java/org/apache/sentry/provider/cache/SimpleCacheProviderBackend.java ---------------------------------------------------------------------- diff --git a/sentry-provider/sentry-provider-cache/src/main/java/org/apache/sentry/provider/cache/SimpleCacheProviderBackend.java b/sentry-provider/sentry-provider-cache/src/main/java/org/apache/sentry/provider/cache/SimpleCacheProviderBackend.java index 4b98447..73ed6c2 100644 --- a/sentry-provider/sentry-provider-cache/src/main/java/org/apache/sentry/provider/cache/SimpleCacheProviderBackend.java +++ b/sentry-provider/sentry-provider-cache/src/main/java/org/apache/sentry/provider/cache/SimpleCacheProviderBackend.java @@ -31,11 +31,9 @@ import com.google.common.collect.ImmutableSet; public class SimpleCacheProviderBackend implements ProviderBackend { private PrivilegeCache cacheHandle; - private Configuration conf; private boolean isInitialized = false; - public SimpleCacheProviderBackend(Configuration conf, String resourcePath) { - this.conf = conf; + public SimpleCacheProviderBackend(Configuration conf, String resourcePath) { //NOPMD } /** @@ -44,7 +42,9 @@ public class SimpleCacheProviderBackend implements ProviderBackend { */ @Override public void initialize(ProviderBackendContext context) { - if (isInitialized) return; + if (isInitialized) { + return; + } isInitialized = true; cacheHandle = (PrivilegeCache) context.getBindingHandle(); assert cacheHandle != null; http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/95b1e40e/sentry-provider/sentry-provider-common/src/main/java/org/apache/sentry/provider/common/AuthorizationProvider.java ---------------------------------------------------------------------- diff --git a/sentry-provider/sentry-provider-common/src/main/java/org/apache/sentry/provider/common/AuthorizationProvider.java b/sentry-provider/sentry-provider-common/src/main/java/org/apache/sentry/provider/common/AuthorizationProvider.java index fe54b42..7141e81 100644 --- a/sentry-provider/sentry-provider-common/src/main/java/org/apache/sentry/provider/common/AuthorizationProvider.java +++ b/sentry-provider/sentry-provider-common/src/main/java/org/apache/sentry/provider/common/AuthorizationProvider.java @@ -34,7 +34,7 @@ import org.apache.sentry.policy.common.PolicyEngine; @ThreadSafe public interface AuthorizationProvider { - public static String SENTRY_PROVIDER = "sentry.provider"; + String SENTRY_PROVIDER = "sentry.provider"; /*** * Returns validate subject privileges on given Authorizable object @@ -48,7 +48,7 @@ public interface AuthorizationProvider { * @return * True if the subject is authorized to perform requested action on the given object */ - public boolean hasAccess(Subject subject, List<? extends Authorizable> authorizableHierarchy, + boolean hasAccess(Subject subject, List<? extends Authorizable> authorizableHierarchy, Set<? extends Action> actions, ActiveRoleSet roleSet); /*** @@ -56,14 +56,14 @@ public interface AuthorizationProvider { * * @return GroupMappingService used by the AuthorizationProvider */ - public GroupMappingService getGroupMapping(); + GroupMappingService getGroupMapping(); /*** * Validate the policy file format for syntax and semantic errors * @param strictValidation * @throws SentryConfigurationException */ - public void validateResource(boolean strictValidation) throws SentryConfigurationException; + void validateResource(boolean strictValidation) throws SentryConfigurationException; /*** * Returns the list privileges for the given subject @@ -71,7 +71,7 @@ public interface AuthorizationProvider { * @return * @throws SentryConfigurationException */ - public Set<String> listPrivilegesForSubject(Subject subject) throws SentryConfigurationException; + Set<String> listPrivilegesForSubject(Subject subject) throws SentryConfigurationException; /** * Returns the list privileges for the given group @@ -79,21 +79,21 @@ public interface AuthorizationProvider { * @return * @throws SentryConfigurationException */ - public Set<String> listPrivilegesForGroup(String groupName) throws SentryConfigurationException; + Set<String> listPrivilegesForGroup(String groupName) throws SentryConfigurationException; /*** * Returns the list of missing privileges of the last access request * @return */ - public List<String> getLastFailedPrivileges(); + List<String> getLastFailedPrivileges(); /** * Frees any resources held by the the provider */ - public void close(); + void close(); /** * Get the policy engine */ - public PolicyEngine getPolicyEngine(); + PolicyEngine getPolicyEngine(); } http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/95b1e40e/sentry-provider/sentry-provider-common/src/main/java/org/apache/sentry/provider/common/GroupMappingService.java ---------------------------------------------------------------------- diff --git a/sentry-provider/sentry-provider-common/src/main/java/org/apache/sentry/provider/common/GroupMappingService.java b/sentry-provider/sentry-provider-common/src/main/java/org/apache/sentry/provider/common/GroupMappingService.java index 22371d1..7e85261 100644 --- a/sentry-provider/sentry-provider-common/src/main/java/org/apache/sentry/provider/common/GroupMappingService.java +++ b/sentry-provider/sentry-provider-common/src/main/java/org/apache/sentry/provider/common/GroupMappingService.java @@ -31,5 +31,5 @@ public interface GroupMappingService { /** * @return non-null list of groups for user */ - public Set<String> getGroups(String user); + Set<String> getGroups(String user); } http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/95b1e40e/sentry-provider/sentry-provider-common/src/main/java/org/apache/sentry/provider/common/HadoopGroupMappingService.java ---------------------------------------------------------------------- diff --git a/sentry-provider/sentry-provider-common/src/main/java/org/apache/sentry/provider/common/HadoopGroupMappingService.java b/sentry-provider/sentry-provider-common/src/main/java/org/apache/sentry/provider/common/HadoopGroupMappingService.java index 4214449..f599dbb 100644 --- a/sentry-provider/sentry-provider-common/src/main/java/org/apache/sentry/provider/common/HadoopGroupMappingService.java +++ b/sentry-provider/sentry-provider-common/src/main/java/org/apache/sentry/provider/common/HadoopGroupMappingService.java @@ -24,15 +24,11 @@ import java.util.Set; import org.apache.commons.lang.StringUtils; import org.apache.hadoop.conf.Configuration; import org.apache.hadoop.security.Groups; -import org.slf4j.Logger; -import org.slf4j.LoggerFactory; import com.google.common.collect.Lists; public class HadoopGroupMappingService implements GroupMappingService { - private static final Logger LOGGER = LoggerFactory - .getLogger(HadoopGroupMappingService.class); private static Configuration hadoopConf; private final Groups groups; http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/95b1e40e/sentry-provider/sentry-provider-common/src/main/java/org/apache/sentry/provider/common/HadoopGroupResourceAuthorizationProvider.java ---------------------------------------------------------------------- diff --git a/sentry-provider/sentry-provider-common/src/main/java/org/apache/sentry/provider/common/HadoopGroupResourceAuthorizationProvider.java b/sentry-provider/sentry-provider-common/src/main/java/org/apache/sentry/provider/common/HadoopGroupResourceAuthorizationProvider.java index c8e6c9d..bcd3312 100644 --- a/sentry-provider/sentry-provider-common/src/main/java/org/apache/sentry/provider/common/HadoopGroupResourceAuthorizationProvider.java +++ b/sentry-provider/sentry-provider-common/src/main/java/org/apache/sentry/provider/common/HadoopGroupResourceAuthorizationProvider.java @@ -22,8 +22,6 @@ import java.io.IOException; import org.apache.hadoop.conf.Configuration; import org.apache.hadoop.security.Groups; import org.apache.sentry.policy.common.PolicyEngine; -import org.apache.sentry.provider.common.GroupMappingService; -import org.apache.sentry.provider.common.HadoopGroupMappingService; import com.google.common.annotations.VisibleForTesting; @@ -41,7 +39,7 @@ public class HadoopGroupResourceAuthorizationProvider extends this(new Configuration(), resource, policy); } - public HadoopGroupResourceAuthorizationProvider(Configuration conf, String resource, PolicyEngine policy) throws IOException { + public HadoopGroupResourceAuthorizationProvider(Configuration conf, String resource, PolicyEngine policy) throws IOException { //NOPMD this(policy, new HadoopGroupMappingService(getGroups(conf))); } http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/95b1e40e/sentry-provider/sentry-provider-common/src/main/java/org/apache/sentry/provider/common/KeyValue.java ---------------------------------------------------------------------- diff --git a/sentry-provider/sentry-provider-common/src/main/java/org/apache/sentry/provider/common/KeyValue.java b/sentry-provider/sentry-provider-common/src/main/java/org/apache/sentry/provider/common/KeyValue.java index cad37b4..984fe46 100644 --- a/sentry-provider/sentry-provider-common/src/main/java/org/apache/sentry/provider/common/KeyValue.java +++ b/sentry-provider/sentry-provider-common/src/main/java/org/apache/sentry/provider/common/KeyValue.java @@ -73,23 +73,30 @@ public class KeyValue { @Override public boolean equals(Object obj) { - if (this == obj) + if (this == obj) { return true; - if (obj == null) + } + if (obj == null) { return false; - if (getClass() != obj.getClass()) + } + if (getClass() != obj.getClass()) { return false; + } KeyValue other = (KeyValue) obj; if (key == null) { - if (other.key != null) + if (other.key != null) { return false; - } else if (!key.equalsIgnoreCase(other.key)) + } + } else if (!key.equalsIgnoreCase(other.key)) { return false; + } if (value == null) { - if (other.value != null) + if (other.value != null) { return false; - } else if (!value.equalsIgnoreCase(other.value)) + } + } else if (!value.equalsIgnoreCase(other.value)) { return false; + } return true; } } http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/95b1e40e/sentry-provider/sentry-provider-common/src/main/java/org/apache/sentry/provider/common/NoAuthorizationProvider.java ---------------------------------------------------------------------- diff --git a/sentry-provider/sentry-provider-common/src/main/java/org/apache/sentry/provider/common/NoAuthorizationProvider.java b/sentry-provider/sentry-provider-common/src/main/java/org/apache/sentry/provider/common/NoAuthorizationProvider.java index 7cf617e..82b215c 100644 --- a/sentry-provider/sentry-provider-common/src/main/java/org/apache/sentry/provider/common/NoAuthorizationProvider.java +++ b/sentry-provider/sentry-provider-common/src/main/java/org/apache/sentry/provider/common/NoAuthorizationProvider.java @@ -44,7 +44,6 @@ public class NoAuthorizationProvider implements AuthorizationProvider { @Override public void validateResource(boolean strictValidation) throws SentryConfigurationException { - return; } @Override http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/95b1e40e/sentry-provider/sentry-provider-common/src/main/java/org/apache/sentry/provider/common/ProviderBackend.java ---------------------------------------------------------------------- diff --git a/sentry-provider/sentry-provider-common/src/main/java/org/apache/sentry/provider/common/ProviderBackend.java b/sentry-provider/sentry-provider-common/src/main/java/org/apache/sentry/provider/common/ProviderBackend.java index ddb9cf9..b19a170 100644 --- a/sentry-provider/sentry-provider-common/src/main/java/org/apache/sentry/provider/common/ProviderBackend.java +++ b/sentry-provider/sentry-provider-common/src/main/java/org/apache/sentry/provider/common/ProviderBackend.java @@ -42,17 +42,17 @@ public interface ProviderBackend { * that would be backwards incompatible. * @param validators */ - public void initialize(ProviderBackendContext context); + void initialize(ProviderBackendContext context); /** * Get the privileges from the backend. */ - public ImmutableSet<String> getPrivileges(Set<String> groups, ActiveRoleSet roleSet, Authorizable... authorizableHierarchy); + ImmutableSet<String> getPrivileges(Set<String> groups, ActiveRoleSet roleSet, Authorizable... authorizableHierarchy); /** * Get the roles associated with the groups from the backend. */ - public ImmutableSet<String> getRoles(Set<String> groups, ActiveRoleSet roleSet); + ImmutableSet<String> getRoles(Set<String> groups, ActiveRoleSet roleSet); /** * If strictValidation is true then an error is thrown for warnings @@ -61,7 +61,7 @@ public interface ProviderBackend { * @param strictValidation * @throws SentryConfigurationException */ - public void validatePolicy(boolean strictValidation) throws SentryConfigurationException; + void validatePolicy(boolean strictValidation) throws SentryConfigurationException; - public void close(); + void close(); } http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/95b1e40e/sentry-provider/sentry-provider-common/src/main/java/org/apache/sentry/provider/common/ResourceAuthorizationProvider.java ---------------------------------------------------------------------- diff --git a/sentry-provider/sentry-provider-common/src/main/java/org/apache/sentry/provider/common/ResourceAuthorizationProvider.java b/sentry-provider/sentry-provider-common/src/main/java/org/apache/sentry/provider/common/ResourceAuthorizationProvider.java index 7bf830c..fef4bd9 100644 --- a/sentry-provider/sentry-provider-common/src/main/java/org/apache/sentry/provider/common/ResourceAuthorizationProvider.java +++ b/sentry-provider/sentry-provider-common/src/main/java/org/apache/sentry/provider/common/ResourceAuthorizationProvider.java @@ -109,7 +109,7 @@ public abstract class ResourceAuthorizationProvider implements AuthorizationProv * Does the permission granted in the policy file imply the requested action? */ boolean result = permission.implies(privilegeFactory.createPrivilege(requestPrivilege)); - if(LOGGER.isDebugEnabled()) { + if (LOGGER.isDebugEnabled()) { LOGGER.debug("ProviderPrivilege {}, RequestPrivilege {}, RoleSet, {}, Result {}", new Object[]{ permission, requestPrivilege, roleSet, result}); } @@ -135,23 +135,22 @@ public abstract class ResourceAuthorizationProvider implements AuthorizationProv private ImmutableSet<String> appendDefaultDBPriv(ImmutableSet<String> privileges, Authorizable[] authorizables) { // Only for switch db - if ((authorizables != null)&&(authorizables.length == 4)&&(authorizables[2].getName().equals("+"))) { - if ((privileges.size() == 1) && hasOnlyServerPrivilege(privileges.asList().get(0))) { - // Assuming authorizable[0] will always be the server - // This Code is only reachable only when user fires a 'use default' - // and the user has a privilege on atleast 1 privilized Object - String defaultPriv = "Server=" + authorizables[0].getName() - + "->Db=default->Table=*->Column=*->action=select"; - HashSet<String> newPrivs = Sets.newHashSet(defaultPriv); - return ImmutableSet.copyOf(newPrivs); - } + if (authorizables != null && authorizables.length == 4 && authorizables[2].getName().equals("+") + && privileges.size() == 1 && hasOnlyServerPrivilege(privileges.asList().get(0))) { + // Assuming authorizable[0] will always be the server + // This Code is only reachable only when user fires a 'use default' + // and the user has a privilege on atleast 1 privilized Object + String defaultPriv = "Server=" + authorizables[0].getName() + + "->Db=default->Table=*->Column=*->action=select"; + Set<String> newPrivs = Sets.newHashSet(defaultPriv); + return ImmutableSet.copyOf(newPrivs); } return privileges; } private boolean hasOnlyServerPrivilege(String priv) { ArrayList<String> l = Lists.newArrayList(AUTHORIZABLE_SPLITTER.split(priv)); - if ((l.size() == 1)&&(l.get(0).toLowerCase().startsWith("server"))) { + if (l.size() == 1 && l.get(0).toLowerCase().startsWith("server")) { return l.get(0).toLowerCase().split("=")[1].endsWith("+"); } return false; @@ -173,12 +172,12 @@ public abstract class ResourceAuthorizationProvider implements AuthorizationProv @Override public Set<String> listPrivilegesForSubject(Subject subject) throws SentryConfigurationException { - return policy.getPrivileges(getGroups(subject), ActiveRoleSet.ALL, null); + return policy.getPrivileges(getGroups(subject), ActiveRoleSet.ALL); } @Override public Set<String> listPrivilegesForGroup(String groupName) throws SentryConfigurationException { - return policy.getPrivileges(Sets.newHashSet(groupName), ActiveRoleSet.ALL, null); + return policy.getPrivileges(Sets.newHashSet(groupName), ActiveRoleSet.ALL); } @Override http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/95b1e40e/sentry-provider/sentry-provider-common/src/test/java/org/apache/sentry/provider/common/TestGetGroupMapping.java ---------------------------------------------------------------------- diff --git a/sentry-provider/sentry-provider-common/src/test/java/org/apache/sentry/provider/common/TestGetGroupMapping.java b/sentry-provider/sentry-provider-common/src/test/java/org/apache/sentry/provider/common/TestGetGroupMapping.java index f57198a..dfb5d70 100644 --- a/sentry-provider/sentry-provider-common/src/test/java/org/apache/sentry/provider/common/TestGetGroupMapping.java +++ b/sentry-provider/sentry-provider-common/src/test/java/org/apache/sentry/provider/common/TestGetGroupMapping.java @@ -19,7 +19,6 @@ package org.apache.sentry.provider.common; import static org.junit.Assert.assertSame; import java.util.Set; -import java.util.List; import org.apache.sentry.core.common.Authorizable; import org.apache.sentry.core.common.SentryConfigurationException; http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/95b1e40e/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/SentryPolicyStorePlugin.java ---------------------------------------------------------------------- diff --git a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/SentryPolicyStorePlugin.java b/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/SentryPolicyStorePlugin.java index 998a48b..fe1ea1f 100644 --- a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/SentryPolicyStorePlugin.java +++ b/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/SentryPolicyStorePlugin.java @@ -32,7 +32,7 @@ import org.apache.sentry.provider.db.service.thrift.TRenamePrivilegesRequest; public interface SentryPolicyStorePlugin { @SuppressWarnings("serial") - public static class SentryPluginException extends SentryUserException { + class SentryPluginException extends SentryUserException { public SentryPluginException(String msg) { super(msg); } @@ -41,20 +41,20 @@ public interface SentryPolicyStorePlugin { } } - public void initialize(Configuration conf, SentryStore sentryStore) throws SentryPluginException; + void initialize(Configuration conf, SentryStore sentryStore) throws SentryPluginException; - public void onAlterSentryRoleAddGroups(TAlterSentryRoleAddGroupsRequest tRequest) throws SentryPluginException; + void onAlterSentryRoleAddGroups(TAlterSentryRoleAddGroupsRequest tRequest) throws SentryPluginException; - public void onAlterSentryRoleDeleteGroups(TAlterSentryRoleDeleteGroupsRequest tRequest) throws SentryPluginException; + void onAlterSentryRoleDeleteGroups(TAlterSentryRoleDeleteGroupsRequest tRequest) throws SentryPluginException; - public void onAlterSentryRoleGrantPrivilege(TAlterSentryRoleGrantPrivilegeRequest tRequest) throws SentryPluginException; + void onAlterSentryRoleGrantPrivilege(TAlterSentryRoleGrantPrivilegeRequest tRequest) throws SentryPluginException; - public void onAlterSentryRoleRevokePrivilege(TAlterSentryRoleRevokePrivilegeRequest tRequest) throws SentryPluginException; + void onAlterSentryRoleRevokePrivilege(TAlterSentryRoleRevokePrivilegeRequest tRequest) throws SentryPluginException; - public void onDropSentryRole(TDropSentryRoleRequest tRequest) throws SentryPluginException; + void onDropSentryRole(TDropSentryRoleRequest tRequest) throws SentryPluginException; - public void onRenameSentryPrivilege(TRenamePrivilegesRequest request) throws SentryPluginException; + void onRenameSentryPrivilege(TRenamePrivilegesRequest request) throws SentryPluginException; - public void onDropSentryPrivilege(TDropPrivilegesRequest request) throws SentryPluginException; + void onDropSentryPrivilege(TDropPrivilegesRequest request) throws SentryPluginException; } http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/95b1e40e/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/SimpleDBProviderBackend.java ---------------------------------------------------------------------- diff --git a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/SimpleDBProviderBackend.java b/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/SimpleDBProviderBackend.java index ff25d95..b996095 100644 --- a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/SimpleDBProviderBackend.java +++ b/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/SimpleDBProviderBackend.java @@ -41,7 +41,7 @@ public class SimpleDBProviderBackend implements ProviderBackend { private int retryCount; private int retryIntervalSec; - public SimpleDBProviderBackend(Configuration conf, String resourcePath) throws Exception { + public SimpleDBProviderBackend(Configuration conf, String resourcePath) throws Exception { //NOPMD // DB Provider doesn't use policy file path this(conf); } @@ -64,10 +64,6 @@ public class SimpleDBProviderBackend implements ProviderBackend { */ @Override public ImmutableSet<String> getPrivileges(Set<String> groups, ActiveRoleSet roleSet, Authorizable... authorizableHierarchy) { - return getPrivileges(retryCount, groups, roleSet, authorizableHierarchy); - } - - private ImmutableSet<String> getPrivileges(int retryCount, Set<String> groups, ActiveRoleSet roleSet, Authorizable... authorizableHierarchy) { int retries = Math.max(retryCount + 1, 1); // if customer configs retryCount as Integer.MAX_VALUE, try only once while (retries > 0) { retries--; http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/95b1e40e/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/generic/SentryGenericProviderBackend.java ---------------------------------------------------------------------- diff --git a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/generic/SentryGenericProviderBackend.java b/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/generic/SentryGenericProviderBackend.java index d7cb814..474d05c 100644 --- a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/generic/SentryGenericProviderBackend.java +++ b/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/generic/SentryGenericProviderBackend.java @@ -49,7 +49,7 @@ public class SentryGenericProviderBackend implements ProviderBackend { // ProviderBackend should have the same construct to support the reflect in authBinding, // eg:SqoopAuthBinding - public SentryGenericProviderBackend(Configuration conf, String resource) + public SentryGenericProviderBackend(Configuration conf, String resource) //NOPMD throws Exception { this.conf = conf; } http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/95b1e40e/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/generic/service/persistent/DelegateSentryStore.java ---------------------------------------------------------------------- diff --git a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/generic/service/persistent/DelegateSentryStore.java b/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/generic/service/persistent/DelegateSentryStore.java index 0aab975..e1c15fa 100644 --- a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/generic/service/persistent/DelegateSentryStore.java +++ b/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/generic/service/persistent/DelegateSentryStore.java @@ -320,7 +320,9 @@ public class DelegateSentryStore implements SentryStoreLayer { throws SentryUserException { roles = toTrimedLower(roles); Set<String> groupNames = Sets.newHashSet(); - if (roles.size() == 0) return groupNames; + if (roles.size() == 0) { + return groupNames; + } PersistenceManager pm = null; try{ @@ -354,7 +356,9 @@ public class DelegateSentryStore implements SentryStoreLayer { Set<String> roles) throws SentryUserException { Preconditions.checkNotNull(roles); Set<PrivilegeObject> privileges = Sets.newHashSet(); - if (roles.isEmpty()) return privileges; + if (roles.isEmpty()) { + return privileges; + } PersistenceManager pm = null; try { http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/95b1e40e/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/generic/service/persistent/PrivilegeObject.java ---------------------------------------------------------------------- diff --git a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/generic/service/persistent/PrivilegeObject.java b/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/generic/service/persistent/PrivilegeObject.java index aa56207..c6e4aa6 100644 --- a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/generic/service/persistent/PrivilegeObject.java +++ b/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/generic/service/persistent/PrivilegeObject.java @@ -20,7 +20,6 @@ package org.apache.sentry.provider.db.generic.service.persistent; import static org.apache.sentry.provider.common.ProviderConstants.KV_JOINER; import static org.apache.sentry.provider.common.ProviderConstants.AUTHORIZABLE_JOINER; -import java.util.ArrayList; import java.util.List; import org.apache.sentry.core.common.Authorizable; import com.google.common.base.Preconditions; @@ -91,33 +90,44 @@ public class PrivilegeObject { @Override public boolean equals(Object obj) { - if (this == obj) + if (this == obj) { return true; - if (obj == null) + } + if (obj == null) { return false; - if (getClass() != obj.getClass()) + } + if (getClass() != obj.getClass()) { return false; + } PrivilegeObject other = (PrivilegeObject) obj; if (action == null) { - if (other.action != null) + if (other.action != null) { return false; - } else if (!action.equals(other.action)) + } + } else if (!action.equals(other.action)) { return false; + } if (service == null) { - if (other.service != null) + if (other.service != null) { return false; - } else if (!service.equals(other.service)) + } + } else if (!service.equals(other.service)) { return false; + } if (component == null) { - if (other.component != null) + if (other.component != null) { return false; - } else if (!component.equals(other.component)) + } + } else if (!component.equals(other.component)) { return false; + } if (grantOption == null) { - if (other.grantOption != null) + if (other.grantOption != null) { return false; - } else if (!grantOption.equals(other.grantOption)) + } + } else if (!grantOption.equals(other.grantOption)) { return false; + } if (authorizables.size() != other.authorizables.size()) { return false; @@ -186,7 +196,7 @@ public class PrivilegeObject { */ private List<? extends Authorizable> toLowerAuthorizableName(List<? extends Authorizable> authorizables) { List<Authorizable> newAuthorizable = Lists.newArrayList(); - if ((authorizables == null) || (authorizables.size() == 0)) { + if (authorizables == null || authorizables.size() == 0) { return newAuthorizable; } for (final Authorizable authorizable : authorizables) { http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/95b1e40e/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/generic/service/persistent/PrivilegeOperatePersistence.java ---------------------------------------------------------------------- diff --git a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/generic/service/persistent/PrivilegeOperatePersistence.java b/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/generic/service/persistent/PrivilegeOperatePersistence.java index 98b22b0..c3b0be8 100644 --- a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/generic/service/persistent/PrivilegeOperatePersistence.java +++ b/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/generic/service/persistent/PrivilegeOperatePersistence.java @@ -35,7 +35,6 @@ import org.apache.sentry.core.model.search.SearchActionFactory; import org.apache.sentry.core.model.sqoop.SqoopActionFactory; import org.apache.sentry.provider.db.generic.service.persistent.PrivilegeObject.Builder; import org.apache.sentry.provider.db.service.model.MSentryGMPrivilege; -import org.apache.sentry.provider.db.service.model.MSentryPrivilege; import org.apache.sentry.provider.db.service.model.MSentryRole; import com.google.common.base.Joiner; @@ -60,7 +59,7 @@ public class PrivilegeOperatePersistence { //get persistent privileges by roles Query query = pm.newQuery(MSentryGMPrivilege.class); StringBuilder filters = new StringBuilder(); - if ((roles != null) && (roles.size() > 0)) { + if (roles != null && roles.size() > 0) { query.declareVariables("org.apache.sentry.provider.db.service.model.MSentryRole role"); List<String> rolesFiler = new LinkedList<String>(); for (MSentryRole role : roles) { @@ -102,7 +101,7 @@ public class PrivilegeOperatePersistence { for (BitFieldAction ac : actions) { grantPrivilege.setAction(ac.getValue()); MSentryGMPrivilege existPriv = getPrivilege(grantPrivilege, pm); - if ((existPriv != null) && (role.getGmPrivileges().contains(existPriv))) { + if (existPriv != null && role.getGmPrivileges().contains(existPriv)) { /** * force to load all roles related this privilege * avoid the lazy-loading risk,such as: @@ -122,7 +121,7 @@ public class PrivilegeOperatePersistence { */ grantPrivilege.setAction(allAction.getValue()); MSentryGMPrivilege allPrivilege = getPrivilege(grantPrivilege, pm); - if ((allPrivilege != null) && (role.getGmPrivileges().contains(allPrivilege))) { + if (allPrivilege != null && role.getGmPrivileges().contains(allPrivilege)) { return; } } @@ -184,7 +183,7 @@ public class PrivilegeOperatePersistence { //add populateIncludePrivilegesQuery filters.append(MSentryGMPrivilege.populateIncludePrivilegesQuery(parent)); // add filter for role names - if ((roles != null) && (roles.size() > 0)) { + if (roles != null && roles.size() > 0) { query.declareVariables("org.apache.sentry.provider.db.service.model.MSentryRole role"); List<String> rolesFiler = new LinkedList<String>(); for (MSentryRole role : roles) { @@ -257,12 +256,11 @@ public class PrivilegeOperatePersistence { */ persistedPriv.removeRole(role); pm.makePersistent(persistedPriv); - } else { - /** - * if the revoke action is not equal to the persisted action, - * do nothing - */ } + /** + * if the revoke action is not equal to the persisted action, + * do nothing + */ } } @@ -311,7 +309,7 @@ public class PrivilegeOperatePersistence { @SuppressWarnings("unchecked") public Set<PrivilegeObject> getPrivilegesByRole(Set<MSentryRole> roles, PersistenceManager pm) { Set<PrivilegeObject> privileges = Sets.newHashSet(); - if ((roles == null) || (roles.size() == 0)) { + if (roles == null || roles.size() == 0) { return privileges; } Query query = pm.newQuery(MSentryGMPrivilege.class); @@ -326,7 +324,7 @@ public class PrivilegeOperatePersistence { query.setFilter(filters.toString()); List<MSentryGMPrivilege> mPrivileges = (List<MSentryGMPrivilege>) query.execute(); - if ((mPrivileges == null) || (mPrivileges.size() ==0)) { + if (mPrivileges == null || mPrivileges.isEmpty()) { return privileges; } for (MSentryGMPrivilege mPrivilege : mPrivileges) { @@ -345,7 +343,9 @@ public class PrivilegeOperatePersistence { String service, Set<MSentryRole> roles, List<? extends Authorizable> authorizables, PersistenceManager pm) { Set<PrivilegeObject> privileges = Sets.newHashSet(); - if ((roles == null) || (roles.size() == 0)) return privileges; + if (roles == null || roles.isEmpty()) { + return privileges; + } MSentryGMPrivilege parentPrivilege = new MSentryGMPrivilege(component, service, authorizables, null, null); Set<MSentryGMPrivilege> privilegeGraph = Sets.newHashSet(); http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/95b1e40e/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/generic/service/persistent/SentryStoreLayer.java ---------------------------------------------------------------------- diff --git a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/generic/service/persistent/SentryStoreLayer.java b/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/generic/service/persistent/SentryStoreLayer.java index ba9e36f..f6d73e7 100644 --- a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/generic/service/persistent/SentryStoreLayer.java +++ b/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/generic/service/persistent/SentryStoreLayer.java @@ -38,7 +38,7 @@ public interface SentryStoreLayer { * @returns commit context used for notification handlers * @throws SentryAlreadyExistsException */ - public CommitContext createRole(String component, String role, + CommitContext createRole(String component, String role, String requestor) throws SentryAlreadyExistsException; /** @@ -49,7 +49,7 @@ public interface SentryStoreLayer { * @returns commit context used for notification handlers * @throws SentryNoSuchObjectException */ - public CommitContext dropRole(String component, String role, + CommitContext dropRole(String component, String role, String requestor) throws SentryNoSuchObjectException; /** @@ -61,7 +61,7 @@ public interface SentryStoreLayer { * @returns commit context used for notification handlers * @throws SentryNoSuchObjectException */ - public CommitContext alterRoleAddGroups(String component, String role, + CommitContext alterRoleAddGroups(String component, String role, Set<String> groups, String requestor) throws SentryNoSuchObjectException; /** @@ -73,7 +73,7 @@ public interface SentryStoreLayer { * @returns commit context used for notification handlers * @throws SentryNoSuchObjectException */ - public CommitContext alterRoleDeleteGroups(String component, String role, + CommitContext alterRoleDeleteGroups(String component, String role, Set<String> groups, String requestor) throws SentryNoSuchObjectException; /** @@ -85,7 +85,7 @@ public interface SentryStoreLayer { * @returns commit context Used for notification handlers * @throws SentryUserException */ - public CommitContext alterRoleGrantPrivilege(String component, String role, + CommitContext alterRoleGrantPrivilege(String component, String role, PrivilegeObject privilege, String grantorPrincipal) throws SentryUserException; /** @@ -97,7 +97,7 @@ public interface SentryStoreLayer { * @returns commit context used for notification handlers * @throws SentryUserException */ - public CommitContext alterRoleRevokePrivilege(String component, String role, + CommitContext alterRoleRevokePrivilege(String component, String role, PrivilegeObject privilege, String grantorPrincipal) throws SentryUserException; /** @@ -111,7 +111,7 @@ public interface SentryStoreLayer { * @returns commit context used for notification handlers * @throws SentryUserException */ - public CommitContext renamePrivilege( + CommitContext renamePrivilege( String component, String service, List<? extends Authorizable> oldAuthorizables, List<? extends Authorizable> newAuthorizables, String requestor) throws SentryUserException; @@ -123,7 +123,7 @@ public interface SentryStoreLayer { * @returns commit context used for notification handlers * @throws SentryUserException */ - public CommitContext dropPrivilege(String component, PrivilegeObject privilege, + CommitContext dropPrivilege(String component, PrivilegeObject privilege, String requestor) throws SentryUserException; /** @@ -133,7 +133,7 @@ public interface SentryStoreLayer { * @returns the set of roles * @throws SentryUserException */ - public Set<String> getRolesByGroups(String component, Set<String> groups) throws SentryUserException; + Set<String> getRolesByGroups(String component, Set<String> groups) throws SentryUserException; /** * Get groups @@ -142,7 +142,7 @@ public interface SentryStoreLayer { * @returns the set of groups * @throws SentryUserException */ - public Set<String> getGroupsByRoles(String component, Set<String> roles) throws SentryUserException; + Set<String> getGroupsByRoles(String component, Set<String> roles) throws SentryUserException; /** * Get privileges @@ -151,7 +151,7 @@ public interface SentryStoreLayer { * @returns the set of privileges * @throws SentryUserException */ - public Set<PrivilegeObject> getPrivilegesByRole(String component, Set<String> roles) throws SentryUserException; + Set<PrivilegeObject> getPrivilegesByRole(String component, Set<String> roles) throws SentryUserException; /** * get sentry privileges from provider as followings: @@ -164,12 +164,12 @@ public interface SentryStoreLayer { * @throws SentryUserException */ - public Set<PrivilegeObject> getPrivilegesByProvider(String component, String service,Set<String> roles, + Set<PrivilegeObject> getPrivilegesByProvider(String component, String service,Set<String> roles, Set<String> groups, List<? extends Authorizable> authorizables) throws SentryUserException; /** * close sentryStore */ - public void close(); + void close(); } http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/95b1e40e/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/generic/service/thrift/NotificationHandler.java ---------------------------------------------------------------------- diff --git a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/generic/service/thrift/NotificationHandler.java b/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/generic/service/thrift/NotificationHandler.java index d8a51a6..e0a5f03 100644 --- a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/generic/service/thrift/NotificationHandler.java +++ b/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/generic/service/thrift/NotificationHandler.java @@ -17,47 +17,31 @@ */ package org.apache.sentry.provider.db.generic.service.thrift; -import org.apache.sentry.provider.db.generic.service.thrift.TAlterSentryRoleAddGroupsRequest; -import org.apache.sentry.provider.db.generic.service.thrift.TAlterSentryRoleAddGroupsResponse; -import org.apache.sentry.provider.db.generic.service.thrift.TAlterSentryRoleDeleteGroupsRequest; -import org.apache.sentry.provider.db.generic.service.thrift.TAlterSentryRoleDeleteGroupsResponse; -import org.apache.sentry.provider.db.generic.service.thrift.TAlterSentryRoleGrantPrivilegeRequest; -import org.apache.sentry.provider.db.generic.service.thrift.TAlterSentryRoleGrantPrivilegeResponse; -import org.apache.sentry.provider.db.generic.service.thrift.TAlterSentryRoleRevokePrivilegeRequest; -import org.apache.sentry.provider.db.generic.service.thrift.TAlterSentryRoleRevokePrivilegeResponse; -import org.apache.sentry.provider.db.generic.service.thrift.TCreateSentryRoleRequest; -import org.apache.sentry.provider.db.generic.service.thrift.TCreateSentryRoleResponse; -import org.apache.sentry.provider.db.generic.service.thrift.TDropPrivilegesRequest; -import org.apache.sentry.provider.db.generic.service.thrift.TDropPrivilegesResponse; -import org.apache.sentry.provider.db.generic.service.thrift.TDropSentryRoleRequest; -import org.apache.sentry.provider.db.generic.service.thrift.TDropSentryRoleResponse; -import org.apache.sentry.provider.db.generic.service.thrift.TRenamePrivilegesRequest; -import org.apache.sentry.provider.db.generic.service.thrift.TRenamePrivilegesResponse; import org.apache.sentry.provider.db.service.persistent.CommitContext; public interface NotificationHandler { - public void create_sentry_role(CommitContext context, + void create_sentry_role(CommitContext context, TCreateSentryRoleRequest request, TCreateSentryRoleResponse response); - public void drop_sentry_role(CommitContext context, TDropSentryRoleRequest request, + void drop_sentry_role(CommitContext context, TDropSentryRoleRequest request, TDropSentryRoleResponse response); - public void alter_sentry_role_grant_privilege(CommitContext context, TAlterSentryRoleGrantPrivilegeRequest request, + void alter_sentry_role_grant_privilege(CommitContext context, TAlterSentryRoleGrantPrivilegeRequest request, TAlterSentryRoleGrantPrivilegeResponse response); - public void alter_sentry_role_revoke_privilege(CommitContext context, TAlterSentryRoleRevokePrivilegeRequest request, + void alter_sentry_role_revoke_privilege(CommitContext context, TAlterSentryRoleRevokePrivilegeRequest request, TAlterSentryRoleRevokePrivilegeResponse response); - public void alter_sentry_role_add_groups(CommitContext context,TAlterSentryRoleAddGroupsRequest request, + void alter_sentry_role_add_groups(CommitContext context,TAlterSentryRoleAddGroupsRequest request, TAlterSentryRoleAddGroupsResponse response); - public void alter_sentry_role_delete_groups(CommitContext context, TAlterSentryRoleDeleteGroupsRequest request, + void alter_sentry_role_delete_groups(CommitContext context, TAlterSentryRoleDeleteGroupsRequest request, TAlterSentryRoleDeleteGroupsResponse response); - public void drop_sentry_privilege(CommitContext context, TDropPrivilegesRequest request, + void drop_sentry_privilege(CommitContext context, TDropPrivilegesRequest request, TDropPrivilegesResponse response); - public void rename_sentry_privilege(CommitContext context, TRenamePrivilegesRequest request, + void rename_sentry_privilege(CommitContext context, TRenamePrivilegesRequest request, TRenamePrivilegesResponse response); } http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/95b1e40e/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/generic/service/thrift/NotificationHandlerInvoker.java ---------------------------------------------------------------------- diff --git a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/generic/service/thrift/NotificationHandlerInvoker.java b/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/generic/service/thrift/NotificationHandlerInvoker.java index 317c97b..11b5456 100644 --- a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/generic/service/thrift/NotificationHandlerInvoker.java +++ b/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/generic/service/thrift/NotificationHandlerInvoker.java @@ -19,22 +19,6 @@ package org.apache.sentry.provider.db.generic.service.thrift; import java.util.List; -import org.apache.sentry.provider.db.generic.service.thrift.TAlterSentryRoleAddGroupsRequest; -import org.apache.sentry.provider.db.generic.service.thrift.TAlterSentryRoleAddGroupsResponse; -import org.apache.sentry.provider.db.generic.service.thrift.TAlterSentryRoleDeleteGroupsRequest; -import org.apache.sentry.provider.db.generic.service.thrift.TAlterSentryRoleDeleteGroupsResponse; -import org.apache.sentry.provider.db.generic.service.thrift.TAlterSentryRoleGrantPrivilegeRequest; -import org.apache.sentry.provider.db.generic.service.thrift.TAlterSentryRoleGrantPrivilegeResponse; -import org.apache.sentry.provider.db.generic.service.thrift.TAlterSentryRoleRevokePrivilegeRequest; -import org.apache.sentry.provider.db.generic.service.thrift.TAlterSentryRoleRevokePrivilegeResponse; -import org.apache.sentry.provider.db.generic.service.thrift.TCreateSentryRoleRequest; -import org.apache.sentry.provider.db.generic.service.thrift.TCreateSentryRoleResponse; -import org.apache.sentry.provider.db.generic.service.thrift.TDropPrivilegesRequest; -import org.apache.sentry.provider.db.generic.service.thrift.TDropPrivilegesResponse; -import org.apache.sentry.provider.db.generic.service.thrift.TDropSentryRoleRequest; -import org.apache.sentry.provider.db.generic.service.thrift.TDropSentryRoleResponse; -import org.apache.sentry.provider.db.generic.service.thrift.TRenamePrivilegesRequest; -import org.apache.sentry.provider.db.generic.service.thrift.TRenamePrivilegesResponse; import org.apache.sentry.provider.db.service.persistent.CommitContext; import org.slf4j.Logger; import org.slf4j.LoggerFactory; http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/95b1e40e/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/generic/service/thrift/SentryGenericPolicyProcessor.java ---------------------------------------------------------------------- diff --git a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/generic/service/thrift/SentryGenericPolicyProcessor.java b/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/generic/service/thrift/SentryGenericPolicyProcessor.java index e7b6d17..45f9ce4 100644 --- a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/generic/service/thrift/SentryGenericPolicyProcessor.java +++ b/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/generic/service/thrift/SentryGenericPolicyProcessor.java @@ -99,7 +99,9 @@ public class SentryGenericPolicyProcessor implements SentryGenericPolicyService. } private Set<String> toTrimedLower(Set<String> s) { - if (null == s) return new HashSet<String>(); + if (null == s) { + return new HashSet<String>(); + } Set<String> result = Sets.newHashSet(); for (String v : s) { result.add(v.trim().toLowerCase()); @@ -122,7 +124,8 @@ public class SentryGenericPolicyProcessor implements SentryGenericPolicyService. requestorGroups = toTrimedLower(requestorGroups); if (Sets.intersection(adminGroups, requestorGroups).isEmpty()) { return false; - } else return true; + } + return true; } public static SentryStoreLayer createStore(Configuration conf) throws SentryConfigurationException { @@ -475,9 +478,7 @@ public class SentryGenericPolicyProcessor implements SentryGenericPolicyService. public Response<Set<TSentryRole>> handle() throws Exception { validateClientVersion(request.getProtocol_version()); Set<String> groups = getRequestorGroups(conf, request.getRequestorUserName()); - if (AccessConstants.ALL.equalsIgnoreCase(request.getGroupName())) { - //check all groups which requestorUserName belongs to - } else { + if (!AccessConstants.ALL.equalsIgnoreCase(request.getGroupName())) { boolean admin = inAdminGroups(groups); //Only admin users can list all roles in the system ( groupname = null) //Non admin users are only allowed to list only groups which they belong to @@ -628,7 +629,7 @@ public class SentryGenericPolicyProcessor implements SentryGenericPolicyService. } } private interface RequestHandler <T>{ - public Response<T> handle() throws Exception ; + Response<T> handle() throws Exception ; } private static void validateClientVersion(int protocol_version) throws SentryThriftAPIMismatchException {
