Updated Branches: refs/heads/db_policy_store c6bec1679 -> 2a1ceb577 http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/2a1ceb57/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/persistent/SentryPolicyStore.java ---------------------------------------------------------------------- diff --git a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/persistent/SentryPolicyStore.java b/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/persistent/SentryPolicyStore.java index 2d49e2d..736e70a 100644 --- a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/persistent/SentryPolicyStore.java +++ b/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/persistent/SentryPolicyStore.java @@ -27,8 +27,6 @@ import java.util.concurrent.locks.ReentrantLock; import org.apache.commons.logging.Log; import org.apache.commons.logging.LogFactory; import org.apache.hadoop.hive.metastore.ObjectStore; -import org.apache.sentry.policystore.api.TSentryAlreadyExistsException; -import org.apache.sentry.policystore.api.TSentryNoSuchObjectException; import org.apache.sentry.policystore.api.TSentryPrivilege; import org.apache.sentry.policystore.api.TSentryRole; import org.apache.sentry.provider.db.service.model.*; @@ -45,7 +43,7 @@ import javax.jdo.identity.IntIdentity; import org.apache.hadoop.hive.conf.HiveConf; public class SentryPolicyStore { - + private static Properties prop = null; private static PersistenceManagerFactory pmf = null; @@ -58,25 +56,24 @@ public class SentryPolicyStore { private Transaction currentTransaction = null; private TXN_STATUS transactionStatus = TXN_STATUS.NO_STATE; private final AtomicBoolean isSchemaVerified = new AtomicBoolean(false); - + private static enum TXN_STATUS { NO_STATE, OPEN, COMMITED, ROLLBACK } - - + + public SentryPolicyStore () { - + } - - //FIXME: Cleanup this mess i.e., creating a new PM and PMF. + + //FIXME: Cleanup this mess i.e., creating a new PM and PMF. @SuppressWarnings("nls") public void setConf() { - + pmfPropLock.lock(); try { isInitialized = false; Properties propsFromConf = getDataSourceProps(); - assert(!isActiveTransaction()); shutdown(); // Always want to re-create pm as we don't know if it were created by the @@ -197,7 +194,7 @@ public class SentryPolicyStore { pm.evictAll(); } } - + private static Properties getDataSourceProps() { Properties prop = new Properties(); // FIXME: Read from configuration, don't hard-code everything @@ -224,15 +221,15 @@ public class SentryPolicyStore { prop.setProperty("javax.jdo.option.DetachAllOnCommit", "true"); prop.setProperty("javax.jdo.option.NonTransactionalRead", "true"); prop.setProperty("javax.jdo.option.ConnectionUserName", "APP"); - + prop.setProperty("javax.jdo.option.ConnectionPassword", "mine"); prop.setProperty("javax.jdo.option.Multithreaded", "true"); prop.setProperty("javax.jdo.option.ConnectionURL", "jdbc:derby:;databaseName=sentry_policy_db;create=true"); return prop; } - - + + private MSentryRole convertToMSentryRole(TSentryRole role) { MSentryRole mRole = new MSentryRole(); mRole.setCreateTime(role.getCreateTime()); @@ -243,16 +240,16 @@ public class SentryPolicyStore { } - - private void writeSentryRole(MSentryRole role) throws TSentryAlreadyExistsException{ + + private void writeSentryRole(MSentryRole role) { // TODO: verify if the role exists, if it does throw an exception pm.makePersistent(role); } - - public boolean createSentryRole(TSentryRole role) throws TSentryAlreadyExistsException { + + public boolean createSentryRole(TSentryRole role) { // TODO: add some logging @@ -272,7 +269,7 @@ public class SentryPolicyStore { return committed; } - private MSentryRole getMSentryRole (String roleName) throws TSentryNoSuchObjectException { + private MSentryRole getMSentryRole (String roleName) { boolean committed = false; @@ -312,7 +309,7 @@ public class SentryPolicyStore { } - public boolean alterSentryRole(String roleName, TSentryPrivilege privilege) throws TSentryNoSuchObjectException { + public boolean alterSentryRole(String roleName, TSentryPrivilege privilege) { boolean committed = false; @@ -365,7 +362,7 @@ public class SentryPolicyStore { return role; } - public TSentryRole getSentryRole(String roleName) throws TSentryNoSuchObjectException { + public TSentryRole getSentryRole(String roleName) { TSentryRole role; MSentryRole mSentryRole = getMSentryRole(roleName); role = convertToSentryRole(mSentryRole); @@ -373,7 +370,7 @@ public class SentryPolicyStore { } - public boolean dropSentryRole(String roleName) throws TSentryNoSuchObjectException { + public boolean dropSentryRole(String roleName) { boolean committed = false; try { http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/2a1ceb57/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/thrift/HiveMetaStoreSentryPolicyStoreHandler.java ---------------------------------------------------------------------- diff --git a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/thrift/HiveMetaStoreSentryPolicyStoreHandler.java b/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/thrift/HiveMetaStoreSentryPolicyStoreHandler.java index 578b218..76c6c90 100644 --- a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/thrift/HiveMetaStoreSentryPolicyStoreHandler.java +++ b/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/thrift/HiveMetaStoreSentryPolicyStoreHandler.java @@ -60,8 +60,6 @@ import org.apache.sentry.policystore.api.TCreateSentryRoleRequest; import org.apache.sentry.policystore.api.TCreateSentryRoleResponse; import org.apache.sentry.policystore.api.TListSentryRolesRequest; import org.apache.sentry.policystore.api.TListSentryRolesResponse; -import org.apache.sentry.policystore.api.TSentryAlreadyExistsException; -import org.apache.sentry.policystore.api.TSentryNoSuchObjectException; import org.apache.thrift.TException; import com.facebook.fb303.fb_status; @@ -70,10 +68,10 @@ public class HiveMetaStoreSentryPolicyStoreHandler implements SentryThriftPolicyService.Iface, IHMSHandler { private final String name; private HiveConf conf; - + private final SentryPolicyStoreHandler sentryPolicyStoreHander; private final IHMSHandler hiveMetaStoreHandler; - + public HiveMetaStoreSentryPolicyStoreHandler(String name, HiveConf conf) throws MetaException { super(); @@ -85,32 +83,27 @@ public class HiveMetaStoreSentryPolicyStoreHandler @Override public TCreateSentryRoleResponse create_sentry_role( - TCreateSentryRoleRequest request) throws TSentryAlreadyExistsException, - TException { + TCreateSentryRoleRequest request) throws TException { return sentryPolicyStoreHander.create_sentry_role(request); } @Override public TCreateSentryPrivilegeResponse create_sentry_privilege( - TCreateSentryPrivilegeRequest request) - throws TSentryAlreadyExistsException, TException { + TCreateSentryPrivilegeRequest request) throws TException { return sentryPolicyStoreHander.create_sentry_privilege(request); } @Override public TAlterSentryRoleAddGroupsResponse alter_sentry_role_add_groups( - TAlterSentryRoleAddGroupsRequest request) - throws TSentryNoSuchObjectException, TException { + TAlterSentryRoleAddGroupsRequest request) throws TException { return sentryPolicyStoreHander.alter_sentry_role_add_groups(request); } @Override public TAlterSentryRoleDeleteGroupsResponse alter_sentry_role_delete_groups( - TAlterSentryRoleDeleteGroupsRequest request) - throws TSentryNoSuchObjectException, TException { + TAlterSentryRoleDeleteGroupsRequest request) throws TException { return sentryPolicyStoreHander.alter_sentry_role_delete_groups(request); } @Override public TListSentryRolesResponse list_sentry_roles( - TListSentryRolesRequest request) throws TSentryNoSuchObjectException, - TException { + TListSentryRolesRequest request) throws TException { return sentryPolicyStoreHander.list_sentry_roles(request); } http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/2a1ceb57/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/thrift/SentryPolicyStoreHandler.java ---------------------------------------------------------------------- diff --git a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/thrift/SentryPolicyStoreHandler.java b/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/thrift/SentryPolicyStoreHandler.java index ab50580..779a589 100644 --- a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/thrift/SentryPolicyStoreHandler.java +++ b/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/thrift/SentryPolicyStoreHandler.java @@ -31,8 +31,6 @@ import org.apache.sentry.policystore.api.TCreateSentryRoleRequest; import org.apache.sentry.policystore.api.TCreateSentryRoleResponse; import org.apache.sentry.policystore.api.TListSentryRolesRequest; import org.apache.sentry.policystore.api.TListSentryRolesResponse; -import org.apache.sentry.policystore.api.TSentryAlreadyExistsException; -import org.apache.sentry.policystore.api.TSentryNoSuchObjectException; import org.apache.thrift.TException; public class SentryPolicyStoreHandler implements SentryThriftPolicyService.Iface { @@ -45,33 +43,28 @@ public class SentryPolicyStoreHandler implements SentryThriftPolicyService.Iface } @Override public TCreateSentryRoleResponse create_sentry_role( - TCreateSentryRoleRequest request) throws TSentryAlreadyExistsException, - TException { + TCreateSentryRoleRequest request) throws TException { return null; } @Override public TCreateSentryPrivilegeResponse create_sentry_privilege( - TCreateSentryPrivilegeRequest request) - throws TSentryAlreadyExistsException, TException { + TCreateSentryPrivilegeRequest request) throws TException { return null; } @Override public TAlterSentryRoleAddGroupsResponse alter_sentry_role_add_groups( - TAlterSentryRoleAddGroupsRequest request) - throws TSentryNoSuchObjectException, TException { + TAlterSentryRoleAddGroupsRequest request) throws TException { return null; } @Override public TAlterSentryRoleDeleteGroupsResponse alter_sentry_role_delete_groups( - TAlterSentryRoleDeleteGroupsRequest request) - throws TSentryNoSuchObjectException, TException { + TAlterSentryRoleDeleteGroupsRequest request) throws TException { return null; } @Override public TListSentryRolesResponse list_sentry_roles( - TListSentryRolesRequest request) throws TSentryNoSuchObjectException, - TException { + TListSentryRolesRequest request) throws TException { return null; } - + } http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/2a1ceb57/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/thrift/Status.java ---------------------------------------------------------------------- diff --git a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/thrift/Status.java b/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/thrift/Status.java new file mode 100644 index 0000000..dfbe07a --- /dev/null +++ b/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/thrift/Status.java @@ -0,0 +1,57 @@ +/** + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package org.apache.sentry.provider.db.service.thrift; + +import java.io.PrintWriter; +import java.io.StringWriter; + +import javax.annotation.Nullable; + +import org.apache.sentry.policystore.api.TSentryResponseStatus; +import org.apache.sentry.policystore.api.TSentryStatus; + +/** + * Simple factory to make returning TSentryStatus objects easy + */ +public class Status { + public static TSentryResponseStatus OK() { + return Create(TSentryStatus.OK, ""); + } + public static TSentryResponseStatus AlreadyExists(String message, Throwable t) { + return Create(TSentryStatus.ALREADY_EXISTS, message, t); + } + public static TSentryResponseStatus NoSuchObject(String message, Throwable t) { + return Create(TSentryStatus.NO_SUCH_OBJECT, message, t); + } + public static TSentryResponseStatus Create(TSentryStatus value, String message) { + return Create(value, null, null); + } + public static TSentryResponseStatus Create(TSentryStatus value, String message, @Nullable Throwable t) { + TSentryResponseStatus status = new TSentryResponseStatus(); + status.setValue(value); + status.setMessage(message); + if (t != null) { + StringWriter stringWriter = new StringWriter(); + PrintWriter printWriter = new PrintWriter(stringWriter); + t.printStackTrace(printWriter); + printWriter.close(); + status.setStack(stringWriter.toString()); + } + return status; + } +} \ No newline at end of file http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/2a1ceb57/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/thrift/sentry_policystore.thrift ---------------------------------------------------------------------- diff --git a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/thrift/sentry_policystore.thrift b/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/thrift/sentry_policystore.thrift index 73a5d32..43102af 100644 --- a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/thrift/sentry_policystore.thrift +++ b/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/thrift/sentry_policystore.thrift @@ -32,6 +32,20 @@ enum TSentryPolicyServiceVersion { V1 } +enum TSentryStatus { +OK, +ALREADY_EXISTS, +NO_SUCH_OBJECT, +RUNTIME_ERROR +} + +struct TSentryResponseStatus { +1: required TSentryStatus value, +// message will be set to empty string when status is OK +2: required string message +3: optional string stack +} + struct TSentryPrivilege { 1: required string privilegeScope, 2: required string privilegeName, @@ -61,7 +75,7 @@ struct TCreateSentryRoleRequest { 3: required TSentryRole role } struct TCreateSentryRoleResponse { -1: required bool success +1: required TSentryResponseStatus status } struct TCreateSentryPrivilegeRequest { @@ -70,7 +84,7 @@ struct TCreateSentryPrivilegeRequest { 3: required TSentryPrivilege privilege } struct TCreateSentryPrivilegeResponse { -1: required bool success +1: required TSentryResponseStatus status } struct TCreateSentryPrivilegeRequest { @@ -79,7 +93,7 @@ struct TCreateSentryPrivilegeRequest { 3: required TSentryPrivilege privilege } struct TCreateSentryPrivilegeResponse { -1: required bool success +1: required TSentryResponseStatus status } struct TAlterSentryRoleAddGroupsRequest { @@ -89,7 +103,7 @@ struct TAlterSentryRoleAddGroupsRequest { 4: required set groups } struct TAlterSentryRoleAddGroupsResponse { -1: required bool success +1: required TSentryResponseStatus status } struct TAlterSentryRoleDeleteGroupsRequest { @@ -97,7 +111,7 @@ struct TAlterSentryRoleDeleteGroupsRequest { 2: required string userName, } struct TAlterSentryRoleDeleteGroupsResponse { -1: required bool success +1: required TSentryResponseStatus status } struct TListSentryRolesRequest { @@ -107,28 +121,20 @@ struct TListSentryRolesRequest { 4: optional string roleName } struct TListSentryRolesResponse { -1: required bool success, +1: required TSentryResponseStatus status 2: required set roles } -exception TSentryAlreadyExistsException { - 1: string message -} - -exception TSentryNoSuchObjectException { - 1: string message -} - service SentryThriftPolicyService { - TCreateSentryRoleResponse create_sentry_role(1:TCreateSentryRoleRequest request) throws (1:TSentryAlreadyExistsException o1) - //TDropSentryRoleResponse drop_sentry_role(1:TDropSentryRoleRequest request) throws (1:TSentryNoSuchObjectException o1) + TCreateSentryRoleResponse create_sentry_role(1:TCreateSentryRoleRequest request) + //TDropSentryRoleResponse drop_sentry_role(1:TDropSentryRoleRequest request) - TCreateSentryPrivilegeResponse create_sentry_privilege(1:TCreateSentryPrivilegeRequest request) throws (1:TSentryAlreadyExistsException o1) - //TDropSentryPrivilegeResponse drop_sentry_privilege(1:TDropSentryPrivilegeRequest request) throws (1:TSentryNoSuchObjectException o1) + TCreateSentryPrivilegeResponse create_sentry_privilege(1:TCreateSentryPrivilegeRequest request) + //TDropSentryPrivilegeResponse drop_sentry_privilege(1:TDropSentryPrivilegeRequest request) - TAlterSentryRoleAddGroupsResponse alter_sentry_role_add_groups(1:TAlterSentryRoleAddGroupsRequest request) throws (1:TSentryNoSuchObjectException o1) - TAlterSentryRoleDeleteGroupsResponse alter_sentry_role_delete_groups(1:TAlterSentryRoleDeleteGroupsRequest request) throws (1:TSentryNoSuchObjectException o1) + TAlterSentryRoleAddGroupsResponse alter_sentry_role_add_groups(1:TAlterSentryRoleAddGroupsRequest request) + TAlterSentryRoleDeleteGroupsResponse alter_sentry_role_delete_groups(1:TAlterSentryRoleDeleteGroupsRequest request) - TListSentryRolesResponse list_sentry_roles(1:TListSentryRolesRequest request) throws (1:TSentryNoSuchObjectException o1) + TListSentryRolesResponse list_sentry_roles(1:TListSentryRolesRequest request) }