sentry-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From br...@apache.org
Subject [1/3] SENTRY-136 - Thrift request structs should include the groupName in addition to the userName (Shreepadma via Brock)
Date Thu, 13 Mar 2014 14:25:27 GMT
Repository: incubator-sentry
Updated Branches:
  refs/heads/db_policy_store 066f993e5 -> 07767a1ce


http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/07767a1c/sentry-provider/sentry-provider-db/src/gen/thrift/gen-javabean/org/apache/sentry/provider/db/service/thrift/TListSentryRolesRequest.java
----------------------------------------------------------------------
diff --git a/sentry-provider/sentry-provider-db/src/gen/thrift/gen-javabean/org/apache/sentry/provider/db/service/thrift/TListSentryRolesRequest.java b/sentry-provider/sentry-provider-db/src/gen/thrift/gen-javabean/org/apache/sentry/provider/db/service/thrift/TListSentryRolesRequest.java
index c63a673..e144ac9 100644
--- a/sentry-provider/sentry-provider-db/src/gen/thrift/gen-javabean/org/apache/sentry/provider/db/service/thrift/TListSentryRolesRequest.java
+++ b/sentry-provider/sentry-provider-db/src/gen/thrift/gen-javabean/org/apache/sentry/provider/db/service/thrift/TListSentryRolesRequest.java
@@ -35,9 +35,10 @@ public class TListSentryRolesRequest implements org.apache.thrift.TBase<TListSen
   private static final org.apache.thrift.protocol.TStruct STRUCT_DESC = new org.apache.thrift.protocol.TStruct("TListSentryRolesRequest");
 
   private static final org.apache.thrift.protocol.TField PROTOCOL_VERSION_FIELD_DESC = new org.apache.thrift.protocol.TField("protocol_version", org.apache.thrift.protocol.TType.I32, (short)1);
-  private static final org.apache.thrift.protocol.TField USER_NAME_FIELD_DESC = new org.apache.thrift.protocol.TField("userName", org.apache.thrift.protocol.TType.STRING, (short)2);
-  private static final org.apache.thrift.protocol.TField GROUP_NAME_FIELD_DESC = new org.apache.thrift.protocol.TField("groupName", org.apache.thrift.protocol.TType.STRING, (short)3);
+  private static final org.apache.thrift.protocol.TField REQUESTOR_USER_NAME_FIELD_DESC = new org.apache.thrift.protocol.TField("requestorUserName", org.apache.thrift.protocol.TType.STRING, (short)2);
+  private static final org.apache.thrift.protocol.TField ROLEREQUESTOR_GROUP_NAME_FIELD_DESC = new org.apache.thrift.protocol.TField("rolerequestorGroupName", org.apache.thrift.protocol.TType.STRING, (short)3);
   private static final org.apache.thrift.protocol.TField ROLE_NAME_FIELD_DESC = new org.apache.thrift.protocol.TField("roleName", org.apache.thrift.protocol.TType.STRING, (short)4);
+  private static final org.apache.thrift.protocol.TField REQUESTOR_GROUP_NAME_FIELD_DESC = new org.apache.thrift.protocol.TField("requestorGroupName", org.apache.thrift.protocol.TType.SET, (short)5);
 
   private static final Map<Class<? extends IScheme>, SchemeFactory> schemes = new HashMap<Class<? extends IScheme>, SchemeFactory>();
   static {
@@ -46,16 +47,18 @@ public class TListSentryRolesRequest implements org.apache.thrift.TBase<TListSen
   }
 
   private int protocol_version; // required
-  private String userName; // optional
-  private String groupName; // optional
-  private String roleName; // optional
+  private String requestorUserName; // required
+  private String rolerequestorGroupName; // optional
+  private String roleName; // required
+  private Set<String> requestorGroupName; // required
 
   /** The set of fields this struct contains, along with convenience methods for finding and manipulating them. */
   public enum _Fields implements org.apache.thrift.TFieldIdEnum {
     PROTOCOL_VERSION((short)1, "protocol_version"),
-    USER_NAME((short)2, "userName"),
-    GROUP_NAME((short)3, "groupName"),
-    ROLE_NAME((short)4, "roleName");
+    REQUESTOR_USER_NAME((short)2, "requestorUserName"),
+    ROLEREQUESTOR_GROUP_NAME((short)3, "rolerequestorGroupName"),
+    ROLE_NAME((short)4, "roleName"),
+    REQUESTOR_GROUP_NAME((short)5, "requestorGroupName");
 
     private static final Map<String, _Fields> byName = new HashMap<String, _Fields>();
 
@@ -72,12 +75,14 @@ public class TListSentryRolesRequest implements org.apache.thrift.TBase<TListSen
       switch(fieldId) {
         case 1: // PROTOCOL_VERSION
           return PROTOCOL_VERSION;
-        case 2: // USER_NAME
-          return USER_NAME;
-        case 3: // GROUP_NAME
-          return GROUP_NAME;
+        case 2: // REQUESTOR_USER_NAME
+          return REQUESTOR_USER_NAME;
+        case 3: // ROLEREQUESTOR_GROUP_NAME
+          return ROLEREQUESTOR_GROUP_NAME;
         case 4: // ROLE_NAME
           return ROLE_NAME;
+        case 5: // REQUESTOR_GROUP_NAME
+          return REQUESTOR_GROUP_NAME;
         default:
           return null;
       }
@@ -120,18 +125,21 @@ public class TListSentryRolesRequest implements org.apache.thrift.TBase<TListSen
   // isset id assignments
   private static final int __PROTOCOL_VERSION_ISSET_ID = 0;
   private byte __isset_bitfield = 0;
-  private _Fields optionals[] = {_Fields.USER_NAME,_Fields.GROUP_NAME,_Fields.ROLE_NAME};
+  private _Fields optionals[] = {_Fields.ROLEREQUESTOR_GROUP_NAME};
   public static final Map<_Fields, org.apache.thrift.meta_data.FieldMetaData> metaDataMap;
   static {
     Map<_Fields, org.apache.thrift.meta_data.FieldMetaData> tmpMap = new EnumMap<_Fields, org.apache.thrift.meta_data.FieldMetaData>(_Fields.class);
     tmpMap.put(_Fields.PROTOCOL_VERSION, new org.apache.thrift.meta_data.FieldMetaData("protocol_version", org.apache.thrift.TFieldRequirementType.REQUIRED, 
         new org.apache.thrift.meta_data.FieldValueMetaData(org.apache.thrift.protocol.TType.I32)));
-    tmpMap.put(_Fields.USER_NAME, new org.apache.thrift.meta_data.FieldMetaData("userName", org.apache.thrift.TFieldRequirementType.OPTIONAL, 
+    tmpMap.put(_Fields.REQUESTOR_USER_NAME, new org.apache.thrift.meta_data.FieldMetaData("requestorUserName", org.apache.thrift.TFieldRequirementType.REQUIRED, 
         new org.apache.thrift.meta_data.FieldValueMetaData(org.apache.thrift.protocol.TType.STRING)));
-    tmpMap.put(_Fields.GROUP_NAME, new org.apache.thrift.meta_data.FieldMetaData("groupName", org.apache.thrift.TFieldRequirementType.OPTIONAL, 
+    tmpMap.put(_Fields.ROLEREQUESTOR_GROUP_NAME, new org.apache.thrift.meta_data.FieldMetaData("rolerequestorGroupName", org.apache.thrift.TFieldRequirementType.OPTIONAL, 
         new org.apache.thrift.meta_data.FieldValueMetaData(org.apache.thrift.protocol.TType.STRING)));
-    tmpMap.put(_Fields.ROLE_NAME, new org.apache.thrift.meta_data.FieldMetaData("roleName", org.apache.thrift.TFieldRequirementType.OPTIONAL, 
+    tmpMap.put(_Fields.ROLE_NAME, new org.apache.thrift.meta_data.FieldMetaData("roleName", org.apache.thrift.TFieldRequirementType.REQUIRED, 
         new org.apache.thrift.meta_data.FieldValueMetaData(org.apache.thrift.protocol.TType.STRING)));
+    tmpMap.put(_Fields.REQUESTOR_GROUP_NAME, new org.apache.thrift.meta_data.FieldMetaData("requestorGroupName", org.apache.thrift.TFieldRequirementType.REQUIRED, 
+        new org.apache.thrift.meta_data.SetMetaData(org.apache.thrift.protocol.TType.SET, 
+            new org.apache.thrift.meta_data.FieldValueMetaData(org.apache.thrift.protocol.TType.STRING))));
     metaDataMap = Collections.unmodifiableMap(tmpMap);
     org.apache.thrift.meta_data.FieldMetaData.addStructMetaDataMap(TListSentryRolesRequest.class, metaDataMap);
   }
@@ -142,11 +150,17 @@ public class TListSentryRolesRequest implements org.apache.thrift.TBase<TListSen
   }
 
   public TListSentryRolesRequest(
-    int protocol_version)
+    int protocol_version,
+    String requestorUserName,
+    String roleName,
+    Set<String> requestorGroupName)
   {
     this();
     this.protocol_version = protocol_version;
     setProtocol_versionIsSet(true);
+    this.requestorUserName = requestorUserName;
+    this.roleName = roleName;
+    this.requestorGroupName = requestorGroupName;
   }
 
   /**
@@ -155,15 +169,22 @@ public class TListSentryRolesRequest implements org.apache.thrift.TBase<TListSen
   public TListSentryRolesRequest(TListSentryRolesRequest other) {
     __isset_bitfield = other.__isset_bitfield;
     this.protocol_version = other.protocol_version;
-    if (other.isSetUserName()) {
-      this.userName = other.userName;
+    if (other.isSetRequestorUserName()) {
+      this.requestorUserName = other.requestorUserName;
     }
-    if (other.isSetGroupName()) {
-      this.groupName = other.groupName;
+    if (other.isSetRolerequestorGroupName()) {
+      this.rolerequestorGroupName = other.rolerequestorGroupName;
     }
     if (other.isSetRoleName()) {
       this.roleName = other.roleName;
     }
+    if (other.isSetRequestorGroupName()) {
+      Set<String> __this__requestorGroupName = new HashSet<String>();
+      for (String other_element : other.requestorGroupName) {
+        __this__requestorGroupName.add(other_element);
+      }
+      this.requestorGroupName = __this__requestorGroupName;
+    }
   }
 
   public TListSentryRolesRequest deepCopy() {
@@ -174,9 +195,10 @@ public class TListSentryRolesRequest implements org.apache.thrift.TBase<TListSen
   public void clear() {
     this.protocol_version = 1;
 
-    this.userName = null;
-    this.groupName = null;
+    this.requestorUserName = null;
+    this.rolerequestorGroupName = null;
     this.roleName = null;
+    this.requestorGroupName = null;
   }
 
   public int getProtocol_version() {
@@ -201,49 +223,49 @@ public class TListSentryRolesRequest implements org.apache.thrift.TBase<TListSen
     __isset_bitfield = EncodingUtils.setBit(__isset_bitfield, __PROTOCOL_VERSION_ISSET_ID, value);
   }
 
-  public String getUserName() {
-    return this.userName;
+  public String getRequestorUserName() {
+    return this.requestorUserName;
   }
 
-  public void setUserName(String userName) {
-    this.userName = userName;
+  public void setRequestorUserName(String requestorUserName) {
+    this.requestorUserName = requestorUserName;
   }
 
-  public void unsetUserName() {
-    this.userName = null;
+  public void unsetRequestorUserName() {
+    this.requestorUserName = null;
   }
 
-  /** Returns true if field userName is set (has been assigned a value) and false otherwise */
-  public boolean isSetUserName() {
-    return this.userName != null;
+  /** Returns true if field requestorUserName is set (has been assigned a value) and false otherwise */
+  public boolean isSetRequestorUserName() {
+    return this.requestorUserName != null;
   }
 
-  public void setUserNameIsSet(boolean value) {
+  public void setRequestorUserNameIsSet(boolean value) {
     if (!value) {
-      this.userName = null;
+      this.requestorUserName = null;
     }
   }
 
-  public String getGroupName() {
-    return this.groupName;
+  public String getRolerequestorGroupName() {
+    return this.rolerequestorGroupName;
   }
 
-  public void setGroupName(String groupName) {
-    this.groupName = groupName;
+  public void setRolerequestorGroupName(String rolerequestorGroupName) {
+    this.rolerequestorGroupName = rolerequestorGroupName;
   }
 
-  public void unsetGroupName() {
-    this.groupName = null;
+  public void unsetRolerequestorGroupName() {
+    this.rolerequestorGroupName = null;
   }
 
-  /** Returns true if field groupName is set (has been assigned a value) and false otherwise */
-  public boolean isSetGroupName() {
-    return this.groupName != null;
+  /** Returns true if field rolerequestorGroupName is set (has been assigned a value) and false otherwise */
+  public boolean isSetRolerequestorGroupName() {
+    return this.rolerequestorGroupName != null;
   }
 
-  public void setGroupNameIsSet(boolean value) {
+  public void setRolerequestorGroupNameIsSet(boolean value) {
     if (!value) {
-      this.groupName = null;
+      this.rolerequestorGroupName = null;
     }
   }
 
@@ -270,6 +292,44 @@ public class TListSentryRolesRequest implements org.apache.thrift.TBase<TListSen
     }
   }
 
+  public int getRequestorGroupNameSize() {
+    return (this.requestorGroupName == null) ? 0 : this.requestorGroupName.size();
+  }
+
+  public java.util.Iterator<String> getRequestorGroupNameIterator() {
+    return (this.requestorGroupName == null) ? null : this.requestorGroupName.iterator();
+  }
+
+  public void addToRequestorGroupName(String elem) {
+    if (this.requestorGroupName == null) {
+      this.requestorGroupName = new HashSet<String>();
+    }
+    this.requestorGroupName.add(elem);
+  }
+
+  public Set<String> getRequestorGroupName() {
+    return this.requestorGroupName;
+  }
+
+  public void setRequestorGroupName(Set<String> requestorGroupName) {
+    this.requestorGroupName = requestorGroupName;
+  }
+
+  public void unsetRequestorGroupName() {
+    this.requestorGroupName = null;
+  }
+
+  /** Returns true if field requestorGroupName is set (has been assigned a value) and false otherwise */
+  public boolean isSetRequestorGroupName() {
+    return this.requestorGroupName != null;
+  }
+
+  public void setRequestorGroupNameIsSet(boolean value) {
+    if (!value) {
+      this.requestorGroupName = null;
+    }
+  }
+
   public void setFieldValue(_Fields field, Object value) {
     switch (field) {
     case PROTOCOL_VERSION:
@@ -280,19 +340,19 @@ public class TListSentryRolesRequest implements org.apache.thrift.TBase<TListSen
       }
       break;
 
-    case USER_NAME:
+    case REQUESTOR_USER_NAME:
       if (value == null) {
-        unsetUserName();
+        unsetRequestorUserName();
       } else {
-        setUserName((String)value);
+        setRequestorUserName((String)value);
       }
       break;
 
-    case GROUP_NAME:
+    case ROLEREQUESTOR_GROUP_NAME:
       if (value == null) {
-        unsetGroupName();
+        unsetRolerequestorGroupName();
       } else {
-        setGroupName((String)value);
+        setRolerequestorGroupName((String)value);
       }
       break;
 
@@ -304,6 +364,14 @@ public class TListSentryRolesRequest implements org.apache.thrift.TBase<TListSen
       }
       break;
 
+    case REQUESTOR_GROUP_NAME:
+      if (value == null) {
+        unsetRequestorGroupName();
+      } else {
+        setRequestorGroupName((Set<String>)value);
+      }
+      break;
+
     }
   }
 
@@ -312,15 +380,18 @@ public class TListSentryRolesRequest implements org.apache.thrift.TBase<TListSen
     case PROTOCOL_VERSION:
       return Integer.valueOf(getProtocol_version());
 
-    case USER_NAME:
-      return getUserName();
+    case REQUESTOR_USER_NAME:
+      return getRequestorUserName();
 
-    case GROUP_NAME:
-      return getGroupName();
+    case ROLEREQUESTOR_GROUP_NAME:
+      return getRolerequestorGroupName();
 
     case ROLE_NAME:
       return getRoleName();
 
+    case REQUESTOR_GROUP_NAME:
+      return getRequestorGroupName();
+
     }
     throw new IllegalStateException();
   }
@@ -334,12 +405,14 @@ public class TListSentryRolesRequest implements org.apache.thrift.TBase<TListSen
     switch (field) {
     case PROTOCOL_VERSION:
       return isSetProtocol_version();
-    case USER_NAME:
-      return isSetUserName();
-    case GROUP_NAME:
-      return isSetGroupName();
+    case REQUESTOR_USER_NAME:
+      return isSetRequestorUserName();
+    case ROLEREQUESTOR_GROUP_NAME:
+      return isSetRolerequestorGroupName();
     case ROLE_NAME:
       return isSetRoleName();
+    case REQUESTOR_GROUP_NAME:
+      return isSetRequestorGroupName();
     }
     throw new IllegalStateException();
   }
@@ -366,21 +439,21 @@ public class TListSentryRolesRequest implements org.apache.thrift.TBase<TListSen
         return false;
     }
 
-    boolean this_present_userName = true && this.isSetUserName();
-    boolean that_present_userName = true && that.isSetUserName();
-    if (this_present_userName || that_present_userName) {
-      if (!(this_present_userName && that_present_userName))
+    boolean this_present_requestorUserName = true && this.isSetRequestorUserName();
+    boolean that_present_requestorUserName = true && that.isSetRequestorUserName();
+    if (this_present_requestorUserName || that_present_requestorUserName) {
+      if (!(this_present_requestorUserName && that_present_requestorUserName))
         return false;
-      if (!this.userName.equals(that.userName))
+      if (!this.requestorUserName.equals(that.requestorUserName))
         return false;
     }
 
-    boolean this_present_groupName = true && this.isSetGroupName();
-    boolean that_present_groupName = true && that.isSetGroupName();
-    if (this_present_groupName || that_present_groupName) {
-      if (!(this_present_groupName && that_present_groupName))
+    boolean this_present_rolerequestorGroupName = true && this.isSetRolerequestorGroupName();
+    boolean that_present_rolerequestorGroupName = true && that.isSetRolerequestorGroupName();
+    if (this_present_rolerequestorGroupName || that_present_rolerequestorGroupName) {
+      if (!(this_present_rolerequestorGroupName && that_present_rolerequestorGroupName))
         return false;
-      if (!this.groupName.equals(that.groupName))
+      if (!this.rolerequestorGroupName.equals(that.rolerequestorGroupName))
         return false;
     }
 
@@ -393,6 +466,15 @@ public class TListSentryRolesRequest implements org.apache.thrift.TBase<TListSen
         return false;
     }
 
+    boolean this_present_requestorGroupName = true && this.isSetRequestorGroupName();
+    boolean that_present_requestorGroupName = true && that.isSetRequestorGroupName();
+    if (this_present_requestorGroupName || that_present_requestorGroupName) {
+      if (!(this_present_requestorGroupName && that_present_requestorGroupName))
+        return false;
+      if (!this.requestorGroupName.equals(that.requestorGroupName))
+        return false;
+    }
+
     return true;
   }
 
@@ -405,21 +487,26 @@ public class TListSentryRolesRequest implements org.apache.thrift.TBase<TListSen
     if (present_protocol_version)
       builder.append(protocol_version);
 
-    boolean present_userName = true && (isSetUserName());
-    builder.append(present_userName);
-    if (present_userName)
-      builder.append(userName);
+    boolean present_requestorUserName = true && (isSetRequestorUserName());
+    builder.append(present_requestorUserName);
+    if (present_requestorUserName)
+      builder.append(requestorUserName);
 
-    boolean present_groupName = true && (isSetGroupName());
-    builder.append(present_groupName);
-    if (present_groupName)
-      builder.append(groupName);
+    boolean present_rolerequestorGroupName = true && (isSetRolerequestorGroupName());
+    builder.append(present_rolerequestorGroupName);
+    if (present_rolerequestorGroupName)
+      builder.append(rolerequestorGroupName);
 
     boolean present_roleName = true && (isSetRoleName());
     builder.append(present_roleName);
     if (present_roleName)
       builder.append(roleName);
 
+    boolean present_requestorGroupName = true && (isSetRequestorGroupName());
+    builder.append(present_requestorGroupName);
+    if (present_requestorGroupName)
+      builder.append(requestorGroupName);
+
     return builder.toHashCode();
   }
 
@@ -441,22 +528,22 @@ public class TListSentryRolesRequest implements org.apache.thrift.TBase<TListSen
         return lastComparison;
       }
     }
-    lastComparison = Boolean.valueOf(isSetUserName()).compareTo(typedOther.isSetUserName());
+    lastComparison = Boolean.valueOf(isSetRequestorUserName()).compareTo(typedOther.isSetRequestorUserName());
     if (lastComparison != 0) {
       return lastComparison;
     }
-    if (isSetUserName()) {
-      lastComparison = org.apache.thrift.TBaseHelper.compareTo(this.userName, typedOther.userName);
+    if (isSetRequestorUserName()) {
+      lastComparison = org.apache.thrift.TBaseHelper.compareTo(this.requestorUserName, typedOther.requestorUserName);
       if (lastComparison != 0) {
         return lastComparison;
       }
     }
-    lastComparison = Boolean.valueOf(isSetGroupName()).compareTo(typedOther.isSetGroupName());
+    lastComparison = Boolean.valueOf(isSetRolerequestorGroupName()).compareTo(typedOther.isSetRolerequestorGroupName());
     if (lastComparison != 0) {
       return lastComparison;
     }
-    if (isSetGroupName()) {
-      lastComparison = org.apache.thrift.TBaseHelper.compareTo(this.groupName, typedOther.groupName);
+    if (isSetRolerequestorGroupName()) {
+      lastComparison = org.apache.thrift.TBaseHelper.compareTo(this.rolerequestorGroupName, typedOther.rolerequestorGroupName);
       if (lastComparison != 0) {
         return lastComparison;
       }
@@ -471,6 +558,16 @@ public class TListSentryRolesRequest implements org.apache.thrift.TBase<TListSen
         return lastComparison;
       }
     }
+    lastComparison = Boolean.valueOf(isSetRequestorGroupName()).compareTo(typedOther.isSetRequestorGroupName());
+    if (lastComparison != 0) {
+      return lastComparison;
+    }
+    if (isSetRequestorGroupName()) {
+      lastComparison = org.apache.thrift.TBaseHelper.compareTo(this.requestorGroupName, typedOther.requestorGroupName);
+      if (lastComparison != 0) {
+        return lastComparison;
+      }
+    }
     return 0;
   }
 
@@ -494,36 +591,40 @@ public class TListSentryRolesRequest implements org.apache.thrift.TBase<TListSen
     sb.append("protocol_version:");
     sb.append(this.protocol_version);
     first = false;
-    if (isSetUserName()) {
-      if (!first) sb.append(", ");
-      sb.append("userName:");
-      if (this.userName == null) {
-        sb.append("null");
-      } else {
-        sb.append(this.userName);
-      }
-      first = false;
+    if (!first) sb.append(", ");
+    sb.append("requestorUserName:");
+    if (this.requestorUserName == null) {
+      sb.append("null");
+    } else {
+      sb.append(this.requestorUserName);
     }
-    if (isSetGroupName()) {
+    first = false;
+    if (isSetRolerequestorGroupName()) {
       if (!first) sb.append(", ");
-      sb.append("groupName:");
-      if (this.groupName == null) {
+      sb.append("rolerequestorGroupName:");
+      if (this.rolerequestorGroupName == null) {
         sb.append("null");
       } else {
-        sb.append(this.groupName);
+        sb.append(this.rolerequestorGroupName);
       }
       first = false;
     }
-    if (isSetRoleName()) {
-      if (!first) sb.append(", ");
-      sb.append("roleName:");
-      if (this.roleName == null) {
-        sb.append("null");
-      } else {
-        sb.append(this.roleName);
-      }
-      first = false;
+    if (!first) sb.append(", ");
+    sb.append("roleName:");
+    if (this.roleName == null) {
+      sb.append("null");
+    } else {
+      sb.append(this.roleName);
     }
+    first = false;
+    if (!first) sb.append(", ");
+    sb.append("requestorGroupName:");
+    if (this.requestorGroupName == null) {
+      sb.append("null");
+    } else {
+      sb.append(this.requestorGroupName);
+    }
+    first = false;
     sb.append(")");
     return sb.toString();
   }
@@ -534,6 +635,18 @@ public class TListSentryRolesRequest implements org.apache.thrift.TBase<TListSen
       throw new org.apache.thrift.protocol.TProtocolException("Required field 'protocol_version' is unset! Struct:" + toString());
     }
 
+    if (!isSetRequestorUserName()) {
+      throw new org.apache.thrift.protocol.TProtocolException("Required field 'requestorUserName' is unset! Struct:" + toString());
+    }
+
+    if (!isSetRoleName()) {
+      throw new org.apache.thrift.protocol.TProtocolException("Required field 'roleName' is unset! Struct:" + toString());
+    }
+
+    if (!isSetRequestorGroupName()) {
+      throw new org.apache.thrift.protocol.TProtocolException("Required field 'requestorGroupName' is unset! Struct:" + toString());
+    }
+
     // check for sub-struct validity
   }
 
@@ -581,18 +694,18 @@ public class TListSentryRolesRequest implements org.apache.thrift.TBase<TListSen
               org.apache.thrift.protocol.TProtocolUtil.skip(iprot, schemeField.type);
             }
             break;
-          case 2: // USER_NAME
+          case 2: // REQUESTOR_USER_NAME
             if (schemeField.type == org.apache.thrift.protocol.TType.STRING) {
-              struct.userName = iprot.readString();
-              struct.setUserNameIsSet(true);
+              struct.requestorUserName = iprot.readString();
+              struct.setRequestorUserNameIsSet(true);
             } else { 
               org.apache.thrift.protocol.TProtocolUtil.skip(iprot, schemeField.type);
             }
             break;
-          case 3: // GROUP_NAME
+          case 3: // ROLEREQUESTOR_GROUP_NAME
             if (schemeField.type == org.apache.thrift.protocol.TType.STRING) {
-              struct.groupName = iprot.readString();
-              struct.setGroupNameIsSet(true);
+              struct.rolerequestorGroupName = iprot.readString();
+              struct.setRolerequestorGroupNameIsSet(true);
             } else { 
               org.apache.thrift.protocol.TProtocolUtil.skip(iprot, schemeField.type);
             }
@@ -605,6 +718,24 @@ public class TListSentryRolesRequest implements org.apache.thrift.TBase<TListSen
               org.apache.thrift.protocol.TProtocolUtil.skip(iprot, schemeField.type);
             }
             break;
+          case 5: // REQUESTOR_GROUP_NAME
+            if (schemeField.type == org.apache.thrift.protocol.TType.SET) {
+              {
+                org.apache.thrift.protocol.TSet _set16 = iprot.readSetBegin();
+                struct.requestorGroupName = new HashSet<String>(2*_set16.size);
+                for (int _i17 = 0; _i17 < _set16.size; ++_i17)
+                {
+                  String _elem18; // required
+                  _elem18 = iprot.readString();
+                  struct.requestorGroupName.add(_elem18);
+                }
+                iprot.readSetEnd();
+              }
+              struct.setRequestorGroupNameIsSet(true);
+            } else { 
+              org.apache.thrift.protocol.TProtocolUtil.skip(iprot, schemeField.type);
+            }
+            break;
           default:
             org.apache.thrift.protocol.TProtocolUtil.skip(iprot, schemeField.type);
         }
@@ -621,26 +752,34 @@ public class TListSentryRolesRequest implements org.apache.thrift.TBase<TListSen
       oprot.writeFieldBegin(PROTOCOL_VERSION_FIELD_DESC);
       oprot.writeI32(struct.protocol_version);
       oprot.writeFieldEnd();
-      if (struct.userName != null) {
-        if (struct.isSetUserName()) {
-          oprot.writeFieldBegin(USER_NAME_FIELD_DESC);
-          oprot.writeString(struct.userName);
-          oprot.writeFieldEnd();
-        }
+      if (struct.requestorUserName != null) {
+        oprot.writeFieldBegin(REQUESTOR_USER_NAME_FIELD_DESC);
+        oprot.writeString(struct.requestorUserName);
+        oprot.writeFieldEnd();
       }
-      if (struct.groupName != null) {
-        if (struct.isSetGroupName()) {
-          oprot.writeFieldBegin(GROUP_NAME_FIELD_DESC);
-          oprot.writeString(struct.groupName);
+      if (struct.rolerequestorGroupName != null) {
+        if (struct.isSetRolerequestorGroupName()) {
+          oprot.writeFieldBegin(ROLEREQUESTOR_GROUP_NAME_FIELD_DESC);
+          oprot.writeString(struct.rolerequestorGroupName);
           oprot.writeFieldEnd();
         }
       }
       if (struct.roleName != null) {
-        if (struct.isSetRoleName()) {
-          oprot.writeFieldBegin(ROLE_NAME_FIELD_DESC);
-          oprot.writeString(struct.roleName);
-          oprot.writeFieldEnd();
+        oprot.writeFieldBegin(ROLE_NAME_FIELD_DESC);
+        oprot.writeString(struct.roleName);
+        oprot.writeFieldEnd();
+      }
+      if (struct.requestorGroupName != null) {
+        oprot.writeFieldBegin(REQUESTOR_GROUP_NAME_FIELD_DESC);
+        {
+          oprot.writeSetBegin(new org.apache.thrift.protocol.TSet(org.apache.thrift.protocol.TType.STRING, struct.requestorGroupName.size()));
+          for (String _iter19 : struct.requestorGroupName)
+          {
+            oprot.writeString(_iter19);
+          }
+          oprot.writeSetEnd();
         }
+        oprot.writeFieldEnd();
       }
       oprot.writeFieldStop();
       oprot.writeStructEnd();
@@ -660,25 +799,22 @@ public class TListSentryRolesRequest implements org.apache.thrift.TBase<TListSen
     public void write(org.apache.thrift.protocol.TProtocol prot, TListSentryRolesRequest struct) throws org.apache.thrift.TException {
       TTupleProtocol oprot = (TTupleProtocol) prot;
       oprot.writeI32(struct.protocol_version);
+      oprot.writeString(struct.requestorUserName);
+      oprot.writeString(struct.roleName);
+      {
+        oprot.writeI32(struct.requestorGroupName.size());
+        for (String _iter20 : struct.requestorGroupName)
+        {
+          oprot.writeString(_iter20);
+        }
+      }
       BitSet optionals = new BitSet();
-      if (struct.isSetUserName()) {
+      if (struct.isSetRolerequestorGroupName()) {
         optionals.set(0);
       }
-      if (struct.isSetGroupName()) {
-        optionals.set(1);
-      }
-      if (struct.isSetRoleName()) {
-        optionals.set(2);
-      }
-      oprot.writeBitSet(optionals, 3);
-      if (struct.isSetUserName()) {
-        oprot.writeString(struct.userName);
-      }
-      if (struct.isSetGroupName()) {
-        oprot.writeString(struct.groupName);
-      }
-      if (struct.isSetRoleName()) {
-        oprot.writeString(struct.roleName);
+      oprot.writeBitSet(optionals, 1);
+      if (struct.isSetRolerequestorGroupName()) {
+        oprot.writeString(struct.rolerequestorGroupName);
       }
     }
 
@@ -687,18 +823,25 @@ public class TListSentryRolesRequest implements org.apache.thrift.TBase<TListSen
       TTupleProtocol iprot = (TTupleProtocol) prot;
       struct.protocol_version = iprot.readI32();
       struct.setProtocol_versionIsSet(true);
-      BitSet incoming = iprot.readBitSet(3);
-      if (incoming.get(0)) {
-        struct.userName = iprot.readString();
-        struct.setUserNameIsSet(true);
-      }
-      if (incoming.get(1)) {
-        struct.groupName = iprot.readString();
-        struct.setGroupNameIsSet(true);
+      struct.requestorUserName = iprot.readString();
+      struct.setRequestorUserNameIsSet(true);
+      struct.roleName = iprot.readString();
+      struct.setRoleNameIsSet(true);
+      {
+        org.apache.thrift.protocol.TSet _set21 = new org.apache.thrift.protocol.TSet(org.apache.thrift.protocol.TType.STRING, iprot.readI32());
+        struct.requestorGroupName = new HashSet<String>(2*_set21.size);
+        for (int _i22 = 0; _i22 < _set21.size; ++_i22)
+        {
+          String _elem23; // required
+          _elem23 = iprot.readString();
+          struct.requestorGroupName.add(_elem23);
+        }
       }
-      if (incoming.get(2)) {
-        struct.roleName = iprot.readString();
-        struct.setRoleNameIsSet(true);
+      struct.setRequestorGroupNameIsSet(true);
+      BitSet incoming = iprot.readBitSet(1);
+      if (incoming.get(0)) {
+        struct.rolerequestorGroupName = iprot.readString();
+        struct.setRolerequestorGroupNameIsSet(true);
       }
     }
   }

http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/07767a1c/sentry-provider/sentry-provider-db/src/gen/thrift/gen-javabean/org/apache/sentry/provider/db/service/thrift/TListSentryRolesResponse.java
----------------------------------------------------------------------
diff --git a/sentry-provider/sentry-provider-db/src/gen/thrift/gen-javabean/org/apache/sentry/provider/db/service/thrift/TListSentryRolesResponse.java b/sentry-provider/sentry-provider-db/src/gen/thrift/gen-javabean/org/apache/sentry/provider/db/service/thrift/TListSentryRolesResponse.java
index b035b12..f3dfac2 100644
--- a/sentry-provider/sentry-provider-db/src/gen/thrift/gen-javabean/org/apache/sentry/provider/db/service/thrift/TListSentryRolesResponse.java
+++ b/sentry-provider/sentry-provider-db/src/gen/thrift/gen-javabean/org/apache/sentry/provider/db/service/thrift/TListSentryRolesResponse.java
@@ -447,14 +447,14 @@ public class TListSentryRolesResponse implements org.apache.thrift.TBase<TListSe
           case 2: // ROLES
             if (schemeField.type == org.apache.thrift.protocol.TType.SET) {
               {
-                org.apache.thrift.protocol.TSet _set8 = iprot.readSetBegin();
-                struct.roles = new HashSet<TSentryRole>(2*_set8.size);
-                for (int _i9 = 0; _i9 < _set8.size; ++_i9)
+                org.apache.thrift.protocol.TSet _set24 = iprot.readSetBegin();
+                struct.roles = new HashSet<TSentryRole>(2*_set24.size);
+                for (int _i25 = 0; _i25 < _set24.size; ++_i25)
                 {
-                  TSentryRole _elem10; // required
-                  _elem10 = new TSentryRole();
-                  _elem10.read(iprot);
-                  struct.roles.add(_elem10);
+                  TSentryRole _elem26; // required
+                  _elem26 = new TSentryRole();
+                  _elem26.read(iprot);
+                  struct.roles.add(_elem26);
                 }
                 iprot.readSetEnd();
               }
@@ -485,9 +485,9 @@ public class TListSentryRolesResponse implements org.apache.thrift.TBase<TListSe
         oprot.writeFieldBegin(ROLES_FIELD_DESC);
         {
           oprot.writeSetBegin(new org.apache.thrift.protocol.TSet(org.apache.thrift.protocol.TType.STRUCT, struct.roles.size()));
-          for (TSentryRole _iter11 : struct.roles)
+          for (TSentryRole _iter27 : struct.roles)
           {
-            _iter11.write(oprot);
+            _iter27.write(oprot);
           }
           oprot.writeSetEnd();
         }
@@ -513,9 +513,9 @@ public class TListSentryRolesResponse implements org.apache.thrift.TBase<TListSe
       struct.status.write(oprot);
       {
         oprot.writeI32(struct.roles.size());
-        for (TSentryRole _iter12 : struct.roles)
+        for (TSentryRole _iter28 : struct.roles)
         {
-          _iter12.write(oprot);
+          _iter28.write(oprot);
         }
       }
     }
@@ -527,14 +527,14 @@ public class TListSentryRolesResponse implements org.apache.thrift.TBase<TListSe
       struct.status.read(iprot);
       struct.setStatusIsSet(true);
       {
-        org.apache.thrift.protocol.TSet _set13 = new org.apache.thrift.protocol.TSet(org.apache.thrift.protocol.TType.STRUCT, iprot.readI32());
-        struct.roles = new HashSet<TSentryRole>(2*_set13.size);
-        for (int _i14 = 0; _i14 < _set13.size; ++_i14)
+        org.apache.thrift.protocol.TSet _set29 = new org.apache.thrift.protocol.TSet(org.apache.thrift.protocol.TType.STRUCT, iprot.readI32());
+        struct.roles = new HashSet<TSentryRole>(2*_set29.size);
+        for (int _i30 = 0; _i30 < _set29.size; ++_i30)
         {
-          TSentryRole _elem15; // required
-          _elem15 = new TSentryRole();
-          _elem15.read(iprot);
-          struct.roles.add(_elem15);
+          TSentryRole _elem31; // required
+          _elem31 = new TSentryRole();
+          _elem31.read(iprot);
+          struct.roles.add(_elem31);
         }
       }
       struct.setRolesIsSet(true);

http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/07767a1c/sentry-provider/sentry-provider-db/src/gen/thrift/gen-javabean/org/apache/sentry/provider/db/service/thrift/TSentryPrivilege.java
----------------------------------------------------------------------
diff --git a/sentry-provider/sentry-provider-db/src/gen/thrift/gen-javabean/org/apache/sentry/provider/db/service/thrift/TSentryPrivilege.java b/sentry-provider/sentry-provider-db/src/gen/thrift/gen-javabean/org/apache/sentry/provider/db/service/thrift/TSentryPrivilege.java
index 9796562..9e8ac4c 100644
--- a/sentry-provider/sentry-provider-db/src/gen/thrift/gen-javabean/org/apache/sentry/provider/db/service/thrift/TSentryPrivilege.java
+++ b/sentry-provider/sentry-provider-db/src/gen/thrift/gen-javabean/org/apache/sentry/provider/db/service/thrift/TSentryPrivilege.java
@@ -57,7 +57,7 @@ public class TSentryPrivilege implements org.apache.thrift.TBase<TSentryPrivileg
   private String tableName; // optional
   private String URI; // optional
   private String action; // required
-  private long createTime; // required
+  private long createTime; // optional
   private String grantorPrincipal; // optional
 
   /** The set of fields this struct contains, along with convenience methods for finding and manipulating them. */
@@ -145,7 +145,7 @@ public class TSentryPrivilege implements org.apache.thrift.TBase<TSentryPrivileg
   // isset id assignments
   private static final int __CREATETIME_ISSET_ID = 0;
   private byte __isset_bitfield = 0;
-  private _Fields optionals[] = {_Fields.PRIVILEGE_NAME,_Fields.DB_NAME,_Fields.TABLE_NAME,_Fields.URI,_Fields.GRANTOR_PRINCIPAL};
+  private _Fields optionals[] = {_Fields.PRIVILEGE_NAME,_Fields.DB_NAME,_Fields.TABLE_NAME,_Fields.URI,_Fields.CREATE_TIME,_Fields.GRANTOR_PRINCIPAL};
   public static final Map<_Fields, org.apache.thrift.meta_data.FieldMetaData> metaDataMap;
   static {
     Map<_Fields, org.apache.thrift.meta_data.FieldMetaData> tmpMap = new EnumMap<_Fields, org.apache.thrift.meta_data.FieldMetaData>(_Fields.class);
@@ -163,7 +163,7 @@ public class TSentryPrivilege implements org.apache.thrift.TBase<TSentryPrivileg
         new org.apache.thrift.meta_data.FieldValueMetaData(org.apache.thrift.protocol.TType.STRING)));
     tmpMap.put(_Fields.ACTION, new org.apache.thrift.meta_data.FieldMetaData("action", org.apache.thrift.TFieldRequirementType.REQUIRED, 
         new org.apache.thrift.meta_data.FieldValueMetaData(org.apache.thrift.protocol.TType.STRING)));
-    tmpMap.put(_Fields.CREATE_TIME, new org.apache.thrift.meta_data.FieldMetaData("createTime", org.apache.thrift.TFieldRequirementType.REQUIRED, 
+    tmpMap.put(_Fields.CREATE_TIME, new org.apache.thrift.meta_data.FieldMetaData("createTime", org.apache.thrift.TFieldRequirementType.OPTIONAL, 
         new org.apache.thrift.meta_data.FieldValueMetaData(org.apache.thrift.protocol.TType.I64)));
     tmpMap.put(_Fields.GRANTOR_PRINCIPAL, new org.apache.thrift.meta_data.FieldMetaData("grantorPrincipal", org.apache.thrift.TFieldRequirementType.OPTIONAL, 
         new org.apache.thrift.meta_data.FieldValueMetaData(org.apache.thrift.protocol.TType.STRING)));
@@ -177,15 +177,12 @@ public class TSentryPrivilege implements org.apache.thrift.TBase<TSentryPrivileg
   public TSentryPrivilege(
     String privilegeScope,
     String serverName,
-    String action,
-    long createTime)
+    String action)
   {
     this();
     this.privilegeScope = privilegeScope;
     this.serverName = serverName;
     this.action = action;
-    this.createTime = createTime;
-    setCreateTimeIsSet(true);
   }
 
   /**
@@ -659,8 +656,8 @@ public class TSentryPrivilege implements org.apache.thrift.TBase<TSentryPrivileg
         return false;
     }
 
-    boolean this_present_createTime = true;
-    boolean that_present_createTime = true;
+    boolean this_present_createTime = true && this.isSetCreateTime();
+    boolean that_present_createTime = true && that.isSetCreateTime();
     if (this_present_createTime || that_present_createTime) {
       if (!(this_present_createTime && that_present_createTime))
         return false;
@@ -719,7 +716,7 @@ public class TSentryPrivilege implements org.apache.thrift.TBase<TSentryPrivileg
     if (present_action)
       builder.append(action);
 
-    boolean present_createTime = true;
+    boolean present_createTime = true && (isSetCreateTime());
     builder.append(present_createTime);
     if (present_createTime)
       builder.append(createTime);
@@ -913,10 +910,12 @@ public class TSentryPrivilege implements org.apache.thrift.TBase<TSentryPrivileg
       sb.append(this.action);
     }
     first = false;
-    if (!first) sb.append(", ");
-    sb.append("createTime:");
-    sb.append(this.createTime);
-    first = false;
+    if (isSetCreateTime()) {
+      if (!first) sb.append(", ");
+      sb.append("createTime:");
+      sb.append(this.createTime);
+      first = false;
+    }
     if (isSetGrantorPrincipal()) {
       if (!first) sb.append(", ");
       sb.append("grantorPrincipal:");
@@ -945,10 +944,6 @@ public class TSentryPrivilege implements org.apache.thrift.TBase<TSentryPrivileg
       throw new org.apache.thrift.protocol.TProtocolException("Required field 'action' is unset! Struct:" + toString());
     }
 
-    if (!isSetCreateTime()) {
-      throw new org.apache.thrift.protocol.TProtocolException("Required field 'createTime' is unset! Struct:" + toString());
-    }
-
     // check for sub-struct validity
   }
 
@@ -1116,9 +1111,11 @@ public class TSentryPrivilege implements org.apache.thrift.TBase<TSentryPrivileg
         oprot.writeString(struct.action);
         oprot.writeFieldEnd();
       }
-      oprot.writeFieldBegin(CREATE_TIME_FIELD_DESC);
-      oprot.writeI64(struct.createTime);
-      oprot.writeFieldEnd();
+      if (struct.isSetCreateTime()) {
+        oprot.writeFieldBegin(CREATE_TIME_FIELD_DESC);
+        oprot.writeI64(struct.createTime);
+        oprot.writeFieldEnd();
+      }
       if (struct.grantorPrincipal != null) {
         if (struct.isSetGrantorPrincipal()) {
           oprot.writeFieldBegin(GRANTOR_PRINCIPAL_FIELD_DESC);
@@ -1146,7 +1143,6 @@ public class TSentryPrivilege implements org.apache.thrift.TBase<TSentryPrivileg
       oprot.writeString(struct.privilegeScope);
       oprot.writeString(struct.serverName);
       oprot.writeString(struct.action);
-      oprot.writeI64(struct.createTime);
       BitSet optionals = new BitSet();
       if (struct.isSetPrivilegeName()) {
         optionals.set(0);
@@ -1160,10 +1156,13 @@ public class TSentryPrivilege implements org.apache.thrift.TBase<TSentryPrivileg
       if (struct.isSetURI()) {
         optionals.set(3);
       }
-      if (struct.isSetGrantorPrincipal()) {
+      if (struct.isSetCreateTime()) {
         optionals.set(4);
       }
-      oprot.writeBitSet(optionals, 5);
+      if (struct.isSetGrantorPrincipal()) {
+        optionals.set(5);
+      }
+      oprot.writeBitSet(optionals, 6);
       if (struct.isSetPrivilegeName()) {
         oprot.writeString(struct.privilegeName);
       }
@@ -1176,6 +1175,9 @@ public class TSentryPrivilege implements org.apache.thrift.TBase<TSentryPrivileg
       if (struct.isSetURI()) {
         oprot.writeString(struct.URI);
       }
+      if (struct.isSetCreateTime()) {
+        oprot.writeI64(struct.createTime);
+      }
       if (struct.isSetGrantorPrincipal()) {
         oprot.writeString(struct.grantorPrincipal);
       }
@@ -1190,9 +1192,7 @@ public class TSentryPrivilege implements org.apache.thrift.TBase<TSentryPrivileg
       struct.setServerNameIsSet(true);
       struct.action = iprot.readString();
       struct.setActionIsSet(true);
-      struct.createTime = iprot.readI64();
-      struct.setCreateTimeIsSet(true);
-      BitSet incoming = iprot.readBitSet(5);
+      BitSet incoming = iprot.readBitSet(6);
       if (incoming.get(0)) {
         struct.privilegeName = iprot.readString();
         struct.setPrivilegeNameIsSet(true);
@@ -1210,6 +1210,10 @@ public class TSentryPrivilege implements org.apache.thrift.TBase<TSentryPrivileg
         struct.setURIIsSet(true);
       }
       if (incoming.get(4)) {
+        struct.createTime = iprot.readI64();
+        struct.setCreateTimeIsSet(true);
+      }
+      if (incoming.get(5)) {
         struct.grantorPrincipal = iprot.readString();
         struct.setGrantorPrincipalIsSet(true);
       }

http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/07767a1c/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/thrift/SentryPolicyStoreProcessor.java
----------------------------------------------------------------------
diff --git a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/thrift/SentryPolicyStoreProcessor.java b/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/thrift/SentryPolicyStoreProcessor.java
index ff4817f..3fe47dc 100644
--- a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/thrift/SentryPolicyStoreProcessor.java
+++ b/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/thrift/SentryPolicyStoreProcessor.java
@@ -252,8 +252,8 @@ public class SentryPolicyStoreProcessor implements SentryPolicyService.Iface {
     TAlterSentryRoleAddGroupsRequest request) throws TException {
     TAlterSentryRoleAddGroupsResponse response = new TAlterSentryRoleAddGroupsResponse();
     try {
-      CommitContext commitContext = sentryStore.alterSentryRoleAddGroups(request.getUserName(),
-          request.getRoleName(), request.getGroups());
+      CommitContext commitContext = sentryStore.alterSentryRoleAddGroups(request.getRequestorUserName(),
+                                    request.getRoleName(), request.getGroups());
       response.setStatus(Status.OK());
       notificationHandlerInvoker.alter_sentry_role_add_groups(commitContext,
           request, response);

http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/07767a1c/sentry-provider/sentry-provider-db/src/main/resources/sentry_policy_service.thrift
----------------------------------------------------------------------
diff --git a/sentry-provider/sentry-provider-db/src/main/resources/sentry_policy_service.thrift b/sentry-provider/sentry-provider-db/src/main/resources/sentry_policy_service.thrift
index 7c54290..b3f7d6e 100644
--- a/sentry-provider/sentry-provider-db/src/main/resources/sentry_policy_service.thrift
+++ b/sentry-provider/sentry-provider-db/src/main/resources/sentry_policy_service.thrift
@@ -37,14 +37,16 @@ struct TSentryPrivilege {
 5: optional string tableName,
 6: optional string URI,
 7: required string action,
-8: required i64 createTime,
-9: optional string grantorPrincipal
+8: optional i64 createTime, # Set on server side
+9: optional string grantorPrincipal # Set on server side
 }
 
 struct TSentryRole {
 1: required string roleName,
 # TODO privs should not be part of Sentry role as
 # they are created when a grant is executed
+# They need to be returned as part of the list role API, else
+# there would be another round trip
 2: required set<TSentryPrivilege> privileges,
 3: required i64 createTime,
 4: required string grantorPrincipal
@@ -57,8 +59,9 @@ struct TSentryGroup {
 
 struct TCreateSentryRoleRequest {
 1: required i32 protocol_version = sentry_common_service.TSENTRY_SERVICE_V1,
-2: required string userName,
-3: required TSentryRole role
+2: required string requestorUserName,
+3: required TSentryRole role,
+4: required set<string> requestorGroupName
 }
 struct TCreateSentryRoleResponse {
 1: required sentry_common_service.TSentryResponseStatus status
@@ -66,9 +69,10 @@ struct TCreateSentryRoleResponse {
 
 struct TListSentryRolesRequest {
 1: required i32 protocol_version = sentry_common_service.TSENTRY_SERVICE_V1,
-2: optional string userName,
-3: optional string groupName,
-4: optional string roleName
+2: required string requestorUserName, # user on whose behalf the request is issued
+3: optional string rolerequestorGroupName, # list roles for this group
+4: required string roleName,
+5: required set<string> requestorGroupName # groups the requesting user belongs to
 }
 struct TListSentryRolesResponse {
 1: required sentry_common_service.TSentryResponseStatus status
@@ -77,8 +81,9 @@ struct TListSentryRolesResponse {
 
 struct TDropSentryRoleRequest {
 1: required i32 protocol_version = sentry_common_service.TSENTRY_SERVICE_V1,
-2: optional string userName,
-3: optional string roleName
+2: required string requestorUserName,
+3: required string roleName,
+4: required set<string> requestorGroupName
 }
 struct TDropSentryRoleResponse {
 1: required sentry_common_service.TSentryResponseStatus status
@@ -86,9 +91,10 @@ struct TDropSentryRoleResponse {
 
 struct TAlterSentryRoleAddGroupsRequest {
 1: required i32 protocol_version = sentry_common_service.TSENTRY_SERVICE_V1,
-2: required string userName,
+2: required string requestorUserName,
 3: required string roleName,
-4: required set<TSentryGroup> groups
+4: required set<string> requestorGroupName,
+5: required set<TSentryGroup> groups
 }
 
 struct TAlterSentryRoleAddGroupsResponse {
@@ -97,7 +103,8 @@ struct TAlterSentryRoleAddGroupsResponse {
 
 struct TAlterSentryRoleDeleteGroupsRequest {
 1: required i32 protocol_version = sentry_common_service.TSENTRY_SERVICE_V1,
-2: required string userName,
+2: required string requestorUserName,
+3: required set<string> requestorGroupName
 }
 struct TAlterSentryRoleDeleteGroupsResponse {
 1: required sentry_common_service.TSentryResponseStatus status
@@ -105,9 +112,10 @@ struct TAlterSentryRoleDeleteGroupsResponse {
 
 struct TAlterSentryRoleGrantPrivilegeRequest {
 1: required i32 protocol_version = sentry_common_service.TSENTRY_SERVICE_V1,
-2: required string userName,
+2: required string requestorUserName,
 3: required string roleName,
-4: required TSentryPrivilege privilege
+4: required set<string> requestorGroupName,
+5: required TSentryPrivilege privilege
 }
 
 struct TAlterSentryRoleGrantPrivilegeResponse {
@@ -116,9 +124,10 @@ struct TAlterSentryRoleGrantPrivilegeResponse {
 
 struct TAlterSentryRoleRevokePrivilegeRequest {
 1: required i32 protocol_version = sentry_common_service.TSENTRY_SERVICE_V1,
-2: required string userName,
+2: required string requestorUserName,
 3: required string roleName,
-4: required TSentryPrivilege privilege
+4: required set<string> requestorGroupName,
+5: required TSentryPrivilege privilege
 }
 
 struct TAlterSentryRoleRevokePrivilegeResponse {

http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/07767a1c/sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/provider/db/service/thrift/TestSentryServiceIntegration.java
----------------------------------------------------------------------
diff --git a/sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/provider/db/service/thrift/TestSentryServiceIntegration.java b/sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/provider/db/service/thrift/TestSentryServiceIntegration.java
index dae7674..d073d8b 100644
--- a/sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/provider/db/service/thrift/TestSentryServiceIntegration.java
+++ b/sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/provider/db/service/thrift/TestSentryServiceIntegration.java
@@ -34,17 +34,23 @@ public class TestSentryServiceIntegration extends SentryServiceIntegrationBase {
 
   @Test
   public void testCreateRole() throws Exception {
+    Set<String> groupSet = new HashSet<String>();
     TDropSentryRoleRequest dropReq = new TDropSentryRoleRequest();
     dropReq.setProtocol_version(ThriftConstants.TSENTRY_SERVICE_VERSION_CURRENT);
     dropReq.setRoleName("admin_r");
-    dropReq.setUserName("user_1");
+    dropReq.setRequestorUserName("user_1");
+    groupSet.add("admin");
+    dropReq.setRequestorGroupName(groupSet);
     TDropSentryRoleResponse dropResp = client.dropRole(dropReq);
     assertStatus(Status.NO_SUCH_OBJECT, dropResp.getStatus());
     LOGGER.info("Successfully dropped role: admin_r");
+    groupSet.clear();
 
     TCreateSentryRoleRequest createReq = new TCreateSentryRoleRequest();
     createReq.setProtocol_version(ThriftConstants.TSENTRY_SERVICE_VERSION_CURRENT);
-    createReq.setUserName("user_1");
+    createReq.setRequestorUserName("user_1");
+    groupSet.add("admin");
+    createReq.setRequestorGroupName(groupSet);
     TSentryRole role = new TSentryRole();
     role.setRoleName("admin_r");
     role.setCreateTime(System.currentTimeMillis());
@@ -54,36 +60,49 @@ public class TestSentryServiceIntegration extends SentryServiceIntegrationBase {
     TCreateSentryRoleResponse createResp = client.createRole(createReq);
     assertOK(createResp.getStatus());
     LOGGER.info("Successfully create role: admin_r");
+    groupSet.clear();
 
     TListSentryRolesRequest listReq = new TListSentryRolesRequest();
     listReq.setProtocol_version(ThriftConstants.TSENTRY_SERVICE_VERSION_CURRENT);
     listReq.setRoleName("admin_r");
-    listReq.setUserName("user_1");
+    listReq.setRequestorUserName("user_1");
+    groupSet.add("admin");
+    listReq.setRequestorGroupName(groupSet);
     TListSentryRolesResponse listResp = client.listRoleByName(listReq);
     Set<TSentryRole> roles = listResp.getRoles();
     Preconditions.checkArgument(roles.size() == 1, "Incorrect number of roles");
+    groupSet.clear();
 
     dropReq.setProtocol_version(ThriftConstants.TSENTRY_SERVICE_VERSION_CURRENT);
     dropReq.setRoleName("admin_r");
-    dropReq.setUserName("user_1");
+    dropReq.setRequestorUserName("user_1");
+    groupSet.add("admin");
+    dropReq.setRequestorGroupName(groupSet);
     dropResp = client.dropRole(dropReq);
     assertOK(dropResp.getStatus());
     LOGGER.info("Successfully dropped role: admin_r");
+    groupSet.clear();
   }
 
   @Test
   public void testGrantRevokePrivilege() throws Exception {
+    Set<String> groupSet = new HashSet<String>();
     TDropSentryRoleRequest dropReq = new TDropSentryRoleRequest();
     dropReq.setProtocol_version(ThriftConstants.TSENTRY_SERVICE_VERSION_CURRENT);
     dropReq.setRoleName("admin_testdb");
-    dropReq.setUserName("server_admin");
+    dropReq.setRequestorUserName("server_admin");
+    groupSet.add("admin");
+    dropReq.setRequestorGroupName(groupSet);
     TDropSentryRoleResponse dropResp = client.dropRole(dropReq);
     assertStatus(Status.NO_SUCH_OBJECT, dropResp.getStatus());
     LOGGER.info("Successfully dropped role: admin_testdb");
+    groupSet.clear();
 
     TCreateSentryRoleRequest createReq = new TCreateSentryRoleRequest();
     createReq.setProtocol_version(ThriftConstants.TSENTRY_SERVICE_VERSION_CURRENT);
-    createReq.setUserName("server_admin");
+    createReq.setRequestorUserName("server_admin");
+    groupSet.add("admin");
+    createReq.setRequestorGroupName(groupSet);
     TSentryRole role = new TSentryRole();
     role.setRoleName("admin_testdb");
     role.setCreateTime(System.currentTimeMillis());
@@ -93,19 +112,25 @@ public class TestSentryServiceIntegration extends SentryServiceIntegrationBase {
     TCreateSentryRoleResponse createResp = client.createRole(createReq);
     assertOK(createResp.getStatus());
     LOGGER.info("Successfully create role: admin_testdb");
+    groupSet.clear();
 
     TListSentryRolesRequest listReq = new TListSentryRolesRequest();
     listReq.setProtocol_version(ThriftConstants.TSENTRY_SERVICE_VERSION_CURRENT);
     listReq.setRoleName("admin_testdb");
-    listReq.setUserName("server_admin");
+    listReq.setRequestorUserName("server_admin");
+    groupSet.add("admin");
+    listReq.setRequestorGroupName(groupSet);
     TListSentryRolesResponse listResp = client.listRoleByName(listReq);
     Set<TSentryRole> roles = listResp.getRoles();
     Preconditions.checkArgument(roles.size() == 1, "Incorrect number of roles");
+    groupSet.clear();
 
     TAlterSentryRoleGrantPrivilegeRequest grantReq = new TAlterSentryRoleGrantPrivilegeRequest();
     grantReq.setProtocol_version(ThriftConstants.TSENTRY_SERVICE_VERSION_CURRENT);
     grantReq.setRoleName("admin_testdb");
-    grantReq.setUserName("server_admin");
+    grantReq.setRequestorUserName("server_admin");
+    groupSet.add("admin");
+    grantReq.setRequestorGroupName(groupSet);
     TSentryPrivilege privilege = new TSentryPrivilege();
     privilege.setPrivilegeScope("DB");
     privilege.setServerName("server1");
@@ -117,22 +142,29 @@ public class TestSentryServiceIntegration extends SentryServiceIntegrationBase {
     TAlterSentryRoleGrantPrivilegeResponse grantResp = client.grantPrivilege(grantReq);
     assertOK(grantResp.getStatus());
     LOGGER.info("Successfully granted privilege: " + privilege.toString());
+    groupSet.clear();
 
     TAlterSentryRoleRevokePrivilegeRequest revokeReq = new TAlterSentryRoleRevokePrivilegeRequest();
     revokeReq.setProtocol_version(ThriftConstants.TSENTRY_SERVICE_VERSION_CURRENT);
     revokeReq.setRoleName("admin_testdb");
-    revokeReq.setUserName("server_admin");
+    revokeReq.setRequestorUserName("server_admin");
+    groupSet.add("admin");
+    revokeReq.setRequestorGroupName(groupSet);
     revokeReq.setPrivilege(privilege);
     TAlterSentryRoleRevokePrivilegeResponse revokeResp = client.revokePrivilege(revokeReq);
     assertOK(revokeResp.getStatus());
     LOGGER.info("Successfully revoked privilege: " + privilege.toString());
+    groupSet.clear();
 
     dropReq.setProtocol_version(ThriftConstants.TSENTRY_SERVICE_VERSION_CURRENT);
     dropReq.setRoleName("admin_testdb");
-    dropReq.setUserName("server_admin");
+    dropReq.setRequestorUserName("server_admin");
+    groupSet.add("admin");
+    dropReq.setRequestorGroupName(groupSet);
     dropResp = client.dropRole(dropReq);
     assertOK(dropResp.getStatus());
     LOGGER.info("Successfully dropped role: admin_testdb");
+    groupSet.clear();
   }
 
 }


Mime
View raw message