sentry-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From pras...@apache.org
Subject [22/22] git commit: SENTRY-432: Synchronization of HDFS permissions with Sentry permissions: Review feedback
Date Wed, 22 Oct 2014 17:40:09 GMT
 SENTRY-432: Synchronization of HDFS permissions with Sentry permissions: Review feedback


Project: http://git-wip-us.apache.org/repos/asf/incubator-sentry/repo
Commit: http://git-wip-us.apache.org/repos/asf/incubator-sentry/commit/d66ebb71
Tree: http://git-wip-us.apache.org/repos/asf/incubator-sentry/tree/d66ebb71
Diff: http://git-wip-us.apache.org/repos/asf/incubator-sentry/diff/d66ebb71

Branch: refs/heads/sentry-hdfs-plugin
Commit: d66ebb71a29905391996aa5341516e4d4eec4d78
Parents: 0152e3a
Author: Prasad Mujumdar <prasadm@cloudera.com>
Authored: Wed Oct 22 10:39:37 2014 -0700
Committer: Prasad Mujumdar <prasadm@cloudera.com>
Committed: Wed Oct 22 10:39:37 2014 -0700

----------------------------------------------------------------------
 pom.xml                                         |   36 +-
 sentry-binding/sentry-binding-hive/pom.xml      |    4 -
 .../SentryHiveAuthorizationTaskFactoryImpl.java |    2 -
 .../sentry/binding/hive/conf/HiveAuthzConf.java |    4 +-
 .../SentryMetastorePostEventListener.java       |   15 +-
 sentry-dist/pom.xml                             |   16 +-
 sentry-dist/src/main/assembly/sentry-hdfs.xml   |    8 +-
 .../hdfs/service/thrift/SentryHDFSService.java  |  795 ++
 .../java/org/apache/sentry/hdfs/AuthzPaths.java |   28 +
 .../java/org/apache/sentry/hdfs/HMSPaths.java   |   57 +-
 .../org/apache/sentry/hdfs/HMSPathsDumper.java  |  126 +
 .../org/apache/sentry/hdfs/HMSPathsSerDe.java   |  113 -
 .../org/apache/sentry/hdfs/MetastoreClient.java |    4 +
 .../org/apache/sentry/hdfs/PathsUpdate.java     |    6 +-
 .../apache/sentry/hdfs/PermissionsUpdate.java   |    3 +-
 .../sentry/hdfs/SentryHDFSServiceClient.java    |   11 +-
 .../apache/sentry/hdfs/ServiceConstants.java    |    2 +
 .../java/org/apache/sentry/hdfs/Updateable.java |    8 +-
 .../sentry/hdfs/UpdateableAuthzPaths.java       |   33 +-
 .../sentry/hdfs/TestHMSPathsFullDump.java       |   19 +-
 .../sentry/hdfs/TestUpdateableAuthzPaths.java   |   22 +-
 .../sentry/hdfs/UpdateableAuthzPermissions.java |   17 +-
 sentry-hdfs/sentry-hdfs-service/pom.xml         |    4 -
 .../sentry/hdfs/ExtendedMetastoreClient.java    |    8 +-
 .../org/apache/sentry/hdfs/MetastorePlugin.java |  128 +-
 .../sentry/hdfs/SentryHDFSServiceProcessor.java |   13 +-
 .../org/apache/sentry/hdfs/SentryPlugin.java    |   88 +-
 .../org/apache/sentry/hdfs/UpdateForwarder.java |   89 +-
 sentry-provider/sentry-provider-db/pom.xml      |    4 -
 .../db/service/thrift/SentryPolicyService.java  | 9772 ++++++++++++++++++
 .../TAlterSentryRoleAddGroupsRequest.java       |  742 ++
 .../TAlterSentryRoleAddGroupsResponse.java      |  390 +
 .../TAlterSentryRoleDeleteGroupsRequest.java    |  742 ++
 .../TAlterSentryRoleDeleteGroupsResponse.java   |  390 +
 .../TAlterSentryRoleGrantPrivilegeRequest.java  |  693 ++
 .../TAlterSentryRoleGrantPrivilegeResponse.java |  505 +
 .../TAlterSentryRoleRevokePrivilegeRequest.java |  693 ++
 ...TAlterSentryRoleRevokePrivilegeResponse.java |  390 +
 .../thrift/TCreateSentryRoleRequest.java        |  587 ++
 .../thrift/TCreateSentryRoleResponse.java       |  390 +
 .../service/thrift/TDropPrivilegesRequest.java  |  592 ++
 .../service/thrift/TDropPrivilegesResponse.java |  390 +
 .../service/thrift/TDropSentryRoleRequest.java  |  587 ++
 .../service/thrift/TDropSentryRoleResponse.java |  390 +
 .../TListSentryPrivilegesByAuthRequest.java     |  914 ++
 .../TListSentryPrivilegesByAuthResponse.java    |  567 +
 ...TListSentryPrivilegesForProviderRequest.java |  759 ++
 ...ListSentryPrivilegesForProviderResponse.java |  543 +
 .../thrift/TListSentryPrivilegesRequest.java    |  702 ++
 .../thrift/TListSentryPrivilegesResponse.java   |  554 +
 .../service/thrift/TListSentryRolesRequest.java |  596 ++
 .../thrift/TListSentryRolesResponse.java        |  554 +
 .../thrift/TRenamePrivilegesRequest.java        |  698 ++
 .../thrift/TRenamePrivilegesResponse.java       |  390 +
 .../db/service/thrift/TSentryActiveRoleSet.java |  536 +
 .../db/service/thrift/TSentryAuthorizable.java  |  707 ++
 .../db/service/thrift/TSentryGrantOption.java   |   48 +
 .../db/service/thrift/TSentryGroup.java         |  385 +
 .../db/service/thrift/TSentryPrivilege.java     | 1145 ++
 .../db/service/thrift/TSentryPrivilegeMap.java  |  486 +
 .../provider/db/service/thrift/TSentryRole.java |  641 ++
 .../service/thrift/TSentryResponseStatus.java   |  594 ++
 .../thrift/sentry_common_serviceConstants.java  |   50 +
 .../db/SentryMetastoreListenerPlugin.java       |    7 +
 .../provider/db/SentryPolicyStorePlugin.java    |    3 +
 .../provider/db/SimpleDBProviderBackend.java    |   24 +-
 .../db/service/persistent/SentryStore.java      |    6 +
 .../thrift/SentryPolicyStoreProcessor.java      |    7 +-
 .../sentry/service/thrift/ServiceConstants.java |  157 +
 .../thrift/TestSentryPolicyStoreProcessor.java  |    1 -
 .../thrift/TestSentryServerWithoutKerberos.java |   10 -
 sentry-service-client/pom.xml                   |  164 -
 .../db/service/thrift/SentryPolicyService.java  | 9772 ------------------
 .../TAlterSentryRoleAddGroupsRequest.java       |  742 --
 .../TAlterSentryRoleAddGroupsResponse.java      |  390 -
 .../TAlterSentryRoleDeleteGroupsRequest.java    |  742 --
 .../TAlterSentryRoleDeleteGroupsResponse.java   |  390 -
 .../TAlterSentryRoleGrantPrivilegeRequest.java  |  693 --
 .../TAlterSentryRoleGrantPrivilegeResponse.java |  505 -
 .../TAlterSentryRoleRevokePrivilegeRequest.java |  693 --
 ...TAlterSentryRoleRevokePrivilegeResponse.java |  390 -
 .../thrift/TCreateSentryRoleRequest.java        |  587 --
 .../thrift/TCreateSentryRoleResponse.java       |  390 -
 .../service/thrift/TDropPrivilegesRequest.java  |  592 --
 .../service/thrift/TDropPrivilegesResponse.java |  390 -
 .../service/thrift/TDropSentryRoleRequest.java  |  587 --
 .../service/thrift/TDropSentryRoleResponse.java |  390 -
 .../TListSentryPrivilegesByAuthRequest.java     |  914 --
 .../TListSentryPrivilegesByAuthResponse.java    |  567 -
 ...TListSentryPrivilegesForProviderRequest.java |  759 --
 ...ListSentryPrivilegesForProviderResponse.java |  543 -
 .../thrift/TListSentryPrivilegesRequest.java    |  702 --
 .../thrift/TListSentryPrivilegesResponse.java   |  554 -
 .../service/thrift/TListSentryRolesRequest.java |  596 --
 .../thrift/TListSentryRolesResponse.java        |  554 -
 .../thrift/TRenamePrivilegesRequest.java        |  698 --
 .../thrift/TRenamePrivilegesResponse.java       |  390 -
 .../db/service/thrift/TSentryActiveRoleSet.java |  536 -
 .../db/service/thrift/TSentryAuthorizable.java  |  707 --
 .../db/service/thrift/TSentryGrantOption.java   |   48 -
 .../db/service/thrift/TSentryGroup.java         |  385 -
 .../db/service/thrift/TSentryPrivilege.java     | 1145 --
 .../db/service/thrift/TSentryPrivilegeMap.java  |  486 -
 .../provider/db/service/thrift/TSentryRole.java |  641 --
 .../service/thrift/TSentryResponseStatus.java   |  594 --
 .../thrift/sentry_common_serviceConstants.java  |   50 -
 .../sentry/service/thrift/ServiceConstants.java |  160 -
 .../main/resources/sentry_common_service.thrift |   42 -
 .../main/resources/sentry_policy_service.thrift |  247 -
 sentry-tests/sentry-tests-hive/pom.xml          |    5 -
 .../tests/e2e/hdfs/TestHDFSIntegration.java     |   23 +-
 111 files changed, 29733 insertions(+), 29030 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/d66ebb71/pom.xml
----------------------------------------------------------------------
diff --git a/pom.xml b/pom.xml
index d901718..02d70da 100644
--- a/pom.xml
+++ b/pom.xml
@@ -330,11 +330,6 @@ limitations under the License.
       </dependency>
       <dependency>
         <groupId>org.apache.sentry</groupId>
-        <artifactId>sentry-service-client</artifactId>
-        <version>${project.version}</version>
-      </dependency>
-      <dependency>
-        <groupId>org.apache.sentry</groupId>
         <artifactId>sentry-provider-common</artifactId>
         <version>${project.version}</version>
       </dependency>
@@ -432,7 +427,6 @@ limitations under the License.
     <module>sentry-provider</module>
     <module>sentry-policy</module>
     <module>sentry-tests</module>
-    <module>sentry-service-client</module>
     <module>sentry-hdfs</module>
     <module>sentry-dist</module>
   </modules>
@@ -460,6 +454,35 @@ limitations under the License.
           <workspaceCodeStylesURL>https://google-styleguide.googlecode.com/svn/trunk/eclipse-java-google-style.xml</workspaceCodeStylesURL>
         </configuration>
       </plugin>
+
+<!---
+      <plugin>
+        <groupId>org.apache.maven.plugins</groupId>
+        <artifactId>maven-shade-plugin</artifactId>
+        <version>2.1</version>
+        <executions>
+          <execution>
+            <phase>package</phase>
+            <goals>
+              <goal>shade</goal>
+            </goals>
+            <configuration>
+              <artifactSet>
+                <includes>
+                  <include>org.apache.thrift:libthrift</include>
+                </includes>
+              </artifactSet>
+              <relocations>
+                <relocation>
+                  <pattern>org.apache.thrift</pattern>
+                  <shadedPattern>sentry.org.apache.thrift</shadedPattern>
+                </relocation>
+              </relocations>
+            </configuration>
+          </execution>
+        </executions>
+      </plugin>
+-->
     </plugins>
 
     <pluginManagement>
@@ -551,6 +574,7 @@ limitations under the License.
                   <exclude>maven-repo/</exclude>
                   <exclude>test-output/</exclude>
                   <!-- Derby files which are created after test run -->
+                  <exclude>**/dependency-reduced-pom.xml</exclude>
                   <exclude>**/derby.log</exclude>
                   <exclude>**/service.properties</exclude>
                   <exclude>**/*.lck</exclude>

http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/d66ebb71/sentry-binding/sentry-binding-hive/pom.xml
----------------------------------------------------------------------
diff --git a/sentry-binding/sentry-binding-hive/pom.xml b/sentry-binding/sentry-binding-hive/pom.xml
index ca9ca42..e72b370 100644
--- a/sentry-binding/sentry-binding-hive/pom.xml
+++ b/sentry-binding/sentry-binding-hive/pom.xml
@@ -75,10 +75,6 @@ limitations under the License.
     <!-- required for SentryGrantRevokeTask -->
     <dependency>
       <groupId>org.apache.sentry</groupId>
-      <artifactId>sentry-service-client</artifactId>
-    </dependency>
-    <dependency>
-      <groupId>org.apache.sentry</groupId>
       <artifactId>sentry-provider-db</artifactId>
     </dependency>
     <dependency>

http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/d66ebb71/sentry-binding/sentry-binding-hive/src/main/java/org/apache/sentry/binding/hive/SentryHiveAuthorizationTaskFactoryImpl.java
----------------------------------------------------------------------
diff --git a/sentry-binding/sentry-binding-hive/src/main/java/org/apache/sentry/binding/hive/SentryHiveAuthorizationTaskFactoryImpl.java b/sentry-binding/sentry-binding-hive/src/main/java/org/apache/sentry/binding/hive/SentryHiveAuthorizationTaskFactoryImpl.java
index dfcf63a..39a22c6 100644
--- a/sentry-binding/sentry-binding-hive/src/main/java/org/apache/sentry/binding/hive/SentryHiveAuthorizationTaskFactoryImpl.java
+++ b/sentry-binding/sentry-binding-hive/src/main/java/org/apache/sentry/binding/hive/SentryHiveAuthorizationTaskFactoryImpl.java
@@ -239,8 +239,6 @@ public class SentryHiveAuthorizationTaskFactoryImpl implements HiveAuthorization
 
   private Task<? extends Serializable> analyzeGrantRevokeRole(boolean isGrant, ASTNode ast,
       HashSet<ReadEntity> inputs, HashSet<WriteEntity> outputs) throws SemanticException {
-    LOG.debug("## FULL AST : [" + ast.dump() + "]");
-    LOG.debug("## CHILD AST : [" + ((ASTNode)ast.getChild(0)).dump() + "]");
     List<PrincipalDesc> principalDesc = analyzePrincipalListDef(
         (ASTNode) ast.getChild(0));
     

http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/d66ebb71/sentry-binding/sentry-binding-hive/src/main/java/org/apache/sentry/binding/hive/conf/HiveAuthzConf.java
----------------------------------------------------------------------
diff --git a/sentry-binding/sentry-binding-hive/src/main/java/org/apache/sentry/binding/hive/conf/HiveAuthzConf.java b/sentry-binding/sentry-binding-hive/src/main/java/org/apache/sentry/binding/hive/conf/HiveAuthzConf.java
index 0c8778b..93f19f3 100644
--- a/sentry-binding/sentry-binding-hive/src/main/java/org/apache/sentry/binding/hive/conf/HiveAuthzConf.java
+++ b/sentry-binding/sentry-binding-hive/src/main/java/org/apache/sentry/binding/hive/conf/HiveAuthzConf.java
@@ -203,8 +203,8 @@ public class HiveAuthzConf extends Configuration {
       if (retVal == null) {
         retVal = AuthzConfVars.getDefault(varName);
       } else {
-//        Log.warn("Using the deprecated config setting " + currentToDeprecatedProps.get(varName).getVar() +
-//            " instead of " + varName);
+        LOG.warn("Using the deprecated config setting " + currentToDeprecatedProps.get(varName).getVar() +
+            " instead of " + varName);
       }
     }
     if (retVal == null) {

http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/d66ebb71/sentry-binding/sentry-binding-hive/src/main/java/org/apache/sentry/binding/metastore/SentryMetastorePostEventListener.java
----------------------------------------------------------------------
diff --git a/sentry-binding/sentry-binding-hive/src/main/java/org/apache/sentry/binding/metastore/SentryMetastorePostEventListener.java b/sentry-binding/sentry-binding-hive/src/main/java/org/apache/sentry/binding/metastore/SentryMetastorePostEventListener.java
index 316530b..efbd43f 100644
--- a/sentry-binding/sentry-binding-hive/src/main/java/org/apache/sentry/binding/metastore/SentryMetastorePostEventListener.java
+++ b/sentry-binding/sentry-binding-hive/src/main/java/org/apache/sentry/binding/metastore/SentryMetastorePostEventListener.java
@@ -62,7 +62,7 @@ public class SentryMetastorePostEventListener extends MetaStoreEventListener {
     super(config);
     sentryClientFactory = new SentryServiceClientFactory();
 
-    authzConf = HiveAuthzConf.getAuthzConf(new HiveConf());
+    authzConf = HiveAuthzConf.getAuthzConf((HiveConf)config);
     server = new Server(authzConf.get(AuthzConfVars.AUTHZ_SERVER_NAME.getVar()));
     Iterable<String> pluginClasses = ConfUtilties.CLASS_SPLITTER
         .split(config.get(ServerConfig.SENTRY_METASTORE_PLUGINS,
@@ -179,7 +179,6 @@ public class SentryMetastorePostEventListener extends MetaStoreEventListener {
   @Override
   public void onAlterTable (AlterTableEvent tableEvent) throws MetaException {
     String oldTableName = null, newTableName = null;
-    // TODO : notify SentryHMSPathCache
     if (!syncWithPolicyStore(AuthzConfVars.AUTHZ_SYNC_ALTER_WITH_POLICY_STORE)) {
       return;
     }
@@ -196,7 +195,9 @@ public class SentryMetastorePostEventListener extends MetaStoreEventListener {
     }
     if (!oldTableName.equalsIgnoreCase(newTableName)) {
       renameSentryTablePrivilege(tableEvent.getOldTable().getDbName(),
-          oldTableName, tableEvent.getNewTable().getDbName(), newTableName);
+          oldTableName, tableEvent.getOldTable().getSd().getLocation(),
+          tableEvent.getNewTable().getDbName(), newTableName,
+          tableEvent.getNewTable().getSd().getLocation());
     }
   }
 
@@ -214,7 +215,6 @@ public class SentryMetastorePostEventListener extends MetaStoreEventListener {
         }
       }
     }
-    // TODO Auto-generated method stub
     super.onAddPartition(partitionEvent);
   }
 
@@ -227,7 +227,6 @@ public class SentryMetastorePostEventListener extends MetaStoreEventListener {
     for (SentryMetastoreListenerPlugin plugin : sentryPlugins) {
       plugin.removePath(authzObj, path);
     }
-    // TODO Auto-generated method stub
     super.onDropPartition(partitionEvent);
   }
 
@@ -284,7 +283,7 @@ public class SentryMetastorePostEventListener extends MetaStoreEventListener {
   }
 
   private void renameSentryTablePrivilege(String oldDbName, String oldTabName,
-      String newDbName, String newTabName)
+      String oldPath, String newDbName, String newTabName, String newPath)
       throws MetaException {
     List<Authorizable> oldAuthorizableTable = new ArrayList<Authorizable>();
     oldAuthorizableTable.add(server);
@@ -309,6 +308,10 @@ public class SentryMetastorePostEventListener extends MetaStoreEventListener {
     } catch (IOException e) {
       throw new MetaException("Failed to find local user " + e.getMessage());
     }
+    for (SentryMetastoreListenerPlugin plugin : sentryPlugins) {
+      plugin.renameAuthzObject(oldDbName + "." + oldTabName, oldPath,
+          newDbName + "." + newTabName, newPath);
+    }
   }
 
   private boolean syncWithPolicyStore(AuthzConfVars syncConfVar) {

http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/d66ebb71/sentry-dist/pom.xml
----------------------------------------------------------------------
diff --git a/sentry-dist/pom.xml b/sentry-dist/pom.xml
index c720cf0..19a9707 100644
--- a/sentry-dist/pom.xml
+++ b/sentry-dist/pom.xml
@@ -64,10 +64,6 @@ limitations under the License.
     </dependency>
     <dependency>
       <groupId>org.apache.sentry</groupId>
-      <artifactId>sentry-service-client</artifactId>
-    </dependency>
-    <dependency>
-      <groupId>org.apache.sentry</groupId>
       <artifactId>sentry-policy-common</artifactId>
     </dependency>
     <dependency>
@@ -78,6 +74,18 @@ limitations under the License.
       <groupId>org.apache.sentry</groupId>
       <artifactId>sentry-policy-search</artifactId>
     </dependency>
+    <dependency>
+      <groupId>org.apache.sentry</groupId>
+      <artifactId>sentry-hdfs-common</artifactId>
+    </dependency>
+    <dependency>
+      <groupId>org.apache.sentry</groupId>
+      <artifactId>sentry-hdfs-service</artifactId>
+    </dependency>
+    <dependency>
+      <groupId>org.apache.sentry</groupId>
+      <artifactId>sentry-hdfs-namenode-plugin</artifactId>
+    </dependency>
   </dependencies>
   <build>
     <plugins>

http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/d66ebb71/sentry-dist/src/main/assembly/sentry-hdfs.xml
----------------------------------------------------------------------
diff --git a/sentry-dist/src/main/assembly/sentry-hdfs.xml b/sentry-dist/src/main/assembly/sentry-hdfs.xml
index 22ced14..8aef857 100644
--- a/sentry-dist/src/main/assembly/sentry-hdfs.xml
+++ b/sentry-dist/src/main/assembly/sentry-hdfs.xml
@@ -33,17 +33,21 @@
   <dependencySets>
     <dependencySet>
       <outputDirectory>/</outputDirectory>
-      <unpack>false</unpack>
+      <unpack>true</unpack>
       <useProjectArtifact>false</useProjectArtifact>
       <useStrictFiltering>true</useStrictFiltering>
       <useTransitiveFiltering>false</useTransitiveFiltering>
       <includes>
         <include>org.apache.thrift:libthrift</include>
         <include>org.apache.thrift:libfb303</include>
+        <include>org.apache.sentry:sentry-hdfs-namenode-plugin</include>
+        <include>org.apache.sentry:sentry-hdfs-common</include>
+        <include>org.apache.sentry:sentry-hdfs-service</include>
       </includes>
     </dependencySet>
   </dependencySets>
 
+<!--
   <fileSets>
     <fileSet>
       <directory>${project.parent.basedir}/sentry-hdfs/sentry-hdfs-dist/target</directory>
@@ -56,6 +60,6 @@
       <outputDirectory>/</outputDirectory>
     </fileSet>
   </fileSets>
-
+-->
 </assembly>
 

http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/d66ebb71/sentry-hdfs/sentry-hdfs-common/src/gen/thrift/gen-javabean/org/apache/sentry/hdfs/service/thrift/SentryHDFSService.java
----------------------------------------------------------------------
diff --git a/sentry-hdfs/sentry-hdfs-common/src/gen/thrift/gen-javabean/org/apache/sentry/hdfs/service/thrift/SentryHDFSService.java b/sentry-hdfs/sentry-hdfs-common/src/gen/thrift/gen-javabean/org/apache/sentry/hdfs/service/thrift/SentryHDFSService.java
index 658b5ef..663fe4e 100644
--- a/sentry-hdfs/sentry-hdfs-common/src/gen/thrift/gen-javabean/org/apache/sentry/hdfs/service/thrift/SentryHDFSService.java
+++ b/sentry-hdfs/sentry-hdfs-common/src/gen/thrift/gen-javabean/org/apache/sentry/hdfs/service/thrift/SentryHDFSService.java
@@ -37,6 +37,8 @@ public class SentryHDFSService {
 
     public void handle_hms_notification(TPathsUpdate pathsUpdate) throws org.apache.thrift.TException;
 
+    public long check_hms_seq_num(long pathSeqNum) throws org.apache.thrift.TException;
+
     public TAuthzUpdateResponse get_all_authz_updates_from(long permSeqNum, long pathSeqNum) throws org.apache.thrift.TException;
 
     public Map<String,List<String>> get_all_related_paths(String path, boolean exactMatch) throws org.apache.thrift.TException;
@@ -47,6 +49,8 @@ public class SentryHDFSService {
 
     public void handle_hms_notification(TPathsUpdate pathsUpdate, org.apache.thrift.async.AsyncMethodCallback<AsyncClient.handle_hms_notification_call> resultHandler) throws org.apache.thrift.TException;
 
+    public void check_hms_seq_num(long pathSeqNum, org.apache.thrift.async.AsyncMethodCallback<AsyncClient.check_hms_seq_num_call> resultHandler) throws org.apache.thrift.TException;
+
     public void get_all_authz_updates_from(long permSeqNum, long pathSeqNum, org.apache.thrift.async.AsyncMethodCallback<AsyncClient.get_all_authz_updates_from_call> resultHandler) throws org.apache.thrift.TException;
 
     public void get_all_related_paths(String path, boolean exactMatch, org.apache.thrift.async.AsyncMethodCallback<AsyncClient.get_all_related_paths_call> resultHandler) throws org.apache.thrift.TException;
@@ -93,6 +97,29 @@ public class SentryHDFSService {
       return;
     }
 
+    public long check_hms_seq_num(long pathSeqNum) throws org.apache.thrift.TException
+    {
+      send_check_hms_seq_num(pathSeqNum);
+      return recv_check_hms_seq_num();
+    }
+
+    public void send_check_hms_seq_num(long pathSeqNum) throws org.apache.thrift.TException
+    {
+      check_hms_seq_num_args args = new check_hms_seq_num_args();
+      args.setPathSeqNum(pathSeqNum);
+      sendBase("check_hms_seq_num", args);
+    }
+
+    public long recv_check_hms_seq_num() throws org.apache.thrift.TException
+    {
+      check_hms_seq_num_result result = new check_hms_seq_num_result();
+      receiveBase(result, "check_hms_seq_num");
+      if (result.isSetSuccess()) {
+        return result.success;
+      }
+      throw new org.apache.thrift.TApplicationException(org.apache.thrift.TApplicationException.MISSING_RESULT, "check_hms_seq_num failed: unknown result");
+    }
+
     public TAuthzUpdateResponse get_all_authz_updates_from(long permSeqNum, long pathSeqNum) throws org.apache.thrift.TException
     {
       send_get_all_authz_updates_from(permSeqNum, pathSeqNum);
@@ -191,6 +218,38 @@ public class SentryHDFSService {
       }
     }
 
+    public void check_hms_seq_num(long pathSeqNum, org.apache.thrift.async.AsyncMethodCallback<check_hms_seq_num_call> resultHandler) throws org.apache.thrift.TException {
+      checkReady();
+      check_hms_seq_num_call method_call = new check_hms_seq_num_call(pathSeqNum, resultHandler, this, ___protocolFactory, ___transport);
+      this.___currentMethod = method_call;
+      ___manager.call(method_call);
+    }
+
+    public static class check_hms_seq_num_call extends org.apache.thrift.async.TAsyncMethodCall {
+      private long pathSeqNum;
+      public check_hms_seq_num_call(long pathSeqNum, org.apache.thrift.async.AsyncMethodCallback<check_hms_seq_num_call> resultHandler, org.apache.thrift.async.TAsyncClient client, org.apache.thrift.protocol.TProtocolFactory protocolFactory, org.apache.thrift.transport.TNonblockingTransport transport) throws org.apache.thrift.TException {
+        super(client, protocolFactory, transport, resultHandler, false);
+        this.pathSeqNum = pathSeqNum;
+      }
+
+      public void write_args(org.apache.thrift.protocol.TProtocol prot) throws org.apache.thrift.TException {
+        prot.writeMessageBegin(new org.apache.thrift.protocol.TMessage("check_hms_seq_num", org.apache.thrift.protocol.TMessageType.CALL, 0));
+        check_hms_seq_num_args args = new check_hms_seq_num_args();
+        args.setPathSeqNum(pathSeqNum);
+        args.write(prot);
+        prot.writeMessageEnd();
+      }
+
+      public long getResult() throws org.apache.thrift.TException {
+        if (getState() != org.apache.thrift.async.TAsyncMethodCall.State.RESPONSE_READ) {
+          throw new IllegalStateException("Method call not finished!");
+        }
+        org.apache.thrift.transport.TMemoryInputTransport memoryTransport = new org.apache.thrift.transport.TMemoryInputTransport(getFrameBuffer().array());
+        org.apache.thrift.protocol.TProtocol prot = client.getProtocolFactory().getProtocol(memoryTransport);
+        return (new Client(prot)).recv_check_hms_seq_num();
+      }
+    }
+
     public void get_all_authz_updates_from(long permSeqNum, long pathSeqNum, org.apache.thrift.async.AsyncMethodCallback<get_all_authz_updates_from_call> resultHandler) throws org.apache.thrift.TException {
       checkReady();
       get_all_authz_updates_from_call method_call = new get_all_authz_updates_from_call(permSeqNum, pathSeqNum, resultHandler, this, ___protocolFactory, ___transport);
@@ -275,6 +334,7 @@ public class SentryHDFSService {
 
     private static <I extends Iface> Map<String,  org.apache.thrift.ProcessFunction<I, ? extends  org.apache.thrift.TBase>> getProcessMap(Map<String,  org.apache.thrift.ProcessFunction<I, ? extends  org.apache.thrift.TBase>> processMap) {
       processMap.put("handle_hms_notification", new handle_hms_notification());
+      processMap.put("check_hms_seq_num", new check_hms_seq_num());
       processMap.put("get_all_authz_updates_from", new get_all_authz_updates_from());
       processMap.put("get_all_related_paths", new get_all_related_paths());
       return processMap;
@@ -300,6 +360,27 @@ public class SentryHDFSService {
       }
     }
 
+    public static class check_hms_seq_num<I extends Iface> extends org.apache.thrift.ProcessFunction<I, check_hms_seq_num_args> {
+      public check_hms_seq_num() {
+        super("check_hms_seq_num");
+      }
+
+      public check_hms_seq_num_args getEmptyArgsInstance() {
+        return new check_hms_seq_num_args();
+      }
+
+      protected boolean isOneway() {
+        return false;
+      }
+
+      public check_hms_seq_num_result getResult(I iface, check_hms_seq_num_args args) throws org.apache.thrift.TException {
+        check_hms_seq_num_result result = new check_hms_seq_num_result();
+        result.success = iface.check_hms_seq_num(args.pathSeqNum);
+        result.setSuccessIsSet(true);
+        return result;
+      }
+    }
+
     public static class get_all_authz_updates_from<I extends Iface> extends org.apache.thrift.ProcessFunction<I, get_all_authz_updates_from_args> {
       public get_all_authz_updates_from() {
         super("get_all_authz_updates_from");
@@ -951,6 +1032,720 @@ public class SentryHDFSService {
 
   }
 
+  public static class check_hms_seq_num_args implements org.apache.thrift.TBase<check_hms_seq_num_args, check_hms_seq_num_args._Fields>, java.io.Serializable, Cloneable   {
+    private static final org.apache.thrift.protocol.TStruct STRUCT_DESC = new org.apache.thrift.protocol.TStruct("check_hms_seq_num_args");
+
+    private static final org.apache.thrift.protocol.TField PATH_SEQ_NUM_FIELD_DESC = new org.apache.thrift.protocol.TField("pathSeqNum", org.apache.thrift.protocol.TType.I64, (short)1);
+
+    private static final Map<Class<? extends IScheme>, SchemeFactory> schemes = new HashMap<Class<? extends IScheme>, SchemeFactory>();
+    static {
+      schemes.put(StandardScheme.class, new check_hms_seq_num_argsStandardSchemeFactory());
+      schemes.put(TupleScheme.class, new check_hms_seq_num_argsTupleSchemeFactory());
+    }
+
+    private long pathSeqNum; // required
+
+    /** The set of fields this struct contains, along with convenience methods for finding and manipulating them. */
+    public enum _Fields implements org.apache.thrift.TFieldIdEnum {
+      PATH_SEQ_NUM((short)1, "pathSeqNum");
+
+      private static final Map<String, _Fields> byName = new HashMap<String, _Fields>();
+
+      static {
+        for (_Fields field : EnumSet.allOf(_Fields.class)) {
+          byName.put(field.getFieldName(), field);
+        }
+      }
+
+      /**
+       * Find the _Fields constant that matches fieldId, or null if its not found.
+       */
+      public static _Fields findByThriftId(int fieldId) {
+        switch(fieldId) {
+          case 1: // PATH_SEQ_NUM
+            return PATH_SEQ_NUM;
+          default:
+            return null;
+        }
+      }
+
+      /**
+       * Find the _Fields constant that matches fieldId, throwing an exception
+       * if it is not found.
+       */
+      public static _Fields findByThriftIdOrThrow(int fieldId) {
+        _Fields fields = findByThriftId(fieldId);
+        if (fields == null) throw new IllegalArgumentException("Field " + fieldId + " doesn't exist!");
+        return fields;
+      }
+
+      /**
+       * Find the _Fields constant that matches name, or null if its not found.
+       */
+      public static _Fields findByName(String name) {
+        return byName.get(name);
+      }
+
+      private final short _thriftId;
+      private final String _fieldName;
+
+      _Fields(short thriftId, String fieldName) {
+        _thriftId = thriftId;
+        _fieldName = fieldName;
+      }
+
+      public short getThriftFieldId() {
+        return _thriftId;
+      }
+
+      public String getFieldName() {
+        return _fieldName;
+      }
+    }
+
+    // isset id assignments
+    private static final int __PATHSEQNUM_ISSET_ID = 0;
+    private byte __isset_bitfield = 0;
+    public static final Map<_Fields, org.apache.thrift.meta_data.FieldMetaData> metaDataMap;
+    static {
+      Map<_Fields, org.apache.thrift.meta_data.FieldMetaData> tmpMap = new EnumMap<_Fields, org.apache.thrift.meta_data.FieldMetaData>(_Fields.class);
+      tmpMap.put(_Fields.PATH_SEQ_NUM, new org.apache.thrift.meta_data.FieldMetaData("pathSeqNum", org.apache.thrift.TFieldRequirementType.DEFAULT, 
+          new org.apache.thrift.meta_data.FieldValueMetaData(org.apache.thrift.protocol.TType.I64)));
+      metaDataMap = Collections.unmodifiableMap(tmpMap);
+      org.apache.thrift.meta_data.FieldMetaData.addStructMetaDataMap(check_hms_seq_num_args.class, metaDataMap);
+    }
+
+    public check_hms_seq_num_args() {
+    }
+
+    public check_hms_seq_num_args(
+      long pathSeqNum)
+    {
+      this();
+      this.pathSeqNum = pathSeqNum;
+      setPathSeqNumIsSet(true);
+    }
+
+    /**
+     * Performs a deep copy on <i>other</i>.
+     */
+    public check_hms_seq_num_args(check_hms_seq_num_args other) {
+      __isset_bitfield = other.__isset_bitfield;
+      this.pathSeqNum = other.pathSeqNum;
+    }
+
+    public check_hms_seq_num_args deepCopy() {
+      return new check_hms_seq_num_args(this);
+    }
+
+    @Override
+    public void clear() {
+      setPathSeqNumIsSet(false);
+      this.pathSeqNum = 0;
+    }
+
+    public long getPathSeqNum() {
+      return this.pathSeqNum;
+    }
+
+    public void setPathSeqNum(long pathSeqNum) {
+      this.pathSeqNum = pathSeqNum;
+      setPathSeqNumIsSet(true);
+    }
+
+    public void unsetPathSeqNum() {
+      __isset_bitfield = EncodingUtils.clearBit(__isset_bitfield, __PATHSEQNUM_ISSET_ID);
+    }
+
+    /** Returns true if field pathSeqNum is set (has been assigned a value) and false otherwise */
+    public boolean isSetPathSeqNum() {
+      return EncodingUtils.testBit(__isset_bitfield, __PATHSEQNUM_ISSET_ID);
+    }
+
+    public void setPathSeqNumIsSet(boolean value) {
+      __isset_bitfield = EncodingUtils.setBit(__isset_bitfield, __PATHSEQNUM_ISSET_ID, value);
+    }
+
+    public void setFieldValue(_Fields field, Object value) {
+      switch (field) {
+      case PATH_SEQ_NUM:
+        if (value == null) {
+          unsetPathSeqNum();
+        } else {
+          setPathSeqNum((Long)value);
+        }
+        break;
+
+      }
+    }
+
+    public Object getFieldValue(_Fields field) {
+      switch (field) {
+      case PATH_SEQ_NUM:
+        return Long.valueOf(getPathSeqNum());
+
+      }
+      throw new IllegalStateException();
+    }
+
+    /** Returns true if field corresponding to fieldID is set (has been assigned a value) and false otherwise */
+    public boolean isSet(_Fields field) {
+      if (field == null) {
+        throw new IllegalArgumentException();
+      }
+
+      switch (field) {
+      case PATH_SEQ_NUM:
+        return isSetPathSeqNum();
+      }
+      throw new IllegalStateException();
+    }
+
+    @Override
+    public boolean equals(Object that) {
+      if (that == null)
+        return false;
+      if (that instanceof check_hms_seq_num_args)
+        return this.equals((check_hms_seq_num_args)that);
+      return false;
+    }
+
+    public boolean equals(check_hms_seq_num_args that) {
+      if (that == null)
+        return false;
+
+      boolean this_present_pathSeqNum = true;
+      boolean that_present_pathSeqNum = true;
+      if (this_present_pathSeqNum || that_present_pathSeqNum) {
+        if (!(this_present_pathSeqNum && that_present_pathSeqNum))
+          return false;
+        if (this.pathSeqNum != that.pathSeqNum)
+          return false;
+      }
+
+      return true;
+    }
+
+    @Override
+    public int hashCode() {
+      HashCodeBuilder builder = new HashCodeBuilder();
+
+      boolean present_pathSeqNum = true;
+      builder.append(present_pathSeqNum);
+      if (present_pathSeqNum)
+        builder.append(pathSeqNum);
+
+      return builder.toHashCode();
+    }
+
+    public int compareTo(check_hms_seq_num_args other) {
+      if (!getClass().equals(other.getClass())) {
+        return getClass().getName().compareTo(other.getClass().getName());
+      }
+
+      int lastComparison = 0;
+      check_hms_seq_num_args typedOther = (check_hms_seq_num_args)other;
+
+      lastComparison = Boolean.valueOf(isSetPathSeqNum()).compareTo(typedOther.isSetPathSeqNum());
+      if (lastComparison != 0) {
+        return lastComparison;
+      }
+      if (isSetPathSeqNum()) {
+        lastComparison = org.apache.thrift.TBaseHelper.compareTo(this.pathSeqNum, typedOther.pathSeqNum);
+        if (lastComparison != 0) {
+          return lastComparison;
+        }
+      }
+      return 0;
+    }
+
+    public _Fields fieldForId(int fieldId) {
+      return _Fields.findByThriftId(fieldId);
+    }
+
+    public void read(org.apache.thrift.protocol.TProtocol iprot) throws org.apache.thrift.TException {
+      schemes.get(iprot.getScheme()).getScheme().read(iprot, this);
+    }
+
+    public void write(org.apache.thrift.protocol.TProtocol oprot) throws org.apache.thrift.TException {
+      schemes.get(oprot.getScheme()).getScheme().write(oprot, this);
+    }
+
+    @Override
+    public String toString() {
+      StringBuilder sb = new StringBuilder("check_hms_seq_num_args(");
+      boolean first = true;
+
+      sb.append("pathSeqNum:");
+      sb.append(this.pathSeqNum);
+      first = false;
+      sb.append(")");
+      return sb.toString();
+    }
+
+    public void validate() throws org.apache.thrift.TException {
+      // check for required fields
+      // check for sub-struct validity
+    }
+
+    private void writeObject(java.io.ObjectOutputStream out) throws java.io.IOException {
+      try {
+        write(new org.apache.thrift.protocol.TCompactProtocol(new org.apache.thrift.transport.TIOStreamTransport(out)));
+      } catch (org.apache.thrift.TException te) {
+        throw new java.io.IOException(te);
+      }
+    }
+
+    private void readObject(java.io.ObjectInputStream in) throws java.io.IOException, ClassNotFoundException {
+      try {
+        // it doesn't seem like you should have to do this, but java serialization is wacky, and doesn't call the default constructor.
+        __isset_bitfield = 0;
+        read(new org.apache.thrift.protocol.TCompactProtocol(new org.apache.thrift.transport.TIOStreamTransport(in)));
+      } catch (org.apache.thrift.TException te) {
+        throw new java.io.IOException(te);
+      }
+    }
+
+    private static class check_hms_seq_num_argsStandardSchemeFactory implements SchemeFactory {
+      public check_hms_seq_num_argsStandardScheme getScheme() {
+        return new check_hms_seq_num_argsStandardScheme();
+      }
+    }
+
+    private static class check_hms_seq_num_argsStandardScheme extends StandardScheme<check_hms_seq_num_args> {
+
+      public void read(org.apache.thrift.protocol.TProtocol iprot, check_hms_seq_num_args struct) throws org.apache.thrift.TException {
+        org.apache.thrift.protocol.TField schemeField;
+        iprot.readStructBegin();
+        while (true)
+        {
+          schemeField = iprot.readFieldBegin();
+          if (schemeField.type == org.apache.thrift.protocol.TType.STOP) { 
+            break;
+          }
+          switch (schemeField.id) {
+            case 1: // PATH_SEQ_NUM
+              if (schemeField.type == org.apache.thrift.protocol.TType.I64) {
+                struct.pathSeqNum = iprot.readI64();
+                struct.setPathSeqNumIsSet(true);
+              } else { 
+                org.apache.thrift.protocol.TProtocolUtil.skip(iprot, schemeField.type);
+              }
+              break;
+            default:
+              org.apache.thrift.protocol.TProtocolUtil.skip(iprot, schemeField.type);
+          }
+          iprot.readFieldEnd();
+        }
+        iprot.readStructEnd();
+        struct.validate();
+      }
+
+      public void write(org.apache.thrift.protocol.TProtocol oprot, check_hms_seq_num_args struct) throws org.apache.thrift.TException {
+        struct.validate();
+
+        oprot.writeStructBegin(STRUCT_DESC);
+        oprot.writeFieldBegin(PATH_SEQ_NUM_FIELD_DESC);
+        oprot.writeI64(struct.pathSeqNum);
+        oprot.writeFieldEnd();
+        oprot.writeFieldStop();
+        oprot.writeStructEnd();
+      }
+
+    }
+
+    private static class check_hms_seq_num_argsTupleSchemeFactory implements SchemeFactory {
+      public check_hms_seq_num_argsTupleScheme getScheme() {
+        return new check_hms_seq_num_argsTupleScheme();
+      }
+    }
+
+    private static class check_hms_seq_num_argsTupleScheme extends TupleScheme<check_hms_seq_num_args> {
+
+      @Override
+      public void write(org.apache.thrift.protocol.TProtocol prot, check_hms_seq_num_args struct) throws org.apache.thrift.TException {
+        TTupleProtocol oprot = (TTupleProtocol) prot;
+        BitSet optionals = new BitSet();
+        if (struct.isSetPathSeqNum()) {
+          optionals.set(0);
+        }
+        oprot.writeBitSet(optionals, 1);
+        if (struct.isSetPathSeqNum()) {
+          oprot.writeI64(struct.pathSeqNum);
+        }
+      }
+
+      @Override
+      public void read(org.apache.thrift.protocol.TProtocol prot, check_hms_seq_num_args struct) throws org.apache.thrift.TException {
+        TTupleProtocol iprot = (TTupleProtocol) prot;
+        BitSet incoming = iprot.readBitSet(1);
+        if (incoming.get(0)) {
+          struct.pathSeqNum = iprot.readI64();
+          struct.setPathSeqNumIsSet(true);
+        }
+      }
+    }
+
+  }
+
+  public static class check_hms_seq_num_result implements org.apache.thrift.TBase<check_hms_seq_num_result, check_hms_seq_num_result._Fields>, java.io.Serializable, Cloneable   {
+    private static final org.apache.thrift.protocol.TStruct STRUCT_DESC = new org.apache.thrift.protocol.TStruct("check_hms_seq_num_result");
+
+    private static final org.apache.thrift.protocol.TField SUCCESS_FIELD_DESC = new org.apache.thrift.protocol.TField("success", org.apache.thrift.protocol.TType.I64, (short)0);
+
+    private static final Map<Class<? extends IScheme>, SchemeFactory> schemes = new HashMap<Class<? extends IScheme>, SchemeFactory>();
+    static {
+      schemes.put(StandardScheme.class, new check_hms_seq_num_resultStandardSchemeFactory());
+      schemes.put(TupleScheme.class, new check_hms_seq_num_resultTupleSchemeFactory());
+    }
+
+    private long success; // required
+
+    /** The set of fields this struct contains, along with convenience methods for finding and manipulating them. */
+    public enum _Fields implements org.apache.thrift.TFieldIdEnum {
+      SUCCESS((short)0, "success");
+
+      private static final Map<String, _Fields> byName = new HashMap<String, _Fields>();
+
+      static {
+        for (_Fields field : EnumSet.allOf(_Fields.class)) {
+          byName.put(field.getFieldName(), field);
+        }
+      }
+
+      /**
+       * Find the _Fields constant that matches fieldId, or null if its not found.
+       */
+      public static _Fields findByThriftId(int fieldId) {
+        switch(fieldId) {
+          case 0: // SUCCESS
+            return SUCCESS;
+          default:
+            return null;
+        }
+      }
+
+      /**
+       * Find the _Fields constant that matches fieldId, throwing an exception
+       * if it is not found.
+       */
+      public static _Fields findByThriftIdOrThrow(int fieldId) {
+        _Fields fields = findByThriftId(fieldId);
+        if (fields == null) throw new IllegalArgumentException("Field " + fieldId + " doesn't exist!");
+        return fields;
+      }
+
+      /**
+       * Find the _Fields constant that matches name, or null if its not found.
+       */
+      public static _Fields findByName(String name) {
+        return byName.get(name);
+      }
+
+      private final short _thriftId;
+      private final String _fieldName;
+
+      _Fields(short thriftId, String fieldName) {
+        _thriftId = thriftId;
+        _fieldName = fieldName;
+      }
+
+      public short getThriftFieldId() {
+        return _thriftId;
+      }
+
+      public String getFieldName() {
+        return _fieldName;
+      }
+    }
+
+    // isset id assignments
+    private static final int __SUCCESS_ISSET_ID = 0;
+    private byte __isset_bitfield = 0;
+    public static final Map<_Fields, org.apache.thrift.meta_data.FieldMetaData> metaDataMap;
+    static {
+      Map<_Fields, org.apache.thrift.meta_data.FieldMetaData> tmpMap = new EnumMap<_Fields, org.apache.thrift.meta_data.FieldMetaData>(_Fields.class);
+      tmpMap.put(_Fields.SUCCESS, new org.apache.thrift.meta_data.FieldMetaData("success", org.apache.thrift.TFieldRequirementType.DEFAULT, 
+          new org.apache.thrift.meta_data.FieldValueMetaData(org.apache.thrift.protocol.TType.I64)));
+      metaDataMap = Collections.unmodifiableMap(tmpMap);
+      org.apache.thrift.meta_data.FieldMetaData.addStructMetaDataMap(check_hms_seq_num_result.class, metaDataMap);
+    }
+
+    public check_hms_seq_num_result() {
+    }
+
+    public check_hms_seq_num_result(
+      long success)
+    {
+      this();
+      this.success = success;
+      setSuccessIsSet(true);
+    }
+
+    /**
+     * Performs a deep copy on <i>other</i>.
+     */
+    public check_hms_seq_num_result(check_hms_seq_num_result other) {
+      __isset_bitfield = other.__isset_bitfield;
+      this.success = other.success;
+    }
+
+    public check_hms_seq_num_result deepCopy() {
+      return new check_hms_seq_num_result(this);
+    }
+
+    @Override
+    public void clear() {
+      setSuccessIsSet(false);
+      this.success = 0;
+    }
+
+    public long getSuccess() {
+      return this.success;
+    }
+
+    public void setSuccess(long success) {
+      this.success = success;
+      setSuccessIsSet(true);
+    }
+
+    public void unsetSuccess() {
+      __isset_bitfield = EncodingUtils.clearBit(__isset_bitfield, __SUCCESS_ISSET_ID);
+    }
+
+    /** Returns true if field success is set (has been assigned a value) and false otherwise */
+    public boolean isSetSuccess() {
+      return EncodingUtils.testBit(__isset_bitfield, __SUCCESS_ISSET_ID);
+    }
+
+    public void setSuccessIsSet(boolean value) {
+      __isset_bitfield = EncodingUtils.setBit(__isset_bitfield, __SUCCESS_ISSET_ID, value);
+    }
+
+    public void setFieldValue(_Fields field, Object value) {
+      switch (field) {
+      case SUCCESS:
+        if (value == null) {
+          unsetSuccess();
+        } else {
+          setSuccess((Long)value);
+        }
+        break;
+
+      }
+    }
+
+    public Object getFieldValue(_Fields field) {
+      switch (field) {
+      case SUCCESS:
+        return Long.valueOf(getSuccess());
+
+      }
+      throw new IllegalStateException();
+    }
+
+    /** Returns true if field corresponding to fieldID is set (has been assigned a value) and false otherwise */
+    public boolean isSet(_Fields field) {
+      if (field == null) {
+        throw new IllegalArgumentException();
+      }
+
+      switch (field) {
+      case SUCCESS:
+        return isSetSuccess();
+      }
+      throw new IllegalStateException();
+    }
+
+    @Override
+    public boolean equals(Object that) {
+      if (that == null)
+        return false;
+      if (that instanceof check_hms_seq_num_result)
+        return this.equals((check_hms_seq_num_result)that);
+      return false;
+    }
+
+    public boolean equals(check_hms_seq_num_result that) {
+      if (that == null)
+        return false;
+
+      boolean this_present_success = true;
+      boolean that_present_success = true;
+      if (this_present_success || that_present_success) {
+        if (!(this_present_success && that_present_success))
+          return false;
+        if (this.success != that.success)
+          return false;
+      }
+
+      return true;
+    }
+
+    @Override
+    public int hashCode() {
+      HashCodeBuilder builder = new HashCodeBuilder();
+
+      boolean present_success = true;
+      builder.append(present_success);
+      if (present_success)
+        builder.append(success);
+
+      return builder.toHashCode();
+    }
+
+    public int compareTo(check_hms_seq_num_result other) {
+      if (!getClass().equals(other.getClass())) {
+        return getClass().getName().compareTo(other.getClass().getName());
+      }
+
+      int lastComparison = 0;
+      check_hms_seq_num_result typedOther = (check_hms_seq_num_result)other;
+
+      lastComparison = Boolean.valueOf(isSetSuccess()).compareTo(typedOther.isSetSuccess());
+      if (lastComparison != 0) {
+        return lastComparison;
+      }
+      if (isSetSuccess()) {
+        lastComparison = org.apache.thrift.TBaseHelper.compareTo(this.success, typedOther.success);
+        if (lastComparison != 0) {
+          return lastComparison;
+        }
+      }
+      return 0;
+    }
+
+    public _Fields fieldForId(int fieldId) {
+      return _Fields.findByThriftId(fieldId);
+    }
+
+    public void read(org.apache.thrift.protocol.TProtocol iprot) throws org.apache.thrift.TException {
+      schemes.get(iprot.getScheme()).getScheme().read(iprot, this);
+    }
+
+    public void write(org.apache.thrift.protocol.TProtocol oprot) throws org.apache.thrift.TException {
+      schemes.get(oprot.getScheme()).getScheme().write(oprot, this);
+      }
+
+    @Override
+    public String toString() {
+      StringBuilder sb = new StringBuilder("check_hms_seq_num_result(");
+      boolean first = true;
+
+      sb.append("success:");
+      sb.append(this.success);
+      first = false;
+      sb.append(")");
+      return sb.toString();
+    }
+
+    public void validate() throws org.apache.thrift.TException {
+      // check for required fields
+      // check for sub-struct validity
+    }
+
+    private void writeObject(java.io.ObjectOutputStream out) throws java.io.IOException {
+      try {
+        write(new org.apache.thrift.protocol.TCompactProtocol(new org.apache.thrift.transport.TIOStreamTransport(out)));
+      } catch (org.apache.thrift.TException te) {
+        throw new java.io.IOException(te);
+      }
+    }
+
+    private void readObject(java.io.ObjectInputStream in) throws java.io.IOException, ClassNotFoundException {
+      try {
+        // it doesn't seem like you should have to do this, but java serialization is wacky, and doesn't call the default constructor.
+        __isset_bitfield = 0;
+        read(new org.apache.thrift.protocol.TCompactProtocol(new org.apache.thrift.transport.TIOStreamTransport(in)));
+      } catch (org.apache.thrift.TException te) {
+        throw new java.io.IOException(te);
+      }
+    }
+
+    private static class check_hms_seq_num_resultStandardSchemeFactory implements SchemeFactory {
+      public check_hms_seq_num_resultStandardScheme getScheme() {
+        return new check_hms_seq_num_resultStandardScheme();
+      }
+    }
+
+    private static class check_hms_seq_num_resultStandardScheme extends StandardScheme<check_hms_seq_num_result> {
+
+      public void read(org.apache.thrift.protocol.TProtocol iprot, check_hms_seq_num_result struct) throws org.apache.thrift.TException {
+        org.apache.thrift.protocol.TField schemeField;
+        iprot.readStructBegin();
+        while (true)
+        {
+          schemeField = iprot.readFieldBegin();
+          if (schemeField.type == org.apache.thrift.protocol.TType.STOP) { 
+            break;
+          }
+          switch (schemeField.id) {
+            case 0: // SUCCESS
+              if (schemeField.type == org.apache.thrift.protocol.TType.I64) {
+                struct.success = iprot.readI64();
+                struct.setSuccessIsSet(true);
+              } else { 
+                org.apache.thrift.protocol.TProtocolUtil.skip(iprot, schemeField.type);
+              }
+              break;
+            default:
+              org.apache.thrift.protocol.TProtocolUtil.skip(iprot, schemeField.type);
+          }
+          iprot.readFieldEnd();
+        }
+        iprot.readStructEnd();
+        struct.validate();
+      }
+
+      public void write(org.apache.thrift.protocol.TProtocol oprot, check_hms_seq_num_result struct) throws org.apache.thrift.TException {
+        struct.validate();
+
+        oprot.writeStructBegin(STRUCT_DESC);
+        if (struct.isSetSuccess()) {
+          oprot.writeFieldBegin(SUCCESS_FIELD_DESC);
+          oprot.writeI64(struct.success);
+          oprot.writeFieldEnd();
+        }
+        oprot.writeFieldStop();
+        oprot.writeStructEnd();
+      }
+
+    }
+
+    private static class check_hms_seq_num_resultTupleSchemeFactory implements SchemeFactory {
+      public check_hms_seq_num_resultTupleScheme getScheme() {
+        return new check_hms_seq_num_resultTupleScheme();
+      }
+    }
+
+    private static class check_hms_seq_num_resultTupleScheme extends TupleScheme<check_hms_seq_num_result> {
+
+      @Override
+      public void write(org.apache.thrift.protocol.TProtocol prot, check_hms_seq_num_result struct) throws org.apache.thrift.TException {
+        TTupleProtocol oprot = (TTupleProtocol) prot;
+        BitSet optionals = new BitSet();
+        if (struct.isSetSuccess()) {
+          optionals.set(0);
+        }
+        oprot.writeBitSet(optionals, 1);
+        if (struct.isSetSuccess()) {
+          oprot.writeI64(struct.success);
+        }
+      }
+
+      @Override
+      public void read(org.apache.thrift.protocol.TProtocol prot, check_hms_seq_num_result struct) throws org.apache.thrift.TException {
+        TTupleProtocol iprot = (TTupleProtocol) prot;
+        BitSet incoming = iprot.readBitSet(1);
+        if (incoming.get(0)) {
+          struct.success = iprot.readI64();
+          struct.setSuccessIsSet(true);
+        }
+      }
+    }
+
+  }
+
   public static class get_all_authz_updates_from_args implements org.apache.thrift.TBase<get_all_authz_updates_from_args, get_all_authz_updates_from_args._Fields>, java.io.Serializable, Cloneable   {
     private static final org.apache.thrift.protocol.TStruct STRUCT_DESC = new org.apache.thrift.protocol.TStruct("get_all_authz_updates_from_args");
 

http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/d66ebb71/sentry-hdfs/sentry-hdfs-common/src/main/java/org/apache/sentry/hdfs/AuthzPaths.java
----------------------------------------------------------------------
diff --git a/sentry-hdfs/sentry-hdfs-common/src/main/java/org/apache/sentry/hdfs/AuthzPaths.java b/sentry-hdfs/sentry-hdfs-common/src/main/java/org/apache/sentry/hdfs/AuthzPaths.java
index 9ea50c7..ba16f4a 100644
--- a/sentry-hdfs/sentry-hdfs-common/src/main/java/org/apache/sentry/hdfs/AuthzPaths.java
+++ b/sentry-hdfs/sentry-hdfs-common/src/main/java/org/apache/sentry/hdfs/AuthzPaths.java
@@ -17,14 +17,42 @@
  */
 package org.apache.sentry.hdfs;
 
+/**
+ * A public interface of the fundamental APIs exposed by the implementing
+ * data structure. The primary client of this interface is the Namenode
+ * plugin.
+ */
 public interface AuthzPaths {
 
+  /**
+   * Check if a Path belongs to the configured prefix set
+   * @param pathElements : A path split into segments
+   * @return Is Path under configured prefix
+   */
   public boolean isUnderPrefix(String[] pathElements);
 
+  /**
+   * Returns the authorizable Object (database/table) associated with this path.
+   * Unlike {@link #findAuthzObjectExactMatch(String[])}, if not match is
+   * found, it will return the first ancestor that has an associated
+   * authorizable object.
+   * @param pathElements : A path split into segments
+   * @return A authzObject associated with this path
+   */
   public String findAuthzObject(String[] pathElements);
 
+  /**
+   * Returns the authorizable Object (database/table) associated with this path.
+   * @param pathElements : A path split into segments
+   * @return A authzObject associated with this path
+   */
   public String findAuthzObjectExactMatch(String[] pathElements);
 
+  /**
+   * Return a Dumper that may return a more optimized over the
+   * wire representation of the internal data-structures.
+   * @return
+   */
   public AuthzPathsDumper<? extends AuthzPaths> getPathsDump();
 
 }

http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/d66ebb71/sentry-hdfs/sentry-hdfs-common/src/main/java/org/apache/sentry/hdfs/HMSPaths.java
----------------------------------------------------------------------
diff --git a/sentry-hdfs/sentry-hdfs-common/src/main/java/org/apache/sentry/hdfs/HMSPaths.java b/sentry-hdfs/sentry-hdfs-common/src/main/java/org/apache/sentry/hdfs/HMSPaths.java
index e445634..34ceadc 100644
--- a/sentry-hdfs/sentry-hdfs-common/src/main/java/org/apache/sentry/hdfs/HMSPaths.java
+++ b/sentry-hdfs/sentry-hdfs-common/src/main/java/org/apache/sentry/hdfs/HMSPaths.java
@@ -30,6 +30,12 @@ import com.google.common.annotations.VisibleForTesting;
 import com.google.common.base.Preconditions;
 import com.google.common.collect.Lists;
 
+/**
+ * A non thread-safe implementation of {@link AuthzPaths}. It abstracts over the
+ * core data-structures used to efficiently handle request from clients of 
+ * the {@link AuthzPaths} paths. All updates to this class is handled by the
+ * thread safe {@link UpdateableAuthzPaths} class
+ */
 public class HMSPaths implements AuthzPaths {
 
   @VisibleForTesting
@@ -102,7 +108,7 @@ public class HMSPaths implements AuthzPaths {
   static class Entry {
     private Entry parent;
     private EntryType type;
-    private final String pathElement;
+    private String pathElement;
     private String authzObj;
     private final Map<String, Entry> children;
 
@@ -170,7 +176,7 @@ public class HMSPaths implements AuthzPaths {
       }
       return sb.toString();
     }
-    
+
     public Entry createPrefix(List<String> pathElements) {
       Entry prefix = findPrefixEntry(pathElements);
       if (prefix != null) {
@@ -310,10 +316,12 @@ public class HMSPaths implements AuthzPaths {
   }
 
   private volatile Entry root;
+  private String[] prefixes;
   private Map<String, Set<Entry>> authzObjToPath;
 
   public HMSPaths(String[] pathPrefixes) {
     boolean rootPrefix = false;
+    this.prefixes = pathPrefixes;
     for (String pathPrefix : pathPrefixes) {
       rootPrefix = rootPrefix || pathPrefix.equals(Path.SEPARATOR);
     }
@@ -330,10 +338,6 @@ public class HMSPaths implements AuthzPaths {
     authzObjToPath = new HashMap<String, Set<Entry>>();
   }
 
-  HMSPaths() {
-    authzObjToPath = new HashMap<String, Set<Entry>>();
-  }
-
   void _addAuthzObject(String authzObj, List<String> authzObjPaths) {
     addAuthzObject(authzObj, gePathsElements(authzObjPaths));
   }
@@ -441,12 +445,49 @@ public class HMSPaths implements AuthzPaths {
     return authzObj;
   }
 
+  boolean renameAuthzObject(String oldName, List<String> oldPathElems,
+      String newName, List<String> newPathElems) {
+    // Handle '/'
+    if ((oldPathElems == null)||(oldPathElems.size() == 0)) return false;
+    Entry entry =
+        root.find(oldPathElems.toArray(new String[oldPathElems.size()]), false);
+    if ((entry != null)&&(entry.getAuthzObj().equals(oldName))) {
+      // Update pathElements
+      for (int i = newPathElems.size() - 1; i > -1; i--) {
+        if (entry.parent != null) {
+          if (!entry.pathElement.equals(newPathElems.get(i))) {
+            entry.parent.getChildren().put(newPathElems.get(i), entry);
+            entry.parent.getChildren().remove(entry.pathElement);
+          }
+        }
+        entry.pathElement = newPathElems.get(i);
+        entry = entry.parent;
+      }
+      // This would be true only for table rename
+      if (!oldName.equals(newName)) {
+        Set<Entry> eSet = authzObjToPath.get(oldName);
+        authzObjToPath.put(newName, eSet);
+        for (Entry e : eSet) {
+          if (e.getAuthzObj().equals(oldName)) {
+            e.setAuthzObj(newName);
+          }
+        }
+        authzObjToPath.remove(oldName);
+      }
+    }
+    return true;
+  }
+
   @Override
   public boolean isUnderPrefix(String[] pathElements) {
     return root.findPrefixEntry(Lists.newArrayList(pathElements)) != null;
   }
 
   // Used by the serializer
+  String[] getPrefixes() {
+    return prefixes;
+  }
+
   Entry getRootEntry() {
     return root;
   }
@@ -460,8 +501,8 @@ public class HMSPaths implements AuthzPaths {
   }
 
   @Override
-  public HMSPathsSerDe getPathsDump() {
-    return new HMSPathsSerDe(this);
+  public HMSPathsDumper getPathsDump() {
+    return new HMSPathsDumper(this);
   }
 
 }

http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/d66ebb71/sentry-hdfs/sentry-hdfs-common/src/main/java/org/apache/sentry/hdfs/HMSPathsDumper.java
----------------------------------------------------------------------
diff --git a/sentry-hdfs/sentry-hdfs-common/src/main/java/org/apache/sentry/hdfs/HMSPathsDumper.java b/sentry-hdfs/sentry-hdfs-common/src/main/java/org/apache/sentry/hdfs/HMSPathsDumper.java
new file mode 100644
index 0000000..1537c1e
--- /dev/null
+++ b/sentry-hdfs/sentry-hdfs-common/src/main/java/org/apache/sentry/hdfs/HMSPathsDumper.java
@@ -0,0 +1,126 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership.  The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License.  You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.sentry.hdfs;
+
+import java.util.HashMap;
+import java.util.HashSet;
+import java.util.Map;
+import java.util.Set;
+import java.util.concurrent.atomic.AtomicInteger;
+
+import org.apache.sentry.hdfs.HMSPaths.Entry;
+import org.apache.sentry.hdfs.HMSPaths.EntryType;
+import org.apache.sentry.hdfs.service.thrift.TPathEntry;
+import org.apache.sentry.hdfs.service.thrift.TPathsDump;
+
+public class HMSPathsDumper implements AuthzPathsDumper<HMSPaths> {
+
+  private final HMSPaths hmsPaths;
+
+  static class Tuple {
+    final TPathEntry entry;
+    final int id;
+    Tuple(TPathEntry entry, int id) {
+      this.entry = entry;
+      this.id = id;
+    }
+  }
+
+  public HMSPathsDumper(HMSPaths hmsPaths) {
+    this.hmsPaths = hmsPaths;
+  }
+
+  @Override
+  public TPathsDump createPathsDump() {
+    AtomicInteger counter = new AtomicInteger(0);
+    Map<Integer, TPathEntry> idMap = new HashMap<Integer, TPathEntry>();
+    Tuple tRootTuple =
+        createTPathEntry(hmsPaths.getRootEntry(), counter, idMap);
+    idMap.put(tRootTuple.id, tRootTuple.entry);
+    cloneToTPathEntry(hmsPaths.getRootEntry(), tRootTuple.entry, counter, idMap);
+    return new TPathsDump(tRootTuple.id, idMap);
+  }
+
+  private void cloneToTPathEntry(Entry parent, TPathEntry tParent,
+      AtomicInteger counter, Map<Integer, TPathEntry> idMap) {
+    for (Entry child : parent.getChildren().values()) {
+      Tuple childTuple = createTPathEntry(child, counter, idMap);
+      tParent.getChildren().add(childTuple.id);
+      cloneToTPathEntry(child, childTuple.entry, counter, idMap);
+    }
+  }
+
+  private Tuple createTPathEntry(Entry entry, AtomicInteger idCounter,
+      Map<Integer, TPathEntry> idMap) {
+    int myId = idCounter.incrementAndGet();
+    TPathEntry tEntry = new TPathEntry(entry.getType().getByte(),
+        entry.getPathElement(), new HashSet<Integer>());
+    if (entry.getAuthzObj() != null) {
+      tEntry.setAuthzObj(entry.getAuthzObj());
+    }
+    idMap.put(myId, tEntry);
+    return new Tuple(tEntry, myId);
+  }
+
+  @Override
+  public HMSPaths initializeFromDump(TPathsDump pathDump) {
+    HMSPaths hmsPaths = new HMSPaths(this.hmsPaths.getPrefixes());
+    TPathEntry tRootEntry = pathDump.getNodeMap().get(pathDump.getRootId());
+    Entry rootEntry = hmsPaths.getRootEntry();
+//    Entry rootEntry = new Entry(null, tRootEntry.getPathElement(),
+//        EntryType.fromByte(tRootEntry.getType()), tRootEntry.getAuthzObj());
+    Map<String, Set<Entry>> authzObjToPath = new HashMap<String, Set<Entry>>();
+    cloneToEntry(tRootEntry, rootEntry, pathDump.getNodeMap(), authzObjToPath,
+        rootEntry.getType() == EntryType.PREFIX);
+    hmsPaths.setRootEntry(rootEntry);
+    hmsPaths.setAuthzObjToPathMapping(authzObjToPath);
+    return hmsPaths;
+  }
+
+  private void cloneToEntry(TPathEntry tParent, Entry parent,
+      Map<Integer, TPathEntry> idMap, Map<String,
+      Set<Entry>> authzObjToPath, boolean hasCrossedPrefix) {
+    for (Integer id : tParent.getChildren()) {
+      TPathEntry tChild = idMap.get(id);
+      Entry child = null;
+      boolean isChildPrefix = hasCrossedPrefix;
+      if (!hasCrossedPrefix) {
+        child = parent.getChildren().get(tChild.getPathElement());
+        // If we havn't reached a prefix entry yet, then child should
+        // already exists.. else it is not part of the prefix
+        if (child == null) continue;
+        isChildPrefix = child.getType() == EntryType.PREFIX;
+      }
+      if (child == null) {
+        child = new Entry(parent, tChild.getPathElement(),
+            EntryType.fromByte(tChild.getType()), tChild.getAuthzObj());
+      }
+      if (child.getAuthzObj() != null) {
+        Set<Entry> paths = authzObjToPath.get(child.getAuthzObj());
+        if (paths == null) {
+          paths = new HashSet<Entry>();
+          authzObjToPath.put(child.getAuthzObj(), paths);
+        }
+        paths.add(child);
+      }
+      parent.getChildren().put(child.getPathElement(), child);
+      cloneToEntry(tChild, child, idMap, authzObjToPath, isChildPrefix);
+    }
+  }
+
+}

http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/d66ebb71/sentry-hdfs/sentry-hdfs-common/src/main/java/org/apache/sentry/hdfs/HMSPathsSerDe.java
----------------------------------------------------------------------
diff --git a/sentry-hdfs/sentry-hdfs-common/src/main/java/org/apache/sentry/hdfs/HMSPathsSerDe.java b/sentry-hdfs/sentry-hdfs-common/src/main/java/org/apache/sentry/hdfs/HMSPathsSerDe.java
deleted file mode 100644
index b642a3b..0000000
--- a/sentry-hdfs/sentry-hdfs-common/src/main/java/org/apache/sentry/hdfs/HMSPathsSerDe.java
+++ /dev/null
@@ -1,113 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements.  See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership.  The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License.  You may obtain a copy of the License at
- *
- *     http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package org.apache.sentry.hdfs;
-
-import java.util.HashMap;
-import java.util.HashSet;
-import java.util.IdentityHashMap;
-import java.util.Map;
-import java.util.Set;
-import java.util.concurrent.atomic.AtomicInteger;
-
-import org.apache.sentry.hdfs.HMSPaths.Entry;
-import org.apache.sentry.hdfs.HMSPaths.EntryType;
-import org.apache.sentry.hdfs.service.thrift.TPathEntry;
-import org.apache.sentry.hdfs.service.thrift.TPathsDump;
-
-public class HMSPathsSerDe implements AuthzPathsDumper<HMSPaths> {
-
-  private final HMSPaths hmsPaths;
-
-  static class Tuple {
-    final TPathEntry entry;
-    final int id;
-    Tuple(TPathEntry entry, int id) {
-      this.entry = entry;
-      this.id = id;
-    }
-  }
-
-  public HMSPathsSerDe(HMSPaths hmsPaths) {
-    this.hmsPaths = hmsPaths;
-  }
-
-  @Override
-  public TPathsDump createPathsDump() {
-    AtomicInteger counter = new AtomicInteger(0);
-    Map<Integer, TPathEntry> idMap = new HashMap<Integer, TPathEntry>();
-    Tuple tRootTuple =
-        createTPathEntry(hmsPaths.getRootEntry(), counter, idMap);
-    idMap.put(tRootTuple.id, tRootTuple.entry);
-    cloneToTPathEntry(hmsPaths.getRootEntry(), tRootTuple.entry, counter, idMap);
-    return new TPathsDump(tRootTuple.id, idMap);
-  }
-
-  private void cloneToTPathEntry(Entry parent, TPathEntry tParent,
-      AtomicInteger counter, Map<Integer, TPathEntry> idMap) {
-    for (Entry child : parent.getChildren().values()) {
-      Tuple childTuple = createTPathEntry(child, counter, idMap);
-      tParent.getChildren().add(childTuple.id);
-      cloneToTPathEntry(child, childTuple.entry, counter, idMap);
-    }
-  }
-
-  private Tuple createTPathEntry(Entry entry, AtomicInteger idCounter,
-      Map<Integer, TPathEntry> idMap) {
-    int myId = idCounter.incrementAndGet();
-    TPathEntry tEntry = new TPathEntry(entry.getType().getByte(),
-        entry.getPathElement(), new HashSet<Integer>());
-    if (entry.getAuthzObj() != null) {
-      tEntry.setAuthzObj(entry.getAuthzObj());
-    }
-    idMap.put(myId, tEntry);
-    return new Tuple(tEntry, myId);
-  }
-
-  @Override
-  public HMSPaths initializeFromDump(TPathsDump pathDump) {
-    HMSPaths hmsPaths = new HMSPaths();
-    TPathEntry tRootEntry = pathDump.getNodeMap().get(pathDump.getRootId());
-    Entry rootEntry = new Entry(null, tRootEntry.getPathElement(),
-        EntryType.fromByte(tRootEntry.getType()), tRootEntry.getAuthzObj());
-    Map<String, Set<Entry>> authzObjToPath = new HashMap<String, Set<Entry>>();
-    cloneToEntry(tRootEntry, rootEntry, pathDump.getNodeMap(), authzObjToPath);
-    hmsPaths.setRootEntry(rootEntry);
-    hmsPaths.setAuthzObjToPathMapping(authzObjToPath);
-    return hmsPaths;
-  }
-
-  private void cloneToEntry(TPathEntry tParent, Entry parent,
-      Map<Integer, TPathEntry> idMap, Map<String, Set<Entry>> authzObjToPath) {
-    for (Integer id : tParent.getChildren()) {
-      TPathEntry tChild = idMap.get(id);
-      Entry child = new Entry(parent, tChild.getPathElement(),
-          EntryType.fromByte(tChild.getType()), tChild.getAuthzObj());
-      if (child.getAuthzObj() != null) {
-        Set<Entry> paths = authzObjToPath.get(child.getAuthzObj());
-        if (paths == null) {
-          paths = new HashSet<Entry>();
-          authzObjToPath.put(child.getAuthzObj(), paths);
-        }
-        paths.add(child);
-      }
-      parent.getChildren().put(child.getPathElement(), child);
-      cloneToEntry(tChild, child, idMap, authzObjToPath);
-    }
-  }
-
-}

http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/d66ebb71/sentry-hdfs/sentry-hdfs-common/src/main/java/org/apache/sentry/hdfs/MetastoreClient.java
----------------------------------------------------------------------
diff --git a/sentry-hdfs/sentry-hdfs-common/src/main/java/org/apache/sentry/hdfs/MetastoreClient.java b/sentry-hdfs/sentry-hdfs-common/src/main/java/org/apache/sentry/hdfs/MetastoreClient.java
index 3b64756..3ecff94 100644
--- a/sentry-hdfs/sentry-hdfs-common/src/main/java/org/apache/sentry/hdfs/MetastoreClient.java
+++ b/sentry-hdfs/sentry-hdfs-common/src/main/java/org/apache/sentry/hdfs/MetastoreClient.java
@@ -23,6 +23,10 @@ import org.apache.hadoop.hive.metastore.api.Database;
 import org.apache.hadoop.hive.metastore.api.Partition;
 import org.apache.hadoop.hive.metastore.api.Table;
 
+/**
+ * Interface to abstract all interactions between Sentry and Hive Metastore
+ * 
+ */
 public interface MetastoreClient {
 
   public List<Database> getAllDatabases();

http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/d66ebb71/sentry-hdfs/sentry-hdfs-common/src/main/java/org/apache/sentry/hdfs/PathsUpdate.java
----------------------------------------------------------------------
diff --git a/sentry-hdfs/sentry-hdfs-common/src/main/java/org/apache/sentry/hdfs/PathsUpdate.java b/sentry-hdfs/sentry-hdfs-common/src/main/java/org/apache/sentry/hdfs/PathsUpdate.java
index c5ac783..60f8629 100644
--- a/sentry-hdfs/sentry-hdfs-common/src/main/java/org/apache/sentry/hdfs/PathsUpdate.java
+++ b/sentry-hdfs/sentry-hdfs-common/src/main/java/org/apache/sentry/hdfs/PathsUpdate.java
@@ -27,6 +27,10 @@ import org.apache.sentry.hdfs.service.thrift.TPathsUpdate;
 
 import com.google.common.collect.Lists;
 
+/**
+ * A wrapper class over the TPathsUpdate thrift generated class. Please see
+ * {@link Updateable.Update} for more information 
+ */
 public class PathsUpdate implements Updateable.Update {
   
   public static String ALL_PATHS = "__ALL_PATHS__";
@@ -66,7 +70,7 @@ public class PathsUpdate implements Updateable.Update {
     tPathsUpdate.setSeqNum(seqNum);
   }
 
-  public TPathsUpdate getThriftObject() {
+  public TPathsUpdate toThrift() {
     return tPathsUpdate;
   }
 

http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/d66ebb71/sentry-hdfs/sentry-hdfs-common/src/main/java/org/apache/sentry/hdfs/PermissionsUpdate.java
----------------------------------------------------------------------
diff --git a/sentry-hdfs/sentry-hdfs-common/src/main/java/org/apache/sentry/hdfs/PermissionsUpdate.java b/sentry-hdfs/sentry-hdfs-common/src/main/java/org/apache/sentry/hdfs/PermissionsUpdate.java
index c9ed96e..1130140 100644
--- a/sentry-hdfs/sentry-hdfs-common/src/main/java/org/apache/sentry/hdfs/PermissionsUpdate.java
+++ b/sentry-hdfs/sentry-hdfs-common/src/main/java/org/apache/sentry/hdfs/PermissionsUpdate.java
@@ -27,6 +27,7 @@ import org.apache.sentry.hdfs.service.thrift.TRoleChanges;
 
 public class PermissionsUpdate implements Updateable.Update {
 
+  public static String RENAME_PRIVS = "__RENAME_PRIV__";
   public static String ALL_AUTHZ_OBJ = "__ALL_AUTHZ_OBJ__";
   public static String ALL_PRIVS = "__ALL_PRIVS__";
   public static String ALL_ROLES = "__ALL_ROLES__";
@@ -87,7 +88,7 @@ public class PermissionsUpdate implements Updateable.Update {
     return tPermUpdate.getPrivilegeChanges().values();
   }
 
-  public TPermissionsUpdate getThriftObject() {
+  public TPermissionsUpdate toThrift() {
     return tPermUpdate;
   }
 }

http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/d66ebb71/sentry-hdfs/sentry-hdfs-common/src/main/java/org/apache/sentry/hdfs/SentryHDFSServiceClient.java
----------------------------------------------------------------------
diff --git a/sentry-hdfs/sentry-hdfs-common/src/main/java/org/apache/sentry/hdfs/SentryHDFSServiceClient.java b/sentry-hdfs/sentry-hdfs-common/src/main/java/org/apache/sentry/hdfs/SentryHDFSServiceClient.java
index fa31a19..ecd6ee7 100644
--- a/sentry-hdfs/sentry-hdfs-common/src/main/java/org/apache/sentry/hdfs/SentryHDFSServiceClient.java
+++ b/sentry-hdfs/sentry-hdfs-common/src/main/java/org/apache/sentry/hdfs/SentryHDFSServiceClient.java
@@ -177,7 +177,16 @@ public class SentryHDFSServiceClient {
   public synchronized void notifyHMSUpdate(PathsUpdate update)
       throws IOException {
     try {
-      client.handle_hms_notification(update.getThriftObject());
+      client.handle_hms_notification(update.toThrift());
+    } catch (Exception e) {
+      throw new IOException("Thrift Exception occurred !!", e);
+    }
+  }
+
+  public synchronized long getLastSeenHMSPathSeqNum()
+      throws IOException {
+    try {
+      return client.check_hms_seq_num(-1);
     } catch (Exception e) {
       throw new IOException("Thrift Exception occurred !!", e);
     }

http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/d66ebb71/sentry-hdfs/sentry-hdfs-common/src/main/java/org/apache/sentry/hdfs/ServiceConstants.java
----------------------------------------------------------------------
diff --git a/sentry-hdfs/sentry-hdfs-common/src/main/java/org/apache/sentry/hdfs/ServiceConstants.java b/sentry-hdfs/sentry-hdfs-common/src/main/java/org/apache/sentry/hdfs/ServiceConstants.java
index 397a534..27ab336 100644
--- a/sentry-hdfs/sentry-hdfs-common/src/main/java/org/apache/sentry/hdfs/ServiceConstants.java
+++ b/sentry-hdfs/sentry-hdfs-common/src/main/java/org/apache/sentry/hdfs/ServiceConstants.java
@@ -43,6 +43,8 @@ public class ServiceConstants {
     public static final String SENTRY_HDFS_INTEGRATION_PATH_PREFIXES = "sentry.hdfs.integration.path.prefixes";
     public static final String[] SENTRY_HDFS_INTEGRATION_PATH_PREFIXES_DEFAULT =
         new String[]{"/user/hive/warehouse"};
+    public static final String SENTRY_HDFS_INIT_UPDATE_RETRY_DELAY_MS = "sentry.hdfs.init.update.retry.delay.ms";
+    public static final int SENTRY_HDFS_INIT_UPDATE_RETRY_DELAY_DEFAULT = 10000;
 
   }
   public static class ClientConfig {

http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/d66ebb71/sentry-hdfs/sentry-hdfs-common/src/main/java/org/apache/sentry/hdfs/Updateable.java
----------------------------------------------------------------------
diff --git a/sentry-hdfs/sentry-hdfs-common/src/main/java/org/apache/sentry/hdfs/Updateable.java b/sentry-hdfs/sentry-hdfs-common/src/main/java/org/apache/sentry/hdfs/Updateable.java
index 1649ffc..ba932ac 100644
--- a/sentry-hdfs/sentry-hdfs-common/src/main/java/org/apache/sentry/hdfs/Updateable.java
+++ b/sentry-hdfs/sentry-hdfs-common/src/main/java/org/apache/sentry/hdfs/Updateable.java
@@ -20,7 +20,13 @@ package org.apache.sentry.hdfs;
 import java.util.concurrent.locks.ReadWriteLock;
 
 public interface Updateable<K extends Updateable.Update> {
-  
+
+  /**
+   * Thrift currently does not support class inheritance.We need all update
+   * objects to expose a unified API. A wrapper class need to be created 
+   * implementing this interface and containing the generated thrift class as 
+   * a work around
+   */
   public interface Update {
 
     boolean hasFullImage();

http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/d66ebb71/sentry-hdfs/sentry-hdfs-common/src/main/java/org/apache/sentry/hdfs/UpdateableAuthzPaths.java
----------------------------------------------------------------------
diff --git a/sentry-hdfs/sentry-hdfs-common/src/main/java/org/apache/sentry/hdfs/UpdateableAuthzPaths.java b/sentry-hdfs/sentry-hdfs-common/src/main/java/org/apache/sentry/hdfs/UpdateableAuthzPaths.java
index 165892d..adf658c 100644
--- a/sentry-hdfs/sentry-hdfs-common/src/main/java/org/apache/sentry/hdfs/UpdateableAuthzPaths.java
+++ b/sentry-hdfs/sentry-hdfs-common/src/main/java/org/apache/sentry/hdfs/UpdateableAuthzPaths.java
@@ -27,6 +27,7 @@ import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 
 public class UpdateableAuthzPaths implements AuthzPaths, Updateable<PathsUpdate> {
+  private static final int MAX_UPDATES_PER_LOCK_USE = 99;
   private volatile HMSPaths paths;
   private final AtomicLong seqNum = new AtomicLong(0);
 
@@ -58,7 +59,7 @@ public class UpdateableAuthzPaths implements AuthzPaths, Updateable<PathsUpdate>
   @Override
   public UpdateableAuthzPaths updateFull(PathsUpdate update) {
     UpdateableAuthzPaths other = getPathsDump().initializeFromDump(
-        update.getThriftObject().getPathsDump());
+        update.toThrift().getPathsDump());
     other.seqNum.set(update.getSeqNum());
     return other;
   }
@@ -70,7 +71,7 @@ public class UpdateableAuthzPaths implements AuthzPaths, Updateable<PathsUpdate>
       int counter = 0;
       for (PathsUpdate update : updates) {
         applyPartialUpdate(update);
-        if (++counter > 99) {
+        if (++counter > MAX_UPDATES_PER_LOCK_USE) {
           counter = 0;
           lock.writeLock().unlock();
           lock.writeLock().lock();
@@ -84,6 +85,28 @@ public class UpdateableAuthzPaths implements AuthzPaths, Updateable<PathsUpdate>
   }
 
   private void applyPartialUpdate(PathsUpdate update) {
+    // Handle alter table rename : will have exactly 2 patch changes
+    // 1 an add path and the other a del path
+    if (update.getPathChanges().size() == 2) {
+      List<TPathChanges> pathChanges = update.getPathChanges();
+      TPathChanges newPathInfo = null;
+      TPathChanges oldPathInfo = null;
+      if ((pathChanges.get(0).getAddPathsSize() == 1)
+        && (pathChanges.get(1).getDelPathsSize() == 1)) {
+        newPathInfo = pathChanges.get(0);
+        oldPathInfo = pathChanges.get(1);
+      } else if ((pathChanges.get(1).getAddPathsSize() == 1)
+          && (pathChanges.get(0).getDelPathsSize() == 1)) {
+        newPathInfo = pathChanges.get(1);
+        oldPathInfo = pathChanges.get(0);
+      }
+      if ((newPathInfo != null)&&(oldPathInfo != null)) {
+        paths.renameAuthzObject(
+            oldPathInfo.getAuthzObj(), oldPathInfo.getDelPaths().get(0),
+            newPathInfo.getAuthzObj(), newPathInfo.getAddPaths().get(0));
+        return;
+      }
+    }
     for (TPathChanges pathChanges : update.getPathChanges()) {
       paths.addPathsToAuthzObject(pathChanges.getAuthzObj(), pathChanges
           .getAddPaths(), true);
@@ -107,7 +130,7 @@ public class UpdateableAuthzPaths implements AuthzPaths, Updateable<PathsUpdate>
   @Override
   public PathsUpdate createFullImageUpdate(long currSeqNum) {
     PathsUpdate pathsUpdate = new PathsUpdate(currSeqNum, true);
-    pathsUpdate.getThriftObject().setPathsDump(getPathsDump().createPathsDump());
+    pathsUpdate.toThrift().setPathsDump(getPathsDump().createPathsDump());
     return pathsUpdate;
   }
 
@@ -122,8 +145,8 @@ public class UpdateableAuthzPaths implements AuthzPaths, Updateable<PathsUpdate>
 
       @Override
       public UpdateableAuthzPaths initializeFromDump(TPathsDump pathsDump) {
-        return new UpdateableAuthzPaths(new HMSPaths().getPathsDump().initializeFromDump(
-            pathsDump));
+        return new UpdateableAuthzPaths(UpdateableAuthzPaths.this.paths
+            .getPathsDump().initializeFromDump(pathsDump));
       }
     };
   }

http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/d66ebb71/sentry-hdfs/sentry-hdfs-common/src/test/java/org/apache/sentry/hdfs/TestHMSPathsFullDump.java
----------------------------------------------------------------------
diff --git a/sentry-hdfs/sentry-hdfs-common/src/test/java/org/apache/sentry/hdfs/TestHMSPathsFullDump.java b/sentry-hdfs/sentry-hdfs-common/src/test/java/org/apache/sentry/hdfs/TestHMSPathsFullDump.java
index dcd70c1..2d9db53 100644
--- a/sentry-hdfs/sentry-hdfs-common/src/test/java/org/apache/sentry/hdfs/TestHMSPathsFullDump.java
+++ b/sentry-hdfs/sentry-hdfs-common/src/test/java/org/apache/sentry/hdfs/TestHMSPathsFullDump.java
@@ -32,14 +32,19 @@ public class TestHMSPathsFullDump {
 
   @Test
   public void testDumpAndInitialize() {
-    HMSPaths hmsPaths = new HMSPaths(new String[] {"/user/hive/warehouse"});
+    HMSPaths hmsPaths = new HMSPaths(new String[] {"/user/hive/warehouse", "/user/hive/w2"});
     hmsPaths._addAuthzObject("db1", Lists.newArrayList("/user/hive/warehouse/db1"));
     hmsPaths._addAuthzObject("db1.tbl11", Lists.newArrayList("/user/hive/warehouse/db1/tbl11"));
     hmsPaths._addPathsToAuthzObject("db1.tbl11", Lists.newArrayList(
         "/user/hive/warehouse/db1/tbl11/part111",
         "/user/hive/warehouse/db1/tbl11/part112",
         "/user/hive/warehouse/db1/tbl11/p1=1/p2=x"));
-    
+
+    // Not in prefix paths
+    hmsPaths._addAuthzObject("db2", Lists.newArrayList("/user/hive/w2/db2"));
+    hmsPaths._addAuthzObject("db2.tbl21", Lists.newArrayList("/user/hive/w2/db2/tbl21"));
+    hmsPaths._addPathsToAuthzObject("db2.tbl21", Lists.newArrayList("/user/hive/w2/db2/tbl21/p1=1/p2=x"));
+
     Assert.assertEquals("db1", hmsPaths.findAuthzObject(new String[]{"user", "hive", "warehouse", "db1"}, false));
     Assert.assertEquals("db1.tbl11", hmsPaths.findAuthzObject(new String[]{"user", "hive", "warehouse", "db1", "tbl11"}, false));
     Assert.assertEquals("db1.tbl11", hmsPaths.findAuthzObject(new String[]{"user", "hive", "warehouse", "db1", "tbl11", "part111"}, false));
@@ -47,15 +52,19 @@ public class TestHMSPathsFullDump {
 
     Assert.assertEquals("db1.tbl11", hmsPaths.findAuthzObject(new String[]{"user", "hive", "warehouse", "db1", "tbl11", "p1=1", "p2=x"}, false));
     Assert.assertEquals("db1.tbl11", hmsPaths.findAuthzObject(new String[]{"user", "hive", "warehouse", "db1", "tbl11", "p1=1"}, true));
+    Assert.assertEquals("db2.tbl21", hmsPaths.findAuthzObject(new String[]{"user", "hive", "w2", "db2", "tbl21", "p1=1"}, true));
 
-    HMSPathsSerDe serDe = hmsPaths.getPathsDump();
+    HMSPathsDumper serDe = hmsPaths.getPathsDump();
     TPathsDump pathsDump = serDe.createPathsDump();
-    HMSPaths hmsPaths2 = serDe.initializeFromDump(pathsDump);
+    HMSPaths hmsPaths2 = new HMSPaths(new String[] {"/user/hive/warehouse"}).getPathsDump().initializeFromDump(pathsDump);
 
     Assert.assertEquals("db1", hmsPaths2.findAuthzObject(new String[]{"user", "hive", "warehouse", "db1"}, false));
     Assert.assertEquals("db1.tbl11", hmsPaths2.findAuthzObject(new String[]{"user", "hive", "warehouse", "db1", "tbl11"}, false));
     Assert.assertEquals("db1.tbl11", hmsPaths2.findAuthzObject(new String[]{"user", "hive", "warehouse", "db1", "tbl11", "part111"}, false));
     Assert.assertEquals("db1.tbl11", hmsPaths2.findAuthzObject(new String[]{"user", "hive", "warehouse", "db1", "tbl11", "part112"}, false));
+
+    // This path is not under prefix, so should not be deserialized.. 
+    Assert.assertNull(hmsPaths2.findAuthzObject(new String[]{"user", "hive", "w2", "db2", "tbl21", "p1=1"}, true));
   }
 
   @Test
@@ -78,7 +87,7 @@ public class TestHMSPathsFullDump {
         }
       }
     }
-    HMSPathsSerDe serDe = hmsPaths.getPathsDump();
+    HMSPathsDumper serDe = hmsPaths.getPathsDump();
     long t1 = System.currentTimeMillis();
     TPathsDump pathsDump = serDe.createPathsDump();
     byte[] ser = new TSerializer(new TCompactProtocol.Factory()).serialize(pathsDump);

http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/d66ebb71/sentry-hdfs/sentry-hdfs-common/src/test/java/org/apache/sentry/hdfs/TestUpdateableAuthzPaths.java
----------------------------------------------------------------------
diff --git a/sentry-hdfs/sentry-hdfs-common/src/test/java/org/apache/sentry/hdfs/TestUpdateableAuthzPaths.java b/sentry-hdfs/sentry-hdfs-common/src/test/java/org/apache/sentry/hdfs/TestUpdateableAuthzPaths.java
index 9d0d366..760d3e8 100644
--- a/sentry-hdfs/sentry-hdfs-common/src/test/java/org/apache/sentry/hdfs/TestUpdateableAuthzPaths.java
+++ b/sentry-hdfs/sentry-hdfs-common/src/test/java/org/apache/sentry/hdfs/TestUpdateableAuthzPaths.java
@@ -40,7 +40,7 @@ public class TestUpdateableAuthzPaths {
 
     UpdateableAuthzPaths authzPaths = new UpdateableAuthzPaths(hmsPaths);
     PathsUpdate update = new PathsUpdate(1, true);
-    update.getThriftObject().setPathsDump(authzPaths.getPathsDump().createPathsDump());
+    update.toThrift().setPathsDump(authzPaths.getPathsDump().createPathsDump());
 
     UpdateableAuthzPaths authzPaths2 = new UpdateableAuthzPaths(new String[] {"/"});
     UpdateableAuthzPaths pre = authzPaths2.updateFull(update);
@@ -55,7 +55,7 @@ public class TestUpdateableAuthzPaths {
     // Ensure Full Update wipes old stuff
     UpdateableAuthzPaths authzPaths3 = new UpdateableAuthzPaths(createBaseHMSPaths(2, 1));
     update = new PathsUpdate(2, true);
-    update.getThriftObject().setPathsDump(authzPaths3.getPathsDump().createPathsDump());
+    update.toThrift().setPathsDump(authzPaths3.getPathsDump().createPathsDump());
     pre = authzPaths2.updateFull(update);
     assertFalse(pre == authzPaths2);
     authzPaths2 = pre;
@@ -95,6 +95,24 @@ public class TestUpdateableAuthzPaths {
     // Verify new Paths
     assertEquals("db1.tbl12", authzPaths.findAuthzObjectExactMatch(new String[]{"db1", "tbl12"}));
     assertEquals("db1.tbl12", authzPaths.findAuthzObjectExactMatch(new String[]{"db1", "tbl12", "part121"}));
+
+    // Rename table
+    update = new PathsUpdate(4, false);
+    update.newPathChange("db1.xtbl11").addToAddPaths(PathsUpdate.cleanPath("file:///db1/xtbl11"));
+    update.newPathChange("db1.tbl11").addToDelPaths(PathsUpdate.cleanPath("file:///db1/tbl11"));
+    authzPaths.updatePartial(Lists.newArrayList(update), lock);
+
+    // Verify name change
+    assertEquals("db1", authzPaths.findAuthzObjectExactMatch(new String[]{"db1"}));
+    assertEquals("db1.xtbl11", authzPaths.findAuthzObjectExactMatch(new String[]{"db1", "xtbl11"}));
+    assertEquals("db1.xtbl11", authzPaths.findAuthzObjectExactMatch(new String[]{"db1", "xtbl11", "part111"}));
+    assertEquals("db1.xtbl11", authzPaths.findAuthzObjectExactMatch(new String[]{"db1", "xtbl11", "part112"}));
+    // Verify other tables are not touched
+    assertNull(authzPaths.findAuthzObjectExactMatch(new String[]{"db1", "xtbl12"}));
+    assertNull(authzPaths.findAuthzObjectExactMatch(new String[]{"db1", "xtbl12", "part121"}));
+    assertEquals("db1.tbl12", authzPaths.findAuthzObjectExactMatch(new String[]{"db1", "tbl12"}));
+    assertEquals("db1.tbl12", authzPaths.findAuthzObjectExactMatch(new String[]{"db1", "tbl12", "part121"}));
+
   }
 
   @Test


Mime
View raw message