sentry-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From co...@apache.org
Subject sentry git commit: SENTRY-1337: Move GroupMappingService from sentry-provider-common to sentry-core-common(Colin Ma, reviewed by Dapeng Sun)
Date Mon, 20 Jun 2016 03:29:01 GMT
Repository: sentry
Updated Branches:
  refs/heads/SENTRY-1205 f5368df5e -> 2bae73290


SENTRY-1337: Move GroupMappingService from sentry-provider-common to sentry-core-common(Colin
Ma, reviewed by Dapeng Sun)


Project: http://git-wip-us.apache.org/repos/asf/sentry/repo
Commit: http://git-wip-us.apache.org/repos/asf/sentry/commit/2bae7329
Tree: http://git-wip-us.apache.org/repos/asf/sentry/tree/2bae7329
Diff: http://git-wip-us.apache.org/repos/asf/sentry/diff/2bae7329

Branch: refs/heads/SENTRY-1205
Commit: 2bae7329000ee04214e264845934fdddd5ef4f5a
Parents: f5368df
Author: Colin Ma <colin@apache.org>
Authored: Mon Jun 20 12:13:14 2016 +0800
Committer: Colin Ma <colin@apache.org>
Committed: Mon Jun 20 12:13:14 2016 +0800

----------------------------------------------------------------------
 .../binding/hive/MockUserToGroupMapping.java    |  2 +-
 ...sourceAuthorizationProviderGeneralCases.java |  2 +-
 .../kafka/MockGroupMappingServiceProvider.java  |  2 +-
 .../binding/solr/authz/SolrAuthzBinding.java    |  2 +-
 ...SearchAuthorizationProviderGeneralCases.java |  2 +-
 ...tSqoopAuthorizationProviderGeneralCases.java |  2 +-
 .../common/service/GroupMappingService.java     | 35 ++++++++++
 .../service/HadoopGroupMappingService.java      | 69 ++++++++++++++++++++
 .../MockGroupMappingServiceProvider.java        | 44 +++++++++++++
 .../common/service/NoGroupMappingService.java   | 33 ++++++++++
 ...ndexerAuthorizationProviderGeneralCases.java |  2 +-
 .../provider/common/AuthorizationProvider.java  |  1 +
 .../provider/common/GroupMappingService.java    | 35 ----------
 .../common/HadoopGroupMappingService.java       | 69 --------------------
 ...adoopGroupResourceAuthorizationProvider.java |  2 +
 .../common/NoAuthorizationProvider.java         |  2 +
 .../provider/common/NoGroupMappingService.java  | 33 ----------
 .../common/ResourceAuthorizationProvider.java   |  1 +
 ...adoopGroupResourceAuthorizationProvider.java |  2 +-
 .../common/MockGroupMappingServiceProvider.java | 44 -------------
 .../provider/common/TestGetGroupMapping.java    |  1 +
 .../common/TestNoAuthorizationProvider.java     |  1 +
 .../thrift/SentryPolicyStoreProcessor.java      |  2 +-
 .../TestSentryGenericPolicyProcessor.java       |  2 +-
 .../provider/file/LocalGroupMappingService.java |  2 +-
 25 files changed, 200 insertions(+), 192 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/sentry/blob/2bae7329/sentry-binding/sentry-binding-hive/src/test/java/org/apache/sentry/binding/hive/MockUserToGroupMapping.java
----------------------------------------------------------------------
diff --git a/sentry-binding/sentry-binding-hive/src/test/java/org/apache/sentry/binding/hive/MockUserToGroupMapping.java
b/sentry-binding/sentry-binding-hive/src/test/java/org/apache/sentry/binding/hive/MockUserToGroupMapping.java
index c095603..8ea8e1b 100644
--- a/sentry-binding/sentry-binding-hive/src/test/java/org/apache/sentry/binding/hive/MockUserToGroupMapping.java
+++ b/sentry-binding/sentry-binding-hive/src/test/java/org/apache/sentry/binding/hive/MockUserToGroupMapping.java
@@ -19,7 +19,7 @@ package org.apache.sentry.binding.hive;
 
 import java.util.Set;
 
-import org.apache.sentry.provider.common.GroupMappingService;
+import org.apache.sentry.core.common.service.GroupMappingService;
 
 import com.google.common.collect.Sets;
 

http://git-wip-us.apache.org/repos/asf/sentry/blob/2bae7329/sentry-binding/sentry-binding-hive/src/test/java/org/apache/sentry/policy/hive/TestResourceAuthorizationProviderGeneralCases.java
----------------------------------------------------------------------
diff --git a/sentry-binding/sentry-binding-hive/src/test/java/org/apache/sentry/policy/hive/TestResourceAuthorizationProviderGeneralCases.java
b/sentry-binding/sentry-binding-hive/src/test/java/org/apache/sentry/policy/hive/TestResourceAuthorizationProviderGeneralCases.java
index 403eb6a..2ace656 100644
--- a/sentry-binding/sentry-binding-hive/src/test/java/org/apache/sentry/policy/hive/TestResourceAuthorizationProviderGeneralCases.java
+++ b/sentry-binding/sentry-binding-hive/src/test/java/org/apache/sentry/policy/hive/TestResourceAuthorizationProviderGeneralCases.java
@@ -37,7 +37,7 @@ import org.apache.sentry.core.model.db.Database;
 import org.apache.sentry.core.model.db.HivePrivilegeModel;
 import org.apache.sentry.core.model.db.Server;
 import org.apache.sentry.core.model.db.Table;
-import org.apache.sentry.provider.common.GroupMappingService;
+import org.apache.sentry.core.common.service.GroupMappingService;
 import org.apache.sentry.provider.common.ResourceAuthorizationProvider;
 import org.apache.sentry.provider.file.HadoopGroupResourceAuthorizationProvider;
 import org.apache.sentry.provider.file.PolicyFiles;

http://git-wip-us.apache.org/repos/asf/sentry/blob/2bae7329/sentry-binding/sentry-binding-kafka/src/test/java/org/apache/sentry/policy/kafka/MockGroupMappingServiceProvider.java
----------------------------------------------------------------------
diff --git a/sentry-binding/sentry-binding-kafka/src/test/java/org/apache/sentry/policy/kafka/MockGroupMappingServiceProvider.java
b/sentry-binding/sentry-binding-kafka/src/test/java/org/apache/sentry/policy/kafka/MockGroupMappingServiceProvider.java
index 572c74d..1329520 100644
--- a/sentry-binding/sentry-binding-kafka/src/test/java/org/apache/sentry/policy/kafka/MockGroupMappingServiceProvider.java
+++ b/sentry-binding/sentry-binding-kafka/src/test/java/org/apache/sentry/policy/kafka/MockGroupMappingServiceProvider.java
@@ -20,7 +20,7 @@ package org.apache.sentry.policy.kafka;
 
 import java.util.Set;
 
-import org.apache.sentry.provider.common.GroupMappingService;
+import org.apache.sentry.core.common.service.GroupMappingService;
 
 import com.google.common.collect.Multimap;
 import com.google.common.collect.Sets;

http://git-wip-us.apache.org/repos/asf/sentry/blob/2bae7329/sentry-binding/sentry-binding-solr/src/main/java/org/apache/sentry/binding/solr/authz/SolrAuthzBinding.java
----------------------------------------------------------------------
diff --git a/sentry-binding/sentry-binding-solr/src/main/java/org/apache/sentry/binding/solr/authz/SolrAuthzBinding.java
b/sentry-binding/sentry-binding-solr/src/main/java/org/apache/sentry/binding/solr/authz/SolrAuthzBinding.java
index 2400673..9db8337 100644
--- a/sentry-binding/sentry-binding-solr/src/main/java/org/apache/sentry/binding/solr/authz/SolrAuthzBinding.java
+++ b/sentry-binding/sentry-binding-solr/src/main/java/org/apache/sentry/binding/solr/authz/SolrAuthzBinding.java
@@ -44,7 +44,7 @@ import org.apache.sentry.core.model.search.SearchPrivilegeModel;
 import org.apache.sentry.policy.common.PolicyEngine;
 import org.apache.sentry.provider.common.AuthorizationComponent;
 import org.apache.sentry.provider.common.AuthorizationProvider;
-import org.apache.sentry.provider.common.GroupMappingService;
+import org.apache.sentry.core.common.service.GroupMappingService;
 import org.apache.sentry.provider.common.HadoopGroupResourceAuthorizationProvider;
 import org.apache.sentry.provider.common.ProviderBackend;
 import org.apache.sentry.provider.common.ProviderBackendContext;

http://git-wip-us.apache.org/repos/asf/sentry/blob/2bae7329/sentry-binding/sentry-binding-solr/src/test/java/org/apache/sentry/policy/solr/TestSearchAuthorizationProviderGeneralCases.java
----------------------------------------------------------------------
diff --git a/sentry-binding/sentry-binding-solr/src/test/java/org/apache/sentry/policy/solr/TestSearchAuthorizationProviderGeneralCases.java
b/sentry-binding/sentry-binding-solr/src/test/java/org/apache/sentry/policy/solr/TestSearchAuthorizationProviderGeneralCases.java
index 6f7f07a..2c82dc7 100644
--- a/sentry-binding/sentry-binding-solr/src/test/java/org/apache/sentry/policy/solr/TestSearchAuthorizationProviderGeneralCases.java
+++ b/sentry-binding/sentry-binding-solr/src/test/java/org/apache/sentry/policy/solr/TestSearchAuthorizationProviderGeneralCases.java
@@ -34,7 +34,7 @@ import org.apache.sentry.core.common.Subject;
 import org.apache.sentry.core.model.search.Collection;
 import org.apache.sentry.core.model.search.SearchModelAction;
 import org.apache.sentry.core.model.search.SearchPrivilegeModel;
-import org.apache.sentry.provider.common.GroupMappingService;
+import org.apache.sentry.core.common.service.GroupMappingService;
 import org.apache.sentry.provider.common.ResourceAuthorizationProvider;
 import org.apache.sentry.provider.file.HadoopGroupResourceAuthorizationProvider;
 import org.apache.sentry.provider.file.PolicyFiles;

http://git-wip-us.apache.org/repos/asf/sentry/blob/2bae7329/sentry-binding/sentry-binding-sqoop/src/test/java/org/apache/sentry/policy/sqoop/TestSqoopAuthorizationProviderGeneralCases.java
----------------------------------------------------------------------
diff --git a/sentry-binding/sentry-binding-sqoop/src/test/java/org/apache/sentry/policy/sqoop/TestSqoopAuthorizationProviderGeneralCases.java
b/sentry-binding/sentry-binding-sqoop/src/test/java/org/apache/sentry/policy/sqoop/TestSqoopAuthorizationProviderGeneralCases.java
index 7ce8881..a3d96fe 100644
--- a/sentry-binding/sentry-binding-sqoop/src/test/java/org/apache/sentry/policy/sqoop/TestSqoopAuthorizationProviderGeneralCases.java
+++ b/sentry-binding/sentry-binding-sqoop/src/test/java/org/apache/sentry/policy/sqoop/TestSqoopAuthorizationProviderGeneralCases.java
@@ -38,7 +38,7 @@ import org.apache.sentry.core.model.sqoop.Server;
 import org.apache.sentry.core.model.sqoop.SqoopActionConstant;
 import org.apache.sentry.core.model.sqoop.SqoopActionFactory.SqoopAction;
 import org.apache.sentry.core.model.sqoop.SqoopPrivilegeModel;
-import org.apache.sentry.provider.common.GroupMappingService;
+import org.apache.sentry.core.common.service.GroupMappingService;
 import org.apache.sentry.provider.common.ResourceAuthorizationProvider;
 import org.apache.sentry.provider.common.HadoopGroupResourceAuthorizationProvider;
 import org.apache.sentry.provider.file.PolicyFiles;

http://git-wip-us.apache.org/repos/asf/sentry/blob/2bae7329/sentry-core/sentry-core-common/src/main/java/org/apache/sentry/core/common/service/GroupMappingService.java
----------------------------------------------------------------------
diff --git a/sentry-core/sentry-core-common/src/main/java/org/apache/sentry/core/common/service/GroupMappingService.java
b/sentry-core/sentry-core-common/src/main/java/org/apache/sentry/core/common/service/GroupMappingService.java
new file mode 100644
index 0000000..6af6ac5
--- /dev/null
+++ b/sentry-core/sentry-core-common/src/main/java/org/apache/sentry/core/common/service/GroupMappingService.java
@@ -0,0 +1,35 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.sentry.core.common.service;
+
+import java.util.Set;
+
+import javax.annotation.concurrent.ThreadSafe;
+
+/**
+ * Interface so the Groups class is easier to unit test with.
+ * Implementations of this class are expected to be thread safe
+ * after construction.
+ */
+@ThreadSafe
+public interface GroupMappingService {
+
+  /**
+   * @return non-null list of groups for user
+   */
+  Set<String> getGroups(String user);
+}

http://git-wip-us.apache.org/repos/asf/sentry/blob/2bae7329/sentry-core/sentry-core-common/src/main/java/org/apache/sentry/core/common/service/HadoopGroupMappingService.java
----------------------------------------------------------------------
diff --git a/sentry-core/sentry-core-common/src/main/java/org/apache/sentry/core/common/service/HadoopGroupMappingService.java
b/sentry-core/sentry-core-common/src/main/java/org/apache/sentry/core/common/service/HadoopGroupMappingService.java
new file mode 100644
index 0000000..2b10ae1
--- /dev/null
+++ b/sentry-core/sentry-core-common/src/main/java/org/apache/sentry/core/common/service/HadoopGroupMappingService.java
@@ -0,0 +1,69 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.sentry.core.common.service;
+
+import java.io.IOException;
+import java.util.HashSet;
+import java.util.List;
+import java.util.Set;
+
+import org.apache.commons.lang.StringUtils;
+import org.apache.hadoop.conf.Configuration;
+import org.apache.hadoop.security.Groups;
+
+import com.google.common.collect.Lists;
+import org.apache.sentry.core.common.exception.SentryGroupNotFoundException;
+
+public class HadoopGroupMappingService implements GroupMappingService {
+
+  private static Configuration hadoopConf;
+  private final Groups groups;
+
+  public HadoopGroupMappingService(Groups groups) {
+    this.groups = groups;
+  }
+
+  public HadoopGroupMappingService(Configuration conf, String resource) {
+    if (hadoopConf == null) {
+      synchronized (HadoopGroupMappingService.class) {
+        if (hadoopConf == null) {
+          // clone the current config and add resource path
+          hadoopConf = new Configuration();
+          hadoopConf.addResource(conf);
+          if (!StringUtils.isEmpty(resource)) {
+            hadoopConf.addResource(resource);
+          }
+        }
+      }
+    }
+    this.groups = Groups.getUserToGroupsMappingService(hadoopConf);
+  }
+
+  @Override
+  public Set<String> getGroups(String user) {
+    List<String> groupList = Lists.newArrayList();
+    try {
+      groupList = groups.getGroups(user);
+    } catch (IOException e) {
+      throw new SentryGroupNotFoundException("Unable to obtain groups for " + user, e);
+    }
+    if (groupList == null || groupList.isEmpty()) {
+      throw new SentryGroupNotFoundException("Unable to obtain groups for " + user);
+    }
+    return new HashSet<String>(groupList);
+  }
+}

http://git-wip-us.apache.org/repos/asf/sentry/blob/2bae7329/sentry-core/sentry-core-common/src/main/java/org/apache/sentry/core/common/service/MockGroupMappingServiceProvider.java
----------------------------------------------------------------------
diff --git a/sentry-core/sentry-core-common/src/main/java/org/apache/sentry/core/common/service/MockGroupMappingServiceProvider.java
b/sentry-core/sentry-core-common/src/main/java/org/apache/sentry/core/common/service/MockGroupMappingServiceProvider.java
new file mode 100644
index 0000000..55010de
--- /dev/null
+++ b/sentry-core/sentry-core-common/src/main/java/org/apache/sentry/core/common/service/MockGroupMappingServiceProvider.java
@@ -0,0 +1,44 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.sentry.core.common.service;
+
+import java.util.Collection;
+import java.util.Set;
+
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+import com.google.common.collect.Multimap;
+import com.google.common.collect.Sets;
+
+public class MockGroupMappingServiceProvider implements GroupMappingService {
+  private static final Logger LOGGER = LoggerFactory
+      .getLogger(MockGroupMappingServiceProvider.class);
+  private final Multimap<String, String> userToGroupMap;
+
+  public MockGroupMappingServiceProvider(Multimap<String, String> userToGroupMap) {
+    this.userToGroupMap = userToGroupMap;
+  }
+
+  @Override
+  public Set<String> getGroups(String user) {
+    Collection<String> groups = userToGroupMap.get(user);
+    LOGGER.info("Mapping " + user + " to " + groups);
+    return Sets.newHashSet(groups);
+  }
+
+}

http://git-wip-us.apache.org/repos/asf/sentry/blob/2bae7329/sentry-core/sentry-core-common/src/main/java/org/apache/sentry/core/common/service/NoGroupMappingService.java
----------------------------------------------------------------------
diff --git a/sentry-core/sentry-core-common/src/main/java/org/apache/sentry/core/common/service/NoGroupMappingService.java
b/sentry-core/sentry-core-common/src/main/java/org/apache/sentry/core/common/service/NoGroupMappingService.java
new file mode 100644
index 0000000..db48788
--- /dev/null
+++ b/sentry-core/sentry-core-common/src/main/java/org/apache/sentry/core/common/service/NoGroupMappingService.java
@@ -0,0 +1,33 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.sentry.core.common.service;
+
+import java.util.HashSet;
+import java.util.Set;
+
+/**
+ * GroupMappingService that always returns an empty list of groups
+ */
+public class NoGroupMappingService implements GroupMappingService {
+
+  /**
+   * @return empty list of groups for every user
+   */
+  public Set<String> getGroups(String user) {
+    return new HashSet<String>();
+  }
+}

http://git-wip-us.apache.org/repos/asf/sentry/blob/2bae7329/sentry-policy/sentry-policy-indexer/src/test/java/org/apache/sentry/policy/indexer/TestIndexerAuthorizationProviderGeneralCases.java
----------------------------------------------------------------------
diff --git a/sentry-policy/sentry-policy-indexer/src/test/java/org/apache/sentry/policy/indexer/TestIndexerAuthorizationProviderGeneralCases.java
b/sentry-policy/sentry-policy-indexer/src/test/java/org/apache/sentry/policy/indexer/TestIndexerAuthorizationProviderGeneralCases.java
index 939621b..62942dc 100644
--- a/sentry-policy/sentry-policy-indexer/src/test/java/org/apache/sentry/policy/indexer/TestIndexerAuthorizationProviderGeneralCases.java
+++ b/sentry-policy/sentry-policy-indexer/src/test/java/org/apache/sentry/policy/indexer/TestIndexerAuthorizationProviderGeneralCases.java
@@ -23,6 +23,7 @@ import java.util.EnumSet;
 import java.util.List;
 import java.util.Set;
 
+import org.apache.sentry.core.common.service.MockGroupMappingServiceProvider;
 import org.junit.Assert;
 
 import org.apache.commons.io.FileUtils;
@@ -33,7 +34,6 @@ import org.apache.sentry.core.common.Subject;
 import org.apache.sentry.core.model.indexer.Indexer;
 import org.apache.sentry.core.model.indexer.IndexerModelAction;
 import org.apache.sentry.core.model.indexer.IndexerPrivilegeModel;
-import org.apache.sentry.provider.common.MockGroupMappingServiceProvider;
 import org.apache.sentry.provider.common.ResourceAuthorizationProvider;
 import org.apache.sentry.provider.file.HadoopGroupResourceAuthorizationProvider;
 import org.apache.sentry.provider.file.PolicyFiles;

http://git-wip-us.apache.org/repos/asf/sentry/blob/2bae7329/sentry-provider/sentry-provider-common/src/main/java/org/apache/sentry/provider/common/AuthorizationProvider.java
----------------------------------------------------------------------
diff --git a/sentry-provider/sentry-provider-common/src/main/java/org/apache/sentry/provider/common/AuthorizationProvider.java
b/sentry-provider/sentry-provider-common/src/main/java/org/apache/sentry/provider/common/AuthorizationProvider.java
index 2d82bcf..3d6440f 100644
--- a/sentry-provider/sentry-provider-common/src/main/java/org/apache/sentry/provider/common/AuthorizationProvider.java
+++ b/sentry-provider/sentry-provider-common/src/main/java/org/apache/sentry/provider/common/AuthorizationProvider.java
@@ -26,6 +26,7 @@ import org.apache.sentry.core.common.ActiveRoleSet;
 import org.apache.sentry.core.common.Authorizable;
 import org.apache.sentry.core.common.exception.SentryConfigurationException;
 import org.apache.sentry.core.common.Subject;
+import org.apache.sentry.core.common.service.GroupMappingService;
 import org.apache.sentry.policy.common.PolicyEngine;
 
 /**

http://git-wip-us.apache.org/repos/asf/sentry/blob/2bae7329/sentry-provider/sentry-provider-common/src/main/java/org/apache/sentry/provider/common/GroupMappingService.java
----------------------------------------------------------------------
diff --git a/sentry-provider/sentry-provider-common/src/main/java/org/apache/sentry/provider/common/GroupMappingService.java
b/sentry-provider/sentry-provider-common/src/main/java/org/apache/sentry/provider/common/GroupMappingService.java
deleted file mode 100644
index 7e85261..0000000
--- a/sentry-provider/sentry-provider-common/src/main/java/org/apache/sentry/provider/common/GroupMappingService.java
+++ /dev/null
@@ -1,35 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one or more
- * contributor license agreements.  See the NOTICE file distributed with
- * this work for additional information regarding copyright ownership.
- * The ASF licenses this file to You under the Apache License, Version 2.0
- * (the "License"); you may not use this file except in compliance with
- * the License.  You may obtain a copy of the License at
- *
- *      http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package org.apache.sentry.provider.common;
-
-import java.util.Set;
-
-import javax.annotation.concurrent.ThreadSafe;
-
-/**
- * Interface so the Groups class is easier to unit test with.
- * Implementations of this class are expected to be thread safe
- * after construction.
- */
-@ThreadSafe
-public interface GroupMappingService {
-
-  /**
-   * @return non-null list of groups for user
-   */
-  Set<String> getGroups(String user);
-}

http://git-wip-us.apache.org/repos/asf/sentry/blob/2bae7329/sentry-provider/sentry-provider-common/src/main/java/org/apache/sentry/provider/common/HadoopGroupMappingService.java
----------------------------------------------------------------------
diff --git a/sentry-provider/sentry-provider-common/src/main/java/org/apache/sentry/provider/common/HadoopGroupMappingService.java
b/sentry-provider/sentry-provider-common/src/main/java/org/apache/sentry/provider/common/HadoopGroupMappingService.java
deleted file mode 100644
index bde53d5..0000000
--- a/sentry-provider/sentry-provider-common/src/main/java/org/apache/sentry/provider/common/HadoopGroupMappingService.java
+++ /dev/null
@@ -1,69 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one or more
- * contributor license agreements.  See the NOTICE file distributed with
- * this work for additional information regarding copyright ownership.
- * The ASF licenses this file to You under the Apache License, Version 2.0
- * (the "License"); you may not use this file except in compliance with
- * the License.  You may obtain a copy of the License at
- *
- *      http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package org.apache.sentry.provider.common;
-
-import java.io.IOException;
-import java.util.HashSet;
-import java.util.List;
-import java.util.Set;
-
-import org.apache.commons.lang.StringUtils;
-import org.apache.hadoop.conf.Configuration;
-import org.apache.hadoop.security.Groups;
-
-import com.google.common.collect.Lists;
-import org.apache.sentry.core.common.exception.SentryGroupNotFoundException;
-
-public class HadoopGroupMappingService implements GroupMappingService {
-
-  private static Configuration hadoopConf;
-  private final Groups groups;
-
-  public HadoopGroupMappingService(Groups groups) {
-    this.groups = groups;
-  }
-
-  public HadoopGroupMappingService(Configuration conf, String resource) {
-    if (hadoopConf == null) {
-      synchronized (HadoopGroupMappingService.class) {
-        if (hadoopConf == null) {
-          // clone the current config and add resource path
-          hadoopConf = new Configuration();
-          hadoopConf.addResource(conf);
-          if (!StringUtils.isEmpty(resource)) {
-            hadoopConf.addResource(resource);
-          }
-        }
-      }
-    }
-    this.groups = Groups.getUserToGroupsMappingService(hadoopConf);
-  }
-
-  @Override
-  public Set<String> getGroups(String user) {
-    List<String> groupList = Lists.newArrayList();
-    try {
-      groupList = groups.getGroups(user);
-    } catch (IOException e) {
-      throw new SentryGroupNotFoundException("Unable to obtain groups for " + user, e);
-    }
-    if (groupList == null || groupList.isEmpty()) {
-      throw new SentryGroupNotFoundException("Unable to obtain groups for " + user);
-    }
-    return new HashSet<String>(groupList);
-  }
-}

http://git-wip-us.apache.org/repos/asf/sentry/blob/2bae7329/sentry-provider/sentry-provider-common/src/main/java/org/apache/sentry/provider/common/HadoopGroupResourceAuthorizationProvider.java
----------------------------------------------------------------------
diff --git a/sentry-provider/sentry-provider-common/src/main/java/org/apache/sentry/provider/common/HadoopGroupResourceAuthorizationProvider.java
b/sentry-provider/sentry-provider-common/src/main/java/org/apache/sentry/provider/common/HadoopGroupResourceAuthorizationProvider.java
index e45799f..6e5dbc3 100644
--- a/sentry-provider/sentry-provider-common/src/main/java/org/apache/sentry/provider/common/HadoopGroupResourceAuthorizationProvider.java
+++ b/sentry-provider/sentry-provider-common/src/main/java/org/apache/sentry/provider/common/HadoopGroupResourceAuthorizationProvider.java
@@ -22,6 +22,8 @@ import java.io.IOException;
 import org.apache.hadoop.conf.Configuration;
 import org.apache.hadoop.security.Groups;
 import org.apache.sentry.core.common.Model;
+import org.apache.sentry.core.common.service.GroupMappingService;
+import org.apache.sentry.core.common.service.HadoopGroupMappingService;
 import org.apache.sentry.policy.common.PolicyEngine;
 
 import com.google.common.annotations.VisibleForTesting;

http://git-wip-us.apache.org/repos/asf/sentry/blob/2bae7329/sentry-provider/sentry-provider-common/src/main/java/org/apache/sentry/provider/common/NoAuthorizationProvider.java
----------------------------------------------------------------------
diff --git a/sentry-provider/sentry-provider-common/src/main/java/org/apache/sentry/provider/common/NoAuthorizationProvider.java
b/sentry-provider/sentry-provider-common/src/main/java/org/apache/sentry/provider/common/NoAuthorizationProvider.java
index be0830d..11dbfb7 100644
--- a/sentry-provider/sentry-provider-common/src/main/java/org/apache/sentry/provider/common/NoAuthorizationProvider.java
+++ b/sentry-provider/sentry-provider-common/src/main/java/org/apache/sentry/provider/common/NoAuthorizationProvider.java
@@ -26,6 +26,8 @@ import org.apache.sentry.core.common.ActiveRoleSet;
 import org.apache.sentry.core.common.Authorizable;
 import org.apache.sentry.core.common.exception.SentryConfigurationException;
 import org.apache.sentry.core.common.Subject;
+import org.apache.sentry.core.common.service.GroupMappingService;
+import org.apache.sentry.core.common.service.NoGroupMappingService;
 import org.apache.sentry.policy.common.PolicyEngine;
 
 public class NoAuthorizationProvider implements AuthorizationProvider {

http://git-wip-us.apache.org/repos/asf/sentry/blob/2bae7329/sentry-provider/sentry-provider-common/src/main/java/org/apache/sentry/provider/common/NoGroupMappingService.java
----------------------------------------------------------------------
diff --git a/sentry-provider/sentry-provider-common/src/main/java/org/apache/sentry/provider/common/NoGroupMappingService.java
b/sentry-provider/sentry-provider-common/src/main/java/org/apache/sentry/provider/common/NoGroupMappingService.java
deleted file mode 100644
index e44cbc4..0000000
--- a/sentry-provider/sentry-provider-common/src/main/java/org/apache/sentry/provider/common/NoGroupMappingService.java
+++ /dev/null
@@ -1,33 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one or more
- * contributor license agreements.  See the NOTICE file distributed with
- * this work for additional information regarding copyright ownership.
- * The ASF licenses this file to You under the Apache License, Version 2.0
- * (the "License"); you may not use this file except in compliance with
- * the License.  You may obtain a copy of the License at
- *
- *      http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package org.apache.sentry.provider.common;
-
-import java.util.HashSet;
-import java.util.Set;
-
-/**
- * GroupMappingService that always returns an empty list of groups
- */
-public class NoGroupMappingService implements GroupMappingService {
-
-  /**
-   * @return empty list of groups for every user
-   */
-  public Set<String> getGroups(String user) {
-    return new HashSet<String>();
-  }
-}

http://git-wip-us.apache.org/repos/asf/sentry/blob/2bae7329/sentry-provider/sentry-provider-common/src/main/java/org/apache/sentry/provider/common/ResourceAuthorizationProvider.java
----------------------------------------------------------------------
diff --git a/sentry-provider/sentry-provider-common/src/main/java/org/apache/sentry/provider/common/ResourceAuthorizationProvider.java
b/sentry-provider/sentry-provider-common/src/main/java/org/apache/sentry/provider/common/ResourceAuthorizationProvider.java
index 4e22071..a6b2047 100644
--- a/sentry-provider/sentry-provider-common/src/main/java/org/apache/sentry/provider/common/ResourceAuthorizationProvider.java
+++ b/sentry-provider/sentry-provider-common/src/main/java/org/apache/sentry/provider/common/ResourceAuthorizationProvider.java
@@ -32,6 +32,7 @@ import org.apache.sentry.core.common.Authorizable;
 import org.apache.sentry.core.common.Model;
 import org.apache.sentry.core.common.exception.SentryConfigurationException;
 import org.apache.sentry.core.common.Subject;
+import org.apache.sentry.core.common.service.GroupMappingService;
 import org.apache.sentry.policy.common.PolicyEngine;
 import org.apache.sentry.policy.common.Privilege;
 import org.apache.sentry.policy.common.PrivilegeFactory;

http://git-wip-us.apache.org/repos/asf/sentry/blob/2bae7329/sentry-provider/sentry-provider-common/src/main/java/org/apache/sentry/provider/file/HadoopGroupResourceAuthorizationProvider.java
----------------------------------------------------------------------
diff --git a/sentry-provider/sentry-provider-common/src/main/java/org/apache/sentry/provider/file/HadoopGroupResourceAuthorizationProvider.java
b/sentry-provider/sentry-provider-common/src/main/java/org/apache/sentry/provider/file/HadoopGroupResourceAuthorizationProvider.java
index 2214867..bf2c5a1 100644
--- a/sentry-provider/sentry-provider-common/src/main/java/org/apache/sentry/provider/file/HadoopGroupResourceAuthorizationProvider.java
+++ b/sentry-provider/sentry-provider-common/src/main/java/org/apache/sentry/provider/file/HadoopGroupResourceAuthorizationProvider.java
@@ -22,7 +22,7 @@ import java.io.IOException;
 import org.apache.hadoop.conf.Configuration;
 import org.apache.sentry.core.common.Model;
 import org.apache.sentry.policy.common.PolicyEngine;
-import org.apache.sentry.provider.common.GroupMappingService;
+import org.apache.sentry.core.common.service.GroupMappingService;
 
 import com.google.common.annotations.VisibleForTesting;
 

http://git-wip-us.apache.org/repos/asf/sentry/blob/2bae7329/sentry-provider/sentry-provider-common/src/test/java/org/apache/sentry/provider/common/MockGroupMappingServiceProvider.java
----------------------------------------------------------------------
diff --git a/sentry-provider/sentry-provider-common/src/test/java/org/apache/sentry/provider/common/MockGroupMappingServiceProvider.java
b/sentry-provider/sentry-provider-common/src/test/java/org/apache/sentry/provider/common/MockGroupMappingServiceProvider.java
deleted file mode 100644
index 1e885f4..0000000
--- a/sentry-provider/sentry-provider-common/src/test/java/org/apache/sentry/provider/common/MockGroupMappingServiceProvider.java
+++ /dev/null
@@ -1,44 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one or more
- * contributor license agreements.  See the NOTICE file distributed with
- * this work for additional information regarding copyright ownership.
- * The ASF licenses this file to You under the Apache License, Version 2.0
- * (the "License"); you may not use this file except in compliance with
- * the License.  You may obtain a copy of the License at
- *
- *      http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package org.apache.sentry.provider.common;
-
-import java.util.Collection;
-import java.util.Set;
-
-import org.slf4j.Logger;
-import org.slf4j.LoggerFactory;
-
-import com.google.common.collect.Multimap;
-import com.google.common.collect.Sets;
-
-public class MockGroupMappingServiceProvider implements GroupMappingService {
-  private static final Logger LOGGER = LoggerFactory
-      .getLogger(MockGroupMappingServiceProvider.class);
-  private final Multimap<String, String> userToGroupMap;
-
-  public MockGroupMappingServiceProvider(Multimap<String, String> userToGroupMap) {
-    this.userToGroupMap = userToGroupMap;
-  }
-
-  @Override
-  public Set<String> getGroups(String user) {
-    Collection<String> groups = userToGroupMap.get(user);
-    LOGGER.info("Mapping " + user + " to " + groups);
-    return Sets.newHashSet(groups);
-  }
-
-}

http://git-wip-us.apache.org/repos/asf/sentry/blob/2bae7329/sentry-provider/sentry-provider-common/src/test/java/org/apache/sentry/provider/common/TestGetGroupMapping.java
----------------------------------------------------------------------
diff --git a/sentry-provider/sentry-provider-common/src/test/java/org/apache/sentry/provider/common/TestGetGroupMapping.java
b/sentry-provider/sentry-provider-common/src/test/java/org/apache/sentry/provider/common/TestGetGroupMapping.java
index ccc505f..f6d8c05 100644
--- a/sentry-provider/sentry-provider-common/src/test/java/org/apache/sentry/provider/common/TestGetGroupMapping.java
+++ b/sentry-provider/sentry-provider-common/src/test/java/org/apache/sentry/provider/common/TestGetGroupMapping.java
@@ -23,6 +23,7 @@ import java.util.Set;
 import org.apache.sentry.core.common.ActiveRoleSet;
 import org.apache.sentry.core.common.Authorizable;
 import org.apache.sentry.core.common.exception.SentryConfigurationException;
+import org.apache.sentry.core.common.service.GroupMappingService;
 import org.apache.sentry.policy.common.PolicyEngine;
 import org.apache.sentry.policy.common.PrivilegeFactory;
 import org.junit.Test;

http://git-wip-us.apache.org/repos/asf/sentry/blob/2bae7329/sentry-provider/sentry-provider-common/src/test/java/org/apache/sentry/provider/common/TestNoAuthorizationProvider.java
----------------------------------------------------------------------
diff --git a/sentry-provider/sentry-provider-common/src/test/java/org/apache/sentry/provider/common/TestNoAuthorizationProvider.java
b/sentry-provider/sentry-provider-common/src/test/java/org/apache/sentry/provider/common/TestNoAuthorizationProvider.java
index fe01b06..7ca8bfc 100644
--- a/sentry-provider/sentry-provider-common/src/test/java/org/apache/sentry/provider/common/TestNoAuthorizationProvider.java
+++ b/sentry-provider/sentry-provider-common/src/test/java/org/apache/sentry/provider/common/TestNoAuthorizationProvider.java
@@ -19,6 +19,7 @@ package org.apache.sentry.provider.common;
 import static org.junit.Assert.assertEquals;
 import static org.junit.Assert.assertFalse;
 
+import org.apache.sentry.core.common.service.GroupMappingService;
 import org.junit.Test;
 
 /**

http://git-wip-us.apache.org/repos/asf/sentry/blob/2bae7329/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/thrift/SentryPolicyStoreProcessor.java
----------------------------------------------------------------------
diff --git a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/thrift/SentryPolicyStoreProcessor.java
b/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/thrift/SentryPolicyStoreProcessor.java
index 7931eb8..5fafec8 100644
--- a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/thrift/SentryPolicyStoreProcessor.java
+++ b/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/thrift/SentryPolicyStoreProcessor.java
@@ -32,7 +32,7 @@ import org.apache.hadoop.conf.Configuration;
 import org.apache.sentry.core.common.exception.SentryUserException;
 import org.apache.sentry.core.common.exception.SentrySiteConfigurationException;
 import org.apache.sentry.core.model.db.AccessConstants;
-import org.apache.sentry.provider.common.GroupMappingService;
+import org.apache.sentry.core.common.service.GroupMappingService;
 import org.apache.sentry.core.common.utils.PolicyFileConstants;
 import org.apache.sentry.core.common.exception.SentryGroupNotFoundException;
 import org.apache.sentry.core.common.exception.SentryAccessDeniedException;

http://git-wip-us.apache.org/repos/asf/sentry/blob/2bae7329/sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/provider/db/generic/service/thrift/TestSentryGenericPolicyProcessor.java
----------------------------------------------------------------------
diff --git a/sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/provider/db/generic/service/thrift/TestSentryGenericPolicyProcessor.java
b/sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/provider/db/generic/service/thrift/TestSentryGenericPolicyProcessor.java
index 11dd5e2..d1fd94e 100644
--- a/sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/provider/db/generic/service/thrift/TestSentryGenericPolicyProcessor.java
+++ b/sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/provider/db/generic/service/thrift/TestSentryGenericPolicyProcessor.java
@@ -30,7 +30,7 @@ import org.apache.sentry.core.common.exception.SentrySiteConfigurationException;
 import org.apache.sentry.core.model.search.Collection;
 import org.apache.sentry.core.model.search.Field;
 import org.apache.sentry.core.model.search.SearchConstants;
-import org.apache.sentry.provider.common.GroupMappingService;
+import org.apache.sentry.core.common.service.GroupMappingService;
 import org.apache.sentry.core.common.exception.SentryAlreadyExistsException;
 import org.apache.sentry.core.common.exception.SentryGrantDeniedException;
 import org.apache.sentry.core.common.exception.SentryInvalidInputException;

http://git-wip-us.apache.org/repos/asf/sentry/blob/2bae7329/sentry-provider/sentry-provider-file/src/main/java/org/apache/sentry/provider/file/LocalGroupMappingService.java
----------------------------------------------------------------------
diff --git a/sentry-provider/sentry-provider-file/src/main/java/org/apache/sentry/provider/file/LocalGroupMappingService.java
b/sentry-provider/sentry-provider-file/src/main/java/org/apache/sentry/provider/file/LocalGroupMappingService.java
index dec47c2..eb23ff1 100644
--- a/sentry-provider/sentry-provider-file/src/main/java/org/apache/sentry/provider/file/LocalGroupMappingService.java
+++ b/sentry-provider/sentry-provider-file/src/main/java/org/apache/sentry/provider/file/LocalGroupMappingService.java
@@ -26,8 +26,8 @@ import java.util.Set;
 import org.apache.hadoop.conf.Configuration;
 import org.apache.hadoop.fs.FileSystem;
 import org.apache.hadoop.fs.Path;
+import org.apache.sentry.core.common.service.GroupMappingService;
 import org.apache.sentry.core.common.utils.SentryConstants;
-import org.apache.sentry.provider.common.GroupMappingService;
 import org.apache.sentry.core.common.utils.PolicyFileConstants;
 import org.apache.sentry.core.common.exception.SentryGroupNotFoundException;
 import org.apache.shiro.config.Ini;


Mime
View raw message