sentry-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From co...@apache.org
Subject [6/6] sentry git commit: SENTRY-1288: Create sentry-service-client module(Colin Ma, reviewed by Dapeng Sun)
Date Mon, 27 Jun 2016 01:27:28 GMT
SENTRY-1288: Create sentry-service-client module(Colin Ma, reviewed by Dapeng Sun)


Project: http://git-wip-us.apache.org/repos/asf/sentry/repo
Commit: http://git-wip-us.apache.org/repos/asf/sentry/commit/01875092
Tree: http://git-wip-us.apache.org/repos/asf/sentry/tree/01875092
Diff: http://git-wip-us.apache.org/repos/asf/sentry/diff/01875092

Branch: refs/heads/SENTRY-1205
Commit: 018750927cadc04943dd521107ddd6a08d46a871
Parents: e72e6ea
Author: Colin Ma <colin@apache.org>
Authored: Mon Jun 27 10:12:01 2016 +0800
Committer: Colin Ma <colin@apache.org>
Committed: Mon Jun 27 10:12:01 2016 +0800

----------------------------------------------------------------------
 pom.xml                                         |    5 +
 sentry-dist/pom.xml                             |    4 +
 sentry-dist/src/main/assembly/bin.xml           |    1 +
 sentry-provider/sentry-provider-db/pom.xml      |   14 +-
 .../thrift/SentryGenericServiceClient.java      |  196 ----
 .../SentryGenericServiceClientDefaultImpl.java  |  591 ----------
 .../SentryGenericServiceClientFactory.java      |   34 -
 .../tools/KafkaTSentryPrivilegeConverter.java   |  118 --
 .../generic/tools/SentryConfigToolCommon.java   |  152 ---
 .../db/generic/tools/SentryConfigToolSolr.java  |  262 -----
 .../db/generic/tools/SentryShellKafka.java      |  113 --
 .../db/generic/tools/SentryShellSolr.java       |  112 --
 .../tools/SolrTSentryPrivilegeConverter.java    |  137 ---
 .../tools/command/AddRoleToGroupCmd.java        |   46 -
 .../db/generic/tools/command/Command.java       |   27 -
 .../db/generic/tools/command/CreateRoleCmd.java |   39 -
 .../tools/command/DeleteRoleFromGroupCmd.java   |   46 -
 .../db/generic/tools/command/DropRoleCmd.java   |   39 -
 .../tools/command/GrantPrivilegeToRoleCmd.java  |   47 -
 .../tools/command/ListPrivilegesByRoleCmd.java  |   54 -
 .../db/generic/tools/command/ListRolesCmd.java  |   53 -
 .../command/RevokePrivilegeFromRoleCmd.java     |   47 -
 .../command/TSentryPrivilegeConverter.java      |   33 -
 .../db/service/persistent/ServiceManager.java   |   97 --
 .../thrift/SentryPolicyServiceClient.java       |  207 ----
 .../SentryPolicyServiceClientDefaultImpl.java   | 1051 -----------------
 .../provider/db/tools/SentryShellCommon.java    |  247 ----
 .../provider/db/tools/SentryShellHive.java      |   98 --
 .../provider/db/tools/command/hive/Command.java |   27 -
 .../db/tools/command/hive/CommandUtil.java      |  117 --
 .../db/tools/command/hive/CreateRoleCmd.java    |   37 -
 .../db/tools/command/hive/DropRoleCmd.java      |   37 -
 .../command/hive/GrantPrivilegeToRoleCmd.java   |   61 -
 .../command/hive/GrantRoleToGroupsCmd.java      |   44 -
 .../tools/command/hive/ListPrivilegesCmd.java   |   97 --
 .../db/tools/command/hive/ListRolesCmd.java     |   51 -
 .../hive/RevokePrivilegeFromRoleCmd.java        |   62 --
 .../command/hive/RevokeRoleFromGroupsCmd.java   |   43 -
 .../thrift/HAClientInvocationHandler.java       |  139 ---
 .../thrift/PoolClientInvocationHandler.java     |  154 ---
 .../thrift/SentryClientInvocationHandler.java   |   54 -
 .../thrift/SentryServiceClientFactory.java      |   52 -
 .../thrift/SentryServiceClientPoolFactory.java  |   78 --
 sentry-service/pom.xml                          |    1 +
 sentry-service/sentry-service-client/pom.xml    |   61 +
 .../thrift/SentryGenericServiceClient.java      |  196 ++++
 .../SentryGenericServiceClientDefaultImpl.java  |  591 ++++++++++
 .../SentryGenericServiceClientFactory.java      |   34 +
 .../tools/KafkaTSentryPrivilegeConverter.java   |  118 ++
 .../generic/tools/SentryConfigToolCommon.java   |  152 +++
 .../db/generic/tools/SentryConfigToolSolr.java  |  262 +++++
 .../db/generic/tools/SentryShellKafka.java      |  113 ++
 .../db/generic/tools/SentryShellSolr.java       |  112 ++
 .../tools/SolrTSentryPrivilegeConverter.java    |  137 +++
 .../tools/command/AddRoleToGroupCmd.java        |   46 +
 .../db/generic/tools/command/Command.java       |   27 +
 .../db/generic/tools/command/CreateRoleCmd.java |   39 +
 .../tools/command/DeleteRoleFromGroupCmd.java   |   46 +
 .../db/generic/tools/command/DropRoleCmd.java   |   39 +
 .../tools/command/GrantPrivilegeToRoleCmd.java  |   47 +
 .../tools/command/ListPrivilegesByRoleCmd.java  |   54 +
 .../db/generic/tools/command/ListRolesCmd.java  |   53 +
 .../command/RevokePrivilegeFromRoleCmd.java     |   47 +
 .../command/TSentryPrivilegeConverter.java      |   33 +
 .../db/service/persistent/ServiceManager.java   |   97 ++
 .../thrift/SentryPolicyServiceClient.java       |  207 ++++
 .../SentryPolicyServiceClientDefaultImpl.java   | 1054 ++++++++++++++++++
 .../provider/db/tools/SentryShellCommon.java    |  247 ++++
 .../provider/db/tools/SentryShellHive.java      |   98 ++
 .../provider/db/tools/command/hive/Command.java |   27 +
 .../db/tools/command/hive/CommandUtil.java      |  117 ++
 .../db/tools/command/hive/CreateRoleCmd.java    |   37 +
 .../db/tools/command/hive/DropRoleCmd.java      |   37 +
 .../command/hive/GrantPrivilegeToRoleCmd.java   |   61 +
 .../command/hive/GrantRoleToGroupsCmd.java      |   44 +
 .../tools/command/hive/ListPrivilegesCmd.java   |   97 ++
 .../db/tools/command/hive/ListRolesCmd.java     |   51 +
 .../hive/RevokePrivilegeFromRoleCmd.java        |   62 ++
 .../command/hive/RevokeRoleFromGroupsCmd.java   |   43 +
 .../thrift/HAClientInvocationHandler.java       |  139 +++
 .../thrift/PoolClientInvocationHandler.java     |  154 +++
 .../thrift/SentryClientInvocationHandler.java   |   54 +
 .../thrift/SentryServiceClientFactory.java      |   52 +
 .../thrift/SentryServiceClientPoolFactory.java  |   78 ++
 sentry-service/sentry-service-server/pom.xml    |   10 +-
 85 files changed, 4980 insertions(+), 4917 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/sentry/blob/01875092/pom.xml
----------------------------------------------------------------------
diff --git a/pom.xml b/pom.xml
index a434fdb..bc4d8d5 100644
--- a/pom.xml
+++ b/pom.xml
@@ -436,6 +436,11 @@ limitations under the License.
       </dependency>
       <dependency>
         <groupId>org.apache.sentry</groupId>
+        <artifactId>sentry-service-client</artifactId>
+        <version>${project.version}</version>
+      </dependency>
+      <dependency>
+        <groupId>org.apache.sentry</groupId>
         <artifactId>sentry-provider-common</artifactId>
         <version>${project.version}</version>
       </dependency>

http://git-wip-us.apache.org/repos/asf/sentry/blob/01875092/sentry-dist/pom.xml
----------------------------------------------------------------------
diff --git a/sentry-dist/pom.xml b/sentry-dist/pom.xml
index 8b3022f..04645ad 100644
--- a/sentry-dist/pom.xml
+++ b/sentry-dist/pom.xml
@@ -80,6 +80,10 @@ limitations under the License.
     </dependency>
     <dependency>
       <groupId>org.apache.sentry</groupId>
+      <artifactId>sentry-service-client</artifactId>
+    </dependency>
+    <dependency>
+      <groupId>org.apache.sentry</groupId>
       <artifactId>sentry-provider-common</artifactId>
     </dependency>
     <dependency>

http://git-wip-us.apache.org/repos/asf/sentry/blob/01875092/sentry-dist/src/main/assembly/bin.xml
----------------------------------------------------------------------
diff --git a/sentry-dist/src/main/assembly/bin.xml b/sentry-dist/src/main/assembly/bin.xml
index 5727fc9..ab95aac 100644
--- a/sentry-dist/src/main/assembly/bin.xml
+++ b/sentry-dist/src/main/assembly/bin.xml
@@ -102,6 +102,7 @@
         <exclude>sentry-policy/**</exclude>
         <exclude>sentry-tests/**</exclude>
         <exclude>sentry-hdfs/**</exclude>
+        <exclude>sentry-service/**</exclude>
         <exclude>sentry-solr/**</exclude>
       </excludes>
 

http://git-wip-us.apache.org/repos/asf/sentry/blob/01875092/sentry-provider/sentry-provider-db/pom.xml
----------------------------------------------------------------------
diff --git a/sentry-provider/sentry-provider-db/pom.xml b/sentry-provider/sentry-provider-db/pom.xml
index 8061433..f028ee3 100644
--- a/sentry-provider/sentry-provider-db/pom.xml
+++ b/sentry-provider/sentry-provider-db/pom.xml
@@ -46,10 +46,6 @@ limitations under the License.
       <scope>test</scope>
     </dependency>
     <dependency>
-      <groupId>org.apache.derby</groupId>
-      <artifactId>derby</artifactId>
-    </dependency>
-    <dependency>
       <groupId>log4j</groupId>
       <artifactId>log4j</artifactId>
     </dependency>
@@ -79,11 +75,7 @@ limitations under the License.
     </dependency>
     <dependency>
       <groupId>org.apache.sentry</groupId>
-      <artifactId>sentry-service-common</artifactId>
-    </dependency>
-    <dependency>
-      <groupId>org.apache.sentry</groupId>
-      <artifactId>sentry-provider-file</artifactId>
+      <artifactId>sentry-service-client</artifactId>
     </dependency>
     <dependency>
       <groupId>org.apache.sentry</groupId>
@@ -159,9 +151,5 @@ limitations under the License.
       <artifactId>mockito-all</artifactId>
       <scope>test</scope>
     </dependency>
-    <dependency>
-      <groupId>org.apache.commons</groupId>
-      <artifactId>commons-pool2</artifactId>
-    </dependency>
   </dependencies>
 </project>

http://git-wip-us.apache.org/repos/asf/sentry/blob/01875092/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/generic/service/thrift/SentryGenericServiceClient.java
----------------------------------------------------------------------
diff --git a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/generic/service/thrift/SentryGenericServiceClient.java b/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/generic/service/thrift/SentryGenericServiceClient.java
deleted file mode 100644
index 11cdee7..0000000
--- a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/generic/service/thrift/SentryGenericServiceClient.java
+++ /dev/null
@@ -1,196 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements.  See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership.  The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License.  You may obtain a copy of the License at
- *
- *     http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package org.apache.sentry.provider.db.generic.service.thrift;
-
-import java.util.List;
-import java.util.Map;
-import java.util.Set;
-
-import org.apache.sentry.core.common.exception.SentryUserException;
-import org.apache.sentry.core.common.ActiveRoleSet;
-import org.apache.sentry.core.common.Authorizable;
-
-public interface SentryGenericServiceClient {
-
-  /**
-   * Create a sentry role
-   * @param requestorUserName: user on whose behalf the request is issued
-   * @param roleName: Name of the role
-   * @param component: The request is issued to which component
-   * @throws SentryUserException
-   */
-  void createRole(String requestorUserName, String roleName,
-      String component) throws SentryUserException;
-
-  void createRoleIfNotExist(String requestorUserName,
-      String roleName, String component) throws SentryUserException;
-
-  /**
-   * Drop a sentry role
-   * @param requestorUserName: user on whose behalf the request is issued
-   * @param roleName: Name of the role
-   * @param component: The request is issued to which component
-   * @throws SentryUserException
-   */
-  void dropRole(String requestorUserName, String roleName,
-      String component) throws SentryUserException;
-
-  void dropRoleIfExists(String requestorUserName, String roleName,
-      String component) throws SentryUserException;
-
-  /**
-   * add a sentry role to groups.
-   * @param requestorUserName: user on whose behalf the request is issued
-   * @param roleName: Name of the role
-   * @param component: The request is issued to which component
-   * @param groups: The name of groups
-   * @throws SentryUserException
-   */
-  void addRoleToGroups(String requestorUserName, String roleName,
-      String component, Set<String> groups) throws SentryUserException;
-
-  /**
-   * delete a sentry role from groups.
-   * @param requestorUserName: user on whose behalf the request is issued
-   * @param roleName: Name of the role
-   * @param component: The request is issued to which component
-   * @param groups: The name of groups
-   * @throws SentryUserException
-   */
-  void deleteRoleToGroups(String requestorUserName, String roleName,
-      String component, Set<String> groups) throws SentryUserException;
-
-  /**
-   * grant privilege
-   * @param requestorUserName: user on whose behalf the request is issued
-   * @param roleName: Name of the role
-   * @param component: The request is issued to which component
-   * @param privilege
-   * @throws SentryUserException
-   */
-  void grantPrivilege(String requestorUserName, String roleName,
-      String component, TSentryPrivilege privilege) throws SentryUserException;
-
-  /**
-   * revoke privilege
-   * @param requestorUserName: user on whose behalf the request is issued
-   * @param roleName: Name of the role
-   * @param component: The request is issued to which component
-   * @param privilege
-   * @throws SentryUserException
-   */
-  void revokePrivilege(String requestorUserName, String roleName,
-      String component, TSentryPrivilege privilege) throws SentryUserException;
-
-  /**
-   * drop privilege
-   * @param requestorUserName: user on whose behalf the request is issued
-   * @param component: The request is issued to which component
-   * @param privilege
-   * @throws SentryUserException
-   */
-  void dropPrivilege(String requestorUserName,String component,
-      TSentryPrivilege privilege) throws SentryUserException;
-
-  /**
-   * rename privilege
-   * @param requestorUserName: user on whose behalf the request is issued
-   * @param component: The request is issued to which component
-   * @param serviceName: The Authorizable belongs to which service
-   * @param oldAuthorizables
-   * @param newAuthorizables
-   * @throws SentryUserException
-   */
-  void renamePrivilege(String requestorUserName, String component,
-      String serviceName, List<? extends Authorizable> oldAuthorizables,
-      List<? extends Authorizable> newAuthorizables) throws SentryUserException;
-
-  /**
-   * Gets sentry role objects for a given groupName using the Sentry service
-   * @param requestorUserName : user on whose behalf the request is issued
-   * @param groupName : groupName to look up ( if null returns all roles for groups related to requestorUserName)
-   * @param component: The request is issued to which component
-   * @return Set of thrift sentry role objects
-   * @throws SentryUserException
-   */
-  Set<TSentryRole> listRolesByGroupName(
-      String requestorUserName,
-      String groupName,
-      String component)
-  throws SentryUserException;
-
-  Set<TSentryRole> listUserRoles(String requestorUserName, String component)
-      throws SentryUserException;
-
-  Set<TSentryRole> listAllRoles(String requestorUserName, String component)
-      throws SentryUserException;
-
-  /**
-   * Gets sentry privileges for a given roleName and Authorizable Hierarchy using the Sentry service
-   * @param requestorUserName: user on whose behalf the request is issued
-   * @param roleName:
-   * @param component: The request is issued to which component
-   * @param serviceName
-   * @param authorizables
-   * @return
-   * @throws SentryUserException
-   */
-  Set<TSentryPrivilege> listPrivilegesByRoleName(
-      String requestorUserName, String roleName, String component,
-      String serviceName, List<? extends Authorizable> authorizables)
-      throws SentryUserException;
-
-  Set<TSentryPrivilege> listPrivilegesByRoleName(
-      String requestorUserName, String roleName, String component,
-      String serviceName) throws SentryUserException;
-
-  /**
-   * get sentry permissions from provider as followings:
-   * @param: component: The request is issued to which component
-   * @param: serviceName: The privilege belongs to which service
-   * @param: roleSet
-   * @param: groupNames
-   * @param: the authorizables
-   * @returns the set of permissions
-   * @throws SentryUserException
-   */
-  Set<String> listPrivilegesForProvider(String component,
-      String serviceName, ActiveRoleSet roleSet, Set<String> groups,
-      List<? extends Authorizable> authorizables) throws SentryUserException;
-
-  /**
-   * Get sentry privileges based on valid active roles and the authorize objects. Note that
-   * it is client responsibility to ensure the requestor username, etc. is not impersonated.
-   *
-   * @param component: The request respond to which component.
-   * @param serviceName: The name of service.
-   * @param requestorUserName: The requestor user name.
-   * @param authorizablesSet: The set of authorize objects. One authorize object is represented
-   *     as a string. e.g resourceType1=resourceName1->resourceType2=resourceName2->resourceType3=resourceName3.
-   * @param groups: The requested groups.
-   * @param roleSet: The active roles set.
-   *
-   * @returns The mapping of authorize objects and TSentryPrivilegeMap(<role, set<privileges>).
-   * @throws SentryUserException
-   */
-  Map<String, TSentryPrivilegeMap> listPrivilegsbyAuthorizable(String component,
-      String serviceName, String requestorUserName, Set<String> authorizablesSet,
-      Set<String> groups, ActiveRoleSet roleSet) throws SentryUserException;
-
-  void close();
-}

http://git-wip-us.apache.org/repos/asf/sentry/blob/01875092/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/generic/service/thrift/SentryGenericServiceClientDefaultImpl.java
----------------------------------------------------------------------
diff --git a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/generic/service/thrift/SentryGenericServiceClientDefaultImpl.java b/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/generic/service/thrift/SentryGenericServiceClientDefaultImpl.java
deleted file mode 100644
index d22cfe2..0000000
--- a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/generic/service/thrift/SentryGenericServiceClientDefaultImpl.java
+++ /dev/null
@@ -1,591 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements.  See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership.  The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License.  You may obtain a copy of the License at
- *
- *     http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package org.apache.sentry.provider.db.generic.service.thrift;
-
-import java.io.IOException;
-import java.net.InetSocketAddress;
-import java.security.PrivilegedExceptionAction;
-import java.util.*;
-
-import javax.security.auth.callback.CallbackHandler;
-
-import org.apache.hadoop.conf.Configuration;
-import static org.apache.hadoop.fs.CommonConfigurationKeysPublic.HADOOP_SECURITY_AUTHENTICATION;
-import org.apache.hadoop.net.NetUtils;
-import org.apache.hadoop.security.SaslRpcServer;
-import org.apache.hadoop.security.SaslRpcServer.AuthMethod;
-import org.apache.hadoop.security.SecurityUtil;
-import org.apache.hadoop.security.UserGroupInformation;
-import org.apache.sentry.core.common.exception.SentryUserException;
-import org.apache.sentry.core.common.ActiveRoleSet;
-import org.apache.sentry.core.common.Authorizable;
-import org.apache.sentry.core.model.db.AccessConstants;
-import org.apache.sentry.service.thrift.ServiceConstants;
-import org.apache.sentry.service.thrift.ServiceConstants.ClientConfig;
-import org.apache.sentry.service.thrift.ServiceConstants.ServerConfig;
-import org.apache.sentry.service.thrift.Status;
-import org.apache.sentry.service.thrift.sentry_common_serviceConstants;
-import org.apache.thrift.TException;
-import org.apache.thrift.protocol.TBinaryProtocol;
-import org.apache.thrift.protocol.TMultiplexedProtocol;
-import org.apache.thrift.transport.TSaslClientTransport;
-import org.apache.thrift.transport.TSocket;
-import org.apache.thrift.transport.TTransport;
-import org.apache.thrift.transport.TTransportException;
-import org.slf4j.Logger;
-import org.slf4j.LoggerFactory;
-
-import com.google.common.base.Preconditions;
-import com.google.common.collect.Lists;
-
-public class SentryGenericServiceClientDefaultImpl implements SentryGenericServiceClient {
-  private final Configuration conf;
-  private final InetSocketAddress serverAddress;
-  private final boolean kerberos;
-  private final String[] serverPrincipalParts;
-  private SentryGenericPolicyService.Client client;
-  private TTransport transport;
-  private int connectionTimeout;
-  private static final Logger LOGGER = LoggerFactory
-                                       .getLogger(SentryGenericServiceClientDefaultImpl.class);
-  private static final String THRIFT_EXCEPTION_MESSAGE = "Thrift exception occured ";
-
-  /**
-   * This transport wraps the Sasl transports to set up the right UGI context for open().
-   */
-  public static class UgiSaslClientTransport extends TSaslClientTransport {
-    protected UserGroupInformation ugi = null;
-
-    public UgiSaslClientTransport(String mechanism, String authorizationId,
-        String protocol, String serverName, Map<String, String> props,
-        CallbackHandler cbh, TTransport transport, boolean wrapUgi, Configuration conf)
-        throws IOException {
-      super(mechanism, authorizationId, protocol, serverName, props, cbh,
-          transport);
-      if (wrapUgi) {
-       // If we don't set the configuration, the UGI will be created based on
-       // what's on the classpath, which may lack the kerberos changes we require
-        UserGroupInformation.setConfiguration(conf);
-        ugi = UserGroupInformation.getLoginUser();
-      }
-    }
-
-    // open the SASL transport with using the current UserGroupInformation
-    // This is needed to get the current login context stored
-    @Override
-    public void open() throws TTransportException {
-      if (ugi == null) {
-        baseOpen();
-      } else {
-        try {
-          if (ugi.isFromKeytab()) {
-            ugi.checkTGTAndReloginFromKeytab();
-          }
-          ugi.doAs(new PrivilegedExceptionAction<Void>() {
-            public Void run() throws TTransportException {
-              baseOpen();
-              return null;
-            }
-          });
-        } catch (IOException e) {
-          throw new TTransportException("Failed to open SASL transport: "  + e.getMessage(), e);
-        } catch (InterruptedException e) {
-          throw new TTransportException(
-              "Interrupted while opening underlying transport: " + e.getMessage(), e);
-        }
-      }
-    }
-
-    private void baseOpen() throws TTransportException {
-      super.open();
-    }
-  }
-
-  public SentryGenericServiceClientDefaultImpl(Configuration conf) throws IOException {
-    // copy the configuration because we may make modifications to it.
-    this.conf = new Configuration(conf);
-    Preconditions.checkNotNull(this.conf, "Configuration object cannot be null");
-    this.serverAddress = NetUtils.createSocketAddr(Preconditions.checkNotNull(
-                           conf.get(ClientConfig.SERVER_RPC_ADDRESS), "Config key "
-                           + ClientConfig.SERVER_RPC_ADDRESS + " is required"), conf.getInt(
-                           ClientConfig.SERVER_RPC_PORT, ClientConfig.SERVER_RPC_PORT_DEFAULT));
-    this.connectionTimeout = conf.getInt(ClientConfig.SERVER_RPC_CONN_TIMEOUT,
-                                         ClientConfig.SERVER_RPC_CONN_TIMEOUT_DEFAULT);
-    kerberos = ServerConfig.SECURITY_MODE_KERBEROS.equalsIgnoreCase(
-        conf.get(ServerConfig.SECURITY_MODE, ServerConfig.SECURITY_MODE_KERBEROS).trim());
-    transport = new TSocket(serverAddress.getHostName(),
-        serverAddress.getPort(), connectionTimeout);
-    if (kerberos) {
-      String serverPrincipal = Preconditions.checkNotNull(conf.get(ServerConfig.PRINCIPAL), ServerConfig.PRINCIPAL + " is required");
-      // since the client uses hadoop-auth, we need to set kerberos in
-      // hadoop-auth if we plan to use kerberos
-      conf.set(HADOOP_SECURITY_AUTHENTICATION, ServerConfig.SECURITY_MODE_KERBEROS);
-
-      // Resolve server host in the same way as we are doing on server side
-      serverPrincipal = SecurityUtil.getServerPrincipal(serverPrincipal, serverAddress.getAddress());
-      LOGGER.debug("Using server kerberos principal: " + serverPrincipal);
-
-      serverPrincipalParts = SaslRpcServer.splitKerberosName(serverPrincipal);
-      Preconditions.checkArgument(serverPrincipalParts.length == 3,
-           "Kerberos principal should have 3 parts: " + serverPrincipal);
-      boolean wrapUgi = "true".equalsIgnoreCase(conf
-          .get(ServerConfig.SECURITY_USE_UGI_TRANSPORT, "true"));
-      transport = new UgiSaslClientTransport(AuthMethod.KERBEROS.getMechanismName(),
-          null, serverPrincipalParts[0], serverPrincipalParts[1],
-          ClientConfig.SASL_PROPERTIES, null, transport, wrapUgi, conf);
-    } else {
-      serverPrincipalParts = null;
-    }
-    try {
-      transport.open();
-    } catch (TTransportException e) {
-      throw new IOException("Transport exception while opening transport: " + e.getMessage(), e);
-    }
-    LOGGER.debug("Successfully opened transport: " + transport + " to " + serverAddress);
-    long maxMessageSize = conf.getLong(ServiceConstants.ClientConfig.SENTRY_POLICY_CLIENT_THRIFT_MAX_MESSAGE_SIZE,
-        ServiceConstants.ClientConfig.SENTRY_POLICY_CLIENT_THRIFT_MAX_MESSAGE_SIZE_DEFAULT);
-    TMultiplexedProtocol protocol = new TMultiplexedProtocol(
-        new TBinaryProtocol(transport, maxMessageSize, maxMessageSize, true, true),
-        ServiceConstants.SENTRY_GENERIC_SERVICE_NAME);
-    client = new SentryGenericPolicyService.Client(protocol);
-    LOGGER.debug("Successfully created client");
-  }
-
-
-
-  /**
-   * Create a sentry role
-   * @param requestorUserName: user on whose behalf the request is issued
-   * @param roleName: Name of the role
-   * @param component: The request is issued to which component
-   * @throws SentryUserException
-   */
-  public synchronized void createRole(String requestorUserName, String roleName, String component)
-  throws SentryUserException {
-    TCreateSentryRoleRequest request = new TCreateSentryRoleRequest();
-    request.setProtocol_version(sentry_common_serviceConstants.TSENTRY_SERVICE_V2);
-    request.setRequestorUserName(requestorUserName);
-    request.setRoleName(roleName);
-    request.setComponent(component);
-    try {
-      TCreateSentryRoleResponse response = client.create_sentry_role(request);
-      Status.throwIfNotOk(response.getStatus());
-    } catch (TException e) {
-      throw new SentryUserException(THRIFT_EXCEPTION_MESSAGE, e);
-    }
-  }
-
-  public void createRoleIfNotExist(String requestorUserName, String roleName, String component) throws SentryUserException {
-    TCreateSentryRoleRequest request = new TCreateSentryRoleRequest();
-    request.setProtocol_version(sentry_common_serviceConstants.TSENTRY_SERVICE_V2);
-    request.setRequestorUserName(requestorUserName);
-    request.setRoleName(roleName);
-    request.setComponent(component);
-    try {
-      TCreateSentryRoleResponse response = client.create_sentry_role(request);
-      Status status = Status.fromCode(response.getStatus().getValue());
-      if (status == Status.ALREADY_EXISTS) {
-        return;
-      }
-      Status.throwIfNotOk(response.getStatus());
-    } catch (TException e) {
-      throw new SentryUserException(THRIFT_EXCEPTION_MESSAGE, e);
-    }
-  }
-
-  /**
-   * Drop a sentry role
-   * @param requestorUserName: user on whose behalf the request is issued
-   * @param roleName: Name of the role
-   * @param component: The request is issued to which component
-   * @throws SentryUserException
-   */
-  public void dropRole(String requestorUserName,
-      String roleName, String component)
-  throws SentryUserException {
-    dropRole(requestorUserName, roleName, component, false);
-  }
-
-  public void dropRoleIfExists(String requestorUserName,
-      String roleName, String component)
-  throws SentryUserException {
-    dropRole(requestorUserName, roleName, component, true);
-  }
-
-  private void dropRole(String requestorUserName,
-      String roleName, String component , boolean ifExists)
-  throws SentryUserException {
-    TDropSentryRoleRequest request = new TDropSentryRoleRequest();
-    request.setProtocol_version(sentry_common_serviceConstants.TSENTRY_SERVICE_V2);
-    request.setRequestorUserName(requestorUserName);
-    request.setRoleName(roleName);
-    request.setComponent(component);
-    try {
-      TDropSentryRoleResponse response = client.drop_sentry_role(request);
-      Status status = Status.fromCode(response.getStatus().getValue());
-      if (ifExists && status == Status.NO_SUCH_OBJECT) {
-        return;
-      }
-      Status.throwIfNotOk(response.getStatus());
-    } catch (TException e) {
-      throw new SentryUserException(THRIFT_EXCEPTION_MESSAGE, e);
-    }
-  }
-
-  /**
-   * add a sentry role to groups.
-   * @param requestorUserName: user on whose behalf the request is issued
-   * @param roleName: Name of the role
-   * @param component: The request is issued to which component
-   * @param groups: The name of groups
-   * @throws SentryUserException
-   */
-  public void addRoleToGroups(String requestorUserName, String roleName,
-      String component, Set<String> groups) throws SentryUserException {
-    TAlterSentryRoleAddGroupsRequest request = new TAlterSentryRoleAddGroupsRequest();
-    request.setProtocol_version(sentry_common_serviceConstants.TSENTRY_SERVICE_V2);
-    request.setRequestorUserName(requestorUserName);
-    request.setRoleName(roleName);
-    request.setGroups(groups);
-    request.setComponent(component);
-
-    try {
-      TAlterSentryRoleAddGroupsResponse response = client.alter_sentry_role_add_groups(request);
-      Status.throwIfNotOk(response.getStatus());
-    } catch (TException e) {
-      throw new SentryUserException(THRIFT_EXCEPTION_MESSAGE, e);
-    }
-  }
-
-  /**
-   * delete a sentry role from groups.
-   * @param requestorUserName: user on whose behalf the request is issued
-   * @param roleName: Name of the role
-   * @param component: The request is issued to which component
-   * @param groups: The name of groups
-   * @throws SentryUserException
-   */
-  public void deleteRoleToGroups(String requestorUserName, String roleName,
-      String component, Set<String> groups) throws SentryUserException {
-    TAlterSentryRoleDeleteGroupsRequest request = new TAlterSentryRoleDeleteGroupsRequest();
-    request.setProtocol_version(sentry_common_serviceConstants.TSENTRY_SERVICE_V2);
-    request.setRequestorUserName(requestorUserName);
-    request.setRoleName(roleName);
-    request.setGroups(groups);
-    request.setComponent(component);
-
-    try {
-      TAlterSentryRoleDeleteGroupsResponse response = client.alter_sentry_role_delete_groups(request);
-      Status.throwIfNotOk(response.getStatus());
-    } catch (TException e) {
-      throw new SentryUserException(THRIFT_EXCEPTION_MESSAGE, e);
-    }
-  }
-
-  /**
-   * grant privilege
-   * @param requestorUserName: user on whose behalf the request is issued
-   * @param roleName: Name of the role
-   * @param component: The request is issued to which component
-   * @param privilege
-   * @throws SentryUserException
-   */
-  public void grantPrivilege(String requestorUserName, String roleName,
-      String component, TSentryPrivilege privilege) throws SentryUserException {
-    TAlterSentryRoleGrantPrivilegeRequest request = new TAlterSentryRoleGrantPrivilegeRequest();
-    request.setProtocol_version(sentry_common_serviceConstants.TSENTRY_SERVICE_V2);
-    request.setComponent(component);
-    request.setRoleName(roleName);
-    request.setRequestorUserName(requestorUserName);
-    request.setPrivilege(privilege);
-
-    try {
-      TAlterSentryRoleGrantPrivilegeResponse response = client.alter_sentry_role_grant_privilege(request);
-      Status.throwIfNotOk(response.getStatus());
-    } catch (TException e) {
-      throw new SentryUserException(THRIFT_EXCEPTION_MESSAGE, e);
-    }
-  }
-
-  /**
-   * revoke privilege
-   * @param requestorUserName: user on whose behalf the request is issued
-   * @param roleName: Name of the role
-   * @param component: The request is issued to which component
-   * @param privilege
-   * @throws SentryUserException
-   */
-  public void revokePrivilege(String requestorUserName, String roleName,
-      String component, TSentryPrivilege privilege) throws SentryUserException {
-    TAlterSentryRoleRevokePrivilegeRequest request = new TAlterSentryRoleRevokePrivilegeRequest();
-    request.setProtocol_version(sentry_common_serviceConstants.TSENTRY_SERVICE_V2);
-    request.setComponent(component);
-    request.setRequestorUserName(requestorUserName);
-    request.setRoleName(roleName);
-    request.setPrivilege(privilege);
-
-    try {
-      TAlterSentryRoleRevokePrivilegeResponse response = client.alter_sentry_role_revoke_privilege(request);
-      Status.throwIfNotOk(response.getStatus());
-    } catch (TException e) {
-      throw new SentryUserException(THRIFT_EXCEPTION_MESSAGE, e);
-    }
-  }
-
-  /**
-   * drop privilege
-   * @param requestorUserName: user on whose behalf the request is issued
-   * @param component: The request is issued to which component
-   * @param privilege
-   * @throws SentryUserException
-   */
-  public void dropPrivilege(String requestorUserName,String component,
-      TSentryPrivilege privilege) throws SentryUserException {
-    TDropPrivilegesRequest request = new TDropPrivilegesRequest();
-    request.setProtocol_version(sentry_common_serviceConstants.TSENTRY_SERVICE_V2);
-    request.setComponent(component);
-    request.setRequestorUserName(requestorUserName);
-    request.setPrivilege(privilege);
-
-    try {
-      TDropPrivilegesResponse response = client.drop_sentry_privilege(request);
-      Status.throwIfNotOk(response.getStatus());
-    } catch (TException e) {
-      throw new SentryUserException(THRIFT_EXCEPTION_MESSAGE, e);
-    }
-  }
-
-  /**
-   * rename privilege
-   * @param requestorUserName: user on whose behalf the request is issued
-   * @param component: The request is issued to which component
-   * @param serviceName: The Authorizable belongs to which service
-   * @param oldAuthorizables
-   * @param newAuthorizables
-   * @throws SentryUserException
-   */
-  public void renamePrivilege(String requestorUserName, String component,
-      String serviceName, List<? extends Authorizable> oldAuthorizables,
-      List<? extends Authorizable> newAuthorizables) throws SentryUserException {
-    if (oldAuthorizables == null || oldAuthorizables.isEmpty()
-        || newAuthorizables == null || newAuthorizables.isEmpty()) {
-      throw new SentryUserException("oldAuthorizables or newAuthorizables can not be null or empty");
-    }
-
-    TRenamePrivilegesRequest request = new TRenamePrivilegesRequest();
-    request.setProtocol_version(sentry_common_serviceConstants.TSENTRY_SERVICE_V2);
-    request.setComponent(component);
-    request.setRequestorUserName(requestorUserName);
-    request.setServiceName(serviceName);
-
-    List<TAuthorizable> oldTAuthorizables = Lists.newArrayList();
-    List<TAuthorizable> newTAuthorizables = Lists.newArrayList();
-    for (Authorizable authorizable : oldAuthorizables) {
-      oldTAuthorizables.add(new TAuthorizable(authorizable.getTypeName(), authorizable.getName()));
-      request.setOldAuthorizables(oldTAuthorizables);
-    }
-    for (Authorizable authorizable : newAuthorizables) {
-      newTAuthorizables.add(new TAuthorizable(authorizable.getTypeName(), authorizable.getName()));
-      request.setNewAuthorizables(newTAuthorizables);
-    }
-
-    try {
-      TRenamePrivilegesResponse response = client.rename_sentry_privilege(request);
-      Status.throwIfNotOk(response.getStatus());
-    } catch (TException e) {
-      throw new SentryUserException(THRIFT_EXCEPTION_MESSAGE, e);
-    }
-  }
-
-  /**
-   * Gets sentry role objects for a given groupName using the Sentry service
-   * @param requestorUserName : user on whose behalf the request is issued
-   * @param groupName : groupName to look up ( if null returns all roles for groups related to requestorUserName)
-   * @param component: The request is issued to which component
-   * @return Set of thrift sentry role objects
-   * @throws SentryUserException
-   */
-  public synchronized Set<TSentryRole> listRolesByGroupName(
-      String requestorUserName,
-      String groupName,
-      String component)
-  throws SentryUserException {
-    TListSentryRolesRequest request = new TListSentryRolesRequest();
-    request.setProtocol_version(sentry_common_serviceConstants.TSENTRY_SERVICE_V2);
-    request.setRequestorUserName(requestorUserName);
-    request.setGroupName(groupName);
-    request.setComponent(component);
-    TListSentryRolesResponse response;
-    try {
-      response = client.list_sentry_roles_by_group(request);
-      Status.throwIfNotOk(response.getStatus());
-      return response.getRoles();
-    } catch (TException e) {
-      throw new SentryUserException(THRIFT_EXCEPTION_MESSAGE, e);
-    }
-  }
-
-  public Set<TSentryRole> listUserRoles(String requestorUserName, String component)
-      throws SentryUserException {
-    return listRolesByGroupName(requestorUserName, AccessConstants.ALL, component);
-  }
-
-  public Set<TSentryRole> listAllRoles(String requestorUserName, String component)
-      throws SentryUserException {
-    return listRolesByGroupName(requestorUserName, null, component);
-  }
-
-  /**
-   * Gets sentry privileges for a given roleName and Authorizable Hirerchys using the Sentry service
-   * @param requestorUserName: user on whose behalf the request is issued
-   * @param roleName:
-   * @param component: The request is issued to which component
-   * @param serviceName
-   * @param authorizables
-   * @return
-   * @throws SentryUserException
-   */
-  public Set<TSentryPrivilege> listPrivilegesByRoleName(
-      String requestorUserName, String roleName, String component,
-      String serviceName, List<? extends Authorizable> authorizables)
-      throws SentryUserException {
-    TListSentryPrivilegesRequest request = new TListSentryPrivilegesRequest();
-    request.setProtocol_version(sentry_common_serviceConstants.TSENTRY_SERVICE_V2);
-    request.setComponent(component);
-    request.setServiceName(serviceName);
-    request.setRequestorUserName(requestorUserName);
-    request.setRoleName(roleName);
-    if (authorizables != null && !authorizables.isEmpty()) {
-      List<TAuthorizable> tAuthorizables = Lists.newArrayList();
-      for (Authorizable authorizable : authorizables) {
-        tAuthorizables.add(new TAuthorizable(authorizable.getTypeName(), authorizable.getName()));
-      }
-      request.setAuthorizables(tAuthorizables);
-    }
-
-    TListSentryPrivilegesResponse response;
-    try {
-      response = client.list_sentry_privileges_by_role(request);
-      Status.throwIfNotOk(response.getStatus());
-    } catch (TException e) {
-      throw new SentryUserException(THRIFT_EXCEPTION_MESSAGE, e);
-    }
-    return response.getPrivileges();
-  }
-
-  public Set<TSentryPrivilege> listPrivilegesByRoleName(
-      String requestorUserName, String roleName, String component,
-      String serviceName) throws SentryUserException {
-    return listPrivilegesByRoleName(requestorUserName, roleName, component, serviceName, null);
-  }
-
-  /**
-   * get sentry permissions from provider as followings:
-   * @param: component: The request is issued to which component
-   * @param: serviceName: The privilege belongs to which service
-   * @param: roleSet
-   * @param: groupNames
-   * @param: the authorizables
-   * @returns the set of permissions
-   * @throws SentryUserException
-   */
-  public Set<String> listPrivilegesForProvider(String component,
-      String serviceName, ActiveRoleSet roleSet, Set<String> groups,
-      List<? extends Authorizable> authorizables) throws SentryUserException {
-    TSentryActiveRoleSet thriftRoleSet = new TSentryActiveRoleSet(roleSet.isAll(), roleSet.getRoles());
-    TListSentryPrivilegesForProviderRequest request = new TListSentryPrivilegesForProviderRequest();
-    request.setProtocol_version(sentry_common_serviceConstants.TSENTRY_SERVICE_V2);
-    request.setComponent(component);
-    request.setServiceName(serviceName);
-    request.setRoleSet(thriftRoleSet);
-    if (groups == null) {
-      request.setGroups(new HashSet<String>());
-    } else {
-      request.setGroups(groups);
-    }
-    List<TAuthorizable> tAuthoriables = Lists.newArrayList();
-    if (authorizables != null && !authorizables.isEmpty()) {
-      for (Authorizable authorizable : authorizables) {
-        tAuthoriables.add(new TAuthorizable(authorizable.getTypeName(), authorizable.getName()));
-      }
-      request.setAuthorizables(tAuthoriables);
-    }
-
-    try {
-      TListSentryPrivilegesForProviderResponse response = client.list_sentry_privileges_for_provider(request);
-      Status.throwIfNotOk(response.getStatus());
-      return response.getPrivileges();
-    } catch (TException e) {
-      throw new SentryUserException(THRIFT_EXCEPTION_MESSAGE, e);
-    }
-  }
-
-  /**
-   * Get sentry privileges based on valid active roles and the authorize objects. Note that
-   * it is client responsibility to ensure the requestor username, etc. is not impersonated.
-   *
-   * @param component: The request respond to which component.
-   * @param serviceName: The name of service.
-   * @param requestorUserName: The requestor user name.
-   * @param authorizablesSet: The set of authorize objects. One authorize object is represented
-   *     as a string. e.g resourceType1=resourceName1->resourceType2=resourceName2->resourceType3=resourceName3.
-   * @param groups: The requested groups.
-   * @param roleSet: The active roles set.
-   *
-   * @returns The mapping of authorize objects and TSentryPrivilegeMap(<role, set<privileges>).
-   * @throws SentryUserException
-   */
-  public Map<String, TSentryPrivilegeMap> listPrivilegsbyAuthorizable(String component,
-      String serviceName, String requestorUserName, Set<String> authorizablesSet,
-      Set<String> groups, ActiveRoleSet roleSet) throws SentryUserException {
-
-    TListSentryPrivilegesByAuthRequest request = new TListSentryPrivilegesByAuthRequest();
-
-    request.setProtocol_version(sentry_common_serviceConstants.TSENTRY_SERVICE_V2);
-    request.setComponent(component);
-    request.setServiceName(serviceName);
-    request.setRequestorUserName(requestorUserName);
-    request.setAuthorizablesSet(authorizablesSet);
-
-    if (groups == null) {
-      request.setGroups(new HashSet<String>());
-    } else {
-      request.setGroups(groups);
-    }
-
-    if (roleSet != null) {
-      request.setRoleSet(new TSentryActiveRoleSet(roleSet.isAll(), roleSet.getRoles()));
-    }
-
-    try {
-      TListSentryPrivilegesByAuthResponse response = client.list_sentry_privileges_by_authorizable(request);
-      Status.throwIfNotOk(response.getStatus());
-      return response.getPrivilegesMapByAuth();
-    } catch (TException e) {
-      throw new SentryUserException(THRIFT_EXCEPTION_MESSAGE, e);
-    }
-  }
-
-  @Override
-  public void close() {
-    if (transport != null) {
-      transport.close();
-    }
-  }
-
-}

http://git-wip-us.apache.org/repos/asf/sentry/blob/01875092/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/generic/service/thrift/SentryGenericServiceClientFactory.java
----------------------------------------------------------------------
diff --git a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/generic/service/thrift/SentryGenericServiceClientFactory.java b/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/generic/service/thrift/SentryGenericServiceClientFactory.java
deleted file mode 100644
index 980d930..0000000
--- a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/generic/service/thrift/SentryGenericServiceClientFactory.java
+++ /dev/null
@@ -1,34 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements.  See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership.  The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License.  You may obtain a copy of the License at
- *
- *     http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package org.apache.sentry.provider.db.generic.service.thrift;
-
-import org.apache.hadoop.conf.Configuration;
-
-/**
- * SentryGenericServiceClientFactory is a public class for the components which using Generic Model to create sentry client.
- */
-public final class SentryGenericServiceClientFactory {
-
-  private SentryGenericServiceClientFactory() {
-  }
-
-  public static SentryGenericServiceClient create(Configuration conf) throws Exception {
-      return new SentryGenericServiceClientDefaultImpl(conf);
-  }
-    
-}

http://git-wip-us.apache.org/repos/asf/sentry/blob/01875092/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/generic/tools/KafkaTSentryPrivilegeConverter.java
----------------------------------------------------------------------
diff --git a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/generic/tools/KafkaTSentryPrivilegeConverter.java b/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/generic/tools/KafkaTSentryPrivilegeConverter.java
deleted file mode 100644
index 688bc9e..0000000
--- a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/generic/tools/KafkaTSentryPrivilegeConverter.java
+++ /dev/null
@@ -1,118 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements.  See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership.  The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License.  You may obtain a copy of the License at
- *
- *     http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-package org.apache.sentry.provider.db.generic.tools;
-
-import com.google.common.collect.Lists;
-import org.apache.sentry.core.common.utils.KeyValue;
-import org.apache.sentry.core.common.utils.SentryConstants;
-import org.apache.sentry.core.common.validator.PrivilegeValidatorContext;
-import org.apache.sentry.core.model.kafka.KafkaAuthorizable;
-import org.apache.sentry.core.model.kafka.KafkaModelAuthorizables;
-import org.apache.sentry.core.model.kafka.validator.KafkaPrivilegeValidator;
-import org.apache.sentry.core.common.utils.PolicyFileConstants;
-import org.apache.sentry.provider.db.generic.service.thrift.TAuthorizable;
-import org.apache.sentry.provider.db.generic.service.thrift.TSentryGrantOption;
-import org.apache.sentry.provider.db.generic.service.thrift.TSentryPrivilege;
-import org.apache.sentry.provider.db.generic.tools.command.TSentryPrivilegeConverter;
-
-import java.util.Iterator;
-import java.util.LinkedList;
-import java.util.List;
-
-import static org.apache.sentry.core.common.utils.SentryConstants.AUTHORIZABLE_SEPARATOR;
-import static org.apache.sentry.core.common.utils.SentryConstants.KV_SEPARATOR;
-import static org.apache.sentry.core.common.utils.SentryConstants.RESOURCE_WILDCARD_VALUE;
-
-public  class KafkaTSentryPrivilegeConverter implements TSentryPrivilegeConverter {
-  private String component;
-  private String service;
-
-  public KafkaTSentryPrivilegeConverter(String component, String service) {
-    this.component = component;
-    this.service = service;
-  }
-
-  public TSentryPrivilege fromString(String privilegeStr) throws Exception {
-    final String hostPrefix = KafkaAuthorizable.AuthorizableType.HOST.name() + KV_SEPARATOR;
-    final String hostPrefixLowerCase = hostPrefix.toLowerCase();
-    if (!privilegeStr.toLowerCase().startsWith(hostPrefixLowerCase)) {
-      privilegeStr =  hostPrefix + RESOURCE_WILDCARD_VALUE + AUTHORIZABLE_SEPARATOR + privilegeStr;
-    }
-    validatePrivilegeHierarchy(privilegeStr);
-    TSentryPrivilege tSentryPrivilege = new TSentryPrivilege();
-    List<TAuthorizable> authorizables = new LinkedList<TAuthorizable>();
-    for (String authorizable : SentryConstants.AUTHORIZABLE_SPLITTER.split(privilegeStr)) {
-      KeyValue keyValue = new KeyValue(authorizable);
-      String key = keyValue.getKey();
-      String value = keyValue.getValue();
-
-      // is it an authorizable?
-      KafkaAuthorizable authz = KafkaModelAuthorizables.from(keyValue);
-      if (authz != null) {
-        authorizables.add(new TAuthorizable(authz.getTypeName(), authz.getName()));
-
-      } else if (PolicyFileConstants.PRIVILEGE_ACTION_NAME.equalsIgnoreCase(key)) {
-        tSentryPrivilege.setAction(value);
-      }
-    }
-
-    if (tSentryPrivilege.getAction() == null) {
-      throw new IllegalArgumentException("Privilege is invalid: action required but not specified.");
-    }
-    tSentryPrivilege.setComponent(component);
-    tSentryPrivilege.setServiceName(service);
-    tSentryPrivilege.setAuthorizables(authorizables);
-    return tSentryPrivilege;
-  }
-
-  public String toString(TSentryPrivilege tSentryPrivilege) {
-    List<String> privileges = Lists.newArrayList();
-    if (tSentryPrivilege != null) {
-      List<TAuthorizable> authorizables = tSentryPrivilege.getAuthorizables();
-      String action = tSentryPrivilege.getAction();
-      String grantOption = (tSentryPrivilege.getGrantOption() == TSentryGrantOption.TRUE ? "true"
-              : "false");
-
-      Iterator<TAuthorizable> it = authorizables.iterator();
-      if (it != null) {
-        while (it.hasNext()) {
-          TAuthorizable tAuthorizable = it.next();
-          privileges.add(SentryConstants.KV_JOINER.join(
-              tAuthorizable.getType(), tAuthorizable.getName()));
-        }
-      }
-
-      if (!authorizables.isEmpty()) {
-        privileges.add(SentryConstants.KV_JOINER.join(
-            PolicyFileConstants.PRIVILEGE_ACTION_NAME, action));
-      }
-
-      // only append the grant option to privilege string if it's true
-      if ("true".equals(grantOption)) {
-        privileges.add(SentryConstants.KV_JOINER.join(
-            PolicyFileConstants.PRIVILEGE_GRANT_OPTION_NAME, grantOption));
-      }
-    }
-    return SentryConstants.AUTHORIZABLE_JOINER.join(privileges);
-  }
-
-  private static void validatePrivilegeHierarchy(String privilegeStr) throws Exception {
-    new KafkaPrivilegeValidator().validate(new PrivilegeValidatorContext(privilegeStr));
-  }
-}

http://git-wip-us.apache.org/repos/asf/sentry/blob/01875092/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/generic/tools/SentryConfigToolCommon.java
----------------------------------------------------------------------
diff --git a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/generic/tools/SentryConfigToolCommon.java b/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/generic/tools/SentryConfigToolCommon.java
deleted file mode 100644
index 013e824..0000000
--- a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/generic/tools/SentryConfigToolCommon.java
+++ /dev/null
@@ -1,152 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements.  See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership.  The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License.  You may obtain a copy of the License at
- *
- *     http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-package org.apache.sentry.provider.db.generic.tools;
-
-import com.google.common.annotations.VisibleForTesting;
-
-import org.apache.commons.cli.CommandLine;
-import org.apache.commons.cli.GnuParser;
-import org.apache.commons.cli.HelpFormatter;
-import org.apache.commons.cli.Option;
-import org.apache.commons.cli.Options;
-import org.apache.commons.cli.ParseException;
-import org.apache.commons.cli.Parser;
-
-abstract public class SentryConfigToolCommon {
-  private String policyFile;
-  private boolean validate;
-  private boolean importPolicy;
-  private boolean checkCompat;
-  private String confPath;
-
- /**
-   *  parse arguments
-   * <pre>
-   *   -conf,--sentry_conf <filepath>     sentry config file path
-   *   -p,--policy_ini     <arg>          policy file path
-   *   -v,--validate                      validate policy file
-   *   -c,--checkcompat                   check compatibility with service
-   *   -i,--import                        import policy file
-   *   -h,--help                          print usage
-   * </pre>
-   * @param args
-   */
-  protected boolean parseArgs(String [] args) {
-    Options options = new Options();
-
-    Option globalPolicyPath = new Option("p", "policy_ini", true,
-        "Policy file path");
-    globalPolicyPath.setRequired(true);
-    options.addOption(globalPolicyPath);
-
-    Option validateOpt = new Option("v", "validate", false,
-        "Validate policy file");
-    validateOpt.setRequired(false);
-    options.addOption(validateOpt);
-
-    Option checkCompatOpt = new Option("c","checkcompat",false,
-        "Check compatibility with Sentry Service");
-    checkCompatOpt.setRequired(false);
-    options.addOption(checkCompatOpt);
-
-    Option importOpt = new Option("i", "import", false,
-        "Import policy file");
-    importOpt.setRequired(false);
-    options.addOption(importOpt);
-
-    // file path of sentry-site
-    Option sentrySitePathOpt = new Option("conf", "sentry_conf", true, "sentry-site file path");
-    sentrySitePathOpt.setRequired(true);
-    options.addOption(sentrySitePathOpt);
-
-    // help option
-    Option helpOpt = new Option("h", "help", false, "Shell usage");
-    helpOpt.setRequired(false);
-    options.addOption(helpOpt);
-
-    // this Options is parsed first for help option
-    Options helpOptions = new Options();
-    helpOptions.addOption(helpOpt);
-
-    try {
-      Parser parser = new GnuParser();
-
-      // parse help option first
-      CommandLine cmd = parser.parse(helpOptions, args, true);
-      for (Option opt : cmd.getOptions()) {
-        if (opt.getOpt().equals("h")) {
-          // get the help option, print the usage and exit
-          usage(options);
-          return false;
-        }
-      }
-
-      // without help option
-      cmd = parser.parse(options, args);
-
-      for (Option opt : cmd.getOptions()) {
-        if (opt.getOpt().equals("p")) {
-          policyFile = opt.getValue();
-        } else if (opt.getOpt().equals("v")) {
-          validate = true;
-        } else if (opt.getOpt().equals("i")) {
-          importPolicy = true;
-        } else if (opt.getOpt().equals("c")) {
-          checkCompat = true;
-        } else if (opt.getOpt().equals("conf")) {
-          confPath = opt.getValue();
-        }
-      }
-
-      if (!validate && !importPolicy) {
-        throw new IllegalArgumentException("No action specified; at least one of action or import must be specified");
-      }
-    } catch (ParseException pe) {
-      System.out.println(pe.getMessage());
-      usage(options);
-      return false;
-    }
-    return true;
-  }
-
-  // print usage
-  private void usage(Options sentryOptions) {
-    HelpFormatter formatter = new HelpFormatter();
-    formatter.printHelp("sentryConfigTool", sentryOptions);
-  }
-
-  public abstract void run() throws Exception;
-
-  @VisibleForTesting
-  public boolean executeConfigTool(String [] args) throws Exception {
-    boolean result = true;
-    if (parseArgs(args)) {
-      run();
-    } else {
-      result = false;
-    }
-    return result;
-  }
-
-  public String getPolicyFile() { return policyFile; }
-  public boolean getValidate() { return validate; }
-  public boolean getImportPolicy() { return importPolicy; }
-  public boolean getCheckCompat() { return checkCompat; }
-  public String getConfPath() { return confPath; }
-}

http://git-wip-us.apache.org/repos/asf/sentry/blob/01875092/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/generic/tools/SentryConfigToolSolr.java
----------------------------------------------------------------------
diff --git a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/generic/tools/SentryConfigToolSolr.java b/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/generic/tools/SentryConfigToolSolr.java
deleted file mode 100644
index 404adb8..0000000
--- a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/generic/tools/SentryConfigToolSolr.java
+++ /dev/null
@@ -1,262 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements.  See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership.  The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License.  You may obtain a copy of the License at
- *
- *     http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-package org.apache.sentry.provider.db.generic.tools;
-
-import com.google.common.collect.Lists;
-import com.google.common.collect.Sets;
-import com.google.common.collect.Table;
-
-import org.apache.hadoop.conf.Configuration;
-import org.apache.hadoop.fs.Path;
-import org.apache.hadoop.security.UserGroupInformation;
-import org.apache.sentry.core.common.Action;
-import org.apache.sentry.core.common.exception.SentryConfigurationException;
-import org.apache.sentry.core.common.utils.KeyValue;
-import org.apache.sentry.core.common.utils.SentryConstants;
-import org.apache.sentry.core.model.search.SearchPrivilegeModel;
-import org.apache.sentry.provider.common.ProviderBackend;
-import org.apache.sentry.provider.common.ProviderBackendContext;
-import org.apache.sentry.provider.db.generic.service.thrift.SentryGenericServiceClient;
-import org.apache.sentry.provider.db.generic.service.thrift.SentryGenericServiceClientFactory;
-import org.apache.sentry.provider.file.SimpleFileProviderBackend;
-import org.slf4j.Logger;
-import org.slf4j.LoggerFactory;
-
-import java.util.HashMap;
-import java.util.LinkedList;
-import java.util.List;
-import java.util.Locale;
-import java.util.Map;
-import java.util.Set;
-
-/**
- * SentryConfigToolSolr is an administrative tool used to parse a Solr policy file
- * and add the role, group mappings, and privileges therein to the Sentry service.
- */
-public class SentryConfigToolSolr extends SentryConfigToolCommon {
-
-  private static final Logger LOGGER = LoggerFactory.getLogger(SentryConfigToolSolr.class);
-  public static final String SOLR_SERVICE_NAME = "sentry.service.client.solr.service.name";
-
-  @Override
-  public void run() throws Exception {
-    String component = "SOLR";
-    Configuration conf = getSentryConf();
-
-    String service = conf.get(SOLR_SERVICE_NAME, "service1");
-    // instantiate a solr client for sentry service.  This sets the ugi, so must
-    // be done before getting the ugi below.
-    SentryGenericServiceClient client = SentryGenericServiceClientFactory.create(conf);
-    UserGroupInformation ugi = UserGroupInformation.getLoginUser();
-    String requestorName = ugi.getShortUserName();
-
-    convertINIToSentryServiceCmds(component, service, requestorName, conf, client,
-        getPolicyFile(), getValidate(), getImportPolicy(), getCheckCompat());
-  }
-
-  private Configuration getSentryConf() {
-    Configuration conf = new Configuration();
-    conf.addResource(new Path(getConfPath()));
-    return conf;
-  }
-
-   /**
-    * Convert policy file to solrctl commands -- based on SENTRY-480
-    */
-  private void convertINIToSentryServiceCmds(String component,
-      String service, String requestorName,
-      Configuration conf, SentryGenericServiceClient client,
-      String policyFile, boolean validate, boolean importPolicy,
-      boolean checkCompat) throws Exception {
-
-    //instantiate a file providerBackend for parsing
-    LOGGER.info("Reading policy file at: " + policyFile);
-    SimpleFileProviderBackend policyFileBackend =
-        new SimpleFileProviderBackend(conf, policyFile);
-    ProviderBackendContext context = new ProviderBackendContext();
-    context.setValidators(SearchPrivilegeModel.getInstance().getPrivilegeValidators());
-    policyFileBackend.initialize(context);
-    if (validate) {
-      validatePolicy(policyFileBackend);
-    }
-
-    if (checkCompat) {
-      checkCompat(policyFileBackend);
-    }
-
-    //import the relations about group,role and privilege into the DB store
-    Set<String> roles = Sets.newHashSet();
-    Table<String, String, Set<String>> groupRolePrivilegeTable =
-        policyFileBackend.getGroupRolePrivilegeTable();
-    SolrTSentryPrivilegeConverter converter = new SolrTSentryPrivilegeConverter(component, service, false);
-
-    for (String groupName : groupRolePrivilegeTable.rowKeySet()) {
-      for (String roleName : groupRolePrivilegeTable.columnKeySet()) {
-        if (!roles.contains(roleName)) {
-          LOGGER.info(dryRunMessage(importPolicy) + "Creating role: " + roleName.toLowerCase(Locale.US));
-          if (importPolicy) {
-            client.createRoleIfNotExist(requestorName, roleName, component);
-          }
-          roles.add(roleName);
-        }
-
-        Set<String> privileges = groupRolePrivilegeTable.get(groupName, roleName);
-        if (privileges == null) {
-          continue;
-        }
-        LOGGER.info(dryRunMessage(importPolicy) + "Adding role: " + roleName.toLowerCase(Locale.US) + " to group: " + groupName);
-        if (importPolicy) {
-          client.addRoleToGroups(requestorName, roleName, component, Sets.newHashSet(groupName));
-        }
-
-        for (String permission : privileges) {
-          String action = null;
-
-          for (String authorizable : SentryConstants.AUTHORIZABLE_SPLITTER.
-              trimResults().split(permission)) {
-            KeyValue kv = new KeyValue(authorizable);
-            String key = kv.getKey();
-            String value = kv.getValue();
-            if ("action".equalsIgnoreCase(key)) {
-              action = value;
-            }
-          }
-
-          // Service doesn't support not specifying action
-          if (action == null) {
-            permission += "->action=" + Action.ALL;
-          }
-          LOGGER.info(dryRunMessage(importPolicy) + "Adding permission: " + permission + " to role: " + roleName.toLowerCase(Locale.US));
-          if (importPolicy) {
-            client.grantPrivilege(requestorName, roleName, component, converter.fromString(permission));
-          }
-        }
-      }
-    }
-  }
-
-  private void validatePolicy(ProviderBackend backend) throws Exception {
-    try {
-      backend.validatePolicy(true);
-    } catch (SentryConfigurationException e) {
-      printConfigErrorsWarnings(e);
-      throw e;
-    }
-  }
-
-  private void printConfigErrorsWarnings(SentryConfigurationException configException) {
-    System.out.println(" *** Found configuration problems *** ");
-    for (String errMsg : configException.getConfigErrors()) {
-      System.out.println("ERROR: " + errMsg);
-    }
-    for (String warnMsg : configException.getConfigWarnings()) {
-      System.out.println("Warning: " + warnMsg);
-    }
-  }
-
-  private void checkCompat(SimpleFileProviderBackend backend) throws Exception {
-    Map<String, Set<String>> rolesCaseMapping = new HashMap<String, Set<String>>();
-    Table<String, String, Set<String>> groupRolePrivilegeTable =
-      backend.getGroupRolePrivilegeTable();
-
-    for (String roleName : groupRolePrivilegeTable.columnKeySet()) {
-      String roleNameLower = roleName.toLowerCase(Locale.US);
-      if (!roleName.equals(roleNameLower)) {
-        if (!rolesCaseMapping.containsKey(roleNameLower)) {
-          rolesCaseMapping.put(roleNameLower, Sets.newHashSet(roleName));
-        } else {
-          rolesCaseMapping.get(roleNameLower).add(roleName);
-        }
-      }
-    }
-
-    List<String> errors = new LinkedList<String>();
-    StringBuilder warningString = new StringBuilder();
-    if (!rolesCaseMapping.isEmpty()) {
-      warningString.append("The following roles names will be lower cased when added to the Sentry Service.\n");
-      warningString.append("This will cause document-level security to fail to match the role tokens.\n");
-      warningString.append("Role names: ");
-    }
-    boolean firstWarning = true;
-
-    for (Map.Entry<String, Set<String>> entry : rolesCaseMapping.entrySet()) {
-      Set<String> caseMapping = entry.getValue();
-      if (caseMapping.size() > 1) {
-        StringBuilder errorString = new StringBuilder();
-        errorString.append("The following (cased) roles map to the same role in the sentry service: ");
-        boolean first = true;
-        for (String casedRole : caseMapping) {
-          errorString.append(first ? "" : ", ");
-          errorString.append(casedRole);
-          first = false;
-        }
-        errorString.append(".  Role in service: ").append(entry.getKey());
-        errors.add(errorString.toString());
-      }
-
-      for (String casedRole : caseMapping) {
-        warningString.append(firstWarning? "" : ", ");
-        warningString.append(casedRole);
-        firstWarning = false;
-      }
-    }
-
-    for (String error : errors) {
-      System.out.println("ERROR: " + error);
-    }
-    System.out.println("\n");
-
-    System.out.println("Warning: " + warningString.toString());
-    if (errors.size() > 0) {
-      SentryConfigurationException ex =
-          new SentryConfigurationException("Compatibility check failure");
-      ex.setConfigErrors(errors);
-      ex.setConfigWarnings(Lists.<String>asList(warningString.toString(), new String[0]));
-      throw ex;
-    }
-  }
-
-  private String dryRunMessage(boolean importPolicy) {
-    if (importPolicy) {
-      return "";
-    } else {
-      return "[Dry Run] ";
-    }
-  }
-
-  public static void main(String[] args) throws Exception {
-    SentryConfigToolSolr solrTool = new SentryConfigToolSolr();
-    try {
-      solrTool.executeConfigTool(args);
-    } catch (Exception e) {
-      LOGGER.error(e.getMessage(), e);
-      Throwable current = e;
-      // find the first printable message;
-      while (current != null && current.getMessage() == null) {
-        current = current.getCause();
-      }
-      String error = "";
-      if (current != null && current.getMessage() != null) {
-        error = "Message: " + current.getMessage();
-      }
-      System.out.println("The operation failed. " + error);
-      System.exit(1);
-    }
-  }
-}

http://git-wip-us.apache.org/repos/asf/sentry/blob/01875092/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/generic/tools/SentryShellKafka.java
----------------------------------------------------------------------
diff --git a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/generic/tools/SentryShellKafka.java b/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/generic/tools/SentryShellKafka.java
deleted file mode 100644
index ea05db7..0000000
--- a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/generic/tools/SentryShellKafka.java
+++ /dev/null
@@ -1,113 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements.  See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership.  The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License.  You may obtain a copy of the License at
- *
- *     http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-package org.apache.sentry.provider.db.generic.tools;
-
-import org.apache.commons.lang.StringUtils;
-import org.apache.hadoop.conf.Configuration;
-import org.apache.hadoop.fs.Path;
-import org.apache.hadoop.security.UserGroupInformation;
-import org.apache.sentry.core.common.utils.AuthorizationComponent;
-import org.apache.sentry.provider.db.generic.service.thrift.SentryGenericServiceClient;
-import org.apache.sentry.provider.db.generic.service.thrift.SentryGenericServiceClientFactory;
-import org.apache.sentry.provider.db.generic.tools.command.*;
-import org.apache.sentry.provider.db.tools.SentryShellCommon;
-import org.slf4j.Logger;
-import org.slf4j.LoggerFactory;
-
-/**
- * SentryShellKafka is an admin tool, and responsible for the management of repository.
- * The following commands are supported:
- * create role, drop role, add group to role, grant privilege to role,
- * revoke privilege from role, list roles, list privilege for role.
- */
-public class SentryShellKafka extends SentryShellCommon {
-
-  private static final Logger LOGGER = LoggerFactory.getLogger(SentryShellKafka.class);
-  public static final String KAFKA_SERVICE_NAME = "sentry.service.client.kafka.service.name";
-
-  @Override
-  public void run() throws Exception {
-    Command command = null;
-    String component = AuthorizationComponent.KAFKA;
-    Configuration conf = getSentryConf();
-
-    String service = conf.get(KAFKA_SERVICE_NAME, "kafka1");
-    SentryGenericServiceClient client = SentryGenericServiceClientFactory.create(conf);
-    UserGroupInformation ugi = UserGroupInformation.getLoginUser();
-    String requestorName = ugi.getShortUserName();
-
-    if (isCreateRole) {
-      command = new CreateRoleCmd(roleName, component);
-    } else if (isDropRole) {
-      command = new DropRoleCmd(roleName, component);
-    } else if (isAddRoleGroup) {
-      command = new AddRoleToGroupCmd(roleName, groupName, component);
-    } else if (isDeleteRoleGroup) {
-      command = new DeleteRoleFromGroupCmd(roleName, groupName, component);
-    } else if (isGrantPrivilegeRole) {
-      command = new GrantPrivilegeToRoleCmd(roleName, component,
-          privilegeStr, new KafkaTSentryPrivilegeConverter(component, service));
-    } else if (isRevokePrivilegeRole) {
-      command = new RevokePrivilegeFromRoleCmd(roleName, component,
-          privilegeStr, new KafkaTSentryPrivilegeConverter(component, service));
-    } else if (isListRole) {
-      command = new ListRolesCmd(groupName, component);
-    } else if (isListPrivilege) {
-      command = new ListPrivilegesByRoleCmd(roleName, component,
-          service, new KafkaTSentryPrivilegeConverter(component, service));
-    }
-
-    // check the requestor name
-    if (StringUtils.isEmpty(requestorName)) {
-      // The exception message will be recorded in log file.
-      throw new Exception("The requestor name is empty.");
-    }
-
-    if (command != null) {
-      command.execute(client, requestorName);
-    }
-  }
-
-  private Configuration getSentryConf() {
-    Configuration conf = new Configuration();
-    conf.addResource(new Path(confPath));
-    return conf;
-  }
-
-  public static void main(String[] args) throws Exception {
-    SentryShellKafka sentryShell = new SentryShellKafka();
-    try {
-      sentryShell.executeShell(args);
-    } catch (Exception e) {
-      LOGGER.error(e.getMessage(), e);
-      Throwable current = e;
-      // find the first printable message;
-      while (current != null && current.getMessage() == null) {
-        current = current.getCause();
-      }
-      String error = "";
-      if (current != null && current.getMessage() != null) {
-        error = "Message: " + current.getMessage();
-      }
-      System.out.println("The operation failed. " + error);
-      System.exit(1);
-    }
-  }
-
-}

http://git-wip-us.apache.org/repos/asf/sentry/blob/01875092/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/generic/tools/SentryShellSolr.java
----------------------------------------------------------------------
diff --git a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/generic/tools/SentryShellSolr.java b/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/generic/tools/SentryShellSolr.java
deleted file mode 100644
index 695c008..0000000
--- a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/generic/tools/SentryShellSolr.java
+++ /dev/null
@@ -1,112 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements.  See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership.  The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License.  You may obtain a copy of the License at
- *
- *     http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-package org.apache.sentry.provider.db.generic.tools;
-
-import org.apache.commons.lang.StringUtils;
-import org.apache.hadoop.conf.Configuration;
-import org.apache.hadoop.fs.Path;
-import org.apache.hadoop.security.UserGroupInformation;
-import org.apache.sentry.provider.db.generic.service.thrift.SentryGenericServiceClient;
-import org.apache.sentry.provider.db.generic.service.thrift.SentryGenericServiceClientFactory;
-import org.apache.sentry.provider.db.generic.tools.command.*;
-import org.apache.sentry.provider.db.tools.SentryShellCommon;
-import org.slf4j.Logger;
-import org.slf4j.LoggerFactory;
-
-/**
- * SentryShellSolr is an admin tool, and responsible for the management of repository.
- * The following commands are supported:
- * create role, drop role, add group to role, grant privilege to role,
- * revoke privilege from role, list roles, list privilege for role.
- */
-public class SentryShellSolr extends SentryShellCommon {
-
-  private static final Logger LOGGER = LoggerFactory.getLogger(SentryShellSolr.class);
-  public static final String SOLR_SERVICE_NAME = "sentry.service.client.solr.service.name";
-
-  @Override
-  public void run() throws Exception {
-    Command command = null;
-    String component = "SOLR";
-    Configuration conf = getSentryConf();
-
-    String service = conf.get(SOLR_SERVICE_NAME, "service1");
-    SentryGenericServiceClient client = SentryGenericServiceClientFactory.create(conf);
-    UserGroupInformation ugi = UserGroupInformation.getLoginUser();
-    String requestorName = ugi.getShortUserName();
-
-    if (isCreateRole) {
-      command = new CreateRoleCmd(roleName, component);
-    } else if (isDropRole) {
-      command = new DropRoleCmd(roleName, component);
-    } else if (isAddRoleGroup) {
-      command = new AddRoleToGroupCmd(roleName, groupName, component);
-    } else if (isDeleteRoleGroup) {
-      command = new DeleteRoleFromGroupCmd(roleName, groupName, component);
-    } else if (isGrantPrivilegeRole) {
-      command = new GrantPrivilegeToRoleCmd(roleName, component,
-          privilegeStr, new SolrTSentryPrivilegeConverter(component, service));
-    } else if (isRevokePrivilegeRole) {
-      command = new RevokePrivilegeFromRoleCmd(roleName, component,
-          privilegeStr, new SolrTSentryPrivilegeConverter(component, service));
-    } else if (isListRole) {
-      command = new ListRolesCmd(groupName, component);
-    } else if (isListPrivilege) {
-      command = new ListPrivilegesByRoleCmd(roleName, component,
-          service, new SolrTSentryPrivilegeConverter(component, service));
-    }
-
-    // check the requestor name
-    if (StringUtils.isEmpty(requestorName)) {
-      // The exception message will be recorded in log file.
-      throw new Exception("The requestor name is empty.");
-    }
-
-    if (command != null) {
-      command.execute(client, requestorName);
-    }
-  }
-
-  private Configuration getSentryConf() {
-    Configuration conf = new Configuration();
-    conf.addResource(new Path(confPath));
-    return conf;
-  }
-
-  public static void main(String[] args) throws Exception {
-    SentryShellSolr sentryShell = new SentryShellSolr();
-    try {
-      sentryShell.executeShell(args);
-    } catch (Exception e) {
-      LOGGER.error(e.getMessage(), e);
-      Throwable current = e;
-      // find the first printable message;
-      while (current != null && current.getMessage() == null) {
-        current = current.getCause();
-      }
-      String error = "";
-      if (current != null && current.getMessage() != null) {
-        error = "Message: " + current.getMessage();
-      }
-      System.out.println("The operation failed. " + error);
-      System.exit(1);
-    }
-  }
-
-}

http://git-wip-us.apache.org/repos/asf/sentry/blob/01875092/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/generic/tools/SolrTSentryPrivilegeConverter.java
----------------------------------------------------------------------
diff --git a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/generic/tools/SolrTSentryPrivilegeConverter.java b/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/generic/tools/SolrTSentryPrivilegeConverter.java
deleted file mode 100644
index 92c6c59..0000000
--- a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/generic/tools/SolrTSentryPrivilegeConverter.java
+++ /dev/null
@@ -1,137 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements.  See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership.  The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License.  You may obtain a copy of the License at
- *
- *     http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-package org.apache.sentry.provider.db.generic.tools;
-
-import com.google.common.collect.Lists;
-
-import org.apache.sentry.core.common.utils.SentryConstants;
-import org.apache.sentry.core.model.search.Collection;
-import org.apache.sentry.core.model.search.SearchModelAuthorizable;
-import org.apache.sentry.core.common.validator.PrivilegeValidator;
-import org.apache.sentry.core.common.validator.PrivilegeValidatorContext;
-import org.apache.sentry.core.model.search.SearchModelAuthorizables;
-import org.apache.sentry.core.model.search.SearchPrivilegeModel;
-import org.apache.sentry.core.common.utils.KeyValue;
-import org.apache.sentry.core.common.utils.PolicyFileConstants;
-import org.apache.sentry.provider.db.generic.service.thrift.TAuthorizable;
-import org.apache.sentry.provider.db.generic.service.thrift.TSentryGrantOption;
-import org.apache.sentry.provider.db.generic.service.thrift.TSentryPrivilege;
-import org.apache.sentry.provider.db.generic.tools.command.TSentryPrivilegeConverter;
-import org.apache.shiro.config.ConfigurationException;
-
-import java.util.Iterator;
-import java.util.LinkedList;
-import java.util.List;
-
-public  class SolrTSentryPrivilegeConverter implements TSentryPrivilegeConverter {
-  private String component;
-  private String service;
-  private boolean validate;
-
-  public SolrTSentryPrivilegeConverter(String component, String service) {
-    this(component, service, true);
-  }
-
-  public SolrTSentryPrivilegeConverter(String component, String service, boolean validate) {
-    this.component = component;
-    this.service = service;
-    this.validate = validate;
-  }
-
-  public TSentryPrivilege fromString(String privilegeStr) throws Exception {
-    if (validate) {
-      validatePrivilegeHierarchy(privilegeStr);
-    }
-
-    TSentryPrivilege tSentryPrivilege = new TSentryPrivilege();
-    List<TAuthorizable> authorizables = new LinkedList<TAuthorizable>();
-    for (String authorizable : SentryConstants.AUTHORIZABLE_SPLITTER.split(privilegeStr)) {
-      KeyValue keyValue = new KeyValue(authorizable);
-      String key = keyValue.getKey();
-      String value = keyValue.getValue();
-
-      // is it an authorizable?
-      SearchModelAuthorizable authz = SearchModelAuthorizables.from(keyValue);
-      if (authz != null) {
-        if (authz instanceof Collection) {
-          Collection coll = (Collection)authz;
-          authorizables.add(new TAuthorizable(coll.getTypeName(), coll.getName()));
-        } else {
-          throw new IllegalArgumentException("Unknown authorizable type: " + authz.getTypeName());
-        }
-      } else if (PolicyFileConstants.PRIVILEGE_ACTION_NAME.equalsIgnoreCase(key)) {
-        tSentryPrivilege.setAction(value);
-      // Limitation: don't support grant at this time, since the existing solr use cases don't need it.
-      } else {
-        throw new IllegalArgumentException("Unknown key: " + key);
-      }
-    }
-
-    if (tSentryPrivilege.getAction() == null) {
-      throw new IllegalArgumentException("Privilege is invalid: action required but not specified.");
-    }
-    tSentryPrivilege.setComponent(component);
-    tSentryPrivilege.setServiceName(service);
-    tSentryPrivilege.setAuthorizables(authorizables);
-    return tSentryPrivilege;
-  }
-
-  public String toString(TSentryPrivilege tSentryPrivilege) {
-    List<String> privileges = Lists.newArrayList();
-    if (tSentryPrivilege != null) {
-      List<TAuthorizable> authorizables = tSentryPrivilege.getAuthorizables();
-      String action = tSentryPrivilege.getAction();
-      String grantOption = (tSentryPrivilege.getGrantOption() == TSentryGrantOption.TRUE ? "true"
-              : "false");
-
-      Iterator<TAuthorizable> it = authorizables.iterator();
-      if (it != null) {
-        while (it.hasNext()) {
-          TAuthorizable tAuthorizable = it.next();
-          privileges.add(SentryConstants.KV_JOINER.join(
-              tAuthorizable.getType(), tAuthorizable.getName()));
-        }
-      }
-
-      if (!authorizables.isEmpty()) {
-        privileges.add(SentryConstants.KV_JOINER.join(
-            PolicyFileConstants.PRIVILEGE_ACTION_NAME, action));
-      }
-
-      // only append the grant option to privilege string if it's true
-      if ("true".equals(grantOption)) {
-        privileges.add(SentryConstants.KV_JOINER.join(
-            PolicyFileConstants.PRIVILEGE_GRANT_OPTION_NAME, grantOption));
-      }
-    }
-    return SentryConstants.AUTHORIZABLE_JOINER.join(privileges);
-  }
-
-  private static void validatePrivilegeHierarchy(String privilegeStr) throws Exception {
-    List<PrivilegeValidator> validators = SearchPrivilegeModel.getInstance().getPrivilegeValidators();
-    PrivilegeValidatorContext context = new PrivilegeValidatorContext(null, privilegeStr);
-    for (PrivilegeValidator validator : validators) {
-      try {
-        validator.validate(context);
-      } catch (ConfigurationException e) {
-        throw new IllegalArgumentException(e);
-      }
-    }
-  }
-}

http://git-wip-us.apache.org/repos/asf/sentry/blob/01875092/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/generic/tools/command/AddRoleToGroupCmd.java
----------------------------------------------------------------------
diff --git a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/generic/tools/command/AddRoleToGroupCmd.java b/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/generic/tools/command/AddRoleToGroupCmd.java
deleted file mode 100644
index a45d7e4..0000000
--- a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/generic/tools/command/AddRoleToGroupCmd.java
+++ /dev/null
@@ -1,46 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements.  See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership.  The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License.  You may obtain a copy of the License at
- *
- *     http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package org.apache.sentry.provider.db.generic.tools.command;
-
-import com.google.common.collect.Sets;
-import org.apache.sentry.provider.db.generic.service.thrift.SentryGenericServiceClient;
-import org.apache.sentry.provider.db.tools.SentryShellCommon;
-
-import java.util.Set;
-
-/**
- * Command for adding groups to a role.
- */
-public class AddRoleToGroupCmd implements Command {
-
-  private String roleName;
-  private String groups;
-  private String component;
-
-  public AddRoleToGroupCmd(String roleName, String groups, String component) {
-    this.roleName = roleName;
-    this.groups = groups;
-    this.component = component;
-  }
-
-  @Override
-  public void execute(SentryGenericServiceClient client, String requestorName) throws Exception {
-    Set<String> groupSet = Sets.newHashSet(groups.split(SentryShellCommon.GROUP_SPLIT_CHAR));
-    client.addRoleToGroups(requestorName, roleName, component, groupSet);
-  }
-}


Mime
View raw message