sentry-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From co...@apache.org
Subject [4/6] sentry git commit: SENTRY-1288: Create sentry-service-client module(Colin Ma, reviewed by Dapeng Sun)
Date Mon, 27 Jun 2016 01:27:26 GMT
http://git-wip-us.apache.org/repos/asf/sentry/blob/01875092/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/tools/SentryShellCommon.java
----------------------------------------------------------------------
diff --git a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/tools/SentryShellCommon.java b/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/tools/SentryShellCommon.java
deleted file mode 100644
index 6ddc1de..0000000
--- a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/tools/SentryShellCommon.java
+++ /dev/null
@@ -1,247 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements.  See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership.  The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License.  You may obtain a copy of the License at
- *
- *     http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-package org.apache.sentry.provider.db.tools;
-
-import com.google.common.annotations.VisibleForTesting;
-
-import org.apache.commons.cli.CommandLine;
-import org.apache.commons.cli.GnuParser;
-import org.apache.commons.cli.HelpFormatter;
-import org.apache.commons.cli.Option;
-import org.apache.commons.cli.OptionGroup;
-import org.apache.commons.cli.Options;
-import org.apache.commons.cli.ParseException;
-import org.apache.commons.cli.Parser;
-import org.apache.commons.lang.StringUtils;
-
-/**
- * SentryShellCommon provides the function for parsing the argument.
- * For hive model and generic model, child class should be implemented as a sentry admin tool.
- */
-abstract public class SentryShellCommon {
-
-  protected String roleName;
-  protected String groupName;
-  protected String privilegeStr;
-  protected String confPath;
-  // flag for the command
-  protected boolean isCreateRole = false;
-  protected boolean isDropRole = false;
-  protected boolean isAddRoleGroup = false;
-  protected boolean isDeleteRoleGroup = false;
-  protected boolean isGrantPrivilegeRole = false;
-  protected boolean isRevokePrivilegeRole = false;
-  protected boolean isListRole = false;
-  protected boolean isListPrivilege = false;
-  protected boolean isPrintHelp = false;
-  // flag for the parameter check
-  protected boolean roleNameRequired = false;
-  protected boolean groupNameRequired = false;
-  protected boolean privilegeStrRequired = false;
-
-  public final static String OPTION_DESC_HELP = "Shell usage";
-  public final static String OPTION_DESC_CONF = "sentry-site file path";
-  public final static String OPTION_DESC_ROLE_NAME = "Role name";
-  public final static String OPTION_DESC_GROUP_NAME = "Group name";
-  public final static String OPTION_DESC_PRIVILEGE = "Privilege string";
-  public final static String PREFIX_MESSAGE_MISSING_OPTION = "Missing required option: ";
-
-  public final static String GROUP_SPLIT_CHAR = ",";
-
-  /**
-   * parse arguments
-   *
-   * <pre>
-   *   -conf,--sentry_conf             <filepath>                 sentry config file path
-   *   -cr,--create_role            -r <rolename>                 create role
-   *   -dr,--drop_role              -r <rolename>                 drop role
-   *   -arg,--add_role_group        -r <rolename>  -g <groupname> add role to group
-   *   -drg,--delete_role_group     -r <rolename>  -g <groupname> delete role from group
-   *   -gpr,--grant_privilege_role  -r <rolename>  -p <privilege> grant privilege to role
-   *   -rpr,--revoke_privilege_role -r <rolename>  -p <privilege> revoke privilege from role
-   *   -lr,--list_role              -g <groupname>                list roles for group
-   *   -lp,--list_privilege         -r <rolename>                 list privilege for role
-   *   -t,--type                    <typeame>                     the shell for hive model or generic model
-   * </pre>
-   *
-   * @param args
-   */
-  protected boolean parseArgs(String[] args) {
-    Options simpleShellOptions = new Options();
-
-    Option crOpt = new Option("cr", "create_role", false, "Create role");
-    crOpt.setRequired(false);
-
-    Option drOpt = new Option("dr", "drop_role", false, "Drop role");
-    drOpt.setRequired(false);
-
-    Option argOpt = new Option("arg", "add_role_group", false, "Add role to group");
-    argOpt.setRequired(false);
-
-    Option drgOpt = new Option("drg", "delete_role_group", false, "Delete role from group");
-    drgOpt.setRequired(false);
-
-    Option gprOpt = new Option("gpr", "grant_privilege_role", false, "Grant privilege to role");
-    gprOpt.setRequired(false);
-
-    Option rprOpt = new Option("rpr", "revoke_privilege_role", false, "Revoke privilege from role");
-    rprOpt.setRequired(false);
-
-    Option lrOpt = new Option("lr", "list_role", false, "List role");
-    lrOpt.setRequired(false);
-
-    Option lpOpt = new Option("lp", "list_privilege", false, "List privilege");
-    lpOpt.setRequired(false);
-
-    // required args group
-    OptionGroup simpleShellOptGroup = new OptionGroup();
-    simpleShellOptGroup.addOption(crOpt);
-    simpleShellOptGroup.addOption(drOpt);
-    simpleShellOptGroup.addOption(argOpt);
-    simpleShellOptGroup.addOption(drgOpt);
-    simpleShellOptGroup.addOption(gprOpt);
-    simpleShellOptGroup.addOption(rprOpt);
-    simpleShellOptGroup.addOption(lrOpt);
-    simpleShellOptGroup.addOption(lpOpt);
-    simpleShellOptGroup.setRequired(true);
-    simpleShellOptions.addOptionGroup(simpleShellOptGroup);
-
-    // optional args
-    Option pOpt = new Option("p", "privilege", true, OPTION_DESC_PRIVILEGE);
-    pOpt.setRequired(false);
-    simpleShellOptions.addOption(pOpt);
-
-    Option gOpt = new Option("g", "groupname", true, OPTION_DESC_GROUP_NAME);
-    gOpt.setRequired(false);
-    simpleShellOptions.addOption(gOpt);
-
-    Option rOpt = new Option("r", "rolename", true, OPTION_DESC_ROLE_NAME);
-    rOpt.setRequired(false);
-    simpleShellOptions.addOption(rOpt);
-
-    // this argument should be parsed in the bin/sentryShell
-    Option tOpt = new Option("t", "type", true, "[hive|solr|sqoop|.....]");
-    tOpt.setRequired(false);
-    simpleShellOptions.addOption(tOpt);
-
-    // file path of sentry-site
-    Option sentrySitePathOpt = new Option("conf", "sentry_conf", true, OPTION_DESC_CONF);
-    sentrySitePathOpt.setRequired(true);
-    simpleShellOptions.addOption(sentrySitePathOpt);
-
-    // help option
-    Option helpOpt = new Option("h", "help", false, OPTION_DESC_HELP);
-    helpOpt.setRequired(false);
-    simpleShellOptions.addOption(helpOpt);
-
-    // this Options is parsed first for help option
-    Options helpOptions = new Options();
-    helpOptions.addOption(helpOpt);
-
-    try {
-      Parser parser = new GnuParser();
-
-      // parse help option first
-      CommandLine cmd = parser.parse(helpOptions, args, true);
-      for (Option opt : cmd.getOptions()) {
-        if (opt.getOpt().equals("h")) {
-          // get the help option, print the usage and exit
-          usage(simpleShellOptions);
-          return false;
-        }
-      }
-
-      // without help option
-      cmd = parser.parse(simpleShellOptions, args);
-
-      for (Option opt : cmd.getOptions()) {
-        if (opt.getOpt().equals("p")) {
-          privilegeStr = opt.getValue();
-        } else if (opt.getOpt().equals("g")) {
-          groupName = opt.getValue();
-        } else if (opt.getOpt().equals("r")) {
-          roleName = opt.getValue();
-        } else if (opt.getOpt().equals("cr")) {
-          isCreateRole = true;
-          roleNameRequired = true;
-        } else if (opt.getOpt().equals("dr")) {
-          isDropRole = true;
-          roleNameRequired = true;
-        } else if (opt.getOpt().equals("arg")) {
-          isAddRoleGroup = true;
-          roleNameRequired = true;
-          groupNameRequired = true;
-        } else if (opt.getOpt().equals("drg")) {
-          isDeleteRoleGroup = true;
-          roleNameRequired = true;
-          groupNameRequired = true;
-        } else if (opt.getOpt().equals("gpr")) {
-          isGrantPrivilegeRole = true;
-          roleNameRequired = true;
-          privilegeStrRequired = true;
-        } else if (opt.getOpt().equals("rpr")) {
-          isRevokePrivilegeRole = true;
-          roleNameRequired = true;
-          privilegeStrRequired = true;
-        } else if (opt.getOpt().equals("lr")) {
-          isListRole = true;
-        } else if (opt.getOpt().equals("lp")) {
-          isListPrivilege = true;
-          roleNameRequired = true;
-        } else if (opt.getOpt().equals("conf")) {
-          confPath = opt.getValue();
-        }
-      }
-      checkRequiredParameter(roleNameRequired, roleName, OPTION_DESC_ROLE_NAME);
-      checkRequiredParameter(groupNameRequired, groupName, OPTION_DESC_GROUP_NAME);
-      checkRequiredParameter(privilegeStrRequired, privilegeStr, OPTION_DESC_PRIVILEGE);
-    } catch (ParseException pe) {
-      System.out.println(pe.getMessage());
-      usage(simpleShellOptions);
-      return false;
-    }
-    return true;
-  }
-
-  private void checkRequiredParameter(boolean isRequired, String paramValue, String paramName) throws ParseException {
-    if (isRequired && StringUtils.isEmpty(paramValue)) {
-      throw new ParseException(PREFIX_MESSAGE_MISSING_OPTION + paramName);
-    }
-  }
-
-  // print usage
-  private void usage(Options sentryOptions) {
-    HelpFormatter formatter = new HelpFormatter();
-    formatter.printHelp("sentryShell", sentryOptions);
-  }
-
-  // hive model and generic model should implement this method
-  public abstract void run() throws Exception;
-
-  @VisibleForTesting
-  public boolean executeShell(String[] args) throws Exception {
-    boolean result = true;
-    if (parseArgs(args)) {
-      run();
-    } else {
-      result = false;
-    }
-    return result;
-  }
-}

http://git-wip-us.apache.org/repos/asf/sentry/blob/01875092/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/tools/SentryShellHive.java
----------------------------------------------------------------------
diff --git a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/tools/SentryShellHive.java b/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/tools/SentryShellHive.java
deleted file mode 100644
index dc7f829..0000000
--- a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/tools/SentryShellHive.java
+++ /dev/null
@@ -1,98 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements.  See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership.  The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License.  You may obtain a copy of the License at
- *
- *     http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-package org.apache.sentry.provider.db.tools;
-
-import org.apache.commons.lang.StringUtils;
-import org.apache.hadoop.conf.Configuration;
-import org.apache.hadoop.fs.Path;
-import org.apache.hadoop.security.UserGroupInformation;
-import org.apache.sentry.provider.db.service.thrift.SentryPolicyServiceClient;
-import org.apache.sentry.provider.db.tools.command.hive.*;
-import org.apache.sentry.service.thrift.SentryServiceClientFactory;
-import org.slf4j.Logger;
-import org.slf4j.LoggerFactory;
-
-/**
- * SentryShellHive is an admin tool, and responsible for the management of repository.
- * The following function are supported:
- * create role, drop role, add group to role, delete group from role, grant privilege to role,
- * revoke privilege from role, list roles for group, list privilege for role.
- */
-public class SentryShellHive extends SentryShellCommon {
-
-  private static final Logger LOGGER = LoggerFactory.getLogger(SentryShellHive.class);
-
-  public void run() throws Exception {
-    Command command = null;
-    SentryPolicyServiceClient client = SentryServiceClientFactory.create(getSentryConf());
-    UserGroupInformation ugi = UserGroupInformation.getLoginUser();
-    String requestorName = ugi.getShortUserName();
-
-    if (isCreateRole) {
-      command = new CreateRoleCmd(roleName);
-    } else if (isDropRole) {
-      command = new DropRoleCmd(roleName);
-    } else if (isAddRoleGroup) {
-      command = new GrantRoleToGroupsCmd(roleName, groupName);
-    } else if (isDeleteRoleGroup) {
-      command = new RevokeRoleFromGroupsCmd(roleName, groupName);
-    } else if (isGrantPrivilegeRole) {
-      command = new GrantPrivilegeToRoleCmd(roleName, privilegeStr);
-    } else if (isRevokePrivilegeRole) {
-      command = new RevokePrivilegeFromRoleCmd(roleName, privilegeStr);
-    } else if (isListRole) {
-      command = new ListRolesCmd(groupName);
-    } else if (isListPrivilege) {
-      command = new ListPrivilegesCmd(roleName);
-    }
-
-    // check the requestor name
-    if (StringUtils.isEmpty(requestorName)) {
-      // The exception message will be recoreded in log file.
-      throw new Exception("The requestor name is empty.");
-    }
-
-    if (command != null) {
-      command.execute(client, requestorName);
-    }
-  }
-
-  private Configuration getSentryConf() {
-    Configuration conf = new Configuration();
-    conf.addResource(new Path(confPath));
-    return conf;
-  }
-
-  public static void main(String[] args) throws Exception {
-    SentryShellHive sentryShell = new SentryShellHive();
-    try {
-      sentryShell.executeShell(args);
-    } catch (Exception e) {
-      LOGGER.error(e.getMessage(), e);
-      Throwable current =  e;
-      // find the first printable message;
-      while (current != null && current.getMessage() == null) {
-        current = current.getCause();
-      }
-       System.out.println("The operation failed." +
-          (current.getMessage() == null ? "" : "  Message: " + current.getMessage()));
-    }
-  }
-
-}

http://git-wip-us.apache.org/repos/asf/sentry/blob/01875092/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/tools/command/hive/Command.java
----------------------------------------------------------------------
diff --git a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/tools/command/hive/Command.java b/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/tools/command/hive/Command.java
deleted file mode 100644
index 79aed49..0000000
--- a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/tools/command/hive/Command.java
+++ /dev/null
@@ -1,27 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements.  See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership.  The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License.  You may obtain a copy of the License at
- *
- *     http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package org.apache.sentry.provider.db.tools.command.hive;
-
-import org.apache.sentry.provider.db.service.thrift.SentryPolicyServiceClient;
-
-/**
- * The interface for all admin commands, eg, CreateRoleCmd.
- */
-public interface Command {
-  void execute(SentryPolicyServiceClient client, String requestorName) throws Exception;
-}

http://git-wip-us.apache.org/repos/asf/sentry/blob/01875092/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/tools/command/hive/CommandUtil.java
----------------------------------------------------------------------
diff --git a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/tools/command/hive/CommandUtil.java b/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/tools/command/hive/CommandUtil.java
deleted file mode 100644
index 2d2dcb5..0000000
--- a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/tools/command/hive/CommandUtil.java
+++ /dev/null
@@ -1,117 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements.  See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership.  The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License.  You may obtain a copy of the License at
- *
- *     http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package org.apache.sentry.provider.db.tools.command.hive;
-
-import org.apache.commons.lang.StringUtils;
-import org.apache.sentry.core.common.utils.SentryConstants;
-import org.apache.sentry.core.common.utils.KeyValue;
-import org.apache.sentry.core.common.utils.PolicyFileConstants;
-import org.apache.sentry.provider.db.service.thrift.TSentryGrantOption;
-import org.apache.sentry.provider.db.service.thrift.TSentryPrivilege;
-import org.apache.sentry.service.thrift.ServiceConstants;
-
-public final class CommandUtil {
-
-  public static final String SPLIT_CHAR = ",";
-  
-  private CommandUtil() {
-    // Make constructor private to avoid instantiation
-  }
-
-  // parse the privilege in String and get the TSentryPrivilege as result
-  public static TSentryPrivilege convertToTSentryPrivilege(String privilegeStr) throws Exception {
-    TSentryPrivilege tSentryPrivilege = new TSentryPrivilege();
-    for (String authorizable : SentryConstants.AUTHORIZABLE_SPLITTER.split(privilegeStr)) {
-      KeyValue tempKV = new KeyValue(authorizable);
-      String key = tempKV.getKey();
-      String value = tempKV.getValue();
-
-      if (PolicyFileConstants.PRIVILEGE_SERVER_NAME.equalsIgnoreCase(key)) {
-        tSentryPrivilege.setServerName(value);
-      } else if (PolicyFileConstants.PRIVILEGE_DATABASE_NAME.equalsIgnoreCase(key)) {
-        tSentryPrivilege.setDbName(value);
-      } else if (PolicyFileConstants.PRIVILEGE_TABLE_NAME.equalsIgnoreCase(key)) {
-        tSentryPrivilege.setTableName(value);
-      } else if (PolicyFileConstants.PRIVILEGE_COLUMN_NAME.equalsIgnoreCase(key)) {
-        tSentryPrivilege.setColumnName(value);
-      } else if (PolicyFileConstants.PRIVILEGE_URI_NAME.equalsIgnoreCase(key)) {
-        tSentryPrivilege.setURI(value);
-      } else if (PolicyFileConstants.PRIVILEGE_ACTION_NAME.equalsIgnoreCase(key)) {
-        tSentryPrivilege.setAction(value);
-      } else if (PolicyFileConstants.PRIVILEGE_GRANT_OPTION_NAME.equalsIgnoreCase(key)) {
-        TSentryGrantOption grantOption = "true".equalsIgnoreCase(value) ? TSentryGrantOption.TRUE
-                : TSentryGrantOption.FALSE;
-        tSentryPrivilege.setGrantOption(grantOption);
-      }
-    }
-    tSentryPrivilege.setPrivilegeScope(getPrivilegeScope(tSentryPrivilege));
-    validatePrivilegeHierarchy(tSentryPrivilege);
-    return tSentryPrivilege;
-  }
-
-  // for the different hierarchy for hive:
-  // 1: server->url
-  // 2: server->database->table->column
-  // if both of them are found in the privilege string, the privilege scope will be set as
-  // PrivilegeScope.URI
-  private static String getPrivilegeScope(TSentryPrivilege tSentryPrivilege) {
-    ServiceConstants.PrivilegeScope privilegeScope = ServiceConstants.PrivilegeScope.SERVER;
-    if (!StringUtils.isEmpty(tSentryPrivilege.getURI())) {
-      privilegeScope = ServiceConstants.PrivilegeScope.URI;
-    } else if (!StringUtils.isEmpty(tSentryPrivilege.getColumnName())) {
-      privilegeScope = ServiceConstants.PrivilegeScope.COLUMN;
-    } else if (!StringUtils.isEmpty(tSentryPrivilege.getTableName())) {
-      privilegeScope = ServiceConstants.PrivilegeScope.TABLE;
-    } else if (!StringUtils.isEmpty(tSentryPrivilege.getDbName())) {
-      privilegeScope = ServiceConstants.PrivilegeScope.DATABASE;
-    }
-    return privilegeScope.toString();
-  }
-
-  // check the privilege value for the specific privilege scope
-  // eg, for the table scope, server and database can't be empty
-  private static void validatePrivilegeHierarchy(TSentryPrivilege tSentryPrivilege) throws Exception {
-    String serverName = tSentryPrivilege.getServerName();
-    String dbName = tSentryPrivilege.getDbName();
-    String tableName = tSentryPrivilege.getTableName();
-    String columnName = tSentryPrivilege.getColumnName();
-    String uri = tSentryPrivilege.getURI();
-    if (ServiceConstants.PrivilegeScope.SERVER.toString().equals(tSentryPrivilege.getPrivilegeScope())) {
-      if (StringUtils.isEmpty(serverName)) {
-        throw new IllegalArgumentException("The hierarchy of privilege is not correct.");
-      }
-    } else if (ServiceConstants.PrivilegeScope.URI.toString().equals(tSentryPrivilege.getPrivilegeScope())) {
-      if (StringUtils.isEmpty(serverName) || StringUtils.isEmpty(uri)) {
-        throw new IllegalArgumentException("The hierarchy of privilege is not correct.");
-      }
-    } else if (ServiceConstants.PrivilegeScope.DATABASE.toString().equals(tSentryPrivilege.getPrivilegeScope())) {
-      if (StringUtils.isEmpty(serverName) || StringUtils.isEmpty(dbName)) {
-        throw new IllegalArgumentException("The hierarchy of privilege is not correct.");
-      }
-    } else if (ServiceConstants.PrivilegeScope.TABLE.toString().equals(tSentryPrivilege.getPrivilegeScope())) {
-      if (StringUtils.isEmpty(serverName) || StringUtils.isEmpty(dbName)
-              || StringUtils.isEmpty(tableName)) {
-        throw new IllegalArgumentException("The hierarchy of privilege is not correct.");
-      }
-    } else if (ServiceConstants.PrivilegeScope.COLUMN.toString().equals(tSentryPrivilege.getPrivilegeScope())
-      && (StringUtils.isEmpty(serverName) || StringUtils.isEmpty(dbName)
-              || StringUtils.isEmpty(tableName) || StringUtils.isEmpty(columnName))) {
-        throw new IllegalArgumentException("The hierarchy of privilege is not correct.");
-    }
-  }
-}

http://git-wip-us.apache.org/repos/asf/sentry/blob/01875092/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/tools/command/hive/CreateRoleCmd.java
----------------------------------------------------------------------
diff --git a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/tools/command/hive/CreateRoleCmd.java b/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/tools/command/hive/CreateRoleCmd.java
deleted file mode 100644
index 5a4834a..0000000
--- a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/tools/command/hive/CreateRoleCmd.java
+++ /dev/null
@@ -1,37 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements.  See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership.  The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License.  You may obtain a copy of the License at
- *
- *     http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package org.apache.sentry.provider.db.tools.command.hive;
-
-import org.apache.sentry.provider.db.service.thrift.SentryPolicyServiceClient;
-
-/**
- * The class for admin command to create role.
- */
-public class CreateRoleCmd implements Command {
-
-  private String roleName;
-
-  public CreateRoleCmd(String roleName) {
-    this.roleName = roleName;
-  }
-
-  @Override
-  public void execute(SentryPolicyServiceClient client, String requestorName) throws Exception {
-    client.createRole(requestorName, roleName);
-  }
-}

http://git-wip-us.apache.org/repos/asf/sentry/blob/01875092/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/tools/command/hive/DropRoleCmd.java
----------------------------------------------------------------------
diff --git a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/tools/command/hive/DropRoleCmd.java b/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/tools/command/hive/DropRoleCmd.java
deleted file mode 100644
index facec0e..0000000
--- a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/tools/command/hive/DropRoleCmd.java
+++ /dev/null
@@ -1,37 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements.  See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership.  The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License.  You may obtain a copy of the License at
- *
- *     http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package org.apache.sentry.provider.db.tools.command.hive;
-
-import org.apache.sentry.provider.db.service.thrift.SentryPolicyServiceClient;
-
-/**
- * The class for admin command to drop role.
- */
-public class DropRoleCmd implements Command {
-
-  private String roleName;
-
-  public DropRoleCmd(String roleName) {
-    this.roleName = roleName;
-  }
-
-  @Override
-  public void execute(SentryPolicyServiceClient client, String requestorName) throws Exception {
-    client.dropRole(requestorName, roleName);
-  }
-}

http://git-wip-us.apache.org/repos/asf/sentry/blob/01875092/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/tools/command/hive/GrantPrivilegeToRoleCmd.java
----------------------------------------------------------------------
diff --git a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/tools/command/hive/GrantPrivilegeToRoleCmd.java b/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/tools/command/hive/GrantPrivilegeToRoleCmd.java
deleted file mode 100644
index a1ef2f9..0000000
--- a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/tools/command/hive/GrantPrivilegeToRoleCmd.java
+++ /dev/null
@@ -1,61 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements.  See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership.  The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License.  You may obtain a copy of the License at
- *
- *     http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package org.apache.sentry.provider.db.tools.command.hive;
-
-import org.apache.sentry.provider.db.service.thrift.SentryPolicyServiceClient;
-import org.apache.sentry.provider.db.service.thrift.TSentryGrantOption;
-import org.apache.sentry.provider.db.service.thrift.TSentryPrivilege;
-import org.apache.sentry.service.thrift.ServiceConstants;
-
-/**
- * The class for admin command to grant privilege to role.
- */
-public class GrantPrivilegeToRoleCmd implements Command {
-
-  private String roleName;
-  private String privilegeStr;
-
-  public GrantPrivilegeToRoleCmd(String roleName, String privilegeStr) {
-    this.roleName = roleName;
-    this.privilegeStr = privilegeStr;
-  }
-
-  @Override
-  public void execute(SentryPolicyServiceClient client, String requestorName) throws Exception {
-    TSentryPrivilege tSentryPrivilege = CommandUtil.convertToTSentryPrivilege(privilegeStr);
-    boolean grantOption = tSentryPrivilege.getGrantOption().equals(TSentryGrantOption.TRUE) ? true : false;
-    if (ServiceConstants.PrivilegeScope.SERVER.toString().equals(tSentryPrivilege.getPrivilegeScope())) {
-      client.grantServerPrivilege(requestorName, roleName, tSentryPrivilege.getServerName(),
-              tSentryPrivilege.getAction(), grantOption);
-    } else if (ServiceConstants.PrivilegeScope.DATABASE.toString().equals(tSentryPrivilege.getPrivilegeScope())) {
-      client.grantDatabasePrivilege(requestorName, roleName, tSentryPrivilege.getServerName(),
-              tSentryPrivilege.getDbName(), tSentryPrivilege.getAction(), grantOption);
-    } else if (ServiceConstants.PrivilegeScope.TABLE.toString().equals(tSentryPrivilege.getPrivilegeScope())) {
-      client.grantTablePrivilege(requestorName, roleName, tSentryPrivilege.getServerName(),
-              tSentryPrivilege.getDbName(), tSentryPrivilege.getTableName(),
-              tSentryPrivilege.getAction(), grantOption);
-    } else if (ServiceConstants.PrivilegeScope.COLUMN.toString().equals(tSentryPrivilege.getPrivilegeScope())) {
-      client.grantColumnPrivilege(requestorName, roleName, tSentryPrivilege.getServerName(),
-              tSentryPrivilege.getDbName(), tSentryPrivilege.getTableName(),
-              tSentryPrivilege.getColumnName(), tSentryPrivilege.getAction(), grantOption);
-    } else if (ServiceConstants.PrivilegeScope.URI.toString().equals(tSentryPrivilege.getPrivilegeScope())) {
-      client.grantURIPrivilege(requestorName, roleName, tSentryPrivilege.getServerName(),
-              tSentryPrivilege.getURI(), grantOption);
-    }
-  }
-}

http://git-wip-us.apache.org/repos/asf/sentry/blob/01875092/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/tools/command/hive/GrantRoleToGroupsCmd.java
----------------------------------------------------------------------
diff --git a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/tools/command/hive/GrantRoleToGroupsCmd.java b/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/tools/command/hive/GrantRoleToGroupsCmd.java
deleted file mode 100644
index 07a3de4..0000000
--- a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/tools/command/hive/GrantRoleToGroupsCmd.java
+++ /dev/null
@@ -1,44 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements.  See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership.  The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License.  You may obtain a copy of the License at
- *
- *     http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package org.apache.sentry.provider.db.tools.command.hive;
-
-import com.google.common.collect.Sets;
-import org.apache.sentry.provider.db.service.thrift.SentryPolicyServiceClient;
-import org.apache.sentry.provider.db.tools.SentryShellCommon;
-
-import java.util.Set;
-
-/**
- * The class for admin command to grant role to group.
- */
-public class GrantRoleToGroupsCmd implements Command {
-
-  private String roleName;
-  private String groupNamesStr;
-
-  public GrantRoleToGroupsCmd(String roleName, String groupNamesStr) {
-    this.roleName = roleName;
-    this.groupNamesStr = groupNamesStr;
-  }
-
-  @Override
-  public void execute(SentryPolicyServiceClient client, String requestorName) throws Exception {
-    Set<String> groups = Sets.newHashSet(groupNamesStr.split(SentryShellCommon.GROUP_SPLIT_CHAR));
-    client.grantRoleToGroups(requestorName, roleName, groups);
-  }
-}

http://git-wip-us.apache.org/repos/asf/sentry/blob/01875092/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/tools/command/hive/ListPrivilegesCmd.java
----------------------------------------------------------------------
diff --git a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/tools/command/hive/ListPrivilegesCmd.java b/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/tools/command/hive/ListPrivilegesCmd.java
deleted file mode 100644
index 5f3e9fb..0000000
--- a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/tools/command/hive/ListPrivilegesCmd.java
+++ /dev/null
@@ -1,97 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements.  See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership.  The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License.  You may obtain a copy of the License at
- *
- *     http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package org.apache.sentry.provider.db.tools.command.hive;
-
-import com.google.common.collect.Lists;
-import org.apache.commons.lang.StringUtils;
-import org.apache.sentry.core.common.utils.SentryConstants;
-import org.apache.sentry.core.common.utils.PolicyFileConstants;
-import org.apache.sentry.provider.db.service.thrift.SentryPolicyServiceClient;
-import org.apache.sentry.provider.db.service.thrift.TSentryGrantOption;
-import org.apache.sentry.provider.db.service.thrift.TSentryPrivilege;
-
-import java.util.List;
-import java.util.Set;
-
-/**
- * The class for admin command to list privileges.
- */
-public class ListPrivilegesCmd implements Command {
-
-  private String roleName;
-
-  public ListPrivilegesCmd(String roleName) {
-    this.roleName = roleName;
-  }
-
-  @Override
-  public void execute(SentryPolicyServiceClient client, String requestorName) throws Exception {
-    Set<TSentryPrivilege> privileges = client
-            .listAllPrivilegesByRoleName(requestorName, roleName);
-    if (privileges != null) {
-      for (TSentryPrivilege privilege : privileges) {
-        String privilegeStr = convertToPrivilegeStr(privilege);
-        System.out.println(privilegeStr);
-      }
-    }
-  }
-
-  // convert TSentryPrivilege to privilege in string
-  private String convertToPrivilegeStr(TSentryPrivilege tSentryPrivilege) {
-    List<String> privileges = Lists.newArrayList();
-    if (tSentryPrivilege != null) {
-      String serverName = tSentryPrivilege.getServerName();
-      String dbName = tSentryPrivilege.getDbName();
-      String tableName = tSentryPrivilege.getTableName();
-      String columnName = tSentryPrivilege.getColumnName();
-      String uri = tSentryPrivilege.getURI();
-      String action = tSentryPrivilege.getAction();
-      String grantOption = (tSentryPrivilege.getGrantOption() == TSentryGrantOption.TRUE ? "true"
-              : "false");
-      if (!StringUtils.isEmpty(serverName)) {
-        privileges.add(SentryConstants.KV_JOINER.join(PolicyFileConstants.PRIVILEGE_SERVER_NAME,
-                serverName));
-        if (!StringUtils.isEmpty(uri)) {
-          privileges.add(SentryConstants.KV_JOINER.join(PolicyFileConstants.PRIVILEGE_URI_NAME,
-                  uri));
-        } else if (!StringUtils.isEmpty(dbName)) {
-          privileges.add(SentryConstants.KV_JOINER.join(
-                  PolicyFileConstants.PRIVILEGE_DATABASE_NAME, dbName));
-          if (!StringUtils.isEmpty(tableName)) {
-            privileges.add(SentryConstants.KV_JOINER.join(
-                    PolicyFileConstants.PRIVILEGE_TABLE_NAME, tableName));
-            if (!StringUtils.isEmpty(columnName)) {
-              privileges.add(SentryConstants.KV_JOINER.join(
-                      PolicyFileConstants.PRIVILEGE_COLUMN_NAME, columnName));
-            }
-          }
-        }
-        if (!StringUtils.isEmpty(action)) {
-          privileges.add(SentryConstants.KV_JOINER.join(
-                  PolicyFileConstants.PRIVILEGE_ACTION_NAME, action));
-        }
-      }
-      // only append the grant option to privilege string if it's true
-      if ("true".equals(grantOption)) {
-        privileges.add(SentryConstants.KV_JOINER.join(
-                PolicyFileConstants.PRIVILEGE_GRANT_OPTION_NAME, grantOption));
-      }
-    }
-    return SentryConstants.AUTHORIZABLE_JOINER.join(privileges);
-  }
-}

http://git-wip-us.apache.org/repos/asf/sentry/blob/01875092/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/tools/command/hive/ListRolesCmd.java
----------------------------------------------------------------------
diff --git a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/tools/command/hive/ListRolesCmd.java b/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/tools/command/hive/ListRolesCmd.java
deleted file mode 100644
index 283f2c0..0000000
--- a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/tools/command/hive/ListRolesCmd.java
+++ /dev/null
@@ -1,51 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements.  See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership.  The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License.  You may obtain a copy of the License at
- *
- *     http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package org.apache.sentry.provider.db.tools.command.hive;
-
-import org.apache.commons.lang.StringUtils;
-import org.apache.sentry.provider.db.service.thrift.SentryPolicyServiceClient;
-import org.apache.sentry.provider.db.service.thrift.TSentryRole;
-
-import java.util.Set;
-
-/**
- * The class for admin command to list roles.
- */
-public class ListRolesCmd implements Command {
-
-  private String groupName;
-
-  public ListRolesCmd(String groupName) {
-    this.groupName = groupName;
-  }
-
-  @Override
-  public void execute(SentryPolicyServiceClient client, String requestorName) throws Exception {
-    Set<TSentryRole> roles;
-    if (StringUtils.isEmpty(groupName)) {
-      roles = client.listRoles(requestorName);
-    } else {
-      roles = client.listRolesByGroupName(requestorName, groupName);
-    }
-    if (roles != null) {
-      for (TSentryRole role : roles) {
-        System.out.println(role.getRoleName());
-      }
-    }
-  }
-}

http://git-wip-us.apache.org/repos/asf/sentry/blob/01875092/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/tools/command/hive/RevokePrivilegeFromRoleCmd.java
----------------------------------------------------------------------
diff --git a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/tools/command/hive/RevokePrivilegeFromRoleCmd.java b/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/tools/command/hive/RevokePrivilegeFromRoleCmd.java
deleted file mode 100644
index f3da6c4..0000000
--- a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/tools/command/hive/RevokePrivilegeFromRoleCmd.java
+++ /dev/null
@@ -1,62 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements.  See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership.  The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License.  You may obtain a copy of the License at
- *
- *     http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package org.apache.sentry.provider.db.tools.command.hive;
-
-import org.apache.sentry.provider.db.service.thrift.SentryPolicyServiceClient;
-import org.apache.sentry.provider.db.service.thrift.TSentryGrantOption;
-import org.apache.sentry.provider.db.service.thrift.TSentryPrivilege;
-import org.apache.sentry.service.thrift.ServiceConstants;
-
-/**
- * The class for admin command to revoke privileges from role.
- */
-public class RevokePrivilegeFromRoleCmd implements Command {
-
-  private String roleName;
-  private String privilegeStr;
-
-  public RevokePrivilegeFromRoleCmd(String roleName, String privilegeStr) {
-    this.roleName = roleName;
-    this.privilegeStr = privilegeStr;
-  }
-
-  @Override
-  public void execute(SentryPolicyServiceClient client, String requestorName) throws Exception {
-    TSentryPrivilege tSentryPrivilege = CommandUtil.convertToTSentryPrivilege(privilegeStr);
-    boolean grantOption = tSentryPrivilege.getGrantOption().equals(TSentryGrantOption.TRUE) ? true : false;
-    if (ServiceConstants.PrivilegeScope.SERVER.toString().equals(tSentryPrivilege.getPrivilegeScope())) {
-      client.revokeServerPrivilege(requestorName, roleName, tSentryPrivilege.getServerName(),
-              grantOption);
-    } else if (ServiceConstants.PrivilegeScope.DATABASE.toString().equals(tSentryPrivilege.getPrivilegeScope())) {
-      client.revokeDatabasePrivilege(requestorName, roleName, tSentryPrivilege.getServerName(),
-              tSentryPrivilege.getDbName(), tSentryPrivilege.getAction(), grantOption);
-    } else if (ServiceConstants.PrivilegeScope.TABLE.toString().equals(tSentryPrivilege.getPrivilegeScope())) {
-      client.revokeTablePrivilege(requestorName, roleName, tSentryPrivilege.getServerName(),
-              tSentryPrivilege.getDbName(), tSentryPrivilege.getTableName(),
-              tSentryPrivilege.getAction(), grantOption);
-    } else if (ServiceConstants.PrivilegeScope.COLUMN.toString().equals(tSentryPrivilege.getPrivilegeScope())) {
-      client.revokeColumnPrivilege(requestorName, roleName, tSentryPrivilege.getServerName(),
-              tSentryPrivilege.getDbName(), tSentryPrivilege.getTableName(),
-              tSentryPrivilege.getColumnName(), tSentryPrivilege.getAction(), grantOption);
-    } else if (ServiceConstants.PrivilegeScope.URI.toString().equals(tSentryPrivilege.getPrivilegeScope())) {
-      client.revokeURIPrivilege(requestorName, roleName, tSentryPrivilege.getServerName(),
-              tSentryPrivilege.getURI(), grantOption);
-    }
-  }
-
-}

http://git-wip-us.apache.org/repos/asf/sentry/blob/01875092/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/tools/command/hive/RevokeRoleFromGroupsCmd.java
----------------------------------------------------------------------
diff --git a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/tools/command/hive/RevokeRoleFromGroupsCmd.java b/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/tools/command/hive/RevokeRoleFromGroupsCmd.java
deleted file mode 100644
index 86773ca..0000000
--- a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/tools/command/hive/RevokeRoleFromGroupsCmd.java
+++ /dev/null
@@ -1,43 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements.  See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership.  The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License.  You may obtain a copy of the License at
- *
- *     http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package org.apache.sentry.provider.db.tools.command.hive;
-
-import com.google.common.collect.Sets;
-import org.apache.sentry.provider.db.service.thrift.SentryPolicyServiceClient;
-
-import java.util.Set;
-
-/**
- * The class for admin command to revoke role from group.
- */
-public class RevokeRoleFromGroupsCmd implements Command {
-
-  private String roleName;
-  private String groupNamesStr;
-
-  public RevokeRoleFromGroupsCmd(String roleName, String groupNamesStr) {
-    this.roleName = roleName;
-    this.groupNamesStr = groupNamesStr;
-  }
-
-  @Override
-  public void execute(SentryPolicyServiceClient client, String requestorName) throws Exception {
-    Set<String> groups = Sets.newHashSet(groupNamesStr.split(CommandUtil.SPLIT_CHAR));
-    client.revokeRoleFromGroups(requestorName, roleName, groups);
-  }
-}

http://git-wip-us.apache.org/repos/asf/sentry/blob/01875092/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/service/thrift/HAClientInvocationHandler.java
----------------------------------------------------------------------
diff --git a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/service/thrift/HAClientInvocationHandler.java b/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/service/thrift/HAClientInvocationHandler.java
deleted file mode 100644
index d97a07e..0000000
--- a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/service/thrift/HAClientInvocationHandler.java
+++ /dev/null
@@ -1,139 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements.  See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership.  The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License.  You may obtain a copy of the License at
- *
- *     http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package org.apache.sentry.service.thrift;
-
-import java.io.IOException;
-import java.lang.reflect.InvocationTargetException;
-import java.lang.reflect.Method;
-import java.net.InetSocketAddress;
-
-import org.apache.hadoop.conf.Configuration;
-import org.apache.hadoop.security.SecurityUtil;
-import org.apache.curator.x.discovery.ServiceInstance;
-import org.apache.sentry.core.common.exception.SentryUserException;
-import org.apache.sentry.provider.db.service.persistent.HAContext;
-import org.apache.sentry.provider.db.service.persistent.ServiceManager;
-import org.apache.sentry.provider.db.service.thrift.SentryPolicyServiceClient;
-import org.apache.sentry.provider.db.service.thrift.SentryPolicyServiceClientDefaultImpl;
-import org.apache.sentry.service.thrift.ServiceConstants.ServerConfig;
-import org.slf4j.Logger;
-import org.slf4j.LoggerFactory;
-
-import com.google.common.base.Preconditions;
-
-public class HAClientInvocationHandler extends SentryClientInvocationHandler {
-
-  private static final Logger LOGGER = LoggerFactory.getLogger(HAClientInvocationHandler.class);
-
-  private final Configuration conf;
-  private ServiceManager manager;
-  private ServiceInstance<Void> currentServiceInstance;
-  private SentryPolicyServiceClient client = null;
-
-  private static final String THRIFT_EXCEPTION_MESSAGE = "Thrift exception occured ";
-  public static final String SENTRY_HA_ERROR_MESSAGE = "No Sentry server available. Please ensure that at least one Sentry server is online";
-
-  public HAClientInvocationHandler(Configuration conf) throws Exception {
-    this.conf = conf;
-    checkClientConf();
-  }
-
-  @Override
-  public Object invokeImpl(Object proxy, Method method, Object[] args) throws
-      SentryUserException {
-    Object result = null;
-    try {
-      if (!method.isAccessible()) {
-        method.setAccessible(true);
-      }
-      // The client is initialized in the first call instead of constructor.
-      // This way we can propagate the connection exception to caller cleanly
-      if (client == null) {
-        renewSentryClient();
-      }
-      result = method.invoke(client, args);
-    } catch (IllegalAccessException e) {
-      throw new SentryUserException(e.getMessage(), e.getCause());
-    } catch (InvocationTargetException e) {
-      if (e.getTargetException() instanceof SentryUserException) {
-        throw (SentryUserException)e.getTargetException();
-      } else {
-        LOGGER.warn(THRIFT_EXCEPTION_MESSAGE + ": Error in connect current" +
-            " service, will retry other service.", e);
-        if (client != null) {
-          client.close();
-          client = null;
-        }
-      }
-    } catch (IOException e1) {
-      throw new SentryUserException("Error connecting to sentry service "
-          + e1.getMessage(), e1);
-    }
-    return result;
-  }
-
-  // Retrieve the new connection endpoint from ZK and connect to new server
-  private void renewSentryClient() throws IOException {
-    try {
-      manager = new ServiceManager(HAContext.getHAContext(conf));
-    } catch (Exception e1) {
-      throw new IOException("Failed to extract Sentry node info from zookeeper", e1);
-    }
-
-    try {
-      while (true) {
-        currentServiceInstance = manager.getServiceInstance();
-        if (currentServiceInstance == null) {
-          throw new IOException(SENTRY_HA_ERROR_MESSAGE);
-        }
-        InetSocketAddress serverAddress =
-            ServiceManager.convertServiceInstance(currentServiceInstance);
-        conf.set(ServiceConstants.ClientConfig.SERVER_RPC_ADDRESS, serverAddress.getHostName());
-        conf.setInt(ServiceConstants.ClientConfig.SERVER_RPC_PORT, serverAddress.getPort());
-        try {
-          client = new SentryPolicyServiceClientDefaultImpl(conf);
-          LOGGER.info("Sentry Client using server " + serverAddress.getHostName() +
-              ":" + serverAddress.getPort());
-          break;
-        } catch (IOException e) {
-          manager.reportError(currentServiceInstance);
-          LOGGER.info("Transport exception while opening transport:", e, e.getMessage());
-        }
-      }
-    } finally {
-      manager.close();
-    }
-  }
-
-  private void checkClientConf() {
-    if (conf.getBoolean(ServerConfig.SENTRY_HA_ZOOKEEPER_SECURITY,
-        ServerConfig.SENTRY_HA_ZOOKEEPER_SECURITY_DEFAULT)) {
-      String serverPrincipal = Preconditions.checkNotNull(conf.get(ServerConfig.PRINCIPAL),
-          ServerConfig.PRINCIPAL + " is required");
-      Preconditions.checkArgument(serverPrincipal.contains(SecurityUtil.HOSTNAME_PATTERN),
-          ServerConfig.PRINCIPAL + " : " + serverPrincipal + " should contain " + SecurityUtil.HOSTNAME_PATTERN);
-    }
-  }
-
-  @Override
-  public void close() {
-    if (client != null) {
-      client.close();
-    }
-  }
-}

http://git-wip-us.apache.org/repos/asf/sentry/blob/01875092/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/service/thrift/PoolClientInvocationHandler.java
----------------------------------------------------------------------
diff --git a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/service/thrift/PoolClientInvocationHandler.java b/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/service/thrift/PoolClientInvocationHandler.java
deleted file mode 100644
index a35bf1d..0000000
--- a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/service/thrift/PoolClientInvocationHandler.java
+++ /dev/null
@@ -1,154 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements.  See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership.  The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License.  You may obtain a copy of the License at
- *
- *     http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package org.apache.sentry.service.thrift;
-
-import java.lang.reflect.InvocationTargetException;
-import java.lang.reflect.Method;
-
-import org.apache.commons.pool2.PooledObjectFactory;
-import org.apache.commons.pool2.impl.AbandonedConfig;
-import org.apache.commons.pool2.impl.GenericObjectPool;
-import org.apache.commons.pool2.impl.GenericObjectPoolConfig;
-import org.apache.hadoop.conf.Configuration;
-import org.apache.sentry.core.common.exception.SentryUserException;
-import org.apache.sentry.provider.db.service.thrift.SentryPolicyServiceClient;
-import org.apache.sentry.service.thrift.ServiceConstants.ClientConfig;
-import org.apache.thrift.transport.TTransportException;
-import org.slf4j.Logger;
-import org.slf4j.LoggerFactory;
-
-/**
- * The PoolClientInvocationHandler is a proxy class for handling thrift call. For every thrift call,
- * get the instance of SentryPolicyServiceBaseClient from the commons-pool, and return the instance
- * to the commons-pool after complete the call. For any exception with the call, discard the
- * instance and create a new one added to the commons-pool. Then, get the instance and do the call
- * again. For the thread safe, the commons-pool will manage the connection pool, and every thread
- * can get the connection by borrowObject() and return the connection to the pool by returnObject().
- */
-
-public class PoolClientInvocationHandler extends SentryClientInvocationHandler {
-
-  private static final Logger LOGGER = LoggerFactory.getLogger(PoolClientInvocationHandler.class);
-
-  private final Configuration conf;
-  private PooledObjectFactory<SentryPolicyServiceClient> poolFactory;
-  private GenericObjectPool<SentryPolicyServiceClient> pool;
-  private GenericObjectPoolConfig poolConfig;
-  private int connectionRetryTotal;
-
-  private static final String POOL_EXCEPTION_MESSAGE = "Pool exception occured ";
-
-  public PoolClientInvocationHandler(Configuration conf) throws Exception {
-    this.conf = conf;
-    readConfiguration();
-    poolFactory = new SentryServiceClientPoolFactory(conf);
-    pool = new GenericObjectPool<SentryPolicyServiceClient>(poolFactory, poolConfig, new AbandonedConfig());
-  }
-
-  @Override
-  public Object invokeImpl(Object proxy, Method method, Object[] args) throws Exception {
-    int retryCount = 0;
-    Object result = null;
-    while (retryCount < connectionRetryTotal) {
-      try {
-        // The wapper here is for the retry of thrift call, the default retry number is 3.
-        result = invokeFromPool(method, args);
-        break;
-      } catch (TTransportException e) {
-        // TTransportException means there has connection problem, create a new connection and try
-        // again. Get the lock of pool and add new connection.
-        synchronized (pool) {
-          // If there has room, create new instance and add it to the commons-pool, this instance
-          // will be back first from the commons-pool because the configuration is LIFO.
-          if (pool.getNumIdle() + pool.getNumActive() < pool.getMaxTotal()) {
-            pool.addObject();
-          }
-        }
-        // Increase the retry num, and throw the exception if can't retry again.
-        retryCount++;
-        if (retryCount == connectionRetryTotal) {
-          throw new SentryUserException(e.getMessage(), e);
-        }
-      }
-    }
-    return result;
-  }
-
-  private Object invokeFromPool(Method method, Object[] args) throws Exception {
-    Object result = null;
-    SentryPolicyServiceClient client;
-    try {
-      // get the connection from the pool, don't know if the connection is broken.
-      client = pool.borrowObject();
-    } catch (Exception e) {
-      LOGGER.debug(POOL_EXCEPTION_MESSAGE, e);
-      throw new SentryUserException(e.getMessage(), e);
-    }
-    try {
-      // do the thrift call
-      result = method.invoke(client, args);
-    } catch (InvocationTargetException e) {
-      // Get the target exception, check if SentryUserException or TTransportException is wrapped.
-      // TTransportException means there has connection problem with the pool.
-      Throwable targetException = e.getCause();
-      if (targetException instanceof SentryUserException) {
-        Throwable sentryTargetException = targetException.getCause();
-        // If there has connection problem, eg, invalid connection if the service restarted,
-        // sentryTargetException instanceof TTransportException = true.
-        if (sentryTargetException instanceof TTransportException) {
-          // If the exception is caused by connection problem, destroy the instance and
-          // remove it from the commons-pool. Throw the TTransportException for reconnect.
-          pool.invalidateObject(client);
-          throw new TTransportException(sentryTargetException);
-        }
-        // The exception is thrown by thrift call, eg, SentryAccessDeniedException.
-        throw (SentryUserException) targetException;
-      }
-      throw e;
-    } finally{
-      try {
-        // return the instance to commons-pool
-        pool.returnObject(client);
-      } catch (Exception e) {
-        LOGGER.error(POOL_EXCEPTION_MESSAGE, e);
-        throw e;
-      }
-    }
-    return result;
-  }
-
-  @Override
-  public void close() {
-    try {
-      pool.close();
-    } catch (Exception e) {
-      LOGGER.debug(POOL_EXCEPTION_MESSAGE, e);
-    }
-  }
-
-  private void readConfiguration() {
-    poolConfig = new GenericObjectPoolConfig();
-    // config the pool size for commons-pool
-    poolConfig.setMaxTotal(conf.getInt(ClientConfig.SENTRY_POOL_MAX_TOTAL, ClientConfig.SENTRY_POOL_MAX_TOTAL_DEFAULT));
-    poolConfig.setMinIdle(conf.getInt(ClientConfig.SENTRY_POOL_MIN_IDLE, ClientConfig.SENTRY_POOL_MIN_IDLE_DEFAULT));
-    poolConfig.setMaxIdle(conf.getInt(ClientConfig.SENTRY_POOL_MAX_IDLE, ClientConfig.SENTRY_POOL_MAX_IDLE_DEFAULT));
-    // get the retry number for reconnecting service
-    connectionRetryTotal = conf.getInt(ClientConfig.SENTRY_POOL_RETRY_TOTAL,
-        ClientConfig.SENTRY_POOL_RETRY_TOTAL_DEFAULT);
-  }
-}

http://git-wip-us.apache.org/repos/asf/sentry/blob/01875092/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/service/thrift/SentryClientInvocationHandler.java
----------------------------------------------------------------------
diff --git a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/service/thrift/SentryClientInvocationHandler.java b/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/service/thrift/SentryClientInvocationHandler.java
deleted file mode 100644
index a41be7f..0000000
--- a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/service/thrift/SentryClientInvocationHandler.java
+++ /dev/null
@@ -1,54 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements.  See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership.  The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License.  You may obtain a copy of the License at
- *
- *     http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package org.apache.sentry.service.thrift;
-
-import java.lang.reflect.InvocationHandler;
-import java.lang.reflect.Method;
-
-/**
- * SentryClientInvocationHandler is the base interface for all the InvocationHandler in SENTRY
- */
-public abstract class SentryClientInvocationHandler implements InvocationHandler {
-
-  /**
-   * Close the InvocationHandler: An InvocationHandler may create some contexts,
-   * these contexts should be close when the method "close()" of client be called.
-   */
-  @Override
-  public final Object invoke(Object proxy, Method method, Object[] args) throws Exception {
-    // close() doesn't throw exception we supress that in case of connection
-    // loss. Changing SentryPolicyServiceClient#close() to throw an
-    // exception would be a backward incompatible change for Sentry clients.
-    if ("close".equals(method.getName()) && null == args) {
-      close();
-      return null;
-    }
-    return invokeImpl(proxy, method, args);
-  }
-
-  /**
-   * Subclass should implement this method for special function
-   */
-  public abstract Object invokeImpl(Object proxy, Method method, Object[] args) throws Exception;
-
-  /**
-   * An abstract method "close", an invocationHandler should close its contexts at here.
-   */
-  public abstract void close();
-
-}

http://git-wip-us.apache.org/repos/asf/sentry/blob/01875092/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/service/thrift/SentryServiceClientFactory.java
----------------------------------------------------------------------
diff --git a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/service/thrift/SentryServiceClientFactory.java b/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/service/thrift/SentryServiceClientFactory.java
deleted file mode 100644
index 48ee66a..0000000
--- a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/service/thrift/SentryServiceClientFactory.java
+++ /dev/null
@@ -1,52 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements.  See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership.  The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License.  You may obtain a copy of the License at
- *
- *     http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-package org.apache.sentry.service.thrift;
-
-import java.lang.reflect.Proxy;
-
-import org.apache.hadoop.conf.Configuration;
-
-import org.apache.sentry.provider.db.service.thrift.SentryPolicyServiceClient;
-import org.apache.sentry.provider.db.service.thrift.SentryPolicyServiceClientDefaultImpl;
-import org.apache.sentry.service.thrift.ServiceConstants.ClientConfig;
-
-public final class SentryServiceClientFactory {
-
-  private SentryServiceClientFactory() {
-  }
-
-  public static SentryPolicyServiceClient create(Configuration conf) throws Exception {
-    boolean haEnabled = conf.getBoolean(ClientConfig.SERVER_HA_ENABLED, false);
-    boolean pooled = conf.getBoolean(ClientConfig.SENTRY_POOL_ENABLED, false);
-    if (pooled) {
-      return (SentryPolicyServiceClient) Proxy
-          .newProxyInstance(SentryPolicyServiceClientDefaultImpl.class.getClassLoader(),
-              SentryPolicyServiceClientDefaultImpl.class.getInterfaces(),
-              new PoolClientInvocationHandler(conf));
-    } else if (haEnabled) {
-      return (SentryPolicyServiceClient) Proxy
-          .newProxyInstance(SentryPolicyServiceClientDefaultImpl.class.getClassLoader(),
-              SentryPolicyServiceClientDefaultImpl.class.getInterfaces(),
-              new HAClientInvocationHandler(conf));
-    } else {
-      return new SentryPolicyServiceClientDefaultImpl(conf);
-    }
-  }
-
-}
\ No newline at end of file

http://git-wip-us.apache.org/repos/asf/sentry/blob/01875092/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/service/thrift/SentryServiceClientPoolFactory.java
----------------------------------------------------------------------
diff --git a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/service/thrift/SentryServiceClientPoolFactory.java b/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/service/thrift/SentryServiceClientPoolFactory.java
deleted file mode 100644
index 3a38b24..0000000
--- a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/service/thrift/SentryServiceClientPoolFactory.java
+++ /dev/null
@@ -1,78 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements.  See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership.  The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License.  You may obtain a copy of the License at
- *
- *     http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-package org.apache.sentry.service.thrift;
-
-import java.lang.reflect.Proxy;
-
-import org.apache.commons.pool2.BasePooledObjectFactory;
-import org.apache.commons.pool2.PooledObject;
-import org.apache.commons.pool2.impl.DefaultPooledObject;
-import org.apache.hadoop.conf.Configuration;
-import org.apache.sentry.provider.db.service.thrift.SentryPolicyServiceClient;
-import org.apache.sentry.provider.db.service.thrift.SentryPolicyServiceClientDefaultImpl;
-import org.apache.sentry.service.thrift.ServiceConstants.ClientConfig;
-import org.slf4j.Logger;
-import org.slf4j.LoggerFactory;
-
-/**
- * SentryServiceClientPoolFactory is for connection pool to manage the object. Implement the related
- * method to create object, destroy object and wrap object.
- */
-
-public class SentryServiceClientPoolFactory extends BasePooledObjectFactory<SentryPolicyServiceClient> {
-
-  private static final Logger LOGGER = LoggerFactory.getLogger(SentryServiceClientPoolFactory.class);
-
-  private Configuration conf;
-
-  public SentryServiceClientPoolFactory(Configuration conf) {
-    this.conf = conf;
-  }
-
-  @Override
-  public SentryPolicyServiceClient create() throws Exception {
-    LOGGER.debug("Creating Sentry Service Client...");
-    boolean haEnabled = conf.getBoolean(ClientConfig.SERVER_HA_ENABLED, false);
-    if (haEnabled) {
-      return (SentryPolicyServiceClient) Proxy
-          .newProxyInstance(SentryPolicyServiceClientDefaultImpl.class.getClassLoader(),
-              SentryPolicyServiceClientDefaultImpl.class.getInterfaces(),
-              new HAClientInvocationHandler(conf));
-    } else {
-      return new SentryPolicyServiceClientDefaultImpl(conf);
-    }
-  }
-
-  @Override
-  public PooledObject<SentryPolicyServiceClient> wrap(SentryPolicyServiceClient client) {
-    return new DefaultPooledObject<SentryPolicyServiceClient>(client);
-  }
-
-  @Override
-  public void destroyObject(PooledObject<SentryPolicyServiceClient> pooledObject) {
-    SentryPolicyServiceClient client = pooledObject.getObject();
-    LOGGER.debug("Destroying Sentry Service Client: " + client);
-    if (client != null) {
-      // The close() of TSocket or TSaslClientTransport is called actually, and there has no
-      // exception even there has some problems, eg, the client is closed already.
-      // The close here is just try to close the socket and the client will be destroyed soon.
-      client.close();
-    }
-  }
-}

http://git-wip-us.apache.org/repos/asf/sentry/blob/01875092/sentry-service/pom.xml
----------------------------------------------------------------------
diff --git a/sentry-service/pom.xml b/sentry-service/pom.xml
index ae42d0f..4bcb7f1 100644
--- a/sentry-service/pom.xml
+++ b/sentry-service/pom.xml
@@ -32,6 +32,7 @@ limitations under the License.
   <modules>
     <module>sentry-service-common</module>
     <module>sentry-service-server</module>
+    <module>sentry-service-client</module>
   </modules>
 
 </project>

http://git-wip-us.apache.org/repos/asf/sentry/blob/01875092/sentry-service/sentry-service-client/pom.xml
----------------------------------------------------------------------
diff --git a/sentry-service/sentry-service-client/pom.xml b/sentry-service/sentry-service-client/pom.xml
new file mode 100644
index 0000000..614f0d3
--- /dev/null
+++ b/sentry-service/sentry-service-client/pom.xml
@@ -0,0 +1,61 @@
+<?xml version="1.0"?>
+<!--
+Licensed to the Apache Software Foundation (ASF) under one or more
+contributor license agreements.  See the NOTICE file distributed with
+this work for additional information regarding copyright ownership.
+The ASF licenses this file to You under the Apache License, Version 2.0
+(the "License"); you may not use this file except in compliance with
+the License.  You may obtain a copy of the License at
+
+     http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+-->
+<project xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd" xmlns="http://maven.apache.org/POM/4.0.0"
+         xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
+  <modelVersion>4.0.0</modelVersion>
+  <parent>
+    <groupId>org.apache.sentry</groupId>
+    <artifactId>sentry-service</artifactId>
+    <version>1.8.0-SNAPSHOT</version>
+  </parent>
+
+  <artifactId>sentry-service-client</artifactId>
+  <name>Sentry Service Client</name>
+
+  <dependencies>
+    <dependency>
+      <groupId>org.apache.sentry</groupId>
+      <artifactId>sentry-service-common</artifactId>
+    </dependency>
+    <dependency>
+      <groupId>org.apache.hadoop</groupId>
+      <artifactId>hadoop-common</artifactId>
+    </dependency>
+    <dependency>
+      <groupId>org.apache.sentry</groupId>
+      <artifactId>sentry-core-model-kafka</artifactId>
+    </dependency>
+    <dependency>
+      <groupId>org.apache.sentry</groupId>
+      <artifactId>sentry-core-model-db</artifactId>
+    </dependency>
+    <dependency>
+      <groupId>org.apache.sentry</groupId>
+      <artifactId>sentry-core-model-search</artifactId>
+    </dependency>
+    <dependency>
+      <groupId>org.apache.sentry</groupId>
+      <artifactId>sentry-provider-file</artifactId>
+    </dependency>
+    <dependency>
+      <groupId>org.apache.commons</groupId>
+      <artifactId>commons-pool2</artifactId>
+    </dependency>
+  </dependencies>
+
+</project>
\ No newline at end of file

http://git-wip-us.apache.org/repos/asf/sentry/blob/01875092/sentry-service/sentry-service-client/src/main/java/org/apache/sentry/provider/db/generic/service/thrift/SentryGenericServiceClient.java
----------------------------------------------------------------------
diff --git a/sentry-service/sentry-service-client/src/main/java/org/apache/sentry/provider/db/generic/service/thrift/SentryGenericServiceClient.java b/sentry-service/sentry-service-client/src/main/java/org/apache/sentry/provider/db/generic/service/thrift/SentryGenericServiceClient.java
new file mode 100644
index 0000000..11cdee7
--- /dev/null
+++ b/sentry-service/sentry-service-client/src/main/java/org/apache/sentry/provider/db/generic/service/thrift/SentryGenericServiceClient.java
@@ -0,0 +1,196 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership.  The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License.  You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.sentry.provider.db.generic.service.thrift;
+
+import java.util.List;
+import java.util.Map;
+import java.util.Set;
+
+import org.apache.sentry.core.common.exception.SentryUserException;
+import org.apache.sentry.core.common.ActiveRoleSet;
+import org.apache.sentry.core.common.Authorizable;
+
+public interface SentryGenericServiceClient {
+
+  /**
+   * Create a sentry role
+   * @param requestorUserName: user on whose behalf the request is issued
+   * @param roleName: Name of the role
+   * @param component: The request is issued to which component
+   * @throws SentryUserException
+   */
+  void createRole(String requestorUserName, String roleName,
+      String component) throws SentryUserException;
+
+  void createRoleIfNotExist(String requestorUserName,
+      String roleName, String component) throws SentryUserException;
+
+  /**
+   * Drop a sentry role
+   * @param requestorUserName: user on whose behalf the request is issued
+   * @param roleName: Name of the role
+   * @param component: The request is issued to which component
+   * @throws SentryUserException
+   */
+  void dropRole(String requestorUserName, String roleName,
+      String component) throws SentryUserException;
+
+  void dropRoleIfExists(String requestorUserName, String roleName,
+      String component) throws SentryUserException;
+
+  /**
+   * add a sentry role to groups.
+   * @param requestorUserName: user on whose behalf the request is issued
+   * @param roleName: Name of the role
+   * @param component: The request is issued to which component
+   * @param groups: The name of groups
+   * @throws SentryUserException
+   */
+  void addRoleToGroups(String requestorUserName, String roleName,
+      String component, Set<String> groups) throws SentryUserException;
+
+  /**
+   * delete a sentry role from groups.
+   * @param requestorUserName: user on whose behalf the request is issued
+   * @param roleName: Name of the role
+   * @param component: The request is issued to which component
+   * @param groups: The name of groups
+   * @throws SentryUserException
+   */
+  void deleteRoleToGroups(String requestorUserName, String roleName,
+      String component, Set<String> groups) throws SentryUserException;
+
+  /**
+   * grant privilege
+   * @param requestorUserName: user on whose behalf the request is issued
+   * @param roleName: Name of the role
+   * @param component: The request is issued to which component
+   * @param privilege
+   * @throws SentryUserException
+   */
+  void grantPrivilege(String requestorUserName, String roleName,
+      String component, TSentryPrivilege privilege) throws SentryUserException;
+
+  /**
+   * revoke privilege
+   * @param requestorUserName: user on whose behalf the request is issued
+   * @param roleName: Name of the role
+   * @param component: The request is issued to which component
+   * @param privilege
+   * @throws SentryUserException
+   */
+  void revokePrivilege(String requestorUserName, String roleName,
+      String component, TSentryPrivilege privilege) throws SentryUserException;
+
+  /**
+   * drop privilege
+   * @param requestorUserName: user on whose behalf the request is issued
+   * @param component: The request is issued to which component
+   * @param privilege
+   * @throws SentryUserException
+   */
+  void dropPrivilege(String requestorUserName,String component,
+      TSentryPrivilege privilege) throws SentryUserException;
+
+  /**
+   * rename privilege
+   * @param requestorUserName: user on whose behalf the request is issued
+   * @param component: The request is issued to which component
+   * @param serviceName: The Authorizable belongs to which service
+   * @param oldAuthorizables
+   * @param newAuthorizables
+   * @throws SentryUserException
+   */
+  void renamePrivilege(String requestorUserName, String component,
+      String serviceName, List<? extends Authorizable> oldAuthorizables,
+      List<? extends Authorizable> newAuthorizables) throws SentryUserException;
+
+  /**
+   * Gets sentry role objects for a given groupName using the Sentry service
+   * @param requestorUserName : user on whose behalf the request is issued
+   * @param groupName : groupName to look up ( if null returns all roles for groups related to requestorUserName)
+   * @param component: The request is issued to which component
+   * @return Set of thrift sentry role objects
+   * @throws SentryUserException
+   */
+  Set<TSentryRole> listRolesByGroupName(
+      String requestorUserName,
+      String groupName,
+      String component)
+  throws SentryUserException;
+
+  Set<TSentryRole> listUserRoles(String requestorUserName, String component)
+      throws SentryUserException;
+
+  Set<TSentryRole> listAllRoles(String requestorUserName, String component)
+      throws SentryUserException;
+
+  /**
+   * Gets sentry privileges for a given roleName and Authorizable Hierarchy using the Sentry service
+   * @param requestorUserName: user on whose behalf the request is issued
+   * @param roleName:
+   * @param component: The request is issued to which component
+   * @param serviceName
+   * @param authorizables
+   * @return
+   * @throws SentryUserException
+   */
+  Set<TSentryPrivilege> listPrivilegesByRoleName(
+      String requestorUserName, String roleName, String component,
+      String serviceName, List<? extends Authorizable> authorizables)
+      throws SentryUserException;
+
+  Set<TSentryPrivilege> listPrivilegesByRoleName(
+      String requestorUserName, String roleName, String component,
+      String serviceName) throws SentryUserException;
+
+  /**
+   * get sentry permissions from provider as followings:
+   * @param: component: The request is issued to which component
+   * @param: serviceName: The privilege belongs to which service
+   * @param: roleSet
+   * @param: groupNames
+   * @param: the authorizables
+   * @returns the set of permissions
+   * @throws SentryUserException
+   */
+  Set<String> listPrivilegesForProvider(String component,
+      String serviceName, ActiveRoleSet roleSet, Set<String> groups,
+      List<? extends Authorizable> authorizables) throws SentryUserException;
+
+  /**
+   * Get sentry privileges based on valid active roles and the authorize objects. Note that
+   * it is client responsibility to ensure the requestor username, etc. is not impersonated.
+   *
+   * @param component: The request respond to which component.
+   * @param serviceName: The name of service.
+   * @param requestorUserName: The requestor user name.
+   * @param authorizablesSet: The set of authorize objects. One authorize object is represented
+   *     as a string. e.g resourceType1=resourceName1->resourceType2=resourceName2->resourceType3=resourceName3.
+   * @param groups: The requested groups.
+   * @param roleSet: The active roles set.
+   *
+   * @returns The mapping of authorize objects and TSentryPrivilegeMap(<role, set<privileges>).
+   * @throws SentryUserException
+   */
+  Map<String, TSentryPrivilegeMap> listPrivilegsbyAuthorizable(String component,
+      String serviceName, String requestorUserName, Set<String> authorizablesSet,
+      Set<String> groups, ActiveRoleSet roleSet) throws SentryUserException;
+
+  void close();
+}


Mime
View raw message