SENTRY-993: list_sentry_privileges_by_authorizable() gone in API v2 ( Hao Hao, Reviewed by: Colin Ma and Lenni Kuff)
Change-Id: If47467956f59959d41ff6a17a068baac7bc8a3c6
diff --git a/sentry-provider/sentry-provider-db/src/gen/thrift/gen-javabean/org/apache/sentry/provider/db/generic/service/thrift/SentryGenericPolicyService.java b/sentry-provider/sentry-provider-db/src/gen/thrift/gen-javabean/org/apache/sentry/provider/db/generic/service/thrift/SentryGenericPolicyService.java
index b421598..6a40f57 100644
--- a/sentry-provider/sentry-provider-db/src/gen/thrift/gen-javabean/org/apache/sentry/provider/db/generic/service/thrift/SentryGenericPolicyService.java
+++ b/sentry-provider/sentry-provider-db/src/gen/thrift/gen-javabean/org/apache/sentry/provider/db/generic/service/thrift/SentryGenericPolicyService.java
@@ -53,6 +53,8 @@
public TListSentryPrivilegesForProviderResponse list_sentry_privileges_for_provider(TListSentryPrivilegesForProviderRequest request) throws org.apache.thrift.TException;
+ public TListSentryPrivilegesByAuthResponse list_sentry_privileges_by_authorizable(TListSentryPrivilegesByAuthRequest request) throws org.apache.thrift.TException;
+
public TDropPrivilegesResponse drop_sentry_privilege(TDropPrivilegesRequest request) throws org.apache.thrift.TException;
public TRenamePrivilegesResponse rename_sentry_privilege(TRenamePrivilegesRequest request) throws org.apache.thrift.TException;
@@ -79,6 +81,8 @@
public void list_sentry_privileges_for_provider(TListSentryPrivilegesForProviderRequest request, org.apache.thrift.async.AsyncMethodCallback<AsyncClient.list_sentry_privileges_for_provider_call> resultHandler) throws org.apache.thrift.TException;
+ public void list_sentry_privileges_by_authorizable(TListSentryPrivilegesByAuthRequest request, org.apache.thrift.async.AsyncMethodCallback<AsyncClient.list_sentry_privileges_by_authorizable_call> resultHandler) throws org.apache.thrift.TException;
+
public void drop_sentry_privilege(TDropPrivilegesRequest request, org.apache.thrift.async.AsyncMethodCallback<AsyncClient.drop_sentry_privilege_call> resultHandler) throws org.apache.thrift.TException;
public void rename_sentry_privilege(TRenamePrivilegesRequest request, org.apache.thrift.async.AsyncMethodCallback<AsyncClient.rename_sentry_privilege_call> resultHandler) throws org.apache.thrift.TException;
@@ -312,6 +316,29 @@
throw new org.apache.thrift.TApplicationException(org.apache.thrift.TApplicationException.MISSING_RESULT, "list_sentry_privileges_for_provider failed: unknown result");
}
+ public TListSentryPrivilegesByAuthResponse list_sentry_privileges_by_authorizable(TListSentryPrivilegesByAuthRequest request) throws org.apache.thrift.TException
+ {
+ send_list_sentry_privileges_by_authorizable(request);
+ return recv_list_sentry_privileges_by_authorizable();
+ }
+
+ public void send_list_sentry_privileges_by_authorizable(TListSentryPrivilegesByAuthRequest request) throws org.apache.thrift.TException
+ {
+ list_sentry_privileges_by_authorizable_args args = new list_sentry_privileges_by_authorizable_args();
+ args.setRequest(request);
+ sendBase("list_sentry_privileges_by_authorizable", args);
+ }
+
+ public TListSentryPrivilegesByAuthResponse recv_list_sentry_privileges_by_authorizable() throws org.apache.thrift.TException
+ {
+ list_sentry_privileges_by_authorizable_result result = new list_sentry_privileges_by_authorizable_result();
+ receiveBase(result, "list_sentry_privileges_by_authorizable");
+ if (result.isSetSuccess()) {
+ return result.success;
+ }
+ throw new org.apache.thrift.TApplicationException(org.apache.thrift.TApplicationException.MISSING_RESULT, "list_sentry_privileges_by_authorizable failed: unknown result");
+ }
+
public TDropPrivilegesResponse drop_sentry_privilege(TDropPrivilegesRequest request) throws org.apache.thrift.TException
{
send_drop_sentry_privilege(request);
@@ -664,6 +691,38 @@
}
}
+ public void list_sentry_privileges_by_authorizable(TListSentryPrivilegesByAuthRequest request, org.apache.thrift.async.AsyncMethodCallback<list_sentry_privileges_by_authorizable_call> resultHandler) throws org.apache.thrift.TException {
+ checkReady();
+ list_sentry_privileges_by_authorizable_call method_call = new list_sentry_privileges_by_authorizable_call(request, resultHandler, this, ___protocolFactory, ___transport);
+ this.___currentMethod = method_call;
+ ___manager.call(method_call);
+ }
+
+ public static class list_sentry_privileges_by_authorizable_call extends org.apache.thrift.async.TAsyncMethodCall {
+ private TListSentryPrivilegesByAuthRequest request;
+ public list_sentry_privileges_by_authorizable_call(TListSentryPrivilegesByAuthRequest request, org.apache.thrift.async.AsyncMethodCallback<list_sentry_privileges_by_authorizable_call> resultHandler, org.apache.thrift.async.TAsyncClient client, org.apache.thrift.protocol.TProtocolFactory protocolFactory, org.apache.thrift.transport.TNonblockingTransport transport) throws org.apache.thrift.TException {
+ super(client, protocolFactory, transport, resultHandler, false);
+ this.request = request;
+ }
+
+ public void write_args(org.apache.thrift.protocol.TProtocol prot) throws org.apache.thrift.TException {
+ prot.writeMessageBegin(new org.apache.thrift.protocol.TMessage("list_sentry_privileges_by_authorizable", org.apache.thrift.protocol.TMessageType.CALL, 0));
+ list_sentry_privileges_by_authorizable_args args = new list_sentry_privileges_by_authorizable_args();
+ args.setRequest(request);
+ args.write(prot);
+ prot.writeMessageEnd();
+ }
+
+ public TListSentryPrivilegesByAuthResponse getResult() throws org.apache.thrift.TException {
+ if (getState() != org.apache.thrift.async.TAsyncMethodCall.State.RESPONSE_READ) {
+ throw new IllegalStateException("Method call not finished!");
+ }
+ org.apache.thrift.transport.TMemoryInputTransport memoryTransport = new org.apache.thrift.transport.TMemoryInputTransport(getFrameBuffer().array());
+ org.apache.thrift.protocol.TProtocol prot = client.getProtocolFactory().getProtocol(memoryTransport);
+ return (new Client(prot)).recv_list_sentry_privileges_by_authorizable();
+ }
+ }
+
public void drop_sentry_privilege(TDropPrivilegesRequest request, org.apache.thrift.async.AsyncMethodCallback<drop_sentry_privilege_call> resultHandler) throws org.apache.thrift.TException {
checkReady();
drop_sentry_privilege_call method_call = new drop_sentry_privilege_call(request, resultHandler, this, ___protocolFactory, ___transport);
@@ -750,6 +809,7 @@
processMap.put("list_sentry_roles_by_group", new list_sentry_roles_by_group());
processMap.put("list_sentry_privileges_by_role", new list_sentry_privileges_by_role());
processMap.put("list_sentry_privileges_for_provider", new list_sentry_privileges_for_provider());
+ processMap.put("list_sentry_privileges_by_authorizable", new list_sentry_privileges_by_authorizable());
processMap.put("drop_sentry_privilege", new drop_sentry_privilege());
processMap.put("rename_sentry_privilege", new rename_sentry_privilege());
return processMap;
@@ -935,6 +995,26 @@
}
}
+ public static class list_sentry_privileges_by_authorizable<I extends Iface> extends org.apache.thrift.ProcessFunction<I, list_sentry_privileges_by_authorizable_args> {
+ public list_sentry_privileges_by_authorizable() {
+ super("list_sentry_privileges_by_authorizable");
+ }
+
+ public list_sentry_privileges_by_authorizable_args getEmptyArgsInstance() {
+ return new list_sentry_privileges_by_authorizable_args();
+ }
+
+ protected boolean isOneway() {
+ return false;
+ }
+
+ public list_sentry_privileges_by_authorizable_result getResult(I iface, list_sentry_privileges_by_authorizable_args args) throws org.apache.thrift.TException {
+ list_sentry_privileges_by_authorizable_result result = new list_sentry_privileges_by_authorizable_result();
+ result.success = iface.list_sentry_privileges_by_authorizable(args.request);
+ return result;
+ }
+ }
+
public static class drop_sentry_privilege<I extends Iface> extends org.apache.thrift.ProcessFunction<I, drop_sentry_privilege_args> {
public drop_sentry_privilege() {
super("drop_sentry_privilege");
@@ -7511,6 +7591,732 @@
}
+ public static class list_sentry_privileges_by_authorizable_args implements org.apache.thrift.TBase<list_sentry_privileges_by_authorizable_args, list_sentry_privileges_by_authorizable_args._Fields>, java.io.Serializable, Cloneable {
+ private static final org.apache.thrift.protocol.TStruct STRUCT_DESC = new org.apache.thrift.protocol.TStruct("list_sentry_privileges_by_authorizable_args");
+
+ private static final org.apache.thrift.protocol.TField REQUEST_FIELD_DESC = new org.apache.thrift.protocol.TField("request", org.apache.thrift.protocol.TType.STRUCT, (short)1);
+
+ private static final Map<Class<? extends IScheme>, SchemeFactory> schemes = new HashMap<Class<? extends IScheme>, SchemeFactory>();
+ static {
+ schemes.put(StandardScheme.class, new list_sentry_privileges_by_authorizable_argsStandardSchemeFactory());
+ schemes.put(TupleScheme.class, new list_sentry_privileges_by_authorizable_argsTupleSchemeFactory());
+ }
+
+ private TListSentryPrivilegesByAuthRequest request; // required
+
+ /** The set of fields this struct contains, along with convenience methods for finding and manipulating them. */
+ public enum _Fields implements org.apache.thrift.TFieldIdEnum {
+ REQUEST((short)1, "request");
+
+ private static final Map<String, _Fields> byName = new HashMap<String, _Fields>();
+
+ static {
+ for (_Fields field : EnumSet.allOf(_Fields.class)) {
+ byName.put(field.getFieldName(), field);
+ }
+ }
+
+ /**
+ * Find the _Fields constant that matches fieldId, or null if its not found.
+ */
+ public static _Fields findByThriftId(int fieldId) {
+ switch(fieldId) {
+ case 1: // REQUEST
+ return REQUEST;
+ default:
+ return null;
+ }
+ }
+
+ /**
+ * Find the _Fields constant that matches fieldId, throwing an exception
+ * if it is not found.
+ */
+ public static _Fields findByThriftIdOrThrow(int fieldId) {
+ _Fields fields = findByThriftId(fieldId);
+ if (fields == null) throw new IllegalArgumentException("Field " + fieldId + " doesn't exist!");
+ return fields;
+ }
+
+ /**
+ * Find the _Fields constant that matches name, or null if its not found.
+ */
+ public static _Fields findByName(String name) {
+ return byName.get(name);
+ }
+
+ private final short _thriftId;
+ private final String _fieldName;
+
+ _Fields(short thriftId, String fieldName) {
+ _thriftId = thriftId;
+ _fieldName = fieldName;
+ }
+
+ public short getThriftFieldId() {
+ return _thriftId;
+ }
+
+ public String getFieldName() {
+ return _fieldName;
+ }
+ }
+
+ // isset id assignments
+ public static final Map<_Fields, org.apache.thrift.meta_data.FieldMetaData> metaDataMap;
+ static {
+ Map<_Fields, org.apache.thrift.meta_data.FieldMetaData> tmpMap = new EnumMap<_Fields, org.apache.thrift.meta_data.FieldMetaData>(_Fields.class);
+ tmpMap.put(_Fields.REQUEST, new org.apache.thrift.meta_data.FieldMetaData("request", org.apache.thrift.TFieldRequirementType.DEFAULT,
+ new org.apache.thrift.meta_data.StructMetaData(org.apache.thrift.protocol.TType.STRUCT, TListSentryPrivilegesByAuthRequest.class)));
+ metaDataMap = Collections.unmodifiableMap(tmpMap);
+ org.apache.thrift.meta_data.FieldMetaData.addStructMetaDataMap(list_sentry_privileges_by_authorizable_args.class, metaDataMap);
+ }
+
+ public list_sentry_privileges_by_authorizable_args() {
+ }
+
+ public list_sentry_privileges_by_authorizable_args(
+ TListSentryPrivilegesByAuthRequest request)
+ {
+ this();
+ this.request = request;
+ }
+
+ /**
+ * Performs a deep copy on <i>other</i>.
+ */
+ public list_sentry_privileges_by_authorizable_args(list_sentry_privileges_by_authorizable_args other) {
+ if (other.isSetRequest()) {
+ this.request = new TListSentryPrivilegesByAuthRequest(other.request);
+ }
+ }
+
+ public list_sentry_privileges_by_authorizable_args deepCopy() {
+ return new list_sentry_privileges_by_authorizable_args(this);
+ }
+
+ @Override
+ public void clear() {
+ this.request = null;
+ }
+
+ public TListSentryPrivilegesByAuthRequest getRequest() {
+ return this.request;
+ }
+
+ public void setRequest(TListSentryPrivilegesByAuthRequest request) {
+ this.request = request;
+ }
+
+ public void unsetRequest() {
+ this.request = null;
+ }
+
+ /** Returns true if field request is set (has been assigned a value) and false otherwise */
+ public boolean isSetRequest() {
+ return this.request != null;
+ }
+
+ public void setRequestIsSet(boolean value) {
+ if (!value) {
+ this.request = null;
+ }
+ }
+
+ public void setFieldValue(_Fields field, Object value) {
+ switch (field) {
+ case REQUEST:
+ if (value == null) {
+ unsetRequest();
+ } else {
+ setRequest((TListSentryPrivilegesByAuthRequest)value);
+ }
+ break;
+
+ }
+ }
+
+ public Object getFieldValue(_Fields field) {
+ switch (field) {
+ case REQUEST:
+ return getRequest();
+
+ }
+ throw new IllegalStateException();
+ }
+
+ /** Returns true if field corresponding to fieldID is set (has been assigned a value) and false otherwise */
+ public boolean isSet(_Fields field) {
+ if (field == null) {
+ throw new IllegalArgumentException();
+ }
+
+ switch (field) {
+ case REQUEST:
+ return isSetRequest();
+ }
+ throw new IllegalStateException();
+ }
+
+ @Override
+ public boolean equals(Object that) {
+ if (that == null)
+ return false;
+ if (that instanceof list_sentry_privileges_by_authorizable_args)
+ return this.equals((list_sentry_privileges_by_authorizable_args)that);
+ return false;
+ }
+
+ public boolean equals(list_sentry_privileges_by_authorizable_args that) {
+ if (that == null)
+ return false;
+
+ boolean this_present_request = true && this.isSetRequest();
+ boolean that_present_request = true && that.isSetRequest();
+ if (this_present_request || that_present_request) {
+ if (!(this_present_request && that_present_request))
+ return false;
+ if (!this.request.equals(that.request))
+ return false;
+ }
+
+ return true;
+ }
+
+ @Override
+ public int hashCode() {
+ HashCodeBuilder builder = new HashCodeBuilder();
+
+ boolean present_request = true && (isSetRequest());
+ builder.append(present_request);
+ if (present_request)
+ builder.append(request);
+
+ return builder.toHashCode();
+ }
+
+ public int compareTo(list_sentry_privileges_by_authorizable_args other) {
+ if (!getClass().equals(other.getClass())) {
+ return getClass().getName().compareTo(other.getClass().getName());
+ }
+
+ int lastComparison = 0;
+ list_sentry_privileges_by_authorizable_args typedOther = (list_sentry_privileges_by_authorizable_args)other;
+
+ lastComparison = Boolean.valueOf(isSetRequest()).compareTo(typedOther.isSetRequest());
+ if (lastComparison != 0) {
+ return lastComparison;
+ }
+ if (isSetRequest()) {
+ lastComparison = org.apache.thrift.TBaseHelper.compareTo(this.request, typedOther.request);
+ if (lastComparison != 0) {
+ return lastComparison;
+ }
+ }
+ return 0;
+ }
+
+ public _Fields fieldForId(int fieldId) {
+ return _Fields.findByThriftId(fieldId);
+ }
+
+ public void read(org.apache.thrift.protocol.TProtocol iprot) throws org.apache.thrift.TException {
+ schemes.get(iprot.getScheme()).getScheme().read(iprot, this);
+ }
+
+ public void write(org.apache.thrift.protocol.TProtocol oprot) throws org.apache.thrift.TException {
+ schemes.get(oprot.getScheme()).getScheme().write(oprot, this);
+ }
+
+ @Override
+ public String toString() {
+ StringBuilder sb = new StringBuilder("list_sentry_privileges_by_authorizable_args(");
+ boolean first = true;
+
+ sb.append("request:");
+ if (this.request == null) {
+ sb.append("null");
+ } else {
+ sb.append(this.request);
+ }
+ first = false;
+ sb.append(")");
+ return sb.toString();
+ }
+
+ public void validate() throws org.apache.thrift.TException {
+ // check for required fields
+ // check for sub-struct validity
+ if (request != null) {
+ request.validate();
+ }
+ }
+
+ private void writeObject(java.io.ObjectOutputStream out) throws java.io.IOException {
+ try {
+ write(new org.apache.thrift.protocol.TCompactProtocol(new org.apache.thrift.transport.TIOStreamTransport(out)));
+ } catch (org.apache.thrift.TException te) {
+ throw new java.io.IOException(te);
+ }
+ }
+
+ private void readObject(java.io.ObjectInputStream in) throws java.io.IOException, ClassNotFoundException {
+ try {
+ read(new org.apache.thrift.protocol.TCompactProtocol(new org.apache.thrift.transport.TIOStreamTransport(in)));
+ } catch (org.apache.thrift.TException te) {
+ throw new java.io.IOException(te);
+ }
+ }
+
+ private static class list_sentry_privileges_by_authorizable_argsStandardSchemeFactory implements SchemeFactory {
+ public list_sentry_privileges_by_authorizable_argsStandardScheme getScheme() {
+ return new list_sentry_privileges_by_authorizable_argsStandardScheme();
+ }
+ }
+
+ private static class list_sentry_privileges_by_authorizable_argsStandardScheme extends StandardScheme<list_sentry_privileges_by_authorizable_args> {
+
+ public void read(org.apache.thrift.protocol.TProtocol iprot, list_sentry_privileges_by_authorizable_args struct) throws org.apache.thrift.TException {
+ org.apache.thrift.protocol.TField schemeField;
+ iprot.readStructBegin();
+ while (true)
+ {
+ schemeField = iprot.readFieldBegin();
+ if (schemeField.type == org.apache.thrift.protocol.TType.STOP) {
+ break;
+ }
+ switch (schemeField.id) {
+ case 1: // REQUEST
+ if (schemeField.type == org.apache.thrift.protocol.TType.STRUCT) {
+ struct.request = new TListSentryPrivilegesByAuthRequest();
+ struct.request.read(iprot);
+ struct.setRequestIsSet(true);
+ } else {
+ org.apache.thrift.protocol.TProtocolUtil.skip(iprot, schemeField.type);
+ }
+ break;
+ default:
+ org.apache.thrift.protocol.TProtocolUtil.skip(iprot, schemeField.type);
+ }
+ iprot.readFieldEnd();
+ }
+ iprot.readStructEnd();
+ struct.validate();
+ }
+
+ public void write(org.apache.thrift.protocol.TProtocol oprot, list_sentry_privileges_by_authorizable_args struct) throws org.apache.thrift.TException {
+ struct.validate();
+
+ oprot.writeStructBegin(STRUCT_DESC);
+ if (struct.request != null) {
+ oprot.writeFieldBegin(REQUEST_FIELD_DESC);
+ struct.request.write(oprot);
+ oprot.writeFieldEnd();
+ }
+ oprot.writeFieldStop();
+ oprot.writeStructEnd();
+ }
+
+ }
+
+ private static class list_sentry_privileges_by_authorizable_argsTupleSchemeFactory implements SchemeFactory {
+ public list_sentry_privileges_by_authorizable_argsTupleScheme getScheme() {
+ return new list_sentry_privileges_by_authorizable_argsTupleScheme();
+ }
+ }
+
+ private static class list_sentry_privileges_by_authorizable_argsTupleScheme extends TupleScheme<list_sentry_privileges_by_authorizable_args> {
+
+ @Override
+ public void write(org.apache.thrift.protocol.TProtocol prot, list_sentry_privileges_by_authorizable_args struct) throws org.apache.thrift.TException {
+ TTupleProtocol oprot = (TTupleProtocol) prot;
+ BitSet optionals = new BitSet();
+ if (struct.isSetRequest()) {
+ optionals.set(0);
+ }
+ oprot.writeBitSet(optionals, 1);
+ if (struct.isSetRequest()) {
+ struct.request.write(oprot);
+ }
+ }
+
+ @Override
+ public void read(org.apache.thrift.protocol.TProtocol prot, list_sentry_privileges_by_authorizable_args struct) throws org.apache.thrift.TException {
+ TTupleProtocol iprot = (TTupleProtocol) prot;
+ BitSet incoming = iprot.readBitSet(1);
+ if (incoming.get(0)) {
+ struct.request = new TListSentryPrivilegesByAuthRequest();
+ struct.request.read(iprot);
+ struct.setRequestIsSet(true);
+ }
+ }
+ }
+
+ }
+
+ public static class list_sentry_privileges_by_authorizable_result implements org.apache.thrift.TBase<list_sentry_privileges_by_authorizable_result, list_sentry_privileges_by_authorizable_result._Fields>, java.io.Serializable, Cloneable {
+ private static final org.apache.thrift.protocol.TStruct STRUCT_DESC = new org.apache.thrift.protocol.TStruct("list_sentry_privileges_by_authorizable_result");
+
+ private static final org.apache.thrift.protocol.TField SUCCESS_FIELD_DESC = new org.apache.thrift.protocol.TField("success", org.apache.thrift.protocol.TType.STRUCT, (short)0);
+
+ private static final Map<Class<? extends IScheme>, SchemeFactory> schemes = new HashMap<Class<? extends IScheme>, SchemeFactory>();
+ static {
+ schemes.put(StandardScheme.class, new list_sentry_privileges_by_authorizable_resultStandardSchemeFactory());
+ schemes.put(TupleScheme.class, new list_sentry_privileges_by_authorizable_resultTupleSchemeFactory());
+ }
+
+ private TListSentryPrivilegesByAuthResponse success; // required
+
+ /** The set of fields this struct contains, along with convenience methods for finding and manipulating them. */
+ public enum _Fields implements org.apache.thrift.TFieldIdEnum {
+ SUCCESS((short)0, "success");
+
+ private static final Map<String, _Fields> byName = new HashMap<String, _Fields>();
+
+ static {
+ for (_Fields field : EnumSet.allOf(_Fields.class)) {
+ byName.put(field.getFieldName(), field);
+ }
+ }
+
+ /**
+ * Find the _Fields constant that matches fieldId, or null if its not found.
+ */
+ public static _Fields findByThriftId(int fieldId) {
+ switch(fieldId) {
+ case 0: // SUCCESS
+ return SUCCESS;
+ default:
+ return null;
+ }
+ }
+
+ /**
+ * Find the _Fields constant that matches fieldId, throwing an exception
+ * if it is not found.
+ */
+ public static _Fields findByThriftIdOrThrow(int fieldId) {
+ _Fields fields = findByThriftId(fieldId);
+ if (fields == null) throw new IllegalArgumentException("Field " + fieldId + " doesn't exist!");
+ return fields;
+ }
+
+ /**
+ * Find the _Fields constant that matches name, or null if its not found.
+ */
+ public static _Fields findByName(String name) {
+ return byName.get(name);
+ }
+
+ private final short _thriftId;
+ private final String _fieldName;
+
+ _Fields(short thriftId, String fieldName) {
+ _thriftId = thriftId;
+ _fieldName = fieldName;
+ }
+
+ public short getThriftFieldId() {
+ return _thriftId;
+ }
+
+ public String getFieldName() {
+ return _fieldName;
+ }
+ }
+
+ // isset id assignments
+ public static final Map<_Fields, org.apache.thrift.meta_data.FieldMetaData> metaDataMap;
+ static {
+ Map<_Fields, org.apache.thrift.meta_data.FieldMetaData> tmpMap = new EnumMap<_Fields, org.apache.thrift.meta_data.FieldMetaData>(_Fields.class);
+ tmpMap.put(_Fields.SUCCESS, new org.apache.thrift.meta_data.FieldMetaData("success", org.apache.thrift.TFieldRequirementType.DEFAULT,
+ new org.apache.thrift.meta_data.StructMetaData(org.apache.thrift.protocol.TType.STRUCT, TListSentryPrivilegesByAuthResponse.class)));
+ metaDataMap = Collections.unmodifiableMap(tmpMap);
+ org.apache.thrift.meta_data.FieldMetaData.addStructMetaDataMap(list_sentry_privileges_by_authorizable_result.class, metaDataMap);
+ }
+
+ public list_sentry_privileges_by_authorizable_result() {
+ }
+
+ public list_sentry_privileges_by_authorizable_result(
+ TListSentryPrivilegesByAuthResponse success)
+ {
+ this();
+ this.success = success;
+ }
+
+ /**
+ * Performs a deep copy on <i>other</i>.
+ */
+ public list_sentry_privileges_by_authorizable_result(list_sentry_privileges_by_authorizable_result other) {
+ if (other.isSetSuccess()) {
+ this.success = new TListSentryPrivilegesByAuthResponse(other.success);
+ }
+ }
+
+ public list_sentry_privileges_by_authorizable_result deepCopy() {
+ return new list_sentry_privileges_by_authorizable_result(this);
+ }
+
+ @Override
+ public void clear() {
+ this.success = null;
+ }
+
+ public TListSentryPrivilegesByAuthResponse getSuccess() {
+ return this.success;
+ }
+
+ public void setSuccess(TListSentryPrivilegesByAuthResponse success) {
+ this.success = success;
+ }
+
+ public void unsetSuccess() {
+ this.success = null;
+ }
+
+ /** Returns true if field success is set (has been assigned a value) and false otherwise */
+ public boolean isSetSuccess() {
+ return this.success != null;
+ }
+
+ public void setSuccessIsSet(boolean value) {
+ if (!value) {
+ this.success = null;
+ }
+ }
+
+ public void setFieldValue(_Fields field, Object value) {
+ switch (field) {
+ case SUCCESS:
+ if (value == null) {
+ unsetSuccess();
+ } else {
+ setSuccess((TListSentryPrivilegesByAuthResponse)value);
+ }
+ break;
+
+ }
+ }
+
+ public Object getFieldValue(_Fields field) {
+ switch (field) {
+ case SUCCESS:
+ return getSuccess();
+
+ }
+ throw new IllegalStateException();
+ }
+
+ /** Returns true if field corresponding to fieldID is set (has been assigned a value) and false otherwise */
+ public boolean isSet(_Fields field) {
+ if (field == null) {
+ throw new IllegalArgumentException();
+ }
+
+ switch (field) {
+ case SUCCESS:
+ return isSetSuccess();
+ }
+ throw new IllegalStateException();
+ }
+
+ @Override
+ public boolean equals(Object that) {
+ if (that == null)
+ return false;
+ if (that instanceof list_sentry_privileges_by_authorizable_result)
+ return this.equals((list_sentry_privileges_by_authorizable_result)that);
+ return false;
+ }
+
+ public boolean equals(list_sentry_privileges_by_authorizable_result that) {
+ if (that == null)
+ return false;
+
+ boolean this_present_success = true && this.isSetSuccess();
+ boolean that_present_success = true && that.isSetSuccess();
+ if (this_present_success || that_present_success) {
+ if (!(this_present_success && that_present_success))
+ return false;
+ if (!this.success.equals(that.success))
+ return false;
+ }
+
+ return true;
+ }
+
+ @Override
+ public int hashCode() {
+ HashCodeBuilder builder = new HashCodeBuilder();
+
+ boolean present_success = true && (isSetSuccess());
+ builder.append(present_success);
+ if (present_success)
+ builder.append(success);
+
+ return builder.toHashCode();
+ }
+
+ public int compareTo(list_sentry_privileges_by_authorizable_result other) {
+ if (!getClass().equals(other.getClass())) {
+ return getClass().getName().compareTo(other.getClass().getName());
+ }
+
+ int lastComparison = 0;
+ list_sentry_privileges_by_authorizable_result typedOther = (list_sentry_privileges_by_authorizable_result)other;
+
+ lastComparison = Boolean.valueOf(isSetSuccess()).compareTo(typedOther.isSetSuccess());
+ if (lastComparison != 0) {
+ return lastComparison;
+ }
+ if (isSetSuccess()) {
+ lastComparison = org.apache.thrift.TBaseHelper.compareTo(this.success, typedOther.success);
+ if (lastComparison != 0) {
+ return lastComparison;
+ }
+ }
+ return 0;
+ }
+
+ public _Fields fieldForId(int fieldId) {
+ return _Fields.findByThriftId(fieldId);
+ }
+
+ public void read(org.apache.thrift.protocol.TProtocol iprot) throws org.apache.thrift.TException {
+ schemes.get(iprot.getScheme()).getScheme().read(iprot, this);
+ }
+
+ public void write(org.apache.thrift.protocol.TProtocol oprot) throws org.apache.thrift.TException {
+ schemes.get(oprot.getScheme()).getScheme().write(oprot, this);
+ }
+
+ @Override
+ public String toString() {
+ StringBuilder sb = new StringBuilder("list_sentry_privileges_by_authorizable_result(");
+ boolean first = true;
+
+ sb.append("success:");
+ if (this.success == null) {
+ sb.append("null");
+ } else {
+ sb.append(this.success);
+ }
+ first = false;
+ sb.append(")");
+ return sb.toString();
+ }
+
+ public void validate() throws org.apache.thrift.TException {
+ // check for required fields
+ // check for sub-struct validity
+ if (success != null) {
+ success.validate();
+ }
+ }
+
+ private void writeObject(java.io.ObjectOutputStream out) throws java.io.IOException {
+ try {
+ write(new org.apache.thrift.protocol.TCompactProtocol(new org.apache.thrift.transport.TIOStreamTransport(out)));
+ } catch (org.apache.thrift.TException te) {
+ throw new java.io.IOException(te);
+ }
+ }
+
+ private void readObject(java.io.ObjectInputStream in) throws java.io.IOException, ClassNotFoundException {
+ try {
+ read(new org.apache.thrift.protocol.TCompactProtocol(new org.apache.thrift.transport.TIOStreamTransport(in)));
+ } catch (org.apache.thrift.TException te) {
+ throw new java.io.IOException(te);
+ }
+ }
+
+ private static class list_sentry_privileges_by_authorizable_resultStandardSchemeFactory implements SchemeFactory {
+ public list_sentry_privileges_by_authorizable_resultStandardScheme getScheme() {
+ return new list_sentry_privileges_by_authorizable_resultStandardScheme();
+ }
+ }
+
+ private static class list_sentry_privileges_by_authorizable_resultStandardScheme extends StandardScheme<list_sentry_privileges_by_authorizable_result> {
+
+ public void read(org.apache.thrift.protocol.TProtocol iprot, list_sentry_privileges_by_authorizable_result struct) throws org.apache.thrift.TException {
+ org.apache.thrift.protocol.TField schemeField;
+ iprot.readStructBegin();
+ while (true)
+ {
+ schemeField = iprot.readFieldBegin();
+ if (schemeField.type == org.apache.thrift.protocol.TType.STOP) {
+ break;
+ }
+ switch (schemeField.id) {
+ case 0: // SUCCESS
+ if (schemeField.type == org.apache.thrift.protocol.TType.STRUCT) {
+ struct.success = new TListSentryPrivilegesByAuthResponse();
+ struct.success.read(iprot);
+ struct.setSuccessIsSet(true);
+ } else {
+ org.apache.thrift.protocol.TProtocolUtil.skip(iprot, schemeField.type);
+ }
+ break;
+ default:
+ org.apache.thrift.protocol.TProtocolUtil.skip(iprot, schemeField.type);
+ }
+ iprot.readFieldEnd();
+ }
+ iprot.readStructEnd();
+ struct.validate();
+ }
+
+ public void write(org.apache.thrift.protocol.TProtocol oprot, list_sentry_privileges_by_authorizable_result struct) throws org.apache.thrift.TException {
+ struct.validate();
+
+ oprot.writeStructBegin(STRUCT_DESC);
+ if (struct.success != null) {
+ oprot.writeFieldBegin(SUCCESS_FIELD_DESC);
+ struct.success.write(oprot);
+ oprot.writeFieldEnd();
+ }
+ oprot.writeFieldStop();
+ oprot.writeStructEnd();
+ }
+
+ }
+
+ private static class list_sentry_privileges_by_authorizable_resultTupleSchemeFactory implements SchemeFactory {
+ public list_sentry_privileges_by_authorizable_resultTupleScheme getScheme() {
+ return new list_sentry_privileges_by_authorizable_resultTupleScheme();
+ }
+ }
+
+ private static class list_sentry_privileges_by_authorizable_resultTupleScheme extends TupleScheme<list_sentry_privileges_by_authorizable_result> {
+
+ @Override
+ public void write(org.apache.thrift.protocol.TProtocol prot, list_sentry_privileges_by_authorizable_result struct) throws org.apache.thrift.TException {
+ TTupleProtocol oprot = (TTupleProtocol) prot;
+ BitSet optionals = new BitSet();
+ if (struct.isSetSuccess()) {
+ optionals.set(0);
+ }
+ oprot.writeBitSet(optionals, 1);
+ if (struct.isSetSuccess()) {
+ struct.success.write(oprot);
+ }
+ }
+
+ @Override
+ public void read(org.apache.thrift.protocol.TProtocol prot, list_sentry_privileges_by_authorizable_result struct) throws org.apache.thrift.TException {
+ TTupleProtocol iprot = (TTupleProtocol) prot;
+ BitSet incoming = iprot.readBitSet(1);
+ if (incoming.get(0)) {
+ struct.success = new TListSentryPrivilegesByAuthResponse();
+ struct.success.read(iprot);
+ struct.setSuccessIsSet(true);
+ }
+ }
+ }
+
+ }
+
public static class drop_sentry_privilege_args implements org.apache.thrift.TBase<drop_sentry_privilege_args, drop_sentry_privilege_args._Fields>, java.io.Serializable, Cloneable {
private static final org.apache.thrift.protocol.TStruct STRUCT_DESC = new org.apache.thrift.protocol.TStruct("drop_sentry_privilege_args");
diff --git a/sentry-provider/sentry-provider-db/src/gen/thrift/gen-javabean/org/apache/sentry/provider/db/generic/service/thrift/TListSentryPrivilegesByAuthRequest.java b/sentry-provider/sentry-provider-db/src/gen/thrift/gen-javabean/org/apache/sentry/provider/db/generic/service/thrift/TListSentryPrivilegesByAuthRequest.java
new file mode 100644
index 0000000..3d328ab
--- /dev/null
+++ b/sentry-provider/sentry-provider-db/src/gen/thrift/gen-javabean/org/apache/sentry/provider/db/generic/service/thrift/TListSentryPrivilegesByAuthRequest.java
@@ -0,0 +1,1114 @@
+/**
+ * Autogenerated by Thrift Compiler (0.9.0)
+ *
+ * DO NOT EDIT UNLESS YOU ARE SURE THAT YOU KNOW WHAT YOU ARE DOING
+ * @generated
+ */
+package org.apache.sentry.provider.db.generic.service.thrift;
+
+import org.apache.commons.lang.builder.HashCodeBuilder;
+import org.apache.thrift.scheme.IScheme;
+import org.apache.thrift.scheme.SchemeFactory;
+import org.apache.thrift.scheme.StandardScheme;
+
+import org.apache.thrift.scheme.TupleScheme;
+import org.apache.thrift.protocol.TTupleProtocol;
+import org.apache.thrift.protocol.TProtocolException;
+import org.apache.thrift.EncodingUtils;
+import org.apache.thrift.TException;
+import java.util.List;
+import java.util.ArrayList;
+import java.util.Map;
+import java.util.HashMap;
+import java.util.EnumMap;
+import java.util.Set;
+import java.util.HashSet;
+import java.util.EnumSet;
+import java.util.Collections;
+import java.util.BitSet;
+import java.nio.ByteBuffer;
+import java.util.Arrays;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+public class TListSentryPrivilegesByAuthRequest implements org.apache.thrift.TBase<TListSentryPrivilegesByAuthRequest, TListSentryPrivilegesByAuthRequest._Fields>, java.io.Serializable, Cloneable {
+ private static final org.apache.thrift.protocol.TStruct STRUCT_DESC = new org.apache.thrift.protocol.TStruct("TListSentryPrivilegesByAuthRequest");
+
+ private static final org.apache.thrift.protocol.TField PROTOCOL_VERSION_FIELD_DESC = new org.apache.thrift.protocol.TField("protocol_version", org.apache.thrift.protocol.TType.I32, (short)1);
+ private static final org.apache.thrift.protocol.TField REQUESTOR_USER_NAME_FIELD_DESC = new org.apache.thrift.protocol.TField("requestorUserName", org.apache.thrift.protocol.TType.STRING, (short)2);
+ private static final org.apache.thrift.protocol.TField COMPONENT_FIELD_DESC = new org.apache.thrift.protocol.TField("component", org.apache.thrift.protocol.TType.STRING, (short)3);
+ private static final org.apache.thrift.protocol.TField SERVICE_NAME_FIELD_DESC = new org.apache.thrift.protocol.TField("serviceName", org.apache.thrift.protocol.TType.STRING, (short)4);
+ private static final org.apache.thrift.protocol.TField AUTHORIZABLES_SET_FIELD_DESC = new org.apache.thrift.protocol.TField("authorizablesSet", org.apache.thrift.protocol.TType.SET, (short)5);
+ private static final org.apache.thrift.protocol.TField GROUPS_FIELD_DESC = new org.apache.thrift.protocol.TField("groups", org.apache.thrift.protocol.TType.SET, (short)6);
+ private static final org.apache.thrift.protocol.TField ROLE_SET_FIELD_DESC = new org.apache.thrift.protocol.TField("roleSet", org.apache.thrift.protocol.TType.STRUCT, (short)7);
+
+ private static final Map<Class<? extends IScheme>, SchemeFactory> schemes = new HashMap<Class<? extends IScheme>, SchemeFactory>();
+ static {
+ schemes.put(StandardScheme.class, new TListSentryPrivilegesByAuthRequestStandardSchemeFactory());
+ schemes.put(TupleScheme.class, new TListSentryPrivilegesByAuthRequestTupleSchemeFactory());
+ }
+
+ private int protocol_version; // required
+ private String requestorUserName; // required
+ private String component; // required
+ private String serviceName; // required
+ private Set<String> authorizablesSet; // required
+ private Set<String> groups; // optional
+ private TSentryActiveRoleSet roleSet; // optional
+
+ /** The set of fields this struct contains, along with convenience methods for finding and manipulating them. */
+ public enum _Fields implements org.apache.thrift.TFieldIdEnum {
+ PROTOCOL_VERSION((short)1, "protocol_version"),
+ REQUESTOR_USER_NAME((short)2, "requestorUserName"),
+ COMPONENT((short)3, "component"),
+ SERVICE_NAME((short)4, "serviceName"),
+ AUTHORIZABLES_SET((short)5, "authorizablesSet"),
+ GROUPS((short)6, "groups"),
+ ROLE_SET((short)7, "roleSet");
+
+ private static final Map<String, _Fields> byName = new HashMap<String, _Fields>();
+
+ static {
+ for (_Fields field : EnumSet.allOf(_Fields.class)) {
+ byName.put(field.getFieldName(), field);
+ }
+ }
+
+ /**
+ * Find the _Fields constant that matches fieldId, or null if its not found.
+ */
+ public static _Fields findByThriftId(int fieldId) {
+ switch(fieldId) {
+ case 1: // PROTOCOL_VERSION
+ return PROTOCOL_VERSION;
+ case 2: // REQUESTOR_USER_NAME
+ return REQUESTOR_USER_NAME;
+ case 3: // COMPONENT
+ return COMPONENT;
+ case 4: // SERVICE_NAME
+ return SERVICE_NAME;
+ case 5: // AUTHORIZABLES_SET
+ return AUTHORIZABLES_SET;
+ case 6: // GROUPS
+ return GROUPS;
+ case 7: // ROLE_SET
+ return ROLE_SET;
+ default:
+ return null;
+ }
+ }
+
+ /**
+ * Find the _Fields constant that matches fieldId, throwing an exception
+ * if it is not found.
+ */
+ public static _Fields findByThriftIdOrThrow(int fieldId) {
+ _Fields fields = findByThriftId(fieldId);
+ if (fields == null) throw new IllegalArgumentException("Field " + fieldId + " doesn't exist!");
+ return fields;
+ }
+
+ /**
+ * Find the _Fields constant that matches name, or null if its not found.
+ */
+ public static _Fields findByName(String name) {
+ return byName.get(name);
+ }
+
+ private final short _thriftId;
+ private final String _fieldName;
+
+ _Fields(short thriftId, String fieldName) {
+ _thriftId = thriftId;
+ _fieldName = fieldName;
+ }
+
+ public short getThriftFieldId() {
+ return _thriftId;
+ }
+
+ public String getFieldName() {
+ return _fieldName;
+ }
+ }
+
+ // isset id assignments
+ private static final int __PROTOCOL_VERSION_ISSET_ID = 0;
+ private byte __isset_bitfield = 0;
+ private _Fields optionals[] = {_Fields.GROUPS,_Fields.ROLE_SET};
+ public static final Map<_Fields, org.apache.thrift.meta_data.FieldMetaData> metaDataMap;
+ static {
+ Map<_Fields, org.apache.thrift.meta_data.FieldMetaData> tmpMap = new EnumMap<_Fields, org.apache.thrift.meta_data.FieldMetaData>(_Fields.class);
+ tmpMap.put(_Fields.PROTOCOL_VERSION, new org.apache.thrift.meta_data.FieldMetaData("protocol_version", org.apache.thrift.TFieldRequirementType.REQUIRED,
+ new org.apache.thrift.meta_data.FieldValueMetaData(org.apache.thrift.protocol.TType.I32)));
+ tmpMap.put(_Fields.REQUESTOR_USER_NAME, new org.apache.thrift.meta_data.FieldMetaData("requestorUserName", org.apache.thrift.TFieldRequirementType.REQUIRED,
+ new org.apache.thrift.meta_data.FieldValueMetaData(org.apache.thrift.protocol.TType.STRING)));
+ tmpMap.put(_Fields.COMPONENT, new org.apache.thrift.meta_data.FieldMetaData("component", org.apache.thrift.TFieldRequirementType.REQUIRED,
+ new org.apache.thrift.meta_data.FieldValueMetaData(org.apache.thrift.protocol.TType.STRING)));
+ tmpMap.put(_Fields.SERVICE_NAME, new org.apache.thrift.meta_data.FieldMetaData("serviceName", org.apache.thrift.TFieldRequirementType.REQUIRED,
+ new org.apache.thrift.meta_data.FieldValueMetaData(org.apache.thrift.protocol.TType.STRING)));
+ tmpMap.put(_Fields.AUTHORIZABLES_SET, new org.apache.thrift.meta_data.FieldMetaData("authorizablesSet", org.apache.thrift.TFieldRequirementType.REQUIRED,
+ new org.apache.thrift.meta_data.SetMetaData(org.apache.thrift.protocol.TType.SET,
+ new org.apache.thrift.meta_data.FieldValueMetaData(org.apache.thrift.protocol.TType.STRING))));
+ tmpMap.put(_Fields.GROUPS, new org.apache.thrift.meta_data.FieldMetaData("groups", org.apache.thrift.TFieldRequirementType.OPTIONAL,
+ new org.apache.thrift.meta_data.SetMetaData(org.apache.thrift.protocol.TType.SET,
+ new org.apache.thrift.meta_data.FieldValueMetaData(org.apache.thrift.protocol.TType.STRING))));
+ tmpMap.put(_Fields.ROLE_SET, new org.apache.thrift.meta_data.FieldMetaData("roleSet", org.apache.thrift.TFieldRequirementType.OPTIONAL,
+ new org.apache.thrift.meta_data.StructMetaData(org.apache.thrift.protocol.TType.STRUCT, TSentryActiveRoleSet.class)));
+ metaDataMap = Collections.unmodifiableMap(tmpMap);
+ org.apache.thrift.meta_data.FieldMetaData.addStructMetaDataMap(TListSentryPrivilegesByAuthRequest.class, metaDataMap);
+ }
+
+ public TListSentryPrivilegesByAuthRequest() {
+ this.protocol_version = 2;
+
+ }
+
+ public TListSentryPrivilegesByAuthRequest(
+ int protocol_version,
+ String requestorUserName,
+ String component,
+ String serviceName,
+ Set<String> authorizablesSet)
+ {
+ this();
+ this.protocol_version = protocol_version;
+ setProtocol_versionIsSet(true);
+ this.requestorUserName = requestorUserName;
+ this.component = component;
+ this.serviceName = serviceName;
+ this.authorizablesSet = authorizablesSet;
+ }
+
+ /**
+ * Performs a deep copy on <i>other</i>.
+ */
+ public TListSentryPrivilegesByAuthRequest(TListSentryPrivilegesByAuthRequest other) {
+ __isset_bitfield = other.__isset_bitfield;
+ this.protocol_version = other.protocol_version;
+ if (other.isSetRequestorUserName()) {
+ this.requestorUserName = other.requestorUserName;
+ }
+ if (other.isSetComponent()) {
+ this.component = other.component;
+ }
+ if (other.isSetServiceName()) {
+ this.serviceName = other.serviceName;
+ }
+ if (other.isSetAuthorizablesSet()) {
+ Set<String> __this__authorizablesSet = new HashSet<String>();
+ for (String other_element : other.authorizablesSet) {
+ __this__authorizablesSet.add(other_element);
+ }
+ this.authorizablesSet = __this__authorizablesSet;
+ }
+ if (other.isSetGroups()) {
+ Set<String> __this__groups = new HashSet<String>();
+ for (String other_element : other.groups) {
+ __this__groups.add(other_element);
+ }
+ this.groups = __this__groups;
+ }
+ if (other.isSetRoleSet()) {
+ this.roleSet = new TSentryActiveRoleSet(other.roleSet);
+ }
+ }
+
+ public TListSentryPrivilegesByAuthRequest deepCopy() {
+ return new TListSentryPrivilegesByAuthRequest(this);
+ }
+
+ @Override
+ public void clear() {
+ this.protocol_version = 2;
+
+ this.requestorUserName = null;
+ this.component = null;
+ this.serviceName = null;
+ this.authorizablesSet = null;
+ this.groups = null;
+ this.roleSet = null;
+ }
+
+ public int getProtocol_version() {
+ return this.protocol_version;
+ }
+
+ public void setProtocol_version(int protocol_version) {
+ this.protocol_version = protocol_version;
+ setProtocol_versionIsSet(true);
+ }
+
+ public void unsetProtocol_version() {
+ __isset_bitfield = EncodingUtils.clearBit(__isset_bitfield, __PROTOCOL_VERSION_ISSET_ID);
+ }
+
+ /** Returns true if field protocol_version is set (has been assigned a value) and false otherwise */
+ public boolean isSetProtocol_version() {
+ return EncodingUtils.testBit(__isset_bitfield, __PROTOCOL_VERSION_ISSET_ID);
+ }
+
+ public void setProtocol_versionIsSet(boolean value) {
+ __isset_bitfield = EncodingUtils.setBit(__isset_bitfield, __PROTOCOL_VERSION_ISSET_ID, value);
+ }
+
+ public String getRequestorUserName() {
+ return this.requestorUserName;
+ }
+
+ public void setRequestorUserName(String requestorUserName) {
+ this.requestorUserName = requestorUserName;
+ }
+
+ public void unsetRequestorUserName() {
+ this.requestorUserName = null;
+ }
+
+ /** Returns true if field requestorUserName is set (has been assigned a value) and false otherwise */
+ public boolean isSetRequestorUserName() {
+ return this.requestorUserName != null;
+ }
+
+ public void setRequestorUserNameIsSet(boolean value) {
+ if (!value) {
+ this.requestorUserName = null;
+ }
+ }
+
+ public String getComponent() {
+ return this.component;
+ }
+
+ public void setComponent(String component) {
+ this.component = component;
+ }
+
+ public void unsetComponent() {
+ this.component = null;
+ }
+
+ /** Returns true if field component is set (has been assigned a value) and false otherwise */
+ public boolean isSetComponent() {
+ return this.component != null;
+ }
+
+ public void setComponentIsSet(boolean value) {
+ if (!value) {
+ this.component = null;
+ }
+ }
+
+ public String getServiceName() {
+ return this.serviceName;
+ }
+
+ public void setServiceName(String serviceName) {
+ this.serviceName = serviceName;
+ }
+
+ public void unsetServiceName() {
+ this.serviceName = null;
+ }
+
+ /** Returns true if field serviceName is set (has been assigned a value) and false otherwise */
+ public boolean isSetServiceName() {
+ return this.serviceName != null;
+ }
+
+ public void setServiceNameIsSet(boolean value) {
+ if (!value) {
+ this.serviceName = null;
+ }
+ }
+
+ public int getAuthorizablesSetSize() {
+ return (this.authorizablesSet == null) ? 0 : this.authorizablesSet.size();
+ }
+
+ public java.util.Iterator<String> getAuthorizablesSetIterator() {
+ return (this.authorizablesSet == null) ? null : this.authorizablesSet.iterator();
+ }
+
+ public void addToAuthorizablesSet(String elem) {
+ if (this.authorizablesSet == null) {
+ this.authorizablesSet = new HashSet<String>();
+ }
+ this.authorizablesSet.add(elem);
+ }
+
+ public Set<String> getAuthorizablesSet() {
+ return this.authorizablesSet;
+ }
+
+ public void setAuthorizablesSet(Set<String> authorizablesSet) {
+ this.authorizablesSet = authorizablesSet;
+ }
+
+ public void unsetAuthorizablesSet() {
+ this.authorizablesSet = null;
+ }
+
+ /** Returns true if field authorizablesSet is set (has been assigned a value) and false otherwise */
+ public boolean isSetAuthorizablesSet() {
+ return this.authorizablesSet != null;
+ }
+
+ public void setAuthorizablesSetIsSet(boolean value) {
+ if (!value) {
+ this.authorizablesSet = null;
+ }
+ }
+
+ public int getGroupsSize() {
+ return (this.groups == null) ? 0 : this.groups.size();
+ }
+
+ public java.util.Iterator<String> getGroupsIterator() {
+ return (this.groups == null) ? null : this.groups.iterator();
+ }
+
+ public void addToGroups(String elem) {
+ if (this.groups == null) {
+ this.groups = new HashSet<String>();
+ }
+ this.groups.add(elem);
+ }
+
+ public Set<String> getGroups() {
+ return this.groups;
+ }
+
+ public void setGroups(Set<String> groups) {
+ this.groups = groups;
+ }
+
+ public void unsetGroups() {
+ this.groups = null;
+ }
+
+ /** Returns true if field groups is set (has been assigned a value) and false otherwise */
+ public boolean isSetGroups() {
+ return this.groups != null;
+ }
+
+ public void setGroupsIsSet(boolean value) {
+ if (!value) {
+ this.groups = null;
+ }
+ }
+
+ public TSentryActiveRoleSet getRoleSet() {
+ return this.roleSet;
+ }
+
+ public void setRoleSet(TSentryActiveRoleSet roleSet) {
+ this.roleSet = roleSet;
+ }
+
+ public void unsetRoleSet() {
+ this.roleSet = null;
+ }
+
+ /** Returns true if field roleSet is set (has been assigned a value) and false otherwise */
+ public boolean isSetRoleSet() {
+ return this.roleSet != null;
+ }
+
+ public void setRoleSetIsSet(boolean value) {
+ if (!value) {
+ this.roleSet = null;
+ }
+ }
+
+ public void setFieldValue(_Fields field, Object value) {
+ switch (field) {
+ case PROTOCOL_VERSION:
+ if (value == null) {
+ unsetProtocol_version();
+ } else {
+ setProtocol_version((Integer)value);
+ }
+ break;
+
+ case REQUESTOR_USER_NAME:
+ if (value == null) {
+ unsetRequestorUserName();
+ } else {
+ setRequestorUserName((String)value);
+ }
+ break;
+
+ case COMPONENT:
+ if (value == null) {
+ unsetComponent();
+ } else {
+ setComponent((String)value);
+ }
+ break;
+
+ case SERVICE_NAME:
+ if (value == null) {
+ unsetServiceName();
+ } else {
+ setServiceName((String)value);
+ }
+ break;
+
+ case AUTHORIZABLES_SET:
+ if (value == null) {
+ unsetAuthorizablesSet();
+ } else {
+ setAuthorizablesSet((Set<String>)value);
+ }
+ break;
+
+ case GROUPS:
+ if (value == null) {
+ unsetGroups();
+ } else {
+ setGroups((Set<String>)value);
+ }
+ break;
+
+ case ROLE_SET:
+ if (value == null) {
+ unsetRoleSet();
+ } else {
+ setRoleSet((TSentryActiveRoleSet)value);
+ }
+ break;
+
+ }
+ }
+
+ public Object getFieldValue(_Fields field) {
+ switch (field) {
+ case PROTOCOL_VERSION:
+ return Integer.valueOf(getProtocol_version());
+
+ case REQUESTOR_USER_NAME:
+ return getRequestorUserName();
+
+ case COMPONENT:
+ return getComponent();
+
+ case SERVICE_NAME:
+ return getServiceName();
+
+ case AUTHORIZABLES_SET:
+ return getAuthorizablesSet();
+
+ case GROUPS:
+ return getGroups();
+
+ case ROLE_SET:
+ return getRoleSet();
+
+ }
+ throw new IllegalStateException();
+ }
+
+ /** Returns true if field corresponding to fieldID is set (has been assigned a value) and false otherwise */
+ public boolean isSet(_Fields field) {
+ if (field == null) {
+ throw new IllegalArgumentException();
+ }
+
+ switch (field) {
+ case PROTOCOL_VERSION:
+ return isSetProtocol_version();
+ case REQUESTOR_USER_NAME:
+ return isSetRequestorUserName();
+ case COMPONENT:
+ return isSetComponent();
+ case SERVICE_NAME:
+ return isSetServiceName();
+ case AUTHORIZABLES_SET:
+ return isSetAuthorizablesSet();
+ case GROUPS:
+ return isSetGroups();
+ case ROLE_SET:
+ return isSetRoleSet();
+ }
+ throw new IllegalStateException();
+ }
+
+ @Override
+ public boolean equals(Object that) {
+ if (that == null)
+ return false;
+ if (that instanceof TListSentryPrivilegesByAuthRequest)
+ return this.equals((TListSentryPrivilegesByAuthRequest)that);
+ return false;
+ }
+
+ public boolean equals(TListSentryPrivilegesByAuthRequest that) {
+ if (that == null)
+ return false;
+
+ boolean this_present_protocol_version = true;
+ boolean that_present_protocol_version = true;
+ if (this_present_protocol_version || that_present_protocol_version) {
+ if (!(this_present_protocol_version && that_present_protocol_version))
+ return false;
+ if (this.protocol_version != that.protocol_version)
+ return false;
+ }
+
+ boolean this_present_requestorUserName = true && this.isSetRequestorUserName();
+ boolean that_present_requestorUserName = true && that.isSetRequestorUserName();
+ if (this_present_requestorUserName || that_present_requestorUserName) {
+ if (!(this_present_requestorUserName && that_present_requestorUserName))
+ return false;
+ if (!this.requestorUserName.equals(that.requestorUserName))
+ return false;
+ }
+
+ boolean this_present_component = true && this.isSetComponent();
+ boolean that_present_component = true && that.isSetComponent();
+ if (this_present_component || that_present_component) {
+ if (!(this_present_component && that_present_component))
+ return false;
+ if (!this.component.equals(that.component))
+ return false;
+ }
+
+ boolean this_present_serviceName = true && this.isSetServiceName();
+ boolean that_present_serviceName = true && that.isSetServiceName();
+ if (this_present_serviceName || that_present_serviceName) {
+ if (!(this_present_serviceName && that_present_serviceName))
+ return false;
+ if (!this.serviceName.equals(that.serviceName))
+ return false;
+ }
+
+ boolean this_present_authorizablesSet = true && this.isSetAuthorizablesSet();
+ boolean that_present_authorizablesSet = true && that.isSetAuthorizablesSet();
+ if (this_present_authorizablesSet || that_present_authorizablesSet) {
+ if (!(this_present_authorizablesSet && that_present_authorizablesSet))
+ return false;
+ if (!this.authorizablesSet.equals(that.authorizablesSet))
+ return false;
+ }
+
+ boolean this_present_groups = true && this.isSetGroups();
+ boolean that_present_groups = true && that.isSetGroups();
+ if (this_present_groups || that_present_groups) {
+ if (!(this_present_groups && that_present_groups))
+ return false;
+ if (!this.groups.equals(that.groups))
+ return false;
+ }
+
+ boolean this_present_roleSet = true && this.isSetRoleSet();
+ boolean that_present_roleSet = true && that.isSetRoleSet();
+ if (this_present_roleSet || that_present_roleSet) {
+ if (!(this_present_roleSet && that_present_roleSet))
+ return false;
+ if (!this.roleSet.equals(that.roleSet))
+ return false;
+ }
+
+ return true;
+ }
+
+ @Override
+ public int hashCode() {
+ HashCodeBuilder builder = new HashCodeBuilder();
+
+ boolean present_protocol_version = true;
+ builder.append(present_protocol_version);
+ if (present_protocol_version)
+ builder.append(protocol_version);
+
+ boolean present_requestorUserName = true && (isSetRequestorUserName());
+ builder.append(present_requestorUserName);
+ if (present_requestorUserName)
+ builder.append(requestorUserName);
+
+ boolean present_component = true && (isSetComponent());
+ builder.append(present_component);
+ if (present_component)
+ builder.append(component);
+
+ boolean present_serviceName = true && (isSetServiceName());
+ builder.append(present_serviceName);
+ if (present_serviceName)
+ builder.append(serviceName);
+
+ boolean present_authorizablesSet = true && (isSetAuthorizablesSet());
+ builder.append(present_authorizablesSet);
+ if (present_authorizablesSet)
+ builder.append(authorizablesSet);
+
+ boolean present_groups = true && (isSetGroups());
+ builder.append(present_groups);
+ if (present_groups)
+ builder.append(groups);
+
+ boolean present_roleSet = true && (isSetRoleSet());
+ builder.append(present_roleSet);
+ if (present_roleSet)
+ builder.append(roleSet);
+
+ return builder.toHashCode();
+ }
+
+ public int compareTo(TListSentryPrivilegesByAuthRequest other) {
+ if (!getClass().equals(other.getClass())) {
+ return getClass().getName().compareTo(other.getClass().getName());
+ }
+
+ int lastComparison = 0;
+ TListSentryPrivilegesByAuthRequest typedOther = (TListSentryPrivilegesByAuthRequest)other;
+
+ lastComparison = Boolean.valueOf(isSetProtocol_version()).compareTo(typedOther.isSetProtocol_version());
+ if (lastComparison != 0) {
+ return lastComparison;
+ }
+ if (isSetProtocol_version()) {
+ lastComparison = org.apache.thrift.TBaseHelper.compareTo(this.protocol_version, typedOther.protocol_version);
+ if (lastComparison != 0) {
+ return lastComparison;
+ }
+ }
+ lastComparison = Boolean.valueOf(isSetRequestorUserName()).compareTo(typedOther.isSetRequestorUserName());
+ if (lastComparison != 0) {
+ return lastComparison;
+ }
+ if (isSetRequestorUserName()) {
+ lastComparison = org.apache.thrift.TBaseHelper.compareTo(this.requestorUserName, typedOther.requestorUserName);
+ if (lastComparison != 0) {
+ return lastComparison;
+ }
+ }
+ lastComparison = Boolean.valueOf(isSetComponent()).compareTo(typedOther.isSetComponent());
+ if (lastComparison != 0) {
+ return lastComparison;
+ }
+ if (isSetComponent()) {
+ lastComparison = org.apache.thrift.TBaseHelper.compareTo(this.component, typedOther.component);
+ if (lastComparison != 0) {
+ return lastComparison;
+ }
+ }
+ lastComparison = Boolean.valueOf(isSetServiceName()).compareTo(typedOther.isSetServiceName());
+ if (lastComparison != 0) {
+ return lastComparison;
+ }
+ if (isSetServiceName()) {
+ lastComparison = org.apache.thrift.TBaseHelper.compareTo(this.serviceName, typedOther.serviceName);
+ if (lastComparison != 0) {
+ return lastComparison;
+ }
+ }
+ lastComparison = Boolean.valueOf(isSetAuthorizablesSet()).compareTo(typedOther.isSetAuthorizablesSet());
+ if (lastComparison != 0) {
+ return lastComparison;
+ }
+ if (isSetAuthorizablesSet()) {
+ lastComparison = org.apache.thrift.TBaseHelper.compareTo(this.authorizablesSet, typedOther.authorizablesSet);
+ if (lastComparison != 0) {
+ return lastComparison;
+ }
+ }
+ lastComparison = Boolean.valueOf(isSetGroups()).compareTo(typedOther.isSetGroups());
+ if (lastComparison != 0) {
+ return lastComparison;
+ }
+ if (isSetGroups()) {
+ lastComparison = org.apache.thrift.TBaseHelper.compareTo(this.groups, typedOther.groups);
+ if (lastComparison != 0) {
+ return lastComparison;
+ }
+ }
+ lastComparison = Boolean.valueOf(isSetRoleSet()).compareTo(typedOther.isSetRoleSet());
+ if (lastComparison != 0) {
+ return lastComparison;
+ }
+ if (isSetRoleSet()) {
+ lastComparison = org.apache.thrift.TBaseHelper.compareTo(this.roleSet, typedOther.roleSet);
+ if (lastComparison != 0) {
+ return lastComparison;
+ }
+ }
+ return 0;
+ }
+
+ public _Fields fieldForId(int fieldId) {
+ return _Fields.findByThriftId(fieldId);
+ }
+
+ public void read(org.apache.thrift.protocol.TProtocol iprot) throws org.apache.thrift.TException {
+ schemes.get(iprot.getScheme()).getScheme().read(iprot, this);
+ }
+
+ public void write(org.apache.thrift.protocol.TProtocol oprot) throws org.apache.thrift.TException {
+ schemes.get(oprot.getScheme()).getScheme().write(oprot, this);
+ }
+
+ @Override
+ public String toString() {
+ StringBuilder sb = new StringBuilder("TListSentryPrivilegesByAuthRequest(");
+ boolean first = true;
+
+ sb.append("protocol_version:");
+ sb.append(this.protocol_version);
+ first = false;
+ if (!first) sb.append(", ");
+ sb.append("requestorUserName:");
+ if (this.requestorUserName == null) {
+ sb.append("null");
+ } else {
+ sb.append(this.requestorUserName);
+ }
+ first = false;
+ if (!first) sb.append(", ");
+ sb.append("component:");
+ if (this.component == null) {
+ sb.append("null");
+ } else {
+ sb.append(this.component);
+ }
+ first = false;
+ if (!first) sb.append(", ");
+ sb.append("serviceName:");
+ if (this.serviceName == null) {
+ sb.append("null");
+ } else {
+ sb.append(this.serviceName);
+ }
+ first = false;
+ if (!first) sb.append(", ");
+ sb.append("authorizablesSet:");
+ if (this.authorizablesSet == null) {
+ sb.append("null");
+ } else {
+ sb.append(this.authorizablesSet);
+ }
+ first = false;
+ if (isSetGroups()) {
+ if (!first) sb.append(", ");
+ sb.append("groups:");
+ if (this.groups == null) {
+ sb.append("null");
+ } else {
+ sb.append(this.groups);
+ }
+ first = false;
+ }
+ if (isSetRoleSet()) {
+ if (!first) sb.append(", ");
+ sb.append("roleSet:");
+ if (this.roleSet == null) {
+ sb.append("null");
+ } else {
+ sb.append(this.roleSet);
+ }
+ first = false;
+ }
+ sb.append(")");
+ return sb.toString();
+ }
+
+ public void validate() throws org.apache.thrift.TException {
+ // check for required fields
+ if (!isSetProtocol_version()) {
+ throw new org.apache.thrift.protocol.TProtocolException("Required field 'protocol_version' is unset! Struct:" + toString());
+ }
+
+ if (!isSetRequestorUserName()) {
+ throw new org.apache.thrift.protocol.TProtocolException("Required field 'requestorUserName' is unset! Struct:" + toString());
+ }
+
+ if (!isSetComponent()) {
+ throw new org.apache.thrift.protocol.TProtocolException("Required field 'component' is unset! Struct:" + toString());
+ }
+
+ if (!isSetServiceName()) {
+ throw new org.apache.thrift.protocol.TProtocolException("Required field 'serviceName' is unset! Struct:" + toString());
+ }
+
+ if (!isSetAuthorizablesSet()) {
+ throw new org.apache.thrift.protocol.TProtocolException("Required field 'authorizablesSet' is unset! Struct:" + toString());
+ }
+
+ // check for sub-struct validity
+ if (roleSet != null) {
+ roleSet.validate();
+ }
+ }
+
+ private void writeObject(java.io.ObjectOutputStream out) throws java.io.IOException {
+ try {
+ write(new org.apache.thrift.protocol.TCompactProtocol(new org.apache.thrift.transport.TIOStreamTransport(out)));
+ } catch (org.apache.thrift.TException te) {
+ throw new java.io.IOException(te);
+ }
+ }
+
+ private void readObject(java.io.ObjectInputStream in) throws java.io.IOException, ClassNotFoundException {
+ try {
+ // it doesn't seem like you should have to do this, but java serialization is wacky, and doesn't call the default constructor.
+ __isset_bitfield = 0;
+ read(new org.apache.thrift.protocol.TCompactProtocol(new org.apache.thrift.transport.TIOStreamTransport(in)));
+ } catch (org.apache.thrift.TException te) {
+ throw new java.io.IOException(te);
+ }
+ }
+
+ private static class TListSentryPrivilegesByAuthRequestStandardSchemeFactory implements SchemeFactory {
+ public TListSentryPrivilegesByAuthRequestStandardScheme getScheme() {
+ return new TListSentryPrivilegesByAuthRequestStandardScheme();
+ }
+ }
+
+ private static class TListSentryPrivilegesByAuthRequestStandardScheme extends StandardScheme<TListSentryPrivilegesByAuthRequest> {
+
+ public void read(org.apache.thrift.protocol.TProtocol iprot, TListSentryPrivilegesByAuthRequest struct) throws org.apache.thrift.TException {
+ org.apache.thrift.protocol.TField schemeField;
+ iprot.readStructBegin();
+ while (true)
+ {
+ schemeField = iprot.readFieldBegin();
+ if (schemeField.type == org.apache.thrift.protocol.TType.STOP) {
+ break;
+ }
+ switch (schemeField.id) {
+ case 1: // PROTOCOL_VERSION
+ if (schemeField.type == org.apache.thrift.protocol.TType.I32) {
+ struct.protocol_version = iprot.readI32();
+ struct.setProtocol_versionIsSet(true);
+ } else {
+ org.apache.thrift.protocol.TProtocolUtil.skip(iprot, schemeField.type);
+ }
+ break;
+ case 2: // REQUESTOR_USER_NAME
+ if (schemeField.type == org.apache.thrift.protocol.TType.STRING) {
+ struct.requestorUserName = iprot.readString();
+ struct.setRequestorUserNameIsSet(true);
+ } else {
+ org.apache.thrift.protocol.TProtocolUtil.skip(iprot, schemeField.type);
+ }
+ break;
+ case 3: // COMPONENT
+ if (schemeField.type == org.apache.thrift.protocol.TType.STRING) {
+ struct.component = iprot.readString();
+ struct.setComponentIsSet(true);
+ } else {
+ org.apache.thrift.protocol.TProtocolUtil.skip(iprot, schemeField.type);
+ }
+ break;
+ case 4: // SERVICE_NAME
+ if (schemeField.type == org.apache.thrift.protocol.TType.STRING) {
+ struct.serviceName = iprot.readString();
+ struct.setServiceNameIsSet(true);
+ } else {
+ org.apache.thrift.protocol.TProtocolUtil.skip(iprot, schemeField.type);
+ }
+ break;
+ case 5: // AUTHORIZABLES_SET
+ if (schemeField.type == org.apache.thrift.protocol.TType.SET) {
+ {
+ org.apache.thrift.protocol.TSet _set122 = iprot.readSetBegin();
+ struct.authorizablesSet = new HashSet<String>(2*_set122.size);
+ for (int _i123 = 0; _i123 < _set122.size; ++_i123)
+ {
+ String _elem124; // required
+ _elem124 = iprot.readString();
+ struct.authorizablesSet.add(_elem124);
+ }
+ iprot.readSetEnd();
+ }
+ struct.setAuthorizablesSetIsSet(true);
+ } else {
+ org.apache.thrift.protocol.TProtocolUtil.skip(iprot, schemeField.type);
+ }
+ break;
+ case 6: // GROUPS
+ if (schemeField.type == org.apache.thrift.protocol.TType.SET) {
+ {
+ org.apache.thrift.protocol.TSet _set125 = iprot.readSetBegin();
+ struct.groups = new HashSet<String>(2*_set125.size);
+ for (int _i126 = 0; _i126 < _set125.size; ++_i126)
+ {
+ String _elem127; // required
+ _elem127 = iprot.readString();
+ struct.groups.add(_elem127);
+ }
+ iprot.readSetEnd();
+ }
+ struct.setGroupsIsSet(true);
+ } else {
+ org.apache.thrift.protocol.TProtocolUtil.skip(iprot, schemeField.type);
+ }
+ break;
+ case 7: // ROLE_SET
+ if (schemeField.type == org.apache.thrift.protocol.TType.STRUCT) {
+ struct.roleSet = new TSentryActiveRoleSet();
+ struct.roleSet.read(iprot);
+ struct.setRoleSetIsSet(true);
+ } else {
+ org.apache.thrift.protocol.TProtocolUtil.skip(iprot, schemeField.type);
+ }
+ break;
+ default:
+ org.apache.thrift.protocol.TProtocolUtil.skip(iprot, schemeField.type);
+ }
+ iprot.readFieldEnd();
+ }
+ iprot.readStructEnd();
+ struct.validate();
+ }
+
+ public void write(org.apache.thrift.protocol.TProtocol oprot, TListSentryPrivilegesByAuthRequest struct) throws org.apache.thrift.TException {
+ struct.validate();
+
+ oprot.writeStructBegin(STRUCT_DESC);
+ oprot.writeFieldBegin(PROTOCOL_VERSION_FIELD_DESC);
+ oprot.writeI32(struct.protocol_version);
+ oprot.writeFieldEnd();
+ if (struct.requestorUserName != null) {
+ oprot.writeFieldBegin(REQUESTOR_USER_NAME_FIELD_DESC);
+ oprot.writeString(struct.requestorUserName);
+ oprot.writeFieldEnd();
+ }
+ if (struct.component != null) {
+ oprot.writeFieldBegin(COMPONENT_FIELD_DESC);
+ oprot.writeString(struct.component);
+ oprot.writeFieldEnd();
+ }
+ if (struct.serviceName != null) {
+ oprot.writeFieldBegin(SERVICE_NAME_FIELD_DESC);
+ oprot.writeString(struct.serviceName);
+ oprot.writeFieldEnd();
+ }
+ if (struct.authorizablesSet != null) {
+ oprot.writeFieldBegin(AUTHORIZABLES_SET_FIELD_DESC);
+ {
+ oprot.writeSetBegin(new org.apache.thrift.protocol.TSet(org.apache.thrift.protocol.TType.STRING, struct.authorizablesSet.size()));
+ for (String _iter128 : struct.authorizablesSet)
+ {
+ oprot.writeString(_iter128);
+ }
+ oprot.writeSetEnd();
+ }
+ oprot.writeFieldEnd();
+ }
+ if (struct.groups != null) {
+ if (struct.isSetGroups()) {
+ oprot.writeFieldBegin(GROUPS_FIELD_DESC);
+ {
+ oprot.writeSetBegin(new org.apache.thrift.protocol.TSet(org.apache.thrift.protocol.TType.STRING, struct.groups.size()));
+ for (String _iter129 : struct.groups)
+ {
+ oprot.writeString(_iter129);
+ }
+ oprot.writeSetEnd();
+ }
+ oprot.writeFieldEnd();
+ }
+ }
+ if (struct.roleSet != null) {
+ if (struct.isSetRoleSet()) {
+ oprot.writeFieldBegin(ROLE_SET_FIELD_DESC);
+ struct.roleSet.write(oprot);
+ oprot.writeFieldEnd();
+ }
+ }
+ oprot.writeFieldStop();
+ oprot.writeStructEnd();
+ }
+
+ }
+
+ private static class TListSentryPrivilegesByAuthRequestTupleSchemeFactory implements SchemeFactory {
+ public TListSentryPrivilegesByAuthRequestTupleScheme getScheme() {
+ return new TListSentryPrivilegesByAuthRequestTupleScheme();
+ }
+ }
+
+ private static class TListSentryPrivilegesByAuthRequestTupleScheme extends TupleScheme<TListSentryPrivilegesByAuthRequest> {
+
+ @Override
+ public void write(org.apache.thrift.protocol.TProtocol prot, TListSentryPrivilegesByAuthRequest struct) throws org.apache.thrift.TException {
+ TTupleProtocol oprot = (TTupleProtocol) prot;
+ oprot.writeI32(struct.protocol_version);
+ oprot.writeString(struct.requestorUserName);
+ oprot.writeString(struct.component);
+ oprot.writeString(struct.serviceName);
+ {
+ oprot.writeI32(struct.authorizablesSet.size());
+ for (String _iter130 : struct.authorizablesSet)
+ {
+ oprot.writeString(_iter130);
+ }
+ }
+ BitSet optionals = new BitSet();
+ if (struct.isSetGroups()) {
+ optionals.set(0);
+ }
+ if (struct.isSetRoleSet()) {
+ optionals.set(1);
+ }
+ oprot.writeBitSet(optionals, 2);
+ if (struct.isSetGroups()) {
+ {
+ oprot.writeI32(struct.groups.size());
+ for (String _iter131 : struct.groups)
+ {
+ oprot.writeString(_iter131);
+ }
+ }
+ }
+ if (struct.isSetRoleSet()) {
+ struct.roleSet.write(oprot);
+ }
+ }
+
+ @Override
+ public void read(org.apache.thrift.protocol.TProtocol prot, TListSentryPrivilegesByAuthRequest struct) throws org.apache.thrift.TException {
+ TTupleProtocol iprot = (TTupleProtocol) prot;
+ struct.protocol_version = iprot.readI32();
+ struct.setProtocol_versionIsSet(true);
+ struct.requestorUserName = iprot.readString();
+ struct.setRequestorUserNameIsSet(true);
+ struct.component = iprot.readString();
+ struct.setComponentIsSet(true);
+ struct.serviceName = iprot.readString();
+ struct.setServiceNameIsSet(true);
+ {
+ org.apache.thrift.protocol.TSet _set132 = new org.apache.thrift.protocol.TSet(org.apache.thrift.protocol.TType.STRING, iprot.readI32());
+ struct.authorizablesSet = new HashSet<String>(2*_set132.size);
+ for (int _i133 = 0; _i133 < _set132.size; ++_i133)
+ {
+ String _elem134; // required
+ _elem134 = iprot.readString();
+ struct.authorizablesSet.add(_elem134);
+ }
+ }
+ struct.setAuthorizablesSetIsSet(true);
+ BitSet incoming = iprot.readBitSet(2);
+ if (incoming.get(0)) {
+ {
+ org.apache.thrift.protocol.TSet _set135 = new org.apache.thrift.protocol.TSet(org.apache.thrift.protocol.TType.STRING, iprot.readI32());
+ struct.groups = new HashSet<String>(2*_set135.size);
+ for (int _i136 = 0; _i136 < _set135.size; ++_i136)
+ {
+ String _elem137; // required
+ _elem137 = iprot.readString();
+ struct.groups.add(_elem137);
+ }
+ }
+ struct.setGroupsIsSet(true);
+ }
+ if (incoming.get(1)) {
+ struct.roleSet = new TSentryActiveRoleSet();
+ struct.roleSet.read(iprot);
+ struct.setRoleSetIsSet(true);
+ }
+ }
+ }
+
+}
+
diff --git a/sentry-provider/sentry-provider-db/src/gen/thrift/gen-javabean/org/apache/sentry/provider/db/generic/service/thrift/TListSentryPrivilegesByAuthResponse.java b/sentry-provider/sentry-provider-db/src/gen/thrift/gen-javabean/org/apache/sentry/provider/db/generic/service/thrift/TListSentryPrivilegesByAuthResponse.java
new file mode 100644
index 0000000..e1b8a78
--- /dev/null
+++ b/sentry-provider/sentry-provider-db/src/gen/thrift/gen-javabean/org/apache/sentry/provider/db/generic/service/thrift/TListSentryPrivilegesByAuthResponse.java
@@ -0,0 +1,565 @@
+/**
+ * Autogenerated by Thrift Compiler (0.9.0)
+ *
+ * DO NOT EDIT UNLESS YOU ARE SURE THAT YOU KNOW WHAT YOU ARE DOING
+ * @generated
+ */
+package org.apache.sentry.provider.db.generic.service.thrift;
+
+import org.apache.commons.lang.builder.HashCodeBuilder;
+import org.apache.thrift.scheme.IScheme;
+import org.apache.thrift.scheme.SchemeFactory;
+import org.apache.thrift.scheme.StandardScheme;
+
+import org.apache.thrift.scheme.TupleScheme;
+import org.apache.thrift.protocol.TTupleProtocol;
+import org.apache.thrift.protocol.TProtocolException;
+import org.apache.thrift.EncodingUtils;
+import org.apache.thrift.TException;
+import java.util.List;
+import java.util.ArrayList;
+import java.util.Map;
+import java.util.HashMap;
+import java.util.EnumMap;
+import java.util.Set;
+import java.util.HashSet;
+import java.util.EnumSet;
+import java.util.Collections;
+import java.util.BitSet;
+import java.nio.ByteBuffer;
+import java.util.Arrays;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+public class TListSentryPrivilegesByAuthResponse implements org.apache.thrift.TBase<TListSentryPrivilegesByAuthResponse, TListSentryPrivilegesByAuthResponse._Fields>, java.io.Serializable, Cloneable {
+ private static final org.apache.thrift.protocol.TStruct STRUCT_DESC = new org.apache.thrift.protocol.TStruct("TListSentryPrivilegesByAuthResponse");
+
+ private static final org.apache.thrift.protocol.TField STATUS_FIELD_DESC = new org.apache.thrift.protocol.TField("status", org.apache.thrift.protocol.TType.STRUCT, (short)1);
+ private static final org.apache.thrift.protocol.TField PRIVILEGES_MAP_BY_AUTH_FIELD_DESC = new org.apache.thrift.protocol.TField("privilegesMapByAuth", org.apache.thrift.protocol.TType.MAP, (short)2);
+
+ private static final Map<Class<? extends IScheme>, SchemeFactory> schemes = new HashMap<Class<? extends IScheme>, SchemeFactory>();
+ static {
+ schemes.put(StandardScheme.class, new TListSentryPrivilegesByAuthResponseStandardSchemeFactory());
+ schemes.put(TupleScheme.class, new TListSentryPrivilegesByAuthResponseTupleSchemeFactory());
+ }
+
+ private org.apache.sentry.service.thrift.TSentryResponseStatus status; // required
+ private Map<String,TSentryPrivilegeMap> privilegesMapByAuth; // optional
+
+ /** The set of fields this struct contains, along with convenience methods for finding and manipulating them. */
+ public enum _Fields implements org.apache.thrift.TFieldIdEnum {
+ STATUS((short)1, "status"),
+ PRIVILEGES_MAP_BY_AUTH((short)2, "privilegesMapByAuth");
+
+ private static final Map<String, _Fields> byName = new HashMap<String, _Fields>();
+
+ static {
+ for (_Fields field : EnumSet.allOf(_Fields.class)) {
+ byName.put(field.getFieldName(), field);
+ }
+ }
+
+ /**
+ * Find the _Fields constant that matches fieldId, or null if its not found.
+ */
+ public static _Fields findByThriftId(int fieldId) {
+ switch(fieldId) {
+ case 1: // STATUS
+ return STATUS;
+ case 2: // PRIVILEGES_MAP_BY_AUTH
+ return PRIVILEGES_MAP_BY_AUTH;
+ default:
+ return null;
+ }
+ }
+
+ /**
+ * Find the _Fields constant that matches fieldId, throwing an exception
+ * if it is not found.
+ */
+ public static _Fields findByThriftIdOrThrow(int fieldId) {
+ _Fields fields = findByThriftId(fieldId);
+ if (fields == null) throw new IllegalArgumentException("Field " + fieldId + " doesn't exist!");
+ return fields;
+ }
+
+ /**
+ * Find the _Fields constant that matches name, or null if its not found.
+ */
+ public static _Fields findByName(String name) {
+ return byName.get(name);
+ }
+
+ private final short _thriftId;
+ private final String _fieldName;
+
+ _Fields(short thriftId, String fieldName) {
+ _thriftId = thriftId;
+ _fieldName = fieldName;
+ }
+
+ public short getThriftFieldId() {
+ return _thriftId;
+ }
+
+ public String getFieldName() {
+ return _fieldName;
+ }
+ }
+
+ // isset id assignments
+ private _Fields optionals[] = {_Fields.PRIVILEGES_MAP_BY_AUTH};
+ public static final Map<_Fields, org.apache.thrift.meta_data.FieldMetaData> metaDataMap;
+ static {
+ Map<_Fields, org.apache.thrift.meta_data.FieldMetaData> tmpMap = new EnumMap<_Fields, org.apache.thrift.meta_data.FieldMetaData>(_Fields.class);
+ tmpMap.put(_Fields.STATUS, new org.apache.thrift.meta_data.FieldMetaData("status", org.apache.thrift.TFieldRequirementType.REQUIRED,
+ new org.apache.thrift.meta_data.StructMetaData(org.apache.thrift.protocol.TType.STRUCT, org.apache.sentry.service.thrift.TSentryResponseStatus.class)));
+ tmpMap.put(_Fields.PRIVILEGES_MAP_BY_AUTH, new org.apache.thrift.meta_data.FieldMetaData("privilegesMapByAuth", org.apache.thrift.TFieldRequirementType.OPTIONAL,
+ new org.apache.thrift.meta_data.MapMetaData(org.apache.thrift.protocol.TType.MAP,
+ new org.apache.thrift.meta_data.FieldValueMetaData(org.apache.thrift.protocol.TType.STRING),
+ new org.apache.thrift.meta_data.StructMetaData(org.apache.thrift.protocol.TType.STRUCT, TSentryPrivilegeMap.class))));
+ metaDataMap = Collections.unmodifiableMap(tmpMap);
+ org.apache.thrift.meta_data.FieldMetaData.addStructMetaDataMap(TListSentryPrivilegesByAuthResponse.class, metaDataMap);
+ }
+
+ public TListSentryPrivilegesByAuthResponse() {
+ }
+
+ public TListSentryPrivilegesByAuthResponse(
+ org.apache.sentry.service.thrift.TSentryResponseStatus status)
+ {
+ this();
+ this.status = status;
+ }
+
+ /**
+ * Performs a deep copy on <i>other</i>.
+ */
+ public TListSentryPrivilegesByAuthResponse(TListSentryPrivilegesByAuthResponse other) {
+ if (other.isSetStatus()) {
+ this.status = new org.apache.sentry.service.thrift.TSentryResponseStatus(other.status);
+ }
+ if (other.isSetPrivilegesMapByAuth()) {
+ Map<String,TSentryPrivilegeMap> __this__privilegesMapByAuth = new HashMap<String,TSentryPrivilegeMap>();
+ for (Map.Entry<String, TSentryPrivilegeMap> other_element : other.privilegesMapByAuth.entrySet()) {
+
+ String other_element_key = other_element.getKey();
+ TSentryPrivilegeMap other_element_value = other_element.getValue();
+
+ String __this__privilegesMapByAuth_copy_key = other_element_key;
+
+ TSentryPrivilegeMap __this__privilegesMapByAuth_copy_value = new TSentryPrivilegeMap(other_element_value);
+
+ __this__privilegesMapByAuth.put(__this__privilegesMapByAuth_copy_key, __this__privilegesMapByAuth_copy_value);
+ }
+ this.privilegesMapByAuth = __this__privilegesMapByAuth;
+ }
+ }
+
+ public TListSentryPrivilegesByAuthResponse deepCopy() {
+ return new TListSentryPrivilegesByAuthResponse(this);
+ }
+
+ @Override
+ public void clear() {
+ this.status = null;
+ this.privilegesMapByAuth = null;
+ }
+
+ public org.apache.sentry.service.thrift.TSentryResponseStatus getStatus() {
+ return this.status;
+ }
+
+ public void setStatus(org.apache.sentry.service.thrift.TSentryResponseStatus status) {
+ this.status = status;
+ }
+
+ public void unsetStatus() {
+ this.status = null;
+ }
+
+ /** Returns true if field status is set (has been assigned a value) and false otherwise */
+ public boolean isSetStatus() {
+ return this.status != null;
+ }
+
+ public void setStatusIsSet(boolean value) {
+ if (!value) {
+ this.status = null;
+ }
+ }
+
+ public int getPrivilegesMapByAuthSize() {
+ return (this.privilegesMapByAuth == null) ? 0 : this.privilegesMapByAuth.size();
+ }
+
+ public void putToPrivilegesMapByAuth(String key, TSentryPrivilegeMap val) {
+ if (this.privilegesMapByAuth == null) {
+ this.privilegesMapByAuth = new HashMap<String,TSentryPrivilegeMap>();
+ }
+ this.privilegesMapByAuth.put(key, val);
+ }
+
+ public Map<String,TSentryPrivilegeMap> getPrivilegesMapByAuth() {
+ return this.privilegesMapByAuth;
+ }
+
+ public void setPrivilegesMapByAuth(Map<String,TSentryPrivilegeMap> privilegesMapByAuth) {
+ this.privilegesMapByAuth = privilegesMapByAuth;
+ }
+
+ public void unsetPrivilegesMapByAuth() {
+ this.privilegesMapByAuth = null;
+ }
+
+ /** Returns true if field privilegesMapByAuth is set (has been assigned a value) and false otherwise */
+ public boolean isSetPrivilegesMapByAuth() {
+ return this.privilegesMapByAuth != null;
+ }
+
+ public void setPrivilegesMapByAuthIsSet(boolean value) {
+ if (!value) {
+ this.privilegesMapByAuth = null;
+ }
+ }
+
+ public void setFieldValue(_Fields field, Object value) {
+ switch (field) {
+ case STATUS:
+ if (value == null) {
+ unsetStatus();
+ } else {
+ setStatus((org.apache.sentry.service.thrift.TSentryResponseStatus)value);
+ }
+ break;
+
+ case PRIVILEGES_MAP_BY_AUTH:
+ if (value == null) {
+ unsetPrivilegesMapByAuth();
+ } else {
+ setPrivilegesMapByAuth((Map<String,TSentryPrivilegeMap>)value);
+ }
+ break;
+
+ }
+ }
+
+ public Object getFieldValue(_Fields field) {
+ switch (field) {
+ case STATUS:
+ return getStatus();
+
+ case PRIVILEGES_MAP_BY_AUTH:
+ return getPrivilegesMapByAuth();
+
+ }
+ throw new IllegalStateException();
+ }
+
+ /** Returns true if field corresponding to fieldID is set (has been assigned a value) and false otherwise */
+ public boolean isSet(_Fields field) {
+ if (field == null) {
+ throw new IllegalArgumentException();
+ }
+
+ switch (field) {
+ case STATUS:
+ return isSetStatus();
+ case PRIVILEGES_MAP_BY_AUTH:
+ return isSetPrivilegesMapByAuth();
+ }
+ throw new IllegalStateException();
+ }
+
+ @Override
+ public boolean equals(Object that) {
+ if (that == null)
+ return false;
+ if (that instanceof TListSentryPrivilegesByAuthResponse)
+ return this.equals((TListSentryPrivilegesByAuthResponse)that);
+ return false;
+ }
+
+ public boolean equals(TListSentryPrivilegesByAuthResponse that) {
+ if (that == null)
+ return false;
+
+ boolean this_present_status = true && this.isSetStatus();
+ boolean that_present_status = true && that.isSetStatus();
+ if (this_present_status || that_present_status) {
+ if (!(this_present_status && that_present_status))
+ return false;
+ if (!this.status.equals(that.status))
+ return false;
+ }
+
+ boolean this_present_privilegesMapByAuth = true && this.isSetPrivilegesMapByAuth();
+ boolean that_present_privilegesMapByAuth = true && that.isSetPrivilegesMapByAuth();
+ if (this_present_privilegesMapByAuth || that_present_privilegesMapByAuth) {
+ if (!(this_present_privilegesMapByAuth && that_present_privilegesMapByAuth))
+ return false;
+ if (!this.privilegesMapByAuth.equals(that.privilegesMapByAuth))
+ return false;
+ }
+
+ return true;
+ }
+
+ @Override
+ public int hashCode() {
+ HashCodeBuilder builder = new HashCodeBuilder();
+
+ boolean present_status = true && (isSetStatus());
+ builder.append(present_status);
+ if (present_status)
+ builder.append(status);
+
+ boolean present_privilegesMapByAuth = true && (isSetPrivilegesMapByAuth());
+ builder.append(present_privilegesMapByAuth);
+ if (present_privilegesMapByAuth)
+ builder.append(privilegesMapByAuth);
+
+ return builder.toHashCode();
+ }
+
+ public int compareTo(TListSentryPrivilegesByAuthResponse other) {
+ if (!getClass().equals(other.getClass())) {
+ return getClass().getName().compareTo(other.getClass().getName());
+ }
+
+ int lastComparison = 0;
+ TListSentryPrivilegesByAuthResponse typedOther = (TListSentryPrivilegesByAuthResponse)other;
+
+ lastComparison = Boolean.valueOf(isSetStatus()).compareTo(typedOther.isSetStatus());
+ if (lastComparison != 0) {
+ return lastComparison;
+ }
+ if (isSetStatus()) {
+ lastComparison = org.apache.thrift.TBaseHelper.compareTo(this.status, typedOther.status);
+ if (lastComparison != 0) {
+ return lastComparison;
+ }
+ }
+ lastComparison = Boolean.valueOf(isSetPrivilegesMapByAuth()).compareTo(typedOther.isSetPrivilegesMapByAuth());
+ if (lastComparison != 0) {
+ return lastComparison;
+ }
+ if (isSetPrivilegesMapByAuth()) {
+ lastComparison = org.apache.thrift.TBaseHelper.compareTo(this.privilegesMapByAuth, typedOther.privilegesMapByAuth);
+ if (lastComparison != 0) {
+ return lastComparison;
+ }
+ }
+ return 0;
+ }
+
+ public _Fields fieldForId(int fieldId) {
+ return _Fields.findByThriftId(fieldId);
+ }
+
+ public void read(org.apache.thrift.protocol.TProtocol iprot) throws org.apache.thrift.TException {
+ schemes.get(iprot.getScheme()).getScheme().read(iprot, this);
+ }
+
+ public void write(org.apache.thrift.protocol.TProtocol oprot) throws org.apache.thrift.TException {
+ schemes.get(oprot.getScheme()).getScheme().write(oprot, this);
+ }
+
+ @Override
+ public String toString() {
+ StringBuilder sb = new StringBuilder("TListSentryPrivilegesByAuthResponse(");
+ boolean first = true;
+
+ sb.append("status:");
+ if (this.status == null) {
+ sb.append("null");
+ } else {
+ sb.append(this.status);
+ }
+ first = false;
+ if (isSetPrivilegesMapByAuth()) {
+ if (!first) sb.append(", ");
+ sb.append("privilegesMapByAuth:");
+ if (this.privilegesMapByAuth == null) {
+ sb.append("null");
+ } else {
+ sb.append(this.privilegesMapByAuth);
+ }
+ first = false;
+ }
+ sb.append(")");
+ return sb.toString();
+ }
+
+ public void validate() throws org.apache.thrift.TException {
+ // check for required fields
+ if (!isSetStatus()) {
+ throw new org.apache.thrift.protocol.TProtocolException("Required field 'status' is unset! Struct:" + toString());
+ }
+
+ // check for sub-struct validity
+ if (status != null) {
+ status.validate();
+ }
+ }
+
+ private void writeObject(java.io.ObjectOutputStream out) throws java.io.IOException {
+ try {
+ write(new org.apache.thrift.protocol.TCompactProtocol(new org.apache.thrift.transport.TIOStreamTransport(out)));
+ } catch (org.apache.thrift.TException te) {
+ throw new java.io.IOException(te);
+ }
+ }
+
+ private void readObject(java.io.ObjectInputStream in) throws java.io.IOException, ClassNotFoundException {
+ try {
+ read(new org.apache.thrift.protocol.TCompactProtocol(new org.apache.thrift.transport.TIOStreamTransport(in)));
+ } catch (org.apache.thrift.TException te) {
+ throw new java.io.IOException(te);
+ }
+ }
+
+ private static class TListSentryPrivilegesByAuthResponseStandardSchemeFactory implements SchemeFactory {
+ public TListSentryPrivilegesByAuthResponseStandardScheme getScheme() {
+ return new TListSentryPrivilegesByAuthResponseStandardScheme();
+ }
+ }
+
+ private static class TListSentryPrivilegesByAuthResponseStandardScheme extends StandardScheme<TListSentryPrivilegesByAuthResponse> {
+
+ public void read(org.apache.thrift.protocol.TProtocol iprot, TListSentryPrivilegesByAuthResponse struct) throws org.apache.thrift.TException {
+ org.apache.thrift.protocol.TField schemeField;
+ iprot.readStructBegin();
+ while (true)
+ {
+ schemeField = iprot.readFieldBegin();
+ if (schemeField.type == org.apache.thrift.protocol.TType.STOP) {
+ break;
+ }
+ switch (schemeField.id) {
+ case 1: // STATUS
+ if (schemeField.type == org.apache.thrift.protocol.TType.STRUCT) {
+ struct.status = new org.apache.sentry.service.thrift.TSentryResponseStatus();
+ struct.status.read(iprot);
+ struct.setStatusIsSet(true);
+ } else {
+ org.apache.thrift.protocol.TProtocolUtil.skip(iprot, schemeField.type);
+ }
+ break;
+ case 2: // PRIVILEGES_MAP_BY_AUTH
+ if (schemeField.type == org.apache.thrift.protocol.TType.MAP) {
+ {
+ org.apache.thrift.protocol.TMap _map138 = iprot.readMapBegin();
+ struct.privilegesMapByAuth = new HashMap<String,TSentryPrivilegeMap>(2*_map138.size);
+ for (int _i139 = 0; _i139 < _map138.size; ++_i139)
+ {
+ String _key140; // required
+ TSentryPrivilegeMap _val141; // required
+ _key140 = iprot.readString();
+ _val141 = new TSentryPrivilegeMap();
+ _val141.read(iprot);
+ struct.privilegesMapByAuth.put(_key140, _val141);
+ }
+ iprot.readMapEnd();
+ }
+ struct.setPrivilegesMapByAuthIsSet(true);
+ } else {
+ org.apache.thrift.protocol.TProtocolUtil.skip(iprot, schemeField.type);
+ }
+ break;
+ default:
+ org.apache.thrift.protocol.TProtocolUtil.skip(iprot, schemeField.type);
+ }
+ iprot.readFieldEnd();
+ }
+ iprot.readStructEnd();
+ struct.validate();
+ }
+
+ public void write(org.apache.thrift.protocol.TProtocol oprot, TListSentryPrivilegesByAuthResponse struct) throws org.apache.thrift.TException {
+ struct.validate();
+
+ oprot.writeStructBegin(STRUCT_DESC);
+ if (struct.status != null) {
+ oprot.writeFieldBegin(STATUS_FIELD_DESC);
+ struct.status.write(oprot);
+ oprot.writeFieldEnd();
+ }
+ if (struct.privilegesMapByAuth != null) {
+ if (struct.isSetPrivilegesMapByAuth()) {
+ oprot.writeFieldBegin(PRIVILEGES_MAP_BY_AUTH_FIELD_DESC);
+ {
+ oprot.writeMapBegin(new org.apache.thrift.protocol.TMap(org.apache.thrift.protocol.TType.STRING, org.apache.thrift.protocol.TType.STRUCT, struct.privilegesMapByAuth.size()));
+ for (Map.Entry<String, TSentryPrivilegeMap> _iter142 : struct.privilegesMapByAuth.entrySet())
+ {
+ oprot.writeString(_iter142.getKey());
+ _iter142.getValue().write(oprot);
+ }
+ oprot.writeMapEnd();
+ }
+ oprot.writeFieldEnd();
+ }
+ }
+ oprot.writeFieldStop();
+ oprot.writeStructEnd();
+ }
+
+ }
+
+ private static class TListSentryPrivilegesByAuthResponseTupleSchemeFactory implements SchemeFactory {
+ public TListSentryPrivilegesByAuthResponseTupleScheme getScheme() {
+ return new TListSentryPrivilegesByAuthResponseTupleScheme();
+ }
+ }
+
+ private static class TListSentryPrivilegesByAuthResponseTupleScheme extends TupleScheme<TListSentryPrivilegesByAuthResponse> {
+
+ @Override
+ public void write(org.apache.thrift.protocol.TProtocol prot, TListSentryPrivilegesByAuthResponse struct) throws org.apache.thrift.TException {
+ TTupleProtocol oprot = (TTupleProtocol) prot;
+ struct.status.write(oprot);
+ BitSet optionals = new BitSet();
+ if (struct.isSetPrivilegesMapByAuth()) {
+ optionals.set(0);
+ }
+ oprot.writeBitSet(optionals, 1);
+ if (struct.isSetPrivilegesMapByAuth()) {
+ {
+ oprot.writeI32(struct.privilegesMapByAuth.size());
+ for (Map.Entry<String, TSentryPrivilegeMap> _iter143 : struct.privilegesMapByAuth.entrySet())
+ {
+ oprot.writeString(_iter143.getKey());
+ _iter143.getValue().write(oprot);
+ }
+ }
+ }
+ }
+
+ @Override
+ public void read(org.apache.thrift.protocol.TProtocol prot, TListSentryPrivilegesByAuthResponse struct) throws org.apache.thrift.TException {
+ TTupleProtocol iprot = (TTupleProtocol) prot;
+ struct.status = new org.apache.sentry.service.thrift.TSentryResponseStatus();
+ struct.status.read(iprot);
+ struct.setStatusIsSet(true);
+ BitSet incoming = iprot.readBitSet(1);
+ if (incoming.get(0)) {
+ {
+ org.apache.thrift.protocol.TMap _map144 = new org.apache.thrift.protocol.TMap(org.apache.thrift.protocol.TType.STRING, org.apache.thrift.protocol.TType.STRUCT, iprot.readI32());
+ struct.privilegesMapByAuth = new HashMap<String,TSentryPrivilegeMap>(2*_map144.size);
+ for (int _i145 = 0; _i145 < _map144.size; ++_i145)
+ {
+ String _key146; // required
+ TSentryPrivilegeMap _val147; // required
+ _key146 = iprot.readString();
+ _val147 = new TSentryPrivilegeMap();
+ _val147.read(iprot);
+ struct.privilegesMapByAuth.put(_key146, _val147);
+ }
+ }
+ struct.setPrivilegesMapByAuthIsSet(true);
+ }
+ }
+ }
+
+}
+
diff --git a/sentry-provider/sentry-provider-db/src/gen/thrift/gen-javabean/org/apache/sentry/provider/db/generic/service/thrift/TSentryPrivilegeMap.java b/sentry-provider/sentry-provider-db/src/gen/thrift/gen-javabean/org/apache/sentry/provider/db/generic/service/thrift/TSentryPrivilegeMap.java
new file mode 100644
index 0000000..97b96ef
--- /dev/null
+++ b/sentry-provider/sentry-provider-db/src/gen/thrift/gen-javabean/org/apache/sentry/provider/db/generic/service/thrift/TSentryPrivilegeMap.java
@@ -0,0 +1,486 @@
+/**
+ * Autogenerated by Thrift Compiler (0.9.0)
+ *
+ * DO NOT EDIT UNLESS YOU ARE SURE THAT YOU KNOW WHAT YOU ARE DOING
+ * @generated
+ */
+package org.apache.sentry.provider.db.generic.service.thrift;
+
+import org.apache.commons.lang.builder.HashCodeBuilder;
+import org.apache.thrift.scheme.IScheme;
+import org.apache.thrift.scheme.SchemeFactory;
+import org.apache.thrift.scheme.StandardScheme;
+
+import org.apache.thrift.scheme.TupleScheme;
+import org.apache.thrift.protocol.TTupleProtocol;
+import org.apache.thrift.protocol.TProtocolException;
+import org.apache.thrift.EncodingUtils;
+import org.apache.thrift.TException;
+import java.util.List;
+import java.util.ArrayList;
+import java.util.Map;
+import java.util.HashMap;
+import java.util.EnumMap;
+import java.util.Set;
+import java.util.HashSet;
+import java.util.EnumSet;
+import java.util.Collections;
+import java.util.BitSet;
+import java.nio.ByteBuffer;
+import java.util.Arrays;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+public class TSentryPrivilegeMap implements org.apache.thrift.TBase<TSentryPrivilegeMap, TSentryPrivilegeMap._Fields>, java.io.Serializable, Cloneable {
+ private static final org.apache.thrift.protocol.TStruct STRUCT_DESC = new org.apache.thrift.protocol.TStruct("TSentryPrivilegeMap");
+
+ private static final org.apache.thrift.protocol.TField PRIVILEGE_MAP_FIELD_DESC = new org.apache.thrift.protocol.TField("privilegeMap", org.apache.thrift.protocol.TType.MAP, (short)1);
+
+ private static final Map<Class<? extends IScheme>, SchemeFactory> schemes = new HashMap<Class<? extends IScheme>, SchemeFactory>();
+ static {
+ schemes.put(StandardScheme.class, new TSentryPrivilegeMapStandardSchemeFactory());
+ schemes.put(TupleScheme.class, new TSentryPrivilegeMapTupleSchemeFactory());
+ }
+
+ private Map<String,Set<TSentryPrivilege>> privilegeMap; // required
+
+ /** The set of fields this struct contains, along with convenience methods for finding and manipulating them. */
+ public enum _Fields implements org.apache.thrift.TFieldIdEnum {
+ PRIVILEGE_MAP((short)1, "privilegeMap");
+
+ private static final Map<String, _Fields> byName = new HashMap<String, _Fields>();
+
+ static {
+ for (_Fields field : EnumSet.allOf(_Fields.class)) {
+ byName.put(field.getFieldName(), field);
+ }
+ }
+
+ /**
+ * Find the _Fields constant that matches fieldId, or null if its not found.
+ */
+ public static _Fields findByThriftId(int fieldId) {
+ switch(fieldId) {
+ case 1: // PRIVILEGE_MAP
+ return PRIVILEGE_MAP;
+ default:
+ return null;
+ }
+ }
+
+ /**
+ * Find the _Fields constant that matches fieldId, throwing an exception
+ * if it is not found.
+ */
+ public static _Fields findByThriftIdOrThrow(int fieldId) {
+ _Fields fields = findByThriftId(fieldId);
+ if (fields == null) throw new IllegalArgumentException("Field " + fieldId + " doesn't exist!");
+ return fields;
+ }
+
+ /**
+ * Find the _Fields constant that matches name, or null if its not found.
+ */
+ public static _Fields findByName(String name) {
+ return byName.get(name);
+ }
+
+ private final short _thriftId;
+ private final String _fieldName;
+
+ _Fields(short thriftId, String fieldName) {
+ _thriftId = thriftId;
+ _fieldName = fieldName;
+ }
+
+ public short getThriftFieldId() {
+ return _thriftId;
+ }
+
+ public String getFieldName() {
+ return _fieldName;
+ }
+ }
+
+ // isset id assignments
+ public static final Map<_Fields, org.apache.thrift.meta_data.FieldMetaData> metaDataMap;
+ static {
+ Map<_Fields, org.apache.thrift.meta_data.FieldMetaData> tmpMap = new EnumMap<_Fields, org.apache.thrift.meta_data.FieldMetaData>(_Fields.class);
+ tmpMap.put(_Fields.PRIVILEGE_MAP, new org.apache.thrift.meta_data.FieldMetaData("privilegeMap", org.apache.thrift.TFieldRequirementType.REQUIRED,
+ new org.apache.thrift.meta_data.MapMetaData(org.apache.thrift.protocol.TType.MAP,
+ new org.apache.thrift.meta_data.FieldValueMetaData(org.apache.thrift.protocol.TType.STRING),
+ new org.apache.thrift.meta_data.SetMetaData(org.apache.thrift.protocol.TType.SET,
+ new org.apache.thrift.meta_data.StructMetaData(org.apache.thrift.protocol.TType.STRUCT, TSentryPrivilege.class)))));
+ metaDataMap = Collections.unmodifiableMap(tmpMap);
+ org.apache.thrift.meta_data.FieldMetaData.addStructMetaDataMap(TSentryPrivilegeMap.class, metaDataMap);
+ }
+
+ public TSentryPrivilegeMap() {
+ }
+
+ public TSentryPrivilegeMap(
+ Map<String,Set<TSentryPrivilege>> privilegeMap)
+ {
+ this();
+ this.privilegeMap = privilegeMap;
+ }
+
+ /**
+ * Performs a deep copy on <i>other</i>.
+ */
+ public TSentryPrivilegeMap(TSentryPrivilegeMap other) {
+ if (other.isSetPrivilegeMap()) {
+ Map<String,Set<TSentryPrivilege>> __this__privilegeMap = new HashMap<String,Set<TSentryPrivilege>>();
+ for (Map.Entry<String, Set<TSentryPrivilege>> other_element : other.privilegeMap.entrySet()) {
+
+ String other_element_key = other_element.getKey();
+ Set<TSentryPrivilege> other_element_value = other_element.getValue();
+
+ String __this__privilegeMap_copy_key = other_element_key;
+
+ Set<TSentryPrivilege> __this__privilegeMap_copy_value = new HashSet<TSentryPrivilege>();
+ for (TSentryPrivilege other_element_value_element : other_element_value) {
+ __this__privilegeMap_copy_value.add(new TSentryPrivilege(other_element_value_element));
+ }
+
+ __this__privilegeMap.put(__this__privilegeMap_copy_key, __this__privilegeMap_copy_value);
+ }
+ this.privilegeMap = __this__privilegeMap;
+ }
+ }
+
+ public TSentryPrivilegeMap deepCopy() {
+ return new TSentryPrivilegeMap(this);
+ }
+
+ @Override
+ public void clear() {
+ this.privilegeMap = null;
+ }
+
+ public int getPrivilegeMapSize() {
+ return (this.privilegeMap == null) ? 0 : this.privilegeMap.size();
+ }
+
+ public void putToPrivilegeMap(String key, Set<TSentryPrivilege> val) {
+ if (this.privilegeMap == null) {
+ this.privilegeMap = new HashMap<String,Set<TSentryPrivilege>>();
+ }
+ this.privilegeMap.put(key, val);
+ }
+
+ public Map<String,Set<TSentryPrivilege>> getPrivilegeMap() {
+ return this.privilegeMap;
+ }
+
+ public void setPrivilegeMap(Map<String,Set<TSentryPrivilege>> privilegeMap) {
+ this.privilegeMap = privilegeMap;
+ }
+
+ public void unsetPrivilegeMap() {
+ this.privilegeMap = null;
+ }
+
+ /** Returns true if field privilegeMap is set (has been assigned a value) and false otherwise */
+ public boolean isSetPrivilegeMap() {
+ return this.privilegeMap != null;
+ }
+
+ public void setPrivilegeMapIsSet(boolean value) {
+ if (!value) {
+ this.privilegeMap = null;
+ }
+ }
+
+ public void setFieldValue(_Fields field, Object value) {
+ switch (field) {
+ case PRIVILEGE_MAP:
+ if (value == null) {
+ unsetPrivilegeMap();
+ } else {
+ setPrivilegeMap((Map<String,Set<TSentryPrivilege>>)value);
+ }
+ break;
+
+ }
+ }
+
+ public Object getFieldValue(_Fields field) {
+ switch (field) {
+ case PRIVILEGE_MAP:
+ return getPrivilegeMap();
+
+ }
+ throw new IllegalStateException();
+ }
+
+ /** Returns true if field corresponding to fieldID is set (has been assigned a value) and false otherwise */
+ public boolean isSet(_Fields field) {
+ if (field == null) {
+ throw new IllegalArgumentException();
+ }
+
+ switch (field) {
+ case PRIVILEGE_MAP:
+ return isSetPrivilegeMap();
+ }
+ throw new IllegalStateException();
+ }
+
+ @Override
+ public boolean equals(Object that) {
+ if (that == null)
+ return false;
+ if (that instanceof TSentryPrivilegeMap)
+ return this.equals((TSentryPrivilegeMap)that);
+ return false;
+ }
+
+ public boolean equals(TSentryPrivilegeMap that) {
+ if (that == null)
+ return false;
+
+ boolean this_present_privilegeMap = true && this.isSetPrivilegeMap();
+ boolean that_present_privilegeMap = true && that.isSetPrivilegeMap();
+ if (this_present_privilegeMap || that_present_privilegeMap) {
+ if (!(this_present_privilegeMap && that_present_privilegeMap))
+ return false;
+ if (!this.privilegeMap.equals(that.privilegeMap))
+ return false;
+ }
+
+ return true;
+ }
+
+ @Override
+ public int hashCode() {
+ HashCodeBuilder builder = new HashCodeBuilder();
+
+ boolean present_privilegeMap = true && (isSetPrivilegeMap());
+ builder.append(present_privilegeMap);
+ if (present_privilegeMap)
+ builder.append(privilegeMap);
+
+ return builder.toHashCode();
+ }
+
+ public int compareTo(TSentryPrivilegeMap other) {
+ if (!getClass().equals(other.getClass())) {
+ return getClass().getName().compareTo(other.getClass().getName());
+ }
+
+ int lastComparison = 0;
+ TSentryPrivilegeMap typedOther = (TSentryPrivilegeMap)other;
+
+ lastComparison = Boolean.valueOf(isSetPrivilegeMap()).compareTo(typedOther.isSetPrivilegeMap());
+ if (lastComparison != 0) {
+ return lastComparison;
+ }
+ if (isSetPrivilegeMap()) {
+ lastComparison = org.apache.thrift.TBaseHelper.compareTo(this.privilegeMap, typedOther.privilegeMap);
+ if (lastComparison != 0) {
+ return lastComparison;
+ }
+ }
+ return 0;
+ }
+
+ public _Fields fieldForId(int fieldId) {
+ return _Fields.findByThriftId(fieldId);
+ }
+
+ public void read(org.apache.thrift.protocol.TProtocol iprot) throws org.apache.thrift.TException {
+ schemes.get(iprot.getScheme()).getScheme().read(iprot, this);
+ }
+
+ public void write(org.apache.thrift.protocol.TProtocol oprot) throws org.apache.thrift.TException {
+ schemes.get(oprot.getScheme()).getScheme().write(oprot, this);
+ }
+
+ @Override
+ public String toString() {
+ StringBuilder sb = new StringBuilder("TSentryPrivilegeMap(");
+ boolean first = true;
+
+ sb.append("privilegeMap:");
+ if (this.privilegeMap == null) {
+ sb.append("null");
+ } else {
+ sb.append(this.privilegeMap);
+ }
+ first = false;
+ sb.append(")");
+ return sb.toString();
+ }
+
+ public void validate() throws org.apache.thrift.TException {
+ // check for required fields
+ if (!isSetPrivilegeMap()) {
+ throw new org.apache.thrift.protocol.TProtocolException("Required field 'privilegeMap' is unset! Struct:" + toString());
+ }
+
+ // check for sub-struct validity
+ }
+
+ private void writeObject(java.io.ObjectOutputStream out) throws java.io.IOException {
+ try {
+ write(new org.apache.thrift.protocol.TCompactProtocol(new org.apache.thrift.transport.TIOStreamTransport(out)));
+ } catch (org.apache.thrift.TException te) {
+ throw new java.io.IOException(te);
+ }
+ }
+
+ private void readObject(java.io.ObjectInputStream in) throws java.io.IOException, ClassNotFoundException {
+ try {
+ read(new org.apache.thrift.protocol.TCompactProtocol(new org.apache.thrift.transport.TIOStreamTransport(in)));
+ } catch (org.apache.thrift.TException te) {
+ throw new java.io.IOException(te);
+ }
+ }
+
+ private static class TSentryPrivilegeMapStandardSchemeFactory implements SchemeFactory {
+ public TSentryPrivilegeMapStandardScheme getScheme() {
+ return new TSentryPrivilegeMapStandardScheme();
+ }
+ }
+
+ private static class TSentryPrivilegeMapStandardScheme extends StandardScheme<TSentryPrivilegeMap> {
+
+ public void read(org.apache.thrift.protocol.TProtocol iprot, TSentryPrivilegeMap struct) throws org.apache.thrift.TException {
+ org.apache.thrift.protocol.TField schemeField;
+ iprot.readStructBegin();
+ while (true)
+ {
+ schemeField = iprot.readFieldBegin();
+ if (schemeField.type == org.apache.thrift.protocol.TType.STOP) {
+ break;
+ }
+ switch (schemeField.id) {
+ case 1: // PRIVILEGE_MAP
+ if (schemeField.type == org.apache.thrift.protocol.TType.MAP) {
+ {
+ org.apache.thrift.protocol.TMap _map104 = iprot.readMapBegin();
+ struct.privilegeMap = new HashMap<String,Set<TSentryPrivilege>>(2*_map104.size);
+ for (int _i105 = 0; _i105 < _map104.size; ++_i105)
+ {
+ String _key106; // required
+ Set<TSentryPrivilege> _val107; // required
+ _key106 = iprot.readString();
+ {
+ org.apache.thrift.protocol.TSet _set108 = iprot.readSetBegin();
+ _val107 = new HashSet<TSentryPrivilege>(2*_set108.size);
+ for (int _i109 = 0; _i109 < _set108.size; ++_i109)
+ {
+ TSentryPrivilege _elem110; // required
+ _elem110 = new TSentryPrivilege();
+ _elem110.read(iprot);
+ _val107.add(_elem110);
+ }
+ iprot.readSetEnd();
+ }
+ struct.privilegeMap.put(_key106, _val107);
+ }
+ iprot.readMapEnd();
+ }
+ struct.setPrivilegeMapIsSet(true);
+ } else {
+ org.apache.thrift.protocol.TProtocolUtil.skip(iprot, schemeField.type);
+ }
+ break;
+ default:
+ org.apache.thrift.protocol.TProtocolUtil.skip(iprot, schemeField.type);
+ }
+ iprot.readFieldEnd();
+ }
+ iprot.readStructEnd();
+ struct.validate();
+ }
+
+ public void write(org.apache.thrift.protocol.TProtocol oprot, TSentryPrivilegeMap struct) throws org.apache.thrift.TException {
+ struct.validate();
+
+ oprot.writeStructBegin(STRUCT_DESC);
+ if (struct.privilegeMap != null) {
+ oprot.writeFieldBegin(PRIVILEGE_MAP_FIELD_DESC);
+ {
+ oprot.writeMapBegin(new org.apache.thrift.protocol.TMap(org.apache.thrift.protocol.TType.STRING, org.apache.thrift.protocol.TType.SET, struct.privilegeMap.size()));
+ for (Map.Entry<String, Set<TSentryPrivilege>> _iter111 : struct.privilegeMap.entrySet())
+ {
+ oprot.writeString(_iter111.getKey());
+ {
+ oprot.writeSetBegin(new org.apache.thrift.protocol.TSet(org.apache.thrift.protocol.TType.STRUCT, _iter111.getValue().size()));
+ for (TSentryPrivilege _iter112 : _iter111.getValue())
+ {
+ _iter112.write(oprot);
+ }
+ oprot.writeSetEnd();
+ }
+ }
+ oprot.writeMapEnd();
+ }
+ oprot.writeFieldEnd();
+ }
+ oprot.writeFieldStop();
+ oprot.writeStructEnd();
+ }
+
+ }
+
+ private static class TSentryPrivilegeMapTupleSchemeFactory implements SchemeFactory {
+ public TSentryPrivilegeMapTupleScheme getScheme() {
+ return new TSentryPrivilegeMapTupleScheme();
+ }
+ }
+
+ private static class TSentryPrivilegeMapTupleScheme extends TupleScheme<TSentryPrivilegeMap> {
+
+ @Override
+ public void write(org.apache.thrift.protocol.TProtocol prot, TSentryPrivilegeMap struct) throws org.apache.thrift.TException {
+ TTupleProtocol oprot = (TTupleProtocol) prot;
+ {
+ oprot.writeI32(struct.privilegeMap.size());
+ for (Map.Entry<String, Set<TSentryPrivilege>> _iter113 : struct.privilegeMap.entrySet())
+ {
+ oprot.writeString(_iter113.getKey());
+ {
+ oprot.writeI32(_iter113.getValue().size());
+ for (TSentryPrivilege _iter114 : _iter113.getValue())
+ {
+ _iter114.write(oprot);
+ }
+ }
+ }
+ }
+ }
+
+ @Override
+ public void read(org.apache.thrift.protocol.TProtocol prot, TSentryPrivilegeMap struct) throws org.apache.thrift.TException {
+ TTupleProtocol iprot = (TTupleProtocol) prot;
+ {
+ org.apache.thrift.protocol.TMap _map115 = new org.apache.thrift.protocol.TMap(org.apache.thrift.protocol.TType.STRING, org.apache.thrift.protocol.TType.SET, iprot.readI32());
+ struct.privilegeMap = new HashMap<String,Set<TSentryPrivilege>>(2*_map115.size);
+ for (int _i116 = 0; _i116 < _map115.size; ++_i116)
+ {
+ String _key117; // required
+ Set<TSentryPrivilege> _val118; // required
+ _key117 = iprot.readString();
+ {
+ org.apache.thrift.protocol.TSet _set119 = new org.apache.thrift.protocol.TSet(org.apache.thrift.protocol.TType.STRUCT, iprot.readI32());
+ _val118 = new HashSet<TSentryPrivilege>(2*_set119.size);
+ for (int _i120 = 0; _i120 < _set119.size; ++_i120)
+ {
+ TSentryPrivilege _elem121; // required
+ _elem121 = new TSentryPrivilege();
+ _elem121.read(iprot);
+ _val118.add(_elem121);
+ }
+ }
+ struct.privilegeMap.put(_key117, _val118);
+ }
+ }
+ struct.setPrivilegeMapIsSet(true);
+ }
+ }
+
+}
+
diff --git a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/generic/service/persistent/DelegateSentryStore.java b/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/generic/service/persistent/DelegateSentryStore.java
index e1c15fa..4c5ceca 100644
--- a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/generic/service/persistent/DelegateSentryStore.java
+++ b/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/generic/service/persistent/DelegateSentryStore.java
@@ -140,6 +140,11 @@
}
@Override
+ public Set<String> getAllRoleNames() {
+ return delegate.getAllRoleNames();
+ }
+
+ @Override
public CommitContext alterRoleAddGroups(String component, String role,
Set<String> groups, String requestor) throws SentryNoSuchObjectException {
return delegate.alterSentryRoleAddGroups(requestor, role, toTSentryGroups(groups));
@@ -418,6 +423,41 @@
}
@Override
+ public Set<MSentryGMPrivilege> getPrivilegesByAuthorizable(String component, String service,
+ Set<String> validActiveRoles, List<? extends Authorizable> authorizables)
+ throws SentryUserException {
+
+ Preconditions.checkNotNull(component);
+ Preconditions.checkNotNull(service);
+
+ component = toTrimedLower(component);
+ service = toTrimedLower(service);
+
+ Set<MSentryGMPrivilege> privileges = Sets.newHashSet();
+ PersistenceManager pm = null;
+ try {
+ pm = openTransaction();
+
+ if (validActiveRoles == null || validActiveRoles.size() == 0) {
+ return privileges;
+ }
+
+ Set<MSentryRole> mRoles = Sets.newHashSet();
+ for (String role : validActiveRoles) {
+ MSentryRole mRole = getRole(role, pm);
+ if (mRole != null) {
+ mRoles.add(mRole);
+ }
+ }
+ //get the privileges
+ privileges.addAll(privilegeOperator.getPrivilegesByAuthorizable(component, service, mRoles, authorizables, pm));
+ } finally {
+ commitTransaction(pm);
+ }
+ return privileges;
+ }
+
+ @Override
public void close() {
delegate.stop();
}
diff --git a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/generic/service/persistent/PrivilegeOperatePersistence.java b/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/generic/service/persistent/PrivilegeOperatePersistence.java
index c3b0be8..21e51cd 100644
--- a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/generic/service/persistent/PrivilegeOperatePersistence.java
+++ b/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/generic/service/persistent/PrivilegeOperatePersistence.java
@@ -363,6 +363,20 @@
return privileges;
}
+ public Set<MSentryGMPrivilege> getPrivilegesByAuthorizable(String component,
+ String service, Set<MSentryRole> roles,
+ List<? extends Authorizable> authorizables, PersistenceManager pm) {
+
+ Set<MSentryGMPrivilege> privilegeGraph = Sets.newHashSet();
+
+ if (roles == null || roles.isEmpty()) {
+ return privilegeGraph;
+ }
+
+ MSentryGMPrivilege parentPrivilege = new MSentryGMPrivilege(component, service, authorizables, null, null);
+ privilegeGraph.addAll(populateIncludePrivileges(roles, parentPrivilege, pm));
+ return privilegeGraph;
+ }
public void renamePrivilege(String component, String service,
List<? extends Authorizable> oldAuthorizables, List<? extends Authorizable> newAuthorizables,
diff --git a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/generic/service/persistent/SentryStoreLayer.java b/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/generic/service/persistent/SentryStoreLayer.java
index f6d73e7..49a78ef 100644
--- a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/generic/service/persistent/SentryStoreLayer.java
+++ b/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/generic/service/persistent/SentryStoreLayer.java
@@ -24,6 +24,7 @@
import org.apache.sentry.core.common.Authorizable;
import org.apache.sentry.provider.db.SentryAlreadyExistsException;
import org.apache.sentry.provider.db.SentryNoSuchObjectException;
+import org.apache.sentry.provider.db.service.model.MSentryGMPrivilege;
import org.apache.sentry.provider.db.service.persistent.CommitContext;
/**
@@ -164,9 +165,31 @@
* @throws SentryUserException
*/
- Set<PrivilegeObject> getPrivilegesByProvider(String component, String service,Set<String> roles,
+ Set<PrivilegeObject> getPrivilegesByProvider(String component, String service, Set<String> roles,
Set<String> groups, List<? extends Authorizable> authorizables)
throws SentryUserException;
+
+ /**
+ * Get all roles name.
+ *
+ * @returns The set of roles name,
+ */
+ Set<String> getAllRoleNames();
+
+ /**
+ * Get sentry privileges based on valid active roles and the authorize objects.
+ *
+ * @param component: The request respond to which component
+ * @param service: The name of service
+ * @param validActiveRoles: The valid active roles
+ * @param authorizables: The list of authorize objects
+ * @returns The set of MSentryGMPrivilege
+ * @throws SentryUserException
+ */
+ Set<MSentryGMPrivilege> getPrivilegesByAuthorizable(String component, String service,
+ Set<String> validActiveRoles, List<? extends Authorizable> authorizables)
+ throws SentryUserException;
+
/**
* close sentryStore
*/
diff --git a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/generic/service/thrift/SentryGenericPolicyProcessor.java b/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/generic/service/thrift/SentryGenericPolicyProcessor.java
index 78d3847..d07331e 100644
--- a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/generic/service/thrift/SentryGenericPolicyProcessor.java
+++ b/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/generic/service/thrift/SentryGenericPolicyProcessor.java
@@ -23,12 +23,15 @@
import java.lang.reflect.Constructor;
import java.util.HashSet;
import java.util.List;
+import java.util.Map;
import java.util.Set;
import org.apache.hadoop.conf.Configuration;
import org.apache.sentry.SentryUserException;
import org.apache.sentry.core.common.Authorizable;
import org.apache.sentry.core.model.db.AccessConstants;
+import org.apache.sentry.policy.common.KeyValue;
+import org.apache.sentry.policy.common.PolicyConstants;
import org.apache.sentry.provider.common.AuthorizationComponent;
import org.apache.sentry.provider.db.SentryAccessDeniedException;
import org.apache.sentry.provider.db.SentryAlreadyExistsException;
@@ -40,6 +43,8 @@
import org.apache.sentry.provider.db.generic.service.persistent.SentryStoreLayer;
import org.apache.sentry.provider.db.log.entity.JsonLogEntityFactory;
import org.apache.sentry.provider.db.log.util.Constants;
+import org.apache.sentry.provider.db.service.model.MSentryGMPrivilege;
+import org.apache.sentry.provider.db.service.model.MSentryRole;
import org.apache.sentry.provider.db.service.persistent.CommitContext;
import org.apache.sentry.provider.db.service.thrift.PolicyStoreConstants;
import org.apache.sentry.provider.db.service.thrift.SentryConfigurationException;
@@ -58,6 +63,7 @@
import com.google.common.base.Strings;
import com.google.common.collect.ImmutableSet;
import com.google.common.collect.Lists;
+import com.google.common.collect.Maps;
import com.google.common.collect.Sets;
public class SentryGenericPolicyProcessor implements SentryGenericPolicyService.Iface {
@@ -70,6 +76,7 @@
private final NotificationHandlerInvoker handerInvoker;
public static final String SENTRY_GENERIC_SERVICE_NAME = "SentryGenericPolicyService";
+ private static final String ACCESS_DENIAL_MESSAGE = "Access denied to ";
public SentryGenericPolicyProcessor(Configuration conf) throws Exception {
this.store = createStore(conf);
@@ -94,7 +101,7 @@
String msg = "User: " + requestorUser + " is part of " + requestorGroups +
" which does not, intersect admin groups " + adminGroups;
LOGGER.warn(msg);
- throw new SentryAccessDeniedException("Access denied to " + requestorUser);
+ throw new SentryAccessDeniedException(ACCESS_DENIAL_MESSAGE + requestorUser);
}
}
@@ -130,8 +137,7 @@
public static SentryStoreLayer createStore(Configuration conf) throws SentryConfigurationException {
SentryStoreLayer storeLayer = null;
- String Store = conf.get(PolicyStoreConstants.SENTRY_GENERIC_POLICY_STORE,
- PolicyStoreConstants.SENTRY_GENERIC_POLICY_STORE_DEFAULT);
+ String Store = conf.get(PolicyStoreConstants.SENTRY_GENERIC_POLICY_STORE, PolicyStoreConstants.SENTRY_GENERIC_POLICY_STORE_DEFAULT);
if (Strings.isNullOrEmpty(Store)) {
throw new SentryConfigurationException("the parameter configuration for sentry.generic.policy.store can't be empty");
@@ -245,6 +251,22 @@
return tAuthorizables;
}
+ private String fromAuthorizableToStr(List<? extends Authorizable> authorizables) {
+ if (authorizables != null && !authorizables.isEmpty()) {
+ List<String> privileges = Lists.newArrayList();
+
+ for (Authorizable authorizable : authorizables) {
+
+ privileges.add(PolicyConstants.KV_JOINER.join(authorizable.getTypeName(),
+ authorizable.getName()));
+ }
+
+ return PolicyConstants.AUTHORIZABLE_JOINER.join(privileges);
+ } else {
+ return "";
+ }
+ }
+
private List<? extends Authorizable> toAuthorizables(List<TAuthorizable> tAuthorizables) {
List<Authorizable> authorizables = Lists.newArrayList();
if (tAuthorizables == null) {
@@ -265,6 +287,75 @@
return authorizables;
}
+ private List<? extends Authorizable> toAuthorizables(String privilegeStr) {
+ List<Authorizable> authorizables = Lists.newArrayList();
+ if (privilegeStr == null) {
+ return authorizables;
+ }
+
+ for (String authorizable : PolicyConstants.AUTHORIZABLE_SPLITTER.split(privilegeStr)) {
+ KeyValue tempKV = new KeyValue(authorizable);
+ final String key = tempKV.getKey();
+ final String value = tempKV.getValue();
+
+ authorizables.add(new Authorizable() {
+ @Override
+ public String getTypeName() {
+ return key;
+ }
+
+ @Override
+ public String getName() {
+ return value;
+ }
+ });
+ }
+
+ return authorizables;
+ }
+
+ // Construct the role to set of privileges mapping based on the
+ // MSentryGMPrivilege information.
+ private TSentryPrivilegeMap toTSentryPrivilegeMap(Set<MSentryGMPrivilege> mPrivileges) {
+
+ // Mapping of <Role, Set<Privilege>>.
+ Map<String, Set<TSentryPrivilege>> tPrivilegeMap = Maps.newTreeMap();
+
+ for (MSentryGMPrivilege mPrivilege : mPrivileges) {
+ for (MSentryRole role : mPrivilege.getRoles()) {
+
+ TSentryPrivilege tPrivilege = toTSentryPrivilege(mPrivilege);
+
+ if (tPrivilegeMap.containsKey(role.getRoleName())) {
+ tPrivilegeMap.get(role.getRoleName()).add(tPrivilege);
+ } else {
+ Set<TSentryPrivilege> tPrivilegeSet = Sets.newTreeSet();
+ tPrivilegeSet.add(tPrivilege);
+ tPrivilegeMap.put(role.getRoleName(), tPrivilegeSet);
+ }
+ }
+ }
+
+ return new TSentryPrivilegeMap(tPrivilegeMap);
+ }
+
+ // Construct TSentryPrivilege based on MSentryGMPrivilege information.
+ private TSentryPrivilege toTSentryPrivilege(MSentryGMPrivilege mPrivilege) {
+
+ TSentryPrivilege tPrivilege = new TSentryPrivilege(mPrivilege.getComponentName(),
+ mPrivilege.getServiceName(), fromAuthorizable(mPrivilege.getAuthorizables()), mPrivilege.getAction());
+
+ if (mPrivilege.getGrantOption() == null) {
+ tPrivilege.setGrantOption(TSentryGrantOption.UNSET);
+ } else if (mPrivilege.getGrantOption()) {
+ tPrivilege.setGrantOption(TSentryGrantOption.TRUE);
+ } else {
+ tPrivilege.setGrantOption(TSentryGrantOption.FALSE);
+ }
+
+ return tPrivilege;
+ }
+
private Set<String> buildPermissions(Set<PrivilegeObject> privileges) {
Set<String> permissions = Sets.newHashSet();
for (PrivilegeObject privilege : privileges) {
@@ -353,9 +444,7 @@
@Override
public Response<Void> handle() throws Exception {
validateClientVersion(request.getProtocol_version());
- CommitContext context = store.alterRoleGrantPrivilege(request.getComponent(), request.getRoleName(),
- toPrivilegeObject(request.getPrivilege()),
- request.getRequestorUserName());
+ CommitContext context = store.alterRoleGrantPrivilege(request.getComponent(), request.getRoleName(), toPrivilegeObject(request.getPrivilege()), request.getRequestorUserName());
return new Response<Void>(Status.OK(), context);
}
});
@@ -383,9 +472,7 @@
@Override
public Response<Void> handle() throws Exception {
validateClientVersion(request.getProtocol_version());
- CommitContext context = store.alterRoleRevokePrivilege(request.getComponent(), request.getRoleName(),
- toPrivilegeObject(request.getPrivilege()),
- request.getRequestorUserName());
+ CommitContext context = store.alterRoleRevokePrivilege(request.getComponent(), request.getRoleName(), toPrivilegeObject(request.getPrivilege()), request.getRequestorUserName());
return new Response<Void>(Status.OK(), context);
}
});
@@ -415,9 +502,7 @@
validateClientVersion(request.getProtocol_version());
authorize(request.getRequestorUserName(),
getRequestorGroups(conf, request.getRequestorUserName()));
- CommitContext context = store.alterRoleAddGroups(
- request.getComponent(), request.getRoleName(), request.getGroups(),
- request.getRequestorUserName());
+ CommitContext context = store.alterRoleAddGroups(request.getComponent(), request.getRoleName(), request.getGroups(), request.getRequestorUserName());
return new Response<Void>(Status.OK(), context);
}
});
@@ -447,9 +532,7 @@
validateClientVersion(request.getProtocol_version());
authorize(request.getRequestorUserName(),
getRequestorGroups(conf, request.getRequestorUserName()));
- CommitContext context = store.alterRoleDeleteGroups(
- request.getComponent(), request.getRoleName(), request.getGroups(),
- request.getRequestorUserName());
+ CommitContext context = store.alterRoleDeleteGroups(request.getComponent(), request.getRoleName(), request.getGroups(), request.getRequestorUserName());
return new Response<Void>(Status.OK(), context);
}
});
@@ -483,7 +566,7 @@
//Only admin users can list all roles in the system ( groupname = null)
//Non admin users are only allowed to list only groups which they belong to
if(!admin && (request.getGroupName() == null || !groups.contains(request.getGroupName()))) {
- throw new SentryAccessDeniedException("Access denied to " + request.getRequestorUserName());
+ throw new SentryAccessDeniedException(ACCESS_DENIAL_MESSAGE + request.getRequestorUserName());
}
groups.clear();
groups.add(request.getGroupName());
@@ -515,14 +598,13 @@
if (!inAdminGroups(groups)) {
Set<String> roleNamesForGroups = toTrimedLower(store.getRolesByGroups(request.getComponent(), groups));
if (!roleNamesForGroups.contains(toTrimedLower(request.getRoleName()))) {
- throw new SentryAccessDeniedException("Access denied to " + request.getRequestorUserName());
+ throw new SentryAccessDeniedException(ACCESS_DENIAL_MESSAGE + request.getRequestorUserName());
}
}
Set<PrivilegeObject> privileges = store.getPrivilegesByProvider(request.getComponent(),
request.getServiceName(),
Sets.newHashSet(request.getRoleName()),
- null,
- toAuthorizables(request.getAuthorizables()));
+ null, toAuthorizables(request.getAuthorizables()));
Set<TSentryPrivilege> tSentryPrivileges = Sets.newHashSet();
for (PrivilegeObject privilege : privileges) {
tSentryPrivileges.add(fromPrivilegeObject(privilege));
@@ -547,9 +629,9 @@
Set<String> roleNamesForGroups = store.getRolesByGroups(request.getComponent(), request.getGroups());
Set<String> rolesToQuery = request.getRoleSet().isAll() ? roleNamesForGroups : Sets.intersection(activeRoleNames, roleNamesForGroups);
Set<PrivilegeObject> privileges = store.getPrivilegesByProvider(request.getComponent(),
- request.getServiceName(),
- rolesToQuery, null,
- toAuthorizables(request.getAuthorizables()));
+ request.getServiceName(),
+ rolesToQuery, null,
+ toAuthorizables(request.getAuthorizables()));
return new Response<Set<String>>(Status.OK(), buildPermissions(privileges));
}
});
@@ -560,6 +642,97 @@
}
@Override
+ public TListSentryPrivilegesByAuthResponse list_sentry_privileges_by_authorizable(TListSentryPrivilegesByAuthRequest request) throws TException {
+
+ TListSentryPrivilegesByAuthResponse response = new TListSentryPrivilegesByAuthResponse();
+ Map<String, TSentryPrivilegeMap> authRoleMap = Maps.newHashMap();
+
+ // Group names are case sensitive.
+ Set<String> requestedGroups = request.getGroups();
+ String subject = request.getRequestorUserName();
+ TSentryActiveRoleSet activeRoleSet = request.getRoleSet();
+ Set<String> validActiveRoles = Sets.newHashSet();
+
+ try {
+ validateClientVersion(request.getProtocol_version());
+ Set<String> memberGroups = getRequestorGroups(conf, subject);
+
+ // Disallow non-admin users to lookup groups that
+ // they are not part of.
+ if(!inAdminGroups(memberGroups)) {
+
+ if (requestedGroups != null && !requestedGroups.isEmpty()) {
+ for (String requestedGroup : requestedGroups) {
+
+ // If user doesn't belong to one of the requested groups,
+ // then raise security exception.
+ if (!memberGroups.contains(requestedGroup)) {
+ throw new SentryAccessDeniedException(ACCESS_DENIAL_MESSAGE + subject);
+ }
+ }
+ } else {
+ // Non-admin's search is limited to its own groups.
+ requestedGroups = memberGroups;
+ }
+
+ // Disallow non-admin to lookup roles that they are not part of
+ if (activeRoleSet != null && !activeRoleSet.isAll()) {
+ Set<String> grantedRoles = toTrimedLower(store.getRolesByGroups(request.getComponent(), requestedGroups));
+ Set<String> activeRoleNames = toTrimedLower(activeRoleSet.getRoles());
+
+ for (String activeRole : activeRoleNames) {
+ if (!grantedRoles.contains(activeRole)) {
+ throw new SentryAccessDeniedException(ACCESS_DENIAL_MESSAGE
+ + subject);
+ }
+ }
+
+ // For non-admin, valid active roles are intersection of active roles and granted roles.
+ validActiveRoles.addAll(activeRoleSet.isAll() ? grantedRoles : Sets.intersection(activeRoleNames, grantedRoles));
+ }
+ } else {
+ Set<String> allRoles = toTrimedLower(store.getAllRoleNames());
+ Set<String> activeRoleNames = toTrimedLower(activeRoleSet.getRoles());
+
+ // For admin, if requestedGroups are empty, valid active roles are intersection of active roles and all roles.
+ // Otherwise, valid active roles are intersection of active roles and the roles of requestedGroups.
+ if (requestedGroups == null || requestedGroups.isEmpty()) {
+ validActiveRoles.addAll(activeRoleSet.isAll() ? allRoles : Sets.intersection(activeRoleNames, allRoles));
+ } else {
+ Set<String> requestedRoles = toTrimedLower(store.getRolesByGroups(request.getComponent(), requestedGroups));
+ validActiveRoles.addAll(activeRoleSet.isAll() ? allRoles : Sets.intersection(activeRoleNames, requestedRoles));
+ }
+ }
+
+ // If user is not part of any group.. return empty response
+ if (request.getAuthorizablesSet() != null) {
+ for (String authorizablesStr : request.getAuthorizablesSet()) {
+
+ List<? extends Authorizable> authorizables = toAuthorizables(authorizablesStr);
+ Set<MSentryGMPrivilege> sentryPrivileges = store.getPrivilegesByAuthorizable(request.getComponent(), request.getServiceName(), validActiveRoles, authorizables);
+ authRoleMap.put(fromAuthorizableToStr(authorizables), toTSentryPrivilegeMap(sentryPrivileges));
+ }
+ }
+
+ response.setPrivilegesMapByAuth(authRoleMap);
+ response.setStatus(Status.OK());
+ } catch (SentryAccessDeniedException e) {
+ LOGGER.error(e.getMessage(), e);
+ response.setStatus(Status.AccessDenied(e.getMessage(), e));
+ } catch (SentryThriftAPIMismatchException e) {
+ LOGGER.error(e.getMessage(), e);
+ response.setStatus(Status.THRIFT_VERSION_MISMATCH(e.getMessage(), e));
+ } catch (Exception e) {
+ String msg = "Unknown error for request: " + request + ", message: "
+ + e.getMessage();
+ LOGGER.error(msg, e);
+ response.setStatus(Status.RuntimeError(msg, e));
+ }
+
+ return response;
+ }
+
+ @Override
public TDropPrivilegesResponse drop_sentry_privilege(
final TDropPrivilegesRequest request) throws TException {
Response<Void> respose = requestHandle(new RequestHandler<Void>() {
diff --git a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/generic/service/thrift/SentryGenericServiceClientDefaultImpl.java b/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/generic/service/thrift/SentryGenericServiceClientDefaultImpl.java
index ce57513..e52b6ef 100644
--- a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/generic/service/thrift/SentryGenericServiceClientDefaultImpl.java
+++ b/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/generic/service/thrift/SentryGenericServiceClientDefaultImpl.java
@@ -20,13 +20,11 @@
import java.io.IOException;
import java.net.InetSocketAddress;
import java.security.PrivilegedExceptionAction;
-import java.util.HashSet;
-import java.util.List;
-import java.util.Map;
-import java.util.Set;
+import java.util.*;
import javax.security.auth.callback.CallbackHandler;
+import com.google.common.collect.Sets;
import org.apache.hadoop.conf.Configuration;
import static org.apache.hadoop.fs.CommonConfigurationKeysPublic.HADOOP_SECURITY_AUTHENTICATION;
import org.apache.hadoop.net.NetUtils;
@@ -539,6 +537,64 @@
}
}
+ private List<TAuthorizable> fromAuthorizable(List<? extends Authorizable> authorizables) {
+ List<TAuthorizable> tAuthorizables = Lists.newArrayList();
+ for (Authorizable authorizable : authorizables) {
+ tAuthorizables.add(new TAuthorizable(authorizable.getTypeName(), authorizable.getName()));
+ }
+ return tAuthorizables;
+ }
+
+ /**
+ * Get sentry privileges based on valid active roles and the authorize objects. Note that
+ * it is client responsibility to ensure the requestor username, etc. is not impersonated.
+ *
+ * @param component: The request respond to which component.
+ * @param serviceName: The name of service.
+ * @param requestorUserName: The requestor user name.
+ * @param authorizablesSet: The set of authorize objects. Represented as a string. e.g
+ * resourceType1=resourceName1->resourceType2=resourceName2->resourceType3=resourceName3.
+ * @param groups: The requested groups.
+ * @param roleSet: The active roles set.
+ *
+ * @returns The mapping of authorize objects and TSentryPrivilegeMap(<role, set<privileges>).
+ * @throws SentryUserException
+ */
+ public Map<String, TSentryPrivilegeMap> listPrivilegsbyAuthorizable(String component,
+ String serviceName, String requestorUserName, Set<List<? extends Authorizable>> authorizablesSet,
+ Set<String> groups, ActiveRoleSet roleSet) throws SentryUserException {
+
+ Set<List<TAuthorizable>> authSet = Sets.newHashSet();
+ for (List<? extends Authorizable> authorizables : authorizablesSet) {
+ authSet.add(fromAuthorizable(authorizables));
+ }
+
+ TListSentryPrivilegesByAuthRequest request = new TListSentryPrivilegesByAuthRequest();
+
+ request.setProtocol_version(sentry_common_serviceConstants.TSENTRY_SERVICE_V2);
+ request.setComponent(component);
+ request.setServiceName(serviceName);
+ request.setRequestorUserName(requestorUserName);
+
+ if (groups == null) {
+ request.setGroups(new HashSet<String>());
+ } else {
+ request.setGroups(groups);
+ }
+
+ if (roleSet != null) {
+ request.setRoleSet(new TSentryActiveRoleSet(roleSet.isAll(), roleSet.getRoles()));
+ }
+
+ try {
+ TListSentryPrivilegesByAuthResponse response = client.list_sentry_privileges_by_authorizable(request);
+ Status.throwIfNotOk(response.getStatus());
+ return response.getPrivilegesMapByAuth();
+ } catch (TException e) {
+ throw new SentryUserException(THRIFT_EXCEPTION_MESSAGE, e);
+ }
+ }
+
@Override
public void close() {
if (transport != null) {
diff --git a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/persistent/SentryStore.java b/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/persistent/SentryStore.java
index 521d945..6a4d50d 100644
--- a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/persistent/SentryStore.java
+++ b/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/persistent/SentryStore.java
@@ -2069,6 +2069,29 @@
}
}
+ // Get the all exist role names, will return an empty set
+ // if no role names exist.
+ public Set<String> getAllRoleNames() {
+
+ boolean rollbackTransaction = true;
+ PersistenceManager pm = null;
+
+ try {
+ pm = openTransaction();
+
+ Set<String> existRoleNames = getAllRoleNames(pm);
+
+ commitTransaction(pm);
+ rollbackTransaction = false;
+
+ return existRoleNames;
+ } finally {
+ if (rollbackTransaction) {
+ rollbackTransaction(pm);
+ }
+ }
+ }
+
// get the all exist role names
private Set<String> getAllRoleNames(PersistenceManager pm) {
Query query = pm.newQuery(MSentryRole.class);
diff --git a/sentry-provider/sentry-provider-db/src/main/resources/sentry_generic_policy_service.thrift b/sentry-provider/sentry-provider-db/src/main/resources/sentry_generic_policy_service.thrift
index 91ff672..db107bf 100644
--- a/sentry-provider/sentry-provider-db/src/main/resources/sentry_generic_policy_service.thrift
+++ b/sentry-provider/sentry-provider-db/src/main/resources/sentry_generic_policy_service.thrift
@@ -195,6 +195,7 @@
1: required bool all,
2: required set<string> roles,
}
+
struct TListSentryPrivilegesForProviderRequest {
1: required i32 protocol_version = sentry_common_service.TSENTRY_SERVICE_V2,
2: required string component, # The request is issued to which component
@@ -203,11 +204,56 @@
5: required TSentryActiveRoleSet roleSet,
6: optional list<TAuthorizable> authorizables # authorizable hierarchys
}
+
struct TListSentryPrivilegesForProviderResponse {
1: required TSentryResponseStatus status
2: required set<string> privileges
}
+# Map of role:set<privileges> for the given authorizable
+# Optionally use the set of groups to filter the roles
+struct TSentryPrivilegeMap {
+1: required map<string, set<TSentryPrivilege>> privilegeMap
+}
+
+struct TListSentryPrivilegesByAuthRequest {
+1: required i32 protocol_version = sentry_common_service.TSENTRY_SERVICE_V2,
+
+# User on whose behalf the request is issued
+2: required string requestorUserName,
+
+# The request is issued to which component
+3: required string component,
+
+# The privilege belongs to which service
+4: required string serviceName,
+
+# The authorizable hierarchys, it is represented as a string. e.g
+# resourceType1=resourceName1->resourceType2=resourceName2->resourceType3=resourceName3
+5: required set<string> authorizablesSet,
+
+# The requested groups. For admin, the requested groups can be empty, if so it is
+# treated as a wildcard query. Otherwise, it is a query on this specifc groups.
+# For non-admin user, the requested groups must be the groups they are part of.
+6: optional set<string> groups,
+
+# The active role set.
+7: optional TSentryActiveRoleSet roleSet
+}
+
+struct TListSentryPrivilegesByAuthResponse {
+1: required sentry_common_service.TSentryResponseStatus status,
+
+# Will not be set in case of an error. Otherwise it will be a
+# <Authorizables, <Role, Set<Privileges>>> mapping. For non-admin
+# requestor, the roles are intersection of active roles and granted roles.
+# For admin requestor, the roles are filtered based on the active roles
+# and requested group from TListSentryPrivilegesByAuthRequest.
+# The authorizable hierarchys is represented as a string in the form
+# of the request.
+2: optional map<string, TSentryPrivilegeMap> privilegesMapByAuth
+}
+
service SentryGenericPolicyService
{
TCreateSentryRoleResponse create_sentry_role(1:TCreateSentryRoleRequest request)
@@ -225,6 +271,8 @@
TListSentryPrivilegesForProviderResponse list_sentry_privileges_for_provider(1:TListSentryPrivilegesForProviderRequest request)
+ TListSentryPrivilegesByAuthResponse list_sentry_privileges_by_authorizable(1:TListSentryPrivilegesByAuthRequest request);
+
TDropPrivilegesResponse drop_sentry_privilege(1:TDropPrivilegesRequest request);
TRenamePrivilegesResponse rename_sentry_privilege(1:TRenamePrivilegesRequest request);
diff --git a/sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/provider/db/generic/service/persistent/TestPrivilegeOperatePersistence.java b/sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/provider/db/generic/service/persistent/TestPrivilegeOperatePersistence.java
index 189eabb..6b3a5e2 100644
--- a/sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/provider/db/generic/service/persistent/TestPrivilegeOperatePersistence.java
+++ b/sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/provider/db/generic/service/persistent/TestPrivilegeOperatePersistence.java
@@ -952,4 +952,60 @@
sentryStore.getPrivilegesByProvider(SEARCH, service1, Sets.newHashSet(roleName1,roleName2),
Sets.newHashSet(group), authorizables));
}
+
+ @Test
+ public void testGetPrivilegesByAuthorizable() throws Exception {
+ String roleName1 = "r1";
+ String roleName2 = "r2";
+ String roleName3 = "r3";
+ String grantor = ADMIN_USER;
+
+ String service1 = "service1";
+
+ PrivilegeObject queryPrivilege1 = new Builder()
+ .setComponent(SEARCH)
+ .setAction(SearchConstants.QUERY)
+ .setService(service1)
+ .setAuthorizables(Arrays.asList(new Collection(COLLECTION_NAME)))
+ .build();
+
+ PrivilegeObject updatePrivilege1 = new Builder()
+ .setComponent(SEARCH)
+ .setAction(SearchConstants.UPDATE)
+ .setService(service1)
+ .setAuthorizables(Arrays.asList(new Collection(COLLECTION_NAME), new Field(FIELD_NAME)))
+ .build();
+
+ PrivilegeObject queryPrivilege2 = new Builder()
+ .setComponent(SEARCH)
+ .setAction(SearchConstants.QUERY)
+ .setService(service1)
+ .setAuthorizables(Arrays.asList(new Collection(COLLECTION_NAME)))
+ .build();
+
+ PrivilegeObject updatePrivilege2 = new Builder()
+ .setComponent(SEARCH)
+ .setAction(SearchConstants.UPDATE)
+ .setService(service1)
+ .setAuthorizables(Arrays.asList(new Collection(COLLECTION_NAME), new Field(FIELD_NAME)))
+ .build();
+
+ sentryStore.createRole(SEARCH, roleName1, grantor);
+ sentryStore.createRole(SEARCH, roleName2, grantor);
+ sentryStore.createRole(SEARCH, roleName3, grantor);
+
+ sentryStore.alterRoleGrantPrivilege(SEARCH, roleName1, queryPrivilege1, grantor);
+ sentryStore.alterRoleGrantPrivilege(SEARCH, roleName1, updatePrivilege1, grantor);
+ sentryStore.alterRoleGrantPrivilege(SEARCH, roleName2, queryPrivilege2, grantor);
+ sentryStore.alterRoleGrantPrivilege(SEARCH, roleName3, updatePrivilege2, grantor);
+
+ assertEquals(0, sentryStore.getPrivilegesByAuthorizable(SEARCH, service1, null,
+ Arrays.asList(new Collection(COLLECTION_NAME), new Field(FIELD_NAME))).size());
+ assertEquals(2, sentryStore.getPrivilegesByAuthorizable(SEARCH, service1,
+ Sets.newHashSet(roleName1), null).size());
+ assertEquals(2, sentryStore.getPrivilegesByAuthorizable(SEARCH, service1,
+ Sets.newHashSet(roleName1,roleName2), null).size());
+ assertEquals(2, sentryStore.getPrivilegesByAuthorizable(SEARCH, service1,
+ Sets.newHashSet(roleName1,roleName2, roleName3), null).size());
+ }
}
diff --git a/sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/provider/db/generic/service/thrift/TestSentryGenericPolicyProcessor.java b/sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/provider/db/generic/service/thrift/TestSentryGenericPolicyProcessor.java
index b86c6b2..6821cf9 100644
--- a/sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/provider/db/generic/service/thrift/TestSentryGenericPolicyProcessor.java
+++ b/sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/provider/db/generic/service/thrift/TestSentryGenericPolicyProcessor.java
@@ -25,11 +25,9 @@
import static org.mockito.Mockito.mock;
import static org.mockito.Mockito.when;
-import java.util.ArrayList;
-import java.util.Arrays;
-import java.util.Set;
-import java.util.UUID;
+import java.util.*;
+import com.google.common.collect.Lists;
import org.apache.hadoop.conf.Configuration;
import org.apache.sentry.core.common.Authorizable;
import org.apache.sentry.core.model.search.Collection;
@@ -43,7 +41,8 @@
import org.apache.sentry.provider.db.generic.service.persistent.PrivilegeObject;
import org.apache.sentry.provider.db.generic.service.persistent.SentryStoreLayer;
import org.apache.sentry.provider.db.generic.service.persistent.PrivilegeObject.Builder;
-import org.apache.sentry.provider.db.generic.service.thrift.SentryGenericPolicyProcessor;
+import org.apache.sentry.provider.db.service.model.MSentryGMPrivilege;
+import org.apache.sentry.provider.db.service.model.MSentryRole;
import org.apache.sentry.provider.db.service.persistent.CommitContext;
import org.apache.sentry.provider.db.service.thrift.PolicyStoreConstants;
import org.apache.sentry.provider.db.service.thrift.SentryConfigurationException;
@@ -254,6 +253,13 @@
.setAction(SearchConstants.UPDATE)
.build();
+ MSentryGMPrivilege mSentryGMPrivilege = new MSentryGMPrivilege("SOLR", "service1",
+ Arrays.asList(new Collection("c1"), new Field("f1")),
+ SearchConstants.QUERY, true);
+
+ MSentryRole role = new MSentryRole("r1", 290);
+ mSentryGMPrivilege.setRoles(Sets.newHashSet(role));
+
when(mockStore.getRolesByGroups(anyString(), anySetOf(String.class)))
.thenReturn(Sets.newHashSet(roleName));
@@ -264,6 +270,12 @@
when(mockStore.getGroupsByRoles(anyString(), anySetOf(String.class)))
.thenReturn(Sets.newHashSet(groupName));
+ when(mockStore.getPrivilegesByAuthorizable(anyString(), anyString(), anySetOf(String.class), anyListOf(Authorizable.class)))
+ .thenReturn(Sets.newHashSet(mSentryGMPrivilege));
+
+ when(mockStore.getAllRoleNames())
+ .thenReturn(Sets.newHashSet(roleName));
+
TListSentryPrivilegesRequest request1 = new TListSentryPrivilegesRequest();
request1.setRoleName(roleName);
request1.setRequestorUserName(ADMIN_USER);
@@ -284,6 +296,18 @@
TListSentryPrivilegesForProviderResponse response3 = processor.list_sentry_privileges_for_provider(request3);
assertEquals(Status.OK, fromTSentryStatus(response3.getStatus()));
assertEquals(2, response3.getPrivileges().size());
+
+ TListSentryPrivilegesByAuthRequest request4 = new TListSentryPrivilegesByAuthRequest();
+ request4.setGroups(Sets.newHashSet(groupName));
+ request4.setRoleSet(new TSentryActiveRoleSet(true, null));
+ request4.setRequestorUserName(ADMIN_USER);
+
+ Set<String> authorizablesSet = Sets.newHashSet("Collection=c1->Field=f1");
+ request4.setAuthorizablesSet(authorizablesSet);
+
+ TListSentryPrivilegesByAuthResponse response4 = processor.list_sentry_privileges_by_authorizable(request4);
+ assertEquals(Status.OK, fromTSentryStatus(response4.getStatus()));
+ assertEquals(1, response4.getPrivilegesMapByAuth().size());
}
@Test(expected=SentryConfigurationException.class)
