sentry-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From sp...@apache.org
Subject [42/43] sentry git commit: SENTRY-2208: Refactor out Sentry service into own module from sentry-provider-db (Anthony Young-Garner, reviewed by Sergio Pena, Steve Moist, Na Li)
Date Tue, 29 May 2018 18:07:01 GMT
http://git-wip-us.apache.org/repos/asf/sentry/blob/b97f5c7a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/api/service/thrift/SentryMetrics.java
----------------------------------------------------------------------
diff --git a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/api/service/thrift/SentryMetrics.java b/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/api/service/thrift/SentryMetrics.java
deleted file mode 100644
index 80a6343..0000000
--- a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/api/service/thrift/SentryMetrics.java
+++ /dev/null
@@ -1,413 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements.  See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership.  The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License.  You may obtain a copy of the License at
- *
- *     http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package org.apache.sentry.api.service.thrift;
-
-import com.codahale.metrics.ConsoleReporter;
-import com.codahale.metrics.Counter;
-import com.codahale.metrics.Gauge;
-import com.codahale.metrics.Histogram;
-import com.codahale.metrics.JmxReporter;
-import com.codahale.metrics.Metric;
-import com.codahale.metrics.MetricRegistry;
-import com.codahale.metrics.MetricSet;
-import com.codahale.metrics.Slf4jReporter;
-import com.codahale.metrics.Timer;
-import com.codahale.metrics.json.MetricsModule;
-import com.codahale.metrics.jvm.BufferPoolMetricSet;
-import com.codahale.metrics.jvm.GarbageCollectorMetricSet;
-import com.codahale.metrics.jvm.MemoryUsageGaugeSet;
-import com.codahale.metrics.jvm.ThreadStatesGaugeSet;
-import com.fasterxml.jackson.core.JsonProcessingException;
-import com.fasterxml.jackson.databind.ObjectMapper;
-import com.google.common.util.concurrent.ThreadFactoryBuilder;
-import org.apache.hadoop.conf.Configuration;
-import org.apache.sentry.provider.db.service.persistent.SentryStore;
-import org.apache.sentry.service.thrift.SentryService;
-import org.apache.sentry.api.common.SentryServiceUtil;
-import org.slf4j.Logger;
-import org.slf4j.LoggerFactory;
-
-import java.io.BufferedWriter;
-import java.io.FileWriter;
-import java.io.IOException;
-import java.lang.management.ManagementFactory;
-import java.nio.file.Files;
-import java.nio.file.Path;
-import java.nio.file.Paths;
-import java.nio.file.StandardCopyOption;
-import java.nio.file.attribute.FileAttribute;
-import java.nio.file.attribute.PosixFilePermission;
-import java.nio.file.attribute.PosixFilePermissions;
-import java.util.HashSet;
-import java.util.Map;
-import java.util.Set;
-import java.util.concurrent.Executors;
-import java.util.concurrent.ScheduledExecutorService;
-import java.util.concurrent.TimeUnit;
-import java.util.concurrent.atomic.AtomicBoolean;
-
-import static com.codahale.metrics.MetricRegistry.name;
-import static org.apache.sentry.api.service.thrift.SentryMetricsServletContextListener.METRIC_REGISTRY;
-import static org.apache.sentry.service.common.ServiceConstants.ServerConfig;
-
-/**
- * A singleton class which holds metrics related utility functions as well as the list of metrics.
- */
-public final class SentryMetrics {
-  public enum Reporting {
-    JMX,
-    CONSOLE,
-    LOG,
-    JSON,
-  }
-
-  private static final Logger LOGGER = LoggerFactory
-          .getLogger(SentryMetrics.class);
-
-  private static SentryMetrics sentryMetrics = null;
-  private final AtomicBoolean reportingInitialized = new AtomicBoolean();
-  private boolean gaugesAdded = false;
-  private boolean sentryServiceGaugesAdded = false;
-
-  final Timer createRoleTimer = METRIC_REGISTRY.timer(
-      name(SentryPolicyStoreProcessor.class, "create-role"));
-  final Timer dropRoleTimer = METRIC_REGISTRY.timer(
-      name(SentryPolicyStoreProcessor.class, "drop-role"));
-  final Timer grantRoleTimer = METRIC_REGISTRY.timer(
-      name(SentryPolicyStoreProcessor.class, "grant-role"));
-  final Timer revokeRoleTimer = METRIC_REGISTRY.timer(
-      name(SentryPolicyStoreProcessor.class, "revoke-role"));
-  final Timer grantTimer = METRIC_REGISTRY.timer(
-      name(SentryPolicyStoreProcessor.class, "grant-privilege"));
-  final Timer revokeTimer = METRIC_REGISTRY.timer(
-      name(SentryPolicyStoreProcessor.class, "revoke-privilege"));
-
-  final Timer dropPrivilegeTimer = METRIC_REGISTRY.timer(
-      name(SentryPolicyStoreProcessor.class, "drop-privilege"));
-  final Timer renamePrivilegeTimer = METRIC_REGISTRY.timer(
-      name(SentryPolicyStoreProcessor.class, "rename-privilege"));
-
-  final Timer listRolesByGroupTimer = METRIC_REGISTRY.timer(
-      name(SentryPolicyStoreProcessor.class, "list-roles-by-group"));
-  final Timer listPrivilegesByRoleTimer = METRIC_REGISTRY.timer(
-      name(SentryPolicyStoreProcessor.class, "list-privileges-by-role"));
-  final Timer listPrivilegesForProviderTimer = METRIC_REGISTRY.timer(
-      name(SentryPolicyStoreProcessor.class, "list-privileges-for-provider"));
-  final Timer listPrivilegesByAuthorizableTimer = METRIC_REGISTRY.timer(
-      name(SentryPolicyStoreProcessor.class, "list-privileges-by-authorizable"));
-
-  /**
-   * Return a Timer with name.
-   */
-  public Timer getTimer(String name) {
-    return METRIC_REGISTRY.timer(name);
-  }
-
-  /**
-   * Return a Histogram with name.
-   */
-  public Histogram getHistogram(String name) {
-    return METRIC_REGISTRY.histogram(name);
-  }
-
-  /**
-   * Return a Counter with name.
-   */
-  public Counter getCounter(String name) {
-    return METRIC_REGISTRY.counter(name);
-  }
-
-  private SentryMetrics() {
-    registerMetricSet("gc", new GarbageCollectorMetricSet(), METRIC_REGISTRY);
-    registerMetricSet("buffers",
-            new BufferPoolMetricSet(ManagementFactory.getPlatformMBeanServer()),
-        METRIC_REGISTRY);
-    registerMetricSet("memory", new MemoryUsageGaugeSet(), METRIC_REGISTRY);
-    registerMetricSet("threads", new ThreadStatesGaugeSet(), METRIC_REGISTRY);
-  }
-
-  /**
-   * Get singleton instance.
-   */
-  public static synchronized SentryMetrics getInstance() {
-    if (sentryMetrics == null) {
-      sentryMetrics = new SentryMetrics();
-    }
-    return sentryMetrics;
-  }
-
-  void addSentryStoreGauges(SentryStore sentryStore) {
-    if (!gaugesAdded) {
-      addGauge(SentryStore.class, "role_count", sentryStore.getRoleCountGauge());
-      addGauge(SentryStore.class, "privilege_count",
-              sentryStore.getPrivilegeCountGauge());
-      addGauge(SentryStore.class, "group_count", sentryStore.getGroupCountGauge());
-      addGauge(SentryStore.class, "hms.waiters", sentryStore.getHMSWaitersCountGauge());
-      addGauge(SentryStore.class, "hms.notification.id",
-          sentryStore.getLastNotificationIdGauge());
-      addGauge(SentryStore.class, "hms.snapshot.paths.id",
-          sentryStore.getLastPathsSnapshotIdGauge());
-      addGauge(SentryStore.class, "hms.perm.change.id",
-          sentryStore.getPermChangeIdGauge());
-      addGauge(SentryStore.class, "hms.psth.change.id",
-          sentryStore.getPathChangeIdGauge());
-      gaugesAdded = true;
-    }
-  }
-
-  /**
-   * Add gauges for the SentryService class.
-   * @param sentryservice
-   */
-  public void addSentryServiceGauges(SentryService sentryservice) {
-    if (!sentryServiceGaugesAdded) {
-      addGauge(SentryService.class, "is_active", sentryservice.getIsActiveGauge());
-      addGauge(SentryService.class, "activated", sentryservice.getBecomeActiveCount());
-      sentryServiceGaugesAdded = true;
-    }
-  }
-
-  /**
-   * Initialize reporters. Only initializes once.<p>
-   *
-   * Available reporters:
-   * <ul>
-   *     <li>console</li>
-   *     <li>log</li>
-   *     <li>jmx</li>
-   * </ul>
-   *
-   * <p><For console reporter configre it to report every
-   * <em>SENTRY_REPORTER_INTERVAL_SEC</em> seconds.
-   *
-   * <p>Method is thread safe.
-   */
-  @SuppressWarnings("squid:S2095")
-  void initReporting(Configuration conf) {
-    final String reporter = conf.get(ServerConfig.SENTRY_REPORTER);
-    if ((reporter == null) || reporter.isEmpty() || reportingInitialized.getAndSet(true)) {
-      // Nothing to do, just return
-      return;
-    }
-
-    final int reportInterval =
-            conf.getInt(ServerConfig.SENTRY_REPORTER_INTERVAL_SEC,
-                    ServerConfig.SENTRY_REPORTER_INTERVAL_DEFAULT);
-
-    // Get list of configured reporters
-    Set<String> reporters = new HashSet<>();
-    for (String r: reporter.split(",")) {
-      reporters.add(r.trim().toUpperCase());
-    }
-
-    // In case there are no reporters, configure JSON reporter
-    if (reporters.isEmpty()) {
-      reporters.add(Reporting.JSON.toString());
-    }
-
-    // Configure all reporters
-    for (String r: reporters) {
-      switch (SentryMetrics.Reporting.valueOf(r)) {
-        case CONSOLE:
-          LOGGER.info("Enabled console metrics reporter with {} seconds interval",
-                  reportInterval);
-          final ConsoleReporter consoleReporter =
-                  ConsoleReporter.forRegistry(METRIC_REGISTRY)
-                          .convertRatesTo(TimeUnit.SECONDS)
-                          .convertDurationsTo(TimeUnit.MILLISECONDS)
-                          .build();
-          consoleReporter.start(reportInterval, TimeUnit.SECONDS);
-          break;
-        case JMX:
-          LOGGER.info("Enabled JMX metrics reporter");
-          final JmxReporter jmxReporter = JmxReporter.forRegistry(METRIC_REGISTRY)
-                  .convertRatesTo(TimeUnit.SECONDS)
-                  .convertDurationsTo(TimeUnit.MILLISECONDS)
-                  .build();
-          jmxReporter.start();
-          break;
-        case LOG:
-          LOGGER.info("Enabled Log4J metrics reporter with {} seconds interval",
-                  reportInterval);
-          final Slf4jReporter logReporter = Slf4jReporter.forRegistry(METRIC_REGISTRY)
-                  .outputTo(LOGGER)
-                  .convertRatesTo(TimeUnit.SECONDS)
-                  .convertDurationsTo(TimeUnit.MILLISECONDS)
-                  .build();
-          logReporter.start(reportInterval, TimeUnit.SECONDS);
-          break;
-        case JSON:
-          LOGGER.info("Enabled JSON metrics reporter with {} seconds interval", reportInterval);
-          JsonFileReporter jsonReporter = new JsonFileReporter(conf,
-                  reportInterval, TimeUnit.SECONDS);
-          jsonReporter.start();
-          break;
-        default:
-          LOGGER.warn("Invalid metrics reporter {}", reporter);
-          break;
-      }
-    }
-  }
-
-  private <T, V> void addGauge(Class<T> tClass, String gaugeName, Gauge<V> gauge) {
-    METRIC_REGISTRY.register(
-        name(tClass, gaugeName), gauge);
-  }
-
-  private void registerMetricSet(String prefix, MetricSet metricSet, MetricRegistry registry) {
-    for (Map.Entry<String, Metric> entry : metricSet.getMetrics().entrySet()) {
-      if (entry.getValue() instanceof MetricSet) {
-        registerMetricSet(prefix + "." + entry.getKey(), (MetricSet) entry.getValue(), registry);
-      } else {
-        registry.register(prefix + "." + entry.getKey(), entry.getValue());
-      }
-    }
-  }
-
-  /**
-   * Custom reporter that writes metrics as a JSON file.
-   * This class originated from Apache Hive JSON reporter.
-   */
-  private static class JsonFileReporter implements AutoCloseable, Runnable {
-    //
-    // Implementation notes.
-    //
-    // 1. Since only local file systems are supported, there is no need to use Hadoop
-    //    version of Path class.
-    // 2. java.nio package provides modern implementation of file and directory operations
-    //    which is better then the traditional java.io, so we are using it here.
-    //    In particular, it supports atomic creation of temporary files with specified
-    //    permissions in the specified directory. This also avoids various attacks possible
-    //    when temp file name is generated first, followed by file creation.
-    //    See http://www.oracle.com/technetwork/articles/javase/nio-139333.html for
-    //    the description of NIO API and
-    //    http://docs.oracle.com/javase/tutorial/essential/io/legacy.html for the
-    //    description of interoperability between legacy IO api vs NIO API.
-    // 3. To avoid race conditions with readers of the metrics file, the implementation
-    //    dumps metrics to a temporary file in the same directory as the actual metrics
-    //    file and then renames it to the destination. Since both are located on the same
-    //    filesystem, this rename is likely to be atomic (as long as the underlying OS
-    //    support atomic renames.
-    //
-
-    // Permissions for the metrics file
-    private static final FileAttribute<Set<PosixFilePermission>> FILE_ATTRS =
-            PosixFilePermissions.asFileAttribute(PosixFilePermissions.fromString("rw-r--r--"));
-    private static final String JSON_REPORTER_THREAD_NAME = "json-reporter";
-
-    private ScheduledExecutorService executor = null;
-    private final ObjectMapper jsonMapper =
-            new ObjectMapper().registerModule(new MetricsModule(TimeUnit.SECONDS,
-                    TimeUnit.MILLISECONDS,
-                    false));
-    private final Configuration conf;
-    /** Destination file name. */
-    // Location of JSON file
-    private final Path path;
-    // tmpdir is the dirname(path)
-    private final Path tmpDir;
-    private final long interval;
-    private final TimeUnit unit;
-
-    JsonFileReporter(Configuration conf, long interval, TimeUnit unit) {
-      this.conf = conf;
-      String pathString = conf.get(ServerConfig.SENTRY_JSON_REPORTER_FILE,
-              ServerConfig.SENTRY_JSON_REPORTER_FILE_DEFAULT);
-      path = Paths.get(pathString).toAbsolutePath();
-      LOGGER.info("Reporting metrics to {}", path);
-      // We want to use tmpDir i the same directory as the destination file to support atomic
-      // move of temp file to the destination metrics file
-      tmpDir = path.getParent();
-      this.interval = interval;
-      this.unit = unit;
-    }
-
-    private void start() {
-      executor = Executors.newScheduledThreadPool(1,
-              new ThreadFactoryBuilder().setNameFormat(JSON_REPORTER_THREAD_NAME).build());
-      executor.scheduleAtFixedRate(this, 0, interval, unit);
-    }
-
-    @Override
-    public void run() {
-      Path tmpFile = null;
-      try {
-        String json = null;
-        try {
-          json = jsonMapper.writerWithDefaultPrettyPrinter().writeValueAsString(METRIC_REGISTRY);
-        } catch (JsonProcessingException e) {
-          LOGGER.error("Error converting metrics to JSON", e);
-          return;
-        }
-        // Metrics are first dumped to a temp file which is then renamed to the destination
-        try {
-          tmpFile = Files.createTempFile(tmpDir, "smetrics", "json", FILE_ATTRS);
-        } catch (IOException e) {
-          LOGGER.error("failed to create temp file for JSON metrics", e);
-          return;
-        } catch (SecurityException e) {
-          // This shouldn't ever happen
-          LOGGER.error("failed to create temp file for JSON metrics: no permissions", e);
-          return;
-        } catch (UnsupportedOperationException e) {
-          // This shouldn't ever happen
-          LOGGER.error("failed to create temp file for JSON metrics: operartion not supported", e);
-          return;
-        }
-
-        try (BufferedWriter bw = new BufferedWriter(new FileWriter(tmpFile.toFile()))) {
-          bw.write(json);
-        }
-
-        // Move temp file to the destination file
-        try {
-          Files.move(tmpFile, path, StandardCopyOption.ATOMIC_MOVE);
-        } catch (Exception e) {
-          LOGGER.error("Failed to move temp metrics file to {}: {}", path, e.getMessage());
-        }
-      } catch (Throwable t) {
-        // catch all errors (throwable and execptions to prevent subsequent tasks from being suppressed)
-        LOGGER.error("Error executing scheduled task ", t);
-      } finally {
-        // If something happened and we were not able to rename the temp file, attempt to remove it
-        if (tmpFile != null && tmpFile.toFile().exists()) {
-          // Attempt to delete temp file, if this fails, not much can be done about it.
-          try {
-            Files.delete(tmpFile);
-          } catch (Exception e) {
-            LOGGER.error("failed to delete yemporary metrics file {}", tmpFile, e);
-          }
-        }
-      }
-    }
-
-    @Override
-    public void close() {
-      if (executor != null) {
-        SentryServiceUtil.shutdownAndAwaitTermination(executor,
-                JSON_REPORTER_THREAD_NAME, 1, TimeUnit.MINUTES, LOGGER);
-        executor = null;
-      }
-      try {
-        Files.delete(path);
-      } catch (IOException e) {
-        LOGGER.error("Unable to delete {}", path, e);
-      }
-    }
-  }
-}

http://git-wip-us.apache.org/repos/asf/sentry/blob/b97f5c7a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/api/service/thrift/SentryMetricsServletContextListener.java
----------------------------------------------------------------------
diff --git a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/api/service/thrift/SentryMetricsServletContextListener.java b/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/api/service/thrift/SentryMetricsServletContextListener.java
deleted file mode 100644
index 253e54f..0000000
--- a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/api/service/thrift/SentryMetricsServletContextListener.java
+++ /dev/null
@@ -1,32 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements.  See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership.  The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License.  You may obtain a copy of the License at
- *
- *     http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package org.apache.sentry.api.service.thrift;
-
-import com.codahale.metrics.MetricRegistry;
-import com.codahale.metrics.servlets.MetricsServlet;
-
-public class SentryMetricsServletContextListener extends MetricsServlet.ContextListener {
-
-  public static final MetricRegistry METRIC_REGISTRY = new MetricRegistry();
-
-  @Override
-  protected MetricRegistry getMetricRegistry() {
-    return METRIC_REGISTRY;
-  }
-
-}

http://git-wip-us.apache.org/repos/asf/sentry/blob/b97f5c7a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/api/service/thrift/SentryPolicyStoreProcessor.java
----------------------------------------------------------------------
diff --git a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/api/service/thrift/SentryPolicyStoreProcessor.java b/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/api/service/thrift/SentryPolicyStoreProcessor.java
deleted file mode 100644
index c23683f..0000000
--- a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/api/service/thrift/SentryPolicyStoreProcessor.java
+++ /dev/null
@@ -1,1239 +0,0 @@
-/*
- *
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements.  See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership.  The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License.  You may obtain a copy of the License at
- *
- *      http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-package org.apache.sentry.api.service.thrift;
-
-import java.lang.reflect.Constructor;
-import java.lang.reflect.InvocationTargetException;
-import java.util.HashMap;
-import java.util.HashSet;
-import java.util.LinkedList;
-import java.util.List;
-import java.util.Map;
-import java.util.Set;
-import java.util.concurrent.TimeoutException;
-import java.util.regex.Pattern;
-
-import org.apache.commons.lang.StringUtils;
-import org.apache.hadoop.conf.Configuration;
-import org.apache.sentry.api.common.ThriftConstants;
-import org.apache.sentry.core.common.exception.SentryUserException;
-import org.apache.sentry.core.common.exception.SentrySiteConfigurationException;
-import org.apache.sentry.core.model.db.AccessConstants;
-import org.apache.sentry.provider.common.GroupMappingService;
-import org.apache.sentry.core.common.utils.PolicyFileConstants;
-import org.apache.sentry.core.common.exception.SentryGroupNotFoundException;
-import org.apache.sentry.core.common.exception.SentryAccessDeniedException;
-import org.apache.sentry.core.common.exception.SentryAlreadyExistsException;
-import org.apache.sentry.core.common.exception.SentryInvalidInputException;
-import org.apache.sentry.core.common.exception.SentryNoSuchObjectException;
-import org.apache.sentry.provider.db.SentryPolicyStorePlugin;
-import org.apache.sentry.provider.db.SentryPolicyStorePlugin.SentryPluginException;
-import org.apache.sentry.core.common.exception.SentryThriftAPIMismatchException;
-import org.apache.sentry.provider.db.log.entity.JsonLogEntity;
-import org.apache.sentry.provider.db.log.entity.JsonLogEntityFactory;
-import org.apache.sentry.provider.db.log.util.Constants;
-import org.apache.sentry.provider.db.service.persistent.SentryStore;
-import org.apache.sentry.core.common.utils.PolicyStoreConstants.PolicyStoreServerConfig;
-import org.apache.sentry.api.service.thrift.validator.GrantPrivilegeRequestValidator;
-import org.apache.sentry.api.service.thrift.validator.RevokePrivilegeRequestValidator;
-import org.apache.sentry.api.common.SentryServiceUtil;
-import org.apache.sentry.service.common.ServiceConstants.ConfUtilties;
-import org.apache.sentry.service.common.ServiceConstants.SentryEntityType;
-import org.apache.sentry.service.common.ServiceConstants.ServerConfig;
-import org.apache.sentry.api.common.Status;
-import org.apache.sentry.service.thrift.TSentryResponseStatus;
-import org.apache.thrift.TException;
-import org.apache.log4j.Logger;
-
-import com.codahale.metrics.Timer;
-import static com.codahale.metrics.MetricRegistry.name;
-
-import com.google.common.annotations.VisibleForTesting;
-import com.google.common.base.Preconditions;
-import com.google.common.base.Splitter;
-import com.google.common.collect.ImmutableSet;
-import com.google.common.collect.Lists;
-import com.google.common.collect.Maps;
-import com.google.common.collect.Sets;
-
-import static org.apache.sentry.hdfs.Updateable.Update;
-
-@SuppressWarnings("unused")
-public class SentryPolicyStoreProcessor implements SentryPolicyService.Iface {
-  private static final Logger LOGGER = Logger.getLogger(SentryPolicyStoreProcessor.class);
-  private static final Logger AUDIT_LOGGER = Logger.getLogger(Constants.AUDIT_LOGGER_NAME);
-
-  private final String name;
-  private final Configuration conf;
-  private final SentryStore sentryStore;
-  private final NotificationHandlerInvoker notificationHandlerInvoker;
-  private final ImmutableSet<String> adminGroups;
-  private SentryMetrics sentryMetrics;
-  private final Timer hmsWaitTimer =
-          SentryMetrics.getInstance().
-                  getTimer(name(SentryPolicyStoreProcessor.class, "hms", "wait"));
-
-  private List<SentryPolicyStorePlugin> sentryPlugins = new LinkedList<SentryPolicyStorePlugin>();
-
-  SentryPolicyStoreProcessor(String name,
-        Configuration conf, SentryStore store) throws Exception {
-    super();
-    this.name = name;
-    this.conf = conf;
-    this.sentryStore = store;
-    this.notificationHandlerInvoker = new NotificationHandlerInvoker(conf,
-        createHandlers(conf));
-    adminGroups = ImmutableSet.copyOf(toTrimedLower(Sets.newHashSet(conf.getStrings(
-        ServerConfig.ADMIN_GROUPS, new String[]{}))));
-    Iterable<String> pluginClasses = ConfUtilties.CLASS_SPLITTER
-        .split(conf.get(ServerConfig.SENTRY_POLICY_STORE_PLUGINS,
-            ServerConfig.SENTRY_POLICY_STORE_PLUGINS_DEFAULT).trim());
-    for (String pluginClassStr : pluginClasses) {
-      Class<?> clazz = conf.getClassByName(pluginClassStr);
-      if (!SentryPolicyStorePlugin.class.isAssignableFrom(clazz)) {
-        throw new IllegalArgumentException("Sentry Plugin ["
-            + pluginClassStr + "] is not a "
-            + SentryPolicyStorePlugin.class.getName());
-      }
-      SentryPolicyStorePlugin plugin = (SentryPolicyStorePlugin)clazz.newInstance();
-      plugin.initialize(conf, sentryStore);
-      sentryPlugins.add(plugin);
-    }
-    initMetrics();
-  }
-
-  private void initMetrics() {
-    sentryMetrics = SentryMetrics.getInstance();
-    sentryMetrics.addSentryStoreGauges(sentryStore);
-    sentryMetrics.initReporting(conf);
-  }
-
-  public void stop() {
-    sentryStore.stop();
-  }
-
-  public void registerPlugin(SentryPolicyStorePlugin plugin) throws SentryPluginException {
-    plugin.initialize(conf, sentryStore);
-    sentryPlugins.add(plugin);
-  }
-
-  @VisibleForTesting
-  static List<NotificationHandler> createHandlers(Configuration conf)
-  throws SentrySiteConfigurationException {
-    List<NotificationHandler> handlers = Lists.newArrayList();
-    Iterable<String> notificationHandlers = Splitter.onPattern("[\\s,]").trimResults()
-                                            .omitEmptyStrings().split(conf.get(PolicyStoreServerConfig.NOTIFICATION_HANDLERS, ""));
-    for (String notificationHandler : notificationHandlers) {
-      Class<?> clazz = null;
-      try {
-        clazz = Class.forName(notificationHandler);
-        if (!NotificationHandler.class.isAssignableFrom(clazz)) {
-          throw new SentrySiteConfigurationException("Class " + notificationHandler + " is not a " +
-                                                 NotificationHandler.class.getName());
-        }
-      } catch (ClassNotFoundException e) {
-        throw new SentrySiteConfigurationException("Value " + notificationHandler +
-                                               " is not a class", e);
-      }
-      Preconditions.checkNotNull(clazz, "Error class cannot be null");
-      try {
-        Constructor<?> constructor = clazz.getConstructor(Configuration.class);
-        handlers.add((NotificationHandler)constructor.newInstance(conf));
-      } catch (Exception e) {
-        throw new SentrySiteConfigurationException("Error attempting to create " + notificationHandler, e);
-      }
-    }
-    return handlers;
-  }
-
-  @VisibleForTesting
-  public Configuration getSentryStoreConf() {
-    return conf;
-  }
-
-  private static Set<String> toTrimedLower(Set<String> s) {
-    Set<String> result = Sets.newHashSet();
-    for (String v : s) {
-      result.add(v.trim().toLowerCase());
-    }
-    return result;
-  }
-
-  private boolean inAdminGroups(Set<String> requestorGroups) {
-    Set<String> trimmedRequestorGroups = toTrimedLower(requestorGroups);
-    return !Sets.intersection(adminGroups, trimmedRequestorGroups).isEmpty();
-  }
-  
-  private void authorize(String requestorUser, Set<String> requestorGroups)
-  throws SentryAccessDeniedException {
-    if (!inAdminGroups(requestorGroups)) {
-      String msg = "User: " + requestorUser + " is part of " + requestorGroups +
-          " which does not, intersect admin groups " + adminGroups;
-      LOGGER.warn(msg);
-      throw new SentryAccessDeniedException("Access denied to " + requestorUser);
-    }
-  }
-
-  @Override
-  public TCreateSentryRoleResponse create_sentry_role(
-    TCreateSentryRoleRequest request) throws TException {
-    final Timer.Context timerContext = sentryMetrics.createRoleTimer.time();
-    TCreateSentryRoleResponse response = new TCreateSentryRoleResponse();
-    try {
-      validateClientVersion(request.getProtocol_version());
-      authorize(request.getRequestorUserName(),
-          getRequestorGroups(request.getRequestorUserName()));
-      sentryStore.createSentryRole(request.getRoleName());
-      response.setStatus(Status.OK());
-      notificationHandlerInvoker.create_sentry_role(request, response);
-    } catch (SentryAlreadyExistsException e) {
-      String msg = "Role: " + request + " already exists.";
-      LOGGER.error(msg, e);
-      response.setStatus(Status.AlreadyExists(e.getMessage(), e));
-    } catch (SentryAccessDeniedException e) {
-      LOGGER.error(e.getMessage(), e);
-      response.setStatus(Status.AccessDenied(e.getMessage(), e));
-    } catch (SentryGroupNotFoundException e) {
-      LOGGER.error(e.getMessage(), e);
-      response.setStatus(Status.AccessDenied(e.getMessage(), e));
-    } catch (SentryThriftAPIMismatchException e) {
-      LOGGER.error(e.getMessage(), e);
-      response.setStatus(Status.THRIFT_VERSION_MISMATCH(e.getMessage(), e));
-    } catch (Exception e) {
-      String msg = "Unknown error for request: " + request + ", message: " + e.getMessage();
-      LOGGER.error(msg, e);
-      response.setStatus(Status.RuntimeError(msg, e));
-    } finally {
-      timerContext.stop();
-    }
-
-    try {
-      AUDIT_LOGGER.info(JsonLogEntityFactory.getInstance()
-          .createJsonLogEntity(request, response, conf).toJsonFormatLog());
-    } catch (Exception e) {
-      // if any exception, log the exception.
-      String msg = "Error creating audit log for create role: " + e.getMessage();
-      LOGGER.error(msg, e);
-    }
-    return response;
-  }
-
-  @Override
-  public TAlterSentryRoleGrantPrivilegeResponse alter_sentry_role_grant_privilege
-  (TAlterSentryRoleGrantPrivilegeRequest request) throws TException {
-    final Timer.Context timerContext = sentryMetrics.grantTimer.time();
-    TAlterSentryRoleGrantPrivilegeResponse response = new TAlterSentryRoleGrantPrivilegeResponse();
-    try {
-      validateClientVersion(request.getProtocol_version());
-      // There should only one field be set
-      if ( !(request.isSetPrivileges()^request.isSetPrivilege()) ) {
-        throw new SentryUserException("SENTRY API version is not right!");
-      }
-      // Maintain compatibility for old API: Set privilege field to privileges field
-      if (request.isSetPrivilege()) {
-        request.setPrivileges(Sets.newHashSet(request.getPrivilege()));
-      }
-      // TODO: now only has SentryPlugin. Once add more SentryPolicyStorePlugins,
-      // TODO: need to differentiate the updates for different Plugins.
-      Preconditions.checkState(sentryPlugins.size() <= 1);
-      Map<TSentryPrivilege, Update> privilegesUpdateMap = new HashMap<>();
-      for (SentryPolicyStorePlugin plugin : sentryPlugins) {
-        plugin.onAlterSentryRoleGrantPrivilege(request, privilegesUpdateMap);
-      }
-
-      if (!privilegesUpdateMap.isEmpty()) {
-        sentryStore.alterSentryRoleGrantPrivileges(request.getRequestorUserName(),
-            request.getRoleName(), request.getPrivileges(), privilegesUpdateMap);
-      } else {
-        sentryStore.alterSentryRoleGrantPrivileges(request.getRequestorUserName(),
-            request.getRoleName(), request.getPrivileges());
-      }
-      GrantPrivilegeRequestValidator.validate(request);
-      response.setStatus(Status.OK());
-      response.setPrivileges(request.getPrivileges());
-      // Maintain compatibility for old API: Set privilege field to response
-      if (response.isSetPrivileges() && response.getPrivileges().size() == 1) {
-        response.setPrivilege(response.getPrivileges().iterator().next());
-      }
-      notificationHandlerInvoker.alter_sentry_role_grant_privilege(request,
-              response);
-    } catch (SentryNoSuchObjectException e) {
-      String msg = "Role: " + request.getRoleName() + " doesn't exist";
-      LOGGER.error(msg, e);
-      response.setStatus(Status.NoSuchObject(msg, e));
-    } catch (SentryInvalidInputException e) {
-      LOGGER.error(e.getMessage(), e);
-      response.setStatus(Status.InvalidInput(e.getMessage(), e));
-    } catch (SentryAccessDeniedException e) {
-      LOGGER.error(e.getMessage(), e);
-      response.setStatus(Status.AccessDenied(e.getMessage(), e));
-    } catch (SentryGroupNotFoundException e) {
-      LOGGER.error(e.getMessage(), e);
-      response.setStatus(Status.AccessDenied(e.getMessage(), e));
-    } catch (SentryThriftAPIMismatchException e) {
-      LOGGER.error(e.getMessage(), e);
-      response.setStatus(Status.THRIFT_VERSION_MISMATCH(e.getMessage(), e));
-    } catch (Exception e) {
-      String msg = "Unknown error for request: " + request + ", message: " + e.getMessage();
-      LOGGER.error(msg, e);
-      response.setStatus(Status.RuntimeError(msg, e));
-    } finally {
-      timerContext.stop();
-    }
-
-    try {
-      Set<JsonLogEntity> jsonLogEntitys = JsonLogEntityFactory.getInstance().createJsonLogEntitys(
-          request, response, conf);
-      for (JsonLogEntity jsonLogEntity : jsonLogEntitys) {
-        AUDIT_LOGGER.info(jsonLogEntity.toJsonFormatLog());
-      }
-    } catch (Exception e) {
-      // if any exception, log the exception.
-      String msg = "Error creating audit log for grant privilege to role: " + e.getMessage();
-      LOGGER.error(msg, e);
-    }
-    return response;
-  }
-
-  @Override
-  public TAlterSentryRoleRevokePrivilegeResponse alter_sentry_role_revoke_privilege
-  (TAlterSentryRoleRevokePrivilegeRequest request) throws TException {
-    final Timer.Context timerContext = sentryMetrics.revokeTimer.time();
-    TAlterSentryRoleRevokePrivilegeResponse response = new TAlterSentryRoleRevokePrivilegeResponse();
-    try {
-      validateClientVersion(request.getProtocol_version());
-      // There should only one field be set
-      if ( !(request.isSetPrivileges()^request.isSetPrivilege()) ) {
-        throw new SentryUserException("SENTRY API version is not right!");
-      }
-      // Maintain compatibility for old API: Set privilege field to privileges field
-      if (request.isSetPrivilege()) {
-        request.setPrivileges(Sets.newHashSet(request.getPrivilege()));
-      }
-
-      // TODO: now only has SentryPlugin. Once add more SentryPolicyStorePlugins,
-      // TODO: need to differentiate the updates for different Plugins.
-      Preconditions.checkState(sentryPlugins.size() <= 1);
-      Map<TSentryPrivilege, Update> privilegesUpdateMap = new HashMap<>();
-      for (SentryPolicyStorePlugin plugin : sentryPlugins) {
-        plugin.onAlterSentryRoleRevokePrivilege(request, privilegesUpdateMap);
-      }
-
-      if (!privilegesUpdateMap.isEmpty()) {
-        sentryStore.alterSentryRoleRevokePrivileges(request.getRequestorUserName(),
-            request.getRoleName(), request.getPrivileges(), privilegesUpdateMap);
-      } else {
-        sentryStore.alterSentryRoleRevokePrivileges(request.getRequestorUserName(),
-            request.getRoleName(), request.getPrivileges());
-      }
-      RevokePrivilegeRequestValidator.validate(request);
-      response.setStatus(Status.OK());
-      notificationHandlerInvoker.alter_sentry_role_revoke_privilege(request,
-              response);
-    } catch (SentryNoSuchObjectException e) {
-      StringBuilder msg = new StringBuilder();
-      if (request.getPrivileges().size() > 0) {
-        for (TSentryPrivilege privilege : request.getPrivileges()) {
-          msg.append("Privilege: [server=");
-          msg.append(privilege.getServerName());
-          msg.append(",db=");
-          msg.append(privilege.getDbName());
-          msg.append(",table=");
-          msg.append(privilege.getTableName());
-          msg.append(",URI=");
-          msg.append(privilege.getURI());
-          msg.append(",action=");
-          msg.append(privilege.getAction());
-          msg.append("] ");
-        }
-        msg.append("doesn't exist.");
-      }
-      LOGGER.error(msg.toString(), e);
-      response.setStatus(Status.NoSuchObject(msg.toString(), e));
-    } catch (SentryInvalidInputException e) {
-      LOGGER.error(e.getMessage(), e);
-      response.setStatus(Status.InvalidInput(e.getMessage(), e));
-    } catch (SentryAccessDeniedException e) {
-      LOGGER.error(e.getMessage(), e);
-      response.setStatus(Status.AccessDenied(e.getMessage(), e));
-    } catch (SentryGroupNotFoundException e) {
-      LOGGER.error(e.getMessage(), e);
-      response.setStatus(Status.AccessDenied(e.getMessage(), e));
-    } catch (SentryThriftAPIMismatchException e) {
-      LOGGER.error(e.getMessage(), e);
-      response.setStatus(Status.THRIFT_VERSION_MISMATCH(e.getMessage(), e));
-    } catch (Exception e) {
-      String msg = "Unknown error for request: " + request + ", message: " + e.getMessage();
-      LOGGER.error(msg, e);
-      response.setStatus(Status.RuntimeError(msg, e));
-    } finally {
-      timerContext.stop();
-    }
-
-    try {
-      Set<JsonLogEntity> jsonLogEntitys = JsonLogEntityFactory.getInstance().createJsonLogEntitys(
-          request, response, conf);
-      for (JsonLogEntity jsonLogEntity : jsonLogEntitys) {
-        AUDIT_LOGGER.info(jsonLogEntity.toJsonFormatLog());
-      }
-    } catch (Exception e) {
-      // if any exception, log the exception.
-      String msg = "Error creating audit log for revoke privilege from role: " + e.getMessage();
-      LOGGER.error(msg, e);
-    }
-    return response;
-  }
-
-  @Override
-  public TDropSentryRoleResponse drop_sentry_role(
-    TDropSentryRoleRequest request)  throws TException {
-    final Timer.Context timerContext = sentryMetrics.dropRoleTimer.time();
-    TDropSentryRoleResponse response = new TDropSentryRoleResponse();
-    TSentryResponseStatus status;
-    try {
-      validateClientVersion(request.getProtocol_version());
-      authorize(request.getRequestorUserName(),
-          getRequestorGroups(request.getRequestorUserName()));
-
-      // TODO: now only has SentryPlugin. Once add more SentryPolicyStorePlugins,
-      // TODO: need to differentiate the updates for different Plugins.
-      Preconditions.checkState(sentryPlugins.size() <= 1);
-      Update update = null;
-      for (SentryPolicyStorePlugin plugin : sentryPlugins) {
-        update = plugin.onDropSentryRole(request);
-      }
-
-      if (update != null) {
-        sentryStore.dropSentryRole(request.getRoleName(), update);
-      } else {
-        sentryStore.dropSentryRole(request.getRoleName());
-      }
-      response.setStatus(Status.OK());
-      notificationHandlerInvoker.drop_sentry_role(request, response);
-    } catch (SentryNoSuchObjectException e) {
-      String msg = "Role :" + request + " doesn't exist";
-      LOGGER.error(msg, e);
-      response.setStatus(Status.NoSuchObject(msg, e));
-    } catch (SentryAccessDeniedException e) {
-      LOGGER.error(e.getMessage(), e);
-      response.setStatus(Status.AccessDenied(e.getMessage(), e));
-    } catch (SentryGroupNotFoundException e) {
-      LOGGER.error(e.getMessage(), e);
-      response.setStatus(Status.AccessDenied(e.getMessage(), e));
-    } catch (SentryThriftAPIMismatchException e) {
-      LOGGER.error(e.getMessage(), e);
-      response.setStatus(Status.THRIFT_VERSION_MISMATCH(e.getMessage(), e));
-    } catch (Exception e) {
-      String msg = "Unknown error for request: " + request + ", message: " + e.getMessage();
-      LOGGER.error(msg, e);
-      response.setStatus(Status.RuntimeError(msg, e));
-    } finally {
-      timerContext.stop();
-    }
-
-    try {
-      AUDIT_LOGGER.info(JsonLogEntityFactory.getInstance()
-          .createJsonLogEntity(request, response, conf).toJsonFormatLog());
-    } catch (Exception e) {
-      // if any exception, log the exception.
-      String msg = "Error creating audit log for drop role: " + e.getMessage();
-      LOGGER.error(msg, e);
-    }
-    return response;
-  }
-
-  @Override
-  public TAlterSentryRoleAddGroupsResponse alter_sentry_role_add_groups(
-    TAlterSentryRoleAddGroupsRequest request) throws TException {
-    final Timer.Context timerContext = sentryMetrics.grantRoleTimer.time();
-    TAlterSentryRoleAddGroupsResponse response = new TAlterSentryRoleAddGroupsResponse();
-    try {
-      validateClientVersion(request.getProtocol_version());
-      authorize(request.getRequestorUserName(),
-          getRequestorGroups(request.getRequestorUserName()));
-
-      // TODO: now only has SentryPlugin. Once add more SentryPolicyStorePlugins,
-      // TODO: need to differentiate the updates for different Plugins.
-      Preconditions.checkState(sentryPlugins.size() <= 1);
-      Update update = null;
-      for (SentryPolicyStorePlugin plugin : sentryPlugins) {
-        update = plugin.onAlterSentryRoleAddGroups(request);
-      }
-      if (update != null) {
-        sentryStore.alterSentryRoleAddGroups(request.getRequestorUserName(),
-            request.getRoleName(), request.getGroups(), update);
-      } else {
-        sentryStore.alterSentryRoleAddGroups(request.getRequestorUserName(),
-            request.getRoleName(), request.getGroups());
-      }
-      response.setStatus(Status.OK());
-      notificationHandlerInvoker.alter_sentry_role_add_groups(request,
-          response);
-    } catch (SentryNoSuchObjectException e) {
-      String msg = "Role: " + request + " doesn't exist";
-      LOGGER.error(msg, e);
-      response.setStatus(Status.NoSuchObject(msg, e));
-    } catch (SentryAccessDeniedException e) {
-      LOGGER.error(e.getMessage(), e);
-      response.setStatus(Status.AccessDenied(e.getMessage(), e));
-    } catch (SentryGroupNotFoundException e) {
-      LOGGER.error(e.getMessage(), e);
-      response.setStatus(Status.AccessDenied(e.getMessage(), e));
-    } catch (SentryThriftAPIMismatchException e) {
-      LOGGER.error(e.getMessage(), e);
-      response.setStatus(Status.THRIFT_VERSION_MISMATCH(e.getMessage(), e));
-    } catch (Exception e) {
-      String msg = "Unknown error for request: " + request + ", message: " + e.getMessage();
-      LOGGER.error(msg, e);
-      response.setStatus(Status.RuntimeError(msg, e));
-    } finally {
-      timerContext.stop();
-    }
-
-    try {
-      AUDIT_LOGGER.info(JsonLogEntityFactory.getInstance()
-          .createJsonLogEntity(request, response, conf).toJsonFormatLog());
-    } catch (Exception e) {
-      // if any exception, log the exception.
-      String msg = "Error creating audit log for add role to group: " + e.getMessage();
-      LOGGER.error(msg, e);
-    }
-    return response;
-  }
-
-  @Override
-  public TAlterSentryRoleAddUsersResponse alter_sentry_role_add_users(
-      TAlterSentryRoleAddUsersRequest request) throws TException {
-    final Timer.Context timerContext = sentryMetrics.grantRoleTimer.time();
-    TAlterSentryRoleAddUsersResponse response = new TAlterSentryRoleAddUsersResponse();
-    try {
-      validateClientVersion(request.getProtocol_version());
-      authorize(request.getRequestorUserName(), getRequestorGroups(request.getRequestorUserName()));
-      sentryStore.alterSentryRoleAddUsers(request.getRoleName(), request.getUsers());
-      response.setStatus(Status.OK());
-      notificationHandlerInvoker.alter_sentry_role_add_users(request, response);
-    } catch (SentryNoSuchObjectException e) {
-      String msg = "Role: " + request + " does not exist.";
-      LOGGER.error(msg, e);
-      response.setStatus(Status.NoSuchObject(msg, e));
-    } catch (SentryAccessDeniedException e) {
-      LOGGER.error(e.getMessage(), e);
-      response.setStatus(Status.AccessDenied(e.getMessage(), e));
-    } catch (SentryGroupNotFoundException e) {
-      LOGGER.error(e.getMessage(), e);
-      response.setStatus(Status.AccessDenied(e.getMessage(), e));
-    } catch (SentryThriftAPIMismatchException e) {
-      LOGGER.error(e.getMessage(), e);
-      response.setStatus(Status.THRIFT_VERSION_MISMATCH(e.getMessage(), e));
-    } catch (Exception e) {
-      String msg = "Unknown error for request: " + request + ", message: " + e.getMessage();
-      LOGGER.error(msg, e);
-      response.setStatus(Status.RuntimeError(msg, e));
-    } finally {
-      timerContext.stop();
-    }
-
-    try {
-      AUDIT_LOGGER.info(JsonLogEntityFactory.getInstance()
-          .createJsonLogEntity(request, response, conf).toJsonFormatLog());
-    } catch (Exception e) {
-      // if any exception, log the exception.
-      String msg = "Error creating audit log for add role to user: " + e.getMessage();
-      LOGGER.error(msg, e);
-    }
-    return response;
-  }
-
-  @Override
-  public TAlterSentryRoleDeleteUsersResponse alter_sentry_role_delete_users(
-      TAlterSentryRoleDeleteUsersRequest request) throws TException {
-    final Timer.Context timerContext = sentryMetrics.grantRoleTimer.time();
-    TAlterSentryRoleDeleteUsersResponse response = new TAlterSentryRoleDeleteUsersResponse();
-    try {
-      validateClientVersion(request.getProtocol_version());
-      authorize(request.getRequestorUserName(), getRequestorGroups(request.getRequestorUserName()));
-      sentryStore.alterSentryRoleDeleteUsers(request.getRoleName(),
-              request.getUsers());
-      response.setStatus(Status.OK());
-      notificationHandlerInvoker.alter_sentry_role_delete_users(request, response);
-    } catch (SentryNoSuchObjectException e) {
-      String msg = "Role: " + request + " does not exist.";
-      LOGGER.error(msg, e);
-      response.setStatus(Status.NoSuchObject(msg, e));
-    } catch (SentryAccessDeniedException e) {
-      LOGGER.error(e.getMessage(), e);
-      response.setStatus(Status.AccessDenied(e.getMessage(), e));
-    } catch (SentryGroupNotFoundException e) {
-      LOGGER.error(e.getMessage(), e);
-      response.setStatus(Status.AccessDenied(e.getMessage(), e));
-    } catch (SentryThriftAPIMismatchException e) {
-      LOGGER.error(e.getMessage(), e);
-      response.setStatus(Status.THRIFT_VERSION_MISMATCH(e.getMessage(), e));
-    } catch (Exception e) {
-      String msg = "Unknown error for request: " + request + ", message: " + e.getMessage();
-      LOGGER.error(msg, e);
-      response.setStatus(Status.RuntimeError(msg, e));
-    } finally {
-      timerContext.stop();
-    }
-
-    try {
-      AUDIT_LOGGER.info(JsonLogEntityFactory.getInstance()
-          .createJsonLogEntity(request, response, conf).toJsonFormatLog());
-   } catch (Exception e) {
-      // if any exception, log the exception.
-      String msg = "Error creating audit log for delete role from user: " + e.getMessage();
-      LOGGER.error(msg, e);
-    }
-    return response;
-  }
-
-  @Override
-  public TAlterSentryRoleDeleteGroupsResponse alter_sentry_role_delete_groups(
-    TAlterSentryRoleDeleteGroupsRequest request) throws TException {
-    final Timer.Context timerContext = sentryMetrics.revokeRoleTimer.time();
-    TAlterSentryRoleDeleteGroupsResponse response = new TAlterSentryRoleDeleteGroupsResponse();
-    try {
-      validateClientVersion(request.getProtocol_version());
-      authorize(request.getRequestorUserName(),
-          getRequestorGroups(request.getRequestorUserName()));
-
-      // TODO: now only has SentryPlugin. Once add more SentryPolicyStorePlugins,
-      // TODO: need to differentiate the updates for different Plugins.
-      Preconditions.checkState(sentryPlugins.size() <= 1);
-      Update update = null;
-      for (SentryPolicyStorePlugin plugin : sentryPlugins) {
-        update = plugin.onAlterSentryRoleDeleteGroups(request);
-      }
-
-      if (update != null) {
-        sentryStore.alterSentryRoleDeleteGroups(request.getRoleName(),
-          request.getGroups(), update);
-      } else {
-        sentryStore.alterSentryRoleDeleteGroups(request.getRoleName(),
-          request.getGroups());
-      }
-      response.setStatus(Status.OK());
-      notificationHandlerInvoker.alter_sentry_role_delete_groups(request,
-          response);
-    } catch (SentryNoSuchObjectException e) {
-      String msg = "Role: " + request + " does not exist.";
-      LOGGER.error(msg, e);
-      response.setStatus(Status.NoSuchObject(msg, e));
-    } catch (SentryAccessDeniedException e) {
-      LOGGER.error(e.getMessage(), e);
-      response.setStatus(Status.AccessDenied(e.getMessage(), e));
-    } catch (SentryGroupNotFoundException e) {
-      LOGGER.error(e.getMessage(), e);
-      response.setStatus(Status.AccessDenied(e.getMessage(), e));
-    } catch (SentryThriftAPIMismatchException e) {
-      LOGGER.error(e.getMessage(), e);
-      response.setStatus(Status.THRIFT_VERSION_MISMATCH(e.getMessage(), e));
-    } catch (Exception e) {
-      String msg = "Unknown error adding groups to role: " + request;
-      LOGGER.error(msg, e);
-      response.setStatus(Status.RuntimeError(msg, e));
-    } finally {
-      timerContext.stop();
-    }
-
-    try {
-      AUDIT_LOGGER.info(JsonLogEntityFactory.getInstance()
-          .createJsonLogEntity(request, response, conf).toJsonFormatLog());
-    } catch (Exception e) {
-      // if any exception, log the exception.
-      String msg = "Error creating audit log for delete role from group: " + e.getMessage();
-      LOGGER.error(msg, e);
-    }
-    return response;
-  }
-
-  @Override
-  public TListSentryRolesResponse list_sentry_roles_by_group(
-    TListSentryRolesRequest request) throws TException {
-    final Timer.Context timerContext = sentryMetrics.listRolesByGroupTimer.time();
-    TListSentryRolesResponse response = new TListSentryRolesResponse();
-    TSentryResponseStatus status;
-    Set<TSentryRole> roleSet = new HashSet<TSentryRole>();
-    String subject = request.getRequestorUserName();
-    boolean checkAllGroups = false;
-    try {
-      validateClientVersion(request.getProtocol_version());
-      Set<String> groups = getRequestorGroups(subject);
-      // Don't check admin permissions for listing requestor's own roles
-      if (AccessConstants.ALL.equalsIgnoreCase(request.getGroupName())) {
-        checkAllGroups = true;
-      } else {
-        boolean admin = inAdminGroups(groups);
-        //Only admin users can list all roles in the system ( groupname = null)
-        //Non admin users are only allowed to list only groups which they belong to
-        if(!admin && (request.getGroupName() == null || !groups.contains(request.getGroupName()))) {
-          throw new SentryAccessDeniedException("Access denied to " + subject);
-        } else {
-          groups.clear();
-          groups.add(request.getGroupName());
-        }
-      }
-      roleSet = sentryStore.getTSentryRolesByGroupName(groups, checkAllGroups);
-      response.setRoles(roleSet);
-      response.setStatus(Status.OK());
-    } catch (SentryNoSuchObjectException e) {
-      response.setRoles(roleSet);
-      String msg = "Request: " + request + " couldn't be completed, message: " + e.getMessage();
-      LOGGER.error(msg, e);
-      response.setStatus(Status.NoSuchObject(msg, e));
-    } catch (SentryAccessDeniedException e) {
-      LOGGER.error(e.getMessage(), e);
-      response.setStatus(Status.AccessDenied(e.getMessage(), e));
-    } catch (SentryGroupNotFoundException e) {
-      LOGGER.error(e.getMessage(), e);
-      response.setStatus(Status.AccessDenied(e.getMessage(), e));
-    } catch (SentryThriftAPIMismatchException e) {
-      LOGGER.error(e.getMessage(), e);
-      response.setStatus(Status.THRIFT_VERSION_MISMATCH(e.getMessage(), e));
-    } catch (Exception e) {
-      String msg = "Unknown error for request: " + request + ", message: " + e.getMessage();
-      LOGGER.error(msg, e);
-      response.setStatus(Status.RuntimeError(msg, e));
-    } finally {
-      timerContext.stop();
-    }
-    return response;
-  }
-
-  public TListSentryRolesResponse list_sentry_roles_by_user(TListSentryRolesForUserRequest request)
-      throws TException {
-    final Timer.Context timerContext = sentryMetrics.listRolesByGroupTimer.time();
-    TListSentryRolesResponse response = new TListSentryRolesResponse();
-    TSentryResponseStatus status;
-    Set<TSentryRole> roleSet = new HashSet<TSentryRole>();
-    String requestor = request.getRequestorUserName();
-    String userName = request.getUserName();
-    boolean checkAllGroups = false;
-    try {
-      validateClientVersion(request.getProtocol_version());
-      // userName can't be empty
-      if (StringUtils.isEmpty(userName)) {
-        throw new SentryAccessDeniedException("The user name can't be empty.");
-      }
-
-      Set<String> requestorGroups;
-      try {
-        requestorGroups = getRequestorGroups(requestor);
-      } catch (SentryGroupNotFoundException e) {
-        LOGGER.error(e.getMessage(), e);
-        response.setStatus(Status.AccessDenied(e.getMessage(), e));
-        return response;
-      }
-
-      Set<String> userGroups;
-      try {
-        userGroups = getRequestorGroups(userName);
-      } catch (SentryGroupNotFoundException e) {
-        LOGGER.error(e.getMessage(), e);
-        String msg = "Groups for user " + userName + " do not exist: " + e.getMessage();
-        response.setStatus(Status.AccessDenied(msg, e));
-        return response;
-      }
-      boolean isAdmin = inAdminGroups(requestorGroups);
-
-      // Only admin users can list other user's roles in the system
-      // Non admin users are only allowed to list only their own roles related user and group
-      if (!isAdmin && !userName.equals(requestor)) {
-        throw new SentryAccessDeniedException("Access denied to list the roles for " + userName);
-      }
-      roleSet = sentryStore.getTSentryRolesByUserNames(Sets.newHashSet(userName));
-      response.setRoles(roleSet);
-      response.setStatus(Status.OK());
-    } catch (SentryNoSuchObjectException e) {
-      response.setRoles(roleSet);
-      String msg = "Role: " + request + " couldn't be retrieved.";
-      LOGGER.error(msg, e);
-      response.setStatus(Status.NoSuchObject(msg, e));
-    } catch (SentryAccessDeniedException e) {
-      LOGGER.error(e.getMessage(), e);
-      response.setStatus(Status.AccessDenied(e.getMessage(), e));
-    } catch (SentryThriftAPIMismatchException e) {
-      LOGGER.error(e.getMessage(), e);
-      response.setStatus(Status.THRIFT_VERSION_MISMATCH(e.getMessage(), e));
-    } catch (Exception e) {
-      String msg = "Unknown error for request: " + request + ", message: " + e.getMessage();
-      LOGGER.error(msg, e);
-      response.setStatus(Status.RuntimeError(msg, e));
-    } finally {
-      timerContext.stop();
-    }
-    return response;
-  }
-
-  @Override
-  public TListSentryPrivilegesResponse list_sentry_privileges_by_role(
-      TListSentryPrivilegesRequest request) throws TException {
-    final Timer.Context timerContext = sentryMetrics.listPrivilegesByRoleTimer.time();
-    TListSentryPrivilegesResponse response = new TListSentryPrivilegesResponse();
-    TSentryResponseStatus status;
-    Set<TSentryPrivilege> privilegeSet = new HashSet<TSentryPrivilege>();
-    String subject = request.getRequestorUserName();
-    try {
-      validateClientVersion(request.getProtocol_version());
-      Set<String> groups = getRequestorGroups(subject);
-      Boolean admin = inAdminGroups(groups);
-      if(!admin) {
-        Set<String> roleNamesForGroups = toTrimedLower(sentryStore.getRoleNamesForGroups(groups));
-        if(!roleNamesForGroups.contains(request.getRoleName().trim().toLowerCase())) {
-          throw new SentryAccessDeniedException("Access denied to " + subject);
-        }
-      }
-      if (request.isSetAuthorizableHierarchy()) {
-        TSentryAuthorizable authorizableHierarchy = request.getAuthorizableHierarchy();
-        privilegeSet = sentryStore.getTSentryPrivileges(SentryEntityType.ROLE, Sets.newHashSet(request.getRoleName()), authorizableHierarchy);
-      } else {
-        privilegeSet = sentryStore.getAllTSentryPrivilegesByRoleName(request.getRoleName());
-      }
-      response.setPrivileges(privilegeSet);
-      response.setStatus(Status.OK());
-    } catch (SentryNoSuchObjectException e) {
-      response.setPrivileges(privilegeSet);
-      String msg = "Privilege: " + request + " couldn't be retrieved.";
-      LOGGER.error(msg, e);
-      response.setStatus(Status.NoSuchObject(msg, e));
-    } catch (SentryAccessDeniedException e) {
-      LOGGER.error(e.getMessage(), e);
-      response.setStatus(Status.AccessDenied(e.getMessage(), e));
-    } catch (SentryGroupNotFoundException e) {
-      LOGGER.error(e.getMessage(), e);
-      response.setStatus(Status.AccessDenied(e.getMessage(), e));
-    } catch (SentryThriftAPIMismatchException e) {
-      LOGGER.error(e.getMessage(), e);
-      response.setStatus(Status.THRIFT_VERSION_MISMATCH(e.getMessage(), e));
-    } catch (Exception e) {
-      String msg = "Unknown error for request: " + request + ", message: " + e.getMessage();
-      LOGGER.error(msg, e);
-      response.setStatus(Status.RuntimeError(msg, e));
-    } finally {
-      timerContext.stop();
-    }
-    return response;
-  }
-
-  /**
-   * This method was created specifically for ProviderBackend.getPrivileges() and is not meant
-   * to be used for general privilege retrieval. More details in the .thrift file.
-   */
-  @Override
-  public TListSentryPrivilegesForProviderResponse list_sentry_privileges_for_provider(
-      TListSentryPrivilegesForProviderRequest request) throws TException {
-    final Timer.Context timerContext = sentryMetrics.listPrivilegesForProviderTimer.time();
-    TListSentryPrivilegesForProviderResponse response = new TListSentryPrivilegesForProviderResponse();
-    response.setPrivileges(new HashSet<String>());
-    try {
-      validateClientVersion(request.getProtocol_version());
-      Set<String> privilegesForProvider =
-          sentryStore.listSentryPrivilegesForProvider(request.getGroups(), request.getUsers(),
-              request.getRoleSet(), request.getAuthorizableHierarchy());
-      response.setPrivileges(privilegesForProvider);
-      if (privilegesForProvider == null
-          || privilegesForProvider.size() == 0
-          && request.getAuthorizableHierarchy() != null
-          && sentryStore.hasAnyServerPrivileges(request.getGroups(), request.getUsers(),
-              request.getRoleSet(), request.getAuthorizableHierarchy().getServer())) {
-
-        // REQUIRED for ensuring 'default' Db is accessible by any user
-        // with privileges to atleast 1 object with the specific server as root
-
-        // Need some way to specify that even though user has no privilege
-        // For the specific AuthorizableHierarchy.. he has privilege on
-        // atleast 1 object in the server hierarchy
-        HashSet<String> serverPriv = Sets.newHashSet("server=+");
-        response.setPrivileges(serverPriv);
-      }
-      response.setStatus(Status.OK());
-    } catch (SentryThriftAPIMismatchException e) {
-      LOGGER.error(e.getMessage(), e);
-      response.setStatus(Status.THRIFT_VERSION_MISMATCH(e.getMessage(), e));
-    } catch (Exception e) {
-      String msg = "Unknown error for request: " + request + ", message: " + e.getMessage();
-      LOGGER.error(msg, e);
-      response.setStatus(Status.RuntimeError(msg, e));
-    } finally {
-      timerContext.stop();
-    }
-    return response;
-  }
-
-  // retrieve the group mapping for the given user name
-  private Set<String> getRequestorGroups(String userName)
-      throws SentryUserException {
-    return getGroupsFromUserName(this.conf, userName);
-  }
-
-  public static Set<String> getGroupsFromUserName(Configuration conf,
-      String userName) throws SentryUserException {
-    String groupMapping = conf.get(ServerConfig.SENTRY_STORE_GROUP_MAPPING,
-        ServerConfig.SENTRY_STORE_GROUP_MAPPING_DEFAULT);
-    String authResoruce = conf
-        .get(ServerConfig.SENTRY_STORE_GROUP_MAPPING_RESOURCE);
-
-    // load the group mapping provider class
-    GroupMappingService groupMappingService;
-    try {
-      Constructor<?> constrctor = Class.forName(groupMapping)
-          .getDeclaredConstructor(Configuration.class, String.class);
-      constrctor.setAccessible(true);
-      groupMappingService = (GroupMappingService) constrctor
-          .newInstance(new Object[] { conf, authResoruce });
-    } catch (NoSuchMethodException e) {
-      throw new SentryUserException("Unable to instantiate group mapping", e);
-    } catch (SecurityException e) {
-      throw new SentryUserException("Unable to instantiate group mapping", e);
-    } catch (ClassNotFoundException e) {
-      throw new SentryUserException("Unable to instantiate group mapping", e);
-    } catch (InstantiationException e) {
-      throw new SentryUserException("Unable to instantiate group mapping", e);
-    } catch (IllegalAccessException e) {
-      throw new SentryUserException("Unable to instantiate group mapping", e);
-    } catch (IllegalArgumentException e) {
-      throw new SentryUserException("Unable to instantiate group mapping", e);
-    } catch (InvocationTargetException e) {
-      throw new SentryUserException("Unable to instantiate group mapping", e);
-    }
-    return groupMappingService.getGroups(userName);
-  }
-
-  @Override
-  public TDropPrivilegesResponse drop_sentry_privilege(
-      TDropPrivilegesRequest request) throws TException {
-    final Timer.Context timerContext = sentryMetrics.dropPrivilegeTimer.time();
-    TDropPrivilegesResponse response = new TDropPrivilegesResponse();
-    try {
-      validateClientVersion(request.getProtocol_version());
-      authorize(request.getRequestorUserName(), adminGroups);
-
-      // TODO: now only has SentryPlugin. Once add more SentryPolicyStorePlugins,
-      // TODO: need to differentiate the updates for different Plugins.
-      Preconditions.checkState(sentryPlugins.size() <= 1);
-      Update update = null;
-      for (SentryPolicyStorePlugin plugin : sentryPlugins) {
-        update = plugin.onDropSentryPrivilege(request);
-      }
-      if (update != null) {
-        sentryStore.dropPrivilege(request.getAuthorizable(), update);
-      } else {
-        sentryStore.dropPrivilege(request.getAuthorizable());
-      }
-      response.setStatus(Status.OK());
-    } catch (SentryAccessDeniedException e) {
-      LOGGER.error(e.getMessage(), e);
-      response.setStatus(Status.AccessDenied(e.getMessage(), e));
-    } catch (SentryGroupNotFoundException e) {
-      LOGGER.error(e.getMessage(), e);
-      response.setStatus(Status.AccessDenied(e.getMessage(), e));
-    } catch (SentryThriftAPIMismatchException e) {
-      LOGGER.error(e.getMessage(), e);
-      response.setStatus(Status.THRIFT_VERSION_MISMATCH(e.getMessage(), e));
-    } catch (Exception e) {
-      String msg = "Unknown error for request: " + request + ", message: "
-          + e.getMessage();
-      LOGGER.error(msg, e);
-      response.setStatus(Status.RuntimeError(msg, e));
-    } finally {
-      timerContext.stop();
-    }
-    return response;
-  }
-
-  @Override
-  public TRenamePrivilegesResponse rename_sentry_privilege(
-      TRenamePrivilegesRequest request) throws TException {
-    final Timer.Context timerContext = sentryMetrics.renamePrivilegeTimer.time();
-    TRenamePrivilegesResponse response = new TRenamePrivilegesResponse();
-    try {
-      validateClientVersion(request.getProtocol_version());
-      authorize(request.getRequestorUserName(), adminGroups);
-
-      // TODO: now only has SentryPlugin. Once add more SentryPolicyStorePlugins,
-      // TODO: need to differentiate the updates for different Plugins.
-      Preconditions.checkState(sentryPlugins.size() <= 1);
-      Update update = null;
-      for (SentryPolicyStorePlugin plugin : sentryPlugins) {
-        update = plugin.onRenameSentryPrivilege(request);
-      }
-      if (update != null) {
-        sentryStore.renamePrivilege(request.getOldAuthorizable(),
-            request.getNewAuthorizable(), update);
-      } else {
-        sentryStore.renamePrivilege(request.getOldAuthorizable(),
-            request.getNewAuthorizable());
-      }
-      response.setStatus(Status.OK());
-    } catch (SentryAccessDeniedException e) {
-      LOGGER.error(e.getMessage(), e);
-      response.setStatus(Status.AccessDenied(e.getMessage(), e));
-    } catch (SentryGroupNotFoundException e) {
-      LOGGER.error(e.getMessage(), e);
-      response.setStatus(Status.AccessDenied(e.getMessage(), e));
-    } catch (SentryThriftAPIMismatchException e) {
-      LOGGER.error(e.getMessage(), e);
-      response.setStatus(Status.THRIFT_VERSION_MISMATCH(e.getMessage(), e));
-    } catch (SentryInvalidInputException e) {
-      response.setStatus(Status.InvalidInput(e.getMessage(), e));
-    }
-    catch (Exception e) {
-      String msg = "Unknown error for request: " + request + ", message: "
-          + e.getMessage();
-      LOGGER.error(msg, e);
-      response.setStatus(Status.RuntimeError(msg, e));
-    } finally {
-      timerContext.close();
-    }
-    return response;
-  }
-
-  @Override
-  public TListSentryPrivilegesByAuthResponse list_sentry_privileges_by_authorizable(
-      TListSentryPrivilegesByAuthRequest request) throws TException {
-    final Timer.Context timerContext = sentryMetrics.listPrivilegesByAuthorizableTimer.time();
-    TListSentryPrivilegesByAuthResponse response = new TListSentryPrivilegesByAuthResponse();
-    Map<TSentryAuthorizable, TSentryPrivilegeMap> authRoleMap = Maps.newHashMap();
-    String subject = request.getRequestorUserName();
-    Set<String> requestedGroups = request.getGroups();
-    TSentryActiveRoleSet requestedRoleSet = request.getRoleSet();
-    try {
-      validateClientVersion(request.getProtocol_version());
-      Set<String> memberGroups = getRequestorGroups(subject);
-      if(!inAdminGroups(memberGroups)) {
-        // disallow non-admin to lookup groups that they are not part of
-        if (requestedGroups != null && !requestedGroups.isEmpty()) {
-          for (String requestedGroup : requestedGroups) {
-            if (!memberGroups.contains(requestedGroup)) {
-              // if user doesn't belong to one of the requested group then raise error
-              throw new SentryAccessDeniedException("Access denied to " + subject);
-            }
-          }
-        } else {
-          // non-admin's search is limited to it's own groups
-          requestedGroups = memberGroups;
-        }
-
-        // disallow non-admin to lookup roles that they are not part of
-        if (requestedRoleSet != null && !requestedRoleSet.isAll()) {
-          Set<String> roles = toTrimedLower(sentryStore
-              .getRoleNamesForGroups(memberGroups));
-          for (String role : toTrimedLower(requestedRoleSet.getRoles())) {
-            if (!roles.contains(role)) {
-              throw new SentryAccessDeniedException("Access denied to "
-                  + subject);
-            }
-          }
-        }
-      }
-
-      // If user is not part of any group.. return empty response
-      for (TSentryAuthorizable authorizable : request.getAuthorizableSet()) {
-        authRoleMap.put(authorizable, sentryStore
-            .listSentryPrivilegesByAuthorizable(requestedGroups,
-                request.getRoleSet(), authorizable, inAdminGroups(memberGroups)));
-
-        // TODO: add privileges associated with user by calling listSentryPrivilegesByAuthorizableForUser
-      }
-      response.setPrivilegesMapByAuth(authRoleMap);
-      response.setStatus(Status.OK());
-      // TODO : Sentry - HDFS : Have to handle this
-    } catch (SentryAccessDeniedException e) {
-      LOGGER.error(e.getMessage(), e);
-      response.setStatus(Status.AccessDenied(e.getMessage(), e));
-    } catch (SentryGroupNotFoundException e) {
-      LOGGER.error(e.getMessage(), e);
-      response.setStatus(Status.AccessDenied(e.getMessage(), e));
-    } catch (SentryThriftAPIMismatchException e) {
-      LOGGER.error(e.getMessage(), e);
-      response.setStatus(Status.THRIFT_VERSION_MISMATCH(e.getMessage(), e));
-    } catch (Exception e) {
-      String msg = "Unknown error for request: " + request + ", message: "
-          + e.getMessage();
-      LOGGER.error(msg, e);
-      response.setStatus(Status.RuntimeError(msg, e));
-    } finally {
-      timerContext.stop();
-    }
-    return response;
-  }
-
-  /**
-   * Respond to a request for a config value in the sentry server.  The client
-   * can request any config value that starts with "sentry." and doesn't contain
-   * "keytab".
-   * @param request Contains config parameter sought and default if not found
-   * @return The response, containing the value and status
-   * @throws TException
-   */
-  @Override
-  public TSentryConfigValueResponse get_sentry_config_value(
-          TSentryConfigValueRequest request) throws TException {
-
-    final String requirePattern = "^sentry\\..*";
-    final String excludePattern = ".*keytab.*|.*\\.jdbc\\..*|.*password.*";
-
-    TSentryConfigValueResponse response = new TSentryConfigValueResponse();
-    String attr = request.getPropertyName();
-
-    try {
-      validateClientVersion(request.getProtocol_version());
-    } catch (SentryThriftAPIMismatchException e) {
-      LOGGER.error(e.getMessage(), e);
-      response.setStatus(Status.THRIFT_VERSION_MISMATCH(e.getMessage(), e));
-    }
-    // Only allow config parameters like...
-    if (!Pattern.matches(requirePattern, attr) ||
-        Pattern.matches(excludePattern, attr)) {
-      String msg = "Attempted access of the configuration property " + attr +
-              " was denied";
-      LOGGER.error(msg);
-      response.setStatus(Status.AccessDenied(msg,
-              new SentryAccessDeniedException(msg)));
-      return response;
-    }
-
-    response.setValue(conf.get(attr,request.getDefaultValue()));
-    response.setStatus(Status.OK());
-    return response;
-  }
-
-  @VisibleForTesting
-  static void validateClientVersion(int protocolVersion) throws SentryThriftAPIMismatchException {
-    if (ThriftConstants.TSENTRY_SERVICE_VERSION_CURRENT != protocolVersion) {
-      String msg = "Sentry thrift API protocol version mismatch: Client thrift version " +
-          "is: " + protocolVersion + " , server thrift verion " +
-              "is " + ThriftConstants.TSENTRY_SERVICE_VERSION_CURRENT;
-      throw new SentryThriftAPIMismatchException(msg);
-    }
-  }
-
-  // get the sentry mapping data and return the data with map structure
-  @Override
-  public TSentryExportMappingDataResponse export_sentry_mapping_data(
-      TSentryExportMappingDataRequest request) throws TException {
-    TSentryExportMappingDataResponse response = new TSentryExportMappingDataResponse();
-    try {
-      String requestor = request.getRequestorUserName();
-      Set<String> memberGroups = getRequestorGroups(requestor);
-      String objectPath = request.getObjectPath();
-      String databaseName = null;
-      String tableName = null;
-
-      Map<String, String> objectMap =
-          SentryServiceUtil.parseObjectPath(objectPath);
-      databaseName = objectMap.get(PolicyFileConstants.PRIVILEGE_DATABASE_NAME);
-      tableName = objectMap.get(PolicyFileConstants.PRIVILEGE_TABLE_NAME);
-
-      if (!inAdminGroups(memberGroups)) {
-        // disallow non-admin to import the metadata of sentry
-        throw new SentryAccessDeniedException("Access denied to " + requestor
-            + " for export the metadata of sentry.");
-      }
-      TSentryMappingData tSentryMappingData = new TSentryMappingData();
-      Map<String, Set<TSentryPrivilege>> rolePrivileges =
-          sentryStore.getRoleNameTPrivilegesMap(databaseName, tableName);
-      tSentryMappingData.setRolePrivilegesMap(rolePrivileges);
-      Set<String> roleNames = rolePrivileges.keySet();
-      // roleNames should be null if databaseName == null and tableName == null
-      if (databaseName == null && tableName == null) {
-        roleNames = null;
-      }
-      List<Map<String, Set<String>>> mapList = sentryStore.getGroupUserRoleMapList(
-          roleNames);
-      tSentryMappingData.setGroupRolesMap(mapList.get(
-          SentryStore.INDEX_GROUP_ROLES_MAP));
-      tSentryMappingData.setUserRolesMap(mapList.get(SentryStore.INDEX_USER_ROLES_MAP));
-
-      response.setMappingData(tSentryMappingData);
-      response.setStatus(Status.OK());
-    } catch (SentryAccessDeniedException e) {
-      LOGGER.error(e.getMessage(), e);
-      response.setStatus(Status.AccessDenied(e.getMessage(), e));
-    } catch (SentryGroupNotFoundException e) {
-      LOGGER.error(e.getMessage(), e);
-      response.setStatus(Status.AccessDenied(e.getMessage(), e));
-    } catch (Exception e) {
-      String msg = "Unknown error for request: " + request + ", message: " + e.getMessage();
-      LOGGER.error(msg, e);
-      response.setMappingData(new TSentryMappingData());
-      response.setStatus(Status.RuntimeError(msg, e));
-    }
-    return response;
-  }
-
-  // import the sentry mapping data
-  @Override
-  public TSentryImportMappingDataResponse import_sentry_mapping_data(
-      TSentryImportMappingDataRequest request) throws TException {
-    TSentryImportMappingDataResponse response = new TSentryImportMappingDataResponse();
-    try {
-      String requestor = request.getRequestorUserName();
-      Set<String> memberGroups = getRequestorGroups(requestor);
-      if (!inAdminGroups(memberGroups)) {
-        // disallow non-admin to import the metadata of sentry
-        throw new SentryAccessDeniedException("Access denied to " + requestor
-            + " for import the metadata of sentry.");
-      }
-      sentryStore.importSentryMetaData(request.getMappingData(), request.isOverwriteRole());
-      response.setStatus(Status.OK());
-    } catch (SentryAccessDeniedException e) {
-      LOGGER.error(e.getMessage(), e);
-      response.setStatus(Status.AccessDenied(e.getMessage(), e));
-    } catch (SentryGroupNotFoundException e) {
-      LOGGER.error(e.getMessage(), e);
-      response.setStatus(Status.AccessDenied(e.getMessage(), e));
-    } catch (SentryInvalidInputException e) {
-      String msg = "Invalid input privilege object";
-      LOGGER.error(msg, e);
-      response.setStatus(Status.InvalidInput(msg, e));
-    } catch (Exception e) {
-      String msg = "Unknown error for request: " + request + ", message: " + e.getMessage();
-      LOGGER.error(msg, e);
-      response.setStatus(Status.RuntimeError(msg, e));
-    }
-    return response;
-  }
-
-  @Override
-  public TSentrySyncIDResponse sentry_sync_notifications(TSentrySyncIDRequest request)
-          throws TException {
-    TSentrySyncIDResponse response = new TSentrySyncIDResponse();
-    try (Timer.Context timerContext = hmsWaitTimer.time()) {
-      // Wait until Sentry Server processes specified HMS Notification ID.
-      response.setId(sentryStore.getCounterWait().waitFor(request.getId()));
-      response.setStatus(Status.OK());
-    } catch (InterruptedException e) {
-      String msg = String.format("wait request for id %d is interrupted",
-              request.getId());
-      LOGGER.error(msg, e);
-      response.setId(0);
-      response.setStatus(Status.RuntimeError(msg, e));
-      Thread.currentThread().interrupt();
-    } catch (TimeoutException e) {
-      String msg = String.format("timed out wait request for id %d", request.getId());
-      LOGGER.warn(msg, e);
-      response.setId(0);
-      response.setStatus(Status.RuntimeError(msg, e));
-    }
-    return response;
-  }
-}

http://git-wip-us.apache.org/repos/asf/sentry/blob/b97f5c7a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/api/service/thrift/SentryPolicyStoreProcessorFactory.java
----------------------------------------------------------------------
diff --git a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/api/service/thrift/SentryPolicyStoreProcessorFactory.java b/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/api/service/thrift/SentryPolicyStoreProcessorFactory.java
deleted file mode 100644
index fd209b7..0000000
--- a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/api/service/thrift/SentryPolicyStoreProcessorFactory.java
+++ /dev/null
@@ -1,43 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements.  See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership.  The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License.  You may obtain a copy of the License at
- *
- *     http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package org.apache.sentry.api.service.thrift;
-
-import org.apache.hadoop.conf.Configuration;
-import org.apache.sentry.api.common.ApiConstants.SentryPolicyServiceConstants;
-import org.apache.sentry.provider.db.service.persistent.SentryStore;
-import org.apache.sentry.service.thrift.ProcessorFactory;
-import org.apache.thrift.TMultiplexedProcessor;
-import org.apache.thrift.TProcessor;
-
-public class SentryPolicyStoreProcessorFactory extends ProcessorFactory {
-  public SentryPolicyStoreProcessorFactory(Configuration conf) {
-    super(conf);
-  }
-
-  public boolean register(TMultiplexedProcessor multiplexedProcessor,
-                          SentryStore sentryStore) throws Exception {
-    SentryPolicyStoreProcessor sentryServiceHandler =
-        new SentryPolicyStoreProcessor(SentryPolicyServiceConstants.SENTRY_POLICY_SERVICE_NAME,
-            conf, sentryStore);
-    TProcessor processor =
-      new SentryProcessorWrapper<SentryPolicyService.Iface>(sentryServiceHandler);
-    multiplexedProcessor.registerProcessor(
-      SentryPolicyServiceConstants.SENTRY_POLICY_SERVICE_NAME, processor);
-    return true;
-  }
-}


Mime
View raw message