sentry-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From sp...@apache.org
Subject [24/51] [abbrv] [partial] sentry git commit: SENTRY-2206: Refactor out sentry api from sentry-provider-db to own module (Steve Moist, reviewed by Sergio Pena)
Date Tue, 15 May 2018 21:44:42 GMT
http://git-wip-us.apache.org/repos/asf/sentry/blob/48422f4c/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/generic/service/thrift/SentryGenericServiceClientDefaultImpl.java
----------------------------------------------------------------------
diff --git a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/generic/service/thrift/SentryGenericServiceClientDefaultImpl.java b/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/generic/service/thrift/SentryGenericServiceClientDefaultImpl.java
deleted file mode 100644
index 4cd8fd6..0000000
--- a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/generic/service/thrift/SentryGenericServiceClientDefaultImpl.java
+++ /dev/null
@@ -1,559 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements.  See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership.  The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License.  You may obtain a copy of the License at
- * <p>
- * http://www.apache.org/licenses/LICENSE-2.0
- * <p>
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package org.apache.sentry.provider.db.generic.service.thrift;
-
-import com.google.common.collect.Lists;
-import org.apache.hadoop.conf.Configuration;
-import org.apache.sentry.core.common.ActiveRoleSet;
-import org.apache.sentry.core.common.Authorizable;
-import org.apache.sentry.core.common.exception.SentryUserException;
-import org.apache.sentry.core.common.transport.SentryConnection;
-import org.apache.sentry.core.common.transport.SentryTransportPool;
-import org.apache.sentry.core.common.transport.TTransportWrapper;
-import org.apache.sentry.core.model.db.AccessConstants;
-import org.apache.sentry.provider.db.generic.service.thrift.SentryGenericPolicyService.Client;
-import org.apache.sentry.service.thrift.ServiceConstants.ClientConfig;
-import org.apache.sentry.service.thrift.Status;
-import org.apache.sentry.service.thrift.sentry_common_serviceConstants;
-import org.apache.thrift.TException;
-import org.apache.thrift.protocol.TBinaryProtocol;
-import org.apache.thrift.protocol.TMultiplexedProtocol;
-
-import java.io.IOException;
-import java.util.HashSet;
-import java.util.List;
-import java.util.Map;
-import java.util.Set;
-
-
-/**
- * Sentry Generic Service Client.
- * <p>
- * Thread safety. This class is not thread safe - it is up to the
- * caller to ensure thread safety.
- */
-public class SentryGenericServiceClientDefaultImpl
-        implements SentryGenericServiceClient, SentryConnection {
-
-  private Client client;
-  private final SentryTransportPool transportPool;
-  private TTransportWrapper transport;
-  private static final String THRIFT_EXCEPTION_MESSAGE = "Thrift exception occured ";
-  private final long maxMessageSize;
-
-  /**
-   * Initialize client with the given configuration, using specified transport pool
-   * implementation for obtaining transports.
-   * @param conf Sentry Configuration
-   * @param transportPool source of connected transports
-   */
-  SentryGenericServiceClientDefaultImpl(Configuration conf,
-                                        SentryTransportPool transportPool) {
-
-    //TODO(kalyan) need to find appropriate place to add it
-    // if (kerberos) {
-    //  // since the client uses hadoop-auth, we need to set kerberos in
-    //  // hadoop-auth if we plan to use kerberos
-    //  conf.set(HADOOP_SECURITY_AUTHENTICATION, SentryConstants.KERBEROS_MoODE);
-    // }
-    maxMessageSize = conf.getLong(ClientConfig.SENTRY_POLICY_CLIENT_THRIFT_MAX_MESSAGE_SIZE,
-            ClientConfig.SENTRY_POLICY_CLIENT_THRIFT_MAX_MESSAGE_SIZE_DEFAULT);
-    this.transportPool = transportPool;
-  }
-
-  /**
-   * Connect to the specified server configured
-   *
-   * @throws IOException
-   */
-  @Override
-  public void connect() throws Exception {
-    if ((transport != null) && transport.isOpen()) {
-      return;
-    }
-
-    // Obtain connection to Sentry server
-    transport = transportPool.getTransport();
-    TMultiplexedProtocol protocol = new TMultiplexedProtocol(
-      new TBinaryProtocol(transport.getTTransport(), maxMessageSize,
-              maxMessageSize, true, true),
-      SentryGenericPolicyProcessor.SENTRY_GENERIC_SERVICE_NAME);
-    client = new Client(protocol);
-  }
-
-  /**
-   * Create a sentry role
-   *
-   * @param requestorUserName: user on whose behalf the request is issued
-   * @param roleName:          Name of the role
-   * @param component:         The request is issued to which component
-   * @throws SentryUserException
-   */
-  @Override
-  public void createRole(String requestorUserName, String roleName, String component)
-    throws SentryUserException {
-    TCreateSentryRoleRequest request = new TCreateSentryRoleRequest();
-    request.setProtocol_version(sentry_common_serviceConstants.TSENTRY_SERVICE_V2);
-    request.setRequestorUserName(requestorUserName);
-    request.setRoleName(roleName);
-    request.setComponent(component);
-    try {
-      TCreateSentryRoleResponse response = client.create_sentry_role(request);
-      Status.throwIfNotOk(response.getStatus());
-    } catch (TException e) {
-      throw new SentryUserException(THRIFT_EXCEPTION_MESSAGE, e);
-    }
-  }
-
-  @Override
-  public void createRoleIfNotExist(String requestorUserName, String roleName, String component) throws SentryUserException {
-    TCreateSentryRoleRequest request = new TCreateSentryRoleRequest();
-    request.setProtocol_version(sentry_common_serviceConstants.TSENTRY_SERVICE_V2);
-    request.setRequestorUserName(requestorUserName);
-    request.setRoleName(roleName);
-    request.setComponent(component);
-    try {
-      TCreateSentryRoleResponse response = client.create_sentry_role(request);
-      Status status = Status.fromCode(response.getStatus().getValue());
-      if (status == Status.ALREADY_EXISTS) {
-        return;
-      }
-      Status.throwIfNotOk(response.getStatus());
-    } catch (TException e) {
-      throw new SentryUserException(THRIFT_EXCEPTION_MESSAGE, e);
-    }
-  }
-
-  /**
-   * Drop a sentry role
-   *
-   * @param requestorUserName: user on whose behalf the request is issued
-   * @param roleName:          Name of the role
-   * @param component:         The request is issued to which component
-   * @throws SentryUserException
-   */
-  @Override
-  public void dropRole(String requestorUserName,
-                       String roleName, String component)
-    throws SentryUserException {
-    dropRole(requestorUserName, roleName, component, false);
-  }
-
-  @Override
-  public void dropRoleIfExists(String requestorUserName,
-                               String roleName, String component)
-    throws SentryUserException {
-    dropRole(requestorUserName, roleName, component, true);
-  }
-
-  private void dropRole(String requestorUserName,
-                        String roleName, String component, boolean ifExists)
-    throws SentryUserException {
-    TDropSentryRoleRequest request = new TDropSentryRoleRequest();
-    request.setProtocol_version(sentry_common_serviceConstants.TSENTRY_SERVICE_V2);
-    request.setRequestorUserName(requestorUserName);
-    request.setRoleName(roleName);
-    request.setComponent(component);
-    try {
-      TDropSentryRoleResponse response = client.drop_sentry_role(request);
-      Status status = Status.fromCode(response.getStatus().getValue());
-      if (ifExists && status == Status.NO_SUCH_OBJECT) {
-        return;
-      }
-      Status.throwIfNotOk(response.getStatus());
-    } catch (TException e) {
-      throw new SentryUserException(THRIFT_EXCEPTION_MESSAGE, e);
-    }
-  }
-
-  /**
-   * Grant a sentry role to groups.
-   *
-   * @param requestorUserName: user on whose behalf the request is issued
-   * @param roleName:          Name of the role
-   * @param component:         The request is issued to which component
-   * @param groups:            The name of groups
-   * @throws SentryUserException
-   */
-  @Override
-  public void grantRoleToGroups(String requestorUserName, String roleName,
-                              String component, Set<String> groups) throws SentryUserException {
-    TAlterSentryRoleAddGroupsRequest request = new TAlterSentryRoleAddGroupsRequest();
-    request.setProtocol_version(sentry_common_serviceConstants.TSENTRY_SERVICE_V2);
-    request.setRequestorUserName(requestorUserName);
-    request.setRoleName(roleName);
-    request.setGroups(groups);
-    request.setComponent(component);
-
-    try {
-      TAlterSentryRoleAddGroupsResponse response = client.alter_sentry_role_add_groups(request);
-      Status.throwIfNotOk(response.getStatus());
-    } catch (TException e) {
-      throw new SentryUserException(THRIFT_EXCEPTION_MESSAGE, e);
-    }
-  }
-
-  /**
-   * revoke a sentry role from groups.
-   *
-   * @param requestorUserName: user on whose behalf the request is issued
-   * @param roleName:          Name of the role
-   * @param component:         The request is issued to which component
-   * @param groups:            The name of groups
-   * @throws SentryUserException
-   */
-  @Override
-  public void revokeRoleFromGroups(String requestorUserName, String roleName,
-                                 String component, Set<String> groups) throws SentryUserException {
-    TAlterSentryRoleDeleteGroupsRequest request = new TAlterSentryRoleDeleteGroupsRequest();
-    request.setProtocol_version(sentry_common_serviceConstants.TSENTRY_SERVICE_V2);
-    request.setRequestorUserName(requestorUserName);
-    request.setRoleName(roleName);
-    request.setGroups(groups);
-    request.setComponent(component);
-
-    try {
-      TAlterSentryRoleDeleteGroupsResponse response = client.alter_sentry_role_delete_groups(request);
-      Status.throwIfNotOk(response.getStatus());
-    } catch (TException e) {
-      throw new SentryUserException(THRIFT_EXCEPTION_MESSAGE, e);
-    }
-  }
-
-  /**
-   * grant privilege
-   *
-   * @param requestorUserName: user on whose behalf the request is issued
-   * @param roleName:          Name of the role
-   * @param component:         The request is issued to which component
-   * @param privilege
-   * @throws SentryUserException
-   */
-  @Override
-  public void grantPrivilege(String requestorUserName, String roleName,
-                             String component, TSentryPrivilege privilege) throws SentryUserException {
-    TAlterSentryRoleGrantPrivilegeRequest request = new TAlterSentryRoleGrantPrivilegeRequest();
-    request.setProtocol_version(sentry_common_serviceConstants.TSENTRY_SERVICE_V2);
-    request.setComponent(component);
-    request.setRoleName(roleName);
-    request.setRequestorUserName(requestorUserName);
-    request.setPrivilege(privilege);
-
-    try {
-      TAlterSentryRoleGrantPrivilegeResponse response = client.alter_sentry_role_grant_privilege(request);
-      Status.throwIfNotOk(response.getStatus());
-    } catch (TException e) {
-      throw new SentryUserException(THRIFT_EXCEPTION_MESSAGE, e);
-    }
-  }
-
-  /**
-   * revoke privilege
-   *
-   * @param requestorUserName: user on whose behalf the request is issued
-   * @param roleName:          Name of the role
-   * @param component:         The request is issued to which component
-   * @param privilege
-   * @throws SentryUserException
-   */
-  @Override
-  public void revokePrivilege(String requestorUserName, String roleName,
-                              String component, TSentryPrivilege privilege) throws SentryUserException {
-    TAlterSentryRoleRevokePrivilegeRequest request = new TAlterSentryRoleRevokePrivilegeRequest();
-    request.setProtocol_version(sentry_common_serviceConstants.TSENTRY_SERVICE_V2);
-    request.setComponent(component);
-    request.setRequestorUserName(requestorUserName);
-    request.setRoleName(roleName);
-    request.setPrivilege(privilege);
-
-    try {
-      TAlterSentryRoleRevokePrivilegeResponse response = client.alter_sentry_role_revoke_privilege(request);
-      Status.throwIfNotOk(response.getStatus());
-    } catch (TException e) {
-      throw new SentryUserException(THRIFT_EXCEPTION_MESSAGE, e);
-    }
-  }
-
-  /**
-   * drop privilege
-   *
-   * @param requestorUserName: user on whose behalf the request is issued
-   * @param component:         The request is issued to which component
-   * @param privilege
-   * @throws SentryUserException
-   */
-  @Override
-  public void dropPrivilege(String requestorUserName, String component,
-                            TSentryPrivilege privilege) throws SentryUserException {
-    TDropPrivilegesRequest request = new TDropPrivilegesRequest();
-    request.setProtocol_version(sentry_common_serviceConstants.TSENTRY_SERVICE_V2);
-    request.setComponent(component);
-    request.setRequestorUserName(requestorUserName);
-    request.setPrivilege(privilege);
-
-    try {
-      TDropPrivilegesResponse response = client.drop_sentry_privilege(request);
-      Status.throwIfNotOk(response.getStatus());
-    } catch (TException e) {
-      throw new SentryUserException(THRIFT_EXCEPTION_MESSAGE, e);
-    }
-  }
-
-  /**
-   * rename privilege
-   *
-   * @param requestorUserName: user on whose behalf the request is issued
-   * @param component:         The request is issued to which component
-   * @param serviceName:       The Authorizable belongs to which service
-   * @param oldAuthorizables
-   * @param newAuthorizables
-   * @throws SentryUserException
-   */
-  @Override
-  public void renamePrivilege(String requestorUserName, String component,
-                              String serviceName, List<? extends Authorizable> oldAuthorizables,
-                              List<? extends Authorizable> newAuthorizables) throws SentryUserException {
-    if (oldAuthorizables == null || oldAuthorizables.isEmpty()
-      || newAuthorizables == null || newAuthorizables.isEmpty()) {
-      throw new SentryUserException("oldAuthorizables or newAuthorizables can not be null or empty");
-    }
-
-    TRenamePrivilegesRequest request = new TRenamePrivilegesRequest();
-    request.setProtocol_version(sentry_common_serviceConstants.TSENTRY_SERVICE_V2);
-    request.setComponent(component);
-    request.setRequestorUserName(requestorUserName);
-    request.setServiceName(serviceName);
-
-    List<TAuthorizable> oldTAuthorizables = Lists.newArrayList();
-    List<TAuthorizable> newTAuthorizables = Lists.newArrayList();
-    for (Authorizable authorizable : oldAuthorizables) {
-      oldTAuthorizables.add(new TAuthorizable(authorizable.getTypeName(), authorizable.getName()));
-      request.setOldAuthorizables(oldTAuthorizables);
-    }
-    for (Authorizable authorizable : newAuthorizables) {
-      newTAuthorizables.add(new TAuthorizable(authorizable.getTypeName(), authorizable.getName()));
-      request.setNewAuthorizables(newTAuthorizables);
-    }
-
-    try {
-      TRenamePrivilegesResponse response = client.rename_sentry_privilege(request);
-      Status.throwIfNotOk(response.getStatus());
-    } catch (TException e) {
-      throw new SentryUserException(THRIFT_EXCEPTION_MESSAGE, e);
-    }
-  }
-
-  /**
-   * Gets sentry role objects for a given groupName using the Sentry service
-   *
-   * @param requestorUserName : user on whose behalf the request is issued
-   * @param groupName         : groupName to look up ( if null returns all roles for groups related to requestorUserName)
-   * @param component:        The request is issued to which component
-   * @return Set of thrift sentry role objects
-   * @throws SentryUserException
-   */
-  @Override
-  public Set<TSentryRole> listRolesByGroupName(
-    String requestorUserName,
-    String groupName,
-    String component)
-    throws SentryUserException {
-    TListSentryRolesRequest request = new TListSentryRolesRequest();
-    request.setProtocol_version(sentry_common_serviceConstants.TSENTRY_SERVICE_V2);
-    request.setRequestorUserName(requestorUserName);
-    request.setGroupName(groupName);
-    request.setComponent(component);
-    TListSentryRolesResponse response;
-    try {
-      response = client.list_sentry_roles_by_group(request);
-      Status.throwIfNotOk(response.getStatus());
-      return response.getRoles();
-    } catch (TException e) {
-      throw new SentryUserException(THRIFT_EXCEPTION_MESSAGE, e);
-    }
-  }
-
-  @Override
-  public Set<TSentryRole> listUserRoles(String requestorUserName, String component)
-    throws SentryUserException {
-    return listRolesByGroupName(requestorUserName, AccessConstants.ALL, component);
-  }
-
-  @Override
-  public Set<TSentryRole> listAllRoles(String requestorUserName, String component)
-    throws SentryUserException {
-    return listRolesByGroupName(requestorUserName, null, component);
-  }
-
-  /**
-   * Gets sentry privileges for a given roleName and Authorizable Hirerchys using the Sentry service
-   *
-   * @param requestorUserName: user on whose behalf the request is issued
-   * @param roleName:
-   * @param component:         The request is issued to which component
-   * @param serviceName
-   * @param authorizables
-   * @return
-   * @throws SentryUserException
-   */
-  @Override
-  public Set<TSentryPrivilege> listPrivilegesByRoleName(
-    String requestorUserName, String roleName, String component,
-    String serviceName, List<? extends Authorizable> authorizables)
-    throws SentryUserException {
-    TListSentryPrivilegesRequest request = new TListSentryPrivilegesRequest();
-    request.setProtocol_version(sentry_common_serviceConstants.TSENTRY_SERVICE_V2);
-    request.setComponent(component);
-    request.setServiceName(serviceName);
-    request.setRequestorUserName(requestorUserName);
-    request.setRoleName(roleName);
-    if (authorizables != null && !authorizables.isEmpty()) {
-      List<TAuthorizable> tAuthorizables = Lists.newArrayList();
-      for (Authorizable authorizable : authorizables) {
-        tAuthorizables.add(new TAuthorizable(authorizable.getTypeName(), authorizable.getName()));
-      }
-      request.setAuthorizables(tAuthorizables);
-    }
-
-    TListSentryPrivilegesResponse response;
-    try {
-      response = client.list_sentry_privileges_by_role(request);
-      Status.throwIfNotOk(response.getStatus());
-    } catch (TException e) {
-      throw new SentryUserException(THRIFT_EXCEPTION_MESSAGE, e);
-    }
-    return response.getPrivileges();
-  }
-
-  @Override
-  public Set<TSentryPrivilege> listAllPrivilegesByRoleName(
-    String requestorUserName, String roleName, String component,
-    String serviceName) throws SentryUserException {
-    return listPrivilegesByRoleName(requestorUserName, roleName, component, serviceName, null);
-  }
-
-  /**
-   * get sentry permissions from provider as followings:
-   *
-   * @throws SentryUserException
-   * @param: component: The request is issued to which component
-   * @param: serviceName: The privilege belongs to which service
-   * @param: roleSet
-   * @param: groupNames
-   * @param: the authorizables
-   * @returns the set of permissions
-   */
-  @Override
-  public Set<String> listPrivilegesForProvider(String component,
-                                               String serviceName, ActiveRoleSet roleSet, Set<String> groups,
-                                               List<? extends Authorizable> authorizables) throws SentryUserException {
-    TSentryActiveRoleSet thriftRoleSet = new TSentryActiveRoleSet(roleSet.isAll(), roleSet.getRoles());
-    TListSentryPrivilegesForProviderRequest request = new TListSentryPrivilegesForProviderRequest();
-    request.setProtocol_version(sentry_common_serviceConstants.TSENTRY_SERVICE_V2);
-    request.setComponent(component);
-    request.setServiceName(serviceName);
-    request.setRoleSet(thriftRoleSet);
-    if (groups == null) {
-      request.setGroups(new HashSet<String>());
-    } else {
-      request.setGroups(groups);
-    }
-    List<TAuthorizable> tAuthoriables = Lists.newArrayList();
-    if (authorizables != null && !authorizables.isEmpty()) {
-      for (Authorizable authorizable : authorizables) {
-        tAuthoriables.add(new TAuthorizable(authorizable.getTypeName(), authorizable.getName()));
-      }
-      request.setAuthorizables(tAuthoriables);
-    }
-
-    try {
-      TListSentryPrivilegesForProviderResponse response = client.list_sentry_privileges_for_provider(request);
-      Status.throwIfNotOk(response.getStatus());
-      return response.getPrivileges();
-    } catch (TException e) {
-      throw new SentryUserException(THRIFT_EXCEPTION_MESSAGE, e);
-    }
-  }
-
-  /**
-   * Get sentry privileges based on valid active roles and the authorize objects. Note that
-   * it is client responsibility to ensure the requestor username, etc. is not impersonated.
-   *
-   * @param component:         The request respond to which component.
-   * @param serviceName:       The name of service.
-   * @param requestorUserName: The requestor user name.
-   * @param authorizablesSet:  The set of authorize objects. One authorize object is represented
-   *                           as a string. e.g resourceType1=resourceName1->resourceType2=resourceName2->resourceType3=resourceName3.
-   * @param groups:            The requested groups.
-   * @param roleSet:           The active roles set.
-   * @throws SentryUserException
-   * @returns The mapping of authorize objects and TSentryPrivilegeMap(<role, set<privileges>).
-   */
-  @Override
-  public Map<String, TSentryPrivilegeMap> listPrivilegesbyAuthorizable(String component,
-                                                                      String serviceName, String requestorUserName, Set<String> authorizablesSet,
-                                                                      Set<String> groups, ActiveRoleSet roleSet) throws SentryUserException {
-
-    TListSentryPrivilegesByAuthRequest request = new TListSentryPrivilegesByAuthRequest();
-
-    request.setProtocol_version(sentry_common_serviceConstants.TSENTRY_SERVICE_V2);
-    request.setComponent(component);
-    request.setServiceName(serviceName);
-    request.setRequestorUserName(requestorUserName);
-    request.setAuthorizablesSet(authorizablesSet);
-
-    if (groups == null) {
-      request.setGroups(new HashSet<String>());
-    } else {
-      request.setGroups(groups);
-    }
-
-    if (roleSet != null) {
-      request.setRoleSet(new TSentryActiveRoleSet(roleSet.isAll(), roleSet.getRoles()));
-    }
-
-    try {
-      TListSentryPrivilegesByAuthResponse response = client.list_sentry_privileges_by_authorizable(request);
-      Status.throwIfNotOk(response.getStatus());
-      return response.getPrivilegesMapByAuth();
-    } catch (TException e) {
-      throw new SentryUserException(THRIFT_EXCEPTION_MESSAGE, e);
-    }
-  }
-
-  @Override
-  public void close() {
-    done();
-  }
-
-  @Override
-  public void done() {
-    if (transport != null) {
-      transportPool.returnTransport(transport);
-      transport = null;
-    }
-  }
-
-  @Override
-  public void invalidate() {
-    if (transport != null) {
-      transportPool.invalidateTransport(transport);
-      transport = null;
-    }
-  }
-}

http://git-wip-us.apache.org/repos/asf/sentry/blob/48422f4c/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/generic/service/thrift/SentryGenericServiceClientFactory.java
----------------------------------------------------------------------
diff --git a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/generic/service/thrift/SentryGenericServiceClientFactory.java b/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/generic/service/thrift/SentryGenericServiceClientFactory.java
deleted file mode 100644
index b663e3d..0000000
--- a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/generic/service/thrift/SentryGenericServiceClientFactory.java
+++ /dev/null
@@ -1,123 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements.  See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership.  The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License.  You may obtain a copy of the License at
- * <p>
- * http://www.apache.org/licenses/LICENSE-2.0
- * <p>
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package org.apache.sentry.provider.db.generic.service.thrift;
-
-import org.apache.hadoop.conf.Configuration;
-import org.apache.hadoop.security.UserGroupInformation;
-import org.apache.sentry.core.common.transport.RetryClientInvocationHandler;
-import org.apache.sentry.core.common.transport.SentryPolicyClientTransportConfig;
-import org.apache.sentry.core.common.transport.SentryTransportFactory;
-import org.apache.sentry.core.common.transport.SentryTransportPool;
-import org.slf4j.Logger;
-import org.slf4j.LoggerFactory;
-
-import javax.annotation.concurrent.ThreadSafe;
-import java.lang.reflect.Proxy;
-import java.util.concurrent.atomic.AtomicReference;
-
-/**
- * Produces client connection for Sentry clients using Generic model.
- * Factory is [alost] a singleton. Tests can call {@link #factoryReset()} to destroy the
- * existing factory and create a new one. This may be needed because tests modify
- * configuration and start and stop servers.
- */
-@ThreadSafe
-public final class SentryGenericServiceClientFactory {
-  private static final Logger LOGGER = LoggerFactory.getLogger(SentryGenericServiceClientFactory.class);
-
-  // Used to implement a singleton
-  private static final AtomicReference<SentryGenericServiceClientFactory> clientFactory =
-          new AtomicReference<>();
-
-  private final SentryPolicyClientTransportConfig transportConfig =
-          new SentryPolicyClientTransportConfig();
-  private final SentryTransportPool transportPool;
-  private final Configuration conf;
-
-  /**
-   * Obtain an Generic policy client instance.
-   * @param conf Configuration that should be used. Configuration is only used for the
-   *             initial creation and ignored afterwords.
-   */
-  public static SentryGenericServiceClient create(Configuration conf) throws Exception {
-    SentryGenericServiceClientFactory factory = clientFactory.get();
-    if (factory != null) {
-      return factory.create();
-    }
-    factory = new SentryGenericServiceClientFactory(conf);
-    boolean ok = clientFactory.compareAndSet(null, factory);
-    if (ok) {
-      return factory.create();
-    }
-    factory.close();
-    return clientFactory.get().create();
-  }
-
-  /**
-   * Create a new factory instance and atach it to a connection pool instance.
-   * @param conf Configuration
-   */
-  private SentryGenericServiceClientFactory(Configuration conf) {
-    if (transportConfig.isKerberosEnabled(conf) &&
-            transportConfig.useUserGroupInformation(conf)) {
-        LOGGER.info("Using UserGroupInformation authentication");
-        UserGroupInformation.setConfiguration(conf);
-    }
-
-    this.conf = conf;
-
-    transportPool = new SentryTransportPool(this.conf, transportConfig,
-            new SentryTransportFactory(this.conf, transportConfig));
-  }
-
-  /**
-   * Create a new client connection to the server for Generic model clients
-   * @return client instance
-   * @throws Exception if something goes wrong
-   */
-  @SuppressWarnings("squid:S00112")
-  private SentryGenericServiceClient create() throws Exception {
-    return (SentryGenericServiceClient) Proxy
-      .newProxyInstance(SentryGenericServiceClientDefaultImpl.class.getClassLoader(),
-        SentryGenericServiceClientDefaultImpl.class.getInterfaces(),
-        new RetryClientInvocationHandler(conf,
-          new SentryGenericServiceClientDefaultImpl(conf, transportPool), transportConfig));
-  }
-
-  // Should only be used by tests.
-  // Resets the factory and destroys any pooled connections
-  public static void factoryReset() {
-    LOGGER.debug("factory reset");
-    SentryGenericServiceClientFactory factory = clientFactory.getAndSet(null);
-    if (factory != null) {
-      try {
-        factory.transportPool.close();
-      } catch (Exception e) {
-        LOGGER.error("failed to close transport pool", e);
-      }
-    }
-  }
-
-  private void close() {
-    try {
-      transportPool.close();
-    } catch (Exception e) {
-      LOGGER.error("failed to close transport pool", e);
-    }
-  }
-}

http://git-wip-us.apache.org/repos/asf/sentry/blob/48422f4c/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/generic/tools/GenericPrivilegeConverter.java
----------------------------------------------------------------------
diff --git a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/generic/tools/GenericPrivilegeConverter.java b/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/generic/tools/GenericPrivilegeConverter.java
index 82b21ef..6a2c77f 100644
--- a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/generic/tools/GenericPrivilegeConverter.java
+++ b/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/generic/tools/GenericPrivilegeConverter.java
@@ -29,6 +29,9 @@ import java.util.Iterator;
 import java.util.LinkedList;
 import java.util.List;
 
+import org.apache.sentry.api.generic.thrift.TAuthorizable;
+import org.apache.sentry.api.generic.thrift.TSentryGrantOption;
+import org.apache.sentry.api.generic.thrift.TSentryPrivilege;
 import org.apache.sentry.core.common.Authorizable;
 import org.apache.sentry.core.common.exception.SentryUserException;
 import org.apache.sentry.core.common.utils.KeyValue;
@@ -46,9 +49,6 @@ import org.apache.sentry.core.model.solr.SolrPrivilegeModel;
 import org.apache.sentry.core.model.sqoop.SqoopModelAuthorizables;
 import org.apache.sentry.core.model.sqoop.SqoopPrivilegeModel;
 import org.apache.sentry.provider.common.AuthorizationComponent;
-import org.apache.sentry.provider.db.generic.service.thrift.TAuthorizable;
-import org.apache.sentry.provider.db.generic.service.thrift.TSentryGrantOption;
-import org.apache.sentry.provider.db.generic.service.thrift.TSentryPrivilege;
 import org.apache.shiro.config.ConfigurationException;
 
 /**

http://git-wip-us.apache.org/repos/asf/sentry/blob/48422f4c/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/generic/tools/TSentryPrivilegeConverter.java
----------------------------------------------------------------------
diff --git a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/generic/tools/TSentryPrivilegeConverter.java b/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/generic/tools/TSentryPrivilegeConverter.java
index 5e48483..fc55575 100644
--- a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/generic/tools/TSentryPrivilegeConverter.java
+++ b/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/generic/tools/TSentryPrivilegeConverter.java
@@ -18,8 +18,8 @@
  */
 package org.apache.sentry.provider.db.generic.tools;
 
+import org.apache.sentry.api.generic.thrift.TSentryPrivilege;
 import org.apache.sentry.core.common.exception.SentryUserException;
-import org.apache.sentry.provider.db.generic.service.thrift.TSentryPrivilege;
 
 public interface TSentryPrivilegeConverter {
 

http://git-wip-us.apache.org/repos/asf/sentry/blob/48422f4c/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/log/entity/JsonLogEntityFactory.java
----------------------------------------------------------------------
diff --git a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/log/entity/JsonLogEntityFactory.java b/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/log/entity/JsonLogEntityFactory.java
index 09f7d13..61becce 100644
--- a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/log/entity/JsonLogEntityFactory.java
+++ b/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/log/entity/JsonLogEntityFactory.java
@@ -25,30 +25,30 @@ import java.util.Map;
 import java.util.Set;
 
 import org.apache.hadoop.conf.Configuration;
-import org.apache.sentry.provider.db.generic.service.thrift.TAuthorizable;
+import org.apache.sentry.api.generic.thrift.TAuthorizable;
 import org.apache.sentry.provider.db.log.util.CommandUtil;
 import org.apache.sentry.provider.db.log.util.Constants;
-import org.apache.sentry.provider.db.service.thrift.TAlterSentryRoleAddGroupsRequest;
-import org.apache.sentry.provider.db.service.thrift.TAlterSentryRoleAddGroupsResponse;
-import org.apache.sentry.provider.db.service.thrift.TAlterSentryRoleAddUsersRequest;
-import org.apache.sentry.provider.db.service.thrift.TAlterSentryRoleAddUsersResponse;
-import org.apache.sentry.provider.db.service.thrift.TAlterSentryRoleDeleteGroupsRequest;
-import org.apache.sentry.provider.db.service.thrift.TAlterSentryRoleDeleteGroupsResponse;
-import org.apache.sentry.provider.db.service.thrift.TAlterSentryRoleDeleteUsersRequest;
-import org.apache.sentry.provider.db.service.thrift.TAlterSentryRoleDeleteUsersResponse;
-import org.apache.sentry.provider.db.service.thrift.TAlterSentryRoleGrantPrivilegeRequest;
-import org.apache.sentry.provider.db.service.thrift.TAlterSentryRoleGrantPrivilegeResponse;
-import org.apache.sentry.provider.db.service.thrift.TAlterSentryRoleRevokePrivilegeRequest;
-import org.apache.sentry.provider.db.service.thrift.TAlterSentryRoleRevokePrivilegeResponse;
-import org.apache.sentry.provider.db.service.thrift.TCreateSentryRoleRequest;
-import org.apache.sentry.provider.db.service.thrift.TCreateSentryRoleResponse;
-import org.apache.sentry.provider.db.service.thrift.TDropSentryRoleRequest;
-import org.apache.sentry.provider.db.service.thrift.TDropSentryRoleResponse;
-import org.apache.sentry.provider.db.service.thrift.TSentryGroup;
-import org.apache.sentry.provider.db.service.thrift.TSentryPrivilege;
+import org.apache.sentry.api.service.thrift.TAlterSentryRoleAddGroupsRequest;
+import org.apache.sentry.api.service.thrift.TAlterSentryRoleAddGroupsResponse;
+import org.apache.sentry.api.service.thrift.TAlterSentryRoleAddUsersRequest;
+import org.apache.sentry.api.service.thrift.TAlterSentryRoleAddUsersResponse;
+import org.apache.sentry.api.service.thrift.TAlterSentryRoleDeleteGroupsRequest;
+import org.apache.sentry.api.service.thrift.TAlterSentryRoleDeleteGroupsResponse;
+import org.apache.sentry.api.service.thrift.TAlterSentryRoleDeleteUsersRequest;
+import org.apache.sentry.api.service.thrift.TAlterSentryRoleDeleteUsersResponse;
+import org.apache.sentry.api.service.thrift.TAlterSentryRoleGrantPrivilegeRequest;
+import org.apache.sentry.api.service.thrift.TAlterSentryRoleGrantPrivilegeResponse;
+import org.apache.sentry.api.service.thrift.TAlterSentryRoleRevokePrivilegeRequest;
+import org.apache.sentry.api.service.thrift.TAlterSentryRoleRevokePrivilegeResponse;
+import org.apache.sentry.api.service.thrift.TCreateSentryRoleRequest;
+import org.apache.sentry.api.service.thrift.TCreateSentryRoleResponse;
+import org.apache.sentry.api.service.thrift.TDropSentryRoleRequest;
+import org.apache.sentry.api.service.thrift.TDropSentryRoleResponse;
+import org.apache.sentry.api.service.thrift.TSentryGroup;
+import org.apache.sentry.api.service.thrift.TSentryPrivilege;
 import org.apache.sentry.core.common.utils.ThriftUtil;
-import org.apache.sentry.service.thrift.ServiceConstants.ServerConfig;
-import org.apache.sentry.service.thrift.Status;
+import org.apache.sentry.service.common.ServiceConstants.ServerConfig;
+import org.apache.sentry.api.common.Status;
 import org.apache.sentry.service.thrift.TSentryResponseStatus;
 
 import com.google.common.base.Joiner;
@@ -225,8 +225,8 @@ public final class JsonLogEntityFactory {
 
   // log entity for generic model create role
   public JsonLogEntity createJsonLogEntity(
-      org.apache.sentry.provider.db.generic.service.thrift.TCreateSentryRoleRequest request,
-      org.apache.sentry.provider.db.generic.service.thrift.TCreateSentryRoleResponse response,
+      org.apache.sentry.api.generic.thrift.TCreateSentryRoleRequest request,
+      org.apache.sentry.api.generic.thrift.TCreateSentryRoleResponse response,
       Configuration conf) {
     GMAuditMetadataLogEntity gmamle = createCommonGMAMLE(conf, response.getStatus(),
         request.getRequestorUserName(), request.getClass().getName(), request.getComponent());
@@ -237,8 +237,8 @@ public final class JsonLogEntityFactory {
 
   // log entity for generic model drop role
   public JsonLogEntity createJsonLogEntity(
-      org.apache.sentry.provider.db.generic.service.thrift.TDropSentryRoleRequest request,
-      org.apache.sentry.provider.db.generic.service.thrift.TDropSentryRoleResponse response,
+      org.apache.sentry.api.generic.thrift.TDropSentryRoleRequest request,
+      org.apache.sentry.api.generic.thrift.TDropSentryRoleResponse response,
       Configuration conf) {
     GMAuditMetadataLogEntity gmamle = createCommonGMAMLE(conf, response.getStatus(),
         request.getRequestorUserName(), request.getClass().getName(), request.getComponent());
@@ -249,8 +249,8 @@ public final class JsonLogEntityFactory {
 
   // log entity for generic model grant privilege
   public JsonLogEntity createJsonLogEntity(
-      org.apache.sentry.provider.db.generic.service.thrift.TAlterSentryRoleGrantPrivilegeRequest request,
-      org.apache.sentry.provider.db.generic.service.thrift.TAlterSentryRoleGrantPrivilegeResponse response,
+      org.apache.sentry.api.generic.thrift.TAlterSentryRoleGrantPrivilegeRequest request,
+      org.apache.sentry.api.generic.thrift.TAlterSentryRoleGrantPrivilegeResponse response,
       Configuration conf) {
     GMAuditMetadataLogEntity gmamle = createCommonGMAMLE(conf, response.getStatus(),
         request.getRequestorUserName(), request.getClass().getName(), request.getComponent());
@@ -271,8 +271,8 @@ public final class JsonLogEntityFactory {
 
   // log entity for generic model revoke privilege
   public JsonLogEntity createJsonLogEntity(
-      org.apache.sentry.provider.db.generic.service.thrift.TAlterSentryRoleRevokePrivilegeRequest request,
-      org.apache.sentry.provider.db.generic.service.thrift.TAlterSentryRoleRevokePrivilegeResponse response,
+      org.apache.sentry.api.generic.thrift.TAlterSentryRoleRevokePrivilegeRequest request,
+      org.apache.sentry.api.generic.thrift.TAlterSentryRoleRevokePrivilegeResponse response,
       Configuration conf) {
     GMAuditMetadataLogEntity gmamle = createCommonGMAMLE(conf, response.getStatus(),
         request.getRequestorUserName(), request.getClass().getName(), request.getComponent());
@@ -293,8 +293,8 @@ public final class JsonLogEntityFactory {
 
   // log entity for generic model add role to group
   public JsonLogEntity createJsonLogEntity(
-      org.apache.sentry.provider.db.generic.service.thrift.TAlterSentryRoleAddGroupsRequest request,
-      org.apache.sentry.provider.db.generic.service.thrift.TAlterSentryRoleAddGroupsResponse response,
+      org.apache.sentry.api.generic.thrift.TAlterSentryRoleAddGroupsRequest request,
+      org.apache.sentry.api.generic.thrift.TAlterSentryRoleAddGroupsResponse response,
       Configuration conf) {
     GMAuditMetadataLogEntity gmamle = createCommonGMAMLE(conf, response.getStatus(),
         request.getRequestorUserName(), request.getClass().getName(), request.getComponent());
@@ -307,8 +307,8 @@ public final class JsonLogEntityFactory {
 
   // log entity for hive delete role from group
   public JsonLogEntity createJsonLogEntity(
-      org.apache.sentry.provider.db.generic.service.thrift.TAlterSentryRoleDeleteGroupsRequest request,
-      org.apache.sentry.provider.db.generic.service.thrift.TAlterSentryRoleDeleteGroupsResponse response,
+      org.apache.sentry.api.generic.thrift.TAlterSentryRoleDeleteGroupsRequest request,
+      org.apache.sentry.api.generic.thrift.TAlterSentryRoleDeleteGroupsResponse response,
       Configuration conf) {
     GMAuditMetadataLogEntity gmamle = createCommonGMAMLE(conf, response.getStatus(),
         request.getRequestorUserName(), request.getClass().getName(), request.getComponent());

http://git-wip-us.apache.org/repos/asf/sentry/blob/48422f4c/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/log/util/CommandUtil.java
----------------------------------------------------------------------
diff --git a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/log/util/CommandUtil.java b/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/log/util/CommandUtil.java
index 328bbbb..6479a60 100644
--- a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/log/util/CommandUtil.java
+++ b/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/log/util/CommandUtil.java
@@ -25,12 +25,12 @@ import java.util.List;
 import java.util.Set;
 
 import org.apache.sentry.core.model.db.AccessConstants;
-import org.apache.sentry.provider.db.generic.service.thrift.TAuthorizable;
-import org.apache.sentry.provider.db.service.thrift.TAlterSentryRoleGrantPrivilegeRequest;
-import org.apache.sentry.provider.db.service.thrift.TAlterSentryRoleRevokePrivilegeRequest;
-import org.apache.sentry.provider.db.service.thrift.TSentryGrantOption;
-import org.apache.sentry.provider.db.service.thrift.TSentryPrivilege;
-import org.apache.sentry.service.thrift.ServiceConstants.PrivilegeScope;
+import org.apache.sentry.api.generic.thrift.TAuthorizable;
+import org.apache.sentry.api.common.ApiConstants.PrivilegeScope;
+import org.apache.sentry.api.service.thrift.TAlterSentryRoleGrantPrivilegeRequest;
+import org.apache.sentry.api.service.thrift.TAlterSentryRoleRevokePrivilegeRequest;
+import org.apache.sentry.api.service.thrift.TSentryGrantOption;
+import org.apache.sentry.api.service.thrift.TSentryPrivilege;
 import org.datanucleus.util.StringUtils;
 
 import com.google.common.annotations.VisibleForTesting;
@@ -159,18 +159,18 @@ public final class CommandUtil {
   }
 
   public static String createCmdForGrantGMPrivilege(
-      org.apache.sentry.provider.db.generic.service.thrift.TAlterSentryRoleGrantPrivilegeRequest request) {
+      org.apache.sentry.api.generic.thrift.TAlterSentryRoleGrantPrivilegeRequest request) {
     return createCmdForGrantOrRevokeGMPrivilege(request.getRoleName(), request.getPrivilege(), true);
   }
 
   public static String createCmdForRevokeGMPrivilege(
-      org.apache.sentry.provider.db.generic.service.thrift.TAlterSentryRoleRevokePrivilegeRequest request) {
+      org.apache.sentry.api.generic.thrift.TAlterSentryRoleRevokePrivilegeRequest request) {
     return createCmdForGrantOrRevokeGMPrivilege(request.getRoleName(), request.getPrivilege(),
         false);
   }
 
   private static String createCmdForGrantOrRevokeGMPrivilege(String roleName,
-      org.apache.sentry.provider.db.generic.service.thrift.TSentryPrivilege privilege,
+      org.apache.sentry.api.generic.thrift.TSentryPrivilege privilege,
       boolean isGrant) {
     StringBuilder sb = new StringBuilder();
     if (isGrant) {
@@ -205,7 +205,7 @@ public final class CommandUtil {
     }
     sb.append(roleName);
 
-    if (privilege.getGrantOption() == org.apache.sentry.provider.db.generic.service.thrift.TSentryGrantOption.TRUE) {
+    if (privilege.getGrantOption() == org.apache.sentry.api.generic.thrift.TSentryGrantOption.TRUE) {
       sb.append(" WITH GRANT OPTION");
     }
 

http://git-wip-us.apache.org/repos/asf/sentry/blob/48422f4c/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/log/util/Constants.java
----------------------------------------------------------------------
diff --git a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/log/util/Constants.java b/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/log/util/Constants.java
index 6a4f2e0..6e91f8b 100644
--- a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/log/util/Constants.java
+++ b/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/log/util/Constants.java
@@ -21,7 +21,7 @@ package org.apache.sentry.provider.db.log.util;
 import java.util.Map;
 import com.google.common.collect.ImmutableMap;
 
-import org.apache.sentry.provider.db.service.thrift.*;
+import org.apache.sentry.api.service.thrift.*;
 
 public final class Constants {
   public static final String AUDIT_LOGGER_NAME = "sentry.hive.authorization.ddl.logger";
@@ -69,17 +69,17 @@ public final class Constants {
     .put(TAlterSentryRoleDeleteUsersRequest.class.getName(), Constants.OPERATION_DELETE_ROLE_USER)
 
     // for generic model audit log
-    .put(org.apache.sentry.provider.db.generic.service.thrift.TCreateSentryRoleRequest.class.getName(),
+    .put(org.apache.sentry.api.generic.thrift.TCreateSentryRoleRequest.class.getName(),
         Constants.OPERATION_CREATE_ROLE)
-    .put(org.apache.sentry.provider.db.generic.service.thrift.TDropSentryRoleRequest.class.getName(),
+    .put(org.apache.sentry.api.generic.thrift.TDropSentryRoleRequest.class.getName(),
         Constants.OPERATION_DROP_ROLE)
-    .put(org.apache.sentry.provider.db.generic.service.thrift.TAlterSentryRoleGrantPrivilegeRequest.class.getName(),
+    .put(org.apache.sentry.api.generic.thrift.TAlterSentryRoleGrantPrivilegeRequest.class.getName(),
         Constants.OPERATION_GRANT_PRIVILEGE)
-    .put(org.apache.sentry.provider.db.generic.service.thrift.TAlterSentryRoleRevokePrivilegeRequest.class.getName(),
+    .put(org.apache.sentry.api.generic.thrift.TAlterSentryRoleRevokePrivilegeRequest.class.getName(),
         Constants.OPERATION_REVOKE_PRIVILEGE)
-    .put(org.apache.sentry.provider.db.generic.service.thrift.TAlterSentryRoleAddGroupsRequest.class.getName(),
+    .put(org.apache.sentry.api.generic.thrift.TAlterSentryRoleAddGroupsRequest.class.getName(),
         Constants.OPERATION_ADD_ROLE)
-    .put(org.apache.sentry.provider.db.generic.service.thrift.TAlterSentryRoleDeleteGroupsRequest.class.getName(),
+    .put(org.apache.sentry.api.generic.thrift.TAlterSentryRoleDeleteGroupsRequest.class.getName(),
         Constants.OPERATION_DELETE_ROLE)
     .build();
   
@@ -95,17 +95,17 @@ public final class Constants {
     .put(TAlterSentryRoleRevokePrivilegeRequest.class.getName(), Constants.OBJECT_TYPE_PRINCIPAL)
 
     // for generic model audit log
-    .put(org.apache.sentry.provider.db.generic.service.thrift.TCreateSentryRoleRequest.class.getName(),
+    .put(org.apache.sentry.api.generic.thrift.TCreateSentryRoleRequest.class.getName(),
         Constants.OBJECT_TYPE_ROLE)
-    .put(org.apache.sentry.provider.db.generic.service.thrift.TDropSentryRoleRequest.class.getName(),
+    .put(org.apache.sentry.api.generic.thrift.TDropSentryRoleRequest.class.getName(),
         Constants.OBJECT_TYPE_ROLE)
-    .put(org.apache.sentry.provider.db.generic.service.thrift.TAlterSentryRoleAddGroupsRequest.class.getName(),
+    .put(org.apache.sentry.api.generic.thrift.TAlterSentryRoleAddGroupsRequest.class.getName(),
         Constants.OBJECT_TYPE_ROLE)
-    .put(org.apache.sentry.provider.db.generic.service.thrift.TAlterSentryRoleDeleteGroupsRequest.class.getName(),
+    .put(org.apache.sentry.api.generic.thrift.TAlterSentryRoleDeleteGroupsRequest.class.getName(),
         Constants.OBJECT_TYPE_ROLE)
-    .put(org.apache.sentry.provider.db.generic.service.thrift.TAlterSentryRoleGrantPrivilegeRequest.class.getName(),
+    .put(org.apache.sentry.api.generic.thrift.TAlterSentryRoleGrantPrivilegeRequest.class.getName(),
         Constants.OBJECT_TYPE_PRINCIPAL)
-    .put(org.apache.sentry.provider.db.generic.service.thrift.TAlterSentryRoleRevokePrivilegeRequest.class.getName(),
+    .put(org.apache.sentry.api.generic.thrift.TAlterSentryRoleRevokePrivilegeRequest.class.getName(),
         Constants.OBJECT_TYPE_PRINCIPAL)
     .build();
 

http://git-wip-us.apache.org/repos/asf/sentry/blob/48422f4c/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/persistent/HAContext.java
----------------------------------------------------------------------
diff --git a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/persistent/HAContext.java b/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/persistent/HAContext.java
index 71865ca..2505da9 100644
--- a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/persistent/HAContext.java
+++ b/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/persistent/HAContext.java
@@ -47,7 +47,7 @@ import java.util.concurrent.ThreadFactory;
 
 import static com.google.common.base.Preconditions.checkArgument;
 import static com.google.common.base.Preconditions.checkNotNull;
-import static org.apache.sentry.service.thrift.ServiceConstants.ServerConfig.*;
+import static org.apache.sentry.service.common.ServiceConstants.ServerConfig.*;
 
 /**
  * HAContext stores the global ZooKeeper related context.

http://git-wip-us.apache.org/repos/asf/sentry/blob/48422f4c/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/persistent/HMSFollower.java
----------------------------------------------------------------------
diff --git a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/persistent/HMSFollower.java b/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/persistent/HMSFollower.java
index 929e6be..42770df 100644
--- a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/persistent/HMSFollower.java
+++ b/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/persistent/HMSFollower.java
@@ -36,7 +36,7 @@ import org.apache.thrift.TException;
 import org.apache.sentry.service.thrift.SentryHMSClient;
 import org.apache.sentry.service.thrift.HiveConnectionFactory;
 import org.apache.sentry.service.thrift.HiveNotificationFetcher;
-import org.apache.sentry.service.thrift.SentryServiceUtil;
+import org.apache.sentry.api.common.SentryServiceUtil;
 import org.apache.sentry.service.thrift.SentryStateBank;
 import org.apache.sentry.service.thrift.SentryServiceState;
 import org.apache.sentry.service.thrift.HMSFollowerState;

http://git-wip-us.apache.org/repos/asf/sentry/blob/48422f4c/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/persistent/LeaderStatusMonitor.java
----------------------------------------------------------------------
diff --git a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/persistent/LeaderStatusMonitor.java b/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/persistent/LeaderStatusMonitor.java
index 0a208d4..c2f1ad0 100644
--- a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/persistent/LeaderStatusMonitor.java
+++ b/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/persistent/LeaderStatusMonitor.java
@@ -33,7 +33,7 @@ import java.util.concurrent.locks.ReentrantLock;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 
-import static org.apache.sentry.service.thrift.ServiceConstants.ServerConfig.*;
+import static org.apache.sentry.service.common.ServiceConstants.ServerConfig.*;
 
 /**
  * LeaderStatusMonitor participates in the distributed leader election protocol

http://git-wip-us.apache.org/repos/asf/sentry/blob/48422f4c/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/persistent/NotificationProcessor.java
----------------------------------------------------------------------
diff --git a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/persistent/NotificationProcessor.java b/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/persistent/NotificationProcessor.java
index 6134778..228d37c 100644
--- a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/persistent/NotificationProcessor.java
+++ b/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/persistent/NotificationProcessor.java
@@ -45,11 +45,11 @@ import org.apache.sentry.hdfs.SentryMalformedPathException;
 import org.apache.sentry.hdfs.UniquePathsUpdate;
 import org.apache.sentry.hdfs.Updateable.Update;
 import org.apache.sentry.hdfs.service.thrift.TPrivilegeChanges;
+import org.apache.sentry.api.service.thrift.SentryMetrics;
+import org.apache.sentry.api.service.thrift.TSentryAuthorizable;
+import org.apache.sentry.api.common.SentryServiceUtil;
 import org.apache.sentry.hdfs.service.thrift.TPrivilegeEntityType;
-import org.apache.sentry.provider.db.service.thrift.SentryMetrics;
-import org.apache.sentry.provider.db.service.thrift.TSentryAuthorizable;
 import org.apache.sentry.hdfs.service.thrift.TPrivilegeEntity;
-import org.apache.sentry.service.thrift.SentryServiceUtil;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 

http://git-wip-us.apache.org/repos/asf/sentry/blob/48422f4c/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/persistent/SentryStore.java
----------------------------------------------------------------------
diff --git a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/persistent/SentryStore.java b/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/persistent/SentryStore.java
index 625f0ae..cafe2b5 100644
--- a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/persistent/SentryStore.java
+++ b/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/persistent/SentryStore.java
@@ -70,18 +70,18 @@ import org.apache.sentry.provider.db.service.model.MSentryVersion;
 import org.apache.sentry.provider.db.service.model.MSentryRole;
 import org.apache.sentry.provider.db.service.model.MSentryUtil;
 import org.apache.sentry.provider.db.service.model.MPath;
-import org.apache.sentry.provider.db.service.thrift.SentryPolicyStoreProcessor;
-import org.apache.sentry.provider.db.service.thrift.TSentryActiveRoleSet;
-import org.apache.sentry.provider.db.service.thrift.TSentryAuthorizable;
-import org.apache.sentry.provider.db.service.thrift.TSentryGrantOption;
-import org.apache.sentry.provider.db.service.thrift.TSentryGroup;
-import org.apache.sentry.provider.db.service.thrift.TSentryMappingData;
-import org.apache.sentry.provider.db.service.thrift.TSentryPrivilege;
-import org.apache.sentry.provider.db.service.thrift.TSentryPrivilegeMap;
-import org.apache.sentry.provider.db.service.thrift.TSentryRole;
 import org.apache.sentry.hdfs.service.thrift.TPrivilegeEntity;
-import org.apache.sentry.service.thrift.ServiceConstants.PrivilegeScope;
-import org.apache.sentry.service.thrift.ServiceConstants.ServerConfig;
+import org.apache.sentry.api.common.ApiConstants.PrivilegeScope;
+import org.apache.sentry.api.service.thrift.SentryPolicyStoreProcessor;
+import org.apache.sentry.api.service.thrift.TSentryActiveRoleSet;
+import org.apache.sentry.api.service.thrift.TSentryAuthorizable;
+import org.apache.sentry.api.service.thrift.TSentryGrantOption;
+import org.apache.sentry.api.service.thrift.TSentryGroup;
+import org.apache.sentry.api.service.thrift.TSentryMappingData;
+import org.apache.sentry.api.service.thrift.TSentryPrivilege;
+import org.apache.sentry.api.service.thrift.TSentryPrivilegeMap;
+import org.apache.sentry.api.service.thrift.TSentryRole;
+import org.apache.sentry.service.common.ServiceConstants.ServerConfig;
 import org.datanucleus.store.rdbms.exceptions.MissingTableException;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;

http://git-wip-us.apache.org/repos/asf/sentry/blob/48422f4c/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/persistent/TransactionManager.java
----------------------------------------------------------------------
diff --git a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/persistent/TransactionManager.java b/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/persistent/TransactionManager.java
index f4ff962..ba6e845 100644
--- a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/persistent/TransactionManager.java
+++ b/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/persistent/TransactionManager.java
@@ -25,7 +25,7 @@ import com.codahale.metrics.Timer;
 import com.codahale.metrics.Timer.Context;
 import org.apache.hadoop.conf.Configuration;
 import org.apache.sentry.core.common.exception.SentryUserException;
-import org.apache.sentry.service.thrift.ServiceConstants.ServerConfig;
+import org.apache.sentry.service.common.ServiceConstants.ServerConfig;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 
@@ -33,7 +33,7 @@ import javax.jdo.PersistenceManager;
 import javax.jdo.PersistenceManagerFactory;
 import javax.jdo.Transaction;
 
-import org.apache.sentry.provider.db.service.thrift.SentryMetrics;
+import org.apache.sentry.api.service.thrift.SentryMetrics;
 
 import java.util.Random;
 import java.util.concurrent.Callable;

http://git-wip-us.apache.org/repos/asf/sentry/blob/48422f4c/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/thrift/ConfServlet.java
----------------------------------------------------------------------
diff --git a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/thrift/ConfServlet.java b/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/thrift/ConfServlet.java
deleted file mode 100644
index 1233fbc..0000000
--- a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/thrift/ConfServlet.java
+++ /dev/null
@@ -1,71 +0,0 @@
-package org.apache.sentry.provider.db.service.thrift;
-
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements.  See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership.  The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License.  You may obtain a copy of the License at
- *
- *     http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-import java.io.IOException;
-import java.io.Writer;
-
-import javax.servlet.ServletException;
-import javax.servlet.http.HttpServlet;
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
-
-import org.apache.hadoop.conf.Configuration;
-
-import static org.apache.commons.lang.StringEscapeUtils.escapeHtml;
-
-/**
- * Servlet to print out all sentry configuration.
- */
-public class ConfServlet extends HttpServlet {
-  public static final String CONF_CONTEXT_ATTRIBUTE = "sentry.conf";
-  public static final String FORMAT_JSON = "json";
-  public static final String FORMAT_XML = "xml";
-  public static final String FORMAT_PARAM = "format";
-  private static final long serialVersionUID = 1L;
-
-  @Override
-  public void doGet(HttpServletRequest request, HttpServletResponse response)
-      throws ServletException, IOException {
-    String format = request.getParameter(FORMAT_PARAM);
-    if (format == null) {
-      format = FORMAT_XML;
-    }
-
-    if (FORMAT_XML.equals(format)) {
-      response.setContentType("text/xml; charset=utf-8");
-    } else if (FORMAT_JSON.equals(format)) {
-      response.setContentType("application/json; charset=utf-8");
-    }
-
-    Configuration conf = (Configuration)getServletContext().getAttribute(
-        CONF_CONTEXT_ATTRIBUTE);
-    assert conf != null;
-
-    Writer out = response.getWriter();
-    if (FORMAT_JSON.equals(format)) {
-      Configuration.dumpConfiguration(conf, out);
-    } else if (FORMAT_XML.equals(format)) {
-      conf.writeXml(out);
-    } else {
-      response.sendError(HttpServletResponse.SC_BAD_REQUEST, "Bad format: " + escapeHtml(format));
-    }
-    out.close();
-  }
-}

http://git-wip-us.apache.org/repos/asf/sentry/blob/48422f4c/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/thrift/LogLevelServlet.java
----------------------------------------------------------------------
diff --git a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/thrift/LogLevelServlet.java b/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/thrift/LogLevelServlet.java
deleted file mode 100644
index 68d6d90..0000000
--- a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/thrift/LogLevelServlet.java
+++ /dev/null
@@ -1,122 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements.  See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership.  The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License.  You may obtain a copy of the License at
- * <p>
- * http://www.apache.org/licenses/LICENSE-2.0
- * <p>
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package org.apache.sentry.provider.db.service.thrift;
-
-import org.apache.log4j.Level;
-import org.apache.log4j.LogManager;
-import org.apache.log4j.Logger;
-
-import javax.servlet.ServletException;
-import javax.servlet.ServletRequest;
-import javax.servlet.http.HttpServlet;
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
-import java.io.IOException;
-import java.io.PrintWriter;
-
-import static org.apache.commons.lang.StringEscapeUtils.escapeHtml;
-
-public class LogLevelServlet extends HttpServlet {
-  private static final String LF = "\n";
-  private static final String BR = "<br />";
-  private static final String B_BR = "<b>%s</b><br />";
-  private static final String FORMS_HEAD =
-          "<h1>" + "Log Level" + "</h1>"
-                  + LF + BR + "<hr /><h3>Results</h3>"
-                  + LF + " Submitted Log Name: " + B_BR;
-  private static final String FORMS_CONTENT_GET =
-          LF + " Effective level: " + B_BR;
-  private static final String FORMS_CONTENT_SET =
-          LF + " Submitted Level: " + B_BR
-                  + LF + " Setting Level to %s" + BR
-                  + LF + " Effective level: " + B_BR;
-  private static final String FORMS_END =
-          LF + BR + "<hr /><h3>Get / Set</h3>"
-                  + LF + "<form>Log: <input type='text' size='50' name='log' /> "
-                  + "<input type='submit' value='Get Log Level' />" + "</form>"
-                  + LF + "<form>Log: <input type='text' size='50' name='log' /> "
-                  + "Level: <input type='text' name='level' /> "
-                  + "<input type='submit' value='Set Log Level' />" + "</form>";
-  private static final String FORMS_GET = FORMS_HEAD + FORMS_CONTENT_GET;
-  private static final String FORMS_SET = FORMS_HEAD + FORMS_CONTENT_SET;
-
-  /**
-   * Return parameter on servlet request for the given name
-   *
-   * @param request: Servlet request
-   * @param name: Name of parameter in servlet request
-   * @return Parameter in servlet request for the given name, return null if can't find parameter.
-   */
-  private String getParameter(ServletRequest request, String name) {
-    String s = request.getParameter(name);
-    if (s == null) {
-      return null;
-    }
-    s = s.trim();
-    return s.length() == 0 ? null : s;
-  }
-
-  /**
-   * Check the validity of the log level.
-   * @param level: The log level to be checked
-   * @return
-   *        true: The log level is valid
-   *        false: The log level is invalid
-   */
-  private boolean isLogLevelValid(String level) {
-    return level.equals(Level.toLevel(level).toString());
-  }
-
-  /**
-   * Parse the class name and log level in the http servlet request.
-   * If the request contains only class name, return the log level in the response message.
-   * If the request contains both class name and level, set the log level to the requested level
-   * and return the setting result in the response message.
-   */
-  @Override
-  public void doGet(HttpServletRequest request, HttpServletResponse response)
-          throws ServletException, IOException {
-    String logName = getParameter(request, "log");
-    String level = getParameter(request, "level");
-    response.setContentType("text/html;charset=utf-8");
-    response.setStatus(HttpServletResponse.SC_OK);
-    PrintWriter out = response.getWriter();
-
-    if (logName != null) {
-      Logger logInstance = LogManager.getLogger(logName);
-      if (level == null) {
-        out.write(String.format(FORMS_GET,
-                escapeHtml(logName),
-                logInstance.getEffectiveLevel().toString()));
-      } else if (isLogLevelValid(level)) {
-        logInstance.setLevel(Level.toLevel(level));
-        out.write(String.format(FORMS_SET,
-                escapeHtml(logName),
-                escapeHtml(level),
-                escapeHtml(level),
-                logInstance.getEffectiveLevel().toString()));
-      } else {
-        response.sendError(HttpServletResponse.SC_BAD_REQUEST, "Invalid log level: " + escapeHtml(level));
-        return;
-      }
-    }
-    out.write(FORMS_END);
-    out.close();
-    response.flushBuffer();
-  }
-}

http://git-wip-us.apache.org/repos/asf/sentry/blob/48422f4c/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/thrift/NotificationHandler.java
----------------------------------------------------------------------
diff --git a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/thrift/NotificationHandler.java b/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/thrift/NotificationHandler.java
deleted file mode 100644
index e853394..0000000
--- a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/thrift/NotificationHandler.java
+++ /dev/null
@@ -1,73 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements.  See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership.  The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License.  You may obtain a copy of the License at
- *
- *     http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-package org.apache.sentry.provider.db.service.thrift;
-
-import org.apache.hadoop.conf.Configuration;
-
-/**
- * Users wishing to be notified when a metadata changing event occurs
- * should extend this abstract class. All methods which modify the underlying
- * metadata in SentryPolicyStoreProcessor will have a corresponding method
- * on this class. Each method will contain a copy of the request and response
- * object. Therefore any change to the request or response object will be ignored.
- *
- * Sub-classes should be thread-safe.
- */
-public abstract class NotificationHandler {
-
-  private final Configuration config;
-
-  public NotificationHandler(Configuration config) throws Exception {
-    this.config = config;
-  }
-
-  protected Configuration getConf() {
-    return config;
-  }
-
-  public void create_sentry_role(TCreateSentryRoleRequest request, TCreateSentryRoleResponse response) {
-  }
-
-  public void drop_sentry_role(TDropSentryRoleRequest request, TDropSentryRoleResponse response) {
-  }
-
-  public void alter_sentry_role_grant_privilege(TAlterSentryRoleGrantPrivilegeRequest request,
-                                                TAlterSentryRoleGrantPrivilegeResponse response) {
-  }
-
-  public void alter_sentry_role_revoke_privilege(TAlterSentryRoleRevokePrivilegeRequest request,
-      TAlterSentryRoleRevokePrivilegeResponse response) {
-  }
-
-  public void alter_sentry_role_add_groups(TAlterSentryRoleAddGroupsRequest request,
-                                           TAlterSentryRoleAddGroupsResponse response) {
-  }
-
-  public void alter_sentry_role_delete_groups(TAlterSentryRoleDeleteGroupsRequest request,
-                                              TAlterSentryRoleDeleteGroupsResponse response) {
-  }
-
-  public void alter_sentry_role_add_users(TAlterSentryRoleAddUsersRequest request,
-                                          TAlterSentryRoleAddUsersResponse response) {
-  }
-
-  public void alter_sentry_role_delete_users(TAlterSentryRoleDeleteUsersRequest request,
-                                             TAlterSentryRoleDeleteUsersResponse response) {
-  }
-}
\ No newline at end of file

http://git-wip-us.apache.org/repos/asf/sentry/blob/48422f4c/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/thrift/NotificationHandlerInvoker.java
----------------------------------------------------------------------
diff --git a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/thrift/NotificationHandlerInvoker.java b/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/thrift/NotificationHandlerInvoker.java
deleted file mode 100644
index 75b4260..0000000
--- a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/thrift/NotificationHandlerInvoker.java
+++ /dev/null
@@ -1,164 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements.  See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership.  The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License.  You may obtain a copy of the License at
- *
- *     http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-package org.apache.sentry.provider.db.service.thrift;
-
-import java.util.List;
-
-import org.apache.hadoop.conf.Configuration;
-import org.slf4j.Logger;
-import org.slf4j.LoggerFactory;
-
-import com.google.common.collect.ImmutableList;
-
-/**
- * Invokes configured instances of NotificationHandler. Importantly
- * NotificationHandler's each receive a copy of the request and
- * response thrift objects from each successful request.
- */
-public class NotificationHandlerInvoker extends NotificationHandler {
-  private static final Logger LOGGER = LoggerFactory.getLogger(NotificationHandlerInvoker.class);
-
-  private final ImmutableList<NotificationHandler> handlers;
-
-  public NotificationHandlerInvoker(Configuration conf, List<NotificationHandler> handlers)
-  throws Exception {
-    super(conf);
-    this.handlers = ImmutableList.copyOf(handlers);
-  }
-
-  @Override
-  public void create_sentry_role(TCreateSentryRoleRequest request, TCreateSentryRoleResponse response) {
-    for (NotificationHandler handler : handlers) {
-      try {
-        LOGGER.debug("Calling " + handler);
-        handler.create_sentry_role(new TCreateSentryRoleRequest(request),
-                                   new TCreateSentryRoleResponse(response));
-      } catch (Exception ex) {
-        LOGGER.error("Unexpected error in " + handler + ". Request: "
-                     + request + ", Response: " + response, ex);
-      }
-    }
-  }
-
-  @Override
-  public void drop_sentry_role(TDropSentryRoleRequest request,
-                               TDropSentryRoleResponse response) {
-    for (NotificationHandler handler : handlers) {
-      try {
-        LOGGER.debug("Calling " + handler);
-        handler.drop_sentry_role(new TDropSentryRoleRequest(request),
-                                 new TDropSentryRoleResponse(response));
-      } catch (Exception ex) {
-        LOGGER.error("Unexpected error in " + handler + ". Request: "
-                     + request + ", Response: " + response, ex);
-      }
-    }
-  }
-
-  @Override
-  public void alter_sentry_role_grant_privilege(TAlterSentryRoleGrantPrivilegeRequest request,
-                                                TAlterSentryRoleGrantPrivilegeResponse response) {
-    for (NotificationHandler handler : handlers) {
-      try {
-        LOGGER.debug("Calling " + handler);
-        handler.alter_sentry_role_grant_privilege(new TAlterSentryRoleGrantPrivilegeRequest(request),
-                new TAlterSentryRoleGrantPrivilegeResponse(response));
-      } catch (Exception ex) {
-        LOGGER.error("Unexpected error in " + handler + ". Request: "
-                     + request + ", Response: " + response, ex);
-      }
-    }
-  }
-
-  @Override
-  public void alter_sentry_role_revoke_privilege(TAlterSentryRoleRevokePrivilegeRequest request,
-                                                 TAlterSentryRoleRevokePrivilegeResponse response) {
-    for (NotificationHandler handler : handlers) {
-      try {
-        LOGGER.debug("Calling " + handler);
-        handler.alter_sentry_role_revoke_privilege(new TAlterSentryRoleRevokePrivilegeRequest(request),
-                new TAlterSentryRoleRevokePrivilegeResponse(response));
-      } catch (Exception ex) {
-        LOGGER.error("Unexpected error in " + handler + ". Request: "
-                     + request + ", Response: " + response, ex);
-      }
-    }
-  }
-
-  @Override
-  public void alter_sentry_role_add_groups(
-      TAlterSentryRoleAddGroupsRequest request,
-      TAlterSentryRoleAddGroupsResponse response) {
-    for (NotificationHandler handler : handlers) {
-      try {
-        LOGGER.debug("Calling " + handler);
-        handler.alter_sentry_role_add_groups(new TAlterSentryRoleAddGroupsRequest(request),
-                                             new TAlterSentryRoleAddGroupsResponse(response));
-      } catch (Exception ex) {
-        LOGGER.error("Unexpected error in " + handler + ". Request: "
-                     + request + ", Response: " + response, ex);
-      }
-    }
-  }
-
-  @Override
-  public void alter_sentry_role_delete_groups(TAlterSentryRoleDeleteGroupsRequest request,
-                                              TAlterSentryRoleDeleteGroupsResponse response) {
-    for (NotificationHandler handler : handlers) {
-      try {
-        LOGGER.debug("Calling " + handler);
-        handler.alter_sentry_role_delete_groups(new TAlterSentryRoleDeleteGroupsRequest(request),
-                                                new TAlterSentryRoleDeleteGroupsResponse(response));
-      } catch (Exception ex) {
-        LOGGER.error("Unexpected error in " + handler + ". Request: "
-                     + request + ", Response: " + response, ex);
-      }
-    }
-  }
-
-  @Override
-  public void alter_sentry_role_add_users(TAlterSentryRoleAddUsersRequest request,
-                                          TAlterSentryRoleAddUsersResponse response) {
-    for (NotificationHandler handler : handlers) {
-      try {
-        LOGGER.debug("Calling " + handler);
-        handler.alter_sentry_role_add_users(new TAlterSentryRoleAddUsersRequest(request),
-                new TAlterSentryRoleAddUsersResponse(response));
-      } catch (Exception ex) {
-        LOGGER.error("Unexpected error in " + handler + ". Request: " + request + ", Response: "
-            + response, ex);
-      }
-    }
-  }
-
-  @Override
-  public void alter_sentry_role_delete_users(TAlterSentryRoleDeleteUsersRequest request,
-                                             TAlterSentryRoleDeleteUsersResponse response) {
-    for (NotificationHandler handler : handlers) {
-      try {
-        LOGGER.debug("Calling " + handler);
-        handler.alter_sentry_role_delete_users(new TAlterSentryRoleDeleteUsersRequest(
-            request), new TAlterSentryRoleDeleteUsersResponse(response));
-      } catch (Exception ex) {
-        LOGGER.error("Unexpected error in " + handler + ". Request: " + request + ", Response: "
-            + response, ex);
-      }
-    }
-  }
-}

http://git-wip-us.apache.org/repos/asf/sentry/blob/48422f4c/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/thrift/PubSubServlet.java
----------------------------------------------------------------------
diff --git a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/thrift/PubSubServlet.java b/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/thrift/PubSubServlet.java
deleted file mode 100644
index 6756d91..0000000
--- a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/thrift/PubSubServlet.java
+++ /dev/null
@@ -1,128 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements.  See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership.  The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License.  You may obtain a copy of the License at
- * <p>
- * http://www.apache.org/licenses/LICENSE-2.0
- * <p>
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package org.apache.sentry.provider.db.service.thrift;
-
-import org.apache.sentry.core.common.utils.PubSub;
-
-import org.slf4j.Logger;
-import org.slf4j.LoggerFactory;
-
-import javax.servlet.ServletException;
-import javax.servlet.ServletRequest;
-import javax.servlet.http.HttpServlet;
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
-import java.io.IOException;
-import java.io.PrintWriter;
-
-import static org.apache.commons.lang.StringEscapeUtils.escapeHtml;
-
-/**
- * This servlet facilitates sending {topic, message } tuples to Servlet components 
- * subscribed to specific topics.
- * <p>
- * It uses publish-subscribe mechanism implemented by PubSub class.
- * The form generated by this servlet consists of the following elements:
- * <p>
- * a) Topic: pull-down menu of existing topics, i.e. the topics registered with
- * PubSub by calling PubSub.subscribe() API. This prevents entering invalid topic.
- * <p>
- * b) Message: text field for entering a message
- * <p>
- * c) Submit: button to submit (topic, message) tuple
- * <p>
- * d) Status: text area printing status of the request or help information.
- */
-public class PubSubServlet extends HttpServlet {
-
-  private static final Logger LOGGER = LoggerFactory.getLogger(PubSubServlet.class);
-
-  private static final String FORM_GET =
-    "<!DOCTYPE html>" +
-    "<html>" +
-    "<body>" +
-    "<form>" +
-    "<br><br><b>Topic:</b><br><br>" +
-    "<select name='topic'/>%s</select>" +
-    "<br><br><b>Message:</b><br><br>" +
-    "<input type='text' size='50' name='message'/>" +
-    "<br><br>" +
-    "<input type='submit' value='Submit'/>" +
-    "</form>" +
-    "<br><br><b>Status:</b><br><br>" +
-    "<textarea rows='4' cols='50'>%s</textarea>" +
-    "</body>" +
-    "</html>";
-
-  /**
-   * Return parameter on servlet request for the given name
-   *
-   * @param request: Servlet request
-   * @param name: Name of parameter in servlet request
-   * @return Parameter in servlet request for the given name, return null if can't find parameter.
-   */
-  private static String getParameter(ServletRequest request, String name) {
-    String s = request.getParameter(name);
-    if (s == null) {
-      return null;
-    }
-    s = s.trim();
-    return s.isEmpty() ? null : s;
-  }
-
-  /**
-   * Parse the topic and message values and submit them via PubSub.submit() API.
-   * Reject request for unknown topic, i.e. topic no one is subscribed to.
-   */
-  @Override
-  public void doGet(HttpServletRequest request, HttpServletResponse response)
-          throws ServletException, IOException {
-    String topic = getParameter(request, "topic");
-    String message = getParameter(request, "message");
-    response.setContentType("text/html;charset=utf-8");
-    response.setStatus(HttpServletResponse.SC_OK);
-    PrintWriter out = response.getWriter();
-
-    String msg = "Topic is required, Message is optional.\nValid topics: " + PubSub.getInstance().getTopics();
-    if (topic != null) {
-      LOGGER.info("Submitting topic " + topic + ", message " + message);
-      try {
-        PubSub.getInstance().publish(PubSub.Topic.fromString(topic), message);
-        msg = "Submitted topic " + topic + ", message " + message;
-      } catch (Exception e) {
-        msg = "Failed to submit topic " + topic + ", message " + message + " - " + e.getMessage();
-        LOGGER.error(msg);
-        response.sendError(HttpServletResponse.SC_BAD_REQUEST, msg);
-        return;
-      }
-    }
-
-    StringBuilder topics = new StringBuilder();
-    for (PubSub.Topic t : PubSub.getInstance().getTopics()) {
-      topics.append("<option>").append(t.getName()).append("</option>");
-    }
-
-    String output = String.format(FORM_GET, topics.toString(), escapeHtml(msg));
-    if (LOGGER.isDebugEnabled()) {
-      LOGGER.debug("HTML Page: " + output);
-    }
-    out.write(output);
-    out.close();
-    response.flushBuffer();
-  }
-}


Mime
View raw message