private SentryPolicyServiceClient create() throws Exception { return (SentryPolicyServiceClient) Proxy .newProxyInstance(SentryPolicyServiceClientDefaultImpl.class.getClassLoader(), SentryPolicyServiceClientDefaultImpl.class.getInterfaces(), new RetryClientInvocationHandler(conf, new SentryPolicyServiceClientDefaultImpl(conf, transportPool), transportConfig)); }
private void revokePrivilege(String requestorUserName, String roleName, PrivilegeScope scope, String serverName, String uri, String db, String table, List<String> columns, String action, Boolean grantOption) throws SentryUserException { Set<TSentryPrivilege> privileges = convertColumnPrivileges(scope, serverName, uri, db, table, columns, action, grantOption); this.revokePrivilegesCore(requestorUserName, roleName, privileges); }
private TSentryPrivilege grantPrivilege(String requestorUserName, String roleName, PrivilegeScope scope, String serverName, String uri, String db, String table, String column, String action, Boolean grantOption) throws SentryUserException { TSentryPrivilege privilege = convertToTSentryPrivilege(scope, serverName, uri, db, table, column, action, grantOption); return grantPrivilegeCore(requestorUserName, roleName, privilege); }
private Set<TSentryPrivilege> grantPrivileges(String requestorUserName, String roleName, PrivilegeScope scope, String serverName, String uri, String db, String table, List<String> columns, String action, Boolean grantOption) throws SentryUserException { Set<TSentryPrivilege> privileges = convertColumnPrivileges(scope, serverName, uri, db, table, columns, action, grantOption); return grantPrivilegesCore(requestorUserName, roleName, privileges); }
@Override public void renamePrivileges(String requestorUserName, List<? extends Authorizable> oldAuthorizables, List<? extends Authorizable> newAuthorizables) throws SentryUserException { TSentryAuthorizable tOldSentryAuthorizable = setupSentryAuthorizable(oldAuthorizables); TSentryAuthorizable tNewSentryAuthorizable = setupSentryAuthorizable(newAuthorizables); TRenamePrivilegesRequest request = new TRenamePrivilegesRequest( ThriftConstants.TSENTRY_SERVICE_VERSION_CURRENT, requestorUserName, tOldSentryAuthorizable, tNewSentryAuthorizable); try { TRenamePrivilegesResponse response = client .rename_sentry_privilege(request); Status.throwIfNotOk(response.getStatus()); } catch (TException e) { throw new SentryUserException(THRIFT_EXCEPTION_MESSAGE, e); } }
@Override public void dropRole(String requestorUserName, String roleName) throws SentryUserException { dropRole(requestorUserName, roleName, false); }
@Override public void grantRoleToGroups(String requestorUserName, String roleName, Set<String> groups) throws SentryUserException { TAlterSentryRoleAddGroupsRequest request = new TAlterSentryRoleAddGroupsRequest( ThriftConstants.TSENTRY_SERVICE_VERSION_CURRENT, requestorUserName, roleName, convert2TGroups(groups)); try { TAlterSentryRoleAddGroupsResponse response = client.alter_sentry_role_add_groups(request); Status.throwIfNotOk(response.getStatus()); } catch (TException e) { throw new SentryUserException(THRIFT_EXCEPTION_MESSAGE, e); } }
privilege.setAction(action); privilege.setCreateTime(System.currentTimeMillis()); privilege.setGrantOption(convertTSentryGrantOption(grantOption)); setBuilder.add(privilege); } else { privilege.setAction(action); privilege.setCreateTime(System.currentTimeMillis()); privilege.setGrantOption(convertTSentryGrantOption(grantOption)); setBuilder.add(privilege);
@Override public void close() { done(); }
@Override public Map<String, Map<String, Set<String>>> exportPolicy(String requestorUserName, String objects) throws SentryUserException { TSentryExportMappingDataRequest request = new TSentryExportMappingDataRequest( ThriftConstants.TSENTRY_SERVICE_VERSION_CURRENT, requestorUserName); request.setAuthorizables(SentryServiceUtil.parseAuthorizables(objects)); try { TSentryExportMappingDataResponse response = client.export_sentry_mapping_data(request); Status.throwIfNotOk(response.getStatus()); TSentryMappingData tSentryMappingData = response.getMappingData(); Map<String, Map<String, Set<String>>> resultMap = Maps.newHashMap(); resultMap.put(PolicyFileConstants.USER_ROLES, tSentryMappingData.getUserRolesMap()); resultMap.put(PolicyFileConstants.GROUPS, tSentryMappingData.getGroupRolesMap()); resultMap.put(PolicyFileConstants.ROLES, convertRolePrivilegesMapForPolicyFile(tSentryMappingData.getRolePrivilegesMap())); return resultMap; } catch (TException e) { throw new SentryUserException(THRIFT_EXCEPTION_MESSAGE, e); } }
.setRolePrivilegesMap(convertRolePrivilegesMapForSentryDB(policyFileMappingData .get(PolicyFileConstants.ROLES))); TSentryImportMappingDataRequest request = new TSentryImportMappingDataRequest(
@Override public void dropPrivileges(String requestorUserName, List<? extends Authorizable> authorizableObjects) throws SentryUserException { TSentryAuthorizable tSentryAuthorizable = setupSentryAuthorizable(authorizableObjects); TDropPrivilegesRequest request = new TDropPrivilegesRequest( ThriftConstants.TSENTRY_SERVICE_VERSION_CURRENT, requestorUserName, tSentryAuthorizable); try { TDropPrivilegesResponse response = client.drop_sentry_privilege(request); Status.throwIfNotOk(response.getStatus()); } catch (TException e) { throw new SentryUserException(THRIFT_EXCEPTION_MESSAGE, e); } }
@Override public void dropRoleIfExists(String requestorUserName, String roleName) throws SentryUserException { dropRole(requestorUserName, roleName, true); }
@Override public void revokeRoleFromGroups(String requestorUserName, String roleName, Set<String> groups) throws SentryUserException { TAlterSentryRoleDeleteGroupsRequest request = new TAlterSentryRoleDeleteGroupsRequest( ThriftConstants.TSENTRY_SERVICE_VERSION_CURRENT, requestorUserName, roleName, convert2TGroups(groups)); try { TAlterSentryRoleDeleteGroupsResponse response = client.alter_sentry_role_delete_groups(request); Status.throwIfNotOk(response.getStatus()); } catch (TException e) { throw new SentryUserException(THRIFT_EXCEPTION_MESSAGE, e); } }
private TSentryPrivilege convertToTSentryPrivilege( PrivilegeScope scope, String serverName, String uri, String db, String table, String column, String action, Boolean grantOption) { TSentryPrivilege privilege = new TSentryPrivilege(); privilege.setPrivilegeScope(scope.toString()); privilege.setServerName(serverName); privilege.setURI(uri); privilege.setDbName(db); privilege.setTableName(table); privilege.setColumnName(column); privilege.setAction(action); privilege.setCreateTime(System.currentTimeMillis()); privilege.setGrantOption(convertTSentryGrantOption(grantOption)); return privilege; }
authSet.add(setupSentryAuthorizable(authorizableHierarchy));
@Override public Set<String> listPrivilegesForProvider (Set<String> groups, Set<String> users, ActiveRoleSet roleSet, Authorizable... authorizable) throws SentryUserException { TSentryActiveRoleSet thriftRoleSet = new TSentryActiveRoleSet(roleSet.isAll(), roleSet.getRoles()); TListSentryPrivilegesForProviderRequest request = new TListSentryPrivilegesForProviderRequest(ThriftConstants. TSENTRY_SERVICE_VERSION_CURRENT, groups, thriftRoleSet); if (authorizable != null && authorizable.length > 0) { TSentryAuthorizable tSentryAuthorizable = setupSentryAuthorizable(Lists .newArrayList(authorizable)); request.setAuthorizableHierarchy(tSentryAuthorizable); } if (users != null) { request.setUsers(users); } try { TListSentryPrivilegesForProviderResponse response = client.list_sentry_privileges_for_provider(request); Status.throwIfNotOk(response.getStatus()); return response.getPrivileges(); } catch (TException e) { throw new SentryUserException(THRIFT_EXCEPTION_MESSAGE, e); } }
TSentryAuthorizable tSentryAuthorizable = setupSentryAuthorizable(authorizable); request.setAuthorizableHierarchy(tSentryAuthorizable);
@Override public Set<TSentryPrivilege> listPrivilegesByUserName(String requestorUserName, String userName, List<? extends Authorizable> authorizable) throws SentryUserException { TListSentryPrivilegesRequest request = new TListSentryPrivilegesRequest(); request.setProtocol_version(ThriftConstants.TSENTRY_SERVICE_VERSION_CURRENT); request.setRequestorUserName(requestorUserName); // TODO: Remove setRoleName() once the required field is removed request.setRoleName(""); // roleName is unused by it is required by Thrift request.setPrincipalName(userName); if (authorizable != null && !authorizable.isEmpty()) { TSentryAuthorizable tSentryAuthorizable = setupSentryAuthorizable(authorizable); request.setAuthorizableHierarchy(tSentryAuthorizable); } TListSentryPrivilegesResponse response; try { response = client.list_sentry_privileges_by_user(request); if (response == null) { throw new SentryUserException("The Sentry server has returned a NULL response. " + "See the Sentry server logs for more information about the error."); } Status.throwIfNotOk(response.getStatus()); return response.getPrivileges(); } catch (TException e) { throw new SentryUserException(THRIFT_EXCEPTION_MESSAGE, e); } }
new Server(server), new Database(db2), new Table(tab)); expectedResults.put( SentryPolicyServiceClientDefaultImpl.setupSentryAuthorizable(db2TabAuthrizable), db1RoleToPrivMap);