public TPrivilegeChanges deepCopy() { return new TPrivilegeChanges(this); }
public Object getFieldValue(_Fields field) { switch (field) { case AUTHZ_OBJ: return getAuthzObj(); case ADD_PRIVILEGES: return getAddPrivileges(); case DEL_PRIVILEGES: return getDelPrivileges(); } throw new IllegalStateException(); }
@Override public boolean equals(Object that) { if (that == null) return false; if (that instanceof TPrivilegeChanges) return this.equals((TPrivilegeChanges)that); return false; }
@Override public void onRenameSentryPrivilege(TRenamePrivilegesRequest request) throws SentryPluginException { String oldAuthz = getAuthzObj(request.getOldAuthorizable()); String newAuthz = getAuthzObj(request.getNewAuthorizable()); PermissionsUpdate update = new PermissionsUpdate(permSeqNum.incrementAndGet(), false); TPrivilegeChanges privUpdate = update.addPrivilegeUpdate(PermissionsUpdate.RENAME_PRIVS); privUpdate.putToAddPrivileges(newAuthz, newAuthz); privUpdate.putToDelPrivileges(oldAuthz, oldAuthz); permsUpdater.handleUpdateNotification(update); LOGGER.debug("Authz Perm preUpdate [" + update.getSeqNum() + ", " + newAuthz + ", " + oldAuthz + "].."); }
private void onAlterSentryRoleRevokePrivilegeCore(String roleName, TSentryPrivilege privilege) throws SentryPluginException { String authzObj = getAuthzObj(privilege); if (authzObj != null) { PermissionsUpdate update = new PermissionsUpdate(permSeqNum.incrementAndGet(), false); update.addPrivilegeUpdate(authzObj).putToDelPrivileges( roleName, privilege.getAction().toUpperCase()); permsUpdater.handleUpdateNotification(update); LOGGER.debug("Authz Perm preUpdate [" + update.getSeqNum() + ", " + authzObj + "].."); } }
private void onAlterSentryRoleGrantPrivilegeCore(String roleName, TSentryPrivilege privilege) throws SentryPluginException { String authzObj = getAuthzObj(privilege); if (authzObj != null) { PermissionsUpdate update = new PermissionsUpdate(permSeqNum.incrementAndGet(), false); update.addPrivilegeUpdate(authzObj).putToAddPrivileges( roleName, privilege.getAction().toUpperCase()); permsUpdater.handleUpdateNotification(update); LOGGER.debug("Authz Perm preUpdate [" + update.getSeqNum() + "].."); } }
_val105 = new TPrivilegeChanges(); _val105.read(iprot); struct.privilegeChanges.put(_key104, _val105);
/** * Constructs permission update to be persisted for rename event that can be persisted from thrift * object. * * @param oldAuthorizable old thrift object * @param newAuthorizable new thrift object * @return update to be persisted * @throws SentryInvalidInputException if the required fields are set in arguments provided */ @VisibleForTesting static Update getPermUpdatableOnRename(TSentryAuthorizable oldAuthorizable, TSentryAuthorizable newAuthorizable) throws SentryInvalidInputException { String oldAuthz = SentryServiceUtil.getAuthzObj(oldAuthorizable); String newAuthz = SentryServiceUtil.getAuthzObj(newAuthorizable); PermissionsUpdate update = new PermissionsUpdate(SentryConstants.INIT_CHANGE_ID, false); TPrivilegeChanges privUpdate = update.addPrivilegeUpdate(PermissionsUpdate.RENAME_PRIVS); privUpdate.putToAddPrivileges(new TPrivilegePrincipal(TPrivilegePrincipalType.AUTHZ_OBJ, newAuthz), newAuthz); privUpdate.putToDelPrivileges(new TPrivilegePrincipal(TPrivilegePrincipalType.AUTHZ_OBJ, oldAuthz), oldAuthz); return update; }
@Override public void onDropSentryPrivilege(TDropPrivilegesRequest request) throws SentryPluginException { PermissionsUpdate update = new PermissionsUpdate(permSeqNum.incrementAndGet(), false); String authzObj = getAuthzObj(request.getAuthorizable()); update.addPrivilegeUpdate(authzObj).putToDelPrivileges( PermissionsUpdate.ALL_ROLES, PermissionsUpdate.ALL_ROLES); permsUpdater.handleUpdateNotification(update); LOGGER.debug("Authz Perm preUpdate [" + update.getSeqNum() + ", " + authzObj + "].."); }
@Override public PermissionsUpdate createFullImageUpdate(long currSeqNum) { PermissionsUpdate retVal = new PermissionsUpdate(currSeqNum, true); for (PrivilegeInfo pInfo : perms.getAllPrivileges()) { TPrivilegeChanges pUpdate = retVal.addPrivilegeUpdate(pInfo.getAuthzObj()); for (Map.Entry<String, FsAction> ent : pInfo.getAllPermissions().entrySet()) { pUpdate.putToAddPrivileges(ent.getKey(), ent.getValue().SYMBOL); } } for (RoleInfo rInfo : perms.getAllRoles()) { TRoleChanges rUpdate = retVal.addRoleUpdate(rInfo.getRole()); for (String group : rInfo.getAllGroups()) { rUpdate.addToAddGroups(group); } } return retVal; }
_val117 = new TPrivilegeChanges(); _val117.read(iprot); struct.privilegeChanges.put(_key116, _val117);
addUpdate.addPrivilegeUpdate(authzObj).putToAddPrivileges( new TPrivilegePrincipal(TPrivilegePrincipalType.ROLE, roleName), privilege.getAction().toUpperCase()); delUpdate.addPrivilegeUpdate(authzObj).putToDelPrivileges( new TPrivilegePrincipal(TPrivilegePrincipalType.ROLE, roleName), privilege.getAction().toUpperCase());
private void applyPrivilegeUpdates(PermissionsUpdate update) { for (TPrivilegeChanges pUpdate : update.getPrivilegeUpdates()) { if (pUpdate.getAuthzObj().equals(PermissionsUpdate.RENAME_PRIVS)) { String newAuthzObj = pUpdate.getAddPrivileges().keySet().iterator().next(); String oldAuthzObj = pUpdate.getDelPrivileges().keySet().iterator().next(); PrivilegeInfo privilegeInfo = perms.getPrivilegeInfo(oldAuthzObj); if (pUpdate.getAuthzObj().equals(PermissionsUpdate.ALL_AUTHZ_OBJ)) { String roleToRemove = pUpdate.getDelPrivileges().keySet().iterator() .next(); for (PrivilegeInfo pInfo : perms.getAllPrivileges()) { PrivilegeInfo pInfo = perms.getPrivilegeInfo(pUpdate.getAuthzObj()); for (Map.Entry<String, String> aMap : pUpdate.getAddPrivileges().entrySet()) { if (pInfo == null) { pInfo = new PrivilegeInfo(pUpdate.getAuthzObj()); perms.addParentChildMappings(pUpdate.getAuthzObj()); for (Map.Entry<String, String> dMap : pUpdate.getDelPrivileges().entrySet()) { if (dMap.getKey().equals(PermissionsUpdate.ALL_ROLES)) { perms.delPrivilegeInfo(pUpdate.getAuthzObj()); perms.removeParentChildMappings(pUpdate.getAuthzObj()); break;
/** * Constructs permission update to be persisted for drop event that can be persisted * from thrift object. * * @param authorizable thrift object that is dropped. * @return update to be persisted * @throws SentryInvalidInputException if the required fields are set in argument provided */ @VisibleForTesting static Update getPermUpdatableOnDrop(TSentryAuthorizable authorizable) throws SentryInvalidInputException { PermissionsUpdate update = new PermissionsUpdate(SentryConstants.INIT_CHANGE_ID, false); String authzObj = SentryServiceUtil.getAuthzObj(authorizable); // The value of TPrivilegePrincipal being PermissionsUpdate.ALL_PRIVS indicates that all privileges // associated with this authorizable should be deleted, including both role and user, i.e., // the key value of TPrivilegePrincipalType.ROLE is ignored. update.addPrivilegeUpdate(authzObj) .putToDelPrivileges(new TPrivilegePrincipal(TPrivilegePrincipalType.ROLE, PermissionsUpdate.ALL_PRIVS), PermissionsUpdate.ALL_PRIVS); return update; }
public TPrivilegeChanges addPrivilegeUpdate(String authzObj) { if (tPermUpdate.getPrivilegeChanges().containsKey(authzObj)) { return tPermUpdate.getPrivilegeChanges().get(authzObj); } TPrivilegeChanges privUpdate = new TPrivilegeChanges(authzObj, new HashMap<String, String>(), new HashMap<String, String>()); tPermUpdate.getPrivilegeChanges().put(authzObj, privUpdate); return privUpdate; }
PermissionsUpdate renameUpdate = new PermissionsUpdate(0, false); TPrivilegeChanges privUpdate = renameUpdate.addPrivilegeUpdate(PermissionsUpdate.RENAME_PRIVS); privUpdate.putToAddPrivileges(new TPrivilegePrincipal(TPrivilegePrincipalType.AUTHZ_OBJ, newAuthz), newAuthz); privUpdate.putToDelPrivileges(new TPrivilegePrincipal(TPrivilegePrincipalType.AUTHZ_OBJ, oldAuthz), oldAuthz);
@Override public void onDropSentryRole(TDropSentryRoleRequest request) throws SentryPluginException { PermissionsUpdate update = new PermissionsUpdate(permSeqNum.incrementAndGet(), false); update.addPrivilegeUpdate(PermissionsUpdate.ALL_AUTHZ_OBJ).putToDelPrivileges( request.getRoleName(), PermissionsUpdate.ALL_AUTHZ_OBJ); update.addRoleUpdate(request.getRoleName()).addToDelGroups(PermissionsUpdate.ALL_GROUPS); permsUpdater.handleUpdateNotification(update); LOGGER.debug("Authz Perm preUpdate [" + update.getSeqNum() + ", " + request.getRoleName() + "].."); }
/** * Performs a deep copy on <i>other</i>. */ public TPermissionsUpdate(TPermissionsUpdate other) { __isset_bitfield = other.__isset_bitfield; this.hasfullImage = other.hasfullImage; this.seqNum = other.seqNum; if (other.isSetPrivilegeChanges()) { Map<String,TPrivilegeChanges> __this__privilegeChanges = new HashMap<String,TPrivilegeChanges>(); for (Map.Entry<String, TPrivilegeChanges> other_element : other.privilegeChanges.entrySet()) { String other_element_key = other_element.getKey(); TPrivilegeChanges other_element_value = other_element.getValue(); String __this__privilegeChanges_copy_key = other_element_key; TPrivilegeChanges __this__privilegeChanges_copy_value = new TPrivilegeChanges(other_element_value); __this__privilegeChanges.put(__this__privilegeChanges_copy_key, __this__privilegeChanges_copy_value); } this.privilegeChanges = __this__privilegeChanges; } if (other.isSetRoleChanges()) { Map<String,TRoleChanges> __this__roleChanges = new HashMap<String,TRoleChanges>(); for (Map.Entry<String, TRoleChanges> other_element : other.roleChanges.entrySet()) { String other_element_key = other_element.getKey(); TRoleChanges other_element_value = other_element.getValue(); String __this__roleChanges_copy_key = other_element_key; TRoleChanges __this__roleChanges_copy_value = new TRoleChanges(other_element_value); __this__roleChanges.put(__this__roleChanges_copy_key, __this__roleChanges_copy_value); } this.roleChanges = __this__roleChanges; } }
@Test public void testDropObjWithPermUpdate() throws Exception { String roleName1 = "list-privs-r1", roleName2 = "list-privs-r2"; sentryStore.createSentryRole(roleName1); sentryStore.createSentryRole(roleName2); String authzObj = "db1.tbl1"; TSentryPrivilege privilege_tbl1 = new TSentryPrivilege(); privilege_tbl1.setPrivilegeScope("TABLE"); privilege_tbl1.setServerName("server1"); privilege_tbl1.setDbName("db1"); privilege_tbl1.setTableName("tbl1"); privilege_tbl1.setCreateTime(System.currentTimeMillis()); privilege_tbl1.setAction("SELECT"); sentryStore.alterSentryGrantPrivileges(SentryPrincipalType.ROLE, roleName1, Sets.newHashSet(privilege_tbl1), null); // Generate the permission drop update for dropping privilege for "db1.tbl1" PermissionsUpdate dropUpdate = new PermissionsUpdate(0, false); dropUpdate.addPrivilegeUpdate(authzObj).putToDelPrivileges(new TPrivilegePrincipal(TPrivilegePrincipalType.ROLE, PermissionsUpdate.ALL_ROLES), PermissionsUpdate.ALL_ROLES); // Drop the privilege and verify. sentryStore.dropPrivilege(toTSentryAuthorizable(privilege_tbl1), dropUpdate); assertEquals(0, sentryStore.getAllTSentryPrivilegesByRoleName(roleName1).size()); assertEquals(0, sentryStore.getAllTSentryPrivilegesByRoleName(roleName2).size()); // Query the persisted perm change and ensure it equals to the original one long lastChangeID = sentryStore.getLastProcessedPermChangeID(); MSentryPermChange dropPermChange = sentryStore.getMSentryPermChangeByID(lastChangeID); assertEquals(dropUpdate.JSONSerialize(), dropPermChange.getPermChange()); }
@Override public PermissionsUpdate retrieveFullImage(long currSeqNum) { final Timer.Context timerContext = SentryHdfsMetricsUtil.getRetrieveFullImageTimer.time(); Map<String, HashMap<String, String>> privilegeImage = sentryStore.retrieveFullPrivilegeImage(); Map<String, LinkedList<String>> roleImage = sentryStore.retrieveFullRoleImage(); TPermissionsUpdate tPermUpdate = new TPermissionsUpdate(true, currSeqNum, new HashMap<String, TPrivilegeChanges>(), new HashMap<String, TRoleChanges>()); for (Map.Entry<String, HashMap<String, String>> privEnt : privilegeImage.entrySet()) { String authzObj = privEnt.getKey(); HashMap<String,String> privs = privEnt.getValue(); tPermUpdate.putToPrivilegeChanges(authzObj, new TPrivilegeChanges( authzObj, privs, new HashMap<String, String>())); } for (Map.Entry<String, LinkedList<String>> privEnt : roleImage.entrySet()) { String role = privEnt.getKey(); LinkedList<String> groups = privEnt.getValue(); tPermUpdate.putToRoleChanges(role, new TRoleChanges(role, groups, new LinkedList<String>())); } PermissionsUpdate permissionsUpdate = new PermissionsUpdate(tPermUpdate); permissionsUpdate.setSeqNum(currSeqNum); timerContext.stop(); SentryHdfsMetricsUtil.getPrivilegeChangesHistogram.update( tPermUpdate.getPrivilegeChangesSize()); SentryHdfsMetricsUtil.getRoleChangesHistogram.update( tPermUpdate.getRoleChangesSize()); return permissionsUpdate; }