public JsonLogEntity createJsonLogEntity(TCreateSentryRoleRequest request, TCreateSentryRoleResponse response, Configuration conf) { DBAuditMetadataLogEntity hamle = createCommonHAMLE(conf, response.getStatus(), request.getRequestorUserName(), request.getClass().getName()); hamle.setOperationText(CommandUtil.createCmdForCreateOrDropRole( request.getRoleName(), true)); return hamle; }
public JsonLogEntity createJsonLogEntity( org.apache.sentry.provider.db.generic.service.thrift.TAlterSentryRoleAddGroupsRequest request, org.apache.sentry.provider.db.generic.service.thrift.TAlterSentryRoleAddGroupsResponse response, Configuration conf) { GMAuditMetadataLogEntity gmamle = createCommonGMAMLE(conf, response.getStatus(), request.getRequestorUserName(), request.getClass().getName(), request.getComponent()); Joiner joiner = Joiner.on(","); String groups = joiner.join(request.getGroupsIterator()); gmamle.setOperationText(CommandUtil.createCmdForRoleAddGroup(request.getRoleName(), groups)); return gmamle; }
public JsonLogEntity createJsonLogEntity( org.apache.sentry.provider.db.generic.service.thrift.TAlterSentryRoleDeleteGroupsRequest request, org.apache.sentry.provider.db.generic.service.thrift.TAlterSentryRoleDeleteGroupsResponse response, Configuration conf) { GMAuditMetadataLogEntity gmamle = createCommonGMAMLE(conf, response.getStatus(), request.getRequestorUserName(), request.getClass().getName(), request.getComponent()); Joiner joiner = Joiner.on(","); String groups = joiner.join(request.getGroupsIterator()); gmamle.setOperationText(CommandUtil.createCmdForRoleDeleteGroup(request.getRoleName(), groups)); return gmamle; }
@Test public void testCreateCmdForGrantOrRevokePrivilege4() { TAlterSentryRoleGrantPrivilegeRequest grantRequest = getGrantPrivilegeRequest(); TAlterSentryRoleRevokePrivilegeRequest revokeRequest = getRevokePrivilegeRequest(); TSentryPrivilege privilege = getPrivilege(null, PrivilegeScope.DATABASE.name(), "dbTest", "tableTest", "serverTest", "hdfs://namenode:port/path/to/dir"); Set<TSentryPrivilege> privileges = Sets.newHashSet(); privileges.add(privilege); grantRequest.setPrivileges(privileges); revokeRequest.setPrivileges(privileges); String createGrantPrivilegeCmdResult = CommandUtil .createCmdForGrantPrivilege(grantRequest); String createGrantPrivilegeCmdExcepted = "GRANT null ON DATABASE dbTest TO ROLE testRole"; String createRevokePrivilegeCmdResult = CommandUtil .createCmdForRevokePrivilege(revokeRequest); String createRevokePrivilegeCmdExcepted = "REVOKE null ON DATABASE dbTest FROM ROLE testRole"; assertEquals(createGrantPrivilegeCmdExcepted, createGrantPrivilegeCmdResult); assertEquals(createRevokePrivilegeCmdExcepted, createRevokePrivilegeCmdResult); }
@Test public void testCreateCmdForRoleAddOrDeleteGroup2() { String createRoleAddGroupCmdResult = CommandUtil.createCmdForRoleAddGroup("testRole", getGroupStr(3)); String createRoleAddGroupCmdExcepted = "GRANT ROLE testRole TO GROUP testGroup1, testGroup2, testGroup3"; String createRoleDeleteGroupCmdResult = CommandUtil.createCmdForRoleDeleteGroup("testRole", getGroupStr(3)); String createRoleDeleteGroupCmdExcepted = "REVOKE ROLE testRole FROM GROUP testGroup1, testGroup2, testGroup3"; assertEquals(createRoleAddGroupCmdExcepted, createRoleAddGroupCmdResult); assertEquals(createRoleDeleteGroupCmdExcepted, createRoleDeleteGroupCmdResult); }
@Test public void testCreateCmdForGrantOrRevokeGMPrivilege1() { org.apache.sentry.provider.db.generic.service.thrift.TAlterSentryRoleGrantPrivilegeRequest grantRequest = getGrantGMPrivilegeRequest(); org.apache.sentry.provider.db.generic.service.thrift.TAlterSentryRoleRevokePrivilegeRequest revokeRequest = getRevokeGMPrivilegeRequest(); org.apache.sentry.provider.db.generic.service.thrift.TSentryPrivilege privilege = getGMPrivilege(); grantRequest.setPrivilege(privilege); revokeRequest.setPrivilege(privilege); String createGrantPrivilegeCmdResult = CommandUtil.createCmdForGrantGMPrivilege(grantRequest); String createGrantPrivilegeCmdExcepted = "GRANT ACTION ON resourceType1 resourceName1 resourceType2 resourceName2 TO ROLE testRole"; String createRevokePrivilegeCmdResult = CommandUtil .createCmdForRevokeGMPrivilege(revokeRequest); String createRevokePrivilegeCmdExcepted = "REVOKE ACTION ON resourceType1 resourceName1 resourceType2 resourceName2 FROM ROLE testRole"; assertEquals(createGrantPrivilegeCmdExcepted, createGrantPrivilegeCmdResult); assertEquals(createRevokePrivilegeCmdExcepted, createRevokePrivilegeCmdResult); }
private JsonLogEntity createJsonLogEntity( TAlterSentryRoleRevokePrivilegeRequest request, TSentryPrivilege privilege, TAlterSentryRoleRevokePrivilegeResponse response, Configuration conf) { DBAuditMetadataLogEntity hamle = createCommonHAMLE(conf, response.getStatus(), request.getRequestorUserName(), request.getClass().getName()); hamle.setOperationText(CommandUtil.createCmdForRevokePrivilege(request)); hamle.setDatabaseName(privilege.getDbName()); hamle.setTableName(privilege.getTableName()); hamle.setResourcePath(privilege.getURI()); return hamle; }
private JsonLogEntity createJsonLogEntity( TAlterSentryRoleGrantPrivilegeRequest request, TSentryPrivilege privilege, TAlterSentryRoleGrantPrivilegeResponse response, Configuration conf) { DBAuditMetadataLogEntity hamle = createCommonHAMLE(conf, response.getStatus(), request.getRequestorUserName(), request.getClass().getName()); hamle.setOperationText(CommandUtil.createCmdForGrantPrivilege(request)); hamle.setDatabaseName(privilege.getDbName()); hamle.setTableName(privilege.getTableName()); hamle.setResourcePath(privilege.getURI()); return hamle; }
public JsonLogEntity createJsonLogEntity( org.apache.sentry.api.generic.thrift.TAlterSentryRoleGrantPrivilegeRequest request, org.apache.sentry.api.generic.thrift.TAlterSentryRoleGrantPrivilegeResponse response, Configuration conf) { GMAuditMetadataLogEntity gmamle = createCommonGMAMLE(conf, response.getStatus(), request.getRequestorUserName(), request.getClass().getName(), request.getComponent()); if (request.getPrivilege() != null) { List<TAuthorizable> authorizables = request.getPrivilege().getAuthorizables(); Map<String, String> privilegesMap = new LinkedHashMap<String, String>(); if (authorizables != null) { for (TAuthorizable authorizable : authorizables) { privilegesMap.put(authorizable.getType(), authorizable.getName()); } } gmamle.setPrivilegesMap(privilegesMap); } gmamle.setOperationText(CommandUtil.createCmdForGrantGMPrivilege(request)); return gmamle; }
public JsonLogEntity createJsonLogEntity( org.apache.sentry.api.generic.thrift.TAlterSentryRoleRevokePrivilegeRequest request, org.apache.sentry.api.generic.thrift.TAlterSentryRoleRevokePrivilegeResponse response, Configuration conf) { GMAuditMetadataLogEntity gmamle = createCommonGMAMLE(conf, response.getStatus(), request.getRequestorUserName(), request.getClass().getName(), request.getComponent()); if (request.getPrivilege() != null) { List<TAuthorizable> authorizables = request.getPrivilege().getAuthorizables(); Map<String, String> privilegesMap = new LinkedHashMap<String, String>(); if (authorizables != null) { for (TAuthorizable authorizable : authorizables) { privilegesMap.put(authorizable.getType(), authorizable.getName()); } } gmamle.setPrivilegesMap(privilegesMap); } gmamle.setOperationText(CommandUtil.createCmdForRevokeGMPrivilege(request)); return gmamle; }
public static String createCmdForRevokeGMPrivilege( org.apache.sentry.api.generic.thrift.TAlterSentryRoleRevokePrivilegeRequest request) { return createCmdForGrantOrRevokeGMPrivilege(request.getRoleName(), request.getPrivilege(), false); }
private void assertAuditLog(Map<String, String> fieldValueMap) throws Exception { assertThat(AuditLoggerTestAppender.getLastLogLevel(), is(Level.INFO)); JSONObject jsonObject = new JSONObject(AuditLoggerTestAppender.getLastLogEvent()); if (fieldValueMap != null) { for (Map.Entry<String, String> entry : fieldValueMap.entrySet()) { String entryKey = entry.getKey(); if (Constants.LOG_FIELD_IP_ADDRESS.equals(entryKey)) { assertTrue(CommandUtil.assertIPInAuditLog(jsonObject.get(entryKey).toString())); } else { assertTrue(entry.getValue().equalsIgnoreCase(jsonObject.get(entryKey).toString())); } } } } }
private static String createCmdForGrantOrRevokePrivileges(String roleName, Set<TSentryPrivilege> privileges, boolean isGrant) { StringBuilder sb = new StringBuilder(); if (privileges != null) { for (TSentryPrivilege privilege : privileges) { sb.append(createCmdForGrantOrRevokePrivilege(roleName, privilege, isGrant)); } } return sb.toString(); }
@Test public void testCreateCmdForGrantOrRevokePrivilege5() { TAlterSentryRoleGrantPrivilegeRequest grantRequest = getGrantPrivilegeRequest(); TAlterSentryRoleRevokePrivilegeRequest revokeRequest = getRevokePrivilegeRequest(); TSentryPrivilege privilege = getPrivilege(AccessConstants.SELECT, PrivilegeScope.TABLE.name(), "dbTest", "tableTest", "serverTest", "hdfs://namenode:port/path/to/dir"); Set<TSentryPrivilege> privileges = Sets.newHashSet(); privileges.add(privilege); grantRequest.setPrivileges(privileges); revokeRequest.setPrivileges(privileges); String createGrantPrivilegeCmdResult = CommandUtil .createCmdForGrantPrivilege(grantRequest); String createGrantPrivilegeCmdExcepted = "GRANT SELECT ON TABLE tableTest TO ROLE testRole"; String createRevokePrivilegeCmdResult = CommandUtil .createCmdForRevokePrivilege(revokeRequest); String createRevokePrivilegeCmdExcepted = "REVOKE SELECT ON TABLE tableTest FROM ROLE testRole"; assertEquals(createGrantPrivilegeCmdExcepted, createGrantPrivilegeCmdResult); assertEquals(createRevokePrivilegeCmdExcepted, createRevokePrivilegeCmdResult); }
@Test public void testCreateCmdForRoleAddOrDeleteGroup1() { String createRoleAddGroupCmdResult = CommandUtil.createCmdForRoleAddGroup("testRole", getGroupStr(1)); String createRoleAddGroupCmdExcepted = "GRANT ROLE testRole TO GROUP testGroup1"; String createRoleDeleteGroupCmdResult = CommandUtil.createCmdForRoleDeleteGroup("testRole", getGroupStr(1)); String createRoleDeleteGroupCmdExcepted = "REVOKE ROLE testRole FROM GROUP testGroup1"; assertEquals(createRoleAddGroupCmdExcepted, createRoleAddGroupCmdResult); assertEquals(createRoleDeleteGroupCmdExcepted, createRoleDeleteGroupCmdResult); }
@Test public void testCreateCmdForGrantOrRevokeGMPrivilege1() { org.apache.sentry.api.generic.thrift.TAlterSentryRoleGrantPrivilegeRequest grantRequest = getGrantGMPrivilegeRequest(); org.apache.sentry.api.generic.thrift.TAlterSentryRoleRevokePrivilegeRequest revokeRequest = getRevokeGMPrivilegeRequest(); org.apache.sentry.api.generic.thrift.TSentryPrivilege privilege = getGMPrivilege(); grantRequest.setPrivilege(privilege); revokeRequest.setPrivilege(privilege); String createGrantPrivilegeCmdResult = CommandUtil.createCmdForGrantGMPrivilege(grantRequest); String createGrantPrivilegeCmdExcepted = "GRANT ACTION ON resourceType1 resourceName1 resourceType2 resourceName2 TO ROLE testRole"; String createRevokePrivilegeCmdResult = CommandUtil .createCmdForRevokeGMPrivilege(revokeRequest); String createRevokePrivilegeCmdExcepted = "REVOKE ACTION ON resourceType1 resourceName1 resourceType2 resourceName2 FROM ROLE testRole"; assertEquals(createGrantPrivilegeCmdExcepted, createGrantPrivilegeCmdResult); assertEquals(createRevokePrivilegeCmdExcepted, createRevokePrivilegeCmdResult); }
private JsonLogEntity createJsonLogEntity( TAlterSentryRoleRevokePrivilegeRequest request, TSentryPrivilege privilege, TAlterSentryRoleRevokePrivilegeResponse response, Configuration conf) { DBAuditMetadataLogEntity hamle = createCommonHAMLE(conf, response.getStatus(), request.getRequestorUserName(), request.getClass().getName()); hamle.setOperationText(CommandUtil.createCmdForRevokePrivilege(request)); hamle.setDatabaseName(privilege.getDbName()); hamle.setTableName(privilege.getTableName()); hamle.setResourcePath(privilege.getURI()); return hamle; }
private JsonLogEntity createJsonLogEntity( TAlterSentryRoleGrantPrivilegeRequest request, TSentryPrivilege privilege, TAlterSentryRoleGrantPrivilegeResponse response, Configuration conf) { DBAuditMetadataLogEntity hamle = createCommonHAMLE(conf, response.getStatus(), request.getRequestorUserName(), request.getClass().getName()); hamle.setOperationText(CommandUtil.createCmdForGrantPrivilege(request)); hamle.setDatabaseName(privilege.getDbName()); hamle.setTableName(privilege.getTableName()); hamle.setResourcePath(privilege.getURI()); return hamle; }
public JsonLogEntity createJsonLogEntity( org.apache.sentry.provider.db.generic.service.thrift.TAlterSentryRoleGrantPrivilegeRequest request, org.apache.sentry.provider.db.generic.service.thrift.TAlterSentryRoleGrantPrivilegeResponse response, Configuration conf) { GMAuditMetadataLogEntity gmamle = createCommonGMAMLE(conf, response.getStatus(), request.getRequestorUserName(), request.getClass().getName(), request.getComponent()); if (request.getPrivilege() != null) { List<TAuthorizable> authorizables = request.getPrivilege().getAuthorizables(); Map<String, String> privilegesMap = new LinkedHashMap<String, String>(); if (authorizables != null) { for (TAuthorizable authorizable : authorizables) { privilegesMap.put(authorizable.getType(), authorizable.getName()); } } gmamle.setPrivilegesMap(privilegesMap); } gmamle.setOperationText(CommandUtil.createCmdForGrantGMPrivilege(request)); return gmamle; }
public JsonLogEntity createJsonLogEntity( org.apache.sentry.provider.db.generic.service.thrift.TAlterSentryRoleRevokePrivilegeRequest request, org.apache.sentry.provider.db.generic.service.thrift.TAlterSentryRoleRevokePrivilegeResponse response, Configuration conf) { GMAuditMetadataLogEntity gmamle = createCommonGMAMLE(conf, response.getStatus(), request.getRequestorUserName(), request.getClass().getName(), request.getComponent()); if (request.getPrivilege() != null) { List<TAuthorizable> authorizables = request.getPrivilege().getAuthorizables(); Map<String, String> privilegesMap = new LinkedHashMap<String, String>(); if (authorizables != null) { for (TAuthorizable authorizable : authorizables) { privilegesMap.put(authorizable.getType(), authorizable.getName()); } } gmamle.setPrivilegesMap(privilegesMap); } gmamle.setOperationText(CommandUtil.createCmdForRevokeGMPrivilege(request)); return gmamle; }