private void createRoleIfNotExist(PersistenceManager pm, Set<String> existRoleNames, String roleName) throws Exception { String lowerRoleName = trimAndLower(roleName); // if the rolenName doesn't exist, create it. if (!existRoleNames.contains(lowerRoleName)) { // update the exist role name set existRoleNames.add(lowerRoleName); // Create role in the persistent storage pm.makePersistent(new MSentryRole(trimAndLower(roleName))); } }
/** * Removes all the privileges associated with * a particular role. After this dis-association if the * privilege doesn't have any roles associated it will be * removed from the underlying persistence layer. * @param pm Instance of PersistenceManager * @param sentryRole Role for which all the privileges are to be removed. */ private void removePrivileges(PersistenceManager pm, MSentryRole sentryRole) { List<MSentryPrivilege> privilegesCopy = new ArrayList<>(sentryRole.getPrivileges()); List<MSentryGMPrivilege> gmPrivilegesCopy = new ArrayList<>(sentryRole.getGmPrivileges()); sentryRole.removePrivileges(); // with SENTRY-398 generic model sentryRole.removeGMPrivileges(); removeStaledPrivileges(pm, privilegesCopy); removeStaledGMPrivileges(pm, gmPrivilegesCopy); }
private TSentryRole convertToTSentryRole(MSentryRole mSentryRole) { String roleName = mSentryRole.getRoleName().intern(); Set<MSentryGroup> groups = mSentryRole.getGroups(); Set<TSentryGroup> sentryGroups = new HashSet<>(groups.size()); for(MSentryGroup mSentryGroup: groups) { TSentryGroup group = convertToTSentryGroup(mSentryGroup); sentryGroups.add(group); } return new TSentryRole(roleName, sentryGroups, EMPTY_GRANTOR_PRINCIPAL); }
private Map<String, Set<String>> getUserRolesMap(Collection<MSentryRole> mSentryRoles) { if (mSentryRoles.isEmpty()) { return Collections.emptyMap(); } Map<String, Set<String>> userRolesMap = new HashMap<>(); // change the List<MSentryRole> -> Map<userName, Set<roleName>> for (MSentryRole mSentryRole : mSentryRoles) { Set<MSentryUser> users = mSentryRole.getUsers(); for (MSentryUser user : users) { String userName = user.getUserName(); Set<String> rNames = userRolesMap.get(userName); if (rNames == null) { rNames = new HashSet<>(); } rNames.add(mSentryRole.getRoleName()); userRolesMap.put(userName, rNames); } } return userRolesMap; }
pm.makePersistent(new MSentryRole(roleName, System.currentTimeMillis())); commitTransaction(pm); role = getMSentryRole(pm, roleName); pm.retrieve(role); assertEquals(1, role.getPrivileges().size()); assertEquals(1, role.getGmPrivileges().size()); commitTransaction(pm); solrPrivilege = (MSentryGMPrivilege)role.getGmPrivileges().toArray()[0]; solrPrivilege.removeRole(role); pm.makePersistent(solrPrivilege); role = getMSentryRole(pm, roleName); pm.retrieve(role); assertEquals(1, role.getPrivileges().size()); assertEquals(0, role.getGmPrivileges().size()); commitTransaction(pm); role = getMSentryRole(pm, roleName); pm.retrieve(role); hivePrivilege = (MSentryPrivilege)role.getPrivileges().toArray()[0]; hivePrivilege.removeRole(role); pm.makePersistent(hivePrivilege); role = getMSentryRole(pm, roleName); pm.retrieve(role); assertEquals(0, role.getPrivileges().size()); assertEquals(0, role.getGmPrivileges().size());
private Set<MSentryPrivilege> getMSentryPrivilegesByRoleName(String roleName) throws Exception { MSentryRole mSentryRole = getMSentryRoleByName(roleName); return mSentryRole.getPrivileges(); }
private void dropSentryRoleCore(PersistenceManager pm, String roleName) throws SentryNoSuchObjectException { String lRoleName = roleName.trim().toLowerCase(); Query query = pm.newQuery(MSentryRole.class); query.setFilter("this.roleName == t"); query.declareParameters("java.lang.String t"); query.setUnique(true); MSentryRole sentryRole = (MSentryRole) query.execute(lRoleName); if (sentryRole == null) { throw new SentryNoSuchObjectException("Role: " + lRoleName + " doesn't exist"); } else { pm.retrieve(sentryRole); int numPrivs = sentryRole.getPrivileges().size(); sentryRole.removePrivileges(); // with SENTRY-398 generic model sentryRole.removeGMPrivileges(); privCleaner.incPrivRemoval(numPrivs); pm.deletePersistent(sentryRole); } }
/** * Return set of rolenames from a collection of roles * @param roles - collection of roles * @return set of role names for each role in collection */ public static Set<String> rolesToRoleNames(final Iterable<MSentryRole> roles) { Set<String> roleNames = new HashSet<>(); for (MSentryRole mSentryRole : roles) { roleNames.add(mSentryRole.getRoleName()); } return roleNames; }
public Map<String, Set<TSentryPrivilege>> getRoleNameTPrivilegesMap() throws Exception { boolean rollbackTransaction = true; PersistenceManager pm = null; try { pm = openTransaction(); Query query = pm.newQuery(MSentryRole.class); List<MSentryRole> mSentryRoles = (List<MSentryRole>) query.execute(); Map<String, Set<TSentryPrivilege>> sentryRolePrivilegesMap = Maps.newHashMap(); if (mSentryRoles != null) { // change the List<MSentryRole> -> Map<roleName, Set<TSentryPrivilege>> for (MSentryRole mSentryRole : mSentryRoles) { Set<TSentryPrivilege> privilegeSet = convertToTSentryPrivileges(mSentryRole .getPrivileges()); if (privilegeSet != null && !privilegeSet.isEmpty()) { sentryRolePrivilegesMap.put(mSentryRole.getRoleName(), privilegeSet); } } } commitTransaction(pm); rollbackTransaction = false; return sentryRolePrivilegesMap; } finally { if (rollbackTransaction) { rollbackTransaction(pm); } } }
} else { pm.retrieve(sentryRole); sentryRole.removeGMPrivileges(); sentryRole.removePrivileges(); pm.deletePersistent(sentryRole);
@Test public void testAddDeleteGroups() throws Exception { String roleName = "test-groups"; String grantor = "g1"; createRole(roleName); Set<TSentryGroup> groups = Sets.newHashSet(); TSentryGroup group = new TSentryGroup(); group.setGroupName("test-groups-g1"); groups.add(group); group = new TSentryGroup(); group.setGroupName("test-groups-g2"); groups.add(group); sentryStore.alterSentryRoleAddGroups(grantor, roleName, groups); sentryStore.alterSentryRoleDeleteGroups(roleName, groups); MSentryRole role = sentryStore.getMSentryRoleByName(roleName); assertEquals(Collections.emptySet(), role.getGroups()); }
grantPrivilege.setAction(ac.getValue()); MSentryGMPrivilege existPriv = getPrivilege(grantPrivilege, pm); if (existPriv != null && role.getGmPrivileges().contains(existPriv)) { if (allPrivilege != null && role.getGmPrivileges().contains(allPrivilege)) { return;
private void revokeRolePartial(PersistenceManager pm, MSentryRole mRole, MSentryPrivilege currentPrivilege, MSentryPrivilege persistedPriv, String addAction) throws SentryInvalidInputException { // If table / URI, remove ALL persistedPriv.removeRole(mRole); privCleaner.incPrivRemoval(); pm.makePersistent(persistedPriv); currentPrivilege.setAction(AccessConstants.ALL); persistedPriv = getMSentryPrivilege(convertToTSentryPrivilege(currentPrivilege), pm); if (persistedPriv != null && mRole.getPrivileges().contains(persistedPriv)) { persistedPriv.removeRole(mRole); privCleaner.incPrivRemoval(); pm.makePersistent(persistedPriv); currentPrivilege.setAction(addAction); persistedPriv = getMSentryPrivilege(convertToTSentryPrivilege(currentPrivilege), pm); if (persistedPriv == null) { persistedPriv = convertToMSentryPrivilege(convertToTSentryPrivilege(currentPrivilege)); mRole.appendPrivilege(persistedPriv); } persistedPriv.appendRole(mRole); pm.makePersistent(persistedPriv); } }
public void appendRole(MSentryRole role) { if (roles.add(role)) { role.appendGMPrivilege(this); } }
public void appendRole(MSentryRole role) { if (roles.add(role)) { role.appendGroup(this); } }
@Test public void testAddDeleteUsers() throws Exception { String roleName = "test-users"; createRole(roleName); Set<String> users = Sets.newHashSet("test-user-u1", "test-user-u2"); sentryStore.alterSentryRoleAddUsers(roleName, users); MSentryRole role = sentryStore.getMSentryRoleByName(roleName); role.getUsers().size(); sentryStore.alterSentryRoleDeleteUsers(roleName, users); role = sentryStore.getMSentryRoleByName(roleName); assertEquals(0, role.getUsers().size()); }
pm.makePersistent(new MSentryRole(roleName, System.currentTimeMillis())); commitTransaction(pm); role = getMSentryRole(pm, roleName); pm.retrieve(role); assertEquals(1, role.getPrivileges().size()); assertEquals(1, role.getGmPrivileges().size()); commitTransaction(pm); solrPrivilege = (MSentryGMPrivilege)role.getGmPrivileges().toArray()[0]; solrPrivilege.removeRole(role); pm.makePersistent(solrPrivilege); role = getMSentryRole(pm, roleName); pm.retrieve(role); assertEquals(1, role.getPrivileges().size()); assertEquals(0, role.getGmPrivileges().size()); commitTransaction(pm); role = getMSentryRole(pm, roleName); pm.retrieve(role); hivePrivilege = (MSentryPrivilege)role.getPrivileges().toArray()[0]; hivePrivilege.removePrincipal(role); pm.makePersistent(hivePrivilege); role = getMSentryRole(pm, roleName); pm.retrieve(role); assertEquals(0, role.getPrivileges().size()); assertEquals(0, role.getGmPrivileges().size());
private Set<MSentryPrivilege> getMSentryPrivilegesByRoleName(String roleName) throws SentryNoSuchObjectException { MSentryRole mSentryRole = getMSentryRoleByName(roleName); return mSentryRole.getPrivileges(); }
private Set<String> convertToRoleNameSet(Set<MSentryRole> mSentryRoles) { if (mSentryRoles.isEmpty()) { return Collections.emptySet(); } Set<String> roleNameSet = new HashSet<>(mSentryRoles.size()); for (MSentryRole role : mSentryRoles) { roleNameSet.add(role.getRoleName()); } return roleNameSet; }
for (MSentryRole mSentryRole : mSentryRoles) { Set<TSentryPrivilege> tPrivileges = convertToTSentryPrivileges(mSentryRole.getPrivileges()); allRolesPrivileges.put(mSentryRole.getRoleName(), tPrivileges);