private boolean isUserStale(MSentryUser user) { if (user.getPrivileges().isEmpty() && user.getRoles().isEmpty()) { return true; } return false; }
/** * Get all users as a map from user name to user * @param pm PersistenceManager instance * @return map of user names to user data for each user */ private Map<String, MSentryUser> getUserNameToUserMap(PersistenceManager pm) { Query query = pm.newQuery(MSentryUser.class); @SuppressWarnings("unchecked") List<MSentryUser> users = (List<MSentryUser>) query.execute(); if (users.isEmpty()) { return Collections.emptyMap(); } Map<String, MSentryUser> existUsersMap = new HashMap<>(users.size()); // change the List<MSentryUser> -> Map<userName, MSentryUser> for (MSentryUser user : users) { existUsersMap.put(user.getUserName(), user); } return existUsersMap; }
public void appendUser(MSentryUser user) { if (users.add(user)) { user.appendRole(this); } }
/** * Removes all the privileges associated with * a particular user. After this dis-association if the * privilege doesn't have any users associated it will be * removed from the underlying persistence layer. * @param pm Instance of PersistenceManager * @param sentryUser User for which all the privileges are to be removed. */ private void removePrivilegesForUser(PersistenceManager pm, MSentryUser sentryUser) { List<MSentryPrivilege> privilegesCopy = new ArrayList<>(sentryUser.getPrivileges()); sentryUser.removePrivileges(); removeStaledPrivileges(pm, privilegesCopy); }
for (MSentryUser mSentryUser : mSentryUsers) { Set<TSentryPrivilege> tPrivileges = convertToTSentryPrivileges(mSentryUser.getPrivileges()); allUsersPrivileges.put(mSentryUser.getUserName(), tPrivileges);
private Set<MSentryPrivilege> getMSentryPrivilegesByUserName(String userName) throws Exception { MSentryUser mSentryUser = getMSentryUserByName(userName); return mSentryUser.getPrivileges(); }
private void alterSentryRoleAddUsersCore(PersistenceManager pm, String roleName, Set<String> userNames) throws SentryNoSuchObjectException { String trimmedRoleName = trimAndLower(roleName); MSentryRole role = getRole(pm, trimmedRoleName); if (role == null) { throw noSuchRole(trimmedRoleName); } Query query = pm.newQuery(MSentryUser.class); query.setFilter("this.userName == :userName"); query.setUnique(true); List<MSentryUser> users = Lists.newArrayList(); for (String userName : userNames) { userName = userName.trim(); MSentryUser user = (MSentryUser) query.execute(userName); if (user == null) { user = new MSentryUser(userName, System.currentTimeMillis(), Sets.newHashSet(role)); } user.appendRole(role); users.add(user); } pm.makePersistentAll(users); }
public void removeUser(MSentryUser user) { if (users.remove(user)) { user.removeRole(this); } }
public void removeUser(MSentryUser user) { users.remove(user); user.removePrivilege(this); }
/** * Create a sentry user and persist it. User name is the primary key for the * user, so an attempt to create a user which exists fails with JDO exception. * * @param userName: Name of the user being persisted. * The name is normalized. * @throws Exception */ public void createSentryUser(final String userName) throws Exception { tm.executeTransactionWithRetry( pm -> { pm.setDetachAllOnCommit(false); // No need to detach objects String trimmedUserName = userName.trim(); if (getUser(pm, trimmedUserName) != null) { throw new SentryAlreadyExistsException("User: " + trimmedUserName); } pm.makePersistent( new MSentryUser(trimmedUserName, System.currentTimeMillis(), Sets.newHashSet())); return null; }); }
private Set<MSentryRole> getRolesForUsers(PersistenceManager pm, Set<String> users) { Set<MSentryRole> result = Sets.newHashSet(); if (users != null) { Query query = pm.newQuery(MSentryUser.class); query.addExtension(LOAD_RESULTS_AT_COMMIT, "false"); query.setFilter(":p1.contains(this.userName)"); FetchGroup grp = pm.getFetchGroup(MSentryUser.class, "fetchRoles"); grp.addMember("roles"); pm.getFetchPlan().addGroup("fetchRoles"); List<MSentryUser> sentryUsers = (List) query.execute(users.toArray()); if (sentryUsers != null) { for (MSentryUser sentryUser : sentryUsers) { result.addAll(sentryUser.getRoles()); } } } return result; }
Set<MSentryPrivilege> privileges = user.getPrivileges(); assertEquals(privileges.toString(), 1, privileges.size()); privileges = user.getPrivileges(); assertEquals(privileges.toString(), 1, privileges.size()); privileges = user.getPrivileges(); assertEquals(privileges.toString(), 1, privileges.size()); privileges = user.getPrivileges(); assertEquals(privileges.toString(), 1, privileges.size());
MSentryUser user = (MSentryUser) query.execute(userName); if (user != null) { user.removeRole(role);
public void revokeOwnerPrivilegesCore(PersistenceManager pm, final TSentryAuthorizable tAuthorizable) throws Exception{ TSentryPrivilege tOwnerPrivilege = toSentryPrivilege(tAuthorizable); tOwnerPrivilege.setAction(AccessConstants.OWNER); // Finding owner privileges and removing them. List<MSentryPrivilege> mOwnerPrivileges = getMSentryPrivilegesExactMatch(tOwnerPrivilege, pm); for(MSentryPrivilege mOwnerPriv : mOwnerPrivileges) { Set<MSentryUser> users; users = mOwnerPriv.getUsers(); // Making sure of removing stale users. for (MSentryUser user : users) { user.removePrivilege(mOwnerPriv); persistEntity(pm, SentryPrincipalType.USER, user); } } pm.deletePersistentAll(mOwnerPrivileges); }
} else if(type == SentryPrincipalType.USER) { mEntity = new MSentryUser(entityName, System.currentTimeMillis(), Sets.newHashSet());
private Map<String, Set<String>> getUserRolesMap(Collection<MSentryRole> mSentryRoles) { if (mSentryRoles.isEmpty()) { return Collections.emptyMap(); } Map<String, Set<String>> userRolesMap = new HashMap<>(); // change the List<MSentryRole> -> Map<userName, Set<roleName>> for (MSentryRole mSentryRole : mSentryRoles) { Set<MSentryUser> users = mSentryRole.getUsers(); for (MSentryUser user : users) { String userName = user.getUserName(); Set<String> rNames = userRolesMap.get(userName); if (rNames == null) { rNames = new HashSet<>(); } rNames.add(mSentryRole.getRoleName()); userRolesMap.put(userName, rNames); } } return userRolesMap; }
sentryStore.alterSentryGrantPrivileges(SentryPrincipalType.USER, userName, Sets.newHashSet(privilege), null); MSentryUser user = sentryStore.getMSentryUserByName(userName); Set<MSentryPrivilege> privileges = user.getPrivileges(); assertEquals(privileges.toString(), 1, privileges.size()); privilege.setAction(AccessConstants.SELECT); privileges = user.getPrivileges(); assertEquals(privileges.toString(), 1, privileges.size()); for (MSentryPrivilege mPrivilege : privileges) {
for (MSentryUser user : priv.getUsers()) { TSentryPrivilege tPriv = convertToTSentryPrivilege(priv); if (resultPrivilegeMap.containsKey(user.getUserName())) { resultPrivilegeMap.get(user.getUserName()).add(tPriv); } else { Set<TSentryPrivilege> tPrivSet = Sets.newTreeSet(); tPrivSet.add(tPriv); resultPrivilegeMap.put(user.getUserName(), tPrivSet);
/** * Fail test if user doesn't exist * @param userName User name to checl * @throws Exception */ private void checkUserExists(String userName) throws Exception { assertEquals(userName.toLowerCase(), sentryStore.getMSentryUserByName(userName).getUserName()); }
pUpdate = addPrivilegeEntry (mPriv, TPrivilegePrincipalType.USER, mUser.getUserName(), pUpdate);