private TSentryAuthorizable toTSentryAuthorizable( TSentryPrivilege tSentryPrivilege) { TSentryAuthorizable tSentryAuthorizable = new TSentryAuthorizable(); tSentryAuthorizable.setServer(tSentryPrivilege.getServerName()); tSentryAuthorizable.setDb(tSentryPrivilege.getDbName()); tSentryAuthorizable.setTable(tSentryPrivilege.getTableName()); tSentryAuthorizable.setUri(tSentryPrivilege.getURI()); return tSentryAuthorizable; }
case SERVER: if (value == null) { unsetServer(); } else { setServer((String)value); unsetUri(); } else { setUri((String)value); unsetDb(); } else { setDb((String)value); unsetTable(); } else { setTable((String)value); unsetColumn(); } else { setColumn((String)value);
private String getAuthzObj(TSentryAuthorizable authzble) { String authzObj = null; if (!SentryStore.isNULL(authzble.getDb())) { String dbName = authzble.getDb(); String tblName = authzble.getTable(); if (SentryStore.isNULL(tblName)) { authzObj = dbName; } else { authzObj = dbName + "." + tblName; } } return authzObj == null ? null : authzObj.toLowerCase(); } }
@Override public void read(org.apache.thrift.protocol.TProtocol prot, TRenamePrivilegesRequest struct) throws org.apache.thrift.TException { TTupleProtocol iprot = (TTupleProtocol) prot; struct.protocol_version = iprot.readI32(); struct.setProtocol_versionIsSet(true); struct.requestorUserName = iprot.readString(); struct.setRequestorUserNameIsSet(true); struct.oldAuthorizable = new TSentryAuthorizable(); struct.oldAuthorizable.read(iprot); struct.setOldAuthorizableIsSet(true); struct.newAuthorizable = new TSentryAuthorizable(); struct.newAuthorizable.read(iprot); struct.setNewAuthorizableIsSet(true); } }
@Test public void testURI() throws Exception { String roleName = "test-dup-role"; String grantor = "g1"; String uri = "file:///var/folders/dt/9zm44z9s6bjfxbrm4v36lzdc0000gp/T/1401860678102-0/data/kv1.dat"; sentryStore.createSentryRole(roleName); TSentryPrivilege tSentryPrivilege = new TSentryPrivilege("URI", "server1", "ALL"); tSentryPrivilege.setURI(uri); sentryStore.alterSentryRoleGrantPrivilege(grantor, roleName, tSentryPrivilege); TSentryAuthorizable tSentryAuthorizable = new TSentryAuthorizable(); tSentryAuthorizable.setUri(uri); tSentryAuthorizable.setServer("server1"); Set<TSentryPrivilege> privileges = sentryStore.getTSentryPrivileges(new HashSet<String>(Arrays.asList(roleName)), tSentryAuthorizable); assertTrue(privileges.size() == 1); Set<TSentryGroup> tSentryGroups = new HashSet<TSentryGroup>(); tSentryGroups.add(new TSentryGroup("group1")); sentryStore.alterSentryRoleAddGroups(grantor, roleName, tSentryGroups); TSentryActiveRoleSet thriftRoleSet = new TSentryActiveRoleSet(true, new HashSet<String>(Arrays.asList(roleName))); Set<String> privs = sentryStore.listSentryPrivilegesForProvider(new HashSet<String>(Arrays.asList("group1")), thriftRoleSet, tSentryAuthorizable); assertTrue(privs.size()==1); assertTrue(privs.contains("server=server1->uri=" + uri + "->action=all")); }
public TSentryAuthorizable deepCopy() { return new TSentryAuthorizable(this); }
newTable.setTable(table2); sentryStore.renamePrivilege(oldTable, newTable);
@Override public boolean equals(Object that) { if (that == null) return false; if (that instanceof TSentryAuthorizable) return this.equals((TSentryAuthorizable)that); return false; }
@Override public void read(org.apache.thrift.protocol.TProtocol prot, TDropPrivilegesRequest struct) throws org.apache.thrift.TException { TTupleProtocol iprot = (TTupleProtocol) prot; struct.protocol_version = iprot.readI32(); struct.setProtocol_versionIsSet(true); struct.requestorUserName = iprot.readString(); struct.setRequestorUserNameIsSet(true); struct.authorizable = new TSentryAuthorizable(); struct.authorizable.read(iprot); struct.setAuthorizableIsSet(true); } }
/** * Performs a deep copy on <i>other</i>. */ public TRenamePrivilegesRequest(TRenamePrivilegesRequest other) { __isset_bitfield = other.__isset_bitfield; this.protocol_version = other.protocol_version; if (other.isSetRequestorUserName()) { this.requestorUserName = other.requestorUserName; } if (other.isSetOldAuthorizable()) { this.oldAuthorizable = new TSentryAuthorizable(other.oldAuthorizable); } if (other.isSetNewAuthorizable()) { this.newAuthorizable = new TSentryAuthorizable(other.newAuthorizable); } }
newTable.setTable(table2); sentryStore.renamePrivilege(oldTable, newTable);
if (!(this_present_oldAuthorizable && that_present_oldAuthorizable)) return false; if (!this.oldAuthorizable.equals(that.oldAuthorizable)) return false; if (!(this_present_newAuthorizable && that_present_newAuthorizable)) return false; if (!this.newAuthorizable.equals(that.newAuthorizable)) return false;
@VisibleForTesting public static TSentryAuthorizable setupSentryAuthorizable( List<? extends Authorizable> authorizable) { TSentryAuthorizable tSentryAuthorizable = new TSentryAuthorizable(); for (Authorizable authzble : authorizable) { if (authzble.getTypeName().equalsIgnoreCase( DBModelAuthorizable.AuthorizableType.Server.toString())) { tSentryAuthorizable.setServer(authzble.getName()); } else if (authzble.getTypeName().equalsIgnoreCase( DBModelAuthorizable.AuthorizableType.URI.toString())) { tSentryAuthorizable.setUri(authzble.getName()); } else if (authzble.getTypeName().equalsIgnoreCase( DBModelAuthorizable.AuthorizableType.Db.toString())) { tSentryAuthorizable.setDb(authzble.getName()); } else if (authzble.getTypeName().equalsIgnoreCase( DBModelAuthorizable.AuthorizableType.Table.toString())) { tSentryAuthorizable.setTable(authzble.getName()); } else if (authzble.getTypeName().equalsIgnoreCase( DBModelAuthorizable.AuthorizableType.Column.toString())) { tSentryAuthorizable.setColumn(authzble.getName()); } } return tSentryAuthorizable; }
/** * Gets sentry privilege objects for criteria from the persistence layer * @param roleNames : roleNames to look up (required) * @param authHierarchy : filter push down based on auth hierarchy (optional) * @return : Set of thrift sentry privilege objects * @throws SentryNoSuchObjectException */ public Set<TSentryPrivilege> getTSentryPrivileges(Set<String> roleNames, TSentryAuthorizable authHierarchy) throws SentryInvalidInputException { if (authHierarchy.getServer() == null) { throw new SentryInvalidInputException("serverName cannot be null !!"); } if (authHierarchy.getTable() != null && authHierarchy.getDb() == null) { throw new SentryInvalidInputException("dbName cannot be null when tableName is present !!"); } if (authHierarchy.getColumn() != null && authHierarchy.getTable() == null) { throw new SentryInvalidInputException("tableName cannot be null when columnName is present !!"); } if (authHierarchy.getUri() == null && authHierarchy.getDb() == null) { throw new SentryInvalidInputException("One of uri or dbName must not be null !!"); } return convertToTSentryPrivileges(getMSentryPrivileges(roleNames, authHierarchy)); }
case 3: // OLD_AUTHORIZABLE if (schemeField.type == org.apache.thrift.protocol.TType.STRUCT) { struct.oldAuthorizable = new TSentryAuthorizable(); struct.oldAuthorizable.read(iprot); struct.setOldAuthorizableIsSet(true); } else { case 4: // NEW_AUTHORIZABLE if (schemeField.type == org.apache.thrift.protocol.TType.STRUCT) { struct.newAuthorizable = new TSentryAuthorizable(); struct.newAuthorizable.read(iprot); struct.setNewAuthorizableIsSet(true); } else {
/** * Performs a deep copy on <i>other</i>. */ public TDropPrivilegesRequest(TDropPrivilegesRequest other) { __isset_bitfield = other.__isset_bitfield; this.protocol_version = other.protocol_version; if (other.isSetRequestorUserName()) { this.requestorUserName = other.requestorUserName; } if (other.isSetAuthorizable()) { this.authorizable = new TSentryAuthorizable(other.authorizable); } }
newTable.setTable(table2); sentryStore.renamePrivilege(oldTable, newTable);
public boolean equals(TDropPrivilegesRequest that) { if (that == null) return false; boolean this_present_protocol_version = true; boolean that_present_protocol_version = true; if (this_present_protocol_version || that_present_protocol_version) { if (!(this_present_protocol_version && that_present_protocol_version)) return false; if (this.protocol_version != that.protocol_version) return false; } boolean this_present_requestorUserName = true && this.isSetRequestorUserName(); boolean that_present_requestorUserName = true && that.isSetRequestorUserName(); if (this_present_requestorUserName || that_present_requestorUserName) { if (!(this_present_requestorUserName && that_present_requestorUserName)) return false; if (!this.requestorUserName.equals(that.requestorUserName)) return false; } boolean this_present_authorizable = true && this.isSetAuthorizable(); boolean that_present_authorizable = true && that.isSetAuthorizable(); if (this_present_authorizable || that_present_authorizable) { if (!(this_present_authorizable && that_present_authorizable)) return false; if (!this.authorizable.equals(that.authorizable)) return false; } return true; }
sentryStore.alterSentryRoleGrantPrivilege(grantor, roleName, tSentryPrivilege); TSentryAuthorizable tSentryAuthorizable = new TSentryAuthorizable(); tSentryAuthorizable.setDb(dbName); tSentryAuthorizable.setTable(table); tSentryAuthorizable.setColumn(AccessConstants.SOME); tSentryAuthorizable.setServer("server1");