public Object getFieldValue(_Fields field) { switch (field) { case ROLE_NAME: return getRoleName(); case GROUPS: return getGroups(); case GRANTOR_PRINCIPAL: return getGrantorPrincipal(); } throw new IllegalStateException(); }
private Set<String> convertToRoleNameSet(Set<TSentryRole> tSentryRoles) { Set<String> roleNameSet = Sets.newHashSet(); for (TSentryRole role : tSentryRoles) { roleNameSet.add(role.getRoleName()); } return roleNameSet; }
private static ActiveRoleSet parseActiveRoleSet(String name, Set<TSentryRole> allowedRoles) throws SentryUserException { // if unset, then we choose the default of ALL if (name.isEmpty()) { return ActiveRoleSet.ALL; } else if (AccessConstants.NONE_ROLE.equalsIgnoreCase(name)) { return new ActiveRoleSet(new HashSet<String>()); } else if (AccessConstants.ALL_ROLE.equalsIgnoreCase(name)) { return ActiveRoleSet.ALL; } else if (AccessConstants.RESERVED_ROLE_NAMES.contains(name.toUpperCase())) { String msg = "Role " + name + " is reserved"; throw new IllegalArgumentException(msg); } else { if (allowedRoles != null) { // check if the user has been granted the role boolean foundRole = false; for (TSentryRole role : allowedRoles) { if (role.getRoleName().equalsIgnoreCase(name)) { foundRole = true; break; } } if (!foundRole) { //Set the reason for hive binding to pick up throw new SentryUserException("Not authorized to set role " + name, "Not authorized to set role " + name); } } return new ActiveRoleSet(Sets.newHashSet(ROLE_SET_SPLITTER.split(name))); } }
@Override public void runTestAsSubject() throws Exception { String requestorUserName = ADMIN_USER; Set<String> requestorUserGroupNames = Sets.newHashSet(ADMIN_GROUP); String roleName = "admin_r"; setLocalGroupMapping(requestorUserName, requestorUserGroupNames); writePolicyFile(); client.dropRoleIfExists(requestorUserName, roleName); client.createRole(requestorUserName, roleName); Set<TSentryRole> roles = client.listAllRoles(requestorUserName); assertEquals("Incorrect number of roles", 1, roles.size()); for (TSentryRole role:roles) { assertTrue(role.getRoleName(), role.getRoleName().equalsIgnoreCase(roleName)); } client.dropRole(requestorUserName, roleName); }}); }
@Override public void runTestAsSubject() throws Exception { if (client != null) { Set<TSentryRole> tRoles = client.listAllRoles(ADMIN_USER); if (tRoles != null) { for (TSentryRole tRole : tRoles) { client.dropRole(ADMIN_USER, tRole.getRoleName()); } } client.close(); } } });
assertEquals(1, roles.size()); for (TSentryRole role : roles) { assertTrue(roleName1.equals(role.getRoleName())); assertEquals(2, roles.size()); for (TSentryRole role : roles) { assertTrue(roleName2.equals(role.getRoleName()) || roleName3.equals(role.getRoleName())); assertEquals(1, roles.size()); for (TSentryRole role : roles) { assertTrue(roleName2.equals(role.getRoleName())); assertEquals(1, roles.size()); for (TSentryRole role : roles) { assertTrue(roleName3.equals(role.getRoleName()));
@Override public void runTestAsSubject() throws Exception { String requestorUserName = ADMIN_USER; Set<String> requestorUserGroupNames = Sets.newHashSet(ADMIN_GROUP); String roleName = "admin_testdb"; String groupName = "group1"; setLocalGroupMapping(requestorUserName, requestorUserGroupNames); writePolicyFile(); client.dropRoleIfExists(requestorUserName, roleName); client.createRole(requestorUserName, roleName); Set<TSentryRole> roles = client.listAllRoles(requestorUserName); assertEquals("Incorrect number of roles", 1, roles.size()); client.grantRoleToGroup(requestorUserName, groupName, roleName); Set<TSentryRole> groupRoles = client.listRolesByGroupName(requestorUserName, groupName); assertTrue(groupRoles.size() == 1); for (TSentryRole role:groupRoles) { assertTrue(role.getRoleName(), role.getRoleName().equalsIgnoreCase(roleName)); assertTrue(role.getGroups().size() == 1); for (TSentryGroup group :role.getGroups()) { assertTrue(group.getGroupName(), group.getGroupName().equalsIgnoreCase(groupName)); } } client.dropRole(requestorUserName, roleName); }}); }
@Override public void runTestAsSubject() throws Exception { Configuration confWithSmallMaxMsgSize = new Configuration(SentryServiceIntegrationBase.conf); confWithSmallMaxMsgSize.setLong(ServiceConstants.ServerConfig.SENTRY_POLICY_SERVER_THRIFT_MAX_MESSAGE_SIZE, 50); stopSentryService(); // create a server with a small max thrift message size SentryServiceIntegrationBase.server = SentryServiceFactory.create(confWithSmallMaxMsgSize); SentryServiceIntegrationBase.startSentryService(); setLocalGroupMapping(SentryServiceIntegrationBase.ADMIN_USER, REQUESTER_USER_GROUP_NAMES); writePolicyFile(); // client can talk with server when message size is smaller. client.listAllRoles(SentryServiceIntegrationBase.ADMIN_USER); client.createRole(SentryServiceIntegrationBase.ADMIN_USER, ROLE_NAME); boolean exceptionThrown = false; try { // client throws exception when message size is larger than the server's thrift max message size. client.grantServerPrivilege(SentryServiceIntegrationBase.ADMIN_USER, ROLE_NAME, "server", false); } catch (SentryUserException e) { exceptionThrown = true; Assert.assertTrue(e.getCause().getMessage().contains("org.apache.thrift.transport.TTransportException")); } finally { Assert.assertEquals(true, exceptionThrown); } // client can still talk with sentry server when message size is smaller. Set<TSentryRole> roles = client.listAllRoles(SentryServiceIntegrationBase.ADMIN_USER); Assert.assertTrue(roles.size() == 1); Assert.assertEquals(ROLE_NAME, roles.iterator().next().getRoleName()); } });
assertEquals(2, roles.size()); for (TSentryRole role : roles) { assertTrue(roleName2.equals(role.getRoleName()) || roleName3.equals(role.getRoleName())); assertEquals(1, roles.size()); for (TSentryRole role : roles) { assertTrue(roleName2.equals(role.getRoleName())); assertEquals(1, roles.size()); for (TSentryRole role : roles) { assertTrue(roleName3.equals(role.getRoleName())); assertEquals(1, roles.size()); for (TSentryRole role : roles) { assertTrue(roleName2.equals(role.getRoleName()));