public SentryStoreSchemaInfo(String sentryScriptDir, String dbType) throws SentryUserException { this.sentryScriptDir = sentryScriptDir; this.dbType = dbType; // load upgrade order for the given dbType String upgradeListFile = getSentryStoreScriptDir() + File.separator + VERSION_UPGRADE_LIST + "." + dbType; try { sentrySchemaVersions = SentryUpgradeOrder.readUpgradeGraph(new FileReader(upgradeListFile)); } catch (FileNotFoundException e) { throw new SentryUserException("File " + upgradeListFile + " not found ", e); } catch (IOException e) { throw new SentryUserException("Error reading " + upgradeListFile, e); } }
protected Authorizable getAuthorizable(KeyValue keyValue) throws SentryUserException { if (AuthorizationComponent.KAFKA.equals(component)) { return KafkaModelAuthorizables.from(keyValue); } else if ("SOLR".equals(component)) { return SolrModelAuthorizables.from(keyValue); } else if (AuthorizationComponent.SQOOP.equals(component)) { return SqoopModelAuthorizables.from(keyValue); } else if (AuthorizationComponent.HBASE_INDEXER.equals(component)) { return IndexerModelAuthorizables.from(keyValue); } throw new SentryUserException("Invalid component specified for GenericPrivilegeCoverter: " + component); }
protected Authorizable getAuthorizable(KeyValue keyValue) throws SentryUserException { if (AuthorizationComponent.KAFKA.equals(component)) { return KafkaModelAuthorizables.from(keyValue); } else if ("SOLR".equals(component)) { return SolrModelAuthorizables.from(keyValue); } else if (AuthorizationComponent.SQOOP.equals(component)) { return SqoopModelAuthorizables.from(keyValue); } else if (AuthorizationComponent.HBASE_INDEXER.equals(component)) { return IndexerModelAuthorizables.from(keyValue); } throw new SentryUserException("Invalid component specified for GenericPrivilegeCoverter: " + component); }
private BitFieldAction getAction(String component, String name) throws SentryUserException { BitFieldActionFactory actionFactory = getActionFactory(component); BitFieldAction action = actionFactory.getActionByName(name); if (action == null) { throw new SentryUserException("Can not get BitFieldAction for name: " + name); } return action; }
protected List<PrivilegeValidator> getPrivilegeValidators() throws SentryUserException { if (AuthorizationComponent.KAFKA.equals(component)) { return KafkaPrivilegeModel.getInstance().getPrivilegeValidators(); } else if ("SOLR".equals(component)) { return SolrPrivilegeModel.getInstance().getPrivilegeValidators(); } else if (AuthorizationComponent.SQOOP.equals(component)) { return SqoopPrivilegeModel.getInstance().getPrivilegeValidators(service); } else if (AuthorizationComponent.HBASE_INDEXER.equals(component)) { return IndexerPrivilegeModel.getInstance().getPrivilegeValidators(); } throw new SentryUserException("Invalid component specified for GenericPrivilegeCoverter: " + component); }
protected List<PrivilegeValidator> getPrivilegeValidators() throws SentryUserException { if (AuthorizationComponent.KAFKA.equals(component)) { return KafkaPrivilegeModel.getInstance().getPrivilegeValidators(); } else if ("SOLR".equals(component)) { return SolrPrivilegeModel.getInstance().getPrivilegeValidators(); } else if (AuthorizationComponent.SQOOP.equals(component)) { return SqoopPrivilegeModel.getInstance().getPrivilegeValidators(service); } else if (AuthorizationComponent.HBASE_INDEXER.equals(component)) { return IndexerPrivilegeModel.getInstance().getPrivilegeValidators(); } throw new SentryUserException("Invalid component specified for GenericPrivilegeCoverter: " + component); }
private Subject getSubject(SecurityContext securityContext) throws SentryUserException { String princ = securityContext.getUserPrincipal() != null ? securityContext.getUserPrincipal().getName() : null; KerberosName kerbName = new KerberosName(princ); try { return new Subject(kerbName.getShortName()); } catch (IOException e) { throw new SentryUserException("Unable to get subject", e); } }
@Override public void grantRoleToUsers(String requestorUserName, String roleName, Set<String> users) throws SentryUserException { TAlterSentryRoleAddUsersRequest request = new TAlterSentryRoleAddUsersRequest( ThriftConstants.TSENTRY_SERVICE_VERSION_CURRENT, requestorUserName, roleName, users); try { TAlterSentryRoleAddUsersResponse response = client.alter_sentry_role_add_users(request); Status.throwIfNotOk(response.getStatus()); } catch (TException e) { throw new SentryUserException(THRIFT_EXCEPTION_MESSAGE, e); } }
@Override public void revokeRoleFromUsers(String requestorUserName, String roleName, Set<String> users) throws SentryUserException { TAlterSentryRoleDeleteUsersRequest request = new TAlterSentryRoleDeleteUsersRequest( ThriftConstants.TSENTRY_SERVICE_VERSION_CURRENT, requestorUserName, roleName, users); try { TAlterSentryRoleDeleteUsersResponse response = client.alter_sentry_role_delete_users(request); Status.throwIfNotOk(response.getStatus()); } catch (TException e) { throw new SentryUserException(THRIFT_EXCEPTION_MESSAGE, e); } }
public long syncNotifications(long id) throws SentryUserException { TSentrySyncIDRequest request = new TSentrySyncIDRequest(ThriftConstants.TSENTRY_SERVICE_VERSION_CURRENT, id); try { TSentrySyncIDResponse response = client.sentry_sync_notifications(request); Status.throwIfNotOk(response.getStatus()); return response.getId(); } catch (TException e) { throw new SentryUserException(THRIFT_EXCEPTION_MESSAGE, e); } }
@Override public void grantRoleToGroups(String requestorUserName, String roleName, Set<String> groups) throws SentryUserException { TAlterSentryRoleAddGroupsRequest request = new TAlterSentryRoleAddGroupsRequest( ThriftConstants.TSENTRY_SERVICE_VERSION_CURRENT, requestorUserName, roleName, convert2TGroups(groups)); try { TAlterSentryRoleAddGroupsResponse response = client.alter_sentry_role_add_groups(request); Status.throwIfNotOk(response.getStatus()); } catch (TException e) { throw new SentryUserException(THRIFT_EXCEPTION_MESSAGE, e); } }
@Override public void revokeRoleFromGroups(String requestorUserName, String roleName, Set<String> groups) throws SentryUserException { TAlterSentryRoleDeleteGroupsRequest request = new TAlterSentryRoleDeleteGroupsRequest( ThriftConstants.TSENTRY_SERVICE_VERSION_CURRENT, requestorUserName, roleName, convert2TGroups(groups)); try { TAlterSentryRoleDeleteGroupsResponse response = client.alter_sentry_role_delete_groups(request); Status.throwIfNotOk(response.getStatus()); } catch (TException e) { throw new SentryUserException(THRIFT_EXCEPTION_MESSAGE, e); } }
@Override public void dropPrivileges(String requestorUserName, List<? extends Authorizable> authorizableObjects) throws SentryUserException { TSentryAuthorizable tSentryAuthorizable = setupSentryAuthorizable(authorizableObjects); TDropPrivilegesRequest request = new TDropPrivilegesRequest( ThriftConstants.TSENTRY_SERVICE_VERSION_CURRENT, requestorUserName, tSentryAuthorizable); try { TDropPrivilegesResponse response = client.drop_sentry_privilege(request); Status.throwIfNotOk(response.getStatus()); } catch (TException e) { throw new SentryUserException(THRIFT_EXCEPTION_MESSAGE, e); } }
@Override public void renamePrivileges(String requestorUserName, List<? extends Authorizable> oldAuthorizables, List<? extends Authorizable> newAuthorizables) throws SentryUserException { TSentryAuthorizable tOldSentryAuthorizable = setupSentryAuthorizable(oldAuthorizables); TSentryAuthorizable tNewSentryAuthorizable = setupSentryAuthorizable(newAuthorizables); TRenamePrivilegesRequest request = new TRenamePrivilegesRequest( ThriftConstants.TSENTRY_SERVICE_VERSION_CURRENT, requestorUserName, tOldSentryAuthorizable, tNewSentryAuthorizable); try { TRenamePrivilegesResponse response = client .rename_sentry_privilege(request); Status.throwIfNotOk(response.getStatus()); } catch (TException e) { throw new SentryUserException(THRIFT_EXCEPTION_MESSAGE, e); } }
@Override public void createRole(String requestorUserName, String roleName) throws SentryUserException { TCreateSentryRoleRequest request = new TCreateSentryRoleRequest(); request.setProtocol_version(ThriftConstants.TSENTRY_SERVICE_VERSION_CURRENT); request.setRequestorUserName(requestorUserName); request.setRoleName(roleName); try { TCreateSentryRoleResponse response = client.create_sentry_role(request); Status.throwIfNotOk(response.getStatus()); } catch (TException e) { throw new SentryUserException(THRIFT_EXCEPTION_MESSAGE, e); } }
@Override public Map<String, Set<TSentryPrivilege>> listAllRolesPrivileges(String requestorUserName) throws SentryUserException { TSentryPrivilegesRequest request = new TSentryPrivilegesRequest(); request.setProtocol_version(ThriftConstants.TSENTRY_SERVICE_VERSION_CURRENT); request.setRequestorUserName(requestorUserName); try { TSentryPrivilegesResponse response = client.list_roles_privileges(request); Status.throwIfNotOk(response.getStatus()); return response.getPrivilegesMap(); } catch (TException e) { throw new SentryUserException(THRIFT_EXCEPTION_MESSAGE, e); } }
@Override public Map<String, Set<TSentryPrivilege>> listAllUsersPrivileges(String requestorUserName) throws SentryUserException { TSentryPrivilegesRequest request = new TSentryPrivilegesRequest(); request.setProtocol_version(ThriftConstants.TSENTRY_SERVICE_VERSION_CURRENT); request.setRequestorUserName(requestorUserName); try { TSentryPrivilegesResponse response = client.list_users_privileges(request); Status.throwIfNotOk(response.getStatus()); return response.getPrivilegesMap(); } catch (TException e) { throw new SentryUserException(THRIFT_EXCEPTION_MESSAGE, e); } } }
private void revokePrivilegesCore(String requestorUserName, String roleName, Set<TSentryPrivilege> privileges) throws SentryUserException { TAlterSentryRoleRevokePrivilegeRequest request = new TAlterSentryRoleRevokePrivilegeRequest(); request.setProtocol_version(ThriftConstants.TSENTRY_SERVICE_VERSION_CURRENT); request.setRequestorUserName(requestorUserName); request.setRoleName(roleName); request.setPrivileges(privileges); try { TAlterSentryRoleRevokePrivilegeResponse response = client.alter_sentry_role_revoke_privilege( request); Status.throwIfNotOk(response.getStatus()); } catch (TException e) { throw new SentryUserException(THRIFT_EXCEPTION_MESSAGE, e); } }
private Set<TSentryPrivilege> grantPrivilegesCore(String requestorUserName, String roleName, Set<TSentryPrivilege> privileges) throws SentryUserException { TAlterSentryRoleGrantPrivilegeRequest request = new TAlterSentryRoleGrantPrivilegeRequest(); request.setProtocol_version(ThriftConstants.TSENTRY_SERVICE_VERSION_CURRENT); request.setRequestorUserName(requestorUserName); request.setRoleName(roleName); request.setPrivileges(privileges); try { TAlterSentryRoleGrantPrivilegeResponse response = client.alter_sentry_role_grant_privilege(request); Status.throwIfNotOk(response.getStatus()); return response.getPrivileges(); } catch (TException e) { throw new SentryUserException(THRIFT_EXCEPTION_MESSAGE, e); } }
private void dropRole(String requestorUserName, String roleName, boolean ifExists) throws SentryUserException { TDropSentryRoleRequest request = new TDropSentryRoleRequest(); request.setProtocol_version(ThriftConstants.TSENTRY_SERVICE_VERSION_CURRENT); request.setRequestorUserName(requestorUserName); request.setRoleName(roleName); try { TDropSentryRoleResponse response = client.drop_sentry_role(request); Status status = Status.fromCode(response.getStatus().getValue()); if (ifExists && status == Status.NO_SUCH_OBJECT) { return; } Status.throwIfNotOk(response.getStatus()); } catch (TException e) { throw new SentryUserException(THRIFT_EXCEPTION_MESSAGE, e); } }