@Override public String toString() { StringBuilder sb = new StringBuilder(); for(KeyValue kv: this.parts) { sb.append(kv.getKey() + "=" + kv.getValue() + "->"); } return sb.toString(); } }
private boolean impliesKeyValue(KeyValue policyPart, KeyValue requestPart) { Preconditions.checkState(policyPart.getKey().equalsIgnoreCase(requestPart.getKey()), "Please report, this method should not be called with two different keys"); if(policyPart.getValue().equalsIgnoreCase(SqoopActionConstant.ALL) || policyPart.getValue().equalsIgnoreCase(SqoopActionConstant.ALL_NAME) || policyPart.equals(requestPart)) { return true; } else if (!SqoopActionConstant.NAME.equalsIgnoreCase(policyPart.getKey()) && SqoopActionConstant.ALL.equalsIgnoreCase(requestPart.getValue())) { /* privilege request is to match with any object of given type */ return true; } return false; } }
private boolean impliesKeyValue(KeyValue policyPart, KeyValue requestPart) { Preconditions.checkState(policyPart.getKey().equalsIgnoreCase(requestPart.getKey()), "Please report, this method should not be called with two different keys"); if(policyPart.getValue().equals(IndexerConstants.ALL) || policyPart.equals(requestPart)) { return true; } else if (!PolicyConstants.PRIVILEGE_NAME.equalsIgnoreCase(policyPart.getKey()) && IndexerConstants.ALL.equalsIgnoreCase(requestPart.getValue())) { /* privilege request is to match with any object of given type */ return true; } return false; }
private boolean impliesKeyValue(KeyValue policyPart, KeyValue requestPart) { Preconditions.checkState(policyPart.getKey().equalsIgnoreCase(requestPart.getKey()), "Please report, this method should not be called with two different keys"); if(policyPart.getValue().equals(SearchConstants.ALL) || policyPart.equals(requestPart)) { return true; } else if (!PolicyConstants.PRIVILEGE_NAME.equalsIgnoreCase(policyPart.getKey()) && SearchConstants.ALL.equalsIgnoreCase(requestPart.getValue())) { /* privilege request is to match with any object of given type */ return true; } return false; }
private boolean hasHostWidCard(KeyValue policyPart) { if (policyPart.getKey().equalsIgnoreCase(KafkaAuthorizable.AuthorizableType.HOST.toString()) && policyPart.getValue().equalsIgnoreCase(ALL_HOSTS)) { return true; } return false; }
private boolean impliesKeyValue(KeyValue policyPart, KeyValue requestPart) { Preconditions.checkState(policyPart.getKey().equalsIgnoreCase(requestPart.getKey()), "Please report, this method should not be called with two different keys"); // Host is a special resource, not declared as resource in Kafka. Each Kafka resource can be // authorized based on the host request originated from and to handle this, Sentry uses host as // a resource. Kafka allows using '*' as wildcard for all hosts. '*' however is not a valid // Kafka action. if (hasHostWidCard(policyPart)) { return true; } if (KafkaActionConstant.actionName.equalsIgnoreCase(policyPart.getKey())) { // is action return policyPart.getValue().equalsIgnoreCase(KafkaActionConstant.ALL) || policyPart.equals(requestPart); } else { return policyPart.getValue().equals(requestPart.getValue()); } }
private boolean impliesKeyValue(KeyValue policyPart, KeyValue requestPart) { Preconditions.checkState(policyPart.getKey().equalsIgnoreCase(requestPart.getKey()), "Please report, this method should not be called with two different keys"); if(policyPart.getValue().equals(AccessConstants.ALL) || policyPart.getValue().equalsIgnoreCase("ALL")) { return true; } else if (!PolicyConstants.PRIVILEGE_NAME.equalsIgnoreCase(policyPart.getKey()) && AccessConstants.ALL.equalsIgnoreCase(requestPart.getValue())) { /* privilege request is to match with any object of given type */ return true; } else if (!PolicyConstants.PRIVILEGE_NAME.equalsIgnoreCase(policyPart.getKey()) && AccessConstants.SOME.equalsIgnoreCase(requestPart.getValue())) { /* privilege request is to match with any object of given type */ return true; } else if(policyPart.getKey().equalsIgnoreCase(AuthorizableType.URI.name())) { return impliesURI(policyPart.getValue(), requestPart.getValue()); } return policyPart.equals(requestPart); }
private static Authorizable from(KeyValue keyValue) { String prefix = keyValue.getKey().toLowerCase(); String name = keyValue.getValue(); for (Authorizable.AuthorizableType type : AuthorizableType.values()) { if (prefix.equalsIgnoreCase(type.name())) { return from(type, name); } } throw new NoSuchElementException(String.format("Given AuthorizableType %s does not exists.", prefix)); }
public static SearchModelAuthorizable from(KeyValue keyValue) { String prefix = keyValue.getKey().toLowerCase(); String name = keyValue.getValue().toLowerCase(); for(AuthorizableType type : AuthorizableType.values()) { if(prefix.equalsIgnoreCase(type.name())) { return from(type, name); } } return null; } public static SearchModelAuthorizable from(String s) {
public static SqoopAuthorizable from(KeyValue keyValue) { String prefix = keyValue.getKey().toLowerCase(); String name = keyValue.getValue().toLowerCase(); for (AuthorizableType type : AuthorizableType.values()) { if(prefix.equalsIgnoreCase(type.name())) { return from(type, name); } } return null; }
private List<? extends Authorizable> toAuthorizables(String privilegeStr) { List<Authorizable> authorizables = Lists.newArrayList(); if (privilegeStr == null) { return authorizables; } for (String authorizable : PolicyConstants.AUTHORIZABLE_SPLITTER.split(privilegeStr)) { KeyValue tempKV = new KeyValue(authorizable); final String key = tempKV.getKey(); final String value = tempKV.getValue(); authorizables.add(new Authorizable() { @Override public String getTypeName() { return key; } @Override public String getName() { return value; } }); } return authorizables; }
public static IndexerModelAuthorizable from(KeyValue keyValue) { String prefix = keyValue.getKey().toLowerCase(); String name = keyValue.getValue().toLowerCase(); for(AuthorizableType type : AuthorizableType.values()) { if(prefix.equalsIgnoreCase(type.name())) { return from(type, name); } } return null; } public static IndexerModelAuthorizable from(String s) {
public static KafkaAuthorizable from(KeyValue keyValue) throws ConfigurationException { String prefix = keyValue.getKey().toLowerCase(); String name = keyValue.getValue(); for (AuthorizableType type : AuthorizableType.values()) { if (prefix.equalsIgnoreCase(type.name())) { return from(type, name); } } return null; }
public static DBModelAuthorizable from(KeyValue keyValue) { String prefix = keyValue.getKey().toLowerCase(); String name = keyValue.getValue(); for(AuthorizableType type : AuthorizableType.values()) { if(prefix.equalsIgnoreCase(type.name())) { if (prefix.equalsIgnoreCase(AuthorizableType.URI.toString())) { return from(type, name); } else { return from(type, name.toLowerCase()); } } } return null; } public static DBModelAuthorizable from(String s) {
if (!part.getValue().equals(SearchConstants.ALL)) { return false;
if (!part.getValue().equals(ActionConstant.ALL)) { return false;
/** * For policy and request parts with the same key, ensure that the policy implies the request. In this method, the * keys for both #policyPart and #requestPart are expected to be the same. * * @param policyPart the policy part * @param requestPart the request part * @return true if either * - policy part is {@link Action#ALL}; or * - policy part equals request part; * false otherwise. */ private boolean impliesKeyValue(KeyValue policyPart, KeyValue requestPart) { Preconditions.checkState(policyPart.getKey().equalsIgnoreCase(requestPart.getKey()), String.format("Privilege Key Mismatch: Key %s and %s does not match.", policyPart.getKey (), requestPart.getKey())); // if it is an action, then either the policy part must include ALL, or be the same as the request part. if (ActionConstant.ACTION_NAME.equalsIgnoreCase(policyPart.getKey()) && policyPart.getValue().equalsIgnoreCase(ActionConstant.ALL)) { return true; } // if policy part is not Action#ALL, make sure that the policy and request parts match. return policyPart.equals(requestPart); } }
public static TSentryPrivilege convertToTSentryPrivilege(String privilegeStr) { TSentryPrivilege tSentryPrivilege = new TSentryPrivilege(); for (String authorizable : PolicyConstants.AUTHORIZABLE_SPLITTER.split(privilegeStr)) { KeyValue tempKV = new KeyValue(authorizable); String key = tempKV.getKey(); String value = tempKV.getValue(); if (PolicyFileConstants.PRIVILEGE_SERVER_NAME.equalsIgnoreCase(key)) { tSentryPrivilege.setServerName(value); } else if (PolicyFileConstants.PRIVILEGE_DATABASE_NAME.equalsIgnoreCase(key)) { tSentryPrivilege.setDbName(value); } else if (PolicyFileConstants.PRIVILEGE_TABLE_NAME.equalsIgnoreCase(key)) { tSentryPrivilege.setTableName(value); } else if (PolicyFileConstants.PRIVILEGE_COLUMN_NAME.equalsIgnoreCase(key)) { tSentryPrivilege.setColumnName(value); } else if (PolicyFileConstants.PRIVILEGE_URI_NAME.equalsIgnoreCase(key)) { tSentryPrivilege.setURI(value); } else if (PolicyFileConstants.PRIVILEGE_ACTION_NAME.equalsIgnoreCase(key)) { tSentryPrivilege.setAction(value); } else if (PolicyFileConstants.PRIVILEGE_GRANT_OPTION_NAME.equalsIgnoreCase(key)) { TSentryGrantOption grantOption = "true".equalsIgnoreCase(value) ? TSentryGrantOption.TRUE : TSentryGrantOption.FALSE; tSentryPrivilege.setGrantOption(grantOption); } } tSentryPrivilege.setPrivilegeScope(getPrivilegeScope(tSentryPrivilege)); return tSentryPrivilege; }
public static TSentryPrivilege convertToTSentryPrivilege(String privilegeStr) throws Exception { TSentryPrivilege tSentryPrivilege = new TSentryPrivilege(); for (String authorizable : PolicyConstants.AUTHORIZABLE_SPLITTER.split(privilegeStr)) { KeyValue tempKV = new KeyValue(authorizable); String key = tempKV.getKey(); String value = tempKV.getValue(); if (PolicyFileConstants.PRIVILEGE_SERVER_NAME.equalsIgnoreCase(key)) { tSentryPrivilege.setServerName(value); } else if (PolicyFileConstants.PRIVILEGE_DATABASE_NAME.equalsIgnoreCase(key)) { tSentryPrivilege.setDbName(value); } else if (PolicyFileConstants.PRIVILEGE_TABLE_NAME.equalsIgnoreCase(key)) { tSentryPrivilege.setTableName(value); } else if (PolicyFileConstants.PRIVILEGE_COLUMN_NAME.equalsIgnoreCase(key)) { tSentryPrivilege.setColumnName(value); } else if (PolicyFileConstants.PRIVILEGE_URI_NAME.equalsIgnoreCase(key)) { tSentryPrivilege.setURI(value); } else if (PolicyFileConstants.PRIVILEGE_ACTION_NAME.equalsIgnoreCase(key)) { tSentryPrivilege.setAction(value); } else if (PolicyFileConstants.PRIVILEGE_GRANT_OPTION_NAME.equalsIgnoreCase(key)) { TSentryGrantOption grantOption = "true".equalsIgnoreCase(value) ? TSentryGrantOption.TRUE : TSentryGrantOption.FALSE; tSentryPrivilege.setGrantOption(grantOption); } } tSentryPrivilege.setPrivilegeScope(getPrivilegeScope(tSentryPrivilege)); validatePrivilegeHierarchy(tSentryPrivilege); return tSentryPrivilege; }
KeyValue keyValue = new KeyValue(authorizable); String key = keyValue.getKey(); String value = keyValue.getValue();