privileges.add(new Builder() .setComponent(mPrivilege.getComponentName()) .setService(mPrivilege.getServiceName())
Set<PrivilegeObject> getPrivilegesByProvider(String component, String service, Set<MSentryRole> roles, List<? extends Authorizable> authorizables, PersistenceManager pm) { Set<PrivilegeObject> privileges = Sets.newHashSet(); if (roles == null || roles.isEmpty()) { return privileges; } MSentryGMPrivilege parentPrivilege = new MSentryGMPrivilege(component, service, authorizables, null, null); Set<MSentryGMPrivilege> privilegeGraph = Sets.newHashSet(); privilegeGraph.addAll(populateIncludePrivileges(roles, parentPrivilege, pm)); for (MSentryGMPrivilege mPrivilege : privilegeGraph) { privileges.add(new Builder() .setComponent(mPrivilege.getComponentName()) .setService(mPrivilege.getServiceName()) .setAction(mPrivilege.getAction()) .setAuthorizables(mPrivilege.getAuthorizables()) .withGrantOption(mPrivilege.getGrantOption()) .build()); } return privileges; }
public Set<PrivilegeObject> getPrivilegesByProvider(String component, String service, Set<MSentryRole> roles, List<? extends Authorizable> authorizables, PersistenceManager pm) { Set<PrivilegeObject> privileges = Sets.newHashSet(); if (roles == null || roles.isEmpty()) { return privileges; } MSentryGMPrivilege parentPrivilege = new MSentryGMPrivilege(component, service, authorizables, null, null); Set<MSentryGMPrivilege> privilegeGraph = Sets.newHashSet(); privilegeGraph.addAll(populateIncludePrivileges(roles, parentPrivilege, pm)); for (MSentryGMPrivilege mPrivilege : privilegeGraph) { privileges.add(new Builder() .setComponent(mPrivilege.getComponentName()) .setService(mPrivilege.getServiceName()) .setAction(mPrivilege.getAction()) .setAuthorizables(mPrivilege.getAuthorizables()) .withGrantOption(mPrivilege.getGrantOption()) .build()); } return privileges; }
PrivilegeObject queryPrivilege = new Builder() .setComponent(SEARCH) .setAction(SolrConstants.QUERY)
PrivilegeObject queryPrivilege = new Builder() .setComponent(component) .setAction(SearchConstants.QUERY) sentryStore.getPrivilegesByRole(component, Sets.newHashSet(roleName))); PrivilegeObject queryPrivilegeWithOption = new Builder() .setComponent(component) .setAction(SearchConstants.QUERY) sentryStore.getPrivilegesByRole(component, Sets.newHashSet(roleName))); PrivilegeObject queryPrivilegeWithNoOption = new Builder() .setComponent(component) .setAction(SearchConstants.QUERY)
PrivilegeObject queryPrivilege = new Builder() .setComponent(component) .setAction(SolrConstants.QUERY) sentryStore.getPrivilegesByRole(component, Sets.newHashSet(roleName))); PrivilegeObject queryPrivilegeWithOption = new Builder() .setComponent(component) .setAction(SolrConstants.QUERY) sentryStore.getPrivilegesByRole(component, Sets.newHashSet(roleName))); PrivilegeObject queryPrivilegeWithNoOption = new Builder() .setComponent(component) .setAction(SolrConstants.QUERY)
PrivilegeObject queryPrivilege = new Builder() .setComponent(SEARCH) .setAction(SolrConstants.QUERY) .build(); PrivilegeObject updatePrivilege = new Builder(queryPrivilege) .setAction(SolrConstants.UPDATE) .build(); PrivilegeObject allPrivilege = new Builder(queryPrivilege) .setAction(SolrConstants.ALL) .build();
PrivilegeObject queryPrivilege = new Builder() .setComponent(SEARCH) .setAction(SearchConstants.QUERY) .build(); PrivilegeObject updatePrivilege = new Builder(queryPrivilege) .setAction(SearchConstants.UPDATE) .build(); PrivilegeObject allPrivilege = new Builder(queryPrivilege) .setAction(SearchConstants.ALL) .build();
privileges.add(new Builder() .setComponent(mPrivilege.getComponentName()) .setService(mPrivilege.getServiceName())
PrivilegeObject allPrivilege = new Builder() .setComponent(SEARCH) .setAction(SolrConstants.ALL) PrivilegeObject updatePrivilege = new Builder(allPrivilege) .setAction(SolrConstants.UPDATE) .build(); PrivilegeObject queryPrivilege = new Builder(allPrivilege) .setAction(SolrConstants.QUERY) .build();
PrivilegeObject allPrivilege = new Builder() .setComponent(SEARCH) .setAction(SearchConstants.ALL) PrivilegeObject updatePrivilege = new Builder(allPrivilege) .setAction(SearchConstants.UPDATE) .build(); PrivilegeObject queryPrivilege = new Builder(allPrivilege) .setAction(SearchConstants.QUERY) .build();
@Test public void testGrantWithGrantOption() throws Exception { addGroupsToUser(GRANT_OPTION_USER, GRANT_OPTION_GROUP); addGroupsToUser(NO_GRANT_OPTION_USER, NO_GRANT_OPTION_GROUP); writePolicyFile(); String roleName1 = "r1"; String grantor = "g1"; sentryStore.createRole(SEARCH, roleName1, grantor); /** * grant query privilege to role r1 with grant option */ PrivilegeObject queryPrivilege = new Builder() .setComponent(SEARCH) .setAction(SolrConstants.QUERY) .setService(SERVICE) .setAuthorizables(Arrays.asList(new Collection(COLLECTION_NAME))) .withGrantOption(true) .build(); sentryStore.alterRoleGrantPrivilege(SEARCH, roleName1, queryPrivilege,ADMIN_USER); sentryStore.alterRoleAddGroups(SEARCH, roleName1, Sets.newHashSet(GRANT_OPTION_GROUP), grantor); /** * the user with grant option grant query privilege to rolr r2 */ String roleName2 = "r2"; sentryStore.createRole(SEARCH, roleName2, grantor); sentryStore.alterRoleGrantPrivilege(SEARCH, roleName2, queryPrivilege, GRANT_OPTION_USER); assertEquals(Sets.newHashSet(queryPrivilege), sentryStore.getPrivilegesByRole(SEARCH, Sets.newHashSet(roleName2))); }
@Test public void testGrantWithGrantOption() throws Exception { addGroupsToUser(GRANT_OPTION_USER, GRANT_OPTION_GROUP); addGroupsToUser(NO_GRANT_OPTION_USER, NO_GRANT_OPTION_GROUP); writePolicyFile(); String roleName1 = "r1"; String grantor = "g1"; sentryStore.createRole(SEARCH, roleName1, grantor); /** * grant query privilege to role r1 with grant option */ PrivilegeObject queryPrivilege = new Builder() .setComponent(SEARCH) .setAction(SearchConstants.QUERY) .setService(SERVICE) .setAuthorizables(Arrays.asList(new Collection(COLLECTION_NAME))) .withGrantOption(true) .build(); sentryStore.alterRoleGrantPrivilege(SEARCH, roleName1, queryPrivilege,ADMIN_USER); sentryStore.alterRoleAddGroups(SEARCH, roleName1, Sets.newHashSet(GRANT_OPTION_GROUP), grantor); /** * the user with grant option grant query privilege to rolr r2 */ String roleName2 = "r2"; sentryStore.createRole(SEARCH, roleName2, grantor); sentryStore.alterRoleGrantPrivilege(SEARCH, roleName2, queryPrivilege, GRANT_OPTION_USER); assertEquals(Sets.newHashSet(queryPrivilege), sentryStore.getPrivilegesByRole(SEARCH, Sets.newHashSet(roleName2))); }
@Test public void testGetPrivilegesByRoleName() throws Exception { String roleName1 = "r1"; String roleName2 = "r2"; String grantor = "g1"; PrivilegeObject queryPrivilege = new Builder() .setComponent(SEARCH) .setAction(SearchConstants.QUERY) .setService(SERVICE) .setAuthorizables(Arrays.asList(new Collection(COLLECTION_NAME))) .build(); sentryStore.createRole(SEARCH, roleName1, grantor); sentryStore.alterRoleGrantPrivilege(SEARCH, roleName1, queryPrivilege, ADMIN_USER); PrivilegeObject updatePrivilege = new Builder() .setComponent(SEARCH) .setAction(SearchConstants.QUERY) .setService(SERVICE) .setAuthorizables(Arrays.asList(new Collection(COLLECTION_NAME))) .build(); sentryStore.createRole(SEARCH, roleName2, grantor); sentryStore.alterRoleGrantPrivilege(SEARCH, roleName2, updatePrivilege, ADMIN_USER); assertEquals(Sets.newHashSet(queryPrivilege,updatePrivilege), sentryStore.getPrivilegesByRole(SEARCH, Sets.newHashSet(roleName1,roleName2))); }
@Test public void testGetPrivilegesByRoleName() throws Exception { String roleName1 = "r1"; String roleName2 = "r2"; String grantor = "g1"; PrivilegeObject queryPrivilege = new Builder() .setComponent(SEARCH) .setAction(SolrConstants.QUERY) .setService(SERVICE) .setAuthorizables(Arrays.asList(new Collection(COLLECTION_NAME))) .build(); sentryStore.createRole(SEARCH, roleName1, grantor); sentryStore.alterRoleGrantPrivilege(SEARCH, roleName1, queryPrivilege, ADMIN_USER); PrivilegeObject updatePrivilege = new Builder() .setComponent(SEARCH) .setAction(SolrConstants.QUERY) .setService(SERVICE) .setAuthorizables(Arrays.asList(new Collection(COLLECTION_NAME))) .build(); sentryStore.createRole(SEARCH, roleName2, grantor); sentryStore.alterRoleGrantPrivilege(SEARCH, roleName2, updatePrivilege, ADMIN_USER); assertEquals(Sets.newHashSet(queryPrivilege,updatePrivilege), sentryStore.getPrivilegesByRole(SEARCH, Sets.newHashSet(roleName1,roleName2))); }
private PrivilegeObject toPrivilegeObject(TSentryPrivilege tSentryPrivilege) { Boolean grantOption; if (tSentryPrivilege.getGrantOption().equals(TSentryGrantOption.TRUE)) { grantOption = true; } else if (tSentryPrivilege.getGrantOption().equals(TSentryGrantOption.FALSE)) { grantOption = false; } else { grantOption = null; } return new Builder().setComponent(tSentryPrivilege.getComponent()) .setService(tSentryPrivilege.getServiceName()) .setAuthorizables(toAuthorizables(tSentryPrivilege.getAuthorizables())) .setAction(tSentryPrivilege.getAction()) .withGrantOption(grantOption) .build(); }
private PrivilegeObject toPrivilegeObject(TSentryPrivilege tSentryPrivilege) { Boolean grantOption; if (tSentryPrivilege.getGrantOption().equals(TSentryGrantOption.TRUE)) { grantOption = true; } else if (tSentryPrivilege.getGrantOption().equals(TSentryGrantOption.FALSE)) { grantOption = false; } else { grantOption = null; } return new Builder().setComponent(tSentryPrivilege.getComponent()) .setService(tSentryPrivilege.getServiceName()) .setAuthorizables(toAuthorizables(tSentryPrivilege.getAuthorizables())) .setAction(tSentryPrivilege.getAction()) .withGrantOption(grantOption) .build(); }