public Set<MSentryGMPrivilege> getPrivilegesByAuthorizable(String component, String service, Set<MSentryRole> roles, List<? extends Authorizable> authorizables, PersistenceManager pm) { Set<MSentryGMPrivilege> privilegeGraph = Sets.newHashSet(); if (roles == null || roles.isEmpty()) { return privilegeGraph; } MSentryGMPrivilege parentPrivilege = new MSentryGMPrivilege(component, service, authorizables, null, null); privilegeGraph.addAll(populateIncludePrivileges(roles, parentPrivilege, pm)); return privilegeGraph; }
Set<MSentryGMPrivilege> getPrivilegesByAuthorizable(String component, String service, Set<MSentryRole> roles, List<? extends Authorizable> authorizables, PersistenceManager pm) { Set<MSentryGMPrivilege> privilegeGraph = Sets.newHashSet(); if (roles == null || roles.isEmpty()) { return privilegeGraph; } MSentryGMPrivilege parentPrivilege = new MSentryGMPrivilege(component, service, authorizables, null, null); privilegeGraph.addAll(populateIncludePrivileges(roles, parentPrivilege, pm)); return privilegeGraph; }
String grantorPrincipal, PersistenceManager pm) throws SentryUserException { MSentryGMPrivilege oldPrivilege = new MSentryGMPrivilege(component, service, oldAuthorizables, null, null); oldPrivilege.setAction(getAction(component,Action.ALL).getValue()); authorizables.set(i, newAuthorizables.get(i)); MSentryGMPrivilege newPrivilge = new MSentryGMPrivilege( component,service, authorizables, dropPrivilege.getAction(), dropPrivilege.getGrantOption());
String grantorPrincipal, PersistenceManager pm) throws SentryUserException { MSentryGMPrivilege oldPrivilege = new MSentryGMPrivilege(component, service, oldAuthorizables, null, null); oldPrivilege.setAction(getAction(component,Action.ALL).getValue()); authorizables.set(i, newAuthorizables.get(i)); MSentryGMPrivilege newPrivilge = new MSentryGMPrivilege( component,service, authorizables, dropPrivilege.getAction(), dropPrivilege.getGrantOption());
private MSentryGMPrivilege convertToPrivilege(PrivilegeObject privilege) { return new MSentryGMPrivilege(privilege.getComponent(), privilege.getService(), privilege.getAuthorizables(), privilege.getAction(), privilege.getGrantOption()); }
private MSentryGMPrivilege convertToPrivilege(PrivilegeObject privilege) { return new MSentryGMPrivilege(privilege.getComponent(), privilege.getService(), privilege.getAuthorizables(), privilege.getAction(), privilege.getGrantOption()); }
public Set<PrivilegeObject> getPrivilegesByProvider(String component, String service, Set<MSentryRole> roles, List<? extends Authorizable> authorizables, PersistenceManager pm) { Set<PrivilegeObject> privileges = Sets.newHashSet(); if (roles == null || roles.isEmpty()) { return privileges; } MSentryGMPrivilege parentPrivilege = new MSentryGMPrivilege(component, service, authorizables, null, null); Set<MSentryGMPrivilege> privilegeGraph = Sets.newHashSet(); privilegeGraph.addAll(populateIncludePrivileges(roles, parentPrivilege, pm)); for (MSentryGMPrivilege mPrivilege : privilegeGraph) { privileges.add(new Builder() .setComponent(mPrivilege.getComponentName()) .setService(mPrivilege.getServiceName()) .setAction(mPrivilege.getAction()) .setAuthorizables(mPrivilege.getAuthorizables()) .withGrantOption(mPrivilege.getGrantOption()) .build()); } return privileges; }
Set<PrivilegeObject> getPrivilegesByProvider(String component, String service, Set<MSentryRole> roles, List<? extends Authorizable> authorizables, PersistenceManager pm) { Set<PrivilegeObject> privileges = Sets.newHashSet(); if (roles == null || roles.isEmpty()) { return privileges; } MSentryGMPrivilege parentPrivilege = new MSentryGMPrivilege(component, service, authorizables, null, null); Set<MSentryGMPrivilege> privilegeGraph = Sets.newHashSet(); privilegeGraph.addAll(populateIncludePrivileges(roles, parentPrivilege, pm)); for (MSentryGMPrivilege mPrivilege : privilegeGraph) { privileges.add(new Builder() .setComponent(mPrivilege.getComponentName()) .setService(mPrivilege.getServiceName()) .setAction(mPrivilege.getAction()) .setAuthorizables(mPrivilege.getAuthorizables()) .withGrantOption(mPrivilege.getGrantOption()) .build()); } return privileges; }
@Test public void testValidateAuthorizables() throws Exception { try { new MSentryGMPrivilege("solr", "service1", Arrays.asList(new Collection("c1"), new Field("f1")),SolrConstants.QUERY, false); } catch (IllegalStateException e) { fail("unexpect happend: it is a validated privilege"); } try { new MSentryGMPrivilege("solr", "service1", Arrays.asList(new Collection(""), new Field("f1")),SolrConstants.QUERY, false); fail("unexpect happend: it is not a validated privilege, The empty name of authorizable can't be empty"); } catch (IllegalStateException e) { } try { new MSentryGMPrivilege("solr", "service1", Arrays.asList(null, new Field("f1")),SolrConstants.QUERY, false); fail("unexpect happend: it is not a validated privilege, The authorizable can't be null"); } catch (IllegalStateException e) { } }
@Test public void testValidateAuthorizables() throws Exception { try { new MSentryGMPrivilege("solr", "service1", Arrays.asList(new Collection("c1"), new Field("f1")),SearchConstants.QUERY, false); } catch (IllegalStateException e) { fail("unexpect happend: it is a validated privilege"); } try { new MSentryGMPrivilege("solr", "service1", Arrays.asList(new Collection(""), new Field("f1")),SearchConstants.QUERY, false); fail("unexpect happend: it is not a validated privilege, The empty name of authorizable can't be empty"); } catch (IllegalStateException e) { } try { new MSentryGMPrivilege("solr", "service1", Arrays.asList(null, new Field("f1")),SearchConstants.QUERY, false); fail("unexpect happend: it is not a validated privilege, The authorizable can't be null"); } catch (IllegalStateException e) { } }
public void testSearchImpliesEqualAuthorizable() throws Exception { MSentryGMPrivilege serverPrivilege1 = new MSentryGMPrivilege("solr", "service1", null,SolrConstants.QUERY, false); MSentryGMPrivilege serverPrivilege2 = new MSentryGMPrivilege("solr", "service2", null,SolrConstants.QUERY, false); MSentryGMPrivilege collectionPrivilege1 = new MSentryGMPrivilege("solr", "service1", Arrays.asList(new Collection("c1")), SolrConstants.QUERY, false); MSentryGMPrivilege collectionPrivilege2 = new MSentryGMPrivilege("solr", "service1", Arrays.asList(new Collection("c2")), SolrConstants.QUERY, false); MSentryGMPrivilege fieldPrivilege1 = new MSentryGMPrivilege("solr", "service1", Arrays.asList(new Collection("c1"), new Field("f1")), SolrConstants.QUERY, false); MSentryGMPrivilege fieldPrivilege2 = new MSentryGMPrivilege("solr", "service1", Arrays.asList(new Collection("c1"), new Field("f2")), SolrConstants.QUERY, false);
public void testSearchImpliesEqualAuthorizable() throws Exception { MSentryGMPrivilege serverPrivilege1 = new MSentryGMPrivilege("solr", "service1", null,SearchConstants.QUERY, false); MSentryGMPrivilege serverPrivilege2 = new MSentryGMPrivilege("solr", "service2", null,SearchConstants.QUERY, false); MSentryGMPrivilege collectionPrivilege1 = new MSentryGMPrivilege("solr", "service1", Arrays.asList(new Collection("c1")), SearchConstants.QUERY, false); MSentryGMPrivilege collectionPrivilege2 = new MSentryGMPrivilege("solr", "service1", Arrays.asList(new Collection("c2")), SearchConstants.QUERY, false); MSentryGMPrivilege fieldPrivilege1 = new MSentryGMPrivilege("solr", "service1", Arrays.asList(new Collection("c1"), new Field("f1")), SearchConstants.QUERY, false); MSentryGMPrivilege fieldPrivilege2 = new MSentryGMPrivilege("solr", "service1", Arrays.asList(new Collection("c1"), new Field("f2")), SearchConstants.QUERY, false);
MSentryGMPrivilege serverPrivilege = new MSentryGMPrivilege("solr", "service1", null, SearchConstants.QUERY, false); MSentryGMPrivilege collectionPrivilege = new MSentryGMPrivilege("solr", "service1", Arrays.asList(new Collection("c1")), SearchConstants.QUERY, false); MSentryGMPrivilege fieldPrivilege = new MSentryGMPrivilege("solr", "service1", Arrays.asList(new Collection("c1"), new Field("f1")), SearchConstants.QUERY, false); MSentryGMPrivilege fieldAllPrivilege = new MSentryGMPrivilege("solr", "service1", Arrays.asList(new Collection("c1"), new Field(AccessConstants.ALL)), SearchConstants.QUERY, false); MSentryGMPrivilege fieldPrivilege1 = new MSentryGMPrivilege("solr", "service1", Arrays.asList(new Collection("c1"), new Field("f1")), SearchConstants.QUERY, false); MSentryGMPrivilege fieldPrivilege2 = new MSentryGMPrivilege("solr", "service1", Arrays.asList(new Collection("c2"), new Field("f2")), SearchConstants.QUERY, false);
MSentryGMPrivilege serverPrivilege = new MSentryGMPrivilege("solr", "service1", null, SolrConstants.QUERY, false); MSentryGMPrivilege collectionPrivilege = new MSentryGMPrivilege("solr", "service1", Arrays.asList(new Collection("c1")), SolrConstants.QUERY, false); MSentryGMPrivilege fieldPrivilege = new MSentryGMPrivilege("solr", "service1", Arrays.asList(new Collection("c1"), new Field("f1")), SolrConstants.QUERY, false); MSentryGMPrivilege fieldAllPrivilege = new MSentryGMPrivilege("solr", "service1", Arrays.asList(new Collection("c1"), new Field(AccessConstants.ALL)), SolrConstants.QUERY, false); MSentryGMPrivilege fieldPrivilege1 = new MSentryGMPrivilege("solr", "service1", Arrays.asList(new Collection("c1"), new Field("f1")), SolrConstants.QUERY, false); MSentryGMPrivilege fieldPrivilege2 = new MSentryGMPrivilege("solr", "service1", Arrays.asList(new Collection("c2"), new Field("f2")), SolrConstants.QUERY, false);
@Test public void testImpliesWithServerScope() throws Exception { //The persistent privilege is server scope MSentryGMPrivilege serverPrivilege = new MSentryGMPrivilege("solr", "service1", null,SolrConstants.QUERY, false); MSentryGMPrivilege collectionPrivilege = new MSentryGMPrivilege("solr", "service1", Arrays.asList(new Collection("c1")), SolrConstants.QUERY, false); assertTrue(serverPrivilege.implies(collectionPrivilege)); MSentryGMPrivilege fieldPrivilege = new MSentryGMPrivilege("solr", "service1", Arrays.asList(new Collection("c1"), new Field("f1")), SolrConstants.QUERY, false); assertTrue(serverPrivilege.implies(fieldPrivilege)); assertTrue(collectionPrivilege.implies(fieldPrivilege)); serverPrivilege.setAction(SolrConstants.UPDATE); assertFalse(serverPrivilege.implies(collectionPrivilege)); assertFalse(serverPrivilege.implies(fieldPrivilege)); serverPrivilege.setAction(SolrConstants.ALL); assertTrue(serverPrivilege.implies(collectionPrivilege)); assertTrue(serverPrivilege.implies(fieldPrivilege)); } /**
@Test public void testImpliesWithServerScope() throws Exception { //The persistent privilege is server scope MSentryGMPrivilege serverPrivilege = new MSentryGMPrivilege("solr", "service1", null,SearchConstants.QUERY, false); MSentryGMPrivilege collectionPrivilege = new MSentryGMPrivilege("solr", "service1", Arrays.asList(new Collection("c1")), SearchConstants.QUERY, false); assertTrue(serverPrivilege.implies(collectionPrivilege)); MSentryGMPrivilege fieldPrivilege = new MSentryGMPrivilege("solr", "service1", Arrays.asList(new Collection("c1"), new Field("f1")), SearchConstants.QUERY, false); assertTrue(serverPrivilege.implies(fieldPrivilege)); assertTrue(collectionPrivilege.implies(fieldPrivilege)); serverPrivilege.setAction(SearchConstants.UPDATE); assertFalse(serverPrivilege.implies(collectionPrivilege)); assertFalse(serverPrivilege.implies(fieldPrivilege)); serverPrivilege.setAction(SearchConstants.ALL); assertTrue(serverPrivilege.implies(collectionPrivilege)); assertTrue(serverPrivilege.implies(fieldPrivilege)); } /**
@Test public void testSearchImpliesAction() throws Exception { /** * action is equal */ MSentryGMPrivilege fieldPrivilege1 = new MSentryGMPrivilege("solr", "service1", Arrays.asList(new Collection("c1"), new Field("f2")), SolrConstants.QUERY, false); MSentryGMPrivilege fieldPrivilege2 = new MSentryGMPrivilege("solr", "service1", Arrays.asList(new Collection("c1"), new Field("f2")), SolrConstants.QUERY, false); assertTrue(fieldPrivilege1.implies(fieldPrivilege2)); /** * action isn't equal */ fieldPrivilege2.setAction(SolrConstants.UPDATE); assertFalse(fieldPrivilege1.implies(fieldPrivilege2)); /** * action isn't equal,but the persistent privilege has the ALL action */ fieldPrivilege1.setAction(SolrConstants.ALL); assertTrue(fieldPrivilege1.implies(fieldPrivilege2)); } }
@Test public void testSearchImpliesAction() throws Exception { /** * action is equal */ MSentryGMPrivilege fieldPrivilege1 = new MSentryGMPrivilege("solr", "service1", Arrays.asList(new Collection("c1"), new Field("f2")), SearchConstants.QUERY, false); MSentryGMPrivilege fieldPrivilege2 = new MSentryGMPrivilege("solr", "service1", Arrays.asList(new Collection("c1"), new Field("f2")), SearchConstants.QUERY, false); assertTrue(fieldPrivilege1.implies(fieldPrivilege2)); /** * action isn't equal */ fieldPrivilege2.setAction(SearchConstants.UPDATE); assertFalse(fieldPrivilege1.implies(fieldPrivilege2)); /** * action isn't equal,but the persistent privilege has the ALL action */ fieldPrivilege1.setAction(SearchConstants.ALL); assertTrue(fieldPrivilege1.implies(fieldPrivilege2)); } }
hivePrivilege.setGrantOption(true); MSentryGMPrivilege solrPrivilege = new MSentryGMPrivilege(); solrPrivilege.setComponentName("solr"); solrPrivilege.setServiceName("solr.server1");
hivePrivilege.setGrantOption(true); MSentryGMPrivilege solrPrivilege = new MSentryGMPrivilege(); solrPrivilege.setComponentName("solr"); solrPrivilege.setServiceName("solr.server1");