public MSentryGMPrivilege(MSentryGMPrivilege copy) { this.action = copy.action; this.componentName = copy.componentName; this.serviceName = copy.serviceName; this.grantOption = copy.grantOption; this.scope = copy.scope; this.createTime = copy.createTime; setAuthorizables(copy.getAuthorizables()); this.roles = new HashSet<MSentryRole>(); roles.addAll(copy.roles); }
public MSentryGMPrivilege(MSentryGMPrivilege copy) { this.action = copy.action; this.componentName = copy.componentName; this.serviceName = copy.serviceName; this.grantOption = copy.grantOption; this.scope = copy.scope; this.createTime = copy.createTime; setAuthorizables(copy.getAuthorizables()); this.roles = new HashSet<MSentryRole>(); for (MSentryRole role : copy.roles) { roles.add(role); } }
@Override public String toString() { List<String> unifiedNames = Lists.newArrayList(); for (Authorizable auth : getAuthorizables()) { unifiedNames.add(KV_JOINER.join(auth.getTypeName(),auth.getName())); } return "MSentryGMPrivilege [" + "serverName=" + serviceName + ", componentName=" + componentName + ", authorizables=" + AUTHORIZABLE_JOINER.join(unifiedNames)+ ", scope=" + scope + ", action=" + action + ", roles=[...]" + ", createTime=" + createTime + ", grantOption=" + grantOption +"]"; }
@Override public String toString() { List<String> unifiedNames = Lists.newArrayList(); for (Authorizable auth : getAuthorizables()) { unifiedNames.add(KV_JOINER.join(auth.getTypeName(),auth.getName())); } return "MSentryGMPrivilege [" + "serverName=" + serviceName + ", componentName=" + componentName + ", authorizables=" + AUTHORIZABLE_JOINER.join(unifiedNames)+ ", scope=" + scope + ", action=" + action + ", roles=[...]" + ", createTime=" + createTime + ", grantOption=" + grantOption +"]"; }
@Override public int hashCode() { final int prime = 31; int result = 1; result = prime * result + ((action == null) ? 0 : action.hashCode()); result = prime * result + ((componentName == null) ? 0 : componentName.hashCode()); result = prime * result + ((serviceName == null) ? 0 : serviceName.hashCode()); result = prime * result + ((grantOption == null) ? 0 : grantOption.hashCode()); result = prime * result + ((scope == null) ? 0 : scope.hashCode()); for (Authorizable authorizable : getAuthorizables()) { result = prime * result + authorizable.getName().hashCode(); result = prime * result + authorizable.getTypeName().hashCode(); } return result; }
@Override public int hashCode() { final int prime = 31; int result = 1; result = prime * result + ((action == null) ? 0 : action.hashCode()); result = prime * result + ((componentName == null) ? 0 : componentName.hashCode()); result = prime * result + ((serviceName == null) ? 0 : serviceName.hashCode()); result = prime * result + ((grantOption == null) ? 0 : grantOption.hashCode()); result = prime * result + ((scope == null) ? 0 : scope.hashCode()); for (Authorizable authorizable : getAuthorizables()) { result = prime * result + authorizable.getName().hashCode(); result = prime * result + authorizable.getTypeName().hashCode(); } return result; }
List<? extends Authorizable> authorizables = getAuthorizables(); List<? extends Authorizable> otherAuthorizables = other.getAuthorizables();
List<? extends Authorizable> authorizables = getAuthorizables(); List<? extends Authorizable> other_authorizables = other.getAuthorizables();
/** * Get the query to execute in the JDO deducing privileges include the scope of according to the given privilege * The query was used in three privilege operations: * 1.revoking privilege * 2.renaming privilege * 3.dropping privilege * Take the Solr for example, if there exists three privileges such as p1:Collection=c1->action=query, * p2:Collection=c1->Field=f1->action=query and p3:Collection=c1->Field=f2->action=query. * When the revoking operation happens, the request privilege is p4:Collection=c1->action=query. * The result is that not only p1 should be revoked, but also p2 and p3 should be revoked together. * So the populateIncludePrivilegesQuery should be Collection=c1 * @param privilege * @return query */ public static String populateIncludePrivilegesQuery(MSentryGMPrivilege privilege) { StringBuilder query = new StringBuilder(); query.append("serviceName == \"" + toNULLCol(privilege.getServiceName()) + "\" "); query.append("&& componentName == \"" + toNULLCol(privilege.getComponentName()) + "\" "); List<? extends Authorizable> authorizables = privilege.getAuthorizables(); for (int i= 0 ; i < authorizables.size(); i++) { String resourceName = PREFIX_RESOURCE_NAME + String.valueOf(i); String resourceType = PREFIX_RESOURCE_TYPE + String.valueOf(i); query.append("&& " + resourceName + " == \"" + authorizables.get(i).getName() + "\" "); query.append("&& " + resourceType + " == \"" + authorizables.get(i).getTypeName() + "\" "); } return query.toString(); } }
query.append("&& !grantOption "); List<? extends Authorizable> authorizables = privilege.getAuthorizables(); for (int i = 0; i < AUTHORIZABLE_LEVEL; i++) { String resourceName = PREFIX_RESOURCE_NAME + String.valueOf(i);
.setService(mPrivilege.getServiceName()) .setAction(mPrivilege.getAction()) .setAuthorizables(mPrivilege.getAuthorizables()) .withGrantOption(mPrivilege.getGrantOption()) .build());
public Set<PrivilegeObject> getPrivilegesByProvider(String component, String service, Set<MSentryRole> roles, List<? extends Authorizable> authorizables, PersistenceManager pm) { Set<PrivilegeObject> privileges = Sets.newHashSet(); if (roles == null || roles.isEmpty()) { return privileges; } MSentryGMPrivilege parentPrivilege = new MSentryGMPrivilege(component, service, authorizables, null, null); Set<MSentryGMPrivilege> privilegeGraph = Sets.newHashSet(); privilegeGraph.addAll(populateIncludePrivileges(roles, parentPrivilege, pm)); for (MSentryGMPrivilege mPrivilege : privilegeGraph) { privileges.add(new Builder() .setComponent(mPrivilege.getComponentName()) .setService(mPrivilege.getServiceName()) .setAction(mPrivilege.getAction()) .setAuthorizables(mPrivilege.getAuthorizables()) .withGrantOption(mPrivilege.getGrantOption()) .build()); } return privileges; }
Set<PrivilegeObject> getPrivilegesByProvider(String component, String service, Set<MSentryRole> roles, List<? extends Authorizable> authorizables, PersistenceManager pm) { Set<PrivilegeObject> privileges = Sets.newHashSet(); if (roles == null || roles.isEmpty()) { return privileges; } MSentryGMPrivilege parentPrivilege = new MSentryGMPrivilege(component, service, authorizables, null, null); Set<MSentryGMPrivilege> privilegeGraph = Sets.newHashSet(); privilegeGraph.addAll(populateIncludePrivileges(roles, parentPrivilege, pm)); for (MSentryGMPrivilege mPrivilege : privilegeGraph) { privileges.add(new Builder() .setComponent(mPrivilege.getComponentName()) .setService(mPrivilege.getServiceName()) .setAction(mPrivilege.getAction()) .setAuthorizables(mPrivilege.getAuthorizables()) .withGrantOption(mPrivilege.getGrantOption()) .build()); } return privileges; }
dropPrivilege.getAuthorizables()); for (int i = 0; i < newAuthorizables.size(); i++) { authorizables.set(i, newAuthorizables.get(i));
dropPrivilege.getAuthorizables()); for (int i = 0; i < newAuthorizables.size(); i++) { authorizables.set(i, newAuthorizables.get(i));
.setService(mPrivilege.getServiceName()) .setAction(mPrivilege.getAction()) .setAuthorizables(mPrivilege.getAuthorizables()) .withGrantOption(mPrivilege.getGrantOption()) .build());
paramBuilder.add(COMPONENT_NAME, SentryStore.toNULLCol(privilege.getComponentName()), true); List<? extends Authorizable> authorizables = privilege.getAuthorizables(); int i = 0; for(Authorizable auth: authorizables) {
private TSentryPrivilege toTSentryPrivilege(MSentryGMPrivilege mPrivilege) { TSentryPrivilege tPrivilege = new TSentryPrivilege(mPrivilege.getComponentName(), mPrivilege.getServiceName(), fromAuthorizable(mPrivilege.getAuthorizables()), mPrivilege.getAction()); if (mPrivilege.getGrantOption() == null) { tPrivilege.setGrantOption(TSentryGrantOption.UNSET); } else if (mPrivilege.getGrantOption()) { tPrivilege.setGrantOption(TSentryGrantOption.TRUE); } else { tPrivilege.setGrantOption(TSentryGrantOption.FALSE); } return tPrivilege; }
/** * Return query builder to execute in JDO for search the given privilege * @param privilege Privilege to extract * @return query builder suitable for executing the query */ private static QueryParamBuilder toQueryParam(MSentryGMPrivilege privilege) { QueryParamBuilder paramBuilder = QueryParamBuilder.newQueryParamBuilder(); paramBuilder.add(SERVICE_NAME, SentryStore.toNULLCol(privilege.getServiceName()), true) .add(COMPONENT_NAME, SentryStore.toNULLCol(privilege.getComponentName()), true) .add(SCOPE, SentryStore.toNULLCol(privilege.getScope()), true) .add(ACTION, SentryStore.toNULLCol(privilege.getAction()), true); Boolean grantOption = privilege.getGrantOption(); paramBuilder.addObject(SentryConstants.GRANT_OPTION, grantOption); List<? extends Authorizable> authorizables = privilege.getAuthorizables(); int nAuthorizables = authorizables.size(); for (int i = 0; i < MSentryGMPrivilege.AUTHORIZABLE_LEVEL; i++) { String resourceName = MSentryGMPrivilege.PREFIX_RESOURCE_NAME + String.valueOf(i); String resourceType = MSentryGMPrivilege.PREFIX_RESOURCE_TYPE + String.valueOf(i); if (i >= nAuthorizables) { paramBuilder.addNull(resourceName); paramBuilder.addNull(resourceType); } else { paramBuilder.add(resourceName, authorizables.get(i).getName(), true); paramBuilder.add(resourceType, authorizables.get(i).getTypeName(), true); } } return paramBuilder; }
private TSentryPrivilege toTSentryPrivilege(MSentryGMPrivilege mPrivilege) { TSentryPrivilege tPrivilege = new TSentryPrivilege(mPrivilege.getComponentName(), mPrivilege.getServiceName(), fromAuthorizable(mPrivilege.getAuthorizables()), mPrivilege.getAction()); if (mPrivilege.getGrantOption() == null) { tPrivilege.setGrantOption(TSentryGrantOption.UNSET); } else if (mPrivilege.getGrantOption()) { tPrivilege.setGrantOption(TSentryGrantOption.TRUE); } else { tPrivilege.setGrantOption(TSentryGrantOption.FALSE); } return tPrivilege; }