/** * Get the query to execute in the JDO deducing privileges include the scope of according to the given privilege * The query was used in three privilege operations: * 1.revoking privilege * 2.renaming privilege * 3.dropping privilege * Take the Solr for example, if there exists three privileges such as p1:Collection=c1->action=query, * p2:Collection=c1->Field=f1->action=query and p3:Collection=c1->Field=f2->action=query. * When the revoking operation happens, the request privilege is p4:Collection=c1->action=query. * The result is that not only p1 should be revoked, but also p2 and p3 should be revoked together. * So the populateIncludePrivilegesQuery should be Collection=c1 * @param privilege * @return query */ public static String populateIncludePrivilegesQuery(MSentryGMPrivilege privilege) { StringBuilder query = new StringBuilder(); query.append("serviceName == \"" + toNULLCol(privilege.getServiceName()) + "\" "); query.append("&& componentName == \"" + toNULLCol(privilege.getComponentName()) + "\" "); List<? extends Authorizable> authorizables = privilege.getAuthorizables(); for (int i= 0 ; i < authorizables.size(); i++) { String resourceName = PREFIX_RESOURCE_NAME + String.valueOf(i); String resourceType = PREFIX_RESOURCE_TYPE + String.valueOf(i); query.append("&& " + resourceName + " == \"" + authorizables.get(i).getName() + "\" "); query.append("&& " + resourceType + " == \"" + authorizables.get(i).getTypeName() + "\" "); } return query.toString(); } }
StringBuilder query = new StringBuilder(); query.append("serviceName == \"" + toNULLCol(privilege.getServiceName()) + "\" "); query.append("&& componentName == \"" + toNULLCol(privilege.getComponentName()) + "\" "); query.append("&& scope == \"" + toNULLCol(privilege.getScope()) + "\" "); query.append("&& action == \"" + toNULLCol(privilege.getAction()) + "\"");
if (!componentName.equals(request.getComponentName())) { return false;
if (!componentName.equals(request.getComponentName())) { return false;
.setComponent(mPrivilege.getComponentName()) .setService(mPrivilege.getServiceName()) .setAction(mPrivilege.getAction())
public Set<PrivilegeObject> getPrivilegesByProvider(String component, String service, Set<MSentryRole> roles, List<? extends Authorizable> authorizables, PersistenceManager pm) { Set<PrivilegeObject> privileges = Sets.newHashSet(); if (roles == null || roles.isEmpty()) { return privileges; } MSentryGMPrivilege parentPrivilege = new MSentryGMPrivilege(component, service, authorizables, null, null); Set<MSentryGMPrivilege> privilegeGraph = Sets.newHashSet(); privilegeGraph.addAll(populateIncludePrivileges(roles, parentPrivilege, pm)); for (MSentryGMPrivilege mPrivilege : privilegeGraph) { privileges.add(new Builder() .setComponent(mPrivilege.getComponentName()) .setService(mPrivilege.getServiceName()) .setAction(mPrivilege.getAction()) .setAuthorizables(mPrivilege.getAuthorizables()) .withGrantOption(mPrivilege.getGrantOption()) .build()); } return privileges; }
Set<PrivilegeObject> getPrivilegesByProvider(String component, String service, Set<MSentryRole> roles, List<? extends Authorizable> authorizables, PersistenceManager pm) { Set<PrivilegeObject> privileges = Sets.newHashSet(); if (roles == null || roles.isEmpty()) { return privileges; } MSentryGMPrivilege parentPrivilege = new MSentryGMPrivilege(component, service, authorizables, null, null); Set<MSentryGMPrivilege> privilegeGraph = Sets.newHashSet(); privilegeGraph.addAll(populateIncludePrivileges(roles, parentPrivilege, pm)); for (MSentryGMPrivilege mPrivilege : privilegeGraph) { privileges.add(new Builder() .setComponent(mPrivilege.getComponentName()) .setService(mPrivilege.getServiceName()) .setAction(mPrivilege.getAction()) .setAuthorizables(mPrivilege.getAuthorizables()) .withGrantOption(mPrivilege.getGrantOption()) .build()); } return privileges; }
for (MSentryGMPrivilege mPrivilege : mPrivileges) { privileges.add(new Builder() .setComponent(mPrivilege.getComponentName()) .setService(mPrivilege.getServiceName()) .setAction(mPrivilege.getAction())
QueryParamBuilder paramBuilder = QueryParamBuilder.newQueryParamBuilder(); paramBuilder.add(SERVICE_NAME, SentryStore.toNULLCol(privilege.getServiceName()), true); paramBuilder.add(COMPONENT_NAME, SentryStore.toNULLCol(privilege.getComponentName()), true);
/** * Return query builder to execute in JDO for search the given privilege * @param privilege Privilege to extract * @return query builder suitable for executing the query */ private static QueryParamBuilder toQueryParam(MSentryGMPrivilege privilege) { QueryParamBuilder paramBuilder = QueryParamBuilder.newQueryParamBuilder(); paramBuilder.add(SERVICE_NAME, SentryStore.toNULLCol(privilege.getServiceName()), true) .add(COMPONENT_NAME, SentryStore.toNULLCol(privilege.getComponentName()), true) .add(SCOPE, SentryStore.toNULLCol(privilege.getScope()), true) .add(ACTION, SentryStore.toNULLCol(privilege.getAction()), true); Boolean grantOption = privilege.getGrantOption(); paramBuilder.addObject(SentryConstants.GRANT_OPTION, grantOption); List<? extends Authorizable> authorizables = privilege.getAuthorizables(); int nAuthorizables = authorizables.size(); for (int i = 0; i < MSentryGMPrivilege.AUTHORIZABLE_LEVEL; i++) { String resourceName = MSentryGMPrivilege.PREFIX_RESOURCE_NAME + String.valueOf(i); String resourceType = MSentryGMPrivilege.PREFIX_RESOURCE_TYPE + String.valueOf(i); if (i >= nAuthorizables) { paramBuilder.addNull(resourceName); paramBuilder.addNull(resourceType); } else { paramBuilder.add(resourceName, authorizables.get(i).getName(), true); paramBuilder.add(resourceType, authorizables.get(i).getTypeName(), true); } } return paramBuilder; }
private TSentryPrivilege toTSentryPrivilege(MSentryGMPrivilege mPrivilege) { TSentryPrivilege tPrivilege = new TSentryPrivilege(mPrivilege.getComponentName(), mPrivilege.getServiceName(), fromAuthorizable(mPrivilege.getAuthorizables()), mPrivilege.getAction()); if (mPrivilege.getGrantOption() == null) { tPrivilege.setGrantOption(TSentryGrantOption.UNSET); } else if (mPrivilege.getGrantOption()) { tPrivilege.setGrantOption(TSentryGrantOption.TRUE); } else { tPrivilege.setGrantOption(TSentryGrantOption.FALSE); } return tPrivilege; }
private TSentryPrivilege toTSentryPrivilege(MSentryGMPrivilege mPrivilege) { TSentryPrivilege tPrivilege = new TSentryPrivilege(mPrivilege.getComponentName(), mPrivilege.getServiceName(), fromAuthorizable(mPrivilege.getAuthorizables()), mPrivilege.getAction()); if (mPrivilege.getGrantOption() == null) { tPrivilege.setGrantOption(TSentryGrantOption.UNSET); } else if (mPrivilege.getGrantOption()) { tPrivilege.setGrantOption(TSentryGrantOption.TRUE); } else { tPrivilege.setGrantOption(TSentryGrantOption.FALSE); } return tPrivilege; }
String component = grantPrivilege.getComponentName(); BitFieldAction action = getAction(component, grantPrivilege.getAction()); BitFieldAction allAction = getAction(component, Action.ALL);
String component = grantPrivilege.getComponentName(); BitFieldAction action = getAction(component, grantPrivilege.getAction()); BitFieldAction allAction = getAction(component, Action.ALL);
MSentryGMPrivilege persistedPriv, MSentryRole role, PersistenceManager pm) { String component = revokePrivilege.getComponentName(); BitFieldAction revokeaction = getAction(component, revokePrivilege.getAction()); BitFieldAction persistedAction = getAction(component, persistedPriv.getAction());
MSentryGMPrivilege persistedPriv, MSentryRole role, PersistenceManager pm) throws SentryUserException { String component = revokePrivilege.getComponentName(); BitFieldAction revokeaction = getAction(component, revokePrivilege.getAction()); BitFieldAction persistedAction = getAction(component, persistedPriv.getAction());