private Set<MSentryPrivilege> getMSentryPrivilegesByRoleName(String roleName) throws Exception { MSentryRole mSentryRole = getMSentryRoleByName(roleName); return mSentryRole.getPrivileges(); }
private Set<MSentryPrivilege> getMSentryPrivilegesByRoleName(String roleName) throws SentryNoSuchObjectException { MSentryRole mSentryRole = getMSentryRoleByName(roleName); return mSentryRole.getPrivileges(); }
/** * Removes all the privileges associated with * a particular role. After this dis-association if the * privilege doesn't have any roles associated it will be * removed from the underlying persistence layer. * @param pm Instance of PersistenceManager * @param sentryRole Role for which all the privileges are to be removed. */ private void removePrivileges(PersistenceManager pm, MSentryRole sentryRole) { List<MSentryPrivilege> privilegesCopy = new ArrayList<>(sentryRole.getPrivileges()); List<MSentryGMPrivilege> gmPrivilegesCopy = new ArrayList<>(sentryRole.getGmPrivileges()); sentryRole.removePrivileges(); // with SENTRY-398 generic model sentryRole.removeGMPrivileges(); removeStaledPrivileges(pm, privilegesCopy); removeStaledGMPrivileges(pm, gmPrivilegesCopy); }
public Map<String, Set<TSentryPrivilege>> getRoleNameTPrivilegesMap() throws Exception { boolean rollbackTransaction = true; PersistenceManager pm = null; try { pm = openTransaction(); Query query = pm.newQuery(MSentryRole.class); List<MSentryRole> mSentryRoles = (List<MSentryRole>) query.execute(); Map<String, Set<TSentryPrivilege>> sentryRolePrivilegesMap = Maps.newHashMap(); if (mSentryRoles != null) { // change the List<MSentryRole> -> Map<roleName, Set<TSentryPrivilege>> for (MSentryRole mSentryRole : mSentryRoles) { Set<TSentryPrivilege> privilegeSet = convertToTSentryPrivileges(mSentryRole .getPrivileges()); if (privilegeSet != null && !privilegeSet.isEmpty()) { sentryRolePrivilegesMap.put(mSentryRole.getRoleName(), privilegeSet); } } } commitTransaction(pm); rollbackTransaction = false; return sentryRolePrivilegesMap; } finally { if (rollbackTransaction) { rollbackTransaction(pm); } } }
private void dropSentryRoleCore(PersistenceManager pm, String roleName) throws SentryNoSuchObjectException { String lRoleName = roleName.trim().toLowerCase(); Query query = pm.newQuery(MSentryRole.class); query.setFilter("this.roleName == t"); query.declareParameters("java.lang.String t"); query.setUnique(true); MSentryRole sentryRole = (MSentryRole) query.execute(lRoleName); if (sentryRole == null) { throw new SentryNoSuchObjectException("Role: " + lRoleName + " doesn't exist"); } else { pm.retrieve(sentryRole); int numPrivs = sentryRole.getPrivileges().size(); sentryRole.removePrivileges(); // with SENTRY-398 generic model sentryRole.removeGMPrivileges(); privCleaner.incPrivRemoval(numPrivs); pm.deletePersistent(sentryRole); } }
for (MSentryRole mSentryRole : mSentryRoles) { Set<TSentryPrivilege> tPrivileges = convertToTSentryPrivileges(mSentryRole.getPrivileges()); allRolesPrivileges.put(mSentryRole.getRoleName(), tPrivileges);
sentryStore.alterSentryGrantPrivileges(SentryPrincipalType.ROLE, roleName, Sets.newHashSet(privilege), null); MSentryRole role = sentryStore.getMSentryRoleByName(roleName); Set<MSentryPrivilege> privileges = role.getPrivileges(); assertEquals(privileges.toString(), 1, privileges.size()); privileges = role.getPrivileges(); assertEquals(privileges.toString(), 2, privileges.size());
Set<MSentryPrivilege> privileges = role.getPrivileges(); assertEquals(privileges.toString(), 1, privileges.size()); privileges = role.getPrivileges(); assertEquals(privileges.toString(), 1, privileges.size()); privileges = role.getPrivileges(); assertEquals(privileges.toString(), 1, privileges.size()); assertEquals(totalPrivileges.toString(),1, totalPrivileges.size()); role = sentryStore.getMSentryRoleByName(roleName); privileges = role.getPrivileges(); assertEquals(privileges.toString(), 1, privileges.size());
@Test public void testGrantDuplicatePrivilege() throws Exception { String roleName = "test-privilege"; String server = "server1"; String db = "db1"; String table = "tbl1"; createRole(roleName); TSentryPrivilege privilege = new TSentryPrivilege(); privilege.setPrivilegeScope("TABLE"); privilege.setServerName(server); privilege.setDbName(db); privilege.setTableName(table); privilege.setAction(AccessConstants.ALL); privilege.setCreateTime(System.currentTimeMillis()); sentryStore.alterSentryGrantPrivileges(SentryPrincipalType.ROLE, roleName, Sets.newHashSet(privilege), null); sentryStore.alterSentryGrantPrivileges(SentryPrincipalType.ROLE, roleName, Sets.newHashSet(privilege), null); privilege.setServerName("Server1"); privilege.setDbName("DB1"); privilege.setTableName("TBL1"); sentryStore.alterSentryGrantPrivileges(SentryPrincipalType.ROLE, roleName, Sets.newHashSet(privilege), null); MSentryRole role = sentryStore.getMSentryRoleByName(roleName); Set<MSentryPrivilege> privileges = role.getPrivileges(); assertEquals(privileges.toString(), 1, privileges.size()); }
Set<MSentryPrivilege> privileges = role.getPrivileges(); assertEquals(privileges.toString(), 4, privileges.size()); privileges = role.getPrivileges(); assertEquals(privileges.toString(), 2, privileges.size()); privileges = role.getPrivileges(); assertEquals(privileges.toString(), 0, privileges.size());
private void revokeRolePartial(PersistenceManager pm, MSentryRole mRole, MSentryPrivilege currentPrivilege, MSentryPrivilege persistedPriv, String addAction) throws SentryInvalidInputException { // If table / URI, remove ALL persistedPriv.removeRole(mRole); privCleaner.incPrivRemoval(); pm.makePersistent(persistedPriv); currentPrivilege.setAction(AccessConstants.ALL); persistedPriv = getMSentryPrivilege(convertToTSentryPrivilege(currentPrivilege), pm); if (persistedPriv != null && mRole.getPrivileges().contains(persistedPriv)) { persistedPriv.removeRole(mRole); privCleaner.incPrivRemoval(); pm.makePersistent(persistedPriv); currentPrivilege.setAction(addAction); persistedPriv = getMSentryPrivilege(convertToTSentryPrivilege(currentPrivilege), pm); if (persistedPriv == null) { persistedPriv = convertToMSentryPrivilege(convertToTSentryPrivilege(currentPrivilege)); mRole.appendPrivilege(persistedPriv); } persistedPriv.appendRole(mRole); pm.makePersistent(persistedPriv); } }
sentryStore.alterSentryGrantPrivileges(SentryPrincipalType.ROLE, roleName, Sets.newHashSet(privilege), null); MSentryRole role = sentryStore.getMSentryRoleByName(roleName); Set<MSentryPrivilege> privileges = role.getPrivileges(); assertEquals(privileges.toString(), 1, privileges.size()); privilege.setAction(AccessConstants.SELECT); privileges = role.getPrivileges(); assertEquals(privileges.toString(), 1, privileges.size()); for (MSentryPrivilege mPrivilege : privileges) {
sentryStore.alterSentryRevokePrivileges(SentryPrincipalType.ROLE, roleName, Sets.newHashSet(privilege), null); MSentryRole role = sentryStore.getMSentryRoleByName(roleName); Set<MSentryPrivilege> privileges = role.getPrivileges(); assertEquals(privileges.toString(), 0, privileges.size());
assertEquals("Privilege Count", 0, role.getPrivileges().size());
.getSequenceId()); MSentryRole role = sentryStore.getMSentryRoleByName(roleName); Set<MSentryPrivilege> privileges = role.getPrivileges(); assertEquals(privileges.toString(), 1, privileges.size()); privilege.setAction(AccessConstants.SELECT); privileges = role.getPrivileges(); assertEquals(privileges.toString(), 1, privileges.size()); MSentryPrivilege mPrivilege = Iterables.get(privileges, 0);
sentryStore.alterSentryRoleRevokePrivilege(grantor, roleName, privilege); MSentryRole role = sentryStore.getMSentryRoleByName(roleName); Set<MSentryPrivilege> privileges = role.getPrivileges(); assertEquals(privileges.toString(), 0, privileges.size());
Set<MSentryPrivilege> privileges = role.getPrivileges(); assertEquals(privileges.toString(), i+1, privileges.size()); MSentryPrivilege mPrivilege = Iterables.get(privileges, 0);
@Test public void testGrantDuplicatePrivilege() throws Exception { String roleName = "test-privilege"; String grantor = "g1"; String server = "server1"; String db = "db1"; String table = "tbl1"; long seqId = sentryStore.createSentryRole(roleName).getSequenceId(); TSentryPrivilege privilege = new TSentryPrivilege(); privilege.setPrivilegeScope("TABLE"); privilege.setServerName(server); privilege.setDbName(db); privilege.setTableName(table); privilege.setAction(AccessConstants.ALL); privilege.setCreateTime(System.currentTimeMillis()); assertEquals(seqId + 1, sentryStore.alterSentryRoleGrantPrivilege(grantor, roleName, privilege) .getSequenceId()); assertEquals(seqId + 2, sentryStore.alterSentryRoleGrantPrivilege(grantor, roleName, privilege) .getSequenceId()); privilege.setServerName("Server1"); privilege.setDbName("DB1"); privilege.setTableName("TBL1"); assertEquals(seqId + 3, sentryStore.alterSentryRoleGrantPrivilege(grantor, roleName, privilege) .getSequenceId()); MSentryRole role = sentryStore.getMSentryRoleByName(roleName); Set<MSentryPrivilege> privileges = role.getPrivileges(); assertEquals(privileges.toString(), 1, privileges.size()); }
role = getMSentryRole(pm, roleName); pm.retrieve(role); assertEquals(1, role.getPrivileges().size()); assertEquals(0, role.getGmPrivileges().size()); commitTransaction(pm); role = getMSentryRole(pm, roleName); pm.retrieve(role); assertEquals(1, role.getPrivileges().size()); assertEquals(1, role.getGmPrivileges().size()); commitTransaction(pm);
role = getMSentryRole(pm, roleName); pm.retrieve(role); assertEquals(1, role.getPrivileges().size()); assertEquals(1, role.getGmPrivileges().size()); commitTransaction(pm); fail("unexpect happend: the MSentryGMPrivilege:" + solrPrivilege2 + " already be granted"); if (!role.getPrivileges().contains(hivePrivilege2)) { fail("unexpect happend: the MSentryPrivilege:" + hivePrivilege2 + " already be granted");