/** * Return set of rolenames from a collection of roles * @param roles - collection of roles * @return set of role names for each role in collection */ public static Set<String> rolesToRoleNames(final Iterable<MSentryRole> roles) { Set<String> roleNames = new HashSet<>(); for (MSentryRole mSentryRole : roles) { roleNames.add(mSentryRole.getRoleName()); } return roleNames; }
private Set<String> convertToRoleNameSet(Set<MSentryRole> mSentryRoles) { if (mSentryRoles.isEmpty()) { return Collections.emptySet(); } Set<String> roleNameSet = new HashSet<>(mSentryRoles.size()); for (MSentryRole role : mSentryRoles) { roleNameSet.add(role.getRoleName()); } return roleNameSet; }
private TSentryPrivilegeMap toTSentryPrivilegeMap(Set<MSentryGMPrivilege> mPrivileges) { // Mapping of <Role, Set<Privilege>>. Map<String, Set<TSentryPrivilege>> tPrivilegeMap = Maps.newTreeMap(); for (MSentryGMPrivilege mPrivilege : mPrivileges) { for (MSentryRole role : mPrivilege.getRoles()) { TSentryPrivilege tPrivilege = toTSentryPrivilege(mPrivilege); if (tPrivilegeMap.containsKey(role.getRoleName())) { tPrivilegeMap.get(role.getRoleName()).add(tPrivilege); } else { Set<TSentryPrivilege> tPrivilegeSet = Sets.newTreeSet(); tPrivilegeSet.add(tPrivilege); tPrivilegeMap.put(role.getRoleName(), tPrivilegeSet); } } } return new TSentryPrivilegeMap(tPrivilegeMap); }
private TSentryPrivilegeMap toTSentryPrivilegeMap(Set<MSentryGMPrivilege> mPrivileges) { // Mapping of <Role, Set<Privilege>>. Map<String, Set<TSentryPrivilege>> tPrivilegeMap = Maps.newTreeMap(); for (MSentryGMPrivilege mPrivilege : mPrivileges) { for (MSentryRole role : mPrivilege.getRoles()) { TSentryPrivilege tPrivilege = toTSentryPrivilege(mPrivilege); if (tPrivilegeMap.containsKey(role.getRoleName())) { tPrivilegeMap.get(role.getRoleName()).add(tPrivilege); } else { Set<TSentryPrivilege> tPrivilegeSet = Sets.newTreeSet(); tPrivilegeSet.add(tPrivilege); tPrivilegeMap.put(role.getRoleName(), tPrivilegeSet); } } } return new TSentryPrivilegeMap(tPrivilegeMap); }
private Set<String> getAllRoleNames(PersistenceManager pm) { Query query = pm.newQuery(MSentryRole.class); List<MSentryRole> mSentryRoles = (List<MSentryRole>) query.execute(); Set<String> existRoleNames = Sets.newHashSet(); if (mSentryRoles != null) { for (MSentryRole mSentryRole : mSentryRoles) { existRoleNames.add(mSentryRole.getRoleName()); } } return existRoleNames; }
private TSentryRole convertToTSentryRole(MSentryRole mSentryRole) { String roleName = mSentryRole.getRoleName().intern(); Set<MSentryGroup> groups = mSentryRole.getGroups(); Set<TSentryGroup> sentryGroups = new HashSet<>(groups.size()); for(MSentryGroup mSentryGroup: groups) { TSentryGroup group = convertToTSentryGroup(mSentryGroup); sentryGroups.add(group); } return new TSentryRole(roleName, sentryGroups, EMPTY_GRANTOR_PRINCIPAL); }
private Map<String, Set<String>> getGroupRolesMap(Collection<MSentryRole> mSentryRoles) { if (mSentryRoles.isEmpty()) { return Collections.emptyMap(); } Map<String, Set<String>> groupRolesMap = new HashMap<>(); // change the List<MSentryRole> -> Map<groupName, Set<roleName>> for (MSentryRole mSentryRole : mSentryRoles) { Set<MSentryGroup> groups = mSentryRole.getGroups(); for (MSentryGroup group : groups) { String groupName = group.getGroupName(); Set<String> rNames = groupRolesMap.get(groupName); if (rNames == null) { rNames = new HashSet<>(); } rNames.add(mSentryRole.getRoleName()); groupRolesMap.put(groupName, rNames); } } return groupRolesMap; }
private Map<String, Set<String>> getUserRolesMap(Collection<MSentryRole> mSentryRoles) { if (mSentryRoles.isEmpty()) { return Collections.emptyMap(); } Map<String, Set<String>> userRolesMap = new HashMap<>(); // change the List<MSentryRole> -> Map<userName, Set<roleName>> for (MSentryRole mSentryRole : mSentryRoles) { Set<MSentryUser> users = mSentryRole.getUsers(); for (MSentryUser user : users) { String userName = user.getUserName(); Set<String> rNames = userRolesMap.get(userName); if (rNames == null) { rNames = new HashSet<>(); } rNames.add(mSentryRole.getRoleName()); userRolesMap.put(userName, rNames); } } return userRolesMap; }
private Map<String, Set<TSentryPrivilege>> getRolePrivilegesMap( Collection<MSentryPrivilege> mSentryPrivileges) { if (mSentryPrivileges.isEmpty()) { return Collections.emptyMap(); } // change the List<MSentryPrivilege> -> Map<roleName, Set<TSentryPrivilege>> Map<String, Set<TSentryPrivilege>> rolePrivilegesMap = new HashMap<>(); for (MSentryPrivilege mSentryPrivilege : mSentryPrivileges) { TSentryPrivilege privilege = convertToTSentryPrivilege(mSentryPrivilege); for (MSentryRole mSentryRole : mSentryPrivilege.getRoles()) { String roleName = mSentryRole.getRoleName(); Set<TSentryPrivilege> privileges = rolePrivilegesMap.get(roleName); if (privileges == null) { privileges = new HashSet<>(); } privileges.add(privilege); rolePrivilegesMap.put(roleName, privileges); } } return rolePrivilegesMap; }
@VisibleForTesting Map<String, MSentryRole> getRolesMap() throws Exception { return tm.executeTransaction( pm -> { pm.setDetachAllOnCommit(false); // No need to detach objects List<MSentryRole> mSentryRoles = getAllRoles(pm); if (mSentryRoles.isEmpty()) { return Collections.emptyMap(); } Map<String, MSentryRole> existRolesMap = new HashMap<>(mSentryRoles.size()); // change the List<MSentryRole> -> Map<roleName, Set<MSentryRole>> for (MSentryRole mSentryRole : mSentryRoles) { existRolesMap.put(mSentryRole.getRoleName(), mSentryRole); } return existRolesMap; }); }
/** * Explore Privilege graph and collect privileges that are belong to the specific privilege */ @SuppressWarnings("unchecked") private Set<MSentryGMPrivilege> populateIncludePrivileges(Set<MSentryRole> roles, MSentryGMPrivilege parent, PersistenceManager pm) { Set<MSentryGMPrivilege> childrens = Sets.newHashSet(); Query query = pm.newQuery(MSentryGMPrivilege.class); StringBuilder filters = new StringBuilder(); //add populateIncludePrivilegesQuery filters.append(MSentryGMPrivilege.populateIncludePrivilegesQuery(parent)); // add filter for role names if (roles != null && roles.size() > 0) { query.declareVariables("org.apache.sentry.provider.db.service.model.MSentryRole role"); List<String> rolesFiler = new LinkedList<String>(); for (MSentryRole role : roles) { rolesFiler.add("role.roleName == \"" + role.getRoleName() + "\" "); } filters.append("&& roles.contains(role) " + "&& (" + Joiner.on(" || ").join(rolesFiler) + ")"); } query.setFilter(filters.toString()); List<MSentryGMPrivilege> privileges = (List<MSentryGMPrivilege>)query.execute(); childrens.addAll(privileges); return childrens; }
public Set<TSentryRole> execute(PersistenceManager pm) throws Exception { Set<TSentryRole> tRoles = Sets.newHashSet(); pm.setDetachAllOnCommit(false); // No need to detach objects Set<MSentryRole> mSentryRoles = Sets.newHashSet(); if(groups.contains(null)) { mSentryRoles.addAll(delegate.getAllRoles(pm)); } else { mSentryRoles = delegate.getRolesForGroups(pm, groups); } for(MSentryRole mSentryRole: mSentryRoles) { String roleName = mSentryRole.getRoleName().intern(); Set<String> groupNames = Sets.newHashSet(); Set<MSentryGroup> mSentryGroups = mSentryRole.getGroups(); for(MSentryGroup mSentryGroup: mSentryGroups) { groupNames.add(mSentryGroup.getGroupName()); } tRoles.add(new TSentryRole(roleName, groupNames)); } return tRoles; } });
public boolean checkPrivilegeOption(Set<MSentryRole> roles, PrivilegeObject privilege, PersistenceManager pm) { MSentryGMPrivilege requestPrivilege = convertToPrivilege(privilege); boolean hasGrant = false; //get persistent privileges by roles Query query = pm.newQuery(MSentryGMPrivilege.class); StringBuilder filters = new StringBuilder(); if (roles != null && roles.size() > 0) { query.declareVariables("org.apache.sentry.provider.db.service.model.MSentryRole role"); List<String> rolesFiler = new LinkedList<String>(); for (MSentryRole role : roles) { rolesFiler.add("role.roleName == \"" + role.getRoleName() + "\" "); } filters.append("roles.contains(role) " + "&& (" + Joiner.on(" || ").join(rolesFiler) + ")"); } query.setFilter(filters.toString()); List<MSentryGMPrivilege> tPrivileges = (List<MSentryGMPrivilege>)query.execute(); for (MSentryGMPrivilege tPrivilege : tPrivileges) { if (tPrivilege.getGrantOption() && tPrivilege.implies(requestPrivilege)) { hasGrant = true; break; } } return hasGrant; } public void grantPrivilege(PrivilegeObject privilege,MSentryRole role, PersistenceManager pm) throws SentryUserException {
private TSentryRole convertToTSentryRole(MSentryRole mSentryRole) { TSentryRole role = new TSentryRole(); role.setRoleName(mSentryRole.getRoleName()); role.setGrantorPrincipal("--"); Set<TSentryGroup> sentryGroups = new HashSet<TSentryGroup>(); for(MSentryGroup mSentryGroup:mSentryRole.getGroups()) { TSentryGroup group = convertToTSentryGroup(mSentryGroup); sentryGroups.add(group); } role.setGroups(sentryGroups); return role; }
/** * This returns a Mapping of Role -> [Groups] */ public Map<String, LinkedList<String>> retrieveFullRoleImage() { Map<String, LinkedList<String>> retVal = new HashMap<String, LinkedList<String>>(); boolean rollbackTransaction = true; PersistenceManager pm = null; try { pm = openTransaction(); Query query = pm.newQuery(MSentryGroup.class); List<MSentryGroup> groups = (List<MSentryGroup>) query.execute(); for (MSentryGroup mGroup : groups) { for (MSentryRole role : mGroup.getRoles()) { LinkedList<String> rUpdate = retVal.get(role.getRoleName()); if (rUpdate == null) { rUpdate = new LinkedList<String>(); retVal.put(role.getRoleName(), rUpdate); } rUpdate.add(mGroup.getGroupName()); } } commitTransaction(pm); return retVal; } finally { if (rollbackTransaction) { rollbackTransaction(pm); } } }
@VisibleForTesting protected Map<String, MSentryRole> getRolesMap() { boolean rollbackTransaction = true; PersistenceManager pm = null; try { pm = openTransaction(); Query query = pm.newQuery(MSentryRole.class); List<MSentryRole> mSentryRoles = (List<MSentryRole>) query.execute(); Map<String, MSentryRole> existRolesMap = Maps.newHashMap(); if (mSentryRoles != null) { // change the List<MSentryRole> -> Map<roleName, Set<MSentryRole>> for (MSentryRole mSentryRole : mSentryRoles) { existRolesMap.put(mSentryRole.getRoleName(), mSentryRole); } } commitTransaction(pm); rollbackTransaction = false; return existRolesMap; } finally { if (rollbackTransaction) { rollbackTransaction(pm); } } }
/** * Fail test if role doesn't exist * @param roleName Role name to checl * @throws Exception */ private void checkRoleExists(String roleName) throws Exception { assertEquals(roleName.toLowerCase(), sentryStore.getMSentryRoleByName(roleName).getRoleName()); }
public Map<String, Set<TSentryPrivilege>> getRoleNameTPrivilegesMap() throws Exception { boolean rollbackTransaction = true; PersistenceManager pm = null; try { pm = openTransaction(); Query query = pm.newQuery(MSentryRole.class); List<MSentryRole> mSentryRoles = (List<MSentryRole>) query.execute(); Map<String, Set<TSentryPrivilege>> sentryRolePrivilegesMap = Maps.newHashMap(); if (mSentryRoles != null) { // change the List<MSentryRole> -> Map<roleName, Set<TSentryPrivilege>> for (MSentryRole mSentryRole : mSentryRoles) { Set<TSentryPrivilege> privilegeSet = convertToTSentryPrivileges(mSentryRole .getPrivileges()); if (privilegeSet != null && !privilegeSet.isEmpty()) { sentryRolePrivilegesMap.put(mSentryRole.getRoleName(), privilegeSet); } } } commitTransaction(pm); rollbackTransaction = false; return sentryRolePrivilegesMap; } finally { if (rollbackTransaction) { rollbackTransaction(pm); } } }
List<String> rolesFiler = new LinkedList<String>(); for (MSentryRole role : roles) { rolesFiler.add("role.roleName == \"" + role.getRoleName() + "\" ");
public Set<String> getRoleNamesForGroups(Set<String> groups) { Set<String> result = new HashSet<String>(); boolean rollbackTransaction = true; PersistenceManager pm = null; try { pm = openTransaction(); Query query = pm.newQuery(MSentryGroup.class); query.setFilter("this.groupName == t"); query.declareParameters("java.lang.String t"); query.setUnique(true); for (String group : groups) { MSentryGroup sentryGroup = (MSentryGroup) query.execute(group.trim()); if (sentryGroup != null) { for (MSentryRole role : sentryGroup.getRoles()) { result.add(role.getRoleName()); } } } rollbackTransaction = false; commitTransaction(pm); return result; } finally { if (rollbackTransaction) { rollbackTransaction(pm); } } }