public TSentryPrivilege deepCopy() { return new TSentryPrivilege(this); }
protected TSentryPrivilege convertToTSentryPrivilege(MSentryPrivilege mSentryPrivilege) { TSentryPrivilege privilege = new TSentryPrivilege(); convertToTSentryPrivilege(mSentryPrivilege, privilege); return privilege; }
/** * Performs a deep copy on <i>other</i>. */ public TSentryPrivilegeMap(TSentryPrivilegeMap other) { if (other.isSetPrivilegeMap()) { Map<String,Set<TSentryPrivilege>> __this__privilegeMap = new HashMap<String,Set<TSentryPrivilege>>(); for (Map.Entry<String, Set<TSentryPrivilege>> other_element : other.privilegeMap.entrySet()) { String other_element_key = other_element.getKey(); Set<TSentryPrivilege> other_element_value = other_element.getValue(); String __this__privilegeMap_copy_key = other_element_key; Set<TSentryPrivilege> __this__privilegeMap_copy_value = new HashSet<TSentryPrivilege>(); for (TSentryPrivilege other_element_value_element : other_element_value) { __this__privilegeMap_copy_value.add(new TSentryPrivilege(other_element_value_element)); } __this__privilegeMap.put(__this__privilegeMap_copy_key, __this__privilegeMap_copy_value); } this.privilegeMap = __this__privilegeMap; } }
/** * Performs a deep copy on <i>other</i>. */ public TAlterSentryRoleGrantPrivilegeResponse(TAlterSentryRoleGrantPrivilegeResponse other) { if (other.isSetStatus()) { this.status = new org.apache.sentry.service.thrift.TSentryResponseStatus(other.status); } if (other.isSetPrivilege()) { this.privilege = new TSentryPrivilege(other.privilege); } if (other.isSetPrivileges()) { Set<TSentryPrivilege> __this__privileges = new HashSet<TSentryPrivilege>(); for (TSentryPrivilege other_element : other.privileges) { __this__privileges.add(new TSentryPrivilege(other_element)); } this.privileges = __this__privileges; } }
/** * Performs a deep copy on <i>other</i>. */ public TListSentryPrivilegesResponse(TListSentryPrivilegesResponse other) { if (other.isSetStatus()) { this.status = new org.apache.sentry.service.thrift.TSentryResponseStatus(other.status); } if (other.isSetPrivileges()) { Set<TSentryPrivilege> __this__privileges = new HashSet<TSentryPrivilege>(); for (TSentryPrivilege other_element : other.privileges) { __this__privileges.add(new TSentryPrivilege(other_element)); } this.privileges = __this__privileges; } }
/** * Performs a deep copy on <i>other</i>. */ public TAlterSentryRoleRevokePrivilegeRequest(TAlterSentryRoleRevokePrivilegeRequest other) { __isset_bitfield = other.__isset_bitfield; this.protocol_version = other.protocol_version; if (other.isSetRequestorUserName()) { this.requestorUserName = other.requestorUserName; } if (other.isSetRoleName()) { this.roleName = other.roleName; } if (other.isSetPrivilege()) { this.privilege = new TSentryPrivilege(other.privilege); } if (other.isSetPrivileges()) { Set<TSentryPrivilege> __this__privileges = new HashSet<TSentryPrivilege>(); for (TSentryPrivilege other_element : other.privileges) { __this__privileges.add(new TSentryPrivilege(other_element)); } this.privileges = __this__privileges; } }
/** * Performs a deep copy on <i>other</i>. */ public TAlterSentryRoleGrantPrivilegeRequest(TAlterSentryRoleGrantPrivilegeRequest other) { __isset_bitfield = other.__isset_bitfield; this.protocol_version = other.protocol_version; if (other.isSetRequestorUserName()) { this.requestorUserName = other.requestorUserName; } if (other.isSetRoleName()) { this.roleName = other.roleName; } if (other.isSetPrivilege()) { this.privilege = new TSentryPrivilege(other.privilege); } if (other.isSetPrivileges()) { Set<TSentryPrivilege> __this__privileges = new HashSet<TSentryPrivilege>(); for (TSentryPrivilege other_element : other.privileges) { __this__privileges.add(new TSentryPrivilege(other_element)); } this.privileges = __this__privileges; } }
private Set<TSentryPrivilege> convertColumnPrivilege( PrivilegeScope scope, String serverName, String uri, String db, String table, String column, String action, Boolean grantOption) { ImmutableSet.Builder<TSentryPrivilege> setBuilder = ImmutableSet.builder(); TSentryPrivilege privilege = new TSentryPrivilege(); privilege.setPrivilegeScope(scope.toString()); privilege.setServerName(serverName); privilege.setURI(uri); privilege.setDbName(db); privilege.setTableName(table); privilege.setColumnName(column); privilege.setAction(action); privilege.setCreateTime(System.currentTimeMillis()); privilege.setGrantOption(convertTSentryGrantOption(grantOption)); setBuilder.add(privilege); return setBuilder.build(); }
@Override public void read(org.apache.thrift.protocol.TProtocol prot, TListSentryPrivilegesResponse struct) throws org.apache.thrift.TException { TTupleProtocol iprot = (TTupleProtocol) prot; struct.status = new org.apache.sentry.service.thrift.TSentryResponseStatus(); struct.status.read(iprot); struct.setStatusIsSet(true); BitSet incoming = iprot.readBitSet(1); if (incoming.get(0)) { { org.apache.thrift.protocol.TSet _set61 = new org.apache.thrift.protocol.TSet(org.apache.thrift.protocol.TType.STRUCT, iprot.readI32()); struct.privileges = new HashSet<TSentryPrivilege>(2*_set61.size); for (int _i62 = 0; _i62 < _set61.size; ++_i62) { TSentryPrivilege _elem63; // required _elem63 = new TSentryPrivilege(); _elem63.read(iprot); struct.privileges.add(_elem63); } } struct.setPrivilegesIsSet(true); } } }
private TSentryPrivilege grantPrivilege(String requestorUserName, String roleName, PrivilegeScope scope, String serverName, String uri, String db, String table, String column, String action, Boolean grantOption) throws SentryUserException { TAlterSentryRoleGrantPrivilegeRequest request = new TAlterSentryRoleGrantPrivilegeRequest(); request.setProtocol_version(ThriftConstants.TSENTRY_SERVICE_VERSION_CURRENT); request.setRequestorUserName(requestorUserName); request.setRoleName(roleName); Set<TSentryPrivilege> privileges = convertColumnPrivilege(scope, serverName, uri, db, table, column, action, grantOption); request.setPrivileges(privileges); try { TAlterSentryRoleGrantPrivilegeResponse response = client.alter_sentry_role_grant_privilege(request); Status.throwIfNotOk(response.getStatus()); if (response.isSetPrivileges() && response.getPrivilegesSize()>0 ) { return response.getPrivileges().iterator().next(); } else { return new TSentryPrivilege(); } } catch (TException e) { throw new SentryUserException(THRIFT_EXCEPTION_MESSAGE, e); } }
@Test public void testURI() throws Exception { String roleName = "test-dup-role"; String grantor = "g1"; String uri = "file:///var/folders/dt/9zm44z9s6bjfxbrm4v36lzdc0000gp/T/1401860678102-0/data/kv1.dat"; sentryStore.createSentryRole(roleName); TSentryPrivilege tSentryPrivilege = new TSentryPrivilege("URI", "server1", "ALL"); tSentryPrivilege.setURI(uri); sentryStore.alterSentryRoleGrantPrivilege(grantor, roleName, tSentryPrivilege); TSentryAuthorizable tSentryAuthorizable = new TSentryAuthorizable(); tSentryAuthorizable.setUri(uri); tSentryAuthorizable.setServer("server1"); Set<TSentryPrivilege> privileges = sentryStore.getTSentryPrivileges(new HashSet<String>(Arrays.asList(roleName)), tSentryAuthorizable); assertTrue(privileges.size() == 1); Set<TSentryGroup> tSentryGroups = new HashSet<TSentryGroup>(); tSentryGroups.add(new TSentryGroup("group1")); sentryStore.alterSentryRoleAddGroups(grantor, roleName, tSentryGroups); TSentryActiveRoleSet thriftRoleSet = new TSentryActiveRoleSet(true, new HashSet<String>(Arrays.asList(roleName))); Set<String> privs = sentryStore.listSentryPrivilegesForProvider(new HashSet<String>(Arrays.asList("group1")), thriftRoleSet, tSentryAuthorizable); assertTrue(privs.size()==1); assertTrue(privs.contains("server=server1->uri=" + uri + "->action=all")); }
@Test public void testDropOverlappedPrivileges() throws Exception { String roleName1 = "list-privs-r1"; String grantor = "g1"; sentryStore.createSentryRole(roleName1); TSentryPrivilege privilege_tbl1 = new TSentryPrivilege(); privilege_tbl1.setPrivilegeScope("TABLE"); privilege_tbl1.setServerName("server1"); privilege_tbl1.setDbName("db1"); privilege_tbl1.setTableName("tbl1"); privilege_tbl1.setCreateTime(System.currentTimeMillis()); TSentryPrivilege privilege_tbl1_insert = new TSentryPrivilege( privilege_tbl1); privilege_tbl1_insert.setAction("INSERT"); TSentryPrivilege privilege_tbl1_all = new TSentryPrivilege(privilege_tbl1); privilege_tbl1_all.setAction("*"); sentryStore.alterSentryRoleGrantPrivilege(grantor, roleName1, privilege_tbl1_insert); sentryStore.alterSentryRoleGrantPrivilege(grantor, roleName1, privilege_tbl1_all); sentryStore.dropPrivilege(toTSentryAuthorizable(privilege_tbl1)); assertEquals(0, sentryStore.getAllTSentryPrivilegesByRoleName(roleName1) .size()); }
private TSentryPrivilege getPrivilege(String action, String privilegeScope, String dbName, String tableName, String serverName, String URI) { TSentryPrivilege privilege = new TSentryPrivilege(); privilege.setAction(action); privilege.setPrivilegeScope(privilegeScope); privilege.setDbName(dbName); privilege.setTableName(tableName); privilege.setServerName(serverName); privilege.setURI(URI); return privilege; }
private TSentryPrivilege getPrivilege(String action, String privilegeScope, String dbName, String tableName, String serverName, String URI) { TSentryPrivilege privilege = new TSentryPrivilege(); privilege.setAction(action); privilege.setPrivilegeScope(privilegeScope); privilege.setDbName(dbName); privilege.setTableName(tableName); privilege.setServerName(serverName); privilege.setURI(URI); return privilege; }
@Test public void testSentryPrivilegeSize() throws Exception { String role1 = "role1"; String role2 = "role2"; sentryStore.createSentryRole(role1); sentryStore.createSentryRole(role2); TSentryPrivilege privilege = new TSentryPrivilege(); privilege.setPrivilegeScope("TABLE"); privilege.setServerName("server1"); privilege.setDbName("db1"); privilege.setTableName("tb1"); privilege.setCreateTime(System.currentTimeMillis()); String grantor = "g1"; assertEquals(Long.valueOf(0), sentryStore.getPrivilegeCountGauge().getValue()); sentryStore.alterSentryRoleGrantPrivilege(grantor, role1, privilege); assertEquals(Long.valueOf(1), sentryStore.getPrivilegeCountGauge().getValue()); sentryStore.alterSentryRoleGrantPrivilege(grantor, role2, privilege); assertEquals(Long.valueOf(1), sentryStore.getPrivilegeCountGauge().getValue()); privilege.setTableName("tb2"); sentryStore.alterSentryRoleGrantPrivilege(grantor, role2, privilege); assertEquals(Long.valueOf(2), sentryStore.getPrivilegeCountGauge().getValue()); }
@Test public void testCaseSensitiveScope() throws Exception { String roleName = "role1"; String grantor = "g1"; long seqId = sentryStore.createSentryRole(roleName).getSequenceId(); TSentryPrivilege sentryPrivilege = new TSentryPrivilege("Database", "server1", "all"); sentryPrivilege.setDbName("db1"); assertEquals(seqId + 1, sentryStore.alterSentryRoleGrantPrivilege(grantor, roleName, sentryPrivilege).getSequenceId()); } @Test
private TSentryPrivilege createTSentryPrivilege(String scope, String server, String dbName, String tableName, String columnName, String uri, String action, TSentryGrantOption grantOption) { TSentryPrivilege tSentryPrivilege = new TSentryPrivilege(); tSentryPrivilege.setPrivilegeScope(scope); tSentryPrivilege.setServerName(server); tSentryPrivilege.setDbName(dbName); tSentryPrivilege.setTableName(tableName); tSentryPrivilege.setColumnName(columnName); tSentryPrivilege.setURI(uri); tSentryPrivilege.setAction(action); tSentryPrivilege.setGrantOption(grantOption); return tSentryPrivilege; }
@Test public void testCaseInsensitiveRole() throws Exception { String roleName = "newRole"; String grantor = "g1"; Set<TSentryGroup> groups = Sets.newHashSet(); TSentryGroup group = new TSentryGroup(); group.setGroupName("test-groups-g1"); groups.add(group); TSentryPrivilege privilege = new TSentryPrivilege(); privilege.setPrivilegeScope("TABLE"); privilege.setServerName("server1"); privilege.setDbName("default"); privilege.setTableName("table1"); privilege.setAction(AccessConstants.ALL); privilege.setCreateTime(System.currentTimeMillis()); long seqId = sentryStore.createSentryRole(roleName).getSequenceId(); assertEquals(seqId + 1, sentryStore.alterSentryRoleAddGroups(grantor, roleName, groups).getSequenceId()); assertEquals(seqId + 2, sentryStore.alterSentryRoleDeleteGroups(roleName, groups).getSequenceId()); assertEquals(seqId + 3, sentryStore.alterSentryRoleGrantPrivilege(grantor, roleName, privilege).getSequenceId()); assertEquals(seqId + 4, sentryStore.alterSentryRoleRevokePrivilege(grantor, roleName, privilege).getSequenceId()); } @Test
@Test public void testGrantDuplicatePrivilege() throws Exception { String roleName = "test-privilege"; String grantor = "g1"; String server = "server1"; String db = "db1"; String table = "tbl1"; long seqId = sentryStore.createSentryRole(roleName).getSequenceId(); TSentryPrivilege privilege = new TSentryPrivilege(); privilege.setPrivilegeScope("TABLE"); privilege.setServerName(server); privilege.setDbName(db); privilege.setTableName(table); privilege.setAction(AccessConstants.ALL); privilege.setCreateTime(System.currentTimeMillis()); assertEquals(seqId + 1, sentryStore.alterSentryRoleGrantPrivilege(grantor, roleName, privilege) .getSequenceId()); assertEquals(seqId + 2, sentryStore.alterSentryRoleGrantPrivilege(grantor, roleName, privilege) .getSequenceId()); privilege.setServerName("Server1"); privilege.setDbName("DB1"); privilege.setTableName("TBL1"); assertEquals(seqId + 3, sentryStore.alterSentryRoleGrantPrivilege(grantor, roleName, privilege) .getSequenceId()); MSentryRole role = sentryStore.getMSentryRoleByName(roleName); Set<MSentryPrivilege> privileges = role.getPrivileges(); assertEquals(privileges.toString(), 1, privileges.size()); }
private TSentryPrivilege toSentryPrivilege(TSentryAuthorizable tAuthorizable) throws SentryInvalidInputException { TSentryPrivilege tSentryPrivilege = new TSentryPrivilege(); tSentryPrivilege.setDbName(fromNULLCol(tAuthorizable.getDb())); tSentryPrivilege.setServerName(fromNULLCol(tAuthorizable.getServer())); tSentryPrivilege.setTableName(fromNULLCol(tAuthorizable.getTable())); tSentryPrivilege.setColumnName(fromNULLCol(tAuthorizable.getColumn())); tSentryPrivilege.setURI(fromNULLCol(tAuthorizable.getUri())); PrivilegeScope scope; if (!isNULL(tSentryPrivilege.getColumnName())) { scope = PrivilegeScope.COLUMN; } else if (!isNULL(tSentryPrivilege.getTableName())) { scope = PrivilegeScope.TABLE; } else if (!isNULL(tSentryPrivilege.getDbName())) { scope = PrivilegeScope.DATABASE; } else if (!isNULL(tSentryPrivilege.getURI())) { scope = PrivilegeScope.URI; } else { scope = PrivilegeScope.SERVER; } tSentryPrivilege.setPrivilegeScope(scope.name()); tSentryPrivilege.setAction(AccessConstants.ALL); return tSentryPrivilege; }