public static TSentryPrivilege convertToTSentryPrivilege(String privilegeStr) { TSentryPrivilege tSentryPrivilege = new TSentryPrivilege(); for (String authorizable : PolicyConstants.AUTHORIZABLE_SPLITTER.split(privilegeStr)) { KeyValue tempKV = new KeyValue(authorizable); String key = tempKV.getKey(); String value = tempKV.getValue(); if (PolicyFileConstants.PRIVILEGE_SERVER_NAME.equalsIgnoreCase(key)) { tSentryPrivilege.setServerName(value); } else if (PolicyFileConstants.PRIVILEGE_DATABASE_NAME.equalsIgnoreCase(key)) { tSentryPrivilege.setDbName(value); } else if (PolicyFileConstants.PRIVILEGE_TABLE_NAME.equalsIgnoreCase(key)) { tSentryPrivilege.setTableName(value); } else if (PolicyFileConstants.PRIVILEGE_COLUMN_NAME.equalsIgnoreCase(key)) { tSentryPrivilege.setColumnName(value); } else if (PolicyFileConstants.PRIVILEGE_URI_NAME.equalsIgnoreCase(key)) { tSentryPrivilege.setURI(value); } else if (PolicyFileConstants.PRIVILEGE_ACTION_NAME.equalsIgnoreCase(key)) { tSentryPrivilege.setAction(value); } else if (PolicyFileConstants.PRIVILEGE_GRANT_OPTION_NAME.equalsIgnoreCase(key)) { TSentryGrantOption grantOption = "true".equalsIgnoreCase(value) ? TSentryGrantOption.TRUE : TSentryGrantOption.FALSE; tSentryPrivilege.setGrantOption(grantOption); } } tSentryPrivilege.setPrivilegeScope(getPrivilegeScope(tSentryPrivilege)); return tSentryPrivilege; }
public static TSentryPrivilege convertToTSentryPrivilege(String privilegeStr) throws Exception { TSentryPrivilege tSentryPrivilege = new TSentryPrivilege(); for (String authorizable : PolicyConstants.AUTHORIZABLE_SPLITTER.split(privilegeStr)) { KeyValue tempKV = new KeyValue(authorizable); String key = tempKV.getKey(); String value = tempKV.getValue(); if (PolicyFileConstants.PRIVILEGE_SERVER_NAME.equalsIgnoreCase(key)) { tSentryPrivilege.setServerName(value); } else if (PolicyFileConstants.PRIVILEGE_DATABASE_NAME.equalsIgnoreCase(key)) { tSentryPrivilege.setDbName(value); } else if (PolicyFileConstants.PRIVILEGE_TABLE_NAME.equalsIgnoreCase(key)) { tSentryPrivilege.setTableName(value); } else if (PolicyFileConstants.PRIVILEGE_COLUMN_NAME.equalsIgnoreCase(key)) { tSentryPrivilege.setColumnName(value); } else if (PolicyFileConstants.PRIVILEGE_URI_NAME.equalsIgnoreCase(key)) { tSentryPrivilege.setURI(value); } else if (PolicyFileConstants.PRIVILEGE_ACTION_NAME.equalsIgnoreCase(key)) { tSentryPrivilege.setAction(value); } else if (PolicyFileConstants.PRIVILEGE_GRANT_OPTION_NAME.equalsIgnoreCase(key)) { TSentryGrantOption grantOption = "true".equalsIgnoreCase(value) ? TSentryGrantOption.TRUE : TSentryGrantOption.FALSE; tSentryPrivilege.setGrantOption(grantOption); } } tSentryPrivilege.setPrivilegeScope(getPrivilegeScope(tSentryPrivilege)); validatePrivilegeHierarchy(tSentryPrivilege); return tSentryPrivilege; }
private Set<TSentryPrivilege> convertColumnPrivilege( PrivilegeScope scope, String serverName, String uri, String db, String table, String column, String action, Boolean grantOption) { ImmutableSet.Builder<TSentryPrivilege> setBuilder = ImmutableSet.builder(); TSentryPrivilege privilege = new TSentryPrivilege(); privilege.setPrivilegeScope(scope.toString()); privilege.setServerName(serverName); privilege.setURI(uri); privilege.setDbName(db); privilege.setTableName(table); privilege.setColumnName(column); privilege.setAction(action); privilege.setCreateTime(System.currentTimeMillis()); privilege.setGrantOption(convertTSentryGrantOption(grantOption)); setBuilder.add(privilege); return setBuilder.build(); }
privilege.setTableName(table); privilege.setColumnName(null); privilege.setAction(action); privilege.setCreateTime(System.currentTimeMillis()); privilege.setGrantOption(convertTSentryGrantOption(grantOption)); privilege.setTableName(table); privilege.setColumnName(column); privilege.setAction(action); privilege.setCreateTime(System.currentTimeMillis()); privilege.setGrantOption(convertTSentryGrantOption(grantOption));
private TSentryPrivilege getPrivilege(String action, String privilegeScope, String dbName, String tableName, String serverName, String URI) { TSentryPrivilege privilege = new TSentryPrivilege(); privilege.setAction(action); privilege.setPrivilegeScope(privilegeScope); privilege.setDbName(dbName); privilege.setTableName(tableName); privilege.setServerName(serverName); privilege.setURI(URI); return privilege; }
private TSentryPrivilege getPrivilege(String action, String privilegeScope, String dbName, String tableName, String serverName, String URI) { TSentryPrivilege privilege = new TSentryPrivilege(); privilege.setAction(action); privilege.setPrivilegeScope(privilegeScope); privilege.setDbName(dbName); privilege.setTableName(tableName); privilege.setServerName(serverName); privilege.setURI(URI); return privilege; }
private void convertToTSentryPrivilege(MSentryPrivilege mSentryPrivilege, TSentryPrivilege privilege) { privilege.setCreateTime(mSentryPrivilege.getCreateTime()); privilege.setAction(fromNULLCol(mSentryPrivilege.getAction())); privilege.setPrivilegeScope(mSentryPrivilege.getPrivilegeScope()); privilege.setServerName(fromNULLCol(mSentryPrivilege.getServerName())); privilege.setDbName(fromNULLCol(mSentryPrivilege.getDbName())); privilege.setTableName(fromNULLCol(mSentryPrivilege.getTableName())); privilege.setColumnName(fromNULLCol(mSentryPrivilege.getColumnName())); privilege.setURI(fromNULLCol(mSentryPrivilege.getURI())); if (mSentryPrivilege.getGrantOption() != null) { privilege.setGrantOption(TSentryGrantOption.valueOf(mSentryPrivilege.getGrantOption().toString().toUpperCase())); } else { privilege.setGrantOption(TSentryGrantOption.UNSET); } }
/** * Drop given privilege from all roles */ public void dropPrivilege(TSentryAuthorizable tAuthorizable) throws SentryNoSuchObjectException, SentryInvalidInputException { PersistenceManager pm = null; boolean rollbackTransaction = true; TSentryPrivilege tPrivilege = toSentryPrivilege(tAuthorizable); try { pm = openTransaction(); if (isMultiActionsSupported(tPrivilege)) { for (String privilegeAction : ALL_ACTIONS) { tPrivilege.setAction(privilegeAction); dropPrivilegeForAllRoles(pm, new TSentryPrivilege(tPrivilege)); } } else { dropPrivilegeForAllRoles(pm, new TSentryPrivilege(tPrivilege)); } rollbackTransaction = false; commitTransaction(pm); } catch (JDODataStoreException e) { throw new SentryInvalidInputException("Failed to get privileges: " + e.getMessage()); } finally { if (rollbackTransaction) { rollbackTransaction(pm); } } }
@Test public void testDropOverlappedPrivileges() throws Exception { String roleName1 = "list-privs-r1"; String grantor = "g1"; sentryStore.createSentryRole(roleName1); TSentryPrivilege privilege_tbl1 = new TSentryPrivilege(); privilege_tbl1.setPrivilegeScope("TABLE"); privilege_tbl1.setServerName("server1"); privilege_tbl1.setDbName("db1"); privilege_tbl1.setTableName("tbl1"); privilege_tbl1.setCreateTime(System.currentTimeMillis()); TSentryPrivilege privilege_tbl1_insert = new TSentryPrivilege( privilege_tbl1); privilege_tbl1_insert.setAction("INSERT"); TSentryPrivilege privilege_tbl1_all = new TSentryPrivilege(privilege_tbl1); privilege_tbl1_all.setAction("*"); sentryStore.alterSentryRoleGrantPrivilege(grantor, roleName1, privilege_tbl1_insert); sentryStore.alterSentryRoleGrantPrivilege(grantor, roleName1, privilege_tbl1_all); sentryStore.dropPrivilege(toTSentryAuthorizable(privilege_tbl1)); assertEquals(0, sentryStore.getAllTSentryPrivilegesByRoleName(roleName1) .size()); }
private TSentryPrivilege createTSentryPrivilege(String scope, String server, String dbName, String tableName, String columnName, String uri, String action, TSentryGrantOption grantOption) { TSentryPrivilege tSentryPrivilege = new TSentryPrivilege(); tSentryPrivilege.setPrivilegeScope(scope); tSentryPrivilege.setServerName(server); tSentryPrivilege.setDbName(dbName); tSentryPrivilege.setTableName(tableName); tSentryPrivilege.setColumnName(columnName); tSentryPrivilege.setURI(uri); tSentryPrivilege.setAction(action); tSentryPrivilege.setGrantOption(grantOption); return tSentryPrivilege; }
priv.setPrivilegeScope("DATABASE"); priv.setServerName(server); priv.setAction(AccessConstants.ALL); priv.setCreateTime(System.currentTimeMillis()); priv.setTableName(table + i); sentryStore.alterSentryRoleGrantPrivilege(grantor, roleName, priv); priv.setAction(AccessConstants.SELECT); priv.setGrantOption(TSentryGrantOption.UNSET); sentryStore.alterSentryRoleRevokePrivilege(grantor, roleName, priv);
privilege.setDbName(db); privilege.setTableName(table); privilege.setAction(AccessConstants.ALL); privilege.setCreateTime(System.currentTimeMillis()); assertEquals(seqId + 1, sentryStore.alterSentryRoleGrantPrivilege(grantor, roleName, privilege) Set<MSentryPrivilege> privileges = role.getPrivileges(); assertEquals(privileges.toString(), 1, privileges.size()); privilege.setAction(AccessConstants.SELECT); assertEquals(seqId + 2, sentryStore.alterSentryRoleRevokePrivilege(grantor, roleName, privilege) .getSequenceId());
privilege_tbl1.setDbName("db1"); privilege_tbl1.setTableName(table1); privilege_tbl1.setAction(AccessConstants.SELECT); privilege_tbl1.setCreateTime(System.currentTimeMillis());
@Test public void testCaseInsensitiveRole() throws Exception { String roleName = "newRole"; String grantor = "g1"; Set<TSentryGroup> groups = Sets.newHashSet(); TSentryGroup group = new TSentryGroup(); group.setGroupName("test-groups-g1"); groups.add(group); TSentryPrivilege privilege = new TSentryPrivilege(); privilege.setPrivilegeScope("TABLE"); privilege.setServerName("server1"); privilege.setDbName("default"); privilege.setTableName("table1"); privilege.setAction(AccessConstants.ALL); privilege.setCreateTime(System.currentTimeMillis()); long seqId = sentryStore.createSentryRole(roleName).getSequenceId(); assertEquals(seqId + 1, sentryStore.alterSentryRoleAddGroups(grantor, roleName, groups).getSequenceId()); assertEquals(seqId + 2, sentryStore.alterSentryRoleDeleteGroups(roleName, groups).getSequenceId()); assertEquals(seqId + 3, sentryStore.alterSentryRoleGrantPrivilege(grantor, roleName, privilege).getSequenceId()); assertEquals(seqId + 4, sentryStore.alterSentryRoleRevokePrivilege(grantor, roleName, privilege).getSequenceId()); } @Test
privilege_tbl1.setDbName("db1"); privilege_tbl1.setTableName(table1); privilege_tbl1.setAction(AccessConstants.SELECT); privilege_tbl1.setCreateTime(System.currentTimeMillis());
@Test public void testGrantDuplicatePrivilege() throws Exception { String roleName = "test-privilege"; String grantor = "g1"; String server = "server1"; String db = "db1"; String table = "tbl1"; long seqId = sentryStore.createSentryRole(roleName).getSequenceId(); TSentryPrivilege privilege = new TSentryPrivilege(); privilege.setPrivilegeScope("TABLE"); privilege.setServerName(server); privilege.setDbName(db); privilege.setTableName(table); privilege.setAction(AccessConstants.ALL); privilege.setCreateTime(System.currentTimeMillis()); assertEquals(seqId + 1, sentryStore.alterSentryRoleGrantPrivilege(grantor, roleName, privilege) .getSequenceId()); assertEquals(seqId + 2, sentryStore.alterSentryRoleGrantPrivilege(grantor, roleName, privilege) .getSequenceId()); privilege.setServerName("Server1"); privilege.setDbName("DB1"); privilege.setTableName("TBL1"); assertEquals(seqId + 3, sentryStore.alterSentryRoleGrantPrivilege(grantor, roleName, privilege) .getSequenceId()); MSentryRole role = sentryStore.getMSentryRoleByName(roleName); Set<MSentryPrivilege> privileges = role.getPrivileges(); assertEquals(privileges.toString(), 1, privileges.size()); }
priv.setPrivilegeScope("TABLE"); priv.setServerName(server); priv.setAction(AccessConstants.ALL); priv.setCreateTime(System.currentTimeMillis()); priv.setTableName(table + i);
private TSentryPrivilege toSentryPrivilege(TSentryAuthorizable tAuthorizable) throws SentryInvalidInputException { TSentryPrivilege tSentryPrivilege = new TSentryPrivilege(); tSentryPrivilege.setDbName(fromNULLCol(tAuthorizable.getDb())); tSentryPrivilege.setServerName(fromNULLCol(tAuthorizable.getServer())); tSentryPrivilege.setTableName(fromNULLCol(tAuthorizable.getTable())); tSentryPrivilege.setColumnName(fromNULLCol(tAuthorizable.getColumn())); tSentryPrivilege.setURI(fromNULLCol(tAuthorizable.getUri())); PrivilegeScope scope; if (!isNULL(tSentryPrivilege.getColumnName())) { scope = PrivilegeScope.COLUMN; } else if (!isNULL(tSentryPrivilege.getTableName())) { scope = PrivilegeScope.TABLE; } else if (!isNULL(tSentryPrivilege.getDbName())) { scope = PrivilegeScope.DATABASE; } else if (!isNULL(tSentryPrivilege.getURI())) { scope = PrivilegeScope.URI; } else { scope = PrivilegeScope.SERVER; } tSentryPrivilege.setPrivilegeScope(scope.name()); tSentryPrivilege.setAction(AccessConstants.ALL); return tSentryPrivilege; }