public static TSentryPrivilege convertToTSentryPrivilege(String privilegeStr) { TSentryPrivilege tSentryPrivilege = new TSentryPrivilege(); for (String authorizable : PolicyConstants.AUTHORIZABLE_SPLITTER.split(privilegeStr)) { KeyValue tempKV = new KeyValue(authorizable); String key = tempKV.getKey(); String value = tempKV.getValue(); if (PolicyFileConstants.PRIVILEGE_SERVER_NAME.equalsIgnoreCase(key)) { tSentryPrivilege.setServerName(value); } else if (PolicyFileConstants.PRIVILEGE_DATABASE_NAME.equalsIgnoreCase(key)) { tSentryPrivilege.setDbName(value); } else if (PolicyFileConstants.PRIVILEGE_TABLE_NAME.equalsIgnoreCase(key)) { tSentryPrivilege.setTableName(value); } else if (PolicyFileConstants.PRIVILEGE_COLUMN_NAME.equalsIgnoreCase(key)) { tSentryPrivilege.setColumnName(value); } else if (PolicyFileConstants.PRIVILEGE_URI_NAME.equalsIgnoreCase(key)) { tSentryPrivilege.setURI(value); } else if (PolicyFileConstants.PRIVILEGE_ACTION_NAME.equalsIgnoreCase(key)) { tSentryPrivilege.setAction(value); } else if (PolicyFileConstants.PRIVILEGE_GRANT_OPTION_NAME.equalsIgnoreCase(key)) { TSentryGrantOption grantOption = "true".equalsIgnoreCase(value) ? TSentryGrantOption.TRUE : TSentryGrantOption.FALSE; tSentryPrivilege.setGrantOption(grantOption); } } tSentryPrivilege.setPrivilegeScope(getPrivilegeScope(tSentryPrivilege)); return tSentryPrivilege; }
public static TSentryPrivilege convertToTSentryPrivilege(String privilegeStr) throws Exception { TSentryPrivilege tSentryPrivilege = new TSentryPrivilege(); for (String authorizable : PolicyConstants.AUTHORIZABLE_SPLITTER.split(privilegeStr)) { KeyValue tempKV = new KeyValue(authorizable); String key = tempKV.getKey(); String value = tempKV.getValue(); if (PolicyFileConstants.PRIVILEGE_SERVER_NAME.equalsIgnoreCase(key)) { tSentryPrivilege.setServerName(value); } else if (PolicyFileConstants.PRIVILEGE_DATABASE_NAME.equalsIgnoreCase(key)) { tSentryPrivilege.setDbName(value); } else if (PolicyFileConstants.PRIVILEGE_TABLE_NAME.equalsIgnoreCase(key)) { tSentryPrivilege.setTableName(value); } else if (PolicyFileConstants.PRIVILEGE_COLUMN_NAME.equalsIgnoreCase(key)) { tSentryPrivilege.setColumnName(value); } else if (PolicyFileConstants.PRIVILEGE_URI_NAME.equalsIgnoreCase(key)) { tSentryPrivilege.setURI(value); } else if (PolicyFileConstants.PRIVILEGE_ACTION_NAME.equalsIgnoreCase(key)) { tSentryPrivilege.setAction(value); } else if (PolicyFileConstants.PRIVILEGE_GRANT_OPTION_NAME.equalsIgnoreCase(key)) { TSentryGrantOption grantOption = "true".equalsIgnoreCase(value) ? TSentryGrantOption.TRUE : TSentryGrantOption.FALSE; tSentryPrivilege.setGrantOption(grantOption); } } tSentryPrivilege.setPrivilegeScope(getPrivilegeScope(tSentryPrivilege)); validatePrivilegeHierarchy(tSentryPrivilege); return tSentryPrivilege; }
private Set<TSentryPrivilege> convertColumnPrivilege( PrivilegeScope scope, String serverName, String uri, String db, String table, String column, String action, Boolean grantOption) { ImmutableSet.Builder<TSentryPrivilege> setBuilder = ImmutableSet.builder(); TSentryPrivilege privilege = new TSentryPrivilege(); privilege.setPrivilegeScope(scope.toString()); privilege.setServerName(serverName); privilege.setURI(uri); privilege.setDbName(db); privilege.setTableName(table); privilege.setColumnName(column); privilege.setAction(action); privilege.setCreateTime(System.currentTimeMillis()); privilege.setGrantOption(convertTSentryGrantOption(grantOption)); setBuilder.add(privilege); return setBuilder.build(); }
privilege.setAction(action); privilege.setCreateTime(System.currentTimeMillis()); privilege.setGrantOption(convertTSentryGrantOption(grantOption)); setBuilder.add(privilege); } else { privilege.setAction(action); privilege.setCreateTime(System.currentTimeMillis()); privilege.setGrantOption(convertTSentryGrantOption(grantOption)); setBuilder.add(privilege);
private void convertToTSentryPrivilege(MSentryPrivilege mSentryPrivilege, TSentryPrivilege privilege) { privilege.setCreateTime(mSentryPrivilege.getCreateTime()); privilege.setAction(fromNULLCol(mSentryPrivilege.getAction())); privilege.setPrivilegeScope(mSentryPrivilege.getPrivilegeScope()); privilege.setServerName(fromNULLCol(mSentryPrivilege.getServerName())); privilege.setDbName(fromNULLCol(mSentryPrivilege.getDbName())); privilege.setTableName(fromNULLCol(mSentryPrivilege.getTableName())); privilege.setColumnName(fromNULLCol(mSentryPrivilege.getColumnName())); privilege.setURI(fromNULLCol(mSentryPrivilege.getURI())); if (mSentryPrivilege.getGrantOption() != null) { privilege.setGrantOption(TSentryGrantOption.valueOf(mSentryPrivilege.getGrantOption().toString().toUpperCase())); } else { privilege.setGrantOption(TSentryGrantOption.UNSET); } }
privilege.setAction(AccessConstants.SELECT); privilege.setCreateTime(System.currentTimeMillis()); privilege.setGrantOption(TSentryGrantOption.TRUE); sentryStore.alterSentryRoleGrantPrivilege(grantor, roleName, privilege); privilege.setGrantOption(TSentryGrantOption.FALSE); sentryStore.alterSentryRoleGrantPrivilege(grantor, roleName, privilege); privilege.setGrantOption(TSentryGrantOption.UNSET); sentryStore.alterSentryRoleRevokePrivilege(grantor, roleName, privilege); MSentryRole role = sentryStore.getMSentryRoleByName(roleName);
@Test public void testCreateCmdForGrantOrRevokePrivilege8() { TAlterSentryRoleGrantPrivilegeRequest grantRequest = getGrantPrivilegeRequest(); TAlterSentryRoleRevokePrivilegeRequest revokeRequest = getRevokePrivilegeRequest(); TSentryPrivilege privilege = getPrivilege(AccessConstants.SELECT, PrivilegeScope.SERVER.name(), "dbTest", "tableTest", "serverTest", "hdfs://namenode:port/path/to/dir"); privilege.setGrantOption(TSentryGrantOption.TRUE); Set<TSentryPrivilege> privileges = Sets.newHashSet(); privileges.add(privilege); grantRequest.setPrivileges(privileges); revokeRequest.setPrivileges(privileges); String createGrantPrivilegeCmdResult = CommandUtil.createCmdForGrantPrivilege(grantRequest); String createGrantPrivilegeCmdExcepted = "GRANT SELECT ON SERVER serverTest TO ROLE testRole WITH GRANT OPTION"; String createRevokePrivilegeCmdResult = CommandUtil.createCmdForRevokePrivilege(revokeRequest); String createRevokePrivilegeCmdExcepted = "REVOKE SELECT ON SERVER serverTest FROM ROLE testRole WITH GRANT OPTION"; assertEquals(createGrantPrivilegeCmdExcepted, createGrantPrivilegeCmdResult); assertEquals(createRevokePrivilegeCmdExcepted, createRevokePrivilegeCmdResult); }
private TSentryPrivilege createTSentryPrivilege(String scope, String server, String dbName, String tableName, String columnName, String uri, String action, TSentryGrantOption grantOption) { TSentryPrivilege tSentryPrivilege = new TSentryPrivilege(); tSentryPrivilege.setPrivilegeScope(scope); tSentryPrivilege.setServerName(server); tSentryPrivilege.setDbName(dbName); tSentryPrivilege.setTableName(tableName); tSentryPrivilege.setColumnName(columnName); tSentryPrivilege.setURI(uri); tSentryPrivilege.setAction(action); tSentryPrivilege.setGrantOption(grantOption); return tSentryPrivilege; }
priv.setTableName(table + i); priv.setDbName(dBase); priv.setGrantOption(TSentryGrantOption.TRUE); sentryStore.alterSentryRoleGrantPrivilege(grantor, roleName, priv); priv.setGrantOption(TSentryGrantOption.UNSET); sentryStore.alterSentryRoleRevokePrivilege(grantor, roleName, priv);
privilege.setAction(AccessConstants.ALL); privilege.setCreateTime(System.currentTimeMillis()); privilege.setGrantOption(grantOption); assertEquals(seqId + 1, sentryStore.alterSentryRoleGrantPrivilege(grantor, roleName, privilege) .getSequenceId()); privilege.setDbName(db); privilege.setAction(AccessConstants.ALL); privilege.setGrantOption(TSentryGrantOption.TRUE); privilege.setCreateTime(System.currentTimeMillis()); privilege.setGrantOption(grantOption); sentryStore.alterSentryRoleGrantPrivilege(grantor, roleName, privilege); role = sentryStore.getMSentryRoleByName(roleName); privilege.setGrantOption(TSentryGrantOption.UNSET); sentryStore.alterSentryRoleRevokePrivilege(grantor, roleName, privilege);
privilege1.setAction(AccessConstants.SELECT); privilege1.setCreateTime(System.currentTimeMillis()); privilege1.setGrantOption(TSentryGrantOption.TRUE); sentryStore.alterSentryRoleGrantPrivilege(grantor, roleName, privilege1); MSentryRole role = sentryStore.getMSentryRoleByName(roleName); privilege2.setAction(AccessConstants.SELECT); privilege2.setCreateTime(System.currentTimeMillis()); privilege2.setGrantOption(TSentryGrantOption.TRUE); sentryStore.alterSentryRoleGrantPrivilege(grantor, roleName, privilege2);
privilege1.setAction(AccessConstants.ALL); privilege1.setCreateTime(System.currentTimeMillis()); privilege1.setGrantOption(TSentryGrantOption.TRUE); sentryStore.alterSentryRoleGrantPrivilege(grantor, roleName, privilege1); MSentryRole role = sentryStore.getMSentryRoleByName(roleName); privilege2.setAction(AccessConstants.SELECT); privilege2.setCreateTime(System.currentTimeMillis()); privilege2.setGrantOption(TSentryGrantOption.TRUE); sentryStore.alterSentryRoleGrantPrivilege(grantor, roleName, privilege2); privilege3.setAction(AccessConstants.ALL); privilege3.setCreateTime(System.currentTimeMillis()); privilege3.setGrantOption(TSentryGrantOption.FALSE); sentryStore.alterSentryRoleGrantPrivilege(grantor, roleName, privilege3); privilege4.setAction(AccessConstants.INSERT); privilege4.setCreateTime(System.currentTimeMillis()); privilege4.setGrantOption(TSentryGrantOption.FALSE); boolean isGrantOptionException = false; try { privilege5.setAction(AccessConstants.INSERT); privilege5.setCreateTime(System.currentTimeMillis()); privilege5.setGrantOption(TSentryGrantOption.FALSE); isGrantOptionException = false; try {
privilege1.setAction(AccessConstants.SELECT); privilege1.setCreateTime(System.currentTimeMillis()); privilege1.setGrantOption(TSentryGrantOption.TRUE); sentryStore.alterSentryRoleGrantPrivilege(grantor, roleName, privilege1); MSentryRole role = sentryStore.getMSentryRoleByName(roleName); privilege2.setAction(AccessConstants.ALL); privilege2.setCreateTime(System.currentTimeMillis()); privilege2.setGrantOption(TSentryGrantOption.FALSE); sentryStore.alterSentryRoleGrantPrivilege(grantor, roleName, privilege2); privilege3.setAction(AccessConstants.SELECT); privilege3.setCreateTime(System.currentTimeMillis()); privilege3.setGrantOption(TSentryGrantOption.FALSE); sentryStore.alterSentryRoleGrantPrivilege(grantor, roleName, privilege3);
unsetGrantOption(); } else { setGrantOption((TSentryGrantOption)value);