@Override public Privilege apply(String privilege) { return privilegeFactory.createPrivilege(privilege); } });
public ResourceAuthorizationProvider(PolicyEngine policy, GroupMappingService groupService) { this.policy = policy; this.groupService = groupService; this.privilegeFactory = policy.getPrivilegeFactory(); }
@Override public void validateResource(boolean strictValidation) throws SentryConfigurationException { policy.validatePolicy(strictValidation); }
private boolean impliesKeyValue(KeyValue policyPart, KeyValue requestPart) { Preconditions.checkState(policyPart.getKey().equalsIgnoreCase(requestPart.getKey()), "Please report, this method should not be called with two different keys"); if(policyPart.getValue().equals(IndexerConstants.ALL) || policyPart.equals(requestPart)) { return true; } else if (!PolicyConstants.PRIVILEGE_NAME.equalsIgnoreCase(policyPart.getKey()) && IndexerConstants.ALL.equalsIgnoreCase(requestPart.getValue())) { /* privilege request is to match with any object of given type */ return true; } return false; }
/** * Gets a {@link Authorizable} from the given key and value * * @param key the {@link AuthorizableType type} of the authorizable * @param value the {@link Authorizable name} of the authorizable * @return the created {@link Authorizable} with the given name if {@link AuthorizableType} given was valid * @throws NoSuchElementException if the given {@link AuthorizableType} was not valid */ public static Authorizable from(String key, String value) { return from(new KeyValue(key, value)); }
private static void validatePrivilegeHierarchy(String privilegeStr) throws Exception { List<PrivilegeValidator> validators = SimpleSearchPolicyEngine.createPrivilegeValidators(); PrivilegeValidatorContext context = new PrivilegeValidatorContext(null, privilegeStr); for (PrivilegeValidator validator : validators) { try { validator.validate(context); } catch (ConfigurationException e) { throw new IllegalArgumentException(e); } } } }
@Override public Set<String> listPrivilegesForGroup(String groupName) throws SentryConfigurationException { return policy.getPrivileges(Sets.newHashSet(groupName), ActiveRoleSet.ALL); }
@Override public Privilege createPrivilege(String privilege) { return new CommonPrivilege(privilege); } }
@Override public void close() { if (policy != null) { policy.close(); } }
/** * Check if the action part in a privilege is ALL. Owner privilege is * treated as ALL for authorization * @param actionPart it must be the action of a privilege * @return true if the action is ALL; false otherwise */ private boolean isPrivilegeActionAll(KeyValue actionPart, BitFieldActionFactory bitFieldActionFactory) { return impliesAction(actionPart.getValue(), SentryConstants.PRIVILEGE_WILDCARD_VALUE, bitFieldActionFactory); }
/** * Gets a {@link Authorizable} from the given {@link KeyValue} * * @param keyValue {@link KeyValue} containing the {@link AuthorizableType} and name of the {@link Authorizable} * to be crearted * @return the created {@link Authorizable} with the given name if {@link AuthorizableType} given was valid * @throws NoSuchElementException if the given {@link AuthorizableType} was not valid */ static Authorizable from(String keyValue) { return from(new KeyValue(keyValue)); }
@Override public Set<String> listPrivilegesForSubject(Subject subject) throws SentryConfigurationException { return policy.getPrivileges(getGroups(subject), ActiveRoleSet.ALL); }
public static SqoopAuthorizable from(String keyValue) { return from(new KeyValue(keyValue)); }
private Iterable<Privilege> getPrivileges(Set<String> groups, ActiveRoleSet roleSet, Authorizable[] authorizables) { return Iterables.transform(appendDefaultDBPriv(policy.getPrivileges(groups, roleSet, authorizables), authorizables), new Function<String, Privilege>() { @Override public Privilege apply(String privilege) { return privilegeFactory.createPrivilege(privilege); } }); }
public static KafkaAuthorizable from(String keyValue) throws ConfigurationException { return from(new KeyValue(keyValue)); }
public static IndexerModelAuthorizable from(String s) { return from(new KeyValue(s)); }
public static SearchModelAuthorizable from(String s) { return from(new KeyValue(s)); }
public static DBModelAuthorizable from(String s) { return from(new KeyValue(s)); }