sentry-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From co...@apache.org
Subject incubator-sentry git commit: SENTRY-1104: Add method in Privilege model to create privilege validators(Colin Ma, Reviewed by Dapeng Sun)
Date Mon, 29 Feb 2016 08:11:25 GMT
Repository: incubator-sentry
Updated Branches:
  refs/heads/SENTRY-999 b894ec623 -> 51e7da951


SENTRY-1104: Add method in Privilege model to create privilege validators(Colin Ma, Reviewed
by Dapeng Sun)


Project: http://git-wip-us.apache.org/repos/asf/incubator-sentry/repo
Commit: http://git-wip-us.apache.org/repos/asf/incubator-sentry/commit/51e7da95
Tree: http://git-wip-us.apache.org/repos/asf/incubator-sentry/tree/51e7da95
Diff: http://git-wip-us.apache.org/repos/asf/incubator-sentry/diff/51e7da95

Branch: refs/heads/SENTRY-999
Commit: 51e7da951bfe2054ac297771db6a225fbdde0cf3
Parents: b894ec6
Author: Colin Ma <colin@apache.org>
Authored: Mon Feb 29 17:11:12 2016 +0800
Committer: Colin Ma <colin@apache.org>
Committed: Mon Feb 29 17:11:12 2016 +0800

----------------------------------------------------------------------
 .../sentry/core/model/db/HivePrivilegeModel.java      | 13 ++++++++++++-
 .../core/model/indexer/IndexerPrivilegeModel.java     |  8 +++++++-
 .../core/model/search/SearchPrivilegeModel.java       |  8 +++++++-
 .../sentry/core/model/sqoop/SqoopPrivilegeModel.java  |  9 ++++++++-
 .../apache/sentry/policy/db/SimpleDBPolicyEngine.java | 14 ++------------
 .../policy/indexer/SimpleIndexerPolicyEngine.java     | 10 ++--------
 .../policy/search/SimpleSearchPolicyEngine.java       | 10 ++--------
 .../sentry/policy/sqoop/SimpleSqoopPolicyEngine.java  |  6 ++----
 .../generic/tools/SolrTSentryPrivilegeConvertor.java  |  4 ++--
 9 files changed, 44 insertions(+), 38 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/51e7da95/sentry-core/sentry-core-model-db/src/main/java/org/apache/sentry/core/model/db/HivePrivilegeModel.java
----------------------------------------------------------------------
diff --git a/sentry-core/sentry-core-model-db/src/main/java/org/apache/sentry/core/model/db/HivePrivilegeModel.java
b/sentry-core/sentry-core-model-db/src/main/java/org/apache/sentry/core/model/db/HivePrivilegeModel.java
index f2cc77f..231acca 100644
--- a/sentry-core/sentry-core-model-db/src/main/java/org/apache/sentry/core/model/db/HivePrivilegeModel.java
+++ b/sentry-core/sentry-core-model-db/src/main/java/org/apache/sentry/core/model/db/HivePrivilegeModel.java
@@ -16,9 +16,15 @@
  */
 package org.apache.sentry.core.model.db;
 
+import com.google.common.collect.ImmutableList;
 import org.apache.sentry.core.common.BitFieldActionFactory;
 import org.apache.sentry.core.common.ImplyMethodType;
 import org.apache.sentry.core.common.Model;
+import org.apache.sentry.core.common.validator.PrivilegeValidator;
+import org.apache.sentry.core.model.db.validator.DatabaseMustMatch;
+import org.apache.sentry.core.model.db.validator.DatabaseRequiredInPrivilege;
+import org.apache.sentry.core.model.db.validator.ServerNameMustMatch;
+import org.apache.sentry.core.model.db.validator.ServersAllIsInvalid;
 
 import java.util.HashMap;
 import java.util.Map;
@@ -51,7 +57,12 @@ public class HivePrivilegeModel implements Model {
     return bitFieldActionFactory;
   }
 
-  public static Model getInstance() {
+  public static HivePrivilegeModel getInstance() {
     return hivePrivilegeModel;
   }
+
+  public ImmutableList<PrivilegeValidator> getPrivilegeValidators(String serverName)
{
+    return ImmutableList.<PrivilegeValidator>of(new ServersAllIsInvalid(), new DatabaseMustMatch(),
+            new DatabaseRequiredInPrivilege(), new ServerNameMustMatch(serverName));
+  }
 }
\ No newline at end of file

http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/51e7da95/sentry-core/sentry-core-model-indexer/src/main/java/org/apache/sentry/core/model/indexer/IndexerPrivilegeModel.java
----------------------------------------------------------------------
diff --git a/sentry-core/sentry-core-model-indexer/src/main/java/org/apache/sentry/core/model/indexer/IndexerPrivilegeModel.java
b/sentry-core/sentry-core-model-indexer/src/main/java/org/apache/sentry/core/model/indexer/IndexerPrivilegeModel.java
index be15dec..6951513 100644
--- a/sentry-core/sentry-core-model-indexer/src/main/java/org/apache/sentry/core/model/indexer/IndexerPrivilegeModel.java
+++ b/sentry-core/sentry-core-model-indexer/src/main/java/org/apache/sentry/core/model/indexer/IndexerPrivilegeModel.java
@@ -16,9 +16,12 @@
  */
 package org.apache.sentry.core.model.indexer;
 
+import com.google.common.collect.ImmutableList;
 import org.apache.sentry.core.common.BitFieldActionFactory;
 import org.apache.sentry.core.common.ImplyMethodType;
 import org.apache.sentry.core.common.Model;
+import org.apache.sentry.core.common.validator.PrivilegeValidator;
+import org.apache.sentry.core.model.indexer.validator.IndexerRequiredInPrivilege;
 
 import java.util.HashMap;
 import java.util.Map;
@@ -46,8 +49,11 @@ public class IndexerPrivilegeModel implements Model {
     return bitFieldActionFactory;
   }
 
-  public static Model getInstance() {
+  public static IndexerPrivilegeModel getInstance() {
     return indexerPrivilegeModel;
   }
 
+  public ImmutableList<PrivilegeValidator> getPrivilegeValidators() {
+    return ImmutableList.<PrivilegeValidator>of(new IndexerRequiredInPrivilege());
+  }
 }
\ No newline at end of file

http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/51e7da95/sentry-core/sentry-core-model-search/src/main/java/org/apache/sentry/core/model/search/SearchPrivilegeModel.java
----------------------------------------------------------------------
diff --git a/sentry-core/sentry-core-model-search/src/main/java/org/apache/sentry/core/model/search/SearchPrivilegeModel.java
b/sentry-core/sentry-core-model-search/src/main/java/org/apache/sentry/core/model/search/SearchPrivilegeModel.java
index 8231f12..9429a25 100644
--- a/sentry-core/sentry-core-model-search/src/main/java/org/apache/sentry/core/model/search/SearchPrivilegeModel.java
+++ b/sentry-core/sentry-core-model-search/src/main/java/org/apache/sentry/core/model/search/SearchPrivilegeModel.java
@@ -16,9 +16,12 @@
  */
 package org.apache.sentry.core.model.search;
 
+import com.google.common.collect.ImmutableList;
 import org.apache.sentry.core.common.BitFieldActionFactory;
 import org.apache.sentry.core.common.ImplyMethodType;
 import org.apache.sentry.core.common.Model;
+import org.apache.sentry.core.common.validator.PrivilegeValidator;
+import org.apache.sentry.core.model.search.validator.CollectionRequiredInPrivilege;
 
 import java.util.HashMap;
 import java.util.Map;
@@ -47,8 +50,11 @@ public class SearchPrivilegeModel implements Model {
     return bitFieldActionFactory;
   }
 
-  public static Model getInstance() {
+  public static SearchPrivilegeModel getInstance() {
     return searchPrivilegeModel;
   }
 
+  public ImmutableList<PrivilegeValidator> getPrivilegeValidators() {
+    return ImmutableList.<PrivilegeValidator>of(new CollectionRequiredInPrivilege());
+  }
 }
\ No newline at end of file

http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/51e7da95/sentry-core/sentry-core-model-sqoop/src/main/java/org/apache/sentry/core/model/sqoop/SqoopPrivilegeModel.java
----------------------------------------------------------------------
diff --git a/sentry-core/sentry-core-model-sqoop/src/main/java/org/apache/sentry/core/model/sqoop/SqoopPrivilegeModel.java
b/sentry-core/sentry-core-model-sqoop/src/main/java/org/apache/sentry/core/model/sqoop/SqoopPrivilegeModel.java
index 8c4307c..4bd8f94 100644
--- a/sentry-core/sentry-core-model-sqoop/src/main/java/org/apache/sentry/core/model/sqoop/SqoopPrivilegeModel.java
+++ b/sentry-core/sentry-core-model-sqoop/src/main/java/org/apache/sentry/core/model/sqoop/SqoopPrivilegeModel.java
@@ -16,9 +16,12 @@
  */
 package org.apache.sentry.core.model.sqoop;
 
+import com.google.common.collect.ImmutableList;
 import org.apache.sentry.core.common.BitFieldActionFactory;
 import org.apache.sentry.core.common.ImplyMethodType;
 import org.apache.sentry.core.common.Model;
+import org.apache.sentry.core.common.validator.PrivilegeValidator;
+import org.apache.sentry.core.model.sqoop.validator.ServerNameRequiredMatch;
 
 import java.util.HashMap;
 import java.util.Map;
@@ -49,8 +52,12 @@ public class SqoopPrivilegeModel implements Model {
     return bitFieldActionFactory;
   }
 
-  public static Model getInstance() {
+  public static SqoopPrivilegeModel getInstance() {
     return sqoopPrivilegeModel;
   }
 
+  public ImmutableList<PrivilegeValidator> getPrivilegeValidators(String sqoopServerName)
{
+    return ImmutableList.<PrivilegeValidator>of(new ServerNameRequiredMatch(sqoopServerName));
+  }
+
 }
\ No newline at end of file

http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/51e7da95/sentry-policy/sentry-policy-db/src/main/java/org/apache/sentry/policy/db/SimpleDBPolicyEngine.java
----------------------------------------------------------------------
diff --git a/sentry-policy/sentry-policy-db/src/main/java/org/apache/sentry/policy/db/SimpleDBPolicyEngine.java
b/sentry-policy/sentry-policy-db/src/main/java/org/apache/sentry/policy/db/SimpleDBPolicyEngine.java
index 7cbeb21..ff483c1 100644
--- a/sentry-policy/sentry-policy-db/src/main/java/org/apache/sentry/policy/db/SimpleDBPolicyEngine.java
+++ b/sentry-policy/sentry-policy-db/src/main/java/org/apache/sentry/policy/db/SimpleDBPolicyEngine.java
@@ -21,19 +21,14 @@ import java.util.Set;
 import org.apache.sentry.core.common.ActiveRoleSet;
 import org.apache.sentry.core.common.Authorizable;
 import org.apache.sentry.core.common.SentryConfigurationException;
-import org.apache.sentry.core.model.db.validator.DatabaseMustMatch;
-import org.apache.sentry.core.model.db.validator.DatabaseRequiredInPrivilege;
-import org.apache.sentry.core.model.db.validator.ServerNameMustMatch;
-import org.apache.sentry.core.model.db.validator.ServersAllIsInvalid;
+import org.apache.sentry.core.model.db.HivePrivilegeModel;
 import org.apache.sentry.policy.common.PrivilegeFactory;
 import org.apache.sentry.policy.common.PolicyEngine;
-import org.apache.sentry.core.common.validator.PrivilegeValidator;
 import org.apache.sentry.provider.common.ProviderBackend;
 import org.apache.sentry.provider.common.ProviderBackendContext;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 
-import com.google.common.collect.ImmutableList;
 import com.google.common.collect.ImmutableSet;
 
 public class SimpleDBPolicyEngine implements PolicyEngine {
@@ -49,7 +44,7 @@ public class SimpleDBPolicyEngine implements PolicyEngine {
     this.providerBackend = providerBackend;
     ProviderBackendContext context = new ProviderBackendContext();
     context.setAllowPerDatabase(true);
-    context.setValidators(createPrivilegeValidators(serverName));
+    context.setValidators(HivePrivilegeModel.getInstance().getPrivilegeValidators(serverName));
     this.providerBackend.initialize(context);
   }
 
@@ -96,9 +91,4 @@ public class SimpleDBPolicyEngine implements PolicyEngine {
       providerBackend.close();
     }
   }
-
-  public static ImmutableList<PrivilegeValidator> createPrivilegeValidators(String
serverName) {
-    return ImmutableList.<PrivilegeValidator>of(new ServersAllIsInvalid(), new DatabaseMustMatch(),
-        new DatabaseRequiredInPrivilege(), new ServerNameMustMatch(serverName));
-  }
 }

http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/51e7da95/sentry-policy/sentry-policy-indexer/src/main/java/org/apache/sentry/policy/indexer/SimpleIndexerPolicyEngine.java
----------------------------------------------------------------------
diff --git a/sentry-policy/sentry-policy-indexer/src/main/java/org/apache/sentry/policy/indexer/SimpleIndexerPolicyEngine.java
b/sentry-policy/sentry-policy-indexer/src/main/java/org/apache/sentry/policy/indexer/SimpleIndexerPolicyEngine.java
index 20985eb..514b88a 100644
--- a/sentry-policy/sentry-policy-indexer/src/main/java/org/apache/sentry/policy/indexer/SimpleIndexerPolicyEngine.java
+++ b/sentry-policy/sentry-policy-indexer/src/main/java/org/apache/sentry/policy/indexer/SimpleIndexerPolicyEngine.java
@@ -21,16 +21,14 @@ import java.util.Set;
 import org.apache.sentry.core.common.ActiveRoleSet;
 import org.apache.sentry.core.common.Authorizable;
 import org.apache.sentry.core.common.SentryConfigurationException;
-import org.apache.sentry.core.model.indexer.validator.IndexerRequiredInPrivilege;
+import org.apache.sentry.core.model.indexer.IndexerPrivilegeModel;
 import org.apache.sentry.policy.common.PrivilegeFactory;
 import org.apache.sentry.policy.common.PolicyEngine;
-import org.apache.sentry.core.common.validator.PrivilegeValidator;
 import org.apache.sentry.provider.common.ProviderBackend;
 import org.apache.sentry.provider.common.ProviderBackendContext;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 
-import com.google.common.collect.ImmutableList;
 import com.google.common.collect.ImmutableSet;
 
 /**
@@ -47,7 +45,7 @@ public class SimpleIndexerPolicyEngine implements PolicyEngine {
     this.providerBackend = providerBackend;
     ProviderBackendContext context = new ProviderBackendContext();
     context.setAllowPerDatabase(false);
-    context.setValidators(createPrivilegeValidators());
+    context.setValidators(IndexerPrivilegeModel.getInstance().getPrivilegeValidators());
     this.providerBackend.initialize(context);
   }
 
@@ -89,10 +87,6 @@ public class SimpleIndexerPolicyEngine implements PolicyEngine {
     throw new SentryConfigurationException("Not implemented yet");
   }
 
-  public static ImmutableList<PrivilegeValidator> createPrivilegeValidators() {
-    return ImmutableList.<PrivilegeValidator>of(new IndexerRequiredInPrivilege());
-  }
-
   @Override
   public void close() {
     if (providerBackend != null) {

http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/51e7da95/sentry-policy/sentry-policy-search/src/main/java/org/apache/sentry/policy/search/SimpleSearchPolicyEngine.java
----------------------------------------------------------------------
diff --git a/sentry-policy/sentry-policy-search/src/main/java/org/apache/sentry/policy/search/SimpleSearchPolicyEngine.java
b/sentry-policy/sentry-policy-search/src/main/java/org/apache/sentry/policy/search/SimpleSearchPolicyEngine.java
index 352e4aa..11db0e6 100644
--- a/sentry-policy/sentry-policy-search/src/main/java/org/apache/sentry/policy/search/SimpleSearchPolicyEngine.java
+++ b/sentry-policy/sentry-policy-search/src/main/java/org/apache/sentry/policy/search/SimpleSearchPolicyEngine.java
@@ -21,16 +21,14 @@ import java.util.Set;
 import org.apache.sentry.core.common.ActiveRoleSet;
 import org.apache.sentry.core.common.Authorizable;
 import org.apache.sentry.core.common.SentryConfigurationException;
-import org.apache.sentry.core.model.search.validator.CollectionRequiredInPrivilege;
+import org.apache.sentry.core.model.search.SearchPrivilegeModel;
 import org.apache.sentry.policy.common.PrivilegeFactory;
 import org.apache.sentry.policy.common.PolicyEngine;
-import org.apache.sentry.core.common.validator.PrivilegeValidator;
 import org.apache.sentry.provider.common.ProviderBackend;
 import org.apache.sentry.provider.common.ProviderBackendContext;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 
-import com.google.common.collect.ImmutableList;
 import com.google.common.collect.ImmutableSet;
 
 /**
@@ -47,7 +45,7 @@ public class SimpleSearchPolicyEngine implements PolicyEngine {
     this.providerBackend = providerBackend;
     ProviderBackendContext context = new ProviderBackendContext();
     context.setAllowPerDatabase(false);
-    context.setValidators(createPrivilegeValidators());
+    context.setValidators(SearchPrivilegeModel.getInstance().getPrivilegeValidators());
     this.providerBackend.initialize(context);
   }
 
@@ -89,10 +87,6 @@ public class SimpleSearchPolicyEngine implements PolicyEngine {
     providerBackend.validatePolicy(strictValidation);
   }
 
-  public static ImmutableList<PrivilegeValidator> createPrivilegeValidators() {
-    return ImmutableList.<PrivilegeValidator>of(new CollectionRequiredInPrivilege());
-  }
-
   @Override
   public void close() {
     if (providerBackend != null) {

http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/51e7da95/sentry-policy/sentry-policy-sqoop/src/main/java/org/apache/sentry/policy/sqoop/SimpleSqoopPolicyEngine.java
----------------------------------------------------------------------
diff --git a/sentry-policy/sentry-policy-sqoop/src/main/java/org/apache/sentry/policy/sqoop/SimpleSqoopPolicyEngine.java
b/sentry-policy/sentry-policy-sqoop/src/main/java/org/apache/sentry/policy/sqoop/SimpleSqoopPolicyEngine.java
index 4a0012b..603295c 100644
--- a/sentry-policy/sentry-policy-sqoop/src/main/java/org/apache/sentry/policy/sqoop/SimpleSqoopPolicyEngine.java
+++ b/sentry-policy/sentry-policy-sqoop/src/main/java/org/apache/sentry/policy/sqoop/SimpleSqoopPolicyEngine.java
@@ -21,16 +21,14 @@ import java.util.Set;
 import org.apache.sentry.core.common.ActiveRoleSet;
 import org.apache.sentry.core.common.Authorizable;
 import org.apache.sentry.core.common.SentryConfigurationException;
-import org.apache.sentry.core.model.sqoop.validator.ServerNameRequiredMatch;
+import org.apache.sentry.core.model.sqoop.SqoopPrivilegeModel;
 import org.apache.sentry.policy.common.PolicyEngine;
 import org.apache.sentry.policy.common.PrivilegeFactory;
-import org.apache.sentry.core.common.validator.PrivilegeValidator;
 import org.apache.sentry.provider.common.ProviderBackend;
 import org.apache.sentry.provider.common.ProviderBackendContext;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 
-import com.google.common.collect.ImmutableList;
 import com.google.common.collect.ImmutableSet;
 
 public class SimpleSqoopPolicyEngine implements PolicyEngine {
@@ -41,7 +39,7 @@ public class SimpleSqoopPolicyEngine implements PolicyEngine {
     this.providerBackend = providerBackend;
     ProviderBackendContext context = new ProviderBackendContext();
     context.setAllowPerDatabase(false);
-    context.setValidators(ImmutableList.<PrivilegeValidator>of(new ServerNameRequiredMatch(sqoopServerName)));
+    context.setValidators(SqoopPrivilegeModel.getInstance().getPrivilegeValidators(sqoopServerName));
     this.providerBackend.initialize(context);
   }
   @Override

http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/51e7da95/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/generic/tools/SolrTSentryPrivilegeConvertor.java
----------------------------------------------------------------------
diff --git a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/generic/tools/SolrTSentryPrivilegeConvertor.java
b/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/generic/tools/SolrTSentryPrivilegeConvertor.java
index 75a6986..1c7dce6 100644
--- a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/generic/tools/SolrTSentryPrivilegeConvertor.java
+++ b/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/generic/tools/SolrTSentryPrivilegeConvertor.java
@@ -26,7 +26,7 @@ import org.apache.sentry.core.model.search.SearchModelAuthorizable;
 import org.apache.sentry.core.common.validator.PrivilegeValidator;
 import org.apache.sentry.core.common.validator.PrivilegeValidatorContext;
 import org.apache.sentry.core.model.search.SearchModelAuthorizables;
-import org.apache.sentry.policy.search.SimpleSearchPolicyEngine;
+import org.apache.sentry.core.model.search.SearchPrivilegeModel;
 import org.apache.sentry.core.common.utils.KeyValue;
 import org.apache.sentry.provider.common.PolicyFileConstants;
 import org.apache.sentry.provider.db.generic.service.thrift.TAuthorizable;
@@ -115,7 +115,7 @@ public  class SolrTSentryPrivilegeConvertor implements TSentryPrivilegeConvertor
   }
 
   private static void validatePrivilegeHierarchy(String privilegeStr) throws Exception {
-    List<PrivilegeValidator> validators = SimpleSearchPolicyEngine.createPrivilegeValidators();
+    List<PrivilegeValidator> validators = SearchPrivilegeModel.getInstance().getPrivilegeValidators();
     PrivilegeValidatorContext context = new PrivilegeValidatorContext(null, privilegeStr);
     for (PrivilegeValidator validator : validators) {
       try {


Mime
View raw message