sentry-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From ak...@apache.org
Subject [11/13] sentry git commit: Added some privilege commands
Date Thu, 11 May 2017 06:45:16 GMT
Added some privilege commands


Project: http://git-wip-us.apache.org/repos/asf/sentry/repo
Commit: http://git-wip-us.apache.org/repos/asf/sentry/commit/e06b4f87
Tree: http://git-wip-us.apache.org/repos/asf/sentry/tree/e06b4f87
Diff: http://git-wip-us.apache.org/repos/asf/sentry/diff/e06b4f87

Branch: refs/heads/akolb-ha-cli
Commit: e06b4f878d6fae1c271bbd3eb2bd89792bf1664f
Parents: 2fb045c
Author: Alexander Kolbasov <akolb@cloudera.com>
Authored: Tue Dec 13 16:26:08 2016 -0800
Committer: Alexander Kolbasov <akolb@cloudera.com>
Committed: Wed May 10 23:28:29 2017 -0700

----------------------------------------------------------------------
 pom.xml                                         |  1 +
 .../service/thrift/SentryServiceUtil.java       |  2 +-
 .../org/apache/sentry/shell/PrivsShell.java     | 51 ++++++++++++++++
 .../java/org/apache/sentry/shell/ShellUtil.java | 64 +++++++++++++++++++-
 .../org/apache/sentry/shell/TopLevelShell.java  | 10 ++-
 5 files changed, 122 insertions(+), 6 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/sentry/blob/e06b4f87/pom.xml
----------------------------------------------------------------------
diff --git a/pom.xml b/pom.xml
index ad54cfd..07e3e8b 100644
--- a/pom.xml
+++ b/pom.xml
@@ -624,6 +624,7 @@ limitations under the License.
     <module>sentry-hdfs</module>
     <module>sentry-solr</module>
     <module>sentry-dist</module>
+    <module>sentry-tools</module>
   </modules>
 
   <build>

http://git-wip-us.apache.org/repos/asf/sentry/blob/e06b4f87/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/service/thrift/SentryServiceUtil.java
----------------------------------------------------------------------
diff --git a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/service/thrift/SentryServiceUtil.java
b/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/service/thrift/SentryServiceUtil.java
index 4019e61..0379f44 100644
--- a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/service/thrift/SentryServiceUtil.java
+++ b/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/service/thrift/SentryServiceUtil.java
@@ -41,7 +41,7 @@ public final class SentryServiceUtil {
   // parse the privilege in String and get the TSentryPrivilege as result
   public static TSentryPrivilege convertToTSentryPrivilege(String privilegeStr) {
     TSentryPrivilege tSentryPrivilege = new TSentryPrivilege();
-    for (String authorizable : SentryConstants.AUTHORIZABLE_SPLITTER.split(privilegeStr))
{
+     for (String authorizable : SentryConstants.AUTHORIZABLE_SPLITTER.split(privilegeStr))
{
       KeyValue tempKV = new KeyValue(authorizable);
       String key = tempKV.getKey();
       String value = tempKV.getValue();

http://git-wip-us.apache.org/repos/asf/sentry/blob/e06b4f87/sentry-tools/src/main/java/org/apache/sentry/shell/PrivsShell.java
----------------------------------------------------------------------
diff --git a/sentry-tools/src/main/java/org/apache/sentry/shell/PrivsShell.java b/sentry-tools/src/main/java/org/apache/sentry/shell/PrivsShell.java
new file mode 100644
index 0000000..cf2ebbd
--- /dev/null
+++ b/sentry-tools/src/main/java/org/apache/sentry/shell/PrivsShell.java
@@ -0,0 +1,51 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership.  The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License.  You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.sentry.shell;
+
+import com.budhash.cliche.Command;
+import com.budhash.cliche.Shell;
+import com.budhash.cliche.ShellDependent;
+import org.apache.sentry.provider.db.service.thrift.SentryPolicyServiceClient;
+
+import java.util.List;
+
+public class PrivsShell implements ShellDependent {
+    private final ShellUtil tools;
+    Shell shell;
+
+    @Command(description = "Grant privilege to role")
+    public void grant(String roleName, String privilege) {
+        tools.grantPrivilegeToRole(roleName, privilege);
+    }
+
+    @Command
+    public List<String> list(String roleName) {
+        return tools.listPrivileges(roleName);
+    }
+
+
+    public PrivsShell(SentryPolicyServiceClient sentryClient, String authUser) {
+        this.tools = new ShellUtil(sentryClient, authUser);
+    }
+
+    @Override
+    public void cliSetShell(Shell theShell) {
+        this.shell = theShell;
+    }
+}

http://git-wip-us.apache.org/repos/asf/sentry/blob/e06b4f87/sentry-tools/src/main/java/org/apache/sentry/shell/ShellUtil.java
----------------------------------------------------------------------
diff --git a/sentry-tools/src/main/java/org/apache/sentry/shell/ShellUtil.java b/sentry-tools/src/main/java/org/apache/sentry/shell/ShellUtil.java
index a062c12..fbd382a 100644
--- a/sentry-tools/src/main/java/org/apache/sentry/shell/ShellUtil.java
+++ b/sentry-tools/src/main/java/org/apache/sentry/shell/ShellUtil.java
@@ -21,12 +21,15 @@ package org.apache.sentry.shell;
 import com.google.common.collect.Sets;
 import org.apache.commons.lang.StringUtils;
 import org.apache.sentry.core.common.exception.SentryUserException;
-import org.apache.sentry.provider.db.service.thrift.SentryPolicyServiceClient;
-import org.apache.sentry.provider.db.service.thrift.TSentryGroup;
-import org.apache.sentry.provider.db.service.thrift.TSentryRole;
+import org.apache.sentry.provider.db.service.thrift.*;
+import org.apache.sentry.service.thrift.SentryServiceUtil;
+import org.apache.sentry.service.thrift.ServiceConstants;
 
 import java.util.*;
 
+import static org.apache.sentry.service.thrift.SentryServiceUtil.convertTSentryPrivilegeToStr;
+import static org.apache.sentry.service.thrift.SentryServiceUtil.convertToTSentryPrivilege;
+
 /**
  * ShellUtil implements actual commands
  */
@@ -192,7 +195,62 @@ class ShellUtil {
         }
     }
 
+    void grantPrivilegeToRole(String roleName, String privilege) {
+        TSentryPrivilege tPriv = convertToTSentryPrivilege(privilege);
+        boolean grantOption = tPriv.getGrantOption().equals(TSentryGrantOption.TRUE);
+        try {
+            if (ServiceConstants.PrivilegeScope.SERVER.toString().equals(tPriv.getPrivilegeScope()))
{
+                sentryClient.grantServerPrivilege(authUser, roleName, tPriv.getServerName(),
+                        tPriv.getAction(), grantOption);
+                return;
+            }
+            if (ServiceConstants.PrivilegeScope.DATABASE.toString().equals(tPriv.getPrivilegeScope()))
{
+                sentryClient.grantDatabasePrivilege(authUser, roleName, tPriv.getServerName(),
+                        tPriv.getDbName(), tPriv.getAction(), grantOption);
+                return;
+            }
+            if (ServiceConstants.PrivilegeScope.TABLE.toString().equals(tPriv.getPrivilegeScope()))
{
+                sentryClient.grantTablePrivilege(authUser, roleName, tPriv.getServerName(),
+                        tPriv.getDbName(), tPriv.getTableName(),
+                        tPriv.getAction(), grantOption);
+                return;
+            }
+            if (ServiceConstants.PrivilegeScope.COLUMN.toString().equals(tPriv.getPrivilegeScope()))
{
+                sentryClient.grantColumnPrivilege(authUser, roleName, tPriv.getServerName(),
+                        tPriv.getDbName(), tPriv.getTableName(),
+                        tPriv.getColumnName(), tPriv.getAction(), grantOption);
+                return;
+            }
+            if (ServiceConstants.PrivilegeScope.URI.toString().equals(tPriv.getPrivilegeScope()))
{
+                sentryClient.grantURIPrivilege(authUser, roleName, tPriv.getServerName(),
+                        tPriv.getURI(), grantOption);
+                return;
+            }
+        } catch (SentryUserException e) {
+            System.out.println("Error granting privilege: " + e.toString());
+        }
+    }
 
+    List<String> listPrivileges(String roleName) {
+        Set<TSentryPrivilege> privileges = null;
+        try {
+            privileges = sentryClient
+                    .listAllPrivilegesByRoleName(authUser, roleName);
+        } catch (SentryUserException e) {
+            System.out.println("Failed to list privileges: " + e.toString());
+        }
+
+        if (privileges == null || privileges.isEmpty()) {
+            return new ArrayList<>();
+        }
+
+        List<String> result = new LinkedList<>();
+        for (TSentryPrivilege privilege : privileges) {
+            String privilegeStr =  convertTSentryPrivilegeToStr(privilege);
+            result.add(privilegeStr);
+        }
+        return result;
+    }
 
     ShellUtil(SentryPolicyServiceClient sentryClient, String authUser) {
         this.sentryClient = sentryClient;

http://git-wip-us.apache.org/repos/asf/sentry/blob/e06b4f87/sentry-tools/src/main/java/org/apache/sentry/shell/TopLevelShell.java
----------------------------------------------------------------------
diff --git a/sentry-tools/src/main/java/org/apache/sentry/shell/TopLevelShell.java b/sentry-tools/src/main/java/org/apache/sentry/shell/TopLevelShell.java
index b2b7e8d..b677f0f 100644
--- a/sentry-tools/src/main/java/org/apache/sentry/shell/TopLevelShell.java
+++ b/sentry-tools/src/main/java/org/apache/sentry/shell/TopLevelShell.java
@@ -47,18 +47,24 @@ public class TopLevelShell implements ShellDependent, Runnable {
                 this);
     }
 
-    @Command(description="listRoles, create and remove roles")
+    @Command(description="list, create and remove roles")
     public void roles() throws IOException {
         ShellFactory.createSubshell("roles", shell, "roles commands",
                 new RolesShell(sentryClient, authUser)).commandLoop();
     }
 
-    @Command(description = "listRoles, create and remove groups")
+    @Command(description = "list, create and remove groups")
     public void groups() throws IOException {
         ShellFactory.createSubshell("groups", shell, "groups commands",
                 new GroupShell(sentryClient, authUser)).commandLoop();
     }
 
+    @Command(description = "list, create and remove privileges")
+    public void privileges() throws IOException {
+        ShellFactory.createSubshell("privileges", shell, "privileges commands",
+                new PrivsShell(sentryClient, authUser)).commandLoop();
+    }
+
     @Command(description = "List sentry roles. shows all available roles.")
     public List<String> listRoles() {
         return tools.listRoles();


Mime
View raw message