sentry-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From cohei...@apache.org
Subject [6/6] sentry git commit: Merge branch 'master' into akolb-cli
Date Fri, 27 Oct 2017 09:22:27 GMT
Merge branch 'master' into akolb-cli


Project: http://git-wip-us.apache.org/repos/asf/sentry/repo
Commit: http://git-wip-us.apache.org/repos/asf/sentry/commit/8be62797
Tree: http://git-wip-us.apache.org/repos/asf/sentry/tree/8be62797
Diff: http://git-wip-us.apache.org/repos/asf/sentry/diff/8be62797

Branch: refs/heads/akolb-cli
Commit: 8be62797b1e6e476f1d012eb6a35feb128a708c2
Parents: 99f03c3 6fa0288
Author: Colm O hEigeartaigh <coheigea@apache.org>
Authored: Fri Oct 27 10:22:15 2017 +0100
Committer: Colm O hEigeartaigh <coheigea@apache.org>
Committed: Fri Oct 27 10:22:15 2017 +0100

----------------------------------------------------------------------
 .../DefaultSentryAccessController.java          |   2 +-
 .../hive/ql/exec/SentryGrantRevokeTask.java     |   2 +-
 .../authz/DefaultSentryAccessController.java    |   2 +-
 .../sentry/kafka/binding/KafkaAuthBinding.java  |   6 +-
 .../sentry/sqoop/binding/SqoopAuthBinding.java  |   8 +-
 .../sentry/core/common/utils/PathUtils.java     |   9 ++
 .../org/apache/sentry/hdfs/PathsUpdate.java     |   9 +-
 .../org/apache/sentry/hdfs/TestPathsUpdate.java |  32 ++++--
 .../provider/db/generic/UpdatableCache.java     |   2 +-
 .../thrift/SentryGenericServiceClient.java      |  14 +--
 .../SentryGenericServiceClientDefaultImpl.java  |  12 +-
 .../tools/GenericPrivilegeConverter.java        |  13 ++-
 .../db/generic/tools/SentryConfigToolSolr.java  |   2 +-
 .../db/generic/tools/SentryShellGeneric.java    |  58 +++++-----
 .../tools/command/AddRoleToGroupCmd.java        |  46 --------
 .../db/generic/tools/command/Command.java       |  27 -----
 .../db/generic/tools/command/CreateRoleCmd.java |  39 -------
 .../tools/command/DeleteRoleFromGroupCmd.java   |  46 --------
 .../db/generic/tools/command/DropRoleCmd.java   |  39 -------
 .../tools/command/GenericShellCommand.java      | 112 +++++++++++++++++++
 .../tools/command/GrantPrivilegeToRoleCmd.java  |  47 --------
 .../tools/command/ListPrivilegesByRoleCmd.java  |  54 ---------
 .../db/generic/tools/command/ListRolesCmd.java  |  53 ---------
 .../command/RevokePrivilegeFromRoleCmd.java     |  47 --------
 .../command/TSentryPrivilegeConverter.java      |   3 +-
 .../db/service/persistent/SentryStore.java      |   3 +-
 .../thrift/SentryPolicyServiceClient.java       |   2 +-
 .../SentryPolicyServiceClientDefaultImpl.java   |   2 +-
 .../provider/db/tools/SentryShellHive.java      |  42 +++----
 .../sentry/provider/db/tools/ShellCommand.java  |  44 ++++++++
 .../provider/db/tools/command/hive/Command.java |  27 -----
 .../db/tools/command/hive/CommandUtil.java      |   2 +-
 .../db/tools/command/hive/CreateRoleCmd.java    |  37 ------
 .../db/tools/command/hive/DropRoleCmd.java      |  37 ------
 .../command/hive/GrantPrivilegeToRoleCmd.java   |  43 -------
 .../command/hive/GrantRoleToGroupsCmd.java      |  44 --------
 .../db/tools/command/hive/HiveShellCommand.java | 108 ++++++++++++++++++
 .../tools/command/hive/ListPrivilegesCmd.java   |  49 --------
 .../db/tools/command/hive/ListRolesCmd.java     |  51 ---------
 .../hive/RevokePrivilegeFromRoleCmd.java        |  44 --------
 .../command/hive/RevokeRoleFromGroupsCmd.java   |  43 -------
 .../service/thrift/NotificationProcessor.java   |   3 +-
 .../TestAuditLogForSentryGenericService.java    |   8 +-
 .../TestSentryGenericServiceIntegration.java    |  48 ++++----
 .../generic/tools/TestSentryConfigToolSolr.java |   4 +-
 .../db/generic/tools/TestSentryShellKafka.java  |   2 +-
 .../db/generic/tools/TestSentryShellSolr.java   |   2 +-
 .../db/generic/tools/TestSentryShellSqoop.java  |   2 +-
 .../thrift/TestSentryPolicyServiceClient.java   |   4 +-
 .../thrift/TestSentryServiceClientPool.java     |   6 +-
 .../thrift/TestSentryServiceFailureCase.java    |   2 +-
 .../thrift/TestSentryServiceIntegration.java    |   8 +-
 .../TestSentryServiceWithInvalidMsgSize.java    |  10 +-
 .../provider/db/tools/TestSentryShellHive.java  |   2 +-
 .../thrift/SentryServiceIntegrationBase.java    |   2 +-
 .../e2e/dbprovider/TestConcurrentClients.java   |   2 +-
 .../metastore/SentryPolicyProviderForDb.java    |   2 +-
 .../e2e/dbprovider/TestConcurrentClients.java   |   2 +-
 .../AbstractTestWithStaticConfiguration.java    |   7 +-
 .../metastore/SentryPolicyProviderForDb.java    |   2 +-
 .../e2e/kafka/AbstractKafkaSentryTestBase.java  |  14 ++-
 .../sentry/tests/e2e/kafka/TestAuthorize.java   |   5 +-
 .../AbstractSolrSentryTestWithDbProvider.java   |   4 +-
 .../e2e/sqoop/AbstractSqoopSentryTestBase.java  |   2 +-
 .../java/org/apache/sentry/shell/ShellUtil.java |   6 +-
 65 files changed, 472 insertions(+), 939 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/sentry/blob/8be62797/sentry-tools/src/main/java/org/apache/sentry/shell/ShellUtil.java
----------------------------------------------------------------------
diff --cc sentry-tools/src/main/java/org/apache/sentry/shell/ShellUtil.java
index bea53c8,0000000..daf9b73
mode 100644,000000..100644
--- a/sentry-tools/src/main/java/org/apache/sentry/shell/ShellUtil.java
+++ b/sentry-tools/src/main/java/org/apache/sentry/shell/ShellUtil.java
@@@ -1,261 -1,0 +1,261 @@@
 +/*
 + * Licensed to the Apache Software Foundation (ASF) under one
 + * or more contributor license agreements.  See the NOTICE file
 + * distributed with this work for additional information
 + * regarding copyright ownership.  The ASF licenses this file
 + * to you under the Apache License, Version 2.0 (the
 + * "License"); you may not use this file except in compliance
 + * with the License.  You may obtain a copy of the License at
 + *
 + *     http://www.apache.org/licenses/LICENSE-2.0
 + *
 + * Unless required by applicable law or agreed to in writing, software
 + * distributed under the License is distributed on an "AS IS" BASIS,
 + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 + * See the License for the specific language governing permissions and
 + * limitations under the License.
 + */
 +
 +package org.apache.sentry.shell;
 +
 +import com.google.common.collect.Sets;
 +import org.apache.commons.lang.StringUtils;
 +import org.apache.sentry.core.common.exception.SentryUserException;
 +import org.apache.sentry.provider.db.service.thrift.*;
 +import org.apache.sentry.provider.db.tools.command.hive.CommandUtil;
 +
 +import java.util.*;
 +
 +import static org.apache.sentry.service.thrift.SentryServiceUtil.convertTSentryPrivilegeToStr;
 +import static org.apache.sentry.service.thrift.SentryServiceUtil.convertToTSentryPrivilege;
 +
 +/**
 + * ShellUtil implements actual commands
 + */
 +class ShellUtil {
 +
 +    private final SentryPolicyServiceClient sentryClient;
 +    private final String authUser;
 +
 +    ShellUtil(SentryPolicyServiceClient sentryClient, String authUser) {
 +        this.sentryClient = sentryClient;
 +        this.authUser = authUser;
 +    }
 +
 +    List<String> listRoles() {
 +        return listRoles(null);
 +    }
 +
 +    List<String> listRoles(String group) {
 +        Set<TSentryRole> roles = null;
 +        try {
 +            if (StringUtils.isEmpty(group)) {
-                 roles = sentryClient.listRoles(authUser);
++                roles = sentryClient.listAllRoles(authUser);
 +            } else {
 +                roles = sentryClient.listRolesByGroupName(authUser, group);
 +            }
 +        } catch (SentryUserException e) {
 +            System.out.println("Error listing roles: " + e.toString());
 +        }
 +        List<String> result = new ArrayList<>();
 +        if (roles == null || roles.isEmpty()) {
 +            return result;
 +        }
 +
 +        for (TSentryRole role : roles) {
 +            result.add(role.getRoleName());
 +        }
 +
 +        Collections.sort(result);
 +        return result;
 +    }
 +
 +    void createRoles(String ...roles) {
 +        for (String role : roles) {
 +            try {
 +                sentryClient.createRole(authUser, role);
 +            } catch (SentryUserException e) {
 +                System.out.printf("failed to create role %s: %s\n",
 +                        role, e.toString());
 +            }
 +        }
 +    }
 +
 +    void dropRoles(String ...roles) {
 +        for (String role : roles) {
 +            try {
 +                sentryClient.dropRole(authUser, role);
 +            } catch (SentryUserException e) {
 +                System.out.printf("failed to drop role %s: %s\n",
 +                        role, e.toString());
 +            }
 +        }
 +    }
 +
 +    List<String> listGroups() {
 +        Set<TSentryRole> roles = null;
 +
 +        try {
-             roles = sentryClient.listRoles(authUser);
++            roles = sentryClient.listAllRoles(authUser);
 +        } catch (SentryUserException e) {
 +            System.out.println("Error reading roles: " + e.toString());
 +        }
 +
 +        if (roles == null || roles.isEmpty()) {
 +            return new ArrayList<>();
 +        }
 +
 +        // Set of all group names
 +        Set<String> groupNames = new HashSet<>();
 +
 +        // Get all group names
 +        for (TSentryRole role: roles) {
 +            for (TSentryGroup group: role.getGroups()) {
 +                groupNames.add(group.getGroupName());
 +            }
 +        }
 +
 +        List<String> result = new ArrayList<>(groupNames);
 +
 +        Collections.sort(result);
 +        return result;
 +    }
 +
 +    List<String> listGroupRoles() {
 +        Set<TSentryRole> roles = null;
 +
 +        try {
-             roles = sentryClient.listRoles(authUser);
++            roles = sentryClient.listAllRoles(authUser);
 +        } catch (SentryUserException e) {
 +            System.out.println("Error reading roles: " + e.toString());
 +        }
 +
 +        if (roles == null || roles.isEmpty()) {
 +            return new ArrayList<>();
 +        }
 +
 +        // Set of all group names
 +        Set<String> groupNames = new HashSet<>();
 +
 +        // Map group to set of roles
 +        Map<String, Set<String>> groupInfo = new HashMap<>();
 +
 +        // Get all group names
 +        for (TSentryRole role: roles) {
 +            for (TSentryGroup group: role.getGroups()) {
 +                String groupName = group.getGroupName();
 +                groupNames.add(groupName);
 +                Set<String> groupRoles = groupInfo.get(groupName);
 +                if (groupRoles != null) {
 +                    // Add a new or existing role
 +                    groupRoles.add(role.getRoleName());
 +                    continue;
 +                }
 +                // Never seen this group before
 +                groupRoles = new HashSet<>();
 +                groupRoles.add(role.getRoleName());
 +                groupInfo.put(groupName, groupRoles);
 +            }
 +        }
 +
 +        List<String> groups = new ArrayList<>(groupNames);
 +        Collections.sort(groups);
 +
 +        // Produce printable result as
 +        // group1 = role1, role2, ...
 +        // group2 = ...
 +        List<String> result = new LinkedList<>();
 +        for(String groupName: groups) {
 +            result.add(groupName + " = " +
 +                    StringUtils.join(groupInfo.get(groupName), ", "));
 +        }
 +        return result;
 +    }
 +
 +    void grantGroupsToRole(String roleName, String ...groups) {
 +        try {
 +            sentryClient.grantRoleToGroups(authUser, roleName, Sets.newHashSet(groups));
 +        } catch (SentryUserException e) {
 +            System.out.printf("Failed to gran role %s to groups: %s\n",
 +                    roleName, e.toString());
 +        }
 +    }
 +
 +    void revokeGroupsFromRole(String roleName, String ...groups) {
 +        try {
 +            sentryClient.revokeRoleFromGroups(authUser, roleName, Sets.newHashSet(groups));
 +        } catch (SentryUserException e) {
 +            System.out.printf("Failed to revoke role %s to groups: %s\n",
 +                    roleName, e.toString());
 +        }
 +    }
 +
 +    void grantPrivilegeToRole(String roleName, String privilege) {
 +        TSentryPrivilege tPriv = convertToTSentryPrivilege(privilege);
 +        try {
 +            CommandUtil.validatePrivilegeHierarchy(tPriv);
 +            sentryClient.grantPrivilege(authUser, roleName, tPriv);
 +        } catch (SentryUserException | IllegalArgumentException e) {
 +            System.out.println("Error granting privilege: " + e.toString());
 +        }
 +    }
 +
 +    List<String> listPrivileges(String roleName) {
 +        Set<TSentryPrivilege> privileges = null;
 +        try {
 +            privileges = sentryClient
 +                    .listAllPrivilegesByRoleName(authUser, roleName);
 +        } catch (SentryUserException e) {
 +            System.out.println("Failed to list privileges: " + e.toString());
 +        }
 +
 +        List<String> result = new LinkedList<>();
 +        if (privileges == null || privileges.isEmpty()) {
 +            return result;
 +        }
 +
 +        for (TSentryPrivilege privilege : privileges) {
 +            String privilegeStr = convertTSentryPrivilegeToStr(privilege);
 +            if (privilegeStr.isEmpty()) {
 +                continue;
 +            }
 +            result.add(privilegeStr);
 +        }
 +        return result;
 +    }
 +
 +    /**
 +     * List all privileges
 +     * @return string with privilege info for all roles
 +     */
 +    String listPrivileges() {
 +        List<String> roles = listRoles(null);
 +        if (roles == null || roles.isEmpty()) {
 +            return "";
 +        }
 +
 +        StringBuilder result = new StringBuilder();
 +        for (String role: roles) {
 +            List<String> privs = listPrivileges(role);
 +            if (privs.isEmpty()) {
 +                continue;
 +            }
 +            result.append(role).append(" = ");
 +            result.append(StringUtils.join(listPrivileges(role), ",\n\t"));
 +            result.append('\n');
 +        }
 +        return result.toString();
 +    }
 +
 +    void revokePrivilegeFromRole(String roleName, String privilegeStr) {
 +        TSentryPrivilege tSentryPrivilege = convertToTSentryPrivilege(privilegeStr);
 +        try {
 +            CommandUtil.validatePrivilegeHierarchy(tSentryPrivilege);
 +            sentryClient.revokePrivilege(authUser, roleName, tSentryPrivilege);
 +        } catch (SentryUserException | IllegalArgumentException e) {
 +            System.out.println("failed to revoke privilege: " + e.toString());
 +        }
 +    }
 +
 +
 +}


Mime
View raw message