sentry-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From cohei...@apache.org
Subject sentry git commit: Use CommmandUtil to validate the privilege hierarchy
Date Mon, 23 Oct 2017 09:33:03 GMT
Repository: sentry
Updated Branches:
  refs/heads/akolb-cli 36fb263c1 -> 99f03c35d


Use CommmandUtil to validate the privilege hierarchy


Project: http://git-wip-us.apache.org/repos/asf/sentry/repo
Commit: http://git-wip-us.apache.org/repos/asf/sentry/commit/99f03c35
Tree: http://git-wip-us.apache.org/repos/asf/sentry/tree/99f03c35
Diff: http://git-wip-us.apache.org/repos/asf/sentry/diff/99f03c35

Branch: refs/heads/akolb-cli
Commit: 99f03c35dc53bb5076b015faa27375829b2f2c38
Parents: 36fb263
Author: Colm O hEigeartaigh <coheigea@apache.org>
Authored: Mon Oct 23 10:30:43 2017 +0100
Committer: Colm O hEigeartaigh <coheigea@apache.org>
Committed: Mon Oct 23 10:30:43 2017 +0100

----------------------------------------------------------------------
 .../db/tools/command/hive/CommandUtil.java      |   2 +-
 .../java/org/apache/sentry/shell/ShellUtil.java | 113 ++++---------------
 2 files changed, 21 insertions(+), 94 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/sentry/blob/99f03c35/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/tools/command/hive/CommandUtil.java
----------------------------------------------------------------------
diff --git a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/tools/command/hive/CommandUtil.java
b/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/tools/command/hive/CommandUtil.java
index b6f4140..5c228bf 100644
--- a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/tools/command/hive/CommandUtil.java
+++ b/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/tools/command/hive/CommandUtil.java
@@ -31,7 +31,7 @@ public final class CommandUtil {
 
   // check the privilege value for the specific privilege scope
   // eg, for the table scope, server and database can't be empty
-  public static void validatePrivilegeHierarchy(TSentryPrivilege tSentryPrivilege) throws
Exception {
+  public static void validatePrivilegeHierarchy(TSentryPrivilege tSentryPrivilege) {
     String serverName = tSentryPrivilege.getServerName();
     String dbName = tSentryPrivilege.getDbName();
     String tableName = tSentryPrivilege.getTableName();

http://git-wip-us.apache.org/repos/asf/sentry/blob/99f03c35/sentry-tools/src/main/java/org/apache/sentry/shell/ShellUtil.java
----------------------------------------------------------------------
diff --git a/sentry-tools/src/main/java/org/apache/sentry/shell/ShellUtil.java b/sentry-tools/src/main/java/org/apache/sentry/shell/ShellUtil.java
index 4904fac..bea53c8 100644
--- a/sentry-tools/src/main/java/org/apache/sentry/shell/ShellUtil.java
+++ b/sentry-tools/src/main/java/org/apache/sentry/shell/ShellUtil.java
@@ -22,7 +22,7 @@ import com.google.common.collect.Sets;
 import org.apache.commons.lang.StringUtils;
 import org.apache.sentry.core.common.exception.SentryUserException;
 import org.apache.sentry.provider.db.service.thrift.*;
-import org.apache.sentry.service.thrift.ServiceConstants;
+import org.apache.sentry.provider.db.tools.command.hive.CommandUtil;
 
 import java.util.*;
 
@@ -43,18 +43,17 @@ class ShellUtil {
     }
 
     List<String> listRoles() {
-        try {
-            return getRoles();
-        } catch (SentryUserException e) {
-            System.out.println("Error listing roles: " + e.toString());
-        }
-        return new LinkedList<>();
+        return listRoles(null);
     }
 
     List<String> listRoles(String group) {
         Set<TSentryRole> roles = null;
         try {
-            roles = sentryClient.listRolesByGroupName(authUser, group);
+            if (StringUtils.isEmpty(group)) {
+                roles = sentryClient.listRoles(authUser);
+            } else {
+                roles = sentryClient.listRolesByGroupName(authUser, group);
+            }
         } catch (SentryUserException e) {
             System.out.println("Error listing roles: " + e.toString());
         }
@@ -63,7 +62,7 @@ class ShellUtil {
             return result;
         }
 
-        for(TSentryRole role: roles) {
+        for (TSentryRole role : roles) {
             result.add(role.getRoleName());
         }
 
@@ -72,7 +71,7 @@ class ShellUtil {
     }
 
     void createRoles(String ...roles) {
-        for (String role: roles) {
+        for (String role : roles) {
             try {
                 sentryClient.createRole(authUser, role);
             } catch (SentryUserException e) {
@@ -83,7 +82,7 @@ class ShellUtil {
     }
 
     void dropRoles(String ...roles) {
-        for (String role: roles) {
+        for (String role : roles) {
             try {
                 sentryClient.dropRole(authUser, role);
             } catch (SentryUserException e) {
@@ -193,36 +192,10 @@ class ShellUtil {
 
     void grantPrivilegeToRole(String roleName, String privilege) {
         TSentryPrivilege tPriv = convertToTSentryPrivilege(privilege);
-        boolean grantOption = tPriv.getGrantOption().equals(TSentryGrantOption.TRUE);
         try {
-            if (ServiceConstants.PrivilegeScope.SERVER.toString().equals(tPriv.getPrivilegeScope()))
{
-                sentryClient.grantServerPrivilege(authUser, roleName, tPriv.getServerName(),
-                        tPriv.getAction(), grantOption);
-                return;
-            }
-            if (ServiceConstants.PrivilegeScope.DATABASE.toString().equals(tPriv.getPrivilegeScope()))
{
-                sentryClient.grantDatabasePrivilege(authUser, roleName, tPriv.getServerName(),
-                        tPriv.getDbName(), tPriv.getAction(), grantOption);
-                return;
-            }
-            if (ServiceConstants.PrivilegeScope.TABLE.toString().equals(tPriv.getPrivilegeScope()))
{
-                sentryClient.grantTablePrivilege(authUser, roleName, tPriv.getServerName(),
-                        tPriv.getDbName(), tPriv.getTableName(),
-                        tPriv.getAction(), grantOption);
-                return;
-            }
-            if (ServiceConstants.PrivilegeScope.COLUMN.toString().equals(tPriv.getPrivilegeScope()))
{
-                sentryClient.grantColumnPrivilege(authUser, roleName, tPriv.getServerName(),
-                        tPriv.getDbName(), tPriv.getTableName(),
-                        tPriv.getColumnName(), tPriv.getAction(), grantOption);
-                return;
-            }
-            if (ServiceConstants.PrivilegeScope.URI.toString().equals(tPriv.getPrivilegeScope()))
{
-                sentryClient.grantURIPrivilege(authUser, roleName, tPriv.getServerName(),
-                        tPriv.getURI(), grantOption);
-                return;
-            }
-        } catch (SentryUserException e) {
+            CommandUtil.validatePrivilegeHierarchy(tPriv);
+            sentryClient.grantPrivilege(authUser, roleName, tPriv);
+        } catch (SentryUserException | IllegalArgumentException e) {
             System.out.println("Error granting privilege: " + e.toString());
         }
     }
@@ -236,13 +209,13 @@ class ShellUtil {
             System.out.println("Failed to list privileges: " + e.toString());
         }
 
+        List<String> result = new LinkedList<>();
         if (privileges == null || privileges.isEmpty()) {
-            return new ArrayList<>();
+            return result;
         }
 
-        List<String> result = new LinkedList<>();
         for (TSentryPrivilege privilege : privileges) {
-            String privilegeStr =  convertTSentryPrivilegeToStr(privilege);
+            String privilegeStr = convertTSentryPrivilegeToStr(privilege);
             if (privilegeStr.isEmpty()) {
                 continue;
             }
@@ -256,13 +229,7 @@ class ShellUtil {
      * @return string with privilege info for all roles
      */
     String listPrivileges() {
-        List<String> roles = null;
-        try {
-            roles = getRoles();
-        } catch (SentryUserException e) {
-            System.out.println("failed to get role names: " + e.toString());
-        }
-
+        List<String> roles = listRoles(null);
         if (roles == null || roles.isEmpty()) {
             return "";
         }
@@ -282,53 +249,13 @@ class ShellUtil {
 
     void revokePrivilegeFromRole(String roleName, String privilegeStr) {
         TSentryPrivilege tSentryPrivilege = convertToTSentryPrivilege(privilegeStr);
-        boolean grantOption = tSentryPrivilege.getGrantOption().equals(TSentryGrantOption.TRUE)
? true : false;
-
         try {
-            if (ServiceConstants.PrivilegeScope.SERVER.toString().equals(tSentryPrivilege.getPrivilegeScope()))
{
-                sentryClient.revokeServerPrivilege(authUser, roleName, tSentryPrivilege.getServerName(),
-                        grantOption);
-                return;
-            }
-            if (ServiceConstants.PrivilegeScope.DATABASE.toString().equals(tSentryPrivilege.getPrivilegeScope()))
{
-                sentryClient.revokeDatabasePrivilege(authUser, roleName, tSentryPrivilege.getServerName(),
-                        tSentryPrivilege.getDbName(), tSentryPrivilege.getAction(), grantOption);
-                return;
-            }
-            if (ServiceConstants.PrivilegeScope.TABLE.toString().equals(tSentryPrivilege.getPrivilegeScope()))
{
-                sentryClient.revokeTablePrivilege(authUser, roleName, tSentryPrivilege.getServerName(),
-                        tSentryPrivilege.getDbName(), tSentryPrivilege.getTableName(),
-                        tSentryPrivilege.getAction(), grantOption);
-                return;
-            }
-            if (ServiceConstants.PrivilegeScope.COLUMN.toString().equals(tSentryPrivilege.getPrivilegeScope()))
{
-                sentryClient.revokeColumnPrivilege(authUser, roleName, tSentryPrivilege.getServerName(),
-                        tSentryPrivilege.getDbName(), tSentryPrivilege.getTableName(),
-                        tSentryPrivilege.getColumnName(), tSentryPrivilege.getAction(), grantOption);
-                return;
-            }
-            if (ServiceConstants.PrivilegeScope.URI.toString().equals(tSentryPrivilege.getPrivilegeScope()))
{
-                sentryClient.revokeURIPrivilege(authUser, roleName, tSentryPrivilege.getServerName(),
-                        tSentryPrivilege.getURI(), grantOption);
-                return;
-            }
-        } catch (SentryUserException e) {
+            CommandUtil.validatePrivilegeHierarchy(tSentryPrivilege);
+            sentryClient.revokePrivilege(authUser, roleName, tSentryPrivilege);
+        } catch (SentryUserException | IllegalArgumentException e) {
             System.out.println("failed to revoke privilege: " + e.toString());
         }
     }
 
 
-    private List<String>getRoles() throws SentryUserException {
-        // Collect role names
-        Set<TSentryRole> roles = null;
-        roles = sentryClient.listRoles(authUser);
-        List<String> roleNames = new ArrayList<>();
-        for(TSentryRole role: roles) {
-            roleNames.add(role.getRoleName());
-        }
-
-        Collections.sort(roleNames);
-        return roleNames;
-    }
-
 }


Mime
View raw message