sentry-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From cohei...@apache.org
Subject [07/26] sentry git commit: SENTRY-1974 - Consolidate the Solr + Kafka PrivilegeValidators into a single GenericPrivilegeValidator. - Reviewed by kalyan kumar kalvagadda.
Date Thu, 19 Oct 2017 08:59:48 GMT
SENTRY-1974 - Consolidate the Solr + Kafka PrivilegeValidators into a single GenericPrivilegeValidator.
 - Reviewed by kalyan kumar kalvagadda.


Project: http://git-wip-us.apache.org/repos/asf/sentry/repo
Commit: http://git-wip-us.apache.org/repos/asf/sentry/commit/3d0f4705
Tree: http://git-wip-us.apache.org/repos/asf/sentry/tree/3d0f4705
Diff: http://git-wip-us.apache.org/repos/asf/sentry/diff/3d0f4705

Branch: refs/heads/akolb-cli
Commit: 3d0f470529ebc2dc2df7e17f20ba3c13aa13b4d2
Parents: 0607322
Author: Colm O hEigeartaigh <coheigea@apache.org>
Authored: Fri Oct 6 15:56:06 2017 +0100
Committer: Colm O hEigeartaigh <coheigea@apache.org>
Committed: Fri Oct 6 15:56:06 2017 +0100

----------------------------------------------------------------------
 .../sentry/kafka/binding/KafkaAuthBinding.java  |   4 +-
 .../binding/solr/authz/SolrAuthzBinding.java    |   4 +-
 .../tools/GenericPrivilegeConverter.java        | 178 +++++++++++++++++++
 .../tools/KafkaTSentryPrivilegeConverter.java   | 128 -------------
 .../db/generic/tools/SentryConfigToolSolr.java  |   2 +-
 .../db/generic/tools/SentryShellGeneric.java    |  17 +-
 .../tools/SolrTSentryPrivilegeConverter.java    | 137 --------------
 .../generic/tools/TestSentryConfigToolSolr.java |   2 +-
 8 files changed, 187 insertions(+), 285 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/sentry/blob/3d0f4705/sentry-binding/sentry-binding-kafka/src/main/java/org/apache/sentry/kafka/binding/KafkaAuthBinding.java
----------------------------------------------------------------------
diff --git a/sentry-binding/sentry-binding-kafka/src/main/java/org/apache/sentry/kafka/binding/KafkaAuthBinding.java
b/sentry-binding/sentry-binding-kafka/src/main/java/org/apache/sentry/kafka/binding/KafkaAuthBinding.java
index d9dcbb7..7a36c5f 100644
--- a/sentry-binding/sentry-binding-kafka/src/main/java/org/apache/sentry/kafka/binding/KafkaAuthBinding.java
+++ b/sentry-binding/sentry-binding-kafka/src/main/java/org/apache/sentry/kafka/binding/KafkaAuthBinding.java
@@ -61,7 +61,7 @@ import org.apache.sentry.provider.db.generic.service.thrift.SentryGenericService
 import org.apache.sentry.provider.db.generic.service.thrift.TAuthorizable;
 import org.apache.sentry.provider.db.generic.service.thrift.TSentryPrivilege;
 import org.apache.sentry.provider.db.generic.service.thrift.TSentryRole;
-import org.apache.sentry.provider.db.generic.tools.KafkaTSentryPrivilegeConverter;
+import org.apache.sentry.provider.db.generic.tools.GenericPrivilegeConverter;
 import org.apache.sentry.service.thrift.ServiceConstants;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
@@ -156,7 +156,7 @@ public class KafkaAuthBinding {
 
     // for convenience, set the PrivilegeConverter.
     if (authConf.get(ServiceConstants.ClientConfig.PRIVILEGE_CONVERTER) == null) {
-      authConf.set(ServiceConstants.ClientConfig.PRIVILEGE_CONVERTER, KafkaTSentryPrivilegeConverter.class.getName());
+      authConf.set(ServiceConstants.ClientConfig.PRIVILEGE_CONVERTER, GenericPrivilegeConverter.class.getName());
     }
 
     // Instantiate the configured providerBackend

http://git-wip-us.apache.org/repos/asf/sentry/blob/3d0f4705/sentry-binding/sentry-binding-solr/src/main/java/org/apache/sentry/binding/solr/authz/SolrAuthzBinding.java
----------------------------------------------------------------------
diff --git a/sentry-binding/sentry-binding-solr/src/main/java/org/apache/sentry/binding/solr/authz/SolrAuthzBinding.java
b/sentry-binding/sentry-binding-solr/src/main/java/org/apache/sentry/binding/solr/authz/SolrAuthzBinding.java
index 37adb56..0a818e5 100644
--- a/sentry-binding/sentry-binding-solr/src/main/java/org/apache/sentry/binding/solr/authz/SolrAuthzBinding.java
+++ b/sentry-binding/sentry-binding-solr/src/main/java/org/apache/sentry/binding/solr/authz/SolrAuthzBinding.java
@@ -54,7 +54,7 @@ import org.apache.sentry.provider.db.generic.service.thrift.SentryGenericService
 import org.apache.sentry.provider.db.generic.service.thrift.TAuthorizable;
 import org.apache.sentry.provider.db.generic.service.thrift.TSentryGrantOption;
 import org.apache.sentry.provider.db.generic.service.thrift.TSentryPrivilege;
-import org.apache.sentry.provider.db.generic.tools.SolrTSentryPrivilegeConverter;
+import org.apache.sentry.provider.db.generic.tools.GenericPrivilegeConverter;
 import org.apache.sentry.service.thrift.ServiceConstants;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
@@ -124,7 +124,7 @@ public class SolrAuthzBinding {
 
     // for convenience, set the PrivilegeConverter.
     if (authzConf.get(ServiceConstants.ClientConfig.PRIVILEGE_CONVERTER) == null) {
-      authzConf.set(ServiceConstants.ClientConfig.PRIVILEGE_CONVERTER, SolrTSentryPrivilegeConverter.class.getName());
+      authzConf.set(ServiceConstants.ClientConfig.PRIVILEGE_CONVERTER, GenericPrivilegeConverter.class.getName());
     }
 
     // the SearchProviderBackend is deleted in SENTRY-828, this is for the compatible with
the

http://git-wip-us.apache.org/repos/asf/sentry/blob/3d0f4705/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/generic/tools/GenericPrivilegeConverter.java
----------------------------------------------------------------------
diff --git a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/generic/tools/GenericPrivilegeConverter.java
b/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/generic/tools/GenericPrivilegeConverter.java
new file mode 100644
index 0000000..ea8cf07
--- /dev/null
+++ b/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/generic/tools/GenericPrivilegeConverter.java
@@ -0,0 +1,178 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership.  The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License.  You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.sentry.provider.db.generic.tools;
+
+import static org.apache.sentry.core.common.utils.SentryConstants.AUTHORIZABLE_SEPARATOR;
+import static org.apache.sentry.core.common.utils.SentryConstants.KV_SEPARATOR;
+import static org.apache.sentry.core.common.utils.SentryConstants.RESOURCE_WILDCARD_VALUE;
+
+import com.google.common.collect.Lists;
+
+import java.util.Iterator;
+import java.util.LinkedList;
+import java.util.List;
+
+import org.apache.sentry.core.common.Authorizable;
+import org.apache.sentry.core.common.utils.KeyValue;
+import org.apache.sentry.core.common.utils.PolicyFileConstants;
+import org.apache.sentry.core.common.utils.SentryConstants;
+import org.apache.sentry.core.common.validator.PrivilegeValidator;
+import org.apache.sentry.core.common.validator.PrivilegeValidatorContext;
+import org.apache.sentry.core.model.kafka.KafkaAuthorizable;
+import org.apache.sentry.core.model.kafka.KafkaModelAuthorizables;
+import org.apache.sentry.core.model.kafka.KafkaPrivilegeModel;
+import org.apache.sentry.core.model.search.SearchModelAuthorizables;
+import org.apache.sentry.core.model.search.SearchPrivilegeModel;
+import org.apache.sentry.provider.common.AuthorizationComponent;
+import org.apache.sentry.provider.db.generic.service.thrift.TAuthorizable;
+import org.apache.sentry.provider.db.generic.service.thrift.TSentryGrantOption;
+import org.apache.sentry.provider.db.generic.service.thrift.TSentryPrivilege;
+import org.apache.sentry.provider.db.generic.tools.command.TSentryPrivilegeConverter;
+import org.apache.shiro.config.ConfigurationException;
+
+/**
+ * A TSentryPrivilegeConverter implementation for "Generic" privileges, covering Apache Kafka
and Apache Solr.
+ * It converts privilege Strings to TSentryPrivilege Objects, and vice versa, for Generic
clients.
+ *
+ * When a privilege String is converted to a TSentryPrivilege in "fromString", the validators
associated with the
+ * given privilege model are also called on the privilege String.
+ */
+public class GenericPrivilegeConverter implements TSentryPrivilegeConverter {
+  private String component;
+  private String service;
+  private boolean validate;
+
+  public GenericPrivilegeConverter(String component, String service) {
+    this(component, service, true);
+  }
+
+  public GenericPrivilegeConverter(String component, String service, boolean validate) {
+    this.component = component;
+    this.service = service;
+    this.validate = validate;
+  }
+
+  public TSentryPrivilege fromString(String privilegeStr) throws Exception {
+    privilegeStr = parsePrivilegeString(privilegeStr);
+    if (validate) {
+      validatePrivilegeHierarchy(privilegeStr);
+    }
+
+    TSentryPrivilege tSentryPrivilege = new TSentryPrivilege();
+    List<TAuthorizable> authorizables = new LinkedList<TAuthorizable>();
+    for (String authorizable : SentryConstants.AUTHORIZABLE_SPLITTER.split(privilegeStr))
{
+      KeyValue keyValue = new KeyValue(authorizable);
+      String key = keyValue.getKey();
+      String value = keyValue.getValue();
+
+      Authorizable authz = getAuthorizable(keyValue);
+      if (authz != null) {
+        authorizables.add(new TAuthorizable(authz.getTypeName(), authz.getName()));
+      } else if (PolicyFileConstants.PRIVILEGE_ACTION_NAME.equalsIgnoreCase(key)) {
+        tSentryPrivilege.setAction(value);
+      } else {
+        throw new IllegalArgumentException("Unknown key: " + key);
+      }
+    }
+
+    if (tSentryPrivilege.getAction() == null) {
+      throw new IllegalArgumentException("Privilege is invalid: action required but not specified.");
+    }
+    tSentryPrivilege.setComponent(component);
+    tSentryPrivilege.setServiceName(service);
+    tSentryPrivilege.setAuthorizables(authorizables);
+    return tSentryPrivilege;
+  }
+
+  public String toString(TSentryPrivilege tSentryPrivilege) {
+    List<String> privileges = Lists.newArrayList();
+    if (tSentryPrivilege != null) {
+      List<TAuthorizable> authorizables = tSentryPrivilege.getAuthorizables();
+      String action = tSentryPrivilege.getAction();
+      String grantOption = (tSentryPrivilege.getGrantOption() == TSentryGrantOption.TRUE
? "true"
+              : "false");
+
+      Iterator<TAuthorizable> it = authorizables.iterator();
+      if (it != null) {
+        while (it.hasNext()) {
+          TAuthorizable tAuthorizable = it.next();
+          privileges.add(SentryConstants.KV_JOINER.join(
+              tAuthorizable.getType(), tAuthorizable.getName()));
+        }
+      }
+
+      if (!authorizables.isEmpty()) {
+        privileges.add(SentryConstants.KV_JOINER.join(
+            PolicyFileConstants.PRIVILEGE_ACTION_NAME, action));
+      }
+
+      // only append the grant option to privilege string if it's true
+      if ("true".equals(grantOption)) {
+        privileges.add(SentryConstants.KV_JOINER.join(
+            PolicyFileConstants.PRIVILEGE_GRANT_OPTION_NAME, grantOption));
+      }
+    }
+    return SentryConstants.AUTHORIZABLE_JOINER.join(privileges);
+  }
+
+  private String parsePrivilegeString(String privilegeStr) {
+    if (AuthorizationComponent.KAFKA.equals(component)) {
+      final String hostPrefix = KafkaAuthorizable.AuthorizableType.HOST.name() + KV_SEPARATOR;
+      final String hostPrefixLowerCase = hostPrefix.toLowerCase();
+      if (!privilegeStr.toLowerCase().startsWith(hostPrefixLowerCase)) {
+        return hostPrefix + RESOURCE_WILDCARD_VALUE + AUTHORIZABLE_SEPARATOR + privilegeStr;
+      }
+    }
+
+    return privilegeStr;
+  }
+
+  private void validatePrivilegeHierarchy(String privilegeStr) throws Exception {
+    List<PrivilegeValidator> validators = getPrivilegeValidators();
+    PrivilegeValidatorContext context = new PrivilegeValidatorContext(null, privilegeStr);
+    for (PrivilegeValidator validator : validators) {
+      try {
+        validator.validate(context);
+      } catch (ConfigurationException e) {
+        throw new IllegalArgumentException(e);
+      }
+    }
+  }
+
+  private List<PrivilegeValidator> getPrivilegeValidators() throws Exception {
+    if (AuthorizationComponent.KAFKA.equals(component)) {
+      return KafkaPrivilegeModel.getInstance().getPrivilegeValidators();
+    } else if ("SOLR".equals(component)) {
+      return SearchPrivilegeModel.getInstance().getPrivilegeValidators();
+    }
+
+    throw new Exception("Invalid component specified for GenericPrivilegeCoverter: " + component);
+  }
+
+  private Authorizable getAuthorizable(KeyValue keyValue) throws Exception {
+    if (AuthorizationComponent.KAFKA.equals(component)) {
+      return KafkaModelAuthorizables.from(keyValue);
+    } else if ("SOLR".equals(component)) {
+      return SearchModelAuthorizables.from(keyValue);
+    }
+
+    throw new Exception("Invalid component specified for GenericPrivilegeCoverter: " + component);
+  }
+
+}

http://git-wip-us.apache.org/repos/asf/sentry/blob/3d0f4705/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/generic/tools/KafkaTSentryPrivilegeConverter.java
----------------------------------------------------------------------
diff --git a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/generic/tools/KafkaTSentryPrivilegeConverter.java
b/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/generic/tools/KafkaTSentryPrivilegeConverter.java
deleted file mode 100644
index c1aac6a..0000000
--- a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/generic/tools/KafkaTSentryPrivilegeConverter.java
+++ /dev/null
@@ -1,128 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements.  See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership.  The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License.  You may obtain a copy of the License at
- *
- *     http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-package org.apache.sentry.provider.db.generic.tools;
-
-import com.google.common.collect.Lists;
-import org.apache.sentry.core.common.utils.KeyValue;
-import org.apache.sentry.core.common.utils.SentryConstants;
-import org.apache.sentry.core.common.validator.PrivilegeValidator;
-import org.apache.sentry.core.common.validator.PrivilegeValidatorContext;
-import org.apache.sentry.core.model.kafka.KafkaAuthorizable;
-import org.apache.sentry.core.model.kafka.KafkaModelAuthorizables;
-import org.apache.sentry.core.model.kafka.KafkaPrivilegeModel;
-import org.apache.sentry.core.common.utils.PolicyFileConstants;
-import org.apache.sentry.provider.db.generic.service.thrift.TAuthorizable;
-import org.apache.sentry.provider.db.generic.service.thrift.TSentryGrantOption;
-import org.apache.sentry.provider.db.generic.service.thrift.TSentryPrivilege;
-import org.apache.sentry.provider.db.generic.tools.command.TSentryPrivilegeConverter;
-import org.apache.shiro.config.ConfigurationException;
-
-import java.util.Iterator;
-import java.util.LinkedList;
-import java.util.List;
-
-import static org.apache.sentry.core.common.utils.SentryConstants.AUTHORIZABLE_SEPARATOR;
-import static org.apache.sentry.core.common.utils.SentryConstants.KV_SEPARATOR;
-import static org.apache.sentry.core.common.utils.SentryConstants.RESOURCE_WILDCARD_VALUE;
-
-public  class KafkaTSentryPrivilegeConverter implements TSentryPrivilegeConverter {
-  private String component;
-  private String service;
-
-  public KafkaTSentryPrivilegeConverter(String component, String service) {
-    this.component = component;
-    this.service = service;
-  }
-
-  public TSentryPrivilege fromString(String privilegeStr) throws Exception {
-    final String hostPrefix = KafkaAuthorizable.AuthorizableType.HOST.name() + KV_SEPARATOR;
-    final String hostPrefixLowerCase = hostPrefix.toLowerCase();
-    if (!privilegeStr.toLowerCase().startsWith(hostPrefixLowerCase)) {
-      privilegeStr =  hostPrefix + RESOURCE_WILDCARD_VALUE + AUTHORIZABLE_SEPARATOR + privilegeStr;
-    }
-    validatePrivilegeHierarchy(privilegeStr);
-    TSentryPrivilege tSentryPrivilege = new TSentryPrivilege();
-    List<TAuthorizable> authorizables = new LinkedList<TAuthorizable>();
-    for (String authorizable : SentryConstants.AUTHORIZABLE_SPLITTER.split(privilegeStr))
{
-      KeyValue keyValue = new KeyValue(authorizable);
-      String key = keyValue.getKey();
-      String value = keyValue.getValue();
-
-      // is it an authorizable?
-      KafkaAuthorizable authz = KafkaModelAuthorizables.from(keyValue);
-      if (authz != null) {
-        authorizables.add(new TAuthorizable(authz.getTypeName(), authz.getName()));
-
-      } else if (PolicyFileConstants.PRIVILEGE_ACTION_NAME.equalsIgnoreCase(key)) {
-        tSentryPrivilege.setAction(value);
-      }
-    }
-
-    if (tSentryPrivilege.getAction() == null) {
-      throw new IllegalArgumentException("Privilege is invalid: action required but not specified.");
-    }
-    tSentryPrivilege.setComponent(component);
-    tSentryPrivilege.setServiceName(service);
-    tSentryPrivilege.setAuthorizables(authorizables);
-    return tSentryPrivilege;
-  }
-
-  public String toString(TSentryPrivilege tSentryPrivilege) {
-    List<String> privileges = Lists.newArrayList();
-    if (tSentryPrivilege != null) {
-      List<TAuthorizable> authorizables = tSentryPrivilege.getAuthorizables();
-      String action = tSentryPrivilege.getAction();
-      String grantOption = (tSentryPrivilege.getGrantOption() == TSentryGrantOption.TRUE
? "true"
-              : "false");
-
-      Iterator<TAuthorizable> it = authorizables.iterator();
-      if (it != null) {
-        while (it.hasNext()) {
-          TAuthorizable tAuthorizable = it.next();
-          privileges.add(SentryConstants.KV_JOINER.join(
-              tAuthorizable.getType(), tAuthorizable.getName()));
-        }
-      }
-
-      if (!authorizables.isEmpty()) {
-        privileges.add(SentryConstants.KV_JOINER.join(
-            PolicyFileConstants.PRIVILEGE_ACTION_NAME, action));
-      }
-
-      // only append the grant option to privilege string if it's true
-      if ("true".equals(grantOption)) {
-        privileges.add(SentryConstants.KV_JOINER.join(
-            PolicyFileConstants.PRIVILEGE_GRANT_OPTION_NAME, grantOption));
-      }
-    }
-    return SentryConstants.AUTHORIZABLE_JOINER.join(privileges);
-  }
-
-  private static void validatePrivilegeHierarchy(String privilegeStr) {
-    List<PrivilegeValidator> validators = KafkaPrivilegeModel.getInstance().getPrivilegeValidators();
-    PrivilegeValidatorContext context = new PrivilegeValidatorContext(null, privilegeStr);
-    for (PrivilegeValidator validator : validators) {
-      try {
-        validator.validate(context);
-      } catch (ConfigurationException e) {
-        throw new IllegalArgumentException(e);
-      }
-    }
-  }
-}

http://git-wip-us.apache.org/repos/asf/sentry/blob/3d0f4705/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/generic/tools/SentryConfigToolSolr.java
----------------------------------------------------------------------
diff --git a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/generic/tools/SentryConfigToolSolr.java
b/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/generic/tools/SentryConfigToolSolr.java
index b958b09..b2664de 100644
--- a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/generic/tools/SentryConfigToolSolr.java
+++ b/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/generic/tools/SentryConfigToolSolr.java
@@ -106,7 +106,7 @@ public class SentryConfigToolSolr extends SentryConfigToolCommon {
     Set<String> roles = Sets.newHashSet();
     Table<String, String, Set<String>> groupRolePrivilegeTable =
         policyFileBackend.getGroupRolePrivilegeTable();
-    SolrTSentryPrivilegeConverter converter = new SolrTSentryPrivilegeConverter(component,
service, false);
+    GenericPrivilegeConverter converter = new GenericPrivilegeConverter(component, service,
false);
 
     for (String groupName : groupRolePrivilegeTable.rowKeySet()) {
       for (String roleName : groupRolePrivilegeTable.columnKeySet()) {

http://git-wip-us.apache.org/repos/asf/sentry/blob/3d0f4705/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/generic/tools/SentryShellGeneric.java
----------------------------------------------------------------------
diff --git a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/generic/tools/SentryShellGeneric.java
b/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/generic/tools/SentryShellGeneric.java
index 49523a4..e3edc29 100644
--- a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/generic/tools/SentryShellGeneric.java
+++ b/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/generic/tools/SentryShellGeneric.java
@@ -34,7 +34,6 @@ import org.apache.sentry.provider.db.generic.tools.command.GrantPrivilegeToRoleC
 import org.apache.sentry.provider.db.generic.tools.command.ListPrivilegesByRoleCmd;
 import org.apache.sentry.provider.db.generic.tools.command.ListRolesCmd;
 import org.apache.sentry.provider.db.generic.tools.command.RevokePrivilegeFromRoleCmd;
-import org.apache.sentry.provider.db.generic.tools.command.TSentryPrivilegeConverter;
 import org.apache.sentry.provider.db.tools.SentryShellCommon;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
@@ -73,15 +72,15 @@ public class SentryShellGeneric extends SentryShellCommon {
         command = new DeleteRoleFromGroupCmd(roleName, groupName, component);
       } else if (isGrantPrivilegeRole) {
         command = new GrantPrivilegeToRoleCmd(roleName, component,
-                privilegeStr, getPrivilegeConverter(component, service));
+                privilegeStr, new GenericPrivilegeConverter(component, service));
       } else if (isRevokePrivilegeRole) {
         command = new RevokePrivilegeFromRoleCmd(roleName, component,
-                privilegeStr, getPrivilegeConverter(component, service));
+                privilegeStr, new GenericPrivilegeConverter(component, service));
       } else if (isListRole) {
         command = new ListRolesCmd(groupName, component);
       } else if (isListPrivilege) {
         command = new ListPrivilegesByRoleCmd(roleName, component,
-                service, getPrivilegeConverter(component, service));
+                service, new GenericPrivilegeConverter(component, service));
       }
 
       // check the requestor name
@@ -116,16 +115,6 @@ public class SentryShellGeneric extends SentryShellCommon {
     throw new Exception("Invalid type specified for SentryShellGeneric: " + type);
   }
 
-  private TSentryPrivilegeConverter getPrivilegeConverter(String component, String service)
throws Exception {
-    if (type == TYPE.kafka) {
-      return new KafkaTSentryPrivilegeConverter(component, service);
-    } else if (type == TYPE.solr) {
-      return new SolrTSentryPrivilegeConverter(component, service);
-    }
-
-    throw new Exception("Invalid type specified for SentryShellGeneric: " + type);
-  }
-
   private Configuration getSentryConf() {
     Configuration conf = new Configuration();
     conf.addResource(new Path(confPath));

http://git-wip-us.apache.org/repos/asf/sentry/blob/3d0f4705/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/generic/tools/SolrTSentryPrivilegeConverter.java
----------------------------------------------------------------------
diff --git a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/generic/tools/SolrTSentryPrivilegeConverter.java
b/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/generic/tools/SolrTSentryPrivilegeConverter.java
deleted file mode 100644
index f24ebed..0000000
--- a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/generic/tools/SolrTSentryPrivilegeConverter.java
+++ /dev/null
@@ -1,137 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements.  See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership.  The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License.  You may obtain a copy of the License at
- *
- *     http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-package org.apache.sentry.provider.db.generic.tools;
-
-import com.google.common.collect.Lists;
-
-import org.apache.sentry.core.common.utils.SentryConstants;
-import org.apache.sentry.core.model.search.Collection;
-import org.apache.sentry.core.model.search.SearchModelAuthorizable;
-import org.apache.sentry.core.common.validator.PrivilegeValidator;
-import org.apache.sentry.core.common.validator.PrivilegeValidatorContext;
-import org.apache.sentry.core.model.search.SearchModelAuthorizables;
-import org.apache.sentry.core.model.search.SearchPrivilegeModel;
-import org.apache.sentry.core.common.utils.KeyValue;
-import org.apache.sentry.core.common.utils.PolicyFileConstants;
-import org.apache.sentry.provider.db.generic.service.thrift.TAuthorizable;
-import org.apache.sentry.provider.db.generic.service.thrift.TSentryGrantOption;
-import org.apache.sentry.provider.db.generic.service.thrift.TSentryPrivilege;
-import org.apache.sentry.provider.db.generic.tools.command.TSentryPrivilegeConverter;
-import org.apache.shiro.config.ConfigurationException;
-
-import java.util.Iterator;
-import java.util.LinkedList;
-import java.util.List;
-
-public  class SolrTSentryPrivilegeConverter implements TSentryPrivilegeConverter {
-  private String component;
-  private String service;
-  private boolean validate;
-
-  public SolrTSentryPrivilegeConverter(String component, String service) {
-    this(component, service, true);
-  }
-
-  public SolrTSentryPrivilegeConverter(String component, String service, boolean validate)
{
-    this.component = component;
-    this.service = service;
-    this.validate = validate;
-  }
-
-  public TSentryPrivilege fromString(String privilegeStr) throws Exception {
-    if (validate) {
-      validatePrivilegeHierarchy(privilegeStr);
-    }
-
-    TSentryPrivilege tSentryPrivilege = new TSentryPrivilege();
-    List<TAuthorizable> authorizables = new LinkedList<TAuthorizable>();
-    for (String authorizable : SentryConstants.AUTHORIZABLE_SPLITTER.split(privilegeStr))
{
-      KeyValue keyValue = new KeyValue(authorizable);
-      String key = keyValue.getKey();
-      String value = keyValue.getValue();
-
-      // is it an authorizable?
-      SearchModelAuthorizable authz = SearchModelAuthorizables.from(keyValue);
-      if (authz != null) {
-        if (authz instanceof Collection) {
-          Collection coll = (Collection)authz;
-          authorizables.add(new TAuthorizable(coll.getTypeName(), coll.getName()));
-        } else {
-          throw new IllegalArgumentException("Unknown authorizable type: " + authz.getTypeName());
-        }
-      } else if (PolicyFileConstants.PRIVILEGE_ACTION_NAME.equalsIgnoreCase(key)) {
-        tSentryPrivilege.setAction(value);
-      // Limitation: don't support grant at this time, since the existing solr use cases
don't need it.
-      } else {
-        throw new IllegalArgumentException("Unknown key: " + key);
-      }
-    }
-
-    if (tSentryPrivilege.getAction() == null) {
-      throw new IllegalArgumentException("Privilege is invalid: action required but not specified.");
-    }
-    tSentryPrivilege.setComponent(component);
-    tSentryPrivilege.setServiceName(service);
-    tSentryPrivilege.setAuthorizables(authorizables);
-    return tSentryPrivilege;
-  }
-
-  public String toString(TSentryPrivilege tSentryPrivilege) {
-    List<String> privileges = Lists.newArrayList();
-    if (tSentryPrivilege != null) {
-      List<TAuthorizable> authorizables = tSentryPrivilege.getAuthorizables();
-      String action = tSentryPrivilege.getAction();
-      String grantOption = (tSentryPrivilege.getGrantOption() == TSentryGrantOption.TRUE
? "true"
-              : "false");
-
-      Iterator<TAuthorizable> it = authorizables.iterator();
-      if (it != null) {
-        while (it.hasNext()) {
-          TAuthorizable tAuthorizable = it.next();
-          privileges.add(SentryConstants.KV_JOINER.join(
-              tAuthorizable.getType(), tAuthorizable.getName()));
-        }
-      }
-
-      if (!authorizables.isEmpty()) {
-        privileges.add(SentryConstants.KV_JOINER.join(
-            PolicyFileConstants.PRIVILEGE_ACTION_NAME, action));
-      }
-
-      // only append the grant option to privilege string if it's true
-      if ("true".equals(grantOption)) {
-        privileges.add(SentryConstants.KV_JOINER.join(
-            PolicyFileConstants.PRIVILEGE_GRANT_OPTION_NAME, grantOption));
-      }
-    }
-    return SentryConstants.AUTHORIZABLE_JOINER.join(privileges);
-  }
-
-  private static void validatePrivilegeHierarchy(String privilegeStr) {
-    List<PrivilegeValidator> validators = SearchPrivilegeModel.getInstance().getPrivilegeValidators();
-    PrivilegeValidatorContext context = new PrivilegeValidatorContext(null, privilegeStr);
-    for (PrivilegeValidator validator : validators) {
-      try {
-        validator.validate(context);
-      } catch (ConfigurationException e) {
-        throw new IllegalArgumentException(e);
-      }
-    }
-  }
-}

http://git-wip-us.apache.org/repos/asf/sentry/blob/3d0f4705/sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/provider/db/generic/tools/TestSentryConfigToolSolr.java
----------------------------------------------------------------------
diff --git a/sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/provider/db/generic/tools/TestSentryConfigToolSolr.java
b/sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/provider/db/generic/tools/TestSentryConfigToolSolr.java
index d199d20..4b274fd 100644
--- a/sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/provider/db/generic/tools/TestSentryConfigToolSolr.java
+++ b/sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/provider/db/generic/tools/TestSentryConfigToolSolr.java
@@ -133,7 +133,7 @@ public class TestSentryConfigToolSolr extends SentryGenericServiceIntegrationBas
         }
 
         // check privileges
-        SolrTSentryPrivilegeConverter convert = new SolrTSentryPrivilegeConverter(SOLR, service);
+        GenericPrivilegeConverter convert = new GenericPrivilegeConverter(SOLR, service);
         for (String role : roles) {
           Set<TSentryPrivilege> privileges = client.listPrivilegesByRoleName(
               requestorName, role, SOLR, service);


Mime
View raw message