sentry-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From cohei...@apache.org
Subject [2/2] sentry git commit: Added support to use the CLI tool with kafka, solr, sqoop
Date Thu, 16 Nov 2017 11:11:20 GMT
Added support to use the CLI tool with kafka, solr, sqoop


Project: http://git-wip-us.apache.org/repos/asf/sentry/repo
Commit: http://git-wip-us.apache.org/repos/asf/sentry/commit/3dc878e1
Tree: http://git-wip-us.apache.org/repos/asf/sentry/tree/3dc878e1
Diff: http://git-wip-us.apache.org/repos/asf/sentry/diff/3dc878e1

Branch: refs/heads/akolb-cli
Commit: 3dc878e1ca440ad4bfe9250c43384971bd344c3b
Parents: d384787
Author: Colm O hEigeartaigh <coheigea@apache.org>
Authored: Thu Nov 16 11:10:59 2017 +0000
Committer: Colm O hEigeartaigh <coheigea@apache.org>
Committed: Thu Nov 16 11:10:59 2017 +0000

----------------------------------------------------------------------
 .../org/apache/sentry/shell/GroupShell.java     |  65 ++--
 .../org/apache/sentry/shell/PrivsShell.java     |  80 +++--
 .../org/apache/sentry/shell/RolesShell.java     |  90 +++--
 .../java/org/apache/sentry/shell/SentryCli.java | 291 ++++++++--------
 .../java/org/apache/sentry/shell/ShellUtil.java | 134 --------
 .../org/apache/sentry/shell/TopLevelShell.java  | 335 +++++++++++++------
 6 files changed, 542 insertions(+), 453 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/sentry/blob/3dc878e1/sentry-tools/src/main/java/org/apache/sentry/shell/GroupShell.java
----------------------------------------------------------------------
diff --git a/sentry-tools/src/main/java/org/apache/sentry/shell/GroupShell.java b/sentry-tools/src/main/java/org/apache/sentry/shell/GroupShell.java
index a59da04..b7652a5 100644
--- a/sentry-tools/src/main/java/org/apache/sentry/shell/GroupShell.java
+++ b/sentry-tools/src/main/java/org/apache/sentry/shell/GroupShell.java
@@ -21,40 +21,65 @@ package org.apache.sentry.shell;
 import com.budhash.cliche.Command;
 import com.budhash.cliche.Shell;
 import com.budhash.cliche.ShellDependent;
-import org.apache.sentry.provider.db.service.thrift.SentryPolicyServiceClient;
 
+import org.apache.sentry.core.common.exception.SentryUserException;
+import org.apache.sentry.provider.db.tools.ShellCommand;
+
+import java.util.Arrays;
+import java.util.Collections;
+import java.util.HashSet;
 import java.util.List;
+import java.util.Set;
 
 /**
  * Sentry group manipulation for CLI
  */
 public class GroupShell implements ShellDependent {
 
-    private final ShellUtil tools;
-    Shell shell;
+  private final ShellCommand shellCommand;
+  private final String authUser;
+  Shell shell;
 
-    public GroupShell(SentryPolicyServiceClient sentryClient, String authUser) {
-        this.tools = new ShellUtil(sentryClient, authUser);
-    }
+  public GroupShell(ShellCommand shellCommand, String authUser) {
+    this.shellCommand = shellCommand;
+    this.authUser = authUser;
+  }
 
-    @Command(abbrev = "lr", header = "[groups]",
-            description = "list groups and their roles")
-    public List<String> listRoles() {
-        return tools.listGroupRoles();
+  @Command(abbrev = "lr", header = "[groups]",
+          description = "list groups and their roles")
+  public List<String> listRoles() {
+    try {
+      return shellCommand.listGroupRoles(authUser);
+    } catch (SentryUserException e) {
+      System.out.printf("failed to list the groups and roles: %s\n", e.toString());
+      return Collections.emptyList();
     }
+  }
 
-    @Command(description = "Grant role to groups")
-    public void grant(String roleName, String ...groups) {
-        tools.grantGroupsToRole(roleName, groups);
+  @Command(description = "Grant role to groups")
+  public void grant(String roleName, String ...groups) {
+    try {
+      Set<String> groupsSet = new HashSet<>(Arrays.asList(groups));
+      shellCommand.grantRoleToGroups(authUser, roleName, groupsSet);
+    } catch (SentryUserException e) {
+      System.out.printf("Failed to gran role %s to groups: %s\n",
+              roleName, e.toString());
     }
+  }
 
-    @Command(description = "Revoke role from groups")
-    public void revoke(String roleName, String ...groups) {
-        tools.revokeGroupsFromRole(roleName, groups);
+  @Command(description = "Revoke role from groups")
+  public void revoke(String roleName, String ...groups) {
+    try {
+      Set<String> groupsSet = new HashSet<>(Arrays.asList(groups));
+      shellCommand.revokeRoleFromGroups(authUser, roleName, groupsSet);
+    } catch (SentryUserException e) {
+      System.out.printf("Failed to revoke role %s to groups: %s\n",
+              roleName, e.toString());
     }
+  }
 
-    @Override
-    public void cliSetShell(Shell theShell) {
-        this.shell = theShell;
-    }
+  @Override
+  public void cliSetShell(Shell theShell) {
+    this.shell = theShell;
+  }
 }

http://git-wip-us.apache.org/repos/asf/sentry/blob/3dc878e1/sentry-tools/src/main/java/org/apache/sentry/shell/PrivsShell.java
----------------------------------------------------------------------
diff --git a/sentry-tools/src/main/java/org/apache/sentry/shell/PrivsShell.java b/sentry-tools/src/main/java/org/apache/sentry/shell/PrivsShell.java
index a03c47d..8b8898f 100644
--- a/sentry-tools/src/main/java/org/apache/sentry/shell/PrivsShell.java
+++ b/sentry-tools/src/main/java/org/apache/sentry/shell/PrivsShell.java
@@ -22,47 +22,65 @@ import com.budhash.cliche.Command;
 import com.budhash.cliche.Param;
 import com.budhash.cliche.Shell;
 import com.budhash.cliche.ShellDependent;
-import org.apache.sentry.provider.db.service.thrift.SentryPolicyServiceClient;
 
+import org.apache.sentry.core.common.exception.SentryUserException;
+import org.apache.sentry.provider.db.tools.ShellCommand;
+
+import java.util.Collections;
 import java.util.List;
 
 public class PrivsShell implements ShellDependent {
-    private final ShellUtil tools;
-    Shell shell;
+  private final ShellCommand shellCommand;
+  private final String authUser;
+  Shell shell;
 
-    public PrivsShell(SentryPolicyServiceClient sentryClient, String authUser) {
-        this.tools = new ShellUtil(sentryClient, authUser);
-    }
+  public PrivsShell(ShellCommand shellCommand, String authUser) {
+    this.shellCommand = shellCommand;
+    this.authUser = authUser;
+  }
 
-    @Command(description = "Grant privilege to role")
-    public void grant(
-            @Param(name = "roleName")
-            String roleName,
-            @Param(name = "privilege",
-                    description = "privilege string, e.g. server=s1->db=foo")
-            String privilege) {
-        tools.grantPrivilegeToRole(roleName, privilege);
+  @Command(description = "Grant privilege to role")
+  public void grant(
+      @Param(name = "roleName")
+      String roleName,
+      @Param(name = "privilege",
+             description = "privilege string, e.g. server=s1->db=foo")
+      String privilege) {
+    try {
+      shellCommand.grantPrivilegeToRole(authUser, roleName, privilege);
+    } catch (SentryUserException e) {
+      System.out.println("Error granting privilege: " + e.toString());
     }
+  }
 
-    @Command
-    public List<String> list(
-            @Param(name = "roleName")
-            String roleName) {
-        return tools.listPrivileges(roleName);
+  @Command
+  public List<String> list(
+      @Param(name = "roleName")
+      String roleName) {
+    try {
+      return shellCommand.listPrivileges(authUser, roleName);
+    } catch (SentryUserException e) {
+      System.out.println("Failed to list privileges: " + e.toString());
+      return Collections.emptyList();
     }
+  }
 
-    @Command
-    public void revoke(
-            @Param(name = "roleName")
-            String roleName,
-            @Param(name = "privilege",
-                    description = "privilege string, e.g. server=s1->db=foo")
-            String privilege) {
-        tools.revokePrivilegeFromRole(roleName, privilege);
+  @Command
+  public void revoke(
+      @Param(name = "roleName")
+      String roleName,
+      @Param(name = "privilege",
+             description = "privilege string, e.g. server=s1->db=foo")
+      String privilege) {
+    try {
+      shellCommand.revokePrivilegeFromRole(authUser, roleName, privilege);
+    } catch (SentryUserException e) {
+      System.out.println("failed to revoke privilege: " + e.toString());
     }
+  }
 
-    @Override
-    public void cliSetShell(Shell theShell) {
-        this.shell = theShell;
-    }
+  @Override
+  public void cliSetShell(Shell theShell) {
+    this.shell = theShell;
+  }
 }

http://git-wip-us.apache.org/repos/asf/sentry/blob/3dc878e1/sentry-tools/src/main/java/org/apache/sentry/shell/RolesShell.java
----------------------------------------------------------------------
diff --git a/sentry-tools/src/main/java/org/apache/sentry/shell/RolesShell.java b/sentry-tools/src/main/java/org/apache/sentry/shell/RolesShell.java
index ab4589d..c014a30 100644
--- a/sentry-tools/src/main/java/org/apache/sentry/shell/RolesShell.java
+++ b/sentry-tools/src/main/java/org/apache/sentry/shell/RolesShell.java
@@ -22,50 +22,84 @@ import com.budhash.cliche.Command;
 import com.budhash.cliche.Param;
 import com.budhash.cliche.Shell;
 import com.budhash.cliche.ShellDependent;
-import org.apache.sentry.provider.db.service.thrift.SentryPolicyServiceClient;
 
+import org.apache.sentry.core.common.exception.SentryUserException;
+import org.apache.sentry.provider.db.tools.ShellCommand;
+
+import java.util.Collections;
 import java.util.List;
 
 /**
  * Sentry roles manipulation for CLI.
  */
 public class RolesShell implements ShellDependent {
-    private final ShellUtil tools;
-    Shell shell;
+  private final ShellCommand shellCommand;
+  private final String authUser;
+  Shell shell;
 
-    public RolesShell(SentryPolicyServiceClient sentryClient, String authUser) {
-        this.tools = new ShellUtil(sentryClient, authUser);
-    }
+  public RolesShell(ShellCommand shellCommand, String authUser) {
+    this.shellCommand = shellCommand;
+    this.authUser = authUser;
+  }
 
-    @Command(description = "List sentry roles. shows all available roles.")
-    public List<String> list() {
-        return tools.listRoles();
+  @Command(description = "List sentry roles. shows all available roles.")
+  public List<String> list() {
+    try {
+      List<String> result = shellCommand.listRoles(authUser, null);
+      Collections.sort(result);
+      return result;
+    } catch (SentryUserException e) {
+      System.out.printf("failed to list roles: %s\n", e.toString());
+      return Collections.emptyList();
     }
+  }
 
-    @Command(description = "List sentry roles by group")
-    public List<String> list(
-            @Param(name = "groupName", description = "group name for roles")
-            String group) {
-        return tools.listRoles(group);
+  @Command(description = "List sentry roles by group")
+  public List<String> list(
+      @Param(name = "groupName", description = "group name for roles")
+      String group) {
+    try {
+      List<String> result = shellCommand.listRoles(authUser, group);
+      Collections.sort(result);
+      return result;
+    } catch (SentryUserException e) {
+      System.out.printf("failed to list roles with group %s: %s\n",
+          group, e.toString());
+      return Collections.emptyList();
     }
+  }
 
-    @Command(description = "Create Sentry role(s).")
-    public void create(
-            @Param(name = "roleName", description = "name of role to create")
-            String ...roles) {
-        tools.createRoles(roles);
+  @Command(description = "Create Sentry role(s).")
+  public void create(
+      @Param(name = "roleName", description = "name of role to create")
+      String ...roles) {
+    for (String role : roles) {
+      try {
+        shellCommand.createRole(authUser, role);
+      } catch (SentryUserException e) {
+        System.out.printf("failed to create role %s: %s\n",
+            role, e.toString());
+      }
     }
+  }
 
-    @Command(description = "drop Sentry role(s).")
-    public void drop(
-            @Param(name = "roleName ...", description = "role names to remove")
-            String ...roles) {
-        tools.dropRoles(roles);
+  @Command(description = "drop Sentry role(s).")
+  public void drop(
+      @Param(name = "roleName ...", description = "role names to remove")
+      String ...roles) {
+    for (String role : roles) {
+      try {
+        shellCommand.dropRole(authUser, role);
+      } catch (SentryUserException e) {
+        System.out.printf("failed to drop role %s: %s\n",
+            role, e.toString());
+      }
     }
+  }
 
-    @Override
-    public void cliSetShell(Shell theShell) {
-        this.shell = theShell;
-    }
+  @Override
+  public void cliSetShell(Shell theShell) {
+    this.shell = theShell;
+  }
 
 }

http://git-wip-us.apache.org/repos/asf/sentry/blob/3dc878e1/sentry-tools/src/main/java/org/apache/sentry/shell/SentryCli.java
----------------------------------------------------------------------
diff --git a/sentry-tools/src/main/java/org/apache/sentry/shell/SentryCli.java b/sentry-tools/src/main/java/org/apache/sentry/shell/SentryCli.java
index 823d80c..75b845c 100644
--- a/sentry-tools/src/main/java/org/apache/sentry/shell/SentryCli.java
+++ b/sentry-tools/src/main/java/org/apache/sentry/shell/SentryCli.java
@@ -23,13 +23,14 @@ import org.apache.hadoop.conf.Configuration;
 import org.apache.hadoop.fs.Path;
 import org.apache.hadoop.security.UserGroupInformation;
 import org.apache.log4j.PropertyConfigurator;
+import org.apache.sentry.provider.db.generic.service.thrift.SentryGenericServiceClient;
+import org.apache.sentry.provider.db.generic.service.thrift.SentryGenericServiceClientFactory;
 import org.apache.sentry.provider.db.service.thrift.SentryPolicyServiceClient;
 import org.apache.sentry.service.thrift.SentryServiceClientFactory;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 
 import java.io.FileInputStream;
-import java.io.FileNotFoundException;
 import java.io.IOException;
 import java.util.Map;
 import java.util.Properties;
@@ -42,163 +43,163 @@ import static org.apache.sentry.service.thrift.ServiceConstants.ServerConfig.SEC
  * Sentry interactive tool
  */
 public class SentryCli {
-    private static final Logger log = LoggerFactory.getLogger(SentryCli.class.getName());
-    private static final String LOG4J_CONF = "log4jConf";
-    private final String[] args;
-    private Options options = new Options();
-    private CommandLine cmd;
-
-    private static final String localhost = "localhost";
-    private static final String defaultPort = "8038";
-
-    private static final String configOpt = "config";
-    private static final String userOpt = "user";
-    private static final String hostOpt = "host";
-
-    private static final String configEnv = "SENTRY_CONFIG";
-    private static final String hostEnv = "SENTRY_HOST";
-    private static final String userEnv = "SENTRY_USER";
-
-
-    private SentryPolicyServiceClient sentryClient;
+  private static final Logger log = LoggerFactory.getLogger(SentryCli.class.getName());
+  private static final String LOG4J_CONF = "log4jConf";
+  private final String[] args;
+  private Options options = new Options();
+  private CommandLine cmd;
+
+  private static final String localhost = "localhost";
+  private static final String defaultPort = "8038";
+
+  private static final String configOpt = "config";
+  private static final String userOpt = "user";
+  private static final String hostOpt = "host";
+
+  private static final String configEnv = "SENTRY_CONFIG";
+  private static final String hostEnv = "SENTRY_HOST";
+  private static final String userEnv = "SENTRY_USER";
+
+
+  private SentryPolicyServiceClient sentryClient;
+  private SentryGenericServiceClient sentryGenericClient;
+
+  public SentryPolicyServiceClient getSentryClient() {
+    return sentryClient;
+  }
+
+  public SentryGenericServiceClient getSentryGenericClient() {
+    return sentryGenericClient;
+  }
+
+  public String getRequestorName() {
+    return requestorName;
+  }
+
+  private String requestorName;
+
+  public static void main(String[] args) {
+    SentryCli cli = new SentryCli(args);
+    // Create interactive shell and run it
+    TopLevelShell shell = new TopLevelShell(cli.getSentryClient(),
+        cli.getSentryGenericClient(),
+        cli.getRequestorName());
+    shell.run();
+  }
+
+  /**
+   * Construct SentryCli from arguments
+   * @param args command-line arguments
+   */
+  public SentryCli(String[] args) {
+    this.args = args;
+    options.addOption("h", "help", false, "show help");
+    // file path of sentry-site
+    options.addOption("U", userOpt, true, "auth user");
+    options.addOption("H", hostOpt, true, "host address");
+    options.addOption("c", configOpt, true, "sentry configuration");
+    options.addOption("L", LOG4J_CONF, true, "Location of log4j properties file");
+    CommandLineParser parser = new GnuParser();
+    try {
+      this.cmd = parser.parse(options, args);
+    } catch (ParseException e) {
+      help();
+    }
+    if (cmd.hasOption("h")) {
+      help();
+    }
+    init();
+  }
+
+  /**
+   * Parse command-line arguments.
+   */
+  public void parse() {
+    CommandLineParser parser = new GnuParser();
+    try {
+      cmd = parser.parse(options, args);
+      if (cmd.hasOption("h")) {
+        help();
+      }
+    } catch (ParseException e) {
+      log.warn("error in parsing expression", e);
+      help();
+      System.exit(1);
+    }
+  }
+
+  /**
+   * Initialize CLI
+   */
+  private void init() {
+    Map<String, String> env = System.getenv();
+    String log4jconf = cmd.getOptionValue(LOG4J_CONF);
+    if (log4jconf != null && log4jconf.length() > 0) {
+      Properties log4jProperties = new Properties();
+
+      // Firstly load log properties from properties file
+      try (FileInputStream istream = new FileInputStream(log4jconf)) {
+        log4jProperties.load(istream);
+      } catch (IOException e) {
+        e.printStackTrace();
+      }
+
+      PropertyConfigurator.configure(log4jProperties);
+    }
 
-    public SentryPolicyServiceClient getSentryClient() {
-        return sentryClient;
+    String host = cmd.getOptionValue(hostOpt);
+    if (host == null) {
+      host = env.get(hostEnv);
     }
 
-    public String getRequestorName() {
-        return requestorName;
+    String pathConf = cmd.getOptionValue(configOpt);
+    if (pathConf == null) {
+      pathConf = env.get(configEnv);
+    }
+    if (host == null && pathConf == null) {
+      host = localhost + ":" + defaultPort;
     }
 
-    private String requestorName;
+    Configuration conf = new Configuration();
 
-    public static void main(String[] args) {
-        SentryCli cli = new SentryCli(args);
-        // Create interactive shell and run it
-        TopLevelShell shell = new TopLevelShell(cli.getSentryClient(),
-                cli.getRequestorName());
-        shell.run();
+    if (pathConf != null) {
+      conf.addResource(new Path(pathConf));
+    } else {
+      conf.set(SECURITY_MODE, SECURITY_MODE_NONE);
     }
 
-    /**
-     * Construct SentryCli from arguments
-     * @param args command-line arguments
-     */
-    public SentryCli(String[] args) {
-        this.args = args;
-        options.addOption("h", "help", false, "show help");
-        // file path of sentry-site
-        options.addOption("U", userOpt, true, "auth user");
-        options.addOption("H", hostOpt, true, "host address");
-        options.addOption("c", configOpt, true, "sentry configuration");
-        options.addOption("L", LOG4J_CONF, true, "Location of log4j properties file");
-        CommandLineParser parser = new GnuParser();
-        try {
-            this.cmd = parser.parse(options, args);
-        } catch (ParseException e) {
-            help();
-        }
-        if (cmd.hasOption("h")) {
-            help();
-        }
-        init();
+    if (host != null) {
+      conf.set(SERVER_RPC_ADDRESS, host);
     }
 
-    /**
-     * Parse command-line arguments.
-     */
-    public void parse() {
-        CommandLineParser parser = new GnuParser();
-        try {
-            cmd = parser.parse(options, args);
-            if (cmd.hasOption("h")) {
-                help();
-            }
-        } catch (ParseException e) {
-            log.warn("error in parsing expression", e);
-            help();
-            System.exit(1);
-        }
+    requestorName = cmd.getOptionValue(userOpt);
+    if (requestorName == null) {
+      requestorName = env.get(userEnv);
     }
-
-    /**
-     * Initialize CLI
-     */
-    private void init() {
-        Map<String, String> env = System.getenv();
-        String log4jconf = cmd.getOptionValue(LOG4J_CONF);
-        if (log4jconf != null && log4jconf.length() > 0) {
-            Properties log4jProperties = new Properties();
-
-            // Firstly load log properties from properties file
-            FileInputStream istream = null;
-            try {
-                istream = new FileInputStream(log4jconf);
-            } catch (FileNotFoundException e) {
-                e.printStackTrace();
-            }
-            try {
-                log4jProperties.load(istream);
-                istream.close();
-            } catch (IOException e) {
-                e.printStackTrace();
-            }
-
-            PropertyConfigurator.configure(log4jProperties);
-        }
-
-        String host = cmd.getOptionValue(hostOpt);
-        if (host == null) {
-            host = env.get(hostEnv);
-        }
-
-        String pathConf = cmd.getOptionValue(configOpt);
-        if (pathConf == null) {
-            pathConf = env.get(configEnv);
-        }
-        if (host == null && pathConf == null) {
-            host = localhost + ":" + defaultPort;
-        }
-
-        Configuration conf = new Configuration();
-
-        if (pathConf != null) {
-            conf.addResource(new Path(pathConf));
-        } else {
-            conf.set(SECURITY_MODE, SECURITY_MODE_NONE);
-        }
-
-        if (host != null) {
-            conf.set(SERVER_RPC_ADDRESS, host);
-        }
-
-        requestorName = cmd.getOptionValue(userOpt);
-        if (requestorName == null) {
-            requestorName = env.get(userEnv);
-        }
-        if (requestorName == null) {
-
-            UserGroupInformation ugi = null;
-            try {
-                ugi = UserGroupInformation.getLoginUser();
-            } catch (IOException e) {
-                e.printStackTrace();
-            }
-            requestorName = ugi.getShortUserName();
-        }
-
-        try {
-            sentryClient = SentryServiceClientFactory.create(conf);
-        } catch (Exception e) {
-            System.out.println("Failed to connect to Sentry server: " + e.toString());
-        }
+    if (requestorName == null) {
+
+      UserGroupInformation ugi = null;
+      try {
+        ugi = UserGroupInformation.getLoginUser();
+      } catch (IOException e) {
+        e.printStackTrace();
+      }
+      requestorName = ugi.getShortUserName();
     }
 
-    private void help() {
-        // This prints out some help
-        HelpFormatter formater = new HelpFormatter();
-        formater.printHelp("sentrycli", options);
-        System.exit(0);
+    try {
+      sentryClient = SentryServiceClientFactory.create(conf);
+      sentryGenericClient = SentryGenericServiceClientFactory.create(conf);
+    } catch (Exception e) {
+      System.out.println("Failed to connect to Sentry server: " + e.toString());
     }
+  }
+
+  private void help() {
+    // This prints out some help
+    HelpFormatter formater = new HelpFormatter();
+    formater.printHelp("sentrycli", options);
+    System.exit(0);
+  }
 
 }

http://git-wip-us.apache.org/repos/asf/sentry/blob/3dc878e1/sentry-tools/src/main/java/org/apache/sentry/shell/ShellUtil.java
----------------------------------------------------------------------
diff --git a/sentry-tools/src/main/java/org/apache/sentry/shell/ShellUtil.java b/sentry-tools/src/main/java/org/apache/sentry/shell/ShellUtil.java
deleted file mode 100644
index 307a05e..0000000
--- a/sentry-tools/src/main/java/org/apache/sentry/shell/ShellUtil.java
+++ /dev/null
@@ -1,134 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements.  See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership.  The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License.  You may obtain a copy of the License at
- *
- *     http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-package org.apache.sentry.shell;
-
-import org.apache.sentry.core.common.exception.SentryUserException;
-import org.apache.sentry.provider.db.service.thrift.*;
-import org.apache.sentry.provider.db.tools.ShellCommand;
-import org.apache.sentry.provider.db.tools.command.hive.HiveShellCommand;
-
-import java.util.*;
-
-/**
- * ShellUtil implements actual commands
- */
-class ShellUtil {
-
-    private final ShellCommand command;
-    private final String authUser;
-
-    ShellUtil(SentryPolicyServiceClient sentryClient, String authUser) {
-        this.authUser = authUser;
-        command = new HiveShellCommand(sentryClient);
-    }
-
-    List<String> listRoles() {
-        return listRoles(null);
-    }
-
-    List<String> listRoles(String group) {
-        try {
-            List<String> result = command.listRoles(authUser, group);
-            Collections.sort(result);
-            return result;
-        } catch (SentryUserException e) {
-            System.out.printf("failed to list roles with group %s: %s\n",
-                              group, e.toString());
-            return Collections.emptyList();
-        }
-    }
-
-    void createRoles(String ...roles) {
-        for (String role : roles) {
-            try {
-                command.createRole(authUser, role);
-            } catch (SentryUserException e) {
-                System.out.printf("failed to create role %s: %s\n",
-                        role, e.toString());
-            }
-        }
-    }
-
-    void dropRoles(String ...roles) {
-        for (String role : roles) {
-            try {
-                command.dropRole(authUser, role);
-            } catch (SentryUserException e) {
-                System.out.printf("failed to drop role %s: %s\n",
-                        role, e.toString());
-            }
-        }
-    }
-
-    List<String> listGroupRoles() {
-        try {
-            return command.listGroupRoles(authUser);
-        } catch (SentryUserException e) {
-            System.out.printf("failed to list the groups and roles: %s\n", e.toString());
-            return Collections.emptyList();
-        }
-    }
-
-    void grantGroupsToRole(String roleName, String ...groups) {
-        try {
-            Set<String> groupsSet = new HashSet<>(Arrays.asList(groups));
-            command.grantRoleToGroups(authUser, roleName, groupsSet);
-        } catch (SentryUserException e) {
-            System.out.printf("Failed to gran role %s to groups: %s\n",
-                    roleName, e.toString());
-        }
-    }
-
-    void revokeGroupsFromRole(String roleName, String ...groups) {
-        try {
-            Set<String> groupsSet = new HashSet<>(Arrays.asList(groups));
-            command.revokeRoleFromGroups(authUser, roleName, groupsSet);
-        } catch (SentryUserException e) {
-            System.out.printf("Failed to revoke role %s to groups: %s\n",
-                    roleName, e.toString());
-        }
-    }
-
-    void grantPrivilegeToRole(String roleName, String privilege) {
-        try {
-            command.grantPrivilegeToRole(authUser, roleName, privilege);
-        } catch (SentryUserException e) {
-            System.out.println("Error granting privilege: " + e.toString());
-        }
-    }
-
-    List<String> listPrivileges(String roleName) {
-        try {
-            return command.listPrivileges(authUser, roleName);
-        } catch (SentryUserException e) {
-            System.out.println("Failed to list privileges: " + e.toString());
-            return Collections.emptyList();
-        }
-    }
-
-    void revokePrivilegeFromRole(String roleName, String privilegeStr) {
-        try {
-            command.revokePrivilegeFromRole(authUser, roleName, privilegeStr);
-        } catch (SentryUserException e) {
-            System.out.println("failed to revoke privilege: " + e.toString());
-        }
-    }
-
-
-}

http://git-wip-us.apache.org/repos/asf/sentry/blob/3dc878e1/sentry-tools/src/main/java/org/apache/sentry/shell/TopLevelShell.java
----------------------------------------------------------------------
diff --git a/sentry-tools/src/main/java/org/apache/sentry/shell/TopLevelShell.java b/sentry-tools/src/main/java/org/apache/sentry/shell/TopLevelShell.java
index ba4a204..b8f365f 100644
--- a/sentry-tools/src/main/java/org/apache/sentry/shell/TopLevelShell.java
+++ b/sentry-tools/src/main/java/org/apache/sentry/shell/TopLevelShell.java
@@ -18,139 +18,284 @@
 
 package org.apache.sentry.shell;
 
-import com.budhash.cliche.*;
+import org.apache.sentry.core.common.exception.SentryUserException;
+import org.apache.sentry.provider.common.AuthorizationComponent;
+import org.apache.sentry.provider.db.generic.service.thrift.SentryGenericServiceClient;
+import org.apache.sentry.provider.db.generic.tools.GenericPrivilegeConverter;
+import org.apache.sentry.provider.db.generic.tools.command.GenericShellCommand;
+import org.apache.sentry.provider.db.generic.tools.command.TSentryPrivilegeConverter;
 import org.apache.sentry.provider.db.service.thrift.SentryPolicyServiceClient;
+import org.apache.sentry.provider.db.tools.ShellCommand;
+import org.apache.sentry.provider.db.tools.command.hive.HiveShellCommand;
+
+import com.budhash.cliche.Command;
+import com.budhash.cliche.Param;
+import com.budhash.cliche.Shell;
+import com.budhash.cliche.ShellDependent;
+import com.budhash.cliche.ShellFactory;
 
 import java.io.IOException;
+import java.util.Arrays;
+import java.util.Collections;
+import java.util.HashSet;
 import java.util.List;
+import java.util.Set;
 
 /**
  * Top level commands
  */
 public class TopLevelShell implements ShellDependent, Runnable {
 
-    private final Shell topShell;
-    private final ShellUtil tools;
-    private Shell shell; // top level shell object
-
-    private final String authUser;
-    private final SentryPolicyServiceClient sentryClient;
-
-    TopLevelShell(SentryPolicyServiceClient sentryClient,
-                  String authUser) {
-        this.authUser = authUser;
-        this.sentryClient = sentryClient;
-        this.tools = new ShellUtil(sentryClient, authUser);
-        topShell = ShellFactory.createConsoleShell("sentry",
-                "sentry shell\n" +
-                "Enter ?l to list available commands.",
-                this);
-    }
+  public enum TYPE { kafka, hive, solr, sqoop };
+
+  private final Shell topShell;
+  private ShellCommand shellCommand;
+  private Shell shell; // top level shell object
+
+  private final String authUser;
+  private final SentryPolicyServiceClient sentryClient;
+  private final SentryGenericServiceClient sentryGenericClient;
+
+  TopLevelShell(SentryPolicyServiceClient sentryClient,
+      SentryGenericServiceClient sentryGenericClient,
+      String authUser) {
+    this.authUser = authUser;
+    this.sentryClient = sentryClient;
+    this.sentryGenericClient = sentryGenericClient;
+    shellCommand = new HiveShellCommand(sentryClient);
+    topShell = ShellFactory.createConsoleShell("sentry",
+        "sentry shell\n" +
+        "Enter ?l to list available commands.",
+        this);
+  }
+
+  @Command(description="list, create and remove roles")
+  public void roles() throws IOException {
+    ShellFactory.createSubshell("roles", shell, "roles commands",
+        new RolesShell(shellCommand, authUser)).commandLoop();
+  }
 
-    @Command(description="list, create and remove roles")
-    public void roles() throws IOException {
-        ShellFactory.createSubshell("roles", shell, "roles commands",
-                new RolesShell(sentryClient, authUser)).commandLoop();
+  @Command(description = "list, create and remove groups")
+  public void groups() throws IOException {
+    ShellFactory.createSubshell("groups", shell, "groups commands",
+        new GroupShell(shellCommand, authUser)).commandLoop();
+  }
+
+  @Command(description = "list, create and remove privileges")
+  public void privileges() throws IOException {
+    ShellFactory.createSubshell("privileges", shell, "privileges commands",
+        new PrivsShell(shellCommand, authUser)).commandLoop();
+  }
+
+  @Command(description = "List sentry roles. shows all available roles.")
+  public List<String> listRoles() {
+    try {
+      List<String> result = shellCommand.listRoles(authUser, null);
+      Collections.sort(result);
+      return result;
+    } catch (SentryUserException e) {
+      System.out.printf("failed to list roles: %s\n", e.toString());
+      return Collections.emptyList();
     }
+  }
 
-    @Command(description = "list, create and remove groups")
-    public void groups() throws IOException {
-        ShellFactory.createSubshell("groups", shell, "groups commands",
-                new GroupShell(sentryClient, authUser)).commandLoop();
+  @Command(description = "List sentry roles by group")
+  public List<String> listRoles(
+      @Param(name = "groupName")
+      String group) {
+    try {
+      List<String> result = shellCommand.listRoles(authUser, group);
+      Collections.sort(result);
+      return result;
+    } catch (SentryUserException e) {
+      System.out.printf("failed to list roles with group %s: %s\n",
+          group, e.toString());
+      return Collections.emptyList();
     }
+  }
 
-    @Command(description = "list, create and remove privileges")
-    public void privileges() throws IOException {
-        ShellFactory.createSubshell("privileges", shell, "privileges commands",
-                new PrivsShell(sentryClient, authUser)).commandLoop();
+  @Command(abbrev = "lg", header = "[groups]",
+    description = "list groups and their roles")
+  public List<String> listGroups() {
+    try {
+      return shellCommand.listGroupRoles(authUser);
+    } catch (SentryUserException e) {
+      System.out.printf("failed to list the groups and roles: %s\n", e.toString());
+      return Collections.emptyList();
     }
+  }
 
-    @Command(description = "List sentry roles. shows all available roles.")
-    public List<String> listRoles() {
-        return tools.listRoles();
+  @Command(description = "Grant role to groups")
+  public void grantRole(
+      @Param(name = "roleName")
+      String roleName,
+      @Param(name = "group...") String ...groups) {
+    try {
+      Set<String> groupsSet = new HashSet<>(Arrays.asList(groups));
+      shellCommand.grantRoleToGroups(authUser, roleName, groupsSet);
+    } catch (SentryUserException e) {
+      System.out.printf("Failed to gran role %s to groups: %s\n",
+          roleName, e.toString());
     }
+  }
 
-    @Command(description = "List sentry roles by group")
-    public List<String> listRoles(
-            @Param(name = "groupName")
-            String group) {
-        return tools.listRoles(group);
+  @Command(abbrev = "grm", description = "Revoke role from groups")
+  public void revokeRole(
+      @Param(name = "roleName")
+      String roleName,
+      @Param(name = "group...")
+      String ...groups) {
+    try {
+      Set<String> groupsSet = new HashSet<>(Arrays.asList(groups));
+      shellCommand.revokeRoleFromGroups(authUser, roleName, groupsSet);
+    } catch (SentryUserException e) {
+      System.out.printf("Failed to revoke role %s to groups: %s\n",
+          roleName, e.toString());
     }
+  }
 
-    @Command(abbrev = "lg", header = "[groups]",
-             description = "list groups and their roles")
-    public List<String> listGroups() {
-        return tools.listGroupRoles();
+  @Command(description = "Create Sentry role(s).")
+  public void createRole(
+      @Param(name = "roleName", description = "name of role to create")
+      String ...roles) {
+    for (String role : roles) {
+      try {
+        shellCommand.createRole(authUser, role);
+      } catch (SentryUserException e) {
+        System.out.printf("failed to create role %s: %s\n",
+            role, e.toString());
+      }
     }
+  }
 
-    @Command(description = "Grant role to groups")
-    public void grantRole(
-            @Param(name = "roleName")
-            String roleName,
-            @Param(name = "group...") String ...groups) {
-        tools.grantGroupsToRole(roleName, groups);
+  @Command(abbrev = "dr", description = "drop Sentry role(s).")
+  public void dropRole(
+      @Param(name = "roleName ...", description = "role names to drop")
+      String ...roles) {
+    for (String role : roles) {
+      try {
+        shellCommand.dropRole(authUser, role);
+      } catch (SentryUserException e) {
+        System.out.printf("failed to drop role %s: %s\n",
+            role, e.toString());
+      }
     }
+  }
 
-    @Command(abbrev = "grm",
-            description = "Revoke role from groups")
-    public void revokeRole(
-            @Param(name = "roleName")
-            String roleName,
-            @Param(name = "group...")
-            String ...groups) {
-        tools.revokeGroupsFromRole(roleName, groups);
+  @Command(description = "list Sentry privileges")
+  public List<String> listPrivileges(
+      @Param(name = "roleName")
+      String roleName) {
+    try {
+      return shellCommand.listPrivileges(authUser, roleName);
+    } catch (SentryUserException e) {
+      System.out.println("Failed to list privileges: " + e.toString());
+      return Collections.emptyList();
     }
+  }
 
-    @Command(description = "Create Sentry role(s).")
-    public void createRole(
-            @Param(name = "roleName", description = "name of role to create")
-                    String ...roles) {
-        tools.createRoles(roles);
+  @Command(description = "Grant privilege to role")
+  public void grantPrivilege(
+      @Param(name = "roleName")
+      String roleName,
+      @Param(name = "privilege", description = "privilege string, e.g. server=s1->db=foo")
+      String privilege) {
+    try {
+      shellCommand.grantPrivilegeToRole(authUser, roleName, privilege);
+    } catch (SentryUserException e) {
+      System.out.println("Error granting privilege: " + e.toString());
     }
+  }
 
-    @Command(abbrev = "dr", description = "drop Sentry role(s).")
-    public void dropRole(
-            @Param(name = "roleName ...", description = "role names to drop")
-                    String ...roles) {
-        tools.dropRoles(roles);
+  @Command
+  public void revokePrivilege(
+      @Param(name = "roleName")
+      String roleName,
+      @Param(name = "privilege", description = "privilege string, e.g. server=s1->db=foo")
+      String privilege) {
+    try {
+      shellCommand.revokePrivilegeFromRole(authUser, roleName, privilege);
+    } catch (SentryUserException e) {
+      System.out.println("failed to revoke privilege: " + e.toString());
     }
+  }
 
-    @Command(description = "list Sentry privileges")
-    public List<String> listPrivileges(
-            @Param(name = "roleName")
-            String roleName) {
-        return tools.listPrivileges(roleName);
+  @Command(description = "Set the type: hive, kafka, sqoop, solr, etc.")
+  public void type(
+      @Param(name = "type", description = "the type to set: hive, kafka, sqoop, solr, etc.")
+      String type) {
+    // Check it's a valid type first
+    try {
+      TYPE parsedType = TYPE.valueOf(type);
+      if (parsedType == TYPE.hive) {
+        shellCommand = new HiveShellCommand(sentryClient);
+      } else {
+        String component = getComponent(parsedType);
+        String service = getService(parsedType);
+        TSentryPrivilegeConverter converter = new GenericPrivilegeConverter(component, service);
+        shellCommand = new GenericShellCommand(sentryGenericClient, component, service, converter);
+      }
+    } catch (IllegalArgumentException ex) {
+      System.out.printf("The %s type value is not an accepted type value\n", type);
     }
+  }
 
-    @Command(description = "Grant privilege to role")
-    public void grantPrivilege(
-            @Param(name = "roleName")
-            String roleName,
-            @Param(name = "privilege", description = "privilege string, e.g. server=s1->db=foo")
-            String privilege) {
-        tools.grantPrivilegeToRole(roleName, privilege);
+  @Command(description = "Set the type: hive, kafka, sqoop, solr, etc.")
+  public void type(
+      @Param(name = "type", description = "the type to set: hive, kafka, sqoop, solr, etc.")
+      String type,
+      @Param(name = "service", description = "the service name")
+      String service) {
+    try {
+      // Check it's a valid type first
+      TYPE parsedType = TYPE.valueOf(type);
+      if (parsedType == TYPE.hive) {
+        shellCommand = new HiveShellCommand(sentryClient);
+      } else {
+        String component = getComponent(parsedType);
+        TSentryPrivilegeConverter converter = new GenericPrivilegeConverter(component, service);
+        shellCommand = new GenericShellCommand(sentryGenericClient, component, service, converter);
+      }
+    } catch (IllegalArgumentException ex) {
+      System.out.printf("The %s type value is not an accepted type value\n", type);
     }
+  }
+
+  @Override
+  public void cliSetShell(Shell theShell) {
+    this.shell = theShell;
+  }
 
-    @Command
-    public void revokePrivilege(
-            @Param(name = "roleName")
-            String roleName,
-            @Param(name = "privilege", description = "privilege string, e.g. server=s1->db=foo")
-            String privilege) {
-        tools.revokePrivilegeFromRole(roleName, privilege);
+  @Override
+  public void run() {
+    try {
+      this.topShell.commandLoop();
+    } catch (IOException e) {
+      System.out.println("error: " + e.toString());
     }
+  }
 
-    @Override
-    public void cliSetShell(Shell theShell) {
-        this.shell = theShell;
+  private String getComponent(TYPE type) {
+    if (type == TYPE.kafka) {
+      return AuthorizationComponent.KAFKA;
+    } else if (type == TYPE.solr) {
+      return "SOLR";
+    } else if (type == TYPE.sqoop) {
+      return AuthorizationComponent.SQOOP;
     }
 
-    @Override
-    public void run() {
-        try {
-            this.topShell.commandLoop();
-        } catch (IOException e) {
-            System.out.println("error: " + e.toString());
-        }
+    throw new IllegalArgumentException("Invalid type specified for SentryShellGeneric: "
+ type);
+  }
+
+  private String getService(TYPE type) {
+    if (type == TYPE.kafka) {
+      return AuthorizationComponent.KAFKA;
+    } else if (type == TYPE.solr) {
+      return "service1";
+    } else if (type == TYPE.sqoop) {
+      return "sqoopServer1";
     }
+
+    throw new IllegalArgumentException("Invalid type specified for SentryShellGeneric: "
+ type);
+  }
 }


Mime
View raw message