sentry-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From sp...@apache.org
Subject sentry git commit: SENTRY-2355: Merge the DB owner privileges configurations into one enum configuration (Sergio Pena, reviewed by Na Li)
Date Mon, 20 Aug 2018 20:29:51 GMT
Repository: sentry
Updated Branches:
  refs/heads/master f099f0abd -> 2c5723e15


SENTRY-2355: Merge the DB owner privileges configurations into one enum configuration (Sergio
Pena, reviewed by Na Li)


Project: http://git-wip-us.apache.org/repos/asf/sentry/repo
Commit: http://git-wip-us.apache.org/repos/asf/sentry/commit/2c5723e1
Tree: http://git-wip-us.apache.org/repos/asf/sentry/tree/2c5723e1
Diff: http://git-wip-us.apache.org/repos/asf/sentry/diff/2c5723e1

Branch: refs/heads/master
Commit: 2c5723e15cdee96ea3a60a1757e27828c84abe8b
Parents: f099f0a
Author: Sergio Pena <sergio.pena@cloudera.com>
Authored: Mon Aug 20 15:18:00 2018 -0500
Committer: Sergio Pena <sergio.pena@cloudera.com>
Committed: Mon Aug 20 15:29:37 2018 -0500

----------------------------------------------------------------------
 .../common/SentryOwnerPrivilegeType.java        | 52 ++++++++++++++++++++
 .../sentry/service/common/ServiceConstants.java | 14 +-----
 .../thrift/SentryPolicyStoreProcessor.java      | 11 ++---
 .../db/service/persistent/SentryStore.java      |  5 +-
 .../thrift/TestSentryPolicyStoreProcessor.java  | 14 +++---
 .../tests/e2e/hdfs/TestHDFSIntegrationBase.java | 14 ++++--
 6 files changed, 80 insertions(+), 30 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/sentry/blob/2c5723e1/sentry-core/sentry-core-common/src/main/java/org/apache/sentry/service/common/SentryOwnerPrivilegeType.java
----------------------------------------------------------------------
diff --git a/sentry-core/sentry-core-common/src/main/java/org/apache/sentry/service/common/SentryOwnerPrivilegeType.java
b/sentry-core/sentry-core-common/src/main/java/org/apache/sentry/service/common/SentryOwnerPrivilegeType.java
new file mode 100644
index 0000000..69309b9
--- /dev/null
+++ b/sentry-core/sentry-core-common/src/main/java/org/apache/sentry/service/common/SentryOwnerPrivilegeType.java
@@ -0,0 +1,52 @@
+/**
+ * Autogenerated by Thrift Compiler (0.9.3)
+ *
+ * DO NOT EDIT UNLESS YOU ARE SURE THAT YOU KNOW WHAT YOU ARE DOING
+ *  @generated
+ */
+package org.apache.sentry.service.common;
+
+import static org.apache.sentry.service.common.ServiceConstants.ServerConfig.SENTRY_DB_POLICY_STORE_OWNER_AS_PRIVILEGE;
+import static org.apache.sentry.service.common.ServiceConstants.ServerConfig.SENTRY_DB_POLICY_STORE_OWNER_AS_PRIVILEGE_DEFAULT;
+
+import org.apache.hadoop.conf.Configuration;
+
+/**
+ * Controls the owner privileges feature for DB policies.
+ */
+public enum SentryOwnerPrivilegeType {
+  NONE,             // New DB objects do not get owner privileges
+  ALL,              // New DB objects will get owner privileges as 'all'
+  ALL_WITH_GRANT;    // New DB objects will get owner privileges as 'all with grant'
+
+  /**
+   * Checks if the Configuration object has the owner privilege type configuration set.
+   *
+   * @param conf The Configuration object where to check if the config is set.
+   * @return True if it is set; False otherwise.
+   */
+  public boolean isConfSet(Configuration conf) {
+    return (this == get(conf));
+  }
+
+  /**
+   * Returns the owner privilege type from the Configuration object.
+   *
+   * @param conf The Configuration object where to search for the owner privilege type.
+   * @return The SentryOwnerPrivilegeType object.
+   */
+  public static SentryOwnerPrivilegeType get(Configuration conf) {
+    return SentryOwnerPrivilegeType.valueOf(getConfigValue(conf).toUpperCase());
+  }
+
+  /**
+   * Returns the owner privilege string type from the Configuration object.
+   *
+   * @param conf The Configuration object where to search for the owner privilege type.
+   * @return The string value of the owner privilege type.
+   */
+  private static String getConfigValue(Configuration conf) {
+    return conf.get(SENTRY_DB_POLICY_STORE_OWNER_AS_PRIVILEGE,
+      SENTRY_DB_POLICY_STORE_OWNER_AS_PRIVILEGE_DEFAULT.toString());
+  }
+}

http://git-wip-us.apache.org/repos/asf/sentry/blob/2c5723e1/sentry-core/sentry-core-common/src/main/java/org/apache/sentry/service/common/ServiceConstants.java
----------------------------------------------------------------------
diff --git a/sentry-core/sentry-core-common/src/main/java/org/apache/sentry/service/common/ServiceConstants.java
b/sentry-core/sentry-core-common/src/main/java/org/apache/sentry/service/common/ServiceConstants.java
index 9a2091a..adc1947 100644
--- a/sentry-core/sentry-core-common/src/main/java/org/apache/sentry/service/common/ServiceConstants.java
+++ b/sentry-core/sentry-core-common/src/main/java/org/apache/sentry/service/common/ServiceConstants.java
@@ -248,18 +248,8 @@ public class ServiceConstants {
     public static final String SENTRY_HMS_NOTIFICATION_ID_KEEP_COUNT = "sentry.server.delta.keep.count";
     public static final int SENTRY_HMS_NOTIFICATION_ID_KEEP_COUNT_DEFAULT = 100;
 
-    /**
-     * Controls the owner privileges feature.
-     */
-    public static final String SENTRY_ENABLE_OWNER_PRIVILEGES = "sentry.enable.owner.privileges";
-    public static final Boolean SENTRY_ENABLE_OWNER_PRIVILEGES_DEFAULT = false;
-
-    /**
-     * This value is used to decide if a owner privilege created by sentry server
-     * should have grant option.
-     */
-    public static final String SENTRY_OWNER_PRIVILEGE_WITH_GRANT = "sentry.grant.owner.privileges.with.grant";
-    public static final Boolean SENTRY_OWNER_PRIVILEGE_WITH_GRANT_DEFAULT = false;
+    public static final String SENTRY_DB_POLICY_STORE_OWNER_AS_PRIVILEGE = "sentry.db.policy.store.owner.as.privilege";
+    public static final SentryOwnerPrivilegeType SENTRY_DB_POLICY_STORE_OWNER_AS_PRIVILEGE_DEFAULT
= SentryOwnerPrivilegeType.NONE;
   }
 
   public static final String SENTRY_ZK_JAAS_NAME = "Sentry";

http://git-wip-us.apache.org/repos/asf/sentry/blob/2c5723e1/sentry-service/sentry-service-server/src/main/java/org/apache/sentry/api/service/thrift/SentryPolicyStoreProcessor.java
----------------------------------------------------------------------
diff --git a/sentry-service/sentry-service-server/src/main/java/org/apache/sentry/api/service/thrift/SentryPolicyStoreProcessor.java
b/sentry-service/sentry-service-server/src/main/java/org/apache/sentry/api/service/thrift/SentryPolicyStoreProcessor.java
index 0ac19a7..36b635a 100644
--- a/sentry-service/sentry-service-server/src/main/java/org/apache/sentry/api/service/thrift/SentryPolicyStoreProcessor.java
+++ b/sentry-service/sentry-service-server/src/main/java/org/apache/sentry/api/service/thrift/SentryPolicyStoreProcessor.java
@@ -58,6 +58,7 @@ import org.apache.sentry.core.common.utils.PolicyStoreConstants.PolicyStoreServe
 import org.apache.sentry.api.service.thrift.validator.GrantPrivilegeRequestValidator;
 import org.apache.sentry.api.service.thrift.validator.RevokePrivilegeRequestValidator;
 import org.apache.sentry.api.common.SentryServiceUtil;
+import org.apache.sentry.service.common.SentryOwnerPrivilegeType;
 import org.apache.sentry.service.common.ServiceConstants.ConfUtilties;
 import org.apache.sentry.service.common.ServiceConstants.SentryPrincipalType;
 import org.apache.sentry.service.common.ServiceConstants.ServerConfig;
@@ -1586,17 +1587,15 @@ public class SentryPolicyStoreProcessor implements SentryPolicyService.Iface
{
    * @return null if owner privilege can not be constructed, else instance of {@Link TSentryPrivilege}
    */
   TSentryPrivilege constructOwnerPrivilege(TSentryAuthorizable authorizable) {
-    Boolean isOwnerPrivEnabled = conf.getBoolean(ServerConfig.SENTRY_ENABLE_OWNER_PRIVILEGES,
-      ServerConfig.SENTRY_ENABLE_OWNER_PRIVILEGES_DEFAULT);
-    if(!isOwnerPrivEnabled) {
+    SentryOwnerPrivilegeType ownerPrivilegeType = SentryOwnerPrivilegeType.get(conf);
+    if(ownerPrivilegeType == SentryOwnerPrivilegeType.NONE) {
       return null;
     }
+
     if(Strings.isNullOrEmpty(authorizable.getDb())) {
       LOGGER.error("Received authorizable with out DB Name");
       return null;
     }
-    Boolean privilegeWithGrantOption = conf.getBoolean(ServerConfig.SENTRY_OWNER_PRIVILEGE_WITH_GRANT,
-            ServerConfig.SENTRY_OWNER_PRIVILEGE_WITH_GRANT_DEFAULT);
 
     TSentryPrivilege ownerPrivilege = new TSentryPrivilege();
     ownerPrivilege.setServerName(authorizable.getServer());
@@ -1607,7 +1606,7 @@ public class SentryPolicyStoreProcessor implements SentryPolicyService.Iface
{
     } else {
       ownerPrivilege.setPrivilegeScope("DATABASE");
     }
-    if(privilegeWithGrantOption) {
+    if(ownerPrivilegeType == SentryOwnerPrivilegeType.ALL_WITH_GRANT) {
       ownerPrivilege.setGrantOption(TSentryGrantOption.TRUE);
     }
     ownerPrivilege.setAction(AccessConstants.OWNER);

http://git-wip-us.apache.org/repos/asf/sentry/blob/2c5723e1/sentry-service/sentry-service-server/src/main/java/org/apache/sentry/provider/db/service/persistent/SentryStore.java
----------------------------------------------------------------------
diff --git a/sentry-service/sentry-service-server/src/main/java/org/apache/sentry/provider/db/service/persistent/SentryStore.java
b/sentry-service/sentry-service-server/src/main/java/org/apache/sentry/provider/db/service/persistent/SentryStore.java
index 6455597..0ef6a20 100644
--- a/sentry-service/sentry-service-server/src/main/java/org/apache/sentry/provider/db/service/persistent/SentryStore.java
+++ b/sentry-service/sentry-service-server/src/main/java/org/apache/sentry/provider/db/service/persistent/SentryStore.java
@@ -92,6 +92,7 @@ import org.apache.sentry.api.service.thrift.TSentryMappingData;
 import org.apache.sentry.api.service.thrift.TSentryPrivilege;
 import org.apache.sentry.api.service.thrift.TSentryPrivilegeMap;
 import org.apache.sentry.api.service.thrift.TSentryRole;
+import org.apache.sentry.service.common.SentryOwnerPrivilegeType;
 import org.apache.sentry.service.common.ServiceConstants.SentryPrincipalType;
 import org.apache.sentry.service.common.ServiceConstants.ServerConfig;
 import org.datanucleus.store.rdbms.exceptions.MissingTableException;
@@ -273,8 +274,8 @@ public class SentryStore implements SentryStoreInterface {
     long notificationTimeout = conf.getInt(ServerConfig.SENTRY_NOTIFICATION_SYNC_TIMEOUT_MS,
             ServerConfig.SENTRY_NOTIFICATION_SYNC_TIMEOUT_DEFAULT);
     counterWait = new CounterWait(notificationTimeout, TimeUnit.MILLISECONDS);
-    ownerPrivilegeWithGrant = conf.getBoolean(ServerConfig.SENTRY_OWNER_PRIVILEGE_WITH_GRANT,
-            ServerConfig.SENTRY_OWNER_PRIVILEGE_WITH_GRANT_DEFAULT);
+
+    ownerPrivilegeWithGrant = SentryOwnerPrivilegeType.ALL_WITH_GRANT.isConfSet(conf);
   }
 
   public void setPersistUpdateDeltas(boolean persistUpdateDeltas) {

http://git-wip-us.apache.org/repos/asf/sentry/blob/2c5723e1/sentry-service/sentry-service-server/src/test/java/org/apache/sentry/api/service/thrift/TestSentryPolicyStoreProcessor.java
----------------------------------------------------------------------
diff --git a/sentry-service/sentry-service-server/src/test/java/org/apache/sentry/api/service/thrift/TestSentryPolicyStoreProcessor.java
b/sentry-service/sentry-service-server/src/test/java/org/apache/sentry/api/service/thrift/TestSentryPolicyStoreProcessor.java
index 94dbd70..2de6253 100644
--- a/sentry-service/sentry-service-server/src/test/java/org/apache/sentry/api/service/thrift/TestSentryPolicyStoreProcessor.java
+++ b/sentry-service/sentry-service-server/src/test/java/org/apache/sentry/api/service/thrift/TestSentryPolicyStoreProcessor.java
@@ -17,6 +17,7 @@
  */
 package org.apache.sentry.api.service.thrift;
 
+import static org.apache.sentry.service.common.ServiceConstants.ServerConfig.SENTRY_DB_POLICY_STORE_OWNER_AS_PRIVILEGE;
 import static org.junit.Assert.assertNull;
 import static org.junit.Assert.assertTrue;
 
@@ -34,7 +35,7 @@ import org.apache.sentry.core.common.exception.SentryInvalidInputException;
 import org.apache.sentry.core.model.db.AccessConstants;
 import org.apache.sentry.provider.common.GroupMappingService;
 import org.apache.sentry.provider.db.service.persistent.CounterWait;
-import org.apache.sentry.service.common.ServiceConstants;
+import org.apache.sentry.service.common.SentryOwnerPrivilegeType;
 import org.apache.sentry.core.common.exception.SentrySiteConfigurationException;
 import org.apache.sentry.provider.db.service.persistent.SentryStore;
 import org.apache.sentry.service.common.ServiceConstants.SentryPrincipalType;
@@ -81,7 +82,7 @@ public class TestSentryPolicyStoreProcessor {
   public void setup() throws Exception{
     conf = new Configuration(true);
     //Check behaviour when DB name is not set
-    conf.setBoolean(ServiceConstants.ServerConfig.SENTRY_ENABLE_OWNER_PRIVILEGES, true);
+    conf.set(SENTRY_DB_POLICY_STORE_OWNER_AS_PRIVILEGE, SentryOwnerPrivilegeType.ALL.toString());
     conf.set(ServerConfig.ADMIN_GROUPS, ADMIN_GROUP);
     conf.set(ServerConfig.SENTRY_STORE_GROUP_MAPPING,
             MockGroupMapping.class.getName());
@@ -195,7 +196,7 @@ public class TestSentryPolicyStoreProcessor {
 
   @Test
   public void testConstructOwnerPrivilege() throws Exception {
-    conf.setBoolean(ServiceConstants.ServerConfig.SENTRY_ENABLE_OWNER_PRIVILEGES, false);
+    conf.set(SENTRY_DB_POLICY_STORE_OWNER_AS_PRIVILEGE, SentryOwnerPrivilegeType.NONE.toString());
     SentryPolicyStoreProcessor sentryServiceHandler =
             new SentryPolicyStoreProcessor(ApiConstants.SentryPolicyServiceConstants.SENTRY_POLICY_SERVICE_NAME,
                     conf, sentryStore);
@@ -209,7 +210,7 @@ public class TestSentryPolicyStoreProcessor {
 
 
     //Check behaviour when DB name is not set
-    conf.setBoolean(ServiceConstants.ServerConfig.SENTRY_ENABLE_OWNER_PRIVILEGES, true);
+    conf.set(SENTRY_DB_POLICY_STORE_OWNER_AS_PRIVILEGE, SentryOwnerPrivilegeType.ALL.toString());
     sentryServiceHandler =
             new SentryPolicyStoreProcessor(ApiConstants.SentryPolicyServiceConstants.SENTRY_POLICY_SERVICE_NAME,
                     conf, sentryStore);
@@ -237,8 +238,7 @@ public class TestSentryPolicyStoreProcessor {
     Assert.assertEquals(privilege, sentryServiceHandler.constructOwnerPrivilege(authorizable));
 
     //Check the behavior when grant option is configured.
-    conf.setBoolean(ServiceConstants.ServerConfig.SENTRY_OWNER_PRIVILEGE_WITH_GRANT,
-            true);
+    conf.set(SENTRY_DB_POLICY_STORE_OWNER_AS_PRIVILEGE, SentryOwnerPrivilegeType.ALL_WITH_GRANT.toString());
     sentryServiceHandler =
             new SentryPolicyStoreProcessor(ApiConstants.SentryPolicyServiceConstants.SENTRY_POLICY_SERVICE_NAME,
                     conf, sentryStore);
@@ -421,7 +421,7 @@ public class TestSentryPolicyStoreProcessor {
   @Test
   public void testAlterTableEventProcessing() throws Exception {
 
-    conf.setBoolean(ServiceConstants.ServerConfig.SENTRY_ENABLE_OWNER_PRIVILEGES, true);
+    conf.set(SENTRY_DB_POLICY_STORE_OWNER_AS_PRIVILEGE, SentryOwnerPrivilegeType.ALL.toString());
 
     SentryPolicyStoreProcessor sentryServiceHandler =
             new SentryPolicyStoreProcessor(ApiConstants.SentryPolicyServiceConstants.SENTRY_POLICY_SERVICE_NAME,

http://git-wip-us.apache.org/repos/asf/sentry/blob/2c5723e1/sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/hdfs/TestHDFSIntegrationBase.java
----------------------------------------------------------------------
diff --git a/sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/hdfs/TestHDFSIntegrationBase.java
b/sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/hdfs/TestHDFSIntegrationBase.java
index becdc52..f0cf960 100644
--- a/sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/hdfs/TestHDFSIntegrationBase.java
+++ b/sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/hdfs/TestHDFSIntegrationBase.java
@@ -73,6 +73,7 @@ import org.apache.sentry.hdfs.SentryINodeAttributesProvider;
 import org.apache.sentry.core.common.exception.SentryAlreadyExistsException;
 import org.apache.sentry.provider.file.LocalGroupResourceAuthorizationProvider;
 import org.apache.sentry.provider.file.PolicyFile;
+import org.apache.sentry.service.common.SentryOwnerPrivilegeType;
 import org.apache.sentry.service.thrift.SentryServiceClientFactory;
 import org.apache.sentry.tests.e2e.hive.StaticUserGroup;
 import org.apache.sentry.tests.e2e.hive.fs.MiniDFS;
@@ -97,6 +98,7 @@ import com.google.common.io.Files;
 import com.google.common.io.Resources;
 
 import static org.apache.sentry.hdfs.ServiceConstants.ServerConfig.SENTRY_HDFS_INTEGRATION_PATH_PREFIXES;
+import static org.apache.sentry.service.common.ServiceConstants.ServerConfig.SENTRY_DB_POLICY_STORE_OWNER_AS_PRIVILEGE;
 import static org.junit.Assert.assertFalse;
 
 /**
@@ -882,12 +884,18 @@ public abstract class TestHDFSIntegrationBase {
                     "org.apache.sentry.api.service.thrift.SentryPolicyStoreProcessorFactory,org.apache.sentry.hdfs.SentryHDFSServiceProcessorFactory");
             sentryProperties.put("sentry.policy.store.plugins", "org.apache.sentry.hdfs.SentryPlugin");
           }
-          if(ownerPrivilegeEnabled) {
-            sentryProperties.put("sentry.enable.owner.privileges", "true");
 
+          if (ownerPrivilegeEnabled) {
             if(ownerPrivilegeGrantEnabled) {
-              sentryProperties.put("sentry.grant.owner.privileges.with.grant", "true");
+              sentryProperties.put(SENTRY_DB_POLICY_STORE_OWNER_AS_PRIVILEGE,
+                SentryOwnerPrivilegeType.ALL_WITH_GRANT.toString());
+            } else {
+              sentryProperties.put(SENTRY_DB_POLICY_STORE_OWNER_AS_PRIVILEGE,
+                SentryOwnerPrivilegeType.ALL.toString());
             }
+          } else {
+            sentryProperties.put(SENTRY_DB_POLICY_STORE_OWNER_AS_PRIVILEGE,
+              SentryOwnerPrivilegeType.NONE.toString());
           }
 
           for (Map.Entry<String, String> entry : sentryProperties.entrySet()) {


Mime
View raw message