Repository: incubator-sentry
Updated Branches:
refs/heads/master d1d2fd3dc -> fa5f81c77
http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/fa5f81c7/sentry-provider/sentry-provider-db/src/gen/thrift/gen-javabean/org/apache/sentry/provider/db/service/thrift/TListSentryPrivilegesByAuthResponse.java
----------------------------------------------------------------------
diff --git a/sentry-provider/sentry-provider-db/src/gen/thrift/gen-javabean/org/apache/sentry/provider/db/service/thrift/TListSentryPrivilegesByAuthResponse.java b/sentry-provider/sentry-provider-db/src/gen/thrift/gen-javabean/org/apache/sentry/provider/db/service/thrift/TListSentryPrivilegesByAuthResponse.java
new file mode 100644
index 0000000..6fe5a7e
--- /dev/null
+++ b/sentry-provider/sentry-provider-db/src/gen/thrift/gen-javabean/org/apache/sentry/provider/db/service/thrift/TListSentryPrivilegesByAuthResponse.java
@@ -0,0 +1,558 @@
+/**
+ * Autogenerated by Thrift Compiler (0.9.0)
+ *
+ * DO NOT EDIT UNLESS YOU ARE SURE THAT YOU KNOW WHAT YOU ARE DOING
+ * @generated
+ */
+package org.apache.sentry.provider.db.service.thrift;
+
+import org.apache.commons.lang.builder.HashCodeBuilder;
+import org.apache.thrift.scheme.IScheme;
+import org.apache.thrift.scheme.SchemeFactory;
+import org.apache.thrift.scheme.StandardScheme;
+
+import org.apache.thrift.scheme.TupleScheme;
+import org.apache.thrift.protocol.TTupleProtocol;
+import org.apache.thrift.protocol.TProtocolException;
+import org.apache.thrift.EncodingUtils;
+import org.apache.thrift.TException;
+import java.util.List;
+import java.util.ArrayList;
+import java.util.Map;
+import java.util.HashMap;
+import java.util.EnumMap;
+import java.util.Set;
+import java.util.HashSet;
+import java.util.EnumSet;
+import java.util.Collections;
+import java.util.BitSet;
+import java.nio.ByteBuffer;
+import java.util.Arrays;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+public class TListSentryPrivilegesByAuthResponse implements org.apache.thrift.TBase<TListSentryPrivilegesByAuthResponse, TListSentryPrivilegesByAuthResponse._Fields>, java.io.Serializable, Cloneable {
+ private static final org.apache.thrift.protocol.TStruct STRUCT_DESC = new org.apache.thrift.protocol.TStruct("TListSentryPrivilegesByAuthResponse");
+
+ private static final org.apache.thrift.protocol.TField STATUS_FIELD_DESC = new org.apache.thrift.protocol.TField("status", org.apache.thrift.protocol.TType.STRUCT, (short)1);
+ private static final org.apache.thrift.protocol.TField PRIVILEGES_MAP_BY_AUTH_FIELD_DESC = new org.apache.thrift.protocol.TField("privilegesMapByAuth", org.apache.thrift.protocol.TType.MAP, (short)2);
+
+ private static final Map<Class<? extends IScheme>, SchemeFactory> schemes = new HashMap<Class<? extends IScheme>, SchemeFactory>();
+ static {
+ schemes.put(StandardScheme.class, new TListSentryPrivilegesByAuthResponseStandardSchemeFactory());
+ schemes.put(TupleScheme.class, new TListSentryPrivilegesByAuthResponseTupleSchemeFactory());
+ }
+
+ private org.apache.sentry.service.thrift.TSentryResponseStatus status; // required
+ private Map<TSentryAuthorizable,TSentryPrivilegeMap> privilegesMapByAuth; // required
+
+ /** The set of fields this struct contains, along with convenience methods for finding and manipulating them. */
+ public enum _Fields implements org.apache.thrift.TFieldIdEnum {
+ STATUS((short)1, "status"),
+ PRIVILEGES_MAP_BY_AUTH((short)2, "privilegesMapByAuth");
+
+ private static final Map<String, _Fields> byName = new HashMap<String, _Fields>();
+
+ static {
+ for (_Fields field : EnumSet.allOf(_Fields.class)) {
+ byName.put(field.getFieldName(), field);
+ }
+ }
+
+ /**
+ * Find the _Fields constant that matches fieldId, or null if its not found.
+ */
+ public static _Fields findByThriftId(int fieldId) {
+ switch(fieldId) {
+ case 1: // STATUS
+ return STATUS;
+ case 2: // PRIVILEGES_MAP_BY_AUTH
+ return PRIVILEGES_MAP_BY_AUTH;
+ default:
+ return null;
+ }
+ }
+
+ /**
+ * Find the _Fields constant that matches fieldId, throwing an exception
+ * if it is not found.
+ */
+ public static _Fields findByThriftIdOrThrow(int fieldId) {
+ _Fields fields = findByThriftId(fieldId);
+ if (fields == null) throw new IllegalArgumentException("Field " + fieldId + " doesn't exist!");
+ return fields;
+ }
+
+ /**
+ * Find the _Fields constant that matches name, or null if its not found.
+ */
+ public static _Fields findByName(String name) {
+ return byName.get(name);
+ }
+
+ private final short _thriftId;
+ private final String _fieldName;
+
+ _Fields(short thriftId, String fieldName) {
+ _thriftId = thriftId;
+ _fieldName = fieldName;
+ }
+
+ public short getThriftFieldId() {
+ return _thriftId;
+ }
+
+ public String getFieldName() {
+ return _fieldName;
+ }
+ }
+
+ // isset id assignments
+ public static final Map<_Fields, org.apache.thrift.meta_data.FieldMetaData> metaDataMap;
+ static {
+ Map<_Fields, org.apache.thrift.meta_data.FieldMetaData> tmpMap = new EnumMap<_Fields, org.apache.thrift.meta_data.FieldMetaData>(_Fields.class);
+ tmpMap.put(_Fields.STATUS, new org.apache.thrift.meta_data.FieldMetaData("status", org.apache.thrift.TFieldRequirementType.REQUIRED,
+ new org.apache.thrift.meta_data.StructMetaData(org.apache.thrift.protocol.TType.STRUCT, org.apache.sentry.service.thrift.TSentryResponseStatus.class)));
+ tmpMap.put(_Fields.PRIVILEGES_MAP_BY_AUTH, new org.apache.thrift.meta_data.FieldMetaData("privilegesMapByAuth", org.apache.thrift.TFieldRequirementType.REQUIRED,
+ new org.apache.thrift.meta_data.MapMetaData(org.apache.thrift.protocol.TType.MAP,
+ new org.apache.thrift.meta_data.StructMetaData(org.apache.thrift.protocol.TType.STRUCT, TSentryAuthorizable.class),
+ new org.apache.thrift.meta_data.StructMetaData(org.apache.thrift.protocol.TType.STRUCT, TSentryPrivilegeMap.class))));
+ metaDataMap = Collections.unmodifiableMap(tmpMap);
+ org.apache.thrift.meta_data.FieldMetaData.addStructMetaDataMap(TListSentryPrivilegesByAuthResponse.class, metaDataMap);
+ }
+
+ public TListSentryPrivilegesByAuthResponse() {
+ }
+
+ public TListSentryPrivilegesByAuthResponse(
+ org.apache.sentry.service.thrift.TSentryResponseStatus status,
+ Map<TSentryAuthorizable,TSentryPrivilegeMap> privilegesMapByAuth)
+ {
+ this();
+ this.status = status;
+ this.privilegesMapByAuth = privilegesMapByAuth;
+ }
+
+ /**
+ * Performs a deep copy on <i>other</i>.
+ */
+ public TListSentryPrivilegesByAuthResponse(TListSentryPrivilegesByAuthResponse other) {
+ if (other.isSetStatus()) {
+ this.status = new org.apache.sentry.service.thrift.TSentryResponseStatus(other.status);
+ }
+ if (other.isSetPrivilegesMapByAuth()) {
+ Map<TSentryAuthorizable,TSentryPrivilegeMap> __this__privilegesMapByAuth = new HashMap<TSentryAuthorizable,TSentryPrivilegeMap>();
+ for (Map.Entry<TSentryAuthorizable, TSentryPrivilegeMap> other_element : other.privilegesMapByAuth.entrySet()) {
+
+ TSentryAuthorizable other_element_key = other_element.getKey();
+ TSentryPrivilegeMap other_element_value = other_element.getValue();
+
+ TSentryAuthorizable __this__privilegesMapByAuth_copy_key = new TSentryAuthorizable(other_element_key);
+
+ TSentryPrivilegeMap __this__privilegesMapByAuth_copy_value = new TSentryPrivilegeMap(other_element_value);
+
+ __this__privilegesMapByAuth.put(__this__privilegesMapByAuth_copy_key, __this__privilegesMapByAuth_copy_value);
+ }
+ this.privilegesMapByAuth = __this__privilegesMapByAuth;
+ }
+ }
+
+ public TListSentryPrivilegesByAuthResponse deepCopy() {
+ return new TListSentryPrivilegesByAuthResponse(this);
+ }
+
+ @Override
+ public void clear() {
+ this.status = null;
+ this.privilegesMapByAuth = null;
+ }
+
+ public org.apache.sentry.service.thrift.TSentryResponseStatus getStatus() {
+ return this.status;
+ }
+
+ public void setStatus(org.apache.sentry.service.thrift.TSentryResponseStatus status) {
+ this.status = status;
+ }
+
+ public void unsetStatus() {
+ this.status = null;
+ }
+
+ /** Returns true if field status is set (has been assigned a value) and false otherwise */
+ public boolean isSetStatus() {
+ return this.status != null;
+ }
+
+ public void setStatusIsSet(boolean value) {
+ if (!value) {
+ this.status = null;
+ }
+ }
+
+ public int getPrivilegesMapByAuthSize() {
+ return (this.privilegesMapByAuth == null) ? 0 : this.privilegesMapByAuth.size();
+ }
+
+ public void putToPrivilegesMapByAuth(TSentryAuthorizable key, TSentryPrivilegeMap val) {
+ if (this.privilegesMapByAuth == null) {
+ this.privilegesMapByAuth = new HashMap<TSentryAuthorizable,TSentryPrivilegeMap>();
+ }
+ this.privilegesMapByAuth.put(key, val);
+ }
+
+ public Map<TSentryAuthorizable,TSentryPrivilegeMap> getPrivilegesMapByAuth() {
+ return this.privilegesMapByAuth;
+ }
+
+ public void setPrivilegesMapByAuth(Map<TSentryAuthorizable,TSentryPrivilegeMap> privilegesMapByAuth) {
+ this.privilegesMapByAuth = privilegesMapByAuth;
+ }
+
+ public void unsetPrivilegesMapByAuth() {
+ this.privilegesMapByAuth = null;
+ }
+
+ /** Returns true if field privilegesMapByAuth is set (has been assigned a value) and false otherwise */
+ public boolean isSetPrivilegesMapByAuth() {
+ return this.privilegesMapByAuth != null;
+ }
+
+ public void setPrivilegesMapByAuthIsSet(boolean value) {
+ if (!value) {
+ this.privilegesMapByAuth = null;
+ }
+ }
+
+ public void setFieldValue(_Fields field, Object value) {
+ switch (field) {
+ case STATUS:
+ if (value == null) {
+ unsetStatus();
+ } else {
+ setStatus((org.apache.sentry.service.thrift.TSentryResponseStatus)value);
+ }
+ break;
+
+ case PRIVILEGES_MAP_BY_AUTH:
+ if (value == null) {
+ unsetPrivilegesMapByAuth();
+ } else {
+ setPrivilegesMapByAuth((Map<TSentryAuthorizable,TSentryPrivilegeMap>)value);
+ }
+ break;
+
+ }
+ }
+
+ public Object getFieldValue(_Fields field) {
+ switch (field) {
+ case STATUS:
+ return getStatus();
+
+ case PRIVILEGES_MAP_BY_AUTH:
+ return getPrivilegesMapByAuth();
+
+ }
+ throw new IllegalStateException();
+ }
+
+ /** Returns true if field corresponding to fieldID is set (has been assigned a value) and false otherwise */
+ public boolean isSet(_Fields field) {
+ if (field == null) {
+ throw new IllegalArgumentException();
+ }
+
+ switch (field) {
+ case STATUS:
+ return isSetStatus();
+ case PRIVILEGES_MAP_BY_AUTH:
+ return isSetPrivilegesMapByAuth();
+ }
+ throw new IllegalStateException();
+ }
+
+ @Override
+ public boolean equals(Object that) {
+ if (that == null)
+ return false;
+ if (that instanceof TListSentryPrivilegesByAuthResponse)
+ return this.equals((TListSentryPrivilegesByAuthResponse)that);
+ return false;
+ }
+
+ public boolean equals(TListSentryPrivilegesByAuthResponse that) {
+ if (that == null)
+ return false;
+
+ boolean this_present_status = true && this.isSetStatus();
+ boolean that_present_status = true && that.isSetStatus();
+ if (this_present_status || that_present_status) {
+ if (!(this_present_status && that_present_status))
+ return false;
+ if (!this.status.equals(that.status))
+ return false;
+ }
+
+ boolean this_present_privilegesMapByAuth = true && this.isSetPrivilegesMapByAuth();
+ boolean that_present_privilegesMapByAuth = true && that.isSetPrivilegesMapByAuth();
+ if (this_present_privilegesMapByAuth || that_present_privilegesMapByAuth) {
+ if (!(this_present_privilegesMapByAuth && that_present_privilegesMapByAuth))
+ return false;
+ if (!this.privilegesMapByAuth.equals(that.privilegesMapByAuth))
+ return false;
+ }
+
+ return true;
+ }
+
+ @Override
+ public int hashCode() {
+ HashCodeBuilder builder = new HashCodeBuilder();
+
+ boolean present_status = true && (isSetStatus());
+ builder.append(present_status);
+ if (present_status)
+ builder.append(status);
+
+ boolean present_privilegesMapByAuth = true && (isSetPrivilegesMapByAuth());
+ builder.append(present_privilegesMapByAuth);
+ if (present_privilegesMapByAuth)
+ builder.append(privilegesMapByAuth);
+
+ return builder.toHashCode();
+ }
+
+ public int compareTo(TListSentryPrivilegesByAuthResponse other) {
+ if (!getClass().equals(other.getClass())) {
+ return getClass().getName().compareTo(other.getClass().getName());
+ }
+
+ int lastComparison = 0;
+ TListSentryPrivilegesByAuthResponse typedOther = (TListSentryPrivilegesByAuthResponse)other;
+
+ lastComparison = Boolean.valueOf(isSetStatus()).compareTo(typedOther.isSetStatus());
+ if (lastComparison != 0) {
+ return lastComparison;
+ }
+ if (isSetStatus()) {
+ lastComparison = org.apache.thrift.TBaseHelper.compareTo(this.status, typedOther.status);
+ if (lastComparison != 0) {
+ return lastComparison;
+ }
+ }
+ lastComparison = Boolean.valueOf(isSetPrivilegesMapByAuth()).compareTo(typedOther.isSetPrivilegesMapByAuth());
+ if (lastComparison != 0) {
+ return lastComparison;
+ }
+ if (isSetPrivilegesMapByAuth()) {
+ lastComparison = org.apache.thrift.TBaseHelper.compareTo(this.privilegesMapByAuth, typedOther.privilegesMapByAuth);
+ if (lastComparison != 0) {
+ return lastComparison;
+ }
+ }
+ return 0;
+ }
+
+ public _Fields fieldForId(int fieldId) {
+ return _Fields.findByThriftId(fieldId);
+ }
+
+ public void read(org.apache.thrift.protocol.TProtocol iprot) throws org.apache.thrift.TException {
+ schemes.get(iprot.getScheme()).getScheme().read(iprot, this);
+ }
+
+ public void write(org.apache.thrift.protocol.TProtocol oprot) throws org.apache.thrift.TException {
+ schemes.get(oprot.getScheme()).getScheme().write(oprot, this);
+ }
+
+ @Override
+ public String toString() {
+ StringBuilder sb = new StringBuilder("TListSentryPrivilegesByAuthResponse(");
+ boolean first = true;
+
+ sb.append("status:");
+ if (this.status == null) {
+ sb.append("null");
+ } else {
+ sb.append(this.status);
+ }
+ first = false;
+ if (!first) sb.append(", ");
+ sb.append("privilegesMapByAuth:");
+ if (this.privilegesMapByAuth == null) {
+ sb.append("null");
+ } else {
+ sb.append(this.privilegesMapByAuth);
+ }
+ first = false;
+ sb.append(")");
+ return sb.toString();
+ }
+
+ public void validate() throws org.apache.thrift.TException {
+ // check for required fields
+ if (!isSetStatus()) {
+ throw new org.apache.thrift.protocol.TProtocolException("Required field 'status' is unset! Struct:" + toString());
+ }
+
+ if (!isSetPrivilegesMapByAuth()) {
+ throw new org.apache.thrift.protocol.TProtocolException("Required field 'privilegesMapByAuth' is unset! Struct:" + toString());
+ }
+
+ // check for sub-struct validity
+ if (status != null) {
+ status.validate();
+ }
+ }
+
+ private void writeObject(java.io.ObjectOutputStream out) throws java.io.IOException {
+ try {
+ write(new org.apache.thrift.protocol.TCompactProtocol(new org.apache.thrift.transport.TIOStreamTransport(out)));
+ } catch (org.apache.thrift.TException te) {
+ throw new java.io.IOException(te);
+ }
+ }
+
+ private void readObject(java.io.ObjectInputStream in) throws java.io.IOException, ClassNotFoundException {
+ try {
+ read(new org.apache.thrift.protocol.TCompactProtocol(new org.apache.thrift.transport.TIOStreamTransport(in)));
+ } catch (org.apache.thrift.TException te) {
+ throw new java.io.IOException(te);
+ }
+ }
+
+ private static class TListSentryPrivilegesByAuthResponseStandardSchemeFactory implements SchemeFactory {
+ public TListSentryPrivilegesByAuthResponseStandardScheme getScheme() {
+ return new TListSentryPrivilegesByAuthResponseStandardScheme();
+ }
+ }
+
+ private static class TListSentryPrivilegesByAuthResponseStandardScheme extends StandardScheme<TListSentryPrivilegesByAuthResponse> {
+
+ public void read(org.apache.thrift.protocol.TProtocol iprot, TListSentryPrivilegesByAuthResponse struct) throws org.apache.thrift.TException {
+ org.apache.thrift.protocol.TField schemeField;
+ iprot.readStructBegin();
+ while (true)
+ {
+ schemeField = iprot.readFieldBegin();
+ if (schemeField.type == org.apache.thrift.protocol.TType.STOP) {
+ break;
+ }
+ switch (schemeField.id) {
+ case 1: // STATUS
+ if (schemeField.type == org.apache.thrift.protocol.TType.STRUCT) {
+ struct.status = new org.apache.sentry.service.thrift.TSentryResponseStatus();
+ struct.status.read(iprot);
+ struct.setStatusIsSet(true);
+ } else {
+ org.apache.thrift.protocol.TProtocolUtil.skip(iprot, schemeField.type);
+ }
+ break;
+ case 2: // PRIVILEGES_MAP_BY_AUTH
+ if (schemeField.type == org.apache.thrift.protocol.TType.MAP) {
+ {
+ org.apache.thrift.protocol.TMap _map98 = iprot.readMapBegin();
+ struct.privilegesMapByAuth = new HashMap<TSentryAuthorizable,TSentryPrivilegeMap>(2*_map98.size);
+ for (int _i99 = 0; _i99 < _map98.size; ++_i99)
+ {
+ TSentryAuthorizable _key100; // required
+ TSentryPrivilegeMap _val101; // required
+ _key100 = new TSentryAuthorizable();
+ _key100.read(iprot);
+ _val101 = new TSentryPrivilegeMap();
+ _val101.read(iprot);
+ struct.privilegesMapByAuth.put(_key100, _val101);
+ }
+ iprot.readMapEnd();
+ }
+ struct.setPrivilegesMapByAuthIsSet(true);
+ } else {
+ org.apache.thrift.protocol.TProtocolUtil.skip(iprot, schemeField.type);
+ }
+ break;
+ default:
+ org.apache.thrift.protocol.TProtocolUtil.skip(iprot, schemeField.type);
+ }
+ iprot.readFieldEnd();
+ }
+ iprot.readStructEnd();
+ struct.validate();
+ }
+
+ public void write(org.apache.thrift.protocol.TProtocol oprot, TListSentryPrivilegesByAuthResponse struct) throws org.apache.thrift.TException {
+ struct.validate();
+
+ oprot.writeStructBegin(STRUCT_DESC);
+ if (struct.status != null) {
+ oprot.writeFieldBegin(STATUS_FIELD_DESC);
+ struct.status.write(oprot);
+ oprot.writeFieldEnd();
+ }
+ if (struct.privilegesMapByAuth != null) {
+ oprot.writeFieldBegin(PRIVILEGES_MAP_BY_AUTH_FIELD_DESC);
+ {
+ oprot.writeMapBegin(new org.apache.thrift.protocol.TMap(org.apache.thrift.protocol.TType.STRUCT, org.apache.thrift.protocol.TType.STRUCT, struct.privilegesMapByAuth.size()));
+ for (Map.Entry<TSentryAuthorizable, TSentryPrivilegeMap> _iter102 : struct.privilegesMapByAuth.entrySet())
+ {
+ _iter102.getKey().write(oprot);
+ _iter102.getValue().write(oprot);
+ }
+ oprot.writeMapEnd();
+ }
+ oprot.writeFieldEnd();
+ }
+ oprot.writeFieldStop();
+ oprot.writeStructEnd();
+ }
+
+ }
+
+ private static class TListSentryPrivilegesByAuthResponseTupleSchemeFactory implements SchemeFactory {
+ public TListSentryPrivilegesByAuthResponseTupleScheme getScheme() {
+ return new TListSentryPrivilegesByAuthResponseTupleScheme();
+ }
+ }
+
+ private static class TListSentryPrivilegesByAuthResponseTupleScheme extends TupleScheme<TListSentryPrivilegesByAuthResponse> {
+
+ @Override
+ public void write(org.apache.thrift.protocol.TProtocol prot, TListSentryPrivilegesByAuthResponse struct) throws org.apache.thrift.TException {
+ TTupleProtocol oprot = (TTupleProtocol) prot;
+ struct.status.write(oprot);
+ {
+ oprot.writeI32(struct.privilegesMapByAuth.size());
+ for (Map.Entry<TSentryAuthorizable, TSentryPrivilegeMap> _iter103 : struct.privilegesMapByAuth.entrySet())
+ {
+ _iter103.getKey().write(oprot);
+ _iter103.getValue().write(oprot);
+ }
+ }
+ }
+
+ @Override
+ public void read(org.apache.thrift.protocol.TProtocol prot, TListSentryPrivilegesByAuthResponse struct) throws org.apache.thrift.TException {
+ TTupleProtocol iprot = (TTupleProtocol) prot;
+ struct.status = new org.apache.sentry.service.thrift.TSentryResponseStatus();
+ struct.status.read(iprot);
+ struct.setStatusIsSet(true);
+ {
+ org.apache.thrift.protocol.TMap _map104 = new org.apache.thrift.protocol.TMap(org.apache.thrift.protocol.TType.STRUCT, org.apache.thrift.protocol.TType.STRUCT, iprot.readI32());
+ struct.privilegesMapByAuth = new HashMap<TSentryAuthorizable,TSentryPrivilegeMap>(2*_map104.size);
+ for (int _i105 = 0; _i105 < _map104.size; ++_i105)
+ {
+ TSentryAuthorizable _key106; // required
+ TSentryPrivilegeMap _val107; // required
+ _key106 = new TSentryAuthorizable();
+ _key106.read(iprot);
+ _val107 = new TSentryPrivilegeMap();
+ _val107.read(iprot);
+ struct.privilegesMapByAuth.put(_key106, _val107);
+ }
+ }
+ struct.setPrivilegesMapByAuthIsSet(true);
+ }
+ }
+
+}
+
http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/fa5f81c7/sentry-provider/sentry-provider-db/src/gen/thrift/gen-javabean/org/apache/sentry/provider/db/service/thrift/TSentryPrivilegeMap.java
----------------------------------------------------------------------
diff --git a/sentry-provider/sentry-provider-db/src/gen/thrift/gen-javabean/org/apache/sentry/provider/db/service/thrift/TSentryPrivilegeMap.java b/sentry-provider/sentry-provider-db/src/gen/thrift/gen-javabean/org/apache/sentry/provider/db/service/thrift/TSentryPrivilegeMap.java
new file mode 100644
index 0000000..50b4979
--- /dev/null
+++ b/sentry-provider/sentry-provider-db/src/gen/thrift/gen-javabean/org/apache/sentry/provider/db/service/thrift/TSentryPrivilegeMap.java
@@ -0,0 +1,486 @@
+/**
+ * Autogenerated by Thrift Compiler (0.9.0)
+ *
+ * DO NOT EDIT UNLESS YOU ARE SURE THAT YOU KNOW WHAT YOU ARE DOING
+ * @generated
+ */
+package org.apache.sentry.provider.db.service.thrift;
+
+import org.apache.commons.lang.builder.HashCodeBuilder;
+import org.apache.thrift.scheme.IScheme;
+import org.apache.thrift.scheme.SchemeFactory;
+import org.apache.thrift.scheme.StandardScheme;
+
+import org.apache.thrift.scheme.TupleScheme;
+import org.apache.thrift.protocol.TTupleProtocol;
+import org.apache.thrift.protocol.TProtocolException;
+import org.apache.thrift.EncodingUtils;
+import org.apache.thrift.TException;
+import java.util.List;
+import java.util.ArrayList;
+import java.util.Map;
+import java.util.HashMap;
+import java.util.EnumMap;
+import java.util.Set;
+import java.util.HashSet;
+import java.util.EnumSet;
+import java.util.Collections;
+import java.util.BitSet;
+import java.nio.ByteBuffer;
+import java.util.Arrays;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+public class TSentryPrivilegeMap implements org.apache.thrift.TBase<TSentryPrivilegeMap, TSentryPrivilegeMap._Fields>, java.io.Serializable, Cloneable {
+ private static final org.apache.thrift.protocol.TStruct STRUCT_DESC = new org.apache.thrift.protocol.TStruct("TSentryPrivilegeMap");
+
+ private static final org.apache.thrift.protocol.TField PRIVILEGE_MAP_FIELD_DESC = new org.apache.thrift.protocol.TField("privilegeMap", org.apache.thrift.protocol.TType.MAP, (short)1);
+
+ private static final Map<Class<? extends IScheme>, SchemeFactory> schemes = new HashMap<Class<? extends IScheme>, SchemeFactory>();
+ static {
+ schemes.put(StandardScheme.class, new TSentryPrivilegeMapStandardSchemeFactory());
+ schemes.put(TupleScheme.class, new TSentryPrivilegeMapTupleSchemeFactory());
+ }
+
+ private Map<String,Set<TSentryPrivilege>> privilegeMap; // required
+
+ /** The set of fields this struct contains, along with convenience methods for finding and manipulating them. */
+ public enum _Fields implements org.apache.thrift.TFieldIdEnum {
+ PRIVILEGE_MAP((short)1, "privilegeMap");
+
+ private static final Map<String, _Fields> byName = new HashMap<String, _Fields>();
+
+ static {
+ for (_Fields field : EnumSet.allOf(_Fields.class)) {
+ byName.put(field.getFieldName(), field);
+ }
+ }
+
+ /**
+ * Find the _Fields constant that matches fieldId, or null if its not found.
+ */
+ public static _Fields findByThriftId(int fieldId) {
+ switch(fieldId) {
+ case 1: // PRIVILEGE_MAP
+ return PRIVILEGE_MAP;
+ default:
+ return null;
+ }
+ }
+
+ /**
+ * Find the _Fields constant that matches fieldId, throwing an exception
+ * if it is not found.
+ */
+ public static _Fields findByThriftIdOrThrow(int fieldId) {
+ _Fields fields = findByThriftId(fieldId);
+ if (fields == null) throw new IllegalArgumentException("Field " + fieldId + " doesn't exist!");
+ return fields;
+ }
+
+ /**
+ * Find the _Fields constant that matches name, or null if its not found.
+ */
+ public static _Fields findByName(String name) {
+ return byName.get(name);
+ }
+
+ private final short _thriftId;
+ private final String _fieldName;
+
+ _Fields(short thriftId, String fieldName) {
+ _thriftId = thriftId;
+ _fieldName = fieldName;
+ }
+
+ public short getThriftFieldId() {
+ return _thriftId;
+ }
+
+ public String getFieldName() {
+ return _fieldName;
+ }
+ }
+
+ // isset id assignments
+ public static final Map<_Fields, org.apache.thrift.meta_data.FieldMetaData> metaDataMap;
+ static {
+ Map<_Fields, org.apache.thrift.meta_data.FieldMetaData> tmpMap = new EnumMap<_Fields, org.apache.thrift.meta_data.FieldMetaData>(_Fields.class);
+ tmpMap.put(_Fields.PRIVILEGE_MAP, new org.apache.thrift.meta_data.FieldMetaData("privilegeMap", org.apache.thrift.TFieldRequirementType.REQUIRED,
+ new org.apache.thrift.meta_data.MapMetaData(org.apache.thrift.protocol.TType.MAP,
+ new org.apache.thrift.meta_data.FieldValueMetaData(org.apache.thrift.protocol.TType.STRING),
+ new org.apache.thrift.meta_data.SetMetaData(org.apache.thrift.protocol.TType.SET,
+ new org.apache.thrift.meta_data.StructMetaData(org.apache.thrift.protocol.TType.STRUCT, TSentryPrivilege.class)))));
+ metaDataMap = Collections.unmodifiableMap(tmpMap);
+ org.apache.thrift.meta_data.FieldMetaData.addStructMetaDataMap(TSentryPrivilegeMap.class, metaDataMap);
+ }
+
+ public TSentryPrivilegeMap() {
+ }
+
+ public TSentryPrivilegeMap(
+ Map<String,Set<TSentryPrivilege>> privilegeMap)
+ {
+ this();
+ this.privilegeMap = privilegeMap;
+ }
+
+ /**
+ * Performs a deep copy on <i>other</i>.
+ */
+ public TSentryPrivilegeMap(TSentryPrivilegeMap other) {
+ if (other.isSetPrivilegeMap()) {
+ Map<String,Set<TSentryPrivilege>> __this__privilegeMap = new HashMap<String,Set<TSentryPrivilege>>();
+ for (Map.Entry<String, Set<TSentryPrivilege>> other_element : other.privilegeMap.entrySet()) {
+
+ String other_element_key = other_element.getKey();
+ Set<TSentryPrivilege> other_element_value = other_element.getValue();
+
+ String __this__privilegeMap_copy_key = other_element_key;
+
+ Set<TSentryPrivilege> __this__privilegeMap_copy_value = new HashSet<TSentryPrivilege>();
+ for (TSentryPrivilege other_element_value_element : other_element_value) {
+ __this__privilegeMap_copy_value.add(new TSentryPrivilege(other_element_value_element));
+ }
+
+ __this__privilegeMap.put(__this__privilegeMap_copy_key, __this__privilegeMap_copy_value);
+ }
+ this.privilegeMap = __this__privilegeMap;
+ }
+ }
+
+ public TSentryPrivilegeMap deepCopy() {
+ return new TSentryPrivilegeMap(this);
+ }
+
+ @Override
+ public void clear() {
+ this.privilegeMap = null;
+ }
+
+ public int getPrivilegeMapSize() {
+ return (this.privilegeMap == null) ? 0 : this.privilegeMap.size();
+ }
+
+ public void putToPrivilegeMap(String key, Set<TSentryPrivilege> val) {
+ if (this.privilegeMap == null) {
+ this.privilegeMap = new HashMap<String,Set<TSentryPrivilege>>();
+ }
+ this.privilegeMap.put(key, val);
+ }
+
+ public Map<String,Set<TSentryPrivilege>> getPrivilegeMap() {
+ return this.privilegeMap;
+ }
+
+ public void setPrivilegeMap(Map<String,Set<TSentryPrivilege>> privilegeMap) {
+ this.privilegeMap = privilegeMap;
+ }
+
+ public void unsetPrivilegeMap() {
+ this.privilegeMap = null;
+ }
+
+ /** Returns true if field privilegeMap is set (has been assigned a value) and false otherwise */
+ public boolean isSetPrivilegeMap() {
+ return this.privilegeMap != null;
+ }
+
+ public void setPrivilegeMapIsSet(boolean value) {
+ if (!value) {
+ this.privilegeMap = null;
+ }
+ }
+
+ public void setFieldValue(_Fields field, Object value) {
+ switch (field) {
+ case PRIVILEGE_MAP:
+ if (value == null) {
+ unsetPrivilegeMap();
+ } else {
+ setPrivilegeMap((Map<String,Set<TSentryPrivilege>>)value);
+ }
+ break;
+
+ }
+ }
+
+ public Object getFieldValue(_Fields field) {
+ switch (field) {
+ case PRIVILEGE_MAP:
+ return getPrivilegeMap();
+
+ }
+ throw new IllegalStateException();
+ }
+
+ /** Returns true if field corresponding to fieldID is set (has been assigned a value) and false otherwise */
+ public boolean isSet(_Fields field) {
+ if (field == null) {
+ throw new IllegalArgumentException();
+ }
+
+ switch (field) {
+ case PRIVILEGE_MAP:
+ return isSetPrivilegeMap();
+ }
+ throw new IllegalStateException();
+ }
+
+ @Override
+ public boolean equals(Object that) {
+ if (that == null)
+ return false;
+ if (that instanceof TSentryPrivilegeMap)
+ return this.equals((TSentryPrivilegeMap)that);
+ return false;
+ }
+
+ public boolean equals(TSentryPrivilegeMap that) {
+ if (that == null)
+ return false;
+
+ boolean this_present_privilegeMap = true && this.isSetPrivilegeMap();
+ boolean that_present_privilegeMap = true && that.isSetPrivilegeMap();
+ if (this_present_privilegeMap || that_present_privilegeMap) {
+ if (!(this_present_privilegeMap && that_present_privilegeMap))
+ return false;
+ if (!this.privilegeMap.equals(that.privilegeMap))
+ return false;
+ }
+
+ return true;
+ }
+
+ @Override
+ public int hashCode() {
+ HashCodeBuilder builder = new HashCodeBuilder();
+
+ boolean present_privilegeMap = true && (isSetPrivilegeMap());
+ builder.append(present_privilegeMap);
+ if (present_privilegeMap)
+ builder.append(privilegeMap);
+
+ return builder.toHashCode();
+ }
+
+ public int compareTo(TSentryPrivilegeMap other) {
+ if (!getClass().equals(other.getClass())) {
+ return getClass().getName().compareTo(other.getClass().getName());
+ }
+
+ int lastComparison = 0;
+ TSentryPrivilegeMap typedOther = (TSentryPrivilegeMap)other;
+
+ lastComparison = Boolean.valueOf(isSetPrivilegeMap()).compareTo(typedOther.isSetPrivilegeMap());
+ if (lastComparison != 0) {
+ return lastComparison;
+ }
+ if (isSetPrivilegeMap()) {
+ lastComparison = org.apache.thrift.TBaseHelper.compareTo(this.privilegeMap, typedOther.privilegeMap);
+ if (lastComparison != 0) {
+ return lastComparison;
+ }
+ }
+ return 0;
+ }
+
+ public _Fields fieldForId(int fieldId) {
+ return _Fields.findByThriftId(fieldId);
+ }
+
+ public void read(org.apache.thrift.protocol.TProtocol iprot) throws org.apache.thrift.TException {
+ schemes.get(iprot.getScheme()).getScheme().read(iprot, this);
+ }
+
+ public void write(org.apache.thrift.protocol.TProtocol oprot) throws org.apache.thrift.TException {
+ schemes.get(oprot.getScheme()).getScheme().write(oprot, this);
+ }
+
+ @Override
+ public String toString() {
+ StringBuilder sb = new StringBuilder("TSentryPrivilegeMap(");
+ boolean first = true;
+
+ sb.append("privilegeMap:");
+ if (this.privilegeMap == null) {
+ sb.append("null");
+ } else {
+ sb.append(this.privilegeMap);
+ }
+ first = false;
+ sb.append(")");
+ return sb.toString();
+ }
+
+ public void validate() throws org.apache.thrift.TException {
+ // check for required fields
+ if (!isSetPrivilegeMap()) {
+ throw new org.apache.thrift.protocol.TProtocolException("Required field 'privilegeMap' is unset! Struct:" + toString());
+ }
+
+ // check for sub-struct validity
+ }
+
+ private void writeObject(java.io.ObjectOutputStream out) throws java.io.IOException {
+ try {
+ write(new org.apache.thrift.protocol.TCompactProtocol(new org.apache.thrift.transport.TIOStreamTransport(out)));
+ } catch (org.apache.thrift.TException te) {
+ throw new java.io.IOException(te);
+ }
+ }
+
+ private void readObject(java.io.ObjectInputStream in) throws java.io.IOException, ClassNotFoundException {
+ try {
+ read(new org.apache.thrift.protocol.TCompactProtocol(new org.apache.thrift.transport.TIOStreamTransport(in)));
+ } catch (org.apache.thrift.TException te) {
+ throw new java.io.IOException(te);
+ }
+ }
+
+ private static class TSentryPrivilegeMapStandardSchemeFactory implements SchemeFactory {
+ public TSentryPrivilegeMapStandardScheme getScheme() {
+ return new TSentryPrivilegeMapStandardScheme();
+ }
+ }
+
+ private static class TSentryPrivilegeMapStandardScheme extends StandardScheme<TSentryPrivilegeMap> {
+
+ public void read(org.apache.thrift.protocol.TProtocol iprot, TSentryPrivilegeMap struct) throws org.apache.thrift.TException {
+ org.apache.thrift.protocol.TField schemeField;
+ iprot.readStructBegin();
+ while (true)
+ {
+ schemeField = iprot.readFieldBegin();
+ if (schemeField.type == org.apache.thrift.protocol.TType.STOP) {
+ break;
+ }
+ switch (schemeField.id) {
+ case 1: // PRIVILEGE_MAP
+ if (schemeField.type == org.apache.thrift.protocol.TType.MAP) {
+ {
+ org.apache.thrift.protocol.TMap _map64 = iprot.readMapBegin();
+ struct.privilegeMap = new HashMap<String,Set<TSentryPrivilege>>(2*_map64.size);
+ for (int _i65 = 0; _i65 < _map64.size; ++_i65)
+ {
+ String _key66; // required
+ Set<TSentryPrivilege> _val67; // required
+ _key66 = iprot.readString();
+ {
+ org.apache.thrift.protocol.TSet _set68 = iprot.readSetBegin();
+ _val67 = new HashSet<TSentryPrivilege>(2*_set68.size);
+ for (int _i69 = 0; _i69 < _set68.size; ++_i69)
+ {
+ TSentryPrivilege _elem70; // required
+ _elem70 = new TSentryPrivilege();
+ _elem70.read(iprot);
+ _val67.add(_elem70);
+ }
+ iprot.readSetEnd();
+ }
+ struct.privilegeMap.put(_key66, _val67);
+ }
+ iprot.readMapEnd();
+ }
+ struct.setPrivilegeMapIsSet(true);
+ } else {
+ org.apache.thrift.protocol.TProtocolUtil.skip(iprot, schemeField.type);
+ }
+ break;
+ default:
+ org.apache.thrift.protocol.TProtocolUtil.skip(iprot, schemeField.type);
+ }
+ iprot.readFieldEnd();
+ }
+ iprot.readStructEnd();
+ struct.validate();
+ }
+
+ public void write(org.apache.thrift.protocol.TProtocol oprot, TSentryPrivilegeMap struct) throws org.apache.thrift.TException {
+ struct.validate();
+
+ oprot.writeStructBegin(STRUCT_DESC);
+ if (struct.privilegeMap != null) {
+ oprot.writeFieldBegin(PRIVILEGE_MAP_FIELD_DESC);
+ {
+ oprot.writeMapBegin(new org.apache.thrift.protocol.TMap(org.apache.thrift.protocol.TType.STRING, org.apache.thrift.protocol.TType.SET, struct.privilegeMap.size()));
+ for (Map.Entry<String, Set<TSentryPrivilege>> _iter71 : struct.privilegeMap.entrySet())
+ {
+ oprot.writeString(_iter71.getKey());
+ {
+ oprot.writeSetBegin(new org.apache.thrift.protocol.TSet(org.apache.thrift.protocol.TType.STRUCT, _iter71.getValue().size()));
+ for (TSentryPrivilege _iter72 : _iter71.getValue())
+ {
+ _iter72.write(oprot);
+ }
+ oprot.writeSetEnd();
+ }
+ }
+ oprot.writeMapEnd();
+ }
+ oprot.writeFieldEnd();
+ }
+ oprot.writeFieldStop();
+ oprot.writeStructEnd();
+ }
+
+ }
+
+ private static class TSentryPrivilegeMapTupleSchemeFactory implements SchemeFactory {
+ public TSentryPrivilegeMapTupleScheme getScheme() {
+ return new TSentryPrivilegeMapTupleScheme();
+ }
+ }
+
+ private static class TSentryPrivilegeMapTupleScheme extends TupleScheme<TSentryPrivilegeMap> {
+
+ @Override
+ public void write(org.apache.thrift.protocol.TProtocol prot, TSentryPrivilegeMap struct) throws org.apache.thrift.TException {
+ TTupleProtocol oprot = (TTupleProtocol) prot;
+ {
+ oprot.writeI32(struct.privilegeMap.size());
+ for (Map.Entry<String, Set<TSentryPrivilege>> _iter73 : struct.privilegeMap.entrySet())
+ {
+ oprot.writeString(_iter73.getKey());
+ {
+ oprot.writeI32(_iter73.getValue().size());
+ for (TSentryPrivilege _iter74 : _iter73.getValue())
+ {
+ _iter74.write(oprot);
+ }
+ }
+ }
+ }
+ }
+
+ @Override
+ public void read(org.apache.thrift.protocol.TProtocol prot, TSentryPrivilegeMap struct) throws org.apache.thrift.TException {
+ TTupleProtocol iprot = (TTupleProtocol) prot;
+ {
+ org.apache.thrift.protocol.TMap _map75 = new org.apache.thrift.protocol.TMap(org.apache.thrift.protocol.TType.STRING, org.apache.thrift.protocol.TType.SET, iprot.readI32());
+ struct.privilegeMap = new HashMap<String,Set<TSentryPrivilege>>(2*_map75.size);
+ for (int _i76 = 0; _i76 < _map75.size; ++_i76)
+ {
+ String _key77; // required
+ Set<TSentryPrivilege> _val78; // required
+ _key77 = iprot.readString();
+ {
+ org.apache.thrift.protocol.TSet _set79 = new org.apache.thrift.protocol.TSet(org.apache.thrift.protocol.TType.STRUCT, iprot.readI32());
+ _val78 = new HashSet<TSentryPrivilege>(2*_set79.size);
+ for (int _i80 = 0; _i80 < _set79.size; ++_i80)
+ {
+ TSentryPrivilege _elem81; // required
+ _elem81 = new TSentryPrivilege();
+ _elem81.read(iprot);
+ _val78.add(_elem81);
+ }
+ }
+ struct.privilegeMap.put(_key77, _val78);
+ }
+ }
+ struct.setPrivilegeMapIsSet(true);
+ }
+ }
+
+}
+
http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/fa5f81c7/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/persistent/SentryStore.java
----------------------------------------------------------------------
diff --git a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/persistent/SentryStore.java b/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/persistent/SentryStore.java
index 869b8e3..1bf3faf 100644
--- a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/persistent/SentryStore.java
+++ b/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/persistent/SentryStore.java
@@ -31,6 +31,7 @@ import java.util.Properties;
import java.util.Set;
import java.util.UUID;
+import javax.jdo.FetchGroup;
import javax.jdo.JDODataStoreException;
import javax.jdo.JDOHelper;
import javax.jdo.PersistenceManager;
@@ -59,6 +60,7 @@ import org.apache.sentry.provider.db.service.thrift.TSentryAuthorizable;
import org.apache.sentry.provider.db.service.thrift.TSentryGrantOption;
import org.apache.sentry.provider.db.service.thrift.TSentryGroup;
import org.apache.sentry.provider.db.service.thrift.TSentryPrivilege;
+import org.apache.sentry.provider.db.service.thrift.TSentryPrivilegeMap;
import org.apache.sentry.provider.db.service.thrift.TSentryRole;
import org.apache.sentry.service.thrift.ServiceConstants.PrivilegeScope;
import org.apache.sentry.service.thrift.ServiceConstants.ServerConfig;
@@ -68,10 +70,9 @@ import com.google.common.annotations.VisibleForTesting;
import com.google.common.base.Joiner;
import com.google.common.base.Preconditions;
import com.google.common.base.Strings;
-import com.google.common.collect.HashMultimap;
import com.google.common.collect.ImmutableSet;
import com.google.common.collect.Lists;
-import com.google.common.collect.SetMultimap;
+import com.google.common.collect.Maps;
import com.google.common.collect.Sets;
/**
@@ -281,7 +282,12 @@ public class SentryStore {
// first do grant check
grantOptionCheck(pm, grantorPrincipal, privilege);
- alterSentryRoleGrantPrivilegeCore(pm, roleName, privilege);
+ MSentryPrivilege mPrivilege =
+ alterSentryRoleGrantPrivilegeCore(pm, roleName, privilege);
+ // capture the new privilege
+ if (mPrivilege != null) {
+ convertToTSentryPrivilege(mPrivilege, privilege);
+ }
CommitContext commit = commitUpdateTransaction(pm);
rollbackTransaction = false;
return commit;
@@ -292,9 +298,10 @@ public class SentryStore {
}
}
- private void alterSentryRoleGrantPrivilegeCore(PersistenceManager pm,
+ private MSentryPrivilege alterSentryRoleGrantPrivilegeCore(PersistenceManager pm,
String roleName, TSentryPrivilege privilege)
throws SentryNoSuchObjectException, SentryInvalidInputException {
+ MSentryPrivilege mPrivilege = null;
MSentryRole mRole = getMSentryRole(pm, roleName);
if (mRole == null) {
throw new SentryNoSuchObjectException("Role: " + roleName);
@@ -324,12 +331,12 @@ public class SentryStore {
tAll.setAction(AccessConstants.ALL);
MSentryPrivilege mAll = getMSentryPrivilege(tAll, pm);
if ((mAll != null) && (mRole.getPrivileges().contains(mAll))) {
- return;
+ return null;
}
}
}
- MSentryPrivilege mPrivilege = getMSentryPrivilege(privilege, pm);
+ mPrivilege = getMSentryPrivilege(privilege, pm);
if (mPrivilege == null) {
mPrivilege = convertToMSentryPrivilege(privilege);
}
@@ -337,7 +344,7 @@ public class SentryStore {
pm.makePersistent(mRole);
pm.makePersistent(mPrivilege);
}
- return;
+ return mPrivilege;
}
public CommitContext alterSentryRoleRevokePrivilege(String grantorPrincipal, String roleName,
@@ -754,6 +761,93 @@ public class SentryStore {
}
}
+ List<MSentryPrivilege> getMSentryPrivilegesByAuth(Set<String> roleNames, TSentryAuthorizable authHierarchy) {
+ boolean rollbackTransaction = true;
+ PersistenceManager pm = null;
+ try {
+ pm = openTransaction();
+ Query query = pm.newQuery(MSentryPrivilege.class);
+ StringBuilder filters = new StringBuilder();
+ if ((roleNames.size() == 0)||(roleNames == null)) {
+ filters.append(" !roles.isEmpty() ");
+ } else {
+ query.declareVariables("org.apache.sentry.provider.db.service.model.MSentryRole role");
+ List<String> rolesFiler = new LinkedList<String>();
+ for (String rName : roleNames) {
+ rolesFiler.add("role.roleName == \"" + rName.trim().toLowerCase() + "\"");
+ }
+ filters.append("roles.contains(role) "
+ + "&& (" + Joiner.on(" || ").join(rolesFiler) + ") ");
+ }
+ if ((authHierarchy.getServer() != null)) {
+ filters.append("&& serverName == \"" +
+ authHierarchy.getServer().toLowerCase() + "\"");
+ if (authHierarchy.getDb() != null) {
+ filters.append(" && (dbName == \"" +
+ authHierarchy.getDb().toLowerCase() + "\") && (URI == \"__NULL__\")");
+ if (authHierarchy.getTable() != null) {
+ filters.append(" && (tableName == \"" +
+ authHierarchy.getTable().toLowerCase() + "\")");
+ } else {
+ filters.append(" && (tableName == \"__NULL__\")");
+ }
+ } else if (authHierarchy.getUri() != null) {
+ filters.append(" && (URI != \"__NULL__\") && (\"" + authHierarchy.getUri() +
+ "\".startsWith(URI)) && (dbName == \"__NULL__\")");
+ } else {
+ filters.append(" && (dbName == \"__NULL__\") && (URI == \"__NULL__\")");
+ }
+ } else {
+ // if no server, then return empty resultset
+ return new ArrayList<MSentryPrivilege>();
+ }
+ FetchGroup grp = pm.getFetchGroup(
+ org.apache.sentry.provider.db.service.model.MSentryPrivilege.class,
+ "fetchRole");
+ grp.addMember("roles");
+ pm.getFetchPlan().addGroup("fetchRole");
+ query.setFilter(filters.toString());
+ List<MSentryPrivilege> privileges = (List<MSentryPrivilege>) query.execute();
+ rollbackTransaction = false;
+ commitTransaction(pm);
+ return privileges;
+ } finally {
+ if (rollbackTransaction) {
+ rollbackTransaction(pm);
+ }
+ }
+ }
+
+ public TSentryPrivilegeMap listSentryPrivilegesByAuthorizable(
+ Set<String> groups, TSentryActiveRoleSet activeRoles,
+ TSentryAuthorizable authHierarchy)
+ throws SentryInvalidInputException {
+ Map<String, Set<TSentryPrivilege>> resultPrivilegeMap = Maps.newTreeMap();
+ Set<String> roles = Sets.newHashSet();
+ if (groups != null && !groups.isEmpty()) {
+ roles = getRolesToQuery(groups, new TSentryActiveRoleSet(true, null));
+ }
+ if (activeRoles != null && !activeRoles.isAll()) {
+ roles.addAll(activeRoles.getRoles());
+ }
+
+ List<MSentryPrivilege> mSentryPrivileges = getMSentryPrivilegesByAuth(roles,
+ authHierarchy);
+ for (MSentryPrivilege priv : mSentryPrivileges) {
+ for (MSentryRole role : priv.getRoles()) {
+ TSentryPrivilege tPriv = convertToTSentryPrivilege(priv);
+ if (resultPrivilegeMap.containsKey(role.getRoleName())) {
+ resultPrivilegeMap.get(role.getRoleName()).add(tPriv);
+ } else {
+ Set<TSentryPrivilege> tPrivSet = Sets.newTreeSet();
+ tPrivSet.add(tPriv);
+ resultPrivilegeMap.put(role.getRoleName(), tPrivSet);
+ }
+ }
+ }
+ return new TSentryPrivilegeMap(resultPrivilegeMap);
+ }
+
private Set<MSentryPrivilege> getMSentryPrivilegesByRoleName(String roleName)
throws SentryNoSuchObjectException {
MSentryRole mSentryRole = getMSentryRoleByName(roleName);
@@ -1017,6 +1111,12 @@ public class SentryStore {
private TSentryPrivilege convertToTSentryPrivilege(MSentryPrivilege mSentryPrivilege) {
TSentryPrivilege privilege = new TSentryPrivilege();
+ convertToTSentryPrivilege(mSentryPrivilege, privilege);
+ return privilege;
+ }
+
+ private void convertToTSentryPrivilege(MSentryPrivilege mSentryPrivilege,
+ TSentryPrivilege privilege) {
privilege.setCreateTime(mSentryPrivilege.getCreateTime());
privilege.setAction(fromNULLCol(mSentryPrivilege.getAction()));
privilege.setPrivilegeScope(mSentryPrivilege.getPrivilegeScope());
@@ -1029,7 +1129,6 @@ public class SentryStore {
} else {
privilege.setGrantOption(TSentryGrantOption.UNSET);
}
- return privilege;
}
/**
http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/fa5f81c7/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/thrift/SentryPolicyServiceClient.java
----------------------------------------------------------------------
diff --git a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/thrift/SentryPolicyServiceClient.java b/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/thrift/SentryPolicyServiceClient.java
index 5d97dc1..0668912 100644
--- a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/thrift/SentryPolicyServiceClient.java
+++ b/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/thrift/SentryPolicyServiceClient.java
@@ -53,6 +53,7 @@ import org.apache.thrift.transport.TTransportException;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
+import com.google.common.annotations.VisibleForTesting;
import com.google.common.base.Preconditions;
import com.google.common.collect.Lists;
import com.google.common.collect.Sets;
@@ -276,17 +277,17 @@ public class SentryPolicyServiceClient {
return listRolesByGroupName(requestorUserName, AccessConstants.ALL);
}
- public void grantURIPrivilege(String requestorUserName,
+ public TSentryPrivilege grantURIPrivilege(String requestorUserName,
String roleName, String server, String uri)
throws SentryUserException {
- grantPrivilege(requestorUserName, roleName,
+ return grantPrivilege(requestorUserName, roleName,
PrivilegeScope.URI, server, uri, null, null, AccessConstants.ALL);
}
- public void grantURIPrivilege(String requestorUserName,
+ public TSentryPrivilege grantURIPrivilege(String requestorUserName,
String roleName, String server, String uri, Boolean grantOption)
throws SentryUserException {
- grantPrivilege(requestorUserName, roleName,
+ return grantPrivilege(requestorUserName, roleName,
PrivilegeScope.URI, server, uri, null, null, AccessConstants.ALL, grantOption);
}
@@ -297,43 +298,44 @@ public class SentryPolicyServiceClient {
PrivilegeScope.SERVER, server, null, null, null, action);
}
- public void grantServerPrivilege(String requestorUserName,
+ public TSentryPrivilege grantServerPrivilege(String requestorUserName,
String roleName, String server, String action, Boolean grantOption)
throws SentryUserException {
- grantPrivilege(requestorUserName, roleName,
+ return grantPrivilege(requestorUserName, roleName,
PrivilegeScope.SERVER, server, null, null, null, action, grantOption);
}
- public void grantDatabasePrivilege(String requestorUserName,
+ public TSentryPrivilege grantDatabasePrivilege(String requestorUserName,
String roleName, String server, String db, String action)
throws SentryUserException {
- grantPrivilege(requestorUserName, roleName,
+ return grantPrivilege(requestorUserName, roleName,
PrivilegeScope.DATABASE, server, null, db, null, action);
}
- public void grantDatabasePrivilege(String requestorUserName,
+ public TSentryPrivilege grantDatabasePrivilege(String requestorUserName,
String roleName, String server, String db, String action, Boolean grantOption)
throws SentryUserException {
- grantPrivilege(requestorUserName, roleName,
+ return grantPrivilege(requestorUserName, roleName,
PrivilegeScope.DATABASE, server, null, db, null, action, grantOption);
}
- public void grantTablePrivilege(String requestorUserName,
+ public TSentryPrivilege grantTablePrivilege(String requestorUserName,
String roleName, String server, String db, String table, String action)
throws SentryUserException {
- grantPrivilege(requestorUserName, roleName, PrivilegeScope.TABLE, server,
- null,
- db, table, action);
+ return grantPrivilege(requestorUserName, roleName, PrivilegeScope.TABLE,
+ server, null, db, table, action);
}
- public void grantTablePrivilege(String requestorUserName,
+ public TSentryPrivilege grantTablePrivilege(String requestorUserName,
String roleName, String server, String db, String table, String action, Boolean grantOption)
throws SentryUserException {
- grantPrivilege(requestorUserName, roleName, PrivilegeScope.TABLE, server,
+ return grantPrivilege(requestorUserName, roleName, PrivilegeScope.TABLE,
+ server,
null, db, table, action, grantOption);
}
- private TSentryAuthorizable setupSentryAuthorizable(
+ @VisibleForTesting
+ public static TSentryAuthorizable setupSentryAuthorizable(
List<? extends Authorizable> authorizable) {
TSentryAuthorizable tSentryAuthorizable = new TSentryAuthorizable();
@@ -355,14 +357,15 @@ public class SentryPolicyServiceClient {
return tSentryAuthorizable;
}
- private void grantPrivilege(String requestorUserName, String roleName,
+ private TSentryPrivilege grantPrivilege(String requestorUserName,
+ String roleName,
PrivilegeScope scope, String serverName, String uri, String db,
String table, String action) throws SentryUserException {
- grantPrivilege(requestorUserName, roleName, scope, serverName, uri,
+ return grantPrivilege(requestorUserName, roleName, scope, serverName, uri,
db, table, action, false);
}
- private void grantPrivilege(String requestorUserName,
+ private TSentryPrivilege grantPrivilege(String requestorUserName,
String roleName, PrivilegeScope scope, String serverName, String uri, String db, String table, String action, Boolean grantOption)
throws SentryUserException {
TAlterSentryRoleGrantPrivilegeRequest request = new TAlterSentryRoleGrantPrivilegeRequest();
@@ -382,6 +385,7 @@ public class SentryPolicyServiceClient {
try {
TAlterSentryRoleGrantPrivilegeResponse response = client.alter_sentry_role_grant_privilege(request);
Status.throwIfNotOk(response.getStatus());
+ return response.getPrivilege();
} catch (TException e) {
throw new SentryUserException(THRIFT_EXCEPTION_MESSAGE, e);
}
@@ -569,6 +573,33 @@ TSENTRY_SERVICE_VERSION_CURRENT, requestorUserName,
}
}
+ public synchronized Map<TSentryAuthorizable, TSentryPrivilegeMap> listPrivilegsbyAuthorizable(
+ Set<List<? extends Authorizable>> authorizables, Set<String> groups, ActiveRoleSet roleSet)
+ throws SentryUserException {
+ Set<TSentryAuthorizable> authSet = Sets.newTreeSet();
+
+ for (List<? extends Authorizable> authorizableHierarchy : authorizables) {
+ authSet.add(setupSentryAuthorizable(authorizableHierarchy));
+ }
+ TListSentryPrivilegesByAuthRequest request = new TListSentryPrivilegesByAuthRequest(
+ ThriftConstants.TSENTRY_SERVICE_VERSION_CURRENT, authSet);
+ if (groups != null) {
+ request.setGroups(groups);
+ }
+ if (roleSet != null) {
+ request.setRoleSet(new TSentryActiveRoleSet(roleSet.isAll(), roleSet.getRoles()));
+ }
+
+ try {
+ TListSentryPrivilegesByAuthResponse response = client
+ .list_sentry_privileges_by_authorizable(request);
+ Status.throwIfNotOk(response.getStatus());
+ return response.getPrivilegesMapByAuth();
+ } catch (TException e) {
+ throw new SentryUserException(THRIFT_EXCEPTION_MESSAGE, e);
+ }
+ }
+
public void close() {
if (transport != null) {
transport.close();
http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/fa5f81c7/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/thrift/SentryPolicyStoreProcessor.java
----------------------------------------------------------------------
diff --git a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/thrift/SentryPolicyStoreProcessor.java b/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/thrift/SentryPolicyStoreProcessor.java
index b05d71b..e3cdfc2 100644
--- a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/thrift/SentryPolicyStoreProcessor.java
+++ b/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/thrift/SentryPolicyStoreProcessor.java
@@ -22,6 +22,7 @@ import java.lang.reflect.Constructor;
import java.lang.reflect.InvocationTargetException;
import java.util.HashSet;
import java.util.List;
+import java.util.Map;
import java.util.Set;
import org.apache.hadoop.conf.Configuration;
@@ -49,6 +50,7 @@ import com.google.common.base.Preconditions;
import com.google.common.base.Splitter;
import com.google.common.collect.ImmutableSet;
import com.google.common.collect.Lists;
+import com.google.common.collect.Maps;
import com.google.common.collect.Sets;
@SuppressWarnings("unused")
@@ -180,6 +182,7 @@ public class SentryPolicyStoreProcessor implements SentryPolicyService.Iface {
CommitContext commitContext = sentryStore.alterSentryRoleGrantPrivilege(request.getRequestorUserName(),
request.getRoleName(), request.getPrivilege());
response.setStatus(Status.OK());
+ response.setPrivilege(request.getPrivilege());
notificationHandlerInvoker.alter_sentry_role_grant_privilege(commitContext,
request, response);
} catch (SentryNoSuchObjectException e) {
@@ -529,4 +532,26 @@ public class SentryPolicyStoreProcessor implements SentryPolicyService.Iface {
return response;
}
+ @Override
+ public TListSentryPrivilegesByAuthResponse list_sentry_privileges_by_authorizable(
+ TListSentryPrivilegesByAuthRequest request) throws TException {
+ TListSentryPrivilegesByAuthResponse response = new TListSentryPrivilegesByAuthResponse();
+ Map<TSentryAuthorizable, TSentryPrivilegeMap> authRoleMap = Maps.newHashMap();
+ try {
+ for (TSentryAuthorizable authorizable : request.getAuthorizableSet()) {
+ authRoleMap.put(authorizable, sentryStore
+ .listSentryPrivilegesByAuthorizable(request.getGroups(),
+ request.getRoleSet(), authorizable));
+ }
+ response.setPrivilegesMapByAuth(authRoleMap);
+ response.setStatus(Status.OK());
+ } catch (Exception e) {
+ String msg = "Unknown error for request: " + request + ", message: "
+ + e.getMessage();
+ LOGGER.error(msg, e);
+ response.setStatus(Status.RuntimeError(msg, e));
+ }
+ return response;
+ }
+
}
http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/fa5f81c7/sentry-provider/sentry-provider-db/src/main/resources/sentry_policy_service.thrift
----------------------------------------------------------------------
diff --git a/sentry-provider/sentry-provider-db/src/main/resources/sentry_policy_service.thrift b/sentry-provider/sentry-provider-db/src/main/resources/sentry_policy_service.thrift
index d215ffe..d8357aa 100644
--- a/sentry-provider/sentry-provider-db/src/main/resources/sentry_policy_service.thrift
+++ b/sentry-provider/sentry-provider-db/src/main/resources/sentry_policy_service.thrift
@@ -108,6 +108,7 @@ struct TAlterSentryRoleGrantPrivilegeRequest {
}
struct TAlterSentryRoleGrantPrivilegeResponse {
1: required sentry_common_service.TSentryResponseStatus status
+2: optional TSentryPrivilege privilege
}
# REVOKE ... ON ... FROM ROLE ...
@@ -198,6 +199,22 @@ struct TListSentryPrivilegesForProviderResponse {
2: required set<string> privileges
}
+# List role:set<privileges> for the given authorizable
+# Optionally use the set of groups to filter the roles
+struct TSentryPrivilegeMap {
+1: required map<string, set<TSentryPrivilege>> privilegeMap
+}
+struct TListSentryPrivilegesByAuthRequest {
+1: required i32 protocol_version = sentry_common_service.TSENTRY_SERVICE_V1,
+2: required set<TSentryAuthorizable> authorizableSet,
+3: optional set<string> groups,
+4: optional TSentryActiveRoleSet roleSet
+}
+struct TListSentryPrivilegesByAuthResponse {
+1: required sentry_common_service.TSentryResponseStatus status,
+2: required map<TSentryAuthorizable, TSentryPrivilegeMap> privilegesMapByAuth
+}
+
service SentryPolicyService
{
TCreateSentryRoleResponse create_sentry_role(1:TCreateSentryRoleRequest request)
@@ -219,4 +236,6 @@ service SentryPolicyService
TDropPrivilegesResponse drop_sentry_privilege(1:TDropPrivilegesRequest request);
TRenamePrivilegesResponse rename_sentry_privilege(1:TRenamePrivilegesRequest request);
+
+ TListSentryPrivilegesByAuthResponse list_sentry_privileges_by_authorizable(1:TListSentryPrivilegesByAuthRequest request);
}
http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/fa5f81c7/sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/provider/db/service/thrift/TestSentryServiceIntegration.java
----------------------------------------------------------------------
diff --git a/sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/provider/db/service/thrift/TestSentryServiceIntegration.java b/sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/provider/db/service/thrift/TestSentryServiceIntegration.java
index 5244094..38cb39b 100644
--- a/sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/provider/db/service/thrift/TestSentryServiceIntegration.java
+++ b/sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/provider/db/service/thrift/TestSentryServiceIntegration.java
@@ -21,12 +21,23 @@ package org.apache.sentry.provider.db.service.thrift;
import static junit.framework.Assert.assertEquals;
import static org.junit.Assert.assertTrue;
+import java.util.List;
+import java.util.Map;
import java.util.Set;
+import java.util.TreeMap;
+import org.apache.sentry.core.common.ActiveRoleSet;
+import org.apache.sentry.core.common.Authorizable;
import org.apache.sentry.core.model.db.AccessConstants;
+import org.apache.sentry.core.model.db.AccessURI;
+import org.apache.sentry.core.model.db.Database;
+import org.apache.sentry.core.model.db.Server;
+import org.apache.sentry.core.model.db.Table;
import org.apache.sentry.service.thrift.SentryServiceIntegrationBase;
import org.junit.Test;
+import com.google.common.collect.Lists;
+import com.google.common.collect.Maps;
import com.google.common.collect.Sets;
@@ -287,4 +298,216 @@ public class TestSentryServiceIntegration extends SentryServiceIntegrationBase {
client.revokeTablePrivilege(requestorUserName, roleName, "server", "db1", "table1", "ALL", null);
assertEquals(0, client.listAllPrivilegesByRoleName(requestorUserName, roleName).size());
}
+
+ @Test
+ public void testListByAuthDB() throws Exception {
+ String requestorUserName = ADMIN_USER;
+ Set<String> requestorUserGroupNames = Sets.newHashSet(ADMIN_GROUP);
+ String roleName1 = "role1";
+ String roleName2 = "role2";
+ Set<String> testRoleSet = Sets.newHashSet(roleName1, roleName2);
+ String group1 = "group1";
+ String group2 = "group2";
+ Set<String> testGroupSet = Sets.newHashSet(group1, group2);
+ String server = "server1";
+ String db = "testDB";
+ String db2 = "testDB2";
+ String tab = "testTab";
+ setLocalGroupMapping(requestorUserName, requestorUserGroupNames);
+ writePolicyFile();
+
+ client.dropRoleIfExists(requestorUserName, roleName1);
+ client.createRole(requestorUserName, roleName1);
+ client.dropRoleIfExists(requestorUserName, roleName2);
+ client.createRole(requestorUserName, roleName2);
+
+ TSentryPrivilege role1db1 = client.grantDatabasePrivilege(
+ requestorUserName, roleName1, server, db, AccessConstants.SELECT);
+ client.grantTablePrivilege(requestorUserName, roleName1, server, db, tab,
+ AccessConstants.ALL);
+ client.grantTablePrivilege(requestorUserName, roleName1, server, db2, tab,
+ AccessConstants.SELECT);
+ client.grantURIPrivilege(requestorUserName, roleName1, server, "hdfs:///fooUri");
+ client.grantRoleToGroup(requestorUserName, group1, roleName1);
+
+ TSentryPrivilege role2db1 = client.grantDatabasePrivilege(
+ requestorUserName, roleName2, server, db,
+ AccessConstants.ALL);
+ client.grantDatabasePrivilege(requestorUserName, roleName2, server, db2,
+ AccessConstants.SELECT);
+ client.grantTablePrivilege(requestorUserName, roleName2, server, db2, tab,
+ AccessConstants.ALL);
+ client.grantRoleToGroup(requestorUserName, group2, roleName2);
+
+ // build expected output
+ TSentryPrivilegeMap db1RoleToPrivMap = new TSentryPrivilegeMap(
+ new TreeMap<String, Set<TSentryPrivilege>>());
+ db1RoleToPrivMap.getPrivilegeMap()
+ .put(roleName1, Sets.newHashSet(role1db1));
+ db1RoleToPrivMap.getPrivilegeMap()
+ .put(roleName2, Sets.newHashSet(role2db1));
+ Map<TSentryAuthorizable, TSentryPrivilegeMap> expectedResults = Maps
+ .newTreeMap();
+ List<? extends Authorizable> db1Authrizable = Lists.newArrayList(
+ new Server(server), new Database(db));
+ expectedResults.put(
+ SentryPolicyServiceClient.setupSentryAuthorizable(db1Authrizable),
+ db1RoleToPrivMap);
+
+ Set<List<? extends Authorizable>> authorizableSet = Sets.newHashSet();
+ authorizableSet.add(db1Authrizable);
+
+ // verify for null group and null roleset
+ Map<TSentryAuthorizable, TSentryPrivilegeMap> authPrivMap = client
+ .listPrivilegsbyAuthorizable(authorizableSet, null, null);
+ assertEquals(expectedResults, authPrivMap);
+
+ // verify for null group and specific roleset
+ authPrivMap = client.listPrivilegsbyAuthorizable(authorizableSet, null,
+ new ActiveRoleSet(testRoleSet));
+ assertEquals(expectedResults, authPrivMap);
+
+ // verify for null group and specific roleset
+ authPrivMap = client.listPrivilegsbyAuthorizable(authorizableSet, null,
+ ActiveRoleSet.ALL);
+ assertEquals(expectedResults, authPrivMap);
+
+ // verify for specific group and null roleset
+ authPrivMap = client.listPrivilegsbyAuthorizable(authorizableSet,
+ testGroupSet, null);
+ assertEquals(expectedResults, authPrivMap);
+
+ // verify for specific group and specific roleset
+ authPrivMap = client.listPrivilegsbyAuthorizable(authorizableSet,
+ testGroupSet, new ActiveRoleSet(testRoleSet));
+ assertEquals(expectedResults, authPrivMap);
+
+ // verify for specific group and ALL roleset
+ authPrivMap = client.listPrivilegsbyAuthorizable(authorizableSet,
+ testGroupSet, ActiveRoleSet.ALL);
+ assertEquals(expectedResults, authPrivMap);
+ }
+
+ @Test
+ public void testListByAuthTab() throws Exception {
+ String requestorUserName = ADMIN_USER;
+ Set<String> requestorUserGroupNames = Sets.newHashSet(ADMIN_GROUP);
+ String roleName1 = "role1";
+ String roleName2 = "role2";
+ String server = "server1";
+ String db = "testDB";
+ String db2 = "testDB2";
+ String tab = "testTab";
+ setLocalGroupMapping(requestorUserName, requestorUserGroupNames);
+ writePolicyFile();
+
+ client.dropRoleIfExists(requestorUserName, roleName1);
+ client.createRole(requestorUserName, roleName1);
+ client.dropRoleIfExists(requestorUserName, roleName2);
+ client.createRole(requestorUserName, roleName2);
+
+ client.grantDatabasePrivilege(
+ requestorUserName, roleName1, server, db, AccessConstants.SELECT);
+ client.grantTablePrivilege(requestorUserName, roleName1, server, db, tab,
+ AccessConstants.ALL);
+ TSentryPrivilege role1db2tab = client.grantTablePrivilege(
+ requestorUserName, roleName1, server, db2, tab,
+ AccessConstants.SELECT);
+
+ client.grantDatabasePrivilege(
+ requestorUserName, roleName2, server, db,
+ AccessConstants.ALL);
+ client.grantDatabasePrivilege(requestorUserName, roleName2, server, db2,
+ AccessConstants.SELECT);
+ TSentryPrivilege role2db2tab = client.grantTablePrivilege(
+ requestorUserName, roleName2, server, db2, tab,
+ AccessConstants.ALL);
+ client.grantURIPrivilege(requestorUserName, roleName1, server,
+ "hdfs:///fooUri");
+
+ // build expected output
+ TSentryPrivilegeMap db1RoleToPrivMap = new TSentryPrivilegeMap(
+ new TreeMap<String, Set<TSentryPrivilege>>());
+ db1RoleToPrivMap.getPrivilegeMap()
+.put(roleName1,
+ Sets.newHashSet(role1db2tab));
+ db1RoleToPrivMap.getPrivilegeMap()
+.put(roleName2,
+ Sets.newHashSet(role2db2tab));
+ Map<TSentryAuthorizable, TSentryPrivilegeMap> expectedResults = Maps
+ .newTreeMap();
+ List<? extends Authorizable> db2TabAuthrizable = Lists.newArrayList(
+ new Server(server), new Database(db2), new Table(tab));
+ expectedResults.put(
+ SentryPolicyServiceClient.setupSentryAuthorizable(db2TabAuthrizable),
+ db1RoleToPrivMap);
+
+ Set<List<? extends Authorizable>> authorizableSet = Sets.newHashSet();
+ authorizableSet.add(db2TabAuthrizable);
+ Map<TSentryAuthorizable, TSentryPrivilegeMap> authPrivMap = client
+ .listPrivilegsbyAuthorizable(authorizableSet, null, null);
+
+ assertEquals(expectedResults, authPrivMap);
+ }
+
+ @Test
+ public void testListByAuthUri() throws Exception {
+ String requestorUserName = ADMIN_USER;
+ Set<String> requestorUserGroupNames = Sets.newHashSet(ADMIN_GROUP);
+ String roleName1 = "role1";
+ String roleName2 = "role2";
+ String server = "server1";
+ String db = "testDB";
+ String db2 = "testDB2";
+ String tab = "testTab";
+ String uri1 = "hdfs:///fooUri";
+ setLocalGroupMapping(requestorUserName, requestorUserGroupNames);
+ writePolicyFile();
+
+ client.dropRoleIfExists(requestorUserName, roleName1);
+ client.createRole(requestorUserName, roleName1);
+ client.dropRoleIfExists(requestorUserName, roleName2);
+ client.createRole(requestorUserName, roleName2);
+
+ client.grantDatabasePrivilege(requestorUserName, roleName1, server, db,
+ AccessConstants.SELECT);
+ client.grantTablePrivilege(requestorUserName, roleName1, server, db, tab,
+ AccessConstants.ALL);
+ client.grantTablePrivilege(requestorUserName, roleName1, server, db2, tab,
+ AccessConstants.SELECT);
+ TSentryPrivilege role1uri1 = client.grantURIPrivilege(requestorUserName,
+ roleName1, server, uri1);
+
+ client.grantDatabasePrivilege(requestorUserName, roleName2, server, db,
+ AccessConstants.ALL);
+ client.grantDatabasePrivilege(requestorUserName, roleName2, server, db2,
+ AccessConstants.SELECT);
+ client.grantTablePrivilege(requestorUserName, roleName2, server, db2, tab,
+ AccessConstants.ALL);
+ TSentryPrivilege role2uri2 = client.grantURIPrivilege(requestorUserName,
+ roleName2, server, uri1);
+
+ // build expected output
+ TSentryPrivilegeMap db1RoleToPrivMap = new TSentryPrivilegeMap(
+ new TreeMap<String, Set<TSentryPrivilege>>());
+ db1RoleToPrivMap.getPrivilegeMap().put(roleName1,
+ Sets.newHashSet(role1uri1));
+ db1RoleToPrivMap.getPrivilegeMap().put(roleName2,
+ Sets.newHashSet(role2uri2));
+ Map<TSentryAuthorizable, TSentryPrivilegeMap> expectedResults = Maps
+ .newTreeMap();
+ List<? extends Authorizable> uri1Authrizable = Lists.newArrayList(
+ new Server(server), new AccessURI(uri1));
+ expectedResults.put(
+ SentryPolicyServiceClient.setupSentryAuthorizable(uri1Authrizable),
+ db1RoleToPrivMap);
+
+ Set<List<? extends Authorizable>> authorizableSet = Sets.newHashSet();
+ authorizableSet.add(uri1Authrizable);
+ Map<TSentryAuthorizable, TSentryPrivilegeMap> authPrivMap = client
+ .listPrivilegsbyAuthorizable(authorizableSet, null, null);
+
+ assertEquals(expectedResults, authPrivMap);
+ }
+
}
|