sentry-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From cohei...@apache.org
Subject sentry git commit: SENTRY-1979 - Consolidate code for converting Hive privilege objects to Strings
Date Tue, 17 Oct 2017 08:46:42 GMT
Repository: sentry
Updated Branches:
  refs/heads/master e901041d8 -> cd3a60abf


SENTRY-1979 - Consolidate code for converting Hive privilege objects to Strings


Project: http://git-wip-us.apache.org/repos/asf/sentry/repo
Commit: http://git-wip-us.apache.org/repos/asf/sentry/commit/cd3a60ab
Tree: http://git-wip-us.apache.org/repos/asf/sentry/tree/cd3a60ab
Diff: http://git-wip-us.apache.org/repos/asf/sentry/diff/cd3a60ab

Branch: refs/heads/master
Commit: cd3a60abf10d526b6cc5ee2d4cec3c2709fe5b24
Parents: e901041
Author: Colm O hEigeartaigh <coheigea@apache.org>
Authored: Tue Oct 17 09:46:29 2017 +0100
Committer: Colm O hEigeartaigh <coheigea@apache.org>
Committed: Tue Oct 17 09:46:29 2017 +0100

----------------------------------------------------------------------
 .../db/tools/command/hive/CommandUtil.java      | 60 +-------------------
 .../command/hive/GrantPrivilegeToRoleCmd.java   |  4 +-
 .../tools/command/hive/ListPrivilegesCmd.java   | 56 ++----------------
 .../hive/RevokePrivilegeFromRoleCmd.java        |  6 +-
 .../provider/db/tools/TestSentryShellHive.java  | 12 ++--
 5 files changed, 17 insertions(+), 121 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/sentry/blob/cd3a60ab/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/tools/command/hive/CommandUtil.java
----------------------------------------------------------------------
diff --git a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/tools/command/hive/CommandUtil.java
b/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/tools/command/hive/CommandUtil.java
index 51ee9ef..b6f4140 100644
--- a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/tools/command/hive/CommandUtil.java
+++ b/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/tools/command/hive/CommandUtil.java
@@ -18,76 +18,20 @@
 package org.apache.sentry.provider.db.tools.command.hive;
 
 import org.apache.commons.lang.StringUtils;
-import org.apache.sentry.core.common.utils.KeyValue;
-import org.apache.sentry.core.common.utils.PolicyFileConstants;
-import org.apache.sentry.core.common.utils.SentryConstants;
-import org.apache.sentry.core.model.db.AccessConstants;
-import org.apache.sentry.provider.db.service.thrift.TSentryGrantOption;
 import org.apache.sentry.provider.db.service.thrift.TSentryPrivilege;
 import org.apache.sentry.service.thrift.ServiceConstants;
 
 public final class CommandUtil {
 
   public static final String SPLIT_CHAR = ",";
-  
+
   private CommandUtil() {
     // Make constructor private to avoid instantiation
   }
 
-  // parse the privilege in String and get the TSentryPrivilege as result
-  public static TSentryPrivilege convertToTSentryPrivilege(String privilegeStr) throws Exception
{
-    TSentryPrivilege tSentryPrivilege = new TSentryPrivilege();
-    for (String authorizable : SentryConstants.AUTHORIZABLE_SPLITTER.split(privilegeStr))
{
-      KeyValue tempKV = new KeyValue(authorizable);
-      String key = tempKV.getKey();
-      String value = tempKV.getValue();
-
-      if (PolicyFileConstants.PRIVILEGE_SERVER_NAME.equalsIgnoreCase(key)) {
-        tSentryPrivilege.setServerName(value);
-      } else if (PolicyFileConstants.PRIVILEGE_DATABASE_NAME.equalsIgnoreCase(key)) {
-        tSentryPrivilege.setDbName(value);
-      } else if (PolicyFileConstants.PRIVILEGE_TABLE_NAME.equalsIgnoreCase(key)) {
-        tSentryPrivilege.setTableName(value);
-      } else if (PolicyFileConstants.PRIVILEGE_COLUMN_NAME.equalsIgnoreCase(key)) {
-        tSentryPrivilege.setColumnName(value);
-      } else if (PolicyFileConstants.PRIVILEGE_URI_NAME.equalsIgnoreCase(key)) {
-        tSentryPrivilege.setURI(value);
-        tSentryPrivilege.setAction(AccessConstants.ALL);
-      } else if (PolicyFileConstants.PRIVILEGE_ACTION_NAME.equalsIgnoreCase(key)) {
-        tSentryPrivilege.setAction(value);
-      } else if (PolicyFileConstants.PRIVILEGE_GRANT_OPTION_NAME.equalsIgnoreCase(key)) {
-        TSentryGrantOption grantOption = "true".equalsIgnoreCase(value) ? TSentryGrantOption.TRUE
-                : TSentryGrantOption.FALSE;
-        tSentryPrivilege.setGrantOption(grantOption);
-      }
-    }
-    tSentryPrivilege.setPrivilegeScope(getPrivilegeScope(tSentryPrivilege));
-    validatePrivilegeHierarchy(tSentryPrivilege);
-    return tSentryPrivilege;
-  }
-
-  // for the different hierarchy for hive:
-  // 1: server->url
-  // 2: server->database->table->column
-  // if both of them are found in the privilege string, the privilege scope will be set as
-  // PrivilegeScope.URI
-  private static String getPrivilegeScope(TSentryPrivilege tSentryPrivilege) {
-    ServiceConstants.PrivilegeScope privilegeScope = ServiceConstants.PrivilegeScope.SERVER;
-    if (!StringUtils.isEmpty(tSentryPrivilege.getURI())) {
-      privilegeScope = ServiceConstants.PrivilegeScope.URI;
-    } else if (!StringUtils.isEmpty(tSentryPrivilege.getColumnName())) {
-      privilegeScope = ServiceConstants.PrivilegeScope.COLUMN;
-    } else if (!StringUtils.isEmpty(tSentryPrivilege.getTableName())) {
-      privilegeScope = ServiceConstants.PrivilegeScope.TABLE;
-    } else if (!StringUtils.isEmpty(tSentryPrivilege.getDbName())) {
-      privilegeScope = ServiceConstants.PrivilegeScope.DATABASE;
-    }
-    return privilegeScope.toString();
-  }
-
   // check the privilege value for the specific privilege scope
   // eg, for the table scope, server and database can't be empty
-  private static void validatePrivilegeHierarchy(TSentryPrivilege tSentryPrivilege) throws
Exception {
+  public static void validatePrivilegeHierarchy(TSentryPrivilege tSentryPrivilege) throws
Exception {
     String serverName = tSentryPrivilege.getServerName();
     String dbName = tSentryPrivilege.getDbName();
     String tableName = tSentryPrivilege.getTableName();

http://git-wip-us.apache.org/repos/asf/sentry/blob/cd3a60ab/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/tools/command/hive/GrantPrivilegeToRoleCmd.java
----------------------------------------------------------------------
diff --git a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/tools/command/hive/GrantPrivilegeToRoleCmd.java
b/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/tools/command/hive/GrantPrivilegeToRoleCmd.java
index e3d06a9..f530c00 100644
--- a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/tools/command/hive/GrantPrivilegeToRoleCmd.java
+++ b/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/tools/command/hive/GrantPrivilegeToRoleCmd.java
@@ -19,6 +19,7 @@ package org.apache.sentry.provider.db.tools.command.hive;
 
 import org.apache.sentry.provider.db.service.thrift.SentryPolicyServiceClient;
 import org.apache.sentry.provider.db.service.thrift.TSentryPrivilege;
+import org.apache.sentry.service.thrift.SentryServiceUtil;
 
 /**
  * The class for admin command to grant privilege to role.
@@ -35,7 +36,8 @@ public class GrantPrivilegeToRoleCmd implements Command {
 
   @Override
   public void execute(SentryPolicyServiceClient client, String requestorName) throws Exception
{
-    TSentryPrivilege tSentryPrivilege = CommandUtil.convertToTSentryPrivilege(privilegeStr);
+    TSentryPrivilege tSentryPrivilege = SentryServiceUtil.convertToTSentryPrivilege(privilegeStr);
+    CommandUtil.validatePrivilegeHierarchy(tSentryPrivilege);
     client.grantPrivilege(requestorName, roleName, tSentryPrivilege);
   }
 }

http://git-wip-us.apache.org/repos/asf/sentry/blob/cd3a60ab/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/tools/command/hive/ListPrivilegesCmd.java
----------------------------------------------------------------------
diff --git a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/tools/command/hive/ListPrivilegesCmd.java
b/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/tools/command/hive/ListPrivilegesCmd.java
index 5f3e9fb..2cc4f71 100644
--- a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/tools/command/hive/ListPrivilegesCmd.java
+++ b/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/tools/command/hive/ListPrivilegesCmd.java
@@ -17,16 +17,11 @@
  */
 package org.apache.sentry.provider.db.tools.command.hive;
 
-import com.google.common.collect.Lists;
-import org.apache.commons.lang.StringUtils;
-import org.apache.sentry.core.common.utils.SentryConstants;
-import org.apache.sentry.core.common.utils.PolicyFileConstants;
+import java.util.Set;
+
 import org.apache.sentry.provider.db.service.thrift.SentryPolicyServiceClient;
-import org.apache.sentry.provider.db.service.thrift.TSentryGrantOption;
 import org.apache.sentry.provider.db.service.thrift.TSentryPrivilege;
-
-import java.util.List;
-import java.util.Set;
+import org.apache.sentry.service.thrift.SentryServiceUtil;
 
 /**
  * The class for admin command to list privileges.
@@ -45,53 +40,10 @@ public class ListPrivilegesCmd implements Command {
             .listAllPrivilegesByRoleName(requestorName, roleName);
     if (privileges != null) {
       for (TSentryPrivilege privilege : privileges) {
-        String privilegeStr = convertToPrivilegeStr(privilege);
+        String privilegeStr = SentryServiceUtil.convertTSentryPrivilegeToStr(privilege);
         System.out.println(privilegeStr);
       }
     }
   }
 
-  // convert TSentryPrivilege to privilege in string
-  private String convertToPrivilegeStr(TSentryPrivilege tSentryPrivilege) {
-    List<String> privileges = Lists.newArrayList();
-    if (tSentryPrivilege != null) {
-      String serverName = tSentryPrivilege.getServerName();
-      String dbName = tSentryPrivilege.getDbName();
-      String tableName = tSentryPrivilege.getTableName();
-      String columnName = tSentryPrivilege.getColumnName();
-      String uri = tSentryPrivilege.getURI();
-      String action = tSentryPrivilege.getAction();
-      String grantOption = (tSentryPrivilege.getGrantOption() == TSentryGrantOption.TRUE
? "true"
-              : "false");
-      if (!StringUtils.isEmpty(serverName)) {
-        privileges.add(SentryConstants.KV_JOINER.join(PolicyFileConstants.PRIVILEGE_SERVER_NAME,
-                serverName));
-        if (!StringUtils.isEmpty(uri)) {
-          privileges.add(SentryConstants.KV_JOINER.join(PolicyFileConstants.PRIVILEGE_URI_NAME,
-                  uri));
-        } else if (!StringUtils.isEmpty(dbName)) {
-          privileges.add(SentryConstants.KV_JOINER.join(
-                  PolicyFileConstants.PRIVILEGE_DATABASE_NAME, dbName));
-          if (!StringUtils.isEmpty(tableName)) {
-            privileges.add(SentryConstants.KV_JOINER.join(
-                    PolicyFileConstants.PRIVILEGE_TABLE_NAME, tableName));
-            if (!StringUtils.isEmpty(columnName)) {
-              privileges.add(SentryConstants.KV_JOINER.join(
-                      PolicyFileConstants.PRIVILEGE_COLUMN_NAME, columnName));
-            }
-          }
-        }
-        if (!StringUtils.isEmpty(action)) {
-          privileges.add(SentryConstants.KV_JOINER.join(
-                  PolicyFileConstants.PRIVILEGE_ACTION_NAME, action));
-        }
-      }
-      // only append the grant option to privilege string if it's true
-      if ("true".equals(grantOption)) {
-        privileges.add(SentryConstants.KV_JOINER.join(
-                PolicyFileConstants.PRIVILEGE_GRANT_OPTION_NAME, grantOption));
-      }
-    }
-    return SentryConstants.AUTHORIZABLE_JOINER.join(privileges);
-  }
 }

http://git-wip-us.apache.org/repos/asf/sentry/blob/cd3a60ab/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/tools/command/hive/RevokePrivilegeFromRoleCmd.java
----------------------------------------------------------------------
diff --git a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/tools/command/hive/RevokePrivilegeFromRoleCmd.java
b/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/tools/command/hive/RevokePrivilegeFromRoleCmd.java
index fe6aca5..4acecee 100644
--- a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/tools/command/hive/RevokePrivilegeFromRoleCmd.java
+++ b/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/tools/command/hive/RevokePrivilegeFromRoleCmd.java
@@ -19,6 +19,7 @@ package org.apache.sentry.provider.db.tools.command.hive;
 
 import org.apache.sentry.provider.db.service.thrift.SentryPolicyServiceClient;
 import org.apache.sentry.provider.db.service.thrift.TSentryPrivilege;
+import org.apache.sentry.service.thrift.SentryServiceUtil;
 
 /**
  * The class for admin command to revoke privileges from role.
@@ -35,8 +36,9 @@ public class RevokePrivilegeFromRoleCmd implements Command {
 
   @Override
   public void execute(SentryPolicyServiceClient client, String requestorName) throws Exception
{
-    TSentryPrivilege tSentryPrivilege = CommandUtil.convertToTSentryPrivilege(privilegeStr);
-   client.revokePrivilege(requestorName, roleName, tSentryPrivilege);
+    TSentryPrivilege tSentryPrivilege = SentryServiceUtil.convertToTSentryPrivilege(privilegeStr);
+    CommandUtil.validatePrivilegeHierarchy(tSentryPrivilege);
+    client.revokePrivilege(requestorName, roleName, tSentryPrivilege);
   }
 
 }

http://git-wip-us.apache.org/repos/asf/sentry/blob/cd3a60ab/sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/provider/db/tools/TestSentryShellHive.java
----------------------------------------------------------------------
diff --git a/sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/provider/db/tools/TestSentryShellHive.java
b/sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/provider/db/tools/TestSentryShellHive.java
index 81059c5..8335bcc 100644
--- a/sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/provider/db/tools/TestSentryShellHive.java
+++ b/sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/provider/db/tools/TestSentryShellHive.java
@@ -212,9 +212,8 @@ public class TestSentryShellHive extends SentryServiceIntegrationBase
{
             "server=server1->db=db1->table=tbl1->column=col2->action=insert->grantoption=true",
             "-conf", confPath.getAbsolutePath() };
         SentryShellHive.main(args);
-        // for the uri privilege, the action will be awalys *
         args = new String[] { "-gpr", "-r", TEST_ROLE_NAME_1, "-p",
-            "server=server1->uri=hdfs://path/testuri", "-conf", confPath.getAbsolutePath()
};
+            "server=server1->uri=hdfs://path/testuri->action=*", "-conf", confPath.getAbsolutePath()
};
         SentryShellHive.main(args);
 
         // test the list privilege with -lp
@@ -230,7 +229,6 @@ public class TestSentryShellHive extends SentryServiceIntegrationBase
{
             .contains("server=server1->db=db1->table=tbl1->column=col1->action=insert"));
         assertTrue(privilegeStrs
             .contains("server=server1->db=db1->table=tbl1->column=col2->action=insert->grantoption=true"));
-        // for the uri privilege, the action will be awalys *
         assertTrue(privilegeStrs.contains("server=server1->uri=hdfs://path/testuri->action=*"));
 
         // test: revoke privilege from role with -rpr
@@ -250,7 +248,7 @@ public class TestSentryShellHive extends SentryServiceIntegrationBase
{
         assertEquals("Incorrect number of privileges", 4, privileges.size());
 
         args = new String[] { "-rpr", "-r", TEST_ROLE_NAME_1, "-p",
-            "server=server1->uri=hdfs://path/testuri", "-conf", confPath.getAbsolutePath()
};
+            "server=server1->uri=hdfs://path/testuri->action=*", "-conf", confPath.getAbsolutePath()
};
         SentryShellHive.main(args);
         privileges = client.listAllPrivilegesByRoleName(requestorName, TEST_ROLE_NAME_1);
         assertEquals("Incorrect number of privileges", 3, privileges.size());
@@ -310,9 +308,8 @@ public class TestSentryShellHive extends SentryServiceIntegrationBase
{
             "server=server1->db=db1->table=tbl1->column=col2->action=insert->grantoption=true",
             "-conf", confPath.getAbsolutePath() };
         SentryShellHive.main(args);
-        // for the uri privilege, the action will be awalys *
         args = new String[] { "--grant_privilege_role", "-r", TEST_ROLE_NAME_1, "-p",
-            "server=server1->uri=hdfs://path/testuri", "-conf", confPath.getAbsolutePath()
};
+            "server=server1->uri=hdfs://path/testuri->action=*", "-conf", confPath.getAbsolutePath()
};
         SentryShellHive.main(args);
 
         // test the list privilege with -lp
@@ -329,7 +326,6 @@ public class TestSentryShellHive extends SentryServiceIntegrationBase
{
             .contains("server=server1->db=db1->table=tbl1->column=col1->action=insert"));
         assertTrue(privilegeStrs
             .contains("server=server1->db=db1->table=tbl1->column=col2->action=insert->grantoption=true"));
-        // for the uri privilege, the action will be awalys *
         assertTrue(privilegeStrs.contains("server=server1->uri=hdfs://path/testuri->action=*"));
 
         // test: revoke privilege from role with -rpr
@@ -349,7 +345,7 @@ public class TestSentryShellHive extends SentryServiceIntegrationBase
{
         assertEquals("Incorrect number of privileges", 4, privileges.size());
 
         args = new String[] { "--revoke_privilege_role", "-r", TEST_ROLE_NAME_1, "-p",
-            "server=server1->uri=hdfs://path/testuri", "-conf", confPath.getAbsolutePath()
};
+            "server=server1->uri=hdfs://path/testuri->action=*", "-conf", confPath.getAbsolutePath()
};
         SentryShellHive.main(args);
         privileges = client.listAllPrivilegesByRoleName(requestorName, TEST_ROLE_NAME_1);
         assertEquals("Incorrect number of privileges", 3, privileges.size());


Mime
View raw message