You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@sentry.apache.org by co...@apache.org on 2017/11/22 15:56:21 UTC
[01/23] sentry git commit: SENTRY-1812: Provide interactive Sentry CLI
Repository: sentry
Updated Branches:
refs/heads/master 9fd29f9df -> ef81e0907
SENTRY-1812: Provide interactive Sentry CLI
Project: http://git-wip-us.apache.org/repos/asf/sentry/repo
Commit: http://git-wip-us.apache.org/repos/asf/sentry/commit/44c5d9f4
Tree: http://git-wip-us.apache.org/repos/asf/sentry/tree/44c5d9f4
Diff: http://git-wip-us.apache.org/repos/asf/sentry/diff/44c5d9f4
Branch: refs/heads/master
Commit: 44c5d9f4a744bd71047bab773cdb783ee3b89b44
Parents: da1863f
Author: Alexander Kolbasov <ak...@cloudera.com>
Authored: Wed Sep 27 13:28:46 2017 -0500
Committer: Alexander Kolbasov <ak...@cloudera.com>
Committed: Wed Sep 27 13:28:46 2017 -0500
----------------------------------------------------------------------
.../db/service/thrift/TestSentryMetrics.java | 96 ++++++
sentry-tools/pom.xml | 63 ++++
.../org/apache/sentry/shell/GroupShell.java | 65 ++++
.../org/apache/sentry/shell/PrivsShell.java | 73 ++++
.../org/apache/sentry/shell/RolesShell.java | 72 ++++
.../java/org/apache/sentry/shell/SentryCli.java | 205 ++++++++++++
.../java/org/apache/sentry/shell/ShellUtil.java | 335 +++++++++++++++++++
.../org/apache/sentry/shell/TopLevelShell.java | 161 +++++++++
8 files changed, 1070 insertions(+)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/sentry/blob/44c5d9f4/sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/provider/db/service/thrift/TestSentryMetrics.java
----------------------------------------------------------------------
diff --git a/sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/provider/db/service/thrift/TestSentryMetrics.java b/sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/provider/db/service/thrift/TestSentryMetrics.java
new file mode 100644
index 0000000..b9c63ff
--- /dev/null
+++ b/sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/provider/db/service/thrift/TestSentryMetrics.java
@@ -0,0 +1,96 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.sentry.provider.db.service.thrift;
+
+import com.codahale.metrics.Counter;
+import com.google.gson.JsonElement;
+import com.google.gson.JsonObject;
+import com.google.gson.JsonParser;
+import org.apache.hadoop.conf.Configuration;
+import org.apache.sentry.service.thrift.ServiceConstants;
+import org.junit.AfterClass;
+import org.junit.Assert;
+import org.junit.BeforeClass;
+import org.junit.Test;
+
+import java.io.File;
+import java.io.FileNotFoundException;
+import java.io.FileReader;
+
+import static java.lang.Thread.sleep;
+
+public class TestSentryMetrics {
+ private static SentryMetrics metrics = SentryMetrics.getInstance();
+ private final static Configuration conf = new Configuration();
+ private static File jsonReportFile;
+
+ @BeforeClass
+ public static void setUp() throws Exception {
+ jsonReportFile = File.createTempFile("TestMetrics", ".json");
+ String jsonFile = jsonReportFile.getAbsolutePath();
+ conf.set(ServiceConstants.ServerConfig.SENTRY_JSON_REPORTER_FILE, jsonFile);
+ conf.setInt(ServiceConstants.ServerConfig.SENTRY_REPORTER_INTERVAL_SEC, 1);
+ conf.set(ServiceConstants.ServerConfig.SENTRY_REPORTER, "JSON");
+ metrics.initReporting(conf);
+ }
+
+ @AfterClass
+ public static void cleanup() {
+ System.out.println(jsonReportFile);
+ jsonReportFile.delete();
+ }
+
+
+ /**
+ * Test JSON reporter.
+ * <ul>
+ * <li>increment the counter value</li>
+ * <li>wait a bit for the new repor to be written</li>
+ * <li>read the value from JSON file</li>
+ * <li>verify that the value matches expectation</li>
+ * </ul>
+ * This check is repeated a few times to verify that the values are updated over time.
+ * @throws Exception if fails to read counter value
+ */
+ @Test
+ public void testJsonReporter() throws Exception {
+ int runs = 5;
+ String counterName = "cnt";
+ Counter counter = metrics.getCounter(counterName);
+ for (int i = 0; i < runs; i++) {
+ counter.inc();
+ sleep(1500);
+ Assert.assertEquals(i + 1, getCounterValue(counterName));
+ }
+
+ }
+
+ /**
+ * Read counter value from JSON metric report
+ * @param name counter name
+ * @return counter value
+ * @throws FileNotFoundException if file doesn't exist
+ */
+ private int getCounterValue(String name) throws FileNotFoundException {
+ JsonParser parser = new JsonParser();
+ JsonElement element = parser.parse(new FileReader(jsonReportFile.getAbsolutePath()));
+ JsonObject jobj = element.getAsJsonObject();
+ jobj = jobj.getAsJsonObject("counters").getAsJsonObject(name);
+ return jobj.get("count").getAsInt();
+ }
+}
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/sentry/blob/44c5d9f4/sentry-tools/pom.xml
----------------------------------------------------------------------
diff --git a/sentry-tools/pom.xml b/sentry-tools/pom.xml
new file mode 100644
index 0000000..ed0fb92
--- /dev/null
+++ b/sentry-tools/pom.xml
@@ -0,0 +1,63 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+Licensed to the Apache Software Foundation (ASF) under one or more
+contributor license agreements. See the NOTICE file distributed with
+this work for additional information regarding copyright ownership.
+The ASF licenses this file to You under the Apache License, Version 2.0
+(the "License"); you may not use this file except in compliance with
+the License. You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+-->
+<project xmlns="http://maven.apache.org/POM/4.0.0"
+ xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+ xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
+ <parent>
+ <artifactId>sentry</artifactId>
+ <groupId>org.apache.sentry</groupId>
+ <version>2.0.0-SNAPSHOT</version>
+ </parent>
+ <modelVersion>4.0.0</modelVersion>
+
+ <artifactId>sentry-tools</artifactId>
+
+ <dependencies>
+ <dependency>
+ <groupId>log4j</groupId>
+ <artifactId>log4j</artifactId>
+ </dependency>
+ <dependency>
+ <groupId>org.slf4j</groupId>
+ <artifactId>slf4j-api</artifactId>
+ </dependency>
+ <dependency>
+ <groupId>org.slf4j</groupId>
+ <artifactId>slf4j-log4j12</artifactId>
+ </dependency>
+ <dependency>
+ <groupId>commons-cli</groupId>
+ <artifactId>commons-cli</artifactId>
+ </dependency>
+ <dependency>
+ <groupId>com.budhash.cliche</groupId>
+ <artifactId>cliche-shell</artifactId>
+ <version>0.9.3</version>
+ </dependency>
+ <dependency>
+ <groupId>org.apache.sentry</groupId>
+ <artifactId>sentry-provider-db</artifactId>
+ </dependency>
+ </dependencies>
+
+ <build>
+ <sourceDirectory>${basedir}/src/main/java</sourceDirectory>
+ </build>
+
+
+</project>
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/sentry/blob/44c5d9f4/sentry-tools/src/main/java/org/apache/sentry/shell/GroupShell.java
----------------------------------------------------------------------
diff --git a/sentry-tools/src/main/java/org/apache/sentry/shell/GroupShell.java b/sentry-tools/src/main/java/org/apache/sentry/shell/GroupShell.java
new file mode 100644
index 0000000..3fc7a31
--- /dev/null
+++ b/sentry-tools/src/main/java/org/apache/sentry/shell/GroupShell.java
@@ -0,0 +1,65 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.sentry.shell;
+
+import com.budhash.cliche.Command;
+import com.budhash.cliche.Shell;
+import com.budhash.cliche.ShellDependent;
+import org.apache.sentry.provider.db.service.thrift.SentryPolicyServiceClient;
+
+import java.util.List;
+
+/**
+ * Sentry group manipulation for CLI
+ */
+public class GroupShell implements ShellDependent {
+ @Command
+ public List<String> list() {
+ return tools.listGroups();
+ }
+
+ @Command(abbrev = "lr", header = "[groups]",
+ description = "list groups and their roles")
+ public List<String> listRoles() {
+ return tools.listGroupRoles();
+ }
+
+ @Command(description = "Grant role to groups")
+ public void grant(String roleName, String ...groups) {
+ tools.grantGroupsToRole(roleName, groups);
+ }
+
+ @Command(description = "Revoke role from groups")
+ public void revoke(String roleName, String ...groups) {
+ tools.revokeGroupsFromRole(roleName, groups);
+ }
+
+ private final ShellUtil tools;
+ Shell shell;
+
+
+ public GroupShell(SentryPolicyServiceClient sentryClient, String authUser) {
+ this.tools = new ShellUtil(sentryClient, authUser);
+ }
+
+ @Override
+ public void cliSetShell(Shell theShell) {
+ this.shell = theShell;
+ }
+}
http://git-wip-us.apache.org/repos/asf/sentry/blob/44c5d9f4/sentry-tools/src/main/java/org/apache/sentry/shell/PrivsShell.java
----------------------------------------------------------------------
diff --git a/sentry-tools/src/main/java/org/apache/sentry/shell/PrivsShell.java b/sentry-tools/src/main/java/org/apache/sentry/shell/PrivsShell.java
new file mode 100644
index 0000000..9d8b9d9
--- /dev/null
+++ b/sentry-tools/src/main/java/org/apache/sentry/shell/PrivsShell.java
@@ -0,0 +1,73 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.sentry.shell;
+
+import com.budhash.cliche.Command;
+import com.budhash.cliche.Param;
+import com.budhash.cliche.Shell;
+import com.budhash.cliche.ShellDependent;
+import org.apache.sentry.provider.db.service.thrift.SentryPolicyServiceClient;
+
+import java.util.List;
+
+public class PrivsShell implements ShellDependent {
+ private final ShellUtil tools;
+ Shell shell;
+
+ @Command(description = "Grant privilege to role")
+ public void grant(
+ @Param(name = "roleName")
+ String roleName,
+ @Param(name = "privilege",
+ description = "privilege string, e.g. server=s1->db=foo")
+ String privilege) {
+ tools.grantPrivilegeToRole(roleName, privilege);
+ }
+
+ @Command
+ public String list() {
+ return tools.listPrivileges();
+ }
+
+ @Command
+ public List<String> list(
+ @Param(name = "roleName")
+ String roleName) {
+ return tools.listPrivileges(roleName);
+ }
+
+ @Command
+ public void revoke(
+ @Param(name = "roleName")
+ String roleName,
+ @Param(name = "privilege",
+ description = "privilege string, e.g. server=s1->db=foo")
+ String privilege) {
+ tools.revokePrivilegeFromRole(roleName, privilege);
+ }
+
+ public PrivsShell(SentryPolicyServiceClient sentryClient, String authUser) {
+ this.tools = new ShellUtil(sentryClient, authUser);
+ }
+
+ @Override
+ public void cliSetShell(Shell theShell) {
+ this.shell = theShell;
+ }
+}
http://git-wip-us.apache.org/repos/asf/sentry/blob/44c5d9f4/sentry-tools/src/main/java/org/apache/sentry/shell/RolesShell.java
----------------------------------------------------------------------
diff --git a/sentry-tools/src/main/java/org/apache/sentry/shell/RolesShell.java b/sentry-tools/src/main/java/org/apache/sentry/shell/RolesShell.java
new file mode 100644
index 0000000..9ac6637
--- /dev/null
+++ b/sentry-tools/src/main/java/org/apache/sentry/shell/RolesShell.java
@@ -0,0 +1,72 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.sentry.shell;
+
+import com.budhash.cliche.Command;
+import com.budhash.cliche.Param;
+import com.budhash.cliche.Shell;
+import com.budhash.cliche.ShellDependent;
+import org.apache.sentry.provider.db.service.thrift.SentryPolicyServiceClient;
+
+import java.util.List;
+
+/**
+ * Sentry roles manipulation for CLI.
+ */
+public class RolesShell implements ShellDependent {
+ @Command(description = "List sentry roles. shows all available roles.")
+ public List<String> list() {
+ return tools.listRoles();
+ }
+
+ @Command(description = "List sentry roles by group")
+ public List<String> list(
+ @Param(name = "groupName", description = "group name for roles")
+ String group) {
+ return tools.listRoles(group);
+ }
+
+ @Command(description = "Create Sentry role(s).")
+ public void create(
+ @Param(name = "roleName", description = "name of role to create")
+ String ...roles) {
+ tools.createRoles(roles);
+ }
+
+ @Command(description = "remove Sentry role(s).")
+ public void remove(
+ @Param(name = "roleName ...", description = "role names to remove")
+ String ...roles) {
+ tools.removeRoles(roles);
+ }
+
+
+ @Override
+ public void cliSetShell(Shell theShell) {
+ this.shell = theShell;
+ }
+
+ private final ShellUtil tools;
+ Shell shell;
+
+ public RolesShell(SentryPolicyServiceClient sentryClient, String authUser) {
+ this.tools = new ShellUtil(sentryClient, authUser);
+ }
+
+}
http://git-wip-us.apache.org/repos/asf/sentry/blob/44c5d9f4/sentry-tools/src/main/java/org/apache/sentry/shell/SentryCli.java
----------------------------------------------------------------------
diff --git a/sentry-tools/src/main/java/org/apache/sentry/shell/SentryCli.java b/sentry-tools/src/main/java/org/apache/sentry/shell/SentryCli.java
new file mode 100644
index 0000000..180d240
--- /dev/null
+++ b/sentry-tools/src/main/java/org/apache/sentry/shell/SentryCli.java
@@ -0,0 +1,205 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.sentry.shell;
+
+import org.apache.commons.cli.*;
+import org.apache.hadoop.conf.Configuration;
+import org.apache.hadoop.fs.Path;
+import org.apache.hadoop.security.UserGroupInformation;
+import org.apache.log4j.PropertyConfigurator;
+import org.apache.sentry.provider.db.service.thrift.SentryPolicyServiceClient;
+import org.apache.sentry.service.thrift.SentryServiceClientFactory;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+import java.io.FileInputStream;
+import java.io.FileNotFoundException;
+import java.io.IOException;
+import java.util.Map;
+import java.util.Properties;
+
+import static org.apache.sentry.service.thrift.ServiceConstants.ClientConfig.SERVER_RPC_ADDRESS;
+import static org.apache.sentry.service.thrift.ServiceConstants.ServerConfig.SECURITY_MODE;
+import static org.apache.sentry.service.thrift.ServiceConstants.ServerConfig.SECURITY_MODE_NONE;
+
+/**
+ * Sentry interactive tool
+ */
+public class SentryCli {
+ private static final Logger log = LoggerFactory.getLogger(SentryCli.class.getName());
+ private static final String LOG4J_CONF = "log4jConf";
+ private final String[] args;
+ private Options options = new Options();
+ private CommandLine cmd;
+
+ private static final String localhost = "localhost";
+ private static final String defaultPort = "8038";
+
+
+ private static final String configOpt = "config";
+ private static final String userOpt = "user";
+ private static final String hostOpt = "host";
+
+ private static final String configEnv = "SENTRY_CONFIG";
+ private static final String hostEnv = "SENTRY_HOST";
+ private static final String userEnv = "SENTRY_USER";
+
+
+ private SentryPolicyServiceClient sentryClient;
+
+ public SentryPolicyServiceClient getSentryClient() {
+ return sentryClient;
+ }
+
+ public String getRequestorName() {
+ return requestorName;
+ }
+
+ private String requestorName;
+
+ public static void main(String[] args) {
+ SentryCli cli = new SentryCli(args);
+ // Create interactive shell and run it
+ TopLevelShell shell = new TopLevelShell(cli.getSentryClient(),
+ cli.getRequestorName());
+ shell.run();
+ }
+
+ /**
+ * Construct SentryCli from arguments
+ * @param args command-line arguments
+ */
+ public SentryCli(String[] args) {
+ this.args = args;
+ options.addOption("h", "help", false, "show help");
+ // file path of sentry-site
+ options.addOption("U", userOpt, true, "auth user");
+ options.addOption("H", hostOpt, true, "host address");
+ options.addOption("c", configOpt, true, "sentry configuration");
+ options.addOption("L", LOG4J_CONF, true, "Location of log4j properties file");
+ CommandLineParser parser = new GnuParser();
+ try {
+ this.cmd = parser.parse(options, args);
+ } catch (ParseException e) {
+ help();
+ }
+ if (cmd.hasOption("h")) {
+ help();
+ }
+ init();
+ }
+
+ /**
+ * Parse command-line arguments.
+ */
+ public void parse() {
+ CommandLineParser parser = new GnuParser();
+ try {
+ cmd = parser.parse(options, args);
+ if (cmd.hasOption("h")) {
+ help();
+ }
+ } catch (ParseException e) {
+ log.warn("error in parsing expression", e);
+ help();
+ System.exit(1);
+ }
+ }
+
+ /**
+ * Initialize CLI
+ */
+ private void init() {
+ Map<String, String> env = System.getenv();
+ String log4jconf = cmd.getOptionValue(LOG4J_CONF);
+ if (log4jconf != null && log4jconf.length() > 0) {
+ Properties log4jProperties = new Properties();
+
+ // Firstly load log properties from properties file
+ FileInputStream istream = null;
+ try {
+ istream = new FileInputStream(log4jconf);
+ } catch (FileNotFoundException e) {
+ e.printStackTrace();
+ }
+ try {
+ log4jProperties.load(istream);
+ istream.close();
+ } catch (IOException e) {
+ e.printStackTrace();
+ }
+
+ PropertyConfigurator.configure(log4jProperties);
+ }
+
+ String host = cmd.getOptionValue(hostOpt);
+ if (host == null) {
+ host = env.get(hostEnv);
+ }
+
+ String pathConf = cmd.getOptionValue(configOpt);
+ if (pathConf == null) {
+ pathConf = env.get(configEnv);
+ }
+ if (host == null && pathConf == null) {
+ host = localhost + ":" + defaultPort;
+ }
+
+ Configuration conf = new Configuration();
+
+ if (pathConf != null) {
+ conf.addResource(new Path(pathConf));
+ } else {
+ conf.set(SECURITY_MODE, SECURITY_MODE_NONE);
+ }
+
+ if (host != null) {
+ conf.set(SERVER_RPC_ADDRESS, host);
+ }
+
+ requestorName = cmd.getOptionValue(userOpt);
+ if (requestorName == null) {
+ requestorName = env.get(userEnv);
+ }
+ if (requestorName == null) {
+
+ UserGroupInformation ugi = null;
+ try {
+ ugi = UserGroupInformation.getLoginUser();
+ } catch (IOException e) {
+ e.printStackTrace();
+ }
+ requestorName = ugi.getShortUserName();
+ }
+
+ try {
+ sentryClient = SentryServiceClientFactory.create(conf);
+ } catch (Exception e) {
+ System.out.println("Failed to connect to Sentry server: " + e.toString());
+ }
+ }
+
+ private void help() {
+ // This prints out some help
+ HelpFormatter formater = new HelpFormatter();
+ formater.printHelp("sentrycli", options);
+ System.exit(0);
+ }
+
+}
http://git-wip-us.apache.org/repos/asf/sentry/blob/44c5d9f4/sentry-tools/src/main/java/org/apache/sentry/shell/ShellUtil.java
----------------------------------------------------------------------
diff --git a/sentry-tools/src/main/java/org/apache/sentry/shell/ShellUtil.java b/sentry-tools/src/main/java/org/apache/sentry/shell/ShellUtil.java
new file mode 100644
index 0000000..007975c
--- /dev/null
+++ b/sentry-tools/src/main/java/org/apache/sentry/shell/ShellUtil.java
@@ -0,0 +1,335 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.sentry.shell;
+
+import com.google.common.collect.Sets;
+import org.apache.commons.lang.StringUtils;
+import org.apache.sentry.core.common.exception.SentryUserException;
+import org.apache.sentry.provider.db.service.thrift.*;
+import org.apache.sentry.service.thrift.ServiceConstants;
+
+import java.util.*;
+
+import static org.apache.sentry.service.thrift.SentryServiceUtil.convertTSentryPrivilegeToStr;
+import static org.apache.sentry.service.thrift.SentryServiceUtil.convertToTSentryPrivilege;
+
+/**
+ * ShellUtil implements actual commands
+ */
+class ShellUtil {
+
+ List<String> listRoles() {
+ List<String> roles = null;
+ try {
+ return getRoles();
+ } catch (SentryUserException e) {
+ System.out.println("Error listing roles: " + e.toString());
+ }
+ return new LinkedList<>();
+ }
+
+ List<String> listRoles(String group) {
+ Set<TSentryRole> roles = null;
+ try {
+ roles = sentryClient.listRolesByGroupName(authUser, group);
+ } catch (SentryUserException e) {
+ System.out.println("Error listing roles: " + e.toString());
+ }
+ List<String> result = new ArrayList<>();
+ if (roles == null || roles.isEmpty()) {
+ return result;
+ }
+
+ for(TSentryRole role: roles) {
+ result.add(role.getRoleName());
+ }
+
+ Collections.sort(result);
+ return result;
+ }
+
+ void createRoles(String ...roles) {
+ for (String role: roles) {
+ try {
+ sentryClient.createRole(authUser, role);
+ } catch (SentryUserException e) {
+ System.out.printf("failed to create role %s: %s\n",
+ role, e.toString());
+ }
+ }
+ }
+
+ void removeRoles(String ...roles) {
+ for (String role: roles) {
+ try {
+ sentryClient.dropRole(authUser, role);
+ } catch (SentryUserException e) {
+ System.out.printf("failed to remove role %s: %s\n",
+ role, e.toString());
+ }
+ }
+ }
+
+ List<String> listGroups() {
+ Set<TSentryRole> roles = null;
+
+ try {
+ roles = sentryClient.listRoles(authUser);
+ } catch (SentryUserException e) {
+ System.out.println("Error reading roles: " + e.toString());
+ }
+
+ if (roles == null || roles.isEmpty()) {
+ return new ArrayList<>();
+ }
+
+ // Set of all group names
+ Set<String> groupNames = new HashSet<>();
+
+ // Get all group names
+ for (TSentryRole role: roles) {
+ for (TSentryGroup group: role.getGroups()) {
+ groupNames.add(group.getGroupName());
+ }
+ }
+
+ List<String> result = new ArrayList<>(groupNames);
+
+ Collections.sort(result);
+ return result;
+ }
+
+ List<String> listGroupRoles() {
+ Set<TSentryRole> roles = null;
+
+ try {
+ roles = sentryClient.listRoles(authUser);
+ } catch (SentryUserException e) {
+ System.out.println("Error reading roles: " + e.toString());
+ }
+
+ if (roles == null || roles.isEmpty()) {
+ return new ArrayList<>();
+ }
+
+ // Set of all group names
+ Set<String> groupNames = new HashSet<>();
+
+ // Map group to set of roles
+ Map<String, Set<String>> groupInfo = new HashMap<>();
+
+ // Get all group names
+ for (TSentryRole role: roles) {
+ for (TSentryGroup group: role.getGroups()) {
+ String groupName = group.getGroupName();
+ groupNames.add(groupName);
+ Set<String> groupRoles = groupInfo.get(groupName);
+ if (groupRoles != null) {
+ // Add a new or existing role
+ groupRoles.add(role.getRoleName());
+ continue;
+ }
+ // Never seen this group before
+ groupRoles = new HashSet<>();
+ groupRoles.add(role.getRoleName());
+ groupInfo.put(groupName, groupRoles);
+ }
+ }
+
+ List<String> groups = new ArrayList<>(groupNames);
+ Collections.sort(groups);
+
+ // Produce printable result as
+ // group1 = role1, role2, ...
+ // group2 = ...
+ List<String> result = new LinkedList<>();
+ for(String groupName: groups) {
+ result.add(groupName + " = " +
+ StringUtils.join(groupInfo.get(groupName), ", "));
+ }
+ return result;
+ }
+
+ void grantGroupsToRole(String roleName, String ...groups) {
+ try {
+ sentryClient.grantRoleToGroups(authUser, roleName, Sets.newHashSet(groups));
+ } catch (SentryUserException e) {
+ System.out.printf("Failed to gran role %s to groups: %s\n",
+ roleName, e.toString());
+ }
+ }
+
+ void revokeGroupsFromRole(String roleName, String ...groups) {
+ try {
+ sentryClient.revokeRoleFromGroups(authUser, roleName, Sets.newHashSet(groups));
+ } catch (SentryUserException e) {
+ System.out.printf("Failed to revoke role %s to groups: %s\n",
+ roleName, e.toString());
+ }
+ }
+
+ void grantPrivilegeToRole(String roleName, String privilege) {
+ TSentryPrivilege tPriv = convertToTSentryPrivilege(privilege);
+ boolean grantOption = tPriv.getGrantOption().equals(TSentryGrantOption.TRUE);
+ try {
+ if (ServiceConstants.PrivilegeScope.SERVER.toString().equals(tPriv.getPrivilegeScope())) {
+ sentryClient.grantServerPrivilege(authUser, roleName, tPriv.getServerName(),
+ tPriv.getAction(), grantOption);
+ return;
+ }
+ if (ServiceConstants.PrivilegeScope.DATABASE.toString().equals(tPriv.getPrivilegeScope())) {
+ sentryClient.grantDatabasePrivilege(authUser, roleName, tPriv.getServerName(),
+ tPriv.getDbName(), tPriv.getAction(), grantOption);
+ return;
+ }
+ if (ServiceConstants.PrivilegeScope.TABLE.toString().equals(tPriv.getPrivilegeScope())) {
+ sentryClient.grantTablePrivilege(authUser, roleName, tPriv.getServerName(),
+ tPriv.getDbName(), tPriv.getTableName(),
+ tPriv.getAction(), grantOption);
+ return;
+ }
+ if (ServiceConstants.PrivilegeScope.COLUMN.toString().equals(tPriv.getPrivilegeScope())) {
+ sentryClient.grantColumnPrivilege(authUser, roleName, tPriv.getServerName(),
+ tPriv.getDbName(), tPriv.getTableName(),
+ tPriv.getColumnName(), tPriv.getAction(), grantOption);
+ return;
+ }
+ if (ServiceConstants.PrivilegeScope.URI.toString().equals(tPriv.getPrivilegeScope())) {
+ sentryClient.grantURIPrivilege(authUser, roleName, tPriv.getServerName(),
+ tPriv.getURI(), grantOption);
+ return;
+ }
+ } catch (SentryUserException e) {
+ System.out.println("Error granting privilege: " + e.toString());
+ }
+ }
+
+ List<String> listPrivileges(String roleName) {
+ Set<TSentryPrivilege> privileges = null;
+ try {
+ privileges = sentryClient
+ .listAllPrivilegesByRoleName(authUser, roleName);
+ } catch (SentryUserException e) {
+ System.out.println("Failed to list privileges: " + e.toString());
+ }
+
+ if (privileges == null || privileges.isEmpty()) {
+ return new ArrayList<>();
+ }
+
+ List<String> result = new LinkedList<>();
+ for (TSentryPrivilege privilege : privileges) {
+ String privilegeStr = convertTSentryPrivilegeToStr(privilege);
+ if (privilegeStr.isEmpty()) {
+ continue;
+ }
+ result.add(privilegeStr);
+ }
+ return result;
+ }
+
+ /**
+ * List all privileges
+ * @return string with privilege info for all roles
+ */
+ String listPrivileges() {
+ List<String> roles = null;
+ try {
+ roles = getRoles();
+ } catch (SentryUserException e) {
+ System.out.println("failed to get role names: " + e.toString());
+ }
+
+ if (roles == null || roles.isEmpty()) {
+ return "";
+ }
+
+ StringBuilder result = new StringBuilder();
+ for (String role: roles) {
+ List<String> privs = listPrivileges(role);
+ if (privs.isEmpty()) {
+ continue;
+ }
+ result.append(role).append(" = ");
+ result.append(StringUtils.join(listPrivileges(role), ",\n\t"));
+ result.append('\n');
+ }
+ return result.toString();
+ }
+
+ void revokePrivilegeFromRole(String roleName, String privilegeStr) {
+ TSentryPrivilege tSentryPrivilege = convertToTSentryPrivilege(privilegeStr);
+ boolean grantOption = tSentryPrivilege.getGrantOption().equals(TSentryGrantOption.TRUE) ? true : false;
+
+ try {
+ if (ServiceConstants.PrivilegeScope.SERVER.toString().equals(tSentryPrivilege.getPrivilegeScope())) {
+ sentryClient.revokeServerPrivilege(authUser, roleName, tSentryPrivilege.getServerName(),
+ grantOption);
+ return;
+ }
+ if (ServiceConstants.PrivilegeScope.DATABASE.toString().equals(tSentryPrivilege.getPrivilegeScope())) {
+ sentryClient.revokeDatabasePrivilege(authUser, roleName, tSentryPrivilege.getServerName(),
+ tSentryPrivilege.getDbName(), tSentryPrivilege.getAction(), grantOption);
+ return;
+ }
+ if (ServiceConstants.PrivilegeScope.TABLE.toString().equals(tSentryPrivilege.getPrivilegeScope())) {
+ sentryClient.revokeTablePrivilege(authUser, roleName, tSentryPrivilege.getServerName(),
+ tSentryPrivilege.getDbName(), tSentryPrivilege.getTableName(),
+ tSentryPrivilege.getAction(), grantOption);
+ return;
+ }
+ if (ServiceConstants.PrivilegeScope.COLUMN.toString().equals(tSentryPrivilege.getPrivilegeScope())) {
+ sentryClient.revokeColumnPrivilege(authUser, roleName, tSentryPrivilege.getServerName(),
+ tSentryPrivilege.getDbName(), tSentryPrivilege.getTableName(),
+ tSentryPrivilege.getColumnName(), tSentryPrivilege.getAction(), grantOption);
+ return;
+ }
+ if (ServiceConstants.PrivilegeScope.URI.toString().equals(tSentryPrivilege.getPrivilegeScope())) {
+ sentryClient.revokeURIPrivilege(authUser, roleName, tSentryPrivilege.getServerName(),
+ tSentryPrivilege.getURI(), grantOption);
+ return;
+ }
+ } catch (SentryUserException e) {
+ System.out.println("failed to revoke privilege: " + e.toString());
+ }
+ }
+
+
+ private List<String>getRoles() throws SentryUserException {
+ // Collect role names
+ Set<TSentryRole> roles = null;
+ roles = sentryClient.listRoles(authUser);
+ List<String> roleNames = new ArrayList<>();
+ for(TSentryRole role: roles) {
+ roleNames.add(role.getRoleName());
+ }
+
+ Collections.sort(roleNames);
+ return roleNames;
+ }
+
+ ShellUtil(SentryPolicyServiceClient sentryClient, String authUser) {
+ this.sentryClient = sentryClient;
+ this.authUser = authUser;
+ }
+
+ private final SentryPolicyServiceClient sentryClient;
+ private final String authUser;
+
+}
http://git-wip-us.apache.org/repos/asf/sentry/blob/44c5d9f4/sentry-tools/src/main/java/org/apache/sentry/shell/TopLevelShell.java
----------------------------------------------------------------------
diff --git a/sentry-tools/src/main/java/org/apache/sentry/shell/TopLevelShell.java b/sentry-tools/src/main/java/org/apache/sentry/shell/TopLevelShell.java
new file mode 100644
index 0000000..ef5313a
--- /dev/null
+++ b/sentry-tools/src/main/java/org/apache/sentry/shell/TopLevelShell.java
@@ -0,0 +1,161 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.sentry.shell;
+
+import com.budhash.cliche.*;
+import org.apache.sentry.provider.db.service.thrift.SentryPolicyServiceClient;
+
+import java.io.IOException;
+import java.util.List;
+
+/**
+ * Top level commands
+ */
+public class TopLevelShell implements ShellDependent, Runnable {
+
+ private final Shell topShell;
+ private final ShellUtil tools;
+ private Shell shell; // top level shell object
+
+ private final String authUser;
+ private final SentryPolicyServiceClient sentryClient;
+
+ TopLevelShell(SentryPolicyServiceClient sentryClient,
+ String authUser) {
+ this.authUser = authUser;
+ this.sentryClient = sentryClient;
+ this.tools = new ShellUtil(sentryClient, authUser);
+ topShell = ShellFactory.createConsoleShell("sentry",
+ "sentry shell\n" +
+ "Enter ?l to list available commands.",
+ this);
+ }
+
+ @Command(description="list, create and remove roles")
+ public void roles() throws IOException {
+ ShellFactory.createSubshell("roles", shell, "roles commands",
+ new RolesShell(sentryClient, authUser)).commandLoop();
+ }
+
+ @Command(description = "list, create and remove groups")
+ public void groups() throws IOException {
+ ShellFactory.createSubshell("groups", shell, "groups commands",
+ new GroupShell(sentryClient, authUser)).commandLoop();
+ }
+
+ @Command(description = "list, create and remove privileges")
+ public void privileges() throws IOException {
+ ShellFactory.createSubshell("privileges", shell, "privileges commands",
+ new PrivsShell(sentryClient, authUser)).commandLoop();
+ }
+
+ @Command(description = "List sentry roles. shows all available roles.")
+ public List<String> listRoles() {
+ return tools.listRoles();
+ }
+
+ @Command(description = "List sentry roles by group")
+ public List<String> listRoles(
+ @Param(name = "groupName")
+ String group) {
+ return tools.listRoles(group);
+ }
+
+ @Command(abbrev = "lg", header = "[groups]",
+ description = "list groups and their roles")
+ public List<String> listGroups() {
+ return tools.listGroupRoles();
+ }
+
+ @Command(description = "Grant role to groups")
+ public void grantRole(
+ @Param(name = "roleName")
+ String roleName,
+ @Param(name = "group...") String ...groups) {
+ tools.grantGroupsToRole(roleName, groups);
+ }
+
+ @Command(abbrev = "grm",
+ description = "Revoke role from groups")
+ public void revokeRole(
+ @Param(name = "roleName")
+ String roleName,
+ @Param(name = "group...")
+ String ...groups) {
+ tools.revokeGroupsFromRole(roleName, groups);
+ }
+
+ @Command(description = "Create Sentry role(s).")
+ public void createRole(
+ @Param(name = "roleName", description = "name of role to create")
+ String ...roles) {
+ tools.createRoles(roles);
+ }
+
+ @Command(abbrev = "rm", description = "remove Sentry role(s).")
+ public void removeRole(
+ @Param(name = "roleName ...", description = "role names to remove")
+ String ...roles) {
+ tools.removeRoles(roles);
+ }
+
+ @Command(description = "list Sentry privileges")
+ public String listPrivileges() {
+ return tools.listPrivileges();
+ }
+
+ @Command(description = "list Sentry privileges")
+ public List<String> listPrivileges(
+ @Param(name = "roleName")
+ String roleName) {
+ return tools.listPrivileges(roleName);
+ }
+
+ @Command(description = "Grant privilege to role")
+ public void grantPrivilege(
+ @Param(name = "roleName")
+ String roleName,
+ @Param(name = "privilege", description = "privilege string, e.g. server=s1->db=foo")
+ String privilege) {
+ tools.grantPrivilegeToRole(roleName, privilege);
+ }
+
+ @Command
+ public void revokePrivilege(
+ @Param(name = "roleName")
+ String roleName,
+ @Param(name = "privilege", description = "privilege string, e.g. server=s1->db=foo")
+ String privilege) {
+ tools.revokePrivilegeFromRole(roleName, privilege);
+ }
+
+ @Override
+ public void cliSetShell(Shell theShell) {
+ this.shell = theShell;
+ }
+
+ @Override
+ public void run() {
+ try {
+ this.topShell.commandLoop();
+ } catch (IOException e) {
+ System.out.println("error: " + e.toString());
+ }
+ }
+}
[08/23] sentry git commit: Merge branch 'master' into akolb-cli
Posted by co...@apache.org.
Merge branch 'master' into akolb-cli
Project: http://git-wip-us.apache.org/repos/asf/sentry/repo
Commit: http://git-wip-us.apache.org/repos/asf/sentry/commit/db7cedcf
Tree: http://git-wip-us.apache.org/repos/asf/sentry/tree/db7cedcf
Diff: http://git-wip-us.apache.org/repos/asf/sentry/diff/db7cedcf
Branch: refs/heads/master
Commit: db7cedcfa7a586ff5ee817012f8baddab6e14acb
Parents: 922b316 e5381cd
Author: Colm O hEigeartaigh <co...@apache.org>
Authored: Fri Oct 20 12:32:44 2017 +0100
Committer: Colm O hEigeartaigh <co...@apache.org>
Committed: Fri Oct 20 12:32:44 2017 +0100
----------------------------------------------------------------------
pom.xml | 7 +-
.../hive/authz/DefaultSentryValidator.java | 472 +++++++++++++++++++
.../authz/SentryHiveAuthorizationValidator.java | 57 +++
.../hive/authz/SentryHiveAuthorizerFactory.java | 8 +-
.../hive/authz/SentryHiveAuthorizerImpl.java | 66 +--
.../binding/util/SimpleSemanticAnalyzer.java | 373 +++++++++++++++
6 files changed, 922 insertions(+), 61 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/sentry/blob/db7cedcf/pom.xml
----------------------------------------------------------------------
[13/23] sentry git commit: Merge branch 'master' into akolb-cli
Posted by co...@apache.org.
Merge branch 'master' into akolb-cli
Project: http://git-wip-us.apache.org/repos/asf/sentry/repo
Commit: http://git-wip-us.apache.org/repos/asf/sentry/commit/f951f094
Tree: http://git-wip-us.apache.org/repos/asf/sentry/tree/f951f094
Diff: http://git-wip-us.apache.org/repos/asf/sentry/diff/f951f094
Branch: refs/heads/master
Commit: f951f0944b9e4b3ff4422b7c57b50c516a93d132
Parents: cd4c80d 24d8243
Author: Colm O hEigeartaigh <co...@apache.org>
Authored: Thu Nov 16 09:56:29 2017 +0000
Committer: Colm O hEigeartaigh <co...@apache.org>
Committed: Thu Nov 16 09:56:29 2017 +0000
----------------------------------------------------------------------
pom.xml | 19 +-
sentry-binding/sentry-binding-solr/pom.xml | 11 +-
.../authz/SentrySolrAuthorizationException.java | 25 -
.../solr/authz/SentrySolrPluginImpl.java | 408 ++++++++
.../binding/solr/authz/SolrAuthzBinding.java | 268 ++----
.../binding/solr/authz/SolrAuthzUtil.java | 271 ++++++
.../sentry/binding/solr/conf/SolrAuthzConf.java | 14 +-
.../org/apache/solr/sentry/AuditLogger.java | 92 ++
.../RollingFileWithoutDeleteAppender.java | 182 ++++
.../sentry/binding/solr/HdfsTestUtil.java | 50 +-
.../binding/solr/TestSolrAuthzBinding.java | 338 ++++---
.../solr/AbstractTestSearchPolicyEngine.java | 129 ---
.../solr/AbstractTestSolrPolicyEngine.java | 129 +++
.../policy/solr/SearchPolicyTestUtil.java | 45 -
.../sentry/policy/solr/SolrPolicyTestUtil.java | 45 +
.../solr/TestCollectionRequiredInRole.java | 64 --
...SearchAuthorizationProviderGeneralCases.java | 193 ----
...SearchAuthorizationProviderSpecialCases.java | 84 --
.../solr/TestSearchModelAuthorizables.java | 54 --
.../policy/solr/TestSearchPolicyEngineDFS.java | 74 --
.../solr/TestSearchPolicyEngineLocalFS.java | 43 -
.../policy/solr/TestSearchPolicyNegative.java | 101 --
...stSolrAuthorizationProviderGeneralCases.java | 196 ++++
...stSolrAuthorizationProviderSpecialCases.java | 84 ++
.../policy/solr/TestSolrModelAuthorizables.java | 54 ++
.../policy/solr/TestSolrPolicyEngineDFS.java | 74 ++
.../solr/TestSolrPolicyEngineLocalFS.java | 43 +
.../policy/solr/TestSolrPolicyNegative.java | 101 ++
.../solr/TestCommonPrivilegeForSearch.java | 221 -----
.../solr/TestCommonPrivilegeForSolr.java | 293 ++++++
.../src/test/resources/test-authz-provider.ini | 4 +-
sentry-core/pom.xml | 2 +-
.../apache/sentry/core/common/utils/PubSub.java | 178 ++++
sentry-core/sentry-core-model-search/pom.xml | 43 -
.../sentry/core/model/search/Collection.java | 51 -
.../apache/sentry/core/model/search/Field.java | 54 --
.../core/model/search/SearchActionFactory.java | 80 --
.../core/model/search/SearchConstants.java | 35 -
.../core/model/search/SearchModelAction.java | 39 -
.../model/search/SearchModelAuthorizable.java | 29 -
.../model/search/SearchModelAuthorizables.java | 50 -
.../core/model/search/SearchPrivilegeModel.java | 60 --
.../AbstractSearchPrivilegeValidator.java | 52 --
.../CollectionRequiredInPrivilege.java | 43 -
.../sentry/core/search/TestCollection.java | 50 -
.../core/search/TestSearchBitFieldAction.java | 73 --
sentry-core/sentry-core-model-solr/pom.xml | 43 +
.../sentry/core/model/solr/AdminOperation.java | 42 +
.../sentry/core/model/solr/Collection.java | 29 +
.../apache/sentry/core/model/solr/Config.java | 27 +
.../apache/sentry/core/model/solr/Field.java | 30 +
.../apache/sentry/core/model/solr/Schema.java | 27 +
.../core/model/solr/SolrActionFactory.java | 80 ++
.../sentry/core/model/solr/SolrConstants.java | 39 +
.../sentry/core/model/solr/SolrModelAction.java | 39 +
.../core/model/solr/SolrModelAuthorizable.java | 60 ++
.../core/model/solr/SolrModelAuthorizables.java | 58 ++
.../core/model/solr/SolrPrivilegeModel.java | 66 ++
.../solr/validator/SolrPrivilegeValidator.java | 101 ++
.../apache/sentry/core/solr/TestCollection.java | 49 +
.../core/solr/TestSolrBitFieldAction.java | 73 ++
sentry-dist/pom.xml | 14 +-
.../apache/sentry/hdfs/ServiceConstants.java | 1 +
.../org/apache/sentry/hdfs/SentryPlugin.java | 57 +-
.../hdfs/TestSentryHDFSServiceProcessor.java | 46 +-
sentry-provider/sentry-provider-db/pom.xml | 15 +-
.../generic/SentryGenericProviderBackend.java | 7 +
.../persistent/PrivilegeOperatePersistence.java | 4 +-
.../tools/GenericPrivilegeConverter.java | 8 +-
.../db/generic/tools/SentryConfigToolSolr.java | 4 +-
.../db/generic/tools/SentryShellGeneric.java | 16 +-
.../tools/command/GenericShellCommand.java | 63 +-
.../db/service/persistent/SentryStore.java | 6 +
.../db/service/thrift/PubSubServlet.java | 128 +++
.../db/service/thrift/SentryMetrics.java | 6 +-
.../thrift/SentryPolicyStoreProcessor.java | 4 +-
.../db/service/thrift/SentryWebServer.java | 5 +
.../provider/db/tools/SentryShellCommon.java | 8 +
.../provider/db/tools/SentryShellHive.java | 16 +-
.../sentry/provider/db/tools/ShellCommand.java | 19 +-
.../db/tools/command/hive/HiveShellCommand.java | 64 +-
.../sentry/service/thrift/HMSFollower.java | 32 +-
.../sentry/service/thrift/ServiceConstants.java | 8 +-
.../TestSentryGenericProviderBackend.java | 47 +
.../TestPrivilegeOperatePersistence.java | 108 +--
.../persistent/TestSentryGMPrivilege.java | 54 +-
.../service/persistent/TestSentryRole.java | 2 +-
.../TestSentryGenericPolicyProcessor.java | 14 +-
.../TestSentryGenericServiceIntegration.java | 36 +-
.../generic/tools/TestSentryConfigToolSolr.java | 2 +-
.../db/generic/tools/TestSentryShellKafka.java | 9 +
.../db/generic/tools/TestSentryShellSolr.java | 11 +-
.../db/generic/tools/TestSentryShellSqoop.java | 9 +
.../service/thrift/TestSentryServerPubSub.java | 181 ++++
.../provider/db/tools/TestSentryShellHive.java | 9 +
.../thrift/SentryServiceIntegrationBase.java | 1 +
.../sentry/service/thrift/TestHMSFollower.java | 98 ++
sentry-solr/pom.xml | 1 -
sentry-solr/solr-sentry-core/pom.xml | 58 --
.../org/apache/solr/sentry/AuditLogger.java | 97 --
.../RollingFileWithoutDeleteAppender.java | 175 ----
.../solr/sentry/SecureRequestHandlerUtil.java | 83 --
.../SentryIndexAuthorizationSingleton.java | 255 -----
sentry-solr/solr-sentry-handlers/pom.xml | 10 +-
.../SecureDocumentAnalysisRequestHandler.java | 33 -
.../SecureFieldAnalysisRequestHandler.java | 33 -
.../solr/handler/SecureRealTimeGetHandler.java | 36 -
.../solr/handler/SecureReplicationHandler.java | 38 -
.../solr/handler/admin/SecureAdminHandlers.java | 183 ----
.../handler/admin/SecureCollectionsHandler.java | 89 --
.../handler/admin/SecureCoreAdminHandler.java | 181 ----
.../solr/handler/admin/SecureInfoHandler.java | 36 -
.../QueryDocAuthorizationComponent.java | 116 ++-
.../QueryIndexAuthorizationComponent.java | 79 --
.../component/SecureRealTimeGetComponent.java | 356 -------
.../UpdateIndexAuthorizationProcessor.java | 103 ---
...pdateIndexAuthorizationProcessorFactory.java | 41 -
.../lib/classes/empty-file-main-lib.txt | 1 -
.../handler/TestSecureAnalysisHandlers.java | 82 --
.../handler/TestSecureReplicationHandler.java | 63 --
.../handler/admin/SecureAdminHandlersTest.java | 176 ----
.../admin/SecureCollectionsHandlerTest.java | 84 --
.../admin/SecureCoreAdminHandlerTest.java | 209 -----
.../handler/admin/SecureInfoHandlerTest.java | 101 --
.../QueryDocAuthorizationComponentTest.java | 265 ------
.../QueryIndexAuthorizationComponentTest.java | 127 ---
.../SentryIndexAuthorizationSingletonTest.java | 256 -----
.../sentry/SentrySingletonTestInstance.java | 93 --
.../org/apache/solr/sentry/SentryTestBase.java | 187 ----
.../UpdateIndexAuthorizationProcessorTest.java | 193 ----
.../TestDbPrivilegeCleanupOnDrop.java | 142 +--
.../tests/e2e/hdfs/TestHDFSIntegrationBase.java | 2 +
.../AbstractTestWithStaticConfiguration.java | 10 +-
.../TestSentryListenerInBuiltDeserializer.java | 1 -
.../TestSentryListenerSentryDeserializer.java | 1 -
sentry-tests/sentry-tests-solr/pom.xml | 211 ++++-
.../e2e/solr/AbstractSolrSentryTestBase.java | 923 -------------------
.../e2e/solr/AbstractSolrSentryTestCase.java | 600 ++++++++++++
.../tests/e2e/solr/DocLevelGenerator.java | 16 +-
.../tests/e2e/solr/DummyAuthPluginImpl.java | 68 ++
.../ModifiableUserAuthenticationFilter.java | 73 --
.../e2e/solr/TestCollAdminCoreOperations.java | 145 ---
.../tests/e2e/solr/TestDocLevelOperations.java | 400 ++++----
.../tests/e2e/solr/TestQueryOperations.java | 78 --
.../sentry/tests/e2e/solr/TestRealTimeGet.java | 476 ----------
.../sentry/tests/e2e/solr/TestSentryServer.java | 144 +++
.../tests/e2e/solr/TestSolrAdminOperations.java | 188 ++++
.../e2e/solr/TestSolrCollectionOperations.java | 141 +++
.../e2e/solr/TestSolrConfigOperations.java | 232 +++++
.../e2e/solr/TestSolrSchemaOperations.java | 146 +++
.../tests/e2e/solr/TestUpdateOperations.java | 168 ----
.../AbstractSolrSentryTestWithDbProvider.java | 324 -------
.../db/integration/TestSolrAdminOperations.java | 242 -----
.../integration/TestSolrDocLevelOperations.java | 204 ----
.../db/integration/TestSolrQueryOperations.java | 96 --
.../integration/TestSolrUpdateOperations.java | 100 --
.../cloud-managed/conf/managed-schema | 27 +
.../cloud-managed/conf/solrconfig.xml | 51 +
.../configsets/cloud-minimal/conf/schema.xml | 28 +
.../cloud-minimal/conf/solrconfig.xml | 47 +
.../conf/schema.xml | 29 +
.../conf/solrconfig.xml | 82 ++
.../test/resources/solr/security/security.json | 18 +
sentry-tests/sentry-tests-sqoop/pom.xml | 69 +-
.../e2e/sqoop/AbstractSqoopSentryTestBase.java | 7 +-
.../tests/e2e/sqoop/JettySqoopRunner.java | 239 +++++
.../tests/e2e/sqoop/TestConnectorEndToEnd.java | 11 +-
.../tests/e2e/sqoop/TestGrantPrivilege.java | 70 +-
.../sentry/tests/e2e/sqoop/TestJobEndToEnd.java | 139 +--
.../tests/e2e/sqoop/TestLinkEndToEnd.java | 96 +-
.../tests/e2e/sqoop/TestOwnerPrivilege.java | 59 +-
.../tests/e2e/sqoop/TestRevokePrivilege.java | 56 +-
.../e2e/sqoop/TestServerScopeEndToEnd.java | 75 +-
.../tests/e2e/sqoop/TestShowPrivilege.java | 14 +-
.../tests/e2e/sqoop/TomcatSqoopRunner.java | 318 -------
175 files changed, 7042 insertions(+), 9787 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/sentry/blob/f951f094/pom.xml
----------------------------------------------------------------------
diff --cc pom.xml
index 2306d9d,7476b4f..6dacc2d
--- a/pom.xml
+++ b/pom.xml
@@@ -648,10 -633,9 +638,10 @@@ limitations under the License
<module>sentry-binding</module>
<module>sentry-provider</module>
<module>sentry-policy</module>
+ <module>sentry-solr</module>
<module>sentry-tests</module>
<module>sentry-hdfs</module>
- <module>sentry-solr</module>
+ <module>sentry-tools</module>
<module>sentry-dist</module>
</modules>
http://git-wip-us.apache.org/repos/asf/sentry/blob/f951f094/sentry-dist/pom.xml
----------------------------------------------------------------------
diff --cc sentry-dist/pom.xml
index 3bc8207,69f4fcc..a65a87d
--- a/sentry-dist/pom.xml
+++ b/sentry-dist/pom.xml
@@@ -96,12 -88,12 +88,16 @@@ limitations under the License
</dependency>
<dependency>
<groupId>org.apache.sentry</groupId>
+ <artifactId>solr-sentry-handlers</artifactId>
+ </dependency>
+ <dependency>
+ <groupId>org.apache.sentry</groupId>
<artifactId>sentry-hdfs-dist</artifactId>
</dependency>
+ <dependency>
+ <groupId>org.apache.sentry</groupId>
+ <artifactId>sentry-tools</artifactId>
+ </dependency>
</dependencies>
<profiles>
<profile>
[12/23] sentry git commit: Making use of the refactored Command
implementations in ShellUtil
Posted by co...@apache.org.
Making use of the refactored Command implementations in ShellUtil
Project: http://git-wip-us.apache.org/repos/asf/sentry/repo
Commit: http://git-wip-us.apache.org/repos/asf/sentry/commit/cd4c80d4
Tree: http://git-wip-us.apache.org/repos/asf/sentry/tree/cd4c80d4
Diff: http://git-wip-us.apache.org/repos/asf/sentry/diff/cd4c80d4
Branch: refs/heads/master
Commit: cd4c80d48547d75320b4832a127978569f8b2743
Parents: 8be6279
Author: Colm O hEigeartaigh <co...@apache.org>
Authored: Mon Nov 6 17:13:28 2017 +0000
Committer: Colm O hEigeartaigh <co...@apache.org>
Committed: Mon Nov 6 17:13:28 2017 +0000
----------------------------------------------------------------------
.../org/apache/sentry/shell/GroupShell.java | 5 -
.../org/apache/sentry/shell/PrivsShell.java | 5 -
.../java/org/apache/sentry/shell/ShellUtil.java | 137 ++++---------------
.../org/apache/sentry/shell/TopLevelShell.java | 5 -
4 files changed, 30 insertions(+), 122 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/sentry/blob/cd4c80d4/sentry-tools/src/main/java/org/apache/sentry/shell/GroupShell.java
----------------------------------------------------------------------
diff --git a/sentry-tools/src/main/java/org/apache/sentry/shell/GroupShell.java b/sentry-tools/src/main/java/org/apache/sentry/shell/GroupShell.java
index 7510114..a59da04 100644
--- a/sentry-tools/src/main/java/org/apache/sentry/shell/GroupShell.java
+++ b/sentry-tools/src/main/java/org/apache/sentry/shell/GroupShell.java
@@ -37,11 +37,6 @@ public class GroupShell implements ShellDependent {
this.tools = new ShellUtil(sentryClient, authUser);
}
- @Command
- public List<String> list() {
- return tools.listGroups();
- }
-
@Command(abbrev = "lr", header = "[groups]",
description = "list groups and their roles")
public List<String> listRoles() {
http://git-wip-us.apache.org/repos/asf/sentry/blob/cd4c80d4/sentry-tools/src/main/java/org/apache/sentry/shell/PrivsShell.java
----------------------------------------------------------------------
diff --git a/sentry-tools/src/main/java/org/apache/sentry/shell/PrivsShell.java b/sentry-tools/src/main/java/org/apache/sentry/shell/PrivsShell.java
index b7db42e..a03c47d 100644
--- a/sentry-tools/src/main/java/org/apache/sentry/shell/PrivsShell.java
+++ b/sentry-tools/src/main/java/org/apache/sentry/shell/PrivsShell.java
@@ -45,11 +45,6 @@ public class PrivsShell implements ShellDependent {
}
@Command
- public String list() {
- return tools.listPrivileges();
- }
-
- @Command
public List<String> list(
@Param(name = "roleName")
String roleName) {
http://git-wip-us.apache.org/repos/asf/sentry/blob/cd4c80d4/sentry-tools/src/main/java/org/apache/sentry/shell/ShellUtil.java
----------------------------------------------------------------------
diff --git a/sentry-tools/src/main/java/org/apache/sentry/shell/ShellUtil.java b/sentry-tools/src/main/java/org/apache/sentry/shell/ShellUtil.java
index daf9b73..13d194d 100644
--- a/sentry-tools/src/main/java/org/apache/sentry/shell/ShellUtil.java
+++ b/sentry-tools/src/main/java/org/apache/sentry/shell/ShellUtil.java
@@ -18,28 +18,25 @@
package org.apache.sentry.shell;
-import com.google.common.collect.Sets;
-import org.apache.commons.lang.StringUtils;
import org.apache.sentry.core.common.exception.SentryUserException;
import org.apache.sentry.provider.db.service.thrift.*;
-import org.apache.sentry.provider.db.tools.command.hive.CommandUtil;
+import org.apache.sentry.provider.db.tools.SentryShellCommon;
+import org.apache.sentry.provider.db.tools.ShellCommand;
+import org.apache.sentry.provider.db.tools.command.hive.HiveShellCommand;
import java.util.*;
-import static org.apache.sentry.service.thrift.SentryServiceUtil.convertTSentryPrivilegeToStr;
-import static org.apache.sentry.service.thrift.SentryServiceUtil.convertToTSentryPrivilege;
-
/**
* ShellUtil implements actual commands
*/
class ShellUtil {
- private final SentryPolicyServiceClient sentryClient;
+ private final ShellCommand command;
private final String authUser;
ShellUtil(SentryPolicyServiceClient sentryClient, String authUser) {
- this.sentryClient = sentryClient;
this.authUser = authUser;
+ command = new HiveShellCommand(sentryClient);
}
List<String> listRoles() {
@@ -47,33 +44,22 @@ class ShellUtil {
}
List<String> listRoles(String group) {
- Set<TSentryRole> roles = null;
try {
- if (StringUtils.isEmpty(group)) {
- roles = sentryClient.listAllRoles(authUser);
- } else {
- roles = sentryClient.listRolesByGroupName(authUser, group);
- }
- } catch (SentryUserException e) {
- System.out.println("Error listing roles: " + e.toString());
- }
- List<String> result = new ArrayList<>();
- if (roles == null || roles.isEmpty()) {
+ // TODO remove "null" here
+ List<String> result = command.listRoles(authUser, null, group);
+ Collections.sort(result);
return result;
+ } catch (SentryUserException e) {
+ System.out.printf("failed to list roles with group %s: %s\n",
+ group, e.toString());
+ return Collections.emptyList();
}
-
- for (TSentryRole role : roles) {
- result.add(role.getRoleName());
- }
-
- Collections.sort(result);
- return result;
}
void createRoles(String ...roles) {
for (String role : roles) {
try {
- sentryClient.createRole(authUser, role);
+ command.createRole(authUser, role);
} catch (SentryUserException e) {
System.out.printf("failed to create role %s: %s\n",
role, e.toString());
@@ -84,7 +70,7 @@ class ShellUtil {
void dropRoles(String ...roles) {
for (String role : roles) {
try {
- sentryClient.dropRole(authUser, role);
+ command.dropRole(authUser, role);
} catch (SentryUserException e) {
System.out.printf("failed to drop role %s: %s\n",
role, e.toString());
@@ -92,36 +78,10 @@ class ShellUtil {
}
}
- List<String> listGroups() {
- Set<TSentryRole> roles = null;
-
- try {
- roles = sentryClient.listAllRoles(authUser);
- } catch (SentryUserException e) {
- System.out.println("Error reading roles: " + e.toString());
- }
-
- if (roles == null || roles.isEmpty()) {
- return new ArrayList<>();
- }
-
- // Set of all group names
- Set<String> groupNames = new HashSet<>();
-
- // Get all group names
- for (TSentryRole role: roles) {
- for (TSentryGroup group: role.getGroups()) {
- groupNames.add(group.getGroupName());
- }
- }
-
- List<String> result = new ArrayList<>(groupNames);
-
- Collections.sort(result);
- return result;
- }
-
List<String> listGroupRoles() {
+ // TODO
+ return Collections.emptyList();
+ /*
Set<TSentryRole> roles = null;
try {
@@ -170,11 +130,14 @@ class ShellUtil {
StringUtils.join(groupInfo.get(groupName), ", "));
}
return result;
+ */
}
void grantGroupsToRole(String roleName, String ...groups) {
try {
- sentryClient.grantRoleToGroups(authUser, roleName, Sets.newHashSet(groups));
+ // TODO change grantRoleToGroups
+ String joinedGroups = String.join(SentryShellCommon.GROUP_SPLIT_CHAR, groups);
+ command.grantRoleToGroups(authUser, roleName, joinedGroups);
} catch (SentryUserException e) {
System.out.printf("Failed to gran role %s to groups: %s\n",
roleName, e.toString());
@@ -183,7 +146,9 @@ class ShellUtil {
void revokeGroupsFromRole(String roleName, String ...groups) {
try {
- sentryClient.revokeRoleFromGroups(authUser, roleName, Sets.newHashSet(groups));
+ // TODO change revokeRoleFromGroups
+ String joinedGroups = String.join(SentryShellCommon.GROUP_SPLIT_CHAR, groups);
+ command.revokeRoleFromGroups(authUser, roleName, joinedGroups);
} catch (SentryUserException e) {
System.out.printf("Failed to revoke role %s to groups: %s\n",
roleName, e.toString());
@@ -191,68 +156,26 @@ class ShellUtil {
}
void grantPrivilegeToRole(String roleName, String privilege) {
- TSentryPrivilege tPriv = convertToTSentryPrivilege(privilege);
try {
- CommandUtil.validatePrivilegeHierarchy(tPriv);
- sentryClient.grantPrivilege(authUser, roleName, tPriv);
- } catch (SentryUserException | IllegalArgumentException e) {
+ command.grantPrivilegeToRole(authUser, roleName, privilege);
+ } catch (SentryUserException e) {
System.out.println("Error granting privilege: " + e.toString());
}
}
List<String> listPrivileges(String roleName) {
- Set<TSentryPrivilege> privileges = null;
try {
- privileges = sentryClient
- .listAllPrivilegesByRoleName(authUser, roleName);
+ return command.listPrivileges(authUser, roleName);
} catch (SentryUserException e) {
System.out.println("Failed to list privileges: " + e.toString());
+ return Collections.emptyList();
}
-
- List<String> result = new LinkedList<>();
- if (privileges == null || privileges.isEmpty()) {
- return result;
- }
-
- for (TSentryPrivilege privilege : privileges) {
- String privilegeStr = convertTSentryPrivilegeToStr(privilege);
- if (privilegeStr.isEmpty()) {
- continue;
- }
- result.add(privilegeStr);
- }
- return result;
- }
-
- /**
- * List all privileges
- * @return string with privilege info for all roles
- */
- String listPrivileges() {
- List<String> roles = listRoles(null);
- if (roles == null || roles.isEmpty()) {
- return "";
- }
-
- StringBuilder result = new StringBuilder();
- for (String role: roles) {
- List<String> privs = listPrivileges(role);
- if (privs.isEmpty()) {
- continue;
- }
- result.append(role).append(" = ");
- result.append(StringUtils.join(listPrivileges(role), ",\n\t"));
- result.append('\n');
- }
- return result.toString();
}
void revokePrivilegeFromRole(String roleName, String privilegeStr) {
- TSentryPrivilege tSentryPrivilege = convertToTSentryPrivilege(privilegeStr);
try {
- CommandUtil.validatePrivilegeHierarchy(tSentryPrivilege);
- sentryClient.revokePrivilege(authUser, roleName, tSentryPrivilege);
- } catch (SentryUserException | IllegalArgumentException e) {
+ command.revokePrivilegeFromRole(authUser, roleName, privilegeStr);
+ } catch (SentryUserException e) {
System.out.println("failed to revoke privilege: " + e.toString());
}
}
http://git-wip-us.apache.org/repos/asf/sentry/blob/cd4c80d4/sentry-tools/src/main/java/org/apache/sentry/shell/TopLevelShell.java
----------------------------------------------------------------------
diff --git a/sentry-tools/src/main/java/org/apache/sentry/shell/TopLevelShell.java b/sentry-tools/src/main/java/org/apache/sentry/shell/TopLevelShell.java
index 738a992..ba4a204 100644
--- a/sentry-tools/src/main/java/org/apache/sentry/shell/TopLevelShell.java
+++ b/sentry-tools/src/main/java/org/apache/sentry/shell/TopLevelShell.java
@@ -116,11 +116,6 @@ public class TopLevelShell implements ShellDependent, Runnable {
}
@Command(description = "list Sentry privileges")
- public String listPrivileges() {
- return tools.listPrivileges();
- }
-
- @Command(description = "list Sentry privileges")
public List<String> listPrivileges(
@Param(name = "roleName")
String roleName) {
[15/23] sentry git commit: Added support to use the CLI tool with
kafka, solr, sqoop
Posted by co...@apache.org.
Added support to use the CLI tool with kafka, solr, sqoop
Project: http://git-wip-us.apache.org/repos/asf/sentry/repo
Commit: http://git-wip-us.apache.org/repos/asf/sentry/commit/3dc878e1
Tree: http://git-wip-us.apache.org/repos/asf/sentry/tree/3dc878e1
Diff: http://git-wip-us.apache.org/repos/asf/sentry/diff/3dc878e1
Branch: refs/heads/master
Commit: 3dc878e1ca440ad4bfe9250c43384971bd344c3b
Parents: d384787
Author: Colm O hEigeartaigh <co...@apache.org>
Authored: Thu Nov 16 11:10:59 2017 +0000
Committer: Colm O hEigeartaigh <co...@apache.org>
Committed: Thu Nov 16 11:10:59 2017 +0000
----------------------------------------------------------------------
.../org/apache/sentry/shell/GroupShell.java | 65 ++--
.../org/apache/sentry/shell/PrivsShell.java | 80 +++--
.../org/apache/sentry/shell/RolesShell.java | 90 +++--
.../java/org/apache/sentry/shell/SentryCli.java | 291 ++++++++--------
.../java/org/apache/sentry/shell/ShellUtil.java | 134 --------
.../org/apache/sentry/shell/TopLevelShell.java | 335 +++++++++++++------
6 files changed, 542 insertions(+), 453 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/sentry/blob/3dc878e1/sentry-tools/src/main/java/org/apache/sentry/shell/GroupShell.java
----------------------------------------------------------------------
diff --git a/sentry-tools/src/main/java/org/apache/sentry/shell/GroupShell.java b/sentry-tools/src/main/java/org/apache/sentry/shell/GroupShell.java
index a59da04..b7652a5 100644
--- a/sentry-tools/src/main/java/org/apache/sentry/shell/GroupShell.java
+++ b/sentry-tools/src/main/java/org/apache/sentry/shell/GroupShell.java
@@ -21,40 +21,65 @@ package org.apache.sentry.shell;
import com.budhash.cliche.Command;
import com.budhash.cliche.Shell;
import com.budhash.cliche.ShellDependent;
-import org.apache.sentry.provider.db.service.thrift.SentryPolicyServiceClient;
+import org.apache.sentry.core.common.exception.SentryUserException;
+import org.apache.sentry.provider.db.tools.ShellCommand;
+
+import java.util.Arrays;
+import java.util.Collections;
+import java.util.HashSet;
import java.util.List;
+import java.util.Set;
/**
* Sentry group manipulation for CLI
*/
public class GroupShell implements ShellDependent {
- private final ShellUtil tools;
- Shell shell;
+ private final ShellCommand shellCommand;
+ private final String authUser;
+ Shell shell;
- public GroupShell(SentryPolicyServiceClient sentryClient, String authUser) {
- this.tools = new ShellUtil(sentryClient, authUser);
- }
+ public GroupShell(ShellCommand shellCommand, String authUser) {
+ this.shellCommand = shellCommand;
+ this.authUser = authUser;
+ }
- @Command(abbrev = "lr", header = "[groups]",
- description = "list groups and their roles")
- public List<String> listRoles() {
- return tools.listGroupRoles();
+ @Command(abbrev = "lr", header = "[groups]",
+ description = "list groups and their roles")
+ public List<String> listRoles() {
+ try {
+ return shellCommand.listGroupRoles(authUser);
+ } catch (SentryUserException e) {
+ System.out.printf("failed to list the groups and roles: %s\n", e.toString());
+ return Collections.emptyList();
}
+ }
- @Command(description = "Grant role to groups")
- public void grant(String roleName, String ...groups) {
- tools.grantGroupsToRole(roleName, groups);
+ @Command(description = "Grant role to groups")
+ public void grant(String roleName, String ...groups) {
+ try {
+ Set<String> groupsSet = new HashSet<>(Arrays.asList(groups));
+ shellCommand.grantRoleToGroups(authUser, roleName, groupsSet);
+ } catch (SentryUserException e) {
+ System.out.printf("Failed to gran role %s to groups: %s\n",
+ roleName, e.toString());
}
+ }
- @Command(description = "Revoke role from groups")
- public void revoke(String roleName, String ...groups) {
- tools.revokeGroupsFromRole(roleName, groups);
+ @Command(description = "Revoke role from groups")
+ public void revoke(String roleName, String ...groups) {
+ try {
+ Set<String> groupsSet = new HashSet<>(Arrays.asList(groups));
+ shellCommand.revokeRoleFromGroups(authUser, roleName, groupsSet);
+ } catch (SentryUserException e) {
+ System.out.printf("Failed to revoke role %s to groups: %s\n",
+ roleName, e.toString());
}
+ }
- @Override
- public void cliSetShell(Shell theShell) {
- this.shell = theShell;
- }
+ @Override
+ public void cliSetShell(Shell theShell) {
+ this.shell = theShell;
+ }
}
http://git-wip-us.apache.org/repos/asf/sentry/blob/3dc878e1/sentry-tools/src/main/java/org/apache/sentry/shell/PrivsShell.java
----------------------------------------------------------------------
diff --git a/sentry-tools/src/main/java/org/apache/sentry/shell/PrivsShell.java b/sentry-tools/src/main/java/org/apache/sentry/shell/PrivsShell.java
index a03c47d..8b8898f 100644
--- a/sentry-tools/src/main/java/org/apache/sentry/shell/PrivsShell.java
+++ b/sentry-tools/src/main/java/org/apache/sentry/shell/PrivsShell.java
@@ -22,47 +22,65 @@ import com.budhash.cliche.Command;
import com.budhash.cliche.Param;
import com.budhash.cliche.Shell;
import com.budhash.cliche.ShellDependent;
-import org.apache.sentry.provider.db.service.thrift.SentryPolicyServiceClient;
+import org.apache.sentry.core.common.exception.SentryUserException;
+import org.apache.sentry.provider.db.tools.ShellCommand;
+
+import java.util.Collections;
import java.util.List;
public class PrivsShell implements ShellDependent {
- private final ShellUtil tools;
- Shell shell;
+ private final ShellCommand shellCommand;
+ private final String authUser;
+ Shell shell;
- public PrivsShell(SentryPolicyServiceClient sentryClient, String authUser) {
- this.tools = new ShellUtil(sentryClient, authUser);
- }
+ public PrivsShell(ShellCommand shellCommand, String authUser) {
+ this.shellCommand = shellCommand;
+ this.authUser = authUser;
+ }
- @Command(description = "Grant privilege to role")
- public void grant(
- @Param(name = "roleName")
- String roleName,
- @Param(name = "privilege",
- description = "privilege string, e.g. server=s1->db=foo")
- String privilege) {
- tools.grantPrivilegeToRole(roleName, privilege);
+ @Command(description = "Grant privilege to role")
+ public void grant(
+ @Param(name = "roleName")
+ String roleName,
+ @Param(name = "privilege",
+ description = "privilege string, e.g. server=s1->db=foo")
+ String privilege) {
+ try {
+ shellCommand.grantPrivilegeToRole(authUser, roleName, privilege);
+ } catch (SentryUserException e) {
+ System.out.println("Error granting privilege: " + e.toString());
}
+ }
- @Command
- public List<String> list(
- @Param(name = "roleName")
- String roleName) {
- return tools.listPrivileges(roleName);
+ @Command
+ public List<String> list(
+ @Param(name = "roleName")
+ String roleName) {
+ try {
+ return shellCommand.listPrivileges(authUser, roleName);
+ } catch (SentryUserException e) {
+ System.out.println("Failed to list privileges: " + e.toString());
+ return Collections.emptyList();
}
+ }
- @Command
- public void revoke(
- @Param(name = "roleName")
- String roleName,
- @Param(name = "privilege",
- description = "privilege string, e.g. server=s1->db=foo")
- String privilege) {
- tools.revokePrivilegeFromRole(roleName, privilege);
+ @Command
+ public void revoke(
+ @Param(name = "roleName")
+ String roleName,
+ @Param(name = "privilege",
+ description = "privilege string, e.g. server=s1->db=foo")
+ String privilege) {
+ try {
+ shellCommand.revokePrivilegeFromRole(authUser, roleName, privilege);
+ } catch (SentryUserException e) {
+ System.out.println("failed to revoke privilege: " + e.toString());
}
+ }
- @Override
- public void cliSetShell(Shell theShell) {
- this.shell = theShell;
- }
+ @Override
+ public void cliSetShell(Shell theShell) {
+ this.shell = theShell;
+ }
}
http://git-wip-us.apache.org/repos/asf/sentry/blob/3dc878e1/sentry-tools/src/main/java/org/apache/sentry/shell/RolesShell.java
----------------------------------------------------------------------
diff --git a/sentry-tools/src/main/java/org/apache/sentry/shell/RolesShell.java b/sentry-tools/src/main/java/org/apache/sentry/shell/RolesShell.java
index ab4589d..c014a30 100644
--- a/sentry-tools/src/main/java/org/apache/sentry/shell/RolesShell.java
+++ b/sentry-tools/src/main/java/org/apache/sentry/shell/RolesShell.java
@@ -22,50 +22,84 @@ import com.budhash.cliche.Command;
import com.budhash.cliche.Param;
import com.budhash.cliche.Shell;
import com.budhash.cliche.ShellDependent;
-import org.apache.sentry.provider.db.service.thrift.SentryPolicyServiceClient;
+import org.apache.sentry.core.common.exception.SentryUserException;
+import org.apache.sentry.provider.db.tools.ShellCommand;
+
+import java.util.Collections;
import java.util.List;
/**
* Sentry roles manipulation for CLI.
*/
public class RolesShell implements ShellDependent {
- private final ShellUtil tools;
- Shell shell;
+ private final ShellCommand shellCommand;
+ private final String authUser;
+ Shell shell;
- public RolesShell(SentryPolicyServiceClient sentryClient, String authUser) {
- this.tools = new ShellUtil(sentryClient, authUser);
- }
+ public RolesShell(ShellCommand shellCommand, String authUser) {
+ this.shellCommand = shellCommand;
+ this.authUser = authUser;
+ }
- @Command(description = "List sentry roles. shows all available roles.")
- public List<String> list() {
- return tools.listRoles();
+ @Command(description = "List sentry roles. shows all available roles.")
+ public List<String> list() {
+ try {
+ List<String> result = shellCommand.listRoles(authUser, null);
+ Collections.sort(result);
+ return result;
+ } catch (SentryUserException e) {
+ System.out.printf("failed to list roles: %s\n", e.toString());
+ return Collections.emptyList();
}
+ }
- @Command(description = "List sentry roles by group")
- public List<String> list(
- @Param(name = "groupName", description = "group name for roles")
- String group) {
- return tools.listRoles(group);
+ @Command(description = "List sentry roles by group")
+ public List<String> list(
+ @Param(name = "groupName", description = "group name for roles")
+ String group) {
+ try {
+ List<String> result = shellCommand.listRoles(authUser, group);
+ Collections.sort(result);
+ return result;
+ } catch (SentryUserException e) {
+ System.out.printf("failed to list roles with group %s: %s\n",
+ group, e.toString());
+ return Collections.emptyList();
}
+ }
- @Command(description = "Create Sentry role(s).")
- public void create(
- @Param(name = "roleName", description = "name of role to create")
- String ...roles) {
- tools.createRoles(roles);
+ @Command(description = "Create Sentry role(s).")
+ public void create(
+ @Param(name = "roleName", description = "name of role to create")
+ String ...roles) {
+ for (String role : roles) {
+ try {
+ shellCommand.createRole(authUser, role);
+ } catch (SentryUserException e) {
+ System.out.printf("failed to create role %s: %s\n",
+ role, e.toString());
+ }
}
+ }
- @Command(description = "drop Sentry role(s).")
- public void drop(
- @Param(name = "roleName ...", description = "role names to remove")
- String ...roles) {
- tools.dropRoles(roles);
+ @Command(description = "drop Sentry role(s).")
+ public void drop(
+ @Param(name = "roleName ...", description = "role names to remove")
+ String ...roles) {
+ for (String role : roles) {
+ try {
+ shellCommand.dropRole(authUser, role);
+ } catch (SentryUserException e) {
+ System.out.printf("failed to drop role %s: %s\n",
+ role, e.toString());
+ }
}
+ }
- @Override
- public void cliSetShell(Shell theShell) {
- this.shell = theShell;
- }
+ @Override
+ public void cliSetShell(Shell theShell) {
+ this.shell = theShell;
+ }
}
http://git-wip-us.apache.org/repos/asf/sentry/blob/3dc878e1/sentry-tools/src/main/java/org/apache/sentry/shell/SentryCli.java
----------------------------------------------------------------------
diff --git a/sentry-tools/src/main/java/org/apache/sentry/shell/SentryCli.java b/sentry-tools/src/main/java/org/apache/sentry/shell/SentryCli.java
index 823d80c..75b845c 100644
--- a/sentry-tools/src/main/java/org/apache/sentry/shell/SentryCli.java
+++ b/sentry-tools/src/main/java/org/apache/sentry/shell/SentryCli.java
@@ -23,13 +23,14 @@ import org.apache.hadoop.conf.Configuration;
import org.apache.hadoop.fs.Path;
import org.apache.hadoop.security.UserGroupInformation;
import org.apache.log4j.PropertyConfigurator;
+import org.apache.sentry.provider.db.generic.service.thrift.SentryGenericServiceClient;
+import org.apache.sentry.provider.db.generic.service.thrift.SentryGenericServiceClientFactory;
import org.apache.sentry.provider.db.service.thrift.SentryPolicyServiceClient;
import org.apache.sentry.service.thrift.SentryServiceClientFactory;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import java.io.FileInputStream;
-import java.io.FileNotFoundException;
import java.io.IOException;
import java.util.Map;
import java.util.Properties;
@@ -42,163 +43,163 @@ import static org.apache.sentry.service.thrift.ServiceConstants.ServerConfig.SEC
* Sentry interactive tool
*/
public class SentryCli {
- private static final Logger log = LoggerFactory.getLogger(SentryCli.class.getName());
- private static final String LOG4J_CONF = "log4jConf";
- private final String[] args;
- private Options options = new Options();
- private CommandLine cmd;
-
- private static final String localhost = "localhost";
- private static final String defaultPort = "8038";
-
- private static final String configOpt = "config";
- private static final String userOpt = "user";
- private static final String hostOpt = "host";
-
- private static final String configEnv = "SENTRY_CONFIG";
- private static final String hostEnv = "SENTRY_HOST";
- private static final String userEnv = "SENTRY_USER";
-
-
- private SentryPolicyServiceClient sentryClient;
+ private static final Logger log = LoggerFactory.getLogger(SentryCli.class.getName());
+ private static final String LOG4J_CONF = "log4jConf";
+ private final String[] args;
+ private Options options = new Options();
+ private CommandLine cmd;
+
+ private static final String localhost = "localhost";
+ private static final String defaultPort = "8038";
+
+ private static final String configOpt = "config";
+ private static final String userOpt = "user";
+ private static final String hostOpt = "host";
+
+ private static final String configEnv = "SENTRY_CONFIG";
+ private static final String hostEnv = "SENTRY_HOST";
+ private static final String userEnv = "SENTRY_USER";
+
+
+ private SentryPolicyServiceClient sentryClient;
+ private SentryGenericServiceClient sentryGenericClient;
+
+ public SentryPolicyServiceClient getSentryClient() {
+ return sentryClient;
+ }
+
+ public SentryGenericServiceClient getSentryGenericClient() {
+ return sentryGenericClient;
+ }
+
+ public String getRequestorName() {
+ return requestorName;
+ }
+
+ private String requestorName;
+
+ public static void main(String[] args) {
+ SentryCli cli = new SentryCli(args);
+ // Create interactive shell and run it
+ TopLevelShell shell = new TopLevelShell(cli.getSentryClient(),
+ cli.getSentryGenericClient(),
+ cli.getRequestorName());
+ shell.run();
+ }
+
+ /**
+ * Construct SentryCli from arguments
+ * @param args command-line arguments
+ */
+ public SentryCli(String[] args) {
+ this.args = args;
+ options.addOption("h", "help", false, "show help");
+ // file path of sentry-site
+ options.addOption("U", userOpt, true, "auth user");
+ options.addOption("H", hostOpt, true, "host address");
+ options.addOption("c", configOpt, true, "sentry configuration");
+ options.addOption("L", LOG4J_CONF, true, "Location of log4j properties file");
+ CommandLineParser parser = new GnuParser();
+ try {
+ this.cmd = parser.parse(options, args);
+ } catch (ParseException e) {
+ help();
+ }
+ if (cmd.hasOption("h")) {
+ help();
+ }
+ init();
+ }
+
+ /**
+ * Parse command-line arguments.
+ */
+ public void parse() {
+ CommandLineParser parser = new GnuParser();
+ try {
+ cmd = parser.parse(options, args);
+ if (cmd.hasOption("h")) {
+ help();
+ }
+ } catch (ParseException e) {
+ log.warn("error in parsing expression", e);
+ help();
+ System.exit(1);
+ }
+ }
+
+ /**
+ * Initialize CLI
+ */
+ private void init() {
+ Map<String, String> env = System.getenv();
+ String log4jconf = cmd.getOptionValue(LOG4J_CONF);
+ if (log4jconf != null && log4jconf.length() > 0) {
+ Properties log4jProperties = new Properties();
+
+ // Firstly load log properties from properties file
+ try (FileInputStream istream = new FileInputStream(log4jconf)) {
+ log4jProperties.load(istream);
+ } catch (IOException e) {
+ e.printStackTrace();
+ }
+
+ PropertyConfigurator.configure(log4jProperties);
+ }
- public SentryPolicyServiceClient getSentryClient() {
- return sentryClient;
+ String host = cmd.getOptionValue(hostOpt);
+ if (host == null) {
+ host = env.get(hostEnv);
}
- public String getRequestorName() {
- return requestorName;
+ String pathConf = cmd.getOptionValue(configOpt);
+ if (pathConf == null) {
+ pathConf = env.get(configEnv);
+ }
+ if (host == null && pathConf == null) {
+ host = localhost + ":" + defaultPort;
}
- private String requestorName;
+ Configuration conf = new Configuration();
- public static void main(String[] args) {
- SentryCli cli = new SentryCli(args);
- // Create interactive shell and run it
- TopLevelShell shell = new TopLevelShell(cli.getSentryClient(),
- cli.getRequestorName());
- shell.run();
+ if (pathConf != null) {
+ conf.addResource(new Path(pathConf));
+ } else {
+ conf.set(SECURITY_MODE, SECURITY_MODE_NONE);
}
- /**
- * Construct SentryCli from arguments
- * @param args command-line arguments
- */
- public SentryCli(String[] args) {
- this.args = args;
- options.addOption("h", "help", false, "show help");
- // file path of sentry-site
- options.addOption("U", userOpt, true, "auth user");
- options.addOption("H", hostOpt, true, "host address");
- options.addOption("c", configOpt, true, "sentry configuration");
- options.addOption("L", LOG4J_CONF, true, "Location of log4j properties file");
- CommandLineParser parser = new GnuParser();
- try {
- this.cmd = parser.parse(options, args);
- } catch (ParseException e) {
- help();
- }
- if (cmd.hasOption("h")) {
- help();
- }
- init();
+ if (host != null) {
+ conf.set(SERVER_RPC_ADDRESS, host);
}
- /**
- * Parse command-line arguments.
- */
- public void parse() {
- CommandLineParser parser = new GnuParser();
- try {
- cmd = parser.parse(options, args);
- if (cmd.hasOption("h")) {
- help();
- }
- } catch (ParseException e) {
- log.warn("error in parsing expression", e);
- help();
- System.exit(1);
- }
+ requestorName = cmd.getOptionValue(userOpt);
+ if (requestorName == null) {
+ requestorName = env.get(userEnv);
}
-
- /**
- * Initialize CLI
- */
- private void init() {
- Map<String, String> env = System.getenv();
- String log4jconf = cmd.getOptionValue(LOG4J_CONF);
- if (log4jconf != null && log4jconf.length() > 0) {
- Properties log4jProperties = new Properties();
-
- // Firstly load log properties from properties file
- FileInputStream istream = null;
- try {
- istream = new FileInputStream(log4jconf);
- } catch (FileNotFoundException e) {
- e.printStackTrace();
- }
- try {
- log4jProperties.load(istream);
- istream.close();
- } catch (IOException e) {
- e.printStackTrace();
- }
-
- PropertyConfigurator.configure(log4jProperties);
- }
-
- String host = cmd.getOptionValue(hostOpt);
- if (host == null) {
- host = env.get(hostEnv);
- }
-
- String pathConf = cmd.getOptionValue(configOpt);
- if (pathConf == null) {
- pathConf = env.get(configEnv);
- }
- if (host == null && pathConf == null) {
- host = localhost + ":" + defaultPort;
- }
-
- Configuration conf = new Configuration();
-
- if (pathConf != null) {
- conf.addResource(new Path(pathConf));
- } else {
- conf.set(SECURITY_MODE, SECURITY_MODE_NONE);
- }
-
- if (host != null) {
- conf.set(SERVER_RPC_ADDRESS, host);
- }
-
- requestorName = cmd.getOptionValue(userOpt);
- if (requestorName == null) {
- requestorName = env.get(userEnv);
- }
- if (requestorName == null) {
-
- UserGroupInformation ugi = null;
- try {
- ugi = UserGroupInformation.getLoginUser();
- } catch (IOException e) {
- e.printStackTrace();
- }
- requestorName = ugi.getShortUserName();
- }
-
- try {
- sentryClient = SentryServiceClientFactory.create(conf);
- } catch (Exception e) {
- System.out.println("Failed to connect to Sentry server: " + e.toString());
- }
+ if (requestorName == null) {
+
+ UserGroupInformation ugi = null;
+ try {
+ ugi = UserGroupInformation.getLoginUser();
+ } catch (IOException e) {
+ e.printStackTrace();
+ }
+ requestorName = ugi.getShortUserName();
}
- private void help() {
- // This prints out some help
- HelpFormatter formater = new HelpFormatter();
- formater.printHelp("sentrycli", options);
- System.exit(0);
+ try {
+ sentryClient = SentryServiceClientFactory.create(conf);
+ sentryGenericClient = SentryGenericServiceClientFactory.create(conf);
+ } catch (Exception e) {
+ System.out.println("Failed to connect to Sentry server: " + e.toString());
}
+ }
+
+ private void help() {
+ // This prints out some help
+ HelpFormatter formater = new HelpFormatter();
+ formater.printHelp("sentrycli", options);
+ System.exit(0);
+ }
}
http://git-wip-us.apache.org/repos/asf/sentry/blob/3dc878e1/sentry-tools/src/main/java/org/apache/sentry/shell/ShellUtil.java
----------------------------------------------------------------------
diff --git a/sentry-tools/src/main/java/org/apache/sentry/shell/ShellUtil.java b/sentry-tools/src/main/java/org/apache/sentry/shell/ShellUtil.java
deleted file mode 100644
index 307a05e..0000000
--- a/sentry-tools/src/main/java/org/apache/sentry/shell/ShellUtil.java
+++ /dev/null
@@ -1,134 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-package org.apache.sentry.shell;
-
-import org.apache.sentry.core.common.exception.SentryUserException;
-import org.apache.sentry.provider.db.service.thrift.*;
-import org.apache.sentry.provider.db.tools.ShellCommand;
-import org.apache.sentry.provider.db.tools.command.hive.HiveShellCommand;
-
-import java.util.*;
-
-/**
- * ShellUtil implements actual commands
- */
-class ShellUtil {
-
- private final ShellCommand command;
- private final String authUser;
-
- ShellUtil(SentryPolicyServiceClient sentryClient, String authUser) {
- this.authUser = authUser;
- command = new HiveShellCommand(sentryClient);
- }
-
- List<String> listRoles() {
- return listRoles(null);
- }
-
- List<String> listRoles(String group) {
- try {
- List<String> result = command.listRoles(authUser, group);
- Collections.sort(result);
- return result;
- } catch (SentryUserException e) {
- System.out.printf("failed to list roles with group %s: %s\n",
- group, e.toString());
- return Collections.emptyList();
- }
- }
-
- void createRoles(String ...roles) {
- for (String role : roles) {
- try {
- command.createRole(authUser, role);
- } catch (SentryUserException e) {
- System.out.printf("failed to create role %s: %s\n",
- role, e.toString());
- }
- }
- }
-
- void dropRoles(String ...roles) {
- for (String role : roles) {
- try {
- command.dropRole(authUser, role);
- } catch (SentryUserException e) {
- System.out.printf("failed to drop role %s: %s\n",
- role, e.toString());
- }
- }
- }
-
- List<String> listGroupRoles() {
- try {
- return command.listGroupRoles(authUser);
- } catch (SentryUserException e) {
- System.out.printf("failed to list the groups and roles: %s\n", e.toString());
- return Collections.emptyList();
- }
- }
-
- void grantGroupsToRole(String roleName, String ...groups) {
- try {
- Set<String> groupsSet = new HashSet<>(Arrays.asList(groups));
- command.grantRoleToGroups(authUser, roleName, groupsSet);
- } catch (SentryUserException e) {
- System.out.printf("Failed to gran role %s to groups: %s\n",
- roleName, e.toString());
- }
- }
-
- void revokeGroupsFromRole(String roleName, String ...groups) {
- try {
- Set<String> groupsSet = new HashSet<>(Arrays.asList(groups));
- command.revokeRoleFromGroups(authUser, roleName, groupsSet);
- } catch (SentryUserException e) {
- System.out.printf("Failed to revoke role %s to groups: %s\n",
- roleName, e.toString());
- }
- }
-
- void grantPrivilegeToRole(String roleName, String privilege) {
- try {
- command.grantPrivilegeToRole(authUser, roleName, privilege);
- } catch (SentryUserException e) {
- System.out.println("Error granting privilege: " + e.toString());
- }
- }
-
- List<String> listPrivileges(String roleName) {
- try {
- return command.listPrivileges(authUser, roleName);
- } catch (SentryUserException e) {
- System.out.println("Failed to list privileges: " + e.toString());
- return Collections.emptyList();
- }
- }
-
- void revokePrivilegeFromRole(String roleName, String privilegeStr) {
- try {
- command.revokePrivilegeFromRole(authUser, roleName, privilegeStr);
- } catch (SentryUserException e) {
- System.out.println("failed to revoke privilege: " + e.toString());
- }
- }
-
-
-}
http://git-wip-us.apache.org/repos/asf/sentry/blob/3dc878e1/sentry-tools/src/main/java/org/apache/sentry/shell/TopLevelShell.java
----------------------------------------------------------------------
diff --git a/sentry-tools/src/main/java/org/apache/sentry/shell/TopLevelShell.java b/sentry-tools/src/main/java/org/apache/sentry/shell/TopLevelShell.java
index ba4a204..b8f365f 100644
--- a/sentry-tools/src/main/java/org/apache/sentry/shell/TopLevelShell.java
+++ b/sentry-tools/src/main/java/org/apache/sentry/shell/TopLevelShell.java
@@ -18,139 +18,284 @@
package org.apache.sentry.shell;
-import com.budhash.cliche.*;
+import org.apache.sentry.core.common.exception.SentryUserException;
+import org.apache.sentry.provider.common.AuthorizationComponent;
+import org.apache.sentry.provider.db.generic.service.thrift.SentryGenericServiceClient;
+import org.apache.sentry.provider.db.generic.tools.GenericPrivilegeConverter;
+import org.apache.sentry.provider.db.generic.tools.command.GenericShellCommand;
+import org.apache.sentry.provider.db.generic.tools.command.TSentryPrivilegeConverter;
import org.apache.sentry.provider.db.service.thrift.SentryPolicyServiceClient;
+import org.apache.sentry.provider.db.tools.ShellCommand;
+import org.apache.sentry.provider.db.tools.command.hive.HiveShellCommand;
+
+import com.budhash.cliche.Command;
+import com.budhash.cliche.Param;
+import com.budhash.cliche.Shell;
+import com.budhash.cliche.ShellDependent;
+import com.budhash.cliche.ShellFactory;
import java.io.IOException;
+import java.util.Arrays;
+import java.util.Collections;
+import java.util.HashSet;
import java.util.List;
+import java.util.Set;
/**
* Top level commands
*/
public class TopLevelShell implements ShellDependent, Runnable {
- private final Shell topShell;
- private final ShellUtil tools;
- private Shell shell; // top level shell object
-
- private final String authUser;
- private final SentryPolicyServiceClient sentryClient;
-
- TopLevelShell(SentryPolicyServiceClient sentryClient,
- String authUser) {
- this.authUser = authUser;
- this.sentryClient = sentryClient;
- this.tools = new ShellUtil(sentryClient, authUser);
- topShell = ShellFactory.createConsoleShell("sentry",
- "sentry shell\n" +
- "Enter ?l to list available commands.",
- this);
- }
+ public enum TYPE { kafka, hive, solr, sqoop };
+
+ private final Shell topShell;
+ private ShellCommand shellCommand;
+ private Shell shell; // top level shell object
+
+ private final String authUser;
+ private final SentryPolicyServiceClient sentryClient;
+ private final SentryGenericServiceClient sentryGenericClient;
+
+ TopLevelShell(SentryPolicyServiceClient sentryClient,
+ SentryGenericServiceClient sentryGenericClient,
+ String authUser) {
+ this.authUser = authUser;
+ this.sentryClient = sentryClient;
+ this.sentryGenericClient = sentryGenericClient;
+ shellCommand = new HiveShellCommand(sentryClient);
+ topShell = ShellFactory.createConsoleShell("sentry",
+ "sentry shell\n" +
+ "Enter ?l to list available commands.",
+ this);
+ }
+
+ @Command(description="list, create and remove roles")
+ public void roles() throws IOException {
+ ShellFactory.createSubshell("roles", shell, "roles commands",
+ new RolesShell(shellCommand, authUser)).commandLoop();
+ }
- @Command(description="list, create and remove roles")
- public void roles() throws IOException {
- ShellFactory.createSubshell("roles", shell, "roles commands",
- new RolesShell(sentryClient, authUser)).commandLoop();
+ @Command(description = "list, create and remove groups")
+ public void groups() throws IOException {
+ ShellFactory.createSubshell("groups", shell, "groups commands",
+ new GroupShell(shellCommand, authUser)).commandLoop();
+ }
+
+ @Command(description = "list, create and remove privileges")
+ public void privileges() throws IOException {
+ ShellFactory.createSubshell("privileges", shell, "privileges commands",
+ new PrivsShell(shellCommand, authUser)).commandLoop();
+ }
+
+ @Command(description = "List sentry roles. shows all available roles.")
+ public List<String> listRoles() {
+ try {
+ List<String> result = shellCommand.listRoles(authUser, null);
+ Collections.sort(result);
+ return result;
+ } catch (SentryUserException e) {
+ System.out.printf("failed to list roles: %s\n", e.toString());
+ return Collections.emptyList();
}
+ }
- @Command(description = "list, create and remove groups")
- public void groups() throws IOException {
- ShellFactory.createSubshell("groups", shell, "groups commands",
- new GroupShell(sentryClient, authUser)).commandLoop();
+ @Command(description = "List sentry roles by group")
+ public List<String> listRoles(
+ @Param(name = "groupName")
+ String group) {
+ try {
+ List<String> result = shellCommand.listRoles(authUser, group);
+ Collections.sort(result);
+ return result;
+ } catch (SentryUserException e) {
+ System.out.printf("failed to list roles with group %s: %s\n",
+ group, e.toString());
+ return Collections.emptyList();
}
+ }
- @Command(description = "list, create and remove privileges")
- public void privileges() throws IOException {
- ShellFactory.createSubshell("privileges", shell, "privileges commands",
- new PrivsShell(sentryClient, authUser)).commandLoop();
+ @Command(abbrev = "lg", header = "[groups]",
+ description = "list groups and their roles")
+ public List<String> listGroups() {
+ try {
+ return shellCommand.listGroupRoles(authUser);
+ } catch (SentryUserException e) {
+ System.out.printf("failed to list the groups and roles: %s\n", e.toString());
+ return Collections.emptyList();
}
+ }
- @Command(description = "List sentry roles. shows all available roles.")
- public List<String> listRoles() {
- return tools.listRoles();
+ @Command(description = "Grant role to groups")
+ public void grantRole(
+ @Param(name = "roleName")
+ String roleName,
+ @Param(name = "group...") String ...groups) {
+ try {
+ Set<String> groupsSet = new HashSet<>(Arrays.asList(groups));
+ shellCommand.grantRoleToGroups(authUser, roleName, groupsSet);
+ } catch (SentryUserException e) {
+ System.out.printf("Failed to gran role %s to groups: %s\n",
+ roleName, e.toString());
}
+ }
- @Command(description = "List sentry roles by group")
- public List<String> listRoles(
- @Param(name = "groupName")
- String group) {
- return tools.listRoles(group);
+ @Command(abbrev = "grm", description = "Revoke role from groups")
+ public void revokeRole(
+ @Param(name = "roleName")
+ String roleName,
+ @Param(name = "group...")
+ String ...groups) {
+ try {
+ Set<String> groupsSet = new HashSet<>(Arrays.asList(groups));
+ shellCommand.revokeRoleFromGroups(authUser, roleName, groupsSet);
+ } catch (SentryUserException e) {
+ System.out.printf("Failed to revoke role %s to groups: %s\n",
+ roleName, e.toString());
}
+ }
- @Command(abbrev = "lg", header = "[groups]",
- description = "list groups and their roles")
- public List<String> listGroups() {
- return tools.listGroupRoles();
+ @Command(description = "Create Sentry role(s).")
+ public void createRole(
+ @Param(name = "roleName", description = "name of role to create")
+ String ...roles) {
+ for (String role : roles) {
+ try {
+ shellCommand.createRole(authUser, role);
+ } catch (SentryUserException e) {
+ System.out.printf("failed to create role %s: %s\n",
+ role, e.toString());
+ }
}
+ }
- @Command(description = "Grant role to groups")
- public void grantRole(
- @Param(name = "roleName")
- String roleName,
- @Param(name = "group...") String ...groups) {
- tools.grantGroupsToRole(roleName, groups);
+ @Command(abbrev = "dr", description = "drop Sentry role(s).")
+ public void dropRole(
+ @Param(name = "roleName ...", description = "role names to drop")
+ String ...roles) {
+ for (String role : roles) {
+ try {
+ shellCommand.dropRole(authUser, role);
+ } catch (SentryUserException e) {
+ System.out.printf("failed to drop role %s: %s\n",
+ role, e.toString());
+ }
}
+ }
- @Command(abbrev = "grm",
- description = "Revoke role from groups")
- public void revokeRole(
- @Param(name = "roleName")
- String roleName,
- @Param(name = "group...")
- String ...groups) {
- tools.revokeGroupsFromRole(roleName, groups);
+ @Command(description = "list Sentry privileges")
+ public List<String> listPrivileges(
+ @Param(name = "roleName")
+ String roleName) {
+ try {
+ return shellCommand.listPrivileges(authUser, roleName);
+ } catch (SentryUserException e) {
+ System.out.println("Failed to list privileges: " + e.toString());
+ return Collections.emptyList();
}
+ }
- @Command(description = "Create Sentry role(s).")
- public void createRole(
- @Param(name = "roleName", description = "name of role to create")
- String ...roles) {
- tools.createRoles(roles);
+ @Command(description = "Grant privilege to role")
+ public void grantPrivilege(
+ @Param(name = "roleName")
+ String roleName,
+ @Param(name = "privilege", description = "privilege string, e.g. server=s1->db=foo")
+ String privilege) {
+ try {
+ shellCommand.grantPrivilegeToRole(authUser, roleName, privilege);
+ } catch (SentryUserException e) {
+ System.out.println("Error granting privilege: " + e.toString());
}
+ }
- @Command(abbrev = "dr", description = "drop Sentry role(s).")
- public void dropRole(
- @Param(name = "roleName ...", description = "role names to drop")
- String ...roles) {
- tools.dropRoles(roles);
+ @Command
+ public void revokePrivilege(
+ @Param(name = "roleName")
+ String roleName,
+ @Param(name = "privilege", description = "privilege string, e.g. server=s1->db=foo")
+ String privilege) {
+ try {
+ shellCommand.revokePrivilegeFromRole(authUser, roleName, privilege);
+ } catch (SentryUserException e) {
+ System.out.println("failed to revoke privilege: " + e.toString());
}
+ }
- @Command(description = "list Sentry privileges")
- public List<String> listPrivileges(
- @Param(name = "roleName")
- String roleName) {
- return tools.listPrivileges(roleName);
+ @Command(description = "Set the type: hive, kafka, sqoop, solr, etc.")
+ public void type(
+ @Param(name = "type", description = "the type to set: hive, kafka, sqoop, solr, etc.")
+ String type) {
+ // Check it's a valid type first
+ try {
+ TYPE parsedType = TYPE.valueOf(type);
+ if (parsedType == TYPE.hive) {
+ shellCommand = new HiveShellCommand(sentryClient);
+ } else {
+ String component = getComponent(parsedType);
+ String service = getService(parsedType);
+ TSentryPrivilegeConverter converter = new GenericPrivilegeConverter(component, service);
+ shellCommand = new GenericShellCommand(sentryGenericClient, component, service, converter);
+ }
+ } catch (IllegalArgumentException ex) {
+ System.out.printf("The %s type value is not an accepted type value\n", type);
}
+ }
- @Command(description = "Grant privilege to role")
- public void grantPrivilege(
- @Param(name = "roleName")
- String roleName,
- @Param(name = "privilege", description = "privilege string, e.g. server=s1->db=foo")
- String privilege) {
- tools.grantPrivilegeToRole(roleName, privilege);
+ @Command(description = "Set the type: hive, kafka, sqoop, solr, etc.")
+ public void type(
+ @Param(name = "type", description = "the type to set: hive, kafka, sqoop, solr, etc.")
+ String type,
+ @Param(name = "service", description = "the service name")
+ String service) {
+ try {
+ // Check it's a valid type first
+ TYPE parsedType = TYPE.valueOf(type);
+ if (parsedType == TYPE.hive) {
+ shellCommand = new HiveShellCommand(sentryClient);
+ } else {
+ String component = getComponent(parsedType);
+ TSentryPrivilegeConverter converter = new GenericPrivilegeConverter(component, service);
+ shellCommand = new GenericShellCommand(sentryGenericClient, component, service, converter);
+ }
+ } catch (IllegalArgumentException ex) {
+ System.out.printf("The %s type value is not an accepted type value\n", type);
}
+ }
+
+ @Override
+ public void cliSetShell(Shell theShell) {
+ this.shell = theShell;
+ }
- @Command
- public void revokePrivilege(
- @Param(name = "roleName")
- String roleName,
- @Param(name = "privilege", description = "privilege string, e.g. server=s1->db=foo")
- String privilege) {
- tools.revokePrivilegeFromRole(roleName, privilege);
+ @Override
+ public void run() {
+ try {
+ this.topShell.commandLoop();
+ } catch (IOException e) {
+ System.out.println("error: " + e.toString());
}
+ }
- @Override
- public void cliSetShell(Shell theShell) {
- this.shell = theShell;
+ private String getComponent(TYPE type) {
+ if (type == TYPE.kafka) {
+ return AuthorizationComponent.KAFKA;
+ } else if (type == TYPE.solr) {
+ return "SOLR";
+ } else if (type == TYPE.sqoop) {
+ return AuthorizationComponent.SQOOP;
}
- @Override
- public void run() {
- try {
- this.topShell.commandLoop();
- } catch (IOException e) {
- System.out.println("error: " + e.toString());
- }
+ throw new IllegalArgumentException("Invalid type specified for SentryShellGeneric: " + type);
+ }
+
+ private String getService(TYPE type) {
+ if (type == TYPE.kafka) {
+ return AuthorizationComponent.KAFKA;
+ } else if (type == TYPE.solr) {
+ return "service1";
+ } else if (type == TYPE.sqoop) {
+ return "sqoopServer1";
}
+
+ throw new IllegalArgumentException("Invalid type specified for SentryShellGeneric: " + type);
+ }
}
[17/23] sentry git commit: Merge branch 'master' into akolb-cli
Posted by co...@apache.org.
Merge branch 'master' into akolb-cli
Project: http://git-wip-us.apache.org/repos/asf/sentry/repo
Commit: http://git-wip-us.apache.org/repos/asf/sentry/commit/a689c65f
Tree: http://git-wip-us.apache.org/repos/asf/sentry/tree/a689c65f
Diff: http://git-wip-us.apache.org/repos/asf/sentry/diff/a689c65f
Branch: refs/heads/master
Commit: a689c65f03b82b75c7a23b5f974c8d7c7a3d4c97
Parents: 8fdfad8 2314e46
Author: Colm O hEigeartaigh <co...@apache.org>
Authored: Fri Nov 17 11:01:48 2017 +0000
Committer: Colm O hEigeartaigh <co...@apache.org>
Committed: Fri Nov 17 11:01:48 2017 +0000
----------------------------------------------------------------------
bin/sentryShell | 6 +-
.../common/AbstractAuthorizableFactory.java | 72 ++++++
.../sentry/core/common/AuthorizableFactory.java | 50 +++++
.../sentry/core/common/AuthorizableType.java | 21 ++
.../core/model/kafka/KafkaAuthorizable.java | 2 +-
.../model/kafka/KafkaModelAuthorizables.java | 27 +--
.../core/model/solr/SolrModelAuthorizable.java | 6 +-
.../core/model/solr/SolrModelAuthorizables.java | 52 ++---
.../core/model/sqoop/SqoopAuthorizable.java | 2 +-
.../model/sqoop/SqoopModelAuthorizables.java | 50 ++---
.../tools/GenericPrivilegeConverter.java | 96 ++++----
.../db/generic/tools/SentryConfigToolSolr.java | 9 +-
.../db/generic/tools/SentryShellGeneric.java | 51 ++---
.../db/generic/tools/SentryShellKafka.java | 71 ++++++
.../db/generic/tools/SentryShellSolr.java | 52 +++++
.../db/generic/tools/SentryShellSqoop.java | 52 +++++
.../generic/tools/TestSentryConfigToolSolr.java | 9 +-
.../db/generic/tools/TestSentryShellKafka.java | 207 ++++++++---------
.../db/generic/tools/TestSentryShellSolr.java | 224 +++++++++----------
.../db/generic/tools/TestSentryShellSqoop.java | 164 +++++++-------
20 files changed, 750 insertions(+), 473 deletions(-)
----------------------------------------------------------------------
[22/23] sentry git commit: Merge branch 'master' into akolb-cli
Posted by co...@apache.org.
Merge branch 'master' into akolb-cli
Project: http://git-wip-us.apache.org/repos/asf/sentry/repo
Commit: http://git-wip-us.apache.org/repos/asf/sentry/commit/b8cc95a0
Tree: http://git-wip-us.apache.org/repos/asf/sentry/tree/b8cc95a0
Diff: http://git-wip-us.apache.org/repos/asf/sentry/diff/b8cc95a0
Branch: refs/heads/master
Commit: b8cc95a0b62bf0e4bc1c6463849940baa72bc4c9
Parents: 332bc1b 9fd29f9
Author: Colm O hEigeartaigh <co...@apache.org>
Authored: Wed Nov 22 15:19:39 2017 +0000
Committer: Colm O hEigeartaigh <co...@apache.org>
Committed: Wed Nov 22 15:19:39 2017 +0000
----------------------------------------------------------------------
.../binding/hive/HiveAuthzBindingHook.java | 4 +-
sentry-binding/sentry-binding-solr/pom.xml | 1 -
.../solr/authz/SentrySolrPluginImpl.java | 54 ++-
.../core/common/utils/PolicyFileConstants.java | 8 +
.../sentry/core/common/utils/PolicyFiles.java | 48 +++
.../common/utils/StrictStringTokenizer.java | 59 +++
.../sentry/core/common/utils/Version.java | 239 ++++++++++++
.../sentry/policy/common/PrivilegeUtils.java | 11 +-
.../tools/PermissionsMigrationToolCommon.java | 343 ++++++++++++++++++
.../tools/PermissionsMigrationToolSolr.java | 109 ++++++
.../db/service/persistent/SentryStore.java | 17 +
.../sentry/service/thrift/HMSFollower.java | 11 +-
.../tools/TestPermissionsMigrationToolSolr.java | 362 +++++++++++++++++++
.../db/service/persistent/TestSentryStore.java | 18 +-
.../sentry/service/thrift/TestHMSFollower.java | 95 +++++
.../TestDbSentryOnFailureHookLoading.java | 15 +-
.../tests/e2e/hdfs/TestHDFSIntegrationBase.java | 2 +-
.../AbstractTestWithStaticConfiguration.java | 4 +-
sentry-tests/sentry-tests-solr/pom.xml | 4 +-
.../e2e/solr/AbstractSolrSentryTestCase.java | 265 ++++----------
.../e2e/solr/SolrSentryServiceTestBase.java | 211 +++++++++++
.../tests/e2e/solr/TestDocLevelOperations.java | 2 +-
.../tests/e2e/solr/TestSolrAdminOperations.java | 19 +-
.../e2e/solr/TestSolrCollectionOperations.java | 57 +--
.../e2e/solr/TestSolrConfigOperations.java | 2 +-
.../e2e/solr/TestSolrSchemaOperations.java | 2 +-
.../TestSolrWithSimpleFileProviderBackend.java | 127 +++++++
.../solr/sentry/test-authz-provider.ini | 104 +-----
28 files changed, 1785 insertions(+), 408 deletions(-)
----------------------------------------------------------------------
[23/23] sentry git commit: Minor fixes
Posted by co...@apache.org.
Minor fixes
Project: http://git-wip-us.apache.org/repos/asf/sentry/repo
Commit: http://git-wip-us.apache.org/repos/asf/sentry/commit/ef81e090
Tree: http://git-wip-us.apache.org/repos/asf/sentry/tree/ef81e090
Diff: http://git-wip-us.apache.org/repos/asf/sentry/diff/ef81e090
Branch: refs/heads/master
Commit: ef81e090782ea9188f66ddfb713b61f6931c074f
Parents: b8cc95a
Author: Colm O hEigeartaigh <co...@apache.org>
Authored: Wed Nov 22 15:49:56 2017 +0000
Committer: Colm O hEigeartaigh <co...@apache.org>
Committed: Wed Nov 22 15:49:56 2017 +0000
----------------------------------------------------------------------
.../src/main/java/org/apache/sentry/shell/TopLevelShell.java | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/sentry/blob/ef81e090/sentry-tools/src/main/java/org/apache/sentry/shell/TopLevelShell.java
----------------------------------------------------------------------
diff --git a/sentry-tools/src/main/java/org/apache/sentry/shell/TopLevelShell.java b/sentry-tools/src/main/java/org/apache/sentry/shell/TopLevelShell.java
index 0ddf295..d9952a9 100644
--- a/sentry-tools/src/main/java/org/apache/sentry/shell/TopLevelShell.java
+++ b/sentry-tools/src/main/java/org/apache/sentry/shell/TopLevelShell.java
@@ -226,7 +226,7 @@ public class TopLevelShell implements ShellDependent, Runnable {
String type) {
// Check it's a valid type first
try {
- TYPE parsedType = TYPE.valueOf(type);
+ TYPE parsedType = parseType(type);
if (parsedType == TYPE.HIVE) {
shellCommand = new HiveShellCommand(sentryClient);
} else {
@@ -236,7 +236,7 @@ public class TopLevelShell implements ShellDependent, Runnable {
shellCommand = new GenericShellCommand(sentryGenericClient, component, service, converter);
}
} catch (IllegalArgumentException ex) {
- System.out.printf("The %s type value is not an accepted type value\n", type);
+ System.out.printf("%s is not an accepted type value\n", type);
}
}
@@ -257,7 +257,7 @@ public class TopLevelShell implements ShellDependent, Runnable {
shellCommand = new GenericShellCommand(sentryGenericClient, component, service, converter);
}
} catch (IllegalArgumentException ex) {
- System.out.printf("The %s type value is not an accepted type value\n", type);
+ System.out.printf("%s is not an accepted type value\n", type);
}
}
[19/23] sentry git commit: Merge branch 'master' into akolb-cli
Posted by co...@apache.org.
Merge branch 'master' into akolb-cli
Project: http://git-wip-us.apache.org/repos/asf/sentry/repo
Commit: http://git-wip-us.apache.org/repos/asf/sentry/commit/fe3ef237
Tree: http://git-wip-us.apache.org/repos/asf/sentry/tree/fe3ef237
Diff: http://git-wip-us.apache.org/repos/asf/sentry/diff/fe3ef237
Branch: refs/heads/master
Commit: fe3ef2370c64f221d45f4156d1d25e0ffecb0b56
Parents: 81128e6 372ffc9
Author: Colm O hEigeartaigh <co...@apache.org>
Authored: Mon Nov 20 14:47:11 2017 +0000
Committer: Colm O hEigeartaigh <co...@apache.org>
Committed: Mon Nov 20 14:47:11 2017 +0000
----------------------------------------------------------------------
bin/sentryShell | 6 +-
pom.xml | 17 +-
.../json/SentryJSONMessageDeserializer.java | 79 ++++++-
.../json/SentryJSONMessageFactory.java | 48 ++++
.../hive/ql/exec/SentryFilterDDLTask.java | 9 +-
.../hive/ql/exec/SentryGrantRevokeTask.java | 7 +-
.../binding/hive/HiveAuthzBindingHook.java | 2 +-
.../hive/authz/DefaultSentryValidator.java | 17 ++
.../hive/authz/HiveAuthzBindingHookBase.java | 10 -
.../hive/authz/SentryHiveAuthorizerImpl.java | 13 ++
.../metastore/SentryHiveMetaStoreClient.java | 2 +-
...rySyncHMSNotificationsPostEventListener.java | 230 +++++++++++++++++++
.../TestSentryHiveAuthorizationTaskFactory.java | 16 +-
...rySyncHMSNotificationsPostEventListener.java | 161 +++++++++++++
.../common/AbstractAuthorizableFactory.java | 72 ------
.../sentry/core/common/AuthorizableFactory.java | 50 ----
.../sentry/core/common/AuthorizableType.java | 21 --
.../sentry/core/common/utils/PathUtils.java | 8 +-
.../sentry/core/common/utils/TestPathUtils.java | 27 +++
.../core/model/kafka/KafkaAuthorizable.java | 2 +-
.../model/kafka/KafkaModelAuthorizables.java | 27 ++-
.../core/model/solr/SolrModelAuthorizable.java | 6 +-
.../core/model/solr/SolrModelAuthorizables.java | 52 +++--
.../core/model/sqoop/SqoopAuthorizable.java | 2 +-
.../model/sqoop/SqoopModelAuthorizables.java | 50 ++--
.../tools/GenericPrivilegeConverter.java | 96 +++++---
.../db/generic/tools/SentryConfigToolSolr.java | 9 +-
.../db/generic/tools/SentryShellGeneric.java | 51 ++--
.../db/generic/tools/SentryShellKafka.java | 71 ------
.../db/generic/tools/SentryShellSolr.java | 52 -----
.../db/generic/tools/SentryShellSqoop.java | 52 -----
.../db/service/persistent/SentryStore.java | 2 +-
.../thrift/SentryPolicyServiceClient.java | 9 +
.../SentryPolicyServiceClientDefaultImpl.java | 13 ++
.../generic/tools/TestSentryConfigToolSolr.java | 9 +-
.../db/generic/tools/TestSentryShellKafka.java | 207 +++++++++--------
.../db/generic/tools/TestSentryShellSolr.java | 224 +++++++++---------
.../db/generic/tools/TestSentryShellSqoop.java | 164 ++++++-------
.../db/service/persistent/TestSentryStore.java | 57 +++++
.../e2e/hdfs/TestHDFSIntegrationAdvanced.java | 9 +-
.../tests/e2e/hdfs/TestHDFSIntegrationBase.java | 9 +
.../e2e/hive/TestPrivilegesAtColumnScope.java | 31 +--
.../e2e/hive/hiveserver/HiveServerFactory.java | 15 ++
...actMetastoreTestWithStaticConfiguration.java | 3 +-
.../e2e/metastore/TestMetastoreEndToEnd.java | 6 +-
sentry-tests/sentry-tests-solr/pom.xml | 8 +
46 files changed, 1232 insertions(+), 799 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/sentry/blob/fe3ef237/pom.xml
----------------------------------------------------------------------
[14/23] sentry git commit: Adding listGroupRoles functionality from
master
Posted by co...@apache.org.
Adding listGroupRoles functionality from master
Project: http://git-wip-us.apache.org/repos/asf/sentry/repo
Commit: http://git-wip-us.apache.org/repos/asf/sentry/commit/d3847878
Tree: http://git-wip-us.apache.org/repos/asf/sentry/tree/d3847878
Diff: http://git-wip-us.apache.org/repos/asf/sentry/diff/d3847878
Branch: refs/heads/master
Commit: d38478787d36ac6b2c87eaebeb3c7face43cf0d7
Parents: f951f09
Author: Colm O hEigeartaigh <co...@apache.org>
Authored: Thu Nov 16 10:19:05 2017 +0000
Committer: Colm O hEigeartaigh <co...@apache.org>
Committed: Thu Nov 16 10:19:05 2017 +0000
----------------------------------------------------------------------
.../java/org/apache/sentry/shell/ShellUtil.java | 66 +++-----------------
1 file changed, 8 insertions(+), 58 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/sentry/blob/d3847878/sentry-tools/src/main/java/org/apache/sentry/shell/ShellUtil.java
----------------------------------------------------------------------
diff --git a/sentry-tools/src/main/java/org/apache/sentry/shell/ShellUtil.java b/sentry-tools/src/main/java/org/apache/sentry/shell/ShellUtil.java
index 13d194d..307a05e 100644
--- a/sentry-tools/src/main/java/org/apache/sentry/shell/ShellUtil.java
+++ b/sentry-tools/src/main/java/org/apache/sentry/shell/ShellUtil.java
@@ -20,7 +20,6 @@ package org.apache.sentry.shell;
import org.apache.sentry.core.common.exception.SentryUserException;
import org.apache.sentry.provider.db.service.thrift.*;
-import org.apache.sentry.provider.db.tools.SentryShellCommon;
import org.apache.sentry.provider.db.tools.ShellCommand;
import org.apache.sentry.provider.db.tools.command.hive.HiveShellCommand;
@@ -45,8 +44,7 @@ class ShellUtil {
List<String> listRoles(String group) {
try {
- // TODO remove "null" here
- List<String> result = command.listRoles(authUser, null, group);
+ List<String> result = command.listRoles(authUser, group);
Collections.sort(result);
return result;
} catch (SentryUserException e) {
@@ -79,65 +77,18 @@ class ShellUtil {
}
List<String> listGroupRoles() {
- // TODO
- return Collections.emptyList();
- /*
- Set<TSentryRole> roles = null;
-
try {
- roles = sentryClient.listAllRoles(authUser);
+ return command.listGroupRoles(authUser);
} catch (SentryUserException e) {
- System.out.println("Error reading roles: " + e.toString());
- }
-
- if (roles == null || roles.isEmpty()) {
- return new ArrayList<>();
- }
-
- // Set of all group names
- Set<String> groupNames = new HashSet<>();
-
- // Map group to set of roles
- Map<String, Set<String>> groupInfo = new HashMap<>();
-
- // Get all group names
- for (TSentryRole role: roles) {
- for (TSentryGroup group: role.getGroups()) {
- String groupName = group.getGroupName();
- groupNames.add(groupName);
- Set<String> groupRoles = groupInfo.get(groupName);
- if (groupRoles != null) {
- // Add a new or existing role
- groupRoles.add(role.getRoleName());
- continue;
- }
- // Never seen this group before
- groupRoles = new HashSet<>();
- groupRoles.add(role.getRoleName());
- groupInfo.put(groupName, groupRoles);
- }
- }
-
- List<String> groups = new ArrayList<>(groupNames);
- Collections.sort(groups);
-
- // Produce printable result as
- // group1 = role1, role2, ...
- // group2 = ...
- List<String> result = new LinkedList<>();
- for(String groupName: groups) {
- result.add(groupName + " = " +
- StringUtils.join(groupInfo.get(groupName), ", "));
+ System.out.printf("failed to list the groups and roles: %s\n", e.toString());
+ return Collections.emptyList();
}
- return result;
- */
}
void grantGroupsToRole(String roleName, String ...groups) {
try {
- // TODO change grantRoleToGroups
- String joinedGroups = String.join(SentryShellCommon.GROUP_SPLIT_CHAR, groups);
- command.grantRoleToGroups(authUser, roleName, joinedGroups);
+ Set<String> groupsSet = new HashSet<>(Arrays.asList(groups));
+ command.grantRoleToGroups(authUser, roleName, groupsSet);
} catch (SentryUserException e) {
System.out.printf("Failed to gran role %s to groups: %s\n",
roleName, e.toString());
@@ -146,9 +97,8 @@ class ShellUtil {
void revokeGroupsFromRole(String roleName, String ...groups) {
try {
- // TODO change revokeRoleFromGroups
- String joinedGroups = String.join(SentryShellCommon.GROUP_SPLIT_CHAR, groups);
- command.revokeRoleFromGroups(authUser, roleName, joinedGroups);
+ Set<String> groupsSet = new HashSet<>(Arrays.asList(groups));
+ command.revokeRoleFromGroups(authUser, roleName, groupsSet);
} catch (SentryUserException e) {
System.out.printf("Failed to revoke role %s to groups: %s\n",
roleName, e.toString());
[20/23] sentry git commit: Removing validators now that SENTRY-2012
is not going to make it into Sentry 2.0.0
Posted by co...@apache.org.
Removing validators now that SENTRY-2012 is not going to make it into Sentry 2.0.0
Project: http://git-wip-us.apache.org/repos/asf/sentry/repo
Commit: http://git-wip-us.apache.org/repos/asf/sentry/commit/b882eb49
Tree: http://git-wip-us.apache.org/repos/asf/sentry/tree/b882eb49
Diff: http://git-wip-us.apache.org/repos/asf/sentry/diff/b882eb49
Branch: refs/heads/master
Commit: b882eb496c9060e8dfeb0f648b2fd126384d077b
Parents: fe3ef23
Author: Colm O hEigeartaigh <co...@apache.org>
Authored: Mon Nov 20 14:53:07 2017 +0000
Committer: Colm O hEigeartaigh <co...@apache.org>
Committed: Mon Nov 20 14:53:07 2017 +0000
----------------------------------------------------------------------
.../org/apache/sentry/shell/TopLevelShell.java | 60 +-------------------
1 file changed, 2 insertions(+), 58 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/sentry/blob/b882eb49/sentry-tools/src/main/java/org/apache/sentry/shell/TopLevelShell.java
----------------------------------------------------------------------
diff --git a/sentry-tools/src/main/java/org/apache/sentry/shell/TopLevelShell.java b/sentry-tools/src/main/java/org/apache/sentry/shell/TopLevelShell.java
index a602e3f..9cb9a53 100644
--- a/sentry-tools/src/main/java/org/apache/sentry/shell/TopLevelShell.java
+++ b/sentry-tools/src/main/java/org/apache/sentry/shell/TopLevelShell.java
@@ -19,13 +19,6 @@
package org.apache.sentry.shell;
import org.apache.sentry.core.common.exception.SentryUserException;
-import org.apache.sentry.core.model.kafka.KafkaAuthorizable;
-import org.apache.sentry.core.model.kafka.KafkaModelAuthorizables;
-import org.apache.sentry.core.model.kafka.KafkaPrivilegeModel;
-import org.apache.sentry.core.model.solr.SolrModelAuthorizables;
-import org.apache.sentry.core.model.solr.SolrPrivilegeModel;
-import org.apache.sentry.core.model.sqoop.SqoopModelAuthorizables;
-import org.apache.sentry.core.model.sqoop.SqoopPrivilegeModel;
import org.apache.sentry.provider.common.AuthorizationComponent;
import org.apache.sentry.provider.db.generic.service.thrift.SentryGenericServiceClient;
import org.apache.sentry.provider.db.generic.tools.GenericPrivilegeConverter;
@@ -40,11 +33,6 @@ import com.budhash.cliche.Param;
import com.budhash.cliche.Shell;
import com.budhash.cliche.ShellDependent;
import com.budhash.cliche.ShellFactory;
-import com.google.common.base.Function;
-
-import static org.apache.sentry.core.common.utils.SentryConstants.AUTHORIZABLE_SEPARATOR;
-import static org.apache.sentry.core.common.utils.SentryConstants.KV_SEPARATOR;
-import static org.apache.sentry.core.common.utils.SentryConstants.RESOURCE_WILDCARD_VALUE;
import java.io.IOException;
import java.util.Arrays;
@@ -53,8 +41,6 @@ import java.util.HashSet;
import java.util.List;
import java.util.Set;
-import javax.annotation.Nullable;
-
/**
* Top level commands
*/
@@ -246,7 +232,7 @@ public class TopLevelShell implements ShellDependent, Runnable {
} else {
String component = getComponent(parsedType);
String service = getService(parsedType);
- TSentryPrivilegeConverter converter = getPrivilegeConverter(parsedType, component, service);
+ TSentryPrivilegeConverter converter = new GenericPrivilegeConverter(component, service);
shellCommand = new GenericShellCommand(sentryGenericClient, component, service, converter);
}
} catch (IllegalArgumentException ex) {
@@ -267,7 +253,7 @@ public class TopLevelShell implements ShellDependent, Runnable {
shellCommand = new HiveShellCommand(sentryClient);
} else {
String component = getComponent(parsedType);
- TSentryPrivilegeConverter converter = getPrivilegeConverter(parsedType, component, service);
+ TSentryPrivilegeConverter converter = new GenericPrivilegeConverter(component, service);
shellCommand = new GenericShellCommand(sentryGenericClient, component, service, converter);
}
} catch (IllegalArgumentException ex) {
@@ -313,46 +299,4 @@ public class TopLevelShell implements ShellDependent, Runnable {
throw new IllegalArgumentException("Invalid type specified for SentryShellGeneric: " + type);
}
- private TSentryPrivilegeConverter getPrivilegeConverter(TYPE type, String component, String service) {
- if (type == TYPE.kafka) {
- GenericPrivilegeConverter privilegeConverter = new GenericPrivilegeConverter(
- component,
- service,
- KafkaPrivilegeModel.getInstance().getPrivilegeValidators(),
- new KafkaModelAuthorizables(),
- true
- );
- privilegeConverter.setPrivilegeStrParser(new Function<String, String>() {
- @Nullable
- @Override
- public String apply(@Nullable String privilegeStr) {
- final String hostPrefix = KafkaAuthorizable.AuthorizableType.HOST.name() + KV_SEPARATOR;
- final String hostPrefixLowerCase = hostPrefix.toLowerCase();
- if (!privilegeStr.toLowerCase().startsWith(hostPrefixLowerCase)) {
- return hostPrefix + RESOURCE_WILDCARD_VALUE + AUTHORIZABLE_SEPARATOR + privilegeStr;
- }
- return privilegeStr;
- }
- });
- return privilegeConverter;
- } else if (type == TYPE.solr) {
- return new GenericPrivilegeConverter(
- component,
- service,
- SolrPrivilegeModel.getInstance().getPrivilegeValidators(),
- new SolrModelAuthorizables(),
- true
- );
- } else if (type == TYPE.sqoop) {
- return new GenericPrivilegeConverter(
- component,
- service,
- SqoopPrivilegeModel.getInstance().getPrivilegeValidators(service),
- new SqoopModelAuthorizables(),
- true
- );
- }
-
- throw new IllegalArgumentException("Invalid type specified for SentryShellGeneric: " + type);
- }
}
[21/23] sentry git commit: Adding Alexander's comments
Posted by co...@apache.org.
Adding Alexander's comments
Project: http://git-wip-us.apache.org/repos/asf/sentry/repo
Commit: http://git-wip-us.apache.org/repos/asf/sentry/commit/332bc1b7
Tree: http://git-wip-us.apache.org/repos/asf/sentry/tree/332bc1b7
Diff: http://git-wip-us.apache.org/repos/asf/sentry/diff/332bc1b7
Branch: refs/heads/master
Commit: 332bc1b741788992ca537a76e2d5f8b3c97b480f
Parents: b882eb4
Author: Colm O hEigeartaigh <co...@apache.org>
Authored: Wed Nov 22 15:19:04 2017 +0000
Committer: Colm O hEigeartaigh <co...@apache.org>
Committed: Wed Nov 22 15:19:04 2017 +0000
----------------------------------------------------------------------
bin/sentryCli | 16 +++----
.../java/org/apache/sentry/shell/SentryCli.java | 22 ---------
.../org/apache/sentry/shell/TopLevelShell.java | 50 ++++++++++++--------
3 files changed, 38 insertions(+), 50 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/sentry/blob/332bc1b7/bin/sentryCli
----------------------------------------------------------------------
diff --git a/bin/sentryCli b/bin/sentryCli
index 02e9edd..2a3d906 100755
--- a/bin/sentryCli
+++ b/bin/sentryCli
@@ -18,39 +18,37 @@
bin=`dirname "$0"`
myhome=`cd "$bin/.."; pwd`
-if [[ -z $SENTRY_HOME ]] ; then
- export SENTRY_HOME=$myhome
-fi
+export SENTRY_HOME=${SENTRY_HOME:-${myhome}}
# check for hadoop in the path
HADOOP_IN_PATH=`which hadoop 2>/dev/null`
-if [ -f ${HADOOP_IN_PATH} ]; then
+if [[ -f ${HADOOP_IN_PATH} ]]; then
HADOOP_DIR=`dirname "$HADOOP_IN_PATH"`/..
fi
# HADOOP_HOME env variable overrides hadoop in the path
HADOOP_HOME=${HADOOP_HOME:-${HADOOP_PREFIX:-$HADOOP_DIR}}
-if [ "$HADOOP_HOME" == "" ]; then
+if [[ -z ${HADOOP_HOME} ]]; then
echo "Cannot find hadoop installation: \$HADOOP_HOME or \$HADOOP_PREFIX must be set or hadoop must be in the path";
exit 4;
fi
HADOOP=$HADOOP_HOME/bin/hadoop
-if [ ! -f ${HADOOP} ]; then
+if [[ ! -f ${HADOOP} ]]; then
echo "Cannot find hadoop installation: \$HADOOP_HOME or \$HADOOP_PREFIX must be set or hadoop must be in the path";
exit 4;
fi
export _CMD_JAR=${SENTRY_SHELL_JAR:-sentry-provider-db-*.jar}
for f in ${SENTRY_HOME}/lib/*.jar; do
- HADOOP_CLASSPATH=${HADOOP_CLASSPATH}:${f}
+ HADOOP_CLASSPATH+=:${f}
done
export HADOOP_CLASSPATH
for f in ${SENTRY_HOME}/lib/server/*.jar; do
- HADOOP_CLASSPATH=${HADOOP_CLASSPATH}:${f}
+ HADOOP_CLASSPATH+=:${f}
done
for f in ${SENTRY_HOME}/lib/plugins/*.jar; do
- HADOOP_CLASSPATH=${HADOOP_CLASSPATH}:${f}
+ HADOOP_CLASSPATH+=:${f}
done
args=()
http://git-wip-us.apache.org/repos/asf/sentry/blob/332bc1b7/sentry-tools/src/main/java/org/apache/sentry/shell/SentryCli.java
----------------------------------------------------------------------
diff --git a/sentry-tools/src/main/java/org/apache/sentry/shell/SentryCli.java b/sentry-tools/src/main/java/org/apache/sentry/shell/SentryCli.java
index 75b845c..8b68d0d 100644
--- a/sentry-tools/src/main/java/org/apache/sentry/shell/SentryCli.java
+++ b/sentry-tools/src/main/java/org/apache/sentry/shell/SentryCli.java
@@ -27,8 +27,6 @@ import org.apache.sentry.provider.db.generic.service.thrift.SentryGenericService
import org.apache.sentry.provider.db.generic.service.thrift.SentryGenericServiceClientFactory;
import org.apache.sentry.provider.db.service.thrift.SentryPolicyServiceClient;
import org.apache.sentry.service.thrift.SentryServiceClientFactory;
-import org.slf4j.Logger;
-import org.slf4j.LoggerFactory;
import java.io.FileInputStream;
import java.io.IOException;
@@ -43,9 +41,7 @@ import static org.apache.sentry.service.thrift.ServiceConstants.ServerConfig.SEC
* Sentry interactive tool
*/
public class SentryCli {
- private static final Logger log = LoggerFactory.getLogger(SentryCli.class.getName());
private static final String LOG4J_CONF = "log4jConf";
- private final String[] args;
private Options options = new Options();
private CommandLine cmd;
@@ -92,7 +88,6 @@ public class SentryCli {
* @param args command-line arguments
*/
public SentryCli(String[] args) {
- this.args = args;
options.addOption("h", "help", false, "show help");
// file path of sentry-site
options.addOption("U", userOpt, true, "auth user");
@@ -112,23 +107,6 @@ public class SentryCli {
}
/**
- * Parse command-line arguments.
- */
- public void parse() {
- CommandLineParser parser = new GnuParser();
- try {
- cmd = parser.parse(options, args);
- if (cmd.hasOption("h")) {
- help();
- }
- } catch (ParseException e) {
- log.warn("error in parsing expression", e);
- help();
- System.exit(1);
- }
- }
-
- /**
* Initialize CLI
*/
private void init() {
http://git-wip-us.apache.org/repos/asf/sentry/blob/332bc1b7/sentry-tools/src/main/java/org/apache/sentry/shell/TopLevelShell.java
----------------------------------------------------------------------
diff --git a/sentry-tools/src/main/java/org/apache/sentry/shell/TopLevelShell.java b/sentry-tools/src/main/java/org/apache/sentry/shell/TopLevelShell.java
index 9cb9a53..0ddf295 100644
--- a/sentry-tools/src/main/java/org/apache/sentry/shell/TopLevelShell.java
+++ b/sentry-tools/src/main/java/org/apache/sentry/shell/TopLevelShell.java
@@ -46,7 +46,7 @@ import java.util.Set;
*/
public class TopLevelShell implements ShellDependent, Runnable {
- public enum TYPE { kafka, hive, solr, sqoop };
+ public enum TYPE { KAFKA, HIVE, SOLR, SQOOP };
private final Shell topShell;
private ShellCommand shellCommand;
@@ -227,7 +227,7 @@ public class TopLevelShell implements ShellDependent, Runnable {
// Check it's a valid type first
try {
TYPE parsedType = TYPE.valueOf(type);
- if (parsedType == TYPE.hive) {
+ if (parsedType == TYPE.HIVE) {
shellCommand = new HiveShellCommand(sentryClient);
} else {
String component = getComponent(parsedType);
@@ -248,8 +248,8 @@ public class TopLevelShell implements ShellDependent, Runnable {
String service) {
try {
// Check it's a valid type first
- TYPE parsedType = TYPE.valueOf(type);
- if (parsedType == TYPE.hive) {
+ TYPE parsedType = parseType(type);
+ if (parsedType == TYPE.HIVE) {
shellCommand = new HiveShellCommand(sentryClient);
} else {
String component = getComponent(parsedType);
@@ -276,27 +276,39 @@ public class TopLevelShell implements ShellDependent, Runnable {
}
private String getComponent(TYPE type) {
- if (type == TYPE.kafka) {
- return AuthorizationComponent.KAFKA;
- } else if (type == TYPE.solr) {
- return "SOLR";
- } else if (type == TYPE.sqoop) {
- return AuthorizationComponent.SQOOP;
+ switch (type) {
+ case KAFKA:
+ return AuthorizationComponent.KAFKA;
+ case SOLR:
+ return "SOLR";
+ case SQOOP:
+ return AuthorizationComponent.SQOOP;
+ default:
+ throw new IllegalArgumentException("Invalid type specified for SentryShellGeneric: " + type);
}
-
- throw new IllegalArgumentException("Invalid type specified for SentryShellGeneric: " + type);
}
private String getService(TYPE type) {
- if (type == TYPE.kafka) {
- return AuthorizationComponent.KAFKA;
- } else if (type == TYPE.solr) {
- return "service1";
- } else if (type == TYPE.sqoop) {
- return "sqoopServer1";
+ switch (type) {
+ case KAFKA:
+ return AuthorizationComponent.KAFKA;
+ case SOLR:
+ return "service1";
+ case SQOOP:
+ return "sqoopServer1";
+ default:
+ throw new IllegalArgumentException("Invalid type specified for SentryShellGeneric: " + type);
+ }
+ }
+
+ private TYPE parseType(String typeStr) {
+ for (TYPE type : TYPE.values()) {
+ if (type.name().equalsIgnoreCase(typeStr)) {
+ return type;
+ }
}
- throw new IllegalArgumentException("Invalid type specified for SentryShellGeneric: " + type);
+ throw new IllegalArgumentException("Invalid type specified for SentryShellGeneric: " + typeStr);
}
}
[05/23] sentry git commit: Adding License for cliche
Posted by co...@apache.org.
Adding License for cliche
Project: http://git-wip-us.apache.org/repos/asf/sentry/repo
Commit: http://git-wip-us.apache.org/repos/asf/sentry/commit/3c8c72ca
Tree: http://git-wip-us.apache.org/repos/asf/sentry/tree/3c8c72ca
Diff: http://git-wip-us.apache.org/repos/asf/sentry/diff/3c8c72ca
Branch: refs/heads/master
Commit: 3c8c72ca25627b20771f04fbba441550122d71a3
Parents: 10dec6b
Author: Colm O hEigeartaigh <co...@apache.org>
Authored: Thu Oct 19 11:49:36 2017 +0100
Committer: Colm O hEigeartaigh <co...@apache.org>
Committed: Thu Oct 19 11:49:36 2017 +0100
----------------------------------------------------------------------
LICENSE.txt | 25 +++++++++++++++++++++++++
1 file changed, 25 insertions(+)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/sentry/blob/3c8c72ca/LICENSE.txt
----------------------------------------------------------------------
diff --git a/LICENSE.txt b/LICENSE.txt
index e6be787..b794ae6 100644
--- a/LICENSE.txt
+++ b/LICENSE.txt
@@ -267,3 +267,28 @@ Redistribution and use in source and binary forms, with or without modification,
2. Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution.
THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+For budhash/cliche:
+
+The MIT License
+
+Copyright (c) Budhaditya 2015
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in
+all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+THE SOFTWARE.
+
[07/23] sentry git commit: Switching remove role (rm) to drop role
(dr) for consistency with the shell scripts
Posted by co...@apache.org.
Switching remove role (rm) to drop role (dr) for consistency with the shell scripts
Project: http://git-wip-us.apache.org/repos/asf/sentry/repo
Commit: http://git-wip-us.apache.org/repos/asf/sentry/commit/922b3169
Tree: http://git-wip-us.apache.org/repos/asf/sentry/tree/922b3169
Diff: http://git-wip-us.apache.org/repos/asf/sentry/diff/922b3169
Branch: refs/heads/master
Commit: 922b3169615a0e42f6469135d6f95bcec17f01b7
Parents: c649777
Author: Colm O hEigeartaigh <co...@apache.org>
Authored: Thu Oct 19 12:15:44 2017 +0100
Committer: Colm O hEigeartaigh <co...@apache.org>
Committed: Thu Oct 19 12:15:44 2017 +0100
----------------------------------------------------------------------
.../src/main/java/org/apache/sentry/shell/RolesShell.java | 6 +++---
.../src/main/java/org/apache/sentry/shell/ShellUtil.java | 4 ++--
.../src/main/java/org/apache/sentry/shell/TopLevelShell.java | 8 ++++----
3 files changed, 9 insertions(+), 9 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/sentry/blob/922b3169/sentry-tools/src/main/java/org/apache/sentry/shell/RolesShell.java
----------------------------------------------------------------------
diff --git a/sentry-tools/src/main/java/org/apache/sentry/shell/RolesShell.java b/sentry-tools/src/main/java/org/apache/sentry/shell/RolesShell.java
index 856f422..ab4589d 100644
--- a/sentry-tools/src/main/java/org/apache/sentry/shell/RolesShell.java
+++ b/sentry-tools/src/main/java/org/apache/sentry/shell/RolesShell.java
@@ -56,11 +56,11 @@ public class RolesShell implements ShellDependent {
tools.createRoles(roles);
}
- @Command(description = "remove Sentry role(s).")
- public void remove(
+ @Command(description = "drop Sentry role(s).")
+ public void drop(
@Param(name = "roleName ...", description = "role names to remove")
String ...roles) {
- tools.removeRoles(roles);
+ tools.dropRoles(roles);
}
@Override
http://git-wip-us.apache.org/repos/asf/sentry/blob/922b3169/sentry-tools/src/main/java/org/apache/sentry/shell/ShellUtil.java
----------------------------------------------------------------------
diff --git a/sentry-tools/src/main/java/org/apache/sentry/shell/ShellUtil.java b/sentry-tools/src/main/java/org/apache/sentry/shell/ShellUtil.java
index 5df21ae..4904fac 100644
--- a/sentry-tools/src/main/java/org/apache/sentry/shell/ShellUtil.java
+++ b/sentry-tools/src/main/java/org/apache/sentry/shell/ShellUtil.java
@@ -82,12 +82,12 @@ class ShellUtil {
}
}
- void removeRoles(String ...roles) {
+ void dropRoles(String ...roles) {
for (String role: roles) {
try {
sentryClient.dropRole(authUser, role);
} catch (SentryUserException e) {
- System.out.printf("failed to remove role %s: %s\n",
+ System.out.printf("failed to drop role %s: %s\n",
role, e.toString());
}
}
http://git-wip-us.apache.org/repos/asf/sentry/blob/922b3169/sentry-tools/src/main/java/org/apache/sentry/shell/TopLevelShell.java
----------------------------------------------------------------------
diff --git a/sentry-tools/src/main/java/org/apache/sentry/shell/TopLevelShell.java b/sentry-tools/src/main/java/org/apache/sentry/shell/TopLevelShell.java
index ef5313a..738a992 100644
--- a/sentry-tools/src/main/java/org/apache/sentry/shell/TopLevelShell.java
+++ b/sentry-tools/src/main/java/org/apache/sentry/shell/TopLevelShell.java
@@ -108,11 +108,11 @@ public class TopLevelShell implements ShellDependent, Runnable {
tools.createRoles(roles);
}
- @Command(abbrev = "rm", description = "remove Sentry role(s).")
- public void removeRole(
- @Param(name = "roleName ...", description = "role names to remove")
+ @Command(abbrev = "dr", description = "drop Sentry role(s).")
+ public void dropRole(
+ @Param(name = "roleName ...", description = "role names to drop")
String ...roles) {
- tools.removeRoles(roles);
+ tools.dropRoles(roles);
}
@Command(description = "list Sentry privileges")
[09/23] sentry git commit: Merge branch 'master' into akolb-cli
Posted by co...@apache.org.
Merge branch 'master' into akolb-cli
Project: http://git-wip-us.apache.org/repos/asf/sentry/repo
Commit: http://git-wip-us.apache.org/repos/asf/sentry/commit/36fb263c
Tree: http://git-wip-us.apache.org/repos/asf/sentry/tree/36fb263c
Diff: http://git-wip-us.apache.org/repos/asf/sentry/diff/36fb263c
Branch: refs/heads/master
Commit: 36fb263c1383e6eafe61d1606378dbe5d0175595
Parents: db7cedc 1f77657
Author: Colm O hEigeartaigh <co...@apache.org>
Authored: Mon Oct 23 09:45:46 2017 +0100
Committer: Colm O hEigeartaigh <co...@apache.org>
Committed: Mon Oct 23 09:45:46 2017 +0100
----------------------------------------------------------------------
pom.xml | 26 ++-
sentry-binding/sentry-binding-solr/pom.xml | 22 ++
sentry-provider/sentry-provider-db/pom.xml | 4 +-
.../db/service/thrift/SentryWebServer.java | 28 ++-
sentry-tests/sentry-tests-kafka/pom.xml | 2 +-
.../sentry/tests/e2e/kafka/KafkaTestServer.java | 1 +
.../sentry/tests/e2e/kafka/TestAclsCrud.java | 7 +-
.../sentry/tests/e2e/kafka/TestAuthorize.java | 225 +++++++++++++++----
sentry-tests/sentry-tests-solr/pom.xml | 10 +
sentry-tests/sentry-tests-sqoop/pom.xml | 4 +-
10 files changed, 271 insertions(+), 58 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/sentry/blob/36fb263c/pom.xml
----------------------------------------------------------------------
[03/23] sentry git commit: Some minor refactoring
Posted by co...@apache.org.
Some minor refactoring
Project: http://git-wip-us.apache.org/repos/asf/sentry/repo
Commit: http://git-wip-us.apache.org/repos/asf/sentry/commit/d9dbe56c
Tree: http://git-wip-us.apache.org/repos/asf/sentry/tree/d9dbe56c
Diff: http://git-wip-us.apache.org/repos/asf/sentry/diff/d9dbe56c
Branch: refs/heads/master
Commit: d9dbe56ca257f89652ffa430bfc4c594f35e3557
Parents: 6000ca9
Author: Colm O hEigeartaigh <co...@apache.org>
Authored: Thu Oct 19 11:43:48 2017 +0100
Committer: Colm O hEigeartaigh <co...@apache.org>
Committed: Thu Oct 19 11:43:48 2017 +0100
----------------------------------------------------------------------
.../java/org/apache/sentry/shell/GroupShell.java | 16 ++++++++--------
.../java/org/apache/sentry/shell/PrivsShell.java | 8 ++++----
.../java/org/apache/sentry/shell/RolesShell.java | 15 +++++++--------
.../java/org/apache/sentry/shell/SentryCli.java | 1 -
.../java/org/apache/sentry/shell/ShellUtil.java | 17 ++++++++---------
5 files changed, 27 insertions(+), 30 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/sentry/blob/d9dbe56c/sentry-tools/src/main/java/org/apache/sentry/shell/GroupShell.java
----------------------------------------------------------------------
diff --git a/sentry-tools/src/main/java/org/apache/sentry/shell/GroupShell.java b/sentry-tools/src/main/java/org/apache/sentry/shell/GroupShell.java
index 3fc7a31..7510114 100644
--- a/sentry-tools/src/main/java/org/apache/sentry/shell/GroupShell.java
+++ b/sentry-tools/src/main/java/org/apache/sentry/shell/GroupShell.java
@@ -29,6 +29,14 @@ import java.util.List;
* Sentry group manipulation for CLI
*/
public class GroupShell implements ShellDependent {
+
+ private final ShellUtil tools;
+ Shell shell;
+
+ public GroupShell(SentryPolicyServiceClient sentryClient, String authUser) {
+ this.tools = new ShellUtil(sentryClient, authUser);
+ }
+
@Command
public List<String> list() {
return tools.listGroups();
@@ -50,14 +58,6 @@ public class GroupShell implements ShellDependent {
tools.revokeGroupsFromRole(roleName, groups);
}
- private final ShellUtil tools;
- Shell shell;
-
-
- public GroupShell(SentryPolicyServiceClient sentryClient, String authUser) {
- this.tools = new ShellUtil(sentryClient, authUser);
- }
-
@Override
public void cliSetShell(Shell theShell) {
this.shell = theShell;
http://git-wip-us.apache.org/repos/asf/sentry/blob/d9dbe56c/sentry-tools/src/main/java/org/apache/sentry/shell/PrivsShell.java
----------------------------------------------------------------------
diff --git a/sentry-tools/src/main/java/org/apache/sentry/shell/PrivsShell.java b/sentry-tools/src/main/java/org/apache/sentry/shell/PrivsShell.java
index 9d8b9d9..b7db42e 100644
--- a/sentry-tools/src/main/java/org/apache/sentry/shell/PrivsShell.java
+++ b/sentry-tools/src/main/java/org/apache/sentry/shell/PrivsShell.java
@@ -30,6 +30,10 @@ public class PrivsShell implements ShellDependent {
private final ShellUtil tools;
Shell shell;
+ public PrivsShell(SentryPolicyServiceClient sentryClient, String authUser) {
+ this.tools = new ShellUtil(sentryClient, authUser);
+ }
+
@Command(description = "Grant privilege to role")
public void grant(
@Param(name = "roleName")
@@ -62,10 +66,6 @@ public class PrivsShell implements ShellDependent {
tools.revokePrivilegeFromRole(roleName, privilege);
}
- public PrivsShell(SentryPolicyServiceClient sentryClient, String authUser) {
- this.tools = new ShellUtil(sentryClient, authUser);
- }
-
@Override
public void cliSetShell(Shell theShell) {
this.shell = theShell;
http://git-wip-us.apache.org/repos/asf/sentry/blob/d9dbe56c/sentry-tools/src/main/java/org/apache/sentry/shell/RolesShell.java
----------------------------------------------------------------------
diff --git a/sentry-tools/src/main/java/org/apache/sentry/shell/RolesShell.java b/sentry-tools/src/main/java/org/apache/sentry/shell/RolesShell.java
index 9ac6637..856f422 100644
--- a/sentry-tools/src/main/java/org/apache/sentry/shell/RolesShell.java
+++ b/sentry-tools/src/main/java/org/apache/sentry/shell/RolesShell.java
@@ -30,6 +30,13 @@ import java.util.List;
* Sentry roles manipulation for CLI.
*/
public class RolesShell implements ShellDependent {
+ private final ShellUtil tools;
+ Shell shell;
+
+ public RolesShell(SentryPolicyServiceClient sentryClient, String authUser) {
+ this.tools = new ShellUtil(sentryClient, authUser);
+ }
+
@Command(description = "List sentry roles. shows all available roles.")
public List<String> list() {
return tools.listRoles();
@@ -56,17 +63,9 @@ public class RolesShell implements ShellDependent {
tools.removeRoles(roles);
}
-
@Override
public void cliSetShell(Shell theShell) {
this.shell = theShell;
}
- private final ShellUtil tools;
- Shell shell;
-
- public RolesShell(SentryPolicyServiceClient sentryClient, String authUser) {
- this.tools = new ShellUtil(sentryClient, authUser);
- }
-
}
http://git-wip-us.apache.org/repos/asf/sentry/blob/d9dbe56c/sentry-tools/src/main/java/org/apache/sentry/shell/SentryCli.java
----------------------------------------------------------------------
diff --git a/sentry-tools/src/main/java/org/apache/sentry/shell/SentryCli.java b/sentry-tools/src/main/java/org/apache/sentry/shell/SentryCli.java
index 180d240..823d80c 100644
--- a/sentry-tools/src/main/java/org/apache/sentry/shell/SentryCli.java
+++ b/sentry-tools/src/main/java/org/apache/sentry/shell/SentryCli.java
@@ -51,7 +51,6 @@ public class SentryCli {
private static final String localhost = "localhost";
private static final String defaultPort = "8038";
-
private static final String configOpt = "config";
private static final String userOpt = "user";
private static final String hostOpt = "host";
http://git-wip-us.apache.org/repos/asf/sentry/blob/d9dbe56c/sentry-tools/src/main/java/org/apache/sentry/shell/ShellUtil.java
----------------------------------------------------------------------
diff --git a/sentry-tools/src/main/java/org/apache/sentry/shell/ShellUtil.java b/sentry-tools/src/main/java/org/apache/sentry/shell/ShellUtil.java
index 007975c..5df21ae 100644
--- a/sentry-tools/src/main/java/org/apache/sentry/shell/ShellUtil.java
+++ b/sentry-tools/src/main/java/org/apache/sentry/shell/ShellUtil.java
@@ -34,8 +34,15 @@ import static org.apache.sentry.service.thrift.SentryServiceUtil.convertToTSentr
*/
class ShellUtil {
+ private final SentryPolicyServiceClient sentryClient;
+ private final String authUser;
+
+ ShellUtil(SentryPolicyServiceClient sentryClient, String authUser) {
+ this.sentryClient = sentryClient;
+ this.authUser = authUser;
+ }
+
List<String> listRoles() {
- List<String> roles = null;
try {
return getRoles();
} catch (SentryUserException e) {
@@ -324,12 +331,4 @@ class ShellUtil {
return roleNames;
}
- ShellUtil(SentryPolicyServiceClient sentryClient, String authUser) {
- this.sentryClient = sentryClient;
- this.authUser = authUser;
- }
-
- private final SentryPolicyServiceClient sentryClient;
- private final String authUser;
-
}
[16/23] sentry git commit: Removing file that has nothing to do with
CLI
Posted by co...@apache.org.
Removing file that has nothing to do with CLI
Project: http://git-wip-us.apache.org/repos/asf/sentry/repo
Commit: http://git-wip-us.apache.org/repos/asf/sentry/commit/8fdfad8f
Tree: http://git-wip-us.apache.org/repos/asf/sentry/tree/8fdfad8f
Diff: http://git-wip-us.apache.org/repos/asf/sentry/diff/8fdfad8f
Branch: refs/heads/master
Commit: 8fdfad8ff5e2b5d654e1a16c2b1c853286f3d8e1
Parents: 3dc878e
Author: Colm O hEigeartaigh <co...@apache.org>
Authored: Thu Nov 16 11:22:17 2017 +0000
Committer: Colm O hEigeartaigh <co...@apache.org>
Committed: Thu Nov 16 11:22:17 2017 +0000
----------------------------------------------------------------------
.../db/service/thrift/TestSentryMetrics.java | 96 --------------------
1 file changed, 96 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/sentry/blob/8fdfad8f/sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/provider/db/service/thrift/TestSentryMetrics.java
----------------------------------------------------------------------
diff --git a/sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/provider/db/service/thrift/TestSentryMetrics.java b/sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/provider/db/service/thrift/TestSentryMetrics.java
deleted file mode 100644
index b9c63ff..0000000
--- a/sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/provider/db/service/thrift/TestSentryMetrics.java
+++ /dev/null
@@ -1,96 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package org.apache.sentry.provider.db.service.thrift;
-
-import com.codahale.metrics.Counter;
-import com.google.gson.JsonElement;
-import com.google.gson.JsonObject;
-import com.google.gson.JsonParser;
-import org.apache.hadoop.conf.Configuration;
-import org.apache.sentry.service.thrift.ServiceConstants;
-import org.junit.AfterClass;
-import org.junit.Assert;
-import org.junit.BeforeClass;
-import org.junit.Test;
-
-import java.io.File;
-import java.io.FileNotFoundException;
-import java.io.FileReader;
-
-import static java.lang.Thread.sleep;
-
-public class TestSentryMetrics {
- private static SentryMetrics metrics = SentryMetrics.getInstance();
- private final static Configuration conf = new Configuration();
- private static File jsonReportFile;
-
- @BeforeClass
- public static void setUp() throws Exception {
- jsonReportFile = File.createTempFile("TestMetrics", ".json");
- String jsonFile = jsonReportFile.getAbsolutePath();
- conf.set(ServiceConstants.ServerConfig.SENTRY_JSON_REPORTER_FILE, jsonFile);
- conf.setInt(ServiceConstants.ServerConfig.SENTRY_REPORTER_INTERVAL_SEC, 1);
- conf.set(ServiceConstants.ServerConfig.SENTRY_REPORTER, "JSON");
- metrics.initReporting(conf);
- }
-
- @AfterClass
- public static void cleanup() {
- System.out.println(jsonReportFile);
- jsonReportFile.delete();
- }
-
-
- /**
- * Test JSON reporter.
- * <ul>
- * <li>increment the counter value</li>
- * <li>wait a bit for the new repor to be written</li>
- * <li>read the value from JSON file</li>
- * <li>verify that the value matches expectation</li>
- * </ul>
- * This check is repeated a few times to verify that the values are updated over time.
- * @throws Exception if fails to read counter value
- */
- @Test
- public void testJsonReporter() throws Exception {
- int runs = 5;
- String counterName = "cnt";
- Counter counter = metrics.getCounter(counterName);
- for (int i = 0; i < runs; i++) {
- counter.inc();
- sleep(1500);
- Assert.assertEquals(i + 1, getCounterValue(counterName));
- }
-
- }
-
- /**
- * Read counter value from JSON metric report
- * @param name counter name
- * @return counter value
- * @throws FileNotFoundException if file doesn't exist
- */
- private int getCounterValue(String name) throws FileNotFoundException {
- JsonParser parser = new JsonParser();
- JsonElement element = parser.parse(new FileReader(jsonReportFile.getAbsolutePath()));
- JsonObject jobj = element.getAsJsonObject();
- jobj = jobj.getAsJsonObject("counters").getAsJsonObject(name);
- return jobj.get("count").getAsInt();
- }
-}
\ No newline at end of file
[11/23] sentry git commit: Merge branch 'master' into akolb-cli
Posted by co...@apache.org.
Merge branch 'master' into akolb-cli
Project: http://git-wip-us.apache.org/repos/asf/sentry/repo
Commit: http://git-wip-us.apache.org/repos/asf/sentry/commit/8be62797
Tree: http://git-wip-us.apache.org/repos/asf/sentry/tree/8be62797
Diff: http://git-wip-us.apache.org/repos/asf/sentry/diff/8be62797
Branch: refs/heads/master
Commit: 8be62797b1e6e476f1d012eb6a35feb128a708c2
Parents: 99f03c3 6fa0288
Author: Colm O hEigeartaigh <co...@apache.org>
Authored: Fri Oct 27 10:22:15 2017 +0100
Committer: Colm O hEigeartaigh <co...@apache.org>
Committed: Fri Oct 27 10:22:15 2017 +0100
----------------------------------------------------------------------
.../DefaultSentryAccessController.java | 2 +-
.../hive/ql/exec/SentryGrantRevokeTask.java | 2 +-
.../authz/DefaultSentryAccessController.java | 2 +-
.../sentry/kafka/binding/KafkaAuthBinding.java | 6 +-
.../sentry/sqoop/binding/SqoopAuthBinding.java | 8 +-
.../sentry/core/common/utils/PathUtils.java | 9 ++
.../org/apache/sentry/hdfs/PathsUpdate.java | 9 +-
.../org/apache/sentry/hdfs/TestPathsUpdate.java | 32 ++++--
.../provider/db/generic/UpdatableCache.java | 2 +-
.../thrift/SentryGenericServiceClient.java | 14 +--
.../SentryGenericServiceClientDefaultImpl.java | 12 +-
.../tools/GenericPrivilegeConverter.java | 13 ++-
.../db/generic/tools/SentryConfigToolSolr.java | 2 +-
.../db/generic/tools/SentryShellGeneric.java | 58 +++++-----
.../tools/command/AddRoleToGroupCmd.java | 46 --------
.../db/generic/tools/command/Command.java | 27 -----
.../db/generic/tools/command/CreateRoleCmd.java | 39 -------
.../tools/command/DeleteRoleFromGroupCmd.java | 46 --------
.../db/generic/tools/command/DropRoleCmd.java | 39 -------
.../tools/command/GenericShellCommand.java | 112 +++++++++++++++++++
.../tools/command/GrantPrivilegeToRoleCmd.java | 47 --------
.../tools/command/ListPrivilegesByRoleCmd.java | 54 ---------
.../db/generic/tools/command/ListRolesCmd.java | 53 ---------
.../command/RevokePrivilegeFromRoleCmd.java | 47 --------
.../command/TSentryPrivilegeConverter.java | 3 +-
.../db/service/persistent/SentryStore.java | 3 +-
.../thrift/SentryPolicyServiceClient.java | 2 +-
.../SentryPolicyServiceClientDefaultImpl.java | 2 +-
.../provider/db/tools/SentryShellHive.java | 42 +++----
.../sentry/provider/db/tools/ShellCommand.java | 44 ++++++++
.../provider/db/tools/command/hive/Command.java | 27 -----
.../db/tools/command/hive/CommandUtil.java | 2 +-
.../db/tools/command/hive/CreateRoleCmd.java | 37 ------
.../db/tools/command/hive/DropRoleCmd.java | 37 ------
.../command/hive/GrantPrivilegeToRoleCmd.java | 43 -------
.../command/hive/GrantRoleToGroupsCmd.java | 44 --------
.../db/tools/command/hive/HiveShellCommand.java | 108 ++++++++++++++++++
.../tools/command/hive/ListPrivilegesCmd.java | 49 --------
.../db/tools/command/hive/ListRolesCmd.java | 51 ---------
.../hive/RevokePrivilegeFromRoleCmd.java | 44 --------
.../command/hive/RevokeRoleFromGroupsCmd.java | 43 -------
.../service/thrift/NotificationProcessor.java | 3 +-
.../TestAuditLogForSentryGenericService.java | 8 +-
.../TestSentryGenericServiceIntegration.java | 48 ++++----
.../generic/tools/TestSentryConfigToolSolr.java | 4 +-
.../db/generic/tools/TestSentryShellKafka.java | 2 +-
.../db/generic/tools/TestSentryShellSolr.java | 2 +-
.../db/generic/tools/TestSentryShellSqoop.java | 2 +-
.../thrift/TestSentryPolicyServiceClient.java | 4 +-
.../thrift/TestSentryServiceClientPool.java | 6 +-
.../thrift/TestSentryServiceFailureCase.java | 2 +-
.../thrift/TestSentryServiceIntegration.java | 8 +-
.../TestSentryServiceWithInvalidMsgSize.java | 10 +-
.../provider/db/tools/TestSentryShellHive.java | 2 +-
.../thrift/SentryServiceIntegrationBase.java | 2 +-
.../e2e/dbprovider/TestConcurrentClients.java | 2 +-
.../metastore/SentryPolicyProviderForDb.java | 2 +-
.../e2e/dbprovider/TestConcurrentClients.java | 2 +-
.../AbstractTestWithStaticConfiguration.java | 7 +-
.../metastore/SentryPolicyProviderForDb.java | 2 +-
.../e2e/kafka/AbstractKafkaSentryTestBase.java | 14 ++-
.../sentry/tests/e2e/kafka/TestAuthorize.java | 5 +-
.../AbstractSolrSentryTestWithDbProvider.java | 4 +-
.../e2e/sqoop/AbstractSqoopSentryTestBase.java | 2 +-
.../java/org/apache/sentry/shell/ShellUtil.java | 6 +-
65 files changed, 472 insertions(+), 939 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/sentry/blob/8be62797/sentry-tools/src/main/java/org/apache/sentry/shell/ShellUtil.java
----------------------------------------------------------------------
diff --cc sentry-tools/src/main/java/org/apache/sentry/shell/ShellUtil.java
index bea53c8,0000000..daf9b73
mode 100644,000000..100644
--- a/sentry-tools/src/main/java/org/apache/sentry/shell/ShellUtil.java
+++ b/sentry-tools/src/main/java/org/apache/sentry/shell/ShellUtil.java
@@@ -1,261 -1,0 +1,261 @@@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.sentry.shell;
+
+import com.google.common.collect.Sets;
+import org.apache.commons.lang.StringUtils;
+import org.apache.sentry.core.common.exception.SentryUserException;
+import org.apache.sentry.provider.db.service.thrift.*;
+import org.apache.sentry.provider.db.tools.command.hive.CommandUtil;
+
+import java.util.*;
+
+import static org.apache.sentry.service.thrift.SentryServiceUtil.convertTSentryPrivilegeToStr;
+import static org.apache.sentry.service.thrift.SentryServiceUtil.convertToTSentryPrivilege;
+
+/**
+ * ShellUtil implements actual commands
+ */
+class ShellUtil {
+
+ private final SentryPolicyServiceClient sentryClient;
+ private final String authUser;
+
+ ShellUtil(SentryPolicyServiceClient sentryClient, String authUser) {
+ this.sentryClient = sentryClient;
+ this.authUser = authUser;
+ }
+
+ List<String> listRoles() {
+ return listRoles(null);
+ }
+
+ List<String> listRoles(String group) {
+ Set<TSentryRole> roles = null;
+ try {
+ if (StringUtils.isEmpty(group)) {
- roles = sentryClient.listRoles(authUser);
++ roles = sentryClient.listAllRoles(authUser);
+ } else {
+ roles = sentryClient.listRolesByGroupName(authUser, group);
+ }
+ } catch (SentryUserException e) {
+ System.out.println("Error listing roles: " + e.toString());
+ }
+ List<String> result = new ArrayList<>();
+ if (roles == null || roles.isEmpty()) {
+ return result;
+ }
+
+ for (TSentryRole role : roles) {
+ result.add(role.getRoleName());
+ }
+
+ Collections.sort(result);
+ return result;
+ }
+
+ void createRoles(String ...roles) {
+ for (String role : roles) {
+ try {
+ sentryClient.createRole(authUser, role);
+ } catch (SentryUserException e) {
+ System.out.printf("failed to create role %s: %s\n",
+ role, e.toString());
+ }
+ }
+ }
+
+ void dropRoles(String ...roles) {
+ for (String role : roles) {
+ try {
+ sentryClient.dropRole(authUser, role);
+ } catch (SentryUserException e) {
+ System.out.printf("failed to drop role %s: %s\n",
+ role, e.toString());
+ }
+ }
+ }
+
+ List<String> listGroups() {
+ Set<TSentryRole> roles = null;
+
+ try {
- roles = sentryClient.listRoles(authUser);
++ roles = sentryClient.listAllRoles(authUser);
+ } catch (SentryUserException e) {
+ System.out.println("Error reading roles: " + e.toString());
+ }
+
+ if (roles == null || roles.isEmpty()) {
+ return new ArrayList<>();
+ }
+
+ // Set of all group names
+ Set<String> groupNames = new HashSet<>();
+
+ // Get all group names
+ for (TSentryRole role: roles) {
+ for (TSentryGroup group: role.getGroups()) {
+ groupNames.add(group.getGroupName());
+ }
+ }
+
+ List<String> result = new ArrayList<>(groupNames);
+
+ Collections.sort(result);
+ return result;
+ }
+
+ List<String> listGroupRoles() {
+ Set<TSentryRole> roles = null;
+
+ try {
- roles = sentryClient.listRoles(authUser);
++ roles = sentryClient.listAllRoles(authUser);
+ } catch (SentryUserException e) {
+ System.out.println("Error reading roles: " + e.toString());
+ }
+
+ if (roles == null || roles.isEmpty()) {
+ return new ArrayList<>();
+ }
+
+ // Set of all group names
+ Set<String> groupNames = new HashSet<>();
+
+ // Map group to set of roles
+ Map<String, Set<String>> groupInfo = new HashMap<>();
+
+ // Get all group names
+ for (TSentryRole role: roles) {
+ for (TSentryGroup group: role.getGroups()) {
+ String groupName = group.getGroupName();
+ groupNames.add(groupName);
+ Set<String> groupRoles = groupInfo.get(groupName);
+ if (groupRoles != null) {
+ // Add a new or existing role
+ groupRoles.add(role.getRoleName());
+ continue;
+ }
+ // Never seen this group before
+ groupRoles = new HashSet<>();
+ groupRoles.add(role.getRoleName());
+ groupInfo.put(groupName, groupRoles);
+ }
+ }
+
+ List<String> groups = new ArrayList<>(groupNames);
+ Collections.sort(groups);
+
+ // Produce printable result as
+ // group1 = role1, role2, ...
+ // group2 = ...
+ List<String> result = new LinkedList<>();
+ for(String groupName: groups) {
+ result.add(groupName + " = " +
+ StringUtils.join(groupInfo.get(groupName), ", "));
+ }
+ return result;
+ }
+
+ void grantGroupsToRole(String roleName, String ...groups) {
+ try {
+ sentryClient.grantRoleToGroups(authUser, roleName, Sets.newHashSet(groups));
+ } catch (SentryUserException e) {
+ System.out.printf("Failed to gran role %s to groups: %s\n",
+ roleName, e.toString());
+ }
+ }
+
+ void revokeGroupsFromRole(String roleName, String ...groups) {
+ try {
+ sentryClient.revokeRoleFromGroups(authUser, roleName, Sets.newHashSet(groups));
+ } catch (SentryUserException e) {
+ System.out.printf("Failed to revoke role %s to groups: %s\n",
+ roleName, e.toString());
+ }
+ }
+
+ void grantPrivilegeToRole(String roleName, String privilege) {
+ TSentryPrivilege tPriv = convertToTSentryPrivilege(privilege);
+ try {
+ CommandUtil.validatePrivilegeHierarchy(tPriv);
+ sentryClient.grantPrivilege(authUser, roleName, tPriv);
+ } catch (SentryUserException | IllegalArgumentException e) {
+ System.out.println("Error granting privilege: " + e.toString());
+ }
+ }
+
+ List<String> listPrivileges(String roleName) {
+ Set<TSentryPrivilege> privileges = null;
+ try {
+ privileges = sentryClient
+ .listAllPrivilegesByRoleName(authUser, roleName);
+ } catch (SentryUserException e) {
+ System.out.println("Failed to list privileges: " + e.toString());
+ }
+
+ List<String> result = new LinkedList<>();
+ if (privileges == null || privileges.isEmpty()) {
+ return result;
+ }
+
+ for (TSentryPrivilege privilege : privileges) {
+ String privilegeStr = convertTSentryPrivilegeToStr(privilege);
+ if (privilegeStr.isEmpty()) {
+ continue;
+ }
+ result.add(privilegeStr);
+ }
+ return result;
+ }
+
+ /**
+ * List all privileges
+ * @return string with privilege info for all roles
+ */
+ String listPrivileges() {
+ List<String> roles = listRoles(null);
+ if (roles == null || roles.isEmpty()) {
+ return "";
+ }
+
+ StringBuilder result = new StringBuilder();
+ for (String role: roles) {
+ List<String> privs = listPrivileges(role);
+ if (privs.isEmpty()) {
+ continue;
+ }
+ result.append(role).append(" = ");
+ result.append(StringUtils.join(listPrivileges(role), ",\n\t"));
+ result.append('\n');
+ }
+ return result.toString();
+ }
+
+ void revokePrivilegeFromRole(String roleName, String privilegeStr) {
+ TSentryPrivilege tSentryPrivilege = convertToTSentryPrivilege(privilegeStr);
+ try {
+ CommandUtil.validatePrivilegeHierarchy(tSentryPrivilege);
+ sentryClient.revokePrivilege(authUser, roleName, tSentryPrivilege);
+ } catch (SentryUserException | IllegalArgumentException e) {
+ System.out.println("failed to revoke privilege: " + e.toString());
+ }
+ }
+
+
+}
[02/23] sentry git commit: Merge branch 'master' into akolb-cli
Posted by co...@apache.org.
Merge branch 'master' into akolb-cli
Project: http://git-wip-us.apache.org/repos/asf/sentry/repo
Commit: http://git-wip-us.apache.org/repos/asf/sentry/commit/6000ca99
Tree: http://git-wip-us.apache.org/repos/asf/sentry/tree/6000ca99
Diff: http://git-wip-us.apache.org/repos/asf/sentry/diff/6000ca99
Branch: refs/heads/master
Commit: 6000ca9976253dcef03e19fd964a7b30be91e957
Parents: 44c5d9f 436787c
Author: Colm O hEigeartaigh <co...@apache.org>
Authored: Thu Oct 19 09:42:26 2017 +0100
Committer: Colm O hEigeartaigh <co...@apache.org>
Committed: Thu Oct 19 09:42:26 2017 +0100
----------------------------------------------------------------------
bin/sentryShell | 5 +-
pom.xml | 339 ++++-------
sentry-binding/pom.xml | 4 +-
.../sentry-binding-hive-follower-v2/pom.xml | 65 ---
.../json/SentryJSONAddPartitionMessage.java | 48 --
.../json/SentryJSONAlterPartitionMessage.java | 79 ---
.../json/SentryJSONAlterTableMessage.java | 54 --
.../json/SentryJSONCreateDatabaseMessage.java | 44 --
.../json/SentryJSONCreateTableMessage.java | 44 --
.../json/SentryJSONDropDatabaseMessage.java | 44 --
.../json/SentryJSONDropPartitionMessage.java | 51 --
.../json/SentryJSONDropTableMessage.java | 45 --
.../json/SentryJSONMessageDeserializer.java | 154 -----
.../json/SentryJSONMessageFactory.java | 146 -----
.../binding/hive/HiveAuthzBindingHook.java | 17 +-
.../hive/HiveAuthzBindingSessionHook.java | 21 +-
.../SentryHiveAuthorizationTaskFactoryImpl.java | 12 +-
.../binding/hive/SentryHivePrivilegeObject.java | 32 ++
.../authz/DefaultSentryAccessController.java | 561 +++++++++++++++++++
.../hive/authz/HiveAuthzBindingHookBase.java | 23 +
.../hive/authz/HiveAuthzPrivilegesMap.java | 2 +
.../hive/authz/SentryHiveAccessController.java | 199 +++++++
.../hive/authz/SentryHiveAuthorizerFactory.java | 27 +-
.../hive/authz/SentryHiveAuthorizerImpl.java | 86 ++-
.../binding/util/SentryAuthorizerUtil.java | 360 ++++++++++++
.../sentry/kafka/binding/KafkaAuthBinding.java | 30 +-
.../apache/sentry/kafka/conf/KafkaAuthConf.java | 8 +-
.../binding/solr/authz/SolrAuthzBinding.java | 4 +-
.../apache/sentry/sqoop/SentrySqoopError.java | 12 +-
.../sqoop/authz/SentryAccessController.java | 2 +-
.../sqoop/authz/SentryAuthorizationHander.java | 117 ----
.../sqoop/authz/SentryAuthorizationHandler.java | 117 ++++
.../sentry/sqoop/binding/SqoopAuthBinding.java | 7 +
.../binding/SqoopAuthBindingSingleton.java | 2 +-
.../sqoop/TestSentryAuthorizationHander.java | 74 ---
.../sqoop/TestSentryAuthorizationHandler.java | 74 +++
.../SentryClientTransportConstants.java | 2 +-
.../java/org/apache/sentry/hdfs/HMSPaths.java | 142 ++++-
.../org/apache/sentry/hdfs/HMSPathsDumper.java | 3 +-
.../org/apache/sentry/hdfs/PathsUpdate.java | 6 +
.../apache/sentry/hdfs/PermissionsUpdate.java | 6 +
.../apache/sentry/hdfs/SentryAuthzUpdate.java | 27 +
.../sentry/hdfs/UpdateableAuthzPaths.java | 9 +
.../sentry/hdfs/TestHMSPathsFullDump.java | 4 +-
sentry-hdfs/sentry-hdfs-namenode-plugin/pom.xml | 13 -
.../sentry/hdfs/SentryAuthorizationInfo.java | 59 +-
.../hdfs/SentryINodeAttributesProvider.java | 2 +-
.../apache/sentry/hdfs/SentryPermissions.java | 25 +
.../sentry/hdfs/UpdateableAuthzPermissions.java | 9 +
.../SentryHDFSServiceClientDefaultImpl.java | 23 +
sentry-provider/sentry-provider-db/pom.xml | 31 +-
.../tools/GenericPrivilegeConverter.java | 184 ++++++
.../tools/KafkaTSentryPrivilegeConverter.java | 118 ----
.../db/generic/tools/SentryConfigToolSolr.java | 2 +-
.../db/generic/tools/SentryShellGeneric.java | 149 +++++
.../db/generic/tools/SentryShellKafka.java | 115 ----
.../db/generic/tools/SentryShellSolr.java | 114 ----
.../tools/SolrTSentryPrivilegeConverter.java | 137 -----
.../db/service/persistent/SentryStore.java | 11 +-
.../db/service/thrift/SentryMetrics.java | 144 +++--
.../provider/db/tools/SentryShellCommon.java | 51 +-
.../db/tools/command/hive/CommandUtil.java | 60 +-
.../command/hive/GrantPrivilegeToRoleCmd.java | 4 +-
.../tools/command/hive/ListPrivilegesCmd.java | 56 +-
.../hive/RevokePrivilegeFromRoleCmd.java | 6 +-
.../sentry/service/thrift/HMSFollower.java | 9 +
.../sentry/service/thrift/SentryService.java | 3 +
.../generic/tools/TestSentryConfigToolSolr.java | 2 +-
.../db/generic/tools/TestSentryShellKafka.java | 173 +++---
.../db/generic/tools/TestSentryShellSolr.java | 162 +++---
.../db/generic/tools/TestSentryShellSqoop.java | 523 +++++++++++++++++
.../provider/db/tools/TestSentryShellHive.java | 12 +-
sentry-tests/sentry-tests-hive/pom.xml | 2 +-
.../e2e/dbprovider/TestDatabaseProvider.java | 12 +-
.../tests/e2e/hdfs/TestHDFSIntegrationBase.java | 2 +-
.../tests/e2e/hive/TestOperationsPart2.java | 24 +
.../e2e/hive/hiveserver/HiveServerFactory.java | 6 +-
.../e2e/metastore/TestMetastoreEndToEnd.java | 2 +-
.../sentry/tests/e2e/kafka/KafkaTestServer.java | 7 +-
.../e2e/kafka/AbstractKafkaSentryTestBase.java | 6 +-
.../tests/e2e/sqoop/TomcatSqoopRunner.java | 2 +-
81 files changed, 3153 insertions(+), 2215 deletions(-)
----------------------------------------------------------------------
[18/23] sentry git commit: Fixing branch following changes for
SENTRY-2012
Posted by co...@apache.org.
Fixing branch following changes for SENTRY-2012
Project: http://git-wip-us.apache.org/repos/asf/sentry/repo
Commit: http://git-wip-us.apache.org/repos/asf/sentry/commit/81128e6b
Tree: http://git-wip-us.apache.org/repos/asf/sentry/tree/81128e6b
Diff: http://git-wip-us.apache.org/repos/asf/sentry/diff/81128e6b
Branch: refs/heads/master
Commit: 81128e6bc96009ed77ec04e2afceab45aa70885f
Parents: a689c65
Author: Colm O hEigeartaigh <co...@apache.org>
Authored: Fri Nov 17 11:20:57 2017 +0000
Committer: Colm O hEigeartaigh <co...@apache.org>
Committed: Fri Nov 17 11:20:57 2017 +0000
----------------------------------------------------------------------
.../org/apache/sentry/shell/TopLevelShell.java | 61 +++++++++++++++++++-
1 file changed, 59 insertions(+), 2 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/sentry/blob/81128e6b/sentry-tools/src/main/java/org/apache/sentry/shell/TopLevelShell.java
----------------------------------------------------------------------
diff --git a/sentry-tools/src/main/java/org/apache/sentry/shell/TopLevelShell.java b/sentry-tools/src/main/java/org/apache/sentry/shell/TopLevelShell.java
index b8f365f..a602e3f 100644
--- a/sentry-tools/src/main/java/org/apache/sentry/shell/TopLevelShell.java
+++ b/sentry-tools/src/main/java/org/apache/sentry/shell/TopLevelShell.java
@@ -19,6 +19,13 @@
package org.apache.sentry.shell;
import org.apache.sentry.core.common.exception.SentryUserException;
+import org.apache.sentry.core.model.kafka.KafkaAuthorizable;
+import org.apache.sentry.core.model.kafka.KafkaModelAuthorizables;
+import org.apache.sentry.core.model.kafka.KafkaPrivilegeModel;
+import org.apache.sentry.core.model.solr.SolrModelAuthorizables;
+import org.apache.sentry.core.model.solr.SolrPrivilegeModel;
+import org.apache.sentry.core.model.sqoop.SqoopModelAuthorizables;
+import org.apache.sentry.core.model.sqoop.SqoopPrivilegeModel;
import org.apache.sentry.provider.common.AuthorizationComponent;
import org.apache.sentry.provider.db.generic.service.thrift.SentryGenericServiceClient;
import org.apache.sentry.provider.db.generic.tools.GenericPrivilegeConverter;
@@ -33,6 +40,11 @@ import com.budhash.cliche.Param;
import com.budhash.cliche.Shell;
import com.budhash.cliche.ShellDependent;
import com.budhash.cliche.ShellFactory;
+import com.google.common.base.Function;
+
+import static org.apache.sentry.core.common.utils.SentryConstants.AUTHORIZABLE_SEPARATOR;
+import static org.apache.sentry.core.common.utils.SentryConstants.KV_SEPARATOR;
+import static org.apache.sentry.core.common.utils.SentryConstants.RESOURCE_WILDCARD_VALUE;
import java.io.IOException;
import java.util.Arrays;
@@ -41,6 +53,8 @@ import java.util.HashSet;
import java.util.List;
import java.util.Set;
+import javax.annotation.Nullable;
+
/**
* Top level commands
*/
@@ -232,7 +246,7 @@ public class TopLevelShell implements ShellDependent, Runnable {
} else {
String component = getComponent(parsedType);
String service = getService(parsedType);
- TSentryPrivilegeConverter converter = new GenericPrivilegeConverter(component, service);
+ TSentryPrivilegeConverter converter = getPrivilegeConverter(parsedType, component, service);
shellCommand = new GenericShellCommand(sentryGenericClient, component, service, converter);
}
} catch (IllegalArgumentException ex) {
@@ -253,7 +267,7 @@ public class TopLevelShell implements ShellDependent, Runnable {
shellCommand = new HiveShellCommand(sentryClient);
} else {
String component = getComponent(parsedType);
- TSentryPrivilegeConverter converter = new GenericPrivilegeConverter(component, service);
+ TSentryPrivilegeConverter converter = getPrivilegeConverter(parsedType, component, service);
shellCommand = new GenericShellCommand(sentryGenericClient, component, service, converter);
}
} catch (IllegalArgumentException ex) {
@@ -298,4 +312,47 @@ public class TopLevelShell implements ShellDependent, Runnable {
throw new IllegalArgumentException("Invalid type specified for SentryShellGeneric: " + type);
}
+
+ private TSentryPrivilegeConverter getPrivilegeConverter(TYPE type, String component, String service) {
+ if (type == TYPE.kafka) {
+ GenericPrivilegeConverter privilegeConverter = new GenericPrivilegeConverter(
+ component,
+ service,
+ KafkaPrivilegeModel.getInstance().getPrivilegeValidators(),
+ new KafkaModelAuthorizables(),
+ true
+ );
+ privilegeConverter.setPrivilegeStrParser(new Function<String, String>() {
+ @Nullable
+ @Override
+ public String apply(@Nullable String privilegeStr) {
+ final String hostPrefix = KafkaAuthorizable.AuthorizableType.HOST.name() + KV_SEPARATOR;
+ final String hostPrefixLowerCase = hostPrefix.toLowerCase();
+ if (!privilegeStr.toLowerCase().startsWith(hostPrefixLowerCase)) {
+ return hostPrefix + RESOURCE_WILDCARD_VALUE + AUTHORIZABLE_SEPARATOR + privilegeStr;
+ }
+ return privilegeStr;
+ }
+ });
+ return privilegeConverter;
+ } else if (type == TYPE.solr) {
+ return new GenericPrivilegeConverter(
+ component,
+ service,
+ SolrPrivilegeModel.getInstance().getPrivilegeValidators(),
+ new SolrModelAuthorizables(),
+ true
+ );
+ } else if (type == TYPE.sqoop) {
+ return new GenericPrivilegeConverter(
+ component,
+ service,
+ SqoopPrivilegeModel.getInstance().getPrivilegeValidators(service),
+ new SqoopModelAuthorizables(),
+ true
+ );
+ }
+
+ throw new IllegalArgumentException("Invalid type specified for SentryShellGeneric: " + type);
+ }
}
[04/23] sentry git commit: Adding Script to run the CLI + adding
sentry-tools to build cycle
Posted by co...@apache.org.
Adding Script to run the CLI + adding sentry-tools to build cycle
Project: http://git-wip-us.apache.org/repos/asf/sentry/repo
Commit: http://git-wip-us.apache.org/repos/asf/sentry/commit/10dec6b6
Tree: http://git-wip-us.apache.org/repos/asf/sentry/tree/10dec6b6
Diff: http://git-wip-us.apache.org/repos/asf/sentry/diff/10dec6b6
Branch: refs/heads/master
Commit: 10dec6b605678faef8a491191fa4a7ef788ddeb1
Parents: d9dbe56
Author: Colm O hEigeartaigh <co...@apache.org>
Authored: Thu Oct 19 11:48:26 2017 +0100
Committer: Colm O hEigeartaigh <co...@apache.org>
Committed: Thu Oct 19 11:48:26 2017 +0100
----------------------------------------------------------------------
bin/sentryCli | 59 +++++++++++++++++++++++++++++++++++++++++++++++
pom.xml | 1 +
sentry-tools/pom.xml | 2 +-
3 files changed, 61 insertions(+), 1 deletion(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/sentry/blob/10dec6b6/bin/sentryCli
----------------------------------------------------------------------
diff --git a/bin/sentryCli b/bin/sentryCli
new file mode 100755
index 0000000..02e9edd
--- /dev/null
+++ b/bin/sentryCli
@@ -0,0 +1,59 @@
+#!/usr/bin/env bash
+
+# Licensed to the Apache Software Foundation (ASF) under one or more
+# contributor license agreements. See the NOTICE file distributed with
+# this work for additional information regarding copyright ownership.
+# The ASF licenses this file to You under the Apache License, Version 2.0
+# (the "License"); you may not use this file except in compliance with
+# the License. You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+bin=`dirname "$0"`
+myhome=`cd "$bin/.."; pwd`
+
+if [[ -z $SENTRY_HOME ]] ; then
+ export SENTRY_HOME=$myhome
+fi
+
+# check for hadoop in the path
+HADOOP_IN_PATH=`which hadoop 2>/dev/null`
+if [ -f ${HADOOP_IN_PATH} ]; then
+ HADOOP_DIR=`dirname "$HADOOP_IN_PATH"`/..
+fi
+# HADOOP_HOME env variable overrides hadoop in the path
+HADOOP_HOME=${HADOOP_HOME:-${HADOOP_PREFIX:-$HADOOP_DIR}}
+if [ "$HADOOP_HOME" == "" ]; then
+ echo "Cannot find hadoop installation: \$HADOOP_HOME or \$HADOOP_PREFIX must be set or hadoop must be in the path";
+ exit 4;
+fi
+
+HADOOP=$HADOOP_HOME/bin/hadoop
+if [ ! -f ${HADOOP} ]; then
+ echo "Cannot find hadoop installation: \$HADOOP_HOME or \$HADOOP_PREFIX must be set or hadoop must be in the path";
+ exit 4;
+fi
+
+export _CMD_JAR=${SENTRY_SHELL_JAR:-sentry-provider-db-*.jar}
+for f in ${SENTRY_HOME}/lib/*.jar; do
+ HADOOP_CLASSPATH=${HADOOP_CLASSPATH}:${f}
+done
+export HADOOP_CLASSPATH
+
+for f in ${SENTRY_HOME}/lib/server/*.jar; do
+ HADOOP_CLASSPATH=${HADOOP_CLASSPATH}:${f}
+done
+for f in ${SENTRY_HOME}/lib/plugins/*.jar; do
+ HADOOP_CLASSPATH=${HADOOP_CLASSPATH}:${f}
+done
+
+args=()
+shell=org.apache.sentry.shell.SentryCli
+
+exec $HADOOP jar ${SENTRY_HOME}/lib/${_CMD_JAR} $shell
http://git-wip-us.apache.org/repos/asf/sentry/blob/10dec6b6/pom.xml
----------------------------------------------------------------------
diff --git a/pom.xml b/pom.xml
index 1c05556..02cf8f7 100644
--- a/pom.xml
+++ b/pom.xml
@@ -627,6 +627,7 @@ limitations under the License.
<module>sentry-tests</module>
<module>sentry-hdfs</module>
<module>sentry-solr</module>
+ <module>sentry-tools</module>
<module>sentry-dist</module>
</modules>
http://git-wip-us.apache.org/repos/asf/sentry/blob/10dec6b6/sentry-tools/pom.xml
----------------------------------------------------------------------
diff --git a/sentry-tools/pom.xml b/sentry-tools/pom.xml
index ed0fb92..5d4cb2a 100644
--- a/sentry-tools/pom.xml
+++ b/sentry-tools/pom.xml
@@ -60,4 +60,4 @@ limitations under the License.
</build>
-</project>
\ No newline at end of file
+</project>
[06/23] sentry git commit: Adding sentry-tools jar to the dist
Posted by co...@apache.org.
Adding sentry-tools jar to the dist
Project: http://git-wip-us.apache.org/repos/asf/sentry/repo
Commit: http://git-wip-us.apache.org/repos/asf/sentry/commit/c649777d
Tree: http://git-wip-us.apache.org/repos/asf/sentry/tree/c649777d
Diff: http://git-wip-us.apache.org/repos/asf/sentry/diff/c649777d
Branch: refs/heads/master
Commit: c649777d670133d011439f97114552354227f86a
Parents: 3c8c72c
Author: Colm O hEigeartaigh <co...@apache.org>
Authored: Thu Oct 19 11:51:43 2017 +0100
Committer: Colm O hEigeartaigh <co...@apache.org>
Committed: Thu Oct 19 11:51:43 2017 +0100
----------------------------------------------------------------------
pom.xml | 5 +++++
sentry-dist/pom.xml | 4 ++++
2 files changed, 9 insertions(+)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/sentry/blob/c649777d/pom.xml
----------------------------------------------------------------------
diff --git a/pom.xml b/pom.xml
index 02cf8f7..2d42a99 100644
--- a/pom.xml
+++ b/pom.xml
@@ -487,6 +487,11 @@ limitations under the License.
</dependency>
<dependency>
<groupId>org.apache.sentry</groupId>
+ <artifactId>sentry-tools</artifactId>
+ <version>${project.version}</version>
+ </dependency>
+ <dependency>
+ <groupId>org.apache.sentry</groupId>
<artifactId>sentry-dist</artifactId>
<version>${project.version}</version>
</dependency>
http://git-wip-us.apache.org/repos/asf/sentry/blob/c649777d/sentry-dist/pom.xml
----------------------------------------------------------------------
diff --git a/sentry-dist/pom.xml b/sentry-dist/pom.xml
index 2d7f57e..3bc8207 100644
--- a/sentry-dist/pom.xml
+++ b/sentry-dist/pom.xml
@@ -98,6 +98,10 @@ limitations under the License.
<groupId>org.apache.sentry</groupId>
<artifactId>sentry-hdfs-dist</artifactId>
</dependency>
+ <dependency>
+ <groupId>org.apache.sentry</groupId>
+ <artifactId>sentry-tools</artifactId>
+ </dependency>
</dependencies>
<profiles>
<profile>
[10/23] sentry git commit: Use CommmandUtil to validate the privilege
hierarchy
Posted by co...@apache.org.
Use CommmandUtil to validate the privilege hierarchy
Project: http://git-wip-us.apache.org/repos/asf/sentry/repo
Commit: http://git-wip-us.apache.org/repos/asf/sentry/commit/99f03c35
Tree: http://git-wip-us.apache.org/repos/asf/sentry/tree/99f03c35
Diff: http://git-wip-us.apache.org/repos/asf/sentry/diff/99f03c35
Branch: refs/heads/master
Commit: 99f03c35dc53bb5076b015faa27375829b2f2c38
Parents: 36fb263
Author: Colm O hEigeartaigh <co...@apache.org>
Authored: Mon Oct 23 10:30:43 2017 +0100
Committer: Colm O hEigeartaigh <co...@apache.org>
Committed: Mon Oct 23 10:30:43 2017 +0100
----------------------------------------------------------------------
.../db/tools/command/hive/CommandUtil.java | 2 +-
.../java/org/apache/sentry/shell/ShellUtil.java | 113 ++++---------------
2 files changed, 21 insertions(+), 94 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/sentry/blob/99f03c35/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/tools/command/hive/CommandUtil.java
----------------------------------------------------------------------
diff --git a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/tools/command/hive/CommandUtil.java b/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/tools/command/hive/CommandUtil.java
index b6f4140..5c228bf 100644
--- a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/tools/command/hive/CommandUtil.java
+++ b/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/tools/command/hive/CommandUtil.java
@@ -31,7 +31,7 @@ public final class CommandUtil {
// check the privilege value for the specific privilege scope
// eg, for the table scope, server and database can't be empty
- public static void validatePrivilegeHierarchy(TSentryPrivilege tSentryPrivilege) throws Exception {
+ public static void validatePrivilegeHierarchy(TSentryPrivilege tSentryPrivilege) {
String serverName = tSentryPrivilege.getServerName();
String dbName = tSentryPrivilege.getDbName();
String tableName = tSentryPrivilege.getTableName();
http://git-wip-us.apache.org/repos/asf/sentry/blob/99f03c35/sentry-tools/src/main/java/org/apache/sentry/shell/ShellUtil.java
----------------------------------------------------------------------
diff --git a/sentry-tools/src/main/java/org/apache/sentry/shell/ShellUtil.java b/sentry-tools/src/main/java/org/apache/sentry/shell/ShellUtil.java
index 4904fac..bea53c8 100644
--- a/sentry-tools/src/main/java/org/apache/sentry/shell/ShellUtil.java
+++ b/sentry-tools/src/main/java/org/apache/sentry/shell/ShellUtil.java
@@ -22,7 +22,7 @@ import com.google.common.collect.Sets;
import org.apache.commons.lang.StringUtils;
import org.apache.sentry.core.common.exception.SentryUserException;
import org.apache.sentry.provider.db.service.thrift.*;
-import org.apache.sentry.service.thrift.ServiceConstants;
+import org.apache.sentry.provider.db.tools.command.hive.CommandUtil;
import java.util.*;
@@ -43,18 +43,17 @@ class ShellUtil {
}
List<String> listRoles() {
- try {
- return getRoles();
- } catch (SentryUserException e) {
- System.out.println("Error listing roles: " + e.toString());
- }
- return new LinkedList<>();
+ return listRoles(null);
}
List<String> listRoles(String group) {
Set<TSentryRole> roles = null;
try {
- roles = sentryClient.listRolesByGroupName(authUser, group);
+ if (StringUtils.isEmpty(group)) {
+ roles = sentryClient.listRoles(authUser);
+ } else {
+ roles = sentryClient.listRolesByGroupName(authUser, group);
+ }
} catch (SentryUserException e) {
System.out.println("Error listing roles: " + e.toString());
}
@@ -63,7 +62,7 @@ class ShellUtil {
return result;
}
- for(TSentryRole role: roles) {
+ for (TSentryRole role : roles) {
result.add(role.getRoleName());
}
@@ -72,7 +71,7 @@ class ShellUtil {
}
void createRoles(String ...roles) {
- for (String role: roles) {
+ for (String role : roles) {
try {
sentryClient.createRole(authUser, role);
} catch (SentryUserException e) {
@@ -83,7 +82,7 @@ class ShellUtil {
}
void dropRoles(String ...roles) {
- for (String role: roles) {
+ for (String role : roles) {
try {
sentryClient.dropRole(authUser, role);
} catch (SentryUserException e) {
@@ -193,36 +192,10 @@ class ShellUtil {
void grantPrivilegeToRole(String roleName, String privilege) {
TSentryPrivilege tPriv = convertToTSentryPrivilege(privilege);
- boolean grantOption = tPriv.getGrantOption().equals(TSentryGrantOption.TRUE);
try {
- if (ServiceConstants.PrivilegeScope.SERVER.toString().equals(tPriv.getPrivilegeScope())) {
- sentryClient.grantServerPrivilege(authUser, roleName, tPriv.getServerName(),
- tPriv.getAction(), grantOption);
- return;
- }
- if (ServiceConstants.PrivilegeScope.DATABASE.toString().equals(tPriv.getPrivilegeScope())) {
- sentryClient.grantDatabasePrivilege(authUser, roleName, tPriv.getServerName(),
- tPriv.getDbName(), tPriv.getAction(), grantOption);
- return;
- }
- if (ServiceConstants.PrivilegeScope.TABLE.toString().equals(tPriv.getPrivilegeScope())) {
- sentryClient.grantTablePrivilege(authUser, roleName, tPriv.getServerName(),
- tPriv.getDbName(), tPriv.getTableName(),
- tPriv.getAction(), grantOption);
- return;
- }
- if (ServiceConstants.PrivilegeScope.COLUMN.toString().equals(tPriv.getPrivilegeScope())) {
- sentryClient.grantColumnPrivilege(authUser, roleName, tPriv.getServerName(),
- tPriv.getDbName(), tPriv.getTableName(),
- tPriv.getColumnName(), tPriv.getAction(), grantOption);
- return;
- }
- if (ServiceConstants.PrivilegeScope.URI.toString().equals(tPriv.getPrivilegeScope())) {
- sentryClient.grantURIPrivilege(authUser, roleName, tPriv.getServerName(),
- tPriv.getURI(), grantOption);
- return;
- }
- } catch (SentryUserException e) {
+ CommandUtil.validatePrivilegeHierarchy(tPriv);
+ sentryClient.grantPrivilege(authUser, roleName, tPriv);
+ } catch (SentryUserException | IllegalArgumentException e) {
System.out.println("Error granting privilege: " + e.toString());
}
}
@@ -236,13 +209,13 @@ class ShellUtil {
System.out.println("Failed to list privileges: " + e.toString());
}
+ List<String> result = new LinkedList<>();
if (privileges == null || privileges.isEmpty()) {
- return new ArrayList<>();
+ return result;
}
- List<String> result = new LinkedList<>();
for (TSentryPrivilege privilege : privileges) {
- String privilegeStr = convertTSentryPrivilegeToStr(privilege);
+ String privilegeStr = convertTSentryPrivilegeToStr(privilege);
if (privilegeStr.isEmpty()) {
continue;
}
@@ -256,13 +229,7 @@ class ShellUtil {
* @return string with privilege info for all roles
*/
String listPrivileges() {
- List<String> roles = null;
- try {
- roles = getRoles();
- } catch (SentryUserException e) {
- System.out.println("failed to get role names: " + e.toString());
- }
-
+ List<String> roles = listRoles(null);
if (roles == null || roles.isEmpty()) {
return "";
}
@@ -282,53 +249,13 @@ class ShellUtil {
void revokePrivilegeFromRole(String roleName, String privilegeStr) {
TSentryPrivilege tSentryPrivilege = convertToTSentryPrivilege(privilegeStr);
- boolean grantOption = tSentryPrivilege.getGrantOption().equals(TSentryGrantOption.TRUE) ? true : false;
-
try {
- if (ServiceConstants.PrivilegeScope.SERVER.toString().equals(tSentryPrivilege.getPrivilegeScope())) {
- sentryClient.revokeServerPrivilege(authUser, roleName, tSentryPrivilege.getServerName(),
- grantOption);
- return;
- }
- if (ServiceConstants.PrivilegeScope.DATABASE.toString().equals(tSentryPrivilege.getPrivilegeScope())) {
- sentryClient.revokeDatabasePrivilege(authUser, roleName, tSentryPrivilege.getServerName(),
- tSentryPrivilege.getDbName(), tSentryPrivilege.getAction(), grantOption);
- return;
- }
- if (ServiceConstants.PrivilegeScope.TABLE.toString().equals(tSentryPrivilege.getPrivilegeScope())) {
- sentryClient.revokeTablePrivilege(authUser, roleName, tSentryPrivilege.getServerName(),
- tSentryPrivilege.getDbName(), tSentryPrivilege.getTableName(),
- tSentryPrivilege.getAction(), grantOption);
- return;
- }
- if (ServiceConstants.PrivilegeScope.COLUMN.toString().equals(tSentryPrivilege.getPrivilegeScope())) {
- sentryClient.revokeColumnPrivilege(authUser, roleName, tSentryPrivilege.getServerName(),
- tSentryPrivilege.getDbName(), tSentryPrivilege.getTableName(),
- tSentryPrivilege.getColumnName(), tSentryPrivilege.getAction(), grantOption);
- return;
- }
- if (ServiceConstants.PrivilegeScope.URI.toString().equals(tSentryPrivilege.getPrivilegeScope())) {
- sentryClient.revokeURIPrivilege(authUser, roleName, tSentryPrivilege.getServerName(),
- tSentryPrivilege.getURI(), grantOption);
- return;
- }
- } catch (SentryUserException e) {
+ CommandUtil.validatePrivilegeHierarchy(tSentryPrivilege);
+ sentryClient.revokePrivilege(authUser, roleName, tSentryPrivilege);
+ } catch (SentryUserException | IllegalArgumentException e) {
System.out.println("failed to revoke privilege: " + e.toString());
}
}
- private List<String>getRoles() throws SentryUserException {
- // Collect role names
- Set<TSentryRole> roles = null;
- roles = sentryClient.listRoles(authUser);
- List<String> roleNames = new ArrayList<>();
- for(TSentryRole role: roles) {
- roleNames.add(role.getRoleName());
- }
-
- Collections.sort(roleNames);
- return roleNames;
- }
-
}