You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@sentry.apache.org by co...@apache.org on 2016/04/14 05:34:35 UTC

sentry git commit: SENTRY-1179: Update Sentry config tool for export with specific auth object(Colin Ma, reviewed by Dapeng Sun)

Repository: sentry
Updated Branches:
  refs/heads/master 68949951e -> d540e3b5a


SENTRY-1179: Update Sentry config tool for export with specific auth object(Colin Ma, reviewed by Dapeng Sun)


Project: http://git-wip-us.apache.org/repos/asf/sentry/repo
Commit: http://git-wip-us.apache.org/repos/asf/sentry/commit/d540e3b5
Tree: http://git-wip-us.apache.org/repos/asf/sentry/tree/d540e3b5
Diff: http://git-wip-us.apache.org/repos/asf/sentry/diff/d540e3b5

Branch: refs/heads/master
Commit: d540e3b5af3f74360777945e27004471732620d4
Parents: 6894995
Author: Colin Ma <co...@apache.org>
Authored: Thu Apr 14 12:14:31 2016 +0800
Committer: Colin Ma <co...@apache.org>
Committed: Thu Apr 14 12:14:31 2016 +0800

----------------------------------------------------------------------
 .../binding/hive/authz/SentryConfigTool.java    | 19 ++++++++-
 .../tests/e2e/hive/TestPolicyImportExport.java  | 42 ++++++++++++++++++--
 2 files changed, 56 insertions(+), 5 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/sentry/blob/d540e3b5/sentry-binding/sentry-binding-hive-common/src/main/java/org/apache/sentry/binding/hive/authz/SentryConfigTool.java
----------------------------------------------------------------------
diff --git a/sentry-binding/sentry-binding-hive-common/src/main/java/org/apache/sentry/binding/hive/authz/SentryConfigTool.java b/sentry-binding/sentry-binding-hive-common/src/main/java/org/apache/sentry/binding/hive/authz/SentryConfigTool.java
index 18ba943..4ef86e6 100644
--- a/sentry-binding/sentry-binding-hive-common/src/main/java/org/apache/sentry/binding/hive/authz/SentryConfigTool.java
+++ b/sentry-binding/sentry-binding-hive-common/src/main/java/org/apache/sentry/binding/hive/authz/SentryConfigTool.java
@@ -76,6 +76,7 @@ public class SentryConfigTool {
   private String passWord = null;
   private String importPolicyFilePath = null;
   private String exportPolicyFilePath = null;
+  private String objectPath = null;
   private boolean listPrivs = false;
   private boolean validate = false;
   private boolean importOverwriteRole = false;
@@ -127,6 +128,14 @@ public class SentryConfigTool {
     this.importPolicyFilePath = importPolicyFilePath;
   }
 
+  public String getObjectPath() {
+    return objectPath;
+  }
+
+  public void setObjectPath(String objectPath) {
+    this.objectPath = objectPath;
+  }
+
   public String getExportPolicyFilePath() {
     return exportPolicyFilePath;
   }
@@ -293,7 +302,7 @@ public class SentryConfigTool {
     SentryPolicyServiceClient client = SentryServiceClientFactory.create(getAuthzConf());
     // export the sentry mapping data from database to map structure
     Map<String, Map<String, Set<String>>> policyFileMappingData = client
-        .exportPolicy(requestorUserName, null);
+        .exportPolicy(requestorUserName, objectPath);
     // get the FileFormatter according to the configuration
     SentryPolicyFileFormatter sentryPolicyFileFormatter = SentryPolicyFileFormatFactory
         .createFileFormatter(authzConf);
@@ -448,6 +457,7 @@ public class SentryConfigTool {
    *   -I,--import                 Import policy file
    *   -E,--export                 Export policy file
    *   -o,--overwrite              Overwrite the exist role data when do the import
+   *   -b,--objectPath             The path of the object whose privileges will be exported
    * </pre>
    *
    * @param args
@@ -524,6 +534,11 @@ public class SentryConfigTool {
     overwriteOpt.setRequired(false);
     sentryOptions.addOption(overwriteOpt);
 
+    Option objectPathOpt = new Option("b", "objectPath",
+        false, "The path of the object whose privileges will be exported");
+    objectPathOpt.setRequired(false);
+    sentryOptions.addOption(objectPathOpt);
+
     try {
       Parser parser = new GnuParser();
       CommandLine cmd = parser.parse(sentryOptions, args);
@@ -555,6 +570,8 @@ public class SentryConfigTool {
           enableDebug = true;
         } else if (opt.getOpt().equals("o")) {
           setImportOverwriteRole(true);
+        } else if (opt.getOpt().equals("b")) {
+          setObjectPath(opt.getValue());
         }
       }
 

http://git-wip-us.apache.org/repos/asf/sentry/blob/d540e3b5/sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/hive/TestPolicyImportExport.java
----------------------------------------------------------------------
diff --git a/sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/hive/TestPolicyImportExport.java b/sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/hive/TestPolicyImportExport.java
index c72aea3..3f3daf5 100644
--- a/sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/hive/TestPolicyImportExport.java
+++ b/sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/hive/TestPolicyImportExport.java
@@ -53,7 +53,6 @@ public class TestPolicyImportExport extends AbstractTestWithStaticConfiguration
   public static String PRIVILIEGE8 = "server=server1->uri=hdfs://testserver:9999/path2->action=insert";
 
   private SentryConfigTool configTool;
-  private Map<String, Map<String, Set<String>>> policyFileMappingData;
 
   @BeforeClass
   public static void setupTestStaticConfiguration() throws Exception{
@@ -77,7 +76,7 @@ public class TestPolicyImportExport extends AbstractTestWithStaticConfiguration
     configTool.importPolicy();
   }
 
-  private void prepareExceptedData() {
+  private Map<String, Map<String, Set<String>>> getExceptedAllExportData() {
     // test data for:
     // [groups]
     // group1=roleImport1,roleImport2
@@ -87,7 +86,7 @@ public class TestPolicyImportExport extends AbstractTestWithStaticConfiguration
     // roleImport1=privilege1,privilege2,privilege3,privilege4
     // roleImport2=privilege3,privilege4,privilege5,privilege6
     // roleImport3=privilege5,privilege6,privilege7,privilege8
-    policyFileMappingData = Maps.newHashMap();
+    Map<String, Map<String, Set<String>>> policyFileMappingData = Maps.newHashMap();
     Map<String, Set<String>> groupRolesMap = Maps.newHashMap();
     Map<String, Set<String>> rolePrivilegesMap = Maps.newHashMap();
     groupRolesMap.put("group1", Sets.newHashSet("roleimport1", "roleimport2"));
@@ -105,7 +104,33 @@ public class TestPolicyImportExport extends AbstractTestWithStaticConfiguration
     rolePrivilegesMap.put("adminrole", Sets.newHashSet(PRIVILIEGE1));
     policyFileMappingData.put(PolicyFileConstants.GROUPS, groupRolesMap);
     policyFileMappingData.put(PolicyFileConstants.ROLES, rolePrivilegesMap);
+    return policyFileMappingData;
+  }
 
+  private Map<String, Map<String, Set<String>>> getExceptedDb1ExportData() {
+    // test data for:
+    // [groups]
+    // group1=roleImport1,roleImport2
+    // group2=roleImport1,roleImport2,roleImport3
+    // group3=roleImport2,roleImport3
+    // [roles]
+    // roleImport1=privilege1,privilege2,privilege3,privilege4
+    // roleImport2=privilege3,privilege4,privilege5,privilege6
+    // roleImport3=privilege5,privilege6,privilege7,privilege8
+    Map<String, Map<String, Set<String>>> policyFileMappingData = Maps.newHashMap();
+    Map<String, Set<String>> groupRolesMap = Maps.newHashMap();
+    Map<String, Set<String>> rolePrivilegesMap = Maps.newHashMap();
+    groupRolesMap.put("group1", Sets.newHashSet("roleimport1", "roleimport2"));
+    groupRolesMap.put("group2", Sets.newHashSet("roleimport1", "roleimport2", "roleimport3"));
+    groupRolesMap.put("group3", Sets.newHashSet("roleimport2", "roleimport3"));
+    rolePrivilegesMap.put("roleimport1", Sets.newHashSet(PRIVILIEGE4));
+    rolePrivilegesMap.put("roleimport2",
+        Sets.newHashSet(PRIVILIEGE4, PRIVILIEGE5, PRIVILIEGE6));
+    rolePrivilegesMap.put("roleimport3",
+        Sets.newHashSet(PRIVILIEGE5, PRIVILIEGE6, PRIVILIEGE7));
+    policyFileMappingData.put(PolicyFileConstants.GROUPS, groupRolesMap);
+    policyFileMappingData.put(PolicyFileConstants.ROLES, rolePrivilegesMap);
+    return policyFileMappingData;
   }
 
   @Test
@@ -128,7 +153,16 @@ public class TestPolicyImportExport extends AbstractTestWithStaticConfiguration
     Map<String, Map<String, Set<String>>> exportMappingData = sentryPolicyFileFormatter.parse(
         exportFile.getAbsolutePath(), configTool.getAuthzConf());
 
-    prepareExceptedData();
+    Map<String, Map<String, Set<String>>> policyFileMappingData =
+        getExceptedAllExportData();
+    validateSentryMappingData(exportMappingData, policyFileMappingData);
+
+    // test export with objectPath db=db1
+    configTool.setObjectPath("db=db1");
+    configTool.exportPolicy();
+    policyFileMappingData = getExceptedDb1ExportData();
+    exportMappingData = sentryPolicyFileFormatter.parse(
+        exportFile.getAbsolutePath(), configTool.getAuthzConf());
     validateSentryMappingData(exportMappingData, policyFileMappingData);
   }