You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@sentry.apache.org by co...@apache.org on 2016/04/14 05:34:35 UTC
sentry git commit: SENTRY-1179: Update Sentry config tool for export
with specific auth object(Colin Ma, reviewed by Dapeng Sun)
Repository: sentry
Updated Branches:
refs/heads/master 68949951e -> d540e3b5a
SENTRY-1179: Update Sentry config tool for export with specific auth object(Colin Ma, reviewed by Dapeng Sun)
Project: http://git-wip-us.apache.org/repos/asf/sentry/repo
Commit: http://git-wip-us.apache.org/repos/asf/sentry/commit/d540e3b5
Tree: http://git-wip-us.apache.org/repos/asf/sentry/tree/d540e3b5
Diff: http://git-wip-us.apache.org/repos/asf/sentry/diff/d540e3b5
Branch: refs/heads/master
Commit: d540e3b5af3f74360777945e27004471732620d4
Parents: 6894995
Author: Colin Ma <co...@apache.org>
Authored: Thu Apr 14 12:14:31 2016 +0800
Committer: Colin Ma <co...@apache.org>
Committed: Thu Apr 14 12:14:31 2016 +0800
----------------------------------------------------------------------
.../binding/hive/authz/SentryConfigTool.java | 19 ++++++++-
.../tests/e2e/hive/TestPolicyImportExport.java | 42 ++++++++++++++++++--
2 files changed, 56 insertions(+), 5 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/sentry/blob/d540e3b5/sentry-binding/sentry-binding-hive-common/src/main/java/org/apache/sentry/binding/hive/authz/SentryConfigTool.java
----------------------------------------------------------------------
diff --git a/sentry-binding/sentry-binding-hive-common/src/main/java/org/apache/sentry/binding/hive/authz/SentryConfigTool.java b/sentry-binding/sentry-binding-hive-common/src/main/java/org/apache/sentry/binding/hive/authz/SentryConfigTool.java
index 18ba943..4ef86e6 100644
--- a/sentry-binding/sentry-binding-hive-common/src/main/java/org/apache/sentry/binding/hive/authz/SentryConfigTool.java
+++ b/sentry-binding/sentry-binding-hive-common/src/main/java/org/apache/sentry/binding/hive/authz/SentryConfigTool.java
@@ -76,6 +76,7 @@ public class SentryConfigTool {
private String passWord = null;
private String importPolicyFilePath = null;
private String exportPolicyFilePath = null;
+ private String objectPath = null;
private boolean listPrivs = false;
private boolean validate = false;
private boolean importOverwriteRole = false;
@@ -127,6 +128,14 @@ public class SentryConfigTool {
this.importPolicyFilePath = importPolicyFilePath;
}
+ public String getObjectPath() {
+ return objectPath;
+ }
+
+ public void setObjectPath(String objectPath) {
+ this.objectPath = objectPath;
+ }
+
public String getExportPolicyFilePath() {
return exportPolicyFilePath;
}
@@ -293,7 +302,7 @@ public class SentryConfigTool {
SentryPolicyServiceClient client = SentryServiceClientFactory.create(getAuthzConf());
// export the sentry mapping data from database to map structure
Map<String, Map<String, Set<String>>> policyFileMappingData = client
- .exportPolicy(requestorUserName, null);
+ .exportPolicy(requestorUserName, objectPath);
// get the FileFormatter according to the configuration
SentryPolicyFileFormatter sentryPolicyFileFormatter = SentryPolicyFileFormatFactory
.createFileFormatter(authzConf);
@@ -448,6 +457,7 @@ public class SentryConfigTool {
* -I,--import Import policy file
* -E,--export Export policy file
* -o,--overwrite Overwrite the exist role data when do the import
+ * -b,--objectPath The path of the object whose privileges will be exported
* </pre>
*
* @param args
@@ -524,6 +534,11 @@ public class SentryConfigTool {
overwriteOpt.setRequired(false);
sentryOptions.addOption(overwriteOpt);
+ Option objectPathOpt = new Option("b", "objectPath",
+ false, "The path of the object whose privileges will be exported");
+ objectPathOpt.setRequired(false);
+ sentryOptions.addOption(objectPathOpt);
+
try {
Parser parser = new GnuParser();
CommandLine cmd = parser.parse(sentryOptions, args);
@@ -555,6 +570,8 @@ public class SentryConfigTool {
enableDebug = true;
} else if (opt.getOpt().equals("o")) {
setImportOverwriteRole(true);
+ } else if (opt.getOpt().equals("b")) {
+ setObjectPath(opt.getValue());
}
}
http://git-wip-us.apache.org/repos/asf/sentry/blob/d540e3b5/sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/hive/TestPolicyImportExport.java
----------------------------------------------------------------------
diff --git a/sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/hive/TestPolicyImportExport.java b/sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/hive/TestPolicyImportExport.java
index c72aea3..3f3daf5 100644
--- a/sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/hive/TestPolicyImportExport.java
+++ b/sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/hive/TestPolicyImportExport.java
@@ -53,7 +53,6 @@ public class TestPolicyImportExport extends AbstractTestWithStaticConfiguration
public static String PRIVILIEGE8 = "server=server1->uri=hdfs://testserver:9999/path2->action=insert";
private SentryConfigTool configTool;
- private Map<String, Map<String, Set<String>>> policyFileMappingData;
@BeforeClass
public static void setupTestStaticConfiguration() throws Exception{
@@ -77,7 +76,7 @@ public class TestPolicyImportExport extends AbstractTestWithStaticConfiguration
configTool.importPolicy();
}
- private void prepareExceptedData() {
+ private Map<String, Map<String, Set<String>>> getExceptedAllExportData() {
// test data for:
// [groups]
// group1=roleImport1,roleImport2
@@ -87,7 +86,7 @@ public class TestPolicyImportExport extends AbstractTestWithStaticConfiguration
// roleImport1=privilege1,privilege2,privilege3,privilege4
// roleImport2=privilege3,privilege4,privilege5,privilege6
// roleImport3=privilege5,privilege6,privilege7,privilege8
- policyFileMappingData = Maps.newHashMap();
+ Map<String, Map<String, Set<String>>> policyFileMappingData = Maps.newHashMap();
Map<String, Set<String>> groupRolesMap = Maps.newHashMap();
Map<String, Set<String>> rolePrivilegesMap = Maps.newHashMap();
groupRolesMap.put("group1", Sets.newHashSet("roleimport1", "roleimport2"));
@@ -105,7 +104,33 @@ public class TestPolicyImportExport extends AbstractTestWithStaticConfiguration
rolePrivilegesMap.put("adminrole", Sets.newHashSet(PRIVILIEGE1));
policyFileMappingData.put(PolicyFileConstants.GROUPS, groupRolesMap);
policyFileMappingData.put(PolicyFileConstants.ROLES, rolePrivilegesMap);
+ return policyFileMappingData;
+ }
+ private Map<String, Map<String, Set<String>>> getExceptedDb1ExportData() {
+ // test data for:
+ // [groups]
+ // group1=roleImport1,roleImport2
+ // group2=roleImport1,roleImport2,roleImport3
+ // group3=roleImport2,roleImport3
+ // [roles]
+ // roleImport1=privilege1,privilege2,privilege3,privilege4
+ // roleImport2=privilege3,privilege4,privilege5,privilege6
+ // roleImport3=privilege5,privilege6,privilege7,privilege8
+ Map<String, Map<String, Set<String>>> policyFileMappingData = Maps.newHashMap();
+ Map<String, Set<String>> groupRolesMap = Maps.newHashMap();
+ Map<String, Set<String>> rolePrivilegesMap = Maps.newHashMap();
+ groupRolesMap.put("group1", Sets.newHashSet("roleimport1", "roleimport2"));
+ groupRolesMap.put("group2", Sets.newHashSet("roleimport1", "roleimport2", "roleimport3"));
+ groupRolesMap.put("group3", Sets.newHashSet("roleimport2", "roleimport3"));
+ rolePrivilegesMap.put("roleimport1", Sets.newHashSet(PRIVILIEGE4));
+ rolePrivilegesMap.put("roleimport2",
+ Sets.newHashSet(PRIVILIEGE4, PRIVILIEGE5, PRIVILIEGE6));
+ rolePrivilegesMap.put("roleimport3",
+ Sets.newHashSet(PRIVILIEGE5, PRIVILIEGE6, PRIVILIEGE7));
+ policyFileMappingData.put(PolicyFileConstants.GROUPS, groupRolesMap);
+ policyFileMappingData.put(PolicyFileConstants.ROLES, rolePrivilegesMap);
+ return policyFileMappingData;
}
@Test
@@ -128,7 +153,16 @@ public class TestPolicyImportExport extends AbstractTestWithStaticConfiguration
Map<String, Map<String, Set<String>>> exportMappingData = sentryPolicyFileFormatter.parse(
exportFile.getAbsolutePath(), configTool.getAuthzConf());
- prepareExceptedData();
+ Map<String, Map<String, Set<String>>> policyFileMappingData =
+ getExceptedAllExportData();
+ validateSentryMappingData(exportMappingData, policyFileMappingData);
+
+ // test export with objectPath db=db1
+ configTool.setObjectPath("db=db1");
+ configTool.exportPolicy();
+ policyFileMappingData = getExceptedDb1ExportData();
+ exportMappingData = sentryPolicyFileFormatter.parse(
+ exportFile.getAbsolutePath(), configTool.getAuthzConf());
validateSentryMappingData(exportMappingData, policyFileMappingData);
}