You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@sentry.apache.org by co...@apache.org on 2017/11/16 11:11:19 UTC
[1/2] sentry git commit: Adding listGroupRoles functionality from
master
Repository: sentry
Updated Branches:
refs/heads/akolb-cli f951f0944 -> 3dc878e1c
Adding listGroupRoles functionality from master
Project: http://git-wip-us.apache.org/repos/asf/sentry/repo
Commit: http://git-wip-us.apache.org/repos/asf/sentry/commit/d3847878
Tree: http://git-wip-us.apache.org/repos/asf/sentry/tree/d3847878
Diff: http://git-wip-us.apache.org/repos/asf/sentry/diff/d3847878
Branch: refs/heads/akolb-cli
Commit: d38478787d36ac6b2c87eaebeb3c7face43cf0d7
Parents: f951f09
Author: Colm O hEigeartaigh <co...@apache.org>
Authored: Thu Nov 16 10:19:05 2017 +0000
Committer: Colm O hEigeartaigh <co...@apache.org>
Committed: Thu Nov 16 10:19:05 2017 +0000
----------------------------------------------------------------------
.../java/org/apache/sentry/shell/ShellUtil.java | 66 +++-----------------
1 file changed, 8 insertions(+), 58 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/sentry/blob/d3847878/sentry-tools/src/main/java/org/apache/sentry/shell/ShellUtil.java
----------------------------------------------------------------------
diff --git a/sentry-tools/src/main/java/org/apache/sentry/shell/ShellUtil.java b/sentry-tools/src/main/java/org/apache/sentry/shell/ShellUtil.java
index 13d194d..307a05e 100644
--- a/sentry-tools/src/main/java/org/apache/sentry/shell/ShellUtil.java
+++ b/sentry-tools/src/main/java/org/apache/sentry/shell/ShellUtil.java
@@ -20,7 +20,6 @@ package org.apache.sentry.shell;
import org.apache.sentry.core.common.exception.SentryUserException;
import org.apache.sentry.provider.db.service.thrift.*;
-import org.apache.sentry.provider.db.tools.SentryShellCommon;
import org.apache.sentry.provider.db.tools.ShellCommand;
import org.apache.sentry.provider.db.tools.command.hive.HiveShellCommand;
@@ -45,8 +44,7 @@ class ShellUtil {
List<String> listRoles(String group) {
try {
- // TODO remove "null" here
- List<String> result = command.listRoles(authUser, null, group);
+ List<String> result = command.listRoles(authUser, group);
Collections.sort(result);
return result;
} catch (SentryUserException e) {
@@ -79,65 +77,18 @@ class ShellUtil {
}
List<String> listGroupRoles() {
- // TODO
- return Collections.emptyList();
- /*
- Set<TSentryRole> roles = null;
-
try {
- roles = sentryClient.listAllRoles(authUser);
+ return command.listGroupRoles(authUser);
} catch (SentryUserException e) {
- System.out.println("Error reading roles: " + e.toString());
- }
-
- if (roles == null || roles.isEmpty()) {
- return new ArrayList<>();
- }
-
- // Set of all group names
- Set<String> groupNames = new HashSet<>();
-
- // Map group to set of roles
- Map<String, Set<String>> groupInfo = new HashMap<>();
-
- // Get all group names
- for (TSentryRole role: roles) {
- for (TSentryGroup group: role.getGroups()) {
- String groupName = group.getGroupName();
- groupNames.add(groupName);
- Set<String> groupRoles = groupInfo.get(groupName);
- if (groupRoles != null) {
- // Add a new or existing role
- groupRoles.add(role.getRoleName());
- continue;
- }
- // Never seen this group before
- groupRoles = new HashSet<>();
- groupRoles.add(role.getRoleName());
- groupInfo.put(groupName, groupRoles);
- }
- }
-
- List<String> groups = new ArrayList<>(groupNames);
- Collections.sort(groups);
-
- // Produce printable result as
- // group1 = role1, role2, ...
- // group2 = ...
- List<String> result = new LinkedList<>();
- for(String groupName: groups) {
- result.add(groupName + " = " +
- StringUtils.join(groupInfo.get(groupName), ", "));
+ System.out.printf("failed to list the groups and roles: %s\n", e.toString());
+ return Collections.emptyList();
}
- return result;
- */
}
void grantGroupsToRole(String roleName, String ...groups) {
try {
- // TODO change grantRoleToGroups
- String joinedGroups = String.join(SentryShellCommon.GROUP_SPLIT_CHAR, groups);
- command.grantRoleToGroups(authUser, roleName, joinedGroups);
+ Set<String> groupsSet = new HashSet<>(Arrays.asList(groups));
+ command.grantRoleToGroups(authUser, roleName, groupsSet);
} catch (SentryUserException e) {
System.out.printf("Failed to gran role %s to groups: %s\n",
roleName, e.toString());
@@ -146,9 +97,8 @@ class ShellUtil {
void revokeGroupsFromRole(String roleName, String ...groups) {
try {
- // TODO change revokeRoleFromGroups
- String joinedGroups = String.join(SentryShellCommon.GROUP_SPLIT_CHAR, groups);
- command.revokeRoleFromGroups(authUser, roleName, joinedGroups);
+ Set<String> groupsSet = new HashSet<>(Arrays.asList(groups));
+ command.revokeRoleFromGroups(authUser, roleName, groupsSet);
} catch (SentryUserException e) {
System.out.printf("Failed to revoke role %s to groups: %s\n",
roleName, e.toString());
[2/2] sentry git commit: Added support to use the CLI tool with kafka, solr,
sqoop
Posted by co...@apache.org.
Added support to use the CLI tool with kafka, solr, sqoop
Project: http://git-wip-us.apache.org/repos/asf/sentry/repo
Commit: http://git-wip-us.apache.org/repos/asf/sentry/commit/3dc878e1
Tree: http://git-wip-us.apache.org/repos/asf/sentry/tree/3dc878e1
Diff: http://git-wip-us.apache.org/repos/asf/sentry/diff/3dc878e1
Branch: refs/heads/akolb-cli
Commit: 3dc878e1ca440ad4bfe9250c43384971bd344c3b
Parents: d384787
Author: Colm O hEigeartaigh <co...@apache.org>
Authored: Thu Nov 16 11:10:59 2017 +0000
Committer: Colm O hEigeartaigh <co...@apache.org>
Committed: Thu Nov 16 11:10:59 2017 +0000
----------------------------------------------------------------------
.../org/apache/sentry/shell/GroupShell.java | 65 ++--
.../org/apache/sentry/shell/PrivsShell.java | 80 +++--
.../org/apache/sentry/shell/RolesShell.java | 90 +++--
.../java/org/apache/sentry/shell/SentryCli.java | 291 ++++++++--------
.../java/org/apache/sentry/shell/ShellUtil.java | 134 --------
.../org/apache/sentry/shell/TopLevelShell.java | 335 +++++++++++++------
6 files changed, 542 insertions(+), 453 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/sentry/blob/3dc878e1/sentry-tools/src/main/java/org/apache/sentry/shell/GroupShell.java
----------------------------------------------------------------------
diff --git a/sentry-tools/src/main/java/org/apache/sentry/shell/GroupShell.java b/sentry-tools/src/main/java/org/apache/sentry/shell/GroupShell.java
index a59da04..b7652a5 100644
--- a/sentry-tools/src/main/java/org/apache/sentry/shell/GroupShell.java
+++ b/sentry-tools/src/main/java/org/apache/sentry/shell/GroupShell.java
@@ -21,40 +21,65 @@ package org.apache.sentry.shell;
import com.budhash.cliche.Command;
import com.budhash.cliche.Shell;
import com.budhash.cliche.ShellDependent;
-import org.apache.sentry.provider.db.service.thrift.SentryPolicyServiceClient;
+import org.apache.sentry.core.common.exception.SentryUserException;
+import org.apache.sentry.provider.db.tools.ShellCommand;
+
+import java.util.Arrays;
+import java.util.Collections;
+import java.util.HashSet;
import java.util.List;
+import java.util.Set;
/**
* Sentry group manipulation for CLI
*/
public class GroupShell implements ShellDependent {
- private final ShellUtil tools;
- Shell shell;
+ private final ShellCommand shellCommand;
+ private final String authUser;
+ Shell shell;
- public GroupShell(SentryPolicyServiceClient sentryClient, String authUser) {
- this.tools = new ShellUtil(sentryClient, authUser);
- }
+ public GroupShell(ShellCommand shellCommand, String authUser) {
+ this.shellCommand = shellCommand;
+ this.authUser = authUser;
+ }
- @Command(abbrev = "lr", header = "[groups]",
- description = "list groups and their roles")
- public List<String> listRoles() {
- return tools.listGroupRoles();
+ @Command(abbrev = "lr", header = "[groups]",
+ description = "list groups and their roles")
+ public List<String> listRoles() {
+ try {
+ return shellCommand.listGroupRoles(authUser);
+ } catch (SentryUserException e) {
+ System.out.printf("failed to list the groups and roles: %s\n", e.toString());
+ return Collections.emptyList();
}
+ }
- @Command(description = "Grant role to groups")
- public void grant(String roleName, String ...groups) {
- tools.grantGroupsToRole(roleName, groups);
+ @Command(description = "Grant role to groups")
+ public void grant(String roleName, String ...groups) {
+ try {
+ Set<String> groupsSet = new HashSet<>(Arrays.asList(groups));
+ shellCommand.grantRoleToGroups(authUser, roleName, groupsSet);
+ } catch (SentryUserException e) {
+ System.out.printf("Failed to gran role %s to groups: %s\n",
+ roleName, e.toString());
}
+ }
- @Command(description = "Revoke role from groups")
- public void revoke(String roleName, String ...groups) {
- tools.revokeGroupsFromRole(roleName, groups);
+ @Command(description = "Revoke role from groups")
+ public void revoke(String roleName, String ...groups) {
+ try {
+ Set<String> groupsSet = new HashSet<>(Arrays.asList(groups));
+ shellCommand.revokeRoleFromGroups(authUser, roleName, groupsSet);
+ } catch (SentryUserException e) {
+ System.out.printf("Failed to revoke role %s to groups: %s\n",
+ roleName, e.toString());
}
+ }
- @Override
- public void cliSetShell(Shell theShell) {
- this.shell = theShell;
- }
+ @Override
+ public void cliSetShell(Shell theShell) {
+ this.shell = theShell;
+ }
}
http://git-wip-us.apache.org/repos/asf/sentry/blob/3dc878e1/sentry-tools/src/main/java/org/apache/sentry/shell/PrivsShell.java
----------------------------------------------------------------------
diff --git a/sentry-tools/src/main/java/org/apache/sentry/shell/PrivsShell.java b/sentry-tools/src/main/java/org/apache/sentry/shell/PrivsShell.java
index a03c47d..8b8898f 100644
--- a/sentry-tools/src/main/java/org/apache/sentry/shell/PrivsShell.java
+++ b/sentry-tools/src/main/java/org/apache/sentry/shell/PrivsShell.java
@@ -22,47 +22,65 @@ import com.budhash.cliche.Command;
import com.budhash.cliche.Param;
import com.budhash.cliche.Shell;
import com.budhash.cliche.ShellDependent;
-import org.apache.sentry.provider.db.service.thrift.SentryPolicyServiceClient;
+import org.apache.sentry.core.common.exception.SentryUserException;
+import org.apache.sentry.provider.db.tools.ShellCommand;
+
+import java.util.Collections;
import java.util.List;
public class PrivsShell implements ShellDependent {
- private final ShellUtil tools;
- Shell shell;
+ private final ShellCommand shellCommand;
+ private final String authUser;
+ Shell shell;
- public PrivsShell(SentryPolicyServiceClient sentryClient, String authUser) {
- this.tools = new ShellUtil(sentryClient, authUser);
- }
+ public PrivsShell(ShellCommand shellCommand, String authUser) {
+ this.shellCommand = shellCommand;
+ this.authUser = authUser;
+ }
- @Command(description = "Grant privilege to role")
- public void grant(
- @Param(name = "roleName")
- String roleName,
- @Param(name = "privilege",
- description = "privilege string, e.g. server=s1->db=foo")
- String privilege) {
- tools.grantPrivilegeToRole(roleName, privilege);
+ @Command(description = "Grant privilege to role")
+ public void grant(
+ @Param(name = "roleName")
+ String roleName,
+ @Param(name = "privilege",
+ description = "privilege string, e.g. server=s1->db=foo")
+ String privilege) {
+ try {
+ shellCommand.grantPrivilegeToRole(authUser, roleName, privilege);
+ } catch (SentryUserException e) {
+ System.out.println("Error granting privilege: " + e.toString());
}
+ }
- @Command
- public List<String> list(
- @Param(name = "roleName")
- String roleName) {
- return tools.listPrivileges(roleName);
+ @Command
+ public List<String> list(
+ @Param(name = "roleName")
+ String roleName) {
+ try {
+ return shellCommand.listPrivileges(authUser, roleName);
+ } catch (SentryUserException e) {
+ System.out.println("Failed to list privileges: " + e.toString());
+ return Collections.emptyList();
}
+ }
- @Command
- public void revoke(
- @Param(name = "roleName")
- String roleName,
- @Param(name = "privilege",
- description = "privilege string, e.g. server=s1->db=foo")
- String privilege) {
- tools.revokePrivilegeFromRole(roleName, privilege);
+ @Command
+ public void revoke(
+ @Param(name = "roleName")
+ String roleName,
+ @Param(name = "privilege",
+ description = "privilege string, e.g. server=s1->db=foo")
+ String privilege) {
+ try {
+ shellCommand.revokePrivilegeFromRole(authUser, roleName, privilege);
+ } catch (SentryUserException e) {
+ System.out.println("failed to revoke privilege: " + e.toString());
}
+ }
- @Override
- public void cliSetShell(Shell theShell) {
- this.shell = theShell;
- }
+ @Override
+ public void cliSetShell(Shell theShell) {
+ this.shell = theShell;
+ }
}
http://git-wip-us.apache.org/repos/asf/sentry/blob/3dc878e1/sentry-tools/src/main/java/org/apache/sentry/shell/RolesShell.java
----------------------------------------------------------------------
diff --git a/sentry-tools/src/main/java/org/apache/sentry/shell/RolesShell.java b/sentry-tools/src/main/java/org/apache/sentry/shell/RolesShell.java
index ab4589d..c014a30 100644
--- a/sentry-tools/src/main/java/org/apache/sentry/shell/RolesShell.java
+++ b/sentry-tools/src/main/java/org/apache/sentry/shell/RolesShell.java
@@ -22,50 +22,84 @@ import com.budhash.cliche.Command;
import com.budhash.cliche.Param;
import com.budhash.cliche.Shell;
import com.budhash.cliche.ShellDependent;
-import org.apache.sentry.provider.db.service.thrift.SentryPolicyServiceClient;
+import org.apache.sentry.core.common.exception.SentryUserException;
+import org.apache.sentry.provider.db.tools.ShellCommand;
+
+import java.util.Collections;
import java.util.List;
/**
* Sentry roles manipulation for CLI.
*/
public class RolesShell implements ShellDependent {
- private final ShellUtil tools;
- Shell shell;
+ private final ShellCommand shellCommand;
+ private final String authUser;
+ Shell shell;
- public RolesShell(SentryPolicyServiceClient sentryClient, String authUser) {
- this.tools = new ShellUtil(sentryClient, authUser);
- }
+ public RolesShell(ShellCommand shellCommand, String authUser) {
+ this.shellCommand = shellCommand;
+ this.authUser = authUser;
+ }
- @Command(description = "List sentry roles. shows all available roles.")
- public List<String> list() {
- return tools.listRoles();
+ @Command(description = "List sentry roles. shows all available roles.")
+ public List<String> list() {
+ try {
+ List<String> result = shellCommand.listRoles(authUser, null);
+ Collections.sort(result);
+ return result;
+ } catch (SentryUserException e) {
+ System.out.printf("failed to list roles: %s\n", e.toString());
+ return Collections.emptyList();
}
+ }
- @Command(description = "List sentry roles by group")
- public List<String> list(
- @Param(name = "groupName", description = "group name for roles")
- String group) {
- return tools.listRoles(group);
+ @Command(description = "List sentry roles by group")
+ public List<String> list(
+ @Param(name = "groupName", description = "group name for roles")
+ String group) {
+ try {
+ List<String> result = shellCommand.listRoles(authUser, group);
+ Collections.sort(result);
+ return result;
+ } catch (SentryUserException e) {
+ System.out.printf("failed to list roles with group %s: %s\n",
+ group, e.toString());
+ return Collections.emptyList();
}
+ }
- @Command(description = "Create Sentry role(s).")
- public void create(
- @Param(name = "roleName", description = "name of role to create")
- String ...roles) {
- tools.createRoles(roles);
+ @Command(description = "Create Sentry role(s).")
+ public void create(
+ @Param(name = "roleName", description = "name of role to create")
+ String ...roles) {
+ for (String role : roles) {
+ try {
+ shellCommand.createRole(authUser, role);
+ } catch (SentryUserException e) {
+ System.out.printf("failed to create role %s: %s\n",
+ role, e.toString());
+ }
}
+ }
- @Command(description = "drop Sentry role(s).")
- public void drop(
- @Param(name = "roleName ...", description = "role names to remove")
- String ...roles) {
- tools.dropRoles(roles);
+ @Command(description = "drop Sentry role(s).")
+ public void drop(
+ @Param(name = "roleName ...", description = "role names to remove")
+ String ...roles) {
+ for (String role : roles) {
+ try {
+ shellCommand.dropRole(authUser, role);
+ } catch (SentryUserException e) {
+ System.out.printf("failed to drop role %s: %s\n",
+ role, e.toString());
+ }
}
+ }
- @Override
- public void cliSetShell(Shell theShell) {
- this.shell = theShell;
- }
+ @Override
+ public void cliSetShell(Shell theShell) {
+ this.shell = theShell;
+ }
}
http://git-wip-us.apache.org/repos/asf/sentry/blob/3dc878e1/sentry-tools/src/main/java/org/apache/sentry/shell/SentryCli.java
----------------------------------------------------------------------
diff --git a/sentry-tools/src/main/java/org/apache/sentry/shell/SentryCli.java b/sentry-tools/src/main/java/org/apache/sentry/shell/SentryCli.java
index 823d80c..75b845c 100644
--- a/sentry-tools/src/main/java/org/apache/sentry/shell/SentryCli.java
+++ b/sentry-tools/src/main/java/org/apache/sentry/shell/SentryCli.java
@@ -23,13 +23,14 @@ import org.apache.hadoop.conf.Configuration;
import org.apache.hadoop.fs.Path;
import org.apache.hadoop.security.UserGroupInformation;
import org.apache.log4j.PropertyConfigurator;
+import org.apache.sentry.provider.db.generic.service.thrift.SentryGenericServiceClient;
+import org.apache.sentry.provider.db.generic.service.thrift.SentryGenericServiceClientFactory;
import org.apache.sentry.provider.db.service.thrift.SentryPolicyServiceClient;
import org.apache.sentry.service.thrift.SentryServiceClientFactory;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import java.io.FileInputStream;
-import java.io.FileNotFoundException;
import java.io.IOException;
import java.util.Map;
import java.util.Properties;
@@ -42,163 +43,163 @@ import static org.apache.sentry.service.thrift.ServiceConstants.ServerConfig.SEC
* Sentry interactive tool
*/
public class SentryCli {
- private static final Logger log = LoggerFactory.getLogger(SentryCli.class.getName());
- private static final String LOG4J_CONF = "log4jConf";
- private final String[] args;
- private Options options = new Options();
- private CommandLine cmd;
-
- private static final String localhost = "localhost";
- private static final String defaultPort = "8038";
-
- private static final String configOpt = "config";
- private static final String userOpt = "user";
- private static final String hostOpt = "host";
-
- private static final String configEnv = "SENTRY_CONFIG";
- private static final String hostEnv = "SENTRY_HOST";
- private static final String userEnv = "SENTRY_USER";
-
-
- private SentryPolicyServiceClient sentryClient;
+ private static final Logger log = LoggerFactory.getLogger(SentryCli.class.getName());
+ private static final String LOG4J_CONF = "log4jConf";
+ private final String[] args;
+ private Options options = new Options();
+ private CommandLine cmd;
+
+ private static final String localhost = "localhost";
+ private static final String defaultPort = "8038";
+
+ private static final String configOpt = "config";
+ private static final String userOpt = "user";
+ private static final String hostOpt = "host";
+
+ private static final String configEnv = "SENTRY_CONFIG";
+ private static final String hostEnv = "SENTRY_HOST";
+ private static final String userEnv = "SENTRY_USER";
+
+
+ private SentryPolicyServiceClient sentryClient;
+ private SentryGenericServiceClient sentryGenericClient;
+
+ public SentryPolicyServiceClient getSentryClient() {
+ return sentryClient;
+ }
+
+ public SentryGenericServiceClient getSentryGenericClient() {
+ return sentryGenericClient;
+ }
+
+ public String getRequestorName() {
+ return requestorName;
+ }
+
+ private String requestorName;
+
+ public static void main(String[] args) {
+ SentryCli cli = new SentryCli(args);
+ // Create interactive shell and run it
+ TopLevelShell shell = new TopLevelShell(cli.getSentryClient(),
+ cli.getSentryGenericClient(),
+ cli.getRequestorName());
+ shell.run();
+ }
+
+ /**
+ * Construct SentryCli from arguments
+ * @param args command-line arguments
+ */
+ public SentryCli(String[] args) {
+ this.args = args;
+ options.addOption("h", "help", false, "show help");
+ // file path of sentry-site
+ options.addOption("U", userOpt, true, "auth user");
+ options.addOption("H", hostOpt, true, "host address");
+ options.addOption("c", configOpt, true, "sentry configuration");
+ options.addOption("L", LOG4J_CONF, true, "Location of log4j properties file");
+ CommandLineParser parser = new GnuParser();
+ try {
+ this.cmd = parser.parse(options, args);
+ } catch (ParseException e) {
+ help();
+ }
+ if (cmd.hasOption("h")) {
+ help();
+ }
+ init();
+ }
+
+ /**
+ * Parse command-line arguments.
+ */
+ public void parse() {
+ CommandLineParser parser = new GnuParser();
+ try {
+ cmd = parser.parse(options, args);
+ if (cmd.hasOption("h")) {
+ help();
+ }
+ } catch (ParseException e) {
+ log.warn("error in parsing expression", e);
+ help();
+ System.exit(1);
+ }
+ }
+
+ /**
+ * Initialize CLI
+ */
+ private void init() {
+ Map<String, String> env = System.getenv();
+ String log4jconf = cmd.getOptionValue(LOG4J_CONF);
+ if (log4jconf != null && log4jconf.length() > 0) {
+ Properties log4jProperties = new Properties();
+
+ // Firstly load log properties from properties file
+ try (FileInputStream istream = new FileInputStream(log4jconf)) {
+ log4jProperties.load(istream);
+ } catch (IOException e) {
+ e.printStackTrace();
+ }
+
+ PropertyConfigurator.configure(log4jProperties);
+ }
- public SentryPolicyServiceClient getSentryClient() {
- return sentryClient;
+ String host = cmd.getOptionValue(hostOpt);
+ if (host == null) {
+ host = env.get(hostEnv);
}
- public String getRequestorName() {
- return requestorName;
+ String pathConf = cmd.getOptionValue(configOpt);
+ if (pathConf == null) {
+ pathConf = env.get(configEnv);
+ }
+ if (host == null && pathConf == null) {
+ host = localhost + ":" + defaultPort;
}
- private String requestorName;
+ Configuration conf = new Configuration();
- public static void main(String[] args) {
- SentryCli cli = new SentryCli(args);
- // Create interactive shell and run it
- TopLevelShell shell = new TopLevelShell(cli.getSentryClient(),
- cli.getRequestorName());
- shell.run();
+ if (pathConf != null) {
+ conf.addResource(new Path(pathConf));
+ } else {
+ conf.set(SECURITY_MODE, SECURITY_MODE_NONE);
}
- /**
- * Construct SentryCli from arguments
- * @param args command-line arguments
- */
- public SentryCli(String[] args) {
- this.args = args;
- options.addOption("h", "help", false, "show help");
- // file path of sentry-site
- options.addOption("U", userOpt, true, "auth user");
- options.addOption("H", hostOpt, true, "host address");
- options.addOption("c", configOpt, true, "sentry configuration");
- options.addOption("L", LOG4J_CONF, true, "Location of log4j properties file");
- CommandLineParser parser = new GnuParser();
- try {
- this.cmd = parser.parse(options, args);
- } catch (ParseException e) {
- help();
- }
- if (cmd.hasOption("h")) {
- help();
- }
- init();
+ if (host != null) {
+ conf.set(SERVER_RPC_ADDRESS, host);
}
- /**
- * Parse command-line arguments.
- */
- public void parse() {
- CommandLineParser parser = new GnuParser();
- try {
- cmd = parser.parse(options, args);
- if (cmd.hasOption("h")) {
- help();
- }
- } catch (ParseException e) {
- log.warn("error in parsing expression", e);
- help();
- System.exit(1);
- }
+ requestorName = cmd.getOptionValue(userOpt);
+ if (requestorName == null) {
+ requestorName = env.get(userEnv);
}
-
- /**
- * Initialize CLI
- */
- private void init() {
- Map<String, String> env = System.getenv();
- String log4jconf = cmd.getOptionValue(LOG4J_CONF);
- if (log4jconf != null && log4jconf.length() > 0) {
- Properties log4jProperties = new Properties();
-
- // Firstly load log properties from properties file
- FileInputStream istream = null;
- try {
- istream = new FileInputStream(log4jconf);
- } catch (FileNotFoundException e) {
- e.printStackTrace();
- }
- try {
- log4jProperties.load(istream);
- istream.close();
- } catch (IOException e) {
- e.printStackTrace();
- }
-
- PropertyConfigurator.configure(log4jProperties);
- }
-
- String host = cmd.getOptionValue(hostOpt);
- if (host == null) {
- host = env.get(hostEnv);
- }
-
- String pathConf = cmd.getOptionValue(configOpt);
- if (pathConf == null) {
- pathConf = env.get(configEnv);
- }
- if (host == null && pathConf == null) {
- host = localhost + ":" + defaultPort;
- }
-
- Configuration conf = new Configuration();
-
- if (pathConf != null) {
- conf.addResource(new Path(pathConf));
- } else {
- conf.set(SECURITY_MODE, SECURITY_MODE_NONE);
- }
-
- if (host != null) {
- conf.set(SERVER_RPC_ADDRESS, host);
- }
-
- requestorName = cmd.getOptionValue(userOpt);
- if (requestorName == null) {
- requestorName = env.get(userEnv);
- }
- if (requestorName == null) {
-
- UserGroupInformation ugi = null;
- try {
- ugi = UserGroupInformation.getLoginUser();
- } catch (IOException e) {
- e.printStackTrace();
- }
- requestorName = ugi.getShortUserName();
- }
-
- try {
- sentryClient = SentryServiceClientFactory.create(conf);
- } catch (Exception e) {
- System.out.println("Failed to connect to Sentry server: " + e.toString());
- }
+ if (requestorName == null) {
+
+ UserGroupInformation ugi = null;
+ try {
+ ugi = UserGroupInformation.getLoginUser();
+ } catch (IOException e) {
+ e.printStackTrace();
+ }
+ requestorName = ugi.getShortUserName();
}
- private void help() {
- // This prints out some help
- HelpFormatter formater = new HelpFormatter();
- formater.printHelp("sentrycli", options);
- System.exit(0);
+ try {
+ sentryClient = SentryServiceClientFactory.create(conf);
+ sentryGenericClient = SentryGenericServiceClientFactory.create(conf);
+ } catch (Exception e) {
+ System.out.println("Failed to connect to Sentry server: " + e.toString());
}
+ }
+
+ private void help() {
+ // This prints out some help
+ HelpFormatter formater = new HelpFormatter();
+ formater.printHelp("sentrycli", options);
+ System.exit(0);
+ }
}
http://git-wip-us.apache.org/repos/asf/sentry/blob/3dc878e1/sentry-tools/src/main/java/org/apache/sentry/shell/ShellUtil.java
----------------------------------------------------------------------
diff --git a/sentry-tools/src/main/java/org/apache/sentry/shell/ShellUtil.java b/sentry-tools/src/main/java/org/apache/sentry/shell/ShellUtil.java
deleted file mode 100644
index 307a05e..0000000
--- a/sentry-tools/src/main/java/org/apache/sentry/shell/ShellUtil.java
+++ /dev/null
@@ -1,134 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-package org.apache.sentry.shell;
-
-import org.apache.sentry.core.common.exception.SentryUserException;
-import org.apache.sentry.provider.db.service.thrift.*;
-import org.apache.sentry.provider.db.tools.ShellCommand;
-import org.apache.sentry.provider.db.tools.command.hive.HiveShellCommand;
-
-import java.util.*;
-
-/**
- * ShellUtil implements actual commands
- */
-class ShellUtil {
-
- private final ShellCommand command;
- private final String authUser;
-
- ShellUtil(SentryPolicyServiceClient sentryClient, String authUser) {
- this.authUser = authUser;
- command = new HiveShellCommand(sentryClient);
- }
-
- List<String> listRoles() {
- return listRoles(null);
- }
-
- List<String> listRoles(String group) {
- try {
- List<String> result = command.listRoles(authUser, group);
- Collections.sort(result);
- return result;
- } catch (SentryUserException e) {
- System.out.printf("failed to list roles with group %s: %s\n",
- group, e.toString());
- return Collections.emptyList();
- }
- }
-
- void createRoles(String ...roles) {
- for (String role : roles) {
- try {
- command.createRole(authUser, role);
- } catch (SentryUserException e) {
- System.out.printf("failed to create role %s: %s\n",
- role, e.toString());
- }
- }
- }
-
- void dropRoles(String ...roles) {
- for (String role : roles) {
- try {
- command.dropRole(authUser, role);
- } catch (SentryUserException e) {
- System.out.printf("failed to drop role %s: %s\n",
- role, e.toString());
- }
- }
- }
-
- List<String> listGroupRoles() {
- try {
- return command.listGroupRoles(authUser);
- } catch (SentryUserException e) {
- System.out.printf("failed to list the groups and roles: %s\n", e.toString());
- return Collections.emptyList();
- }
- }
-
- void grantGroupsToRole(String roleName, String ...groups) {
- try {
- Set<String> groupsSet = new HashSet<>(Arrays.asList(groups));
- command.grantRoleToGroups(authUser, roleName, groupsSet);
- } catch (SentryUserException e) {
- System.out.printf("Failed to gran role %s to groups: %s\n",
- roleName, e.toString());
- }
- }
-
- void revokeGroupsFromRole(String roleName, String ...groups) {
- try {
- Set<String> groupsSet = new HashSet<>(Arrays.asList(groups));
- command.revokeRoleFromGroups(authUser, roleName, groupsSet);
- } catch (SentryUserException e) {
- System.out.printf("Failed to revoke role %s to groups: %s\n",
- roleName, e.toString());
- }
- }
-
- void grantPrivilegeToRole(String roleName, String privilege) {
- try {
- command.grantPrivilegeToRole(authUser, roleName, privilege);
- } catch (SentryUserException e) {
- System.out.println("Error granting privilege: " + e.toString());
- }
- }
-
- List<String> listPrivileges(String roleName) {
- try {
- return command.listPrivileges(authUser, roleName);
- } catch (SentryUserException e) {
- System.out.println("Failed to list privileges: " + e.toString());
- return Collections.emptyList();
- }
- }
-
- void revokePrivilegeFromRole(String roleName, String privilegeStr) {
- try {
- command.revokePrivilegeFromRole(authUser, roleName, privilegeStr);
- } catch (SentryUserException e) {
- System.out.println("failed to revoke privilege: " + e.toString());
- }
- }
-
-
-}
http://git-wip-us.apache.org/repos/asf/sentry/blob/3dc878e1/sentry-tools/src/main/java/org/apache/sentry/shell/TopLevelShell.java
----------------------------------------------------------------------
diff --git a/sentry-tools/src/main/java/org/apache/sentry/shell/TopLevelShell.java b/sentry-tools/src/main/java/org/apache/sentry/shell/TopLevelShell.java
index ba4a204..b8f365f 100644
--- a/sentry-tools/src/main/java/org/apache/sentry/shell/TopLevelShell.java
+++ b/sentry-tools/src/main/java/org/apache/sentry/shell/TopLevelShell.java
@@ -18,139 +18,284 @@
package org.apache.sentry.shell;
-import com.budhash.cliche.*;
+import org.apache.sentry.core.common.exception.SentryUserException;
+import org.apache.sentry.provider.common.AuthorizationComponent;
+import org.apache.sentry.provider.db.generic.service.thrift.SentryGenericServiceClient;
+import org.apache.sentry.provider.db.generic.tools.GenericPrivilegeConverter;
+import org.apache.sentry.provider.db.generic.tools.command.GenericShellCommand;
+import org.apache.sentry.provider.db.generic.tools.command.TSentryPrivilegeConverter;
import org.apache.sentry.provider.db.service.thrift.SentryPolicyServiceClient;
+import org.apache.sentry.provider.db.tools.ShellCommand;
+import org.apache.sentry.provider.db.tools.command.hive.HiveShellCommand;
+
+import com.budhash.cliche.Command;
+import com.budhash.cliche.Param;
+import com.budhash.cliche.Shell;
+import com.budhash.cliche.ShellDependent;
+import com.budhash.cliche.ShellFactory;
import java.io.IOException;
+import java.util.Arrays;
+import java.util.Collections;
+import java.util.HashSet;
import java.util.List;
+import java.util.Set;
/**
* Top level commands
*/
public class TopLevelShell implements ShellDependent, Runnable {
- private final Shell topShell;
- private final ShellUtil tools;
- private Shell shell; // top level shell object
-
- private final String authUser;
- private final SentryPolicyServiceClient sentryClient;
-
- TopLevelShell(SentryPolicyServiceClient sentryClient,
- String authUser) {
- this.authUser = authUser;
- this.sentryClient = sentryClient;
- this.tools = new ShellUtil(sentryClient, authUser);
- topShell = ShellFactory.createConsoleShell("sentry",
- "sentry shell\n" +
- "Enter ?l to list available commands.",
- this);
- }
+ public enum TYPE { kafka, hive, solr, sqoop };
+
+ private final Shell topShell;
+ private ShellCommand shellCommand;
+ private Shell shell; // top level shell object
+
+ private final String authUser;
+ private final SentryPolicyServiceClient sentryClient;
+ private final SentryGenericServiceClient sentryGenericClient;
+
+ TopLevelShell(SentryPolicyServiceClient sentryClient,
+ SentryGenericServiceClient sentryGenericClient,
+ String authUser) {
+ this.authUser = authUser;
+ this.sentryClient = sentryClient;
+ this.sentryGenericClient = sentryGenericClient;
+ shellCommand = new HiveShellCommand(sentryClient);
+ topShell = ShellFactory.createConsoleShell("sentry",
+ "sentry shell\n" +
+ "Enter ?l to list available commands.",
+ this);
+ }
+
+ @Command(description="list, create and remove roles")
+ public void roles() throws IOException {
+ ShellFactory.createSubshell("roles", shell, "roles commands",
+ new RolesShell(shellCommand, authUser)).commandLoop();
+ }
- @Command(description="list, create and remove roles")
- public void roles() throws IOException {
- ShellFactory.createSubshell("roles", shell, "roles commands",
- new RolesShell(sentryClient, authUser)).commandLoop();
+ @Command(description = "list, create and remove groups")
+ public void groups() throws IOException {
+ ShellFactory.createSubshell("groups", shell, "groups commands",
+ new GroupShell(shellCommand, authUser)).commandLoop();
+ }
+
+ @Command(description = "list, create and remove privileges")
+ public void privileges() throws IOException {
+ ShellFactory.createSubshell("privileges", shell, "privileges commands",
+ new PrivsShell(shellCommand, authUser)).commandLoop();
+ }
+
+ @Command(description = "List sentry roles. shows all available roles.")
+ public List<String> listRoles() {
+ try {
+ List<String> result = shellCommand.listRoles(authUser, null);
+ Collections.sort(result);
+ return result;
+ } catch (SentryUserException e) {
+ System.out.printf("failed to list roles: %s\n", e.toString());
+ return Collections.emptyList();
}
+ }
- @Command(description = "list, create and remove groups")
- public void groups() throws IOException {
- ShellFactory.createSubshell("groups", shell, "groups commands",
- new GroupShell(sentryClient, authUser)).commandLoop();
+ @Command(description = "List sentry roles by group")
+ public List<String> listRoles(
+ @Param(name = "groupName")
+ String group) {
+ try {
+ List<String> result = shellCommand.listRoles(authUser, group);
+ Collections.sort(result);
+ return result;
+ } catch (SentryUserException e) {
+ System.out.printf("failed to list roles with group %s: %s\n",
+ group, e.toString());
+ return Collections.emptyList();
}
+ }
- @Command(description = "list, create and remove privileges")
- public void privileges() throws IOException {
- ShellFactory.createSubshell("privileges", shell, "privileges commands",
- new PrivsShell(sentryClient, authUser)).commandLoop();
+ @Command(abbrev = "lg", header = "[groups]",
+ description = "list groups and their roles")
+ public List<String> listGroups() {
+ try {
+ return shellCommand.listGroupRoles(authUser);
+ } catch (SentryUserException e) {
+ System.out.printf("failed to list the groups and roles: %s\n", e.toString());
+ return Collections.emptyList();
}
+ }
- @Command(description = "List sentry roles. shows all available roles.")
- public List<String> listRoles() {
- return tools.listRoles();
+ @Command(description = "Grant role to groups")
+ public void grantRole(
+ @Param(name = "roleName")
+ String roleName,
+ @Param(name = "group...") String ...groups) {
+ try {
+ Set<String> groupsSet = new HashSet<>(Arrays.asList(groups));
+ shellCommand.grantRoleToGroups(authUser, roleName, groupsSet);
+ } catch (SentryUserException e) {
+ System.out.printf("Failed to gran role %s to groups: %s\n",
+ roleName, e.toString());
}
+ }
- @Command(description = "List sentry roles by group")
- public List<String> listRoles(
- @Param(name = "groupName")
- String group) {
- return tools.listRoles(group);
+ @Command(abbrev = "grm", description = "Revoke role from groups")
+ public void revokeRole(
+ @Param(name = "roleName")
+ String roleName,
+ @Param(name = "group...")
+ String ...groups) {
+ try {
+ Set<String> groupsSet = new HashSet<>(Arrays.asList(groups));
+ shellCommand.revokeRoleFromGroups(authUser, roleName, groupsSet);
+ } catch (SentryUserException e) {
+ System.out.printf("Failed to revoke role %s to groups: %s\n",
+ roleName, e.toString());
}
+ }
- @Command(abbrev = "lg", header = "[groups]",
- description = "list groups and their roles")
- public List<String> listGroups() {
- return tools.listGroupRoles();
+ @Command(description = "Create Sentry role(s).")
+ public void createRole(
+ @Param(name = "roleName", description = "name of role to create")
+ String ...roles) {
+ for (String role : roles) {
+ try {
+ shellCommand.createRole(authUser, role);
+ } catch (SentryUserException e) {
+ System.out.printf("failed to create role %s: %s\n",
+ role, e.toString());
+ }
}
+ }
- @Command(description = "Grant role to groups")
- public void grantRole(
- @Param(name = "roleName")
- String roleName,
- @Param(name = "group...") String ...groups) {
- tools.grantGroupsToRole(roleName, groups);
+ @Command(abbrev = "dr", description = "drop Sentry role(s).")
+ public void dropRole(
+ @Param(name = "roleName ...", description = "role names to drop")
+ String ...roles) {
+ for (String role : roles) {
+ try {
+ shellCommand.dropRole(authUser, role);
+ } catch (SentryUserException e) {
+ System.out.printf("failed to drop role %s: %s\n",
+ role, e.toString());
+ }
}
+ }
- @Command(abbrev = "grm",
- description = "Revoke role from groups")
- public void revokeRole(
- @Param(name = "roleName")
- String roleName,
- @Param(name = "group...")
- String ...groups) {
- tools.revokeGroupsFromRole(roleName, groups);
+ @Command(description = "list Sentry privileges")
+ public List<String> listPrivileges(
+ @Param(name = "roleName")
+ String roleName) {
+ try {
+ return shellCommand.listPrivileges(authUser, roleName);
+ } catch (SentryUserException e) {
+ System.out.println("Failed to list privileges: " + e.toString());
+ return Collections.emptyList();
}
+ }
- @Command(description = "Create Sentry role(s).")
- public void createRole(
- @Param(name = "roleName", description = "name of role to create")
- String ...roles) {
- tools.createRoles(roles);
+ @Command(description = "Grant privilege to role")
+ public void grantPrivilege(
+ @Param(name = "roleName")
+ String roleName,
+ @Param(name = "privilege", description = "privilege string, e.g. server=s1->db=foo")
+ String privilege) {
+ try {
+ shellCommand.grantPrivilegeToRole(authUser, roleName, privilege);
+ } catch (SentryUserException e) {
+ System.out.println("Error granting privilege: " + e.toString());
}
+ }
- @Command(abbrev = "dr", description = "drop Sentry role(s).")
- public void dropRole(
- @Param(name = "roleName ...", description = "role names to drop")
- String ...roles) {
- tools.dropRoles(roles);
+ @Command
+ public void revokePrivilege(
+ @Param(name = "roleName")
+ String roleName,
+ @Param(name = "privilege", description = "privilege string, e.g. server=s1->db=foo")
+ String privilege) {
+ try {
+ shellCommand.revokePrivilegeFromRole(authUser, roleName, privilege);
+ } catch (SentryUserException e) {
+ System.out.println("failed to revoke privilege: " + e.toString());
}
+ }
- @Command(description = "list Sentry privileges")
- public List<String> listPrivileges(
- @Param(name = "roleName")
- String roleName) {
- return tools.listPrivileges(roleName);
+ @Command(description = "Set the type: hive, kafka, sqoop, solr, etc.")
+ public void type(
+ @Param(name = "type", description = "the type to set: hive, kafka, sqoop, solr, etc.")
+ String type) {
+ // Check it's a valid type first
+ try {
+ TYPE parsedType = TYPE.valueOf(type);
+ if (parsedType == TYPE.hive) {
+ shellCommand = new HiveShellCommand(sentryClient);
+ } else {
+ String component = getComponent(parsedType);
+ String service = getService(parsedType);
+ TSentryPrivilegeConverter converter = new GenericPrivilegeConverter(component, service);
+ shellCommand = new GenericShellCommand(sentryGenericClient, component, service, converter);
+ }
+ } catch (IllegalArgumentException ex) {
+ System.out.printf("The %s type value is not an accepted type value\n", type);
}
+ }
- @Command(description = "Grant privilege to role")
- public void grantPrivilege(
- @Param(name = "roleName")
- String roleName,
- @Param(name = "privilege", description = "privilege string, e.g. server=s1->db=foo")
- String privilege) {
- tools.grantPrivilegeToRole(roleName, privilege);
+ @Command(description = "Set the type: hive, kafka, sqoop, solr, etc.")
+ public void type(
+ @Param(name = "type", description = "the type to set: hive, kafka, sqoop, solr, etc.")
+ String type,
+ @Param(name = "service", description = "the service name")
+ String service) {
+ try {
+ // Check it's a valid type first
+ TYPE parsedType = TYPE.valueOf(type);
+ if (parsedType == TYPE.hive) {
+ shellCommand = new HiveShellCommand(sentryClient);
+ } else {
+ String component = getComponent(parsedType);
+ TSentryPrivilegeConverter converter = new GenericPrivilegeConverter(component, service);
+ shellCommand = new GenericShellCommand(sentryGenericClient, component, service, converter);
+ }
+ } catch (IllegalArgumentException ex) {
+ System.out.printf("The %s type value is not an accepted type value\n", type);
}
+ }
+
+ @Override
+ public void cliSetShell(Shell theShell) {
+ this.shell = theShell;
+ }
- @Command
- public void revokePrivilege(
- @Param(name = "roleName")
- String roleName,
- @Param(name = "privilege", description = "privilege string, e.g. server=s1->db=foo")
- String privilege) {
- tools.revokePrivilegeFromRole(roleName, privilege);
+ @Override
+ public void run() {
+ try {
+ this.topShell.commandLoop();
+ } catch (IOException e) {
+ System.out.println("error: " + e.toString());
}
+ }
- @Override
- public void cliSetShell(Shell theShell) {
- this.shell = theShell;
+ private String getComponent(TYPE type) {
+ if (type == TYPE.kafka) {
+ return AuthorizationComponent.KAFKA;
+ } else if (type == TYPE.solr) {
+ return "SOLR";
+ } else if (type == TYPE.sqoop) {
+ return AuthorizationComponent.SQOOP;
}
- @Override
- public void run() {
- try {
- this.topShell.commandLoop();
- } catch (IOException e) {
- System.out.println("error: " + e.toString());
- }
+ throw new IllegalArgumentException("Invalid type specified for SentryShellGeneric: " + type);
+ }
+
+ private String getService(TYPE type) {
+ if (type == TYPE.kafka) {
+ return AuthorizationComponent.KAFKA;
+ } else if (type == TYPE.solr) {
+ return "service1";
+ } else if (type == TYPE.sqoop) {
+ return "sqoopServer1";
}
+
+ throw new IllegalArgumentException("Invalid type specified for SentryShellGeneric: " + type);
+ }
}