You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@sentry.apache.org by br...@apache.org on 2014/02/25 03:53:09 UTC
[26/26] git commit: SENTRY-125 - Merge master into branch
SENTRY-125 - Merge master into branch
Project: http://git-wip-us.apache.org/repos/asf/incubator-sentry/repo
Commit: http://git-wip-us.apache.org/repos/asf/incubator-sentry/commit/15c6b4bc
Tree: http://git-wip-us.apache.org/repos/asf/incubator-sentry/tree/15c6b4bc
Diff: http://git-wip-us.apache.org/repos/asf/incubator-sentry/diff/15c6b4bc
Branch: refs/heads/db_policy_store
Commit: 15c6b4bcf08601d06bf20b0e2099d77cbc01631e
Parents: 22b6a34 a4819f5
Author: Brock Noland <br...@apache.org>
Authored: Mon Feb 24 20:52:03 2014 -0600
Committer: Brock Noland <br...@apache.org>
Committed: Mon Feb 24 20:52:03 2014 -0600
----------------------------------------------------------------------
bin/config-tool.sh | 25 +
bin/sentry | 65 +++
.../binding/hive/HiveAuthzBindingHook.java | 12 +-
.../binding/hive/authz/HiveAuthzBinding.java | 9 +-
.../binding/hive/authz/SentryConfigTool.java | 510 +++++++++++++++++++
.../sentry/binding/hive/conf/HiveAuthzConf.java | 51 ++
sentry-core/sentry-core-common/pom.xml | 4 +
.../common/SentryConfigurationException.java | 67 +++
sentry-dist/pom.xml | 1 +
sentry-dist/src/main/assembly/bin.xml | 82 +++
.../sentry/policy/common/PolicyEngine.java | 13 +-
.../sentry/policy/db/SimpleDBPolicyEngine.java | 37 +-
.../policy/search/SimpleSearchPolicyEngine.java | 22 +-
.../provider/common/AuthorizationProvider.java | 30 ++
.../common/NoAuthorizationProvider.java | 26 +
.../sentry/provider/common/ProviderBackend.java | 7 +
.../file/ResourceAuthorizationProvider.java | 56 +-
.../file/SimpleFileProviderBackend.java | 79 ++-
.../provider/file/TestGetGroupMapping.java | 16 +
.../apache/sentry/tests/e2e/hive/Context.java | 6 +-
.../sentry/tests/e2e/hive/TestConfigTool.java | 304 +++++++++++
21 files changed, 1392 insertions(+), 30 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/15c6b4bc/sentry-binding/sentry-binding-hive/src/main/java/org/apache/sentry/binding/hive/HiveAuthzBindingHook.java
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/15c6b4bc/sentry-dist/pom.xml
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/15c6b4bc/sentry-provider/sentry-provider-file/src/main/java/org/apache/sentry/provider/file/ResourceAuthorizationProvider.java
----------------------------------------------------------------------
diff --cc sentry-provider/sentry-provider-file/src/main/java/org/apache/sentry/provider/file/ResourceAuthorizationProvider.java
index 205d012,0743604..1b5f2c2
--- a/sentry-provider/sentry-provider-file/src/main/java/org/apache/sentry/provider/file/ResourceAuthorizationProvider.java
+++ b/sentry-provider/sentry-provider-file/src/main/java/org/apache/sentry/provider/file/ResourceAuthorizationProvider.java
@@@ -121,4 -125,47 +125,46 @@@ public abstract class ResourceAuthoriza
public GroupMappingService getGroupMapping() {
return groupService;
}
+
+ private List<String> getGroups(Subject subject) {
+ return groupService.getGroups(subject.getName());
+ }
+
+ @Override
+ public void validateResource(boolean strictValidation) throws SentryConfigurationException {
+ policy.validatePolicy(strictValidation);
+ }
+
+ @Override
+ public Set<String> listPermissionsForSubject(Subject subject) throws SentryConfigurationException {
+ return policy.listPermissions(getGroups(subject));
+ }
+
+ @Override
+ public Set<String> listPermissionsForGroup(String groupName) throws SentryConfigurationException {
+ return policy.listPermissions(groupName);
+ }
+
+ @Override
+ public List<String> getLastFailedPermissions() {
+ return lastFailedPermissions;
+ }
+
+ private List<String> buildPermissions(List<? extends Authorizable> authorizables,
+ Set<? extends Action> actions) {
+ List<String> hierarchy = new ArrayList<String>();
+ List<String> requestedPermissions = new ArrayList<String>();
+
+ for (Authorizable authorizable : authorizables) {
+ hierarchy.add(KV_JOINER.join(authorizable.getTypeName(), authorizable.getName()));
+ }
+
+ for (Action action : actions) {
+ String requestPermission = AUTHORIZABLE_JOINER.join(hierarchy);
+ requestPermission = AUTHORIZABLE_JOINER.join(requestPermission,
+ KV_JOINER.join(PRIVILEGE_NAME, action.getValue()));
+ requestedPermissions.add(requestPermission);
+ }
+ return requestedPermissions;
+ }
-
}
http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/15c6b4bc/sentry-provider/sentry-provider-file/src/test/java/org/apache/sentry/provider/file/TestGetGroupMapping.java
----------------------------------------------------------------------
diff --cc sentry-provider/sentry-provider-file/src/test/java/org/apache/sentry/provider/file/TestGetGroupMapping.java
index a4d4bb3,a50bd24..f223bee
--- a/sentry-provider/sentry-provider-file/src/test/java/org/apache/sentry/provider/file/TestGetGroupMapping.java
+++ b/sentry-provider/sentry-provider-file/src/test/java/org/apache/sentry/provider/file/TestGetGroupMapping.java
@@@ -18,12 -18,18 +18,14 @@@ package org.apache.sentry.provider.file
import java.util.Arrays;
import java.util.List;
-
import org.apache.sentry.core.common.Authorizable;
+ import org.apache.sentry.core.common.SentryConfigurationException;
import org.apache.sentry.policy.common.PermissionFactory;
import org.apache.sentry.policy.common.PolicyEngine;
import org.apache.sentry.provider.common.GroupMappingService;
-
-import com.google.common.collect.ImmutableSet;
import com.google.common.collect.ImmutableSetMultimap;
-
++import com.google.common.collect.ImmutableSet;
import org.junit.Test;
-
import static org.junit.Assert.assertSame;
public class TestGetGroupMapping {
@@@ -45,6 -51,21 +47,20 @@@
public PermissionFactory getPermissionFactory() { return null; }
public ImmutableSetMultimap<String, String> getPermissions(List<? extends Authorizable> authorizables, List<String> groups) { return null; }
-
+ public ImmutableSet<String> listPermissions(String groupName)
+ throws SentryConfigurationException {
+ return null;
+ }
+
+ public ImmutableSet<String> listPermissions(List<String> groupName)
+ throws SentryConfigurationException {
+ return null;
+ }
+
+ public void validatePolicy(boolean strictValidation)
+ throws SentryConfigurationException {
+ return;
+ }
};
TestResourceAuthorizationProvider authProvider =