You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@sentry.apache.org by co...@apache.org on 2016/03/29 04:33:09 UTC
sentry git commit: SENTRY-1158: Remove unnecessary
sentry-policy-xxx(Colin Ma, reviewed by Dapeng Sun)
Repository: sentry
Updated Branches:
refs/heads/SENTRY-999 637f6dc2b -> bfed0f34b
SENTRY-1158: Remove unnecessary sentry-policy-xxx(Colin Ma, reviewed by Dapeng Sun)
Project: http://git-wip-us.apache.org/repos/asf/sentry/repo
Commit: http://git-wip-us.apache.org/repos/asf/sentry/commit/bfed0f34
Tree: http://git-wip-us.apache.org/repos/asf/sentry/tree/bfed0f34
Diff: http://git-wip-us.apache.org/repos/asf/sentry/diff/bfed0f34
Branch: refs/heads/SENTRY-999
Commit: bfed0f34bfd26892e253bfde7001d838f368282c
Parents: 637f6dc
Author: Colin Ma <co...@apache.org>
Authored: Tue Mar 29 11:09:15 2016 +0800
Committer: Colin Ma <co...@apache.org>
Committed: Tue Mar 29 11:09:15 2016 +0800
----------------------------------------------------------------------
pom.xml | 15 --
sentry-binding/sentry-binding-hive/pom.xml | 4 -
sentry-binding/sentry-binding-solr/pom.xml | 4 -
sentry-binding/sentry-binding-sqoop/pom.xml | 4 -
sentry-dist/pom.xml | 12 --
sentry-policy/pom.xml | 3 -
sentry-policy/sentry-policy-db/pom.xml | 98 -----------
.../sentry/policy/db/DBWildcardPrivilege.java | 166 -------------------
.../sentry/policy/db/SimpleDBPolicyEngine.java | 86 ----------
.../src/test/resources/log4j.properties | 31 ----
sentry-policy/sentry-policy-search/pom.xml | 87 ----------
.../policy/search/SearchWildcardPrivilege.java | 146 ----------------
.../policy/search/SimpleSearchPolicyEngine.java | 91 ----------
.../src/test/resources/log4j.properties | 31 ----
sentry-policy/sentry-policy-sqoop/pom.xml | 80 ---------
.../policy/sqoop/SimpleSqoopPolicyEngine.java | 79 ---------
.../policy/sqoop/SqoopWildcardPrivilege.java | 124 --------------
.../src/test/resources/log4j.properties | 31 ----
sentry-provider/sentry-provider-db/pom.xml | 4 -
sentry-solr/solr-sentry-handlers/pom.xml | 4 -
sentry-tests/sentry-tests-hive/pom.xml | 5 -
.../tests/e2e/hive/TestPerDBConfiguration.java | 10 +-
22 files changed, 5 insertions(+), 1110 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/sentry/blob/bfed0f34/pom.xml
----------------------------------------------------------------------
diff --git a/pom.xml b/pom.xml
index 0075b47..cf65369 100644
--- a/pom.xml
+++ b/pom.xml
@@ -467,26 +467,11 @@ limitations under the License.
</dependency>
<dependency>
<groupId>org.apache.sentry</groupId>
- <artifactId>sentry-policy-db</artifactId>
- <version>${project.version}</version>
- </dependency>
- <dependency>
- <groupId>org.apache.sentry</groupId>
<artifactId>sentry-policy-indexer</artifactId>
<version>${project.version}</version>
</dependency>
<dependency>
<groupId>org.apache.sentry</groupId>
- <artifactId>sentry-policy-search</artifactId>
- <version>${project.version}</version>
- </dependency>
- <dependency>
- <groupId>org.apache.sentry</groupId>
- <artifactId>sentry-policy-sqoop</artifactId>
- <version>${project.version}</version>
- </dependency>
- <dependency>
- <groupId>org.apache.sentry</groupId>
<artifactId>sentry-dist</artifactId>
<version>${project.version}</version>
</dependency>
http://git-wip-us.apache.org/repos/asf/sentry/blob/bfed0f34/sentry-binding/sentry-binding-hive/pom.xml
----------------------------------------------------------------------
diff --git a/sentry-binding/sentry-binding-hive/pom.xml b/sentry-binding/sentry-binding-hive/pom.xml
index 4a25670..3fcbadf 100644
--- a/sentry-binding/sentry-binding-hive/pom.xml
+++ b/sentry-binding/sentry-binding-hive/pom.xml
@@ -78,10 +78,6 @@ limitations under the License.
<artifactId>sentry-provider-cache</artifactId>
</dependency>
<dependency>
- <groupId>org.apache.sentry</groupId>
- <artifactId>sentry-policy-db</artifactId>
- </dependency>
- <dependency>
<groupId>org.apache.hadoop</groupId>
<artifactId>hadoop-common</artifactId>
<scope>provided</scope>
http://git-wip-us.apache.org/repos/asf/sentry/blob/bfed0f34/sentry-binding/sentry-binding-solr/pom.xml
----------------------------------------------------------------------
diff --git a/sentry-binding/sentry-binding-solr/pom.xml b/sentry-binding/sentry-binding-solr/pom.xml
index e8e3013..f8b51a6 100644
--- a/sentry-binding/sentry-binding-solr/pom.xml
+++ b/sentry-binding/sentry-binding-solr/pom.xml
@@ -56,10 +56,6 @@ limitations under the License.
<scope>test</scope>
</dependency>
<dependency>
- <groupId>org.apache.sentry</groupId>
- <artifactId>sentry-policy-search</artifactId>
- </dependency>
- <dependency>
<groupId>org.apache.hadoop</groupId>
<artifactId>hadoop-common</artifactId>
<scope>provided</scope>
http://git-wip-us.apache.org/repos/asf/sentry/blob/bfed0f34/sentry-binding/sentry-binding-sqoop/pom.xml
----------------------------------------------------------------------
diff --git a/sentry-binding/sentry-binding-sqoop/pom.xml b/sentry-binding/sentry-binding-sqoop/pom.xml
index a3a6a77..488f69e 100644
--- a/sentry-binding/sentry-binding-sqoop/pom.xml
+++ b/sentry-binding/sentry-binding-sqoop/pom.xml
@@ -59,10 +59,6 @@ limitations under the License.
<artifactId>sentry-policy-common</artifactId>
</dependency>
<dependency>
- <groupId>org.apache.sentry</groupId>
- <artifactId>sentry-policy-sqoop</artifactId>
- </dependency>
- <dependency>
<groupId>org.apache.hadoop</groupId>
<artifactId>hadoop-common</artifactId>
<scope>provided</scope>
http://git-wip-us.apache.org/repos/asf/sentry/blob/bfed0f34/sentry-dist/pom.xml
----------------------------------------------------------------------
diff --git a/sentry-dist/pom.xml b/sentry-dist/pom.xml
index 4e078f0..b03ce7b 100644
--- a/sentry-dist/pom.xml
+++ b/sentry-dist/pom.xml
@@ -88,20 +88,8 @@ limitations under the License.
</dependency>
<dependency>
<groupId>org.apache.sentry</groupId>
- <artifactId>sentry-policy-db</artifactId>
- </dependency>
- <dependency>
- <groupId>org.apache.sentry</groupId>
<artifactId>sentry-policy-indexer</artifactId>
</dependency>
- <dependency>
- <groupId>org.apache.sentry</groupId>
- <artifactId>sentry-policy-search</artifactId>
- </dependency>
- <dependency>
- <groupId>org.apache.sentry</groupId>
- <artifactId>sentry-policy-sqoop</artifactId>
- </dependency>
</dependencies>
<build>
<plugins>
http://git-wip-us.apache.org/repos/asf/sentry/blob/bfed0f34/sentry-policy/pom.xml
----------------------------------------------------------------------
diff --git a/sentry-policy/pom.xml b/sentry-policy/pom.xml
index e888a93..a8f0463 100644
--- a/sentry-policy/pom.xml
+++ b/sentry-policy/pom.xml
@@ -32,10 +32,7 @@ limitations under the License.
<modules>
<module>sentry-policy-common</module>
<module>sentry-policy-engine</module>
- <module>sentry-policy-db</module>
<module>sentry-policy-indexer</module>
- <module>sentry-policy-search</module>
- <module>sentry-policy-sqoop</module>
</modules>
</project>
http://git-wip-us.apache.org/repos/asf/sentry/blob/bfed0f34/sentry-policy/sentry-policy-db/pom.xml
----------------------------------------------------------------------
diff --git a/sentry-policy/sentry-policy-db/pom.xml b/sentry-policy/sentry-policy-db/pom.xml
deleted file mode 100644
index 1b1ae43..0000000
--- a/sentry-policy/sentry-policy-db/pom.xml
+++ /dev/null
@@ -1,98 +0,0 @@
-<?xml version="1.0"?>
-<!--
-Licensed to the Apache Software Foundation (ASF) under one or more
-contributor license agreements. See the NOTICE file distributed with
-this work for additional information regarding copyright ownership.
-The ASF licenses this file to You under the Apache License, Version 2.0
-(the "License"); you may not use this file except in compliance with
-the License. You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing, software
-distributed under the License is distributed on an "AS IS" BASIS,
-WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-See the License for the specific language governing permissions and
-limitations under the License.
--->
-<project xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd" xmlns="http://maven.apache.org/POM/4.0.0"
- xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
- <modelVersion>4.0.0</modelVersion>
- <parent>
- <groupId>org.apache.sentry</groupId>
- <artifactId>sentry-policy</artifactId>
- <version>1.7.0-incubating-SNAPSHOT</version>
- </parent>
-
- <artifactId>sentry-policy-db</artifactId>
- <name>Sentry Policy for Databases</name>
-
- <dependencies>
- <dependency>
- <groupId>org.apache.hadoop</groupId>
- <artifactId>hadoop-common</artifactId>
- <scope>provided</scope>
- </dependency>
-
- <dependency>
- <groupId>org.apache.hadoop</groupId>
- <artifactId>hadoop-minicluster</artifactId>
- <scope>test</scope>
- </dependency>
-
- <dependency>
- <groupId>junit</groupId>
- <artifactId>junit</artifactId>
- <scope>test</scope>
- </dependency>
- <dependency>
- <groupId>log4j</groupId>
- <artifactId>log4j</artifactId>
- </dependency>
- <dependency>
- <groupId>org.apache.shiro</groupId>
- <artifactId>shiro-core</artifactId>
- </dependency>
- <dependency>
- <groupId>com.google.guava</groupId>
- <artifactId>guava</artifactId>
- </dependency>
- <dependency>
- <groupId>org.slf4j</groupId>
- <artifactId>slf4j-api</artifactId>
- </dependency>
- <dependency>
- <groupId>org.slf4j</groupId>
- <artifactId>slf4j-log4j12</artifactId>
- </dependency>
- <dependency>
- <groupId>org.apache.hive</groupId>
- <artifactId>hive-beeline</artifactId>
- <scope>provided</scope>
- </dependency>
- <dependency>
- <groupId>org.apache.sentry</groupId>
- <artifactId>sentry-core-common</artifactId>
- </dependency>
- <dependency>
- <groupId>org.apache.sentry</groupId>
- <artifactId>sentry-core-model-db</artifactId>
- </dependency>
- <dependency>
- <groupId>org.apache.sentry</groupId>
- <artifactId>sentry-provider-common</artifactId>
- </dependency>
- <dependency>
- <groupId>org.apache.sentry</groupId>
- <artifactId>sentry-provider-file</artifactId>
- </dependency>
- <dependency>
- <groupId>org.apache.sentry</groupId>
- <artifactId>sentry-provider-common</artifactId>
- <scope>test</scope>
- <type>test-jar</type>
- <version>${project.version}</version>
- </dependency>
- </dependencies>
-
-</project>
http://git-wip-us.apache.org/repos/asf/sentry/blob/bfed0f34/sentry-policy/sentry-policy-db/src/main/java/org/apache/sentry/policy/db/DBWildcardPrivilege.java
----------------------------------------------------------------------
diff --git a/sentry-policy/sentry-policy-db/src/main/java/org/apache/sentry/policy/db/DBWildcardPrivilege.java b/sentry-policy/sentry-policy-db/src/main/java/org/apache/sentry/policy/db/DBWildcardPrivilege.java
deleted file mode 100644
index a8d16fa..0000000
--- a/sentry-policy/sentry-policy-db/src/main/java/org/apache/sentry/policy/db/DBWildcardPrivilege.java
+++ /dev/null
@@ -1,166 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-
-// copied from apache shiro
-
-package org.apache.sentry.policy.db;
-
-import java.util.List;
-
-import org.apache.sentry.core.common.Model;
-import org.apache.sentry.core.common.utils.PathUtils;
-import org.apache.sentry.core.common.utils.SentryConstants;
-import org.apache.sentry.core.model.db.AccessConstants;
-import org.apache.sentry.core.model.db.DBModelAuthorizable.AuthorizableType;
-import org.apache.sentry.policy.common.Privilege;
-import org.apache.sentry.policy.common.PrivilegeFactory;
-import org.apache.sentry.core.common.utils.KeyValue;
-
-import com.google.common.annotations.VisibleForTesting;
-import com.google.common.base.Preconditions;
-import com.google.common.base.Strings;
-import com.google.common.collect.ImmutableList;
-import com.google.common.collect.Lists;
-
-// XXX this class is made ugly by the fact that Action is not a Authorizable.
-// todo: DBWildcardPrivilege is replaced by CommonPrivilege, it should be removed
-public class DBWildcardPrivilege implements Privilege {
-
- private final ImmutableList<KeyValue> parts;
-
- public DBWildcardPrivilege(String wildcardString) {
- wildcardString = Strings.nullToEmpty(wildcardString).trim();
- if (wildcardString.isEmpty()) {
- throw new IllegalArgumentException("Wildcard string cannot be null or empty.");
- }
- List<KeyValue>parts = Lists.newArrayList();
- for (String authorizable : SentryConstants.AUTHORIZABLE_SPLITTER.trimResults().split(
- wildcardString)) {
- if (authorizable.isEmpty()) {
- throw new IllegalArgumentException("Privilege '" + wildcardString + "' has an empty section");
- }
- parts.add(new KeyValue(authorizable));
- }
- if (parts.isEmpty()) {
- throw new AssertionError("Should never occur: " + wildcardString);
- }
- this.parts = ImmutableList.copyOf(parts);
- }
-
-
- @Override
- public boolean implies(Privilege p, Model model) {
- // By default only supports comparisons with other DBWildcardPermissions
- if (!(p instanceof DBWildcardPrivilege)) {
- return false;
- }
-
- DBWildcardPrivilege wp = (DBWildcardPrivilege) p;
-
- List<KeyValue> otherParts = wp.parts;
- if(equals(wp)) {
- return true;
- }
- int index = 0;
- for (KeyValue otherPart : otherParts) {
- // If this privilege has less parts than the other privilege, everything
- // after the number of parts contained
- // in this privilege is automatically implied, so return true
- if (parts.size() - 1 < index) {
- return true;
- } else {
- KeyValue part = parts.get(index);
- // Support for action inheritance from parent to child (eg. Db -> Table)
- if (part.getKey().equalsIgnoreCase("action") && !(otherPart.getKey().equalsIgnoreCase("action"))) {
- continue;
- }
- // are the keys even equal
- if(!part.getKey().equalsIgnoreCase(otherPart.getKey())) {
- return false;
- }
- if (!impliesKeyValue(part, otherPart)) {
- return false;
- }
- index++;
- }
- }
- // If this privilege has more parts than
- // the other parts, only imply it if
- // all of the other parts are wildcards
- for (; index < parts.size(); index++) {
- KeyValue part = parts.get(index);
- if (!part.getValue().equals(AccessConstants.ALL)) {
- return false;
- }
- }
-
- return true;
- }
-
- private boolean impliesKeyValue(KeyValue policyPart, KeyValue requestPart) {
- Preconditions.checkState(policyPart.getKey().equalsIgnoreCase(requestPart.getKey()),
- "Please report, this method should not be called with two different keys");
- if(policyPart.getValue().equals(AccessConstants.ALL) ||
- policyPart.getValue().equalsIgnoreCase("ALL")) {
- return true;
- } else if (!SentryConstants.PRIVILEGE_NAME.equalsIgnoreCase(policyPart.getKey())
- && AccessConstants.ALL.equalsIgnoreCase(requestPart.getValue())) {
- /* privilege request is to match with any object of given type */
- return true;
- } else if (!SentryConstants.PRIVILEGE_NAME.equalsIgnoreCase(policyPart.getKey())
- && AccessConstants.SOME.equalsIgnoreCase(requestPart.getValue())) {
- /* privilege request is to match with any object of given type */
- return true;
- } else if(policyPart.getKey().equalsIgnoreCase(AuthorizableType.URI.name())) {
- return impliesURI(policyPart.getValue(), requestPart.getValue());
- }
- return policyPart.equals(requestPart);
- }
-
- @VisibleForTesting
- protected static boolean impliesURI(String privilege, String request) {
- return PathUtils.impliesURI(privilege, request);
- }
-
- @Override
- public String toString() {
- return SentryConstants.AUTHORIZABLE_JOINER.join(parts);
- }
-
- @Override
- public boolean equals(Object o) {
- if (o instanceof DBWildcardPrivilege) {
- DBWildcardPrivilege wp = (DBWildcardPrivilege) o;
- return parts.equals(wp.parts);
- }
- return false;
- }
-
- @Override
- public int hashCode() {
- return parts.hashCode();
- }
-
- public static class DBWildcardPrivilegeFactory implements PrivilegeFactory {
- @Override
- public Privilege createPrivilege(String privilege) {
- return new DBWildcardPrivilege(privilege);
- }
- }
-}
http://git-wip-us.apache.org/repos/asf/sentry/blob/bfed0f34/sentry-policy/sentry-policy-db/src/main/java/org/apache/sentry/policy/db/SimpleDBPolicyEngine.java
----------------------------------------------------------------------
diff --git a/sentry-policy/sentry-policy-db/src/main/java/org/apache/sentry/policy/db/SimpleDBPolicyEngine.java b/sentry-policy/sentry-policy-db/src/main/java/org/apache/sentry/policy/db/SimpleDBPolicyEngine.java
deleted file mode 100644
index b1f041b..0000000
--- a/sentry-policy/sentry-policy-db/src/main/java/org/apache/sentry/policy/db/SimpleDBPolicyEngine.java
+++ /dev/null
@@ -1,86 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one or more
- * contributor license agreements. See the NOTICE file distributed with
- * this work for additional information regarding copyright ownership.
- * The ASF licenses this file to You under the Apache License, Version 2.0
- * (the "License"); you may not use this file except in compliance with
- * the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package org.apache.sentry.policy.db;
-
-import java.util.Set;
-
-import org.apache.sentry.core.common.ActiveRoleSet;
-import org.apache.sentry.core.common.Authorizable;
-import org.apache.sentry.core.common.SentryConfigurationException;
-import org.apache.sentry.policy.common.PrivilegeFactory;
-import org.apache.sentry.policy.common.PolicyEngine;
-import org.apache.sentry.provider.common.ProviderBackend;
-import org.slf4j.Logger;
-import org.slf4j.LoggerFactory;
-
-import com.google.common.collect.ImmutableSet;
-
-public class SimpleDBPolicyEngine implements PolicyEngine {
-
- private static final Logger LOGGER = LoggerFactory
- .getLogger(SimpleDBPolicyEngine.class);
-
- public final static String ACCESS_ALLOW_URI_PER_DB_POLICYFILE = "sentry.allow.uri.db.policyfile";
-
- private final ProviderBackend providerBackend;
-
- public SimpleDBPolicyEngine(ProviderBackend providerBackend) {
- this.providerBackend = providerBackend;
- }
-
- /**
- * {@inheritDoc}
- */
- @Override
- public PrivilegeFactory getPrivilegeFactory() {
- return new DBWildcardPrivilege.DBWildcardPrivilegeFactory();
- }
-
- @Override
- public ImmutableSet<String> getAllPrivileges(Set<String> groups,
- ActiveRoleSet roleSet) throws SentryConfigurationException {
- return getPrivileges(groups, roleSet);
- }
-
- /**
- * {@inheritDoc}
- */
- @Override
- public ImmutableSet<String> getPrivileges(Set<String> groups, ActiveRoleSet roleSet, Authorizable... authorizableHierarchy)
- throws SentryConfigurationException {
- if(LOGGER.isDebugEnabled()) {
- LOGGER.debug("Getting permissions for {}", groups);
- }
- ImmutableSet<String> result = providerBackend.getPrivileges(groups, roleSet, authorizableHierarchy);
- if(LOGGER.isDebugEnabled()) {
- LOGGER.debug("result = " + result);
- }
- return result;
- }
-
- @Override
- public void validatePolicy(boolean strictValidation) throws SentryConfigurationException {
- this.providerBackend.validatePolicy(strictValidation);
- }
-
- @Override
- public void close() {
- if (providerBackend != null) {
- providerBackend.close();
- }
- }
-}
http://git-wip-us.apache.org/repos/asf/sentry/blob/bfed0f34/sentry-policy/sentry-policy-db/src/test/resources/log4j.properties
----------------------------------------------------------------------
diff --git a/sentry-policy/sentry-policy-db/src/test/resources/log4j.properties b/sentry-policy/sentry-policy-db/src/test/resources/log4j.properties
deleted file mode 100644
index c41373c..0000000
--- a/sentry-policy/sentry-policy-db/src/test/resources/log4j.properties
+++ /dev/null
@@ -1,31 +0,0 @@
-#
-# Licensed to the Apache Software Foundation (ASF) under one
-# or more contributor license agreements. See the NOTICE file
-# distributed with this work for additional information
-# regarding copyright ownership. The ASF licenses this file
-# to you under the Apache License, Version 2.0 (the
-# "License"); you may not use this file except in compliance
-# with the License. You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing,
-# software distributed under the License is distributed on an
-# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-# KIND, either express or implied. See the License for the
-# specific language governing permissions and limitations
-# under the License.
-#
-
-# Define some default values that can be overridden by system properties.
-#
-# For testing, it may also be convenient to specify
-
-log4j.rootLogger=DEBUG,console
-
-log4j.appender.console=org.apache.log4j.ConsoleAppender
-log4j.appender.console.target=System.err
-log4j.appender.console.layout=org.apache.log4j.PatternLayout
-log4j.appender.console.layout.ConversionPattern=%d (%t) [%p - %l] %m%n
-
-log4j.logger.org.apache.hadoop.conf.Configuration=INFO
http://git-wip-us.apache.org/repos/asf/sentry/blob/bfed0f34/sentry-policy/sentry-policy-search/pom.xml
----------------------------------------------------------------------
diff --git a/sentry-policy/sentry-policy-search/pom.xml b/sentry-policy/sentry-policy-search/pom.xml
deleted file mode 100644
index 673c615..0000000
--- a/sentry-policy/sentry-policy-search/pom.xml
+++ /dev/null
@@ -1,87 +0,0 @@
-<?xml version="1.0"?>
-<!--
-Licensed to the Apache Software Foundation (ASF) under one or more
-contributor license agreements. See the NOTICE file distributed with
-this work for additional information regarding copyright ownership.
-The ASF licenses this file to You under the Apache License, Version 2.0
-(the "License"); you may not use this file except in compliance with
-the License. You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing, software
-distributed under the License is distributed on an "AS IS" BASIS,
-WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-See the License for the specific language governing permissions and
-limitations under the License.
--->
-<project xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd" xmlns="http://maven.apache.org/POM/4.0.0"
- xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
- <modelVersion>4.0.0</modelVersion>
- <parent>
- <groupId>org.apache.sentry</groupId>
- <artifactId>sentry-policy</artifactId>
- <version>1.7.0-incubating-SNAPSHOT</version>
- </parent>
-
- <artifactId>sentry-policy-search</artifactId>
- <name>Sentry Policy for Search</name>
-
- <dependencies>
- <dependency>
- <groupId>junit</groupId>
- <artifactId>junit</artifactId>
- <scope>test</scope>
- </dependency>
- <dependency>
- <groupId>org.apache.hadoop</groupId>
- <artifactId>hadoop-common</artifactId>
- <scope>provided</scope>
- </dependency>
- <dependency>
- <groupId>org.apache.hadoop</groupId>
- <artifactId>hadoop-minicluster</artifactId>
- <scope>test</scope>
- </dependency>
- <dependency>
- <groupId>log4j</groupId>
- <artifactId>log4j</artifactId>
- </dependency>
- <dependency>
- <groupId>org.apache.shiro</groupId>
- <artifactId>shiro-core</artifactId>
- </dependency>
- <dependency>
- <groupId>com.google.guava</groupId>
- <artifactId>guava</artifactId>
- </dependency>
- <dependency>
- <groupId>org.slf4j</groupId>
- <artifactId>slf4j-api</artifactId>
- </dependency>
- <dependency>
- <groupId>org.slf4j</groupId>
- <artifactId>slf4j-log4j12</artifactId>
- </dependency>
- <dependency>
- <groupId>org.apache.sentry</groupId>
- <artifactId>sentry-core-model-search</artifactId>
- </dependency>
- <dependency>
- <groupId>org.apache.sentry</groupId>
- <artifactId>sentry-provider-common</artifactId>
- </dependency>
- <dependency>
- <groupId>org.apache.sentry</groupId>
- <artifactId>sentry-provider-file</artifactId>
- </dependency>
- <dependency>
- <groupId>org.apache.sentry</groupId>
- <artifactId>sentry-provider-common</artifactId>
- <scope>test</scope>
- <type>test-jar</type>
- <version>${project.version}</version>
- </dependency>
- </dependencies>
-
-</project>
http://git-wip-us.apache.org/repos/asf/sentry/blob/bfed0f34/sentry-policy/sentry-policy-search/src/main/java/org/apache/sentry/policy/search/SearchWildcardPrivilege.java
----------------------------------------------------------------------
diff --git a/sentry-policy/sentry-policy-search/src/main/java/org/apache/sentry/policy/search/SearchWildcardPrivilege.java b/sentry-policy/sentry-policy-search/src/main/java/org/apache/sentry/policy/search/SearchWildcardPrivilege.java
deleted file mode 100644
index 8670197..0000000
--- a/sentry-policy/sentry-policy-search/src/main/java/org/apache/sentry/policy/search/SearchWildcardPrivilege.java
+++ /dev/null
@@ -1,146 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-
-// copied from apache shiro
-
-package org.apache.sentry.policy.search;
-
-import java.util.List;
-
-import org.apache.sentry.core.common.Model;
-import org.apache.sentry.core.common.utils.SentryConstants;
-import org.apache.sentry.core.model.search.SearchConstants;
-import org.apache.sentry.policy.common.Privilege;
-import org.apache.sentry.policy.common.PrivilegeFactory;
-import org.apache.sentry.core.common.utils.KeyValue;
-
-import com.google.common.base.Preconditions;
-import com.google.common.base.Strings;
-import com.google.common.collect.ImmutableList;
-import com.google.common.collect.Lists;
-
-// todo: SearchWildcardPrivilege is replaced by CommonPrivilege, it should be removed
-public class SearchWildcardPrivilege implements Privilege {
-
- private final ImmutableList<KeyValue> parts;
-
- public SearchWildcardPrivilege(String wildcardString) {
- wildcardString = Strings.nullToEmpty(wildcardString).trim();
- if (wildcardString.isEmpty()) {
- throw new IllegalArgumentException("Wildcard string cannot be null or empty.");
- }
- List<KeyValue>parts = Lists.newArrayList();
- for (String authorizable : SentryConstants.AUTHORIZABLE_SPLITTER.trimResults().split(
- wildcardString)) {
- if (authorizable.isEmpty()) {
- throw new IllegalArgumentException("Privilege '" + wildcardString + "' has an empty section");
- }
- parts.add(new KeyValue(authorizable));
- }
- if (parts.isEmpty()) {
- throw new AssertionError("Should never occur: " + wildcardString);
- }
- this.parts = ImmutableList.copyOf(parts);
- }
-
-
- @Override
- public boolean implies(Privilege p, Model model) {
- // By default only supports comparisons with other SearchWildcardPermissions
- if (!(p instanceof SearchWildcardPrivilege)) {
- return false;
- }
-
- SearchWildcardPrivilege wp = (SearchWildcardPrivilege) p;
-
- List<KeyValue> otherParts = wp.parts;
- if(equals(wp)) {
- return true;
- }
- int index = 0;
- for (KeyValue otherPart : otherParts) {
- // If this privilege has less parts than the other privilege, everything
- // after the number of parts contained
- // in this privilege is automatically implied, so return true
- if (parts.size() - 1 < index) {
- return true;
- } else {
- KeyValue part = parts.get(index);
- // are the keys even equal
- if(!part.getKey().equalsIgnoreCase(otherPart.getKey())) {
- return false;
- }
- if (!impliesKeyValue(part, otherPart)) {
- return false;
- }
- index++;
- }
- }
- // If this privilege has more parts than
- // the other parts, only imply it if
- // all of the other parts are wildcards
- for (; index < parts.size(); index++) {
- KeyValue part = parts.get(index);
- if (!part.getValue().equals(SearchConstants.ALL)) {
- return false;
- }
- }
-
- return true;
- }
-
- private boolean impliesKeyValue(KeyValue policyPart, KeyValue requestPart) {
- Preconditions.checkState(policyPart.getKey().equalsIgnoreCase(requestPart.getKey()),
- "Please report, this method should not be called with two different keys");
- if(policyPart.getValue().equals(SearchConstants.ALL) || policyPart.equals(requestPart)) {
- return true;
- } else if (!SentryConstants.PRIVILEGE_NAME.equalsIgnoreCase(policyPart.getKey())
- && SearchConstants.ALL.equalsIgnoreCase(requestPart.getValue())) {
- /* privilege request is to match with any object of given type */
- return true;
- }
- return false;
- }
-
- @Override
- public String toString() {
- return SentryConstants.AUTHORIZABLE_JOINER.join(parts);
- }
-
- @Override
- public boolean equals(Object o) {
- if (o instanceof SearchWildcardPrivilege) {
- SearchWildcardPrivilege wp = (SearchWildcardPrivilege) o;
- return parts.equals(wp.parts);
- }
- return false;
- }
-
- @Override
- public int hashCode() {
- return parts.hashCode();
- }
-
- public static class SearchWildcardPrivilegeFactory implements PrivilegeFactory {
- @Override
- public Privilege createPrivilege(String privilege) {
- return new SearchWildcardPrivilege(privilege);
- }
- }
-}
http://git-wip-us.apache.org/repos/asf/sentry/blob/bfed0f34/sentry-policy/sentry-policy-search/src/main/java/org/apache/sentry/policy/search/SimpleSearchPolicyEngine.java
----------------------------------------------------------------------
diff --git a/sentry-policy/sentry-policy-search/src/main/java/org/apache/sentry/policy/search/SimpleSearchPolicyEngine.java b/sentry-policy/sentry-policy-search/src/main/java/org/apache/sentry/policy/search/SimpleSearchPolicyEngine.java
deleted file mode 100644
index cde0e7a..0000000
--- a/sentry-policy/sentry-policy-search/src/main/java/org/apache/sentry/policy/search/SimpleSearchPolicyEngine.java
+++ /dev/null
@@ -1,91 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one or more
- * contributor license agreements. See the NOTICE file distributed with
- * this work for additional information regarding copyright ownership.
- * The ASF licenses this file to You under the Apache License, Version 2.0
- * (the "License"); you may not use this file except in compliance with
- * the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package org.apache.sentry.policy.search;
-
-import java.util.Set;
-
-import org.apache.sentry.core.common.ActiveRoleSet;
-import org.apache.sentry.core.common.Authorizable;
-import org.apache.sentry.core.common.SentryConfigurationException;
-import org.apache.sentry.policy.common.PrivilegeFactory;
-import org.apache.sentry.policy.common.PolicyEngine;
-import org.apache.sentry.provider.common.ProviderBackend;
-import org.slf4j.Logger;
-import org.slf4j.LoggerFactory;
-
-import com.google.common.collect.ImmutableSet;
-
-/**
- * A PolicyEngine for a search service.
- */
-public class SimpleSearchPolicyEngine implements PolicyEngine {
-
- private static final Logger LOGGER = LoggerFactory
- .getLogger(SimpleSearchPolicyEngine.class);
-
- private final ProviderBackend providerBackend;
-
- public SimpleSearchPolicyEngine(ProviderBackend providerBackend) {
- this.providerBackend = providerBackend;
- }
-
- /**
- * {@inheritDoc}
- */
- @Override
- public PrivilegeFactory getPrivilegeFactory() {
- return new SearchWildcardPrivilege.SearchWildcardPrivilegeFactory();
- }
-
- /**
- * {@inheritDoc}
- */
- @Override
- public ImmutableSet<String> getAllPrivileges(Set<String> groups,
- ActiveRoleSet roleSet) throws SentryConfigurationException {
- return getPrivileges(groups, roleSet);
- }
-
- /**
- * {@inheritDoc}
- */
- @Override
- public ImmutableSet<String> getPrivileges(Set<String> groups, ActiveRoleSet roleSet, Authorizable... authorizationHierarchy ) {
- if(LOGGER.isDebugEnabled()) {
- LOGGER.debug("Getting permissions for {}", groups);
- }
- ImmutableSet<String> result = providerBackend.getPrivileges(groups, roleSet);
- if(LOGGER.isDebugEnabled()) {
- LOGGER.debug("result = " + result);
- }
- return result;
- }
-
- @Override
- public void validatePolicy(boolean strictValidation)
- throws SentryConfigurationException {
- providerBackend.validatePolicy(strictValidation);
- }
-
- @Override
- public void close() {
- if (providerBackend != null) {
- providerBackend.close();
- }
- }
-
-}
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/sentry/blob/bfed0f34/sentry-policy/sentry-policy-search/src/test/resources/log4j.properties
----------------------------------------------------------------------
diff --git a/sentry-policy/sentry-policy-search/src/test/resources/log4j.properties b/sentry-policy/sentry-policy-search/src/test/resources/log4j.properties
deleted file mode 100644
index c41373c..0000000
--- a/sentry-policy/sentry-policy-search/src/test/resources/log4j.properties
+++ /dev/null
@@ -1,31 +0,0 @@
-#
-# Licensed to the Apache Software Foundation (ASF) under one
-# or more contributor license agreements. See the NOTICE file
-# distributed with this work for additional information
-# regarding copyright ownership. The ASF licenses this file
-# to you under the Apache License, Version 2.0 (the
-# "License"); you may not use this file except in compliance
-# with the License. You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing,
-# software distributed under the License is distributed on an
-# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-# KIND, either express or implied. See the License for the
-# specific language governing permissions and limitations
-# under the License.
-#
-
-# Define some default values that can be overridden by system properties.
-#
-# For testing, it may also be convenient to specify
-
-log4j.rootLogger=DEBUG,console
-
-log4j.appender.console=org.apache.log4j.ConsoleAppender
-log4j.appender.console.target=System.err
-log4j.appender.console.layout=org.apache.log4j.PatternLayout
-log4j.appender.console.layout.ConversionPattern=%d (%t) [%p - %l] %m%n
-
-log4j.logger.org.apache.hadoop.conf.Configuration=INFO
http://git-wip-us.apache.org/repos/asf/sentry/blob/bfed0f34/sentry-policy/sentry-policy-sqoop/pom.xml
----------------------------------------------------------------------
diff --git a/sentry-policy/sentry-policy-sqoop/pom.xml b/sentry-policy/sentry-policy-sqoop/pom.xml
deleted file mode 100644
index 13112bf..0000000
--- a/sentry-policy/sentry-policy-sqoop/pom.xml
+++ /dev/null
@@ -1,80 +0,0 @@
-<?xml version="1.0"?>
-<!--
-Licensed to the Apache Software Foundation (ASF) under one or more
-contributor license agreements. See the NOTICE file distributed with
-this work for additional information regarding copyright ownership.
-The ASF licenses this file to You under the Apache License, Version 2.0
-(the "License"); you may not use this file except in compliance with
-the License. You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing, software
-distributed under the License is distributed on an "AS IS" BASIS,
-WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-See the License for the specific language governing permissions and
-limitations under the License.
--->
-<project xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd" xmlns="http://maven.apache.org/POM/4.0.0"
- xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
- <modelVersion>4.0.0</modelVersion>
- <parent>
- <groupId>org.apache.sentry</groupId>
- <artifactId>sentry-policy</artifactId>
- <version>1.7.0-incubating-SNAPSHOT</version>
- </parent>
-
- <artifactId>sentry-policy-sqoop</artifactId>
- <name>Sentry Policy for Sqoop</name>
-
- <dependencies>
- <dependency>
- <groupId>junit</groupId>
- <artifactId>junit</artifactId>
- <scope>test</scope>
- </dependency>
- <dependency>
- <groupId>org.apache.hadoop</groupId>
- <artifactId>hadoop-common</artifactId>
- <scope>provided</scope>
- </dependency>
- <dependency>
- <groupId>org.apache.hadoop</groupId>
- <artifactId>hadoop-minicluster</artifactId>
- <scope>test</scope>
- </dependency>
- <dependency>
- <groupId>log4j</groupId>
- <artifactId>log4j</artifactId>
- </dependency>
- <dependency>
- <groupId>org.apache.shiro</groupId>
- <artifactId>shiro-core</artifactId>
- </dependency>
- <dependency>
- <groupId>com.google.guava</groupId>
- <artifactId>guava</artifactId>
- </dependency>
- <dependency>
- <groupId>org.slf4j</groupId>
- <artifactId>slf4j-api</artifactId>
- </dependency>
- <dependency>
- <groupId>org.slf4j</groupId>
- <artifactId>slf4j-log4j12</artifactId>
- </dependency>
- <dependency>
- <groupId>org.apache.sentry</groupId>
- <artifactId>sentry-core-model-sqoop</artifactId>
- </dependency>
- <dependency>
- <groupId>org.apache.sentry</groupId>
- <artifactId>sentry-provider-common</artifactId>
- </dependency>
- <dependency>
- <groupId>org.apache.sentry</groupId>
- <artifactId>sentry-provider-file</artifactId>
- </dependency>
- </dependencies>
-
-</project>
http://git-wip-us.apache.org/repos/asf/sentry/blob/bfed0f34/sentry-policy/sentry-policy-sqoop/src/main/java/org/apache/sentry/policy/sqoop/SimpleSqoopPolicyEngine.java
----------------------------------------------------------------------
diff --git a/sentry-policy/sentry-policy-sqoop/src/main/java/org/apache/sentry/policy/sqoop/SimpleSqoopPolicyEngine.java b/sentry-policy/sentry-policy-sqoop/src/main/java/org/apache/sentry/policy/sqoop/SimpleSqoopPolicyEngine.java
deleted file mode 100644
index 33f6c77..0000000
--- a/sentry-policy/sentry-policy-sqoop/src/main/java/org/apache/sentry/policy/sqoop/SimpleSqoopPolicyEngine.java
+++ /dev/null
@@ -1,79 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one or more
- * contributor license agreements. See the NOTICE file distributed with
- * this work for additional information regarding copyright ownership.
- * The ASF licenses this file to You under the Apache License, Version 2.0
- * (the "License"); you may not use this file except in compliance with
- * the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package org.apache.sentry.policy.sqoop;
-
-import java.util.Set;
-
-import org.apache.sentry.core.common.ActiveRoleSet;
-import org.apache.sentry.core.common.Authorizable;
-import org.apache.sentry.core.common.SentryConfigurationException;
-import org.apache.sentry.policy.common.PolicyEngine;
-import org.apache.sentry.policy.common.PrivilegeFactory;
-import org.apache.sentry.provider.common.ProviderBackend;
-import org.slf4j.Logger;
-import org.slf4j.LoggerFactory;
-
-import com.google.common.collect.ImmutableSet;
-
-public class SimpleSqoopPolicyEngine implements PolicyEngine {
- private static final Logger LOGGER = LoggerFactory.getLogger(SimpleSqoopPolicyEngine.class);
- private final ProviderBackend providerBackend;
-
- public SimpleSqoopPolicyEngine(ProviderBackend providerBackend) {
- this.providerBackend = providerBackend;
- }
- @Override
- public PrivilegeFactory getPrivilegeFactory() {
- return new SqoopWildcardPrivilege.Factory();
- }
-
- @Override
- public ImmutableSet<String> getAllPrivileges(Set<String> groups,
- ActiveRoleSet roleSet) throws SentryConfigurationException {
- return getPrivileges(groups, roleSet);
- }
-
- @Override
- public ImmutableSet<String> getPrivileges(Set<String> groups,
- ActiveRoleSet roleSet, Authorizable... authorizableHierarchy)
- throws SentryConfigurationException {
- if(LOGGER.isDebugEnabled()) {
- LOGGER.debug("Getting permissions for {}", groups);
- }
- ImmutableSet<String> result = providerBackend.getPrivileges(groups, roleSet);
- if(LOGGER.isDebugEnabled()) {
- LOGGER.debug("result = " + result);
- }
- return result;
- }
-
- @Override
- public void close() {
- if (providerBackend != null) {
- providerBackend.close();
- }
- }
-
- @Override
- public void validatePolicy(boolean strictValidation)
- throws SentryConfigurationException {
- if (providerBackend != null) {
- providerBackend.validatePolicy(strictValidation);
- }
- }
-
-}
http://git-wip-us.apache.org/repos/asf/sentry/blob/bfed0f34/sentry-policy/sentry-policy-sqoop/src/main/java/org/apache/sentry/policy/sqoop/SqoopWildcardPrivilege.java
----------------------------------------------------------------------
diff --git a/sentry-policy/sentry-policy-sqoop/src/main/java/org/apache/sentry/policy/sqoop/SqoopWildcardPrivilege.java b/sentry-policy/sentry-policy-sqoop/src/main/java/org/apache/sentry/policy/sqoop/SqoopWildcardPrivilege.java
deleted file mode 100644
index 4509979..0000000
--- a/sentry-policy/sentry-policy-sqoop/src/main/java/org/apache/sentry/policy/sqoop/SqoopWildcardPrivilege.java
+++ /dev/null
@@ -1,124 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one or more
- * contributor license agreements. See the NOTICE file distributed with
- * this work for additional information regarding copyright ownership.
- * The ASF licenses this file to You under the Apache License, Version 2.0
- * (the "License"); you may not use this file except in compliance with
- * the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package org.apache.sentry.policy.sqoop;
-
-import static org.apache.sentry.core.common.utils.SentryConstants.AUTHORIZABLE_SPLITTER;
-
-import java.util.List;
-
-import org.apache.sentry.core.common.Model;
-import org.apache.sentry.core.model.sqoop.SqoopActionConstant;
-import org.apache.sentry.policy.common.Privilege;
-import org.apache.sentry.policy.common.PrivilegeFactory;
-import org.apache.sentry.core.common.utils.KeyValue;
-
-import com.google.common.base.Preconditions;
-import com.google.common.base.Strings;
-import com.google.common.collect.ImmutableList;
-import com.google.common.collect.Lists;
-
-// todo: SqoopWildcardPrivilege is replaced by CommonPrivilege, it should be removed
-public class SqoopWildcardPrivilege implements Privilege {
-
- public static class Factory implements PrivilegeFactory {
- @Override
- public Privilege createPrivilege(String permission) {
- return new SqoopWildcardPrivilege(permission);
- }
- }
-
- private final ImmutableList<KeyValue> parts;
-
- public SqoopWildcardPrivilege(String permission) {
- if (Strings.isNullOrEmpty(permission)) {
- throw new IllegalArgumentException("permission string cannot be null or empty.");
- }
- List<KeyValue>parts = Lists.newArrayList();
- for (String authorizable : AUTHORIZABLE_SPLITTER.trimResults().split(permission.trim())) {
- if (authorizable.isEmpty()) {
- throw new IllegalArgumentException("Privilege '" + permission + "' has an empty section");
- }
- parts.add(new KeyValue(authorizable));
- }
- if (parts.isEmpty()) {
- throw new AssertionError("Should never occur: " + permission);
- }
- this.parts = ImmutableList.copyOf(parts);
- }
-
- @Override
- public boolean implies(Privilege p, Model model) {
- if (!(p instanceof SqoopWildcardPrivilege)) {
- return false;
- }
- SqoopWildcardPrivilege wp = (SqoopWildcardPrivilege)p;
- List<KeyValue> otherParts = wp.parts;
- if(equals(wp)) {
- return true;
- }
- int index = 0;
- for (KeyValue otherPart : otherParts) {
- // If this privilege has less parts than the other privilege, everything
- // after the number of parts contained
- // in this privilege is automatically implied, so return true
- if (parts.size() - 1 < index) {
- return true;
- } else {
- KeyValue part = parts.get(index);
- // Support for action inheritance from parent to child
- if (part.getKey().equalsIgnoreCase(SqoopActionConstant.NAME)
- && !(otherPart.getKey().equalsIgnoreCase(SqoopActionConstant.NAME))) {
- continue;
- }
- // are the keys even equal
- if(!part.getKey().equalsIgnoreCase(otherPart.getKey())) {
- return false;
- }
- if (!impliesKeyValue(part, otherPart)) {
- return false;
- }
- index++;
- }
- }
- // If this privilege has more parts than
- // the other parts, only imply it if
- // all of the other parts are "*" or "ALL"
- for (; index < parts.size(); index++) {
- KeyValue part = parts.get(index);
- if (!part.getValue().equals(SqoopActionConstant.ALL)) {
- return false;
- }
- }
- return true;
- }
-
- private boolean impliesKeyValue(KeyValue policyPart, KeyValue requestPart) {
- Preconditions.checkState(policyPart.getKey().equalsIgnoreCase(requestPart.getKey()),
- "Please report, this method should not be called with two different keys");
- if(policyPart.getValue().equalsIgnoreCase(SqoopActionConstant.ALL) ||
- policyPart.getValue().equalsIgnoreCase(SqoopActionConstant.ALL_NAME) ||
- policyPart.equals(requestPart)) {
- return true;
- } else if (!SqoopActionConstant.NAME.equalsIgnoreCase(policyPart.getKey())
- && SqoopActionConstant.ALL.equalsIgnoreCase(requestPart.getValue())) {
- /* privilege request is to match with any object of given type */
- return true;
- }
- return false;
-
- }
-}
http://git-wip-us.apache.org/repos/asf/sentry/blob/bfed0f34/sentry-policy/sentry-policy-sqoop/src/test/resources/log4j.properties
----------------------------------------------------------------------
diff --git a/sentry-policy/sentry-policy-sqoop/src/test/resources/log4j.properties b/sentry-policy/sentry-policy-sqoop/src/test/resources/log4j.properties
deleted file mode 100644
index 7703069..0000000
--- a/sentry-policy/sentry-policy-sqoop/src/test/resources/log4j.properties
+++ /dev/null
@@ -1,31 +0,0 @@
-#
-# Licensed to the Apache Software Foundation (ASF) under one
-# or more contributor license agreements. See the NOTICE file
-# distributed with this work for additional information
-# regarding copyright ownership. The ASF licenses this file
-# to you under the Apache License, Version 2.0 (the
-# "License"); you may not use this file except in compliance
-# with the License. You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing,
-# software distributed under the License is distributed on an
-# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-# KIND, either express or implied. See the License for the
-# specific language governing permissions and limitations
-# under the License.
-#
-
-# Define some default values that can be overridden by system properties.
-#
-# For testing, it may also be convenient to specify
-
-log4j.rootLogger=DEBUG,console
-
-log4j.appender.console=org.apache.log4j.ConsoleAppender
-log4j.appender.console.target=System.err
-log4j.appender.console.layout=org.apache.log4j.PatternLayout
-log4j.appender.console.layout.ConversionPattern=%d (%t) [%p - %l] %m%n
-
-log4j.logger.org.apache.hadoop.conf.Configuration=INFO
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/sentry/blob/bfed0f34/sentry-provider/sentry-provider-db/pom.xml
----------------------------------------------------------------------
diff --git a/sentry-provider/sentry-provider-db/pom.xml b/sentry-provider/sentry-provider-db/pom.xml
index f9236e8..3a6999c 100644
--- a/sentry-provider/sentry-provider-db/pom.xml
+++ b/sentry-provider/sentry-provider-db/pom.xml
@@ -104,10 +104,6 @@ limitations under the License.
<artifactId>sentry-policy-engine</artifactId>
</dependency>
<dependency>
- <groupId>org.apache.sentry</groupId>
- <artifactId>sentry-policy-search</artifactId>
- </dependency>
- <dependency>
<groupId>org.apache.hive</groupId>
<artifactId>hive-shims</artifactId>
<scope>provided</scope>
http://git-wip-us.apache.org/repos/asf/sentry/blob/bfed0f34/sentry-solr/solr-sentry-handlers/pom.xml
----------------------------------------------------------------------
diff --git a/sentry-solr/solr-sentry-handlers/pom.xml b/sentry-solr/solr-sentry-handlers/pom.xml
index 07d95fa..4c3a21a 100644
--- a/sentry-solr/solr-sentry-handlers/pom.xml
+++ b/sentry-solr/solr-sentry-handlers/pom.xml
@@ -67,10 +67,6 @@ limitations under the License.
</dependency>
<dependency>
<groupId>org.apache.sentry</groupId>
- <artifactId>sentry-policy-search</artifactId>
- </dependency>
- <dependency>
- <groupId>org.apache.sentry</groupId>
<artifactId>solr-sentry-core</artifactId>
</dependency>
<dependency>
http://git-wip-us.apache.org/repos/asf/sentry/blob/bfed0f34/sentry-tests/sentry-tests-hive/pom.xml
----------------------------------------------------------------------
diff --git a/sentry-tests/sentry-tests-hive/pom.xml b/sentry-tests/sentry-tests-hive/pom.xml
index 472cce7..7aca2b5 100644
--- a/sentry-tests/sentry-tests-hive/pom.xml
+++ b/sentry-tests/sentry-tests-hive/pom.xml
@@ -224,11 +224,6 @@ limitations under the License.
<scope>test</scope>
</dependency>
<dependency>
- <groupId>org.apache.sentry</groupId>
- <artifactId>sentry-policy-db</artifactId>
- <scope>test</scope>
- </dependency>
- <dependency>
<groupId>org.apache.hadoop</groupId>
<artifactId>hadoop-minicluster</artifactId>
<scope>test</scope>
http://git-wip-us.apache.org/repos/asf/sentry/blob/bfed0f34/sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/hive/TestPerDBConfiguration.java
----------------------------------------------------------------------
diff --git a/sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/hive/TestPerDBConfiguration.java b/sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/hive/TestPerDBConfiguration.java
index 985f969..d1a34a8 100644
--- a/sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/hive/TestPerDBConfiguration.java
+++ b/sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/hive/TestPerDBConfiguration.java
@@ -26,7 +26,7 @@ import java.sql.ResultSet;
import java.sql.SQLException;
import java.sql.Statement;
-import org.apache.sentry.policy.db.SimpleDBPolicyEngine;
+import org.apache.sentry.core.common.utils.SentryConstants;
import org.apache.sentry.provider.file.PolicyFile;
import org.junit.After;
import org.junit.Before;
@@ -116,7 +116,7 @@ public class TestPerDBConfiguration extends AbstractTestWithStaticConfiguration
@After
public void teardown() throws Exception {
// one test turns this on so let's disable it in the teardown method
- System.setProperty(SimpleDBPolicyEngine.ACCESS_ALLOW_URI_PER_DB_POLICYFILE, "false");
+ System.setProperty(SentryConstants.ACCESS_ALLOW_URI_PER_DB_POLICYFILE, "false");
}
@Test
@@ -261,7 +261,7 @@ public class TestPerDBConfiguration extends AbstractTestWithStaticConfiguration
// ugly hack: needs to go away once this becomes a config property. Note that this property
// will not be set with external HS and this test will fail. Hope is this fix will go away
// by then.
- System.setProperty(SimpleDBPolicyEngine.ACCESS_ALLOW_URI_PER_DB_POLICYFILE, "true");
+ System.setProperty(SentryConstants.ACCESS_ALLOW_URI_PER_DB_POLICYFILE, "true");
// test execution
Connection connection = context.createConnection(USER1_1);
Statement statement = context.createStatement(connection);
@@ -290,11 +290,11 @@ public class TestPerDBConfiguration extends AbstractTestWithStaticConfiguration
context.assertAuthzException(statement, "USE " + DB1);
// once we disable this property all queries should fail
- System.setProperty(SimpleDBPolicyEngine.ACCESS_ALLOW_URI_PER_DB_POLICYFILE, "false");
+ System.setProperty(SentryConstants.ACCESS_ALLOW_URI_PER_DB_POLICYFILE, "false");
context.assertAuthzException(statement, "USE " + DB2);
// re-enable for clean
- System.setProperty(SimpleDBPolicyEngine.ACCESS_ALLOW_URI_PER_DB_POLICYFILE, "true");
+ System.setProperty(SentryConstants.ACCESS_ALLOW_URI_PER_DB_POLICYFILE, "true");
statement.close();
connection.close();