You are viewing a plain text version of this content. The canonical link for it is here.

Posted to commits@sentry.apache.org by sd...@apache.org on 2016/05/13 03:16:31 UTC

[1/2] sentry git commit: SENTRY-1208: Make HOST implied in privileges if not specified explicitly. (Ashish K Singh, reviewed by Dapeng Sun)

Repository: sentry
Updated Branches:
  refs/heads/master e82a8c652 -> 1cbf44ade


SENTRY-1208: Make HOST implied in privileges if not specified explicitly. (Ashish K Singh, reviewed by Dapeng Sun)


Project: http://git-wip-us.apache.org/repos/asf/sentry/repo
Commit: http://git-wip-us.apache.org/repos/asf/sentry/commit/afb6d9ae
Tree: http://git-wip-us.apache.org/repos/asf/sentry/tree/afb6d9ae
Diff: http://git-wip-us.apache.org/repos/asf/sentry/diff/afb6d9ae

Branch: refs/heads/master
Commit: afb6d9ae11c80d037015a75c698d02f8bdf74af8
Parents: e82a8c6
Author: Ashish K Singh <as...@cloudera.com>
Authored: Fri May 13 10:59:42 2016 +0800
Committer: Sun Dapeng <sd...@apache.org>
Committed: Fri May 13 10:59:42 2016 +0800

----------------------------------------------------------------------
 .../db/generic/tools/KafkaTSentryPrivilegeConvertor.java    | 9 +++++++++
 .../provider/db/generic/tools/TestSentryShellKafka.java     | 4 +++-
 2 files changed, 12 insertions(+), 1 deletion(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/sentry/blob/afb6d9ae/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/generic/tools/KafkaTSentryPrivilegeConvertor.java
----------------------------------------------------------------------
diff --git a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/generic/tools/KafkaTSentryPrivilegeConvertor.java b/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/generic/tools/KafkaTSentryPrivilegeConvertor.java
index c7c0729..902895d 100644
--- a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/generic/tools/KafkaTSentryPrivilegeConvertor.java
+++ b/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/generic/tools/KafkaTSentryPrivilegeConvertor.java
@@ -35,6 +35,10 @@ import java.util.Iterator;
 import java.util.LinkedList;
 import java.util.List;
 
+import static org.apache.sentry.core.common.utils.SentryConstants.AUTHORIZABLE_SEPARATOR;
+import static org.apache.sentry.core.common.utils.SentryConstants.KV_SEPARATOR;
+import static org.apache.sentry.core.common.utils.SentryConstants.RESOURCE_WILDCARD_VALUE;
+
 public  class KafkaTSentryPrivilegeConvertor implements TSentryPrivilegeConvertor {
   private String component;
   private String service;
@@ -45,6 +49,11 @@ public  class KafkaTSentryPrivilegeConvertor implements TSentryPrivilegeConverto
   }
 
   public TSentryPrivilege fromString(String privilegeStr) throws Exception {
+    final String hostPrefix = KafkaAuthorizable.AuthorizableType.HOST.name() + KV_SEPARATOR;
+    final String hostPrefixLowerCase = hostPrefix.toLowerCase();
+    if (!privilegeStr.toLowerCase().startsWith(hostPrefixLowerCase)) {
+      privilegeStr =  hostPrefix + RESOURCE_WILDCARD_VALUE + AUTHORIZABLE_SEPARATOR + privilegeStr;
+    }
     validatePrivilegeHierarchy(privilegeStr);
     TSentryPrivilege tSentryPrivilege = new TSentryPrivilege();
     List<TAuthorizable> authorizables = new LinkedList<TAuthorizable>();

http://git-wip-us.apache.org/repos/asf/sentry/blob/afb6d9ae/sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/provider/db/generic/tools/TestSentryShellKafka.java
----------------------------------------------------------------------
diff --git a/sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/provider/db/generic/tools/TestSentryShellKafka.java b/sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/provider/db/generic/tools/TestSentryShellKafka.java
index d49bc57..52112d1 100644
--- a/sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/provider/db/generic/tools/TestSentryShellKafka.java
+++ b/sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/provider/db/generic/tools/TestSentryShellKafka.java
@@ -240,6 +240,8 @@ public class TestSentryShellKafka extends SentryGenericServiceIntegrationBase {
             "HOST=*->CLUSTER=kafka-cluster->action=read",
             "HOST=h1->TOPIC=t1->action=write",
             "HOST=*->CONSUMERGROUP=cg1->action=read",
+            "CLUSTER=kafka-cluster->action=write",
+            "CONSUMERGROUP=cg2->action=write"
         };
         for (int i = 0; i < privs.length; ++i) {
           // test: grant privilege to role
@@ -256,7 +258,7 @@ public class TestSentryShellKafka extends SentryGenericServiceIntegrationBase {
 
         assertEquals("Incorrect number of privileges", privs.length, privilegeStrs.size());
         for (int i = 0; i < privs.length; ++i) {
-          assertTrue("Expected privilege: " + privs[i] + " in " + Arrays.toString(privilegeStrs.toArray()), privilegeStrs.contains(privs[i]));
+          assertTrue("Expected privilege: " + privs[i] + " in " + Arrays.toString(privilegeStrs.toArray()), privilegeStrs.contains(privs[i].startsWith("HOST=") ? privs[i] : "HOST=*->" + privs[i]));
         }
 
         for (int i = 0; i < privs.length; ++i) {

[2/2] sentry git commit: SENTRY-1253: SentryShellKafka is incorrectly setting component as "KAFKA" (Ashish K Singh, reviewed by Sravya Tirukkovalur and Dapeng Sun)

Posted by sd...@apache.org.

SENTRY-1253: SentryShellKafka is incorrectly setting component as "KAFKA"  (Ashish K Singh, reviewed by Sravya Tirukkovalur and Dapeng Sun)


Project: http://git-wip-us.apache.org/repos/asf/sentry/repo
Commit: http://git-wip-us.apache.org/repos/asf/sentry/commit/1cbf44ad
Tree: http://git-wip-us.apache.org/repos/asf/sentry/tree/1cbf44ad
Diff: http://git-wip-us.apache.org/repos/asf/sentry/diff/1cbf44ad

Branch: refs/heads/master
Commit: 1cbf44ade98a96985ec260c623ff6fd9122ad953
Parents: afb6d9a
Author: Ashish K Singh <as...@cloudera.com>
Authored: Fri May 13 11:10:55 2016 +0800
Committer: Sun Dapeng <sd...@apache.org>
Committed: Fri May 13 11:12:37 2016 +0800

----------------------------------------------------------------------
 .../apache/sentry/provider/db/generic/tools/SentryShellKafka.java | 3 ++-
 .../sentry/provider/db/generic/tools/TestSentryShellKafka.java    | 2 +-
 2 files changed, 3 insertions(+), 2 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/sentry/blob/1cbf44ad/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/generic/tools/SentryShellKafka.java
----------------------------------------------------------------------
diff --git a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/generic/tools/SentryShellKafka.java b/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/generic/tools/SentryShellKafka.java
index e15d8d2..0e40882 100644
--- a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/generic/tools/SentryShellKafka.java
+++ b/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/generic/tools/SentryShellKafka.java
@@ -22,6 +22,7 @@ import org.apache.commons.lang.StringUtils;
 import org.apache.hadoop.conf.Configuration;
 import org.apache.hadoop.fs.Path;
 import org.apache.hadoop.security.UserGroupInformation;
+import org.apache.sentry.provider.common.AuthorizationComponent;
 import org.apache.sentry.provider.db.generic.service.thrift.SentryGenericServiceClient;
 import org.apache.sentry.provider.db.generic.service.thrift.SentryGenericServiceClientFactory;
 import org.apache.sentry.provider.db.generic.tools.command.*;
@@ -43,7 +44,7 @@ public class SentryShellKafka extends SentryShellCommon {
   @Override
   public void run() throws Exception {
     Command command = null;
-    String component = "KAFKA";
+    String component = AuthorizationComponent.KAFKA;
     Configuration conf = getSentryConf();
 
     String service = conf.get(KAFKA_SERVICE_NAME, "kafka1");

http://git-wip-us.apache.org/repos/asf/sentry/blob/1cbf44ad/sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/provider/db/generic/tools/TestSentryShellKafka.java
----------------------------------------------------------------------
diff --git a/sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/provider/db/generic/tools/TestSentryShellKafka.java b/sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/provider/db/generic/tools/TestSentryShellKafka.java
index 52112d1..a38d58b 100644
--- a/sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/provider/db/generic/tools/TestSentryShellKafka.java
+++ b/sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/provider/db/generic/tools/TestSentryShellKafka.java
@@ -48,7 +48,7 @@ public class TestSentryShellKafka extends SentryGenericServiceIntegrationBase {
   private File confPath;
   private static String TEST_ROLE_NAME_1 = "testRole1";
   private static String TEST_ROLE_NAME_2 = "testRole2";
-  private static String KAFKA = "KAFKA";
+  private static String KAFKA = "kafka";
   private String requestorName = "";
   private String service = "kafka1";