You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@sentry.apache.org by sd...@apache.org on 2016/05/13 03:16:31 UTC
[1/2] sentry git commit: SENTRY-1208: Make HOST implied in privileges
if not specified explicitly. (Ashish K Singh, reviewed by Dapeng Sun)
Repository: sentry
Updated Branches:
refs/heads/master e82a8c652 -> 1cbf44ade
SENTRY-1208: Make HOST implied in privileges if not specified explicitly. (Ashish K Singh, reviewed by Dapeng Sun)
Project: http://git-wip-us.apache.org/repos/asf/sentry/repo
Commit: http://git-wip-us.apache.org/repos/asf/sentry/commit/afb6d9ae
Tree: http://git-wip-us.apache.org/repos/asf/sentry/tree/afb6d9ae
Diff: http://git-wip-us.apache.org/repos/asf/sentry/diff/afb6d9ae
Branch: refs/heads/master
Commit: afb6d9ae11c80d037015a75c698d02f8bdf74af8
Parents: e82a8c6
Author: Ashish K Singh <as...@cloudera.com>
Authored: Fri May 13 10:59:42 2016 +0800
Committer: Sun Dapeng <sd...@apache.org>
Committed: Fri May 13 10:59:42 2016 +0800
----------------------------------------------------------------------
.../db/generic/tools/KafkaTSentryPrivilegeConvertor.java | 9 +++++++++
.../provider/db/generic/tools/TestSentryShellKafka.java | 4 +++-
2 files changed, 12 insertions(+), 1 deletion(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/sentry/blob/afb6d9ae/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/generic/tools/KafkaTSentryPrivilegeConvertor.java
----------------------------------------------------------------------
diff --git a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/generic/tools/KafkaTSentryPrivilegeConvertor.java b/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/generic/tools/KafkaTSentryPrivilegeConvertor.java
index c7c0729..902895d 100644
--- a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/generic/tools/KafkaTSentryPrivilegeConvertor.java
+++ b/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/generic/tools/KafkaTSentryPrivilegeConvertor.java
@@ -35,6 +35,10 @@ import java.util.Iterator;
import java.util.LinkedList;
import java.util.List;
+import static org.apache.sentry.core.common.utils.SentryConstants.AUTHORIZABLE_SEPARATOR;
+import static org.apache.sentry.core.common.utils.SentryConstants.KV_SEPARATOR;
+import static org.apache.sentry.core.common.utils.SentryConstants.RESOURCE_WILDCARD_VALUE;
+
public class KafkaTSentryPrivilegeConvertor implements TSentryPrivilegeConvertor {
private String component;
private String service;
@@ -45,6 +49,11 @@ public class KafkaTSentryPrivilegeConvertor implements TSentryPrivilegeConverto
}
public TSentryPrivilege fromString(String privilegeStr) throws Exception {
+ final String hostPrefix = KafkaAuthorizable.AuthorizableType.HOST.name() + KV_SEPARATOR;
+ final String hostPrefixLowerCase = hostPrefix.toLowerCase();
+ if (!privilegeStr.toLowerCase().startsWith(hostPrefixLowerCase)) {
+ privilegeStr = hostPrefix + RESOURCE_WILDCARD_VALUE + AUTHORIZABLE_SEPARATOR + privilegeStr;
+ }
validatePrivilegeHierarchy(privilegeStr);
TSentryPrivilege tSentryPrivilege = new TSentryPrivilege();
List<TAuthorizable> authorizables = new LinkedList<TAuthorizable>();
http://git-wip-us.apache.org/repos/asf/sentry/blob/afb6d9ae/sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/provider/db/generic/tools/TestSentryShellKafka.java
----------------------------------------------------------------------
diff --git a/sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/provider/db/generic/tools/TestSentryShellKafka.java b/sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/provider/db/generic/tools/TestSentryShellKafka.java
index d49bc57..52112d1 100644
--- a/sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/provider/db/generic/tools/TestSentryShellKafka.java
+++ b/sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/provider/db/generic/tools/TestSentryShellKafka.java
@@ -240,6 +240,8 @@ public class TestSentryShellKafka extends SentryGenericServiceIntegrationBase {
"HOST=*->CLUSTER=kafka-cluster->action=read",
"HOST=h1->TOPIC=t1->action=write",
"HOST=*->CONSUMERGROUP=cg1->action=read",
+ "CLUSTER=kafka-cluster->action=write",
+ "CONSUMERGROUP=cg2->action=write"
};
for (int i = 0; i < privs.length; ++i) {
// test: grant privilege to role
@@ -256,7 +258,7 @@ public class TestSentryShellKafka extends SentryGenericServiceIntegrationBase {
assertEquals("Incorrect number of privileges", privs.length, privilegeStrs.size());
for (int i = 0; i < privs.length; ++i) {
- assertTrue("Expected privilege: " + privs[i] + " in " + Arrays.toString(privilegeStrs.toArray()), privilegeStrs.contains(privs[i]));
+ assertTrue("Expected privilege: " + privs[i] + " in " + Arrays.toString(privilegeStrs.toArray()), privilegeStrs.contains(privs[i].startsWith("HOST=") ? privs[i] : "HOST=*->" + privs[i]));
}
for (int i = 0; i < privs.length; ++i) {
[2/2] sentry git commit: SENTRY-1253: SentryShellKafka is incorrectly
setting component as "KAFKA" (Ashish K Singh,
reviewed by Sravya Tirukkovalur and Dapeng Sun)
Posted by sd...@apache.org.
SENTRY-1253: SentryShellKafka is incorrectly setting component as "KAFKA" (Ashish K Singh, reviewed by Sravya Tirukkovalur and Dapeng Sun)
Project: http://git-wip-us.apache.org/repos/asf/sentry/repo
Commit: http://git-wip-us.apache.org/repos/asf/sentry/commit/1cbf44ad
Tree: http://git-wip-us.apache.org/repos/asf/sentry/tree/1cbf44ad
Diff: http://git-wip-us.apache.org/repos/asf/sentry/diff/1cbf44ad
Branch: refs/heads/master
Commit: 1cbf44ade98a96985ec260c623ff6fd9122ad953
Parents: afb6d9a
Author: Ashish K Singh <as...@cloudera.com>
Authored: Fri May 13 11:10:55 2016 +0800
Committer: Sun Dapeng <sd...@apache.org>
Committed: Fri May 13 11:12:37 2016 +0800
----------------------------------------------------------------------
.../apache/sentry/provider/db/generic/tools/SentryShellKafka.java | 3 ++-
.../sentry/provider/db/generic/tools/TestSentryShellKafka.java | 2 +-
2 files changed, 3 insertions(+), 2 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/sentry/blob/1cbf44ad/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/generic/tools/SentryShellKafka.java
----------------------------------------------------------------------
diff --git a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/generic/tools/SentryShellKafka.java b/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/generic/tools/SentryShellKafka.java
index e15d8d2..0e40882 100644
--- a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/generic/tools/SentryShellKafka.java
+++ b/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/generic/tools/SentryShellKafka.java
@@ -22,6 +22,7 @@ import org.apache.commons.lang.StringUtils;
import org.apache.hadoop.conf.Configuration;
import org.apache.hadoop.fs.Path;
import org.apache.hadoop.security.UserGroupInformation;
+import org.apache.sentry.provider.common.AuthorizationComponent;
import org.apache.sentry.provider.db.generic.service.thrift.SentryGenericServiceClient;
import org.apache.sentry.provider.db.generic.service.thrift.SentryGenericServiceClientFactory;
import org.apache.sentry.provider.db.generic.tools.command.*;
@@ -43,7 +44,7 @@ public class SentryShellKafka extends SentryShellCommon {
@Override
public void run() throws Exception {
Command command = null;
- String component = "KAFKA";
+ String component = AuthorizationComponent.KAFKA;
Configuration conf = getSentryConf();
String service = conf.get(KAFKA_SERVICE_NAME, "kafka1");
http://git-wip-us.apache.org/repos/asf/sentry/blob/1cbf44ad/sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/provider/db/generic/tools/TestSentryShellKafka.java
----------------------------------------------------------------------
diff --git a/sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/provider/db/generic/tools/TestSentryShellKafka.java b/sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/provider/db/generic/tools/TestSentryShellKafka.java
index 52112d1..a38d58b 100644
--- a/sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/provider/db/generic/tools/TestSentryShellKafka.java
+++ b/sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/provider/db/generic/tools/TestSentryShellKafka.java
@@ -48,7 +48,7 @@ public class TestSentryShellKafka extends SentryGenericServiceIntegrationBase {
private File confPath;
private static String TEST_ROLE_NAME_1 = "testRole1";
private static String TEST_ROLE_NAME_2 = "testRole2";
- private static String KAFKA = "KAFKA";
+ private static String KAFKA = "kafka";
private String requestorName = "";
private String service = "kafka1";