You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@sentry.apache.org by li...@apache.org on 2018/06/06 18:23:09 UTC
sentry git commit: SENTRY-2244: Alter sentry role or user at granting
privilege can avoid extra query to database (Na Li, reviewed by Sergio Pena,
Kalyan Kumar Kalvagadda)
Repository: sentry
Updated Branches:
refs/heads/master 74f130fe5 -> 10217aab5
SENTRY-2244: Alter sentry role or user at granting privilege can avoid extra query to database (Na Li, reviewed by Sergio Pena, Kalyan Kumar Kalvagadda)
Project: http://git-wip-us.apache.org/repos/asf/sentry/repo
Commit: http://git-wip-us.apache.org/repos/asf/sentry/commit/10217aab
Tree: http://git-wip-us.apache.org/repos/asf/sentry/tree/10217aab
Diff: http://git-wip-us.apache.org/repos/asf/sentry/diff/10217aab
Branch: refs/heads/master
Commit: 10217aab572eddae40cd2fa623a3b201839e2c9b
Parents: 74f130f
Author: lina.li <li...@cloudera.com>
Authored: Wed Jun 6 13:22:20 2018 -0500
Committer: lina.li <li...@cloudera.com>
Committed: Wed Jun 6 13:22:20 2018 -0500
----------------------------------------------------------------------
.../db/service/persistent/SentryStore.java | 67 +++++++++++++++-----
1 file changed, 50 insertions(+), 17 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/sentry/blob/10217aab/sentry-service/sentry-service-server/src/main/java/org/apache/sentry/provider/db/service/persistent/SentryStore.java
----------------------------------------------------------------------
diff --git a/sentry-service/sentry-service-server/src/main/java/org/apache/sentry/provider/db/service/persistent/SentryStore.java b/sentry-service/sentry-service-server/src/main/java/org/apache/sentry/provider/db/service/persistent/SentryStore.java
index 5932335..b0ed2ed 100644
--- a/sentry-service/sentry-service-server/src/main/java/org/apache/sentry/provider/db/service/persistent/SentryStore.java
+++ b/sentry-service/sentry-service-server/src/main/java/org/apache/sentry/provider/db/service/persistent/SentryStore.java
@@ -789,7 +789,32 @@ public class SentryStore {
}
}
- private MSentryPrivilege alterSentryRoleGrantPrivilegeCore(PersistenceManager pm,
+ /**
+ * Find the privilege in entityPrivileges that matches the input privilege.
+ * Function contains() only returns if there is a match, but does not return matching privilege
+ * in entityPrivileges.
+ * inputPrivilege contains all privilege fields except the roles and users information.
+ * we need to find the privilege with all users and roles that matches the inputPrivilege.
+ * @param entityPrivileges the privileges to search, which is fetched from DB, containing
+ * associated users and/or roles
+ * @param inputPrivilege input privilege to match. It is constructed in memory, does not contain
+ * associated users and/or roles
+ * @return matched privilege in entityPrivileges. When there is no match, return null
+ */
+ private MSentryPrivilege findMatchPrivilege(
+ Set<MSentryPrivilege> entityPrivileges,
+ MSentryPrivilege inputPrivilege) {
+
+ for (MSentryPrivilege entityPrivilege : entityPrivileges) {
+ if (entityPrivilege.equals(inputPrivilege)) {
+ return entityPrivilege;
+ }
+ }
+
+ return null;
+ }
+
+ private MSentryPrivilege alterSentryRoleGrantPrivilegeCore(PersistenceManager pm,
String roleName, TSentryPrivilege privilege)
throws SentryNoSuchObjectException, SentryInvalidInputException {
MSentryPrivilege mPrivilege = null;
@@ -811,14 +836,16 @@ public class SentryStore {
|| AccessConstants.ACTION_ALL.equalsIgnoreCase(privilege.getAction())) {
TSentryPrivilege tNotAll = new TSentryPrivilege(privilege);
tNotAll.setAction(AccessConstants.SELECT);
- MSentryPrivilege mSelect = getMSentryPrivilege(tNotAll, pm);
+ MSentryPrivilege mSelect =
+ findMatchPrivilege(mRole.getPrivileges(), convertToMSentryPrivilege(tNotAll));
tNotAll.setAction(AccessConstants.INSERT);
- MSentryPrivilege mInsert = getMSentryPrivilege(tNotAll, pm);
- if ((mSelect != null) && mRole.getPrivileges().contains(mSelect)) {
+ MSentryPrivilege mInsert =
+ findMatchPrivilege(mRole.getPrivileges(), convertToMSentryPrivilege(tNotAll));
+ if (mSelect != null) {
mSelect.removeRole(mRole);
pm.makePersistent(mSelect);
}
- if ((mInsert != null) && mRole.getPrivileges().contains(mInsert)) {
+ if (mInsert != null) {
mInsert.removeRole(mRole);
pm.makePersistent(mInsert);
}
@@ -827,13 +854,15 @@ public class SentryStore {
// do nothing..
TSentryPrivilege tAll = new TSentryPrivilege(privilege);
tAll.setAction(AccessConstants.ALL);
- MSentryPrivilege mAll1 = getMSentryPrivilege(tAll, pm);
+ MSentryPrivilege mAll1 =
+ findMatchPrivilege(mRole.getPrivileges(), convertToMSentryPrivilege(tAll));
tAll.setAction(AccessConstants.ACTION_ALL);
- MSentryPrivilege mAll2 = getMSentryPrivilege(tAll, pm);
- if (mAll1 != null && mRole.getPrivileges().contains(mAll1)) {
+ MSentryPrivilege mAll2 =
+ findMatchPrivilege(mRole.getPrivileges(), convertToMSentryPrivilege(tAll));
+ if (mAll1 != null) {
return null;
}
- if (mAll2 != null && mRole.getPrivileges().contains(mAll2)) {
+ if (mAll2 != null) {
return null;
}
}
@@ -1036,14 +1065,16 @@ public class SentryStore {
|| AccessConstants.ACTION_ALL.equalsIgnoreCase(privilege.getAction())) {
TSentryPrivilege tNotAll = new TSentryPrivilege(privilege);
tNotAll.setAction(AccessConstants.SELECT);
- MSentryPrivilege mSelect = getMSentryPrivilege(tNotAll, pm);
+ MSentryPrivilege mSelect =
+ findMatchPrivilege(mUser.getPrivileges(), convertToMSentryPrivilege(tNotAll));
tNotAll.setAction(AccessConstants.INSERT);
- MSentryPrivilege mInsert = getMSentryPrivilege(tNotAll, pm);
- if ((mSelect != null) && mUser.getPrivileges().contains(mSelect)) {
+ MSentryPrivilege mInsert =
+ findMatchPrivilege(mUser.getPrivileges(), convertToMSentryPrivilege(tNotAll));
+ if (mSelect != null) {
mSelect.removeUser(mUser);
pm.makePersistent(mSelect);
}
- if ((mInsert != null) && mUser.getPrivileges().contains(mInsert)) {
+ if (mInsert != null) {
mInsert.removeUser(mUser);
pm.makePersistent(mInsert);
}
@@ -1052,13 +1083,15 @@ public class SentryStore {
// do nothing..
TSentryPrivilege tAll = new TSentryPrivilege(privilege);
tAll.setAction(AccessConstants.ALL);
- MSentryPrivilege mAll1 = getMSentryPrivilege(tAll, pm);
+ MSentryPrivilege mAll1 =
+ findMatchPrivilege(mUser.getPrivileges(), convertToMSentryPrivilege(tAll));
tAll.setAction(AccessConstants.ACTION_ALL);
- MSentryPrivilege mAll2 = getMSentryPrivilege(tAll, pm);
- if (mAll1 != null && mUser.getPrivileges().contains(mAll1)) {
+ MSentryPrivilege mAll2 =
+ findMatchPrivilege(mUser.getPrivileges(), convertToMSentryPrivilege(tAll));
+ if (mAll1 != null) {
return null;
}
- if (mAll2 != null && mUser.getPrivileges().contains(mAll2)) {
+ if (mAll2 != null) {
return null;
}
}