Tabnine Logo
MSentryGMPrivilege
Code IndexAdd Tabnine to your IDE (free)

How to use
MSentryGMPrivilege
in
org.apache.sentry.provider.db.service.model

Best Java code snippets using org.apache.sentry.provider.db.service.model.MSentryGMPrivilege (Showing top 20 results out of 315)

origin: apache/sentry

Set<PrivilegeObject> getPrivilegesByProvider(String component,
                       String service, Set<MSentryRole> roles,
                       List<? extends Authorizable> authorizables, PersistenceManager pm) {
 Set<PrivilegeObject> privileges = Sets.newHashSet();
 if (roles == null || roles.isEmpty()) {
  return privileges;
 }
 MSentryGMPrivilege parentPrivilege = new MSentryGMPrivilege(component, service, authorizables, null, null);
 Set<MSentryGMPrivilege> privilegeGraph = Sets.newHashSet();
 privilegeGraph.addAll(populateIncludePrivileges(roles, parentPrivilege, pm));
 for (MSentryGMPrivilege mPrivilege : privilegeGraph) {
  privileges.add(new Builder()
               .setComponent(mPrivilege.getComponentName())
               .setService(mPrivilege.getServiceName())
               .setAction(mPrivilege.getAction())
               .setAuthorizables(mPrivilege.getAuthorizables())
               .withGrantOption(mPrivilege.getGrantOption())
               .build());
 }
 return privileges;
}
origin: apache/sentry

public void appendGMPrivilege(MSentryGMPrivilege gmPrivilege) {
 if (gmPrivileges.add(gmPrivilege)) {
  gmPrivilege.appendRole(this);
 }
}
origin: apache/sentry

public void removeGMPrivilege(MSentryGMPrivilege gmPrivilege) {
 if (gmPrivileges.remove(gmPrivilege)) {
  gmPrivilege.removeRole(this);
 }
}
origin: apache/sentry

public MSentryGMPrivilege(MSentryGMPrivilege copy) {
 this.action = copy.action;
 this.componentName = copy.componentName;
 this.serviceName = copy.serviceName;
 this.grantOption = copy.grantOption;
 this.scope = copy.scope;
 this.createTime = copy.createTime;
 setAuthorizables(copy.getAuthorizables());
 this.roles = new HashSet<MSentryRole>();
 roles.addAll(copy.roles);
}
origin: apache/sentry

public List<? extends Authorizable> getAuthorizables() {
 List<Authorizable> authorizables = Lists.newArrayList();
 //construct atuhorizable lists
 for (int i = 0; i < AUTHORIZABLE_LEVEL; i++) {
  final String resourceName = (String) getField(this, PREFIX_RESOURCE_NAME + String.valueOf(i));
  final String resourceTYpe = (String) getField(this, PREFIX_RESOURCE_TYPE + String.valueOf(i));
  if (notNULL(resourceName) && notNULL(resourceTYpe)) {
   authorizables.add(new Authorizable() {
    @Override
    public String getTypeName() {
     return resourceTYpe;
    }
    @Override
    public String getName() {
     return resourceName;
    }
   });
  }
 }
 return authorizables;
}
origin: apache/incubator-sentry

private TSentryPrivilege toTSentryPrivilege(MSentryGMPrivilege mPrivilege) {
 TSentryPrivilege tPrivilege = new TSentryPrivilege(mPrivilege.getComponentName(),
 mPrivilege.getServiceName(), fromAuthorizable(mPrivilege.getAuthorizables()), mPrivilege.getAction());
 if (mPrivilege.getGrantOption() == null) {
  tPrivilege.setGrantOption(TSentryGrantOption.UNSET);
 } else if (mPrivilege.getGrantOption()) {
  tPrivilege.setGrantOption(TSentryGrantOption.TRUE);
 } else {
  tPrivilege.setGrantOption(TSentryGrantOption.FALSE);
 }
 return tPrivilege;
}
origin: apache/incubator-sentry

MSentryGMPrivilege solrPrivilege = new MSentryGMPrivilege();
solrPrivilege.setComponentName("solr");
solrPrivilege.setServiceName("solr.server1");
solrPrivilege.setAuthorizables(Arrays.asList(new Collection("c1")));
solrPrivilege.setAction("query");
solrPrivilege.setGrantOption(true);
MSentryGMPrivilege solrPrivilege2 = new MSentryGMPrivilege(solrPrivilege);
solrPrivilege.appendRole(role);
hivePrivilege.appendRole(role);
pm.makePersistent(solrPrivilege);
origin: apache/incubator-sentry

 MSentryGMPrivilege persistedPriv, MSentryRole role,
 PersistenceManager pm) {
String component = revokePrivilege.getComponentName();
BitFieldAction revokeaction = getAction(component, revokePrivilege.getAction());
BitFieldAction persistedAction = getAction(component, persistedPriv.getAction());
BitFieldAction allAction = getAction(component, Action.ALL);
 persistedPriv.removeRole(role);
 pm.makePersistent(persistedPriv);
} else {
  persistedPriv.removeRole(role);
  pm.makePersistent(persistedPriv);
    MSentryGMPrivilege tmpPriv = new MSentryGMPrivilege(persistedPriv);
    tmpPriv.setAction(ac.getValue());
    MSentryGMPrivilege leftPersistedPriv = getPrivilege(tmpPriv, pm);
    if (leftPersistedPriv == null) {
     role.appendGMPrivilege(leftPersistedPriv);
    leftPersistedPriv.appendRole(role);
    pm.makePersistent(leftPersistedPriv);
  persistedPriv.removeRole(role);
  pm.makePersistent(persistedPriv);
origin: apache/sentry

@Test
public void testImpliesWithServerScope() throws Exception {
 //The persistent privilege is server scope
 MSentryGMPrivilege serverPrivilege = new MSentryGMPrivilege("solr",
   "service1", null,SolrConstants.QUERY, false);
 MSentryGMPrivilege collectionPrivilege = new MSentryGMPrivilege("solr",
   "service1", Arrays.asList(new Collection("c1")),
   SolrConstants.QUERY, false);
 assertTrue(serverPrivilege.implies(collectionPrivilege));
 MSentryGMPrivilege fieldPrivilege = new MSentryGMPrivilege("solr",
   "service1", Arrays.asList(new Collection("c1"), new Field("f1")),
   SolrConstants.QUERY, false);
 assertTrue(serverPrivilege.implies(fieldPrivilege));
 assertTrue(collectionPrivilege.implies(fieldPrivilege));
 serverPrivilege.setAction(SolrConstants.UPDATE);
 assertFalse(serverPrivilege.implies(collectionPrivilege));
 assertFalse(serverPrivilege.implies(fieldPrivilege));
 serverPrivilege.setAction(SolrConstants.ALL);
 assertTrue(serverPrivilege.implies(collectionPrivilege));
 assertTrue(serverPrivilege.implies(fieldPrivilege));
}
/**
origin: apache/incubator-sentry

 String grantorPrincipal, PersistenceManager pm)
 throws SentryUserException {
MSentryGMPrivilege oldPrivilege = new MSentryGMPrivilege(component, service, oldAuthorizables, null, null);
oldPrivilege.setAction(getAction(component,Action.ALL).getValue());
   dropPrivilege.getAuthorizables());
 for (int i = 0; i < newAuthorizables.size(); i++) {
  authorizables.set(i, newAuthorizables.get(i));
 MSentryGMPrivilege newPrivilge = new MSentryGMPrivilege(
   component,service, authorizables, dropPrivilege.getAction(),
   dropPrivilege.getGrantOption());
 Set<MSentryRole> roles = dropPrivilege.getRoles();
 for (MSentryRole role : roles) {
  revokeRolePartial(oldPrivilege, dropPrivilege, role, pm);
origin: apache/sentry

MSentryGMPrivilege serverPrivilege1 = new MSentryGMPrivilege("solr",
  "service1", null,SolrConstants.QUERY, false);
MSentryGMPrivilege serverPrivilege2 = new MSentryGMPrivilege("solr",
  "service2", null,SolrConstants.QUERY, false);
assertFalse(serverPrivilege1.implies(serverPrivilege2));
MSentryGMPrivilege collectionPrivilege1 = new MSentryGMPrivilege("solr",
  "service1", Arrays.asList(new Collection("c1")),
  SolrConstants.QUERY, false);
MSentryGMPrivilege collectionPrivilege2 = new MSentryGMPrivilege("solr",
  "service1", Arrays.asList(new Collection("c2")),
  SolrConstants.QUERY, false);
assertFalse(collectionPrivilege1.implies(collectionPrivilege2));
MSentryGMPrivilege fieldPrivilege1 = new MSentryGMPrivilege("solr",
  "service1", Arrays.asList(new Collection("c1"), new Field("f1")),
  SolrConstants.QUERY, false);
MSentryGMPrivilege fieldPrivilege2 = new MSentryGMPrivilege("solr",
  "service1", Arrays.asList(new Collection("c1"), new Field("f2")),
  SolrConstants.QUERY, false);
assertFalse(fieldPrivilege1.implies(fieldPrivilege2));
collectionPrivilege2.setAuthorizables(Arrays.asList(new Collection(AccessConstants.ALL)));
origin: apache/sentry

MSentryGMPrivilege serverPrivilege = new MSentryGMPrivilege("solr",
  "service1", null, SolrConstants.QUERY, false);
MSentryGMPrivilege collectionPrivilege = new MSentryGMPrivilege("solr",
  "service1", Arrays.asList(new Collection("c1")),
  SolrConstants.QUERY, false);
MSentryGMPrivilege fieldPrivilege = new MSentryGMPrivilege("solr",
  "service1", Arrays.asList(new Collection("c1"), new Field("f1")),
  SolrConstants.QUERY, false);
assertTrue(serverPrivilege.implies(collectionPrivilege));
assertTrue(serverPrivilege.implies(fieldPrivilege));
assertTrue(collectionPrivilege.implies(fieldPrivilege));
assertFalse(fieldPrivilege.implies(collectionPrivilege));
assertFalse(fieldPrivilege.implies(serverPrivilege));
assertFalse(collectionPrivilege.implies(serverPrivilege));
MSentryGMPrivilege fieldAllPrivilege = new MSentryGMPrivilege("solr",
  "service1", Arrays.asList(new Collection("c1"), new Field(AccessConstants.ALL)),
  SolrConstants.QUERY, false);
assertTrue(fieldAllPrivilege.implies(collectionPrivilege));
MSentryGMPrivilege fieldPrivilege1 = new MSentryGMPrivilege("solr",
  "service1", Arrays.asList(new Collection("c1"), new Field("f1")),
  SolrConstants.QUERY, false);
MSentryGMPrivilege fieldPrivilege2 = new MSentryGMPrivilege("solr",
origin: apache/incubator-sentry

 /**
  * Get the query to execute in the JDO deducing privileges include the scope of according to the given privilege
  * The query was used in three privilege operations:
  * 1.revoking privilege
  * 2.renaming privilege
  * 3.dropping privilege
  * Take the Solr for example, if there exists three privileges such as p1:Collection=c1->action=query,
  * p2:Collection=c1->Field=f1->action=query and p3:Collection=c1->Field=f2->action=query.
  * When the revoking operation happens, the request privilege is p4:Collection=c1->action=query.
  * The result is that not only p1 should be revoked, but also p2 and p3 should be revoked together.
  * So the populateIncludePrivilegesQuery should be Collection=c1
  * @param privilege
  * @return query
  */
 public static String populateIncludePrivilegesQuery(MSentryGMPrivilege privilege) {
  StringBuilder query = new StringBuilder();
  query.append("serviceName == \"" + toNULLCol(privilege.getServiceName()) + "\" ");
  query.append("&& componentName == \"" + toNULLCol(privilege.getComponentName()) + "\" ");
  List<? extends Authorizable> authorizables = privilege.getAuthorizables();
  for (int i= 0 ; i < authorizables.size(); i++) {
   String resourceName = PREFIX_RESOURCE_NAME + String.valueOf(i);
   String resourceType = PREFIX_RESOURCE_TYPE + String.valueOf(i);
   query.append("&& " + resourceName + " == \"" + authorizables.get(i).getName() + "\" ");
   query.append("&& " + resourceType + " == \"" + authorizables.get(i).getTypeName() + "\" ");
  }
  return query.toString();
 }
}
origin: apache/sentry

Set<MSentryGMPrivilege> getPrivilegesByAuthorizable(String component,
                          String service, Set<MSentryRole> roles,
                          List<? extends Authorizable> authorizables, PersistenceManager pm) {
 Set<MSentryGMPrivilege> privilegeGraph = Sets.newHashSet();
 if (roles == null || roles.isEmpty()) {
  return privilegeGraph;
 }
 MSentryGMPrivilege parentPrivilege = new MSentryGMPrivilege(component, service, authorizables, null, null);
 privilegeGraph.addAll(populateIncludePrivileges(roles, parentPrivilege, pm));
 return privilegeGraph;
}
origin: apache/incubator-sentry

public boolean checkPrivilegeOption(Set<MSentryRole> roles, PrivilegeObject privilege, PersistenceManager pm) {
 MSentryGMPrivilege requestPrivilege = convertToPrivilege(privilege);
 boolean hasGrant = false;
 //get persistent privileges by roles
 Query query = pm.newQuery(MSentryGMPrivilege.class);
 StringBuilder filters = new StringBuilder();
 if (roles != null && roles.size() > 0) {
  query.declareVariables("org.apache.sentry.provider.db.service.model.MSentryRole role");
  List<String> rolesFiler = new LinkedList<String>();
  for (MSentryRole role : roles) {
   rolesFiler.add("role.roleName == \"" + role.getRoleName() + "\" ");
  }
  filters.append("roles.contains(role) " + "&& (" + Joiner.on(" || ").join(rolesFiler) + ")");
 }
 query.setFilter(filters.toString());
 List<MSentryGMPrivilege> tPrivileges = (List<MSentryGMPrivilege>)query.execute();
 for (MSentryGMPrivilege tPrivilege : tPrivileges) {
  if (tPrivilege.getGrantOption() && tPrivilege.implies(requestPrivilege)) {
   hasGrant = true;
   break;
  }
 }
 return hasGrant;
}
public void grantPrivilege(PrivilegeObject privilege,MSentryRole role, PersistenceManager pm) throws SentryUserException {
origin: apache/incubator-sentry

/**
 * Drop any role related to the requested privilege and its children privileges
 */
public void dropPrivilege(PrivilegeObject privilege,PersistenceManager pm) {
 MSentryGMPrivilege requestPrivilege = convertToPrivilege(privilege);
 if (Strings.isNullOrEmpty(privilege.getAction())) {
  requestPrivilege.setAction(getAction(privilege.getComponent(), Action.ALL).getValue());
 }
 /**
  * Get the privilege graph
  * populateIncludePrivileges will get the privileges that need dropped,
  */
 Set<MSentryGMPrivilege> privilegeGraph = Sets.newHashSet();
 privilegeGraph.addAll(populateIncludePrivileges(null, requestPrivilege, pm));
 for (MSentryGMPrivilege mPrivilege : privilegeGraph) {
  /**
   * force to load all roles related this privilege
   * avoid the lazy-loading
   */
  pm.retrieve(mPrivilege);
  Set<MSentryRole> roles = mPrivilege.getRoles();
  for (MSentryRole role : roles) {
   revokeRolePartial(requestPrivilege, mPrivilege, role, pm);
  }
 }
}
origin: apache/sentry

                .build();
MSentryGMPrivilege mSentryGMPrivilege = new MSentryGMPrivilege("SOLR", "service1",
Arrays.asList(new Collection("c1"), new Field("f1")),
SolrConstants.QUERY, true);
mSentryGMPrivilege.setRoles(Sets.newHashSet(role));
origin: apache/sentry

paramBuilder.add(SERVICE_NAME, SentryStore.toNULLCol(privilege.getServiceName()), true);
paramBuilder.add(COMPONENT_NAME, SentryStore.toNULLCol(privilege.getComponentName()), true);
List<? extends Authorizable> authorizables = privilege.getAuthorizables();
int i = 0;
for(Authorizable auth: authorizables) {
origin: apache/incubator-sentry

public MSentryGMPrivilege(String componentName, String serviceName,
                List<? extends Authorizable> authorizables,
                String action, Boolean grantOption) {
 this.componentName = componentName;
 this.serviceName = serviceName;
 this.action = action;
 this.grantOption = grantOption;
 this.roles = new HashSet<MSentryRole>();
 this.createTime = System.currentTimeMillis();
 setAuthorizables(authorizables);
}
origin: apache/sentry

@Override
public String toString() {
 List<String> unifiedNames = Lists.newArrayList();
 for (Authorizable auth : getAuthorizables()) {
  unifiedNames.add(KV_JOINER.join(auth.getTypeName(),auth.getName()));
 }
 return "MSentryGMPrivilege ["
   + "serverName=" + serviceName + ", componentName=" + componentName
   + ", authorizables=" + AUTHORIZABLE_JOINER.join(unifiedNames)+ ", scope=" + scope
   + ", action=" + action + ", roles=[...]"  + ", createTime="
   + createTime + ", grantOption=" + grantOption +"]";
}
org.apache.sentry.provider.db.service.modelMSentryGMPrivilege

Javadoc

Database backed Sentry Generic Privilege for new authorization Model Any changes to this object require re-running the maven build so DN an re-enhance.

Most used methods

  • <init>
  • appendRole
  • implies
    Return true if this privilege implies request privilege Otherwise, return false
  • removeRole
  • setAction
  • setAuthorizables
    Only allow strict hierarchies. That is, can level =1 be not null when level = 0 is null
  • getAction
  • getAuthorizables
  • getComponentName
  • getField
  • getGrantOption
  • getRoles
  • getGrantOption,
  • getRoles,
  • getScope,
  • getServiceName,
  • isNULL,
  • notNULL,
  • setComponentName,
  • setField,
  • setGrantOption,
  • setRoles

Popular in Java

  • Start an intent from android
  • getResourceAsStream (ClassLoader)
  • getSupportFragmentManager (FragmentActivity)
  • requestLocationUpdates (LocationManager)
  • SocketException (java.net)
    This SocketException may be thrown during socket creation or setting options, and is the superclass
  • Arrays (java.util)
    This class contains various methods for manipulating arrays (such as sorting and searching). This cl
  • ThreadPoolExecutor (java.util.concurrent)
    An ExecutorService that executes each submitted task using one of possibly several pooled threads, n
  • JOptionPane (javax.swing)
  • Options (org.apache.commons.cli)
    Main entry-point into the library. Options represents a collection of Option objects, which describ
  • Join (org.hibernate.mapping)
  • Best IntelliJ plugins
Tabnine Logo
  • Products

    Search for Java codeSearch for JavaScript code
  • IDE Plugins

    IntelliJ IDEAWebStormVisual StudioAndroid StudioEclipseVisual Studio CodePyCharmSublime TextPhpStormVimGoLandRubyMineEmacsJupyter NotebookJupyter LabRiderDataGripAppCode
  • Company

    About UsContact UsCareers
  • Resources

    FAQBlogTabnine AcademyTerms of usePrivacy policyJava Code IndexJavascript Code Index
Get Tabnine for your IDE now