Tabnine Logo
MSentryPrivilege
Code IndexAdd Tabnine to your IDE (free)

How to use
MSentryPrivilege
in
org.apache.sentry.provider.db.service.model

Best Java code snippets using org.apache.sentry.provider.db.service.model.MSentryPrivilege (Showing top 20 results out of 315)

origin: apache/sentry

/**
 * Converts thrift object to model object. Additionally does normalization
 * such as trimming whitespace and setting appropriate case.
 * @throws SentryInvalidInputException
 */
private MSentryPrivilege convertToMSentryPrivilege(TSentryPrivilege privilege)
  throws SentryInvalidInputException {
 MSentryPrivilege mSentryPrivilege = new MSentryPrivilege();
 mSentryPrivilege.setServerName(toNULLCol(safeTrimLower(privilege.getServerName())));
 mSentryPrivilege.setDbName(toNULLCol(safeTrimLower(privilege.getDbName())));
 mSentryPrivilege.setTableName(toNULLCol(safeTrimLower(privilege.getTableName())));
 mSentryPrivilege.setColumnName(toNULLCol(safeTrimLower(privilege.getColumnName())));
 mSentryPrivilege.setPrivilegeScope(safeTrim(privilege.getPrivilegeScope()));
 mSentryPrivilege.setAction(toNULLCol(safeTrimLower(privilege.getAction())));
 mSentryPrivilege.setCreateTime(System.currentTimeMillis());
 mSentryPrivilege.setURI(toNULLCol(safeTrim(privilege.getURI())));
 if ( !privilege.getGrantOption().equals(TSentryGrantOption.UNSET) ) {
  mSentryPrivilege.setGrantOption(Boolean.valueOf(privilege.getGrantOption().toString()));
 } else {
  mSentryPrivilege.setGrantOption(null);
 }
 return mSentryPrivilege;
}
origin: apache/incubator-sentry

@VisibleForTesting
static String toAuthorizable(MSentryPrivilege privilege) {
 List<String> authorizable = new ArrayList<String>(4);
 authorizable.add(KV_JOINER.join(AuthorizableType.Server.name().toLowerCase(),
   privilege.getServerName()));
 if (isNULL(privilege.getURI())) {
  if (!isNULL(privilege.getDbName())) {
   authorizable.add(KV_JOINER.join(AuthorizableType.Db.name().toLowerCase(),
     privilege.getDbName()));
   if (!isNULL(privilege.getTableName())) {
    authorizable.add(KV_JOINER.join(AuthorizableType.Table.name().toLowerCase(),
      privilege.getTableName()));
    if (!isNULL(privilege.getColumnName())) {
     authorizable.add(KV_JOINER.join(AuthorizableType.Column.name().toLowerCase(),
       privilege.getColumnName()));
    }
   }
  }
 } else {
  authorizable.add(KV_JOINER.join(AuthorizableType.URI.name().toLowerCase(),
    privilege.getURI()));
 }
 if (!isNULL(privilege.getAction())
   && !privilege.getAction().equalsIgnoreCase(AccessConstants.ALL)) {
  authorizable
  .add(KV_JOINER.join(PolicyConstants.PRIVILEGE_NAME.toLowerCase(),
    privilege.getAction()));
 }
 return AUTHORIZABLE_JOINER.join(authorizable);
}
origin: apache/sentry

private void convertToTSentryPrivilege(MSentryPrivilege mSentryPrivilege,
  TSentryPrivilege privilege) {
 privilege.setCreateTime(mSentryPrivilege.getCreateTime());
 privilege.setAction(fromNULLCol(mSentryPrivilege.getAction()));
 privilege.setPrivilegeScope(mSentryPrivilege.getPrivilegeScope());
 privilege.setServerName(fromNULLCol(mSentryPrivilege.getServerName()));
 privilege.setDbName(fromNULLCol(mSentryPrivilege.getDbName()));
 privilege.setTableName(fromNULLCol(mSentryPrivilege.getTableName()));
 privilege.setColumnName(fromNULLCol(mSentryPrivilege.getColumnName()));
 privilege.setURI(fromNULLCol(mSentryPrivilege.getURI()));
 if (mSentryPrivilege.getGrantOption() != null) {
  privilege.setGrantOption(TSentryGrantOption.valueOf(mSentryPrivilege.getGrantOption().toString().toUpperCase()));
 } else {
  privilege.setGrantOption(TSentryGrantOption.UNSET);
 }
}
origin: apache/sentry

 Collection<MSentryPrivilege> children) throws SentryInvalidInputException {
Preconditions.checkNotNull(pm);
if (!isNULL(priv.getServerName()) || !isNULL(priv.getDbName())
  || !isNULL(priv.getTableName())) {
  if (!isNULL(childPriv.getDbName()) && !isNULL(childPriv.getTableName())
    && !isNULL(childPriv.getColumnName())) {
   populateChildren(pm, entityType, entityNames, childPriv, children);
  if (!priv.isActionALL()) {
   if (childPriv.isActionALL()) {
    childPriv.setAction(priv.getAction());
   if (!priv.implies(childPriv)) {
    continue;
origin: apache/incubator-sentry

private Set<MSentryPrivilege> getChildPrivileges(PersistenceManager pm, Set<String> roleNames,
  MSentryPrivilege parent) throws SentryInvalidInputException {
 if (!isNULL(parent.getColumnName()) || !isNULL(parent.getURI())) {
  return new HashSet<MSentryPrivilege>();
 filters.append(" && serverName == \"" + parent.getServerName() + "\"");
 if (!isNULL(parent.getDbName())) {
  filters.append(" && dbName == \"" + parent.getDbName() + "\"");
  if (!isNULL(parent.getTableName())) {
   filters.append(" && tableName == \"" + parent.getTableName() + "\"");
   filters.append(" && columnName != \"__NULL__\"");
  } else {
 Set<MSentryPrivilege> privileges = new HashSet<MSentryPrivilege>();
 for (Object[] privObj : (List<Object[]>) query.execute()) {
  MSentryPrivilege priv = new MSentryPrivilege();
  priv.setPrivilegeScope((String) privObj[0]);
  priv.setServerName((String) privObj[1]);
  priv.setDbName((String) privObj[2]);
  priv.setTableName((String) privObj[3]);
  priv.setColumnName((String) privObj[4]);
  priv.setURI((String) privObj[5]);
  priv.setAction((String) privObj[6]);
  priv.setGrantOption((Boolean) privObj[7]);
  privileges.add(priv);
origin: apache/incubator-sentry

@Test
public void testImpliesPrivilegePositiveWithColumn() throws Exception {
 // 1.test server+database+table+column+action
 MSentryPrivilege my = new MSentryPrivilege();
 MSentryPrivilege your = new MSentryPrivilege();
 my.setServerName("server1");
 my.setAction(AccessConstants.SELECT);
 your.setServerName("server1");
 your.setDbName("db1");
 your.setTableName("tb1");
 your.setColumnName("c1");
 your.setAction(AccessConstants.SELECT);
 assertTrue(my.implies(your));
 my.setDbName("db1");
 assertTrue(my.implies(your));
 my.setTableName("tb1");
 assertTrue(my.implies(your));
 my.setColumnName("c1");
 assertTrue(my.implies(your));
}
origin: apache/sentry

MSentryPrivilege my = new MSentryPrivilege();
MSentryPrivilege your = new MSentryPrivilege();
my.setServerName("server1");
my.setDbName("db1");
my.setTableName("tb1");
my.setAction(AccessConstants.SELECT);
your.setServerName("server1");
your.setDbName("db1");
your.setTableName("tb1");
your.setAction(AccessConstants.SELECT);
assertTrue(my.implies(your));
my.setAction(AccessConstants.ALL);
assertTrue(my.implies(your));
my.setTableName("");
assertTrue(my.implies(your));
my.setDbName("");
assertTrue(my.implies(your));
my.setAction(AccessConstants.ACTION_ALL);
assertTrue(my.implies(your));
my.setTableName("");
assertTrue(my.implies(your));
my.setDbName("");
assertTrue(my.implies(your));
origin: apache/sentry

private Set<MSentryPrivilege> getChildPrivileges(PersistenceManager pm, SentryPrincipalType entityType, Set<String> entityNames,
  MSentryPrivilege parent) throws SentryInvalidInputException {
 if (!isNULL(parent.getColumnName()) || !isNULL(parent.getURI())) {
  return Collections.emptySet();
 QueryParamBuilder paramBuilder = null;
 if (entityType == SentryPrincipalType.ROLE) {
  paramBuilder = QueryParamBuilder.addRolesFilter(query, null, entityNames).add(SERVER_NAME, parent.getServerName());
 } else if (entityType == SentryPrincipalType.USER) {
  paramBuilder = QueryParamBuilder.addUsersFilter(query, null, entityNames).add(SERVER_NAME, parent.getServerName());
 } else {
  throw new SentryInvalidInputException("entityType" + entityType + " is not valid");
 if (!isNULL(parent.getDbName())) {
  paramBuilder.add(DB_NAME, parent.getDbName());
  if (!isNULL(parent.getTableName())) {
   paramBuilder.add(TABLE_NAME, parent.getTableName())
     .addNotNull(COLUMN_NAME);
  } else {
  Boolean grantOption = (Boolean) privObj[7];
  MSentryPrivilege priv =
    new MSentryPrivilege(scope, serverName, dbName, tableName,
      columnName, URI, action, grantOption);
  privileges.add(priv);
origin: apache/incubator-sentry

rollbackTransaction = false;
for (MSentryPrivilege mPriv : privileges) {
 String authzObj = mPriv.getDbName();
 if (!isNULL(mPriv.getTableName())) {
  authzObj = authzObj + "." + mPriv.getTableName();
  retVal.put(authzObj, pUpdate);
 for (MSentryRole mRole : mPriv.getRoles()) {
  String existingPriv = pUpdate.get(mRole.getRoleName());
  if (existingPriv == null) {
   pUpdate.put(mRole.getRoleName(), mPriv.getAction().toUpperCase());
  } else {
   pUpdate.put(mRole.getRoleName(), existingPriv + ","
     + mPriv.getAction().toUpperCase());
origin: apache/incubator-sentry

if (mPrivilege.getGrantOption() != null) {
 privilegeGraph.add(mPrivilege);
} else {
 MSentryPrivilege mTure = new MSentryPrivilege(mPrivilege);
 mTure.setGrantOption(true);
 privilegeGraph.add(mTure);
 MSentryPrivilege mFalse = new MSentryPrivilege(mPrivilege);
 mFalse.setGrantOption(false);
 privilegeGraph.add(mFalse);
origin: apache/sentry

    (List<MSentryPrivilege>) query.executeWithMap(paramBuilder.getArguments());
for (MSentryPrivilege mPriv : privileges) {
 String authzObj = mPriv.getDbName();
 if (!isNULL(mPriv.getTableName())) {
  authzObj = authzObj + "." + mPriv.getTableName();
  retVal.put(authzObj, pUpdate);
 for (MSentryRole mRole : mPriv.getRoles()) {
  pUpdate = addPrivilegeEntry (mPriv, TPrivilegePrincipalType.ROLE, mRole.getRoleName(), pUpdate);
 for (MSentryUser mUser : mPriv.getUsers()) {
  pUpdate = addPrivilegeEntry (mPriv, TPrivilegePrincipalType.USER, mUser.getUserName(), pUpdate);
origin: apache/sentry

if ((!persistedPriv.getRoles().isEmpty() || !persistedPriv.getUsers().isEmpty()) &&
    mEntity != null) {
 persistedPriv.removePrincipal(mEntity);
 persistPrivilege(pm, persistedPriv);
for (String actionToAdd : PARTIAL_REVOKE_ACTIONS) {
 if( !requestedPrivToRevoke.getAction().equalsIgnoreCase(actionToAdd) &&
   !currentPrivilege.getAction().equalsIgnoreCase(actionToAdd) &&
   !AccessConstants.ALL.equalsIgnoreCase(actionToAdd) &&
   !AccessConstants.ACTION_ALL.equalsIgnoreCase(actionToAdd)) {
origin: apache/sentry

@Test
public void testServer() {
 privilege = new MSentryPrivilege(null, "server1", null, null, null, null, null);
 assertEquals("server=server1",
   SentryStore.toAuthorizable(privilege));
 privilege = new MSentryPrivilege(null, "server1", null, null, null, null,
   AccessConstants.ALL);
 assertEquals("server=server1",
   SentryStore.toAuthorizable(privilege));
}
origin: apache/incubator-sentry

private void revokeRolePartial(PersistenceManager pm, MSentryRole mRole,
  MSentryPrivilege currentPrivilege, MSentryPrivilege persistedPriv, String addAction)
  throws SentryInvalidInputException {
 // If table / URI, remove ALL
 persistedPriv.removeRole(mRole);
 privCleaner.incPrivRemoval();
 pm.makePersistent(persistedPriv);
 currentPrivilege.setAction(AccessConstants.ALL);
 persistedPriv = getMSentryPrivilege(convertToTSentryPrivilege(currentPrivilege), pm);
 if (persistedPriv != null && mRole.getPrivileges().contains(persistedPriv)) {
  persistedPriv.removeRole(mRole);
  privCleaner.incPrivRemoval();
  pm.makePersistent(persistedPriv);
  currentPrivilege.setAction(addAction);
  persistedPriv = getMSentryPrivilege(convertToTSentryPrivilege(currentPrivilege), pm);
  if (persistedPriv == null) {
   persistedPriv = convertToMSentryPrivilege(convertToTSentryPrivilege(currentPrivilege));
   mRole.appendPrivilege(persistedPriv);
  }
  persistedPriv.appendRole(mRole);
  pm.makePersistent(persistedPriv);
 }
}
origin: apache/sentry

private void revokePrivilegeAndGrantPartial(PersistenceManager pm, PrivilegePrincipal mEntity,
                      MSentryPrivilege currentPrivilege,
                      MSentryPrivilege persistedPriv,
                      Set<String> addActions) throws SentryInvalidInputException {
 // If table / URI, remove ALL
 persistedPriv = getMSentryPrivilege(convertToTSentryPrivilege(persistedPriv), pm);
 if (persistedPriv != null) {
  persistedPriv.removePrincipal(mEntity);
  persistPrivilege(pm, persistedPriv);
 }
 currentPrivilege.setAction(AccessConstants.ALL);
 persistedPriv = getMSentryPrivilege(convertToTSentryPrivilege(currentPrivilege), pm);
 if (persistedPriv != null && mEntity.getPrivileges().contains(persistedPriv)) {
  persistedPriv.removePrincipal(mEntity);
  persistPrivilege(pm, persistedPriv);
  // add decomposed actions
  for (String addAction : addActions) {
   currentPrivilege.setAction(addAction);
   TSentryPrivilege tSentryPrivilege = convertToTSentryPrivilege(currentPrivilege);
   persistedPriv = getMSentryPrivilege(tSentryPrivilege, pm);
   if (persistedPriv == null) {
    persistedPriv = convertToMSentryPrivilege(tSentryPrivilege);
   }
   mEntity.appendPrivilege(persistedPriv);
  }
  persistedPriv.appendPrincipal(mEntity);
  pm.makePersistent(persistedPriv);
 }
}
origin: apache/incubator-sentry

if (p.getGrantOption() && p.implies(mPrivilege)) {
 hasGrant = true;
 break;
origin: apache/incubator-sentry

/**
 * Revoke privilege from role
 */
private void revokePrivilegeFromRole(PersistenceManager pm, TSentryPrivilege tPrivilege,
  MSentryRole mRole, MSentryPrivilege mPrivilege) throws SentryInvalidInputException {
 if (PARTIAL_REVOKE_ACTIONS.contains(mPrivilege.getAction())) {
  // if this privilege is in {ALL,SELECT,INSERT}
  // we will do partial revoke
  revokePartial(pm, tPrivilege, mRole, mPrivilege);
 } else {
  // if this privilege is not ALL, SELECT nor INSERT,
  // we will revoke it from role directly
  MSentryPrivilege persistedPriv = getMSentryPrivilege(convertToTSentryPrivilege(mPrivilege), pm);
  if (persistedPriv != null) {
   mPrivilege.removeRole(mRole);
   privCleaner.incPrivRemoval();
   pm.makePersistent(mPrivilege);
  }
 }
}
origin: apache/sentry

/**
 * Revoke privilege from role
 */
private void revokePrivilege(PersistenceManager pm, TSentryPrivilege tPrivilege,
               PrivilegePrincipal mEntity, MSentryPrivilege mPrivilege)
 throws SentryInvalidInputException {
 if (PARTIAL_REVOKE_ACTIONS.contains(mPrivilege.getAction())) {
  // if this privilege is in partial revoke actions
  // we will do partial revoke
  revokePartial(pm, tPrivilege, mEntity, mPrivilege);
 } else {
  // otherwise,
  // we will revoke it from role directly
  MSentryPrivilege persistedPriv = getMSentryPrivilege(convertToTSentryPrivilege(mPrivilege), pm);
  if (persistedPriv != null) {
   persistedPriv.removePrincipal(mEntity);
   persistPrivilege(pm, persistedPriv);
  }
 }
}
origin: apache/sentry

private static Map<TPrivilegePrincipal, String> addPrivilegeEntry(MSentryPrivilege mPriv, TPrivilegePrincipalType tEntityType,
 String principal, Map<TPrivilegePrincipal, String> update) {
 TPrivilegePrincipal tPrivilegePrincipal = new TPrivilegePrincipal(tEntityType, principal);
 String existingPriv = update.get(tPrivilegePrincipal);
 String action = mPriv.getAction().toUpperCase();
 String newAction = mPriv.getAction().toUpperCase();
 if(action.equals(AccessConstants.OWNER)) {
  // Translate owner privilege to actual privilege.
  newAction = AccessConstants.ACTION_ALL;
 }
 if (existingPriv == null) {
  update.put(tPrivilegePrincipal, newAction);
 } else {
  update.put(tPrivilegePrincipal, existingPriv + "," + newAction);
 }
 return update;
}
origin: apache/sentry

 @Test
 public void testImpliesPrivilegeNegativeWithColumn() throws Exception {
  // 1.test server+database+table+column+action
  MSentryPrivilege my = new MSentryPrivilege();
  MSentryPrivilege your = new MSentryPrivilege();
  // bad column
  my.setServerName("server1");
  my.setDbName("db1");
  my.setTableName("tb1");
  my.setColumnName("c1");
  my.setAction(AccessConstants.SELECT);
  your.setServerName("server1");
  your.setDbName("db1");
  your.setTableName("tb1");
  your.setColumnName("c2");
  your.setAction(AccessConstants.SELECT);
  assertFalse(my.implies(your));

  // bad scope
  your.setColumnName("");
  assertFalse(my.implies(your));
 }
}
org.apache.sentry.provider.db.service.modelMSentryPrivilege

Javadoc

Database backed Sentry Privilege. Any changes to this object require re-running the maven build so DN an re-enhance.

Most used methods

  • <init>
  • getAction
  • getColumnName
  • getDbName
  • getGrantOption
  • getServerName
  • getTableName
  • implies
    Return true if this privilege implies other privilege Otherwise, return false
  • setAction
  • setColumnName
  • setDbName
  • setGrantOption
  • setDbName,
  • setGrantOption,
  • setPrivilegeScope,
  • setServerName,
  • setTableName,
  • setURI,
  • appendPrincipal,
  • appendRole,
  • getCreateTime,
  • getPrivilegeScope

Popular in Java

  • Reactive rest calls using spring rest template
  • getExternalFilesDir (Context)
  • notifyDataSetChanged (ArrayAdapter)
  • getApplicationContext (Context)
  • Table (com.google.common.collect)
    A collection that associates an ordered pair of keys, called a row key and a column key, with a sing
  • ResourceBundle (java.util)
    ResourceBundle is an abstract class which is the superclass of classes which provide Locale-specifi
  • JCheckBox (javax.swing)
  • DateTimeFormat (org.joda.time.format)
    Factory that creates instances of DateTimeFormatter from patterns and styles. Datetime formatting i
  • SAXParseException (org.xml.sax)
    Encapsulate an XML parse error or warning.> This module, both source code and documentation, is in t
  • Option (scala)
  • CodeWhisperer alternatives
Tabnine Logo
  • Products

    Search for Java codeSearch for JavaScript code
  • IDE Plugins

    IntelliJ IDEAWebStormVisual StudioAndroid StudioEclipseVisual Studio CodePyCharmSublime TextPhpStormVimGoLandRubyMineEmacsJupyter NotebookJupyter LabRiderDataGripAppCode
  • Company

    About UsContact UsCareers
  • Resources

    FAQBlogTabnine AcademyTerms of usePrivacy policyJava Code IndexJavascript Code Index
Get Tabnine for your IDE now