public synchronized void dropRoleIfExists(String requestorUserName, String roleName) throws SentryUserException { dropRole(requestorUserName, roleName, true); }
public synchronized TSentryPrivilege grantDatabasePrivilege(String requestorUserName, String roleName, String server, String db, String action, Boolean grantOption) throws SentryUserException { return grantPrivilege(requestorUserName, roleName, PrivilegeScope.DATABASE, server, null, db, null, null, action, grantOption); }
public synchronized void renamePrivileges(String requestorUserName, List<? extends Authorizable> oldAuthorizables, List<? extends Authorizable> newAuthorizables) throws SentryUserException { TSentryAuthorizable tOldSentryAuthorizable = setupSentryAuthorizable(oldAuthorizables); TSentryAuthorizable tNewSentryAuthorizable = setupSentryAuthorizable(newAuthorizables); TRenamePrivilegesRequest request = new TRenamePrivilegesRequest( ThriftConstants.TSENTRY_SERVICE_VERSION_CURRENT, requestorUserName, tOldSentryAuthorizable, tNewSentryAuthorizable); try { TRenamePrivilegesResponse response = client .rename_sentry_privilege(request); Status.throwIfNotOk(response.getStatus()); } catch (TException e) { throw new SentryUserException(THRIFT_EXCEPTION_MESSAGE, e); } }
private void revokePrivilege(String requestorUserName, String roleName, PrivilegeScope scope, String serverName, String uri, String db, String table, List<String> columns, String action, Boolean grantOption) throws SentryUserException { TAlterSentryRoleRevokePrivilegeRequest request = new TAlterSentryRoleRevokePrivilegeRequest(); request.setProtocol_version(ThriftConstants.TSENTRY_SERVICE_VERSION_CURRENT); request.setRequestorUserName(requestorUserName); request.setRoleName(roleName); Set<TSentryPrivilege> privileges = convertColumnPrivileges(scope, serverName, uri, db, table, columns, action, grantOption); request.setPrivileges(privileges); try { TAlterSentryRoleRevokePrivilegeResponse response = client.alter_sentry_role_revoke_privilege(request); Status.throwIfNotOk(response.getStatus()); } catch (TException e) { throw new SentryUserException(THRIFT_EXCEPTION_MESSAGE, e); } }
@Override public SentryPolicyServiceClient create() throws Exception { LOGGER.debug("Creating Sentry Service Client..."); boolean haEnabled = conf.getBoolean(ClientConfig.SERVER_HA_ENABLED, false); if (haEnabled) { return (SentryPolicyServiceClient) Proxy .newProxyInstance(SentryPolicyServiceClientDefaultImpl.class.getClassLoader(), SentryPolicyServiceClientDefaultImpl.class.getInterfaces(), new HAClientInvocationHandler(conf)); } else { return new SentryPolicyServiceClientDefaultImpl(conf); } }
@Override public synchronized void grantRoleToGroups(String requestorUserName, String roleName, Set<String> groups) throws SentryUserException { TAlterSentryRoleAddGroupsRequest request = new TAlterSentryRoleAddGroupsRequest( ThriftConstants.TSENTRY_SERVICE_VERSION_CURRENT, requestorUserName, roleName, convert2TGroups(groups)); try { TAlterSentryRoleAddGroupsResponse response = client.alter_sentry_role_add_groups(request); Status.throwIfNotOk(response.getStatus()); } catch (TException e) { throw new SentryUserException(THRIFT_EXCEPTION_MESSAGE, e); } }
private Set<TSentryPrivilege> convertColumnPrivilege( PrivilegeScope scope, String serverName, String uri, String db, String table, String column, String action, Boolean grantOption) { ImmutableSet.Builder<TSentryPrivilege> setBuilder = ImmutableSet.builder(); TSentryPrivilege privilege = new TSentryPrivilege(); privilege.setPrivilegeScope(scope.toString()); privilege.setServerName(serverName); privilege.setURI(uri); privilege.setDbName(db); privilege.setTableName(table); privilege.setColumnName(column); privilege.setAction(action); privilege.setCreateTime(System.currentTimeMillis()); privilege.setGrantOption(convertTSentryGrantOption(grantOption)); setBuilder.add(privilege); return setBuilder.build(); }
public synchronized Map<String, Map<String, Set<String>>> exportPolicy(String requestorUserName) throws SentryUserException { TSentryExportMappingDataRequest request = new TSentryExportMappingDataRequest( ThriftConstants.TSENTRY_SERVICE_VERSION_CURRENT, requestorUserName); try { TSentryExportMappingDataResponse response = client.export_sentry_mapping_data(request); Status.throwIfNotOk(response.getStatus()); TSentryMappingData tSentryMappingData = response.getMappingData(); Map<String, Map<String, Set<String>>> resultMap = Maps.newHashMap(); resultMap.put(PolicyFileConstants.GROUPS, tSentryMappingData.getGroupRolesMap()); resultMap.put(PolicyFileConstants.ROLES, convertRolePrivilegesMapForPolicyFile(tSentryMappingData.getRolePrivilegesMap())); return resultMap; } catch (TException e) { throw new SentryUserException(THRIFT_EXCEPTION_MESSAGE, e); } }
.setRolePrivilegesMap(convertRolePrivilegesMapForSentryDB(policyFileMappingData .get(PolicyFileConstants.ROLES))); TSentryImportMappingDataRequest request = new TSentryImportMappingDataRequest(
private TSentryPrivilege grantPrivilege(String requestorUserName, String roleName, PrivilegeScope scope, String serverName, String uri, String db, String table, String column, String action, Boolean grantOption) throws SentryUserException { TAlterSentryRoleGrantPrivilegeRequest request = new TAlterSentryRoleGrantPrivilegeRequest(); request.setProtocol_version(ThriftConstants.TSENTRY_SERVICE_VERSION_CURRENT); request.setRequestorUserName(requestorUserName); request.setRoleName(roleName); Set<TSentryPrivilege> privileges = convertColumnPrivilege(scope, serverName, uri, db, table, column, action, grantOption); request.setPrivileges(privileges); try { TAlterSentryRoleGrantPrivilegeResponse response = client.alter_sentry_role_grant_privilege(request); Status.throwIfNotOk(response.getStatus()); if (response.isSetPrivileges() && response.getPrivilegesSize()>0 ) { return response.getPrivileges().iterator().next(); } else { return new TSentryPrivilege(); } } catch (TException e) { throw new SentryUserException(THRIFT_EXCEPTION_MESSAGE, e); } }
private Set<TSentryPrivilege> grantPrivileges(String requestorUserName, String roleName, PrivilegeScope scope, String serverName, String uri, String db, String table, List<String> columns, String action, Boolean grantOption) throws SentryUserException { TAlterSentryRoleGrantPrivilegeRequest request = new TAlterSentryRoleGrantPrivilegeRequest(); request.setProtocol_version(ThriftConstants.TSENTRY_SERVICE_VERSION_CURRENT); request.setRequestorUserName(requestorUserName); request.setRoleName(roleName); Set<TSentryPrivilege> privileges = convertColumnPrivileges(scope, serverName, uri, db, table, columns, action, grantOption); request.setPrivileges(privileges); try { TAlterSentryRoleGrantPrivilegeResponse response = client.alter_sentry_role_grant_privilege(request); Status.throwIfNotOk(response.getStatus()); return response.getPrivileges(); } catch (TException e) { throw new SentryUserException(THRIFT_EXCEPTION_MESSAGE, e); } }
public synchronized void dropPrivileges(String requestorUserName, List<? extends Authorizable> authorizableObjects) throws SentryUserException { TSentryAuthorizable tSentryAuthorizable = setupSentryAuthorizable(authorizableObjects); TDropPrivilegesRequest request = new TDropPrivilegesRequest( ThriftConstants.TSENTRY_SERVICE_VERSION_CURRENT, requestorUserName, tSentryAuthorizable); try { TDropPrivilegesResponse response = client.drop_sentry_privilege(request); Status.throwIfNotOk(response.getStatus()); } catch (TException e) { throw new SentryUserException(THRIFT_EXCEPTION_MESSAGE, e); } }
public static SentryPolicyServiceClient create(Configuration conf) throws Exception { boolean haEnabled = conf.getBoolean(ClientConfig.SERVER_HA_ENABLED, false); boolean pooled = conf.getBoolean(ClientConfig.SENTRY_POOL_ENABLED, false); if (pooled) { return (SentryPolicyServiceClient) Proxy .newProxyInstance(SentryPolicyServiceClientDefaultImpl.class.getClassLoader(), SentryPolicyServiceClientDefaultImpl.class.getInterfaces(), new PoolClientInvocationHandler(conf)); } else if (haEnabled) { return (SentryPolicyServiceClient) Proxy .newProxyInstance(SentryPolicyServiceClientDefaultImpl.class.getClassLoader(), SentryPolicyServiceClientDefaultImpl.class.getInterfaces(), new HAClientInvocationHandler(conf)); } else { return new SentryPolicyServiceClientDefaultImpl(conf); } }
@Override public synchronized void revokeRoleFromGroups(String requestorUserName, String roleName, Set<String> groups) throws SentryUserException { TAlterSentryRoleDeleteGroupsRequest request = new TAlterSentryRoleDeleteGroupsRequest( ThriftConstants.TSENTRY_SERVICE_VERSION_CURRENT, requestorUserName, roleName, convert2TGroups(groups)); try { TAlterSentryRoleDeleteGroupsResponse response = client.alter_sentry_role_delete_groups(request); Status.throwIfNotOk(response.getStatus()); } catch (TException e) { throw new SentryUserException(THRIFT_EXCEPTION_MESSAGE, e); } }
privilege.setAction(action); privilege.setCreateTime(System.currentTimeMillis()); privilege.setGrantOption(convertTSentryGrantOption(grantOption)); setBuilder.add(privilege); } else { privilege.setAction(action); privilege.setCreateTime(System.currentTimeMillis()); privilege.setGrantOption(convertTSentryGrantOption(grantOption)); setBuilder.add(privilege);
public synchronized Map<TSentryAuthorizable, TSentryPrivilegeMap> listPrivilegsbyAuthorizable( String requestorUserName, Set<List<? extends Authorizable>> authorizables, Set<String> groups, ActiveRoleSet roleSet) throws SentryUserException { Set<TSentryAuthorizable> authSet = Sets.newTreeSet(); for (List<? extends Authorizable> authorizableHierarchy : authorizables) { authSet.add(setupSentryAuthorizable(authorizableHierarchy)); } TListSentryPrivilegesByAuthRequest request = new TListSentryPrivilegesByAuthRequest( ThriftConstants.TSENTRY_SERVICE_VERSION_CURRENT, requestorUserName, authSet); if (groups != null) { request.setGroups(groups); } if (roleSet != null) { request.setRoleSet(new TSentryActiveRoleSet(roleSet.isAll(), roleSet.getRoles())); } try { TListSentryPrivilegesByAuthResponse response = client .list_sentry_privileges_by_authorizable(request); Status.throwIfNotOk(response.getStatus()); return response.getPrivilegesMapByAuth(); } catch (TException e) { throw new SentryUserException(THRIFT_EXCEPTION_MESSAGE, e); } }
public synchronized void grantServerPrivilege(String requestorUserName, String roleName, String server, String action) throws SentryUserException { grantPrivilege(requestorUserName, roleName, PrivilegeScope.SERVER, server, null, null, null, null, action); }
private void renewSentryClient() throws IOException { try { manager = new ServiceManager(HAContext.getHAContext(conf)); } catch (Exception e1) { throw new IOException("Failed to extract Sentry node info from zookeeper", e1); } try { while (true) { currentServiceInstance = manager.getServiceInstance(); if (currentServiceInstance == null) { throw new IOException(SENTRY_HA_ERROR_MESSAGE); } InetSocketAddress serverAddress = ServiceManager.convertServiceInstance(currentServiceInstance); conf.set(ServiceConstants.ClientConfig.SERVER_RPC_ADDRESS, serverAddress.getHostName()); conf.setInt(ServiceConstants.ClientConfig.SERVER_RPC_PORT, serverAddress.getPort()); try { client = new SentryPolicyServiceClientDefaultImpl(conf); LOGGER.info("Sentry Client using server " + serverAddress.getHostName() + ":" + serverAddress.getPort()); break; } catch (IOException e) { manager.reportError(currentServiceInstance); LOGGER.info("Transport exception while opening transport:", e, e.getMessage()); } } } finally { manager.close(); } }
public synchronized void dropRole(String requestorUserName, String roleName) throws SentryUserException { dropRole(requestorUserName, roleName, false); }
public synchronized Set<String> listPrivilegesForProvider(Set<String> groups, ActiveRoleSet roleSet, Authorizable... authorizable) throws SentryUserException { TSentryActiveRoleSet thriftRoleSet = new TSentryActiveRoleSet(roleSet.isAll(), roleSet.getRoles()); TListSentryPrivilegesForProviderRequest request = new TListSentryPrivilegesForProviderRequest(ThriftConstants. TSENTRY_SERVICE_VERSION_CURRENT, groups, thriftRoleSet); if (authorizable != null && authorizable.length > 0) { TSentryAuthorizable tSentryAuthorizable = setupSentryAuthorizable(Lists .newArrayList(authorizable)); request.setAuthorizableHierarchy(tSentryAuthorizable); } try { TListSentryPrivilegesForProviderResponse response = client.list_sentry_privileges_for_provider(request); Status.throwIfNotOk(response.getStatus()); return response.getPrivileges(); } catch (TException e) { throw new SentryUserException(THRIFT_EXCEPTION_MESSAGE, e); } }