org.apache.sentry.provider.db.service.thrift.TSentryPrivilege java code examples

public Object getFieldValue(_Fields field) {
 switch (field) {
 case PRIVILEGE_SCOPE:
  return getPrivilegeScope();
 case SERVER_NAME:
  return getServerName();
 case DB_NAME:
  return getDbName();
 case TABLE_NAME:
  return getTableName();
 case URI:
  return getURI();
 case ACTION:
  return getAction();
 case CREATE_TIME:
  return Long.valueOf(getCreateTime());
 case GRANT_OPTION:
  return getGrantOption();
 case COLUMN_NAME:
  return getColumnName();
 }
 throw new IllegalStateException();
}

private Set<TSentryPrivilege> convertColumnPrivilege(
  PrivilegeScope scope, String serverName, String uri, String db, String table, String column,
  String action, Boolean grantOption) {
 ImmutableSet.Builder<TSentryPrivilege> setBuilder = ImmutableSet.builder();
 TSentryPrivilege privilege = new TSentryPrivilege();
 privilege.setPrivilegeScope(scope.toString());
 privilege.setServerName(serverName);
 privilege.setURI(uri);
 privilege.setDbName(db);
 privilege.setTableName(table);
 privilege.setColumnName(column);
 privilege.setAction(action);
 privilege.setCreateTime(System.currentTimeMillis());
 privilege.setGrantOption(convertTSentryGrantOption(grantOption));
 setBuilder.add(privilege);
 return setBuilder.build();
}

public static String getPrivilegeScope(TSentryPrivilege tSentryPrivilege) {
 PrivilegeScope privilegeScope = PrivilegeScope.SERVER;
 if (!StringUtils.isEmpty(tSentryPrivilege.getURI())) {
  privilegeScope = PrivilegeScope.URI;
 } else if (!StringUtils.isEmpty(tSentryPrivilege.getColumnName())) {
  privilegeScope = PrivilegeScope.COLUMN;
 } else if (!StringUtils.isEmpty(tSentryPrivilege.getTableName())) {
  privilegeScope = PrivilegeScope.TABLE;
 } else if (!StringUtils.isEmpty(tSentryPrivilege.getDbName())) {
  privilegeScope = PrivilegeScope.DATABASE;
 }
 return privilegeScope.toString();
}

boolean this_present_privilegeScope = true && tSentryPrivilege1.isSetPrivilegeScope();
boolean that_present_privilegeScope = true && tSentryPrivilege2.isSetPrivilegeScope();
if (this_present_privilegeScope || that_present_privilegeScope) {
 if (!(this_present_privilegeScope && that_present_privilegeScope)) {
  return false;
 if (!tSentryPrivilege1.getPrivilegeScope().equalsIgnoreCase(
   tSentryPrivilege2.getPrivilegeScope())) {
  return false;
boolean this_present_serverName = true && tSentryPrivilege1.isSetServerName();
boolean that_present_serverName = true && tSentryPrivilege2.isSetServerName();
if (this_present_serverName || that_present_serverName) {
 if (!(this_present_serverName && that_present_serverName)) {
  return false;
 if (!tSentryPrivilege1.getServerName().equalsIgnoreCase(tSentryPrivilege2.getServerName())) {
  return false;
boolean this_present_dbName = true && tSentryPrivilege1.isSetDbName();
boolean that_present_dbName = true && tSentryPrivilege2.isSetDbName();
if (this_present_dbName || that_present_dbName) {
 if (!(this_present_dbName && that_present_dbName)) {
  return false;
 if (!tSentryPrivilege1.getDbName().equalsIgnoreCase(tSentryPrivilege2.getDbName())) {
  return false;
boolean this_present_tableName = true && tSentryPrivilege1.isSetTableName();

private TSentryPrivilege toSentryPrivilege(TSentryAuthorizable tAuthorizable)
  throws SentryInvalidInputException {
 TSentryPrivilege tSentryPrivilege = new TSentryPrivilege();
 tSentryPrivilege.setDbName(fromNULLCol(tAuthorizable.getDb()));
 tSentryPrivilege.setServerName(fromNULLCol(tAuthorizable.getServer()));
 tSentryPrivilege.setTableName(fromNULLCol(tAuthorizable.getTable()));
 tSentryPrivilege.setColumnName(fromNULLCol(tAuthorizable.getColumn()));
 tSentryPrivilege.setURI(fromNULLCol(tAuthorizable.getUri()));
 PrivilegeScope scope;
 if (!isNULL(tSentryPrivilege.getColumnName())) {
  scope = PrivilegeScope.COLUMN;
 } else if (!isNULL(tSentryPrivilege.getTableName())) {
  scope = PrivilegeScope.TABLE;
 } else if (!isNULL(tSentryPrivilege.getDbName())) {
  scope = PrivilegeScope.DATABASE;
 } else if (!isNULL(tSentryPrivilege.getURI())) {
  scope = PrivilegeScope.URI;
 } else {
  scope = PrivilegeScope.SERVER;
 }
 tSentryPrivilege.setPrivilegeScope(scope.name());
 tSentryPrivilege.setAction(AccessConstants.ALL);
 return tSentryPrivilege;
}

String column2 = "c2";
long seqId = sentryStore.createSentryRole(roleName).getSequenceId();
TSentryPrivilege privilegeCol1 = new TSentryPrivilege();
privilegeCol1.setPrivilegeScope("COLUMN");
privilegeCol1.setServerName(server);
privilegeCol1.setDbName(db);
privilegeCol1.setTableName(table);
privilegeCol1.setColumnName(column1);
privilegeCol1.setAction(AccessConstants.ALL);
privilegeCol1.setCreateTime(System.currentTimeMillis());
TSentryPrivilege privilegeCol2 = privilegeCol1.deepCopy();
privilegeCol2.setColumnName(column2);
privilegeCol2.setAction(AccessConstants.SELECT);
assertEquals(seqId + 3, sentryStore.alterSentryRoleRevokePrivilege(grantor, roleName, privilegeCol2)
  .getSequenceId());
privilegeCol2.setAction(AccessConstants.INSERT);
privilegeCol2.setPrivilegeScope("DATABASE");
privilegeCol2.unsetTableName();
privilegeCol2.unsetColumnName();
assertEquals(seqId + 4, sentryStore.alterSentryRoleRevokePrivilege(grantor, roleName, privilegeCol2)
  .getSequenceId());

 private static void validatePrivilegeHierarchy(TSentryPrivilege tSentryPrivilege) throws Exception {
  String serverName = tSentryPrivilege.getServerName();
  String dbName = tSentryPrivilege.getDbName();
  String tableName = tSentryPrivilege.getTableName();
  String columnName = tSentryPrivilege.getColumnName();
  String uri = tSentryPrivilege.getURI();
  if (ServiceConstants.PrivilegeScope.SERVER.toString().equals(tSentryPrivilege.getPrivilegeScope())) {
   if (StringUtils.isEmpty(serverName)) {
    throw new IllegalArgumentException("The hierarchy of privilege is not correct.");
   }
  } else if (ServiceConstants.PrivilegeScope.URI.toString().equals(tSentryPrivilege.getPrivilegeScope())) {
   if (StringUtils.isEmpty(serverName) || StringUtils.isEmpty(uri)) {
    throw new IllegalArgumentException("The hierarchy of privilege is not correct.");
   }
  } else if (ServiceConstants.PrivilegeScope.DATABASE.toString().equals(tSentryPrivilege.getPrivilegeScope())) {
   if (StringUtils.isEmpty(serverName) || StringUtils.isEmpty(dbName)) {
    throw new IllegalArgumentException("The hierarchy of privilege is not correct.");
   }
  } else if (ServiceConstants.PrivilegeScope.TABLE.toString().equals(tSentryPrivilege.getPrivilegeScope())) {
   if (StringUtils.isEmpty(serverName) || StringUtils.isEmpty(dbName)
       || StringUtils.isEmpty(tableName)) {
    throw new IllegalArgumentException("The hierarchy of privilege is not correct.");
   }
  } else if (ServiceConstants.PrivilegeScope.COLUMN.toString().equals(tSentryPrivilege.getPrivilegeScope())
   && (StringUtils.isEmpty(serverName) || StringUtils.isEmpty(dbName)
       || StringUtils.isEmpty(tableName) || StringUtils.isEmpty(columnName))) {
    throw new IllegalArgumentException("The hierarchy of privilege is not correct.");
  }
 }
}

} else {
 if (!isNULL(privilege.getColumnName()) || !isNULL(privilege.getTableName())
   || !isNULL(privilege.getDbName())) {
  if (AccessConstants.ALL.equalsIgnoreCase(privilege.getAction())
    || AccessConstants.ACTION_ALL.equalsIgnoreCase(privilege.getAction())) {
   TSentryPrivilege tNotAll = new TSentryPrivilege(privilege);
   tNotAll.setAction(AccessConstants.SELECT);
   MSentryPrivilege mSelect = getMSentryPrivilege(tNotAll, pm);
   tNotAll.setAction(AccessConstants.INSERT);
   MSentryPrivilege mInsert = getMSentryPrivilege(tNotAll, pm);
   if (mSelect != null && mRole.getPrivileges().contains(mSelect)) {
   TSentryPrivilege tAll = new TSentryPrivilege(privilege);
   tAll.setAction(AccessConstants.ALL);
   MSentryPrivilege mAll1 = getMSentryPrivilege(tAll, pm);
   tAll.setAction(AccessConstants.ACTION_ALL);
   MSentryPrivilege mAll2 = getMSentryPrivilege(tAll, pm);
   if (mAll1 != null && mRole.getPrivileges().contains(mAll1)) {

private TSentryPrivilege getPrivilege(String action, String privilegeScope,
  String dbName, String tableName, String serverName, String URI) {
 TSentryPrivilege privilege = new TSentryPrivilege();
 privilege.setAction(action);
 privilege.setPrivilegeScope(privilegeScope);
 privilege.setDbName(dbName);
 privilege.setTableName(tableName);
 privilege.setServerName(serverName);
 privilege.setURI(URI);
 return privilege;
}

for (MSentryPrivilege m : privilegeGraph) {
 TSentryPrivilege t = convertToTSentryPrivilege(m);
 if (newTPrivilege.getPrivilegeScope().equals(PrivilegeScope.DATABASE.name())) {
  t.setDbName(newTPrivilege.getDbName());
 } else if (newTPrivilege.getPrivilegeScope().equals(PrivilegeScope.TABLE.name())) {
  t.setTableName(newTPrivilege.getTableName());

private JsonLogEntity createJsonLogEntity(
  TAlterSentryRoleRevokePrivilegeRequest request, TSentryPrivilege privilege,
  TAlterSentryRoleRevokePrivilegeResponse response, Configuration conf) {
 DBAuditMetadataLogEntity hamle = createCommonHAMLE(conf, response.getStatus(),
   request.getRequestorUserName(), request.getClass().getName());
 hamle.setOperationText(CommandUtil.createCmdForRevokePrivilege(request));
 hamle.setDatabaseName(privilege.getDbName());
 hamle.setTableName(privilege.getTableName());
 hamle.setResourcePath(privilege.getURI());
 return hamle;
}

 @Override
 public void read(org.apache.thrift.protocol.TProtocol prot, TAlterSentryRoleGrantPrivilegeResponse struct) throws org.apache.thrift.TException {
  TTupleProtocol iprot = (TTupleProtocol) prot;
  struct.status = new org.apache.sentry.service.thrift.TSentryResponseStatus();
  struct.status.read(iprot);
  struct.setStatusIsSet(true);
  BitSet incoming = iprot.readBitSet(2);
  if (incoming.get(0)) {
   struct.privilege = new TSentryPrivilege();
   struct.privilege.read(iprot);
   struct.setPrivilegeIsSet(true);
  }
  if (incoming.get(1)) {
   {
    org.apache.thrift.protocol.TSet _set29 = new org.apache.thrift.protocol.TSet(org.apache.thrift.protocol.TType.STRUCT, iprot.readI32());
    struct.privileges = new HashSet<TSentryPrivilege>(2*_set29.size);
    for (int _i30 = 0; _i30 < _set29.size; ++_i30)
    {
     TSentryPrivilege _elem31; // required
     _elem31 = new TSentryPrivilege();
     _elem31.read(iprot);
     struct.privileges.add(_elem31);
    }
   }
   struct.setPrivilegesIsSet(true);
  }
 }
}

private String getAuthzObj(TSentryPrivilege privilege) {
 String authzObj = null;
 if (!SentryStore.isNULL(privilege.getDbName())) {
  String dbName = privilege.getDbName();
  String tblName = privilege.getTableName();
  if (SentryStore.isNULL(tblName)) {
   authzObj = dbName;
  } else {
   authzObj = dbName + "." + tblName;
  }
 }
 return authzObj == null ? null : authzObj.toLowerCase();
}

String column = "col1";
sentryStore.createSentryRole(roleName);
TSentryPrivilege tSentryPrivilege = new TSentryPrivilege("TABLE", "server1", "ALL");
tSentryPrivilege.setDbName(dbName);
tSentryPrivilege.setTableName(table);
tSentryPrivilege.setColumnName(column);
sentryStore.alterSentryRoleGrantPrivilege(grantor, roleName, tSentryPrivilege);

private void onAlterSentryRoleGrantPrivilegeCore(String roleName, TSentryPrivilege privilege)
  throws SentryPluginException {
 String authzObj = getAuthzObj(privilege);
 if (authzObj != null) {
  PermissionsUpdate update = new PermissionsUpdate(permSeqNum.incrementAndGet(), false);
  update.addPrivilegeUpdate(authzObj).putToAddPrivileges(
    roleName, privilege.getAction().toUpperCase());
  permsUpdater.handleUpdateNotification(update);
  LOGGER.debug("Authz Perm preUpdate [" + update.getSeqNum() + "]..");
 }
}

@Test
public void testSentryTablePrivilegeSome() throws Exception {
 String roleName = "test-table-privilege-some";
 String grantor = "g1";
 String dbName = "db1";
 String table = "tb1";
 sentryStore.createSentryRole(roleName);
 TSentryPrivilege tSentryPrivilege = new TSentryPrivilege("TABLE", "server1", "ALL");
 tSentryPrivilege.setDbName(dbName);
 tSentryPrivilege.setTableName(table);
 sentryStore.alterSentryRoleGrantPrivilege(grantor, roleName, tSentryPrivilege);
 TSentryAuthorizable tSentryAuthorizable = new TSentryAuthorizable();
 tSentryAuthorizable.setDb(dbName);
 tSentryAuthorizable.setTable(AccessConstants.SOME);
 tSentryAuthorizable.setServer("server1");
 Set<TSentryPrivilege> privileges =
   sentryStore.getTSentryPrivileges(new HashSet<String>(Arrays.asList(roleName)), tSentryAuthorizable);
 assertTrue(privileges.size() == 1);
 Set<TSentryGroup> tSentryGroups = new HashSet<TSentryGroup>();
 tSentryGroups.add(new TSentryGroup("group1"));
 sentryStore.alterSentryRoleAddGroups(grantor, roleName, tSentryGroups);
 TSentryActiveRoleSet thriftRoleSet = new TSentryActiveRoleSet(true, new HashSet<String>(Arrays.asList(roleName)));
 Set<String> privs =
   sentryStore.listSentryPrivilegesForProvider(new HashSet<String>(Arrays.asList("group1")), thriftRoleSet, tSentryAuthorizable);
 assertTrue(privs.size()==1);
 assertTrue(privs.contains("server=server1->db=" + dbName + "->table=" + table + "->action=all"));
}

public TSentryPrivilege deepCopy() {
 return new TSentryPrivilege(this);
}

@Override
public void onAlterSentryRoleRevokePrivilege(
  TAlterSentryRoleRevokePrivilegeRequest request)
    throws SentryPluginException {
 if (request.isSetPrivileges()) {
  String roleName = request.getRoleName();
  for (TSentryPrivilege privilege : request.getPrivileges()) {
   if(!("COLUMN".equalsIgnoreCase(privilege.getPrivilegeScope()))) {
    onAlterSentryRoleRevokePrivilegeCore(roleName, privilege);
   }
  }
 }
}

private boolean isMultiActionsSupported(TSentryPrivilege tPrivilege) {
 return tPrivilege.getDbName() != null;
}
// wrapper for dropOrRename

/**
 * Drop given privilege from all roles
 */
public void dropPrivilege(TSentryAuthorizable tAuthorizable)
  throws SentryNoSuchObjectException, SentryInvalidInputException {
 PersistenceManager pm = null;
 boolean rollbackTransaction = true;
 TSentryPrivilege tPrivilege = toSentryPrivilege(tAuthorizable);
 try {
  pm = openTransaction();
  if (isMultiActionsSupported(tPrivilege)) {
   for (String privilegeAction : ALL_ACTIONS) {
    tPrivilege.setAction(privilegeAction);
    dropPrivilegeForAllRoles(pm, new TSentryPrivilege(tPrivilege));
   }
  } else {
   dropPrivilegeForAllRoles(pm, new TSentryPrivilege(tPrivilege));
  }
  rollbackTransaction = false;
  commitTransaction(pm);
 } catch (JDODataStoreException e) {
  throw new SentryInvalidInputException("Failed to get privileges: "
    + e.getMessage());
 } finally {
  if (rollbackTransaction) {
   rollbackTransaction(pm);
  }
 }
}

Most used methods

getAction
getDbName
getPrivilegeScope
getTableName
getColumnName
getGrantOption
getURI
<init>
Performs a deep copy on other.
getCreateTime
getServerName
isSetAction
Returns true if field action is set (has been assigned a value) and false otherwise
isSetColumnName
Returns true if field columnName is set (has been assigned a value) and false otherwise

Popular in Java

Finding current android device location
orElseThrow (Optional)
Return the contained value, if present, otherwise throw an exception to be created by the provided s
getSystemService (Context)
scheduleAtFixedRate (Timer)
ObjectMapper (com.fasterxml.jackson.databind)
ObjectMapper provides functionality for reading and writing JSON, either to and from basic POJOs (Pl
BufferedReader (java.io)
Wraps an existing Reader and buffers the input. Expensive interaction with the underlying reader is
InputStreamReader (java.io)
A class for turning a byte stream into a character stream. Data read from the source input stream is
URI (java.net)
A Uniform Resource Identifier that identifies an abstract or physical resource, as specified by RFC
Permission (java.security)
Legacy security code; do not use.
ArrayList (java.util)
ArrayList is an implementation of List, backed by an array. All optional operations including adding
Top Sublime Text plugins

How to useTSentryPrivilege in org.apache.sentry.provider.db.service.thrift

Best Java code snippets using org.apache.sentry.provider.db.service.thrift.TSentryPrivilege (Showing top 20 results out of 315)

How to use
TSentryPrivilege
in
org.apache.sentry.provider.db.service.thrift