org.apache.sentry.provider.db.service.thrift.TSentryPrivilege java code examples

Add the Codota plugin to your IDE and get smart completions

private void myMethod () {
 SimpleDateFormat s =String pattern;new SimpleDateFormat(pattern)
String template;Locale locale;new SimpleDateFormat(template, locale)
new SimpleDateFormat()
Smart code suggestions by Tabnine
}

public Object getFieldValue(_Fields field) {
 switch (field) {
 case PRIVILEGE_SCOPE:
  return getPrivilegeScope();
 case SERVER_NAME:
  return getServerName();
 case DB_NAME:
  return getDbName();
 case TABLE_NAME:
  return getTableName();
 case URI:
  return getURI();
 case ACTION:
  return getAction();
 case CREATE_TIME:
  return Long.valueOf(getCreateTime());
 case GRANT_OPTION:
  return getGrantOption();
 case COLUMN_NAME:
  return getColumnName();
 }
 throw new IllegalStateException();
}

private Set<TSentryPrivilege> convertColumnPrivilege(
  PrivilegeScope scope, String serverName, String uri, String db, String table, String column,
  String action, Boolean grantOption) {
 ImmutableSet.Builder<TSentryPrivilege> setBuilder = ImmutableSet.builder();
 TSentryPrivilege privilege = new TSentryPrivilege();
 privilege.setPrivilegeScope(scope.toString());
 privilege.setServerName(serverName);
 privilege.setURI(uri);
 privilege.setDbName(db);
 privilege.setTableName(table);
 privilege.setColumnName(column);
 privilege.setAction(action);
 privilege.setCreateTime(System.currentTimeMillis());
 privilege.setGrantOption(convertTSentryGrantOption(grantOption));
 setBuilder.add(privilege);
 return setBuilder.build();
}

public static String getPrivilegeScope(TSentryPrivilege tSentryPrivilege) {
 PrivilegeScope privilegeScope = PrivilegeScope.SERVER;
 if (!StringUtils.isEmpty(tSentryPrivilege.getURI())) {
  privilegeScope = PrivilegeScope.URI;
 } else if (!StringUtils.isEmpty(tSentryPrivilege.getColumnName())) {
  privilegeScope = PrivilegeScope.COLUMN;
 } else if (!StringUtils.isEmpty(tSentryPrivilege.getTableName())) {
  privilegeScope = PrivilegeScope.TABLE;
 } else if (!StringUtils.isEmpty(tSentryPrivilege.getDbName())) {
  privilegeScope = PrivilegeScope.DATABASE;
 }
 return privilegeScope.toString();
}

boolean this_present_privilegeScope = true && tSentryPrivilege1.isSetPrivilegeScope();
boolean that_present_privilegeScope = true && tSentryPrivilege2.isSetPrivilegeScope();
if (this_present_privilegeScope || that_present_privilegeScope) {
 if (!(this_present_privilegeScope && that_present_privilegeScope)) {
  return false;
 if (!tSentryPrivilege1.getPrivilegeScope().equalsIgnoreCase(
   tSentryPrivilege2.getPrivilegeScope())) {
  return false;
boolean this_present_serverName = true && tSentryPrivilege1.isSetServerName();
boolean that_present_serverName = true && tSentryPrivilege2.isSetServerName();
if (this_present_serverName || that_present_serverName) {
 if (!(this_present_serverName && that_present_serverName)) {
  return false;
 if (!tSentryPrivilege1.getServerName().equalsIgnoreCase(tSentryPrivilege2.getServerName())) {
  return false;
boolean this_present_dbName = true && tSentryPrivilege1.isSetDbName();
boolean that_present_dbName = true && tSentryPrivilege2.isSetDbName();
if (this_present_dbName || that_present_dbName) {
 if (!(this_present_dbName && that_present_dbName)) {
  return false;
 if (!tSentryPrivilege1.getDbName().equalsIgnoreCase(tSentryPrivilege2.getDbName())) {
  return false;
boolean this_present_tableName = true && tSentryPrivilege1.isSetTableName();

private TSentryPrivilege toSentryPrivilege(TSentryAuthorizable tAuthorizable)
  throws SentryInvalidInputException {
 TSentryPrivilege tSentryPrivilege = new TSentryPrivilege();
 tSentryPrivilege.setDbName(fromNULLCol(tAuthorizable.getDb()));
 tSentryPrivilege.setServerName(fromNULLCol(tAuthorizable.getServer()));
 tSentryPrivilege.setTableName(fromNULLCol(tAuthorizable.getTable()));
 tSentryPrivilege.setColumnName(fromNULLCol(tAuthorizable.getColumn()));
 tSentryPrivilege.setURI(fromNULLCol(tAuthorizable.getUri()));
 PrivilegeScope scope;
 if (!isNULL(tSentryPrivilege.getColumnName())) {
  scope = PrivilegeScope.COLUMN;
 } else if (!isNULL(tSentryPrivilege.getTableName())) {
  scope = PrivilegeScope.TABLE;
 } else if (!isNULL(tSentryPrivilege.getDbName())) {
  scope = PrivilegeScope.DATABASE;
 } else if (!isNULL(tSentryPrivilege.getURI())) {
  scope = PrivilegeScope.URI;
 } else {
  scope = PrivilegeScope.SERVER;
 }
 tSentryPrivilege.setPrivilegeScope(scope.name());
 tSentryPrivilege.setAction(AccessConstants.ALL);
 return tSentryPrivilege;
}

String column2 = "c2";
long seqId = sentryStore.createSentryRole(roleName).getSequenceId();
TSentryPrivilege privilegeCol1 = new TSentryPrivilege();
privilegeCol1.setPrivilegeScope("COLUMN");
privilegeCol1.setServerName(server);
privilegeCol1.setDbName(db);
privilegeCol1.setTableName(table);
privilegeCol1.setColumnName(column1);
privilegeCol1.setAction(AccessConstants.ALL);
privilegeCol1.setCreateTime(System.currentTimeMillis());
TSentryPrivilege privilegeCol2 = privilegeCol1.deepCopy();
privilegeCol2.setColumnName(column2);
privilegeCol2.setAction(AccessConstants.SELECT);
assertEquals(seqId + 3, sentryStore.alterSentryRoleRevokePrivilege(grantor, roleName, privilegeCol2)
  .getSequenceId());
privilegeCol2.setAction(AccessConstants.INSERT);
privilegeCol2.setPrivilegeScope("DATABASE");
privilegeCol2.unsetTableName();
privilegeCol2.unsetColumnName();
assertEquals(seqId + 4, sentryStore.alterSentryRoleRevokePrivilege(grantor, roleName, privilegeCol2)
  .getSequenceId());

 private static void validatePrivilegeHierarchy(TSentryPrivilege tSentryPrivilege) throws Exception {
  String serverName = tSentryPrivilege.getServerName();
  String dbName = tSentryPrivilege.getDbName();
  String tableName = tSentryPrivilege.getTableName();
  String columnName = tSentryPrivilege.getColumnName();
  String uri = tSentryPrivilege.getURI();
  if (ServiceConstants.PrivilegeScope.SERVER.toString().equals(tSentryPrivilege.getPrivilegeScope())) {
   if (StringUtils.isEmpty(serverName)) {
    throw new IllegalArgumentException("The hierarchy of privilege is not correct.");
   }
  } else if (ServiceConstants.PrivilegeScope.URI.toString().equals(tSentryPrivilege.getPrivilegeScope())) {
   if (StringUtils.isEmpty(serverName) || StringUtils.isEmpty(uri)) {
    throw new IllegalArgumentException("The hierarchy of privilege is not correct.");
   }
  } else if (ServiceConstants.PrivilegeScope.DATABASE.toString().equals(tSentryPrivilege.getPrivilegeScope())) {
   if (StringUtils.isEmpty(serverName) || StringUtils.isEmpty(dbName)) {
    throw new IllegalArgumentException("The hierarchy of privilege is not correct.");
   }
  } else if (ServiceConstants.PrivilegeScope.TABLE.toString().equals(tSentryPrivilege.getPrivilegeScope())) {
   if (StringUtils.isEmpty(serverName) || StringUtils.isEmpty(dbName)
       || StringUtils.isEmpty(tableName)) {
    throw new IllegalArgumentException("The hierarchy of privilege is not correct.");
   }
  } else if (ServiceConstants.PrivilegeScope.COLUMN.toString().equals(tSentryPrivilege.getPrivilegeScope())
   && (StringUtils.isEmpty(serverName) || StringUtils.isEmpty(dbName)
       || StringUtils.isEmpty(tableName) || StringUtils.isEmpty(columnName))) {
    throw new IllegalArgumentException("The hierarchy of privilege is not correct.");
  }
 }
}

} else {
 if (!isNULL(privilege.getColumnName()) || !isNULL(privilege.getTableName())
   || !isNULL(privilege.getDbName())) {
  if (AccessConstants.ALL.equalsIgnoreCase(privilege.getAction())
    || AccessConstants.ACTION_ALL.equalsIgnoreCase(privilege.getAction())) {
   TSentryPrivilege tNotAll = new TSentryPrivilege(privilege);
   tNotAll.setAction(AccessConstants.SELECT);
   MSentryPrivilege mSelect = getMSentryPrivilege(tNotAll, pm);
   tNotAll.setAction(AccessConstants.INSERT);
   MSentryPrivilege mInsert = getMSentryPrivilege(tNotAll, pm);
   if (mSelect != null && mRole.getPrivileges().contains(mSelect)) {
   TSentryPrivilege tAll = new TSentryPrivilege(privilege);
   tAll.setAction(AccessConstants.ALL);
   MSentryPrivilege mAll1 = getMSentryPrivilege(tAll, pm);
   tAll.setAction(AccessConstants.ACTION_ALL);
   MSentryPrivilege mAll2 = getMSentryPrivilege(tAll, pm);
   if (mAll1 != null && mRole.getPrivileges().contains(mAll1)) {

private TSentryPrivilege getPrivilege(String action, String privilegeScope,
  String dbName, String tableName, String serverName, String URI) {
 TSentryPrivilege privilege = new TSentryPrivilege();
 privilege.setAction(action);
 privilege.setPrivilegeScope(privilegeScope);
 privilege.setDbName(dbName);
 privilege.setTableName(tableName);
 privilege.setServerName(serverName);
 privilege.setURI(URI);
 return privilege;
}

for (MSentryPrivilege m : privilegeGraph) {
 TSentryPrivilege t = convertToTSentryPrivilege(m);
 if (newTPrivilege.getPrivilegeScope().equals(PrivilegeScope.DATABASE.name())) {
  t.setDbName(newTPrivilege.getDbName());
 } else if (newTPrivilege.getPrivilegeScope().equals(PrivilegeScope.TABLE.name())) {
  t.setTableName(newTPrivilege.getTableName());

private JsonLogEntity createJsonLogEntity(
  TAlterSentryRoleRevokePrivilegeRequest request, TSentryPrivilege privilege,
  TAlterSentryRoleRevokePrivilegeResponse response, Configuration conf) {
 DBAuditMetadataLogEntity hamle = createCommonHAMLE(conf, response.getStatus(),
   request.getRequestorUserName(), request.getClass().getName());
 hamle.setOperationText(CommandUtil.createCmdForRevokePrivilege(request));
 hamle.setDatabaseName(privilege.getDbName());
 hamle.setTableName(privilege.getTableName());
 hamle.setResourcePath(privilege.getURI());
 return hamle;
}

 @Override
 public void read(org.apache.thrift.protocol.TProtocol prot, TAlterSentryRoleGrantPrivilegeResponse struct) throws org.apache.thrift.TException {
  TTupleProtocol iprot = (TTupleProtocol) prot;
  struct.status = new org.apache.sentry.service.thrift.TSentryResponseStatus();
  struct.status.read(iprot);
  struct.setStatusIsSet(true);
  BitSet incoming = iprot.readBitSet(2);
  if (incoming.get(0)) {
   struct.privilege = new TSentryPrivilege();
   struct.privilege.read(iprot);
   struct.setPrivilegeIsSet(true);
  }
  if (incoming.get(1)) {
   {
    org.apache.thrift.protocol.TSet _set29 = new org.apache.thrift.protocol.TSet(org.apache.thrift.protocol.TType.STRUCT, iprot.readI32());
    struct.privileges = new HashSet<TSentryPrivilege>(2*_set29.size);
    for (int _i30 = 0; _i30 < _set29.size; ++_i30)
    {
     TSentryPrivilege _elem31; // required
     _elem31 = new TSentryPrivilege();
     _elem31.read(iprot);
     struct.privileges.add(_elem31);
    }
   }
   struct.setPrivilegesIsSet(true);
  }
 }
}

private String getAuthzObj(TSentryPrivilege privilege) {
 String authzObj = null;
 if (!SentryStore.isNULL(privilege.getDbName())) {
  String dbName = privilege.getDbName();
  String tblName = privilege.getTableName();
  if (SentryStore.isNULL(tblName)) {
   authzObj = dbName;
  } else {
   authzObj = dbName + "." + tblName;
  }
 }
 return authzObj == null ? null : authzObj.toLowerCase();
}

String column = "col1";
sentryStore.createSentryRole(roleName);
TSentryPrivilege tSentryPrivilege = new TSentryPrivilege("TABLE", "server1", "ALL");
tSentryPrivilege.setDbName(dbName);
tSentryPrivilege.setTableName(table);
tSentryPrivilege.setColumnName(column);
sentryStore.alterSentryRoleGrantPrivilege(grantor, roleName, tSentryPrivilege);

private void onAlterSentryRoleGrantPrivilegeCore(String roleName, TSentryPrivilege privilege)
  throws SentryPluginException {
 String authzObj = getAuthzObj(privilege);
 if (authzObj != null) {
  PermissionsUpdate update = new PermissionsUpdate(permSeqNum.incrementAndGet(), false);
  update.addPrivilegeUpdate(authzObj).putToAddPrivileges(
    roleName, privilege.getAction().toUpperCase());
  permsUpdater.handleUpdateNotification(update);
  LOGGER.debug("Authz Perm preUpdate [" + update.getSeqNum() + "]..");
 }
}

@Test
public void testSentryTablePrivilegeSome() throws Exception {
 String roleName = "test-table-privilege-some";
 String grantor = "g1";
 String dbName = "db1";
 String table = "tb1";
 sentryStore.createSentryRole(roleName);
 TSentryPrivilege tSentryPrivilege = new TSentryPrivilege("TABLE", "server1", "ALL");
 tSentryPrivilege.setDbName(dbName);
 tSentryPrivilege.setTableName(table);
 sentryStore.alterSentryRoleGrantPrivilege(grantor, roleName, tSentryPrivilege);
 TSentryAuthorizable tSentryAuthorizable = new TSentryAuthorizable();
 tSentryAuthorizable.setDb(dbName);
 tSentryAuthorizable.setTable(AccessConstants.SOME);
 tSentryAuthorizable.setServer("server1");
 Set<TSentryPrivilege> privileges =
   sentryStore.getTSentryPrivileges(new HashSet<String>(Arrays.asList(roleName)), tSentryAuthorizable);
 assertTrue(privileges.size() == 1);
 Set<TSentryGroup> tSentryGroups = new HashSet<TSentryGroup>();
 tSentryGroups.add(new TSentryGroup("group1"));
 sentryStore.alterSentryRoleAddGroups(grantor, roleName, tSentryGroups);
 TSentryActiveRoleSet thriftRoleSet = new TSentryActiveRoleSet(true, new HashSet<String>(Arrays.asList(roleName)));
 Set<String> privs =
   sentryStore.listSentryPrivilegesForProvider(new HashSet<String>(Arrays.asList("group1")), thriftRoleSet, tSentryAuthorizable);
 assertTrue(privs.size()==1);
 assertTrue(privs.contains("server=server1->db=" + dbName + "->table=" + table + "->action=all"));
}

public TSentryPrivilege deepCopy() {
 return new TSentryPrivilege(this);
}

@Override
public void onAlterSentryRoleRevokePrivilege(
  TAlterSentryRoleRevokePrivilegeRequest request)
    throws SentryPluginException {
 if (request.isSetPrivileges()) {
  String roleName = request.getRoleName();
  for (TSentryPrivilege privilege : request.getPrivileges()) {
   if(!("COLUMN".equalsIgnoreCase(privilege.getPrivilegeScope()))) {
    onAlterSentryRoleRevokePrivilegeCore(roleName, privilege);
   }
  }
 }
}

private boolean isMultiActionsSupported(TSentryPrivilege tPrivilege) {
 return tPrivilege.getDbName() != null;
}
// wrapper for dropOrRename

/**
 * Drop given privilege from all roles
 */
public void dropPrivilege(TSentryAuthorizable tAuthorizable)
  throws SentryNoSuchObjectException, SentryInvalidInputException {
 PersistenceManager pm = null;
 boolean rollbackTransaction = true;
 TSentryPrivilege tPrivilege = toSentryPrivilege(tAuthorizable);
 try {
  pm = openTransaction();
  if (isMultiActionsSupported(tPrivilege)) {
   for (String privilegeAction : ALL_ACTIONS) {
    tPrivilege.setAction(privilegeAction);
    dropPrivilegeForAllRoles(pm, new TSentryPrivilege(tPrivilege));
   }
  } else {
   dropPrivilegeForAllRoles(pm, new TSentryPrivilege(tPrivilege));
  }
  rollbackTransaction = false;
  commitTransaction(pm);
 } catch (JDODataStoreException e) {
  throw new SentryInvalidInputException("Failed to get privileges: "
    + e.getMessage());
 } finally {
  if (rollbackTransaction) {
   rollbackTransaction(pm);
  }
 }
}

Most used methods

getAction
getDbName
getPrivilegeScope
getTableName
getColumnName
getGrantOption
getURI
<init>
Performs a deep copy on other.
getCreateTime
getServerName
isSetAction
Returns true if field action is set (has been assigned a value) and false otherwise
isSetColumnName
Returns true if field columnName is set (has been assigned a value) and false otherwise

Popular in Java

Reactive rest calls using spring rest template
getOriginalFilename (MultipartFile)
Return the original filename in the client's filesystem.This may contain path information depending
setScale (BigDecimal)
orElseThrow (Optional)
Return the contained value, if present, otherwise throw an exception to be created by the provided s
FileInputStream (java.io)
An input stream that reads bytes from a file. File file = ...finally if (in != null) in.clos
URLConnection (java.net)
A connection to a URL for reading or writing. For HTTP connections, see HttpURLConnection for docume
DateFormat (java.text)
Formats or parses dates and times.This class provides factories for obtaining instances configured f
HashMap (java.util)
HashMap is an implementation of Map. All optional operations are supported.All elements are permitte
TimeZone (java.util)
TimeZone represents a time zone offset, and also figures out daylight savings. Typically, you get a
Logger (org.slf4j)
The org.slf4j.Logger interface is the main user entry point of SLF4J API. It is expected that loggin
Top 15 Vim Plugins

How to useTSentryPrivilege in org.apache.sentry.provider.db.service.thrift

Best Java code snippets using org.apache.sentry.provider.db.service.thrift.TSentryPrivilege (Showing top 20 results out of 315)

How to use
TSentryPrivilege
in
org.apache.sentry.provider.db.service.thrift