@Override public Set<String> getRolesByGroups(String component, Set<String> groups) throws SentryUserException { Set<String> roles = Sets.newHashSet(); if (groups == null) { return roles; } for (TSentryRole tSentryRole : delegate.getTSentryRolesByGroupName(groups, true)) { roles.add(tSentryRole.getRoleName()); } return roles; }
public Object getFieldValue(_Fields field) { switch (field) { case ROLE_NAME: return getRoleName(); case GROUPS: return getGroups(); case GRANTOR_PRINCIPAL: return getGrantorPrincipal(); } throw new IllegalStateException(); }
private TSentryRole convertToTSentryRole(MSentryRole mSentryRole) { TSentryRole role = new TSentryRole(); role.setRoleName(mSentryRole.getRoleName()); role.setGrantorPrincipal("--"); Set<TSentryGroup> sentryGroups = new HashSet<TSentryGroup>(); for(MSentryGroup mSentryGroup:mSentryRole.getGroups()) { TSentryGroup group = convertToTSentryGroup(mSentryGroup); sentryGroups.add(group); } role.setGroups(sentryGroups); return role; }
/** Returns true if field corresponding to fieldID is set (has been assigned a value) and false otherwise */ public boolean isSet(_Fields field) { if (field == null) { throw new IllegalArgumentException(); } switch (field) { case ROLE_NAME: return isSetRoleName(); case GROUPS: return isSetGroups(); case GRANTOR_PRINCIPAL: return isSetGrantorPrincipal(); } throw new IllegalStateException(); }
public void validate() throws org.apache.thrift.TException { // check for required fields if (!isSetRoleName()) { throw new org.apache.thrift.protocol.TProtocolException("Required field 'roleName' is unset! Struct:" + toString()); } if (!isSetGroups()) { throw new org.apache.thrift.protocol.TProtocolException("Required field 'groups' is unset! Struct:" + toString()); } if (!isSetGrantorPrincipal()) { throw new org.apache.thrift.protocol.TProtocolException("Required field 'grantorPrincipal' is unset! Struct:" + toString()); } // check for sub-struct validity }
@Override public void runTestAsSubject() throws Exception { String requestorUserName = ADMIN_USER; Set<String> requestorUserGroupNames = Sets.newHashSet(ADMIN_GROUP); String roleName = "admin_testdb"; String groupName = "group1"; setLocalGroupMapping(requestorUserName, requestorUserGroupNames); writePolicyFile(); client.dropRoleIfExists(requestorUserName, roleName); client.createRole(requestorUserName, roleName); Set<TSentryRole> roles = client.listRoles(requestorUserName); assertEquals("Incorrect number of roles", 1, roles.size()); client.grantRoleToGroup(requestorUserName, groupName, roleName); Set<TSentryRole> groupRoles = client.listRolesByGroupName(requestorUserName, groupName); assertTrue(groupRoles.size() == 1); for (TSentryRole role:groupRoles) { assertTrue(role.getRoleName(), role.getRoleName().equalsIgnoreCase(roleName)); assertTrue(role.getGroups().size() == 1); for (TSentryGroup group :role.getGroups()) { assertTrue(group.getGroupName(), group.getGroupName().equalsIgnoreCase(groupName)); } } client.dropRole(requestorUserName, roleName); }}); }
@Override public void read(org.apache.thrift.protocol.TProtocol prot, TListSentryRolesResponse struct) throws org.apache.thrift.TException { TTupleProtocol iprot = (TTupleProtocol) prot; struct.status = new org.apache.sentry.service.thrift.TSentryResponseStatus(); struct.status.read(iprot); struct.setStatusIsSet(true); BitSet incoming = iprot.readBitSet(1); if (incoming.get(0)) { { org.apache.thrift.protocol.TSet _set53 = new org.apache.thrift.protocol.TSet(org.apache.thrift.protocol.TType.STRUCT, iprot.readI32()); struct.roles = new HashSet<TSentryRole>(2*_set53.size); for (int _i54 = 0; _i54 < _set53.size; ++_i54) { TSentryRole _elem55; // required _elem55 = new TSentryRole(); _elem55.read(iprot); struct.roles.add(_elem55); } } struct.setRolesIsSet(true); } } }
public TSentryRole deepCopy() { return new TSentryRole(this); }
@Override public boolean equals(Object that) { if (that == null) return false; if (that instanceof TSentryRole) return this.equals((TSentryRole)that); return false; }
private void readObject(java.io.ObjectInputStream in) throws java.io.IOException, ClassNotFoundException { try { read(new org.apache.thrift.protocol.TCompactProtocol(new org.apache.thrift.transport.TIOStreamTransport(in))); } catch (org.apache.thrift.TException te) { throw new java.io.IOException(te); } }
public boolean equals(TSentryRole that) { if (that == null) return false; boolean this_present_roleName = true && this.isSetRoleName(); boolean that_present_roleName = true && that.isSetRoleName(); if (this_present_roleName || that_present_roleName) { if (!(this_present_roleName && that_present_roleName)) return false; if (!this.roleName.equals(that.roleName)) return false; } boolean this_present_groups = true && this.isSetGroups(); boolean that_present_groups = true && that.isSetGroups(); if (this_present_groups || that_present_groups) { if (!(this_present_groups && that_present_groups)) return false; if (!this.groups.equals(that.groups)) return false; } boolean this_present_grantorPrincipal = true && this.isSetGrantorPrincipal(); boolean that_present_grantorPrincipal = true && that.isSetGrantorPrincipal(); if (this_present_grantorPrincipal || that_present_grantorPrincipal) { if (!(this_present_grantorPrincipal && that_present_grantorPrincipal)) return false; if (!this.grantorPrincipal.equals(that.grantorPrincipal)) return false; } return true; }
_elem50 = new TSentryRole(); _elem50.read(iprot); struct.roles.add(_elem50);
/** * Performs a deep copy on <i>other</i>. */ public TListSentryRolesResponse(TListSentryRolesResponse other) { if (other.isSetStatus()) { this.status = new org.apache.sentry.service.thrift.TSentryResponseStatus(other.status); } if (other.isSetRoles()) { Set<TSentryRole> __this__roles = new HashSet<TSentryRole>(); for (TSentryRole other_element : other.roles) { __this__roles.add(new TSentryRole(other_element)); } this.roles = __this__roles; } }
static String writeRolesInfo(Set<TSentryRole> roles) { if (roles == null || roles.isEmpty()) { return ""; } StringBuilder builder = new StringBuilder(); for (TSentryRole roleGrant : roles) { appendNonNull(builder, roleGrant.getRoleName(), true); } return builder.toString(); }
@Override public int hashCode() { HashCodeBuilder builder = new HashCodeBuilder(); boolean present_roleName = true && (isSetRoleName()); builder.append(present_roleName); if (present_roleName) builder.append(roleName); boolean present_groups = true && (isSetGroups()); builder.append(present_groups); if (present_groups) builder.append(groups); boolean present_grantorPrincipal = true && (isSetGrantorPrincipal()); builder.append(present_grantorPrincipal); if (present_grantorPrincipal) builder.append(grantorPrincipal); return builder.toHashCode(); }
@Override public void execute(SentryPolicyServiceClient client, String requestorName) throws Exception { Set<TSentryRole> roles; if (StringUtils.isEmpty(groupName)) { roles = client.listRoles(requestorName); } else { roles = client.listRolesByGroupName(requestorName, groupName); } if (roles != null) { for (TSentryRole role : roles) { System.out.println(role.getRoleName()); } } } }
/** * Performs a deep copy on <i>other</i>. */ public TSentryRole(TSentryRole other) { if (other.isSetRoleName()) { this.roleName = other.roleName; } if (other.isSetGroups()) { Set<TSentryGroup> __this__groups = new HashSet<TSentryGroup>(); for (TSentryGroup other_element : other.groups) { __this__groups.add(new TSentryGroup(other_element)); } this.groups = __this__groups; } if (other.isSetGrantorPrincipal()) { this.grantorPrincipal = other.grantorPrincipal; } }
static String writeRoleGrantsInfo(Set<TSentryRole> roleGrants) { if (roleGrants == null || roleGrants.isEmpty()) { return ""; } StringBuilder builder = new StringBuilder(); for (TSentryRole roleGrant : roleGrants) { appendNonNull(builder, roleGrant.getRoleName(), true); appendNonNull(builder, false);//isGrantOption() appendNonNull(builder, null);//roleGrant.getGrantTime() * 1000L appendNonNull(builder, "--"); } return builder.toString(); }
TSentryRole typedOther = (TSentryRole)other; lastComparison = Boolean.valueOf(isSetRoleName()).compareTo(typedOther.isSetRoleName()); if (lastComparison != 0) { return lastComparison; if (isSetRoleName()) { lastComparison = org.apache.thrift.TBaseHelper.compareTo(this.roleName, typedOther.roleName); if (lastComparison != 0) { lastComparison = Boolean.valueOf(isSetGroups()).compareTo(typedOther.isSetGroups()); if (lastComparison != 0) { return lastComparison; if (isSetGroups()) { lastComparison = org.apache.thrift.TBaseHelper.compareTo(this.groups, typedOther.groups); if (lastComparison != 0) { lastComparison = Boolean.valueOf(isSetGrantorPrincipal()).compareTo(typedOther.isSetGrantorPrincipal()); if (lastComparison != 0) { return lastComparison; if (isSetGrantorPrincipal()) { lastComparison = org.apache.thrift.TBaseHelper.compareTo(this.grantorPrincipal, typedOther.grantorPrincipal); if (lastComparison != 0) {
private static ActiveRoleSet parseActiveRoleSet(String name, Set<TSentryRole> allowedRoles) throws SentryUserException { // if unset, then we choose the default of ALL if (name.isEmpty()) { return ActiveRoleSet.ALL; } else if (AccessConstants.NONE_ROLE.equalsIgnoreCase(name)) { return new ActiveRoleSet(new HashSet<String>()); } else if (AccessConstants.ALL_ROLE.equalsIgnoreCase(name)) { return ActiveRoleSet.ALL; } else if (AccessConstants.RESERVED_ROLE_NAMES.contains(name.toUpperCase())) { String msg = "Role " + name + " is reserved"; throw new IllegalArgumentException(msg); } else { if (allowedRoles != null) { // check if the user has been granted the role boolean foundRole = false; for (TSentryRole role : allowedRoles) { if (role.getRoleName().equalsIgnoreCase(name)) { foundRole = true; break; } } if (!foundRole) { //Set the reason for hive binding to pick up throw new SentryUserException("Not authorized to set role " + name, "Not authorized to set role " + name); } } return new ActiveRoleSet(Sets.newHashSet(ROLE_SET_SPLITTER.split(name))); } }