private boolean isPrivilegeStale(MSentryPrivilege privilege) { if (privilege.getUsers().isEmpty() && privilege.getRoles().isEmpty()) { return true; } return false; }
private Map<String, Set<TSentryPrivilege>> getRolePrivilegesMap( Collection<MSentryPrivilege> mSentryPrivileges) { if (mSentryPrivileges.isEmpty()) { return Collections.emptyMap(); } // change the List<MSentryPrivilege> -> Map<roleName, Set<TSentryPrivilege>> Map<String, Set<TSentryPrivilege>> rolePrivilegesMap = new HashMap<>(); for (MSentryPrivilege mSentryPrivilege : mSentryPrivileges) { TSentryPrivilege privilege = convertToTSentryPrivilege(mSentryPrivilege); for (MSentryRole mSentryRole : mSentryPrivilege.getRoles()) { String roleName = mSentryRole.getRoleName(); Set<TSentryPrivilege> privileges = rolePrivilegesMap.get(roleName); if (privileges == null) { privileges = new HashSet<>(); } privileges.add(privilege); rolePrivilegesMap.put(roleName, privileges); } } return rolePrivilegesMap; }
Boolean findOrphanedPrivilegesCore(PersistenceManager pm) { //Perform a SQL query to get things that look like orphans List<MSentryPrivilege> results = getAllMSentryPrivilegesCore(pm); List<Object> idList = new ArrayList<>(results.size()); for (MSentryPrivilege orphan : results) { idList.add(pm.getObjectId(orphan)); } if (idList.isEmpty()) { return false; } //For each potential orphan, verify it's really a orphan. // Moment an orphan is identified return 1 indicating an orphan is found. pm.refreshAll(); // Try to ensure we really have correct objects for (Object id : idList) { MSentryPrivilege priv = (MSentryPrivilege) pm.getObjectById(id); if (priv.getRoles().isEmpty()) { return true; } } return false; }
authHierarchy); for (MSentryPrivilege priv : mSentryPrivileges) { for (MSentryRole role : priv.getRoles()) { TSentryPrivilege tPriv = convertToTSentryPrivilege(priv); if (resultPrivilegeMap.containsKey(role.getRoleName())) {
getMSentryPrivilegesByAuth(SentryPrincipalType.ROLE, roles, authHierarchy); for (MSentryPrivilege priv : mSentryPrivileges) { for (MSentryRole role : priv.getRoles()) { TSentryPrivilege tPriv = convertToTSentryPrivilege(priv); if (resultPrivilegeMap.containsKey(role.getRoleName())) {
if ((!persistedPriv.getRoles().isEmpty() || !persistedPriv.getUsers().isEmpty()) && mEntity != null) { persistedPriv.removePrincipal(mEntity);
/** * List the Owners for an authorizable * @param authorizable Authorizable * @return List of owner for an authorizable * @throws Exception */ public List<SentryOwnerInfo> listOwnersByAuthorizable(TSentryAuthorizable authorizable) throws Exception { List<SentryOwnerInfo> ownerInfolist = new ArrayList<>(); return tm.executeTransaction( pm -> { List<MSentryPrivilege> mSentryPrivileges = getMSentryOwnerPrivilegesByAuth(pm, authorizable); for (MSentryPrivilege priv : mSentryPrivileges) { for (PrivilegePrincipal user : priv.getUsers()) { ownerInfolist.add(new SentryOwnerInfo(user.getPrincipalType(), user.getPrincipalName())); } for (PrivilegePrincipal role : priv.getRoles()) { ownerInfolist.add(new SentryOwnerInfo(role.getPrincipalType(), role.getPrincipalName())); } } return ownerInfolist; }); }
retVal.put(authzObj, pUpdate); for (MSentryRole mRole : mPriv.getRoles()) { String existingPriv = pUpdate.get(mRole.getRoleName()); if (existingPriv == null) {
if (mPrivileges != null && !mPrivileges.isEmpty()) { for (MSentryPrivilege mPrivilege : mPrivileges) { roleSet.addAll(ImmutableSet.copyOf(mPrivilege.getRoles()));
if (priv.getRoles().isEmpty()) { pm.deletePersistent(priv); orphansRemoved++;
List<MSentryPrivilege> mPrivileges = getMSentryPrivileges(tPrivilege, pm); for (MSentryPrivilege mPrivilege : mPrivileges) { entitySet.addAll(ImmutableSet.copyOf(mPrivilege.getRoles())); entitySet.addAll(ImmutableSet.copyOf(mPrivilege.getUsers()));
retVal.put(authzObj, pUpdate); for (MSentryRole mRole : mPriv.getRoles()) { pUpdate = addPrivilegeEntry (mPriv, TPrivilegePrincipalType.ROLE, mRole.getRoleName(), pUpdate);