priv.setColumnName((String) privObj[4]); priv.setURI((String) privObj[5]); priv.setAction((String) privObj[6]); priv.setGrantOption((Boolean) privObj[7]); privileges.add(priv);
private void revokeRolePartial(PersistenceManager pm, MSentryRole mRole, MSentryPrivilege currentPrivilege, MSentryPrivilege persistedPriv, String addAction) throws SentryInvalidInputException { // If table / URI, remove ALL persistedPriv.removeRole(mRole); privCleaner.incPrivRemoval(); pm.makePersistent(persistedPriv); currentPrivilege.setAction(AccessConstants.ALL); persistedPriv = getMSentryPrivilege(convertToTSentryPrivilege(currentPrivilege), pm); if (persistedPriv != null && mRole.getPrivileges().contains(persistedPriv)) { persistedPriv.removeRole(mRole); privCleaner.incPrivRemoval(); pm.makePersistent(persistedPriv); currentPrivilege.setAction(addAction); persistedPriv = getMSentryPrivilege(convertToTSentryPrivilege(currentPrivilege), pm); if (persistedPriv == null) { persistedPriv = convertToMSentryPrivilege(convertToTSentryPrivilege(currentPrivilege)); mRole.appendPrivilege(persistedPriv); } persistedPriv.appendRole(mRole); pm.makePersistent(persistedPriv); } }
private void revokePrivilegeAndGrantPartial(PersistenceManager pm, PrivilegePrincipal mEntity, MSentryPrivilege currentPrivilege, MSentryPrivilege persistedPriv, Set<String> addActions) throws SentryInvalidInputException { // If table / URI, remove ALL persistedPriv = getMSentryPrivilege(convertToTSentryPrivilege(persistedPriv), pm); if (persistedPriv != null) { persistedPriv.removePrincipal(mEntity); persistPrivilege(pm, persistedPriv); } currentPrivilege.setAction(AccessConstants.ALL); persistedPriv = getMSentryPrivilege(convertToTSentryPrivilege(currentPrivilege), pm); if (persistedPriv != null && mEntity.getPrivileges().contains(persistedPriv)) { persistedPriv.removePrincipal(mEntity); persistPrivilege(pm, persistedPriv); // add decomposed actions for (String addAction : addActions) { currentPrivilege.setAction(addAction); TSentryPrivilege tSentryPrivilege = convertToTSentryPrivilege(currentPrivilege); persistedPriv = getMSentryPrivilege(tSentryPrivilege, pm); if (persistedPriv == null) { persistedPriv = convertToMSentryPrivilege(tSentryPrivilege); } mEntity.appendPrivilege(persistedPriv); } persistedPriv.appendPrincipal(mEntity); pm.makePersistent(persistedPriv); } }
childPriv.setAction(priv.getAction());
childPriv.setAction(priv.getAction());
@Test public void testImpliesPrivilegeNegativeWithColumn() throws Exception { // 1.test server+database+table+column+action MSentryPrivilege my = new MSentryPrivilege(); MSentryPrivilege your = new MSentryPrivilege(); // bad column my.setServerName("server1"); my.setDbName("db1"); my.setTableName("tb1"); my.setColumnName("c1"); my.setAction(AccessConstants.SELECT); your.setServerName("server1"); your.setDbName("db1"); your.setTableName("tb1"); your.setColumnName("c2"); your.setAction(AccessConstants.SELECT); assertFalse(my.implies(your)); // bad scope your.setColumnName(""); assertFalse(my.implies(your)); } }
@Test public void testImpliesPrivilegeNegativeWithColumn() throws Exception { // 1.test server+database+table+column+action MSentryPrivilege my = new MSentryPrivilege(); MSentryPrivilege your = new MSentryPrivilege(); // bad column my.setServerName("server1"); my.setDbName("db1"); my.setTableName("tb1"); my.setColumnName("c1"); my.setAction(AccessConstants.SELECT); your.setServerName("server1"); your.setDbName("db1"); your.setTableName("tb1"); your.setColumnName("c2"); your.setAction(AccessConstants.SELECT); assertFalse(my.implies(your)); // bad scope your.setColumnName(""); assertFalse(my.implies(your)); } }
/** * Converts thrift object to model object. Additionally does normalization * such as trimming whitespace and setting appropriate case. * @throws SentryInvalidInputException */ private MSentryPrivilege convertToMSentryPrivilege(TSentryPrivilege privilege) throws SentryInvalidInputException { MSentryPrivilege mSentryPrivilege = new MSentryPrivilege(); mSentryPrivilege.setServerName(toNULLCol(safeTrimLower(privilege.getServerName()))); mSentryPrivilege.setDbName(toNULLCol(safeTrimLower(privilege.getDbName()))); mSentryPrivilege.setTableName(toNULLCol(safeTrimLower(privilege.getTableName()))); mSentryPrivilege.setColumnName(toNULLCol(safeTrimLower(privilege.getColumnName()))); mSentryPrivilege.setPrivilegeScope(safeTrim(privilege.getPrivilegeScope())); mSentryPrivilege.setAction(toNULLCol(safeTrimLower(privilege.getAction()))); mSentryPrivilege.setCreateTime(System.currentTimeMillis()); mSentryPrivilege.setURI(toNULLCol(safeTrim(privilege.getURI()))); if ( !privilege.getGrantOption().equals(TSentryGrantOption.UNSET) ) { mSentryPrivilege.setGrantOption(Boolean.valueOf(privilege.getGrantOption().toString())); } else { mSentryPrivilege.setGrantOption(null); } return mSentryPrivilege; }
@Test public void testImpliesPrivilegePositiveWithColumn() throws Exception { // 1.test server+database+table+column+action MSentryPrivilege my = new MSentryPrivilege(); MSentryPrivilege your = new MSentryPrivilege(); my.setServerName("server1"); my.setAction(AccessConstants.SELECT); your.setServerName("server1"); your.setDbName("db1"); your.setTableName("tb1"); your.setColumnName("c1"); your.setAction(AccessConstants.SELECT); assertTrue(my.implies(your)); my.setDbName("db1"); assertTrue(my.implies(your)); my.setTableName("tb1"); assertTrue(my.implies(your)); my.setColumnName("c1"); assertTrue(my.implies(your)); }
/** * Converts thrift object to model object. Additionally does normalization * such as trimming whitespace and setting appropriate case. * @throws SentryInvalidInputException */ private MSentryPrivilege convertToMSentryPrivilege(TSentryPrivilege privilege) throws SentryInvalidInputException { MSentryPrivilege mSentryPrivilege = new MSentryPrivilege(); mSentryPrivilege.setServerName(toNULLCol(safeTrimLower(privilege.getServerName()))); mSentryPrivilege.setDbName(toNULLCol(safeTrimLower(privilege.getDbName()))); mSentryPrivilege.setTableName(toNULLCol(safeTrimLower(privilege.getTableName()))); mSentryPrivilege.setColumnName(toNULLCol(safeTrimLower(privilege.getColumnName()))); mSentryPrivilege.setPrivilegeScope(safeTrim(privilege.getPrivilegeScope())); mSentryPrivilege.setAction(toNULLCol(safeTrimLower(privilege.getAction()))); mSentryPrivilege.setCreateTime(System.currentTimeMillis()); mSentryPrivilege.setURI(toNULLCol(safeTrim(privilege.getURI()))); if ( !privilege.getGrantOption().equals(TSentryGrantOption.UNSET) ) { mSentryPrivilege.setGrantOption(Boolean.valueOf(privilege.getGrantOption().toString())); } else { mSentryPrivilege.setGrantOption(null); } return mSentryPrivilege; } private static String safeTrim(String s) {
@Test public void testImpliesPrivilegePositiveWithColumn() throws Exception { // 1.test server+database+table+column+action MSentryPrivilege my = new MSentryPrivilege(); MSentryPrivilege your = new MSentryPrivilege(); my.setServerName("server1"); my.setAction(AccessConstants.SELECT); your.setServerName("server1"); your.setDbName("db1"); your.setTableName("tb1"); your.setColumnName("c1"); your.setAction(AccessConstants.SELECT); assertTrue(my.implies(your)); my.setDbName("db1"); assertTrue(my.implies(your)); my.setTableName("tb1"); assertTrue(my.implies(your)); my.setColumnName("c1"); assertTrue(my.implies(your)); }
my.setDbName("db1"); my.setTableName("tb1"); my.setAction(AccessConstants.SELECT); your.setServerName("server1"); your.setDbName("db1"); your.setTableName("tb1"); your.setAction(AccessConstants.SELECT); assertTrue(my.implies(your)); my.setAction(AccessConstants.ALL); assertTrue(my.implies(your)); assertTrue(my.implies(your)); my.setAction(AccessConstants.ACTION_ALL); assertTrue(my.implies(your)); your = new MSentryPrivilege(); my.setServerName("server1"); my.setAction(actionMap[actions][0]); your.setServerName("server1"); your.setAction(actionMap[actions][1]); my.setURI("hdfs://namenode:9000/path"); your.setURI("hdfs://namenode:9000/path");
my.setDbName("db1"); my.setTableName("tb1"); my.setAction(AccessConstants.SELECT); your.setServerName("server1"); your.setDbName("db1"); your.setTableName("tb1"); your.setAction(AccessConstants.SELECT); assertTrue(my.implies(your)); my.setAction(AccessConstants.ALL); assertTrue(my.implies(your)); assertTrue(my.implies(your)); my.setAction(AccessConstants.ACTION_ALL); assertTrue(my.implies(your)); your = new MSentryPrivilege(); my.setServerName("server1"); my.setAction(actionMap[actions][0]); your.setServerName("server1"); your.setAction(actionMap[actions][1]); my.setURI("hdfs://namenode:9000/path"); your.setURI("hdfs://namenode:9000/path");
hivePrivilege.setTableName("tb1"); hivePrivilege.setPrivilegeScope("table"); hivePrivilege.setAction("select"); hivePrivilege.setGrantOption(true);
hivePrivilege.setTableName("tb1"); hivePrivilege.setPrivilegeScope("table"); hivePrivilege.setAction("select"); hivePrivilege.setGrantOption(true);
hivePrivilege.setTableName("tb1"); hivePrivilege.setPrivilegeScope("table"); hivePrivilege.setAction("select"); hivePrivilege.setURI(SentryConstants.NULL_COL); hivePrivilege.setColumnName(SentryConstants.NULL_COL);
hivePrivilege.setTableName("tb1"); hivePrivilege.setPrivilegeScope("table"); hivePrivilege.setAction("select"); hivePrivilege.setURI(SentryStore.NULL_COL); hivePrivilege.setColumnName(SentryStore.NULL_COL);
hivePrivilege.setTableName("tb1"); hivePrivilege.setPrivilegeScope("table"); hivePrivilege.setAction("select"); hivePrivilege.setURI(SentryConstants.NULL_COL); hivePrivilege.setColumnName(SentryConstants.NULL_COL);
hivePrivilege.setTableName("tb1"); hivePrivilege.setPrivilegeScope("table"); hivePrivilege.setAction("select"); hivePrivilege.setURI(SentryStore.NULL_COL); hivePrivilege.setColumnName(SentryStore.NULL_COL);
hivePrivilege.setTableName("tb1"); hivePrivilege.setPrivilegeScope("table"); hivePrivilege.setAction("select"); hivePrivilege.setURI(SentryConstants.NULL_COL); hivePrivilege.setColumnName(SentryConstants.NULL_COL);