@Override public void execute(SentryPolicyServiceClient client, String requestorName) throws Exception { Set<TSentryPrivilege> privileges = client .listAllPrivilegesByRoleName(requestorName, roleName); if (privileges != null) { for (TSentryPrivilege privilege : privileges) { String privilegeStr = convertToPrivilegeStr(privilege); System.out.println(privilegeStr); } } }
@Override public void runTestAsSubject() throws Exception { String requestorUserName = ADMIN_USER; Set<String> requestorUserGroupNames = Sets.newHashSet(ADMIN_GROUP); setLocalGroupMapping(requestorUserName, requestorUserGroupNames); writePolicyFile(); String roleName = "admin_r1"; client.createRole(requestorUserName, roleName); client.grantTablePrivilege(requestorUserName, roleName, "server", "db1", "table1", "ALL"); client.grantTablePrivilege(requestorUserName, roleName, "server", "db1", "table1", "ALL"); assertEquals(1, client.listAllPrivilegesByRoleName(requestorUserName, roleName).size()); }}); }
@Override public void runTestAsSubject() throws Exception { String requestorUserName = ADMIN_USER; Set<String> requestorUserGroupNames = Sets.newHashSet(ADMIN_GROUP); setLocalGroupMapping(requestorUserName, requestorUserGroupNames); writePolicyFile(); String roleName1 = "admin_r1"; client.dropRoleIfExists(requestorUserName, roleName1); client.createRole(requestorUserName, roleName1); client.grantServerPrivilege(requestorUserName, roleName1, "server", false); Set<TSentryPrivilege> listPrivs = client.listAllPrivilegesByRoleName(requestorUserName, roleName1); assertTrue("Privilege should be all:",listPrivs.iterator().next().getAction().equals("*")); client.revokeServerPrivilege(requestorUserName, roleName1, "server", false); listPrivs = client.listAllPrivilegesByRoleName(requestorUserName, roleName1); assertTrue("Privilege not correctly revoked !!", listPrivs.size() == 0); }}); }
@Override public void runTestAsSubject() throws Exception { // Grant a privilege with Grant Option String requestorUserName = ADMIN_USER; Set<String> requestorUserGroupNames = Sets.newHashSet(ADMIN_GROUP); setLocalGroupMapping(requestorUserName, requestorUserGroupNames); writePolicyFile(); String roleName = "admin_r1"; boolean grantOption = true; boolean withoutGrantOption = false; client.dropRoleIfExists(requestorUserName, roleName); client.createRole(requestorUserName, roleName); client.grantTablePrivilege(requestorUserName, roleName, "server", "db1", "table1", "ALL", grantOption); assertEquals(1, client.listAllPrivilegesByRoleName(requestorUserName, roleName).size()); // Try to revoke the privilege without grantOption and can't revoke the privilege. client.revokeTablePrivilege(requestorUserName, roleName, "server", "db1", "table1", "ALL", withoutGrantOption); assertEquals(1, client.listAllPrivilegesByRoleName(requestorUserName, roleName).size()); // Try to revoke the privilege with grantOption, the privilege will be revoked. client.revokeTablePrivilege(requestorUserName, roleName, "server", "db1", "table1", "ALL", grantOption); assertEquals(0, client.listAllPrivilegesByRoleName(requestorUserName, roleName).size()); }}); }
@Override public void runTestAsSubject() throws Exception { // Grant a privilege with 'Grant Option'. String requestorUserName = ADMIN_USER; Set<String> requestorUserGroupNames = Sets.newHashSet(ADMIN_GROUP); setLocalGroupMapping(requestorUserName, requestorUserGroupNames); writePolicyFile(); String roleName = "admin_r1"; boolean grantOption = true; boolean withoutGrantOption = false; client.dropRoleIfExists(requestorUserName, roleName); client.createRole(requestorUserName, roleName); client.grantTablePrivilege(requestorUserName, roleName, "server", "db1", "table1", "ALL", grantOption); assertEquals(1, client.listAllPrivilegesByRoleName(requestorUserName, roleName).size()); // Grant a privilege without 'Grant Option'. client.grantTablePrivilege(requestorUserName, roleName, "server", "db1", "table1", "ALL", withoutGrantOption); assertEquals(2, client.listAllPrivilegesByRoleName(requestorUserName, roleName).size()); // Use 'grantOption = null', the two privileges will be revoked. client.revokeTablePrivilege(requestorUserName, roleName, "server", "db1", "table1", "ALL", null); assertEquals(0, client.listAllPrivilegesByRoleName(requestorUserName, roleName).size()); }}); }
@Override public void runTestAsSubject() throws Exception { String requestorUserName = ADMIN_USER; Set<String> requestorUserGroupNames = Sets.newHashSet(ADMIN_GROUP); setLocalGroupMapping(requestorUserName, requestorUserGroupNames); writePolicyFile(); String roleName1 = "admin_r1"; String roleName2 = "admin_r2"; client.dropRoleIfExists(requestorUserName, roleName1); client.createRole(requestorUserName, roleName1); client.dropRoleIfExists(requestorUserName, roleName2); client.createRole(requestorUserName, roleName2); client.grantTablePrivilege(requestorUserName, roleName1, "server", "db", "table", "ALL"); Set<TSentryPrivilege> listPrivilegesByRoleName = client.listAllPrivilegesByRoleName(requestorUserName, roleName1); assertTrue("Privilege not assigned to role1 !!", listPrivilegesByRoleName.size() == 1); client.grantTablePrivilege(requestorUserName, roleName2, "server", "db", "table", "ALL"); listPrivilegesByRoleName = client.listAllPrivilegesByRoleName(requestorUserName, roleName2); assertTrue("Privilege not assigned to role2 !!", listPrivilegesByRoleName.size() == 1); }}); }
@Override public void runTestAsSubject() throws Exception { String requestorUserName = ADMIN_USER; Set<String> requestorUserGroupNames = Sets.newHashSet(ADMIN_GROUP); String roleName = "admin_testdb"; String server = "server1"; String uri = "file://u/w/h/t/partition=value/"; setLocalGroupMapping(requestorUserName, requestorUserGroupNames); writePolicyFile(); // Creating associated role client.dropRoleIfExists(requestorUserName, roleName); client.createRole(requestorUserName, roleName); Set<TSentryRole> roles = client.listRoles(requestorUserName); assertEquals("Incorrect number of roles", 1, roles.size()); client.grantURIPrivilege(requestorUserName, roleName, server, uri); Set<TSentryPrivilege> privileges = client.listAllPrivilegesByRoleName(requestorUserName, roleName); assertTrue(privileges.size() == 1); // Revoking the same privilege client.revokeURIPrivilege(requestorUserName, roleName, server, uri); privileges = client.listAllPrivilegesByRoleName(requestorUserName, roleName); assertTrue(privileges.size() == 0); // Clean up client.dropRole(requestorUserName, roleName); }}); }
@Override public void runTestAsSubject() throws Exception { String requestorUserName = ADMIN_USER; Set<String> requestorUserGroupNames = Sets.newHashSet(ADMIN_GROUP); String roleName = "admin_testdb"; String server = "server1"; String db = "testDB"; setLocalGroupMapping(requestorUserName, requestorUserGroupNames); writePolicyFile(); client.dropRoleIfExists(requestorUserName, roleName); client.createRole(requestorUserName, roleName); Set<TSentryRole> roles = client.listRoles(requestorUserName); assertEquals("Incorrect number of roles", 1, roles.size()); client.grantDatabasePrivilege(requestorUserName, roleName, server, db, AccessConstants.ALL); Set<TSentryPrivilege> privileges = client.listAllPrivilegesByRoleName(requestorUserName, roleName); assertTrue(privileges.size() == 1); client.revokeDatabasePrivilege(requestorUserName, roleName, server, db, AccessConstants.ALL); client.dropRole(requestorUserName, roleName); }}); }
client.grantTablePrivilege(requestorUserName, roleName2, "server", "db2", "table4", "ALL"); Set<TSentryPrivilege> listPrivilegesByRoleName = client.listAllPrivilegesByRoleName(requestorUserName, roleName1); assertEquals("Privilege not assigned to role1 !!", 4, listPrivilegesByRoleName.size()); listPrivilegesByRoleName = client.listAllPrivilegesByRoleName(requestorUserName, roleName2); assertEquals("Privilege not assigned to role2 !!", 4, listPrivilegesByRoleName.size()); listPrivilegesByRoleName = client.listAllPrivilegesByRoleName(requestorUserName, roleName1); assertTrue("Privilege not correctly revoked !!", listPrivilegesByRoleName.size() == 3); listPrivilegesByRoleName = client.listAllPrivilegesByRoleName(requestorUserName, roleName2); assertTrue("Privilege not correctly revoked !!", listPrivilegesByRoleName.size() == 4); listPrivilegesByRoleName = client.listAllPrivilegesByRoleName(requestorUserName, roleName2); assertTrue("Privilege not correctly revoked !!", listPrivilegesByRoleName.size() == 3); listPrivilegesByRoleName = client.listAllPrivilegesByRoleName(requestorUserName, roleName1); assertTrue("Privilege not correctly revoked !!", listPrivilegesByRoleName.size() == 3); client.revokeTablePrivilege(requestorUserName, roleName1, "server", "db2", "table3", "ALL"); client.revokeTablePrivilege(requestorUserName, roleName1, "server", "db2", "table4", "ALL"); listPrivilegesByRoleName = client.listAllPrivilegesByRoleName(requestorUserName, roleName1); assertTrue("Privilege not correctly revoked !!", listPrivilegesByRoleName.size() == 0); client.revokeTablePrivilege(requestorUserName, roleName2, "server", "db2", "table3", "ALL"); client.revokeTablePrivilege(requestorUserName, roleName2, "server", "db2", "table4", "ALL"); listPrivilegesByRoleName = client.listAllPrivilegesByRoleName(requestorUserName, roleName2); assertTrue("Privilege not correctly revoked !!", listPrivilegesByRoleName.size() == 0); }});
confPath.getAbsolutePath() }; SentryShellHive.main(args); Set<TSentryPrivilege> privileges = client.listAllPrivilegesByRoleName(requestorName, TEST_ROLE_NAME_1); assertEquals("Incorrect number of privileges", 5, privileges.size()); "-conf", confPath.getAbsolutePath() }; SentryShellHive.main(args); privileges = client.listAllPrivilegesByRoleName(requestorName, TEST_ROLE_NAME_1); assertEquals("Incorrect number of privileges", 4, privileges.size()); "server=server1->uri=hdfs://path/testuri", "-conf", confPath.getAbsolutePath() }; SentryShellHive.main(args); privileges = client.listAllPrivilegesByRoleName(requestorName, TEST_ROLE_NAME_1); assertEquals("Incorrect number of privileges", 3, privileges.size()); confPath.getAbsolutePath() }; SentryShellHive.main(args); privileges = client.listAllPrivilegesByRoleName(requestorName, TEST_ROLE_NAME_1); assertEquals("Incorrect number of privileges", 2, privileges.size()); "server=server1->db=db1->action=select", "-conf", confPath.getAbsolutePath() }; SentryShellHive.main(args); privileges = client.listAllPrivilegesByRoleName(requestorName, TEST_ROLE_NAME_1); assertEquals("Incorrect number of privileges", 1, privileges.size()); "server=server1->action=*", "-conf", confPath.getAbsolutePath() }; SentryShellHive.main(args); privileges = client.listAllPrivilegesByRoleName(requestorName, TEST_ROLE_NAME_1);
confPath.getAbsolutePath() }; SentryShellHive.main(args); Set<TSentryPrivilege> privileges = client.listAllPrivilegesByRoleName(requestorName, TEST_ROLE_NAME_1); assertEquals("Incorrect number of privileges", 5, privileges.size()); "-conf", confPath.getAbsolutePath() }; SentryShellHive.main(args); privileges = client.listAllPrivilegesByRoleName(requestorName, TEST_ROLE_NAME_1); assertEquals("Incorrect number of privileges", 4, privileges.size()); "server=server1->uri=hdfs://path/testuri", "-conf", confPath.getAbsolutePath() }; SentryShellHive.main(args); privileges = client.listAllPrivilegesByRoleName(requestorName, TEST_ROLE_NAME_1); assertEquals("Incorrect number of privileges", 3, privileges.size()); confPath.getAbsolutePath() }; SentryShellHive.main(args); privileges = client.listAllPrivilegesByRoleName(requestorName, TEST_ROLE_NAME_1); assertEquals("Incorrect number of privileges", 2, privileges.size()); "server=server1->db=db1->action=select", "-conf", confPath.getAbsolutePath() }; SentryShellHive.main(args); privileges = client.listAllPrivilegesByRoleName(requestorName, TEST_ROLE_NAME_1); assertEquals("Incorrect number of privileges", 1, privileges.size()); confPath.getAbsolutePath() }; SentryShellHive.main(args); privileges = client.listAllPrivilegesByRoleName(requestorName, TEST_ROLE_NAME_1);
Set<TSentryPrivilege> listPrivilegesByRoleName = client.listAllPrivilegesByRoleName(requestorUserName, roleName1); assertEquals("Privilege not assigned to role1 !!", 6, listPrivilegesByRoleName.size()); listPrivilegesByRoleName = client.listAllPrivilegesByRoleName(requestorUserName, roleName2); assertEquals("Privilege not assigned to role2 !!", 6, listPrivilegesByRoleName.size()); listPrivilegesByRoleName = client.listAllPrivilegesByRoleName(requestorUserName, roleName1); assertTrue("Privilege not correctly revoked !!", listPrivilegesByRoleName.size() == 5); listPrivilegesByRoleName = client.listAllPrivilegesByRoleName(requestorUserName, roleName2); assertTrue("Privilege not correctly revoked !!", listPrivilegesByRoleName.size() == 6); listPrivilegesByRoleName = client.listAllPrivilegesByRoleName(requestorUserName, roleName2); assertTrue("Privilege not correctly revoked !!", listPrivilegesByRoleName.size() == 4); listPrivilegesByRoleName = client.listAllPrivilegesByRoleName(requestorUserName, roleName1); assertTrue("Privilege not correctly revoked !!", listPrivilegesByRoleName.size() == 5); listPrivilegesByRoleName = client.listAllPrivilegesByRoleName(requestorUserName, roleName1); assertTrue("Privilege not correctly revoked !!", listPrivilegesByRoleName.size() == 2); client.revokeColumnPrivilege(requestorUserName, roleName1, "server", "db2", "table1", "col1", "ALL"); client.revokeColumnPrivilege(requestorUserName, roleName1, "server", "db2", "table2", "col1", "ALL"); listPrivilegesByRoleName = client.listAllPrivilegesByRoleName(requestorUserName, roleName1); assertTrue("Privilege not correctly revoked !!", listPrivilegesByRoleName.size() == 0); client.revokeColumnPrivilege(requestorUserName, roleName2, "server", "db2", "table1", "col1", "ALL"); client.revokeColumnPrivilege(requestorUserName, roleName2, "server", "db2", "table2", "col1", "ALL"); listPrivilegesByRoleName = client.listAllPrivilegesByRoleName(requestorUserName, roleName2); assertTrue("Privilege not correctly revoked !!", listPrivilegesByRoleName.size() == 0); }});