public TSentryGroup deepCopy() { return new TSentryGroup(this); }
private Set<TSentryGroup> toTSentryGroups(Set<String> groups) { Set<TSentryGroup> tSentryGroups = Sets.newHashSet(); for (String group : groups) { tSentryGroups.add(new TSentryGroup(group)); } return tSentryGroups; }
private Set<TSentryGroup> convert2TGroups(Set<String> groups) { Set<TSentryGroup> tGroups = Sets.newHashSet(); if (groups != null) { for (String groupName : groups) { tGroups.add(new TSentryGroup(groupName)); } } return tGroups; }
private Map<String, Set<TSentryGroup>> covertToRoleNameTGroupsMap( Map<String, Set<String>> groupRolesMap) { Map<String, Set<TSentryGroup>> roleGroupsMap = Maps.newHashMap(); if (groupRolesMap != null) { for (Map.Entry<String, Set<String>> entry : groupRolesMap.entrySet()) { Set<String> roleNames = entry.getValue(); if (roleNames != null) { for (String roleName : roleNames) { Set<TSentryGroup> tSentryGroups = roleGroupsMap.get(roleName); if (tSentryGroups == null) { tSentryGroups = Sets.newHashSet(); } tSentryGroups.add(new TSentryGroup(entry.getKey())); roleGroupsMap.put(roleName, tSentryGroups); } } } } return roleGroupsMap; }
private TSentryGroup convertToTSentryGroup(MSentryGroup mSentryGroup) { TSentryGroup group = new TSentryGroup(); group.setGroupName(mSentryGroup.getGroupName()); return group; }
/** * Performs a deep copy on <i>other</i>. */ public TSentryRole(TSentryRole other) { if (other.isSetRoleName()) { this.roleName = other.roleName; } if (other.isSetGroups()) { Set<TSentryGroup> __this__groups = new HashSet<TSentryGroup>(); for (TSentryGroup other_element : other.groups) { __this__groups.add(new TSentryGroup(other_element)); } this.groups = __this__groups; } if (other.isSetGrantorPrincipal()) { this.grantorPrincipal = other.grantorPrincipal; } }
/** * Performs a deep copy on <i>other</i>. */ public TAlterSentryRoleAddGroupsRequest(TAlterSentryRoleAddGroupsRequest other) { __isset_bitfield = other.__isset_bitfield; this.protocol_version = other.protocol_version; if (other.isSetRequestorUserName()) { this.requestorUserName = other.requestorUserName; } if (other.isSetRoleName()) { this.roleName = other.roleName; } if (other.isSetGroups()) { Set<TSentryGroup> __this__groups = new HashSet<TSentryGroup>(); for (TSentryGroup other_element : other.groups) { __this__groups.add(new TSentryGroup(other_element)); } this.groups = __this__groups; } }
/** * Performs a deep copy on <i>other</i>. */ public TAlterSentryRoleDeleteGroupsRequest(TAlterSentryRoleDeleteGroupsRequest other) { __isset_bitfield = other.__isset_bitfield; this.protocol_version = other.protocol_version; if (other.isSetRequestorUserName()) { this.requestorUserName = other.requestorUserName; } if (other.isSetRoleName()) { this.roleName = other.roleName; } if (other.isSetGroups()) { Set<TSentryGroup> __this__groups = new HashSet<TSentryGroup>(); for (TSentryGroup other_element : other.groups) { __this__groups.add(new TSentryGroup(other_element)); } this.groups = __this__groups; } }
private Set<TSentryGroup> getGroups() { Set<TSentryGroup> groups = new LinkedHashSet<TSentryGroup>(); TSentryGroup group = new TSentryGroup(); group.setGroupName(TEST_GROUP); groups.add(group); return groups; } }
_elem42 = new TSentryGroup(); _elem42.read(iprot); struct.groups.add(_elem42);
@Override public void read(org.apache.thrift.protocol.TProtocol prot, TSentryRole struct) throws org.apache.thrift.TException { TTupleProtocol iprot = (TTupleProtocol) prot; struct.roleName = iprot.readString(); struct.setRoleNameIsSet(true); { org.apache.thrift.protocol.TSet _set45 = new org.apache.thrift.protocol.TSet(org.apache.thrift.protocol.TType.STRUCT, iprot.readI32()); struct.groups = new HashSet<TSentryGroup>(2*_set45.size); for (int _i46 = 0; _i46 < _set45.size; ++_i46) { TSentryGroup _elem47; // required _elem47 = new TSentryGroup(); _elem47.read(iprot); struct.groups.add(_elem47); } } struct.setGroupsIsSet(true); struct.grantorPrincipal = iprot.readString(); struct.setGrantorPrincipalIsSet(true); } }
@Test public void testListRole() throws Exception { String roleName1 = "role1", roleName2 = "role2", roleName3 = "role3"; String group1 = "group1", group2 = "group2"; String grantor = "g1"; sentryStore.createSentryRole(roleName1); sentryStore.createSentryRole(roleName2); sentryStore.createSentryRole(roleName3); sentryStore.alterSentryRoleAddGroups(grantor, roleName1, Sets.newHashSet(new TSentryGroup(group1))); sentryStore.alterSentryRoleAddGroups(grantor, roleName2, Sets.newHashSet(new TSentryGroup(group2))); sentryStore.alterSentryRoleAddGroups(grantor, roleName3, Sets.newHashSet(new TSentryGroup(group1), new TSentryGroup(group2))); assertEquals(2, sentryStore.getTSentryRolesByGroupName(Sets.newHashSet(group1), false).size()); assertEquals(2, sentryStore.getTSentryRolesByGroupName(Sets.newHashSet(group2), false).size()); assertEquals(3, sentryStore.getTSentryRolesByGroupName(Sets.newHashSet(group1,group2), false).size()); assertEquals(0, sentryStore.getTSentryRolesByGroupName(Sets.newHashSet("foo"), true) .size()); }
@Override public void read(org.apache.thrift.protocol.TProtocol prot, TAlterSentryRoleAddGroupsRequest struct) throws org.apache.thrift.TException { TTupleProtocol iprot = (TTupleProtocol) prot; struct.protocol_version = iprot.readI32(); struct.setProtocol_versionIsSet(true); struct.requestorUserName = iprot.readString(); struct.setRequestorUserNameIsSet(true); struct.roleName = iprot.readString(); struct.setRoleNameIsSet(true); { org.apache.thrift.protocol.TSet _set5 = new org.apache.thrift.protocol.TSet(org.apache.thrift.protocol.TType.STRUCT, iprot.readI32()); struct.groups = new HashSet<TSentryGroup>(2*_set5.size); for (int _i6 = 0; _i6 < _set5.size; ++_i6) { TSentryGroup _elem7; // required _elem7 = new TSentryGroup(); _elem7.read(iprot); struct.groups.add(_elem7); } } struct.setGroupsIsSet(true); } }
@Override public void read(org.apache.thrift.protocol.TProtocol prot, TAlterSentryRoleDeleteGroupsRequest struct) throws org.apache.thrift.TException { TTupleProtocol iprot = (TTupleProtocol) prot; struct.protocol_version = iprot.readI32(); struct.setProtocol_versionIsSet(true); struct.requestorUserName = iprot.readString(); struct.setRequestorUserNameIsSet(true); struct.roleName = iprot.readString(); struct.setRoleNameIsSet(true); { org.apache.thrift.protocol.TSet _set13 = new org.apache.thrift.protocol.TSet(org.apache.thrift.protocol.TType.STRUCT, iprot.readI32()); struct.groups = new HashSet<TSentryGroup>(2*_set13.size); for (int _i14 = 0; _i14 < _set13.size; ++_i14) { TSentryGroup _elem15; // required _elem15 = new TSentryGroup(); _elem15.read(iprot); struct.groups.add(_elem15); } } struct.setGroupsIsSet(true); } }
@Test public void testSentryGroupsSize() throws Exception { String role1 = "role1"; String role2 = "role2"; sentryStore.createSentryRole(role1); sentryStore.createSentryRole(role2); Set<TSentryGroup> groups = Sets.newHashSet(); TSentryGroup group = new TSentryGroup(); group.setGroupName("group1"); groups.add(group); String grantor = "g1"; sentryStore.alterSentryRoleAddGroups(grantor, role1, groups); assertEquals(Long.valueOf(1), sentryStore.getGroupCountGauge().getValue()); sentryStore.alterSentryRoleAddGroups(grantor, role2, groups); assertEquals(Long.valueOf(1), sentryStore.getGroupCountGauge().getValue()); groups.add(new TSentryGroup("group2")); sentryStore.alterSentryRoleAddGroups(grantor, role2, groups); assertEquals(Long.valueOf(2), sentryStore.getGroupCountGauge().getValue()); }
@Test public void testURI() throws Exception { String roleName = "test-dup-role"; String grantor = "g1"; String uri = "file:///var/folders/dt/9zm44z9s6bjfxbrm4v36lzdc0000gp/T/1401860678102-0/data/kv1.dat"; sentryStore.createSentryRole(roleName); TSentryPrivilege tSentryPrivilege = new TSentryPrivilege("URI", "server1", "ALL"); tSentryPrivilege.setURI(uri); sentryStore.alterSentryRoleGrantPrivilege(grantor, roleName, tSentryPrivilege); TSentryAuthorizable tSentryAuthorizable = new TSentryAuthorizable(); tSentryAuthorizable.setUri(uri); tSentryAuthorizable.setServer("server1"); Set<TSentryPrivilege> privileges = sentryStore.getTSentryPrivileges(new HashSet<String>(Arrays.asList(roleName)), tSentryAuthorizable); assertTrue(privileges.size() == 1); Set<TSentryGroup> tSentryGroups = new HashSet<TSentryGroup>(); tSentryGroups.add(new TSentryGroup("group1")); sentryStore.alterSentryRoleAddGroups(grantor, roleName, tSentryGroups); TSentryActiveRoleSet thriftRoleSet = new TSentryActiveRoleSet(true, new HashSet<String>(Arrays.asList(roleName))); Set<String> privs = sentryStore.listSentryPrivilegesForProvider(new HashSet<String>(Arrays.asList("group1")), thriftRoleSet, tSentryAuthorizable); assertTrue(privs.size()==1); assertTrue(privs.contains("server=server1->uri=" + uri + "->action=all")); }
@Test public void testSentryTablePrivilegeSome() throws Exception { String roleName = "test-table-privilege-some"; String grantor = "g1"; String dbName = "db1"; String table = "tb1"; sentryStore.createSentryRole(roleName); TSentryPrivilege tSentryPrivilege = new TSentryPrivilege("TABLE", "server1", "ALL"); tSentryPrivilege.setDbName(dbName); tSentryPrivilege.setTableName(table); sentryStore.alterSentryRoleGrantPrivilege(grantor, roleName, tSentryPrivilege); TSentryAuthorizable tSentryAuthorizable = new TSentryAuthorizable(); tSentryAuthorizable.setDb(dbName); tSentryAuthorizable.setTable(AccessConstants.SOME); tSentryAuthorizable.setServer("server1"); Set<TSentryPrivilege> privileges = sentryStore.getTSentryPrivileges(new HashSet<String>(Arrays.asList(roleName)), tSentryAuthorizable); assertTrue(privileges.size() == 1); Set<TSentryGroup> tSentryGroups = new HashSet<TSentryGroup>(); tSentryGroups.add(new TSentryGroup("group1")); sentryStore.alterSentryRoleAddGroups(grantor, roleName, tSentryGroups); TSentryActiveRoleSet thriftRoleSet = new TSentryActiveRoleSet(true, new HashSet<String>(Arrays.asList(roleName))); Set<String> privs = sentryStore.listSentryPrivilegesForProvider(new HashSet<String>(Arrays.asList("group1")), thriftRoleSet, tSentryAuthorizable); assertTrue(privs.size()==1); assertTrue(privs.contains("server=server1->db=" + dbName + "->table=" + table + "->action=all")); }
@Test public void testAddDeleteGroups() throws Exception { String roleName = "test-groups"; String grantor = "g1"; long seqId = sentryStore.createSentryRole(roleName).getSequenceId(); Set<TSentryGroup> groups = Sets.newHashSet(); TSentryGroup group = new TSentryGroup(); group.setGroupName("test-groups-g1"); groups.add(group); group = new TSentryGroup(); group.setGroupName("test-groups-g2"); groups.add(group); assertEquals(seqId + 1, sentryStore.alterSentryRoleAddGroups(grantor, roleName, groups).getSequenceId()); assertEquals(seqId + 2, sentryStore.alterSentryRoleDeleteGroups(roleName, groups) .getSequenceId()); MSentryRole role = sentryStore.getMSentryRoleByName(roleName); assertEquals(Collections.emptySet(), role.getGroups()); }
tSentryGroups.add(new TSentryGroup("group1")); sentryStore.alterSentryRoleAddGroups(grantor, roleName, tSentryGroups);
@Test public void testCaseInsensitiveRole() throws Exception { String roleName = "newRole"; String grantor = "g1"; Set<TSentryGroup> groups = Sets.newHashSet(); TSentryGroup group = new TSentryGroup(); group.setGroupName("test-groups-g1"); groups.add(group); TSentryPrivilege privilege = new TSentryPrivilege(); privilege.setPrivilegeScope("TABLE"); privilege.setServerName("server1"); privilege.setDbName("default"); privilege.setTableName("table1"); privilege.setAction(AccessConstants.ALL); privilege.setCreateTime(System.currentTimeMillis()); long seqId = sentryStore.createSentryRole(roleName).getSequenceId(); assertEquals(seqId + 1, sentryStore.alterSentryRoleAddGroups(grantor, roleName, groups).getSequenceId()); assertEquals(seqId + 2, sentryStore.alterSentryRoleDeleteGroups(roleName, groups).getSequenceId()); assertEquals(seqId + 3, sentryStore.alterSentryRoleGrantPrivilege(grantor, roleName, privilege).getSequenceId()); assertEquals(seqId + 4, sentryStore.alterSentryRoleRevokePrivilege(grantor, roleName, privilege).getSequenceId()); } @Test