if (PrivilegeScope.DATABASE.name().equalsIgnoreCase(privilegeScope)) { sb.append(privilege.getDbName()); } else if (PrivilegeScope.TABLE.name().equalsIgnoreCase(privilegeScope)) { sb.append(privilege.getTableName()); } else if (PrivilegeScope.SERVER.name().equalsIgnoreCase(privilegeScope)) { sb.append(privilege.getServerName()); } else if (PrivilegeScope.URI.name().equalsIgnoreCase(privilegeScope)) { sb.append(privilege.getURI());
for (MSentryPrivilege m : privilegeGraph) { TSentryPrivilege t = convertToTSentryPrivilege(m); if (newTPrivilege.getPrivilegeScope().equals(PrivilegeScope.DATABASE.name())) { t.setDbName(newTPrivilege.getDbName()); } else if (newTPrivilege.getPrivilegeScope().equals(PrivilegeScope.TABLE.name())) { t.setTableName(newTPrivilege.getTableName());
static String writeGrantInfo(Set<TSentryPrivilege> privileges, String roleName) { if (privileges == null || privileges.isEmpty()) { return ""; } StringBuilder builder = new StringBuilder(); for (TSentryPrivilege privilege : privileges) { if (PrivilegeScope.URI.name().equalsIgnoreCase( privilege.getPrivilegeScope())) { appendNonNull(builder, privilege.getURI(), true); } else if(PrivilegeScope.SERVER.name().equalsIgnoreCase( privilege.getPrivilegeScope())) { appendNonNull(builder, "*", true);//Db column would show * if it is a server level privilege } else { appendNonNull(builder, privilege.getDbName(), true); } appendNonNull(builder, privilege.getTableName()); appendNonNull(builder, null);//getPartValues() appendNonNull(builder, privilege.getColumnName());//getColumnName() appendNonNull(builder, roleName);//getPrincipalName() appendNonNull(builder, "ROLE");//getPrincipalType() appendNonNull(builder, privilege.getAction()); appendNonNull(builder, TSentryGrantOption.TRUE.equals(privilege.getGrantOption())); appendNonNull(builder, privilege.getCreateTime() * 1000L); appendNonNull(builder, "--"); } LOG.info("builder.toString(): " + builder.toString()); return builder.toString(); }
@Test public void testImportExportPolicy9() throws Exception { TSentryPrivilege testPrivilege1 = createTSentryPrivilege(PrivilegeScope.TABLE.name(), "server1", "db1", "tbl1", "", "", AccessConstants.SELECT, TSentryGrantOption.TRUE); TSentryPrivilege testPrivilege2 = createTSentryPrivilege(PrivilegeScope.TABLE.name(), "server1", "db1", "tbl1", "", "", AccessConstants.INSERT, TSentryGrantOption.FALSE); TSentryPrivilege testPrivilege3 = createTSentryPrivilege(PrivilegeScope.TABLE.name(), "server1", "db1", "tbl1", "", "", AccessConstants.ACTION_ALL, TSentryGrantOption.TRUE); TSentryPrivilege testPrivilege4 = createTSentryPrivilege(PrivilegeScope.TABLE.name(), "server1", "db1", "tbl1", "", "", AccessConstants.INSERT, TSentryGrantOption.TRUE); TSentryPrivilege testPrivilege5 = createTSentryPrivilege(PrivilegeScope.TABLE.name(), "server1", "db1", "tbl2", "", "", AccessConstants.SELECT, TSentryGrantOption.TRUE); TSentryPrivilege testPrivilege6 = createTSentryPrivilege(PrivilegeScope.TABLE.name(), "server1", "db1", "tbl2", "", "", AccessConstants.INSERT, TSentryGrantOption.FALSE); TSentryPrivilege testPrivilege7 = createTSentryPrivilege(PrivilegeScope.TABLE.name(), "server1", "db1", "tbl2", "", "", AccessConstants.ALL, TSentryGrantOption.TRUE); TSentryPrivilege testPrivilege8 = createTSentryPrivilege(PrivilegeScope.TABLE.name(), "server1", "db1", "tbl2", "", "", AccessConstants.INSERT, TSentryGrantOption.TRUE);
PrivilegeScope.DATABASE.name(), TEST_DATABASE_NAME, null, null, null); Set<TSentryPrivilege> privileges = Sets.newHashSet(); privileges.add(privilege); null, null, Constants.OBJECT_TYPE_PRINCIPAL); privilege = getPrivilege(AccessConstants.ALL, PrivilegeScope.TABLE.name(), null, TEST_TABLE_NAME, null, null); privileges = Sets.newHashSet();
PrivilegeScope.DATABASE.name(), TEST_DATABASE_NAME, null, null, null); Set<TSentryPrivilege> privileges = Sets.newHashSet(); privileges.add(privilege); null, null, Constants.OBJECT_TYPE_PRINCIPAL); privilege = getPrivilege(AccessConstants.ALL, PrivilegeScope.TABLE.name(), null, TEST_TABLE_NAME, null, null); privileges = Sets.newHashSet();
private TSentryPrivilege toSentryPrivilege(TSentryAuthorizable tAuthorizable) throws SentryInvalidInputException { TSentryPrivilege tSentryPrivilege = new TSentryPrivilege(); tSentryPrivilege.setDbName(fromNULLCol(tAuthorizable.getDb())); tSentryPrivilege.setServerName(fromNULLCol(tAuthorizable.getServer())); tSentryPrivilege.setTableName(fromNULLCol(tAuthorizable.getTable())); tSentryPrivilege.setColumnName(fromNULLCol(tAuthorizable.getColumn())); tSentryPrivilege.setURI(fromNULLCol(tAuthorizable.getUri())); PrivilegeScope scope; if (!isNULL(tSentryPrivilege.getColumnName())) { scope = PrivilegeScope.COLUMN; } else if (!isNULL(tSentryPrivilege.getTableName())) { scope = PrivilegeScope.TABLE; } else if (!isNULL(tSentryPrivilege.getDbName())) { scope = PrivilegeScope.DATABASE; } else if (!isNULL(tSentryPrivilege.getURI())) { scope = PrivilegeScope.URI; } else { scope = PrivilegeScope.SERVER; } tSentryPrivilege.setPrivilegeScope(scope.name()); tSentryPrivilege.setAction(AccessConstants.ALL); return tSentryPrivilege; }
@Test public void testCreateCmdForGrantOrRevokePrivilege4() { TAlterSentryRoleGrantPrivilegeRequest grantRequest = getGrantPrivilegeRequest(); TAlterSentryRoleRevokePrivilegeRequest revokeRequest = getRevokePrivilegeRequest(); TSentryPrivilege privilege = getPrivilege(null, PrivilegeScope.DATABASE.name(), "dbTest", "tableTest", "serverTest", "hdfs://namenode:port/path/to/dir"); Set<TSentryPrivilege> privileges = Sets.newHashSet(); privileges.add(privilege); grantRequest.setPrivileges(privileges); revokeRequest.setPrivileges(privileges); String createGrantPrivilegeCmdResult = CommandUtil .createCmdForGrantPrivilege(grantRequest); String createGrantPrivilegeCmdExcepted = "GRANT null ON DATABASE dbTest TO ROLE testRole"; String createRevokePrivilegeCmdResult = CommandUtil .createCmdForRevokePrivilege(revokeRequest); String createRevokePrivilegeCmdExcepted = "REVOKE null ON DATABASE dbTest FROM ROLE testRole"; assertEquals(createGrantPrivilegeCmdExcepted, createGrantPrivilegeCmdResult); assertEquals(createRevokePrivilegeCmdExcepted, createRevokePrivilegeCmdResult); }
@Test public void testCreateCmdForGrantOrRevokePrivilege3() { TAlterSentryRoleGrantPrivilegeRequest grantRequest = getGrantPrivilegeRequest(); TAlterSentryRoleRevokePrivilegeRequest revokeRequest = getRevokePrivilegeRequest(); TSentryPrivilege privilege = getPrivilege(AccessConstants.SELECT, PrivilegeScope.DATABASE.name(), "dbTest", "tableTest", "serverTest", "hdfs://namenode:port/path/to/dir"); Set<TSentryPrivilege> privileges = Sets.newHashSet(); privileges.add(privilege); grantRequest.setPrivileges(privileges); revokeRequest.setPrivileges(privileges); String createGrantPrivilegeCmdResult = CommandUtil .createCmdForGrantPrivilege(grantRequest); String createGrantPrivilegeCmdExcepted = "GRANT SELECT ON DATABASE dbTest TO ROLE testRole"; String createRevokePrivilegeCmdResult = CommandUtil .createCmdForRevokePrivilege(revokeRequest); String createRevokePrivilegeCmdExcepted = "REVOKE SELECT ON DATABASE dbTest FROM ROLE testRole"; assertEquals(createGrantPrivilegeCmdExcepted, createGrantPrivilegeCmdResult); assertEquals(createRevokePrivilegeCmdExcepted, createRevokePrivilegeCmdResult); }
@Test public void testCreateCmdForGrantOrRevokePrivilege2() { TAlterSentryRoleGrantPrivilegeRequest grantRequest = getGrantPrivilegeRequest(); TAlterSentryRoleRevokePrivilegeRequest revokeRequest = getRevokePrivilegeRequest(); TSentryPrivilege privilege = getPrivilege(AccessConstants.INSERT, PrivilegeScope.DATABASE.name(), "dbTest", "tableTest", "serverTest", "hdfs://namenode:port/path/to/dir"); Set<TSentryPrivilege> privileges = Sets.newHashSet(); privileges.add(privilege); grantRequest.setPrivileges(privileges); revokeRequest.setPrivileges(privileges); String createGrantPrivilegeCmdResult = CommandUtil .createCmdForGrantPrivilege(grantRequest); String createGrantPrivilegeCmdExcepted = "GRANT INSERT ON DATABASE dbTest TO ROLE testRole"; String createRevokePrivilegeCmdResult = CommandUtil .createCmdForRevokePrivilege(revokeRequest); String createRevokePrivilegeCmdExcepted = "REVOKE INSERT ON DATABASE dbTest FROM ROLE testRole"; assertEquals(createGrantPrivilegeCmdExcepted, createGrantPrivilegeCmdResult); assertEquals(createRevokePrivilegeCmdExcepted, createRevokePrivilegeCmdResult); }
@Test public void testCreateCmdForGrantOrRevokePrivilege1() { TAlterSentryRoleGrantPrivilegeRequest grantRequest = getGrantPrivilegeRequest(); TAlterSentryRoleRevokePrivilegeRequest revokeRequest = getRevokePrivilegeRequest(); TSentryPrivilege privilege = getPrivilege(AccessConstants.ALL, PrivilegeScope.DATABASE.name(), "dbTest", "tableTest", "serverTest", "hdfs://namenode:port/path/to/dir"); Set<TSentryPrivilege> privileges = Sets.newHashSet(); privileges.add(privilege); grantRequest.setPrivileges(privileges); revokeRequest.setPrivileges(privileges); String createGrantPrivilegeCmdResult = CommandUtil .createCmdForGrantPrivilege(grantRequest); String createGrantPrivilegeCmdExcepted = "GRANT ALL ON DATABASE dbTest TO ROLE testRole"; String createRevokePrivilegeCmdResult = CommandUtil .createCmdForRevokePrivilege(revokeRequest); String createRevokePrivilegeCmdExcepted = "REVOKE ALL ON DATABASE dbTest FROM ROLE testRole"; assertEquals(createGrantPrivilegeCmdExcepted, createGrantPrivilegeCmdResult); assertEquals(createRevokePrivilegeCmdExcepted, createRevokePrivilegeCmdResult); }
@Test public void testCreateCmdForGrantOrRevokePrivilege5() { TAlterSentryRoleGrantPrivilegeRequest grantRequest = getGrantPrivilegeRequest(); TAlterSentryRoleRevokePrivilegeRequest revokeRequest = getRevokePrivilegeRequest(); TSentryPrivilege privilege = getPrivilege(AccessConstants.SELECT, PrivilegeScope.TABLE.name(), "dbTest", "tableTest", "serverTest", "hdfs://namenode:port/path/to/dir"); Set<TSentryPrivilege> privileges = Sets.newHashSet(); privileges.add(privilege); grantRequest.setPrivileges(privileges); revokeRequest.setPrivileges(privileges); String createGrantPrivilegeCmdResult = CommandUtil .createCmdForGrantPrivilege(grantRequest); String createGrantPrivilegeCmdExcepted = "GRANT SELECT ON TABLE tableTest TO ROLE testRole"; String createRevokePrivilegeCmdResult = CommandUtil .createCmdForRevokePrivilege(revokeRequest); String createRevokePrivilegeCmdExcepted = "REVOKE SELECT ON TABLE tableTest FROM ROLE testRole"; assertEquals(createGrantPrivilegeCmdExcepted, createGrantPrivilegeCmdResult); assertEquals(createRevokePrivilegeCmdExcepted, createRevokePrivilegeCmdResult); }
@Test public void testCreateCmdForGrantOrRevokePrivilege7() { TAlterSentryRoleGrantPrivilegeRequest grantRequest = getGrantPrivilegeRequest(); TAlterSentryRoleRevokePrivilegeRequest revokeRequest = getRevokePrivilegeRequest(); TSentryPrivilege privilege = getPrivilege(AccessConstants.SELECT, PrivilegeScope.URI.name(), "dbTest", "tableTest", "serverTest", "hdfs://namenode:port/path/to/dir"); Set<TSentryPrivilege> privileges = Sets.newHashSet(); privileges.add(privilege); grantRequest.setPrivileges(privileges); revokeRequest.setPrivileges(privileges); String createGrantPrivilegeCmdResult = CommandUtil .createCmdForGrantPrivilege(grantRequest); String createGrantPrivilegeCmdExcepted = "GRANT SELECT ON URI hdfs://namenode:port/path/to/dir TO ROLE testRole"; String createRevokePrivilegeCmdResult = CommandUtil .createCmdForRevokePrivilege(revokeRequest); String createRevokePrivilegeCmdExcepted = "REVOKE SELECT ON URI hdfs://namenode:port/path/to/dir FROM ROLE testRole"; assertEquals(createGrantPrivilegeCmdExcepted, createGrantPrivilegeCmdResult); assertEquals(createRevokePrivilegeCmdExcepted, createRevokePrivilegeCmdResult); }
private void preparePrivilege() { tSentryPrivilege1 = createTSentryPrivilege(PrivilegeScope.SERVER.name(), "server1", "", "", "", "", "", TSentryGrantOption.UNSET); tSentryPrivilege2 = createTSentryPrivilege(PrivilegeScope.SERVER.name(), "server1", "", "", "", "", AccessConstants.SELECT, TSentryGrantOption.FALSE); tSentryPrivilege3 = createTSentryPrivilege(PrivilegeScope.DATABASE.name(), "server1", "db2", "", "", "", AccessConstants.INSERT, TSentryGrantOption.TRUE); tSentryPrivilege4 = createTSentryPrivilege(PrivilegeScope.TABLE.name(), "server1", "db1", "tbl1", "", "", AccessConstants.INSERT, TSentryGrantOption.FALSE); tSentryPrivilege5 = createTSentryPrivilege(PrivilegeScope.COLUMN.name(), "server1", "db1", "tbl2", "col1", "", AccessConstants.INSERT, TSentryGrantOption.FALSE); tSentryPrivilege6 = createTSentryPrivilege(PrivilegeScope.COLUMN.name(), "server1", "db1", "tbl3", "col1", "", AccessConstants.ALL, TSentryGrantOption.TRUE); tSentryPrivilege7 = createTSentryPrivilege(PrivilegeScope.COLUMN.name(), "server1", "db1", "tbl4", "col1", "", AccessConstants.ACTION_ALL, TSentryGrantOption.TRUE); tSentryPrivilege8 = createTSentryPrivilege(PrivilegeScope.URI.name(), "server1", "", "", "", "hdfs://testserver:9999/path1", AccessConstants.INSERT, TSentryGrantOption.FALSE); }
@Test public void testCreateCmdForGrantOrRevokePrivilege6() { TAlterSentryRoleGrantPrivilegeRequest grantRequest = getGrantPrivilegeRequest(); TAlterSentryRoleRevokePrivilegeRequest revokeRequest = getRevokePrivilegeRequest(); TSentryPrivilege privilege = getPrivilege(AccessConstants.SELECT, PrivilegeScope.SERVER.name(), "dbTest", "tableTest", "serverTest", "hdfs://namenode:port/path/to/dir"); Set<TSentryPrivilege> privileges = Sets.newHashSet(); privileges.add(privilege); grantRequest.setPrivileges(privileges); revokeRequest.setPrivileges(privileges); String createGrantPrivilegeCmdResult = CommandUtil .createCmdForGrantPrivilege(grantRequest); String createGrantPrivilegeCmdExcepted = "GRANT SELECT ON SERVER serverTest TO ROLE testRole"; String createRevokePrivilegeCmdResult = CommandUtil .createCmdForRevokePrivilege(revokeRequest); String createRevokePrivilegeCmdExcepted = "REVOKE SELECT ON SERVER serverTest FROM ROLE testRole"; assertEquals(createGrantPrivilegeCmdExcepted, createGrantPrivilegeCmdResult); assertEquals(createRevokePrivilegeCmdExcepted, createRevokePrivilegeCmdResult); }
@Test public void testCreateCmdForGrantOrRevokePrivilege8() { TAlterSentryRoleGrantPrivilegeRequest grantRequest = getGrantPrivilegeRequest(); TAlterSentryRoleRevokePrivilegeRequest revokeRequest = getRevokePrivilegeRequest(); TSentryPrivilege privilege = getPrivilege(AccessConstants.SELECT, PrivilegeScope.SERVER.name(), "dbTest", "tableTest", "serverTest", "hdfs://namenode:port/path/to/dir"); privilege.setGrantOption(TSentryGrantOption.TRUE); Set<TSentryPrivilege> privileges = Sets.newHashSet(); privileges.add(privilege); grantRequest.setPrivileges(privileges); revokeRequest.setPrivileges(privileges); String createGrantPrivilegeCmdResult = CommandUtil.createCmdForGrantPrivilege(grantRequest); String createGrantPrivilegeCmdExcepted = "GRANT SELECT ON SERVER serverTest TO ROLE testRole WITH GRANT OPTION"; String createRevokePrivilegeCmdResult = CommandUtil.createCmdForRevokePrivilege(revokeRequest); String createRevokePrivilegeCmdExcepted = "REVOKE SELECT ON SERVER serverTest FROM ROLE testRole WITH GRANT OPTION"; assertEquals(createGrantPrivilegeCmdExcepted, createGrantPrivilegeCmdResult); assertEquals(createRevokePrivilegeCmdExcepted, createRevokePrivilegeCmdResult); }