public static String getPrivilegeScope(TSentryPrivilege tSentryPrivilege) { PrivilegeScope privilegeScope = PrivilegeScope.SERVER; if (!StringUtils.isEmpty(tSentryPrivilege.getURI())) { privilegeScope = PrivilegeScope.URI; } else if (!StringUtils.isEmpty(tSentryPrivilege.getColumnName())) { privilegeScope = PrivilegeScope.COLUMN; } else if (!StringUtils.isEmpty(tSentryPrivilege.getTableName())) { privilegeScope = PrivilegeScope.TABLE; } else if (!StringUtils.isEmpty(tSentryPrivilege.getDbName())) { privilegeScope = PrivilegeScope.DATABASE; } return privilegeScope.toString(); }
private static String getPrivilegeScope(TSentryPrivilege tSentryPrivilege) { ServiceConstants.PrivilegeScope privilegeScope = ServiceConstants.PrivilegeScope.SERVER; if (!StringUtils.isEmpty(tSentryPrivilege.getURI())) { privilegeScope = ServiceConstants.PrivilegeScope.URI; } else if (!StringUtils.isEmpty(tSentryPrivilege.getColumnName())) { privilegeScope = ServiceConstants.PrivilegeScope.COLUMN; } else if (!StringUtils.isEmpty(tSentryPrivilege.getTableName())) { privilegeScope = ServiceConstants.PrivilegeScope.TABLE; } else if (!StringUtils.isEmpty(tSentryPrivilege.getDbName())) { privilegeScope = ServiceConstants.PrivilegeScope.DATABASE; } return privilegeScope.toString(); }
private static void validatePrivilegeHierarchy(TSentryPrivilege tSentryPrivilege) throws Exception { String serverName = tSentryPrivilege.getServerName(); String dbName = tSentryPrivilege.getDbName(); String tableName = tSentryPrivilege.getTableName(); String columnName = tSentryPrivilege.getColumnName(); String uri = tSentryPrivilege.getURI(); if (ServiceConstants.PrivilegeScope.SERVER.toString().equals(tSentryPrivilege.getPrivilegeScope())) { if (StringUtils.isEmpty(serverName)) { throw new IllegalArgumentException("The hierarchy of privilege is not correct."); } } else if (ServiceConstants.PrivilegeScope.URI.toString().equals(tSentryPrivilege.getPrivilegeScope())) { if (StringUtils.isEmpty(serverName) || StringUtils.isEmpty(uri)) { throw new IllegalArgumentException("The hierarchy of privilege is not correct."); } } else if (ServiceConstants.PrivilegeScope.DATABASE.toString().equals(tSentryPrivilege.getPrivilegeScope())) { if (StringUtils.isEmpty(serverName) || StringUtils.isEmpty(dbName)) { throw new IllegalArgumentException("The hierarchy of privilege is not correct."); } } else if (ServiceConstants.PrivilegeScope.TABLE.toString().equals(tSentryPrivilege.getPrivilegeScope())) { if (StringUtils.isEmpty(serverName) || StringUtils.isEmpty(dbName) || StringUtils.isEmpty(tableName)) { throw new IllegalArgumentException("The hierarchy of privilege is not correct."); } } else if (ServiceConstants.PrivilegeScope.COLUMN.toString().equals(tSentryPrivilege.getPrivilegeScope()) && (StringUtils.isEmpty(serverName) || StringUtils.isEmpty(dbName) || StringUtils.isEmpty(tableName) || StringUtils.isEmpty(columnName))) { throw new IllegalArgumentException("The hierarchy of privilege is not correct."); } } }
if (columns == null || columns.isEmpty()) { TSentryPrivilege privilege = new TSentryPrivilege(); privilege.setPrivilegeScope(scope.toString()); privilege.setServerName(serverName); privilege.setURI(uri); for (String column : columns) { TSentryPrivilege privilege = new TSentryPrivilege(); privilege.setPrivilegeScope(scope.toString()); privilege.setServerName(serverName); privilege.setURI(uri);
@Override public void execute(SentryPolicyServiceClient client, String requestorName) throws Exception { TSentryPrivilege tSentryPrivilege = CommandUtil.convertToTSentryPrivilege(privilegeStr); boolean grantOption = tSentryPrivilege.getGrantOption().equals(TSentryGrantOption.TRUE) ? true : false; if (ServiceConstants.PrivilegeScope.SERVER.toString().equals(tSentryPrivilege.getPrivilegeScope())) { client.grantServerPrivilege(requestorName, roleName, tSentryPrivilege.getServerName(), tSentryPrivilege.getAction(), grantOption); } else if (ServiceConstants.PrivilegeScope.DATABASE.toString().equals(tSentryPrivilege.getPrivilegeScope())) { client.grantDatabasePrivilege(requestorName, roleName, tSentryPrivilege.getServerName(), tSentryPrivilege.getDbName(), tSentryPrivilege.getAction(), grantOption); } else if (ServiceConstants.PrivilegeScope.TABLE.toString().equals(tSentryPrivilege.getPrivilegeScope())) { client.grantTablePrivilege(requestorName, roleName, tSentryPrivilege.getServerName(), tSentryPrivilege.getDbName(), tSentryPrivilege.getTableName(), tSentryPrivilege.getAction(), grantOption); } else if (ServiceConstants.PrivilegeScope.COLUMN.toString().equals(tSentryPrivilege.getPrivilegeScope())) { client.grantColumnPrivilege(requestorName, roleName, tSentryPrivilege.getServerName(), tSentryPrivilege.getDbName(), tSentryPrivilege.getTableName(), tSentryPrivilege.getColumnName(), tSentryPrivilege.getAction(), grantOption); } else if (ServiceConstants.PrivilegeScope.URI.toString().equals(tSentryPrivilege.getPrivilegeScope())) { client.grantURIPrivilege(requestorName, roleName, tSentryPrivilege.getServerName(), tSentryPrivilege.getURI(), grantOption); } } }
@Override public void execute(SentryPolicyServiceClient client, String requestorName) throws Exception { TSentryPrivilege tSentryPrivilege = CommandUtil.convertToTSentryPrivilege(privilegeStr); boolean grantOption = tSentryPrivilege.getGrantOption().equals(TSentryGrantOption.TRUE) ? true : false; if (ServiceConstants.PrivilegeScope.SERVER.toString().equals(tSentryPrivilege.getPrivilegeScope())) { client.revokeServerPrivilege(requestorName, roleName, tSentryPrivilege.getServerName(), grantOption); } else if (ServiceConstants.PrivilegeScope.DATABASE.toString().equals(tSentryPrivilege.getPrivilegeScope())) { client.revokeDatabasePrivilege(requestorName, roleName, tSentryPrivilege.getServerName(), tSentryPrivilege.getDbName(), tSentryPrivilege.getAction(), grantOption); } else if (ServiceConstants.PrivilegeScope.TABLE.toString().equals(tSentryPrivilege.getPrivilegeScope())) { client.revokeTablePrivilege(requestorName, roleName, tSentryPrivilege.getServerName(), tSentryPrivilege.getDbName(), tSentryPrivilege.getTableName(), tSentryPrivilege.getAction(), grantOption); } else if (ServiceConstants.PrivilegeScope.COLUMN.toString().equals(tSentryPrivilege.getPrivilegeScope())) { client.revokeColumnPrivilege(requestorName, roleName, tSentryPrivilege.getServerName(), tSentryPrivilege.getDbName(), tSentryPrivilege.getTableName(), tSentryPrivilege.getColumnName(), tSentryPrivilege.getAction(), grantOption); } else if (ServiceConstants.PrivilegeScope.URI.toString().equals(tSentryPrivilege.getPrivilegeScope())) { client.revokeURIPrivilege(requestorName, roleName, tSentryPrivilege.getServerName(), tSentryPrivilege.getURI(), grantOption); } }
private Set<TSentryPrivilege> convertColumnPrivilege( PrivilegeScope scope, String serverName, String uri, String db, String table, String column, String action, Boolean grantOption) { ImmutableSet.Builder<TSentryPrivilege> setBuilder = ImmutableSet.builder(); TSentryPrivilege privilege = new TSentryPrivilege(); privilege.setPrivilegeScope(scope.toString()); privilege.setServerName(serverName); privilege.setURI(uri); privilege.setDbName(db); privilege.setTableName(table); privilege.setColumnName(column); privilege.setAction(action); privilege.setCreateTime(System.currentTimeMillis()); privilege.setGrantOption(convertTSentryGrantOption(grantOption)); setBuilder.add(privilege); return setBuilder.build(); }