Repository: sentry Updated Branches: refs/heads/master 68949951e -> d540e3b5a
SENTRY-1179: Update Sentry config tool for export with specific auth object(Colin Ma, reviewed by Dapeng Sun) Project: http://git-wip-us.apache.org/repos/asf/sentry/repo Commit: http://git-wip-us.apache.org/repos/asf/sentry/commit/d540e3b5 Tree: http://git-wip-us.apache.org/repos/asf/sentry/tree/d540e3b5 Diff: http://git-wip-us.apache.org/repos/asf/sentry/diff/d540e3b5 Branch: refs/heads/master Commit: d540e3b5af3f74360777945e27004471732620d4 Parents: 6894995 Author: Colin Ma <[email protected]> Authored: Thu Apr 14 12:14:31 2016 +0800 Committer: Colin Ma <[email protected]> Committed: Thu Apr 14 12:14:31 2016 +0800 ---------------------------------------------------------------------- .../binding/hive/authz/SentryConfigTool.java | 19 ++++++++- .../tests/e2e/hive/TestPolicyImportExport.java | 42 ++++++++++++++++++-- 2 files changed, 56 insertions(+), 5 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/sentry/blob/d540e3b5/sentry-binding/sentry-binding-hive-common/src/main/java/org/apache/sentry/binding/hive/authz/SentryConfigTool.java ---------------------------------------------------------------------- diff --git a/sentry-binding/sentry-binding-hive-common/src/main/java/org/apache/sentry/binding/hive/authz/SentryConfigTool.java b/sentry-binding/sentry-binding-hive-common/src/main/java/org/apache/sentry/binding/hive/authz/SentryConfigTool.java index 18ba943..4ef86e6 100644 --- a/sentry-binding/sentry-binding-hive-common/src/main/java/org/apache/sentry/binding/hive/authz/SentryConfigTool.java +++ b/sentry-binding/sentry-binding-hive-common/src/main/java/org/apache/sentry/binding/hive/authz/SentryConfigTool.java @@ -76,6 +76,7 @@ public class SentryConfigTool { private String passWord = null; private String importPolicyFilePath = null; private String exportPolicyFilePath = null; + private String objectPath = null; private boolean listPrivs = false; private boolean validate = false; private boolean importOverwriteRole = false; @@ -127,6 +128,14 @@ public class SentryConfigTool { this.importPolicyFilePath = importPolicyFilePath; } + public String getObjectPath() { + return objectPath; + } + + public void setObjectPath(String objectPath) { + this.objectPath = objectPath; + } + public String getExportPolicyFilePath() { return exportPolicyFilePath; } @@ -293,7 +302,7 @@ public class SentryConfigTool { SentryPolicyServiceClient client = SentryServiceClientFactory.create(getAuthzConf()); // export the sentry mapping data from database to map structure Map<String, Map<String, Set<String>>> policyFileMappingData = client - .exportPolicy(requestorUserName, null); + .exportPolicy(requestorUserName, objectPath); // get the FileFormatter according to the configuration SentryPolicyFileFormatter sentryPolicyFileFormatter = SentryPolicyFileFormatFactory .createFileFormatter(authzConf); @@ -448,6 +457,7 @@ public class SentryConfigTool { * -I,--import Import policy file * -E,--export Export policy file * -o,--overwrite Overwrite the exist role data when do the import + * -b,--objectPath The path of the object whose privileges will be exported * </pre> * * @param args @@ -524,6 +534,11 @@ public class SentryConfigTool { overwriteOpt.setRequired(false); sentryOptions.addOption(overwriteOpt); + Option objectPathOpt = new Option("b", "objectPath", + false, "The path of the object whose privileges will be exported"); + objectPathOpt.setRequired(false); + sentryOptions.addOption(objectPathOpt); + try { Parser parser = new GnuParser(); CommandLine cmd = parser.parse(sentryOptions, args); @@ -555,6 +570,8 @@ public class SentryConfigTool { enableDebug = true; } else if (opt.getOpt().equals("o")) { setImportOverwriteRole(true); + } else if (opt.getOpt().equals("b")) { + setObjectPath(opt.getValue()); } } http://git-wip-us.apache.org/repos/asf/sentry/blob/d540e3b5/sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/hive/TestPolicyImportExport.java ---------------------------------------------------------------------- diff --git a/sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/hive/TestPolicyImportExport.java b/sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/hive/TestPolicyImportExport.java index c72aea3..3f3daf5 100644 --- a/sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/hive/TestPolicyImportExport.java +++ b/sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/hive/TestPolicyImportExport.java @@ -53,7 +53,6 @@ public class TestPolicyImportExport extends AbstractTestWithStaticConfiguration public static String PRIVILIEGE8 = "server=server1->uri=hdfs://testserver:9999/path2->action=insert"; private SentryConfigTool configTool; - private Map<String, Map<String, Set<String>>> policyFileMappingData; @BeforeClass public static void setupTestStaticConfiguration() throws Exception{ @@ -77,7 +76,7 @@ public class TestPolicyImportExport extends AbstractTestWithStaticConfiguration configTool.importPolicy(); } - private void prepareExceptedData() { + private Map<String, Map<String, Set<String>>> getExceptedAllExportData() { // test data for: // [groups] // group1=roleImport1,roleImport2 @@ -87,7 +86,7 @@ public class TestPolicyImportExport extends AbstractTestWithStaticConfiguration // roleImport1=privilege1,privilege2,privilege3,privilege4 // roleImport2=privilege3,privilege4,privilege5,privilege6 // roleImport3=privilege5,privilege6,privilege7,privilege8 - policyFileMappingData = Maps.newHashMap(); + Map<String, Map<String, Set<String>>> policyFileMappingData = Maps.newHashMap(); Map<String, Set<String>> groupRolesMap = Maps.newHashMap(); Map<String, Set<String>> rolePrivilegesMap = Maps.newHashMap(); groupRolesMap.put("group1", Sets.newHashSet("roleimport1", "roleimport2")); @@ -105,7 +104,33 @@ public class TestPolicyImportExport extends AbstractTestWithStaticConfiguration rolePrivilegesMap.put("adminrole", Sets.newHashSet(PRIVILIEGE1)); policyFileMappingData.put(PolicyFileConstants.GROUPS, groupRolesMap); policyFileMappingData.put(PolicyFileConstants.ROLES, rolePrivilegesMap); + return policyFileMappingData; + } + private Map<String, Map<String, Set<String>>> getExceptedDb1ExportData() { + // test data for: + // [groups] + // group1=roleImport1,roleImport2 + // group2=roleImport1,roleImport2,roleImport3 + // group3=roleImport2,roleImport3 + // [roles] + // roleImport1=privilege1,privilege2,privilege3,privilege4 + // roleImport2=privilege3,privilege4,privilege5,privilege6 + // roleImport3=privilege5,privilege6,privilege7,privilege8 + Map<String, Map<String, Set<String>>> policyFileMappingData = Maps.newHashMap(); + Map<String, Set<String>> groupRolesMap = Maps.newHashMap(); + Map<String, Set<String>> rolePrivilegesMap = Maps.newHashMap(); + groupRolesMap.put("group1", Sets.newHashSet("roleimport1", "roleimport2")); + groupRolesMap.put("group2", Sets.newHashSet("roleimport1", "roleimport2", "roleimport3")); + groupRolesMap.put("group3", Sets.newHashSet("roleimport2", "roleimport3")); + rolePrivilegesMap.put("roleimport1", Sets.newHashSet(PRIVILIEGE4)); + rolePrivilegesMap.put("roleimport2", + Sets.newHashSet(PRIVILIEGE4, PRIVILIEGE5, PRIVILIEGE6)); + rolePrivilegesMap.put("roleimport3", + Sets.newHashSet(PRIVILIEGE5, PRIVILIEGE6, PRIVILIEGE7)); + policyFileMappingData.put(PolicyFileConstants.GROUPS, groupRolesMap); + policyFileMappingData.put(PolicyFileConstants.ROLES, rolePrivilegesMap); + return policyFileMappingData; } @Test @@ -128,7 +153,16 @@ public class TestPolicyImportExport extends AbstractTestWithStaticConfiguration Map<String, Map<String, Set<String>>> exportMappingData = sentryPolicyFileFormatter.parse( exportFile.getAbsolutePath(), configTool.getAuthzConf()); - prepareExceptedData(); + Map<String, Map<String, Set<String>>> policyFileMappingData = + getExceptedAllExportData(); + validateSentryMappingData(exportMappingData, policyFileMappingData); + + // test export with objectPath db=db1 + configTool.setObjectPath("db=db1"); + configTool.exportPolicy(); + policyFileMappingData = getExceptedDb1ExportData(); + exportMappingData = sentryPolicyFileFormatter.parse( + exportFile.getAbsolutePath(), configTool.getAuthzConf()); validateSentryMappingData(exportMappingData, policyFileMappingData); }
