Repository: sentry Updated Branches: refs/heads/master 793cb5d24 -> 0adf29344
SENTRY-1221: Improve the SentryStore and thrift api for import/export with user scope(Colin Ma, reviewed by Dapeng Sun) Project: http://git-wip-us.apache.org/repos/asf/sentry/repo Commit: http://git-wip-us.apache.org/repos/asf/sentry/commit/0adf2934 Tree: http://git-wip-us.apache.org/repos/asf/sentry/tree/0adf2934 Diff: http://git-wip-us.apache.org/repos/asf/sentry/diff/0adf2934 Branch: refs/heads/master Commit: 0adf29344633d57654800174b01816ea85e3141c Parents: 793cb5d Author: Colin Ma <[email protected]> Authored: Wed May 4 14:11:23 2016 +0800 Committer: Colin Ma <[email protected]> Committed: Wed May 4 14:11:23 2016 +0800 ---------------------------------------------------------------------- .../db/service/thrift/TSentryMappingData.java | 373 ++++++++++++++----- .../db/service/persistent/SentryStore.java | 208 ++++++++--- .../thrift/SentryPolicyStoreProcessor.java | 7 +- .../main/resources/sentry_policy_service.thrift | 5 +- .../persistent/TestSentryStoreImportExport.java | 240 ++++++++---- 5 files changed, 628 insertions(+), 205 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/sentry/blob/0adf2934/sentry-provider/sentry-provider-db/src/gen/thrift/gen-javabean/org/apache/sentry/provider/db/service/thrift/TSentryMappingData.java ---------------------------------------------------------------------- diff --git a/sentry-provider/sentry-provider-db/src/gen/thrift/gen-javabean/org/apache/sentry/provider/db/service/thrift/TSentryMappingData.java b/sentry-provider/sentry-provider-db/src/gen/thrift/gen-javabean/org/apache/sentry/provider/db/service/thrift/TSentryMappingData.java index 9b70abd..c4137d6 100644 --- a/sentry-provider/sentry-provider-db/src/gen/thrift/gen-javabean/org/apache/sentry/provider/db/service/thrift/TSentryMappingData.java +++ b/sentry-provider/sentry-provider-db/src/gen/thrift/gen-javabean/org/apache/sentry/provider/db/service/thrift/TSentryMappingData.java @@ -36,6 +36,7 @@ public class TSentryMappingData implements org.apache.thrift.TBase<TSentryMappin private static final org.apache.thrift.protocol.TField GROUP_ROLES_MAP_FIELD_DESC = new org.apache.thrift.protocol.TField("groupRolesMap", org.apache.thrift.protocol.TType.MAP, (short)1); private static final org.apache.thrift.protocol.TField ROLE_PRIVILEGES_MAP_FIELD_DESC = new org.apache.thrift.protocol.TField("rolePrivilegesMap", org.apache.thrift.protocol.TType.MAP, (short)2); + private static final org.apache.thrift.protocol.TField USER_ROLES_MAP_FIELD_DESC = new org.apache.thrift.protocol.TField("userRolesMap", org.apache.thrift.protocol.TType.MAP, (short)3); private static final Map<Class<? extends IScheme>, SchemeFactory> schemes = new HashMap<Class<? extends IScheme>, SchemeFactory>(); static { @@ -45,11 +46,13 @@ public class TSentryMappingData implements org.apache.thrift.TBase<TSentryMappin private Map<String,Set<String>> groupRolesMap; // optional private Map<String,Set<TSentryPrivilege>> rolePrivilegesMap; // optional + private Map<String,Set<String>> userRolesMap; // optional /** The set of fields this struct contains, along with convenience methods for finding and manipulating them. */ public enum _Fields implements org.apache.thrift.TFieldIdEnum { GROUP_ROLES_MAP((short)1, "groupRolesMap"), - ROLE_PRIVILEGES_MAP((short)2, "rolePrivilegesMap"); + ROLE_PRIVILEGES_MAP((short)2, "rolePrivilegesMap"), + USER_ROLES_MAP((short)3, "userRolesMap"); private static final Map<String, _Fields> byName = new HashMap<String, _Fields>(); @@ -68,6 +71,8 @@ public class TSentryMappingData implements org.apache.thrift.TBase<TSentryMappin return GROUP_ROLES_MAP; case 2: // ROLE_PRIVILEGES_MAP return ROLE_PRIVILEGES_MAP; + case 3: // USER_ROLES_MAP + return USER_ROLES_MAP; default: return null; } @@ -108,20 +113,25 @@ public class TSentryMappingData implements org.apache.thrift.TBase<TSentryMappin } // isset id assignments - private _Fields optionals[] = {_Fields.GROUP_ROLES_MAP,_Fields.ROLE_PRIVILEGES_MAP}; + private _Fields optionals[] = {_Fields.GROUP_ROLES_MAP,_Fields.ROLE_PRIVILEGES_MAP,_Fields.USER_ROLES_MAP}; public static final Map<_Fields, org.apache.thrift.meta_data.FieldMetaData> metaDataMap; static { Map<_Fields, org.apache.thrift.meta_data.FieldMetaData> tmpMap = new EnumMap<_Fields, org.apache.thrift.meta_data.FieldMetaData>(_Fields.class); - tmpMap.put(_Fields.GROUP_ROLES_MAP, new org.apache.thrift.meta_data.FieldMetaData("groupRolesMap", org.apache.thrift.TFieldRequirementType.OPTIONAL, - new org.apache.thrift.meta_data.MapMetaData(org.apache.thrift.protocol.TType.MAP, - new org.apache.thrift.meta_data.FieldValueMetaData(org.apache.thrift.protocol.TType.STRING), - new org.apache.thrift.meta_data.SetMetaData(org.apache.thrift.protocol.TType.SET, + tmpMap.put(_Fields.GROUP_ROLES_MAP, new org.apache.thrift.meta_data.FieldMetaData("groupRolesMap", org.apache.thrift.TFieldRequirementType.OPTIONAL, + new org.apache.thrift.meta_data.MapMetaData(org.apache.thrift.protocol.TType.MAP, + new org.apache.thrift.meta_data.FieldValueMetaData(org.apache.thrift.protocol.TType.STRING), + new org.apache.thrift.meta_data.SetMetaData(org.apache.thrift.protocol.TType.SET, new org.apache.thrift.meta_data.FieldValueMetaData(org.apache.thrift.protocol.TType.STRING))))); - tmpMap.put(_Fields.ROLE_PRIVILEGES_MAP, new org.apache.thrift.meta_data.FieldMetaData("rolePrivilegesMap", org.apache.thrift.TFieldRequirementType.OPTIONAL, - new org.apache.thrift.meta_data.MapMetaData(org.apache.thrift.protocol.TType.MAP, - new org.apache.thrift.meta_data.FieldValueMetaData(org.apache.thrift.protocol.TType.STRING), - new org.apache.thrift.meta_data.SetMetaData(org.apache.thrift.protocol.TType.SET, + tmpMap.put(_Fields.ROLE_PRIVILEGES_MAP, new org.apache.thrift.meta_data.FieldMetaData("rolePrivilegesMap", org.apache.thrift.TFieldRequirementType.OPTIONAL, + new org.apache.thrift.meta_data.MapMetaData(org.apache.thrift.protocol.TType.MAP, + new org.apache.thrift.meta_data.FieldValueMetaData(org.apache.thrift.protocol.TType.STRING), + new org.apache.thrift.meta_data.SetMetaData(org.apache.thrift.protocol.TType.SET, new org.apache.thrift.meta_data.StructMetaData(org.apache.thrift.protocol.TType.STRUCT, TSentryPrivilege.class))))); + tmpMap.put(_Fields.USER_ROLES_MAP, new org.apache.thrift.meta_data.FieldMetaData("userRolesMap", org.apache.thrift.TFieldRequirementType.OPTIONAL, + new org.apache.thrift.meta_data.MapMetaData(org.apache.thrift.protocol.TType.MAP, + new org.apache.thrift.meta_data.FieldValueMetaData(org.apache.thrift.protocol.TType.STRING), + new org.apache.thrift.meta_data.SetMetaData(org.apache.thrift.protocol.TType.SET, + new org.apache.thrift.meta_data.FieldValueMetaData(org.apache.thrift.protocol.TType.STRING))))); metaDataMap = Collections.unmodifiableMap(tmpMap); org.apache.thrift.meta_data.FieldMetaData.addStructMetaDataMap(TSentryMappingData.class, metaDataMap); } @@ -169,6 +179,24 @@ public class TSentryMappingData implements org.apache.thrift.TBase<TSentryMappin } this.rolePrivilegesMap = __this__rolePrivilegesMap; } + if (other.isSetUserRolesMap()) { + Map<String,Set<String>> __this__userRolesMap = new HashMap<String,Set<String>>(); + for (Map.Entry<String, Set<String>> other_element : other.userRolesMap.entrySet()) { + + String other_element_key = other_element.getKey(); + Set<String> other_element_value = other_element.getValue(); + + String __this__userRolesMap_copy_key = other_element_key; + + Set<String> __this__userRolesMap_copy_value = new HashSet<String>(); + for (String other_element_value_element : other_element_value) { + __this__userRolesMap_copy_value.add(other_element_value_element); + } + + __this__userRolesMap.put(__this__userRolesMap_copy_key, __this__userRolesMap_copy_value); + } + this.userRolesMap = __this__userRolesMap; + } } public TSentryMappingData deepCopy() { @@ -179,6 +207,7 @@ public class TSentryMappingData implements org.apache.thrift.TBase<TSentryMappin public void clear() { this.groupRolesMap = null; this.rolePrivilegesMap = null; + this.userRolesMap = null; } public int getGroupRolesMapSize() { @@ -249,34 +278,79 @@ public class TSentryMappingData implements org.apache.thrift.TBase<TSentryMappin } } + public int getUserRolesMapSize() { + return (this.userRolesMap == null) ? 0 : this.userRolesMap.size(); + } + + public void putToUserRolesMap(String key, Set<String> val) { + if (this.userRolesMap == null) { + this.userRolesMap = new HashMap<String,Set<String>>(); + } + this.userRolesMap.put(key, val); + } + + public Map<String,Set<String>> getUserRolesMap() { + return this.userRolesMap; + } + + public void setUserRolesMap(Map<String,Set<String>> userRolesMap) { + this.userRolesMap = userRolesMap; + } + + public void unsetUserRolesMap() { + this.userRolesMap = null; + } + + /** Returns true if field userRolesMap is set (has been assigned a value) and false otherwise */ + public boolean isSetUserRolesMap() { + return this.userRolesMap != null; + } + + public void setUserRolesMapIsSet(boolean value) { + if (!value) { + this.userRolesMap = null; + } + } + public void setFieldValue(_Fields field, Object value) { switch (field) { - case GROUP_ROLES_MAP: - if (value == null) { - unsetGroupRolesMap(); - } else { - setGroupRolesMap((Map<String,Set<String>>)value); - } - break; + case GROUP_ROLES_MAP: + if (value == null) { + unsetGroupRolesMap(); + } else { + setGroupRolesMap((Map<String,Set<String>>)value); + } + break; - case ROLE_PRIVILEGES_MAP: - if (value == null) { - unsetRolePrivilegesMap(); - } else { - setRolePrivilegesMap((Map<String,Set<TSentryPrivilege>>)value); - } - break; + case ROLE_PRIVILEGES_MAP: + if (value == null) { + unsetRolePrivilegesMap(); + } else { + setRolePrivilegesMap((Map<String,Set<TSentryPrivilege>>)value); + } + break; + + case USER_ROLES_MAP: + if (value == null) { + unsetUserRolesMap(); + } else { + setUserRolesMap((Map<String,Set<String>>)value); + } + break; } } public Object getFieldValue(_Fields field) { switch (field) { - case GROUP_ROLES_MAP: - return getGroupRolesMap(); + case GROUP_ROLES_MAP: + return getGroupRolesMap(); - case ROLE_PRIVILEGES_MAP: - return getRolePrivilegesMap(); + case ROLE_PRIVILEGES_MAP: + return getRolePrivilegesMap(); + + case USER_ROLES_MAP: + return getUserRolesMap(); } throw new IllegalStateException(); @@ -289,10 +363,12 @@ public class TSentryMappingData implements org.apache.thrift.TBase<TSentryMappin } switch (field) { - case GROUP_ROLES_MAP: - return isSetGroupRolesMap(); - case ROLE_PRIVILEGES_MAP: - return isSetRolePrivilegesMap(); + case GROUP_ROLES_MAP: + return isSetGroupRolesMap(); + case ROLE_PRIVILEGES_MAP: + return isSetRolePrivilegesMap(); + case USER_ROLES_MAP: + return isSetUserRolesMap(); } throw new IllegalStateException(); } @@ -328,6 +404,15 @@ public class TSentryMappingData implements org.apache.thrift.TBase<TSentryMappin return false; } + boolean this_present_userRolesMap = true && this.isSetUserRolesMap(); + boolean that_present_userRolesMap = true && that.isSetUserRolesMap(); + if (this_present_userRolesMap || that_present_userRolesMap) { + if (!(this_present_userRolesMap && that_present_userRolesMap)) + return false; + if (!this.userRolesMap.equals(that.userRolesMap)) + return false; + } + return true; } @@ -345,6 +430,11 @@ public class TSentryMappingData implements org.apache.thrift.TBase<TSentryMappin if (present_rolePrivilegesMap) builder.append(rolePrivilegesMap); + boolean present_userRolesMap = true && (isSetUserRolesMap()); + builder.append(present_userRolesMap); + if (present_userRolesMap) + builder.append(userRolesMap); + return builder.toHashCode(); } @@ -376,6 +466,16 @@ public class TSentryMappingData implements org.apache.thrift.TBase<TSentryMappin return lastComparison; } } + lastComparison = Boolean.valueOf(isSetUserRolesMap()).compareTo(typedOther.isSetUserRolesMap()); + if (lastComparison != 0) { + return lastComparison; + } + if (isSetUserRolesMap()) { + lastComparison = org.apache.thrift.TBaseHelper.compareTo(this.userRolesMap, typedOther.userRolesMap); + if (lastComparison != 0) { + return lastComparison; + } + } return 0; } @@ -415,6 +515,16 @@ public class TSentryMappingData implements org.apache.thrift.TBase<TSentryMappin } first = false; } + if (isSetUserRolesMap()) { + if (!first) sb.append(", "); + sb.append("userRolesMap:"); + if (this.userRolesMap == null) { + sb.append("null"); + } else { + sb.append(this.userRolesMap); + } + first = false; + } sb.append(")"); return sb.toString(); } @@ -454,7 +564,7 @@ public class TSentryMappingData implements org.apache.thrift.TBase<TSentryMappin while (true) { schemeField = iprot.readFieldBegin(); - if (schemeField.type == org.apache.thrift.protocol.TType.STOP) { + if (schemeField.type == org.apache.thrift.protocol.TType.STOP) { break; } switch (schemeField.id) { @@ -484,7 +594,7 @@ public class TSentryMappingData implements org.apache.thrift.TBase<TSentryMappin iprot.readMapEnd(); } struct.setGroupRolesMapIsSet(true); - } else { + } else { org.apache.thrift.protocol.TProtocolUtil.skip(iprot, schemeField.type); } break; @@ -515,7 +625,37 @@ public class TSentryMappingData implements org.apache.thrift.TBase<TSentryMappin iprot.readMapEnd(); } struct.setRolePrivilegesMapIsSet(true); - } else { + } else { + org.apache.thrift.protocol.TProtocolUtil.skip(iprot, schemeField.type); + } + break; + case 3: // USER_ROLES_MAP + if (schemeField.type == org.apache.thrift.protocol.TType.MAP) { + { + org.apache.thrift.protocol.TMap _map170 = iprot.readMapBegin(); + struct.userRolesMap = new HashMap<String,Set<String>>(2*_map170.size); + for (int _i171 = 0; _i171 < _map170.size; ++_i171) + { + String _key172; // required + Set<String> _val173; // required + _key172 = iprot.readString(); + { + org.apache.thrift.protocol.TSet _set174 = iprot.readSetBegin(); + _val173 = new HashSet<String>(2*_set174.size); + for (int _i175 = 0; _i175 < _set174.size; ++_i175) + { + String _elem176; // required + _elem176 = iprot.readString(); + _val173.add(_elem176); + } + iprot.readSetEnd(); + } + struct.userRolesMap.put(_key172, _val173); + } + iprot.readMapEnd(); + } + struct.setUserRolesMapIsSet(true); + } else { org.apache.thrift.protocol.TProtocolUtil.skip(iprot, schemeField.type); } break; @@ -537,14 +677,14 @@ public class TSentryMappingData implements org.apache.thrift.TBase<TSentryMappin oprot.writeFieldBegin(GROUP_ROLES_MAP_FIELD_DESC); { oprot.writeMapBegin(new org.apache.thrift.protocol.TMap(org.apache.thrift.protocol.TType.STRING, org.apache.thrift.protocol.TType.SET, struct.groupRolesMap.size())); - for (Map.Entry<String, Set<String>> _iter170 : struct.groupRolesMap.entrySet()) + for (Map.Entry<String, Set<String>> _iter177 : struct.groupRolesMap.entrySet()) { - oprot.writeString(_iter170.getKey()); + oprot.writeString(_iter177.getKey()); { - oprot.writeSetBegin(new org.apache.thrift.protocol.TSet(org.apache.thrift.protocol.TType.STRING, _iter170.getValue().size())); - for (String _iter171 : _iter170.getValue()) + oprot.writeSetBegin(new org.apache.thrift.protocol.TSet(org.apache.thrift.protocol.TType.STRING, _iter177.getValue().size())); + for (String _iter178 : _iter177.getValue()) { - oprot.writeString(_iter171); + oprot.writeString(_iter178); } oprot.writeSetEnd(); } @@ -559,14 +699,36 @@ public class TSentryMappingData implements org.apache.thrift.TBase<TSentryMappin oprot.writeFieldBegin(ROLE_PRIVILEGES_MAP_FIELD_DESC); { oprot.writeMapBegin(new org.apache.thrift.protocol.TMap(org.apache.thrift.protocol.TType.STRING, org.apache.thrift.protocol.TType.SET, struct.rolePrivilegesMap.size())); - for (Map.Entry<String, Set<TSentryPrivilege>> _iter172 : struct.rolePrivilegesMap.entrySet()) + for (Map.Entry<String, Set<TSentryPrivilege>> _iter179 : struct.rolePrivilegesMap.entrySet()) + { + oprot.writeString(_iter179.getKey()); + { + oprot.writeSetBegin(new org.apache.thrift.protocol.TSet(org.apache.thrift.protocol.TType.STRUCT, _iter179.getValue().size())); + for (TSentryPrivilege _iter180 : _iter179.getValue()) + { + _iter180.write(oprot); + } + oprot.writeSetEnd(); + } + } + oprot.writeMapEnd(); + } + oprot.writeFieldEnd(); + } + } + if (struct.userRolesMap != null) { + if (struct.isSetUserRolesMap()) { + oprot.writeFieldBegin(USER_ROLES_MAP_FIELD_DESC); + { + oprot.writeMapBegin(new org.apache.thrift.protocol.TMap(org.apache.thrift.protocol.TType.STRING, org.apache.thrift.protocol.TType.SET, struct.userRolesMap.size())); + for (Map.Entry<String, Set<String>> _iter181 : struct.userRolesMap.entrySet()) { - oprot.writeString(_iter172.getKey()); + oprot.writeString(_iter181.getKey()); { - oprot.writeSetBegin(new org.apache.thrift.protocol.TSet(org.apache.thrift.protocol.TType.STRUCT, _iter172.getValue().size())); - for (TSentryPrivilege _iter173 : _iter172.getValue()) + oprot.writeSetBegin(new org.apache.thrift.protocol.TSet(org.apache.thrift.protocol.TType.STRING, _iter181.getValue().size())); + for (String _iter182 : _iter181.getValue()) { - _iter173.write(oprot); + oprot.writeString(_iter182); } oprot.writeSetEnd(); } @@ -600,18 +762,21 @@ public class TSentryMappingData implements org.apache.thrift.TBase<TSentryMappin if (struct.isSetRolePrivilegesMap()) { optionals.set(1); } - oprot.writeBitSet(optionals, 2); + if (struct.isSetUserRolesMap()) { + optionals.set(2); + } + oprot.writeBitSet(optionals, 3); if (struct.isSetGroupRolesMap()) { { oprot.writeI32(struct.groupRolesMap.size()); - for (Map.Entry<String, Set<String>> _iter174 : struct.groupRolesMap.entrySet()) + for (Map.Entry<String, Set<String>> _iter183 : struct.groupRolesMap.entrySet()) { - oprot.writeString(_iter174.getKey()); + oprot.writeString(_iter183.getKey()); { - oprot.writeI32(_iter174.getValue().size()); - for (String _iter175 : _iter174.getValue()) + oprot.writeI32(_iter183.getValue().size()); + for (String _iter184 : _iter183.getValue()) { - oprot.writeString(_iter175); + oprot.writeString(_iter184); } } } @@ -620,14 +785,30 @@ public class TSentryMappingData implements org.apache.thrift.TBase<TSentryMappin if (struct.isSetRolePrivilegesMap()) { { oprot.writeI32(struct.rolePrivilegesMap.size()); - for (Map.Entry<String, Set<TSentryPrivilege>> _iter176 : struct.rolePrivilegesMap.entrySet()) + for (Map.Entry<String, Set<TSentryPrivilege>> _iter185 : struct.rolePrivilegesMap.entrySet()) { - oprot.writeString(_iter176.getKey()); + oprot.writeString(_iter185.getKey()); { - oprot.writeI32(_iter176.getValue().size()); - for (TSentryPrivilege _iter177 : _iter176.getValue()) + oprot.writeI32(_iter185.getValue().size()); + for (TSentryPrivilege _iter186 : _iter185.getValue()) { - _iter177.write(oprot); + _iter186.write(oprot); + } + } + } + } + } + if (struct.isSetUserRolesMap()) { + { + oprot.writeI32(struct.userRolesMap.size()); + for (Map.Entry<String, Set<String>> _iter187 : struct.userRolesMap.entrySet()) + { + oprot.writeString(_iter187.getKey()); + { + oprot.writeI32(_iter187.getValue().size()); + for (String _iter188 : _iter187.getValue()) + { + oprot.writeString(_iter188); } } } @@ -638,56 +819,80 @@ public class TSentryMappingData implements org.apache.thrift.TBase<TSentryMappin @Override public void read(org.apache.thrift.protocol.TProtocol prot, TSentryMappingData struct) throws org.apache.thrift.TException { TTupleProtocol iprot = (TTupleProtocol) prot; - BitSet incoming = iprot.readBitSet(2); + BitSet incoming = iprot.readBitSet(3); if (incoming.get(0)) { { - org.apache.thrift.protocol.TMap _map178 = new org.apache.thrift.protocol.TMap(org.apache.thrift.protocol.TType.STRING, org.apache.thrift.protocol.TType.SET, iprot.readI32()); - struct.groupRolesMap = new HashMap<String,Set<String>>(2*_map178.size); - for (int _i179 = 0; _i179 < _map178.size; ++_i179) + org.apache.thrift.protocol.TMap _map189 = new org.apache.thrift.protocol.TMap(org.apache.thrift.protocol.TType.STRING, org.apache.thrift.protocol.TType.SET, iprot.readI32()); + struct.groupRolesMap = new HashMap<String,Set<String>>(2*_map189.size); + for (int _i190 = 0; _i190 < _map189.size; ++_i190) { - String _key180; // required - Set<String> _val181; // required - _key180 = iprot.readString(); + String _key191; // required + Set<String> _val192; // required + _key191 = iprot.readString(); { - org.apache.thrift.protocol.TSet _set182 = new org.apache.thrift.protocol.TSet(org.apache.thrift.protocol.TType.STRING, iprot.readI32()); - _val181 = new HashSet<String>(2*_set182.size); - for (int _i183 = 0; _i183 < _set182.size; ++_i183) + org.apache.thrift.protocol.TSet _set193 = new org.apache.thrift.protocol.TSet(org.apache.thrift.protocol.TType.STRING, iprot.readI32()); + _val192 = new HashSet<String>(2*_set193.size); + for (int _i194 = 0; _i194 < _set193.size; ++_i194) { - String _elem184; // required - _elem184 = iprot.readString(); - _val181.add(_elem184); + String _elem195; // required + _elem195 = iprot.readString(); + _val192.add(_elem195); } } - struct.groupRolesMap.put(_key180, _val181); + struct.groupRolesMap.put(_key191, _val192); } } struct.setGroupRolesMapIsSet(true); } if (incoming.get(1)) { { - org.apache.thrift.protocol.TMap _map185 = new org.apache.thrift.protocol.TMap(org.apache.thrift.protocol.TType.STRING, org.apache.thrift.protocol.TType.SET, iprot.readI32()); - struct.rolePrivilegesMap = new HashMap<String,Set<TSentryPrivilege>>(2*_map185.size); - for (int _i186 = 0; _i186 < _map185.size; ++_i186) + org.apache.thrift.protocol.TMap _map196 = new org.apache.thrift.protocol.TMap(org.apache.thrift.protocol.TType.STRING, org.apache.thrift.protocol.TType.SET, iprot.readI32()); + struct.rolePrivilegesMap = new HashMap<String,Set<TSentryPrivilege>>(2*_map196.size); + for (int _i197 = 0; _i197 < _map196.size; ++_i197) { - String _key187; // required - Set<TSentryPrivilege> _val188; // required - _key187 = iprot.readString(); + String _key198; // required + Set<TSentryPrivilege> _val199; // required + _key198 = iprot.readString(); { - org.apache.thrift.protocol.TSet _set189 = new org.apache.thrift.protocol.TSet(org.apache.thrift.protocol.TType.STRUCT, iprot.readI32()); - _val188 = new HashSet<TSentryPrivilege>(2*_set189.size); - for (int _i190 = 0; _i190 < _set189.size; ++_i190) + org.apache.thrift.protocol.TSet _set200 = new org.apache.thrift.protocol.TSet(org.apache.thrift.protocol.TType.STRUCT, iprot.readI32()); + _val199 = new HashSet<TSentryPrivilege>(2*_set200.size); + for (int _i201 = 0; _i201 < _set200.size; ++_i201) { - TSentryPrivilege _elem191; // required - _elem191 = new TSentryPrivilege(); - _elem191.read(iprot); - _val188.add(_elem191); + TSentryPrivilege _elem202; // required + _elem202 = new TSentryPrivilege(); + _elem202.read(iprot); + _val199.add(_elem202); } } - struct.rolePrivilegesMap.put(_key187, _val188); + struct.rolePrivilegesMap.put(_key198, _val199); } } struct.setRolePrivilegesMapIsSet(true); } + if (incoming.get(2)) { + { + org.apache.thrift.protocol.TMap _map203 = new org.apache.thrift.protocol.TMap(org.apache.thrift.protocol.TType.STRING, org.apache.thrift.protocol.TType.SET, iprot.readI32()); + struct.userRolesMap = new HashMap<String,Set<String>>(2*_map203.size); + for (int _i204 = 0; _i204 < _map203.size; ++_i204) + { + String _key205; // required + Set<String> _val206; // required + _key205 = iprot.readString(); + { + org.apache.thrift.protocol.TSet _set207 = new org.apache.thrift.protocol.TSet(org.apache.thrift.protocol.TType.STRING, iprot.readI32()); + _val206 = new HashSet<String>(2*_set207.size); + for (int _i208 = 0; _i208 < _set207.size; ++_i208) + { + String _elem209; // required + _elem209 = iprot.readString(); + _val206.add(_elem209); + } + } + struct.userRolesMap.put(_key205, _val206); + } + } + struct.setUserRolesMapIsSet(true); + } } } http://git-wip-us.apache.org/repos/asf/sentry/blob/0adf2934/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/persistent/SentryStore.java ---------------------------------------------------------------------- diff --git a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/persistent/SentryStore.java b/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/persistent/SentryStore.java index f680bc7..ae8b974 100644 --- a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/persistent/SentryStore.java +++ b/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/persistent/SentryStore.java @@ -99,6 +99,8 @@ public class SentryStore { .getLogger(SentryStore.class); public static String NULL_COL = "__NULL__"; + public static int INDEX_GROUP_ROLES_MAP = 0; + public static int INDEX_USER_ROLES_MAP = 1; static final String DEFAULT_DATA_DIR = "sentry_policy_db"; private static final Set<String> ALL_ACTIONS = Sets.newHashSet(AccessConstants.ALL, @@ -309,7 +311,6 @@ public class SentryStore { */ public CommitContext createSentryRole(String roleName) throws SentryAlreadyExistsException { - roleName = trimAndLower(roleName); boolean rollbackTransaction = true; PersistenceManager pm = null; try { @@ -327,6 +328,7 @@ public class SentryStore { private void createSentryRoleCore(PersistenceManager pm, String roleName) throws SentryAlreadyExistsException { + roleName = trimAndLower(roleName); MSentryRole mSentryRole = getMSentryRole(pm, roleName); if (mSentryRole == null) { MSentryRole mRole = new MSentryRole(roleName, System.currentTimeMillis()); @@ -877,32 +879,12 @@ public class SentryStore { Set<String> userNames) throws SentryNoSuchObjectException { boolean rollbackTransaction = true; PersistenceManager pm = null; - roleName = roleName.trim().toLowerCase(); try { pm = openTransaction(); - MSentryRole role = getMSentryRole(pm, roleName); - if (role == null) { - throw new SentryNoSuchObjectException("Role: " + roleName); - } else { - Query query = pm.newQuery(MSentryUser.class); - query.setFilter("this.userName == t"); - query.declareParameters("java.lang.String t"); - query.setUnique(true); - List<MSentryUser> users = Lists.newArrayList(); - for (String userName : userNames) { - userName = userName.trim(); - MSentryUser user = (MSentryUser) query.execute(userName); - if (user == null) { - user = new MSentryUser(userName, System.currentTimeMillis(), Sets.newHashSet(role)); - } - user.appendRole(role); - users.add(user); - } - pm.makePersistentAll(users); - CommitContext commit = commitUpdateTransaction(pm); - rollbackTransaction = false; - return commit; - } + alterSentryRoleAddUsersCore(pm, roleName, userNames); + CommitContext commit = commitUpdateTransaction(pm); + rollbackTransaction = false; + return commit; } finally { if (rollbackTransaction) { rollbackTransaction(pm); @@ -910,6 +892,31 @@ public class SentryStore { } } + private void alterSentryRoleAddUsersCore(PersistenceManager pm, String roleName, + Set<String> userNames) throws SentryNoSuchObjectException { + roleName = roleName.trim().toLowerCase(); + MSentryRole role = getMSentryRole(pm, roleName); + if (role == null) { + throw new SentryNoSuchObjectException("Role: " + roleName); + } else { + Query query = pm.newQuery(MSentryUser.class); + query.setFilter("this.userName == t"); + query.declareParameters("java.lang.String t"); + query.setUnique(true); + List<MSentryUser> users = Lists.newArrayList(); + for (String userName : userNames) { + userName = userName.trim(); + MSentryUser user = (MSentryUser) query.execute(userName); + if (user == null) { + user = new MSentryUser(userName, System.currentTimeMillis(), Sets.newHashSet(role)); + } + user.appendRole(role); + users.add(user); + } + pm.makePersistentAll(users); + } + } + public CommitContext alterSentryRoleDeleteUsers(String roleName, Set<String> userNames) throws SentryNoSuchObjectException { boolean rollbackTransaction = true; @@ -2172,13 +2179,8 @@ public class SentryStore { } } - // get mapping data for [group,role] - public Map<String, Set<String>> getGroupNameRoleNamesMap() { - return getGroupNameRoleNamesMap(null); - } - - // get mapping data for [group,role] with the specific roles - public Map<String, Set<String>> getGroupNameRoleNamesMap(Set<String> roleNames) { + // get mapping datas for [group,role], [user,role] with the specific roles + public List<Map<String, Set<String>>> getGroupUserRoleMapList(Set<String> roleNames) { boolean rollbackTransaction = true; PersistenceManager pm = null; try { @@ -2197,9 +2199,13 @@ public class SentryStore { List<MSentryRole> mSentryRoles = (List<MSentryRole>) query.execute(); Map<String, Set<String>> groupRolesMap = getGroupRolesMap(mSentryRoles); + Map<String, Set<String>> userRolesMap = getUserRolesMap(mSentryRoles); + List<Map<String, Set<String>>> mapsList = new ArrayList<>(); + mapsList.add(INDEX_GROUP_ROLES_MAP, groupRolesMap); + mapsList.add(INDEX_USER_ROLES_MAP, userRolesMap); commitTransaction(pm); rollbackTransaction = false; - return groupRolesMap; + return mapsList; } finally { if (rollbackTransaction) { rollbackTransaction(pm); @@ -2228,6 +2234,27 @@ public class SentryStore { return groupRolesMap; } + private Map<String, Set<String>> getUserRolesMap(List<MSentryRole> mSentryRoles) { + Map<String, Set<String>> userRolesMap = Maps.newHashMap(); + if (mSentryRoles == null) { + return userRolesMap; + } + // change the List<MSentryRole> -> Map<userName, Set<roleName>> + for (MSentryRole mSentryRole : mSentryRoles) { + Set<MSentryUser> users = mSentryRole.getUsers(); + for (MSentryUser user : users) { + String userName = user.getUserName(); + Set<String> rNames = userRolesMap.get(userName); + if (rNames == null) { + rNames = new HashSet<String>(); + } + rNames.add(mSentryRole.getRoleName()); + userRolesMap.put(userName, rNames); + } + } + return userRolesMap; + } + // get all mapping data for [role,privilege] public Map<String, Set<TSentryPrivilege>> getRoleNameTPrivilegesMap() throws Exception { return getRoleNameTPrivilegesMap(null, null); @@ -2330,7 +2357,7 @@ public class SentryStore { List<MSentryGroup> mSentryGroups = (List<MSentryGroup>) query.execute(); Map<String, MSentryGroup> existGroupsMap = Maps.newHashMap(); if (mSentryGroups != null) { - // change the List<MSentryGroup> -> Map<roleName, Set<MSentryGroup>> + // change the List<MSentryGroup> -> Map<groupName, MSentryGroup> for (MSentryGroup mSentryGroup : mSentryGroups) { existGroupsMap.put(mSentryGroup.getGroupName(), mSentryGroup); } @@ -2338,6 +2365,20 @@ public class SentryStore { return existGroupsMap; } + // get the all exist users + private Map<String, MSentryUser> getUserNameToUserMap(PersistenceManager pm) { + Query query = pm.newQuery(MSentryUser.class); + List<MSentryUser> users = (List<MSentryUser>) query.execute(); + Map<String, MSentryUser> existUsersMap = Maps.newHashMap(); + if (users != null) { + // change the List<MSentryUser> -> Map<userName, MSentryUser> + for (MSentryUser user : users) { + existUsersMap.put(user.getUserName(), user); + } + } + return existUsersMap; + } + // get the all exist privileges private List<MSentryPrivilege> getPrivilegesList(PersistenceManager pm) { Query query = pm.newQuery(MSentryPrivilege.class); @@ -2376,7 +2417,7 @@ public class SentryStore { } @VisibleForTesting - protected Map<String, MSentryGroup> getGroupNameTGroupMap() { + protected Map<String, MSentryGroup> getGroupNameToGroupMap() { boolean rollbackTransaction = true; PersistenceManager pm = null; try { @@ -2393,6 +2434,23 @@ public class SentryStore { } @VisibleForTesting + protected Map<String, MSentryUser> getUserNameToUserMap() { + boolean rollbackTransaction = true; + PersistenceManager pm = null; + try { + pm = openTransaction(); + Map<String, MSentryUser> resultMap = getUserNameToUserMap(pm); + commitTransaction(pm); + rollbackTransaction = false; + return resultMap; + } finally { + if (rollbackTransaction) { + rollbackTransaction(pm); + } + } + } + + @VisibleForTesting protected List<MSentryPrivilege> getPrivilegesList() { boolean rollbackTransaction = true; PersistenceManager pm = null; @@ -2411,22 +2469,29 @@ public class SentryStore { /** * Import the sentry mapping data. - * + * * @param tSentryMappingData * Include 2 maps to save the mapping data, the following is the example of the data * structure: * for the following mapping data: + * user1=role1,role2 + * user2=role2,role3 * group1=role1,role2 * group2=role2,role3 * role1=server=server1->db=db1 * role2=server=server1->db=db1->table=tbl1,server=server1->db=db1->table=tbl2 * role3=server=server1->url=hdfs://localhost/path - * + * * The GroupRolesMap in TSentryMappingData will be saved as: * { * TSentryGroup(group1)={role1, role2}, * TSentryGroup(group2)={role2, role3} * } + * The UserRolesMap in TSentryMappingData will be saved as: + * { + * TSentryUser(user1)={role1, role2}, + * TSentryGroup(user2)={role2, role3} + * } * The RolePrivilegesMap in TSentryMappingData will be saved as: * { * role1={TSentryPrivilege(server=server1->db=db1)}, @@ -2450,6 +2515,8 @@ public class SentryStore { // Map<String, Set<TSentryGroup>> importedRoleGroupsMap = covertToRoleNameTGroupsMap(mappingData .getGroupRolesMap()); + Map<String, Set<String>> importedRoleUsersMap = covertToRoleUsersMap(mappingData + .getUserRolesMap()); Set<String> importedRoleNames = importedRoleGroupsMap.keySet(); // if import with overwrite role, drop the duplicated roles in current DB first. if (isOverwriteForRole) { @@ -2459,9 +2526,11 @@ public class SentryStore { } // import the mapping data for [role,privilege], the existRoleNames will be updated - importSentryRolePrivilegeMapping(pm, existRoleNames, mappingData.getRolePrivilegesMap()); - - importSentryGroupRoleMapping(pm, existRoleNames, importedRoleGroupsMap); + importRolePrivilegeMapping(pm, existRoleNames, mappingData.getRolePrivilegesMap()); + // import the mapping data for [role,group], the existRoleNames will be updated + importRoleGroupMapping(pm, existRoleNames, importedRoleGroupsMap); + // import the mapping data for [role,user], the existRoleNames will be updated + importRoleUserMapping(pm, existRoleNames, importedRoleUsersMap); commitTransaction(pm); rollbackTransaction = false; @@ -2494,19 +2563,50 @@ public class SentryStore { return roleGroupsMap; } - private void importSentryGroupRoleMapping(PersistenceManager pm, Set<String> existRoleNames, + // covert the Map[user->roles] to Map[role->users] + private Map<String, Set<String>> covertToRoleUsersMap( + Map<String, Set<String>> userRolesMap) { + Map<String, Set<String>> roleUsersMap = Maps.newHashMap(); + if (userRolesMap != null) { + for (Map.Entry<String, Set<String>> entry : userRolesMap.entrySet()) { + Set<String> roleNames = entry.getValue(); + if (roleNames != null) { + for (String roleName : roleNames) { + Set<String> users = roleUsersMap.get(roleName); + if (users == null) { + users = Sets.newHashSet(); + } + users.add(entry.getKey()); + roleUsersMap.put(roleName, users); + } + } + } + } + return roleUsersMap; + } + + private void importRoleGroupMapping(PersistenceManager pm, Set<String> existRoleNames, Map<String, Set<TSentryGroup>> importedRoleGroupsMap) throws Exception { if (importedRoleGroupsMap == null || importedRoleGroupsMap.keySet() == null) { return; } for (Map.Entry<String, Set<TSentryGroup>> entry : importedRoleGroupsMap.entrySet()) { - if (!existRoleNames.contains(entry.getKey())) { - createSentryRoleCore(pm, entry.getKey()); - } + createRoleIfNotExist(pm, existRoleNames, entry.getKey()); alterSentryRoleAddGroupsCore(pm, entry.getKey(), entry.getValue()); } } + private void importRoleUserMapping(PersistenceManager pm, Set<String> existRoleNames, + Map<String, Set<String>> importedRoleUsersMap) throws Exception { + if (importedRoleUsersMap == null || importedRoleUsersMap.keySet() == null) { + return; + } + for (Map.Entry<String, Set<String>> entry : importedRoleUsersMap.entrySet()) { + createRoleIfNotExist(pm, existRoleNames, entry.getKey()); + alterSentryRoleAddUsersCore(pm, entry.getKey(), entry.getValue()); + } + } + // drop all duplicated with the imported role private void dropDuplicatedRoleForImport(PersistenceManager pm, Set<String> existRoleNames, Set<String> importedRoleNames) throws Exception { @@ -2547,15 +2647,12 @@ public class SentryStore { } // import the mapping data for [role,privilege] - private void importSentryRolePrivilegeMapping(PersistenceManager pm, Set<String> existRoleNames, + private void importRolePrivilegeMapping(PersistenceManager pm, Set<String> existRoleNames, Map<String, Set<TSentryPrivilege>> sentryRolePrivilegesMap) throws Exception { if (sentryRolePrivilegesMap != null) { for (Map.Entry<String, Set<TSentryPrivilege>> entry : sentryRolePrivilegesMap.entrySet()) { - // if the rolenName doesn't exist, create it. - if (!existRoleNames.contains(entry.getKey())) { - createSentryRoleCore(pm, entry.getKey()); - existRoleNames.add(entry.getKey()); - } + // if the rolenName doesn't exist, create it and add it to existRoleNames + createRoleIfNotExist(pm, existRoleNames, entry.getKey()); // get the privileges for the role Set<TSentryPrivilege> tSentryPrivileges = entry.getValue(); for (TSentryPrivilege tSentryPrivilege : tSentryPrivileges) { @@ -2564,4 +2661,15 @@ public class SentryStore { } } } + + private void createRoleIfNotExist(PersistenceManager pm, + Set<String> existRoleNames, String roleName) throws Exception { + String lowerRoleName = trimAndLower(roleName); + // if the rolenName doesn't exist, create it. + if (!existRoleNames.contains(lowerRoleName)) { + createSentryRoleCore(pm, lowerRoleName); + // update the exist role name set + existRoleNames.add(lowerRoleName); + } + } } http://git-wip-us.apache.org/repos/asf/sentry/blob/0adf2934/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/thrift/SentryPolicyStoreProcessor.java ---------------------------------------------------------------------- diff --git a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/thrift/SentryPolicyStoreProcessor.java b/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/thrift/SentryPolicyStoreProcessor.java index a922d3b..79ac24b 100644 --- a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/thrift/SentryPolicyStoreProcessor.java +++ b/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/thrift/SentryPolicyStoreProcessor.java @@ -1068,8 +1068,11 @@ public class SentryPolicyStoreProcessor implements SentryPolicyService.Iface { if (databaseName == null && tableName == null) { roleNames = null; } - tSentryMappingData.setGroupRolesMap( - sentryStore.getGroupNameRoleNamesMap(roleNames)); + List<Map<String, Set<String>>> mapList = sentryStore.getGroupUserRoleMapList( + roleNames); + tSentryMappingData.setGroupRolesMap(mapList.get( + SentryStore.INDEX_GROUP_ROLES_MAP)); + tSentryMappingData.setUserRolesMap(mapList.get(SentryStore.INDEX_USER_ROLES_MAP)); response.setMappingData(tSentryMappingData); response.setStatus(Status.OK()); http://git-wip-us.apache.org/repos/asf/sentry/blob/0adf2934/sentry-provider/sentry-provider-db/src/main/resources/sentry_policy_service.thrift ---------------------------------------------------------------------- diff --git a/sentry-provider/sentry-provider-db/src/main/resources/sentry_policy_service.thrift b/sentry-provider/sentry-provider-db/src/main/resources/sentry_policy_service.thrift index 2088eae..82cd947 100644 --- a/sentry-provider/sentry-provider-db/src/main/resources/sentry_policy_service.thrift +++ b/sentry-provider/sentry-provider-db/src/main/resources/sentry_policy_service.thrift @@ -265,8 +265,9 @@ struct TSentryConfigValueResponse { # struct for the mapping data like group to role, role to privilege struct TSentryMappingData { -1: optional map<string, set<string>> groupRolesMap, # for the groupName -> role mapping -2: optional map<string, set<TSentryPrivilege>> rolePrivilegesMap # for the roleName -> privilege mapping +1: optional map<string, set<string>> groupRolesMap, # for the groupName -> role mapping +2: optional map<string, set<TSentryPrivilege>> rolePrivilegesMap, # for the roleName -> privilege mapping +3: optional map<string, set<string>> userRolesMap # for the userName -> role mapping } struct TSentryExportMappingDataRequest { http://git-wip-us.apache.org/repos/asf/sentry/blob/0adf2934/sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/provider/db/service/persistent/TestSentryStoreImportExport.java ---------------------------------------------------------------------- diff --git a/sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/provider/db/service/persistent/TestSentryStoreImportExport.java b/sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/provider/db/service/persistent/TestSentryStoreImportExport.java index 8dadc2a..3ff97df 100644 --- a/sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/provider/db/service/persistent/TestSentryStoreImportExport.java +++ b/sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/provider/db/service/persistent/TestSentryStoreImportExport.java @@ -32,6 +32,7 @@ import org.apache.sentry.core.model.db.AccessConstants; import org.apache.sentry.provider.db.service.model.MSentryGroup; import org.apache.sentry.provider.db.service.model.MSentryPrivilege; import org.apache.sentry.provider.db.service.model.MSentryRole; +import org.apache.sentry.provider.db.service.model.MSentryUser; import org.apache.sentry.provider.db.service.thrift.TSentryGrantOption; import org.apache.sentry.provider.db.service.thrift.TSentryMappingData; import org.apache.sentry.provider.db.service.thrift.TSentryPrivilege; @@ -176,7 +177,7 @@ public class TestSentryStoreImportExport { sentryStore.importSentryMetaData(tSentryMappingData, false); Map<String, MSentryRole> rolesMap = sentryStore.getRolesMap(); - Map<String, MSentryGroup> groupsMap = sentryStore.getGroupNameTGroupMap(); + Map<String, MSentryGroup> groupsMap = sentryStore.getGroupNameToGroupMap(); List<MSentryPrivilege> privilegesList = sentryStore.getPrivilegesList(); // test the result data for the role @@ -191,12 +192,14 @@ public class TestSentryStoreImportExport { tSentryPrivilege7, tSentryPrivilege8)); // test the mapping data for group and role - Map<String, Set<String>> actualGroupRolesMap = sentryStore.getGroupNameRoleNamesMap(); + List<Map<String, Set<String>>> mapList = sentryStore.getGroupUserRoleMapList(null); + Map<String, Set<String>> actualGroupRolesMap = mapList.get( + SentryStore.INDEX_GROUP_ROLES_MAP); Map<String, Set<String>> exceptedGroupRolesMap = Maps.newHashMap(); exceptedGroupRolesMap.put("group1", Sets.newHashSet("role1", "role2", "role3")); exceptedGroupRolesMap.put("group2", Sets.newHashSet("role1", "role2", "role3")); exceptedGroupRolesMap.put("group3", Sets.newHashSet("role1", "role2", "role3")); - verifyGroupRolesMap(actualGroupRolesMap, exceptedGroupRolesMap); + verifyUserGroupRolesMap(actualGroupRolesMap, exceptedGroupRolesMap); // test the mapping data for role and privilege Map<String, Set<TSentryPrivilege>> actualRolePrivilegesMap = sentryStore @@ -234,7 +237,7 @@ public class TestSentryStoreImportExport { sentryGroupRolesMap1.put("group1", Sets.newHashSet("role1")); sentryRolePrivilegesMap1 .put("role1", Sets.newHashSet(tSentryPrivilege1, tSentryPrivilege2, tSentryPrivilege3, - tSentryPrivilege4)); + tSentryPrivilege4)); tSentryMappingData1.setGroupRolesMap(sentryGroupRolesMap1); tSentryMappingData1.setRolePrivilegesMap(sentryRolePrivilegesMap1); sentryStore.importSentryMetaData(tSentryMappingData1, false); @@ -246,16 +249,16 @@ public class TestSentryStoreImportExport { sentryGroupRolesMap2.put("group3", Sets.newHashSet("role2", "role3")); sentryRolePrivilegesMap2 .put("role2", Sets.newHashSet(tSentryPrivilege5, tSentryPrivilege6, tSentryPrivilege7, - tSentryPrivilege8)); + tSentryPrivilege8)); sentryRolePrivilegesMap2 .put("role3", Sets.newHashSet(tSentryPrivilege5, tSentryPrivilege6, tSentryPrivilege7, - tSentryPrivilege8)); + tSentryPrivilege8)); tSentryMappingData2.setGroupRolesMap(sentryGroupRolesMap2); tSentryMappingData2.setRolePrivilegesMap(sentryRolePrivilegesMap2); sentryStore.importSentryMetaData(tSentryMappingData2, false); Map<String, MSentryRole> rolesMap = sentryStore.getRolesMap(); - Map<String, MSentryGroup> groupsMap = sentryStore.getGroupNameTGroupMap(); + Map<String, MSentryGroup> groupsMap = sentryStore.getGroupNameToGroupMap(); List<MSentryPrivilege> privilegesList = sentryStore.getPrivilegesList(); // test the result data for the role @@ -270,12 +273,14 @@ public class TestSentryStoreImportExport { tSentryPrivilege7, tSentryPrivilege8)); // test the mapping data for group and role - Map<String, Set<String>> actualGroupRolesMap = sentryStore.getGroupNameRoleNamesMap(); + List<Map<String, Set<String>>> mapList = sentryStore.getGroupUserRoleMapList(null); + Map<String, Set<String>> actualGroupRolesMap = mapList.get( + SentryStore.INDEX_GROUP_ROLES_MAP); Map<String, Set<String>> exceptedGroupRolesMap = Maps.newHashMap(); exceptedGroupRolesMap.put("group1", Sets.newHashSet("role1")); exceptedGroupRolesMap.put("group2", Sets.newHashSet("role2", "role3")); exceptedGroupRolesMap.put("group3", Sets.newHashSet("role2", "role3")); - verifyGroupRolesMap(actualGroupRolesMap, exceptedGroupRolesMap); + verifyUserGroupRolesMap(actualGroupRolesMap, exceptedGroupRolesMap); // test the mapping data for role and privilege Map<String, Set<TSentryPrivilege>> actualRolePrivilegesMap = sentryStore @@ -339,7 +344,7 @@ public class TestSentryStoreImportExport { sentryStore.importSentryMetaData(tSentryMappingData2, false); Map<String, MSentryRole> rolesMap = sentryStore.getRolesMap(); - Map<String, MSentryGroup> groupsMap = sentryStore.getGroupNameTGroupMap(); + Map<String, MSentryGroup> groupsMap = sentryStore.getGroupNameToGroupMap(); List<MSentryPrivilege> privilegesList = sentryStore.getPrivilegesList(); // test the result data for the role @@ -354,12 +359,14 @@ public class TestSentryStoreImportExport { tSentryPrivilege7, tSentryPrivilege8)); // test the mapping data for group and role - Map<String, Set<String>> actualGroupRolesMap = sentryStore.getGroupNameRoleNamesMap(); + List<Map<String, Set<String>>> mapList = sentryStore.getGroupUserRoleMapList(null); + Map<String, Set<String>> actualGroupRolesMap = mapList.get( + SentryStore.INDEX_GROUP_ROLES_MAP); Map<String, Set<String>> exceptedGroupRolesMap = Maps.newHashMap(); exceptedGroupRolesMap.put("group1", Sets.newHashSet("role1", "role2", "role3")); exceptedGroupRolesMap.put("group2", Sets.newHashSet("role1", "role2", "role3")); exceptedGroupRolesMap.put("group3", Sets.newHashSet("role1", "role2", "role3")); - verifyGroupRolesMap(actualGroupRolesMap, exceptedGroupRolesMap); + verifyUserGroupRolesMap(actualGroupRolesMap, exceptedGroupRolesMap); // test the mapping data for role and privilege Map<String, Set<TSentryPrivilege>> actualRolePrivilegesMap = sentryStore @@ -408,7 +415,7 @@ public class TestSentryStoreImportExport { sentryStore.importSentryMetaData(tSentryMappingData2, false); Map<String, MSentryRole> rolesMap = sentryStore.getRolesMap(); - Map<String, MSentryGroup> groupsMap = sentryStore.getGroupNameTGroupMap(); + Map<String, MSentryGroup> groupsMap = sentryStore.getGroupNameToGroupMap(); List<MSentryPrivilege> privilegesList = sentryStore.getPrivilegesList(); // test the result data for the role @@ -423,11 +430,13 @@ public class TestSentryStoreImportExport { tSentryPrivilege7, tSentryPrivilege8)); // test the mapping data for group and role - Map<String, Set<String>> actualGroupRolesMap = sentryStore.getGroupNameRoleNamesMap(); + List<Map<String, Set<String>>> mapList = sentryStore.getGroupUserRoleMapList(null); + Map<String, Set<String>> actualGroupRolesMap = mapList.get( + SentryStore.INDEX_GROUP_ROLES_MAP); Map<String, Set<String>> exceptedGroupRolesMap = Maps.newHashMap(); exceptedGroupRolesMap.put("group1", Sets.newHashSet("role1", "role2")); exceptedGroupRolesMap.put("group2", Sets.newHashSet("role2")); - verifyGroupRolesMap(actualGroupRolesMap, exceptedGroupRolesMap); + verifyUserGroupRolesMap(actualGroupRolesMap, exceptedGroupRolesMap); // test the mapping data for role and privilege Map<String, Set<TSentryPrivilege>> actualRolePrivilegesMap = sentryStore @@ -436,7 +445,7 @@ public class TestSentryStoreImportExport { exceptedRolePrivilegesMap.put("role1", Sets.newHashSet(tSentryPrivilege1, tSentryPrivilege2)); exceptedRolePrivilegesMap .put("role2", Sets.newHashSet(tSentryPrivilege3, tSentryPrivilege4, tSentryPrivilege5, - tSentryPrivilege6)); + tSentryPrivilege6)); exceptedRolePrivilegesMap.put("role3", Sets.newHashSet(tSentryPrivilege7, tSentryPrivilege8)); verifyRolePrivilegesMap(actualRolePrivilegesMap, exceptedRolePrivilegesMap); } @@ -454,7 +463,7 @@ public class TestSentryStoreImportExport { sentryStore.importSentryMetaData(tSentryMappingData1, false); Map<String, MSentryRole> rolesMap = sentryStore.getRolesMap(); - Map<String, MSentryGroup> groupsMap = sentryStore.getGroupNameTGroupMap(); + Map<String, MSentryGroup> groupsMap = sentryStore.getGroupNameToGroupMap(); List<MSentryPrivilege> privilegesList = sentryStore.getPrivilegesList(); // test the result data for the role @@ -467,10 +476,12 @@ public class TestSentryStoreImportExport { assertTrue(privilegesList.isEmpty()); // test the mapping data for group and role - Map<String, Set<String>> actualGroupRolesMap = sentryStore.getGroupNameRoleNamesMap(); + List<Map<String, Set<String>>> mapList = sentryStore.getGroupUserRoleMapList(null); + Map<String, Set<String>> actualGroupRolesMap = mapList.get( + SentryStore.INDEX_GROUP_ROLES_MAP); Map<String, Set<String>> exceptedGroupRolesMap = Maps.newHashMap(); exceptedGroupRolesMap.put("group1", Sets.newHashSet("role1", "role2")); - verifyGroupRolesMap(actualGroupRolesMap, exceptedGroupRolesMap); + verifyUserGroupRolesMap(actualGroupRolesMap, exceptedGroupRolesMap); // test the mapping data for role and privilege Map<String, Set<TSentryPrivilege>> actualRolePrivilegesMap = sentryStore @@ -496,7 +507,7 @@ public class TestSentryStoreImportExport { sentryStore.dropSentryRole("role2"); Map<String, MSentryRole> rolesMap = sentryStore.getRolesMap(); - Map<String, MSentryGroup> groupsMap = sentryStore.getGroupNameTGroupMap(); + Map<String, MSentryGroup> groupsMap = sentryStore.getGroupNameToGroupMap(); List<MSentryPrivilege> privilegesList = sentryStore.getPrivilegesList(); // test the result data for the role @@ -509,10 +520,12 @@ public class TestSentryStoreImportExport { assertTrue(privilegesList.isEmpty()); // test the mapping data for group and role - Map<String, Set<String>> actualGroupRolesMap = sentryStore.getGroupNameRoleNamesMap(); + List<Map<String, Set<String>>> mapList = sentryStore.getGroupUserRoleMapList(null); + Map<String, Set<String>> actualGroupRolesMap = mapList.get( + SentryStore.INDEX_GROUP_ROLES_MAP); Map<String, Set<String>> exceptedGroupRolesMap = Maps.newHashMap(); exceptedGroupRolesMap.put("group1", Sets.newHashSet("role1")); - verifyGroupRolesMap(actualGroupRolesMap, exceptedGroupRolesMap); + verifyUserGroupRolesMap(actualGroupRolesMap, exceptedGroupRolesMap); // test the mapping data for role and privilege Map<String, Set<TSentryPrivilege>> actualRolePrivilegesMap = sentryStore @@ -556,7 +569,7 @@ public class TestSentryStoreImportExport { sentryStore.importSentryMetaData(tSentryMappingData2, true); Map<String, MSentryRole> rolesMap = sentryStore.getRolesMap(); - Map<String, MSentryGroup> groupsMap = sentryStore.getGroupNameTGroupMap(); + Map<String, MSentryGroup> groupsMap = sentryStore.getGroupNameToGroupMap(); List<MSentryPrivilege> privilegesList = sentryStore.getPrivilegesList(); // test the result data for the role @@ -569,12 +582,14 @@ public class TestSentryStoreImportExport { verifyPrivileges(privilegesList, Sets.newHashSet(tSentryPrivilege1, tSentryPrivilege2)); // test the mapping data for group and role - Map<String, Set<String>> actualGroupRolesMap = sentryStore.getGroupNameRoleNamesMap(); + List<Map<String, Set<String>>> mapList = sentryStore.getGroupUserRoleMapList(null); + Map<String, Set<String>> actualGroupRolesMap = mapList.get( + SentryStore.INDEX_GROUP_ROLES_MAP); Map<String, Set<String>> exceptedGroupRolesMap = Maps.newHashMap(); exceptedGroupRolesMap.put("group1", Sets.newHashSet("role1")); exceptedGroupRolesMap.put("group2", Sets.newHashSet("role2", "role3")); exceptedGroupRolesMap.put("group3", Sets.newHashSet("role2", "role3")); - verifyGroupRolesMap(actualGroupRolesMap, exceptedGroupRolesMap); + verifyUserGroupRolesMap(actualGroupRolesMap, exceptedGroupRolesMap); // test the mapping data for role and privilege Map<String, Set<TSentryPrivilege>> actualRolePrivilegesMap = sentryStore @@ -634,7 +649,7 @@ public class TestSentryStoreImportExport { sentryStore.importSentryMetaData(tSentryMappingData2, true); Map<String, MSentryRole> rolesMap = sentryStore.getRolesMap(); - Map<String, MSentryGroup> groupsMap = sentryStore.getGroupNameTGroupMap(); + Map<String, MSentryGroup> groupsMap = sentryStore.getGroupNameToGroupMap(); List<MSentryPrivilege> privilegesList = sentryStore.getPrivilegesList(); // test the result data for the role @@ -649,12 +664,14 @@ public class TestSentryStoreImportExport { tSentryPrivilege7, tSentryPrivilege8)); // test the mapping data for group and role - Map<String, Set<String>> actualGroupRolesMap = sentryStore.getGroupNameRoleNamesMap(); + List<Map<String, Set<String>>> mapList = sentryStore.getGroupUserRoleMapList(null); + Map<String, Set<String>> actualGroupRolesMap = mapList.get( + SentryStore.INDEX_GROUP_ROLES_MAP); Map<String, Set<String>> exceptedGroupRolesMap = Maps.newHashMap(); exceptedGroupRolesMap.put("group1", Sets.newHashSet("role1", "role2", "role3")); exceptedGroupRolesMap.put("group2", Sets.newHashSet("role1", "role2", "role3")); exceptedGroupRolesMap.put("group3", Sets.newHashSet("role1", "role2", "role3")); - verifyGroupRolesMap(actualGroupRolesMap, exceptedGroupRolesMap); + verifyUserGroupRolesMap(actualGroupRolesMap, exceptedGroupRolesMap); // test the mapping data for role and privilege Map<String, Set<TSentryPrivilege>> actualRolePrivilegesMap = sentryStore @@ -711,7 +728,7 @@ public class TestSentryStoreImportExport { sentryStore.importSentryMetaData(tSentryMappingData1, true); Map<String, MSentryRole> rolesMap = sentryStore.getRolesMap(); - Map<String, MSentryGroup> groupsMap = sentryStore.getGroupNameTGroupMap(); + Map<String, MSentryGroup> groupsMap = sentryStore.getGroupNameToGroupMap(); // test the result data for the role verifyRoles(rolesMap, Sets.newHashSet("role1", "role2")); @@ -720,10 +737,12 @@ public class TestSentryStoreImportExport { verifyGroups(groupsMap, Sets.newHashSet("group1")); // test the mapping data for group and role - Map<String, Set<String>> actualGroupRolesMap = sentryStore.getGroupNameRoleNamesMap(); + List<Map<String, Set<String>>> mapList = sentryStore.getGroupUserRoleMapList(null); + Map<String, Set<String>> actualGroupRolesMap = mapList.get( + SentryStore.INDEX_GROUP_ROLES_MAP); Map<String, Set<String>> exceptedGroupRolesMap = Maps.newHashMap(); exceptedGroupRolesMap.put("group1", Sets.newHashSet("role1", "role2")); - verifyGroupRolesMap(actualGroupRolesMap, exceptedGroupRolesMap); + verifyUserGroupRolesMap(actualGroupRolesMap, exceptedGroupRolesMap); // test the mapping data for role and privilege Map<String, Set<TSentryPrivilege>> actualRolePrivilegesMap = sentryStore @@ -754,13 +773,13 @@ public class TestSentryStoreImportExport { sentryGroupRolesMap.put("group3", Sets.newHashSet("role2", "role3")); sentryGroupRolesMap.put("group4", Sets.newHashSet("role1", "role2", "role3")); sentryRolePrivilegesMap.put("role1", Sets.newHashSet( - tSentryPrivilege3, tSentryPrivilege4, tSentryPrivilege9)); + tSentryPrivilege3, tSentryPrivilege4, tSentryPrivilege9)); sentryRolePrivilegesMap.put("role2", Sets.newHashSet( - tSentryPrivilege3, tSentryPrivilege4, tSentryPrivilege5, tSentryPrivilege6, - tSentryPrivilege7)); + tSentryPrivilege3, tSentryPrivilege4, tSentryPrivilege5, tSentryPrivilege6, + tSentryPrivilege7)); sentryRolePrivilegesMap.put("role3", Sets.newHashSet( - tSentryPrivilege4, tSentryPrivilege5, tSentryPrivilege6, - tSentryPrivilege7, tSentryPrivilege8)); + tSentryPrivilege4, tSentryPrivilege5, tSentryPrivilege6, + tSentryPrivilege7, tSentryPrivilege8)); tSentryMappingData.setGroupRolesMap(sentryGroupRolesMap); tSentryMappingData.setRolePrivilegesMap(sentryRolePrivilegesMap); sentryStore.importSentryMetaData(tSentryMappingData, false); @@ -771,19 +790,21 @@ public class TestSentryStoreImportExport { Map<String, Set<TSentryPrivilege>> exceptedRolePrivilegesMap = Maps.newHashMap(); exceptedRolePrivilegesMap.put("role1", Sets.newHashSet(tSentryPrivilege4)); exceptedRolePrivilegesMap.put("role2", Sets.newHashSet(tSentryPrivilege4, - tSentryPrivilege5, tSentryPrivilege6, tSentryPrivilege7)); + tSentryPrivilege5, tSentryPrivilege6, tSentryPrivilege7)); exceptedRolePrivilegesMap.put("role3", Sets.newHashSet(tSentryPrivilege4, - tSentryPrivilege5, tSentryPrivilege6, tSentryPrivilege7)); + tSentryPrivilege5, tSentryPrivilege6, tSentryPrivilege7)); verifyRolePrivilegesMap(actualRolePrivilegesMap, exceptedRolePrivilegesMap); - Map<String, Set<String>> actualGroupRolesMap = sentryStore.getGroupNameRoleNamesMap( - actualRolePrivilegesMap.keySet()); + List<Map<String, Set<String>>> mapList = sentryStore.getGroupUserRoleMapList( + actualRolePrivilegesMap.keySet()); + Map<String, Set<String>> actualGroupRolesMap = mapList.get( + SentryStore.INDEX_GROUP_ROLES_MAP); Map<String, Set<String>> exceptedGroupRolesMap = Maps.newHashMap(); exceptedGroupRolesMap.put("group1", Sets.newHashSet("role1")); exceptedGroupRolesMap.put("group2", Sets.newHashSet("role1", "role2")); exceptedGroupRolesMap.put("group3", Sets.newHashSet("role2", "role3")); exceptedGroupRolesMap.put("group4", Sets.newHashSet("role1", "role2", "role3")); - verifyGroupRolesMap(actualGroupRolesMap, exceptedGroupRolesMap); + verifyUserGroupRolesMap(actualGroupRolesMap, exceptedGroupRolesMap); // verify the rolePrivilegesMap and groupRolesMap for db=db2 actualRolePrivilegesMap = sentryStore.getRoleNameTPrivilegesMap("db2", ""); @@ -792,14 +813,14 @@ public class TestSentryStoreImportExport { exceptedRolePrivilegesMap.put("role2", Sets.newHashSet(tSentryPrivilege3)); verifyRolePrivilegesMap(actualRolePrivilegesMap, exceptedRolePrivilegesMap); - actualGroupRolesMap = sentryStore.getGroupNameRoleNamesMap( - actualRolePrivilegesMap.keySet()); + mapList = sentryStore.getGroupUserRoleMapList(actualRolePrivilegesMap.keySet()); + actualGroupRolesMap = mapList.get(SentryStore.INDEX_GROUP_ROLES_MAP); exceptedGroupRolesMap = Maps.newHashMap(); exceptedGroupRolesMap.put("group1", Sets.newHashSet("role1")); exceptedGroupRolesMap.put("group2", Sets.newHashSet("role1", "role2")); exceptedGroupRolesMap.put("group3", Sets.newHashSet("role2")); exceptedGroupRolesMap.put("group4", Sets.newHashSet("role1", "role2")); - verifyGroupRolesMap(actualGroupRolesMap, exceptedGroupRolesMap); + verifyUserGroupRolesMap(actualGroupRolesMap, exceptedGroupRolesMap); // verify the rolePrivilegesMap and groupRolesMap for db=db1 and table=tbl1 actualRolePrivilegesMap = sentryStore.getRoleNameTPrivilegesMap("db1", "tbl1"); @@ -809,14 +830,14 @@ public class TestSentryStoreImportExport { exceptedRolePrivilegesMap.put("role3", Sets.newHashSet(tSentryPrivilege4)); verifyRolePrivilegesMap(actualRolePrivilegesMap, exceptedRolePrivilegesMap); - actualGroupRolesMap = sentryStore.getGroupNameRoleNamesMap( - actualRolePrivilegesMap.keySet()); + mapList = sentryStore.getGroupUserRoleMapList(actualRolePrivilegesMap.keySet()); + actualGroupRolesMap = mapList.get(SentryStore.INDEX_GROUP_ROLES_MAP); exceptedGroupRolesMap = Maps.newHashMap(); exceptedGroupRolesMap.put("group1", Sets.newHashSet("role1")); exceptedGroupRolesMap.put("group2", Sets.newHashSet("role1", "role2")); exceptedGroupRolesMap.put("group3", Sets.newHashSet("role2", "role3")); exceptedGroupRolesMap.put("group4", Sets.newHashSet("role1", "role2", "role3")); - verifyGroupRolesMap(actualGroupRolesMap, exceptedGroupRolesMap); + verifyUserGroupRolesMap(actualGroupRolesMap, exceptedGroupRolesMap); // verify the rolePrivilegesMap and groupRolesMap for db=db1 and table=tbl2 actualRolePrivilegesMap = sentryStore.getRoleNameTPrivilegesMap("db1", "tbl2"); @@ -825,13 +846,13 @@ public class TestSentryStoreImportExport { exceptedRolePrivilegesMap.put("role3", Sets.newHashSet(tSentryPrivilege5)); verifyRolePrivilegesMap(actualRolePrivilegesMap, exceptedRolePrivilegesMap); - actualGroupRolesMap = sentryStore.getGroupNameRoleNamesMap( - actualRolePrivilegesMap.keySet()); + mapList = sentryStore.getGroupUserRoleMapList(actualRolePrivilegesMap.keySet()); + actualGroupRolesMap = mapList.get(SentryStore.INDEX_GROUP_ROLES_MAP); exceptedGroupRolesMap = Maps.newHashMap(); exceptedGroupRolesMap.put("group2", Sets.newHashSet("role2")); exceptedGroupRolesMap.put("group3", Sets.newHashSet("role2", "role3")); exceptedGroupRolesMap.put("group4", Sets.newHashSet("role2", "role3")); - verifyGroupRolesMap(actualGroupRolesMap, exceptedGroupRolesMap); + verifyUserGroupRolesMap(actualGroupRolesMap, exceptedGroupRolesMap); // verify the rolePrivilegesMap and groupRolesMap for table=tbl1 actualRolePrivilegesMap = sentryStore.getRoleNameTPrivilegesMap("", "tbl1"); @@ -841,36 +862,113 @@ public class TestSentryStoreImportExport { exceptedRolePrivilegesMap.put("role3", Sets.newHashSet(tSentryPrivilege4)); verifyRolePrivilegesMap(actualRolePrivilegesMap, exceptedRolePrivilegesMap); - actualGroupRolesMap = sentryStore.getGroupNameRoleNamesMap( - actualRolePrivilegesMap.keySet()); + mapList = sentryStore.getGroupUserRoleMapList(actualRolePrivilegesMap.keySet()); + actualGroupRolesMap = mapList.get(SentryStore.INDEX_GROUP_ROLES_MAP); exceptedGroupRolesMap = Maps.newHashMap(); exceptedGroupRolesMap.put("group1", Sets.newHashSet("role1")); exceptedGroupRolesMap.put("group2", Sets.newHashSet("role1", "role2")); exceptedGroupRolesMap.put("group3", Sets.newHashSet("role2", "role3")); exceptedGroupRolesMap.put("group4", Sets.newHashSet("role1", "role2", "role3")); - verifyGroupRolesMap(actualGroupRolesMap, exceptedGroupRolesMap); + verifyUserGroupRolesMap(actualGroupRolesMap, exceptedGroupRolesMap); // verify the rolePrivilegesMap and groupRolesMap for empty parameter actualRolePrivilegesMap = sentryStore.getRoleNameTPrivilegesMap("", ""); exceptedRolePrivilegesMap = Maps.newHashMap(); exceptedRolePrivilegesMap.put("role1", Sets.newHashSet(tSentryPrivilege3, - tSentryPrivilege4, tSentryPrivilege9)); + tSentryPrivilege4, tSentryPrivilege9)); exceptedRolePrivilegesMap.put("role2", Sets.newHashSet(tSentryPrivilege3, - tSentryPrivilege4, tSentryPrivilege5, tSentryPrivilege6, - tSentryPrivilege7)); + tSentryPrivilege4, tSentryPrivilege5, tSentryPrivilege6, tSentryPrivilege7)); exceptedRolePrivilegesMap.put("role3", Sets.newHashSet(tSentryPrivilege4, - tSentryPrivilege5, tSentryPrivilege6, - tSentryPrivilege7, tSentryPrivilege8)); + tSentryPrivilege5, tSentryPrivilege6, + tSentryPrivilege7, tSentryPrivilege8)); verifyRolePrivilegesMap(actualRolePrivilegesMap, exceptedRolePrivilegesMap); - actualGroupRolesMap = sentryStore.getGroupNameRoleNamesMap( - actualRolePrivilegesMap.keySet()); + mapList = sentryStore.getGroupUserRoleMapList(actualRolePrivilegesMap.keySet()); + actualGroupRolesMap = mapList.get(SentryStore.INDEX_GROUP_ROLES_MAP); exceptedGroupRolesMap = Maps.newHashMap(); exceptedGroupRolesMap.put("group1", Sets.newHashSet("role1")); exceptedGroupRolesMap.put("group2", Sets.newHashSet("role1", "role2")); exceptedGroupRolesMap.put("group3", Sets.newHashSet("role2", "role3")); exceptedGroupRolesMap.put("group4", Sets.newHashSet("role1", "role2", "role3")); - verifyGroupRolesMap(actualGroupRolesMap, exceptedGroupRolesMap); + verifyUserGroupRolesMap(actualGroupRolesMap, exceptedGroupRolesMap); + } + + // Befor import, database is empty. + // The following information is imported: + // group1=role1,role2,role3 + // user1=role1,role2 + // user2=role2,role3 + // role1=privilege1,privilege2,privilege3,privilege4 + // role2=privilege5,privilege6,privilege7,privilege8 + // role3=privilege3,privilege4,privilege5,privilege6 + // Both import API importSentryMetaData and export APIs getRolesMap, getGroupsMap, + // getUsersMap getPrivilegesList are tested. + @Test + public void testImportExportWithUser() throws Exception { + TSentryMappingData tSentryMappingData = new TSentryMappingData(); + Map<String, Set<String>> groupRolesMap = Maps.newHashMap(); + Map<String, Set<String>> userRolesMap = Maps.newHashMap(); + Map<String, Set<TSentryPrivilege>> sentryRolePrivilegesMap = Maps.newHashMap(); + groupRolesMap.put("group1", Sets.newHashSet("Role1", "role2", "role3")); + userRolesMap.put("user1", Sets.newHashSet("Role1", "role2")); + userRolesMap.put("user2", Sets.newHashSet("role2", "role3")); + sentryRolePrivilegesMap.put("Role1", Sets.newHashSet(tSentryPrivilege1, tSentryPrivilege2, + tSentryPrivilege3, tSentryPrivilege4)); + sentryRolePrivilegesMap.put("role2", Sets.newHashSet(tSentryPrivilege5, tSentryPrivilege6, + tSentryPrivilege7, tSentryPrivilege8)); + sentryRolePrivilegesMap.put("role3", Sets.newHashSet(tSentryPrivilege3, + tSentryPrivilege4, tSentryPrivilege5, tSentryPrivilege6)); + tSentryMappingData.setGroupRolesMap(groupRolesMap); + tSentryMappingData.setRolePrivilegesMap(sentryRolePrivilegesMap); + tSentryMappingData.setUserRolesMap(userRolesMap); + sentryStore.importSentryMetaData(tSentryMappingData, false); + + Map<String, MSentryRole> rolesMap = sentryStore.getRolesMap(); + Map<String, MSentryGroup> groupsMap = sentryStore.getGroupNameToGroupMap(); + Map<String, MSentryUser> usersMap = sentryStore.getUserNameToUserMap(); + List<MSentryPrivilege> privilegesList = sentryStore.getPrivilegesList(); + + // test the result data for the role + verifyRoles(rolesMap, Sets.newHashSet("role1", "role2", "role3")); + + // test the result data for the group + verifyGroups(groupsMap, Sets.newHashSet("group1")); + + // test the result data for the user + verifyUsers(usersMap, Sets.newHashSet("user1", "user2")); + + // test the result data for the privilege + verifyPrivileges(privilegesList, Sets.newHashSet(tSentryPrivilege1, tSentryPrivilege2, + tSentryPrivilege3, tSentryPrivilege4, tSentryPrivilege5, tSentryPrivilege6, + tSentryPrivilege7, tSentryPrivilege8)); + + // test the mapping data for group and role + List<Map<String, Set<String>>> mapList = sentryStore.getGroupUserRoleMapList(null); + Map<String, Set<String>> actualGroupRolesMap = mapList.get( + SentryStore.INDEX_GROUP_ROLES_MAP); + Map<String, Set<String>> exceptedGroupRolesMap = Maps.newHashMap(); + exceptedGroupRolesMap.put("group1", Sets.newHashSet("role1", "role2", "role3")); + verifyUserGroupRolesMap(actualGroupRolesMap, exceptedGroupRolesMap); + + Map<String, Set<String>> actualUserRolesMap = mapList.get( + SentryStore.INDEX_USER_ROLES_MAP); + Map<String, Set<String>> exceptedUserRolesMap = Maps.newHashMap(); + exceptedUserRolesMap.put("user1", Sets.newHashSet("role1", "role2")); + exceptedUserRolesMap.put("user2", Sets.newHashSet("role2", "role3")); + verifyUserGroupRolesMap(actualUserRolesMap, exceptedUserRolesMap); + + // test the mapping data for role and privilege + Map<String, Set<TSentryPrivilege>> actualRolePrivilegesMap = sentryStore + .getRoleNameTPrivilegesMap(); + Map<String, Set<TSentryPrivilege>> exceptedRolePrivilegesMap = Maps.newHashMap(); + exceptedRolePrivilegesMap.put("role1", Sets.newHashSet(tSentryPrivilege1, tSentryPrivilege2, + tSentryPrivilege3, tSentryPrivilege4)); + exceptedRolePrivilegesMap.put("role2", Sets.newHashSet(tSentryPrivilege5, tSentryPrivilege6, + tSentryPrivilege7, tSentryPrivilege8)); + exceptedRolePrivilegesMap.put("role3", Sets.newHashSet(tSentryPrivilege3, + tSentryPrivilege4, tSentryPrivilege5, tSentryPrivilege6)); + + verifyRolePrivilegesMap(actualRolePrivilegesMap, exceptedRolePrivilegesMap); } private void verifyRoles(Map<String, MSentryRole> actualRoleMap, Set<String> expectedRoleNameSet) { @@ -888,6 +986,14 @@ public class TestSentryStoreImportExport { } } + private void verifyUsers(Map<String, MSentryUser> actualUsersMap, + Set<String> expectedUserNameSet) { + assertEquals(expectedUserNameSet.size(), actualUsersMap.keySet().size()); + for (String userName : actualUsersMap.keySet()) { + assertTrue(expectedUserNameSet.contains(userName)); + } + } + private void verifyPrivileges(List<MSentryPrivilege> actualPrivileges, Set<TSentryPrivilege> expectedTSentryPrivilegeSet) { assertEquals(expectedTSentryPrivilegeSet.size(), actualPrivileges.size()); @@ -904,12 +1010,12 @@ public class TestSentryStoreImportExport { } } - private void verifyGroupRolesMap(Map<String, Set<String>> actualGroupRolesMap, - Map<String, Set<String>> exceptedGroupRolesMap) { - assertEquals(exceptedGroupRolesMap.keySet().size(), actualGroupRolesMap.keySet().size()); - for (String groupName : actualGroupRolesMap.keySet()) { - Set<String> exceptedRoles = exceptedGroupRolesMap.get(groupName); - Set<String> actualRoles = actualGroupRolesMap.get(groupName); + private void verifyUserGroupRolesMap(Map<String, Set<String>> actualMap, + Map<String, Set<String>> exceptedMap) { + assertEquals(exceptedMap.keySet().size(), actualMap.keySet().size()); + for (String name : actualMap.keySet()) { + Set<String> exceptedRoles = exceptedMap.get(name); + Set<String> actualRoles = actualMap.get(name); assertEquals(actualRoles.size(), exceptedRoles.size()); assertTrue(actualRoles.equals(exceptedRoles)); }
