Repository: sentry Updated Branches: refs/heads/master 0db74b863 -> fd1fbf70d
SENTRY-1233: Logging improvements to SentryConfigToolSolr (Gregory Chanan, Reviewed by: Vamsee Yarlagadda) Project: http://git-wip-us.apache.org/repos/asf/sentry/repo Commit: http://git-wip-us.apache.org/repos/asf/sentry/commit/fd1fbf70 Tree: http://git-wip-us.apache.org/repos/asf/sentry/tree/fd1fbf70 Diff: http://git-wip-us.apache.org/repos/asf/sentry/diff/fd1fbf70 Branch: refs/heads/master Commit: fd1fbf70d247e4eefa50f9621faeb85db03645dd Parents: 0db74b8 Author: Gregory Chanan <[email protected]> Authored: Wed May 4 19:09:09 2016 -0700 Committer: Gregory Chanan <[email protected]> Committed: Mon May 9 14:28:27 2016 -0700 ---------------------------------------------------------------------- .../db/generic/tools/SentryConfigToolSolr.java | 78 +++++++++++--------- 1 file changed, 45 insertions(+), 33 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/sentry/blob/fd1fbf70/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/generic/tools/SentryConfigToolSolr.java ---------------------------------------------------------------------- diff --git a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/generic/tools/SentryConfigToolSolr.java b/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/generic/tools/SentryConfigToolSolr.java index 22895eb..0406807 100644 --- a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/generic/tools/SentryConfigToolSolr.java +++ b/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/generic/tools/SentryConfigToolSolr.java @@ -100,46 +100,50 @@ public class SentryConfigToolSolr extends SentryConfigToolCommon { checkCompat(policyFileBackend); } - if (importPolicy) { - //import the relations about group,role and privilege into the DB store - Set<String> roles = Sets.newHashSet(); - Table<String, String, Set<String>> groupRolePrivilegeTable = - policyFileBackend.getGroupRolePrivilegeTable(); - SolrTSentryPrivilegeConvertor convertor = new SolrTSentryPrivilegeConvertor(component, service, false); - - for (String groupName : groupRolePrivilegeTable.rowKeySet()) { - for (String roleName : groupRolePrivilegeTable.columnKeySet()) { - if (!roles.contains(roleName)) { - LOGGER.info("Creating role: " + roleName); + //import the relations about group,role and privilege into the DB store + Set<String> roles = Sets.newHashSet(); + Table<String, String, Set<String>> groupRolePrivilegeTable = + policyFileBackend.getGroupRolePrivilegeTable(); + SolrTSentryPrivilegeConvertor convertor = new SolrTSentryPrivilegeConvertor(component, service, false); + + for (String groupName : groupRolePrivilegeTable.rowKeySet()) { + for (String roleName : groupRolePrivilegeTable.columnKeySet()) { + if (!roles.contains(roleName)) { + LOGGER.info(dryRunMessage(importPolicy) + "Creating role: " + roleName.toLowerCase(Locale.US)); + if (importPolicy) { client.createRoleIfNotExist(requestorName, roleName, component); - roles.add(roleName); } + roles.add(roleName); + } - Set<String> privileges = groupRolePrivilegeTable.get(groupName, roleName); - if (privileges == null) { - continue; - } - LOGGER.info("Adding role: " + roleName + " to group: " + groupName); + Set<String> privileges = groupRolePrivilegeTable.get(groupName, roleName); + if (privileges == null) { + continue; + } + LOGGER.info(dryRunMessage(importPolicy) + "Adding role: " + roleName.toLowerCase(Locale.US) + " to group: " + groupName); + if (importPolicy) { client.addRoleToGroups(requestorName, roleName, component, Sets.newHashSet(groupName)); + } - for (String permission : privileges) { - String action = null; - - for (String authorizable : SentryConstants.AUTHORIZABLE_SPLITTER. - trimResults().split(permission)) { - KeyValue kv = new KeyValue(authorizable); - String key = kv.getKey(); - String value = kv.getValue(); - if ("action".equalsIgnoreCase(key)) { - action = value; - } - } + for (String permission : privileges) { + String action = null; - // Service doesn't support not specifying action - if (action == null) { - permission += "->action=" + Action.ALL; + for (String authorizable : SentryConstants.AUTHORIZABLE_SPLITTER. + trimResults().split(permission)) { + KeyValue kv = new KeyValue(authorizable); + String key = kv.getKey(); + String value = kv.getValue(); + if ("action".equalsIgnoreCase(key)) { + action = value; } - LOGGER.info("Adding permission: " + permission + " to role: " + roleName); + } + + // Service doesn't support not specifying action + if (action == null) { + permission += "->action=" + Action.ALL; + } + LOGGER.info(dryRunMessage(importPolicy) + "Adding permission: " + permission + " to role: " + roleName.toLowerCase(Locale.US)); + if (importPolicy) { client.grantPrivilege(requestorName, roleName, component, convertor.fromString(permission)); } } @@ -228,6 +232,14 @@ public class SentryConfigToolSolr extends SentryConfigToolCommon { } } + private String dryRunMessage(boolean importPolicy) { + if (importPolicy) { + return ""; + } else { + return "[Dry Run] "; + } + } + public static void main(String[] args) throws Exception { SentryConfigToolSolr solrTool = new SentryConfigToolSolr(); try {
