[1/2] sentry git commit: SENTRY-1208: Make HOST implied in privileges if not specified explicitly. (Ashish K Singh, reviewed by Dapeng Sun)

sdp Thu, 12 May 2016 20:16:57 -0700

Repository: sentry
Updated Branches:
  refs/heads/master e82a8c652 -> 1cbf44ade



SENTRY-1208: Make HOST implied in privileges if not specified explicitly. 
(Ashish K Singh, reviewed by Dapeng Sun)


Project: http://git-wip-us.apache.org/repos/asf/sentry/repo
Commit: http://git-wip-us.apache.org/repos/asf/sentry/commit/afb6d9ae
Tree: http://git-wip-us.apache.org/repos/asf/sentry/tree/afb6d9ae
Diff: http://git-wip-us.apache.org/repos/asf/sentry/diff/afb6d9ae

Branch: refs/heads/master
Commit: afb6d9ae11c80d037015a75c698d02f8bdf74af8
Parents: e82a8c6
Author: Ashish K Singh <[email protected]>
Authored: Fri May 13 10:59:42 2016 +0800
Committer: Sun Dapeng <[email protected]>
Committed: Fri May 13 10:59:42 2016 +0800

----------------------------------------------------------------------
 .../db/generic/tools/KafkaTSentryPrivilegeConvertor.java    | 9 +++++++++
 .../provider/db/generic/tools/TestSentryShellKafka.java     | 4 +++-
 2 files changed, 12 insertions(+), 1 deletion(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/sentry/blob/afb6d9ae/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/generic/tools/KafkaTSentryPrivilegeConvertor.java
----------------------------------------------------------------------
diff --git 
a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/generic/tools/KafkaTSentryPrivilegeConvertor.java
 
b/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/generic/tools/KafkaTSentryPrivilegeConvertor.java
index c7c0729..902895d 100644
--- 
a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/generic/tools/KafkaTSentryPrivilegeConvertor.java
+++ 
b/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/generic/tools/KafkaTSentryPrivilegeConvertor.java
@@ -35,6 +35,10 @@ import java.util.Iterator;
 import java.util.LinkedList;
 import java.util.List;
 
+import static 
org.apache.sentry.core.common.utils.SentryConstants.AUTHORIZABLE_SEPARATOR;
+import static org.apache.sentry.core.common.utils.SentryConstants.KV_SEPARATOR;
+import static 
org.apache.sentry.core.common.utils.SentryConstants.RESOURCE_WILDCARD_VALUE;
+
 public  class KafkaTSentryPrivilegeConvertor implements 
TSentryPrivilegeConvertor {
   private String component;
   private String service;
@@ -45,6 +49,11 @@ public  class KafkaTSentryPrivilegeConvertor implements 
TSentryPrivilegeConverto
   }
 
   public TSentryPrivilege fromString(String privilegeStr) throws Exception {
+    final String hostPrefix = KafkaAuthorizable.AuthorizableType.HOST.name() + 
KV_SEPARATOR;
+    final String hostPrefixLowerCase = hostPrefix.toLowerCase();
+    if (!privilegeStr.toLowerCase().startsWith(hostPrefixLowerCase)) {
+      privilegeStr =  hostPrefix + RESOURCE_WILDCARD_VALUE + 
AUTHORIZABLE_SEPARATOR + privilegeStr;
+    }
     validatePrivilegeHierarchy(privilegeStr);
     TSentryPrivilege tSentryPrivilege = new TSentryPrivilege();
     List<TAuthorizable> authorizables = new LinkedList<TAuthorizable>();

http://git-wip-us.apache.org/repos/asf/sentry/blob/afb6d9ae/sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/provider/db/generic/tools/TestSentryShellKafka.java
----------------------------------------------------------------------
diff --git 
a/sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/provider/db/generic/tools/TestSentryShellKafka.java
 
b/sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/provider/db/generic/tools/TestSentryShellKafka.java
index d49bc57..52112d1 100644
--- 
a/sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/provider/db/generic/tools/TestSentryShellKafka.java
+++ 
b/sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/provider/db/generic/tools/TestSentryShellKafka.java
@@ -240,6 +240,8 @@ public class TestSentryShellKafka extends 
SentryGenericServiceIntegrationBase {
             "HOST=*->CLUSTER=kafka-cluster->action=read",
             "HOST=h1->TOPIC=t1->action=write",
             "HOST=*->CONSUMERGROUP=cg1->action=read",
+            "CLUSTER=kafka-cluster->action=write",
+            "CONSUMERGROUP=cg2->action=write"
         };
         for (int i = 0; i < privs.length; ++i) {
           // test: grant privilege to role
@@ -256,7 +258,7 @@ public class TestSentryShellKafka extends 
SentryGenericServiceIntegrationBase {
 
         assertEquals("Incorrect number of privileges", privs.length, 
privilegeStrs.size());
         for (int i = 0; i < privs.length; ++i) {
-          assertTrue("Expected privilege: " + privs[i] + " in " + 
Arrays.toString(privilegeStrs.toArray()), privilegeStrs.contains(privs[i]));
+          assertTrue("Expected privilege: " + privs[i] + " in " + 
Arrays.toString(privilegeStrs.toArray()), 
privilegeStrs.contains(privs[i].startsWith("HOST=") ? privs[i] : "HOST=*->" + 
privs[i]));
         }
 
         for (int i = 0; i < privs.length; ++i) {

[1/2] sentry git commit: SENTRY-1208: Make HOST implied in privileges if not specified explicitly. (Ashish K Singh, reviewed by Dapeng Sun)

Reply via email to