Repository: sentry Updated Branches: refs/heads/master 463aafc17 -> 6888f4a13
SENTRY-1269: Converter vs Convertor is inconsistent (Gregory Chanan, Reviewed By: Sravya Tirukkovalur) Project: http://git-wip-us.apache.org/repos/asf/sentry/repo Commit: http://git-wip-us.apache.org/repos/asf/sentry/commit/6888f4a1 Tree: http://git-wip-us.apache.org/repos/asf/sentry/tree/6888f4a1 Diff: http://git-wip-us.apache.org/repos/asf/sentry/diff/6888f4a1 Branch: refs/heads/master Commit: 6888f4a137355be527576a78988c1cf203a7d8cc Parents: 463aafc Author: Gregory Chanan <[email protected]> Authored: Wed May 18 16:34:18 2016 -0700 Committer: Gregory Chanan <[email protected]> Committed: Thu May 19 15:41:00 2016 -0700 ---------------------------------------------------------------------- .../binding/solr/authz/SolrAuthzBinding.java | 7 + .../generic/SentryGenericProviderBackend.java | 8 +- .../provider/db/generic/UpdatableCache.java | 10 +- .../tools/KafkaTSentryPrivilegeConverter.java | 118 ++++++++++++++++ .../tools/KafkaTSentryPrivilegeConvertor.java | 118 ---------------- .../db/generic/tools/SentryConfigToolSolr.java | 4 +- .../db/generic/tools/SentryShellKafka.java | 6 +- .../db/generic/tools/SentryShellSolr.java | 6 +- .../tools/SolrTSentryPrivilegeConverter.java | 137 +++++++++++++++++++ .../tools/SolrTSentryPrivilegeConvertor.java | 137 ------------------- .../tools/command/GrantPrivilegeToRoleCmd.java | 8 +- .../tools/command/ListPrivilegesByRoleCmd.java | 8 +- .../command/RevokePrivilegeFromRoleCmd.java | 8 +- .../command/TSentryPrivilegeConverter.java | 33 +++++ .../command/TSentryPrivilegeConvertor.java | 33 ----- .../generic/tools/TestSentryConfigToolSolr.java | 2 +- .../e2e/kafka/AbstractKafkaSentryTestBase.java | 3 +- 17 files changed, 327 insertions(+), 319 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/sentry/blob/6888f4a1/sentry-binding/sentry-binding-solr/src/main/java/org/apache/sentry/binding/solr/authz/SolrAuthzBinding.java ---------------------------------------------------------------------- diff --git a/sentry-binding/sentry-binding-solr/src/main/java/org/apache/sentry/binding/solr/authz/SolrAuthzBinding.java b/sentry-binding/sentry-binding-solr/src/main/java/org/apache/sentry/binding/solr/authz/SolrAuthzBinding.java index 24e5172..7280bad 100644 --- a/sentry-binding/sentry-binding-solr/src/main/java/org/apache/sentry/binding/solr/authz/SolrAuthzBinding.java +++ b/sentry-binding/sentry-binding-solr/src/main/java/org/apache/sentry/binding/solr/authz/SolrAuthzBinding.java @@ -54,6 +54,8 @@ import org.apache.sentry.provider.db.generic.service.thrift.SentryGenericService import org.apache.sentry.provider.db.generic.service.thrift.TAuthorizable; import org.apache.sentry.provider.db.generic.service.thrift.TSentryGrantOption; import org.apache.sentry.provider.db.generic.service.thrift.TSentryPrivilege; +import org.apache.sentry.provider.db.generic.tools.SolrTSentryPrivilegeConverter; +import org.apache.sentry.service.thrift.ServiceConstants; import org.slf4j.Logger; import org.slf4j.LoggerFactory; @@ -120,6 +122,11 @@ public class SolrAuthzBinding { UserGroupInformation.setConfiguration(authzConf); } + // for convenience, set the PrivilegeConverter. + if (authzConf.get(ServiceConstants.ClientConfig.PRIVILEGE_CONVERTER) == null) { + authzConf.set(ServiceConstants.ClientConfig.PRIVILEGE_CONVERTER, SolrTSentryPrivilegeConverter.class.getName()); + } + // the SearchProviderBackend is deleted in SENTRY-828, this is for the compatible with the // previous Sentry. if ("org.apache.sentry.provider.db.generic.service.thrift.SearchProviderBackend" http://git-wip-us.apache.org/repos/asf/sentry/blob/6888f4a1/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/generic/SentryGenericProviderBackend.java ---------------------------------------------------------------------- diff --git a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/generic/SentryGenericProviderBackend.java b/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/generic/SentryGenericProviderBackend.java index 6de0a54..39878e9 100644 --- a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/generic/SentryGenericProviderBackend.java +++ b/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/generic/SentryGenericProviderBackend.java @@ -34,7 +34,7 @@ import org.apache.sentry.provider.common.ProviderBackendContext; import org.apache.sentry.provider.db.generic.service.thrift.SentryGenericServiceClient; import org.apache.sentry.provider.db.generic.service.thrift.SentryGenericServiceClientFactory; import org.apache.sentry.provider.db.generic.service.thrift.TSentryRole; -import org.apache.sentry.provider.db.generic.tools.command.TSentryPrivilegeConvertor; +import org.apache.sentry.provider.db.generic.tools.command.TSentryPrivilegeConverter; import org.apache.sentry.service.thrift.ServiceConstants; import org.slf4j.Logger; import org.slf4j.LoggerFactory; @@ -74,15 +74,15 @@ public class SentryGenericProviderBackend extends CacheProvider implements Provi } Constructor<?> privilegeConverterConstructor; - TSentryPrivilegeConvertor sentryPrivilegeConvertor; + TSentryPrivilegeConverter sentryPrivilegeConverter; try { privilegeConverterConstructor = Class.forName(privilegeConverter).getDeclaredConstructor(String.class, String.class); privilegeConverterConstructor.setAccessible(true); - sentryPrivilegeConvertor = (TSentryPrivilegeConvertor) privilegeConverterConstructor.newInstance(getComponentType(), getServiceName()); + sentryPrivilegeConverter = (TSentryPrivilegeConverter) privilegeConverterConstructor.newInstance(getComponentType(), getServiceName()); } catch (NoSuchMethodException | ClassNotFoundException | InstantiationException | InvocationTargetException | IllegalAccessException e) { throw new RuntimeException("Failed to create privilege converter of type " + privilegeConverter, e); } - UpdatableCache cache = new UpdatableCache(conf, getComponentType(), getServiceName(), sentryPrivilegeConvertor); + UpdatableCache cache = new UpdatableCache(conf, getComponentType(), getServiceName(), sentryPrivilegeConverter); try { cache.startUpdateThread(true); } catch (Exception e) { http://git-wip-us.apache.org/repos/asf/sentry/blob/6888f4a1/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/generic/UpdatableCache.java ---------------------------------------------------------------------- diff --git a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/generic/UpdatableCache.java b/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/generic/UpdatableCache.java index ccb349b..f272630 100644 --- a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/generic/UpdatableCache.java +++ b/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/generic/UpdatableCache.java @@ -18,7 +18,7 @@ import org.apache.hadoop.conf.Configuration; import org.apache.hadoop.security.UserGroupInformation; import org.apache.sentry.provider.common.TableCache; import org.apache.sentry.provider.db.generic.service.thrift.*; -import org.apache.sentry.provider.db.generic.tools.command.TSentryPrivilegeConvertor; +import org.apache.sentry.provider.db.generic.tools.command.TSentryPrivilegeConverter; import org.apache.sentry.service.thrift.ServiceConstants; import org.slf4j.Logger; import org.slf4j.LoggerFactory; @@ -37,7 +37,7 @@ class UpdatableCache implements TableCache { private final long cacheTtlNs; private final int allowedUpdateFailuresCount; private final Configuration conf; - private final TSentryPrivilegeConvertor tSentryPrivilegeConvertor; + private final TSentryPrivilegeConverter tSentryPrivilegeConverter; private volatile long lastRefreshedNs = 0; private int consecutiveUpdateFailuresCount = 0; @@ -68,11 +68,11 @@ class UpdatableCache implements TableCache { */ private volatile Table<String, String, Set<String>> table; - UpdatableCache(Configuration conf, String componentType, String serviceName, TSentryPrivilegeConvertor tSentryPrivilegeConvertor) { + UpdatableCache(Configuration conf, String componentType, String serviceName, TSentryPrivilegeConverter tSentryPrivilegeConverter) { this.conf = conf; this.componentType = componentType; this.serviceName = serviceName; - this.tSentryPrivilegeConvertor = tSentryPrivilegeConvertor; + this.tSentryPrivilegeConverter = tSentryPrivilegeConverter; // check caching configuration this.cacheTtlNs = TimeUnit.MILLISECONDS.toNanos(conf.getLong(ServiceConstants.ClientConfig.CACHE_TTL_MS, ServiceConstants.ClientConfig.CACHING_TTL_MS_DEFAULT)); @@ -107,7 +107,7 @@ class UpdatableCache implements TableCache { tempCache.put(group, roleName, currentPrivileges); } for (TSentryPrivilege tSentryPrivilege : tSentryPrivileges) { - currentPrivileges.add(tSentryPrivilegeConvertor.toString(tSentryPrivilege)); + currentPrivileges.add(tSentryPrivilegeConverter.toString(tSentryPrivilege)); } } } http://git-wip-us.apache.org/repos/asf/sentry/blob/6888f4a1/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/generic/tools/KafkaTSentryPrivilegeConverter.java ---------------------------------------------------------------------- diff --git a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/generic/tools/KafkaTSentryPrivilegeConverter.java b/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/generic/tools/KafkaTSentryPrivilegeConverter.java new file mode 100644 index 0000000..688bc9e --- /dev/null +++ b/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/generic/tools/KafkaTSentryPrivilegeConverter.java @@ -0,0 +1,118 @@ +/** + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package org.apache.sentry.provider.db.generic.tools; + +import com.google.common.collect.Lists; +import org.apache.sentry.core.common.utils.KeyValue; +import org.apache.sentry.core.common.utils.SentryConstants; +import org.apache.sentry.core.common.validator.PrivilegeValidatorContext; +import org.apache.sentry.core.model.kafka.KafkaAuthorizable; +import org.apache.sentry.core.model.kafka.KafkaModelAuthorizables; +import org.apache.sentry.core.model.kafka.validator.KafkaPrivilegeValidator; +import org.apache.sentry.core.common.utils.PolicyFileConstants; +import org.apache.sentry.provider.db.generic.service.thrift.TAuthorizable; +import org.apache.sentry.provider.db.generic.service.thrift.TSentryGrantOption; +import org.apache.sentry.provider.db.generic.service.thrift.TSentryPrivilege; +import org.apache.sentry.provider.db.generic.tools.command.TSentryPrivilegeConverter; + +import java.util.Iterator; +import java.util.LinkedList; +import java.util.List; + +import static org.apache.sentry.core.common.utils.SentryConstants.AUTHORIZABLE_SEPARATOR; +import static org.apache.sentry.core.common.utils.SentryConstants.KV_SEPARATOR; +import static org.apache.sentry.core.common.utils.SentryConstants.RESOURCE_WILDCARD_VALUE; + +public class KafkaTSentryPrivilegeConverter implements TSentryPrivilegeConverter { + private String component; + private String service; + + public KafkaTSentryPrivilegeConverter(String component, String service) { + this.component = component; + this.service = service; + } + + public TSentryPrivilege fromString(String privilegeStr) throws Exception { + final String hostPrefix = KafkaAuthorizable.AuthorizableType.HOST.name() + KV_SEPARATOR; + final String hostPrefixLowerCase = hostPrefix.toLowerCase(); + if (!privilegeStr.toLowerCase().startsWith(hostPrefixLowerCase)) { + privilegeStr = hostPrefix + RESOURCE_WILDCARD_VALUE + AUTHORIZABLE_SEPARATOR + privilegeStr; + } + validatePrivilegeHierarchy(privilegeStr); + TSentryPrivilege tSentryPrivilege = new TSentryPrivilege(); + List<TAuthorizable> authorizables = new LinkedList<TAuthorizable>(); + for (String authorizable : SentryConstants.AUTHORIZABLE_SPLITTER.split(privilegeStr)) { + KeyValue keyValue = new KeyValue(authorizable); + String key = keyValue.getKey(); + String value = keyValue.getValue(); + + // is it an authorizable? + KafkaAuthorizable authz = KafkaModelAuthorizables.from(keyValue); + if (authz != null) { + authorizables.add(new TAuthorizable(authz.getTypeName(), authz.getName())); + + } else if (PolicyFileConstants.PRIVILEGE_ACTION_NAME.equalsIgnoreCase(key)) { + tSentryPrivilege.setAction(value); + } + } + + if (tSentryPrivilege.getAction() == null) { + throw new IllegalArgumentException("Privilege is invalid: action required but not specified."); + } + tSentryPrivilege.setComponent(component); + tSentryPrivilege.setServiceName(service); + tSentryPrivilege.setAuthorizables(authorizables); + return tSentryPrivilege; + } + + public String toString(TSentryPrivilege tSentryPrivilege) { + List<String> privileges = Lists.newArrayList(); + if (tSentryPrivilege != null) { + List<TAuthorizable> authorizables = tSentryPrivilege.getAuthorizables(); + String action = tSentryPrivilege.getAction(); + String grantOption = (tSentryPrivilege.getGrantOption() == TSentryGrantOption.TRUE ? "true" + : "false"); + + Iterator<TAuthorizable> it = authorizables.iterator(); + if (it != null) { + while (it.hasNext()) { + TAuthorizable tAuthorizable = it.next(); + privileges.add(SentryConstants.KV_JOINER.join( + tAuthorizable.getType(), tAuthorizable.getName())); + } + } + + if (!authorizables.isEmpty()) { + privileges.add(SentryConstants.KV_JOINER.join( + PolicyFileConstants.PRIVILEGE_ACTION_NAME, action)); + } + + // only append the grant option to privilege string if it's true + if ("true".equals(grantOption)) { + privileges.add(SentryConstants.KV_JOINER.join( + PolicyFileConstants.PRIVILEGE_GRANT_OPTION_NAME, grantOption)); + } + } + return SentryConstants.AUTHORIZABLE_JOINER.join(privileges); + } + + private static void validatePrivilegeHierarchy(String privilegeStr) throws Exception { + new KafkaPrivilegeValidator().validate(new PrivilegeValidatorContext(privilegeStr)); + } +} http://git-wip-us.apache.org/repos/asf/sentry/blob/6888f4a1/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/generic/tools/KafkaTSentryPrivilegeConvertor.java ---------------------------------------------------------------------- diff --git a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/generic/tools/KafkaTSentryPrivilegeConvertor.java b/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/generic/tools/KafkaTSentryPrivilegeConvertor.java deleted file mode 100644 index 902895d..0000000 --- a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/generic/tools/KafkaTSentryPrivilegeConvertor.java +++ /dev/null @@ -1,118 +0,0 @@ -/** - * Licensed to the Apache Software Foundation (ASF) under one - * or more contributor license agreements. See the NOTICE file - * distributed with this work for additional information - * regarding copyright ownership. The ASF licenses this file - * to you under the Apache License, Version 2.0 (the - * "License"); you may not use this file except in compliance - * with the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -package org.apache.sentry.provider.db.generic.tools; - -import com.google.common.collect.Lists; -import org.apache.sentry.core.common.utils.KeyValue; -import org.apache.sentry.core.common.utils.SentryConstants; -import org.apache.sentry.core.common.validator.PrivilegeValidatorContext; -import org.apache.sentry.core.model.kafka.KafkaAuthorizable; -import org.apache.sentry.core.model.kafka.KafkaModelAuthorizables; -import org.apache.sentry.core.model.kafka.validator.KafkaPrivilegeValidator; -import org.apache.sentry.core.common.utils.PolicyFileConstants; -import org.apache.sentry.provider.db.generic.service.thrift.TAuthorizable; -import org.apache.sentry.provider.db.generic.service.thrift.TSentryGrantOption; -import org.apache.sentry.provider.db.generic.service.thrift.TSentryPrivilege; -import org.apache.sentry.provider.db.generic.tools.command.TSentryPrivilegeConvertor; - -import java.util.Iterator; -import java.util.LinkedList; -import java.util.List; - -import static org.apache.sentry.core.common.utils.SentryConstants.AUTHORIZABLE_SEPARATOR; -import static org.apache.sentry.core.common.utils.SentryConstants.KV_SEPARATOR; -import static org.apache.sentry.core.common.utils.SentryConstants.RESOURCE_WILDCARD_VALUE; - -public class KafkaTSentryPrivilegeConvertor implements TSentryPrivilegeConvertor { - private String component; - private String service; - - public KafkaTSentryPrivilegeConvertor(String component, String service) { - this.component = component; - this.service = service; - } - - public TSentryPrivilege fromString(String privilegeStr) throws Exception { - final String hostPrefix = KafkaAuthorizable.AuthorizableType.HOST.name() + KV_SEPARATOR; - final String hostPrefixLowerCase = hostPrefix.toLowerCase(); - if (!privilegeStr.toLowerCase().startsWith(hostPrefixLowerCase)) { - privilegeStr = hostPrefix + RESOURCE_WILDCARD_VALUE + AUTHORIZABLE_SEPARATOR + privilegeStr; - } - validatePrivilegeHierarchy(privilegeStr); - TSentryPrivilege tSentryPrivilege = new TSentryPrivilege(); - List<TAuthorizable> authorizables = new LinkedList<TAuthorizable>(); - for (String authorizable : SentryConstants.AUTHORIZABLE_SPLITTER.split(privilegeStr)) { - KeyValue keyValue = new KeyValue(authorizable); - String key = keyValue.getKey(); - String value = keyValue.getValue(); - - // is it an authorizable? - KafkaAuthorizable authz = KafkaModelAuthorizables.from(keyValue); - if (authz != null) { - authorizables.add(new TAuthorizable(authz.getTypeName(), authz.getName())); - - } else if (PolicyFileConstants.PRIVILEGE_ACTION_NAME.equalsIgnoreCase(key)) { - tSentryPrivilege.setAction(value); - } - } - - if (tSentryPrivilege.getAction() == null) { - throw new IllegalArgumentException("Privilege is invalid: action required but not specified."); - } - tSentryPrivilege.setComponent(component); - tSentryPrivilege.setServiceName(service); - tSentryPrivilege.setAuthorizables(authorizables); - return tSentryPrivilege; - } - - public String toString(TSentryPrivilege tSentryPrivilege) { - List<String> privileges = Lists.newArrayList(); - if (tSentryPrivilege != null) { - List<TAuthorizable> authorizables = tSentryPrivilege.getAuthorizables(); - String action = tSentryPrivilege.getAction(); - String grantOption = (tSentryPrivilege.getGrantOption() == TSentryGrantOption.TRUE ? "true" - : "false"); - - Iterator<TAuthorizable> it = authorizables.iterator(); - if (it != null) { - while (it.hasNext()) { - TAuthorizable tAuthorizable = it.next(); - privileges.add(SentryConstants.KV_JOINER.join( - tAuthorizable.getType(), tAuthorizable.getName())); - } - } - - if (!authorizables.isEmpty()) { - privileges.add(SentryConstants.KV_JOINER.join( - PolicyFileConstants.PRIVILEGE_ACTION_NAME, action)); - } - - // only append the grant option to privilege string if it's true - if ("true".equals(grantOption)) { - privileges.add(SentryConstants.KV_JOINER.join( - PolicyFileConstants.PRIVILEGE_GRANT_OPTION_NAME, grantOption)); - } - } - return SentryConstants.AUTHORIZABLE_JOINER.join(privileges); - } - - private static void validatePrivilegeHierarchy(String privilegeStr) throws Exception { - new KafkaPrivilegeValidator().validate(new PrivilegeValidatorContext(privilegeStr)); - } -} http://git-wip-us.apache.org/repos/asf/sentry/blob/6888f4a1/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/generic/tools/SentryConfigToolSolr.java ---------------------------------------------------------------------- diff --git a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/generic/tools/SentryConfigToolSolr.java b/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/generic/tools/SentryConfigToolSolr.java index 0406807..479add6 100644 --- a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/generic/tools/SentryConfigToolSolr.java +++ b/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/generic/tools/SentryConfigToolSolr.java @@ -104,7 +104,7 @@ public class SentryConfigToolSolr extends SentryConfigToolCommon { Set<String> roles = Sets.newHashSet(); Table<String, String, Set<String>> groupRolePrivilegeTable = policyFileBackend.getGroupRolePrivilegeTable(); - SolrTSentryPrivilegeConvertor convertor = new SolrTSentryPrivilegeConvertor(component, service, false); + SolrTSentryPrivilegeConverter converter = new SolrTSentryPrivilegeConverter(component, service, false); for (String groupName : groupRolePrivilegeTable.rowKeySet()) { for (String roleName : groupRolePrivilegeTable.columnKeySet()) { @@ -144,7 +144,7 @@ public class SentryConfigToolSolr extends SentryConfigToolCommon { } LOGGER.info(dryRunMessage(importPolicy) + "Adding permission: " + permission + " to role: " + roleName.toLowerCase(Locale.US)); if (importPolicy) { - client.grantPrivilege(requestorName, roleName, component, convertor.fromString(permission)); + client.grantPrivilege(requestorName, roleName, component, converter.fromString(permission)); } } } http://git-wip-us.apache.org/repos/asf/sentry/blob/6888f4a1/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/generic/tools/SentryShellKafka.java ---------------------------------------------------------------------- diff --git a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/generic/tools/SentryShellKafka.java b/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/generic/tools/SentryShellKafka.java index 0e40882..d6d9014 100644 --- a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/generic/tools/SentryShellKafka.java +++ b/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/generic/tools/SentryShellKafka.java @@ -62,15 +62,15 @@ public class SentryShellKafka extends SentryShellCommon { command = new DeleteRoleFromGroupCmd(roleName, groupName, component); } else if (isGrantPrivilegeRole) { command = new GrantPrivilegeToRoleCmd(roleName, component, - privilegeStr, new KafkaTSentryPrivilegeConvertor(component, service)); + privilegeStr, new KafkaTSentryPrivilegeConverter(component, service)); } else if (isRevokePrivilegeRole) { command = new RevokePrivilegeFromRoleCmd(roleName, component, - privilegeStr, new KafkaTSentryPrivilegeConvertor(component, service)); + privilegeStr, new KafkaTSentryPrivilegeConverter(component, service)); } else if (isListRole) { command = new ListRolesCmd(groupName, component); } else if (isListPrivilege) { command = new ListPrivilegesByRoleCmd(roleName, component, - service, new KafkaTSentryPrivilegeConvertor(component, service)); + service, new KafkaTSentryPrivilegeConverter(component, service)); } // check the requestor name http://git-wip-us.apache.org/repos/asf/sentry/blob/6888f4a1/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/generic/tools/SentryShellSolr.java ---------------------------------------------------------------------- diff --git a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/generic/tools/SentryShellSolr.java b/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/generic/tools/SentryShellSolr.java index de718e9..695c008 100644 --- a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/generic/tools/SentryShellSolr.java +++ b/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/generic/tools/SentryShellSolr.java @@ -61,15 +61,15 @@ public class SentryShellSolr extends SentryShellCommon { command = new DeleteRoleFromGroupCmd(roleName, groupName, component); } else if (isGrantPrivilegeRole) { command = new GrantPrivilegeToRoleCmd(roleName, component, - privilegeStr, new SolrTSentryPrivilegeConvertor(component, service)); + privilegeStr, new SolrTSentryPrivilegeConverter(component, service)); } else if (isRevokePrivilegeRole) { command = new RevokePrivilegeFromRoleCmd(roleName, component, - privilegeStr, new SolrTSentryPrivilegeConvertor(component, service)); + privilegeStr, new SolrTSentryPrivilegeConverter(component, service)); } else if (isListRole) { command = new ListRolesCmd(groupName, component); } else if (isListPrivilege) { command = new ListPrivilegesByRoleCmd(roleName, component, - service, new SolrTSentryPrivilegeConvertor(component, service)); + service, new SolrTSentryPrivilegeConverter(component, service)); } // check the requestor name http://git-wip-us.apache.org/repos/asf/sentry/blob/6888f4a1/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/generic/tools/SolrTSentryPrivilegeConverter.java ---------------------------------------------------------------------- diff --git a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/generic/tools/SolrTSentryPrivilegeConverter.java b/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/generic/tools/SolrTSentryPrivilegeConverter.java new file mode 100644 index 0000000..92c6c59 --- /dev/null +++ b/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/generic/tools/SolrTSentryPrivilegeConverter.java @@ -0,0 +1,137 @@ +/** + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package org.apache.sentry.provider.db.generic.tools; + +import com.google.common.collect.Lists; + +import org.apache.sentry.core.common.utils.SentryConstants; +import org.apache.sentry.core.model.search.Collection; +import org.apache.sentry.core.model.search.SearchModelAuthorizable; +import org.apache.sentry.core.common.validator.PrivilegeValidator; +import org.apache.sentry.core.common.validator.PrivilegeValidatorContext; +import org.apache.sentry.core.model.search.SearchModelAuthorizables; +import org.apache.sentry.core.model.search.SearchPrivilegeModel; +import org.apache.sentry.core.common.utils.KeyValue; +import org.apache.sentry.core.common.utils.PolicyFileConstants; +import org.apache.sentry.provider.db.generic.service.thrift.TAuthorizable; +import org.apache.sentry.provider.db.generic.service.thrift.TSentryGrantOption; +import org.apache.sentry.provider.db.generic.service.thrift.TSentryPrivilege; +import org.apache.sentry.provider.db.generic.tools.command.TSentryPrivilegeConverter; +import org.apache.shiro.config.ConfigurationException; + +import java.util.Iterator; +import java.util.LinkedList; +import java.util.List; + +public class SolrTSentryPrivilegeConverter implements TSentryPrivilegeConverter { + private String component; + private String service; + private boolean validate; + + public SolrTSentryPrivilegeConverter(String component, String service) { + this(component, service, true); + } + + public SolrTSentryPrivilegeConverter(String component, String service, boolean validate) { + this.component = component; + this.service = service; + this.validate = validate; + } + + public TSentryPrivilege fromString(String privilegeStr) throws Exception { + if (validate) { + validatePrivilegeHierarchy(privilegeStr); + } + + TSentryPrivilege tSentryPrivilege = new TSentryPrivilege(); + List<TAuthorizable> authorizables = new LinkedList<TAuthorizable>(); + for (String authorizable : SentryConstants.AUTHORIZABLE_SPLITTER.split(privilegeStr)) { + KeyValue keyValue = new KeyValue(authorizable); + String key = keyValue.getKey(); + String value = keyValue.getValue(); + + // is it an authorizable? + SearchModelAuthorizable authz = SearchModelAuthorizables.from(keyValue); + if (authz != null) { + if (authz instanceof Collection) { + Collection coll = (Collection)authz; + authorizables.add(new TAuthorizable(coll.getTypeName(), coll.getName())); + } else { + throw new IllegalArgumentException("Unknown authorizable type: " + authz.getTypeName()); + } + } else if (PolicyFileConstants.PRIVILEGE_ACTION_NAME.equalsIgnoreCase(key)) { + tSentryPrivilege.setAction(value); + // Limitation: don't support grant at this time, since the existing solr use cases don't need it. + } else { + throw new IllegalArgumentException("Unknown key: " + key); + } + } + + if (tSentryPrivilege.getAction() == null) { + throw new IllegalArgumentException("Privilege is invalid: action required but not specified."); + } + tSentryPrivilege.setComponent(component); + tSentryPrivilege.setServiceName(service); + tSentryPrivilege.setAuthorizables(authorizables); + return tSentryPrivilege; + } + + public String toString(TSentryPrivilege tSentryPrivilege) { + List<String> privileges = Lists.newArrayList(); + if (tSentryPrivilege != null) { + List<TAuthorizable> authorizables = tSentryPrivilege.getAuthorizables(); + String action = tSentryPrivilege.getAction(); + String grantOption = (tSentryPrivilege.getGrantOption() == TSentryGrantOption.TRUE ? "true" + : "false"); + + Iterator<TAuthorizable> it = authorizables.iterator(); + if (it != null) { + while (it.hasNext()) { + TAuthorizable tAuthorizable = it.next(); + privileges.add(SentryConstants.KV_JOINER.join( + tAuthorizable.getType(), tAuthorizable.getName())); + } + } + + if (!authorizables.isEmpty()) { + privileges.add(SentryConstants.KV_JOINER.join( + PolicyFileConstants.PRIVILEGE_ACTION_NAME, action)); + } + + // only append the grant option to privilege string if it's true + if ("true".equals(grantOption)) { + privileges.add(SentryConstants.KV_JOINER.join( + PolicyFileConstants.PRIVILEGE_GRANT_OPTION_NAME, grantOption)); + } + } + return SentryConstants.AUTHORIZABLE_JOINER.join(privileges); + } + + private static void validatePrivilegeHierarchy(String privilegeStr) throws Exception { + List<PrivilegeValidator> validators = SearchPrivilegeModel.getInstance().getPrivilegeValidators(); + PrivilegeValidatorContext context = new PrivilegeValidatorContext(null, privilegeStr); + for (PrivilegeValidator validator : validators) { + try { + validator.validate(context); + } catch (ConfigurationException e) { + throw new IllegalArgumentException(e); + } + } + } +} http://git-wip-us.apache.org/repos/asf/sentry/blob/6888f4a1/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/generic/tools/SolrTSentryPrivilegeConvertor.java ---------------------------------------------------------------------- diff --git a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/generic/tools/SolrTSentryPrivilegeConvertor.java b/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/generic/tools/SolrTSentryPrivilegeConvertor.java deleted file mode 100644 index 29250c4..0000000 --- a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/generic/tools/SolrTSentryPrivilegeConvertor.java +++ /dev/null @@ -1,137 +0,0 @@ -/** - * Licensed to the Apache Software Foundation (ASF) under one - * or more contributor license agreements. See the NOTICE file - * distributed with this work for additional information - * regarding copyright ownership. The ASF licenses this file - * to you under the Apache License, Version 2.0 (the - * "License"); you may not use this file except in compliance - * with the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -package org.apache.sentry.provider.db.generic.tools; - -import com.google.common.collect.Lists; - -import org.apache.sentry.core.common.utils.SentryConstants; -import org.apache.sentry.core.model.search.Collection; -import org.apache.sentry.core.model.search.SearchModelAuthorizable; -import org.apache.sentry.core.common.validator.PrivilegeValidator; -import org.apache.sentry.core.common.validator.PrivilegeValidatorContext; -import org.apache.sentry.core.model.search.SearchModelAuthorizables; -import org.apache.sentry.core.model.search.SearchPrivilegeModel; -import org.apache.sentry.core.common.utils.KeyValue; -import org.apache.sentry.core.common.utils.PolicyFileConstants; -import org.apache.sentry.provider.db.generic.service.thrift.TAuthorizable; -import org.apache.sentry.provider.db.generic.service.thrift.TSentryGrantOption; -import org.apache.sentry.provider.db.generic.service.thrift.TSentryPrivilege; -import org.apache.sentry.provider.db.generic.tools.command.TSentryPrivilegeConvertor; -import org.apache.shiro.config.ConfigurationException; - -import java.util.Iterator; -import java.util.LinkedList; -import java.util.List; - -public class SolrTSentryPrivilegeConvertor implements TSentryPrivilegeConvertor { - private String component; - private String service; - private boolean validate; - - public SolrTSentryPrivilegeConvertor(String component, String service) { - this(component, service, true); - } - - public SolrTSentryPrivilegeConvertor(String component, String service, boolean validate) { - this.component = component; - this.service = service; - this.validate = validate; - } - - public TSentryPrivilege fromString(String privilegeStr) throws Exception { - if (validate) { - validatePrivilegeHierarchy(privilegeStr); - } - - TSentryPrivilege tSentryPrivilege = new TSentryPrivilege(); - List<TAuthorizable> authorizables = new LinkedList<TAuthorizable>(); - for (String authorizable : SentryConstants.AUTHORIZABLE_SPLITTER.split(privilegeStr)) { - KeyValue keyValue = new KeyValue(authorizable); - String key = keyValue.getKey(); - String value = keyValue.getValue(); - - // is it an authorizable? - SearchModelAuthorizable authz = SearchModelAuthorizables.from(keyValue); - if (authz != null) { - if (authz instanceof Collection) { - Collection coll = (Collection)authz; - authorizables.add(new TAuthorizable(coll.getTypeName(), coll.getName())); - } else { - throw new IllegalArgumentException("Unknown authorizable type: " + authz.getTypeName()); - } - } else if (PolicyFileConstants.PRIVILEGE_ACTION_NAME.equalsIgnoreCase(key)) { - tSentryPrivilege.setAction(value); - // Limitation: don't support grant at this time, since the existing solr use cases don't need it. - } else { - throw new IllegalArgumentException("Unknown key: " + key); - } - } - - if (tSentryPrivilege.getAction() == null) { - throw new IllegalArgumentException("Privilege is invalid: action required but not specified."); - } - tSentryPrivilege.setComponent(component); - tSentryPrivilege.setServiceName(service); - tSentryPrivilege.setAuthorizables(authorizables); - return tSentryPrivilege; - } - - public String toString(TSentryPrivilege tSentryPrivilege) { - List<String> privileges = Lists.newArrayList(); - if (tSentryPrivilege != null) { - List<TAuthorizable> authorizables = tSentryPrivilege.getAuthorizables(); - String action = tSentryPrivilege.getAction(); - String grantOption = (tSentryPrivilege.getGrantOption() == TSentryGrantOption.TRUE ? "true" - : "false"); - - Iterator<TAuthorizable> it = authorizables.iterator(); - if (it != null) { - while (it.hasNext()) { - TAuthorizable tAuthorizable = it.next(); - privileges.add(SentryConstants.KV_JOINER.join( - tAuthorizable.getType(), tAuthorizable.getName())); - } - } - - if (!authorizables.isEmpty()) { - privileges.add(SentryConstants.KV_JOINER.join( - PolicyFileConstants.PRIVILEGE_ACTION_NAME, action)); - } - - // only append the grant option to privilege string if it's true - if ("true".equals(grantOption)) { - privileges.add(SentryConstants.KV_JOINER.join( - PolicyFileConstants.PRIVILEGE_GRANT_OPTION_NAME, grantOption)); - } - } - return SentryConstants.AUTHORIZABLE_JOINER.join(privileges); - } - - private static void validatePrivilegeHierarchy(String privilegeStr) throws Exception { - List<PrivilegeValidator> validators = SearchPrivilegeModel.getInstance().getPrivilegeValidators(); - PrivilegeValidatorContext context = new PrivilegeValidatorContext(null, privilegeStr); - for (PrivilegeValidator validator : validators) { - try { - validator.validate(context); - } catch (ConfigurationException e) { - throw new IllegalArgumentException(e); - } - } - } -} http://git-wip-us.apache.org/repos/asf/sentry/blob/6888f4a1/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/generic/tools/command/GrantPrivilegeToRoleCmd.java ---------------------------------------------------------------------- diff --git a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/generic/tools/command/GrantPrivilegeToRoleCmd.java b/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/generic/tools/command/GrantPrivilegeToRoleCmd.java index 5867983..634bb42 100644 --- a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/generic/tools/command/GrantPrivilegeToRoleCmd.java +++ b/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/generic/tools/command/GrantPrivilegeToRoleCmd.java @@ -28,19 +28,19 @@ public class GrantPrivilegeToRoleCmd implements Command { private String roleName; private String component; private String privilegeStr; - private TSentryPrivilegeConvertor convertor; + private TSentryPrivilegeConverter converter; public GrantPrivilegeToRoleCmd(String roleName, String component, String privilegeStr, - TSentryPrivilegeConvertor convertor) { + TSentryPrivilegeConverter converter) { this.roleName = roleName; this.component = component; this.privilegeStr = privilegeStr; - this.convertor = convertor; + this.converter = converter; } @Override public void execute(SentryGenericServiceClient client, String requestorName) throws Exception { - TSentryPrivilege privilege = convertor.fromString(privilegeStr); + TSentryPrivilege privilege = converter.fromString(privilegeStr); client.grantPrivilege(requestorName, roleName, component, privilege); } http://git-wip-us.apache.org/repos/asf/sentry/blob/6888f4a1/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/generic/tools/command/ListPrivilegesByRoleCmd.java ---------------------------------------------------------------------- diff --git a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/generic/tools/command/ListPrivilegesByRoleCmd.java b/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/generic/tools/command/ListPrivilegesByRoleCmd.java index 8420291..ce6db3a 100644 --- a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/generic/tools/command/ListPrivilegesByRoleCmd.java +++ b/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/generic/tools/command/ListPrivilegesByRoleCmd.java @@ -30,14 +30,14 @@ public class ListPrivilegesByRoleCmd implements Command { private String roleName; private String component; private String serviceName; - private TSentryPrivilegeConvertor convertor; + private TSentryPrivilegeConverter converter; public ListPrivilegesByRoleCmd(String roleName, String component, String serviceName, - TSentryPrivilegeConvertor convertor) { + TSentryPrivilegeConverter converter) { this.roleName = roleName; this.component = component; this.serviceName = serviceName; - this.convertor = convertor; + this.converter = converter; } @Override @@ -46,7 +46,7 @@ public class ListPrivilegesByRoleCmd implements Command { .listPrivilegesByRoleName(requestorName, roleName, component, serviceName); if (privileges != null) { for (TSentryPrivilege privilege : privileges) { - String privilegeStr = convertor.toString(privilege); + String privilegeStr = converter.toString(privilege); System.out.println(privilegeStr); } } http://git-wip-us.apache.org/repos/asf/sentry/blob/6888f4a1/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/generic/tools/command/RevokePrivilegeFromRoleCmd.java ---------------------------------------------------------------------- diff --git a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/generic/tools/command/RevokePrivilegeFromRoleCmd.java b/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/generic/tools/command/RevokePrivilegeFromRoleCmd.java index fba17e6..3e42e60 100644 --- a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/generic/tools/command/RevokePrivilegeFromRoleCmd.java +++ b/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/generic/tools/command/RevokePrivilegeFromRoleCmd.java @@ -28,19 +28,19 @@ public class RevokePrivilegeFromRoleCmd implements Command { private String roleName; private String component; private String privilegeStr; - private TSentryPrivilegeConvertor convertor; + private TSentryPrivilegeConverter converter; public RevokePrivilegeFromRoleCmd(String roleName, String component, String privilegeStr, - TSentryPrivilegeConvertor convertor) { + TSentryPrivilegeConverter converter) { this.roleName = roleName; this.component = component; this.privilegeStr = privilegeStr; - this.convertor = convertor; + this.converter = converter; } @Override public void execute(SentryGenericServiceClient client, String requestorName) throws Exception { - TSentryPrivilege privilege = convertor.fromString(privilegeStr); + TSentryPrivilege privilege = converter.fromString(privilegeStr); client.revokePrivilege(requestorName, roleName, component, privilege); } http://git-wip-us.apache.org/repos/asf/sentry/blob/6888f4a1/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/generic/tools/command/TSentryPrivilegeConverter.java ---------------------------------------------------------------------- diff --git a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/generic/tools/command/TSentryPrivilegeConverter.java b/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/generic/tools/command/TSentryPrivilegeConverter.java new file mode 100644 index 0000000..ab44895 --- /dev/null +++ b/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/generic/tools/command/TSentryPrivilegeConverter.java @@ -0,0 +1,33 @@ +/** + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package org.apache.sentry.provider.db.generic.tools.command; + +import org.apache.sentry.provider.db.generic.service.thrift.TSentryPrivilege; + +public interface TSentryPrivilegeConverter { + + /** + * Convert string to privilege + */ + TSentryPrivilege fromString(String privilegeStr) throws Exception; + + /** + * Convert privilege to string + */ + String toString(TSentryPrivilege tSentryPrivilege); +} http://git-wip-us.apache.org/repos/asf/sentry/blob/6888f4a1/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/generic/tools/command/TSentryPrivilegeConvertor.java ---------------------------------------------------------------------- diff --git a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/generic/tools/command/TSentryPrivilegeConvertor.java b/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/generic/tools/command/TSentryPrivilegeConvertor.java deleted file mode 100644 index f872341..0000000 --- a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/generic/tools/command/TSentryPrivilegeConvertor.java +++ /dev/null @@ -1,33 +0,0 @@ -/** - * Licensed to the Apache Software Foundation (ASF) under one - * or more contributor license agreements. See the NOTICE file - * distributed with this work for additional information - * regarding copyright ownership. The ASF licenses this file - * to you under the Apache License, Version 2.0 (the - * "License"); you may not use this file except in compliance - * with the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ -package org.apache.sentry.provider.db.generic.tools.command; - -import org.apache.sentry.provider.db.generic.service.thrift.TSentryPrivilege; - -public interface TSentryPrivilegeConvertor { - - /** - * Convert string to privilege - */ - TSentryPrivilege fromString(String privilegeStr) throws Exception; - - /** - * Convert privilege to string - */ - String toString(TSentryPrivilege tSentryPrivilege); -} http://git-wip-us.apache.org/repos/asf/sentry/blob/6888f4a1/sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/provider/db/generic/tools/TestSentryConfigToolSolr.java ---------------------------------------------------------------------- diff --git a/sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/provider/db/generic/tools/TestSentryConfigToolSolr.java b/sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/provider/db/generic/tools/TestSentryConfigToolSolr.java index 51679de..df5e2e6 100644 --- a/sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/provider/db/generic/tools/TestSentryConfigToolSolr.java +++ b/sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/provider/db/generic/tools/TestSentryConfigToolSolr.java @@ -133,7 +133,7 @@ public class TestSentryConfigToolSolr extends SentryGenericServiceIntegrationBas } // check privileges - SolrTSentryPrivilegeConvertor convert = new SolrTSentryPrivilegeConvertor(SOLR, service); + SolrTSentryPrivilegeConverter convert = new SolrTSentryPrivilegeConverter(SOLR, service); for (String role : roles) { Set<TSentryPrivilege> privileges = client.listPrivilegesByRoleName( requestorName, role, SOLR, service); http://git-wip-us.apache.org/repos/asf/sentry/blob/6888f4a1/sentry-tests/sentry-tests-kafka/src/test/java/org/apache/sentry/tests/e2e/kafka/AbstractKafkaSentryTestBase.java ---------------------------------------------------------------------- diff --git a/sentry-tests/sentry-tests-kafka/src/test/java/org/apache/sentry/tests/e2e/kafka/AbstractKafkaSentryTestBase.java b/sentry-tests/sentry-tests-kafka/src/test/java/org/apache/sentry/tests/e2e/kafka/AbstractKafkaSentryTestBase.java index c4e3863..74fe421 100644 --- a/sentry-tests/sentry-tests-kafka/src/test/java/org/apache/sentry/tests/e2e/kafka/AbstractKafkaSentryTestBase.java +++ b/sentry-tests/sentry-tests-kafka/src/test/java/org/apache/sentry/tests/e2e/kafka/AbstractKafkaSentryTestBase.java @@ -32,6 +32,7 @@ import org.apache.sentry.provider.db.generic.service.thrift.SentryGenericService import org.apache.sentry.provider.db.generic.service.thrift.SentryGenericServiceClientFactory; import org.apache.sentry.provider.db.generic.service.thrift.TAuthorizable; import org.apache.sentry.provider.db.generic.service.thrift.TSentryPrivilege; +import org.apache.sentry.provider.db.generic.tools.KafkaTSentryPrivilegeConverter; import org.apache.sentry.provider.file.LocalGroupResourceAuthorizationProvider; import org.apache.sentry.provider.file.PolicyFile; import org.apache.sentry.service.thrift.SentryService; @@ -216,7 +217,7 @@ public class AbstractKafkaSentryTestBase { conf.set(KafkaAuthConf.AuthzConfVars.AUTHZ_PROVIDER_RESOURCE.getVar(), policyFilePath.getPath()); conf.setBoolean(ClientConfig.ENABLE_CACHING, true); conf.setLong(ClientConfig.CACHE_TTL_MS, CACHE_TTL_MS); - conf.set(ClientConfig.PRIVILEGE_CONVERTER, "org.apache.sentry.provider.db.generic.tools.KafkaTSentryPrivilegeConvertor"); + conf.set(ClientConfig.PRIVILEGE_CONVERTER, KafkaTSentryPrivilegeConverter.class.getName()); return conf; }
