Repository: sentry Updated Branches: refs/heads/SENTRY-1205 f5368df5e -> 2bae73290
SENTRY-1337: Move GroupMappingService from sentry-provider-common to sentry-core-common(Colin Ma, reviewed by Dapeng Sun) Project: http://git-wip-us.apache.org/repos/asf/sentry/repo Commit: http://git-wip-us.apache.org/repos/asf/sentry/commit/2bae7329 Tree: http://git-wip-us.apache.org/repos/asf/sentry/tree/2bae7329 Diff: http://git-wip-us.apache.org/repos/asf/sentry/diff/2bae7329 Branch: refs/heads/SENTRY-1205 Commit: 2bae7329000ee04214e264845934fdddd5ef4f5a Parents: f5368df Author: Colin Ma <[email protected]> Authored: Mon Jun 20 12:13:14 2016 +0800 Committer: Colin Ma <[email protected]> Committed: Mon Jun 20 12:13:14 2016 +0800 ---------------------------------------------------------------------- .../binding/hive/MockUserToGroupMapping.java | 2 +- ...sourceAuthorizationProviderGeneralCases.java | 2 +- .../kafka/MockGroupMappingServiceProvider.java | 2 +- .../binding/solr/authz/SolrAuthzBinding.java | 2 +- ...SearchAuthorizationProviderGeneralCases.java | 2 +- ...tSqoopAuthorizationProviderGeneralCases.java | 2 +- .../common/service/GroupMappingService.java | 35 ++++++++++ .../service/HadoopGroupMappingService.java | 69 ++++++++++++++++++++ .../MockGroupMappingServiceProvider.java | 44 +++++++++++++ .../common/service/NoGroupMappingService.java | 33 ++++++++++ ...ndexerAuthorizationProviderGeneralCases.java | 2 +- .../provider/common/AuthorizationProvider.java | 1 + .../provider/common/GroupMappingService.java | 35 ---------- .../common/HadoopGroupMappingService.java | 69 -------------------- ...adoopGroupResourceAuthorizationProvider.java | 2 + .../common/NoAuthorizationProvider.java | 2 + .../provider/common/NoGroupMappingService.java | 33 ---------- .../common/ResourceAuthorizationProvider.java | 1 + ...adoopGroupResourceAuthorizationProvider.java | 2 +- .../common/MockGroupMappingServiceProvider.java | 44 ------------- .../provider/common/TestGetGroupMapping.java | 1 + .../common/TestNoAuthorizationProvider.java | 1 + .../thrift/SentryPolicyStoreProcessor.java | 2 +- .../TestSentryGenericPolicyProcessor.java | 2 +- .../provider/file/LocalGroupMappingService.java | 2 +- 25 files changed, 200 insertions(+), 192 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/sentry/blob/2bae7329/sentry-binding/sentry-binding-hive/src/test/java/org/apache/sentry/binding/hive/MockUserToGroupMapping.java ---------------------------------------------------------------------- diff --git a/sentry-binding/sentry-binding-hive/src/test/java/org/apache/sentry/binding/hive/MockUserToGroupMapping.java b/sentry-binding/sentry-binding-hive/src/test/java/org/apache/sentry/binding/hive/MockUserToGroupMapping.java index c095603..8ea8e1b 100644 --- a/sentry-binding/sentry-binding-hive/src/test/java/org/apache/sentry/binding/hive/MockUserToGroupMapping.java +++ b/sentry-binding/sentry-binding-hive/src/test/java/org/apache/sentry/binding/hive/MockUserToGroupMapping.java @@ -19,7 +19,7 @@ package org.apache.sentry.binding.hive; import java.util.Set; -import org.apache.sentry.provider.common.GroupMappingService; +import org.apache.sentry.core.common.service.GroupMappingService; import com.google.common.collect.Sets; http://git-wip-us.apache.org/repos/asf/sentry/blob/2bae7329/sentry-binding/sentry-binding-hive/src/test/java/org/apache/sentry/policy/hive/TestResourceAuthorizationProviderGeneralCases.java ---------------------------------------------------------------------- diff --git a/sentry-binding/sentry-binding-hive/src/test/java/org/apache/sentry/policy/hive/TestResourceAuthorizationProviderGeneralCases.java b/sentry-binding/sentry-binding-hive/src/test/java/org/apache/sentry/policy/hive/TestResourceAuthorizationProviderGeneralCases.java index 403eb6a..2ace656 100644 --- a/sentry-binding/sentry-binding-hive/src/test/java/org/apache/sentry/policy/hive/TestResourceAuthorizationProviderGeneralCases.java +++ b/sentry-binding/sentry-binding-hive/src/test/java/org/apache/sentry/policy/hive/TestResourceAuthorizationProviderGeneralCases.java @@ -37,7 +37,7 @@ import org.apache.sentry.core.model.db.Database; import org.apache.sentry.core.model.db.HivePrivilegeModel; import org.apache.sentry.core.model.db.Server; import org.apache.sentry.core.model.db.Table; -import org.apache.sentry.provider.common.GroupMappingService; +import org.apache.sentry.core.common.service.GroupMappingService; import org.apache.sentry.provider.common.ResourceAuthorizationProvider; import org.apache.sentry.provider.file.HadoopGroupResourceAuthorizationProvider; import org.apache.sentry.provider.file.PolicyFiles; http://git-wip-us.apache.org/repos/asf/sentry/blob/2bae7329/sentry-binding/sentry-binding-kafka/src/test/java/org/apache/sentry/policy/kafka/MockGroupMappingServiceProvider.java ---------------------------------------------------------------------- diff --git a/sentry-binding/sentry-binding-kafka/src/test/java/org/apache/sentry/policy/kafka/MockGroupMappingServiceProvider.java b/sentry-binding/sentry-binding-kafka/src/test/java/org/apache/sentry/policy/kafka/MockGroupMappingServiceProvider.java index 572c74d..1329520 100644 --- a/sentry-binding/sentry-binding-kafka/src/test/java/org/apache/sentry/policy/kafka/MockGroupMappingServiceProvider.java +++ b/sentry-binding/sentry-binding-kafka/src/test/java/org/apache/sentry/policy/kafka/MockGroupMappingServiceProvider.java @@ -20,7 +20,7 @@ package org.apache.sentry.policy.kafka; import java.util.Set; -import org.apache.sentry.provider.common.GroupMappingService; +import org.apache.sentry.core.common.service.GroupMappingService; import com.google.common.collect.Multimap; import com.google.common.collect.Sets; http://git-wip-us.apache.org/repos/asf/sentry/blob/2bae7329/sentry-binding/sentry-binding-solr/src/main/java/org/apache/sentry/binding/solr/authz/SolrAuthzBinding.java ---------------------------------------------------------------------- diff --git a/sentry-binding/sentry-binding-solr/src/main/java/org/apache/sentry/binding/solr/authz/SolrAuthzBinding.java b/sentry-binding/sentry-binding-solr/src/main/java/org/apache/sentry/binding/solr/authz/SolrAuthzBinding.java index 2400673..9db8337 100644 --- a/sentry-binding/sentry-binding-solr/src/main/java/org/apache/sentry/binding/solr/authz/SolrAuthzBinding.java +++ b/sentry-binding/sentry-binding-solr/src/main/java/org/apache/sentry/binding/solr/authz/SolrAuthzBinding.java @@ -44,7 +44,7 @@ import org.apache.sentry.core.model.search.SearchPrivilegeModel; import org.apache.sentry.policy.common.PolicyEngine; import org.apache.sentry.provider.common.AuthorizationComponent; import org.apache.sentry.provider.common.AuthorizationProvider; -import org.apache.sentry.provider.common.GroupMappingService; +import org.apache.sentry.core.common.service.GroupMappingService; import org.apache.sentry.provider.common.HadoopGroupResourceAuthorizationProvider; import org.apache.sentry.provider.common.ProviderBackend; import org.apache.sentry.provider.common.ProviderBackendContext; http://git-wip-us.apache.org/repos/asf/sentry/blob/2bae7329/sentry-binding/sentry-binding-solr/src/test/java/org/apache/sentry/policy/solr/TestSearchAuthorizationProviderGeneralCases.java ---------------------------------------------------------------------- diff --git a/sentry-binding/sentry-binding-solr/src/test/java/org/apache/sentry/policy/solr/TestSearchAuthorizationProviderGeneralCases.java b/sentry-binding/sentry-binding-solr/src/test/java/org/apache/sentry/policy/solr/TestSearchAuthorizationProviderGeneralCases.java index 6f7f07a..2c82dc7 100644 --- a/sentry-binding/sentry-binding-solr/src/test/java/org/apache/sentry/policy/solr/TestSearchAuthorizationProviderGeneralCases.java +++ b/sentry-binding/sentry-binding-solr/src/test/java/org/apache/sentry/policy/solr/TestSearchAuthorizationProviderGeneralCases.java @@ -34,7 +34,7 @@ import org.apache.sentry.core.common.Subject; import org.apache.sentry.core.model.search.Collection; import org.apache.sentry.core.model.search.SearchModelAction; import org.apache.sentry.core.model.search.SearchPrivilegeModel; -import org.apache.sentry.provider.common.GroupMappingService; +import org.apache.sentry.core.common.service.GroupMappingService; import org.apache.sentry.provider.common.ResourceAuthorizationProvider; import org.apache.sentry.provider.file.HadoopGroupResourceAuthorizationProvider; import org.apache.sentry.provider.file.PolicyFiles; http://git-wip-us.apache.org/repos/asf/sentry/blob/2bae7329/sentry-binding/sentry-binding-sqoop/src/test/java/org/apache/sentry/policy/sqoop/TestSqoopAuthorizationProviderGeneralCases.java ---------------------------------------------------------------------- diff --git a/sentry-binding/sentry-binding-sqoop/src/test/java/org/apache/sentry/policy/sqoop/TestSqoopAuthorizationProviderGeneralCases.java b/sentry-binding/sentry-binding-sqoop/src/test/java/org/apache/sentry/policy/sqoop/TestSqoopAuthorizationProviderGeneralCases.java index 7ce8881..a3d96fe 100644 --- a/sentry-binding/sentry-binding-sqoop/src/test/java/org/apache/sentry/policy/sqoop/TestSqoopAuthorizationProviderGeneralCases.java +++ b/sentry-binding/sentry-binding-sqoop/src/test/java/org/apache/sentry/policy/sqoop/TestSqoopAuthorizationProviderGeneralCases.java @@ -38,7 +38,7 @@ import org.apache.sentry.core.model.sqoop.Server; import org.apache.sentry.core.model.sqoop.SqoopActionConstant; import org.apache.sentry.core.model.sqoop.SqoopActionFactory.SqoopAction; import org.apache.sentry.core.model.sqoop.SqoopPrivilegeModel; -import org.apache.sentry.provider.common.GroupMappingService; +import org.apache.sentry.core.common.service.GroupMappingService; import org.apache.sentry.provider.common.ResourceAuthorizationProvider; import org.apache.sentry.provider.common.HadoopGroupResourceAuthorizationProvider; import org.apache.sentry.provider.file.PolicyFiles; http://git-wip-us.apache.org/repos/asf/sentry/blob/2bae7329/sentry-core/sentry-core-common/src/main/java/org/apache/sentry/core/common/service/GroupMappingService.java ---------------------------------------------------------------------- diff --git a/sentry-core/sentry-core-common/src/main/java/org/apache/sentry/core/common/service/GroupMappingService.java b/sentry-core/sentry-core-common/src/main/java/org/apache/sentry/core/common/service/GroupMappingService.java new file mode 100644 index 0000000..6af6ac5 --- /dev/null +++ b/sentry-core/sentry-core-common/src/main/java/org/apache/sentry/core/common/service/GroupMappingService.java @@ -0,0 +1,35 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright ownership. + * The ASF licenses this file to You under the Apache License, Version 2.0 + * (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package org.apache.sentry.core.common.service; + +import java.util.Set; + +import javax.annotation.concurrent.ThreadSafe; + +/** + * Interface so the Groups class is easier to unit test with. + * Implementations of this class are expected to be thread safe + * after construction. + */ +@ThreadSafe +public interface GroupMappingService { + + /** + * @return non-null list of groups for user + */ + Set<String> getGroups(String user); +} http://git-wip-us.apache.org/repos/asf/sentry/blob/2bae7329/sentry-core/sentry-core-common/src/main/java/org/apache/sentry/core/common/service/HadoopGroupMappingService.java ---------------------------------------------------------------------- diff --git a/sentry-core/sentry-core-common/src/main/java/org/apache/sentry/core/common/service/HadoopGroupMappingService.java b/sentry-core/sentry-core-common/src/main/java/org/apache/sentry/core/common/service/HadoopGroupMappingService.java new file mode 100644 index 0000000..2b10ae1 --- /dev/null +++ b/sentry-core/sentry-core-common/src/main/java/org/apache/sentry/core/common/service/HadoopGroupMappingService.java @@ -0,0 +1,69 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright ownership. + * The ASF licenses this file to You under the Apache License, Version 2.0 + * (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package org.apache.sentry.core.common.service; + +import java.io.IOException; +import java.util.HashSet; +import java.util.List; +import java.util.Set; + +import org.apache.commons.lang.StringUtils; +import org.apache.hadoop.conf.Configuration; +import org.apache.hadoop.security.Groups; + +import com.google.common.collect.Lists; +import org.apache.sentry.core.common.exception.SentryGroupNotFoundException; + +public class HadoopGroupMappingService implements GroupMappingService { + + private static Configuration hadoopConf; + private final Groups groups; + + public HadoopGroupMappingService(Groups groups) { + this.groups = groups; + } + + public HadoopGroupMappingService(Configuration conf, String resource) { + if (hadoopConf == null) { + synchronized (HadoopGroupMappingService.class) { + if (hadoopConf == null) { + // clone the current config and add resource path + hadoopConf = new Configuration(); + hadoopConf.addResource(conf); + if (!StringUtils.isEmpty(resource)) { + hadoopConf.addResource(resource); + } + } + } + } + this.groups = Groups.getUserToGroupsMappingService(hadoopConf); + } + + @Override + public Set<String> getGroups(String user) { + List<String> groupList = Lists.newArrayList(); + try { + groupList = groups.getGroups(user); + } catch (IOException e) { + throw new SentryGroupNotFoundException("Unable to obtain groups for " + user, e); + } + if (groupList == null || groupList.isEmpty()) { + throw new SentryGroupNotFoundException("Unable to obtain groups for " + user); + } + return new HashSet<String>(groupList); + } +} http://git-wip-us.apache.org/repos/asf/sentry/blob/2bae7329/sentry-core/sentry-core-common/src/main/java/org/apache/sentry/core/common/service/MockGroupMappingServiceProvider.java ---------------------------------------------------------------------- diff --git a/sentry-core/sentry-core-common/src/main/java/org/apache/sentry/core/common/service/MockGroupMappingServiceProvider.java b/sentry-core/sentry-core-common/src/main/java/org/apache/sentry/core/common/service/MockGroupMappingServiceProvider.java new file mode 100644 index 0000000..55010de --- /dev/null +++ b/sentry-core/sentry-core-common/src/main/java/org/apache/sentry/core/common/service/MockGroupMappingServiceProvider.java @@ -0,0 +1,44 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright ownership. + * The ASF licenses this file to You under the Apache License, Version 2.0 + * (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package org.apache.sentry.core.common.service; + +import java.util.Collection; +import java.util.Set; + +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; + +import com.google.common.collect.Multimap; +import com.google.common.collect.Sets; + +public class MockGroupMappingServiceProvider implements GroupMappingService { + private static final Logger LOGGER = LoggerFactory + .getLogger(MockGroupMappingServiceProvider.class); + private final Multimap<String, String> userToGroupMap; + + public MockGroupMappingServiceProvider(Multimap<String, String> userToGroupMap) { + this.userToGroupMap = userToGroupMap; + } + + @Override + public Set<String> getGroups(String user) { + Collection<String> groups = userToGroupMap.get(user); + LOGGER.info("Mapping " + user + " to " + groups); + return Sets.newHashSet(groups); + } + +} http://git-wip-us.apache.org/repos/asf/sentry/blob/2bae7329/sentry-core/sentry-core-common/src/main/java/org/apache/sentry/core/common/service/NoGroupMappingService.java ---------------------------------------------------------------------- diff --git a/sentry-core/sentry-core-common/src/main/java/org/apache/sentry/core/common/service/NoGroupMappingService.java b/sentry-core/sentry-core-common/src/main/java/org/apache/sentry/core/common/service/NoGroupMappingService.java new file mode 100644 index 0000000..db48788 --- /dev/null +++ b/sentry-core/sentry-core-common/src/main/java/org/apache/sentry/core/common/service/NoGroupMappingService.java @@ -0,0 +1,33 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright ownership. + * The ASF licenses this file to You under the Apache License, Version 2.0 + * (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package org.apache.sentry.core.common.service; + +import java.util.HashSet; +import java.util.Set; + +/** + * GroupMappingService that always returns an empty list of groups + */ +public class NoGroupMappingService implements GroupMappingService { + + /** + * @return empty list of groups for every user + */ + public Set<String> getGroups(String user) { + return new HashSet<String>(); + } +} http://git-wip-us.apache.org/repos/asf/sentry/blob/2bae7329/sentry-policy/sentry-policy-indexer/src/test/java/org/apache/sentry/policy/indexer/TestIndexerAuthorizationProviderGeneralCases.java ---------------------------------------------------------------------- diff --git a/sentry-policy/sentry-policy-indexer/src/test/java/org/apache/sentry/policy/indexer/TestIndexerAuthorizationProviderGeneralCases.java b/sentry-policy/sentry-policy-indexer/src/test/java/org/apache/sentry/policy/indexer/TestIndexerAuthorizationProviderGeneralCases.java index 939621b..62942dc 100644 --- a/sentry-policy/sentry-policy-indexer/src/test/java/org/apache/sentry/policy/indexer/TestIndexerAuthorizationProviderGeneralCases.java +++ b/sentry-policy/sentry-policy-indexer/src/test/java/org/apache/sentry/policy/indexer/TestIndexerAuthorizationProviderGeneralCases.java @@ -23,6 +23,7 @@ import java.util.EnumSet; import java.util.List; import java.util.Set; +import org.apache.sentry.core.common.service.MockGroupMappingServiceProvider; import org.junit.Assert; import org.apache.commons.io.FileUtils; @@ -33,7 +34,6 @@ import org.apache.sentry.core.common.Subject; import org.apache.sentry.core.model.indexer.Indexer; import org.apache.sentry.core.model.indexer.IndexerModelAction; import org.apache.sentry.core.model.indexer.IndexerPrivilegeModel; -import org.apache.sentry.provider.common.MockGroupMappingServiceProvider; import org.apache.sentry.provider.common.ResourceAuthorizationProvider; import org.apache.sentry.provider.file.HadoopGroupResourceAuthorizationProvider; import org.apache.sentry.provider.file.PolicyFiles; http://git-wip-us.apache.org/repos/asf/sentry/blob/2bae7329/sentry-provider/sentry-provider-common/src/main/java/org/apache/sentry/provider/common/AuthorizationProvider.java ---------------------------------------------------------------------- diff --git a/sentry-provider/sentry-provider-common/src/main/java/org/apache/sentry/provider/common/AuthorizationProvider.java b/sentry-provider/sentry-provider-common/src/main/java/org/apache/sentry/provider/common/AuthorizationProvider.java index 2d82bcf..3d6440f 100644 --- a/sentry-provider/sentry-provider-common/src/main/java/org/apache/sentry/provider/common/AuthorizationProvider.java +++ b/sentry-provider/sentry-provider-common/src/main/java/org/apache/sentry/provider/common/AuthorizationProvider.java @@ -26,6 +26,7 @@ import org.apache.sentry.core.common.ActiveRoleSet; import org.apache.sentry.core.common.Authorizable; import org.apache.sentry.core.common.exception.SentryConfigurationException; import org.apache.sentry.core.common.Subject; +import org.apache.sentry.core.common.service.GroupMappingService; import org.apache.sentry.policy.common.PolicyEngine; /** http://git-wip-us.apache.org/repos/asf/sentry/blob/2bae7329/sentry-provider/sentry-provider-common/src/main/java/org/apache/sentry/provider/common/GroupMappingService.java ---------------------------------------------------------------------- diff --git a/sentry-provider/sentry-provider-common/src/main/java/org/apache/sentry/provider/common/GroupMappingService.java b/sentry-provider/sentry-provider-common/src/main/java/org/apache/sentry/provider/common/GroupMappingService.java deleted file mode 100644 index 7e85261..0000000 --- a/sentry-provider/sentry-provider-common/src/main/java/org/apache/sentry/provider/common/GroupMappingService.java +++ /dev/null @@ -1,35 +0,0 @@ -/* - * Licensed to the Apache Software Foundation (ASF) under one or more - * contributor license agreements. See the NOTICE file distributed with - * this work for additional information regarding copyright ownership. - * The ASF licenses this file to You under the Apache License, Version 2.0 - * (the "License"); you may not use this file except in compliance with - * the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ -package org.apache.sentry.provider.common; - -import java.util.Set; - -import javax.annotation.concurrent.ThreadSafe; - -/** - * Interface so the Groups class is easier to unit test with. - * Implementations of this class are expected to be thread safe - * after construction. - */ -@ThreadSafe -public interface GroupMappingService { - - /** - * @return non-null list of groups for user - */ - Set<String> getGroups(String user); -} http://git-wip-us.apache.org/repos/asf/sentry/blob/2bae7329/sentry-provider/sentry-provider-common/src/main/java/org/apache/sentry/provider/common/HadoopGroupMappingService.java ---------------------------------------------------------------------- diff --git a/sentry-provider/sentry-provider-common/src/main/java/org/apache/sentry/provider/common/HadoopGroupMappingService.java b/sentry-provider/sentry-provider-common/src/main/java/org/apache/sentry/provider/common/HadoopGroupMappingService.java deleted file mode 100644 index bde53d5..0000000 --- a/sentry-provider/sentry-provider-common/src/main/java/org/apache/sentry/provider/common/HadoopGroupMappingService.java +++ /dev/null @@ -1,69 +0,0 @@ -/* - * Licensed to the Apache Software Foundation (ASF) under one or more - * contributor license agreements. See the NOTICE file distributed with - * this work for additional information regarding copyright ownership. - * The ASF licenses this file to You under the Apache License, Version 2.0 - * (the "License"); you may not use this file except in compliance with - * the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ -package org.apache.sentry.provider.common; - -import java.io.IOException; -import java.util.HashSet; -import java.util.List; -import java.util.Set; - -import org.apache.commons.lang.StringUtils; -import org.apache.hadoop.conf.Configuration; -import org.apache.hadoop.security.Groups; - -import com.google.common.collect.Lists; -import org.apache.sentry.core.common.exception.SentryGroupNotFoundException; - -public class HadoopGroupMappingService implements GroupMappingService { - - private static Configuration hadoopConf; - private final Groups groups; - - public HadoopGroupMappingService(Groups groups) { - this.groups = groups; - } - - public HadoopGroupMappingService(Configuration conf, String resource) { - if (hadoopConf == null) { - synchronized (HadoopGroupMappingService.class) { - if (hadoopConf == null) { - // clone the current config and add resource path - hadoopConf = new Configuration(); - hadoopConf.addResource(conf); - if (!StringUtils.isEmpty(resource)) { - hadoopConf.addResource(resource); - } - } - } - } - this.groups = Groups.getUserToGroupsMappingService(hadoopConf); - } - - @Override - public Set<String> getGroups(String user) { - List<String> groupList = Lists.newArrayList(); - try { - groupList = groups.getGroups(user); - } catch (IOException e) { - throw new SentryGroupNotFoundException("Unable to obtain groups for " + user, e); - } - if (groupList == null || groupList.isEmpty()) { - throw new SentryGroupNotFoundException("Unable to obtain groups for " + user); - } - return new HashSet<String>(groupList); - } -} http://git-wip-us.apache.org/repos/asf/sentry/blob/2bae7329/sentry-provider/sentry-provider-common/src/main/java/org/apache/sentry/provider/common/HadoopGroupResourceAuthorizationProvider.java ---------------------------------------------------------------------- diff --git a/sentry-provider/sentry-provider-common/src/main/java/org/apache/sentry/provider/common/HadoopGroupResourceAuthorizationProvider.java b/sentry-provider/sentry-provider-common/src/main/java/org/apache/sentry/provider/common/HadoopGroupResourceAuthorizationProvider.java index e45799f..6e5dbc3 100644 --- a/sentry-provider/sentry-provider-common/src/main/java/org/apache/sentry/provider/common/HadoopGroupResourceAuthorizationProvider.java +++ b/sentry-provider/sentry-provider-common/src/main/java/org/apache/sentry/provider/common/HadoopGroupResourceAuthorizationProvider.java @@ -22,6 +22,8 @@ import java.io.IOException; import org.apache.hadoop.conf.Configuration; import org.apache.hadoop.security.Groups; import org.apache.sentry.core.common.Model; +import org.apache.sentry.core.common.service.GroupMappingService; +import org.apache.sentry.core.common.service.HadoopGroupMappingService; import org.apache.sentry.policy.common.PolicyEngine; import com.google.common.annotations.VisibleForTesting; http://git-wip-us.apache.org/repos/asf/sentry/blob/2bae7329/sentry-provider/sentry-provider-common/src/main/java/org/apache/sentry/provider/common/NoAuthorizationProvider.java ---------------------------------------------------------------------- diff --git a/sentry-provider/sentry-provider-common/src/main/java/org/apache/sentry/provider/common/NoAuthorizationProvider.java b/sentry-provider/sentry-provider-common/src/main/java/org/apache/sentry/provider/common/NoAuthorizationProvider.java index be0830d..11dbfb7 100644 --- a/sentry-provider/sentry-provider-common/src/main/java/org/apache/sentry/provider/common/NoAuthorizationProvider.java +++ b/sentry-provider/sentry-provider-common/src/main/java/org/apache/sentry/provider/common/NoAuthorizationProvider.java @@ -26,6 +26,8 @@ import org.apache.sentry.core.common.ActiveRoleSet; import org.apache.sentry.core.common.Authorizable; import org.apache.sentry.core.common.exception.SentryConfigurationException; import org.apache.sentry.core.common.Subject; +import org.apache.sentry.core.common.service.GroupMappingService; +import org.apache.sentry.core.common.service.NoGroupMappingService; import org.apache.sentry.policy.common.PolicyEngine; public class NoAuthorizationProvider implements AuthorizationProvider { http://git-wip-us.apache.org/repos/asf/sentry/blob/2bae7329/sentry-provider/sentry-provider-common/src/main/java/org/apache/sentry/provider/common/NoGroupMappingService.java ---------------------------------------------------------------------- diff --git a/sentry-provider/sentry-provider-common/src/main/java/org/apache/sentry/provider/common/NoGroupMappingService.java b/sentry-provider/sentry-provider-common/src/main/java/org/apache/sentry/provider/common/NoGroupMappingService.java deleted file mode 100644 index e44cbc4..0000000 --- a/sentry-provider/sentry-provider-common/src/main/java/org/apache/sentry/provider/common/NoGroupMappingService.java +++ /dev/null @@ -1,33 +0,0 @@ -/* - * Licensed to the Apache Software Foundation (ASF) under one or more - * contributor license agreements. See the NOTICE file distributed with - * this work for additional information regarding copyright ownership. - * The ASF licenses this file to You under the Apache License, Version 2.0 - * (the "License"); you may not use this file except in compliance with - * the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ -package org.apache.sentry.provider.common; - -import java.util.HashSet; -import java.util.Set; - -/** - * GroupMappingService that always returns an empty list of groups - */ -public class NoGroupMappingService implements GroupMappingService { - - /** - * @return empty list of groups for every user - */ - public Set<String> getGroups(String user) { - return new HashSet<String>(); - } -} http://git-wip-us.apache.org/repos/asf/sentry/blob/2bae7329/sentry-provider/sentry-provider-common/src/main/java/org/apache/sentry/provider/common/ResourceAuthorizationProvider.java ---------------------------------------------------------------------- diff --git a/sentry-provider/sentry-provider-common/src/main/java/org/apache/sentry/provider/common/ResourceAuthorizationProvider.java b/sentry-provider/sentry-provider-common/src/main/java/org/apache/sentry/provider/common/ResourceAuthorizationProvider.java index 4e22071..a6b2047 100644 --- a/sentry-provider/sentry-provider-common/src/main/java/org/apache/sentry/provider/common/ResourceAuthorizationProvider.java +++ b/sentry-provider/sentry-provider-common/src/main/java/org/apache/sentry/provider/common/ResourceAuthorizationProvider.java @@ -32,6 +32,7 @@ import org.apache.sentry.core.common.Authorizable; import org.apache.sentry.core.common.Model; import org.apache.sentry.core.common.exception.SentryConfigurationException; import org.apache.sentry.core.common.Subject; +import org.apache.sentry.core.common.service.GroupMappingService; import org.apache.sentry.policy.common.PolicyEngine; import org.apache.sentry.policy.common.Privilege; import org.apache.sentry.policy.common.PrivilegeFactory; http://git-wip-us.apache.org/repos/asf/sentry/blob/2bae7329/sentry-provider/sentry-provider-common/src/main/java/org/apache/sentry/provider/file/HadoopGroupResourceAuthorizationProvider.java ---------------------------------------------------------------------- diff --git a/sentry-provider/sentry-provider-common/src/main/java/org/apache/sentry/provider/file/HadoopGroupResourceAuthorizationProvider.java b/sentry-provider/sentry-provider-common/src/main/java/org/apache/sentry/provider/file/HadoopGroupResourceAuthorizationProvider.java index 2214867..bf2c5a1 100644 --- a/sentry-provider/sentry-provider-common/src/main/java/org/apache/sentry/provider/file/HadoopGroupResourceAuthorizationProvider.java +++ b/sentry-provider/sentry-provider-common/src/main/java/org/apache/sentry/provider/file/HadoopGroupResourceAuthorizationProvider.java @@ -22,7 +22,7 @@ import java.io.IOException; import org.apache.hadoop.conf.Configuration; import org.apache.sentry.core.common.Model; import org.apache.sentry.policy.common.PolicyEngine; -import org.apache.sentry.provider.common.GroupMappingService; +import org.apache.sentry.core.common.service.GroupMappingService; import com.google.common.annotations.VisibleForTesting; http://git-wip-us.apache.org/repos/asf/sentry/blob/2bae7329/sentry-provider/sentry-provider-common/src/test/java/org/apache/sentry/provider/common/MockGroupMappingServiceProvider.java ---------------------------------------------------------------------- diff --git a/sentry-provider/sentry-provider-common/src/test/java/org/apache/sentry/provider/common/MockGroupMappingServiceProvider.java b/sentry-provider/sentry-provider-common/src/test/java/org/apache/sentry/provider/common/MockGroupMappingServiceProvider.java deleted file mode 100644 index 1e885f4..0000000 --- a/sentry-provider/sentry-provider-common/src/test/java/org/apache/sentry/provider/common/MockGroupMappingServiceProvider.java +++ /dev/null @@ -1,44 +0,0 @@ -/* - * Licensed to the Apache Software Foundation (ASF) under one or more - * contributor license agreements. See the NOTICE file distributed with - * this work for additional information regarding copyright ownership. - * The ASF licenses this file to You under the Apache License, Version 2.0 - * (the "License"); you may not use this file except in compliance with - * the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ -package org.apache.sentry.provider.common; - -import java.util.Collection; -import java.util.Set; - -import org.slf4j.Logger; -import org.slf4j.LoggerFactory; - -import com.google.common.collect.Multimap; -import com.google.common.collect.Sets; - -public class MockGroupMappingServiceProvider implements GroupMappingService { - private static final Logger LOGGER = LoggerFactory - .getLogger(MockGroupMappingServiceProvider.class); - private final Multimap<String, String> userToGroupMap; - - public MockGroupMappingServiceProvider(Multimap<String, String> userToGroupMap) { - this.userToGroupMap = userToGroupMap; - } - - @Override - public Set<String> getGroups(String user) { - Collection<String> groups = userToGroupMap.get(user); - LOGGER.info("Mapping " + user + " to " + groups); - return Sets.newHashSet(groups); - } - -} http://git-wip-us.apache.org/repos/asf/sentry/blob/2bae7329/sentry-provider/sentry-provider-common/src/test/java/org/apache/sentry/provider/common/TestGetGroupMapping.java ---------------------------------------------------------------------- diff --git a/sentry-provider/sentry-provider-common/src/test/java/org/apache/sentry/provider/common/TestGetGroupMapping.java b/sentry-provider/sentry-provider-common/src/test/java/org/apache/sentry/provider/common/TestGetGroupMapping.java index ccc505f..f6d8c05 100644 --- a/sentry-provider/sentry-provider-common/src/test/java/org/apache/sentry/provider/common/TestGetGroupMapping.java +++ b/sentry-provider/sentry-provider-common/src/test/java/org/apache/sentry/provider/common/TestGetGroupMapping.java @@ -23,6 +23,7 @@ import java.util.Set; import org.apache.sentry.core.common.ActiveRoleSet; import org.apache.sentry.core.common.Authorizable; import org.apache.sentry.core.common.exception.SentryConfigurationException; +import org.apache.sentry.core.common.service.GroupMappingService; import org.apache.sentry.policy.common.PolicyEngine; import org.apache.sentry.policy.common.PrivilegeFactory; import org.junit.Test; http://git-wip-us.apache.org/repos/asf/sentry/blob/2bae7329/sentry-provider/sentry-provider-common/src/test/java/org/apache/sentry/provider/common/TestNoAuthorizationProvider.java ---------------------------------------------------------------------- diff --git a/sentry-provider/sentry-provider-common/src/test/java/org/apache/sentry/provider/common/TestNoAuthorizationProvider.java b/sentry-provider/sentry-provider-common/src/test/java/org/apache/sentry/provider/common/TestNoAuthorizationProvider.java index fe01b06..7ca8bfc 100644 --- a/sentry-provider/sentry-provider-common/src/test/java/org/apache/sentry/provider/common/TestNoAuthorizationProvider.java +++ b/sentry-provider/sentry-provider-common/src/test/java/org/apache/sentry/provider/common/TestNoAuthorizationProvider.java @@ -19,6 +19,7 @@ package org.apache.sentry.provider.common; import static org.junit.Assert.assertEquals; import static org.junit.Assert.assertFalse; +import org.apache.sentry.core.common.service.GroupMappingService; import org.junit.Test; /** http://git-wip-us.apache.org/repos/asf/sentry/blob/2bae7329/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/thrift/SentryPolicyStoreProcessor.java ---------------------------------------------------------------------- diff --git a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/thrift/SentryPolicyStoreProcessor.java b/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/thrift/SentryPolicyStoreProcessor.java index 7931eb8..5fafec8 100644 --- a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/thrift/SentryPolicyStoreProcessor.java +++ b/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/thrift/SentryPolicyStoreProcessor.java @@ -32,7 +32,7 @@ import org.apache.hadoop.conf.Configuration; import org.apache.sentry.core.common.exception.SentryUserException; import org.apache.sentry.core.common.exception.SentrySiteConfigurationException; import org.apache.sentry.core.model.db.AccessConstants; -import org.apache.sentry.provider.common.GroupMappingService; +import org.apache.sentry.core.common.service.GroupMappingService; import org.apache.sentry.core.common.utils.PolicyFileConstants; import org.apache.sentry.core.common.exception.SentryGroupNotFoundException; import org.apache.sentry.core.common.exception.SentryAccessDeniedException; http://git-wip-us.apache.org/repos/asf/sentry/blob/2bae7329/sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/provider/db/generic/service/thrift/TestSentryGenericPolicyProcessor.java ---------------------------------------------------------------------- diff --git a/sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/provider/db/generic/service/thrift/TestSentryGenericPolicyProcessor.java b/sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/provider/db/generic/service/thrift/TestSentryGenericPolicyProcessor.java index 11dd5e2..d1fd94e 100644 --- a/sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/provider/db/generic/service/thrift/TestSentryGenericPolicyProcessor.java +++ b/sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/provider/db/generic/service/thrift/TestSentryGenericPolicyProcessor.java @@ -30,7 +30,7 @@ import org.apache.sentry.core.common.exception.SentrySiteConfigurationException; import org.apache.sentry.core.model.search.Collection; import org.apache.sentry.core.model.search.Field; import org.apache.sentry.core.model.search.SearchConstants; -import org.apache.sentry.provider.common.GroupMappingService; +import org.apache.sentry.core.common.service.GroupMappingService; import org.apache.sentry.core.common.exception.SentryAlreadyExistsException; import org.apache.sentry.core.common.exception.SentryGrantDeniedException; import org.apache.sentry.core.common.exception.SentryInvalidInputException; http://git-wip-us.apache.org/repos/asf/sentry/blob/2bae7329/sentry-provider/sentry-provider-file/src/main/java/org/apache/sentry/provider/file/LocalGroupMappingService.java ---------------------------------------------------------------------- diff --git a/sentry-provider/sentry-provider-file/src/main/java/org/apache/sentry/provider/file/LocalGroupMappingService.java b/sentry-provider/sentry-provider-file/src/main/java/org/apache/sentry/provider/file/LocalGroupMappingService.java index dec47c2..eb23ff1 100644 --- a/sentry-provider/sentry-provider-file/src/main/java/org/apache/sentry/provider/file/LocalGroupMappingService.java +++ b/sentry-provider/sentry-provider-file/src/main/java/org/apache/sentry/provider/file/LocalGroupMappingService.java @@ -26,8 +26,8 @@ import java.util.Set; import org.apache.hadoop.conf.Configuration; import org.apache.hadoop.fs.FileSystem; import org.apache.hadoop.fs.Path; +import org.apache.sentry.core.common.service.GroupMappingService; import org.apache.sentry.core.common.utils.SentryConstants; -import org.apache.sentry.provider.common.GroupMappingService; import org.apache.sentry.core.common.utils.PolicyFileConstants; import org.apache.sentry.core.common.exception.SentryGroupNotFoundException; import org.apache.shiro.config.Ini;
