http://git-wip-us.apache.org/repos/asf/sentry/blob/f1332300/sentry-core/sentry-core-common/src/main/java/org/apache/sentry/core/common/utils/PolicyFile.java ---------------------------------------------------------------------- diff --git a/sentry-core/sentry-core-common/src/main/java/org/apache/sentry/core/common/utils/PolicyFile.java b/sentry-core/sentry-core-common/src/main/java/org/apache/sentry/core/common/utils/PolicyFile.java new file mode 100644 index 0000000..a6ef0b3 --- /dev/null +++ b/sentry-core/sentry-core-common/src/main/java/org/apache/sentry/core/common/utils/PolicyFile.java @@ -0,0 +1,202 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright ownership. + * The ASF licenses this file to You under the Apache License, Version 2.0 + * (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package org.apache.sentry.core.common.utils; + +import static org.apache.sentry.core.common.utils.PolicyFileConstants.DATABASES; +import static org.apache.sentry.core.common.utils.PolicyFileConstants.GROUPS; +import static org.apache.sentry.core.common.utils.PolicyFileConstants.ROLES; +import static org.apache.sentry.core.common.utils.PolicyFileConstants.USERS; + +import java.io.File; +import java.util.Collection; +import java.util.List; +import java.util.Map; +import java.util.Map.Entry; + +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; + +import com.google.common.annotations.VisibleForTesting; +import com.google.common.base.Charsets; +import com.google.common.base.Joiner; +import com.google.common.collect.ArrayListMultimap; +import com.google.common.collect.Lists; +import com.google.common.collect.Maps; +import com.google.common.collect.Multimap; +import com.google.common.io.Files; + +/** + * PolicyFile creator. Written specifically to be used with tests. Specifically + * due to the fact that methods that would typically return true or false to + * indicate success or failure these methods throw an unchecked exception. + * This is because in a test if you mean to remove a user from the policy file, + * the user should absolutely be there. If not, the test is mis-behaving. + */ +@VisibleForTesting +public class PolicyFile { + + private static final Logger LOGGER = LoggerFactory + .getLogger(PolicyFile.class); + + private static final String NL = System.getProperty("line.separator", "\n"); + + private final Map<String, String> databasesToPolicyFiles = Maps.newHashMap(); + private final Multimap<String, String> usersToGroups = ArrayListMultimap.create(); + private final Multimap<String, String> groupsToRoles = ArrayListMultimap + .create(); + private final Multimap<String, String> rolesToPermissions = ArrayListMultimap + .create(); + + public Multimap<String, String> getGroupsToRoles() { + return groupsToRoles; + } + public Multimap<String, String> getRolesToPermissions() { + return rolesToPermissions; + } + public PolicyFile addRolesToGroup(String groupName, String... roleNames) + throws Exception { + return addRolesToGroup(groupName, false, roleNames); + } + public PolicyFile addRolesToGroup(String groupName, boolean allowDuplicates, String... roleNames) { + return add(groupsToRoles.get(groupName), allowDuplicates, roleNames); + } + public PolicyFile addPermissionsToRole(String roleName, String... permissionNames) { + return addPermissionsToRole(roleName, false, permissionNames); + } + public PolicyFile addPermissionsToRole(String roleName, boolean allowDuplicates, String... permissionNames) { + return add(rolesToPermissions.get(roleName), allowDuplicates, permissionNames); + } + public PolicyFile addGroupsToUser(String userName, String... groupNames) { + LOGGER.warn("Static user:group mapping is not being used"); + return addGroupsToUser(userName, false, groupNames); + } + public PolicyFile addGroupsToUser(String userName, boolean allowDuplicates, String... groupNames) { + LOGGER.warn("Static user:group mapping is not being used"); + return add(usersToGroups.get(userName), allowDuplicates, groupNames); + } + public PolicyFile setUserGroupMapping(Map<String, String> mapping) { + for (Entry<String, String> entry : mapping.entrySet()) { + usersToGroups.put(entry.getKey(), entry.getValue()); + } + return this; + } + public PolicyFile addDatabase(String databaseName, String path) { + String oldPath = databasesToPolicyFiles.put(databaseName, path); + if (oldPath != null) { + throw new IllegalStateException("Database " + databaseName + " already existed in " + + databasesToPolicyFiles + " with value of " + oldPath); + } + databasesToPolicyFiles.put(databaseName, path); + return this; + } + public PolicyFile removeRolesFromGroup(String groupName, String... roleNames) { + return remove(groupsToRoles.get(groupName), roleNames); + } + public PolicyFile removePermissionsFromRole(String roleName, String... permissionNames) { + return remove(rolesToPermissions.get(roleName), permissionNames); + } + public PolicyFile removeGroupsFromUser(String userName, String... groupNames) { + LOGGER.warn("Static user:group mapping is not being used"); + return remove(usersToGroups.get(userName), groupNames); + } + public PolicyFile removeDatabase(String databaseName) { + if(databasesToPolicyFiles.remove(databaseName) == null) { + throw new IllegalStateException("Database " + databaseName + " did not exist in " + + databasesToPolicyFiles); + } + return this; + } + public PolicyFile copy() { + PolicyFile other = new PolicyFile(); + other.databasesToPolicyFiles.putAll(databasesToPolicyFiles); + other.usersToGroups.putAll(usersToGroups); + other.groupsToRoles.putAll(groupsToRoles); + other.rolesToPermissions.putAll(rolesToPermissions); + return other; + } + + public void write(File clientFile, File serverFile) throws Exception { + write(clientFile); + write(serverFile); + } + + public void write(File file) throws Exception { + if(file.exists() && !file.delete()) { + throw new IllegalStateException("Unable to delete " + file); + } + String contents = Joiner.on(NL) + .join(getSection(DATABASES, databasesToPolicyFiles), + getSection(USERS, usersToGroups), + getSection(GROUPS, groupsToRoles), + getSection(ROLES, rolesToPermissions), + ""); + LOGGER.info("Writing policy file to " + file + ":\n" + contents); + Files.write(contents, file, Charsets.UTF_8); + } + + private String getSection(String name, Map<String, String> mapping) { + if(mapping.isEmpty()) { + return ""; + } + Joiner kvJoiner = Joiner.on(" = "); + List<String> lines = Lists.newArrayList(); + lines.add("[" + name + "]"); + for (Entry<String, String> entry : mapping.entrySet()) { + lines.add(kvJoiner.join(entry.getKey(), entry.getValue())); + } + return Joiner.on(NL).join(lines); + } + private String getSection(String name, Multimap<String, String> mapping) { + if(mapping.isEmpty()) { + return ""; + } + Joiner kvJoiner = Joiner.on(" = "); + Joiner itemJoiner = Joiner.on(" , "); + List<String> lines = Lists.newArrayList(); + lines.add("[" + name + "]"); + for(String key : mapping.keySet()) { + lines.add(kvJoiner.join(key, itemJoiner.join(mapping.get(key)))); + } + return Joiner.on(NL).join(lines); + } + + private PolicyFile remove(Collection<String> exitingItems, String[] newItems) { + for(String newItem : newItems) { + if(!exitingItems.remove(newItem)) { + throw new IllegalStateException("Item " + newItem + " did not exist in " + exitingItems); + } + } + return this; + } + private PolicyFile add(Collection<String> exitingItems, boolean allowDuplicates, String[] newItems) { + for(String newItem : newItems) { + if(exitingItems.contains(newItem) && !allowDuplicates) { + throw new IllegalStateException("Item " + newItem + " already exists in " + exitingItems); + } + exitingItems.add(newItem); + } + return this; + } + + //User:Group mapping for the admin user needs to be set separately + public static PolicyFile setAdminOnServer1(String admin) throws Exception { + return new PolicyFile() + .addRolesToGroup(admin, "admin_role") + .addPermissionsToRole("admin_role", "server=server1"); + } +}
http://git-wip-us.apache.org/repos/asf/sentry/blob/f1332300/sentry-dist/pom.xml ---------------------------------------------------------------------- diff --git a/sentry-dist/pom.xml b/sentry-dist/pom.xml index 80ec9c9..04645ad 100644 --- a/sentry-dist/pom.xml +++ b/sentry-dist/pom.xml @@ -72,6 +72,18 @@ limitations under the License. </dependency> <dependency> <groupId>org.apache.sentry</groupId> + <artifactId>sentry-service-common</artifactId> + </dependency> + <dependency> + <groupId>org.apache.sentry</groupId> + <artifactId>sentry-service-server</artifactId> + </dependency> + <dependency> + <groupId>org.apache.sentry</groupId> + <artifactId>sentry-service-client</artifactId> + </dependency> + <dependency> + <groupId>org.apache.sentry</groupId> <artifactId>sentry-provider-common</artifactId> </dependency> <dependency> http://git-wip-us.apache.org/repos/asf/sentry/blob/f1332300/sentry-dist/src/main/assembly/bin.xml ---------------------------------------------------------------------- diff --git a/sentry-dist/src/main/assembly/bin.xml b/sentry-dist/src/main/assembly/bin.xml index 5727fc9..d998e98 100644 --- a/sentry-dist/src/main/assembly/bin.xml +++ b/sentry-dist/src/main/assembly/bin.xml @@ -41,7 +41,6 @@ <excludes> <exclude>org.slf4j:*</exclude> <exclude>org.datanucleus:*</exclude> - <exclude>com.jolbox:bonecp</exclude> <exclude>org.apache.hive:hive-beeline</exclude> <exclude>org.apache.derby:derby</exclude> </excludes> @@ -66,7 +65,6 @@ <useTransitiveFiltering>true</useTransitiveFiltering> <includes> <include>org.datanucleus:*</include> - <include>com.jolbox:bonecp</include> <include>org.apache.hive:hive-beeline</include> <include>org.apache.derby:derby</include> </includes> @@ -102,6 +100,7 @@ <exclude>sentry-policy/**</exclude> <exclude>sentry-tests/**</exclude> <exclude>sentry-hdfs/**</exclude> + <exclude>sentry-service/**</exclude> <exclude>sentry-solr/**</exclude> </excludes> @@ -128,7 +127,7 @@ <outputDirectory>lib/plugins</outputDirectory> </fileSet> <fileSet> - <directory>${project.parent.basedir}/sentry-provider/sentry-provider-db/src/main/resources</directory> + <directory>${project.parent.basedir}/sentry-service/sentry-service-server/src/main/resources</directory> <includes> <include>**/*</include> </includes> http://git-wip-us.apache.org/repos/asf/sentry/blob/f1332300/sentry-dist/src/main/assembly/src.xml ---------------------------------------------------------------------- diff --git a/sentry-dist/src/main/assembly/src.xml b/sentry-dist/src/main/assembly/src.xml index c730c58..6801b85 100644 --- a/sentry-dist/src/main/assembly/src.xml +++ b/sentry-dist/src/main/assembly/src.xml @@ -55,6 +55,7 @@ <include>dev-support/**</include> <include>sentry-binding/**</include> <include>sentry-core/**</include> + <include>sentry-service/**</include> <include>sentry-dist/**</include> <include>sentry-provider/**</include> <include>sentry-policy/**</include> http://git-wip-us.apache.org/repos/asf/sentry/blob/f1332300/sentry-hdfs/sentry-hdfs-common/pom.xml ---------------------------------------------------------------------- diff --git a/sentry-hdfs/sentry-hdfs-common/pom.xml b/sentry-hdfs/sentry-hdfs-common/pom.xml index d244edc..281196b 100644 --- a/sentry-hdfs/sentry-hdfs-common/pom.xml +++ b/sentry-hdfs/sentry-hdfs-common/pom.xml @@ -60,26 +60,29 @@ limitations under the License. <version>${curator.version}</version> </dependency> <dependency> - <groupId>org.apache.hadoop</groupId> - <artifactId>hadoop-minikdc</artifactId> - <scope>test</scope> - </dependency> - <dependency> <groupId>org.apache.sentry</groupId> <artifactId>sentry-provider-db</artifactId> - <scope>provided</scope> </dependency> <dependency> <groupId>org.apache.sentry</groupId> - <artifactId>sentry-provider-file</artifactId> + <artifactId>sentry-service-server</artifactId> + </dependency> + <dependency> + <groupId>org.apache.hadoop</groupId> + <artifactId>hadoop-minikdc</artifactId> <scope>test</scope> </dependency> <dependency> <groupId>org.apache.sentry</groupId> - <artifactId>sentry-provider-db</artifactId> + <artifactId>sentry-service-server</artifactId> <type>test-jar</type> <scope>test</scope> </dependency> + <dependency> + <groupId>org.apache.sentry</groupId> + <artifactId>sentry-provider-file</artifactId> + <scope>test</scope> + </dependency> </dependencies> <build> <sourceDirectory>${basedir}/src/main/java</sourceDirectory> http://git-wip-us.apache.org/repos/asf/sentry/blob/f1332300/sentry-policy/sentry-policy-indexer/src/test/java/org/apache/sentry/policy/indexer/TestIndexerAuthorizationProviderGeneralCases.java ---------------------------------------------------------------------- diff --git a/sentry-policy/sentry-policy-indexer/src/test/java/org/apache/sentry/policy/indexer/TestIndexerAuthorizationProviderGeneralCases.java b/sentry-policy/sentry-policy-indexer/src/test/java/org/apache/sentry/policy/indexer/TestIndexerAuthorizationProviderGeneralCases.java index 939621b..62942dc 100644 --- a/sentry-policy/sentry-policy-indexer/src/test/java/org/apache/sentry/policy/indexer/TestIndexerAuthorizationProviderGeneralCases.java +++ b/sentry-policy/sentry-policy-indexer/src/test/java/org/apache/sentry/policy/indexer/TestIndexerAuthorizationProviderGeneralCases.java @@ -23,6 +23,7 @@ import java.util.EnumSet; import java.util.List; import java.util.Set; +import org.apache.sentry.core.common.service.MockGroupMappingServiceProvider; import org.junit.Assert; import org.apache.commons.io.FileUtils; @@ -33,7 +34,6 @@ import org.apache.sentry.core.common.Subject; import org.apache.sentry.core.model.indexer.Indexer; import org.apache.sentry.core.model.indexer.IndexerModelAction; import org.apache.sentry.core.model.indexer.IndexerPrivilegeModel; -import org.apache.sentry.provider.common.MockGroupMappingServiceProvider; import org.apache.sentry.provider.common.ResourceAuthorizationProvider; import org.apache.sentry.provider.file.HadoopGroupResourceAuthorizationProvider; import org.apache.sentry.provider.file.PolicyFiles; http://git-wip-us.apache.org/repos/asf/sentry/blob/f1332300/sentry-policy/sentry-policy-indexer/src/test/java/org/apache/sentry/policy/indexer/TestIndexerAuthorizationProviderSpecialCases.java ---------------------------------------------------------------------- diff --git a/sentry-policy/sentry-policy-indexer/src/test/java/org/apache/sentry/policy/indexer/TestIndexerAuthorizationProviderSpecialCases.java b/sentry-policy/sentry-policy-indexer/src/test/java/org/apache/sentry/policy/indexer/TestIndexerAuthorizationProviderSpecialCases.java index 1717c42..020b758 100644 --- a/sentry-policy/sentry-policy-indexer/src/test/java/org/apache/sentry/policy/indexer/TestIndexerAuthorizationProviderSpecialCases.java +++ b/sentry-policy/sentry-policy-indexer/src/test/java/org/apache/sentry/policy/indexer/TestIndexerAuthorizationProviderSpecialCases.java @@ -35,7 +35,7 @@ import org.apache.sentry.core.model.indexer.IndexerPrivilegeModel; import org.apache.sentry.policy.common.PolicyEngine; import org.apache.sentry.provider.common.AuthorizationProvider; import org.apache.sentry.provider.file.LocalGroupResourceAuthorizationProvider; -import org.apache.sentry.provider.file.PolicyFile; +import org.apache.sentry.core.common.utils.PolicyFile; import org.junit.After; import org.junit.Before; import org.junit.Test; http://git-wip-us.apache.org/repos/asf/sentry/blob/f1332300/sentry-provider/sentry-provider-cache/pom.xml ---------------------------------------------------------------------- diff --git a/sentry-provider/sentry-provider-cache/pom.xml b/sentry-provider/sentry-provider-cache/pom.xml index ec77003..694df36 100644 --- a/sentry-provider/sentry-provider-cache/pom.xml +++ b/sentry-provider/sentry-provider-cache/pom.xml @@ -64,10 +64,6 @@ limitations under the License. </dependency> <dependency> <groupId>org.apache.sentry</groupId> - <artifactId>sentry-core-common</artifactId> - </dependency> - <dependency> - <groupId>org.apache.sentry</groupId> <artifactId>sentry-core-model-db</artifactId> </dependency> <dependency> http://git-wip-us.apache.org/repos/asf/sentry/blob/f1332300/sentry-provider/sentry-provider-common/pom.xml ---------------------------------------------------------------------- diff --git a/sentry-provider/sentry-provider-common/pom.xml b/sentry-provider/sentry-provider-common/pom.xml index 9af153a..f83f594 100644 --- a/sentry-provider/sentry-provider-common/pom.xml +++ b/sentry-provider/sentry-provider-common/pom.xml @@ -36,11 +36,6 @@ limitations under the License. <dependency> <groupId>org.apache.hadoop</groupId> <artifactId>hadoop-common</artifactId> - <scope>provided</scope> - </dependency> - <dependency> - <groupId>org.apache.sentry</groupId> - <artifactId>sentry-core-common</artifactId> </dependency> <dependency> <groupId>org.apache.sentry</groupId> http://git-wip-us.apache.org/repos/asf/sentry/blob/f1332300/sentry-provider/sentry-provider-common/src/main/java/org/apache/sentry/provider/common/AuthorizationComponent.java ---------------------------------------------------------------------- diff --git a/sentry-provider/sentry-provider-common/src/main/java/org/apache/sentry/provider/common/AuthorizationComponent.java b/sentry-provider/sentry-provider-common/src/main/java/org/apache/sentry/provider/common/AuthorizationComponent.java deleted file mode 100644 index 5dc2b55..0000000 --- a/sentry-provider/sentry-provider-common/src/main/java/org/apache/sentry/provider/common/AuthorizationComponent.java +++ /dev/null @@ -1,30 +0,0 @@ -/* - * Licensed to the Apache Software Foundation (ASF) under one or more - * contributor license agreements. See the NOTICE file distributed with - * this work for additional information regarding copyright ownership. - * The ASF licenses this file to You under the Apache License, Version 2.0 - * (the "License"); you may not use this file except in compliance with - * the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ -package org.apache.sentry.provider.common; -/** - * Represent which component being authorized by Sentry - * using generic model - */ -public class AuthorizationComponent{ - public static final String Search = "solr"; - public static final String SQOOP = "sqoop"; - public static final String KAFKA = "kafka"; - - private AuthorizationComponent() { - // Make constructor private to avoid instantiation - } -} http://git-wip-us.apache.org/repos/asf/sentry/blob/f1332300/sentry-provider/sentry-provider-common/src/main/java/org/apache/sentry/provider/common/AuthorizationProvider.java ---------------------------------------------------------------------- diff --git a/sentry-provider/sentry-provider-common/src/main/java/org/apache/sentry/provider/common/AuthorizationProvider.java b/sentry-provider/sentry-provider-common/src/main/java/org/apache/sentry/provider/common/AuthorizationProvider.java index 2d82bcf..3d6440f 100644 --- a/sentry-provider/sentry-provider-common/src/main/java/org/apache/sentry/provider/common/AuthorizationProvider.java +++ b/sentry-provider/sentry-provider-common/src/main/java/org/apache/sentry/provider/common/AuthorizationProvider.java @@ -26,6 +26,7 @@ import org.apache.sentry.core.common.ActiveRoleSet; import org.apache.sentry.core.common.Authorizable; import org.apache.sentry.core.common.exception.SentryConfigurationException; import org.apache.sentry.core.common.Subject; +import org.apache.sentry.core.common.service.GroupMappingService; import org.apache.sentry.policy.common.PolicyEngine; /** http://git-wip-us.apache.org/repos/asf/sentry/blob/f1332300/sentry-provider/sentry-provider-common/src/main/java/org/apache/sentry/provider/common/GroupMappingService.java ---------------------------------------------------------------------- diff --git a/sentry-provider/sentry-provider-common/src/main/java/org/apache/sentry/provider/common/GroupMappingService.java b/sentry-provider/sentry-provider-common/src/main/java/org/apache/sentry/provider/common/GroupMappingService.java deleted file mode 100644 index 7e85261..0000000 --- a/sentry-provider/sentry-provider-common/src/main/java/org/apache/sentry/provider/common/GroupMappingService.java +++ /dev/null @@ -1,35 +0,0 @@ -/* - * Licensed to the Apache Software Foundation (ASF) under one or more - * contributor license agreements. See the NOTICE file distributed with - * this work for additional information regarding copyright ownership. - * The ASF licenses this file to You under the Apache License, Version 2.0 - * (the "License"); you may not use this file except in compliance with - * the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ -package org.apache.sentry.provider.common; - -import java.util.Set; - -import javax.annotation.concurrent.ThreadSafe; - -/** - * Interface so the Groups class is easier to unit test with. - * Implementations of this class are expected to be thread safe - * after construction. - */ -@ThreadSafe -public interface GroupMappingService { - - /** - * @return non-null list of groups for user - */ - Set<String> getGroups(String user); -} http://git-wip-us.apache.org/repos/asf/sentry/blob/f1332300/sentry-provider/sentry-provider-common/src/main/java/org/apache/sentry/provider/common/HadoopGroupMappingService.java ---------------------------------------------------------------------- diff --git a/sentry-provider/sentry-provider-common/src/main/java/org/apache/sentry/provider/common/HadoopGroupMappingService.java b/sentry-provider/sentry-provider-common/src/main/java/org/apache/sentry/provider/common/HadoopGroupMappingService.java deleted file mode 100644 index bde53d5..0000000 --- a/sentry-provider/sentry-provider-common/src/main/java/org/apache/sentry/provider/common/HadoopGroupMappingService.java +++ /dev/null @@ -1,69 +0,0 @@ -/* - * Licensed to the Apache Software Foundation (ASF) under one or more - * contributor license agreements. See the NOTICE file distributed with - * this work for additional information regarding copyright ownership. - * The ASF licenses this file to You under the Apache License, Version 2.0 - * (the "License"); you may not use this file except in compliance with - * the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ -package org.apache.sentry.provider.common; - -import java.io.IOException; -import java.util.HashSet; -import java.util.List; -import java.util.Set; - -import org.apache.commons.lang.StringUtils; -import org.apache.hadoop.conf.Configuration; -import org.apache.hadoop.security.Groups; - -import com.google.common.collect.Lists; -import org.apache.sentry.core.common.exception.SentryGroupNotFoundException; - -public class HadoopGroupMappingService implements GroupMappingService { - - private static Configuration hadoopConf; - private final Groups groups; - - public HadoopGroupMappingService(Groups groups) { - this.groups = groups; - } - - public HadoopGroupMappingService(Configuration conf, String resource) { - if (hadoopConf == null) { - synchronized (HadoopGroupMappingService.class) { - if (hadoopConf == null) { - // clone the current config and add resource path - hadoopConf = new Configuration(); - hadoopConf.addResource(conf); - if (!StringUtils.isEmpty(resource)) { - hadoopConf.addResource(resource); - } - } - } - } - this.groups = Groups.getUserToGroupsMappingService(hadoopConf); - } - - @Override - public Set<String> getGroups(String user) { - List<String> groupList = Lists.newArrayList(); - try { - groupList = groups.getGroups(user); - } catch (IOException e) { - throw new SentryGroupNotFoundException("Unable to obtain groups for " + user, e); - } - if (groupList == null || groupList.isEmpty()) { - throw new SentryGroupNotFoundException("Unable to obtain groups for " + user); - } - return new HashSet<String>(groupList); - } -} http://git-wip-us.apache.org/repos/asf/sentry/blob/f1332300/sentry-provider/sentry-provider-common/src/main/java/org/apache/sentry/provider/common/HadoopGroupResourceAuthorizationProvider.java ---------------------------------------------------------------------- diff --git a/sentry-provider/sentry-provider-common/src/main/java/org/apache/sentry/provider/common/HadoopGroupResourceAuthorizationProvider.java b/sentry-provider/sentry-provider-common/src/main/java/org/apache/sentry/provider/common/HadoopGroupResourceAuthorizationProvider.java index e45799f..6e5dbc3 100644 --- a/sentry-provider/sentry-provider-common/src/main/java/org/apache/sentry/provider/common/HadoopGroupResourceAuthorizationProvider.java +++ b/sentry-provider/sentry-provider-common/src/main/java/org/apache/sentry/provider/common/HadoopGroupResourceAuthorizationProvider.java @@ -22,6 +22,8 @@ import java.io.IOException; import org.apache.hadoop.conf.Configuration; import org.apache.hadoop.security.Groups; import org.apache.sentry.core.common.Model; +import org.apache.sentry.core.common.service.GroupMappingService; +import org.apache.sentry.core.common.service.HadoopGroupMappingService; import org.apache.sentry.policy.common.PolicyEngine; import com.google.common.annotations.VisibleForTesting; http://git-wip-us.apache.org/repos/asf/sentry/blob/f1332300/sentry-provider/sentry-provider-common/src/main/java/org/apache/sentry/provider/common/NoAuthorizationProvider.java ---------------------------------------------------------------------- diff --git a/sentry-provider/sentry-provider-common/src/main/java/org/apache/sentry/provider/common/NoAuthorizationProvider.java b/sentry-provider/sentry-provider-common/src/main/java/org/apache/sentry/provider/common/NoAuthorizationProvider.java index be0830d..11dbfb7 100644 --- a/sentry-provider/sentry-provider-common/src/main/java/org/apache/sentry/provider/common/NoAuthorizationProvider.java +++ b/sentry-provider/sentry-provider-common/src/main/java/org/apache/sentry/provider/common/NoAuthorizationProvider.java @@ -26,6 +26,8 @@ import org.apache.sentry.core.common.ActiveRoleSet; import org.apache.sentry.core.common.Authorizable; import org.apache.sentry.core.common.exception.SentryConfigurationException; import org.apache.sentry.core.common.Subject; +import org.apache.sentry.core.common.service.GroupMappingService; +import org.apache.sentry.core.common.service.NoGroupMappingService; import org.apache.sentry.policy.common.PolicyEngine; public class NoAuthorizationProvider implements AuthorizationProvider { http://git-wip-us.apache.org/repos/asf/sentry/blob/f1332300/sentry-provider/sentry-provider-common/src/main/java/org/apache/sentry/provider/common/NoGroupMappingService.java ---------------------------------------------------------------------- diff --git a/sentry-provider/sentry-provider-common/src/main/java/org/apache/sentry/provider/common/NoGroupMappingService.java b/sentry-provider/sentry-provider-common/src/main/java/org/apache/sentry/provider/common/NoGroupMappingService.java deleted file mode 100644 index e44cbc4..0000000 --- a/sentry-provider/sentry-provider-common/src/main/java/org/apache/sentry/provider/common/NoGroupMappingService.java +++ /dev/null @@ -1,33 +0,0 @@ -/* - * Licensed to the Apache Software Foundation (ASF) under one or more - * contributor license agreements. See the NOTICE file distributed with - * this work for additional information regarding copyright ownership. - * The ASF licenses this file to You under the Apache License, Version 2.0 - * (the "License"); you may not use this file except in compliance with - * the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ -package org.apache.sentry.provider.common; - -import java.util.HashSet; -import java.util.Set; - -/** - * GroupMappingService that always returns an empty list of groups - */ -public class NoGroupMappingService implements GroupMappingService { - - /** - * @return empty list of groups for every user - */ - public Set<String> getGroups(String user) { - return new HashSet<String>(); - } -} http://git-wip-us.apache.org/repos/asf/sentry/blob/f1332300/sentry-provider/sentry-provider-common/src/main/java/org/apache/sentry/provider/common/ResourceAuthorizationProvider.java ---------------------------------------------------------------------- diff --git a/sentry-provider/sentry-provider-common/src/main/java/org/apache/sentry/provider/common/ResourceAuthorizationProvider.java b/sentry-provider/sentry-provider-common/src/main/java/org/apache/sentry/provider/common/ResourceAuthorizationProvider.java index 4e22071..a6b2047 100644 --- a/sentry-provider/sentry-provider-common/src/main/java/org/apache/sentry/provider/common/ResourceAuthorizationProvider.java +++ b/sentry-provider/sentry-provider-common/src/main/java/org/apache/sentry/provider/common/ResourceAuthorizationProvider.java @@ -32,6 +32,7 @@ import org.apache.sentry.core.common.Authorizable; import org.apache.sentry.core.common.Model; import org.apache.sentry.core.common.exception.SentryConfigurationException; import org.apache.sentry.core.common.Subject; +import org.apache.sentry.core.common.service.GroupMappingService; import org.apache.sentry.policy.common.PolicyEngine; import org.apache.sentry.policy.common.Privilege; import org.apache.sentry.policy.common.PrivilegeFactory; http://git-wip-us.apache.org/repos/asf/sentry/blob/f1332300/sentry-provider/sentry-provider-common/src/main/java/org/apache/sentry/provider/file/HadoopGroupResourceAuthorizationProvider.java ---------------------------------------------------------------------- diff --git a/sentry-provider/sentry-provider-common/src/main/java/org/apache/sentry/provider/file/HadoopGroupResourceAuthorizationProvider.java b/sentry-provider/sentry-provider-common/src/main/java/org/apache/sentry/provider/file/HadoopGroupResourceAuthorizationProvider.java index 2214867..bf2c5a1 100644 --- a/sentry-provider/sentry-provider-common/src/main/java/org/apache/sentry/provider/file/HadoopGroupResourceAuthorizationProvider.java +++ b/sentry-provider/sentry-provider-common/src/main/java/org/apache/sentry/provider/file/HadoopGroupResourceAuthorizationProvider.java @@ -22,7 +22,7 @@ import java.io.IOException; import org.apache.hadoop.conf.Configuration; import org.apache.sentry.core.common.Model; import org.apache.sentry.policy.common.PolicyEngine; -import org.apache.sentry.provider.common.GroupMappingService; +import org.apache.sentry.core.common.service.GroupMappingService; import com.google.common.annotations.VisibleForTesting; http://git-wip-us.apache.org/repos/asf/sentry/blob/f1332300/sentry-provider/sentry-provider-common/src/test/java/org/apache/sentry/provider/common/MockGroupMappingServiceProvider.java ---------------------------------------------------------------------- diff --git a/sentry-provider/sentry-provider-common/src/test/java/org/apache/sentry/provider/common/MockGroupMappingServiceProvider.java b/sentry-provider/sentry-provider-common/src/test/java/org/apache/sentry/provider/common/MockGroupMappingServiceProvider.java deleted file mode 100644 index 1e885f4..0000000 --- a/sentry-provider/sentry-provider-common/src/test/java/org/apache/sentry/provider/common/MockGroupMappingServiceProvider.java +++ /dev/null @@ -1,44 +0,0 @@ -/* - * Licensed to the Apache Software Foundation (ASF) under one or more - * contributor license agreements. See the NOTICE file distributed with - * this work for additional information regarding copyright ownership. - * The ASF licenses this file to You under the Apache License, Version 2.0 - * (the "License"); you may not use this file except in compliance with - * the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ -package org.apache.sentry.provider.common; - -import java.util.Collection; -import java.util.Set; - -import org.slf4j.Logger; -import org.slf4j.LoggerFactory; - -import com.google.common.collect.Multimap; -import com.google.common.collect.Sets; - -public class MockGroupMappingServiceProvider implements GroupMappingService { - private static final Logger LOGGER = LoggerFactory - .getLogger(MockGroupMappingServiceProvider.class); - private final Multimap<String, String> userToGroupMap; - - public MockGroupMappingServiceProvider(Multimap<String, String> userToGroupMap) { - this.userToGroupMap = userToGroupMap; - } - - @Override - public Set<String> getGroups(String user) { - Collection<String> groups = userToGroupMap.get(user); - LOGGER.info("Mapping " + user + " to " + groups); - return Sets.newHashSet(groups); - } - -} http://git-wip-us.apache.org/repos/asf/sentry/blob/f1332300/sentry-provider/sentry-provider-common/src/test/java/org/apache/sentry/provider/common/TestGetGroupMapping.java ---------------------------------------------------------------------- diff --git a/sentry-provider/sentry-provider-common/src/test/java/org/apache/sentry/provider/common/TestGetGroupMapping.java b/sentry-provider/sentry-provider-common/src/test/java/org/apache/sentry/provider/common/TestGetGroupMapping.java index ccc505f..f6d8c05 100644 --- a/sentry-provider/sentry-provider-common/src/test/java/org/apache/sentry/provider/common/TestGetGroupMapping.java +++ b/sentry-provider/sentry-provider-common/src/test/java/org/apache/sentry/provider/common/TestGetGroupMapping.java @@ -23,6 +23,7 @@ import java.util.Set; import org.apache.sentry.core.common.ActiveRoleSet; import org.apache.sentry.core.common.Authorizable; import org.apache.sentry.core.common.exception.SentryConfigurationException; +import org.apache.sentry.core.common.service.GroupMappingService; import org.apache.sentry.policy.common.PolicyEngine; import org.apache.sentry.policy.common.PrivilegeFactory; import org.junit.Test; http://git-wip-us.apache.org/repos/asf/sentry/blob/f1332300/sentry-provider/sentry-provider-common/src/test/java/org/apache/sentry/provider/common/TestNoAuthorizationProvider.java ---------------------------------------------------------------------- diff --git a/sentry-provider/sentry-provider-common/src/test/java/org/apache/sentry/provider/common/TestNoAuthorizationProvider.java b/sentry-provider/sentry-provider-common/src/test/java/org/apache/sentry/provider/common/TestNoAuthorizationProvider.java index fe01b06..7ca8bfc 100644 --- a/sentry-provider/sentry-provider-common/src/test/java/org/apache/sentry/provider/common/TestNoAuthorizationProvider.java +++ b/sentry-provider/sentry-provider-common/src/test/java/org/apache/sentry/provider/common/TestNoAuthorizationProvider.java @@ -19,6 +19,7 @@ package org.apache.sentry.provider.common; import static org.junit.Assert.assertEquals; import static org.junit.Assert.assertFalse; +import org.apache.sentry.core.common.service.GroupMappingService; import org.junit.Test; /** http://git-wip-us.apache.org/repos/asf/sentry/blob/f1332300/sentry-provider/sentry-provider-db/pom.xml ---------------------------------------------------------------------- diff --git a/sentry-provider/sentry-provider-db/pom.xml b/sentry-provider/sentry-provider-db/pom.xml index b8143ff..bf43e0b 100644 --- a/sentry-provider/sentry-provider-db/pom.xml +++ b/sentry-provider/sentry-provider-db/pom.xml @@ -29,44 +29,10 @@ limitations under the License. <dependencies> <dependency> - <groupId>commons-cli</groupId> - <artifactId>commons-cli</artifactId> - </dependency> - <dependency> - <groupId>com.jolbox</groupId> - <artifactId>bonecp</artifactId> - </dependency> - <dependency> - <groupId>org.apache.hadoop</groupId> - <artifactId>hadoop-common</artifactId> - <scope>provided</scope> - </dependency> - <dependency> - <groupId>org.apache.hadoop</groupId> - <artifactId>hadoop-mapreduce-client-jobclient</artifactId> - </dependency> - <dependency> - <groupId>junit</groupId> - <artifactId>junit</artifactId> - <scope>test</scope> - </dependency> - <dependency> - <groupId>org.apache.derby</groupId> - <artifactId>derby</artifactId> - </dependency> - <dependency> <groupId>log4j</groupId> <artifactId>log4j</artifactId> </dependency> <dependency> - <groupId>org.apache.shiro</groupId> - <artifactId>shiro-core</artifactId> - </dependency> - <dependency> - <groupId>com.google.guava</groupId> - <artifactId>guava</artifactId> - </dependency> - <dependency> <groupId>org.slf4j</groupId> <artifactId>slf4j-api</artifactId> </dependency> @@ -76,329 +42,11 @@ limitations under the License. </dependency> <dependency> <groupId>org.apache.sentry</groupId> - <artifactId>sentry-core-common</artifactId> - </dependency> - <dependency> - <groupId>org.apache.sentry</groupId> - <artifactId>sentry-core-model-db</artifactId> - </dependency> - <dependency> - <groupId>org.apache.sentry</groupId> - <artifactId>sentry-core-model-search</artifactId> - </dependency> - <dependency> - <groupId>org.apache.sentry</groupId> - <artifactId>sentry-core-model-sqoop</artifactId> - </dependency> - <dependency> - <groupId>org.apache.sentry</groupId> - <artifactId>sentry-core-model-kafka</artifactId> - </dependency> - <dependency> - <groupId>org.apache.sentry</groupId> <artifactId>sentry-provider-common</artifactId> </dependency> <dependency> <groupId>org.apache.sentry</groupId> - <artifactId>sentry-provider-file</artifactId> - </dependency> - <dependency> - <groupId>org.apache.sentry</groupId> - <artifactId>sentry-policy-engine</artifactId> - </dependency> - <dependency> - <groupId>org.apache.hive</groupId> - <artifactId>hive-shims</artifactId> - <scope>provided</scope> - </dependency> - <dependency> - <groupId>org.apache.hive</groupId> - <artifactId>hive-beeline</artifactId> - </dependency> - <dependency> - <groupId>org.apache.thrift</groupId> - <artifactId>libfb303</artifactId> - </dependency> - <dependency> - <groupId>org.apache.thrift</groupId> - <artifactId>libthrift</artifactId> - </dependency> - <dependency> - <groupId>ant-contrib</groupId> - <artifactId>ant-contrib</artifactId> - </dependency> - <dependency> - <groupId>org.apache.hadoop</groupId> - <artifactId>hadoop-minikdc</artifactId> - <scope>test</scope> - </dependency> - <dependency> - <groupId>javax.jdo</groupId> - <artifactId>jdo-api</artifactId> - </dependency> - <dependency> - <groupId>com.codahale.metrics</groupId> - <artifactId>metrics-core</artifactId> - </dependency> - <dependency> - <groupId>com.codahale.metrics</groupId> - <artifactId>metrics-servlets</artifactId> - </dependency> - <dependency> - <groupId>com.codahale.metrics</groupId> - <artifactId>metrics-jvm</artifactId> - </dependency> - <dependency> - <groupId>org.eclipse.jetty</groupId> - <artifactId>jetty-server</artifactId> - </dependency> - <dependency> - <groupId>org.eclipse.jetty</groupId> - <artifactId>jetty-servlet</artifactId> - </dependency> - <dependency> - <groupId>org.mockito</groupId> - <artifactId>mockito-all</artifactId> - <scope>test</scope> - </dependency> - <dependency> - <groupId>org.apache.curator</groupId> - <artifactId>curator-recipes</artifactId> - </dependency> - <dependency> - <groupId>org.apache.curator</groupId> - <artifactId>curator-x-discovery</artifactId> - </dependency> - <dependency> - <groupId>org.apache.curator</groupId> - <artifactId>curator-test</artifactId> - </dependency> - <dependency> - <groupId>org.apache.commons</groupId> - <artifactId>commons-pool2</artifactId> + <artifactId>sentry-service-client</artifactId> </dependency> </dependencies> - - <build> - <sourceDirectory>${basedir}/src/main/java</sourceDirectory> - <testSourceDirectory>${basedir}/src/test/java</testSourceDirectory> - <resources> - <resource> - <directory>${basedir}/src/main/java/org/apache/sentry/provider/db/service/model</directory> - <includes> - <include>package.jdo</include> - </includes> - </resource> - <resource> - <directory>${basedir}/src/main</directory> - <includes> - <include>webapp/*</include> - <include>webapp/css/*</include> - </includes> - </resource> - </resources> - <plugins> - <plugin> - <groupId>com.google.code.maven-replacer-plugin</groupId> - <artifactId>replacer</artifactId> - <version>1.5.2</version> - <executions> - <execution> - <id>replaceTokens</id> - <phase>clean</phase> - <goals> - <goal>replace</goal> - </goals> - </execution> - </executions> - <configuration> - <file>${basedir}/src/main/webapp/SentryService.html</file> - <replacements> - <replacement> - <token>%PROJECT_VERSION%</token> - <value>${version}</value> - </replacement> - </replacements> - </configuration> - </plugin> - <plugin> - <groupId>org.codehaus.mojo</groupId> - <artifactId>build-helper-maven-plugin</artifactId> - <executions> - <execution> - <id>add-source</id> - <phase>generate-sources</phase> - <goals> - <goal>add-source</goal> - </goals> - <configuration> - <sources> - <source>src/gen/thrift/gen-javabean</source> - </sources> - </configuration> - </execution> - </executions> - </plugin> - <plugin> - <groupId>org.datanucleus</groupId> - <artifactId>datanucleus-maven-plugin</artifactId> - <configuration> - <api>JDO</api> - <metadataIncludes>**/*.jdo</metadataIncludes> - <verbose>true</verbose> - </configuration> - <executions> - <execution> - <phase>process-classes</phase> - <goals> - <goal>enhance</goal> - </goals> - </execution> - </executions> - </plugin> - <plugin> - <groupId>org.apache.maven.plugins</groupId> - <artifactId>maven-jar-plugin</artifactId> - <executions> - <execution> - <goals> - <goal>test-jar</goal> - </goals> - </execution> - </executions> - </plugin> - <plugin> - <groupId>org.apache.maven.plugins</groupId> - <artifactId>maven-surefire-plugin</artifactId> - <configuration> - <reuseForks>false</reuseForks> - </configuration> - </plugin> - </plugins> - </build> - <profiles> - <profile> - <id>datanucleus3</id> - <activation> - <activeByDefault>true</activeByDefault> - </activation> - <properties> - <datanucleus-api-jdo.version>3.2.6</datanucleus-api-jdo.version> - <datanucleus-core.version>3.2.12</datanucleus-core.version> - <datanucleus-rdbms.version>3.2.12</datanucleus-rdbms.version> - </properties> - <dependencies> - <dependency> - <groupId>org.datanucleus</groupId> - <artifactId>datanucleus-core</artifactId> - <version>${datanucleus-core.version}</version> - </dependency> - <dependency> - <groupId>org.datanucleus</groupId> - <artifactId>datanucleus-api-jdo</artifactId> - <version>${datanucleus-api-jdo.version}</version> - </dependency> - <dependency> - <groupId>org.datanucleus</groupId> - <artifactId>datanucleus-rdbms</artifactId> - <version>${datanucleus-rdbms.version}</version> - </dependency> - </dependencies> - </profile> - <profile> - <id>datanucleus4</id> - <activation> - <activeByDefault>false</activeByDefault> - </activation> - <properties> - <datanucleus-api-jdo.version>4.2.1</datanucleus-api-jdo.version> - <datanucleus-core.version>4.1.6</datanucleus-core.version> - <datanucleus-rdbms.version>4.1.7</datanucleus-rdbms.version> - <datanucleus-jdo.version>3.2.0-m3</datanucleus-jdo.version> - </properties> - <dependencies> - <dependency> - <groupId>org.datanucleus</groupId> - <artifactId>datanucleus-core</artifactId> - <version>${datanucleus-core.version}</version> - </dependency> - <dependency> - <groupId>org.datanucleus</groupId> - <artifactId>datanucleus-api-jdo</artifactId> - <version>${datanucleus-api-jdo.version}</version> - </dependency> - <dependency> - <groupId>org.datanucleus</groupId> - <artifactId>datanucleus-rdbms</artifactId> - <version>${datanucleus-rdbms.version}</version> - </dependency> - <dependency> - <groupId>org.datanucleus</groupId> - <artifactId>javax.jdo</artifactId> - <version>${datanucleus-jdo.version}</version> - </dependency> - </dependencies> - </profile> - <profile> - <id>thriftif</id> - <build> - <plugins> - <plugin> - <groupId>org.apache.maven.plugins</groupId> - <artifactId>maven-antrun-plugin</artifactId> - <executions> - <execution> - <id>generate-thrift-sources</id> - <phase>generate-sources</phase> - <configuration> - <target> - <taskdef name="for" classname="net.sf.antcontrib.logic.ForTask" - classpathref="maven.plugin.classpath" /> - <property name="thrift.args" value="-I ${thrift.home} --gen java:beans,hashcode"/> - <property name="thrift.gen.dir" value="${basedir}/src/gen/thrift"/> - <delete dir="${thrift.gen.dir}"/> - <mkdir dir="${thrift.gen.dir}"/> - <for param="thrift.file"> - <path> - <fileset dir="${basedir}/src/main/resources/" includes="**/*.thrift" /> - </path> - <sequential> - <echo message="Generating Thrift code for @{thrift.file}"/> - <exec executable="${thrift.home}/bin/thrift" failonerror="true" dir="."> - <arg line="${thrift.args} -I ${basedir}/src/main/resources/ -o ${thrift.gen.dir} @{thrift.file} " /> - </exec> - </sequential> - </for> - </target> - </configuration> - <goals> - <goal>run</goal> - </goals> - </execution> - </executions> - </plugin> - <plugin> - <groupId>org.apache.maven.plugins</groupId> - <artifactId>maven-enforcer-plugin</artifactId> - <executions> - <execution> - <id>enforce-property</id> - <goals> - <goal>enforce</goal> - </goals> - <configuration> - <rules> - <requireProperty> - <property>thrift.home</property> - </requireProperty> - </rules> - <fail>true</fail> - </configuration> - </execution> - </executions> - </plugin> - </plugins> - </build> - </profile> - </profiles> </project>
