http://git-wip-us.apache.org/repos/asf/sentry/blob/f1332300/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/generic/tools/command/DropRoleCmd.java ---------------------------------------------------------------------- diff --git a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/generic/tools/command/DropRoleCmd.java b/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/generic/tools/command/DropRoleCmd.java deleted file mode 100644 index ac2a328..0000000 --- a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/generic/tools/command/DropRoleCmd.java +++ /dev/null @@ -1,39 +0,0 @@ -/** - * Licensed to the Apache Software Foundation (ASF) under one - * or more contributor license agreements. See the NOTICE file - * distributed with this work for additional information - * regarding copyright ownership. The ASF licenses this file - * to you under the Apache License, Version 2.0 (the - * "License"); you may not use this file except in compliance - * with the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ -package org.apache.sentry.provider.db.generic.tools.command; - -import org.apache.sentry.provider.db.generic.service.thrift.SentryGenericServiceClient; - -/** - * The class for admin command to drop role. - */ -public class DropRoleCmd implements Command { - - private String roleName; - private String component; - - public DropRoleCmd(String roleName, String component) { - this.roleName = roleName; - this.component = component; - } - - @Override - public void execute(SentryGenericServiceClient client, String requestorName) throws Exception { - client.dropRole(requestorName, roleName, component); - } -}
http://git-wip-us.apache.org/repos/asf/sentry/blob/f1332300/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/generic/tools/command/GrantPrivilegeToRoleCmd.java ---------------------------------------------------------------------- diff --git a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/generic/tools/command/GrantPrivilegeToRoleCmd.java b/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/generic/tools/command/GrantPrivilegeToRoleCmd.java deleted file mode 100644 index 634bb42..0000000 --- a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/generic/tools/command/GrantPrivilegeToRoleCmd.java +++ /dev/null @@ -1,47 +0,0 @@ -/** - * Licensed to the Apache Software Foundation (ASF) under one - * or more contributor license agreements. See the NOTICE file - * distributed with this work for additional information - * regarding copyright ownership. The ASF licenses this file - * to you under the Apache License, Version 2.0 (the - * "License"); you may not use this file except in compliance - * with the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ -package org.apache.sentry.provider.db.generic.tools.command; - -import org.apache.sentry.provider.db.generic.service.thrift.SentryGenericServiceClient; -import org.apache.sentry.provider.db.generic.service.thrift.TSentryPrivilege; - -/** - * The class for admin command to grant privilege to role. - */ -public class GrantPrivilegeToRoleCmd implements Command { - - private String roleName; - private String component; - private String privilegeStr; - private TSentryPrivilegeConverter converter; - - public GrantPrivilegeToRoleCmd(String roleName, String component, String privilegeStr, - TSentryPrivilegeConverter converter) { - this.roleName = roleName; - this.component = component; - this.privilegeStr = privilegeStr; - this.converter = converter; - } - - @Override - public void execute(SentryGenericServiceClient client, String requestorName) throws Exception { - TSentryPrivilege privilege = converter.fromString(privilegeStr); - client.grantPrivilege(requestorName, roleName, component, privilege); - - } -} http://git-wip-us.apache.org/repos/asf/sentry/blob/f1332300/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/generic/tools/command/ListPrivilegesByRoleCmd.java ---------------------------------------------------------------------- diff --git a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/generic/tools/command/ListPrivilegesByRoleCmd.java b/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/generic/tools/command/ListPrivilegesByRoleCmd.java deleted file mode 100644 index ce6db3a..0000000 --- a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/generic/tools/command/ListPrivilegesByRoleCmd.java +++ /dev/null @@ -1,54 +0,0 @@ -/** - * Licensed to the Apache Software Foundation (ASF) under one - * or more contributor license agreements. See the NOTICE file - * distributed with this work for additional information - * regarding copyright ownership. The ASF licenses this file - * to you under the Apache License, Version 2.0 (the - * "License"); you may not use this file except in compliance - * with the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ -package org.apache.sentry.provider.db.generic.tools.command; - -import org.apache.sentry.provider.db.generic.service.thrift.SentryGenericServiceClient; -import org.apache.sentry.provider.db.generic.service.thrift.TSentryPrivilege; - -import java.util.Set; - -/** - * The class for admin command to list privileges by role. - */ -public class ListPrivilegesByRoleCmd implements Command { - - private String roleName; - private String component; - private String serviceName; - private TSentryPrivilegeConverter converter; - - public ListPrivilegesByRoleCmd(String roleName, String component, String serviceName, - TSentryPrivilegeConverter converter) { - this.roleName = roleName; - this.component = component; - this.serviceName = serviceName; - this.converter = converter; - } - - @Override - public void execute(SentryGenericServiceClient client, String requestorName) throws Exception { - Set<TSentryPrivilege> privileges = client - .listPrivilegesByRoleName(requestorName, roleName, component, serviceName); - if (privileges != null) { - for (TSentryPrivilege privilege : privileges) { - String privilegeStr = converter.toString(privilege); - System.out.println(privilegeStr); - } - } - } -} http://git-wip-us.apache.org/repos/asf/sentry/blob/f1332300/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/generic/tools/command/ListRolesCmd.java ---------------------------------------------------------------------- diff --git a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/generic/tools/command/ListRolesCmd.java b/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/generic/tools/command/ListRolesCmd.java deleted file mode 100644 index 6b68d06..0000000 --- a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/generic/tools/command/ListRolesCmd.java +++ /dev/null @@ -1,53 +0,0 @@ -/** - * Licensed to the Apache Software Foundation (ASF) under one - * or more contributor license agreements. See the NOTICE file - * distributed with this work for additional information - * regarding copyright ownership. The ASF licenses this file - * to you under the Apache License, Version 2.0 (the - * "License"); you may not use this file except in compliance - * with the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ -package org.apache.sentry.provider.db.generic.tools.command; - -import org.apache.commons.lang.StringUtils; -import org.apache.sentry.provider.db.generic.service.thrift.SentryGenericServiceClient; -import org.apache.sentry.provider.db.generic.service.thrift.TSentryRole; - -import java.util.Set; - -/** - * The class for admin command to list roles. - */ -public class ListRolesCmd implements Command { - - private String groupName; - private String component; - - public ListRolesCmd(String groupName, String component) { - this.groupName = groupName; - this.component = component; - } - - @Override - public void execute(SentryGenericServiceClient client, String requestorName) throws Exception { - Set<TSentryRole> roles; - if (StringUtils.isEmpty(groupName)) { - roles = client.listAllRoles(requestorName, component); - } else { - roles = client.listRolesByGroupName(requestorName, groupName, component); - } - if (roles != null) { - for (TSentryRole role : roles) { - System.out.println(role.getRoleName()); - } - } - } -} http://git-wip-us.apache.org/repos/asf/sentry/blob/f1332300/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/generic/tools/command/RevokePrivilegeFromRoleCmd.java ---------------------------------------------------------------------- diff --git a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/generic/tools/command/RevokePrivilegeFromRoleCmd.java b/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/generic/tools/command/RevokePrivilegeFromRoleCmd.java deleted file mode 100644 index 3e42e60..0000000 --- a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/generic/tools/command/RevokePrivilegeFromRoleCmd.java +++ /dev/null @@ -1,47 +0,0 @@ -/** - * Licensed to the Apache Software Foundation (ASF) under one - * or more contributor license agreements. See the NOTICE file - * distributed with this work for additional information - * regarding copyright ownership. The ASF licenses this file - * to you under the Apache License, Version 2.0 (the - * "License"); you may not use this file except in compliance - * with the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ -package org.apache.sentry.provider.db.generic.tools.command; - -import org.apache.sentry.provider.db.generic.service.thrift.SentryGenericServiceClient; -import org.apache.sentry.provider.db.generic.service.thrift.TSentryPrivilege; - -/** - * The class for admin command to revoke privileges from role. - */ -public class RevokePrivilegeFromRoleCmd implements Command { - - private String roleName; - private String component; - private String privilegeStr; - private TSentryPrivilegeConverter converter; - - public RevokePrivilegeFromRoleCmd(String roleName, String component, String privilegeStr, - TSentryPrivilegeConverter converter) { - this.roleName = roleName; - this.component = component; - this.privilegeStr = privilegeStr; - this.converter = converter; - } - - @Override - public void execute(SentryGenericServiceClient client, String requestorName) throws Exception { - TSentryPrivilege privilege = converter.fromString(privilegeStr); - client.revokePrivilege(requestorName, roleName, component, privilege); - } - -} http://git-wip-us.apache.org/repos/asf/sentry/blob/f1332300/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/generic/tools/command/TSentryPrivilegeConverter.java ---------------------------------------------------------------------- diff --git a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/generic/tools/command/TSentryPrivilegeConverter.java b/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/generic/tools/command/TSentryPrivilegeConverter.java deleted file mode 100644 index ab44895..0000000 --- a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/generic/tools/command/TSentryPrivilegeConverter.java +++ /dev/null @@ -1,33 +0,0 @@ -/** - * Licensed to the Apache Software Foundation (ASF) under one - * or more contributor license agreements. See the NOTICE file - * distributed with this work for additional information - * regarding copyright ownership. The ASF licenses this file - * to you under the Apache License, Version 2.0 (the - * "License"); you may not use this file except in compliance - * with the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ -package org.apache.sentry.provider.db.generic.tools.command; - -import org.apache.sentry.provider.db.generic.service.thrift.TSentryPrivilege; - -public interface TSentryPrivilegeConverter { - - /** - * Convert string to privilege - */ - TSentryPrivilege fromString(String privilegeStr) throws Exception; - - /** - * Convert privilege to string - */ - String toString(TSentryPrivilege tSentryPrivilege); -} http://git-wip-us.apache.org/repos/asf/sentry/blob/f1332300/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/log/appender/AuditLoggerTestAppender.java ---------------------------------------------------------------------- diff --git a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/log/appender/AuditLoggerTestAppender.java b/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/log/appender/AuditLoggerTestAppender.java deleted file mode 100644 index 8000ebd..0000000 --- a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/log/appender/AuditLoggerTestAppender.java +++ /dev/null @@ -1,52 +0,0 @@ -/* - * Licensed to the Apache Software Foundation (ASF) under one or more - * contributor license agreements. See the NOTICE file distributed with - * this work for additional information regarding copyright ownership. - * The ASF licenses this file to You under the Apache License, Version 2.0 - * (the "License"); you may not use this file except in compliance with - * the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -package org.apache.sentry.provider.db.log.appender; - -import java.util.ArrayList; -import java.util.List; - -import org.apache.log4j.AppenderSkeleton; -import org.apache.log4j.Level; -import org.apache.log4j.spi.LoggingEvent; - -import com.google.common.annotations.VisibleForTesting; - -@VisibleForTesting -public class AuditLoggerTestAppender extends AppenderSkeleton { - public static final List<LoggingEvent> events = new ArrayList<LoggingEvent>(); - - public void close() { - } - - public boolean requiresLayout() { - return false; - } - - @Override - protected void append(LoggingEvent event) { - events.add(event); - } - - public static String getLastLogEvent() { - return events.get(events.size() - 1).getMessage().toString(); - } - - public static Level getLastLogLevel() { - return events.get(events.size() - 1).getLevel(); - } -} http://git-wip-us.apache.org/repos/asf/sentry/blob/f1332300/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/log/appender/RollingFileWithoutDeleteAppender.java ---------------------------------------------------------------------- diff --git a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/log/appender/RollingFileWithoutDeleteAppender.java b/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/log/appender/RollingFileWithoutDeleteAppender.java deleted file mode 100644 index fd133f3..0000000 --- a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/log/appender/RollingFileWithoutDeleteAppender.java +++ /dev/null @@ -1,175 +0,0 @@ -/** - * Licensed to the Apache Software Foundation (ASF) under one - * or more contributor license agreements. See the NOTICE file - * distributed with this work for additional information - * regarding copyright ownership. The ASF licenses this file - * to you under the Apache License, Version 2.0 (the - * "License"); you may not use this file except in compliance - * with the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -package org.apache.sentry.provider.db.log.appender; - -import java.io.File; -import java.io.IOException; -import java.io.InterruptedIOException; -import java.io.Writer; - -import org.apache.log4j.FileAppender; -import org.apache.log4j.Layout; -import org.apache.log4j.helpers.CountingQuietWriter; -import org.apache.log4j.helpers.LogLog; -import org.apache.log4j.helpers.OptionConverter; -import org.apache.log4j.spi.LoggingEvent; - -public class RollingFileWithoutDeleteAppender extends FileAppender { - /** - * The default maximum file size is 10MB. - */ - protected long maxFileSize = 10 * 1024 * 1024; - - private long nextRollover = 0; - - /** - * The default constructor simply calls its {@link FileAppender#FileAppender - * parents constructor}. - */ - public RollingFileWithoutDeleteAppender() { - super(); - } - - /** - * Instantiate a RollingFileAppender and open the file designated by - * <code>filename</code>. The opened filename will become the ouput - * destination for this appender. - * <p> - * If the <code>append</code> parameter is true, the file will be appended to. - * Otherwise, the file desginated by <code>filename</code> will be truncated - * before being opened. - */ - public RollingFileWithoutDeleteAppender(Layout layout, String filename, - boolean append) throws IOException { - super(layout, getLogFileName(filename), append); - } - - /** - * Instantiate a FileAppender and open the file designated by - * <code>filename</code>. The opened filename will become the output - * destination for this appender. - * <p> - * The file will be appended to. - */ - public RollingFileWithoutDeleteAppender(Layout layout, String filename) - throws IOException { - super(layout, getLogFileName(filename)); - } - - /** - * Get the maximum size that the output file is allowed to reach before being - * rolled over to backup files. - */ - public long getMaximumFileSize() { - return maxFileSize; - } - - /** - * Implements the usual roll over behaviour. - * <p> - * <code>File</code> is renamed <code>File.yyyyMMddHHmmss</code> and closed. A - * new <code>File</code> is created to receive further log output. - */ - // synchronization not necessary since doAppend is alreasy synched - public void rollOver() { - if (qw != null) { - long size = ((CountingQuietWriter) qw).getCount(); - LogLog.debug("rolling over count=" + size); - // if operation fails, do not roll again until - // maxFileSize more bytes are written - nextRollover = size + maxFileSize; - } - - this.closeFile(); // keep windows happy. - - String newFileName = getLogFileName(fileName); - try { - // This will also close the file. This is OK since multiple - // close operations are safe. - this.setFile(newFileName, false, bufferedIO, bufferSize); - nextRollover = 0; - } catch (IOException e) { - if (e instanceof InterruptedIOException) { - Thread.currentThread().interrupt(); - } - LogLog.error("setFile(" + newFileName + ", false) call failed: " + e.getMessage(), e); - } - } - - public synchronized void setFile(String fileName, boolean append, - boolean bufferedIO, int bufferSize) throws IOException { - super.setFile(fileName, append, this.bufferedIO, this.bufferSize); - if (append) { - File f = new File(fileName); - ((CountingQuietWriter) qw).setCount(f.length()); - } - } - - /** - * Set the maximum size that the output file is allowed to reach before being - * rolled over to backup files. - * <p> - * This method is equivalent to {@link #setMaxFileSize} except that it is - * required for differentiating the setter taking a <code>long</code> argument - * from the setter taking a <code>String</code> argument by the JavaBeans - * {@link java.beans.Introspector Introspector}. - * - * @see #setMaxFileSize(String) - */ - public void setMaximumFileSize(long maxFileSize) { - this.maxFileSize = maxFileSize; - } - - /** - * Set the maximum size that the output file is allowed to reach before being - * rolled over to backup files. - * <p> - * In configuration files, the <b>MaxFileSize</b> option takes an long integer - * in the range 0 - 2^63. You can specify the value with the suffixes "KB", - * "MB" or "GB" so that the integer is interpreted being expressed - * respectively in kilobytes, megabytes or gigabytes. For example, the value - * "10KB" will be interpreted as 10240. - */ - public void setMaxFileSize(String value) { - maxFileSize = OptionConverter.toFileSize(value, maxFileSize + 1); - } - - protected void setQWForFiles(Writer writer) { - this.qw = new CountingQuietWriter(writer, errorHandler); - } - - /** - * This method differentiates RollingFileAppender from its super class. - */ - protected void subAppend(LoggingEvent event) { - super.subAppend(event); - - if (fileName != null && qw != null) { - long size = ((CountingQuietWriter) qw).getCount(); - if (size >= maxFileSize && size >= nextRollover) { - rollOver(); - } - } - } - - // Mangled file name. Append the current timestamp - private static String getLogFileName(String oldFileName) { - return oldFileName + "." + Long.toString(System.currentTimeMillis()); - } -} http://git-wip-us.apache.org/repos/asf/sentry/blob/f1332300/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/log/entity/AuditMetadataLogEntity.java ---------------------------------------------------------------------- diff --git a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/log/entity/AuditMetadataLogEntity.java b/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/log/entity/AuditMetadataLogEntity.java deleted file mode 100644 index a5fe4ec..0000000 --- a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/log/entity/AuditMetadataLogEntity.java +++ /dev/null @@ -1,155 +0,0 @@ -/** - * Licensed to the Apache Software Foundation (ASF) under one - * or more contributor license agreements. See the NOTICE file - * distributed with this work for additional information - * regarding copyright ownership. The ASF licenses this file - * to you under the Apache License, Version 2.0 (the - * "License"); you may not use this file except in compliance - * with the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -package org.apache.sentry.provider.db.log.entity; - -import java.io.IOException; - -import org.codehaus.jackson.JsonFactory; -import org.codehaus.jackson.JsonNode; -import org.codehaus.jackson.map.MappingJsonFactory; -import org.codehaus.jackson.map.ObjectMapper; -import org.codehaus.jackson.node.ContainerNode; - -abstract public class AuditMetadataLogEntity implements JsonLogEntity { - - static final JsonFactory factory = new MappingJsonFactory(); - private String serviceName; - private String userName; - private String impersonator; - private String ipAddress; - private String operation; - private String eventTime; - private String operationText; - private String allowed; - private String objectType; - private String component; - - void setCommonAttr(String serviceName, String userName, String impersonator, String ipAddress, - String operation, String eventTime, String operationText, String allowed, String objectType, - String component) { - this.serviceName = serviceName; - this.userName = userName; - this.impersonator = impersonator; - this.ipAddress = ipAddress; - this.operation = operation; - this.eventTime = eventTime; - this.operationText = operationText; - this.allowed = allowed; - this.objectType = objectType; - this.component = component; - } - - public String getServiceName() { - return serviceName; - } - - public void setServiceName(String serviceName) { - this.serviceName = serviceName; - } - - public String getUserName() { - return userName; - } - - public void setUserName(String userName) { - this.userName = userName; - } - - public String getImpersonator() { - return impersonator; - } - - public void setImpersonator(String impersonator) { - this.impersonator = impersonator; - } - - public String getIpAddress() { - return ipAddress; - } - - public void setIpAddress(String ipAddress) { - this.ipAddress = ipAddress; - } - - public String getOperation() { - return operation; - } - - public void setOperation(String operation) { - this.operation = operation; - } - - public String getEventTime() { - return eventTime; - } - - public void setEventTime(String eventTime) { - this.eventTime = eventTime; - } - - public String getOperationText() { - return operationText; - } - - public void setOperationText(String operationText) { - this.operationText = operationText; - } - - public String getAllowed() { - return allowed; - } - - public void setAllowed(String allowed) { - this.allowed = allowed; - } - - public String getObjectType() { - return objectType; - } - - public void setObjectType(String objectType) { - this.objectType = objectType; - } - - public String getComponent() { - return component; - } - - public void setComponent(String component) { - this.component = component; - } - - /** - * For use in tests - * - * @param json - * incoming JSON to parse - * @return a node tree - * @throws IOException - * on any parsing problems - */ - public static ContainerNode parse(String json) throws IOException { - ObjectMapper mapper = new ObjectMapper(factory); - JsonNode jsonNode = mapper.readTree(json); - if (!(jsonNode instanceof ContainerNode)) { - throw new IOException("Wrong JSON data: " + json); - } - return (ContainerNode) jsonNode; - } -} http://git-wip-us.apache.org/repos/asf/sentry/blob/f1332300/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/log/entity/DBAuditMetadataLogEntity.java ---------------------------------------------------------------------- diff --git a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/log/entity/DBAuditMetadataLogEntity.java b/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/log/entity/DBAuditMetadataLogEntity.java deleted file mode 100644 index 4949ac7..0000000 --- a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/log/entity/DBAuditMetadataLogEntity.java +++ /dev/null @@ -1,124 +0,0 @@ -/** - * Licensed to the Apache Software Foundation (ASF) under one - * or more contributor license agreements. See the NOTICE file - * distributed with this work for additional information - * regarding copyright ownership. The ASF licenses this file - * to you under the Apache License, Version 2.0 (the - * "License"); you may not use this file except in compliance - * with the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -package org.apache.sentry.provider.db.log.entity; - -import java.io.IOException; -import java.io.StringWriter; - -import org.apache.sentry.provider.db.log.util.Constants; -import org.codehaus.jackson.JsonGenerator; -import org.slf4j.Logger; -import org.slf4j.LoggerFactory; - -public class DBAuditMetadataLogEntity extends AuditMetadataLogEntity { - private static final Logger LOGGER = LoggerFactory.getLogger(DBAuditMetadataLogEntity.class); - - private String databaseName; - private String tableName; - private String columnName; - private String resourcePath; - - public DBAuditMetadataLogEntity() { - } - - public DBAuditMetadataLogEntity(String serviceName, String userName, String impersonator, - String ipAddress, String operation, String eventTime, String operationText, String allowed, - String objectType, String component, String databaseName, String tableName, - String columnName, String resourcePath) { - setCommonAttr(serviceName, userName, impersonator, ipAddress, operation, eventTime, - operationText, allowed, objectType, component); - this.databaseName = databaseName; - this.tableName = tableName; - this.columnName = columnName; - this.resourcePath = resourcePath; - } - - public String getDatabaseName() { - return databaseName; - } - - public void setDatabaseName(String databaseName) { - this.databaseName = databaseName; - } - - public String getTableName() { - return tableName; - } - - public void setTableName(String tableName) { - this.tableName = tableName; - } - - public String getColumnName() { - return columnName; - } - - public void setColumnName(String columnName) { - this.columnName = columnName; - } - - public String getResourcePath() { - return resourcePath; - } - - public void setResourcePath(String resourcePath) { - this.resourcePath = resourcePath; - } - - @Override - public String toJsonFormatLog() throws Exception { - StringWriter stringWriter = new StringWriter(); - JsonGenerator json = null; - try { - json = factory.createJsonGenerator(stringWriter); - json.writeStartObject(); - json.writeStringField(Constants.LOG_FIELD_SERVICE_NAME, getServiceName()); - json.writeStringField(Constants.LOG_FIELD_USER_NAME, getUserName()); - json.writeStringField(Constants.LOG_FIELD_IMPERSONATOR, getImpersonator()); - json.writeStringField(Constants.LOG_FIELD_IP_ADDRESS, getIpAddress()); - json.writeStringField(Constants.LOG_FIELD_OPERATION, getOperation()); - json.writeStringField(Constants.LOG_FIELD_EVENT_TIME, getEventTime()); - json.writeStringField(Constants.LOG_FIELD_OPERATION_TEXT, getOperationText()); - json.writeStringField(Constants.LOG_FIELD_ALLOWED, getAllowed()); - json.writeStringField(Constants.LOG_FIELD_DATABASE_NAME, databaseName); - json.writeStringField(Constants.LOG_FIELD_TABLE_NAME, tableName); - json.writeStringField(Constants.LOG_FIELD_COLUMN_NAME, columnName); - json.writeStringField(Constants.LOG_FIELD_RESOURCE_PATH, resourcePath); - json.writeStringField(Constants.LOG_FIELD_OBJECT_TYPE, getObjectType()); - json.writeEndObject(); - json.flush(); - } catch (IOException e) { - String msg = "Error creating audit log in json format: " + e.getMessage(); - LOGGER.error(msg, e); - throw e; - } finally { - try { - if (json != null) { - json.close(); - } - } catch (IOException e) { - String msg = "Error when close json object: " + e.getMessage(); - LOGGER.error(msg, e); - throw e; - } - } - - return stringWriter.toString(); - } -} http://git-wip-us.apache.org/repos/asf/sentry/blob/f1332300/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/log/entity/GMAuditMetadataLogEntity.java ---------------------------------------------------------------------- diff --git a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/log/entity/GMAuditMetadataLogEntity.java b/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/log/entity/GMAuditMetadataLogEntity.java deleted file mode 100644 index 6911772..0000000 --- a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/log/entity/GMAuditMetadataLogEntity.java +++ /dev/null @@ -1,97 +0,0 @@ -/** - * Licensed to the Apache Software Foundation (ASF) under one - * or more contributor license agreements. See the NOTICE file - * distributed with this work for additional information - * regarding copyright ownership. The ASF licenses this file - * to you under the Apache License, Version 2.0 (the - * "License"); you may not use this file except in compliance - * with the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -package org.apache.sentry.provider.db.log.entity; - -import java.io.IOException; -import java.io.StringWriter; -import java.util.LinkedHashMap; -import java.util.Map; - -import org.apache.sentry.provider.db.log.util.Constants; -import org.codehaus.jackson.JsonGenerator; -import org.slf4j.Logger; -import org.slf4j.LoggerFactory; - -public class GMAuditMetadataLogEntity extends AuditMetadataLogEntity { - - private static final Logger LOGGER = LoggerFactory.getLogger(GMAuditMetadataLogEntity.class); - private Map<String, String> privilegesMap; - - public GMAuditMetadataLogEntity() { - privilegesMap = new LinkedHashMap<String, String>(); - } - - public GMAuditMetadataLogEntity(String serviceName, String userName, String impersonator, - String ipAddress, String operation, String eventTime, String operationText, String allowed, - String objectType, String component, Map<String, String> privilegesMap) { - setCommonAttr(serviceName, userName, impersonator, ipAddress, operation, eventTime, - operationText, allowed, objectType, component); - this.privilegesMap = privilegesMap; - } - - @Override - public String toJsonFormatLog() throws Exception { - StringWriter stringWriter = new StringWriter(); - JsonGenerator json = null; - try { - json = factory.createJsonGenerator(stringWriter); - json.writeStartObject(); - json.writeStringField(Constants.LOG_FIELD_SERVICE_NAME, getServiceName()); - json.writeStringField(Constants.LOG_FIELD_USER_NAME, getUserName()); - json.writeStringField(Constants.LOG_FIELD_IMPERSONATOR, getImpersonator()); - json.writeStringField(Constants.LOG_FIELD_IP_ADDRESS, getIpAddress()); - json.writeStringField(Constants.LOG_FIELD_OPERATION, getOperation()); - json.writeStringField(Constants.LOG_FIELD_EVENT_TIME, getEventTime()); - json.writeStringField(Constants.LOG_FIELD_OPERATION_TEXT, getOperationText()); - json.writeStringField(Constants.LOG_FIELD_ALLOWED, getAllowed()); - for (Map.Entry<String, String> entry : privilegesMap.entrySet()) { - json.writeStringField(entry.getKey(), entry.getValue()); - } - json.writeStringField(Constants.LOG_FIELD_OBJECT_TYPE, getObjectType()); - json.writeStringField(Constants.LOG_FIELD_COMPONENT, getComponent()); - json.writeEndObject(); - json.flush(); - } catch (IOException e) { - String msg = "Error creating audit log in json format: " + e.getMessage(); - LOGGER.error(msg, e); - throw e; - } finally { - try { - if (json != null) { - json.close(); - } - } catch (IOException e) { - String msg = "Error when close json object: " + e.getMessage(); - LOGGER.error(msg, e); - throw e; - } - } - - return stringWriter.toString(); - } - - public Map<String, String> getPrivilegesMap() { - return privilegesMap; - } - - public void setPrivilegesMap(Map<String, String> privilegesMap) { - this.privilegesMap = privilegesMap; - } - -} http://git-wip-us.apache.org/repos/asf/sentry/blob/f1332300/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/log/entity/JsonLogEntity.java ---------------------------------------------------------------------- diff --git a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/log/entity/JsonLogEntity.java b/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/log/entity/JsonLogEntity.java deleted file mode 100644 index 913f125..0000000 --- a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/log/entity/JsonLogEntity.java +++ /dev/null @@ -1,25 +0,0 @@ -/** - * Licensed to the Apache Software Foundation (ASF) under one - * or more contributor license agreements. See the NOTICE file - * distributed with this work for additional information - * regarding copyright ownership. The ASF licenses this file - * to you under the Apache License, Version 2.0 (the - * "License"); you may not use this file except in compliance - * with the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -package org.apache.sentry.provider.db.log.entity; - -public interface JsonLogEntity { - - String toJsonFormatLog() throws Exception; - -} http://git-wip-us.apache.org/repos/asf/sentry/blob/f1332300/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/log/entity/JsonLogEntityFactory.java ---------------------------------------------------------------------- diff --git a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/log/entity/JsonLogEntityFactory.java b/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/log/entity/JsonLogEntityFactory.java deleted file mode 100644 index f6bb8a5..0000000 --- a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/log/entity/JsonLogEntityFactory.java +++ /dev/null @@ -1,351 +0,0 @@ -/** - * Licensed to the Apache Software Foundation (ASF) under one - * or more contributor license agreements. See the NOTICE file - * distributed with this work for additional information - * regarding copyright ownership. The ASF licenses this file - * to you under the Apache License, Version 2.0 (the - * "License"); you may not use this file except in compliance - * with the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -package org.apache.sentry.provider.db.log.entity; - -import java.util.Iterator; -import java.util.LinkedHashMap; -import java.util.List; -import java.util.Map; -import java.util.Set; - -import org.apache.hadoop.conf.Configuration; -import org.apache.sentry.provider.db.generic.service.thrift.TAuthorizable; -import org.apache.sentry.provider.db.log.util.CommandUtil; -import org.apache.sentry.provider.db.log.util.Constants; -import org.apache.sentry.provider.db.service.thrift.TAlterSentryRoleAddGroupsRequest; -import org.apache.sentry.provider.db.service.thrift.TAlterSentryRoleAddGroupsResponse; -import org.apache.sentry.provider.db.service.thrift.TAlterSentryRoleAddUsersRequest; -import org.apache.sentry.provider.db.service.thrift.TAlterSentryRoleAddUsersResponse; -import org.apache.sentry.provider.db.service.thrift.TAlterSentryRoleDeleteGroupsRequest; -import org.apache.sentry.provider.db.service.thrift.TAlterSentryRoleDeleteGroupsResponse; -import org.apache.sentry.provider.db.service.thrift.TAlterSentryRoleDeleteUsersRequest; -import org.apache.sentry.provider.db.service.thrift.TAlterSentryRoleDeleteUsersResponse; -import org.apache.sentry.provider.db.service.thrift.TAlterSentryRoleGrantPrivilegeRequest; -import org.apache.sentry.provider.db.service.thrift.TAlterSentryRoleGrantPrivilegeResponse; -import org.apache.sentry.provider.db.service.thrift.TAlterSentryRoleRevokePrivilegeRequest; -import org.apache.sentry.provider.db.service.thrift.TAlterSentryRoleRevokePrivilegeResponse; -import org.apache.sentry.provider.db.service.thrift.TCreateSentryRoleRequest; -import org.apache.sentry.provider.db.service.thrift.TCreateSentryRoleResponse; -import org.apache.sentry.provider.db.service.thrift.TDropSentryRoleRequest; -import org.apache.sentry.provider.db.service.thrift.TDropSentryRoleResponse; -import org.apache.sentry.provider.db.service.thrift.TSentryGroup; -import org.apache.sentry.provider.db.service.thrift.TSentryPrivilege; -import org.apache.sentry.provider.db.service.thrift.ThriftUtil; -import org.apache.sentry.service.thrift.ServiceConstants.ServerConfig; -import org.apache.sentry.service.thrift.Status; -import org.apache.sentry.service.thrift.TSentryResponseStatus; - -import com.google.common.base.Joiner; -import com.google.common.collect.ImmutableSet; - -public final class JsonLogEntityFactory { - - private static JsonLogEntityFactory factory = new JsonLogEntityFactory(); - - private JsonLogEntityFactory() { - } - - public static JsonLogEntityFactory getInstance() { - return factory; - } - - // log entity for hive/impala create role - public JsonLogEntity createJsonLogEntity(TCreateSentryRoleRequest request, - TCreateSentryRoleResponse response, Configuration conf) { - DBAuditMetadataLogEntity hamle = createCommonHAMLE(conf, response.getStatus(), - request.getRequestorUserName(), request.getClass().getName()); - hamle.setOperationText(CommandUtil.createCmdForCreateOrDropRole( - request.getRoleName(), true)); - - return hamle; - } - - // log entity for hive/impala drop role - public JsonLogEntity createJsonLogEntity(TDropSentryRoleRequest request, - TDropSentryRoleResponse response, Configuration conf) { - DBAuditMetadataLogEntity hamle = createCommonHAMLE(conf, response.getStatus(), - request.getRequestorUserName(), request.getClass().getName()); - hamle.setOperationText(CommandUtil.createCmdForCreateOrDropRole( - request.getRoleName(), false)); - - return hamle; - } - - // log entity for hive/impala grant privilege - public Set<JsonLogEntity> createJsonLogEntitys( - TAlterSentryRoleGrantPrivilegeRequest request, - TAlterSentryRoleGrantPrivilegeResponse response, Configuration conf) { - ImmutableSet.Builder<JsonLogEntity> setBuilder = ImmutableSet.builder(); - if (request.isSetPrivileges()) { - for (TSentryPrivilege privilege : request.getPrivileges()) { - JsonLogEntity logEntity = createJsonLogEntity(request, privilege, response, conf); - setBuilder.add(logEntity); - } - } - return setBuilder.build(); - } - - private JsonLogEntity createJsonLogEntity( - TAlterSentryRoleGrantPrivilegeRequest request, TSentryPrivilege privilege, - TAlterSentryRoleGrantPrivilegeResponse response, Configuration conf) { - DBAuditMetadataLogEntity hamle = createCommonHAMLE(conf, response.getStatus(), - request.getRequestorUserName(), request.getClass().getName()); - hamle.setOperationText(CommandUtil.createCmdForGrantPrivilege(request)); - hamle.setDatabaseName(privilege.getDbName()); - hamle.setTableName(privilege.getTableName()); - hamle.setResourcePath(privilege.getURI()); - return hamle; - } - - // log entity for hive/impala revoke privilege - public Set<JsonLogEntity> createJsonLogEntitys( - TAlterSentryRoleRevokePrivilegeRequest request, - TAlterSentryRoleRevokePrivilegeResponse response, Configuration conf) { - ImmutableSet.Builder<JsonLogEntity> setBuilder = ImmutableSet.builder(); - if (request.isSetPrivileges()) { - for (TSentryPrivilege privilege : request.getPrivileges()) { - JsonLogEntity logEntity = createJsonLogEntity(request, privilege, response, conf); - setBuilder.add(logEntity); - } - } - return setBuilder.build(); - } - - private JsonLogEntity createJsonLogEntity( - TAlterSentryRoleRevokePrivilegeRequest request, TSentryPrivilege privilege, - TAlterSentryRoleRevokePrivilegeResponse response, Configuration conf) { - DBAuditMetadataLogEntity hamle = createCommonHAMLE(conf, response.getStatus(), - request.getRequestorUserName(), request.getClass().getName()); - hamle.setOperationText(CommandUtil.createCmdForRevokePrivilege(request)); - hamle.setDatabaseName(privilege.getDbName()); - hamle.setTableName(privilege.getTableName()); - hamle.setResourcePath(privilege.getURI()); - - return hamle; - } - - // log entity for hive/impala add role to group - public JsonLogEntity createJsonLogEntity( - TAlterSentryRoleAddGroupsRequest request, - TAlterSentryRoleAddGroupsResponse response, Configuration conf) { - DBAuditMetadataLogEntity hamle = createCommonHAMLE(conf, response.getStatus(), - request.getRequestorUserName(), request.getClass().getName()); - String groups = getGroupsStr(request.getGroupsIterator()); - hamle.setOperationText(CommandUtil.createCmdForRoleAddGroup(request.getRoleName(), groups)); - - return hamle; - } - - // log entity for hive/impala delete role from group - public JsonLogEntity createJsonLogEntity( - TAlterSentryRoleDeleteGroupsRequest request, - TAlterSentryRoleDeleteGroupsResponse response, Configuration conf) { - DBAuditMetadataLogEntity hamle = createCommonHAMLE(conf, response.getStatus(), - request.getRequestorUserName(), request.getClass().getName()); - String groups = getGroupsStr(request.getGroupsIterator()); - hamle.setOperationText(CommandUtil.createCmdForRoleDeleteGroup(request.getRoleName(), groups)); - - return hamle; - } - - private String getGroupsStr(Iterator<TSentryGroup> iter) { - StringBuilder groups = new StringBuilder(""); - if (iter != null) { - boolean commaFlg = false; - while (iter.hasNext()) { - if (commaFlg) { - groups.append(", "); - } else { - commaFlg = true; - } - groups.append(iter.next().getGroupName()); - } - } - return groups.toString(); - } - - public JsonLogEntity createJsonLogEntity(TAlterSentryRoleAddUsersRequest request, - TAlterSentryRoleAddUsersResponse response, Configuration conf) { - AuditMetadataLogEntity amle = createCommonHAMLE(conf, response.getStatus(), - request.getRequestorUserName(), request.getClass().getName()); - String users = getUsersStr(request.getUsersIterator()); - amle.setOperationText(CommandUtil.createCmdForRoleAddUser(request.getRoleName(), users)); - - return amle; - } - - public JsonLogEntity createJsonLogEntity(TAlterSentryRoleDeleteUsersRequest request, - TAlterSentryRoleDeleteUsersResponse response, Configuration conf) { - AuditMetadataLogEntity amle = createCommonHAMLE(conf, response.getStatus(), - request.getRequestorUserName(), request.getClass().getName()); - String users = getUsersStr(request.getUsersIterator()); - amle.setOperationText(CommandUtil.createCmdForRoleDeleteUser(request.getRoleName(), users)); - - return amle; - } - - private String getUsersStr(Iterator<String> iter) { - StringBuilder users = new StringBuilder(""); - if (iter != null) { - boolean commaFlg = false; - while (iter.hasNext()) { - if (commaFlg) { - users.append(", "); - } else { - commaFlg = true; - } - users.append(iter.next()); - } - } - return users.toString(); - } - - public String isAllowed(TSentryResponseStatus status) { - if (status.equals(Status.OK())) { - return Constants.TRUE; - } - return Constants.FALSE; - } - - // log entity for generic model create role - public JsonLogEntity createJsonLogEntity( - org.apache.sentry.provider.db.generic.service.thrift.TCreateSentryRoleRequest request, - org.apache.sentry.provider.db.generic.service.thrift.TCreateSentryRoleResponse response, - Configuration conf) { - GMAuditMetadataLogEntity gmamle = createCommonGMAMLE(conf, response.getStatus(), - request.getRequestorUserName(), request.getClass().getName(), request.getComponent()); - gmamle.setOperationText(CommandUtil.createCmdForCreateOrDropRole(request.getRoleName(), true)); - - return gmamle; - } - - // log entity for generic model drop role - public JsonLogEntity createJsonLogEntity( - org.apache.sentry.provider.db.generic.service.thrift.TDropSentryRoleRequest request, - org.apache.sentry.provider.db.generic.service.thrift.TDropSentryRoleResponse response, - Configuration conf) { - GMAuditMetadataLogEntity gmamle = createCommonGMAMLE(conf, response.getStatus(), - request.getRequestorUserName(), request.getClass().getName(), request.getComponent()); - gmamle.setOperationText(CommandUtil.createCmdForCreateOrDropRole(request.getRoleName(), false)); - - return gmamle; - } - - // log entity for generic model grant privilege - public JsonLogEntity createJsonLogEntity( - org.apache.sentry.provider.db.generic.service.thrift.TAlterSentryRoleGrantPrivilegeRequest request, - org.apache.sentry.provider.db.generic.service.thrift.TAlterSentryRoleGrantPrivilegeResponse response, - Configuration conf) { - GMAuditMetadataLogEntity gmamle = createCommonGMAMLE(conf, response.getStatus(), - request.getRequestorUserName(), request.getClass().getName(), request.getComponent()); - if (request.getPrivilege() != null) { - List<TAuthorizable> authorizables = request.getPrivilege().getAuthorizables(); - Map<String, String> privilegesMap = new LinkedHashMap<String, String>(); - if (authorizables != null) { - for (TAuthorizable authorizable : authorizables) { - privilegesMap.put(authorizable.getType(), authorizable.getName()); - } - } - gmamle.setPrivilegesMap(privilegesMap); - } - gmamle.setOperationText(CommandUtil.createCmdForGrantGMPrivilege(request)); - - return gmamle; - } - - // log entity for generic model revoke privilege - public JsonLogEntity createJsonLogEntity( - org.apache.sentry.provider.db.generic.service.thrift.TAlterSentryRoleRevokePrivilegeRequest request, - org.apache.sentry.provider.db.generic.service.thrift.TAlterSentryRoleRevokePrivilegeResponse response, - Configuration conf) { - GMAuditMetadataLogEntity gmamle = createCommonGMAMLE(conf, response.getStatus(), - request.getRequestorUserName(), request.getClass().getName(), request.getComponent()); - if (request.getPrivilege() != null) { - List<TAuthorizable> authorizables = request.getPrivilege().getAuthorizables(); - Map<String, String> privilegesMap = new LinkedHashMap<String, String>(); - if (authorizables != null) { - for (TAuthorizable authorizable : authorizables) { - privilegesMap.put(authorizable.getType(), authorizable.getName()); - } - } - gmamle.setPrivilegesMap(privilegesMap); - } - gmamle.setOperationText(CommandUtil.createCmdForRevokeGMPrivilege(request)); - - return gmamle; - } - - // log entity for generic model add role to group - public JsonLogEntity createJsonLogEntity( - org.apache.sentry.provider.db.generic.service.thrift.TAlterSentryRoleAddGroupsRequest request, - org.apache.sentry.provider.db.generic.service.thrift.TAlterSentryRoleAddGroupsResponse response, - Configuration conf) { - GMAuditMetadataLogEntity gmamle = createCommonGMAMLE(conf, response.getStatus(), - request.getRequestorUserName(), request.getClass().getName(), request.getComponent()); - Joiner joiner = Joiner.on(","); - String groups = joiner.join(request.getGroupsIterator()); - gmamle.setOperationText(CommandUtil.createCmdForRoleAddGroup(request.getRoleName(), groups)); - - return gmamle; - } - - // log entity for hive delete role from group - public JsonLogEntity createJsonLogEntity( - org.apache.sentry.provider.db.generic.service.thrift.TAlterSentryRoleDeleteGroupsRequest request, - org.apache.sentry.provider.db.generic.service.thrift.TAlterSentryRoleDeleteGroupsResponse response, - Configuration conf) { - GMAuditMetadataLogEntity gmamle = createCommonGMAMLE(conf, response.getStatus(), - request.getRequestorUserName(), request.getClass().getName(), request.getComponent()); - Joiner joiner = Joiner.on(","); - String groups = joiner.join(request.getGroupsIterator()); - gmamle.setOperationText(CommandUtil.createCmdForRoleDeleteGroup(request.getRoleName(), groups)); - - return gmamle; - } - - private DBAuditMetadataLogEntity createCommonHAMLE(Configuration conf, - TSentryResponseStatus responseStatus, String userName, String requestClassName) { - DBAuditMetadataLogEntity hamle = new DBAuditMetadataLogEntity(); - setCommAttrForAMLE(hamle, conf, responseStatus, userName, requestClassName); - return hamle; - } - - private GMAuditMetadataLogEntity createCommonGMAMLE(Configuration conf, - TSentryResponseStatus responseStatus, String userName, String requestClassName, - String component) { - GMAuditMetadataLogEntity gmamle = new GMAuditMetadataLogEntity(); - setCommAttrForAMLE(gmamle, conf, responseStatus, userName, requestClassName); - gmamle.setComponent(component); - return gmamle; - } - - private void setCommAttrForAMLE(AuditMetadataLogEntity amle, Configuration conf, - TSentryResponseStatus responseStatus, String userName, String requestClassName) { - amle.setUserName(userName); - amle.setServiceName(conf.get(ServerConfig.SENTRY_SERVICE_NAME, - ServerConfig.SENTRY_SERVICE_NAME_DEFAULT).trim()); - amle.setImpersonator(ThriftUtil.getImpersonator()); - amle.setIpAddress(ThriftUtil.getIpAddress()); - amle.setOperation(Constants.requestTypeToOperationMap.get(requestClassName)); - amle.setEventTime(Long.toString(System.currentTimeMillis())); - amle.setAllowed(isAllowed(responseStatus)); - amle.setObjectType(Constants.requestTypeToObjectTypeMap - .get(requestClassName)); - } -} http://git-wip-us.apache.org/repos/asf/sentry/blob/f1332300/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/log/util/CommandUtil.java ---------------------------------------------------------------------- diff --git a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/log/util/CommandUtil.java b/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/log/util/CommandUtil.java deleted file mode 100644 index 328bbbb..0000000 --- a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/log/util/CommandUtil.java +++ /dev/null @@ -1,233 +0,0 @@ -/** - * Licensed to the Apache Software Foundation (ASF) under one - * or more contributor license agreements. See the NOTICE file - * distributed with this work for additional information - * regarding copyright ownership. The ASF licenses this file - * to you under the Apache License, Version 2.0 (the - * "License"); you may not use this file except in compliance - * with the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -package org.apache.sentry.provider.db.log.util; - -import java.net.InetAddress; -import java.net.NetworkInterface; -import java.util.Enumeration; -import java.util.List; -import java.util.Set; - -import org.apache.sentry.core.model.db.AccessConstants; -import org.apache.sentry.provider.db.generic.service.thrift.TAuthorizable; -import org.apache.sentry.provider.db.service.thrift.TAlterSentryRoleGrantPrivilegeRequest; -import org.apache.sentry.provider.db.service.thrift.TAlterSentryRoleRevokePrivilegeRequest; -import org.apache.sentry.provider.db.service.thrift.TSentryGrantOption; -import org.apache.sentry.provider.db.service.thrift.TSentryPrivilege; -import org.apache.sentry.service.thrift.ServiceConstants.PrivilegeScope; -import org.datanucleus.util.StringUtils; - -import com.google.common.annotations.VisibleForTesting; - -public final class CommandUtil { - - public CommandUtil() { - // Make constructor private to avoid instantiation - } - - public static String createCmdForCreateOrDropRole(String roleName, - boolean isCreate) { - if (isCreate) { - return "CREATE ROLE " + roleName; - } - return "DROP ROLE " + roleName; - } - - public static String createCmdForRoleAddGroup(String roleName, String groups) { - return createCmdForRoleGrant(roleName, groups, true, true); - } - - public static String createCmdForRoleDeleteGroup(String roleName, String groups) { - return createCmdForRoleGrant(roleName, groups, false, true); - } - - private static String createCmdForRoleGrant(String roleName, String principals, - boolean isGrant, boolean isGroup) { - StringBuilder sb = new StringBuilder(); - if (isGrant) { - sb.append("GRANT ROLE "); - } else { - sb.append("REVOKE ROLE "); - } - sb.append(roleName); - if (isGrant) { - sb.append(" TO "); - } else { - sb.append(" FROM "); - } - - String principalType = isGroup ? "GROUP" : "USER"; - if (!StringUtils.isEmpty(principals)) { - sb.append(principalType).append(" ").append(principals); - } else { - sb = new StringBuilder("Missing " + principalType + " information."); - } - - return sb.toString(); - } - - public static String createCmdForRoleAddUser(String roleName, String users) { - return createCmdForRoleGrant(roleName, users, true, false); - } - - public static String createCmdForRoleDeleteUser(String roleName, String users) { - return createCmdForRoleGrant(roleName, users, false, false); - } - - public static String createCmdForGrantPrivilege( - TAlterSentryRoleGrantPrivilegeRequest request) { - return createCmdForGrantOrRevokePrivileges(request.getRoleName(), - request.getPrivileges(), true); - } - - public static String createCmdForRevokePrivilege( - TAlterSentryRoleRevokePrivilegeRequest request) { - return createCmdForGrantOrRevokePrivileges(request.getRoleName(), - request.getPrivileges(), false); - } - - private static String createCmdForGrantOrRevokePrivileges(String roleName, - Set<TSentryPrivilege> privileges, boolean isGrant) { - StringBuilder sb = new StringBuilder(); - if (privileges != null) { - for (TSentryPrivilege privilege : privileges) { - sb.append(createCmdForGrantOrRevokePrivilege(roleName, privilege, isGrant)); - } - } - return sb.toString(); - } - - private static String createCmdForGrantOrRevokePrivilege(String roleName, - TSentryPrivilege privilege, boolean isGrant) { - StringBuilder sb = new StringBuilder(); - if (isGrant) { - sb.append("GRANT "); - } else { - sb.append("REVOKE "); - } - - String action = privilege.getAction(); - String privilegeScope = privilege.getPrivilegeScope(); - if (AccessConstants.ALL.equalsIgnoreCase(action)) { - sb.append("ALL"); - } else { - if (action != null) { - action = action.toUpperCase(); - } - sb.append(action); - } - - sb.append(" ON ").append(privilege.getPrivilegeScope()).append(" "); - if (PrivilegeScope.DATABASE.name().equalsIgnoreCase(privilegeScope)) { - sb.append(privilege.getDbName()); - } else if (PrivilegeScope.TABLE.name().equalsIgnoreCase(privilegeScope)) { - sb.append(privilege.getTableName()); - } else if (PrivilegeScope.SERVER.name().equalsIgnoreCase(privilegeScope)) { - sb.append(privilege.getServerName()); - } else if (PrivilegeScope.URI.name().equalsIgnoreCase(privilegeScope)) { - sb.append(privilege.getURI()); - } - - if (isGrant) { - sb.append(" TO ROLE "); - } else { - sb.append(" FROM ROLE "); - } - sb.append(roleName); - - if (privilege.getGrantOption() == TSentryGrantOption.TRUE) { - sb.append(" WITH GRANT OPTION"); - } - - return sb.toString(); - } - - public static String createCmdForGrantGMPrivilege( - org.apache.sentry.provider.db.generic.service.thrift.TAlterSentryRoleGrantPrivilegeRequest request) { - return createCmdForGrantOrRevokeGMPrivilege(request.getRoleName(), request.getPrivilege(), true); - } - - public static String createCmdForRevokeGMPrivilege( - org.apache.sentry.provider.db.generic.service.thrift.TAlterSentryRoleRevokePrivilegeRequest request) { - return createCmdForGrantOrRevokeGMPrivilege(request.getRoleName(), request.getPrivilege(), - false); - } - - private static String createCmdForGrantOrRevokeGMPrivilege(String roleName, - org.apache.sentry.provider.db.generic.service.thrift.TSentryPrivilege privilege, - boolean isGrant) { - StringBuilder sb = new StringBuilder(); - if (isGrant) { - sb.append("GRANT "); - } else { - sb.append("REVOKE "); - } - - String action = privilege.getAction(); - if (AccessConstants.ALL.equalsIgnoreCase(action)) { - sb.append("ALL"); - } else { - if (action != null) { - action = action.toUpperCase(); - } - sb.append(action); - } - - sb.append(" ON"); - - List<TAuthorizable> authorizables = privilege.getAuthorizables(); - if (authorizables != null) { - for (TAuthorizable authorizable : authorizables) { - sb.append(" ").append(authorizable.getType()).append(" ").append(authorizable.getName()); - } - } - - if (isGrant) { - sb.append(" TO ROLE "); - } else { - sb.append(" FROM ROLE "); - } - sb.append(roleName); - - if (privilege.getGrantOption() == org.apache.sentry.provider.db.generic.service.thrift.TSentryGrantOption.TRUE) { - sb.append(" WITH GRANT OPTION"); - } - - return sb.toString(); - } - - // Check if the given IP is one of the local IP. - @VisibleForTesting - public static boolean assertIPInAuditLog(String ipInAuditLog) throws Exception { - if (ipInAuditLog == null) { - return false; - } - Enumeration<NetworkInterface> netInterfaces = NetworkInterface.getNetworkInterfaces(); - while (netInterfaces.hasMoreElements()) { - NetworkInterface ni = netInterfaces.nextElement(); - Enumeration<InetAddress> ips = ni.getInetAddresses(); - while (ips.hasMoreElements()) { - if (ipInAuditLog.indexOf(ips.nextElement().getHostAddress()) != -1) { - return true; - } - } - } - return false; - } -} http://git-wip-us.apache.org/repos/asf/sentry/blob/f1332300/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/log/util/Constants.java ---------------------------------------------------------------------- diff --git a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/log/util/Constants.java b/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/log/util/Constants.java deleted file mode 100644 index 2e71ce0..0000000 --- a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/log/util/Constants.java +++ /dev/null @@ -1,162 +0,0 @@ -/** - * Licensed to the Apache Software Foundation (ASF) under one - * or more contributor license agreements. See the NOTICE file - * distributed with this work for additional information - * regarding copyright ownership. The ASF licenses this file - * to you under the Apache License, Version 2.0 (the - * "License"); you may not use this file except in compliance - * with the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -package org.apache.sentry.provider.db.log.util; - -import java.util.HashMap; -import java.util.Map; - -import org.apache.sentry.provider.db.service.thrift.*; - -public final class Constants { - public final static String AUDIT_LOGGER_NAME = "sentry.hive.authorization.ddl.logger"; - public final static String AUDIT_LOGGER_NAME_GENERIC = "sentry.generic.authorization.ddl.logger"; - - public final static String LOG_FIELD_SERVICE_NAME = "serviceName"; - public final static String LOG_FIELD_USER_NAME = "userName"; - public final static String LOG_FIELD_IMPERSONATOR = "impersonator"; - public final static String LOG_FIELD_IP_ADDRESS = "ipAddress"; - public final static String LOG_FIELD_OPERATION = "operation"; - public final static String LOG_FIELD_EVENT_TIME = "eventTime"; - public final static String LOG_FIELD_OPERATION_TEXT = "operationText"; - public final static String LOG_FIELD_ALLOWED = "allowed"; - public final static String LOG_FIELD_DATABASE_NAME = "databaseName"; - public final static String LOG_FIELD_TABLE_NAME = "tableName"; - public final static String LOG_FIELD_COLUMN_NAME = "column"; - public final static String LOG_FIELD_RESOURCE_PATH = "resourcePath"; - public final static String LOG_FIELD_OBJECT_TYPE = "objectType"; - public final static String LOG_FIELD_COMPONENT = "component"; - - public final static String OPERATION_CREATE_ROLE = "CREATE_ROLE"; - public final static String OPERATION_DROP_ROLE = "DROP_ROLE"; - public final static String OPERATION_ADD_ROLE = "ADD_ROLE_TO_GROUP"; - public final static String OPERATION_DELETE_ROLE = "DELETE_ROLE_FROM_GROUP"; - public final static String OPERATION_ADD_ROLE_USER = "ADD_ROLE_TO_USER"; - public final static String OPERATION_DELETE_ROLE_USER = "DELETE_ROLE_FROM_USER"; - public final static String OPERATION_GRANT_PRIVILEGE = "GRANT_PRIVILEGE"; - public final static String OPERATION_REVOKE_PRIVILEGE = "REVOKE_PRIVILEGE"; - - public final static String OBJECT_TYPE_PRINCIPAL = "PRINCIPAL"; - public final static String OBJECT_TYPE_ROLE = "ROLE"; - - public final static String TRUE = "true"; - public final static String FALSE = "false"; - - public static final Map<String, String> requestTypeToOperationMap = new HashMap<String, String>(); - public static final Map<String, String> requestTypeToObjectTypeMap = new HashMap<String, String>(); - - static { - // for hive audit log - requestTypeToOperationMap.put(TCreateSentryRoleRequest.class.getName(), - Constants.OPERATION_CREATE_ROLE); - requestTypeToOperationMap.put( - TAlterSentryRoleGrantPrivilegeRequest.class.getName(), - Constants.OPERATION_GRANT_PRIVILEGE); - requestTypeToOperationMap.put( - TAlterSentryRoleRevokePrivilegeRequest.class.getName(), - Constants.OPERATION_REVOKE_PRIVILEGE); - requestTypeToOperationMap.put(TDropSentryRoleRequest.class.getName(), - Constants.OPERATION_DROP_ROLE); - requestTypeToOperationMap.put( - TAlterSentryRoleAddGroupsRequest.class.getName(), - Constants.OPERATION_ADD_ROLE); - requestTypeToOperationMap.put( - TAlterSentryRoleDeleteGroupsRequest.class.getName(), - Constants.OPERATION_DELETE_ROLE); - requestTypeToOperationMap.put( - TAlterSentryRoleAddUsersRequest.class.getName(), - Constants.OPERATION_ADD_ROLE_USER); - requestTypeToOperationMap.put( - TAlterSentryRoleDeleteUsersRequest.class.getName(), - Constants.OPERATION_DELETE_ROLE_USER); - - // for generic model audit log - requestTypeToOperationMap.put( - org.apache.sentry.provider.db.generic.service.thrift.TCreateSentryRoleRequest.class - .getName(), Constants.OPERATION_CREATE_ROLE); - requestTypeToOperationMap - .put(org.apache.sentry.provider.db.generic.service.thrift.TDropSentryRoleRequest.class - .getName(), Constants.OPERATION_DROP_ROLE); - requestTypeToOperationMap - .put( - org.apache.sentry.provider.db.generic.service.thrift.TAlterSentryRoleGrantPrivilegeRequest.class - .getName(), Constants.OPERATION_GRANT_PRIVILEGE); - requestTypeToOperationMap - .put( - org.apache.sentry.provider.db.generic.service.thrift.TAlterSentryRoleRevokePrivilegeRequest.class - .getName(), Constants.OPERATION_REVOKE_PRIVILEGE); - requestTypeToOperationMap.put( - org.apache.sentry.provider.db.generic.service.thrift.TAlterSentryRoleAddGroupsRequest.class - .getName(), Constants.OPERATION_ADD_ROLE); - requestTypeToOperationMap - .put( - org.apache.sentry.provider.db.generic.service.thrift.TAlterSentryRoleDeleteGroupsRequest.class - .getName(), Constants.OPERATION_DELETE_ROLE); - - // for hive audit log - requestTypeToObjectTypeMap.put(TCreateSentryRoleRequest.class.getName(), - Constants.OBJECT_TYPE_ROLE); - requestTypeToObjectTypeMap.put(TDropSentryRoleRequest.class.getName(), - Constants.OBJECT_TYPE_ROLE); - requestTypeToObjectTypeMap.put( - TAlterSentryRoleAddGroupsRequest.class.getName(), - Constants.OBJECT_TYPE_ROLE); - requestTypeToObjectTypeMap.put( - TAlterSentryRoleDeleteGroupsRequest.class.getName(), - Constants.OBJECT_TYPE_ROLE); - requestTypeToObjectTypeMap.put( - TAlterSentryRoleAddUsersRequest.class.getName(), - Constants.OBJECT_TYPE_ROLE); - requestTypeToObjectTypeMap.put( - TAlterSentryRoleDeleteUsersRequest.class.getName(), - Constants.OBJECT_TYPE_ROLE); - requestTypeToObjectTypeMap.put( - TAlterSentryRoleGrantPrivilegeRequest.class.getName(), - Constants.OBJECT_TYPE_PRINCIPAL); - requestTypeToObjectTypeMap.put( - TAlterSentryRoleRevokePrivilegeRequest.class.getName(), - Constants.OBJECT_TYPE_PRINCIPAL); - // for generic model audit log - requestTypeToObjectTypeMap.put( - org.apache.sentry.provider.db.generic.service.thrift.TCreateSentryRoleRequest.class - .getName(), Constants.OBJECT_TYPE_ROLE); - requestTypeToObjectTypeMap - .put(org.apache.sentry.provider.db.generic.service.thrift.TDropSentryRoleRequest.class - .getName(), Constants.OBJECT_TYPE_ROLE); - requestTypeToObjectTypeMap.put( - org.apache.sentry.provider.db.generic.service.thrift.TAlterSentryRoleAddGroupsRequest.class - .getName(), Constants.OBJECT_TYPE_ROLE); - requestTypeToObjectTypeMap - .put( - org.apache.sentry.provider.db.generic.service.thrift.TAlterSentryRoleDeleteGroupsRequest.class - .getName(), Constants.OBJECT_TYPE_ROLE); - requestTypeToObjectTypeMap - .put( - org.apache.sentry.provider.db.generic.service.thrift.TAlterSentryRoleGrantPrivilegeRequest.class - .getName(), Constants.OBJECT_TYPE_PRINCIPAL); - requestTypeToObjectTypeMap - .put( - org.apache.sentry.provider.db.generic.service.thrift.TAlterSentryRoleRevokePrivilegeRequest.class - .getName(), Constants.OBJECT_TYPE_PRINCIPAL); - } - - private Constants() { - // Make constructor private to avoid instantiation - } - -}
