Added some privilege commands
Project: http://git-wip-us.apache.org/repos/asf/sentry/repo Commit: http://git-wip-us.apache.org/repos/asf/sentry/commit/e06b4f87 Tree: http://git-wip-us.apache.org/repos/asf/sentry/tree/e06b4f87 Diff: http://git-wip-us.apache.org/repos/asf/sentry/diff/e06b4f87 Branch: refs/heads/akolb-ha-cli Commit: e06b4f878d6fae1c271bbd3eb2bd89792bf1664f Parents: 2fb045c Author: Alexander Kolbasov <[email protected]> Authored: Tue Dec 13 16:26:08 2016 -0800 Committer: Alexander Kolbasov <[email protected]> Committed: Wed May 10 23:28:29 2017 -0700 ---------------------------------------------------------------------- pom.xml | 1 + .../service/thrift/SentryServiceUtil.java | 2 +- .../org/apache/sentry/shell/PrivsShell.java | 51 ++++++++++++++++ .../java/org/apache/sentry/shell/ShellUtil.java | 64 +++++++++++++++++++- .../org/apache/sentry/shell/TopLevelShell.java | 10 ++- 5 files changed, 122 insertions(+), 6 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/sentry/blob/e06b4f87/pom.xml ---------------------------------------------------------------------- diff --git a/pom.xml b/pom.xml index ad54cfd..07e3e8b 100644 --- a/pom.xml +++ b/pom.xml @@ -624,6 +624,7 @@ limitations under the License. <module>sentry-hdfs</module> <module>sentry-solr</module> <module>sentry-dist</module> + <module>sentry-tools</module> </modules> <build> http://git-wip-us.apache.org/repos/asf/sentry/blob/e06b4f87/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/service/thrift/SentryServiceUtil.java ---------------------------------------------------------------------- diff --git a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/service/thrift/SentryServiceUtil.java b/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/service/thrift/SentryServiceUtil.java index 4019e61..0379f44 100644 --- a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/service/thrift/SentryServiceUtil.java +++ b/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/service/thrift/SentryServiceUtil.java @@ -41,7 +41,7 @@ public final class SentryServiceUtil { // parse the privilege in String and get the TSentryPrivilege as result public static TSentryPrivilege convertToTSentryPrivilege(String privilegeStr) { TSentryPrivilege tSentryPrivilege = new TSentryPrivilege(); - for (String authorizable : SentryConstants.AUTHORIZABLE_SPLITTER.split(privilegeStr)) { + for (String authorizable : SentryConstants.AUTHORIZABLE_SPLITTER.split(privilegeStr)) { KeyValue tempKV = new KeyValue(authorizable); String key = tempKV.getKey(); String value = tempKV.getValue(); http://git-wip-us.apache.org/repos/asf/sentry/blob/e06b4f87/sentry-tools/src/main/java/org/apache/sentry/shell/PrivsShell.java ---------------------------------------------------------------------- diff --git a/sentry-tools/src/main/java/org/apache/sentry/shell/PrivsShell.java b/sentry-tools/src/main/java/org/apache/sentry/shell/PrivsShell.java new file mode 100644 index 0000000..cf2ebbd --- /dev/null +++ b/sentry-tools/src/main/java/org/apache/sentry/shell/PrivsShell.java @@ -0,0 +1,51 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package org.apache.sentry.shell; + +import com.budhash.cliche.Command; +import com.budhash.cliche.Shell; +import com.budhash.cliche.ShellDependent; +import org.apache.sentry.provider.db.service.thrift.SentryPolicyServiceClient; + +import java.util.List; + +public class PrivsShell implements ShellDependent { + private final ShellUtil tools; + Shell shell; + + @Command(description = "Grant privilege to role") + public void grant(String roleName, String privilege) { + tools.grantPrivilegeToRole(roleName, privilege); + } + + @Command + public List<String> list(String roleName) { + return tools.listPrivileges(roleName); + } + + + public PrivsShell(SentryPolicyServiceClient sentryClient, String authUser) { + this.tools = new ShellUtil(sentryClient, authUser); + } + + @Override + public void cliSetShell(Shell theShell) { + this.shell = theShell; + } +} http://git-wip-us.apache.org/repos/asf/sentry/blob/e06b4f87/sentry-tools/src/main/java/org/apache/sentry/shell/ShellUtil.java ---------------------------------------------------------------------- diff --git a/sentry-tools/src/main/java/org/apache/sentry/shell/ShellUtil.java b/sentry-tools/src/main/java/org/apache/sentry/shell/ShellUtil.java index a062c12..fbd382a 100644 --- a/sentry-tools/src/main/java/org/apache/sentry/shell/ShellUtil.java +++ b/sentry-tools/src/main/java/org/apache/sentry/shell/ShellUtil.java @@ -21,12 +21,15 @@ package org.apache.sentry.shell; import com.google.common.collect.Sets; import org.apache.commons.lang.StringUtils; import org.apache.sentry.core.common.exception.SentryUserException; -import org.apache.sentry.provider.db.service.thrift.SentryPolicyServiceClient; -import org.apache.sentry.provider.db.service.thrift.TSentryGroup; -import org.apache.sentry.provider.db.service.thrift.TSentryRole; +import org.apache.sentry.provider.db.service.thrift.*; +import org.apache.sentry.service.thrift.SentryServiceUtil; +import org.apache.sentry.service.thrift.ServiceConstants; import java.util.*; +import static org.apache.sentry.service.thrift.SentryServiceUtil.convertTSentryPrivilegeToStr; +import static org.apache.sentry.service.thrift.SentryServiceUtil.convertToTSentryPrivilege; + /** * ShellUtil implements actual commands */ @@ -192,7 +195,62 @@ class ShellUtil { } } + void grantPrivilegeToRole(String roleName, String privilege) { + TSentryPrivilege tPriv = convertToTSentryPrivilege(privilege); + boolean grantOption = tPriv.getGrantOption().equals(TSentryGrantOption.TRUE); + try { + if (ServiceConstants.PrivilegeScope.SERVER.toString().equals(tPriv.getPrivilegeScope())) { + sentryClient.grantServerPrivilege(authUser, roleName, tPriv.getServerName(), + tPriv.getAction(), grantOption); + return; + } + if (ServiceConstants.PrivilegeScope.DATABASE.toString().equals(tPriv.getPrivilegeScope())) { + sentryClient.grantDatabasePrivilege(authUser, roleName, tPriv.getServerName(), + tPriv.getDbName(), tPriv.getAction(), grantOption); + return; + } + if (ServiceConstants.PrivilegeScope.TABLE.toString().equals(tPriv.getPrivilegeScope())) { + sentryClient.grantTablePrivilege(authUser, roleName, tPriv.getServerName(), + tPriv.getDbName(), tPriv.getTableName(), + tPriv.getAction(), grantOption); + return; + } + if (ServiceConstants.PrivilegeScope.COLUMN.toString().equals(tPriv.getPrivilegeScope())) { + sentryClient.grantColumnPrivilege(authUser, roleName, tPriv.getServerName(), + tPriv.getDbName(), tPriv.getTableName(), + tPriv.getColumnName(), tPriv.getAction(), grantOption); + return; + } + if (ServiceConstants.PrivilegeScope.URI.toString().equals(tPriv.getPrivilegeScope())) { + sentryClient.grantURIPrivilege(authUser, roleName, tPriv.getServerName(), + tPriv.getURI(), grantOption); + return; + } + } catch (SentryUserException e) { + System.out.println("Error granting privilege: " + e.toString()); + } + } + List<String> listPrivileges(String roleName) { + Set<TSentryPrivilege> privileges = null; + try { + privileges = sentryClient + .listAllPrivilegesByRoleName(authUser, roleName); + } catch (SentryUserException e) { + System.out.println("Failed to list privileges: " + e.toString()); + } + + if (privileges == null || privileges.isEmpty()) { + return new ArrayList<>(); + } + + List<String> result = new LinkedList<>(); + for (TSentryPrivilege privilege : privileges) { + String privilegeStr = convertTSentryPrivilegeToStr(privilege); + result.add(privilegeStr); + } + return result; + } ShellUtil(SentryPolicyServiceClient sentryClient, String authUser) { this.sentryClient = sentryClient; http://git-wip-us.apache.org/repos/asf/sentry/blob/e06b4f87/sentry-tools/src/main/java/org/apache/sentry/shell/TopLevelShell.java ---------------------------------------------------------------------- diff --git a/sentry-tools/src/main/java/org/apache/sentry/shell/TopLevelShell.java b/sentry-tools/src/main/java/org/apache/sentry/shell/TopLevelShell.java index b2b7e8d..b677f0f 100644 --- a/sentry-tools/src/main/java/org/apache/sentry/shell/TopLevelShell.java +++ b/sentry-tools/src/main/java/org/apache/sentry/shell/TopLevelShell.java @@ -47,18 +47,24 @@ public class TopLevelShell implements ShellDependent, Runnable { this); } - @Command(description="listRoles, create and remove roles") + @Command(description="list, create and remove roles") public void roles() throws IOException { ShellFactory.createSubshell("roles", shell, "roles commands", new RolesShell(sentryClient, authUser)).commandLoop(); } - @Command(description = "listRoles, create and remove groups") + @Command(description = "list, create and remove groups") public void groups() throws IOException { ShellFactory.createSubshell("groups", shell, "groups commands", new GroupShell(sentryClient, authUser)).commandLoop(); } + @Command(description = "list, create and remove privileges") + public void privileges() throws IOException { + ShellFactory.createSubshell("privileges", shell, "privileges commands", + new PrivsShell(sentryClient, authUser)).commandLoop(); + } + @Command(description = "List sentry roles. shows all available roles.") public List<String> listRoles() { return tools.listRoles();
