SENTRY-2015 - Refactor Command implementations - Reviewed by Sergio Pena
Project: http://git-wip-us.apache.org/repos/asf/sentry/repo Commit: http://git-wip-us.apache.org/repos/asf/sentry/commit/6d44cfd9 Tree: http://git-wip-us.apache.org/repos/asf/sentry/tree/6d44cfd9 Diff: http://git-wip-us.apache.org/repos/asf/sentry/diff/6d44cfd9 Branch: refs/heads/akolb-cli Commit: 6d44cfd9b5c8ec12fdf5310bb86cfa09e7b84562 Parents: 7dbadfe Author: Colm O hEigeartaigh <[email protected]> Authored: Wed Oct 25 09:27:44 2017 +0100 Committer: Colm O hEigeartaigh <[email protected]> Committed: Wed Oct 25 09:27:44 2017 +0100 ---------------------------------------------------------------------- .../tools/GenericPrivilegeConverter.java | 13 ++- .../db/generic/tools/SentryShellGeneric.java | 58 +++++----- .../tools/command/AddRoleToGroupCmd.java | 46 -------- .../db/generic/tools/command/Command.java | 27 ----- .../db/generic/tools/command/CreateRoleCmd.java | 39 ------- .../tools/command/DeleteRoleFromGroupCmd.java | 46 -------- .../db/generic/tools/command/DropRoleCmd.java | 39 ------- .../tools/command/GenericShellCommand.java | 112 +++++++++++++++++++ .../tools/command/GrantPrivilegeToRoleCmd.java | 47 -------- .../tools/command/ListPrivilegesByRoleCmd.java | 54 --------- .../db/generic/tools/command/ListRolesCmd.java | 53 --------- .../command/RevokePrivilegeFromRoleCmd.java | 47 -------- .../command/TSentryPrivilegeConverter.java | 3 +- .../provider/db/tools/SentryShellHive.java | 42 +++---- .../sentry/provider/db/tools/ShellCommand.java | 44 ++++++++ .../provider/db/tools/command/hive/Command.java | 27 ----- .../db/tools/command/hive/CommandUtil.java | 2 +- .../db/tools/command/hive/CreateRoleCmd.java | 37 ------ .../db/tools/command/hive/DropRoleCmd.java | 37 ------ .../command/hive/GrantPrivilegeToRoleCmd.java | 43 ------- .../command/hive/GrantRoleToGroupsCmd.java | 44 -------- .../db/tools/command/hive/HiveShellCommand.java | 108 ++++++++++++++++++ .../tools/command/hive/ListPrivilegesCmd.java | 49 -------- .../db/tools/command/hive/ListRolesCmd.java | 51 --------- .../hive/RevokePrivilegeFromRoleCmd.java | 44 -------- .../command/hive/RevokeRoleFromGroupsCmd.java | 43 ------- 26 files changed, 324 insertions(+), 831 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/sentry/blob/6d44cfd9/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/generic/tools/GenericPrivilegeConverter.java ---------------------------------------------------------------------- diff --git a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/generic/tools/GenericPrivilegeConverter.java b/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/generic/tools/GenericPrivilegeConverter.java index 526a521..51d6df9 100644 --- a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/generic/tools/GenericPrivilegeConverter.java +++ b/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/generic/tools/GenericPrivilegeConverter.java @@ -29,6 +29,7 @@ import java.util.LinkedList; import java.util.List; import org.apache.sentry.core.common.Authorizable; +import org.apache.sentry.core.common.exception.SentryUserException; import org.apache.sentry.core.common.utils.KeyValue; import org.apache.sentry.core.common.utils.PolicyFileConstants; import org.apache.sentry.core.common.utils.SentryConstants; @@ -70,7 +71,7 @@ public class GenericPrivilegeConverter implements TSentryPrivilegeConverter { this.validate = validate; } - public TSentryPrivilege fromString(String privilegeStr) throws Exception { + public TSentryPrivilege fromString(String privilegeStr) throws SentryUserException { privilegeStr = parsePrivilegeString(privilegeStr); if (validate) { validatePrivilegeHierarchy(privilegeStr); @@ -145,7 +146,7 @@ public class GenericPrivilegeConverter implements TSentryPrivilegeConverter { return privilegeStr; } - private void validatePrivilegeHierarchy(String privilegeStr) throws Exception { + private void validatePrivilegeHierarchy(String privilegeStr) throws SentryUserException { List<PrivilegeValidator> validators = getPrivilegeValidators(); PrivilegeValidatorContext context = new PrivilegeValidatorContext(null, privilegeStr); for (PrivilegeValidator validator : validators) { @@ -157,7 +158,7 @@ public class GenericPrivilegeConverter implements TSentryPrivilegeConverter { } } - private List<PrivilegeValidator> getPrivilegeValidators() throws Exception { + private List<PrivilegeValidator> getPrivilegeValidators() throws SentryUserException { if (AuthorizationComponent.KAFKA.equals(component)) { return KafkaPrivilegeModel.getInstance().getPrivilegeValidators(); } else if ("SOLR".equals(component)) { @@ -166,10 +167,10 @@ public class GenericPrivilegeConverter implements TSentryPrivilegeConverter { return SqoopPrivilegeModel.getInstance().getPrivilegeValidators(service); } - throw new Exception("Invalid component specified for GenericPrivilegeCoverter: " + component); + throw new SentryUserException("Invalid component specified for GenericPrivilegeCoverter: " + component); } - private Authorizable getAuthorizable(KeyValue keyValue) throws Exception { + private Authorizable getAuthorizable(KeyValue keyValue) throws SentryUserException { if (AuthorizationComponent.KAFKA.equals(component)) { return KafkaModelAuthorizables.from(keyValue); } else if ("SOLR".equals(component)) { @@ -178,7 +179,7 @@ public class GenericPrivilegeConverter implements TSentryPrivilegeConverter { return SqoopModelAuthorizables.from(keyValue); } - throw new Exception("Invalid component specified for GenericPrivilegeCoverter: " + component); + throw new SentryUserException("Invalid component specified for GenericPrivilegeCoverter: " + component); } } http://git-wip-us.apache.org/repos/asf/sentry/blob/6d44cfd9/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/generic/tools/SentryShellGeneric.java ---------------------------------------------------------------------- diff --git a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/generic/tools/SentryShellGeneric.java b/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/generic/tools/SentryShellGeneric.java index 25c8003..49f18c8 100644 --- a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/generic/tools/SentryShellGeneric.java +++ b/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/generic/tools/SentryShellGeneric.java @@ -18,6 +18,8 @@ package org.apache.sentry.provider.db.generic.tools; +import java.util.List; + import org.apache.commons.lang.StringUtils; import org.apache.hadoop.conf.Configuration; import org.apache.hadoop.fs.Path; @@ -25,16 +27,10 @@ import org.apache.hadoop.security.UserGroupInformation; import org.apache.sentry.provider.common.AuthorizationComponent; import org.apache.sentry.provider.db.generic.service.thrift.SentryGenericServiceClient; import org.apache.sentry.provider.db.generic.service.thrift.SentryGenericServiceClientFactory; -import org.apache.sentry.provider.db.generic.tools.command.AddRoleToGroupCmd; -import org.apache.sentry.provider.db.generic.tools.command.Command; -import org.apache.sentry.provider.db.generic.tools.command.CreateRoleCmd; -import org.apache.sentry.provider.db.generic.tools.command.DeleteRoleFromGroupCmd; -import org.apache.sentry.provider.db.generic.tools.command.DropRoleCmd; -import org.apache.sentry.provider.db.generic.tools.command.GrantPrivilegeToRoleCmd; -import org.apache.sentry.provider.db.generic.tools.command.ListPrivilegesByRoleCmd; -import org.apache.sentry.provider.db.generic.tools.command.ListRolesCmd; -import org.apache.sentry.provider.db.generic.tools.command.RevokePrivilegeFromRoleCmd; +import org.apache.sentry.provider.db.generic.tools.command.GenericShellCommand; +import org.apache.sentry.provider.db.generic.tools.command.TSentryPrivilegeConverter; import org.apache.sentry.provider.db.tools.SentryShellCommon; +import org.apache.sentry.provider.db.tools.ShellCommand; import org.slf4j.Logger; import org.slf4j.LoggerFactory; @@ -53,7 +49,6 @@ public class SentryShellGeneric extends SentryShellCommon { @Override public void run() throws Exception { - Command command = null; String component = getComponent(); Configuration conf = getSentryConf(); @@ -62,36 +57,37 @@ public class SentryShellGeneric extends SentryShellCommon { SentryGenericServiceClientFactory.create(conf)) { UserGroupInformation ugi = UserGroupInformation.getLoginUser(); String requestorName = ugi.getShortUserName(); + TSentryPrivilegeConverter converter = new GenericPrivilegeConverter(component, service); + ShellCommand command = new GenericShellCommand(client, component, service, converter); + + // check the requestor name + if (StringUtils.isEmpty(requestorName)) { + // The exception message will be recorded in log file. + throw new Exception("The requestor name is empty."); + } if (isCreateRole) { - command = new CreateRoleCmd(roleName, component); + command.createRole(requestorName, roleName); } else if (isDropRole) { - command = new DropRoleCmd(roleName, component); + command.dropRole(requestorName, roleName); } else if (isAddRoleGroup) { - command = new AddRoleToGroupCmd(roleName, groupName, component); + command.grantRoleToGroups(requestorName, roleName, groupName); } else if (isDeleteRoleGroup) { - command = new DeleteRoleFromGroupCmd(roleName, groupName, component); + command.revokeRoleFromGroups(requestorName, roleName, groupName); } else if (isGrantPrivilegeRole) { - command = new GrantPrivilegeToRoleCmd(roleName, component, - privilegeStr, new GenericPrivilegeConverter(component, service)); + command.grantPrivilegeToRole(requestorName, roleName, privilegeStr); } else if (isRevokePrivilegeRole) { - command = new RevokePrivilegeFromRoleCmd(roleName, component, - privilegeStr, new GenericPrivilegeConverter(component, service)); + command.revokePrivilegeFromRole(requestorName, roleName, privilegeStr); } else if (isListRole) { - command = new ListRolesCmd(groupName, component); + List<String> roles = command.listRoles(requestorName, roleName, groupName); + for (String role : roles) { + System.out.println(role); + } } else if (isListPrivilege) { - command = new ListPrivilegesByRoleCmd(roleName, component, - service, new GenericPrivilegeConverter(component, service)); - } - - // check the requestor name - if (StringUtils.isEmpty(requestorName)) { - // The exception message will be recorded in log file. - throw new Exception("The requestor name is empty."); - } - - if (command != null) { - command.execute(client, requestorName); + List<String> privileges = command.listPrivileges(requestorName, roleName); + for (String privilege : privileges) { + System.out.println(privilege); + } } } } http://git-wip-us.apache.org/repos/asf/sentry/blob/6d44cfd9/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/generic/tools/command/AddRoleToGroupCmd.java ---------------------------------------------------------------------- diff --git a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/generic/tools/command/AddRoleToGroupCmd.java b/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/generic/tools/command/AddRoleToGroupCmd.java deleted file mode 100644 index a45d7e4..0000000 --- a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/generic/tools/command/AddRoleToGroupCmd.java +++ /dev/null @@ -1,46 +0,0 @@ -/** - * Licensed to the Apache Software Foundation (ASF) under one - * or more contributor license agreements. See the NOTICE file - * distributed with this work for additional information - * regarding copyright ownership. The ASF licenses this file - * to you under the Apache License, Version 2.0 (the - * "License"); you may not use this file except in compliance - * with the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ -package org.apache.sentry.provider.db.generic.tools.command; - -import com.google.common.collect.Sets; -import org.apache.sentry.provider.db.generic.service.thrift.SentryGenericServiceClient; -import org.apache.sentry.provider.db.tools.SentryShellCommon; - -import java.util.Set; - -/** - * Command for adding groups to a role. - */ -public class AddRoleToGroupCmd implements Command { - - private String roleName; - private String groups; - private String component; - - public AddRoleToGroupCmd(String roleName, String groups, String component) { - this.roleName = roleName; - this.groups = groups; - this.component = component; - } - - @Override - public void execute(SentryGenericServiceClient client, String requestorName) throws Exception { - Set<String> groupSet = Sets.newHashSet(groups.split(SentryShellCommon.GROUP_SPLIT_CHAR)); - client.addRoleToGroups(requestorName, roleName, component, groupSet); - } -} http://git-wip-us.apache.org/repos/asf/sentry/blob/6d44cfd9/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/generic/tools/command/Command.java ---------------------------------------------------------------------- diff --git a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/generic/tools/command/Command.java b/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/generic/tools/command/Command.java deleted file mode 100644 index e824fb3..0000000 --- a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/generic/tools/command/Command.java +++ /dev/null @@ -1,27 +0,0 @@ -/** - * Licensed to the Apache Software Foundation (ASF) under one - * or more contributor license agreements. See the NOTICE file - * distributed with this work for additional information - * regarding copyright ownership. The ASF licenses this file - * to you under the Apache License, Version 2.0 (the - * "License"); you may not use this file except in compliance - * with the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ -package org.apache.sentry.provider.db.generic.tools.command; - -import org.apache.sentry.provider.db.generic.service.thrift.SentryGenericServiceClient; - -/** - * The interface for all admin commands, eg, CreateRoleCmd. - */ -public interface Command { - void execute(SentryGenericServiceClient client, String requestorName) throws Exception; -} http://git-wip-us.apache.org/repos/asf/sentry/blob/6d44cfd9/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/generic/tools/command/CreateRoleCmd.java ---------------------------------------------------------------------- diff --git a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/generic/tools/command/CreateRoleCmd.java b/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/generic/tools/command/CreateRoleCmd.java deleted file mode 100644 index da60a64..0000000 --- a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/generic/tools/command/CreateRoleCmd.java +++ /dev/null @@ -1,39 +0,0 @@ -/** - * Licensed to the Apache Software Foundation (ASF) under one - * or more contributor license agreements. See the NOTICE file - * distributed with this work for additional information - * regarding copyright ownership. The ASF licenses this file - * to you under the Apache License, Version 2.0 (the - * "License"); you may not use this file except in compliance - * with the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ -package org.apache.sentry.provider.db.generic.tools.command; - -import org.apache.sentry.provider.db.generic.service.thrift.SentryGenericServiceClient; - -/** - * The class for admin command to create role. - */ -public class CreateRoleCmd implements Command { - - private String roleName; - private String component; - - public CreateRoleCmd(String roleName, String component) { - this.roleName = roleName; - this.component = component; - } - - @Override - public void execute(SentryGenericServiceClient client, String requestorName) throws Exception { - client.createRole(requestorName, roleName, component); - } -} http://git-wip-us.apache.org/repos/asf/sentry/blob/6d44cfd9/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/generic/tools/command/DeleteRoleFromGroupCmd.java ---------------------------------------------------------------------- diff --git a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/generic/tools/command/DeleteRoleFromGroupCmd.java b/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/generic/tools/command/DeleteRoleFromGroupCmd.java deleted file mode 100644 index 95f39ea..0000000 --- a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/generic/tools/command/DeleteRoleFromGroupCmd.java +++ /dev/null @@ -1,46 +0,0 @@ -/** - * Licensed to the Apache Software Foundation (ASF) under one - * or more contributor license agreements. See the NOTICE file - * distributed with this work for additional information - * regarding copyright ownership. The ASF licenses this file - * to you under the Apache License, Version 2.0 (the - * "License"); you may not use this file except in compliance - * with the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ -package org.apache.sentry.provider.db.generic.tools.command; - -import com.google.common.collect.Sets; -import org.apache.sentry.provider.db.generic.service.thrift.SentryGenericServiceClient; -import org.apache.sentry.provider.db.tools.SentryShellCommon; - -import java.util.Set; - -/** - * Command for deleting groups from a role. - */ -public class DeleteRoleFromGroupCmd implements Command { - - private String roleName; - private String groups; - private String component; - - public DeleteRoleFromGroupCmd(String roleName, String groups, String component) { - this.groups = groups; - this.roleName = roleName; - this.component = component; - } - - @Override - public void execute(SentryGenericServiceClient client, String requestorName) throws Exception { - Set<String> groupSet = Sets.newHashSet(groups.split(SentryShellCommon.GROUP_SPLIT_CHAR)); - client.deleteRoleToGroups(requestorName, roleName, component, groupSet); - } -} http://git-wip-us.apache.org/repos/asf/sentry/blob/6d44cfd9/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/generic/tools/command/DropRoleCmd.java ---------------------------------------------------------------------- diff --git a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/generic/tools/command/DropRoleCmd.java b/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/generic/tools/command/DropRoleCmd.java deleted file mode 100644 index ac2a328..0000000 --- a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/generic/tools/command/DropRoleCmd.java +++ /dev/null @@ -1,39 +0,0 @@ -/** - * Licensed to the Apache Software Foundation (ASF) under one - * or more contributor license agreements. See the NOTICE file - * distributed with this work for additional information - * regarding copyright ownership. The ASF licenses this file - * to you under the Apache License, Version 2.0 (the - * "License"); you may not use this file except in compliance - * with the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ -package org.apache.sentry.provider.db.generic.tools.command; - -import org.apache.sentry.provider.db.generic.service.thrift.SentryGenericServiceClient; - -/** - * The class for admin command to drop role. - */ -public class DropRoleCmd implements Command { - - private String roleName; - private String component; - - public DropRoleCmd(String roleName, String component) { - this.roleName = roleName; - this.component = component; - } - - @Override - public void execute(SentryGenericServiceClient client, String requestorName) throws Exception { - client.dropRole(requestorName, roleName, component); - } -} http://git-wip-us.apache.org/repos/asf/sentry/blob/6d44cfd9/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/generic/tools/command/GenericShellCommand.java ---------------------------------------------------------------------- diff --git a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/generic/tools/command/GenericShellCommand.java b/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/generic/tools/command/GenericShellCommand.java new file mode 100644 index 0000000..5a3baad --- /dev/null +++ b/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/generic/tools/command/GenericShellCommand.java @@ -0,0 +1,112 @@ +/** + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package org.apache.sentry.provider.db.generic.tools.command; + +import java.util.ArrayList; +import java.util.List; +import java.util.Set; + +import org.apache.commons.lang.StringUtils; +import org.apache.sentry.core.common.exception.SentryUserException; +import org.apache.sentry.provider.db.generic.service.thrift.SentryGenericServiceClient; +import org.apache.sentry.provider.db.generic.service.thrift.TSentryPrivilege; +import org.apache.sentry.provider.db.generic.service.thrift.TSentryRole; +import org.apache.sentry.provider.db.tools.SentryShellCommon; +import org.apache.sentry.provider.db.tools.ShellCommand; + +import com.google.common.collect.Sets; + +/** + * The ShellCommand implementation for the Generic clients + */ +public class GenericShellCommand implements ShellCommand { + + private final SentryGenericServiceClient client; + private final String component; + private final TSentryPrivilegeConverter converter; + private final String serviceName; + + public GenericShellCommand(SentryGenericServiceClient client, String component, String serviceName, + TSentryPrivilegeConverter converter) { + this.client = client; + this.component = component; + this.serviceName = serviceName; + this.converter = converter; + } + + public void createRole(String requestorName, String roleName) throws SentryUserException { + client.createRole(requestorName, roleName, component); + } + + public void dropRole(String requestorName, String roleName) throws SentryUserException { + client.dropRole(requestorName, roleName, component); + } + + public void grantPrivilegeToRole(String requestorName, String roleName, String privilege) throws SentryUserException { + TSentryPrivilege sentryPrivilege = converter.fromString(privilege); + client.grantPrivilege(requestorName, roleName, component, sentryPrivilege); + } + + public void grantRoleToGroups(String requestorName, String roleName, String groups) throws SentryUserException { + Set<String> groupSet = Sets.newHashSet(groups.split(SentryShellCommon.GROUP_SPLIT_CHAR)); + client.addRoleToGroups(requestorName, roleName, component, groupSet); + } + + public void revokePrivilegeFromRole(String requestorName, String roleName, String privilege) throws SentryUserException { + TSentryPrivilege sentryPrivilege = converter.fromString(privilege); + client.revokePrivilege(requestorName, roleName, component, sentryPrivilege); + } + + public void revokeRoleFromGroups(String requestorName, String roleName, String groups) throws SentryUserException { + Set<String> groupSet = Sets.newHashSet(groups.split(SentryShellCommon.GROUP_SPLIT_CHAR)); + client.deleteRoleToGroups(requestorName, roleName, component, groupSet); + } + + public List<String> listRoles(String requestorName, String roleName, String group) throws SentryUserException { + Set<TSentryRole> roles; + if (StringUtils.isEmpty(group)) { + roles = client.listAllRoles(requestorName, component); + } else { + roles = client.listRolesByGroupName(requestorName, group, component); + } + + List<String> result = new ArrayList<>(); + if (roles != null) { + for (TSentryRole role : roles) { + result.add(role.getRoleName()); + } + } + + return result; + } + + public List<String> listPrivileges(String requestorName, String roleName) throws SentryUserException { + Set<TSentryPrivilege> privileges = client + .listPrivilegesByRoleName(requestorName, roleName, component, serviceName); + + List<String> result = new ArrayList<>(); + if (privileges != null) { + for (TSentryPrivilege privilege : privileges) { + String privilegeStr = converter.toString(privilege); + result.add(privilegeStr); + } + } + + return result; + } +} http://git-wip-us.apache.org/repos/asf/sentry/blob/6d44cfd9/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/generic/tools/command/GrantPrivilegeToRoleCmd.java ---------------------------------------------------------------------- diff --git a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/generic/tools/command/GrantPrivilegeToRoleCmd.java b/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/generic/tools/command/GrantPrivilegeToRoleCmd.java deleted file mode 100644 index 634bb42..0000000 --- a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/generic/tools/command/GrantPrivilegeToRoleCmd.java +++ /dev/null @@ -1,47 +0,0 @@ -/** - * Licensed to the Apache Software Foundation (ASF) under one - * or more contributor license agreements. See the NOTICE file - * distributed with this work for additional information - * regarding copyright ownership. The ASF licenses this file - * to you under the Apache License, Version 2.0 (the - * "License"); you may not use this file except in compliance - * with the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ -package org.apache.sentry.provider.db.generic.tools.command; - -import org.apache.sentry.provider.db.generic.service.thrift.SentryGenericServiceClient; -import org.apache.sentry.provider.db.generic.service.thrift.TSentryPrivilege; - -/** - * The class for admin command to grant privilege to role. - */ -public class GrantPrivilegeToRoleCmd implements Command { - - private String roleName; - private String component; - private String privilegeStr; - private TSentryPrivilegeConverter converter; - - public GrantPrivilegeToRoleCmd(String roleName, String component, String privilegeStr, - TSentryPrivilegeConverter converter) { - this.roleName = roleName; - this.component = component; - this.privilegeStr = privilegeStr; - this.converter = converter; - } - - @Override - public void execute(SentryGenericServiceClient client, String requestorName) throws Exception { - TSentryPrivilege privilege = converter.fromString(privilegeStr); - client.grantPrivilege(requestorName, roleName, component, privilege); - - } -} http://git-wip-us.apache.org/repos/asf/sentry/blob/6d44cfd9/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/generic/tools/command/ListPrivilegesByRoleCmd.java ---------------------------------------------------------------------- diff --git a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/generic/tools/command/ListPrivilegesByRoleCmd.java b/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/generic/tools/command/ListPrivilegesByRoleCmd.java deleted file mode 100644 index ce6db3a..0000000 --- a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/generic/tools/command/ListPrivilegesByRoleCmd.java +++ /dev/null @@ -1,54 +0,0 @@ -/** - * Licensed to the Apache Software Foundation (ASF) under one - * or more contributor license agreements. See the NOTICE file - * distributed with this work for additional information - * regarding copyright ownership. The ASF licenses this file - * to you under the Apache License, Version 2.0 (the - * "License"); you may not use this file except in compliance - * with the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ -package org.apache.sentry.provider.db.generic.tools.command; - -import org.apache.sentry.provider.db.generic.service.thrift.SentryGenericServiceClient; -import org.apache.sentry.provider.db.generic.service.thrift.TSentryPrivilege; - -import java.util.Set; - -/** - * The class for admin command to list privileges by role. - */ -public class ListPrivilegesByRoleCmd implements Command { - - private String roleName; - private String component; - private String serviceName; - private TSentryPrivilegeConverter converter; - - public ListPrivilegesByRoleCmd(String roleName, String component, String serviceName, - TSentryPrivilegeConverter converter) { - this.roleName = roleName; - this.component = component; - this.serviceName = serviceName; - this.converter = converter; - } - - @Override - public void execute(SentryGenericServiceClient client, String requestorName) throws Exception { - Set<TSentryPrivilege> privileges = client - .listPrivilegesByRoleName(requestorName, roleName, component, serviceName); - if (privileges != null) { - for (TSentryPrivilege privilege : privileges) { - String privilegeStr = converter.toString(privilege); - System.out.println(privilegeStr); - } - } - } -} http://git-wip-us.apache.org/repos/asf/sentry/blob/6d44cfd9/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/generic/tools/command/ListRolesCmd.java ---------------------------------------------------------------------- diff --git a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/generic/tools/command/ListRolesCmd.java b/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/generic/tools/command/ListRolesCmd.java deleted file mode 100644 index 6b68d06..0000000 --- a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/generic/tools/command/ListRolesCmd.java +++ /dev/null @@ -1,53 +0,0 @@ -/** - * Licensed to the Apache Software Foundation (ASF) under one - * or more contributor license agreements. See the NOTICE file - * distributed with this work for additional information - * regarding copyright ownership. The ASF licenses this file - * to you under the Apache License, Version 2.0 (the - * "License"); you may not use this file except in compliance - * with the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ -package org.apache.sentry.provider.db.generic.tools.command; - -import org.apache.commons.lang.StringUtils; -import org.apache.sentry.provider.db.generic.service.thrift.SentryGenericServiceClient; -import org.apache.sentry.provider.db.generic.service.thrift.TSentryRole; - -import java.util.Set; - -/** - * The class for admin command to list roles. - */ -public class ListRolesCmd implements Command { - - private String groupName; - private String component; - - public ListRolesCmd(String groupName, String component) { - this.groupName = groupName; - this.component = component; - } - - @Override - public void execute(SentryGenericServiceClient client, String requestorName) throws Exception { - Set<TSentryRole> roles; - if (StringUtils.isEmpty(groupName)) { - roles = client.listAllRoles(requestorName, component); - } else { - roles = client.listRolesByGroupName(requestorName, groupName, component); - } - if (roles != null) { - for (TSentryRole role : roles) { - System.out.println(role.getRoleName()); - } - } - } -} http://git-wip-us.apache.org/repos/asf/sentry/blob/6d44cfd9/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/generic/tools/command/RevokePrivilegeFromRoleCmd.java ---------------------------------------------------------------------- diff --git a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/generic/tools/command/RevokePrivilegeFromRoleCmd.java b/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/generic/tools/command/RevokePrivilegeFromRoleCmd.java deleted file mode 100644 index 3e42e60..0000000 --- a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/generic/tools/command/RevokePrivilegeFromRoleCmd.java +++ /dev/null @@ -1,47 +0,0 @@ -/** - * Licensed to the Apache Software Foundation (ASF) under one - * or more contributor license agreements. See the NOTICE file - * distributed with this work for additional information - * regarding copyright ownership. The ASF licenses this file - * to you under the Apache License, Version 2.0 (the - * "License"); you may not use this file except in compliance - * with the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ -package org.apache.sentry.provider.db.generic.tools.command; - -import org.apache.sentry.provider.db.generic.service.thrift.SentryGenericServiceClient; -import org.apache.sentry.provider.db.generic.service.thrift.TSentryPrivilege; - -/** - * The class for admin command to revoke privileges from role. - */ -public class RevokePrivilegeFromRoleCmd implements Command { - - private String roleName; - private String component; - private String privilegeStr; - private TSentryPrivilegeConverter converter; - - public RevokePrivilegeFromRoleCmd(String roleName, String component, String privilegeStr, - TSentryPrivilegeConverter converter) { - this.roleName = roleName; - this.component = component; - this.privilegeStr = privilegeStr; - this.converter = converter; - } - - @Override - public void execute(SentryGenericServiceClient client, String requestorName) throws Exception { - TSentryPrivilege privilege = converter.fromString(privilegeStr); - client.revokePrivilege(requestorName, roleName, component, privilege); - } - -} http://git-wip-us.apache.org/repos/asf/sentry/blob/6d44cfd9/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/generic/tools/command/TSentryPrivilegeConverter.java ---------------------------------------------------------------------- diff --git a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/generic/tools/command/TSentryPrivilegeConverter.java b/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/generic/tools/command/TSentryPrivilegeConverter.java index ab44895..0bfbc44 100644 --- a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/generic/tools/command/TSentryPrivilegeConverter.java +++ b/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/generic/tools/command/TSentryPrivilegeConverter.java @@ -17,6 +17,7 @@ */ package org.apache.sentry.provider.db.generic.tools.command; +import org.apache.sentry.core.common.exception.SentryUserException; import org.apache.sentry.provider.db.generic.service.thrift.TSentryPrivilege; public interface TSentryPrivilegeConverter { @@ -24,7 +25,7 @@ public interface TSentryPrivilegeConverter { /** * Convert string to privilege */ - TSentryPrivilege fromString(String privilegeStr) throws Exception; + TSentryPrivilege fromString(String privilegeStr) throws SentryUserException; /** * Convert privilege to string http://git-wip-us.apache.org/repos/asf/sentry/blob/6d44cfd9/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/tools/SentryShellHive.java ---------------------------------------------------------------------- diff --git a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/tools/SentryShellHive.java b/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/tools/SentryShellHive.java index 09f17ed..226d58d 100644 --- a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/tools/SentryShellHive.java +++ b/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/tools/SentryShellHive.java @@ -18,6 +18,8 @@ package org.apache.sentry.provider.db.tools; +import java.util.List; + import org.apache.commons.lang.StringUtils; import org.apache.hadoop.conf.Configuration; import org.apache.hadoop.fs.Path; @@ -39,39 +41,41 @@ public class SentryShellHive extends SentryShellCommon { private static final Logger LOGGER = LoggerFactory.getLogger(SentryShellHive.class); public void run() throws Exception { - Command command = null; try(SentryPolicyServiceClient client = SentryServiceClientFactory.create(getSentryConf())) { UserGroupInformation ugi = UserGroupInformation.getLoginUser(); String requestorName = ugi.getShortUserName(); + ShellCommand command = new HiveShellCommand(client); + + // check the requestor name + if (StringUtils.isEmpty(requestorName)) { + // The exception message will be recorded in the log file. + throw new Exception("The requestor name is empty."); + } if (isCreateRole) { - command = new CreateRoleCmd(roleName); + command.createRole(requestorName, roleName); } else if (isDropRole) { - command = new DropRoleCmd(roleName); + command.dropRole(requestorName, roleName); } else if (isAddRoleGroup) { - command = new GrantRoleToGroupsCmd(roleName, groupName); + command.grantRoleToGroups(requestorName, roleName, groupName); } else if (isDeleteRoleGroup) { - command = new RevokeRoleFromGroupsCmd(roleName, groupName); + command.revokeRoleFromGroups(requestorName, roleName, groupName); } else if (isGrantPrivilegeRole) { - command = new GrantPrivilegeToRoleCmd(roleName, privilegeStr); + command.grantPrivilegeToRole(requestorName, roleName, privilegeStr); } else if (isRevokePrivilegeRole) { - command = new RevokePrivilegeFromRoleCmd(roleName, privilegeStr); + command.revokePrivilegeFromRole(requestorName, roleName, privilegeStr); } else if (isListRole) { - command = new ListRolesCmd(groupName); + List<String> roles = command.listRoles(requestorName, roleName, groupName); + for (String role : roles) { + System.out.println(role); + } } else if (isListPrivilege) { - command = new ListPrivilegesCmd(roleName); - } - - // check the requestor name - if (StringUtils.isEmpty(requestorName)) { - // The exception message will be recoreded in log file. - throw new Exception("The requestor name is empty."); - } - - if (command != null) { - command.execute(client, requestorName); + List<String> privileges = command.listPrivileges(requestorName, roleName); + for (String privilege : privileges) { + System.out.println(privilege); + } } } } http://git-wip-us.apache.org/repos/asf/sentry/blob/6d44cfd9/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/tools/ShellCommand.java ---------------------------------------------------------------------- diff --git a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/tools/ShellCommand.java b/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/tools/ShellCommand.java new file mode 100644 index 0000000..ec751ec --- /dev/null +++ b/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/tools/ShellCommand.java @@ -0,0 +1,44 @@ +/** + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package org.apache.sentry.provider.db.tools; + +import java.util.List; + +import org.apache.sentry.core.common.exception.SentryUserException; + +/** + * The interface for all admin commands, eg, CreateRoleCmd. It is independent of the underlying mechanism (i.e. Generic or Hive) + */ +public interface ShellCommand { + + void createRole(String requestorName, String roleName) throws SentryUserException; + + void dropRole(String requestorName, String roleName) throws SentryUserException; + + void grantPrivilegeToRole(String requestorName, String roleName, String privilege) throws SentryUserException; + + void grantRoleToGroups(String requestorName, String roleName, String groups) throws SentryUserException; + + void revokePrivilegeFromRole(String requestorName, String roleName, String privilege) throws SentryUserException; + + void revokeRoleFromGroups(String requestorName, String roleName, String groups) throws SentryUserException; + + List<String> listRoles(String requestorName, String roleName, String group) throws SentryUserException; + + List<String> listPrivileges(String requestorName, String roleName) throws SentryUserException; +} http://git-wip-us.apache.org/repos/asf/sentry/blob/6d44cfd9/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/tools/command/hive/Command.java ---------------------------------------------------------------------- diff --git a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/tools/command/hive/Command.java b/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/tools/command/hive/Command.java deleted file mode 100644 index 79aed49..0000000 --- a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/tools/command/hive/Command.java +++ /dev/null @@ -1,27 +0,0 @@ -/** - * Licensed to the Apache Software Foundation (ASF) under one - * or more contributor license agreements. See the NOTICE file - * distributed with this work for additional information - * regarding copyright ownership. The ASF licenses this file - * to you under the Apache License, Version 2.0 (the - * "License"); you may not use this file except in compliance - * with the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ -package org.apache.sentry.provider.db.tools.command.hive; - -import org.apache.sentry.provider.db.service.thrift.SentryPolicyServiceClient; - -/** - * The interface for all admin commands, eg, CreateRoleCmd. - */ -public interface Command { - void execute(SentryPolicyServiceClient client, String requestorName) throws Exception; -} http://git-wip-us.apache.org/repos/asf/sentry/blob/6d44cfd9/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/tools/command/hive/CommandUtil.java ---------------------------------------------------------------------- diff --git a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/tools/command/hive/CommandUtil.java b/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/tools/command/hive/CommandUtil.java index b6f4140..3f0b5fa 100644 --- a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/tools/command/hive/CommandUtil.java +++ b/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/tools/command/hive/CommandUtil.java @@ -31,7 +31,7 @@ public final class CommandUtil { // check the privilege value for the specific privilege scope // eg, for the table scope, server and database can't be empty - public static void validatePrivilegeHierarchy(TSentryPrivilege tSentryPrivilege) throws Exception { + public static void validatePrivilegeHierarchy(TSentryPrivilege tSentryPrivilege) throws IllegalArgumentException { String serverName = tSentryPrivilege.getServerName(); String dbName = tSentryPrivilege.getDbName(); String tableName = tSentryPrivilege.getTableName(); http://git-wip-us.apache.org/repos/asf/sentry/blob/6d44cfd9/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/tools/command/hive/CreateRoleCmd.java ---------------------------------------------------------------------- diff --git a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/tools/command/hive/CreateRoleCmd.java b/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/tools/command/hive/CreateRoleCmd.java deleted file mode 100644 index 5a4834a..0000000 --- a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/tools/command/hive/CreateRoleCmd.java +++ /dev/null @@ -1,37 +0,0 @@ -/** - * Licensed to the Apache Software Foundation (ASF) under one - * or more contributor license agreements. See the NOTICE file - * distributed with this work for additional information - * regarding copyright ownership. The ASF licenses this file - * to you under the Apache License, Version 2.0 (the - * "License"); you may not use this file except in compliance - * with the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ -package org.apache.sentry.provider.db.tools.command.hive; - -import org.apache.sentry.provider.db.service.thrift.SentryPolicyServiceClient; - -/** - * The class for admin command to create role. - */ -public class CreateRoleCmd implements Command { - - private String roleName; - - public CreateRoleCmd(String roleName) { - this.roleName = roleName; - } - - @Override - public void execute(SentryPolicyServiceClient client, String requestorName) throws Exception { - client.createRole(requestorName, roleName); - } -} http://git-wip-us.apache.org/repos/asf/sentry/blob/6d44cfd9/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/tools/command/hive/DropRoleCmd.java ---------------------------------------------------------------------- diff --git a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/tools/command/hive/DropRoleCmd.java b/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/tools/command/hive/DropRoleCmd.java deleted file mode 100644 index facec0e..0000000 --- a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/tools/command/hive/DropRoleCmd.java +++ /dev/null @@ -1,37 +0,0 @@ -/** - * Licensed to the Apache Software Foundation (ASF) under one - * or more contributor license agreements. See the NOTICE file - * distributed with this work for additional information - * regarding copyright ownership. The ASF licenses this file - * to you under the Apache License, Version 2.0 (the - * "License"); you may not use this file except in compliance - * with the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ -package org.apache.sentry.provider.db.tools.command.hive; - -import org.apache.sentry.provider.db.service.thrift.SentryPolicyServiceClient; - -/** - * The class for admin command to drop role. - */ -public class DropRoleCmd implements Command { - - private String roleName; - - public DropRoleCmd(String roleName) { - this.roleName = roleName; - } - - @Override - public void execute(SentryPolicyServiceClient client, String requestorName) throws Exception { - client.dropRole(requestorName, roleName); - } -} http://git-wip-us.apache.org/repos/asf/sentry/blob/6d44cfd9/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/tools/command/hive/GrantPrivilegeToRoleCmd.java ---------------------------------------------------------------------- diff --git a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/tools/command/hive/GrantPrivilegeToRoleCmd.java b/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/tools/command/hive/GrantPrivilegeToRoleCmd.java deleted file mode 100644 index f530c00..0000000 --- a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/tools/command/hive/GrantPrivilegeToRoleCmd.java +++ /dev/null @@ -1,43 +0,0 @@ -/** - * Licensed to the Apache Software Foundation (ASF) under one - * or more contributor license agreements. See the NOTICE file - * distributed with this work for additional information - * regarding copyright ownership. The ASF licenses this file - * to you under the Apache License, Version 2.0 (the - * "License"); you may not use this file except in compliance - * with the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ -package org.apache.sentry.provider.db.tools.command.hive; - -import org.apache.sentry.provider.db.service.thrift.SentryPolicyServiceClient; -import org.apache.sentry.provider.db.service.thrift.TSentryPrivilege; -import org.apache.sentry.service.thrift.SentryServiceUtil; - -/** - * The class for admin command to grant privilege to role. - */ -public class GrantPrivilegeToRoleCmd implements Command { - - private String roleName; - private String privilegeStr; - - public GrantPrivilegeToRoleCmd(String roleName, String privilegeStr) { - this.roleName = roleName; - this.privilegeStr = privilegeStr; - } - - @Override - public void execute(SentryPolicyServiceClient client, String requestorName) throws Exception { - TSentryPrivilege tSentryPrivilege = SentryServiceUtil.convertToTSentryPrivilege(privilegeStr); - CommandUtil.validatePrivilegeHierarchy(tSentryPrivilege); - client.grantPrivilege(requestorName, roleName, tSentryPrivilege); - } -} http://git-wip-us.apache.org/repos/asf/sentry/blob/6d44cfd9/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/tools/command/hive/GrantRoleToGroupsCmd.java ---------------------------------------------------------------------- diff --git a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/tools/command/hive/GrantRoleToGroupsCmd.java b/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/tools/command/hive/GrantRoleToGroupsCmd.java deleted file mode 100644 index 07a3de4..0000000 --- a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/tools/command/hive/GrantRoleToGroupsCmd.java +++ /dev/null @@ -1,44 +0,0 @@ -/** - * Licensed to the Apache Software Foundation (ASF) under one - * or more contributor license agreements. See the NOTICE file - * distributed with this work for additional information - * regarding copyright ownership. The ASF licenses this file - * to you under the Apache License, Version 2.0 (the - * "License"); you may not use this file except in compliance - * with the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ -package org.apache.sentry.provider.db.tools.command.hive; - -import com.google.common.collect.Sets; -import org.apache.sentry.provider.db.service.thrift.SentryPolicyServiceClient; -import org.apache.sentry.provider.db.tools.SentryShellCommon; - -import java.util.Set; - -/** - * The class for admin command to grant role to group. - */ -public class GrantRoleToGroupsCmd implements Command { - - private String roleName; - private String groupNamesStr; - - public GrantRoleToGroupsCmd(String roleName, String groupNamesStr) { - this.roleName = roleName; - this.groupNamesStr = groupNamesStr; - } - - @Override - public void execute(SentryPolicyServiceClient client, String requestorName) throws Exception { - Set<String> groups = Sets.newHashSet(groupNamesStr.split(SentryShellCommon.GROUP_SPLIT_CHAR)); - client.grantRoleToGroups(requestorName, roleName, groups); - } -} http://git-wip-us.apache.org/repos/asf/sentry/blob/6d44cfd9/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/tools/command/hive/HiveShellCommand.java ---------------------------------------------------------------------- diff --git a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/tools/command/hive/HiveShellCommand.java b/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/tools/command/hive/HiveShellCommand.java new file mode 100644 index 0000000..8451d8b --- /dev/null +++ b/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/tools/command/hive/HiveShellCommand.java @@ -0,0 +1,108 @@ +/** + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package org.apache.sentry.provider.db.tools.command.hive; + +import java.util.ArrayList; +import java.util.List; +import java.util.Set; + +import org.apache.commons.lang.StringUtils; +import org.apache.sentry.core.common.exception.SentryUserException; +import org.apache.sentry.provider.db.service.thrift.SentryPolicyServiceClient; +import org.apache.sentry.provider.db.service.thrift.TSentryPrivilege; +import org.apache.sentry.provider.db.service.thrift.TSentryRole; +import org.apache.sentry.provider.db.tools.SentryShellCommon; +import org.apache.sentry.provider.db.tools.ShellCommand; +import org.apache.sentry.service.thrift.SentryServiceUtil; + +import com.google.common.collect.Sets; + +/** + * The ShellCommand implementation for Hive. + */ +public class HiveShellCommand implements ShellCommand { + + private final SentryPolicyServiceClient client; + + public HiveShellCommand(SentryPolicyServiceClient client) { + this.client = client; + } + + public void createRole(String requestorName, String roleName) throws SentryUserException { + client.createRole(requestorName, roleName); + } + + public void dropRole(String requestorName, String roleName) throws SentryUserException { + client.dropRole(requestorName, roleName); + } + + public void grantPrivilegeToRole(String requestorName, String roleName, String privilege) throws SentryUserException { + TSentryPrivilege tSentryPrivilege = SentryServiceUtil.convertToTSentryPrivilege(privilege); + CommandUtil.validatePrivilegeHierarchy(tSentryPrivilege); + client.grantPrivilege(requestorName, roleName, tSentryPrivilege); + } + + public void grantRoleToGroups(String requestorName, String roleName, String groups) throws SentryUserException { + Set<String> groupSet = Sets.newHashSet(groups.split(SentryShellCommon.GROUP_SPLIT_CHAR)); + client.grantRoleToGroups(requestorName, roleName, groupSet); + } + + public void revokePrivilegeFromRole(String requestorName, String roleName, String privilege) throws SentryUserException { + TSentryPrivilege tSentryPrivilege = SentryServiceUtil.convertToTSentryPrivilege(privilege); + CommandUtil.validatePrivilegeHierarchy(tSentryPrivilege); + client.revokePrivilege(requestorName, roleName, tSentryPrivilege); + } + + public void revokeRoleFromGroups(String requestorName, String roleName, String groups) throws SentryUserException { + Set<String> groupSet = Sets.newHashSet(groups.split(SentryShellCommon.GROUP_SPLIT_CHAR)); + client.revokeRoleFromGroups(requestorName, roleName, groupSet); + } + + public List<String> listRoles(String requestorName, String roleName, String group) throws SentryUserException { + Set<TSentryRole> roles; + if (StringUtils.isEmpty(group)) { + roles = client.listRoles(requestorName); + } else { + roles = client.listRolesByGroupName(requestorName, group); + } + + List<String> result = new ArrayList<>(); + if (roles != null) { + for (TSentryRole role : roles) { + result.add(role.getRoleName()); + } + } + + return result; + } + + public List<String> listPrivileges(String requestorName, String roleName) throws SentryUserException { + Set<TSentryPrivilege> privileges = client + .listAllPrivilegesByRoleName(requestorName, roleName); + + List<String> result = new ArrayList<>(); + if (privileges != null) { + for (TSentryPrivilege privilege : privileges) { + String privilegeStr = SentryServiceUtil.convertTSentryPrivilegeToStr(privilege); + result.add(privilegeStr); + } + } + return result; + } + +} http://git-wip-us.apache.org/repos/asf/sentry/blob/6d44cfd9/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/tools/command/hive/ListPrivilegesCmd.java ---------------------------------------------------------------------- diff --git a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/tools/command/hive/ListPrivilegesCmd.java b/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/tools/command/hive/ListPrivilegesCmd.java deleted file mode 100644 index 2cc4f71..0000000 --- a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/tools/command/hive/ListPrivilegesCmd.java +++ /dev/null @@ -1,49 +0,0 @@ -/** - * Licensed to the Apache Software Foundation (ASF) under one - * or more contributor license agreements. See the NOTICE file - * distributed with this work for additional information - * regarding copyright ownership. The ASF licenses this file - * to you under the Apache License, Version 2.0 (the - * "License"); you may not use this file except in compliance - * with the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ -package org.apache.sentry.provider.db.tools.command.hive; - -import java.util.Set; - -import org.apache.sentry.provider.db.service.thrift.SentryPolicyServiceClient; -import org.apache.sentry.provider.db.service.thrift.TSentryPrivilege; -import org.apache.sentry.service.thrift.SentryServiceUtil; - -/** - * The class for admin command to list privileges. - */ -public class ListPrivilegesCmd implements Command { - - private String roleName; - - public ListPrivilegesCmd(String roleName) { - this.roleName = roleName; - } - - @Override - public void execute(SentryPolicyServiceClient client, String requestorName) throws Exception { - Set<TSentryPrivilege> privileges = client - .listAllPrivilegesByRoleName(requestorName, roleName); - if (privileges != null) { - for (TSentryPrivilege privilege : privileges) { - String privilegeStr = SentryServiceUtil.convertTSentryPrivilegeToStr(privilege); - System.out.println(privilegeStr); - } - } - } - -} http://git-wip-us.apache.org/repos/asf/sentry/blob/6d44cfd9/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/tools/command/hive/ListRolesCmd.java ---------------------------------------------------------------------- diff --git a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/tools/command/hive/ListRolesCmd.java b/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/tools/command/hive/ListRolesCmd.java deleted file mode 100644 index 283f2c0..0000000 --- a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/tools/command/hive/ListRolesCmd.java +++ /dev/null @@ -1,51 +0,0 @@ -/** - * Licensed to the Apache Software Foundation (ASF) under one - * or more contributor license agreements. See the NOTICE file - * distributed with this work for additional information - * regarding copyright ownership. The ASF licenses this file - * to you under the Apache License, Version 2.0 (the - * "License"); you may not use this file except in compliance - * with the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ -package org.apache.sentry.provider.db.tools.command.hive; - -import org.apache.commons.lang.StringUtils; -import org.apache.sentry.provider.db.service.thrift.SentryPolicyServiceClient; -import org.apache.sentry.provider.db.service.thrift.TSentryRole; - -import java.util.Set; - -/** - * The class for admin command to list roles. - */ -public class ListRolesCmd implements Command { - - private String groupName; - - public ListRolesCmd(String groupName) { - this.groupName = groupName; - } - - @Override - public void execute(SentryPolicyServiceClient client, String requestorName) throws Exception { - Set<TSentryRole> roles; - if (StringUtils.isEmpty(groupName)) { - roles = client.listRoles(requestorName); - } else { - roles = client.listRolesByGroupName(requestorName, groupName); - } - if (roles != null) { - for (TSentryRole role : roles) { - System.out.println(role.getRoleName()); - } - } - } -} http://git-wip-us.apache.org/repos/asf/sentry/blob/6d44cfd9/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/tools/command/hive/RevokePrivilegeFromRoleCmd.java ---------------------------------------------------------------------- diff --git a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/tools/command/hive/RevokePrivilegeFromRoleCmd.java b/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/tools/command/hive/RevokePrivilegeFromRoleCmd.java deleted file mode 100644 index 4acecee..0000000 --- a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/tools/command/hive/RevokePrivilegeFromRoleCmd.java +++ /dev/null @@ -1,44 +0,0 @@ -/** - * Licensed to the Apache Software Foundation (ASF) under one - * or more contributor license agreements. See the NOTICE file - * distributed with this work for additional information - * regarding copyright ownership. The ASF licenses this file - * to you under the Apache License, Version 2.0 (the - * "License"); you may not use this file except in compliance - * with the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ -package org.apache.sentry.provider.db.tools.command.hive; - -import org.apache.sentry.provider.db.service.thrift.SentryPolicyServiceClient; -import org.apache.sentry.provider.db.service.thrift.TSentryPrivilege; -import org.apache.sentry.service.thrift.SentryServiceUtil; - -/** - * The class for admin command to revoke privileges from role. - */ -public class RevokePrivilegeFromRoleCmd implements Command { - - private String roleName; - private String privilegeStr; - - public RevokePrivilegeFromRoleCmd(String roleName, String privilegeStr) { - this.roleName = roleName; - this.privilegeStr = privilegeStr; - } - - @Override - public void execute(SentryPolicyServiceClient client, String requestorName) throws Exception { - TSentryPrivilege tSentryPrivilege = SentryServiceUtil.convertToTSentryPrivilege(privilegeStr); - CommandUtil.validatePrivilegeHierarchy(tSentryPrivilege); - client.revokePrivilege(requestorName, roleName, tSentryPrivilege); - } - -} http://git-wip-us.apache.org/repos/asf/sentry/blob/6d44cfd9/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/tools/command/hive/RevokeRoleFromGroupsCmd.java ---------------------------------------------------------------------- diff --git a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/tools/command/hive/RevokeRoleFromGroupsCmd.java b/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/tools/command/hive/RevokeRoleFromGroupsCmd.java deleted file mode 100644 index 86773ca..0000000 --- a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/tools/command/hive/RevokeRoleFromGroupsCmd.java +++ /dev/null @@ -1,43 +0,0 @@ -/** - * Licensed to the Apache Software Foundation (ASF) under one - * or more contributor license agreements. See the NOTICE file - * distributed with this work for additional information - * regarding copyright ownership. The ASF licenses this file - * to you under the Apache License, Version 2.0 (the - * "License"); you may not use this file except in compliance - * with the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ -package org.apache.sentry.provider.db.tools.command.hive; - -import com.google.common.collect.Sets; -import org.apache.sentry.provider.db.service.thrift.SentryPolicyServiceClient; - -import java.util.Set; - -/** - * The class for admin command to revoke role from group. - */ -public class RevokeRoleFromGroupsCmd implements Command { - - private String roleName; - private String groupNamesStr; - - public RevokeRoleFromGroupsCmd(String roleName, String groupNamesStr) { - this.roleName = roleName; - this.groupNamesStr = groupNamesStr; - } - - @Override - public void execute(SentryPolicyServiceClient client, String requestorName) throws Exception { - Set<String> groups = Sets.newHashSet(groupNamesStr.split(CommandUtil.SPLIT_CHAR)); - client.revokeRoleFromGroups(requestorName, roleName, groups); - } -}
