Added support to use the CLI tool with kafka, solr, sqoop
Project: http://git-wip-us.apache.org/repos/asf/sentry/repo Commit: http://git-wip-us.apache.org/repos/asf/sentry/commit/3dc878e1 Tree: http://git-wip-us.apache.org/repos/asf/sentry/tree/3dc878e1 Diff: http://git-wip-us.apache.org/repos/asf/sentry/diff/3dc878e1 Branch: refs/heads/akolb-cli Commit: 3dc878e1ca440ad4bfe9250c43384971bd344c3b Parents: d384787 Author: Colm O hEigeartaigh <[email protected]> Authored: Thu Nov 16 11:10:59 2017 +0000 Committer: Colm O hEigeartaigh <[email protected]> Committed: Thu Nov 16 11:10:59 2017 +0000 ---------------------------------------------------------------------- .../org/apache/sentry/shell/GroupShell.java | 65 ++-- .../org/apache/sentry/shell/PrivsShell.java | 80 +++-- .../org/apache/sentry/shell/RolesShell.java | 90 +++-- .../java/org/apache/sentry/shell/SentryCli.java | 291 ++++++++-------- .../java/org/apache/sentry/shell/ShellUtil.java | 134 -------- .../org/apache/sentry/shell/TopLevelShell.java | 335 +++++++++++++------ 6 files changed, 542 insertions(+), 453 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/sentry/blob/3dc878e1/sentry-tools/src/main/java/org/apache/sentry/shell/GroupShell.java ---------------------------------------------------------------------- diff --git a/sentry-tools/src/main/java/org/apache/sentry/shell/GroupShell.java b/sentry-tools/src/main/java/org/apache/sentry/shell/GroupShell.java index a59da04..b7652a5 100644 --- a/sentry-tools/src/main/java/org/apache/sentry/shell/GroupShell.java +++ b/sentry-tools/src/main/java/org/apache/sentry/shell/GroupShell.java @@ -21,40 +21,65 @@ package org.apache.sentry.shell; import com.budhash.cliche.Command; import com.budhash.cliche.Shell; import com.budhash.cliche.ShellDependent; -import org.apache.sentry.provider.db.service.thrift.SentryPolicyServiceClient; +import org.apache.sentry.core.common.exception.SentryUserException; +import org.apache.sentry.provider.db.tools.ShellCommand; + +import java.util.Arrays; +import java.util.Collections; +import java.util.HashSet; import java.util.List; +import java.util.Set; /** * Sentry group manipulation for CLI */ public class GroupShell implements ShellDependent { - private final ShellUtil tools; - Shell shell; + private final ShellCommand shellCommand; + private final String authUser; + Shell shell; - public GroupShell(SentryPolicyServiceClient sentryClient, String authUser) { - this.tools = new ShellUtil(sentryClient, authUser); - } + public GroupShell(ShellCommand shellCommand, String authUser) { + this.shellCommand = shellCommand; + this.authUser = authUser; + } - @Command(abbrev = "lr", header = "[groups]", - description = "list groups and their roles") - public List<String> listRoles() { - return tools.listGroupRoles(); + @Command(abbrev = "lr", header = "[groups]", + description = "list groups and their roles") + public List<String> listRoles() { + try { + return shellCommand.listGroupRoles(authUser); + } catch (SentryUserException e) { + System.out.printf("failed to list the groups and roles: %s\n", e.toString()); + return Collections.emptyList(); } + } - @Command(description = "Grant role to groups") - public void grant(String roleName, String ...groups) { - tools.grantGroupsToRole(roleName, groups); + @Command(description = "Grant role to groups") + public void grant(String roleName, String ...groups) { + try { + Set<String> groupsSet = new HashSet<>(Arrays.asList(groups)); + shellCommand.grantRoleToGroups(authUser, roleName, groupsSet); + } catch (SentryUserException e) { + System.out.printf("Failed to gran role %s to groups: %s\n", + roleName, e.toString()); } + } - @Command(description = "Revoke role from groups") - public void revoke(String roleName, String ...groups) { - tools.revokeGroupsFromRole(roleName, groups); + @Command(description = "Revoke role from groups") + public void revoke(String roleName, String ...groups) { + try { + Set<String> groupsSet = new HashSet<>(Arrays.asList(groups)); + shellCommand.revokeRoleFromGroups(authUser, roleName, groupsSet); + } catch (SentryUserException e) { + System.out.printf("Failed to revoke role %s to groups: %s\n", + roleName, e.toString()); } + } - @Override - public void cliSetShell(Shell theShell) { - this.shell = theShell; - } + @Override + public void cliSetShell(Shell theShell) { + this.shell = theShell; + } } http://git-wip-us.apache.org/repos/asf/sentry/blob/3dc878e1/sentry-tools/src/main/java/org/apache/sentry/shell/PrivsShell.java ---------------------------------------------------------------------- diff --git a/sentry-tools/src/main/java/org/apache/sentry/shell/PrivsShell.java b/sentry-tools/src/main/java/org/apache/sentry/shell/PrivsShell.java index a03c47d..8b8898f 100644 --- a/sentry-tools/src/main/java/org/apache/sentry/shell/PrivsShell.java +++ b/sentry-tools/src/main/java/org/apache/sentry/shell/PrivsShell.java @@ -22,47 +22,65 @@ import com.budhash.cliche.Command; import com.budhash.cliche.Param; import com.budhash.cliche.Shell; import com.budhash.cliche.ShellDependent; -import org.apache.sentry.provider.db.service.thrift.SentryPolicyServiceClient; +import org.apache.sentry.core.common.exception.SentryUserException; +import org.apache.sentry.provider.db.tools.ShellCommand; + +import java.util.Collections; import java.util.List; public class PrivsShell implements ShellDependent { - private final ShellUtil tools; - Shell shell; + private final ShellCommand shellCommand; + private final String authUser; + Shell shell; - public PrivsShell(SentryPolicyServiceClient sentryClient, String authUser) { - this.tools = new ShellUtil(sentryClient, authUser); - } + public PrivsShell(ShellCommand shellCommand, String authUser) { + this.shellCommand = shellCommand; + this.authUser = authUser; + } - @Command(description = "Grant privilege to role") - public void grant( - @Param(name = "roleName") - String roleName, - @Param(name = "privilege", - description = "privilege string, e.g. server=s1->db=foo") - String privilege) { - tools.grantPrivilegeToRole(roleName, privilege); + @Command(description = "Grant privilege to role") + public void grant( + @Param(name = "roleName") + String roleName, + @Param(name = "privilege", + description = "privilege string, e.g. server=s1->db=foo") + String privilege) { + try { + shellCommand.grantPrivilegeToRole(authUser, roleName, privilege); + } catch (SentryUserException e) { + System.out.println("Error granting privilege: " + e.toString()); } + } - @Command - public List<String> list( - @Param(name = "roleName") - String roleName) { - return tools.listPrivileges(roleName); + @Command + public List<String> list( + @Param(name = "roleName") + String roleName) { + try { + return shellCommand.listPrivileges(authUser, roleName); + } catch (SentryUserException e) { + System.out.println("Failed to list privileges: " + e.toString()); + return Collections.emptyList(); } + } - @Command - public void revoke( - @Param(name = "roleName") - String roleName, - @Param(name = "privilege", - description = "privilege string, e.g. server=s1->db=foo") - String privilege) { - tools.revokePrivilegeFromRole(roleName, privilege); + @Command + public void revoke( + @Param(name = "roleName") + String roleName, + @Param(name = "privilege", + description = "privilege string, e.g. server=s1->db=foo") + String privilege) { + try { + shellCommand.revokePrivilegeFromRole(authUser, roleName, privilege); + } catch (SentryUserException e) { + System.out.println("failed to revoke privilege: " + e.toString()); } + } - @Override - public void cliSetShell(Shell theShell) { - this.shell = theShell; - } + @Override + public void cliSetShell(Shell theShell) { + this.shell = theShell; + } } http://git-wip-us.apache.org/repos/asf/sentry/blob/3dc878e1/sentry-tools/src/main/java/org/apache/sentry/shell/RolesShell.java ---------------------------------------------------------------------- diff --git a/sentry-tools/src/main/java/org/apache/sentry/shell/RolesShell.java b/sentry-tools/src/main/java/org/apache/sentry/shell/RolesShell.java index ab4589d..c014a30 100644 --- a/sentry-tools/src/main/java/org/apache/sentry/shell/RolesShell.java +++ b/sentry-tools/src/main/java/org/apache/sentry/shell/RolesShell.java @@ -22,50 +22,84 @@ import com.budhash.cliche.Command; import com.budhash.cliche.Param; import com.budhash.cliche.Shell; import com.budhash.cliche.ShellDependent; -import org.apache.sentry.provider.db.service.thrift.SentryPolicyServiceClient; +import org.apache.sentry.core.common.exception.SentryUserException; +import org.apache.sentry.provider.db.tools.ShellCommand; + +import java.util.Collections; import java.util.List; /** * Sentry roles manipulation for CLI. */ public class RolesShell implements ShellDependent { - private final ShellUtil tools; - Shell shell; + private final ShellCommand shellCommand; + private final String authUser; + Shell shell; - public RolesShell(SentryPolicyServiceClient sentryClient, String authUser) { - this.tools = new ShellUtil(sentryClient, authUser); - } + public RolesShell(ShellCommand shellCommand, String authUser) { + this.shellCommand = shellCommand; + this.authUser = authUser; + } - @Command(description = "List sentry roles. shows all available roles.") - public List<String> list() { - return tools.listRoles(); + @Command(description = "List sentry roles. shows all available roles.") + public List<String> list() { + try { + List<String> result = shellCommand.listRoles(authUser, null); + Collections.sort(result); + return result; + } catch (SentryUserException e) { + System.out.printf("failed to list roles: %s\n", e.toString()); + return Collections.emptyList(); } + } - @Command(description = "List sentry roles by group") - public List<String> list( - @Param(name = "groupName", description = "group name for roles") - String group) { - return tools.listRoles(group); + @Command(description = "List sentry roles by group") + public List<String> list( + @Param(name = "groupName", description = "group name for roles") + String group) { + try { + List<String> result = shellCommand.listRoles(authUser, group); + Collections.sort(result); + return result; + } catch (SentryUserException e) { + System.out.printf("failed to list roles with group %s: %s\n", + group, e.toString()); + return Collections.emptyList(); } + } - @Command(description = "Create Sentry role(s).") - public void create( - @Param(name = "roleName", description = "name of role to create") - String ...roles) { - tools.createRoles(roles); + @Command(description = "Create Sentry role(s).") + public void create( + @Param(name = "roleName", description = "name of role to create") + String ...roles) { + for (String role : roles) { + try { + shellCommand.createRole(authUser, role); + } catch (SentryUserException e) { + System.out.printf("failed to create role %s: %s\n", + role, e.toString()); + } } + } - @Command(description = "drop Sentry role(s).") - public void drop( - @Param(name = "roleName ...", description = "role names to remove") - String ...roles) { - tools.dropRoles(roles); + @Command(description = "drop Sentry role(s).") + public void drop( + @Param(name = "roleName ...", description = "role names to remove") + String ...roles) { + for (String role : roles) { + try { + shellCommand.dropRole(authUser, role); + } catch (SentryUserException e) { + System.out.printf("failed to drop role %s: %s\n", + role, e.toString()); + } } + } - @Override - public void cliSetShell(Shell theShell) { - this.shell = theShell; - } + @Override + public void cliSetShell(Shell theShell) { + this.shell = theShell; + } } http://git-wip-us.apache.org/repos/asf/sentry/blob/3dc878e1/sentry-tools/src/main/java/org/apache/sentry/shell/SentryCli.java ---------------------------------------------------------------------- diff --git a/sentry-tools/src/main/java/org/apache/sentry/shell/SentryCli.java b/sentry-tools/src/main/java/org/apache/sentry/shell/SentryCli.java index 823d80c..75b845c 100644 --- a/sentry-tools/src/main/java/org/apache/sentry/shell/SentryCli.java +++ b/sentry-tools/src/main/java/org/apache/sentry/shell/SentryCli.java @@ -23,13 +23,14 @@ import org.apache.hadoop.conf.Configuration; import org.apache.hadoop.fs.Path; import org.apache.hadoop.security.UserGroupInformation; import org.apache.log4j.PropertyConfigurator; +import org.apache.sentry.provider.db.generic.service.thrift.SentryGenericServiceClient; +import org.apache.sentry.provider.db.generic.service.thrift.SentryGenericServiceClientFactory; import org.apache.sentry.provider.db.service.thrift.SentryPolicyServiceClient; import org.apache.sentry.service.thrift.SentryServiceClientFactory; import org.slf4j.Logger; import org.slf4j.LoggerFactory; import java.io.FileInputStream; -import java.io.FileNotFoundException; import java.io.IOException; import java.util.Map; import java.util.Properties; @@ -42,163 +43,163 @@ import static org.apache.sentry.service.thrift.ServiceConstants.ServerConfig.SEC * Sentry interactive tool */ public class SentryCli { - private static final Logger log = LoggerFactory.getLogger(SentryCli.class.getName()); - private static final String LOG4J_CONF = "log4jConf"; - private final String[] args; - private Options options = new Options(); - private CommandLine cmd; - - private static final String localhost = "localhost"; - private static final String defaultPort = "8038"; - - private static final String configOpt = "config"; - private static final String userOpt = "user"; - private static final String hostOpt = "host"; - - private static final String configEnv = "SENTRY_CONFIG"; - private static final String hostEnv = "SENTRY_HOST"; - private static final String userEnv = "SENTRY_USER"; - - - private SentryPolicyServiceClient sentryClient; + private static final Logger log = LoggerFactory.getLogger(SentryCli.class.getName()); + private static final String LOG4J_CONF = "log4jConf"; + private final String[] args; + private Options options = new Options(); + private CommandLine cmd; + + private static final String localhost = "localhost"; + private static final String defaultPort = "8038"; + + private static final String configOpt = "config"; + private static final String userOpt = "user"; + private static final String hostOpt = "host"; + + private static final String configEnv = "SENTRY_CONFIG"; + private static final String hostEnv = "SENTRY_HOST"; + private static final String userEnv = "SENTRY_USER"; + + + private SentryPolicyServiceClient sentryClient; + private SentryGenericServiceClient sentryGenericClient; + + public SentryPolicyServiceClient getSentryClient() { + return sentryClient; + } + + public SentryGenericServiceClient getSentryGenericClient() { + return sentryGenericClient; + } + + public String getRequestorName() { + return requestorName; + } + + private String requestorName; + + public static void main(String[] args) { + SentryCli cli = new SentryCli(args); + // Create interactive shell and run it + TopLevelShell shell = new TopLevelShell(cli.getSentryClient(), + cli.getSentryGenericClient(), + cli.getRequestorName()); + shell.run(); + } + + /** + * Construct SentryCli from arguments + * @param args command-line arguments + */ + public SentryCli(String[] args) { + this.args = args; + options.addOption("h", "help", false, "show help"); + // file path of sentry-site + options.addOption("U", userOpt, true, "auth user"); + options.addOption("H", hostOpt, true, "host address"); + options.addOption("c", configOpt, true, "sentry configuration"); + options.addOption("L", LOG4J_CONF, true, "Location of log4j properties file"); + CommandLineParser parser = new GnuParser(); + try { + this.cmd = parser.parse(options, args); + } catch (ParseException e) { + help(); + } + if (cmd.hasOption("h")) { + help(); + } + init(); + } + + /** + * Parse command-line arguments. + */ + public void parse() { + CommandLineParser parser = new GnuParser(); + try { + cmd = parser.parse(options, args); + if (cmd.hasOption("h")) { + help(); + } + } catch (ParseException e) { + log.warn("error in parsing expression", e); + help(); + System.exit(1); + } + } + + /** + * Initialize CLI + */ + private void init() { + Map<String, String> env = System.getenv(); + String log4jconf = cmd.getOptionValue(LOG4J_CONF); + if (log4jconf != null && log4jconf.length() > 0) { + Properties log4jProperties = new Properties(); + + // Firstly load log properties from properties file + try (FileInputStream istream = new FileInputStream(log4jconf)) { + log4jProperties.load(istream); + } catch (IOException e) { + e.printStackTrace(); + } + + PropertyConfigurator.configure(log4jProperties); + } - public SentryPolicyServiceClient getSentryClient() { - return sentryClient; + String host = cmd.getOptionValue(hostOpt); + if (host == null) { + host = env.get(hostEnv); } - public String getRequestorName() { - return requestorName; + String pathConf = cmd.getOptionValue(configOpt); + if (pathConf == null) { + pathConf = env.get(configEnv); + } + if (host == null && pathConf == null) { + host = localhost + ":" + defaultPort; } - private String requestorName; + Configuration conf = new Configuration(); - public static void main(String[] args) { - SentryCli cli = new SentryCli(args); - // Create interactive shell and run it - TopLevelShell shell = new TopLevelShell(cli.getSentryClient(), - cli.getRequestorName()); - shell.run(); + if (pathConf != null) { + conf.addResource(new Path(pathConf)); + } else { + conf.set(SECURITY_MODE, SECURITY_MODE_NONE); } - /** - * Construct SentryCli from arguments - * @param args command-line arguments - */ - public SentryCli(String[] args) { - this.args = args; - options.addOption("h", "help", false, "show help"); - // file path of sentry-site - options.addOption("U", userOpt, true, "auth user"); - options.addOption("H", hostOpt, true, "host address"); - options.addOption("c", configOpt, true, "sentry configuration"); - options.addOption("L", LOG4J_CONF, true, "Location of log4j properties file"); - CommandLineParser parser = new GnuParser(); - try { - this.cmd = parser.parse(options, args); - } catch (ParseException e) { - help(); - } - if (cmd.hasOption("h")) { - help(); - } - init(); + if (host != null) { + conf.set(SERVER_RPC_ADDRESS, host); } - /** - * Parse command-line arguments. - */ - public void parse() { - CommandLineParser parser = new GnuParser(); - try { - cmd = parser.parse(options, args); - if (cmd.hasOption("h")) { - help(); - } - } catch (ParseException e) { - log.warn("error in parsing expression", e); - help(); - System.exit(1); - } + requestorName = cmd.getOptionValue(userOpt); + if (requestorName == null) { + requestorName = env.get(userEnv); } - - /** - * Initialize CLI - */ - private void init() { - Map<String, String> env = System.getenv(); - String log4jconf = cmd.getOptionValue(LOG4J_CONF); - if (log4jconf != null && log4jconf.length() > 0) { - Properties log4jProperties = new Properties(); - - // Firstly load log properties from properties file - FileInputStream istream = null; - try { - istream = new FileInputStream(log4jconf); - } catch (FileNotFoundException e) { - e.printStackTrace(); - } - try { - log4jProperties.load(istream); - istream.close(); - } catch (IOException e) { - e.printStackTrace(); - } - - PropertyConfigurator.configure(log4jProperties); - } - - String host = cmd.getOptionValue(hostOpt); - if (host == null) { - host = env.get(hostEnv); - } - - String pathConf = cmd.getOptionValue(configOpt); - if (pathConf == null) { - pathConf = env.get(configEnv); - } - if (host == null && pathConf == null) { - host = localhost + ":" + defaultPort; - } - - Configuration conf = new Configuration(); - - if (pathConf != null) { - conf.addResource(new Path(pathConf)); - } else { - conf.set(SECURITY_MODE, SECURITY_MODE_NONE); - } - - if (host != null) { - conf.set(SERVER_RPC_ADDRESS, host); - } - - requestorName = cmd.getOptionValue(userOpt); - if (requestorName == null) { - requestorName = env.get(userEnv); - } - if (requestorName == null) { - - UserGroupInformation ugi = null; - try { - ugi = UserGroupInformation.getLoginUser(); - } catch (IOException e) { - e.printStackTrace(); - } - requestorName = ugi.getShortUserName(); - } - - try { - sentryClient = SentryServiceClientFactory.create(conf); - } catch (Exception e) { - System.out.println("Failed to connect to Sentry server: " + e.toString()); - } + if (requestorName == null) { + + UserGroupInformation ugi = null; + try { + ugi = UserGroupInformation.getLoginUser(); + } catch (IOException e) { + e.printStackTrace(); + } + requestorName = ugi.getShortUserName(); } - private void help() { - // This prints out some help - HelpFormatter formater = new HelpFormatter(); - formater.printHelp("sentrycli", options); - System.exit(0); + try { + sentryClient = SentryServiceClientFactory.create(conf); + sentryGenericClient = SentryGenericServiceClientFactory.create(conf); + } catch (Exception e) { + System.out.println("Failed to connect to Sentry server: " + e.toString()); } + } + + private void help() { + // This prints out some help + HelpFormatter formater = new HelpFormatter(); + formater.printHelp("sentrycli", options); + System.exit(0); + } } http://git-wip-us.apache.org/repos/asf/sentry/blob/3dc878e1/sentry-tools/src/main/java/org/apache/sentry/shell/ShellUtil.java ---------------------------------------------------------------------- diff --git a/sentry-tools/src/main/java/org/apache/sentry/shell/ShellUtil.java b/sentry-tools/src/main/java/org/apache/sentry/shell/ShellUtil.java deleted file mode 100644 index 307a05e..0000000 --- a/sentry-tools/src/main/java/org/apache/sentry/shell/ShellUtil.java +++ /dev/null @@ -1,134 +0,0 @@ -/* - * Licensed to the Apache Software Foundation (ASF) under one - * or more contributor license agreements. See the NOTICE file - * distributed with this work for additional information - * regarding copyright ownership. The ASF licenses this file - * to you under the Apache License, Version 2.0 (the - * "License"); you may not use this file except in compliance - * with the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -package org.apache.sentry.shell; - -import org.apache.sentry.core.common.exception.SentryUserException; -import org.apache.sentry.provider.db.service.thrift.*; -import org.apache.sentry.provider.db.tools.ShellCommand; -import org.apache.sentry.provider.db.tools.command.hive.HiveShellCommand; - -import java.util.*; - -/** - * ShellUtil implements actual commands - */ -class ShellUtil { - - private final ShellCommand command; - private final String authUser; - - ShellUtil(SentryPolicyServiceClient sentryClient, String authUser) { - this.authUser = authUser; - command = new HiveShellCommand(sentryClient); - } - - List<String> listRoles() { - return listRoles(null); - } - - List<String> listRoles(String group) { - try { - List<String> result = command.listRoles(authUser, group); - Collections.sort(result); - return result; - } catch (SentryUserException e) { - System.out.printf("failed to list roles with group %s: %s\n", - group, e.toString()); - return Collections.emptyList(); - } - } - - void createRoles(String ...roles) { - for (String role : roles) { - try { - command.createRole(authUser, role); - } catch (SentryUserException e) { - System.out.printf("failed to create role %s: %s\n", - role, e.toString()); - } - } - } - - void dropRoles(String ...roles) { - for (String role : roles) { - try { - command.dropRole(authUser, role); - } catch (SentryUserException e) { - System.out.printf("failed to drop role %s: %s\n", - role, e.toString()); - } - } - } - - List<String> listGroupRoles() { - try { - return command.listGroupRoles(authUser); - } catch (SentryUserException e) { - System.out.printf("failed to list the groups and roles: %s\n", e.toString()); - return Collections.emptyList(); - } - } - - void grantGroupsToRole(String roleName, String ...groups) { - try { - Set<String> groupsSet = new HashSet<>(Arrays.asList(groups)); - command.grantRoleToGroups(authUser, roleName, groupsSet); - } catch (SentryUserException e) { - System.out.printf("Failed to gran role %s to groups: %s\n", - roleName, e.toString()); - } - } - - void revokeGroupsFromRole(String roleName, String ...groups) { - try { - Set<String> groupsSet = new HashSet<>(Arrays.asList(groups)); - command.revokeRoleFromGroups(authUser, roleName, groupsSet); - } catch (SentryUserException e) { - System.out.printf("Failed to revoke role %s to groups: %s\n", - roleName, e.toString()); - } - } - - void grantPrivilegeToRole(String roleName, String privilege) { - try { - command.grantPrivilegeToRole(authUser, roleName, privilege); - } catch (SentryUserException e) { - System.out.println("Error granting privilege: " + e.toString()); - } - } - - List<String> listPrivileges(String roleName) { - try { - return command.listPrivileges(authUser, roleName); - } catch (SentryUserException e) { - System.out.println("Failed to list privileges: " + e.toString()); - return Collections.emptyList(); - } - } - - void revokePrivilegeFromRole(String roleName, String privilegeStr) { - try { - command.revokePrivilegeFromRole(authUser, roleName, privilegeStr); - } catch (SentryUserException e) { - System.out.println("failed to revoke privilege: " + e.toString()); - } - } - - -} http://git-wip-us.apache.org/repos/asf/sentry/blob/3dc878e1/sentry-tools/src/main/java/org/apache/sentry/shell/TopLevelShell.java ---------------------------------------------------------------------- diff --git a/sentry-tools/src/main/java/org/apache/sentry/shell/TopLevelShell.java b/sentry-tools/src/main/java/org/apache/sentry/shell/TopLevelShell.java index ba4a204..b8f365f 100644 --- a/sentry-tools/src/main/java/org/apache/sentry/shell/TopLevelShell.java +++ b/sentry-tools/src/main/java/org/apache/sentry/shell/TopLevelShell.java @@ -18,139 +18,284 @@ package org.apache.sentry.shell; -import com.budhash.cliche.*; +import org.apache.sentry.core.common.exception.SentryUserException; +import org.apache.sentry.provider.common.AuthorizationComponent; +import org.apache.sentry.provider.db.generic.service.thrift.SentryGenericServiceClient; +import org.apache.sentry.provider.db.generic.tools.GenericPrivilegeConverter; +import org.apache.sentry.provider.db.generic.tools.command.GenericShellCommand; +import org.apache.sentry.provider.db.generic.tools.command.TSentryPrivilegeConverter; import org.apache.sentry.provider.db.service.thrift.SentryPolicyServiceClient; +import org.apache.sentry.provider.db.tools.ShellCommand; +import org.apache.sentry.provider.db.tools.command.hive.HiveShellCommand; + +import com.budhash.cliche.Command; +import com.budhash.cliche.Param; +import com.budhash.cliche.Shell; +import com.budhash.cliche.ShellDependent; +import com.budhash.cliche.ShellFactory; import java.io.IOException; +import java.util.Arrays; +import java.util.Collections; +import java.util.HashSet; import java.util.List; +import java.util.Set; /** * Top level commands */ public class TopLevelShell implements ShellDependent, Runnable { - private final Shell topShell; - private final ShellUtil tools; - private Shell shell; // top level shell object - - private final String authUser; - private final SentryPolicyServiceClient sentryClient; - - TopLevelShell(SentryPolicyServiceClient sentryClient, - String authUser) { - this.authUser = authUser; - this.sentryClient = sentryClient; - this.tools = new ShellUtil(sentryClient, authUser); - topShell = ShellFactory.createConsoleShell("sentry", - "sentry shell\n" + - "Enter ?l to list available commands.", - this); - } + public enum TYPE { kafka, hive, solr, sqoop }; + + private final Shell topShell; + private ShellCommand shellCommand; + private Shell shell; // top level shell object + + private final String authUser; + private final SentryPolicyServiceClient sentryClient; + private final SentryGenericServiceClient sentryGenericClient; + + TopLevelShell(SentryPolicyServiceClient sentryClient, + SentryGenericServiceClient sentryGenericClient, + String authUser) { + this.authUser = authUser; + this.sentryClient = sentryClient; + this.sentryGenericClient = sentryGenericClient; + shellCommand = new HiveShellCommand(sentryClient); + topShell = ShellFactory.createConsoleShell("sentry", + "sentry shell\n" + + "Enter ?l to list available commands.", + this); + } + + @Command(description="list, create and remove roles") + public void roles() throws IOException { + ShellFactory.createSubshell("roles", shell, "roles commands", + new RolesShell(shellCommand, authUser)).commandLoop(); + } - @Command(description="list, create and remove roles") - public void roles() throws IOException { - ShellFactory.createSubshell("roles", shell, "roles commands", - new RolesShell(sentryClient, authUser)).commandLoop(); + @Command(description = "list, create and remove groups") + public void groups() throws IOException { + ShellFactory.createSubshell("groups", shell, "groups commands", + new GroupShell(shellCommand, authUser)).commandLoop(); + } + + @Command(description = "list, create and remove privileges") + public void privileges() throws IOException { + ShellFactory.createSubshell("privileges", shell, "privileges commands", + new PrivsShell(shellCommand, authUser)).commandLoop(); + } + + @Command(description = "List sentry roles. shows all available roles.") + public List<String> listRoles() { + try { + List<String> result = shellCommand.listRoles(authUser, null); + Collections.sort(result); + return result; + } catch (SentryUserException e) { + System.out.printf("failed to list roles: %s\n", e.toString()); + return Collections.emptyList(); } + } - @Command(description = "list, create and remove groups") - public void groups() throws IOException { - ShellFactory.createSubshell("groups", shell, "groups commands", - new GroupShell(sentryClient, authUser)).commandLoop(); + @Command(description = "List sentry roles by group") + public List<String> listRoles( + @Param(name = "groupName") + String group) { + try { + List<String> result = shellCommand.listRoles(authUser, group); + Collections.sort(result); + return result; + } catch (SentryUserException e) { + System.out.printf("failed to list roles with group %s: %s\n", + group, e.toString()); + return Collections.emptyList(); } + } - @Command(description = "list, create and remove privileges") - public void privileges() throws IOException { - ShellFactory.createSubshell("privileges", shell, "privileges commands", - new PrivsShell(sentryClient, authUser)).commandLoop(); + @Command(abbrev = "lg", header = "[groups]", + description = "list groups and their roles") + public List<String> listGroups() { + try { + return shellCommand.listGroupRoles(authUser); + } catch (SentryUserException e) { + System.out.printf("failed to list the groups and roles: %s\n", e.toString()); + return Collections.emptyList(); } + } - @Command(description = "List sentry roles. shows all available roles.") - public List<String> listRoles() { - return tools.listRoles(); + @Command(description = "Grant role to groups") + public void grantRole( + @Param(name = "roleName") + String roleName, + @Param(name = "group...") String ...groups) { + try { + Set<String> groupsSet = new HashSet<>(Arrays.asList(groups)); + shellCommand.grantRoleToGroups(authUser, roleName, groupsSet); + } catch (SentryUserException e) { + System.out.printf("Failed to gran role %s to groups: %s\n", + roleName, e.toString()); } + } - @Command(description = "List sentry roles by group") - public List<String> listRoles( - @Param(name = "groupName") - String group) { - return tools.listRoles(group); + @Command(abbrev = "grm", description = "Revoke role from groups") + public void revokeRole( + @Param(name = "roleName") + String roleName, + @Param(name = "group...") + String ...groups) { + try { + Set<String> groupsSet = new HashSet<>(Arrays.asList(groups)); + shellCommand.revokeRoleFromGroups(authUser, roleName, groupsSet); + } catch (SentryUserException e) { + System.out.printf("Failed to revoke role %s to groups: %s\n", + roleName, e.toString()); } + } - @Command(abbrev = "lg", header = "[groups]", - description = "list groups and their roles") - public List<String> listGroups() { - return tools.listGroupRoles(); + @Command(description = "Create Sentry role(s).") + public void createRole( + @Param(name = "roleName", description = "name of role to create") + String ...roles) { + for (String role : roles) { + try { + shellCommand.createRole(authUser, role); + } catch (SentryUserException e) { + System.out.printf("failed to create role %s: %s\n", + role, e.toString()); + } } + } - @Command(description = "Grant role to groups") - public void grantRole( - @Param(name = "roleName") - String roleName, - @Param(name = "group...") String ...groups) { - tools.grantGroupsToRole(roleName, groups); + @Command(abbrev = "dr", description = "drop Sentry role(s).") + public void dropRole( + @Param(name = "roleName ...", description = "role names to drop") + String ...roles) { + for (String role : roles) { + try { + shellCommand.dropRole(authUser, role); + } catch (SentryUserException e) { + System.out.printf("failed to drop role %s: %s\n", + role, e.toString()); + } } + } - @Command(abbrev = "grm", - description = "Revoke role from groups") - public void revokeRole( - @Param(name = "roleName") - String roleName, - @Param(name = "group...") - String ...groups) { - tools.revokeGroupsFromRole(roleName, groups); + @Command(description = "list Sentry privileges") + public List<String> listPrivileges( + @Param(name = "roleName") + String roleName) { + try { + return shellCommand.listPrivileges(authUser, roleName); + } catch (SentryUserException e) { + System.out.println("Failed to list privileges: " + e.toString()); + return Collections.emptyList(); } + } - @Command(description = "Create Sentry role(s).") - public void createRole( - @Param(name = "roleName", description = "name of role to create") - String ...roles) { - tools.createRoles(roles); + @Command(description = "Grant privilege to role") + public void grantPrivilege( + @Param(name = "roleName") + String roleName, + @Param(name = "privilege", description = "privilege string, e.g. server=s1->db=foo") + String privilege) { + try { + shellCommand.grantPrivilegeToRole(authUser, roleName, privilege); + } catch (SentryUserException e) { + System.out.println("Error granting privilege: " + e.toString()); } + } - @Command(abbrev = "dr", description = "drop Sentry role(s).") - public void dropRole( - @Param(name = "roleName ...", description = "role names to drop") - String ...roles) { - tools.dropRoles(roles); + @Command + public void revokePrivilege( + @Param(name = "roleName") + String roleName, + @Param(name = "privilege", description = "privilege string, e.g. server=s1->db=foo") + String privilege) { + try { + shellCommand.revokePrivilegeFromRole(authUser, roleName, privilege); + } catch (SentryUserException e) { + System.out.println("failed to revoke privilege: " + e.toString()); } + } - @Command(description = "list Sentry privileges") - public List<String> listPrivileges( - @Param(name = "roleName") - String roleName) { - return tools.listPrivileges(roleName); + @Command(description = "Set the type: hive, kafka, sqoop, solr, etc.") + public void type( + @Param(name = "type", description = "the type to set: hive, kafka, sqoop, solr, etc.") + String type) { + // Check it's a valid type first + try { + TYPE parsedType = TYPE.valueOf(type); + if (parsedType == TYPE.hive) { + shellCommand = new HiveShellCommand(sentryClient); + } else { + String component = getComponent(parsedType); + String service = getService(parsedType); + TSentryPrivilegeConverter converter = new GenericPrivilegeConverter(component, service); + shellCommand = new GenericShellCommand(sentryGenericClient, component, service, converter); + } + } catch (IllegalArgumentException ex) { + System.out.printf("The %s type value is not an accepted type value\n", type); } + } - @Command(description = "Grant privilege to role") - public void grantPrivilege( - @Param(name = "roleName") - String roleName, - @Param(name = "privilege", description = "privilege string, e.g. server=s1->db=foo") - String privilege) { - tools.grantPrivilegeToRole(roleName, privilege); + @Command(description = "Set the type: hive, kafka, sqoop, solr, etc.") + public void type( + @Param(name = "type", description = "the type to set: hive, kafka, sqoop, solr, etc.") + String type, + @Param(name = "service", description = "the service name") + String service) { + try { + // Check it's a valid type first + TYPE parsedType = TYPE.valueOf(type); + if (parsedType == TYPE.hive) { + shellCommand = new HiveShellCommand(sentryClient); + } else { + String component = getComponent(parsedType); + TSentryPrivilegeConverter converter = new GenericPrivilegeConverter(component, service); + shellCommand = new GenericShellCommand(sentryGenericClient, component, service, converter); + } + } catch (IllegalArgumentException ex) { + System.out.printf("The %s type value is not an accepted type value\n", type); } + } + + @Override + public void cliSetShell(Shell theShell) { + this.shell = theShell; + } - @Command - public void revokePrivilege( - @Param(name = "roleName") - String roleName, - @Param(name = "privilege", description = "privilege string, e.g. server=s1->db=foo") - String privilege) { - tools.revokePrivilegeFromRole(roleName, privilege); + @Override + public void run() { + try { + this.topShell.commandLoop(); + } catch (IOException e) { + System.out.println("error: " + e.toString()); } + } - @Override - public void cliSetShell(Shell theShell) { - this.shell = theShell; + private String getComponent(TYPE type) { + if (type == TYPE.kafka) { + return AuthorizationComponent.KAFKA; + } else if (type == TYPE.solr) { + return "SOLR"; + } else if (type == TYPE.sqoop) { + return AuthorizationComponent.SQOOP; } - @Override - public void run() { - try { - this.topShell.commandLoop(); - } catch (IOException e) { - System.out.println("error: " + e.toString()); - } + throw new IllegalArgumentException("Invalid type specified for SentryShellGeneric: " + type); + } + + private String getService(TYPE type) { + if (type == TYPE.kafka) { + return AuthorizationComponent.KAFKA; + } else if (type == TYPE.solr) { + return "service1"; + } else if (type == TYPE.sqoop) { + return "sqoopServer1"; } + + throw new IllegalArgumentException("Invalid type specified for SentryShellGeneric: " + type); + } }
