incubator-sentry git commit: SENTRY-1090: Improvement for CommonPrivilege (Colin Ma, Reviewed by Hao Hao)

colin Sun, 21 Feb 2016 22:32:37 -0800

Repository: incubator-sentry
Updated Branches:
  refs/heads/SENTRY-999 2aa3e99ae -> f81375c52



SENTRY-1090: Improvement for CommonPrivilege (Colin Ma, Reviewed by Hao Hao)


Project: http://git-wip-us.apache.org/repos/asf/incubator-sentry/repo
Commit: http://git-wip-us.apache.org/repos/asf/incubator-sentry/commit/f81375c5
Tree: http://git-wip-us.apache.org/repos/asf/incubator-sentry/tree/f81375c5
Diff: http://git-wip-us.apache.org/repos/asf/incubator-sentry/diff/f81375c5

Branch: refs/heads/SENTRY-999
Commit: f81375c5269f85ec3cdb6d7d38893d2d2be2ff85
Parents: 2aa3e99
Author: Colin Ma <co...@apache.org>
Authored: Mon Feb 22 15:30:31 2016 +0800
Committer: Colin Ma <co...@apache.org>
Committed: Mon Feb 22 15:30:31 2016 +0800

----------------------------------------------------------------------
 .../sentry/policy/common/CommonPrivilege.java   | 21 ++++++++++++++++----
 .../sentry/policy/common/PolicyConstants.java   |  3 ++-
 2 files changed, 19 insertions(+), 5 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/f81375c5/sentry-policy/sentry-policy-common/src/main/java/org/apache/sentry/policy/common/CommonPrivilege.java
----------------------------------------------------------------------
diff --git 
a/sentry-policy/sentry-policy-common/src/main/java/org/apache/sentry/policy/common/CommonPrivilege.java
 
b/sentry-policy/sentry-policy-common/src/main/java/org/apache/sentry/policy/common/CommonPrivilege.java
index af3a7dd..91fb5df 100644
--- 
a/sentry-policy/sentry-policy-common/src/main/java/org/apache/sentry/policy/common/CommonPrivilege.java
+++ 
b/sentry-policy/sentry-policy-common/src/main/java/org/apache/sentry/policy/common/CommonPrivilege.java
@@ -82,7 +82,7 @@ public class CommonPrivilege implements Privilege {
             return false;
           }
         } else {
-          if (!impliesValue(model.getImplyMethodMap().get(policyKey), 
part.getValue(), otherPart.getValue())) {
+          if (!impliesResource(model.getImplyMethodMap().get(policyKey), 
part.getValue(), otherPart.getValue())) {
             return false;
           }
         }
@@ -103,15 +103,21 @@ public class CommonPrivilege implements Privilege {
     return true;
   }
 
-  private boolean impliesValue(ImplyMethodType implyMethodType, String 
policyValue, String requestValue) {
+  // The method is used for compare the value of resource by the 
ImplyMethodType.
+  // for Hive, databaseName, tableName, columnName will be compared using 
String.equal(wildcard support)
+  //           url will be compared using PathUtils.impliesURI
+  private boolean impliesResource(ImplyMethodType implyMethodType, String 
policyValue, String requestValue) {
     // compare as the url
     if (ImplyMethodType.URL == implyMethodType) {
       return PathUtils.impliesURI(policyValue, requestValue);
     }
-    // default: compare as the string
-    return policyValue.equals(requestValue);
+    // default: compare as the string with wildcard support
+    return impliesStringWithWildcard(policyValue, requestValue);
   }
 
+  // The method is used for compare the action for the privilege model.
+  // for Hive, the action will be select, insert, etc.
+  // for Solr, the action will be update, query, etc.
   private boolean impliesAction(String policyValue, String requestValue,
                                 BitFieldActionFactory bitFieldActionFactory) {
     BitFieldAction currentAction = 
bitFieldActionFactory.getActionByName(policyValue);
@@ -123,6 +129,13 @@ public class CommonPrivilege implements Privilege {
     return currentAction.implies(requestAction);
   }
 
+  private boolean impliesStringWithWildcard(String policyValue, String 
requestValue) {
+    if (PolicyConstants.RESOURCE_WILDCARD_VALUE.equals(policyValue)) {
+      return true;
+    }
+    return policyValue.equals(requestValue);
+  }
+
 
   @Override
   public String toString() {

http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/f81375c5/sentry-policy/sentry-policy-common/src/main/java/org/apache/sentry/policy/common/PolicyConstants.java
----------------------------------------------------------------------
diff --git 
a/sentry-policy/sentry-policy-common/src/main/java/org/apache/sentry/policy/common/PolicyConstants.java
 
b/sentry-policy/sentry-policy-common/src/main/java/org/apache/sentry/policy/common/PolicyConstants.java
index 8e4d465..5182197 100644
--- 
a/sentry-policy/sentry-policy-common/src/main/java/org/apache/sentry/policy/common/PolicyConstants.java
+++ 
b/sentry-policy/sentry-policy-common/src/main/java/org/apache/sentry/policy/common/PolicyConstants.java
@@ -32,8 +32,9 @@ public class PolicyConstants {
   public static final Joiner AUTHORIZABLE_JOINER = 
Joiner.on(AUTHORIZABLE_SEPARATOR);
   public static final Joiner KV_JOINER = Joiner.on(KV_SEPARATOR);
 
-  // TODO change to privilege
   public static final String PRIVILEGE_NAME = "action";
   public static final String PRIVILEGE_PREFIX = (PRIVILEGE_NAME + 
KV_SEPARATOR).toLowerCase();
   public static final String PRIVILEGE_WILDCARD_VALUE = "*";
+
+  public static final String RESOURCE_WILDCARD_VALUE = "*";
 }

incubator-sentry git commit: SENTRY-1090: Improvement for CommonPrivilege (Colin Ma, Reviewed by Hao Hao)

Reply via email to