Repository: incubator-sentry Updated Branches: refs/heads/SENTRY-999 b894ec623 -> 51e7da951
SENTRY-1104: Add method in Privilege model to create privilege validators(Colin Ma, Reviewed by Dapeng Sun) Project: http://git-wip-us.apache.org/repos/asf/incubator-sentry/repo Commit: http://git-wip-us.apache.org/repos/asf/incubator-sentry/commit/51e7da95 Tree: http://git-wip-us.apache.org/repos/asf/incubator-sentry/tree/51e7da95 Diff: http://git-wip-us.apache.org/repos/asf/incubator-sentry/diff/51e7da95 Branch: refs/heads/SENTRY-999 Commit: 51e7da951bfe2054ac297771db6a225fbdde0cf3 Parents: b894ec6 Author: Colin Ma <co...@apache.org> Authored: Mon Feb 29 17:11:12 2016 +0800 Committer: Colin Ma <co...@apache.org> Committed: Mon Feb 29 17:11:12 2016 +0800 ---------------------------------------------------------------------- .../sentry/core/model/db/HivePrivilegeModel.java | 13 ++++++++++++- .../core/model/indexer/IndexerPrivilegeModel.java | 8 +++++++- .../core/model/search/SearchPrivilegeModel.java | 8 +++++++- .../sentry/core/model/sqoop/SqoopPrivilegeModel.java | 9 ++++++++- .../apache/sentry/policy/db/SimpleDBPolicyEngine.java | 14 ++------------ .../policy/indexer/SimpleIndexerPolicyEngine.java | 10 ++-------- .../policy/search/SimpleSearchPolicyEngine.java | 10 ++-------- .../sentry/policy/sqoop/SimpleSqoopPolicyEngine.java | 6 ++---- .../generic/tools/SolrTSentryPrivilegeConvertor.java | 4 ++-- 9 files changed, 44 insertions(+), 38 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/51e7da95/sentry-core/sentry-core-model-db/src/main/java/org/apache/sentry/core/model/db/HivePrivilegeModel.java ---------------------------------------------------------------------- diff --git a/sentry-core/sentry-core-model-db/src/main/java/org/apache/sentry/core/model/db/HivePrivilegeModel.java b/sentry-core/sentry-core-model-db/src/main/java/org/apache/sentry/core/model/db/HivePrivilegeModel.java index f2cc77f..231acca 100644 --- a/sentry-core/sentry-core-model-db/src/main/java/org/apache/sentry/core/model/db/HivePrivilegeModel.java +++ b/sentry-core/sentry-core-model-db/src/main/java/org/apache/sentry/core/model/db/HivePrivilegeModel.java @@ -16,9 +16,15 @@ */ package org.apache.sentry.core.model.db; +import com.google.common.collect.ImmutableList; import org.apache.sentry.core.common.BitFieldActionFactory; import org.apache.sentry.core.common.ImplyMethodType; import org.apache.sentry.core.common.Model; +import org.apache.sentry.core.common.validator.PrivilegeValidator; +import org.apache.sentry.core.model.db.validator.DatabaseMustMatch; +import org.apache.sentry.core.model.db.validator.DatabaseRequiredInPrivilege; +import org.apache.sentry.core.model.db.validator.ServerNameMustMatch; +import org.apache.sentry.core.model.db.validator.ServersAllIsInvalid; import java.util.HashMap; import java.util.Map; @@ -51,7 +57,12 @@ public class HivePrivilegeModel implements Model { return bitFieldActionFactory; } - public static Model getInstance() { + public static HivePrivilegeModel getInstance() { return hivePrivilegeModel; } + + public ImmutableList<PrivilegeValidator> getPrivilegeValidators(String serverName) { + return ImmutableList.<PrivilegeValidator>of(new ServersAllIsInvalid(), new DatabaseMustMatch(), + new DatabaseRequiredInPrivilege(), new ServerNameMustMatch(serverName)); + } } \ No newline at end of file http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/51e7da95/sentry-core/sentry-core-model-indexer/src/main/java/org/apache/sentry/core/model/indexer/IndexerPrivilegeModel.java ---------------------------------------------------------------------- diff --git a/sentry-core/sentry-core-model-indexer/src/main/java/org/apache/sentry/core/model/indexer/IndexerPrivilegeModel.java b/sentry-core/sentry-core-model-indexer/src/main/java/org/apache/sentry/core/model/indexer/IndexerPrivilegeModel.java index be15dec..6951513 100644 --- a/sentry-core/sentry-core-model-indexer/src/main/java/org/apache/sentry/core/model/indexer/IndexerPrivilegeModel.java +++ b/sentry-core/sentry-core-model-indexer/src/main/java/org/apache/sentry/core/model/indexer/IndexerPrivilegeModel.java @@ -16,9 +16,12 @@ */ package org.apache.sentry.core.model.indexer; +import com.google.common.collect.ImmutableList; import org.apache.sentry.core.common.BitFieldActionFactory; import org.apache.sentry.core.common.ImplyMethodType; import org.apache.sentry.core.common.Model; +import org.apache.sentry.core.common.validator.PrivilegeValidator; +import org.apache.sentry.core.model.indexer.validator.IndexerRequiredInPrivilege; import java.util.HashMap; import java.util.Map; @@ -46,8 +49,11 @@ public class IndexerPrivilegeModel implements Model { return bitFieldActionFactory; } - public static Model getInstance() { + public static IndexerPrivilegeModel getInstance() { return indexerPrivilegeModel; } + public ImmutableList<PrivilegeValidator> getPrivilegeValidators() { + return ImmutableList.<PrivilegeValidator>of(new IndexerRequiredInPrivilege()); + } } \ No newline at end of file http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/51e7da95/sentry-core/sentry-core-model-search/src/main/java/org/apache/sentry/core/model/search/SearchPrivilegeModel.java ---------------------------------------------------------------------- diff --git a/sentry-core/sentry-core-model-search/src/main/java/org/apache/sentry/core/model/search/SearchPrivilegeModel.java b/sentry-core/sentry-core-model-search/src/main/java/org/apache/sentry/core/model/search/SearchPrivilegeModel.java index 8231f12..9429a25 100644 --- a/sentry-core/sentry-core-model-search/src/main/java/org/apache/sentry/core/model/search/SearchPrivilegeModel.java +++ b/sentry-core/sentry-core-model-search/src/main/java/org/apache/sentry/core/model/search/SearchPrivilegeModel.java @@ -16,9 +16,12 @@ */ package org.apache.sentry.core.model.search; +import com.google.common.collect.ImmutableList; import org.apache.sentry.core.common.BitFieldActionFactory; import org.apache.sentry.core.common.ImplyMethodType; import org.apache.sentry.core.common.Model; +import org.apache.sentry.core.common.validator.PrivilegeValidator; +import org.apache.sentry.core.model.search.validator.CollectionRequiredInPrivilege; import java.util.HashMap; import java.util.Map; @@ -47,8 +50,11 @@ public class SearchPrivilegeModel implements Model { return bitFieldActionFactory; } - public static Model getInstance() { + public static SearchPrivilegeModel getInstance() { return searchPrivilegeModel; } + public ImmutableList<PrivilegeValidator> getPrivilegeValidators() { + return ImmutableList.<PrivilegeValidator>of(new CollectionRequiredInPrivilege()); + } } \ No newline at end of file http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/51e7da95/sentry-core/sentry-core-model-sqoop/src/main/java/org/apache/sentry/core/model/sqoop/SqoopPrivilegeModel.java ---------------------------------------------------------------------- diff --git a/sentry-core/sentry-core-model-sqoop/src/main/java/org/apache/sentry/core/model/sqoop/SqoopPrivilegeModel.java b/sentry-core/sentry-core-model-sqoop/src/main/java/org/apache/sentry/core/model/sqoop/SqoopPrivilegeModel.java index 8c4307c..4bd8f94 100644 --- a/sentry-core/sentry-core-model-sqoop/src/main/java/org/apache/sentry/core/model/sqoop/SqoopPrivilegeModel.java +++ b/sentry-core/sentry-core-model-sqoop/src/main/java/org/apache/sentry/core/model/sqoop/SqoopPrivilegeModel.java @@ -16,9 +16,12 @@ */ package org.apache.sentry.core.model.sqoop; +import com.google.common.collect.ImmutableList; import org.apache.sentry.core.common.BitFieldActionFactory; import org.apache.sentry.core.common.ImplyMethodType; import org.apache.sentry.core.common.Model; +import org.apache.sentry.core.common.validator.PrivilegeValidator; +import org.apache.sentry.core.model.sqoop.validator.ServerNameRequiredMatch; import java.util.HashMap; import java.util.Map; @@ -49,8 +52,12 @@ public class SqoopPrivilegeModel implements Model { return bitFieldActionFactory; } - public static Model getInstance() { + public static SqoopPrivilegeModel getInstance() { return sqoopPrivilegeModel; } + public ImmutableList<PrivilegeValidator> getPrivilegeValidators(String sqoopServerName) { + return ImmutableList.<PrivilegeValidator>of(new ServerNameRequiredMatch(sqoopServerName)); + } + } \ No newline at end of file http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/51e7da95/sentry-policy/sentry-policy-db/src/main/java/org/apache/sentry/policy/db/SimpleDBPolicyEngine.java ---------------------------------------------------------------------- diff --git a/sentry-policy/sentry-policy-db/src/main/java/org/apache/sentry/policy/db/SimpleDBPolicyEngine.java b/sentry-policy/sentry-policy-db/src/main/java/org/apache/sentry/policy/db/SimpleDBPolicyEngine.java index 7cbeb21..ff483c1 100644 --- a/sentry-policy/sentry-policy-db/src/main/java/org/apache/sentry/policy/db/SimpleDBPolicyEngine.java +++ b/sentry-policy/sentry-policy-db/src/main/java/org/apache/sentry/policy/db/SimpleDBPolicyEngine.java @@ -21,19 +21,14 @@ import java.util.Set; import org.apache.sentry.core.common.ActiveRoleSet; import org.apache.sentry.core.common.Authorizable; import org.apache.sentry.core.common.SentryConfigurationException; -import org.apache.sentry.core.model.db.validator.DatabaseMustMatch; -import org.apache.sentry.core.model.db.validator.DatabaseRequiredInPrivilege; -import org.apache.sentry.core.model.db.validator.ServerNameMustMatch; -import org.apache.sentry.core.model.db.validator.ServersAllIsInvalid; +import org.apache.sentry.core.model.db.HivePrivilegeModel; import org.apache.sentry.policy.common.PrivilegeFactory; import org.apache.sentry.policy.common.PolicyEngine; -import org.apache.sentry.core.common.validator.PrivilegeValidator; import org.apache.sentry.provider.common.ProviderBackend; import org.apache.sentry.provider.common.ProviderBackendContext; import org.slf4j.Logger; import org.slf4j.LoggerFactory; -import com.google.common.collect.ImmutableList; import com.google.common.collect.ImmutableSet; public class SimpleDBPolicyEngine implements PolicyEngine { @@ -49,7 +44,7 @@ public class SimpleDBPolicyEngine implements PolicyEngine { this.providerBackend = providerBackend; ProviderBackendContext context = new ProviderBackendContext(); context.setAllowPerDatabase(true); - context.setValidators(createPrivilegeValidators(serverName)); + context.setValidators(HivePrivilegeModel.getInstance().getPrivilegeValidators(serverName)); this.providerBackend.initialize(context); } @@ -96,9 +91,4 @@ public class SimpleDBPolicyEngine implements PolicyEngine { providerBackend.close(); } } - - public static ImmutableList<PrivilegeValidator> createPrivilegeValidators(String serverName) { - return ImmutableList.<PrivilegeValidator>of(new ServersAllIsInvalid(), new DatabaseMustMatch(), - new DatabaseRequiredInPrivilege(), new ServerNameMustMatch(serverName)); - } } http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/51e7da95/sentry-policy/sentry-policy-indexer/src/main/java/org/apache/sentry/policy/indexer/SimpleIndexerPolicyEngine.java ---------------------------------------------------------------------- diff --git a/sentry-policy/sentry-policy-indexer/src/main/java/org/apache/sentry/policy/indexer/SimpleIndexerPolicyEngine.java b/sentry-policy/sentry-policy-indexer/src/main/java/org/apache/sentry/policy/indexer/SimpleIndexerPolicyEngine.java index 20985eb..514b88a 100644 --- a/sentry-policy/sentry-policy-indexer/src/main/java/org/apache/sentry/policy/indexer/SimpleIndexerPolicyEngine.java +++ b/sentry-policy/sentry-policy-indexer/src/main/java/org/apache/sentry/policy/indexer/SimpleIndexerPolicyEngine.java @@ -21,16 +21,14 @@ import java.util.Set; import org.apache.sentry.core.common.ActiveRoleSet; import org.apache.sentry.core.common.Authorizable; import org.apache.sentry.core.common.SentryConfigurationException; -import org.apache.sentry.core.model.indexer.validator.IndexerRequiredInPrivilege; +import org.apache.sentry.core.model.indexer.IndexerPrivilegeModel; import org.apache.sentry.policy.common.PrivilegeFactory; import org.apache.sentry.policy.common.PolicyEngine; -import org.apache.sentry.core.common.validator.PrivilegeValidator; import org.apache.sentry.provider.common.ProviderBackend; import org.apache.sentry.provider.common.ProviderBackendContext; import org.slf4j.Logger; import org.slf4j.LoggerFactory; -import com.google.common.collect.ImmutableList; import com.google.common.collect.ImmutableSet; /** @@ -47,7 +45,7 @@ public class SimpleIndexerPolicyEngine implements PolicyEngine { this.providerBackend = providerBackend; ProviderBackendContext context = new ProviderBackendContext(); context.setAllowPerDatabase(false); - context.setValidators(createPrivilegeValidators()); + context.setValidators(IndexerPrivilegeModel.getInstance().getPrivilegeValidators()); this.providerBackend.initialize(context); } @@ -89,10 +87,6 @@ public class SimpleIndexerPolicyEngine implements PolicyEngine { throw new SentryConfigurationException("Not implemented yet"); } - public static ImmutableList<PrivilegeValidator> createPrivilegeValidators() { - return ImmutableList.<PrivilegeValidator>of(new IndexerRequiredInPrivilege()); - } - @Override public void close() { if (providerBackend != null) { http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/51e7da95/sentry-policy/sentry-policy-search/src/main/java/org/apache/sentry/policy/search/SimpleSearchPolicyEngine.java ---------------------------------------------------------------------- diff --git a/sentry-policy/sentry-policy-search/src/main/java/org/apache/sentry/policy/search/SimpleSearchPolicyEngine.java b/sentry-policy/sentry-policy-search/src/main/java/org/apache/sentry/policy/search/SimpleSearchPolicyEngine.java index 352e4aa..11db0e6 100644 --- a/sentry-policy/sentry-policy-search/src/main/java/org/apache/sentry/policy/search/SimpleSearchPolicyEngine.java +++ b/sentry-policy/sentry-policy-search/src/main/java/org/apache/sentry/policy/search/SimpleSearchPolicyEngine.java @@ -21,16 +21,14 @@ import java.util.Set; import org.apache.sentry.core.common.ActiveRoleSet; import org.apache.sentry.core.common.Authorizable; import org.apache.sentry.core.common.SentryConfigurationException; -import org.apache.sentry.core.model.search.validator.CollectionRequiredInPrivilege; +import org.apache.sentry.core.model.search.SearchPrivilegeModel; import org.apache.sentry.policy.common.PrivilegeFactory; import org.apache.sentry.policy.common.PolicyEngine; -import org.apache.sentry.core.common.validator.PrivilegeValidator; import org.apache.sentry.provider.common.ProviderBackend; import org.apache.sentry.provider.common.ProviderBackendContext; import org.slf4j.Logger; import org.slf4j.LoggerFactory; -import com.google.common.collect.ImmutableList; import com.google.common.collect.ImmutableSet; /** @@ -47,7 +45,7 @@ public class SimpleSearchPolicyEngine implements PolicyEngine { this.providerBackend = providerBackend; ProviderBackendContext context = new ProviderBackendContext(); context.setAllowPerDatabase(false); - context.setValidators(createPrivilegeValidators()); + context.setValidators(SearchPrivilegeModel.getInstance().getPrivilegeValidators()); this.providerBackend.initialize(context); } @@ -89,10 +87,6 @@ public class SimpleSearchPolicyEngine implements PolicyEngine { providerBackend.validatePolicy(strictValidation); } - public static ImmutableList<PrivilegeValidator> createPrivilegeValidators() { - return ImmutableList.<PrivilegeValidator>of(new CollectionRequiredInPrivilege()); - } - @Override public void close() { if (providerBackend != null) { http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/51e7da95/sentry-policy/sentry-policy-sqoop/src/main/java/org/apache/sentry/policy/sqoop/SimpleSqoopPolicyEngine.java ---------------------------------------------------------------------- diff --git a/sentry-policy/sentry-policy-sqoop/src/main/java/org/apache/sentry/policy/sqoop/SimpleSqoopPolicyEngine.java b/sentry-policy/sentry-policy-sqoop/src/main/java/org/apache/sentry/policy/sqoop/SimpleSqoopPolicyEngine.java index 4a0012b..603295c 100644 --- a/sentry-policy/sentry-policy-sqoop/src/main/java/org/apache/sentry/policy/sqoop/SimpleSqoopPolicyEngine.java +++ b/sentry-policy/sentry-policy-sqoop/src/main/java/org/apache/sentry/policy/sqoop/SimpleSqoopPolicyEngine.java @@ -21,16 +21,14 @@ import java.util.Set; import org.apache.sentry.core.common.ActiveRoleSet; import org.apache.sentry.core.common.Authorizable; import org.apache.sentry.core.common.SentryConfigurationException; -import org.apache.sentry.core.model.sqoop.validator.ServerNameRequiredMatch; +import org.apache.sentry.core.model.sqoop.SqoopPrivilegeModel; import org.apache.sentry.policy.common.PolicyEngine; import org.apache.sentry.policy.common.PrivilegeFactory; -import org.apache.sentry.core.common.validator.PrivilegeValidator; import org.apache.sentry.provider.common.ProviderBackend; import org.apache.sentry.provider.common.ProviderBackendContext; import org.slf4j.Logger; import org.slf4j.LoggerFactory; -import com.google.common.collect.ImmutableList; import com.google.common.collect.ImmutableSet; public class SimpleSqoopPolicyEngine implements PolicyEngine { @@ -41,7 +39,7 @@ public class SimpleSqoopPolicyEngine implements PolicyEngine { this.providerBackend = providerBackend; ProviderBackendContext context = new ProviderBackendContext(); context.setAllowPerDatabase(false); - context.setValidators(ImmutableList.<PrivilegeValidator>of(new ServerNameRequiredMatch(sqoopServerName))); + context.setValidators(SqoopPrivilegeModel.getInstance().getPrivilegeValidators(sqoopServerName)); this.providerBackend.initialize(context); } @Override http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/51e7da95/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/generic/tools/SolrTSentryPrivilegeConvertor.java ---------------------------------------------------------------------- diff --git a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/generic/tools/SolrTSentryPrivilegeConvertor.java b/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/generic/tools/SolrTSentryPrivilegeConvertor.java index 75a6986..1c7dce6 100644 --- a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/generic/tools/SolrTSentryPrivilegeConvertor.java +++ b/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/generic/tools/SolrTSentryPrivilegeConvertor.java @@ -26,7 +26,7 @@ import org.apache.sentry.core.model.search.SearchModelAuthorizable; import org.apache.sentry.core.common.validator.PrivilegeValidator; import org.apache.sentry.core.common.validator.PrivilegeValidatorContext; import org.apache.sentry.core.model.search.SearchModelAuthorizables; -import org.apache.sentry.policy.search.SimpleSearchPolicyEngine; +import org.apache.sentry.core.model.search.SearchPrivilegeModel; import org.apache.sentry.core.common.utils.KeyValue; import org.apache.sentry.provider.common.PolicyFileConstants; import org.apache.sentry.provider.db.generic.service.thrift.TAuthorizable; @@ -115,7 +115,7 @@ public class SolrTSentryPrivilegeConvertor implements TSentryPrivilegeConvertor } private static void validatePrivilegeHierarchy(String privilegeStr) throws Exception { - List<PrivilegeValidator> validators = SimpleSearchPolicyEngine.createPrivilegeValidators(); + List<PrivilegeValidator> validators = SearchPrivilegeModel.getInstance().getPrivilegeValidators(); PrivilegeValidatorContext context = new PrivilegeValidatorContext(null, privilegeStr); for (PrivilegeValidator validator : validators) { try {
