sentry git commit: SENTRY-2173: Extend PrivilegeInfo to hold user privileges. (Kalyan Kumar kalvagadda, reviewed-by Na Li and Sergio Pena)

kalyan Wed, 09 May 2018 13:14:06 -0700

Repository: sentry
Updated Branches:
  refs/heads/master 135f764ba -> b23146826



SENTRY-2173: Extend PrivilegeInfo to hold user privileges. (Kalyan Kumar 
kalvagadda, reviewed-by Na Li and Sergio Pena)


Project: http://git-wip-us.apache.org/repos/asf/sentry/repo
Commit: http://git-wip-us.apache.org/repos/asf/sentry/commit/b2314682
Tree: http://git-wip-us.apache.org/repos/asf/sentry/tree/b2314682
Diff: http://git-wip-us.apache.org/repos/asf/sentry/diff/b2314682

Branch: refs/heads/master
Commit: b2314682606cc36cd54138e3a8376d69e46895cf
Parents: 135f764
Author: Kalyan Kumar Kalvagadda <kkal...@cloudera.com>
Authored: Wed May 9 15:13:16 2018 -0500
Committer: Kalyan Kumar Kalvagadda <kkal...@cloudera.com>
Committed: Wed May 9 15:13:16 2018 -0500

----------------------------------------------------------------------
 .../apache/sentry/hdfs/SentryPermissions.java   | 30 ++++++++++++--------
 .../sentry/hdfs/UpdateableAuthzPermissions.java | 21 +++++++-------
 2 files changed, 28 insertions(+), 23 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/sentry/blob/b2314682/sentry-hdfs/sentry-hdfs-namenode-plugin/src/main/java/org/apache/sentry/hdfs/SentryPermissions.java
----------------------------------------------------------------------
diff --git 
a/sentry-hdfs/sentry-hdfs-namenode-plugin/src/main/java/org/apache/sentry/hdfs/SentryPermissions.java
 
b/sentry-hdfs/sentry-hdfs-namenode-plugin/src/main/java/org/apache/sentry/hdfs/SentryPermissions.java
index 3b3a82e..a88d8e2 100644
--- 
a/sentry-hdfs/sentry-hdfs-namenode-plugin/src/main/java/org/apache/sentry/hdfs/SentryPermissions.java
+++ 
b/sentry-hdfs/sentry-hdfs-namenode-plugin/src/main/java/org/apache/sentry/hdfs/SentryPermissions.java
@@ -23,35 +23,39 @@ import org.apache.hadoop.fs.permission.AclEntry;
 import org.apache.hadoop.fs.permission.AclEntryScope;
 import org.apache.hadoop.fs.permission.AclEntryType;
 import org.apache.hadoop.fs.permission.FsAction;
+import org.apache.sentry.hdfs.service.thrift.TPrivilegeEntity;
+import org.apache.sentry.hdfs.service.thrift.TPrivilegeEntityType;
 
 public class SentryPermissions implements AuthzPermissions {
 
   public static class PrivilegeInfo {
     private final String authzObj;
-    private final Map<String, FsAction> roleToPermission = new HashMap<String, 
FsAction>();
+    // It is safe to use TPrivilegeEntity as key as it implements the hashCode 
and equals API's.
+    // Equals() API would help in handling hash collisions.
+    private final Map<TPrivilegeEntity, FsAction> privilegeEntityFsActionMap = 
new HashMap<TPrivilegeEntity, FsAction>();
     public PrivilegeInfo(String authzObj) {
       this.authzObj = authzObj;
     }
-    public PrivilegeInfo setPermission(String role, FsAction perm) {
-      roleToPermission.put(role, perm);
+    public PrivilegeInfo setPermission(TPrivilegeEntity privilegeEntity, 
FsAction perm) {
+      privilegeEntityFsActionMap.put(privilegeEntity, perm);
       return this;
     }
-    public PrivilegeInfo removePermission(String role) {
-      roleToPermission.remove(role);
+    public PrivilegeInfo removePermission(TPrivilegeEntity privilegeEntity) {
+      privilegeEntityFsActionMap.remove(privilegeEntity);
       return this;
     }
-    public FsAction getPermission(String role) {
-      return roleToPermission.get(role);
+    public FsAction getPermission(TPrivilegeEntity privilegeEntity) {
+      return privilegeEntityFsActionMap.get(privilegeEntity);
     }
-    public Map<String, FsAction> getAllPermissions() {
-      return roleToPermission;
+    public Map<TPrivilegeEntity, FsAction> getAllPermissions() {
+      return privilegeEntityFsActionMap;
     }
     public String getAuthzObj() {
       return authzObj;
     }
     @Override
     public String toString() {
-      return "PrivilegeInfo(" + authzObj + " --> " + roleToPermission + ")";
+      return "PrivilegeInfo(" + authzObj + " --> " + 
privilegeEntityFsActionMap + ")";
     }
   }
 
@@ -134,9 +138,11 @@ public class SentryPermissions implements AuthzPermissions 
{
 
     PrivilegeInfo privilegeInfo = privileges.get(authzObj);
     if (privilegeInfo != null) {
-      for (Map.Entry<String, FsAction> privs : privilegeInfo
+      for (Map.Entry<TPrivilegeEntity, FsAction> privs : privilegeInfo
           .getAllPermissions().entrySet()) {
-        constructAclEntry(privs.getKey(), privs.getValue(), groupPerms);
+        if(privs.getKey().getType() == TPrivilegeEntityType.ROLE) {
+          constructAclEntry(privs.getKey().getValue(), privs.getValue(), 
groupPerms);
+        }
       }
     }
     return groupPerms;

http://git-wip-us.apache.org/repos/asf/sentry/blob/b2314682/sentry-hdfs/sentry-hdfs-namenode-plugin/src/main/java/org/apache/sentry/hdfs/UpdateableAuthzPermissions.java
----------------------------------------------------------------------
diff --git 
a/sentry-hdfs/sentry-hdfs-namenode-plugin/src/main/java/org/apache/sentry/hdfs/UpdateableAuthzPermissions.java
 
b/sentry-hdfs/sentry-hdfs-namenode-plugin/src/main/java/org/apache/sentry/hdfs/UpdateableAuthzPermissions.java
index 2ad7440..761c760 100644
--- 
a/sentry-hdfs/sentry-hdfs-namenode-plugin/src/main/java/org/apache/sentry/hdfs/UpdateableAuthzPermissions.java
+++ 
b/sentry-hdfs/sentry-hdfs-namenode-plugin/src/main/java/org/apache/sentry/hdfs/UpdateableAuthzPermissions.java
@@ -144,11 +144,11 @@ public class UpdateableAuthzPermissions implements 
AuthzPermissions, Updateable<
         // Db, but no explicit grants on Table.. then the authzObject 
associated
         // with the table will never exist.
         if (privilegeInfo != null) {
-          Map<String, FsAction> allPermissions = 
privilegeInfo.getAllPermissions();
+          Map<TPrivilegeEntity, FsAction> allPermissions = 
privilegeInfo.getAllPermissions();
           perms.delPrivilegeInfo(oldAuthzObj);
           perms.removeParentChildMappings(oldAuthzObj);
           PrivilegeInfo newPrivilegeInfo = new PrivilegeInfo(newAuthzObj);
-          for (Map.Entry<String, FsAction> e : allPermissions.entrySet()) {
+          for (Map.Entry<TPrivilegeEntity, FsAction> e : 
allPermissions.entrySet()) {
             newPrivilegeInfo.setPermission(e.getKey(), e.getValue());
           }
           perms.addPrivilegeInfo(newPrivilegeInfo);
@@ -159,9 +159,8 @@ public class UpdateableAuthzPermissions implements 
AuthzPermissions, Updateable<
       if (pUpdate.getAuthzObj().equals(PermissionsUpdate.ALL_AUTHZ_OBJ)) {
         // Request to remove role from all Privileges
         delPrivEntity = pUpdate.getDelPrivileges().keySet().iterator().next();
-        String roleToRemove = delPrivEntity.getValue();
         for (PrivilegeInfo pInfo : perms.getAllPrivileges()) {
-          pInfo.removePermission(roleToRemove);
+          pInfo.removePermission(delPrivEntity);
         }
       }
       PrivilegeInfo pInfo = perms.getPrivilegeInfo(pUpdate.getAuthzObj());
@@ -169,13 +168,13 @@ public class UpdateableAuthzPermissions implements 
AuthzPermissions, Updateable<
         if (pInfo == null) {
           pInfo = new PrivilegeInfo(pUpdate.getAuthzObj());
         }
-        FsAction fsAction = pInfo.getPermission(aMap.getKey().getValue());
+        FsAction fsAction = pInfo.getPermission(aMap.getKey());
         if (fsAction == null) {
           fsAction = getFAction(aMap.getValue());
         } else {
           fsAction = fsAction.or(getFAction(aMap.getValue()));
         }
-        pInfo.setPermission(aMap.getKey().getValue(), fsAction);
+        pInfo.setPermission(aMap.getKey(), fsAction);
       }
       if (pInfo != null) {
         perms.addPrivilegeInfo(pInfo);
@@ -197,13 +196,13 @@ public class UpdateableAuthzPermissions implements 
AuthzPermissions, Updateable<
           }
           // recursive revoke
           for (PrivilegeInfo pInfo2 : parentAndChild) {
-            FsAction fsAction = pInfo2.getPermission(dMap.getKey().getValue());
+            FsAction fsAction = pInfo2.getPermission(dMap.getKey());
             if (fsAction != null) {
               fsAction = fsAction.and(getFAction(dMap.getValue()).not());
               if (FsAction.NONE == fsAction) {
-                pInfo2.removePermission(dMap.getKey().getValue());
+                pInfo2.removePermission(dMap.getKey());
               } else {
-                pInfo2.setPermission(dMap.getKey().getValue(), fsAction);
+                pInfo2.setPermission(dMap.getKey(), fsAction);
               }
             }
           }
@@ -244,8 +243,8 @@ public class UpdateableAuthzPermissions implements 
AuthzPermissions, Updateable<
     PermissionsUpdate retVal = new PermissionsUpdate(currSeqNum, true);
     for (PrivilegeInfo pInfo : perms.getAllPrivileges()) {
       TPrivilegeChanges pUpdate = 
retVal.addPrivilegeUpdate(pInfo.getAuthzObj());
-      for (Map.Entry<String, FsAction> ent : 
pInfo.getAllPermissions().entrySet()) {
-        pUpdate.putToAddPrivileges(new 
TPrivilegeEntity(TPrivilegeEntityType.ROLE, ent.getKey()),
+      for (Map.Entry<TPrivilegeEntity, FsAction> ent : 
pInfo.getAllPermissions().entrySet()) {
+        pUpdate.putToAddPrivileges(new TPrivilegeEntity(ent.getKey()),
                 ent.getValue().SYMBOL);
       }
     }

sentry git commit: SENTRY-2173: Extend PrivilegeInfo to hold user privileges. (Kalyan Kumar kalvagadda, reviewed-by Na Li and Sergio Pena)

Reply via email to