Java源码示例:org.apache.sqoop.model.MPrivilege
示例1
public void grantRevokePrivilege(String serverUrl, List<MPrincipal> principals, List<MPrivilege> privileges, boolean isGrant) {
PrincipalsBean principalsBean = new PrincipalsBean(principals);
// Extract all config inputs including sensitive inputs
JSONObject jsonObject = new JSONObject();
jsonObject.putAll(principalsBean.extract(false));
if (privileges != null && privileges.size() != 0) {
PrivilegesBean privilegesBean = new PrivilegesBean(privileges);
jsonObject.putAll(privilegesBean.extract(false));
}
if (isGrant) {
super.put(serverUrl + RESOURCE + PRIVILEGES + GRANT, jsonObject.toJSONString());
} else {
super.put(serverUrl + RESOURCE + PRIVILEGES + REVOKE, jsonObject.toJSONString());
}
}
示例2
private Status grantPrivilege(String action, String resourceType, String resource,
String principalType, String principal, boolean withGrant)
throws IOException {
MResource resourceObject = new MResource(resource, resourceType);
MPrivilege privilegeObject = new MPrivilege(resourceObject, action, withGrant);
MPrincipal principalObject = new MPrincipal(principal, principalType);
client.grantPrivilege(
Arrays.asList(principalObject),
Arrays.asList(privilegeObject));
if (resourceType.toUpperCase().equals(MResource.TYPE.CONNECTOR.name())) {
client.clearCache();
}
printlnResource(Constants.RES_GRANT_PRIVILEGE_SUCCESSFUL,
action, resourceType + " " + resource,
((withGrant) ? " " + resourceString(Constants.RES_GRANT_PRIVILEGE_SUCCESSFUL_WITH_GRANT) : ""),
principalType + " " + principal);
return Status.OK;
}
示例3
private Status revokePrivilege(String action, String resourceType, String resource,
String principalType, String principal, boolean withGrant)
throws IOException {
MResource resourceObject = new MResource(resource, resourceType);
MPrivilege privilegeObject = new MPrivilege(resourceObject, action, withGrant);
MPrincipal principalObject = new MPrincipal(principal, principalType);
client.revokePrivilege(
Arrays.asList(principalObject),
Arrays.asList(privilegeObject));
if (resourceType.toUpperCase().equals(MResource.TYPE.CONNECTOR.name())) {
client.clearCache();
}
printlnResource(Constants.RES_REVOKE_PRIVILEGE_SUCCESSFUL,
action, resourceType + " " + resource,
((withGrant) ? " " + resourceString(Constants.RES_REVOKE_PRIVILEGE_SUCCESSFUL_WITH_GRANT) : ""),
principalType + " " + principal);
return Status.OK;
}
示例4
private void showPrivileges(MPrincipal principal, MResource resource) {
List<MPrivilege> privileges = client.getPrivilegesByPrincipal(principal, resource);
List<String> header = new LinkedList<String>();
header.add(resourceString(Constants.RES_TABLE_HEADER_PRIVILEGE_ACTION));
header.add(resourceString(Constants.RES_TABLE_HEADER_RESOURCE_NAME));
header.add(resourceString(Constants.RES_TABLE_HEADER_RESOURCE_TYPE));
header.add(resourceString(Constants.RES_TABLE_HEADER_PRIVILEGE_WITH_GRANT));
List<String> actions = new LinkedList<String>();
List<String> resourceNames = new LinkedList<String>();
List<String> resourceTypes = new LinkedList<String>();
List<String> withGrant = new LinkedList<String>();
for (MPrivilege privilege : privileges) {
actions.add(privilege.getAction());
resourceNames.add(privilege.getResource().getName());
resourceTypes.add(privilege.getResource().getType());
withGrant.add(Boolean.toString(privilege.isWith_grant_option()));
}
TableDisplayer.display(header, actions, resourceNames, resourceTypes, withGrant);
}
示例5
public RangerSqoopAccessRequest(MPrincipal principal, MPrivilege privilege,String clientIPAddress) {
super.setResource(new RangerSqoopResource(privilege.getResource()));
if (MPrincipal.TYPE.USER.name().equals(principal.getType())) {
super.setUser(principal.getName());
}
if (MPrincipal.TYPE.GROUP.name().equals(principal.getType())) {
super.setUserGroups(Sets.newHashSet(principal.getName()));
}
String action = privilege.getAction();
super.setAccessType(action);
super.setAction(action);
super.setAccessTime(new Date());
super.setClientIPAddress(clientIPAddress);
}
示例6
@Override
public void checkPrivileges(MPrincipal principal, List<MPrivilege> privileges) throws SqoopException {
if (LOG.isDebugEnabled()) {
LOG.debug("==> RangerSqoopAuthorizer.checkPrivileges()");
}
try {
activatePluginClassLoader();
authorizationValidator.checkPrivileges(principal, privileges);
} finally {
deactivatePluginClassLoader();
}
if (LOG.isDebugEnabled()) {
LOG.debug("<== RangerSqoopAuthorizer.checkPrivileges()");
}
}
示例7
@Test
public void testGrantPrivilege() throws Exception {
/**
* user1 belongs to group group1
* admin user grant role role1 to group group1
* admin user grant read privilege on connector all to role role1
*/
SqoopClient client = sqoopServerRunner.getSqoopClient(ADMIN_USER);
MRole role1 = new MRole(ROLE1);
MPrincipal group1Princ = new MPrincipal(GROUP1, MPrincipal.TYPE.GROUP);
MPrincipal role1Princ = new MPrincipal(ROLE1, MPrincipal.TYPE.ROLE);
MResource allConnector = new MResource(SqoopActionConstant.ALL, MResource.TYPE.CONNECTOR);
MPrivilege readPrivilege = new MPrivilege(allConnector, SqoopActionConstant.READ, false);
client.createRole(role1);
client.grantRole(Lists.newArrayList(role1), Lists.newArrayList(group1Princ));
client.grantPrivilege(Lists.newArrayList(role1Princ), Lists.newArrayList(readPrivilege));
// check user1 has privilege on role1
client = sqoopServerRunner.getSqoopClient(USER1);
assertTrue(client.getPrivilegesByPrincipal(role1Princ, allConnector).size() == 1);
}
示例8
@Test
public void testShowAllConnector() throws Exception {
// USER3 at firstly has no privilege on any Sqoop resource
SqoopClient client = sqoopServerRunner.getSqoopClient(USER3);
assertTrue(client.getConnectors().size() == 0);
/**
* ADMIN_USER grant read action privilege on connector all to role ROLE3
* ADMIN_USER grant role ROLE3 to group GROUP3
*/
client = sqoopServerRunner.getSqoopClient(ADMIN_USER);
MRole role3 = new MRole(ROLE3);
MPrincipal group3 = new MPrincipal(GROUP3, MPrincipal.TYPE.GROUP);
MResource allConnector = new MResource(SqoopActionConstant.ALL, MResource.TYPE.CONNECTOR);
MPrivilege readPriv = new MPrivilege(allConnector,SqoopActionConstant.READ, false);
client.createRole(role3);
client.grantRole(Lists.newArrayList(role3), Lists.newArrayList(group3));
client.grantPrivilege(Lists.newArrayList(new MPrincipal(role3.getName(), MPrincipal.TYPE.ROLE)),
Lists.newArrayList(readPriv));
// check USER3 has the read privilege on all connector
client = sqoopServerRunner.getSqoopClient(USER3);
assertTrue(client.getConnectors().size() > 0);
}
示例9
public List<MPrivilege> listPrivilegeByRole(final Subject subject, final String role, final MResource resource) throws SqoopException {
Set<TSentryPrivilege> tSentryPrivileges = execute(new Command<Set<TSentryPrivilege>>() {
@Override
public Set<TSentryPrivilege> run(SentryGenericServiceClient client)
throws Exception {
if (resource == null) {
return client.listPrivilegesByRoleName(subject.getName(), role, COMPONENT_TYPE, sqoopServer.getName());
} else if (resource.getType().equalsIgnoreCase(MResource.TYPE.SERVER.name())) {
return client.listPrivilegesByRoleName(subject.getName(), role, COMPONENT_TYPE, resource.getName());
} else {
return client.listPrivilegesByRoleName(subject.getName(), role, COMPONENT_TYPE, sqoopServer.getName(), toAuthorizable(resource));
}
}
});
List<MPrivilege> privileges = Lists.newArrayList();
for (TSentryPrivilege tSentryPrivilege : tSentryPrivileges) {
privileges.add(toSqoopPrivilege(tSentryPrivilege));
}
return privileges;
}
示例10
/**
* construct a Sentry privilege to call by the thrift API
* @param privilege
* @return {@link TSentryPrivilege}
*/
private TSentryPrivilege toTSentryPrivilege(MPrivilege privilege) {
TSentryPrivilege tSentryPrivilege = new TSentryPrivilege();
tSentryPrivilege.setComponent(COMPONENT_TYPE);
tSentryPrivilege.setServiceName(sqoopServer.getName());
tSentryPrivilege.setAction(privilege.getAction().equalsIgnoreCase(
SqoopActionConstant.ALL_NAME) ? SqoopActionConstant.ALL : privilege
.getAction());
if (privilege.isWith_grant_option()) {
tSentryPrivilege.setGrantOption(TSentryGrantOption.TRUE);
} else {
tSentryPrivilege.setGrantOption(TSentryGrantOption.FALSE);
}
tSentryPrivilege.setAuthorizables(toTSentryAuthorizable(privilege.getResource()));
return tSentryPrivilege;
}
示例11
@Override
public void checkPrivileges(MPrincipal principal, List<MPrivilege> privileges) throws SqoopException {
if (privileges == null || privileges.isEmpty()) {
return;
}
PrincipalDesc principalDesc = new PrincipalDesc(principal.getName(), principal.getType());
if (principalDesc.getType() != PrincipalType.USER) {
throw new SqoopException(SecurityError.AUTH_0014,SentrySqoopError.AUTHORIZE_CHECK_NOT_SUPPORT_FOR_PRINCIPAL);
}
for (MPrivilege privilege : privileges) {
if (LOG.isDebugEnabled()) {
LOG.debug("Going to authorize check on privilege : " + privilege +
" for principal: " + principal);
}
if (!binding.authorize(new Subject(principalDesc.getName()), privilege)) {
throw new SqoopException(SecurityError.AUTH_0014, "User " + principalDesc.getName() +
" does not have privileges for : " + privilege.toString());
}
}
}
示例12
@Override
public void grantPrivileges(List<MPrincipal> principals, List<MPrivilege> privileges)
throws SqoopException {
for (MPrincipal principal : principals) {
PrincipalDesc principalDesc = PrincipalDesc.fromStr(principal.getName(), principal.getType());
if (principalDesc.getType() != PrincipalType.ROLE) {
throw new SqoopException(SecurityError.AUTH_0014,
SentrySqoopError.GRANT_REVOKE_PRIVILEGE_NOT_SUPPORT_FOR_PRINCIPAL
+ principalDesc.getType().name());
}
for (MPrivilege privilege : privileges) {
if (LOG.isDebugEnabled()) {
LOG.debug("Going to grant privilege : " + privilege +
" to principal: " + principal);
}
binding.grantPrivilege(getSubject(), principal.getName(), privilege);
}
}
}
示例13
@Override
public void revokePrivileges(List<MPrincipal> principals, List<MPrivilege> privileges)
throws SqoopException {
for (MPrincipal principal : principals) {
PrincipalDesc principalDesc = PrincipalDesc.fromStr(principal.getName(), principal.getType());
if (principalDesc.getType() != PrincipalType.ROLE) {
throw new SqoopException(SecurityError.AUTH_0014,
SentrySqoopError.GRANT_REVOKE_PRIVILEGE_NOT_SUPPORT_FOR_PRINCIPAL
+ principalDesc.getType().name());
}
for (MPrivilege privilege : privileges) {
if (LOG.isDebugEnabled()) {
LOG.debug("Going to revoke privilege : " + privilege +
" from principal: " + principal);
}
binding.revokePrivilege(getSubject(), principal.getName(), privilege);
}
}
}
示例14
/**
* Validator related function
*/
public void checkPrivileges(MPrincipal principal, List<MPrivilege> privileges) throws SqoopException {
LOG.debug("Check privilege in default authorization validator: always valid");
LOG.debug("principal: " + principal.toString());
for (MPrivilege privilege : privileges) {
LOG.debug("privilege: " + privilege.toString());
}
}
示例15
/**
* Privilege related function
*/
@Override
public List<MPrivilege> getPrivilegesByPrincipal(MPrincipal principal, MResource resource) throws SqoopException {
LOG.debug("Get privileges by role in default authorization access controller: return null");
LOG.debug("principal: " + principal.toString());
if (resource != null) { //Get all privileges on principal
LOG.debug("resource: " + resource.toString());
}
return null;
}
示例16
@Override
public void grantPrivileges(List<MPrincipal> principals, List<MPrivilege> privileges) throws SqoopException {
LOG.debug("Grant privileges in default authorization access controller: empty function");
for (MPrincipal principal : principals) {
LOG.debug("principal: " + principal.toString());
}
for (MPrivilege privilege : privileges) {
LOG.debug("privilege: " + privilege.toString());
}
}
示例17
@Override
public void revokePrivileges(List<MPrincipal> principals, List<MPrivilege> privileges) throws SqoopException {
LOG.debug("Revoke privileges in default authorization access controller: empty function");
for (MPrincipal principal : principals) {
LOG.debug("principal: " + principal.toString());
}
if (privileges != null) { //Revoke all privileges on principal
for (MPrivilege privilege : privileges) {
LOG.debug("privilege: " + privilege.toString());
}
}
}
示例18
@SuppressWarnings("unchecked")
protected JSONArray extractPrivileges() {
JSONArray privilegesArray = new JSONArray();
if (privileges != null) {
for (MPrivilege privilege : privileges) {
privilegesArray.add(extractPrivilege(privilege));
}
}
return privilegesArray;
}
示例19
@SuppressWarnings("unchecked")
private JSONObject extractPrivilege(MPrivilege privilege) {
JSONObject object = new JSONObject();
object.put(RESOURCE_NAME, privilege.getResource().getName());
object.put(RESOURCE_TYPE, privilege.getResource().getType());
object.put(ACTION, privilege.getAction());
object.put(WITH_GRANT_OPTION, privilege.isWith_grant_option());
return object;
}
示例20
private MPrivilege restorePrivilege(Object obj) {
JSONObject object = (JSONObject) obj;
MResource resource = new MResource(
(String) object.get(RESOURCE_NAME), (String) object.get(RESOURCE_TYPE));
return new MPrivilege(resource, (String) object.get(ACTION),
Boolean.valueOf(object.get(WITH_GRANT_OPTION).toString()));
}
示例21
@Override
public void checkPrivileges(MPrincipal principal, List<MPrivilege> privileges) throws SqoopException {
if (LOG.isDebugEnabled()) {
LOG.debug("==> RangerSqoopAuthorizer.checkPrivileges( principal=" + principal + ", privileges="
+ privileges + ")");
}
if (CollectionUtils.isEmpty(privileges)) {
if (LOG.isDebugEnabled()) {
LOG.debug("<== RangerSqoopAuthorizer.checkPrivileges() return because privileges is empty.");
}
return;
}
RangerSqoopPlugin plugin = sqoopPlugin;
if (plugin != null) {
for (MPrivilege privilege : privileges) {
RangerSqoopAccessRequest request = new RangerSqoopAccessRequest(principal, privilege, clientIPAddress);
RangerAccessResult result = plugin.isAccessAllowed(request);
if (result != null && !result.getIsAllowed()) {
throw new SqoopException(SecurityError.AUTH_0014, "principal=" + principal
+ " does not have privileges for : " + privilege);
}
}
}
if (LOG.isDebugEnabled()) {
LOG.debug("<== RangerSqoopAuthorizer.checkPrivileges() success without exception.");
}
}
示例22
@Test
public void testNotSupportGrantPrivilegeToUser() throws Exception {
SqoopClient client = sqoopServerRunner.getSqoopClient(ADMIN_USER);
MPrincipal user1 = new MPrincipal("not_support_grant_user_1", MPrincipal.TYPE.GROUP);
MResource allConnector = new MResource(SqoopActionConstant.ALL, MResource.TYPE.CONNECTOR);
MPrivilege readPriv = new MPrivilege(allConnector,SqoopActionConstant.READ, false);
try {
client.grantPrivilege(Lists.newArrayList(user1), Lists.newArrayList(readPriv));
fail("expected not support exception happend");
} catch (Exception e) {
assertCausedMessage(e, SentrySqoopError.GRANT_REVOKE_PRIVILEGE_NOT_SUPPORT_FOR_PRINCIPAL);
}
}
示例23
@Test
public void testNotSupportGrantPrivilegeToGroup() throws Exception {
SqoopClient client = sqoopServerRunner.getSqoopClient(ADMIN_USER);
MPrincipal group1 = new MPrincipal("not_support_grant_group_1", MPrincipal.TYPE.GROUP);
MResource allConnector = new MResource(SqoopActionConstant.ALL, MResource.TYPE.CONNECTOR);
MPrivilege readPriv = new MPrivilege(allConnector,SqoopActionConstant.READ, false);
try {
client.grantPrivilege(Lists.newArrayList(group1), Lists.newArrayList(readPriv));
fail("expected not support exception happend");
} catch (Exception e) {
assertCausedMessage(e, SentrySqoopError.GRANT_REVOKE_PRIVILEGE_NOT_SUPPORT_FOR_PRINCIPAL);
}
}
示例24
@Test
public void testGrantPrivilegeTwice() throws Exception {
/**
* user2 belongs to group group2
* admin user grant role role2 to group group2
* admin user grant write privilege on connector all to role role2
*/
SqoopClient client = sqoopServerRunner.getSqoopClient(ADMIN_USER);
MRole role2 = new MRole(ROLE2);
MPrincipal group2Princ = new MPrincipal(GROUP2, MPrincipal.TYPE.GROUP);
MPrincipal role2Princ = new MPrincipal(ROLE2, MPrincipal.TYPE.ROLE);
MResource allConnector = new MResource(SqoopActionConstant.ALL, MResource.TYPE.CONNECTOR);
MPrivilege writePrivilege = new MPrivilege(allConnector, SqoopActionConstant.WRITE, false);
client.createRole(role2);
client.grantRole(Lists.newArrayList(role2), Lists.newArrayList(group2Princ));
client.grantPrivilege(Lists.newArrayList(role2Princ), Lists.newArrayList(writePrivilege));
// check user2 has one privilege on role2
client = sqoopServerRunner.getSqoopClient(USER2);
assertTrue(client.getPrivilegesByPrincipal(role2Princ, allConnector).size() == 1);
// grant privilege to role role2 again
client = sqoopServerRunner.getSqoopClient(ADMIN_USER);
client.grantPrivilege(Lists.newArrayList(role2Princ), Lists.newArrayList(writePrivilege));
// check user2 has only one privilege on role2
client = sqoopServerRunner.getSqoopClient(USER2);
assertTrue(client.getPrivilegesByPrincipal(role2Princ, allConnector).size() == 1);
}
示例25
@Test
public void testGrantPrivilegeWithAllPrivilegeExist() throws Exception {
/**
* user3 belongs to group group3
* admin user grant role role3 to group group3
* admin user grant all privilege on connector all to role role3
*/
SqoopClient client = sqoopServerRunner.getSqoopClient(ADMIN_USER);
MRole role3 = new MRole(ROLE3);
MPrincipal group3Princ = new MPrincipal(GROUP3, MPrincipal.TYPE.GROUP);
MPrincipal role3Princ = new MPrincipal(ROLE3, MPrincipal.TYPE.ROLE);
MResource allConnector = new MResource(SqoopActionConstant.ALL, MResource.TYPE.CONNECTOR);
MPrivilege allPrivilege = new MPrivilege(allConnector, SqoopActionConstant.ALL_NAME, false);
client.createRole(role3);
client.grantRole(Lists.newArrayList(role3), Lists.newArrayList(group3Princ));
client.grantPrivilege(Lists.newArrayList(role3Princ), Lists.newArrayList(allPrivilege));
// check user3 has one privilege on role3
client = sqoopServerRunner.getSqoopClient(USER3);
assertTrue(client.getPrivilegesByPrincipal(role3Princ, allConnector).size() == 1);
// user3 has the all action on role3
MPrivilege user3Privilege = client.getPrivilegesByPrincipal(role3Princ, allConnector).get(0);
assertEquals(user3Privilege.getAction(), SqoopActionConstant.ALL_NAME);
/**
* admin user grant read privilege on connector all to role role3
* because the role3 has already the all privilege, the read privilege granting has
* no impact on the role3
*/
client = sqoopServerRunner.getSqoopClient(ADMIN_USER);
MPrivilege readPrivilege = new MPrivilege(allConnector, SqoopActionConstant.READ, false);
client.grantPrivilege(Lists.newArrayList(role3Princ), Lists.newArrayList(readPrivilege));
// check user3 has only one privilege on role3
client = sqoopServerRunner.getSqoopClient(USER3);
assertTrue(client.getPrivilegesByPrincipal(role3Princ, allConnector).size() == 1);
// user3 has the all action on role3
user3Privilege = client.getPrivilegesByPrincipal(role3Princ, allConnector).get(0);
assertEquals(user3Privilege.getAction(), SqoopActionConstant.ALL_NAME);
}
示例26
@Test
public void testNotSupportRevokePrivilegeFromUser() throws Exception {
SqoopClient client = sqoopServerRunner.getSqoopClient(ADMIN_USER);
MPrincipal user1 = new MPrincipal("not_support_revoke_user_1", MPrincipal.TYPE.GROUP);
MResource allConnector = new MResource(SqoopActionConstant.ALL, MResource.TYPE.CONNECTOR);
MPrivilege readPriv = new MPrivilege(allConnector,SqoopActionConstant.READ, false);
try {
client.revokePrivilege(Lists.newArrayList(user1), Lists.newArrayList(readPriv));
fail("expected not support exception happend");
} catch (Exception e) {
assertCausedMessage(e, SentrySqoopError.GRANT_REVOKE_PRIVILEGE_NOT_SUPPORT_FOR_PRINCIPAL);
}
}
示例27
@Test
public void testNotSupportRevokePrivilegeFromGroup() throws Exception {
SqoopClient client = sqoopServerRunner.getSqoopClient(ADMIN_USER);
MPrincipal group1 = new MPrincipal("not_support_revoke_group_1", MPrincipal.TYPE.GROUP);
MResource allConnector = new MResource(SqoopActionConstant.ALL, MResource.TYPE.CONNECTOR);
MPrivilege readPriv = new MPrivilege(allConnector,SqoopActionConstant.READ, false);
try {
client.revokePrivilege(Lists.newArrayList(group1), Lists.newArrayList(readPriv));
fail("expected not support exception happend");
} catch (Exception e) {
assertCausedMessage(e, SentrySqoopError.GRANT_REVOKE_PRIVILEGE_NOT_SUPPORT_FOR_PRINCIPAL);
}
}
示例28
@Test
public void testRevokeNotExistPrivilege() throws Exception {
SqoopClient client = sqoopServerRunner.getSqoopClient(ADMIN_USER);
MRole testRole = new MRole("noexist_privilege_role1");
MPrincipal testPrinc = new MPrincipal(testRole.getName(), MPrincipal.TYPE.ROLE);
MResource allConnector = new MResource(SqoopActionConstant.ALL, MResource.TYPE.CONNECTOR);
MPrivilege readPrivilege = new MPrivilege(allConnector, SqoopActionConstant.READ, false);
client.createRole(testRole);
assertTrue(client.getPrivilegesByPrincipal(testPrinc, allConnector).size() == 0);
client.revokePrivilege(Lists.newArrayList(testPrinc), Lists.newArrayList(readPrivilege));
assertTrue(client.getPrivilegesByPrincipal(testPrinc, allConnector).size() == 0);
}
示例29
@Test
public void testRevokePrivilege() throws Exception {
/**
* user1 belongs to group group1
* admin user grant role role1 to group group1
* admin user grant read privilege on connector all to role role1
*/
SqoopClient client = sqoopServerRunner.getSqoopClient(ADMIN_USER);
MRole role1 = new MRole(ROLE1);
MPrincipal group1Princ = new MPrincipal(GROUP1, MPrincipal.TYPE.GROUP);
MPrincipal role1Princ = new MPrincipal(ROLE1, MPrincipal.TYPE.ROLE);
MResource allConnector = new MResource(SqoopActionConstant.ALL, MResource.TYPE.CONNECTOR);
MPrivilege readPrivilege = new MPrivilege(allConnector, SqoopActionConstant.READ, false);
client.createRole(role1);
client.grantRole(Lists.newArrayList(role1), Lists.newArrayList(group1Princ));
client.grantPrivilege(Lists.newArrayList(role1Princ), Lists.newArrayList(readPrivilege));
// check user1 has privilege on role1
client = sqoopServerRunner.getSqoopClient(USER1);
assertTrue(client.getPrivilegesByPrincipal(role1Princ, allConnector).size() == 1);
// admin user revoke read privilege from role1
client = sqoopServerRunner.getSqoopClient(ADMIN_USER);
client.revokePrivilege(Lists.newArrayList(role1Princ), Lists.newArrayList(readPrivilege));
// check user1 has no privilege on role1
client = sqoopServerRunner.getSqoopClient(USER1);
assertTrue(client.getPrivilegesByPrincipal(role1Princ, allConnector).size() == 0);
}
示例30
@Test
public void testRevokeAllPrivilege() throws Exception {
/**
* user2 belongs to group group2
* admin user grant role role2 to group group2
* admin user grant read and write privilege on connector all to role role2
*/
SqoopClient client = sqoopServerRunner.getSqoopClient(ADMIN_USER);
MRole role2 = new MRole(ROLE2);
MPrincipal group2Princ = new MPrincipal(GROUP2, MPrincipal.TYPE.GROUP);
MPrincipal role2Princ = new MPrincipal(ROLE2, MPrincipal.TYPE.ROLE);
MResource allConnector = new MResource(SqoopActionConstant.ALL, MResource.TYPE.CONNECTOR);
MPrivilege writePrivilege = new MPrivilege(allConnector, SqoopActionConstant.WRITE, false);
MPrivilege readPrivilege = new MPrivilege(allConnector, SqoopActionConstant.READ, false);
client.createRole(role2);
client.grantRole(Lists.newArrayList(role2), Lists.newArrayList(group2Princ));
client.grantPrivilege(Lists.newArrayList(role2Princ), Lists.newArrayList(writePrivilege, readPrivilege));
// check user2 has two privileges on role2
client = sqoopServerRunner.getSqoopClient(USER2);
assertTrue(client.getPrivilegesByPrincipal(role2Princ, allConnector).size() == 2);
// admin user revoke all privilege from role2
MPrivilege allPrivilege = new MPrivilege(allConnector, SqoopActionConstant.ALL_NAME, false);
client = sqoopServerRunner.getSqoopClient(ADMIN_USER);
client.revokePrivilege(Lists.newArrayList(role2Princ), Lists.newArrayList(allPrivilege));
// check user2 has no privilege on role2
client = sqoopServerRunner.getSqoopClient(USER2);
assertTrue(client.getPrivilegesByPrincipal(role2Princ, allConnector).size() == 0);
}
