Java Code Examples for javax.jdo.PersistenceManager#retrieve()

The following examples show how to use javax.jdo.PersistenceManager#retrieve() . You can vote up the ones you like or vote down the ones you don't like, and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example 1
Source File: PrivilegeOperatePersistence.java    From incubator-sentry with Apache License 2.0 6 votes vote down vote up
/**
 * Drop any role related to the requested privilege and its children privileges
 */
public void dropPrivilege(PrivilegeObject privilege,PersistenceManager pm) {
  MSentryGMPrivilege requestPrivilege = convertToPrivilege(privilege);

  if (Strings.isNullOrEmpty(privilege.getAction())) {
    requestPrivilege.setAction(getAction(privilege.getComponent(), Action.ALL).getValue());
  }
  /**
   * Get the privilege graph
   * populateIncludePrivileges will get the privileges that need dropped,
   */
  Set<MSentryGMPrivilege> privilegeGraph = Sets.newHashSet();
  privilegeGraph.addAll(populateIncludePrivileges(null, requestPrivilege, pm));

  for (MSentryGMPrivilege mPrivilege : privilegeGraph) {
    /**
     * force to load all roles related this privilege
     * avoid the lazy-loading
     */
    pm.retrieve(mPrivilege);
    Set<MSentryRole> roles = mPrivilege.getRoles();
    for (MSentryRole role : roles) {
      revokeRolePartial(requestPrivilege, mPrivilege, role, pm);
    }
  }
}
 
Example 2
Source File: SentryStore.java    From incubator-sentry with Apache License 2.0 6 votes vote down vote up
private void dropSentryRoleCore(PersistenceManager pm, String roleName)
    throws SentryNoSuchObjectException {
  String lRoleName = roleName.trim().toLowerCase();
  Query query = pm.newQuery(MSentryRole.class);
  query.setFilter("this.roleName == t");
  query.declareParameters("java.lang.String t");
  query.setUnique(true);
  MSentryRole sentryRole = (MSentryRole) query.execute(lRoleName);
  if (sentryRole == null) {
    throw new SentryNoSuchObjectException("Role: " + lRoleName + " doesn't exist");
  } else {
    pm.retrieve(sentryRole);
    int numPrivs = sentryRole.getPrivileges().size();
    sentryRole.removePrivileges();
    // with SENTRY-398 generic model
    sentryRole.removeGMPrivileges();
    privCleaner.incPrivRemoval(numPrivs);
    pm.deletePersistent(sentryRole);
  }
}
 
Example 3
Source File: DelegateSentryStore.java    From incubator-sentry with Apache License 2.0 5 votes vote down vote up
/**
 * The role is global in the generic model, such as the role may be has more than one component
 * privileges, so delete role will remove all privileges related to it.
 */
@Override
public CommitContext dropRole(String component, String role, String requestor)
    throws SentryNoSuchObjectException {
  boolean rollbackTransaction = true;
  PersistenceManager pm = null;
  role = toTrimmedLower(role);
  try {
    pm = openTransaction();
    Query query = pm.newQuery(MSentryRole.class);
    query.setFilter("this.roleName == t");
    query.declareParameters("java.lang.String t");
    query.setUnique(true);
    MSentryRole sentryRole = (MSentryRole) query.execute(role);
    if (sentryRole == null) {
      throw new SentryNoSuchObjectException("Role: " + role + " doesn't exist");
    } else {
      pm.retrieve(sentryRole);
      sentryRole.removeGMPrivileges();
      sentryRole.removePrivileges();
      pm.deletePersistent(sentryRole);
    }
    CommitContext commit = commitUpdateTransaction(pm);
    rollbackTransaction = false;
    return commit;
  } finally {
    if (rollbackTransaction) {
      rollbackTransaction(pm);
    }
  }
}
 
Example 4
Source File: PrivilegeOperatePersistence.java    From incubator-sentry with Apache License 2.0 5 votes vote down vote up
public void renamePrivilege(String component, String service,
    List<? extends Authorizable> oldAuthorizables, List<? extends Authorizable> newAuthorizables,
    String grantorPrincipal, PersistenceManager pm)
    throws SentryUserException {
  MSentryGMPrivilege oldPrivilege = new MSentryGMPrivilege(component, service, oldAuthorizables, null, null);
  oldPrivilege.setAction(getAction(component,Action.ALL).getValue());
  /**
   * Get the privilege graph
   * populateIncludePrivileges will get the old privileges that need dropped
   */
  Set<MSentryGMPrivilege> privilegeGraph = Sets.newHashSet();
  privilegeGraph.addAll(populateIncludePrivileges(null, oldPrivilege, pm));

  for (MSentryGMPrivilege dropPrivilege : privilegeGraph) {
    /**
     * construct the new privilege needed to add
     */
    List<Authorizable> authorizables = new ArrayList<Authorizable>(
        dropPrivilege.getAuthorizables());
    for (int i = 0; i < newAuthorizables.size(); i++) {
      authorizables.set(i, newAuthorizables.get(i));
    }
    MSentryGMPrivilege newPrivilge = new MSentryGMPrivilege(
        component,service, authorizables, dropPrivilege.getAction(),
        dropPrivilege.getGrantOption());

    /**
     * force to load all roles related this privilege
     * avoid the lazy-loading
     */
    pm.retrieve(dropPrivilege);

    Set<MSentryRole> roles = dropPrivilege.getRoles();
    for (MSentryRole role : roles) {
      revokeRolePartial(oldPrivilege, dropPrivilege, role, pm);
      grantRolePartial(newPrivilge, role, pm);
    }
  }
}
 
Example 5
Source File: SentryStore.java    From incubator-sentry with Apache License 2.0 5 votes vote down vote up
@VisibleForTesting
MSentryRole getMSentryRoleByName(String roleName)
    throws SentryNoSuchObjectException {
  boolean rollbackTransaction = true;
  PersistenceManager pm = null;
  roleName = roleName.trim().toLowerCase();
  try {
    pm = openTransaction();
    Query query = pm.newQuery(MSentryRole.class);
    query.setFilter("this.roleName == t");
    query.declareParameters("java.lang.String t");
    query.setUnique(true);
    MSentryRole sentryRole = (MSentryRole) query.execute(roleName);
    if (sentryRole == null) {
      throw new SentryNoSuchObjectException("Role: " + roleName + " doesn't exist");
    } else {
      pm.retrieve(sentryRole);
    }
    rollbackTransaction = false;
    commitTransaction(pm);
    return sentryRole;
  } finally {
    if (rollbackTransaction) {
      rollbackTransaction(pm);
    }
  }
}
 
Example 6
Source File: PrivilegeOperatePersistence.java    From incubator-sentry with Apache License 2.0 4 votes vote down vote up
private void grantRolePartial(MSentryGMPrivilege grantPrivilege,
    MSentryRole role,PersistenceManager pm) {
  /**
   * If Grant is for ALL action and other actions belongs to ALL action already exists..
   * need to remove it and GRANT ALL action
   */
  String component = grantPrivilege.getComponentName();
  BitFieldAction action = getAction(component, grantPrivilege.getAction());
  BitFieldAction allAction = getAction(component, Action.ALL);

  if (action.implies(allAction)) {
    /**
     * ALL action is a multi-bit set action that includes some actions such as INSERT,SELECT and CREATE.
     */
    List<? extends BitFieldAction> actions = getActionFactory(component).getActionsByCode(allAction.getActionCode());
    for (BitFieldAction ac : actions) {
      grantPrivilege.setAction(ac.getValue());
      MSentryGMPrivilege existPriv = getPrivilege(grantPrivilege, pm);
      if (existPriv != null && role.getGmPrivileges().contains(existPriv)) {
        /**
         * force to load all roles related this privilege
         * avoid the lazy-loading risk,such as:
         * if the roles field of privilege aren't loaded, then the roles is a empty set
         * privilege.removeRole(role) and pm.makePersistent(privilege)
         * will remove other roles that shouldn't been removed
         */
        pm.retrieve(existPriv);
        existPriv.removeRole(role);
        pm.makePersistent(existPriv);
      }
    }
  } else {
    /**
     * If ALL Action already exists..
     * do nothing.
     */
    grantPrivilege.setAction(allAction.getValue());
    MSentryGMPrivilege allPrivilege = getPrivilege(grantPrivilege, pm);
    if (allPrivilege != null && role.getGmPrivileges().contains(allPrivilege)) {
      return;
    }
  }

  /**
   * restore the action
   */
  grantPrivilege.setAction(action.getValue());
  /**
   * check the privilege is exist or not
   */
  MSentryGMPrivilege mPrivilege = getPrivilege(grantPrivilege, pm);
  if (mPrivilege == null) {
    mPrivilege = grantPrivilege;
  }
  mPrivilege.appendRole(role);
  pm.makePersistent(mPrivilege);
}
 
Example 7
Source File: TestSentryRole.java    From incubator-sentry with Apache License 2.0 4 votes vote down vote up
@Test
public void grantMixedPrivilegeTest() throws Exception {
  String roleName = "r1";
  //hive/impala privilege
  MSentryPrivilege hivePrivilege = new MSentryPrivilege();
  hivePrivilege.setServerName("hive.server1");
  hivePrivilege.setDbName("db1");
  hivePrivilege.setTableName("tb1");
  hivePrivilege.setPrivilegeScope("table");
  hivePrivilege.setAction("select");
  hivePrivilege.setGrantOption(true);
  //solr privilege
  MSentryGMPrivilege solrPrivilege = new MSentryGMPrivilege();
  solrPrivilege.setComponentName("solr");
  solrPrivilege.setServiceName("solr.server1");
  solrPrivilege.setAuthorizables(Arrays.asList(new Collection("c1")));
  solrPrivilege.setAction("query");
  solrPrivilege.setGrantOption(true);

  PersistenceManager pm = null;
  //create role
  pm = openTransaction();
  pm.makePersistent(new MSentryRole(roleName, System.currentTimeMillis()));
  commitTransaction(pm);
  //add hivePrivilege to role
  pm = openTransaction();
  MSentryRole role = getMSentryRole(pm, roleName);
  hivePrivilege.appendRole(role);
  pm.makePersistent(hivePrivilege);
  commitTransaction(pm);
  //check hivePrivlege and solrPrivilege
  pm = openTransaction();
  role = getMSentryRole(pm, roleName);
  pm.retrieve(role);
  assertEquals(1, role.getPrivileges().size());
  assertEquals(0, role.getGmPrivileges().size());
  commitTransaction(pm);
  //add solrPrivilege to role
  pm = openTransaction();
  role = getMSentryRole(pm, roleName);
  pm.retrieve(role);
  solrPrivilege.appendRole(role);
  pm.makePersistent(solrPrivilege);
  commitTransaction(pm);
  //check hivePrivlege and solrPrivilege
  pm = openTransaction();
  role = getMSentryRole(pm, roleName);
  pm.retrieve(role);
  assertEquals(1, role.getPrivileges().size());
  assertEquals(1, role.getGmPrivileges().size());
  commitTransaction(pm);
}
 
Example 8
Source File: TestSentryRole.java    From incubator-sentry with Apache License 2.0 4 votes vote down vote up
@Test
public void testWantGrantPrivilegeTwice() throws Exception {
  String roleName = "r1";
  //hive/impala privilege
  MSentryPrivilege hivePrivilege = new MSentryPrivilege();
  hivePrivilege.setServerName("hive.server1");
  hivePrivilege.setDbName("db1");
  hivePrivilege.setTableName("tb1");
  hivePrivilege.setPrivilegeScope("table");
  hivePrivilege.setAction("select");
  hivePrivilege.setURI(SentryStore.NULL_COL);
  hivePrivilege.setColumnName(SentryStore.NULL_COL);
  hivePrivilege.setGrantOption(true);
  //The same hivePrivilege
  MSentryPrivilege hivePrivilege2 = new MSentryPrivilege(hivePrivilege);
  //solr privilege
  MSentryGMPrivilege solrPrivilege = new MSentryGMPrivilege();
  solrPrivilege.setComponentName("solr");
  solrPrivilege.setServiceName("solr.server1");
  solrPrivilege.setAuthorizables(Arrays.asList(new Collection("c1")));
  solrPrivilege.setAction("query");
  solrPrivilege.setGrantOption(true);
  //The same solrPrivilege
  MSentryGMPrivilege solrPrivilege2 = new MSentryGMPrivilege(solrPrivilege);

  PersistenceManager pm = null;
  //create role
  pm = openTransaction();
  pm.makePersistent(new MSentryRole(roleName, System.currentTimeMillis()));
  commitTransaction(pm);

  //grant hivePrivilege and solrPrivilege to role
  pm = openTransaction();
  MSentryRole role = getMSentryRole(pm, roleName);
  solrPrivilege.appendRole(role);
  hivePrivilege.appendRole(role);
  pm.makePersistent(solrPrivilege);
  pm.makePersistent(hivePrivilege);
  commitTransaction(pm);
  //check
  pm = openTransaction();
  role = getMSentryRole(pm, roleName);
  pm.retrieve(role);
  assertEquals(1, role.getPrivileges().size());
  assertEquals(1, role.getGmPrivileges().size());
  commitTransaction(pm);

  //want to grant the same hivePrivilege and solrPrivilege to role again
  //hivePrivilege2 is equal to hivePrivilege
  //solrPrivilege2 is equal to solrPrivilege
  pm = openTransaction();
  role = getMSentryRole(pm, roleName);
  pm.retrieve(role);
  if (!role.getGmPrivileges().contains(solrPrivilege2)) {
    fail("unexpect happend: the MSentryGMPrivilege:" + solrPrivilege2 + " already be granted");
  }
  if (!role.getPrivileges().contains(hivePrivilege2)) {
    fail("unexpect happend: the MSentryPrivilege:" + hivePrivilege2 + " already be granted");
  }
  commitTransaction(pm);
}
 
Example 9
Source File: TestSentryRole.java    From incubator-sentry with Apache License 2.0 4 votes vote down vote up
@Test
public void testMixedRevokePrivilege() throws Exception {
  String roleName = "r1";
  //hive/impala privilege
  MSentryPrivilege hivePrivilege = new MSentryPrivilege();
  hivePrivilege.setServerName("hive.server1");
  hivePrivilege.setDbName("db1");
  hivePrivilege.setTableName("tb1");
  hivePrivilege.setPrivilegeScope("table");
  hivePrivilege.setAction("select");
  hivePrivilege.setURI(SentryStore.NULL_COL);
  hivePrivilege.setColumnName(SentryStore.NULL_COL);
  hivePrivilege.setGrantOption(true);

  //solr privilege
  MSentryGMPrivilege solrPrivilege = new MSentryGMPrivilege();
  solrPrivilege.setComponentName("solr");
  solrPrivilege.setServiceName("solr.server1");
  solrPrivilege.setAuthorizables(Arrays.asList(new Collection("c1")));
  solrPrivilege.setAction("query");
  solrPrivilege.setGrantOption(true);

  PersistenceManager pm = null;
  //create role
  pm = openTransaction();
  pm.makePersistent(new MSentryRole(roleName, System.currentTimeMillis()));
  commitTransaction(pm);

  //grant hivePrivilege and solrPrivilege to role
  pm = openTransaction();
  MSentryRole role = getMSentryRole(pm, roleName);
  hivePrivilege.appendRole(role);
  solrPrivilege.appendRole(role);
  pm.makePersistent(hivePrivilege);
  pm.makePersistent(solrPrivilege);
  commitTransaction(pm);

  //check
  pm = openTransaction();
  role = getMSentryRole(pm, roleName);
  pm.retrieve(role);
  assertEquals(1, role.getPrivileges().size());
  assertEquals(1, role.getGmPrivileges().size());
  commitTransaction(pm);

  //revoke solrPrivilege from role
  pm = openTransaction();
  role = getMSentryRole(pm, roleName);
  solrPrivilege = (MSentryGMPrivilege)role.getGmPrivileges().toArray()[0];
  solrPrivilege.removeRole(role);
  pm.makePersistent(solrPrivilege);
  commitTransaction(pm);

  //check
  pm = openTransaction();
  role = getMSentryRole(pm, roleName);
  pm.retrieve(role);
  assertEquals(1, role.getPrivileges().size());
  assertEquals(0, role.getGmPrivileges().size());
  commitTransaction(pm);

  //revoke hivePrivilege from role
  pm = openTransaction();
  role = getMSentryRole(pm, roleName);
  pm.retrieve(role);
  hivePrivilege = (MSentryPrivilege)role.getPrivileges().toArray()[0];
  hivePrivilege.removeRole(role);
  pm.makePersistent(hivePrivilege);
  commitTransaction(pm);

  //check
  pm = openTransaction();
  role = getMSentryRole(pm, roleName);
  pm.retrieve(role);
  assertEquals(0, role.getPrivileges().size());
  assertEquals(0, role.getGmPrivileges().size());
  commitTransaction(pm);
}
 
Example 10
Source File: TestSentryRole.java    From incubator-sentry with Apache License 2.0 4 votes vote down vote up
@Test
public void testDeletePrivilegeAndRole() throws Exception {
  String roleName = "r1";
  //hive/impala privilege
  MSentryPrivilege hivePrivilege = new MSentryPrivilege();
  hivePrivilege.setServerName("hive.server1");
  hivePrivilege.setDbName("db1");
  hivePrivilege.setTableName("tb1");
  hivePrivilege.setPrivilegeScope("table");
  hivePrivilege.setAction("select");
  hivePrivilege.setURI(SentryStore.NULL_COL);
  hivePrivilege.setColumnName(SentryStore.NULL_COL);
  hivePrivilege.setGrantOption(true);

  //solr privilege
  MSentryGMPrivilege solrPrivilege = new MSentryGMPrivilege();
  solrPrivilege.setComponentName("solr");
  solrPrivilege.setServiceName("solr.server1");
  solrPrivilege.setAuthorizables(Arrays.asList(new Collection("c1")));
  solrPrivilege.setAction("query");
  solrPrivilege.setGrantOption(true);

  PersistenceManager pm = null;
  //create role
  pm = openTransaction();
  pm.makePersistent(new MSentryRole(roleName, System.currentTimeMillis()));
  commitTransaction(pm);

  //grant hivePrivilege and solrPrivilege to role
  pm = openTransaction();
  MSentryRole role = getMSentryRole(pm, roleName);
  hivePrivilege.appendRole(role);
  solrPrivilege.appendRole(role);
  pm.makePersistent(hivePrivilege);
  pm.makePersistent(solrPrivilege);
  commitTransaction(pm);

  //check
  pm = openTransaction();
  role = getMSentryRole(pm, roleName);
  pm.retrieve(role);
  assertEquals(1, role.getPrivileges().size());
  assertEquals(1, role.getGmPrivileges().size());
  commitTransaction(pm);

  //remove all privileges
  pm = openTransaction();
  role = getMSentryRole(pm, roleName);
  role.removeGMPrivileges();
  role.removePrivileges();
  pm.makePersistent(role);
  commitTransaction(pm);

  //check
  pm = openTransaction();
  role = getMSentryRole(pm, roleName);
  pm.retrieve(role);
  assertEquals(0, role.getPrivileges().size());
  assertEquals(0, role.getGmPrivileges().size());
  commitTransaction(pm);

  //delete role
  pm = openTransaction();
  role = getMSentryRole(pm, roleName);
  pm.deletePersistent(role);
  commitTransaction(pm);

  //check
  pm = openTransaction();
  role = getMSentryRole(pm, roleName);
  assertTrue(role == null);
  commitTransaction(pm);
}