Examples of org.apache.sentry.core.common.Subject

• org.apache.sentry.core.common.Subject

    configTool.setPolicyFile(context.getPolicyFile().getPath());
    configTool.setupConfig();
    configTool.validatePolicy();

    Set<String> permList = configTool.getSentryProvider()
        .listPrivilegesForSubject(new Subject(USER1_1));
    assertTrue(permList
        .contains("server=server1->db=db1->table=tab1->action=select"));
    assertTrue(permList
        .contains("server=server1->db=db1->table=tab2->action=insert"));

    permList = configTool.getSentryProvider().listPrivilegesForSubject(
        new Subject(USER2_1));
    assertTrue(permList
        .contains("server=server1->db=db1->table=tab3->action=select"));

    permList = configTool.getSentryProvider().listPrivilegesForSubject(
        new Subject(ADMIN1));
    assertTrue(permList.contains("server=server1"));
  }

    stmtAuthObject = HiveAuthzPrivilegesMap.getHiveAuthzPrivileges(stmtOperation);

    // must occur above the null check on stmtAuthObject
    // since GRANT/REVOKE/etc are not authorized by binding layer at present
    Subject subject = getCurrentSubject(context);
    Set<String> subjectGroups = hiveAuthzBinding.getGroups(subject);
    for (Task<? extends Serializable> task : rootTasks) {
      if (task instanceof SentryGrantRevokeTask) {
        SentryGrantRevokeTask sentryTask = (SentryGrantRevokeTask)task;
        sentryTask.setHiveAuthzBinding(hiveAuthzBinding);

    return sessState.getHiveOperation();
  }

  private Subject getCurrentSubject(HiveSemanticAnalyzerHookContext context) {
    // Extract the username from the hook context
    return new Subject(context.getUserName());
  }

  private List<String> filterShowTables(List<String> queryResult,
      HiveOperation operation, String userName, String dbName)
          throws SemanticException {
    List<String> filteredResult = new ArrayList<String>();
    Subject subject = new Subject(userName);
    HiveAuthzPrivileges tableMetaDataPrivilege = new HiveAuthzPrivileges.AuthzPrivilegeBuilder().
        addInputObjectPriviledge(AuthorizableType.Table, EnumSet.of(DBModelAction.SELECT, DBModelAction.INSERT)).
        setOperationScope(HiveOperationScope.TABLE).
        setOperationType(HiveOperationType.INFO).
        build();

  }

  private List<String> filterShowDatabases(List<String> queryResult,
      HiveOperation operation, String userName) throws SemanticException {
    List<String> filteredResult = new ArrayList<String>();
    Subject subject = new Subject(userName);
    HiveAuthzPrivileges anyPrivilege = new HiveAuthzPrivileges.AuthzPrivilegeBuilder().
        addInputObjectPriviledge(AuthorizableType.Table, EnumSet.of(DBModelAction.SELECT, DBModelAction.INSERT)).
        addInputObjectPriviledge(AuthorizableType.URI, EnumSet.of(DBModelAction.SELECT)).
        setOperationScope(HiveOperationScope.CONNECT).
        setOperationType(HiveOperationType.QUERY).

    }
  }

  @Test
  public void testDuplicateEntries() throws Exception {
    Subject user1 = new Subject("user1");
    Server server1 = new Server("server1");
    AccessURI uri = new AccessURI("file:///path/to/");
    Set<? extends Action> actions = EnumSet.of(DBModelAction.ALL, DBModelAction.SELECT, DBModelAction.INSERT);
    policyFile.addGroupsToUser(user1.getName(), true, "group1", "group1")
      .addRolesToGroup("group1",  true, "role1", "role1")
      .addPermissionsToRole("role1", true, "server=" + server1.getName() + "->uri=" + uri.getName(),
          "server=" + server1.getName() + "->uri=" + uri.getName());
    policyFile.write(iniFile);
    DBPolicyFileBackend policy = new DBPolicyFileBackend(server1.getName(), initResource);

    Assert.assertTrue(authorizableHierarchy.toString(),
        authzProvider.hasAccess(user1, authorizableHierarchy, actions, ActiveRoleSet.ALL));
  }
  @Test
  public void testNonAbolutePath() throws Exception {
    Subject user1 = new Subject("user1");
    Server server1 = new Server("server1");
    AccessURI uri = new AccessURI("file:///path/to/");
    Set<? extends Action> actions = EnumSet.of(DBModelAction.ALL, DBModelAction.SELECT, DBModelAction.INSERT);
    policyFile.addGroupsToUser(user1.getName(), "group1")
      .addRolesToGroup("group1", "role1")
      .addPermissionsToRole("role1", "server=" + server1.getName() + "->uri=" + uri.getName());
    policyFile.write(iniFile);
    DBPolicyFileBackend policy = new DBPolicyFileBackend(server1.getName(), initResource);
    authzProvider = new LocalGroupResourceAuthorizationProvider(initResource, policy);

      List<List<DBModelAuthorizable>> outputHierarchy)
      throws InvalidOperationException {
    try {
      HiveAuthzBinding hiveAuthzBinding = getHiveAuthzBinding();
      hiveAuthzBinding.authorize(hiveOp, HiveAuthzPrivilegesMap
          .getHiveAuthzPrivileges(hiveOp), new Subject(getUserName()),
          inputHierarchy, outputHierarchy);
    } catch (AuthorizationException e1) {
      throw invalidOperationException(e1);
    } catch (LoginException e1) {
      throw invalidOperationException(e1);

        serverHierarchy.add(hiveAuthzBinding.getAuthServer());
        inputHierarchy.add(serverHierarchy);
        hiveAuthzBinding.authorize(HiveOperation.QUERY,
          HiveAuthzPrivilegesMap.getHiveExtendedAuthzPrivileges(HiveExtendedOperation.TRANSFORM),
          new Subject(hookContext.getUserName()), inputHierarchy, outputHierarchy);
      }
    } finally {
      if (hiveAuthzBinding != null) {
        hiveAuthzBinding.clear(hookContext.getConf());
      }

  // list permissions for given user
  public void listPrivs() throws Exception {
    getSentryProvider().validateResource(true);
    System.out.println("Available privileges for user " + getUser() + ":");
    Set<String> permList = getSentryProvider().listPrivilegesForSubject(
        new Subject(getUser()));
    for (String perms : permList) {
      System.out.println("\t" + perms);
    }
    if (permList.isEmpty()) {
      System.out.println("\t*** No permissions available ***");