Impala
Impalaistheopensource,nativeanalyticdatabaseforApacheHadoop.
 All Classes Namespaces Files Functions Variables Typedefs Enumerations Enumerator Friends Macros
RolePrivilege.java
Go to the documentation of this file.
1 // Copyright 2014 Cloudera Inc.
2 //
3 // Licensed under the Apache License, Version 2.0 (the "License");
4 // you may not use this file except in compliance with the License.
5 // You may obtain a copy of the License at
6 //
7 // http://www.apache.org/licenses/LICENSE-2.0
8 //
9 // Unless required by applicable law or agreed to in writing, software
10 // distributed under the License is distributed on an "AS IS" BASIS,
11 // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 // See the License for the specific language governing permissions and
13 // limitations under the License.
14 
15 package com.cloudera.impala.catalog;
16 
17 import java.util.List;
18 
19 import org.apache.log4j.Logger;
20 
21 import com.cloudera.impala.thrift.TCatalogObjectType;
22 import com.cloudera.impala.thrift.TPrivilege;
23 import com.cloudera.impala.thrift.TPrivilegeLevel;
24 import com.cloudera.impala.thrift.TPrivilegeScope;
25 import com.google.common.base.Joiner;
26 import com.google.common.base.Preconditions;
27 import com.google.common.collect.Lists;
28 
33 public class RolePrivilege implements CatalogObject {
34  private static final Logger LOG = Logger.getLogger(AuthorizationPolicy.class);
35  // These Joiners are used to build role names. For simplicity, the role name we
36  // use can also be sent to the Sentry library to perform authorization checks
37  // so we build them in the same format.
38  private static final Joiner AUTHORIZABLE_JOINER = Joiner.on("->");
39  private static final Joiner KV_JOINER = Joiner.on("=");
40 
41  private final TPrivilege privilege_;
42  private long catalogVersion_ = Catalog.INITIAL_CATALOG_VERSION;
43 
44  private RolePrivilege(TPrivilege privilege) {
45  privilege_ = privilege;
46  }
47 
48  public TPrivilege toThrift() { return privilege_; }
49  public static RolePrivilege fromThrift(TPrivilege privilege) {
50  return new RolePrivilege(privilege);
51  }
52 
58  public static String buildRolePrivilegeName(TPrivilege privilege) {
59  List<String> authorizable = Lists.newArrayListWithExpectedSize(4);
60  try {
61  Preconditions.checkNotNull(privilege);
62  TPrivilegeScope scope = privilege.getScope();
63  Preconditions.checkNotNull(scope);
64  switch (scope) {
65  case SERVER: {
66  authorizable.add(KV_JOINER.join("server", privilege.getServer_name()));
67  break;
68  }
69  case URI: {
70  authorizable.add(KV_JOINER.join("server", privilege.getServer_name()));
71  authorizable.add(KV_JOINER.join("uri", privilege.getUri()));
72  break;
73  }
74  case DATABASE: {
75  authorizable.add(KV_JOINER.join("server", privilege.getServer_name()));
76  authorizable.add(KV_JOINER.join("db", privilege.getDb_name()));
77  break;
78  }
79  case TABLE: {
80  authorizable.add(KV_JOINER.join("server", privilege.getServer_name()));
81  authorizable.add(KV_JOINER.join("db", privilege.getDb_name()));
82  authorizable.add(KV_JOINER.join("table", privilege.getTable_name()));
83  break;
84  }
85  default: {
86  throw new UnsupportedOperationException(
87  "Unknown privilege scope: " + scope.toString());
88  }
89  }
90 
91  // The ALL privilege is always implied and does not need to be included as part
92  // of the name.
93  if (privilege.getPrivilege_level() != TPrivilegeLevel.ALL) {
94  authorizable.add(KV_JOINER.join("action",
95  privilege.getPrivilege_level().toString()));
96  }
97  return AUTHORIZABLE_JOINER.join(authorizable).toLowerCase();
98  } catch (Exception e) {
99  // Should never make it here unless the privilege is malformed.
100  LOG.error("ERROR: ", e);
101  return null;
102  }
103  }
104 
105  @Override
106  public TCatalogObjectType getCatalogObjectType() {
107  return TCatalogObjectType.PRIVILEGE;
108  }
109  @Override
110  public String getName() { return privilege_.getPrivilege_name(); }
111  public int getRoleId() { return privilege_.getRole_id(); }
112  @Override
113  public synchronized long getCatalogVersion() { return catalogVersion_; }
114  @Override
115  public synchronized void setCatalogVersion(long newVersion) {
116  catalogVersion_ = newVersion;
117  }
118  @Override
119  public boolean isLoaded() { return true; }
120 
121  // The time this role was created. Used to quickly check if the same privilege
122  // was dropped and re-created. Assumes a role will not be created + dropped + created
123  // in less than 1ms. Returns -1 if create_time_ms was not set for the privilege.
124  public long getCreateTimeMs() {
125  return privilege_.isSetCreate_time_ms() ? privilege_.getCreate_time_ms() : -1L;
126  }
127  public TPrivilegeScope getScope() { return privilege_.getScope(); }
128 }
impala_udf::ALL
Definition: uda-test-harness.h:33
com.cloudera.impala.catalog.Catalog.INITIAL_CATALOG_VERSION
static final long INITIAL_CATALOG_VERSION
Definition: Catalog.java:57
com.cloudera.impala.catalog.RolePrivilege.buildRolePrivilegeName
static String buildRolePrivilegeName(TPrivilege privilege)
Definition: RolePrivilege.java:58
com.cloudera.impala.catalog.RolePrivilege.fromThrift
static RolePrivilege fromThrift(TPrivilege privilege)
Definition: RolePrivilege.java:49
com.cloudera.impala.catalog.RolePrivilege.setCatalogVersion
synchronized void setCatalogVersion(long newVersion)
Definition: RolePrivilege.java:115