github/sqoop
5
0
Fork 0
mirror of https://github.com/apache/sqoop.git synced 2025-05-12 23:11:43 +08:00
Code Issues Projects Releases Wiki Activity

SQOOP-2080: Sqoop2: Combine privileges into READ and WRITE

Browse Source 
(Richard Zhou via Abraham Elmahrek)
This commit is contained in:
Abraham Elmahrek 2015-02-17 13:08:02 -08:00
parent 2b3ca36b17
commit 170ab67bbb
1 changed files with 20 additions and 28 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

48
security/src/main/java/org/apache/sqoop/security/Authorization/AuthorizationEngine.java
View File

@ -48,14 +48,14 @@ public enum RoleType {
* Resource type * Resource type
*/ */
public enum ResourceType { public enum ResourceType {
CONNECTOR, LINK, JOB SERVER, CONNECTOR, LINK, JOB
} }
/** /**
* Action type in Privilege * Action type in Privilege
*/ */
public enum PrivilegeActionType { public enum PrivilegeActionType {
VIEW, USE, CREATE, UPDATE, DELETE, ENABlE_DISABLE, START_STOP, STATUS ALL, READ, WRITE
} }
/** /**
@ -67,7 +67,7 @@ public static <T extends MPersistableEntity> List<T> filterResource(final Resour
public boolean apply(T input) { public boolean apply(T input) {
try { try {
String name = String.valueOf(input.getPersistenceId()); String name = String.valueOf(input.getPersistenceId());
checkPrivilege(getPrivilege(type, name, PrivilegeActionType.VIEW)); checkPrivilege(getPrivilege(type, name, PrivilegeActionType.READ));
// add valid resource // add valid resource
return true; return true;
} catch (Exception e) { } catch (Exception e) {
@ -83,63 +83,58 @@ public boolean apply(T input) {
* Link related function * Link related function
*/ */
public static void createLink(String connectorId) throws SqoopException { public static void createLink(String connectorId) throws SqoopException {
MPrivilege privilege1 = getPrivilege(ResourceType.CONNECTOR, connectorId, PrivilegeActionType.USE); checkPrivilege(getPrivilege(ResourceType.CONNECTOR, connectorId, PrivilegeActionType.READ));
// resource id is empty, means it is a global privilege
MPrivilege privilege2 = getPrivilege(ResourceType.LINK, StringUtils.EMPTY, PrivilegeActionType.CREATE);
checkPrivilege(privilege1, privilege2);
} }
public static void updateLink(String connectorId, String linkId) throws SqoopException { public static void updateLink(String connectorId, String linkId) throws SqoopException {
MPrivilege privilege1 = getPrivilege(ResourceType.CONNECTOR, connectorId, PrivilegeActionType.USE); MPrivilege privilege1 = getPrivilege(ResourceType.CONNECTOR, connectorId, PrivilegeActionType.READ);
MPrivilege privilege2 = getPrivilege(ResourceType.LINK, linkId, PrivilegeActionType.UPDATE); MPrivilege privilege2 = getPrivilege(ResourceType.LINK, linkId, PrivilegeActionType.WRITE);
checkPrivilege(privilege1, privilege2); checkPrivilege(privilege1, privilege2);
} }
public static void deleteLink(String linkId) throws SqoopException { public static void deleteLink(String linkId) throws SqoopException {
checkPrivilege(getPrivilege(ResourceType.LINK, linkId, PrivilegeActionType.DELETE)); checkPrivilege(getPrivilege(ResourceType.LINK, linkId, PrivilegeActionType.WRITE));
} }
public static void enableDisableLink(String linkId) throws SqoopException { public static void enableDisableLink(String linkId) throws SqoopException {
checkPrivilege(getPrivilege(ResourceType.LINK, linkId, PrivilegeActionType.ENABlE_DISABLE)); checkPrivilege(getPrivilege(ResourceType.LINK, linkId, PrivilegeActionType.WRITE));
} }
/** /**
* Job related function * Job related function
*/ */
public static void createJob(String linkId1, String linkId2) throws SqoopException { public static void createJob(String linkId1, String linkId2) throws SqoopException {
MPrivilege privilege1 = getPrivilege(ResourceType.LINK, linkId1, PrivilegeActionType.USE); MPrivilege privilege1 = getPrivilege(ResourceType.LINK, linkId1, PrivilegeActionType.READ);
MPrivilege privilege2 = getPrivilege(ResourceType.LINK, linkId2, PrivilegeActionType.USE); MPrivilege privilege2 = getPrivilege(ResourceType.LINK, linkId2, PrivilegeActionType.READ);
// resource id is empty, means it is a global privilege checkPrivilege(privilege1, privilege2);
MPrivilege privilege3 = getPrivilege(ResourceType.JOB, StringUtils.EMPTY, PrivilegeActionType.CREATE);
checkPrivilege(privilege1, privilege2, privilege3);
} }
public static void updateJob(String linkId1, String linkId2, String jobId) throws SqoopException { public static void updateJob(String linkId1, String linkId2, String jobId) throws SqoopException {
MPrivilege privilege1 = getPrivilege(ResourceType.LINK, linkId1, PrivilegeActionType.USE); MPrivilege privilege1 = getPrivilege(ResourceType.LINK, linkId1, PrivilegeActionType.READ);
MPrivilege privilege2 = getPrivilege(ResourceType.LINK, linkId2, PrivilegeActionType.USE); MPrivilege privilege2 = getPrivilege(ResourceType.LINK, linkId2, PrivilegeActionType.READ);
MPrivilege privilege3 = getPrivilege(ResourceType.JOB, jobId, PrivilegeActionType.UPDATE); MPrivilege privilege3 = getPrivilege(ResourceType.JOB, jobId, PrivilegeActionType.WRITE);
checkPrivilege(privilege1, privilege2, privilege3); checkPrivilege(privilege1, privilege2, privilege3);
} }
public static void deleteJob(String jobId) throws SqoopException { public static void deleteJob(String jobId) throws SqoopException {
checkPrivilege(getPrivilege(ResourceType.JOB, jobId, PrivilegeActionType.DELETE)); checkPrivilege(getPrivilege(ResourceType.JOB, jobId, PrivilegeActionType.WRITE));
} }
public static void enableDisableJob(String jobId) throws SqoopException { public static void enableDisableJob(String jobId) throws SqoopException {
checkPrivilege(getPrivilege(ResourceType.JOB, jobId, PrivilegeActionType.ENABlE_DISABLE)); checkPrivilege(getPrivilege(ResourceType.JOB, jobId, PrivilegeActionType.WRITE));
} }
public static void startJob(String jobId) throws SqoopException { public static void startJob(String jobId) throws SqoopException {
; ;
checkPrivilege(getPrivilege(ResourceType.JOB, jobId, PrivilegeActionType.START_STOP)); checkPrivilege(getPrivilege(ResourceType.JOB, jobId, PrivilegeActionType.WRITE));
} }
public static void stopJob(String jobId) throws SqoopException { public static void stopJob(String jobId) throws SqoopException {
checkPrivilege(getPrivilege(ResourceType.JOB, jobId, PrivilegeActionType.START_STOP)); checkPrivilege(getPrivilege(ResourceType.JOB, jobId, PrivilegeActionType.WRITE));
} }
public static void statusJob(String jobId) throws SqoopException { public static void statusJob(String jobId) throws SqoopException {
checkPrivilege(getPrivilege(ResourceType.JOB, jobId, PrivilegeActionType.STATUS)); checkPrivilege(getPrivilege(ResourceType.JOB, jobId, PrivilegeActionType.READ));
} }
/** /**
@ -151,7 +146,7 @@ public static List<MSubmission> filterSubmission(List<MSubmission> submissions)
public boolean apply(MSubmission input) { public boolean apply(MSubmission input) {
try { try {
String jobId = String.valueOf(input.getJobId()); String jobId = String.valueOf(input.getJobId());
checkPrivilege(getPrivilege(ResourceType.JOB, jobId, PrivilegeActionType.STATUS)); checkPrivilege(getPrivilege(ResourceType.JOB, jobId, PrivilegeActionType.READ));
// add valid submission // add valid submission
return true; return true;
} catch (Exception e) { } catch (Exception e) {
@ -169,9 +164,6 @@ public boolean apply(MSubmission input) {
private static MPrivilege getPrivilege(ResourceType resourceType, private static MPrivilege getPrivilege(ResourceType resourceType,
String resourceId, String resourceId,
PrivilegeActionType privilegeActionType) { PrivilegeActionType privilegeActionType) {
// Do a transfer. "all" means global instances in Restful API, whilst empty
// string means global instances in role based access controller.
resourceId = (resourceId == null || resourceId.equals("all")) ? StringUtils.EMPTY : resourceId;
return new MPrivilege(new MResource(resourceId, resourceType.name()), privilegeActionType.name(), false); return new MPrivilege(new MResource(resourceId, resourceType.name()), privilegeActionType.name(), false);
} }