diff --git a/client/src/main/java/org/apache/sqoop/client/SqoopClient.java b/client/src/main/java/org/apache/sqoop/client/SqoopClient.java index 9e15c030..200f9b41 100644 --- a/client/src/main/java/org/apache/sqoop/client/SqoopClient.java +++ b/client/src/main/java/org/apache/sqoop/client/SqoopClient.java @@ -31,16 +31,8 @@ import org.apache.sqoop.client.request.SqoopResourceRequests; import org.apache.sqoop.common.Direction; import org.apache.sqoop.common.SqoopException; -import org.apache.sqoop.json.ConnectorBean; -import org.apache.sqoop.json.DriverBean; -import org.apache.sqoop.json.ValidationResultBean; -import org.apache.sqoop.model.ConfigUtils; -import org.apache.sqoop.model.MConnector; -import org.apache.sqoop.model.MDriver; -import org.apache.sqoop.model.MDriverConfig; -import org.apache.sqoop.model.MJob; -import org.apache.sqoop.model.MLink; -import org.apache.sqoop.model.MSubmission; +import org.apache.sqoop.json.*; +import org.apache.sqoop.model.*; import org.apache.sqoop.validation.ConfigValidationResult; import org.apache.sqoop.validation.Status; @@ -559,6 +551,110 @@ public List getSubmissionsForJob(long jobId) { return resourceRequests.readSubmission(jobId).getSubmissions(); } + /** + * Retrieve list of all roles. + * + * @return + */ + public List getRoles() { + return resourceRequests.readRoles().getRoles(); + } + + /** + * Create a new role. + * + * @param role MRole + * @return + */ + public void createRole(MRole role) { + resourceRequests.createRole(role); + } + + /** + * Drop a role. + * + * @param role MRole + * @return + */ + public void dropRole(MRole role) { + resourceRequests.dropRole(role); + } + + /** + * Grant roles on principals. + * + * @param roles MRole List + * @param principals MPrincipal List + * @return + */ + public void grantRole(List roles, List principals) { + resourceRequests.grantRole(roles, principals); + } + + /** + * Revoke roles on principals. + * + * @param roles MRole List + * @param principals MPrincipal List + * @return + */ + public void revokeRole(List roles, List principals) { + resourceRequests.revokeRole(roles, principals); + } + + /** + * Get roles by principal. + * + * @param principal MPrincipal + * @return + */ + public RolesBean getRolesByPrincipal(MPrincipal principal) { + return resourceRequests.readRolesByPrincipal(principal); + } + + /** + * Get principals by role. + * + * @param role MRole + * @return + */ + public PrincipalsBean getPrincipalsByRole(MRole role) { + return resourceRequests.readPrincipalsByRole(role); + } + + /** + * Grant privileges on principals. + * + * @param principals MPrincipal List + * @param privileges MPrivilege List + * @return + */ + public void grantPrivilege(List principals, List privileges) { + resourceRequests.grantPrivilege(principals, privileges); + } + + /** + * Revoke privileges on principals. + * + * @param principals MPrincipal List + * @param privileges MPrivilege List + * @return + */ + public void revokePrivilege(List principals, List privileges) { + resourceRequests.revokePrivilege(principals, privileges); + } + + /** + * Get privileges by principal. + * + * @param principal MPrincipal + * @param resource MResource + * @return + */ + public PrivilegesBean getPrivilegesByPrincipal(MPrincipal principal, MResource resource) { + return resourceRequests.readPrivilegesByPrincipal(principal, resource); + } + /** * Add delegation token into credentials of Hadoop security. * diff --git a/client/src/main/java/org/apache/sqoop/client/request/AuthorizationResourceRequest.java b/client/src/main/java/org/apache/sqoop/client/request/AuthorizationResourceRequest.java new file mode 100644 index 00000000..cdd8e730 --- /dev/null +++ b/client/src/main/java/org/apache/sqoop/client/request/AuthorizationResourceRequest.java @@ -0,0 +1,138 @@ +/** + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package org.apache.sqoop.client.request; + +import org.apache.hadoop.security.token.delegation.web.DelegationTokenAuthenticatedURL; +import org.apache.sqoop.json.*; +import org.apache.sqoop.model.MPrincipal; +import org.apache.sqoop.model.MPrivilege; +import org.apache.sqoop.model.MResource; +import org.apache.sqoop.model.MRole; +import org.json.simple.JSONObject; + +import java.util.List; + +/** + * Provide CRUD semantics over RESTfull HTTP API for authorization. All operations are + * normally supported. + */ +public class AuthorizationResourceRequest extends ResourceRequest { + + public static final String RESOURCE = "v1/authorization"; + + public static final String ROLES = "/roles"; + public static final String PRINCIPALS = "/principals"; + public static final String PRIVILEGES = "/privileges"; + + private static final String CREATE = "/create"; + private static final String GRANT = "/grant"; + private static final String REVOKE = "/revoke"; + + public AuthorizationResourceRequest() { + super(); + } + + public AuthorizationResourceRequest(DelegationTokenAuthenticatedURL.Token token) { + super(token); + } + + public RolesBean readRoles(String serverUrl) { + String response = super.get(serverUrl + RESOURCE + ROLES); + JSONObject jsonObject = JSONUtils.parse(response); + RolesBean bean = new RolesBean(); + bean.restore(jsonObject); + return bean; + } + + public void createRole(String serverUrl, MRole role) { + RoleBean roleBean = new RoleBean(role); + // Extract all config inputs including sensitive inputs + JSONObject roleJson = roleBean.extract(false); + super.put(serverUrl + RESOURCE + ROLES + CREATE, roleJson.toJSONString()); + } + + public void dropRole(String serverUrl, MRole role) { + super.delete(serverUrl + RESOURCE + ROLES + "/" + role.getName()); + } + + public void grantRevokeRole(String serverUrl, List roles, List principals, boolean isGrant) { + RolesBean rolesBean = new RolesBean(roles); + PrincipalsBean principalsBean = new PrincipalsBean(principals); + // Extract all config inputs including sensitive inputs + JSONObject jsonObject = new JSONObject(); + jsonObject.putAll(rolesBean.extract(false)); + jsonObject.putAll(principalsBean.extract(false)); + if (isGrant) { + super.put(serverUrl + RESOURCE + ROLES + GRANT, jsonObject.toJSONString()); + } else { + super.put(serverUrl + RESOURCE + ROLES + REVOKE, jsonObject.toJSONString()); + } + } + + public RolesBean readRolesByPrincipal(String serverUrl, MPrincipal principal) { + String response = super.get(serverUrl + RESOURCE + ROLES + + "?principal_name=" + principal.getName() + + "&principal_type=" + principal.getType()); + JSONObject jsonObject = JSONUtils.parse(response); + RolesBean bean = new RolesBean(); + bean.restore(jsonObject); + return bean; + } + + public PrincipalsBean readPrincipalsByRole(String serverUrl, MRole role) { + String response = super.get(serverUrl + RESOURCE + PRINCIPALS + + "?role_name=" + role.getName()); + JSONObject jsonObject = JSONUtils.parse(response); + PrincipalsBean bean = new PrincipalsBean(); + bean.restore(jsonObject); + return bean; + } + + public void grantRevokePrivilege(String serverUrl, List principals, List privileges, boolean isGrant) { + PrincipalsBean principalsBean = new PrincipalsBean(principals); + // Extract all config inputs including sensitive inputs + JSONObject jsonObject = new JSONObject(); + jsonObject.putAll(principalsBean.extract(false)); + + if (privileges != null && privileges.size() != 0) { + PrivilegesBean privilegesBean = new PrivilegesBean(privileges); + jsonObject.putAll(privilegesBean.extract(false)); + } + + if (isGrant) { + super.put(serverUrl + RESOURCE + PRIVILEGES + GRANT, jsonObject.toJSONString()); + } else { + super.put(serverUrl + RESOURCE + PRIVILEGES + REVOKE, jsonObject.toJSONString()); + } + } + + public PrivilegesBean readPrivilegesByPrincipal(String serverUrl, MPrincipal principal, MResource resource) { + String url = serverUrl + RESOURCE + PRIVILEGES + + "?principal_name=" + principal.getName() + + "&principal_type=" + principal.getType(); + if (resource != null) { + url += "&resource_name=" + resource.getName(); + url += "&resource_type=" + resource.getType(); + } + String response = super.get(url); + JSONObject jsonObject = JSONUtils.parse(response); + PrivilegesBean bean = new PrivilegesBean(); + bean.restore(jsonObject); + return bean; + } +} diff --git a/client/src/main/java/org/apache/sqoop/client/request/SqoopResourceRequests.java b/client/src/main/java/org/apache/sqoop/client/request/SqoopResourceRequests.java index 1825cf3c..882c336f 100644 --- a/client/src/main/java/org/apache/sqoop/client/request/SqoopResourceRequests.java +++ b/client/src/main/java/org/apache/sqoop/client/request/SqoopResourceRequests.java @@ -20,17 +20,11 @@ import org.apache.hadoop.security.token.Token; import org.apache.hadoop.security.token.delegation.web.DelegationTokenAuthenticatedURL; import org.apache.hadoop.security.Credentials; -import org.apache.sqoop.json.ConnectorBean; -import org.apache.sqoop.json.DriverBean; -import org.apache.sqoop.json.JobBean; -import org.apache.sqoop.json.LinkBean; -import org.apache.sqoop.json.SubmissionBean; -import org.apache.sqoop.json.SubmissionsBean; -import org.apache.sqoop.json.ValidationResultBean; -import org.apache.sqoop.model.MJob; -import org.apache.sqoop.model.MLink; +import org.apache.sqoop.json.*; +import org.apache.sqoop.model.*; import java.io.IOException; +import java.util.List; /** * Unified class for all request objects. @@ -44,9 +38,10 @@ public class SqoopResourceRequests { private LinkResourceRequest linkRequest; private JobResourceRequest jobRequest; private SubmissionResourceRequest submissionRequest; + private AuthorizationResourceRequest authorizationRequest; private DelegationTokenAuthenticatedURL.Token authToken; - public SqoopResourceRequests(){ + public SqoopResourceRequests() { authToken = new DelegationTokenAuthenticatedURL.Token(); } @@ -94,6 +89,14 @@ public SubmissionResourceRequest getSubmissionResourceRequest() { return submissionRequest; } + public AuthorizationResourceRequest getAuthorizationRequest() { + if (authorizationRequest == null) { + authorizationRequest = new AuthorizationResourceRequest(authToken); + } + + return authorizationRequest; + } + public DriverBean readDriver() { return getDriverResourceRequest().read(serverUrl); } @@ -162,6 +165,46 @@ public SubmissionsBean readSubmission(Long jid) { return getSubmissionResourceRequest().read(serverUrl, jid); } + public RolesBean readRoles() { + return getAuthorizationRequest().readRoles(serverUrl); + } + + public void createRole(MRole role) { + getAuthorizationRequest().createRole(serverUrl, role); + } + + public void dropRole(MRole role) { + getAuthorizationRequest().dropRole(serverUrl, role); + } + + public void grantRole(List roles, List principals) { + getAuthorizationRequest().grantRevokeRole(serverUrl, roles, principals, true); + } + + public void revokeRole(List roles, List principals) { + getAuthorizationRequest().grantRevokeRole(serverUrl, roles, principals, false); + } + + public RolesBean readRolesByPrincipal(MPrincipal principal) { + return getAuthorizationRequest().readRolesByPrincipal(serverUrl, principal); + } + + public PrincipalsBean readPrincipalsByRole(MRole role) { + return getAuthorizationRequest().readPrincipalsByRole(serverUrl, role); + } + + public void grantPrivilege(List principals, List privileges) { + getAuthorizationRequest().grantRevokePrivilege(serverUrl, principals, privileges, true); + } + + public PrivilegesBean readPrivilegesByPrincipal(MPrincipal principal, MResource resource) { + return getAuthorizationRequest().readPrivilegesByPrincipal(serverUrl, principal, resource); + } + + public void revokePrivilege(List principals, List privileges) { + getAuthorizationRequest().grantRevokePrivilege(serverUrl, principals, privileges, false); + } + public Token[] addDelegationTokens(String renewer, Credentials credentials) throws IOException { return getDriverResourceRequest().addDelegationTokens(serverUrl + DriverResourceRequest.RESOURCE, renewer, credentials);