sentry-hdfs-int/src/main/java/org/apache/sentry/hdfs/SentryPermissions.java - incubator-sentry - Git at Google

 /**
  * Licensed to the Apache Software Foundation (ASF) under one
  * or more contributor license agreements.  See the NOTICE file
  * distributed with this work for additional information
  * regarding copyright ownership.  The ASF licenses this file
  * to you under the Apache License, Version 2.0 (the
  * "License"); you may not use this file except in compliance
  * with the License.  You may obtain a copy of the License at
  *
  *     http://www.apache.org/licenses/LICENSE-2.0
  *
  * Unless required by applicable law or agreed to in writing, software
  * distributed under the License is distributed on an "AS IS" BASIS,
  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
 package org.apache.sentry.hdfs;

 import java.util.Collection;
 import java.util.HashMap;
 import java.util.HashSet;
 import java.util.LinkedList;
 import java.util.List;
 import java.util.Map;
 import java.util.Set;

 import org.apache.hadoop.fs.permission.AclEntry;
 import org.apache.hadoop.fs.permission.AclEntryScope;
 import org.apache.hadoop.fs.permission.AclEntryType;
 import org.apache.hadoop.fs.permission.FsAction;

 import com.google.common.collect.Lists;

 public class SentryPermissions implements AuthzPermissions {

   public static class PrivilegeInfo {
     private final String authzObj;
     private final Map<String, FsAction> roleToPermission = new HashMap<String, FsAction>();
     public PrivilegeInfo(String authzObj) {
       this.authzObj = authzObj;
     }
     public PrivilegeInfo setPermission(String role, FsAction perm) {
       roleToPermission.put(role, perm);
       return this;
     }
     public PrivilegeInfo removePermission(String role) {
       roleToPermission.remove(role);
       return this;
     }
     public FsAction getPermission(String role) {
       return roleToPermission.get(role);
     }
     public Map<String, FsAction> getAllPermissions() {
       return roleToPermission;
     }
     public String getAuthzObj() {
       return authzObj;
     }
   }

   public static class RoleInfo {
     private final String role;
     private final Set<String> groups = new HashSet<String>();
     public RoleInfo(String role) {
       this.role = role;
     }
     public RoleInfo addGroup(String group) {
       groups.add(group);
       return this;
     }
     public RoleInfo delGroup(String group) {
       groups.remove(group);
       return this;
     }
     public String getRole() {
       return role;
     }
     public Set<String> getAllGroups() {
       return groups;
     }
   }

   private final Map<String, PrivilegeInfo> privileges = new HashMap<String, PrivilegeInfo>();
   private final Map<String, RoleInfo> roles = new HashMap<String, RoleInfo>();

   @Override
   public List<AclEntry> getAcls(String authzObj) {
     PrivilegeInfo privilegeInfo = privileges.get(authzObj);
     Map<String, FsAction> groupPerms = new HashMap<String, FsAction>();
     if (privilegeInfo != null) {
       for (Map.Entry<String, FsAction> privs : privilegeInfo
           .getAllPermissions().entrySet()) {
         constructAclEntry(privs.getKey(), privs.getValue(), groupPerms);
       }
     }
     List<AclEntry> retList = new LinkedList<AclEntry>();
     for (Map.Entry<String, FsAction> groupPerm : groupPerms.entrySet()) {
       AclEntry.Builder builder = new AclEntry.Builder();
       builder.setName(groupPerm.getKey());
       builder.setType(AclEntryType.GROUP);
       builder.setScope(AclEntryScope.ACCESS);
       FsAction action = groupPerm.getValue();
       if ((action == FsAction.READ) || (action == FsAction.WRITE)
           || (action == FsAction.READ_WRITE)) {
         action = action.or(FsAction.EXECUTE);
       }
       builder.setPermission(action);
       retList.add(builder.build());
     }
     return retList;
   }

   private void constructAclEntry(String role, FsAction permission,
       Map<String, FsAction> groupPerms) {
     RoleInfo roleInfo = roles.get(role);
     if (roleInfo != null) {
       for (String group : roleInfo.groups) {
         FsAction fsAction = groupPerms.get(group);
         if (fsAction == null) {
           fsAction = FsAction.NONE;
         }
         groupPerms.put(group, fsAction.or(permission));
       }
     }
   }

   public PrivilegeInfo getPrivilegeInfo(String authzObj) {
     return privileges.get(authzObj);
   }

   Collection<PrivilegeInfo> getAllPrivileges() {
     return privileges.values();
   }

   Collection<RoleInfo> getAllRoles() {
     return roles.values();
   }

   public void delPrivilegeInfo(String authzObj) {
     privileges.remove(authzObj);
   }

   public void addPrivilegeInfo(PrivilegeInfo privilegeInfo) {
     privileges.put(privilegeInfo.authzObj, privilegeInfo);
   }

   public RoleInfo getRoleInfo(String role) {
     return roles.get(role);
   }

   public void delRoleInfo(String role) {
     roles.remove(role);
   }

   public void addRoleInfo(RoleInfo roleInfo) {
     roles.put(roleInfo.role, roleInfo);
   }
 }
	/**
	* Licensed to the Apache Software Foundation (ASF) under one
	* or more contributor license agreements. See the NOTICE file
	* distributed with this work for additional information
	* regarding copyright ownership. The ASF licenses this file
	* to you under the Apache License, Version 2.0 (the
	* "License"); you may not use this file except in compliance
	* with the License. You may obtain a copy of the License at
	*
	* http://www.apache.org/licenses/LICENSE-2.0
	*
	* Unless required by applicable law or agreed to in writing, software
	* distributed under the License is distributed on an "AS IS" BASIS,
	* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
	* See the License for the specific language governing permissions and
	* limitations under the License.
	*/
	package org.apache.sentry.hdfs;

	import java.util.Collection;
	import java.util.HashMap;
	import java.util.HashSet;
	import java.util.LinkedList;
	import java.util.List;
	import java.util.Map;
	import java.util.Set;

	import org.apache.hadoop.fs.permission.AclEntry;
	import org.apache.hadoop.fs.permission.AclEntryScope;
	import org.apache.hadoop.fs.permission.AclEntryType;
	import org.apache.hadoop.fs.permission.FsAction;

	import com.google.common.collect.Lists;

	public class SentryPermissions implements AuthzPermissions {

	public static class PrivilegeInfo {
	private final String authzObj;
	private final Map<String, FsAction> roleToPermission = new HashMap<String, FsAction>();
	public PrivilegeInfo(String authzObj) {
	this.authzObj = authzObj;
	}
	public PrivilegeInfo setPermission(String role, FsAction perm) {
	roleToPermission.put(role, perm);
	return this;
	}
	public PrivilegeInfo removePermission(String role) {
	roleToPermission.remove(role);
	return this;
	}
	public FsAction getPermission(String role) {
	return roleToPermission.get(role);
	}
	public Map<String, FsAction> getAllPermissions() {
	return roleToPermission;
	}
	public String getAuthzObj() {
	return authzObj;
	}
	}

	public static class RoleInfo {
	private final String role;
	private final Set<String> groups = new HashSet<String>();
	public RoleInfo(String role) {
	this.role = role;
	}
	public RoleInfo addGroup(String group) {
	groups.add(group);
	return this;
	}
	public RoleInfo delGroup(String group) {
	groups.remove(group);
	return this;
	}
	public String getRole() {
	return role;
	}
	public Set<String> getAllGroups() {
	return groups;
	}
	}

	private final Map<String, PrivilegeInfo> privileges = new HashMap<String, PrivilegeInfo>();
	private final Map<String, RoleInfo> roles = new HashMap<String, RoleInfo>();

	@Override
	public List<AclEntry> getAcls(String authzObj) {
	PrivilegeInfo privilegeInfo = privileges.get(authzObj);
	Map<String, FsAction> groupPerms = new HashMap<String, FsAction>();
	if (privilegeInfo != null) {
	for (Map.Entry<String, FsAction> privs : privilegeInfo
	.getAllPermissions().entrySet()) {
	constructAclEntry(privs.getKey(), privs.getValue(), groupPerms);
	}
	}
	List<AclEntry> retList = new LinkedList<AclEntry>();
	for (Map.Entry<String, FsAction> groupPerm : groupPerms.entrySet()) {
	AclEntry.Builder builder = new AclEntry.Builder();
	builder.setName(groupPerm.getKey());
	builder.setType(AclEntryType.GROUP);
	builder.setScope(AclEntryScope.ACCESS);
	FsAction action = groupPerm.getValue();
	if ((action == FsAction.READ) \|\| (action == FsAction.WRITE)
	\|\| (action == FsAction.READ_WRITE)) {
	action = action.or(FsAction.EXECUTE);
	}
	builder.setPermission(action);
	retList.add(builder.build());
	}
	return retList;
	}

	private void constructAclEntry(String role, FsAction permission,
	Map<String, FsAction> groupPerms) {
	RoleInfo roleInfo = roles.get(role);
	if (roleInfo != null) {
	for (String group : roleInfo.groups) {
	FsAction fsAction = groupPerms.get(group);
	if (fsAction == null) {
	fsAction = FsAction.NONE;
	}
	groupPerms.put(group, fsAction.or(permission));
	}
	}
	}

	public PrivilegeInfo getPrivilegeInfo(String authzObj) {
	return privileges.get(authzObj);
	}

	Collection<PrivilegeInfo> getAllPrivileges() {
	return privileges.values();
	}

	Collection<RoleInfo> getAllRoles() {
	return roles.values();
	}

	public void delPrivilegeInfo(String authzObj) {
	privileges.remove(authzObj);
	}

	public void addPrivilegeInfo(PrivilegeInfo privilegeInfo) {
	privileges.put(privilegeInfo.authzObj, privilegeInfo);
	}

	public RoleInfo getRoleInfo(String role) {
	return roles.get(role);
	}

	public void delRoleInfo(String role) {
	roles.remove(role);
	}

	public void addRoleInfo(RoleInfo roleInfo) {
	roles.put(roleInfo.role, roleInfo);
	}
	}