fe/src/main/java/org/apache/impala/authorization/PrivilegeRequestBuilder.java - impala - Git at Google

 // Licensed to the Apache Software Foundation (ASF) under one
 // or more contributor license agreements.  See the NOTICE file
 // distributed with this work for additional information
 // regarding copyright ownership.  The ASF licenses this file
 // to you under the Apache License, Version 2.0 (the
 // "License"); you may not use this file except in compliance
 // with the License.  You may obtain a copy of the License at
 //
 //   http://www.apache.org/licenses/LICENSE-2.0
 //
 // Unless required by applicable law or agreed to in writing,
 // software distributed under the License is distributed on an
 // "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
 // KIND, either express or implied.  See the License for the
 // specific language governing permissions and limitations
 // under the License.

 package org.apache.impala.authorization;

 import com.google.common.base.Preconditions;
 import org.apache.impala.catalog.FeDb;
 import org.apache.impala.catalog.FeTable;

 /**
  * Class that helps build PrivilegeRequest objects.
  *
  * For example:
  * PrivilegeRequestBuilder builder = new PrivilegeRequestBuilder(
  *     new AuthorizableFactory(AuthorizationProvider.SENTRY));
  * PrivilegeRequest = builder.allOf(Privilege.SELECT).onTable("db", "tbl").build();
  */
 public class PrivilegeRequestBuilder {
   private final AuthorizableFactory authzFactory_;
   private Authorizable authorizable_;
   private Privilege privilege_;
   private boolean grantOption_ = false;

   public PrivilegeRequestBuilder(AuthorizableFactory authzFactory) {
     Preconditions.checkNotNull(authzFactory);
     authzFactory_ = authzFactory;
   }

   /**
    * Sets the authorizable object to be a function.
    */
   public PrivilegeRequestBuilder onFunction(String dbName, String fnName) {
     Preconditions.checkState(authorizable_ == null);
     authorizable_ = authzFactory_.newFunction(dbName, fnName);
     return this;
   }

   /**
    * Sets the authorizable object to be a URI.
    */
   public PrivilegeRequestBuilder onUri(String uriName) {
     Preconditions.checkState(authorizable_ == null);
     authorizable_ = authzFactory_.newUri(uriName);
     return this;
   }

   /**
    * Sets the authorizable object to be a table.
    */
   public PrivilegeRequestBuilder onTable(FeTable table) {
     Preconditions.checkNotNull(table);
     String dbName = Preconditions.checkNotNull(table.getTableName().getDb());
     String tblName = Preconditions.checkNotNull(table.getTableName().getTbl());
     return onTable(dbName, tblName, table.getOwnerUser());
   }

   /**
    * Sets the authorizable object to be a table.
    */
   public PrivilegeRequestBuilder onTable(
       String dbName, String tableName, String ownerUser) {
     Preconditions.checkState(authorizable_ == null);
     authorizable_ = authzFactory_.newTable(dbName, tableName, ownerUser);
     return this;
   }

   public PrivilegeRequestBuilder onTableUnknownOwner(String dbName, String tableName) {
     // Useful when owner cannot be determined because the table does not exist.
     // This call path is specifically meant for cases that try to mask the
     // TableNotFound AnalysisExceptions and instead propagate that as an
     // AuthorizationException.
     return onTable(dbName, tableName, null);
   }

   /**
    * Sets the authorizable object to be a server.
    */
   public PrivilegeRequestBuilder onServer(String serverName) {
     Preconditions.checkState(authorizable_ == null);
     authorizable_ = authzFactory_.newServer(serverName);
     return this;
   }

   /**
    * Sets the authorizable object to be a database.
    */
   public PrivilegeRequestBuilder onDb(FeDb db) {
     Preconditions.checkState(authorizable_ == null);
     Preconditions.checkNotNull(db);
     return onDb(db.getName(), db.getMetaStoreDb().getOwnerName());
   }

   /**
    * Sets the authorizable object to be a database.
    */
   public PrivilegeRequestBuilder onDb(String dbName, String ownerUser) {
     Preconditions.checkState(authorizable_ == null);
     authorizable_ = authzFactory_.newDatabase(dbName, ownerUser);
     return this;
   }

   /**
    * Sets the authorizable object to be a column.
    */
   public PrivilegeRequestBuilder onColumn(String dbName, String tableName,
       String columnName, String tblOwnerUser) {
     Preconditions.checkState(authorizable_ == null);
     authorizable_ =
         authzFactory_.newColumnInTable(dbName, tableName, columnName, tblOwnerUser);
     return this;
   }

   /**
    * Specifies that permissions on any column in the given table.
    */
   public PrivilegeRequestBuilder onAnyColumn(
       String dbName, String tableName, String tblOwnerUser) {
     Preconditions.checkState(authorizable_ == null);
     authorizable_ = authzFactory_.newColumnInTable(dbName, tableName, tblOwnerUser);
     return this;
   }

   /**
    * Specifies that permissions on any column in any table.
    */
   public PrivilegeRequestBuilder onAnyColumn(String dbName, String dbOwnerUser) {
     Preconditions.checkState(authorizable_ == null);
     authorizable_ = authzFactory_.newColumnAllTbls(dbName, dbOwnerUser);
     return this;
   }

   /**
    * Specifies the privilege the user needs to have.
    */
   public PrivilegeRequestBuilder allOf(Privilege privilege) {
     privilege_ = privilege;
     return this;
   }

   /**
    * Specifies the user needs "ALL" privileges
    */
   public PrivilegeRequestBuilder all() {
     privilege_ = Privilege.ALL;
     return this;
   }

   /**
    * Specifies that any privileges are sufficient.
    */
   public PrivilegeRequestBuilder any() {
     privilege_ = Privilege.ANY;
     return this;
   }

   /**
    * Specifies that grant option is required.
    */
   public PrivilegeRequestBuilder grantOption() {
     grantOption_ = true;
     return this;
   }

   /**
    * Builds a PrivilegeRequest object based on the current Authorizable object
    * and privilege settings.
    */
   public PrivilegeRequest build() {
     Preconditions.checkNotNull(authorizable_);
     Preconditions.checkNotNull(privilege_);
     return new PrivilegeRequest(authorizable_, privilege_, grantOption_);
   }
 }
	// Licensed to the Apache Software Foundation (ASF) under one
	// or more contributor license agreements. See the NOTICE file
	// distributed with this work for additional information
	// regarding copyright ownership. The ASF licenses this file
	// to you under the Apache License, Version 2.0 (the
	// "License"); you may not use this file except in compliance
	// with the License. You may obtain a copy of the License at
	//
	// http://www.apache.org/licenses/LICENSE-2.0
	//
	// Unless required by applicable law or agreed to in writing,
	// software distributed under the License is distributed on an
	// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
	// KIND, either express or implied. See the License for the
	// specific language governing permissions and limitations
	// under the License.

	package org.apache.impala.authorization;

	import com.google.common.base.Preconditions;
	import org.apache.impala.catalog.FeDb;
	import org.apache.impala.catalog.FeTable;

	/**
	* Class that helps build PrivilegeRequest objects.
	*
	* For example:
	* PrivilegeRequestBuilder builder = new PrivilegeRequestBuilder(
	* new AuthorizableFactory(AuthorizationProvider.SENTRY));
	* PrivilegeRequest = builder.allOf(Privilege.SELECT).onTable("db", "tbl").build();
	*/
	public class PrivilegeRequestBuilder {
	private final AuthorizableFactory authzFactory_;
	private Authorizable authorizable_;
	private Privilege privilege_;
	private boolean grantOption_ = false;

	public PrivilegeRequestBuilder(AuthorizableFactory authzFactory) {
	Preconditions.checkNotNull(authzFactory);
	authzFactory_ = authzFactory;
	}

	/**
	* Sets the authorizable object to be a function.
	*/
	public PrivilegeRequestBuilder onFunction(String dbName, String fnName) {
	Preconditions.checkState(authorizable_ == null);
	authorizable_ = authzFactory_.newFunction(dbName, fnName);
	return this;
	}

	/**
	* Sets the authorizable object to be a URI.
	*/
	public PrivilegeRequestBuilder onUri(String uriName) {
	Preconditions.checkState(authorizable_ == null);
	authorizable_ = authzFactory_.newUri(uriName);
	return this;
	}

	/**
	* Sets the authorizable object to be a table.
	*/
	public PrivilegeRequestBuilder onTable(FeTable table) {
	Preconditions.checkNotNull(table);
	String dbName = Preconditions.checkNotNull(table.getTableName().getDb());
	String tblName = Preconditions.checkNotNull(table.getTableName().getTbl());
	return onTable(dbName, tblName, table.getOwnerUser());
	}

	/**
	* Sets the authorizable object to be a table.
	*/
	public PrivilegeRequestBuilder onTable(
	String dbName, String tableName, String ownerUser) {
	Preconditions.checkState(authorizable_ == null);
	authorizable_ = authzFactory_.newTable(dbName, tableName, ownerUser);
	return this;
	}

	public PrivilegeRequestBuilder onTableUnknownOwner(String dbName, String tableName) {
	// Useful when owner cannot be determined because the table does not exist.
	// This call path is specifically meant for cases that try to mask the
	// TableNotFound AnalysisExceptions and instead propagate that as an
	// AuthorizationException.
	return onTable(dbName, tableName, null);
	}

	/**
	* Sets the authorizable object to be a server.
	*/
	public PrivilegeRequestBuilder onServer(String serverName) {
	Preconditions.checkState(authorizable_ == null);
	authorizable_ = authzFactory_.newServer(serverName);
	return this;
	}

	/**
	* Sets the authorizable object to be a database.
	*/
	public PrivilegeRequestBuilder onDb(FeDb db) {
	Preconditions.checkState(authorizable_ == null);
	Preconditions.checkNotNull(db);
	return onDb(db.getName(), db.getMetaStoreDb().getOwnerName());
	}

	/**
	* Sets the authorizable object to be a database.
	*/
	public PrivilegeRequestBuilder onDb(String dbName, String ownerUser) {
	Preconditions.checkState(authorizable_ == null);
	authorizable_ = authzFactory_.newDatabase(dbName, ownerUser);
	return this;
	}

	/**
	* Sets the authorizable object to be a column.
	*/
	public PrivilegeRequestBuilder onColumn(String dbName, String tableName,
	String columnName, String tblOwnerUser) {
	Preconditions.checkState(authorizable_ == null);
	authorizable_ =
	authzFactory_.newColumnInTable(dbName, tableName, columnName, tblOwnerUser);
	return this;
	}

	/**
	* Specifies that permissions on any column in the given table.
	*/
	public PrivilegeRequestBuilder onAnyColumn(
	String dbName, String tableName, String tblOwnerUser) {
	Preconditions.checkState(authorizable_ == null);
	authorizable_ = authzFactory_.newColumnInTable(dbName, tableName, tblOwnerUser);
	return this;
	}

	/**
	* Specifies that permissions on any column in any table.
	*/
	public PrivilegeRequestBuilder onAnyColumn(String dbName, String dbOwnerUser) {
	Preconditions.checkState(authorizable_ == null);
	authorizable_ = authzFactory_.newColumnAllTbls(dbName, dbOwnerUser);
	return this;
	}

	/**
	* Specifies the privilege the user needs to have.
	*/
	public PrivilegeRequestBuilder allOf(Privilege privilege) {
	privilege_ = privilege;
	return this;
	}

	/**
	* Specifies the user needs "ALL" privileges
	*/
	public PrivilegeRequestBuilder all() {
	privilege_ = Privilege.ALL;
	return this;
	}

	/**
	* Specifies that any privileges are sufficient.
	*/
	public PrivilegeRequestBuilder any() {
	privilege_ = Privilege.ANY;
	return this;
	}

	/**
	* Specifies that grant option is required.
	*/
	public PrivilegeRequestBuilder grantOption() {
	grantOption_ = true;
	return this;
	}

	/**
	* Builds a PrivilegeRequest object based on the current Authorizable object
	* and privilege settings.
	*/
	public PrivilegeRequest build() {
	Preconditions.checkNotNull(authorizable_);
	Preconditions.checkNotNull(privilege_);
	return new PrivilegeRequest(authorizable_, privilege_, grantOption_);
	}
	}