blob: d564e6b2bea73dcb8a24ed42035a4d92d1fc0166 [file] [log] [blame]
// Licensed to the Apache Software Foundation (ASF) under one
// or more contributor license agreements. See the NOTICE file
// distributed with this work for additional information
// regarding copyright ownership. The ASF licenses this file
// to you under the Apache License, Version 2.0 (the
// "License"); you may not use this file except in compliance
// with the License. You may obtain a copy of the License at
//
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing,
// software distributed under the License is distributed on an
// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
// KIND, either express or implied. See the License for the
// specific language governing permissions and limitations
// under the License.
package org.apache.impala.authorization.sentry;
import org.apache.commons.lang.reflect.ConstructorUtils;
import org.apache.impala.authorization.AuthorizationConfig;
import org.apache.sentry.policy.engine.common.CommonPolicyEngine;
import org.apache.sentry.provider.cache.PrivilegeCache;
import org.apache.sentry.provider.cache.SimpleCacheProviderBackend;
import org.apache.sentry.provider.common.ProviderBackend;
import org.apache.sentry.provider.common.ProviderBackendContext;
import org.apache.sentry.provider.common.ResourceAuthorizationProvider;
import org.apache.sentry.provider.file.SimpleFileProviderBackend;
import com.google.common.base.Preconditions;
/**
* Wrapper to facilitate differences in Sentry APIs across Sentry versions.
*/
class SentryAuthProvider {
/*
* Creates a new ResourceAuthorizationProvider based on the given configuration.
*/
static ResourceAuthorizationProvider createProvider(AuthorizationConfig config,
SentryAuthorizationPolicy policy) {
Preconditions.checkArgument(policy instanceof PrivilegeCache);
Preconditions.checkArgument(config instanceof SentryAuthorizationConfig);
SentryAuthorizationConfig sentryAuthzConfig = (SentryAuthorizationConfig) config;
try {
// Note: The second parameter to the ProviderBackend is a "resourceFile" path
// which is not used by Impala. We cannot pass 'null' so instead pass an empty
// string.
ProviderBackend providerBe = new SimpleCacheProviderBackend(
sentryAuthzConfig.getSentryConfig().getConfig(), "");
Preconditions.checkNotNull(policy);
ProviderBackendContext context = new ProviderBackendContext();
context.setBindingHandle(policy);
providerBe.initialize(context);
CommonPolicyEngine engine =
new CommonPolicyEngine(providerBe);
// Try to create an instance of the specified policy provider class.
// Re-throw any exceptions that are encountered.
return (ResourceAuthorizationProvider) ConstructorUtils.invokeConstructor(
Class.forName(sentryAuthzConfig.getPolicyProviderClassName()),
new Object[] {"", engine, ImpalaPrivilegeModel.INSTANCE});
} catch (Exception e) {
// Re-throw as unchecked exception.
throw new IllegalStateException(
"Error creating ResourceAuthorizationProvider: ", e);
}
}
}