0

我正在寻找务实地定义角色策略的方法。Sentry 有可用的 API 吗?无论是 REST/JAVA 吗?

任何文档或链接都会有很大帮助吗?

4

2 回答 2

2

Sentry 暴露了apache thrift客户端接口,在这里你可以找到 thrift api 定义sentry_policy_service.thrift。您可以将其用于客户端源代码生成。

此外,Cloudera 发布与 Sentry 服务兼容的编译客户端库,作为 CDH 的一部分分发,即:

<dependency>
    <groupId>org.apache.sentry</groupId>
    <artifactId>sentry-provider-db</artifactId>
    <version>1.5.1-cdh5.5.1</version>
</dependency>

在 Cloudera 的 Maven 存储库中可用:

<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd">
  <repositories>
     <repository>
      <id>cloudera</id>
      <url>https://repository.cloudera.com/artifactory/cloudera-repos/</url>
    </repository>
  </repositories>
</project>
于 2016-09-18T17:31:09.720 回答
0

这是一个示例程序,使用“sentry-provider-db”来获取给定 hive 数据库的权限详细信息,(该程序可能没有为 Role 定义策略,但该程序可能会给您一个想法,使用其他方法来实现那)

public class ConnectSentry {


    public static void main(String[] args) throws IOException, SentryUserException, LoginException {


        String userName=args[0];
        String databaseName=args[1];




        Configuration conf = new Configuration();

        conf.set(ClientConfig.SERVER_RPC_ADDRESS, "servernamexx.domain");
        conf.set(ClientConfig.SERVER_RPC_PORT, "8038"); //default port is 8038, verify this setting in configuration of Sentry 



        System.setProperty("javax.security.auth.login.name", "userName");


        System.setProperty("java.security.auth.login.config", "login.conf");
        System.setProperty("java.security.krb5.conf", "krb5.conf");
        System.setProperty("javax.security.auth.useSubjectCredsOnly", "false");
        System.setProperty("sun.security.krb5.debug", "false");




        conf.set(ServerConfig.PRINCIPAL, "sentry/<sentry-server-principal>");

        SentryPolicyServiceClientDefaultImpl sentryPolicyServiceClientDefaultImpl = new SentryPolicyServiceClientDefaultImpl(
                conf);


      sentryPolicyServiceClientDefaultImpl.listUserRoles(userName).
             forEach(rolesentry -> {//System.out.println(rolesentry.getRoleName());
             try {

                 sentryPolicyServiceClientDefaultImpl.listAllPrivilegesByRoleName(userName, rolesentry.getRoleName()).forEach(
                         allpriv ->{
                             String db = allpriv.getDbName();
                             String permission=allpriv.getAction();
                             if (db.equals(args[1]))
                             {
                                 System.out.println("found database and permission is "+permission); 

                             }
                         }

                         );

            } catch (SentryUserException e) {
                // TODO Auto-generated catch block
                e.printStackTrace();
            }
             });


    }
}

请参阅以下程序以了解可用方法

https://github.com/apache/incubator-sentry/blob/master/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/thrift/SentryPolicyServiceClientDefaultImpl。爪哇

以下方法和类可能对您有用:

公共类 SentryPolicyServiceClientDefaultImpl 实现 SentryPolicyServiceClient

公共同步 void importPolicy(Map>> policyFileMappingData, String requestorUserName, boolean isOverwriteRole)

发表评论,如果您需要示例 krb5.conf、login.conf 和 pom.xml

于 2017-11-30T17:46:37.473 回答