def list_sentry_roles_by_group(request):
result = {'status': -1, 'message': 'Error'}
component = request.POST.get('component')
try:
if request.POST.get('groupName'):
groupName = request.POST.get('groupName')
else:
# Admins can see everything, other only the groups they belong too
groupName = None if request.user.groups.filter(
name__in=get_sentry_server_admin_groups()).exists() else '*'
roles = get_api(request.user,
component).list_sentry_roles_by_group(groupName)
result['roles'] = sorted(roles, key=lambda role: role['name'])
result['message'] = ''
result['status'] = 0
except Exception as e:
LOG.exception("could not retrieve roles")
if "couldn't be retrieved." in str(e):
result['roles'] = []
result['status'] = 0
else:
result['message'] = str(e)
return JsonResponse(result)
def hive(request):
return render("hive.mako", request, {
'initial': json.dumps({
'user': request.user.username, 'sentry_provider': get_hive_sentry_provider(),
'is_sentry_admin': request.user.groups.filter(name__in=get_sentry_server_admin_groups()).exists()
}),
'has_impersonation_perm': _has_impersonation_perm(request.user),
})
def _sentry(request, component):
return render("sentry.mako", request, {
'initial': json.dumps({
'component': component,
'user': request.user.username,
'sentry_provider': get_hive_sentry_provider(),
'is_sentry_admin': request.user.groups.filter(name__in=get_sentry_server_admin_groups()).exists()
}),
'has_impersonation_perm': _has_impersonation_perm(request.user) and component == 'hive',
'component': component
})
def list_sentry_roles_by_group(request):
result = {'status': -1, 'message': 'Error'}
try:
if request.POST['groupName']:
groupName = request.POST['groupName']
else:
# Admins can see everything, other only the groups they belong too
groupName = None if request.user.groups.filter(name__in=get_sentry_server_admin_groups()).exists() else '*'
roles = get_api(request.user).list_sentry_roles_by_group(groupName)
result['roles'] = sorted(roles, key=lambda role: role['name'])
result['message'] = ''
result['status'] = 0
except Exception, e:
result['message'] = unicode(str(e), "utf8")
def hive(request):
return render(
"hive.mako", request, {
'initial':
json.dumps({
'user':
request.user.username,
'sentry_provider':
get_hive_sentry_provider(),
'is_sentry_admin':
request.user.groups.filter(
name__in=get_sentry_server_admin_groups()).exists()
}),
'has_impersonation_perm':
_has_impersonation_perm(request.user),
})
def _sentry(request, component):
return render(
"sentry.mako", request, {
'initial':
json.dumps({
'component':
component,
'user':
request.user.username,
'sentry_provider':
get_hive_sentry_provider(),
'is_sentry_admin':
request.user.groups.filter(
name__in=get_sentry_server_admin_groups()).exists()
}),
'has_impersonation_perm':
_has_impersonation_perm(request.user) and component == 'hive',
'component':
component
})
def list_sentry_roles_by_group(request):
result = {"status": -1, "message": "Error"}
try:
if request.POST["groupName"]:
groupName = request.POST["groupName"]
else:
# Admins can see everything, other only the groups they belong too
groupName = None if request.user.groups.filter(name__in=get_sentry_server_admin_groups()).exists() else "*"
roles = get_api(request.user).list_sentry_roles_by_group(groupName)
result["roles"] = sorted(roles, key=lambda role: role["name"])
result["message"] = ""
result["status"] = 0
except Exception, e:
LOG.exception("could not retrieve roles")
if "couldn't be retrieved." in str(e):
result["roles"] = []
result["status"] = 0
else:
result["message"] = unicode(str(e), "utf8")
def test_security_plain():
tmpdir = tempfile.mkdtemp()
finish = SENTRY_CONF_DIR.set_for_testing(tmpdir)
try:
xml = sentry_site_xml(provider='default')
file(os.path.join(tmpdir, 'sentry-site.xml'), 'w').write(xml)
sentry_site.reset()
assert_equal('test/[email protected]', get_sentry_server_principal())
assert_equal(['hive', 'impala', 'hue'], get_sentry_server_admin_groups())
security = SentryClient('test.com', 11111, 'test')._get_security()
assert_equal('test', security['kerberos_principal_short_name'])
assert_equal(False, security['use_sasl'])
assert_equal('NOSASL', security['mechanism'])
finally:
sentry_site.reset()
finish()
shutil.rmtree(tmpdir)
def list_sentry_roles_by_group(request):
result = {'status': -1, 'message': 'Error'}
component = request.POST.get('component')
try:
if request.POST.get('groupName'):
groupName = request.POST.get('groupName')
else:
# Admins can see everything, other only the groups they belong too
groupName = None if request.user.groups.filter(name__in=get_sentry_server_admin_groups()).exists() else '*'
roles = get_api(request.user, component).list_sentry_roles_by_group(groupName)
result['roles'] = sorted(roles, key=lambda role: role['name'])
result['message'] = ''
result['status'] = 0
except Exception, e:
LOG.exception("could not retrieve roles")
if "couldn't be retrieved." in str(e):
result['roles'] = []
result['status'] = 0
else:
result['message'] = unicode(str(e), "utf8")
def test_security_plain():
tmpdir = tempfile.mkdtemp()
finish = SENTRY_CONF_DIR.set_for_testing(tmpdir)
try:
xml = sentry_site_xml(provider='default')
file(os.path.join(tmpdir, 'sentry-site.xml'), 'w').write(xml)
sentry_site.reset()
assert_equal('test/[email protected]', get_sentry_server_principal())
assert_equal(['hive', 'impala', 'hue'],
get_sentry_server_admin_groups())
security = SentryClient('test.com', 11111, 'test')._get_security()
assert_equal('test', security['kerberos_principal_short_name'])
assert_equal(False, security['use_sasl'])
assert_equal('NOSASL', security['mechanism'])
finally:
sentry_site.reset()
finish()
shutil.rmtree(tmpdir)
