def _secure_results(results, user, action='SELECT'):
if OPTIMIZER.APPLY_SENTRY_PERMISSIONS.get():
checker = get_checker(user=user)
def getkey(result):
key = {'server': get_hive_sentry_provider()}
if 'dbName' in result:
key['db'] = result['dbName']
elif 'database' in result:
key['db'] = result['database']
if 'tableName' in result:
key['table'] = result['tableName']
elif 'table' in result:
key['table'] = result['table']
if 'columnName' in result:
key['column'] = result['columnName']
elif 'column' in result:
key['column'] = result['column']
return key
return checker.filter_objects(results, action, key=getkey)
else:
return results
def decorate(*args, **kwargs):
if OPTIMIZER.APPLY_SENTRY_PERMISSIONS.get():
checker = get_checker(user=args[0].user)
action = 'SELECT'
objects = []
if kwargs.get('db_tables'):
for db_table in kwargs['db_tables']:
objects.append({
'server': get_hive_sentry_provider(),
'db': _get_table_name(db_table)['database'],
'table': _get_table_name(db_table)['table']
})
else:
objects = [{'server': get_hive_sentry_provider()}]
if kwargs.get('database_name'):
objects[0]['db'] = kwargs['database_name']
if kwargs.get('table_name'):
objects[0]['table'] = kwargs['table_name']
if len(list(checker.filter_objects(objects,
action))) != len(objects):
raise MissingSentryPrivilegeException(objects)
return view_func(*args, **kwargs)
def _secure_results(self, results, checker=None):
# TODO: to move directly to Catalog API
if NAVIGATOR.APPLY_SENTRY_PERMISSIONS.get():
checker = get_checker(self.user, checker)
action = 'SELECT'
def getkey(result):
key = {u'server': get_hive_sentry_provider()}
if result['type'] == 'TABLE' or result['type'] == 'VIEW':
key['db'] = result.get('parentPath', '') and result.get(
'parentPath', '').strip('/')
key['table'] = result.get('originalName', '')
elif result['type'] == 'DATABASE':
key['db'] = result.get('originalName', '')
elif result['type'] == 'FIELD':
parents = result.get('parentPath',
'').strip('/').split('/')
if len(parents) == 2:
key['db'], key['table'] = parents
key['column'] = result.get('originalName', '')
return key
return checker.filter_objects(results, action, key=getkey)
else:
return results
def top_tables(self,
workfloadId=None,
database_name='default',
page_size=1000,
startingToken=None):
data = self._call(
'getTopTables', {
'tenant': self._product_name,
'dbName': database_name.lower(),
'pageSize': page_size,
startingToken: startingToken
})
if OPTIMIZER.APPLY_SENTRY_PERMISSIONS.get():
checker = get_checker(user=self.user)
action = 'SELECT'
def getkey(table):
names = _get_table_name(table['name'])
return {
'server': get_hive_sentry_provider(),
'db': names['database'],
'table': names['table']
}
data['results'] = list(
checker.filter_objects(data['results'], action, key=getkey))
return data
def top_aggs(self,
db_tables=None,
page_size=100,
startingToken=None,
connector=None):
args = {
'tenant': self._tenant_id,
'connector': connector,
'pageSize': page_size,
'startingToken': startingToken
}
if db_tables:
args['dbTableList'] = [db_table.lower() for db_table in db_tables]
results = self._call('getTopAggs', args)
if OPTIMIZER.APPLY_SENTRY_PERMISSIONS.get():
checker = get_checker(user=self.user)
action = 'SELECT'
def getkey(table):
names = table['aggregateInfo'][0]
names['server'] = get_hive_sentry_provider()
return names
results['results'] = list(
checker.filter_objects(results['results'], action, key=getkey))
return results
