def list_sentry_roles_by_group(request): result = {'status': -1, 'message': 'Error'} component = request.POST.get('component') try: if request.POST.get('groupName'): groupName = request.POST.get('groupName') else: # Admins can see everything, other only the groups they belong too groupName = None if request.user.groups.filter( name__in=get_sentry_server_admin_groups()).exists() else '*' roles = get_api(request.user, component).list_sentry_roles_by_group(groupName) result['roles'] = sorted(roles, key=lambda role: role['name']) result['message'] = '' result['status'] = 0 except Exception as e: LOG.exception("could not retrieve roles") if "couldn't be retrieved." in str(e): result['roles'] = [] result['status'] = 0 else: result['message'] = str(e) return JsonResponse(result)
def hive(request): return render("hive.mako", request, { 'initial': json.dumps({ 'user': request.user.username, 'sentry_provider': get_hive_sentry_provider(), 'is_sentry_admin': request.user.groups.filter(name__in=get_sentry_server_admin_groups()).exists() }), 'has_impersonation_perm': _has_impersonation_perm(request.user), })
def _sentry(request, component): return render("sentry.mako", request, { 'initial': json.dumps({ 'component': component, 'user': request.user.username, 'sentry_provider': get_hive_sentry_provider(), 'is_sentry_admin': request.user.groups.filter(name__in=get_sentry_server_admin_groups()).exists() }), 'has_impersonation_perm': _has_impersonation_perm(request.user) and component == 'hive', 'component': component })
def list_sentry_roles_by_group(request): result = {'status': -1, 'message': 'Error'} try: if request.POST['groupName']: groupName = request.POST['groupName'] else: # Admins can see everything, other only the groups they belong too groupName = None if request.user.groups.filter(name__in=get_sentry_server_admin_groups()).exists() else '*' roles = get_api(request.user).list_sentry_roles_by_group(groupName) result['roles'] = sorted(roles, key=lambda role: role['name']) result['message'] = '' result['status'] = 0 except Exception, e: result['message'] = unicode(str(e), "utf8")
def hive(request): return render( "hive.mako", request, { 'initial': json.dumps({ 'user': request.user.username, 'sentry_provider': get_hive_sentry_provider(), 'is_sentry_admin': request.user.groups.filter( name__in=get_sentry_server_admin_groups()).exists() }), 'has_impersonation_perm': _has_impersonation_perm(request.user), })
def _sentry(request, component): return render( "sentry.mako", request, { 'initial': json.dumps({ 'component': component, 'user': request.user.username, 'sentry_provider': get_hive_sentry_provider(), 'is_sentry_admin': request.user.groups.filter( name__in=get_sentry_server_admin_groups()).exists() }), 'has_impersonation_perm': _has_impersonation_perm(request.user) and component == 'hive', 'component': component })
def list_sentry_roles_by_group(request): result = {"status": -1, "message": "Error"} try: if request.POST["groupName"]: groupName = request.POST["groupName"] else: # Admins can see everything, other only the groups they belong too groupName = None if request.user.groups.filter(name__in=get_sentry_server_admin_groups()).exists() else "*" roles = get_api(request.user).list_sentry_roles_by_group(groupName) result["roles"] = sorted(roles, key=lambda role: role["name"]) result["message"] = "" result["status"] = 0 except Exception, e: LOG.exception("could not retrieve roles") if "couldn't be retrieved." in str(e): result["roles"] = [] result["status"] = 0 else: result["message"] = unicode(str(e), "utf8")
def test_security_plain(): tmpdir = tempfile.mkdtemp() finish = SENTRY_CONF_DIR.set_for_testing(tmpdir) try: xml = sentry_site_xml(provider='default') file(os.path.join(tmpdir, 'sentry-site.xml'), 'w').write(xml) sentry_site.reset() assert_equal('test/[email protected]', get_sentry_server_principal()) assert_equal(['hive', 'impala', 'hue'], get_sentry_server_admin_groups()) security = SentryClient('test.com', 11111, 'test')._get_security() assert_equal('test', security['kerberos_principal_short_name']) assert_equal(False, security['use_sasl']) assert_equal('NOSASL', security['mechanism']) finally: sentry_site.reset() finish() shutil.rmtree(tmpdir)
def list_sentry_roles_by_group(request): result = {'status': -1, 'message': 'Error'} component = request.POST.get('component') try: if request.POST.get('groupName'): groupName = request.POST.get('groupName') else: # Admins can see everything, other only the groups they belong too groupName = None if request.user.groups.filter(name__in=get_sentry_server_admin_groups()).exists() else '*' roles = get_api(request.user, component).list_sentry_roles_by_group(groupName) result['roles'] = sorted(roles, key=lambda role: role['name']) result['message'] = '' result['status'] = 0 except Exception, e: LOG.exception("could not retrieve roles") if "couldn't be retrieved." in str(e): result['roles'] = [] result['status'] = 0 else: result['message'] = unicode(str(e), "utf8")