def _secure_results(results, user, action='SELECT'): if OPTIMIZER.APPLY_SENTRY_PERMISSIONS.get(): checker = get_checker(user=user) def getkey(result): key = {'server': get_hive_sentry_provider()} if 'dbName' in result: key['db'] = result['dbName'] elif 'database' in result: key['db'] = result['database'] if 'tableName' in result: key['table'] = result['tableName'] elif 'table' in result: key['table'] = result['table'] if 'columnName' in result: key['column'] = result['columnName'] elif 'column' in result: key['column'] = result['column'] return key return checker.filter_objects(results, action, key=getkey) else: return results
def decorate(*args, **kwargs): if OPTIMIZER.APPLY_SENTRY_PERMISSIONS.get(): checker = get_checker(user=args[0].user) action = 'SELECT' objects = [] if kwargs.get('db_tables'): for db_table in kwargs['db_tables']: objects.append({ 'server': get_hive_sentry_provider(), 'db': _get_table_name(db_table)['database'], 'table': _get_table_name(db_table)['table'] }) else: objects = [{'server': get_hive_sentry_provider()}] if kwargs.get('database_name'): objects[0]['db'] = kwargs['database_name'] if kwargs.get('table_name'): objects[0]['table'] = kwargs['table_name'] if len(list(checker.filter_objects(objects, action))) != len(objects): raise MissingSentryPrivilegeException(objects) return view_func(*args, **kwargs)
def _secure_results(self, results, checker=None): # TODO: to move directly to Catalog API if NAVIGATOR.APPLY_SENTRY_PERMISSIONS.get(): checker = get_checker(self.user, checker) action = 'SELECT' def getkey(result): key = {u'server': get_hive_sentry_provider()} if result['type'] == 'TABLE' or result['type'] == 'VIEW': key['db'] = result.get('parentPath', '') and result.get( 'parentPath', '').strip('/') key['table'] = result.get('originalName', '') elif result['type'] == 'DATABASE': key['db'] = result.get('originalName', '') elif result['type'] == 'FIELD': parents = result.get('parentPath', '').strip('/').split('/') if len(parents) == 2: key['db'], key['table'] = parents key['column'] = result.get('originalName', '') return key return checker.filter_objects(results, action, key=getkey) else: return results
def top_tables(self, workfloadId=None, database_name='default', page_size=1000, startingToken=None): data = self._call( 'getTopTables', { 'tenant': self._product_name, 'dbName': database_name.lower(), 'pageSize': page_size, startingToken: startingToken }) if OPTIMIZER.APPLY_SENTRY_PERMISSIONS.get(): checker = get_checker(user=self.user) action = 'SELECT' def getkey(table): names = _get_table_name(table['name']) return { 'server': get_hive_sentry_provider(), 'db': names['database'], 'table': names['table'] } data['results'] = list( checker.filter_objects(data['results'], action, key=getkey)) return data
def top_aggs(self, db_tables=None, page_size=100, startingToken=None, connector=None): args = { 'tenant': self._tenant_id, 'connector': connector, 'pageSize': page_size, 'startingToken': startingToken } if db_tables: args['dbTableList'] = [db_table.lower() for db_table in db_tables] results = self._call('getTopAggs', args) if OPTIMIZER.APPLY_SENTRY_PERMISSIONS.get(): checker = get_checker(user=self.user) action = 'SELECT' def getkey(table): names = table['aggregateInfo'][0] names['server'] = get_hive_sentry_provider() return names results['results'] = list( checker.filter_objects(results['results'], action, key=getkey)) return results