Command-line interface to Apache Sentry
Command-line interface to Apache Sentry. See https://github.com/akolb1/sentrytool/blob/master/doc/sentrytool.md for full documentation
Configuration:
The tool can be configured using either command-line flags, environment variables or a config file. Config file may be in JSON, TOML, YAML, HCL, and Java properties config files format. B default the file ~/.sentrytool.yaml is used.
The following environment variables are used:
- SENTRY_HOST: Sentry server host name or IP address ('host' in the config file)
- SENTRY_PORT: Listening port for the Sentry server ('port' in the config file)
- SENTRY_USER: User name on which behalf the request is made ('user' in the config file)
- SENTRY_COMPONENT: Component name (e.g. 'kafka'). ('component' in the config file)
- SENRY_VERBOSE: Use verbose mode if set ('verbose' in config file)
Host may be specified in one of the following ways:
- 1.2.3.4
- host.domain.com
- host:port
- host1,host2:port2, host4:port3
When multiple hosts are specified, the wirst responding host is used. The value of port from the host string overrides all other values for a port.
When a component is specified the tool uses Generic client model, otherwise it uses the legacy model.
sentrytool
# Display everything
$ sentrytool
[roles]
admin
customer
[groups]
g1 = admin
g2 = admin
g3 = admin
user_group = customer
[privileges]
# List roles
$ sentrytool role list
admin
customer
# List roles with groups
$ sentrytool role list -v
admin: (g1,g2,g3)
customer: (user_group)
# Listing groups
sentrytool group list
# Grant and revoke groups to roles
sentrytool group grant -r admin_role admin_group finance_group
sentrytool group revoke admin_role finance_group
# Grant and list privileges
sentrytool privilege grant -r r1 -s server1 -d db2 -t table1 -c columnt1 \
-a insert
sentrytool privilege list r1 r1 = db=db1->action=all, \
server=server1->db=db2->table=table1->column=column1->action=insert
-C, --component string sentry client component
--config string config file (default is $HOME/.sentrytool.yaml)
-H, --host string hostname for Sentry server (default "localhost")
-J, --jstack show Java stack on for errors
-P, --port string port for Sentry server (default "8038")
-U, --username string user name (default "akolb")
-v, --verbose verbose mode
- sentrytool doc - write documentation
- sentrytool group - list, add or remove groups
- sentrytool privilege - privilege operations
- sentrytool role - Sentry roles manipulation