使用MaxCompute Console的同学,可能都使用过MaxCompute安全相关的命令。官方文档上有详细的MaxCompute安全指南,并给出了安全相关语句汇总。
简而言之,权限管理、列级别访问控制、项目空间安全配置以及跨项目空间的资源分享都属于 MaxCompute 安全命令相关的范畴。
再直白一点,以下列关键字开头的命令,都是MaxCompute安全相关操作命令:
<span style="color:#333333"><span style="color:#f8f8f2"><code class="language-none">GRANT/REVOKE ...
SHOW GRANTS/ACL/PACKAGE/LABEL/ROLE/PRINCIPALS
SHOW PRIV/PRIVILEGES
LIST/ADD/REOVE USERS/ROLES/TRUSTEDPROJECTS
DROP/CREATE ROLE
CLEAR EXPIRED GRANTS
DESC/DESCRIBE ROLE/PACKAGE
CREATE/DELETE/DROP PACKAGE
ADD ... TO PACKAGE
REMOVE ... FROM PACKAGE
ALLOW/DISALLOW PROJECT
INSTALL/UNINSTALL PACKAGE
LIST/ADD/REMOVE ACCOUNTPROVIDERS
SET LABLE ...</code></span></span>
那么,这些能在 MaxCompute Console 上运行的命令,该如何使用 MaxCompute Java SDK 运行呢?它们是与 SQL 一样通过创建 instance 的方式来运行吗?
答案:不可以,这些命令不是 SQL , 不可以通过 SQL Task 来运行。
需要使用接口 SecurityManager.runQuery()
来运行。详细 SDK Java Doc 戳这里
SecurityManager
类在 odps-sdk-core 中,因此在使用时请添加依赖:
<span style="color:#333333"><span style="color:#f8f8f2"><code class="language-none"><dependency>
<groupId>com.aliyun.odps</groupId>
<artifactId>odps-sdk-core</artifactId>
<version>0.29.11-oversea-public</version>
</dependency></code></span></span>
下面通过一个例子来演示如何通过 MaxCompute Java SDK 来设置表 test_label
列的访问级别为 2,也就是运行命令
SET LABEL 2 TO TABLE test_label(key, value);
。
<span style="color:#333333"><span style="color:#f8f8f2"><code class="language-java"><span style="color:#66d9ef"><span style="color:#f92672">import</span></span> com<span style="color:#f8f8f2">.</span>aliyun<span style="color:#f8f8f2">.</span>odps<span style="color:#f8f8f2">.</span>Column<span style="color:#f8f8f2">;</span>
<span style="color:#66d9ef"><span style="color:#f92672">import</span></span> com<span style="color:#f8f8f2">.</span>aliyun<span style="color:#f8f8f2">.</span>odps<span style="color:#f8f8f2">.</span>Odps<span style="color:#f8f8f2">;</span>
<span style="color:#66d9ef"><span style="color:#f92672">import</span></span> com<span style="color:#f8f8f2">.</span>aliyun<span style="color:#f8f8f2">.</span>odps<span style="color:#f8f8f2">.</span>OdpsException<span style="color:#f8f8f2">;</span>
<span style="color:#66d9ef"><span style="color:#f92672">import</span></span> com<span style="color:#f8f8f2">.</span>aliyun<span style="color:#f8f8f2">.</span>odps<span style="color:#f8f8f2">.</span>OdpsType<span style="color:#f8f8f2">;</span>
<span style="color:#66d9ef"><span style="color:#f92672">import</span></span> com<span style="color:#f8f8f2">.</span>aliyun<span style="color:#f8f8f2">.</span>odps<span style="color:#f8f8f2">.</span>TableSchema<span style="color:#f8f8f2">;</span>
<span style="color:#66d9ef"><span style="color:#f92672">import</span></span> com<span style="color:#f8f8f2">.</span>aliyun<span style="color:#f8f8f2">.</span>odps<span style="color:#f8f8f2">.</span>account<span style="color:#f8f8f2">.</span>Account<span style="color:#f8f8f2">;</span>
<span style="color:#66d9ef"><span style="color:#f92672">import</span></span> com<span style="color:#f8f8f2">.</span>aliyun<span style="color:#f8f8f2">.</span>odps<span style="color:#f8f8f2">.</span>account<span style="color:#f8f8f2">.</span>AliyunAccount<span style="color:#f8f8f2">;</span>
<span style="color:#66d9ef"><span style="color:#f92672">import</span></span> com<span style="color:#f8f8f2">.</span>aliyun<span style="color:#f8f8f2">.</span>odps<span style="color:#f8f8f2">.</span>security<span style="color:#f8f8f2">.</span>SecurityManager<span style="color:#f8f8f2">;</span>
<span style="color:#66d9ef"><span style="color:#f92672">public</span></span> <span style="color:#66d9ef"><span style="color:#f92672">class</span></span> <span style="color:#f8f8f2">test</span> <span style="color:#f8f8f2">{</span>
<span style="color:#66d9ef"><span style="color:#f92672">public</span></span> <span style="color:#66d9ef"><span style="color:#f92672">static</span></span> <span style="color:#66d9ef"><span style="color:#f92672">void</span></span> <span style="color:#e6db74"><span style="color:#a6e22e">main</span></span><span style="color:#f8f8f2"><span style="color:#f8f8f2">(</span></span><span style="color:#f8f8f2">String </span><span style="color:#f8f8f2"><span style="color:#f8f8f2">[</span></span><span style="color:#f8f8f2"><span style="color:#f8f8f2">]</span></span><span style="color:#f8f8f2"> args</span><span style="color:#f8f8f2"><span style="color:#f8f8f2">)</span></span> <span style="color:#66d9ef"><span style="color:#f92672">throws</span></span> OdpsException <span style="color:#f8f8f2">{</span>
<span style="color:#66d9ef"><span style="color:#f92672">try</span></span> <span style="color:#f8f8f2">{</span>
<span style="color:slategray"><span style="color:#75715e">// init odps</span></span>
Account account <span style="color:#f8f8f2">=</span> <span style="color:#66d9ef"><span style="color:#f92672">new</span></span> AliyunAccount<span style="color:#f8f8f2">(</span><span style="color:#a6e22e"><span style="color:#e6db74">"<your_accessid>"</span></span><span style="color:#f8f8f2">,</span> <span style="color:#a6e22e"><span style="color:#e6db74">"<your_accesskey>"</span></span><span style="color:#f8f8f2">)</span><span style="color:#f8f8f2">;</span>
Odps odps <span style="color:#f8f8f2">=</span> <span style="color:#66d9ef"><span style="color:#f92672">new</span></span> Odps<span style="color:#f8f8f2">(</span>account<span style="color:#f8f8f2">)</span><span style="color:#f8f8f2">;</span>
odps<span style="color:#f8f8f2">.</span><span style="color:#e6db74">setEndpoint</span><span style="color:#f8f8f2">(</span><span style="color:#a6e22e"><span style="color:#e6db74">"http://service-corp.odps.aliyun-inc.com/api"</span></span><span style="color:#f8f8f2">)</span><span style="color:#f8f8f2">;</span>
odps<span style="color:#f8f8f2">.</span><span style="color:#e6db74">setDefaultProject</span><span style="color:#f8f8f2">(</span><span style="color:#a6e22e"><span style="color:#e6db74">"<your_project>"</span></span><span style="color:#f8f8f2">)</span><span style="color:#f8f8f2">;</span>
<span style="color:slategray"><span style="color:#75715e">// create test table</span></span>
<span style="color:slategray"><span style="color:#75715e">// if u already have a table, skip this</span></span>
TableSchema schema <span style="color:#f8f8f2">=</span> <span style="color:#66d9ef"><span style="color:#f92672">new</span></span> TableSchema<span style="color:#f8f8f2">(</span><span style="color:#f8f8f2">)</span><span style="color:#f8f8f2">;</span>
schema<span style="color:#f8f8f2">.</span><span style="color:#e6db74">addColumn</span><span style="color:#f8f8f2">(</span><span style="color:#66d9ef"><span style="color:#f92672">new</span></span> Column<span style="color:#f8f8f2">(</span><span style="color:#a6e22e"><span style="color:#e6db74">"key"</span></span><span style="color:#f8f8f2">,</span> OdpsType<span style="color:#f8f8f2">.</span>STRING<span style="color:#f8f8f2">)</span><span style="color:#f8f8f2">)</span><span style="color:#f8f8f2">;</span>
schema<span style="color:#f8f8f2">.</span><span style="color:#e6db74">addColumn</span><span style="color:#f8f8f2">(</span><span style="color:#66d9ef"><span style="color:#f92672">new</span></span> Column<span style="color:#f8f8f2">(</span><span style="color:#a6e22e"><span style="color:#e6db74">"value"</span></span><span style="color:#f8f8f2">,</span> OdpsType<span style="color:#f8f8f2">.</span>BIGINT<span style="color:#f8f8f2">)</span><span style="color:#f8f8f2">)</span><span style="color:#f8f8f2">;</span>
odps<span style="color:#f8f8f2">.</span><span style="color:#e6db74">tables</span><span style="color:#f8f8f2">(</span><span style="color:#f8f8f2">)</span><span style="color:#f8f8f2">.</span><span style="color:#e6db74">create</span><span style="color:#f8f8f2">(</span><span style="color:#a6e22e"><span style="color:#e6db74">"test_label"</span></span><span style="color:#f8f8f2">,</span> schema<span style="color:#f8f8f2">)</span><span style="color:#f8f8f2">;</span>
<span style="color:slategray"><span style="color:#75715e">// set label 2 to table columns</span></span>
SecurityManager securityManager <span style="color:#f8f8f2">=</span> odps<span style="color:#f8f8f2">.</span><span style="color:#e6db74">projects</span><span style="color:#f8f8f2">(</span><span style="color:#f8f8f2">)</span><span style="color:#f8f8f2">.</span><span style="color:#e6db74">get</span><span style="color:#f8f8f2">(</span><span style="color:#f8f8f2">)</span><span style="color:#f8f8f2">.</span><span style="color:#e6db74">getSecurityManager</span><span style="color:#f8f8f2">(</span><span style="color:#f8f8f2">)</span><span style="color:#f8f8f2">;</span>
String res <span style="color:#f8f8f2">=</span> securityManager<span style="color:#f8f8f2">.</span><span style="color:#e6db74">runQuery</span><span style="color:#f8f8f2">(</span><span style="color:#a6e22e"><span style="color:#e6db74">"SET LABEL 2 TO TABLE test_label(key, value);"</span></span><span style="color:#f8f8f2">,</span> <span style="color:#ae81ff"><span style="color:#f92672">false</span></span><span style="color:#f8f8f2">)</span><span style="color:#f8f8f2">;</span>
System<span style="color:#f8f8f2">.</span>out<span style="color:#f8f8f2">.</span><span style="color:#e6db74">println</span><span style="color:#f8f8f2">(</span>res<span style="color:#f8f8f2">)</span><span style="color:#f8f8f2">;</span>
<span style="color:#f8f8f2">}</span> <span style="color:#66d9ef"><span style="color:#f92672">catch</span></span> <span style="color:#f8f8f2">(</span>OdpsException e<span style="color:#f8f8f2">)</span> <span style="color:#f8f8f2">{</span>
e<span style="color:#f8f8f2">.</span><span style="color:#e6db74">printStackTrace</span><span style="color:#f8f8f2">(</span><span style="color:#f8f8f2">)</span><span style="color:#f8f8f2">;</span>
<span style="color:#f8f8f2">}</span>
<span style="color:#f8f8f2">}</span>
<span style="color:#f8f8f2">}</span></code></span></span>
运行结果:
程序运行完成后,在 MaxCompute Console 中运行 `desc test_lable;` 命令,可以看到 set label 已经生效了。
其他安全相关的命令,都可以这样子通过 MaxCompute Java SDK 来运行呢,快来试试吧!
原文链接
更多技术干货 请关注阿里云云栖社区微信号 :yunqiinsight