public Object getFieldValue(_Fields field) { switch (field) { case PROTOCOL_VERSION: return getProtocol_version(); case REQUESTOR_USER_NAME: return getRequestorUserName(); case ROLE_NAME: return getRoleName(); case PRIVILEGE: return getPrivilege(); case PRIVILEGES: return getPrivileges(); } throw new IllegalStateException(); }
case PROTOCOL_VERSION: if (value == null) { unsetProtocol_version(); } else { setProtocol_version((Integer)value); unsetRequestorUserName(); } else { setRequestorUserName((String)value); unsetRoleName(); } else { setRoleName((String)value); unsetPrivilege(); } else { setPrivilege((TSentryPrivilege)value); unsetPrivileges(); } else { setPrivileges((Set<TSentryPrivilege>)value);
private Set<TSentryPrivilege> grantPrivilegesCore(String requestorUserName, String roleName, Set<TSentryPrivilege> privileges) throws SentryUserException { TAlterSentryRoleGrantPrivilegeRequest request = new TAlterSentryRoleGrantPrivilegeRequest(); request.setProtocol_version(ThriftConstants.TSENTRY_SERVICE_VERSION_CURRENT); request.setRequestorUserName(requestorUserName); request.setRoleName(roleName); request.setPrivileges(privileges); try { TAlterSentryRoleGrantPrivilegeResponse response = client.alter_sentry_role_grant_privilege(request); Status.throwIfNotOk(response.getStatus()); return response.getPrivileges(); } catch (TException e) { throw new SentryUserException(THRIFT_EXCEPTION_MESSAGE, e); } }
public static String createCmdForGrantPrivilege( TAlterSentryRoleGrantPrivilegeRequest request) { return createCmdForGrantOrRevokePrivileges(request.getRoleName(), request.getPrivileges(), true); }
/** Returns true if field corresponding to fieldID is set (has been assigned a value) and false otherwise */ public boolean isSet(_Fields field) { if (field == null) { throw new IllegalArgumentException(); } switch (field) { case PROTOCOL_VERSION: return isSetProtocol_version(); case REQUESTOR_USER_NAME: return isSetRequestorUserName(); case ROLE_NAME: return isSetRoleName(); case PRIVILEGE: return isSetPrivilege(); case PRIVILEGES: return isSetPrivileges(); } throw new IllegalStateException(); }
TAlterSentryRoleGrantPrivilegeResponse response = new TAlterSentryRoleGrantPrivilegeResponse(); try { validateClientVersion(request.getProtocol_version()); if ( !(request.isSetPrivileges()^request.isSetPrivilege()) ) { throw new SentryUserException("SENTRY API version is not right!"); if (request.isSetPrivilege()) { request.setPrivileges(Sets.newHashSet(request.getPrivilege())); SentryServiceUtil.checkDbExplicitGrantsPermitted(conf, request.getPrivileges()); checkGrantOptionPrivileges(request.getRequestorUserName(), request.getPrivileges()); Map<TSentryPrivilege, Update> privilegesUpdateMap = new HashMap<>(); for (SentryPolicyStorePlugin plugin : sentryPlugins) { plugin.onAlterSentryRoleGrantPrivilege(request.getRoleName(), request.getPrivileges(), privilegesUpdateMap); sentryStore.alterSentryRoleGrantPrivileges(request.getRoleName(), request.getPrivileges(), privilegesUpdateMap); } else { sentryStore.alterSentryRoleGrantPrivileges(request.getRoleName(), request.getPrivileges()); response.setPrivileges(request.getPrivileges()); response); } catch (SentryNoSuchObjectException e) { String msg = "Role: " + request.getRoleName() + " doesn't exist";
void verify(Status status) throws Exception { TAlterSentryRoleGrantPrivilegeRequest grantRequest = new TAlterSentryRoleGrantPrivilegeRequest(); grantRequest.setProtocol_version(ThriftConstants.TSENTRY_SERVICE_VERSION_CURRENT); grantRequest.setRequestorUserName(REQUESTOR_USER); grantRequest.setRoleName(roleName); grantRequest.setPrivilege(privilege); TAlterSentryRoleGrantPrivilegeResponse response = processor.alter_sentry_role_grant_privilege(grantRequest); if (response.getStatus().getValue() == Status.OK.getCode()) { Mockito.verify(sentryStore).alterSentryRoleGrantPrivileges(grantRequest.getRoleName(), grantRequest.getPrivileges()); } else { Mockito.verify(sentryStore, Mockito.times(0)) .alterSentryRoleGrantPrivileges(Mockito.anyString(), Mockito.anySet()); } assertEquals("Grant " + privilege.getAction() + " response is not valid", status.getCode(), response.getStatus().getValue()); Mockito.reset(sentryStore); } }
@Test public void testCreateCmdForGrantOrRevokePrivilege7() { TAlterSentryRoleGrantPrivilegeRequest grantRequest = getGrantPrivilegeRequest(); TAlterSentryRoleRevokePrivilegeRequest revokeRequest = getRevokePrivilegeRequest(); TSentryPrivilege privilege = getPrivilege(AccessConstants.SELECT, PrivilegeScope.URI.name(), "dbTest", "tableTest", "serverTest", "hdfs://namenode:port/path/to/dir"); Set<TSentryPrivilege> privileges = Sets.newHashSet(); privileges.add(privilege); grantRequest.setPrivileges(privileges); revokeRequest.setPrivileges(privileges); String createGrantPrivilegeCmdResult = CommandUtil .createCmdForGrantPrivilege(grantRequest); String createGrantPrivilegeCmdExcepted = "GRANT SELECT ON URI hdfs://namenode:port/path/to/dir TO ROLE testRole"; String createRevokePrivilegeCmdResult = CommandUtil .createCmdForRevokePrivilege(revokeRequest); String createRevokePrivilegeCmdExcepted = "REVOKE SELECT ON URI hdfs://namenode:port/path/to/dir FROM ROLE testRole"; assertEquals(createGrantPrivilegeCmdExcepted, createGrantPrivilegeCmdResult); assertEquals(createRevokePrivilegeCmdExcepted, createRevokePrivilegeCmdResult); }
public Set<JsonLogEntity> createJsonLogEntities( TAlterSentryRoleGrantPrivilegeRequest request, TAlterSentryRoleGrantPrivilegeResponse response, Configuration conf) { ImmutableSet.Builder<JsonLogEntity> setBuilder = ImmutableSet.builder(); if (request.isSetPrivileges()) { for (TSentryPrivilege privilege : request.getPrivileges()) { JsonLogEntity logEntity = createJsonLogEntity(request, privilege, response, conf); setBuilder.add(logEntity); } } return setBuilder.build(); }
public void write(org.apache.thrift.protocol.TProtocol oprot, TAlterSentryRoleGrantPrivilegeRequest struct) throws org.apache.thrift.TException { struct.validate(); if (struct.isSetPrivilege()) { oprot.writeFieldBegin(PRIVILEGE_FIELD_DESC); struct.privilege.write(oprot); if (struct.isSetPrivileges()) { oprot.writeFieldBegin(PRIVILEGES_FIELD_DESC);
if (isSetPrivilege()) { if (!first) sb.append(", "); sb.append("privilege:"); if (isSetPrivileges()) { if (!first) sb.append(", "); sb.append("privileges:");
new TAlterSentryRoleGrantPrivilegeRequest(ThriftConstants.TSENTRY_SERVICE_VERSION_CURRENT, "admin", "role1"); request.setPrivileges(Sets.newHashSet(newSentryPrivilege("SERVER", "", "", "ALTER"))); response = policyStoreProcessor.alter_sentry_role_grant_privilege(request); Assert.assertEquals("Grant ALTER should not be permitted.", request.setPrivileges(Sets.newHashSet(newSentryPrivilege("SERVER", "", "", "SELECT"))); response = policyStoreProcessor.alter_sentry_role_grant_privilege(request); Assert.assertEquals("Grant SELECT should be permitted.", request.setPrivileges(Sets.newHashSet( newSentryPrivilege("SERVER", "", "", "ALTER"), newSentryPrivilege("SERVER", "", "", "SELECT")
private TAlterSentryRoleGrantPrivilegeRequest getGrantPrivilegeRequest() { TAlterSentryRoleGrantPrivilegeRequest request = new TAlterSentryRoleGrantPrivilegeRequest(); request.setRoleName("testRole"); return request; }
@Override public void read(org.apache.thrift.protocol.TProtocol prot, alter_sentry_role_grant_privilege_args struct) throws org.apache.thrift.TException { TTupleProtocol iprot = (TTupleProtocol) prot; BitSet incoming = iprot.readBitSet(1); if (incoming.get(0)) { struct.request = new TAlterSentryRoleGrantPrivilegeRequest(); struct.request.read(iprot); struct.setRequestIsSet(true); } } }
public TAlterSentryRoleGrantPrivilegeRequest deepCopy() { return new TAlterSentryRoleGrantPrivilegeRequest(this); }
private JsonLogEntity createJsonLogEntity( TAlterSentryRoleGrantPrivilegeRequest request, TSentryPrivilege privilege, TAlterSentryRoleGrantPrivilegeResponse response, Configuration conf) { DBAuditMetadataLogEntity hamle = createCommonHAMLE(conf, response.getStatus(), request.getRequestorUserName(), request.getClass().getName()); hamle.setOperationText(CommandUtil.createCmdForGrantPrivilege(request)); hamle.setDatabaseName(privilege.getDbName()); hamle.setTableName(privilege.getTableName()); hamle.setResourcePath(privilege.getURI()); return hamle; }
boolean this_present_requestorUserName = true && this.isSetRequestorUserName(); boolean that_present_requestorUserName = true && that.isSetRequestorUserName(); if (this_present_requestorUserName || that_present_requestorUserName) { if (!(this_present_requestorUserName && that_present_requestorUserName)) boolean this_present_roleName = true && this.isSetRoleName(); boolean that_present_roleName = true && that.isSetRoleName(); if (this_present_roleName || that_present_roleName) { if (!(this_present_roleName && that_present_roleName)) boolean this_present_privilege = true && this.isSetPrivilege(); boolean that_present_privilege = true && that.isSetPrivilege(); if (this_present_privilege || that_present_privilege) { if (!(this_present_privilege && that_present_privilege)) boolean this_present_privileges = true && this.isSetPrivileges(); boolean that_present_privileges = true && that.isSetPrivileges(); if (this_present_privileges || that_present_privileges) { if (!(this_present_privileges && that_present_privileges))
@Test public void testCreateCmdForGrantOrRevokePrivilege4() { TAlterSentryRoleGrantPrivilegeRequest grantRequest = getGrantPrivilegeRequest(); TAlterSentryRoleRevokePrivilegeRequest revokeRequest = getRevokePrivilegeRequest(); TSentryPrivilege privilege = getPrivilege(null, PrivilegeScope.DATABASE.name(), "dbTest", "tableTest", "serverTest", "hdfs://namenode:port/path/to/dir"); Set<TSentryPrivilege> privileges = Sets.newHashSet(); privileges.add(privilege); grantRequest.setPrivileges(privileges); revokeRequest.setPrivileges(privileges); String createGrantPrivilegeCmdResult = CommandUtil .createCmdForGrantPrivilege(grantRequest); String createGrantPrivilegeCmdExcepted = "GRANT null ON DATABASE dbTest TO ROLE testRole"; String createRevokePrivilegeCmdResult = CommandUtil .createCmdForRevokePrivilege(revokeRequest); String createRevokePrivilegeCmdExcepted = "REVOKE null ON DATABASE dbTest FROM ROLE testRole"; assertEquals(createGrantPrivilegeCmdExcepted, createGrantPrivilegeCmdResult); assertEquals(createRevokePrivilegeCmdExcepted, createRevokePrivilegeCmdResult); }
/** * Validates privileges in input request by making sure mandatory fields like * server name and action in the privileges are not empty and see all the values in the * request are valid. * * @param request to be validated. * @throws SentryInvalidInputException If all the mandatory fields in the privileges are * not present [OR] invalid fields a provided in request. */ public static void validate(TAlterSentryRoleGrantPrivilegeRequest request) throws SentryInvalidInputException { if (request.isSetPrivileges() && (!request.getPrivileges().isEmpty())) { checkForMandatoryFieldsInPrivileges(request.getPrivileges()); validateGrantOptionInprivileges(request.getPrivileges()); } }
@Override public void write(org.apache.thrift.protocol.TProtocol prot, TAlterSentryRoleGrantPrivilegeRequest struct) throws org.apache.thrift.TException { TTupleProtocol oprot = (TTupleProtocol) prot; oprot.writeI32(struct.protocol_version); oprot.writeString(struct.requestorUserName); oprot.writeString(struct.roleName); BitSet optionals = new BitSet(); if (struct.isSetPrivilege()) { optionals.set(0); } if (struct.isSetPrivileges()) { optionals.set(1); } oprot.writeBitSet(optionals, 2); if (struct.isSetPrivilege()) { struct.privilege.write(oprot); } if (struct.isSetPrivileges()) { { oprot.writeI32(struct.privileges.size()); for (TSentryPrivilege _iter36 : struct.privileges) { _iter36.write(oprot); } } } }