public Object getFieldValue(_Fields field) { switch (field) { case PROTOCOL_VERSION: return getProtocol_version(); case REQUESTOR_USER_NAME: return getRequestorUserName(); case ROLE_NAME: return getRoleName(); case PRIVILEGE: return getPrivilege(); case PRIVILEGES: return getPrivileges(); } throw new IllegalStateException(); }
case PROTOCOL_VERSION: if (value == null) { unsetProtocol_version(); } else { setProtocol_version((Integer)value); unsetRequestorUserName(); } else { setRequestorUserName((String)value); unsetRoleName(); } else { setRoleName((String)value); unsetPrivilege(); } else { setPrivilege((TSentryPrivilege)value); unsetPrivileges(); } else { setPrivileges((Set<TSentryPrivilege>)value);
private void revokePrivilegesCore(String requestorUserName, String roleName, Set<TSentryPrivilege> privileges) throws SentryUserException { TAlterSentryRoleRevokePrivilegeRequest request = new TAlterSentryRoleRevokePrivilegeRequest(); request.setProtocol_version(ThriftConstants.TSENTRY_SERVICE_VERSION_CURRENT); request.setRequestorUserName(requestorUserName); request.setRoleName(roleName); request.setPrivileges(privileges); try { TAlterSentryRoleRevokePrivilegeResponse response = client.alter_sentry_role_revoke_privilege( request); Status.throwIfNotOk(response.getStatus()); } catch (TException e) { throw new SentryUserException(THRIFT_EXCEPTION_MESSAGE, e); } }
public static String createCmdForRevokePrivilege( TAlterSentryRoleRevokePrivilegeRequest request) { return createCmdForGrantOrRevokePrivileges(request.getRoleName(), request.getPrivileges(), false); }
/** Returns true if field corresponding to fieldID is set (has been assigned a value) and false otherwise */ public boolean isSet(_Fields field) { if (field == null) { throw new IllegalArgumentException(); } switch (field) { case PROTOCOL_VERSION: return isSetProtocol_version(); case REQUESTOR_USER_NAME: return isSetRequestorUserName(); case ROLE_NAME: return isSetRoleName(); case PRIVILEGE: return isSetPrivilege(); case PRIVILEGES: return isSetPrivileges(); } throw new IllegalStateException(); }
TAlterSentryRoleRevokePrivilegeResponse response = new TAlterSentryRoleRevokePrivilegeResponse(); try { validateClientVersion(request.getProtocol_version()); if ( !(request.isSetPrivileges()^request.isSetPrivilege()) ) { throw new SentryUserException("SENTRY API version is not right!"); if (request.isSetPrivilege()) { request.setPrivileges(Sets.newHashSet(request.getPrivilege())); checkGrantOptionPrivileges(request.getRequestorUserName(), request.getPrivileges()); Map<TSentryPrivilege, Update> privilegesUpdateMap = new HashMap<>(); for (SentryPolicyStorePlugin plugin : sentryPlugins) { plugin.onAlterSentryRoleRevokePrivilege(request.getRoleName(), request.getPrivileges(), privilegesUpdateMap); sentryStore.alterSentryRoleRevokePrivileges(request.getRoleName(), request.getPrivileges(), privilegesUpdateMap); } else { sentryStore.alterSentryRoleRevokePrivileges(request.getRoleName(), request.getPrivileges()); } catch (SentryNoSuchObjectException e) { StringBuilder msg = new StringBuilder(); if (request.getPrivileges().size() > 0) { for (TSentryPrivilege privilege : request.getPrivileges()) { msg.append("Privilege: [server="); msg.append(privilege.getServerName());
void verify(Status status) throws Exception { TAlterSentryRoleRevokePrivilegeRequest revokeRequest = new TAlterSentryRoleRevokePrivilegeRequest(); revokeRequest.setProtocol_version(ThriftConstants.TSENTRY_SERVICE_VERSION_CURRENT); revokeRequest.setRequestorUserName(REQUESTOR_USER); revokeRequest.setRoleName(roleName); revokeRequest.setPrivilege(privilege); TAlterSentryRoleRevokePrivilegeResponse response = processor.alter_sentry_role_revoke_privilege(revokeRequest); if (response.getStatus().getValue() == Status.OK.getCode()) { Mockito.verify(sentryStore).alterSentryRoleRevokePrivileges(revokeRequest.getRoleName(), revokeRequest.getPrivileges()); } else { Mockito.verify(sentryStore, Mockito.times(0)) .alterSentryRoleRevokePrivileges(Mockito.anyString(), Mockito.anySet()); } assertEquals("Revoke " + privilege.getAction() + " response is not valid", status.getCode(), response.getStatus().getValue()); Mockito.reset(sentryStore); } }
@Test public void testCreateCmdForGrantOrRevokePrivilege1() { TAlterSentryRoleGrantPrivilegeRequest grantRequest = getGrantPrivilegeRequest(); TAlterSentryRoleRevokePrivilegeRequest revokeRequest = getRevokePrivilegeRequest(); TSentryPrivilege privilege = getPrivilege(AccessConstants.ALL, PrivilegeScope.DATABASE.name(), "dbTest", "tableTest", "serverTest", "hdfs://namenode:port/path/to/dir"); Set<TSentryPrivilege> privileges = Sets.newHashSet(); privileges.add(privilege); grantRequest.setPrivileges(privileges); revokeRequest.setPrivileges(privileges); String createGrantPrivilegeCmdResult = CommandUtil .createCmdForGrantPrivilege(grantRequest); String createGrantPrivilegeCmdExcepted = "GRANT ALL ON DATABASE dbTest TO ROLE testRole"; String createRevokePrivilegeCmdResult = CommandUtil .createCmdForRevokePrivilege(revokeRequest); String createRevokePrivilegeCmdExcepted = "REVOKE ALL ON DATABASE dbTest FROM ROLE testRole"; assertEquals(createGrantPrivilegeCmdExcepted, createGrantPrivilegeCmdResult); assertEquals(createRevokePrivilegeCmdExcepted, createRevokePrivilegeCmdResult); }
/** * Validates privileges in input request by making sure mandatory fields like * server name and action in the privileges are not empty and see all the values in the * request are valid. * * @param request to be validated. * @throws SentryInvalidInputException If all the mandatory fields in the privileges are * not present [OR] invalid fields a provided in request. */ public static void validate(TAlterSentryRoleRevokePrivilegeRequest request) throws SentryInvalidInputException { if (request.isSetPrivileges() && (!request.getPrivileges().isEmpty())) { GrantPrivilegeRequestValidator.checkForMandatoryFieldsInPrivileges(request.getPrivileges()); } } }
public void write(org.apache.thrift.protocol.TProtocol oprot, TAlterSentryRoleRevokePrivilegeRequest struct) throws org.apache.thrift.TException { struct.validate(); if (struct.isSetPrivilege()) { oprot.writeFieldBegin(PRIVILEGE_FIELD_DESC); struct.privilege.write(oprot); if (struct.isSetPrivileges()) { oprot.writeFieldBegin(PRIVILEGES_FIELD_DESC);
if (isSetPrivilege()) { if (!first) sb.append(", "); sb.append("privilege:"); if (isSetPrivileges()) { if (!first) sb.append(", "); sb.append("privileges:");
private TAlterSentryRoleRevokePrivilegeRequest getRevokePrivilegeRequest() { TAlterSentryRoleRevokePrivilegeRequest request = new TAlterSentryRoleRevokePrivilegeRequest(); request.setRoleName("testRole"); return request; }
@Override public void read(org.apache.thrift.protocol.TProtocol prot, alter_sentry_role_revoke_privilege_args struct) throws org.apache.thrift.TException { TTupleProtocol iprot = (TTupleProtocol) prot; BitSet incoming = iprot.readBitSet(1); if (incoming.get(0)) { struct.request = new TAlterSentryRoleRevokePrivilegeRequest(); struct.request.read(iprot); struct.setRequestIsSet(true); } } }
public TAlterSentryRoleRevokePrivilegeRequest deepCopy() { return new TAlterSentryRoleRevokePrivilegeRequest(this); }
private JsonLogEntity createJsonLogEntity( TAlterSentryRoleRevokePrivilegeRequest request, TSentryPrivilege privilege, TAlterSentryRoleRevokePrivilegeResponse response, Configuration conf) { DBAuditMetadataLogEntity hamle = createCommonHAMLE(conf, response.getStatus(), request.getRequestorUserName(), request.getClass().getName()); hamle.setOperationText(CommandUtil.createCmdForRevokePrivilege(request)); hamle.setDatabaseName(privilege.getDbName()); hamle.setTableName(privilege.getTableName()); hamle.setResourcePath(privilege.getURI()); return hamle; }
boolean this_present_requestorUserName = true && this.isSetRequestorUserName(); boolean that_present_requestorUserName = true && that.isSetRequestorUserName(); if (this_present_requestorUserName || that_present_requestorUserName) { if (!(this_present_requestorUserName && that_present_requestorUserName)) boolean this_present_roleName = true && this.isSetRoleName(); boolean that_present_roleName = true && that.isSetRoleName(); if (this_present_roleName || that_present_roleName) { if (!(this_present_roleName && that_present_roleName)) boolean this_present_privilege = true && this.isSetPrivilege(); boolean that_present_privilege = true && that.isSetPrivilege(); if (this_present_privilege || that_present_privilege) { if (!(this_present_privilege && that_present_privilege)) boolean this_present_privileges = true && this.isSetPrivileges(); boolean that_present_privileges = true && that.isSetPrivileges(); if (this_present_privileges || that_present_privileges) { if (!(this_present_privileges && that_present_privileges))
@Test public void testCreateCmdForGrantOrRevokePrivilege4() { TAlterSentryRoleGrantPrivilegeRequest grantRequest = getGrantPrivilegeRequest(); TAlterSentryRoleRevokePrivilegeRequest revokeRequest = getRevokePrivilegeRequest(); TSentryPrivilege privilege = getPrivilege(null, PrivilegeScope.DATABASE.name(), "dbTest", "tableTest", "serverTest", "hdfs://namenode:port/path/to/dir"); Set<TSentryPrivilege> privileges = Sets.newHashSet(); privileges.add(privilege); grantRequest.setPrivileges(privileges); revokeRequest.setPrivileges(privileges); String createGrantPrivilegeCmdResult = CommandUtil .createCmdForGrantPrivilege(grantRequest); String createGrantPrivilegeCmdExcepted = "GRANT null ON DATABASE dbTest TO ROLE testRole"; String createRevokePrivilegeCmdResult = CommandUtil .createCmdForRevokePrivilege(revokeRequest); String createRevokePrivilegeCmdExcepted = "REVOKE null ON DATABASE dbTest FROM ROLE testRole"; assertEquals(createGrantPrivilegeCmdExcepted, createGrantPrivilegeCmdResult); assertEquals(createRevokePrivilegeCmdExcepted, createRevokePrivilegeCmdResult); }
public Set<JsonLogEntity> createJsonLogEntities( TAlterSentryRoleRevokePrivilegeRequest request, TAlterSentryRoleRevokePrivilegeResponse response, Configuration conf) { ImmutableSet.Builder<JsonLogEntity> setBuilder = ImmutableSet.builder(); if (request.isSetPrivileges()) { for (TSentryPrivilege privilege : request.getPrivileges()) { JsonLogEntity logEntity = createJsonLogEntity(request, privilege, response, conf); setBuilder.add(logEntity); } } return setBuilder.build(); }
@Override public void write(org.apache.thrift.protocol.TProtocol prot, TAlterSentryRoleRevokePrivilegeRequest struct) throws org.apache.thrift.TException { TTupleProtocol oprot = (TTupleProtocol) prot; oprot.writeI32(struct.protocol_version); oprot.writeString(struct.requestorUserName); oprot.writeString(struct.roleName); BitSet optionals = new BitSet(); if (struct.isSetPrivilege()) { optionals.set(0); } if (struct.isSetPrivileges()) { optionals.set(1); } oprot.writeBitSet(optionals, 2); if (struct.isSetPrivilege()) { struct.privilege.write(oprot); } if (struct.isSetPrivileges()) { { oprot.writeI32(struct.privileges.size()); for (TSentryPrivilege _iter52 : struct.privileges) { _iter52.write(oprot); } } } }
public void read(org.apache.thrift.protocol.TProtocol iprot, alter_sentry_role_revoke_privilege_args struct) throws org.apache.thrift.TException { org.apache.thrift.protocol.TField schemeField; iprot.readStructBegin(); while (true) { schemeField = iprot.readFieldBegin(); if (schemeField.type == org.apache.thrift.protocol.TType.STOP) { break; } switch (schemeField.id) { case 1: // REQUEST if (schemeField.type == org.apache.thrift.protocol.TType.STRUCT) { struct.request = new TAlterSentryRoleRevokePrivilegeRequest(); struct.request.read(iprot); struct.setRequestIsSet(true); } else { org.apache.thrift.protocol.TProtocolUtil.skip(iprot, schemeField.type); } break; default: org.apache.thrift.protocol.TProtocolUtil.skip(iprot, schemeField.type); } iprot.readFieldEnd(); } iprot.readStructEnd(); struct.validate(); }