@Override public void renamePrivileges(String requestorUserName, List<? extends Authorizable> oldAuthorizables, List<? extends Authorizable> newAuthorizables) throws SentryUserException { TSentryAuthorizable tOldSentryAuthorizable = setupSentryAuthorizable(oldAuthorizables); TSentryAuthorizable tNewSentryAuthorizable = setupSentryAuthorizable(newAuthorizables); TRenamePrivilegesRequest request = new TRenamePrivilegesRequest( ThriftConstants.TSENTRY_SERVICE_VERSION_CURRENT, requestorUserName, tOldSentryAuthorizable, tNewSentryAuthorizable); try { TRenamePrivilegesResponse response = client .rename_sentry_privilege(request); Status.throwIfNotOk(response.getStatus()); } catch (TException e) { throw new SentryUserException(THRIFT_EXCEPTION_MESSAGE, e); } }
@Override public void dropPrivileges(String requestorUserName, List<? extends Authorizable> authorizableObjects) throws SentryUserException { TSentryAuthorizable tSentryAuthorizable = setupSentryAuthorizable(authorizableObjects); TDropPrivilegesRequest request = new TDropPrivilegesRequest( ThriftConstants.TSENTRY_SERVICE_VERSION_CURRENT, requestorUserName, tSentryAuthorizable); try { TDropPrivilegesResponse response = client.drop_sentry_privilege(request); Status.throwIfNotOk(response.getStatus()); } catch (TException e) { throw new SentryUserException(THRIFT_EXCEPTION_MESSAGE, e); } }
authSet.add(setupSentryAuthorizable(authorizableHierarchy));
@Override public Set<String> listPrivilegesForProvider (Set<String> groups, Set<String> users, ActiveRoleSet roleSet, Authorizable... authorizable) throws SentryUserException { TSentryActiveRoleSet thriftRoleSet = new TSentryActiveRoleSet(roleSet.isAll(), roleSet.getRoles()); TListSentryPrivilegesForProviderRequest request = new TListSentryPrivilegesForProviderRequest(ThriftConstants. TSENTRY_SERVICE_VERSION_CURRENT, groups, thriftRoleSet); if (authorizable != null && authorizable.length > 0) { TSentryAuthorizable tSentryAuthorizable = setupSentryAuthorizable(Lists .newArrayList(authorizable)); request.setAuthorizableHierarchy(tSentryAuthorizable); } if (users != null) { request.setUsers(users); } try { TListSentryPrivilegesForProviderResponse response = client.list_sentry_privileges_for_provider(request); Status.throwIfNotOk(response.getStatus()); return response.getPrivileges(); } catch (TException e) { throw new SentryUserException(THRIFT_EXCEPTION_MESSAGE, e); } }
TSentryAuthorizable tSentryAuthorizable = setupSentryAuthorizable(authorizable); request.setAuthorizableHierarchy(tSentryAuthorizable);
@Override public Set<TSentryPrivilege> listPrivilegesByUserName(String requestorUserName, String userName, List<? extends Authorizable> authorizable) throws SentryUserException { TListSentryPrivilegesRequest request = new TListSentryPrivilegesRequest(); request.setProtocol_version(ThriftConstants.TSENTRY_SERVICE_VERSION_CURRENT); request.setRequestorUserName(requestorUserName); // TODO: Remove setRoleName() once the required field is removed request.setRoleName(""); // roleName is unused by it is required by Thrift request.setPrincipalName(userName); if (authorizable != null && !authorizable.isEmpty()) { TSentryAuthorizable tSentryAuthorizable = setupSentryAuthorizable(authorizable); request.setAuthorizableHierarchy(tSentryAuthorizable); } TListSentryPrivilegesResponse response; try { response = client.list_sentry_privileges_by_user(request); if (response == null) { throw new SentryUserException("The Sentry server has returned a NULL response. " + "See the Sentry server logs for more information about the error."); } Status.throwIfNotOk(response.getStatus()); return response.getPrivileges(); } catch (TException e) { throw new SentryUserException(THRIFT_EXCEPTION_MESSAGE, e); } }
new Server(server), new Database(db2), new Table(tab)); expectedResults.put( SentryPolicyServiceClientDefaultImpl.setupSentryAuthorizable(db2TabAuthrizable), db1RoleToPrivMap);
new Server(server), new AccessURI(uri1)); expectedResults.put( SentryPolicyServiceClientDefaultImpl.setupSentryAuthorizable(uri1Authrizable), db1RoleToPrivMap);
new Server(server), new Database(db)); expectedResults.put( SentryPolicyServiceClientDefaultImpl.setupSentryAuthorizable(db1Authrizable), db1RoleToPrivMap); expectedResults.clear(); expectedResults.put( SentryPolicyServiceClientDefaultImpl.setupSentryAuthorizable(db1Authrizable), new TSentryPrivilegeMap(new HashMap<String, Set<TSentryPrivilege>>())); assertEquals(expectedResults, authPrivMap);
new Server(server), new Database(db2), new Table(tab)); expectedResults.put( SentryPolicyServiceClientDefaultImpl.setupSentryAuthorizable(db2TabAuthorizable), db1RoleToPrivMap);