/** * Validates privileges in input request by making sure mandatory fields like * server name and action in the privileges are not empty and see all the values in the * request are valid. * * @param request to be validated. * @throws SentryInvalidInputException If all the mandatory fields in the privileges are * not present [OR] invalid fields a provided in request. */ public static void validate(TAlterSentryRoleGrantPrivilegeRequest request) throws SentryInvalidInputException { if (request.isSetPrivileges() && (!request.getPrivileges().isEmpty())) { checkForMandatoryFieldsInPrivileges(request.getPrivileges()); validateGrantOptionInprivileges(request.getPrivileges()); } }
public Set<JsonLogEntity> createJsonLogEntities( TAlterSentryRoleGrantPrivilegeRequest request, TAlterSentryRoleGrantPrivilegeResponse response, Configuration conf) { ImmutableSet.Builder<JsonLogEntity> setBuilder = ImmutableSet.builder(); if (request.isSetPrivileges()) { for (TSentryPrivilege privilege : request.getPrivileges()) { JsonLogEntity logEntity = createJsonLogEntity(request, privilege, response, conf); setBuilder.add(logEntity); } } return setBuilder.build(); }
public static String createCmdForGrantPrivilege( TAlterSentryRoleGrantPrivilegeRequest request) { return createCmdForGrantOrRevokePrivileges(request.getRoleName(), request.getPrivileges(), true); }
public Object getFieldValue(_Fields field) { switch (field) { case PROTOCOL_VERSION: return getProtocol_version(); case REQUESTOR_USER_NAME: return getRequestorUserName(); case ROLE_NAME: return getRoleName(); case PRIVILEGE: return getPrivilege(); case PRIVILEGES: return getPrivileges(); } throw new IllegalStateException(); }
SentryServiceUtil.checkDbExplicitGrantsPermitted(conf, request.getPrivileges()); checkGrantOptionPrivileges(request.getRequestorUserName(), request.getPrivileges()); Map<TSentryPrivilege, Update> privilegesUpdateMap = new HashMap<>(); for (SentryPolicyStorePlugin plugin : sentryPlugins) { plugin.onAlterSentryRoleGrantPrivilege(request.getRoleName(), request.getPrivileges(), privilegesUpdateMap); request.getPrivileges(), privilegesUpdateMap); } else { sentryStore.alterSentryRoleGrantPrivileges(request.getRoleName(), request.getPrivileges()); response.setPrivileges(request.getPrivileges());
void verify(Status status) throws Exception { TAlterSentryRoleGrantPrivilegeRequest grantRequest = new TAlterSentryRoleGrantPrivilegeRequest(); grantRequest.setProtocol_version(ThriftConstants.TSENTRY_SERVICE_VERSION_CURRENT); grantRequest.setRequestorUserName(REQUESTOR_USER); grantRequest.setRoleName(roleName); grantRequest.setPrivilege(privilege); TAlterSentryRoleGrantPrivilegeResponse response = processor.alter_sentry_role_grant_privilege(grantRequest); if (response.getStatus().getValue() == Status.OK.getCode()) { Mockito.verify(sentryStore).alterSentryRoleGrantPrivileges(grantRequest.getRoleName(), grantRequest.getPrivileges()); } else { Mockito.verify(sentryStore, Mockito.times(0)) .alterSentryRoleGrantPrivileges(Mockito.anyString(), Mockito.anySet()); } assertEquals("Grant " + privilege.getAction() + " response is not valid", status.getCode(), response.getStatus().getValue()); Mockito.reset(sentryStore); } }