/** * Validates privileges in input request by making sure mandatory fields like * server name and action in the privileges are not empty and see all the values in the * request are valid. * * @param request to be validated. * @throws SentryInvalidInputException If all the mandatory fields in the privileges are * not present [OR] invalid fields a provided in request. */ public static void validate(TAlterSentryRoleRevokePrivilegeRequest request) throws SentryInvalidInputException { if (request.isSetPrivileges() && (!request.getPrivileges().isEmpty())) { GrantPrivilegeRequestValidator.checkForMandatoryFieldsInPrivileges(request.getPrivileges()); } } }
public Set<JsonLogEntity> createJsonLogEntities( TAlterSentryRoleRevokePrivilegeRequest request, TAlterSentryRoleRevokePrivilegeResponse response, Configuration conf) { ImmutableSet.Builder<JsonLogEntity> setBuilder = ImmutableSet.builder(); if (request.isSetPrivileges()) { for (TSentryPrivilege privilege : request.getPrivileges()) { JsonLogEntity logEntity = createJsonLogEntity(request, privilege, response, conf); setBuilder.add(logEntity); } } return setBuilder.build(); }
public static String createCmdForRevokePrivilege( TAlterSentryRoleRevokePrivilegeRequest request) { return createCmdForGrantOrRevokePrivileges(request.getRoleName(), request.getPrivileges(), false); }
public Object getFieldValue(_Fields field) { switch (field) { case PROTOCOL_VERSION: return getProtocol_version(); case REQUESTOR_USER_NAME: return getRequestorUserName(); case ROLE_NAME: return getRoleName(); case PRIVILEGE: return getPrivilege(); case PRIVILEGES: return getPrivileges(); } throw new IllegalStateException(); }
checkGrantOptionPrivileges(request.getRequestorUserName(), request.getPrivileges()); Map<TSentryPrivilege, Update> privilegesUpdateMap = new HashMap<>(); for (SentryPolicyStorePlugin plugin : sentryPlugins) { plugin.onAlterSentryRoleRevokePrivilege(request.getRoleName(), request.getPrivileges(), privilegesUpdateMap); request.getPrivileges(), privilegesUpdateMap); } else { sentryStore.alterSentryRoleRevokePrivileges(request.getRoleName(), request.getPrivileges()); } catch (SentryNoSuchObjectException e) { StringBuilder msg = new StringBuilder(); if (request.getPrivileges().size() > 0) { for (TSentryPrivilege privilege : request.getPrivileges()) { msg.append("Privilege: [server="); msg.append(privilege.getServerName());
void verify(Status status) throws Exception { TAlterSentryRoleRevokePrivilegeRequest revokeRequest = new TAlterSentryRoleRevokePrivilegeRequest(); revokeRequest.setProtocol_version(ThriftConstants.TSENTRY_SERVICE_VERSION_CURRENT); revokeRequest.setRequestorUserName(REQUESTOR_USER); revokeRequest.setRoleName(roleName); revokeRequest.setPrivilege(privilege); TAlterSentryRoleRevokePrivilegeResponse response = processor.alter_sentry_role_revoke_privilege(revokeRequest); if (response.getStatus().getValue() == Status.OK.getCode()) { Mockito.verify(sentryStore).alterSentryRoleRevokePrivileges(revokeRequest.getRoleName(), revokeRequest.getPrivileges()); } else { Mockito.verify(sentryStore, Mockito.times(0)) .alterSentryRoleRevokePrivileges(Mockito.anyString(), Mockito.anySet()); } assertEquals("Revoke " + privilege.getAction() + " response is not valid", status.getCode(), response.getStatus().getValue()); Mockito.reset(sentryStore); } }