@Override public TCreateSentryRoleResponse create_sentry_role( final TCreateSentryRoleRequest request) throws TException { Response<Void> respose = requestHandle(new RequestHandler<Void>() { @Override public Response<Void> handle() throws Exception { validateClientVersion(request.getProtocol_version()); authorize(request.getRequestorUserName(), getRequestorGroups(conf, request.getRequestorUserName())); CommitContext context = store.createRole(request.getComponent(), request.getRoleName(), request.getRequestorUserName()); return new Response<Void>(Status.OK(), context); } }); TCreateSentryRoleResponse tResponse = new TCreateSentryRoleResponse(respose.status); if (Status.OK.getCode() == respose.status.getValue()) { handerInvoker.create_sentry_role(respose.context, request, tResponse); } try { AUDIT_LOGGER.info(JsonLogEntityFactory.getInstance() .createJsonLogEntity(request, tResponse, conf).toJsonFormatLog()); } catch (Exception e) { // if any exception, log the exception. String msg = "Error creating audit log for create role: " + e.getMessage(); LOGGER.error(msg, e); } return tResponse; }
@Override public TDropSentryRoleResponse drop_sentry_role(final TDropSentryRoleRequest request) throws TException { Response<Void> respose = requestHandle(new RequestHandler<Void>() { @Override public Response<Void> handle() throws Exception { validateClientVersion(request.getProtocol_version()); authorize(request.getRequestorUserName(), getRequestorGroups(conf, request.getRequestorUserName())); CommitContext context = store.dropRole(request.getComponent(), request.getRoleName(), request.getRequestorUserName()); return new Response<Void>(Status.OK(), context); } }); TDropSentryRoleResponse tResponse = new TDropSentryRoleResponse(respose.status); if (Status.OK.getCode() == respose.status.getValue()) { handerInvoker.drop_sentry_role(respose.context, request, tResponse); } try { AUDIT_LOGGER.info(JsonLogEntityFactory.getInstance() .createJsonLogEntity(request, tResponse, conf).toJsonFormatLog()); } catch (Exception e) { // if any exception, log the exception. String msg = "Error creating audit log for drop role: " + e.getMessage(); LOGGER.error(msg, e); } return tResponse; }
@Override public TAlterSentryRoleGrantPrivilegeResponse alter_sentry_role_grant_privilege( final TAlterSentryRoleGrantPrivilegeRequest request) throws TException { Response<Void> respose = requestHandle(new RequestHandler<Void>() { @Override public Response<Void> handle() throws Exception { validateClientVersion(request.getProtocol_version()); CommitContext context = store.alterRoleGrantPrivilege(request.getComponent(), request.getRoleName(), toPrivilegeObject(request.getPrivilege()), request.getRequestorUserName()); return new Response<Void>(Status.OK(), context); } }); TAlterSentryRoleGrantPrivilegeResponse tResponse = new TAlterSentryRoleGrantPrivilegeResponse(respose.status); if (Status.OK.getCode() == respose.status.getValue()) { handerInvoker.alter_sentry_role_grant_privilege(respose.context, request, tResponse); } try { AUDIT_LOGGER.info(JsonLogEntityFactory.getInstance() .createJsonLogEntity(request, tResponse, conf).toJsonFormatLog()); } catch (Exception e) { // if any exception, log the exception. String msg = "Error creating audit log for grant privilege to role: " + e.getMessage(); LOGGER.error(msg, e); } return tResponse; }
@Test public void testDropRole() { TDropSentryRoleRequest request = new TDropSentryRoleRequest(); TDropSentryRoleResponse response = new TDropSentryRoleResponse(); request.setRequestorUserName(TEST_USER_NAME); request.setRoleName(TEST_ROLE_NAME); response.setStatus(Status.OK()); GMAuditMetadataLogEntity amle = (GMAuditMetadataLogEntity) JsonLogEntityFactory .getInstance().createJsonLogEntity(request, response, conf); assertCommon(amle, Constants.TRUE, Constants.OPERATION_DROP_ROLE, "DROP ROLE testRole", Constants.OBJECT_TYPE_ROLE, new HashMap<String, String>()); response.setStatus(Status.InvalidInput("", null)); amle = (GMAuditMetadataLogEntity) JsonLogEntityFactory.getInstance().createJsonLogEntity( request, response, conf); assertCommon(amle, Constants.FALSE, Constants.OPERATION_DROP_ROLE, "DROP ROLE testRole", Constants.OBJECT_TYPE_ROLE, new HashMap<String, String>()); }
@Test public void testDropRole() { TDropSentryRoleRequest request = new TDropSentryRoleRequest(); TDropSentryRoleResponse response = new TDropSentryRoleResponse(); request.setRequestorUserName(TEST_USER_NAME); request.setRoleName(TEST_ROLE_NAME); response.setStatus(Status.OK()); GMAuditMetadataLogEntity amle = (GMAuditMetadataLogEntity) JsonLogEntityFactory .getInstance().createJsonLogEntity(request, response, conf); assertCommon(amle, Constants.TRUE, Constants.OPERATION_DROP_ROLE, "DROP ROLE testRole", Constants.OBJECT_TYPE_ROLE, new HashMap<String, String>()); response.setStatus(Status.InvalidInput("", null)); amle = (GMAuditMetadataLogEntity) JsonLogEntityFactory.getInstance().createJsonLogEntity( request, response, conf); assertCommon(amle, Constants.FALSE, Constants.OPERATION_DROP_ROLE, "DROP ROLE testRole", Constants.OBJECT_TYPE_ROLE, new HashMap<String, String>()); }
@Test public void testCreateRole() { TCreateSentryRoleRequest request = new TCreateSentryRoleRequest(); TCreateSentryRoleResponse response = new TCreateSentryRoleResponse(); request.setRequestorUserName(TEST_USER_NAME); request.setRoleName(TEST_ROLE_NAME); response.setStatus(Status.OK()); GMAuditMetadataLogEntity amle = (GMAuditMetadataLogEntity) JsonLogEntityFactory.getInstance() .createJsonLogEntity(request, response, conf); assertCommon(amle, Constants.TRUE, Constants.OPERATION_CREATE_ROLE, "CREATE ROLE testRole", Constants.OBJECT_TYPE_ROLE, new HashMap<String, String>()); response.setStatus(Status.InvalidInput("", null)); amle = (GMAuditMetadataLogEntity) JsonLogEntityFactory.getInstance().createJsonLogEntity( request, response, conf); assertCommon(amle, Constants.FALSE, Constants.OPERATION_CREATE_ROLE, "CREATE ROLE testRole", Constants.OBJECT_TYPE_ROLE, new HashMap<String, String>()); }
@Test public void testCreateRole() { TCreateSentryRoleRequest request = new TCreateSentryRoleRequest(); TCreateSentryRoleResponse response = new TCreateSentryRoleResponse(); request.setRequestorUserName(TEST_USER_NAME); request.setRoleName(TEST_ROLE_NAME); response.setStatus(Status.OK()); GMAuditMetadataLogEntity amle = (GMAuditMetadataLogEntity) JsonLogEntityFactory.getInstance() .createJsonLogEntity(request, response, conf); assertCommon(amle, Constants.TRUE, Constants.OPERATION_CREATE_ROLE, "CREATE ROLE testRole", Constants.OBJECT_TYPE_ROLE, new HashMap<String, String>()); response.setStatus(Status.InvalidInput("", null)); amle = (GMAuditMetadataLogEntity) JsonLogEntityFactory.getInstance().createJsonLogEntity( request, response, conf); assertCommon(amle, Constants.FALSE, Constants.OPERATION_CREATE_ROLE, "CREATE ROLE testRole", Constants.OBJECT_TYPE_ROLE, new HashMap<String, String>()); }
@Test public void testDeleteRole() { TAlterSentryRoleDeleteGroupsRequest request = new TAlterSentryRoleDeleteGroupsRequest(); TAlterSentryRoleDeleteGroupsResponse response = new TAlterSentryRoleDeleteGroupsResponse(); request.setRequestorUserName(TEST_USER_NAME); request.setRoleName(TEST_ROLE_NAME); request.setGroups(getGroups()); response.setStatus(Status.OK()); GMAuditMetadataLogEntity amle = (GMAuditMetadataLogEntity) JsonLogEntityFactory .getInstance().createJsonLogEntity(request, response, conf); assertCommon(amle, Constants.TRUE, Constants.OPERATION_DELETE_ROLE, "REVOKE ROLE testRole FROM GROUP testGroup", Constants.OBJECT_TYPE_ROLE, new HashMap<String, String>()); response.setStatus(Status.InvalidInput("", null)); amle = (GMAuditMetadataLogEntity) JsonLogEntityFactory.getInstance().createJsonLogEntity( request, response, conf); assertCommon(amle, Constants.FALSE, Constants.OPERATION_DELETE_ROLE, "REVOKE ROLE testRole FROM GROUP testGroup", Constants.OBJECT_TYPE_ROLE, new HashMap<String, String>()); }
@Test public void testAddRole() { TAlterSentryRoleAddGroupsRequest request = new TAlterSentryRoleAddGroupsRequest(); TAlterSentryRoleAddGroupsResponse response = new TAlterSentryRoleAddGroupsResponse(); request.setRequestorUserName(TEST_USER_NAME); request.setRoleName(TEST_ROLE_NAME); request.setGroups(getGroups()); response.setStatus(Status.OK()); GMAuditMetadataLogEntity amle = (GMAuditMetadataLogEntity) JsonLogEntityFactory.getInstance() .createJsonLogEntity(request, response, conf); assertCommon(amle, Constants.TRUE, Constants.OPERATION_ADD_ROLE, "GRANT ROLE testRole TO GROUP testGroup", Constants.OBJECT_TYPE_ROLE, new HashMap<String, String>()); response.setStatus(Status.InvalidInput("", null)); amle = (GMAuditMetadataLogEntity) JsonLogEntityFactory.getInstance().createJsonLogEntity( request, response, conf); assertCommon(amle, Constants.FALSE, Constants.OPERATION_ADD_ROLE, "GRANT ROLE testRole TO GROUP testGroup", Constants.OBJECT_TYPE_ROLE, new HashMap<String, String>()); }
@Test public void testDeleteRole() { TAlterSentryRoleDeleteGroupsRequest request = new TAlterSentryRoleDeleteGroupsRequest(); TAlterSentryRoleDeleteGroupsResponse response = new TAlterSentryRoleDeleteGroupsResponse(); request.setRequestorUserName(TEST_USER_NAME); request.setRoleName(TEST_ROLE_NAME); request.setGroups(getGroups()); response.setStatus(Status.OK()); GMAuditMetadataLogEntity amle = (GMAuditMetadataLogEntity) JsonLogEntityFactory .getInstance().createJsonLogEntity(request, response, conf); assertCommon(amle, Constants.TRUE, Constants.OPERATION_DELETE_ROLE, "REVOKE ROLE testRole FROM GROUP testGroup", Constants.OBJECT_TYPE_ROLE, new HashMap<String, String>()); response.setStatus(Status.InvalidInput("", null)); amle = (GMAuditMetadataLogEntity) JsonLogEntityFactory.getInstance().createJsonLogEntity( request, response, conf); assertCommon(amle, Constants.FALSE, Constants.OPERATION_DELETE_ROLE, "REVOKE ROLE testRole FROM GROUP testGroup", Constants.OBJECT_TYPE_ROLE, new HashMap<String, String>()); }
@Test public void testAddRole() { TAlterSentryRoleAddGroupsRequest request = new TAlterSentryRoleAddGroupsRequest(); TAlterSentryRoleAddGroupsResponse response = new TAlterSentryRoleAddGroupsResponse(); request.setRequestorUserName(TEST_USER_NAME); request.setRoleName(TEST_ROLE_NAME); request.setGroups(getGroups()); response.setStatus(Status.OK()); GMAuditMetadataLogEntity amle = (GMAuditMetadataLogEntity) JsonLogEntityFactory.getInstance() .createJsonLogEntity(request, response, conf); assertCommon(amle, Constants.TRUE, Constants.OPERATION_ADD_ROLE, "GRANT ROLE testRole TO GROUP testGroup", Constants.OBJECT_TYPE_ROLE, new HashMap<String, String>()); response.setStatus(Status.InvalidInput("", null)); amle = (GMAuditMetadataLogEntity) JsonLogEntityFactory.getInstance().createJsonLogEntity( request, response, conf); assertCommon(amle, Constants.FALSE, Constants.OPERATION_ADD_ROLE, "GRANT ROLE testRole TO GROUP testGroup", Constants.OBJECT_TYPE_ROLE, new HashMap<String, String>()); }
@Test public void testCreateRole() { TCreateSentryRoleRequest request = new TCreateSentryRoleRequest(); TCreateSentryRoleResponse response = new TCreateSentryRoleResponse(); request.setRequestorUserName(TEST_USER_NAME); request.setRoleName(TEST_ROLE_NAME); response.setStatus(Status.OK()); DBAuditMetadataLogEntity amle = (DBAuditMetadataLogEntity) JsonLogEntityFactory .getInstance().createJsonLogEntity(request, response, conf); assertCommon(amle, Constants.TRUE, Constants.OPERATION_CREATE_ROLE, "CREATE ROLE testRole", null, null, null, Constants.OBJECT_TYPE_ROLE); response.setStatus(Status.InvalidInput("", null)); amle = (DBAuditMetadataLogEntity) JsonLogEntityFactory.getInstance() .createJsonLogEntity(request, response, conf); assertCommon(amle, Constants.FALSE, Constants.OPERATION_CREATE_ROLE, "CREATE ROLE testRole", null, null, null, Constants.OBJECT_TYPE_ROLE); }
@Test public void testDropRole() { TDropSentryRoleRequest request = new TDropSentryRoleRequest(); TDropSentryRoleResponse response = new TDropSentryRoleResponse(); request.setRequestorUserName(TEST_USER_NAME); request.setRoleName(TEST_ROLE_NAME); response.setStatus(Status.OK()); DBAuditMetadataLogEntity amle = (DBAuditMetadataLogEntity) JsonLogEntityFactory .getInstance().createJsonLogEntity(request, response, conf); assertCommon(amle, Constants.TRUE, Constants.OPERATION_DROP_ROLE, "DROP ROLE testRole", null, null, null, Constants.OBJECT_TYPE_ROLE); response.setStatus(Status.InvalidInput("", null)); amle = (DBAuditMetadataLogEntity) JsonLogEntityFactory.getInstance() .createJsonLogEntity(request, response, conf); assertCommon(amle, Constants.FALSE, Constants.OPERATION_DROP_ROLE, "DROP ROLE testRole", null, null, null, Constants.OBJECT_TYPE_ROLE); }
@Test public void testDropRole() { TDropSentryRoleRequest request = new TDropSentryRoleRequest(); TDropSentryRoleResponse response = new TDropSentryRoleResponse(); request.setRequestorUserName(TEST_USER_NAME); request.setRoleName(TEST_ROLE_NAME); response.setStatus(Status.OK()); DBAuditMetadataLogEntity amle = (DBAuditMetadataLogEntity) JsonLogEntityFactory .getInstance().createJsonLogEntity(request, response, conf); assertCommon(amle, Constants.TRUE, Constants.OPERATION_DROP_ROLE, "DROP ROLE testRole", null, null, null, Constants.OBJECT_TYPE_ROLE); response.setStatus(Status.InvalidInput("", null)); amle = (DBAuditMetadataLogEntity) JsonLogEntityFactory.getInstance() .createJsonLogEntity(request, response, conf); assertCommon(amle, Constants.FALSE, Constants.OPERATION_DROP_ROLE, "DROP ROLE testRole", null, null, null, Constants.OBJECT_TYPE_ROLE); }
@Test public void testCreateRole() { TCreateSentryRoleRequest request = new TCreateSentryRoleRequest(); TCreateSentryRoleResponse response = new TCreateSentryRoleResponse(); request.setRequestorUserName(TEST_USER_NAME); request.setRoleName(TEST_ROLE_NAME); response.setStatus(Status.OK()); DBAuditMetadataLogEntity amle = (DBAuditMetadataLogEntity) JsonLogEntityFactory .getInstance().createJsonLogEntity(request, response, conf); assertCommon(amle, Constants.TRUE, Constants.OPERATION_CREATE_ROLE, "CREATE ROLE testRole", null, null, null, Constants.OBJECT_TYPE_ROLE); response.setStatus(Status.InvalidInput("", null)); amle = (DBAuditMetadataLogEntity) JsonLogEntityFactory.getInstance() .createJsonLogEntity(request, response, conf); assertCommon(amle, Constants.FALSE, Constants.OPERATION_CREATE_ROLE, "CREATE ROLE testRole", null, null, null, Constants.OBJECT_TYPE_ROLE); }
@Test public void testDeleteRole() { TAlterSentryRoleDeleteGroupsRequest request = new TAlterSentryRoleDeleteGroupsRequest(); TAlterSentryRoleDeleteGroupsResponse response = new TAlterSentryRoleDeleteGroupsResponse(); request.setRequestorUserName(TEST_USER_NAME); request.setRoleName(TEST_ROLE_NAME); request.setGroups(getGroups()); response.setStatus(Status.OK()); DBAuditMetadataLogEntity amle = (DBAuditMetadataLogEntity) JsonLogEntityFactory .getInstance().createJsonLogEntity(request, response, conf); assertCommon(amle, Constants.TRUE, Constants.OPERATION_DELETE_ROLE, "REVOKE ROLE testRole FROM GROUP testGroup", null, null, null, Constants.OBJECT_TYPE_ROLE); response.setStatus(Status.InvalidInput("", null)); amle = (DBAuditMetadataLogEntity) JsonLogEntityFactory.getInstance() .createJsonLogEntity(request, response, conf); assertCommon(amle, Constants.FALSE, Constants.OPERATION_DELETE_ROLE, "REVOKE ROLE testRole FROM GROUP testGroup", null, null, null, Constants.OBJECT_TYPE_ROLE); }
@Test public void testAddRole() { TAlterSentryRoleAddGroupsRequest request = new TAlterSentryRoleAddGroupsRequest(); TAlterSentryRoleAddGroupsResponse response = new TAlterSentryRoleAddGroupsResponse(); request.setRequestorUserName(TEST_USER_NAME); request.setRoleName(TEST_ROLE_NAME); request.setGroups(getGroups()); response.setStatus(Status.OK()); DBAuditMetadataLogEntity amle = (DBAuditMetadataLogEntity) JsonLogEntityFactory .getInstance().createJsonLogEntity(request, response, conf); assertCommon(amle, Constants.TRUE, Constants.OPERATION_ADD_ROLE, "GRANT ROLE testRole TO GROUP testGroup", null, null, null, Constants.OBJECT_TYPE_ROLE); response.setStatus(Status.InvalidInput("", null)); amle = (DBAuditMetadataLogEntity) JsonLogEntityFactory.getInstance() .createJsonLogEntity(request, response, conf); assertCommon(amle, Constants.FALSE, Constants.OPERATION_ADD_ROLE, "GRANT ROLE testRole TO GROUP testGroup", null, null, null, Constants.OBJECT_TYPE_ROLE); }
@Test public void testAddRole() { TAlterSentryRoleAddGroupsRequest request = new TAlterSentryRoleAddGroupsRequest(); TAlterSentryRoleAddGroupsResponse response = new TAlterSentryRoleAddGroupsResponse(); request.setRequestorUserName(TEST_USER_NAME); request.setRoleName(TEST_ROLE_NAME); request.setGroups(getGroups()); response.setStatus(Status.OK()); DBAuditMetadataLogEntity amle = (DBAuditMetadataLogEntity) JsonLogEntityFactory .getInstance().createJsonLogEntity(request, response, conf); assertCommon(amle, Constants.TRUE, Constants.OPERATION_ADD_ROLE, "GRANT ROLE testRole TO GROUP testGroup", null, null, null, Constants.OBJECT_TYPE_ROLE); response.setStatus(Status.InvalidInput("", null)); amle = (DBAuditMetadataLogEntity) JsonLogEntityFactory.getInstance() .createJsonLogEntity(request, response, conf); assertCommon(amle, Constants.FALSE, Constants.OPERATION_ADD_ROLE, "GRANT ROLE testRole TO GROUP testGroup", null, null, null, Constants.OBJECT_TYPE_ROLE); }
@Test public void testDeleteRole() { TAlterSentryRoleDeleteGroupsRequest request = new TAlterSentryRoleDeleteGroupsRequest(); TAlterSentryRoleDeleteGroupsResponse response = new TAlterSentryRoleDeleteGroupsResponse(); request.setRequestorUserName(TEST_USER_NAME); request.setRoleName(TEST_ROLE_NAME); request.setGroups(getGroups()); response.setStatus(Status.OK()); DBAuditMetadataLogEntity amle = (DBAuditMetadataLogEntity) JsonLogEntityFactory .getInstance().createJsonLogEntity(request, response, conf); assertCommon(amle, Constants.TRUE, Constants.OPERATION_DELETE_ROLE, "REVOKE ROLE testRole FROM GROUP testGroup", null, null, null, Constants.OBJECT_TYPE_ROLE); response.setStatus(Status.InvalidInput("", null)); amle = (DBAuditMetadataLogEntity) JsonLogEntityFactory.getInstance() .createJsonLogEntity(request, response, conf); assertCommon(amle, Constants.FALSE, Constants.OPERATION_DELETE_ROLE, "REVOKE ROLE testRole FROM GROUP testGroup", null, null, null, Constants.OBJECT_TYPE_ROLE); }
@Test public void testRevokeRole() { TAlterSentryRoleRevokePrivilegeRequest request = new TAlterSentryRoleRevokePrivilegeRequest(); TAlterSentryRoleRevokePrivilegeResponse response = new TAlterSentryRoleRevokePrivilegeResponse(); request.setRequestorUserName(TEST_USER_NAME); request.setRoleName(TEST_ROLE_NAME); TSentryPrivilege privilege = getPrivilege(); request.setPrivilege(privilege); response.setStatus(Status.OK()); GMAuditMetadataLogEntity amle = (GMAuditMetadataLogEntity) JsonLogEntityFactory.getInstance() .createJsonLogEntity(request, response, conf); assertCommon( amle, Constants.TRUE, Constants.OPERATION_REVOKE_PRIVILEGE, "REVOKE ACTION ON resourceType1 resourceName1 resourceType2 resourceName2 resourceType3 resourceName3 FROM ROLE testRole", Constants.OBJECT_TYPE_PRINCIPAL, TEST_PRIVILEGES_MAP); response.setStatus(Status.InvalidInput("", null)); amle = (GMAuditMetadataLogEntity) JsonLogEntityFactory.getInstance().createJsonLogEntity( request, response, conf); assertCommon( amle, Constants.FALSE, Constants.OPERATION_REVOKE_PRIVILEGE, "REVOKE ACTION ON resourceType1 resourceName1 resourceType2 resourceName2 resourceType3 resourceName3 FROM ROLE testRole", Constants.OBJECT_TYPE_PRINCIPAL, TEST_PRIVILEGES_MAP); }