/** * revoke privilege * * @param requestorUserName: user on whose behalf the request is issued * @param roleName: Name of the role * @param component: The request is issued to which component * @param privilege * @throws SentryUserException */ @Override public void revokePrivilege(String requestorUserName, String roleName, String component, TSentryPrivilege privilege) throws SentryUserException { TAlterSentryRoleRevokePrivilegeRequest request = new TAlterSentryRoleRevokePrivilegeRequest(); request.setProtocol_version(sentry_common_serviceConstants.TSENTRY_SERVICE_V2); request.setComponent(component); request.setRequestorUserName(requestorUserName); request.setRoleName(roleName); request.setPrivilege(privilege); try { TAlterSentryRoleRevokePrivilegeResponse response = client.alter_sentry_role_revoke_privilege(request); Status.throwIfNotOk(response.getStatus()); } catch (TException e) { throw new SentryUserException(THRIFT_EXCEPTION_MESSAGE, e); } }
public Object getFieldValue(_Fields field) { switch (field) { case PROTOCOL_VERSION: return getProtocol_version(); case REQUESTOR_USER_NAME: return getRequestorUserName(); case ROLE_NAME: return getRoleName(); case COMPONENT: return getComponent(); case PRIVILEGE: return getPrivilege(); } throw new IllegalStateException(); }
@Override public boolean equals(Object that) { if (that == null) return false; if (that instanceof TAlterSentryRoleRevokePrivilegeRequest) return this.equals((TAlterSentryRoleRevokePrivilegeRequest)that); return false; }
public static String createCmdForRevokeGMPrivilege( org.apache.sentry.api.generic.thrift.TAlterSentryRoleRevokePrivilegeRequest request) { return createCmdForGrantOrRevokeGMPrivilege(request.getRoleName(), request.getPrivilege(), false); }
case PROTOCOL_VERSION: if (value == null) { unsetProtocol_version(); } else { setProtocol_version((Integer)value); unsetRequestorUserName(); } else { setRequestorUserName((String)value); unsetRoleName(); } else { setRoleName((String)value); unsetComponent(); } else { setComponent((String)value); unsetPrivilege(); } else { setPrivilege((TSentryPrivilege)value);
@Test public void testGrantAndRevokePrivilege() throws Exception { setup(); TSentryPrivilege tprivilege = new TSentryPrivilege("test", "test", new ArrayList<TAuthorizable>(), "test"); tprivilege.setGrantOption(TSentryGrantOption.UNSET); TAlterSentryRoleGrantPrivilegeRequest grantRequest = new TAlterSentryRoleGrantPrivilegeRequest(); grantRequest.setRequestorUserName(ADMIN_USER); grantRequest.setRoleName("r1"); grantRequest.setPrivilege(tprivilege); assertEquals(Status.OK, fromTSentryStatus(processor.alter_sentry_role_grant_privilege(grantRequest).getStatus())); TAlterSentryRoleRevokePrivilegeRequest revokeRequest = new TAlterSentryRoleRevokePrivilegeRequest(); revokeRequest.setRequestorUserName(ADMIN_USER); revokeRequest.setRoleName("r1"); revokeRequest.setPrivilege(tprivilege); assertEquals(Status.OK, fromTSentryStatus(processor.alter_sentry_role_revoke_privilege(revokeRequest).getStatus())); }
public JsonLogEntity createJsonLogEntity( org.apache.sentry.api.generic.thrift.TAlterSentryRoleRevokePrivilegeRequest request, org.apache.sentry.api.generic.thrift.TAlterSentryRoleRevokePrivilegeResponse response, Configuration conf) { GMAuditMetadataLogEntity gmamle = createCommonGMAMLE(conf, response.getStatus(), request.getRequestorUserName(), request.getClass().getName(), request.getComponent()); if (request.getPrivilege() != null) { List<TAuthorizable> authorizables = request.getPrivilege().getAuthorizables(); Map<String, String> privilegesMap = new LinkedHashMap<String, String>(); if (authorizables != null) { for (TAuthorizable authorizable : authorizables) { privilegesMap.put(authorizable.getType(), authorizable.getName()); } } gmamle.setPrivilegesMap(privilegesMap); } gmamle.setOperationText(CommandUtil.createCmdForRevokeGMPrivilege(request)); return gmamle; }
private org.apache.sentry.api.generic.thrift.TAlterSentryRoleRevokePrivilegeRequest getRevokeGMPrivilegeRequest() { org.apache.sentry.api.generic.thrift.TAlterSentryRoleRevokePrivilegeRequest request = new org.apache.sentry.api.generic.thrift.TAlterSentryRoleRevokePrivilegeRequest(); request.setRoleName("testRole"); return request; }
@Override public void read(org.apache.thrift.protocol.TProtocol prot, alter_sentry_role_revoke_privilege_args struct) throws org.apache.thrift.TException { TTupleProtocol iprot = (TTupleProtocol) prot; BitSet incoming = iprot.readBitSet(1); if (incoming.get(0)) { struct.request = new TAlterSentryRoleRevokePrivilegeRequest(); struct.request.read(iprot); struct.setRequestIsSet(true); } } }
public TAlterSentryRoleRevokePrivilegeRequest deepCopy() { return new TAlterSentryRoleRevokePrivilegeRequest(this); }
@Test public void testCreateCmdForGrantOrRevokeGMPrivilege1() { org.apache.sentry.api.generic.thrift.TAlterSentryRoleGrantPrivilegeRequest grantRequest = getGrantGMPrivilegeRequest(); org.apache.sentry.api.generic.thrift.TAlterSentryRoleRevokePrivilegeRequest revokeRequest = getRevokeGMPrivilegeRequest(); org.apache.sentry.api.generic.thrift.TSentryPrivilege privilege = getGMPrivilege(); grantRequest.setPrivilege(privilege); revokeRequest.setPrivilege(privilege); String createGrantPrivilegeCmdResult = CommandUtil.createCmdForGrantGMPrivilege(grantRequest); String createGrantPrivilegeCmdExcepted = "GRANT ACTION ON resourceType1 resourceName1 resourceType2 resourceName2 TO ROLE testRole"; String createRevokePrivilegeCmdResult = CommandUtil .createCmdForRevokeGMPrivilege(revokeRequest); String createRevokePrivilegeCmdExcepted = "REVOKE ACTION ON resourceType1 resourceName1 resourceType2 resourceName2 FROM ROLE testRole"; assertEquals(createGrantPrivilegeCmdExcepted, createGrantPrivilegeCmdResult); assertEquals(createRevokePrivilegeCmdExcepted, createRevokePrivilegeCmdResult); }
@Test public void testRevokeRole() { TAlterSentryRoleRevokePrivilegeRequest request = new TAlterSentryRoleRevokePrivilegeRequest(); TAlterSentryRoleRevokePrivilegeResponse response = new TAlterSentryRoleRevokePrivilegeResponse(); request.setRequestorUserName(TEST_USER_NAME); request.setRoleName(TEST_ROLE_NAME); TSentryPrivilege privilege = getPrivilege(); request.setPrivilege(privilege); response.setStatus(Status.OK()); GMAuditMetadataLogEntity amle = (GMAuditMetadataLogEntity) JsonLogEntityFactory.getInstance() .createJsonLogEntity(request, response, conf); assertCommon( amle, Constants.TRUE, Constants.OPERATION_REVOKE_PRIVILEGE, "REVOKE ACTION ON resourceType1 resourceName1 resourceType2 resourceName2 resourceType3 resourceName3 FROM ROLE testRole", Constants.OBJECT_TYPE_PRINCIPAL, TEST_PRIVILEGES_MAP); response.setStatus(Status.InvalidInput("", null)); amle = (GMAuditMetadataLogEntity) JsonLogEntityFactory.getInstance().createJsonLogEntity( request, response, conf); assertCommon( amle, Constants.FALSE, Constants.OPERATION_REVOKE_PRIVILEGE, "REVOKE ACTION ON resourceType1 resourceName1 resourceType2 resourceName2 resourceType3 resourceName3 FROM ROLE testRole", Constants.OBJECT_TYPE_PRINCIPAL, TEST_PRIVILEGES_MAP); }
public void read(org.apache.thrift.protocol.TProtocol iprot, alter_sentry_role_revoke_privilege_args struct) throws org.apache.thrift.TException { org.apache.thrift.protocol.TField schemeField; iprot.readStructBegin(); while (true) { schemeField = iprot.readFieldBegin(); if (schemeField.type == org.apache.thrift.protocol.TType.STOP) { break; } switch (schemeField.id) { case 1: // REQUEST if (schemeField.type == org.apache.thrift.protocol.TType.STRUCT) { struct.request = new TAlterSentryRoleRevokePrivilegeRequest(); struct.request.read(iprot); struct.setRequestIsSet(true); } else { org.apache.thrift.protocol.TProtocolUtil.skip(iprot, schemeField.type); } break; default: org.apache.thrift.protocol.TProtocolUtil.skip(iprot, schemeField.type); } iprot.readFieldEnd(); } iprot.readStructEnd(); struct.validate(); }
/** * Performs a deep copy on <i>other</i>. */ public alter_sentry_role_revoke_privilege_args(alter_sentry_role_revoke_privilege_args other) { if (other.isSetRequest()) { this.request = new TAlterSentryRoleRevokePrivilegeRequest(other.request); } }
@Test public void testCreateCmdForGrantOrRevokeGMPrivilege2() { org.apache.sentry.api.generic.thrift.TAlterSentryRoleGrantPrivilegeRequest grantRequest = getGrantGMPrivilegeRequest(); org.apache.sentry.api.generic.thrift.TAlterSentryRoleRevokePrivilegeRequest revokeRequest = getRevokeGMPrivilegeRequest(); org.apache.sentry.api.generic.thrift.TSentryPrivilege privilege = getGMPrivilege(); privilege .setGrantOption(org.apache.sentry.api.generic.thrift.TSentryGrantOption.TRUE); grantRequest.setPrivilege(privilege); revokeRequest.setPrivilege(privilege); String createGrantPrivilegeCmdResult = CommandUtil.createCmdForGrantGMPrivilege(grantRequest); String createGrantPrivilegeCmdExcepted = "GRANT ACTION ON resourceType1 resourceName1 resourceType2 resourceName2 TO ROLE testRole WITH GRANT OPTION"; String createRevokePrivilegeCmdResult = CommandUtil .createCmdForRevokeGMPrivilege(revokeRequest); String createRevokePrivilegeCmdExcepted = "REVOKE ACTION ON resourceType1 resourceName1 resourceType2 resourceName2 FROM ROLE testRole WITH GRANT OPTION"; assertEquals(createGrantPrivilegeCmdExcepted, createGrantPrivilegeCmdResult); assertEquals(createRevokePrivilegeCmdExcepted, createRevokePrivilegeCmdResult); }
@Override public Response<Void> handle() throws Exception { validateClientVersion(request.getProtocol_version()); store.alterRoleRevokePrivilege(request.getComponent(), request.getRoleName(), toPrivilegeObject(request.getPrivilege()), request.getRequestorUserName()); return new Response<Void>(Status.OK()); } });
assertEquals(Status.ACCESS_DENIED, fromTSentryStatus(processor.alter_sentry_role_grant_privilege(grantRequest).getStatus())); TAlterSentryRoleRevokePrivilegeRequest revokeRequest = new TAlterSentryRoleRevokePrivilegeRequest(); revokeRequest.setRequestorUserName(ADMIN_USER); revokeRequest.setRoleName("r1"); revokeRequest.setPrivilege(tprivilege); assertEquals(Status.ACCESS_DENIED, fromTSentryStatus(processor.alter_sentry_role_revoke_privilege(revokeRequest).getStatus()));
@Override public void alter_sentry_role_revoke_privilege( TAlterSentryRoleRevokePrivilegeRequest request, TAlterSentryRoleRevokePrivilegeResponse response) { for (NotificationHandler handler : handlers) { try { LOGGER.debug("Calling " + handler); handler.alter_sentry_role_revoke_privilege( new TAlterSentryRoleRevokePrivilegeRequest(request), new TAlterSentryRoleRevokePrivilegeResponse(response)); } catch (Exception ex) { LOGGER.error("Unexpected error in " + handler + ". Request: " + request + ", Response: " + response, ex); } } }
public boolean equals(alter_sentry_role_revoke_privilege_args that) { if (that == null) return false; boolean this_present_request = true && this.isSetRequest(); boolean that_present_request = true && that.isSetRequest(); if (this_present_request || that_present_request) { if (!(this_present_request && that_present_request)) return false; if (!this.request.equals(that.request)) return false; } return true; }