/** * grant privilege * * @param requestorUserName: user on whose behalf the request is issued * @param roleName: Name of the role * @param component: The request is issued to which component * @param privilege * @throws SentryUserException */ @Override public void grantPrivilege(String requestorUserName, String roleName, String component, TSentryPrivilege privilege) throws SentryUserException { TAlterSentryRoleGrantPrivilegeRequest request = new TAlterSentryRoleGrantPrivilegeRequest(); request.setProtocol_version(sentry_common_serviceConstants.TSENTRY_SERVICE_V2); request.setComponent(component); request.setRoleName(roleName); request.setRequestorUserName(requestorUserName); request.setPrivilege(privilege); try { TAlterSentryRoleGrantPrivilegeResponse response = client.alter_sentry_role_grant_privilege(request); Status.throwIfNotOk(response.getStatus()); } catch (TException e) { throw new SentryUserException(THRIFT_EXCEPTION_MESSAGE, e); } }
unsetPrivilege(); } else { setPrivilege((TSentryPrivilege)value);
grantRequest.setRequestorUserName(ADMIN_USER); grantRequest.setRoleName("r1"); grantRequest.setPrivilege(tprivilege); assertEquals(Status.ACCESS_DENIED, fromTSentryStatus(processor.alter_sentry_role_grant_privilege(grantRequest).getStatus()));
@Test public void testCreateCmdForGrantOrRevokeGMPrivilege1() { org.apache.sentry.api.generic.thrift.TAlterSentryRoleGrantPrivilegeRequest grantRequest = getGrantGMPrivilegeRequest(); org.apache.sentry.api.generic.thrift.TAlterSentryRoleRevokePrivilegeRequest revokeRequest = getRevokeGMPrivilegeRequest(); org.apache.sentry.api.generic.thrift.TSentryPrivilege privilege = getGMPrivilege(); grantRequest.setPrivilege(privilege); revokeRequest.setPrivilege(privilege); String createGrantPrivilegeCmdResult = CommandUtil.createCmdForGrantGMPrivilege(grantRequest); String createGrantPrivilegeCmdExcepted = "GRANT ACTION ON resourceType1 resourceName1 resourceType2 resourceName2 TO ROLE testRole"; String createRevokePrivilegeCmdResult = CommandUtil .createCmdForRevokeGMPrivilege(revokeRequest); String createRevokePrivilegeCmdExcepted = "REVOKE ACTION ON resourceType1 resourceName1 resourceType2 resourceName2 FROM ROLE testRole"; assertEquals(createGrantPrivilegeCmdExcepted, createGrantPrivilegeCmdResult); assertEquals(createRevokePrivilegeCmdExcepted, createRevokePrivilegeCmdResult); }
@Test public void testGrantAndRevokePrivilege() throws Exception { setup(); TSentryPrivilege tprivilege = new TSentryPrivilege("test", "test", new ArrayList<TAuthorizable>(), "test"); tprivilege.setGrantOption(TSentryGrantOption.UNSET); TAlterSentryRoleGrantPrivilegeRequest grantRequest = new TAlterSentryRoleGrantPrivilegeRequest(); grantRequest.setRequestorUserName(ADMIN_USER); grantRequest.setRoleName("r1"); grantRequest.setPrivilege(tprivilege); assertEquals(Status.OK, fromTSentryStatus(processor.alter_sentry_role_grant_privilege(grantRequest).getStatus())); TAlterSentryRoleRevokePrivilegeRequest revokeRequest = new TAlterSentryRoleRevokePrivilegeRequest(); revokeRequest.setRequestorUserName(ADMIN_USER); revokeRequest.setRoleName("r1"); revokeRequest.setPrivilege(tprivilege); assertEquals(Status.OK, fromTSentryStatus(processor.alter_sentry_role_revoke_privilege(revokeRequest).getStatus())); }
@Test public void testCreateCmdForGrantOrRevokeGMPrivilege2() { org.apache.sentry.api.generic.thrift.TAlterSentryRoleGrantPrivilegeRequest grantRequest = getGrantGMPrivilegeRequest(); org.apache.sentry.api.generic.thrift.TAlterSentryRoleRevokePrivilegeRequest revokeRequest = getRevokeGMPrivilegeRequest(); org.apache.sentry.api.generic.thrift.TSentryPrivilege privilege = getGMPrivilege(); privilege .setGrantOption(org.apache.sentry.api.generic.thrift.TSentryGrantOption.TRUE); grantRequest.setPrivilege(privilege); revokeRequest.setPrivilege(privilege); String createGrantPrivilegeCmdResult = CommandUtil.createCmdForGrantGMPrivilege(grantRequest); String createGrantPrivilegeCmdExcepted = "GRANT ACTION ON resourceType1 resourceName1 resourceType2 resourceName2 TO ROLE testRole WITH GRANT OPTION"; String createRevokePrivilegeCmdResult = CommandUtil .createCmdForRevokeGMPrivilege(revokeRequest); String createRevokePrivilegeCmdExcepted = "REVOKE ACTION ON resourceType1 resourceName1 resourceType2 resourceName2 FROM ROLE testRole WITH GRANT OPTION"; assertEquals(createGrantPrivilegeCmdExcepted, createGrantPrivilegeCmdResult); assertEquals(createRevokePrivilegeCmdExcepted, createRevokePrivilegeCmdResult); }
@Test public void testGrantRole() { TAlterSentryRoleGrantPrivilegeRequest request = new TAlterSentryRoleGrantPrivilegeRequest(); request.setRequestorUserName(TEST_USER_NAME); request.setRoleName(TEST_ROLE_NAME); TAlterSentryRoleGrantPrivilegeResponse response = new TAlterSentryRoleGrantPrivilegeResponse(); TSentryPrivilege privilege = getPrivilege(); request.setPrivilege(privilege); response.setStatus(Status.OK()); GMAuditMetadataLogEntity amle = (GMAuditMetadataLogEntity) JsonLogEntityFactory.getInstance() .createJsonLogEntity( request, response, conf); assertCommon( amle, Constants.TRUE, Constants.OPERATION_GRANT_PRIVILEGE, "GRANT ACTION ON resourceType1 resourceName1 resourceType2 resourceName2 resourceType3 resourceName3 TO ROLE testRole", Constants.OBJECT_TYPE_PRINCIPAL, TEST_PRIVILEGES_MAP); response.setStatus(Status.InvalidInput("", null)); amle = (GMAuditMetadataLogEntity) JsonLogEntityFactory.getInstance().createJsonLogEntity( request, response, conf); assertCommon( amle, Constants.FALSE, Constants.OPERATION_GRANT_PRIVILEGE, "GRANT ACTION ON resourceType1 resourceName1 resourceType2 resourceName2 resourceType3 resourceName3 TO ROLE testRole", Constants.OBJECT_TYPE_PRINCIPAL, TEST_PRIVILEGES_MAP); }