@Override public TSentryPrivilegesResponse list_roles_privileges(TSentryPrivilegesRequest request) throws TException { TSentryPrivilegesResponse response = new TSentryPrivilegesResponse(); String requestor = request.getRequestorUserName(); try (Timer.Context timerContext = sentryMetrics.listRolesPrivilegesTimer.time()) { // Throws SentryThriftAPIMismatchException if protocol version mismatch validateClientVersion(request.getProtocol_version()); // Throws SentryUserException with the Status.ACCESS_DENIED status if the requestor // is not an admin. Only admins can request all roles and privileges of the system. authorize(requestor, getRequestorGroups(requestor)); response.setPrivilegesMap(sentryStore.getAllRolesPrivileges()); response.setStatus(Status.OK()); } catch (SentryThriftAPIMismatchException e) { LOGGER.error(e.getMessage(), e); response.setStatus(Status.THRIFT_VERSION_MISMATCH(e.getMessage(), e)); } catch (SentryAccessDeniedException e) { LOGGER.error(e.getMessage(), e); response.setStatus(Status.AccessDenied(e.getMessage(), e)); } catch (SentryUserException e) { LOGGER.error(e.getMessage(), e); response.setStatus(Status.AccessDenied(e.getMessage(), e)); } catch (Exception e) { String msg = "Could not read roles and privileges from the database: " + e.getMessage(); LOGGER.error(msg, e); response.setStatus(Status.RuntimeError(msg, e)); } return response; }
@Override public TSentryPrivilegesResponse list_users_privileges(TSentryPrivilegesRequest request) throws TException { TSentryPrivilegesResponse response = new TSentryPrivilegesResponse(); String requestor = request.getRequestorUserName(); try (Timer.Context timerContext = sentryMetrics.listUsersPrivilegesTimer.time()) { // Throws SentryThriftAPIMismatchException if protocol version mismatch validateClientVersion(request.getProtocol_version()); // Throws SentryUserException with the Status.ACCESS_DENIED status if the requestor // is not an admin. Only admins can request all users and privileges of the system. authorize(requestor, getRequestorGroups(requestor)); response.setPrivilegesMap(sentryStore.getAllUsersPrivileges()); response.setStatus(Status.OK()); } catch (SentryThriftAPIMismatchException e) { LOGGER.error(e.getMessage(), e); response.setStatus(Status.THRIFT_VERSION_MISMATCH(e.getMessage(), e)); } catch (SentryAccessDeniedException e) { LOGGER.error(e.getMessage(), e); response.setStatus(Status.AccessDenied(e.getMessage(), e)); } catch (SentryUserException e) { LOGGER.error(e.getMessage(), e); response.setStatus(Status.AccessDenied(e.getMessage(), e)); } catch (Exception e) { String msg = "Could not read users and privileges from the database: " + e.getMessage(); LOGGER.error(msg, e); response.setStatus(Status.RuntimeError(msg, e)); } return response; }
response.setStatus(Status.InvalidInput(e.getMessage(), e)); } catch (SentryUserException e) { LOGGER.error(e.getMessage(), e); response.setStatus(Status.AccessDenied(e.getMessage(), e)); } catch (Exception e) { String msg = "Unknown error for request: " + request + ", message: " + e.getMessage();
@Override public void runTestAsSubject() throws Exception { SentryServiceClientFactory oldFactory = SentryServiceClientFactory.factoryReset(null); Configuration confWithSmallMaxMsgSize = new Configuration(SentryServiceIntegrationBase.conf); confWithSmallMaxMsgSize.setLong(ApiConstants.ClientConfig.SENTRY_POLICY_CLIENT_THRIFT_MAX_MESSAGE_SIZE, 20); // create a client with a small thrift max message size SentryPolicyServiceClient clientWithSmallMaxMsgSize = SentryServiceClientFactory.create(confWithSmallMaxMsgSize); setLocalGroupMapping(SentryServiceIntegrationBase.ADMIN_USER, REQUESTER_USER_GROUP_NAMES); writePolicyFile(); boolean exceptionThrown = false; try { // client throws exception when message size is larger than the client's thrift max message size. clientWithSmallMaxMsgSize.listAllRoles(SentryServiceIntegrationBase.ADMIN_USER); } catch (SentryUserException e) { exceptionThrown = true; Assert.assertTrue(e.getMessage().contains("Thrift exception occurred")); Assert.assertTrue(e.getCause().getMessage().contains("Length exceeded max allowed")); } finally { Assert.assertEquals(true, exceptionThrown); clientWithSmallMaxMsgSize.close(); SentryServiceClientFactory.factoryReset(oldFactory); } // client can still talk with sentry server when message size is smaller. client.dropRoleIfExists(SentryServiceIntegrationBase.ADMIN_USER, ROLE_NAME); client.listAllRoles(SentryServiceIntegrationBase.ADMIN_USER); client.createRole(SentryServiceIntegrationBase.ADMIN_USER, ROLE_NAME); client.listAllRoles(SentryServiceIntegrationBase.ADMIN_USER); } });