private void onAlterSentryRoleGrantPrivilegeCore(String roleName, TSentryPrivilege privilege) throws SentryPluginException { String authzObj = getAuthzObj(privilege); if (authzObj != null) { PermissionsUpdate update = new PermissionsUpdate(permSeqNum.incrementAndGet(), false); update.addPrivilegeUpdate(authzObj).putToAddPrivileges( roleName, privilege.getAction().toUpperCase()); permsUpdater.handleUpdateNotification(update); LOGGER.debug("Authz Perm preUpdate [" + update.getSeqNum() + "].."); } }
@Override public void onRenameSentryPrivilege(TRenamePrivilegesRequest request) throws SentryPluginException { String oldAuthz = getAuthzObj(request.getOldAuthorizable()); String newAuthz = getAuthzObj(request.getNewAuthorizable()); PermissionsUpdate update = new PermissionsUpdate(permSeqNum.incrementAndGet(), false); TPrivilegeChanges privUpdate = update.addPrivilegeUpdate(PermissionsUpdate.RENAME_PRIVS); privUpdate.putToAddPrivileges(newAuthz, newAuthz); privUpdate.putToDelPrivileges(oldAuthz, oldAuthz); permsUpdater.handleUpdateNotification(update); LOGGER.debug("Authz Perm preUpdate [" + update.getSeqNum() + ", " + newAuthz + ", " + oldAuthz + "].."); }
@Override public PermissionsUpdate createFullImageUpdate(long currSeqNum) { PermissionsUpdate retVal = new PermissionsUpdate(currSeqNum, true); for (PrivilegeInfo pInfo : perms.getAllPrivileges()) { TPrivilegeChanges pUpdate = retVal.addPrivilegeUpdate(pInfo.getAuthzObj()); for (Map.Entry<String, FsAction> ent : pInfo.getAllPermissions().entrySet()) { pUpdate.putToAddPrivileges(ent.getKey(), ent.getValue().SYMBOL); } } for (RoleInfo rInfo : perms.getAllRoles()) { TRoleChanges rUpdate = retVal.addRoleUpdate(rInfo.getRole()); for (String group : rInfo.getAllGroups()) { rUpdate.addToAddGroups(group); } } return retVal; }
/** * Constructs permission update to be persisted for rename event that can be persisted from thrift * object. * * @param oldAuthorizable old thrift object * @param newAuthorizable new thrift object * @return update to be persisted * @throws SentryInvalidInputException if the required fields are set in arguments provided */ @VisibleForTesting static Update getPermUpdatableOnRename(TSentryAuthorizable oldAuthorizable, TSentryAuthorizable newAuthorizable) throws SentryInvalidInputException { String oldAuthz = SentryServiceUtil.getAuthzObj(oldAuthorizable); String newAuthz = SentryServiceUtil.getAuthzObj(newAuthorizable); PermissionsUpdate update = new PermissionsUpdate(SentryConstants.INIT_CHANGE_ID, false); TPrivilegeChanges privUpdate = update.addPrivilegeUpdate(PermissionsUpdate.RENAME_PRIVS); privUpdate.putToAddPrivileges(new TPrivilegePrincipal(TPrivilegePrincipalType.AUTHZ_OBJ, newAuthz), newAuthz); privUpdate.putToDelPrivileges(new TPrivilegePrincipal(TPrivilegePrincipalType.AUTHZ_OBJ, oldAuthz), oldAuthz); return update; }
addUpdate.addPrivilegeUpdate(authzObj).putToAddPrivileges( new TPrivilegePrincipal(TPrivilegePrincipalType.ROLE, roleName), privilege.getAction().toUpperCase());
PermissionsUpdate renameUpdate = new PermissionsUpdate(0, false); TPrivilegeChanges privUpdate = renameUpdate.addPrivilegeUpdate(PermissionsUpdate.RENAME_PRIVS); privUpdate.putToAddPrivileges(new TPrivilegePrincipal(TPrivilegePrincipalType.AUTHZ_OBJ, newAuthz), newAuthz); privUpdate.putToDelPrivileges(new TPrivilegePrincipal(TPrivilegePrincipalType.AUTHZ_OBJ, oldAuthz), oldAuthz);