@Override public void onAlterSentryRoleDeleteGroups( TAlterSentryRoleDeleteGroupsRequest request) throws SentryPluginException { PermissionsUpdate update = new PermissionsUpdate(permSeqNum.incrementAndGet(), false); TRoleChanges rUpdate = update.addRoleUpdate(request.getRoleName()); for (TSentryGroup group : request.getGroups()) { rUpdate.addToDelGroups(group.getGroupName()); } permsUpdater.handleUpdateNotification(update); LOGGER.debug("Authz Perm preUpdate [" + update.getSeqNum() + ", " + request.getRoleName() + "].."); }
@Override public void onDropSentryRole(TDropSentryRoleRequest request) throws SentryPluginException { PermissionsUpdate update = new PermissionsUpdate(permSeqNum.incrementAndGet(), false); update.addPrivilegeUpdate(PermissionsUpdate.ALL_AUTHZ_OBJ).putToDelPrivileges( request.getRoleName(), PermissionsUpdate.ALL_AUTHZ_OBJ); update.addRoleUpdate(request.getRoleName()).addToDelGroups(PermissionsUpdate.ALL_GROUPS); permsUpdater.handleUpdateNotification(update); LOGGER.debug("Authz Perm preUpdate [" + update.getSeqNum() + ", " + request.getRoleName() + "].."); }
TRoleChanges delrUpdate = delUpdate.addRoleUpdate(roleName); for (TSentryGroup g : groups) { delrUpdate.addToDelGroups(g.getGroupName());
@Test public void testCreateDropRoleWithPermUpdate() throws Exception { String roleName = "test-drop-role"; createRole(roleName); // Generate the permission del update for dropping role "test-drop-role" PermissionsUpdate delUpdate = new PermissionsUpdate(0, false); delUpdate.addPrivilegeUpdate(PermissionsUpdate.ALL_AUTHZ_OBJ).putToDelPrivileges( new TPrivilegePrincipal(TPrivilegePrincipalType.ROLE, roleName), PermissionsUpdate.ALL_AUTHZ_OBJ); delUpdate.addRoleUpdate(roleName).addToDelGroups(PermissionsUpdate.ALL_GROUPS); // Drop the role and verify. sentryStore.dropSentryRole(roleName, delUpdate); checkRoleDoesNotExist(roleName); // Query the persisted perm change and ensure it equals to the original one long lastChangeID = sentryStore.getLastProcessedPermChangeID(); MSentryPermChange delPermChange = sentryStore.getMSentryPermChangeByID(lastChangeID); assertEquals(delUpdate.JSONSerialize(), delPermChange.getPermChange()); }