@Override public void runTestAsSubject() throws Exception { String requestorUserName = ADMIN_USER; Set<String> requestorUserGroupNames = Sets.newHashSet(ADMIN_GROUP); setLocalGroupMapping(requestorUserName, requestorUserGroupNames); writePolicyFile(); String roleName1 = "admin_r1"; client.dropRoleIfExists(requestorUserName, roleName1); client.createRole(requestorUserName, roleName1); client.grantServerPrivilege(requestorUserName, roleName1, "server", false); Set<TSentryPrivilege> listPrivs = client.listAllPrivilegesByRoleName(requestorUserName, roleName1); assertTrue("Privilege should be all:",listPrivs.iterator().next().getAction().equals("*")); client.revokeServerPrivilege(requestorUserName, roleName1, "server", false); listPrivs = client.listAllPrivilegesByRoleName(requestorUserName, roleName1); assertTrue("Privilege not correctly revoked !!", listPrivs.size() == 0); }}); }
@Override public void runTestAsSubject() throws Exception { Configuration confWithSmallMaxMsgSize = new Configuration(conf); confWithSmallMaxMsgSize.setLong(ServiceConstants.ServerConfig.SENTRY_POLICY_SERVER_THRIFT_MAX_MESSAGE_SIZE, 50); stopSentryService(); // create a server with a small max thrift message size server = new SentryServiceFactory().create(confWithSmallMaxMsgSize); startSentryService(); setLocalGroupMapping(ADMIN_USER, REQUESTER_USER_GROUP_NAMES); writePolicyFile(); // client can talk with server when message size is smaller. client.listRoles(ADMIN_USER); client.createRole(ADMIN_USER, ROLE_NAME); boolean exceptionThrown = false; try { // client throws exception when message size is larger than the server's thrift max message size. client.grantServerPrivilege(ADMIN_USER, ROLE_NAME, "server", false); } catch (SentryUserException e) { exceptionThrown = true; Assert.assertTrue(e.getMessage().contains("org.apache.thrift.transport.TTransportException")); } finally { Assert.assertEquals(true, exceptionThrown); } // client can still talk with sentry server when message size is smaller. Set<TSentryRole> roles = client.listRoles(ADMIN_USER); Assert.assertTrue(roles.size() == 1); Assert.assertEquals(ROLE_NAME, roles.iterator().next().getRoleName()); } });
@Override public void execute(SentryPolicyServiceClient client, String requestorName) throws Exception { TSentryPrivilege tSentryPrivilege = CommandUtil.convertToTSentryPrivilege(privilegeStr); boolean grantOption = tSentryPrivilege.getGrantOption().equals(TSentryGrantOption.TRUE) ? true : false; if (ServiceConstants.PrivilegeScope.SERVER.toString().equals(tSentryPrivilege.getPrivilegeScope())) { client.grantServerPrivilege(requestorName, roleName, tSentryPrivilege.getServerName(), tSentryPrivilege.getAction(), grantOption); } else if (ServiceConstants.PrivilegeScope.DATABASE.toString().equals(tSentryPrivilege.getPrivilegeScope())) { client.grantDatabasePrivilege(requestorName, roleName, tSentryPrivilege.getServerName(), tSentryPrivilege.getDbName(), tSentryPrivilege.getAction(), grantOption); } else if (ServiceConstants.PrivilegeScope.TABLE.toString().equals(tSentryPrivilege.getPrivilegeScope())) { client.grantTablePrivilege(requestorName, roleName, tSentryPrivilege.getServerName(), tSentryPrivilege.getDbName(), tSentryPrivilege.getTableName(), tSentryPrivilege.getAction(), grantOption); } else if (ServiceConstants.PrivilegeScope.COLUMN.toString().equals(tSentryPrivilege.getPrivilegeScope())) { client.grantColumnPrivilege(requestorName, roleName, tSentryPrivilege.getServerName(), tSentryPrivilege.getDbName(), tSentryPrivilege.getTableName(), tSentryPrivilege.getColumnName(), tSentryPrivilege.getAction(), grantOption); } else if (ServiceConstants.PrivilegeScope.URI.toString().equals(tSentryPrivilege.getPrivilegeScope())) { client.grantURIPrivilege(requestorName, roleName, tSentryPrivilege.getServerName(), tSentryPrivilege.getURI(), grantOption); } } }
if (isGrant) { if (serverName != null) { sentryClient.grantServerPrivilege(subject, princ.getName(), serverName, toSentryAction(privDesc.getPrivilege().getPriv()), grantOption); } else if (uriPath != null) {