@Override public TSentryImportMappingDataResponse import_sentry_mapping_data( TSentryImportMappingDataRequest request) throws TException { TSentryImportMappingDataResponse response = new TSentryImportMappingDataResponse(); try { String requestor = request.getRequestorUserName(); Set<String> memberGroups = getRequestorGroups(requestor); if (!inAdminGroups(memberGroups)) { // disallow non-admin to import the metadata of sentry throw new SentryAccessDeniedException("Access denied to " + requestor + " for import the metadata of sentry."); } sentryStore.importSentryMetaData(request.getMappingData(), request.isOverwriteRole()); response.setStatus(Status.OK()); } catch (SentryInvalidInputException e) { String msg = "Invalid input privilege object"; LOGGER.error(msg, e); response.setStatus(Status.InvalidInput(msg, e)); } catch (Exception e) { String msg = "Unknown error for request: " + request + ", message: " + e.getMessage(); LOGGER.error(msg, e); response.setStatus(Status.RuntimeError(msg, e)); } return response; } }
validateClientVersion(request.getProtocol_version()); authorize(request.getRequestorUserName(), getRequestorGroups(request.getRequestorUserName())); CommitContext commitContext = sentryStore.createSentryRole(request.getRoleName()); response.setStatus(Status.OK());
try { validateClientVersion(request.getProtocol_version()); Set<String> groups = getRequestorGroups(subject);
validateClientVersion(request.getProtocol_version()); authorize(request.getRequestorUserName(), getRequestorGroups(request.getRequestorUserName())); CommitContext commitContext = sentryStore.alterSentryRoleAddGroups(request.getRequestorUserName(), request.getRoleName(), request.getGroups());
validateClientVersion(request.getProtocol_version()); authorize(request.getRequestorUserName(), getRequestorGroups(request.getRequestorUserName())); CommitContext commitContext = sentryStore.dropSentryRole(request.getRoleName()); response.setStatus(Status.OK());
try { validateClientVersion(request.getProtocol_version()); Set<String> groups = getRequestorGroups(subject); Boolean admin = inAdminGroups(groups); if(!admin) {
validateClientVersion(request.getProtocol_version()); authorize(request.getRequestorUserName(), getRequestorGroups(request.getRequestorUserName())); CommitContext commitContext = sentryStore.alterSentryRoleDeleteGroups(request.getRoleName(), request.getGroups());
try { validateClientVersion(request.getProtocol_version()); Set<String> memberGroups = getRequestorGroups(subject); if(!inAdminGroups(memberGroups)) {
@Override public TSentryExportMappingDataResponse export_sentry_mapping_data( TSentryExportMappingDataRequest request) throws TException { TSentryExportMappingDataResponse response = new TSentryExportMappingDataResponse(); try { String requestor = request.getRequestorUserName(); Set<String> memberGroups = getRequestorGroups(requestor); if (!inAdminGroups(memberGroups)) { // disallow non-admin to import the metadata of sentry throw new SentryAccessDeniedException("Access denied to " + requestor + " for export the metadata of sentry."); } TSentryMappingData tSentryMappingData = new TSentryMappingData(); tSentryMappingData.setGroupRolesMap(sentryStore.getGroupNameRoleNamesMap()); tSentryMappingData.setRolePrivilegesMap(sentryStore.getRoleNameTPrivilegesMap()); response.setMappingData(tSentryMappingData); response.setStatus(Status.OK()); } catch (Exception e) { String msg = "Unknown error for request: " + request + ", message: " + e.getMessage(); LOGGER.error(msg, e); response.setMappingData(new TSentryMappingData()); response.setStatus(Status.RuntimeError(msg, e)); } return response; }