This is an automated email from the ASF dual-hosted git repository.
shaofengshi pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/gravitino.git
The following commit(s) were added to refs/heads/main by this push:
new 32a6e534d [#5162] Add ability to add roles to users and groups in the
Gravitino CLI (#5292)
32a6e534d is described below
commit 32a6e534da6d286177e736ef899fa7748c300894
Author: Justin Mclean <[email protected]>
AuthorDate: Thu Nov 14 11:59:03 2024 +1100
[#5162] Add ability to add roles to users and groups in the Gravitino CLI
(#5292)
### What changes were proposed in this pull request?
CLI commands and code to add roles to users and groups.
### Why are the changes needed?
To support adding and removing roles.
Fix: #5162
### Does this PR introduce _any_ user-facing change?
No, but it adds to the CLI.
### How was this patch tested?
Compiled and tested locally.
---
.../org/apache/gravitino/cli/CommandActions.java | 4 ++
.../apache/gravitino/cli/GravitinoCommandLine.java | 24 +++++++
.../gravitino/cli/commands/AddRoleToGroup.java | 77 ++++++++++++++++++++++
.../gravitino/cli/commands/AddRoleToUser.java | 77 ++++++++++++++++++++++
.../cli/commands/RemoveRoleFromGroup.java | 77 ++++++++++++++++++++++
.../gravitino/cli/commands/RemoveRoleFromUser.java | 77 ++++++++++++++++++++++
docs/cli.md | 68 ++++++++++++-------
7 files changed, 382 insertions(+), 22 deletions(-)
diff --git
a/clients/cli/src/main/java/org/apache/gravitino/cli/CommandActions.java
b/clients/cli/src/main/java/org/apache/gravitino/cli/CommandActions.java
index 48b9bc238..c1b96f191 100644
--- a/clients/cli/src/main/java/org/apache/gravitino/cli/CommandActions.java
+++ b/clients/cli/src/main/java/org/apache/gravitino/cli/CommandActions.java
@@ -34,6 +34,8 @@ public class CommandActions {
public static final String SET = "set";
public static final String REMOVE = "remove";
public static final String PROPERTIES = "properties";
+ public static final String REVOKE = "revoke";
+ public static final String GRANT = "grant";
private static final HashSet<String> VALID_COMMANDS = new HashSet<>();
@@ -46,6 +48,8 @@ public class CommandActions {
VALID_COMMANDS.add(SET);
VALID_COMMANDS.add(REMOVE);
VALID_COMMANDS.add(PROPERTIES);
+ VALID_COMMANDS.add(REVOKE);
+ VALID_COMMANDS.add(GRANT);
}
/**
diff --git
a/clients/cli/src/main/java/org/apache/gravitino/cli/GravitinoCommandLine.java
b/clients/cli/src/main/java/org/apache/gravitino/cli/GravitinoCommandLine.java
index 630828bdb..520a6cfc3 100644
---
a/clients/cli/src/main/java/org/apache/gravitino/cli/GravitinoCommandLine.java
+++
b/clients/cli/src/main/java/org/apache/gravitino/cli/GravitinoCommandLine.java
@@ -23,6 +23,8 @@ import java.util.Map;
import org.apache.commons.cli.CommandLine;
import org.apache.commons.cli.HelpFormatter;
import org.apache.commons.cli.Options;
+import org.apache.gravitino.cli.commands.AddRoleToGroup;
+import org.apache.gravitino.cli.commands.AddRoleToUser;
import org.apache.gravitino.cli.commands.CatalogAudit;
import org.apache.gravitino.cli.commands.CatalogDetails;
import org.apache.gravitino.cli.commands.ClientVersion;
@@ -60,6 +62,8 @@ import org.apache.gravitino.cli.commands.MetalakeAudit;
import org.apache.gravitino.cli.commands.MetalakeDetails;
import org.apache.gravitino.cli.commands.RemoveCatalogProperty;
import org.apache.gravitino.cli.commands.RemoveMetalakeProperty;
+import org.apache.gravitino.cli.commands.RemoveRoleFromGroup;
+import org.apache.gravitino.cli.commands.RemoveRoleFromUser;
import org.apache.gravitino.cli.commands.RemoveSchemaProperty;
import org.apache.gravitino.cli.commands.RemoveTagProperty;
import org.apache.gravitino.cli.commands.RoleDetails;
@@ -372,6 +376,16 @@ public class GravitinoCommandLine {
} else if (CommandActions.DELETE.equals(command)) {
boolean force = line.hasOption(GravitinoOptions.FORCE);
new DeleteUser(url, ignore, force, metalake, user).handle();
+ } else if (CommandActions.REVOKE.equals(command)) {
+ String role = line.getOptionValue(GravitinoOptions.ROLE);
+ if (role != null) {
+ new RemoveRoleFromUser(url, ignore, metalake, user, role).handle();
+ }
+ } else if (CommandActions.GRANT.equals(command)) {
+ String role = line.getOptionValue(GravitinoOptions.ROLE);
+ if (role != null) {
+ new AddRoleToUser(url, ignore, metalake, user, role).handle();
+ }
}
}
@@ -391,6 +405,16 @@ public class GravitinoCommandLine {
} else if (CommandActions.DELETE.equals(command)) {
boolean force = line.hasOption(GravitinoOptions.FORCE);
new DeleteGroup(url, ignore, force, metalake, group).handle();
+ } else if (CommandActions.REVOKE.equals(command)) {
+ String role = line.getOptionValue(GravitinoOptions.ROLE);
+ if (role != null) {
+ new RemoveRoleFromGroup(url, ignore, metalake, group, role).handle();
+ }
+ } else if (CommandActions.GRANT.equals(command)) {
+ String role = line.getOptionValue(GravitinoOptions.ROLE);
+ if (role != null) {
+ new AddRoleToGroup(url, ignore, metalake, group, role).handle();
+ }
}
}
diff --git
a/clients/cli/src/main/java/org/apache/gravitino/cli/commands/AddRoleToGroup.java
b/clients/cli/src/main/java/org/apache/gravitino/cli/commands/AddRoleToGroup.java
new file mode 100644
index 000000000..c210edbe5
--- /dev/null
+++
b/clients/cli/src/main/java/org/apache/gravitino/cli/commands/AddRoleToGroup.java
@@ -0,0 +1,77 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.apache.gravitino.cli.commands;
+
+import java.util.ArrayList;
+import org.apache.gravitino.cli.ErrorMessages;
+import org.apache.gravitino.client.GravitinoClient;
+import org.apache.gravitino.exceptions.NoSuchMetalakeException;
+import org.apache.gravitino.exceptions.NoSuchRoleException;
+import org.apache.gravitino.exceptions.NoSuchUserException;
+
+/** Adds a role to a group. */
+public class AddRoleToGroup extends Command {
+
+ protected String metalake;
+ protected String group;
+ protected String role;
+
+ /**
+ * Adds a role to a group.
+ *
+ * @param url The URL of the Gravitino server.
+ * @param ignoreVersions If true don't check the client/server versions
match.
+ * @param metalake The name of the metalake.
+ * @param group The name of the group.
+ * @param role The name of the role.
+ */
+ public AddRoleToGroup(
+ String url, boolean ignoreVersions, String metalake, String group,
String role) {
+ super(url, ignoreVersions);
+ this.metalake = metalake;
+ this.group = group;
+ this.role = role;
+ }
+
+ /** Adds a role to a group. */
+ @Override
+ public void handle() {
+ try {
+ GravitinoClient client = buildClient(metalake);
+ ArrayList<String> roles = new ArrayList<>();
+ roles.add(role);
+ client.grantRolesToGroup(roles, group);
+ } catch (NoSuchMetalakeException err) {
+ System.err.println(ErrorMessages.UNKNOWN_METALAKE);
+ return;
+ } catch (NoSuchRoleException err) {
+ System.err.println(ErrorMessages.UNKNOWN_ROLE);
+ return;
+ } catch (NoSuchUserException err) {
+ System.err.println(ErrorMessages.UNKNOWN_USER);
+ return;
+ } catch (Exception exp) {
+ System.err.println(exp.getMessage());
+ return;
+ }
+
+ System.out.println(role + " added to " + group);
+ }
+}
diff --git
a/clients/cli/src/main/java/org/apache/gravitino/cli/commands/AddRoleToUser.java
b/clients/cli/src/main/java/org/apache/gravitino/cli/commands/AddRoleToUser.java
new file mode 100644
index 000000000..7261217ff
--- /dev/null
+++
b/clients/cli/src/main/java/org/apache/gravitino/cli/commands/AddRoleToUser.java
@@ -0,0 +1,77 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.apache.gravitino.cli.commands;
+
+import java.util.ArrayList;
+import org.apache.gravitino.cli.ErrorMessages;
+import org.apache.gravitino.client.GravitinoClient;
+import org.apache.gravitino.exceptions.NoSuchMetalakeException;
+import org.apache.gravitino.exceptions.NoSuchRoleException;
+import org.apache.gravitino.exceptions.NoSuchUserException;
+
+/** Adds a role to a user. */
+public class AddRoleToUser extends Command {
+
+ protected String metalake;
+ protected String user;
+ protected String role;
+
+ /**
+ * Adds a role to a user.
+ *
+ * @param url The URL of the Gravitino server.
+ * @param ignoreVersions If true don't check the client/server versions
match.
+ * @param metalake The name of the metalake.
+ * @param user The name of the user.
+ * @param role The name of the role.
+ */
+ public AddRoleToUser(
+ String url, boolean ignoreVersions, String metalake, String user, String
role) {
+ super(url, ignoreVersions);
+ this.metalake = metalake;
+ this.user = user;
+ this.role = role;
+ }
+
+ /** Adds a role to a user. */
+ @Override
+ public void handle() {
+ try {
+ GravitinoClient client = buildClient(metalake);
+ ArrayList<String> roles = new ArrayList<>();
+ roles.add(role);
+ client.grantRolesToUser(roles, user);
+ } catch (NoSuchMetalakeException err) {
+ System.err.println(ErrorMessages.UNKNOWN_METALAKE);
+ return;
+ } catch (NoSuchRoleException err) {
+ System.err.println(ErrorMessages.UNKNOWN_ROLE);
+ return;
+ } catch (NoSuchUserException err) {
+ System.err.println(ErrorMessages.UNKNOWN_USER);
+ return;
+ } catch (Exception exp) {
+ System.err.println(exp.getMessage());
+ return;
+ }
+
+ System.out.println(role + " added to " + user);
+ }
+}
diff --git
a/clients/cli/src/main/java/org/apache/gravitino/cli/commands/RemoveRoleFromGroup.java
b/clients/cli/src/main/java/org/apache/gravitino/cli/commands/RemoveRoleFromGroup.java
new file mode 100644
index 000000000..8c219386e
--- /dev/null
+++
b/clients/cli/src/main/java/org/apache/gravitino/cli/commands/RemoveRoleFromGroup.java
@@ -0,0 +1,77 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.apache.gravitino.cli.commands;
+
+import java.util.ArrayList;
+import org.apache.gravitino.cli.ErrorMessages;
+import org.apache.gravitino.client.GravitinoClient;
+import org.apache.gravitino.exceptions.NoSuchMetalakeException;
+import org.apache.gravitino.exceptions.NoSuchRoleException;
+import org.apache.gravitino.exceptions.NoSuchUserException;
+
+/** Removes a role from a group. */
+public class RemoveRoleFromGroup extends Command {
+
+ protected String metalake;
+ protected String group;
+ protected String role;
+
+ /**
+ * Removes a role from a group.
+ *
+ * @param url The URL of the Gravitino server.
+ * @param ignoreVersions If true don't check the client/server versions
match.
+ * @param metalake The name of the metalake.
+ * @param group The name of the group.
+ * @param role The name of the role.
+ */
+ public RemoveRoleFromGroup(
+ String url, boolean ignoreVersions, String metalake, String group,
String role) {
+ super(url, ignoreVersions);
+ this.metalake = metalake;
+ this.group = group;
+ this.role = role;
+ }
+
+ /** Adds a role to a group. */
+ @Override
+ public void handle() {
+ try {
+ GravitinoClient client = buildClient(metalake);
+ ArrayList<String> roles = new ArrayList<>();
+ roles.add(role);
+ client.revokeRolesFromGroup(roles, group);
+ } catch (NoSuchMetalakeException err) {
+ System.err.println(ErrorMessages.UNKNOWN_METALAKE);
+ return;
+ } catch (NoSuchRoleException err) {
+ System.err.println(ErrorMessages.UNKNOWN_ROLE);
+ return;
+ } catch (NoSuchUserException err) {
+ System.err.println(ErrorMessages.UNKNOWN_USER);
+ return;
+ } catch (Exception exp) {
+ System.err.println(exp.getMessage());
+ return;
+ }
+
+ System.out.println(role + " removed from " + group);
+ }
+}
diff --git
a/clients/cli/src/main/java/org/apache/gravitino/cli/commands/RemoveRoleFromUser.java
b/clients/cli/src/main/java/org/apache/gravitino/cli/commands/RemoveRoleFromUser.java
new file mode 100644
index 000000000..0822fadc7
--- /dev/null
+++
b/clients/cli/src/main/java/org/apache/gravitino/cli/commands/RemoveRoleFromUser.java
@@ -0,0 +1,77 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.apache.gravitino.cli.commands;
+
+import java.util.ArrayList;
+import org.apache.gravitino.cli.ErrorMessages;
+import org.apache.gravitino.client.GravitinoClient;
+import org.apache.gravitino.exceptions.NoSuchMetalakeException;
+import org.apache.gravitino.exceptions.NoSuchRoleException;
+import org.apache.gravitino.exceptions.NoSuchUserException;
+
+/** Removes a role from a user. */
+public class RemoveRoleFromUser extends Command {
+
+ protected String metalake;
+ protected String user;
+ protected String role;
+
+ /**
+ * Removes a role from a user.
+ *
+ * @param url The URL of the Gravitino server.
+ * @param ignoreVersions If true don't check the client/server versions
match.
+ * @param metalake The name of the metalake.
+ * @param user The name of the user.
+ * @param role The name of the role.
+ */
+ public RemoveRoleFromUser(
+ String url, boolean ignoreVersions, String metalake, String user, String
role) {
+ super(url, ignoreVersions);
+ this.metalake = metalake;
+ this.user = user;
+ this.role = role;
+ }
+
+ /** Removes a role from a user. */
+ @Override
+ public void handle() {
+ try {
+ GravitinoClient client = buildClient(metalake);
+ ArrayList<String> roles = new ArrayList<>();
+ roles.add(role);
+ client.revokeRolesFromUser(roles, user);
+ } catch (NoSuchMetalakeException err) {
+ System.err.println(ErrorMessages.UNKNOWN_METALAKE);
+ return;
+ } catch (NoSuchRoleException err) {
+ System.err.println(ErrorMessages.UNKNOWN_ROLE);
+ return;
+ } catch (NoSuchUserException err) {
+ System.err.println(ErrorMessages.UNKNOWN_USER);
+ return;
+ } catch (Exception exp) {
+ System.err.println(exp.getMessage());
+ return;
+ }
+
+ System.out.println(role + " removed from " + user);
+ }
+}
diff --git a/docs/cli.md b/docs/cli.md
index 42c306674..6f7ecb592 100644
--- a/docs/cli.md
+++ b/docs/cli.md
@@ -27,27 +27,28 @@ Or you use the `gcli.sh` script found in the
`clients/cli/bin/` directory to run
The general structure for running commands with the Gravitino CLI is `gcli
entity command [options]`.
```bash
- usage: gcli [metalake|catalog|schema|table|column]
[list|details|create|delete|update|set|remove|properties] [options]
+ usage: gcli [metalake|catalog|schema|table|column]
[list|details|create|delete|update|set|remove|properties|revoke|grant] [options]
Options
- -a,--audit display audit information
- -c,--comment <arg> entity comment
- -f,--force force operation
- -g,--group <arg> group name
- -h,--help command help information
- -i,--ignore ignore client/sever version check
- -l,--user <arg> user name
- -m,--metalake <arg> metalake name
- -n,--name <arg> full entity name (dot separated)
- -P,--property <arg> property name
- -r,--role <arg> role name
- --rename <arg> new entity name
- -s,--server Gravitino server version
- -t,--tag <arg> tag name
- -u,--url <arg> Gravitino URL (default: http://localhost:8090)
- -v,--version Gravitino client version
- -V,--value <arg> property value
- -z,--provider <arg> provider one of hadoop, hive, mysql, postgres,
- iceberg, kafka
+ -a,--audit display audit information
+ -c,--comment <arg> entity comment
+ -f,--force force operation
+ -g,--group <arg> group name
+ -h,--help command help information
+ -i,--ignore ignore client/sever version check
+ -l,--user <arg> user name
+ -m,--metalake <arg> metalake name
+ -n,--name <arg> full entity name (dot separated)
+ -P,--property <arg> property name
+ -p,--properties <arg> property name/value pairs
+ -r,--role <arg> role name
+ --rename <arg> new entity name
+ -s,--server Gravitino server version
+ -t,--tag <arg> tag name
+ -u,--url <arg> Gravitino URL (default: http://localhost:8090)
+ -v,--version Gravitino client version
+ -V,--value <arg> property value
+ -z,--provider <arg> provider one of hadoop, hive, mysql, postgres,
+ iceberg, kafka
```
## Commands
@@ -523,10 +524,33 @@ gcli role list
```bash
gcli role create --role admin
- ```
+```
#### Delete a role
```bash
gcli role delete --role admin
- ```
+```
+
+#### Add a role to a user
+
+```bash
+gcli user grant --user new_user --role admin
+```
+
+#### Remove a role from a user
+
+```bash
+gcli user revoke --user new_user --role admin
+```
+
+#### Add a role to a group
+
+```bash
+gcli group grant --group groupA --role admin
+```
+
+#### Remove a role from a group
+```bash
+gcli group revoke --group groupA --role admin
+```
