Repository: sentry Updated Branches: refs/heads/sentry-ha-redesign 62b002321 -> b850bbb0c
SENTRY-1361: Refactor revokePrivilege of Sentry Client (Ke Jia via Dapeng Sun) Project: http://git-wip-us.apache.org/repos/asf/sentry/repo Commit: http://git-wip-us.apache.org/repos/asf/sentry/commit/b850bbb0 Tree: http://git-wip-us.apache.org/repos/asf/sentry/tree/b850bbb0 Diff: http://git-wip-us.apache.org/repos/asf/sentry/diff/b850bbb0 Branch: refs/heads/sentry-ha-redesign Commit: b850bbb0c079922d34302b514bc2b0dc17a44482 Parents: 62b0023 Author: Alexander Kolbasov <ak...@cloudera.com> Authored: Fri Mar 10 17:53:02 2017 -0800 Committer: Alexander Kolbasov <ak...@cloudera.com> Committed: Fri Mar 10 17:53:02 2017 -0800 ---------------------------------------------------------------------- .../thrift/SentryPolicyServiceClient.java | 6 +++ .../SentryPolicyServiceClientDefaultImpl.java | 40 ++++++++++++++------ .../hive/RevokePrivilegeFromRoleCmd.java | 22 +---------- 3 files changed, 36 insertions(+), 32 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/sentry/blob/b850bbb0/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/thrift/SentryPolicyServiceClient.java ---------------------------------------------------------------------- diff --git a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/thrift/SentryPolicyServiceClient.java b/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/thrift/SentryPolicyServiceClient.java index 1e72b74..8949667 100644 --- a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/thrift/SentryPolicyServiceClient.java +++ b/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/thrift/SentryPolicyServiceClient.java @@ -145,6 +145,12 @@ public interface SentryPolicyServiceClient { String db, String table, List<String> columns, String action, Boolean grantOption) throws SentryUserException; + void revokePrivileges(String requestorUserName, String roleName, Set<TSentryPrivilege> privileges) + throws SentryUserException; + + void revokePrivilege(String requestorUserName, String roleName, TSentryPrivilege privilege) + throws SentryUserException; + Set<String> listPrivilegesForProvider(Set<String> groups, Set<String> users, ActiveRoleSet roleSet, Authorizable... authorizable) throws SentryUserException; http://git-wip-us.apache.org/repos/asf/sentry/blob/b850bbb0/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/thrift/SentryPolicyServiceClientDefaultImpl.java ---------------------------------------------------------------------- diff --git a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/thrift/SentryPolicyServiceClientDefaultImpl.java b/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/thrift/SentryPolicyServiceClientDefaultImpl.java index 2dc8af8..5bca574 100644 --- a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/thrift/SentryPolicyServiceClientDefaultImpl.java +++ b/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/thrift/SentryPolicyServiceClientDefaultImpl.java @@ -613,6 +613,34 @@ public class SentryPolicyServiceClientDefaultImpl implements SentryPolicyService } } + public synchronized void revokePrivileges(String requestorUserName, String roleName, Set<TSentryPrivilege> privileges) throws SentryUserException { + this.revokePrivilegesCore(requestorUserName, roleName, privileges); + } + + public synchronized void revokePrivilege(String requestorUserName, String roleName, TSentryPrivilege privilege) throws SentryUserException { + this.revokePrivilegeCore(requestorUserName, roleName, privilege); + + } + + private void revokePrivilegeCore(String requestorUserName, String roleName, TSentryPrivilege privilege) throws SentryUserException { + this.revokePrivilegesCore(requestorUserName, roleName, ImmutableSet.of(privilege)); + } + + private void revokePrivilegesCore(String requestorUserName, String roleName, Set<TSentryPrivilege> privileges) throws SentryUserException { + TAlterSentryRoleRevokePrivilegeRequest request = new TAlterSentryRoleRevokePrivilegeRequest(); + request.setProtocol_version(ThriftConstants.TSENTRY_SERVICE_VERSION_CURRENT); + request.setRequestorUserName(requestorUserName); + request.setRoleName(roleName); + request.setPrivileges(privileges); + try { + TAlterSentryRoleRevokePrivilegeResponse response = client.alter_sentry_role_revoke_privilege( + request); + Status.throwIfNotOk(response.getStatus()); + } catch (TException e) { + throw new SentryUserException(THRIFT_EXCEPTION_MESSAGE, e); + } + } + public synchronized void revokeURIPrivilege(String requestorUserName, String roleName, String server, String uri) throws SentryUserException { @@ -744,19 +772,9 @@ public class SentryPolicyServiceClientDefaultImpl implements SentryPolicyService PrivilegeScope scope, String serverName, String uri, String db, String table, List<String> columns, String action, Boolean grantOption) throws SentryUserException { - TAlterSentryRoleRevokePrivilegeRequest request = new TAlterSentryRoleRevokePrivilegeRequest(); - request.setProtocol_version(ThriftConstants.TSENTRY_SERVICE_VERSION_CURRENT); - request.setRequestorUserName(requestorUserName); - request.setRoleName(roleName); Set<TSentryPrivilege> privileges = convertColumnPrivileges(scope, serverName, uri, db, table, columns, action, grantOption); - request.setPrivileges(privileges); - try { - TAlterSentryRoleRevokePrivilegeResponse response = client.alter_sentry_role_revoke_privilege(request); - Status.throwIfNotOk(response.getStatus()); - } catch (TException e) { - throw new SentryUserException(THRIFT_EXCEPTION_MESSAGE, e); - } + this.revokePrivilegesCore(requestorUserName, roleName, privileges); } private Set<TSentryPrivilege> convertColumnPrivileges( http://git-wip-us.apache.org/repos/asf/sentry/blob/b850bbb0/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/tools/command/hive/RevokePrivilegeFromRoleCmd.java ---------------------------------------------------------------------- diff --git a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/tools/command/hive/RevokePrivilegeFromRoleCmd.java b/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/tools/command/hive/RevokePrivilegeFromRoleCmd.java index f3da6c4..fe6aca5 100644 --- a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/tools/command/hive/RevokePrivilegeFromRoleCmd.java +++ b/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/tools/command/hive/RevokePrivilegeFromRoleCmd.java @@ -18,9 +18,7 @@ package org.apache.sentry.provider.db.tools.command.hive; import org.apache.sentry.provider.db.service.thrift.SentryPolicyServiceClient; -import org.apache.sentry.provider.db.service.thrift.TSentryGrantOption; import org.apache.sentry.provider.db.service.thrift.TSentryPrivilege; -import org.apache.sentry.service.thrift.ServiceConstants; /** * The class for admin command to revoke privileges from role. @@ -38,25 +36,7 @@ public class RevokePrivilegeFromRoleCmd implements Command { @Override public void execute(SentryPolicyServiceClient client, String requestorName) throws Exception { TSentryPrivilege tSentryPrivilege = CommandUtil.convertToTSentryPrivilege(privilegeStr); - boolean grantOption = tSentryPrivilege.getGrantOption().equals(TSentryGrantOption.TRUE) ? true : false; - if (ServiceConstants.PrivilegeScope.SERVER.toString().equals(tSentryPrivilege.getPrivilegeScope())) { - client.revokeServerPrivilege(requestorName, roleName, tSentryPrivilege.getServerName(), - grantOption); - } else if (ServiceConstants.PrivilegeScope.DATABASE.toString().equals(tSentryPrivilege.getPrivilegeScope())) { - client.revokeDatabasePrivilege(requestorName, roleName, tSentryPrivilege.getServerName(), - tSentryPrivilege.getDbName(), tSentryPrivilege.getAction(), grantOption); - } else if (ServiceConstants.PrivilegeScope.TABLE.toString().equals(tSentryPrivilege.getPrivilegeScope())) { - client.revokeTablePrivilege(requestorName, roleName, tSentryPrivilege.getServerName(), - tSentryPrivilege.getDbName(), tSentryPrivilege.getTableName(), - tSentryPrivilege.getAction(), grantOption); - } else if (ServiceConstants.PrivilegeScope.COLUMN.toString().equals(tSentryPrivilege.getPrivilegeScope())) { - client.revokeColumnPrivilege(requestorName, roleName, tSentryPrivilege.getServerName(), - tSentryPrivilege.getDbName(), tSentryPrivilege.getTableName(), - tSentryPrivilege.getColumnName(), tSentryPrivilege.getAction(), grantOption); - } else if (ServiceConstants.PrivilegeScope.URI.toString().equals(tSentryPrivilege.getPrivilegeScope())) { - client.revokeURIPrivilege(requestorName, roleName, tSentryPrivilege.getServerName(), - tSentryPrivilege.getURI(), grantOption); - } + client.revokePrivilege(requestorName, roleName, tSentryPrivilege); } }