sentry git commit: SENTRY-1361: Refactor revokePrivilege of Sentry Client (Ke Jia via Dapeng Sun)

akolb Fri, 10 Mar 2017 17:53:58 -0800

Repository: sentry
Updated Branches:
  refs/heads/sentry-ha-redesign 62b002321 -> b850bbb0c



SENTRY-1361: Refactor revokePrivilege of Sentry Client (Ke Jia via Dapeng Sun)


Project: http://git-wip-us.apache.org/repos/asf/sentry/repo
Commit: http://git-wip-us.apache.org/repos/asf/sentry/commit/b850bbb0
Tree: http://git-wip-us.apache.org/repos/asf/sentry/tree/b850bbb0
Diff: http://git-wip-us.apache.org/repos/asf/sentry/diff/b850bbb0

Branch: refs/heads/sentry-ha-redesign
Commit: b850bbb0c079922d34302b514bc2b0dc17a44482
Parents: 62b0023
Author: Alexander Kolbasov <ak...@cloudera.com>
Authored: Fri Mar 10 17:53:02 2017 -0800
Committer: Alexander Kolbasov <ak...@cloudera.com>
Committed: Fri Mar 10 17:53:02 2017 -0800

----------------------------------------------------------------------
 .../thrift/SentryPolicyServiceClient.java       |  6 +++
 .../SentryPolicyServiceClientDefaultImpl.java   | 40 ++++++++++++++------
 .../hive/RevokePrivilegeFromRoleCmd.java        | 22 +----------
 3 files changed, 36 insertions(+), 32 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/sentry/blob/b850bbb0/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/thrift/SentryPolicyServiceClient.java
----------------------------------------------------------------------
diff --git 
a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/thrift/SentryPolicyServiceClient.java
 
b/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/thrift/SentryPolicyServiceClient.java
index 1e72b74..8949667 100644
--- 
a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/thrift/SentryPolicyServiceClient.java
+++ 
b/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/thrift/SentryPolicyServiceClient.java
@@ -145,6 +145,12 @@ public interface SentryPolicyServiceClient {
       String db, String table, List<String> columns, String action, Boolean 
grantOption)
       throws SentryUserException;
 
+  void revokePrivileges(String requestorUserName, String roleName, 
Set<TSentryPrivilege> privileges)
+      throws SentryUserException;
+
+  void revokePrivilege(String requestorUserName, String roleName, 
TSentryPrivilege privilege)
+      throws SentryUserException;
+
   Set<String> listPrivilegesForProvider(Set<String> groups, Set<String> users,
       ActiveRoleSet roleSet, Authorizable... authorizable) throws 
SentryUserException;
 

http://git-wip-us.apache.org/repos/asf/sentry/blob/b850bbb0/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/thrift/SentryPolicyServiceClientDefaultImpl.java
----------------------------------------------------------------------
diff --git 
a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/thrift/SentryPolicyServiceClientDefaultImpl.java
 
b/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/thrift/SentryPolicyServiceClientDefaultImpl.java
index 2dc8af8..5bca574 100644
--- 
a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/thrift/SentryPolicyServiceClientDefaultImpl.java
+++ 
b/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/thrift/SentryPolicyServiceClientDefaultImpl.java
@@ -613,6 +613,34 @@ public class SentryPolicyServiceClientDefaultImpl 
implements SentryPolicyService
     }
   }
 
+  public synchronized void revokePrivileges(String requestorUserName, String 
roleName, Set<TSentryPrivilege> privileges) throws  SentryUserException {
+    this.revokePrivilegesCore(requestorUserName, roleName, privileges);
+  }
+
+  public synchronized void revokePrivilege(String requestorUserName, String 
roleName, TSentryPrivilege privilege) throws  SentryUserException {
+    this.revokePrivilegeCore(requestorUserName, roleName, privilege);
+
+  }
+
+  private void revokePrivilegeCore(String requestorUserName, String roleName, 
TSentryPrivilege privilege) throws SentryUserException {
+    this.revokePrivilegesCore(requestorUserName, roleName, 
ImmutableSet.of(privilege));
+  }
+
+  private void revokePrivilegesCore(String requestorUserName, String roleName, 
Set<TSentryPrivilege> privileges) throws SentryUserException {
+    TAlterSentryRoleRevokePrivilegeRequest request = new 
TAlterSentryRoleRevokePrivilegeRequest();
+    
request.setProtocol_version(ThriftConstants.TSENTRY_SERVICE_VERSION_CURRENT);
+    request.setRequestorUserName(requestorUserName);
+    request.setRoleName(roleName);
+    request.setPrivileges(privileges);
+    try {
+      TAlterSentryRoleRevokePrivilegeResponse response = 
client.alter_sentry_role_revoke_privilege(
+          request);
+      Status.throwIfNotOk(response.getStatus());
+    } catch (TException e) {
+      throw new SentryUserException(THRIFT_EXCEPTION_MESSAGE, e);
+    }
+  }
+
   public synchronized void revokeURIPrivilege(String requestorUserName,
       String roleName, String server, String uri)
   throws SentryUserException {
@@ -744,19 +772,9 @@ public class SentryPolicyServiceClientDefaultImpl 
implements SentryPolicyService
       PrivilegeScope scope, String serverName, String uri, String db, String 
table, List<String> columns,
       String action, Boolean grantOption)
   throws SentryUserException {
-    TAlterSentryRoleRevokePrivilegeRequest request = new 
TAlterSentryRoleRevokePrivilegeRequest();
-    
request.setProtocol_version(ThriftConstants.TSENTRY_SERVICE_VERSION_CURRENT);
-    request.setRequestorUserName(requestorUserName);
-    request.setRoleName(roleName);
     Set<TSentryPrivilege> privileges = convertColumnPrivileges(scope,
         serverName, uri, db, table, columns, action, grantOption);
-    request.setPrivileges(privileges);
-    try {
-      TAlterSentryRoleRevokePrivilegeResponse response = 
client.alter_sentry_role_revoke_privilege(request);
-      Status.throwIfNotOk(response.getStatus());
-    } catch (TException e) {
-      throw new SentryUserException(THRIFT_EXCEPTION_MESSAGE, e);
-    }
+    this.revokePrivilegesCore(requestorUserName, roleName, privileges);
   }
 
   private Set<TSentryPrivilege> convertColumnPrivileges(

http://git-wip-us.apache.org/repos/asf/sentry/blob/b850bbb0/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/tools/command/hive/RevokePrivilegeFromRoleCmd.java
----------------------------------------------------------------------
diff --git 
a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/tools/command/hive/RevokePrivilegeFromRoleCmd.java
 
b/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/tools/command/hive/RevokePrivilegeFromRoleCmd.java
index f3da6c4..fe6aca5 100644
--- 
a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/tools/command/hive/RevokePrivilegeFromRoleCmd.java
+++ 
b/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/tools/command/hive/RevokePrivilegeFromRoleCmd.java
@@ -18,9 +18,7 @@
 package org.apache.sentry.provider.db.tools.command.hive;
 
 import org.apache.sentry.provider.db.service.thrift.SentryPolicyServiceClient;
-import org.apache.sentry.provider.db.service.thrift.TSentryGrantOption;
 import org.apache.sentry.provider.db.service.thrift.TSentryPrivilege;
-import org.apache.sentry.service.thrift.ServiceConstants;
 
 /**
  * The class for admin command to revoke privileges from role.
@@ -38,25 +36,7 @@ public class RevokePrivilegeFromRoleCmd implements Command {
   @Override
   public void execute(SentryPolicyServiceClient client, String requestorName) 
throws Exception {
     TSentryPrivilege tSentryPrivilege = 
CommandUtil.convertToTSentryPrivilege(privilegeStr);
-    boolean grantOption = 
tSentryPrivilege.getGrantOption().equals(TSentryGrantOption.TRUE) ? true : 
false;
-    if 
(ServiceConstants.PrivilegeScope.SERVER.toString().equals(tSentryPrivilege.getPrivilegeScope()))
 {
-      client.revokeServerPrivilege(requestorName, roleName, 
tSentryPrivilege.getServerName(),
-              grantOption);
-    } else if 
(ServiceConstants.PrivilegeScope.DATABASE.toString().equals(tSentryPrivilege.getPrivilegeScope()))
 {
-      client.revokeDatabasePrivilege(requestorName, roleName, 
tSentryPrivilege.getServerName(),
-              tSentryPrivilege.getDbName(), tSentryPrivilege.getAction(), 
grantOption);
-    } else if 
(ServiceConstants.PrivilegeScope.TABLE.toString().equals(tSentryPrivilege.getPrivilegeScope()))
 {
-      client.revokeTablePrivilege(requestorName, roleName, 
tSentryPrivilege.getServerName(),
-              tSentryPrivilege.getDbName(), tSentryPrivilege.getTableName(),
-              tSentryPrivilege.getAction(), grantOption);
-    } else if 
(ServiceConstants.PrivilegeScope.COLUMN.toString().equals(tSentryPrivilege.getPrivilegeScope()))
 {
-      client.revokeColumnPrivilege(requestorName, roleName, 
tSentryPrivilege.getServerName(),
-              tSentryPrivilege.getDbName(), tSentryPrivilege.getTableName(),
-              tSentryPrivilege.getColumnName(), tSentryPrivilege.getAction(), 
grantOption);
-    } else if 
(ServiceConstants.PrivilegeScope.URI.toString().equals(tSentryPrivilege.getPrivilegeScope()))
 {
-      client.revokeURIPrivilege(requestorName, roleName, 
tSentryPrivilege.getServerName(),
-              tSentryPrivilege.getURI(), grantOption);
-    }
+   client.revokePrivilege(requestorName, roleName, tSentryPrivilege);
   }
 
 }

sentry git commit: SENTRY-1361: Refactor revokePrivilege of Sentry Client (Ke Jia via Dapeng Sun)

Reply via email to