Repository: sentry Updated Branches: refs/heads/sentry-ha-redesign 7d28a41a0 -> ff79cf271
SENTRY-1548: Setting GrantOption to UNSET upsets Sentry (Kalyan Kumar Kalvagadda, Reviewed by: Alex Kolbasov) Project: http://git-wip-us.apache.org/repos/asf/sentry/repo Commit: http://git-wip-us.apache.org/repos/asf/sentry/commit/ff79cf27 Tree: http://git-wip-us.apache.org/repos/asf/sentry/tree/ff79cf27 Diff: http://git-wip-us.apache.org/repos/asf/sentry/diff/ff79cf27 Branch: refs/heads/sentry-ha-redesign Commit: ff79cf27103d79d019cd360ed45336f7fc8fd182 Parents: 7d28a41 Author: Alexander Kolbasov <[email protected]> Authored: Fri Apr 14 15:23:34 2017 -0700 Committer: Alexander Kolbasov <[email protected]> Committed: Fri Apr 14 15:23:34 2017 -0700 ---------------------------------------------------------------------- .../service/thrift/SentryPolicyStoreProcessor.java | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/sentry/blob/ff79cf27/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/thrift/SentryPolicyStoreProcessor.java ---------------------------------------------------------------------- diff --git a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/thrift/SentryPolicyStoreProcessor.java b/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/thrift/SentryPolicyStoreProcessor.java index ee2a466..fb73783 100644 --- a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/thrift/SentryPolicyStoreProcessor.java +++ b/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/thrift/SentryPolicyStoreProcessor.java @@ -48,6 +48,8 @@ import org.apache.sentry.provider.db.log.entity.JsonLogEntityFactory; import org.apache.sentry.provider.db.log.util.Constants; import org.apache.sentry.provider.db.service.persistent.SentryStore; import org.apache.sentry.provider.db.service.thrift.PolicyStoreConstants.PolicyStoreServerConfig; +import org.apache.sentry.provider.db.service.thrift.validator.GrantPrivilegeRequestValidator; +import org.apache.sentry.provider.db.service.thrift.validator.RevokePrivilegeRequestValidator; import org.apache.sentry.service.thrift.SentryServiceUtil; import org.apache.sentry.service.thrift.ServiceConstants; import org.apache.sentry.service.thrift.ServiceConstants.ConfUtilties; @@ -235,7 +237,6 @@ public class SentryPolicyStoreProcessor implements SentryPolicyService.Iface { public TAlterSentryRoleGrantPrivilegeResponse alter_sentry_role_grant_privilege (TAlterSentryRoleGrantPrivilegeRequest request) throws TException { final Timer.Context timerContext = sentryMetrics.grantTimer.time(); - TAlterSentryRoleGrantPrivilegeResponse response = new TAlterSentryRoleGrantPrivilegeResponse(); try { validateClientVersion(request.getProtocol_version()); @@ -247,7 +248,6 @@ public class SentryPolicyStoreProcessor implements SentryPolicyService.Iface { if (request.isSetPrivilege()) { request.setPrivileges(Sets.newHashSet(request.getPrivilege())); } - // TODO: now only has SentryPlugin. Once add more SentryPolicyStorePlugins, // TODO: need to differentiate the updates for different Plugins. Preconditions.checkState(sentryPlugins.size() <= 1); @@ -263,6 +263,7 @@ public class SentryPolicyStoreProcessor implements SentryPolicyService.Iface { sentryStore.alterSentryRoleGrantPrivileges(request.getRequestorUserName(), request.getRoleName(), request.getPrivileges()); } + GrantPrivilegeRequestValidator.validate(request); response.setStatus(Status.OK()); response.setPrivileges(request.getPrivileges()); // Maintain compatibility for old API: Set privilege field to response @@ -276,9 +277,8 @@ public class SentryPolicyStoreProcessor implements SentryPolicyService.Iface { LOGGER.error(msg, e); response.setStatus(Status.NoSuchObject(msg, e)); } catch (SentryInvalidInputException e) { - String msg = "Invalid input privilege object"; - LOGGER.error(msg, e); - response.setStatus(Status.InvalidInput(msg, e)); + LOGGER.error(e.getMessage(), e); + response.setStatus(Status.InvalidInput(e.getMessage(), e)); } catch (SentryAccessDeniedException e) { LOGGER.error(e.getMessage(), e); response.setStatus(Status.AccessDenied(e.getMessage(), e)); @@ -338,6 +338,7 @@ public class SentryPolicyStoreProcessor implements SentryPolicyService.Iface { sentryStore.alterSentryRoleRevokePrivileges(request.getRequestorUserName(), request.getRoleName(), request.getPrivileges()); } + RevokePrivilegeRequestValidator.validate(request); response.setStatus(Status.OK()); notificationHandlerInvoker.alter_sentry_role_revoke_privilege(request, response); @@ -362,9 +363,8 @@ public class SentryPolicyStoreProcessor implements SentryPolicyService.Iface { LOGGER.error(msg.toString(), e); response.setStatus(Status.NoSuchObject(msg.toString(), e)); } catch (SentryInvalidInputException e) { - String msg = "Invalid input privilege object"; - LOGGER.error(msg, e); - response.setStatus(Status.InvalidInput(msg, e)); + LOGGER.error(e.getMessage(), e); + response.setStatus(Status.InvalidInput(e.getMessage(), e)); } catch (SentryAccessDeniedException e) { LOGGER.error(e.getMessage(), e); response.setStatus(Status.AccessDenied(e.getMessage(), e));
