Repository: sentry Updated Branches: refs/heads/sentry-ha-redesign ff79cf271 -> ff369db20
SENTRY-1548: Setting GrantOption to UNSET upsets Sentry (Added missing files) Project: http://git-wip-us.apache.org/repos/asf/sentry/repo Commit: http://git-wip-us.apache.org/repos/asf/sentry/commit/ff369db2 Tree: http://git-wip-us.apache.org/repos/asf/sentry/tree/ff369db2 Diff: http://git-wip-us.apache.org/repos/asf/sentry/diff/ff369db2 Branch: refs/heads/sentry-ha-redesign Commit: ff369db20e3f1928c8d6b98f6b8ec4842390e7f8 Parents: ff79cf2 Author: Alexander Kolbasov <[email protected]> Authored: Fri Apr 14 15:37:51 2017 -0700 Committer: Alexander Kolbasov <[email protected]> Committed: Fri Apr 14 15:37:51 2017 -0700 ---------------------------------------------------------------------- .../GrantPrivilegeRequestValidator.java | 91 ++++++++++++++++++++ .../RevokePrivilegeRequestValidator.java | 46 ++++++++++ 2 files changed, 137 insertions(+) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/sentry/blob/ff369db2/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/thrift/validator/GrantPrivilegeRequestValidator.java ---------------------------------------------------------------------- diff --git a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/thrift/validator/GrantPrivilegeRequestValidator.java b/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/thrift/validator/GrantPrivilegeRequestValidator.java new file mode 100644 index 0000000..f714d5d --- /dev/null +++ b/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/thrift/validator/GrantPrivilegeRequestValidator.java @@ -0,0 +1,91 @@ +/** + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package org.apache.sentry.provider.db.service.thrift.validator; + +import java.util.Set; + +import org.apache.sentry.core.common.exception.SentryInvalidInputException; +import org.apache.sentry.provider.db.service.thrift.TAlterSentryRoleGrantPrivilegeRequest; +import org.apache.sentry.provider.db.service.thrift.TSentryGrantOption; +import org.apache.sentry.provider.db.service.thrift.TSentryPrivilege; + +/** + * Check's for mandatory fields in the privileges and + * checks to see if the UNSET option is present. + */ +public final class GrantPrivilegeRequestValidator { + private GrantPrivilegeRequestValidator() { + } + + /** + * Validates privileges in input request by making sure mandatory fields like + * server name and action in the privileges are not empty and see all the values in the + * request are valid. + * + * @param request to be validated. + * @throws SentryInvalidInputException If all the mandatory fields in the privileges are + * not present [OR] invalid fields a provided in request. + */ + public static void validate(TAlterSentryRoleGrantPrivilegeRequest request) + throws SentryInvalidInputException { + if (request.isSetPrivileges() && (!request.getPrivileges().isEmpty())) { + checkForMandatoryFieldsInPrivileges(request.getPrivileges()); + validateGrantOptionInprivileges(request.getPrivileges()); + } + } + + /** + * Checks for mandatory fields "serverName" and "action" in all the privileges + * in the set are not empty. + * + * @param privileges Set of <code>TSentryPrivileges</code> to be inspected + * @throws SentryInvalidInputException If all the mandatory fields in the privileges are + * not present + */ + static void checkForMandatoryFieldsInPrivileges(Set<TSentryPrivilege> privileges) + throws SentryInvalidInputException { + for (TSentryPrivilege privilege : privileges) { + if (privilege.getServerName() == null || + privilege.getServerName().trim().isEmpty()) { + throw new SentryInvalidInputException("Invalid Privilege input: Server Name is missing"); + } + if (privilege.getAction() == null || + privilege.getAction().trim().isEmpty()) { + throw new SentryInvalidInputException("Invalid Privilege input: Action is missing"); + } + } + } + + /** + * Validates grant option in all the privileges. + * + * @param privileges Set of privileges to be validated + * @throws SentryInvalidInputException If the validation for grant option fails for any + * of the privileges. + */ + private static void validateGrantOptionInprivileges(Set<TSentryPrivilege> privileges) + throws SentryInvalidInputException { + for (TSentryPrivilege privilege : privileges) { + if (privilege.getGrantOption() == TSentryGrantOption.UNSET) { + throw new SentryInvalidInputException("Invalid Privilege input," + + " UNSET option for GRANT <PRIVILEGE> is not valid"); + } + } + } +} http://git-wip-us.apache.org/repos/asf/sentry/blob/ff369db2/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/thrift/validator/RevokePrivilegeRequestValidator.java ---------------------------------------------------------------------- diff --git a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/thrift/validator/RevokePrivilegeRequestValidator.java b/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/thrift/validator/RevokePrivilegeRequestValidator.java new file mode 100644 index 0000000..da4f0e9 --- /dev/null +++ b/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/thrift/validator/RevokePrivilegeRequestValidator.java @@ -0,0 +1,46 @@ +/** + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * <p> + * http://www.apache.org/licenses/LICENSE-2.0 + * <p> + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package org.apache.sentry.provider.db.service.thrift.validator; + +import org.apache.sentry.core.common.exception.SentryInvalidInputException; +import org.apache.sentry.provider.db.service.thrift.TAlterSentryRoleRevokePrivilegeRequest; + +/** + * Check's for mandatory fields in the privileges + */ +public final class RevokePrivilegeRequestValidator { + private RevokePrivilegeRequestValidator() { + } + + /** + * Validates privileges in input request by making sure mandatory fields like + * server name and action in the privileges are not empty and see all the values in the + * request are valid. + * + * @param request to be validated. + * @throws SentryInvalidInputException If all the mandatory fields in the privileges are + * not present [OR] invalid fields a provided in request. + */ + public static void validate(TAlterSentryRoleRevokePrivilegeRequest request) + throws SentryInvalidInputException { + if (request.isSetPrivileges() && (!request.getPrivileges().isEmpty())) { + GrantPrivilegeRequestValidator.checkForMandatoryFieldsInPrivileges(request.getPrivileges()); + } + } +}
