You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@sentry.apache.org by ak...@apache.org on 2017/04/14 22:25:16 UTC
sentry git commit: SENTRY-1548: Setting GrantOption to UNSET upsets
Sentry (Kalyan Kumar Kalvagadda, Reviewed by: Alex Kolbasov)
Repository: sentry
Updated Branches:
refs/heads/sentry-ha-redesign 7d28a41a0 -> ff79cf271
SENTRY-1548: Setting GrantOption to UNSET upsets Sentry (Kalyan Kumar Kalvagadda, Reviewed by: Alex Kolbasov)
Project: http://git-wip-us.apache.org/repos/asf/sentry/repo
Commit: http://git-wip-us.apache.org/repos/asf/sentry/commit/ff79cf27
Tree: http://git-wip-us.apache.org/repos/asf/sentry/tree/ff79cf27
Diff: http://git-wip-us.apache.org/repos/asf/sentry/diff/ff79cf27
Branch: refs/heads/sentry-ha-redesign
Commit: ff79cf27103d79d019cd360ed45336f7fc8fd182
Parents: 7d28a41
Author: Alexander Kolbasov <ak...@cloudera.com>
Authored: Fri Apr 14 15:23:34 2017 -0700
Committer: Alexander Kolbasov <ak...@cloudera.com>
Committed: Fri Apr 14 15:23:34 2017 -0700
----------------------------------------------------------------------
.../service/thrift/SentryPolicyStoreProcessor.java | 16 ++++++++--------
1 file changed, 8 insertions(+), 8 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/sentry/blob/ff79cf27/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/thrift/SentryPolicyStoreProcessor.java
----------------------------------------------------------------------
diff --git a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/thrift/SentryPolicyStoreProcessor.java b/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/thrift/SentryPolicyStoreProcessor.java
index ee2a466..fb73783 100644
--- a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/thrift/SentryPolicyStoreProcessor.java
+++ b/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/thrift/SentryPolicyStoreProcessor.java
@@ -48,6 +48,8 @@ import org.apache.sentry.provider.db.log.entity.JsonLogEntityFactory;
import org.apache.sentry.provider.db.log.util.Constants;
import org.apache.sentry.provider.db.service.persistent.SentryStore;
import org.apache.sentry.provider.db.service.thrift.PolicyStoreConstants.PolicyStoreServerConfig;
+import org.apache.sentry.provider.db.service.thrift.validator.GrantPrivilegeRequestValidator;
+import org.apache.sentry.provider.db.service.thrift.validator.RevokePrivilegeRequestValidator;
import org.apache.sentry.service.thrift.SentryServiceUtil;
import org.apache.sentry.service.thrift.ServiceConstants;
import org.apache.sentry.service.thrift.ServiceConstants.ConfUtilties;
@@ -235,7 +237,6 @@ public class SentryPolicyStoreProcessor implements SentryPolicyService.Iface {
public TAlterSentryRoleGrantPrivilegeResponse alter_sentry_role_grant_privilege
(TAlterSentryRoleGrantPrivilegeRequest request) throws TException {
final Timer.Context timerContext = sentryMetrics.grantTimer.time();
-
TAlterSentryRoleGrantPrivilegeResponse response = new TAlterSentryRoleGrantPrivilegeResponse();
try {
validateClientVersion(request.getProtocol_version());
@@ -247,7 +248,6 @@ public class SentryPolicyStoreProcessor implements SentryPolicyService.Iface {
if (request.isSetPrivilege()) {
request.setPrivileges(Sets.newHashSet(request.getPrivilege()));
}
-
// TODO: now only has SentryPlugin. Once add more SentryPolicyStorePlugins,
// TODO: need to differentiate the updates for different Plugins.
Preconditions.checkState(sentryPlugins.size() <= 1);
@@ -263,6 +263,7 @@ public class SentryPolicyStoreProcessor implements SentryPolicyService.Iface {
sentryStore.alterSentryRoleGrantPrivileges(request.getRequestorUserName(),
request.getRoleName(), request.getPrivileges());
}
+ GrantPrivilegeRequestValidator.validate(request);
response.setStatus(Status.OK());
response.setPrivileges(request.getPrivileges());
// Maintain compatibility for old API: Set privilege field to response
@@ -276,9 +277,8 @@ public class SentryPolicyStoreProcessor implements SentryPolicyService.Iface {
LOGGER.error(msg, e);
response.setStatus(Status.NoSuchObject(msg, e));
} catch (SentryInvalidInputException e) {
- String msg = "Invalid input privilege object";
- LOGGER.error(msg, e);
- response.setStatus(Status.InvalidInput(msg, e));
+ LOGGER.error(e.getMessage(), e);
+ response.setStatus(Status.InvalidInput(e.getMessage(), e));
} catch (SentryAccessDeniedException e) {
LOGGER.error(e.getMessage(), e);
response.setStatus(Status.AccessDenied(e.getMessage(), e));
@@ -338,6 +338,7 @@ public class SentryPolicyStoreProcessor implements SentryPolicyService.Iface {
sentryStore.alterSentryRoleRevokePrivileges(request.getRequestorUserName(),
request.getRoleName(), request.getPrivileges());
}
+ RevokePrivilegeRequestValidator.validate(request);
response.setStatus(Status.OK());
notificationHandlerInvoker.alter_sentry_role_revoke_privilege(request,
response);
@@ -362,9 +363,8 @@ public class SentryPolicyStoreProcessor implements SentryPolicyService.Iface {
LOGGER.error(msg.toString(), e);
response.setStatus(Status.NoSuchObject(msg.toString(), e));
} catch (SentryInvalidInputException e) {
- String msg = "Invalid input privilege object";
- LOGGER.error(msg, e);
- response.setStatus(Status.InvalidInput(msg, e));
+ LOGGER.error(e.getMessage(), e);
+ response.setStatus(Status.InvalidInput(e.getMessage(), e));
} catch (SentryAccessDeniedException e) {
LOGGER.error(e.getMessage(), e);
response.setStatus(Status.AccessDenied(e.getMessage(), e));