You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@sentry.apache.org by ak...@apache.org on 2017/04/14 22:25:16 UTC

sentry git commit: SENTRY-1548: Setting GrantOption to UNSET upsets Sentry (Kalyan Kumar Kalvagadda, Reviewed by: Alex Kolbasov)

Repository: sentry
Updated Branches:
  refs/heads/sentry-ha-redesign 7d28a41a0 -> ff79cf271


SENTRY-1548: Setting GrantOption to UNSET upsets Sentry (Kalyan Kumar Kalvagadda, Reviewed by: Alex Kolbasov)


Project: http://git-wip-us.apache.org/repos/asf/sentry/repo
Commit: http://git-wip-us.apache.org/repos/asf/sentry/commit/ff79cf27
Tree: http://git-wip-us.apache.org/repos/asf/sentry/tree/ff79cf27
Diff: http://git-wip-us.apache.org/repos/asf/sentry/diff/ff79cf27

Branch: refs/heads/sentry-ha-redesign
Commit: ff79cf27103d79d019cd360ed45336f7fc8fd182
Parents: 7d28a41
Author: Alexander Kolbasov <ak...@cloudera.com>
Authored: Fri Apr 14 15:23:34 2017 -0700
Committer: Alexander Kolbasov <ak...@cloudera.com>
Committed: Fri Apr 14 15:23:34 2017 -0700

----------------------------------------------------------------------
 .../service/thrift/SentryPolicyStoreProcessor.java  | 16 ++++++++--------
 1 file changed, 8 insertions(+), 8 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/sentry/blob/ff79cf27/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/thrift/SentryPolicyStoreProcessor.java
----------------------------------------------------------------------
diff --git a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/thrift/SentryPolicyStoreProcessor.java b/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/thrift/SentryPolicyStoreProcessor.java
index ee2a466..fb73783 100644
--- a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/thrift/SentryPolicyStoreProcessor.java
+++ b/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/thrift/SentryPolicyStoreProcessor.java
@@ -48,6 +48,8 @@ import org.apache.sentry.provider.db.log.entity.JsonLogEntityFactory;
 import org.apache.sentry.provider.db.log.util.Constants;
 import org.apache.sentry.provider.db.service.persistent.SentryStore;
 import org.apache.sentry.provider.db.service.thrift.PolicyStoreConstants.PolicyStoreServerConfig;
+import org.apache.sentry.provider.db.service.thrift.validator.GrantPrivilegeRequestValidator;
+import org.apache.sentry.provider.db.service.thrift.validator.RevokePrivilegeRequestValidator;
 import org.apache.sentry.service.thrift.SentryServiceUtil;
 import org.apache.sentry.service.thrift.ServiceConstants;
 import org.apache.sentry.service.thrift.ServiceConstants.ConfUtilties;
@@ -235,7 +237,6 @@ public class SentryPolicyStoreProcessor implements SentryPolicyService.Iface {
   public TAlterSentryRoleGrantPrivilegeResponse alter_sentry_role_grant_privilege
   (TAlterSentryRoleGrantPrivilegeRequest request) throws TException {
     final Timer.Context timerContext = sentryMetrics.grantTimer.time();
-
     TAlterSentryRoleGrantPrivilegeResponse response = new TAlterSentryRoleGrantPrivilegeResponse();
     try {
       validateClientVersion(request.getProtocol_version());
@@ -247,7 +248,6 @@ public class SentryPolicyStoreProcessor implements SentryPolicyService.Iface {
       if (request.isSetPrivilege()) {
         request.setPrivileges(Sets.newHashSet(request.getPrivilege()));
       }
-
       // TODO: now only has SentryPlugin. Once add more SentryPolicyStorePlugins,
       // TODO: need to differentiate the updates for different Plugins.
       Preconditions.checkState(sentryPlugins.size() <= 1);
@@ -263,6 +263,7 @@ public class SentryPolicyStoreProcessor implements SentryPolicyService.Iface {
         sentryStore.alterSentryRoleGrantPrivileges(request.getRequestorUserName(),
             request.getRoleName(), request.getPrivileges());
       }
+      GrantPrivilegeRequestValidator.validate(request);
       response.setStatus(Status.OK());
       response.setPrivileges(request.getPrivileges());
       // Maintain compatibility for old API: Set privilege field to response
@@ -276,9 +277,8 @@ public class SentryPolicyStoreProcessor implements SentryPolicyService.Iface {
       LOGGER.error(msg, e);
       response.setStatus(Status.NoSuchObject(msg, e));
     } catch (SentryInvalidInputException e) {
-      String msg = "Invalid input privilege object";
-      LOGGER.error(msg, e);
-      response.setStatus(Status.InvalidInput(msg, e));
+      LOGGER.error(e.getMessage(), e);
+      response.setStatus(Status.InvalidInput(e.getMessage(), e));
     } catch (SentryAccessDeniedException e) {
       LOGGER.error(e.getMessage(), e);
       response.setStatus(Status.AccessDenied(e.getMessage(), e));
@@ -338,6 +338,7 @@ public class SentryPolicyStoreProcessor implements SentryPolicyService.Iface {
         sentryStore.alterSentryRoleRevokePrivileges(request.getRequestorUserName(),
             request.getRoleName(), request.getPrivileges());
       }
+      RevokePrivilegeRequestValidator.validate(request);
       response.setStatus(Status.OK());
       notificationHandlerInvoker.alter_sentry_role_revoke_privilege(request,
               response);
@@ -362,9 +363,8 @@ public class SentryPolicyStoreProcessor implements SentryPolicyService.Iface {
       LOGGER.error(msg.toString(), e);
       response.setStatus(Status.NoSuchObject(msg.toString(), e));
     } catch (SentryInvalidInputException e) {
-      String msg = "Invalid input privilege object";
-      LOGGER.error(msg, e);
-      response.setStatus(Status.InvalidInput(msg, e));
+      LOGGER.error(e.getMessage(), e);
+      response.setStatus(Status.InvalidInput(e.getMessage(), e));
     } catch (SentryAccessDeniedException e) {
       LOGGER.error(e.getMessage(), e);
       response.setStatus(Status.AccessDenied(e.getMessage(), e));