You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@sentry.apache.org by sd...@apache.org on 2016/06/29 06:48:30 UTC
[2/2] sentry git commit: SENTRY-1361: Refactor revokePrivilege of Sentry Client (Ke Jia via Dapeng Sun)

SENTRY-1361: Refactor revokePrivilege of Sentry Client (Ke Jia via Dapeng Sun)


Project: http://git-wip-us.apache.org/repos/asf/sentry/repo
Commit: http://git-wip-us.apache.org/repos/asf/sentry/commit/6fbff11f
Tree: http://git-wip-us.apache.org/repos/asf/sentry/tree/6fbff11f
Diff: http://git-wip-us.apache.org/repos/asf/sentry/diff/6fbff11f

Branch: refs/heads/master
Commit: 6fbff11fa45d8962fda706c8a823909f71ef1f2c
Parents: 79659ad
Author: Sun Dapeng <sd...@apache.org>
Authored: Wed Jun 29 14:41:44 2016 +0800
Committer: Sun Dapeng <sd...@apache.org>
Committed: Wed Jun 29 14:41:44 2016 +0800

----------------------------------------------------------------------
 .../thrift/SentryPolicyServiceClient.java       |  6 +++
 .../SentryPolicyServiceClientDefaultImpl.java   | 40 ++++++++++++++------
 .../hive/RevokePrivilegeFromRoleCmd.java        | 22 +----------
 3 files changed, 36 insertions(+), 32 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/sentry/blob/6fbff11f/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/thrift/SentryPolicyServiceClient.java
----------------------------------------------------------------------
diff --git a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/thrift/SentryPolicyServiceClient.java b/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/thrift/SentryPolicyServiceClient.java
index 8afa28b..c2b03e5 100644
--- a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/thrift/SentryPolicyServiceClient.java
+++ b/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/thrift/SentryPolicyServiceClient.java
@@ -152,6 +152,12 @@ public interface SentryPolicyServiceClient {
       String db, String table, List<String> columns, String action, Boolean grantOption)
       throws SentryUserException;
 
+  void revokePrivileges(String requestorUserName, String roleName, Set<TSentryPrivilege> privileges)
+      throws SentryUserException;
+
+  void revokePrivilege(String requestorUserName, String roleName, TSentryPrivilege privilege)
+      throws SentryUserException;
+
   Set<String> listPrivilegesForProvider(Set<String> groups, Set<String> users,
       ActiveRoleSet roleSet, Authorizable... authorizable) throws SentryUserException;
 

http://git-wip-us.apache.org/repos/asf/sentry/blob/6fbff11f/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/thrift/SentryPolicyServiceClientDefaultImpl.java
----------------------------------------------------------------------
diff --git a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/thrift/SentryPolicyServiceClientDefaultImpl.java b/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/thrift/SentryPolicyServiceClientDefaultImpl.java
index 25d515b..9a28eae 100644
--- a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/thrift/SentryPolicyServiceClientDefaultImpl.java
+++ b/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/thrift/SentryPolicyServiceClientDefaultImpl.java
@@ -532,6 +532,34 @@ public class SentryPolicyServiceClientDefaultImpl implements SentryPolicyService
     return grantPrivilegesCore(requestorUserName, roleName, privileges);
   }
 
+  public synchronized void revokePrivileges(String requestorUserName, String roleName, Set<TSentryPrivilege> privileges) throws  SentryUserException {
+    this.revokePrivilegesCore(requestorUserName, roleName, privileges);
+  }
+
+  public synchronized void revokePrivilege(String requestorUserName, String roleName, TSentryPrivilege privilege) throws  SentryUserException {
+    this.revokePrivilegeCore(requestorUserName, roleName, privilege);
+
+  }
+
+  private void revokePrivilegeCore(String requestorUserName, String roleName, TSentryPrivilege privilege) throws SentryUserException {
+    this.revokePrivilegesCore(requestorUserName, roleName, ImmutableSet.of(privilege));
+  }
+
+  private void revokePrivilegesCore(String requestorUserName, String roleName, Set<TSentryPrivilege> privileges) throws SentryUserException {
+    TAlterSentryRoleRevokePrivilegeRequest request = new TAlterSentryRoleRevokePrivilegeRequest();
+    request.setProtocol_version(ThriftConstants.TSENTRY_SERVICE_VERSION_CURRENT);
+    request.setRequestorUserName(requestorUserName);
+    request.setRoleName(roleName);
+    request.setPrivileges(privileges);
+    try {
+      TAlterSentryRoleRevokePrivilegeResponse response = client.alter_sentry_role_revoke_privilege(
+          request);
+      Status.throwIfNotOk(response.getStatus());
+    } catch (TException e) {
+      throw new SentryUserException(THRIFT_EXCEPTION_MESSAGE, e);
+    }
+  }
+
   public synchronized void revokeURIPrivilege(String requestorUserName,
       String roleName, String server, String uri)
   throws SentryUserException {
@@ -663,19 +691,9 @@ public class SentryPolicyServiceClientDefaultImpl implements SentryPolicyService
       PrivilegeScope scope, String serverName, String uri, String db, String table, List<String> columns,
       String action, Boolean grantOption)
   throws SentryUserException {
-    TAlterSentryRoleRevokePrivilegeRequest request = new TAlterSentryRoleRevokePrivilegeRequest();
-    request.setProtocol_version(ThriftConstants.TSENTRY_SERVICE_VERSION_CURRENT);
-    request.setRequestorUserName(requestorUserName);
-    request.setRoleName(roleName);
     Set<TSentryPrivilege> privileges = convertColumnPrivileges(scope,
         serverName, uri, db, table, columns, action, grantOption);
-    request.setPrivileges(privileges);
-    try {
-      TAlterSentryRoleRevokePrivilegeResponse response = client.alter_sentry_role_revoke_privilege(request);
-      Status.throwIfNotOk(response.getStatus());
-    } catch (TException e) {
-      throw new SentryUserException(THRIFT_EXCEPTION_MESSAGE, e);
-    }
+    this.revokePrivilegesCore(requestorUserName, roleName, privileges);
   }
 
   private Set<TSentryPrivilege> convertColumnPrivileges(

http://git-wip-us.apache.org/repos/asf/sentry/blob/6fbff11f/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/tools/command/hive/RevokePrivilegeFromRoleCmd.java
----------------------------------------------------------------------
diff --git a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/tools/command/hive/RevokePrivilegeFromRoleCmd.java b/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/tools/command/hive/RevokePrivilegeFromRoleCmd.java
index f3da6c4..fe6aca5 100644
--- a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/tools/command/hive/RevokePrivilegeFromRoleCmd.java
+++ b/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/tools/command/hive/RevokePrivilegeFromRoleCmd.java
@@ -18,9 +18,7 @@
 package org.apache.sentry.provider.db.tools.command.hive;
 
 import org.apache.sentry.provider.db.service.thrift.SentryPolicyServiceClient;
-import org.apache.sentry.provider.db.service.thrift.TSentryGrantOption;
 import org.apache.sentry.provider.db.service.thrift.TSentryPrivilege;
-import org.apache.sentry.service.thrift.ServiceConstants;
 
 /**
  * The class for admin command to revoke privileges from role.
@@ -38,25 +36,7 @@ public class RevokePrivilegeFromRoleCmd implements Command {
   @Override
   public void execute(SentryPolicyServiceClient client, String requestorName) throws Exception {
     TSentryPrivilege tSentryPrivilege = CommandUtil.convertToTSentryPrivilege(privilegeStr);
-    boolean grantOption = tSentryPrivilege.getGrantOption().equals(TSentryGrantOption.TRUE) ? true : false;
-    if (ServiceConstants.PrivilegeScope.SERVER.toString().equals(tSentryPrivilege.getPrivilegeScope())) {
-      client.revokeServerPrivilege(requestorName, roleName, tSentryPrivilege.getServerName(),
-              grantOption);
-    } else if (ServiceConstants.PrivilegeScope.DATABASE.toString().equals(tSentryPrivilege.getPrivilegeScope())) {
-      client.revokeDatabasePrivilege(requestorName, roleName, tSentryPrivilege.getServerName(),
-              tSentryPrivilege.getDbName(), tSentryPrivilege.getAction(), grantOption);
-    } else if (ServiceConstants.PrivilegeScope.TABLE.toString().equals(tSentryPrivilege.getPrivilegeScope())) {
-      client.revokeTablePrivilege(requestorName, roleName, tSentryPrivilege.getServerName(),
-              tSentryPrivilege.getDbName(), tSentryPrivilege.getTableName(),
-              tSentryPrivilege.getAction(), grantOption);
-    } else if (ServiceConstants.PrivilegeScope.COLUMN.toString().equals(tSentryPrivilege.getPrivilegeScope())) {
-      client.revokeColumnPrivilege(requestorName, roleName, tSentryPrivilege.getServerName(),
-              tSentryPrivilege.getDbName(), tSentryPrivilege.getTableName(),
-              tSentryPrivilege.getColumnName(), tSentryPrivilege.getAction(), grantOption);
-    } else if (ServiceConstants.PrivilegeScope.URI.toString().equals(tSentryPrivilege.getPrivilegeScope())) {
-      client.revokeURIPrivilege(requestorName, roleName, tSentryPrivilege.getServerName(),
-              tSentryPrivilege.getURI(), grantOption);
-    }
+   client.revokePrivilege(requestorName, roleName, tSentryPrivilege);
   }
 
 }