You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@sentry.apache.org by sd...@apache.org on 2016/06/29 06:48:30 UTC
[2/2] sentry git commit: SENTRY-1361: Refactor revokePrivilege of
Sentry Client (Ke Jia via Dapeng Sun)
SENTRY-1361: Refactor revokePrivilege of Sentry Client (Ke Jia via Dapeng Sun)
Project: http://git-wip-us.apache.org/repos/asf/sentry/repo
Commit: http://git-wip-us.apache.org/repos/asf/sentry/commit/6fbff11f
Tree: http://git-wip-us.apache.org/repos/asf/sentry/tree/6fbff11f
Diff: http://git-wip-us.apache.org/repos/asf/sentry/diff/6fbff11f
Branch: refs/heads/master
Commit: 6fbff11fa45d8962fda706c8a823909f71ef1f2c
Parents: 79659ad
Author: Sun Dapeng <sd...@apache.org>
Authored: Wed Jun 29 14:41:44 2016 +0800
Committer: Sun Dapeng <sd...@apache.org>
Committed: Wed Jun 29 14:41:44 2016 +0800
----------------------------------------------------------------------
.../thrift/SentryPolicyServiceClient.java | 6 +++
.../SentryPolicyServiceClientDefaultImpl.java | 40 ++++++++++++++------
.../hive/RevokePrivilegeFromRoleCmd.java | 22 +----------
3 files changed, 36 insertions(+), 32 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/sentry/blob/6fbff11f/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/thrift/SentryPolicyServiceClient.java
----------------------------------------------------------------------
diff --git a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/thrift/SentryPolicyServiceClient.java b/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/thrift/SentryPolicyServiceClient.java
index 8afa28b..c2b03e5 100644
--- a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/thrift/SentryPolicyServiceClient.java
+++ b/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/thrift/SentryPolicyServiceClient.java
@@ -152,6 +152,12 @@ public interface SentryPolicyServiceClient {
String db, String table, List<String> columns, String action, Boolean grantOption)
throws SentryUserException;
+ void revokePrivileges(String requestorUserName, String roleName, Set<TSentryPrivilege> privileges)
+ throws SentryUserException;
+
+ void revokePrivilege(String requestorUserName, String roleName, TSentryPrivilege privilege)
+ throws SentryUserException;
+
Set<String> listPrivilegesForProvider(Set<String> groups, Set<String> users,
ActiveRoleSet roleSet, Authorizable... authorizable) throws SentryUserException;
http://git-wip-us.apache.org/repos/asf/sentry/blob/6fbff11f/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/thrift/SentryPolicyServiceClientDefaultImpl.java
----------------------------------------------------------------------
diff --git a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/thrift/SentryPolicyServiceClientDefaultImpl.java b/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/thrift/SentryPolicyServiceClientDefaultImpl.java
index 25d515b..9a28eae 100644
--- a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/thrift/SentryPolicyServiceClientDefaultImpl.java
+++ b/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/thrift/SentryPolicyServiceClientDefaultImpl.java
@@ -532,6 +532,34 @@ public class SentryPolicyServiceClientDefaultImpl implements SentryPolicyService
return grantPrivilegesCore(requestorUserName, roleName, privileges);
}
+ public synchronized void revokePrivileges(String requestorUserName, String roleName, Set<TSentryPrivilege> privileges) throws SentryUserException {
+ this.revokePrivilegesCore(requestorUserName, roleName, privileges);
+ }
+
+ public synchronized void revokePrivilege(String requestorUserName, String roleName, TSentryPrivilege privilege) throws SentryUserException {
+ this.revokePrivilegeCore(requestorUserName, roleName, privilege);
+
+ }
+
+ private void revokePrivilegeCore(String requestorUserName, String roleName, TSentryPrivilege privilege) throws SentryUserException {
+ this.revokePrivilegesCore(requestorUserName, roleName, ImmutableSet.of(privilege));
+ }
+
+ private void revokePrivilegesCore(String requestorUserName, String roleName, Set<TSentryPrivilege> privileges) throws SentryUserException {
+ TAlterSentryRoleRevokePrivilegeRequest request = new TAlterSentryRoleRevokePrivilegeRequest();
+ request.setProtocol_version(ThriftConstants.TSENTRY_SERVICE_VERSION_CURRENT);
+ request.setRequestorUserName(requestorUserName);
+ request.setRoleName(roleName);
+ request.setPrivileges(privileges);
+ try {
+ TAlterSentryRoleRevokePrivilegeResponse response = client.alter_sentry_role_revoke_privilege(
+ request);
+ Status.throwIfNotOk(response.getStatus());
+ } catch (TException e) {
+ throw new SentryUserException(THRIFT_EXCEPTION_MESSAGE, e);
+ }
+ }
+
public synchronized void revokeURIPrivilege(String requestorUserName,
String roleName, String server, String uri)
throws SentryUserException {
@@ -663,19 +691,9 @@ public class SentryPolicyServiceClientDefaultImpl implements SentryPolicyService
PrivilegeScope scope, String serverName, String uri, String db, String table, List<String> columns,
String action, Boolean grantOption)
throws SentryUserException {
- TAlterSentryRoleRevokePrivilegeRequest request = new TAlterSentryRoleRevokePrivilegeRequest();
- request.setProtocol_version(ThriftConstants.TSENTRY_SERVICE_VERSION_CURRENT);
- request.setRequestorUserName(requestorUserName);
- request.setRoleName(roleName);
Set<TSentryPrivilege> privileges = convertColumnPrivileges(scope,
serverName, uri, db, table, columns, action, grantOption);
- request.setPrivileges(privileges);
- try {
- TAlterSentryRoleRevokePrivilegeResponse response = client.alter_sentry_role_revoke_privilege(request);
- Status.throwIfNotOk(response.getStatus());
- } catch (TException e) {
- throw new SentryUserException(THRIFT_EXCEPTION_MESSAGE, e);
- }
+ this.revokePrivilegesCore(requestorUserName, roleName, privileges);
}
private Set<TSentryPrivilege> convertColumnPrivileges(
http://git-wip-us.apache.org/repos/asf/sentry/blob/6fbff11f/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/tools/command/hive/RevokePrivilegeFromRoleCmd.java
----------------------------------------------------------------------
diff --git a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/tools/command/hive/RevokePrivilegeFromRoleCmd.java b/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/tools/command/hive/RevokePrivilegeFromRoleCmd.java
index f3da6c4..fe6aca5 100644
--- a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/tools/command/hive/RevokePrivilegeFromRoleCmd.java
+++ b/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/tools/command/hive/RevokePrivilegeFromRoleCmd.java
@@ -18,9 +18,7 @@
package org.apache.sentry.provider.db.tools.command.hive;
import org.apache.sentry.provider.db.service.thrift.SentryPolicyServiceClient;
-import org.apache.sentry.provider.db.service.thrift.TSentryGrantOption;
import org.apache.sentry.provider.db.service.thrift.TSentryPrivilege;
-import org.apache.sentry.service.thrift.ServiceConstants;
/**
* The class for admin command to revoke privileges from role.
@@ -38,25 +36,7 @@ public class RevokePrivilegeFromRoleCmd implements Command {
@Override
public void execute(SentryPolicyServiceClient client, String requestorName) throws Exception {
TSentryPrivilege tSentryPrivilege = CommandUtil.convertToTSentryPrivilege(privilegeStr);
- boolean grantOption = tSentryPrivilege.getGrantOption().equals(TSentryGrantOption.TRUE) ? true : false;
- if (ServiceConstants.PrivilegeScope.SERVER.toString().equals(tSentryPrivilege.getPrivilegeScope())) {
- client.revokeServerPrivilege(requestorName, roleName, tSentryPrivilege.getServerName(),
- grantOption);
- } else if (ServiceConstants.PrivilegeScope.DATABASE.toString().equals(tSentryPrivilege.getPrivilegeScope())) {
- client.revokeDatabasePrivilege(requestorName, roleName, tSentryPrivilege.getServerName(),
- tSentryPrivilege.getDbName(), tSentryPrivilege.getAction(), grantOption);
- } else if (ServiceConstants.PrivilegeScope.TABLE.toString().equals(tSentryPrivilege.getPrivilegeScope())) {
- client.revokeTablePrivilege(requestorName, roleName, tSentryPrivilege.getServerName(),
- tSentryPrivilege.getDbName(), tSentryPrivilege.getTableName(),
- tSentryPrivilege.getAction(), grantOption);
- } else if (ServiceConstants.PrivilegeScope.COLUMN.toString().equals(tSentryPrivilege.getPrivilegeScope())) {
- client.revokeColumnPrivilege(requestorName, roleName, tSentryPrivilege.getServerName(),
- tSentryPrivilege.getDbName(), tSentryPrivilege.getTableName(),
- tSentryPrivilege.getColumnName(), tSentryPrivilege.getAction(), grantOption);
- } else if (ServiceConstants.PrivilegeScope.URI.toString().equals(tSentryPrivilege.getPrivilegeScope())) {
- client.revokeURIPrivilege(requestorName, roleName, tSentryPrivilege.getServerName(),
- tSentryPrivilege.getURI(), grantOption);
- }
+ client.revokePrivilege(requestorName, roleName, tSentryPrivilege);
}
}