sentry-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From br...@apache.org
Subject [1/4] SENTRY-126 - Implement alter role grant/revoke privilege in sentry service and sentry store (Shreepadma via Brock)
Date Tue, 11 Mar 2014 22:29:53 GMT
Repository: incubator-sentry
Updated Branches:
  refs/heads/db_policy_store e18a902d2 -> a7df761dd


http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/a7df761d/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/thrift/SentryPolicyStoreProcessor.java
----------------------------------------------------------------------
diff --git a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/thrift/SentryPolicyStoreProcessor.java
b/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/thrift/SentryPolicyStoreProcessor.java
index a451f58..78e0a87 100644
--- a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/thrift/SentryPolicyStoreProcessor.java
+++ b/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/thrift/SentryPolicyStoreProcessor.java
@@ -26,6 +26,7 @@ import java.util.Set;
 import org.apache.hadoop.conf.Configuration;
 import org.apache.sentry.provider.db.service.persistent.CommitContext;
 import org.apache.sentry.provider.db.service.persistent.SentryAlreadyExistsException;
+import org.apache.sentry.provider.db.service.persistent.SentryInvalidInputException;
 import org.apache.sentry.provider.db.service.persistent.SentryNoSuchObjectException;
 import org.apache.sentry.provider.db.service.persistent.SentryStore;
 import org.apache.sentry.provider.db.service.thrift.PolicyStoreConstants.PolicyStoreServerConfig;
@@ -71,21 +72,21 @@ public class SentryPolicyStoreProcessor implements SentryPolicyService.Iface
{
 
   @VisibleForTesting
   static List<NotificationHandler> createHandlers(Configuration conf)
-      throws SentryConfigurationException {
+  throws SentryConfigurationException {
     List<NotificationHandler> handlers = Lists.newArrayList();
     Iterable<String> notificationHandlers = Splitter.onPattern("[\\s,]").trimResults()
-        .omitEmptyStrings().split(conf.get(PolicyStoreServerConfig.NOTIFICATION_HANDLERS,
""));
+                                            .omitEmptyStrings().split(conf.get(PolicyStoreServerConfig.NOTIFICATION_HANDLERS,
""));
     for (String notificationHandler : notificationHandlers) {
       Class<?> clazz = null;
       try {
         clazz = Class.forName(notificationHandler);
         if (!NotificationHandler.class.isAssignableFrom(clazz)) {
           throw new SentryConfigurationException("Class " + notificationHandler + " is not
a " +
-              NotificationHandler.class.getName());
+                                                 NotificationHandler.class.getName());
         }
       } catch (ClassNotFoundException e) {
         throw new SentryConfigurationException("Value " + notificationHandler +
-           " is not a class", e);
+                                               " is not a class", e);
       }
       Preconditions.checkNotNull(clazz, "Error class cannot be null");
       try {
@@ -98,6 +99,50 @@ public class SentryPolicyStoreProcessor implements SentryPolicyService.Iface
{
     return handlers;
   }
 
+  //TODO:Validate privilege scope?
+  private String constructPrivilegeName(TSentryPrivilege privilege) throws SentryInvalidInputException
{
+    StringBuilder privilegeName = new StringBuilder();
+    String serverName = privilege.getServerName();
+    String dbName = privilege.getDbName();
+    String tableName = privilege.getTableName();
+    String uri = privilege.getURI();
+    String action = privilege.getAction();
+
+    if (serverName == null) {
+      throw new SentryInvalidInputException("Server name is null");
+    }
+
+    if (action.equalsIgnoreCase("SELECT") || action.equalsIgnoreCase("INSERT")) {
+      if (tableName == null || tableName.equals("")) {
+        throw new SentryInvalidInputException("Table name can't be null for SELECT/INSERT
privilege");
+      }
+    }
+
+    if (dbName == null || dbName.equals("")) {
+      if (tableName != null && !tableName.equals("")) {
+        throw new SentryInvalidInputException("Db name can't be null");
+      }
+    }
+
+    if (uri == null || uri.equals("")) {
+      privilegeName.append(serverName);
+      privilegeName.append("+");
+      privilegeName.append(dbName);
+
+      if (tableName != null && !tableName.equals("")) {
+        privilegeName.append("+");
+        privilegeName.append(tableName);
+      }
+      privilegeName.append("+");
+      privilegeName.append(action);
+    } else {
+      privilegeName.append(serverName);
+      privilegeName.append("+");
+      privilegeName.append(uri);
+    }
+    return privilegeName.toString();
+  }
+
   @Override
   public TCreateSentryRoleResponse create_sentry_role(
     TCreateSentryRoleRequest request) throws TException {
@@ -118,19 +163,57 @@ public class SentryPolicyStoreProcessor implements SentryPolicyService.Iface
{
     }
     return response;
   }
+
   @Override
-  public TCreateSentryPrivilegeResponse create_sentry_privilege(
-    TCreateSentryPrivilegeRequest request) throws TException {
-    TCreateSentryPrivilegeResponse response = new TCreateSentryPrivilegeResponse();
+  public TAlterSentryRoleGrantPrivilegeResponse alter_sentry_role_grant_privilege
+  (TAlterSentryRoleGrantPrivilegeRequest request) throws TException {
+
+    TAlterSentryRoleGrantPrivilegeResponse response = new TAlterSentryRoleGrantPrivilegeResponse();
     try {
-      CommitContext commitContext = sentryStore.createSentryPrivilege(request.getPrivilege());
+      String privilegeName = constructPrivilegeName(request.getPrivilege());
+      request.getPrivilege().setPrivilegeName(privilegeName);
+      CommitContext commitContext = sentryStore.alterSentryRoleGrantPrivilege(request.getRoleName(),
+                                    request.getPrivilege());
       response.setStatus(Status.OK());
-      notificationHandlerInvoker.create_sentry_privilege(commitContext,
+      notificationHandlerInvoker.alter_sentry_role_grant_privilege(commitContext,
           request, response);
-    } catch (SentryAlreadyExistsException e) {
-      String msg = "Privilege: " + request + " already exists.";
+    } catch (SentryNoSuchObjectException e) {
+      String msg = "Role: " + request.getRoleName() + " doesn't exist.";
       LOGGER.error(msg, e);
-      response.setStatus(Status.AlreadyExists(msg, e));
+      response.setStatus(Status.NoSuchObject(msg, e));
+    } catch (SentryInvalidInputException e) {
+      String msg = "Invalid input privilege object";
+      LOGGER.error(msg, e);
+      response.setStatus(Status.InvalidInput(msg, e));
+    } catch (Exception e) {
+      String msg = "Unknown error for request: " + request + ", message: " + e.getMessage();
+      LOGGER.error(msg, e);
+      response.setStatus(Status.RuntimeError(msg, e));
+    }
+
+    return response;
+  }
+
+  @Override
+  public TAlterSentryRoleRevokePrivilegeResponse alter_sentry_role_revoke_privilege
+  (TAlterSentryRoleRevokePrivilegeRequest request) throws TException {
+    TAlterSentryRoleRevokePrivilegeResponse response = new TAlterSentryRoleRevokePrivilegeResponse();
+    try {
+      String privilegeName = constructPrivilegeName(request.getPrivilege());
+      request.getPrivilege().setPrivilegeName(privilegeName);
+      CommitContext commitContext = sentryStore.alterSentryRoleRevokePrivilege(request.getRoleName(),
+                                    request.getPrivilege().getPrivilegeName());
+      response.setStatus(Status.OK());
+      notificationHandlerInvoker.alter_sentry_role_revoke_privilege(commitContext,
+          request, response);
+    } catch (SentryNoSuchObjectException e) {
+      String msg = "Privilege: " + request.getPrivilege().getPrivilegeName() + " doesn't
exist.";
+      LOGGER.error(msg, e);
+      response.setStatus(Status.NoSuchObject(msg, e));
+    } catch (SentryInvalidInputException e) {
+      String msg = "Invalid input privilege object";
+      LOGGER.error(msg, e);
+      response.setStatus(Status.InvalidInput(msg, e));
     } catch (Exception e) {
       String msg = "Unknown error for request: " + request + ", message: " + e.getMessage();
       LOGGER.error(msg, e);
@@ -139,6 +222,7 @@ public class SentryPolicyStoreProcessor implements SentryPolicyService.Iface
{
     return response;
   }
 
+  @Override
   public TDropSentryRoleResponse drop_sentry_role(
     TDropSentryRoleRequest request)  throws TException {
     TDropSentryRoleResponse response = new TDropSentryRoleResponse();
@@ -180,9 +264,10 @@ public class SentryPolicyStoreProcessor implements SentryPolicyService.Iface
{
     }
     return response;
   }
+
   @Override
   public TAlterSentryRoleDeleteGroupsResponse alter_sentry_role_delete_groups(
-      TAlterSentryRoleDeleteGroupsRequest request) throws TException {
+    TAlterSentryRoleDeleteGroupsRequest request) throws TException {
     // TODO implement
     TAlterSentryRoleDeleteGroupsResponse response = new TAlterSentryRoleDeleteGroupsResponse();
     try {
@@ -252,4 +337,4 @@ public class SentryPolicyStoreProcessor implements SentryPolicyService.Iface
{
     }
     return response;
   }
-}
\ No newline at end of file
+}

http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/a7df761d/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/service/thrift/Status.java
----------------------------------------------------------------------
diff --git a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/service/thrift/Status.java
b/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/service/thrift/Status.java
index 0b2daf3..1686780 100644
--- a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/service/thrift/Status.java
+++ b/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/service/thrift/Status.java
@@ -32,6 +32,7 @@ public enum Status {
   ALREADY_EXISTS(ThriftConstants.TSENTRY_STATUS_ALREADY_EXISTS),
   NO_SUCH_OBJECT(ThriftConstants.TSENTRY_STATUS_NO_SUCH_OBJECT),
   RUNTIME_ERROR(ThriftConstants.TSENTRY_STATUS_RUNTIME_ERROR),
+  INVALID_INPUT(ThriftConstants.TSENTRY_STATUS_INVALID_INPUT),
   UNKNOWN(-1)
   ;
   private int code;
@@ -64,6 +65,9 @@ public enum Status {
   public static TSentryResponseStatus Create(Status value, String message) {
     return Create(value, message, null);
   }
+  public static TSentryResponseStatus InvalidInput(String message, Throwable t) {
+    return Create(Status.INVALID_INPUT, message, t);
+  }
   public static TSentryResponseStatus Create(Status value, String message, @Nullable Throwable
t) {
     TSentryResponseStatus status = new TSentryResponseStatus();
     status.setValue(value.getCode());

http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/a7df761d/sentry-provider/sentry-provider-db/src/main/resources/sentry_common_service.thrift
----------------------------------------------------------------------
diff --git a/sentry-provider/sentry-provider-db/src/main/resources/sentry_common_service.thrift
b/sentry-provider/sentry-provider-db/src/main/resources/sentry_common_service.thrift
index ed0ebc5..7a545be 100644
--- a/sentry-provider/sentry-provider-db/src/main/resources/sentry_common_service.thrift
+++ b/sentry-provider/sentry-provider-db/src/main/resources/sentry_common_service.thrift
@@ -30,6 +30,7 @@ const i32 TSENTRY_STATUS_OK = 0;
 const i32 TSENTRY_STATUS_ALREADY_EXISTS = 1;
 const i32 TSENTRY_STATUS_NO_SUCH_OBJECT = 2;
 const i32 TSENTRY_STATUS_RUNTIME_ERROR = 3;
+const i32 TSENTRY_STATUS_INVALID_INPUT = 4;
 
 struct TSentryResponseStatus {
 1: required i32 value,

http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/a7df761d/sentry-provider/sentry-provider-db/src/main/resources/sentry_policy_service.thrift
----------------------------------------------------------------------
diff --git a/sentry-provider/sentry-provider-db/src/main/resources/sentry_policy_service.thrift
b/sentry-provider/sentry-provider-db/src/main/resources/sentry_policy_service.thrift
index 40f8a5f..d6e05b7 100644
--- a/sentry-provider/sentry-provider-db/src/main/resources/sentry_policy_service.thrift
+++ b/sentry-provider/sentry-provider-db/src/main/resources/sentry_policy_service.thrift
@@ -31,14 +31,14 @@ namespace cpp Apache.Sentry.Provider.Db.Service.Thrift
 
 struct TSentryPrivilege {
 1: required string privilegeScope,
-2: required string privilegeName,
+2: optional string privilegeName,
 3: required string serverName,
 4: optional string dbName,
 5: optional string tableName,
 6: optional string URI,
 7: required string action,
 8: required i64 createTime,
-9: required string grantorPrincipal
+9: optional string grantorPrincipal
 }
 
 struct TSentryRole {
@@ -47,6 +47,7 @@ struct TSentryRole {
 3: required i64 createTime,
 4: required string grantorPrincipal
 }
+
 // TODO fill out
 struct TSentryGroup {
 1: required string groupName
@@ -61,21 +62,23 @@ struct TCreateSentryRoleResponse {
 1: required sentry_common_service.TSentryResponseStatus status
 }
 
-struct TCreateSentryPrivilegeRequest {
+struct TListSentryRolesRequest {
 1: required i32 protocol_version = sentry_common_service.TSENTRY_SERVICE_V1,
-2: required string userName,
-3: required TSentryPrivilege privilege
+2: optional string userName,
+3: optional string groupName,
+4: optional string roleName
 }
-struct TCreateSentryPrivilegeResponse {
+struct TListSentryRolesResponse {
 1: required sentry_common_service.TSentryResponseStatus status
+2: required set<TSentryRole> roles
 }
 
-struct TCreateSentryPrivilegeRequest {
+struct TDropSentryRoleRequest {
 1: required i32 protocol_version = sentry_common_service.TSENTRY_SERVICE_V1,
-2: required string userName,
-3: required TSentryPrivilege privilege
+2: optional string userName,
+3: optional string roleName
 }
-struct TCreateSentryPrivilegeResponse {
+struct TDropSentryRoleResponse {
 1: required sentry_common_service.TSentryResponseStatus status
 }
 
@@ -85,6 +88,7 @@ struct TAlterSentryRoleAddGroupsRequest {
 3: required string roleName,
 4: required set<TSentryGroup> groups
 }
+
 struct TAlterSentryRoleAddGroupsResponse {
 1: required sentry_common_service.TSentryResponseStatus status
 }
@@ -97,25 +101,25 @@ struct TAlterSentryRoleDeleteGroupsResponse {
 1: required sentry_common_service.TSentryResponseStatus status
 }
 
-struct TListSentryRolesRequest {
+struct TAlterSentryRoleGrantPrivilegeRequest {
 1: required i32 protocol_version = sentry_common_service.TSENTRY_SERVICE_V1,
-2: optional string userName,
-3: optional string groupName,
-4: optional string roleName
+2: required string userName,
+3: required string roleName,
+4: required TSentryPrivilege privilege
 }
 
-struct TListSentryRolesResponse {
+struct TAlterSentryRoleGrantPrivilegeResponse {
 1: required sentry_common_service.TSentryResponseStatus status
-2: required set<TSentryRole> roles
 }
 
-struct TDropSentryRoleRequest {
+struct TAlterSentryRoleRevokePrivilegeRequest {
 1: required i32 protocol_version = sentry_common_service.TSENTRY_SERVICE_V1,
-2: optional string userName,
-3: optional string roleName
+2: required string userName,
+3: required string roleName,
+4: required TSentryPrivilege privilege
 }
 
-struct TDropSentryRoleResponse {
+struct TAlterSentryRoleRevokePrivilegeResponse {
 1: required sentry_common_service.TSentryResponseStatus status
 }
 
@@ -123,10 +127,10 @@ service SentryPolicyService
 {
   TCreateSentryRoleResponse create_sentry_role(1:TCreateSentryRoleRequest request)
   TDropSentryRoleResponse drop_sentry_role(1:TDropSentryRoleRequest request)
-
-  TCreateSentryPrivilegeResponse create_sentry_privilege(1:TCreateSentryPrivilegeRequest
request)
-  //TDropSentryPrivilegeResponse drop_sentry_privilege(1:TDropSentryPrivilegeRequest request)
-
+  
+  TAlterSentryRoleGrantPrivilegeResponse alter_sentry_role_grant_privilege(1:TAlterSentryRoleGrantPrivilegeRequest
request)
+  TAlterSentryRoleRevokePrivilegeResponse alter_sentry_role_revoke_privilege(1:TAlterSentryRoleRevokePrivilegeRequest
request)
+  
   TAlterSentryRoleAddGroupsResponse alter_sentry_role_add_groups(1:TAlterSentryRoleAddGroupsRequest
request)
   TAlterSentryRoleDeleteGroupsResponse alter_sentry_role_delete_groups(1:TAlterSentryRoleDeleteGroupsRequest
request)
 

http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/a7df761d/sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/provider/db/service/thrift/TestNotificationHandlerInvoker.java
----------------------------------------------------------------------
diff --git a/sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/provider/db/service/thrift/TestNotificationHandlerInvoker.java
b/sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/provider/db/service/thrift/TestNotificationHandlerInvoker.java
index dab26e1..6a2f48f 100644
--- a/sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/provider/db/service/thrift/TestNotificationHandlerInvoker.java
+++ b/sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/provider/db/service/thrift/TestNotificationHandlerInvoker.java
@@ -62,14 +62,7 @@ public class TestNotificationHandlerInvoker {
         request, response);
   }
 
-  @Test
-  public void testCreateSentryPrivilege() throws Exception {
-    TCreateSentryPrivilegeRequest request = new TCreateSentryPrivilegeRequest();
-    TCreateSentryPrivilegeResponse response = new TCreateSentryPrivilegeResponse();
-    invoker.create_sentry_privilege(commitContext, request, response);
-    Mockito.verify(handler).create_sentry_privilege(commitContext,
-        request, response);
-  }
+
 
   @Test
   public void testAlterSentryRoleAddGroups() throws Exception {
@@ -95,18 +88,12 @@ public class TestNotificationHandlerInvoker {
     }
     @Override
     public void create_sentry_role(CommitContext args,
-        TCreateSentryRoleRequest request, TCreateSentryRoleResponse response) {
+                                   TCreateSentryRoleRequest request, TCreateSentryRoleResponse
response) {
       throw new RuntimeException();
     }
     public void drop_sentry_role(CommitContext context,
-        TDropSentryRoleRequest request,
-        TDropSentryRoleResponse response) {
-      throw new RuntimeException();
-    }
-    @Override
-    public void create_sentry_privilege(CommitContext args,
-        TCreateSentryPrivilegeRequest request,
-        TCreateSentryPrivilegeResponse response) {
+                                 TDropSentryRoleRequest request,
+                                 TDropSentryRoleResponse response) {
       throw new RuntimeException();
     }
     @Override
@@ -117,8 +104,8 @@ public class TestNotificationHandlerInvoker {
     }
     @Override
     public void alter_sentry_role_delete_groups(
-        CommitContext args, TAlterSentryRoleDeleteGroupsRequest request,
-        TAlterSentryRoleDeleteGroupsResponse response) {
+      CommitContext args, TAlterSentryRoleDeleteGroupsRequest request,
+      TAlterSentryRoleDeleteGroupsResponse response) {
       throw new RuntimeException();
     }
   }

http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/a7df761d/sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/provider/db/service/thrift/TestSentryServiceIntegration.java
----------------------------------------------------------------------
diff --git a/sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/provider/db/service/thrift/TestSentryServiceIntegration.java
b/sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/provider/db/service/thrift/TestSentryServiceIntegration.java
index 8e1be52..dae7674 100644
--- a/sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/provider/db/service/thrift/TestSentryServiceIntegration.java
+++ b/sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/provider/db/service/thrift/TestSentryServiceIntegration.java
@@ -70,4 +70,69 @@ public class TestSentryServiceIntegration extends SentryServiceIntegrationBase
{
     assertOK(dropResp.getStatus());
     LOGGER.info("Successfully dropped role: admin_r");
   }
-}
\ No newline at end of file
+
+  @Test
+  public void testGrantRevokePrivilege() throws Exception {
+    TDropSentryRoleRequest dropReq = new TDropSentryRoleRequest();
+    dropReq.setProtocol_version(ThriftConstants.TSENTRY_SERVICE_VERSION_CURRENT);
+    dropReq.setRoleName("admin_testdb");
+    dropReq.setUserName("server_admin");
+    TDropSentryRoleResponse dropResp = client.dropRole(dropReq);
+    assertStatus(Status.NO_SUCH_OBJECT, dropResp.getStatus());
+    LOGGER.info("Successfully dropped role: admin_testdb");
+
+    TCreateSentryRoleRequest createReq = new TCreateSentryRoleRequest();
+    createReq.setProtocol_version(ThriftConstants.TSENTRY_SERVICE_VERSION_CURRENT);
+    createReq.setUserName("server_admin");
+    TSentryRole role = new TSentryRole();
+    role.setRoleName("admin_testdb");
+    role.setCreateTime(System.currentTimeMillis());
+    role.setGrantorPrincipal("server_admin");
+    role.setPrivileges(new HashSet<TSentryPrivilege>());
+    createReq.setRole(role);
+    TCreateSentryRoleResponse createResp = client.createRole(createReq);
+    assertOK(createResp.getStatus());
+    LOGGER.info("Successfully create role: admin_testdb");
+
+    TListSentryRolesRequest listReq = new TListSentryRolesRequest();
+    listReq.setProtocol_version(ThriftConstants.TSENTRY_SERVICE_VERSION_CURRENT);
+    listReq.setRoleName("admin_testdb");
+    listReq.setUserName("server_admin");
+    TListSentryRolesResponse listResp = client.listRoleByName(listReq);
+    Set<TSentryRole> roles = listResp.getRoles();
+    Preconditions.checkArgument(roles.size() == 1, "Incorrect number of roles");
+
+    TAlterSentryRoleGrantPrivilegeRequest grantReq = new TAlterSentryRoleGrantPrivilegeRequest();
+    grantReq.setProtocol_version(ThriftConstants.TSENTRY_SERVICE_VERSION_CURRENT);
+    grantReq.setRoleName("admin_testdb");
+    grantReq.setUserName("server_admin");
+    TSentryPrivilege privilege = new TSentryPrivilege();
+    privilege.setPrivilegeScope("DB");
+    privilege.setServerName("server1");
+    privilege.setDbName("testDB");
+    privilege.setAction("ALL");
+    privilege.setGrantorPrincipal("server_admin");
+    privilege.setCreateTime(System.currentTimeMillis());
+    grantReq.setPrivilege(privilege);
+    TAlterSentryRoleGrantPrivilegeResponse grantResp = client.grantPrivilege(grantReq);
+    assertOK(grantResp.getStatus());
+    LOGGER.info("Successfully granted privilege: " + privilege.toString());
+
+    TAlterSentryRoleRevokePrivilegeRequest revokeReq = new TAlterSentryRoleRevokePrivilegeRequest();
+    revokeReq.setProtocol_version(ThriftConstants.TSENTRY_SERVICE_VERSION_CURRENT);
+    revokeReq.setRoleName("admin_testdb");
+    revokeReq.setUserName("server_admin");
+    revokeReq.setPrivilege(privilege);
+    TAlterSentryRoleRevokePrivilegeResponse revokeResp = client.revokePrivilege(revokeReq);
+    assertOK(revokeResp.getStatus());
+    LOGGER.info("Successfully revoked privilege: " + privilege.toString());
+
+    dropReq.setProtocol_version(ThriftConstants.TSENTRY_SERVICE_VERSION_CURRENT);
+    dropReq.setRoleName("admin_testdb");
+    dropReq.setUserName("server_admin");
+    dropResp = client.dropRole(dropReq);
+    assertOK(dropResp.getStatus());
+    LOGGER.info("Successfully dropped role: admin_testdb");
+  }
+
+}


Mime
View raw message