sentry-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From s..@apache.org
Subject [06/25] incubator-sentry git commit: SENTRY-841: Revoke on SERVER scope breaks Client API, allows any string to be passed in (Ryan P via Dapeng Sun, Reviewed by Colin Ma)
Date Thu, 05 Nov 2015 01:44:34 GMT
SENTRY-841: Revoke on SERVER scope breaks Client API, allows any string to be passed in (Ryan
P via Dapeng Sun, Reviewed by Colin Ma)


Project: http://git-wip-us.apache.org/repos/asf/incubator-sentry/repo
Commit: http://git-wip-us.apache.org/repos/asf/incubator-sentry/commit/6955182b
Tree: http://git-wip-us.apache.org/repos/asf/incubator-sentry/tree/6955182b
Diff: http://git-wip-us.apache.org/repos/asf/incubator-sentry/diff/6955182b

Branch: refs/heads/hive_plugin_v2
Commit: 6955182b8867dcce5072f7119d0192abea7baff5
Parents: ec2f76c
Author: Sun Dapeng <sdp@apache.org>
Authored: Sun Sep 6 09:15:49 2015 +0800
Committer: Sun Dapeng <sdp@apache.org>
Committed: Mon Nov 2 16:35:12 2015 +0800

----------------------------------------------------------------------
 .../thrift/SentryPolicyServiceClient.java       |  3 +++
 .../SentryPolicyServiceClientDefaultImpl.java   |  7 +++++
 .../thrift/TestSentryServiceIntegration.java    | 28 ++++++++++++++++++++
 3 files changed, 38 insertions(+)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/6955182b/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/thrift/SentryPolicyServiceClient.java
----------------------------------------------------------------------
diff --git a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/thrift/SentryPolicyServiceClient.java
b/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/thrift/SentryPolicyServiceClient.java
index 3c2c7c6..cbc0aaf 100644
--- a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/thrift/SentryPolicyServiceClient.java
+++ b/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/thrift/SentryPolicyServiceClient.java
@@ -113,6 +113,9 @@ public interface SentryPolicyServiceClient {
   public void revokeServerPrivilege(String requestorUserName, String roleName, String server,
       String action, Boolean grantOption) throws SentryUserException;
 
+  public void revokeServerPrivilege(String requestorUserName, String roleName, String server,
+      boolean grantOption) throws SentryUserException;
+
   public void revokeDatabasePrivilege(String requestorUserName, String roleName, String server,
       String db, String action) throws SentryUserException;
 

http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/6955182b/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/thrift/SentryPolicyServiceClientDefaultImpl.java
----------------------------------------------------------------------
diff --git a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/thrift/SentryPolicyServiceClientDefaultImpl.java
b/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/thrift/SentryPolicyServiceClientDefaultImpl.java
index 4afe1b4..fe2fef7 100644
--- a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/thrift/SentryPolicyServiceClientDefaultImpl.java
+++ b/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/thrift/SentryPolicyServiceClientDefaultImpl.java
@@ -497,6 +497,13 @@ public class SentryPolicyServiceClientDefaultImpl implements SentryPolicyService
         PrivilegeScope.SERVER, server, null, null, null, null, action, grantOption);
   }
 
+  public void revokeServerPrivilege(String requestorUserName,
+      String roleName, String server, boolean grantOption)
+  throws SentryUserException {
+    revokePrivilege(requestorUserName, roleName,
+      PrivilegeScope.SERVER, server, null, null, null, null, AccessConstants.ALL, grantOption);
+  }
+
   public void revokeDatabasePrivilege(String requestorUserName,
       String roleName, String server, String db, String action)
   throws SentryUserException {

http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/6955182b/sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/provider/db/service/thrift/TestSentryServiceIntegration.java
----------------------------------------------------------------------
diff --git a/sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/provider/db/service/thrift/TestSentryServiceIntegration.java
b/sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/provider/db/service/thrift/TestSentryServiceIntegration.java
index 02c7535..0d35b7d 100644
--- a/sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/provider/db/service/thrift/TestSentryServiceIntegration.java
+++ b/sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/provider/db/service/thrift/TestSentryServiceIntegration.java
@@ -820,4 +820,32 @@ public class TestSentryServiceIntegration extends SentryServiceIntegrationBase
{
 
       }});
   }
+
+  /* SENTRY-841 */
+  @Test
+  public void testGranRevokePrivilegeOnServerForRole() throws Exception {
+    runTestAsSubject(new TestOperation(){
+      @Override
+      public void runTestAsSubject() throws Exception {
+        String requestorUserName = ADMIN_USER;
+        Set<String> requestorUserGroupNames = Sets.newHashSet(ADMIN_GROUP);
+        setLocalGroupMapping(requestorUserName, requestorUserGroupNames);
+        writePolicyFile();
+
+        String roleName1 = "admin_r1";
+
+        client.dropRoleIfExists(requestorUserName, roleName1);
+        client.createRole(requestorUserName, roleName1);
+
+        client.grantServerPrivilege(requestorUserName, roleName1, "server", false);
+
+        Set<TSentryPrivilege> listPrivs = client.listAllPrivilegesByRoleName(requestorUserName,
roleName1);
+        assertTrue("Privilege should be all:",listPrivs.iterator().next().getAction().equals("*"));
+
+        client.revokeServerPrivilege(requestorUserName, roleName1, "server", false);
+        listPrivs = client.listAllPrivilegesByRoleName(requestorUserName, roleName1);
+        assertTrue("Privilege not correctly revoked !!", listPrivs.size() == 0);
+
+      }});
+  }
 }


Mime
View raw message