sentry-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From ak...@apache.org
Subject sentry git commit: SENTRY-1361: Refactor revokePrivilege of Sentry Client (Ke Jia via Dapeng Sun)
Date Sat, 11 Mar 2017 01:53:17 GMT
Repository: sentry
Updated Branches:
  refs/heads/sentry-ha-redesign 62b002321 -> b850bbb0c


SENTRY-1361: Refactor revokePrivilege of Sentry Client (Ke Jia via Dapeng Sun)


Project: http://git-wip-us.apache.org/repos/asf/sentry/repo
Commit: http://git-wip-us.apache.org/repos/asf/sentry/commit/b850bbb0
Tree: http://git-wip-us.apache.org/repos/asf/sentry/tree/b850bbb0
Diff: http://git-wip-us.apache.org/repos/asf/sentry/diff/b850bbb0

Branch: refs/heads/sentry-ha-redesign
Commit: b850bbb0c079922d34302b514bc2b0dc17a44482
Parents: 62b0023
Author: Alexander Kolbasov <akolb@cloudera.com>
Authored: Fri Mar 10 17:53:02 2017 -0800
Committer: Alexander Kolbasov <akolb@cloudera.com>
Committed: Fri Mar 10 17:53:02 2017 -0800

----------------------------------------------------------------------
 .../thrift/SentryPolicyServiceClient.java       |  6 +++
 .../SentryPolicyServiceClientDefaultImpl.java   | 40 ++++++++++++++------
 .../hive/RevokePrivilegeFromRoleCmd.java        | 22 +----------
 3 files changed, 36 insertions(+), 32 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/sentry/blob/b850bbb0/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/thrift/SentryPolicyServiceClient.java
----------------------------------------------------------------------
diff --git a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/thrift/SentryPolicyServiceClient.java
b/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/thrift/SentryPolicyServiceClient.java
index 1e72b74..8949667 100644
--- a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/thrift/SentryPolicyServiceClient.java
+++ b/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/thrift/SentryPolicyServiceClient.java
@@ -145,6 +145,12 @@ public interface SentryPolicyServiceClient {
       String db, String table, List<String> columns, String action, Boolean grantOption)
       throws SentryUserException;
 
+  void revokePrivileges(String requestorUserName, String roleName, Set<TSentryPrivilege>
privileges)
+      throws SentryUserException;
+
+  void revokePrivilege(String requestorUserName, String roleName, TSentryPrivilege privilege)
+      throws SentryUserException;
+
   Set<String> listPrivilegesForProvider(Set<String> groups, Set<String>
users,
       ActiveRoleSet roleSet, Authorizable... authorizable) throws SentryUserException;
 

http://git-wip-us.apache.org/repos/asf/sentry/blob/b850bbb0/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/thrift/SentryPolicyServiceClientDefaultImpl.java
----------------------------------------------------------------------
diff --git a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/thrift/SentryPolicyServiceClientDefaultImpl.java
b/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/thrift/SentryPolicyServiceClientDefaultImpl.java
index 2dc8af8..5bca574 100644
--- a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/thrift/SentryPolicyServiceClientDefaultImpl.java
+++ b/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/thrift/SentryPolicyServiceClientDefaultImpl.java
@@ -613,6 +613,34 @@ public class SentryPolicyServiceClientDefaultImpl implements SentryPolicyService
     }
   }
 
+  public synchronized void revokePrivileges(String requestorUserName, String roleName, Set<TSentryPrivilege>
privileges) throws  SentryUserException {
+    this.revokePrivilegesCore(requestorUserName, roleName, privileges);
+  }
+
+  public synchronized void revokePrivilege(String requestorUserName, String roleName, TSentryPrivilege
privilege) throws  SentryUserException {
+    this.revokePrivilegeCore(requestorUserName, roleName, privilege);
+
+  }
+
+  private void revokePrivilegeCore(String requestorUserName, String roleName, TSentryPrivilege
privilege) throws SentryUserException {
+    this.revokePrivilegesCore(requestorUserName, roleName, ImmutableSet.of(privilege));
+  }
+
+  private void revokePrivilegesCore(String requestorUserName, String roleName, Set<TSentryPrivilege>
privileges) throws SentryUserException {
+    TAlterSentryRoleRevokePrivilegeRequest request = new TAlterSentryRoleRevokePrivilegeRequest();
+    request.setProtocol_version(ThriftConstants.TSENTRY_SERVICE_VERSION_CURRENT);
+    request.setRequestorUserName(requestorUserName);
+    request.setRoleName(roleName);
+    request.setPrivileges(privileges);
+    try {
+      TAlterSentryRoleRevokePrivilegeResponse response = client.alter_sentry_role_revoke_privilege(
+          request);
+      Status.throwIfNotOk(response.getStatus());
+    } catch (TException e) {
+      throw new SentryUserException(THRIFT_EXCEPTION_MESSAGE, e);
+    }
+  }
+
   public synchronized void revokeURIPrivilege(String requestorUserName,
       String roleName, String server, String uri)
   throws SentryUserException {
@@ -744,19 +772,9 @@ public class SentryPolicyServiceClientDefaultImpl implements SentryPolicyService
       PrivilegeScope scope, String serverName, String uri, String db, String table, List<String>
columns,
       String action, Boolean grantOption)
   throws SentryUserException {
-    TAlterSentryRoleRevokePrivilegeRequest request = new TAlterSentryRoleRevokePrivilegeRequest();
-    request.setProtocol_version(ThriftConstants.TSENTRY_SERVICE_VERSION_CURRENT);
-    request.setRequestorUserName(requestorUserName);
-    request.setRoleName(roleName);
     Set<TSentryPrivilege> privileges = convertColumnPrivileges(scope,
         serverName, uri, db, table, columns, action, grantOption);
-    request.setPrivileges(privileges);
-    try {
-      TAlterSentryRoleRevokePrivilegeResponse response = client.alter_sentry_role_revoke_privilege(request);
-      Status.throwIfNotOk(response.getStatus());
-    } catch (TException e) {
-      throw new SentryUserException(THRIFT_EXCEPTION_MESSAGE, e);
-    }
+    this.revokePrivilegesCore(requestorUserName, roleName, privileges);
   }
 
   private Set<TSentryPrivilege> convertColumnPrivileges(

http://git-wip-us.apache.org/repos/asf/sentry/blob/b850bbb0/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/tools/command/hive/RevokePrivilegeFromRoleCmd.java
----------------------------------------------------------------------
diff --git a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/tools/command/hive/RevokePrivilegeFromRoleCmd.java
b/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/tools/command/hive/RevokePrivilegeFromRoleCmd.java
index f3da6c4..fe6aca5 100644
--- a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/tools/command/hive/RevokePrivilegeFromRoleCmd.java
+++ b/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/tools/command/hive/RevokePrivilegeFromRoleCmd.java
@@ -18,9 +18,7 @@
 package org.apache.sentry.provider.db.tools.command.hive;
 
 import org.apache.sentry.provider.db.service.thrift.SentryPolicyServiceClient;
-import org.apache.sentry.provider.db.service.thrift.TSentryGrantOption;
 import org.apache.sentry.provider.db.service.thrift.TSentryPrivilege;
-import org.apache.sentry.service.thrift.ServiceConstants;
 
 /**
  * The class for admin command to revoke privileges from role.
@@ -38,25 +36,7 @@ public class RevokePrivilegeFromRoleCmd implements Command {
   @Override
   public void execute(SentryPolicyServiceClient client, String requestorName) throws Exception
{
     TSentryPrivilege tSentryPrivilege = CommandUtil.convertToTSentryPrivilege(privilegeStr);
-    boolean grantOption = tSentryPrivilege.getGrantOption().equals(TSentryGrantOption.TRUE)
? true : false;
-    if (ServiceConstants.PrivilegeScope.SERVER.toString().equals(tSentryPrivilege.getPrivilegeScope()))
{
-      client.revokeServerPrivilege(requestorName, roleName, tSentryPrivilege.getServerName(),
-              grantOption);
-    } else if (ServiceConstants.PrivilegeScope.DATABASE.toString().equals(tSentryPrivilege.getPrivilegeScope()))
{
-      client.revokeDatabasePrivilege(requestorName, roleName, tSentryPrivilege.getServerName(),
-              tSentryPrivilege.getDbName(), tSentryPrivilege.getAction(), grantOption);
-    } else if (ServiceConstants.PrivilegeScope.TABLE.toString().equals(tSentryPrivilege.getPrivilegeScope()))
{
-      client.revokeTablePrivilege(requestorName, roleName, tSentryPrivilege.getServerName(),
-              tSentryPrivilege.getDbName(), tSentryPrivilege.getTableName(),
-              tSentryPrivilege.getAction(), grantOption);
-    } else if (ServiceConstants.PrivilegeScope.COLUMN.toString().equals(tSentryPrivilege.getPrivilegeScope()))
{
-      client.revokeColumnPrivilege(requestorName, roleName, tSentryPrivilege.getServerName(),
-              tSentryPrivilege.getDbName(), tSentryPrivilege.getTableName(),
-              tSentryPrivilege.getColumnName(), tSentryPrivilege.getAction(), grantOption);
-    } else if (ServiceConstants.PrivilegeScope.URI.toString().equals(tSentryPrivilege.getPrivilegeScope()))
{
-      client.revokeURIPrivilege(requestorName, roleName, tSentryPrivilege.getServerName(),
-              tSentryPrivilege.getURI(), grantOption);
-    }
+   client.revokePrivilege(requestorName, roleName, tSentryPrivilege);
   }
 
 }


Mime
View raw message