sentry-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From ak...@apache.org
Subject sentry git commit: SENTRY-1548: Setting GrantOption to UNSET upsets Sentry (Added missing files)
Date Fri, 14 Apr 2017 22:38:37 GMT
Repository: sentry
Updated Branches:
  refs/heads/sentry-ha-redesign ff79cf271 -> ff369db20


SENTRY-1548: Setting GrantOption to UNSET upsets Sentry (Added missing files)


Project: http://git-wip-us.apache.org/repos/asf/sentry/repo
Commit: http://git-wip-us.apache.org/repos/asf/sentry/commit/ff369db2
Tree: http://git-wip-us.apache.org/repos/asf/sentry/tree/ff369db2
Diff: http://git-wip-us.apache.org/repos/asf/sentry/diff/ff369db2

Branch: refs/heads/sentry-ha-redesign
Commit: ff369db20e3f1928c8d6b98f6b8ec4842390e7f8
Parents: ff79cf2
Author: Alexander Kolbasov <akolb@cloudera.com>
Authored: Fri Apr 14 15:37:51 2017 -0700
Committer: Alexander Kolbasov <akolb@cloudera.com>
Committed: Fri Apr 14 15:37:51 2017 -0700

----------------------------------------------------------------------
 .../GrantPrivilegeRequestValidator.java         | 91 ++++++++++++++++++++
 .../RevokePrivilegeRequestValidator.java        | 46 ++++++++++
 2 files changed, 137 insertions(+)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/sentry/blob/ff369db2/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/thrift/validator/GrantPrivilegeRequestValidator.java
----------------------------------------------------------------------
diff --git a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/thrift/validator/GrantPrivilegeRequestValidator.java
b/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/thrift/validator/GrantPrivilegeRequestValidator.java
new file mode 100644
index 0000000..f714d5d
--- /dev/null
+++ b/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/thrift/validator/GrantPrivilegeRequestValidator.java
@@ -0,0 +1,91 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership.  The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License.  You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.sentry.provider.db.service.thrift.validator;
+
+import java.util.Set;
+
+import org.apache.sentry.core.common.exception.SentryInvalidInputException;
+import org.apache.sentry.provider.db.service.thrift.TAlterSentryRoleGrantPrivilegeRequest;
+import org.apache.sentry.provider.db.service.thrift.TSentryGrantOption;
+import org.apache.sentry.provider.db.service.thrift.TSentryPrivilege;
+
+/**
+ * Check's for mandatory fields in the privileges and
+ * checks to see if the UNSET option is present.
+ */
+public final class GrantPrivilegeRequestValidator {
+  private GrantPrivilegeRequestValidator() {
+  }
+
+  /**
+   * Validates privileges in input request by making sure mandatory fields like
+   * server name and action in the privileges are not empty and see all the values in the
+   * request are valid.
+   *
+   * @param request to be validated.
+   * @throws SentryInvalidInputException If all the mandatory fields in the privileges are
+   *                                     not present [OR] invalid fields a provided in request.
+   */
+  public static void validate(TAlterSentryRoleGrantPrivilegeRequest request)
+    throws SentryInvalidInputException {
+    if (request.isSetPrivileges() && (!request.getPrivileges().isEmpty())) {
+      checkForMandatoryFieldsInPrivileges(request.getPrivileges());
+      validateGrantOptionInprivileges(request.getPrivileges());
+    }
+  }
+
+  /**
+   * Checks for mandatory fields "serverName" and "action" in all the privileges
+   * in the set are not empty.
+   *
+   * @param privileges Set of <code>TSentryPrivileges</code> to be inspected
+   * @throws SentryInvalidInputException If all the mandatory fields in the privileges are
+   *                                     not present
+   */
+  static void checkForMandatoryFieldsInPrivileges(Set<TSentryPrivilege> privileges)
+    throws SentryInvalidInputException {
+    for (TSentryPrivilege privilege : privileges) {
+      if (privilege.getServerName() == null ||
+        privilege.getServerName().trim().isEmpty()) {
+        throw new SentryInvalidInputException("Invalid Privilege input: Server Name is missing");
+      }
+      if (privilege.getAction() == null ||
+        privilege.getAction().trim().isEmpty()) {
+        throw new SentryInvalidInputException("Invalid Privilege input: Action is missing");
+      }
+    }
+  }
+
+  /**
+   * Validates grant option in all the privileges.
+   *
+   * @param privileges Set of privileges to be validated
+   * @throws SentryInvalidInputException If the validation for grant option fails for any
+   *                                     of the privileges.
+   */
+  private static void validateGrantOptionInprivileges(Set<TSentryPrivilege> privileges)
+    throws SentryInvalidInputException {
+    for (TSentryPrivilege privilege : privileges) {
+      if (privilege.getGrantOption() == TSentryGrantOption.UNSET) {
+        throw new SentryInvalidInputException("Invalid Privilege input," +
+          " UNSET option for GRANT <PRIVILEGE> is not valid");
+      }
+    }
+  }
+}

http://git-wip-us.apache.org/repos/asf/sentry/blob/ff369db2/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/thrift/validator/RevokePrivilegeRequestValidator.java
----------------------------------------------------------------------
diff --git a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/thrift/validator/RevokePrivilegeRequestValidator.java
b/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/thrift/validator/RevokePrivilegeRequestValidator.java
new file mode 100644
index 0000000..da4f0e9
--- /dev/null
+++ b/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/thrift/validator/RevokePrivilegeRequestValidator.java
@@ -0,0 +1,46 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership.  The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License.  You may obtain a copy of the License at
+ * <p>
+ * http://www.apache.org/licenses/LICENSE-2.0
+ * <p>
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.sentry.provider.db.service.thrift.validator;
+
+import org.apache.sentry.core.common.exception.SentryInvalidInputException;
+import org.apache.sentry.provider.db.service.thrift.TAlterSentryRoleRevokePrivilegeRequest;
+
+/**
+ * Check's for mandatory fields in the privileges
+ */
+public final class RevokePrivilegeRequestValidator {
+  private RevokePrivilegeRequestValidator() {
+  }
+
+  /**
+   * Validates privileges in input request by making sure mandatory fields like
+   * server name and action in the privileges are not empty and see all the values in the
+   * request are valid.
+   *
+   * @param request to be validated.
+   * @throws SentryInvalidInputException If all the mandatory fields in the privileges are
+   *                                     not present [OR] invalid fields a provided in request.
+   */
+  public static void validate(TAlterSentryRoleRevokePrivilegeRequest request)
+    throws SentryInvalidInputException {
+    if (request.isSetPrivileges() && (!request.getPrivileges().isEmpty())) {
+      GrantPrivilegeRequestValidator.checkForMandatoryFieldsInPrivileges(request.getPrivileges());
+    }
+  }
+}


Mime
View raw message