def rename_sentry_privilege(self, oldAuthorizable, newAuthorizable):
oldAuthorizable = TSentryAuthorizable(**oldAuthorizable)
newAuthorizable = TSentryAuthorizable(**newAuthorizable)
request = TRenamePrivilegesRequest(requestorUserName=self.username,
oldAuthorizable=oldAuthorizable,
newAuthorizable=newAuthorizable)
return self.client.rename_sentry_privilege(request)
def list_sentry_privileges_for_provider(self,
groups,
roleSet=None,
authorizableHierarchy=None):
"""
struct TSentryActiveRoleSet {
1: required bool all,
2: required set<string> roles,
}
struct TListSentryPrivilegesForProviderResponse {
1: required sentry_common_service.TSentryResponseStatus status
2: required set<string> privileges
}
"""
if roleSet is not None:
roleSet = TSentryActiveRoleSet(**roleSet)
if authorizableHierarchy is not None:
authorizableHierarchy = TSentryAuthorizable(
**authorizableHierarchy)
request = TListSentryPrivilegesForProviderRequest(
groups=groups,
roleSet=roleSet,
authorizableHierarchy=authorizableHierarchy)
return self.client.list_sentry_privileges_for_provider(request)
def list_sentry_privileges_by_authorizable(self, authorizableSet, groups=None, roleSet=None):
authorizableSet = [TSentryAuthorizable(**authorizable) for authorizable in authorizableSet]
if roleSet is not None:
roleSet = TSentryActiveRoleSet(**roleSet)
request = TListSentryPrivilegesByAuthRequest(requestorUserName=self.username, authorizableSet=authorizableSet, groups=groups, roleSet=roleSet)
return self.client.list_sentry_privileges_by_authorizable(request)
def list_sentry_privileges_by_role(self,
roleName,
authorizableHierarchy=None):
if authorizableHierarchy is not None:
authorizableHierarchy = TSentryAuthorizable(
**authorizableHierarchy)
request = TListSentryPrivilegesRequest(
requestorUserName=self.username,
roleName=roleName,
authorizableHierarchy=authorizableHierarchy)
return self.client.list_sentry_privileges_by_role(request)
def drop_sentry_privilege(self, authorizable):
authorizable = TSentryAuthorizable(**authorizable)
request = TDropPrivilegesRequest(requestorUserName=self.username,
authorizable=authorizable)
return self.client.drop_sentry_privilege(request)