def config_validator(user):
from libsentry.api import get_api
from libsentry.api2 import get_api as get_api2
res = []
try:
get_api(user).list_sentry_roles_by_group('*')
except Exception, e:
res.append(('%s: Sentry Service' % NICE_NAME, _("Failed to connect to Sentry API (version 1).")))
def drop_sentry_role(request):
result = {'status': -1, 'message': 'Error'}
try:
roleName = request.POST['roleName']
get_api(request.user).drop_sentry_role(roleName)
result['message'] = _('Role and privileges deleted.')
result['status'] = 0
except Exception, e:
result['message'] = unicode(str(e), "utf8")
def rename_sentry_privilege(request):
result = {'status': -1, 'message': 'Error'}
try:
oldAuthorizable = json.loads(request.POST['oldAuthorizable'])
newAuthorizable = json.loads(request.POST['newAuthorizable'])
get_api(request.user).rename_sentry_privilege(oldAuthorizable, newAuthorizable)
result['message'] = _('Privilege deleted.')
result['status'] = 0
except Exception, e:
result['message'] = unicode(str(e), "utf8")
def create_sentry_role(request):
result = {'status': -1, 'message': 'Error'}
try:
roleName = request.POST['roleName']
get_api(request.user).create_sentry_role(roleName)
result['message'] = _('Role and privileges created.')
result['status'] = 0
except Exception, e:
LOG.exception("could not create role")
result['message'] = unicode(str(e), "utf8")
def drop_sentry_role(request):
result = {"status": -1, "message": "Error"}
try:
roleName = request.POST["roleName"]
get_api(request.user).drop_sentry_role(roleName)
result["message"] = _("Role and privileges deleted.")
result["status"] = 0
except Exception, e:
LOG.exception("could not drop role")
result["message"] = unicode(str(e), "utf8")
def create_sentry_role(request):
result = {'status': -1, 'message': 'Error'}
try:
roleName = request.POST['roleName']
get_api(request.user).create_sentry_role(roleName)
result['message'] = _('Role and privileges created.')
result['status'] = 0
except Exception, e:
LOG.exception("could not create role")
result['message'] = unicode(str(e), "utf8")
def rename_sentry_privilege(request):
result = {'status': -1, 'message': 'Error'}
try:
oldAuthorizable = json.loads(request.POST['oldAuthorizable'])
newAuthorizable = json.loads(request.POST['newAuthorizable'])
get_api(request.user).rename_sentry_privilege(oldAuthorizable,
newAuthorizable)
result['message'] = _('Privilege deleted.')
result['status'] = 0
except Exception, e:
result['message'] = unicode(str(e), "utf8")
def rename_sentry_privilege(request):
result = {"status": -1, "message": "Error"}
try:
oldAuthorizable = json.loads(request.POST["oldAuthorizable"])
newAuthorizable = json.loads(request.POST["newAuthorizable"])
get_api(request.user).rename_sentry_privilege(oldAuthorizable, newAuthorizable)
result["message"] = _("Privilege deleted.")
result["status"] = 0
except Exception, e:
LOG.exception("could not rename privilege")
result["message"] = unicode(str(e), "utf8")
def drop_sentry_role(request):
result = {'status': -1, 'message': 'Error'}
try:
roleName = request.POST.get('roleName')
get_api(request.user).drop_sentry_role(roleName)
result['message'] = _('Role and privileges deleted.')
result['status'] = 0
except Exception as e:
LOG.exception("could not drop role")
result['message'] = str(e)
return JsonResponse(result)
def rename_sentry_privilege(request):
result = {'status': -1, 'message': 'Error'}
try:
oldAuthorizable = json.loads(request.POST.get('oldAuthorizable'))
newAuthorizable = json.loads(request.POST.get('newAuthorizable'))
get_api(request.user).rename_sentry_privilege(oldAuthorizable, newAuthorizable)
result['message'] = _('Privilege deleted.')
result['status'] = 0
except Exception as e:
LOG.exception("could not rename privilege")
result['message'] = str(e)
return JsonResponse(result)
def list_sentry_privileges_by_authorizable(request):
result = {"status": -1, "message": "Error"}
try:
groups = [request.POST["groupName"]] if request.POST["groupName"] else None
authorizableSet = [json.loads(request.POST["authorizableHierarchy"])]
_privileges = []
for authorizable, roles in get_api(request.user).list_sentry_privileges_by_authorizable(
authorizableSet=authorizableSet, groups=groups
):
for role, privileges in roles.iteritems():
for privilege in privileges:
privilege["roleName"] = role
_privileges.append(privilege)
result["privileges"] = sorted(_privileges, key=lambda privilege: privilege["roleName"])
result["message"] = ""
result["status"] = 0
except Exception, e:
LOG.exception("could not list privileges by authorizable")
result["message"] = unicode(str(e), "utf8")
def create_role(request):
result = {'status': -1, 'message': 'Error'}
try:
role = json.loads(request.POST.get('role'))
api = get_api(request.user)
api.create_sentry_role(role['name'])
privileges = [
privilege for privilege in role['privileges']
if privilege['status'] not in ('deleted', 'alreadydeleted')
]
result['privileges'] = _hive_add_privileges(request.user, role,
privileges)
api.alter_sentry_role_add_groups(role['name'], role['groups'])
result['role'] = {"name": role['name'], "groups": role['groups']}
result['message'] = _('Role created!')
result['status'] = 0
except Exception, e:
LOG.exception("could not create role")
result['message'] = unicode(str(e), "utf8")
def list_sentry_privileges_by_authorizable(request):
result = {'status': -1, 'message': 'Error'}
try:
groups = [request.POST.get('groupName')
] if request.POST.get('groupName') else None
authorizableSet = [
json.loads(request.POST.get('authorizableHierarchy'))
]
_privileges = []
for authorizable, roles in get_api(
request.user).list_sentry_privileges_by_authorizable(
authorizableSet=authorizableSet, groups=groups):
for role, privileges in roles.iteritems():
for privilege in privileges:
privilege['roleName'] = role
_privileges.append(privilege)
result['privileges'] = sorted(
_privileges, key=lambda privilege: privilege['roleName'])
result['message'] = ''
result['status'] = 0
except Exception, e:
LOG.exception("could not list privileges by authorizable")
result['message'] = unicode(str(e), "utf8")
def bulk_delete_privileges(request):
result = {"status": -1, "message": "Error"}
try:
checkedPaths = json.loads(request.POST["checkedPaths"])
authorizableHierarchy = json.loads(request.POST["authorizableHierarchy"])
for path in [path["path"] for path in checkedPaths]:
db, table, column = _get_splitted_path(path)
authorizableHierarchy.update({"db": db, "table": table, "column": column})
get_api(request.user).drop_sentry_privileges(authorizableHierarchy)
result["message"] = _("Privileges deleted.")
result["status"] = 0
except Exception, e:
LOG.exception("could not bulk delete privileges")
result["message"] = unicode(str(e), "utf8")
def config_validator(user):
from libsentry.api import get_api
from libsentry.api2 import get_api as get_api2
res = []
try:
get_api(user).list_sentry_roles_by_group('*')
except Exception as e:
res.append(('%s: Sentry Service' % NICE_NAME, _("Failed to connect to Sentry API (version 1).")))
try:
get_api2(user).list_sentry_roles_by_group('*')
except Exception as e:
res.append(('%s: Sentry Service' % NICE_NAME, _("Failed to connect to Sentry API (version 2).")))
return res
def setUp(self):
self.client = make_logged_in_client(username="******",
groupname="test",
recreate=True,
is_superuser=False)
self.user = User.objects.get(username="******")
grant_access("test", "test", "libsentry")
self.api = get_api(self.user)
self.checker = PrivilegeChecker(user=self.user, api=self.api)
def list_sentry_privileges_by_role(request):
result = {'status': -1, 'message': 'Error'}
try:
roleName = request.POST['roleName']
sentry_privileges = get_api(request.user).list_sentry_privileges_by_role(roleName)
result['sentry_privileges'] = sorted(sentry_privileges, key=lambda privilege: '%s.%s' % (privilege['database'], privilege['table']))
result['message'] = ''
result['status'] = 0
except Exception, e:
result['message'] = unicode(str(e), "utf8")
def list_sentry_roles_by_group(request):
result = {'status': -1, 'message': 'Error'}
try:
groupName = request.POST['groupName'] if request.POST['groupName'] else None
roles = get_api(request.user).list_sentry_roles_by_group(groupName)
result['roles'] = sorted(roles, key= lambda role: role['name'])
result['message'] = ''
result['status'] = 0
except Exception, e:
result['message'] = unicode(str(e), "utf8")
def bulk_delete_privileges(request):
result = {'status': -1, 'message': 'Error'}
try:
checkedPaths = json.loads(request.POST['checkedPaths'])
authorizableHierarchy = json.loads(request.POST['authorizableHierarchy'])
for path in [path['path'] for path in checkedPaths]:
db, table, column = _get_splitted_path(path)
authorizableHierarchy.update({
'db': db,
'table': table,
'column': column,
})
get_api(request.user).drop_sentry_privileges(authorizableHierarchy)
result['message'] = _('Privileges deleted.')
result['status'] = 0
except Exception, e:
LOG.exception("could not bulk delete privileges")
result['message'] = unicode(str(e), "utf8")
def test_ha_failover_all_bad(self):
# Test with all bad hosts
xml = self._sentry_site_xml(rpc_addresses='bad-host-1:8039,bad-host-2', rpc_port=self.rpc_port)
file(os.path.join(self.tmpdir, 'sentry-site.xml'), 'w').write(xml)
sentry_site.reset()
api = get_api(self.user)
assert_equal('bad-host-1:8039,bad-host-2', ','.join(sentry_site.get_sentry_server_rpc_addresses()))
assert_raises(PopupException, api.list_sentry_roles_by_group, '*')
api2 = get_api2(self.user, 'solr')
assert_raises(PopupException, api2.list_sentry_roles_by_group, '*')
def bulk_delete_privileges(request):
result = {'status': -1, 'message': 'Error'}
try:
checkedPaths = json.loads(request.POST['checkedPaths'])
authorizableHierarchy = json.loads(request.POST['authorizableHierarchy'])
for path in [path['path'] for path in checkedPaths]:
if '.' in path:
db, table = path.split('.')
else:
db, table = path, ''
authorizableHierarchy.update({
'db': db,
'table': table,
})
get_api(request.user).drop_sentry_privileges(authorizableHierarchy)
result['message'] = _('Privileges deleted.')
result['status'] = 0
except Exception, e:
result['message'] = unicode(str(e), "utf8")
def list_sentry_privileges_by_authorizable(request):
result = {'status': -1, 'message': 'Error'}
try:
groupName = request.POST['groupName'] if request.POST['groupName'] else None
roleSet = json.loads(request.POST['roleSet'])
authorizableHierarchy = json.loads(request.POST['authorizableHierarchy'])
privileges = []
roles = get_api(request.user).list_sentry_roles_by_group(groupName=groupName)
for role in roles:
for privilege in get_api(request.user).list_sentry_privileges_by_role(role['name'], authorizableHierarchy=authorizableHierarchy):
privilege['roleName'] = role['name']
privileges.append(privilege)
result['privileges'] = sorted(privileges, key=lambda privilege: privilege['roleName'])
result['message'] = ''
result['status'] = 0
except Exception, e:
result['message'] = unicode(str(e), "utf8")
def list_sentry_privileges_for_provider(request):
result = {'status': -1, 'message': 'Error'}
try:
groups = json.loads(request.POST['groups'])
roleSet = json.loads(request.POST['roleSet'])
authorizableHierarchy = json.loads(request.POST['authorizableHierarchy'])
sentry_privileges = get_api(request.user).list_sentry_privileges_for_provider(groups=groups, roleSet=roleSet, authorizableHierarchy=authorizableHierarchy)
result['sentry_privileges'] = sentry_privileges
result['message'] = ''
result['status'] = 0
except Exception, e:
result['message'] = unicode(str(e), "utf8")
def list_sentry_privileges_by_authorizable(request):
result = {'status': -1, 'message': 'Error'}
try:
groups = json.loads(request.POST['groups'])
roleSet = json.loads(request.POST['roleSet'])
authorizableHierarchy = json.loads(request.POST['authorizableHierarchy'])
privileges = []
roles = get_api(request.user).list_sentry_roles_by_group()
for role in roles:
for privilege in get_api(request.user).list_sentry_privileges_by_role(role['name']): # authorizableHierarchy not working here?
if privilege['database'] == authorizableHierarchy['db'] and ('table' not in authorizableHierarchy or privilege['table'] == authorizableHierarchy['table']):
privilege['roleName'] = role['name']
privileges.append(privilege)
result['privileges'] = privileges
result['message'] = ''
result['status'] = 0
except Exception, e:
result['message'] = unicode(str(e), "utf8")
def list_sentry_roles_by_group(request):
result = {'status': -1, 'message': 'Error'}
try:
if request.POST['groupName']:
groupName = request.POST['groupName']
else:
# Admins can see everything, other only the groups they belong too
groupName = None if request.user.groups.filter(name__in=get_sentry_server_admin_groups()).exists() else '*'
roles = get_api(request.user).list_sentry_roles_by_group(groupName)
result['roles'] = sorted(roles, key=lambda role: role['name'])
result['message'] = ''
result['status'] = 0
except Exception, e:
result['message'] = unicode(str(e), "utf8")
def test_no_rpc_hosts(self):
# Test with no rpc hosts and fallback to hostname and port
xml = self._sentry_site_xml(rpc_addresses='')
file(os.path.join(self.tmpdir, 'sentry-site.xml'), 'w').write(xml)
sentry_site.reset()
api = get_api(self.user)
assert_false(sentry_site.is_ha_enabled(), sentry_site.get_sentry_server_rpc_addresses())
assert_true(is_enabled() and HOSTNAME.get() and HOSTNAME.get() != 'localhost')
resp = api.list_sentry_roles_by_group(groupName='*')
assert_true(isinstance(resp, list))
api2 = get_api2(self.user, 'solr')
resp = api2.list_sentry_roles_by_group(groupName='*')
assert_true(isinstance(resp, list))
def list_sentry_privileges_by_role(request):
result = {'status': -1, 'message': 'Error'}
try:
roleName = request.POST.get('roleName')
sentry_privileges = get_api(request.user).list_sentry_privileges_by_role(roleName)
result['sentry_privileges'] = sorted(sentry_privileges, key=lambda privilege: '%s.%s.%s.%s' % (privilege['server'], privilege['database'], privilege['table'], privilege['URI']))
result['message'] = ''
result['status'] = 0
except Exception as e:
LOG.exception("could not list sentry privileges")
result['message'] = str(e)
return JsonResponse(result)
def test_ha_failover_good_bad_bad(self):
# Test with good-host,bad-host-1,bad-host-2
xml = self._sentry_site_xml(rpc_addresses='%s,bad-host-1,bad-host-2' %
self.rpc_addresses)
file(os.path.join(self.tmpdir, 'sentry-site.xml'), 'w').write(xml)
sentry_site.reset()
api = get_api(self.user)
assert_equal('%s,bad-host-1,bad-host-2' % self.rpc_addresses,
','.join(sentry_site.get_sentry_server_rpc_addresses()))
resp = api.list_sentry_roles_by_group(groupName='*')
assert_true(isinstance(resp, list))
api2 = get_api2(self.user, 'solr')
resp = api2.list_sentry_roles_by_group(groupName='*')
assert_true(isinstance(resp, list))
def list_sentry_privileges_by_role(request):
result = {"status": -1, "message": "Error"}
try:
roleName = request.POST["roleName"]
sentry_privileges = get_api(request.user).list_sentry_privileges_by_role(roleName)
result["sentry_privileges"] = sorted(
sentry_privileges,
key=lambda privilege: "%s.%s.%s.%s"
% (privilege["server"], privilege["database"], privilege["table"], privilege["URI"]),
)
result["message"] = ""
result["status"] = 0
except Exception, e:
LOG.exception("could not list sentry privileges")
result["message"] = unicode(str(e), "utf8")
def create_role(request):
result = {'status': -1, 'message': 'Error'}
try:
role = json.loads(request.POST['role'])
api = get_api(request.user)
api.create_sentry_role(role['name'])
result['privileges'] = _hive_add_privileges(request.user, role, role['privileges'])
api.alter_sentry_role_add_groups(role['name'], role['groups'])
result['role'] = {"name": role['name'], "groups": role['groups'], "grantorPrincipal": request.user.username}
result['message'] = _('Role created!')
result['status'] = 0
except Exception, e:
result['message'] = unicode(str(e), "utf8")
def list_sentry_privileges_for_provider(request):
result = {"status": -1, "message": "Error"}
try:
groups = json.loads(request.POST["groups"])
roleSet = json.loads(request.POST["roleSet"])
authorizableHierarchy = json.loads(request.POST["authorizableHierarchy"])
sentry_privileges = get_api(request.user).list_sentry_privileges_for_provider(
groups=groups, roleSet=roleSet, authorizableHierarchy=authorizableHierarchy
)
result["sentry_privileges"] = sentry_privileges
result["message"] = ""
result["status"] = 0
except Exception, e:
LOG.exception("could not list privileges for provider")
result["message"] = unicode(str(e), "utf8")
def list_sentry_privileges_for_provider(request):
result = {'status': -1, 'message': 'Error'}
try:
groups = json.loads(request.POST.get('groups'))
roleSet = json.loads(request.POST.get('roleSet'))
authorizableHierarchy = json.loads(request.POST.get('authorizableHierarchy'))
sentry_privileges = get_api(request.user).list_sentry_privileges_for_provider(groups=groups, roleSet=roleSet, authorizableHierarchy=authorizableHierarchy)
result['sentry_privileges'] = sentry_privileges
result['message'] = ''
result['status'] = 0
except Exception as e:
LOG.exception("could not list privileges for provider")
result['message'] = str(e)
return JsonResponse(result)
def update_role_groups(request):
result = {'status': -1, 'message': 'Error'}
try:
role = json.loads(request.POST['role'])
new_groups = set(role['groups']) - set(role['originalGroups'])
deleted_groups = set(role['originalGroups']) - set(role['groups'])
api = get_api(request.user)
if new_groups:
api.alter_sentry_role_add_groups(role['name'], new_groups)
if deleted_groups:
api.alter_sentry_role_delete_groups(role['name'], deleted_groups)
result['message'] = ''
result['status'] = 0
except Exception, e:
result['message'] = unicode(str(e), "utf8")
def create_role(request):
result = {'status': -1, 'message': 'Error'}
try:
role = json.loads(request.POST['role'])
api = get_api(request.user)
api.create_sentry_role(role['name'])
privileges = [privilege for privilege in role['privileges'] if privilege['status'] != 'deleted']
result['privileges'] = _hive_add_privileges(request.user, role, privileges)
api.alter_sentry_role_add_groups(role['name'], role['groups'])
result['role'] = {"name": role['name'], "groups": role['groups']}
result['message'] = _('Role created!')
result['status'] = 0
except Exception, e:
result['message'] = unicode(str(e), "utf8")
def list_sentry_roles_by_group(request):
result = {"status": -1, "message": "Error"}
try:
if request.POST["groupName"]:
groupName = request.POST["groupName"]
else:
# Admins can see everything, other only the groups they belong too
groupName = None if request.user.groups.filter(name__in=get_sentry_server_admin_groups()).exists() else "*"
roles = get_api(request.user).list_sentry_roles_by_group(groupName)
result["roles"] = sorted(roles, key=lambda role: role["name"])
result["message"] = ""
result["status"] = 0
except Exception, e:
LOG.exception("could not retrieve roles")
if "couldn't be retrieved." in str(e):
result["roles"] = []
result["status"] = 0
else:
result["message"] = unicode(str(e), "utf8")
def _hive_add_privileges(user, role, privileges):
api = get_api(user)
_privileges = []
for privilege in privileges:
if privilege['status'] not in ('deleted',):
api.alter_sentry_role_grant_privilege(role['name'], _to_sentry_privilege(privilege))
# Mocked until Sentry API returns the info. Not used currently as we refresh the whole role.
_privileges.append({
'timestamp': int(time.time()),
'grantor': user.username,
'database': privilege.get('dbName'),
'action': privilege.get('action'),
'scope': privilege.get('privilegeScope'),
'table': privilege.get('tableName'),
'URI': privilege.get('URI'),
'server': privilege.get('serverName')
})
return _privileges
def list_sentry_privileges_by_authorizable(request):
result = {'status': -1, 'message': 'Error'}
try:
groups = [request.POST['groupName']] if request.POST['groupName'] else None
authorizableSet = [json.loads(request.POST['authorizableHierarchy'])]
_privileges = []
for authorizable, roles in get_api(request.user).list_sentry_privileges_by_authorizable(authorizableSet=authorizableSet, groups=groups):
for role, privileges in roles.iteritems():
for privilege in privileges:
privilege['roleName'] = role
_privileges.append(privilege)
result['privileges'] = sorted(_privileges, key=lambda privilege: privilege['roleName'])
result['message'] = ''
result['status'] = 0
except Exception, e:
result['message'] = unicode(str(e), "utf8")
def _hive_add_privileges(user, role, privileges):
api = get_api(user)
_privileges = []
for privilege in privileges:
if privilege['status'] not in ('deleted',):
api.alter_sentry_role_grant_privilege(role['name'], _to_sentry_privilege(privilege))
# Mocked until Sentry API returns the info. Not used currently as we refresh the whole role.
_privileges.append({
'timestamp': int(time.time()),
'database': privilege.get('dbName'),
'action': privilege.get('action'),
'scope': privilege.get('privilegeScope'),
'table': privilege.get('tableName'),
'URI': privilege.get('URI'),
'server': privilege.get('serverName'),
'grantOption': privilege.get('grantOption') == 1
})
return _privileges
def update_role_groups(request):
result = {"status": -1, "message": "Error"}
try:
role = json.loads(request.POST["role"])
new_groups = set(role["groups"]) - set(role["originalGroups"])
deleted_groups = set(role["originalGroups"]) - set(role["groups"])
api = get_api(request.user)
if new_groups:
api.alter_sentry_role_add_groups(role["name"], new_groups)
if deleted_groups:
api.alter_sentry_role_delete_groups(role["name"], deleted_groups)
result["message"] = ""
result["status"] = 0
except Exception, e:
LOG.exception("could not update role groups")
result["message"] = unicode(str(e), "utf8")
def list_sentry_roles_by_group(request):
result = {'status': -1, 'message': 'Error'}
try:
if request.POST.get('groupName'):
groupName = request.POST.get('groupName')
else:
# Admins can see everything, other only the groups they belong too
groupName = None if request.user.groups.filter(name__in=get_sentry_server_admin_groups()).exists() else '*'
roles = get_api(request.user).list_sentry_roles_by_group(groupName)
result['roles'] = sorted(roles, key=lambda role: role['name'])
result['message'] = ''
result['status'] = 0
except Exception as e:
LOG.exception("could not retrieve roles")
if "couldn't be retrieved." in str(e):
result['roles'] = []
result['status'] = 0
else:
result['message'] = str(e)
return JsonResponse(result)
def update_role_groups(request):
result = {'status': -1, 'message': 'Error'}
try:
role = json.loads(request.POST.get('role'))
new_groups = set(role['groups']) - set(role['originalGroups'])
deleted_groups = set(role['originalGroups']) - set(role['groups'])
api = get_api(request.user)
if new_groups:
api.alter_sentry_role_add_groups(role['name'], new_groups)
if deleted_groups:
api.alter_sentry_role_delete_groups(role['name'], deleted_groups)
result['message'] = ''
result['status'] = 0
except Exception as e:
LOG.exception("could not update role groups")
result['message'] = str(e)
return JsonResponse(result)
def _hive_add_privileges(user, role, privileges):
api = get_api(user)
_privileges = []
for privilege in privileges:
if privilege["status"] not in ("deleted",):
api.alter_sentry_role_grant_privilege(role["name"], _to_sentry_privilege(privilege))
# Mocked until Sentry API returns the info. Not used currently as we refresh the whole role.
_privileges.append(
{
"timestamp": int(time.time()),
"database": privilege.get("dbName"),
"action": privilege.get("action"),
"scope": privilege.get("privilegeScope"),
"table": privilege.get("tableName"),
"column": privilege.get("columnName"),
"URI": privilege.get("URI"),
"server": privilege.get("serverName"),
"grantOption": privilege.get("grantOption") == 1,
}
)
return _privileges
def create_role(request):
result = {"status": -1, "message": "Error"}
try:
role = json.loads(request.POST["role"])
api = get_api(request.user)
api.create_sentry_role(role["name"])
privileges = [
privilege for privilege in role["privileges"] if privilege["status"] not in ("deleted", "alreadydeleted")
]
result["privileges"] = _hive_add_privileges(request.user, role, privileges)
api.alter_sentry_role_add_groups(role["name"], role["groups"])
result["role"] = {"name": role["name"], "groups": role["groups"]}
result["message"] = _("Role created!")
result["status"] = 0
except Exception, e:
LOG.exception("could not create role")
result["message"] = unicode(str(e), "utf8")
def _drop_sentry_privilege(user, role, authorizable):
return get_api(user).alter_sentry_role_revoke_privilege(
role['name'], _to_sentry_privilege(authorizable))
def __init__(self, user, api=None):
self.user = user
self.api = api if api else get_api(self.user)
def _drop_sentry_privilege(user, role, authorizable):
return get_api(user).alter_sentry_role_revoke_privilege(role["name"], _to_sentry_privilege(authorizable))
