Repository: sentry Updated Branches: refs/heads/master 4e473e9d3 -> 5d4465284
SENTRY-2437: When granting privileges a single transaction per grant causes long delays (Arjun Mishra reviewed by Na Li, Kalyan Kumar Kalvagadda) Change-Id: I30544aacda5e02d49e918b551a09f75ffa7583d6 Project: http://git-wip-us.apache.org/repos/asf/sentry/repo Commit: http://git-wip-us.apache.org/repos/asf/sentry/commit/5d446528 Tree: http://git-wip-us.apache.org/repos/asf/sentry/tree/5d446528 Diff: http://git-wip-us.apache.org/repos/asf/sentry/diff/5d446528 Branch: refs/heads/master Commit: 5d4465284b7b80e2683d162e462ff546fbfac7a6 Parents: 4e473e9 Author: amishra <amis...@cloudera.com> Authored: Tue Oct 30 15:45:42 2018 -0500 Committer: amishra <amis...@cloudera.com> Committed: Tue Oct 30 15:45:42 2018 -0500 ---------------------------------------------------------------------- .../db/service/persistent/SentryStore.java | 116 ++++++--- .../persistent/SentryStoreInterface.java | 2 +- .../TestHMSFollowerSentryStoreIntegration.java | 17 +- .../db/service/persistent/TestSentryStore.java | 256 +++++++++---------- 4 files changed, 216 insertions(+), 175 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/sentry/blob/5d446528/sentry-service/sentry-service-server/src/main/java/org/apache/sentry/provider/db/service/persistent/SentryStore.java ---------------------------------------------------------------------- diff --git a/sentry-service/sentry-service-server/src/main/java/org/apache/sentry/provider/db/service/persistent/SentryStore.java b/sentry-service/sentry-service-server/src/main/java/org/apache/sentry/provider/db/service/persistent/SentryStore.java index 01b3634..33c4061 100644 --- a/sentry-service/sentry-service-server/src/main/java/org/apache/sentry/provider/db/service/persistent/SentryStore.java +++ b/sentry-service/sentry-service-server/src/main/java/org/apache/sentry/provider/db/service/persistent/SentryStore.java @@ -726,26 +726,37 @@ public class SentryStore implements SentryStoreInterface { @Override public void alterSentryRoleGrantPrivileges(final String roleName, final Set<TSentryPrivilege> privileges) throws Exception { - for (TSentryPrivilege privilege : privileges) { - alterSentryGrantPrivilege(SentryPrincipalType.ROLE, roleName, privilege, null); - } + alterSentryGrantPrivileges(SentryPrincipalType.ROLE, roleName, privileges, null); } - synchronized void alterSentryGrantPrivilege(SentryPrincipalType type, final String name, - final TSentryPrivilege privilege, - final Update update) throws Exception { + /** + * Grant privileges to a principal and update sentry perm change table accordingly + * + * Iterate over each thrift privilege object and create the MSentryPrivilege equivalent object + * + * @param type + * @param name + * @param privileges + * @param updatesToPersist + * @throws Exception + */ + synchronized void alterSentryGrantPrivileges(SentryPrincipalType type, final String name, + final Set<TSentryPrivilege> privileges, + final List<Update>updatesToPersist) throws Exception { - execute(update, pm -> { + execute(updatesToPersist, pm -> { pm.setDetachAllOnCommit(false); // No need to detach objects String trimmedEntityName = trimAndLower(name); - // Alter sentry Role and grant Privilege. - MSentryPrivilege mPrivilege = alterSentryGrantPrivilegeCore(pm, type, - trimmedEntityName, privilege); + for (TSentryPrivilege privilege : privileges) { + // Alter sentry Role and grant Privilege. + MSentryPrivilege mPrivilege = alterSentryGrantPrivilegeCore(pm, type, + trimmedEntityName, privilege); - if (mPrivilege != null) { - // update the privilege to be the one actually updated. - convertToTSentryPrivilege(mPrivilege, privilege); + if (mPrivilege != null) { + // update the privilege to be the one actually updated. + convertToTSentryPrivilege(mPrivilege, privilege); + } } return null; }); @@ -757,10 +768,7 @@ public class SentryStore implements SentryStoreInterface { final Map<TSentryPrivilege, Update> privilegesUpdateMap) throws Exception { Preconditions.checkNotNull(privilegesUpdateMap); - for (TSentryPrivilege privilege : privileges) { - Update update = privilegesUpdateMap.get(privilege); - alterSentryGrantPrivilege(SentryPrincipalType.ROLE, roleName, privilege, update); - } + alterSentryGrantPrivileges(SentryPrincipalType.ROLE, roleName, privileges, new ArrayList<>(privilegesUpdateMap.values())); } /** @@ -788,6 +796,20 @@ public class SentryStore implements SentryStoreInterface { return null; } + /** + * For the TSentryPrivilege object create a corresponding MSentryPrivilege object + * + * If ALL is being granted and SELECT/INSERT already exist, the older + * privielges need to be deleted first in order to prevent having overlapping privileges + * + * @param pm + * @param type + * @param entityName + * @param privilege + * @return + * @throws SentryNoSuchObjectException + * @throws SentryInvalidInputException + */ private MSentryPrivilege alterSentryGrantPrivilegeCore(PersistenceManager pm, SentryPrincipalType type, String entityName, TSentryPrivilege privilege) @@ -885,7 +907,7 @@ public class SentryStore implements SentryStoreInterface { /** * Alter a given sentry user to grant a set of privileges. - * Internally calls alterSentryGrantPrivilege. + * Internally calls alterSentryGrantPrivileges. * * @param userName User name * @param privileges Set of privileges @@ -903,16 +925,14 @@ public class SentryStore implements SentryStoreInterface { // the user may be created by other thread, so swallow the exception and proceed } - for (TSentryPrivilege privilege : privileges) { - alterSentryGrantPrivilege(SentryPrincipalType.USER, userName, privilege, null); - } + alterSentryGrantPrivileges(SentryPrincipalType.USER, userName, privileges, null); } /** * Alter a give sentry user/role to set owner privilege, as well as persist the corresponding * permission change to MSentryPermChange table in a single transaction. * Creates User, if it is not already there. - * Internally calls alterSentryGrantPrivilege. + * Internally calls alterSentryGrantPrivileges. * @param principalName principalType name to which permissions should be granted. * @param entityType Principal Type * @param privilege Privilege to be granted @@ -976,7 +996,7 @@ public class SentryStore implements SentryStoreInterface { /** * Alter a given sentry user to revoke a set of privileges. - * Internally calls alterSentryRevokePrivilege. + * Internally calls alterSentryRevokePrivileges. * * @param userName the given user name * @param tPrivileges a Set of privileges @@ -985,28 +1005,38 @@ public class SentryStore implements SentryStoreInterface { */ public void alterSentryUserRevokePrivileges(final String userName, final Set<TSentryPrivilege> tPrivileges) throws Exception { - for (TSentryPrivilege tPrivilege : tPrivileges) { - alterSentryRevokePrivilege(SentryPrincipalType.USER, userName, tPrivilege, null); - } + alterSentryRevokePrivileges(SentryPrincipalType.USER, userName, tPrivileges, null); } @Override public void alterSentryRoleRevokePrivileges(final String roleName, final Set<TSentryPrivilege> tPrivileges) throws Exception { - for (TSentryPrivilege tPrivilege : tPrivileges) { - alterSentryRevokePrivilege(SentryPrincipalType.ROLE, roleName, tPrivilege, null); - } + alterSentryRevokePrivileges(SentryPrincipalType.ROLE, roleName, tPrivileges, null); } - synchronized void alterSentryRevokePrivilege(SentryPrincipalType type, final String principalName, - final TSentryPrivilege tPrivilege, - final Update update) throws Exception { - execute(update, pm -> { + /** + * Revoke privileges from a principal and update sentry perm change table accordingly + * + * Iterate over each thrift privilege object and delete the MSentryPrivilege equivalent object + * and also all the children privilege objects + * + * @param type + * @param principalName + * @param privileges + * @param updatesToDelete + * @throws Exception + */ + synchronized void alterSentryRevokePrivileges(SentryPrincipalType type, final String principalName, + final Set<TSentryPrivilege> privileges, + final List<Update> updatesToDelete) throws Exception { + execute(updatesToDelete, pm -> { pm.setDetachAllOnCommit(false); // No need to detach objects String trimmedEntityName = safeTrimLower(principalName); - alterSentryRevokePrivilegeCore(pm, type, trimmedEntityName, tPrivilege); + for (TSentryPrivilege tPrivilege : privileges) { + alterSentryRevokePrivilegeCore(pm, type, trimmedEntityName, tPrivilege); + } return null; }); } @@ -1017,12 +1047,22 @@ public class SentryStore implements SentryStoreInterface { throws Exception { Preconditions.checkNotNull(privilegesUpdateMap); - for (TSentryPrivilege tPrivilege : tPrivileges) { - Update update = privilegesUpdateMap.get(tPrivilege); - alterSentryRevokePrivilege(SentryPrincipalType.ROLE, roleName, tPrivilege, update); - } + alterSentryRevokePrivileges(SentryPrincipalType.ROLE, roleName, tPrivileges, new ArrayList<>(privilegesUpdateMap.values())); } + /** + * For the TSentryPrivilege object delete a corresponding MSentryPrivilege object + * + * Also delete the corresponding child privileges + * + * @param pm + * @param type + * @param entityName + * @param privilege + * @return + * @throws SentryNoSuchObjectException + * @throws SentryInvalidInputException + */ private void alterSentryRevokePrivilegeCore(PersistenceManager pm, SentryPrincipalType type, String entityName, TSentryPrivilege tPrivilege) throws SentryNoSuchObjectException, SentryInvalidInputException { http://git-wip-us.apache.org/repos/asf/sentry/blob/5d446528/sentry-service/sentry-service-server/src/main/java/org/apache/sentry/provider/db/service/persistent/SentryStoreInterface.java ---------------------------------------------------------------------- diff --git a/sentry-service/sentry-service-server/src/main/java/org/apache/sentry/provider/db/service/persistent/SentryStoreInterface.java b/sentry-service/sentry-service-server/src/main/java/org/apache/sentry/provider/db/service/persistent/SentryStoreInterface.java index 97407ff..e48eea3 100644 --- a/sentry-service/sentry-service-server/src/main/java/org/apache/sentry/provider/db/service/persistent/SentryStoreInterface.java +++ b/sentry-service/sentry-service-server/src/main/java/org/apache/sentry/provider/db/service/persistent/SentryStoreInterface.java @@ -774,7 +774,7 @@ public interface SentryStoreInterface { * Alter a give sentry user/role to set owner privilege, as well as persist the corresponding * permission change to MSentryPermChange table in a single transaction. * Creates User, if it is not already there. - * Internally calls alterSentryGrantPrivilege. + * Internally calls alterSentryGrantPrivileges. * @param entityName Entity name to which permissions should be granted. * @param entityType Entity Type * @param privilege Privilege to be granted http://git-wip-us.apache.org/repos/asf/sentry/blob/5d446528/sentry-service/sentry-service-server/src/test/java/org/apache/sentry/provider/db/service/persistent/TestHMSFollowerSentryStoreIntegration.java ---------------------------------------------------------------------- diff --git a/sentry-service/sentry-service-server/src/test/java/org/apache/sentry/provider/db/service/persistent/TestHMSFollowerSentryStoreIntegration.java b/sentry-service/sentry-service-server/src/test/java/org/apache/sentry/provider/db/service/persistent/TestHMSFollowerSentryStoreIntegration.java index 1d87b0b..8fa0a42 100644 --- a/sentry-service/sentry-service-server/src/test/java/org/apache/sentry/provider/db/service/persistent/TestHMSFollowerSentryStoreIntegration.java +++ b/sentry-service/sentry-service-server/src/test/java/org/apache/sentry/provider/db/service/persistent/TestHMSFollowerSentryStoreIntegration.java @@ -20,6 +20,7 @@ package org.apache.sentry.provider.db.service.persistent; import static org.apache.sentry.binding.hive.conf.HiveAuthzConf.AuthzConfVars.AUTHZ_SERVER_NAME; +import com.google.common.collect.Sets; import com.google.common.io.Files; import java.io.File; import org.apache.commons.io.FileUtils; @@ -176,11 +177,11 @@ public class TestHMSFollowerSentryStoreIntegration { privilege_server.setServerName(serverName1); privilege_server.setCreateTime(System.currentTimeMillis()); - sentryStore.alterSentryGrantPrivilege(ServiceConstants.SentryPrincipalType.ROLE, roleName1, privilege1, null); + sentryStore.alterSentryGrantPrivileges(ServiceConstants.SentryPrincipalType.ROLE, roleName1, Sets.newHashSet(privilege1), null); - sentryStore.alterSentryGrantPrivilege(ServiceConstants.SentryPrincipalType.ROLE, roleName1, privilege1_2, null); - sentryStore.alterSentryGrantPrivilege(ServiceConstants.SentryPrincipalType.ROLE, roleName1, privilege_server, null); - sentryStore.alterSentryGrantPrivilege(ServiceConstants.SentryPrincipalType.ROLE, roleName1, privilege1_3, null); + sentryStore.alterSentryGrantPrivileges(ServiceConstants.SentryPrincipalType.ROLE, roleName1, Sets.newHashSet(privilege1_2), null); + sentryStore.alterSentryGrantPrivileges(ServiceConstants.SentryPrincipalType.ROLE, roleName1, Sets.newHashSet(privilege_server), null); + sentryStore.alterSentryGrantPrivileges(ServiceConstants.SentryPrincipalType.ROLE, roleName1, Sets.newHashSet(privilege1_3), null); // Create notification events to drop the table StorageDescriptor sd = new StorageDescriptor(); @@ -235,11 +236,11 @@ public class TestHMSFollowerSentryStoreIntegration { privilege_server.setServerName(serverName1); privilege_server.setCreateTime(System.currentTimeMillis()); - sentryStore.alterSentryGrantPrivilege(ServiceConstants.SentryPrincipalType.ROLE, roleName1, privilege1, null); + sentryStore.alterSentryGrantPrivileges(ServiceConstants.SentryPrincipalType.ROLE, roleName1, Sets.newHashSet(privilege1), null); - sentryStore.alterSentryGrantPrivilege(ServiceConstants.SentryPrincipalType.ROLE, roleName1, privilege1_2, null); - sentryStore.alterSentryGrantPrivilege(ServiceConstants.SentryPrincipalType.ROLE, roleName1, privilege_server, null); - sentryStore.alterSentryGrantPrivilege(ServiceConstants.SentryPrincipalType.ROLE, roleName1, privilege1_3, null); + sentryStore.alterSentryGrantPrivileges(ServiceConstants.SentryPrincipalType.ROLE, roleName1, Sets.newHashSet(privilege1_2), null); + sentryStore.alterSentryGrantPrivileges(ServiceConstants.SentryPrincipalType.ROLE, roleName1, Sets.newHashSet(privilege_server), null); + sentryStore.alterSentryGrantPrivileges(ServiceConstants.SentryPrincipalType.ROLE, roleName1, Sets.newHashSet(privilege1_3), null); // Create notification events to drop the database NotificationEvent notificationEvent = new NotificationEvent(1, 0, EventType.DROP_DATABASE.toString(), http://git-wip-us.apache.org/repos/asf/sentry/blob/5d446528/sentry-service/sentry-service-server/src/test/java/org/apache/sentry/provider/db/service/persistent/TestSentryStore.java ---------------------------------------------------------------------- diff --git a/sentry-service/sentry-service-server/src/test/java/org/apache/sentry/provider/db/service/persistent/TestSentryStore.java b/sentry-service/sentry-service-server/src/test/java/org/apache/sentry/provider/db/service/persistent/TestSentryStore.java index f2f38a3..66db6ae 100644 --- a/sentry-service/sentry-service-server/src/test/java/org/apache/sentry/provider/db/service/persistent/TestSentryStore.java +++ b/sentry-service/sentry-service-server/src/test/java/org/apache/sentry/provider/db/service/persistent/TestSentryStore.java @@ -248,8 +248,8 @@ public class TestSentryStore extends org.junit.Assert { user = sentryStore.getMSentryUserByName(users.iterator().next(), false); assertNull(user); - sentryStore.alterSentryGrantPrivilege(SentryPrincipalType.ROLE, roleName, privilege, null); - sentryStore.alterSentryRevokePrivilege(SentryPrincipalType.ROLE, roleName, privilege, null); + sentryStore.alterSentryGrantPrivileges(SentryPrincipalType.ROLE, roleName, Sets.newHashSet(privilege), null); + sentryStore.alterSentryRevokePrivileges(SentryPrincipalType.ROLE, roleName, Sets.newHashSet(privilege), null); } @Test @@ -265,8 +265,8 @@ public class TestSentryStore extends org.junit.Assert { tSentryPrivilege1.setURI(uri1); TSentryPrivilege tSentryPrivilege2 = new TSentryPrivilege("URI", "server1", "ALL"); tSentryPrivilege2.setURI(uri2); - sentryStore.alterSentryGrantPrivilege(SentryPrincipalType.ROLE, roleName1, tSentryPrivilege1, null); - sentryStore.alterSentryGrantPrivilege(SentryPrincipalType.ROLE, roleName2, tSentryPrivilege2, null); + sentryStore.alterSentryGrantPrivileges(SentryPrincipalType.ROLE, roleName1, Sets.newHashSet(tSentryPrivilege1), null); + sentryStore.alterSentryGrantPrivileges(SentryPrincipalType.ROLE, roleName2, Sets.newHashSet(tSentryPrivilege2), null); TSentryAuthorizable tSentryAuthorizable1 = new TSentryAuthorizable(); tSentryAuthorizable1.setUri(uri1); @@ -342,14 +342,14 @@ public class TestSentryStore extends org.junit.Assert { tSentryPrivilege.setURI(uri); //Test grant on empty URI try { - sentryStore.alterSentryGrantPrivilege(SentryPrincipalType.ROLE, roleName, tSentryPrivilege, null); + sentryStore.alterSentryGrantPrivileges(SentryPrincipalType.ROLE, roleName, Sets.newHashSet(tSentryPrivilege), null); fail("Expected SentryInvalidInputException"); } catch(SentryInvalidInputException e) { // expected } //Test revoke on empty URI try { - sentryStore.alterSentryRevokePrivilege(SentryPrincipalType.ROLE, roleName, tSentryPrivilege, null); + sentryStore.alterSentryRevokePrivileges(SentryPrincipalType.ROLE, roleName, Sets.newHashSet(tSentryPrivilege), null); fail("Expected SentryInvalidInputException"); } catch(SentryInvalidInputException e) { // expected @@ -374,7 +374,7 @@ public class TestSentryStore extends org.junit.Assert { createRole(roleName); TSentryPrivilege sentryPrivilege = new TSentryPrivilege("Database", "server1", "all"); sentryPrivilege.setDbName("db1"); - sentryStore.alterSentryGrantPrivilege(SentryPrincipalType.ROLE, roleName, sentryPrivilege, null); + sentryStore.alterSentryGrantPrivileges(SentryPrincipalType.ROLE, roleName, Sets.newHashSet(sentryPrivilege), null); } /** @@ -612,12 +612,12 @@ public class TestSentryStore extends org.junit.Assert { privilege.setTableName(table); privilege.setAction(AccessConstants.ALL); privilege.setCreateTime(System.currentTimeMillis()); - sentryStore.alterSentryGrantPrivilege(SentryPrincipalType.ROLE, roleName, privilege, null); + sentryStore.alterSentryGrantPrivileges(SentryPrincipalType.ROLE, roleName, Sets.newHashSet(privilege), null); MSentryRole role = sentryStore.getMSentryRoleByName(roleName); Set<MSentryPrivilege> privileges = role.getPrivileges(); assertEquals(privileges.toString(), 1, privileges.size()); privilege.setAction(AccessConstants.SELECT); - sentryStore.alterSentryRevokePrivilege(SentryPrincipalType.ROLE, roleName, privilege, null); + sentryStore.alterSentryRevokePrivileges(SentryPrincipalType.ROLE, roleName, Sets.newHashSet(privilege), null); // after having ALL and revoking SELECT, we should have INSERT role = sentryStore.getMSentryRoleByName(roleName); privileges = role.getPrivileges(); @@ -662,7 +662,7 @@ public class TestSentryStore extends org.junit.Assert { priv.setCreateTime(System.currentTimeMillis()); priv.setTableName(table + i); priv.setDbName(dBase); - sentryStore.alterSentryGrantPrivilege(SentryPrincipalType.ROLE, roleName, priv, null); + sentryStore.alterSentryGrantPrivileges(SentryPrincipalType.ROLE, roleName, Sets.newHashSet(priv), null); } // Make sure we really have the expected number of privs in the database @@ -708,11 +708,11 @@ public class TestSentryStore extends org.junit.Assert { priv.setTableName(table + i); priv.setDbName(dBase); priv.setGrantOption(TSentryGrantOption.TRUE); - sentryStore.alterSentryGrantPrivilege(SentryPrincipalType.ROLE, roleName, priv, null); + sentryStore.alterSentryGrantPrivileges(SentryPrincipalType.ROLE, roleName, Sets.newHashSet(priv), null); priv.setAction(AccessConstants.SELECT); priv.setGrantOption(TSentryGrantOption.UNSET); - sentryStore.alterSentryRevokePrivilege(SentryPrincipalType.ROLE, roleName, priv, null); + sentryStore.alterSentryRevokePrivileges(SentryPrincipalType.ROLE, roleName, Sets.newHashSet(priv), null); // after having ALL and revoking SELECT, we should have INSERT MSentryRole role = sentryStore.getMSentryRoleByName(roleName); Set<MSentryPrivilege> privileges = role.getPrivileges(); @@ -761,11 +761,11 @@ public class TestSentryStore extends org.junit.Assert { priv.setTableName(table + i); priv.setDbName(dBase); priv.setGrantOption(TSentryGrantOption.TRUE); - sentryStore.alterSentryGrantPrivilege(SentryPrincipalType.ROLE, roleName, priv, null); + sentryStore.alterSentryGrantPrivileges(SentryPrincipalType.ROLE, roleName, Sets.newHashSet(priv), null); priv.setAction(AccessConstants.SELECT); priv.setGrantOption(TSentryGrantOption.UNSET); - sentryStore.alterSentryRevokePrivilege(SentryPrincipalType.ROLE, roleName, priv, null); + sentryStore.alterSentryRevokePrivileges(SentryPrincipalType.ROLE, roleName, Sets.newHashSet(priv), null); assertFalse(sentryStore.findOrphanedPrivileges()); @@ -773,25 +773,25 @@ public class TestSentryStore extends org.junit.Assert { //Remove the INSERT privilege as well. //There should not be any more privileges in the sentry store priv.setAction(AccessConstants.INSERT); - sentryStore.alterSentryRevokePrivilege(SentryPrincipalType.ROLE, roleName, priv, null); + sentryStore.alterSentryRevokePrivileges(SentryPrincipalType.ROLE, roleName, Sets.newHashSet(priv), null); MSentryRole role = sentryStore.getMSentryRoleByName(roleName); assertEquals("Privilege Count", 0, role.getPrivileges().size()); priv.setAction(AccessConstants.CREATE); - sentryStore.alterSentryRevokePrivilege(SentryPrincipalType.ROLE, roleName, priv, null); + sentryStore.alterSentryRevokePrivileges(SentryPrincipalType.ROLE, roleName, Sets.newHashSet(priv), null); role = sentryStore.getMSentryRoleByName(roleName); assertEquals("Privilege Count", 0, role.getPrivileges().size()); priv.setAction(AccessConstants.DROP); - sentryStore.alterSentryRevokePrivilege(SentryPrincipalType.ROLE, roleName, priv, null); + sentryStore.alterSentryRevokePrivileges(SentryPrincipalType.ROLE, roleName, Sets.newHashSet(priv), null); role = sentryStore.getMSentryRoleByName(roleName); assertEquals("Privilege Count", 0, role.getPrivileges().size()); priv.setAction(AccessConstants.ALTER); - sentryStore.alterSentryRevokePrivilege(SentryPrincipalType.ROLE, roleName, priv, null); + sentryStore.alterSentryRevokePrivileges(SentryPrincipalType.ROLE, roleName, Sets.newHashSet(priv), null); role = sentryStore.getMSentryRoleByName(roleName); assertEquals("Privilege Count", 0, role.getPrivileges().size()); @@ -833,7 +833,7 @@ public class TestSentryStore extends org.junit.Assert { priv.setCreateTime(System.currentTimeMillis()); priv.setTableName(table + i); priv.setDbName(dBase); - sentryStore.alterSentryGrantPrivilege(SentryPrincipalType.ROLE, roleName, priv, null); + sentryStore.alterSentryGrantPrivileges(SentryPrincipalType.ROLE, roleName, Sets.newHashSet(priv), null); } // Make sure we really have the expected number of privs in the database @@ -847,7 +847,7 @@ public class TestSentryStore extends org.junit.Assert { priv.setCreateTime(System.currentTimeMillis()); priv.setTableName(table + '0'); priv.setDbName(dBase); - sentryStore.alterSentryRevokePrivilege(SentryPrincipalType.ROLE, roleName, priv, null); + sentryStore.alterSentryRevokePrivileges(SentryPrincipalType.ROLE, roleName, Sets.newHashSet(priv), null); //There should be SELECT privilege in the sentry store priv = new TSentryPrivilege(); @@ -865,7 +865,7 @@ public class TestSentryStore extends org.junit.Assert { // should have NUM_PRIVS - 1 ALL privileges, and 4 privileges (SELECT, CREATE, DROP, ALTER) assertEquals("Privilege Count", NUM_PRIVS, role.getPrivileges().size()); - sentryStore.alterSentryRevokePrivilege(SentryPrincipalType.ROLE, roleName, priv, null); + sentryStore.alterSentryRevokePrivileges(SentryPrincipalType.ROLE, roleName, Sets.newHashSet(priv), null); role = sentryStore.getMSentryRoleByName(roleName); assertEquals("Privilege Count", NUM_PRIVS - 1, role.getPrivileges().size()); @@ -900,10 +900,10 @@ public class TestSentryStore extends org.junit.Assert { priv.setTableName(table + i); priv.setDbName(dBase); priv.setGrantOption(TSentryGrantOption.TRUE); - sentryStore.alterSentryGrantPrivilege(SentryPrincipalType.ROLE, roleName, priv, null); + sentryStore.alterSentryGrantPrivileges(SentryPrincipalType.ROLE, roleName, Sets.newHashSet(priv), null); priv.setAction(AccessConstants.ALTER); - sentryStore.alterSentryRevokePrivilege( SentryPrincipalType.ROLE, roleName, priv, null); + sentryStore.alterSentryRevokePrivileges( SentryPrincipalType.ROLE, roleName, Sets.newHashSet(priv), null); MSentryRole role = sentryStore.getMSentryRoleByName(roleName); assertEquals("Privilege Count", 0, role.getPrivileges().size()); @@ -1039,7 +1039,7 @@ public class TestSentryStore extends org.junit.Assert { privilege.setTableName(table); privilege.setAction(AccessConstants.SELECT); privilege.setCreateTime(System.currentTimeMillis()); - sentryStore.alterSentryRevokePrivilege(SentryPrincipalType.ROLE, roleName, privilege, null); + sentryStore.alterSentryRevokePrivileges(SentryPrincipalType.ROLE, roleName, Sets.newHashSet(privilege), null); // After revoking table scope, we will have 0 privileges role = sentryStore.getMSentryRoleByName(roleName); privileges = role.getPrivileges(); @@ -1068,16 +1068,16 @@ public class TestSentryStore extends org.junit.Assert { privilege.setCreateTime(System.currentTimeMillis()); // Grant ALL on c1 and c2 - sentryStore.alterSentryGrantPrivilege(SentryPrincipalType.ROLE, roleName, privilege, null); + sentryStore.alterSentryGrantPrivileges(SentryPrincipalType.ROLE, roleName, Sets.newHashSet(privilege), null); privilege.setColumnName(column2); - sentryStore.alterSentryGrantPrivilege(SentryPrincipalType.ROLE, roleName, privilege, null); + sentryStore.alterSentryGrantPrivileges(SentryPrincipalType.ROLE, roleName, Sets.newHashSet(privilege), null); MSentryRole role = sentryStore.getMSentryRoleByName(roleName); Set<MSentryPrivilege> privileges = role.getPrivileges(); assertEquals(privileges.toString(), 2, privileges.size()); // Revoke SELECT on c2 privilege.setAction(AccessConstants.SELECT); - sentryStore.alterSentryRevokePrivilege(SentryPrincipalType.ROLE, roleName, privilege, null); + sentryStore.alterSentryRevokePrivileges(SentryPrincipalType.ROLE, roleName, Sets.newHashSet(privilege), null); // At this point c1 has ALL privileges and c2 should have (INSERT, CREATE, DROP, ALTER) // after revoking SELECT @@ -1108,7 +1108,7 @@ public class TestSentryStore extends org.junit.Assert { privilege.setTableName(table); privilege.setAction(AccessConstants.INSERT); privilege.setCreateTime(System.currentTimeMillis()); - sentryStore.alterSentryRevokePrivilege(SentryPrincipalType.ROLE, roleName, privilege, null); + sentryStore.alterSentryRevokePrivileges(SentryPrincipalType.ROLE, roleName, Sets.newHashSet(privilege), null); role = sentryStore.getMSentryRoleByName(roleName); privileges = role.getPrivileges(); assertEquals(privileges.toString(), 1, privileges.size()); @@ -1116,7 +1116,7 @@ public class TestSentryStore extends org.junit.Assert { // Revoke ALL from the table should now remove all the column privileges. privilege.setAction(AccessConstants.ALL); privilege.setCreateTime(System.currentTimeMillis()); - sentryStore.alterSentryRevokePrivilege(SentryPrincipalType.ROLE, roleName, privilege, null); + sentryStore.alterSentryRevokePrivileges(SentryPrincipalType.ROLE, roleName, Sets.newHashSet(privilege), null); role = sentryStore.getMSentryRoleByName(roleName); privileges = role.getPrivileges(); assertEquals(privileges.toString(), 0, privileges.size()); @@ -1144,15 +1144,15 @@ public class TestSentryStore extends org.junit.Assert { privilegeTable2.setTableName(table2); // Grant ALL on table1 and table2 - sentryStore.alterSentryGrantPrivilege(SentryPrincipalType.ROLE, roleName, privilegeTable1, null); - sentryStore.alterSentryGrantPrivilege(SentryPrincipalType.ROLE, roleName, privilegeTable2, null); + sentryStore.alterSentryGrantPrivileges(SentryPrincipalType.ROLE, roleName, Sets.newHashSet(privilegeTable1), null); + sentryStore.alterSentryGrantPrivileges(SentryPrincipalType.ROLE, roleName, Sets.newHashSet(privilegeTable2), null); MSentryRole role = sentryStore.getMSentryRoleByName(roleName); Set<MSentryPrivilege> privileges = role.getPrivileges(); assertEquals(privileges.toString(), 2, privileges.size()); // Revoke SELECT on table2 privilegeTable2.setAction(AccessConstants.SELECT); - sentryStore.alterSentryRevokePrivilege(SentryPrincipalType.ROLE, roleName, privilegeTable2, null); + sentryStore.alterSentryRevokePrivileges(SentryPrincipalType.ROLE, roleName, Sets.newHashSet(privilegeTable2), null); // after having ALL and revoking SELECT, we should have (INSERT) at table2 role = sentryStore.getMSentryRoleByName(roleName); privileges = role.getPrivileges(); @@ -1176,7 +1176,7 @@ public class TestSentryStore extends org.junit.Assert { privilegeTable2.setAction(AccessConstants.INSERT); privilegeTable2.setPrivilegeScope("DATABASE"); privilegeTable2.unsetTableName(); - sentryStore.alterSentryRevokePrivilege(SentryPrincipalType.ROLE, roleName, privilegeTable2, null); + sentryStore.alterSentryRevokePrivileges(SentryPrincipalType.ROLE, roleName, Sets.newHashSet(privilegeTable2), null); role = sentryStore.getMSentryRoleByName(roleName); privileges = role.getPrivileges(); @@ -1223,15 +1223,15 @@ public class TestSentryStore extends org.junit.Assert { privilegeCol2.setColumnName(column2); // Grant ALL on column1 and column2 - sentryStore.alterSentryGrantPrivilege(SentryPrincipalType.ROLE, roleName, privilegeCol1, null); - sentryStore.alterSentryGrantPrivilege(SentryPrincipalType.ROLE, roleName, privilegeCol2, null); + sentryStore.alterSentryGrantPrivileges(SentryPrincipalType.ROLE, roleName, Sets.newHashSet(privilegeCol1), null); + sentryStore.alterSentryGrantPrivileges(SentryPrincipalType.ROLE, roleName, Sets.newHashSet(privilegeCol2), null); MSentryRole role = sentryStore.getMSentryRoleByName(roleName); Set<MSentryPrivilege> privileges = role.getPrivileges(); assertEquals(privileges.toString(), 2, privileges.size()); // Revoke SELECT on column2 privilegeCol2.setAction(AccessConstants.SELECT); - sentryStore.alterSentryRevokePrivilege(SentryPrincipalType.ROLE, roleName, privilegeCol2, null); + sentryStore.alterSentryRevokePrivileges(SentryPrincipalType.ROLE, roleName, Sets.newHashSet(privilegeCol2), null); // after having ALL and revoking SELECT, we should have (INSERT) role = sentryStore.getMSentryRoleByName(roleName); privileges = role.getPrivileges(); @@ -1256,7 +1256,7 @@ public class TestSentryStore extends org.junit.Assert { privilegeCol2.setPrivilegeScope("DATABASE"); privilegeCol2.unsetTableName(); privilegeCol2.unsetColumnName(); - sentryStore.alterSentryRevokePrivilege(SentryPrincipalType.ROLE, roleName, privilegeCol2, null); + sentryStore.alterSentryRevokePrivileges(SentryPrincipalType.ROLE, roleName, Sets.newHashSet(privilegeCol2), null); role = sentryStore.getMSentryRoleByName(roleName); privileges = role.getPrivileges(); @@ -1295,12 +1295,12 @@ public class TestSentryStore extends org.junit.Assert { privilege.setAction(AccessConstants.ALL); privilege.setCreateTime(System.currentTimeMillis()); privilege.setGrantOption(grantOption); - sentryStore.alterSentryGrantPrivilege(SentryPrincipalType.ROLE, roleName, privilege, null); + sentryStore.alterSentryGrantPrivileges(SentryPrincipalType.ROLE, roleName, Sets.newHashSet(privilege), null); MSentryRole role = sentryStore.getMSentryRoleByName(roleName); Set<MSentryPrivilege> privileges = role.getPrivileges(); assertEquals(privileges.toString(), 1, privileges.size()); assertEquals(Boolean.valueOf(privilege.getGrantOption().toString()), Iterables.get(privileges, 0).getGrantOption()); - sentryStore.alterSentryRevokePrivilege(SentryPrincipalType.ROLE, roleName, privilege, null); + sentryStore.alterSentryRevokePrivileges(SentryPrincipalType.ROLE, roleName, Sets.newHashSet(privilege), null); role = sentryStore.getMSentryRoleByName(roleName); privileges = role.getPrivileges(); assertEquals(0, privileges.size()); @@ -1316,14 +1316,14 @@ public class TestSentryStore extends org.junit.Assert { privilege.setGrantOption(TSentryGrantOption.TRUE); privilege.setCreateTime(System.currentTimeMillis()); privilege.setGrantOption(grantOption); - sentryStore.alterSentryGrantPrivilege(SentryPrincipalType.ROLE, roleName, privilege, null); + sentryStore.alterSentryGrantPrivileges(SentryPrincipalType.ROLE, roleName, Sets.newHashSet(privilege), null); role = sentryStore.getMSentryRoleByName(roleName); privileges = role.getPrivileges(); assertEquals(privileges.toString(), 1, privileges.size()); privilege.setAction(AccessConstants.SELECT); privilege.setGrantOption(TSentryGrantOption.UNSET); - sentryStore.alterSentryRevokePrivilege(SentryPrincipalType.ROLE, roleName, privilege, null); + sentryStore.alterSentryRevokePrivileges(SentryPrincipalType.ROLE, roleName, Sets.newHashSet(privilege), null); // after having ALL and revoking SELECT, we should have (INSERT) role = sentryStore.getMSentryRoleByName(roleName); privileges = role.getPrivileges(); @@ -1366,17 +1366,17 @@ public class TestSentryStore extends org.junit.Assert { privilege.setAction(AccessConstants.SELECT); privilege.setCreateTime(System.currentTimeMillis()); privilege.setGrantOption(TSentryGrantOption.TRUE); - sentryStore.alterSentryGrantPrivilege(SentryPrincipalType.ROLE, roleName, privilege, null); + sentryStore.alterSentryGrantPrivileges(SentryPrincipalType.ROLE, roleName, Sets.newHashSet(privilege), null); // 3. g1 grant select on table tb1 to role0, no grant option roleName = roles[0]; privilege.setGrantOption(TSentryGrantOption.FALSE); - sentryStore.alterSentryGrantPrivilege(SentryPrincipalType.ROLE, roleName, privilege, null); + sentryStore.alterSentryGrantPrivileges(SentryPrincipalType.ROLE, roleName, Sets.newHashSet(privilege), null); // 4. g1 revoke all privilege from role0 roleName = roles[0]; privilege.setGrantOption(TSentryGrantOption.UNSET); - sentryStore.alterSentryRevokePrivilege(SentryPrincipalType.ROLE, roleName, privilege, null); + sentryStore.alterSentryRevokePrivileges(SentryPrincipalType.ROLE, roleName, Sets.newHashSet(privilege), null); MSentryRole role = sentryStore.getMSentryRoleByName(roleName); Set<MSentryPrivilege> privileges = role.getPrivileges(); assertEquals(privileges.toString(), 0, privileges.size()); @@ -1396,12 +1396,12 @@ public class TestSentryStore extends org.junit.Assert { privilege.setTableName(table); privilege.setAction(AccessConstants.ALL); privilege.setCreateTime(System.currentTimeMillis()); - sentryStore.alterSentryGrantPrivilege(SentryPrincipalType.ROLE, roleName, privilege, null); - sentryStore.alterSentryGrantPrivilege(SentryPrincipalType.ROLE, roleName, privilege, null); + sentryStore.alterSentryGrantPrivileges(SentryPrincipalType.ROLE, roleName, Sets.newHashSet(privilege), null); + sentryStore.alterSentryGrantPrivileges(SentryPrincipalType.ROLE, roleName, Sets.newHashSet(privilege), null); privilege.setServerName("Server1"); privilege.setDbName("DB1"); privilege.setTableName("TBL1"); - sentryStore.alterSentryGrantPrivilege(SentryPrincipalType.ROLE, roleName, privilege, null); + sentryStore.alterSentryGrantPrivileges(SentryPrincipalType.ROLE, roleName, Sets.newHashSet(privilege), null); MSentryRole role = sentryStore.getMSentryRoleByName(roleName); Set<MSentryPrivilege> privileges = role.getPrivileges(); assertEquals(privileges.toString(), 1, privileges.size()); @@ -1424,13 +1424,13 @@ public class TestSentryStore extends org.junit.Assert { privilege1.setTableName("tbl1"); privilege1.setAction("SELECT"); privilege1.setCreateTime(System.currentTimeMillis()); - sentryStore.alterSentryGrantPrivilege(SentryPrincipalType.ROLE, roleName1, privilege1, null); - sentryStore.alterSentryGrantPrivilege(SentryPrincipalType.ROLE, roleName2, privilege1, null); + sentryStore.alterSentryGrantPrivileges(SentryPrincipalType.ROLE, roleName1, Sets.newHashSet(privilege1), null); + sentryStore.alterSentryGrantPrivileges(SentryPrincipalType.ROLE, roleName2, Sets.newHashSet(privilege1), null); TSentryPrivilege privilege2 = new TSentryPrivilege(); privilege2.setPrivilegeScope("SERVER"); privilege2.setServerName("server1"); privilege2.setCreateTime(System.currentTimeMillis()); - sentryStore.alterSentryGrantPrivilege(SentryPrincipalType.ROLE, roleName2, privilege2, null); + sentryStore.alterSentryGrantPrivileges(SentryPrincipalType.ROLE, roleName2, Sets.newHashSet(privilege2), null); Set<TSentryGroup> groups = Sets.newHashSet(); Set<String> users = Sets.newHashSet(); TSentryGroup group = new TSentryGroup(); @@ -1621,17 +1621,17 @@ public class TestSentryStore extends org.junit.Assert { TSentryPrivilege privilege3_2 = new TSentryPrivilege(privilege_tbl2); privilege3_2.setAction("INSERT"); - sentryStore.alterSentryGrantPrivilege(SentryPrincipalType.ROLE, roleName1, privilege1, null); + sentryStore.alterSentryGrantPrivileges(SentryPrincipalType.ROLE, roleName1, Sets.newHashSet(privilege1), null); - sentryStore.alterSentryGrantPrivilege(SentryPrincipalType.ROLE, roleName2, privilege2_1, null); - sentryStore.alterSentryGrantPrivilege(SentryPrincipalType.ROLE, roleName2, privilege_server, null); - sentryStore.alterSentryGrantPrivilege(SentryPrincipalType.ROLE, roleName2, privilege2_3, null); + sentryStore.alterSentryGrantPrivileges(SentryPrincipalType.ROLE, roleName2, Sets.newHashSet(privilege2_1), null); + sentryStore.alterSentryGrantPrivileges(SentryPrincipalType.ROLE, roleName2, Sets.newHashSet(privilege_server), null); + sentryStore.alterSentryGrantPrivileges(SentryPrincipalType.ROLE, roleName2, Sets.newHashSet(privilege2_3), null); - sentryStore.alterSentryGrantPrivilege(SentryPrincipalType.ROLE, roleName3, privilege3_1, null); - sentryStore.alterSentryGrantPrivilege(SentryPrincipalType.ROLE, roleName3, privilege3_2, null); + sentryStore.alterSentryGrantPrivileges(SentryPrincipalType.ROLE, roleName3, Sets.newHashSet(privilege3_1), null); + sentryStore.alterSentryGrantPrivileges(SentryPrincipalType.ROLE, roleName3, Sets.newHashSet(privilege3_2), null); - sentryStore.alterSentryGrantPrivilege(SentryPrincipalType.USER, userName1, privilege1, null); - sentryStore.alterSentryGrantPrivilege(SentryPrincipalType.USER, userName2, privilege2_3, null); + sentryStore.alterSentryGrantPrivileges(SentryPrincipalType.USER, userName1, Sets.newHashSet(privilege1), null); + sentryStore.alterSentryGrantPrivileges(SentryPrincipalType.USER, userName2, Sets.newHashSet(privilege2_3), null); sentryStore.dropPrivilege(toTSentryAuthorizable(privilege_tbl1)); @@ -1695,7 +1695,7 @@ public class TestSentryStore extends org.junit.Assert { tSentryAuthorizable.setDb("db1"); tSentryAuthorizable.setTable("tbl1"); - sentryStore.alterSentryGrantPrivilege(SentryPrincipalType.ROLE, roleName1, privilege_tbl1, null); + sentryStore.alterSentryGrantPrivileges(SentryPrincipalType.ROLE, roleName1, Sets.newHashSet(privilege_tbl1), null); assertEquals(1, sentryStore.getAllTSentryPrivilegesByRoleName(roleName1) .size()); @@ -1725,7 +1725,7 @@ public class TestSentryStore extends org.junit.Assert { privilege_tbl2.setTableName("tbl2"); // Change owner from a one user to another user - sentryStore.alterSentryGrantPrivilege(SentryPrincipalType.USER,userName1, privilege_tbl2, null); + sentryStore.alterSentryGrantPrivileges(SentryPrincipalType.USER,userName1, Sets.newHashSet(privilege_tbl2), null); assertEquals(1, sentryStore.getAllTSentryPrivilegesByUserName(userName1) .size()); @@ -1748,7 +1748,7 @@ public class TestSentryStore extends org.junit.Assert { //Add all privilege to roleName1 and make sure that owner privilege is not effected. TSentryPrivilege privilege_tbl2_all = new TSentryPrivilege(privilege_tbl2); privilege_tbl2_all.setAction(AccessConstants.ALL); - sentryStore.alterSentryGrantPrivilege(SentryPrincipalType.ROLE, roleName1, privilege_tbl2_all, null); + sentryStore.alterSentryGrantPrivileges(SentryPrincipalType.ROLE, roleName1, Sets.newHashSet(privilege_tbl2_all), null); // Verify that there are two privileges. assertEquals(2, sentryStore.getAllTSentryPrivilegesByRoleName(roleName1) .size()); @@ -1758,12 +1758,12 @@ public class TestSentryStore extends org.junit.Assert { TSentryPrivilege privilege_tbl3_all = new TSentryPrivilege(privilege_tbl2); privilege_tbl3_all.setAction(AccessConstants.ALL); privilege_tbl3_all.setTableName("tbl3"); - sentryStore.alterSentryGrantPrivilege(SentryPrincipalType.ROLE, roleName3, privilege_tbl3_all, null); + sentryStore.alterSentryGrantPrivileges(SentryPrincipalType.ROLE, roleName3, Sets.newHashSet(privilege_tbl3_all), null); assertEquals(1, sentryStore.getAllTSentryPrivilegesByRoleName(roleName3) .size()); TSentryPrivilege privilege_tbl3_owner = new TSentryPrivilege(privilege_tbl3_all); privilege_tbl3_owner.setAction(AccessConstants.OWNER); - sentryStore.alterSentryGrantPrivilege(SentryPrincipalType.ROLE, roleName3, privilege_tbl3_owner, null); + sentryStore.alterSentryGrantPrivileges(SentryPrincipalType.ROLE, roleName3, Sets.newHashSet(privilege_tbl3_owner), null); assertEquals(2, sentryStore.getAllTSentryPrivilegesByRoleName(roleName3) .size()); @@ -1790,7 +1790,7 @@ public class TestSentryStore extends org.junit.Assert { tSentryAuthorizable.setDb("db1"); tSentryAuthorizable.setTable("tbl1"); - sentryStore.alterSentryGrantPrivilege(SentryPrincipalType.ROLE, roleName1, privilege_tbl1, null); + sentryStore.alterSentryGrantPrivileges(SentryPrincipalType.ROLE, roleName1, Sets.newHashSet(privilege_tbl1), null); sentryStore.updateOwnerPrivilege(tSentryAuthorizable, userName1, SentryPrincipalType.USER, null); assertEquals(1, sentryStore.getAllTSentryPrivilegesByUserName(userName1) @@ -1819,7 +1819,7 @@ public class TestSentryStore extends org.junit.Assert { tSentryAuthorizable.setDb("db1"); tSentryAuthorizable.setTable("tbl1"); - sentryStore.alterSentryGrantPrivilege(SentryPrincipalType.ROLE, roleName1, privilege_tbl1, null); + sentryStore.alterSentryGrantPrivileges(SentryPrincipalType.ROLE, roleName1, Sets.newHashSet(privilege_tbl1), null); sentryStore.revokeOwnerPrivileges(tSentryAuthorizable, null); assertEquals(0, sentryStore.getAllTSentryPrivilegesByUserName(userName1) @@ -1848,7 +1848,7 @@ public class TestSentryStore extends org.junit.Assert { // Change owner from a one user to another user - sentryStore.alterSentryGrantPrivilege(SentryPrincipalType.USER, userName1, privilege_tbl1, null); + sentryStore.alterSentryGrantPrivileges(SentryPrincipalType.USER, userName1, Sets.newHashSet(privilege_tbl1), null); assertEquals(1, sentryStore.getAllTSentryPrivilegesByUserName(userName1) .size()); @@ -1903,10 +1903,10 @@ public class TestSentryStore extends org.junit.Assert { privilege_tbl1); privilege_tbl1_drop.setAction(AccessConstants.DROP); - sentryStore.alterSentryGrantPrivilege(SentryPrincipalType.ROLE, roleName1, privilege_tbl1_insert, null); - sentryStore.alterSentryGrantPrivilege(SentryPrincipalType.ROLE, roleName1, privilege_tbl1_select, null); - sentryStore.alterSentryGrantPrivilege(SentryPrincipalType.ROLE, roleName1, privilege_tbl1_alter, null); - sentryStore.alterSentryGrantPrivilege(SentryPrincipalType.ROLE, roleName1, privilege_tbl1_drop, null); + sentryStore.alterSentryGrantPrivileges(SentryPrincipalType.ROLE, roleName1, Sets.newHashSet(privilege_tbl1_insert), null); + sentryStore.alterSentryGrantPrivileges(SentryPrincipalType.ROLE, roleName1, Sets.newHashSet(privilege_tbl1_select), null); + sentryStore.alterSentryGrantPrivileges(SentryPrincipalType.ROLE, roleName1, Sets.newHashSet(privilege_tbl1_alter), null); + sentryStore.alterSentryGrantPrivileges(SentryPrincipalType.ROLE, roleName1, Sets.newHashSet(privilege_tbl1_drop), null); assertEquals(4, sentryStore.getAllTSentryPrivilegesByRoleName(roleName1).size()); @@ -1946,9 +1946,9 @@ public class TestSentryStore extends org.junit.Assert { privilege_tbl1_c3.setColumnName("c3"); privilege_tbl1_c3.setCreateTime(System.currentTimeMillis()); - sentryStore.alterSentryGrantPrivilege(SentryPrincipalType.ROLE, roleName1, privilege_tbl1_c1, null); - sentryStore.alterSentryGrantPrivilege(SentryPrincipalType.ROLE, roleName1, privilege_tbl1_c2, null); - sentryStore.alterSentryGrantPrivilege(SentryPrincipalType.ROLE, roleName2, privilege_tbl1_c3, null); + sentryStore.alterSentryGrantPrivileges(SentryPrincipalType.ROLE, roleName1, Sets.newHashSet(privilege_tbl1_c1), null); + sentryStore.alterSentryGrantPrivileges(SentryPrincipalType.ROLE, roleName1, Sets.newHashSet(privilege_tbl1_c2), null); + sentryStore.alterSentryGrantPrivileges(SentryPrincipalType.ROLE, roleName2, Sets.newHashSet(privilege_tbl1_c3), null); Set<TSentryPrivilege> privilegeSet = sentryStore.getAllTSentryPrivilegesByRoleName(roleName1); assertEquals(2, privilegeSet.size()); @@ -1983,8 +1983,8 @@ public class TestSentryStore extends org.junit.Assert { TSentryPrivilege privilege_tbl1_all = new TSentryPrivilege(privilege_tbl1); privilege_tbl1_all.setAction("*"); - sentryStore.alterSentryGrantPrivilege(SentryPrincipalType.ROLE, roleName1, privilege_tbl1_insert, null); - sentryStore.alterSentryGrantPrivilege(SentryPrincipalType.ROLE, roleName1, privilege_tbl1_all, null); + sentryStore.alterSentryGrantPrivileges(SentryPrincipalType.ROLE, roleName1, Sets.newHashSet(privilege_tbl1_insert), null); + sentryStore.alterSentryGrantPrivileges(SentryPrincipalType.ROLE, roleName1, Sets.newHashSet(privilege_tbl1_all), null); sentryStore.dropPrivilege(toTSentryAuthorizable(privilege_tbl1)); assertEquals(0, sentryStore.getAllTSentryPrivilegesByRoleName(roleName1) @@ -2037,12 +2037,12 @@ public class TestSentryStore extends org.junit.Assert { TSentryPrivilege privilege_tbl1_all = new TSentryPrivilege(privilege_tbl1); privilege_tbl1_all.setAction(AccessConstants.ALL); - sentryStore.alterSentryGrantPrivilege(SentryPrincipalType.ROLE, roleName1, privilege_tbl1_insert, null); - sentryStore.alterSentryGrantPrivilege(SentryPrincipalType.ROLE, roleName2, privilege_tbl1_select, null); - sentryStore.alterSentryGrantPrivilege(SentryPrincipalType.ROLE, roleName3, privilege_tbl1_all, null); - sentryStore.alterSentryGrantPrivilege(SentryPrincipalType.USER, userName1, privilege_tbl1_insert, null); - sentryStore.alterSentryGrantPrivilege(SentryPrincipalType.USER, userName2, privilege_tbl1_select, null); - sentryStore.alterSentryGrantPrivilege(SentryPrincipalType.USER, userName3, privilege_tbl1_all, null); + sentryStore.alterSentryGrantPrivileges(SentryPrincipalType.ROLE, roleName1, Sets.newHashSet(privilege_tbl1_insert), null); + sentryStore.alterSentryGrantPrivileges(SentryPrincipalType.ROLE, roleName2, Sets.newHashSet(privilege_tbl1_select), null); + sentryStore.alterSentryGrantPrivileges(SentryPrincipalType.ROLE, roleName3, Sets.newHashSet(privilege_tbl1_all), null); + sentryStore.alterSentryGrantPrivileges(SentryPrincipalType.USER, userName1, Sets.newHashSet(privilege_tbl1_insert), null); + sentryStore.alterSentryGrantPrivileges(SentryPrincipalType.USER, userName2, Sets.newHashSet(privilege_tbl1_select), null); + sentryStore.alterSentryGrantPrivileges(SentryPrincipalType.USER, userName3, Sets.newHashSet(privilege_tbl1_all), null); TSentryAuthorizable oldTable = toTSentryAuthorizable(privilege_tbl1); TSentryAuthorizable newTable = toTSentryAuthorizable(privilege_tbl1); @@ -2107,10 +2107,10 @@ public class TestSentryStore extends org.junit.Assert { privilege_tbl1); privilege_tbl1_drop.setAction(AccessConstants.DROP); - sentryStore.alterSentryGrantPrivilege(SentryPrincipalType.ROLE, roleName1, privilege_tbl1_insert, null); - sentryStore.alterSentryGrantPrivilege(SentryPrincipalType.ROLE, roleName1, privilege_tbl1_select, null); - sentryStore.alterSentryGrantPrivilege(SentryPrincipalType.ROLE, roleName1, privilege_tbl1_alter, null); - sentryStore.alterSentryGrantPrivilege(SentryPrincipalType.ROLE, roleName1, privilege_tbl1_drop, null); + sentryStore.alterSentryGrantPrivileges(SentryPrincipalType.ROLE, roleName1, Sets.newHashSet(privilege_tbl1_insert), null); + sentryStore.alterSentryGrantPrivileges(SentryPrincipalType.ROLE, roleName1, Sets.newHashSet(privilege_tbl1_select), null); + sentryStore.alterSentryGrantPrivileges(SentryPrincipalType.ROLE, roleName1, Sets.newHashSet(privilege_tbl1_alter), null); + sentryStore.alterSentryGrantPrivileges(SentryPrincipalType.ROLE, roleName1, Sets.newHashSet(privilege_tbl1_drop), null); TSentryAuthorizable oldTable = toTSentryAuthorizable(privilege_tbl1); TSentryAuthorizable newTable = toTSentryAuthorizable(privilege_tbl1); @@ -2150,14 +2150,14 @@ public class TestSentryStore extends org.junit.Assert { assertEquals(Long.valueOf(0), sentryStore.getPrivilegeCountGauge().getValue()); - sentryStore.alterSentryGrantPrivilege(SentryPrincipalType.ROLE, role1, privilege, null); + sentryStore.alterSentryGrantPrivileges(SentryPrincipalType.ROLE, role1, Sets.newHashSet(privilege), null); assertEquals(Long.valueOf(1), sentryStore.getPrivilegeCountGauge().getValue()); - sentryStore.alterSentryGrantPrivilege(SentryPrincipalType.ROLE, role2, privilege, null); + sentryStore.alterSentryGrantPrivileges(SentryPrincipalType.ROLE, role2, Sets.newHashSet(privilege), null); assertEquals(Long.valueOf(1), sentryStore.getPrivilegeCountGauge().getValue()); privilege.setTableName("tb2"); - sentryStore.alterSentryGrantPrivilege(SentryPrincipalType.ROLE, role2, privilege, null); + sentryStore.alterSentryGrantPrivileges(SentryPrincipalType.ROLE, role2, Sets.newHashSet(privilege), null); assertEquals(Long.valueOf(2), sentryStore.getPrivilegeCountGauge().getValue()); } @@ -2241,9 +2241,9 @@ public class TestSentryStore extends org.junit.Assert { privilege_tbl1_c3.setColumnName("c3"); privilege_tbl1_c3.setCreateTime(System.currentTimeMillis()); - sentryStore.alterSentryGrantPrivilege(SentryPrincipalType.ROLE, roleName1, privilege_tbl1_c1, null); - sentryStore.alterSentryGrantPrivilege(SentryPrincipalType.ROLE, roleName1, privilege_tbl1_c2, null); - sentryStore.alterSentryGrantPrivilege(SentryPrincipalType.ROLE, roleName2, privilege_tbl1_c3, null); + sentryStore.alterSentryGrantPrivileges(SentryPrincipalType.ROLE, roleName1, Sets.newHashSet(privilege_tbl1_c1), null); + sentryStore.alterSentryGrantPrivileges(SentryPrincipalType.ROLE, roleName1, Sets.newHashSet(privilege_tbl1_c2), null); + sentryStore.alterSentryGrantPrivileges(SentryPrincipalType.ROLE, roleName2, Sets.newHashSet(privilege_tbl1_c3), null); Set<TSentryPrivilege> privilegeSet = sentryStore.getAllTSentryPrivilegesByRoleName(roleName1); assertEquals(2, privilegeSet.size()); @@ -2274,7 +2274,7 @@ public class TestSentryStore extends org.junit.Assert { TSentryPrivilege tSentryPrivilege = new TSentryPrivilege("TABLE", "server1", "ALL"); tSentryPrivilege.setDbName(dbName); tSentryPrivilege.setTableName(table); - sentryStore.alterSentryGrantPrivilege(SentryPrincipalType.ROLE, roleName, tSentryPrivilege, null); + sentryStore.alterSentryGrantPrivileges(SentryPrincipalType.ROLE, roleName, Sets.newHashSet(tSentryPrivilege), null); TSentryAuthorizable tSentryAuthorizable = new TSentryAuthorizable(); tSentryAuthorizable.setDb(dbName); @@ -2314,7 +2314,7 @@ public class TestSentryStore extends org.junit.Assert { tSentryPrivilege.setDbName(dbName); tSentryPrivilege.setTableName(table); tSentryPrivilege.setColumnName(column); - sentryStore.alterSentryGrantPrivilege(SentryPrincipalType.ROLE, roleName, tSentryPrivilege, null); + sentryStore.alterSentryGrantPrivileges(SentryPrincipalType.ROLE, roleName, Sets.newHashSet(tSentryPrivilege), null); TSentryAuthorizable tSentryAuthorizable = new TSentryAuthorizable(); tSentryAuthorizable.setDb(dbName); @@ -2382,8 +2382,8 @@ public class TestSentryStore extends org.junit.Assert { privilege1.setTableName("tbl1"); privilege1.setAction("SELECT"); privilege1.setCreateTime(System.currentTimeMillis()); - sentryStore.alterSentryGrantPrivilege(SentryPrincipalType.ROLE, roleName1, privilege1, null); - sentryStore.alterSentryGrantPrivilege(SentryPrincipalType.ROLE, roleName2, privilege1, null); + sentryStore.alterSentryGrantPrivileges(SentryPrincipalType.ROLE, roleName1, Sets.newHashSet(privilege1), null); + sentryStore.alterSentryGrantPrivileges(SentryPrincipalType.ROLE, roleName2, Sets.newHashSet(privilege1), null); TSentryPrivilege privilege2 = new TSentryPrivilege(); privilege2.setPrivilegeScope("SERVER"); @@ -2391,7 +2391,7 @@ public class TestSentryStore extends org.junit.Assert { privilege1.setDbName("db2"); privilege1.setAction("ALL"); privilege2.setCreateTime(System.currentTimeMillis()); - sentryStore.alterSentryGrantPrivilege(SentryPrincipalType.ROLE, roleName2, privilege2, null); + sentryStore.alterSentryGrantPrivileges(SentryPrincipalType.ROLE, roleName2, Sets.newHashSet(privilege2), null); // Grant roles to the groups Set<TSentryGroup> groups = Sets.newHashSet(); @@ -2409,8 +2409,8 @@ public class TestSentryStore extends org.junit.Assert { privilege3.setTableName("tbl1"); privilege3.setAction("OWNER"); privilege3.setCreateTime(System.currentTimeMillis()); - sentryStore.alterSentryGrantPrivilege(SentryPrincipalType.ROLE, roleName1, privilege3, null); - sentryStore.alterSentryGrantPrivilege(SentryPrincipalType.ROLE, roleName2, privilege3, null); + sentryStore.alterSentryGrantPrivileges(SentryPrincipalType.ROLE, roleName1, Sets.newHashSet(privilege3), null); + sentryStore.alterSentryGrantPrivileges(SentryPrincipalType.ROLE, roleName2, Sets.newHashSet(privilege3), null); PermissionsImage permImage = sentryStore.retrieveFullPermssionsImage(); Map<String, Map<TPrivilegePrincipal, String>> privs = permImage.getPrivilegeImage(); @@ -3191,7 +3191,7 @@ public class TestSentryStore extends org.junit.Assert { privilege_tbl1.setCreateTime(System.currentTimeMillis()); privilege_tbl1.setAction("SELECT"); - sentryStore.alterSentryGrantPrivilege(SentryPrincipalType.ROLE, roleName1, privilege_tbl1, null); + sentryStore.alterSentryGrantPrivileges(SentryPrincipalType.ROLE, roleName1, Sets.newHashSet(privilege_tbl1), null); // Generate the permission drop update for dropping privilege for "db1.tbl1" PermissionsUpdate dropUpdate = new PermissionsUpdate(0, false); @@ -3225,7 +3225,7 @@ public class TestSentryStore extends org.junit.Assert { privilege_tbl1.setCreateTime(System.currentTimeMillis()); privilege_tbl1.setAction(AccessConstants.ALL); - sentryStore.alterSentryGrantPrivilege(SentryPrincipalType.ROLE, roleName1, privilege_tbl1, null); + sentryStore.alterSentryGrantPrivileges(SentryPrincipalType.ROLE, roleName1, Sets.newHashSet(privilege_tbl1), null); // Generate the permission rename update for renaming privilege for "db1.tbl1" String oldAuthz = "db1.tbl1"; @@ -3285,7 +3285,7 @@ public class TestSentryStore extends org.junit.Assert { privilege.setCreateTime(System.currentTimeMillis()); PermissionsUpdate update = new PermissionsUpdate(i + 1, false); - sentryStore.alterSentryGrantPrivilege(SentryPrincipalType.ROLE, role, privilege, update); + sentryStore.alterSentryGrantPrivileges(SentryPrincipalType.ROLE, role, Sets.newHashSet(privilege), Lists.newArrayList(update)); } assertEquals(numPermChanges, sentryStore.getMSentryPermChanges().size()); @@ -3748,12 +3748,12 @@ public class TestSentryStore extends org.junit.Assert { privilege.setTableName(table); privilege.setAction(AccessConstants.ALL); privilege.setCreateTime(System.currentTimeMillis()); - sentryStore.alterSentryGrantPrivilege(SentryPrincipalType.USER, userName, privilege, null); + sentryStore.alterSentryGrantPrivileges(SentryPrincipalType.USER, userName, Sets.newHashSet(privilege), null); MSentryUser user = sentryStore.getMSentryUserByName(userName); Set<MSentryPrivilege> privileges = user.getPrivileges(); assertEquals(privileges.toString(), 1, privileges.size()); privilege.setAction(AccessConstants.SELECT); - sentryStore.alterSentryRevokePrivilege(SentryPrincipalType.USER, userName, privilege, null); + sentryStore.alterSentryRevokePrivileges(SentryPrincipalType.USER, userName, Sets.newHashSet(privilege), null); // after having ALL and revoking SELECT, we should have (INSERT) user = sentryStore.getMSentryUserByName(userName); privileges = user.getPrivileges(); @@ -3770,7 +3770,7 @@ public class TestSentryStore extends org.junit.Assert { privilege.setAction(AccessConstants.INSERT); - sentryStore.alterSentryRevokePrivilege(SentryPrincipalType.USER, userName, privilege, null); + sentryStore.alterSentryRevokePrivileges(SentryPrincipalType.USER, userName, Sets.newHashSet(privilege), null); user = sentryStore.getMSentryUserByName(userName, false); assertNull(user); } @@ -3793,7 +3793,7 @@ public class TestSentryStore extends org.junit.Assert { privilege.setDbName(db); privilege.setAction(AccessConstants.ALL); privilege.setCreateTime(System.currentTimeMillis()); - sentryStore.alterSentryGrantPrivilege(SentryPrincipalType.ROLE, roleName, privilege, null); + sentryStore.alterSentryGrantPrivileges(SentryPrincipalType.ROLE, roleName, Sets.newHashSet(privilege), null); MSentryRole role = sentryStore.getMSentryRoleByName(roleName); Set<MSentryPrivilege> privileges = role.getPrivileges(); assertEquals(privileges.toString(), 1, privileges.size()); @@ -3803,7 +3803,7 @@ public class TestSentryStore extends org.junit.Assert { privilege.setServerName(server.toUpperCase()); privilege.setDbName(db.toUpperCase()); privilege.setTableName(table.toUpperCase()); - sentryStore.alterSentryGrantPrivilege(SentryPrincipalType.ROLE, roleName, privilege, null); + sentryStore.alterSentryGrantPrivileges(SentryPrincipalType.ROLE, roleName, Sets.newHashSet(privilege), null); // check if the table privilege is created role = sentryStore.getMSentryRoleByName(roleName); @@ -3826,13 +3826,13 @@ public class TestSentryStore extends org.junit.Assert { privilege1.setTableName("tbl1"); privilege1.setAction("SELECT"); privilege1.setCreateTime(System.currentTimeMillis()); - sentryStore.alterSentryGrantPrivilege(SentryPrincipalType.ROLE, roleName, privilege1, null); + sentryStore.alterSentryGrantPrivileges(SentryPrincipalType.ROLE, roleName, Sets.newHashSet(privilege1), null); TSentryPrivilege privilege2 = new TSentryPrivilege(); privilege2.setPrivilegeScope("SERVER"); privilege2.setServerName("server1"); privilege2.setCreateTime(System.currentTimeMillis()); - sentryStore.alterSentryGrantPrivilege(SentryPrincipalType.USER, userName, privilege2, null); + sentryStore.alterSentryGrantPrivileges(SentryPrincipalType.USER, userName, Sets.newHashSet(privilege2), null); Set<TSentryGroup> groups = Sets.newHashSet(); TSentryGroup group = new TSentryGroup(); @@ -3868,10 +3868,10 @@ public class TestSentryStore extends org.junit.Assert { privilege1.setTableName("tbl1"); privilege1.setAction("SELECT"); privilege1.setCreateTime(System.currentTimeMillis()); - sentryStore.alterSentryGrantPrivilege(SentryPrincipalType.USER, userName1, privilege1, null); + sentryStore.alterSentryGrantPrivileges(SentryPrincipalType.USER, userName1, Sets.newHashSet(privilege1), null); privilege1.setAction("ALL"); - sentryStore.alterSentryGrantPrivilege(SentryPrincipalType.USER, userName2, privilege1, null); + sentryStore.alterSentryGrantPrivileges(SentryPrincipalType.USER, userName2, Sets.newHashSet(privilege1), null); assertEquals(Sets.newHashSet("server=server1->db=db1->table=tbl1->action=select"), SentryStore.toTrimedLower(sentryStore.listAllSentryPrivilegesForProvider( @@ -3892,7 +3892,7 @@ public class TestSentryStore extends org.junit.Assert { privilege1.setTableName("tbl1"); privilege1.setAction("SELECT"); privilege1.setCreateTime(System.currentTimeMillis()); - sentryStore.alterSentryGrantPrivilege(SentryPrincipalType.USER, userName1, privilege1, null); + sentryStore.alterSentryGrantPrivileges(SentryPrincipalType.USER, userName1, Sets.newHashSet(privilege1), null); TSentryAuthorizable tSentryAuthorizable = new TSentryAuthorizable(); tSentryAuthorizable.setServer("server1"); @@ -3920,14 +3920,14 @@ public class TestSentryStore extends org.junit.Assert { privilege.setTableName(table); privilege.setAction(AccessConstants.ALL); privilege.setCreateTime(System.currentTimeMillis()); - sentryStore.alterSentryGrantPrivilege(SentryPrincipalType.ROLE, roleName, privilege, null); + sentryStore.alterSentryGrantPrivileges(SentryPrincipalType.ROLE, roleName, Sets.newHashSet(privilege), null); MSentryRole role = sentryStore.getMSentryRoleByName(roleName); Set<MSentryPrivilege> privileges = role.getPrivileges(); assertEquals(privileges.toString(), 1, privileges.size()); privilege.setAction(AccessConstants.SELECT); - sentryStore.alterSentryRevokePrivilege(SentryPrincipalType.ROLE, roleName, privilege, null); + sentryStore.alterSentryRevokePrivileges(SentryPrincipalType.ROLE, roleName, Sets.newHashSet(privilege), null); // after having ALL and revoking SELECT, we should have (INSERT) role = sentryStore.getMSentryRoleByName(roleName); privileges = role.getPrivileges(); @@ -3935,7 +3935,7 @@ public class TestSentryStore extends org.junit.Assert { // second round privilege.setAction(AccessConstants.ALL); - sentryStore.alterSentryGrantPrivilege(SentryPrincipalType.ROLE, roleName, privilege, null); + sentryStore.alterSentryGrantPrivileges(SentryPrincipalType.ROLE, roleName, Sets.newHashSet(privilege), null); List<MSentryPrivilege> totalPrivileges = sentryStore.getAllMSentryPrivileges(); assertEquals(totalPrivileges.toString(),1, totalPrivileges.size()); @@ -3944,7 +3944,7 @@ public class TestSentryStore extends org.junit.Assert { assertEquals(privileges.toString(), 1, privileges.size()); privilege.setAction(AccessConstants.INSERT); - sentryStore.alterSentryRevokePrivilege(SentryPrincipalType.ROLE, roleName, privilege, null); + sentryStore.alterSentryRevokePrivileges(SentryPrincipalType.ROLE, roleName, Sets.newHashSet(privilege), null); // after having ALL and revoking INSERT, we should have (SELECT) totalPrivileges = sentryStore.getAllMSentryPrivileges(); assertEquals(totalPrivileges.toString(),1, totalPrivileges.size()); @@ -3969,14 +3969,14 @@ public class TestSentryStore extends org.junit.Assert { privilege.setTableName(table); privilege.setAction(AccessConstants.ALL); privilege.setCreateTime(System.currentTimeMillis()); - sentryStore.alterSentryGrantPrivilege(SentryPrincipalType.USER, userName, privilege, null); + sentryStore.alterSentryGrantPrivileges(SentryPrincipalType.USER, userName, Sets.newHashSet(privilege), null); MSentryUser user = sentryStore.getMSentryUserByName(userName); Set<MSentryPrivilege> privileges = user.getPrivileges(); assertEquals(privileges.toString(), 1, privileges.size()); privilege.setAction(AccessConstants.SELECT); - sentryStore.alterSentryRevokePrivilege(SentryPrincipalType.USER, userName, privilege, null); + sentryStore.alterSentryRevokePrivileges(SentryPrincipalType.USER, userName, Sets.newHashSet(privilege), null); // after having ALL and revoking SELECT, we should have (INSERT) user = sentryStore.getMSentryUserByName(userName); privileges = user.getPrivileges(); @@ -3984,7 +3984,7 @@ public class TestSentryStore extends org.junit.Assert { // second round privilege.setAction(AccessConstants.ALL); - sentryStore.alterSentryGrantPrivilege(SentryPrincipalType.USER, userName, privilege, null); + sentryStore.alterSentryGrantPrivileges(SentryPrincipalType.USER, userName, Sets.newHashSet(privilege), null); List<MSentryPrivilege> totalPrivileges = sentryStore.getAllMSentryPrivileges(); assertEquals(totalPrivileges.toString(),1, totalPrivileges.size()); @@ -3993,7 +3993,7 @@ public class TestSentryStore extends org.junit.Assert { assertEquals(privileges.toString(), 1, privileges.size()); privilege.setAction(AccessConstants.INSERT); - sentryStore.alterSentryRevokePrivilege(SentryPrincipalType.USER, userName, privilege, null); + sentryStore.alterSentryRevokePrivileges(SentryPrincipalType.USER, userName, Sets.newHashSet(privilege), null); // after having ALL and revoking INSERT, we should have (SELECT) totalPrivileges = sentryStore.getAllMSentryPrivileges(); assertEquals(totalPrivileges.toString(),1, totalPrivileges.size()); @@ -4003,7 +4003,7 @@ public class TestSentryStore extends org.junit.Assert { assertEquals(privileges.toString(), 1, privileges.size()); privilege.setAction(AccessConstants.SELECT); - sentryStore.alterSentryRevokePrivilege(SentryPrincipalType.USER, userName, privilege, null); + sentryStore.alterSentryRevokePrivileges(SentryPrincipalType.USER, userName, Sets.newHashSet(privilege), null); // after having ALL and revoking INSERT and SELECT, we should have NO privileges // user should be removed automatically user = sentryStore.getMSentryUserByName(userName, false); @@ -4026,8 +4026,8 @@ public class TestSentryStore extends org.junit.Assert { toTSentryPrivilege("SELECT", "TABLE", "server1", "db1", "table2"); createRole(ROLE1); - sentryStore.alterSentryGrantPrivilege(SentryPrincipalType.ROLE, ROLE1, ROLE1_PRIV1, null); - sentryStore.alterSentryGrantPrivilege(SentryPrincipalType.ROLE, ROLE1, ROLE1_PRIV2, null); + sentryStore.alterSentryGrantPrivileges(SentryPrincipalType.ROLE, ROLE1, Sets.newHashSet(ROLE1_PRIV1), null); + sentryStore.alterSentryGrantPrivileges(SentryPrincipalType.ROLE, ROLE1, Sets.newHashSet(ROLE1_PRIV2), null); final String ROLE2 = "role2"; final TSentryPrivilege ROLE2_PRIV1 = @@ -4036,8 +4036,8 @@ public class TestSentryStore extends org.junit.Assert { toTSentryPrivilege("ALL", "SERVER", "server1", "", ""); createRole(ROLE2); - sentryStore.alterSentryGrantPrivilege(SentryPrincipalType.ROLE, ROLE2, ROLE2_PRIV1, null); - sentryStore.alterSentryGrantPrivilege(SentryPrincipalType.ROLE, ROLE2, ROLE2_PRIV2, null); + sentryStore.alterSentryGrantPrivileges(SentryPrincipalType.ROLE, ROLE2, Sets.newHashSet(ROLE2_PRIV1), null); + sentryStore.alterSentryGrantPrivileges(SentryPrincipalType.ROLE, ROLE2, Sets.newHashSet(ROLE2_PRIV2), null); final String ROLE3 = "role3"; @@ -4072,8 +4072,8 @@ public class TestSentryStore extends org.junit.Assert { toTSentryPrivilege("SELECT", "TABLE", "server1", "db1", "table2"); createUser(USER1); - sentryStore.alterSentryGrantPrivilege(SentryPrincipalType.USER, USER1, USER1_PRIV1, null); - sentryStore.alterSentryGrantPrivilege(SentryPrincipalType.USER,USER1, USER1_PRIV2, null); + sentryStore.alterSentryGrantPrivileges(SentryPrincipalType.USER, USER1, Sets.newHashSet(USER1_PRIV1), null); + sentryStore.alterSentryGrantPrivileges(SentryPrincipalType.USER,USER1, Sets.newHashSet(USER1_PRIV2), null); final String USER2 = "user2"; final TSentryPrivilege USER2_PRIV1 = @@ -4082,8 +4082,8 @@ public class TestSentryStore extends org.junit.Assert { toTSentryPrivilege("ALL", "SERVER", "server1", "", ""); createUser(USER2); - sentryStore.alterSentryGrantPrivilege(SentryPrincipalType.USER,USER2, USER2_PRIV1, null); - sentryStore.alterSentryGrantPrivilege(SentryPrincipalType.USER,USER2, USER2_PRIV2, null); + sentryStore.alterSentryGrantPrivileges(SentryPrincipalType.USER,USER2, Sets.newHashSet(USER2_PRIV1), null); + sentryStore.alterSentryGrantPrivileges(SentryPrincipalType.USER,USER2, Sets.newHashSet(USER2_PRIV2), null); final String USER3 = "user3";