Google Git
Sign in
apache / incubator-sentry / 07767a1ce92340d2334c9d637eb6ea2f4abac055 / . / sentry-provider / sentry-provider-db / src / main / resources / sentry_policy_service.thrift
blob: b3f7d6ecf0c9e142b856922ffb41fdda08e40f5c [file] [log] [blame]
#!/usr/local/bin/thrift -java
/**
* Licensed to the Apache Software Foundation (ASF) under one
* or more contributor license agreements. See the NOTICE file
* distributed with this work for additional information
* regarding copyright ownership. The ASF licenses this file
* to you under the Apache License, Version 2.0 (the
* "License"); you may not use this file except in compliance
* with the License. You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
#
# Thrift Service that the MetaStore is built on
#
include "share/fb303/if/fb303.thrift"
include "sentry_common_service.thrift"
namespace java org.apache.sentry.provider.db.service.thrift
namespace php sentry.provider.db.service.thrift
namespace cpp Apache.Sentry.Provider.Db.Service.Thrift
struct TSentryPrivilege {
1: required string privilegeScope, # Valid values are SERVER, DATABASE, TABLE
2: optional string privilegeName, # Generated on server side
3: required string serverName,
4: optional string dbName,
5: optional string tableName,
6: optional string URI,
7: required string action,
8: optional i64 createTime, # Set on server side
9: optional string grantorPrincipal # Set on server side
}
struct TSentryRole {
1: required string roleName,
# TODO privs should not be part of Sentry role as
# they are created when a grant is executed
# They need to be returned as part of the list role API, else
# there would be another round trip
2: required set<TSentryPrivilege> privileges,
3: required i64 createTime,
4: required string grantorPrincipal
}
// TODO fill out
struct TSentryGroup {
1: required string groupName
}
struct TCreateSentryRoleRequest {
1: required i32 protocol_version = sentry_common_service.TSENTRY_SERVICE_V1,
2: required string requestorUserName,
3: required TSentryRole role,
4: required set<string> requestorGroupName
}
struct TCreateSentryRoleResponse {
1: required sentry_common_service.TSentryResponseStatus status
}
struct TListSentryRolesRequest {
1: required i32 protocol_version = sentry_common_service.TSENTRY_SERVICE_V1,
2: required string requestorUserName, # user on whose behalf the request is issued
3: optional string rolerequestorGroupName, # list roles for this group
4: required string roleName,
5: required set<string> requestorGroupName # groups the requesting user belongs to
}
struct TListSentryRolesResponse {
1: required sentry_common_service.TSentryResponseStatus status
2: required set<TSentryRole> roles
}
struct TDropSentryRoleRequest {
1: required i32 protocol_version = sentry_common_service.TSENTRY_SERVICE_V1,
2: required string requestorUserName,
3: required string roleName,
4: required set<string> requestorGroupName
}
struct TDropSentryRoleResponse {
1: required sentry_common_service.TSentryResponseStatus status
}
struct TAlterSentryRoleAddGroupsRequest {
1: required i32 protocol_version = sentry_common_service.TSENTRY_SERVICE_V1,
2: required string requestorUserName,
3: required string roleName,
4: required set<string> requestorGroupName,
5: required set<TSentryGroup> groups
}
struct TAlterSentryRoleAddGroupsResponse {
1: required sentry_common_service.TSentryResponseStatus status
}
struct TAlterSentryRoleDeleteGroupsRequest {
1: required i32 protocol_version = sentry_common_service.TSENTRY_SERVICE_V1,
2: required string requestorUserName,
3: required set<string> requestorGroupName
}
struct TAlterSentryRoleDeleteGroupsResponse {
1: required sentry_common_service.TSentryResponseStatus status
}
struct TAlterSentryRoleGrantPrivilegeRequest {
1: required i32 protocol_version = sentry_common_service.TSENTRY_SERVICE_V1,
2: required string requestorUserName,
3: required string roleName,
4: required set<string> requestorGroupName,
5: required TSentryPrivilege privilege
}
struct TAlterSentryRoleGrantPrivilegeResponse {
1: required sentry_common_service.TSentryResponseStatus status
}
struct TAlterSentryRoleRevokePrivilegeRequest {
1: required i32 protocol_version = sentry_common_service.TSENTRY_SERVICE_V1,
2: required string requestorUserName,
3: required string roleName,
4: required set<string> requestorGroupName,
5: required TSentryPrivilege privilege
}
struct TAlterSentryRoleRevokePrivilegeResponse {
1: required sentry_common_service.TSentryResponseStatus status
}
service SentryPolicyService
{
TCreateSentryRoleResponse create_sentry_role(1:TCreateSentryRoleRequest request)
TDropSentryRoleResponse drop_sentry_role(1:TDropSentryRoleRequest request)
TAlterSentryRoleGrantPrivilegeResponse alter_sentry_role_grant_privilege(1:TAlterSentryRoleGrantPrivilegeRequest request)
TAlterSentryRoleRevokePrivilegeResponse alter_sentry_role_revoke_privilege(1:TAlterSentryRoleRevokePrivilegeRequest request)
TAlterSentryRoleAddGroupsResponse alter_sentry_role_add_groups(1:TAlterSentryRoleAddGroupsRequest request)
TAlterSentryRoleDeleteGroupsResponse alter_sentry_role_delete_groups(1:TAlterSentryRoleDeleteGroupsRequest request)
TListSentryRolesResponse list_sentry_roles_by_group(1:TListSentryRolesRequest request)
TListSentryRolesResponse list_sentry_roles_by_role_name(1:TListSentryRolesRequest request)
}