-
Notifications
You must be signed in to change notification settings - Fork 391
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
[#5570] improve(CLI): Add the ability to revoke all roles or groups i…
…n the Gravitino CLI. (#6240) ### What changes were proposed in this pull request? Add ability to revoke all roles from a user or group in the Gravitino CLI. 1. Add logic to handle the `--all` flag in `UserCommandHandler#handleRevokeCommand`; 2. Add logic to handle the `--all `flag in `GroupCommandHandler#handleRevokeCommand`; 3. Add new `RemoveAllRoles` command to handle user revoke --all and group revoke `--all`; 4. Add unit tests; ### Why are the changes needed? Fix: #5570 ### Does this PR introduce _any_ user-facing change? No ### How was this patch tested? UT + local test. User test. ```bash # step1: grant roles to testRole gcli user grant -m demo_metalake --user testRole --role roleA roleB roleC -I # roleA added to testRole # roleB added to testRole # roleC added to testRole # Add roles roleA, roleB, roleC to user testRole # step2: get details of testRole gcli user details -m demo_metalake --user testRole -I # roleA,roleC,roleB # step3: revoke all roles from testRole gcli user revoke -m demo_metalake --user testRole -i --all # Remove all roles from user testRole # step4: get details of testRole gcli user details -m demo_metalake --user testRole -I # The user has no roles. # step5: list exists roles gcli role list -m demo_metalake -I # admin,roleA,roleB,roleC ``` Group test. ```bash # step1: grant roles to test_group gcli group grant -m demo_metalake --group test_group --role roleA roleB roleC -I # roleA added to test_group # roleB added to test_group # roleC added to test_group # Grant roles roleA, roleB, roleC to group test_group # step2: get details of test_group gcli group details -m demo_metalake --group test_group -I # admin,roleA,roleC,roleB # step3: revoke all roles from test_group gcli group revoke -m demo_metalake --group test_group -i --all # Remove all roles from group test_group # step4: get details of test_group gcli group details -m demo_metalake --group test_group -I # The group has no roles. # step5: list exists roles gcli role list -m demo_metalake -I # admin,roleA,roleB,roleC ``` --------- Co-authored-by: Chun-Hao Liu <[email protected]> Co-authored-by: yangyang zhong <[email protected]> Co-authored-by: Xiaojian Sun <[email protected]> Co-authored-by: roryqi <[email protected]> Co-authored-by: TengYao Chi <[email protected]> Co-authored-by: Qi Yu <[email protected]>
- Loading branch information
7 people
authored
Jan 16, 2025
1 parent
eb3fb31
commit 375116a
Showing
11 changed files
with
206 additions
and
12 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
98 changes: 98 additions & 0 deletions
98
clients/cli/src/main/java/org/apache/gravitino/cli/commands/RemoveAllRoles.java
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,98 @@ | ||
| /* | ||
| * Licensed to the Apache Software Foundation (ASF) under one | ||
| * or more contributor license agreements. See the NOTICE file | ||
| * distributed with this work for additional information | ||
| * regarding copyright ownership. The ASF licenses this file | ||
| * to you under the Apache License, Version 2.0 (the | ||
| * "License"); you may not use this file except in compliance | ||
| * with the License. You may obtain a copy of the License at | ||
| * | ||
| * http://www.apache.org/licenses/LICENSE-2.0 | ||
| * | ||
| * Unless required by applicable law or agreed to in writing, | ||
| * software distributed under the License is distributed on an | ||
| * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY | ||
| * KIND, either express or implied. See the License for the | ||
| * specific language governing permissions and limitations | ||
| * under the License. | ||
| */ | ||
|
|
||
| package org.apache.gravitino.cli.commands; | ||
|
|
||
| import java.util.List; | ||
| import org.apache.gravitino.authorization.Group; | ||
| import org.apache.gravitino.authorization.User; | ||
| import org.apache.gravitino.cli.CommandEntities; | ||
| import org.apache.gravitino.cli.ErrorMessages; | ||
| import org.apache.gravitino.client.GravitinoClient; | ||
| import org.apache.gravitino.exceptions.NoSuchGroupException; | ||
| import org.apache.gravitino.exceptions.NoSuchMetalakeException; | ||
| import org.apache.gravitino.exceptions.NoSuchUserException; | ||
|
|
||
| /** Removes all roles from a group or user. */ | ||
| public class RemoveAllRoles extends Command { | ||
| protected final String metalake; | ||
| protected final String entity; | ||
| protected final String entityType; | ||
|
|
||
| /** | ||
| * Removes all roles from a group or user. | ||
| * | ||
| * @param url The URL of the Gravitino server. | ||
| * @param ignoreVersions If true don't check the client/server versions match. | ||
| * @param metalake The name of the metalake. | ||
| * @param entity the name of the group or user. | ||
| * @param entityType The type of the entity (group or user). | ||
| */ | ||
| public RemoveAllRoles( | ||
| String url, boolean ignoreVersions, String metalake, String entity, String entityType) { | ||
| super(url, ignoreVersions); | ||
| this.metalake = metalake; | ||
| this.entity = entity; | ||
| this.entityType = entityType; | ||
| } | ||
|
|
||
| /** Removes all roles from a group or user. */ | ||
| @Override | ||
| public void handle() { | ||
| if (CommandEntities.GROUP.equals(entityType)) { | ||
| revokeAllRolesFromGroup(); | ||
| } else { | ||
| revokeAllRolesFromUser(); | ||
| } | ||
| } | ||
|
|
||
| /** Removes all roles from a group. */ | ||
| private void revokeAllRolesFromGroup() { | ||
| List<String> roles; | ||
| try { | ||
| GravitinoClient client = buildClient(metalake); | ||
| Group group = client.getGroup(entity); | ||
| roles = group.roles(); | ||
| client.revokeRolesFromGroup(roles, entity); | ||
| } catch (NoSuchMetalakeException e) { | ||
| exitWithError(ErrorMessages.UNKNOWN_METALAKE); | ||
| } catch (NoSuchGroupException e) { | ||
| exitWithError(ErrorMessages.UNKNOWN_GROUP); | ||
| } catch (Exception e) { | ||
| exitWithError(e.getMessage()); | ||
| } | ||
| } | ||
|
|
||
| /** Removes all roles from a user. */ | ||
| private void revokeAllRolesFromUser() { | ||
| List<String> roles; | ||
| try { | ||
| GravitinoClient client = buildClient(metalake); | ||
| User user = client.getUser(entity); | ||
| roles = user.roles(); | ||
| client.revokeRolesFromUser(roles, entity); | ||
| } catch (NoSuchMetalakeException e) { | ||
| exitWithError(ErrorMessages.UNKNOWN_METALAKE); | ||
| } catch (NoSuchUserException e) { | ||
| exitWithError(ErrorMessages.UNKNOWN_USER); | ||
| } catch (Exception e) { | ||
| exitWithError(e.getMessage()); | ||
| } | ||
| } | ||
| } |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters