Skip to content
Closed
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
Original file line number Diff line number Diff line change
Expand Up @@ -265,9 +265,9 @@ def __hash__(self) -> int:
return hash((self._condition, self._name))

def __eq__(self, value: object) -> bool:
if not isinstance(value, GenericPrivilege):
if not isinstance(value, Privilege):
return False
return self._condition == value._condition and self._name == value._name
return self._condition == value.condition() and self._name == value.name()


class CreateCatalog(GenericPrivilege):
Expand Down
24 changes: 24 additions & 0 deletions clients/client-python/gravitino/client/dto_converters.py
Original file line number Diff line number Diff line change
Expand Up @@ -17,6 +17,11 @@

from __future__ import annotations

from gravitino.api.authorization.privileges import Privilege
from gravitino.api.authorization.securable_objects import (
SecurableObject,
SecurableObjects,
)
from gravitino.api.catalog import Catalog
from gravitino.api.catalog_change import CatalogChange
from gravitino.api.job.job_template import JobTemplate, JobType
Expand All @@ -36,6 +41,8 @@
from gravitino.client.fileset_catalog import FilesetCatalog
from gravitino.client.generic_model_catalog import GenericModelCatalog
from gravitino.client.relational_catalog import RelationalCatalog
from gravitino.dto.authorization.privilege_dto import PrivilegeDTO
from gravitino.dto.authorization.securable_object_dto import SecurableObjectDTO
from gravitino.dto.catalog_dto import CatalogDTO
from gravitino.dto.job.job_template_dto import JobTemplateDTO
from gravitino.dto.job.shell_job_template_dto import ShellJobTemplateDTO
Expand Down Expand Up @@ -325,3 +332,20 @@ def to_tag_update_request(
return TagUpdateRequest.RemoveTagPropertyRequest(change.removed_property)

raise IllegalArgumentException(f"Unknown change type: {type(change)}")

@staticmethod
def to_privilege_dto(privilege: Privilege) -> PrivilegeDTO:
return PrivilegeDTO(privilege.name(), privilege.condition())

@staticmethod
def from_privilege_dto(dto: PrivilegeDTO) -> Privilege:
return dto

@staticmethod
def to_securable_object_dto(obj: SecurableObject) -> SecurableObjectDTO:
privilege_dtos = [DTOConverters.to_privilege_dto(p) for p in obj.privileges()]
return SecurableObjectDTO(obj.full_name(), obj.type(), privilege_dtos)

@staticmethod
def from_securable_object_dto(dto: SecurableObjectDTO) -> SecurableObject:
return SecurableObjects.parse(dto.full_name(), dto.type(), dto.privileges())
177 changes: 177 additions & 0 deletions clients/client-python/gravitino/client/gravitino_client.py
Original file line number Diff line number Diff line change
Expand Up @@ -21,6 +21,9 @@

from gravitino.api.authorization.group import Group
from gravitino.api.authorization.owner import Owner
from gravitino.api.authorization.privileges import Privilege
from gravitino.api.authorization.role import Role
from gravitino.api.authorization.securable_objects import SecurableObject
from gravitino.api.authorization.user import User
from gravitino.api.catalog import Catalog
from gravitino.api.catalog_change import CatalogChange
Expand Down Expand Up @@ -507,3 +510,177 @@ def list_group_names(self) -> list[str]:
NoSuchMetalakeException: If the metalake does not exist.
"""
return self.get_metalake().list_group_names()

# Role operations

def create_role(
self,
role_name: str,
properties: Optional[Dict[str, str]] = None,
securable_objects: Optional[List[SecurableObject]] = None,
) -> Role:
"""Create a new role under the metalake.

Args:
role_name: The name of the role.
properties: The properties of the role.
securable_objects: The securable objects of the role.

Returns:
The created Role object.

Raises:
RoleAlreadyExistsException: If a role with the same name already exists.
NoSuchMetalakeException: If the metalake does not exist.
"""
return self.get_metalake().create_role(role_name, properties, securable_objects)

def get_role(self, role_name: str) -> Role:
"""Get a role by name from the metalake.

Args:
role_name: The name of the role.

Returns:
The Role object.

Raises:
NoSuchRoleException: If the role does not exist.
NoSuchMetalakeException: If the metalake does not exist.
"""
return self.get_metalake().get_role(role_name)

def delete_role(self, role_name: str) -> bool:
"""Delete a role from the metalake.

Args:
role_name: The name of the role.

Returns:
True if the role was deleted, False otherwise.

Raises:
NoSuchMetalakeException: If the metalake does not exist.
"""
return self.get_metalake().delete_role(role_name)

def list_role_names(self) -> list[str]:
"""List all role names under the metalake.

Returns:
A list of role name strings.

Raises:
NoSuchMetalakeException: If the metalake does not exist.
"""
return self.get_metalake().list_role_names()

def grant_roles_to_user(self, role_names: List[str], user_name: str) -> User:
"""Grant roles to a user.

Args:
role_names: The names of the roles to grant.
user_name: The name of the user.

Returns:
The updated User object.

Raises:
NoSuchRoleException: If the role does not exist.
NoSuchUserException: If the user does not exist.
"""
return self.get_metalake().grant_roles_to_user(role_names, user_name)

def revoke_roles_from_user(self, role_names: List[str], user_name: str) -> User:
"""Revoke roles from a user.

Args:
role_names: The names of the roles to revoke.
user_name: The name of the user.

Returns:
The updated User object.

Raises:
NoSuchRoleException: If the role does not exist.
NoSuchUserException: If the user does not exist.
"""
return self.get_metalake().revoke_roles_from_user(role_names, user_name)

def grant_roles_to_group(self, role_names: List[str], group_name: str) -> Group:
"""Grant roles to a group.

Args:
role_names: The names of the roles to grant.
group_name: The name of the group.

Returns:
The updated Group object.

Raises:
NoSuchRoleException: If the role does not exist.
NoSuchGroupException: If the group does not exist.
"""
return self.get_metalake().grant_roles_to_group(role_names, group_name)

def revoke_roles_from_group(self, role_names: List[str], group_name: str) -> Group:
"""Revoke roles from a group.

Args:
role_names: The names of the roles to revoke.
group_name: The name of the group.

Returns:
The updated Group object.

Raises:
NoSuchRoleException: If the role does not exist.
NoSuchGroupException: If the group does not exist.
"""
return self.get_metalake().revoke_roles_from_group(role_names, group_name)

def grant_privileges_to_role(
self,
role_name: str,
securable_object: SecurableObject,
privileges: List[Privilege],
) -> Role:
"""Grant privileges to a role on a securable object.

Args:
role_name: The name of the role.
securable_object: The securable object.
privileges: The privileges to grant.

Returns:
The updated Role object.

Raises:
NoSuchRoleException: If the role does not exist.
"""
return self.get_metalake().grant_privileges_to_role(
role_name, securable_object, privileges
)

def revoke_privileges_from_role(
self,
role_name: str,
securable_object: SecurableObject,
privileges: List[Privilege],
) -> Role:
"""Revoke privileges from a role on a securable object.

Args:
role_name: The name of the role.
securable_object: The securable object.
privileges: The privileges to revoke.

Returns:
The updated Role object.

Raises:
NoSuchRoleException: If the role does not exist.
"""
return self.get_metalake().revoke_privileges_from_role(
role_name, securable_object, privileges
)
Loading