You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@sentry.apache.org by am...@apache.org on 2019/01/29 17:16:00 UTC

[sentry] branch master updated: SENTRY-2490: When building a full perm update for each object we only build 1 privilege per role (Arjun Mishra reviewed by Kalyan Kumar Kalvagadda)

This is an automated email from the ASF dual-hosted git repository.

amishra pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/sentry.git


The following commit(s) were added to refs/heads/master by this push:
     new 72ac123  SENTRY-2490: When building a full perm update for each object we only build 1 privilege per role (Arjun Mishra reviewed by Kalyan Kumar Kalvagadda)
72ac123 is described below

commit 72ac123228cb059ff5448df86ca46f1a33a6748e
Author: amishra <am...@cloudera.com>
AuthorDate: Tue Jan 29 11:15:22 2019 -0600

    SENTRY-2490: When building a full perm update for each object we only build 1 privilege per role (Arjun Mishra reviewed by Kalyan Kumar Kalvagadda)
---
 .../db/service/persistent/SentryStore.java         | 15 +++----
 .../db/service/persistent/TestSentryStore.java     | 49 ++++++++++++++++++++++
 2 files changed, 55 insertions(+), 9 deletions(-)

diff --git a/sentry-service/sentry-service-server/src/main/java/org/apache/sentry/provider/db/service/persistent/SentryStore.java b/sentry-service/sentry-service-server/src/main/java/org/apache/sentry/provider/db/service/persistent/SentryStore.java
index ad5a4d0..e031ed4 100644
--- a/sentry-service/sentry-service-server/src/main/java/org/apache/sentry/provider/db/service/persistent/SentryStore.java
+++ b/sentry-service/sentry-service-server/src/main/java/org/apache/sentry/provider/db/service/persistent/SentryStore.java
@@ -3147,22 +3147,19 @@ public class SentryStore implements SentryStoreInterface {
 
   private static Map<TPrivilegePrincipal, String> addPrivilegeEntry(MSentryPrivilege mPriv, TPrivilegePrincipalType tEntityType,
     String principal, Map<TPrivilegePrincipal, String> update) {
-    String action;
-    String newAction;
-    String existingPriv = update.get(principal);
-    action = mPriv.getAction().toUpperCase();
-    newAction = mPriv.getAction().toUpperCase();
+    TPrivilegePrincipal tPrivilegePrincipal = new TPrivilegePrincipal(tEntityType, principal);
+    String existingPriv = update.get(tPrivilegePrincipal);
+    String action = mPriv.getAction().toUpperCase();
+    String newAction = mPriv.getAction().toUpperCase();
     if(action.equals(AccessConstants.OWNER)) {
       // Translate owner privilege to actual privilege.
       newAction = AccessConstants.ACTION_ALL;
     }
 
     if (existingPriv == null) {
-      update.put(new TPrivilegePrincipal(tEntityType, principal),
-              newAction);
+      update.put(tPrivilegePrincipal, newAction);
     } else {
-      update.put(new TPrivilegePrincipal(tEntityType, principal), existingPriv + "," +
-              newAction);
+      update.put(tPrivilegePrincipal, existingPriv + "," + newAction);
     }
     return update;
   }
diff --git a/sentry-service/sentry-service-server/src/test/java/org/apache/sentry/provider/db/service/persistent/TestSentryStore.java b/sentry-service/sentry-service-server/src/test/java/org/apache/sentry/provider/db/service/persistent/TestSentryStore.java
index 202e959..62d6ea8 100644
--- a/sentry-service/sentry-service-server/src/test/java/org/apache/sentry/provider/db/service/persistent/TestSentryStore.java
+++ b/sentry-service/sentry-service-server/src/test/java/org/apache/sentry/provider/db/service/persistent/TestSentryStore.java
@@ -2571,6 +2571,55 @@ public class TestSentryStore extends org.junit.Assert {
 
   }
 
+  @Test
+  public void testRetrieveFullPermssionsImageWithMultiplePrivielgesPerRolePerObject() throws Exception {
+
+    // Create roles
+    String roleName1 = "privs-r1";
+    String groupName1 = "privs-g1";
+    String grantor = "g1";
+    sentryStore.createSentryRole(roleName1);
+
+    // Grant roles to the groups
+    Set<TSentryGroup> groups = Sets.newHashSet();
+    TSentryGroup group = new TSentryGroup();
+    group.setGroupName(groupName1);
+    groups.add(group);
+    sentryStore.alterSentryRoleAddGroups(grantor, roleName1, groups);
+
+    // Grant multiple privileges to a role on one object
+    TSentryPrivilege privilege1 = new TSentryPrivilege();
+    privilege1.setPrivilegeScope("TABLE");
+    privilege1.setServerName("server1");
+    privilege1.setDbName("db1");
+    privilege1.setTableName("tbl1");
+    privilege1.setAction("SELECT");
+    privilege1.setCreateTime(System.currentTimeMillis());
+    TSentryPrivilege privilege2 = new TSentryPrivilege();
+    privilege2.setPrivilegeScope("TABLE");
+    privilege2.setServerName("server1");
+    privilege2.setDbName("db1");
+    privilege2.setTableName("tbl1");
+    privilege2.setAction("INSERT");
+    privilege2.setCreateTime(System.currentTimeMillis());
+    TSentryPrivilege privilege3 = new TSentryPrivilege();
+    privilege3.setPrivilegeScope("TABLE");
+    privilege3.setServerName("server1");
+    privilege3.setDbName("db1");
+    privilege3.setTableName("tbl1");
+    privilege3.setAction("REFRESH");
+    privilege3.setCreateTime(System.currentTimeMillis());
+    sentryStore.alterSentryGrantPrivileges(SentryPrincipalType.ROLE, roleName1, Sets.newHashSet(privilege1), null);
+    sentryStore.alterSentryGrantPrivileges(SentryPrincipalType.ROLE, roleName1, Sets.newHashSet(privilege2), null);
+    sentryStore.alterSentryGrantPrivileges(SentryPrincipalType.ROLE, roleName1, Sets.newHashSet(privilege3), null);
+
+    PermissionsImage permImage = sentryStore.retrieveFullPermssionsImage();
+    Map<String, Map<TPrivilegePrincipal, String>> privs = permImage.getPrivilegeImage();
+    assertEquals(1, privs.get("db1.tbl1").size());
+    assertEquals("REFRESH,INSERT,SELECT", privs.get("db1.tbl1").get(new TPrivilegePrincipal(TPrivilegePrincipalType.ROLE, roleName1)));
+
+  }
+
   /**
    * Verifies complete snapshot of HMS Paths can be persisted and retrieved properly.
    */