You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@sentry.apache.org by am...@apache.org on 2019/01/29 17:16:00 UTC
[sentry] branch master updated: SENTRY-2490: When building a full
perm update for each object we only build 1 privilege per role (Arjun
Mishra reviewed by Kalyan Kumar Kalvagadda)
This is an automated email from the ASF dual-hosted git repository.
amishra pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/sentry.git
The following commit(s) were added to refs/heads/master by this push:
new 72ac123 SENTRY-2490: When building a full perm update for each object we only build 1 privilege per role (Arjun Mishra reviewed by Kalyan Kumar Kalvagadda)
72ac123 is described below
commit 72ac123228cb059ff5448df86ca46f1a33a6748e
Author: amishra <am...@cloudera.com>
AuthorDate: Tue Jan 29 11:15:22 2019 -0600
SENTRY-2490: When building a full perm update for each object we only build 1 privilege per role (Arjun Mishra reviewed by Kalyan Kumar Kalvagadda)
---
.../db/service/persistent/SentryStore.java | 15 +++----
.../db/service/persistent/TestSentryStore.java | 49 ++++++++++++++++++++++
2 files changed, 55 insertions(+), 9 deletions(-)
diff --git a/sentry-service/sentry-service-server/src/main/java/org/apache/sentry/provider/db/service/persistent/SentryStore.java b/sentry-service/sentry-service-server/src/main/java/org/apache/sentry/provider/db/service/persistent/SentryStore.java
index ad5a4d0..e031ed4 100644
--- a/sentry-service/sentry-service-server/src/main/java/org/apache/sentry/provider/db/service/persistent/SentryStore.java
+++ b/sentry-service/sentry-service-server/src/main/java/org/apache/sentry/provider/db/service/persistent/SentryStore.java
@@ -3147,22 +3147,19 @@ public class SentryStore implements SentryStoreInterface {
private static Map<TPrivilegePrincipal, String> addPrivilegeEntry(MSentryPrivilege mPriv, TPrivilegePrincipalType tEntityType,
String principal, Map<TPrivilegePrincipal, String> update) {
- String action;
- String newAction;
- String existingPriv = update.get(principal);
- action = mPriv.getAction().toUpperCase();
- newAction = mPriv.getAction().toUpperCase();
+ TPrivilegePrincipal tPrivilegePrincipal = new TPrivilegePrincipal(tEntityType, principal);
+ String existingPriv = update.get(tPrivilegePrincipal);
+ String action = mPriv.getAction().toUpperCase();
+ String newAction = mPriv.getAction().toUpperCase();
if(action.equals(AccessConstants.OWNER)) {
// Translate owner privilege to actual privilege.
newAction = AccessConstants.ACTION_ALL;
}
if (existingPriv == null) {
- update.put(new TPrivilegePrincipal(tEntityType, principal),
- newAction);
+ update.put(tPrivilegePrincipal, newAction);
} else {
- update.put(new TPrivilegePrincipal(tEntityType, principal), existingPriv + "," +
- newAction);
+ update.put(tPrivilegePrincipal, existingPriv + "," + newAction);
}
return update;
}
diff --git a/sentry-service/sentry-service-server/src/test/java/org/apache/sentry/provider/db/service/persistent/TestSentryStore.java b/sentry-service/sentry-service-server/src/test/java/org/apache/sentry/provider/db/service/persistent/TestSentryStore.java
index 202e959..62d6ea8 100644
--- a/sentry-service/sentry-service-server/src/test/java/org/apache/sentry/provider/db/service/persistent/TestSentryStore.java
+++ b/sentry-service/sentry-service-server/src/test/java/org/apache/sentry/provider/db/service/persistent/TestSentryStore.java
@@ -2571,6 +2571,55 @@ public class TestSentryStore extends org.junit.Assert {
}
+ @Test
+ public void testRetrieveFullPermssionsImageWithMultiplePrivielgesPerRolePerObject() throws Exception {
+
+ // Create roles
+ String roleName1 = "privs-r1";
+ String groupName1 = "privs-g1";
+ String grantor = "g1";
+ sentryStore.createSentryRole(roleName1);
+
+ // Grant roles to the groups
+ Set<TSentryGroup> groups = Sets.newHashSet();
+ TSentryGroup group = new TSentryGroup();
+ group.setGroupName(groupName1);
+ groups.add(group);
+ sentryStore.alterSentryRoleAddGroups(grantor, roleName1, groups);
+
+ // Grant multiple privileges to a role on one object
+ TSentryPrivilege privilege1 = new TSentryPrivilege();
+ privilege1.setPrivilegeScope("TABLE");
+ privilege1.setServerName("server1");
+ privilege1.setDbName("db1");
+ privilege1.setTableName("tbl1");
+ privilege1.setAction("SELECT");
+ privilege1.setCreateTime(System.currentTimeMillis());
+ TSentryPrivilege privilege2 = new TSentryPrivilege();
+ privilege2.setPrivilegeScope("TABLE");
+ privilege2.setServerName("server1");
+ privilege2.setDbName("db1");
+ privilege2.setTableName("tbl1");
+ privilege2.setAction("INSERT");
+ privilege2.setCreateTime(System.currentTimeMillis());
+ TSentryPrivilege privilege3 = new TSentryPrivilege();
+ privilege3.setPrivilegeScope("TABLE");
+ privilege3.setServerName("server1");
+ privilege3.setDbName("db1");
+ privilege3.setTableName("tbl1");
+ privilege3.setAction("REFRESH");
+ privilege3.setCreateTime(System.currentTimeMillis());
+ sentryStore.alterSentryGrantPrivileges(SentryPrincipalType.ROLE, roleName1, Sets.newHashSet(privilege1), null);
+ sentryStore.alterSentryGrantPrivileges(SentryPrincipalType.ROLE, roleName1, Sets.newHashSet(privilege2), null);
+ sentryStore.alterSentryGrantPrivileges(SentryPrincipalType.ROLE, roleName1, Sets.newHashSet(privilege3), null);
+
+ PermissionsImage permImage = sentryStore.retrieveFullPermssionsImage();
+ Map<String, Map<TPrivilegePrincipal, String>> privs = permImage.getPrivilegeImage();
+ assertEquals(1, privs.get("db1.tbl1").size());
+ assertEquals("REFRESH,INSERT,SELECT", privs.get("db1.tbl1").get(new TPrivilegePrincipal(TPrivilegePrincipalType.ROLE, roleName1)));
+
+ }
+
/**
* Verifies complete snapshot of HMS Paths can be persisted and retrieved properly.
*/