You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@phoenix.apache.org by st...@apache.org on 2021/03/25 04:46:35 UTC
[phoenix] branch 5.1 updated: PHOENIX-6427 Create sequence fails in
lowercase schema
This is an automated email from the ASF dual-hosted git repository.
stoty pushed a commit to branch 5.1
in repository https://gitbox.apache.org/repos/asf/phoenix.git
The following commit(s) were added to refs/heads/5.1 by this push:
new c73257a PHOENIX-6427 Create sequence fails in lowercase schema
c73257a is described below
commit c73257aa58db56c74e246c02491cb0c8d421c1b3
Author: Istvan Toth <st...@apache.org>
AuthorDate: Wed Mar 24 15:59:28 2021 +0100
PHOENIX-6427 Create sequence fails in lowercase schema
---
.../apache/phoenix/end2end/BasePermissionsIT.java | 61 ++++++++++++++++++++++
.../org/apache/phoenix/end2end/SequenceIT.java | 29 ++++++++++
.../org/apache/phoenix/compile/FromCompiler.java | 2 +-
3 files changed, 91 insertions(+), 1 deletion(-)
diff --git a/phoenix-core/src/it/java/org/apache/phoenix/end2end/BasePermissionsIT.java b/phoenix-core/src/it/java/org/apache/phoenix/end2end/BasePermissionsIT.java
index 2be1551..5fdb89c 100644
--- a/phoenix-core/src/it/java/org/apache/phoenix/end2end/BasePermissionsIT.java
+++ b/phoenix-core/src/it/java/org/apache/phoenix/end2end/BasePermissionsIT.java
@@ -1062,6 +1062,67 @@ public abstract class BasePermissionsIT extends BaseTest {
}
/**
+ * Test to verify READ permissions on table, indexes and views
+ * Tests automatic grant revoke of permissions per user on a table
+ */
+ @Test
+ public void testReadPermsOnTableIndexAndViewOnLowerCaseSchema() throws Exception {
+ grantSystemTableAccess(superUser1, regularUser1, regularUser2, unprivilegedUser);
+
+ schemaName = "\"" + schemaName.toLowerCase() + "\"";
+ fullTableName = schemaName + "." + tableName;
+
+ // Create new schema and grant CREATE permissions to a user
+ if(isNamespaceMapped) {
+ verifyAllowed(createSchema(schemaName), superUser1);
+ verifyAllowed(grantPermissions("C", regularUser1, schemaName, true), superUser1);
+ } else {
+ verifyAllowed(grantPermissions("C", regularUser1, surroundWithDoubleQuotes(QueryConstants.HBASE_DEFAULT_SCHEMA_NAME), true), superUser1);
+ }
+
+ // Create new table. Create indexes, views and view indexes on top of it. Verify the contents by querying it
+ verifyAllowed(createTable(fullTableName), regularUser1);
+ verifyAllowed(readTable(fullTableName), regularUser1);
+ verifyAllowed(createIndex(idx1TableName, fullTableName), regularUser1);
+ verifyAllowed(createIndex(idx2TableName, fullTableName), regularUser1);
+ verifyAllowed(createLocalIndex(localIdx1TableName, fullTableName), regularUser1);
+ verifyAllowed(createView(view1TableName, fullTableName), regularUser1);
+ verifyAllowed(createIndex(idx3TableName, view1TableName), regularUser1);
+
+ // RegularUser2 doesn't have any permissions. It can get a PhoenixConnection
+ // However it cannot query table, indexes or views without READ perms
+ verifyAllowed(getConnectionAction(), regularUser2);
+ verifyDenied(readTable(fullTableName), AccessDeniedException.class, regularUser2);
+ verifyDenied(readTable(fullTableName, idx1TableName), AccessDeniedException.class, regularUser2);
+ verifyDenied(readTable(view1TableName), AccessDeniedException.class, regularUser2);
+ verifyDenied(readTableWithoutVerification(schemaName + "." + idx1TableName), AccessDeniedException.class, regularUser2);
+
+ // Grant READ permissions to RegularUser2 on the table
+ // Permissions should propagate automatically to relevant physical tables such as global index and view index.
+ verifyAllowed(grantPermissions("RX", regularUser2, fullTableName, false), regularUser1);
+ // Granting permissions directly to index tables should fail
+ verifyDenied(grantPermissions("W", regularUser2, schemaName + "." + idx1TableName, false), AccessDeniedException.class, regularUser1);
+ // Granting permissions directly to views should fail. We expect TableNotFoundException since VIEWS are not physical tables
+ verifyDenied(grantPermissions("W", regularUser2, schemaName + "." + view1TableName, false), TableNotFoundException.class, regularUser1);
+
+ // Verify that all other access are successful now
+ verifyAllowed(readTable(fullTableName), regularUser2);
+ verifyAllowed(readTable(fullTableName, idx1TableName), regularUser2);
+ verifyAllowed(readTable(fullTableName, idx2TableName), regularUser2);
+ verifyAllowed(readTable(fullTableName, localIdx1TableName), regularUser2);
+ verifyAllowed(readTableWithoutVerification(schemaName + "." + idx1TableName), regularUser2);
+ verifyAllowed(readTable(view1TableName), regularUser2);
+ verifyAllowed(readMultiTenantTableWithIndex(view1TableName), regularUser2);
+
+ // Revoke READ permissions to RegularUser2 on the table
+ // Permissions should propagate automatically to relevant physical tables such as global index and view index.
+ verifyAllowed(revokePermissions(regularUser2, fullTableName, false), regularUser1);
+ // READ query should fail now
+ verifyDenied(readTable(fullTableName), AccessDeniedException.class, regularUser2);
+ verifyDenied(readTableWithoutVerification(schemaName + "." + idx1TableName), AccessDeniedException.class, regularUser2);
+ }
+
+ /**
* Verifies permissions for users present inside a group
*/
@Test
diff --git a/phoenix-core/src/it/java/org/apache/phoenix/end2end/SequenceIT.java b/phoenix-core/src/it/java/org/apache/phoenix/end2end/SequenceIT.java
index 5201675..7c54d68 100644
--- a/phoenix-core/src/it/java/org/apache/phoenix/end2end/SequenceIT.java
+++ b/phoenix-core/src/it/java/org/apache/phoenix/end2end/SequenceIT.java
@@ -201,6 +201,35 @@ public class SequenceIT extends ParallelStatsDisabledIT {
}
@Test
+ public void testCreateSequenceWhenNamespaceEnabledAndIsLowerCase() throws Exception {
+ Properties props = PropertiesUtil.deepCopy(TEST_PROPERTIES);
+ props.setProperty(QueryServices.IS_NAMESPACE_MAPPING_ENABLED, Boolean.toString(true));
+ Connection nsConn = DriverManager.getConnection(getUrl(), props);
+
+ String sequenceSchemaName = "\"test_seq_schema\"";
+ String sequenceName = "\"m_seq\"";
+ nsConn.createStatement().execute("CREATE SCHEMA " + sequenceSchemaName);
+ nsConn.createStatement().execute("USE " + sequenceSchemaName);
+ nsConn.createStatement().execute("CREATE SEQUENCE " + sequenceName + " START WITH 2 INCREMENT BY 4");
+ String query = "SELECT sequence_schema, sequence_name, current_value, increment_by FROM \"SYSTEM\".\"SEQUENCE\" WHERE sequence_name='"
+ + SchemaUtil.normalizeIdentifier(sequenceName) + "'";
+ ResultSet rs = nsConn.prepareStatement(query).executeQuery();
+ assertTrue(rs.next());
+ assertEquals(SchemaUtil.normalizeIdentifier(sequenceSchemaName), rs.getString("sequence_schema"));
+ assertEquals(SchemaUtil.normalizeIdentifier(sequenceName), rs.getString("sequence_name"));
+ assertEquals(2, rs.getInt("current_value"));
+ assertEquals(4, rs.getInt("increment_by"));
+ assertFalse(rs.next());
+ try {
+ nsConn.createStatement().execute(
+ "CREATE SEQUENCE " + sequenceSchemaName + "." + sequenceName + " START WITH 2 INCREMENT BY 4");
+ fail();
+ } catch (SequenceAlreadyExistsException e) {
+
+ }
+ }
+
+ @Test
public void testCreateSequence() throws Exception {
String sequenceName = generateSequenceNameWithSchema();
String sequenceNameWithoutSchema = getNameWithoutSchema(sequenceName);
diff --git a/phoenix-core/src/main/java/org/apache/phoenix/compile/FromCompiler.java b/phoenix-core/src/main/java/org/apache/phoenix/compile/FromCompiler.java
index 95cf526..c49d83d 100644
--- a/phoenix-core/src/main/java/org/apache/phoenix/compile/FromCompiler.java
+++ b/phoenix-core/src/main/java/org/apache/phoenix/compile/FromCompiler.java
@@ -253,7 +253,7 @@ public class FromCompiler {
}
public static ColumnResolver getResolverForSchema(String schema, PhoenixConnection connection) throws SQLException {
- return new SchemaResolver(connection, SchemaUtil.normalizeIdentifier(schema), true);
+ return new SchemaResolver(connection, schema, true);
}
public static ColumnResolver getResolver(NamedTableNode tableNode, PhoenixConnection connection) throws SQLException {