You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@sentry.apache.org by sd...@apache.org on 2016/06/01 02:25:12 UTC
[1/2] sentry git commit: SENTRY-1272: Enable ALTERVIEW_RENAME and
ALTERVIEW_AS operation in hive binding (Ke Jia via Dapeng Sun)
Repository: sentry
Updated Branches:
refs/heads/master ee15429a5 -> 8f453adfc
SENTRY-1272: Enable ALTERVIEW_RENAME and ALTERVIEW_AS operation in hive binding (Ke Jia via Dapeng Sun)
Project: http://git-wip-us.apache.org/repos/asf/sentry/repo
Commit: http://git-wip-us.apache.org/repos/asf/sentry/commit/bc292909
Tree: http://git-wip-us.apache.org/repos/asf/sentry/tree/bc292909
Diff: http://git-wip-us.apache.org/repos/asf/sentry/diff/bc292909
Branch: refs/heads/master
Commit: bc2929096a607dbea90be3e82a833a969f7aa432
Parents: ee15429
Author: Sun Dapeng <sd...@apache.org>
Authored: Wed Jun 1 10:11:43 2016 +0800
Committer: Sun Dapeng <sd...@apache.org>
Committed: Wed Jun 1 10:11:43 2016 +0800
----------------------------------------------------------------------
.../binding/hive/HiveAuthzBindingHook.java | 1 +
.../hive/authz/HiveAuthzPrivilegesMap.java | 3 +
.../tests/e2e/hive/TestOperationsPart1.java | 80 ++++++++++++++++++++
3 files changed, 84 insertions(+)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/sentry/blob/bc292909/sentry-binding/sentry-binding-hive/src/main/java/org/apache/sentry/binding/hive/HiveAuthzBindingHook.java
----------------------------------------------------------------------
diff --git a/sentry-binding/sentry-binding-hive/src/main/java/org/apache/sentry/binding/hive/HiveAuthzBindingHook.java b/sentry-binding/sentry-binding-hive/src/main/java/org/apache/sentry/binding/hive/HiveAuthzBindingHook.java
index ac8265f..a13ab79 100644
--- a/sentry-binding/sentry-binding-hive/src/main/java/org/apache/sentry/binding/hive/HiveAuthzBindingHook.java
+++ b/sentry-binding/sentry-binding-hive/src/main/java/org/apache/sentry/binding/hive/HiveAuthzBindingHook.java
@@ -142,6 +142,7 @@ public class HiveAuthzBindingHook extends HiveAuthzBindingHookBase {
case HiveParser.TOK_ALTERVIEW_DROPPARTS:
case HiveParser.TOK_ALTERVIEW_PROPERTIES:
case HiveParser.TOK_ALTERVIEW_RENAME:
+ case HiveParser.TOK_ALTERVIEW:
case HiveParser.TOK_CREATEINDEX:
case HiveParser.TOK_DROPINDEX:
case HiveParser.TOK_LOCKTABLE:
http://git-wip-us.apache.org/repos/asf/sentry/blob/bc292909/sentry-binding/sentry-binding-hive/src/main/java/org/apache/sentry/binding/hive/authz/HiveAuthzPrivilegesMap.java
----------------------------------------------------------------------
diff --git a/sentry-binding/sentry-binding-hive/src/main/java/org/apache/sentry/binding/hive/authz/HiveAuthzPrivilegesMap.java b/sentry-binding/sentry-binding-hive/src/main/java/org/apache/sentry/binding/hive/authz/HiveAuthzPrivilegesMap.java
index bc158ff..8e597a5 100644
--- a/sentry-binding/sentry-binding-hive/src/main/java/org/apache/sentry/binding/hive/authz/HiveAuthzPrivilegesMap.java
+++ b/sentry-binding/sentry-binding-hive/src/main/java/org/apache/sentry/binding/hive/authz/HiveAuthzPrivilegesMap.java
@@ -234,6 +234,9 @@ public class HiveAuthzPrivilegesMap {
hiveAuthzStmtPrivMap.put(HiveOperation.ALTERPARTITION_MERGEFILES, alterTablePrivilege);
hiveAuthzStmtPrivMap.put(HiveOperation.ALTERVIEW_PROPERTIES, alterTablePrivilege);
+ hiveAuthzStmtPrivMap.put(HiveOperation.ALTERVIEW_AS, createViewPrivilege);
+ hiveAuthzStmtPrivMap.put(HiveOperation.ALTERVIEW_RENAME, alterTableRenamePrivilege);
+
hiveAuthzStmtPrivMap.put(HiveOperation.ALTERTABLE_DROPPARTS, dropPartitionPrivilege);
hiveAuthzStmtPrivMap.put(HiveOperation.ALTERTABLE_ADDPARTS, addPartitionPrivilege);
http://git-wip-us.apache.org/repos/asf/sentry/blob/bc292909/sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/hive/TestOperationsPart1.java
----------------------------------------------------------------------
diff --git a/sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/hive/TestOperationsPart1.java b/sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/hive/TestOperationsPart1.java
index 0522ba0..e9bdaeb 100644
--- a/sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/hive/TestOperationsPart1.java
+++ b/sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/hive/TestOperationsPart1.java
@@ -66,6 +66,8 @@ public class TestOperationsPart1 extends AbstractTestWithStaticConfiguration {
privileges.put("drop_db1_tb1", "server=server1->db=" + DB1 + "->table=tb1->action=drop");
privileges.put("insert_db2_tb2", "server=server1->db=" + DB2 + "->table=tb2->action=insert");
privileges.put("select_db1_view1", "server=server1->db=" + DB1 + "->table=view1->action=select");
+ privileges.put("alter_db1_view1", "server=server1->db=" + DB1 + "->table=view1->action=alter");
+ privileges.put("select_db1_tb2", "server=server1->db=" + DB1 + "->table=tb2->action=select");
}
@@ -462,6 +464,84 @@ public class TestOperationsPart1 extends AbstractTestWithStaticConfiguration {
connection.close();
}
+ @Test
+ public void testAlterRenameView() throws Exception {
+ adminCreate(DB1, tableName, true);
+
+ Connection connection;
+ Statement statement;
+ //Setup
+ connection = context.createConnection(ADMIN1);
+ statement = context.createStatement(connection);
+ statement.execute("Use " + DB1);
+ statement.execute("CREATE VIEW view1 AS SELECT * FROM tb1");
+
+ policyFile
+ .addPermissionsToRole("alter_db1_view1", privileges.get("alter_db1_view1"))
+ .addPermissionsToRole("create_db1", privileges.get("create_db1"))
+ .addRolesToGroup(USERGROUP1, "create_db1", "alter_db1_view1")
+ .addPermissionsToRole("select_db1_view1", privileges.get("select_db1_view1"))
+ .addPermissionsToRole("select_db1_tb1", privileges.get("select_db1_tb1"))
+ .addRolesToGroup(USERGROUP2, "select_db1_tb1", "create_db1", "select_db1_view1");
+ writePolicyFile(policyFile);
+
+ //positive test cases
+ connection = context.createConnection(USER1_1);
+ statement = context.createStatement(connection);
+ statement.execute("Use " + DB1);
+ statement.execute("ALTER VIEW view1 RENAME TO view2");
+ statement.close();
+ connection.close();
+
+ //negative test cases
+ connection = context.createConnection(USER2_1);
+ statement = context.createStatement(connection);
+ statement.execute("Use " + DB1);
+ statement.execute("CREATE VIEW view1 AS SELECT * FROM tb1");
+ context.assertSentrySemanticException(statement, "ALTER VIEW view1 RENAME TO view2",
+ semanticException);
+ statement.close();
+ connection.close();
+ }
+
+ @Test
+ public void testAlterViewAs() throws Exception {
+ adminCreate(DB1, tableName, true);
+
+ Connection connection;
+ Statement statement;
+ //Setup
+ connection = context.createConnection(ADMIN1);
+ statement = context.createStatement(connection);
+ statement.execute("Use " + DB1);
+ statement.execute("CREATE TABLE tb2 (foo int)");
+ statement.execute("CREATE VIEW view1 AS SELECT * FROM tb1");
+
+ policyFile
+ .addPermissionsToRole("select_db1_tb2", privileges.get("select_db1_tb2")).addPermissionsToRole("alter_db1_view1", privileges.get("alter_db1_view1"))
+ .addPermissionsToRole("create_db1", privileges.get("create_db1"))
+ .addRolesToGroup(USERGROUP1, "select_db1_tb2", "alter_db1_view1", "create_db1")
+ .addPermissionsToRole("select_db1_view1", privileges.get("select_db1_view1"))
+ .addRolesToGroup(USERGROUP2, "create_db1", "select_db1_view1");
+ writePolicyFile(policyFile);
+
+ //positive test cases
+ connection = context.createConnection(USER1_1);
+ statement = context.createStatement(connection);
+ statement.execute("Use " + DB1);
+ statement.execute("ALTER VIEW view1 AS SELECT * FROM tb2");
+ statement.close();
+ connection.close();
+
+ //negative test cases
+ connection = context.createConnection(USER2_1);
+ statement = context.createStatement(connection);
+ statement.execute("Use " + DB1);
+ context.assertSentrySemanticException(statement, "ALTER VIEW view1 AS SELECT * FROM tb2",
+ semanticException);
+ statement.close();
+ connection.close();
+ }
/* Test all operations that require alter on table
1. HiveOperation.ALTERTABLE_PROPERTIES
2. HiveOperation.ALTERTABLE_SERDEPROPERTIES
[2/2] sentry git commit: SENTRY-1283: Enable alter table operation
without outputs in hive binding (Ke Jia via Dapeng Sun)
Posted by sd...@apache.org.
SENTRY-1283: Enable alter table operation without outputs in hive binding (Ke Jia via Dapeng Sun)
Project: http://git-wip-us.apache.org/repos/asf/sentry/repo
Commit: http://git-wip-us.apache.org/repos/asf/sentry/commit/8f453adf
Tree: http://git-wip-us.apache.org/repos/asf/sentry/tree/8f453adf
Diff: http://git-wip-us.apache.org/repos/asf/sentry/diff/8f453adf
Branch: refs/heads/master
Commit: 8f453adfc29bc6cbc357e0fdb769591861469ad1
Parents: bc29290
Author: Sun Dapeng <sd...@apache.org>
Authored: Wed Jun 1 10:16:52 2016 +0800
Committer: Sun Dapeng <sd...@apache.org>
Committed: Wed Jun 1 10:16:52 2016 +0800
----------------------------------------------------------------------
.../hive/authz/HiveAuthzPrivilegesMap.java | 9 +++
.../tests/e2e/hive/TestOperationsPart1.java | 70 ++++++++++++++++++++
2 files changed, 79 insertions(+)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/sentry/blob/8f453adf/sentry-binding/sentry-binding-hive/src/main/java/org/apache/sentry/binding/hive/authz/HiveAuthzPrivilegesMap.java
----------------------------------------------------------------------
diff --git a/sentry-binding/sentry-binding-hive/src/main/java/org/apache/sentry/binding/hive/authz/HiveAuthzPrivilegesMap.java b/sentry-binding/sentry-binding-hive/src/main/java/org/apache/sentry/binding/hive/authz/HiveAuthzPrivilegesMap.java
index 8e597a5..2942f3a 100644
--- a/sentry-binding/sentry-binding-hive/src/main/java/org/apache/sentry/binding/hive/authz/HiveAuthzPrivilegesMap.java
+++ b/sentry-binding/sentry-binding-hive/src/main/java/org/apache/sentry/binding/hive/authz/HiveAuthzPrivilegesMap.java
@@ -99,6 +99,12 @@ public class HiveAuthzPrivilegesMap {
setOperationType(HiveOperationType.DDL).
build();
+ HiveAuthzPrivileges alterPartPrivilege = new HiveAuthzPrivileges.AuthzPrivilegeBuilder().
+ addInputObjectPriviledge(AuthorizableType.Table, EnumSet.of(DBModelAction.ALTER)).
+ setOperationScope(HiveOperationScope.TABLE).
+ setOperationType(HiveOperationType.INFO).
+ build();
+
/* Currently Hive treats select/insert/analyze as Query
* select = select on table
* insert = insert on table /all on uri
@@ -219,6 +225,9 @@ public class HiveAuthzPrivilegesMap {
hiveAuthzStmtPrivMap.put(HiveOperation.ALTERTABLE_RENAMECOL, alterTablePrivilege);
hiveAuthzStmtPrivMap.put(HiveOperation.ALTERTABLE_ADDCOLS, alterTablePrivilege);
hiveAuthzStmtPrivMap.put(HiveOperation.ALTERTABLE_REPLACECOLS, alterTablePrivilege);
+ hiveAuthzStmtPrivMap.put(HiveOperation.ALTERTABLE_PARTCOLTYPE, alterPartPrivilege);
+ hiveAuthzStmtPrivMap.put(HiveOperation.ALTERTABLE_BUCKETNUM, alterPartPrivilege);
+ hiveAuthzStmtPrivMap.put(HiveOperation.ALTERPARTITION_BUCKETNUM, alterPartPrivilege);
hiveAuthzStmtPrivMap.put(HiveOperation.ALTERTABLE_RENAMEPART, alterTablePrivilege);
hiveAuthzStmtPrivMap.put(HiveOperation.ALTERTABLE_ARCHIVE, alterTablePrivilege);
http://git-wip-us.apache.org/repos/asf/sentry/blob/8f453adf/sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/hive/TestOperationsPart1.java
----------------------------------------------------------------------
diff --git a/sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/hive/TestOperationsPart1.java b/sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/hive/TestOperationsPart1.java
index e9bdaeb..8f0f8a1 100644
--- a/sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/hive/TestOperationsPart1.java
+++ b/sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/hive/TestOperationsPart1.java
@@ -459,6 +459,76 @@ public class TestOperationsPart1 extends AbstractTestWithStaticConfiguration {
statement.executeQuery("DESCRIBE tb1 PARTITION (b=1)");
statement.executeQuery("SHOW Partitions tb1");
+ statement.close();
+ connection.close();
+ }
+
+ @Test
+ public void testAlterTableBucket() throws Exception {
+ adminCreate(DB1, tableName, true);
+
+ Connection connection;
+ Statement statement;
+
+ connection = context.createConnection(ADMIN1);
+ statement = context.createStatement(connection);
+ statement.execute("Use " + DB1);
+ statement.execute("ALTER TABLE tb1 CLUSTERED BY (a) SORTED BY (a) INTO 1 BUCKETS");
+
+ policyFile.addPermissionsToRole("alter_db1_tb1", privileges.get("alter_db1_tb1"))
+ .addRolesToGroup(USERGROUP1, "alter_db1_tb1")
+ .addPermissionsToRole("insert_db1_tb1", privileges.get("insert_db1_tb1"))
+ .addRolesToGroup(USERGROUP2, "insert_db1_tb1");
+ writePolicyFile(policyFile);
+
+ //positive test cases
+ connection = context.createConnection(USER1_1);
+ statement = context.createStatement(connection);
+ statement.execute("Use " + DB1);
+ statement.execute("ALTER TABLE tb1 INTO 6 BUCKETS");
+ statement.execute("ALTER TABLE tb1 PARTITION (a = '1') INTO 6 BUCKETS");
+
+ statement.close();
+ connection.close();
+
+ //negative test cases
+ connection = context.createConnection(USER2_1);
+ statement = context.createStatement(connection);
+ statement.execute("Use " + DB1);
+ context.assertSentrySemanticException(statement, "ALTER TABLE tb1 INTO 6 BUCKETS",
+ semanticException);
+ context.assertSentrySemanticException(statement, "ALTER TABLE tb1 PARTITION (a = '1') INTO 6 BUCKETS",
+ semanticException);
+
+ statement.close();
+ connection.close();
+ }
+
+ @Test
+ public void testAlterTablePartColType() throws Exception {
+ adminCreate(DB1, tableName, true);
+
+ policyFile
+ .addPermissionsToRole("alter_db1_tb1", privileges.get("alter_db1_tb1"))
+ .addRolesToGroup(USERGROUP1, "alter_db1_tb1")
+ .addPermissionsToRole("insert_db1_tb1", privileges.get("insert_db1_tb1"))
+ .addRolesToGroup(USERGROUP2, "insert_db1_tb1");
+ writePolicyFile(policyFile);
+
+ //positive test cases
+ Connection connection = context.createConnection(USER1_1);
+ Statement statement = context.createStatement(connection);
+ statement.execute("Use " + DB1);
+ statement.execute("ALTER TABLE tb1 PARTITION COLUMN (b string)");
+
+ statement.close();
+ connection.close();
+
+ //negative test cases
+ connection = context.createConnection(USER2_1);
+ statement = context.createStatement(connection);
+ statement.execute("Use " + DB1);
+ context.assertSentrySemanticException(statement, "ALTER TABLE tb1 PARTITION COLUMN (b string)", semanticException);
statement.close();
connection.close();