You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@sentry.apache.org by pr...@apache.org on 2014/05/21 23:33:53 UTC
git commit: SENTRY-216: Support SHOW CURRENT ROLES (Sravya
Tirukkovalur via Prasad Mujumdar)
Repository: incubator-sentry
Updated Branches:
refs/heads/master 540424d50 -> 3226ce992
SENTRY-216: Support SHOW CURRENT ROLES (Sravya Tirukkovalur via Prasad Mujumdar)
Project: http://git-wip-us.apache.org/repos/asf/incubator-sentry/repo
Commit: http://git-wip-us.apache.org/repos/asf/incubator-sentry/commit/3226ce99
Tree: http://git-wip-us.apache.org/repos/asf/incubator-sentry/tree/3226ce99
Diff: http://git-wip-us.apache.org/repos/asf/incubator-sentry/diff/3226ce99
Branch: refs/heads/master
Commit: 3226ce992a32c52e76dd3ae5fdb1c9e870b0214f
Parents: 540424d
Author: Prasad Mujumdar <pr...@cloudera.com>
Authored: Wed May 21 14:33:39 2014 -0700
Committer: Prasad Mujumdar <pr...@cloudera.com>
Committed: Wed May 21 14:33:39 2014 -0700
----------------------------------------------------------------------
.../hive/ql/exec/SentryGrantRevokeTask.java | 31 +++++++++++++--
.../binding/hive/authz/HiveAuthzBinding.java | 4 ++
.../tests/e2e/hive/TestDatabaseProvider.java | 42 ++++++++++++++++----
3 files changed, 65 insertions(+), 12 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/3226ce99/sentry-binding/sentry-binding-hive/src/main/java/org/apache/hadoop/hive/ql/exec/SentryGrantRevokeTask.java
----------------------------------------------------------------------
diff --git a/sentry-binding/sentry-binding-hive/src/main/java/org/apache/hadoop/hive/ql/exec/SentryGrantRevokeTask.java b/sentry-binding/sentry-binding-hive/src/main/java/org/apache/hadoop/hive/ql/exec/SentryGrantRevokeTask.java
index ec0b658..faa71c7 100644
--- a/sentry-binding/sentry-binding-hive/src/main/java/org/apache/hadoop/hive/ql/exec/SentryGrantRevokeTask.java
+++ b/sentry-binding/sentry-binding-hive/src/main/java/org/apache/hadoop/hive/ql/exec/SentryGrantRevokeTask.java
@@ -49,6 +49,7 @@ import org.apache.sentry.SentryUserException;
import org.apache.sentry.binding.hive.authz.HiveAuthzBinding;
import org.apache.sentry.binding.hive.conf.HiveAuthzConf;
import org.apache.sentry.binding.hive.conf.HiveAuthzConf.AuthzConfVars;
+import org.apache.sentry.core.common.ActiveRoleSet;
import org.apache.sentry.core.common.Subject;
import org.apache.sentry.provider.db.service.thrift.SentryPolicyServiceClient;
import org.apache.sentry.provider.db.service.thrift.TSentryPrivilege;
@@ -196,10 +197,21 @@ public class SentryGrantRevokeTask extends Task<DDLWork> implements Serializable
writeToFile(writeRoleGrantsInfo(roles), desc.getResFile());
return RETURN_CODE_SUCCESS;
} else if(operation.equals(RoleDDLDesc.RoleOperation.SHOW_ROLES)) {
- Set<TSentryRole> roles = sentryClient.listRoles(subject, subjectGroups);
- writeToFile(writeRolesInfo(roles), desc.getResFile());
- return RETURN_CODE_SUCCESS;
- } else {
+ Set<TSentryRole> roles = sentryClient.listRoles(subject, subjectGroups);
+ writeToFile(writeRolesInfo(roles), desc.getResFile());
+ return RETURN_CODE_SUCCESS;
+ } else if(operation.equals(RoleDDLDesc.RoleOperation.SHOW_CURRENT_ROLE)) {
+ ActiveRoleSet roleSet = hiveAuthzBinding.getActiveRoleSet();
+ if( roleSet.isAll()) {
+ Set<TSentryRole> roles = sentryClient.listRoles(subject, subjectGroups);
+ writeToFile(writeRolesInfo(roles), desc.getResFile());
+ return RETURN_CODE_SUCCESS;
+ } else {
+ Set<String> roles = roleSet.getRoles();
+ writeToFile(writeActiveRolesInfo(roles), desc.getResFile());
+ return RETURN_CODE_SUCCESS;
+ }
+ } else {
throw new HiveException("Unknown role operation "
+ operation.getOperationName());
}
@@ -360,6 +372,17 @@ public class SentryGrantRevokeTask extends Task<DDLWork> implements Serializable
return builder.toString();
}
+ static String writeActiveRolesInfo(Set<String> roles) {
+ if (roles == null || roles.isEmpty()) {
+ return "";
+ }
+ StringBuilder builder = new StringBuilder();
+ for (String role : roles) {
+ appendNonNull(builder, role, true);
+ }
+ return builder.toString();
+ }
+
static StringBuilder appendNonNull(StringBuilder builder, Object value) {
return appendNonNull(builder, value, false);
}
http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/3226ce99/sentry-binding/sentry-binding-hive/src/main/java/org/apache/sentry/binding/hive/authz/HiveAuthzBinding.java
----------------------------------------------------------------------
diff --git a/sentry-binding/sentry-binding-hive/src/main/java/org/apache/sentry/binding/hive/authz/HiveAuthzBinding.java b/sentry-binding/sentry-binding-hive/src/main/java/org/apache/sentry/binding/hive/authz/HiveAuthzBinding.java
index 7a561ef..63484a8 100644
--- a/sentry-binding/sentry-binding-hive/src/main/java/org/apache/sentry/binding/hive/authz/HiveAuthzBinding.java
+++ b/sentry-binding/sentry-binding-hive/src/main/java/org/apache/sentry/binding/hive/authz/HiveAuthzBinding.java
@@ -269,6 +269,10 @@ public class HiveAuthzBinding {
hiveConf.set(HiveAuthzConf.SENTRY_ACTIVE_ROLE_SET, activeRoleSet);
}
+ public ActiveRoleSet getActiveRoleSet() {
+ return activeRoleSet;
+ }
+
public Set<String> getGroups(Subject subject) {
return authProvider.getGroupMapping().getGroups(subject.getName());
}
http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/3226ce99/sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/hive/TestDatabaseProvider.java
----------------------------------------------------------------------
diff --git a/sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/hive/TestDatabaseProvider.java b/sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/hive/TestDatabaseProvider.java
index 176acee..7564829 100644
--- a/sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/hive/TestDatabaseProvider.java
+++ b/sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/hive/TestDatabaseProvider.java
@@ -41,6 +41,7 @@ import static org.hamcrest.Matchers.*;
import java.io.File;
import java.sql.Connection;
import java.sql.ResultSet;
+import java.sql.ResultSetMetaData;
import java.sql.SQLException;
import java.sql.Statement;
import java.util.HashSet;
@@ -168,6 +169,10 @@ public class TestDatabaseProvider extends AbstractTestWithHiveServer {
statement.execute("CREATE ROLE role1");
statement.execute("CREATE ROLE role2");
ResultSet resultSet = statement.executeQuery("SHOW ROLES");
+ ResultSetMetaData resultSetMetaData = resultSet.getMetaData();
+ assertThat(resultSetMetaData.getColumnCount(), is(1));
+ assertThat(resultSetMetaData.getColumnName(1), equalToIgnoringCase("role"));
+
Set<String> roles = new HashSet<String>();
while ( resultSet.next()) {
roles.add(resultSet.getString(1));
@@ -196,7 +201,12 @@ public class TestDatabaseProvider extends AbstractTestWithHiveServer {
statement.execute("GRANT ROLE role1 to GROUP " + ADMINGROUP);
ResultSet resultSet = statement.executeQuery("SHOW ROLE GRANT GROUP " + ADMINGROUP);
- Set<String> roles = new HashSet<String>();
+ ResultSetMetaData resultSetMetaData = resultSet.getMetaData();
+ assertThat(resultSetMetaData.getColumnCount(), is(4));
+ assertThat(resultSetMetaData.getColumnName(1), equalToIgnoringCase("role"));
+ assertThat(resultSetMetaData.getColumnName(2), equalToIgnoringCase("grant_option"));
+ assertThat(resultSetMetaData.getColumnName(3), equalToIgnoringCase("grant_time"));
+ assertThat(resultSetMetaData.getColumnName(4), equalToIgnoringCase("grantor"));
while ( resultSet.next()) {
assertThat(resultSet.getString(1), equalToIgnoringCase("role1"));
assertThat(resultSet.getBoolean(2), is(new Boolean("False")));
@@ -224,6 +234,21 @@ public class TestDatabaseProvider extends AbstractTestWithHiveServer {
statement.execute("GRANT SELECT ON TABLE t1 TO ROLE role1");
ResultSet resultSet = statement.executeQuery("SHOW GRANT ROLE role1");
+ ResultSetMetaData resultSetMetaData = resultSet.getMetaData();
+ //| database | table | partition | column | principal_name |
+ // principal_type | privilege | grant_option | grant_time | grantor |
+ assertThat(resultSetMetaData.getColumnCount(), is(10));
+ assertThat(resultSetMetaData.getColumnName(1), equalToIgnoringCase("database"));
+ assertThat(resultSetMetaData.getColumnName(2), equalToIgnoringCase("table"));
+ assertThat(resultSetMetaData.getColumnName(3), equalToIgnoringCase("partition"));
+ assertThat(resultSetMetaData.getColumnName(4), equalToIgnoringCase("column"));
+ assertThat(resultSetMetaData.getColumnName(5), equalToIgnoringCase("principal_name"));
+ assertThat(resultSetMetaData.getColumnName(6), equalToIgnoringCase("principal_type"));
+ assertThat(resultSetMetaData.getColumnName(7), equalToIgnoringCase("privilege"));
+ assertThat(resultSetMetaData.getColumnName(8), equalToIgnoringCase("grant_option"));
+ assertThat(resultSetMetaData.getColumnName(9), equalToIgnoringCase("grant_time"));
+ assertThat(resultSetMetaData.getColumnName(10), equalToIgnoringCase("grantor"));
+
while ( resultSet.next()) {
assertThat(resultSet.getString(1), equalToIgnoringCase("default"));
assertThat(resultSet.getString(2), equalToIgnoringCase("t1"));
@@ -267,7 +292,6 @@ public class TestDatabaseProvider extends AbstractTestWithHiveServer {
* SHOW CURRENT ROLE not supported yet
* @throws Exception
*/
- @Ignore
@Test
public void testShowCurrentRole() throws Exception {
policyFile
@@ -277,13 +301,15 @@ public class TestDatabaseProvider extends AbstractTestWithHiveServer {
Statement statement = context.createStatement(connection);
statement.execute("CREATE ROLE role1");
statement.execute("SET ROLE role1");
+ ResultSet resultSet = statement.executeQuery("SHOW CURRENT ROLES");
+ ResultSetMetaData resultSetMetaData = resultSet.getMetaData();
+ assertThat(resultSetMetaData.getColumnCount(), is(1));
+ assertThat(resultSetMetaData.getColumnName(1), equalToIgnoringCase("role"));
- try {
- ResultSet resultSet = statement.executeQuery("SHOW CURRENT ROLE");
- assertTrue("Expected an exception", false);
- } catch(SQLException e) {
- statement.close();
- connection.close();
+ while( resultSet.next()) {
+ assertThat(resultSet.getString(1), equalToIgnoringCase("role1"));
}
+ statement.close();
+ connection.close();
}
}