You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@sentry.apache.org by li...@apache.org on 2018/05/18 22:27:56 UTC
sentry git commit: SENTRY-2144: Table Rename Cross Database should
update permission correctly. (Na Li, reviewed by Sergio Pena,
Kalyan Kumar Kalvagadda, Arjun Mishra, Alexander Kolbasov)
Repository: sentry
Updated Branches:
refs/heads/master 266857472 -> a06e65639
SENTRY-2144: Table Rename Cross Database should update permission correctly. (Na Li, reviewed by Sergio Pena, Kalyan Kumar Kalvagadda, Arjun Mishra, Alexander Kolbasov)
Project: http://git-wip-us.apache.org/repos/asf/sentry/repo
Commit: http://git-wip-us.apache.org/repos/asf/sentry/commit/a06e6563
Tree: http://git-wip-us.apache.org/repos/asf/sentry/tree/a06e6563
Diff: http://git-wip-us.apache.org/repos/asf/sentry/diff/a06e6563
Branch: refs/heads/master
Commit: a06e656394672f67c648de73a6e8965478dadde6
Parents: 2668574
Author: lina.li <li...@cloudera.com>
Authored: Fri May 18 17:22:49 2018 -0500
Committer: lina.li <li...@cloudera.com>
Committed: Fri May 18 17:22:49 2018 -0500
----------------------------------------------------------------------
.../db/service/persistent/SentryStore.java | 2 +
.../TestDbPrivilegeCleanupOnDrop.java | 60 +++++++++++++++++++-
2 files changed, 60 insertions(+), 2 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/sentry/blob/a06e6563/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/persistent/SentryStore.java
----------------------------------------------------------------------
diff --git a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/persistent/SentryStore.java b/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/persistent/SentryStore.java
index cafe2b5..56c506b 100644
--- a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/persistent/SentryStore.java
+++ b/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/persistent/SentryStore.java
@@ -2316,6 +2316,8 @@ public class SentryStore {
if (newTPrivilege.getPrivilegeScope().equals(PrivilegeScope.DATABASE.name())) {
tPriv.setDbName(newTPrivilege.getDbName());
} else if (newTPrivilege.getPrivilegeScope().equals(PrivilegeScope.TABLE.name())) {
+ // the DB name could change, so set its value
+ tPriv.setDbName(newTPrivilege.getDbName());
tPriv.setTableName(newTPrivilege.getTableName());
}
alterSentryRoleGrantPrivilegeCore(pm, role.getRoleName(), tPriv);
http://git-wip-us.apache.org/repos/asf/sentry/blob/a06e6563/sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/dbprovider/TestDbPrivilegeCleanupOnDrop.java
----------------------------------------------------------------------
diff --git a/sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/dbprovider/TestDbPrivilegeCleanupOnDrop.java b/sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/dbprovider/TestDbPrivilegeCleanupOnDrop.java
index 5fe6625..cbfdb94 100644
--- a/sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/dbprovider/TestDbPrivilegeCleanupOnDrop.java
+++ b/sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/dbprovider/TestDbPrivilegeCleanupOnDrop.java
@@ -158,12 +158,12 @@ public class TestDbPrivilegeCleanupOnDrop extends TestHDFSIntegrationBase {
/**
* rename table and verify that the no privileges are referring to it old table
- * verify that the same privileges are created for the new table name
+ * verify that the same privileges are created for the new table name within the same DB
*
* @throws Exception
*/
@Test
- public void testRenameTables() throws Exception {
+ public void testRenameTablesWithinDB() throws Exception {
dbNames = new String[]{DB1, DB2};
roles = new String[]{"admin_role", "read_db1", "all_db1", "select_tbl1",
"insert_tbl1", "all_tbl1", "all_tbl2", "all_prod"};
@@ -199,6 +199,62 @@ public class TestDbPrivilegeCleanupOnDrop extends TestHDFSIntegrationBase {
}
/**
+ * rename table and verify that the no privileges are referring to it old table
+ * verify that the same privileges are created for the new table name at different DB
+ *
+ * @throws Exception
+ */
+ @Test
+ public void testRenameTablesCrossDB() throws Exception {
+ dbNames = new String[]{DB1, DB2};
+ roles = new String[]{"admin_role", "read_db1", "all_db1", "select_tbl1",
+ "insert_tbl1", "all_tbl1", "all_tbl2", "all_prod"};
+
+ // create required roles
+ setupRoles(statement);
+
+ // create test DBs and Tables
+ statement.execute("CREATE DATABASE " + DB1);
+ statement.execute("CREATE DATABASE " + DB2);
+ statement.execute("create table " + DB2 + "." + tableName1
+ + " (under_col int comment 'the under column', value string)");
+
+ // setup privileges for USER1
+ statement.execute("GRANT ALL ON DATABASE " + DB1 + " TO ROLE all_db1");
+ statement.execute("GRANT SELECT ON DATABASE " + DB1
+ + " TO ROLE read_db1");
+ statement.execute("GRANT ALL ON DATABASE " + DB2 + " TO ROLE all_prod");
+ statement.execute("USE " + DB2);
+ statement.execute("GRANT SELECT ON TABLE " + tableName1
+ + " TO ROLE select_tbl1");
+ statement.execute("GRANT INSERT ON TABLE " + tableName1
+ + " TO ROLE insert_tbl1");
+ statement.execute("GRANT ALL ON TABLE " + tableName1 + " TO ROLE all_tbl1");
+
+ // verify privileges on the created tables
+ verifyTablePrivilegeExist(statement,
+ Lists.newArrayList("select_tbl1", "insert_tbl1", "all_tbl1"),
+ DB2 + "." + tableName1);
+
+ // rename table across the DB
+ statement.execute("ALTER TABLE " + DB2 + "." + tableName1 + " RENAME TO "
+ + DB1 + "." + tableName1 + renameTag);
+
+ // verify privileges removed for old table
+ List<String> roles = getRoles(statement);
+ verifyIfAllPrivilegeAreDropped(statement, roles, DB2 + "." + tableName1,
+ SHOW_GRANT_TABLE_POSITION);
+
+ // verify privileges created for new table
+ verifyTablePrivilegeExist(statement,
+ Lists.newArrayList("select_tbl1", "insert_tbl1", "all_tbl1"),
+ DB1 + "." + tableName1 + renameTag);
+
+ statement.close();
+ connection.close();
+ }
+
+ /**
* After we drop/rename table, we will drop/rename all privileges(ALL,SELECT,INSERT,ALTER,DROP...)
* from this role
*