You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@sentry.apache.org by li...@apache.org on 2018/05/18 22:27:56 UTC

sentry git commit: SENTRY-2144: Table Rename Cross Database should update permission correctly. (Na Li, reviewed by Sergio Pena, Kalyan Kumar Kalvagadda, Arjun Mishra, Alexander Kolbasov)

Repository: sentry
Updated Branches:
  refs/heads/master 266857472 -> a06e65639


SENTRY-2144: Table Rename Cross Database should update permission correctly. (Na Li, reviewed by Sergio Pena, Kalyan Kumar Kalvagadda, Arjun Mishra, Alexander Kolbasov)


Project: http://git-wip-us.apache.org/repos/asf/sentry/repo
Commit: http://git-wip-us.apache.org/repos/asf/sentry/commit/a06e6563
Tree: http://git-wip-us.apache.org/repos/asf/sentry/tree/a06e6563
Diff: http://git-wip-us.apache.org/repos/asf/sentry/diff/a06e6563

Branch: refs/heads/master
Commit: a06e656394672f67c648de73a6e8965478dadde6
Parents: 2668574
Author: lina.li <li...@cloudera.com>
Authored: Fri May 18 17:22:49 2018 -0500
Committer: lina.li <li...@cloudera.com>
Committed: Fri May 18 17:22:49 2018 -0500

----------------------------------------------------------------------
 .../db/service/persistent/SentryStore.java      |  2 +
 .../TestDbPrivilegeCleanupOnDrop.java           | 60 +++++++++++++++++++-
 2 files changed, 60 insertions(+), 2 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/sentry/blob/a06e6563/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/persistent/SentryStore.java
----------------------------------------------------------------------
diff --git a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/persistent/SentryStore.java b/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/persistent/SentryStore.java
index cafe2b5..56c506b 100644
--- a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/persistent/SentryStore.java
+++ b/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/persistent/SentryStore.java
@@ -2316,6 +2316,8 @@ public class SentryStore {
         if (newTPrivilege.getPrivilegeScope().equals(PrivilegeScope.DATABASE.name())) {
           tPriv.setDbName(newTPrivilege.getDbName());
         } else if (newTPrivilege.getPrivilegeScope().equals(PrivilegeScope.TABLE.name())) {
+          // the DB name could change, so set its value
+          tPriv.setDbName(newTPrivilege.getDbName());
           tPriv.setTableName(newTPrivilege.getTableName());
         }
         alterSentryRoleGrantPrivilegeCore(pm, role.getRoleName(), tPriv);

http://git-wip-us.apache.org/repos/asf/sentry/blob/a06e6563/sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/dbprovider/TestDbPrivilegeCleanupOnDrop.java
----------------------------------------------------------------------
diff --git a/sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/dbprovider/TestDbPrivilegeCleanupOnDrop.java b/sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/dbprovider/TestDbPrivilegeCleanupOnDrop.java
index 5fe6625..cbfdb94 100644
--- a/sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/dbprovider/TestDbPrivilegeCleanupOnDrop.java
+++ b/sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/dbprovider/TestDbPrivilegeCleanupOnDrop.java
@@ -158,12 +158,12 @@ public class TestDbPrivilegeCleanupOnDrop extends TestHDFSIntegrationBase {
 
   /**
    * rename table and verify that the no privileges are referring to it old table
-   * verify that the same privileges are created for the new table name
+   * verify that the same privileges are created for the new table name within the same DB
    *
    * @throws Exception
    */
   @Test
-  public void testRenameTables() throws Exception {
+  public void testRenameTablesWithinDB() throws Exception {
     dbNames = new String[]{DB1, DB2};
     roles = new String[]{"admin_role", "read_db1", "all_db1", "select_tbl1",
             "insert_tbl1", "all_tbl1", "all_tbl2", "all_prod"};
@@ -199,6 +199,62 @@ public class TestDbPrivilegeCleanupOnDrop extends TestHDFSIntegrationBase {
   }
 
   /**
+   * rename table and verify that the no privileges are referring to it old table
+   * verify that the same privileges are created for the new table name at different DB
+   *
+   * @throws Exception
+   */
+  @Test
+  public void testRenameTablesCrossDB() throws Exception {
+    dbNames = new String[]{DB1, DB2};
+    roles = new String[]{"admin_role", "read_db1", "all_db1", "select_tbl1",
+        "insert_tbl1", "all_tbl1", "all_tbl2", "all_prod"};
+
+    // create required roles
+    setupRoles(statement);
+
+    // create test DBs and Tables
+    statement.execute("CREATE DATABASE " + DB1);
+    statement.execute("CREATE DATABASE " + DB2);
+    statement.execute("create table " + DB2 + "." + tableName1
+        + " (under_col int comment 'the under column', value string)");
+
+    // setup privileges for USER1
+    statement.execute("GRANT ALL ON DATABASE " + DB1 + " TO ROLE all_db1");
+    statement.execute("GRANT SELECT ON DATABASE " + DB1
+        + " TO ROLE read_db1");
+    statement.execute("GRANT ALL ON DATABASE " + DB2 + " TO ROLE all_prod");
+    statement.execute("USE " + DB2);
+    statement.execute("GRANT SELECT ON TABLE " + tableName1
+        + " TO ROLE select_tbl1");
+    statement.execute("GRANT INSERT ON TABLE " + tableName1
+        + " TO ROLE insert_tbl1");
+    statement.execute("GRANT ALL ON TABLE " + tableName1 + " TO ROLE all_tbl1");
+
+    // verify privileges on the created tables
+    verifyTablePrivilegeExist(statement,
+        Lists.newArrayList("select_tbl1", "insert_tbl1", "all_tbl1"),
+        DB2 + "." + tableName1);
+
+    // rename table across the DB
+    statement.execute("ALTER TABLE " + DB2 + "." + tableName1 + " RENAME TO "
+        + DB1 + "." + tableName1 + renameTag);
+
+    // verify privileges removed for old table
+    List<String> roles = getRoles(statement);
+    verifyIfAllPrivilegeAreDropped(statement, roles, DB2 + "." + tableName1,
+        SHOW_GRANT_TABLE_POSITION);
+
+    // verify privileges created for new table
+    verifyTablePrivilegeExist(statement,
+        Lists.newArrayList("select_tbl1", "insert_tbl1", "all_tbl1"),
+        DB1 + "." + tableName1 + renameTag);
+
+    statement.close();
+    connection.close();
+  }
+
+  /**
    * After we drop/rename table, we will drop/rename all privileges(ALL,SELECT,INSERT,ALTER,DROP...)
    * from this role
    *