You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@sentry.apache.org by sr...@apache.org on 2014/06/27 23:22:16 UTC
git commit: SENTRY-315: SHOW CURRENT ROLE fails if the one of the
groups doesn't have any roles granted (Prasad Mujumdar via Sravya
Tirukkovalur)
Repository: incubator-sentry
Updated Branches:
refs/heads/master 1785f0ee5 -> 1a14264fd
SENTRY-315: SHOW CURRENT ROLE fails if the one of the groups doesn't have any roles granted (Prasad Mujumdar via Sravya Tirukkovalur)
Project: http://git-wip-us.apache.org/repos/asf/incubator-sentry/repo
Commit: http://git-wip-us.apache.org/repos/asf/incubator-sentry/commit/1a14264f
Tree: http://git-wip-us.apache.org/repos/asf/incubator-sentry/tree/1a14264f
Diff: http://git-wip-us.apache.org/repos/asf/incubator-sentry/diff/1a14264f
Branch: refs/heads/master
Commit: 1a14264fd3014388a881f6b7928f75bcf4060f0f
Parents: 1785f0e
Author: Sravya Tirukkovalur <sr...@clouera.com>
Authored: Fri Jun 27 14:19:59 2014 -0700
Committer: Sravya Tirukkovalur <sr...@clouera.com>
Committed: Fri Jun 27 14:19:59 2014 -0700
----------------------------------------------------------------------
.../provider/db/service/persistent/SentryStore.java | 13 ++++++++++---
.../db/service/thrift/SentryPolicyStoreProcessor.java | 4 +++-
.../db/service/persistent/TestSentryStore.java | 9 ++++++---
.../tests/e2e/dbprovider/TestDatabaseProvider.java | 7 +++++++
4 files changed, 26 insertions(+), 7 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/1a14264f/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/persistent/SentryStore.java
----------------------------------------------------------------------
diff --git a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/persistent/SentryStore.java b/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/persistent/SentryStore.java
index 78f41d3..5f77793 100644
--- a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/persistent/SentryStore.java
+++ b/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/persistent/SentryStore.java
@@ -894,11 +894,18 @@ public class SentryStore {
* @return : Set of thrift sentry role objects
* @throws SentryNoSuchObjectException
*/
- public Set<TSentryRole> getTSentryRolesByGroupName(Set<String> groupNames)
- throws SentryNoSuchObjectException {
+ public Set<TSentryRole> getTSentryRolesByGroupName(Set<String> groupNames,
+ boolean checkAllGroups) throws SentryNoSuchObjectException {
Set<MSentryRole> roleSet = Sets.newHashSet();
for (String groupName : groupNames) {
- roleSet.addAll(getMSentryRolesByGroupName(groupName));
+ try {
+ roleSet.addAll(getMSentryRolesByGroupName(groupName));
+ } catch (SentryNoSuchObjectException e) {
+ // if we are checking for all the given groups, then continue searching
+ if (!checkAllGroups) {
+ throw e;
+ }
+ }
}
return convertToTSentryRoles(roleSet);
}
http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/1a14264f/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/thrift/SentryPolicyStoreProcessor.java
----------------------------------------------------------------------
diff --git a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/thrift/SentryPolicyStoreProcessor.java b/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/thrift/SentryPolicyStoreProcessor.java
index 8964a18..40ac881 100644
--- a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/thrift/SentryPolicyStoreProcessor.java
+++ b/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/thrift/SentryPolicyStoreProcessor.java
@@ -314,16 +314,18 @@ public class SentryPolicyStoreProcessor implements SentryPolicyService.Iface {
TSentryResponseStatus status;
Set<TSentryRole> roleSet = new HashSet<TSentryRole>();
Set<String> groups = new HashSet<String>();
+ boolean checkAllGroups = false;
try {
// Don't check admin permissions for listing requestor's own roles
if (AccessConstants.ALL.equalsIgnoreCase(request.getGroupName())) {
groups = getRequestorGroups(request.getRequestorUserName());
+ checkAllGroups = true;
} else {
authorize(request.getRequestorUserName(),
getRequestorGroups(request.getRequestorUserName()));
groups.add(request.getGroupName());
}
- roleSet = sentryStore.getTSentryRolesByGroupName(groups);
+ roleSet = sentryStore.getTSentryRolesByGroupName(groups, checkAllGroups);
response.setRoles(roleSet);
response.setStatus(Status.OK());
} catch (SentryNoSuchObjectException e) {
http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/1a14264f/sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/provider/db/service/persistent/TestSentryStore.java
----------------------------------------------------------------------
diff --git a/sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/provider/db/service/persistent/TestSentryStore.java b/sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/provider/db/service/persistent/TestSentryStore.java
index acc8b3a..6613d12 100644
--- a/sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/provider/db/service/persistent/TestSentryStore.java
+++ b/sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/provider/db/service/persistent/TestSentryStore.java
@@ -349,9 +349,12 @@ public class TestSentryStore {
sentryStore.alterSentryRoleAddGroups(grantor, roleName3,
Sets.newHashSet(new TSentryGroup(group1), new TSentryGroup(group2)));
- assertEquals(2, sentryStore.getTSentryRolesByGroupName(Sets.newHashSet(group1)).size());
- assertEquals(2, sentryStore.getTSentryRolesByGroupName(Sets.newHashSet(group2)).size());
- assertEquals(3, sentryStore.getTSentryRolesByGroupName(Sets.newHashSet(group1,group2)).size());
+ assertEquals(2, sentryStore.getTSentryRolesByGroupName(Sets.newHashSet(group1), false).size());
+ assertEquals(2, sentryStore.getTSentryRolesByGroupName(Sets.newHashSet(group2), false).size());
+ assertEquals(3, sentryStore.getTSentryRolesByGroupName(Sets.newHashSet(group1,group2), false).size());
+ assertEquals(0,
+ sentryStore.getTSentryRolesByGroupName(Sets.newHashSet("foo"), true)
+ .size());
}
/**
http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/1a14264f/sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/dbprovider/TestDatabaseProvider.java
----------------------------------------------------------------------
diff --git a/sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/dbprovider/TestDatabaseProvider.java b/sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/dbprovider/TestDatabaseProvider.java
index 200ea55..83bf406 100644
--- a/sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/dbprovider/TestDatabaseProvider.java
+++ b/sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/dbprovider/TestDatabaseProvider.java
@@ -1651,6 +1651,13 @@ public class TestDatabaseProvider extends AbstractTestWithStaticConfiguration {
statement.close();
connection.close();
+ connection = context.createConnection(USER2_1);
+ statement = context.createStatement(connection);
+ resultSet = statement.executeQuery("SHOW CURRENT ROLES");
+ assertResultSize(resultSet, 0);
+ statement.close();
+ connection.close();
+
connection = context.createConnection(USER1_1);
statement = context.createStatement(connection);