You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@sentry.apache.org by pr...@apache.org on 2014/09/29 09:00:06 UTC
git commit: SENTRY-475: SHOW GRANT ROLE from Hive always report with
grant option as false (Prasad Mujumdar, reviewed by Lenni Kuff)
Repository: incubator-sentry
Updated Branches:
refs/heads/master f6fc0422b -> 2982e3d1c
SENTRY-475: SHOW GRANT ROLE from Hive always report with grant option as false (Prasad Mujumdar, reviewed by Lenni Kuff)
Project: http://git-wip-us.apache.org/repos/asf/incubator-sentry/repo
Commit: http://git-wip-us.apache.org/repos/asf/incubator-sentry/commit/2982e3d1
Tree: http://git-wip-us.apache.org/repos/asf/incubator-sentry/tree/2982e3d1
Diff: http://git-wip-us.apache.org/repos/asf/incubator-sentry/diff/2982e3d1
Branch: refs/heads/master
Commit: 2982e3d1cb230fcbc5134c62c402aad98cb3d33f
Parents: f6fc042
Author: Prasad Mujumdar <pr...@cloudera.com>
Authored: Sun Sep 28 23:59:56 2014 -0700
Committer: Prasad Mujumdar <pr...@cloudera.com>
Committed: Sun Sep 28 23:59:56 2014 -0700
----------------------------------------------------------------------
.../hive/ql/exec/SentryGrantRevokeTask.java | 4 ++-
.../TestPrivilegeWithGrantOption.java | 34 ++++++++++++++++++--
2 files changed, 34 insertions(+), 4 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/2982e3d1/sentry-binding/sentry-binding-hive/src/main/java/org/apache/hadoop/hive/ql/exec/SentryGrantRevokeTask.java
----------------------------------------------------------------------
diff --git a/sentry-binding/sentry-binding-hive/src/main/java/org/apache/hadoop/hive/ql/exec/SentryGrantRevokeTask.java b/sentry-binding/sentry-binding-hive/src/main/java/org/apache/hadoop/hive/ql/exec/SentryGrantRevokeTask.java
index 6f33109..ac45746 100644
--- a/sentry-binding/sentry-binding-hive/src/main/java/org/apache/hadoop/hive/ql/exec/SentryGrantRevokeTask.java
+++ b/sentry-binding/sentry-binding-hive/src/main/java/org/apache/hadoop/hive/ql/exec/SentryGrantRevokeTask.java
@@ -71,6 +71,7 @@ import org.apache.sentry.core.model.db.Server;
import org.apache.sentry.core.model.db.Table;
import org.apache.sentry.provider.db.SentryAccessDeniedException;
import org.apache.sentry.provider.db.service.thrift.SentryPolicyServiceClient;
+import org.apache.sentry.provider.db.service.thrift.TSentryGrantOption;
import org.apache.sentry.provider.db.service.thrift.TSentryPrivilege;
import org.apache.sentry.provider.db.service.thrift.TSentryRole;
import org.apache.sentry.service.thrift.SentryServiceClientFactory;
@@ -428,7 +429,8 @@ public class SentryGrantRevokeTask extends Task<DDLWork> implements Serializable
appendNonNull(builder, roleName);//getPrincipalName()
appendNonNull(builder, "ROLE");//getPrincipalType()
appendNonNull(builder, privilege.getAction());
- appendNonNull(builder, false);//isGrantOption()
+ appendNonNull(builder,
+ TSentryGrantOption.TRUE.equals(privilege.getGrantOption()));
appendNonNull(builder, privilege.getCreateTime() * 1000L);
appendNonNull(builder, "--");
}
http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/2982e3d1/sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/dbprovider/TestPrivilegeWithGrantOption.java
----------------------------------------------------------------------
diff --git a/sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/dbprovider/TestPrivilegeWithGrantOption.java b/sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/dbprovider/TestPrivilegeWithGrantOption.java
index 581350a..5c49f98 100644
--- a/sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/dbprovider/TestPrivilegeWithGrantOption.java
+++ b/sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/dbprovider/TestPrivilegeWithGrantOption.java
@@ -41,6 +41,9 @@ import org.junit.Test;
public class TestPrivilegeWithGrantOption extends AbstractTestWithStaticConfiguration {
private static boolean isInternalServer = false;
+ private static int SHOW_GRANT_ROLE_DB_POSITION = 1;
+ private static int SHOW_GRANT_ROLE_TABLE_POSITION = 2;
+ private static int SHOW_GRANT_ROLE_WITH_GRANT_POSITION = 8;
@BeforeClass
public static void setupTestStaticConfiguration() throws Exception {
@@ -175,15 +178,40 @@ public class TestPrivilegeWithGrantOption extends AbstractTestWithStaticConfigur
statement.execute("GRANT INSERT ON TABLE foo TO ROLE role3_2");
connection.close();
+ connection = context.createConnection(USER2_1);
+ statement = context.createStatement(connection);
+ statement.execute("USE db_1");
+ runSQLWithError(statement, "GRANT ALL ON TABLE foo TO ROLE role3_2",
+ HiveOperation.GRANT_PRIVILEGE, null, null, true);
+ connection.close();
+
connection = context.createConnection(ADMIN1);
statement = context.createStatement(connection);
statement.execute("use db_1");
verifySingleGrantWithGrantOption(statement,
- "SHOW GRANT ROLE role2 ON TABLE foo", 2, "foo");
+ "SHOW GRANT ROLE role2 ON TABLE foo", SHOW_GRANT_ROLE_TABLE_POSITION,
+ "foo");
+ verifySingleGrantWithGrantOption(statement,
+ "SHOW GRANT ROLE role3_1 ON DATABASE db_1",
+ SHOW_GRANT_ROLE_DB_POSITION, "db_1");
+ verifySingleGrantWithGrantOption(statement,
+ "SHOW GRANT ROLE role3_2 ON TABLE foo", SHOW_GRANT_ROLE_TABLE_POSITION,
+ "foo");
+
+ // test 'with grant option' status
+ verifySingleGrantWithGrantOption(statement, "show grant role role1",
+ SHOW_GRANT_ROLE_WITH_GRANT_POSITION, "true");
+ verifySingleGrantWithGrantOption(statement,
+ "SHOW GRANT ROLE role1 ON DATABASE db_1",
+ SHOW_GRANT_ROLE_WITH_GRANT_POSITION, "true");
verifySingleGrantWithGrantOption(statement,
- "SHOW GRANT ROLE role3_1 ON DATABASE db_1", 1, "db_1");
+ "SHOW GRANT ROLE role1 ON TABLE foo",
+ SHOW_GRANT_ROLE_WITH_GRANT_POSITION, "true");
+ verifySingleGrantWithGrantOption(statement, "show grant role role2",
+ SHOW_GRANT_ROLE_WITH_GRANT_POSITION, "false");
verifySingleGrantWithGrantOption(statement,
- "SHOW GRANT ROLE role3_2 ON TABLE foo", 2, "foo");
+ "SHOW GRANT ROLE role2 ON TABLE foo",
+ SHOW_GRANT_ROLE_WITH_GRANT_POSITION, "false");
statement.close();
connection.close();
}