You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@sentry.apache.org by ak...@apache.org on 2017/03/11 02:00:23 UTC
sentry git commit: SENTRY-1349: Add permission check and test case
for alter db set owner in V2 (Ke Jia via Dapeng Sun)
Repository: sentry
Updated Branches:
refs/heads/sentry-ha-redesign dbf72f5ae -> b385440ed
SENTRY-1349: Add permission check and test case for alter db set owner in V2 (Ke Jia via Dapeng Sun)
Project: http://git-wip-us.apache.org/repos/asf/sentry/repo
Commit: http://git-wip-us.apache.org/repos/asf/sentry/commit/b385440e
Tree: http://git-wip-us.apache.org/repos/asf/sentry/tree/b385440e
Diff: http://git-wip-us.apache.org/repos/asf/sentry/diff/b385440e
Branch: refs/heads/sentry-ha-redesign
Commit: b385440ed9d23d39af5da784ca715d61c23e0638
Parents: dbf72f5
Author: Alexander Kolbasov <ak...@cloudera.com>
Authored: Fri Mar 10 17:59:45 2017 -0800
Committer: Alexander Kolbasov <ak...@cloudera.com>
Committed: Fri Mar 10 17:59:45 2017 -0800
----------------------------------------------------------------------
.../hive/v2/HiveAuthzPrivilegesMapV2.java | 1 +
.../sentry/tests/e2e/hive/TestOperations.java | 27 ++++++++++++++++++++
2 files changed, 28 insertions(+)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/sentry/blob/b385440e/sentry-binding/sentry-binding-hive-v2/src/main/java/org/apache/sentry/binding/hive/v2/HiveAuthzPrivilegesMapV2.java
----------------------------------------------------------------------
diff --git a/sentry-binding/sentry-binding-hive-v2/src/main/java/org/apache/sentry/binding/hive/v2/HiveAuthzPrivilegesMapV2.java b/sentry-binding/sentry-binding-hive-v2/src/main/java/org/apache/sentry/binding/hive/v2/HiveAuthzPrivilegesMapV2.java
index 8993084..93bdf4b 100644
--- a/sentry-binding/sentry-binding-hive-v2/src/main/java/org/apache/sentry/binding/hive/v2/HiveAuthzPrivilegesMapV2.java
+++ b/sentry-binding/sentry-binding-hive-v2/src/main/java/org/apache/sentry/binding/hive/v2/HiveAuthzPrivilegesMapV2.java
@@ -199,6 +199,7 @@ public class HiveAuthzPrivilegesMapV2 {
hiveAuthzStmtPrivMap.put(HiveOperation.DROPDATABASE, dropDbPrivilege);
hiveAuthzStmtPrivMap.put(HiveOperation.CREATETABLE, tableCreatePrivilege);
hiveAuthzStmtPrivMap.put(HiveOperation.ALTERDATABASE, alterDbPrivilege);
+ hiveAuthzStmtPrivMap.put(HiveOperation.ALTERDATABASE_OWNER, alterDbPrivilege);
hiveAuthzStmtPrivMap.put(HiveOperation.DROPTABLE, dropTablePrivilege);
hiveAuthzStmtPrivMap.put(HiveOperation.CREATEVIEW, createViewPrivilege);
http://git-wip-us.apache.org/repos/asf/sentry/blob/b385440e/sentry-tests/sentry-tests-hive-v2/src/test/java/org/apache/sentry/tests/e2e/hive/TestOperations.java
----------------------------------------------------------------------
diff --git a/sentry-tests/sentry-tests-hive-v2/src/test/java/org/apache/sentry/tests/e2e/hive/TestOperations.java b/sentry-tests/sentry-tests-hive-v2/src/test/java/org/apache/sentry/tests/e2e/hive/TestOperations.java
index 06a5752..b8d80f1 100644
--- a/sentry-tests/sentry-tests-hive-v2/src/test/java/org/apache/sentry/tests/e2e/hive/TestOperations.java
+++ b/sentry-tests/sentry-tests-hive-v2/src/test/java/org/apache/sentry/tests/e2e/hive/TestOperations.java
@@ -289,6 +289,33 @@ public class TestOperations extends AbstractTestWithStaticConfiguration {
connection.close();
}
+ /* Test all operations that require alter on Database alone
+ 1. Alter database : HiveOperation.ALTERDATABASE_OWNER
+ */
+ @Test
+ public void testAlterDatabaseOwner() throws Exception{
+ adminCreate(DB1, null);
+
+
+ Connection connection = context.createConnection(ADMIN1);
+ Statement statement = context.createStatement(connection);
+ statement.execute("ALTER DATABASE " + DB1 + " SET OWNER USER " + USER1_1);
+
+
+ //Negative case
+ adminCreate(DB1, null);
+ policyFile
+ .addPermissionsToRole("select_db1", privileges.get("select_db1"))
+ .addRolesToGroup(USERGROUP1, "select_db1");
+ writePolicyFile(policyFile);
+
+ connection = context.createConnection(USER1_1);
+ statement = context.createStatement(connection);
+ context.assertSentrySemanticException(statement, "ALTER DATABASE " + DB1 + " SET OWNER USER " + USER2_1, semanticException);
+ statement.close();
+ connection.close();
+ }
+
/* SELECT/INSERT on DATABASE
1. HiveOperation.DESCDATABASE
*/