You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@sentry.apache.org by sd...@apache.org on 2016/06/06 02:33:59 UTC

sentry git commit: SENTRY-1304: Enable CREATEMACRO and DROPMACRO operations in hive binding (Ke Jia via Dapeng Sun)

Repository: sentry
Updated Branches:
  refs/heads/master e5b6d4b3e -> 26fbeba79


SENTRY-1304: Enable CREATEMACRO and DROPMACRO operations in hive binding (Ke Jia via Dapeng Sun)


Project: http://git-wip-us.apache.org/repos/asf/sentry/repo
Commit: http://git-wip-us.apache.org/repos/asf/sentry/commit/26fbeba7
Tree: http://git-wip-us.apache.org/repos/asf/sentry/tree/26fbeba7
Diff: http://git-wip-us.apache.org/repos/asf/sentry/diff/26fbeba7

Branch: refs/heads/master
Commit: 26fbeba799979f5bf49426ad2316c7d0af56a078
Parents: e5b6d4b
Author: Sun Dapeng <sd...@apache.org>
Authored: Mon Jun 6 10:29:55 2016 +0800
Committer: Sun Dapeng <sd...@apache.org>
Committed: Mon Jun 6 10:29:55 2016 +0800

----------------------------------------------------------------------
 .../hive/authz/HiveAuthzPrivilegesMap.java      | 13 ++++
 .../AbstractTestWithStaticConfiguration.java    |  3 +-
 .../tests/e2e/hive/TestOperationsPart1.java     | 68 ++++++++++++++++++++
 3 files changed, 83 insertions(+), 1 deletion(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/sentry/blob/26fbeba7/sentry-binding/sentry-binding-hive/src/main/java/org/apache/sentry/binding/hive/authz/HiveAuthzPrivilegesMap.java
----------------------------------------------------------------------
diff --git a/sentry-binding/sentry-binding-hive/src/main/java/org/apache/sentry/binding/hive/authz/HiveAuthzPrivilegesMap.java b/sentry-binding/sentry-binding-hive/src/main/java/org/apache/sentry/binding/hive/authz/HiveAuthzPrivilegesMap.java
index 2942f3a..6c9f223 100644
--- a/sentry-binding/sentry-binding-hive/src/main/java/org/apache/sentry/binding/hive/authz/HiveAuthzPrivilegesMap.java
+++ b/sentry-binding/sentry-binding-hive/src/main/java/org/apache/sentry/binding/hive/authz/HiveAuthzPrivilegesMap.java
@@ -36,6 +36,17 @@ public class HiveAuthzPrivilegesMap {
         setOperationType(HiveOperationType.DDL).
         build();
 
+    HiveAuthzPrivileges macroCreatePrivilege = new HiveAuthzPrivileges.AuthzPrivilegeBuilder().
+        addOutputObjectPriviledge(AuthorizableType.Db, EnumSet.of(DBModelAction.CREATE)).
+        setOperationScope(HiveOperationScope.DATABASE).
+        setOperationType(HiveOperationType.DDL).
+        build();
+    HiveAuthzPrivileges dropMacroPrivilege = new HiveAuthzPrivileges.AuthzPrivilegeBuilder().
+        addOutputObjectPriviledge(AuthorizableType.Db, EnumSet.of(DBModelAction.DROP)).
+        setOperationScope(HiveOperationScope.DATABASE).
+        setOperationType(HiveOperationType.DDL).
+        build();
+
     HiveAuthzPrivileges tableCreatePrivilege = new HiveAuthzPrivileges.AuthzPrivilegeBuilder().
         addOutputObjectPriviledge(AuthorizableType.Db, EnumSet.of(DBModelAction.CREATE)).
         addInputObjectPriviledge(AuthorizableType.URI, EnumSet.of(DBModelAction.ALL)).//TODO: make it optional
@@ -205,6 +216,8 @@ public class HiveAuthzPrivilegesMap {
     hiveAuthzStmtPrivMap.put(HiveOperation.CREATETABLE, tableCreatePrivilege);
     hiveAuthzStmtPrivMap.put(HiveOperation.ALTERDATABASE, alterDbPrivilege);
     hiveAuthzStmtPrivMap.put(HiveOperation.ALTERDATABASE_OWNER, alterDbPrivilege);
+    hiveAuthzStmtPrivMap.put(HiveOperation.CREATEMACRO, macroCreatePrivilege);
+    hiveAuthzStmtPrivMap.put(HiveOperation.DROPMACRO, dropMacroPrivilege);
 
     hiveAuthzStmtPrivMap.put(HiveOperation.DROPTABLE, dropTablePrivilege);
     hiveAuthzStmtPrivMap.put(HiveOperation.CREATEVIEW, createViewPrivilege);

http://git-wip-us.apache.org/repos/asf/sentry/blob/26fbeba7/sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/hive/AbstractTestWithStaticConfiguration.java
----------------------------------------------------------------------
diff --git a/sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/hive/AbstractTestWithStaticConfiguration.java b/sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/hive/AbstractTestWithStaticConfiguration.java
index 56654db..ced9d1c 100644
--- a/sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/hive/AbstractTestWithStaticConfiguration.java
+++ b/sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/hive/AbstractTestWithStaticConfiguration.java
@@ -148,7 +148,8 @@ public abstract class AbstractTestWithStaticConfiguration {
       VIEW1 = "view_1",
       VIEW2 = "view_2",
       VIEW3 = "view_3",
-      INDEX1 = "index_1";
+      INDEX1 = "index_1",
+      DEFAULT = "default";
 
   protected static final String SERVER_HOST = "localhost";
   private static final String EXTERNAL_SENTRY_SERVICE = "sentry.e2etest.external.sentry";

http://git-wip-us.apache.org/repos/asf/sentry/blob/26fbeba7/sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/hive/TestOperationsPart1.java
----------------------------------------------------------------------
diff --git a/sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/hive/TestOperationsPart1.java b/sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/hive/TestOperationsPart1.java
index 8f0f8a1..a13aef5 100644
--- a/sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/hive/TestOperationsPart1.java
+++ b/sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/hive/TestOperationsPart1.java
@@ -50,9 +50,12 @@ public class TestOperationsPart1 extends AbstractTestWithStaticConfiguration {
     privileges.put("create_server", "server=server1->action=create");
     privileges.put("all_db1", "server=server1->db=" + DB1 + "->action=all");
     privileges.put("select_db1", "server=server1->db=" + DB1 + "->action=select");
+    privileges.put("select_default", "server=server1->db=" + DEFAULT + "->action=select");
     privileges.put("insert_db1", "server=server1->db=" + DB1 + "->action=insert");
     privileges.put("create_db1", "server=server1->db=" + DB1 + "->action=create");
+    privileges.put("create_default", "server=server1->db=" + DEFAULT + "->action=create");
     privileges.put("drop_db1", "server=server1->db=" + DB1 + "->action=drop");
+    privileges.put("drop_default", "server=server1->db=" + DEFAULT + "->action=drop");
     privileges.put("alter_db1", "server=server1->db=" + DB1 + "->action=alter");
     privileges.put("create_db2", "server=server1->db=" + DB2 + "->action=create");
 
@@ -140,6 +143,71 @@ public class TestOperationsPart1 extends AbstractTestWithStaticConfiguration {
   }
 
   @Test
+  public void testCreateMacro() throws Exception {
+    policyFile
+        .addPermissionsToRole("create_default", privileges.get("create_default"))
+        .addRolesToGroup(USERGROUP1, "create_default");
+
+    writePolicyFile(policyFile);
+    Connection connection = context.createConnection(USER1_1);
+    Statement statement = context.createStatement(connection);
+    statement.execute("CREATE TEMPORARY MACRO SIGMOID (x DOUBLE) 1.0 / (1.0 + EXP(-x))");
+    statement.close();connection.close();
+
+    //Negative case
+    policyFile
+        .addPermissionsToRole("select_default", privileges.get("select_default"))
+        .addRolesToGroup(USERGROUP2, "select_default");
+    writePolicyFile(policyFile);
+
+    connection = context.createConnection(USER2_1);
+    statement = context.createStatement(connection);
+    context.assertSentrySemanticException(statement,
+                "CREATE TEMPORARY MACRO SIGMOID (x DOUBLE) 1.0 / (1.0 + EXP(-x))", semanticException);
+    statement.close();
+    connection.close();
+  }
+
+  @Test
+  public void testDropMacro() throws Exception {
+    adminCreate(DB1, null);
+    policyFile
+        .addPermissionsToRole("drop_default", privileges.get("drop_default"))
+        .addRolesToGroup(USERGROUP1, "drop_default");
+
+    writePolicyFile(policyFile);
+
+    Connection connection;
+    Statement statement;
+
+    connection = context.createConnection(ADMIN1);
+    statement = context.createStatement(connection);
+    statement.execute("CREATE TEMPORARY MACRO SIGMOID (x DOUBLE) 1.0 / (1.0 + EXP(-x))");
+
+    connection = context.createConnection(USER1_1);
+    statement = context.createStatement(connection);
+    statement.execute("DROP TEMPORARY MACRO SIGMOID");
+    statement.close();
+    connection.close();
+
+    connection = context.createConnection(ADMIN1);
+    statement = context.createStatement(connection);
+    statement.execute("CREATE TEMPORARY MACRO SIGMOID (x DOUBLE) 1.0 / (1.0 + EXP(-x))");
+    //Negative case
+    adminCreate(DB1, null);
+    policyFile
+        .addPermissionsToRole("select_default", privileges.get("select_default"))
+        .addRolesToGroup(USERGROUP2, "select_default");
+    writePolicyFile(policyFile);
+
+    connection = context.createConnection(USER2_1);
+    statement = context.createStatement(connection);
+    context.assertSentrySemanticException(statement, " DROP TEMPORARY MACRO SIGMOID", semanticException);
+    statement.close();
+    connection.close();
+  }
+
+  @Test
   public void testInsertInto() throws Exception{
     File dataFile;
     dataFile = new File(dataDir, SINGLE_TYPE_DATA_FILE_NAME);