You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@sentry.apache.org by sd...@apache.org on 2016/06/06 02:33:59 UTC
sentry git commit: SENTRY-1304: Enable CREATEMACRO and DROPMACRO
operations in hive binding (Ke Jia via Dapeng Sun)
Repository: sentry
Updated Branches:
refs/heads/master e5b6d4b3e -> 26fbeba79
SENTRY-1304: Enable CREATEMACRO and DROPMACRO operations in hive binding (Ke Jia via Dapeng Sun)
Project: http://git-wip-us.apache.org/repos/asf/sentry/repo
Commit: http://git-wip-us.apache.org/repos/asf/sentry/commit/26fbeba7
Tree: http://git-wip-us.apache.org/repos/asf/sentry/tree/26fbeba7
Diff: http://git-wip-us.apache.org/repos/asf/sentry/diff/26fbeba7
Branch: refs/heads/master
Commit: 26fbeba799979f5bf49426ad2316c7d0af56a078
Parents: e5b6d4b
Author: Sun Dapeng <sd...@apache.org>
Authored: Mon Jun 6 10:29:55 2016 +0800
Committer: Sun Dapeng <sd...@apache.org>
Committed: Mon Jun 6 10:29:55 2016 +0800
----------------------------------------------------------------------
.../hive/authz/HiveAuthzPrivilegesMap.java | 13 ++++
.../AbstractTestWithStaticConfiguration.java | 3 +-
.../tests/e2e/hive/TestOperationsPart1.java | 68 ++++++++++++++++++++
3 files changed, 83 insertions(+), 1 deletion(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/sentry/blob/26fbeba7/sentry-binding/sentry-binding-hive/src/main/java/org/apache/sentry/binding/hive/authz/HiveAuthzPrivilegesMap.java
----------------------------------------------------------------------
diff --git a/sentry-binding/sentry-binding-hive/src/main/java/org/apache/sentry/binding/hive/authz/HiveAuthzPrivilegesMap.java b/sentry-binding/sentry-binding-hive/src/main/java/org/apache/sentry/binding/hive/authz/HiveAuthzPrivilegesMap.java
index 2942f3a..6c9f223 100644
--- a/sentry-binding/sentry-binding-hive/src/main/java/org/apache/sentry/binding/hive/authz/HiveAuthzPrivilegesMap.java
+++ b/sentry-binding/sentry-binding-hive/src/main/java/org/apache/sentry/binding/hive/authz/HiveAuthzPrivilegesMap.java
@@ -36,6 +36,17 @@ public class HiveAuthzPrivilegesMap {
setOperationType(HiveOperationType.DDL).
build();
+ HiveAuthzPrivileges macroCreatePrivilege = new HiveAuthzPrivileges.AuthzPrivilegeBuilder().
+ addOutputObjectPriviledge(AuthorizableType.Db, EnumSet.of(DBModelAction.CREATE)).
+ setOperationScope(HiveOperationScope.DATABASE).
+ setOperationType(HiveOperationType.DDL).
+ build();
+ HiveAuthzPrivileges dropMacroPrivilege = new HiveAuthzPrivileges.AuthzPrivilegeBuilder().
+ addOutputObjectPriviledge(AuthorizableType.Db, EnumSet.of(DBModelAction.DROP)).
+ setOperationScope(HiveOperationScope.DATABASE).
+ setOperationType(HiveOperationType.DDL).
+ build();
+
HiveAuthzPrivileges tableCreatePrivilege = new HiveAuthzPrivileges.AuthzPrivilegeBuilder().
addOutputObjectPriviledge(AuthorizableType.Db, EnumSet.of(DBModelAction.CREATE)).
addInputObjectPriviledge(AuthorizableType.URI, EnumSet.of(DBModelAction.ALL)).//TODO: make it optional
@@ -205,6 +216,8 @@ public class HiveAuthzPrivilegesMap {
hiveAuthzStmtPrivMap.put(HiveOperation.CREATETABLE, tableCreatePrivilege);
hiveAuthzStmtPrivMap.put(HiveOperation.ALTERDATABASE, alterDbPrivilege);
hiveAuthzStmtPrivMap.put(HiveOperation.ALTERDATABASE_OWNER, alterDbPrivilege);
+ hiveAuthzStmtPrivMap.put(HiveOperation.CREATEMACRO, macroCreatePrivilege);
+ hiveAuthzStmtPrivMap.put(HiveOperation.DROPMACRO, dropMacroPrivilege);
hiveAuthzStmtPrivMap.put(HiveOperation.DROPTABLE, dropTablePrivilege);
hiveAuthzStmtPrivMap.put(HiveOperation.CREATEVIEW, createViewPrivilege);
http://git-wip-us.apache.org/repos/asf/sentry/blob/26fbeba7/sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/hive/AbstractTestWithStaticConfiguration.java
----------------------------------------------------------------------
diff --git a/sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/hive/AbstractTestWithStaticConfiguration.java b/sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/hive/AbstractTestWithStaticConfiguration.java
index 56654db..ced9d1c 100644
--- a/sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/hive/AbstractTestWithStaticConfiguration.java
+++ b/sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/hive/AbstractTestWithStaticConfiguration.java
@@ -148,7 +148,8 @@ public abstract class AbstractTestWithStaticConfiguration {
VIEW1 = "view_1",
VIEW2 = "view_2",
VIEW3 = "view_3",
- INDEX1 = "index_1";
+ INDEX1 = "index_1",
+ DEFAULT = "default";
protected static final String SERVER_HOST = "localhost";
private static final String EXTERNAL_SENTRY_SERVICE = "sentry.e2etest.external.sentry";
http://git-wip-us.apache.org/repos/asf/sentry/blob/26fbeba7/sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/hive/TestOperationsPart1.java
----------------------------------------------------------------------
diff --git a/sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/hive/TestOperationsPart1.java b/sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/hive/TestOperationsPart1.java
index 8f0f8a1..a13aef5 100644
--- a/sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/hive/TestOperationsPart1.java
+++ b/sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/hive/TestOperationsPart1.java
@@ -50,9 +50,12 @@ public class TestOperationsPart1 extends AbstractTestWithStaticConfiguration {
privileges.put("create_server", "server=server1->action=create");
privileges.put("all_db1", "server=server1->db=" + DB1 + "->action=all");
privileges.put("select_db1", "server=server1->db=" + DB1 + "->action=select");
+ privileges.put("select_default", "server=server1->db=" + DEFAULT + "->action=select");
privileges.put("insert_db1", "server=server1->db=" + DB1 + "->action=insert");
privileges.put("create_db1", "server=server1->db=" + DB1 + "->action=create");
+ privileges.put("create_default", "server=server1->db=" + DEFAULT + "->action=create");
privileges.put("drop_db1", "server=server1->db=" + DB1 + "->action=drop");
+ privileges.put("drop_default", "server=server1->db=" + DEFAULT + "->action=drop");
privileges.put("alter_db1", "server=server1->db=" + DB1 + "->action=alter");
privileges.put("create_db2", "server=server1->db=" + DB2 + "->action=create");
@@ -140,6 +143,71 @@ public class TestOperationsPart1 extends AbstractTestWithStaticConfiguration {
}
@Test
+ public void testCreateMacro() throws Exception {
+ policyFile
+ .addPermissionsToRole("create_default", privileges.get("create_default"))
+ .addRolesToGroup(USERGROUP1, "create_default");
+
+ writePolicyFile(policyFile);
+ Connection connection = context.createConnection(USER1_1);
+ Statement statement = context.createStatement(connection);
+ statement.execute("CREATE TEMPORARY MACRO SIGMOID (x DOUBLE) 1.0 / (1.0 + EXP(-x))");
+ statement.close();connection.close();
+
+ //Negative case
+ policyFile
+ .addPermissionsToRole("select_default", privileges.get("select_default"))
+ .addRolesToGroup(USERGROUP2, "select_default");
+ writePolicyFile(policyFile);
+
+ connection = context.createConnection(USER2_1);
+ statement = context.createStatement(connection);
+ context.assertSentrySemanticException(statement,
+ "CREATE TEMPORARY MACRO SIGMOID (x DOUBLE) 1.0 / (1.0 + EXP(-x))", semanticException);
+ statement.close();
+ connection.close();
+ }
+
+ @Test
+ public void testDropMacro() throws Exception {
+ adminCreate(DB1, null);
+ policyFile
+ .addPermissionsToRole("drop_default", privileges.get("drop_default"))
+ .addRolesToGroup(USERGROUP1, "drop_default");
+
+ writePolicyFile(policyFile);
+
+ Connection connection;
+ Statement statement;
+
+ connection = context.createConnection(ADMIN1);
+ statement = context.createStatement(connection);
+ statement.execute("CREATE TEMPORARY MACRO SIGMOID (x DOUBLE) 1.0 / (1.0 + EXP(-x))");
+
+ connection = context.createConnection(USER1_1);
+ statement = context.createStatement(connection);
+ statement.execute("DROP TEMPORARY MACRO SIGMOID");
+ statement.close();
+ connection.close();
+
+ connection = context.createConnection(ADMIN1);
+ statement = context.createStatement(connection);
+ statement.execute("CREATE TEMPORARY MACRO SIGMOID (x DOUBLE) 1.0 / (1.0 + EXP(-x))");
+ //Negative case
+ adminCreate(DB1, null);
+ policyFile
+ .addPermissionsToRole("select_default", privileges.get("select_default"))
+ .addRolesToGroup(USERGROUP2, "select_default");
+ writePolicyFile(policyFile);
+
+ connection = context.createConnection(USER2_1);
+ statement = context.createStatement(connection);
+ context.assertSentrySemanticException(statement, " DROP TEMPORARY MACRO SIGMOID", semanticException);
+ statement.close();
+ connection.close();
+ }
+
+ @Test
public void testInsertInto() throws Exception{
File dataFile;
dataFile = new File(dataDir, SINGLE_TYPE_DATA_FILE_NAME);