You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@impala.apache.org by bh...@apache.org on 2018/10/08 17:12:00 UTC
[4/6] impala git commit: IMPALA-7671: Fix broken SHOW GRANT USER ON
IMPALA-7671: Fix broken SHOW GRANT USER ON <object>
This patch fixes the broken SHOW GRANT USER ON <object> that always
shows an empty result due to incorrect comparison between TPrivilege for
the filter vs TPrivilege for the actual privilege that should not
consider the "grantoption".
Testing:
- Added new E2E tests
- Ran all FE tests
- Ran all authorization E2E tests
Change-Id: I7adc403caddd18e5a954cf6affd5d1d555b9f5f0
Reviewed-on: http://gerrit.cloudera.org:8080/11598
Reviewed-by: Impala Public Jenkins <im...@cloudera.com>
Tested-by: Impala Public Jenkins <im...@cloudera.com>
Project: http://git-wip-us.apache.org/repos/asf/impala/repo
Commit: http://git-wip-us.apache.org/repos/asf/impala/commit/e5c502e4
Tree: http://git-wip-us.apache.org/repos/asf/impala/tree/e5c502e4
Diff: http://git-wip-us.apache.org/repos/asf/impala/diff/e5c502e4
Branch: refs/heads/master
Commit: e5c502e4e428bd1cd5b04f06d72eba8fba61e918
Parents: 81c58d5
Author: Fredy Wijaya <fw...@cloudera.com>
Authored: Fri Oct 5 12:13:44 2018 -0700
Committer: Impala Public Jenkins <im...@cloudera.com>
Committed: Sat Oct 6 07:25:49 2018 +0000
----------------------------------------------------------------------
.../apache/impala/catalog/AuthorizationPolicy.java | 3 +++
.../queries/QueryTest/show_grant_user.test | 16 ++++++++++++++++
tests/common/impala_test_suite.py | 6 ++++--
3 files changed, 23 insertions(+), 2 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/impala/blob/e5c502e4/fe/src/main/java/org/apache/impala/catalog/AuthorizationPolicy.java
----------------------------------------------------------------------
diff --git a/fe/src/main/java/org/apache/impala/catalog/AuthorizationPolicy.java b/fe/src/main/java/org/apache/impala/catalog/AuthorizationPolicy.java
index e06818c..4819079 100644
--- a/fe/src/main/java/org/apache/impala/catalog/AuthorizationPolicy.java
+++ b/fe/src/main/java/org/apache/impala/catalog/AuthorizationPolicy.java
@@ -491,7 +491,10 @@ public class AuthorizationPolicy implements PrivilegeCache {
* Check if the filter matches the privilege.
*/
private boolean isPrivilegeFiltered(TPrivilege filter, TPrivilege privilege) {
+ // Set the filter with privilege level and has grant option from the given privilege
+ // since those two fields don't matter for the filter.
filter.setPrivilege_level(privilege.getPrivilege_level());
+ filter.setHas_grant_opt(privilege.isHas_grant_opt());
String privName = PrincipalPrivilege.buildPrivilegeName(filter);
return !privName.equalsIgnoreCase(PrincipalPrivilege.buildPrivilegeName(privilege));
}
http://git-wip-us.apache.org/repos/asf/impala/blob/e5c502e4/testdata/workloads/functional-query/queries/QueryTest/show_grant_user.test
----------------------------------------------------------------------
diff --git a/testdata/workloads/functional-query/queries/QueryTest/show_grant_user.test b/testdata/workloads/functional-query/queries/QueryTest/show_grant_user.test
index 8dd86fe..55ba28f 100644
--- a/testdata/workloads/functional-query/queries/QueryTest/show_grant_user.test
+++ b/testdata/workloads/functional-query/queries/QueryTest/show_grant_user.test
@@ -1,4 +1,11 @@
====
+---- QUERY
+show grant user $USER on database $DATABASE
+---- RESULTS
+'USER','$USER','database','$DATABASE','','','','owner',true,regex:.+
+---- TYPES
+STRING, STRING, STRING, STRING, STRING, STRING, STRING, STRING, BOOLEAN, STRING
+====
---- USER
does_not_exist
---- QUERY
@@ -134,6 +141,15 @@ show grant user user2_shared2
---- TYPES
STRING, STRING, STRING, STRING, STRING, STRING, STRING, STRING, BOOLEAN, STRING
====
+---- USER
+user_1group
+---- QUERY
+show grant user user_1group on table $DATABASE.user_1group_tbl
+---- RESULTS
+'USER','user_1group','table','$DATABASE','user_1group_tbl','','','owner',true,regex:.+
+---- TYPES
+STRING, STRING, STRING, STRING, STRING, STRING, STRING, STRING, BOOLEAN, STRING
+====
---- QUERY
create role sgu_test_role1_group1;
grant role sgu_test_role1_group1 to group group_1;
http://git-wip-us.apache.org/repos/asf/impala/blob/e5c502e4/tests/common/impala_test_suite.py
----------------------------------------------------------------------
diff --git a/tests/common/impala_test_suite.py b/tests/common/impala_test_suite.py
index 979bff5..0f18dea 100644
--- a/tests/common/impala_test_suite.py
+++ b/tests/common/impala_test_suite.py
@@ -373,11 +373,13 @@ class ImpalaTestSuite(BaseTestSuite):
.replace('$GROUP_NAME', group_name)
.replace('$IMPALA_HOME', IMPALA_HOME)
.replace('$FILESYSTEM_PREFIX', FILESYSTEM_PREFIX)
- .replace('$SECONDARY_FILESYSTEM', os.getenv("SECONDARY_FILESYSTEM") or str()))
+ .replace('$SECONDARY_FILESYSTEM', os.getenv("SECONDARY_FILESYSTEM") or str())
+ .replace('$USER', getuser()))
if use_db: query = query.replace('$DATABASE', use_db)
reserved_keywords = ["$DATABASE", "$FILESYSTEM_PREFIX", "$GROUP_NAME",
- "$IMPALA_HOME", "$NAMENODE", "$QUERY", "$SECONDARY_FILESYSTEM"]
+ "$IMPALA_HOME", "$NAMENODE", "$QUERY", "$SECONDARY_FILESYSTEM",
+ "$USER"]
if test_file_vars:
for key, value in test_file_vars.iteritems():