You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@impala.apache.org by bh...@apache.org on 2018/10/08 17:12:00 UTC

[4/6] impala git commit: IMPALA-7671: Fix broken SHOW GRANT USER ON 
IMPALA-7671: Fix broken SHOW GRANT USER ON <object>

This patch fixes the broken SHOW GRANT USER ON <object> that always
shows an empty result due to incorrect comparison between TPrivilege for
the filter vs TPrivilege for the actual privilege that should not
consider the "grantoption".

Testing:
- Added new E2E tests
- Ran all FE tests
- Ran all authorization E2E tests

Change-Id: I7adc403caddd18e5a954cf6affd5d1d555b9f5f0
Reviewed-on: http://gerrit.cloudera.org:8080/11598
Reviewed-by: Impala Public Jenkins <im...@cloudera.com>
Tested-by: Impala Public Jenkins <im...@cloudera.com>


Project: http://git-wip-us.apache.org/repos/asf/impala/repo
Commit: http://git-wip-us.apache.org/repos/asf/impala/commit/e5c502e4
Tree: http://git-wip-us.apache.org/repos/asf/impala/tree/e5c502e4
Diff: http://git-wip-us.apache.org/repos/asf/impala/diff/e5c502e4

Branch: refs/heads/master
Commit: e5c502e4e428bd1cd5b04f06d72eba8fba61e918
Parents: 81c58d5
Author: Fredy Wijaya <fw...@cloudera.com>
Authored: Fri Oct 5 12:13:44 2018 -0700
Committer: Impala Public Jenkins <im...@cloudera.com>
Committed: Sat Oct 6 07:25:49 2018 +0000

----------------------------------------------------------------------
 .../apache/impala/catalog/AuthorizationPolicy.java  |  3 +++
 .../queries/QueryTest/show_grant_user.test          | 16 ++++++++++++++++
 tests/common/impala_test_suite.py                   |  6 ++++--
 3 files changed, 23 insertions(+), 2 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/impala/blob/e5c502e4/fe/src/main/java/org/apache/impala/catalog/AuthorizationPolicy.java
----------------------------------------------------------------------
diff --git a/fe/src/main/java/org/apache/impala/catalog/AuthorizationPolicy.java b/fe/src/main/java/org/apache/impala/catalog/AuthorizationPolicy.java
index e06818c..4819079 100644
--- a/fe/src/main/java/org/apache/impala/catalog/AuthorizationPolicy.java
+++ b/fe/src/main/java/org/apache/impala/catalog/AuthorizationPolicy.java
@@ -491,7 +491,10 @@ public class AuthorizationPolicy implements PrivilegeCache {
    * Check if the filter matches the privilege.
    */
   private boolean isPrivilegeFiltered(TPrivilege filter, TPrivilege privilege) {
+    // Set the filter with privilege level and has grant option from the given privilege
+    // since those two fields don't matter for the filter.
     filter.setPrivilege_level(privilege.getPrivilege_level());
+    filter.setHas_grant_opt(privilege.isHas_grant_opt());
     String privName = PrincipalPrivilege.buildPrivilegeName(filter);
     return !privName.equalsIgnoreCase(PrincipalPrivilege.buildPrivilegeName(privilege));
   }

http://git-wip-us.apache.org/repos/asf/impala/blob/e5c502e4/testdata/workloads/functional-query/queries/QueryTest/show_grant_user.test
----------------------------------------------------------------------
diff --git a/testdata/workloads/functional-query/queries/QueryTest/show_grant_user.test b/testdata/workloads/functional-query/queries/QueryTest/show_grant_user.test
index 8dd86fe..55ba28f 100644
--- a/testdata/workloads/functional-query/queries/QueryTest/show_grant_user.test
+++ b/testdata/workloads/functional-query/queries/QueryTest/show_grant_user.test
@@ -1,4 +1,11 @@
 ====
+---- QUERY
+show grant user $USER on database $DATABASE
+---- RESULTS
+'USER','$USER','database','$DATABASE','','','','owner',true,regex:.+
+---- TYPES
+STRING, STRING, STRING, STRING, STRING, STRING, STRING, STRING, BOOLEAN, STRING
+====
 ---- USER
 does_not_exist
 ---- QUERY
@@ -134,6 +141,15 @@ show grant user user2_shared2
 ---- TYPES
 STRING, STRING, STRING, STRING, STRING, STRING, STRING, STRING, BOOLEAN, STRING
 ====
+---- USER
+user_1group
+---- QUERY
+show grant user user_1group on table $DATABASE.user_1group_tbl
+---- RESULTS
+'USER','user_1group','table','$DATABASE','user_1group_tbl','','','owner',true,regex:.+
+---- TYPES
+STRING, STRING, STRING, STRING, STRING, STRING, STRING, STRING, BOOLEAN, STRING
+====
 ---- QUERY
 create role sgu_test_role1_group1;
 grant role sgu_test_role1_group1 to group group_1;

http://git-wip-us.apache.org/repos/asf/impala/blob/e5c502e4/tests/common/impala_test_suite.py
----------------------------------------------------------------------
diff --git a/tests/common/impala_test_suite.py b/tests/common/impala_test_suite.py
index 979bff5..0f18dea 100644
--- a/tests/common/impala_test_suite.py
+++ b/tests/common/impala_test_suite.py
@@ -373,11 +373,13 @@ class ImpalaTestSuite(BaseTestSuite):
           .replace('$GROUP_NAME', group_name)
           .replace('$IMPALA_HOME', IMPALA_HOME)
           .replace('$FILESYSTEM_PREFIX', FILESYSTEM_PREFIX)
-          .replace('$SECONDARY_FILESYSTEM', os.getenv("SECONDARY_FILESYSTEM") or str()))
+          .replace('$SECONDARY_FILESYSTEM', os.getenv("SECONDARY_FILESYSTEM") or str())
+          .replace('$USER', getuser()))
       if use_db: query = query.replace('$DATABASE', use_db)
 
       reserved_keywords = ["$DATABASE", "$FILESYSTEM_PREFIX", "$GROUP_NAME",
-                           "$IMPALA_HOME", "$NAMENODE", "$QUERY", "$SECONDARY_FILESYSTEM"]
+                           "$IMPALA_HOME", "$NAMENODE", "$QUERY", "$SECONDARY_FILESYSTEM",
+                           "$USER"]
 
       if test_file_vars:
         for key, value in test_file_vars.iteritems():