You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@sentry.apache.org by sp...@apache.org on 2018/06/27 16:38:00 UTC
sentry git commit: SENTRY-2272: Fix the sentry store logic for
listing user privileges (Sergio Pena, reviewed by kalyan kumar kalvagadda)
Repository: sentry
Updated Branches:
refs/heads/master cfd1036fe -> 0397fc5e3
SENTRY-2272: Fix the sentry store logic for listing user privileges (Sergio Pena, reviewed by kalyan kumar kalvagadda)
Project: http://git-wip-us.apache.org/repos/asf/sentry/repo
Commit: http://git-wip-us.apache.org/repos/asf/sentry/commit/0397fc5e
Tree: http://git-wip-us.apache.org/repos/asf/sentry/tree/0397fc5e
Diff: http://git-wip-us.apache.org/repos/asf/sentry/diff/0397fc5e
Branch: refs/heads/master
Commit: 0397fc5e3f6956ff5d56bb32acbb8670c18d0659
Parents: cfd1036
Author: Sergio Pena <se...@cloudera.com>
Authored: Wed Jun 27 11:37:34 2018 -0500
Committer: Sergio Pena <se...@cloudera.com>
Committed: Wed Jun 27 11:37:34 2018 -0500
----------------------------------------------------------------------
.../authz/DefaultSentryAccessController.java | 30 +++++++++++++++++---
1 file changed, 26 insertions(+), 4 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/sentry/blob/0397fc5e/sentry-binding/sentry-binding-hive/src/main/java/org/apache/sentry/binding/hive/authz/DefaultSentryAccessController.java
----------------------------------------------------------------------
diff --git a/sentry-binding/sentry-binding-hive/src/main/java/org/apache/sentry/binding/hive/authz/DefaultSentryAccessController.java b/sentry-binding/sentry-binding-hive/src/main/java/org/apache/sentry/binding/hive/authz/DefaultSentryAccessController.java
index 318c1e8..beca2f8 100644
--- a/sentry-binding/sentry-binding-hive/src/main/java/org/apache/sentry/binding/hive/authz/DefaultSentryAccessController.java
+++ b/sentry-binding/sentry-binding-hive/src/main/java/org/apache/sentry/binding/hive/authz/DefaultSentryAccessController.java
@@ -51,6 +51,7 @@ import org.apache.sentry.binding.util.SentryAuthorizerUtil;
import org.apache.sentry.core.common.ActiveRoleSet;
import org.apache.sentry.core.common.Authorizable;
import org.apache.sentry.core.common.exception.SentryAccessDeniedException;
+import org.apache.sentry.core.common.exception.SentryNoSuchObjectException;
import org.apache.sentry.core.common.exception.SentryUserException;
import org.apache.sentry.core.model.db.AccessConstants;
import org.apache.sentry.core.model.db.DBModelAuthorizable;
@@ -234,8 +235,19 @@ public class DefaultSentryAccessController extends SentryHiveAccessController {
principal.getName(), authorizable));
break;
case USER:
- tPrivilges.addAll(sentryClient.listPrivilegesByUserName(authenticator.getUserName(),
- principal.getName(), authorizable));
+ try {
+ tPrivilges.addAll(sentryClient.listPrivilegesByUserName(authenticator.getUserName(),
+ principal.getName(), authorizable));
+ } catch (SentryNoSuchObjectException e) {
+ // SentryNoSuchObjectException is thrown by Sentry when the user name requested
+ // is not found in the Sentry database. Sentry only stores user information when
+ // privileges are granted, and deletes the user when privileges are deleted to avoid
+ // stale data.
+ // To avoid throwing a nasty exception in Hive, then we return an empty list instead
+ // to let Hive execute the SHOW GRANT USER without errors.
+ LOG.info("User {} requested does not exist in Sentry", authenticator.getUserName());
+ }
+
break;
}
}
@@ -246,8 +258,18 @@ public class DefaultSentryAccessController extends SentryHiveAccessController {
principal.getName(), null));
break;
case USER:
- tPrivilges.addAll(sentryClient.listPrivilegesByUserName(authenticator.getUserName(),
- principal.getName(), null));
+ try {
+ tPrivilges.addAll(sentryClient.listPrivilegesByUserName(authenticator.getUserName(),
+ principal.getName(), null));
+ } catch (SentryNoSuchObjectException e) {
+ // SentryNoSuchObjectException is thrown by Sentry when the user name requested
+ // is not found in the Sentry database. Sentry only stores user information when
+ // privileges are granted, and deletes the user when privileges are deleted to avoid
+ // stale data.
+ // To avoid throwing a nasty exception in Hive, then we return an empty list instead
+ // to let Hive execute the SHOW GRANT USER without errors.
+ LOG.info("User {} requested does not exist in Sentry", authenticator.getUserName());
+ }
break;
}
}