You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@sentry.apache.org by sp...@apache.org on 2018/06/27 16:38:00 UTC

sentry git commit: SENTRY-2272: Fix the sentry store logic for listing user privileges (Sergio Pena, reviewed by kalyan kumar kalvagadda)

Repository: sentry
Updated Branches:
  refs/heads/master cfd1036fe -> 0397fc5e3


SENTRY-2272: Fix the sentry store logic for listing user privileges (Sergio Pena, reviewed by kalyan kumar kalvagadda)


Project: http://git-wip-us.apache.org/repos/asf/sentry/repo
Commit: http://git-wip-us.apache.org/repos/asf/sentry/commit/0397fc5e
Tree: http://git-wip-us.apache.org/repos/asf/sentry/tree/0397fc5e
Diff: http://git-wip-us.apache.org/repos/asf/sentry/diff/0397fc5e

Branch: refs/heads/master
Commit: 0397fc5e3f6956ff5d56bb32acbb8670c18d0659
Parents: cfd1036
Author: Sergio Pena <se...@cloudera.com>
Authored: Wed Jun 27 11:37:34 2018 -0500
Committer: Sergio Pena <se...@cloudera.com>
Committed: Wed Jun 27 11:37:34 2018 -0500

----------------------------------------------------------------------
 .../authz/DefaultSentryAccessController.java    | 30 +++++++++++++++++---
 1 file changed, 26 insertions(+), 4 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/sentry/blob/0397fc5e/sentry-binding/sentry-binding-hive/src/main/java/org/apache/sentry/binding/hive/authz/DefaultSentryAccessController.java
----------------------------------------------------------------------
diff --git a/sentry-binding/sentry-binding-hive/src/main/java/org/apache/sentry/binding/hive/authz/DefaultSentryAccessController.java b/sentry-binding/sentry-binding-hive/src/main/java/org/apache/sentry/binding/hive/authz/DefaultSentryAccessController.java
index 318c1e8..beca2f8 100644
--- a/sentry-binding/sentry-binding-hive/src/main/java/org/apache/sentry/binding/hive/authz/DefaultSentryAccessController.java
+++ b/sentry-binding/sentry-binding-hive/src/main/java/org/apache/sentry/binding/hive/authz/DefaultSentryAccessController.java
@@ -51,6 +51,7 @@ import org.apache.sentry.binding.util.SentryAuthorizerUtil;
 import org.apache.sentry.core.common.ActiveRoleSet;
 import org.apache.sentry.core.common.Authorizable;
 import org.apache.sentry.core.common.exception.SentryAccessDeniedException;
+import org.apache.sentry.core.common.exception.SentryNoSuchObjectException;
 import org.apache.sentry.core.common.exception.SentryUserException;
 import org.apache.sentry.core.model.db.AccessConstants;
 import org.apache.sentry.core.model.db.DBModelAuthorizable;
@@ -234,8 +235,19 @@ public class DefaultSentryAccessController extends SentryHiveAccessController {
                 principal.getName(), authorizable));
               break;
             case USER:
-              tPrivilges.addAll(sentryClient.listPrivilegesByUserName(authenticator.getUserName(),
-                principal.getName(), authorizable));
+              try {
+                tPrivilges.addAll(sentryClient.listPrivilegesByUserName(authenticator.getUserName(),
+                  principal.getName(), authorizable));
+              } catch (SentryNoSuchObjectException e) {
+                // SentryNoSuchObjectException is thrown by Sentry when the user name requested
+                // is not found in the Sentry database. Sentry only stores user information when
+                // privileges are granted, and deletes the user when privileges are deleted to avoid
+                // stale data.
+                // To avoid throwing a nasty exception in Hive, then we return an empty list instead
+                // to let Hive execute the SHOW GRANT USER without errors.
+                LOG.info("User {} requested does not exist in Sentry", authenticator.getUserName());
+              }
+
               break;
           }
         }
@@ -246,8 +258,18 @@ public class DefaultSentryAccessController extends SentryHiveAccessController {
               principal.getName(), null));
             break;
           case USER:
-            tPrivilges.addAll(sentryClient.listPrivilegesByUserName(authenticator.getUserName(),
-              principal.getName(), null));
+            try {
+              tPrivilges.addAll(sentryClient.listPrivilegesByUserName(authenticator.getUserName(),
+                principal.getName(), null));
+            } catch (SentryNoSuchObjectException e) {
+              // SentryNoSuchObjectException is thrown by Sentry when the user name requested
+              // is not found in the Sentry database. Sentry only stores user information when
+              // privileges are granted, and deletes the user when privileges are deleted to avoid
+              // stale data.
+              // To avoid throwing a nasty exception in Hive, then we return an empty list instead
+              // to let Hive execute the SHOW GRANT USER without errors.
+              LOG.info("User {} requested does not exist in Sentry", authenticator.getUserName());
+            }
             break;
         }
       }