You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@sentry.apache.org by sd...@apache.org on 2016/07/04 02:40:30 UTC

sentry git commit: SENTRY-1349: Add permission check and test case for alter db set owner in V2 (Ke Jia via Dapeng Sun)

Repository: sentry
Updated Branches:
  refs/heads/master ef8902178 -> 915b80248


SENTRY-1349: Add permission check and test case for alter db set owner in V2 (Ke Jia via Dapeng Sun)


Project: http://git-wip-us.apache.org/repos/asf/sentry/repo
Commit: http://git-wip-us.apache.org/repos/asf/sentry/commit/915b8024
Tree: http://git-wip-us.apache.org/repos/asf/sentry/tree/915b8024
Diff: http://git-wip-us.apache.org/repos/asf/sentry/diff/915b8024

Branch: refs/heads/master
Commit: 915b80248a2504c1f98a6b13f8c1480417fee937
Parents: ef89021
Author: Sun Dapeng <sd...@apache.org>
Authored: Mon Jul 4 10:35:54 2016 +0800
Committer: Sun Dapeng <sd...@apache.org>
Committed: Mon Jul 4 10:35:54 2016 +0800

----------------------------------------------------------------------
 .../hive/v2/HiveAuthzPrivilegesMapV2.java       |  1 +
 .../sentry/tests/e2e/hive/TestOperations.java   | 27 ++++++++++++++++++++
 2 files changed, 28 insertions(+)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/sentry/blob/915b8024/sentry-binding/sentry-binding-hive-v2/src/main/java/org/apache/sentry/binding/hive/v2/HiveAuthzPrivilegesMapV2.java
----------------------------------------------------------------------
diff --git a/sentry-binding/sentry-binding-hive-v2/src/main/java/org/apache/sentry/binding/hive/v2/HiveAuthzPrivilegesMapV2.java b/sentry-binding/sentry-binding-hive-v2/src/main/java/org/apache/sentry/binding/hive/v2/HiveAuthzPrivilegesMapV2.java
index 8993084..93bdf4b 100644
--- a/sentry-binding/sentry-binding-hive-v2/src/main/java/org/apache/sentry/binding/hive/v2/HiveAuthzPrivilegesMapV2.java
+++ b/sentry-binding/sentry-binding-hive-v2/src/main/java/org/apache/sentry/binding/hive/v2/HiveAuthzPrivilegesMapV2.java
@@ -199,6 +199,7 @@ public class HiveAuthzPrivilegesMapV2 {
     hiveAuthzStmtPrivMap.put(HiveOperation.DROPDATABASE, dropDbPrivilege);
     hiveAuthzStmtPrivMap.put(HiveOperation.CREATETABLE, tableCreatePrivilege);
     hiveAuthzStmtPrivMap.put(HiveOperation.ALTERDATABASE, alterDbPrivilege);
+    hiveAuthzStmtPrivMap.put(HiveOperation.ALTERDATABASE_OWNER, alterDbPrivilege);
 
     hiveAuthzStmtPrivMap.put(HiveOperation.DROPTABLE, dropTablePrivilege);
     hiveAuthzStmtPrivMap.put(HiveOperation.CREATEVIEW, createViewPrivilege);

http://git-wip-us.apache.org/repos/asf/sentry/blob/915b8024/sentry-tests/sentry-tests-hive-v2/src/test/java/org/apache/sentry/tests/e2e/hive/TestOperations.java
----------------------------------------------------------------------
diff --git a/sentry-tests/sentry-tests-hive-v2/src/test/java/org/apache/sentry/tests/e2e/hive/TestOperations.java b/sentry-tests/sentry-tests-hive-v2/src/test/java/org/apache/sentry/tests/e2e/hive/TestOperations.java
index 06a5752..b8d80f1 100644
--- a/sentry-tests/sentry-tests-hive-v2/src/test/java/org/apache/sentry/tests/e2e/hive/TestOperations.java
+++ b/sentry-tests/sentry-tests-hive-v2/src/test/java/org/apache/sentry/tests/e2e/hive/TestOperations.java
@@ -289,6 +289,33 @@ public class TestOperations extends AbstractTestWithStaticConfiguration {
     connection.close();
   }
 
+  /* Test all operations that require alter on Database alone
+  1. Alter database : HiveOperation.ALTERDATABASE_OWNER
+   */
+  @Test
+  public void testAlterDatabaseOwner() throws Exception{
+    adminCreate(DB1, null);
+
+
+    Connection connection = context.createConnection(ADMIN1);
+    Statement statement = context.createStatement(connection);
+    statement.execute("ALTER DATABASE " + DB1 + " SET OWNER USER " + USER1_1);
+
+
+    //Negative case
+    adminCreate(DB1, null);
+    policyFile
+        .addPermissionsToRole("select_db1", privileges.get("select_db1"))
+        .addRolesToGroup(USERGROUP1, "select_db1");
+    writePolicyFile(policyFile);
+
+    connection = context.createConnection(USER1_1);
+    statement = context.createStatement(connection);
+    context.assertSentrySemanticException(statement, "ALTER DATABASE " + DB1 + " SET OWNER USER " + USER2_1, semanticException);
+    statement.close();
+    connection.close();
+  }
+
   /* SELECT/INSERT on DATABASE
    1. HiveOperation.DESCDATABASE
    */