You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@sentry.apache.org by sd...@apache.org on 2016/07/04 02:40:30 UTC
sentry git commit: SENTRY-1349: Add permission check and test case
for alter db set owner in V2 (Ke Jia via Dapeng Sun)
Repository: sentry
Updated Branches:
refs/heads/master ef8902178 -> 915b80248
SENTRY-1349: Add permission check and test case for alter db set owner in V2 (Ke Jia via Dapeng Sun)
Project: http://git-wip-us.apache.org/repos/asf/sentry/repo
Commit: http://git-wip-us.apache.org/repos/asf/sentry/commit/915b8024
Tree: http://git-wip-us.apache.org/repos/asf/sentry/tree/915b8024
Diff: http://git-wip-us.apache.org/repos/asf/sentry/diff/915b8024
Branch: refs/heads/master
Commit: 915b80248a2504c1f98a6b13f8c1480417fee937
Parents: ef89021
Author: Sun Dapeng <sd...@apache.org>
Authored: Mon Jul 4 10:35:54 2016 +0800
Committer: Sun Dapeng <sd...@apache.org>
Committed: Mon Jul 4 10:35:54 2016 +0800
----------------------------------------------------------------------
.../hive/v2/HiveAuthzPrivilegesMapV2.java | 1 +
.../sentry/tests/e2e/hive/TestOperations.java | 27 ++++++++++++++++++++
2 files changed, 28 insertions(+)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/sentry/blob/915b8024/sentry-binding/sentry-binding-hive-v2/src/main/java/org/apache/sentry/binding/hive/v2/HiveAuthzPrivilegesMapV2.java
----------------------------------------------------------------------
diff --git a/sentry-binding/sentry-binding-hive-v2/src/main/java/org/apache/sentry/binding/hive/v2/HiveAuthzPrivilegesMapV2.java b/sentry-binding/sentry-binding-hive-v2/src/main/java/org/apache/sentry/binding/hive/v2/HiveAuthzPrivilegesMapV2.java
index 8993084..93bdf4b 100644
--- a/sentry-binding/sentry-binding-hive-v2/src/main/java/org/apache/sentry/binding/hive/v2/HiveAuthzPrivilegesMapV2.java
+++ b/sentry-binding/sentry-binding-hive-v2/src/main/java/org/apache/sentry/binding/hive/v2/HiveAuthzPrivilegesMapV2.java
@@ -199,6 +199,7 @@ public class HiveAuthzPrivilegesMapV2 {
hiveAuthzStmtPrivMap.put(HiveOperation.DROPDATABASE, dropDbPrivilege);
hiveAuthzStmtPrivMap.put(HiveOperation.CREATETABLE, tableCreatePrivilege);
hiveAuthzStmtPrivMap.put(HiveOperation.ALTERDATABASE, alterDbPrivilege);
+ hiveAuthzStmtPrivMap.put(HiveOperation.ALTERDATABASE_OWNER, alterDbPrivilege);
hiveAuthzStmtPrivMap.put(HiveOperation.DROPTABLE, dropTablePrivilege);
hiveAuthzStmtPrivMap.put(HiveOperation.CREATEVIEW, createViewPrivilege);
http://git-wip-us.apache.org/repos/asf/sentry/blob/915b8024/sentry-tests/sentry-tests-hive-v2/src/test/java/org/apache/sentry/tests/e2e/hive/TestOperations.java
----------------------------------------------------------------------
diff --git a/sentry-tests/sentry-tests-hive-v2/src/test/java/org/apache/sentry/tests/e2e/hive/TestOperations.java b/sentry-tests/sentry-tests-hive-v2/src/test/java/org/apache/sentry/tests/e2e/hive/TestOperations.java
index 06a5752..b8d80f1 100644
--- a/sentry-tests/sentry-tests-hive-v2/src/test/java/org/apache/sentry/tests/e2e/hive/TestOperations.java
+++ b/sentry-tests/sentry-tests-hive-v2/src/test/java/org/apache/sentry/tests/e2e/hive/TestOperations.java
@@ -289,6 +289,33 @@ public class TestOperations extends AbstractTestWithStaticConfiguration {
connection.close();
}
+ /* Test all operations that require alter on Database alone
+ 1. Alter database : HiveOperation.ALTERDATABASE_OWNER
+ */
+ @Test
+ public void testAlterDatabaseOwner() throws Exception{
+ adminCreate(DB1, null);
+
+
+ Connection connection = context.createConnection(ADMIN1);
+ Statement statement = context.createStatement(connection);
+ statement.execute("ALTER DATABASE " + DB1 + " SET OWNER USER " + USER1_1);
+
+
+ //Negative case
+ adminCreate(DB1, null);
+ policyFile
+ .addPermissionsToRole("select_db1", privileges.get("select_db1"))
+ .addRolesToGroup(USERGROUP1, "select_db1");
+ writePolicyFile(policyFile);
+
+ connection = context.createConnection(USER1_1);
+ statement = context.createStatement(connection);
+ context.assertSentrySemanticException(statement, "ALTER DATABASE " + DB1 + " SET OWNER USER " + USER2_1, semanticException);
+ statement.close();
+ connection.close();
+ }
+
/* SELECT/INSERT on DATABASE
1. HiveOperation.DESCDATABASE
*/