You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@sentry.apache.org by ak...@apache.org on 2017/03/11 02:11:58 UTC

sentry git commit: SENTRY-1359: Implement SHOW ROLE GRANT USER user_name in V2 (Ke Jia via Dapeng Sun)

Repository: sentry
Updated Branches:
  refs/heads/sentry-ha-redesign c34ce7298 -> df7c7dd40


SENTRY-1359: Implement SHOW ROLE GRANT USER user_name in V2 (Ke Jia via Dapeng Sun)


Project: http://git-wip-us.apache.org/repos/asf/sentry/repo
Commit: http://git-wip-us.apache.org/repos/asf/sentry/commit/df7c7dd4
Tree: http://git-wip-us.apache.org/repos/asf/sentry/tree/df7c7dd4
Diff: http://git-wip-us.apache.org/repos/asf/sentry/diff/df7c7dd4

Branch: refs/heads/sentry-ha-redesign
Commit: df7c7dd40ad67af7a4a2fc2a802d8ddcd6fed1ff
Parents: c34ce72
Author: Alexander Kolbasov <ak...@cloudera.com>
Authored: Fri Mar 10 18:11:52 2017 -0800
Committer: Alexander Kolbasov <ak...@cloudera.com>
Committed: Fri Mar 10 18:11:52 2017 -0800

----------------------------------------------------------------------
 .../DefaultSentryAccessController.java          | 10 ++++---
 .../TestPrivilegeWithGrantOption.java           | 29 ++++++++++++++++++++
 2 files changed, 35 insertions(+), 4 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/sentry/blob/df7c7dd4/sentry-binding/sentry-binding-hive-v2/src/main/java/org/apache/sentry/binding/hive/v2/authorizer/DefaultSentryAccessController.java
----------------------------------------------------------------------
diff --git a/sentry-binding/sentry-binding-hive-v2/src/main/java/org/apache/sentry/binding/hive/v2/authorizer/DefaultSentryAccessController.java b/sentry-binding/sentry-binding-hive-v2/src/main/java/org/apache/sentry/binding/hive/v2/authorizer/DefaultSentryAccessController.java
index 09e2a62..391841f 100644
--- a/sentry-binding/sentry-binding-hive-v2/src/main/java/org/apache/sentry/binding/hive/v2/authorizer/DefaultSentryAccessController.java
+++ b/sentry-binding/sentry-binding-hive-v2/src/main/java/org/apache/sentry/binding/hive/v2/authorizer/DefaultSentryAccessController.java
@@ -313,14 +313,16 @@ public class DefaultSentryAccessController extends SentryHiveAccessController {
     List<HiveRoleGrant> hiveRoleGrants = new ArrayList<HiveRoleGrant>();
     try {
       sentryClient = getSentryClient();
-
-      if (principal.getType() != HivePrincipalType.GROUP) {
+      Set<TSentryRole> roles = null;
+      if (principal.getType() == HivePrincipalType.GROUP) {
+        roles = sentryClient.listRolesByGroupName(authenticator.getUserName(), principal.getName());
+      } else if (principal.getType() == HivePrincipalType.USER) {
+        roles = sentryClient.listRolesByUserName(authenticator.getUserName(), principal.getName());
+      } else {
         String msg =
             SentryHiveConstants.GRANT_REVOKE_NOT_SUPPORTED_FOR_PRINCIPAL + principal.getType();
         throw new HiveAuthzPluginException(msg);
       }
-      Set<TSentryRole> roles =
-          sentryClient.listRolesByGroupName(authenticator.getUserName(), principal.getName());
       if (roles != null && !roles.isEmpty()) {
         for (TSentryRole role : roles) {
           hiveRoleGrants.add(SentryAuthorizerUtil.convert2HiveRoleGrant(role));

http://git-wip-us.apache.org/repos/asf/sentry/blob/df7c7dd4/sentry-tests/sentry-tests-hive-v2/src/test/java/org/apache/sentry/tests/e2e/dbprovider/TestPrivilegeWithGrantOption.java
----------------------------------------------------------------------
diff --git a/sentry-tests/sentry-tests-hive-v2/src/test/java/org/apache/sentry/tests/e2e/dbprovider/TestPrivilegeWithGrantOption.java b/sentry-tests/sentry-tests-hive-v2/src/test/java/org/apache/sentry/tests/e2e/dbprovider/TestPrivilegeWithGrantOption.java
index 74a7ec7..8e18422 100644
--- a/sentry-tests/sentry-tests-hive-v2/src/test/java/org/apache/sentry/tests/e2e/dbprovider/TestPrivilegeWithGrantOption.java
+++ b/sentry-tests/sentry-tests-hive-v2/src/test/java/org/apache/sentry/tests/e2e/dbprovider/TestPrivilegeWithGrantOption.java
@@ -21,6 +21,8 @@ import java.sql.Connection;
 import java.sql.ResultSet;
 import java.sql.SQLException;
 import java.sql.Statement;
+import java.util.ArrayList;
+import java.util.List;
 
 import org.apache.sentry.core.common.exception.SentryAccessDeniedException;
 import org.junit.Assert;
@@ -198,6 +200,33 @@ public class TestPrivilegeWithGrantOption extends AbstractTestWithStaticConfigur
     context.close();
   }
 
+  @Test
+  public void testShowRoleGrantOnUser() throws Exception {
+    // setup db objects needed by the test
+    Connection connection = context.createConnection(ADMIN1);
+    Statement statement = context.createStatement(connection);
+    statement.execute("DROP DATABASE IF EXISTS db_1 CASCADE");
+    statement.execute("DROP DATABASE IF EXISTS db_2 CASCADE");
+    statement.execute("CREATE DATABASE db_1");
+    statement.execute("CREATE ROLE group1_role");
+    statement.execute("GRANT ROLE group1_role TO USER " + USER1_1);
+
+    ResultSet res = statement.executeQuery("SHOW ROLE GRANT USER " + USER1_1);
+    List<String> expectedResult = new ArrayList<String>();
+    List<String> returnedResult = new ArrayList<String>();
+    expectedResult.add("group1_role");
+    while(res.next()){
+      returnedResult.add(res.getString(1));
+    }
+
+    validateReturnedResult(expectedResult, returnedResult);
+    returnedResult.clear();
+    expectedResult.clear();
+    res.close();
+
+    statement.close();
+    connection.close();
+  }
   /**
    * Test privileges with grant on parent objects are sufficient for operation
    * on child objects