You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@sentry.apache.org by ak...@apache.org on 2017/03/11 02:11:58 UTC
sentry git commit: SENTRY-1359: Implement SHOW ROLE GRANT USER
user_name in V2 (Ke Jia via Dapeng Sun)
Repository: sentry
Updated Branches:
refs/heads/sentry-ha-redesign c34ce7298 -> df7c7dd40
SENTRY-1359: Implement SHOW ROLE GRANT USER user_name in V2 (Ke Jia via Dapeng Sun)
Project: http://git-wip-us.apache.org/repos/asf/sentry/repo
Commit: http://git-wip-us.apache.org/repos/asf/sentry/commit/df7c7dd4
Tree: http://git-wip-us.apache.org/repos/asf/sentry/tree/df7c7dd4
Diff: http://git-wip-us.apache.org/repos/asf/sentry/diff/df7c7dd4
Branch: refs/heads/sentry-ha-redesign
Commit: df7c7dd40ad67af7a4a2fc2a802d8ddcd6fed1ff
Parents: c34ce72
Author: Alexander Kolbasov <ak...@cloudera.com>
Authored: Fri Mar 10 18:11:52 2017 -0800
Committer: Alexander Kolbasov <ak...@cloudera.com>
Committed: Fri Mar 10 18:11:52 2017 -0800
----------------------------------------------------------------------
.../DefaultSentryAccessController.java | 10 ++++---
.../TestPrivilegeWithGrantOption.java | 29 ++++++++++++++++++++
2 files changed, 35 insertions(+), 4 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/sentry/blob/df7c7dd4/sentry-binding/sentry-binding-hive-v2/src/main/java/org/apache/sentry/binding/hive/v2/authorizer/DefaultSentryAccessController.java
----------------------------------------------------------------------
diff --git a/sentry-binding/sentry-binding-hive-v2/src/main/java/org/apache/sentry/binding/hive/v2/authorizer/DefaultSentryAccessController.java b/sentry-binding/sentry-binding-hive-v2/src/main/java/org/apache/sentry/binding/hive/v2/authorizer/DefaultSentryAccessController.java
index 09e2a62..391841f 100644
--- a/sentry-binding/sentry-binding-hive-v2/src/main/java/org/apache/sentry/binding/hive/v2/authorizer/DefaultSentryAccessController.java
+++ b/sentry-binding/sentry-binding-hive-v2/src/main/java/org/apache/sentry/binding/hive/v2/authorizer/DefaultSentryAccessController.java
@@ -313,14 +313,16 @@ public class DefaultSentryAccessController extends SentryHiveAccessController {
List<HiveRoleGrant> hiveRoleGrants = new ArrayList<HiveRoleGrant>();
try {
sentryClient = getSentryClient();
-
- if (principal.getType() != HivePrincipalType.GROUP) {
+ Set<TSentryRole> roles = null;
+ if (principal.getType() == HivePrincipalType.GROUP) {
+ roles = sentryClient.listRolesByGroupName(authenticator.getUserName(), principal.getName());
+ } else if (principal.getType() == HivePrincipalType.USER) {
+ roles = sentryClient.listRolesByUserName(authenticator.getUserName(), principal.getName());
+ } else {
String msg =
SentryHiveConstants.GRANT_REVOKE_NOT_SUPPORTED_FOR_PRINCIPAL + principal.getType();
throw new HiveAuthzPluginException(msg);
}
- Set<TSentryRole> roles =
- sentryClient.listRolesByGroupName(authenticator.getUserName(), principal.getName());
if (roles != null && !roles.isEmpty()) {
for (TSentryRole role : roles) {
hiveRoleGrants.add(SentryAuthorizerUtil.convert2HiveRoleGrant(role));
http://git-wip-us.apache.org/repos/asf/sentry/blob/df7c7dd4/sentry-tests/sentry-tests-hive-v2/src/test/java/org/apache/sentry/tests/e2e/dbprovider/TestPrivilegeWithGrantOption.java
----------------------------------------------------------------------
diff --git a/sentry-tests/sentry-tests-hive-v2/src/test/java/org/apache/sentry/tests/e2e/dbprovider/TestPrivilegeWithGrantOption.java b/sentry-tests/sentry-tests-hive-v2/src/test/java/org/apache/sentry/tests/e2e/dbprovider/TestPrivilegeWithGrantOption.java
index 74a7ec7..8e18422 100644
--- a/sentry-tests/sentry-tests-hive-v2/src/test/java/org/apache/sentry/tests/e2e/dbprovider/TestPrivilegeWithGrantOption.java
+++ b/sentry-tests/sentry-tests-hive-v2/src/test/java/org/apache/sentry/tests/e2e/dbprovider/TestPrivilegeWithGrantOption.java
@@ -21,6 +21,8 @@ import java.sql.Connection;
import java.sql.ResultSet;
import java.sql.SQLException;
import java.sql.Statement;
+import java.util.ArrayList;
+import java.util.List;
import org.apache.sentry.core.common.exception.SentryAccessDeniedException;
import org.junit.Assert;
@@ -198,6 +200,33 @@ public class TestPrivilegeWithGrantOption extends AbstractTestWithStaticConfigur
context.close();
}
+ @Test
+ public void testShowRoleGrantOnUser() throws Exception {
+ // setup db objects needed by the test
+ Connection connection = context.createConnection(ADMIN1);
+ Statement statement = context.createStatement(connection);
+ statement.execute("DROP DATABASE IF EXISTS db_1 CASCADE");
+ statement.execute("DROP DATABASE IF EXISTS db_2 CASCADE");
+ statement.execute("CREATE DATABASE db_1");
+ statement.execute("CREATE ROLE group1_role");
+ statement.execute("GRANT ROLE group1_role TO USER " + USER1_1);
+
+ ResultSet res = statement.executeQuery("SHOW ROLE GRANT USER " + USER1_1);
+ List<String> expectedResult = new ArrayList<String>();
+ List<String> returnedResult = new ArrayList<String>();
+ expectedResult.add("group1_role");
+ while(res.next()){
+ returnedResult.add(res.getString(1));
+ }
+
+ validateReturnedResult(expectedResult, returnedResult);
+ returnedResult.clear();
+ expectedResult.clear();
+ res.close();
+
+ statement.close();
+ connection.close();
+ }
/**
* Test privileges with grant on parent objects are sufficient for operation
* on child objects