You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@sentry.apache.org by "Na Li (JIRA)" <ji...@apache.org> on 2018/02/14 00:45:00 UTC
[jira] [Commented] (SENTRY-2141) Sentry Privilege TimeStamp is not
converted to grantTime in HivePrivilegeInfo correctly
[ https://issues.apache.org/jira/browse/SENTRY-2141?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16363290#comment-16363290 ]
Na Li commented on SENTRY-2141:
-------------------------------
Sentry is using milliseconds in *{color:#FF0000}SentryStore.setCreateTime(){color}*, and the type is long.
{code:java}
private MSentryPrivilege convertToMSentryPrivilege(TSentryPrivilege privilege)
throws SentryInvalidInputException {
MSentryPrivilege mSentryPrivilege = new MSentryPrivilege();
mSentryPrivilege.setServerName(toNULLCol(safeTrimLower(privilege.getServerName())));
mSentryPrivilege.setDbName(toNULLCol(safeTrimLower(privilege.getDbName())));
mSentryPrivilege.setTableName(toNULLCol(safeTrimLower(privilege.getTableName())));
mSentryPrivilege.setColumnName(toNULLCol(safeTrimLower(privilege.getColumnName())));
mSentryPrivilege.setPrivilegeScope(safeTrim(privilege.getPrivilegeScope()));
mSentryPrivilege.setAction(toNULLCol(safeTrimLower(privilege.getAction())));
mSentryPrivilege.setCreateTime(System.currentTimeMillis());
mSentryPrivilege.setURI(toNULLCol(safeTrim(privilege.getURI())));
if ( !privilege.getGrantOption().equals(TSentryGrantOption.UNSET) ) {
mSentryPrivilege.setGrantOption(Boolean.valueOf(privilege.getGrantOption().toString()));
} else {
mSentryPrivilege.setGrantOption(null);
}
return mSentryPrivilege;
}
{code}
Hive is using seconds and type is int.
Then hive converts the time in seconds to milliseconds again at *{color:#FF0000}(long)privilege.getGrantTime() * 1000L{color}*
{code:java}
DDLTask.writeGrantInfo
static String writeGrantInfo(List<HivePrivilegeInfo> privileges, boolean testMode) {
if (privileges != null && !privileges.isEmpty()) {
StringBuilder builder = new StringBuilder();
Collections.sort(privileges, new Comparator<HivePrivilegeInfo>() {
public int compare(HivePrivilegeInfo o1, HivePrivilegeInfo o2) {
int compare = o1.getObject().compareTo(o2.getObject());
if (compare == 0) {
compare = o1.getPrincipal().compareTo(o2.getPrincipal());
}
if (compare == 0) {
compare = o1.getPrivilege().compareTo(o2.getPrivilege());
}
return compare;
}
});
Iterator var3 = privileges.iterator();
while(var3.hasNext()) {
HivePrivilegeInfo privilege = (HivePrivilegeInfo)var3.next();
HivePrincipal principal = privilege.getPrincipal();
HivePrivilegeObject resource = privilege.getObject();
HivePrincipal grantor = privilege.getGrantorPrincipal();
appendNonNull(builder, resource.getDbname(), true);
appendNonNull(builder, resource.getObjectName());
appendNonNull(builder, resource.getPartKeys());
appendNonNull(builder, resource.getColumns());
appendNonNull(builder, principal.getName());
appendNonNull(builder, principal.getType());
appendNonNull(builder, privilege.getPrivilege().getName());
appendNonNull(builder, privilege.isGrantOption());
appendNonNull(builder, testMode ? -1L : (long)privilege.getGrantTime() * 1000L);
appendNonNull(builder, grantor.getName());
}
return builder.toString();
} else {
return "";
}
}
{code}
Therefore, sentry should convert the time accordingly
{code}
Old code uses "(int) tPrivilege.getCreateTime()"
public static HivePrivilegeInfo convert2HivePrivilegeInfo(TSentryPrivilege tPrivilege,
HivePrincipal principal) {
HivePrivilege hivePrivilege = convert2HivePrivilege(tPrivilege.getAction());
HivePrivilegeObject hivePrivilegeObject = convert2HivePrivilegeObject(tPrivilege);
// now sentry don't show grantor of a privilege
HivePrincipal grantor = new HivePrincipal(UNKONWN_GRANTOR, HivePrincipalType.ROLE);
boolean grantOption =
tPrivilege.getGrantOption().equals(TSentryGrantOption.TRUE) ? true : false;
return new HivePrivilegeInfo(principal, hivePrivilege, hivePrivilegeObject, grantor,
grantOption, (int) tPrivilege.getCreateTime());
}
{code}
{code}
New code uses "(int)(tPrivilege.getCreateTime() / 1000)"
public static HivePrivilegeInfo convert2HivePrivilegeInfo(TSentryPrivilege tPrivilege,
HivePrincipal principal) {
HivePrivilege hivePrivilege = convert2HivePrivilege(tPrivilege.getAction());
HivePrivilegeObject hivePrivilegeObject = convert2HivePrivilegeObject(tPrivilege);
// now sentry don't show grantor of a privilege
HivePrincipal grantor = new HivePrincipal(UNKONWN_GRANTOR, HivePrincipalType.ROLE);
// sentry CreateTime is the difference, measured in milliseconds,
// between the current time and midnight, January 1, 1970 UTC.
// hive granttime is in seconds. So need to convert the time.
int hiveCreateTime = (int)(tPrivilege.getCreateTime() / 1000);
boolean grantOption =
tPrivilege.getGrantOption().equals(TSentryGrantOption.TRUE) ? true : false;
return new HivePrivilegeInfo(principal, hivePrivilege, hivePrivilegeObject, grantor,
grantOption, hiveCreateTime);
}
{code}
> Sentry Privilege TimeStamp is not converted to grantTime in HivePrivilegeInfo correctly
> ---------------------------------------------------------------------------------------
>
> Key: SENTRY-2141
> URL: https://issues.apache.org/jira/browse/SENTRY-2141
> Project: Sentry
> Issue Type: Bug
> Affects Versions: 2.0.0, 2.1.0
> Reporter: Na Li
> Assignee: Na Li
> Priority: Major
>
> sentry CreateTime is the difference, measured in milliseconds, between the current time and midnight, January 1, 1970 UTC. hive granttime is in seconds. So need to convert the time.
> The original code just cost the timestamp from long to int without converting milliseconds to seconds. Therefore, the timestamp value is wrong when retrieving the privilege from hive.
> The solution is to convert the time correctly.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)