You are viewing a plain text version of this content. The canonical link for it is here.
Posted to reviews@impala.apache.org by "Austin Nobis (Code Review)" <ge...@cloudera.org> on 2019/03/26 18:19:28 UTC
[Impala-ASF-CR] IMPALA-8225: Add ranger support for grant/revoke privilege to/from user
Austin Nobis has uploaded a new patch set (#3). ( http://gerrit.cloudera.org:8080/12769 )
Change subject: IMPALA-8225: Add ranger support for grant/revoke privilege to/from user
......................................................................
IMPALA-8225: Add ranger support for grant/revoke privilege to/from user
This patch adds support for GRANT privilege statements to USER and
REVOKE privilege statements from USER. The RangerAuthorizationManager
class has been created and will throw UnsupportedOperationException when
an unimplemented method is called. The grammar has been updated to
support FROM USER and TO USER for GRANT/REVOKE statements. Previously,
privileges could be granted to a ROLE via GRANT/REVOKE statements even
when the ROLE keyword was omitted. This is still the case for ROLE based
authorization to preserve backward compatibility, but Ranger will throw an
exception when a GRANT/REVOKE statement excludes the USER keyword.
An additional end to end test test_ranger.py was added. A single test
was added that grants and revokes for a user and asserts permissions on
a table. The test uses sleep statements to work with Ranger's polling
interval for policy changes. More end to end tests will be added in the
future when the refresh authorization statement works properly.
Testing:
- Ran all FE tests
- Ran all E2E authorization tests
Change-Id: I6ee97bf41546d63385026c0e2b19545565402462
---
M common/thrift/JniCatalog.thrift
M fe/src/main/cup/sql-parser.cup
M fe/src/main/java/org/apache/impala/analysis/GrantRevokePrivStmt.java
M fe/src/main/java/org/apache/impala/authorization/AuthorizationManager.java
M fe/src/main/java/org/apache/impala/authorization/NoneAuthorizationFactory.java
M fe/src/main/java/org/apache/impala/authorization/ranger/RangerAuthorizationFactory.java
A fe/src/main/java/org/apache/impala/authorization/ranger/RangerAuthorizationManager.java
M fe/src/main/java/org/apache/impala/authorization/sentry/SentryCatalogdAuthorizationManager.java
M fe/src/main/java/org/apache/impala/authorization/sentry/SentryImpaladAuthorizationManager.java
M fe/src/main/java/org/apache/impala/service/CatalogOpExecutor.java
M fe/src/test/java/org/apache/impala/analysis/AuthorizationStmtTest.java
M fe/src/test/java/org/apache/impala/analysis/ToSqlTest.java
A fe/src/test/resources/xasecure-audit.xml
M tests/authorization/test_grant_revoke.py
A tests/authorization/test_ranger.py
15 files changed, 860 insertions(+), 227 deletions(-)
git pull ssh://gerrit.cloudera.org:29418/Impala-ASF refs/changes/69/12769/3
--
To view, visit http://gerrit.cloudera.org:8080/12769
To unsubscribe, visit http://gerrit.cloudera.org:8080/settings
Gerrit-Project: Impala-ASF
Gerrit-Branch: master
Gerrit-MessageType: newpatchset
Gerrit-Change-Id: I6ee97bf41546d63385026c0e2b19545565402462
Gerrit-Change-Number: 12769
Gerrit-PatchSet: 3
Gerrit-Owner: Austin Nobis <an...@cloudera.com>
Gerrit-Reviewer: Austin Nobis <an...@cloudera.com>
Gerrit-Reviewer: Fredy Wijaya <fw...@cloudera.com>
Gerrit-Reviewer: Impala Public Jenkins <im...@cloudera.com>