You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@sentry.apache.org by ak...@apache.org on 2017/03/11 02:04:31 UTC
sentry git commit: SENTRY-1351: Enable alter table operation without
outputs in V2 (Ke Jia via Dapeng Sun)
Repository: sentry
Updated Branches:
refs/heads/sentry-ha-redesign b2121119b -> f40831d70
SENTRY-1351: Enable alter table operation without outputs in V2 (Ke Jia via Dapeng Sun)
Project: http://git-wip-us.apache.org/repos/asf/sentry/repo
Commit: http://git-wip-us.apache.org/repos/asf/sentry/commit/f40831d7
Tree: http://git-wip-us.apache.org/repos/asf/sentry/tree/f40831d7
Diff: http://git-wip-us.apache.org/repos/asf/sentry/diff/f40831d7
Branch: refs/heads/sentry-ha-redesign
Commit: f40831d709e84ec6ad7b7e8a31b0067ef32a1d97
Parents: b212111
Author: Alexander Kolbasov <ak...@cloudera.com>
Authored: Fri Mar 10 18:04:25 2017 -0800
Committer: Alexander Kolbasov <ak...@cloudera.com>
Committed: Fri Mar 10 18:04:25 2017 -0800
----------------------------------------------------------------------
.../hive/v2/HiveAuthzPrivilegesMapV2.java | 9 +++
.../sentry/tests/e2e/hive/TestOperations.java | 76 ++++++++++++++++++++
2 files changed, 85 insertions(+)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/sentry/blob/f40831d7/sentry-binding/sentry-binding-hive-v2/src/main/java/org/apache/sentry/binding/hive/v2/HiveAuthzPrivilegesMapV2.java
----------------------------------------------------------------------
diff --git a/sentry-binding/sentry-binding-hive-v2/src/main/java/org/apache/sentry/binding/hive/v2/HiveAuthzPrivilegesMapV2.java b/sentry-binding/sentry-binding-hive-v2/src/main/java/org/apache/sentry/binding/hive/v2/HiveAuthzPrivilegesMapV2.java
index 93bdf4b..f8f11ef 100644
--- a/sentry-binding/sentry-binding-hive-v2/src/main/java/org/apache/sentry/binding/hive/v2/HiveAuthzPrivilegesMapV2.java
+++ b/sentry-binding/sentry-binding-hive-v2/src/main/java/org/apache/sentry/binding/hive/v2/HiveAuthzPrivilegesMapV2.java
@@ -100,6 +100,12 @@ public class HiveAuthzPrivilegesMapV2 {
setOperationType(HiveOperationType.DDL).
build();
+ HiveAuthzPrivileges alterPartPrivilege = new HiveAuthzPrivileges.AuthzPrivilegeBuilder().
+ addInputObjectPriviledge(AuthorizableType.Table, EnumSet.of(DBModelAction.ALTER)).
+ setOperationScope(HiveOperationScope.TABLE).
+ setOperationType(HiveOperationType.INFO).
+ build();
+
/* Currently Hive treats select/insert/analyze as Query
* select = select on table
* insert = insert on table /all on uri
@@ -219,6 +225,9 @@ public class HiveAuthzPrivilegesMapV2 {
hiveAuthzStmtPrivMap.put(HiveOperation.ALTERTABLE_RENAMECOL, alterTablePrivilege);
hiveAuthzStmtPrivMap.put(HiveOperation.ALTERTABLE_ADDCOLS, alterTablePrivilege);
hiveAuthzStmtPrivMap.put(HiveOperation.ALTERTABLE_REPLACECOLS, alterTablePrivilege);
+ hiveAuthzStmtPrivMap.put(HiveOperation.ALTERTABLE_PARTCOLTYPE, alterPartPrivilege);
+ hiveAuthzStmtPrivMap.put(HiveOperation.ALTERTABLE_BUCKETNUM, alterPartPrivilege);
+ hiveAuthzStmtPrivMap.put(HiveOperation.ALTERPARTITION_BUCKETNUM, alterPartPrivilege);
hiveAuthzStmtPrivMap.put(HiveOperation.ALTERTABLE_RENAMEPART, alterTablePrivilege);
hiveAuthzStmtPrivMap.put(HiveOperation.ALTERTABLE_ARCHIVE, alterTablePrivilege);
http://git-wip-us.apache.org/repos/asf/sentry/blob/f40831d7/sentry-tests/sentry-tests-hive-v2/src/test/java/org/apache/sentry/tests/e2e/hive/TestOperations.java
----------------------------------------------------------------------
diff --git a/sentry-tests/sentry-tests-hive-v2/src/test/java/org/apache/sentry/tests/e2e/hive/TestOperations.java b/sentry-tests/sentry-tests-hive-v2/src/test/java/org/apache/sentry/tests/e2e/hive/TestOperations.java
index b8d80f1..5bda2e7 100644
--- a/sentry-tests/sentry-tests-hive-v2/src/test/java/org/apache/sentry/tests/e2e/hive/TestOperations.java
+++ b/sentry-tests/sentry-tests-hive-v2/src/test/java/org/apache/sentry/tests/e2e/hive/TestOperations.java
@@ -483,6 +483,82 @@ public class TestOperations extends AbstractTestWithStaticConfiguration {
connection.close();
}
+ @Test
+ public void testAlterTableBucket() throws Exception {
+ adminCreate(DB1, tableName, true);
+
+ Connection connection;
+ Statement statement;
+
+ connection = context.createConnection(ADMIN1);
+ statement = context.createStatement(connection);
+ statement.execute("Use " + DB1);
+ statement.execute("ALTER TABLE tb1 CLUSTERED BY (a) SORTED BY (a) INTO 1 BUCKETS");
+ statement.execute("ALTER TABLE tb1 ADD IF NOT EXISTS PARTITION (b = '1') ");
+
+ policyFile.addPermissionsToRole("alter_db1_tb1", privileges.get("alter_db1_tb1"))
+ .addRolesToGroup(USERGROUP1, "alter_db1_tb1")
+ .addPermissionsToRole("insert_db1_tb1", privileges.get("insert_db1_tb1"))
+ .addRolesToGroup(USERGROUP2, "insert_db1_tb1");
+ writePolicyFile(policyFile);
+
+ //positive test cases
+ connection = context.createConnection(USER1_1);
+ statement = context.createStatement(connection);
+ statement.execute("Use " + DB1);
+ statement.execute("ALTER TABLE tb1 INTO 6 BUCKETS");
+ statement.execute("ALTER TABLE tb1 PARTITION (b = '1') INTO 6 BUCKETS");
+
+ statement.close();
+ connection.close();
+
+ //negative test cases
+ connection = context.createConnection(USER2_1);
+ statement = context.createStatement(connection);
+ statement.execute("Use " + DB1);
+ context.assertSentrySemanticException(statement, "ALTER TABLE tb1 INTO 6 BUCKETS",
+ semanticException);
+ context.assertSentrySemanticException(statement, "ALTER TABLE tb1 PARTITION (b = '1') INTO 6 BUCKETS", semanticException);
+
+ statement.close();
+ connection.close();
+ }
+
+ @Test
+ public void AlterTablePartColType() throws Exception {
+ adminCreate(DB1, tableName, true);
+
+ Connection connection;
+ Statement statement;
+
+ policyFile
+ .addPermissionsToRole("alter_db1_tb1", privileges.get("alter_db1_tb1"))
+ .addRolesToGroup(USERGROUP1, "alter_db1_tb1")
+ .addPermissionsToRole("insert_db1_tb1", privileges.get("insert_db1_tb1"))
+ .addRolesToGroup(USERGROUP2, "insert_db1_tb1");
+ writePolicyFile(policyFile);
+
+ //Positive cases
+ connection = context.createConnection(USER1_1);
+ statement = context.createStatement(connection);
+ statement.execute("Use " + DB1);
+ statement.execute("ALTER TABLE tb1 PARTITION COLUMN (b string)");
+
+ statement.close();
+ connection.close();
+
+ //Negative test cases
+ connection = context.createConnection(USER2_1);
+ statement = context.createStatement(connection);
+ statement.execute("Use " + DB1);
+
+ assertSemanticException(statement, "ALTER TABLE tb1 PARTITION COLUMN (b string)");
+
+ statement.close();
+ connection.close();
+
+ }
+
/* Test all operations that require alter on table
1. HiveOperation.ALTERTABLE_PROPERTIES
2. HiveOperation.ALTERTABLE_SERDEPROPERTIES