You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@sentry.apache.org by as...@apache.org on 2014/11/20 06:54:48 UTC
incubator-sentry git commit: SENTRY-526: Fix SentryStore so that
Duplicate grant with same privilge but different case is handled correctly
Repository: incubator-sentry
Updated Branches:
refs/heads/master fa26a0b4f -> a8c878ab5
SENTRY-526: Fix SentryStore so that Duplicate grant with same privilge but different case is handled correctly
Project: http://git-wip-us.apache.org/repos/asf/incubator-sentry/repo
Commit: http://git-wip-us.apache.org/repos/asf/incubator-sentry/commit/a8c878ab
Tree: http://git-wip-us.apache.org/repos/asf/incubator-sentry/tree/a8c878ab
Diff: http://git-wip-us.apache.org/repos/asf/incubator-sentry/diff/a8c878ab
Branch: refs/heads/master
Commit: a8c878ab5f1b9fbfb28f7d985946913b155ebd64
Parents: fa26a0b
Author: Arun Suresh <as...@cloudera.com>
Authored: Wed Nov 19 21:53:21 2014 -0800
Committer: Arun Suresh <as...@cloudera.com>
Committed: Wed Nov 19 21:53:50 2014 -0800
----------------------------------------------------------------------
.../db/service/persistent/SentryStore.java | 27 +++++++++---------
.../db/service/persistent/TestSentryStore.java | 29 ++++++++++++++++++++
.../e2e/dbprovider/TestDatabaseProvider.java | 15 ++++++++++
3 files changed, 58 insertions(+), 13 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/a8c878ab/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/persistent/SentryStore.java
----------------------------------------------------------------------
diff --git a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/persistent/SentryStore.java b/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/persistent/SentryStore.java
index d163418..3615661 100644
--- a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/persistent/SentryStore.java
+++ b/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/persistent/SentryStore.java
@@ -18,7 +18,6 @@
package org.apache.sentry.provider.db.service.persistent;
-import com.codahale.metrics.Gauge;
import static org.apache.sentry.provider.common.ProviderConstants.AUTHORIZABLE_JOINER;
import static org.apache.sentry.provider.common.ProviderConstants.KV_JOINER;
@@ -68,6 +67,7 @@ import org.apache.sentry.service.thrift.ServiceConstants.PrivilegeScope;
import org.apache.sentry.service.thrift.ServiceConstants.ServerConfig;
import org.datanucleus.store.rdbms.exceptions.MissingTableException;
+import com.codahale.metrics.Gauge;
import com.google.common.annotations.VisibleForTesting;
import com.google.common.base.Joiner;
import com.google.common.base.Preconditions;
@@ -599,21 +599,22 @@ public class SentryStore {
private List<MSentryPrivilege> getMSentryPrivileges(TSentryPrivilege tPriv, PersistenceManager pm) {
Query query = pm.newQuery(MSentryPrivilege.class);
- StringBuilder filters = new StringBuilder("this.serverName == \"" + toNULLCol(tPriv.getServerName()) + "\" ");
+ StringBuilder filters = new StringBuilder("this.serverName == \""
+ + toNULLCol(safeTrimLower(tPriv.getServerName())) + "\" ");
if (!isNULL(tPriv.getDbName())) {
- filters.append("&& this.dbName == \"" + toNULLCol(tPriv.getDbName()) + "\" ");
+ filters.append("&& this.dbName == \"" + toNULLCol(safeTrimLower(tPriv.getDbName())) + "\" ");
if (!isNULL(tPriv.getTableName())) {
- filters.append("&& this.tableName == \"" + toNULLCol(tPriv.getTableName()) + "\" ");
+ filters.append("&& this.tableName == \"" + toNULLCol(safeTrimLower(tPriv.getTableName())) + "\" ");
if (!isNULL(tPriv.getColumnName())) {
- filters.append("&& this.columnName == \"" + toNULLCol(tPriv.getColumnName()) + "\" ");
+ filters.append("&& this.columnName == \"" + toNULLCol(safeTrimLower(tPriv.getColumnName())) + "\" ");
}
}
}
// if db is null, uri is not null
else if (!isNULL(tPriv.getURI())){
- filters.append("&& this.URI == \"" + toNULLCol(tPriv.getURI()) + "\" ");
+ filters.append("&& this.URI == \"" + toNULLCol(safeTrim(tPriv.getURI())) + "\" ");
}
- filters.append("&& this.action == \"" + toNULLCol(tPriv.getAction().toLowerCase()) + "\"");
+ filters.append("&& this.action == \"" + toNULLCol(safeTrimLower(tPriv.getAction())) + "\"");
query.setFilter(filters.toString());
List<MSentryPrivilege> privileges = (List<MSentryPrivilege>) query.execute();
@@ -622,13 +623,13 @@ public class SentryStore {
private MSentryPrivilege getMSentryPrivilege(TSentryPrivilege tPriv, PersistenceManager pm) {
Query query = pm.newQuery(MSentryPrivilege.class);
- query.setFilter("this.serverName == \"" + toNULLCol(tPriv.getServerName()) + "\" "
- + "&& this.dbName == \"" + toNULLCol(tPriv.getDbName()) + "\" "
- + "&& this.tableName == \"" + toNULLCol(tPriv.getTableName()) + "\" "
- + "&& this.columnName == \"" + toNULLCol(tPriv.getColumnName()) + "\" "
- + "&& this.URI == \"" + toNULLCol(tPriv.getURI()) + "\" "
+ query.setFilter("this.serverName == \"" + toNULLCol(safeTrimLower(tPriv.getServerName())) + "\" "
+ + "&& this.dbName == \"" + toNULLCol(safeTrimLower(tPriv.getDbName())) + "\" "
+ + "&& this.tableName == \"" + toNULLCol(safeTrimLower(tPriv.getTableName())) + "\" "
+ + "&& this.columnName == \"" + toNULLCol(safeTrimLower(tPriv.getColumnName())) + "\" "
+ + "&& this.URI == \"" + toNULLCol(safeTrim(tPriv.getURI())) + "\" "
+ "&& this.grantOption == grantOption "
- + "&& this.action == \"" + toNULLCol(tPriv.getAction().toLowerCase()) + "\"");
+ + "&& this.action == \"" + toNULLCol(safeTrimLower(tPriv.getAction())) + "\"");
query.declareParameters("Boolean grantOption");
query.setUnique(true);
Boolean grantOption = null;
http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/a8c878ab/sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/provider/db/service/persistent/TestSentryStore.java
----------------------------------------------------------------------
diff --git a/sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/provider/db/service/persistent/TestSentryStore.java b/sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/provider/db/service/persistent/TestSentryStore.java
index 60cec1f..70917b7 100644
--- a/sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/provider/db/service/persistent/TestSentryStore.java
+++ b/sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/provider/db/service/persistent/TestSentryStore.java
@@ -743,6 +743,35 @@ public class TestSentryStore {
}
@Test
+ public void testGrantDuplicatePrivilege() throws Exception {
+ String roleName = "test-privilege";
+ String grantor = "g1";
+ String server = "server1";
+ String db = "db1";
+ String table = "tbl1";
+ long seqId = sentryStore.createSentryRole(roleName).getSequenceId();
+ TSentryPrivilege privilege = new TSentryPrivilege();
+ privilege.setPrivilegeScope("TABLE");
+ privilege.setServerName(server);
+ privilege.setDbName(db);
+ privilege.setTableName(table);
+ privilege.setAction(AccessConstants.ALL);
+ privilege.setCreateTime(System.currentTimeMillis());
+ assertEquals(seqId + 1, sentryStore.alterSentryRoleGrantPrivilege(grantor, roleName, privilege)
+ .getSequenceId());
+ assertEquals(seqId + 2, sentryStore.alterSentryRoleGrantPrivilege(grantor, roleName, privilege)
+ .getSequenceId());
+ privilege.setServerName("Server1");
+ privilege.setDbName("DB1");
+ privilege.setTableName("TBL1");
+ assertEquals(seqId + 3, sentryStore.alterSentryRoleGrantPrivilege(grantor, roleName, privilege)
+ .getSequenceId());
+ MSentryRole role = sentryStore.getMSentryRoleByName(roleName);
+ Set<MSentryPrivilege> privileges = role.getPrivileges();
+ assertEquals(privileges.toString(), 1, privileges.size());
+ }
+
+ @Test
public void testListSentryPrivilegesForProvider() throws Exception {
String roleName1 = "list-privs-r1", roleName2 = "list-privs-r2";
String groupName1 = "list-privs-g1", groupName2 = "list-privs-g2";
http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/a8c878ab/sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/dbprovider/TestDatabaseProvider.java
----------------------------------------------------------------------
diff --git a/sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/dbprovider/TestDatabaseProvider.java b/sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/dbprovider/TestDatabaseProvider.java
index 7fa7600..3189955 100644
--- a/sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/dbprovider/TestDatabaseProvider.java
+++ b/sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/dbprovider/TestDatabaseProvider.java
@@ -198,6 +198,21 @@ public class TestDatabaseProvider extends AbstractTestWithStaticConfiguration {
connection.close();
}
+ @Test
+ public void testGrantDuplicateonDb() throws Exception {
+
+ Connection connection = context.createConnection(ADMIN1);
+ Statement statement = context.createStatement(connection);
+ statement.execute("CREATE ROLE user_role");
+
+ // Grant only SELECT on Database
+ statement.execute("GRANT SELECT ON DATABASE db1 TO ROLE user_role");
+ statement.execute("GRANT SELECT ON DATABASE DB1 TO ROLE user_role");
+ statement.execute("GRANT SELECT ON DATABASE Db1 TO ROLE user_role");
+ statement.close();
+ connection.close();
+ }
+
private File doSetupForGrantDbTests() throws Exception {
super.setupAdmin();