You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@hive.apache.org by th...@apache.org on 2016/07/19 05:24:35 UTC

hive git commit: HIVE-14262 : Inherit writetype from partition WriteEntity for table WriteEntity (Thejas Nair, reviewed by Sushanth Sowmyan)

Repository: hive
Updated Branches:
  refs/heads/branch-2.1 c6e789f92 -> 82492d76e


HIVE-14262 : Inherit writetype from partition WriteEntity for table WriteEntity (Thejas Nair, reviewed by Sushanth Sowmyan)


Project: http://git-wip-us.apache.org/repos/asf/hive/repo
Commit: http://git-wip-us.apache.org/repos/asf/hive/commit/82492d76
Tree: http://git-wip-us.apache.org/repos/asf/hive/tree/82492d76
Diff: http://git-wip-us.apache.org/repos/asf/hive/diff/82492d76

Branch: refs/heads/branch-2.1
Commit: 82492d76eda386f87936860dafcc2d476b62bfbf
Parents: c6e789f
Author: Thejas Nair <th...@hortonworks.com>
Authored: Mon Jul 18 22:24:28 2016 -0700
Committer: Thejas Nair <th...@hortonworks.com>
Committed: Mon Jul 18 22:24:28 2016 -0700

----------------------------------------------------------------------
 .../java/org/apache/hadoop/hive/ql/Driver.java  |  9 +++-
 .../authorization_insertpart_noinspriv.q        | 15 ++++++
 .../authorization_insertpart_noinspriv.q.out    | 53 ++++++++++++++++++++
 3 files changed, 75 insertions(+), 2 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/hive/blob/82492d76/ql/src/java/org/apache/hadoop/hive/ql/Driver.java
----------------------------------------------------------------------
diff --git a/ql/src/java/org/apache/hadoop/hive/ql/Driver.java b/ql/src/java/org/apache/hadoop/hive/ql/Driver.java
index cd313b8..2bb9638 100644
--- a/ql/src/java/org/apache/hadoop/hive/ql/Driver.java
+++ b/ql/src/java/org/apache/hadoop/hive/ql/Driver.java
@@ -582,12 +582,17 @@ public class Driver implements CommandProcessor {
     }
 
     Set<WriteEntity> additionalOutputs = new HashSet<WriteEntity>();
-    for (Entity e : sem.getOutputs()) {
+    for (WriteEntity e : sem.getOutputs()) {
       if (e.getType() == Entity.Type.PARTITION) {
-        additionalOutputs.add(new WriteEntity(e.getTable(), WriteEntity.WriteType.DDL_NO_LOCK));
+        additionalOutputs.add(new WriteEntity(e.getTable(), e.getWriteType()));
       }
     }
 
+    // The following union operation returns a union, which traverses over the
+    // first set once and then  then over each element of second set, in order, 
+    // that is not contained in first. This means it doesn't replace anything
+    // in first set, and would preserve the WriteType in WriteEntity in first
+    // set in case of outputs list.
     Set<ReadEntity> inputs = Sets.union(sem.getInputs(), additionalInputs);
     Set<WriteEntity> outputs = Sets.union(sem.getOutputs(), additionalOutputs);
 

http://git-wip-us.apache.org/repos/asf/hive/blob/82492d76/ql/src/test/queries/clientnegative/authorization_insertpart_noinspriv.q
----------------------------------------------------------------------
diff --git a/ql/src/test/queries/clientnegative/authorization_insertpart_noinspriv.q b/ql/src/test/queries/clientnegative/authorization_insertpart_noinspriv.q
new file mode 100644
index 0000000..225eff4
--- /dev/null
+++ b/ql/src/test/queries/clientnegative/authorization_insertpart_noinspriv.q
@@ -0,0 +1,15 @@
+set hive.test.authz.sstd.hs2.mode=true;
+set hive.security.authorization.manager=org.apache.hadoop.hive.ql.security.authorization.plugin.sqlstd.SQLStdHiveAuthorizerFactoryForTest;
+set hive.security.authenticator.manager=org.apache.hadoop.hive.ql.security.SessionStateConfigUserAuthenticator;
+set hive.security.authorization.enabled=true;
+
+-- check insert without select priv
+create table testp(i int) partitioned by (dt string);
+grant select on table testp to user user1;
+
+set user.name=user1;
+create table user2tab(i int);
+explain authorization insert into table testp partition (dt = '2012')  values (1);
+explain authorization insert overwrite table testp partition (dt = '2012')  values (1);
+insert into table testp partition (dt = '2012')  values (1);
+insert overwrite table testp partition (dt = '2012')  values (1);

http://git-wip-us.apache.org/repos/asf/hive/blob/82492d76/ql/src/test/results/clientnegative/authorization_insertpart_noinspriv.q.out
----------------------------------------------------------------------
diff --git a/ql/src/test/results/clientnegative/authorization_insertpart_noinspriv.q.out b/ql/src/test/results/clientnegative/authorization_insertpart_noinspriv.q.out
new file mode 100644
index 0000000..f15dadc
--- /dev/null
+++ b/ql/src/test/results/clientnegative/authorization_insertpart_noinspriv.q.out
@@ -0,0 +1,53 @@
+PREHOOK: query: -- check insert without select priv
+create table testp(i int) partitioned by (dt string)
+PREHOOK: type: CREATETABLE
+PREHOOK: Output: database:default
+PREHOOK: Output: default@testp
+POSTHOOK: query: -- check insert without select priv
+create table testp(i int) partitioned by (dt string)
+POSTHOOK: type: CREATETABLE
+POSTHOOK: Output: database:default
+POSTHOOK: Output: default@testp
+PREHOOK: query: grant select on table testp to user user1
+PREHOOK: type: GRANT_PRIVILEGE
+PREHOOK: Output: default@testp
+POSTHOOK: query: grant select on table testp to user user1
+POSTHOOK: type: GRANT_PRIVILEGE
+POSTHOOK: Output: default@testp
+PREHOOK: query: create table user2tab(i int)
+PREHOOK: type: CREATETABLE
+PREHOOK: Output: database:default
+PREHOOK: Output: default@user2tab
+POSTHOOK: query: create table user2tab(i int)
+POSTHOOK: type: CREATETABLE
+POSTHOOK: Output: database:default
+POSTHOOK: Output: default@user2tab
+PREHOOK: query: explain authorization insert into table testp partition (dt = '2012')  values (1)
+PREHOOK: type: QUERY
+POSTHOOK: query: explain authorization insert into table testp partition (dt = '2012')  values (1)
+POSTHOOK: type: QUERY
+INPUTS: 
+  default@values__tmp__table__1
+OUTPUTS: 
+  default@testp@dt=2012
+CURRENT_USER: 
+  user1
+OPERATION: 
+  QUERY
+AUTHORIZATION_FAILURES: 
+  Permission denied: Principal [name=user1, type=USER] does not have following privileges for operation QUERY [[INSERT] on Object [type=TABLE_OR_VIEW, name=default.testp, action=INSERT]]
+PREHOOK: query: explain authorization insert overwrite table testp partition (dt = '2012')  values (1)
+PREHOOK: type: QUERY
+POSTHOOK: query: explain authorization insert overwrite table testp partition (dt = '2012')  values (1)
+POSTHOOK: type: QUERY
+INPUTS: 
+  default@values__tmp__table__2
+OUTPUTS: 
+  default@testp@dt=2012
+CURRENT_USER: 
+  user1
+OPERATION: 
+  QUERY
+AUTHORIZATION_FAILURES: 
+  Permission denied: Principal [name=user1, type=USER] does not have following privileges for operation QUERY [[INSERT, DELETE] on Object [type=TABLE_OR_VIEW, name=default.testp, action=INSERT_OVERWRITE]]
+FAILED: HiveAccessControlException Permission denied: Principal [name=user1, type=USER] does not have following privileges for operation QUERY [[INSERT] on Object [type=TABLE_OR_VIEW, name=default.testp, action=INSERT]]