You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@hive.apache.org by Thejas Nair <th...@hortonworks.com> on 2014/05/10 00:14:32 UTC
Review Request 21289: HIVE-7033 : grant statements should check if the role
exists
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/21289/
-----------------------------------------------------------
Review request for hive and Ashutosh Chauhan.
Bugs: HIVE-7033
https://issues.apache.org/jira/browse/HIVE-7033
Repository: hive-git
Description
-------
The following grant statement that grants to a role that does not exist succeeds, but it should result in an error.
> grant all on t1 to role nosuchrole;
Patch also fixes the handling of role names in some cases to be case insensitive.
Diffs
-----
metastore/src/java/org/apache/hadoop/hive/metastore/ObjectStore.java 4b4f4f2
ql/src/java/org/apache/hadoop/hive/ql/security/authorization/plugin/HivePrincipal.java 62b8994
ql/src/test/queries/clientnegative/authorization_role_grant_nosuchrole.q PRE-CREATION
ql/src/test/queries/clientnegative/authorization_table_grant_nosuchrole.q PRE-CREATION
ql/src/test/queries/clientpositive/authorization_1_sql_std.q 79ae17a
ql/src/test/queries/clientpositive/authorization_role_grant1.q f89d0dc
ql/src/test/queries/clientpositive/authorization_role_grant2.q 984d7ed
ql/src/test/results/clientnegative/authorization_role_grant_nosuchrole.q.out PRE-CREATION
ql/src/test/results/clientnegative/authorization_table_grant_nosuchrole.q.out PRE-CREATION
ql/src/test/results/clientpositive/authorization_1_sql_std.q.out 718ff31
ql/src/test/results/clientpositive/authorization_role_grant1.q.out 3c846eb
ql/src/test/results/clientpositive/authorization_role_grant2.q.out 1e8f88a
Diff: https://reviews.apache.org/r/21289/diff/
Testing
-------
New tests included
Thanks,
Thejas Nair
Re: Review Request 21289: HIVE-7033 : grant statements should check if the
role exists
Posted by Thejas Nair <th...@hortonworks.com>.
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/21289/
-----------------------------------------------------------
(Updated May 9, 2014, 11:14 p.m.)
Review request for hive and Ashutosh Chauhan.
Changes
-------
HIVE-7033.2.patch - updating comment in .q file
Bugs: HIVE-7033
https://issues.apache.org/jira/browse/HIVE-7033
Repository: hive-git
Description
-------
The following grant statement that grants to a role that does not exist succeeds, but it should result in an error.
> grant all on t1 to role nosuchrole;
Patch also fixes the handling of role names in some cases to be case insensitive.
Diffs (updated)
-----
metastore/src/java/org/apache/hadoop/hive/metastore/ObjectStore.java 4b4f4f2
ql/src/java/org/apache/hadoop/hive/ql/security/authorization/plugin/HivePrincipal.java 62b8994
ql/src/test/queries/clientnegative/authorization_role_grant_nosuchrole.q PRE-CREATION
ql/src/test/queries/clientnegative/authorization_table_grant_nosuchrole.q PRE-CREATION
ql/src/test/queries/clientpositive/authorization_1_sql_std.q 79ae17a
ql/src/test/queries/clientpositive/authorization_role_grant1.q f89d0dc
ql/src/test/queries/clientpositive/authorization_role_grant2.q 984d7ed
ql/src/test/results/clientnegative/authorization_role_grant_nosuchrole.q.out PRE-CREATION
ql/src/test/results/clientnegative/authorization_table_grant_nosuchrole.q.out PRE-CREATION
ql/src/test/results/clientpositive/authorization_1_sql_std.q.out 718ff31
ql/src/test/results/clientpositive/authorization_role_grant1.q.out 3c846eb
ql/src/test/results/clientpositive/authorization_role_grant2.q.out 1e8f88a
Diff: https://reviews.apache.org/r/21289/diff/
Testing
-------
New tests included
Thanks,
Thejas Nair
Re: Review Request 21289: HIVE-7033 : grant statements should check if the
role exists
Posted by Thejas Nair <th...@hortonworks.com>.
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/21289/
-----------------------------------------------------------
(Updated May 12, 2014, 8:50 p.m.)
Review request for hive and Ashutosh Chauhan.
Changes
-------
HIVE-7033.4.patch - q.out files didn't have the comment update.
Bugs: HIVE-7033
https://issues.apache.org/jira/browse/HIVE-7033
Repository: hive-git
Description
-------
The following grant statement that grants to a role that does not exist succeeds, but it should result in an error.
> grant all on t1 to role nosuchrole;
Patch also fixes the handling of role names in some cases to be case insensitive.
Diffs (updated)
-----
metastore/src/java/org/apache/hadoop/hive/metastore/ObjectStore.java 4b4f4f2
ql/src/java/org/apache/hadoop/hive/ql/security/authorization/plugin/HivePrincipal.java 62b8994
ql/src/test/queries/clientnegative/authorization_role_grant_nosuchrole.q PRE-CREATION
ql/src/test/queries/clientnegative/authorization_table_grant_nosuchrole.q PRE-CREATION
ql/src/test/queries/clientpositive/authorization_1_sql_std.q 79ae17a
ql/src/test/queries/clientpositive/authorization_role_grant1.q f89d0dc
ql/src/test/queries/clientpositive/authorization_role_grant2.q 984d7ed
ql/src/test/results/clientnegative/authorization_role_grant_nosuchrole.q.out PRE-CREATION
ql/src/test/results/clientnegative/authorization_table_grant_nosuchrole.q.out PRE-CREATION
ql/src/test/results/clientpositive/authorization_1_sql_std.q.out 718ff31
ql/src/test/results/clientpositive/authorization_role_grant1.q.out 3c846eb
ql/src/test/results/clientpositive/authorization_role_grant2.q.out 1e8f88a
Diff: https://reviews.apache.org/r/21289/diff/
Testing
-------
New tests included
Thanks,
Thejas Nair
Re: Review Request 21289: HIVE-7033 : grant statements should check if the
role exists
Posted by Thejas Nair <th...@hortonworks.com>.
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/21289/
-----------------------------------------------------------
(Updated May 12, 2014, 8:25 p.m.)
Review request for hive and Ashutosh Chauhan.
Changes
-------
Fix possibility of TOCTOU issue.
Bugs: HIVE-7033
https://issues.apache.org/jira/browse/HIVE-7033
Repository: hive-git
Description
-------
The following grant statement that grants to a role that does not exist succeeds, but it should result in an error.
> grant all on t1 to role nosuchrole;
Patch also fixes the handling of role names in some cases to be case insensitive.
Diffs (updated)
-----
metastore/src/java/org/apache/hadoop/hive/metastore/ObjectStore.java 4b4f4f2
ql/src/java/org/apache/hadoop/hive/ql/security/authorization/plugin/HivePrincipal.java 62b8994
ql/src/test/queries/clientnegative/authorization_role_grant_nosuchrole.q PRE-CREATION
ql/src/test/queries/clientnegative/authorization_table_grant_nosuchrole.q PRE-CREATION
ql/src/test/queries/clientpositive/authorization_1_sql_std.q 79ae17a
ql/src/test/queries/clientpositive/authorization_role_grant1.q f89d0dc
ql/src/test/queries/clientpositive/authorization_role_grant2.q 984d7ed
ql/src/test/results/clientnegative/authorization_role_grant_nosuchrole.q.out PRE-CREATION
ql/src/test/results/clientnegative/authorization_table_grant_nosuchrole.q.out PRE-CREATION
ql/src/test/results/clientpositive/authorization_1_sql_std.q.out 718ff31
ql/src/test/results/clientpositive/authorization_role_grant1.q.out 3c846eb
ql/src/test/results/clientpositive/authorization_role_grant2.q.out 1e8f88a
Diff: https://reviews.apache.org/r/21289/diff/
Testing
-------
New tests included
Thanks,
Thejas Nair
Re: Review Request 21289: HIVE-7033 : grant statements should check if the
role exists
Posted by Ashutosh Chauhan <ha...@apache.org>.
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/21289/#review42625
-----------------------------------------------------------
metastore/src/java/org/apache/hadoop/hive/metastore/ObjectStore.java
<https://reviews.apache.org/r/21289/#comment76447>
This should be done within transaction. Else, this may result in TOCTU bug.
- Ashutosh Chauhan
On May 9, 2014, 11:14 p.m., Thejas Nair wrote:
>
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/21289/
> -----------------------------------------------------------
>
> (Updated May 9, 2014, 11:14 p.m.)
>
>
> Review request for hive and Ashutosh Chauhan.
>
>
> Bugs: HIVE-7033
> https://issues.apache.org/jira/browse/HIVE-7033
>
>
> Repository: hive-git
>
>
> Description
> -------
>
> The following grant statement that grants to a role that does not exist succeeds, but it should result in an error.
>
> > grant all on t1 to role nosuchrole;
>
> Patch also fixes the handling of role names in some cases to be case insensitive.
>
>
> Diffs
> -----
>
> metastore/src/java/org/apache/hadoop/hive/metastore/ObjectStore.java 4b4f4f2
> ql/src/java/org/apache/hadoop/hive/ql/security/authorization/plugin/HivePrincipal.java 62b8994
> ql/src/test/queries/clientnegative/authorization_role_grant_nosuchrole.q PRE-CREATION
> ql/src/test/queries/clientnegative/authorization_table_grant_nosuchrole.q PRE-CREATION
> ql/src/test/queries/clientpositive/authorization_1_sql_std.q 79ae17a
> ql/src/test/queries/clientpositive/authorization_role_grant1.q f89d0dc
> ql/src/test/queries/clientpositive/authorization_role_grant2.q 984d7ed
> ql/src/test/results/clientnegative/authorization_role_grant_nosuchrole.q.out PRE-CREATION
> ql/src/test/results/clientnegative/authorization_table_grant_nosuchrole.q.out PRE-CREATION
> ql/src/test/results/clientpositive/authorization_1_sql_std.q.out 718ff31
> ql/src/test/results/clientpositive/authorization_role_grant1.q.out 3c846eb
> ql/src/test/results/clientpositive/authorization_role_grant2.q.out 1e8f88a
>
> Diff: https://reviews.apache.org/r/21289/diff/
>
>
> Testing
> -------
>
> New tests included
>
>
> Thanks,
>
> Thejas Nair
>
>
Re: Review Request 21289: HIVE-7033 : grant statements should check if the
role exists
Posted by Thejas Nair <th...@hortonworks.com>.
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/21289/
-----------------------------------------------------------
(Updated May 9, 2014, 11:14 p.m.)
Review request for hive and Ashutosh Chauhan.
Changes
-------
HIVE-7033.2.patch - updating comment in .q file
Bugs: HIVE-7033
https://issues.apache.org/jira/browse/HIVE-7033
Repository: hive-git
Description
-------
The following grant statement that grants to a role that does not exist succeeds, but it should result in an error.
> grant all on t1 to role nosuchrole;
Patch also fixes the handling of role names in some cases to be case insensitive.
Diffs (updated)
-----
metastore/src/java/org/apache/hadoop/hive/metastore/ObjectStore.java 4b4f4f2
ql/src/java/org/apache/hadoop/hive/ql/security/authorization/plugin/HivePrincipal.java 62b8994
ql/src/test/queries/clientnegative/authorization_role_grant_nosuchrole.q PRE-CREATION
ql/src/test/queries/clientnegative/authorization_table_grant_nosuchrole.q PRE-CREATION
ql/src/test/queries/clientpositive/authorization_1_sql_std.q 79ae17a
ql/src/test/queries/clientpositive/authorization_role_grant1.q f89d0dc
ql/src/test/queries/clientpositive/authorization_role_grant2.q 984d7ed
ql/src/test/results/clientnegative/authorization_role_grant_nosuchrole.q.out PRE-CREATION
ql/src/test/results/clientnegative/authorization_table_grant_nosuchrole.q.out PRE-CREATION
ql/src/test/results/clientpositive/authorization_1_sql_std.q.out 718ff31
ql/src/test/results/clientpositive/authorization_role_grant1.q.out 3c846eb
ql/src/test/results/clientpositive/authorization_role_grant2.q.out 1e8f88a
Diff: https://reviews.apache.org/r/21289/diff/
Testing
-------
New tests included
Thanks,
Thejas Nair