You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@sentry.apache.org by ka...@apache.org on 2018/05/11 20:07:42 UTC

sentry git commit: SENTRY-2171: Permission full snapshot should include owner privileges. (Kalyan Kumar kalvagadda, reviewed-by Na Li)

Repository: sentry
Updated Branches:
  refs/heads/master 7ac2b05e5 -> b65f5b2b4


SENTRY-2171: Permission full snapshot should include owner privileges. (Kalyan Kumar kalvagadda, reviewed-by Na Li)


Project: http://git-wip-us.apache.org/repos/asf/sentry/repo
Commit: http://git-wip-us.apache.org/repos/asf/sentry/commit/b65f5b2b
Tree: http://git-wip-us.apache.org/repos/asf/sentry/tree/b65f5b2b
Diff: http://git-wip-us.apache.org/repos/asf/sentry/diff/b65f5b2b

Branch: refs/heads/master
Commit: b65f5b2b4fe31a5a700122bf5d174d199fa8bd4f
Parents: 7ac2b05
Author: Kalyan Kumar Kalvagadda <kk...@cloudera.com>
Authored: Fri May 11 15:07:08 2018 -0500
Committer: Kalyan Kumar Kalvagadda <kk...@cloudera.com>
Committed: Fri May 11 15:07:08 2018 -0500

----------------------------------------------------------------------
 .../sentry/core/model/db/AccessConstants.java   |  1 +
 .../db/service/persistent/SentryStore.java      | 34 +++++++++++++++-----
 .../db/service/persistent/TestSentryStore.java  | 16 +++++++++
 3 files changed, 43 insertions(+), 8 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/sentry/blob/b65f5b2b/sentry-core/sentry-core-model-db/src/main/java/org/apache/sentry/core/model/db/AccessConstants.java
----------------------------------------------------------------------
diff --git a/sentry-core/sentry-core-model-db/src/main/java/org/apache/sentry/core/model/db/AccessConstants.java b/sentry-core/sentry-core-model-db/src/main/java/org/apache/sentry/core/model/db/AccessConstants.java
index a8e8bb1..a4fa226 100644
--- a/sentry-core/sentry-core-model-db/src/main/java/org/apache/sentry/core/model/db/AccessConstants.java
+++ b/sentry-core/sentry-core-model-db/src/main/java/org/apache/sentry/core/model/db/AccessConstants.java
@@ -34,6 +34,7 @@ public final class AccessConstants {
   public static final String ALTER = "alter";
   public static final String CREATE = "create";
   public static final String DROP = "drop";
+  public static final String OWNER = "OWNER";
   public static final String INDEX = "index";
   public static final String LOCK = "lock";
 

http://git-wip-us.apache.org/repos/asf/sentry/blob/b65f5b2b/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/persistent/SentryStore.java
----------------------------------------------------------------------
diff --git a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/persistent/SentryStore.java b/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/persistent/SentryStore.java
index b640f59..cafe2b5 100644
--- a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/persistent/SentryStore.java
+++ b/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/persistent/SentryStore.java
@@ -2526,20 +2526,38 @@ public class SentryStore {
         retVal.put(authzObj, pUpdate);
       }
       for (MSentryRole mRole : mPriv.getRoles()) {
-        String existingPriv = pUpdate.get(mRole.getRoleName());
-        if (existingPriv == null) {
-          pUpdate.put(new TPrivilegeEntity(TPrivilegeEntityType.ROLE, mRole.getRoleName()),
-                  mPriv.getAction().toUpperCase());
-        } else {
-          pUpdate.put(new TPrivilegeEntity(TPrivilegeEntityType.ROLE, mRole.getRoleName()), existingPriv + "," +
-                  mPriv.getAction().toUpperCase());
-        }
+        pUpdate = addPrivilegeEntry (mPriv, TPrivilegeEntityType.ROLE, mRole.getRoleName(), pUpdate);
+      }
+      for (MSentryUser mUser : mPriv.getUsers()) {
+        pUpdate = addPrivilegeEntry (mPriv, TPrivilegeEntityType.USER, mUser.getUserName(), pUpdate);
       }
     }
     query.closeAll();
     return retVal;
   }
 
+  private static Map<TPrivilegeEntity, String> addPrivilegeEntry(MSentryPrivilege mPriv, TPrivilegeEntityType tEntityType,
+    String entity, Map<TPrivilegeEntity, String> update) {
+    String action;
+    String newAction;
+    String existingPriv = update.get(entity);
+    action = mPriv.getAction().toUpperCase();
+    newAction = mPriv.getAction().toUpperCase();
+    if(action.equals(AccessConstants.OWNER)) {
+      // Translate owner privilege to actual privilege.
+      newAction = AccessConstants.ACTION_ALL;
+    }
+
+    if (existingPriv == null) {
+      update.put(new TPrivilegeEntity(tEntityType, entity),
+              newAction);
+    } else {
+      update.put(new TPrivilegeEntity(tEntityType, entity), existingPriv + "," +
+              newAction);
+    }
+    return update;
+  }
+
   /**
    * Retrieves an up-to-date sentry role snapshot from {@code MSentryGroup} table.
    * The snapshot is represented by a role to groups map.

http://git-wip-us.apache.org/repos/asf/sentry/blob/b65f5b2b/sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/provider/db/service/persistent/TestSentryStore.java
----------------------------------------------------------------------
diff --git a/sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/provider/db/service/persistent/TestSentryStore.java b/sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/provider/db/service/persistent/TestSentryStore.java
index 152c0ce..0322cc3 100644
--- a/sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/provider/db/service/persistent/TestSentryStore.java
+++ b/sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/provider/db/service/persistent/TestSentryStore.java
@@ -2466,11 +2466,27 @@ public class TestSentryStore extends org.junit.Assert {
     sentryStore.alterSentryRoleAddGroups(grantor, roleName1, groups);
     sentryStore.alterSentryRoleAddGroups(grantor, roleName2, groups);
 
+    //Grant owner privilege to role
+    TSentryPrivilege privilege3 = new TSentryPrivilege();
+    privilege3.setPrivilegeScope("TABLE");
+    privilege3.setServerName("server1");
+    privilege3.setDbName("db3");
+    privilege3.setTableName("tbl1");
+    privilege3.setAction("OWNER");
+    privilege3.setCreateTime(System.currentTimeMillis());
+    sentryStore.alterSentryRoleGrantPrivilege(grantor, roleName1, privilege3);
+    sentryStore.alterSentryRoleGrantPrivilege(grantor, roleName2, privilege3);
+
     PermissionsImage permImage = sentryStore.retrieveFullPermssionsImage();
     Map<String, Map<TPrivilegeEntity, String>> privs = permImage.getPrivilegeImage();
     Map<String, List<String>> roles = permImage.getRoleImage();
     assertEquals(2, privs.get("db1.tbl1").size());
     assertEquals(2, roles.size());
+
+    assertEquals(2, privs.get("db3.tbl1").size());
+    assertEquals("ALL", privs.get("db3.tbl1").get(new TPrivilegeEntity(TPrivilegeEntityType.ROLE, roleName1)));
+    assertEquals("ALL", privs.get("db3.tbl1").get(new TPrivilegeEntity(TPrivilegeEntityType.ROLE, roleName2)));
+
   }
 
   /**