You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@sentry.apache.org by ka...@apache.org on 2018/05/11 20:07:42 UTC
sentry git commit: SENTRY-2171: Permission full snapshot should
include owner privileges. (Kalyan Kumar kalvagadda, reviewed-by Na Li)
Repository: sentry
Updated Branches:
refs/heads/master 7ac2b05e5 -> b65f5b2b4
SENTRY-2171: Permission full snapshot should include owner privileges. (Kalyan Kumar kalvagadda, reviewed-by Na Li)
Project: http://git-wip-us.apache.org/repos/asf/sentry/repo
Commit: http://git-wip-us.apache.org/repos/asf/sentry/commit/b65f5b2b
Tree: http://git-wip-us.apache.org/repos/asf/sentry/tree/b65f5b2b
Diff: http://git-wip-us.apache.org/repos/asf/sentry/diff/b65f5b2b
Branch: refs/heads/master
Commit: b65f5b2b4fe31a5a700122bf5d174d199fa8bd4f
Parents: 7ac2b05
Author: Kalyan Kumar Kalvagadda <kk...@cloudera.com>
Authored: Fri May 11 15:07:08 2018 -0500
Committer: Kalyan Kumar Kalvagadda <kk...@cloudera.com>
Committed: Fri May 11 15:07:08 2018 -0500
----------------------------------------------------------------------
.../sentry/core/model/db/AccessConstants.java | 1 +
.../db/service/persistent/SentryStore.java | 34 +++++++++++++++-----
.../db/service/persistent/TestSentryStore.java | 16 +++++++++
3 files changed, 43 insertions(+), 8 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/sentry/blob/b65f5b2b/sentry-core/sentry-core-model-db/src/main/java/org/apache/sentry/core/model/db/AccessConstants.java
----------------------------------------------------------------------
diff --git a/sentry-core/sentry-core-model-db/src/main/java/org/apache/sentry/core/model/db/AccessConstants.java b/sentry-core/sentry-core-model-db/src/main/java/org/apache/sentry/core/model/db/AccessConstants.java
index a8e8bb1..a4fa226 100644
--- a/sentry-core/sentry-core-model-db/src/main/java/org/apache/sentry/core/model/db/AccessConstants.java
+++ b/sentry-core/sentry-core-model-db/src/main/java/org/apache/sentry/core/model/db/AccessConstants.java
@@ -34,6 +34,7 @@ public final class AccessConstants {
public static final String ALTER = "alter";
public static final String CREATE = "create";
public static final String DROP = "drop";
+ public static final String OWNER = "OWNER";
public static final String INDEX = "index";
public static final String LOCK = "lock";
http://git-wip-us.apache.org/repos/asf/sentry/blob/b65f5b2b/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/persistent/SentryStore.java
----------------------------------------------------------------------
diff --git a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/persistent/SentryStore.java b/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/persistent/SentryStore.java
index b640f59..cafe2b5 100644
--- a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/persistent/SentryStore.java
+++ b/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/persistent/SentryStore.java
@@ -2526,20 +2526,38 @@ public class SentryStore {
retVal.put(authzObj, pUpdate);
}
for (MSentryRole mRole : mPriv.getRoles()) {
- String existingPriv = pUpdate.get(mRole.getRoleName());
- if (existingPriv == null) {
- pUpdate.put(new TPrivilegeEntity(TPrivilegeEntityType.ROLE, mRole.getRoleName()),
- mPriv.getAction().toUpperCase());
- } else {
- pUpdate.put(new TPrivilegeEntity(TPrivilegeEntityType.ROLE, mRole.getRoleName()), existingPriv + "," +
- mPriv.getAction().toUpperCase());
- }
+ pUpdate = addPrivilegeEntry (mPriv, TPrivilegeEntityType.ROLE, mRole.getRoleName(), pUpdate);
+ }
+ for (MSentryUser mUser : mPriv.getUsers()) {
+ pUpdate = addPrivilegeEntry (mPriv, TPrivilegeEntityType.USER, mUser.getUserName(), pUpdate);
}
}
query.closeAll();
return retVal;
}
+ private static Map<TPrivilegeEntity, String> addPrivilegeEntry(MSentryPrivilege mPriv, TPrivilegeEntityType tEntityType,
+ String entity, Map<TPrivilegeEntity, String> update) {
+ String action;
+ String newAction;
+ String existingPriv = update.get(entity);
+ action = mPriv.getAction().toUpperCase();
+ newAction = mPriv.getAction().toUpperCase();
+ if(action.equals(AccessConstants.OWNER)) {
+ // Translate owner privilege to actual privilege.
+ newAction = AccessConstants.ACTION_ALL;
+ }
+
+ if (existingPriv == null) {
+ update.put(new TPrivilegeEntity(tEntityType, entity),
+ newAction);
+ } else {
+ update.put(new TPrivilegeEntity(tEntityType, entity), existingPriv + "," +
+ newAction);
+ }
+ return update;
+ }
+
/**
* Retrieves an up-to-date sentry role snapshot from {@code MSentryGroup} table.
* The snapshot is represented by a role to groups map.
http://git-wip-us.apache.org/repos/asf/sentry/blob/b65f5b2b/sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/provider/db/service/persistent/TestSentryStore.java
----------------------------------------------------------------------
diff --git a/sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/provider/db/service/persistent/TestSentryStore.java b/sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/provider/db/service/persistent/TestSentryStore.java
index 152c0ce..0322cc3 100644
--- a/sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/provider/db/service/persistent/TestSentryStore.java
+++ b/sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/provider/db/service/persistent/TestSentryStore.java
@@ -2466,11 +2466,27 @@ public class TestSentryStore extends org.junit.Assert {
sentryStore.alterSentryRoleAddGroups(grantor, roleName1, groups);
sentryStore.alterSentryRoleAddGroups(grantor, roleName2, groups);
+ //Grant owner privilege to role
+ TSentryPrivilege privilege3 = new TSentryPrivilege();
+ privilege3.setPrivilegeScope("TABLE");
+ privilege3.setServerName("server1");
+ privilege3.setDbName("db3");
+ privilege3.setTableName("tbl1");
+ privilege3.setAction("OWNER");
+ privilege3.setCreateTime(System.currentTimeMillis());
+ sentryStore.alterSentryRoleGrantPrivilege(grantor, roleName1, privilege3);
+ sentryStore.alterSentryRoleGrantPrivilege(grantor, roleName2, privilege3);
+
PermissionsImage permImage = sentryStore.retrieveFullPermssionsImage();
Map<String, Map<TPrivilegeEntity, String>> privs = permImage.getPrivilegeImage();
Map<String, List<String>> roles = permImage.getRoleImage();
assertEquals(2, privs.get("db1.tbl1").size());
assertEquals(2, roles.size());
+
+ assertEquals(2, privs.get("db3.tbl1").size());
+ assertEquals("ALL", privs.get("db3.tbl1").get(new TPrivilegeEntity(TPrivilegeEntityType.ROLE, roleName1)));
+ assertEquals("ALL", privs.get("db3.tbl1").get(new TPrivilegeEntity(TPrivilegeEntityType.ROLE, roleName2)));
+
}
/**