You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@sentry.apache.org by sp...@apache.org on 2018/06/26 14:42:15 UTC

sentry git commit: SENTRY-2238: Explicitly set Database on SentryHivePrivilegeObjectDesc (Arjun Mishra, reviewed by Sergio Pena, Na Li)

Repository: sentry
Updated Branches:
  refs/heads/master 9caa0d1d0 -> 3ae60f6b8


SENTRY-2238: Explicitly set Database on SentryHivePrivilegeObjectDesc (Arjun Mishra, reviewed by Sergio Pena, Na Li)


Project: http://git-wip-us.apache.org/repos/asf/sentry/repo
Commit: http://git-wip-us.apache.org/repos/asf/sentry/commit/3ae60f6b
Tree: http://git-wip-us.apache.org/repos/asf/sentry/tree/3ae60f6b
Diff: http://git-wip-us.apache.org/repos/asf/sentry/diff/3ae60f6b

Branch: refs/heads/master
Commit: 3ae60f6b8dc21887517e8b5a6a20a279e8d699bf
Parents: 9caa0d1
Author: Sergio Pena <se...@cloudera.com>
Authored: Tue Jun 26 09:38:40 2018 -0500
Committer: Sergio Pena <se...@cloudera.com>
Committed: Tue Jun 26 09:42:05 2018 -0500

----------------------------------------------------------------------
 .../ql/exec/SentryHivePrivilegeObjectDesc.java  |  9 +++++++
 .../SentryHiveAuthorizationTaskFactoryImpl.java |  4 +++
 .../TestSentryHiveAuthorizationTaskFactory.java | 26 ++++++++++++++++++--
 3 files changed, 37 insertions(+), 2 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/sentry/blob/3ae60f6b/sentry-binding/sentry-binding-hive-common/src/main/java/org/apache/hadoop/hive/ql/exec/SentryHivePrivilegeObjectDesc.java
----------------------------------------------------------------------
diff --git a/sentry-binding/sentry-binding-hive-common/src/main/java/org/apache/hadoop/hive/ql/exec/SentryHivePrivilegeObjectDesc.java b/sentry-binding/sentry-binding-hive-common/src/main/java/org/apache/hadoop/hive/ql/exec/SentryHivePrivilegeObjectDesc.java
index 4fa4221..be99a3d 100644
--- a/sentry-binding/sentry-binding-hive-common/src/main/java/org/apache/hadoop/hive/ql/exec/SentryHivePrivilegeObjectDesc.java
+++ b/sentry-binding/sentry-binding-hive-common/src/main/java/org/apache/hadoop/hive/ql/exec/SentryHivePrivilegeObjectDesc.java
@@ -22,6 +22,7 @@ import org.apache.hadoop.hive.ql.plan.PrivilegeObjectDesc;
 public class SentryHivePrivilegeObjectDesc extends PrivilegeObjectDesc {
   private boolean isUri;
   private boolean isServer;
+  private boolean isDatabase;
 
   public SentryHivePrivilegeObjectDesc() {
     // reset table type which is on by default
@@ -48,4 +49,12 @@ public class SentryHivePrivilegeObjectDesc extends PrivilegeObjectDesc {
     return isServer || isUri;
   }
 
+  public boolean getDatabase() {
+    return isDatabase;
+  }
+
+  public void setDatabase(boolean isDatabase) {
+    this.isDatabase = isDatabase;
+  }
+
 }

http://git-wip-us.apache.org/repos/asf/sentry/blob/3ae60f6b/sentry-binding/sentry-binding-hive/src/main/java/org/apache/sentry/binding/hive/SentryHiveAuthorizationTaskFactoryImpl.java
----------------------------------------------------------------------
diff --git a/sentry-binding/sentry-binding-hive/src/main/java/org/apache/sentry/binding/hive/SentryHiveAuthorizationTaskFactoryImpl.java b/sentry-binding/sentry-binding-hive/src/main/java/org/apache/sentry/binding/hive/SentryHiveAuthorizationTaskFactoryImpl.java
index 660bef1..e58fe86 100644
--- a/sentry-binding/sentry-binding-hive/src/main/java/org/apache/sentry/binding/hive/SentryHiveAuthorizationTaskFactoryImpl.java
+++ b/sentry-binding/sentry-binding-hive/src/main/java/org/apache/sentry/binding/hive/SentryHiveAuthorizationTaskFactoryImpl.java
@@ -326,6 +326,10 @@ public class SentryHiveAuthorizationTaskFactoryImpl implements HiveAuthorization
           subject.setUri(true);
         } else if (astChild.getToken().getType() == HiveParser.TOK_SERVER_TYPE) {
           subject.setServer(true);
+        } else if(astChild.getToken().getType() == HiveParser.TOK_DB_TYPE) {
+          subject.setDatabase(true);
+          String qualified = BaseSemanticAnalyzer.getUnescapedName(gchild);
+          subject.setObject(qualified);
         } else if (astChild.getToken().getType() == HiveParser.TOK_TABLE_TYPE) {
           subject.setTable(true);
           String qualified = BaseSemanticAnalyzer.getUnescapedName(gchild);

http://git-wip-us.apache.org/repos/asf/sentry/blob/3ae60f6b/sentry-binding/sentry-binding-hive/src/test/java/org/apache/sentry/binding/hive/TestSentryHiveAuthorizationTaskFactory.java
----------------------------------------------------------------------
diff --git a/sentry-binding/sentry-binding-hive/src/test/java/org/apache/sentry/binding/hive/TestSentryHiveAuthorizationTaskFactory.java b/sentry-binding/sentry-binding-hive/src/test/java/org/apache/sentry/binding/hive/TestSentryHiveAuthorizationTaskFactory.java
index 8b6b223..e497f8c 100644
--- a/sentry-binding/sentry-binding-hive/src/test/java/org/apache/sentry/binding/hive/TestSentryHiveAuthorizationTaskFactory.java
+++ b/sentry-binding/sentry-binding-hive/src/test/java/org/apache/sentry/binding/hive/TestSentryHiveAuthorizationTaskFactory.java
@@ -403,6 +403,20 @@ public class TestSentryHiveAuthorizationTaskFactory {
   }
 
   /**
+   * SHOW GRANT ROLE ... ON DATABASE ...
+   */
+  @Test
+  public void testShowGrantRoleOnDatabase() throws Exception {
+    DDLWork work = analyze(parse("SHOW GRANT ROLE " + ROLE + " ON DATABASE " + DB));
+    ShowGrantDesc grantDesc = work.getShowGrantDesc();
+    Assert.assertNotNull("Show grant should not be null", grantDesc);
+    Assert.assertEquals(PrincipalType.ROLE, grantDesc.getPrincipalDesc().getType());
+    Assert.assertEquals(ROLE, grantDesc.getPrincipalDesc().getName());
+    Assert.assertTrue("Expected database", ((SentryHivePrivilegeObjectDesc)grantDesc.getHiveObj()).getDatabase());
+    Assert.assertEquals(DB, ((SentryHivePrivilegeObjectDesc)grantDesc.getHiveObj()).getObject());
+  }
+
+  /**
    * SHOW GRANT GROUP ... ON TABLE ...
    */
   @Test
@@ -412,6 +426,15 @@ public class TestSentryHiveAuthorizationTaskFactory {
   }
 
   /**
+   * SHOW GRANT GROUP ... ON DATABASE ...
+   */
+  @Test
+  public void testShowGrantGroupOnDatabase() throws Exception {
+    expectSemanticException("SHOW GRANT GROUP " + GROUP + " ON DATABASE " + DB,
+        SentryHiveConstants.SHOW_NOT_SUPPORTED_FOR_PRINCIPAL + "GROUP");
+  }
+
+  /**
    * SHOW ROLES
    */
   @Test
@@ -499,8 +522,7 @@ public class TestSentryHiveAuthorizationTaskFactory {
     Assert.assertEquals(null, grantDesc.getPrincipalDesc().getType());
     Assert.assertEquals(StringUtils.EMPTY, grantDesc.getPrincipalDesc().getName());
     Assert.assertEquals(DB, grantDesc.getHiveObj().getObject());
-    //TODO - Part of SENTRY-2238 commit
-//    Assert.assertTrue("Expected database", ((SentryHivePrivilegeObjectDesc)grantDesc.getHiveObj()).getDatabase());
+    Assert.assertTrue("Expected database", ((SentryHivePrivilegeObjectDesc)grantDesc.getHiveObj()).getDatabase());
   }
 
   /**