You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@sentry.apache.org by sp...@apache.org on 2018/06/26 14:42:15 UTC
sentry git commit: SENTRY-2238: Explicitly set Database on
SentryHivePrivilegeObjectDesc (Arjun Mishra, reviewed by Sergio Pena, Na Li)
Repository: sentry
Updated Branches:
refs/heads/master 9caa0d1d0 -> 3ae60f6b8
SENTRY-2238: Explicitly set Database on SentryHivePrivilegeObjectDesc (Arjun Mishra, reviewed by Sergio Pena, Na Li)
Project: http://git-wip-us.apache.org/repos/asf/sentry/repo
Commit: http://git-wip-us.apache.org/repos/asf/sentry/commit/3ae60f6b
Tree: http://git-wip-us.apache.org/repos/asf/sentry/tree/3ae60f6b
Diff: http://git-wip-us.apache.org/repos/asf/sentry/diff/3ae60f6b
Branch: refs/heads/master
Commit: 3ae60f6b8dc21887517e8b5a6a20a279e8d699bf
Parents: 9caa0d1
Author: Sergio Pena <se...@cloudera.com>
Authored: Tue Jun 26 09:38:40 2018 -0500
Committer: Sergio Pena <se...@cloudera.com>
Committed: Tue Jun 26 09:42:05 2018 -0500
----------------------------------------------------------------------
.../ql/exec/SentryHivePrivilegeObjectDesc.java | 9 +++++++
.../SentryHiveAuthorizationTaskFactoryImpl.java | 4 +++
.../TestSentryHiveAuthorizationTaskFactory.java | 26 ++++++++++++++++++--
3 files changed, 37 insertions(+), 2 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/sentry/blob/3ae60f6b/sentry-binding/sentry-binding-hive-common/src/main/java/org/apache/hadoop/hive/ql/exec/SentryHivePrivilegeObjectDesc.java
----------------------------------------------------------------------
diff --git a/sentry-binding/sentry-binding-hive-common/src/main/java/org/apache/hadoop/hive/ql/exec/SentryHivePrivilegeObjectDesc.java b/sentry-binding/sentry-binding-hive-common/src/main/java/org/apache/hadoop/hive/ql/exec/SentryHivePrivilegeObjectDesc.java
index 4fa4221..be99a3d 100644
--- a/sentry-binding/sentry-binding-hive-common/src/main/java/org/apache/hadoop/hive/ql/exec/SentryHivePrivilegeObjectDesc.java
+++ b/sentry-binding/sentry-binding-hive-common/src/main/java/org/apache/hadoop/hive/ql/exec/SentryHivePrivilegeObjectDesc.java
@@ -22,6 +22,7 @@ import org.apache.hadoop.hive.ql.plan.PrivilegeObjectDesc;
public class SentryHivePrivilegeObjectDesc extends PrivilegeObjectDesc {
private boolean isUri;
private boolean isServer;
+ private boolean isDatabase;
public SentryHivePrivilegeObjectDesc() {
// reset table type which is on by default
@@ -48,4 +49,12 @@ public class SentryHivePrivilegeObjectDesc extends PrivilegeObjectDesc {
return isServer || isUri;
}
+ public boolean getDatabase() {
+ return isDatabase;
+ }
+
+ public void setDatabase(boolean isDatabase) {
+ this.isDatabase = isDatabase;
+ }
+
}
http://git-wip-us.apache.org/repos/asf/sentry/blob/3ae60f6b/sentry-binding/sentry-binding-hive/src/main/java/org/apache/sentry/binding/hive/SentryHiveAuthorizationTaskFactoryImpl.java
----------------------------------------------------------------------
diff --git a/sentry-binding/sentry-binding-hive/src/main/java/org/apache/sentry/binding/hive/SentryHiveAuthorizationTaskFactoryImpl.java b/sentry-binding/sentry-binding-hive/src/main/java/org/apache/sentry/binding/hive/SentryHiveAuthorizationTaskFactoryImpl.java
index 660bef1..e58fe86 100644
--- a/sentry-binding/sentry-binding-hive/src/main/java/org/apache/sentry/binding/hive/SentryHiveAuthorizationTaskFactoryImpl.java
+++ b/sentry-binding/sentry-binding-hive/src/main/java/org/apache/sentry/binding/hive/SentryHiveAuthorizationTaskFactoryImpl.java
@@ -326,6 +326,10 @@ public class SentryHiveAuthorizationTaskFactoryImpl implements HiveAuthorization
subject.setUri(true);
} else if (astChild.getToken().getType() == HiveParser.TOK_SERVER_TYPE) {
subject.setServer(true);
+ } else if(astChild.getToken().getType() == HiveParser.TOK_DB_TYPE) {
+ subject.setDatabase(true);
+ String qualified = BaseSemanticAnalyzer.getUnescapedName(gchild);
+ subject.setObject(qualified);
} else if (astChild.getToken().getType() == HiveParser.TOK_TABLE_TYPE) {
subject.setTable(true);
String qualified = BaseSemanticAnalyzer.getUnescapedName(gchild);
http://git-wip-us.apache.org/repos/asf/sentry/blob/3ae60f6b/sentry-binding/sentry-binding-hive/src/test/java/org/apache/sentry/binding/hive/TestSentryHiveAuthorizationTaskFactory.java
----------------------------------------------------------------------
diff --git a/sentry-binding/sentry-binding-hive/src/test/java/org/apache/sentry/binding/hive/TestSentryHiveAuthorizationTaskFactory.java b/sentry-binding/sentry-binding-hive/src/test/java/org/apache/sentry/binding/hive/TestSentryHiveAuthorizationTaskFactory.java
index 8b6b223..e497f8c 100644
--- a/sentry-binding/sentry-binding-hive/src/test/java/org/apache/sentry/binding/hive/TestSentryHiveAuthorizationTaskFactory.java
+++ b/sentry-binding/sentry-binding-hive/src/test/java/org/apache/sentry/binding/hive/TestSentryHiveAuthorizationTaskFactory.java
@@ -403,6 +403,20 @@ public class TestSentryHiveAuthorizationTaskFactory {
}
/**
+ * SHOW GRANT ROLE ... ON DATABASE ...
+ */
+ @Test
+ public void testShowGrantRoleOnDatabase() throws Exception {
+ DDLWork work = analyze(parse("SHOW GRANT ROLE " + ROLE + " ON DATABASE " + DB));
+ ShowGrantDesc grantDesc = work.getShowGrantDesc();
+ Assert.assertNotNull("Show grant should not be null", grantDesc);
+ Assert.assertEquals(PrincipalType.ROLE, grantDesc.getPrincipalDesc().getType());
+ Assert.assertEquals(ROLE, grantDesc.getPrincipalDesc().getName());
+ Assert.assertTrue("Expected database", ((SentryHivePrivilegeObjectDesc)grantDesc.getHiveObj()).getDatabase());
+ Assert.assertEquals(DB, ((SentryHivePrivilegeObjectDesc)grantDesc.getHiveObj()).getObject());
+ }
+
+ /**
* SHOW GRANT GROUP ... ON TABLE ...
*/
@Test
@@ -412,6 +426,15 @@ public class TestSentryHiveAuthorizationTaskFactory {
}
/**
+ * SHOW GRANT GROUP ... ON DATABASE ...
+ */
+ @Test
+ public void testShowGrantGroupOnDatabase() throws Exception {
+ expectSemanticException("SHOW GRANT GROUP " + GROUP + " ON DATABASE " + DB,
+ SentryHiveConstants.SHOW_NOT_SUPPORTED_FOR_PRINCIPAL + "GROUP");
+ }
+
+ /**
* SHOW ROLES
*/
@Test
@@ -499,8 +522,7 @@ public class TestSentryHiveAuthorizationTaskFactory {
Assert.assertEquals(null, grantDesc.getPrincipalDesc().getType());
Assert.assertEquals(StringUtils.EMPTY, grantDesc.getPrincipalDesc().getName());
Assert.assertEquals(DB, grantDesc.getHiveObj().getObject());
- //TODO - Part of SENTRY-2238 commit
-// Assert.assertTrue("Expected database", ((SentryHivePrivilegeObjectDesc)grantDesc.getHiveObj()).getDatabase());
+ Assert.assertTrue("Expected database", ((SentryHivePrivilegeObjectDesc)grantDesc.getHiveObj()).getDatabase());
}
/**