You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@sentry.apache.org by pr...@apache.org on 2014/06/18 23:09:12 UTC
git commit: SENTRY-307: Unqualified URIs should be reconstructed in a
standard way (Sravya Tirukkovalur via Prasad Mujumdar)
Repository: incubator-sentry
Updated Branches:
refs/heads/master 5134a092a -> eefdec94a
SENTRY-307: Unqualified URIs should be reconstructed in a standard way (Sravya Tirukkovalur via Prasad Mujumdar)
Project: http://git-wip-us.apache.org/repos/asf/incubator-sentry/repo
Commit: http://git-wip-us.apache.org/repos/asf/incubator-sentry/commit/eefdec94
Tree: http://git-wip-us.apache.org/repos/asf/incubator-sentry/tree/eefdec94
Diff: http://git-wip-us.apache.org/repos/asf/incubator-sentry/diff/eefdec94
Branch: refs/heads/master
Commit: eefdec94a251e6d7bbf0dcb32b487961c665ba69
Parents: 5134a09
Author: Prasad Mujumdar <pr...@cloudera.com>
Authored: Wed Jun 18 14:08:54 2014 -0700
Committer: Prasad Mujumdar <pr...@cloudera.com>
Committed: Wed Jun 18 14:08:54 2014 -0700
----------------------------------------------------------------------
.../hadoop/hive/ql/exec/SentryGrantRevokeTask.java | 9 ++++++++-
.../binding/metastore/MetastoreAuthzBinding.java | 14 ++++++++++++--
2 files changed, 20 insertions(+), 3 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/eefdec94/sentry-binding/sentry-binding-hive/src/main/java/org/apache/hadoop/hive/ql/exec/SentryGrantRevokeTask.java
----------------------------------------------------------------------
diff --git a/sentry-binding/sentry-binding-hive/src/main/java/org/apache/hadoop/hive/ql/exec/SentryGrantRevokeTask.java b/sentry-binding/sentry-binding-hive/src/main/java/org/apache/hadoop/hive/ql/exec/SentryGrantRevokeTask.java
index 122d137..f29078a 100644
--- a/sentry-binding/sentry-binding-hive/src/main/java/org/apache/hadoop/hive/ql/exec/SentryGrantRevokeTask.java
+++ b/sentry-binding/sentry-binding-hive/src/main/java/org/apache/hadoop/hive/ql/exec/SentryGrantRevokeTask.java
@@ -21,6 +21,7 @@ import java.io.DataOutputStream;
import java.io.IOException;
import java.io.OutputStreamWriter;
import java.io.Serializable;
+import java.net.URISyntaxException;
import java.util.ArrayList;
import java.util.HashSet;
import java.util.List;
@@ -62,6 +63,7 @@ import org.apache.sentry.binding.hive.conf.HiveAuthzConf.AuthzConfVars;
import org.apache.sentry.core.common.ActiveRoleSet;
import org.apache.sentry.core.common.Authorizable;
import org.apache.sentry.core.common.Subject;
+import org.apache.sentry.core.common.utils.PathUtils;
import org.apache.sentry.core.model.db.AccessURI;
import org.apache.sentry.core.model.db.Database;
import org.apache.sentry.core.model.db.Server;
@@ -337,7 +339,12 @@ public class SentryGrantRevokeTask extends Task<DDLWork> implements Serializable
} else if (privSubjectDesc.getUri()) {
String uriPath = privSubjectDesc.getObject();
- authorizableHeirarchy.add(new AccessURI(uriPath));
+ String warehouseDir = conf.getVar(HiveConf.ConfVars.METASTOREWAREHOUSE);
+ try {
+ authorizableHeirarchy.add(new AccessURI(PathUtils.parseDFSURI(warehouseDir, uriPath)));
+ } catch(URISyntaxException e) {
+ throw new HiveException(e.getMessage());
+ }
} else {
dbName = privSubjectDesc.getObject();
authorizableHeirarchy.add(new Database(dbName));
http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/eefdec94/sentry-binding/sentry-binding-hive/src/main/java/org/apache/sentry/binding/metastore/MetastoreAuthzBinding.java
----------------------------------------------------------------------
diff --git a/sentry-binding/sentry-binding-hive/src/main/java/org/apache/sentry/binding/metastore/MetastoreAuthzBinding.java b/sentry-binding/sentry-binding-hive/src/main/java/org/apache/sentry/binding/metastore/MetastoreAuthzBinding.java
index 057f704..c87e258 100644
--- a/sentry-binding/sentry-binding-hive/src/main/java/org/apache/sentry/binding/metastore/MetastoreAuthzBinding.java
+++ b/sentry-binding/sentry-binding-hive/src/main/java/org/apache/sentry/binding/metastore/MetastoreAuthzBinding.java
@@ -20,6 +20,7 @@ package org.apache.sentry.binding.metastore;
import java.io.File;
import java.io.IOException;
import java.net.MalformedURLException;
+import java.net.URISyntaxException;
import java.net.URL;
import java.util.ArrayList;
import java.util.List;
@@ -44,6 +45,7 @@ import org.apache.hadoop.hive.metastore.events.PreDropPartitionEvent;
import org.apache.hadoop.hive.metastore.events.PreDropTableEvent;
import org.apache.hadoop.hive.metastore.events.PreEventContext;
import org.apache.hadoop.hive.ql.metadata.AuthorizationException;
+import org.apache.hadoop.hive.ql.metadata.HiveException;
import org.apache.hadoop.hive.ql.plan.HiveOperation;
import org.apache.hadoop.hive.shims.ShimLoader;
import org.apache.sentry.binding.hive.authz.HiveAuthzBinding;
@@ -51,6 +53,7 @@ import org.apache.sentry.binding.hive.authz.HiveAuthzPrivilegesMap;
import org.apache.sentry.binding.hive.conf.HiveAuthzConf;
import org.apache.sentry.binding.hive.conf.HiveAuthzConf.AuthzConfVars;
import org.apache.sentry.core.common.Subject;
+import org.apache.sentry.core.common.utils.PathUtils;
import org.apache.sentry.core.model.db.AccessURI;
import org.apache.sentry.core.model.db.DBModelAuthorizable;
import org.apache.sentry.core.model.db.Database;
@@ -207,8 +210,15 @@ public class MetastoreAuthzBinding extends MetaStorePreEventListener {
throws InvalidOperationException, MetaException {
HierarcyBuilder inputBuilder = new HierarcyBuilder();
if (!StringUtils.isEmpty(context.getTable().getSd().getLocation())) {
- inputBuilder.addUriToOutput(getAuthServer(), context.getTable().getSd()
- .getLocation());
+ String warehouseDir = hiveConf.getVar(HiveConf.ConfVars.METASTOREWAREHOUSE);
+ String uriPath;
+ try {
+ uriPath = PathUtils.parseDFSURI(warehouseDir, context.getTable().getSd()
+ .getLocation());
+ } catch(URISyntaxException e) {
+ throw new MetaException(e.getMessage());
+ }
+ inputBuilder.addUriToOutput(getAuthServer(), uriPath);
}
authorizeMetastoreAccess(HiveOperation.CREATETABLE, inputBuilder.build(),
new HierarcyBuilder().addDbToOutput(