You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@sentry.apache.org by ak...@apache.org on 2017/03/11 02:05:41 UTC
sentry git commit: SENTRY-1352: Enable CREATEMACRO and DROPMACRO
operations in V2 (Ke Jia via Dapeng Sun)
Repository: sentry
Updated Branches:
refs/heads/sentry-ha-redesign f40831d70 -> 1e031de81
SENTRY-1352: Enable CREATEMACRO and DROPMACRO operations in V2 (Ke Jia via Dapeng Sun)
Project: http://git-wip-us.apache.org/repos/asf/sentry/repo
Commit: http://git-wip-us.apache.org/repos/asf/sentry/commit/1e031de8
Tree: http://git-wip-us.apache.org/repos/asf/sentry/tree/1e031de8
Diff: http://git-wip-us.apache.org/repos/asf/sentry/diff/1e031de8
Branch: refs/heads/sentry-ha-redesign
Commit: 1e031de81dd3f64bc6efff95b53a31a13efa135c
Parents: f40831d
Author: Alexander Kolbasov <ak...@cloudera.com>
Authored: Fri Mar 10 18:05:35 2017 -0800
Committer: Alexander Kolbasov <ak...@cloudera.com>
Committed: Fri Mar 10 18:05:35 2017 -0800
----------------------------------------------------------------------
.../hive/v2/HiveAuthzPrivilegesMapV2.java | 14 ++++
.../AbstractTestWithStaticConfiguration.java | 3 +-
.../sentry/tests/e2e/hive/TestOperations.java | 70 ++++++++++++++++++++
3 files changed, 86 insertions(+), 1 deletion(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/sentry/blob/1e031de8/sentry-binding/sentry-binding-hive-v2/src/main/java/org/apache/sentry/binding/hive/v2/HiveAuthzPrivilegesMapV2.java
----------------------------------------------------------------------
diff --git a/sentry-binding/sentry-binding-hive-v2/src/main/java/org/apache/sentry/binding/hive/v2/HiveAuthzPrivilegesMapV2.java b/sentry-binding/sentry-binding-hive-v2/src/main/java/org/apache/sentry/binding/hive/v2/HiveAuthzPrivilegesMapV2.java
index f8f11ef..61278fe 100644
--- a/sentry-binding/sentry-binding-hive-v2/src/main/java/org/apache/sentry/binding/hive/v2/HiveAuthzPrivilegesMapV2.java
+++ b/sentry-binding/sentry-binding-hive-v2/src/main/java/org/apache/sentry/binding/hive/v2/HiveAuthzPrivilegesMapV2.java
@@ -37,6 +37,17 @@ public class HiveAuthzPrivilegesMapV2 {
setOperationType(HiveOperationType.DDL).
build();
+ HiveAuthzPrivileges createMacroPrivilege = new HiveAuthzPrivileges.AuthzPrivilegeBuilder().
+ addOutputObjectPriviledge(AuthorizableType.Db, EnumSet.of(DBModelAction.CREATE)).
+ setOperationScope(HiveOperationScope.DATABASE).
+ setOperationType(HiveOperationType.DDL).
+ build();
+ HiveAuthzPrivileges dropMacroPrivilege = new HiveAuthzPrivileges.AuthzPrivilegeBuilder().
+ addOutputObjectPriviledge(AuthorizableType.Db, EnumSet.of(DBModelAction.DROP)).
+ setOperationScope(HiveOperationScope.DATABASE).
+ setOperationType(HiveOperationType.DDL).
+ build();
+
HiveAuthzPrivileges tableCreatePrivilege = new HiveAuthzPrivileges.AuthzPrivilegeBuilder().
addOutputObjectPriviledge(AuthorizableType.Db, EnumSet.of(DBModelAction.CREATE)).
addInputObjectPriviledge(AuthorizableType.URI, EnumSet.of(DBModelAction.ALL)).//TODO: make it optional
@@ -207,6 +218,9 @@ public class HiveAuthzPrivilegesMapV2 {
hiveAuthzStmtPrivMap.put(HiveOperation.ALTERDATABASE, alterDbPrivilege);
hiveAuthzStmtPrivMap.put(HiveOperation.ALTERDATABASE_OWNER, alterDbPrivilege);
+ hiveAuthzStmtPrivMap.put(HiveOperation.CREATEMACRO, createMacroPrivilege);
+ hiveAuthzStmtPrivMap.put(HiveOperation.DROPMACRO, dropMacroPrivilege);
+
hiveAuthzStmtPrivMap.put(HiveOperation.DROPTABLE, dropTablePrivilege);
hiveAuthzStmtPrivMap.put(HiveOperation.CREATEVIEW, createViewPrivilege);
hiveAuthzStmtPrivMap.put(HiveOperation.DROPVIEW, dropTablePrivilege);
http://git-wip-us.apache.org/repos/asf/sentry/blob/1e031de8/sentry-tests/sentry-tests-hive-v2/src/test/java/org/apache/sentry/tests/e2e/hive/AbstractTestWithStaticConfiguration.java
----------------------------------------------------------------------
diff --git a/sentry-tests/sentry-tests-hive-v2/src/test/java/org/apache/sentry/tests/e2e/hive/AbstractTestWithStaticConfiguration.java b/sentry-tests/sentry-tests-hive-v2/src/test/java/org/apache/sentry/tests/e2e/hive/AbstractTestWithStaticConfiguration.java
index 749b76c..458e91d 100644
--- a/sentry-tests/sentry-tests-hive-v2/src/test/java/org/apache/sentry/tests/e2e/hive/AbstractTestWithStaticConfiguration.java
+++ b/sentry-tests/sentry-tests-hive-v2/src/test/java/org/apache/sentry/tests/e2e/hive/AbstractTestWithStaticConfiguration.java
@@ -113,7 +113,8 @@ public abstract class AbstractTestWithStaticConfiguration {
VIEW1 = "view_1",
VIEW2 = "view_2",
VIEW3 = "view_3",
- INDEX1 = "index_1";
+ INDEX1 = "index_1",
+ DEFAULT = "default";
protected static final String SERVER_HOST = "localhost";
private static final String EXTERNAL_SENTRY_SERVICE = "sentry.e2etest.external.sentry";
http://git-wip-us.apache.org/repos/asf/sentry/blob/1e031de8/sentry-tests/sentry-tests-hive-v2/src/test/java/org/apache/sentry/tests/e2e/hive/TestOperations.java
----------------------------------------------------------------------
diff --git a/sentry-tests/sentry-tests-hive-v2/src/test/java/org/apache/sentry/tests/e2e/hive/TestOperations.java b/sentry-tests/sentry-tests-hive-v2/src/test/java/org/apache/sentry/tests/e2e/hive/TestOperations.java
index 5bda2e7..eba46fb 100644
--- a/sentry-tests/sentry-tests-hive-v2/src/test/java/org/apache/sentry/tests/e2e/hive/TestOperations.java
+++ b/sentry-tests/sentry-tests-hive-v2/src/test/java/org/apache/sentry/tests/e2e/hive/TestOperations.java
@@ -50,9 +50,12 @@ public class TestOperations extends AbstractTestWithStaticConfiguration {
privileges.put("create_server", "server=server1->action=create");
privileges.put("all_db1", "server=server1->db=" + DB1 + "->action=all");
privileges.put("select_db1", "server=server1->db=" + DB1 + "->action=select");
+ privileges.put("select_default", "server=server1->db=" + DEFAULT + "->action=select");
privileges.put("insert_db1", "server=server1->db=" + DB1 + "->action=insert");
privileges.put("create_db1", "server=server1->db=" + DB1 + "->action=create");
+ privileges.put("create_default", "server=server1->db=" + DEFAULT + "->action=create");
privileges.put("drop_db1", "server=server1->db=" + DB1 + "->action=drop");
+ privileges.put("drop_default", "server=server1->db=" + DEFAULT + "->action=drop");
privileges.put("alter_db1", "server=server1->db=" + DB1 + "->action=alter");
privileges.put("create_db2", "server=server1->db=" + DB2 + "->action=create");
@@ -166,6 +169,73 @@ public class TestOperations extends AbstractTestWithStaticConfiguration {
connection.close();
}
+ @Test
+ public void testCreateMacro() throws Exception {
+ policyFile
+ .addPermissionsToRole("create_default", privileges.get("create_default"))
+ .addRolesToGroup(USERGROUP1, "create_default");
+
+ writePolicyFile(policyFile);
+ Connection connection = context.createConnection(USER1_1);
+ Statement statement = context.createStatement(connection);
+ statement.execute("CREATE TEMPORARY MACRO SIGMOID (x DOUBLE) 1.0 / (1.0 + EXP(-x))");
+ statement.close();
+ connection.close();
+
+ //Negative case
+ policyFile
+ .addPermissionsToRole("select_default", privileges.get("select_default"))
+ .addRolesToGroup(USERGROUP2, "select_default");
+ writePolicyFile(policyFile);
+
+ connection = context.createConnection(USER2_1);
+ statement = context.createStatement(connection);
+ context.assertSentrySemanticException(statement,
+ "CREATE TEMPORARY MACRO SIGMOID (x DOUBLE) 1.0 / (1.0 + EXP(-x))", semanticException);
+ statement.close();
+ connection.close();
+ }
+
+ @Test
+ public void testDropMacro() throws Exception {
+ adminCreate(DB1, null);
+ policyFile
+ .addPermissionsToRole("drop_default", privileges.get("drop_default"))
+ .addRolesToGroup(USERGROUP1, "drop_default");
+
+ writePolicyFile(policyFile);
+
+ Connection connection;
+ Statement statement;
+
+ connection = context.createConnection(ADMIN1);
+ statement = context.createStatement(connection);
+ statement.execute("CREATE TEMPORARY MACRO SIGMOID (x DOUBLE) 1.0 / (1.0 + EXP(-x))");
+
+ connection = context.createConnection(USER1_1);
+ statement = context.createStatement(connection);
+ statement.execute("DROP TEMPORARY MACRO SIGMOID");
+ statement.close();
+ connection.close();
+
+
+ connection = context.createConnection(ADMIN1);
+ statement = context.createStatement(connection);
+ statement.execute("CREATE TEMPORARY MACRO SIGMOID (x DOUBLE) 1.0 / (1.0 + EXP(-x))");
+ //Negative case
+ adminCreate(DB1, null);
+ policyFile
+ .addPermissionsToRole("select_default", privileges.get("select_default"))
+ .addRolesToGroup(USERGROUP2, "select_default");
+ writePolicyFile(policyFile);
+
+ connection = context.createConnection(USER2_1);
+ statement = context.createStatement(connection);
+ context.assertSentrySemanticException(statement, " DROP TEMPORARY MACRO SIGMOID", semanticException);
+ statement.close();
+ connection.close();
+ }
+
/* Test all operations that require create on Database alone
1. Create table : HiveOperation.CREATETABLE
*/