You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@sentry.apache.org by pr...@apache.org on 2014/09/30 20:20:23 UTC
git commit: SENTRY-445: WITH GRANT OPTION does not allow delegated
user to grant less permissive privileges (Prasad Mujumdar,
reviewed by Linni Kuff
Repository: incubator-sentry
Updated Branches:
refs/heads/master 977d69f22 -> f31450c93
SENTRY-445: WITH GRANT OPTION does not allow delegated user to grant less permissive privileges (Prasad Mujumdar, reviewed by Linni Kuff
Project: http://git-wip-us.apache.org/repos/asf/incubator-sentry/repo
Commit: http://git-wip-us.apache.org/repos/asf/incubator-sentry/commit/f31450c9
Tree: http://git-wip-us.apache.org/repos/asf/incubator-sentry/tree/f31450c9
Diff: http://git-wip-us.apache.org/repos/asf/incubator-sentry/diff/f31450c9
Branch: refs/heads/master
Commit: f31450c93e564cbcbc7f9a2c264887d056b2aecf
Parents: 977d69f
Author: Prasad Mujumdar <pr...@cloudera.com>
Authored: Tue Sep 30 11:20:10 2014 -0700
Committer: Prasad Mujumdar <pr...@cloudera.com>
Committed: Tue Sep 30 11:20:10 2014 -0700
----------------------------------------------------------------------
.../sentry/core/model/db/AccessConstants.java | 1 +
.../db/service/model/MSentryPrivilege.java | 6 ++-
.../service/persistent/TestSentryPrivilege.java | 49 +++++++++++++-------
3 files changed, 38 insertions(+), 18 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/f31450c9/sentry-core/sentry-core-model-db/src/main/java/org/apache/sentry/core/model/db/AccessConstants.java
----------------------------------------------------------------------
diff --git a/sentry-core/sentry-core-model-db/src/main/java/org/apache/sentry/core/model/db/AccessConstants.java b/sentry-core/sentry-core-model-db/src/main/java/org/apache/sentry/core/model/db/AccessConstants.java
index 26007d9..99cefb7 100644
--- a/sentry-core/sentry-core-model-db/src/main/java/org/apache/sentry/core/model/db/AccessConstants.java
+++ b/sentry-core/sentry-core-model-db/src/main/java/org/apache/sentry/core/model/db/AccessConstants.java
@@ -26,6 +26,7 @@ public class AccessConstants {
*/
public static final String ALL = "*";
public static final String SOME = "+";
+ public static final String ACTION_ALL = "ALL";
public static final String SELECT = "select";
public static final String INSERT = "insert";
http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/f31450c9/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/model/MSentryPrivilege.java
----------------------------------------------------------------------
diff --git a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/model/MSentryPrivilege.java b/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/model/MSentryPrivilege.java
index 0667cb5..1150e47 100644
--- a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/model/MSentryPrivilege.java
+++ b/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/model/MSentryPrivilege.java
@@ -24,6 +24,7 @@ import java.util.Set;
import javax.jdo.annotations.PersistenceCapable;
import org.apache.sentry.core.common.utils.PathUtils;
+import org.apache.sentry.core.model.db.AccessConstants;
import org.apache.sentry.provider.db.service.persistent.SentryStore;
/**
@@ -268,8 +269,9 @@ public boolean equals(Object obj) {
}
// check action implies
- if (!action.equalsIgnoreCase("*") &&
- !action.equalsIgnoreCase(other.action)) {
+ if (!action.equalsIgnoreCase(AccessConstants.ALL)
+ && !action.equalsIgnoreCase(other.action)
+ && !action.equalsIgnoreCase(AccessConstants.ACTION_ALL)) {
return false;
}
http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/f31450c9/sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/provider/db/service/persistent/TestSentryPrivilege.java
----------------------------------------------------------------------
diff --git a/sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/provider/db/service/persistent/TestSentryPrivilege.java b/sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/provider/db/service/persistent/TestSentryPrivilege.java
index 91d3171..47caf07 100644
--- a/sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/provider/db/service/persistent/TestSentryPrivilege.java
+++ b/sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/provider/db/service/persistent/TestSentryPrivilege.java
@@ -50,28 +50,45 @@ public class TestSentryPrivilege {
my.setDbName("");
assertTrue(my.implies(your));
- // 2.test server+URI+action
- my = new MSentryPrivilege();
- your = new MSentryPrivilege();
- my.setServerName("server1");
- my.setAction(AccessConstants.ALL);
- your.setServerName("server1");
- your.setAction(AccessConstants.ALL);
- my.setURI("hdfs://namenode:9000/path");
- your.setURI("hdfs://namenode:9000/path");
+ my.setAction(AccessConstants.ACTION_ALL);
assertTrue(my.implies(your));
- my.setURI("hdfs://namenode:9000/path");
- your.setURI("hdfs://namenode:9000/path/to/some/dir");
+ my.setTableName("");
assertTrue(my.implies(your));
- my.setURI("file:///path");
- your.setURI("file:///path");
+ my.setDbName("");
assertTrue(my.implies(your));
- my.setURI("file:///path");
- your.setURI("file:///path/to/some/dir");
- assertTrue(my.implies(your));
+ // 2.test server+URI+action using all combinations of * and ALL for action
+ String[][] actionMap = new String[][] {
+ { AccessConstants.ALL, AccessConstants.ALL },
+ { AccessConstants.ALL, AccessConstants.ACTION_ALL },
+ { AccessConstants.ACTION_ALL, AccessConstants.ALL },
+ { AccessConstants.ACTION_ALL, AccessConstants.ACTION_ALL } };
+
+ for (int actions = 0; actions < actionMap.length; actions++) {
+ my = new MSentryPrivilege();
+ your = new MSentryPrivilege();
+ my.setServerName("server1");
+ my.setAction(actionMap[actions][0]);
+ your.setServerName("server1");
+ your.setAction(actionMap[actions][1]);
+ my.setURI("hdfs://namenode:9000/path");
+ your.setURI("hdfs://namenode:9000/path");
+ assertTrue(my.implies(your));
+
+ my.setURI("hdfs://namenode:9000/path");
+ your.setURI("hdfs://namenode:9000/path/to/some/dir");
+ assertTrue(my.implies(your));
+
+ my.setURI("file:///path");
+ your.setURI("file:///path");
+ assertTrue(my.implies(your));
+
+ my.setURI("file:///path");
+ your.setURI("file:///path/to/some/dir");
+ assertTrue(my.implies(your));
+ }
}
@Test