HIVE-11780: Add "set role none" support(Sun Dapeng, reviewed by Ferdinand Xu)
Project: http://git-wip-us.apache.org/repos/asf/hive/repo Commit: http://git-wip-us.apache.org/repos/asf/hive/commit/8bcd07d1 Tree: http://git-wip-us.apache.org/repos/asf/hive/tree/8bcd07d1 Diff: http://git-wip-us.apache.org/repos/asf/hive/diff/8bcd07d1 Branch: refs/heads/spark Commit: 8bcd07d18d7791745b54b1775bbf54e26c23aeea Parents: 66fb960 Author: Sun Dapeng <[email protected]> Authored: Mon Sep 14 02:54:52 2015 -0400 Committer: Ferdinand Xu <[email protected]> Committed: Mon Sep 14 02:54:52 2015 -0400 ---------------------------------------------------------------------- ql/src/java/org/apache/hadoop/hive/ql/parse/HiveParser.g | 2 ++ .../plugin/sqlstd/SQLStdHiveAccessController.java | 5 +++++ .../clientpositive/authorization_set_show_current_role.q | 3 +++ .../clientpositive/authorization_set_show_current_role.q.out | 8 ++++++++ 4 files changed, 18 insertions(+) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/hive/blob/8bcd07d1/ql/src/java/org/apache/hadoop/hive/ql/parse/HiveParser.g ---------------------------------------------------------------------- diff --git a/ql/src/java/org/apache/hadoop/hive/ql/parse/HiveParser.g b/ql/src/java/org/apache/hadoop/hive/ql/parse/HiveParser.g index cf7ab3a..3969a54 100644 --- a/ql/src/java/org/apache/hadoop/hive/ql/parse/HiveParser.g +++ b/ql/src/java/org/apache/hadoop/hive/ql/parse/HiveParser.g @@ -1495,6 +1495,8 @@ setRole ( (KW_ALL) => (all=KW_ALL) -> ^(TOK_SHOW_SET_ROLE Identifier[$all.text]) | + (KW_NONE) => (none=KW_NONE) -> ^(TOK_SHOW_SET_ROLE Identifier[$none.text]) + | identifier -> ^(TOK_SHOW_SET_ROLE identifier) ) ; http://git-wip-us.apache.org/repos/asf/hive/blob/8bcd07d1/ql/src/java/org/apache/hadoop/hive/ql/security/authorization/plugin/sqlstd/SQLStdHiveAccessController.java ---------------------------------------------------------------------- diff --git a/ql/src/java/org/apache/hadoop/hive/ql/security/authorization/plugin/sqlstd/SQLStdHiveAccessController.java b/ql/src/java/org/apache/hadoop/hive/ql/security/authorization/plugin/sqlstd/SQLStdHiveAccessController.java index 9c78876..2f6e26b 100644 --- a/ql/src/java/org/apache/hadoop/hive/ql/security/authorization/plugin/sqlstd/SQLStdHiveAccessController.java +++ b/ql/src/java/org/apache/hadoop/hive/ql/security/authorization/plugin/sqlstd/SQLStdHiveAccessController.java @@ -520,6 +520,11 @@ public class SQLStdHiveAccessController implements HiveAccessController { HiveAuthzPluginException { initUserRoles(); + if (NONE.equalsIgnoreCase(roleName)) { + // for set role NONE, clear all roles for current session. + currentRoles.clear(); + return; + } if (ALL.equalsIgnoreCase(roleName)) { // for set role ALL, reset roles to default roles. currentRoles.clear(); http://git-wip-us.apache.org/repos/asf/hive/blob/8bcd07d1/ql/src/test/queries/clientpositive/authorization_set_show_current_role.q ---------------------------------------------------------------------- diff --git a/ql/src/test/queries/clientpositive/authorization_set_show_current_role.q b/ql/src/test/queries/clientpositive/authorization_set_show_current_role.q index f10b649..50a5862 100644 --- a/ql/src/test/queries/clientpositive/authorization_set_show_current_role.q +++ b/ql/src/test/queries/clientpositive/authorization_set_show_current_role.q @@ -13,6 +13,9 @@ show current roles; set role PUBLIC; show current roles; +set role NONE; +show current roles; + set role ALL; show current roles; http://git-wip-us.apache.org/repos/asf/hive/blob/8bcd07d1/ql/src/test/results/clientpositive/authorization_set_show_current_role.q.out ---------------------------------------------------------------------- diff --git a/ql/src/test/results/clientpositive/authorization_set_show_current_role.q.out b/ql/src/test/results/clientpositive/authorization_set_show_current_role.q.out index 4ac4320..a2b273d 100644 --- a/ql/src/test/results/clientpositive/authorization_set_show_current_role.q.out +++ b/ql/src/test/results/clientpositive/authorization_set_show_current_role.q.out @@ -33,6 +33,14 @@ PREHOOK: type: SHOW_ROLES POSTHOOK: query: show current roles POSTHOOK: type: SHOW_ROLES public +PREHOOK: query: set role NONE +PREHOOK: type: SHOW_ROLES +POSTHOOK: query: set role NONE +POSTHOOK: type: SHOW_ROLES +PREHOOK: query: show current roles +PREHOOK: type: SHOW_ROLES +POSTHOOK: query: show current roles +POSTHOOK: type: SHOW_ROLES PREHOOK: query: set role ALL PREHOOK: type: SHOW_ROLES POSTHOOK: query: set role ALL
