Repository: sentry Updated Branches: refs/heads/master ee15429a5 -> 8f453adfc
SENTRY-1272: Enable ALTERVIEW_RENAME and ALTERVIEW_AS operation in hive binding (Ke Jia via Dapeng Sun) Project: http://git-wip-us.apache.org/repos/asf/sentry/repo Commit: http://git-wip-us.apache.org/repos/asf/sentry/commit/bc292909 Tree: http://git-wip-us.apache.org/repos/asf/sentry/tree/bc292909 Diff: http://git-wip-us.apache.org/repos/asf/sentry/diff/bc292909 Branch: refs/heads/master Commit: bc2929096a607dbea90be3e82a833a969f7aa432 Parents: ee15429 Author: Sun Dapeng <[email protected]> Authored: Wed Jun 1 10:11:43 2016 +0800 Committer: Sun Dapeng <[email protected]> Committed: Wed Jun 1 10:11:43 2016 +0800 ---------------------------------------------------------------------- .../binding/hive/HiveAuthzBindingHook.java | 1 + .../hive/authz/HiveAuthzPrivilegesMap.java | 3 + .../tests/e2e/hive/TestOperationsPart1.java | 80 ++++++++++++++++++++ 3 files changed, 84 insertions(+) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/sentry/blob/bc292909/sentry-binding/sentry-binding-hive/src/main/java/org/apache/sentry/binding/hive/HiveAuthzBindingHook.java ---------------------------------------------------------------------- diff --git a/sentry-binding/sentry-binding-hive/src/main/java/org/apache/sentry/binding/hive/HiveAuthzBindingHook.java b/sentry-binding/sentry-binding-hive/src/main/java/org/apache/sentry/binding/hive/HiveAuthzBindingHook.java index ac8265f..a13ab79 100644 --- a/sentry-binding/sentry-binding-hive/src/main/java/org/apache/sentry/binding/hive/HiveAuthzBindingHook.java +++ b/sentry-binding/sentry-binding-hive/src/main/java/org/apache/sentry/binding/hive/HiveAuthzBindingHook.java @@ -142,6 +142,7 @@ public class HiveAuthzBindingHook extends HiveAuthzBindingHookBase { case HiveParser.TOK_ALTERVIEW_DROPPARTS: case HiveParser.TOK_ALTERVIEW_PROPERTIES: case HiveParser.TOK_ALTERVIEW_RENAME: + case HiveParser.TOK_ALTERVIEW: case HiveParser.TOK_CREATEINDEX: case HiveParser.TOK_DROPINDEX: case HiveParser.TOK_LOCKTABLE: http://git-wip-us.apache.org/repos/asf/sentry/blob/bc292909/sentry-binding/sentry-binding-hive/src/main/java/org/apache/sentry/binding/hive/authz/HiveAuthzPrivilegesMap.java ---------------------------------------------------------------------- diff --git a/sentry-binding/sentry-binding-hive/src/main/java/org/apache/sentry/binding/hive/authz/HiveAuthzPrivilegesMap.java b/sentry-binding/sentry-binding-hive/src/main/java/org/apache/sentry/binding/hive/authz/HiveAuthzPrivilegesMap.java index bc158ff..8e597a5 100644 --- a/sentry-binding/sentry-binding-hive/src/main/java/org/apache/sentry/binding/hive/authz/HiveAuthzPrivilegesMap.java +++ b/sentry-binding/sentry-binding-hive/src/main/java/org/apache/sentry/binding/hive/authz/HiveAuthzPrivilegesMap.java @@ -234,6 +234,9 @@ public class HiveAuthzPrivilegesMap { hiveAuthzStmtPrivMap.put(HiveOperation.ALTERPARTITION_MERGEFILES, alterTablePrivilege); hiveAuthzStmtPrivMap.put(HiveOperation.ALTERVIEW_PROPERTIES, alterTablePrivilege); + hiveAuthzStmtPrivMap.put(HiveOperation.ALTERVIEW_AS, createViewPrivilege); + hiveAuthzStmtPrivMap.put(HiveOperation.ALTERVIEW_RENAME, alterTableRenamePrivilege); + hiveAuthzStmtPrivMap.put(HiveOperation.ALTERTABLE_DROPPARTS, dropPartitionPrivilege); hiveAuthzStmtPrivMap.put(HiveOperation.ALTERTABLE_ADDPARTS, addPartitionPrivilege); http://git-wip-us.apache.org/repos/asf/sentry/blob/bc292909/sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/hive/TestOperationsPart1.java ---------------------------------------------------------------------- diff --git a/sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/hive/TestOperationsPart1.java b/sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/hive/TestOperationsPart1.java index 0522ba0..e9bdaeb 100644 --- a/sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/hive/TestOperationsPart1.java +++ b/sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/hive/TestOperationsPart1.java @@ -66,6 +66,8 @@ public class TestOperationsPart1 extends AbstractTestWithStaticConfiguration { privileges.put("drop_db1_tb1", "server=server1->db=" + DB1 + "->table=tb1->action=drop"); privileges.put("insert_db2_tb2", "server=server1->db=" + DB2 + "->table=tb2->action=insert"); privileges.put("select_db1_view1", "server=server1->db=" + DB1 + "->table=view1->action=select"); + privileges.put("alter_db1_view1", "server=server1->db=" + DB1 + "->table=view1->action=alter"); + privileges.put("select_db1_tb2", "server=server1->db=" + DB1 + "->table=tb2->action=select"); } @@ -462,6 +464,84 @@ public class TestOperationsPart1 extends AbstractTestWithStaticConfiguration { connection.close(); } + @Test + public void testAlterRenameView() throws Exception { + adminCreate(DB1, tableName, true); + + Connection connection; + Statement statement; + //Setup + connection = context.createConnection(ADMIN1); + statement = context.createStatement(connection); + statement.execute("Use " + DB1); + statement.execute("CREATE VIEW view1 AS SELECT * FROM tb1"); + + policyFile + .addPermissionsToRole("alter_db1_view1", privileges.get("alter_db1_view1")) + .addPermissionsToRole("create_db1", privileges.get("create_db1")) + .addRolesToGroup(USERGROUP1, "create_db1", "alter_db1_view1") + .addPermissionsToRole("select_db1_view1", privileges.get("select_db1_view1")) + .addPermissionsToRole("select_db1_tb1", privileges.get("select_db1_tb1")) + .addRolesToGroup(USERGROUP2, "select_db1_tb1", "create_db1", "select_db1_view1"); + writePolicyFile(policyFile); + + //positive test cases + connection = context.createConnection(USER1_1); + statement = context.createStatement(connection); + statement.execute("Use " + DB1); + statement.execute("ALTER VIEW view1 RENAME TO view2"); + statement.close(); + connection.close(); + + //negative test cases + connection = context.createConnection(USER2_1); + statement = context.createStatement(connection); + statement.execute("Use " + DB1); + statement.execute("CREATE VIEW view1 AS SELECT * FROM tb1"); + context.assertSentrySemanticException(statement, "ALTER VIEW view1 RENAME TO view2", + semanticException); + statement.close(); + connection.close(); + } + + @Test + public void testAlterViewAs() throws Exception { + adminCreate(DB1, tableName, true); + + Connection connection; + Statement statement; + //Setup + connection = context.createConnection(ADMIN1); + statement = context.createStatement(connection); + statement.execute("Use " + DB1); + statement.execute("CREATE TABLE tb2 (foo int)"); + statement.execute("CREATE VIEW view1 AS SELECT * FROM tb1"); + + policyFile + .addPermissionsToRole("select_db1_tb2", privileges.get("select_db1_tb2")).addPermissionsToRole("alter_db1_view1", privileges.get("alter_db1_view1")) + .addPermissionsToRole("create_db1", privileges.get("create_db1")) + .addRolesToGroup(USERGROUP1, "select_db1_tb2", "alter_db1_view1", "create_db1") + .addPermissionsToRole("select_db1_view1", privileges.get("select_db1_view1")) + .addRolesToGroup(USERGROUP2, "create_db1", "select_db1_view1"); + writePolicyFile(policyFile); + + //positive test cases + connection = context.createConnection(USER1_1); + statement = context.createStatement(connection); + statement.execute("Use " + DB1); + statement.execute("ALTER VIEW view1 AS SELECT * FROM tb2"); + statement.close(); + connection.close(); + + //negative test cases + connection = context.createConnection(USER2_1); + statement = context.createStatement(connection); + statement.execute("Use " + DB1); + context.assertSentrySemanticException(statement, "ALTER VIEW view1 AS SELECT * FROM tb2", + semanticException); + statement.close(); + connection.close(); + } /* Test all operations that require alter on table 1. HiveOperation.ALTERTABLE_PROPERTIES 2. HiveOperation.ALTERTABLE_SERDEPROPERTIES
