SENTRY-1283: Enable alter table operation without outputs in hive binding (Ke Jia via Dapeng Sun)
Project: http://git-wip-us.apache.org/repos/asf/sentry/repo Commit: http://git-wip-us.apache.org/repos/asf/sentry/commit/8f453adf Tree: http://git-wip-us.apache.org/repos/asf/sentry/tree/8f453adf Diff: http://git-wip-us.apache.org/repos/asf/sentry/diff/8f453adf Branch: refs/heads/master Commit: 8f453adfc29bc6cbc357e0fdb769591861469ad1 Parents: bc29290 Author: Sun Dapeng <[email protected]> Authored: Wed Jun 1 10:16:52 2016 +0800 Committer: Sun Dapeng <[email protected]> Committed: Wed Jun 1 10:16:52 2016 +0800 ---------------------------------------------------------------------- .../hive/authz/HiveAuthzPrivilegesMap.java | 9 +++ .../tests/e2e/hive/TestOperationsPart1.java | 70 ++++++++++++++++++++ 2 files changed, 79 insertions(+) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/sentry/blob/8f453adf/sentry-binding/sentry-binding-hive/src/main/java/org/apache/sentry/binding/hive/authz/HiveAuthzPrivilegesMap.java ---------------------------------------------------------------------- diff --git a/sentry-binding/sentry-binding-hive/src/main/java/org/apache/sentry/binding/hive/authz/HiveAuthzPrivilegesMap.java b/sentry-binding/sentry-binding-hive/src/main/java/org/apache/sentry/binding/hive/authz/HiveAuthzPrivilegesMap.java index 8e597a5..2942f3a 100644 --- a/sentry-binding/sentry-binding-hive/src/main/java/org/apache/sentry/binding/hive/authz/HiveAuthzPrivilegesMap.java +++ b/sentry-binding/sentry-binding-hive/src/main/java/org/apache/sentry/binding/hive/authz/HiveAuthzPrivilegesMap.java @@ -99,6 +99,12 @@ public class HiveAuthzPrivilegesMap { setOperationType(HiveOperationType.DDL). build(); + HiveAuthzPrivileges alterPartPrivilege = new HiveAuthzPrivileges.AuthzPrivilegeBuilder(). + addInputObjectPriviledge(AuthorizableType.Table, EnumSet.of(DBModelAction.ALTER)). + setOperationScope(HiveOperationScope.TABLE). + setOperationType(HiveOperationType.INFO). + build(); + /* Currently Hive treats select/insert/analyze as Query * select = select on table * insert = insert on table /all on uri @@ -219,6 +225,9 @@ public class HiveAuthzPrivilegesMap { hiveAuthzStmtPrivMap.put(HiveOperation.ALTERTABLE_RENAMECOL, alterTablePrivilege); hiveAuthzStmtPrivMap.put(HiveOperation.ALTERTABLE_ADDCOLS, alterTablePrivilege); hiveAuthzStmtPrivMap.put(HiveOperation.ALTERTABLE_REPLACECOLS, alterTablePrivilege); + hiveAuthzStmtPrivMap.put(HiveOperation.ALTERTABLE_PARTCOLTYPE, alterPartPrivilege); + hiveAuthzStmtPrivMap.put(HiveOperation.ALTERTABLE_BUCKETNUM, alterPartPrivilege); + hiveAuthzStmtPrivMap.put(HiveOperation.ALTERPARTITION_BUCKETNUM, alterPartPrivilege); hiveAuthzStmtPrivMap.put(HiveOperation.ALTERTABLE_RENAMEPART, alterTablePrivilege); hiveAuthzStmtPrivMap.put(HiveOperation.ALTERTABLE_ARCHIVE, alterTablePrivilege); http://git-wip-us.apache.org/repos/asf/sentry/blob/8f453adf/sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/hive/TestOperationsPart1.java ---------------------------------------------------------------------- diff --git a/sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/hive/TestOperationsPart1.java b/sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/hive/TestOperationsPart1.java index e9bdaeb..8f0f8a1 100644 --- a/sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/hive/TestOperationsPart1.java +++ b/sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/hive/TestOperationsPart1.java @@ -459,6 +459,76 @@ public class TestOperationsPart1 extends AbstractTestWithStaticConfiguration { statement.executeQuery("DESCRIBE tb1 PARTITION (b=1)"); statement.executeQuery("SHOW Partitions tb1"); + statement.close(); + connection.close(); + } + + @Test + public void testAlterTableBucket() throws Exception { + adminCreate(DB1, tableName, true); + + Connection connection; + Statement statement; + + connection = context.createConnection(ADMIN1); + statement = context.createStatement(connection); + statement.execute("Use " + DB1); + statement.execute("ALTER TABLE tb1 CLUSTERED BY (a) SORTED BY (a) INTO 1 BUCKETS"); + + policyFile.addPermissionsToRole("alter_db1_tb1", privileges.get("alter_db1_tb1")) + .addRolesToGroup(USERGROUP1, "alter_db1_tb1") + .addPermissionsToRole("insert_db1_tb1", privileges.get("insert_db1_tb1")) + .addRolesToGroup(USERGROUP2, "insert_db1_tb1"); + writePolicyFile(policyFile); + + //positive test cases + connection = context.createConnection(USER1_1); + statement = context.createStatement(connection); + statement.execute("Use " + DB1); + statement.execute("ALTER TABLE tb1 INTO 6 BUCKETS"); + statement.execute("ALTER TABLE tb1 PARTITION (a = '1') INTO 6 BUCKETS"); + + statement.close(); + connection.close(); + + //negative test cases + connection = context.createConnection(USER2_1); + statement = context.createStatement(connection); + statement.execute("Use " + DB1); + context.assertSentrySemanticException(statement, "ALTER TABLE tb1 INTO 6 BUCKETS", + semanticException); + context.assertSentrySemanticException(statement, "ALTER TABLE tb1 PARTITION (a = '1') INTO 6 BUCKETS", + semanticException); + + statement.close(); + connection.close(); + } + + @Test + public void testAlterTablePartColType() throws Exception { + adminCreate(DB1, tableName, true); + + policyFile + .addPermissionsToRole("alter_db1_tb1", privileges.get("alter_db1_tb1")) + .addRolesToGroup(USERGROUP1, "alter_db1_tb1") + .addPermissionsToRole("insert_db1_tb1", privileges.get("insert_db1_tb1")) + .addRolesToGroup(USERGROUP2, "insert_db1_tb1"); + writePolicyFile(policyFile); + + //positive test cases + Connection connection = context.createConnection(USER1_1); + Statement statement = context.createStatement(connection); + statement.execute("Use " + DB1); + statement.execute("ALTER TABLE tb1 PARTITION COLUMN (b string)"); + + statement.close(); + connection.close(); + + //negative test cases + connection = context.createConnection(USER2_1); + statement = context.createStatement(connection); + statement.execute("Use " + DB1); + context.assertSentrySemanticException(statement, "ALTER TABLE tb1 PARTITION COLUMN (b string)", semanticException); statement.close(); connection.close();
