SENTRY-1327: Enable show grant role roleName on all command (Ke Jia via Dapeng Sun)
Project: http://git-wip-us.apache.org/repos/asf/sentry/repo Commit: http://git-wip-us.apache.org/repos/asf/sentry/commit/a53b20ad Tree: http://git-wip-us.apache.org/repos/asf/sentry/tree/a53b20ad Diff: http://git-wip-us.apache.org/repos/asf/sentry/diff/a53b20ad Branch: refs/heads/master Commit: a53b20ad4aae6a9f2037e87addea2f7c93bbed17 Parents: 29e5fd0 Author: Sun Dapeng <[email protected]> Authored: Thu Jul 14 10:21:38 2016 +0800 Committer: Sun Dapeng <[email protected]> Committed: Thu Jul 14 10:21:38 2016 +0800 ---------------------------------------------------------------------- .../SentryHiveAuthorizationTaskFactoryImpl.java | 3 +++ .../e2e/dbprovider/TestDatabaseProvider.java | 22 ++++++++++++++++++++ 2 files changed, 25 insertions(+) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/sentry/blob/a53b20ad/sentry-binding/sentry-binding-hive/src/main/java/org/apache/sentry/binding/hive/SentryHiveAuthorizationTaskFactoryImpl.java ---------------------------------------------------------------------- diff --git a/sentry-binding/sentry-binding-hive/src/main/java/org/apache/sentry/binding/hive/SentryHiveAuthorizationTaskFactoryImpl.java b/sentry-binding/sentry-binding-hive/src/main/java/org/apache/sentry/binding/hive/SentryHiveAuthorizationTaskFactoryImpl.java index 25531af..013d227 100644 --- a/sentry-binding/sentry-binding-hive/src/main/java/org/apache/sentry/binding/hive/SentryHiveAuthorizationTaskFactoryImpl.java +++ b/sentry-binding/sentry-binding-hive/src/main/java/org/apache/sentry/binding/hive/SentryHiveAuthorizationTaskFactoryImpl.java @@ -214,6 +214,9 @@ public class SentryHiveAuthorizationTaskFactoryImpl implements HiveAuthorization ASTNode child = (ASTNode) ast.getChild(1); if (child.getToken().getType() == HiveParser.TOK_PRIV_OBJECT_COL) { privHiveObj = analyzePrivilegeObject(child); + } else if(child.getToken().getType() == HiveParser.TOK_RESOURCE_ALL) { + //if privHiveObj is null, it will return all priveleges. + privHiveObj = null; } else { throw new SemanticException("Unrecognized Token: " + child.getToken().getType()); } http://git-wip-us.apache.org/repos/asf/sentry/blob/a53b20ad/sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/dbprovider/TestDatabaseProvider.java ---------------------------------------------------------------------- diff --git a/sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/dbprovider/TestDatabaseProvider.java b/sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/dbprovider/TestDatabaseProvider.java index 82c706e..438f87e 100644 --- a/sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/dbprovider/TestDatabaseProvider.java +++ b/sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/dbprovider/TestDatabaseProvider.java @@ -2223,4 +2223,26 @@ public class TestDatabaseProvider extends AbstractTestWithStaticConfiguration { connection.close(); } + @Test + public void testShowGrantOnALL() throws Exception { + + // setup db objects needed by the test + Connection connection = context.createConnection(ADMIN1); + Statement statement = context.createStatement(connection); + statement.execute("DROP DATABASE IF EXISTS db_1 CASCADE"); + statement.execute("DROP DATABASE IF EXISTS db_2 CASCADE"); + statement.execute("CREATE DATABASE db_1"); + statement.execute("CREATE ROLE group1_role"); + statement.execute("GRANT ALL ON DATABASE db_1 TO ROLE group1_role"); + statement.execute("grant select on database db_1 to role group1_role"); + ResultSet res = statement.executeQuery("show grant role group1_role on all"); + List<String> returnedResult = new ArrayList<String>(); + List<String> expectedResult = new ArrayList<String>(); + expectedResult.add("db_1"); + while (res.next()) { + returnedResult.add(res.getString(1).trim()); + } + validateReturnedResult(expectedResult, returnedResult); + connection.close(); + } }
