[2/2] sentry git commit: SENTRY-1359: Implement SHOW ROLE GRANT USER user_name in V2 (Ke Jia via Dapeng Sun)

[sdp]

SENTRY-1359: Implement SHOW ROLE GRANT USER user_name in V2 (Ke Jia via Dapeng 
Sun)


Project: http://git-wip-us.apache.org/repos/asf/sentry/repo
Commit: http://git-wip-us.apache.org/repos/asf/sentry/commit/ddae7c04
Tree: http://git-wip-us.apache.org/repos/asf/sentry/tree/ddae7c04
Diff: http://git-wip-us.apache.org/repos/asf/sentry/diff/ddae7c04

Branch: refs/heads/master
Commit: ddae7c04e3bd41a21223bdc1c59f6a12720423e6
Parents: 64fb094
Author: Sun Dapeng <s...@apache.org>
Authored: Wed Aug 10 14:34:36 2016 +0800
Committer: Sun Dapeng <s...@apache.org>
Committed: Wed Aug 10 14:34:36 2016 +0800

----------------------------------------------------------------------
 .../DefaultSentryAccessController.java          | 10 ++++---
 .../TestPrivilegeWithGrantOption.java           | 29 ++++++++++++++++++++
 2 files changed, 35 insertions(+), 4 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/sentry/blob/ddae7c04/sentry-binding/sentry-binding-hive-v2/src/main/java/org/apache/sentry/binding/hive/v2/authorizer/DefaultSentryAccessController.java
----------------------------------------------------------------------
diff --git 
a/sentry-binding/sentry-binding-hive-v2/src/main/java/org/apache/sentry/binding/hive/v2/authorizer/DefaultSentryAccessController.java
 
b/sentry-binding/sentry-binding-hive-v2/src/main/java/org/apache/sentry/binding/hive/v2/authorizer/DefaultSentryAccessController.java
index 0d22cae..c63cf64 100644
--- 
a/sentry-binding/sentry-binding-hive-v2/src/main/java/org/apache/sentry/binding/hive/v2/authorizer/DefaultSentryAccessController.java
+++ 
b/sentry-binding/sentry-binding-hive-v2/src/main/java/org/apache/sentry/binding/hive/v2/authorizer/DefaultSentryAccessController.java
@@ -313,14 +313,16 @@ public class DefaultSentryAccessController extends 
SentryHiveAccessController {
     List<HiveRoleGrant> hiveRoleGrants = new ArrayList<HiveRoleGrant>();
     try {
       sentryClient = getSentryClient();
-
-      if (principal.getType() != HivePrincipalType.GROUP) {
+      Set<TSentryRole> roles = null;
+      if (principal.getType() == HivePrincipalType.GROUP) {
+        roles = sentryClient.listRolesByGroupName(authenticator.getUserName(), 
principal.getName());
+      } else if (principal.getType() == HivePrincipalType.USER) {
+        roles = sentryClient.listRolesByUserName(authenticator.getUserName(), 
principal.getName());
+      } else {
         String msg =
             SentryHiveConstants.GRANT_REVOKE_NOT_SUPPORTED_FOR_PRINCIPAL + 
principal.getType();
         throw new HiveAuthzPluginException(msg);
       }
-      Set<TSentryRole> roles =
-          sentryClient.listRolesByGroupName(authenticator.getUserName(), 
principal.getName());
       if (roles != null && !roles.isEmpty()) {
         for (TSentryRole role : roles) {
           hiveRoleGrants.add(SentryAuthorizerUtil.convert2HiveRoleGrant(role));

http://git-wip-us.apache.org/repos/asf/sentry/blob/ddae7c04/sentry-tests/sentry-tests-hive-v2/src/test/java/org/apache/sentry/tests/e2e/dbprovider/TestPrivilegeWithGrantOption.java
----------------------------------------------------------------------
diff --git 
a/sentry-tests/sentry-tests-hive-v2/src/test/java/org/apache/sentry/tests/e2e/dbprovider/TestPrivilegeWithGrantOption.java
 
b/sentry-tests/sentry-tests-hive-v2/src/test/java/org/apache/sentry/tests/e2e/dbprovider/TestPrivilegeWithGrantOption.java
index 5c89f54..d2f2234 100644
--- 
a/sentry-tests/sentry-tests-hive-v2/src/test/java/org/apache/sentry/tests/e2e/dbprovider/TestPrivilegeWithGrantOption.java
+++ 
b/sentry-tests/sentry-tests-hive-v2/src/test/java/org/apache/sentry/tests/e2e/dbprovider/TestPrivilegeWithGrantOption.java
@@ -21,6 +21,8 @@ import java.sql.Connection;
 import java.sql.ResultSet;
 import java.sql.SQLException;
 import java.sql.Statement;
+import java.util.ArrayList;
+import java.util.List;
 
 import org.junit.Assert;
 import org.apache.hadoop.hive.ql.plan.HiveOperation;
@@ -212,6 +214,33 @@ public class TestPrivilegeWithGrantOption extends 
AbstractTestWithStaticConfigur
     context.close();
   }
 
+  @Test
+  public void testShowRoleGrantOnUser() throws Exception {
+    // setup db objects needed by the test
+    Connection connection = context.createConnection(ADMIN1);
+    Statement statement = context.createStatement(connection);
+    statement.execute("DROP DATABASE IF EXISTS db_1 CASCADE");
+    statement.execute("DROP DATABASE IF EXISTS db_2 CASCADE");
+    statement.execute("CREATE DATABASE db_1");
+    statement.execute("CREATE ROLE group1_role");
+    statement.execute("GRANT ROLE group1_role TO USER " + USER1_1);
+
+    ResultSet res = statement.executeQuery("SHOW ROLE GRANT USER " + USER1_1);
+    List<String> expectedResult = new ArrayList<String>();
+    List<String> returnedResult = new ArrayList<String>();
+    expectedResult.add("group1_role");
+    while(res.next()){
+      returnedResult.add(res.getString(1));
+    }
+
+    validateReturnedResult(expectedResult, returnedResult);
+    returnedResult.clear();
+    expectedResult.clear();
+    res.close();
+
+    statement.close();
+    connection.close();
+  }
   /**
    * Test privileges with grant on parent objects are sufficient for operation
    * on child objects