Repository: sentry Updated Branches: refs/heads/sentry-ha-redesign f40831d70 -> 1e031de81
SENTRY-1352: Enable CREATEMACRO and DROPMACRO operations in V2 (Ke Jia via Dapeng Sun) Project: http://git-wip-us.apache.org/repos/asf/sentry/repo Commit: http://git-wip-us.apache.org/repos/asf/sentry/commit/1e031de8 Tree: http://git-wip-us.apache.org/repos/asf/sentry/tree/1e031de8 Diff: http://git-wip-us.apache.org/repos/asf/sentry/diff/1e031de8 Branch: refs/heads/sentry-ha-redesign Commit: 1e031de81dd3f64bc6efff95b53a31a13efa135c Parents: f40831d Author: Alexander Kolbasov <[email protected]> Authored: Fri Mar 10 18:05:35 2017 -0800 Committer: Alexander Kolbasov <[email protected]> Committed: Fri Mar 10 18:05:35 2017 -0800 ---------------------------------------------------------------------- .../hive/v2/HiveAuthzPrivilegesMapV2.java | 14 ++++ .../AbstractTestWithStaticConfiguration.java | 3 +- .../sentry/tests/e2e/hive/TestOperations.java | 70 ++++++++++++++++++++ 3 files changed, 86 insertions(+), 1 deletion(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/sentry/blob/1e031de8/sentry-binding/sentry-binding-hive-v2/src/main/java/org/apache/sentry/binding/hive/v2/HiveAuthzPrivilegesMapV2.java ---------------------------------------------------------------------- diff --git a/sentry-binding/sentry-binding-hive-v2/src/main/java/org/apache/sentry/binding/hive/v2/HiveAuthzPrivilegesMapV2.java b/sentry-binding/sentry-binding-hive-v2/src/main/java/org/apache/sentry/binding/hive/v2/HiveAuthzPrivilegesMapV2.java index f8f11ef..61278fe 100644 --- a/sentry-binding/sentry-binding-hive-v2/src/main/java/org/apache/sentry/binding/hive/v2/HiveAuthzPrivilegesMapV2.java +++ b/sentry-binding/sentry-binding-hive-v2/src/main/java/org/apache/sentry/binding/hive/v2/HiveAuthzPrivilegesMapV2.java @@ -37,6 +37,17 @@ public class HiveAuthzPrivilegesMapV2 { setOperationType(HiveOperationType.DDL). build(); + HiveAuthzPrivileges createMacroPrivilege = new HiveAuthzPrivileges.AuthzPrivilegeBuilder(). + addOutputObjectPriviledge(AuthorizableType.Db, EnumSet.of(DBModelAction.CREATE)). + setOperationScope(HiveOperationScope.DATABASE). + setOperationType(HiveOperationType.DDL). + build(); + HiveAuthzPrivileges dropMacroPrivilege = new HiveAuthzPrivileges.AuthzPrivilegeBuilder(). + addOutputObjectPriviledge(AuthorizableType.Db, EnumSet.of(DBModelAction.DROP)). + setOperationScope(HiveOperationScope.DATABASE). + setOperationType(HiveOperationType.DDL). + build(); + HiveAuthzPrivileges tableCreatePrivilege = new HiveAuthzPrivileges.AuthzPrivilegeBuilder(). addOutputObjectPriviledge(AuthorizableType.Db, EnumSet.of(DBModelAction.CREATE)). addInputObjectPriviledge(AuthorizableType.URI, EnumSet.of(DBModelAction.ALL)).//TODO: make it optional @@ -207,6 +218,9 @@ public class HiveAuthzPrivilegesMapV2 { hiveAuthzStmtPrivMap.put(HiveOperation.ALTERDATABASE, alterDbPrivilege); hiveAuthzStmtPrivMap.put(HiveOperation.ALTERDATABASE_OWNER, alterDbPrivilege); + hiveAuthzStmtPrivMap.put(HiveOperation.CREATEMACRO, createMacroPrivilege); + hiveAuthzStmtPrivMap.put(HiveOperation.DROPMACRO, dropMacroPrivilege); + hiveAuthzStmtPrivMap.put(HiveOperation.DROPTABLE, dropTablePrivilege); hiveAuthzStmtPrivMap.put(HiveOperation.CREATEVIEW, createViewPrivilege); hiveAuthzStmtPrivMap.put(HiveOperation.DROPVIEW, dropTablePrivilege); http://git-wip-us.apache.org/repos/asf/sentry/blob/1e031de8/sentry-tests/sentry-tests-hive-v2/src/test/java/org/apache/sentry/tests/e2e/hive/AbstractTestWithStaticConfiguration.java ---------------------------------------------------------------------- diff --git a/sentry-tests/sentry-tests-hive-v2/src/test/java/org/apache/sentry/tests/e2e/hive/AbstractTestWithStaticConfiguration.java b/sentry-tests/sentry-tests-hive-v2/src/test/java/org/apache/sentry/tests/e2e/hive/AbstractTestWithStaticConfiguration.java index 749b76c..458e91d 100644 --- a/sentry-tests/sentry-tests-hive-v2/src/test/java/org/apache/sentry/tests/e2e/hive/AbstractTestWithStaticConfiguration.java +++ b/sentry-tests/sentry-tests-hive-v2/src/test/java/org/apache/sentry/tests/e2e/hive/AbstractTestWithStaticConfiguration.java @@ -113,7 +113,8 @@ public abstract class AbstractTestWithStaticConfiguration { VIEW1 = "view_1", VIEW2 = "view_2", VIEW3 = "view_3", - INDEX1 = "index_1"; + INDEX1 = "index_1", + DEFAULT = "default"; protected static final String SERVER_HOST = "localhost"; private static final String EXTERNAL_SENTRY_SERVICE = "sentry.e2etest.external.sentry"; http://git-wip-us.apache.org/repos/asf/sentry/blob/1e031de8/sentry-tests/sentry-tests-hive-v2/src/test/java/org/apache/sentry/tests/e2e/hive/TestOperations.java ---------------------------------------------------------------------- diff --git a/sentry-tests/sentry-tests-hive-v2/src/test/java/org/apache/sentry/tests/e2e/hive/TestOperations.java b/sentry-tests/sentry-tests-hive-v2/src/test/java/org/apache/sentry/tests/e2e/hive/TestOperations.java index 5bda2e7..eba46fb 100644 --- a/sentry-tests/sentry-tests-hive-v2/src/test/java/org/apache/sentry/tests/e2e/hive/TestOperations.java +++ b/sentry-tests/sentry-tests-hive-v2/src/test/java/org/apache/sentry/tests/e2e/hive/TestOperations.java @@ -50,9 +50,12 @@ public class TestOperations extends AbstractTestWithStaticConfiguration { privileges.put("create_server", "server=server1->action=create"); privileges.put("all_db1", "server=server1->db=" + DB1 + "->action=all"); privileges.put("select_db1", "server=server1->db=" + DB1 + "->action=select"); + privileges.put("select_default", "server=server1->db=" + DEFAULT + "->action=select"); privileges.put("insert_db1", "server=server1->db=" + DB1 + "->action=insert"); privileges.put("create_db1", "server=server1->db=" + DB1 + "->action=create"); + privileges.put("create_default", "server=server1->db=" + DEFAULT + "->action=create"); privileges.put("drop_db1", "server=server1->db=" + DB1 + "->action=drop"); + privileges.put("drop_default", "server=server1->db=" + DEFAULT + "->action=drop"); privileges.put("alter_db1", "server=server1->db=" + DB1 + "->action=alter"); privileges.put("create_db2", "server=server1->db=" + DB2 + "->action=create"); @@ -166,6 +169,73 @@ public class TestOperations extends AbstractTestWithStaticConfiguration { connection.close(); } + @Test + public void testCreateMacro() throws Exception { + policyFile + .addPermissionsToRole("create_default", privileges.get("create_default")) + .addRolesToGroup(USERGROUP1, "create_default"); + + writePolicyFile(policyFile); + Connection connection = context.createConnection(USER1_1); + Statement statement = context.createStatement(connection); + statement.execute("CREATE TEMPORARY MACRO SIGMOID (x DOUBLE) 1.0 / (1.0 + EXP(-x))"); + statement.close(); + connection.close(); + + //Negative case + policyFile + .addPermissionsToRole("select_default", privileges.get("select_default")) + .addRolesToGroup(USERGROUP2, "select_default"); + writePolicyFile(policyFile); + + connection = context.createConnection(USER2_1); + statement = context.createStatement(connection); + context.assertSentrySemanticException(statement, + "CREATE TEMPORARY MACRO SIGMOID (x DOUBLE) 1.0 / (1.0 + EXP(-x))", semanticException); + statement.close(); + connection.close(); + } + + @Test + public void testDropMacro() throws Exception { + adminCreate(DB1, null); + policyFile + .addPermissionsToRole("drop_default", privileges.get("drop_default")) + .addRolesToGroup(USERGROUP1, "drop_default"); + + writePolicyFile(policyFile); + + Connection connection; + Statement statement; + + connection = context.createConnection(ADMIN1); + statement = context.createStatement(connection); + statement.execute("CREATE TEMPORARY MACRO SIGMOID (x DOUBLE) 1.0 / (1.0 + EXP(-x))"); + + connection = context.createConnection(USER1_1); + statement = context.createStatement(connection); + statement.execute("DROP TEMPORARY MACRO SIGMOID"); + statement.close(); + connection.close(); + + + connection = context.createConnection(ADMIN1); + statement = context.createStatement(connection); + statement.execute("CREATE TEMPORARY MACRO SIGMOID (x DOUBLE) 1.0 / (1.0 + EXP(-x))"); + //Negative case + adminCreate(DB1, null); + policyFile + .addPermissionsToRole("select_default", privileges.get("select_default")) + .addRolesToGroup(USERGROUP2, "select_default"); + writePolicyFile(policyFile); + + connection = context.createConnection(USER2_1); + statement = context.createStatement(connection); + context.assertSentrySemanticException(statement, " DROP TEMPORARY MACRO SIGMOID", semanticException); + statement.close(); + connection.close(); + } + /* Test all operations that require create on Database alone 1. Create table : HiveOperation.CREATETABLE */
