Repository: sentry Updated Branches: refs/heads/sentry-ha-redesign c34ce7298 -> df7c7dd40
SENTRY-1359: Implement SHOW ROLE GRANT USER user_name in V2 (Ke Jia via Dapeng Sun) Project: http://git-wip-us.apache.org/repos/asf/sentry/repo Commit: http://git-wip-us.apache.org/repos/asf/sentry/commit/df7c7dd4 Tree: http://git-wip-us.apache.org/repos/asf/sentry/tree/df7c7dd4 Diff: http://git-wip-us.apache.org/repos/asf/sentry/diff/df7c7dd4 Branch: refs/heads/sentry-ha-redesign Commit: df7c7dd40ad67af7a4a2fc2a802d8ddcd6fed1ff Parents: c34ce72 Author: Alexander Kolbasov <[email protected]> Authored: Fri Mar 10 18:11:52 2017 -0800 Committer: Alexander Kolbasov <[email protected]> Committed: Fri Mar 10 18:11:52 2017 -0800 ---------------------------------------------------------------------- .../DefaultSentryAccessController.java | 10 ++++--- .../TestPrivilegeWithGrantOption.java | 29 ++++++++++++++++++++ 2 files changed, 35 insertions(+), 4 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/sentry/blob/df7c7dd4/sentry-binding/sentry-binding-hive-v2/src/main/java/org/apache/sentry/binding/hive/v2/authorizer/DefaultSentryAccessController.java ---------------------------------------------------------------------- diff --git a/sentry-binding/sentry-binding-hive-v2/src/main/java/org/apache/sentry/binding/hive/v2/authorizer/DefaultSentryAccessController.java b/sentry-binding/sentry-binding-hive-v2/src/main/java/org/apache/sentry/binding/hive/v2/authorizer/DefaultSentryAccessController.java index 09e2a62..391841f 100644 --- a/sentry-binding/sentry-binding-hive-v2/src/main/java/org/apache/sentry/binding/hive/v2/authorizer/DefaultSentryAccessController.java +++ b/sentry-binding/sentry-binding-hive-v2/src/main/java/org/apache/sentry/binding/hive/v2/authorizer/DefaultSentryAccessController.java @@ -313,14 +313,16 @@ public class DefaultSentryAccessController extends SentryHiveAccessController { List<HiveRoleGrant> hiveRoleGrants = new ArrayList<HiveRoleGrant>(); try { sentryClient = getSentryClient(); - - if (principal.getType() != HivePrincipalType.GROUP) { + Set<TSentryRole> roles = null; + if (principal.getType() == HivePrincipalType.GROUP) { + roles = sentryClient.listRolesByGroupName(authenticator.getUserName(), principal.getName()); + } else if (principal.getType() == HivePrincipalType.USER) { + roles = sentryClient.listRolesByUserName(authenticator.getUserName(), principal.getName()); + } else { String msg = SentryHiveConstants.GRANT_REVOKE_NOT_SUPPORTED_FOR_PRINCIPAL + principal.getType(); throw new HiveAuthzPluginException(msg); } - Set<TSentryRole> roles = - sentryClient.listRolesByGroupName(authenticator.getUserName(), principal.getName()); if (roles != null && !roles.isEmpty()) { for (TSentryRole role : roles) { hiveRoleGrants.add(SentryAuthorizerUtil.convert2HiveRoleGrant(role)); http://git-wip-us.apache.org/repos/asf/sentry/blob/df7c7dd4/sentry-tests/sentry-tests-hive-v2/src/test/java/org/apache/sentry/tests/e2e/dbprovider/TestPrivilegeWithGrantOption.java ---------------------------------------------------------------------- diff --git a/sentry-tests/sentry-tests-hive-v2/src/test/java/org/apache/sentry/tests/e2e/dbprovider/TestPrivilegeWithGrantOption.java b/sentry-tests/sentry-tests-hive-v2/src/test/java/org/apache/sentry/tests/e2e/dbprovider/TestPrivilegeWithGrantOption.java index 74a7ec7..8e18422 100644 --- a/sentry-tests/sentry-tests-hive-v2/src/test/java/org/apache/sentry/tests/e2e/dbprovider/TestPrivilegeWithGrantOption.java +++ b/sentry-tests/sentry-tests-hive-v2/src/test/java/org/apache/sentry/tests/e2e/dbprovider/TestPrivilegeWithGrantOption.java @@ -21,6 +21,8 @@ import java.sql.Connection; import java.sql.ResultSet; import java.sql.SQLException; import java.sql.Statement; +import java.util.ArrayList; +import java.util.List; import org.apache.sentry.core.common.exception.SentryAccessDeniedException; import org.junit.Assert; @@ -198,6 +200,33 @@ public class TestPrivilegeWithGrantOption extends AbstractTestWithStaticConfigur context.close(); } + @Test + public void testShowRoleGrantOnUser() throws Exception { + // setup db objects needed by the test + Connection connection = context.createConnection(ADMIN1); + Statement statement = context.createStatement(connection); + statement.execute("DROP DATABASE IF EXISTS db_1 CASCADE"); + statement.execute("DROP DATABASE IF EXISTS db_2 CASCADE"); + statement.execute("CREATE DATABASE db_1"); + statement.execute("CREATE ROLE group1_role"); + statement.execute("GRANT ROLE group1_role TO USER " + USER1_1); + + ResultSet res = statement.executeQuery("SHOW ROLE GRANT USER " + USER1_1); + List<String> expectedResult = new ArrayList<String>(); + List<String> returnedResult = new ArrayList<String>(); + expectedResult.add("group1_role"); + while(res.next()){ + returnedResult.add(res.getString(1)); + } + + validateReturnedResult(expectedResult, returnedResult); + returnedResult.clear(); + expectedResult.clear(); + res.close(); + + statement.close(); + connection.close(); + } /** * Test privileges with grant on parent objects are sufficient for operation * on child objects
