sentry git commit: SENTRY-853: Handle show grant on failure correctly (Steve Moist, reviewed by Sergio Pena)

[spena]

Repository: sentry
Updated Branches:
  refs/heads/master ea50feb56 -> b00285486


SENTRY-853: Handle show grant on <auth> failure correctly (Steve Moist, 
reviewed by Sergio Pena)

Change-Id: If87647271855a73ef01dfbee590a74f105af62ac


Project: http://git-wip-us.apache.org/repos/asf/sentry/repo
Commit: http://git-wip-us.apache.org/repos/asf/sentry/commit/b0028548
Tree: http://git-wip-us.apache.org/repos/asf/sentry/tree/b0028548
Diff: http://git-wip-us.apache.org/repos/asf/sentry/diff/b0028548

Branch: refs/heads/master
Commit: b002854868f4179519558f8f9e2cc13e5c7d2fd9
Parents: ea50feb
Author: Sergio Pena <sergio.p...@cloudera.com>
Authored: Wed Feb 21 12:27:14 2018 -0600
Committer: Sergio Pena <sergio.p...@cloudera.com>
Committed: Wed Feb 21 12:27:14 2018 -0600

----------------------------------------------------------------------
 .../main/java/org/apache/hadoop/hive/SentryHiveConstants.java  | 1 +
 .../binding/hive/SentryHiveAuthorizationTaskFactoryImpl.java   | 4 ++--
 .../binding/hive/authz/DefaultSentryAccessController.java      | 4 ++--
 .../binding/hive/TestSentryHiveAuthorizationTaskFactory.java   | 6 +++---
 4 files changed, 8 insertions(+), 7 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/sentry/blob/b0028548/sentry-binding/sentry-binding-hive-common/src/main/java/org/apache/hadoop/hive/SentryHiveConstants.java
----------------------------------------------------------------------
diff --git 
a/sentry-binding/sentry-binding-hive-common/src/main/java/org/apache/hadoop/hive/SentryHiveConstants.java
 
b/sentry-binding/sentry-binding-hive-common/src/main/java/org/apache/hadoop/hive/SentryHiveConstants.java
index 38d1f46..49a86f7 100644
--- 
a/sentry-binding/sentry-binding-hive-common/src/main/java/org/apache/hadoop/hive/SentryHiveConstants.java
+++ 
b/sentry-binding/sentry-binding-hive-common/src/main/java/org/apache/hadoop/hive/SentryHiveConstants.java
@@ -28,6 +28,7 @@ public final class SentryHiveConstants {
   public static final String PARTITION_PRIVS_NOT_SUPPORTED = "Sentry does not 
support partition level authorization";
   public static final String GRANT_REVOKE_NOT_SUPPORTED_ON_OBJECT = "Sentry 
does not allow grant/revoke on: ";
   public static final String GRANT_REVOKE_NOT_SUPPORTED_FOR_PRINCIPAL = 
"Sentry does not allow privileges to be granted/revoked to/from: ";
+  public static final String SHOW_NOT_SUPPORTED_FOR_PRINCIPAL = "Sentry does 
not allow privileges to be shown for: ";
 
   private SentryHiveConstants() {
     // Make constructor private to avoid instantiation

http://git-wip-us.apache.org/repos/asf/sentry/blob/b0028548/sentry-binding/sentry-binding-hive/src/main/java/org/apache/sentry/binding/hive/SentryHiveAuthorizationTaskFactoryImpl.java
----------------------------------------------------------------------
diff --git 
a/sentry-binding/sentry-binding-hive/src/main/java/org/apache/sentry/binding/hive/SentryHiveAuthorizationTaskFactoryImpl.java
 
b/sentry-binding/sentry-binding-hive/src/main/java/org/apache/sentry/binding/hive/SentryHiveAuthorizationTaskFactoryImpl.java
index 1e520c0..23246c9 100644
--- 
a/sentry-binding/sentry-binding-hive/src/main/java/org/apache/sentry/binding/hive/SentryHiveAuthorizationTaskFactoryImpl.java
+++ 
b/sentry-binding/sentry-binding-hive/src/main/java/org/apache/sentry/binding/hive/SentryHiveAuthorizationTaskFactoryImpl.java
@@ -106,7 +106,7 @@ public class SentryHiveAuthorizationTaskFactoryImpl 
implements HiveAuthorization
       principalType = PrincipalType.USER;
     }
     if (principalType != PrincipalType.GROUP  && principalType != 
PrincipalType.USER) {
-      String msg = 
SentryHiveConstants.GRANT_REVOKE_NOT_SUPPORTED_FOR_PRINCIPAL + principalType;
+      String msg = SentryHiveConstants.SHOW_NOT_SUPPORTED_FOR_PRINCIPAL + 
principalType;
       throw new SemanticException(msg);
     }
     String principalName = 
BaseSemanticAnalyzer.unescapeIdentifier(child.getChild(0).getText());
@@ -204,7 +204,7 @@ public class SentryHiveAuthorizationTaskFactoryImpl 
implements HiveAuthorization
       type = PrincipalType.USER;
     }
     if (type != PrincipalType.ROLE) {
-      String msg = 
SentryHiveConstants.GRANT_REVOKE_NOT_SUPPORTED_FOR_PRINCIPAL + type;
+      String msg = SentryHiveConstants.SHOW_NOT_SUPPORTED_FOR_PRINCIPAL + type;
       throw new SemanticException(msg);
     }
     String principalName = 
BaseSemanticAnalyzer.unescapeIdentifier(principal.getChild(0).getText());

http://git-wip-us.apache.org/repos/asf/sentry/blob/b0028548/sentry-binding/sentry-binding-hive/src/main/java/org/apache/sentry/binding/hive/authz/DefaultSentryAccessController.java
----------------------------------------------------------------------
diff --git 
a/sentry-binding/sentry-binding-hive/src/main/java/org/apache/sentry/binding/hive/authz/DefaultSentryAccessController.java
 
b/sentry-binding/sentry-binding-hive/src/main/java/org/apache/sentry/binding/hive/authz/DefaultSentryAccessController.java
index 14a9619..3ac49fa 100644
--- 
a/sentry-binding/sentry-binding-hive/src/main/java/org/apache/sentry/binding/hive/authz/DefaultSentryAccessController.java
+++ 
b/sentry-binding/sentry-binding-hive/src/main/java/org/apache/sentry/binding/hive/authz/DefaultSentryAccessController.java
@@ -202,7 +202,7 @@ public class DefaultSentryAccessController extends 
SentryHiveAccessController {
       throws HiveAuthzPluginException, HiveAccessControlException {
     if (principal.getType() != HivePrincipalType.ROLE) {
       String msg =
-          SentryHiveConstants.GRANT_REVOKE_NOT_SUPPORTED_FOR_PRINCIPAL + 
principal.getType();
+          SentryHiveConstants.SHOW_NOT_SUPPORTED_FOR_PRINCIPAL + 
principal.getType();
       throw new HiveAuthzPluginException(msg);
     }
     List<HivePrivilegeInfo> infoList = new ArrayList<HivePrivilegeInfo>();
@@ -304,7 +304,7 @@ public class DefaultSentryAccessController extends 
SentryHiveAccessController {
         roles = sentryClient.listRolesByUserName(authenticator.getUserName(), 
principal.getName());
       } else {
         String msg =
-            SentryHiveConstants.GRANT_REVOKE_NOT_SUPPORTED_FOR_PRINCIPAL + 
principal.getType();
+            SentryHiveConstants.SHOW_NOT_SUPPORTED_FOR_PRINCIPAL + 
principal.getType();
         throw new HiveAuthzPluginException(msg);
       }
       if (roles != null && !roles.isEmpty()) {

http://git-wip-us.apache.org/repos/asf/sentry/blob/b0028548/sentry-binding/sentry-binding-hive/src/test/java/org/apache/sentry/binding/hive/TestSentryHiveAuthorizationTaskFactory.java
----------------------------------------------------------------------
diff --git 
a/sentry-binding/sentry-binding-hive/src/test/java/org/apache/sentry/binding/hive/TestSentryHiveAuthorizationTaskFactory.java
 
b/sentry-binding/sentry-binding-hive/src/test/java/org/apache/sentry/binding/hive/TestSentryHiveAuthorizationTaskFactory.java
index c75f57d..2e3fd7f 100644
--- 
a/sentry-binding/sentry-binding-hive/src/test/java/org/apache/sentry/binding/hive/TestSentryHiveAuthorizationTaskFactory.java
+++ 
b/sentry-binding/sentry-binding-hive/src/test/java/org/apache/sentry/binding/hive/TestSentryHiveAuthorizationTaskFactory.java
@@ -361,7 +361,7 @@ public class TestSentryHiveAuthorizationTaskFactory {
   @Test
   public void testShowRoleGrantRole() throws Exception {
     expectSemanticException("SHOW ROLE GRANT ROLE " + ROLE,
-        SentryHiveConstants.GRANT_REVOKE_NOT_SUPPORTED_FOR_PRINCIPAL + "ROLE");
+        SentryHiveConstants.SHOW_NOT_SUPPORTED_FOR_PRINCIPAL + "ROLE");
   }
 
   /**
@@ -383,7 +383,7 @@ public class TestSentryHiveAuthorizationTaskFactory {
   @Test
   public void testShowGrantUserOnTable() throws Exception {
     expectSemanticException("SHOW GRANT USER " + USER + " ON TABLE " + TABLE,
-        SentryHiveConstants.GRANT_REVOKE_NOT_SUPPORTED_FOR_PRINCIPAL + "USER");
+        SentryHiveConstants.SHOW_NOT_SUPPORTED_FOR_PRINCIPAL + "USER");
   }
 
   /**
@@ -407,7 +407,7 @@ public class TestSentryHiveAuthorizationTaskFactory {
   @Test
   public void testShowGrantGroupOnTable() throws Exception {
     expectSemanticException("SHOW GRANT GROUP " + GROUP + " ON TABLE " + TABLE,
-        SentryHiveConstants.GRANT_REVOKE_NOT_SUPPORTED_FOR_PRINCIPAL + 
"GROUP");
+        SentryHiveConstants.SHOW_NOT_SUPPORTED_FOR_PRINCIPAL + "GROUP");
   }
 
   /**