Repository: sentry Updated Branches: refs/heads/master 7ac2b05e5 -> b65f5b2b4
SENTRY-2171: Permission full snapshot should include owner privileges. (Kalyan Kumar kalvagadda, reviewed-by Na Li) Project: http://git-wip-us.apache.org/repos/asf/sentry/repo Commit: http://git-wip-us.apache.org/repos/asf/sentry/commit/b65f5b2b Tree: http://git-wip-us.apache.org/repos/asf/sentry/tree/b65f5b2b Diff: http://git-wip-us.apache.org/repos/asf/sentry/diff/b65f5b2b Branch: refs/heads/master Commit: b65f5b2b4fe31a5a700122bf5d174d199fa8bd4f Parents: 7ac2b05 Author: Kalyan Kumar Kalvagadda <[email protected]> Authored: Fri May 11 15:07:08 2018 -0500 Committer: Kalyan Kumar Kalvagadda <[email protected]> Committed: Fri May 11 15:07:08 2018 -0500 ---------------------------------------------------------------------- .../sentry/core/model/db/AccessConstants.java | 1 + .../db/service/persistent/SentryStore.java | 34 +++++++++++++++----- .../db/service/persistent/TestSentryStore.java | 16 +++++++++ 3 files changed, 43 insertions(+), 8 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/sentry/blob/b65f5b2b/sentry-core/sentry-core-model-db/src/main/java/org/apache/sentry/core/model/db/AccessConstants.java ---------------------------------------------------------------------- diff --git a/sentry-core/sentry-core-model-db/src/main/java/org/apache/sentry/core/model/db/AccessConstants.java b/sentry-core/sentry-core-model-db/src/main/java/org/apache/sentry/core/model/db/AccessConstants.java index a8e8bb1..a4fa226 100644 --- a/sentry-core/sentry-core-model-db/src/main/java/org/apache/sentry/core/model/db/AccessConstants.java +++ b/sentry-core/sentry-core-model-db/src/main/java/org/apache/sentry/core/model/db/AccessConstants.java @@ -34,6 +34,7 @@ public final class AccessConstants { public static final String ALTER = "alter"; public static final String CREATE = "create"; public static final String DROP = "drop"; + public static final String OWNER = "OWNER"; public static final String INDEX = "index"; public static final String LOCK = "lock"; http://git-wip-us.apache.org/repos/asf/sentry/blob/b65f5b2b/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/persistent/SentryStore.java ---------------------------------------------------------------------- diff --git a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/persistent/SentryStore.java b/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/persistent/SentryStore.java index b640f59..cafe2b5 100644 --- a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/persistent/SentryStore.java +++ b/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/persistent/SentryStore.java @@ -2526,20 +2526,38 @@ public class SentryStore { retVal.put(authzObj, pUpdate); } for (MSentryRole mRole : mPriv.getRoles()) { - String existingPriv = pUpdate.get(mRole.getRoleName()); - if (existingPriv == null) { - pUpdate.put(new TPrivilegeEntity(TPrivilegeEntityType.ROLE, mRole.getRoleName()), - mPriv.getAction().toUpperCase()); - } else { - pUpdate.put(new TPrivilegeEntity(TPrivilegeEntityType.ROLE, mRole.getRoleName()), existingPriv + "," + - mPriv.getAction().toUpperCase()); - } + pUpdate = addPrivilegeEntry (mPriv, TPrivilegeEntityType.ROLE, mRole.getRoleName(), pUpdate); + } + for (MSentryUser mUser : mPriv.getUsers()) { + pUpdate = addPrivilegeEntry (mPriv, TPrivilegeEntityType.USER, mUser.getUserName(), pUpdate); } } query.closeAll(); return retVal; } + private static Map<TPrivilegeEntity, String> addPrivilegeEntry(MSentryPrivilege mPriv, TPrivilegeEntityType tEntityType, + String entity, Map<TPrivilegeEntity, String> update) { + String action; + String newAction; + String existingPriv = update.get(entity); + action = mPriv.getAction().toUpperCase(); + newAction = mPriv.getAction().toUpperCase(); + if(action.equals(AccessConstants.OWNER)) { + // Translate owner privilege to actual privilege. + newAction = AccessConstants.ACTION_ALL; + } + + if (existingPriv == null) { + update.put(new TPrivilegeEntity(tEntityType, entity), + newAction); + } else { + update.put(new TPrivilegeEntity(tEntityType, entity), existingPriv + "," + + newAction); + } + return update; + } + /** * Retrieves an up-to-date sentry role snapshot from {@code MSentryGroup} table. * The snapshot is represented by a role to groups map. http://git-wip-us.apache.org/repos/asf/sentry/blob/b65f5b2b/sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/provider/db/service/persistent/TestSentryStore.java ---------------------------------------------------------------------- diff --git a/sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/provider/db/service/persistent/TestSentryStore.java b/sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/provider/db/service/persistent/TestSentryStore.java index 152c0ce..0322cc3 100644 --- a/sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/provider/db/service/persistent/TestSentryStore.java +++ b/sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/provider/db/service/persistent/TestSentryStore.java @@ -2466,11 +2466,27 @@ public class TestSentryStore extends org.junit.Assert { sentryStore.alterSentryRoleAddGroups(grantor, roleName1, groups); sentryStore.alterSentryRoleAddGroups(grantor, roleName2, groups); + //Grant owner privilege to role + TSentryPrivilege privilege3 = new TSentryPrivilege(); + privilege3.setPrivilegeScope("TABLE"); + privilege3.setServerName("server1"); + privilege3.setDbName("db3"); + privilege3.setTableName("tbl1"); + privilege3.setAction("OWNER"); + privilege3.setCreateTime(System.currentTimeMillis()); + sentryStore.alterSentryRoleGrantPrivilege(grantor, roleName1, privilege3); + sentryStore.alterSentryRoleGrantPrivilege(grantor, roleName2, privilege3); + PermissionsImage permImage = sentryStore.retrieveFullPermssionsImage(); Map<String, Map<TPrivilegeEntity, String>> privs = permImage.getPrivilegeImage(); Map<String, List<String>> roles = permImage.getRoleImage(); assertEquals(2, privs.get("db1.tbl1").size()); assertEquals(2, roles.size()); + + assertEquals(2, privs.get("db3.tbl1").size()); + assertEquals("ALL", privs.get("db3.tbl1").get(new TPrivilegeEntity(TPrivilegeEntityType.ROLE, roleName1))); + assertEquals("ALL", privs.get("db3.tbl1").get(new TPrivilegeEntity(TPrivilegeEntityType.ROLE, roleName2))); + } /**
