Repository: sentry Updated Branches: refs/heads/master 266857472 -> a06e65639
SENTRY-2144: Table Rename Cross Database should update permission correctly. (Na Li, reviewed by Sergio Pena, Kalyan Kumar Kalvagadda, Arjun Mishra, Alexander Kolbasov) Project: http://git-wip-us.apache.org/repos/asf/sentry/repo Commit: http://git-wip-us.apache.org/repos/asf/sentry/commit/a06e6563 Tree: http://git-wip-us.apache.org/repos/asf/sentry/tree/a06e6563 Diff: http://git-wip-us.apache.org/repos/asf/sentry/diff/a06e6563 Branch: refs/heads/master Commit: a06e656394672f67c648de73a6e8965478dadde6 Parents: 2668574 Author: lina.li <[email protected]> Authored: Fri May 18 17:22:49 2018 -0500 Committer: lina.li <[email protected]> Committed: Fri May 18 17:22:49 2018 -0500 ---------------------------------------------------------------------- .../db/service/persistent/SentryStore.java | 2 + .../TestDbPrivilegeCleanupOnDrop.java | 60 +++++++++++++++++++- 2 files changed, 60 insertions(+), 2 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/sentry/blob/a06e6563/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/persistent/SentryStore.java ---------------------------------------------------------------------- diff --git a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/persistent/SentryStore.java b/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/persistent/SentryStore.java index cafe2b5..56c506b 100644 --- a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/persistent/SentryStore.java +++ b/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/persistent/SentryStore.java @@ -2316,6 +2316,8 @@ public class SentryStore { if (newTPrivilege.getPrivilegeScope().equals(PrivilegeScope.DATABASE.name())) { tPriv.setDbName(newTPrivilege.getDbName()); } else if (newTPrivilege.getPrivilegeScope().equals(PrivilegeScope.TABLE.name())) { + // the DB name could change, so set its value + tPriv.setDbName(newTPrivilege.getDbName()); tPriv.setTableName(newTPrivilege.getTableName()); } alterSentryRoleGrantPrivilegeCore(pm, role.getRoleName(), tPriv); http://git-wip-us.apache.org/repos/asf/sentry/blob/a06e6563/sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/dbprovider/TestDbPrivilegeCleanupOnDrop.java ---------------------------------------------------------------------- diff --git a/sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/dbprovider/TestDbPrivilegeCleanupOnDrop.java b/sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/dbprovider/TestDbPrivilegeCleanupOnDrop.java index 5fe6625..cbfdb94 100644 --- a/sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/dbprovider/TestDbPrivilegeCleanupOnDrop.java +++ b/sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/dbprovider/TestDbPrivilegeCleanupOnDrop.java @@ -158,12 +158,12 @@ public class TestDbPrivilegeCleanupOnDrop extends TestHDFSIntegrationBase { /** * rename table and verify that the no privileges are referring to it old table - * verify that the same privileges are created for the new table name + * verify that the same privileges are created for the new table name within the same DB * * @throws Exception */ @Test - public void testRenameTables() throws Exception { + public void testRenameTablesWithinDB() throws Exception { dbNames = new String[]{DB1, DB2}; roles = new String[]{"admin_role", "read_db1", "all_db1", "select_tbl1", "insert_tbl1", "all_tbl1", "all_tbl2", "all_prod"}; @@ -199,6 +199,62 @@ public class TestDbPrivilegeCleanupOnDrop extends TestHDFSIntegrationBase { } /** + * rename table and verify that the no privileges are referring to it old table + * verify that the same privileges are created for the new table name at different DB + * + * @throws Exception + */ + @Test + public void testRenameTablesCrossDB() throws Exception { + dbNames = new String[]{DB1, DB2}; + roles = new String[]{"admin_role", "read_db1", "all_db1", "select_tbl1", + "insert_tbl1", "all_tbl1", "all_tbl2", "all_prod"}; + + // create required roles + setupRoles(statement); + + // create test DBs and Tables + statement.execute("CREATE DATABASE " + DB1); + statement.execute("CREATE DATABASE " + DB2); + statement.execute("create table " + DB2 + "." + tableName1 + + " (under_col int comment 'the under column', value string)"); + + // setup privileges for USER1 + statement.execute("GRANT ALL ON DATABASE " + DB1 + " TO ROLE all_db1"); + statement.execute("GRANT SELECT ON DATABASE " + DB1 + + " TO ROLE read_db1"); + statement.execute("GRANT ALL ON DATABASE " + DB2 + " TO ROLE all_prod"); + statement.execute("USE " + DB2); + statement.execute("GRANT SELECT ON TABLE " + tableName1 + + " TO ROLE select_tbl1"); + statement.execute("GRANT INSERT ON TABLE " + tableName1 + + " TO ROLE insert_tbl1"); + statement.execute("GRANT ALL ON TABLE " + tableName1 + " TO ROLE all_tbl1"); + + // verify privileges on the created tables + verifyTablePrivilegeExist(statement, + Lists.newArrayList("select_tbl1", "insert_tbl1", "all_tbl1"), + DB2 + "." + tableName1); + + // rename table across the DB + statement.execute("ALTER TABLE " + DB2 + "." + tableName1 + " RENAME TO " + + DB1 + "." + tableName1 + renameTag); + + // verify privileges removed for old table + List<String> roles = getRoles(statement); + verifyIfAllPrivilegeAreDropped(statement, roles, DB2 + "." + tableName1, + SHOW_GRANT_TABLE_POSITION); + + // verify privileges created for new table + verifyTablePrivilegeExist(statement, + Lists.newArrayList("select_tbl1", "insert_tbl1", "all_tbl1"), + DB1 + "." + tableName1 + renameTag); + + statement.close(); + connection.close(); + } + + /** * After we drop/rename table, we will drop/rename all privileges(ALL,SELECT,INSERT,ALTER,DROP...) * from this role *
