Repository: sentry Updated Branches: refs/heads/master 9caa0d1d0 -> 3ae60f6b8
SENTRY-2238: Explicitly set Database on SentryHivePrivilegeObjectDesc (Arjun Mishra, reviewed by Sergio Pena, Na Li) Project: http://git-wip-us.apache.org/repos/asf/sentry/repo Commit: http://git-wip-us.apache.org/repos/asf/sentry/commit/3ae60f6b Tree: http://git-wip-us.apache.org/repos/asf/sentry/tree/3ae60f6b Diff: http://git-wip-us.apache.org/repos/asf/sentry/diff/3ae60f6b Branch: refs/heads/master Commit: 3ae60f6b8dc21887517e8b5a6a20a279e8d699bf Parents: 9caa0d1 Author: Sergio Pena <[email protected]> Authored: Tue Jun 26 09:38:40 2018 -0500 Committer: Sergio Pena <[email protected]> Committed: Tue Jun 26 09:42:05 2018 -0500 ---------------------------------------------------------------------- .../ql/exec/SentryHivePrivilegeObjectDesc.java | 9 +++++++ .../SentryHiveAuthorizationTaskFactoryImpl.java | 4 +++ .../TestSentryHiveAuthorizationTaskFactory.java | 26 ++++++++++++++++++-- 3 files changed, 37 insertions(+), 2 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/sentry/blob/3ae60f6b/sentry-binding/sentry-binding-hive-common/src/main/java/org/apache/hadoop/hive/ql/exec/SentryHivePrivilegeObjectDesc.java ---------------------------------------------------------------------- diff --git a/sentry-binding/sentry-binding-hive-common/src/main/java/org/apache/hadoop/hive/ql/exec/SentryHivePrivilegeObjectDesc.java b/sentry-binding/sentry-binding-hive-common/src/main/java/org/apache/hadoop/hive/ql/exec/SentryHivePrivilegeObjectDesc.java index 4fa4221..be99a3d 100644 --- a/sentry-binding/sentry-binding-hive-common/src/main/java/org/apache/hadoop/hive/ql/exec/SentryHivePrivilegeObjectDesc.java +++ b/sentry-binding/sentry-binding-hive-common/src/main/java/org/apache/hadoop/hive/ql/exec/SentryHivePrivilegeObjectDesc.java @@ -22,6 +22,7 @@ import org.apache.hadoop.hive.ql.plan.PrivilegeObjectDesc; public class SentryHivePrivilegeObjectDesc extends PrivilegeObjectDesc { private boolean isUri; private boolean isServer; + private boolean isDatabase; public SentryHivePrivilegeObjectDesc() { // reset table type which is on by default @@ -48,4 +49,12 @@ public class SentryHivePrivilegeObjectDesc extends PrivilegeObjectDesc { return isServer || isUri; } + public boolean getDatabase() { + return isDatabase; + } + + public void setDatabase(boolean isDatabase) { + this.isDatabase = isDatabase; + } + } http://git-wip-us.apache.org/repos/asf/sentry/blob/3ae60f6b/sentry-binding/sentry-binding-hive/src/main/java/org/apache/sentry/binding/hive/SentryHiveAuthorizationTaskFactoryImpl.java ---------------------------------------------------------------------- diff --git a/sentry-binding/sentry-binding-hive/src/main/java/org/apache/sentry/binding/hive/SentryHiveAuthorizationTaskFactoryImpl.java b/sentry-binding/sentry-binding-hive/src/main/java/org/apache/sentry/binding/hive/SentryHiveAuthorizationTaskFactoryImpl.java index 660bef1..e58fe86 100644 --- a/sentry-binding/sentry-binding-hive/src/main/java/org/apache/sentry/binding/hive/SentryHiveAuthorizationTaskFactoryImpl.java +++ b/sentry-binding/sentry-binding-hive/src/main/java/org/apache/sentry/binding/hive/SentryHiveAuthorizationTaskFactoryImpl.java @@ -326,6 +326,10 @@ public class SentryHiveAuthorizationTaskFactoryImpl implements HiveAuthorization subject.setUri(true); } else if (astChild.getToken().getType() == HiveParser.TOK_SERVER_TYPE) { subject.setServer(true); + } else if(astChild.getToken().getType() == HiveParser.TOK_DB_TYPE) { + subject.setDatabase(true); + String qualified = BaseSemanticAnalyzer.getUnescapedName(gchild); + subject.setObject(qualified); } else if (astChild.getToken().getType() == HiveParser.TOK_TABLE_TYPE) { subject.setTable(true); String qualified = BaseSemanticAnalyzer.getUnescapedName(gchild); http://git-wip-us.apache.org/repos/asf/sentry/blob/3ae60f6b/sentry-binding/sentry-binding-hive/src/test/java/org/apache/sentry/binding/hive/TestSentryHiveAuthorizationTaskFactory.java ---------------------------------------------------------------------- diff --git a/sentry-binding/sentry-binding-hive/src/test/java/org/apache/sentry/binding/hive/TestSentryHiveAuthorizationTaskFactory.java b/sentry-binding/sentry-binding-hive/src/test/java/org/apache/sentry/binding/hive/TestSentryHiveAuthorizationTaskFactory.java index 8b6b223..e497f8c 100644 --- a/sentry-binding/sentry-binding-hive/src/test/java/org/apache/sentry/binding/hive/TestSentryHiveAuthorizationTaskFactory.java +++ b/sentry-binding/sentry-binding-hive/src/test/java/org/apache/sentry/binding/hive/TestSentryHiveAuthorizationTaskFactory.java @@ -403,6 +403,20 @@ public class TestSentryHiveAuthorizationTaskFactory { } /** + * SHOW GRANT ROLE ... ON DATABASE ... + */ + @Test + public void testShowGrantRoleOnDatabase() throws Exception { + DDLWork work = analyze(parse("SHOW GRANT ROLE " + ROLE + " ON DATABASE " + DB)); + ShowGrantDesc grantDesc = work.getShowGrantDesc(); + Assert.assertNotNull("Show grant should not be null", grantDesc); + Assert.assertEquals(PrincipalType.ROLE, grantDesc.getPrincipalDesc().getType()); + Assert.assertEquals(ROLE, grantDesc.getPrincipalDesc().getName()); + Assert.assertTrue("Expected database", ((SentryHivePrivilegeObjectDesc)grantDesc.getHiveObj()).getDatabase()); + Assert.assertEquals(DB, ((SentryHivePrivilegeObjectDesc)grantDesc.getHiveObj()).getObject()); + } + + /** * SHOW GRANT GROUP ... ON TABLE ... */ @Test @@ -412,6 +426,15 @@ public class TestSentryHiveAuthorizationTaskFactory { } /** + * SHOW GRANT GROUP ... ON DATABASE ... + */ + @Test + public void testShowGrantGroupOnDatabase() throws Exception { + expectSemanticException("SHOW GRANT GROUP " + GROUP + " ON DATABASE " + DB, + SentryHiveConstants.SHOW_NOT_SUPPORTED_FOR_PRINCIPAL + "GROUP"); + } + + /** * SHOW ROLES */ @Test @@ -499,8 +522,7 @@ public class TestSentryHiveAuthorizationTaskFactory { Assert.assertEquals(null, grantDesc.getPrincipalDesc().getType()); Assert.assertEquals(StringUtils.EMPTY, grantDesc.getPrincipalDesc().getName()); Assert.assertEquals(DB, grantDesc.getHiveObj().getObject()); - //TODO - Part of SENTRY-2238 commit -// Assert.assertTrue("Expected database", ((SentryHivePrivilegeObjectDesc)grantDesc.getHiveObj()).getDatabase()); + Assert.assertTrue("Expected database", ((SentryHivePrivilegeObjectDesc)grantDesc.getHiveObj()).getDatabase()); } /**
