Repository: sentry Updated Branches: refs/heads/master 3ae60f6b8 -> 9aeb2e236
SENTRY-2264: It is possible to elevate privileges from DROP using alter table rename (Na Li, reviewed by Sergio Pena, Kalyan Kumar Kalvagadda) Project: http://git-wip-us.apache.org/repos/asf/sentry/repo Commit: http://git-wip-us.apache.org/repos/asf/sentry/commit/9aeb2e23 Tree: http://git-wip-us.apache.org/repos/asf/sentry/tree/9aeb2e23 Diff: http://git-wip-us.apache.org/repos/asf/sentry/diff/9aeb2e23 Branch: refs/heads/master Commit: 9aeb2e236045c960aa90eea4a36ff050cc78c1d8 Parents: 3ae60f6 Author: lina.li <[email protected]> Authored: Tue Jun 26 13:22:12 2018 -0500 Committer: lina.li <[email protected]> Committed: Tue Jun 26 13:22:12 2018 -0500 ---------------------------------------------------------------------- .../hive/authz/HiveAuthzPrivilegesMap.java | 2 +- .../tests/e2e/hive/TestOperationsPart1.java | 92 +++++++++++++++++--- .../tests/e2e/hive/TestOperationsPart2.java | 56 +++++++++--- 3 files changed, 125 insertions(+), 25 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/sentry/blob/9aeb2e23/sentry-binding/sentry-binding-hive/src/main/java/org/apache/sentry/binding/hive/authz/HiveAuthzPrivilegesMap.java ---------------------------------------------------------------------- diff --git a/sentry-binding/sentry-binding-hive/src/main/java/org/apache/sentry/binding/hive/authz/HiveAuthzPrivilegesMap.java b/sentry-binding/sentry-binding-hive/src/main/java/org/apache/sentry/binding/hive/authz/HiveAuthzPrivilegesMap.java index 4f932ea..9350af0 100644 --- a/sentry-binding/sentry-binding-hive/src/main/java/org/apache/sentry/binding/hive/authz/HiveAuthzPrivilegesMap.java +++ b/sentry-binding/sentry-binding-hive/src/main/java/org/apache/sentry/binding/hive/authz/HiveAuthzPrivilegesMap.java @@ -106,7 +106,7 @@ public class HiveAuthzPrivilegesMap { build(); HiveAuthzPrivileges alterTableRenamePrivilege = new HiveAuthzPrivileges.AuthzPrivilegeBuilder(). - addInputObjectPriviledge(AuthorizableType.Db, EnumSet.of(DBModelAction.DROP)). + addInputObjectPriviledge(AuthorizableType.Table, EnumSet.of(DBModelAction.ALL)). addOutputObjectPriviledge(AuthorizableType.Db, EnumSet.of(DBModelAction.CREATE)). setOperationScope(HiveOperationScope.DATABASE). setOperationType(HiveOperationType.DDL). http://git-wip-us.apache.org/repos/asf/sentry/blob/9aeb2e23/sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/hive/TestOperationsPart1.java ---------------------------------------------------------------------- diff --git a/sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/hive/TestOperationsPart1.java b/sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/hive/TestOperationsPart1.java index 1e72990..f3edae2 100644 --- a/sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/hive/TestOperationsPart1.java +++ b/sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/hive/TestOperationsPart1.java @@ -60,6 +60,8 @@ public class TestOperationsPart1 extends AbstractTestWithStaticConfiguration { privileges.put("create_db2", "server=server1->db=" + DB2 + "->action=create"); privileges.put("all_db1_tb1", "server=server1->db=" + DB1 + "->table=tb1->action=all"); + privileges.put("create_db1_tb1", "server=server1->db=" + DB1 + "->action=create"); + privileges.put("drop_db1_tb1", "server=server1->db=" + DB1 + "->action=drop"); privileges.put("select_db1_tb1", "server=server1->db=" + DB1 + "->table=tb1->action=select"); privileges.put("insert_db1_tb1", "server=server1->db=" + DB1 + "->table=tb1->action=insert"); privileges.put("alter_db1_tb1", "server=server1->db=" + DB1 + "->table=tb1->action=alter"); @@ -70,6 +72,7 @@ public class TestOperationsPart1 extends AbstractTestWithStaticConfiguration { privileges.put("insert_db2_tb2", "server=server1->db=" + DB2 + "->table=tb2->action=insert"); privileges.put("select_db1_view1", "server=server1->db=" + DB1 + "->table=view1->action=select"); privileges.put("create_db1_view1", "server=server1->db=" + DB1 + "->action=create"); + privileges.put("all_db1_view1", "server=server1->db=" + DB1 + "->action=all"); privileges.put("drop_db1_view1", "server=server1->db=" + DB1 + "->action=drop"); privileges.put("select_db1_tb2", "server=server1->db=" + DB1 + "->table=tb2->action=select"); @@ -605,6 +608,72 @@ public class TestOperationsPart1 extends AbstractTestWithStaticConfiguration { } @Test + public void testAlterRenameTableWithinDB() throws Exception { + adminCreate(DB1, "tb1", true); + + Connection connection; + Statement statement; + //Setup + policyFile + .addPermissionsToRole("create_db1", privileges.get("create_db1")) + .addPermissionsToRole("all_db1_tb1", privileges.get("all_db1_tb1")) + .addRolesToGroup(USERGROUP1, "create_db1", "all_db1_tb1") + .addRolesToGroup(USERGROUP2, "create_db1"); + writePolicyFile(policyFile); + + String command = "ALTER TABLE " + DB1 + ".tb1 RENAME TO " + DB1 + ".tb2"; + + //negative test cases + connection = context.createConnection(USER2_1); + statement = context.createStatement(connection); + context.assertSentrySemanticException(statement, command, semanticException); + statement.close(); + connection.close(); + + //positive test cases + connection = context.createConnection(USER1_1); + statement = context.createStatement(connection); + statement.execute(command); + statement.close(); + connection.close(); + } + + @Test + public void testAlterRenameTableCrossDB() throws Exception { + adminCreate(DB1, tableName, true); + adminCreate(DB2, null, true); + + Connection connection; + Statement statement; + //Setup + policyFile + .addPermissionsToRole("create_db2", privileges.get("create_db2")) + .addPermissionsToRole("create_db1_tb1", privileges.get("create_db1_tb1")) + .addPermissionsToRole("all_db1_tb1", privileges.get("all_db1_tb1")) + .addPermissionsToRole("select_db1_tb1", privileges.get("select_db1_tb1")) + .addRolesToGroup(USERGROUP1, "create_db2", "all_db1_tb1") + .addRolesToGroup(USERGROUP2, "create_db2", "select_db1_tb1"); + writePolicyFile(policyFile); + + String command = "ALTER TABLE " + DB1 + ".tb1 RENAME TO " + DB2 + ".tb2"; + + //negative test cases + connection = context.createConnection(USER2_1); + statement = context.createStatement(connection); + context.assertSentrySemanticException(statement, command, semanticException); + statement.close(); + connection.close(); + + //positive test cases + connection = context.createConnection(USER1_1); + statement = context.createStatement(connection); + statement.execute(command); + statement.close(); + connection.close(); + } + + + @Test public void testAlterRenameView() throws Exception { adminCreate(DB1, tableName, true); @@ -618,29 +687,28 @@ public class TestOperationsPart1 extends AbstractTestWithStaticConfiguration { policyFile .addPermissionsToRole("create_db1_view1", privileges.get("create_db1_view1")) - .addPermissionsToRole("drop_db1_view1", privileges.get("drop_db1_view1")) + .addPermissionsToRole("all_db1_view1", privileges.get("all_db1_view1")) .addPermissionsToRole("create_db1", privileges.get("create_db1")) - .addRolesToGroup(USERGROUP1, "create_db1", "create_db1_view1", "drop_db1_view1") - .addPermissionsToRole("select_db1_view1", privileges.get("select_db1_view1")) .addPermissionsToRole("select_db1_tb1", privileges.get("select_db1_tb1")) - .addRolesToGroup(USERGROUP2, "select_db1_tb1", "create_db1", "select_db1_view1"); + .addPermissionsToRole("select_db1_view1", privileges.get("select_db1_view1")) + .addRolesToGroup(USERGROUP1, "create_db1", "all_db1_view1") + .addRolesToGroup(USERGROUP2, "create_db1", "select_db1_tb1", "select_db1_view1"); writePolicyFile(policyFile); - //positive test cases - connection = context.createConnection(USER1_1); + //negative test cases + connection = context.createConnection(USER2_1); statement = context.createStatement(connection); statement.execute("Use " + DB1); - statement.execute("ALTER VIEW view1 RENAME TO view2"); + context.assertSentrySemanticException(statement, "ALTER VIEW view1 RENAME TO view2", + semanticException); statement.close(); connection.close(); - //negative test cases - connection = context.createConnection(USER2_1); + //positive test cases + connection = context.createConnection(USER1_1); statement = context.createStatement(connection); statement.execute("Use " + DB1); - statement.execute("CREATE VIEW view1 AS SELECT * FROM tb1"); - context.assertSentrySemanticException(statement, "ALTER VIEW view1 RENAME TO view2", - semanticException); + statement.execute("ALTER VIEW view1 RENAME TO view2"); statement.close(); connection.close(); } http://git-wip-us.apache.org/repos/asf/sentry/blob/9aeb2e23/sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/hive/TestOperationsPart2.java ---------------------------------------------------------------------- diff --git a/sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/hive/TestOperationsPart2.java b/sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/hive/TestOperationsPart2.java index cf89b5d..8bcc013 100644 --- a/sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/hive/TestOperationsPart2.java +++ b/sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/hive/TestOperationsPart2.java @@ -256,7 +256,7 @@ public class TestOperationsPart2 extends AbstractTestWithStaticConfiguration { 1. HiveOperation.ALTERTABLE_RENAME */ @Test - public void renameTable() throws Exception { + public void renameTablePositive() throws Exception { adminCreate(DB1, "TAB_1"); adminCreate(DB2, "TAB_3"); adminCreate(DB3, null); @@ -270,9 +270,50 @@ public class TestOperationsPart2 extends AbstractTestWithStaticConfiguration { .addRolesToGroup(USERGROUP1, "all_db1") .addRolesToGroup(USERGROUP1, "drop_db2") .addRolesToGroup(USERGROUP1, "create_db3") - .addPermissionsToRole("all_db1", "server=server1->db=" + DB1) + .addRolesToGroup(USERGROUP1, "all_db2_table3") + .addPermissionsToRole("all_db1", "server=server1->db=" + DB1 + "->action=all") .addPermissionsToRole("drop_db2", "server=server1->db=" + DB2 + "->action=drop") .addPermissionsToRole("create_db3", "server=server1->db=" + DB3 + "->action=create") + .addPermissionsToRole("all_db2_table3", "server=server1->db=" + DB2 + "->table=TAB_3" + "->action=all") + .setUserGroupMapping(StaticUserGroup.getStaticMapping()); + writePolicyFile(policyFile); + + connection = context.createConnection(USER1_1); + statement = context.createStatement(connection); + + // user1 have all permission with db_1 and create permission with db_3, alter_table_rename pass + exec(statement, "use " + DB1); + exec(statement, "alter table TAB_1 rename to " + DB3 + ".TAB_1"); + exec(statement, "alter table " + DB1 + ".TAB_2 rename to " + DB3 + ".TAB_2"); + + // user1 have all permission with db_2.tab_3 and create permission with db_3, alter_table_rename pass + exec(statement, "use " + DB2); + exec(statement, "alter table TAB_3 rename to " + DB3 + ".TAB_3"); + } + + /* + 1. HiveOperation.ALTERTABLE_RENAME + */ + @Test + public void renameTableNegative() throws Exception { + adminCreate(DB1, "TAB_1"); + adminCreate(DB2, "TAB_3"); + adminCreate(DB3, "TAB_3"); + Connection connection = context.createConnection(ADMIN1); + Statement statement = context.createStatement(connection); + exec(statement, "CREATE table " + DB1 + ".TAB_2 (a string)"); + statement.close(); + connection.close(); + + policyFile + .addRolesToGroup(USERGROUP1, "all_db1") + .addRolesToGroup(USERGROUP1, "drop_db2") + .addRolesToGroup(USERGROUP1, "create_db3") + .addRolesToGroup(USERGROUP1, "all_db2_table3") + .addPermissionsToRole("all_db1", "server=server1->db=" + DB1 + "->action=all") + .addPermissionsToRole("drop_db2", "server=server1->db=" + DB2 + "->action=drop") + .addPermissionsToRole("create_db3", "server=server1->db=" + DB3 + "->action=create") + .addPermissionsToRole("all_db2_table3", "server=server1->db=" + DB2 + "->table=TAB_3" + "->action=all") .setUserGroupMapping(StaticUserGroup.getStaticMapping()); writePolicyFile(policyFile); @@ -310,16 +351,7 @@ public class TestOperationsPart2 extends AbstractTestWithStaticConfiguration { // ignore the exception } - // user1 have all permission with db_1 and create permission with db_3, alter_table_rename pass - exec(statement, "use " + DB1); - exec(statement, "alter table TAB_1 rename to " + DB3 + ".TAB_1"); - exec(statement, "alter table " + DB1 + ".TAB_2 rename to " + DB3 + ".TAB_2"); - - // user1 have drop permission with db_2 and create permission with db_3, alter_table_rename pass - exec(statement, "use " + DB2); - exec(statement, "alter table TAB_3 rename to " + DB3 + ".TAB_3"); - - // user1 haven't drop permission with db_3, can't move table to db_3 + // user1 does not have all permission with db_3.tab_3, cannot move table to db_3.tab_4 exec(statement, "use " + DB3); try { exec(statement, "alter table TAB_3 rename to TAB_4");
