Repository: incubator-sentry Updated Branches: refs/heads/master 5134a092a -> eefdec94a
SENTRY-307: Unqualified URIs should be reconstructed in a standard way (Sravya Tirukkovalur via Prasad Mujumdar) Project: http://git-wip-us.apache.org/repos/asf/incubator-sentry/repo Commit: http://git-wip-us.apache.org/repos/asf/incubator-sentry/commit/eefdec94 Tree: http://git-wip-us.apache.org/repos/asf/incubator-sentry/tree/eefdec94 Diff: http://git-wip-us.apache.org/repos/asf/incubator-sentry/diff/eefdec94 Branch: refs/heads/master Commit: eefdec94a251e6d7bbf0dcb32b487961c665ba69 Parents: 5134a09 Author: Prasad Mujumdar <[email protected]> Authored: Wed Jun 18 14:08:54 2014 -0700 Committer: Prasad Mujumdar <[email protected]> Committed: Wed Jun 18 14:08:54 2014 -0700 ---------------------------------------------------------------------- .../hadoop/hive/ql/exec/SentryGrantRevokeTask.java | 9 ++++++++- .../binding/metastore/MetastoreAuthzBinding.java | 14 ++++++++++++-- 2 files changed, 20 insertions(+), 3 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/eefdec94/sentry-binding/sentry-binding-hive/src/main/java/org/apache/hadoop/hive/ql/exec/SentryGrantRevokeTask.java ---------------------------------------------------------------------- diff --git a/sentry-binding/sentry-binding-hive/src/main/java/org/apache/hadoop/hive/ql/exec/SentryGrantRevokeTask.java b/sentry-binding/sentry-binding-hive/src/main/java/org/apache/hadoop/hive/ql/exec/SentryGrantRevokeTask.java index 122d137..f29078a 100644 --- a/sentry-binding/sentry-binding-hive/src/main/java/org/apache/hadoop/hive/ql/exec/SentryGrantRevokeTask.java +++ b/sentry-binding/sentry-binding-hive/src/main/java/org/apache/hadoop/hive/ql/exec/SentryGrantRevokeTask.java @@ -21,6 +21,7 @@ import java.io.DataOutputStream; import java.io.IOException; import java.io.OutputStreamWriter; import java.io.Serializable; +import java.net.URISyntaxException; import java.util.ArrayList; import java.util.HashSet; import java.util.List; @@ -62,6 +63,7 @@ import org.apache.sentry.binding.hive.conf.HiveAuthzConf.AuthzConfVars; import org.apache.sentry.core.common.ActiveRoleSet; import org.apache.sentry.core.common.Authorizable; import org.apache.sentry.core.common.Subject; +import org.apache.sentry.core.common.utils.PathUtils; import org.apache.sentry.core.model.db.AccessURI; import org.apache.sentry.core.model.db.Database; import org.apache.sentry.core.model.db.Server; @@ -337,7 +339,12 @@ public class SentryGrantRevokeTask extends Task<DDLWork> implements Serializable } else if (privSubjectDesc.getUri()) { String uriPath = privSubjectDesc.getObject(); - authorizableHeirarchy.add(new AccessURI(uriPath)); + String warehouseDir = conf.getVar(HiveConf.ConfVars.METASTOREWAREHOUSE); + try { + authorizableHeirarchy.add(new AccessURI(PathUtils.parseDFSURI(warehouseDir, uriPath))); + } catch(URISyntaxException e) { + throw new HiveException(e.getMessage()); + } } else { dbName = privSubjectDesc.getObject(); authorizableHeirarchy.add(new Database(dbName)); http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/eefdec94/sentry-binding/sentry-binding-hive/src/main/java/org/apache/sentry/binding/metastore/MetastoreAuthzBinding.java ---------------------------------------------------------------------- diff --git a/sentry-binding/sentry-binding-hive/src/main/java/org/apache/sentry/binding/metastore/MetastoreAuthzBinding.java b/sentry-binding/sentry-binding-hive/src/main/java/org/apache/sentry/binding/metastore/MetastoreAuthzBinding.java index 057f704..c87e258 100644 --- a/sentry-binding/sentry-binding-hive/src/main/java/org/apache/sentry/binding/metastore/MetastoreAuthzBinding.java +++ b/sentry-binding/sentry-binding-hive/src/main/java/org/apache/sentry/binding/metastore/MetastoreAuthzBinding.java @@ -20,6 +20,7 @@ package org.apache.sentry.binding.metastore; import java.io.File; import java.io.IOException; import java.net.MalformedURLException; +import java.net.URISyntaxException; import java.net.URL; import java.util.ArrayList; import java.util.List; @@ -44,6 +45,7 @@ import org.apache.hadoop.hive.metastore.events.PreDropPartitionEvent; import org.apache.hadoop.hive.metastore.events.PreDropTableEvent; import org.apache.hadoop.hive.metastore.events.PreEventContext; import org.apache.hadoop.hive.ql.metadata.AuthorizationException; +import org.apache.hadoop.hive.ql.metadata.HiveException; import org.apache.hadoop.hive.ql.plan.HiveOperation; import org.apache.hadoop.hive.shims.ShimLoader; import org.apache.sentry.binding.hive.authz.HiveAuthzBinding; @@ -51,6 +53,7 @@ import org.apache.sentry.binding.hive.authz.HiveAuthzPrivilegesMap; import org.apache.sentry.binding.hive.conf.HiveAuthzConf; import org.apache.sentry.binding.hive.conf.HiveAuthzConf.AuthzConfVars; import org.apache.sentry.core.common.Subject; +import org.apache.sentry.core.common.utils.PathUtils; import org.apache.sentry.core.model.db.AccessURI; import org.apache.sentry.core.model.db.DBModelAuthorizable; import org.apache.sentry.core.model.db.Database; @@ -207,8 +210,15 @@ public class MetastoreAuthzBinding extends MetaStorePreEventListener { throws InvalidOperationException, MetaException { HierarcyBuilder inputBuilder = new HierarcyBuilder(); if (!StringUtils.isEmpty(context.getTable().getSd().getLocation())) { - inputBuilder.addUriToOutput(getAuthServer(), context.getTable().getSd() - .getLocation()); + String warehouseDir = hiveConf.getVar(HiveConf.ConfVars.METASTOREWAREHOUSE); + String uriPath; + try { + uriPath = PathUtils.parseDFSURI(warehouseDir, context.getTable().getSd() + .getLocation()); + } catch(URISyntaxException e) { + throw new MetaException(e.getMessage()); + } + inputBuilder.addUriToOutput(getAuthServer(), uriPath); } authorizeMetastoreAccess(HiveOperation.CREATETABLE, inputBuilder.build(), new HierarcyBuilder().addDbToOutput(
