Jarek Jarcec Cecho created SENTRY-371:
-----------------------------------------
Summary: Verifying query privileges doesn't seem to be working
Key: SENTRY-371
URL: https://issues.apache.org/jira/browse/SENTRY-371
Project: Sentry
Issue Type: Bug
Affects Versions: 1.3.0
Reporter: Jarek Jarcec Cecho
I've tried the tool to verify if given user do have enough privileges to
execute given a query that has been added in SENTRY-3. No matter what query I
use, I'm always getting following exception:
{code}
[jarcec@fts-summit-c5-1 ~]$ sentry --command config-tool -s
file:///home/jarcec/sentry-site-policyfile.xml --policyIni
file:///home/jarcec/authz.ini -u jarcec --query "SELECT * FROM x"
Configuration:
Sentry package jar:
file:/usr/lib/sentry/lib/sentry-binding-hive-1.3.0-cdh5.1.0.jar
Hive config: file:/etc/hive/conf.cloudera.HIVE-1/hive-site.xml
Sentry config: file:/home/jarcec/sentry-site-policyfile.xml
Sentry Policy: file:///home/jarcec/authz.ini
Sentry server: srv1
NoViableAltException(-1@[])
at
org.apache.hadoop.hive.ql.parse.HiveParser_SelectClauseParser.selectClause(HiveParser_SelectClauseParser.java:993)
at
org.apache.hadoop.hive.ql.parse.HiveParser.selectClause(HiveParser.java:35962)
at
org.apache.hadoop.hive.ql.parse.HiveParser.selectStatement(HiveParser.java:33967)
at
org.apache.hadoop.hive.ql.parse.HiveParser.regular_body(HiveParser.java:33882)
at
org.apache.hadoop.hive.ql.parse.HiveParser.queryStatement(HiveParser.java:33389)
at
org.apache.hadoop.hive.ql.parse.HiveParser.queryStatementExpression(HiveParser.java:33169)
at
org.apache.hadoop.hive.ql.parse.HiveParser.execStatement(HiveParser.java:1284)
at
org.apache.hadoop.hive.ql.parse.HiveParser.statement(HiveParser.java:983)
at
org.apache.hadoop.hive.ql.parse.ParseDriver.parse(ParseDriver.java:190)
at org.apache.hadoop.hive.ql.Driver.compile(Driver.java:434)
at org.apache.hadoop.hive.ql.Driver.compile(Driver.java:352)
at org.apache.hadoop.hive.ql.Driver.compileInternal(Driver.java:995)
at org.apache.hadoop.hive.ql.Driver.compileAndRespond(Driver.java:988)
at
org.apache.sentry.binding.hive.authz.SentryConfigTool.verifyLocalQuery(SentryConfigTool.java:381)
at
org.apache.sentry.binding.hive.authz.SentryConfigTool$CommandImpl.run(SentryConfigTool.java:646)
at org.apache.sentry.SentryMain.main(SentryMain.java:87)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at
sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
at
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:606)
at org.apache.hadoop.util.RunJar.main(RunJar.java:212)
FAILED: ParseException line 1:6 cannot recognize input near '<EOF>' '<EOF>'
'<EOF>' in select clause
Sentry tool reported Errors: Compilation error: FAILED: ParseException line 1:6
cannot recognize input near '<EOF>' '<EOF>' '<EOF>' in select clause
org.apache.hadoop.hive.ql.parse.SemanticException: Compilation error: FAILED:
ParseException line 1:6 cannot recognize input near '<EOF>' '<EOF>' '<EOF>' in
select clause
at
org.apache.sentry.binding.hive.authz.SentryConfigTool.verifyLocalQuery(SentryConfigTool.java:389)
at
org.apache.sentry.binding.hive.authz.SentryConfigTool$CommandImpl.run(SentryConfigTool.java:646)
at org.apache.sentry.SentryMain.main(SentryMain.java:87)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at
sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
at
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:606)
at org.apache.hadoop.util.RunJar.main(RunJar.java:212)
[jarcec@fts-summit-c5-1 ~]$
{code}
--
This message was sent by Atlassian JIRA
(v6.2#6252)
