git commit: SENTRY-406: Support "WITH GRANT OPTION" for the audit log ( Colin Ma via Sravya Tirukkovalur)

Thu, 21 Aug 2014 13:38:29 -0700 

Repository: incubator-sentry
Updated Branches:
  refs/heads/master 117c60136 -> 49e682fdd


SENTRY-406: Support "WITH GRANT OPTION" for the audit log ( Colin Ma via Sravya 
Tirukkovalur)


Project: http://git-wip-us.apache.org/repos/asf/incubator-sentry/repo
Commit: http://git-wip-us.apache.org/repos/asf/incubator-sentry/commit/49e682fd
Tree: http://git-wip-us.apache.org/repos/asf/incubator-sentry/tree/49e682fd
Diff: http://git-wip-us.apache.org/repos/asf/incubator-sentry/diff/49e682fd

Branch: refs/heads/master
Commit: 49e682fdd444db1fe440240944d1191a91d6d3ca
Parents: 117c601
Author: Sravya Tirukkovalur <[email protected]>
Authored: Thu Aug 21 13:36:52 2014 -0700
Committer: Sravya Tirukkovalur <[email protected]>
Committed: Thu Aug 21 13:36:52 2014 -0700

----------------------------------------------------------------------
 .../provider/db/log/util/CommandUtil.java       |  5 +++++
 .../provider/db/log/util/TestCommandUtil.java   | 21 ++++++++++++++++++++
 .../tests/e2e/dbprovider/TestDbDDLAuditLog.java |  5 +++--
 3 files changed, 29 insertions(+), 2 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/49e682fd/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/log/util/CommandUtil.java
----------------------------------------------------------------------
diff --git 
a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/log/util/CommandUtil.java
 
b/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/log/util/CommandUtil.java
index b2b5187..841eeb3 100644
--- 
a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/log/util/CommandUtil.java
+++ 
b/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/log/util/CommandUtil.java
@@ -25,6 +25,7 @@ import 
org.apache.sentry.provider.db.service.thrift.TAlterSentryRoleAddGroupsReq
 import 
org.apache.sentry.provider.db.service.thrift.TAlterSentryRoleDeleteGroupsRequest;
 import 
org.apache.sentry.provider.db.service.thrift.TAlterSentryRoleGrantPrivilegeRequest;
 import 
org.apache.sentry.provider.db.service.thrift.TAlterSentryRoleRevokePrivilegeRequest;
+import org.apache.sentry.provider.db.service.thrift.TSentryGrantOption;
 import org.apache.sentry.provider.db.service.thrift.TSentryGroup;
 import org.apache.sentry.provider.db.service.thrift.TSentryPrivilege;
 import org.apache.sentry.service.thrift.ServiceConstants.PrivilegeScope;
@@ -134,6 +135,10 @@ public class CommandUtil {
     }
     sb.append(roleName);
 
+    if (privilege.getGrantOption() == TSentryGrantOption.TRUE) {
+      sb.append(" WITH GRANT OPTION");
+    }
+
     return sb.toString();
   }
 

http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/49e682fd/sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/provider/db/log/util/TestCommandUtil.java
----------------------------------------------------------------------
diff --git 
a/sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/provider/db/log/util/TestCommandUtil.java
 
b/sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/provider/db/log/util/TestCommandUtil.java
index 392289c..5da8591 100644
--- 
a/sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/provider/db/log/util/TestCommandUtil.java
+++ 
b/sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/provider/db/log/util/TestCommandUtil.java
@@ -28,6 +28,7 @@ import 
org.apache.sentry.provider.db.service.thrift.TAlterSentryRoleAddGroupsReq
 import 
org.apache.sentry.provider.db.service.thrift.TAlterSentryRoleDeleteGroupsRequest;
 import 
org.apache.sentry.provider.db.service.thrift.TAlterSentryRoleGrantPrivilegeRequest;
 import 
org.apache.sentry.provider.db.service.thrift.TAlterSentryRoleRevokePrivilegeRequest;
+import org.apache.sentry.provider.db.service.thrift.TSentryGrantOption;
 import org.apache.sentry.provider.db.service.thrift.TSentryGroup;
 import org.apache.sentry.provider.db.service.thrift.TSentryPrivilege;
 import org.apache.sentry.service.thrift.ServiceConstants.PrivilegeScope;
@@ -255,6 +256,26 @@ public class TestCommandUtil extends TestCase {
         createRevokePrivilegeCmdResult);
   }
 
+  @Test
+  public void testCreateCmdForGrantOrRevokePrivilege8() {
+    TAlterSentryRoleGrantPrivilegeRequest grantRequest = 
getGrantPrivilegeRequest();
+    TAlterSentryRoleRevokePrivilegeRequest revokeRequest = 
getRevokePrivilegeRequest();
+
+    TSentryPrivilege privilege = getPrivilege(AccessConstants.SELECT, 
PrivilegeScope.SERVER.name(),
+        "dbTest", "tableTest", "serverTest", 
"hdfs://namenode:port/path/to/dir");
+    privilege.setGrantOption(TSentryGrantOption.TRUE);
+    grantRequest.setPrivilege(privilege);
+    revokeRequest.setPrivilege(privilege);
+
+    String createGrantPrivilegeCmdResult = 
CommandUtil.createCmdForGrantPrivilege(grantRequest);
+    String createGrantPrivilegeCmdExcepted = "GRANT SELECT ON SERVER 
serverTest TO ROLE testRole WITH GRANT OPTION";
+    String createRevokePrivilegeCmdResult = 
CommandUtil.createCmdForRevokePrivilege(revokeRequest);
+    String createRevokePrivilegeCmdExcepted = "REVOKE SELECT ON SERVER 
serverTest FROM ROLE testRole WITH GRANT OPTION";
+
+    assertEquals(createGrantPrivilegeCmdExcepted, 
createGrantPrivilegeCmdResult);
+    assertEquals(createRevokePrivilegeCmdExcepted, 
createRevokePrivilegeCmdResult);
+  }
+
   private TAlterSentryRoleAddGroupsRequest getRoleAddGroupsRequest() {
     TAlterSentryRoleAddGroupsRequest request = new 
TAlterSentryRoleAddGroupsRequest();
     request.setRoleName("testRole");

http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/49e682fd/sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/dbprovider/TestDbDDLAuditLog.java
----------------------------------------------------------------------
diff --git 
a/sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/dbprovider/TestDbDDLAuditLog.java
 
b/sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/dbprovider/TestDbDDLAuditLog.java
index 0d52912..2cecdfd 100644
--- 
a/sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/dbprovider/TestDbDDLAuditLog.java
+++ 
b/sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/dbprovider/TestDbDDLAuditLog.java
@@ -117,11 +117,12 @@ public class TestDbDDLAuditLog extends 
AbstractTestWithStaticConfiguration {
     fieldValueMap.put(Constants.LOG_FIELD_ALLOWED, Constants.TRUE);
     assertAuditLog(fieldValueMap);
 
-    statement.execute("GRANT SELECT ON TABLE " + tableName + " TO ROLE " + 
roleName);
+    statement.execute("GRANT SELECT ON TABLE " + tableName + " TO ROLE " + 
roleName
+        + " WITH GRANT OPTION");
     fieldValueMap.clear();
     fieldValueMap.put(Constants.LOG_FIELD_OPERATION, 
Constants.OPERATION_GRANT_PRIVILEGE);
     fieldValueMap.put(Constants.LOG_FIELD_OPERATION_TEXT, "GRANT SELECT ON 
TABLE " + tableName
-        + " TO ROLE " + roleName);
+        + " TO ROLE " + roleName + " WITH GRANT OPTION");
     fieldValueMap.put(Constants.LOG_FIELD_TABLE_NAME, tableName);
     fieldValueMap.put(Constants.LOG_FIELD_ALLOWED, Constants.TRUE);
     assertAuditLog(fieldValueMap);

Reply via email to