Repository: incubator-sentry Updated Branches: refs/heads/master f6fc0422b -> 2982e3d1c
SENTRY-475: SHOW GRANT ROLE from Hive always report with grant option as false (Prasad Mujumdar, reviewed by Lenni Kuff) Project: http://git-wip-us.apache.org/repos/asf/incubator-sentry/repo Commit: http://git-wip-us.apache.org/repos/asf/incubator-sentry/commit/2982e3d1 Tree: http://git-wip-us.apache.org/repos/asf/incubator-sentry/tree/2982e3d1 Diff: http://git-wip-us.apache.org/repos/asf/incubator-sentry/diff/2982e3d1 Branch: refs/heads/master Commit: 2982e3d1cb230fcbc5134c62c402aad98cb3d33f Parents: f6fc042 Author: Prasad Mujumdar <[email protected]> Authored: Sun Sep 28 23:59:56 2014 -0700 Committer: Prasad Mujumdar <[email protected]> Committed: Sun Sep 28 23:59:56 2014 -0700 ---------------------------------------------------------------------- .../hive/ql/exec/SentryGrantRevokeTask.java | 4 ++- .../TestPrivilegeWithGrantOption.java | 34 ++++++++++++++++++-- 2 files changed, 34 insertions(+), 4 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/2982e3d1/sentry-binding/sentry-binding-hive/src/main/java/org/apache/hadoop/hive/ql/exec/SentryGrantRevokeTask.java ---------------------------------------------------------------------- diff --git a/sentry-binding/sentry-binding-hive/src/main/java/org/apache/hadoop/hive/ql/exec/SentryGrantRevokeTask.java b/sentry-binding/sentry-binding-hive/src/main/java/org/apache/hadoop/hive/ql/exec/SentryGrantRevokeTask.java index 6f33109..ac45746 100644 --- a/sentry-binding/sentry-binding-hive/src/main/java/org/apache/hadoop/hive/ql/exec/SentryGrantRevokeTask.java +++ b/sentry-binding/sentry-binding-hive/src/main/java/org/apache/hadoop/hive/ql/exec/SentryGrantRevokeTask.java @@ -71,6 +71,7 @@ import org.apache.sentry.core.model.db.Server; import org.apache.sentry.core.model.db.Table; import org.apache.sentry.provider.db.SentryAccessDeniedException; import org.apache.sentry.provider.db.service.thrift.SentryPolicyServiceClient; +import org.apache.sentry.provider.db.service.thrift.TSentryGrantOption; import org.apache.sentry.provider.db.service.thrift.TSentryPrivilege; import org.apache.sentry.provider.db.service.thrift.TSentryRole; import org.apache.sentry.service.thrift.SentryServiceClientFactory; @@ -428,7 +429,8 @@ public class SentryGrantRevokeTask extends Task<DDLWork> implements Serializable appendNonNull(builder, roleName);//getPrincipalName() appendNonNull(builder, "ROLE");//getPrincipalType() appendNonNull(builder, privilege.getAction()); - appendNonNull(builder, false);//isGrantOption() + appendNonNull(builder, + TSentryGrantOption.TRUE.equals(privilege.getGrantOption())); appendNonNull(builder, privilege.getCreateTime() * 1000L); appendNonNull(builder, "--"); } http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/2982e3d1/sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/dbprovider/TestPrivilegeWithGrantOption.java ---------------------------------------------------------------------- diff --git a/sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/dbprovider/TestPrivilegeWithGrantOption.java b/sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/dbprovider/TestPrivilegeWithGrantOption.java index 581350a..5c49f98 100644 --- a/sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/dbprovider/TestPrivilegeWithGrantOption.java +++ b/sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/dbprovider/TestPrivilegeWithGrantOption.java @@ -41,6 +41,9 @@ import org.junit.Test; public class TestPrivilegeWithGrantOption extends AbstractTestWithStaticConfiguration { private static boolean isInternalServer = false; + private static int SHOW_GRANT_ROLE_DB_POSITION = 1; + private static int SHOW_GRANT_ROLE_TABLE_POSITION = 2; + private static int SHOW_GRANT_ROLE_WITH_GRANT_POSITION = 8; @BeforeClass public static void setupTestStaticConfiguration() throws Exception { @@ -175,15 +178,40 @@ public class TestPrivilegeWithGrantOption extends AbstractTestWithStaticConfigur statement.execute("GRANT INSERT ON TABLE foo TO ROLE role3_2"); connection.close(); + connection = context.createConnection(USER2_1); + statement = context.createStatement(connection); + statement.execute("USE db_1"); + runSQLWithError(statement, "GRANT ALL ON TABLE foo TO ROLE role3_2", + HiveOperation.GRANT_PRIVILEGE, null, null, true); + connection.close(); + connection = context.createConnection(ADMIN1); statement = context.createStatement(connection); statement.execute("use db_1"); verifySingleGrantWithGrantOption(statement, - "SHOW GRANT ROLE role2 ON TABLE foo", 2, "foo"); + "SHOW GRANT ROLE role2 ON TABLE foo", SHOW_GRANT_ROLE_TABLE_POSITION, + "foo"); + verifySingleGrantWithGrantOption(statement, + "SHOW GRANT ROLE role3_1 ON DATABASE db_1", + SHOW_GRANT_ROLE_DB_POSITION, "db_1"); + verifySingleGrantWithGrantOption(statement, + "SHOW GRANT ROLE role3_2 ON TABLE foo", SHOW_GRANT_ROLE_TABLE_POSITION, + "foo"); + + // test 'with grant option' status + verifySingleGrantWithGrantOption(statement, "show grant role role1", + SHOW_GRANT_ROLE_WITH_GRANT_POSITION, "true"); + verifySingleGrantWithGrantOption(statement, + "SHOW GRANT ROLE role1 ON DATABASE db_1", + SHOW_GRANT_ROLE_WITH_GRANT_POSITION, "true"); verifySingleGrantWithGrantOption(statement, - "SHOW GRANT ROLE role3_1 ON DATABASE db_1", 1, "db_1"); + "SHOW GRANT ROLE role1 ON TABLE foo", + SHOW_GRANT_ROLE_WITH_GRANT_POSITION, "true"); + verifySingleGrantWithGrantOption(statement, "show grant role role2", + SHOW_GRANT_ROLE_WITH_GRANT_POSITION, "false"); verifySingleGrantWithGrantOption(statement, - "SHOW GRANT ROLE role3_2 ON TABLE foo", 2, "foo"); + "SHOW GRANT ROLE role2 ON TABLE foo", + SHOW_GRANT_ROLE_WITH_GRANT_POSITION, "false"); statement.close(); connection.close(); }
