[Impala-ASF-CR] IMPALA-7616: Remove the use of privilege name in TPrivilege

Wed, 26 Sep 2018 11:38:33 -0700 

Fredy Wijaya has posted comments on this change. ( 
http://gerrit.cloudera.org:8080/11509 )

Change subject: IMPALA-7616: Remove the use of privilege name in TPrivilege
......................................................................


Patch Set 9:

(7 comments)

http://gerrit.cloudera.org:8080/#/c/11509/7/common/thrift/CatalogObjects.thrift
File common/thrift/CatalogObjects.thrift:

http://gerrit.cloudera.org:8080/#/c/11509/7/common/thrift/CatalogObjects.thrift@537
PS7, Line 537: /
> My suggestion would be to avoid changing the numbers and leave a gap at 1 (
Done


http://gerrit.cloudera.org:8080/#/c/11509/7/fe/src/main/java/org/apache/impala/catalog/AuthorizationPolicy.java
File fe/src/main/java/org/apache/impala/catalog/AuthorizationPolicy.java:

http://gerrit.cloudera.org:8080/#/c/11509/7/fe/src/main/java/org/apache/impala/catalog/AuthorizationPolicy.java@490
PS7, Line 490:         String privName = 
PrincipalPrivilege.buildPrivilegeName(filter);
             :         if (!privName.equalsIgnoreCase(
             :             PrincipalPrivilege.buildPrivilegeName(privilege))) {
             :           continue;
             :         }
> Building the filter priv name could be moved outside the loop, or with some
I can't move it outside the loop because filter needs to be updated with 
privilege level from privilege.getPrivilege_level().


http://gerrit.cloudera.org:8080/#/c/11509/7/fe/src/main/java/org/apache/impala/catalog/Catalog.java
File fe/src/main/java/org/apache/impala/catalog/Catalog.java:

http://gerrit.cloudera.org:8080/#/c/11509/7/fe/src/main/java/org/apache/impala/catalog/Catalog.java@524
PS7, Line 524:         PrincipalPrivilege privilege = 
tmpPrincipal.getPrivilege(privilegeName);
             :         if (privilege != null) {
> This could be replaced with tmpPrincipal.GetPrivilege(privilegeName). It is
Done


http://gerrit.cloudera.org:8080/#/c/11509/7/fe/src/main/java/org/apache/impala/catalog/Catalog.java@562
PS7, Line 562:
> nit: This comment should be with the case PRIVILEGE, and should be name+id.
Done


http://gerrit.cloudera.org:8080/#/c/11509/7/fe/src/main/java/org/apache/impala/catalog/CatalogServiceCatalog.java
File fe/src/main/java/org/apache/impala/catalog/CatalogServiceCatalog.java:

http://gerrit.cloudera.org:8080/#/c/11509/7/fe/src/main/java/org/apache/impala/catalog/CatalogServiceCatalog.java@1825
PS7, Line 1825:       }
> Building the privilege name could be moved outside the lock.
Done


http://gerrit.cloudera.org:8080/#/c/11509/7/fe/src/main/java/org/apache/impala/catalog/CatalogServiceCatalog.java@1850
PS7, Line 1850:             " does not exist: " + principalName);
> Building the privilege name could be moved outside the lock.
Done


http://gerrit.cloudera.org:8080/#/c/11509/7/fe/src/main/java/org/apache/impala/util/SentryProxy.java
File fe/src/main/java/org/apache/impala/util/SentryProxy.java:

http://gerrit.cloudera.org:8080/#/c/11509/7/fe/src/main/java/org/apache/impala/util/SentryProxy.java@268
PS7, Line 268:       // Remove the privileges that no longer exist.
             :       for (String privilegeName: privilegesToRemove) {
             :         if (principal.getPrincipalType() == TPrincipalType.ROLE) 
{
             :           catalog_.removeRolePrivilege(principal.getName(), 
privilegeName);
             :         } else {
             :           catalog_.removeUserPrivilege(principal.getName(), 
privilegeName);
             :         }
             :       }
             :     }
> This doesn't look ok to me - we are trying to remove the default privilege.
Indeed this looks like a bug. Good catch! I added a test for this.



--
To view, visit http://gerrit.cloudera.org:8080/11509
To unsubscribe, visit http://gerrit.cloudera.org:8080/settings

Gerrit-Project: Impala-ASF
Gerrit-Branch: master
Gerrit-MessageType: comment
Gerrit-Change-Id: Ia813dcc7d3872f126865c1f8f37175201a0b10ab
Gerrit-Change-Number: 11509
Gerrit-PatchSet: 9
Gerrit-Owner: Fredy Wijaya <[email protected]>
Gerrit-Reviewer: Adam Holley <[email protected]>
Gerrit-Reviewer: Csaba Ringhofer <[email protected]>
Gerrit-Reviewer: Fredy Wijaya <[email protected]>
Gerrit-Reviewer: Impala Public Jenkins <[email protected]>
Gerrit-Comment-Date: Wed, 26 Sep 2018 18:38:11 +0000
Gerrit-HasComments: Yes

Reply via email to