ji chen has uploaded this change for review. ( http://gerrit.cloudera.org:8080/20508
Change subject: IMPALA-12398: Ranger role not exists when altering db/table/view owner to a role ...................................................................... IMPALA-12398: Ranger role not exists when altering db/table/view owner to a role When Role '<ROLE_NAME>' is created with Ranger authorization enabled, if 'ALTER TABLE <TABLE_NAME> SET OWNER ROLE <ROLE_NAME>' statement is executed to assign role as the owner of the table, it will throw AnalysisException:Role '<ROLE_NAME>' does not exist. It is due to in the original design, AuthorizationPolicy class is used to cache the roles/principal, So it is used to check the existence of the role. However, this class is obsolete in certain degree in the current design, in the catalogd side,create/drop role/show role will bypass the AuthorizationPolicy object, and directly use the ranger plugin to perform operation on the roles, it also utilize cache within ranger plugin. That is why no roles are available in AuthorizationPolicy object. This patch will directly use ranger impala plugin to check the existence of the role, instead of using AuthorizationPolicy object. Tests: - Pass unit tests. test method testAlterView in AuthorizationStmtTest is updated accordingly. - Pass e2e tests. test method _test_ownership in test_ranger.py is updated to cover the new implementation. - Pass core tests with ranger enabled. Change-Id: I2b029bdb90111dbd0eab5189360cc81090225cda --- M fe/src/main/java/org/apache/impala/analysis/AlterDbSetOwnerStmt.java M fe/src/main/java/org/apache/impala/analysis/AlterTableOrViewSetOwnerStmt.java M fe/src/main/java/org/apache/impala/analysis/AnalysisUtils.java M fe/src/main/java/org/apache/impala/authorization/ranger/RangerUtil.java M fe/src/test/java/org/apache/impala/authorization/AuthorizationStmtTest.java M fe/src/test/java/org/apache/impala/authorization/AuthorizationTestBase.java A fe/src/test/java/org/apache/impala/authorization/CatalogServiceTestCatalog4Ranger.java M fe/src/test/java/org/apache/impala/testutil/CatalogServiceTestCatalog.java M tests/authorization/test_ranger.py 9 files changed, 218 insertions(+), 6 deletions(-) git pull ssh://gerrit.cloudera.org:29418/Impala-ASF refs/changes/08/20508/1 -- To view, visit http://gerrit.cloudera.org:8080/20508 To unsubscribe, visit http://gerrit.cloudera.org:8080/settings Gerrit-Project: Impala-ASF Gerrit-Branch: master Gerrit-MessageType: newchange Gerrit-Change-Id: I2b029bdb90111dbd0eab5189360cc81090225cda Gerrit-Change-Number: 20508 Gerrit-PatchSet: 1 Gerrit-Owner: ji chen <[email protected]>
