subject:"sentry git commit\: SENTRY\-2226\: Support Hive operation ALTER TABLE EXCHANGE. \(Na Li, reviewed by Sergio Pena, Kalyan Kumar Kalvagadda\)"

sentry git commit: SENTRY-2226: Support Hive operation ALTER TABLE EXCHANGE. (Na Li, reviewed by Sergio Pena, Kalyan Kumar Kalvagadda)

2018-05-17 Thread spena

Repository: sentry
Updated Branches:
  refs/heads/branch-2.0 d77edb505 -> b72d4fb22


SENTRY-2226: Support Hive operation ALTER TABLE EXCHANGE. (Na Li, reviewed by 
Sergio Pena, Kalyan Kumar Kalvagadda)


Project: http://git-wip-us.apache.org/repos/asf/sentry/repo
Commit: http://git-wip-us.apache.org/repos/asf/sentry/commit/b72d4fb2
Tree: http://git-wip-us.apache.org/repos/asf/sentry/tree/b72d4fb2
Diff: http://git-wip-us.apache.org/repos/asf/sentry/diff/b72d4fb2

Branch: refs/heads/branch-2.0
Commit: b72d4fb226114900abae99dfab5a5bc28d2892b8
Parents: d77edb5
Author: lina.li 
Authored: Fri May 11 11:17:09 2018 -0500
Committer: Sergio Pena 
Committed: Thu May 17 13:58:13 2018 -0500

--
 .../hive/authz/HiveAuthzPrivilegesMap.java  |  12 ++
 .../TestDbColumnLevelMetaDataOps.java   | 124 +++
 2 files changed, 136 insertions(+)
--


http://git-wip-us.apache.org/repos/asf/sentry/blob/b72d4fb2/sentry-binding/sentry-binding-hive/src/main/java/org/apache/sentry/binding/hive/authz/HiveAuthzPrivilegesMap.java
--
diff --git 
a/sentry-binding/sentry-binding-hive/src/main/java/org/apache/sentry/binding/hive/authz/HiveAuthzPrivilegesMap.java
 
b/sentry-binding/sentry-binding-hive/src/main/java/org/apache/sentry/binding/hive/authz/HiveAuthzPrivilegesMap.java
index ffa193f..4f932ea 100644
--- 
a/sentry-binding/sentry-binding-hive/src/main/java/org/apache/sentry/binding/hive/authz/HiveAuthzPrivilegesMap.java
+++ 
b/sentry-binding/sentry-binding-hive/src/main/java/org/apache/sentry/binding/hive/authz/HiveAuthzPrivilegesMap.java
@@ -112,6 +112,16 @@ public class HiveAuthzPrivilegesMap {
 setOperationType(HiveOperationType.DDL).
 build();
 
+// input required privilege from Hive: SELECT on column level and DELETE 
on table level
+// output required privilege from Hive: INSERT on table level
+// Sentry makes it more restrictive, and requires ALL at input, INSERT and 
ALTER at output
+HiveAuthzPrivileges alterTableExchangePrivilege = new 
HiveAuthzPrivileges.AuthzPrivilegeBuilder().
+addInputObjectPriviledge(AuthorizableType.Table, 
EnumSet.of(DBModelAction.ALL)).
+addOutputObjectPriviledge(AuthorizableType.Table, 
EnumSet.of(DBModelAction.INSERT, DBModelAction.ALTER)).
+setOperationScope(HiveOperationScope.TABLE).
+setOperationType(HiveOperationType.DDL).
+build();
+
 HiveAuthzPrivileges alterPartPrivilege = new 
HiveAuthzPrivileges.AuthzPrivilegeBuilder().
 addInputObjectPriviledge(AuthorizableType.Table, 
EnumSet.of(DBModelAction.ALTER)).
 setOperationScope(HiveOperationScope.TABLE).
@@ -240,6 +250,8 @@ public class HiveAuthzPrivilegesMap {
 hiveAuthzStmtPrivMap.put(HiveOperation.ALTERTABLE_ADDCOLS, 
alterTablePrivilege);
 hiveAuthzStmtPrivMap.put(HiveOperation.ALTERTABLE_REPLACECOLS, 
alterTablePrivilege);
 hiveAuthzStmtPrivMap.put(HiveOperation.ALTERTABLE_PARTCOLTYPE, 
alterPartPrivilege);
+hiveAuthzStmtPrivMap.put(HiveOperation.ALTERTABLE_EXCHANGEPARTITION, 
alterTableExchangePrivilege);
+
 hiveAuthzStmtPrivMap.put(HiveOperation.ALTERTABLE_BUCKETNUM, 
alterPartPrivilege);
 hiveAuthzStmtPrivMap.put(HiveOperation.ALTERPARTITION_BUCKETNUM, 
alterPartPrivilege);
 

http://git-wip-us.apache.org/repos/asf/sentry/blob/b72d4fb2/sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/dbprovider/TestDbColumnLevelMetaDataOps.java
--
diff --git 
a/sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/dbprovider/TestDbColumnLevelMetaDataOps.java
 
b/sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/dbprovider/TestDbColumnLevelMetaDataOps.java
index 3735179..c065f7f 100644
--- 
a/sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/dbprovider/TestDbColumnLevelMetaDataOps.java
+++ 
b/sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/dbprovider/TestDbColumnLevelMetaDataOps.java
@@ -371,4 +371,128 @@ public class TestDbColumnLevelMetaDataOps extends 
AbstractTestWithStaticConfigur
 String query = "SHOW TABLE EXTENDED IN " + TEST_COL_METADATA_OPS_DB + " 
LIKE " + TEST_COL_METADATA_OPS_TB;
 validateSemanticException(query, USER1_1);
   }
+
+  /**
+   * User cannot exchange partition of tables without any privilege on input 
table and output table
+   * @throws Exception
+   */
+  @Test
+  public void testAlterTableExchangeNoPrivilege() throws Exception {
+final String PAR_ROLE_NAME = "config1_user_role";
+final String PAR_GROUP_NAME = USERGROUP1;
+final String PAR_DB_NAME = "config1_test_database1";
+final String PAR_INPUT_TABLE_NAME = "aliens";
+final String PAR_OUTPUT_TABLE_NAME = "movie_stars";
+
+est

sentry git commit: SENTRY-2226: Support Hive operation ALTER TABLE EXCHANGE. (Na Li, reviewed by Sergio Pena, Kalyan Kumar Kalvagadda)

2018-05-11 Thread linaataustin

Repository: sentry
Updated Branches:
  refs/heads/master af8ea0ac1 -> 7ac2b05e5


SENTRY-2226: Support Hive operation ALTER TABLE EXCHANGE. (Na Li, reviewed by 
Sergio Pena, Kalyan Kumar Kalvagadda)


Project: http://git-wip-us.apache.org/repos/asf/sentry/repo
Commit: http://git-wip-us.apache.org/repos/asf/sentry/commit/7ac2b05e
Tree: http://git-wip-us.apache.org/repos/asf/sentry/tree/7ac2b05e
Diff: http://git-wip-us.apache.org/repos/asf/sentry/diff/7ac2b05e

Branch: refs/heads/master
Commit: 7ac2b05e5681e902dc01fc0d4cc21ac9eb13ae43
Parents: af8ea0a
Author: lina.li 
Authored: Fri May 11 11:17:09 2018 -0500
Committer: lina.li 
Committed: Fri May 11 11:17:09 2018 -0500

--
 .../hive/authz/HiveAuthzPrivilegesMap.java  |  12 ++
 .../TestDbColumnLevelMetaDataOps.java   | 124 +++
 2 files changed, 136 insertions(+)
--


http://git-wip-us.apache.org/repos/asf/sentry/blob/7ac2b05e/sentry-binding/sentry-binding-hive/src/main/java/org/apache/sentry/binding/hive/authz/HiveAuthzPrivilegesMap.java
--
diff --git 
a/sentry-binding/sentry-binding-hive/src/main/java/org/apache/sentry/binding/hive/authz/HiveAuthzPrivilegesMap.java
 
b/sentry-binding/sentry-binding-hive/src/main/java/org/apache/sentry/binding/hive/authz/HiveAuthzPrivilegesMap.java
index ffa193f..4f932ea 100644
--- 
a/sentry-binding/sentry-binding-hive/src/main/java/org/apache/sentry/binding/hive/authz/HiveAuthzPrivilegesMap.java
+++ 
b/sentry-binding/sentry-binding-hive/src/main/java/org/apache/sentry/binding/hive/authz/HiveAuthzPrivilegesMap.java
@@ -112,6 +112,16 @@ public class HiveAuthzPrivilegesMap {
 setOperationType(HiveOperationType.DDL).
 build();
 
+// input required privilege from Hive: SELECT on column level and DELETE 
on table level
+// output required privilege from Hive: INSERT on table level
+// Sentry makes it more restrictive, and requires ALL at input, INSERT and 
ALTER at output
+HiveAuthzPrivileges alterTableExchangePrivilege = new 
HiveAuthzPrivileges.AuthzPrivilegeBuilder().
+addInputObjectPriviledge(AuthorizableType.Table, 
EnumSet.of(DBModelAction.ALL)).
+addOutputObjectPriviledge(AuthorizableType.Table, 
EnumSet.of(DBModelAction.INSERT, DBModelAction.ALTER)).
+setOperationScope(HiveOperationScope.TABLE).
+setOperationType(HiveOperationType.DDL).
+build();
+
 HiveAuthzPrivileges alterPartPrivilege = new 
HiveAuthzPrivileges.AuthzPrivilegeBuilder().
 addInputObjectPriviledge(AuthorizableType.Table, 
EnumSet.of(DBModelAction.ALTER)).
 setOperationScope(HiveOperationScope.TABLE).
@@ -240,6 +250,8 @@ public class HiveAuthzPrivilegesMap {
 hiveAuthzStmtPrivMap.put(HiveOperation.ALTERTABLE_ADDCOLS, 
alterTablePrivilege);
 hiveAuthzStmtPrivMap.put(HiveOperation.ALTERTABLE_REPLACECOLS, 
alterTablePrivilege);
 hiveAuthzStmtPrivMap.put(HiveOperation.ALTERTABLE_PARTCOLTYPE, 
alterPartPrivilege);
+hiveAuthzStmtPrivMap.put(HiveOperation.ALTERTABLE_EXCHANGEPARTITION, 
alterTableExchangePrivilege);
+
 hiveAuthzStmtPrivMap.put(HiveOperation.ALTERTABLE_BUCKETNUM, 
alterPartPrivilege);
 hiveAuthzStmtPrivMap.put(HiveOperation.ALTERPARTITION_BUCKETNUM, 
alterPartPrivilege);
 

http://git-wip-us.apache.org/repos/asf/sentry/blob/7ac2b05e/sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/dbprovider/TestDbColumnLevelMetaDataOps.java
--
diff --git 
a/sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/dbprovider/TestDbColumnLevelMetaDataOps.java
 
b/sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/dbprovider/TestDbColumnLevelMetaDataOps.java
index 3735179..c065f7f 100644
--- 
a/sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/dbprovider/TestDbColumnLevelMetaDataOps.java
+++ 
b/sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/dbprovider/TestDbColumnLevelMetaDataOps.java
@@ -371,4 +371,128 @@ public class TestDbColumnLevelMetaDataOps extends 
AbstractTestWithStaticConfigur
 String query = "SHOW TABLE EXTENDED IN " + TEST_COL_METADATA_OPS_DB + " 
LIKE " + TEST_COL_METADATA_OPS_TB;
 validateSemanticException(query, USER1_1);
   }
+
+  /**
+   * User cannot exchange partition of tables without any privilege on input 
table and output table
+   * @throws Exception
+   */
+  @Test
+  public void testAlterTableExchangeNoPrivilege() throws Exception {
+final String PAR_ROLE_NAME = "config1_user_role";
+final String PAR_GROUP_NAME = USERGROUP1;
+final String PAR_DB_NAME = "config1_test_database1";
+final String PAR_INPUT_TABLE_NAME = "aliens";
+final String PAR_OUTPUT_TABLE_NAME = "movie_stars";
+
+establishSessio

sentry git commit: SENTRY-2226: Support Hive operation ALTER TABLE EXCHANGE. (Na Li, reviewed by Sergio Pena, Kalyan Kumar Kalvagadda)

sentry git commit: SENTRY-2226: Support Hive operation ALTER TABLE EXCHANGE. (Na Li, reviewed by Sergio Pena, Kalyan Kumar Kalvagadda)

2 matches

Site Navigation

Mail list logo

Footer information