[Impala-ASF-CR] IMPALA-7002: Throw AuthorizationException when user accesses non-existent table/database in CTE without required privileges.
Impala Public Jenkins has submitted this change and it was merged. ( http://gerrit.cloudera.org:8080/15123 ) Change subject: IMPALA-7002: Throw AuthorizationException when user accesses non-existent table/database in CTE without required privileges. .. IMPALA-7002: Throw AuthorizationException when user accesses non-existent table/database in CTE without required privileges. Currently if a user without required privileges tries to access a non-existent database or table, then impala returns an analysis exception instead of authorization exception. This happens because during analysis of the with clause, the authorization request does not get registered due to analysis exception being thrown before it. This patch makes sure that those requests get registered regardless. Testing: - Manual test: - ran CTE with non-existent database/table in impala-shell without required privilege, verified that it results in AuthorizationException. - ran CTE with non-existent database/table in impala-shell with the required privilege, verified that it results in AnalysisException. - Added CTE test cases for non-existent database/table/column in AuthorizationStmtTest. - Passed all FE tests. - Passed all core tests. Change-Id: Ia6b657a7147a136198a9a97a679c9131ee814577 Reviewed-on: http://gerrit.cloudera.org:8080/15123 Reviewed-by: Bikramjeet Vig Tested-by: Impala Public Jenkins --- M fe/src/main/java/org/apache/impala/analysis/WithClause.java M fe/src/test/java/org/apache/impala/authorization/AuthorizationStmtTest.java 2 files changed, 41 insertions(+), 16 deletions(-) Approvals: Bikramjeet Vig: Looks good to me, approved Impala Public Jenkins: Verified -- To view, visit http://gerrit.cloudera.org:8080/15123 To unsubscribe, visit http://gerrit.cloudera.org:8080/settings Gerrit-Project: Impala-ASF Gerrit-Branch: master Gerrit-MessageType: merged Gerrit-Change-Id: Ia6b657a7147a136198a9a97a679c9131ee814577 Gerrit-Change-Number: 15123 Gerrit-PatchSet: 14 Gerrit-Owner: Wenzhe Zhou Gerrit-Reviewer: Bikramjeet Vig Gerrit-Reviewer: Fang-Yu Rao Gerrit-Reviewer: Impala Public Jenkins Gerrit-Reviewer: Wenzhe Zhou
[Impala-ASF-CR] IMPALA-7002: Throw AuthorizationException when user accesses non-existent table/database in CTE without required privileges.
Impala Public Jenkins has posted comments on this change. ( http://gerrit.cloudera.org:8080/15123 ) Change subject: IMPALA-7002: Throw AuthorizationException when user accesses non-existent table/database in CTE without required privileges. .. Patch Set 13: Verified+1 -- To view, visit http://gerrit.cloudera.org:8080/15123 To unsubscribe, visit http://gerrit.cloudera.org:8080/settings Gerrit-Project: Impala-ASF Gerrit-Branch: master Gerrit-MessageType: comment Gerrit-Change-Id: Ia6b657a7147a136198a9a97a679c9131ee814577 Gerrit-Change-Number: 15123 Gerrit-PatchSet: 13 Gerrit-Owner: Wenzhe Zhou Gerrit-Reviewer: Bikramjeet Vig Gerrit-Reviewer: Fang-Yu Rao Gerrit-Reviewer: Impala Public Jenkins Gerrit-Reviewer: Wenzhe Zhou Gerrit-Comment-Date: Thu, 13 Feb 2020 03:10:48 + Gerrit-HasComments: No
[Impala-ASF-CR] IMPALA-7002: Throw AuthorizationException when user accesses non-existent table/database in CTE without required privileges.
Impala Public Jenkins has posted comments on this change. ( http://gerrit.cloudera.org:8080/15123 ) Change subject: IMPALA-7002: Throw AuthorizationException when user accesses non-existent table/database in CTE without required privileges. .. Patch Set 13: Build Successful https://jenkins.impala.io/job/gerrit-code-review-checks/5213/ : Initial code review checks passed. Use gerrit-verify-dryrun-external or gerrit-verify-dryrun to run full precommit tests. -- To view, visit http://gerrit.cloudera.org:8080/15123 To unsubscribe, visit http://gerrit.cloudera.org:8080/settings Gerrit-Project: Impala-ASF Gerrit-Branch: master Gerrit-MessageType: comment Gerrit-Change-Id: Ia6b657a7147a136198a9a97a679c9131ee814577 Gerrit-Change-Number: 15123 Gerrit-PatchSet: 13 Gerrit-Owner: Wenzhe Zhou Gerrit-Reviewer: Bikramjeet Vig Gerrit-Reviewer: Fang-Yu Rao Gerrit-Reviewer: Impala Public Jenkins Gerrit-Reviewer: Wenzhe Zhou Gerrit-Comment-Date: Wed, 12 Feb 2020 23:06:43 + Gerrit-HasComments: No
[Impala-ASF-CR] IMPALA-7002: Throw AuthorizationException when user accesses non-existent table/database in CTE without required privileges.
Impala Public Jenkins has posted comments on this change. ( http://gerrit.cloudera.org:8080/15123 ) Change subject: IMPALA-7002: Throw AuthorizationException when user accesses non-existent table/database in CTE without required privileges. .. Patch Set 12: Build Successful https://jenkins.impala.io/job/gerrit-code-review-checks/5212/ : Initial code review checks passed. Use gerrit-verify-dryrun-external or gerrit-verify-dryrun to run full precommit tests. -- To view, visit http://gerrit.cloudera.org:8080/15123 To unsubscribe, visit http://gerrit.cloudera.org:8080/settings Gerrit-Project: Impala-ASF Gerrit-Branch: master Gerrit-MessageType: comment Gerrit-Change-Id: Ia6b657a7147a136198a9a97a679c9131ee814577 Gerrit-Change-Number: 15123 Gerrit-PatchSet: 12 Gerrit-Owner: Wenzhe Zhou Gerrit-Reviewer: Bikramjeet Vig Gerrit-Reviewer: Fang-Yu Rao Gerrit-Reviewer: Impala Public Jenkins Gerrit-Reviewer: Wenzhe Zhou Gerrit-Comment-Date: Wed, 12 Feb 2020 22:46:30 + Gerrit-HasComments: No
[Impala-ASF-CR] IMPALA-7002: Throw AuthorizationException when user accesses non-existent table/database in CTE without required privileges.
Impala Public Jenkins has posted comments on this change. ( http://gerrit.cloudera.org:8080/15123 ) Change subject: IMPALA-7002: Throw AuthorizationException when user accesses non-existent table/database in CTE without required privileges. .. Patch Set 13: Build started: https://jenkins.impala.io/job/gerrit-verify-dryrun/5327/ DRY_RUN=false -- To view, visit http://gerrit.cloudera.org:8080/15123 To unsubscribe, visit http://gerrit.cloudera.org:8080/settings Gerrit-Project: Impala-ASF Gerrit-Branch: master Gerrit-MessageType: comment Gerrit-Change-Id: Ia6b657a7147a136198a9a97a679c9131ee814577 Gerrit-Change-Number: 15123 Gerrit-PatchSet: 13 Gerrit-Owner: Wenzhe Zhou Gerrit-Reviewer: Bikramjeet Vig Gerrit-Reviewer: Fang-Yu Rao Gerrit-Reviewer: Impala Public Jenkins Gerrit-Reviewer: Wenzhe Zhou Gerrit-Comment-Date: Wed, 12 Feb 2020 22:23:52 + Gerrit-HasComments: No
[Impala-ASF-CR] IMPALA-7002: Throw AuthorizationException when user accesses non-existent table/database in CTE without required privileges.
Bikramjeet Vig has posted comments on this change. ( http://gerrit.cloudera.org:8080/15123 ) Change subject: IMPALA-7002: Throw AuthorizationException when user accesses non-existent table/database in CTE without required privileges. .. Patch Set 13: Code-Review+2 -- To view, visit http://gerrit.cloudera.org:8080/15123 To unsubscribe, visit http://gerrit.cloudera.org:8080/settings Gerrit-Project: Impala-ASF Gerrit-Branch: master Gerrit-MessageType: comment Gerrit-Change-Id: Ia6b657a7147a136198a9a97a679c9131ee814577 Gerrit-Change-Number: 15123 Gerrit-PatchSet: 13 Gerrit-Owner: Wenzhe Zhou Gerrit-Reviewer: Bikramjeet Vig Gerrit-Reviewer: Fang-Yu Rao Gerrit-Reviewer: Impala Public Jenkins Gerrit-Reviewer: Wenzhe Zhou Gerrit-Comment-Date: Wed, 12 Feb 2020 22:22:49 + Gerrit-HasComments: No
[Impala-ASF-CR] IMPALA-7002: Throw AuthorizationException when user accesses non-existent table/database in CTE without required privileges.
Wenzhe Zhou has uploaded a new patch set (#13). ( http://gerrit.cloudera.org:8080/15123 ) Change subject: IMPALA-7002: Throw AuthorizationException when user accesses non-existent table/database in CTE without required privileges. .. IMPALA-7002: Throw AuthorizationException when user accesses non-existent table/database in CTE without required privileges. Currently if a user without required privileges tries to access a non-existent database or table, then impala returns an analysis exception instead of authorization exception. This happens because during analysis of the with clause, the authorization request does not get registered due to analysis exception being thrown before it. This patch makes sure that those requests get registered regardless. Testing: - Manual test: - ran CTE with non-existent database/table in impala-shell without required privilege, verified that it results in AuthorizationException. - ran CTE with non-existent database/table in impala-shell with the required privilege, verified that it results in AnalysisException. - Added CTE test cases for non-existent database/table/column in AuthorizationStmtTest. - Passed all FE tests. - Passed all core tests. Change-Id: Ia6b657a7147a136198a9a97a679c9131ee814577 --- M fe/src/main/java/org/apache/impala/analysis/WithClause.java M fe/src/test/java/org/apache/impala/authorization/AuthorizationStmtTest.java 2 files changed, 41 insertions(+), 16 deletions(-) git pull ssh://gerrit.cloudera.org:29418/Impala-ASF refs/changes/23/15123/13 -- To view, visit http://gerrit.cloudera.org:8080/15123 To unsubscribe, visit http://gerrit.cloudera.org:8080/settings Gerrit-Project: Impala-ASF Gerrit-Branch: master Gerrit-MessageType: newpatchset Gerrit-Change-Id: Ia6b657a7147a136198a9a97a679c9131ee814577 Gerrit-Change-Number: 15123 Gerrit-PatchSet: 13 Gerrit-Owner: Wenzhe Zhou Gerrit-Reviewer: Bikramjeet Vig Gerrit-Reviewer: Fang-Yu Rao Gerrit-Reviewer: Impala Public Jenkins Gerrit-Reviewer: Wenzhe Zhou
[Impala-ASF-CR] IMPALA-7002: Throw AuthorizationException when user accesses non-existent table/database in CTE without required privileges.
Wenzhe Zhou has posted comments on this change. ( http://gerrit.cloudera.org:8080/15123 ) Change subject: IMPALA-7002: Throw AuthorizationException when user accesses non-existent table/database in CTE without required privileges. .. Patch Set 12: (1 comment) http://gerrit.cloudera.org:8080/#/c/15123/12/fe/src/test/java/org/apache/impala/authorization/AuthorizationStmtTest.java File fe/src/test/java/org/apache/impala/authorization/AuthorizationStmtTest.java: http://gerrit.cloudera.org:8080/#/c/15123/12/fe/src/test/java/org/apache/impala/authorization/AuthorizationStmtTest.java@606 PS12, Line 606: authorize("with t as (select nocol from functional.alltypes) select * from t") : .error(selectError("functional.alltypes")); : : // Select from non-existent column in CTE with required privileges : // for all existent columns : authorize("with t as (select nocol from functional.alltypes) select * from t") : .error(selectError("functional.alltypes"), onColumn("functional", "alltypes", : ALLTYPES_COLUMNS, TPrivilegeLevel.SELECT)); > nit: you can merge these two like : will merge the code -- To view, visit http://gerrit.cloudera.org:8080/15123 To unsubscribe, visit http://gerrit.cloudera.org:8080/settings Gerrit-Project: Impala-ASF Gerrit-Branch: master Gerrit-MessageType: comment Gerrit-Change-Id: Ia6b657a7147a136198a9a97a679c9131ee814577 Gerrit-Change-Number: 15123 Gerrit-PatchSet: 12 Gerrit-Owner: Wenzhe Zhou Gerrit-Reviewer: Bikramjeet Vig Gerrit-Reviewer: Fang-Yu Rao Gerrit-Reviewer: Impala Public Jenkins Gerrit-Reviewer: Wenzhe Zhou Gerrit-Comment-Date: Wed, 12 Feb 2020 22:08:56 + Gerrit-HasComments: Yes
[Impala-ASF-CR] IMPALA-7002: Throw AuthorizationException when user accesses non-existent table/database in CTE without required privileges.
Bikramjeet Vig has posted comments on this change. ( http://gerrit.cloudera.org:8080/15123 ) Change subject: IMPALA-7002: Throw AuthorizationException when user accesses non-existent table/database in CTE without required privileges. .. Patch Set 12: (1 comment) http://gerrit.cloudera.org:8080/#/c/15123/12/fe/src/test/java/org/apache/impala/authorization/AuthorizationStmtTest.java File fe/src/test/java/org/apache/impala/authorization/AuthorizationStmtTest.java: http://gerrit.cloudera.org:8080/#/c/15123/12/fe/src/test/java/org/apache/impala/authorization/AuthorizationStmtTest.java@606 PS12, Line 606: authorize("with t as (select nocol from functional.alltypes) select * from t") : .error(selectError("functional.alltypes")); : : // Select from non-existent column in CTE with required privileges : // for all existent columns : authorize("with t as (select nocol from functional.alltypes) select * from t") : .error(selectError("functional.alltypes"), onColumn("functional", "alltypes", : ALLTYPES_COLUMNS, TPrivilegeLevel.SELECT)); nit: you can merge these two like : authorize("with t as (select nocol from functional.alltypes) select * from t").error(selectError("functional.alltypes")).error(selectError("functional.alltypes"), onColumn("functional", "alltypes", ALLTYPES_COLUMNS, TPrivilegeLevel.SELECT)); -- To view, visit http://gerrit.cloudera.org:8080/15123 To unsubscribe, visit http://gerrit.cloudera.org:8080/settings Gerrit-Project: Impala-ASF Gerrit-Branch: master Gerrit-MessageType: comment Gerrit-Change-Id: Ia6b657a7147a136198a9a97a679c9131ee814577 Gerrit-Change-Number: 15123 Gerrit-PatchSet: 12 Gerrit-Owner: Wenzhe Zhou Gerrit-Reviewer: Bikramjeet Vig Gerrit-Reviewer: Fang-Yu Rao Gerrit-Reviewer: Impala Public Jenkins Gerrit-Reviewer: Wenzhe Zhou Gerrit-Comment-Date: Wed, 12 Feb 2020 22:07:09 + Gerrit-HasComments: Yes
[Impala-ASF-CR] IMPALA-7002: Throw AuthorizationException when user accesses non-existent table/database in CTE without required privileges.
Wenzhe Zhou has uploaded a new patch set (#12). ( http://gerrit.cloudera.org:8080/15123 ) Change subject: IMPALA-7002: Throw AuthorizationException when user accesses non-existent table/database in CTE without required privileges. .. IMPALA-7002: Throw AuthorizationException when user accesses non-existent table/database in CTE without required privileges. Currently if a user without required privileges tries to access a non-existent database or table, then impala returns an analysis exception instead of authorization exception. This happens because during analysis of the with clause, the authorization request does not get registered due to analysis exception being thrown before it. This patch makes sure that those requests get registered regardless. Testing: - Manual test: - ran CTE with non-existent database/table in impala-shell without required privilege, verified that it results in AuthorizationException. - ran CTE with non-existent database/table in impala-shell with the required privilege, verified that it results in AnalysisException. - Added CTE test cases for non-existent database/table/column in AuthorizationStmtTest. - Passed all FE tests. - Passed all core tests. Change-Id: Ia6b657a7147a136198a9a97a679c9131ee814577 --- M fe/src/main/java/org/apache/impala/analysis/WithClause.java M fe/src/test/java/org/apache/impala/authorization/AuthorizationStmtTest.java 2 files changed, 45 insertions(+), 16 deletions(-) git pull ssh://gerrit.cloudera.org:29418/Impala-ASF refs/changes/23/15123/12 -- To view, visit http://gerrit.cloudera.org:8080/15123 To unsubscribe, visit http://gerrit.cloudera.org:8080/settings Gerrit-Project: Impala-ASF Gerrit-Branch: master Gerrit-MessageType: newpatchset Gerrit-Change-Id: Ia6b657a7147a136198a9a97a679c9131ee814577 Gerrit-Change-Number: 15123 Gerrit-PatchSet: 12 Gerrit-Owner: Wenzhe Zhou Gerrit-Reviewer: Bikramjeet Vig Gerrit-Reviewer: Fang-Yu Rao Gerrit-Reviewer: Impala Public Jenkins Gerrit-Reviewer: Wenzhe Zhou
[Impala-ASF-CR] IMPALA-7002: Throw AuthorizationException when user accesses non-existent table/database in CTE without required privileges.
Wenzhe Zhou has posted comments on this change. ( http://gerrit.cloudera.org:8080/15123 ) Change subject: IMPALA-7002: Throw AuthorizationException when user accesses non-existent table/database in CTE without required privileges. .. Patch Set 11: (2 comments) http://gerrit.cloudera.org:8080/#/c/15123/11/fe/src/test/java/org/apache/impala/authorization/AuthorizationStmtTest.java File fe/src/test/java/org/apache/impala/authorization/AuthorizationStmtTest.java: http://gerrit.cloudera.org:8080/#/c/15123/11/fe/src/test/java/org/apache/impala/authorization/AuthorizationStmtTest.java@606 PS11, Line 606: authorize("with t as (select nocol from functional.alltypes) select * from t") : .error(selectError("functional.alltypes")); > also run this with privileges on all columns except for the non existing co will add a new test case with required privileges for all existing columns. http://gerrit.cloudera.org:8080/#/c/15123/11/fe/src/test/java/org/apache/impala/authorization/AuthorizationStmtTest.java@609 PS11, Line 609: // In the following query, the number of explicit column labels in With clause : // is greater than the number of columns in the view statement. It will trigger : // analysis exception when register local view during analysis. This test case : // verify that authorization exception will be thrown if user don't have privilege : // to execute SELECT on the column. > // With clause column labels exceeding the number of columns in the query. will fix the comments -- To view, visit http://gerrit.cloudera.org:8080/15123 To unsubscribe, visit http://gerrit.cloudera.org:8080/settings Gerrit-Project: Impala-ASF Gerrit-Branch: master Gerrit-MessageType: comment Gerrit-Change-Id: Ia6b657a7147a136198a9a97a679c9131ee814577 Gerrit-Change-Number: 15123 Gerrit-PatchSet: 11 Gerrit-Owner: Wenzhe Zhou Gerrit-Reviewer: Bikramjeet Vig Gerrit-Reviewer: Fang-Yu Rao Gerrit-Reviewer: Impala Public Jenkins Gerrit-Reviewer: Wenzhe Zhou Gerrit-Comment-Date: Wed, 12 Feb 2020 21:58:07 + Gerrit-HasComments: Yes
[Impala-ASF-CR] IMPALA-7002: Throw AuthorizationException when user accesses non-existent table/database in CTE without required privileges.
Bikramjeet Vig has posted comments on this change. ( http://gerrit.cloudera.org:8080/15123 ) Change subject: IMPALA-7002: Throw AuthorizationException when user accesses non-existent table/database in CTE without required privileges. .. Patch Set 11: (2 comments) http://gerrit.cloudera.org:8080/#/c/15123/11/fe/src/test/java/org/apache/impala/authorization/AuthorizationStmtTest.java File fe/src/test/java/org/apache/impala/authorization/AuthorizationStmtTest.java: http://gerrit.cloudera.org:8080/#/c/15123/11/fe/src/test/java/org/apache/impala/authorization/AuthorizationStmtTest.java@606 PS11, Line 606: authorize("with t as (select nocol from functional.alltypes) select * from t") : .error(selectError("functional.alltypes")); also run this with privileges on all columns except for the non existing column(checkout other tests to see how you can do that). http://gerrit.cloudera.org:8080/#/c/15123/11/fe/src/test/java/org/apache/impala/authorization/AuthorizationStmtTest.java@609 PS11, Line 609: // In the following query, the number of explicit column labels in With clause : // is greater than the number of columns in the view statement. It will trigger : // analysis exception when register local view during analysis. This test case : // verify that authorization exception will be thrown if user don't have privilege : // to execute SELECT on the column. // With clause column labels exceeding the number of columns in the query. -- To view, visit http://gerrit.cloudera.org:8080/15123 To unsubscribe, visit http://gerrit.cloudera.org:8080/settings Gerrit-Project: Impala-ASF Gerrit-Branch: master Gerrit-MessageType: comment Gerrit-Change-Id: Ia6b657a7147a136198a9a97a679c9131ee814577 Gerrit-Change-Number: 15123 Gerrit-PatchSet: 11 Gerrit-Owner: Wenzhe Zhou Gerrit-Reviewer: Bikramjeet Vig Gerrit-Reviewer: Fang-Yu Rao Gerrit-Reviewer: Impala Public Jenkins Gerrit-Reviewer: Wenzhe Zhou Gerrit-Comment-Date: Wed, 12 Feb 2020 17:55:51 + Gerrit-HasComments: Yes
[Impala-ASF-CR] IMPALA-7002: Throw AuthorizationException when user accesses non-existent table/database in CTE without required privileges.
Impala Public Jenkins has posted comments on this change. ( http://gerrit.cloudera.org:8080/15123 ) Change subject: IMPALA-7002: Throw AuthorizationException when user accesses non-existent table/database in CTE without required privileges. .. Patch Set 11: Build Successful https://jenkins.impala.io/job/gerrit-code-review-checks/5206/ : Initial code review checks passed. Use gerrit-verify-dryrun-external or gerrit-verify-dryrun to run full precommit tests. -- To view, visit http://gerrit.cloudera.org:8080/15123 To unsubscribe, visit http://gerrit.cloudera.org:8080/settings Gerrit-Project: Impala-ASF Gerrit-Branch: master Gerrit-MessageType: comment Gerrit-Change-Id: Ia6b657a7147a136198a9a97a679c9131ee814577 Gerrit-Change-Number: 15123 Gerrit-PatchSet: 11 Gerrit-Owner: Wenzhe Zhou Gerrit-Reviewer: Bikramjeet Vig Gerrit-Reviewer: Fang-Yu Rao Gerrit-Reviewer: Impala Public Jenkins Gerrit-Reviewer: Wenzhe Zhou Gerrit-Comment-Date: Tue, 11 Feb 2020 22:08:45 + Gerrit-HasComments: No
[Impala-ASF-CR] IMPALA-7002: Throw AuthorizationException when user accesses non-existent table/database in CTE without required privileges.
Wenzhe Zhou has uploaded a new patch set (#11). ( http://gerrit.cloudera.org:8080/15123 ) Change subject: IMPALA-7002: Throw AuthorizationException when user accesses non-existent table/database in CTE without required privileges. .. IMPALA-7002: Throw AuthorizationException when user accesses non-existent table/database in CTE without required privileges. Currently if a user without required privileges tries to access a non-existent database or table, then impala returns an analysis exception instead of authorization exception. This happens because during analysis of the with clause, the authorization request does not get registered due to analysis exception being thrown before it. This patch makes sure that those requests get registered regardless. Testing: - Manual test: - ran CTE with non-existent database/table in impala-shell without required privilege, verified that it results in AuthorizationException. - ran CTE with non-existent database/table in impala-shell with the required privilege, verified that it results in AnalysisException. - Added CTE test cases for non-existent database/table/column in AuthorizationStmtTest. - Passed all FE tests. - Passed all core tests. Change-Id: Ia6b657a7147a136198a9a97a679c9131ee814577 --- M fe/src/main/java/org/apache/impala/analysis/WithClause.java M fe/src/test/java/org/apache/impala/authorization/AuthorizationStmtTest.java 2 files changed, 43 insertions(+), 16 deletions(-) git pull ssh://gerrit.cloudera.org:29418/Impala-ASF refs/changes/23/15123/11 -- To view, visit http://gerrit.cloudera.org:8080/15123 To unsubscribe, visit http://gerrit.cloudera.org:8080/settings Gerrit-Project: Impala-ASF Gerrit-Branch: master Gerrit-MessageType: newpatchset Gerrit-Change-Id: Ia6b657a7147a136198a9a97a679c9131ee814577 Gerrit-Change-Number: 15123 Gerrit-PatchSet: 11 Gerrit-Owner: Wenzhe Zhou Gerrit-Reviewer: Bikramjeet Vig Gerrit-Reviewer: Fang-Yu Rao Gerrit-Reviewer: Impala Public Jenkins Gerrit-Reviewer: Wenzhe Zhou
[Impala-ASF-CR] IMPALA-7002: Throw AuthorizationException when user accesses non-existent table/database in CTE without required privileges.
Impala Public Jenkins has posted comments on this change. ( http://gerrit.cloudera.org:8080/15123 ) Change subject: IMPALA-7002: Throw AuthorizationException when user accesses non-existent table/database in CTE without required privileges. .. Patch Set 10: Code-Review+2 -- To view, visit http://gerrit.cloudera.org:8080/15123 To unsubscribe, visit http://gerrit.cloudera.org:8080/settings Gerrit-Project: Impala-ASF Gerrit-Branch: master Gerrit-MessageType: comment Gerrit-Change-Id: Ia6b657a7147a136198a9a97a679c9131ee814577 Gerrit-Change-Number: 15123 Gerrit-PatchSet: 10 Gerrit-Owner: Wenzhe Zhou Gerrit-Reviewer: Bikramjeet Vig Gerrit-Reviewer: Fang-Yu Rao Gerrit-Reviewer: Impala Public Jenkins Gerrit-Reviewer: Wenzhe Zhou Gerrit-Comment-Date: Tue, 11 Feb 2020 17:16:46 + Gerrit-HasComments: No
[Impala-ASF-CR] IMPALA-7002: Throw AuthorizationException when user accesses non-existent table/database in CTE without required privileges.
Impala Public Jenkins has posted comments on this change. ( http://gerrit.cloudera.org:8080/15123 ) Change subject: IMPALA-7002: Throw AuthorizationException when user accesses non-existent table/database in CTE without required privileges. .. Patch Set 10: Build started: https://jenkins.impala.io/job/gerrit-verify-dryrun/5320/ DRY_RUN=false -- To view, visit http://gerrit.cloudera.org:8080/15123 To unsubscribe, visit http://gerrit.cloudera.org:8080/settings Gerrit-Project: Impala-ASF Gerrit-Branch: master Gerrit-MessageType: comment Gerrit-Change-Id: Ia6b657a7147a136198a9a97a679c9131ee814577 Gerrit-Change-Number: 15123 Gerrit-PatchSet: 10 Gerrit-Owner: Wenzhe Zhou Gerrit-Reviewer: Bikramjeet Vig Gerrit-Reviewer: Fang-Yu Rao Gerrit-Reviewer: Impala Public Jenkins Gerrit-Reviewer: Wenzhe Zhou Gerrit-Comment-Date: Tue, 11 Feb 2020 17:16:47 + Gerrit-HasComments: No
[Impala-ASF-CR] IMPALA-7002: Throw AuthorizationException when user accesses non-existent table/database in CTE without required privileges.
Bikramjeet Vig has posted comments on this change. ( http://gerrit.cloudera.org:8080/15123 ) Change subject: IMPALA-7002: Throw AuthorizationException when user accesses non-existent table/database in CTE without required privileges. .. Patch Set 9: Code-Review+2 -- To view, visit http://gerrit.cloudera.org:8080/15123 To unsubscribe, visit http://gerrit.cloudera.org:8080/settings Gerrit-Project: Impala-ASF Gerrit-Branch: master Gerrit-MessageType: comment Gerrit-Change-Id: Ia6b657a7147a136198a9a97a679c9131ee814577 Gerrit-Change-Number: 15123 Gerrit-PatchSet: 9 Gerrit-Owner: Wenzhe Zhou Gerrit-Reviewer: Bikramjeet Vig Gerrit-Reviewer: Fang-Yu Rao Gerrit-Reviewer: Impala Public Jenkins Gerrit-Reviewer: Wenzhe Zhou Gerrit-Comment-Date: Tue, 11 Feb 2020 17:16:07 + Gerrit-HasComments: No
[Impala-ASF-CR] IMPALA-7002: Throw AuthorizationException when user accesses non-existent table/database in CTE without required privileges.
Impala Public Jenkins has posted comments on this change. ( http://gerrit.cloudera.org:8080/15123 ) Change subject: IMPALA-7002: Throw AuthorizationException when user accesses non-existent table/database in CTE without required privileges. .. Patch Set 9: Build Successful https://jenkins.impala.io/job/gerrit-code-review-checks/5194/ : Initial code review checks passed. Use gerrit-verify-dryrun-external or gerrit-verify-dryrun to run full precommit tests. -- To view, visit http://gerrit.cloudera.org:8080/15123 To unsubscribe, visit http://gerrit.cloudera.org:8080/settings Gerrit-Project: Impala-ASF Gerrit-Branch: master Gerrit-MessageType: comment Gerrit-Change-Id: Ia6b657a7147a136198a9a97a679c9131ee814577 Gerrit-Change-Number: 15123 Gerrit-PatchSet: 9 Gerrit-Owner: Wenzhe Zhou Gerrit-Reviewer: Bikramjeet Vig Gerrit-Reviewer: Fang-Yu Rao Gerrit-Reviewer: Impala Public Jenkins Gerrit-Reviewer: Wenzhe Zhou Gerrit-Comment-Date: Tue, 11 Feb 2020 02:40:57 + Gerrit-HasComments: No
[Impala-ASF-CR] IMPALA-7002: Throw AuthorizationException when user accesses non-existent table/database in CTE without required privileges.
Wenzhe Zhou has uploaded a new patch set (#9). ( http://gerrit.cloudera.org:8080/15123 ) Change subject: IMPALA-7002: Throw AuthorizationException when user accesses non-existent table/database in CTE without required privileges. .. IMPALA-7002: Throw AuthorizationException when user accesses non-existent table/database in CTE without required privileges. Currently if a user without required privileges tries to access a non-existent database or table, then impala returns an analysis exception instead of authorization exception. This happens because during analysis of the with clause, the authorization request does not get registered due to analysis exception being thrown before it. This patch makes sure that those requests get registered regardless. Testing: - Manual test: - ran CTE with non-existent table/database in impala-shell without privilege, verified that it results in AuthorizationException. - ran CTE with non-existent table/database in impala-shell with the whole server privilege, verified that it results in AnalysisException. - Added CTE test cases for non-existent table/database in AuthorizationStmtTest. - Passed all FE tests. - Passed all exhaustive tests. Change-Id: Ia6b657a7147a136198a9a97a679c9131ee814577 --- M fe/src/main/java/org/apache/impala/analysis/WithClause.java M fe/src/test/java/org/apache/impala/authorization/AuthorizationStmtTest.java 2 files changed, 31 insertions(+), 16 deletions(-) git pull ssh://gerrit.cloudera.org:29418/Impala-ASF refs/changes/23/15123/9 -- To view, visit http://gerrit.cloudera.org:8080/15123 To unsubscribe, visit http://gerrit.cloudera.org:8080/settings Gerrit-Project: Impala-ASF Gerrit-Branch: master Gerrit-MessageType: newpatchset Gerrit-Change-Id: Ia6b657a7147a136198a9a97a679c9131ee814577 Gerrit-Change-Number: 15123 Gerrit-PatchSet: 9 Gerrit-Owner: Wenzhe Zhou Gerrit-Reviewer: Bikramjeet Vig Gerrit-Reviewer: Fang-Yu Rao Gerrit-Reviewer: Impala Public Jenkins Gerrit-Reviewer: Wenzhe Zhou
[Impala-ASF-CR] IMPALA-7002: Throw AuthorizationException when user accesses non-existent table/database in CTE without required privileges.
Impala Public Jenkins has posted comments on this change. ( http://gerrit.cloudera.org:8080/15123 ) Change subject: IMPALA-7002: Throw AuthorizationException when user accesses non-existent table/database in CTE without required privileges. .. Patch Set 8: Build Successful https://jenkins.impala.io/job/gerrit-code-review-checks/5192/ : Initial code review checks passed. Use gerrit-verify-dryrun-external or gerrit-verify-dryrun to run full precommit tests. -- To view, visit http://gerrit.cloudera.org:8080/15123 To unsubscribe, visit http://gerrit.cloudera.org:8080/settings Gerrit-Project: Impala-ASF Gerrit-Branch: master Gerrit-MessageType: comment Gerrit-Change-Id: Ia6b657a7147a136198a9a97a679c9131ee814577 Gerrit-Change-Number: 15123 Gerrit-PatchSet: 8 Gerrit-Owner: Wenzhe Zhou Gerrit-Reviewer: Bikramjeet Vig Gerrit-Reviewer: Fang-Yu Rao Gerrit-Reviewer: Impala Public Jenkins Gerrit-Reviewer: Wenzhe Zhou Gerrit-Comment-Date: Tue, 11 Feb 2020 00:38:12 + Gerrit-HasComments: No
[Impala-ASF-CR] IMPALA-7002: Throw AuthorizationException when user accesses non-existent table/database in CTE without required privileges.
Wenzhe Zhou has uploaded a new patch set (#8). ( http://gerrit.cloudera.org:8080/15123 ) Change subject: IMPALA-7002: Throw AuthorizationException when user accesses non-existent table/database in CTE without required privileges. .. IMPALA-7002: Throw AuthorizationException when user accesses non-existent table/database in CTE without required privileges. Currently if a user without required privileges tries to access a non-existent database or table, then impala returns an analysis exception instead of authorization exception. This happens because during analysis of the with clause, the authorization request does not get registered due to analysis exception being thrown before it. This patch makes sure that those requests get registered regardless. Testing: - Manual test: - ran CTE with non-existent table/database in impala-shell without privilege, verified that it results in AuthorizationException. - ran CTE with non-existent table/database in impala-shell with the whole server privilege, verified that it results in AnalysisException. - Added CTE test cases for non-existent table/database in AuthorizationStmtTest. - Passed all FE tests. - Passed all exhaustive tests. Change-Id: Ia6b657a7147a136198a9a97a679c9131ee814577 --- M fe/src/main/java/org/apache/impala/analysis/WithClause.java M fe/src/test/java/org/apache/impala/authorization/AuthorizationStmtTest.java 2 files changed, 32 insertions(+), 16 deletions(-) git pull ssh://gerrit.cloudera.org:29418/Impala-ASF refs/changes/23/15123/8 -- To view, visit http://gerrit.cloudera.org:8080/15123 To unsubscribe, visit http://gerrit.cloudera.org:8080/settings Gerrit-Project: Impala-ASF Gerrit-Branch: master Gerrit-MessageType: newpatchset Gerrit-Change-Id: Ia6b657a7147a136198a9a97a679c9131ee814577 Gerrit-Change-Number: 15123 Gerrit-PatchSet: 8 Gerrit-Owner: Wenzhe Zhou Gerrit-Reviewer: Bikramjeet Vig Gerrit-Reviewer: Fang-Yu Rao Gerrit-Reviewer: Impala Public Jenkins Gerrit-Reviewer: Wenzhe Zhou