hive-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Ashutosh Chauhan" <hashut...@apache.org>
Subject Re: Review Request 18168: SQL std auth - authorize statements that work with paths
Date Mon, 17 Feb 2014 21:05:26 GMT

-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/18168/#review34663
-----------------------------------------------------------



common/src/java/org/apache/hadoop/hive/common/FileUtils.java
<https://reviews.apache.org/r/18168/#comment64865>

    Better named as getPathOrParentThatExists()



common/src/java/org/apache/hadoop/hive/common/FileUtils.java
<https://reviews.apache.org/r/18168/#comment64864>

    Lot of this code is also present in HdfsAuthorizationProvider class, in authorize() method.
Its worth checking if there can be code sharing here, not just for purpose of avoiding code
duplication, but also to make sure there is consistent behavior in these two scenarios. I
think it will make sense here to mimic HdfsAuthProvider here.



common/src/java/org/apache/hadoop/hive/common/FileUtils.java
<https://reviews.apache.org/r/18168/#comment64868>

    Perhaps the better test is path.getFileSystem() instanceof LocalFileSystem ?



ql/src/java/org/apache/hadoop/hive/ql/parse/DDLSemanticAnalyzer.java
<https://reviews.apache.org/r/18168/#comment64869>

    Seems like new util method in FileUtils can be used here.



ql/src/java/org/apache/hadoop/hive/ql/plan/HiveOperation.java
<https://reviews.apache.org/r/18168/#comment64870>

    Should this be Insert Priv, instead of Create ?


- Ashutosh Chauhan


On Feb. 17, 2014, 4:11 a.m., Thejas Nair wrote:
> 
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/18168/
> -----------------------------------------------------------
> 
> (Updated Feb. 17, 2014, 4:11 a.m.)
> 
> 
> Review request for hive and Ashutosh Chauhan.
> 
> 
> Bugs: HIVE-5958
>     https://issues.apache.org/jira/browse/HIVE-5958
> 
> 
> Repository: hive-git
> 
> 
> Description
> -------
> 
> Statement such as create table, alter table that specify an path uri should be allowed
under the new authorization scheme only if URI(Path) specified has permissions including read/write
and ownership of the file/dir and its children.
> Also, fix issue of database not getting set as output for create-table.
> 
> 
> Diffs
> -----
> 
>   common/src/java/org/apache/hadoop/hive/common/FileUtils.java c1f8842 
>   ql/src/java/org/apache/hadoop/hive/ql/Driver.java 83d5bfc 
>   ql/src/java/org/apache/hadoop/hive/ql/hooks/ReadEntity.java 1111c9a 
>   ql/src/java/org/apache/hadoop/hive/ql/hooks/WriteEntity.java 0493302 
>   ql/src/java/org/apache/hadoop/hive/ql/metadata/Hive.java 0b7c128 
>   ql/src/java/org/apache/hadoop/hive/ql/parse/DDLSemanticAnalyzer.java 1f539ef 
>   ql/src/java/org/apache/hadoop/hive/ql/parse/LoadSemanticAnalyzer.java a22a15f 
>   ql/src/java/org/apache/hadoop/hive/ql/parse/SemanticAnalyzer.java 77388dd 
>   ql/src/java/org/apache/hadoop/hive/ql/plan/HiveOperation.java 93c89de 
>   ql/src/java/org/apache/hadoop/hive/ql/security/SessionStateConfigUserAuthenticator.java
812105c 
>   ql/src/java/org/apache/hadoop/hive/ql/security/authorization/plugin/sqlstd/Operation2Privilege.java
fae6844 
>   ql/src/java/org/apache/hadoop/hive/ql/security/authorization/plugin/sqlstd/RequiredPrivileges.java
10a582b 
>   ql/src/java/org/apache/hadoop/hive/ql/security/authorization/plugin/sqlstd/SQLAuthorizationUtils.java
4a9149f 
>   ql/src/java/org/apache/hadoop/hive/ql/security/authorization/plugin/sqlstd/SQLStdHiveAuthorizationValidator.java
40461f7 
>   ql/src/test/queries/clientnegative/authorization_addpartition.q 64d8a3d 
>   ql/src/test/queries/clientnegative/authorization_droppartition.q 45ed99b 
>   ql/src/test/queries/clientnegative/authorization_uri_add_partition.q PRE-CREATION 
>   ql/src/test/queries/clientnegative/authorization_uri_alterpart_loc.q PRE-CREATION 
>   ql/src/test/queries/clientnegative/authorization_uri_altertab_setloc.q PRE-CREATION

>   ql/src/test/queries/clientnegative/authorization_uri_create_table1.q PRE-CREATION 
>   ql/src/test/queries/clientnegative/authorization_uri_create_table_ext.q PRE-CREATION

>   ql/src/test/queries/clientnegative/authorization_uri_createdb.q PRE-CREATION 
>   ql/src/test/queries/clientnegative/authorization_uri_index.q PRE-CREATION 
>   ql/src/test/queries/clientnegative/authorization_uri_insert.q PRE-CREATION 
>   ql/src/test/queries/clientnegative/authorization_uri_insert_local.q PRE-CREATION 
>   ql/src/test/queries/clientnegative/authorization_uri_load_data.q PRE-CREATION 
>   ql/src/test/results/clientnegative/authorization_addpartition.q.out f4d3b4f 
>   ql/src/test/results/clientnegative/authorization_createview.q.out cb81b83 
>   ql/src/test/results/clientnegative/authorization_ctas.q.out 1070468 
>   ql/src/test/results/clientnegative/authorization_droppartition.q.out 7de553b 
>   ql/src/test/results/clientnegative/authorization_fail_1.q.out ab1abe2 
>   ql/src/test/results/clientnegative/authorization_fail_2.q.out 2c03b65 
>   ql/src/test/results/clientnegative/authorization_fail_3.q.out bfba08a 
>   ql/src/test/results/clientnegative/authorization_fail_4.q.out 34ad4ef 
>   ql/src/test/results/clientnegative/authorization_fail_5.q.out a0289fb 
>   ql/src/test/results/clientnegative/authorization_fail_6.q.out 47f8bd1 
>   ql/src/test/results/clientnegative/authorization_fail_7.q.out a9bf0cc 
>   ql/src/test/results/clientnegative/authorization_grant_table_allpriv.q.out 0e17c94

>   ql/src/test/results/clientnegative/authorization_grant_table_fail1.q.out 0c83849 
>   ql/src/test/results/clientnegative/authorization_grant_table_fail_nogrant.q.out 129b5fa

>   ql/src/test/results/clientnegative/authorization_insert_noinspriv.q.out 6d510f1 
>   ql/src/test/results/clientnegative/authorization_insert_noselectpriv.q.out 5b9b93a

>   ql/src/test/results/clientnegative/authorization_invalid_priv_v1.q.out 10d1ca8 
>   ql/src/test/results/clientnegative/authorization_invalid_priv_v2.q.out 62aa8da 
>   ql/src/test/results/clientnegative/authorization_not_owner_alter_tab_rename.q.out e41702a

>   ql/src/test/results/clientnegative/authorization_not_owner_alter_tab_serdeprop.q.out
e41702a 
>   ql/src/test/results/clientnegative/authorization_not_owner_drop_tab.q.out b456aca 
>   ql/src/test/results/clientnegative/authorization_not_owner_drop_view.q.out 2433846

>   ql/src/test/results/clientnegative/authorization_part.q.out 31dfda9 
>   ql/src/test/results/clientnegative/authorization_priv_current_role_neg.q.out f932a3d

>   ql/src/test/results/clientnegative/authorization_revoke_table_fail1.q.out 0f4c966 
>   ql/src/test/results/clientnegative/authorization_revoke_table_fail2.q.out c671c8a 
>   ql/src/test/results/clientnegative/authorization_select.q.out 1070468 
>   ql/src/test/results/clientnegative/authorization_select_view.q.out e70a79c 
>   ql/src/test/results/clientnegative/authorization_truncate.q.out c188831 
>   ql/src/test/results/clientnegative/authorization_uri_add_partition.q.out PRE-CREATION

>   ql/src/test/results/clientnegative/authorization_uri_alterpart_loc.q.out PRE-CREATION

>   ql/src/test/results/clientnegative/authorization_uri_altertab_setloc.q.out PRE-CREATION

>   ql/src/test/results/clientnegative/authorization_uri_create_table1.q.out PRE-CREATION

>   ql/src/test/results/clientnegative/authorization_uri_create_table_ext.q.out PRE-CREATION

>   ql/src/test/results/clientnegative/authorization_uri_createdb.q.out PRE-CREATION 
>   ql/src/test/results/clientnegative/authorization_uri_index.q.out PRE-CREATION 
>   ql/src/test/results/clientnegative/authorization_uri_insert.q.out PRE-CREATION 
>   ql/src/test/results/clientnegative/authorization_uri_insert_local.q.out PRE-CREATION

>   ql/src/test/results/clientnegative/authorization_uri_load_data.q.out PRE-CREATION 
>   ql/src/test/results/clientnegative/exim_22_export_authfail.q.out 1339bbc 
>   ql/src/test/results/clientnegative/exim_23_import_exist_authfail.q.out 22eaac7 
>   ql/src/test/results/clientnegative/exim_24_import_part_authfail.q.out 6eee71e 
>   ql/src/test/results/clientnegative/exim_25_import_nonexist_authfail.q.out fb4224c 
>   ql/src/test/results/clientnegative/load_exist_part_authfail.q.out fbbdd1c 
>   ql/src/test/results/clientnegative/load_nonpart_authfail.q.out 1c364a5 
>   ql/src/test/results/clientnegative/load_part_authfail.q.out afc0aa4 
>   ql/src/test/results/clientpositive/alter_rename_partition_authorization.q.out 8a528a1

>   ql/src/test/results/clientpositive/authorization_1_sql_std.q.out a219478 
>   ql/src/test/results/clientpositive/authorization_2.q.out e21d5f5 
>   ql/src/test/results/clientpositive/authorization_6.q.out bb5ed95 
>   ql/src/test/results/clientpositive/authorization_7.q.out 240a1cc 
>   ql/src/test/results/clientpositive/authorization_8.q.out 4eef13b 
>   ql/src/test/results/clientpositive/authorization_9.q.out ed6cb08 
>   ql/src/test/results/clientpositive/authorization_admin_almighty1.q.out 6fc4897 
>   ql/src/test/results/clientpositive/authorization_create_table_owner_privs.q.out b1bce1c

>   ql/src/test/results/clientpositive/authorization_grant_table_priv.q.out 1e5c031 
>   ql/src/test/results/clientpositive/authorization_owner_actions.q.out 92b8c62 
>   ql/src/test/results/clientpositive/authorization_revoke_table_priv.q.out ae7e716 
>   ql/src/test/results/clientpositive/authorization_view_sqlstd.q.out 3bbb015 
>   ql/src/test/results/clientpositive/exim_21_export_authsuccess.q.out 5b9b81c 
>   ql/src/test/results/clientpositive/exim_22_import_exist_authsuccess.q.out 6746a44 
>   ql/src/test/results/clientpositive/exim_23_import_part_authsuccess.q.out 4e0dfb0 
>   ql/src/test/results/clientpositive/exim_24_import_nonexist_authsuccess.q.out 70e9385

>   ql/src/test/results/clientpositive/index_auth.q.out 2973eb3 
>   ql/src/test/results/clientpositive/load_exist_part_authsuccess.q.out f674f2f 
>   ql/src/test/results/clientpositive/load_nonpart_authsuccess.q.out ca96d95 
>   ql/src/test/results/clientpositive/load_part_authsuccess.q.out 560c582 
> 
> Diff: https://reviews.apache.org/r/18168/diff/
> 
> 
> Testing
> -------
> 
> new tests
> 
> 
> Thanks,
> 
> Thejas Nair
> 
>


Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message